Ibus causes gnome-shell to freeze when password fields are selected in Firefox

Bug #1838358 reported by Matthew Ruffell on 2019-07-30
This bug affects 3 people
Affects Status Importance Assigned to Milestone
ibus (Ubuntu)
Matthew Ruffell

Bug Description


The following has been seen in a VMware Horizon VDI. I cannot reproduce this
issue myself.

When a user interacts with any password field in Firefox, gnome-shell and Firefox both freeze and the system becomes unusable. If you ssh into the system and terminate Firefox, gnome-shell unfreezes.

This only happens when the environment variable GTK_IM_MODULE is set to "ibus". If you unset the variable, or change it to
GTK_IM_MODULE=gtk-im-context-simple and then start Firefox, everything works as intended.

This has been seen before with gnome-shell 3.28.4-0ubuntu18.04.1, ibus
1.5.17-3ubuntu4 and Firefox versions starting with 68.0+build3-0ubuntu0.18.04.1

Note: Chrome[ium] and other applications do not trigger it, and it cannot be
reproduced in other desktop environments.

This seems to be an interaction issue between ibus and gnome-shell.

[Test Case]

Launch firefox from within a gnome-session, making sure the GTK_IM_MODULE is set to "ibus". Note, this is the default value.

$ env GTK_IM_MODULE="ibus" firefox

Navigate to any website which has a password field. Wikipedia or Reddit will do.

Click a password field and attempt to enter text. Firefox and gnome-shell both lock up and stay frozen for an extended period of time.

Now, try it with the fix by enabling:


When you enter text into a password field, ibus should directly pass through
the text and the problem will be solved.

We can also ask it to always apply for a specific application with:

$ firefox

Again, when you enter text into a password input field, the problem will be

Test package is available here:


Please test with the revised version, 1.5.17-3ubuntu4+sf235370v20190731b1.

[Regression Potential]

This change has a low risk of regression, because the default behaviour is
unchanged. To be able to use the password input field discard functionality, a user has to explicitly set an environment variable for the specific process, or set a regex that matches a process name.

This means the fix is not enabled by default on any machines, and will only be utilised by those suffering problems and go and manually set environment variables or have their system administrator enable the environment variables permanently.

This commit is present in upstream ibus from version ibus-1.5.19 onward, and is currently present in cosmic, disco and eoan.

If a regression occurs, users can ensure that the environment variables are unset and continue working.

[Other info]

* This patch is functionally the same as ibus-xx-f19-password.patch, but just hides the features behind environment variables.

* When ibus is built with the patch ibus-xx-f19-password.patch which was dropped in ibus-1.5.17-2, the problem is solved.

Instead of using ibus-xx-f19-password.patch, we will instead fix it with
upstream commit f328fd67f479faa46ca87bf3c85eed7080ec5ec0:


Subject: client/gtk2: Add IBUS_DISCARD_PASSWORD for firefox and chrome
Author: fujiwarat <email address hidden>

This implements the password discard functionality found in
ibus-xx-f19-password.patch and places it behind two environment variables,

lets you set a regex of process names to filter and enable the fix for.

If IBUS_DISCARD_PASSWORD is set or IBUS_DISCARD_PASSWORD_APPS is set with the process name which input is being placed into password fields, ibus will pass through the input to the application without any processing.

* This only affect Bionic

- Upstream first introduction:
$ git describe --contains f328fd67f479faa46ca87bf3c85eed7080ec5ec0

- Ubuntu ibus current version found in the archive:
$ rmadison ibus
 ==> ibus | 1.5.17-3ubuntu4 | bionic
 ibus | 1.5.19-1ubuntu1 | cosmic
 ibus | 1.5.19-1ubuntu2 | disco
 ibus | 1.5.19-4ubuntu2 | eoan

Changed in ibus (Ubuntu Bionic):
status: New → In Progress
assignee: nobody → Matthew Ruffell (mruffell)
importance: Undecided → Medium
description: updated
tags: added: sts
Matthew Ruffell (mruffell) wrote :

