[Bug 1200076] New: [Leap 15.4] keepassxc crashes on auto-fill and crashes the whole X session
http://bugzilla.opensuse.org/show_bug.cgi?id=1200076 Bug ID: 1200076 Summary: [Leap 15.4] keepassxc crashes on auto-fill and crashes the whole X session Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.4 Hardware: x86-64 OS: Other Status: NEW Severity: Critical Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: manfred.h@gmx.net QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- I use keepassxc for all my passwords. Today I tried to login to OBS using my stored credentials, but when I used the auto-fill function to fill in my username and password, the program crashes immediately. Unfortunately this also kills the whole X session. Here are some details: - keepassxc-2.7.1-bp154.3.3.1.x86_64 - keepassxc-lang-2.7.1-bp154.3.3.1.noarch - patterns-xfce-xfce-20210209-lp154.1.2.x86_64 Not being able to login to any website using the password manager renders openSUSE Leap 15.4 unusable for me, which is why I see this as critical! -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1200076 Manfred Hollstein <manfred.h@gmx.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |manfred.h@gmx.net -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1200076 http://bugzilla.opensuse.org/show_bug.cgi?id=1200076#c2 --- Comment #2 from Manfred Hollstein <manfred.h@gmx.net> --- Created attachment 859320 --> http://bugzilla.opensuse.org/attachment.cgi?id=859320&action=edit Xorg.0.log for the crashed session -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1200076 http://bugzilla.opensuse.org/show_bug.cgi?id=1200076#c3 --- Comment #3 from Manfred Hollstein <manfred.h@gmx.net> --- (In reply to Matthias Gerstner from comment #1)
Assigning to keepassxc maintainer(s).
Some additional logs would be helpful I guess like `journalctl`, `dmesg`, possibly core dumps.
There is no core dump, at least not in my home directory. I have just attached the Xorg.0.log file for the crashed session; here is some additional information from /var/log/messages (journalctl doesn't show anything obvious): 2022-05-31T19:21:20.209094+02:00 saturn keepassxc[3737]: qt5ct: using qt5ct plugin 2022-05-31T19:21:20.254230+02:00 saturn keepassxc[3737]: YubiKey: Failed to establish PCSC context. 2022-05-31T19:21:20.254280+02:00 saturn keepassxc[3737]: YubiKey: PCSC interface is disabled or not initialized. 2022-05-31T19:21:20.279117+02:00 saturn keepassxc[3737]: qt5ct: D-Bus global menu: no 2022-05-31T19:21:20.298812+02:00 saturn keepassxc[3737]: qt5ct: D-Bus system tray: yes 2022-05-31T19:21:20.523379+02:00 saturn keepassxc[3737]: qt5ct: palette support is disabled 2022-05-31T19:21:20.524908+02:00 saturn keepassxc[3737]: qt5ct: custom style sheet is disabled 2022-05-31T19:22:04.182861+02:00 saturn manfred: Right before invoking the auto-fill function of keepassxc 2022-05-31T19:22:15.271529+02:00 saturn at-spi-bus-launcher[2716]: XIO: fatal IO error 11 (Resource temporarily unavailable) on X server ":0" 2022-05-31T19:22:15.271598+02:00 saturn at-spi-bus-launcher[2716]: after 105 requests (105 known processed) with 0 events remaining. 2022-05-31T19:22:15.272128+02:00 saturn keepassxc[3737]: The X11 connection broke: I/O error (code 1) 2022-05-31T19:22:15.273335+02:00 saturn polkitd[1728]: Unregistered Authentication Agent for unix-session:4 (system bus name :1.49, object path /org/gnome/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8) (disconnected from bus) 2022-05-31T19:22:15.275036+02:00 saturn lightdm: pam_unix(lightdm:session): session closed for user manfred -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1200076 http://bugzilla.opensuse.org/show_bug.cgi?id=1200076#c5 --- Comment #5 from Manfred Hollstein <manfred.h@gmx.net> --- I was wrongly assuming that the core file should be in my home directory, but as it was /usr/bin/X which dumped core, the file was in /, of course. # file /core /core: ELF 64-bit LSB core file x86-64, version 1 (SYSV), SVR4-style, from '/usr/bin/X :0 -seat seat0 -auth /run/lightdm/root/:0 -nolisten tcp vt7 -novtswi', real uid: 0, effective uid: 0, real gid: 0, effective gid: 0, execfn: '/usr/bin/X', platform: 'x86_64' I'll attach the compressed core.xz in a minute! -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1200076 http://bugzilla.opensuse.org/show_bug.cgi?id=1200076#c6 --- Comment #6 from Manfred Hollstein <manfred.h@gmx.net> --- Created attachment 859331 --> http://bugzilla.opensuse.org/attachment.cgi?id=859331&action=edit Compressed /core file dumped by /usr/bin/X -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1200076 Martin Pluskal <mpluskal@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Component|Security |X.Org Assignee|mpluskal@suse.com |gfx-bugs@suse.de QA Contact|qa-bugs@suse.de |gfx-bugs@suse.de -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1200076 http://bugzilla.opensuse.org/show_bug.cgi?id=1200076#c12 Manfred Hollstein <manfred.h@gmx.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(manfred.h@gmx.net | |) | --- Comment #12 from Manfred Hollstein <manfred.h@gmx.net> --- (In reply to Stefan Dirsch from comment #11)
* Do Jun 02 2022 sndirsch@suse.com - U_0002-Fix-crash-on-XkbSetMap.patch U_0003-Fix-crash-on-XkbSetMap.patch * fixes Xserver crash on keyboard remapping (boo#1200076, fdo#574)
Please test!
Thumbs up! xorg-x11-server-1.20.3-150400.37.3.1.x86_64 works as expected on my system, thanks a lot! -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1200076 http://bugzilla.opensuse.org/show_bug.cgi?id=1200076#c13 Stefan Dirsch <sndirsch@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED --- Comment #13 from Stefan Dirsch <sndirsch@suse.com> --- Thanks for testing. Submitted now https://build.suse.de/request/show/273401 Closing as fixed. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1200076 http://bugzilla.opensuse.org/show_bug.cgi?id=1200076#c14 Frank Gie�ler <frank.giessler@yahoo.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |andihartmann@freenet.de --- Comment #14 from Frank Gie�ler <frank.giessler@yahoo.de> --- *** Bug 1200444 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1200076 http://bugzilla.opensuse.org/show_bug.cgi?id=1200076#c15 --- Comment #15 from Klaus Mueller <andihartmann@freenet.de> --- A 3 years old fix is applied now? The xorg-x11-server-21.1.3-lp154.680.1.x86_64 from https://ftp.gwdg.de/pub/opensuse/repositories/X11:/XOrg/openSUSE_Leap_15.4/ already contains the fix. Switched completely to this repository for the X packages. It's now working as expected. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1200076 http://bugzilla.opensuse.org/show_bug.cgi?id=1200076#c16 --- Comment #16 from Stefan Dirsch <sndirsch@suse.com> --- Yes, there hasn't been a xorg-server version update for more than 3 years ... although there have been a lot fixes in git master ... -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1200076 http://bugzilla.opensuse.org/show_bug.cgi?id=1200076#c17 --- Comment #17 from Manfred Hollstein <manfred.h@gmx.net> --- (In reply to Stefan Dirsch from comment #16)
Yes, there hasn't been a xorg-server version update for more than 3 years ... although there have been a lot fixes in git master ...
Don't you think this bug is serious enough to warrant an update? I mean a user application being able to crash the whole server is not peanuts, isn't it? Do you know if there is an update package in the works? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1200076 http://bugzilla.opensuse.org/show_bug.cgi?id=1200076#c18 --- Comment #18 from Stefan Dirsch <sndirsch@suse.com> --- (In reply to Manfred Hollstein from comment #17)
(In reply to Stefan Dirsch from comment #16)
Yes, there hasn't been a xorg-server version update for more than 3 years ... although there have been a lot fixes in git master ...
Don't you think this bug is serious enough to warrant an update? I mean a user application being able to crash the whole server is not peanuts, isn't it?
That's why I fixed it and submitted a fix to sle15-sp4/Leap 15.4. See comment#13
Do you know if there is an update package in the works?
It's triggered, but I don't know when it will happen. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1200076 http://bugzilla.opensuse.org/show_bug.cgi?id=1200076#c19 --- Comment #19 from Manfred Hollstein <manfred.h@gmx.net> --- (In reply to Stefan Dirsch from comment #18)
(In reply to Manfred Hollstein from comment #17)
(In reply to Stefan Dirsch from comment #16)
Yes, there hasn't been a xorg-server version update for more than 3 years ... although there have been a lot fixes in git master ...
