Ibus causes gnome-shell to freeze when password fields are selected in Firefox

Attached is the debdiff for bionic which restores ibus-xx-f19-password.patch

Status changed to 'Confirmed' because the bug affects multiple users.

The attachment "ibus debdiff for bionic" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]

Thanks for the report Matthew. I appreciate all the work to prepare a SRU bug and a debdiff, but the very first step would be to reliably reproduce the issue. As far as I can tell this hasn't been reported by anyone else, which makes it likely to be an isolated issue on a very specific setup, and thus not necessarily a good candidate for a SRU. Can you get the person who reported the issue to provide more details on their setup (is it stock Ubuntu or a derivative, is it fully up-to-date, which desktop environment, what are the exact versions of gnome-shell, firefox and ibus). Thanks!

Hi Oliver,

Full details from the environment which has the problem:

Affected machines are all running Bionic and are fully patched.
firefox: 68.0.1+build1-0ubuntu0.18.04.1
gnome-shell: 3.28.4-0ubuntu18.04.1
ibus: 1.5.17-3ubuntu4

Machines are accessed as a VDI through VMware Horizon 7.9.0, and users who have
problems are using Gnome 3.

After discussing this with Eric D, we agreed that it might be a better idea to
not restore the old ibus-xx-f19-password.patch and instead go with the upstream
solution of https://github.com/ibus/ibus/commit/f328fd67f479faa46ca87bf3c85eed7080ec5ec0
which implements the same functionality, but hides it behind two environment
variables, IBUS_DISCARD_PASSWORD and IBUS_DISCARD_PASSWORD_APPS.

To be honest, I think this approach is better since it doesn't change any
default behaviour and the fix is opt in for environments which need it. Plus
this is present in cosmic, disco and eoan, and will be available in the future
20.04 LTS.

I have tried my best to reproduce this, but I have not had any luck. I think
this solution is probably the best for all parties, and this has been tested
successfully in the affected environment, so I have made a new debdiff with the
above patch.

I would like to determine and fix the root cause, but that might be a little
challenging, and this is a sufficient workaround.

Revised debdiff for bionic which enables the environment variables IBUS_DISCARD_PASSWORD and IBUS_DISCARD_PASSWORD_APPS

Sponsored for Bionic.

* Patch already found in Cosmic onwards.
* Patch has been tested pre-SRU with an impact user.
* Nitpick: I have added the upstream bug link in the DEP3 header -> +Bug-Upstream: https://github.com/ibus/ibus/issues/2002

Thanks Matthew !

The issue seems quite serious, although the downside of it is that it only affects certain users on certain environments. Before accepting this into -proposed I'd like to know a bit more: you mentioned in the impact field that the bug is impacting users (or one user?) on VMware Horizon VDI, but then followed up that you can't reproduce it. Does it mean you can't reproduce it reliably on the same environment? Do we know how many people are actually affected by this bug?

I'm fine with leaving the verification of the bug to a certain set of actually affected users - as long as we can get solid feedback from them when using the -proposed packages.

I'm a bit reluctant to accept a upload fixing a bug that is not reliably reproducible and that I don't know how many actual users are affected by. Even in the case where the changes are hidden behind an environment variable. The change here seems solid, but any unneeded change like this can cause a regression, for instance if after some time the CHECK_APP_IN_CSV_ENV_VARIABLES macro turns out subtly buggy (highly improbable, but...), breaking otherwise unaffected users. Ibus is quite a core component.

Could you provide this information for me before we proceed?

Hi Lukasz,

We are in luck, after some very helpful debugging done by the customer, I have
been able to reliably reproduce this issue myself.

Firstly, this issue only affects users of Ubuntu inside a VMware Horizon VDI,
and only occurs after you install the VMware Horizon Agent for Linux.

The issue can be replicated reliably in the customer environment, and several
hundred users have been affected.

I downloaded and installed the Horizon Agent
VMware-horizonagent-linux-x86_64-7.9.0-13916467.tar.gz in my test 18.04 VM.

Download location [1] (Requires registration)
Installation Instructions [2]

I now see gnome-shell and firefox act strange, with a large delay in input to
the password field and having the box clearing randomly.

