# Where did the openssl upgrade go wrong?

## Princess Nell

net-misc/nxclient is broken since the most recent openssl upgrade because the 0.9.8 libs cannot be found. Yet:

```

# equery l |grep openssl

dev-libs/openssl-0.9.8p

dev-libs/openssl-1.0.0b-r1

dev-python/pyopenssl-0.10-r1

# equery f openssl-0.9.8p

[ Searching for packages matching openssl-0.9.8p... ]

* Contents of dev-libs/openssl-0.9.8p:

/usr

/usr/lib

/usr/lib/libcrypto.so.0.9.8

/usr/lib/libssl.so.0.9.8

# ll /usr/lib/libcrypto.so.0.9.8 /usr/lib/libssl.so.0.9.8

ls: cannot access /usr/lib/libcrypto.so.0.9.8: No such file or directory

ls: cannot access /usr/lib/libssl.so.0.9.8: No such file or directory

# 

```

----------

## toralf

Didn't a revdep-rebuild help ?

----------

## Princess Nell

Apparently not. Maybe it doesn't check files under /usr/NX?

----------

## Veldrin

maybe a emerge -1 openssl:0.9.8 could help...

I do not use nx-client, but apparently they are still using jpeg-6b too...

V.

----------

## toralf

Well, I use a proprietary VPN solution here under Gentoo where I hard-nosed symlinked the libs from openssl 1.0.0b-r1 to libssl.so.0.9.8 - and it worked for that particular app - probably worth a try

----------

## Princess Nell

Doesn't work in this case, it looks specifically for 0.9.8.

The weird thing is that the e* tools tell me this version of openssl is installed, but the files are gone after revdep-rebuild.

----------

## Veldrin

what tools are you using?

eix tells me, that there are 2 slotted versions of openssl available...

what does qlist openssl return? I am specially interested what versions of libcrypto and libssl are listed...

V.

----------

## Princess Nell

```

# qlist openssl|sort|grep /usr/lib/l     

/usr/lib/libcrypto.a

/usr/lib/libcrypto.so

/usr/lib/libcrypto.so.0.9.8

/usr/lib/libcrypto.so.1.0.0

/usr/lib/libssl.a

/usr/lib/libssl.so

/usr/lib/libssl.so.0.9.8

/usr/lib/libssl.so.1.0.0

# 

```

This is after re-emerging 0.9.8. But see my original posting.

----------

## samo

Did you try to emerge nxclient after the update of openssl?

I had also some problems after the update last weekend and I solved the problems by following the hints in /var/log/portage/elog/summary.log.

```
>>> Messages generated by process 6662 on 2010-10-16 14:48:21 CEST for package dev-libs/openssl-1.0.0a-r3:

WARN: postinst

Old versions of installed libraries were detected on your system.  

In order to avoid breaking packages that depend on these old libs,  

the libraries are not being removed.  You need to run revdep-rebuild

in order to remove these old dependencies.  If you do not have this 

helper program, simply emerge the 'gentoolkit' package.

  # revdep-rebuild --library libcrypto.so.0.9.8

  # revdep-rebuild --library libssl.so.0.9.8

Once you've finished running revdep-rebuild, it should be safe to

delete the old libraries.  Here is a copy & paste for the lazy:  

  # rm '/usr/lib/libcrypto.so.0.9.8'

  # rm '/usr/lib/libssl.so.0.9.8'
```

----------

## gentoo_ram

The nxssh binary is linked against the 0.9.8 version of libcrypto.  There's really nothing you can do about it.  I personally copied the 0.9.8 versions of the library files into /usr/NX/lib and this worked.  You don't need the libraries in /usr/lib (at least for this package).

----------

## CodeNoodler

Hello gentoo-ers

Well, I usually pay attention to the messages posted after emerge updates, but curiously I did not get the revdep-rebuild instructions after openssl-1.0.0b-r1 was updated onto my system "world".  

But as I proceeded merrily ignorant, I did run a routine broad spectrum revdep-rebuild after which my system broke because on next boot I got all the notices about libssl.0.9.8 and libcrypto.0.9.8 being missing.  

After some forum mining I eventually re-emerged the old openssl-0.9.8p and, lo, my system worked once more.

I then, out of curiosity, re-emerged the latest openssl-1.0.0b-r1 to see the "revdep-rebuild --library <libname.so>" messages I apparently must have missed -- but there was nothing of the sort.

Instead, I saw the following.

```
 >>> Installing (1 of 1) dev-libs/openssl-1.0.0b-r1

 * Running 'c_rehash /etc/ssl/certs/' to rebuild hashes #333069 ...

grep: class3.pem: No such file or directory

WARNING: class3.pem does not contain a certificate or CRL: skipping

grep: QuoVadis_Root_Certification_Authority.pem: No such file or directory

WARNING: QuoVadis_Root_Certification_Authority.pem does not contain a certificate or CRL: skipping

grep: root.pem: No such file or directory

WARNING: root.pem does not contain a certificate or CRL: skipping

grep: UTN_USERFirst_Object_Root_CA.pem: No such file or directory

WARNING: UTN_USERFirst_Object_Root_CA.pem does not contain a certificate or CRL: ski  [ ok ]

>>> Auto-cleaning packages...

>>> No outdated packages were found on your system.
```

So... Might there be other additional problems with the openssl update?  Something that prevents proper notification messages for some systems? Apparently some users got the message posted properly.  I did not.  Is it possible that the missing notification is responsible for the number of users having difficulty with the update.  Or am I an isolated error case?

And would this problem be unique to openssl or will I now be missing messages for other packages as well?  I notice that the class3.pem

link is to a file that does not exist.

----------

## Hu

 *CodeNoodler wrote:*   

> So... Might there be other additional problems with the openssl update?  Something that prevents proper notification messages for some systems?

 The ebuild skips the notification and preservation steps if has_version ${CATEGORY}/${PN}:0.9.8.  By installing =dev-libs/openssl-0.9.8p, you suppressed the notification.  However, this does not explain how you missed the warning during the original installation.

----------

## CodeNoodler

Thanks for the response.

But the nature of the problem with the emerge of dev-libs/openssl-1.0.0b-r1 and its side effects still puzzles me.

