Re: Bug#531942: FTBFS on mipsel due to missing -fPIC
On Sat, Jun 13, 2009 at 11:59:10AM +0200, Luk Claes wrote:
> Colin Watson wrote:
> > On Fri, Jun 05, 2009 at 10:34:36PM +0200, Luk Claes wrote:
> >> Colin Watson wrote:
> >>> On Fri, Jun 05, 2009 at 08:11:43AM +0200, Luk Claes wrote:
> >>>> mips and mipsel do now also need the -fPIC compilation flag to make
> >>>> sure shared objects only contain position independent code.
> >>> It surprises me that -fPIE doesn't imply this. Anyway, I've committed a
> >>> fix, thanks.
> >> Apparently this does not fix it :-(
> >> Maybe it's a mips* specific binutils issue?
> > The build log
> > (https://buildd.debian.org/fetch.cgi?pkg=openssh;ver=1%3A5.1p1-6;arch=mips;stamp=1244203115)
> > says (reordering slightly to eliminate 'make -j' confusion):
> > gcc -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o sshpty.o sshlogin.o servconf.o serverloop.o auth.o auth1.o auth2.o auth-options.o session.o auth-chall.o auth2-chall.o groupaccess.o auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o auth-krb5.o auth2-gss.o gss-serv.o gss-serv-krb5.o kexgsss.o loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o audit.o audit-bsm.o platform.o sftp-server.o sftp-common.o -L. -Lopenbsd-compat/ -fPIC -fPIE -pie -lssh -lopenbsd-compat -lwrap -lpam -ldl -lselinux -lresolv -lcrypto -lutil -lz -lnsl -lcrypt -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wno-pointer-sign -Wformat-security -fno-builtin-memset -std=gnu99 -O2 -fPIC -fPIE -DLOGIN_PROGRAM="/bin/login" -DLOGIN_NO_ENDOPT -DSSH_EXTRAVERSION="Debian-6" -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err
> > /usr/bin/ld: non-dynamic relocations refer to dynamic symbol deny_severity
> > /usr/bin/ld: failed to set dynamic section sizes: Bad value
> > collect2: ld returned 1 exit status
> > make: *** [sshd] Error 1
> > deny_severity is a symbol defined in sshd.c, but it's there for the
> > benefit of libwrap. If I'm reading the warning correctly, it's
> > complaining that libwrap is "non-dynamic".
> > libwrap is currently built with -fpic. Perhaps it needs to be built with
> > -fPIC instead? Luk, would it be possible for you to try this out
> > experimentally and see if it makes a difference?
> I'm going to Cc the mips list as I have currently no mips or mipsel
> machine ready to install a recompiled libwrap0-dev (and libwrap0) from
> tcp-wrappers (with -FPIC in debian/patches/13_shlib_weaksym instead of
> -fpic) as build dependency of openssh.
> So can anyone rebuild tcp-wrappers on mips or mipsel as described above
> and use that to compile openssh to test if it builds successfully?
On mips, -fpic and -fPIC should be the same, and this is confirmed by
tests this does not change the result.
The problem actually has nothing to do with -fpic, it is due to the fact
that deny_severity is exported by libwrap0, while being redeclared in
in sshd.c. In <tcpd.h> it is defined as (debian specific change)
| #ifdef HAVE_WEAKSYMS
| extern int allow_severity __attribute__ ((weak)); /* for connection logging */
| extern int deny_severity __attribute__ ((weak)); /* for connection logging */
| extern int allow_severity; /* for connection logging */
| extern int deny_severity; /* for connection logging */
When <tcpd.h> is included from inside of tcp-wrappers, HAVE_WEAKSYMS is
not defined. When included from sshd.c it is not, so the non-weak
declaration of allow_severity and deny_severity is used.
A quick workaround is to #define HAVE_WEAKSYMS before including
Aurelien Jarno GPG: 1024D/F1BCDB73