i686-pc-linux-gnu-gcc -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o sshpty.o sshlogin.o servconf.o serverloop.o auth.o auth1.o auth2.o auth-options.o session.o auth-chall.o auth2-chall.o groupaccess.o auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o auth2-jpake.o monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o auth-krb5.o auth2-gss.o gss-serv.o gss-serv-krb5.o kexgsss.o loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o audit.o audit-bsm.o platform.o sftp-server.o sftp-common.o -L. -Lopenbsd-compat/ -Wl,-O1 -fstack-protector-all -Wl,-O1 -lssh -lopenbsd-compat -lwrap -lpam -lkafs -lresolv -lssl -lcrypto -ldl -lz -lutil -lz -lnsl -lcrypt -L/usr/lib -lgssapi -lheimntlm -lkrb5 -lcom_err -L/usr/lib -lcrypto -lasn1 -lwind -lroken -lcrypt -ldl -lresolv -lpthread gss-serv-krb5.o: In function `ssh_gssapi_krb5_updatecreds': /var/tmp/portage/net-misc/openssh-5.2_p1-r3/work/openssh-5.2p1/gss-serv-krb5.c:234: undefined reference to `krb5_free_unparsed_name' /var/tmp/portage/net-misc/openssh-5.2_p1-r3/work/openssh-5.2p1/gss-serv-krb5.c:231: undefined reference to `krb5_free_unparsed_name' collect2: ld returned 1 exit status make: *** [sshd] Error 1 * * ERROR: net-misc/openssh-5.2_p1-r3 failed. * Call stack: * ebuild.sh, line 49: Called src_compile * environment, line 3203: Called die * The specific snippet of code: * emake || die "compile problem" * The die message: * compile problem * * If you need support, post the topmost build error, and the call stack if relevant. * A complete build log is located at '/var/tmp/portage/net-misc/openssh-5.2_p1-r3/temp/build.log'. linux-2.6.31-rc6-git6 # emerge --info Portage 2.1.6.13 (default/linux/x86/2008.0/desktop, gcc-4.4.1, glibc-2.10.1-r0, 2.6.31-rc6-git6 i686) ================================================================= System uname: Linux-2.6.31-rc6-git6-i686-Mobile_Intel-R-_Pentium-R-_4_-_M_CPU_1.80GHz-with-gentoo-2.0.1 Timestamp of tree: Sun, 23 Aug 2009 12:45:02 +0000 distcc 3.1 i686-pc-linux-gnu [disabled] app-shells/bash: 4.0_p28 dev-java/java-config: 1.3.7-r1, 2.1.8-r1 dev-lang/python: 2.5.4-r3, 2.6.2-r1, 3.1.1 dev-python/pycrypto: 2.0.1-r8 dev-util/cmake: 2.6.4-r2 sys-apps/baselayout: 2.0.1 sys-apps/openrc: 0.4.3-r3 sys-apps/sandbox: 2.0 sys-devel/autoconf: 2.13, 2.63-r1 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.2, 1.11 sys-devel/binutils: 2.19.1-r1 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.6a virtual/os-headers: 2.6.30-r1 ACCEPT_KEYWORDS="x86 ~x86" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=pentium4 -mmmx -msse -msse2 -pipe -fno-strict-aliasing -ggdb" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /var/bind /var/lib/hsqldb /var/qmail/alias /var/qmail/control /var/vpopmail/etc" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c /etc/udev/rules.d" CXXFLAGS="-O2 -march=pentium4 -mmmx -msse -msse2 -pipe -fno-strict-aliasing -ggdb" DISTDIR="/usr/portage/distfiles" FEATURES="distlocks fixpackages metadata-transfer nostrip parallel-fetch protect-owned sandbox sfperms splitdebug strict unmerge-orphans userfetch" GENTOO_MIRRORS="http://gentoo.mirror.web4u.cz" LDFLAGS="-Wl,-O1" LINGUAS="en