From owner-freebsd-security  Tue Dec  4  9:42:24 2001
Delivered-To: freebsd-security@freebsd.org
Received: from giganda.komkon.org (giganda.komkon.org [209.125.17.66])
	by hub.freebsd.org (Postfix) with ESMTP
	id 45D5737B420; Tue,  4 Dec 2001 09:41:02 -0800 (PST)
Received: (from str@localhost)
	by giganda.komkon.org (8.11.3/8.11.3) id fB4Hf1m08039;
	Tue, 4 Dec 2001 12:41:01 -0500 (EST)
	(envelope-from str)
Date: Tue, 4 Dec 2001 12:41:01 -0500 (EST)
From: Igor Roshchin <str@giganda.komkon.org>
Message-Id: <200112041741.fB4Hf1m08039@giganda.komkon.org>
To: security-officer@freebsd.org
Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-01:63.openssh
Cc: security@freebsd.org
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


Hello!

I just tried to apply the patch to 4.3-RELEASE.
The patch applied cleanly, but it stopped with a compilation error,
not finding one of the libraries:

cc -O -pipe  -DLIBWRAP -DHAVE_LOGIN_CAP -DLOGIN_ACCESS -I/usr/src/secure/usr.sbi
n/sshd/../../../usr.bin/login -DUSE_PAM -DHAVE_PAM_GETENVLIST -DSKEY -DNO_IDEA
 -DXAUTH_PATH=\"/usr/X11R6/bin/xauth\"  -o sshd sshd.o auth-rhosts.o auth-passwd
.o auth-rsa.o auth-rh-rsa.o pty.o log-server.o login.o servconf.o serverloop.o a
uth.o auth1.o auth2.o auth-options.o session.o login_access.o dh.o auth-pam.o  -
lopie -lmd -L/usr/src/secure/usr.sbin/sshd/../../lib/libssh -lssh -lcrypt -lcryp
to -lutil -lz -lwrap  -lpam
/usr/libexec/elf/ld: cannot find -lssh
*** Error code 1

Stop in /usr/src/secure/usr.sbin/sshd.

A full transcript follows.

It looks like it does not do make in /usr/src/secure/lib/libssh.
    cd /usr/src/secure/lib/libssh 
    make depend && make all
did the job.



