Bug 35428 - novnc: Switch to upstream package from Debian
novnc: Switch to upstream package from Debian
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Virtualization - UVMM
UCS 4.4
All Linux
: P3 normal (vote)
: UCS 4.4-2-errata
Assigned To: Florian Best
Philipp Hahn
https://hutten.knut.univention.de/med...
:
: 34030 49178 (view as bug list)
Depends on: 35425
Blocks: 33576
  Show dependency treegraph
 
Reported: 2014-07-22 09:28 CEST by Philipp Hahn
Modified: 2019-11-20 13:26 CET (History)
5 users (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score: 6.8 (CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Philipp Hahn univentionstaff 2014-07-22 09:28:34 CEST
+++ This bug was initially created as a clone of Bug #35425 +++
We should consider removing our own old copy of noVNC from ucs-4.0-0/virtualization/univention-novnc in favor of the newer version in Debian Wheezy.

We should probably remove the hard dependency on "nova-common" and disable ./utils/nova-novncproxy and ./debian/novnc.init.
Comment 1 Philipp Hahn univentionstaff 2017-03-15 15:57:14 CET
univention-novnc contains a stale copy of novnc-0.4.
It is unmaintained and has at least one known security vulnerability CVE-2013-7436 <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778618>
Debian has it fixed: <https://packages.debian.org/source/jessie/novnc>
Comment 2 Philipp Hahn univentionstaff 2017-05-02 17:19:22 CEST
Debian only has 0.4 packages; consider <https://github.com/novnc/noVNC> which is aiming for <https://github.com/novnc/noVNC/milestones> 0.7
Comment 3 Philipp Hahn univentionstaff 2019-03-19 17:52:09 CET
Debian Buster will probably have v1.1 <https://tracker.debian.org/pkg/novnc>
Comment 4 Mathieu Simon 2019-10-09 08:13:32 CEST
Confirmed, buster does have v1.1 in its release: https://packages.debian.org/buster/novnc
Comment 5 Florian Best univentionstaff 2019-11-13 14:05:08 CET
*** Bug 49178 has been marked as a duplicate of this bug. ***
Comment 6 Florian Best univentionstaff 2019-11-13 16:12:35 CET
novnc 1:1.0.0-1 has been imported from Debian buster.
The novnc fork has been removed from our git repoistory and replaced with a dependency.
The novnc version has an favicon in the new version. I think this is okay and shouldn't be replaced with an univention icon?

The init script has been migrated to a systemd service.
I tried starting it as novnc:nogroup but this currently fails (Bug #49043).

The websockify service is started with Python 3, I think this is the best to keep migration efford less.

univention-novnc.yaml
7249c83046c0 | YAML Bug #35428

novnc.yaml
7249c83046c0 | YAML Bug #35428

univention-novnc (3.0.0-2)
a623bc3b7990 | Bug #35428: replace init script with systemd service
d0db8ed9abbd | Bug #35428: use python3-websockify
a5ddf5e85077 | Bug #35428: use upstream debian package from buster
Comment 7 Florian Best univentionstaff 2019-11-13 16:16:21 CET
*** Bug 34030 has been marked as a duplicate of this bug. ***
Comment 8 Florian Best univentionstaff 2019-11-14 10:23:18 CET
Another commit has been added which places the executable script in /usr/lib/univention-novnc/websockify:

univention-novnc (3.0.0-3)
c4e629a1ee01 | Bug #35428: don't use /usr/bin/

The approach to replace websockify with libvirt-console-proxy has been moved to Bug #50494.
Comment 9 Florian Best univentionstaff 2019-11-14 14:05:37 CET
I could push novnc to the maintained testing repository:
# apt policy novnc
novnc:
 *** 1:1.0.0-1A~4.4.0.201911131601 500
        500 http://omar.knut.univention.de/build2 ucs_4.4-0-errata4.4-2/all/ Packages
        500 http://updates-test.software-univention.de/4.4/maintained/component 4.4-2-errata-test/all/ Packages

I could not get it to maintained for python3-websockify. Added the advisory:

websockify.yaml
4b5f75958a76 | YAML Bug #35428
Comment 10 Philipp Hahn univentionstaff 2019-11-14 17:07:46 CET
(In reply to Florian Best from comment #9)
> I could not get it to maintained for python3-websockify. Added the advisory:
> 
> websockify.yaml
> 4b5f75958a76 | YAML Bug #35428

The package does not exist in that scope:
> scope: ucs_4.4-0-errata4.4-2
See <http://xen1.knut.univention.de:8000/packages/source/websockify/>

