Ubuntu
qtbase-opensource-src package

Invalid security certificates everywhere in KDE

Bug #1952977 reported by pqwoerituytrueiwoq
48
This bug affects 10 people
Affects Status Importance Assigned to Milestone
qtbase-opensource-src (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Upgrading 5.15.2+dfsg-13 to 5.15.2+dfsg-14 results in security cert. errors like this https://imgur.com/a/7Kyt8U6

This causes problems for discover, downloading widgets, using the weather widget, using the kde browser integrations, downloading tabs for ksysguard, etc.

you can get console errors like this

org.kde.plasma.discover: Trying to open unexisting file QUrl("file:///home/chad/%25F")
adding empty sources model QStandardItemModel(0x5646c6ed2e80)
qt.network.ssl: QSslSocket: cannot resolve SSL_CTX_load_verify_dir
org.kde.plasma.libdiscover: Couldn't find a category for "fwupd-backend"
qt.network.ssl: QSslSocket: cannot resolve SSL_CTX_load_verify_dir
file:///usr/lib/x86_64-linux-gnu/qt5/qml/org/kde/kirigami.2/private/PrivateActionToolButton.qml:74:5: QML Binding: Binding loop detected for property "value"
qt.network.ssl: QSslSocket: cannot call unresolved function SSL_CTX_load_verify_dir
qt.network.ssl: An error encountered while to set root certificates location: ""
qt.network.ssl: QSslSocket: cannot call unresolved function SSL_CTX_load_verify_dir
qt.network.ssl: An error encountered while to set root certificates location: ""
qt.network.ssl: QSslSocket: cannot call unresolved function SSL_CTX_load_verify_dir
qt.network.ssl: An error encountered while to set root certificates location: ""
qt.network.ssl: QSslSocket: cannot call unresolved function SSL_CTX_load_verify_dir
qt.network.ssl: An error encountered while to set root certificates location: ""
qt.network.ssl: QSslSocket: cannot call unresolved function SSL_CTX_load_verify_dir
qt.network.ssl: An error encountered while to set root certificates location: ""

qt.network.ssl: QSslSocket: cannot resolve EVP_PKEY_base_id qt.network.ssl: QSslSocket: cannot resolve SSL_get_peer_certificate

ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: libqt5network5 5.15.2+dfsg-14
Uname: Linux 5.15.5-051505-generic x86_64
ApportVersion: 2.20.11-0ubuntu73
Architecture: amd64
CasperMD5CheckResult: pass
CurrentDesktop: KDE
Date: Wed Dec 1 21:43:08 2021
InstallationDate: Installed on 2021-11-26 (5 days ago)
InstallationMedia: Kubuntu 22.04 LTS "Jammy Jellyfish" - Alpha amd64 (20211126)
SourcePackage: qtbase-opensource-src
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
pqwoerituytrueiwoq (pqwoerituytrueiwoq) wrote :
Revision history for this message
pqwoerituytrueiwoq (pqwoerituytrueiwoq) wrote :

Attach deb package from previous version

note that installing this will break apt and will require using install -f to fix it

Revision history for this message
pqwoerituytrueiwoq (pqwoerituytrueiwoq) wrote :

This is the file in the package that breaks everything
/usr/lib/x86_64-linux-gnu/libQt5Network.so.5.15.2
replacing that file with the old version makes stuff work again

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in qtbase-opensource-src (Ubuntu):
status: New → Confirmed
Rik Mills (rikmills)
Changed in qtbase-opensource-src (Ubuntu):
status: Confirmed → Triaged
Revision history for this message
Rik Mills (rikmills) wrote :

What is hopefully a temporary fix is now building in:

ppa:ci-train-ppa-service/4730

Revision history for this message
Bruno Pitrus (wistful-woodpecker) wrote :

I also confirm that reverting libqt5network5 to an earlier version fixes things.

Revision history for this message
Bruno Pitrus (wistful-woodpecker) wrote :

I confirm that the update from Rik's repo fixes the bug.

Revision history for this message
pqwoerituytrueiwoq (pqwoerituytrueiwoq) wrote :

Looks like the updates from today have made the broken version work

$ md5sum /usr/lib/x86_64-linux-gnu/libQt5Network.so.5.15.2*
82bcd38d90d984667e5722083085a37e /usr/lib/x86_64-linux-gnu/libQt5Network.so.5.15.2
82bcd38d90d984667e5722083085a37e /usr/lib/x86_64-linux-gnu/libQt5Network.so.5.15.2.broken
a618a5369c0fc9659fee0addd89f1f57 /usr/lib/x86_64-linux-gnu/libQt5Network.so.5.15.2.working

With the latest updates from today the old copy is no longer breaking things as far as i can tell, confirmed on 2 installs

Rik Mills (rikmills)
Changed in qtbase-opensource-src (Ubuntu):
status: Triaged → Fix Committed
Revision history for this message
Ubuntu QA Website (ubuntuqa) wrote :

This bug has been reported on the Ubuntu ISO testing tracker.

A list of all reports related to this bug can be found here:
http://iso.qa.ubuntu.com/qatracker/reports/bugs/1952977

tags: added: iso-testing
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package qtbase-opensource-src - 5.15.2+dfsg-14ubuntu1

---------------
qtbase-opensource-src (5.15.2+dfsg-14ubuntu1) jammy; urgency=medium

  * Rebuild against openssl 1.1.1 in release pocket. (LP: #1952977)

 -- Rik Mills <email address hidden> Thu, 02 Dec 2021 07:25:25 +0000

Changed in qtbase-opensource-src (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Tom Atkinson (tomachi) wrote :

Hello, I came here searching for a fix to what seems like the same issue: using x11vnc between two Kubuntu machines and getting:

x11vnc[740]: 29/05/2023 21:58:53 SSL: accept_openssl: cookie from ssl_helper[14222] FAILED. 0

However it is 2023 so maybe my issue is separate.

Revision history for this message
Tom Atkinson (tomachi) wrote :

Linux putin 5.19.0-41-generic #42~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Tue Apr 18 17:40:00 UTC 2 x86_64 x86_64 x86_64 GNU/Linux

x11vnc --version
x11vnc: 0.9.16 lastmod: 2019-01-05

OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)

Revision history for this message
Antonio (acardh) wrote :

I followed the instructions from this other link and it worked for me.
https://devicetests.com/fix-global-protect-vpn-ssl-handshake-failed-error-ubuntu

Regards

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.