2020-07-06 23:46:04 |
Matthew Ruffell |
bug |
|
|
added bug |
2020-07-06 23:47:34 |
Matthew Ruffell |
nominated for series |
|
Ubuntu Eoan |
|
2020-07-06 23:47:34 |
Matthew Ruffell |
bug task added |
|
gnome-shell (Ubuntu Eoan) |
|
2020-07-06 23:47:34 |
Matthew Ruffell |
nominated for series |
|
Ubuntu Groovy |
|
2020-07-06 23:47:34 |
Matthew Ruffell |
bug task added |
|
gnome-shell (Ubuntu Groovy) |
|
2020-07-06 23:47:34 |
Matthew Ruffell |
nominated for series |
|
Ubuntu Bionic |
|
2020-07-06 23:47:34 |
Matthew Ruffell |
bug task added |
|
gnome-shell (Ubuntu Bionic) |
|
2020-07-06 23:47:34 |
Matthew Ruffell |
nominated for series |
|
Ubuntu Focal |
|
2020-07-06 23:47:34 |
Matthew Ruffell |
bug task added |
|
gnome-shell (Ubuntu Focal) |
|
2020-07-06 23:47:50 |
Matthew Ruffell |
gnome-shell (Ubuntu Bionic): status |
New |
In Progress |
|
2020-07-06 23:47:53 |
Matthew Ruffell |
gnome-shell (Ubuntu Focal): status |
New |
In Progress |
|
2020-07-06 23:47:56 |
Matthew Ruffell |
gnome-shell (Ubuntu Groovy): status |
New |
In Progress |
|
2020-07-06 23:48:03 |
Matthew Ruffell |
gnome-shell (Ubuntu Eoan): status |
New |
Won't Fix |
|
2020-07-06 23:48:13 |
Matthew Ruffell |
gnome-shell (Ubuntu Bionic): assignee |
|
Matthew Ruffell (mruffell) |
|
2020-07-06 23:48:15 |
Matthew Ruffell |
gnome-shell (Ubuntu Focal): assignee |
|
Matthew Ruffell (mruffell) |
|
2020-07-06 23:48:17 |
Matthew Ruffell |
gnome-shell (Ubuntu Groovy): assignee |
|
Matthew Ruffell (mruffell) |
|
2020-07-06 23:49:03 |
Matthew Ruffell |
tags |
|
sts |
|
2020-07-07 01:56:22 |
Daniel van Vugt |
gnome-shell (Ubuntu Groovy): status |
In Progress |
Fix Committed |
|
2020-07-07 01:56:35 |
Daniel van Vugt |
tags |
sts |
bionic fixed-in-3.37.3 fixed-upstream focal groovy sts |
|
2020-07-07 01:57:16 |
Daniel van Vugt |
gnome-shell (Ubuntu Bionic): importance |
Undecided |
Wishlist |
|
2020-07-07 01:57:19 |
Daniel van Vugt |
gnome-shell (Ubuntu Focal): importance |
Undecided |
Wishlist |
|
2020-07-07 01:57:21 |
Daniel van Vugt |
gnome-shell (Ubuntu Groovy): importance |
Undecided |
Wishlist |
|
2020-07-07 01:57:32 |
Daniel van Vugt |
bug watch added |
|
https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/1983 |
|
2020-07-07 01:57:32 |
Daniel van Vugt |
bug task added |
|
gnome-shell |
|
2020-07-07 01:58:14 |
Daniel van Vugt |
bug |
|
|
added subscriber Daniel van Vugt |
2020-09-11 15:51:03 |
Launchpad Janitor |
gnome-shell (Ubuntu Groovy): status |
Fix Committed |
Fix Released |
|
2020-09-11 15:51:03 |
Launchpad Janitor |
cve linked |
|
2020-17489 |
|
2020-10-18 23:00:23 |
Matthew Ruffell |
description |
[Impact]
VMware Horizon is a VDI product that runs atop of VMware's normal virtualisation stack, and it supports SSO authentication for login.
In the past, the VMware Horizon agent has been pretty buggy, and requires SSO patches to be present to function, otherwise it breaks and causes entire outages for anyone trying to use the VDI.
To solve this, VMware had been custom compiling their own libgnome-shell.so libraries with their SSO patches, which are based on oVirt's SSO implementation. When you install VMware Horizon agent to the instance, it overwrites Ubuntu's libgnome-shell.so with their custom compiled one.
VMware don't keep their custom compiled libgnome-shell.so library up to date, so bugs that have already been fixed still live on in their library. Also, when Ubuntu updates our gnome-shell packages, it overwrites the custom libgnome-shell.so library, which then causes the Horizon agent to break, and causes outages for anyone using the VDI, which have to be solved by manually copying the custom library back.
This situation is untenable for VMware Horizon users, so I have asked VMware to upstream their SSO patches. After a long painful process, they have landed in gnome-shell master.
This SRU will significantly improve the quality of life for VMware Horizon users, and will remove the need for VMware to distribute custom libraries.
[Testcase]
You need an instance that runs on VMware Horizon, and the Horizon agent needs to be installed and running. Ideally, SSO authentication should be enabled to test all features, but it is not necessary to partially test.
Test packages are available in this ppa:
https://launchpad.net/~mruffell/+archive/ubuntu/sf247978-test
If you install the test package in a VMware Horizon VDI, the instance should come up cleanly after reboot and function properly, especially with SSO login.
The instance should be able to function without custom libgnome-shell.so libraries provided by VMware.
[Regression Potential]
The code refactors the oVirt SSO implementation into a more generalised interface, which other virtualisation platforms can use. oVirt has been transitioned to this interface as part of the refactoring, which means that any if the new oVirt SSO implementation is broken, it could break users running in oVirt.
VMware's patches also use the new generalised interface, which is much simpler than before, and it has been tested internally by VMware. There was a very long review process with upstream GNOME, which ironed out all of their concerns.
I have been reviewing the code along the way, and I am confident that it will not cause any regressions. If a regression did occur, then it would break SSO functionality only.
[Other Information]
Upstream Issue: https://gitlab.gnome.org/GNOME/gnome-shell/issues/1983
Upstream merge-request: https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/915
Commits:
commit 809f820cd4a4eebb120ab5dde3f1985d35bcb540
Author: yun341 <5933468@qq.com>
Date: Sat, 4 Jan 2020 00:31:15 +0800
Subject: gdm: Refactor oVirt to a generic CredentialManager interface
Link: https://gitlab.gnome.org/GNOME/gnome-shell/-/commit/809f820cd4a4eebb120ab5dde3f1985d35bcb540
commit 4ea0fca4fc09ffd6e0b6994ee1354f07f7d5d2b5
Author: yun341 <5933468@qq.com>
Date: Thu, 2 Jul 2020 06:54:55 +0800
Subject: gdm: Introduce vmware credential manager for pre-authenticated logins
Link: https://gitlab.gnome.org/GNOME/gnome-shell/-/commit/4ea0fca4fc09ffd6e0b6994ee1354f07f7d5d2b5 |
[Impact]
VMware Horizon is a VDI product that runs atop of VMware's normal virtualisation stack, and it supports SSO authentication for login.
In the past, the VMware Horizon agent has been pretty buggy, and requires SSO patches to be present to function, otherwise it breaks and causes entire outages for anyone trying to use the VDI.
To solve this, VMware had been custom compiling their own libgnome-shell.so libraries with their SSO patches, which are based on oVirt's SSO implementation. When you install VMware Horizon agent to the instance, it overwrites Ubuntu's libgnome-shell.so with their custom compiled one.
VMware don't keep their custom compiled libgnome-shell.so library up to date, so bugs that have already been fixed still live on in their library. Also, when Ubuntu updates our gnome-shell packages, it overwrites the custom libgnome-shell.so library, which then causes the Horizon agent to break, and causes outages for anyone using the VDI, which have to be solved by manually copying the custom library back.
This situation is untenable for VMware Horizon users, so I have asked VMware to upstream their SSO patches. After a long painful process, they have landed in gnome-shell master.
This SRU will significantly improve the quality of life for VMware Horizon users, and will remove the need for VMware to distribute custom libraries.
[Testcase]
You need an instance that runs on VMware Horizon, and the Horizon agent needs to be installed and running. Ideally, SSO authentication should be enabled to test all features, but it is not necessary to partially test.
Test packages are available in this ppa:
https://launchpad.net/~mruffell/+archive/ubuntu/sf247978-test
If you install the test package in a VMware Horizon VDI, the instance should come up cleanly after reboot and function properly, especially with SSO login.
The instance should be able to function without custom libgnome-shell.so libraries provided by VMware.
[Regression Potential]
The code refactors the oVirt SSO implementation into a more generalised interface, which other virtualisation platforms can use. oVirt has been transitioned to this interface as part of the refactoring, which means that any if the new oVirt SSO implementation is broken, it could break users running in oVirt.
VMware's patches also use the new generalised interface, which is much simpler than before, and it has been tested internally by VMware. There was a very long review process with upstream GNOME, which ironed out all of their concerns.
I have been reviewing the code along the way, and I am confident that it will not cause any regressions. If a regression did occur, then it would break SSO functionality only.
[Other Information]
Upstream Issue: https://gitlab.gnome.org/GNOME/gnome-shell/issues/1983
Upstream merge-request: https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/915
Commits:
commit 809f820cd4a4eebb120ab5dde3f1985d35bcb540
Author: yun341 <5933468@qq.com>
Date: Sat, 4 Jan 2020 00:31:15 +0800
Subject: gdm: Refactor oVirt to a generic CredentialManager interface
Link: https://gitlab.gnome.org/GNOME/gnome-shell/-/commit/809f820cd4a4eebb120ab5dde3f1985d35bcb540
commit 4ea0fca4fc09ffd6e0b6994ee1354f07f7d5d2b5
Author: yun341 <5933468@qq.com>
Date: Thu, 2 Jul 2020 06:54:55 +0800
Subject: gdm: Introduce vmware credential manager for pre-authenticated logins
Link: https://gitlab.gnome.org/GNOME/gnome-shell/-/commit/4ea0fca4fc09ffd6e0b6994ee1354f07f7d5d2b5
commit 00437750ed9c7e0982854e20be8c36c6bda7b254
Author: Andre Moreira Magalhaes <andre@endlessm.com>
Date: Mon Aug 17 18:41:04 2020 -0300
Subject: authPrompt: Properly get oVirt service name
Link: https://gitlab.gnome.org/GNOME/gnome-shell/-/commit/00437750ed9c7e0982854e20be8c36c6bda7b254
commit 3fb321fd214469130539e1e31461257a749bff21
Author: yun341 <5933468@qq.com>
Date: Mon Sep 21 22:11:41 2020 +0800
Subject: authPrompt: set value of beginRequestType to 'DONT_PROVIDE_USERNAME'
Link: https://gitlab.gnome.org/GNOME/gnome-shell/-/commit/3fb321fd214469130539e1e31461257a749bff21 |
|
2020-10-19 00:20:39 |
Matthew Ruffell |
attachment added |
|
gnome-shell debdiff for Focal https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/1886592/+attachment/5423914/+files/lp1886592_focal.debdiff |
|
2020-10-19 00:21:39 |
Matthew Ruffell |
attachment added |
|
gnome-shell debdiff for Bionic https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/1886592/+attachment/5423915/+files/lp1886592_bionic.debdiff |
|
2020-12-15 04:58:23 |
Marco Trevisan (Treviño) |
gnome-shell (Ubuntu Focal): status |
In Progress |
Fix Committed |
|
2020-12-15 16:43:46 |
Brian Murray |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2020-12-15 16:43:49 |
Brian Murray |
bug |
|
|
added subscriber SRU Verification |
2020-12-15 16:43:55 |
Brian Murray |
tags |
bionic fixed-in-3.37.3 fixed-upstream focal groovy sts |
bionic fixed-in-3.37.3 fixed-upstream focal groovy sts verification-needed verification-needed-focal |
|
2020-12-22 17:52:45 |
Timo Aaltonen |
gnome-shell (Ubuntu Bionic): status |
In Progress |
Fix Committed |
|
2020-12-22 17:52:52 |
Timo Aaltonen |
tags |
bionic fixed-in-3.37.3 fixed-upstream focal groovy sts verification-needed verification-needed-focal |
bionic fixed-in-3.37.3 fixed-upstream focal groovy sts verification-needed verification-needed-bionic verification-needed-focal |
|
2021-01-22 04:57:24 |
Mathew Hodson |
gnome-shell (Ubuntu Eoan): importance |
Undecided |
Wishlist |
|
2021-03-22 02:43:27 |
Matthew Ruffell |
tags |
bionic fixed-in-3.37.3 fixed-upstream focal groovy sts verification-needed verification-needed-bionic verification-needed-focal |
bionic fixed-in-3.37.3 fixed-upstream focal groovy sts verification-done-focal verification-needed verification-needed-bionic |
|
2021-03-22 03:08:42 |
Matthew Ruffell |
tags |
bionic fixed-in-3.37.3 fixed-upstream focal groovy sts verification-done-focal verification-needed verification-needed-bionic |
bionic fixed-in-3.37.3 fixed-upstream focal groovy sts verification-done-bionic verification-done-focal |
|
2021-03-25 10:36:46 |
Launchpad Janitor |
gnome-shell (Ubuntu Focal): status |
Fix Committed |
Fix Released |
|
2021-03-25 10:36:55 |
Łukasz Zemczak |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2021-04-08 09:01:37 |
Launchpad Janitor |
gnome-shell (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
2022-10-29 07:48:20 |
Bug Watch Updater |
gnome-shell: status |
Unknown |
Fix Released |
|