Mea Culpa. So ... I did some hard digging, and *part* of my problem was a pair of missing steps in my test build methodology. Here's what I've found ... On Centos 2.1 ... openssl build status ... all revs of 0.9.[6-7] arefine for static/shared library builds. Shared builds are broken in all versions from 0.9.8 upwards, while static builds are fine. CentOS 2.1AS i386 gcc-2.96-128.7.2 binutils-2.11.90.0.8-12.4 0.9.6* STATIC = OK[D] / SHARED = OK 0.9.7* STATIC = OK[D] / SHARED = OK 0.9.8* STATIC = OK[D] / SHARED = FAIL :: test BN_sqr make[1]: *** [test_bn] Error 139 1.0.* STATIC = OK[D] / SHARED = FAIL :: output word alignment test 0 1 2 3 make[1]: *** [test_des] Segmentation fault On RHEL 3.x - 5.10 - all tested versions of openssl from 0.9.6 to 1.0.1i build and pass all tests as static or shared - without issue in a clean environment (specifically nothing already in /usr/local/ssl - and no C*FLAGS variables set with *facepalm* forgotten wonky settings from previous debug builds of other packages). As a result ... the current snapshot openssh-SNAP-20140830.tar.gz builds and passes all tests in all versions of where the native openssl is insufficient. But only when a version of openssl >= 0.9.8f is installed (in /usr/local/ssl or whereever you put non-OS libs) and ld.so.conf(.d./openssl.conf - depending on OS version) is updated and ldconfig run before starting configure (<- my bad here). The holdouts for working shared openssl is RH <=2.x - on these systems the library must be static unless someone figures out where the builds are broken. On Wed, Aug 27, 2014 at 5:51 PM, Kevin Brott <kevin.brott@xxxxxxxxx> wrote: > > Tangentially related - the openssl quirks have me intrigued, so I'm going > to dive deeper into what's really required vs the quick hacks I did to get > the snapshots to build and pass tests. > > Assuming I can find the time tomorrow, I plan on sitting down and figuring > out exactly what the openssl build requirements really are, but briefly on > the hosts I'm using this is what I've seen: > > a) gcc < 4.x.x - openssl 1.0.1i will not build as shared > b) gcc >= 4.x.x - openssl 1.0.1i will build either as dynamic or static > c) on i386 systems - openssh 6.7 will build against static or dynamic > libssl with no issues > d) on x86_64 systems - openssh 6.7 will build against static libssl only > using --without-pie, otherwise libssl must be dynamic > > I'm going to look at the current (and minimal) versions of the openssl > 0.9.8, 1.0.0, and 1.0.1 series and see if I can figure out where the break > point is on static vs shared libraries (because I'm curious and I've not > looked into this before). And there's always the hope someone else will > benefit. > > > > On Wed, Aug 27, 2014 at 5:03 PM, Kevin Brott <kevin.brott@xxxxxxxxx> > wrote: > >> >> Must have bolluxed something up in the compile environment - that or >> http://www.mindrot.org/openssh_snap/openssh-SNAP-20140828.tar.gz had a >> configure tweak that fixed it. All systems tested now build and pass all >> tests. >> >> That said - the stupid race condition in that one test is cropping up >> sporadically still - I think it's related to the load (or lack thereof) on >> the VM host. >> >> With, of course, the caveat that any system with a native openssl < >> 0.9.8.f will not compile OOTB. A supplemental openssl needs to be installed >> that meets the version requirements, and then ./configure needs a >> --with-ssl-dir= directive that points to it. >> >> >> >> On Tue, Aug 26, 2014 at 11:37 PM, Damien Miller <djm@xxxxxxxxxxx> wrote: >> >>> On Tue, 26 Aug 2014, Kevin Brott wrote: >>> >>> > > 0.9.8k FAILxlc_r -g -I. -I. -I/var/tmp/ssh/include >>> > ... >>> > > roaming_client.o"/usr/include/stdarg.h", line 89.9: 1506-236 >>> > (W) Macro name >>> > > va_copy has been redefined."/usr/include/stdarg.h", line 89.9: >>> > 1506-358 (I) >>> > > "va_copy" is defined on line 829 of defines.h. xlc_r -o ssh >>> > ssh.o >>> > >>> > It looks like configure has failed to detect va_copy and is >>> > trying to >>> > supply a surrogate. There might be some clues as to what went >>> > wrong >>> > if you search for "va_copy" >>> >>> I meant to say: search config.log for "va_copy" >>> >>> -d >>> >> >> >> >> -- >> # include <stddisclaimer.h> >> /* Kevin Brott <Kevin.Brott@xxxxxxxxx> */ >> >> > > > -- > # include <stddisclaimer.h> > /* Kevin Brott <Kevin.Brott@xxxxxxxxx> */ > > -- # include <stddisclaimer.h> /* Kevin Brott <Kevin.Brott@xxxxxxxxx> */ _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev