vanilla build of 7.7p1 release on linux/4.17 fails with gcc8 @ "/usr/bin/ld: unrecognized option '-Wl,-z,retpolineplt'"
PGNet Dev
pgnet.dev at gmail.com
Fri Jun 8 12:09:00 AEST 2018
On 6/7/18 6:49 PM, Darren Tucker wrote:
> On Thu, Jun 07, 2018 at 06:14:42PM -0700, PGNet Dev wrote:
>> On 6/7/18 6:08 PM, Darren Tucker wrote:
>>> Well the intent is you should be able to set CC and LD to whatever you
>>> want as long as they work. In this case, the OSSH_CHECK_LDFLAG_LINK
>>> test invokes autoconf's AC_LINK_IFELSE with uses CC not LD. I'm not
>>> sure what to do about it yet though.
>
> I don't see a way to get AC_LINK_IFELSE to use $LD rather than $CC,
> but I think we can prevent this problem by detecting the unsupported
> option earlier. Please try this diff. It should also prevent the
> warnings in the LD=gcc case.
>
> (Note you will need to run "autoreconf" to rebuild configure after
> applying it, then run ./configure.)
now 'relro'? 1st to figure out what that is/does ...
unset LDFLAGS CFLAGS CXXFLAGS CPPFLAGS
make distclean
patch -p1 < /usr/local/src/openssh/ld.patch
patching file aclocal.m4
autoreconf -fiv
echo $LD
/usr/bin/ld
./configure --prefix="/usr/local" --without-openssl
make V=1
...
ranlib libssh.a
/usr/bin/gcc-8 -g -O2 -pipe -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing -mfunction-return=thunk -mindirect-branch=thunk -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/usr/local/etc\" -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/lib/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/local/lib/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/local/lib/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/local/lib/ssh-pkcs11-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ssh.c -o ssh.o
/usr/bin/gcc-8 -g -O2 -pipe -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing -mfunction-return=thunk -mindirect-branch=thunk -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/usr/local/etc\" -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/lib/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/local/lib/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/local/lib/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/local/lib/ssh-pkcs11-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c readconf.c -o readconf.o
/usr/bin/gcc-8 -g -O2 -pipe -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing -mfunction-return=thunk -mindirect-branch=thunk -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/usr/local/etc\" -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/lib/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/local/lib/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/local/lib/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/local/lib/ssh-pkcs11-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c clientloop.c -o clientloop.o
clientloop.c: In function ‘client_x11_get_proto’:
clientloop.c:378:14: warning: ‘%s’ directive output may be truncated writing up to 4095 bytes into a region of size 1020 [-Wformat-truncation=]
"%s %s%s list %s 2>" _PATH_DEVNULL,
^~
clientloop.c:381:20:
generated ? xauthfile : "",
~~~~~~~~~
In file included from /usr/include/stdio.h:862,
from /usr/include/bsd/libutil.h:46,
from includes.h:141,
from clientloop.c:62:
/usr/include/bits/stdio2.h:64:10: note: ‘__builtin___snprintf_chk’ output 23 or more bytes (assuming 4118) into a destination of size 1024
return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
__bos (__s), __fmt, __va_arg_pack ());
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/bin/gcc-8 -g -O2 -pipe -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing -mfunction-return=thunk -mindirect-branch=thunk -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/usr/local/etc\" -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/lib/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/local/lib/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/local/lib/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/local/lib/ssh-pkcs11-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sshtty.c -o sshtty.o
/usr/bin/gcc-8 -g -O2 -pipe -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing -mfunction-return=thunk -mindirect-branch=thunk -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/usr/local/etc\" -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/lib/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/local/lib/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/local/lib/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/local/lib/ssh-pkcs11-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sshconnect.c -o sshconnect.o
sshconnect.c: In function ‘check_host_key.constprop’:
sshconnect.c:1047:8: warning: ‘%s’ directive output may be truncated writing up to 1023 bytes into a region of size between 773 and 973 [-Wformat-truncation=]
"The authenticity of host '%.200s (%s)' can't be "
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sshconnect.c:1052:18:
host, ip, msg1, type, fp,
~~~~
sshconnect.c:1048:20: note: format string is defined here
"established%s\n"
^~
In file included from /usr/include/stdio.h:862,
from /usr/include/bsd/libutil.h:46,
from includes.h:141,
from sshconnect.c:16:
/usr/include/bits/stdio2.h:64:10: note: ‘__builtin___snprintf_chk’ output 130 or more bytes (assuming 2377) into a destination of size 1024
return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
__bos (__s), __fmt, __va_arg_pack ());
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/bin/gcc-8 -g -O2 -pipe -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing -mfunction-return=thunk -mindirect-branch=thunk -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/usr/local/etc\" -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/lib/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/local/lib/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/local/lib/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/local/lib/ssh-pkcs11-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sshconnect2.c -o sshconnect2.o
/usr/bin/gcc-8 -g -O2 -pipe -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing -mfunction-return=thunk -mindirect-branch=thunk -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/usr/local/etc\" -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/lib/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/local/lib/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/local/lib/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/local/lib/ssh-pkcs11-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c mux.c -o mux.o
/usr/bin/ld -o ssh ssh.o readconf.o clientloop.o sshtty.o sshconnect.o sshconnect2.o mux.o -L. -Lopenbsd-compat/ -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie -lssh -lopenbsd-compat -lutil -lz -lcrypt -lresolv
/usr/bin/ld: unrecognized option '-Wl,-z,relro'
/usr/bin/ld: use the --help option for usage information
make: *** [Makefile:172: ssh] Error 1
More information about the openssh-unix-dev
mailing list