Displaying 20 results from an estimated 200 matches similar to: "additional compiler hardening flags"
2012 Dec 21
2
more compiler safety flags
Anyone see any reason not to add these extra compiler/linker flags if
they're supported?
Index: aclocal.m4
===================================================================
RCS file: /home/dtucker/openssh/cvs/openssh/aclocal.m4,v
retrieving revision 1.8
diff -u -p -r1.8 aclocal.m4
--- aclocal.m4 20 May 2011 01:45:25 -0000 1.8
+++ aclocal.m4 17 Dec 2012 03:56:32 -0000
@@ -21,6 +21,23 @@
2018 Jun 07
2
vanilla build of 7.7p1 release on linux/4.17 fails with gcc8 @ "/usr/bin/ld: unrecognized option '-Wl,-z,retpolineplt'"
hi
On 6/7/18 4:03 PM, Darren Tucker wrote:
> On 8 June 2018 at 07:09, PGNet Dev <pgnet.dev at gmail.com> wrote:
>> Verifying a report I just got pinged about, building vanilla openssh 7.7p1 on linux configures ok, but fails build around 'retpoline'
> [...]
>> Should the retpoline flag be getting added? If so, what's needed to make LD happy with it?
>
>
2018 Jun 07
2
vanilla build of 7.7p1 release on linux/4.17 fails with gcc8 @ "/usr/bin/ld: unrecognized option '-Wl,-z,retpolineplt'"
Verifying a report I just got pinged about, building vanilla openssh 7.7p1 on linux configures ok, but fails build around 'retpoline'
I've started looking through recent reports; haven't _yet_ found anything similar.
While I continue, is any of the following familiar/expected? Either known bug/issue or env conflict?
The current env includes supposedly retpoline-ready GCC 8.1.1,
2018 Jun 08
4
vanilla build of 7.7p1 release on linux/4.17 fails with gcc8 @ "/usr/bin/ld: unrecognized option '-Wl,-z,retpolineplt'"
On 8 June 2018 at 10:52, PGNet Dev <pgnet.dev at gmail.com> wrote:
[...]
> So, there's a problem for OpenSSH build with spec'ing LD=/usr/bin/ld ?
in this particular case, apparently yes. not generally, though.
[...]
> What's *intended* re: openssh? Support for LD=ld or only =gcc, or undef'd ?
Well the intent is you should be able to set CC and LD to whatever you
2018 Feb 05
2
add Spectre variant 2 mitigations
Hi.
Both GCC and clang are adding mitigations for Spectre variant 2 although
neither have yet made a release and neither are on by default.
After trolling through and building release candidate branches for both
I believe this is what is required for the ssh programs (although all
the dependent libraries will also need to be built with mitigations, and
I suspect libcrypto is a more likely
2018 Jun 08
2
vanilla build of 7.7p1 release on linux/4.17 fails with gcc8 @ "/usr/bin/ld: unrecognized option '-Wl,-z,retpolineplt'"
On Thu, Jun 07, 2018 at 06:14:42PM -0700, PGNet Dev wrote:
> On 6/7/18 6:08 PM, Darren Tucker wrote:
> > Well the intent is you should be able to set CC and LD to whatever you
> > want as long as they work. In this case, the OSSH_CHECK_LDFLAG_LINK
> > test invokes autoconf's AC_LINK_IFELSE with uses CC not LD. I'm not
> > sure what to do about it yet though.
I
2018 Sep 26
4
Concerns about enabling retpolines by default
We recently discovered that our OpenSSH distribution binaries contain
retpoline thunks. It's due to this
OSSH_CHECK_CFLAG_COMPILE([-mfunction-return=thunk]) # gcc
OSSH_CHECK_CFLAG_COMPILE([-mindirect-branch=thunk]) # gcc
This was quite surprising because at least the GNU/Linux userspace has
no provisions for retpolines. You also fail to enable -fno-plt, so you
need
2013 Jan 18
0
Inconsisten declaration of ssh_aes_ctr_iv() (fwd)
---------- Forwarded message ----------
Date: Fri, 18 Jan 2013 10:19:35 +1100 (EST)
From: Damien Miller <djm at mindrot.org>
To: Iain Morgan <Iain.Morgan at nasa.gov>
Subject: Re: Inconsisten declaration of ssh_aes_ctr_iv()
On Thu, 17 Jan 2013, Iain Morgan wrote:
> > Could you tell me the declaration of the function pointer do_cipher in
> > OpenSSL's evp.h on your
2016 Jan 19
2
OpenSSH portability & buildsystem fixes
Hi,
I recently ported OpenSSH to my hobbyist operating system. The portable
release is very straightforward to work with, but it had a few minor
issues where it assumes the existence of things that might not be on a
POSIX 2008 system. This are the list of issues I encountered that I
believe makes sense to upstream.
