Please stop build-depending on libgnome-keyring

Bug #1828192 reported by Julian Andres Klode
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
chromium-browser (Ubuntu)
Fix Released
Medium
Olivier Tilloy
Xenial
Fix Released
Medium
Olivier Tilloy
Bionic
Fix Released
Medium
Olivier Tilloy
Disco
Won't Fix
Medium
Olivier Tilloy

Bug Description

libgnome-keyring is not maintained anymore, but chromium build-depends on it. It should be using libsecret instead. The generated binaries depend on neither library, which is a bit confusing.

Revision history for this message
Julian Andres Klode (juliank) wrote :

FWIW, it seems libsecret is shipped as a vendorized library, as the build log says:

[7656/36567] AR obj/third_party/libsecret/libsecret.a

Might be useful to use the system-wide libsecret instead.

Revision history for this message
Julian Andres Klode (juliank) wrote :

As a side note, Debian also builds with use_gnome_keyring = false, so it's perfectly safe to do so.

Revision history for this message
Olivier Tilloy (osomon) wrote :

chromium doesn't expose a build flag to use the system-wide libsecret, it always relies on the vendorized library.

Changed in chromium-browser (Ubuntu):
assignee: nobody → Olivier Tilloy (osomon)
importance: Undecided → Medium
status: New → In Progress
Olivier Tilloy (osomon)
Changed in chromium-browser (Ubuntu):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 74.0.3729.131-0ubuntu2

---------------
chromium-browser (74.0.3729.131-0ubuntu2) eoan; urgency=medium

  * debian/control: remove libgnome-keyring-dev build dependency (LP: #1828192)
  * debian/rules: build with use_gnome_keyring=false
  * debian/known_gn_gen_args-*: change use_gnome_keyring build flag to false

 -- Olivier Tilloy <email address hidden> Wed, 08 May 2019 12:15:30 +0200

Changed in chromium-browser (Ubuntu):
status: Fix Committed → Fix Released
Olivier Tilloy (osomon)
Changed in chromium-browser (Ubuntu Xenial):
assignee: nobody → Olivier Tilloy (osomon)
Changed in chromium-browser (Ubuntu Bionic):
assignee: nobody → Olivier Tilloy (osomon)
Changed in chromium-browser (Ubuntu Disco):
assignee: nobody → Olivier Tilloy (osomon)
Changed in chromium-browser (Ubuntu Xenial):
importance: Undecided → Medium
Changed in chromium-browser (Ubuntu Bionic):
importance: Undecided → Medium
Changed in chromium-browser (Ubuntu Disco):
importance: Undecided → Medium
Changed in chromium-browser (Ubuntu Xenial):
status: New → Triaged
Changed in chromium-browser (Ubuntu Bionic):
status: New → Triaged
Changed in chromium-browser (Ubuntu Disco):
status: New → Triaged
Olivier Tilloy (osomon)
Changed in chromium-browser (Ubuntu Xenial):
status: Triaged → In Progress
Changed in chromium-browser (Ubuntu Bionic):
status: Triaged → In Progress
Changed in chromium-browser (Ubuntu Disco):
status: Triaged → In Progress
Revision history for this message
Olivier Tilloy (osomon) wrote :
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 79.0.3945.130-0ubuntu0.18.04.1

---------------
chromium-browser (79.0.3945.130-0ubuntu0.18.04.1) bionic; urgency=medium

  * Upstream release: 79.0.3945.130
    - CVE-2020-6378: Use-after-free in speech recognizer.
    - CVE-2020-6379: Use-after-free in speech recognizer.
    - CVE-2020-6380: Extension message verification error.
  * debian/control: remove libgnome-keyring-dev build dependency (LP: #1828192)
  * debian/rules: build with use_gnome_keyring=false
  * debian/known_gn_gen_args-*: change use_gnome_keyring build flag to false

 -- Olivier Tilloy <email address hidden> Mon, 27 Jan 2020 17:57:12 +0100

Changed in chromium-browser (Ubuntu Bionic):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 79.0.3945.130-0ubuntu0.16.04.1

---------------
chromium-browser (79.0.3945.130-0ubuntu0.16.04.1) xenial; urgency=medium

  * Upstream release: 79.0.3945.130
    - CVE-2020-6378: Use-after-free in speech recognizer.
    - CVE-2020-6379: Use-after-free in speech recognizer.
    - CVE-2020-6380: Extension message verification error.
  * debian/control: remove libgnome-keyring-dev build dependency (LP: #1828192)
  * debian/rules: build with use_gnome_keyring=false
  * debian/known_gn_gen_args-*: change use_gnome_keyring build flag to false

 -- Olivier Tilloy <email address hidden> Mon, 27 Jan 2020 17:44:47 +0100

Changed in chromium-browser (Ubuntu Xenial):
status: In Progress → Fix Released
Olivier Tilloy (osomon)
Changed in chromium-browser (Ubuntu Disco):
status: In Progress → Fix Committed
Steve Langasek (vorlon)
Changed in chromium-browser (Ubuntu Disco):
status: Fix Committed → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.