After recompiling openssl 0.9.8c because of the new USE flag (-sse2) that became available, I could no longer log in via ssh. I downgraded openssl (to see if that would fix it), and noted that then openssh complained that the old openssl module was missing. So I ran a revdep-rebuild to see what else depended on this module, re-upgraded openssl, and then re-emerged all the packages that revdep-rebuild suggested previously. It fixed the problem, but this could be a real issue for machines with no local access. This could possibly also be a problem for other applications that depend on openssl, though I didn't detected any myself. $ emerge --info Portage 2.1.1 (default-linux/x86/2006.0, gcc-4.1.1, glibc-2.4-r3, 2.6.16-gentoo-r13 i686) ================================================================= System uname: 2.6.16-gentoo-r13 i686 Pentium III (Katmai) Gentoo Base System version 1.12.5 Last Sync: Fri, 15 Sep 2006 21:50:01 +0000 distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [enabled] ccache version 2.3 [enabled] app-admin/eselect-compiler: [Not Present] dev-java/java-config: [Not Present] dev-lang/python: 2.4.3-r1 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: 2.3 dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.13-r3 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r5 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=pentium3 -fomit-frame-pointer -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo" CXXFLAGS="-O2 -march=pentium3 -fomit-frame-pointer -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig ccache distcc distlocks metadata-transfer parallel-fetch sandbox sfperms strict" GENTOO_MIRRORS="http://mirror.datapipe.net/gentoo ftp://ftp.ussg.iu.edu/pub/linux/gentoo http://gentoo.seren.com/gentoo http://gentoo.chem.wisc.edu/gentoo/ http://gentoo.mirrors.pair.com/" LINGUAS="" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.us.gentoo.org/gentoo-portage" USE="x86 alsa apache2 apm arts bash-completion berkdb bitmap-fonts bzip2 cdr cli crypt curl dlloader dri dvdr eds elibc_glibc emboss encode esd ethereal flac foomaticdb fortran gdbm gif gpm gstreamer gtk2 imlib input_devices_evdev input_devices_keyboard input_devices_mouse isdnlog kernel_linux libg++ libwww lm_sensors mad mikmod mmx motif mp3 mpeg nas ncurses nls nptl offensive ogg opengl oss pam pcre perl pppd python qt3 qt4 quicktime readline reflection samba session sockets socks5 spell spl sse ssl tcpd truetype truetype-fonts type1-fonts udev userland_GNU video_cards_apm video_cards_ark video_cards_ati video_cards_chips video_cards_cirrus video_cards_cyrix video_cards_dummy video_cards_fbdev video_cards_glint video_cards_i128 video_cards_i740 video_cards_i810 video_cards_imstt video_cards_mga video_cards_neomagic video_cards_nsc video_cards_nv video_cards_rendition video_cards_s3 video_cards_s3virge video_cards_savage video_cards_siliconmotion video_cards_sis video_cards_sisusb video_cards_tdfx video_cards_tga video_cards_trident video_cards_tseng video_cards_v4l video_cards_vesa video_cards_vga video_cards_via video_cards_vmware video_cards_voodoo vorbis xml xmms xorg xv zlib" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, PORTAGE_RSYNC_EXTRA_OPTS
(In reply to comment #0) > I downgraded openssl (to see if that would fix it), and noted that then > openssh complained that the old openssl module was missing. Which "old openssl module"? > So I ran a revdep-rebuild to see what else > depended on this module, re-upgraded openssl, and then re-emerged all the > packages that revdep-rebuild suggested previously. Are you complaining that you upgraded from 0.9.7, didn't follow the instructions and things did break? Or what's this exactly about?
No, he is complaining that re-building openssl-0.9.8c (because of the sse2 USE that was detected by emerge --newuse) broke his curently installed openssh-4.3_p2-r1. I just did this rebuild on two boxes, one with -sse2 and the other with +sse2, both ssh are now broken. i see things like "ssh_exchange_identification: Connection closed by remote host" when i try to connect from box1 to box2 (or box2 to box1), and "Segmentation fault" when i try to connect from box1 or box2 to any other box where openssl has not been touched.
Hmmm.
*** Bug 147789 has been marked as a duplicate of this bug. ***
I can confirm this issue. When I attempt to open an ssh session from a pc with openssl -sse2 to a pc with openssl +sse2 I receive Segmentation Fault.
Works all fine with net-misc/openssh-4.3_p2-r2, actually on ~
Confirm. Re-emerge of openssh after the new openssl build fixes the problem. This is a strange shared library update problem that should be looked into. I haven't run into other trouble yet, but there is a rather large dependency set on this library.
lovely, another ABI breakage ive disabled USE=sse2 and revbumped the pkg
*** Bug 147956 has been marked as a duplicate of this bug. ***
Can't confirm this bug. I built openssl with the following useflags: dev-libs/openssl-0.9.8c-r1 [0.9.8c] USE="zlib -bindist -emacs -test (-sse2%)" 0 kB I did use revdep-rebuild to repair both libraries as messaged by portage. A bunch of packages including ssh was rebuilt. While not terminating the current ssh session I restarted the ssh-server and tested the login from another shell and it worked without problems. After revdep-rebuild was done, I moved the old libraries to my homedir and restarted. The box restarted and sshd fired up without problems, then I deleted the old libs in my homedir.
(In reply to comment #10) > Can't confirm this bug. > > I built openssl with the following useflags: > > dev-libs/openssl-0.9.8c-r1 [0.9.8c] USE="zlib -bindist -emacs -test (-sse2%)" 0 > kB Sorry, this was a copy and paste error, I was copying the line from emerge -pv openssl after emerge --sync, showing already the new openssl package. So the line above shows not the current installed package, I should have not cropped the beginning of the line: [ebuild U ] dev-libs/openssl-0.9.8c-r1 [0.9.8c] USE="zlib -bindist -emacs -test (-sse2%)" 0 kB
*** Bug 148068 has been marked as a duplicate of this bug. ***
The upgrade from openssl-0.9.8c-r1 to openssl-0.9.8c-r2 (stable!) broke my openssh, I cannot login now via ssh. I cannot get more info now, because the box it broke is remote. error: ssh_exchange_identification: Connection closed by remote host Please test these sort of things before bumping stable. Rebuilding ssh will probably fix it, but that is problematic when ssh isn't working. I read the warning in the Changelog, but had no idea the problem was that bad.
