Antiz96
commented
6 days ago By the way, I remain available to share any additional information that could be needed or to test any patches :)
Open Antiz96 opened 1 week ago
Antiz96
commented
6 days ago By the way, I remain available to share any additional information that could be needed or to test any patches :)
shaylash
commented
5 days ago @Antiz96 Thanks !
megavolts
commented
5 days ago Thanks @Antiz96 to document the bug.
I confirm the bug, as I am also affected with same error message.
I remain available to share any additional information that could be needed or test any patches.
Cherkah
commented
5 days ago any update?
Thanks @Antiz96 to document the bug.
timgir
commented
4 days ago Hello everyone,
I noticed that if you don't close the error pop-up, the bridge still runs in the background, and you can send and receive emails.
This should be a workaround while waiting for the fix.
shaylash
commented
4 days ago Hi to all, An sign from someone at Proton would be reassuring at least to tell us that this is being acknowledge by them and will be handled at some point (hopefully in not too long...).
Have a good day.
szel
commented
4 days ago +1 about this issue 👍
Had to locate & block following packages from being upgraded just to revert to the Qt 6.7 & keep Proton Mail Bridge running:
qt6-5compat
qt6-base
qt6-charts
qt6-connectivity
qt6-declarative
qt6-httpserver
qt6-imageformats
qt6-location
qt6-multimedia
qt6-multimedia-ffmpeg
qt6-multimedia-gstreamer
qt6-networkauth
qt6-positioning
qt6-quick3d
qt6-quicktimeline
qt6-scxml
qt6-sensors
qt6-shadertools
qt6-speech
qt6-svg
qt6-tools
qt6-translations
qt6-virtualkeyboard
qt6-wayland
qt6-webchannel
qt6-webengine
qt6-websockets
qt6-webview
protonmail-bridge
protonmail-bridge-corePain in the butt 😉
thereillywriter
commented
3 days ago Hi to all, An sign from someone at Proton would be reassuring at least to tell us that this is being acknowledge by them and will be handled at some point (hopefully in not too long...).
Have a good day.
I contacted their support team directly and received the following response:
“Please note that at the moment we are building the Bridge app with Qt 6.4.3. We have forwarded your feedback to the appropriate team in our service who will take a closer look at this and consider it for future implementation.
We are looking closely at every suggestion our customers are reporting and trying to implement it in future updates to make Proton Mail more user-friendly.
For now, we will suggest downgrading the version of Qt to 6.7. “
In summary, they don’t support QT 6.8 but they are looking at it.
thereillywriter
commented
3 days ago Hello everyone,
I noticed that if you don't close the error pop-up, the bridge still runs in the background, and you can send and receive emails.
This should be a workaround while waiting for the fix.
As an alternative, you can use the CLI app to configure Bridge when needed: https://proton.me/support/bridge-cli-guide
Furthermore, you can launch the backend directly by invoking the ‘protonmail-bridge-core’ command. That way you won’t accidentally cause the app to crash by closing the window.
gabor-meszaros
commented
3 days ago Hi Everyone, Thank you for using Proton. I understand how incompatibility with a distribution can lead to annoyance, but it is unfeasible to support all distributions on top of two other platforms (Windows, macOS). That is why we had to draw a line, and the officially supported Linux distributions are the latest non-LTS versions of Ubuntu and Fedora. Bridge is not tested in any other distribution. Major dependency updates are driven by the supported operating system.
The options are:
I hope it helps resolving the issue, thank you for your report.
jaredmo
commented
3 days ago @gabor-meszaros @thereillywriter I tried to CLI. I can get to the bridge logo, but the prompt never displays. I cannot interact with the application. Any troubleshooting suggestions?
