Bug 1024965 - pam_ssh_agent_auth: symbol "xfree" not found
pam_ssh_agent_auth: symbol "xfree" not found
Product: Fedora
Classification: Fedora
Component: openssh (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Petr Lautrbach
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2013-10-30 12:32 EDT by Geert Jansen
Modified: 2013-11-10 02:42 EST (History)
5 users (show)

See Also:
Fixed In Version: openssh-6.3p1-5.fc20
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1025192 (view as bug list)
Last Closed: 2013-11-10 02:42:47 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Possible patch. (12.08 KB, patch)
2013-10-30 12:35 EDT, Geert Jansen
no flags Details | Diff

  None (edit)
Description Geert Jansen 2013-10-30 12:32:49 EDT
Description of problem:

pam_ssh_agent_auth uses the openbsd-compat library. The original package contains copies of various openssh source files. In Fedora however, the package is compiled as part of the openssh package, so that the original upstream sources can be used.

The upstream openssh nuked "xfree", which is still used by pam_ssh_agent_auth. The result is a shared library that builds, but when it is dlopen()'d, it bails out with an unknown symbol error.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:

1. # yum install pam_ssh_agent_auth
2. add the line "auth sufficient pam_ssh_agent_auth.so file=~/.ssh/authorized_keys" to /etc/pam.d/sudo
3. Log in to the system with an ssh public key, making sure to specify "-A" to enable agent forwarding.
4. # sudo ls
5. Observer the following error in /var/log/secure: "PAM unable to dlopen(/usr/lib64/security/pam_ssh_agent_auth.so): /usr/lib64/security/pam_ssh_agent_auth.so: undefined symbol: xfree"

Additional info:

Easiest fix is probably to do a global replace of "xfree" with "free". Patch attached.
Comment 1 Geert Jansen 2013-10-30 12:35:07 EDT
Created attachment 817512 [details]
Possible patch.

This patch replaces calls to "xfree()" with "free()". I have tested the patch on the current Fedora 20 branch (10/30/2013).
Comment 2 Petr Lautrbach 2013-10-31 04:12:40 EDT
Thanks for the patch. I'm working on update of pam_ssh_agent_auth to 0.9.5 version which solves this issue too.
Comment 3 Petr Lautrbach 2013-11-01 12:31:00 EDT
pam_ssh_agent_auth-0.9.5 is hardly compilable with the latest openssh code and without openssh code, it's not able to use ecdsa keys. So I've used your patch [1]. Thanks.

[1] http://pkgs.fedoraproject.org/cgit/openssh.git/commit/?h=f20&id=5795323a535f32e23c61afdcf6f547f5b2d0f2ab
Comment 4 Fedora Update System 2013-11-01 12:51:27 EDT
openssh-6.3p1-5.fc20 has been submitted as an update for Fedora 20.
Comment 5 Fedora Update System 2013-11-01 16:27:04 EDT
Package openssh-6.3p1-5.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing openssh-6.3p1-5.fc20'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
Comment 6 Fedora Update System 2013-11-10 02:42:47 EST
openssh-6.3p1-5.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.