Hello community,
here is the log from the commit of package kaccounts-providers for
openSUSE:Factory checked in at 2020-01-14 21:04:54
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/kaccounts-providers (Old)
and /work/SRC/openSUSE:Factory/.kaccounts-providers.new.6675 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kaccounts-providers"
Tue Jan 14 21:04:54 2020 rev:57 rq:764047 version:19.12.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/kaccounts-providers/kaccounts-providers.changes
2020-01-11 14:41:41.249223889 +0100
+++
/work/SRC/openSUSE:Factory/.kaccounts-providers.new.6675/kaccounts-providers.changes
2020-01-14 21:08:43.170802757 +0100
@@ -1,0 +2,6 @@
+Mon Jan 13 14:11:28 UTC 2020 - Christophe Giboudeaux <[email protected]>
+
+- Add upstream patch to fix Google accounts:
+ * 0001-Google-provider-limit-requested-OAuth-scopes.patch
+
+-------------------------------------------------------------------
New:
----
0001-Google-provider-limit-requested-OAuth-scopes.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ kaccounts-providers.spec ++++++
--- /var/tmp/diff_new_pack.jQeD5B/_old 2020-01-14 21:08:45.682803920 +0100
+++ /var/tmp/diff_new_pack.jQeD5B/_new 2020-01-14 21:08:45.706803931 +0100
@@ -31,6 +31,7 @@
Source1:
https://download.kde.org/stable/release-service/%{version}/src/%{name}-%{version}.tar.xz.sig
Source2: applications.keyring
%endif
+Patch0: 0001-Google-provider-limit-requested-OAuth-scopes.patch
BuildRequires: cmake
BuildRequires: extra-cmake-modules
BuildRequires: intltool
@@ -51,6 +52,7 @@
%prep
%setup -q
+%patch0 -p1
%build
%cmake_kf5 -d build
++++++ 0001-Google-provider-limit-requested-OAuth-scopes.patch ++++++
>From 0a71da4e3caae0defe200a85954fc7e2012010c1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Vr=C3=A1til?= <[email protected]>
Date: Mon, 13 Jan 2020 13:48:37 +0100
Subject: [PATCH] Google provider: limit requested OAuth scopes
Summary:
Limit the scopes to what is actually permitted in the Google App settings:
contacts and calendars for future PIM integration, GDrive for KIO-GDrive,
and Youtube (upload-only) for the Purpose sharing plugin. We can extend
this in the future if needed easilly, it's easier for us to get the
Google App verified if we can proof and show how the individual scopes
are used by KDE.
Reviewers: elvisangelaccio, bshah
Reviewed By: elvisangelaccio, bshah
Differential Revision: https://phabricator.kde.org/D26454
(Merged with commit 5952bf2: Remove the extra comma)
---
providers/google.provider.in | 13 +++----------
1 file changed, 3 insertions(+), 10 deletions(-)
diff --git a/providers/google.provider.in b/providers/google.provider.in
index 638c1a9..97307af 100644
--- a/providers/google.provider.in
+++ b/providers/google.provider.in
@@ -21,22 +21,15 @@
order to return a refresh token -->
<setting name="ResponseType">code</setting>
<setting name="Scope" type="as">[
- 'https://docs.google.com/feeds/',
- 'https://www.googleapis.com/auth/googletalk',
- 'https://www.googleapis.com/auth/youtube.upload',
- 'https://www.googleapis.com/auth/youtube',
'https://www.googleapis.com/auth/userinfo.email',
'https://www.googleapis.com/auth/userinfo.profile',
- 'https://picasaweb.google.com/data/',
'https://www.googleapis.com/auth/calendar',
- 'https://www.google.com/m8/feeds/',
'https://www.googleapis.com/auth/tasks',
+ 'https://www.google.com/m8/feeds/',
'https://www.googleapis.com/auth/drive',
- 'https://www.googleapis.com/auth/drive.file',
- 'https://www.googleapis.com/auth/drive.metadata.readonly',
- 'https://www.googleapis.com/auth/drive.readonly'
+ 'https://www.googleapis.com/auth/youtube.upload'
]</setting>
- <setting name="AllowedSchemes" type="as">['https','http']</setting>
+ <setting name="AllowedSchemes" type="as">['https']</setting>
<setting
name="ClientId">317066460457-pkpkedrvt2ldq6g2hj1egfka2n7vpuoo.apps.googleusercontent.com</setting>
<setting name="ClientSecret">Y8eFAaWfcanV3amZdDvtbYUq</setting>
<setting name="ForceClientAuthViaRequestBody" type="b">true</setting>