It eventually errors into Server did not provide gRPC service configuration in time.
thereillywriter
commented
3 days ago Hi Jared, you seem to be running into a separate issue there: https://github.com/ProtonMail/proton-bridge/issues/422
jaredmo
commented
3 days ago @thereillywriter Thanks. Seems like the CLI isn't a viable alternative.
thereillywriter
commented
3 days ago I haven’t noticed that particular bug myself so I can’t comment on it beyond saying it appears unrelated to the QT 6.8 bug.
mistadikay
commented
3 days ago +1 about this issue 👍
Had to locate & block following packages from being upgraded just to revert to the Qt 6.7 & keep Proton Mail Bridge running:
qt6-5compat qt6-base qt6-charts qt6-connectivity qt6-declarative qt6-httpserver qt6-imageformats qt6-location qt6-multimedia qt6-multimedia-ffmpeg qt6-multimedia-gstreamer qt6-networkauth qt6-positioning qt6-quick3d qt6-quicktimeline qt6-scxml qt6-sensors qt6-shadertools qt6-speech qt6-svg qt6-tools qt6-translations qt6-virtualkeyboard qt6-wayland qt6-webchannel qt6-webengine qt6-websockets qt6-webview protonmail-bridge protonmail-bridge-corePain in the butt 😉
Maybe it's a common knowledge, but gonna just drop a great tool for downgrading and pinning dependencies https://github.com/archlinux-downgrade/downgrade
joekm
commented
2 days ago Hello everyone, I noticed that if you don't close the error pop-up, the bridge still runs in the background, and you can send and receive emails. This should be a workaround while waiting for the fix.
As an alternative, you can use the CLI app to configure Bridge when needed: https://proton.me/support/bridge-cli-guide
Furthermore, you can launch the backend directly by invoking the ‘protonmail-bridge-core’ command. That way you won’t accidentally cause the app to crash by closing the window.
If you do that, I suggest invoking "protonmail-bridge-core" in non-interactive mode. That is....
"protonmail-bridge-core -n".
(add an " &" if you're launching from a terminal so you don't have to keep the terminal active)
In fact, you can just make that your "start up app" in place of protonmail-bridge and it will work just fine. You just won't have the tray applet.
If you do need to access the Command Line Interface (say, to get the bridge password or setup information), just make sure to stop protonmail-bridge-core first and re-launch it again when you're done.
No doubt the protonmail-bridge applet will update as QT 6.8 becomes more common among the distros.
OrangeRollo
commented
2 days ago Hello everyone, I noticed that if you don't close the error pop-up, the bridge still runs in the background, and you can send and receive emails. This should be a workaround while waiting for the fix.
As an alternative, you can use the CLI app to configure Bridge when needed: https://proton.me/support/bridge-cli-guide Furthermore, you can launch the backend directly by invoking the ‘protonmail-bridge-core’ command. That way you won’t accidentally cause the app to crash by closing the window.
If you do that, I suggest invoking "protonmail-bridge-core" in non-interactive mode. That is....
"protonmail-bridge-core -n". (add an " &" if you're launching from a terminal so you don't have to keep the terminal active)
In fact, you can just make that your "start up app" in place of protonmail-bridge and it will work just fine. You just won't have the tray applet.
If you do need to access the Command Line Interface (say, to get the bridge password or setup information), just make sure to stop protonmail-bridge-core first and re-launch it again when you're done.
No doubt the protonmail-bridge applet will update as QT 6.8 becomes more common among the distros.
Thanks. This might just be the way I use it from now on regardless.
thereillywriter
commented
2 days ago Hi Everyone, Thank you for using Proton. I understand how incompatibility with a distribution can lead to annoyance, but it is unfeasible to support all distributions on top of two other platforms (Windows, macOS). That is why we had to draw a line, and the officially supported Linux distributions are the latest non-LTS versions of Ubuntu and Fedora. Bridge is not tested in any other distribution. Major dependency updates are driven by the supported operating system.
The options are:
- Try to downgrade to Qt 6.7.
- Try to use CLI as was mentioned above.
- Use a supported Linux distribution.
- Consider switching to the Proton Mail Desktop app that doesn't use Qt.
I hope it helps resolving the issue, thank you for your report.