Attached is the debdiff for bionic which restores ibus-xx-f19-password.patch

tags: added: sts-sponsor
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in ibus (Ubuntu):
status: New → Confirmed

The attachment "ibus debdiff for bionic" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]

tags: added: patch
Olivier Tilloy (osomon) wrote :

Thanks for the report Matthew. I appreciate all the work to prepare a SRU bug and a debdiff, but the very first step would be to reliably reproduce the issue. As far as I can tell this hasn't been reported by anyone else, which makes it likely to be an isolated issue on a very specific setup, and thus not necessarily a good candidate for a SRU. Can you get the person who reported the issue to provide more details on their setup (is it stock Ubuntu or a derivative, is it fully up-to-date, which desktop environment, what are the exact versions of gnome-shell, firefox and ibus). Thanks!

description: updated
Matthew Ruffell (mruffell) wrote :

Hi Oliver,

Full details from the environment which has the problem:

Affected machines are all running Bionic and are fully patched.
firefox: 68.0.1+build1-0ubuntu0.18.04.1
gnome-shell: 3.28.4-0ubuntu18.04.1
ibus: 1.5.17-3ubuntu4

Machines are accessed as a VDI through VMware Horizon 7.9.0, and users who have
problems are using Gnome 3.

After discussing this with Eric D, we agreed that it might be a better idea to
not restore the old ibus-xx-f19-password.patch and instead go with the upstream
solution of https://github.com/ibus/ibus/commit/f328fd67f479faa46ca87bf3c85eed7080ec5ec0
which implements the same functionality, but hides it behind two environment

To be honest, I think this approach is better since it doesn't change any
default behaviour and the fix is opt in for environments which need it. Plus
this is present in cosmic, disco and eoan, and will be available in the future
20.04 LTS.

I have tried my best to reproduce this, but I have not had any luck. I think
this solution is probably the best for all parties, and this has been tested
successfully in the affected environment, so I have made a new debdiff with the
above patch.

I would like to determine and fix the root cause, but that might be a little
challenging, and this is a sufficient workaround.

Matthew Ruffell (mruffell) wrote :

Revised debdiff for bionic which enables the environment variables IBUS_DISCARD_PASSWORD and IBUS_DISCARD_PASSWORD_APPS

Changed in ibus (Ubuntu):
importance: Undecided → Medium
Eric Desrochers (slashd) on 2019-08-01
description: updated
Changed in ibus (Ubuntu):
status: Confirmed → Fix Released
tags: removed: sts-sponsor
Eric Desrochers (slashd) wrote :

Sponsored for Bionic.

* Patch already found in Cosmic onwards.
* Patch has been tested pre-SRU with an impact user.
* Nitpick: I have added the upstream bug link in the DEP3 header -> +Bug-Upstream: https://github.com/ibus/ibus/issues/2002

Thanks Matthew !

Łukasz Zemczak (sil2100) wrote :

The issue seems quite serious, although the downside of it is that it only affects certain users on certain environments. Before accepting this into -proposed I'd like to know a bit more: you mentioned in the impact field that the bug is impacting users (or one user?) on VMware Horizon VDI, but then followed up that you can't reproduce it. Does it mean you can't reproduce it reliably on the same environment? Do we know how many people are actually affected by this bug?

I'm fine with leaving the verification of the bug to a certain set of actually affected users - as long as we can get solid feedback from them when using the -proposed packages.

I'm a bit reluctant to accept a upload fixing a bug that is not reliably reproducible and that I don't know how many actual users are affected by. Even in the case where the changes are hidden behind an environment variable. The change here seems solid, but any unneeded change like this can cause a regression, for instance if after some time the CHECK_APP_IN_CSV_ENV_VARIABLES macro turns out subtly buggy (highly improbable, but...), breaking otherwise unaffected users. Ibus is quite a core component.

Could you provide this information for me before we proceed?

Matthew Ruffell (mruffell) wrote :
Download full text (3.6 KiB)

Hi Lukasz,

We are in luck, after some very helpful debugging done by the customer, I have
been able to reliably reproduce this issue myself.

