[ubuntu/lunar-proposed] gdm3 43.0-3ubuntu1 (Accepted)
Marco Trevisan (Treviño)
marco at ubuntu.com
Wed Feb 1 02:47:14 UTC 2023
gdm3 (43.0-3ubuntu1) lunar; urgency=medium
[ Simon McVittie ]
* d/tests: Don't reset root password.
Even if the root password is blank, we want to assert that
authentication still doesn't succeed, because we explicitly don't allow
smart card authentication as root.
* d/tests: Explicitly use blank input when checking for blank password.
Otherwise we could block indefinitely when running tests that have an
interactive console available.
[ Marco Trevisan (Treviño) ]
* debian/tests/control: Add explicit dependency on libpam-sss.
Even though it could be an implicit one it's still what we're testing
* debian/tests/sssd-gdm-smartcard-pam-auth-tester.sh: Some minor cleanups
* debian/tests/control,
debian/tests/sssd-gdm-smartcard-pam-auth-tester-env.sh Manually use sudo
as ubuntu autopkgtest does not support needs-sudo yet
* debian/gdm3.install: Do not list config files, just install all gdm3 ones
That's used as is in ubuntu (where we install more data and we use the
upstream `custom.conf` name for config file), so we don't have to diverge.
* Merge with debian, remaining changes:
+ readme.debian: update for correct paths in ubuntu
+ control.in:
- don't recommend desktop-base
- depend on bash for config_error_dialog.patch
- update vcs field
+ rules:
- don't override default user/group
- -dgdm-xsession=true to install upstream xsession script
- override dh_installinit with --no-start to avoid session being killed
+ rules, readme.debian, gdm3.8.pod:
use upstream custom.conf instead of daemon.conf
+ gdm3.{postinst,postrm}: rename user and group back to gdm
+ debian/tests/control:
- Use gdm user name
- Use needs-root instead of needs-sudo (to remove when ubuntu autopkgtest
will be updated to include such feature)
+ debian/tests/sssd-gdm-smartcard-pam-auth-tester-env.sh:
- Added to use needs-root autopkgtest instead of needs-sudo
+ gdm3.*.pam: make pam_env read ~/.pam_environment, as we use in g-c-c
settings
+ gdm3.install:
- don't install debian/xsession
+ add run_xsession.d.patch
+ add xresources_is_a_dir.patch
- fix loading from /etc/x11/xresources/*
+ add nvidia_prime.patch:
- add hook to run prime-offload (as root) and prime-switch if
nvidia-prime is installed
+ add revert_override_lang_with_accountservices.patch:
- on ubuntu accountservices only stores the language and not the
full locale as needed by lang.
+ add dont_set_language_env.patch:
- don't run the set_up_session_language() function, since it
overrides variable values set by ~/.pam_environment
+ add config_error_dialog.patch:
- show warning dialog in case of error in ~/.profile etc. and
don't let a syntax error make the login fail
+ add debian/patches/revert_nvidia_wayland_blacklist.patch:
- don't blacklist nvidia for wayland
+ add gdm3.service-wait-for-drm-device-before-trying-to-start-i.patch:
- wait for the first valid gdm device on pre-start
+ add prefer_ubuntu_session_fallback.patch:
- Prefer ubuntu session as fallback instead of GNOME
+ add XSession-Use-x-terminal-emulator-as-fallback-instead-of-x.patch:
- Use x-terminal-emulator as fallback instead of xterm
+ add Revert-data-Disable-GDM-on-hybrid-graphics-laptops-with-v.patch:
- Don't disable Wayland on hybrid graphics laptops
+ add debian/default.pa
- disable bluetooth audio devices in pulseaudio from gdm3.
+ debian/gdm3.install
- added details of the default.pa file
+ debian/gdm3.postinst
- added installation of default.pa and creation of dir if it doesn't
exist.
+ debian/greeter.dconf-defaults: don't set debian settings in the
greeter's dconf db
gdm3 (43.0-3) unstable; urgency=medium
* Team upload
[ Marco Trevisan (Treviño) ]
* debian/tests/control: Use multi-line Test-Command for easier
maintenance
* debian/tests/sssd-gdm-smartcard-pam-auth-tester.sh:
Assert that entering the wrong PIN leads to authentication failure
[ Patrice Duroux ]
* d/rules: Generate one man page at a time.
Otherwise, the content of one arbitrary .pod file gets duplicated into
each of the man pages. (Closes: #1029839)
[ Simon McVittie ]
* d/tests: Avoid autopkgtest failure if test user has blank password.
If the test user has a blank password (which might be the case in an
expendable test VM) and PAM accepts blank passwords, then
gdm-smartcard-sssd-or-password will always authenticate successfully.
If that's the case, temporarily change the user's password to be
non-empty while running our tests. Also do the same for root.
* Move dbus-daemon security policy from /etc to /usr/share
* d/control.in: Drop unnecessary dependency on lsb-base
* d/control.in: Remove Multi-Arch: same from gir1.2-gdm-1.0.
It is not usefully multi-arch co-installable because it depends on
libgdm1, which contains /usr/bin/gdmflexiserver.
* d/po/sv.po: Transcode from ISO-8859-1 to UTF-8
* Update syntax of Lintian overrides
* Standards-Version: 4.6.2 (no changes required)
gdm3 (43.0-2) unstable; urgency=medium
* debian/gdm3-gdm-smartcard*: Do not fail if pam_succeed_if suceeded.
We were not handling the success case in pam_succeed_if.so, and so even
if other modules were successful, gdm-smartcard was failing with a
permission denied error, because the pam_succeed_if default was bad, and
this was applied to the success case too.
Alternatively we could even just use success=ignore here, but it's
better to be consistent with other usages. (LP: #1999884)
* debian/gdm3.gdm-smartcard-sssd-or-password.pam: Always load gnome keyring
and nologin.
Ensure that we load the nologin and gnome-key-ring modules also if sss
module succeeded.
* debian/tests: Add autopkg tests testing gdm smartcard authentication.
Create fake certificates from fake CA's and verify they can be used with
from a virtual smartcard.
Date: Tue, 31 Jan 2023 18:16:20 +0100
Changed-By: Marco Trevisan (Treviño) <marco at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Jeremy Bicha <jeremy.bicha at canonical.com>
https://launchpad.net/ubuntu/+source/gdm3/43.0-3ubuntu1
-------------- next part --------------
Format: 1.8
Date: Tue, 31 Jan 2023 18:16:20 +0100
Source: gdm3
Built-For-Profiles: noudeb
Architecture: source
Version: 43.0-3ubuntu1
Distribution: lunar
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marco Trevisan (Treviño) <marco at ubuntu.com>
Closes: 1029839
Launchpad-Bugs-Fixed: 1999884
Changes:
gdm3 (43.0-3ubuntu1) lunar; urgency=medium
.
[ Simon McVittie ]
* d/tests: Don't reset root password.
Even if the root password is blank, we want to assert that
authentication still doesn't succeed, because we explicitly don't allow
smart card authentication as root.
* d/tests: Explicitly use blank input when checking for blank password.
Otherwise we could block indefinitely when running tests that have an
interactive console available.
.
[ Marco Trevisan (Treviño) ]
* debian/tests/control: Add explicit dependency on libpam-sss.
Even though it could be an implicit one it's still what we're testing
* debian/tests/sssd-gdm-smartcard-pam-auth-tester.sh: Some minor cleanups
* debian/tests/control,
debian/tests/sssd-gdm-smartcard-pam-auth-tester-env.sh Manually use sudo
as ubuntu autopkgtest does not support needs-sudo yet
* debian/gdm3.install: Do not list config files, just install all gdm3 ones
That's used as is in ubuntu (where we install more data and we use the
upstream `custom.conf` name for config file), so we don't have to diverge.
* Merge with debian, remaining changes:
+ readme.debian: update for correct paths in ubuntu
+ control.in:
- don't recommend desktop-base
- depend on bash for config_error_dialog.patch
- update vcs field
+ rules:
- don't override default user/group
- -dgdm-xsession=true to install upstream xsession script
- override dh_installinit with --no-start to avoid session being killed
+ rules, readme.debian, gdm3.8.pod:
use upstream custom.conf instead of daemon.conf
+ gdm3.{postinst,postrm}: rename user and group back to gdm
+ debian/tests/control:
- Use gdm user name
- Use needs-root instead of needs-sudo (to remove when ubuntu autopkgtest
will be updated to include such feature)
+ debian/tests/sssd-gdm-smartcard-pam-auth-tester-env.sh:
- Added to use needs-root autopkgtest instead of needs-sudo
+ gdm3.*.pam: make pam_env read ~/.pam_environment, as we use in g-c-c
settings
+ gdm3.install:
- don't install debian/xsession
+ add run_xsession.d.patch
+ add xresources_is_a_dir.patch
- fix loading from /etc/x11/xresources/*
+ add nvidia_prime.patch:
- add hook to run prime-offload (as root) and prime-switch if
nvidia-prime is installed
+ add revert_override_lang_with_accountservices.patch:
- on ubuntu accountservices only stores the language and not the
full locale as needed by lang.
