Re: CLANG 3.2 breaks security/pam_ssh_agent_auth on stable/9
On 3 February 2013 03:55, Kimmo Paasiala kpaas...@gmail.com wrote: On Sun, Feb 3, 2013 at 4:06 AM, Mark Linimon lini...@lonesome.com wrote: On Fri, Feb 01, 2013 at 11:53:03AM -0600, Brooks Davis wrote: I'm not sure why I'm being jumped on in this weeks old report of a now-fixed problem. I'm sorry, I'm that far behind in email. I did not realize the problem had already been solved. More often than not the problem is simply thrown over the fence for the ports team to deal with. mcl There is no PR yet with my fix and therefor no commit to ports tree that would fix the problem. I'll file a PR soon (TM). The problem was in base, and is fixed there. Chris ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: CLANG 3.2 breaks security/pam_ssh_agent_auth on stable/9
On Sun, Feb 3, 2013 at 11:57 AM, Chris Rees cr...@freebsd.org wrote: On 3 February 2013 03:55, Kimmo Paasiala kpaas...@gmail.com wrote: On Sun, Feb 3, 2013 at 4:06 AM, Mark Linimon lini...@lonesome.com wrote: On Fri, Feb 01, 2013 at 11:53:03AM -0600, Brooks Davis wrote: I'm not sure why I'm being jumped on in this weeks old report of a now-fixed problem. I'm sorry, I'm that far behind in email. I did not realize the problem had already been solved. More often than not the problem is simply thrown over the fence for the ports team to deal with. mcl There is no PR yet with my fix and therefor no commit to ports tree that would fix the problem. I'll file a PR soon (TM). The problem was in base, and is fixed there. Chris I missed that fix if it was posted here, can someone point me to the commit that fixed the issue? -Kimmo ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: CLANG 3.2 breaks security/pam_ssh_agent_auth on stable/9
Am 03.02.2013 um 10:57 schrieb Chris Rees cr...@freebsd.org: On 3 February 2013 03:55, Kimmo Paasiala kpaas...@gmail.com wrote: There is no PR yet with my fix and therefor no commit to ports tree that would fix the problem. I'll file a PR soon (TM). The problem was in base, and is fixed there. Huh? With -current r246283, I still get a segfault from sudo unless I have Kimmo's patch. Is there some confusion about which problem is addressed by Kimmo's patch? Stefan -- Stefan Bethke s...@lassitu.de Fon +49 151 14070811 ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: CLANG 3.2 breaks security/pam_ssh_agent_auth on stable/9
On 3 February 2013 17:15, Stefan Bethke s...@lassitu.de wrote: Am 03.02.2013 um 10:57 schrieb Chris Rees cr...@freebsd.org: On 3 February 2013 03:55, Kimmo Paasiala kpaas...@gmail.com wrote: There is no PR yet with my fix and therefor no commit to ports tree that would fix the problem. I'll file a PR soon (TM). The problem was in base, and is fixed there. Huh? With -current r246283, I still get a segfault from sudo unless I have Kimmo's patch. Is there some confusion about which problem is addressed by Kimmo's patch? Hm, perhaps it might be necessary then. Kimmo, please would you submit the patch you had as a PR? I'm sure Wesley would appreciate the hint. Chris ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: CLANG 3.2 breaks security/pam_ssh_agent_auth on stable/9
Am 30.01.2013 um 07:21 schrieb Kimmo Paasiala kpaas...@gmail.com: On Wed, Jan 30, 2013 at 7:27 AM, James ja...@hicag.org wrote: I was able to correct the problem as well by prefixing strnvis, avoiding the symbol collision. I also found PR: ports/172941 which also has a fix. Using my patch or the patch in ports/172941 fixes the segfault for me in stable/9. However, I quickly ran into another problem. I can't remember the error message exactly, it was something like Unable to initialize PAM: Unknown file descriptor. A ktrace didn't reveal anything obvious. I'll try to test it out tomorrow. -- James. Try the attached patch. Just drop it into /usr/ports/security/pam_ssh_agent_auth/files directory and recompile. This will make the port use the system strnvis() with correctly ordered arguments if one is available (HAVE_STRNVIS defined) and an _openbsd suffixed version if not. -Kimmo patch-strnvis.txt Working great for me! Is this on any committers radar? I don't see a PR for it. Stefan -- Stefan Bethke s...@lassitu.de Fon +49 151 14070811 ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: CLANG 3.2 breaks security/pam_ssh_agent_auth on stable/9
