net-misc/openssh-5.1-r3 is patched with the openssh-5.1_p1-better-ssp-check.patch patch which should improve StackProtector detection. This patch seems to be broken though as it will also fail the test on systems with working StackProtector due to returning snprintf's return value (which would be 7) instead of 0. From config.log: configure:5836: checking if -fstack-protector-all works configure:5861: gcc -o conftest -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wno-pointer-sign -Wformat-security -fno-builtin-memset -fstack-protector-all -fstack-protector-all conftest.c >&5 configure:5865: $? = 0 configure:5871: ./conftest configure:5875: $? = 7 configure: program exited with status 7 configure: failed program was: | /* confdefs.h. */ | #define PACKAGE_NAME "OpenSSH" | #define PACKAGE_TARNAME "openssh" | #define PACKAGE_VERSION "Portable" | #define PACKAGE_STRING "OpenSSH Portable" | #define PACKAGE_BUGREPORT "openssh-unix-dev@mindrot.org" | #define STDC_HEADERS 1 | #define HAVE_SYS_TYPES_H 1 | #define HAVE_SYS_STAT_H 1 | #define HAVE_STDLIB_H 1 | #define HAVE_STRING_H 1 | #define HAVE_MEMORY_H 1 | #define HAVE_STRINGS_H 1 | #define HAVE_INTTYPES_H 1 | #define HAVE_STDINT_H 1 | #define HAVE_UNISTD_H 1 | #define _FILE_OFFSET_BITS 64 | #define LOGIN_PROGRAM_FALLBACK "/bin/login" | #define _PATH_PASSWD_PROG "/usr/bin/passwd" | /* end confdefs.h. */ | | #include <stdio.h> | int main(void){char foo[1024];return sprintf(foo, "moo cow");} | configure:5886: result: no Using the patch from the upstream bugreport referenced in the patchfile makes the stackprotector work again.
Let's see what base-system thinks about this. Reassigning to base-system herd.
fixed in cvs http://sources.gentoo.org/net-misc/openssh/files/openssh-5.1_p1-better-ssp-check.patch?r1=1.3&r2=1.4