At my current state, I can see where the desired/intentional presence of a prev slotted version would imply that I would not want to take measures to remove old libs, and thus the "<libname>.so.n.n" pruning instructions might be unwise.  Hence a possible code branch; but the nature of the feedback from emerge indicates a much less graceful exit from such a condition.  This may indicate a problem that still exists?  Plus, I cannot be sure if it is the same message generated by the initial problematic encounter with the openssl update.  It could be that the artefacts resulting in this ungraceful message sequence also is responsible for accidental slotting of the package version.

As far as I can tell, it was the normal emerge-based package management that slotted my openssl pkg in the first place.  I think I did notice that both versions were still present while I was undertaking diagnosis of my sick gentoo-box, though at this point it might be considered mere memory recollection and subject to possible brain glitch.  Granted, I did later execute an explicit install of the elder version while repairing my system. (Crime scene was thusly compromised. Oops.)

If there was a hitch in my emerge process that kept the old version "apparently though erroneously" slotted (instead of properly managing its vital and non-vital bits) might it have caused the revdep library rebuild instructions from my view when it should not have?

While not able to swear without further research, I am pretty sure that most upgrades requiring library revdep-rebuilds have not generally invoked slotting in the interim.  

And now, do I have to be a bit insecure about being able to uninstall my slotted dev-libs/openssl-0.9.8p without suffering some subtle problems that will crop up when I least expect it?  I've never had to do explicit unmerges following other similar library management activities.

----------

## Hu

Check your /var/log/emerge.log to see what was added, removed, and upgraded, and in what order.  The 0.9.8 slot is provided for people who must have the old ABI names, usually to support proprietary programs that have not been rebuilt with the newer library.  I am not sure what you mean by feedback from emerge indicating an ungraceful exit.  The snippet you showed does not indicate any problems with the ebuild, though the c_rehash utility reacted badly to the presence of broken symbolic links in your CA directory.

Installing =dev-libs/openssl-1.0.0b-r1 the first time (as an upgrade from <=dev-libs/openssl-0.9.8o) should have preserved the old library names, but done so by making them part of the new 1.0.0b-r1 package.  It should then have told you to do revdep-rebuild prior to removing those libraries.  It should never remove those libraries on its own, nor should it create a new slotted install on its own.

----------

## CodeNoodler

By ungraceful I just meant that something less-than-expected by the ebuild processes was encountered (missing files) implying that I had manifested an accidental condition (which might mean troubled waters ahead).  I am at a loss as to how the CA directory or the related links got busted, or how to fix it at this time.

My emerge.log indicates that both openssl-0.9.8p and openssl-1.0.0b-r1 were installed at the same emerge world pass. Some following equery checks show that acroread-9.4.0 still requires openssl-0.9.8* (it was upgraded from "o" to "p") -- which may imply that I should not yet have gotten any revdep related library removal instructions, even if it still installed the latter version (and should it have done that, given the still existing dependency? How was the -1.0 series planted on my system in the first place?). 

In any case, something I did afterward, perhaps my generic revdep-rebuild pass, must have scrogged the libssl.so and libcrypto.so libraries causing my system to falter during the reboot process next time around because the boot feed showed complaints about the missing libs.

Perhaps expectedly, Acroread crashed under brief testing, since I had gone ahead and earlier executed all that library revdep stuff which I thought I had missed - so something wants those libs.  I will probably re-emerge the old openssl for now and then determine if it makes sense to try to have both installed. It is not clear to me that they can gracefully coexist without some trickery, so I might just mask further openssl updates for the time being if it keeps trying to "accidentally" recreate the troubled situation.

----------

## Hu

In what order were the two packages installed?  Could you provide the output of grep openssl /var/log/emerge.log?  The CA directory probably broke on its own, as part of the normal removal of certificates.  Remove the dangling symbolic links to fix it.

Portage upgraded to >=dev-libs/openssl-1.0.0a-r3 because that is the right thing to do.  Installing dev-libs/openssl:0.9.8 is a necessary evil to avoid breaking closed source applications that are not linked against the newer version of OpenSSL.  Unless you need some feature provided only by Acroread, I suggest replacing it with a PDF reader that does not require a legacy version of OpenSSL, so that you can remove dev-libs/openssl:0.9.8 from the system.  Regardless of whether you switch to a different PDF reader, I would not remove or mask the newer versions of OpenSSL.  They contain potentially relevant security fixes, relative to the older versions.

[Edit: s/proprietary/closed source/ to more accurately reflect that the problem is programs which users cannot rebuild with the newer OpenSSL, irrespective of the licensing status of the programs.]

----------

## CodeNoodler

Re: broken CA directory

 *Quote:*   

> The CA directory probably broke on its own, as part of the normal removal of certificates. Remove the dangling symbolic links to fix it. 

 

Am I to infer that the infrastructure may be self-healing (or self breaking)? I am always perplexed when some systems seem non-deterministic, but i'll go ahead and so do.

