Call for testing: openssh-9.1
Val Baranov
val.baranov at duke.edu
Sat Oct 8 09:44:44 AEDT 2022
On Monday, October 3, 2022 5:33 AM
Darren Tucker <dtucker at dtucker.net> wrote:
>On Fri, 30 Sept 2022 at 02:23, Val Baranov <val.baranov at duke.edu> wrote:
>> For a number of releases since introducing OpenSSH ver. 8, AIX experiencing a problem configuring OpenSSH with static OpenSSL libs ver. 1.1.1.(x).
>The thing that changed is that your libcrypto is now built to link against pthreads whereas previously it was not. It's not a change in OpenSSH itself.
>> Looks like it is a sort of misleading info provided by "configure" output by displaying the error with "libcrypto" while in fact "config.log" contains lines with ".pthread" errors just before "libcrypto" error (could it be a 'side' effect of ".pthread" symbols being not found - ?).
>> ld: 0711-317 ERROR: Undefined symbol: .pthread_atfork
>This means that the little test program configure tried to build failed when linking because the pthreads functions were not available to it. Configure itself does not know why >it failed, just that it failed. That was resolved when you added -lpthreads to LDFLAGS.
>As it stands, configure does not know that libcrypto needs pthreads.
>The usual way of dealing with this is pkg-config, which reads that data from .pc files, although OpenSSH does not currently use that for OpenSSL. You may find there's a libcrypto.pc file in there somewhere with lines something like:
>Libs: -L${libdir} -lcrypto
>Libs.private: -lz -ldl -pthread
>although you may not, as my understanding is that even modern AIX does not have pkg-config (certainly the ancient versions I am familiar with do not).
>We should probably tell configure to use pkg-config for OpenSSL, but that's a non-trivial change (even with the recent simplifications done with the OpenSSL configure bits), it won't help if you don't have pkg-config and it'd have to go in early in the next release cycle anyway.
>Is your libcrypto part of the base OS, in /opt/freeware or something else?
"libcrypto" is not a part of OS but is locally built under "/usr/local/openssl".
The information above looks reasonable, because the issue was first discovered upon moving out from OpenSSL 1.0.1 over to 1.1.1 (I can accept that some changes were introduced with ver. 1.1.1).
Another thing found is that, OpenSSH 9.1p "configure" failed anyway with the same "libcrypto" error even if using "-lpthread", thus producing another set of errors but this time related to "zlib":
<...>
configure:15328: cc -qlanglvl=extc99 -o conftest -g -q64 -I/usr/local/openssl/include -I/usr/local/zlib/include -L/usr/local/openssl/lib -L/usr/local/zlib/lib -q64 conftest.c -lcrypto -lpthread >&5
ld: 0711-317 ERROR: Undefined symbol: .deflate
ld: 0711-317 ERROR: Undefined symbol: .zError
ld: 0711-317 ERROR: Undefined symbol: .deflateInit_
ld: 0711-317 ERROR: Undefined symbol: .inflate
ld: 0711-317 ERROR: Undefined symbol: .inflateInit_
ld: 0711-317 ERROR: Undefined symbol: .inflateEnd
ld: 0711-317 ERROR: Undefined symbol: .deflateEnd
So, now "configure" requires
--with-libs='-lpthread -lz'
To finish successfully.
For testing purposes, two sources ver. 8.9p1 and 9.1p1 were configured in the same environment one-by-one in a matter of few minutes.
Ver. 8.9p1 finished successfully while ver. 9.1p1 produced the errors above unless "-lz" option is added - this is a strong evidence (am I wrong?) that, something has changes starting OpenSSH ver. 9.X.
--
Val Baranov (val.baranov at duke.edu
More information about the openssh-unix-dev
mailing list