** Description changed: - signon-ui-x11(http://packages.ubuntu.com/xenial/signon-ui-x11) depends - on libqt5webkit5 + [Impact] - https://blogs.gnome.org/mcatanzaro/2016/02/01/on-webkit-security- - updates/ + * When declaring online accounts for use by Ubuntu, the system uses a + webview to authenticate to online services like Facebook or Google. + * On X11 desktops, that webview currently uses an old qt5webkit + component that is now unmaintained - Can it be resolved so new LTS wont be released with known webkit1 bugs/security exploits? + * Backporting this fix will simplify the maintenance work, by removing + the need for that old component, and will improve the coherence of the + system by using a supported Oxide webview + + [Test Case] + + To verify the change: + + * Go to system settings > Online Accounts + * Add account of type Google, Facebook or Twitter (which uses webview for authentication) + * Verify that a webview opens to log onto the online service + * Verify that the account is listed in the account list at the end of this process + * Verify that the related apps and services can use the online account as before (ie Shotwell photo uploads, Photos scope, etc.) + + [Regression Potential] + + * On architectures not supported by Oxide, namely ppc64el and s390x, + the change will trigger a runtime error when trying to use that part of + signon-ui. + + * The problem affects users of Ubuntu desktop systems based on X11. The + change is already in effect on Unity8/Mir devices for a few months. + + [Other Info] + + * signon-ui-x11(http://packages.ubuntu.com/xenial/signon-ui-x11) + depends on libqt5webkit5 + + * See also: https://blogs.gnome.org/mcatanzaro/2016/02/01/on-webkit- + security-updates/
** Description changed: + This is an SRU request, based on the process documented at + https://wiki.ubuntu.com/StableReleaseUpdates + + [Impact] - * When declaring online accounts for use by Ubuntu, the system uses a + * When declaring online accounts for use by Ubuntu, the system uses a webview to authenticate to online services like Facebook or Google. - * On X11 desktops, that webview currently uses an old qt5webkit + * On X11 desktops, that webview currently uses an old qt5webkit component that is now unmaintained - * Backporting this fix will simplify the maintenance work, by removing + * Backporting this fix will simplify the maintenance work, by removing the need for that old component, and will improve the coherence of the system by using a supported Oxide webview [Test Case] To verify the change: - * Go to system settings > Online Accounts - * Add account of type Google, Facebook or Twitter (which uses webview for authentication) - * Verify that a webview opens to log onto the online service - * Verify that the account is listed in the account list at the end of this process - * Verify that the related apps and services can use the online account as before (ie Shotwell photo uploads, Photos scope, etc.) + * Go to system settings > Online Accounts + * Add account of type Google, Facebook or Twitter (which uses webview for authentication) + * Verify that a webview opens to log onto the online service + * Verify that the account is listed in the account list at the end of this process + * Verify that the related apps and services can use the online account as before (ie Shotwell photo uploads, Photos scope, etc.) [Regression Potential] - * On architectures not supported by Oxide, namely ppc64el and s390x, + * On architectures not supported by Oxide, namely ppc64el and s390x, the change will trigger a runtime error when trying to use that part of signon-ui. - * The problem affects users of Ubuntu desktop systems based on X11. The + * The problem affects users of Ubuntu desktop systems based on X11. The change is already in effect on Unity8/Mir devices for a few months. [Other Info] - * signon-ui-x11(http://packages.ubuntu.com/xenial/signon-ui-x11) + * signon-ui-x11(http://packages.ubuntu.com/xenial/signon-ui-x11) depends on libqt5webkit5 - * See also: https://blogs.gnome.org/mcatanzaro/2016/02/01/on-webkit- + * See also: https://blogs.gnome.org/mcatanzaro/2016/02/01/on-webkit- security-updates/ ** Summary changed: - CRITICAL: please remove libqt5webkit dependancy + [SRU] please remove libqt5webkit dependancy ** Summary changed: - [SRU] please remove libqt5webkit dependancy + [SRU] please remove libqt5webkit dependency -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1547647 Title: [SRU] please remove libqt5webkit dependency To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/signon-ui/+bug/1547647/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