On Fri, Feb 01, 2013 at 11:53:03AM -0600, Brooks Davis wrote: I'm not sure why I'm being jumped on in this weeks old report of a now-fixed problem. I'm sorry, I'm that far behind in email. I did not realize the problem had already been solved. More often than not the problem is simply thrown over the fence for the ports team to deal with. mcl ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: CLANG 3.2 breaks security/pam_ssh_agent_auth on stable/9
On Sun, Feb 3, 2013 at 4:06 AM, Mark Linimon lini...@lonesome.com wrote: On Fri, Feb 01, 2013 at 11:53:03AM -0600, Brooks Davis wrote: I'm not sure why I'm being jumped on in this weeks old report of a now-fixed problem. I'm sorry, I'm that far behind in email. I did not realize the problem had already been solved. More often than not the problem is simply thrown over the fence for the ports team to deal with. mcl There is no PR yet with my fix and therefor no commit to ports tree that would fix the problem. I'll file a PR soon (TM). -Kimmo ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: CLANG 3.2 breaks security/pam_ssh_agent_auth on stable/9
On Thu, Jan 31, 2013 at 10:22:44PM -0600, Mark Linimon wrote: On Thu, Jan 17, 2013 at 09:15:02AM -0600, Brooks Davis wrote: Not unless you consider adding new functions in a reserved namespace (str*) to be ABI breakage. Well, what often happens is that when we add new functions, ports break. I think deciding whether this is or is not ABI breakage is semantics. The fact is that regressions get introduced with these types of changes. The port should have continued to work unless it was recompiled so it should have preferred it's own version of the strnvis symbol. If its makefiles were properly constructed it would have failed to compile due to the signature mismatch. The mantra should be every possible combination of ways that a port's internal build glue can be wrong, is already included in the Ports Collection. In case after case we see fragile code that is written by people who are clearly not professionally trained. They get it to work on their system and then shove it out the door. Claiming that they shouldn't do that is correct but self-defeating. It's just the reality of open-source software. I'm not sure why I'm being jumped on me in this weeks old report of a now-fixed problem. I did determine to root cause and others produced a patch. If no one else had stepped up I would have done so my self. IMHO, the burden should be on whoever makes the change to find out whether or not regressions will be introduced. (And yes, I am very aware that we don't have -exp run capability right now, but this is one of the cases where I would like to suggest it would have helped.) I would likely have done an exp run had there been the capability of doing one, but this bug would not have been found since it's a runtime crash caused by a combination of two different BSD projects not talking to each other and poorly chosen CFLAGS in the upstream software allowing it to compile. One could probably write a tool to detect some forms this sort of issue (even premptively), but it's probably not worth doing. -- Brooks pgpSXZsGprvjG.pgp Description: PGP signature
Re: CLANG 3.2 breaks security/pam_ssh_agent_auth on stable/9
On Thu, Jan 17, 2013 at 09:15:02AM -0600, Brooks Davis wrote: Not unless you consider adding new functions in a reserved namespace (str*) to be ABI breakage. Well, what often happens is that when we add new functions, ports break. I think deciding whether this is or is not ABI breakage is semantics. The fact is that regressions get introduced with these types of changes. The port should have continued to work unless it was recompiled so it should have preferred it's own version of the strnvis symbol. If its makefiles were properly constructed it would have failed to compile due to the signature mismatch. The mantra should be every possible combination of ways that a port's internal build glue can be wrong, is already included in the Ports Collection. In case after case we see fragile code that is written by people who are clearly not professionally trained. They get it to work on their system and then shove it out the door. Claiming that they shouldn't do that is correct but self-defeating. It's just the reality of open-source software. IMHO, the burden should be on whoever makes the change to find out whether or not regressions will be introduced. (And yes, I am very aware that we don't have -exp run capability right now, but this is one of the cases where I would like to suggest it would have helped.) mcl ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: CLANG 3.2 breaks security/pam_ssh_agent_auth on stable/9
