Hi, I am trying to update my system to latest head (commit 4ccbbe5f0689513de4399d6dad43e85d97ad9cde) and upon updating the system I'm seeing a new issue. I use pam_ssh when logging in via display manager (lightdm) to login using the ssh key phrase and automatically load the ssh key: (from /etc/pam.d/xdm, included by light pam.d file) auth sufficient pam_ssh.so no_warn try_first_pass auth required pam_unix.so no_warn try_first_pass After updating I get this error: Sep 9 10:27:56 tommy lightdm[1362]: in try_dlopen(): /usr/lib/pam_ssh.so.6: /usr/lib/libprivatessh.so.5: Undefined symbol "sshsk_sign" Sep 9 10:27:56 tommy lightdm[1362]: in openpam_load_module(): no pam_ssh.so found Looks like pam_ssh is somehow trying to call a function not available, due to our openssh being compiled without U2F support. I noticed that some ifdefs where added [1] and then removed [2] upstream. I tried adding back the ifdefs in [1] but it is not making any difference. Unluckily I don't know how this actually works in code and am failing to identify the code path which is causing pam_ssh to call the undefined function. (still trying) In the while I thought I'd report the issue. If any further info is necessary please ask. [1] https://github.com/openssh/openssh-portable/commit/1e0b248d47c96be944868a735553af8482300a07 [2] https://github.com/openssh/openssh-portable/commit/9244990ecdcfa36bb9371058111685b05f201c1e
Created attachment 227787 [details] missing symbols fix This patch is based on a suggestion from kevans@ It adds the sources where the missing symbols are defined to the libssh build. It fixes the regression I observed bringing functionality back to normal.
(In reply to Guido Falsi from comment #1) After some brief discussion with Ed, feel free to commit with: Fixes: 19261079b743 ("openssh: update to OpenSSH v8.7p1") Approved by: kevans (src) or let us know if you'd prefer Ed or I commit it.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=f448c3ed4ae1281861913a56377f9d93d49f8e8e commit f448c3ed4ae1281861913a56377f9d93d49f8e8e Author: Guido Falsi <madpilot@FreeBSD.org> AuthorDate: 2021-09-09 22:56:24 +0000 Commit: Guido Falsi <madpilot@FreeBSD.org> CommitDate: 2021-09-09 22:56:24 +0000 openssh: Add new source files to libssl Add some new OpenSSH v8.7p1 source files to the ones being used to build libssl to avoid missing symbols. PR: 258384 Fixes: 19261079b743 ("openssh: update to OpenSSH v8.7p1") Approved by: kevans (src) secure/lib/libssh/Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
Thanks, committed the patch!
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=576b58108c1723c85e4dd00355e29bfe301dab11 commit 576b58108c1723c85e4dd00355e29bfe301dab11 Author: Ed Maste <emaste@FreeBSD.org> AuthorDate: 2021-10-15 16:21:23 +0000 Commit: Ed Maste <emaste@FreeBSD.org> CommitDate: 2021-10-18 14:47:20 +0000 libssh: correct libssh src file list Link against the ssh-sk-helper client rather than the sk internal implementation. PR: 258384 Tested by: madpilot Fixes: f448c3ed4ae1 ("openssh: Add new source files to libssl") Fixes: 19261079b743 ("openssh: update to OpenSSH v8.7p1") Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32529 secure/lib/libssh/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)