Sorry but this is a ridiculous attitude. The problem isn’t Arch Linux - the problem is that you are using a version of QT that hasn’t been supported for over a year, and isn’t even an LTS release. QT 6.4 has been EOL since September 2023 and THAT is your problem.
Blaming those of us who are paying good money to use your software for doing the bare minimum of keeping our systems up to date and secure is a hypocritical and lousy attitude. It is not unreasonable for us to expect a company that cares about privacy and security to do the bare minimum and maintain the software we pay for.
Besides QT is a cross-platform framework and if you don’t update your build systems then sooner or later nobody will be able to run your software.
szel
commented
2 days ago Maybe it's a common knowledge, but gonna just drop a great tool for downgrading and pinning dependencies https://github.com/archlinux-downgrade/downgrade
@mistadikay, I actually came to Arch Linux to learn, and I like to do things manually to understand them 🙂 So, far I was surprised that everything worked out of the box, and since ProtonMail is a commercial application, I wanted to make my vote here.
Thank you for the suggestion though! 👍 Will keep it in my pocket for the future!
OrangeRollo
commented
1 day ago Hi Everyone, Thank you for using Proton. I understand how incompatibility with a distribution can lead to annoyance, but it is unfeasible to support all distributions on top of two other platforms (Windows, macOS). That is why we had to draw a line, and the officially supported Linux distributions are the latest non-LTS versions of Ubuntu and Fedora. Bridge is not tested in any other distribution. Major dependency updates are driven by the supported operating system.
The options are:
* Try to downgrade to Qt 6.7. * Try to use CLI as was mentioned above. * Use a supported Linux distribution. * Consider switching to the [Proton Mail Desktop app](https://proton.me/mail/download) that doesn't use Qt.I hope it helps resolving the issue, thank you for your report.
We have to jump through hoops with bridge for security reasons. The very least I would expect is that Proton are using non end of life versions to build these supposedly secure apps (over 1 year EOL too!) If Proton is this far behind with qt does this apply to other dependencies?
As a paying customer I am losing confidence that Protonmail is secure. Using 1 year past EOL dependencies is disgraceful and at level I wouldn't even expect from hobbyist bedroom programmers. At this point just give us IMAP as I feel more confident that it's more secure than bridge is.
gabor-meszaros
commented
1 day ago Qt is only used for the user interface that is well separated from the part of Bridge that is security sensitive (they are different processes), therefore using an EOL Qt version doesn't make the application insecure.
The reason why an older version of Qt is used in Bridge is that, Bridge is used on wide range of platforms and OS versions, and updating to a newer Qt version has an impact on the issues we need to workaround and compatibility with the environments our users use.
We will select the next Qt version based on what environment the majority of our users use and the development of our supported platforms. We update to that version most likely at the beginning of next year.
Again, I am sorry for the inconvenience you experience on Arch Linux, but this distribution is currently not one of the supported Linux distributions, therefore I have to close this thread.
Cherkah
commented
23 hours ago I am really disappointed by your casual attitude towards the small group of Linux customers that we represent for your company.
Bridge is security sensitive
that's why i left surfshark for proton services (vpn + mail ...). However in retrospect, the surfshark application on archlinux is complete without any major problems in terms of interface, stability, functionality and security. moreover the client service was very reactive !!!
Bridge is used on wide range of platforms and OS versions
don't exaggerate too much : you are not a big commercial vpn major either, the proof is that you do not offer support for archlinux "deliberately"
but this distribution is currently not one of the supported Linux distributions
Believe me if i tell you that I'm not an archlinux fanatic at all. But ArchLinux ( +avatars) is certainly not an important distribution in the professional OS but its use on domestic desktops/laptop is more present than Fedora (since redhat... ) and comes just after Ubuntu (distrowatch).
update to that version most likely at the beginning of next year.
despite your diversified sources of funding (EU donations, companies, individuals, etc.) you cannot react more quickly :(
to conclude I invite you to review your policy regarding certain things. I currently find myself deprived of consulting my emails via my favorite client because the vpn company I trusted refuses to consider the opinion of its "small customers" for obscure considerations.
