GCC 11 is a beast. But on an overall level the stricter the compiler, the more optimization it can do. We got 5.15 to build on Cent 7 with gcc 10 and OpenSSL 3, and I dont remember any big issues with it, but we dont really use any of the cryptographic functions. I'll make a note of it and get our CM guy involved so we dont ship unsupported configurations, and modify my Jenkins build as well.
On Mon, Jun 20, 2022 at 1:14 AM Alexander Carôt <alexander_ca...@gmx.net> wrote: > Hello Chris and Thiago, > > yes, indeed centOS 7 has open-ssl 1.0.7 installed so I need to upgrade > obviously. > > >>OpenSSL 3 isn't supported in 5.15. > > Thanks for this hint, too ! I also figured by playing with the various DTS > available that the most recent version with gcc 11 does not work with > Qt5.15 so I used DTS 10 instead. > > Best > > Alex > > -- > http://www.carot.de > Email : alexan...@carot.de > Tel.: +49 (0)177 5719797 > > > > Gesendet: Montag, 20. Juni 2022 um 00:06 Uhr > > Von: "Thiago Macieira" <thiago.macie...@intel.com> > > An: interest@qt-project.org > > Betreff: Re: [Interest] Qt5.15 from source on centOS 7 > > > > On Sunday, 19 June 2022 14:29:33 PDT Chris Benesch wrote: > > > Build OpenSSL 3 and add its install directory lib/pkgconfig to > > > PKG_CONFIG_PATH and choose -openssl-linked as one of the config > > > parameters. If you can get through configure, it should build. > > > > OpenSSL 3 isn't supported in 5.15. > > > > Use the very latest release from 1.1, but no older and no newer. > > > > Then there's the question of whether you want to ship OpenSSL libraries > with > > your product. If you do, then you must also keep an eye to OpenSSL > security > > advisories and make proper and timely updates to your release. Be > prepared to > > make new builds and release to customers once per month. If you can't > sustain > > this rate, then don't ship OpenSSL. > > > > You don't have to do it: the default build doesn't link to OpenSSL, but > > instead tries to find it at runtime and dlopens() it. That places the > burden of > > providing OpenSSL and keeping it up to date on your user, not you. If > they > > choose to be vulnerable by choice or by ignorance, it's not your fault. > > > > If you choose this route, make sure your application works properly when > > OpenSSL 1.1 is missing. By "properly", I mean "doesn't crash left and > right". > > Please make sure that it is not silently falling back to unencrypted > > connections where encrypted were required. If your application requires > > encrypted connections to work at all, then display a dialog with a link > to > > documentation on how to install OpenSSL. > > > > PS: OpenSSL is the most visible and most important library when it comes > to > > patching security vulnerabilities, but is not the only one. You should > do the > > same for ALL libraries you ship with your application, and that includes > ALL > > the libraries that are bundled inside Qt's source. For example, the just- > > released Qt 5.15.5-LTS includes a vulnerable version of zlib, so you > should > > patch it. > > > > Better yet, don't use bundled libraries. > > > > -- > > Thiago Macieira - thiago.macieira (AT) intel.com > > Cloud Software Architect - Intel DCAI Cloud Engineering > > > > > > > > _______________________________________________ > > Interest mailing list > > Interest@qt-project.org > > https://lists.qt-project.org/listinfo/interest > > > _______________________________________________ > Interest mailing list > Interest@qt-project.org > https://lists.qt-project.org/listinfo/interest > -- Chris Benesch BeneschTech, LLC
_______________________________________________ Interest mailing list Interest@qt-project.org https://lists.qt-project.org/listinfo/interest
