Hi Michael,
On 18/06/2021 10:35, Michael Tremer wrote:
Hello,
On 17 Jun 2021, at 19:53, Adolf Belka adolf.belka@ipfire.org wrote:
Hi All,
I found that gd was at version 2.0.33 from 2006 and there have been several updates all the way up to May this year, some of them to fix bugs or security concerns.
Definitely needs an update!
So I did a build for version 2.3.1 also taking the opportunity to disable-static libraries.
This built successfully and I also ran the find-dependencies as the libraries changed from libgd.so.2.0.0 to libgd.3.0.9 There were no dependencies on libgd.so.2 or libgd.2.0.0
As gd is used for the charts I installed the generated iso into a vm on my testbed system to confirm they worked.
None of the charts showed any data. Also the log pie charts did not work. The error message from httpd/error_log was:-
Can't load '/usr/lib/perl5/site_perl/5.32.1/x86_64-linux-thread-multi/auto/GD/GD.so' for module GD: libtiff.so.5: cannot open shared object file: No such file or directory at /usr/lib/perl5/5.32.1/x86_64-linux-thread-multi/DynaLoader.pm line 193. ^@ at /srv/web/ipfire/cgi-bin/getrrdimage.cgi line 24. Compilation failed in require at /srv/web/ipfire/cgi-bin/getrrdimage.cgi line 24. BEGIN failed--compilation aborted at /srv/web/ipfire/cgi-bin/getrrdimage.cgi line 24. [Thu Jun 17 16:38:29.559844 2021] [cgid:error] [pid 3156:tid 127227853231680] [client 192.168.200.50:49220] End of script output before headers: getrrdimage.cgi, referer: https://ipfire.localdomain:444/
This seems to be saying it can't find libtiff.so.5
Looking through the source tarballs over time I found that version 2.1.0 was where it started to look for libtiff.
I then installed the libtiff addon in my vm and the charts were all working. So the new gd requires the libtiff shared object libraries.
The addon installs a lot more than just the libtiff so libs so it does not seem right to build that structurally into the firewall.
The only option I have come up with is to copy the libtiff so's into /usr/lib/ after the install stage of gd.
libtiff is built before gd so the files are available in the build. This would seem to then provide the required libs without the rest of the libtiff files.
Is this a reasonable approach to use or is there a different method I should be using.
Can you not pass something like —-disable-tiff to the configure script of gd to avoid it linking against libtiff?
We do not generate any TIFF files here, so it would be safe to disable that functionality.
Thanks very much for the guidance. There was a configure option --without-tiff so I used that. Built successfully and then tested it in my vm testbed. All charts except memory.cgi work. I need to get more data to confirm that the log pie charts work.
With memory.cgi I get an Internal Server Error. The log gives the following:-
Bareword "collectd" not allowed while "strict subs" in use at /srv/web/ipfire/cgi-bin/memory.cgi line 59. Bareword "localhost" not allowed while "strict subs" in use at /srv/web/ipfire/cgi-bin/memory.cgi line 59. Bareword "swap" not allowed while "strict subs" in use at /srv/web/ipfire/cgi-bin/memory.cgi line 59. Execution of /srv/web/ipfire/cgi-bin/memory.cgi aborted due to compilation errors.
Looking at line 59 and checking in git this looks to be related to a change done by Stefan Schantl 8 days ago https://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=4353c579248b30167402...
I don't want to commit the patch for gd until I have memory.cgi confirmed working and enough firewall data to confirm the pie charts are working but it looks close to completion.
Regards, Adolf.
-Michael
Regards,
Adolf.
-- Sent from my laptop