Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 696950 - net-misc/openssh: dev-libs/openssl-1.1.1d-r1 breaks login
Summary: net-misc/openssh: dev-libs/openssl-1.1.1d-r1 breaks login
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo's Team for Core System packages
URL:
Whiteboard:
Keywords:
: 696952 (view as bug list)
Depends on:
Blocks:
 
Reported: 2019-10-08 14:06 UTC by Alarig Le Lay
Modified: 2019-10-11 00:52 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alarig Le Lay 2019-10-08 14:06:51 UTC
Hello,

This morning I upgraded a LXC container and since I can’t log with ssh anymore.

Client side:
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Requesting no-more-sessions@openssh.com
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: network
debug3: send packet: type 1
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
  #0 client-session (t3 nr0 i0/0 o0/0 e[write]/0 fd 4/5/6 sock -1 cc -1)

debug3: fd 1 is not O_NONBLOCK
Connection to alarig closed by remote host.


Server side:
Oct  8 15:48:07 alarig sshd[7789]: Accepted publickey for alarig from 217.70.181.1 port 2595 ssh2: RSA SHA256:zFZoKQ/RQ1exR92xTSuZoSp/kvbJouA5nvwUvkOyCYQ
Oct  8 15:48:07 alarig sshd[7789]: fatal: privsep_preauth: preauth child terminated by signal 31


A github issue suggests to add the build flag -DOPENSSL_RAND_SEED_DEVRANDOM_SHM_ID=-1
https://github.com/openssl/openssl/issues/9984

Which I did.
~ # diff /var/db/repos/gentoo/dev-libs/openssl/openssl-1.1.1d-r1.ebuild /var/db/repos/gentoo/dev-libs/openssl/openssl-1.1.1d-r2.ebuild
148c148
<       append-cppflags -DOPENSSL_NO_BUF_FREELISTS
---
>       append-cppflags -DOPENSSL_NO_BUF_FREELISTS -DOPENSSL_RAND_SEED_DEVRANDOM_SHM_ID=-1

And now I can log again.

I’m not a developer at all, so I don’t know if this patch will break other things, but at least there is a patchable issue there.

Regards,
-- 
Alarig Le Lay
Comment 1 Brian Evans (RETIRED) gentoo-dev 2019-10-08 14:25:28 UTC
*** Bug 696952 has been marked as a duplicate of this bug. ***
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2019-10-08 15:37:50 UTC
Pushing updated openssh shortly.
Comment 3 Larry the Git Cow gentoo-dev 2019-10-08 16:06:34 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3e5450cea62dc5bc913d68a05f9de96c76eb8fb9

commit 3e5450cea62dc5bc913d68a05f9de96c76eb8fb9
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2019-10-08 15:56:59 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2019-10-08 15:56:59 +0000

    dev-libs/openssl: block incompatible net-misc/openssh versions
    
    Bug: https://bugs.gentoo.org/696950
    Package-Manager: Portage-2.3.76, Repoman-2.3.17
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 .../openssl/{openssl-1.1.1d-r1.ebuild => openssl-1.1.1d-r2.ebuild}     | 3 +++
 1 file changed, 3 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b013540990395e21715894f064343e2395781c25

commit b013540990395e21715894f064343e2395781c25
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2019-10-08 15:49:59 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2019-10-08 15:49:59 +0000

    net-misc/openssh: arm/m68k/sh stable
    
    Forced stabilization due to bug 696950.
    
    Closes: https://bugs.gentoo.org/691932
    Bug: https://bugs.gentoo.org/696950
    Package-Manager: Portage-2.3.76, Repoman-2.3.17
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 net-misc/openssh/openssh-8.0_p1-r3.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a8476cc3013b8303167fec09ffe03ed7ca193646

commit a8476cc3013b8303167fec09ffe03ed7ca193646
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2019-10-08 15:47:34 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2019-10-08 15:47:34 +0000

    net-misc/openssh: adjust sandbox for >=dev-libs/openssl-1.1.1d
    
    Link: https://github.com/openssh/openssh-portable/pull/149
    Bug: https://bugs.gentoo.org/696950
    Package-Manager: Portage-2.3.76, Repoman-2.3.17
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 ...mget-shmat-shmdt-in-preauth-privsep-child.patch |  31 ++
 net-misc/openssh/openssh-8.0_p1-r3.ebuild          | 463 +++++++++++++++++++++
 2 files changed, 494 insertions(+)
Comment 4 Alarig Le Lay 2019-10-11 00:52:36 UTC
I didn’t see any login failure since the patch has been published. Thanks a lot!

-- 
Alarig Le Lay