Page MenuHomeFreeBSD

ssh: update to 9.8p1 (build infrastructure)
ClosedPublic

Authored by emaste on Feb 10 2025, 8:17 PM.
Tags
None
Referenced Files
F132994075: D48914.id150789.diff
Tue, Oct 21, 9:55 PM
Unknown Object (File)
Fri, Oct 17, 9:51 PM
Unknown Object (File)
Thu, Oct 16, 3:22 AM
Unknown Object (File)
Tue, Oct 14, 1:12 PM
Unknown Object (File)
Mon, Oct 13, 5:46 PM
Unknown Object (File)
Mon, Oct 13, 4:22 PM
Unknown Object (File)
Mon, Oct 13, 11:37 AM
Unknown Object (File)
Mon, Oct 13, 11:27 AM

Details

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

emaste added inline comments.
crypto/openssh/config.h
1765

I'm not yet sure why this changed

1878

And not sure why this changed

secure/libexec/sshd-session/Makefile
6–19

This is very close to the original sshd SRCS.

27–29

This should be removed

35–36

Oops, accidentally commented these out -- I believe that sshd-session (and sshd previously) do not require ldns to link.

Will take a second look (more closely) tomorrow.
Nice!

crypto/openssh/config.h
1765
1878

Not sure why, but it should be const.

emaste added inline comments.
crypto/openssh/config.h
1878

from config.log:

configure:18735: checking whether snprintf can declare const char *fmt
configure:18753: cc -c -g -O2 -pipe -Wunknown-warning-option -Wno-error=format-truncation -Qunused-arguments -Wall -Wextra -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-parameter -Wno-unused-result -Wmisleading-indentation -Wbitwise-instead-of-logical -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fzero-call-used-regs=used -ftrivial-auto-var-init=zero -mretpoline -fno-builtin-memset -fstack-protector-strong  conftest.c >&5
conftest.c:256:5: error: expected identifier or '('
  256 | int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
      |     ^
/usr/include/ssp/stdio.h:88:33: note: expanded from macro 'snprintf'
   88 | #define snprintf(str, len, ...) __extension__ ({        \
      |                                 ^
1 error generated.

CC @kevans in case he has any insight

crypto/openssh/config.h
1878

Hmm, that's not great. They check hardening flags early on and add -D_FORTIFY_SOURCE=2 in there before running other tests, apparently, but we left a bunch of these as inline macros to diverge not-so-much from NetBSD.

crypto/openssh/config.h
1878

Nothing like first hand insight.
I just const'ified :

const char *_ssp_str = (str);

In include/ssp/stdio.h, and works as expected. Not seeing this bit on NetBSD. Maybe I'm missing something. I'll continue tomorrow, thank you!

crypto/openssh/config.h
1878

That shouldn't actually fix this specific problem, but it's probably a good change to make anyways; feel free to slap a Reviewed-by: kevans on it and push it forward if the installed header passes the tests in lib/libc/tests/secure, though I imagnie we have a few other candidates that one could sneak in at the same time.

The build error is from trying to expand the macro in the middle of a declaration, though. Maybe I was wrong about how their configure script works and emaste has some CFLAG pollution that got in there?

crypto/openssh/config.h
1878

But this is snprintf's output string, no?

crypto/openssh/config.h
1765

Split that out into D48942

1878

In any case I'll manually patch config.h to keep the const, for now.

This revision was not accepted when it landed; it landed in state Needs Review.Feb 22 2025, 5:33 PM
This revision was automatically updated to reflect the committed changes.