[Bug 566286] New: pidgin version update forces gnome-keyring usage
http://bugzilla.novell.com/show_bug.cgi?id=566286 http://bugzilla.novell.com/show_bug.cgi?id=566286#c0 Summary: pidgin version update forces gnome-keyring usage Classification: openSUSE Product: openSUSE 11.0 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Critical Priority: P5 - None Component: GNOME AssignedTo: sbrabec@novell.com ReportedBy: lnussel@novell.com QAContact: qa@suse.de CC: security-team@suse.de, maintenance@opensuse.org Found By: --- Blocker: --- The pidgin version update now forces use of gnome keyring. pidgin neither checks whether it's actually running in gnome nor whether other passwords have been stored in gnome-keyring before. When re-starting pidgin after the update it prompts to initialize gnome-keyring (once for each account!). Rejecting that apparently makes it read the passwords from the accounts.xml file where it normally stores them. On quit it prompts again for the keyring stuff. Rejecting that again results in no password stored at all. At that point the passwords are wiped from accounts.xml ie lost. There apparently is no way to store passwords without using gnome-keyring anymore. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=566286 http://bugzilla.novell.com/show_bug.cgi?id=566286#c1 --- Comment #1 from Ludwig Nussel <lnussel@novell.com> 2009-12-20 11:46:53 CET --- The problem is known since quite a while obviously, see bug 555610 and bug 553272 and bug 522361. What's even worse is that if one re-enters all passwords and chooses to store them in gnome-keyring, pidgin will still prompt for the passwords on next start up. Apparently gnome-keyring integration only works with one account or when activating one account at a time. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=566286 http://bugzilla.novell.com/show_bug.cgi?id=566286#c2 Vincent Untz <vuntz@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO CC| |vuntz@novell.com Info Provider| |lnussel@novell.com --- Comment #2 from Vincent Untz <vuntz@novell.com> 2010-01-05 13:34:33 UTC --- Ludwig: the rationale is that if the keyring is running, then it should always use it (I'm not sure the use case "users do not use gnome-keyring will it's running" is really something we want to handle). That's why it doesn't fallback to the xml file. Now, if gnome-keyring is not running, there's indeed a bug, and the pidgin package in home:vuntz:11.2-testing should fix it. Can you try it? -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=566286 http://bugzilla.novell.com/show_bug.cgi?id=566286#c3 --- Comment #3 from Ludwig Nussel <lnussel@novell.com> 2010-01-07 09:58:58 CET --- I'll try but I'm not sure it will fix the issue. gnome-keyring sometimes just seems to be running for some reason. Maybe some random other program causes it to start. IMHO pidgin really should remember where it got the password from and store it there again. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=566286 http://bugzilla.novell.com/show_bug.cgi?id=566286#c4 --- Comment #4 from Vincent Untz <vuntz@novell.com> 2010-01-07 10:17:29 UTC --- That would mean no migration, and also, it wouldn't help if the first time pidgin is run, you have, by accident, a keyring running too... To be honest, I don't see a perfect solution there. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=566286 http://bugzilla.novell.com/show_bug.cgi?id=566286#c5 --- Comment #5 from Ludwig Nussel <lnussel@novell.com> 2010-01-07 11:33:44 CET --- Is a migration really needed? If so pidgin could just ask once whether to migrate all passwords then. If on first start gnome-keyring is running pidgin could of course try to use it but if the user presses cancel in the setup dialog of gnome-keyring it could fall back to the xml file (IIRC KDE programs behave that way if one rejects setting up kwallet). Is there a way to check whether gnome-keyring is already set up (without starting the setup procedure at the same time)? If gnome-keyring is not set up pidgin could just silently continue using the xml method. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=566286 http://bugzilla.novell.com/show_bug.cgi?id=566286#c Sun Yan <ysun@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |569025 -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=566286 http://bugzilla.novell.com/show_bug.cgi?id=566286#c6 Stanislav Brabec <sbrabec@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |567799 --- Comment #6 from Stanislav Brabec <sbrabec@novell.com> 2010-01-08 13:45:20 CET --- Guessing from product = openSUSE 11.0, Ludwig complains to introduction of gnome-keyring support in old products. And I agree, it should not happen. I propose to keep gnome-keyring support in products where it was enabled before the update. I'll prepare update that should return pre-upgrade behavior to all products. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=566286
http://bugzilla.novell.com/show_bug.cgi?id=566286#c7
Stanislav Brabec <sbrabec@novell.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jpr@novell.com
Info Provider|lnussel@novell.com |vuntz@novell.com
--- Comment #7 from Stanislav Brabec <sbrabec@novell.com> 2010-01-08 17:17:10 CET ---
I just checked all pre-update versions.
