Gentoo Archives: gentoo-alt

From: Matt Michalowski <me@××××××××.au>
To: gentoo-alt@l.g.o
Subject: Re: [gentoo-alt] openssh 5 mask
Date: Thu, 15 May 2008 12:46:19
Message-Id: 482C3095.7020308@mattm.id.au
In Reply to: Re: [gentoo-alt] openssh 5 mask by Fabian Groffen
1 Fabian Groffen wrote:
2 > On 15-05-2008 10:45:56 +0200, Markus Duft wrote:
3 >
4 >> Fabian,
5 >>
6 >> what about the openssh 5.0 mask? Could you check that again, please?
7 >> It even compiles on interix ;) so shouldn't be too much of a problem.
8 >> Also I get the impression that it's not much different from v4.7,
9 >> since nearly all patches/hunks applied unmodified. Which symbols where
10 >> undefined when you tried? What USE flags did you use? Maybe it
11 >> compiles here because I'm missing something you had set.
12 >>
13 >
14 > It massively breaks on Darwin.
15 >
16 > Well, if you test on Linux, Solaris, AIX and HPUX, feel free to unmask
17 > and move the mask to the darwin/macos level. If Linux and/or Solaris
18 > don't work with it, I feel we should keep it globally masked.
19 >
20 >
21 >
22 This is what I get with openssh-5.0_p1-r1 on amd64-linux:
23 x86_64-pc-linux-gnu-gcc -o ssh ssh.o readconf.o clientloop.o sshtty.o
24 sshconnect.o sshconnect1.o sshconnect2.o -L. -Lopenbsd-compat/
25 -fstack-protector -lssh -lopenbsd-compat -L/opt/hwbp/usr/lib64 -lssl
26 -lcrypto -ldl -lutil -lz -lnsl -lcrypt -lresolv -lresolv
27 ssh.o: In function `env_permitted':
28 ssh.c:(.text+0x220): undefined reference to `__stack_chk_fail'
29 ssh.o: In function `main':
30 ssh.c:(.text+0x27e4): undefined reference to `__stack_chk_fail'
31 readconf.o: In function `process_config_line':
32 readconf.c:(.text+0x1852): undefined reference to `__stack_chk_fail'
33 readconf.o: In function `read_config_file':
34 readconf.c:(.text+0x20f4): undefined reference to `__stack_chk_fail'
35 clientloop.o: In function `client_session2_setup':
36 clientloop.c:(.text+0x426): undefined reference to `__stack_chk_fail'
37 clientloop.o:clientloop.c:(.text+0x12cb): more undefined references to
38 `__stack_chk_fail' follow
39 collect2: ld returned 1 exit status
40 make: *** [ssh] Error 1
41
42 The problem is that the openssh configure checks that the compiler
43 supports -fstack-protector which succeeds:
44 configure:5418: checking if x86_64-pc-linux-gnu-gcc supports
45 -fstack-protector
46 configure:5441: x86_64-pc-linux-gnu-gcc -o conftest -O2 -pipe
47 -fno-stack-protector -Wall -Wpointer-arith -Wuninitialized
48 -Wsign-compare -Wno-pointer-sign -fstack-protector -Werror
49 -fstack-protector -Werror conftest.c >&5
50 configure:5447: $? = 0
51 configure:5453: result: yes
52 configure:5457: checking if -fstack-protector works
53 configure:5482: x86_64-pc-linux-gnu-gcc -o conftest -O2 -pipe
54 -fno-stack-protector -Wall -Wpointer-arith -Wuninitialized
55 -Wsign-compare -Wno-pointer-sign -fstack-protector -fstack-protector
56 conftest.c >&5
57 configure:5485: $? = 0
58 configure:5491: ./conftest
59 configure:5494: $? = 0
60 configure:5496: result: yes
61
62 Yet the toolchain.eclass has configured gcc with --disable-libssp, so I
63 don't have libssp. A couple of solutions I can think of but haven't tried:
64 - configure openssh with --without-stackprotect
65 - get toolchain.eclass to --enable-libssp and ensure SSP works
66
67 So in my opinion, best left masked for now.
68
69 Matt.
70
71 --
72 gentoo-alt@l.g.o mailing list

Replies

Subject Author
Re: [gentoo-alt] openssh 5 mask Fabian Groffen <grobian@g.o>