Firstly, this issue only affects users of Ubuntu inside a VMware Horizon VDI,
and only occurs after you install the VMware Horizon Agent for Linux.

The issue can be replicated reliably in the customer environment, and several
hundred users have been affected.

I downloaded and installed the Horizon Agent
VMware-horizonagent-linux-x86_64-7.9.0-13916467.tar.gz in my test 18.04 VM.

Download location [1] (Requires registration)
Installation Instructions [2]

I now see gnome-shell and firefox act strange, with a large delay in input to
the password field and having the box clearing randomly.

The customer also sees this behaviour. If the customer enables NVIDIA GRID
graphics acceleration, then gnome-shell freezes instead of having the large
input delay. Disabling graphics acceleration shows the behaviour I can
reproduce, of seeing large input delay and intermittent gnome-shell lockups.

I did some digging, and it seems the Horizon agent replaces some gnome-shell
libraries with its own.

# openssl sha256 ./usr/lib/gnome-shell/libgnome-shell.so
# openssl sha256 ./home/ubuntu/VMware-horizonagent-linux-x86_64-7.9.0-13916467/sso/ubuntu/1804/libgnome-shell.so

# openssl sha256 ./usr/lib/vmware/viewagent/sso/backup/libgnome-shell.orig.so
# openssl sha256 ./home/ubuntu/VMware-horizonagent-linux-x86_64-7.9.0-13916467/sso/ubuntu/1804/libgnome-shell.orig.so

VMware Horizon has a feature called "True SSO" [3] which seems to enable users
to authenticate once to the VMware Identity Manager, and then use a SSO token
afterwards to log into supported websites.

From what I can see, VMware have built their own custom gnome-shell libraries
and modified their library to implement the True SSO feature, which probably
uses interactions between gnome-shell and ibus to detect password input fields
and automate password entry.

When I revert the custom gnome-shell library to the one Canonical provides in
the Ubuntu 18.04 main archive, the issue is fixed, and I can enter text in
password fields normally.

From our side, Canonical cannot support these custom gnome-shell libraries,
since we do not have source code for them and we don't know whats in them or
how they are built.

What we can do is work around them, and the proposed change to ibus does
exactly that. With those environment variables in place, input is "discarded"
by ibus and passed directly into the application, and likely skips the
"True SSO" functionality which is breaking Firefox.

A case has now been opened with VMware so they can fix their custom gnome-shell
libraries, but for now, the ibus workaround is a agreeable solution for this
customer, mostly since they do not use the "True SSO" functionality.

I can now replicate the problem, and customer is also on board to test the
-proposed package in their...


Łukasz Zemczak (sil2100) wrote :

Excellent. If the issue is reproducible and affects multiple users, this seems like a +1 on the SRU.

Hello Matthew, or anyone else affected,

Accepted ibus into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ibus/1.5.17-3ubuntu5 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in ibus (Ubuntu Bionic):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-bionic
Matthew Ruffell (mruffell) wrote :

I enabled bionic-proposed and installed ibus, ibus-gtk, ibus-gtk3 versions 1.5.17-3ubuntu5.

I ran the test in a bionic VM which had VMware Horizon Agent for Linux installed, version 7.9.0-13916467.

Running firefox with no environment variables caused long input delays and small lockups with the affected gnome-shell library shipped by VMware Horizon.

When enabling the following environment variables for ibus which are implemented as part of this SRU:

$ firefox

I could enter text into password fields in firefox with no problems at all, and the problem is fixed.

The customer has also validated that the fix works in their VMware Horizon environment, and the problem is solved.

I am happy to mark this as verified.

tags: added: verification-done-bionic
removed: verification-needed verification-needed-bionic
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ibus - 1.5.17-3ubuntu5

ibus (1.5.17-3ubuntu5) bionic; urgency=medium

  * debian/patches/ubuntu-password-discard-environment-variables.patch:
    - Added upstream patch which implements selective ignoring of processing
      inputs to password fields based on two new environment variables,

 -- Matthew Ruffell <email address hidden> Thu, 01 Aug 2019 16:07:31 +1200

Changed in ibus (Ubuntu Bionic):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for ibus has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.