Bug 258384 - pam_ssh.so.6 reporting undefined symbol
Summary: pam_ssh.so.6 reporting undefined symbol
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Only Me
Assignee: Ed Maste
Depends on:
Reported: 2021-09-09 11:21 UTC by Guido Falsi
Modified: 2021-09-09 23:02 UTC (History)
2 users (show)

See Also:

missing symbols fix (562 bytes, patch)
2021-09-09 15:38 UTC, Guido Falsi
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Guido Falsi freebsd_committer 2021-09-09 11:21:02 UTC

I am trying to update my system to latest head (commit 4ccbbe5f0689513de4399d6dad43e85d97ad9cde) and upon updating the system I'm seeing a new issue.

I use pam_ssh when logging in via display manager (lightdm) to login using the ssh key phrase and automatically load the ssh key:

(from /etc/pam.d/xdm, included by light pam.d file)

auth		sufficient	pam_ssh.so		no_warn try_first_pass
auth		required	pam_unix.so		no_warn try_first_pass

After updating I get this error:

Sep  9 10:27:56 tommy lightdm[1362]: in try_dlopen(): /usr/lib/pam_ssh.so.6: /usr/lib/libprivatessh.so.5: Undefined symbol "sshsk_sign"
Sep  9 10:27:56 tommy lightdm[1362]: in openpam_load_module(): no pam_ssh.so found

Looks like pam_ssh is somehow trying to call a function not available, due to our openssh being compiled without U2F support.

I noticed that some ifdefs where added [1] and then removed [2] upstream. I tried adding back the ifdefs in [1] but it is not making any difference.

Unluckily I don't know how this actually works in code and am failing to identify the code path which is causing pam_ssh to call the undefined function. (still trying)

In the while I thought I'd report the issue.

If any further info is necessary please ask.

[1] https://github.com/openssh/openssh-portable/commit/1e0b248d47c96be944868a735553af8482300a07

[2] https://github.com/openssh/openssh-portable/commit/9244990ecdcfa36bb9371058111685b05f201c1e
Comment 1 Guido Falsi freebsd_committer 2021-09-09 15:38:25 UTC
Created attachment 227787 [details]
missing symbols fix

This patch is based on a suggestion from kevans@

It adds the sources where the missing symbols are defined to the libssh build.

It fixes the regression I observed bringing functionality back to normal.
Comment 2 Kyle Evans freebsd_committer 2021-09-09 20:45:53 UTC
(In reply to Guido Falsi from comment #1)

After some brief discussion with Ed, feel free to commit with:

Fixes: 19261079b743 ("openssh: update to OpenSSH v8.7p1")
Approved by: kevans (src)

or let us know if you'd prefer Ed or I commit it.
Comment 3 commit-hook freebsd_committer 2021-09-09 22:58:47 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=f448c3ed4ae1281861913a56377f9d93d49f8e8e

commit f448c3ed4ae1281861913a56377f9d93d49f8e8e
Author:     Guido Falsi <madpilot@FreeBSD.org>
AuthorDate: 2021-09-09 22:56:24 +0000
Commit:     Guido Falsi <madpilot@FreeBSD.org>
CommitDate: 2021-09-09 22:56:24 +0000

    openssh: Add new source files to libssl

    Add some new OpenSSH v8.7p1 source files to the ones being used to
    build libssl to avoid missing symbols.

    PR:             258384
    Fixes:          19261079b743 ("openssh: update to OpenSSH v8.7p1")
    Approved by:    kevans (src)

 secure/lib/libssh/Makefile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
Comment 4 Guido Falsi freebsd_committer 2021-09-09 23:02:39 UTC
Thanks, committed the patch!