* <sys/param.h> is included in many files and isn't a standard
2016 May 29
3
[Bug 2574] New: configure: line 5805: syntax error near unexpected token `-Qunused-arguments'
https://bugzilla.mindrot.org/show_bug.cgi?id=2574
Bug ID: 2574
Summary: configure: line 5805: syntax error near unexpected
token `-Qunused-arguments'
Product: Portable OpenSSH
Version: 7.2p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: critical
Priority: P5
2023 Oct 19
12
[Bug 3629] New: Building with Clang-17 fails due to -fzero-call-used-regs
https://bugzilla.mindrot.org/show_bug.cgi?id=3629
Bug ID: 3629
Summary: Building with Clang-17 fails due to
-fzero-call-used-regs
Product: Portable OpenSSH
Version: 9.5p1
Hardware: amd64
OS: Mac OS X
Status: NEW
Severity: critical
Priority: P5
Component: Build system
2018 Apr 12
4
OpenSSH 7.7 t1 script breakage
After getting OpenSSH 7.7 to build :), the initial test fails as follows:
test_kex:
............................................................................
............................................................................
............................................................................
............................................................................
2015 Feb 28
3
SAP-2015-3-1 issues
BSD/OS issues
with 1.0.2a dev
make tests
[ -d `pwd`/regress ] || mkdir -p `pwd`/regress
[ -d `pwd`/regress/unittests ] || mkdir -p `pwd`/regress/unittests
[ -d `pwd`/regress/unittests/test_helper ] || mkdir -p `pwd`/regress/unittests/test_helper
[ -d `pwd`/regress/unittests/sshbuf ] || mkdir -p `pwd`/regress/unittests/sshbuf
[ -d `pwd`/regress/unittests/sshkey ] || mkdir -p
2001 Feb 16
7
OpenSSH 2.5.0p1
Known issues:
1) Linux 'sleep 20' -- Unfixable before 2.5.0 (known work around)
2) HP/UX signal issue -- Patched and HP/UX 11 works in v2
3) SCO 2/ Native Compiler -- Unfixable before 2.5.0 (known work around)
4) NeXTStep -- Resynced, MAX_GROUPS vs NGROUPS unresolved (not major)
5) DG/UX regcomp/regexec -- Fixed.
6) Cray signal issues -- ???
7) Solaris '$PATH' issue -- ??
2018 Jun 08
3
vanilla build of 7.7p1 release on linux/4.17 fails with gcc8 @ "/usr/bin/ld: unrecognized option '-Wl,-z,retpolineplt'"
One difference I notice is that in your failing example you are
invoking /usr/bin/ld directly to link:
/usr/bin/ld -o ssh ssh.o readconf.o clientloop.o
sshtty.o sshconnect.o sshconnect2.o mux.o -L. -Lopenbsd-compat/
-Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack
-fstack-protector-strong -pie -lssh -lopenbsd-compat -lutil -lz
-lcrypt -lresolv
whereas my example is
2016 Feb 09
2
Test Failure OpenSSH 7.1 P2 on HPE NSE for integrity
Thread split from my previous communication. Here is the integrity logs on
the platform. I had to cut this should due to the length of the logs (5Mb).
***************** failed-regress.log ************
trace: test integrity: hmac-sha1 @2900
FAIL: unexpected error mac hmac-sha1 at 2900: Bytes per second: sent
65665.7, received 55994.0.
trace: test integrity: hmac-sha1 @2901
FAIL:
2010 Apr 10
0
[LLVMdev] darwin dragon-egg build issues
Hi Jack,
> Is anyone building dragon-egg on darwin?
Anton built it once. There were some problems with dynamic libraries: gcc's
plugin support requires the use of dynamic libraries, and the configure logic
it uses thinks that darwin does not support dynamic libraries! So it is
possible that plugin support was automatically disabled because of this. Try
configuring with
2010 May 27
3
[Bug 1772] New: There are some strict-aliasing warnings during the compillation
https://bugzilla.mindrot.org/show_bug.cgi?id=1772
Summary: There are some strict-aliasing warnings during the
compillation
Product: Portable OpenSSH
Version: 5.5p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Build system
AssignedTo:
2000 Aug 15
0
[PATCH]: Port to Mac OS X/Darwin, misc
Below I've includes a patch which helps build OpenSSH outside from a
read-only source tree, find OpenSSL on Mac OS X, and fix a typo.
This applies to OpenSSH 2.1.1p4.
You should already have gotten a note from Melissa O'Neil about a
conflict with the crc32() symbol in zlib, which was causing a crash on
Darwin.
I've noticed another bug. If ssh is setuid, I get a permission
2013 Feb 26
16
Call for testing: OpenSSH-6.2
Hi,
It's that time again...
OpenSSH 6.2 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This release contains
some substantial new features and a number of bugfixes.
Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/
The OpenBSD version is available in CVS HEAD: