Red Hat Bugzilla – Bug 1473415
RQR12.07_B0029 update hangs, and breaks Logitech wireless USB mouse
Last modified: 2018-05-09 22:47:20 EDT
Description of problem:
Attempting to install the latest Fedora 26 patches caused my Logitech wireless mouse to stop working.
Version-Release number of selected component (if applicable):
The update that hanged was labeled "Logitech Unifying Receiver RQR12.01_B0019 -> RQR12.07_B0029" in the software update GUI. Presumably either one version or the other is installed, or perhaps a mixed-up mixture of the two versions. I don't know how to check.
My desktop uses an ASUSTeK M4A87TD/USB3 motherboard. I have a Dell SK-8110 PS/2 keyboard (my Logitech keyboard died and this is a replacement). I have a Logitech M510 wireless USB mouse, P/N 810-001897.
Steps to Reproduce:
1. Run the Software Update GUI.
2. Click on "Updates".
3. There is a row saying "Logitech Unifying Receiver / RQR12.01_B0019 -> RQR12.07_B0029 / This release addresses an unencrypted keystroke injection issue known as Bastille security issue #11...." In the row there is an "Update" button. Click on it.
Nothing happens. The mouse stops working. I waited several minutes. Eventually I rebooted by using the keyboard. The mouse still doesn't work.
I expected the update to work, perhaps by rebooting the system.
I would appreciate being given a command-line way to do the update, and to monitor its progress. I tried this:
dnf --enablerepo=updates-debuginfo update
but it does not seem to suffice; the mouse still does not work after rebooting, and the updates GUI still lists the Logitech Unifying Receiver patch as not being installed.
To work around the problem I substituted a Logitech B100 (P/N 810-001397) wired USB mouse, which works fine. At least now I know no nearby attackers are injecting mouse movements....
The unifying-receiver-udev package contains udev rules for Logitech receivers. It allows Solaar to access these devices.
If updating the firmware stopped the mouse working completely, I don't think it's anything to do with this package - rather it's a problem with the firmware upgrade, which I think is handled by the fwupd package.
(In reply to Richard Fearn from comment #1)
Thanks for fixing the package - this stuff is all unfamiliar ground to me.
In further news, unplugging the wireless mouse's tiny USB dongle, and plugging it back in again, makes the wireless mouse start working again. However, the software updates GUI for a while listed no updates, and now is listing the Logitech Unifying Receiver update again. For now I'm going to assume that the update hasn't entirely taken and that I'm vulnerable to the security problem, so I will revert to the wired mouse.
I can test the wireless mouse if you give me further instructions. Although I expect someone around here has a device that would let me exploit the security hole if it's still present (for testing purposes only of course), I'd rather not have to do that....
> In further news, unplugging the wireless mouse's tiny USB dongle, and
> plugging it back in again, makes the wireless mouse start working again.
I read this recently:
..which talks about how fwupd controls the receiver in order to update the firmware on it. My guess is that fwupd is putting it into a different state so that it can update the firmware, but that the update is then not working. While in this state, the receiver doesn't function normally. But when you unplug/replug it, the receiver starts up normally again, and you can use the mouse.
> However, the software updates GUI for a while listed no updates, and now is
> listing the Logitech Unifying Receiver update again. For now I'm going to
> assume that the update hasn't entirely taken
Sounds exactly like the update hasn't worked.
I only saw this bug because you originally filed it against unifying-receiver-udev, but I'm no expert on fwupd. We should probably wait for Richard Hughes to respond, as he *is* the fwupd expert.
Does "fwupdmgr get-updates" list anything for the device?
Also, are you perhaps hitting https://github.com/hughsie/fwupd/issues/155 too?
(In reply to Richard Hughes from comment #4)
> Does "fwupdmgr get-updates" list anything for the device?
That shell command outputs the following:
Unifying Receiver has firmware updates:
Update Version: RQR12.07_B0029
Update Remote ID: lvfs
Update Checksum: SHA1(d0d33e760ab6eeed6f11b9f9bd7e83820b29e970)
Update Location: https://secure-lvfs.rhcloud.com/downloads/938fec082652c603a1cdafde7cd25d76baadc70d-Logitech-Unifying-RQR12.07_B0029.cab
Update Description: This release addresses an unencrypted keystroke injection issue known as Bastille security issue #11. The vulnerability is complex to replicate and would require a hacker to be physically close to a target.
(In reply to Richard Hughes from comment #5)
> Also, are you perhaps hitting https://github.com/hughsie/fwupd/issues/155
That looks plausible. Is there something simple that I could run, to check? (I won't have physical access to the machine until tomorrow.)
What's the number laser-printed on the USB plug? It starts with U00xxxxx -- thanks.
Not sure what happened to Paul, but I have the same issue on my Logitech Pico receiver (that you have mentioned in https://github.com/hughsie/fwupd/issues/169). My receiver has the following etched on it:
FCC ID: JNZCU0012
I'm also running Fedora 26, on my laptop, and have F27-beta on my desktop. I've been holding off updating the firmware, using the desktop, to monitor for the fix on F26.
Is there anything else that I can get you, information-wise?
This message is a reminder that Fedora 26 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 26. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as EOL if it remains open with a Fedora 'version'
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version'
to a later Fedora version.
Thank you for reporting this issue and we are sorry that we were not
able to fix it before Fedora 26 is end of life. If you would still like
to see this bug fixed and are able to reproduce it against a later version
of Fedora, you are encouraged change the 'version' to a later Fedora
version prior this bug is closed as described in the policy above.
Although we aim to fix as many bugs as possible during every release's
lifetime, sometimes those efforts are overtaken by events. Often a
more recent Fedora release includes newer upstream software that fixes
bugs or makes them obsolete.
I no longer use that serial mouse (I lost it when I moved offices; sorry) and so I do not know whether the problem still exists in Fedora 28.
This issue was present in Fedora 26.
I don't see the same issue in Fedora 28.
I have this issue in F28. I have apparently broken two receivers, they no longer function on F28 or other systems. I have a logitech mouse and a trackball that use this.
If there is a resolution, I will purchase another receiver to test it.
(In reply to Herbert Carl Meyer from comment #13)
> I have this issue in F28.
OK, updating the bug report's Fedora version number to F28.