[Touch-packages] [Bug 2028774] Re: ssh fails to load opensc-pkcs11.so
Upstream says the change is intentional, so I am closing this bug. Thanks! ** Changed in: openssh (Ubuntu) Status: Confirmed => Won't Fix -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2028774 Title: ssh fails to load opensc-pkcs11.so Status in portable OpenSSH: Unknown Status in openssh package in Ubuntu: Won't Fix Bug description: I have PKCS11Provider opensc-pkcs11.so in my ~/.ssh/config After the last update of openssh-client I now get: $ strace -o slogin.log slogin host lib_contains_symbol: open opensc-pkcs11.so: No such file or directory provider opensc-pkcs11.so is not a PKCS11 library (uwe@host) Password for uwe@host: $ grep -i pkcs11 slogin.log read(3, "PKCS11Provider opensc-pkcs11.so\n"..., 4096) = 1603 openat(AT_FDCWD, "opensc-pkcs11.so", O_RDONLY) = -1 ENOENT (No such file or directory) write(2, "provider opensc-pkcs11.so is not"..., 51) = 51 $ dpkg-query --listfiles opensc-pkcs11 | grep opensc-pkcs11.so /usr/lib/x86_64-linux-gnu/onepin-opensc-pkcs11.so /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so /usr/lib/x86_64-linux-gnu/pkcs11/onepin-opensc-pkcs11.so /usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: openssh-client 1:8.9p1-3ubuntu0.3 ProcVersionSignature: Ubuntu 5.19.0-50.50-generic 5.19.17 Uname: Linux 5.19.0-50-generic x86_64 ApportVersion: 2.20.11-0ubuntu82.5 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Wed Jul 26 15:46:30 2023 InstallationDate: Installed on 2022-08-25 (334 days ago) InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Release amd64 (20220419) RelatedPackageVersions: ssh-askpass 1:1.2.4.1-13 libpam-sshN/A keychain N/A ssh-askpass-gnome N/A SSHClientVersion: OpenSSH_8.9p1 Ubuntu-3ubuntu0.3, OpenSSL 3.0.2 15 Mar 2022 SourcePackage: openssh UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/openssh/+bug/2028774/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2028774] Re: ssh fails to load opensc-pkcs11.so
I've filed an upstream bug for this, let's see if they consider this to be an issue or not: https://bugzilla.mindrot.org/show_bug.cgi?id=3594 Thanks! ** Bug watch added: OpenSSH Portable Bugzilla #3594 https://bugzilla.mindrot.org/show_bug.cgi?id=3594 ** Also affects: openssh via https://bugzilla.mindrot.org/show_bug.cgi?id=3594 Importance: Unknown Status: Unknown ** Changed in: openssh (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2028774 Title: ssh fails to load opensc-pkcs11.so Status in portable OpenSSH: Unknown Status in openssh package in Ubuntu: Confirmed Bug description: I have PKCS11Provider opensc-pkcs11.so in my ~/.ssh/config After the last update of openssh-client I now get: $ strace -o slogin.log slogin host lib_contains_symbol: open opensc-pkcs11.so: No such file or directory provider opensc-pkcs11.so is not a PKCS11 library (uwe@host) Password for uwe@host: $ grep -i pkcs11 slogin.log read(3, "PKCS11Provider opensc-pkcs11.so\n"..., 4096) = 1603 openat(AT_FDCWD, "opensc-pkcs11.so", O_RDONLY) = -1 ENOENT (No such file or directory) write(2, "provider opensc-pkcs11.so is not"..., 51) = 51 $ dpkg-query --listfiles opensc-pkcs11 | grep opensc-pkcs11.so /usr/lib/x86_64-linux-gnu/onepin-opensc-pkcs11.so /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so /usr/lib/x86_64-linux-gnu/pkcs11/onepin-opensc-pkcs11.so /usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: openssh-client 1:8.9p1-3ubuntu0.3 ProcVersionSignature: Ubuntu 5.19.0-50.50-generic 5.19.17 Uname: Linux 5.19.0-50-generic x86_64 ApportVersion: 2.20.11-0ubuntu82.5 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Wed Jul 26 15:46:30 2023 InstallationDate: Installed on 2022-08-25 (334 days ago) InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Release amd64 (20220419) RelatedPackageVersions: ssh-askpass 1:1.2.4.1-13 libpam-sshN/A keychain N/A ssh-askpass-gnome N/A SSHClientVersion: OpenSSH_8.9p1 Ubuntu-3ubuntu0.3, OpenSSL 3.0.2 15 Mar 2022 SourcePackage: openssh UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/openssh/+bug/2028774/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2028774] Re: ssh fails to load opensc-pkcs11.so