All 11.0, 11.1, 11.2, SLE10 and SLE11 were using SUSE-specific gnome-keyring
patch even before the update.
But wait, the patch in SLE10 seems to be broken:
AC_DEFINE(VINO_ENABLE_KEYRING,
^^^^^^^^^^^^^^^^^^^
#ifdef PURPLE_ENABLE_KEYRING
^^^^^^^^^^^^^^^^^^^^^
So it seems that we had a patch that did nothing for years. But then somebody
fixed it, and the stuff started to be active...
>From SLE11 and 11.2 pidgin.changes:
Tue Jan 6 12:11:13 EST 2009 - jpr@novell.com
- Fix keyring patch so the keyring paths actually get used
(bnc #327391)
Summary for SLE10 and 11.0, 11.1:
Disable it there, it was never enabled there.
Summary for SLE11, 11.2 and Factory:
Let somebody else decide, whether it is wanted there.
There is my opinion:
Let's either upstream or drop our long-time-off patches.
--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=566286 http://bugzilla.novell.com/show_bug.cgi?id=566286#c8 Vincent Untz <vuntz@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW Info Provider|vuntz@novell.com | --- Comment #8 from Vincent Untz <vuntz@novell.com> 2010-01-08 16:35:01 UTC --- (In reply to comment #7)
Summary for SLE10 and 11.0, 11.1:
Disable it there, it was never enabled there.
Makes sense.
Summary for SLE11, 11.2 and Factory:
Let somebody else decide, whether it is wanted there.
There is my opinion:
Let's either upstream or drop our long-time-off patches.
Well, I guess that the patch was made for SLE, so it'd probably make sense to keep for SLE11. But it's not my decision. Here's the upstream bug about using the keyring: http://developer.pidgin.im/ticket/673. It looks like they want to integrate something like this in 3.0.0 (no idea when it'll be released), but it's unlikely they'll go with our patch. So, yeah, for openSUSE, I'm fine removing the patch, I guess. On a general note, I'm not sure why we have so many patches for pidgin that are not upstream, so I'm all for upstreaming them, or removing them. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=566286 http://bugzilla.novell.com/show_bug.cgi?id=566286#c9 --- Comment #9 from Stanislav Brabec <sbrabec@novell.com> 2010-01-08 18:38:13 CET --- I created new bug 569271 to review downstream pidgin patches. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=566286 http://bugzilla.novell.com/show_bug.cgi?id=566286#c10 --- Comment #10 from Ludwig Nussel <lnussel@novell.com> 2010-01-10 11:25:29 CET --- pidgin from home:vuntz:11.2-testing certainly works better if gnome-keyring is not running. the passwords are not wiped from the config anymore. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=566286 http://bugzilla.novell.com/show_bug.cgi?id=566286#c11 Stanislav Brabec <sbrabec@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO Info Provider| |ro@novell.com --- Comment #11 from Stanislav Brabec <sbrabec@novell.com> 2010-01-12 19:09:58 CET --- Well, I see a problem: I am not be able to enable it for SLED11 and disable for openSUSE 11.1. I am searching for a way to differentiate between openSUSE 11.1 and SLE11 and I cannot find any. In older SLES version, there was a %sles_version variable. In SLE11 it is not. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=566286 http://bugzilla.novell.com/show_bug.cgi?id=566286#c12 --- Comment #12 from Stanislav Brabec <sbrabec@novell.com> 2010-01-13 00:13:02 CET --- I guess I have to install and parse distribution-release. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=566286 http://bugzilla.novell.com/show_bug.cgi?id=566286#c13 --- Comment #13 from Ludwig Nussel <lnussel@novell.com> 2010-01-13 11:01:51 CET --- well, if the patch is not good enough for openSUSE why should it be for SLED (and vice versa)? The patch didn't work on SLED before either, didn't it? So the new feature was 'inadvertently' introduced there as well. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=566286 http://bugzilla.novell.com/show_bug.cgi?id=566286#c15 --- Comment #15 from Stanislav Brabec <sbrabec@novell.com> 2010-01-13 12:29:53 CET --- I guess that there are different requrements. But please correct me if anybody has a different opinion. SLED: - Customers use GNOME+pidgin or KDE+kopete. In both cases, opening the appropriate keyring happens automatically during login. - Customers want to store IM passwords really safe. openSUSE: - Users use arbitrary combinations of pidgin and desktop environment. In some of these combinations, pidgin requires extra password to unlock the keyring and it is not possible