1 |
Fabian Groffen wrote: |
2 |
> On 15-05-2008 10:45:56 +0200, Markus Duft wrote: |
3 |
> |
4 |
>> Fabian, |
5 |
>> |
6 |
>> what about the openssh 5.0 mask? Could you check that again, please? |
7 |
>> It even compiles on interix ;) so shouldn't be too much of a problem. |
8 |
>> Also I get the impression that it's not much different from v4.7, |
9 |
>> since nearly all patches/hunks applied unmodified. Which symbols where |
10 |
>> undefined when you tried? What USE flags did you use? Maybe it |
11 |
>> compiles here because I'm missing something you had set. |
12 |
>> |
13 |
> |
14 |
> It massively breaks on Darwin. |
15 |
> |
16 |
> Well, if you test on Linux, Solaris, AIX and HPUX, feel free to unmask |
17 |
> and move the mask to the darwin/macos level. If Linux and/or Solaris |
18 |
> don't work with it, I feel we should keep it globally masked. |
19 |
> |
20 |
> |
21 |
> |
22 |
This is what I get with openssh-5.0_p1-r1 on amd64-linux: |
23 |
x86_64-pc-linux-gnu-gcc -o ssh ssh.o readconf.o clientloop.o sshtty.o |
24 |
sshconnect.o sshconnect1.o sshconnect2.o -L. -Lopenbsd-compat/ |
25 |
-fstack-protector -lssh -lopenbsd-compat -L/opt/hwbp/usr/lib64 -lssl |
26 |
-lcrypto -ldl -lutil -lz -lnsl -lcrypt -lresolv -lresolv |
27 |
ssh.o: In function `env_permitted': |
28 |
ssh.c:(.text+0x220): undefined reference to `__stack_chk_fail' |
29 |
ssh.o: In function `main': |
30 |
ssh.c:(.text+0x27e4): undefined reference to `__stack_chk_fail' |
31 |
readconf.o: In function `process_config_line': |
32 |
readconf.c:(.text+0x1852): undefined reference to `__stack_chk_fail' |
33 |
readconf.o: In function `read_config_file': |
34 |
readconf.c:(.text+0x20f4): undefined reference to `__stack_chk_fail' |
35 |
clientloop.o: In function `client_session2_setup': |
36 |
clientloop.c:(.text+0x426): undefined reference to `__stack_chk_fail' |
37 |
clientloop.o:clientloop.c:(.text+0x12cb): more undefined references to |
38 |
`__stack_chk_fail' follow |
39 |
collect2: ld returned 1 exit status |
40 |
make: *** [ssh] Error 1 |
41 |
|
42 |
The problem is that the openssh configure checks that the compiler |
43 |
supports -fstack-protector which succeeds: |
44 |
configure:5418: checking if x86_64-pc-linux-gnu-gcc supports |
45 |
-fstack-protector |
46 |
configure:5441: x86_64-pc-linux-gnu-gcc -o conftest -O2 -pipe |
47 |
-fno-stack-protector -Wall -Wpointer-arith -Wuninitialized |
48 |
-Wsign-compare -Wno-pointer-sign -fstack-protector -Werror |
49 |
-fstack-protector -Werror conftest.c >&5 |
50 |
configure:5447: $? = 0 |
51 |
configure:5453: result: yes |
52 |
configure:5457: checking if -fstack-protector works |
53 |
configure:5482: x86_64-pc-linux-gnu-gcc -o conftest -O2 -pipe |
54 |
-fno-stack-protector -Wall -Wpointer-arith -Wuninitialized |
55 |
-Wsign-compare -Wno-pointer-sign -fstack-protector -fstack-protector |
56 |
conftest.c >&5 |
57 |
configure:5485: $? = 0 |
58 |
configure:5491: ./conftest |
59 |
configure:5494: $? = 0 |
60 |
configure:5496: result: yes |
61 |
|
62 |
Yet the toolchain.eclass has configured gcc with --disable-libssp, so I |
63 |
don't have libssp. A couple of solutions I can think of but haven't tried: |
64 |
- configure openssh with --without-stackprotect |
65 |
- get toolchain.eclass to --enable-libssp and ensure SSP works |
66 |
|
67 |
So in my opinion, best left masked for now. |
68 |
|
69 |
Matt. |
70 |
|
71 |
-- |
72 |
gentoo-alt@l.g.o mailing list |