** Description changed: - signon-ui-x11(http://packages.ubuntu.com/xenial/signon-ui-x11) depends - on libqt5webkit5 + [Impact] - https://blogs.gnome.org/mcatanzaro/2016/02/01/on-webkit-security- - updates/ + * When declaring online accounts for use by Ubuntu, the system uses a + webview to authenticate to online services like Facebook or Google. + * On X11 desktops, that webview currently uses an old qt5webkit + component that is now unmaintained - Can it be resolved so new LTS wont be released with known webkit1 bugs/security exploits? + * Backporting this fix will simplify the maintenance work, by removing + the need for that old component, and will improve the coherence of the + system by using a supported Oxide webview + + [Test Case] + + To verify the change: + + * Go to system settings > Online Accounts + * Add account of type Google, Facebook or Twitter (which uses webview for authentication) + * Verify that a webview opens to log onto the online service + * Verify that the account is listed in the account list at the end of this process + * Verify that the related apps and services can use the online account as before (ie Shotwell photo uploads, Photos scope, etc.) + + [Regression Potential] + + * On architectures not supported by Oxide, namely ppc64el and s390x, + the change will trigger a runtime error when trying to use that part of + signon-ui. + + * The problem affects users of Ubuntu desktop systems based on X11. The + change is already in effect on Unity8/Mir devices for a few months. + + [Other Info] + + * signon-ui-x11(http://packages.ubuntu.com/xenial/signon-ui-x11) + depends on libqt5webkit5 + + * See also: https://blogs.gnome.org/mcatanzaro/2016/02/01/on-webkit- + security-updates/
** Description changed: + This is an SRU request, based on the process documented at + https://wiki.ubuntu.com/StableReleaseUpdates + + [Impact] - * When declaring online accounts for use by Ubuntu, the system uses a + * When declaring online accounts for use by Ubuntu, the system uses a webview to authenticate to online services like Facebook or Google. - * On X11 desktops, that webview currently uses an old qt5webkit + * On X11 desktops, that webview currently uses an old qt5webkit component that is now unmaintained - * Backporting this fix will simplify the maintenance work, by removing + * Backporting this fix will simplify the maintenance work, by removing the need for that old component, and will improve the coherence of the system by using a supported Oxide webview [Test Case] To verify the change: - * Go to system settings > Online Accounts - * Add account of type Google, Facebook or Twitter (which uses webview for authentication) - * Verify that a webview opens to log onto the online service - * Verify that the account is listed in the account list at the end of this process - * Verify that the related apps and services can use the online account as before (ie Shotwell photo uploads, Photos scope, etc.) + * Go to system settings > Online Accounts + * Add account of type Google, Facebook or Twitter (which uses webview for authentication) + * Verify that a webview opens to log onto the online service + * Verify that the account is listed in the account list at the end of this process + * Verify that the related apps and services can use the online account as before (ie Shotwell photo uploads, Photos scope, etc.) [Regression Potential] - * On architectures not supported by Oxide, namely ppc64el and s390x, + * On architectures not supported by Oxide, namely ppc64el and s390x, the change will trigger a runtime error when trying to use that part of signon-ui. - * The problem affects users of Ubuntu desktop systems based on X11. The + * The problem affects users of Ubuntu desktop systems based on X11. The change is already in effect on Unity8/Mir devices for a few months. [Other Info] - * signon-ui-x11(http://packages.ubuntu.com/xenial/signon-ui-x11) + * signon-ui-x11(http://packages.ubuntu.com/xenial/signon-ui-x11) depends on libqt5webkit5 - * See also: https://blogs.gnome.org/mcatanzaro/2016/02/01/on-webkit- + * See also: https://blogs.gnome.org/mcatanzaro/2016/02/01/on-webkit- security-updates/ ** Summary changed: - CRITICAL: please remove libqt5webkit dependancy + [SRU] please remove libqt5webkit dependancy ** Summary changed: - [SRU] please remove libqt5webkit dependancy + [SRU] please remove libqt5webkit dependency -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to signon-ui in Ubuntu. https://bugs.launchpad.net/bugs/1547647 Title: [SRU] please remove libqt5webkit dependency Status in signon-ui package in Ubuntu: Fix Released Status in signon-ui source package in Xenial: In Progress Status in signon-ui source package in Yakkety: Fix Released Bug description: This is an SRU request, based on the process documented at https://wiki.ubuntu.com/StableReleaseUpdates [Impact] * When declaring online accounts for use by Ubuntu, the system uses a webview to authenticate to online services like Facebook or Google. * On X11 desktops, that webview currently uses an old qt5webkit component that is now unmaintained * Backporting this fix will simplify the maintenance work, by removing the need for that old component, and will improve the coherence of the system by using a supported Oxide webview [Test Case] To verify the change: * Go to system settings > Online Accounts * Add account of type Google, Facebook or Twitter (which uses webview for authentication) * Verify that a webview opens to log onto the online service * Verify that the account is listed in the account list at the end of this process * Verify that the related apps and services can use the online account as before (ie Shotwell photo uploads, Photos scope, etc.) [Regression Potential] * On architectures not supported by Oxide, namely ppc64el and s390x, the change will trigger a runtime error when trying to use that part of signon-ui. * The problem affects users of Ubuntu desktop systems based on X11. The change is already in effect on Unity8/Mir devices for a few months. [Other Info] * signon-ui-x11(http://packages.ubuntu.com/xenial/signon-ui-x11) depends on libqt5webkit5 * See also: https://blogs.gnome.org/mcatanzaro/2016/02/01/on-webkit- security-updates/ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/signon-ui/+bug/1547647/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
