Gentoo Archives: gentoo-alt

From: Markus Duft <mduft@g.o>
To: gentoo-alt@l.g.o
Subject: RE: [gentoo-alt] openssh 5 mask
Date: Thu, 15 May 2008 13:29:44
Message-Id: 007201c8b68f$14eaf460$3ec0dd20$@org
In Reply to: Re: [gentoo-alt] openssh 5 mask by Fabian Groffen
> > On 15-05-2008 22:46:13 +1000, Matt Michalowski wrote: > > This is what I get with openssh-5.0_p1-r1 on amd64-linux: > > x86_64-pc-linux-gnu-gcc -o ssh ssh.o readconf.o clientloop.o sshtty.o > > sshconnect.o sshconnect1.o sshconnect2.o -L. -Lopenbsd-compat/ > > -fstack-protector -lssh -lopenbsd-compat -L/opt/hwbp/usr/lib64 -lssl > > -lcrypto -ldl -lutil -lz -lnsl -lcrypt -lresolv -lresolv > > ssh.o: In function `env_permitted': > > ssh.c:(.text+0x220): undefined reference to `__stack_chk_fail' > [snip] > > The problem is that the openssh configure checks that the compiler supports > > -fstack-protector which succeeds: > > configure:5418: checking if x86_64-pc-linux-gnu-gcc supports > > -fstack-protector > [snip] > > Yet the toolchain.eclass has configured gcc with --disable-libssp, so I > > don't have libssp. A couple of solutions I can think of but haven't tried: > > - configure openssh with --without-stackprotect > > - get toolchain.eclass to --enable-libssp and ensure SSP works > > > > So in my opinion, best left masked for now.
That would explain why it's working here, since I think interix doesn't support the ssp. Still I don't understand how the check program can link without libssp...? I think the check is fishy...
> > Thanks for the in depth explanation. I'd not be surprised if Solaris > actually has the same problem.
If solaris supports ssp, yes, i think so too.
> > I've no idea of it in the main tree, but since it doesn't even compile > on Linux, I'd say, keep it masked.
Yeah, but maybe disabling the ssp for configure is the right way to go, since ssp is explicitly disabled when building gcc. I don't think that it will help sitting it out.
> > If Interix needs it, and has it compiling all the way, Markus use > package.unmask in the interix profile.
I could live with 4.7 too, if I must... also somehow I didn't manage to get it unmasked other than commenting out the mask... I tried almost half an hour with package.unmask in different locations, etc.... it didn't work *arg*... Cheers, Markus
> > > -- > Fabian Groffen > Gentoo on a different level > -- > gentoo-alt@l.g.o mailing list
-- gentoo-alt@l.g.o mailing list


Subject Author
Re: [gentoo-alt] openssh 5 mask Fabian Groffen <grobian@g.o>