Hi Kimmo. Thanks for this. Your patch works great in stable/9. -- James. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: CLANG 3.2 breaks security/pam_ssh_agent_auth on stable/9
On 1/30/2013 1:21 AM, Kimmo Paasiala wrote: On Wed, Jan 30, 2013 at 7:27 AM, James ja...@hicag.org wrote: I was able to correct the problem as well by prefixing strnvis, avoiding the symbol collision. I also found PR: ports/172941 which also has a fix. Using my patch or the patch in ports/172941 fixes the segfault for me in stable/9. However, I quickly ran into another problem. I can't remember the error message exactly, it was something like Unable to initialize PAM: Unknown file descriptor. A ktrace didn't reveal anything obvious. I'll try to test it out tomorrow. -- James. Try the attached patch. Just drop it into /usr/ports/security/pam_ssh_agent_auth/files directory and recompile. Thanks very much! This does fix it for me too! ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: CLANG 3.2 breaks security/pam_ssh_agent_auth on stable/9
On 1/17/2013 4:35 PM, Kimmo Paasiala wrote: On Thu, Jan 17, 2013 at 5:15 PM, Dimitry Andric d...@freebsd.org wrote: On 2013-01-17 14:07, Kimmo Paasiala wrote: On Thu, Jan 17, 2013 at 2:11 AM, Brooks Davis bro...@freebsd.org wrote: ... Please try the following patch, which tells configure that HAVE_STRNVIS is always false. I think this is the easiest way, unless we really want the port to use our own strnvis. This will still leave the exported symbol in the plugin binary with the name strnvis. What would be needed is renaming of the function to something else, like pam_ssh_agent_auth_strnvis(), maybe using a macro #define strnvis pam_ssh_agent_auth_strnvis somewhere. I can try my hand on coming up with a fix but its going to take some time, the source code of the plugin and not to mention the configure script look quite hairy. Hi, Just wondering if anyone ever came up with a patch / work around to this ? ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: CLANG 3.2 breaks security/pam_ssh_agent_auth on stable/9
On Tue, Jan 29, 2013 at 9:08 PM, Mike Tancsa m...@sentex.net wrote: On 1/17/2013 4:35 PM, Kimmo Paasiala wrote: On Thu, Jan 17, 2013 at 5:15 PM, Dimitry Andric d...@freebsd.org wrote: On 2013-01-17 14:07, Kimmo Paasiala wrote: On Thu, Jan 17, 2013 at 2:11 AM, Brooks Davis bro...@freebsd.org wrote: ... Please try the following patch, which tells configure that HAVE_STRNVIS is always false. I think this is the easiest way, unless we really want the port to use our own strnvis. This will still leave the exported symbol in the plugin binary with the name strnvis. What would be needed is renaming of the function to something else, like pam_ssh_agent_auth_strnvis(), maybe using a macro #define strnvis pam_ssh_agent_auth_strnvis somewhere. I can try my hand on coming up with a fix but its going to take some time, the source code of the plugin and not to mention the configure script look quite hairy. Hi, Just wondering if anyone ever came up with a patch / work around to this ? ---Mike -- Hi, Yes I did in fact but it's a really quick and dirty hack. I renamed the openbsd strnvis to strnvis_local so the symbol in plugin binary won't conflict with strnvis from libc. I'll have to see if I can clean it up and submit a PR with a diff. -Kimmo ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: CLANG 3.2 breaks security/pam_ssh_agent_auth on stable/9
I was able to correct the problem as well by prefixing strnvis, avoiding the symbol collision. I also found PR: ports/172941 which also has a fix. Using my patch or the patch in ports/172941 fixes the segfault for me in stable/9. However, I quickly ran into another problem. I can't remember the error message exactly, it was something like Unable to initialize PAM: Unknown file descriptor. A ktrace didn't reveal anything obvious. I'll try to test it out tomorrow. -- James. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: CLANG 3.2 breaks security/pam_ssh_agent_auth on stable/9