Igor




 [12:24] [807] ...src/crypto/openssh#patch < sshd.patch
Hmm...  Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|===================================================================
|RCS file: /c/ncvs/src/crypto/openssh/session.c,v
|retrieving revision 1.4.2.10
|retrieving revision 1.4.2.11
|diff -u -p -r1.4.2.10 -r1.4.2.11
|--- src/crypto/openssh/session.c       2001/11/21 10:45:15     1.4.2.10
|+++ src/crypto/openssh/session.c       2001/12/03 00:53:28     1.4.2.11
--------------------------
Patching file session.c using Plan A...
Hunk #1 succeeded at 1118 (offset -36 lines).
Hunk #2 succeeded at 1131 (offset -36 lines).
done
 [12:24] [808] ...src/crypto/openssh# cd /usr/src/secure/usr.sbin/sshd  
 [12:24] [809] ...secure/usr.sbin/sshd#make depend && make all install
rm -f .depend
mkdep -f .depend -a    -DLIBWRAP -DHAVE_LOGIN_CAP -DLOGIN_ACCESS -I/usr/src/secu
re/usr.sbin/sshd/../../../usr.bin/login -DUSE_PAM -DHAVE_PAM_GETENVLIST -DSKEY -
DNO_IDEA -DXAUTH_PATH=\"/usr/X11R6/bin/xauth\"  /usr/src/secure/usr.sbin/sshd/..
/../../crypto/openssh/sshd.c /usr/src/secure/usr.sbin/sshd/../../../crypto/opens
sh/auth-rhosts.c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/auth-pass
wd.c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/auth-rsa.c /usr/src/s
ecure/usr.sbin/sshd/../../../crypto/openssh/auth-rh-rsa.c /usr/src/secure/usr.sb
in/sshd/../../../crypto/openssh/pty.c /usr/src/secure/usr.sbin/sshd/../../../cry
pto/openssh/log-server.c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/l
ogin.c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/servconf.c /usr/src
/secure/usr.sbin/sshd/../../../crypto/openssh/serverloop.c /usr/src/secure/usr.s
bin/sshd/../../../crypto/openssh/auth.c /usr/src/secure/usr.sbin/sshd/../../../c
rypto/openssh/auth1.c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/auth
2.c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/auth-options.c /usr/sr
c/secure/usr.sbin/sshd/../../../crypto/openssh/session.c /usr/src/secure/usr.sbi
n/sshd/../../../usr.bin/login/login_access.c /usr/src/secure/usr.sbin/sshd/../..
/../crypto/openssh/dh.c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/au
th-pam.c
cd /usr/src/secure/usr.sbin/sshd; make _EXTRADEPEND
echo sshd: /usr/lib/libc.a /usr/lib/libopie.a /usr/lib/libmd.a /usr/lib/libcrypt.a /usr/lib/libcrypto.a /usr/lib/libutil.a /usr/lib/libz.a /usr/lib/libwrap.a /usr/lib/libpam.a >> .depend
Warning: Object directory not changed from original /usr/src/secure/usr.sbin/sshd
cc -O -pipe  -DLIBWRAP -DHAVE_LOGIN_CAP -DLOGIN_ACCESS -I/usr/src/secure/usr.sbin/sshd/../../../usr.bin/login -DUSE_PAM -DHAVE_PAM_GETENVLIST -DSKEY -DNO_IDEA   -DXAUTH_PATH=\"/usr/X11R6/bin/xauth\" -c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/sshd.c
cc -O -pipe  -DLIBWRAP -DHAVE_LOGIN_CAP -DLOGIN_ACCESS -I/usr/src/secure/usr.sbin/sshd/../../../usr.bin/login -DUSE_PAM -DHAVE_PAM_GETENVLIST -DSKEY -DNO_IDEA   -DXAUTH_PATH=\"/usr/X11R6/bin/xauth\" -c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/auth-rhosts.c
cc -O -pipe  -DLIBWRAP -DHAVE_LOGIN_CAP -DLOGIN_ACCESS -I/usr/src/secure/usr.sbin/sshd/../../../usr.bin/login -DUSE_PAM -DHAVE_PAM_GETENVLIST -DSKEY -DNO_IDEA   -DXAUTH_PATH=\"/usr/X11R6/bin/xauth\" -c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/auth-passwd.c
cc -O -pipe  -DLIBWRAP -DHAVE_LOGIN_CAP -DLOGIN_ACCESS -I/usr/src/secure/usr.sbin/sshd/../../../usr.bin/login -DUSE_PAM -DHAVE_PAM_GETENVLIST -DSKEY -DNO_IDEA   -DXAUTH_PATH=\"/usr/X11R6/bin/xauth\" -c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/auth-rsa.c
cc -O -pipe  -DLIBWRAP -DHAVE_LOGIN_CAP -DLOGIN_ACCESS -I/usr/src/secure/usr.sbin/sshd/../../../usr.bin/login -DUSE_PAM -DHAVE_PAM_GETENVLIST -DSKEY -DNO_IDEA   -DXAUTH_PATH=\"/usr/X11R6/bin/xauth\" -c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/auth-rh-rsa.c
cc -O -pipe  -DLIBWRAP -DHAVE_LOGIN_CAP -DLOGIN_ACCESS -I/usr/src/secure/usr.sbin/sshd/../../../usr.bin/login -DUSE_PAM -DHAVE_PAM_GETENVLIST -DSKEY -DNO_IDEA   -DXAUTH_PATH=\"/usr/X11R6/bin/xauth\" -c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/pty.c
