[Bug 1133808] New: pam-kwallet cause sudo stop working
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808 Bug ID: 1133808 Summary: pam-kwallet cause sudo stop working Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.1 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: KDE Workspace (Plasma) Assignee: opensuse-kde-bugs@opensuse.org Reporter: cornelis@solcon.nl QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Yesterday I had a problem with sudo. The password was not accepted. kdesu and su were still working. I had pam-kwallet installed. I did a fresh install and sudo worked again, but it stopped working after installing pam-kwallet. Removing pam-kwallet restored sudo again. I have not made changes to the pam of sudo setups. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808#c1
Neil Rickert
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808#c2
Ludwig Nussel
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808#c3
Cor Blom
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808#c4
--- Comment #4 from Neil Rickert
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808#c5
--- Comment #5 from Cor Blom
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808#c6
--- Comment #6 from Ludwig Nussel
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808
Ludwig Nussel
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808#c7
Michael Bryant
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808
Ulrich Beckmann
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808#c8
Timo Sigurdsson
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808#c9
Wolfgang Bauer
Is there any information I might collect that might help narrow down the issue here?
Not really. Somebody needs to debug the problem and find out what goes wrong exactly. I just upgraded my system to 15.1 and can reproduce it, so I'll have a look... I find it interesting that the exact same pam_kwallet version works fine in 15.0 though (I'm using the latest one from KDE:Frameworks5 here), so it must be triggered by a change somewhere else. Btw, a workaround might be to add something like "only_if sddm" to the pam_kwallet entry in /etc/pam.d/common-session, similar to what is done for gnome-keyring-pam. I haven't tested that though. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808#c10
--- Comment #10 from Wolfgang Bauer
I find it interesting that the exact same pam_kwallet version works fine in 15.0 though (I'm using the latest one from KDE:Frameworks5 here), so it must be triggered by a change somewhere else.
It's caused by a change in libgcrypt20 it seems. Installing the package from 15.0 fixes the problem... -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808
Karsten de Freese
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808#c11
--- Comment #11 from Cor Blom
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808#c12
Wolfgang Bauer
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808#c13
Vítězslav Čížek
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808
kolA flash
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808
matthias sweertvaegher
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808#c14
Fabian Vogt
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808
Iakov Karpov
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808
André asdfg
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808#c15
Simon Vogl
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808
Dan Lettermun
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808#c16
Anthony Accioly
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808
Björn Voigt
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808
Damien Zufferey
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808#c17
Bunte Katze
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808#c18
Wolfgang Bauer
If you are unsure about the patch causing this, maybe I can help narrow this down: No, that's clear already IMHO, but thanks anyway.
FYI, this bug is being worked on, see bug#1137716 (or bug#1137307), there just wasn't a comment here yet. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808#c19
--- Comment #19 from Wolfgang Bauer
(In reply to Bunte Katze from comment #17)
If you are unsure about the patch causing this, maybe I can help narrow this down: No, that's clear already IMHO, but thanks anyway. See also comment#12...
-- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808#c20
--- Comment #20 from matthias sweertvaegher
FYI, this bug is being worked on, see bug#1137716 (or bug#1137307), there just wasn't a comment here yet.
good to know, thanks for the update! -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808#c22
Wolfgang Bauer
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808
Hans-Peter Jansen
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808#c25
Ms Hmm
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808
Thomas Rother
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808#c34
--- Comment #34 from Thomas Rother
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808#c35
--- Comment #35 from Wolfgang Bauer
Is there any status update on this? Something that can be tested? Sure, the update is in the update test repo meanwhile: https://download.opensuse.org/update/leap/15.1-test/
-- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808#c36
--- Comment #36 from Thomas Rother
(In reply to Thomas Rother from comment #34)
Is there any status update on this? Something that can be tested? Sure, the update is in the update test repo meanwhile: https://download.opensuse.org/update/leap/15.1-test/
Just a question: Did I get that right, the patch is in libgcrypt, not in pam_kwallet? So I have to re-install pam_kwallet and patch libgcrypt? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808#c37
--- Comment #37 from Wolfgang Bauer
(In reply to Wolfgang Bauer from comment #35)
(In reply to Thomas Rother from comment #34)
Is there any status update on this? Something that can be tested? Sure, the update is in the update test repo meanwhile: https://download.opensuse.org/update/leap/15.1-test/
Just a question: Did I get that right, the patch is in libgcrypt, not in pam_kwallet? The patch is in libgcrypt20, yes.
-- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808
Richard Prigan
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808
http://bugzilla.opensuse.org/show_bug.cgi?id=1133808#c43
Fabian Vogt
openSUSE-RU-2019:1850-1: An update that solves one vulnerability and has two fixes is now available.
Category: recommended (important) Bug References: 1097073,1133808,1138939 CVE References: CVE-2019-12904 Sources used: openSUSE Leap 15.1 (src): libgcrypt-1.8.2-lp151.9.4.1
Should be fixed now, finally. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com