On Wed, Jan 30, 2013 at 7:27 AM, James ja...@hicag.org wrote: I was able to correct the problem as well by prefixing strnvis, avoiding the symbol collision. I also found PR: ports/172941 which also has a fix. Using my patch or the patch in ports/172941 fixes the segfault for me in stable/9. However, I quickly ran into another problem. I can't remember the error message exactly, it was something like Unable to initialize PAM: Unknown file descriptor. A ktrace didn't reveal anything obvious. I'll try to test it out tomorrow. -- James. Try the attached patch. Just drop it into /usr/ports/security/pam_ssh_agent_auth/files directory and recompile. This will make the port use the system strnvis() with correctly ordered arguments if one is available (HAVE_STRNVIS defined) and an _openbsd suffixed version if not. -Kimmo --- ../../../pam_ssh_agent_auth/work/pam_ssh_agent_auth-0.9.3/openbsd-compat/vis.h 2009-01-05 09:31:07.0 +0200 +++ openbsd-compat/vis.h2013-01-30 07:13:19.782431257 +0200 @@ -79,15 +79,16 @@ */ #defineUNVIS_END 1 /* no more characters */ -char *vis(char *, int, int, int); -intstrvis(char *, const char *, int); -intstrnvis(char *, const char *, size_t, int) + +char *vis_openbsd(char *, int, int, int); +intstrvis_openbsd(char *, const char *, int); +intstrnvis_openbsd(char *, const char *, size_t, int) __attribute__ ((__bounded__(__string__,1,3))); -intstrvisx(char *, const char *, size_t, int) +intstrvisx_openbsd(char *, const char *, size_t, int) __attribute__ ((__bounded__(__string__,1,3))); -intstrunvis(char *, const char *); -intunvis(char *, char, int *, int); -ssize_t strnunvis(char *, const char *, size_t) +intstrunvis_openbsd(char *, const char *); +intunvis_openbsd(char *, char, int *, int); +ssize_t strnunvis_openbsd(char *, const char *, size_t) __attribute__ ((__bounded__(__string__,1,3))); #endif /* !_VIS_H_ */ --- ../../../pam_ssh_agent_auth/work/pam_ssh_agent_auth-0.9.3/log.c 2013-01-30 07:09:24.325405879 +0200 +++ log.c 2013-01-30 07:14:13.708422511 +0200 @@ -360,9 +360,13 @@ snprintf(fmtbuf, sizeof(fmtbuf), %s: %s, preface, fmt); vsnprintf(msgbuf, sizeof(msgbuf), fmtbuf, args); } - - strnvis(fmtbuf, msgbuf, sizeof(fmtbuf), +#if defined (HAVE_STRNVIS) + strnvis(fmtbuf, sizeof(fmtbuf), msgbuf, + log_on_stderr ? LOG_STDERR_VIS : LOG_SYSLOG_VIS); +#else + strnvis_openbsd(fmtbuf, msgbuf, sizeof(fmtbuf), log_on_stderr ? LOG_STDERR_VIS : LOG_SYSLOG_VIS); +#endif if(level == SYSLOG_LEVEL_FATAL) { snprintf(msgbuf, sizeof msgbuf, %s\r\nThis incident has been reported to the authorities\r\n, fmtbuf); --- ../../../pam_ssh_agent_auth/work/pam_ssh_agent_auth-0.9.3/openbsd-compat/vis.c 2009-01-05 09:31:07.0 +0200 +++ openbsd-compat/vis.c2013-01-30 07:31:50.516441571 +0200 @@ -54,7 +54,7 @@ * vis - visually encode characters */ char * -vis(char *dst, int c, int flag, int nextc) +vis_openbsd(char *dst, int c, int flag, int nextc) { if (isvisible(c)) { *dst++ = c; @@ -151,19 +151,19 @@ * This is useful for encoding a block of data. */ int -strvis(char *dst, const char *src, int flag) +strvis_openbsd(char *dst, const char *src, int flag) { char c; char *start; for (start = dst; (c = *src);) - dst = vis(dst, c, flag, *++src); + dst = vis_openbsd(dst, c, flag, *++src); *dst = '\0'; return (dst - start); } int -strnvis(char *dst, const char *src, size_t siz, int flag) +strnvis_openbsd(char *dst, const char *src, size_t siz, int flag) { char *start, *end; char tbuf[5]; @@ -186,7 +186,7 @@ } src++; } else { - i = vis(tbuf, c, flag, *++src) - tbuf; + i = vis_openbsd(tbuf, c, flag, *++src) - tbuf; if (dst + i = end) { memcpy(dst, tbuf, i); dst += i; @@ -201,23 +201,23 @@ if (dst + i end) { /* adjust return value for truncation */ while ((c = *src)) - dst += vis(tbuf, c, flag, *++src) - tbuf; + dst += vis_openbsd(tbuf, c, flag, *++src) - tbuf; } return (dst - start); } int -strvisx(char *dst, const char *src, size_t len, int flag) +strvisx_openbsd(char *dst, const char *src, size_t len, int flag) { char c; char *start; for (start = dst; len 1; len--) { c = *src; - dst = vis(dst, c, flag, *++src); + dst = vis_openbsd(dst, c, flag, *++src); } if (len) - dst = vis(dst, *src, flag, '\0'); +
Re: CLANG 3.2 breaks security/pam_ssh_agent_auth on stable/9