Re: the openssl package installation activity

Here is the grep openssl /var/log/emerge.log snip. It's up front (the 4-of-10 and 5-of-10), and some of the trailing entries may just indicate some of my follow-on activity and investigative efforts while learning about what was going on.

```
1290626715:  >>> emerge (4 of 10) dev-libs/openssl-0.9.8p to /

1290626718:  === (4 of 10) Cleaning (dev-libs/openssl-0.9.8p::/usr/portage/dev-libs/openssl/openssl-0.9.8p.ebuild)

1290626718:  === (4 of 10) Compiling/Merging (dev-libs/openssl-0.9.8p::/usr/portage/dev-libs/openssl/openssl-0.9.8p.ebuild)

1290627022:  === (4 of 10) Merging (dev-libs/openssl-0.9.8p::/usr/portage/dev-libs/openssl/openssl-0.9.8p.ebuild)

1290627029:  >>> AUTOCLEAN: dev-libs/openssl:0.9.8

1290627029:  === Unmerging... (dev-libs/openssl-0.9.8o-r2)

1290627035:  >>> unmerge success: dev-libs/openssl-0.9.8o-r2

1290627038:  === (4 of 10) Post-Build Cleaning (dev-libs/openssl-0.9.8p::/usr/portage/dev-libs/openssl/openssl-0.9.8p.ebuild)

1290627038:  ::: completed emerge (4 of 10) dev-libs/openssl-0.9.8p to /

1290627038:  >>> emerge (5 of 10) dev-libs/openssl-1.0.0b-r1 to /

1290627041:  === (5 of 10) Cleaning (dev-libs/openssl-1.0.0b-r1::/usr/portage/dev-libs/openssl/openssl-1.0.0b-r1.ebuild)

1290627041:  === (5 of 10) Compiling/Merging (dev-libs/openssl-1.0.0b-r1::/usr/portage/dev-libs/openssl/openssl-1.0.0b-r1.ebuild)

1290627628:  === (5 of 10) Merging (dev-libs/openssl-1.0.0b-r1::/usr/portage/dev-libs/openssl/openssl-1.0.0b-r1.ebuild)

1290627649:  >>> AUTOCLEAN: dev-libs/openssl:0

1290627649:  === Unmerging... (dev-libs/openssl-1.0.0a-r3)

1290627656:  >>> unmerge success: dev-libs/openssl-1.0.0a-r3

1290627669:  === (5 of 10) Post-Build Cleaning (dev-libs/openssl-1.0.0b-r1::/usr/portage/dev-libs/openssl/openssl-1.0.0b-r1.ebuild)

1290627669:  ::: completed emerge (5 of 10) dev-libs/openssl-1.0.0b-r1 to /

1290642677:  >>> emerge (1 of 1) dev-libs/openssl-1.0.0b-r1 to /

1290642680:  === (1 of 1) Cleaning (dev-libs/openssl-1.0.0b-r1::/usr/portage/dev-libs/openssl/openssl-1.0.0b-r1.ebuild)

1290642680:  === (1 of 1) Compiling/Merging (dev-libs/openssl-1.0.0b-r1::/usr/portage/dev-libs/openssl/openssl-1.0.0b-r1.ebuild)

1290643039:  === (1 of 1) Merging (dev-libs/openssl-1.0.0b-r1::/usr/portage/dev-libs/openssl/openssl-1.0.0b-r1.ebuild)

1290643051:  >>> AUTOCLEAN: dev-libs/openssl:0

1290643051:  === Unmerging... (dev-libs/openssl-1.0.0b-r1)

1290643059:  >>> unmerge success: dev-libs/openssl-1.0.0b-r1

1290643068:  === (1 of 1) Post-Build Cleaning (dev-libs/openssl-1.0.0b-r1::/usr/portage/dev-libs/openssl/openssl-1.0.0b-r1.ebuild)

1290643068:  ::: completed emerge (1 of 1) dev-libs/openssl-1.0.0b-r1 to /

1290741778:  *** emerge --oneshot dev-libs/openssl-0.9.8p

1290741782:  *** emerge --oneshot dev-libs/openssl-0.9.8

1290741897:  *** emerge --oneshot dev-libs/openssl:0.9.8

1290741921:  *** emerge --oneshot dev-libs/openssl:0.9.8p

1290742792:  *** emerge --oneshot =dev-libs/openssl-0.9.8p

1290742803:  >>> emerge (1 of 1) dev-libs/openssl-0.9.8p to /

1290742807:  === (1 of 1) Cleaning (dev-libs/openssl-0.9.8p::/usr/portage/dev-libs/openssl/openssl-0.9.8p.ebuild)

1290742807:  === (1 of 1) Compiling/Merging (dev-libs/openssl-0.9.8p::/usr/portage/dev-libs/openssl/openssl-0.9.8p.ebuild)

1290742930:  === (1 of 1) Merging (dev-libs/openssl-0.9.8p::/usr/portage/dev-libs/openssl/openssl-0.9.8p.ebuild)

1290742937:  >>> AUTOCLEAN: dev-libs/openssl:0.9.8

1290742937:  === Unmerging... (dev-libs/openssl-0.9.8p)

1290742946:  >>> unmerge success: dev-libs/openssl-0.9.8p

1290742948:  === (1 of 1) Post-Build Cleaning (dev-libs/openssl-0.9.8p::/usr/portage/dev-libs/openssl/openssl-0.9.8p.ebuild)

1290742948:  ::: completed emerge (1 of 1) dev-libs/openssl-0.9.8p to /

1290743648:  >>> emerge (1 of 1) dev-libs/openssl-1.0.0b-r1 to /

1290743653:  === (1 of 1) Cleaning (dev-libs/openssl-1.0.0b-r1::/usr/portage/dev-libs/openssl/openssl-1.0.0b-r1.ebuild)

1290743653:  === (1 of 1) Compiling/Merging (dev-libs/openssl-1.0.0b-r1::/usr/portage/dev-libs/openssl/openssl-1.0.0b-r1.ebuild)

1290744062:  === (1 of 1) Merging (dev-libs/openssl-1.0.0b-r1::/usr/portage/dev-libs/openssl/openssl-1.0.0b-r1.ebuild)

1290744081:  >>> AUTOCLEAN: dev-libs/openssl:0

1290744081:  === Unmerging... (dev-libs/openssl-1.0.0b-r1)

1290744090:  >>> unmerge success: dev-libs/openssl-1.0.0b-r1

1290744102:  === (1 of 1) Post-Build Cleaning (dev-libs/openssl-1.0.0b-r1::/usr/portage/dev-libs/openssl/openssl-1.0.0b-r1.ebuild)

1290744102:  ::: completed emerge (1 of 1) dev-libs/openssl-1.0.0b-r1 to /

1290747257:  >>> emerge (1 of 1) dev-libs/openssl-1.0.0b-r1 to /

1290747261:  === (1 of 1) Cleaning (dev-libs/openssl-1.0.0b-r1::/usr/portage/dev-libs/openssl/openssl-1.0.0b-r1.ebuild)

1290747261:  === (1 of 1) Compiling/Merging (dev-libs/openssl-1.0.0b-r1::/usr/portage/dev-libs/openssl/openssl-1.0.0b-r1.ebuild)

1290747658:  === (1 of 1) Merging (dev-libs/openssl-1.0.0b-r1::/usr/portage/dev-libs/openssl/openssl-1.0.0b-r1.ebuild)

1290747676:  >>> AUTOCLEAN: dev-libs/openssl:0

1290747676:  === Unmerging... (dev-libs/openssl-1.0.0b-r1)

1290747685:  >>> unmerge success: dev-libs/openssl-1.0.0b-r1

1290747697:  === (1 of 1) Post-Build Cleaning (dev-libs/openssl-1.0.0b-r1::/usr/portage/dev-libs/openssl/openssl-1.0.0b-r1.ebuild)

1290747697:  ::: completed emerge (1 of 1) dev-libs/openssl-1.0.0b-r1 to /

1290776098:  *** emerge --oneshot app-arch/libarchive:0 app-crypt/mit-krb5:0 dev-libs/openssl:0.9.8 net-dns/bind-tools:0 net-libs/libssh:0 net-libs/openslp:0 net-misc/iputils:0 net-misc/ntp:0

1290776200:  >>> emerge (3 of 9) dev-libs/openssl-0.9.8p to /

1290776205:  === (3 of 9) Cleaning (dev-libs/openssl-0.9.8p::/usr/portage/dev-libs/openssl/openssl-0.9.8p.ebuild)

1290776205:  === (3 of 9) Compiling/Merging (dev-libs/openssl-0.9.8p::/usr/portage/dev-libs/openssl/openssl-0.9.8p.ebuild)

1290776377:  === (3 of 9) Merging (dev-libs/openssl-0.9.8p::/usr/portage/dev-libs/openssl/openssl-0.9.8p.ebuild)

1290776382:  >>> AUTOCLEAN: dev-libs/openssl:0.9.8

1290776382:  === Unmerging... (dev-libs/openssl-0.9.8p)

1290776383:  >>> unmerge success: dev-libs/openssl-0.9.8p

1290776386:  === (3 of 9) Post-Build Cleaning (dev-libs/openssl-0.9.8p::/usr/portage/dev-libs/openssl/openssl-0.9.8p.ebuild)

1290776386:  ::: completed emerge (3 of 9) dev-libs/openssl-0.9.8p to /

1290903298:  *** emerge  =dev-libs/openssl-0.9.8p

1290903321:  >>> emerge (1 of 1) dev-libs/openssl-0.9.8p to /

1290903321:  === (1 of 1) Cleaning (dev-libs/openssl-0.9.8p::/usr/portage/dev-libs/openssl/openssl-0.9.8p.ebuild)

1290903323:  === (1 of 1) Compiling/Merging (dev-libs/openssl-0.9.8p::/usr/portage/dev-libs/openssl/openssl-0.9.8p.ebuild)

1290904202:  === (1 of 1) Merging (dev-libs/openssl-0.9.8p::/usr/portage/dev-libs/openssl/openssl-0.9.8p.ebuild)

1290904216:  >>> AUTOCLEAN: dev-libs/openssl:0.9.8

1290904216:  === Unmerging... (dev-libs/openssl-0.9.8p)

1290904224:  >>> unmerge success: dev-libs/openssl-0.9.8p

1290904229:  === (1 of 1) Updating world file (dev-libs/openssl-0.9.8p)

1290904229:  === (1 of 1) Post-Build Cleaning (dev-libs/openssl-0.9.8p::/usr/portage/dev-libs/openssl/openssl-0.9.8p.ebuild)

1290904229:  ::: completed emerge (1 of 1) dev-libs/openssl-0.9.8p to /
```