+ add dont_set_language_env.patch:
- don't run the set_up_session_language() function, since it
overrides variable values set by ~/.pam_environment
+ add config_error_dialog.patch:
- show warning dialog in case of error in ~/.profile etc. and
don't let a syntax error make the login fail
+ add debian/patches/revert_nvidia_wayland_blacklist.patch:
- don't blacklist nvidia for wayland
+ add gdm3.service-wait-for-drm-device-before-trying-to-start-i.patch:
- wait for the first valid gdm device on pre-start
+ add prefer_ubuntu_session_fallback.patch:
- Prefer ubuntu session as fallback instead of GNOME
+ add XSession-Use-x-terminal-emulator-as-fallback-instead-of-x.patch:
- Use x-terminal-emulator as fallback instead of xterm
+ add Revert-data-Disable-GDM-on-hybrid-graphics-laptops-with-v.patch:
- Don't disable Wayland on hybrid graphics laptops
+ add debian/default.pa
- disable bluetooth audio devices in pulseaudio from gdm3.
+ debian/gdm3.install
- added details of the default.pa file
+ debian/gdm3.postinst
- added installation of default.pa and creation of dir if it doesn't
exist.
+ debian/greeter.dconf-defaults: don't set debian settings in the
greeter's dconf db
.
gdm3 (43.0-3) unstable; urgency=medium
.
* Team upload
.
[ Marco Trevisan (Treviño) ]
* debian/tests/control: Use multi-line Test-Command for easier
maintenance
* debian/tests/sssd-gdm-smartcard-pam-auth-tester.sh:
Assert that entering the wrong PIN leads to authentication failure
.
[ Patrice Duroux ]
* d/rules: Generate one man page at a time.
Otherwise, the content of one arbitrary .pod file gets duplicated into
each of the man pages. (Closes: #1029839)
.
[ Simon McVittie ]
* d/tests: Avoid autopkgtest failure if test user has blank password.
If the test user has a blank password (which might be the case in an
expendable test VM) and PAM accepts blank passwords, then
gdm-smartcard-sssd-or-password will always authenticate successfully.
If that's the case, temporarily change the user's password to be
non-empty while running our tests. Also do the same for root.
* Move dbus-daemon security policy from /etc to /usr/share
* d/control.in: Drop unnecessary dependency on lsb-base
* d/control.in: Remove Multi-Arch: same from gir1.2-gdm-1.0.
It is not usefully multi-arch co-installable because it depends on
libgdm1, which contains /usr/bin/gdmflexiserver.
* d/po/sv.po: Transcode from ISO-8859-1 to UTF-8
* Update syntax of Lintian overrides
* Standards-Version: 4.6.2 (no changes required)
.
gdm3 (43.0-2) unstable; urgency=medium
.
* debian/gdm3-gdm-smartcard*: Do not fail if pam_succeed_if suceeded.
We were not handling the success case in pam_succeed_if.so, and so even
if other modules were successful, gdm-smartcard was failing with a
permission denied error, because the pam_succeed_if default was bad, and
this was applied to the success case too.
Alternatively we could even just use success=ignore here, but it's
better to be consistent with other usages. (LP: #1999884)
* debian/gdm3.gdm-smartcard-sssd-or-password.pam: Always load gnome keyring
and nologin.
Ensure that we load the nologin and gnome-key-ring modules also if sss
module succeeded.
* debian/tests: Add autopkg tests testing gdm smartcard authentication.
Create fake certificates from fake CA's and verify they can be used with
from a virtual smartcard.
Checksums-Sha1:
5d35188b8e4f112459564db223eb1b833bd6970b 3344 gdm3_43.0-3ubuntu1.dsc
8d3e3741ca3d155a6e5cc8f4c1dc565f296a0f78 93216 gdm3_43.0-3ubuntu1.debian.tar.xz
ed8556f1ca97eacd930962f535a51269c1ccee5c 17438 gdm3_43.0-3ubuntu1_source.buildinfo
Checksums-Sha256:
64474c5e25cfe9ef6cdf72b59754e6b23ae7646c4648aeca5f91003f8e6ce93a 3344 gdm3_43.0-3ubuntu1.dsc
0935c994dd28676c28de707411f192474dcf7449566d6af7dac433c07f63a335 93216 gdm3_43.0-3ubuntu1.debian.tar.xz
7b7767bec8b974decbe5dcd269efff295c08213e2fb13bf214b17676fb43fde9 17438 gdm3_43.0-3ubuntu1_source.buildinfo
Files:
2409e7a8a1b0771098296b220820a051 3344 gnome optional gdm3_43.0-3ubuntu1.dsc
7e12b3d8d7c239705338ed4316ed5a11 93216 gnome optional gdm3_43.0-3ubuntu1.debian.tar.xz
a00c684c5aa0373ee9b25bd88372320b 17438 gnome optional gdm3_43.0-3ubuntu1_source.buildinfo
Original-Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers at lists.alioth.debian.org>
More information about the lunar-changes
mailing list