Bug 1154725 - Regrassion: fix for CVE-2019-14822 (#1150011) prevent Qt applications from connecting ibus-daemon due to race condition in GDBusServer
Regrassion: fix for CVE-2019-14822 (#1150011) prevent Qt applications from c...
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: X11 Applications
Leap 15.1
Other Other
: P5 - None : Major (vote)
: ---
Assigned To: Fuminobu Takeyama
E-mail List
:
Depends on: 1155768
Blocks:
  Show dependency treegraph
 
Reported: 2019-10-22 10:51 UTC by Fuminobu Takeyama
Modified: 2020-02-02 07:33 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Fuminobu Takeyama 2019-10-22 10:51:40 UTC
After applying the patch to fix CVE-2019-14822 (#1150011), Qt application cannot connect to ibus-daemon.

Due to the race condition bug with GDBus, ibus client using libdbus (including Qt platform input context plugin, aka ibus-qt) cannot connect to ibus-daemon's D-Bus server.

This problem did not reproduce before applying the patch because the race condition happens restricting clients but the old insecure ibus-daemon does not check clients.

Workaround is restarting ibus-daemon repeatedly until the problem is fixed.


Ubuntu has already reverted the patch for CVE-2019-14822
https://bugs.launchpad.net/ubuntu/+source/ibus/+bug/1844853

A bug report in IBus project
https://github.com/ibus/ibus/issues/2137

A fix for GDBus server
https://gitlab.gnome.org/GNOME/glib/merge_requests/1176
Comment 1 Fuminobu Takeyama 2019-11-04 10:25:48 UTC
This problem should be resolve in glib2 side (#1155768).
Comment 2 Fuminobu Takeyama 2020-02-02 07:33:38 UTC
Already fixed in glib2.