Re: what to be done about openssl - to slot or not to slot, or otherwise.

Was looking at the /usr/lib directory and am not convinced that having slotted versions of the libs is valid unless an app's framework is designed to ident/search a lib by version.  I doubt this is generally true.  So I lean toward preferring not to slot. I'll stick to the latest version and run that revdep library maintenance sequence again just to make sure everything is clean.

Also, in reconsidering, I would agree about not compromising openssl to accommodate Acroread.  Any security issues should over-ride something like Acroread. And in the larger pic this is small sacrifice for the larger security/stability interests.

Thanks for your interest and correspondence. I always appreciate learning bits more about what makes this thing tick (and crack, lol).

----------

## Hu

 *CodeNoodler wrote:*   

> Am I to infer that the infrastructure may be self-healing (or self breaking)?

 I believe it is self breaking in this case.

 *CodeNoodler wrote:*   

> Re: the openssl package installation activity
> 
> Here is the grep openssl /var/log/emerge.log snip. It's up front (the 4-of-10 and 5-of-10), and some of the trailing entries may just indicate some of my follow-on activity and investigative efforts while learning about what was going on.
> 
> ```
> ...

 This snippet shows that you already had =dev-libs/openssl-1.0.0a-r3 and =dev-libs/openssl-0.9.8o-r2 on the system at the time the snippet was written.  I think you started too late in the file.  We need to go further back, to around the time that =dev-libs/openssl-1.0.0a-r3 was first installed.

 *CodeNoodler wrote:*   

> Re: what to be done about openssl - to slot or not to slot, or otherwise.
> 
> Was looking at the /usr/lib directory and am not convinced that having slotted versions of the libs is valid unless an app's framework is designed to ident/search a lib by version.  I doubt this is generally true.  So I lean toward preferring not to slot.

 This is mostly an issue for the dynamic loader.  Generally, the Gentoo developers do not enable slotting of a package if the result is known not to work.

 *CodeNoodler wrote:*   

> Also, in reconsidering, I would agree about not compromising openssl to accommodate Acroread.  Any security issues should over-ride something like Acroread. And in the larger pic this is small sacrifice for the larger security/stability interests.

 If you need a PDF reader in the interim, you could look at app-text/epdfview, app-text/gsview, app-text/gv, app-text/mupdf, app-text/pdf2html, app-text/pdf2oo, app-text/xpdf, app-text/zathura, or kde-base/okular.  I use app-text/xpdf and have been happy with it for basic viewing of documents.

----------

## CodeNoodler

Whoops. That makes sense. Okay, I've stepped a few installation seqs earlier into the emerge.log  ...

