1024965 – pam_ssh_agent_auth: symbol "xfree" not found

Bug 1024965 - pam_ssh_agent_auth: symbol "xfree" not found

Summary: pam_ssh_agent_auth: symbol "xfree" not found

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	openssh
Sub Component:
Version:	20
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Petr Lautrbach
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-10-30 16:32 UTC by Geert Jansen
Modified:	2013-11-10 07:42 UTC (History)
CC List:	5 users (show)
Fixed In Version:	openssh-6.3p1-5.fc20
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	1025192 (view as bug list)
Environment:
Last Closed:	2013-11-10 07:42:47 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
Possible patch. (12.08 KB, patch) 2013-10-30 16:35 UTC, Geert Jansen	no flags	Details \| Diff
View All

Description Geert Jansen 2013-10-30 16:32:49 UTC

Description of problem:

pam_ssh_agent_auth uses the openbsd-compat library. The original package contains copies of various openssh source files. In Fedora however, the package is compiled as part of the openssh package, so that the original upstream sources can be used.

The upstream openssh nuked "xfree", which is still used by pam_ssh_agent_auth. The result is a shared library that builds, but when it is dlopen()'d, it bails out with an unknown symbol error.

Version-Release number of selected component (if applicable):

openssh-6.3p1-4.fc20

How reproducible:

Always

Steps to Reproduce:

1. # yum install pam_ssh_agent_auth
2. add the line "auth sufficient pam_ssh_agent_auth.so file=~/.ssh/authorized_keys" to /etc/pam.d/sudo
3. Log in to the system with an ssh public key, making sure to specify "-A" to enable agent forwarding.
4. # sudo ls
5. Observer the following error in /var/log/secure: "PAM unable to dlopen(/usr/lib64/security/pam_ssh_agent_auth.so): /usr/lib64/security/pam_ssh_agent_auth.so: undefined symbol: xfree"

Additional info:

Easiest fix is probably to do a global replace of "xfree" with "free". Patch attached.

Comment 1 Geert Jansen 2013-10-30 16:35:07 UTC

Created attachment 817512 [details]
Possible patch.

This patch replaces calls to "xfree()" with "free()". I have tested the patch on the current Fedora 20 branch (10/30/2013).

Comment 2 Petr Lautrbach 2013-10-31 08:12:40 UTC

Thanks for the patch. I'm working on update of pam_ssh_agent_auth to 0.9.5 version which solves this issue too.

Comment 3 Petr Lautrbach 2013-11-01 16:31:00 UTC

pam_ssh_agent_auth-0.9.5 is hardly compilable with the latest openssh code and without openssh code, it's not able to use ecdsa keys. So I've used your patch [1]. Thanks.

[1] http://pkgs.fedoraproject.org/cgit/openssh.git/commit/?h=f20&id=5795323a535f32e23c61afdcf6f547f5b2d0f2ab

Comment 4 Fedora Update System 2013-11-01 16:51:27 UTC

openssh-6.3p1-5.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/openssh-6.3p1-5.fc20

Comment 5 Fedora Update System 2013-11-01 20:27:04 UTC

Package openssh-6.3p1-5.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing openssh-6.3p1-5.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-20464/openssh-6.3p1-5.fc20
then log in and leave karma (feedback).

Comment 6 Fedora Update System 2013-11-10 07:42:47 UTC

openssh-6.3p1-5.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.