Ubuntu
libsecret package

vinagre crashed on connecting to vnc

Bug #1071055 reported by test
216
This bug affects 29 people
Affects Status Importance Assigned to Milestone
libsecret
Fix Released
Medium
libsecret (Ubuntu)
Fix Released
Undecided
Marc Deslauriers
Quantal
Fix Released
High
Marc Deslauriers
Raring
Fix Released
Undecided
Marc Deslauriers

Bug Description

[Impact]
This bug makes vinagre unusable with existing connection profiles upon upgrade to 12.10.

[Test Case]
1. Install Ubuntu 12.04.
2. Use vinagre to connect to a vnc server that's configured to require a password. Do not save the password.
3. Upgrade to Ubuntu 12.10.
4. Try again to connect to the server. Confirm that it fails with a segfault.
5. Upgrade to the libsecret-1-0 in -proposed.
6. Try to connect to the server again. Confirm that it succeeds.

[Regression Potential]
This is a new upstream version release specifically to fix this crasher bug. There appears to be no risk of regression.

on ubuntu 12.10
ii vinagre 3.6.0-0ubuntu1 amd64 remote desktop client for the GNOME Desktop

when connecting to vnc which requires password authentication
vinagre will crash
this is because the usernaem inside the vinagre_tab_find_credentials_in_keyring function will be null

The following patch will resolve it

diff --git a/plugins/vnc/vinagre-vnc-tab.c b/plugins/vnc/vinagre-vnc-tab.c
index 10bed13..d591a29 100644
--- a/plugins/vnc/vinagre-vnc-tab.c
+++ b/plugins/vnc/vinagre-vnc-tab.c
@@ -492,7 +492,10 @@ vnc_authentication_cb (VncDisplay *vnc, GValueArray *credList, VinagreVncTab *vn

   if (need_password || need_username)
     {
- vinagre_tab_find_credentials_in_keyring (tab, &username, &password);
+ if (vinagre_connection_get_username (conn) != NULL)
+ {
+ vinagre_tab_find_credentials_in_keyring (tab, &username, &password);
+ }
       if ( (need_username && !username) || (need_password && !password) )
  {
    host = vinagre_connection_get_best_name (conn);

See original description
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in vinagre (Ubuntu):
status: New → Confirmed
Revision history for this message
Christian Smith (csmith) wrote :

I want to add that the patch works here as well for vinagre 3.6.0-0ubuntu1

Bug Watch Updater (bug-watch-updater)
Changed in vinagre:
importance: Unknown → Critical
status: Unknown → Confirmed
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Actually, this looks like it was fixed in libsecret, not vinagre:

https://bugzilla.gnome.org/show_bug.cgi?id=686015

affects: vinagre (Ubuntu) → libsecret (Ubuntu)
Changed in libsecret (Ubuntu):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in libsecret (Ubuntu Quantal):
status: New → Confirmed
assignee: nobody → Marc Deslauriers (mdeslaur)
affects: vinagre → libsecret
Changed in libsecret:
importance: Critical → Unknown
status: Confirmed → Unknown
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

SRU Request:

Impact:

Vinagre immediately segfaults when attempting to connect to a vnc session with a password. This prevents it from being used to access remote desktops using desktop sharing. This is caused by libsecret improperly handling NULL usernames.

The only change between libsecret 0.10 and 0.11 is the fix for this issue. Hence, this SRU requests updates libsecret to 0.11.

[Test case]

1- Find a vnc server with a password
2- Attempt to connect with vinagre
3- Get password prompt instead of segfault

[Regression Potential]

libsecret now correctly returns an error when it is being used with NULL data, instead of crashing. Impact should be minimal.

Bug Watch Updater (bug-watch-updater)
Changed in libsecret:
importance: Unknown → Medium
status: Unknown → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libsecret - 0.11-0ubuntu1

---------------
libsecret (0.11-0ubuntu1) raring; urgency=low

  * New upstream release to fix segfault in vinagre from using an invalid
    attribute. (LP: #1071055)
 -- Marc Deslauriers <email address hidden> Wed, 31 Oct 2012 10:18:13 +0100

Changed in libsecret (Ubuntu Raring):
status: Confirmed → Fix Released
Steve Langasek (vorlon)
Changed in libsecret (Ubuntu Quantal):
status: Confirmed → Triaged
importance: Undecided → High
Revision history for this message
Steve Langasek (vorlon) wrote : Please test proposed package

Hello test, or anyone else affected,

Accepted libsecret into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/libsecret/0.11-0ubuntu0.12.10.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please change the bug tag from verification-needed to verification-done. If it does not, change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

description: updated
Changed in libsecret (Ubuntu Quantal):
status: Triaged → Fix Committed
tags: added: verification-needed
Revision history for this message
Steve Langasek (vorlon) wrote :

I've verified that the described test case fixes the problem for me.

tags: added: verification-done
removed: verification-needed
Revision history for this message
Doug Nelson (doug-peacefulrock) wrote :

I installed the proposed package, and it fixed the issue for me as well.

Revision history for this message
Rick Born (rick-born) wrote :

You guys rock, this fixed the issue for me as well

Revision history for this message
Stefan Brozinski (stefan-brozinski) wrote :

libsecret-1 from proposed works very well and fixes the issue for me as well. Thanks.

Revision history for this message
Christian Smith (csmith) wrote :

proposed updates worked here too

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libsecret - 0.11-0ubuntu0.12.10.1

---------------
libsecret (0.11-0ubuntu0.12.10.1) quantal-proposed; urgency=low

  * New upstream release to fix segfault in vinagre from using an invalid
    attribute. (LP: #1071055)
 -- Marc Deslauriers <email address hidden> Wed, 31 Oct 2012 10:18:13 +0100

Changed in libsecret (Ubuntu Quantal):
status: Fix Committed → Fix Released
Revision history for this message
Colin Watson (cjwatson) wrote : Update Released

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.