Don't you think this bug is serious enough to warrant an update? I mean a user application being able to crash the whole server is not peanuts, isn't it?
That's why I fixed it and submitted a fix to sle15-sp4/Leap 15.4. See comment#13
Yeah, I saw that, but I get "Server not found" when clicking on that URL - that's why I asked.
Do you know if there is an update package in the works?
It's triggered, but I don't know when it will happen.
Great, that's what I wanted to know, thx! -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1200076 http://bugzilla.opensuse.org/show_bug.cgi?id=1200076#c20 --- Comment #20 from Klaus Mueller <andihartmann@freenet.de> --- (In reply to Stefan Dirsch from comment #16)
Yes, there hasn't been a xorg-server version update for more than 3 years ... although there have been a lot fixes in git master ...
Really? 21.1.3 was released 1/2022. https://lists.x.org/archives/xorg-announce/2022-January/003127.html -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1200076 http://bugzilla.opensuse.org/show_bug.cgi?id=1200076#c21 --- Comment #21 from Stefan Dirsch <sndirsch@suse.com> --- (In reply to Klaus Mueller from comment #20)
(In reply to Stefan Dirsch from comment #16)
Yes, there hasn't been a xorg-server version update for more than 3 years ... although there have been a lot fixes in git master ...
Really? 21.1.3 was released 1/2022. https://lists.x.org/archives/xorg-announce/2022-January/003127.html
Which was too late Beta for sle15-sp4/Leap 15.4. But we have it on Tumbleweed. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1200076 http://bugzilla.opensuse.org/show_bug.cgi?id=1200076#c22 --- Comment #22 from Klaus Mueller <andihartmann@freenet.de> --- (In reply to Stefan Dirsch from comment #21)
(In reply to Klaus Mueller from comment #20)
(In reply to Stefan Dirsch from comment #16)
Yes, there hasn't been a xorg-server version update for more than 3 years ... although there have been a lot fixes in git master ...
Really? 21.1.3 was released 1/2022. https://lists.x.org/archives/xorg-announce/2022-January/003127.html
Which was too late Beta for sle15-sp4/Leap 15.4. But we have it on Tumbleweed.
21.1.0 was released 10/2021. It contained the fix, too. I just don't understand it as your actual package contains lots of other additional fixes - why not this one, which is already 2 years old (https://gitlab.freedesktop.org/xorg/xserver/-/commit/8469bfead9515ab3644f176... -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1200076 http://bugzilla.opensuse.org/show_bug.cgi?id=1200076#c23 --- Comment #23 from Stefan Dirsch <sndirsch@suse.com> --- (In reply to Klaus Mueller from comment #22)
21.1.0 was released 10/2021. It contained the fix, too.
There has been no request to update the xserver by our partners. Feature-wise it wasn't that interesting. Source code has been refactored a bit, build system changed to meson, etc. So chances for regressions has been real. So I decided against in the end. But why are you asking this now and not already at that time with the first Beta on Leap 15.4?
I just don't understand it as your actual package contains lots of other additional fixes - why not this one, which is already 2 years old (https://gitlab.freedesktop.org/xorg/xserver/-/commit/ 8469bfead9515ab3644f1769a1ff51466ba8ffee)?
Sorry, but we can only fix issues, which are reported. Seriously. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1200076 Virtanen <sleepydog@liquid-moon.pw> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |sleepydog@liquid-moon.pw -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1200076 http://bugzilla.opensuse.org/show_bug.cgi?id=1200076#c26 Daniel Noga <noga.dany@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |noga.dany@gmail.com --- Comment #26 from Daniel Noga <noga.dany@gmail.com> --- It is offtopic, but if the discussion is already here, the new xserver contains known regression for AMD graphics card, so I personaly like it was not updated to that bugy version: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1250 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1200076 http://bugzilla.opensuse.org/show_bug.cgi?id=1200076#c28 --- Comment #28 from OBSbugzilla Bot <bwiedemann+obsbugzillabot@suse.com> --- This is an autogenerated message for OBS integration: This bug (1200076) was mentioned in https://build.opensuse.org/request/show/1034269 Factory / xorg-x11-server -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com