Yes, PKCS11Provider /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so works. I guess you can close it then. Though, parenthetically speaking, I realize NFS homes shared by heterogeneous systems are not in wide use now, but the above fix doesn't work very well in that kind of environment :) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2028774 Title: ssh fails to load opensc-pkcs11.so Status in openssh package in Ubuntu: New Bug description: I have PKCS11Provider opensc-pkcs11.so in my ~/.ssh/config After the last update of openssh-client I now get: $ strace -o slogin.log slogin host lib_contains_symbol: open opensc-pkcs11.so: No such file or directory provider opensc-pkcs11.so is not a PKCS11 library (uwe@host) Password for uwe@host: $ grep -i pkcs11 slogin.log read(3, "PKCS11Provider opensc-pkcs11.so\n"..., 4096) = 1603 openat(AT_FDCWD, "opensc-pkcs11.so", O_RDONLY) = -1 ENOENT (No such file or directory) write(2, "provider opensc-pkcs11.so is not"..., 51) = 51 $ dpkg-query --listfiles opensc-pkcs11 | grep opensc-pkcs11.so /usr/lib/x86_64-linux-gnu/onepin-opensc-pkcs11.so /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so /usr/lib/x86_64-linux-gnu/pkcs11/onepin-opensc-pkcs11.so /usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: openssh-client 1:8.9p1-3ubuntu0.3 ProcVersionSignature: Ubuntu 5.19.0-50.50-generic 5.19.17 Uname: Linux 5.19.0-50-generic x86_64 ApportVersion: 2.20.11-0ubuntu82.5 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Wed Jul 26 15:46:30 2023 InstallationDate: Installed on 2022-08-25 (334 days ago) InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Release amd64 (20220419) RelatedPackageVersions: ssh-askpass 1:1.2.4.1-13 libpam-sshN/A keychain N/A ssh-askpass-gnome N/A SSHClientVersion: OpenSSH_8.9p1 Ubuntu-3ubuntu0.3, OpenSSL 3.0.2 15 Mar 2022 SourcePackage: openssh UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2028774/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2028774] Re: ssh fails to load opensc-pkcs11.so
One of the commits for the security fix for CVE-2023-28408 will now attempt to mmap the library and search for the "C_GetFunctionList" symbol before doing the dlopen. Unfortunately, dlopen allows specifying just the library name and the dynamic linker will search for it, but the new code just tries to open the filename directly. ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-28408 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2028774 Title: ssh fails to load opensc-pkcs11.so Status in openssh package in Ubuntu: New Bug description: I have PKCS11Provider opensc-pkcs11.so in my ~/.ssh/config After the last update of openssh-client I now get: $ strace -o slogin.log slogin host lib_contains_symbol: open opensc-pkcs11.so: No such file or directory provider opensc-pkcs11.so is not a PKCS11 library (uwe@host) Password for uwe@host: $ grep -i pkcs11 slogin.log read(3, "PKCS11Provider opensc-pkcs11.so\n"..., 4096) = 1603 openat(AT_FDCWD, "opensc-pkcs11.so", O_RDONLY) = -1 ENOENT (No such file or directory) write(2, "provider opensc-pkcs11.so is not"..., 51) = 51 $ dpkg-query --listfiles opensc-pkcs11 | grep opensc-pkcs11.so /usr/lib/x86_64-linux-gnu/onepin-opensc-pkcs11.so /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so /usr/lib/x86_64-linux-gnu/pkcs11/onepin-opensc-pkcs11.so /usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: openssh-client 1:8.9p1-3ubuntu0.3 ProcVersionSignature: Ubuntu 5.19.0-50.50-generic 5.19.17 Uname: Linux 5.19.0-50-generic x86_64 ApportVersion: 2.20.11-0ubuntu82.5 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Wed Jul 26 15:46:30 2023 InstallationDate: Installed on 2022-08-25 (334 days ago) InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Release amd64 (20220419) RelatedPackageVersions: ssh-askpass 1:1.2.4.1-13 libpam-sshN/A keychain N/A ssh-askpass-gnome N/A SSHClientVersion: OpenSSH_8.9p1 Ubuntu-3ubuntu0.3, OpenSSL 3.0.2 15 Mar 2022 SourcePackage: openssh UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2028774/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2028774] Re: ssh fails to load opensc-pkcs11.so
