On Mon, Jun 22, 2009 at 07:08:26AM +0200, Aurelien Jarno wrote: > On Mon, Jun 22, 2009 at 07:05:05AM +0200, Aurelien Jarno wrote: > > On Sat, Jun 13, 2009 at 11:59:10AM +0200, Luk Claes wrote: > > > Colin Watson wrote: > > > > On Fri, Jun 05, 2009 at 10:34:36PM +0200, Luk Claes wrote: > > > >> Colin Watson wrote: > > > >>> On Fri, Jun 05, 2009 at 08:11:43AM +0200, Luk Claes wrote: > > > >>>> mips and mipsel do now also need the -fPIC compilation flag to make > > > >>>> sure shared objects only contain position independent code. > > > >>> It surprises me that -fPIE doesn't imply this. Anyway, I've committed > > > >>> a > > > >>> fix, thanks. > > > >> Apparently this does not fix it :-( > > > >> > > > >> Maybe it's a mips* specific binutils issue? > > > > > > > > The build log > > > > (https://buildd.debian.org/fetch.cgi?pkg=openssh;ver=1%3A5.1p1-6;arch=mips;stamp=1244203115) > > > > says (reordering slightly to eliminate 'make -j' confusion): > > > > > > > > gcc -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o > > > > auth-rh-rsa.o sshpty.o sshlogin.o servconf.o serverloop.o auth.o > > > > auth1.o auth2.o auth-options.o session.o auth-chall.o auth2-chall.o > > > > groupaccess.o auth-skey.o auth-bsdauth.o auth2-hostbased.o > > > > auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o monitor_mm.o > > > > monitor.o monitor_wrap.o kexdhs.o kexgexs.o auth-krb5.o auth2-gss.o > > > > gss-serv.o gss-serv-krb5.o kexgsss.o loginrec.o auth-pam.o > > > > auth-shadow.o auth-sia.o md5crypt.o audit.o audit-bsm.o platform.o > > > > sftp-server.o sftp-common.o -L. -Lopenbsd-compat/ -fPIC -fPIE -pie > > > > -lssh -lopenbsd-compat -lwrap -lpam -ldl -lselinux -lresolv -lcrypto > > > > -lutil -lz -lnsl -lcrypt -g -O2 -Wall -Wpointer-arith -Wuninitialized > > > > -Wsign-compare -Wno-pointer-sign -Wformat-security -fno-builtin-memset > > > > -std=gnu99 -O2 -fPIC -fPIE -DLOGIN_PROGRAM="/bin/login" > > > > -DLOGIN_NO_ENDOPT -DSSH_EXTRAVERSION="Debian-6" -lgssapi_krb5 -lkrb5 > > > > -lk5crypto -lcom_err > > > > /usr/bin/ld: non-dynamic relocations refer to dynamic symbol > > > > deny_severity > > > > /usr/bin/ld: failed to set dynamic section sizes: Bad value > > > > collect2: ld returned 1 exit status > > > > make[1]: *** [sshd] Error 1 > > > > > > > > deny_severity is a symbol defined in sshd.c, but it's there for the > > > > benefit of libwrap. If I'm reading the warning correctly, it's > > > > complaining that libwrap is "non-dynamic". > > > > > > > > libwrap is currently built with -fpic. Perhaps it needs to be built with > > > > -fPIC instead? Luk, would it be possible for you to try this out > > > > experimentally and see if it makes a difference? > > > > > > I'm going to Cc the mips list as I have currently no mips or mipsel > > > machine ready to install a recompiled libwrap0-dev (and libwrap0) from > > > tcp-wrappers (with -FPIC in debian/patches/13_shlib_weaksym instead of > > > -fpic) as build dependency of openssh. > > > > > > So can anyone rebuild tcp-wrappers on mips or mipsel as described above > > > and use that to compile openssh to test if it builds successfully? > > > > > > > On mips, -fpic and -fPIC should be the same, and this is confirmed by > > tests this does not change the result. > > > > The problem actually has nothing to do with -fpic, it is due to the fact > > that deny_severity is exported by libwrap0, while being redeclared in > > in sshd.c. In <tcpd.h> it is defined as (debian specific change) > > > > | #ifdef HAVE_WEAKSYMS > > | extern int allow_severity __attribute__ ((weak)); /* for connection > > logging */ > > | extern int deny_severity __attribute__ ((weak)); /* for connection > > logging */ > > | #else > > | extern int allow_severity; /* for connection logging */ > > | extern int deny_severity; /* for connection logging */ > > | #endif > > > > When <tcpd.h> is included from inside of tcp-wrappers, HAVE_WEAKSYMS is > > not defined. When included from sshd.c it is not, so the non-weak > > declaration of allow_severity and deny_severity is used. > > > > A quick workaround is to #define HAVE_WEAKSYMS before including > > <tcpd.h>. > > > > Actually this is wrong as it defines allow_severity and deny_severity as > weak symbols in sshd.c, which is wrong. The problem is in tcp-wrappers > which does not define them as weak for some unknown reason (not specific > to mips). >
And here is a patch for tcp-wrappers. It seems that binutils on mips is a bit more picky about weak symbols. OTOH, I wonder what happens on other architectures which one of the two symbols is used in the link. --- tcp-wrappers-7.6.q/debian/patches/13_shlib_weaksym +++ tcp-wrappers-7.6.q/debian/patches/13_shlib_weaksym @@ -236,7 +236,7 @@ +#endif --- /dev/null +++ b/weak_symbols.c -@@ -0,0 +1,11 @@ +@@ -0,0 +1,12 @@ + /* + * @(#) weak_symbols.h 1.5 99/12/29 23:50 + * @@ -245,6 +245,7 @@ + +#ifdef HAVE_WEAKSYMS +#include <syslog.h> ++#include <tcpd.h> +int deny_severity = LOG_WARNING; +int allow_severity = SEVERITY; +#endif -- Aurelien Jarno GPG: 1024D/F1BCDB73 aurel...@aurel32.net http://www.aurel32.net -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
