From owner-freebsd-ports Sun Feb 21 3:12: 6 1999 Delivered-To: freebsd-ports@freebsd.org Received: from fep1-orange.clear.net.nz (fep1-orange.clear.net.nz [203.97.32.1]) by hub.freebsd.org (Postfix) with ESMTP id 3E7E7112D0; Sun, 21 Feb 1999 03:11:58 -0800 (PST) (envelope-from jabley@buddha.clear.net.nz) Received: from buddha.clear.net.nz (buddha.clear.net.nz [192.168.24.106]) by fep1-orange.clear.net.nz (1.5/1.11) with ESMTP id AAA14130; Mon, 22 Feb 1999 00:11:57 +1300 (NZDT) Received: (from jabley@localhost) by buddha.clear.net.nz (8.9.2/8.9.1) id AAA20550; Mon, 22 Feb 1999 00:11:56 +1300 (NZDT) (envelope-from jabley) Date: Mon, 22 Feb 1999 00:11:56 +1300 (NZDT) Message-Id: <199902211111.AAA20550@buddha.clear.net.nz> To: FreeBSD-gnats-submit@freebsd.org Cc: asami@freebsd.org, freebsd-ports@freebsd.org Subject: USE-SOCKS broken for security/ssh From: jabley@clear.co.nz Reply-To: jabley@clear.co.nz X-send-pr-version: 3.2 Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Submitter-Id: current-users >Originator: Joe Abley >Organization: CLEAR Communications Ltd >Confidential: no >Synopsis: USE_SOCKS=YES option broken for security/ssh >Severity: non-critical >Priority: low >Category: ports >Release: FreeBSD 4.0-CURRENT i386 >Class: sw-bug >Environment: # uname -a FreeBSD buddha.clear.net.nz 4.0-CURRENT FreeBSD 4.0-CURRENT #30: Tue Feb 2 13:14:03 NZDT 1999 root@buddha.clear.net.nz:/usr/src/sys/compile/TIMELORD i386 # ident /usr/ports/security/ssh/Makefile /usr/ports/net/socks5/Makefile /usr/ports/security/ssh/Makefile: $Id: Makefile,v 1.72 1999/01/02 00:12:20 asami Exp $ /usr/ports/net/socks5/Makefile: $Id: Makefile,v 1.23 1999/01/06 04:49:29 imp Exp $ >Description: The autoconf script in ssh, when prompted to check for the socks5 library, compiles a short test program with -L$(PREFIX)/lib -lsocks5, which calls SOCKSconnect. SOCKSconnect does not exist in the shared socks5 library, however. >How-To-Repeat: # cd /usr/ports/security/ssh # make USE_SOCKS=YES >Fix: The static library, $(PREFIX)/lib/libsocks5.a contains the SOCKSconnect symbol. By forcing linking with the static library, ssh compiles socksified just fine. As a bonus, the ssh client is compiled static - surely this is a Good Thing securitywise, if not disk-bloat-wise :) This patch seems to fix the socks5 issue. It also allows ssh to build without socks support - I haven't tried any of the other options. # diff --context Makefile.orig Makefile *** Makefile.orig Thu Feb 18 19:50:57 1999 --- Makefile Mon Feb 22 00:01:54 1999 *************** *** 150,155 **** --- 150,156 ---- # Include SOCKS firewall support .if defined(USE_SOCKS) && ${USE_SOCKS} == YES CONFIGURE_ARGS+= --with-socks="-L${PREFIX}/lib -lsocks5" --with-socks5 + CONFIGURE_ENV+= LDFLAGS=-static .endif .include To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message