Fortunately, there is no shortage of fallback solutions.
thereillywriter
commented
22 hours ago Qt is only used for the user interface that is well separated from the part of Bridge that is security sensitive (they are different processes), therefore using an EOL Qt version doesn't make the application insecure.
The reason why an older version of Qt is used in Bridge is that, Bridge is used on wide range of platforms and OS versions, and updating to a newer Qt version has an impact on the issues we need to workaround and compatibility with the environments our users use.
We will select the next Qt version based on what environment the majority of our users use and the development of our supported platforms. We update to that version most likely at the beginning of next year.
Again, I am sorry for the inconvenience you experience on Arch Linux, but this distribution is currently not one of the supported Linux distributions, therefore I have to close this thread.
I am a business customer and there are good compliance reasons why I use Arch Linux, namely it does not rely on outdated and insecure dependencies. While you might not choose to officially support Arch Linux, you should at a minimum choose QT versions which are supported. If other distros rely on outdated versions of QT, that is a problem for them to address. I expect companies I pay for a business service to not use insecure outdated dependencies.
You claim that relying on an outdated version of QT for Bridge poses no security risks. Are you happy to guarantee that in writing? But even if you were, you could not guarantee that using an unsupported version of QT system-wide could not pose any security risk whatsoever. You cannot predict all possible attack vectors, and so your attitude is ridiculous and not one I would expect from a company that claims to care about data security.
Please move your timeline forward. This isn’t an Arch Linux issue - it’s a Proton issue.
wb14123
commented
22 hours ago Qt is only used for the user interface that is well separated from the part of Bridge that is security sensitive (they are different processes), therefore using an EOL Qt version doesn't make the application insecure.
If I remember correctly (unfortunately I cannot verify that anymore since it's broken), isn't the password used by other mail clients shown in the UI?
We will select the next Qt version based on what environment the majority of our users use and the development of our supported platforms. We update to that version most likely at the beginning of next year.
Aren't you stating your supported platforms are latest non-LTS versions of Ubuntu and Fedora? Are those distros also using this end of life Qt version? How do you know what environment the majority of your users use?
As a long time paying customer, I use Protonmail mainly because of its security features. I'm also losing confidence to Protonmail if the developers are lacking of security awareness.
dcpiccolo
commented
22 hours ago I personally never really liked the system tray icon for the bridge in the first place, so I just created a simple script to run the CLI command protonmail-bridge-core -n and call it from ~/.config/autostart. I'm quite content with this.
daniel-fahey
commented
21 hours ago Packager and maintainer for protonmail-bridge-gui here.
isn't the password used by other mail clients shown in the UI?
Yes it is @wb14123 (screenshot at https://proton.me/mail/bridge) also consider vulnerabilities in Qt 6.4.3.
The latest non-LTS version of Ubuntu is 24.10 "Oracular Oriole", it uses Qt 6.6.2. The latest supported (they don't provide LTS releases) version of Fedora is 40, it uses Qt 6.7.2.
The Qt Releases page lists Qt 6.4.3 as standard support expired. The next supported version since Qt 6.4.3 is Qt 6.5 LTS; it seems Proton Mail Bridge should already be being built and developed for Qt 6.5 LTS at the very least.
Proton AG needs to prioritise its dependency lifecycle management.
OrangeRollo
commented
21 hours ago Packager and maintainer for protonmail-bridge-gui here.
isn't the password used by other mail clients shown in the UI?
Yes it is @wb14123 (screenshot at https://proton.me/mail/bridge) also consider vulnerabilities in Qt 6.4.3.
The latest non-LTS version of Ubuntu is 24.10 "Oracular Oriole", it uses Qt 6.6.2. The latest supported (they don't provide LTS releases) version of Fedora is 40, it uses Qt 6.7.2.
