Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1225106
Summary: | pam_ssh_agent_auth: undefined symbol: ssh_get_first_identity | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Sjoerd Mullender <sjoerd> |
Component: | openssh | Assignee: | Jakub Jelen <jjelen> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 22 | CC: | jjelen, mattias.ellert, mgrepl, plautrba, tmraz |
Target Milestone: | --- | Keywords: | Reopened |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | openssh-6.8p1-7.fc22 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-06-07 16:02:08 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Sjoerd Mullender
2015-05-26 15:12:30 UTC
Thanks for report. There was some refactorization of openssh internals around authfd. I managed to update pam_ssh_agent code to cooperate with current openssh and my rough testing shows that it works. If you will have time to check it out, there is scratch build: http://koji.fedoraproject.org/koji/taskinfo?taskID=9857246 Regular build will be available with another fixes later. That's an fc23 package. Is there also an fc22 package? For testing purpose it shouldn't matter to install F23 packages. Within openssh, there is no difference between them. Full update for F22 will be available in few days. I need to figure out some stuff. openssh-6.8p1-6.fc22 has been submitted as an update for Fedora 22. https://admin.fedoraproject.org/updates/openssh-6.8p1-6.fc22 Package openssh-6.8p1-6.fc22: * should fix your issue, * was pushed to the Fedora 22 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing openssh-6.8p1-6.fc22' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-9070/openssh-6.8p1-6.fc22 then log in and leave karma (feedback). openssh-6.8p1-6.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. I'm sorry I wasn't able to test this sooner, but I'm afraid this fix makes it (quite a bit) worse. sudo crashes due to a double free in the pam_ssh_agent_auth.so shared library: *** Error in `sudo': double free or corruption (fasttop): 0xb87b6fa0 *** ======= Backtrace: ========= /lib/libc.so.6(+0x6b716)[0xb7553716] /lib/libc.so.6(+0x7414a)[0xb755c14a] /lib/libc.so.6(cfree+0x50)[0xb755f930] /usr/lib/security/pam_ssh_agent_auth.so(+0x79f7)[0xb6e2a9f7] /usr/lib/security/pam_ssh_agent_auth.so(+0x10bc2)[0xb6e33bc2] /usr/lib/security/pam_ssh_agent_auth.so(+0x4261)[0xb6e27261] /usr/lib/security/pam_ssh_agent_auth.so(pam_sm_authenticate+0x489)[0xb6e5b199] /lib/libpam.so.0(+0x2615)[0xb71e7615] /lib/libpam.so.0(pam_authenticate+0x47)[0xb71e6d77] /usr/libexec/sudo/sudoers.so(+0x5bcb)[0xb71f9bcb] /usr/libexec/sudo/sudoers.so(+0x51a2)[0xb71f91a2] /usr/libexec/sudo/sudoers.so(+0x6a76)[0xb71faa76] /usr/libexec/sudo/sudoers.so(+0x1821d)[0xb720c21d] /usr/libexec/sudo/sudoers.so(+0x12100)[0xb7206100] sudo(main+0x82c)[0xb775fe5c] /lib/libc.so.6(__libc_start_main+0xf7)[0xb75006c7] sudo(+0x53ed)[0xb77613ed] [ large memory map elided ] Perhaps this should be a new bug report? I think it can stay in this bugzilla. Sorry for it and thanks for reopening. I gave it another try with more care and fixed few problems. Here is scratch build: http://koji.fedoraproject.org/koji/taskinfo?taskID=9916345 and if my last testing will end good, I will push it later today. I installed pam_ssh_agent_auth-0.9.3-5.7.fc23.1.x86_64 on a test machine running F22 (upgraded from F21) and the result is: $ sudo whoami Segmentation fault I then incorporated the change in /etc/pam.d/sudo.rpmnew into /etc/pam.d/sudo (after the upgrade from F21 to F22 the last line containing "session include system-auth" was missing), and the result became: *** Error in `sudo': double free or corruption (out): 0x00007fdb00000000 *** ======= Backtrace: ========= /lib64/libc.so.6(+0x77e9d)[0x7fdb05594e9d] /lib64/libc.so.6(+0x7f53c)[0x7fdb0559c53c] /lib64/libc.so.6(cfree+0x4c)[0x7fdb055a0e9c] /usr/lib64/security/pam_ssh_agent_auth.so(+0x638e)[0x7fdafbfae38e] /usr/lib64/security/pam_ssh_agent_auth.so(+0x6260)[0x7fdafbfae260] /usr/lib64/security/pam_ssh_agent_auth.so(pam_sm_authenticate+0x3f4)[0x7fdafbfd4524] /lib64/libpam.so.0(+0x2f82)[0x7fdafe369f82] /lib64/libpam.so.0(pam_authenticate+0x30)[0x7fdafe369840] /usr/libexec/sudo/sudoers.so(+0x8b9b)[0x7fdafe57eb9b] /usr/libexec/sudo/sudoers.so(+0x82f2)[0x7fdafe57e2f2] /usr/libexec/sudo/sudoers.so(+0x987c)[0x7fdafe57f87c] /usr/libexec/sudo/sudoers.so(+0x18a9f)[0x7fdafe58ea9f] /usr/libexec/sudo/sudoers.so(+0x137cf)[0x7fdafe5897cf] sudo(+0x568e)[0x7fdb0656a68e] /lib64/libc.so.6(__libc_start_main+0xf0)[0x7fdb0553d790] sudo(+0x6829)[0x7fdb0656b829] Yes. I found out after I posted. So one more time, hopefully tested all use cases. There were more changes than I expected and even some fun with changed types. I will do update tomorrow, if you will report success. http://koji.fedoraproject.org/koji/taskinfo?taskID=9920781 (F22 package) Now that I have pam_ssh_agent_auth-0.9.3-5.7.fc22.1.x86_64 installed, sudo worked. Looking good so far. openssh-6.8p1-7.fc22 has been submitted as an update for Fedora 22. https://admin.fedoraproject.org/updates/openssh-6.8p1-7.fc22 Package openssh-6.8p1-7.fc22: * should fix your issue, * was pushed to the Fedora 22 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing openssh-6.8p1-7.fc22' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-9537/openssh-6.8p1-7.fc22 then log in and leave karma (feedback). openssh-6.8p1-7.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. |