Accepted gdm3 40.1-2 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 12 Sep 2021 21:46:25 +0100
Source: gdm3
Architecture: source
Version: 40.1-2
Distribution: unstable
Urgency: medium
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
Changed-By: Simon McVittie <smcv@debian.org>
Closes: 953557 986046
Changes:
gdm3 (40.1-2) unstable; urgency=medium
.
* Team upload
.
[ Marco Trevisan (TreviƱo) ]
* debian/gbp.conf: Update upstream-vcs-tag format to work with
pre-releases
.
[ Simon McVittie ]
* Release to unstable
.
gdm3 (40.1-1) experimental; urgency=medium
.
[ Laurent Bigonville ]
* debian/rules: Drop compatibility symlinks now that bullseye is released
* debian/watch: Update the watch file to follow the new version scheme
* debian/control.in: Suggest orca instead of gnome-orca.
The latter is a transitonal package.
.
[ Simon McVittie ]
* Add Recommends on gnome-session | x-session-manager.
gdm3 already Depends on gnome-session | x-session-manager |
x-window-manager | x-terminal-emulator, but not all packages that
provide x-window-manager are usable as desktop environments (in
particular, the example window manager in the mutter package does not
have a built-in way to launch programs). Adding a Recommends here
provides a stronger hint that nearly all gdm3 users are going to want
an implementation of x-session-manager, preferably GNOME's.
(Closes: #986046)
* d/watch: Don't use @PACKAGE@.
For historical reasons, the Debian package is gdm3 rather than gdm.
* New upstream release
- Includes changes from Marco Trevisan that were previously committed
as patches (LP: #1935818)
.
gdm3 (3.38.2.1-3) experimental; urgency=medium
.
* debian/changelog: Remove bad entry meant to be in ubuntu side only
It's not needed in debian
* debian/patches: Correctly return from idle callback
* debian/gdm3.gdm-smartcard-*:
- Do not set user_readenv=1 in pam_env.so (keep it for ubuntu only).
- Ignore invalid user errors on pam_succeed_if.so.
We may call the gdm-smartcard module without an user, leaving the module
to figure it out depending on the smartcard certificate.
So we need to ignore PAM_USER_UNKNOWN errors on pam_suceed_if.so.
While pam_sss.so already checks for the user being non root internally,
it's always better to ensure early this in all the cases.
In the pkcs11 case instead we need to check it again after the module
has returned. (LP: #1917362)
- Check for /var/run/nologin (and friends) only when an user is defined
pam_nologin.so requires a PAM_USER to be defined in order to check if
the request has been done by root, possibly stopping the login otherwise.
And in case none was provided, it will trigger the fallback pam prompt.
However, with smartcard authentication we may initiate the PAM session
without an user defined and leave to the smartcard service to try to
figure it out depending on the token that has been inserted, that may
have an user associated with it.
So, ensure that we load all the PAM modules that require an user after
the smartcard one, that in case will set one for us.
Only after that, we can fail in case /var/run/nologin is present
(LP: #1917362)
.
gdm3 (3.38.2.1-2) experimental; urgency=medium
.
* debian: Add gdm-smartcard PAM module implemented with libpam_sss.
The implementation uses update-alternatives to provide a generic
gdm-smartcard PAM module that can be changed using the tool.
Potentially other systems could be used or supported (such as pam_pkcs11
or pam_p11) by adding other modules implementing the gdm-smartcard auth
service. (LP: #1865226, Closes: #953557)
* debian: Add gdm-smartcard implementation using pkcs11
* debian/gdm3.gdm-smartcard-sssd-exclusive.pam:
- PAM config to use exclusive (no fallback is supported) smartcard
authentication via libpam_sss
* debian/gdm3.gdm-smartcard-sssd-or-password.pam:
- PAM config to optionally use smartcard authentication via libpam_sss,
on failure it fallbacks to password authentication
* debian/gdm3.gdm-smartcard-pkcs11-exclusive.pam:
- PAM config to use exclusive (no fallback is supported) smartcard
authentication via libpam_pkcs11
* debian/control:
- Suggests libam-sss and libam-pkcs11
* debian/gdm3.alternatives:
- Add gdm-smartcard alternatives to be used as /etc/pam.d/gdm-smartcard
* debian/patches: Cherry-pick upstream fixes, including better auth error
handling (LP: #1865838)
Checksums-Sha1:
748002d07c0d8b2a76d968435e76d8036c175569 2919 gdm3_40.1-2.dsc
7ea8e09a80bec0e1e32c213a1d55259422ecc2bf 93784 gdm3_40.1-2.debian.tar.xz
b17313ebbf6ec8c010b6dca871c54f07f57a9c05 15356 gdm3_40.1-2_source.buildinfo
Checksums-Sha256:
21ea43323e688dd2ebe6d801137037e8d1141e8206675856a73bf7dbd14df8d0 2919 gdm3_40.1-2.dsc
1bed3294133865f9daac43629d80e91a214f494f929ee61327c0e500328065f0 93784 gdm3_40.1-2.debian.tar.xz
0fd3c12cee122fe6e60f38cab48a59666d4cf7b9984e6c0c326e544941db3581 15356 gdm3_40.1-2_source.buildinfo
Files:
d306acc8d98ff8d0dc2aaec794b643e4 2919 gnome optional gdm3_40.1-2.dsc
10af2352ac13f6f1f42f4a198f1eb79e 93784 gnome optional gdm3_40.1-2.debian.tar.xz
fb7f7ba2ab88c0ff81f17d96d13990f4 15356 gnome optional gdm3_40.1-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAmE/Fr8ACgkQ4FrhR4+B
TE/grw/9HNrfasAEOjABqHvt5Wu1Hs+sSQGV7nmY9vI8Xn3FKWBfjpmPr/Yfvj8T
+PyQ9efjAMwffK8kGdvDE+drmoYY2kk4rx/vxtM9TC4I5vDyqDCx/GcvOTZc5Sok
nsFd/+hMaqXHRhBxzSYSJMem4GlcBfVIK8FClYbUx57bWIPd9ug0Vn9q8bDppu1V
YhyMSFs6shQH1goFXGOWdsBj+b5w6WGAHwfrHw/7gmJs47U30QNAMJvw5GVlEa6Y
rQUwwaXtJ6v+zzPO/D7xVt/Ngsc7ipOZZ1x7EFwWQprRWurNsj9sWlaYc17XLgcP
mWq5DT00WB3xlYBzu7aE8aYsC8On7ycEuzRcLrJk8QYw9mI/YkrnP8jXvAwtluHH
75FJ35dhIQ80zGmXhFhDFLjxvhvtRUuxajGWl0c4UvQc20oDe13IJgVKM+D9WHVc
cKOxre8ely1E0n6LMYx9nNWizw5wKHol+x2iYvnsaybkq6lyLTWFjDQyTB98rS/v
9SoMG3PRNKOwsT2Zb+3J6fbZPlvcfbVdLQeNoX8uYm1Alcf/Wq0VXi4fUUpXgCEm
qTY1UlaoW4Pgl/dIFg5b3hRPykKxpG2uMVhgtEaAk3SD7GazdKG4dkuR8Uiem42V
L8Nlo91ZhNgUN2Au/V4yfM76lZRfmiz03TBiMLNimZYnhJ4Jr24=
=YO0l
-----END PGP SIGNATURE-----