Bug 258384

Summary:

pam_ssh.so.6 reporting undefined symbol

Product:

Base System

Reporter:

Guido Falsi <madpilot>

Component:

bin

Assignee:

Ed Maste <emaste>

Status:

Closed FIXED

Severity:

Affects Only Me

CC:

emaste, kevans

Priority:

---

Version:

CURRENT

Hardware:

Any

OS:

Any

Attachments:

Description	Flags
missing symbols fix	none

Description Guido Falsi freebsd_committer

2021-09-09 11:21:02 UTC

Hi,

I am trying to update my system to latest head (commit 4ccbbe5f0689513de4399d6dad43e85d97ad9cde) and upon updating the system I'm seeing a new issue.

I use pam_ssh when logging in via display manager (lightdm) to login using the ssh key phrase and automatically load the ssh key:

(from /etc/pam.d/xdm, included by light pam.d file)

auth		sufficient	pam_ssh.so		no_warn try_first_pass
auth		required	pam_unix.so		no_warn try_first_pass

After updating I get this error:

Sep  9 10:27:56 tommy lightdm[1362]: in try_dlopen(): /usr/lib/pam_ssh.so.6: /usr/lib/libprivatessh.so.5: Undefined symbol "sshsk_sign"
Sep  9 10:27:56 tommy lightdm[1362]: in openpam_load_module(): no pam_ssh.so found

Looks like pam_ssh is somehow trying to call a function not available, due to our openssh being compiled without U2F support.

I noticed that some ifdefs where added [1] and then removed [2] upstream. I tried adding back the ifdefs in [1] but it is not making any difference.

Unluckily I don't know how this actually works in code and am failing to identify the code path which is causing pam_ssh to call the undefined function. (still trying)

In the while I thought I'd report the issue.

If any further info is necessary please ask.



[1] https://github.com/openssh/openssh-portable/commit/1e0b248d47c96be944868a735553af8482300a07

[2] https://github.com/openssh/openssh-portable/commit/9244990ecdcfa36bb9371058111685b05f201c1e

Comment 1 Guido Falsi freebsd_committer

2021-09-09 15:38:25 UTC

Created attachment 227787 [details]
missing symbols fix

This patch is based on a suggestion from kevans@

It adds the sources where the missing symbols are defined to the libssh build.

It fixes the regression I observed bringing functionality back to normal.

Comment 2 Kyle Evans freebsd_committer

2021-09-09 20:45:53 UTC

(In reply to Guido Falsi from comment #1)

After some brief discussion with Ed, feel free to commit with:

Fixes: 19261079b743 ("openssh: update to OpenSSH v8.7p1")
Approved by: kevans (src)

or let us know if you'd prefer Ed or I commit it.

Comment 3 commit-hook freebsd_committer

2021-09-09 22:58:47 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=f448c3ed4ae1281861913a56377f9d93d49f8e8e

commit f448c3ed4ae1281861913a56377f9d93d49f8e8e
Author:     Guido Falsi <madpilot@FreeBSD.org>
AuthorDate: 2021-09-09 22:56:24 +0000
Commit:     Guido Falsi <madpilot@FreeBSD.org>
CommitDate: 2021-09-09 22:56:24 +0000

    openssh: Add new source files to libssl

    Add some new OpenSSH v8.7p1 source files to the ones being used to
    build libssl to avoid missing symbols.

    PR:             258384
    Fixes:          19261079b743 ("openssh: update to OpenSSH v8.7p1")
    Approved by:    kevans (src)

 secure/lib/libssh/Makefile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Comment 4 Guido Falsi freebsd_committer

2021-09-09 23:02:39 UTC

Thanks, committed the patch!

Comment 5 commit-hook freebsd_committer

2021-10-18 14:48:49 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=576b58108c1723c85e4dd00355e29bfe301dab11

commit 576b58108c1723c85e4dd00355e29bfe301dab11
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2021-10-15 16:21:23 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2021-10-18 14:47:20 +0000

    libssh: correct libssh src file list

    Link against the ssh-sk-helper client rather than the sk internal
    implementation.

    PR:             258384
    Tested by:      madpilot
    Fixes:          f448c3ed4ae1 ("openssh: Add new source files to libssl")
    Fixes:          19261079b743 ("openssh: update to OpenSSH v8.7p1")
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D32529

 secure/lib/libssh/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)