On Thu, Jan 17, 2013 at 2:11 AM, Brooks Davis bro...@freebsd.org wrote: On Wed, Jan 16, 2013 at 08:01:00PM +0200, Kimmo Paasiala wrote: On Wed, Jan 16, 2013 at 6:15 PM, Dimitry Andric d...@freebsd.org wrote: On 2013-01-16 13:05, Kimmo Paasiala wrote: I just updated my stable/9 system after clang3.2 was added. My system is amd64, both world and kernel are compiled with clang3.2 and the default compiler is clang. I'm tracking the sources with GIT and the version I have corresponds to SVN revision r245451. Everything else seems to work but the pam authentication module security/pam_ssh_agent_auth segfaults immediately. ... #0 0x000800ef2070 in strsvis () from /lib/libc.so.7 #1 0x000800ef2584 in strvis () from /lib/libc.so.7 #2 0x000800ef25e5 in strnvis () from /lib/libc.so.7 #3 0x000801c0e2e7 in do_log () from /usr/local/lib/pam_ssh_agent_auth.so #4 0x000801c0e4ff in logit () from /usr/local/lib/pam_ssh_agent_auth.so ... The str*vis() calls suggest that it's something in the libc maybe? Brooks merged the new strvis implementations in r245439, so you may have run into a bug with them. I don't think this is caused specifically by clang, at least not without more proof. :-) Can you try reverting to the revision just before r245439, rebuilding and reinstalling at least libc, and see if the pam_ssh_agent_auth crash goes away? I'm rebuilding world now. Took me some time to figure out how to revert the commits in git. I'll report back once finished. NetBSD and OpenBSD use different signatures for strnvis(). :( pam_ssh_agent_auth assumes that if the system has one it is the OpenBSD one but ours is the NetBSD one. The port will need to be patched to use the openbsd version like it was doing or to swap the second and third arguments when build on newer versions of FreeBSD. -- Brooks It turns out that security/pam_ssh_agent_auth compiles its own version of strnvis() when HAVE_STRNVIS is not defined. This in turn results in an exported dynamic strnvis symbol in the plugin binary. I guess that's what is breaking things when the plugin binary is loaded on post r245439 world. First thing that comes to my mind for a fix is renaming the local strnvis() to something else conditionally based on HAVE_STRNVIS. -Kimmo ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: CLANG 3.2 breaks security/pam_ssh_agent_auth on stable/9
On Thu, Jan 17, 2013 at 09:06:27AM +0200, Kimmo Paasiala wrote: On Wed, Jan 16, 2013 at 8:01 PM, Kimmo Paasiala kpaas...@gmail.com wrote: On Wed, Jan 16, 2013 at 6:15 PM, Dimitry Andric d...@freebsd.org wrote: On 2013-01-16 13:05, Kimmo Paasiala wrote: I just updated my stable/9 system after clang3.2 was added. My system is amd64, both world and kernel are compiled with clang3.2 and the default compiler is clang. I'm tracking the sources with GIT and the version I have corresponds to SVN revision r245451. Everything else seems to work but the pam authentication module security/pam_ssh_agent_auth segfaults immediately. ... #0 0x000800ef2070 in strsvis () from /lib/libc.so.7 #1 0x000800ef2584 in strvis () from /lib/libc.so.7 #2 0x000800ef25e5 in strnvis () from /lib/libc.so.7 #3 0x000801c0e2e7 in do_log () from /usr/local/lib/pam_ssh_agent_auth.so #4 0x000801c0e4ff in logit () from /usr/local/lib/pam_ssh_agent_auth.so ... The str*vis() calls suggest that it's something in the libc maybe? Brooks merged the new strvis implementations in r245439, so you may have run into a bug with them. I don't think this is caused specifically by clang, at least not without more proof. :-) Can you try reverting to the revision just before r245439, rebuilding and reinstalling at least libc, and see if the pam_ssh_agent_auth crash goes away? Confirmed. Reverting world to one commit before r245439 and using the version of the port I used before fixes the problem. Trying to use the version I compiled with post r245439 world results in su: pam_start: system error when used on pre r245439 world. I have to repeat my question, isn't this the definition of ABI breakage? Not unless you consider adding new functions in a reserved namespace (str*) to be ABI breakage. The port should have continued to work unless it was recompiled so it should have preferred it's own version of the strnvis symbol. If it's makefiles were properly constructed it would have failed to compile due to the signature mismatch. It's unfortunate that NetBSD and OpenBSD picked different function signatures for strnvis, but it's beyond our control. -- Brooks pgpMufexVxhw3.pgp Description: PGP signature
Re: CLANG 3.2 breaks security/pam_ssh_agent_auth on stable/9
