Hi, I noticed the warnings when compiling QLC+ about libqlcpluswebaccess. More specific:
[ 1073s] qlcplus.i586: W: missing-call-to-setgroups-before-setuid /usr/lib/libqlcpluswebaccess.so.1.0.0
[ 1073s] This executable is calling setuid and setgid without setgroups or initgroups.
[ 1073s] There is a high probability this mean it didn't relinquish all groups, and
[ 1073s] this would be a potential security issue to be fixed. Seek POS36-C on the web
[ 1073s] for details about the problem.
[ 1073s] qlcplus.i586: I: binary-or-shlib-calls-gethostbyname /usr/lib/libqlcpluswebaccess.so.1.0.0
[ 1073s] The binary calls gethostbyname(). Please port the code to use getaddrinfo()
1073s] qlcplus.i586: W: explicit-lib-dependency libmicrohttpd10
[ 1073s] You must let rpm find the library dependencies by itself. Do not put unneeded
[ 1073s] explicit Requires: tags.
I thing that the firs two can generate some problems when compiling on different distributions. I hope this can help.
Feedback: Compile warning: The binary calls gethostbyname(). Please port the code to use getaddrinfo().
-
Massimo Callegari
Hi, maybe this is not the best place to report compile warnings...
Mostly because 99% of the users don't care about them since they use prebuilt versions.
Anyway, what's the point here ? So far QLC+ has been built on several platforms and there's been no report of non working web access.
For the record, you haven't told us which distribution and GCC version you're using...
Mostly because 99% of the users don't care about them since they use prebuilt versions.
Anyway, what's the point here ? So far QLC+ has been built on several platforms and there's been no report of non working web access.
For the record, you haven't told us which distribution and GCC version you're using...
-
Cingulingu
You're right. Sorry for that. Distribution: Opensuse 12.2,12.3,13.1 (all same warning) GCC 4.8.2 but the warnings came from obs (opensuse build service) tests.
p.s. the web access is working.
p.s. the web access is working.
-
Jano Svitok
Hi all,
the code in question is moongoose, embedded webserver. I filed a bug there, pointing at this discussion. QLC+ doesn't suffer from this, since we don't call that routine (no need to run under different user).
the code in question is moongoose, embedded webserver. I filed a bug there, pointing at this discussion. QLC+ doesn't suffer from this, since we don't call that routine (no need to run under different user).
-
Jano Svitok
In my opinion:
- the first two warnings are related to moongoose; one is in code that is never run from QLC+, the other says the code uses old API -- calling old API is harmless, but may stop working some day.
- the third warning is false detection of libmicrohttpd10 dependency. QLC+ embeds moongoose, so there's no need to add libmicrohttpd which does the same. I can't see any mention of it in the sources. Do you use modified .spec file?
- the first two warnings are related to moongoose; one is in code that is never run from QLC+, the other says the code uses old API -- calling old API is harmless, but may stop working some day.
- the third warning is false detection of libmicrohttpd10 dependency. QLC+ embeds moongoose, so there's no need to add libmicrohttpd which does the same. I can't see any mention of it in the sources. Do you use modified .spec file?
-
Massimo Callegari
Guys,
I haven't updated mongoose in a while, so the warnings might have gone by now.
libmicrohttpd is a OLA dependency. No idea why it gets dragged in webaccess.
I haven't updated mongoose in a while, so the warnings might have gone by now.
libmicrohttpd is a OLA dependency. No idea why it gets dragged in webaccess.
-
Cingulingu
Thanks Jano. For now I will just suppress the first two warnings and remove the libmicrohttpd10 requirement, which I added in a early development stage of web access and forgot to remove. But I need the libmicrohttpd becouse the ola package need it.
Basically I have to modified the .spec file because I use OBS to build QLC+ for more then one distribution version and architecture at the same time. The opensuse use different name of the required packages. And I have to call them every time because OBS call a new clean VM for every build so the additional packages have to be called every time on compile. And on top of that it has a different way to deal with the .desktop files and pre/post install.
Link: https://build.opensuse.org/project/show ... ingulingu1
Basically I have to modified the .spec file because I use OBS to build QLC+ for more then one distribution version and architecture at the same time. The opensuse use different name of the required packages. And I have to call them every time because OBS call a new clean VM for every build so the additional packages have to be called every time on compile. And on top of that it has a different way to deal with the .desktop files and pre/post install.
Link: https://build.opensuse.org/project/show ... ingulingu1
-
Jano Svitok
Massimo: the libmicrohttpd was dependency of qlcplus, not webaccess.
OT: the README file for OLA plugin containsrefernce to qlc-devel@ which I guess should be removed.
Cingulingu: if you can provide RPM for opensuse (and ideally maintain it), it may be beneficial for the project since I suppose nobody maintains RPM spec files other than adding/removing files... we could also adjust createrpm.sh to create eiher redhat or suse packages...
OT: the README file for OLA plugin containsrefernce to qlc-devel@ which I guess should be removed.
Cingulingu: if you can provide RPM for opensuse (and ideally maintain it), it may be beneficial for the project since I suppose nobody maintains RPM spec files other than adding/removing files... we could also adjust createrpm.sh to create eiher redhat or suse packages...
-
Cingulingu
Shore, May be not ideally (explain). But yes. The link is in the previews post. Take a look. The only thing for now is that I changed some parameters in depended builds an have to be recalculated for download. But some help will be much unappropriated.
P.S. OBS can be used to compile and publish (repositories included) for other distributions and architectures too. Like debian,ubuntu,arch,fedora,..,.. but need some work on the .spec files for QlcPlus and QlcPlus-git. Direct collaboration included.
P.S. OBS can be used to compile and publish (repositories included) for other distributions and architectures too. Like debian,ubuntu,arch,fedora,..,.. but need some work on the .spec files for QlcPlus and QlcPlus-git. Direct collaboration included.
-
Cingulingu
Jano: "we could also adjust createrpm.sh to create eiher redhat or suse packages..."
There is no need to do that. As I said take a look. You will get the idea...
If you want I can provide a .ymp file for one click install (opensuse standard feature) for 12.2,12.3 and 13.1 (x32 and x64). And .ymp file for git compile too. Just put that file on your page and point a link to it. That's all
There is no need to do that. As I said take a look. You will get the idea...
If you want I can provide a .ymp file for one click install (opensuse standard feature) for 12.2,12.3 and 13.1 (x32 and x64). And .ymp file for git compile too. Just put that file on your page and point a link to it. That's all