The Qt Releases page lists Qt 6.4.3 as standard support expired. The next supported version since Qt 6.4.3 is Qt 6.5 LTS; it seems Proton Mail Bridge should already be being built and developed for Qt 6.5 LTS at the very least.
Proton AG needs to prioritise its dependency lifecycle management.
So there are vulnerabilities in this version of qt and the front end does deal with sensitive data like passwords. Thanks for confirming. My statement about Protonmail not being secure stands. It's not an Arch issue, it's insecure on all distros.
daniel-fahey
commented
20 hours ago it's insecure on all distros
No, the versions built by Proton AG with Qt 6.4.3 and provided as a release on this repo and for download from their website are built using the unsupported Qt 6.4.3 with its known vulnerabilities. Can see the shared object files in the deb package:
[daniel@laptop:~/Downloads]$ nix-shell -p dpkg --run "dpkg-deb -x protonmail-bridge_3.14.0-1_amd64.deb protonmail-bridge_3.14.0-1_amd64"
[daniel@laptop:~/Downloads]$ find protonmail-bridge_3.14.0-1_amd64 -name '*.so.6.4.3' | xargs grep -l 'Qt'
protonmail-bridge_3.14.0-1_amd64/usr/lib/protonmail/bridge/lib/libQt6Core.so.6.4.3
protonmail-bridge_3.14.0-1_amd64/usr/lib/protonmail/bridge/lib/libQt6DBus.so.6.4.3
protonmail-bridge_3.14.0-1_amd64/usr/lib/protonmail/bridge/lib/libQt6EglFSDeviceIntegration.so.6.4.3
protonmail-bridge_3.14.0-1_amd64/usr/lib/protonmail/bridge/lib/libQt6EglFsKmsSupport.so.6.4.3
protonmail-bridge_3.14.0-1_amd64/usr/lib/protonmail/bridge/lib/libQt6Gui.so.6.4.3
protonmail-bridge_3.14.0-1_amd64/usr/lib/protonmail/bridge/lib/libQt6Network.so.6.4.3
protonmail-bridge_3.14.0-1_amd64/usr/lib/protonmail/bridge/lib/libQt6OpenGL.so.6.4.3
protonmail-bridge_3.14.0-1_amd64/usr/lib/protonmail/bridge/lib/libQt6OpenGLWidgets.so.6.4.3
protonmail-bridge_3.14.0-1_amd64/usr/lib/protonmail/bridge/lib/libQt6PrintSupport.so.6.4.3
protonmail-bridge_3.14.0-1_amd64/usr/lib/protonmail/bridge/lib/libQt6Qml.so.6.4.3
protonmail-bridge_3.14.0-1_amd64/usr/lib/protonmail/bridge/lib/libQt6QmlCore.so.6.4.3
protonmail-bridge_3.14.0-1_amd64/usr/lib/protonmail/bridge/lib/libQt6QmlModels.so.6.4.3
protonmail-bridge_3.14.0-1_amd64/usr/lib/protonmail/bridge/lib/libQt6QmlWorkerScript.so.6.4.3
protonmail-bridge_3.14.0-1_amd64/usr/lib/protonmail/bridge/lib/libQt6Quick.so.6.4.3
protonmail-bridge_3.14.0-1_amd64/usr/lib/protonmail/bridge/lib/libQt6QuickControls2.so.6.4.3
protonmail-bridge_3.14.0-1_amd64/usr/lib/protonmail/bridge/lib/libQt6QuickControls2Impl.so.6.4.3
protonmail-bridge_3.14.0-1_amd64/usr/lib/protonmail/bridge/lib/libQt6QuickDialogs2.so.6.4.3
protonmail-bridge_3.14.0-1_amd64/usr/lib/protonmail/bridge/lib/libQt6QuickDialogs2QuickImpl.so.6.4.3
protonmail-bridge_3.14.0-1_amd64/usr/lib/protonmail/bridge/lib/libQt6QuickDialogs2Utils.so.6.4.3
protonmail-bridge_3.14.0-1_amd64/usr/lib/protonmail/bridge/lib/libQt6QuickLayouts.so.6.4.3
protonmail-bridge_3.14.0-1_amd64/usr/lib/protonmail/bridge/lib/libQt6QuickTemplates2.so.6.4.3
protonmail-bridge_3.14.0-1_amd64/usr/lib/protonmail/bridge/lib/libQt6QuickWidgets.so.6.4.3
protonmail-bridge_3.14.0-1_amd64/usr/lib/protonmail/bridge/lib/libQt6Sql.so.6.4.3
