Remove my_bool from qsql_mysql.cpp

[bhlevca]

This issue is unique.

• [X] I have used the search tool and did not find an issue describing my bug.

Operating System

Linux (DEB package), Linux (RPM package)

Version information

latest from sources

Expected Behavior

The source for Linux does not compile with MySQL 8.0. my_booldoes not exist, it has bee replaced everywhere with bool

Replace my_bool with bool and it will compile just fine.

Actual Behavior

does not compile

Reproduction Steps

No response

Additional information

No response

[ShockwaveNN]

Hi, could you point out exact repo in which it used

[bhlevca]

According to this: compile on linux

https://github.com/ONLYOFFICE/build_tools.git is the only repo I can use. Do you have others?

the file is in the Subject.``

Another problem is in file qeglfskmsegldevice.h

the declaration of the function void* nativeDisplay() const override;

should be changed to

EGLNativeDisplayType nativeDisplay() const override; //BH was void*

I assume that you use a less strict compiler. However, on mine it detects the above as an error.

[ShockwaveNN]

Please point out exact file name in your file tree in which those problems are located, I think both of them may be in some 3rd-party repo and not in our code

Or better - please point out those places on github, so we can understand each other

https://github.com/ONLYOFFICE/build_tools.git is the only repo I can use. Do you have others?

It's a base repo but it'll download around 10 different repos with our code and several 3rd party dependencies

[bhlevca]

As I said in my previous mail the filename is specified in the SUBJECT. If you do a search you will find it after you download all the 3rd party code. It may be in the QT code, but the important thing is that what your code downloads code that does not compile

[ShockwaveNN]

As I said in my previous message I need full path of this file, to understand from which project it's got

And I need your host os information, on which system you've trying to build

Because currently we fully support builing only on Ububtus and I've checked full build on it not so long ago

[bhlevca]

I build on Ubuntu.

I am not in front of my computer now, but you can do a search from the bulid _tools directory

$ find . - name qsql_mysql.c

And

$ find . - name qeglfskmsegldevice.h To find the two problem files.

[ShockwaveNN]

To be sure I'll recheck compilcation on clean Ubuntu system

If I'll reproduce this problem - we'll figure something out But if it's ok on my system - those sources probably from QT and those problems should be reported in their issue tracker

[bhlevca]

I am surprised that you don't get the errors. What MySQL version and GCC version are you using? I have MySQL 8 and GCC 11.

If is a version issue, you should use the latest or enforce the version. Yes, a fresh repo is what I also suggested.

[ShockwaveNN]

Yep, this file from QT source it's located at

build_tools/tools/linux/qt-everywhere-opensource-src-5.9.9/qtbase/src/plugins/sqldrivers/mysql/qsql_mysql.cpp

Seems this is have some description on latest stable of QT https://github.com/qt/qtbase/blob/dev/src/plugins/sqldrivers/mysql/qsql_mysql.cpp#L70

I think it may changed since our used version of QT v5.9.9 but right now we cannot update QT to latest version and not to loose compatibility with some old linux OS we need to support

[ShockwaveNN]

I am surprised that you don't get the errors. What MySQL version and GCC version are you using? I have MySQL 8 and GCC 11.

# gcc --version
gcc (Ubuntu 5.4.0-6ubuntu1~16.04.12) 5.4.0

And no MySQL installed, since we don't need it to compile

[bhlevca]

gcc --version

gcc (Ubuntu 5.4.0-6ubuntu1~16.04.12) 5.4.0

No wonder that you don't get the errors. Casting void* to everything is no longer permitted. Your versions are ancient and no longer supported. Please update to Ubuntu 20.04 or even better in a week Ubuntu 22.04 will be available Ubuntu 16.04 is no longer supported LTS version. It expired lat year as Ubuntu LTS version are supported only for 5 years.

also gcc is now at 9.3 and you are using the obsolete 5.4 which is not up to the latest standard.

[ShockwaveNN]

I understand your message and partly agree with that but we got good reason to use Ubuntu 14 as our build servers

1. By some of our contracts we need to support old versions of Linuxes, some of them based on Ubuntu 14.04 And have Glibc 2.19 as a system base If we build the same executable on a newer version of the system with newer Glibc - it simply will not start, so we use the oldest one to be compatible with most system

2. Proper way to solve this problem - to have a different build environment for each popular version of Glibc and this is a good solution, but right now we have no manpower to support it

So we choose the lesser of two evils - build based on oldest Ubuntu we can get our hands

We got docker to simplify this process https://github.com/ONLYOFFICE/build_tools#using-docker

It will result proper build on the newer versions of Ubuntu

But if you really need to build it using latest and greatest version of GCC - I think you're on your own, I don't think I can help you

[bhlevca]

I understand what you are saying and partly agree, but what I don't understand is how can you have contracts for using a distro that is not supported by its maker. You use Ubuntu 16 and not 14 as you said, and support for it ended last year.

I am going to look at the docker option, but I feel that using unsupported software is not only wrong but plainly dangerous. So many dangerous bugs in the kernel have been fixed in the past year.

[ShockwaveNN]

I don't understand is how can you have contracts for using a distro that is not supported by its maker.

I don't think I can disclosure contract information, but seems you got very optimistic views in some big enterprise organizations, that nobody using old software

I feel that using unsupported software is not only wrong but plainly dangerous

If you find out some real security problems with our build process (not in theory, but some practical use) - feel free to report them to security@onlyoffice.com, we got some bug bounty program

[bhlevca]

If you find out some real security problems with our build process (not in theory, but some practical use) - feel free to report them to security@onlyoffice.com, we got some bug bounty program

It is not about your software but about kernel as I said above and you probably missed. Old, unsupported systems can be hacked. If you need a recent example: https://www.zdnet.com/article/nasty-linux-kernel-bug-found-and-fixed

I personally don't use such systems, but if corporations are cheap and do it, there's no wonder that you hear about breaches and data being compromised all the time. Your comments explain it.

You build a fine software, I was trying to help, and not to criticize.

[bhlevca]

So yes, your machines that use the old kernel if they are connected to the internet they could be hacked

[ShockwaveNN]

Thanks, we are aware of these risks and we do everything so our machines will be no hacked )

We gladly receive any report of any practical vulnerability we got, but right now this talk is only theoretical - we may have some, but most of our products are build inside docker containers this are destroyed after usage so I don't think it's very dangerous

[ShockwaveNN]

This issue was closed since we didn't found a way how to use those vulnerabilities