Can you try putting the full path to the library in your config file? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2028774 Title: ssh fails to load opensc-pkcs11.so Status in openssh package in Ubuntu: New Bug description: I have PKCS11Provider opensc-pkcs11.so in my ~/.ssh/config After the last update of openssh-client I now get: $ strace -o slogin.log slogin host lib_contains_symbol: open opensc-pkcs11.so: No such file or directory provider opensc-pkcs11.so is not a PKCS11 library (uwe@host) Password for uwe@host: $ grep -i pkcs11 slogin.log read(3, "PKCS11Provider opensc-pkcs11.so\n"..., 4096) = 1603 openat(AT_FDCWD, "opensc-pkcs11.so", O_RDONLY) = -1 ENOENT (No such file or directory) write(2, "provider opensc-pkcs11.so is not"..., 51) = 51 $ dpkg-query --listfiles opensc-pkcs11 | grep opensc-pkcs11.so /usr/lib/x86_64-linux-gnu/onepin-opensc-pkcs11.so /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so /usr/lib/x86_64-linux-gnu/pkcs11/onepin-opensc-pkcs11.so /usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: openssh-client 1:8.9p1-3ubuntu0.3 ProcVersionSignature: Ubuntu 5.19.0-50.50-generic 5.19.17 Uname: Linux 5.19.0-50-generic x86_64 ApportVersion: 2.20.11-0ubuntu82.5 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Wed Jul 26 15:46:30 2023 InstallationDate: Installed on 2022-08-25 (334 days ago) InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Release amd64 (20220419) RelatedPackageVersions: ssh-askpass 1:1.2.4.1-13 libpam-sshN/A keychain N/A ssh-askpass-gnome N/A SSHClientVersion: OpenSSH_8.9p1 Ubuntu-3ubuntu0.3, OpenSSL 3.0.2 15 Mar 2022 SourcePackage: openssh UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2028774/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2028774] Re: ssh fails to load opensc-pkcs11.so
Can you run fatrace or opensnoop-bpfcc to discover what exact paths are being probed? Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2028774 Title: ssh fails to load opensc-pkcs11.so Status in openssh package in Ubuntu: New Bug description: I have PKCS11Provider opensc-pkcs11.so in my ~/.ssh/config After the last update of openssh-client I now get: $ strace -o slogin.log slogin host lib_contains_symbol: open opensc-pkcs11.so: No such file or directory provider opensc-pkcs11.so is not a PKCS11 library (uwe@host) Password for uwe@host: $ grep -i pkcs11 slogin.log read(3, "PKCS11Provider opensc-pkcs11.so\n"..., 4096) = 1603 openat(AT_FDCWD, "opensc-pkcs11.so", O_RDONLY) = -1 ENOENT (No such file or directory) write(2, "provider opensc-pkcs11.so is not"..., 51) = 51 $ dpkg-query --listfiles opensc-pkcs11 | grep opensc-pkcs11.so /usr/lib/x86_64-linux-gnu/onepin-opensc-pkcs11.so /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so /usr/lib/x86_64-linux-gnu/pkcs11/onepin-opensc-pkcs11.so /usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: openssh-client 1:8.9p1-3ubuntu0.3 ProcVersionSignature: Ubuntu 5.19.0-50.50-generic 5.19.17 Uname: Linux 5.19.0-50-generic x86_64 ApportVersion: 2.20.11-0ubuntu82.5 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Wed Jul 26 15:46:30 2023 InstallationDate: Installed on 2022-08-25 (334 days ago) InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Release amd64 (20220419) RelatedPackageVersions: ssh-askpass 1:1.2.4.1-13 libpam-sshN/A keychain N/A ssh-askpass-gnome N/A SSHClientVersion: OpenSSH_8.9p1 Ubuntu-3ubuntu0.3, OpenSSL 3.0.2 15 Mar 2022 SourcePackage: openssh UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2028774/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