protonmail-bridge_3.14.0-1_amd64/usr/lib/protonmail/bridge/lib/libQt6Svg.so.6.4.3
protonmail-bridge_3.14.0-1_amd64/usr/lib/protonmail/bridge/lib/libQt6WaylandClient.so.6.4.3
protonmail-bridge_3.14.0-1_amd64/usr/lib/protonmail/bridge/lib/libQt6WaylandEglClientHwIntegration.so.6.4.3
protonmail-bridge_3.14.0-1_amd64/usr/lib/protonmail/bridge/lib/libQt6Widgets.so.6.4.3
protonmail-bridge_3.14.0-1_amd64/usr/lib/protonmail/bridge/lib/libQt6WlShellIntegration.so.6.4.3
protonmail-bridge_3.14.0-1_amd64/usr/lib/protonmail/bridge/lib/libQt6XcbQpa.so.6.4.3
protonmail-bridge_3.14.0-1_amd64/usr/lib/protonmail/bridge/lib/libQt6Xml.so.6.4.3The version I packaged for Nixpkgs uses the latest version of Qt 6 available in Nixpkgs. I'd imagine other distros (definitely Arch, given this issue) build it with a newer version of Qt too.
Ubuntu and Fedora don't actually package it at all. If users want support from Proton AG they are apparently supposed to use the version provided by Proton AG (that we've shown is potentially insecure due to it bundling Qt 6.4.3).
gabor-meszaros
commented
19 hours ago Thank you everyone for sharing your feedback. Unfortunately, I cannot add much more than what I have already shared. Arch Linux is not a Proton supported operating system, updating Qt just for Arch Linux has negative implications for other Bridge users.
Proton Mail Bridge works correctly on the latest version of Ubuntu and Fedora workstation (Ubuntu 24.10, Ubuntu 24.04 LTS, Fedora Workstation 40). If you encounter any issues on any supported operating systems, please contact Proton customer support directly. Technical heavy questions will be forwarded to the development team.
Customer support often tries to help users who are on a non-supported operating system, but we don't have test environments other than what we support so the help that we can provide is limited. In those cases, contacting the customer support of you OS provider is what we recommend.
If you would like your operating system to be supported by Proton Mail Bridge, I encourage you to make a request on user voice and ask your community to upvote your request.
Last but not least, if you are aware of any reproducible exploit that Bridge or any other Proton product is vulnerable to (related to Qt or not), we are very thankful if you submit a bug bounty report via our bug bounty program. Thank you in advance! 🙏
ProtonMail Bridge fails to start / run with
Qt 6.8.Trying to run
protonmail-bridgeon a system running withQt 6.8(e.g. Arch Linux) results in the following errors:It runs as expected with
Qt 6.7.Expected Behavior
ProtonMail Bridge to start and run properly with
Qt 6.8.Current Behavior
ProtonMail Bridge fails to start with
Qt 6.8Possible Solution
I unfortunately don't have a possible solution to provide, but given that ProtonMail Bridge runs properly with
Qt 6.7, this is most likely a compatibility issue withQt 6.8(e.g. usage of Qt instruction(s) that got modified or deprecated inQt 6.8).Steps to Reproduce
Qt 6.8(e.g. from Arch Linux:pacman -S protonmail-bridge)protonmail-bridgefrom the terminal)Version Information
v3.14.0