RE: Call for testing: openssh-9.1

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Monday, October 3, 2022 5:33 AM
Darren Tucker <dtucker@xxxxxxxxxxx> wrote:
>On Fri, 30 Sept 2022 at 02:23, Val Baranov <val.baranov@xxxxxxxx> wrote:
>> For a number of releases since introducing OpenSSH  ver. 8, AIX experiencing a problem configuring OpenSSH with static OpenSSL libs ver. 1.1.1.(x).
>The thing that changed is that your libcrypto is now built to link against pthreads whereas previously it was not.  It's not a change in OpenSSH itself.
>> Looks like it is a sort of misleading info provided by "configure" output by displaying the error with "libcrypto" while in fact "config.log" contains lines with ".pthread" errors  just before "libcrypto" error (could it be a 'side' effect of ".pthread" symbols being not found - ?).
>> ld: 0711-317 ERROR: Undefined symbol: .pthread_atfork
>This means that the little test program configure tried to build failed when linking because the pthreads functions were not available to it.  Configure itself does not know why >it failed, just that it failed.  That was resolved when you added -lpthreads to LDFLAGS.
>As it stands, configure does not know that libcrypto needs pthreads.
>The usual way of dealing with this is pkg-config, which reads that data from .pc files, although OpenSSH does not currently use that for OpenSSL.  You may find there's a libcrypto.pc file in there somewhere with lines something like:
>Libs: -L${libdir} -lcrypto
>Libs.private: -lz -ldl -pthread
>although you may not, as my understanding is that even modern AIX does not have pkg-config (certainly the ancient versions I am familiar with do not).
>We should probably tell configure to use pkg-config for OpenSSL, but that's a non-trivial change (even with the recent simplifications done with the OpenSSL configure bits), it won't help if you don't have pkg-config and it'd have to go in early in the next release cycle anyway.
>Is your libcrypto part of the base OS, in /opt/freeware or something else?
"libcrypto" is not a part of OS but is locally built under "/usr/local/openssl".
The information above looks reasonable, because the issue was first discovered upon moving out from OpenSSL 1.0.1 over to  1.1.1 (I can accept that some changes were introduced with ver. 1.1.1). 
Another thing found is that, OpenSSH 9.1p "configure" failed anyway with the same "libcrypto" error even if using "-lpthread", thus producing another set of errors but this time related to "zlib":
<...>
configure:15328: cc -qlanglvl=extc99 -o conftest -g -q64 -I/usr/local/openssl/include -I/usr/local/zlib/include  -L/usr/local/openssl/lib -L/usr/local/zlib/lib  -q64 conftest.c -lcrypto  -lpthread >&5
ld: 0711-317 ERROR: Undefined symbol: .deflate
ld: 0711-317 ERROR: Undefined symbol: .zError
ld: 0711-317 ERROR: Undefined symbol: .deflateInit_
ld: 0711-317 ERROR: Undefined symbol: .inflate
ld: 0711-317 ERROR: Undefined symbol: .inflateInit_
ld: 0711-317 ERROR: Undefined symbol: .inflateEnd
ld: 0711-317 ERROR: Undefined symbol: .deflateEnd
So, now "configure" requires 
     --with-libs='-lpthread -lz' 
To finish successfully.
For testing purposes, two sources ver. 8.9p1 and 9.1p1 were configured in the same environment one-by-one in a matter of few minutes. 
Ver. 8.9p1 finished successfully while ver. 9.1p1 produced the errors above unless "-lz" option is added - this is a strong evidence (am I wrong?) that, something has changes starting OpenSSH ver. 9.X.

--
Val Baranov (val.baranov at duke.edu

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux