Ubuntu 14.04 lock screen doesn't accept keyboard input and sends it back to the underlying window (until using indicators)

Bug #1349128 reported by Sander Jonkers on 2014-07-27
This bug affects 38 people
Affects Status Importance Assigned to Milestone
Marco Trevisan (Treviño)
Marco Trevisan (Treviño)
unity (Ubuntu)
Marco Trevisan (Treviño)

Bug Description

After upgrading to Unity version 7.2.2+14.04.20140714-0ubuntu1 on Trusty, the lockscreen sometimes fails to take the keyboard focus away from Chrome.

This might happen if there's a text selection in Chrome, and also when resuming after suspend.

It doesn't always happen, as this is a race condition, but it's easy to reproduce by selecting the location bar in Chrome and then locking the screen.

Workaround: click on any indicator in the upper right corner, and close the menu. After that, keyboard input is sent to the lockscreen again.

Related branches

Unity Team: Pending requested 2014-07-25
Andrea Azzarone: Approve on 2014-07-31
Brandon Schaefer: Approve on 2014-07-30

Thank you for taking the time to report this bug and helping to make Ubuntu better. It seems that your bug report is not filed about a specific source package though, rather it is just filed against Ubuntu in general. It is important that bug reports be filed about source packages so that people interested in the package can find the bugs about it. You can find some hints about determining what package your bug might be about at https://wiki.ubuntu.com/Bugs/FindRightPackage. You might also ask for help in the #ubuntu-bugs irc channel on Freenode.

To change the source package that this bug is filed about visit https://bugs.launchpad.net/ubuntu/+bug/1349128/+editstatus and add the package name in the text box next to the word Package.

[This is an automated message. I apologize if it reached you inappropriately; please just reply to this message indicating so.]

tags: added: bot-comment
Sander Jonkers (jonkers) on 2014-07-27
affects: ubuntu → lightdm (Ubuntu)
Sander Jonkers (jonkers) wrote :


Another workaround: change the language in the upper right corner, in my case switch from En1 to En2. After that, the password box accepts keyboard input and shows corresponding dots.

tags: added: trusty
Sebastien Bacher (seb128) wrote :

seems like the issue is rather unity/the lockscreen, reassigning there (setting the bug as confirmed, Didier had that issue as well on trusty)

affects: lightdm (Ubuntu) → unity (Ubuntu)
tags: added: lockscreen
summary: - Ubuntu 14.04 login screen doesn't accept keyboard input
+ Ubuntu 14.04 login screen doesn't accept keyboard input (until using
+ indicators=
summary: Ubuntu 14.04 login screen doesn't accept keyboard input (until using
- indicators=
+ indicators)
Changed in unity (Ubuntu):
importance: Undecided → High

When this happen, is any input field shown in the lockscreen or only the username and a darker rounded rectangle is?

Sander Jonkers (jonkers) wrote :

When not accepting/showing input from the keyboard, there is the usual vertical blinking line in the password box (so: 'showing' it is accepting input there), with the word "password" in the background of that password box.

Would it help if I post a picture of video of what goes (or: doesn't go) on?

Francis Potter (n-zbuntu-4) wrote :

This happens on my Dell XPS13 laptop. Here are the steps:

- Close the lid
- Wait a minute
- Open it back up

The login screen appears. The cursor is in the password area and is flashing. Nothing I type on the keyboard does anything.

- Click on anything in the top bar -- the battery indicator, or the gear icon, or the clock
- Hit escape or click on the password box again

Now it works.

- Type my password and log in

This part is interesting: the things I was typing when attempting to log in have been entered into the OS. In other words, if I had a browser window up, my password attempts are there in the address bar. So the things that I type on the login screen, when not accepted by the login screen, are actually being accepted by the underlying operating system.

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in unity (Ubuntu):
status: New → Confirmed
Andrea Azzarone (azzar1) on 2014-07-29
summary: - Ubuntu 14.04 login screen doesn't accept keyboard input (until using
+ Ubuntu 14.04 lock screen doesn't accept keyboard input (until using
Changed in unity:
assignee: nobody → Marco Trevisan (Treviño) (3v1n0)
importance: Undecided → Critical
milestone: none → 7.3.1
status: New → In Progress
Changed in unity (Ubuntu):
status: Confirmed → In Progress
description: updated
information type: Public → Public Security
description: updated

One more note, in case this is helpful to developers: This *sometimes* happens after closing the lid and reopening. It *never* happens after locking the system using ctrl-alt-L.

As mentioned in the duplicate bug, if you have text selected, this also happens without suspending.

