Accepted gdm3 3.38.2.1-3 (source) into experimental
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 15 Apr 2021 17:55:12 +0200
Source: gdm3
Built-For-Profiles: noudeb
Architecture: source
Version: 3.38.2.1-3
Distribution: experimental
Urgency: medium
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
Changed-By: Marco Trevisan (Treviño) <marco@ubuntu.com>
Launchpad-Bugs-Fixed: 1917362
Changes:
gdm3 (3.38.2.1-3) experimental; urgency=medium
.
* debian/changelog: Remove bad entry meant to be in ubuntu side only
It's not needed in debian
* debian/patches: Correctly return from idle callback
* debian/gdm3.gdm-smartcard-*:
- Do not set user_readenv=1 in pam_env.so (keep it for ubuntu only).
- Ignore invalid user errors on pam_succeed_if.so.
We may call the gdm-smartcard module without an user, leaving the module
to figure it out depending on the smartcard certificate.
So we need to ignore PAM_USER_UNKNOWN errors on pam_suceed_if.so.
While pam_sss.so already checks for the user being non root internally,
it's always better to ensure early this in all the cases.
In the pkcs11 case instead we need to check it again after the module
has returned. (LP: #1917362)
- Check for /var/run/nologin (and friends) only when an user is defined
pam_nologin.so requires a PAM_USER to be defined in order to check if
the request has been done by root, possibly stopping the login otherwise.
And in case none was provided, it will trigger the fallback pam prompt.
However, with smartcard authentication we may initiate the PAM session
without an user defined and leave to the smartcard service to try to
figure it out depending on the token that has been inserted, that may
have an user associated with it.
So, ensure that we load all the PAM modules that require an user after
the smartcard one, that in case will set one for us.
Only after that, we can fail in case /var/run/nologin is present
(LP: #1917362)
Checksums-Sha1:
31880228f383930cd9168f07352f94911bd969dc 2838 gdm3_3.38.2.1-3.dsc
8467655b637bcf56439b4f781493f36f6418c92c 97156 gdm3_3.38.2.1-3.debian.tar.xz
ba81fce92b5041ffb0e327e3d4012e83dbdfbe4b 19552 gdm3_3.38.2.1-3_source.buildinfo
Checksums-Sha256:
f42a46151bb13601c5de1c68f66650a6dddb81eae5897f8689c76b40d0a26232 2838 gdm3_3.38.2.1-3.dsc
945c83a42d2153d95f996a5aa1c5ce262b90822d89ffd104389926de47a3aab3 97156 gdm3_3.38.2.1-3.debian.tar.xz
54829ce234137c5d7d41a0c698ea732693213259bf35597198ba5327958db607 19552 gdm3_3.38.2.1-3_source.buildinfo
Files:
daadb756e1d4872372cdf44259ddfdb9 2838 gnome optional gdm3_3.38.2.1-3.dsc
bf7dc8b9cab42a89354bfe4ff8fefa38 97156 gnome optional gdm3_3.38.2.1-3.debian.tar.xz
6c87384d7c2547d6b3eaecd3846850c0 19552 gnome optional gdm3_3.38.2.1-3_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE1MUB2kjreXoIF1CTlEnC9QmWY18FAmB4Yg8ACgkQlEnC9QmW
Y19A1A//S5TB7L109y/qCIKT1CFlE7UO14BghyRnIIwiVorhS4N4nBtZikAhWsw1
wies9oBu2VTXZ6Iv/72rEc07jVaNiHsgZi3O7UqZyVoPFIIHlPdpJlLti7t2tReB
4kW7lt2CnyCXIhhKuiKdPTjgl6tLLvAgdBcyTBD6VhSoMvfynACc9XxvpdGfhNqs
bFBabRkZC0xC9gYeRWZqAK2BZqVvjA8WH9z5g33Gte2VtxfwIv38MI8LCfsRXEUO
E1UJA26Tob/ICQ3hoyTu9x35GWImSjDjXqb1sBHYruxT89GO96zWtiasoxtqFRdG
tJx/ZekYVtN7NqpCiiyjTWq680mVQV0ZUdLWk1XoUstHvh7AavdqH3e/ujY0vm3p
Bq/uMl9hnO8ajrwgKVf6/eSylA4RjG1S3G+1vnXvVw1VhlAK+Owkm1KJ4Zjscoya
q+k4pyH+vO81n+ej237AG/DziN4iN3B8b18lbezlGANbAbvdqrL5u+OLvcNlbXPk
sYvIkR0jZZht6b1+L5+k5VZYNNKdzQHCbsQ+UcZnqx54fSjQv2IEFUk2jW0rnJHm
QlUqsYbbQ1gvSW5cc7eTtIBgCwyACkIsRnYGpUlD/QGmpBffpOEgZDsDwg4FBoaO
V6I5o2gyqOkazHCA+VC8+bVpcdoSDZuRWGlPy3Vrih5a1uJGIsc=
=5z4j
-----END PGP SIGNATURE-----
Reply to: