[OSX] Compile osx with wxwidgets v3.1.7 #5185
Conversation
|
In what way is 3.1.6 “dangerous”? There are no differences at all between |
|
@talregev If you are referring to this PR: Fix memory leak in ListBox destructor, the file changed by that PR is not used by the MacOS build of wxWidgets. |
|
Any reason not to switch to 3.1.7? |
Yes:
Also, please respond to the question from @BrianNixon to show why this is needed:
Thank you. |
Answered you privately in the email. Please check |
Why in privacy? |
Because it's politely to answer the same way the question was asked. And sometimes people like to discuss something privately using old good emails. |
Because I didn't want to get into yet another argument with you. As I have told you before, I have purposely hard coded the dependency version numbers into the Xcode project file so that it will fail to build with any different version of those files. In fact it does fail with several "File not found" errors on my Mac when I remove the wxWidgets-3.1.6 and provide only wxWidgets-3.1.7. The CI build should also fail with "file not found" errors. Due to the xcpretty "beautifier" that buildMacBOINC-CI.sh uses, I was not able to tell exactly what the build did. Since there were no errors, it did not produce a full log artifact (which would not be piped through the "beautifer".) @AenBleidd has shown me why this protection I built in did not work in the CI build. It is because the CI build script overrides the Xcode settings to accept whatever versions are in the Cache. I will have to fix that. As I have told you before, I feel very strongly that it is important to have strict control over the versions of dependent libraries used with any given version of BOINC, to prevent introducing hard to reproduce bugs caused by the interaction between our code and the dependent libraries . @talregev I know you disagree and I don't want to get into an argument with you about this, but this is why I don't like the idea of using vcpkg to automatically update all dependent libraries to the latest version. Your concern that wxWidgets-3.1.6 is "dangerous" actually demonstrates the potential harm from vcpkg. Note also lines 4560-4561 here which indicate that my custom patch should be adjusted for wxWidgets-3.1.7 (even though the patch utility figured it out):
|
There was a problem hiding this comment.
I have been asked to review this. I have already written my review here. But mainly, I am still waiting for an answer to this question. If there is no need to do this, we should not do it.
|
@talregev If you clearly show us that wxWidgets 3.1.6 is dangerous on the Mac, I will create a PR to update the Mac build correctly. Otherwise, you are wasting my time and that of @BrianNixon and @AenBleidd. |
I am not against your protection on the code. If there is a such protection it should also be on the CI for other devs or users that compile OSX code. I will request from you to add this protection to the CI. Beside your protection there is no need to do code change in boinc code. If we talking about vcpkg. there is a mode that it will not update automatic the libraries and it will be forzen in time forever. Until we decide later. If we update automatic in alll other os, it doesn't mean that we need or cannot froze it for osx. For vcpkg I can control and give easily any older version that was present in vcpkg. p.s. wxwidgets 3.1.7 is not the latest for vcpkg. |
We should switch to cat instead beautifer and tell the ci to fail on any error. otherwise it lead to errors in our code. |
|
@talregev, @CharlieFenton, plans to rework the way CI builds to make it as close to the local builds as possible. |
talregev
force-pushed
the
TalR/osx_wxwidgets_v3.1.7
branch
from
9d8f909 to
6b1efcf
Compare
|
@BrianNixon in wxwidgets 3.1.6-final they fix a security hole. Are you sure it not also exploit in osx? |
Where? If you’re referring to this: - security fixed and support for WebKit 2 and GStreamer 1.7 under Unix.
+ security fixes and support for WebKit 2 and GStreamer 1.7 under Unix.that’s a typo fix, not a security fix… |
Of course no the typo, they fix the SHA-1 checksums. They convert the define to long, also they use other init window function. |
That’s only documentation
Those only affect Windows I grant you this looks like less-than-perfect release management from wxWidgets… |
|
Thank you for your replay. |
|
@talregev, just a note to this PR.
Thank you for understanding. |
Compile osx with wxwidgets v3.1.7.
wxwidgets v3.1.6 (hash 1990792) Is a dangerous version and we should not use it.
In the same day wxwidgets have a patch version v3.1.6-rc2 (hash 35a6d7b)
and after 2 days they have v3.1.6-final (hash 35a6d7b).
From here:
https://github.com/wxWidgets/wxWidgets/tags
Next release version is 3.1.7.
@davidpanderson For your notification.