Also, I've retitled this bug since the bug is much much worse than not taking the input, the input is actually sent to the underlying Chrome window, so people that type their password without paying too much attention are at risk of sending their password over hangouts or similar.

summary: - Ubuntu 14.04 lock screen doesn't accept keyboard input (until using
- indicators)
+ Password typed to unlock the screen is sent to underlying Chrome window
description: updated
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unity - 7.2.2+14.04.20140714-0ubuntu1.1

unity (7.2.2+14.04.20140714-0ubuntu1.1) trusty-security; urgency=medium

  * SECURITY UPDATE: more screen locking fixes (LP: #1349128)
    - debian/patches/lp1349128.patch: flush after ungrabbing the keyboard
      in unity-shared/PluginAdapter.cpp, add GrabScreen() function that
      retries to lockscreen/LockScreenController.cpp,
      lockscreen/LockScreenShield.cpp, lockscreen/LockScreenShield.h.
 -- Marc Deslauriers <email address hidden> Wed, 30 Jul 2014 15:13:41 -0400

Changed in unity (Ubuntu):
status: In Progress → Fix Released
summary: - Password typed to unlock the screen is sent to underlying Chrome window
+ Ubuntu 14.04 lock screen doesn't accept keyboard input and sends it back
+ to the underlying window (until using indicators)
Chris J Arges (arges) wrote :

It looks like this was fixed in Trusty, but I don't see any messages indicating it was fixed in Utopic. Can someone verify and ensure this is also fixed in the development release? Thanks

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in unity (Ubuntu Trusty):
status: New → Confirmed

A landing for the utopic release will likely happen on Monday.
In the mean time you can download the packages from https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/landing-018/+packages

Changed in unity (Ubuntu Trusty):
status: Confirmed → Fix Released
Changed in unity (Ubuntu):
status: Fix Released → In Progress
Changed in unity (Ubuntu Trusty):
importance: Undecided → Critical
Changed in unity (Ubuntu):
importance: High → Critical
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unity - 7.3.0+14.10.20140731.1-0ubuntu1

unity (7.3.0+14.10.20140731.1-0ubuntu1) utopic; urgency=low

  [ Ubuntu daily release ]
  * New rebuild forced

  [ Brandon Schaefer ]
  * Fixes FTBFS caused by gcc 4.9. Mostly unused functions. (LP:

  [ Andrea Azzarone ]
  * == Problem == Lockscreen capslock detection doesn't work well with
    remapped capslocks == Fix == Use gdk keymap to get the state of the
    caps lock. (LP: #1347735)

  [ Marco Trevisan (Treviño) ]
  * PlacesOverlayVScrollBar and VScrollBarOverlayWindow: add support for
    scaling Add a new ScrollView class to create ScrollViews with an
    OverlayScrollbar and with scaling support. Using them in dash Scopes
    and Previews. (LP: #1340996)
  * LockScreenShield: Add GrabScreen function and retry to make sure we
    really get grab It might happen that the grab is not possible
    because the PluginAdapter::IsScreenGrabbed request has still not
    being fully processed, and thus nux is not able to grab the
    pointer/keyboard. By doing this we instead try to grab the screen,
    and if this is not happening, we wait a little until we don't get
    the ungrab event. In this way, if we eventually get the grab, all
    will work as expected. Otherwise, we cancel the lock request (very
    unlikely to happen). (LP: #1349128)
  * PlacesOverlayVScrollBar: redirect the mouse wheel scroll events
    coming from the thumb to the scrollview This will make the
    scrollview to handle then and perform the same scrolling action it
    would do otherwise. (LP: #1340992)
  * This has a "soft" dependency on lp:~3v1n0/nux/horizontal-scroll-
    delta/+merge/227070, this means that this code would just work as it
    used to do (except for the SwitcerView fix) if that nux branch is
    not used, while it will support correctly horizontal scroll events
    when both the branches are used. (LP: #1342208)
 -- Ubuntu daily release <email address hidden> Thu, 31 Jul 2014 18:40:00 +0000

Changed in unity (Ubuntu):
status: In Progress → Fix Released
Changed in unity:
status: In Progress → Fix Committed
Chris Weiss (cweiss) wrote :

I see this is being treated as critical, but does that also mean it is being treated as a security issue? I found my password in plain text after applying the work around, and if that were a chat application that's a pretty serious security breach.

Yanpas (yanpaso) wrote :

#offtop I have no Idea how Ubuntu plans to compete with Windows with such security holes in LTS release :D I'm shocked

Marc Deslauriers (mdeslaur) wrote :

This bug is now fixed in both trusty and utopic. Please install your updates.

If you see an issue after making sure all updates are applied and restarting your computer, please file a new bug.


Hello Sander, or anyone else affected,

Accepted unity into trusty-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/unity/7.2.3+14.04.20140826-0ubuntu1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-needed
Sander Jonkers (jonkers) wrote :

I don't understand; I thought it was already fixed on 2014-07-31: "This bug was fixed in the package unity - 7.2.2+14.04.20140714-0ubuntu1.1"? Since then I have not experienced it anymore.

Mathew Hodson (mathew-hodson) wrote :

It was fixed in 20140714-0ubuntu1.1, which was a security update.

This bug is mentioned in the new update because it incorporates the changes from 20140714-0ubuntu1 to 20140826-0ubuntu1.

tags: added: verification-done
removed: verification-needed

The verification of the Stable Release Update for unity has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Because of this bug, I've accidentally typed my password on the browser bar, and even skype chat, so that I need to change my password. It's not safe any more

Stephen M. Webb (bregma) on 2015-02-11
Changed in unity:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers