I agree that applications shouldn't be running untrusted SQL/PHP. We can enable the flag in our sqlite3 package for now but, as Łukasz mentioned, I think it would be best if James could work with upstream to get a proper tokenizer in place in the future.
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to mediascanner2 in Ubuntu. https://bugs.launchpad.net/bugs/1546911 Title: Please recompile sqlite 3.11 with -DSQLITE_ENABLE_FTS3_TOKENIZER Status in mediascanner2 package in Ubuntu: Confirmed Status in sqlite3 package in Ubuntu: Confirmed Bug description: The recent upload of sqlite 3.11 to xenial-proposed has rendered mediascanner2 non-functional. From the release notes, it seems the ability to register new full text search tokenizers has been disabled by default: http://sqlite.org/releaselog/3_11_0.html This means that mediascanner2 fails to open the index. We can't switch to any of the built-in tokenizers because they don't handle CJK text, so the only option seems to be to re-enable this functionality despite it being a potential security vulnerability for apps that let untrusted code run arbitrary SQL. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mediascanner2/+bug/1546911/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
