Bug 457011

Summary: Folder Passwords: content inspection triggers "Save changes" despite no changes
Product: [Applications] kwalletmanager Reporter: Don Curtis <bugrprt21882>
Component: generalAssignee: Valentin Rusu <valir>
Status: RESOLVED WORKSFORME    
Severity: normal CC: bugrprt21882
Priority: NOR    
Version First Reported In: 21.12.3   
Target Milestone: ---   
Platform: openSUSE   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description Don Curtis 2022-07-22 08:04:28 UTC 
SUMMARY
After inspection of Password text content, "Save changes" is triggered when text is marked by the mouse and then copied.

"Pairs" (Key and content) doesn't exhibit this behaviour.

STEPS TO REPRODUCE
1. Open the KWallet Manager.
2. Select the Folder "Passwords" and then the sub-folder "Passwords" (text).
3. Select a Password and then display the content.
4. Select some text and then copy it to the KDE Paste Buffer.
5. Select another Password.

OBSERVED RESULT
The "Save changes" window appears.

EXPECTED RESULT
There were no changes made (only content was copied) and therefore there's no need to save any changes which were not made.

SOFTWARE/OS VERSIONS
Operating System: openSUSE Leap 15.4
KDE Plasma Version: 5.24.4
KDE Frameworks Version: 5.90.0
Qt Version: 5.15.2
Kernel Version: 5.14.21-150400.24.11-default (64-bit)
Graphics Platform: Wayland
Processors: 8 × AMD Ryzen 5 3400G with Radeon Vega Graphics
Memory: 13.5 GiB of RAM
Graphics Processor: AMD Radeon™ Vega 11 Graphics

ADDITIONAL INFORMATION
The behaviour was previously noticed with KWalletManager version 18.12 - Bug Report 409664.
 * Then, it disappeared with KWallet Manager Version: 20.04.2.
 * Now it's back again ...
Comment 1 Don Curtis 2022-07-29 07:28:03 UTC 
Seems to have been resolved by one of the openSUSE patches offered after the 22nd of July 2022.

Possible candidate:
Security update for libxml2 - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and
                 tree.c (xmlBuffer*) (bsc#1199132).

Also a possible candidate, despite a direct association with KWalletManager:
Security update for pcre2 – CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235).