It appears that for some reason, openssl-0.9.8o-r2 got installed even after the update to openssl-1.0.0a-r3 got inserted and successfully unmerged openssl-0.9.8o. 

```
1260338282:  >>> emerge (13 of 56) dev-libs/openssl-0.9.8l-r2 to /

1260338285:  === (13 of 56) Cleaning (dev-libs/openssl-0.9.8l-r2::/usr/portage/dev-libs/openssl/openssl-0.9.8l-r2.ebuild)

1260338285:  === (13 of 56) Compiling/Merging (dev-libs/openssl-0.9.8l-r2::/usr/portage/dev-libs/openssl/openssl-0.9.8l-r2.ebuild)

1260338518:  === (13 of 56) Merging (dev-libs/openssl-0.9.8l-r2::/usr/portage/dev-libs/openssl/openssl-0.9.8l-r2.ebuild)

1260338526:  >>> AUTOCLEAN: dev-libs/openssl:0

1260338526:  === Unmerging... (dev-libs/openssl-0.9.8l-r1)

1260338528:  >>> unmerge success: dev-libs/openssl-0.9.8l-r1

1260338530:  === (13 of 56) Post-Build Cleaning (dev-libs/openssl-0.9.8l-r2::/usr/portage/dev-libs/openssl/openssl-0.9.8l-r2.ebuild)

1260338530:  ::: completed emerge (13 of 56) dev-libs/openssl-0.9.8l-r2 to /

1269838651:  >>> emerge (4 of 33) dev-libs/openssl-0.9.8n to /

1269838653:  === (4 of 33) Cleaning (dev-libs/openssl-0.9.8n::/usr/portage/dev-libs/openssl/openssl-0.9.8n.ebuild)

1269838653:  === (4 of 33) Compiling/Merging (dev-libs/openssl-0.9.8n::/usr/portage/dev-libs/openssl/openssl-0.9.8n.ebuild)

1269838999:  === (4 of 33) Merging (dev-libs/openssl-0.9.8n::/usr/portage/dev-libs/openssl/openssl-0.9.8n.ebuild)

1269839007:  >>> AUTOCLEAN: dev-libs/openssl:0

1269839007:  === Unmerging... (dev-libs/openssl-0.9.8l-r2)

1269839013:  >>> unmerge success: dev-libs/openssl-0.9.8l-r2

1269839015:  === (4 of 33) Post-Build Cleaning (dev-libs/openssl-0.9.8n::/usr/portage/dev-libs/openssl/openssl-0.9.8n.ebuild)

1269839015:  ::: completed emerge (4 of 33) dev-libs/openssl-0.9.8n to /

1276895665:  >>> emerge (12 of 119) dev-libs/openssl-0.9.8o to /

1276895669:  === (12 of 119) Cleaning (dev-libs/openssl-0.9.8o::/usr/portage/dev-libs/openssl/openssl-0.9.8o.ebuild)

1276895669:  === (12 of 119) Compiling/Merging (dev-libs/openssl-0.9.8o::/usr/portage/dev-libs/openssl/openssl-0.9.8o.ebuild)

1276896045:  === (12 of 119) Merging (dev-libs/openssl-0.9.8o::/usr/portage/dev-libs/openssl/openssl-0.9.8o.ebuild)

1276896054:  >>> AUTOCLEAN: dev-libs/openssl:0

1276896054:  === Unmerging... (dev-libs/openssl-0.9.8n)

1276896057:  >>> unmerge success: dev-libs/openssl-0.9.8n

1276896059:  === (12 of 119) Post-Build Cleaning (dev-libs/openssl-0.9.8o::/usr/portage/dev-libs/openssl/openssl-0.9.8o.ebuild)

1276896059:  ::: completed emerge (12 of 119) dev-libs/openssl-0.9.8o to /

1286809932:  >>> emerge (2 of 8) dev-libs/openssl-1.0.0a-r3 to /

1286809937:  === (2 of 8) Cleaning (dev-libs/openssl-1.0.0a-r3::/usr/portage/dev-libs/openssl/openssl-1.0.0a-r3.ebuild)

1286809937:  === (2 of 8) Compiling/Merging (dev-libs/openssl-1.0.0a-r3::/usr/portage/dev-libs/openssl/openssl-1.0.0a-r3.ebuild)

1286810541:  === (2 of 8) Merging (dev-libs/openssl-1.0.0a-r3::/usr/portage/dev-libs/openssl/openssl-1.0.0a-r3.ebuild)

1286810559:  >>> AUTOCLEAN: dev-libs/openssl:0

1286810559:  === Unmerging... (dev-libs/openssl-0.9.8o)

1286810569:  >>> unmerge success: dev-libs/openssl-0.9.8o

1286810582:  === (2 of 8) Post-Build Cleaning (dev-libs/openssl-1.0.0a-r3::/usr/portage/dev-libs/openssl/openssl-1.0.0a-r3.ebuild)

1286810582:  ::: completed emerge (2 of 8) dev-libs/openssl-1.0.0a-r3 to /

1286810582:  >>> emerge (3 of 8) dev-libs/openssl-0.9.8o-r2 to /

1286810585:  === (3 of 8) Cleaning (dev-libs/openssl-0.9.8o-r2::/usr/portage/dev-libs/openssl/openssl-0.9.8o-r2.ebuild)

1286810585:  === (3 of 8) Compiling/Merging (dev-libs/openssl-0.9.8o-r2::/usr/portage/dev-libs/openssl/openssl-0.9.8o-r2.ebuild)

1286810934:  === (3 of 8) Merging (dev-libs/openssl-0.9.8o-r2::/usr/portage/dev-libs/openssl/openssl-0.9.8o-r2.ebuild)

1286810938:  >>> AUTOCLEAN: dev-libs/openssl:0.9.8

1286810941:  === (3 of 8) Post-Build Cleaning (dev-libs/openssl-0.9.8o-r2::/usr/portage/dev-libs/openssl/openssl-0.9.8o-r2.ebuild)

1286810941:  ::: completed emerge (3 of 8) dev-libs/openssl-0.9.8o-r2 to /