cs cz" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage/layman/science /usr/local/portage/layman/sunrise /usr/local/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="7zip R X Xaw3d a52 aac aalib ace acl acpi alsa amr amrnb amrwb apache audacious audiofile bash-completion bcmath berkdb blas bluetooth boost branding bzip2 cairo cblas cddb cdparanoia cdr clamav cli colordiff compress cpio cracklib crypt cscope css ctype cups curl curlwrappers cxx dbi dbus dga dia directfb djbfft dri dts dv dvb dvd dvdr dvdread eds emacs emboss emf enblend encode enscript exif expat faad fam fame fat fbcon ffmpeg fftw firefox flac flash foomaticdb fortran fpx ftp gcj gd gdbm ggi gif gimp gimpprint glibc-compat20 glibc-omitfp glut gmp gnuplot gnutls gpgme gphoto2 gpm graphviz gs gsl gsm gstreamer gtk gtkhtml hal hdf hdf5 hp2xx i8x0 icc iconv icu id3 ieee1394 ifc imagemagick imlib inifile innodb isdnlog ithreads jack java javascript jbig jce jikes jpeg jpeg2k kdtree kerberos lame lapack laptop lcms leim libcaca libedit libnotify libwww live lzo lzw mad maildir matroska mhash mikmod mime ming mjpeg mmap mmx mng mod_python modperl modplug motif mozilla moznoirc mp2 mp3 mp4 mpeg mpi mpi_njtree mpich2 mplayer mudflap mule musepack mxdatetime mysql mysqli ncurses netcdf netpbm network nls nntp nptl nptlonly nsplugin ntfs numeric ogg opengl openmp openssl pam pango pcmcia pcntl pcre pdf perl plotutils plugin png pnm postproc postscript ppds pppd procmail pymol python qt3 qt3support qt4 quicktime rar raw readline recode reflection reiserfs rpm samba sasl scanner scp seamonkey server session sftp sift slp smime sndfile soap sockets spell spl sqlite srt sse sse2 ssl startup-notification subtitles subversion svg svgz sysfs sysvipc t1lib tcl tcpd tetex theora threads tidy tiff tk transcode truetype unicode urandom usb userlocales utils uuencode v4l v4l2 vcd vhook vim-syntax vim-with-x vorbis wifi win32codecs wmf wxwindows x264 x86 xanim xcf xfs xft xinerama xinetd xml xorg xpm xsl xslt xulrunner xv xvid xvmc yv12 zip zlib" ALSA_CARDS="intel-8x0m" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config mem_cache mime mime_magic rewrite setenvif speling status unique_id userdir usertrack vhost_alias negotiation" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en cs cz" USERLAND="GNU" VIDEO_CARDS="radeon vesa" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LC_ALL, MAKEOPTS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Created attachment 202061 [details] build.log
# emerge -pv openssl openssh heimdal These are the packages that would be merged, in order: Calculating dependencies... done! [ebuild R ] dev-libs/openssl-0.9.8k-r1 USE="gmp sse2 zlib -bindist -kerberos -test" 0 kB [ebuild R ] app-crypt/heimdal-1.2.1-r3 USE="X berkdb ssl threads -afs -hdb-ldap -ipv6 -otp -pkinit" 0 kB [ebuild U ] net-misc/openssh-5.2_p1-r3 [5.2_p1-r2] USE="X kerberos libedit pam tcpd -X509 -hpn -ldap -pkcs11 (-selinux) -skey -smartcard -static" 0 kB # cat /etc/portage/package.use dev-libs/openssl -kerberos net-fs/nfs-utils -kerberos [cut] I wonder why it worked for me so far.