The customer also sees this behaviour. If the customer enables NVIDIA GRID
graphics acceleration, then gnome-shell freezes instead of having the large
input delay. Disabling graphics acceleration shows the behaviour I can
reproduce, of seeing large input delay and intermittent gnome-shell lockups.

I did some digging, and it seems the Horizon agent replaces some gnome-shell
libraries with its own.

# openssl sha256 ./usr/lib/gnome-shell/libgnome-shell.so
bd86f21646db0be70139fa75879c6e56dd28b849bfc4a8ed4fae390c8baddddc
# openssl sha256 ./home/ubuntu/VMware-horizonagent-linux-x86_64-7.9.0-13916467/sso/ubuntu/1804/libgnome-shell.so
bd86f21646db0be70139fa75879c6e56dd28b849bfc4a8ed4fae390c8baddddc

# openssl sha256 ./usr/lib/vmware/viewagent/sso/backup/libgnome-shell.orig.so
381698f0554e53512c3627afd170dcd1567fa833d9a0e19fb36c0054296ead00
# openssl sha256 ./home/ubuntu/VMware-horizonagent-linux-x86_64-7.9.0-13916467/sso/ubuntu/1804/libgnome-shell.orig.so
381698f0554e53512c3627afd170dcd1567fa833d9a0e19fb36c0054296ead00

VMware Horizon has a feature called "True SSO" [3] which seems to enable users
to authenticate once to the VMware Identity Manager, and then use a SSO token
afterwards to log into supported websites.

From what I can see, VMware have built their own custom gnome-shell libraries
and modified their library to implement the True SSO feature, which probably
uses interactions between gnome-shell and ibus to detect password input fields
and automate password entry.

When I revert the custom gnome-shell library to the one Canonical provides in
the Ubuntu 18.04 main archive, the issue is fixed, and I can enter text in
password fields normally.

From our side, Canonical cannot support these custom gnome-shell libraries,
since we do not have source code for them and we don't know whats in them or
how they are built.

What we can do is work around them, and the proposed change to ibus does
exactly that. With those environment variables in place, input is "discarded"
by ibus and passed directly into the application, and likely skips the
"True SSO" functionality which is breaking Firefox.

A case has now been opened with VMware so they can fix their custom gnome-shell
libraries, but for now, the ibus workaround is a agreeable solution for this
customer, mostly since they do not use the "True SSO" functionality.

I can now replicate the problem, and customer is also on board to test the
-proposed package in their...

Excellent. If the issue is reproducible and affects multiple users, this seems like a +1 on the SRU.

Hello Matthew, or anyone else affected,

Accepted ibus into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ibus/1.5.17-3ubuntu5 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

I enabled bionic-proposed and installed ibus, ibus-gtk, ibus-gtk3 versions 1.5.17-3ubuntu5.

I ran the test in a bionic VM which had VMware Horizon Agent for Linux installed, version 7.9.0-13916467.

Running firefox with no environment variables caused long input delays and small lockups with the affected gnome-shell library shipped by VMware Horizon.

When enabling the following environment variables for ibus which are implemented as part of this SRU:

$ env IBUS_DISCARD_PASSWORD=1 firefox
and
$ export IBUS_DISCARD_PASSWORD_APPS="firefox"
$ firefox

I could enter text into password fields in firefox with no problems at all, and the problem is fixed.

The customer has also validated that the fix works in their VMware Horizon environment, and the problem is solved.

I am happy to mark this as verified.

This bug was fixed in the package ibus - 1.5.17-3ubuntu5

---------------
ibus (1.5.17-3ubuntu5) bionic; urgency=medium

  * debian/patches/ubuntu-password-discard-environment-variables.patch:
    - Added upstream patch which implements selective ignoring of processing
      inputs to password fields based on two new environment variables,
      IBUS_DISCARD_PASSWORD and IBUS_DISCARD_PASSWORD_APPS (LP: #1838358)

 -- Matthew Ruffell <email address hidden> Thu, 01 Aug 2019 16:07:31 +1200

The verification of the Stable Release Update for ibus has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.