On 2013-01-17 14:07, Kimmo Paasiala wrote: On Thu, Jan 17, 2013 at 2:11 AM, Brooks Davis bro...@freebsd.org wrote: ... NetBSD and OpenBSD use different signatures for strnvis(). :( pam_ssh_agent_auth assumes that if the system has one it is the OpenBSD one but ours is the NetBSD one. The port will need to be patched to use the openbsd version like it was doing or to swap the second and third arguments when build on newer versions of FreeBSD. It turns out that security/pam_ssh_agent_auth compiles its own version of strnvis() when HAVE_STRNVIS is not defined. This in turn results in an exported dynamic strnvis symbol in the plugin binary. I guess that's what is breaking things when the plugin binary is loaded on post r245439 world. First thing that comes to my mind for a fix is renaming the local strnvis() to something else conditionally based on HAVE_STRNVIS. Please try the following patch, which tells configure that HAVE_STRNVIS is always false. I think this is the easiest way, unless we really want the port to use our own strnvis. Index: security/pam_ssh_agent_auth/Makefile === --- security/pam_ssh_agent_auth/Makefile (revision 310549) +++ security/pam_ssh_agent_auth/Makefile (working copy) @@ -16,6 +16,7 @@ COMMENT= PAM module which permits authentication v USE_BZIP2= yes GNU_CONFIGURE= yes +CONFIGURE_ENV= ac_cv_func_strnvis=no CONFIGURE_ARGS= --libexecdir=${LOCALBASE}/lib USE_PERL5= yes ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: CLANG 3.2 breaks security/pam_ssh_agent_auth on stable/9
On 1/17/2013 10:15 AM, Dimitry Andric wrote: CONFIGURE_ENV=ac_cv_func_strnvis=no Still segfaults for me. ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: CLANG 3.2 breaks security/pam_ssh_agent_auth on stable/9
On Thu, Jan 17, 2013 at 5:15 PM, Dimitry Andric d...@freebsd.org wrote: On 2013-01-17 14:07, Kimmo Paasiala wrote: On Thu, Jan 17, 2013 at 2:11 AM, Brooks Davis bro...@freebsd.org wrote: ... NetBSD and OpenBSD use different signatures for strnvis(). :( pam_ssh_agent_auth assumes that if the system has one it is the OpenBSD one but ours is the NetBSD one. The port will need to be patched to use the openbsd version like it was doing or to swap the second and third arguments when build on newer versions of FreeBSD. It turns out that security/pam_ssh_agent_auth compiles its own version of strnvis() when HAVE_STRNVIS is not defined. This in turn results in an exported dynamic strnvis symbol in the plugin binary. I guess that's what is breaking things when the plugin binary is loaded on post r245439 world. First thing that comes to my mind for a fix is renaming the local strnvis() to something else conditionally based on HAVE_STRNVIS. Please try the following patch, which tells configure that HAVE_STRNVIS is always false. I think this is the easiest way, unless we really want the port to use our own strnvis. This will still leave the exported symbol in the plugin binary with the name strnvis. What would be needed is renaming of the function to something else, like pam_ssh_agent_auth_strnvis(), maybe using a macro #define strnvis pam_ssh_agent_auth_strnvis somewhere. I can try my hand on coming up with a fix but its going to take some time, the source code of the plugin and not to mention the configure script look quite hairy. -Kimmo ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: CLANG 3.2 breaks security/pam_ssh_agent_auth on stable/9
On 2013-01-16 13:05, Kimmo Paasiala wrote: I just updated my stable/9 system after clang3.2 was added. My system is amd64, both world and kernel are compiled with clang3.2 and the default compiler is clang. I'm tracking the sources with GIT and the version I have corresponds to SVN revision r245451. Everything else seems to work but the pam authentication module security/pam_ssh_agent_auth segfaults immediately. ... #0 0x000800ef2070 in strsvis () from /lib/libc.so.7 #1 0x000800ef2584 in strvis () from /lib/libc.so.7 #2 0x000800ef25e5 in strnvis () from /lib/libc.so.7 #3 0x000801c0e2e7 in do_log () from /usr/local/lib/pam_ssh_agent_auth.so #4 0x000801c0e4ff in logit () from /usr/local/lib/pam_ssh_agent_auth.so ... The str*vis() calls suggest that it's something in the libc maybe? Brooks merged the new strvis implementations in r245439, so you may have run into a bug with them. I don't think this is caused specifically by clang, at least not without more proof. :-) Can you try reverting to the revision just before r245439, rebuilding and reinstalling at least libc, and see if the pam_ssh_agent_auth crash goes away? ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: CLANG 3.2 breaks security/pam_ssh_agent_auth on stable/9