1290626715:  >>> emerge (4 of 10) dev-libs/openssl-0.9.8p to /

1290626718:  === (4 of 10) Cleaning (dev-libs/openssl-0.9.8p::/usr/portage/dev-libs/openssl/openssl-0.9.8p.ebuild)

1290626718:  === (4 of 10) Compiling/Merging (dev-libs/openssl-0.9.8p::/usr/portage/dev-libs/openssl/openssl-0.9.8p.ebuild)

1290627022:  === (4 of 10) Merging (dev-libs/openssl-0.9.8p::/usr/portage/dev-libs/openssl/openssl-0.9.8p.ebuild)

1290627029:  >>> AUTOCLEAN: dev-libs/openssl:0.9.8

1290627029:  === Unmerging... (dev-libs/openssl-0.9.8o-r2)

1290627035:  >>> unmerge success: dev-libs/openssl-0.9.8o-r2

1290627038:  === (4 of 10) Post-Build Cleaning (dev-libs/openssl-0.9.8p::/usr/portage/dev-libs/openssl/openssl-0.9.8p.ebuild)

1290627038:  ::: completed emerge (4 of 10) dev-libs/openssl-0.9.8p to /

1290627038:  >>> emerge (5 of 10) dev-libs/openssl-1.0.0b-r1 to /

1290627041:  === (5 of 10) Cleaning (dev-libs/openssl-1.0.0b-r1::/usr/portage/dev-libs/openssl/openssl-1.0.0b-r1.ebuild)

1290627041:  === (5 of 10) Compiling/Merging (dev-libs/openssl-1.0.0b-r1::/usr/portage/dev-libs/openssl/openssl-1.0.0b-r1.ebuild)

1290627628:  === (5 of 10) Merging (dev-libs/openssl-1.0.0b-r1::/usr/portage/dev-libs/openssl/openssl-1.0.0b-r1.ebuild)

1290627649:  >>> AUTOCLEAN: dev-libs/openssl:0

1290627649:  === Unmerging... (dev-libs/openssl-1.0.0a-r3)

1290627656:  >>> unmerge success: dev-libs/openssl-1.0.0a-r3

1290627669:  === (5 of 10) Post-Build Cleaning (dev-libs/openssl-1.0.0b-r1::/usr/portage/dev-libs/openssl/openssl-1.0.0b-r1.ebuild)

1290627669:  ::: completed emerge (5 of 10) dev-libs/openssl-1.0.0b-r1 to /

1290642677:  >>> emerge (1 of 1) dev-libs/openssl-1.0.0b-r1 to /

1290642680:  === (1 of 1) Cleaning (dev-libs/openssl-1.0.0b-r1::/usr/portage/dev-libs/openssl/openssl-1.0.0b-r1.ebuild)

1290642680:  === (1 of 1) Compiling/Merging (dev-libs/openssl-1.0.0b-r1::/usr/portage/dev-libs/openssl/openssl-1.0.0b-r1.ebuild)

1290643039:  === (1 of 1) Merging (dev-libs/openssl-1.0.0b-r1::/usr/portage/dev-libs/openssl/openssl-1.0.0b-r1.ebuild)

1290643051:  >>> AUTOCLEAN: dev-libs/openssl:0

1290643051:  === Unmerging... (dev-libs/openssl-1.0.0b-r1)

1290643059:  >>> unmerge success: dev-libs/openssl-1.0.0b-r1

1290643068:  === (1 of 1) Post-Build Cleaning (dev-libs/openssl-1.0.0b-r1::/usr/portage/dev-libs/openssl/openssl-1.0.0b-r1.ebuild)

1290643068:  ::: completed emerge (1 of 1) dev-libs/openssl-1.0.0b-r1 to /

1290741778:  *** emerge --oneshot dev-libs/openssl-0.9.8p

1290741782:  *** emerge --oneshot dev-libs/openssl-0.9.8

1290741897:  *** emerge --oneshot dev-libs/openssl:0.9.8

1290741921:  *** emerge --oneshot dev-libs/openssl:0.9.8p

1290742792:  *** emerge --oneshot =dev-libs/openssl-0.9.8p

1290742803:  >>> emerge (1 of 1) dev-libs/openssl-0.9.8p to /

1290742807:  === (1 of 1) Cleaning (dev-libs/openssl-0.9.8p::/usr/portage/dev-libs/openssl/openssl-0.9.8p.ebuild)

1290742807:  === (1 of 1) Compiling/Merging (dev-libs/openssl-0.9.8p::/usr/portage/dev-libs/openssl/openssl-0.9.8p.ebuild)

1290742930:  === (1 of 1) Merging (dev-libs/openssl-0.9.8p::/usr/portage/dev-libs/openssl/openssl-0.9.8p.ebuild)

1290742937:  >>> AUTOCLEAN: dev-libs/openssl:0.9.8

1290742937:  === Unmerging... (dev-libs/openssl-0.9.8p)

1290742946:  >>> unmerge success: dev-libs/openssl-0.9.8p

1290742948:  === (1 of 1) Post-Build Cleaning (dev-libs/openssl-0.9.8p::/usr/portage/dev-libs/openssl/openssl-0.9.8p.ebuild)

1290742948:  ::: completed emerge (1 of 1) dev-libs/openssl-0.9.8p to /

1290743648:  >>> emerge (1 of 1) dev-libs/openssl-1.0.0b-r1 to /

1290743653:  === (1 of 1) Cleaning (dev-libs/openssl-1.0.0b-r1::/usr/portage/dev-libs/openssl/openssl-1.0.0b-r1.ebuild)

1290743653:  === (1 of 1) Compiling/Merging (dev-libs/openssl-1.0.0b-r1::/usr/portage/dev-libs/openssl/openssl-1.0.0b-r1.ebuild)

1290744062:  === (1 of 1) Merging (dev-libs/openssl-1.0.0b-r1::/usr/portage/dev-libs/openssl/openssl-1.0.0b-r1.ebuild)

1290744081:  >>> AUTOCLEAN: dev-libs/openssl:0

1290744081:  === Unmerging... (dev-libs/openssl-1.0.0b-r1)

1290744090:  >>> unmerge success: dev-libs/openssl-1.0.0b-r1
```

