Fssh_sshbuf_dup_string - on 2.4.2 to 2.4.4 p1 routine upgrade
After a rather routine upgrade from 2.4.2 to 2.4.4p1 I am getting a
Dec 13 11:00:36 router php-fpm: /sshd: The command '/usr/sbin/sshd' returned exit code '1', the output was '/usr/sbin/sshd: Undefined symbol "Fssh_sshbuf_dup_string"'
Does that ring a bell with any one ?
Or alternatively - is there any way to do a 'tripwire' style check of the integrity of all files ?
Sounds like somehow it's using the wrong/unexpected version of a library file.
There are a couple ways to check the integrity of files on the install.
For packaged items:
$ pkg check -s |& egrep -v '(Checking all packages|local/man|local/share/doc|local/info|local/share/aclocal)'
For files included in the base package:
$ /usr/sbin/mtree -e -f /usr/local/share/pfSense/base.mtree -p /
That will print a lot of normal things that have changed like config files, however, so it's not as clear which things are good vs bad.
Thanks - that mtree(8) command did the trick -- shows that what I thought was a routine update must have aborted half way through. As a fair number of files has the sha256 of the previous version.
I ended up fetching a fresh image and mounting it to confirm.
So I guess the question is now - how does one 'force' an update - even if the system thinks its update was success-full (the updater shows a happy:
2.4.4-RELEASE-p1 (amd64) built on Mon Nov 26 11:40:26 EST 2018 FreeBSD 11.2-RELEASE-p4 The system is on the latest version. Version information updated at Thu Dec 13 18:45:19 UTC 2018
i.e. repeat the process - hopefully without it silently aborting somewhere.
pkg upgrade -yfwould forcefully reinstall everything on top of itself. Then you should reboot it manually after.
Would that command include updating the base OS - as it seems the files in /usr/sbin and /usr/lib to be the ones that are affected (as opposed to /usr/local files under ports/pkg) ?
Yes, it would reinstall those as well since they are a part of the
Thanks ! Seems to have done the trick quite nicely.
All that is left are a few 10's of mtree deltas on lockdown flags on things like passwd: flags ("schg" is not "schg,uarch").
Thanks a lot !