On Wed, Jan 16, 2013 at 6:15 PM, Dimitry Andric d...@freebsd.org wrote: On 2013-01-16 13:05, Kimmo Paasiala wrote: I just updated my stable/9 system after clang3.2 was added. My system is amd64, both world and kernel are compiled with clang3.2 and the default compiler is clang. I'm tracking the sources with GIT and the version I have corresponds to SVN revision r245451. Everything else seems to work but the pam authentication module security/pam_ssh_agent_auth segfaults immediately. ... #0 0x000800ef2070 in strsvis () from /lib/libc.so.7 #1 0x000800ef2584 in strvis () from /lib/libc.so.7 #2 0x000800ef25e5 in strnvis () from /lib/libc.so.7 #3 0x000801c0e2e7 in do_log () from /usr/local/lib/pam_ssh_agent_auth.so #4 0x000801c0e4ff in logit () from /usr/local/lib/pam_ssh_agent_auth.so ... The str*vis() calls suggest that it's something in the libc maybe? Brooks merged the new strvis implementations in r245439, so you may have run into a bug with them. I don't think this is caused specifically by clang, at least not without more proof. :-) Can you try reverting to the revision just before r245439, rebuilding and reinstalling at least libc, and see if the pam_ssh_agent_auth crash goes away? I'm rebuilding world now. Took me some time to figure out how to revert the commits in git. I'll report back once finished. -Kimmo ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: CLANG 3.2 breaks security/pam_ssh_agent_auth on stable/9
On Wed, Jan 16, 2013 at 08:01:00PM +0200, Kimmo Paasiala wrote: On Wed, Jan 16, 2013 at 6:15 PM, Dimitry Andric d...@freebsd.org wrote: On 2013-01-16 13:05, Kimmo Paasiala wrote: I just updated my stable/9 system after clang3.2 was added. My system is amd64, both world and kernel are compiled with clang3.2 and the default compiler is clang. I'm tracking the sources with GIT and the version I have corresponds to SVN revision r245451. Everything else seems to work but the pam authentication module security/pam_ssh_agent_auth segfaults immediately. ... #0 0x000800ef2070 in strsvis () from /lib/libc.so.7 #1 0x000800ef2584 in strvis () from /lib/libc.so.7 #2 0x000800ef25e5 in strnvis () from /lib/libc.so.7 #3 0x000801c0e2e7 in do_log () from /usr/local/lib/pam_ssh_agent_auth.so #4 0x000801c0e4ff in logit () from /usr/local/lib/pam_ssh_agent_auth.so ... The str*vis() calls suggest that it's something in the libc maybe? Brooks merged the new strvis implementations in r245439, so you may have run into a bug with them. I don't think this is caused specifically by clang, at least not without more proof. :-) Can you try reverting to the revision just before r245439, rebuilding and reinstalling at least libc, and see if the pam_ssh_agent_auth crash goes away? I'm rebuilding world now. Took me some time to figure out how to revert the commits in git. I'll report back once finished. NetBSD and OpenBSD use different signatures for strnvis(). :( pam_ssh_agent_auth assumes that if the system has one it is the OpenBSD one but ours is the NetBSD one. The port will need to be patched to use the openbsd version like it was doing or to swap the second and third arguments when build on newer versions of FreeBSD. -- Brooks pgpu7MPNWFfEl.pgp Description: PGP signature
Re: CLANG 3.2 breaks security/pam_ssh_agent_auth on stable/9
On Thu, Jan 17, 2013 at 2:11 AM, Brooks Davis bro...@freebsd.org wrote: On Wed, Jan 16, 2013 at 08:01:00PM +0200, Kimmo Paasiala wrote: On Wed, Jan 16, 2013 at 6:15 PM, Dimitry Andric d...@freebsd.org wrote: On 2013-01-16 13:05, Kimmo Paasiala wrote: I just updated my stable/9 system after clang3.2 was added. My system is amd64, both world and kernel are compiled with clang3.2 and the default compiler is clang. I'm tracking the sources with GIT and the version I have corresponds to SVN revision r245451. Everything else seems to work but the pam authentication module security/pam_ssh_agent_auth segfaults immediately. ... #0 0x000800ef2070 in strsvis () from /lib/libc.so.7 #1 0x000800ef2584 in strvis () from /lib/libc.so.7 #2 0x000800ef25e5 in strnvis () from /lib/libc.so.7 #3 0x000801c0e2e7 in do_log () from /usr/local/lib/pam_ssh_agent_auth.so #4 0x000801c0e4ff in logit () from /usr/local/lib/pam_ssh_agent_auth.so ... The str*vis() calls suggest that it's something in the libc maybe? Brooks merged the new strvis implementations in