Gentoo Archives: gentoo-alt

From: Matt Michalowski <me@××××××××.au>
To: gentoo-alt@l.g.o
Subject: Re: [gentoo-alt] openssh 5 mask
Date: Thu, 15 May 2008 12:46:19
In Reply to: Re: [gentoo-alt] openssh 5 mask by Fabian Groffen
Fabian Groffen wrote:
> On 15-05-2008 10:45:56 +0200, Markus Duft wrote: > >> Fabian, >> >> what about the openssh 5.0 mask? Could you check that again, please? >> It even compiles on interix ;) so shouldn't be too much of a problem. >> Also I get the impression that it's not much different from v4.7, >> since nearly all patches/hunks applied unmodified. Which symbols where >> undefined when you tried? What USE flags did you use? Maybe it >> compiles here because I'm missing something you had set. >> > > It massively breaks on Darwin. > > Well, if you test on Linux, Solaris, AIX and HPUX, feel free to unmask > and move the mask to the darwin/macos level. If Linux and/or Solaris > don't work with it, I feel we should keep it globally masked. > > >
This is what I get with openssh-5.0_p1-r1 on amd64-linux: x86_64-pc-linux-gnu-gcc -o ssh ssh.o readconf.o clientloop.o sshtty.o sshconnect.o sshconnect1.o sshconnect2.o -L. -Lopenbsd-compat/ -fstack-protector -lssh -lopenbsd-compat -L/opt/hwbp/usr/lib64 -lssl -lcrypto -ldl -lutil -lz -lnsl -lcrypt -lresolv -lresolv ssh.o: In function `env_permitted': ssh.c:(.text+0x220): undefined reference to `__stack_chk_fail' ssh.o: In function `main': ssh.c:(.text+0x27e4): undefined reference to `__stack_chk_fail' readconf.o: In function `process_config_line': readconf.c:(.text+0x1852): undefined reference to `__stack_chk_fail' readconf.o: In function `read_config_file': readconf.c:(.text+0x20f4): undefined reference to `__stack_chk_fail' clientloop.o: In function `client_session2_setup': clientloop.c:(.text+0x426): undefined reference to `__stack_chk_fail' clientloop.o:clientloop.c:(.text+0x12cb): more undefined references to `__stack_chk_fail' follow collect2: ld returned 1 exit status make: *** [ssh] Error 1 The problem is that the openssh configure checks that the compiler supports -fstack-protector which succeeds: configure:5418: checking if x86_64-pc-linux-gnu-gcc supports -fstack-protector configure:5441: x86_64-pc-linux-gnu-gcc -o conftest -O2 -pipe -fno-stack-protector -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wno-pointer-sign -fstack-protector -Werror -fstack-protector -Werror conftest.c >&5 configure:5447: $? = 0 configure:5453: result: yes configure:5457: checking if -fstack-protector works configure:5482: x86_64-pc-linux-gnu-gcc -o conftest -O2 -pipe -fno-stack-protector -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wno-pointer-sign -fstack-protector -fstack-protector conftest.c >&5 configure:5485: $? = 0 configure:5491: ./conftest configure:5494: $? = 0 configure:5496: result: yes Yet the toolchain.eclass has configured gcc with --disable-libssp, so I don't have libssp. A couple of solutions I can think of but haven't tried: - configure openssh with --without-stackprotect - get toolchain.eclass to --enable-libssp and ensure SSP works So in my opinion, best left masked for now. Matt. -- gentoo-alt@l.g.o mailing list


Subject Author
Re: [gentoo-alt] openssh 5 mask Fabian Groffen <grobian@g.o>