search for: retpolineplt

...those flags, so my guess > is that something is added later in configure that causes it to fail. > I suggest looking at config.log to see what the actaul compiler > messages are from these parts: > > OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang > OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt]) > > and the actual compiler output show up in config.log. > > I wrote and tested this patch against the development versions of gcc > and clang which was all that was available at the time, it's possible > the released versions don't behave quite the same. here's...

One difference I notice is that in your failing example you are invoking /usr/bin/ld directly to link: /usr/bin/ld -o ssh ssh.o readconf.o clientloop.o sshtty.o sshconnect.o sshconnect2.o mux.o -L. -Lopenbsd-compat/ -Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie -lssh -lopenbsd-compat -lutil -lz -lcrypt -lresolv whereas my example is invoking via gcc. I assume you are explicitly setting the LD env var? To narrow this down I suggest: a) take the failing link command line and delet...

Also what exact distro and version are you having the problem on and what version of ld does it have? Mine is $ ld --version GNU ld version 2.29.1-23.fc28 -- Darren Tucker (dtucker at dtucker.net) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.

...memaccess -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing -mfunction-return=thunk -mindirect-branch=thunk -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE Preprocessor flags: -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE Linker flags: -Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie Libraries: -lutil -lz -lcrypt -lresolv reports no errors. build, make V=1 ... a - platform-tracing.o a - platform-misc.o ranlib libssh.a /usr/bin/gcc-8 -g -O2 -pipe -Wall -Wpointer-arith -Wuninitiali...

On 8 June 2018 at 12:09, PGNet Dev <pgnet.dev at gmail.com> wrote: [...] > /usr/bin/ld -o ssh ssh.o readconf.o clientloop.o sshtty.o sshconnect.o sshconnect2.o mux.o -L. -Lopenbsd-compat/ -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie -lssh -lopenbsd-compat -lutil -lz -lcrypt -lresolv > /usr/bin/ld: unrecognized option

On 6/7/18 8:37 PM, Darren Tucker wrote: > On 8 June 2018 at 12:21, Darren Tucker <dtucker at dtucker.net> wrote: >> On 8 June 2018 at 12:09, PGNet Dev <pgnet.dev at gmail.com> wrote: >> [...] >>> /usr/bin/ld -o ssh ssh.o readconf.o clientloop.o sshtty.o sshconnect.o sshconnect2.o mux.o -L. -Lopenbsd-compat/ -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack

On 8 June 2018 at 11:21, PGNet Dev <pgnet.dev at gmail.com> wrote: > fyi > > add'l -- and looks unrelated -- issue > /usr/include/pthread.h:251:12: note: previous declaration of ?pthread_join? was here > extern int pthread_join (pthread_t __th, void **__thread_return); What included pthread.h? That's explicitly not supported by sshd: $ grep THREAD

On 8 June 2018 at 10:52, PGNet Dev <pgnet.dev at gmail.com> wrote: [...] > So, there's a problem for OpenSSH build with spec'ing LD=/usr/bin/ld ? in this particular case, apparently yes. not generally, though. [...] > What's *intended* re: openssh? Support for LD=ld or only =gcc, or undef'd ? Well the intent is you should be able to set CC and LD to whatever you

On Thu, Jun 07, 2018 at 06:14:42PM -0700, PGNet Dev wrote: > On 6/7/18 6:08 PM, Darren Tucker wrote: > > Well the intent is you should be able to set CC and LD to whatever you > > want as long as they work. In this case, the OSSH_CHECK_LDFLAG_LINK > > test invokes autoconf's AC_LINK_IFELSE with uses CC not LD. I'm not > > sure what to do about it yet though. I

...ILE([-fno-strict-aliasing]) if test "x$use_toolchain_hardening" = "x1"; then + OSSH_CHECK_CFLAG_COMPILE([-mfunction-return=thunk]) # gcc + OSSH_CHECK_CFLAG_COMPILE([-mindirect-branch=thunk]) # gcc + OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang + OSSH_CHECK_CFLAG_LINK([-z retpolineplt]) # clang OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) -- Darren Tucker (dtucker at dtucker.net) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experienc...

...currently not useful to us: $ clang --version clang version 10.0.0 (Fedora 10.0.0-1.fc32) $ CC=clang ../../configure [...] checking if clang supports compile flag -Wunused-result... yes checking if clang supports compile flag -Wimplicit-fallthrough... no checking if clang supports link flag -Wl,-z,retpolineplt... no Can anyone suggest a better solution? Annotating these points with a FALLTHROUGH macro would make more work keeping the code in sync and so is currently a non-starter. diff --git a/aclocal.m4 b/aclocal.m4 index 25ecc49a..fca940dd 100644 --- a/aclocal.m4 +++ b/aclocal.m4 @@ -21,6 +21,11 @@...

https://bugzilla.mindrot.org/show_bug.cgi?id=3668 Bug ID: 3668 Summary: OpenSSL version header not found Product: Portable OpenSSH Version: 9.6p1 Hardware: ix86 OS: Linux Status: NEW Severity: normal Priority: P5 Component: Build system Assignee: unassigned-bugs at mindrot.org