r245439, so you may have run into a bug with them. I don't think this is caused specifically by clang, at least not without more proof. :-) Can you try reverting to the revision just before r245439, rebuilding and reinstalling at least libc, and see if the pam_ssh_agent_auth crash goes away? I'm rebuilding world now. Took me some time to figure out how to revert the commits in git. I'll report back once finished. NetBSD and OpenBSD use different signatures for strnvis(). :( pam_ssh_agent_auth assumes that if the system has one it is the OpenBSD one but ours is the NetBSD one. The port will need to be patched to use the openbsd version like it was doing or to swap the second and third arguments when build on newer versions of FreeBSD. -- Brooks Doesn't the change to strnvis() break the ABI on FreeBSD 9.X? I thought you could always compile a binary on an earlier version of FreeBSD 9.X and trust it to work without recompiling on any later minor version of the same major version line. (dynamic link libraries that are from ports excluded of course) -Kimmo ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: CLANG 3.2 breaks security/pam_ssh_agent_auth on stable/9
On Wed, Jan 16, 2013 at 8:01 PM, Kimmo Paasiala kpaas...@gmail.com wrote: On Wed, Jan 16, 2013 at 6:15 PM, Dimitry Andric d...@freebsd.org wrote: On 2013-01-16 13:05, Kimmo Paasiala wrote: I just updated my stable/9 system after clang3.2 was added. My system is amd64, both world and kernel are compiled with clang3.2 and the default compiler is clang. I'm tracking the sources with GIT and the version I have corresponds to SVN revision r245451. Everything else seems to work but the pam authentication module security/pam_ssh_agent_auth segfaults immediately. ... #0 0x000800ef2070 in strsvis () from /lib/libc.so.7 #1 0x000800ef2584 in strvis () from /lib/libc.so.7 #2 0x000800ef25e5 in strnvis () from /lib/libc.so.7 #3 0x000801c0e2e7 in do_log () from /usr/local/lib/pam_ssh_agent_auth.so #4 0x000801c0e4ff in logit () from /usr/local/lib/pam_ssh_agent_auth.so ... The str*vis() calls suggest that it's something in the libc maybe? Brooks merged the new strvis implementations in r245439, so you may have run into a bug with them. I don't think this is caused specifically by clang, at least not without more proof. :-) Can you try reverting to the revision just before r245439, rebuilding and reinstalling at least libc, and see if the pam_ssh_agent_auth crash goes away? Confirmed. Reverting world to one commit before r245439 and using the version of the port I used before fixes the problem. Trying to use the version I compiled with post r245439 world results in su: pam_start: system error when used on pre r245439 world. I have to repeat my question, isn't this the definition of ABI breakage? -Kimmo ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: CLANG 3.2 breaks security/pam_ssh_agent_auth on stable/9
Quoth Kimmo Paasiala kpaas...@gmail.com: Doesn't the change to strnvis() break the ABI on FreeBSD 9.X? I thought you could always compile a binary on an earlier version of FreeBSD 9.X and trust it to work without recompiling on any later minor version of the same major version line. No, it doesn't. No existing prototypes are changed, there are just a number of *nvis* functions added to complement the existing ones that didn't have length arguments. The only problem is that the port assumes that if a system has strnvis, it has a prototype matching OpenBSD's, which the new one doesn't. Ben ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: CLANG 3.2 breaks security/pam_ssh_agent_auth on stable/9
On Thu, Jan 17, 2013 at 9:33 AM, Ben Morrow b...@morrow.me.uk wrote: Quoth Kimmo Paasiala kpaas...@gmail.com: Doesn't the change to strnvis() break the ABI on FreeBSD 9.X? I thought you could always compile a binary on an earlier version of FreeBSD 9.X and trust it to work without recompiling on any later minor version of the same major version line. No, it doesn't. No existing prototypes are changed, there are just a number of *nvis* functions added to complement the existing ones that didn't have length arguments. The only problem is that the port assumes that if a system has strnvis, it has a prototype matching OpenBSD's, which the new one doesn't. Ben Aah yes, thanks for clarification. I'll submit a PR about the port then. -Kimmo ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org