Opened 16 months ago

Last modified 38 hours ago

#4362 new task

Update and cleanup OS X libraries

Reported by: fabio Owned by: Itms
Priority: Should Have Milestone: Alpha 24
Component: Build & Packages Keywords:
Cc: Patch:

Description (last modified by Itms)

Update and cleanup

  • update libraries to latest releases (should do for alpha22, some have security issues);
  • boost system may not be needed anymore; remove it if confirmed;
  • verify how to use already built libpng for wxwidgets, rather than its builtin version (no need to provide two libpng, wx one is also older).

Change History (19)

comment:1 Changed 16 months ago by wraitii

I created a branch that relies on Homebrew to download all non-bundled libs (except for gloox, as we do not use ssl and brew does).

This seems to compile on my system (10.11.6), and has the advantages of:

  • cutting down compile time substantially, particularly for wxwidgets/boost
  • making sure we always use the latest versions

Now we voluntarily didn't use brew before. I'm not exactly sure why, but here are a few notes:

  • Brew is largely the best and most common OS X package manager now
  • It used to requires sudo at some point but no longer does
  • It does not introduce conflicts with OSX's libraries, as it can provide "unlinked" versions (say, for libpng)
  • it's got all the libraries we use.

I don't see why we should/could not rely on it now, at least.

NB: I removed libiconv because it seemed to be only used to compile the others, but I'm not actually sure about that.

Last edited 16 months ago by wraitii (previous) (diff)

comment:2 Changed 16 months ago by wraitii

Keywords: rfc patch added

comment:3 Changed 15 months ago by wraitii

As a sidenote: using brew libraries and hot linking seems to work but fails to compile into a binary that's self-sufficient, it'll probably take more changes. As a side-sidenote, wxwidgets 3.0.2 no longer compiles on macOs 10.12 (Sierra), you have to use 3.1.0

edit:hm actually not either, we'll have to port an upstream patch.

Last edited 15 months ago by wraitii (previous) (diff)

comment:4 Changed 9 months ago by Itms

Description: modified (diff)

Can we push that to A23 or is there an important library update that needs to be performed before packaging?

comment:5 Changed 9 months ago by fabio

Most (all?) libraries in should be updated for a22, some due to security issues.

Wraitii use of Homebrew can wait for a future release.

comment:6 Changed 9 months ago by fabio

Suggested for a22:

 # libpng was included as part of X11 but that's removed from Mountain Lion
 # (also the Snow Leopard version was ancient 1.2)
 # gloox is necessary for multiplayer lobby
 # NSPR is necessary for threadsafe Spidermonkey
 # OS X only includes part of ICU, and only the dylib
 # NOTE: remember to also update LIB_URL below when changing version

comment:7 Changed 9 months ago by Itms

Alright, I hope wraitii can look into that.

I'm going to look into performing a few updates on Windows as well, they are long due.

comment:8 Changed 9 months ago by elexis

Besides that zlib version not being available anymore (reported in #4639), nigel87 also uses OSX Sierra 10.12 which fails to build wxWidgets due to including quicktime which was dropped from that OS:

He tried passing WXWIDGETS_VERSION="wxWidgets-3.0.3" and added --disable-qtkit for CONF_OPTS in L356, but that didn't help.

comment:9 Changed 9 months ago by elexis

In 19825:

Update OSX zlib version to the most recent and now only one hosted.

Fixes #4639
Refs #4362
Differential Revision:
Tested By: Tobbi

comment:10 Changed 9 months ago by elexis

Keywords: rfc removed

comment:11 Changed 9 months ago by elexis

In 19848:

Update OSX libraries to the most recently released versions.

Remove wxWidgets patch from rP16155 that had been merged with the new release.

Differential Revision:
Refs #4362
Based On Patch By: fabio
Discussed With: leper
Tested By: Tobbi, Itms

comment:12 Changed 9 months ago by elexis

Four exploits in the latest release of libxml2 mentioned in should be either patched or it should be confirmed that we are not affected. Rest of the library versions should be checked for exploitable vulnerabilities too.

comment:13 Changed 9 months ago by elexis

Phab:D699 for the libxml2 snapshot.

comment:14 Changed 8 months ago by elexis

Milestone: Alpha 22Backlog

I set this to backlog because noone has the will to update libxml2 to the most recent dev snapshot before the alpha 22 release and because we will need a new ticket to keep track of updates for the next releases if this was closed as fixed.

comment:15 Changed 3 months ago by stan

for macosx, im encountering error: 'connectx' is only available on macOS 10.11 or newer while installing libraries on curl-7.54.0, fix is to update to curl-7.56.0, see discussion here: quick fix is to update this line to : CURL_VERSION="curl-7.56.0" in libraries/osx/

Last edited 3 months ago by stan (previous) (diff)

comment:16 Changed 3 weeks ago by Itms

Keywords: patch removed
Milestone: BacklogAlpha 23
Owner: set to Itms

I am going to perform the curl change on macOS ASAP.

comment:17 Changed 7 days ago by Itms

In 21501:

Update libcurl for OSX, in order to fix the build. Use the opportunity to update libxml2 which had vulnerabilities.
Refs #4362

comment:18 Changed 7 days ago by Itms

Milestone: Alpha 23Alpha 24

comment:19 Changed 2 days ago by fabio

Given #4790 was recently closed, here is an update of latest libraries and current status (to be A23) for OS X:

Most are a bit behind and some are possibly security related. Patching is trivial, but it would likely need some testing.

Last edited 38 hours ago by fabio (previous) (diff)
Note: See TracTickets for help on using tickets.