cc -O -pipe  -DLIBWRAP -DHAVE_LOGIN_CAP -DLOGIN_ACCESS -I/usr/src/secure/usr.sbin/sshd/../../../usr.bin/login -DUSE_PAM -DHAVE_PAM_GETENVLIST -DSKEY -DNO_IDEA   -DXAUTH_PATH=\"/usr/X11R6/bin/xauth\" -c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/log-server.c
cc -O -pipe  -DLIBWRAP -DHAVE_LOGIN_CAP -DLOGIN_ACCESS -I/usr/src/secure/usr.sbin/sshd/../../../usr.bin/login -DUSE_PAM -DHAVE_PAM_GETENVLIST -DSKEY -DNO_IDEA   -DXAUTH_PATH=\"/usr/X11R6/bin/xauth\" -c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/login.c
cc -O -pipe  -DLIBWRAP -DHAVE_LOGIN_CAP -DLOGIN_ACCESS -I/usr/src/secure/usr.sbin/sshd/../../../usr.bin/login -DUSE_PAM -DHAVE_PAM_GETENVLIST -DSKEY -DNO_IDEA   -DXAUTH_PATH=\"/usr/X11R6/bin/xauth\" -c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/servconf.c
cc -O -pipe  -DLIBWRAP -DHAVE_LOGIN_CAP -DLOGIN_ACCESS -I/usr/src/secure/usr.sbin/sshd/../../../usr.bin/login -DUSE_PAM -DHAVE_PAM_GETENVLIST -DSKEY -DNO_IDEA   -DXAUTH_PATH=\"/usr/X11R6/bin/xauth\" -c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/serverloop.c
cc -O -pipe  -DLIBWRAP -DHAVE_LOGIN_CAP -DLOGIN_ACCESS -I/usr/src/secure/usr.sbin/sshd/../../../usr.bin/login -DUSE_PAM -DHAVE_PAM_GETENVLIST -DSKEY -DNO_IDEA   -DXAUTH_PATH=\"/usr/X11R6/bin/xauth\" -c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/auth.c
cc -O -pipe  -DLIBWRAP -DHAVE_LOGIN_CAP -DLOGIN_ACCESS -I/usr/src/secure/usr.sbin/sshd/../../../usr.bin/login -DUSE_PAM -DHAVE_PAM_GETENVLIST -DSKEY -DNO_IDEA   -DXAUTH_PATH=\"/usr/X11R6/bin/xauth\" -c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/auth1.c
cc -O -pipe  -DLIBWRAP -DHAVE_LOGIN_CAP -DLOGIN_ACCESS -I/usr/src/secure/usr.sbin/sshd/../../../usr.bin/login -DUSE_PAM -DHAVE_PAM_GETENVLIST -DSKEY -DNO_IDEA   -DXAUTH_PATH=\"/usr/X11R6/bin/xauth\" -c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/auth2.c
cc -O -pipe  -DLIBWRAP -DHAVE_LOGIN_CAP -DLOGIN_ACCESS -I/usr/src/secure/usr.sbin/sshd/../../../usr.bin/login -DUSE_PAM -DHAVE_PAM_GETENVLIST -DSKEY -DNO_IDEA   -DXAUTH_PATH=\"/usr/X11R6/bin/xauth\" -c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/auth-options.c
cc -O -pipe  -DLIBWRAP -DHAVE_LOGIN_CAP -DLOGIN_ACCESS -I/usr/src/secure/usr.sbin/sshd/../../../usr.bin/login -DUSE_PAM -DHAVE_PAM_GETENVLIST -DSKEY -DNO_IDEA   -DXAUTH_PATH=\"/usr/X11R6/bin/xauth\" -c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/session.c
cc -O -pipe  -DLIBWRAP -DHAVE_LOGIN_CAP -DLOGIN_ACCESS -I/usr/src/secure/usr.sbin/sshd/../../../usr.bin/login -DUSE_PAM -DHAVE_PAM_GETENVLIST -DSKEY -DNO_IDEA   -DXAUTH_PATH=\"/usr/X11R6/bin/xauth\" -c /usr/src/secure/usr.sbin/sshd/../../../usr.bin/login/login_access.c
cc -O -pipe  -DLIBWRAP -DHAVE_LOGIN_CAP -DLOGIN_ACCESS -I/usr/src/secure/usr.sbin/sshd/../../../usr.bin/login -DUSE_PAM -DHAVE_PAM_GETENVLIST -DSKEY -DNO_IDEA   -DXAUTH_PATH=\"/usr/X11R6/bin/xauth\" -c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/dh.c
cc -O -pipe  -DLIBWRAP -DHAVE_LOGIN_CAP -DLOGIN_ACCESS -I/usr/src/secure/usr.sbin/sshd/../../../usr.bin/login -DUSE_PAM -DHAVE_PAM_GETENVLIST -DSKEY -DNO_IDEA   -DXAUTH_PATH=\"/usr/X11R6/bin/xauth\" -c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/auth-pam.c
/usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/auth-pam.c: In function `pamconv':
/usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/auth-pam.c:109: warning: passing arg 1 of `read_passphrase' discards qualifiers from pointer target type
cc -O -pipe  -DLIBWRAP -DHAVE_LOGIN_CAP -DLOGIN_ACCESS -I/usr/src/secure/usr.sbin/sshd/../../../usr.bin/login -DUSE_PAM -DHAVE_PAM_GETENVLIST -DSKEY -DNO_IDEA   -DXAUTH_PATH=\"/usr/X11R6/bin/xauth\"  -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o pty.o log-server.o login.o servconf.o serverloop.o auth.o auth1.o auth2.o auth-options.o session.o login_access.o dh.o auth-pam.o  -lopie -lmd -L/usr/src/secure/usr.sbin/sshd/../../lib/libssh -lssh -lcrypt -lcrypto -lutil -lz -lwrap  -lpam
/usr/libexec/elf/ld: cannot find -lssh
*** Error code 1

Stop in /usr/src/secure/usr.sbin/sshd.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message