to skip this dialog. - Encrypted local storage of passwords is not a top priority. Related discussion: bug 186189 It is marked as fixed, but I think that it is not. The current solution - KDE/GNOME unlocks its own keyring on login, other environments don't unlock anything, is far from an optimal solution. The same problems affects other users of keyrings: - evolution outside GNOME (but how many people do it?) - FATE outside KDE -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=566286 http://bugzilla.novell.com/show_bug.cgi?id=566286#c16 Ruediger Oertel <ro@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW Info Provider|ro@novell.com | --- Comment #16 from Ruediger Oertel <ro@novell.com> 2010-01-13 15:48:31 UTC --- for comment#11/#12: well finding out sles vs opensuse at install time (e.g. %post) would be the right solution. Installing $foo-release at build-time would just circumvent that we killed the sles-version macro on purpose: a package should not differenciate at build time between these two ... -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=566286 http://bugzilla.novell.com/show_bug.cgi?id=566286#c17 Stanislav Brabec <sbrabec@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED --- Comment #17 from Stanislav Brabec <sbrabec@novell.com> 2010-01-13 19:12:21 CET --- Use of distribution-release does not work as well: have choice for distribution-release: dummy-release sles-release sled-release Summary: Our build system makes impossible to keep this patch for SLE11 and not apply for openSUSE. So there remains several bad solutions: 1. Implement an incredibly ugly hack to discriminate between openSUSE 11.1 and SLED11 during compile time. 2. Drop the patch breaking a small piece of privacy on SLED. 3. Keep this patch in openSUSE and consider this report as INVALID, at least for openSUSE versions that perform code base for SLED. 4. Keep things as they are for now and start working on another solution and provide it with the next security issue. If there are no objections, I'll go for 3, as it means least effort. It will fix openSUSE complains for 11.0 and 11.2, but not for 11.1. Going to 2 would be even better, but requires approval from the SLED managers. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=566286 http://bugzilla.novell.com/show_bug.cgi?id=566286#c18 Stanislav Brabec <sbrabec@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P1 - Urgent --- Comment #18 from Stanislav Brabec <sbrabec@novell.com> 2010-01-13 19:19:44 CET --- Yet another ugly solution: 5. pidgin.spec files will be equal in all products with exception of a single line: %define building_for_sle 0/1. Then hope, that maintainer will never forget to edit the spec file before the submit. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=566286 http://bugzilla.novell.com/show_bug.cgi?id=566286#c19 Vincent Untz <vuntz@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |btaylor1@novell.com --- Comment #19 from Vincent Untz <vuntz@novell.com> 2010-01-27 17:33:01 UTC --- *** Bug 574419 has been marked as a duplicate of this bug. *** http://bugzilla.novell.com/show_bug.cgi?id=574419 -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=566286 http://bugzilla.novell.com/show_bug.cgi?id=566286#c20 Stanislav Brabec <sbrabec@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED --- Comment #20 from Stanislav Brabec <sbrabec@novell.com> 2010-02-18 16:07:05 CET --- An ugly fix 5 from comment 18 was applied to the security fix bnc#567799: gnome-keyring is not used in openSUSE. gnome-keyring is used in SLED11. gnome-keyring is not used in SLED10 (the support was always broken there). gnome-keyring is used in NLD9. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=566286 http://bugzilla.novell.com/show_bug.cgi?id=566286#c21 Wolfgang Rosenauer <wolfgang@rosenauer.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |wolfgang@rosenauer.org --- Comment #21 from Wolfgang Rosenauer <wolfgang@rosenauer.org> 2010-03-04 08:08:58 UTC --- Just got the 11.2 update and suddenly all my accounts are not working anymore. This cannot be a solution! I like that openSUSE takes updates a bit more relaxed than before but this type of change really must be avoided and if really not possible be documented in the patch description. I cannot even find anything about it in the rpm changelog. That's nothing I expect from an official security online update. Not amused. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com