So I extracted the boundaries of that emerge cycle and we can see that that was when Acroread was also updated by portage.

```
1286809829: Started emerge on: Oct 11, 2010 10:10:29

1286809829:  *** emerge --newuse --deep --update --verbose world

1286809896:  >>> emerge (1 of 8) sys-devel/gnuconfig-20100403 to /

1286809901:  === (1 of 8) Cleaning (sys-devel/gnuconfig-20100403::/usr/portage/sys-devel/gnuconfig/gnuconfig-20100403.ebuild)

1286809901:  === (1 of 8) Compiling/Merging (sys-devel/gnuconfig-20100403::/usr/portage/sys-devel/gnuconfig/gnuconfig-20100403.ebuild)

1286809913:  === (1 of 8) Merging (sys-devel/gnuconfig-20100403::/usr/portage/sys-devel/gnuconfig/gnuconfig-20100403.ebuild)

1286809926:  >>> AUTOCLEAN: sys-devel/gnuconfig:0

1286809926:  === Unmerging... (sys-devel/gnuconfig-20100122)

1286809929:  >>> unmerge success: sys-devel/gnuconfig-20100122

1286809932:  === (1 of 8) Post-Build Cleaning (sys-devel/gnuconfig-20100403::/usr/portage/sys-devel/gnuconfig/gnuconfig-20100403.ebuild)

1286809932:  ::: completed emerge (1 of 8) sys-devel/gnuconfig-20100403 to /

1286809932:  >>> emerge (2 of 8) dev-libs/openssl-1.0.0a-r3 to /

1286809937:  === (2 of 8) Cleaning (dev-libs/openssl-1.0.0a-r3::/usr/portage/dev-libs/openssl/openssl-1.0.0a-r3.ebuild)

1286809937:  === (2 of 8) Compiling/Merging (dev-libs/openssl-1.0.0a-r3::/usr/portage/dev-libs/openssl/openssl-1.0.0a-r3.ebuild)

1286810541:  === (2 of 8) Merging (dev-libs/openssl-1.0.0a-r3::/usr/portage/dev-libs/openssl/openssl-1.0.0a-r3.ebuild)

1286810559:  >>> AUTOCLEAN: dev-libs/openssl:0

1286810559:  === Unmerging... (dev-libs/openssl-0.9.8o)

1286810569:  >>> unmerge success: dev-libs/openssl-0.9.8o

1286810582:  === (2 of 8) Post-Build Cleaning (dev-libs/openssl-1.0.0a-r3::/usr/portage/dev-libs/openssl/openssl-1.0.0a-r3.ebuild)

1286810582:  ::: completed emerge (2 of 8) dev-libs/openssl-1.0.0a-r3 to /

1286810582:  >>> emerge (3 of 8) dev-libs/openssl-0.9.8o-r2 to /

1286810585:  === (3 of 8) Cleaning (dev-libs/openssl-0.9.8o-r2::/usr/portage/dev-libs/openssl/openssl-0.9.8o-r2.ebuild)

1286810585:  === (3 of 8) Compiling/Merging (dev-libs/openssl-0.9.8o-r2::/usr/portage/dev-libs/openssl/openssl-0.9.8o-r2.ebuild)

1286810934:  === (3 of 8) Merging (dev-libs/openssl-0.9.8o-r2::/usr/portage/dev-libs/openssl/openssl-0.9.8o-r2.ebuild)

1286810938:  >>> AUTOCLEAN: dev-libs/openssl:0.9.8

1286810941:  === (3 of 8) Post-Build Cleaning (dev-libs/openssl-0.9.8o-r2::/usr/portage/dev-libs/openssl/openssl-0.9.8o-r2.ebuild)

1286810941:  ::: completed emerge (3 of 8) dev-libs/openssl-0.9.8o-r2 to /

1286810941:  >>> emerge (4 of 8) sys-apps/file-5.04 to /

1286810944:  === (4 of 8) Cleaning (sys-apps/file-5.04::/usr/portage/sys-apps/file/file-5.04.ebuild)

1286810944:  === (4 of 8) Compiling/Merging (sys-apps/file-5.04::/usr/portage/sys-apps/file/file-5.04.ebuild)

1286811025:  === (4 of 8) Merging (sys-apps/file-5.04::/usr/portage/sys-apps/file/file-5.04.ebuild)

1286811031:  >>> AUTOCLEAN: sys-apps/file:0

1286811031:  === Unmerging... (sys-apps/file-5.03)

1286811040:  >>> unmerge success: sys-apps/file-5.03

1286811043:  === (4 of 8) Post-Build Cleaning (sys-apps/file-5.04::/usr/portage/sys-apps/file/file-5.04.ebuild)

1286811043:  ::: completed emerge (4 of 8) sys-apps/file-5.04 to /

1286811043:  >>> emerge (5 of 8) app-text/iso-codes-3.19 to /

1286811046:  === (5 of 8) Cleaning (app-text/iso-codes-3.19::/usr/portage/app-text/iso-codes/iso-codes-3.19.ebuild)

1286811046:  === (5 of 8) Compiling/Merging (app-text/iso-codes-3.19::/usr/portage/app-text/iso-codes/iso-codes-3.19.ebuild)

1286811112:  === (5 of 8) Merging (app-text/iso-codes-3.19::/usr/portage/app-text/iso-codes/iso-codes-3.19.ebuild)

1286811123:  >>> AUTOCLEAN: app-text/iso-codes:0

1286811123:  === Unmerging... (app-text/iso-codes-3.10)

1286811126:  >>> unmerge success: app-text/iso-codes-3.10

1286811129:  === (5 of 8) Post-Build Cleaning (app-text/iso-codes-3.19::/usr/portage/app-text/iso-codes/iso-codes-3.19.ebuild)

1286811129:  ::: completed emerge (5 of 8) app-text/iso-codes-3.19 to /

1286811129:  >>> emerge (6 of 8) app-admin/eselect-vi-1.1.7-r1 to /

1286811132:  === (6 of 8) Cleaning (app-admin/eselect-vi-1.1.7-r1::/usr/portage/app-admin/eselect-vi/eselect-vi-1.1.7-r1.ebuild)

1286811132:  === (6 of 8) Compiling/Merging (app-admin/eselect-vi-1.1.7-r1::/usr/portage/app-admin/eselect-vi/eselect-vi-1.1.7-r1.ebuild)

1286811139:  === (6 of 8) Merging (app-admin/eselect-vi-1.1.7-r1::/usr/portage/app-admin/eselect-vi/eselect-vi-1.1.7-r1.ebuild)

1286811143:  >>> AUTOCLEAN: app-admin/eselect-vi:0

1286811143:  === Unmerging... (app-admin/eselect-vi-1.1.5)

1286811145:  >>> unmerge success: app-admin/eselect-vi-1.1.5

1286811147:  === (6 of 8) Post-Build Cleaning (app-admin/eselect-vi-1.1.7-r1::/usr/portage/app-admin/eselect-vi/eselect-vi-1.1.7-r1.ebuild)

1286811147:  ::: completed emerge (6 of 8) app-admin/eselect-vi-1.1.7-r1 to /

1286811147:  >>> emerge (7 of 8) media-libs/glew-1.5.6 to /

1286811150:  === (7 of 8) Cleaning (media-libs/glew-1.5.6::/usr/portage/media-libs/glew/glew-1.5.6.ebuild)

1286811150:  === (7 of 8) Compiling/Merging (media-libs/glew-1.5.6::/usr/portage/media-libs/glew/glew-1.5.6.ebuild)

1286811207:  === (7 of 8) Merging (media-libs/glew-1.5.6::/usr/portage/media-libs/glew/glew-1.5.6.ebuild)

1286811212:  >>> AUTOCLEAN: media-libs/glew:0

1286811212:  === Unmerging... (media-libs/glew-1.5.1)

1286811214:  >>> unmerge success: media-libs/glew-1.5.1

1286811217:  === (7 of 8) Post-Build Cleaning (media-libs/glew-1.5.6::/usr/portage/media-libs/glew/glew-1.5.6.ebuild)

1286811217:  ::: completed emerge (7 of 8) media-libs/glew-1.5.6 to /

1286811217:  >>> emerge (8 of 8) app-text/acroread-9.4.0 to /

1286811222:  === (8 of 8) Cleaning (app-text/acroread-9.4.0::/usr/portage/app-text/acroread/acroread-9.4.0.ebuild)

1286811222:  === (8 of 8) Compiling/Merging (app-text/acroread-9.4.0::/usr/portage/app-text/acroread/acroread-9.4.0.ebuild)

1286811265:  === (8 of 8) Merging (app-text/acroread-9.4.0::/usr/portage/app-text/acroread/acroread-9.4.0.ebuild)

1286811275:  >>> AUTOCLEAN: app-text/acroread:0

1286811275:  === Unmerging... (app-text/acroread-9.3.4)

1286811295:  >>> unmerge success: app-text/acroread-9.3.4

1286811299:  === (8 of 8) Post-Build Cleaning (app-text/acroread-9.4.0::/usr/portage/app-text/acroread/acroread-9.4.0.ebuild)

1286811299:  ::: completed emerge (8 of 8) app-text/acroread-9.4.0 to /

1286811299:  *** Finished. Cleaning up...

1286811301:  *** exiting successfully.

1286811302:  *** terminating.
```

