Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: pu Hi, release team, RC bug report http://bugs.debian.org/707231 was recently received against orphaned wdm pakage. Problem is that non-linux architectures do not have pam_selinux module and it was tagged as required in the pam configuration, so this could prevent the user to login on !linux architectures. I did a QA upload with a fixed package and, since original submitter suggested to put this change also into wheezy, want to ask release team about possible s-p-u upload. Do you consider this change suitable for stable-proposed-updates? Attached is debdiff with proposed changes. Thanks in advance, Regards, -- Agustin
diff -Nru wdm-1.28/debian/changelog wdm-1.28/debian/changelog --- wdm-1.28/debian/changelog 2012-06-15 11:45:28.000000000 +0200 +++ wdm-1.28/debian/changelog 2013-05-23 19:15:20.000000000 +0200 @@ -1,3 +1,13 @@ +wdm (1.28-13+wheezy1) stable; urgency=low + + * QA upload. + * wdm.pam: Ignore pam_selinux.so failures when the module does not + exist (e.g. on architectures without SE Linux support like + non-linux) instead of requiring it. Thanks Laurent Bigonville for + bug report and proposed change (Closes: #707231). + + -- Agustin Martin Domingo <agmartin@debian.org> Thu, 23 May 2013 19:15:19 +0200 + wdm (1.28-13) unstable; urgency=low * QA upload. diff -Nru wdm-1.28/debian/wdm.pam wdm-1.28/debian/wdm.pam --- wdm-1.28/debian/wdm.pam 2012-06-15 11:46:02.000000000 +0200 +++ wdm-1.28/debian/wdm.pam 2013-05-23 19:08:17.000000000 +0200 @@ -2,6 +2,7 @@ # ------------------------------------------------------------- auth required pam_nologin.so auth required pam_env.so envfile=/etc/default/locale + @include common-auth # ------------------------------------------------------------- @include common-account @@ -9,11 +10,16 @@ # SELinux needs to be the first session rule. This ensures that any # lingering context has been cleared. Without out this it is possible # that a module could execute code in the wrong domain. -session required pam_selinux.so close -session required pam_limits.so -session required pam_loginuid.so +# pam_selinux is unavailable for !linux, use [...] instead of required. +session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close + +session required pam_limits.so +session required pam_loginuid.so + @include common-session + # SELinux needs to intervene at login time to ensure that the process # starts in the proper default security context. Only sessions which are # intended to run in the user's context should be run after this. -session required pam_selinux.so open +# pam_selinux is unavailable for !linux, use [...] instead of required. +session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
Attachment:
signature.asc
Description: Digital signature