Bug 2230099 - Please upgrade to signon-ui 0.17
Summary: Please upgrade to signon-ui 0.17
Keywords:
Status: NEW
Alias: None
Product: Fedora
Classification: Fedora
Component: signon-ui
Version: 39
Hardware: x86_64
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Rex Dieter
QA Contact: Fedora Extras Quality Assurance
URL: https://bugs.kde.org/show_bug.cgi?id=...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-08-08 17:44 UTC by Bernie Innocenti
Modified: 2024-01-24 12:51 UTC (History)
13 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Bernie Innocenti 2023-08-08 17:44:27 UTC
It appears that signon-ui 0.15 causes the bug reported here:
https://bugs.kde.org/show_bug.cgi?id=420280#c40

Multiple users report no issues with 0.17, which was released 5 years ago on GitLab:
https://gitlab.com/accounts-sso/signon-ui/-/commits/master?ref_type=heads


Reproducible: Always

Comment 1 imanolbarba 2023-08-15 19:38:23 UTC
I was able to fix the mentioned bug by updating the `signon-ui` package as indicated by the reporter.

Just keep it mind it's not just updating the version, it's changing the upstream URL to a fork of the original package.

I was able to build the package that fix the bug applying the following changes to the SPEC file for the `signon-ui` package:

```
--- signon-ui.spec.orig 2023-08-15 20:48:44.395812563 +0200
+++ signon-ui.spec      2023-08-15 21:27:53.028272559 +0200
@@ -1,14 +1,12 @@
 Name:           signon-ui
-Version:        0.15
+Version:        0.17+15.10.20150810
 Release:        19%{?dist}
 Summary:        Online Accounts Sign-on Ui
 
 License:        GPLv3
-URL:            https://launchpad.net/signon-ui
+URL:            https://gitlab.com/accounts-sso/signon-ui
 
-Source0:        https://launchpad.net/signon-ui/trunk/%{version}/+download/signon-ui-%{version}.tar.bz2
-
-Patch0:         signon-ui-0.15-fix-qt5-build.patch
+Source0:        https://gitlab.com/accounts-sso/signon-ui/-/archive/%{version}-0ubuntu1/signon-ui-%{version}-0ubuntu1.tar.gz
 
 BuildRequires: make
 BuildRequires:  qt5-qtbase-devel
@@ -17,6 +15,7 @@
 BuildRequires:  signon-devel
 BuildRequires:  libproxy-devel
 BuildRequires:  libnotify-devel
+BuildRequires:  qt5-qtwebengine-devel
 
 Requires:       dbus
 
@@ -35,9 +34,7 @@
 
 
 %prep
-%setup -q -n signon-ui-%{version}
-
-%patch0 -p1 -b .qt5
+%setup -q -n signon-ui-%{version}-0ubuntu1
 
 
 %build
@@ -51,10 +48,6 @@
 %install
 make install INSTALL_ROOT=%{buildroot}
 
-# Remove installed tests
-rm %{buildroot}/%{_bindir}/signon-ui-unittest
-rm %{buildroot}/%{_bindir}/tst_inactivity_timer
-
 # Own directory where others can install provider-specific configuration
 mkdir -p %{buildroot}/%{_sysconfdir}/signon-ui/webkit-options.d
```

Interesting tidbits:
- Requires 1 new dependency
- no patches required
- Had to change the version references around a bit because the upstream url is adding the `-0ubuntu1` release to the version number

Comment 2 Fedora Release Engineering 2023-08-16 08:14:04 UTC
This bug appears to have been reported against 'rawhide' during the Fedora Linux 39 development cycle.
Changing version to 39.

Comment 3 Yevhen Popok 2023-08-21 04:36:57 UTC
(In reply to Fedora Release Engineering from comment #2)
> This bug appears to have been reported against 'rawhide' during the Fedora
> Linux 39 development cycle.
> Changing version to 39.

This issue is reproducible on 38.

Comment 4 Sneaky Panda 2023-08-24 04:46:37 UTC
This bug in signon-ui v01.15 prevents Fedora KDE spin users from using their online accounts in KDE. To fix this, please upgrade to signon-ui v0.17.

Comment 5 dabiswas112 2023-08-25 17:08:02 UTC
Hi, I'm shipping signon-ui 0.17 in my COPR at hazel-bunnny:ports. It does not fix the problem. I'm still unable to sign in to google. Has anyone been able to sign in successfully with a new account?

Comment 6 dabiswas112 2023-08-25 19:13:12 UTC
Hi, I've fixed this on my copr at hazel-bunny/ports. I have also ported the signon-ui spec from webkit to webengine, because qt5-qtwebkit is a big security hole according to a GNOME guy.

@rdieter could you check if the updates in https://github.com/hazel-bunny/rpm-packaging/tree/master/lib/signon are acceptable?

Comment 7 Colin J Thomson 2023-09-17 10:20:06 UTC
(In reply to dabiswas112 from comment #6)
> Hi, I've fixed this on my copr at hazel-bunny/ports. I have also ported the
> signon-ui spec from webkit to webengine, because qt5-qtwebkit is a big
> security hole according to a GNOME guy.

FYI I have just tested your signon* updates from your COPR and can confirm it works fine for me on this fc38 box. I was able to create a new Google account.

It fixes https://bugs.kde.org/show_bug.cgi?id=420280 for me.

Comment 8 Christian Stadelmann 2023-12-23 19:08:05 UTC
Also, the dependency on `qt5-qtwebkit` could be dropped, which should be done for security reasons too (see bug #1872819)

Comment 9 jeff 2024-01-22 17:56:27 UTC
(In reply to dabiswas112 from comment #6)
> Hi, I've fixed this on my copr at hazel-bunny/ports. I have also ported the
> signon-ui spec from webkit to webengine, because qt5-qtwebkit is a big
> security hole according to a GNOME guy.
> 
> @rdieter could you check if the updates in
> https://github.com/hazel-bunny/rpm-packaging/tree/master/lib/signon are
> acceptable?

Thoughts on becoming maintainer or co-maintainer of this package @dabiswas112?

Comment 10 dabiswas112 2024-01-24 12:51:00 UTC
(In reply to jeff from comment #9)
> (In reply to dabiswas112 from comment #6)
> > Hi, I've fixed this on my copr at hazel-bunny/ports. I have also ported the
> > signon-ui spec from webkit to webengine, because qt5-qtwebkit is a big
> > security hole according to a GNOME guy.
> > 
> > @rdieter could you check if the updates in
> > https://github.com/hazel-bunny/rpm-packaging/tree/master/lib/signon are
> > acceptable?
> 
> Thoughts on becoming maintainer or co-maintainer of this package
> @dabiswas112?

Not opposed to it, but need time. This package needs changes for Qt6 and Plasma 6, where upstream KDE recommends using Nicolas Fella's fork. My package uses git master of the original repo and is currently broken on rawhide. Will look into the requirements for being a maintainer and negotiations with KDE SIG who currently maintain the stack to take over maintenance in the future.


Note You need to log in before you can comment on or make changes to this bug.