Date: Sun, 13 Sep 1998 12:52:42 -0400 (EDT) From: Chuck Robey <chuckr@mat.net> To: Brian Feldman <green@unixhelp.org> Cc: William Woods <wwoods@cybcon.com>, FreebSD Current <freebsd-current@FreeBSD.ORG> Subject: Re: ssh port problem..... Message-ID: <Pine.BSF.4.02A.9809131243570.343-200000@picnic.mat.net> In-Reply-To: <Pine.BSF.4.02.9809130029570.669-100000@zone.syracuse.net>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Sun, 13 Sep 1998, Brian Feldman wrote: > Look in /usr/local/include. Delete /usr/local/include/arpa/inet.h et al. No, Brian, I don't think that's the answer. I have an answer, but only a security person could tell me if it's ok. Let me describe the problem (I left in the fault listing, or at least enough of it so you can check me). The problem is, for the gmp and z libs, those are system libs, but the lib callouts for them assume that they aren't system libs. The difference is that you use a -L switch for non-system libs, to tell the compiler where to look for them. You *don't* do that for sytem libs, the system does that. This is most especially critically important for FreeBSD-current, where the lib situation is (shall we say) a little muddy right now. Those -L/usr/lib switches have to go away. They're encapsulated in the patch-ac. I included a new patch-ac with a couple of small edits to take the -L's out of libz and libgmp. Doing this, tho, I think might have some impact on security. I don't know what it is. I hope maybe someone who knows security might comment. Don't have to know ports, just tell me if the concept is good or bad, or what other solution _would_ be PC for a security-type application. > Cheers, > Brian Feldman > > On Sat, 12 Sep 1998, William Woods wrote: > > > OK, I just installed rsarf from the ports useing make OBJFORMAT=aout and that > > worked fine, but when I do a make OBJFORMAT=aout for ssh I get the following... > > > > ------------------------------------------------------------- > > rm -f ssh > > cc -pipe -Lrsaref2/source -L/usr/local/lib -o ssh ssh.o sshconnect.o > > log-client.o readconf.o hostfile.o readpass.o tildexpand.o clientloop.o can > > ohost.o idea.o rsa.o randoms.o md5.o buffer.o emulate.o packet.o compress.o > > xmalloc.o ttymodes.o newchannels.o bufaux.o authfd.o authfile.o c > > rc32.o rsaglue.o cipher.o des.o match.o arcfour.o mpaux.o userfile.o signals.o > > blowfish.o deattack.o -L/usr/lib -lgmp -L/usr/lib -lz -lwrap -l > > rsaref -lcrypt -L/usr/local/lib -lutil > > sshconnect.o: Undefined symbol `___inet_addr' referenced from text segment > > sshconnect.o: Undefined symbol `___inet_ntoa' referenced from text segment > > sshconnect.o: Undefined symbol `___inet_ntoa' referenced from text segment > > canohost.o: Undefined symbol `___inet_ntoa' referenced from text segment > > canohost.o: Undefined symbol `___inet_ntoa' referenced from text segment > > canohost.o: Undefined symbol `___inet_ntoa' referenced from text segment > > canohost.o: Undefined symbol `___inet_ntoa' referenced from text segment > > canohost.o: Undefined symbol `___inet_ntoa' referenced from text segment > > canohost.o: Undefined symbol `___inet_ntoa' referenced from text segment > > canohost.o: Undefined symbol `___inet_ntoa' referenced from text segment > > newchannels.o: Undefined symbol `___inet_addr' referenced from text segment > > newchannels.o: Undefined symbol `___inet_addr' referenced from text segment > > newchannels.o: Undefined symbol `___inet_addr' referenced from text segment > > *** Error code 1 > > > > Stop. > > -------------------------------------------------------- > > > > Anyideas here folks ? ----------------------------+----------------------------------------------- Chuck Robey | Interests include any kind of voice or data chuckr@glue.umd.edu | communications topic, C programming, and Unix. 213 Lakeside Drive Apt T-1 | Greenbelt, MD 20770 | I run Journey2 and picnic (FreeBSD-current) (301) 220-2114 | and jaunt (NetBSD). ----------------------------+----------------------------------------------- [-- Attachment #2 --] --- Makefile.in.orig Wed Jul 8 12:40:39 1998 +++ Makefile.in Sun Sep 13 12:38:43 1998 @@ -294,12 +294,17 @@ SHELL = /bin/sh GMPDIR = gmp-2.0.2-ssh-2 -GMPLIBS = -L$(GMPDIR) -lgmp -GMPDEP = $(GMPDIR)/gmp.h $(GMPDIR)/libgmp.a +# We have the same libgmp in the system, so use it instead +GMPINCDIR = /usr/include +GMPLIBDIR = /usr/lib +GMPLIBS = -lgmp +GMPDEP = $(GMPINCDIR)/gmp.h $(GMPLIBDIR)/libgmp.a ZLIBDIR = zlib-1.0.4 -ZLIBDEP = $(ZLIBDIR)/libz.a -ZLIBLIBS = -L$(ZLIBDIR) -lz +ZLIBINCDIR = /usr/include +ZLIBLIBDIR = /usr/lib +ZLIBDEP = $(ZLIBINCDIR)/libz.a +ZLIBLIBS = -lz RSAREFDIR = rsaref2 RSAREFSRCDIR = $(RSAREFDIR)/source @@ -404,7 +409,7 @@ $(CC) -o rfc-pg rfc-pg.o .c.o: - $(CC) -c -I. $(KERBEROS_INCS) -I$(srcdir)/$(GMPDIR) -I$(srcdir)/$(ZLIBDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DSSH_BINDIR=\"$(bindir)\" -DTIS_MAP_FILE=\"$(TIS_MAP_FILE)\" $(CFLAGS) $(X_CFLAGS) $< + $(CC) -c -I. $(KERBEROS_INCS) -I$(srcdir)/$(GMPINCDIR) -I$(srcdir)/$(ZLIBINCDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DSSH_BINDIR=\"$(bindir)\" -DTIS_MAP_FILE=\"$(TIS_MAP_FILE)\" $(CFLAGS) $(X_CFLAGS) $< sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP) -rm -f sshd @@ -447,19 +452,19 @@ sed "s#&PERL&#$(PERL)#" <$(srcdir)/make-ssh-known-hosts.pl >make-ssh-known-hosts chmod +x make-ssh-known-hosts -GMP_COPY_SOURCES = mpz_gcd.c mpz_powm.c mpz_pow_ui.c mpz_add.c mpz_sub.c \ - mpz_mul.c mpz_cmp.c mpz_sqrtrem.c -$(GMPDIR)/libgmp.a: - cd $(GMPDIR); $(MAKE) - -$(ZLIBDEP): - -if test '!' -d $(ZLIBDIR); then \ - mkdir $(ZLIBDIR); \ - cp $(srcdir)/$(ZLIBDIR)/Makefile $(ZLIBDIR); \ - fi - cd $(ZLIBDIR); $(MAKE) VPATH=$(srcdir)/$(ZLIBDIR):../$(srcdir)/$(ZLIBDIR) \ - CC="$(CC)" CFLAGS="$(CFLAGS) -I. -I$(srcdir)/$(ZLIBDIR) \ - -I../$(srcdir)/$(GMPDIR)" RANLIB="$(RANLIB)" libz.a +#GMP_COPY_SOURCES = mpz_gcd.c mpz_powm.c mpz_pow_ui.c mpz_add.c mpz_sub.c \ +# mpz_mul.c mpz_cmp.c mpz_sqrtrem.c +#$(GMPDIR)/libgmp.a: +# cd $(GMPDIR); $(MAKE) +# +#$(ZLIBDEP): +# -if test '!' -d $(ZLIBDIR); then \ +# mkdir $(ZLIBDIR); \ +# cp $(srcdir)/$(ZLIBDIR)/Makefile $(ZLIBDIR); \ +# fi +# cd $(ZLIBDIR); $(MAKE) VPATH=$(srcdir)/$(ZLIBDIR):../$(srcdir)/$(ZLIBDIR) \ +# CC="$(CC)" CFLAGS="$(CFLAGS) -I. -I$(srcdir)/$(ZLIBDIR) \ +# -I../$(srcdir)/$(GMPDIR)" RANLIB="$(RANLIB)" libz.a $(RSAREFSRCDIR)/librsaref.a: -if test '!' -d $(RSAREFDIR); then \ @@ -516,7 +521,7 @@ # (otherwise it can only log in as the user it runs as, and must be # bound to a non-privileged port). Also, password authentication may # not be available if non-root and using shadow passwords. -install: $(PROGRAMS) make-dirs generate-host-key install-configs +install: $(PROGRAMS) make-dirs install-configs -rm -f $(install_prefix)$(bindir)/ssh1.old -chmod 755 $(install_prefix)$(bindir)/ssh1 -chmod 755 $(install_prefix)$(bindir)/ssh @@ -672,15 +677,15 @@ clean: -rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg - cd $(GMPDIR); $(MAKE) clean +# cd $(GMPDIR); $(MAKE) clean # cd $(RSAREFSRCDIR); rm -f *.o *.a - cd $(ZLIBDIR); $(MAKE) clean +# cd $(ZLIBDIR); $(MAKE) clean distclean: clean -rm -f Makefile config.status config.cache config.log config.h -rm -f ssh.1 sshd.8 make-ssh-known-hosts.1 - cd $(GMPDIR); $(MAKE) distclean - cd $(ZLIBDIR); $(MAKE) distclean +# cd $(GMPDIR); $(MAKE) distclean +# cd $(ZLIBDIR); $(MAKE) distclean dist: dist-free @@ -709,12 +714,12 @@ -mkdir $(DISTNAME) cp $(DISTFILES) $(DISTNAME) for i in $(DISTSRCS); do cp $(srcdir)/$$i $(DISTNAME); done - (cd $(GMPDIR); make dist) - gzip -cd $(GMPDIR)/$(GMPDIR).tar.gz | (cd $(DISTNAME); tar pxf - ) +# (cd $(GMPDIR); make dist) +# gzip -cd $(GMPDIR)/$(GMPDIR).tar.gz | (cd $(DISTNAME); tar pxf - ) # tar cf - $(RSAREFDIR) | (cd $(DISTNAME); tar xf -) # cd $(DISTNAME)/$(RSAREFSRCDIR); rm -f *.o *.a - (cd $(srcdir); tar pcf - $(ZLIBDIR) )| (cd $(DISTNAME); tar pxf -) - cd $(DISTNAME)/$(ZLIBDIR); rm -f *.o *.a; rm -rf CVS +# (cd $(srcdir); tar pcf - $(ZLIBDIR) )| (cd $(DISTNAME); tar pxf -) +# cd $(DISTNAME)/$(ZLIBDIR); rm -f *.o *.a; rm -rf CVS #ifdef F_SECURE_COMMERCIAL # @@ -742,7 +747,7 @@ (echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed $(srcdir)/version.h >/dev/null depend: - $(MAKEDEP) -I$(srcdir) -I. -I$(GMPDIR) -I$(ZLIBDIR) $(DEFS) $(SRCS) + $(MAKEDEP) -I$(srcdir) -I. $(DEFS) $(SRCS) tags: -rm -f TAGS
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.02A.9809131243570.343-200000>