I `reop-copy-dsc` it to said scope, re-calculated the maintained packages, and pushed to testing:
<https://jenkins.knut.univention.de:8181/view/Publish/job/UCS-4.4/job/PublishErrataTest/387/console>
Comment 11 Felix Botner univentionstaff 2019-11-19 09:40:06 CET
Seems that python-oslo.config is missing (maintained?), this breaks 20_appcenter.20_can_apps_be_installed.master091 in our jenkins tests

$ apt-get install univention-novnc
Die folgenden Pakete haben unerfüllte Abhängigkeiten:
 univention-novnc : Hängt ab von: novnc soll aber nicht installiert werden
E: Probleme können nicht korrigiert werden, Sie haben zurückgehaltene defekte Pakete.

$ apt-get install novnc              
Die folgenden Pakete haben unerfüllte Abhängigkeiten:
 novnc : Hängt ab von: python-novnc soll aber nicht installiert werden
E: Probleme können nicht korrigiert werden, Sie haben zurückgehaltene defekte Pakete.

$ apt-get install python-novnc
Die folgenden Pakete haben unerfüllte Abhängigkeiten:
 python-novnc : Hängt ab von: python-oslo.config ist aber nicht installierbar
E: Probleme können nicht korrigiert werden, Sie haben zurückgehaltene defekte Pakete.

$ apt-get install python-oslo.config
E: Für Paket »python-oslo.config« existiert kein Installationskandidat.
Comment 12 Philipp Hahn univentionstaff 2019-11-19 15:46:20 CET
[4.4-2] 5de7b0f476 Bug #35428: novnc 1:1.0.0-1A~4.4.0.201911131601
 Move package dependencies to maintained:

 doc/errata/staging/novnc.yaml                |  2 +-
 doc/errata/staging/python-debtcollector.yaml | 11 +++++++++++
 doc/errata/staging/python-oslo.config.yaml   | 11 +++++++++++
 doc/errata/staging/python-oslo.i18n.yaml     | 11 +++++++++++
 doc/errata/staging/python-rfc3986.yaml       | 11 +++++++++++
 doc/errata/staging/python-wrapt.yaml         | 11 +++++++++++
 doc/errata/staging/stevedore.yaml            | 11 +++++++++++
 doc/errata/staging/websockify.yaml           |  2 +-
 8 files changed, 68 insertions(+), 2 deletions(-)
Comment 13 Philipp Hahn univentionstaff 2019-11-19 15:53:05 CET
dpkg: Fehler beim Bearbeiten des Archivs /tmp/root/apt-dpkg-install-xpqYiQ/11-novnc_1%3a1.0.0-1A~4.4.0.201911131601_all.deb (--unpack):
 Versuch, »/usr/share/novnc/vnc.html« zu überschreiben, welches auch in Paket univention-novnc 2.0.0-2A~4.3.0.201712211526 ist
Comment 14 Philipp Hahn univentionstaff 2019-11-19 16:26:17 CET
(In reply to Philipp Hahn from comment #13)
> dpkg: Fehler beim Bearbeiten des Archivs
> /tmp/root/apt-dpkg-install-xpqYiQ/11-novnc_1%3a1.0.0-1A~4.4.0.
> 201911131601_all.deb (--unpack):
>  Versuch, »/usr/share/novnc/vnc.html« zu überschreiben, welches auch in
> Paket univention-novnc 2.0.0-2A~4.3.0.201712211526 ist

[4.4-2] ffdf1b26d0 Bug #35428 noVNC: Fix package upgrade
 virtualization/univention-novnc/debian/changelog                    | 6 ++++++
 virtualization/univention-novnc/debian/control                      | 4 +---
 virtualization/univention-novnc/debian/univention-novnc.maintscript | 1 +
 3 files changed, 8 insertions(+), 3 deletions(-)

r18705 | Bug #35428: Fix upgrade from univention-novnc to novnc

Package: novnc
Version: 1:1.0.0-1A~4.4.0.201911191617
Branch: ucs_4.4-0
Scope: errata4.4-2

[4.4-2] 86dcc24838 Bug #35428: univention-novnc 3.0.0-4A~4.4.0.201911191606
 doc/errata/staging/novnc.yaml            | 2 +-
 doc/errata/staging/univention-novnc.yaml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
Comment 15 Philipp Hahn univentionstaff 2019-11-19 16:32:11 CET
OK: UVMM noVNC
OK: Install
OK: apt install -t apt univention-novnc
OK: http://
OK: https://
OK: *.yaml