Fix warnings caused by libmicrohttpd v0.9.74 #259
Conversation
|
Marked this as draft, because I'm not sure how to handle |
LeSpocky
changed the title
I'd be tempted to just remove it. There was already a discussion abouit it in a different thread |
|
Just to add to the above, our current minimum bar for libmicrohttpd is 0.9.53; so you can just remove anything that wasn't there in that version (no need to keep it in optional compilation to support any version of libmicrohttpd < 0.9.53). Although, I suspect that removing the MHD_HTTP_UNORDERED_COLLECTION would bump us up to version 0.9.63 (which I am not against per se, given it is 3 years old) |
That was #176 as far as I can see? |
|
Yep - you are correct |
|
Let's just fix the README in the requirements to point to libmicrohttpd |
According to my analysis in #176 (#176 (comment)) it would be 0.9.64 … should this just go to README.md or be a hard requirement against libmicrohttpd at build time? |
|
You are right, and it should be both - the configure.ac has a check for the minimum version of libmicrohttpd; we'll just need to update that. |
|
I've added the 0.9.64 version to the private S3. You will have to update both appveyor and github actions to point to that version. |
That HTTP status code was removed from RFC and marked deprecated in libmicrohttpd from v0.9.64 onwards. MHD throws a deprecation warning now when using MHD_HTTP_UNORDERED_COLLECTION, leading to build failures if -Werror is set (as with libhttpserver debug builds). Fixes: etr#176 Suggested-by: Sebastiano Merlino <electrictwister2000@gmail.com> Signed-off-by: Alexander Dahl <ada@thorsis.com>
libmicrohttpd deprecated those two definitions, and replaced them with new ones for the same numeric codes with version v0.9.74. Compiler throws a warning when using those definitions in libhttpserver, and thus debug build fails due to -Werror. Fixes: etr#258 Signed-off-by: Alexander Dahl <ada@thorsis.com>
We are about to update the minimal required version of libmicrohttpd to 0.9.64 and depend on that in configure.ac and CI should not fail then.
|
The CodeQL test does not fail on libhttpserver but on libmicrohttpd:
|
|
That's annoying. We should skip the libmicrohttpd directory from CodeQL (as we don't have control of that). It will require us introducing a custom codeql config file as in: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-a-custom-configuration-file; and specify exclude paths as in: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#specifying-directories-to-scan |
🙄 Reading again in the docs:
However that gives me no hint and https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/troubleshooting-the-codeql-workflow is of no help either. This reads for me like: “only build what you want to have analyzed” and that would make it impossible because libmicrohttpd is needed. Maybe one can install it from the Ubuntu repositories instead of building it? https://packages.ubuntu.com/impish/libmicrohttpd-dev |
Yeah, the only two ways that come to mind are: (1) remove libmicrohttpd build directory before running CodeQL (not sure it would work); (2) using indeed a system-installed version. |
(1) Maybe this is possible by setting up interdependent jobs? https://docs.github.com/en/actions/using-workflows/advanced-workflow-features#creating-dependent-jobs (1) Or just move the step installing the dependency upwards before the CodeQL init step? Will try that. (2) For installing things I found this: https://docs.github.com/en/actions/using-github-hosted-runners/customizing-github-hosted-runners |
|
The inversion seems to have worked. |
|
I guess at this point is just a matter of aligning the configure.ac and the README |
So changes to CodeQL workflow should go to another PR before this then? And it's not only about removing MHD_HTTP_UNORDERED_COLLECTION and bumping the required version. What about the two other definitions? |
I might be missing what you mean. You already have everything here (removal of MHD_HTTP_UNORDRED_COLLECTION and CodeQL changes); all I was saying was to do also the changes to the README and the configure.ac. Does it make sense? |
|
You are right. I somehow thought I had already done this. Had a look at the changes again and it's still missing. Oops. Will add it later today. |
Previously analyze init came before building libmicrohttpd which let CodeQL analyze libmicrohttpd as well. Since libmicrohttpd is not under our control, each change in that could introduce distracting analyze warnings/errors. Apparently CodeQL analyzes everything built after that init step for compiled languages. Moving dependencies before init seems to solve that.
libmicrohttpd deprecated the definition of MHD_HTTP_UNORDERED_COLLECTION with 0.9.64 without alternative. Thus `http_utils::http_unordered_collection` was removed from libhttpserver and the requirement bump reflects those changes. Goal is to get rid of the deprecation warnings reported with etr#176 and etr#258. libmicrohttpd 0.9.64 was released in June 2019 (2019-06-09), almost three years ago.
2 participants
Identify the Bug
#176, #258
Description of the Change
This adds the same definitions as introduced with libmicrohttpd v0.9.74 if built against earlier versions of libmicrohttpd, at least for two out of three. The other was not renamed in libmicrohttpd, but "removed".
Alternate Designs
Do not rely on libmicrohttpd, but use integer literals directly.
Possible Drawbacks
More compat code.
Verification Process
Build against libmicrohttpd v0.9.75, v0.9.74, and v0.9.73.
Release Notes
http_utils::http_unordered_collection