[Interest] Qt5.15 from source on centOS 7
alexander_carot at gmx.net
Mon Jun 20 09:13:49 CEST 2022
Hello Chris and Thiago,
yes, indeed centOS 7 has open-ssl 1.0.7 installed so I need to upgrade obviously.
>>OpenSSL 3 isn't supported in 5.15.
Thanks for this hint, too ! I also figured by playing with the various DTS available that the most recent version with gcc 11 does not work with Qt5.15 so I used DTS 10 instead.
Email : Alexander at Carot.de
Tel.: +49 (0)177 5719797
> Gesendet: Montag, 20. Juni 2022 um 00:06 Uhr
> Von: "Thiago Macieira" <thiago.macieira at intel.com>
> An: interest at qt-project.org
> Betreff: Re: [Interest] Qt5.15 from source on centOS 7
> On Sunday, 19 June 2022 14:29:33 PDT Chris Benesch wrote:
> > Build OpenSSL 3 and add its install directory lib/pkgconfig to
> > PKG_CONFIG_PATH and choose -openssl-linked as one of the config
> > parameters. If you can get through configure, it should build.
> OpenSSL 3 isn't supported in 5.15.
> Use the very latest release from 1.1, but no older and no newer.
> Then there's the question of whether you want to ship OpenSSL libraries with
> your product. If you do, then you must also keep an eye to OpenSSL security
> advisories and make proper and timely updates to your release. Be prepared to
> make new builds and release to customers once per month. If you can't sustain
> this rate, then don't ship OpenSSL.
> You don't have to do it: the default build doesn't link to OpenSSL, but
> instead tries to find it at runtime and dlopens() it. That places the burden of
> providing OpenSSL and keeping it up to date on your user, not you. If they
> choose to be vulnerable by choice or by ignorance, it's not your fault.
> If you choose this route, make sure your application works properly when
> OpenSSL 1.1 is missing. By "properly", I mean "doesn't crash left and right".
> Please make sure that it is not silently falling back to unencrypted
> connections where encrypted were required. If your application requires
> encrypted connections to work at all, then display a dialog with a link to
> documentation on how to install OpenSSL.
> PS: OpenSSL is the most visible and most important library when it comes to
> patching security vulnerabilities, but is not the only one. You should do the
> same for ALL libraries you ship with your application, and that includes ALL
> the libraries that are bundled inside Qt's source. For example, the just-
> released Qt 5.15.5-LTS includes a vulnerable version of zlib, so you should
> patch it.
> Better yet, don't use bundled libraries.
> Thiago Macieira - thiago.macieira (AT) intel.com
> Cloud Software Architect - Intel DCAI Cloud Engineering
> Interest mailing list
> Interest at qt-project.org
More information about the Interest