Since the upgrade to 111.0, webauth is completly broken. After asking for user presence, the security key is not accessible until firefox is killed. And the key never blink. I only have a Nitrokey 3 security key, so I don't know if it applies to other. I have verified that the key is still working (doing webauth u2f using a smartphone work).
This also affects Yubikeys at least. When Firefox tries to use the device, it also locks out other uses of the device until Firefox is killed, so it seems to be some aspect of its interaction with the USB system.
It seems that it is related to authenticator-rs in third_party/rust/authenticator The version went from 0.4.0-alpha.6 to 0.4.0-alpha.9 When using the version from 110, no issue the registration process works. When using the version from 111, it stop at [2023-03-14T21:39:29Z DEBUG authenticator::authenticatorservice] register called with 1 transports, iterable is 1 [2023-03-14T21:39:29Z DEBUG authenticator::authenticatorservice] register transports_to_cancel 0 [2023-03-14T21:39:29Z DEBUG authenticator::transport::platform::monitor] Adding device /dev/uhid3 [2023-03-14T21:39:29Z DEBUG authenticator::transport::platform::monitor] Adding device /dev/uhid2 [2023-03-14T21:39:29Z DEBUG authenticator::transport::platform::monitor] Adding device /dev/uhid0 [2023-03-14T21:39:29Z DEBUG authenticator::transport::platform::monitor] Adding device /dev/uhid1 [2023-03-14T21:39:29Z DEBUG authenticator::transport::device_selector] Device added event: "/dev/uhid3" [2023-03-14T21:39:29Z DEBUG authenticator::transport::device_selector] Device added event: "/dev/uhid2" [2023-03-14T21:39:29Z DEBUG authenticator::transport::device_selector] Device added event: "/dev/uhid0" [2023-03-14T21:39:29Z DEBUG authenticator::transport::device_selector] Device added event: "/dev/uhid1" Comparatively [2023-03-14T21:40:27Z DEBUG authenticator::authenticatorservice] register called with 1 transports, iterable is 1 [2023-03-14T21:40:27Z DEBUG authenticator::authenticatorservice] register transports_to_cancel 0 [2023-03-14T21:40:27Z DEBUG authenticator::transport::platform::monitor] Adding device /dev/uhid3 [2023-03-14T21:40:27Z DEBUG authenticator::transport::platform::monitor] Adding device /dev/uhid2 [2023-03-14T21:40:27Z DEBUG authenticator::transport::platform::monitor] Adding device /dev/uhid0 [2023-03-14T21:40:27Z DEBUG authenticator::transport::platform::monitor] Adding device /dev/uhid1 [2023-03-14T21:40:27Z DEBUG authenticator::transport::device_selector] Device added event: "/dev/uhid3" [2023-03-14T21:40:27Z DEBUG authenticator::transport::device_selector] Device added event: "/dev/uhid2" [2023-03-14T21:40:27Z DEBUG authenticator::transport::device_selector] Device added event: "/dev/uhid0" [2023-03-14T21:40:27Z DEBUG authenticator::transport::device_selector] Device added event: "/dev/uhid1" [2023-03-14T21:40:27Z DEBUG authenticator::transport::platform::device] device timeout 0 [2023-03-14T21:40:27Z INFO authenticator::transport::platform::device] new device "/dev/uhid1" STATUS: device available: Vendor: Unknown Vendor, Device: Unknown Device, Interface: 2, Firmware: v1.0.2, Capabilities: 05
So, if we look only at authenticator-rs here are my result: for the version of firefox: 110.0.1_2 -> no issue 111.0 -> no issue 111.0_1 -> stuck in finding the device But when u2f is attempted in firefox, it does not work for the version: 111.0 and 111.0_1 .
ditto for yubikey and solokey too here. It completely borks USB and I need to power cycle the box.
Thibault thats very useful info. Perhaps you can share how you debugged this and how we could revert the authenticator-rs if needed?
(In reply to Dave Cottlehuber from comment #5) Thanks, here the steps: In the directory (from firefox extracted directory from port) third_party/rust/authenticator cargo build --example main (you may need to install some dependency that are available with pkg) and then insert the security key Finally, RUST_LOG=debug cargo run --example main Since authentificator-rs that came from firefox 111.0 seems to works, I am not sure that only reverting the update to authentificator-rs is sufficient. So likely there is multiple issues (since for 111.0_1 even authentificator-rs alone does not work).
firefox-esr works, if you run `MOZ_ALLOW_DOWNGRADE=1 firefox` to accommodate different profile versions. YMMV. Version : 102.9.0_1,1 Installed on : Thu Mar 16 08:42:15 2023 UTC I have also had problems with videoconference (video but not audio recording) so this may be a more general USB-related problem here, which is also addressed by reverting to ESR.
> 1824066 - authenticator-rs does not work since firefox 111.0 rc2 Thanks to Thibault for the upstream report and cross-reference here. The upstream pull request is merged. ---- Triage: whilst not assigned, here, to an individual, it seems reasonable to treat the report as in progress.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=388dd4e9e29324b86c19d656b5523013daa1837f commit 388dd4e9e29324b86c19d656b5523013daa1837f Author: Christoph Moench-Tegeder <cmt@FreeBSD.org> AuthorDate: 2023-03-24 21:23:18 +0000 Commit: Christoph Moench-Tegeder <cmt@FreeBSD.org> CommitDate: 2023-03-24 21:23:18 +0000 www/firefox: Restore webauth/security key usage patch from upstream authenticator-rs https://github.com/mozilla/authenticator-rs/pull/238 PR: 270092 Reported By: Thibault Payet www/firefox/Makefile | 2 +- www/firefox/files/patch-bug1824066 (new) | 37 ++++++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+), 1 deletion(-)
A commit in branch 2023Q1 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=376ed2486ab8224c6290e897f53c5360aa9fff92 commit 376ed2486ab8224c6290e897f53c5360aa9fff92 Author: Christoph Moench-Tegeder <cmt@FreeBSD.org> AuthorDate: 2023-03-24 21:23:18 +0000 Commit: Christoph Moench-Tegeder <cmt@FreeBSD.org> CommitDate: 2023-03-24 21:29:11 +0000 www/firefox: Restore webauth/security key usage patch from upstream authenticator-rs https://github.com/mozilla/authenticator-rs/pull/238 PR: 270092 Reported By: Thibault Payet (cherry picked from commit 388dd4e9e29324b86c19d656b5523013daa1837f) www/firefox/Makefile | 2 +- www/firefox/files/patch-bug1824066 (new) | 37 ++++++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+), 1 deletion(-)
imported upstream fix, seems to be fine.
*** Bug 266317 has been marked as a duplicate of this bug. ***