With my limited knowledge on the portage update policies, I would suspect that there should have been some kind of a block installed due to the conflicting library requirement unless there was elegant way to manage it.

----------

## Hu

 *CodeNoodler wrote:*   

> It appears that for some reason, openssl-0.9.8o-r2 got installed even after the update to openssl-1.0.0a-r3 got inserted and successfully unmerged openssl-0.9.8o.

 That makes sense.  =dev-libs/openssl-0.9.8o has slot 0, so it would be removed when >=dev-libs/openssl-1.0.0a-r3 was installed.  Portage would then install =dev-libs/openssl-0.9.8o-r2 to satisfy the Acroread dependency of =dev-libs/openssl-0.9.8*.

 *CodeNoodler wrote:*   

> With my limited knowledge on the portage update policies, I would suspect that there should have been some kind of a block installed due to the conflicting library requirement unless there was elegant way to manage it.

 There is an elegant way to manage it here.  The slotted version of OpenSSL allows legacy programs to continue to work.

----------

## CodeNoodler

Well, examining the logfiles, I did think it made sense to see the slotting of the elder openssl since it was called in by Acroread at that time.  But remember, the weirdness began when my general revdep-rebuild apparently cleared something, and my system started failing during normal boot cycle when other functions were looking for the dev/libs/openssl-0.9.8p libraries and could not find them. It was then that I started looking into this openssl version-related library matter.  I just inferred that if it was properly slotted in some expected/understood manner, then my box would not have gotten busted by typically normal maintenance activity.

And then there was the noise openssl-1.0.0b-r1 reported about the busted links to the certificate files which ... I cannot tell if it even affected the /usr/lib/lib{ssl,crypto} thing at all.  I removed the broken links, and they did not seem to get replaced, nor were there any complaints; so I guess there is some script that just processes contents found in the directory or  was not otherwise looking for those file/link handles in particular? Okay, I guess.  Anyhoo ...

Out of curiosity I went ahead and emerged the world dependencies with Acroread on board to see what happens.  It pulled in the older openssl-0.9.8p as a slot (as we should expect) .. but then it reported ...

```
 * Messages for package dev-libs/openssl-0.9.8p:

 * Removing lib{crypto,ssl}.so.0.9.8 to avoid collision with openssl-1
```

So now, at least I get a warning of some potential issue. But guess what - the libraries are still there in /usr/lib.  Something still seems a bit hinky to me about the properly understood slotting with the openssl package.  At least this time a revdep-rebuild pass does not seem to want to do anything as far as emerge activity at this moment. 

Whatever the case, I'm gonna punt Acroread to circumvent the existing and potential concerns with this issue, but it just seems like there is something amiss about how these two packages and the associated dual-version library management is being handled.  I often like to linger on glitches like this until I understand the problem more completely, but this time around i've got other matters to tend to, so it might have to wait until another similar issue arises. Or until I get bored.

I also explicitly unmerged openssl-0.9.8p, and then re-emerged openssl-1.0.0b-r1 for good measure - no complaint messages ensued - so everything seems to be fine.

Thanks for the extra eyes on this, and I hope that anyone else stumbling into this problem can gain a bit of insight from the thread, even if the problem didn't really get understood completely.  Not by me, anyway.

----------

## Princess Nell

Well, my problem was a bit different. openssl-0.9.8p was installed, but the corresponding libs were gone after revdep-rebuild.

----------