I re-ran revde-rebuild and recompiled openssl and heimdal. No help. But, on another attempt to upgrade openssh this attracted my eyes: i686-pc-linux-gnu-gcc -O2 -march=pentium4 -mmmx -msse -msse2 -pipe -fno-strict-aliasing -ggdb -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wno-pointer-sign -Wformat-security -fno-builtin-memset -fstack-protector-all -I. -I. -I/usr/include -I/usr/include -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/lib/misc/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/lib/misc/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/lib/misc/ssh-keysign\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DSSH_RAND_HELPER=\"/usr/lib/misc/ssh-rand-helper\" -DHAVE_CONFIG_H -c gss-serv-krb5.c gss-serv-krb5.c: In function ‘ssh_gssapi_krb5_storecreds’: gss-serv-krb5.c:122: warning: unused variable ‘len’ gss-serv-krb5.c: In function ‘ssh_gssapi_krb5_updatecreds’: gss-serv-krb5.c:231: warning: implicit declaration of function ‘krb5_free_unparsed_name’ i686-pc-linux-gnu-gcc -O2 -march=pentium4 -mmmx -msse -msse2 -pipe -fno-strict-aliasing -ggdb -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wno-pointer-sign -Wformat-security -fno-builtin-memset -fstack-protector-all -I. -I. -I/usr/include -I/usr/include -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/lib/misc/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/lib/misc/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/lib/misc/ssh-keysign\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DSSH_RAND_HELPER=\"/usr/lib/misc/ssh-rand-helper\" -DHAVE_CONFIG_H -c kexgsss.c kexgsss.c: In function ‘kexgss_server’: kexgsss.c:286: warning: implicit declaration of function ‘ssh_gssapi_rekey_creds’ I use gcc 4.4.1 if it matters.
krb5_free_unparsed_name() is provided by mit-krb5, but not by heimdal
I've reported this issue to upstream. That's something upstream should have a look on. g, mueli
I encountered this as well, with the same error messages as the original reporter, on amd64. What's interesting though is that this box has net-misc/openssh-5.2_p1-r2 installed with support for heimdal built-in and working just fine. So this might not be an upstream problem at all.
(In reply to comment #5) > I've reported this issue to upstream. That's something upstream should have a > look on. Which upstream? OpenSSL trunk or patch maintainers? Can you give a link? Diffing -r2 to -r3, it seems that the updated patch from bug #279488 is the most likely cause for this breakage. The newly introduced ssh_gssapi_krb5_updatecreds function from gss-serv-krb5.c does mention krb5_free_unparsed_name now, but didn't before. Looking at net-fs/nfs-utils-1.2.0 and net-fs/samba-server-3.3.7, it seems that they treat krb5_free_unparsed_name(ctx, name) as synonymous to free(name) if it isn't provided by app-crypt/mit-krb5. The same should be possible for net-misc/openssh. Presence would need to be checked by configure, I guess.
As it is easier to maintain a patch in one place I've checked the possibility of adding the missing function to heimdal. It's already added in git per upstream and I've prepared a patch for 1.2.1 witch is applied for heimdal-1.2.1-r4. Therefore I'll close this bug but would really appreciate your help on testing the new revision. Thx, mueli
After kinds of updates have on ~x86: app-crypt/heimdal-1.2.1-r4, dev-libs/openssl-0.9.8k-r1, net-misc/openssh-5.2_p1-r3 And here the useflags: # emerge -pv openssh openssl heimdal These are the packages that would be merged, in order: Calculating dependencies... done! [ebuild R ] dev-libs/openssl-0.9.8k-r1 USE="gmp sse2 zlib -bindist -kerberos -test" 0 kB [ebuild R ] app-crypt/heimdal-1.2.1-r4 USE="X berkdb ssl threads -afs -hdb-ldap -ipv6 -otp -pkinit" 0 kB [ebuild R ] net-misc/openssh-5.2_p1-r3 USE="X kerberos libedit pam tcpd -X509 -hpn -ldap -pkcs11 (-selinux) -skey -smartcard -static" 0 kB
Michael, would you mind sharing the patch here please? :)
Created attachment 203113 [details, diff] compatible free
This patch is of course also available in our tree. g, mueli
hmm. looks like this will need to get stuffed into samba too
"Works for me now." I had the same problem, but after going unstable on heimdal as suggested, compiling openssh works. Applies to: net-misc/openssh-5.2_p1-r3 and app-crypt/heimdal-1.2.1-r4 on x86.
It has worked for me for a while now. Can we get app-crypt/heimdal-1.2.1-r4 stabilized in order to fix this for stable people?
