-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 15 Apr 2021 17:55:12 +0200 Source: gdm3 Built-For-Profiles: noudeb Architecture: source Version: 3.38.2.1-3 Distribution: experimental Urgency: medium Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org> Changed-By: Marco Trevisan (Treviño) <marco@ubuntu.com> Launchpad-Bugs-Fixed: 1917362 Changes: gdm3 (3.38.2.1-3) experimental; urgency=medium . * debian/changelog: Remove bad entry meant to be in ubuntu side only It's not needed in debian * debian/patches: Correctly return from idle callback * debian/gdm3.gdm-smartcard-*: - Do not set user_readenv=1 in pam_env.so (keep it for ubuntu only). - Ignore invalid user errors on pam_succeed_if.so. We may call the gdm-smartcard module without an user, leaving the module to figure it out depending on the smartcard certificate. So we need to ignore PAM_USER_UNKNOWN errors on pam_suceed_if.so. While pam_sss.so already checks for the user being non root internally, it's always better to ensure early this in all the cases. In the pkcs11 case instead we need to check it again after the module has returned. (LP: #1917362) - Check for /var/run/nologin (and friends) only when an user is defined pam_nologin.so requires a PAM_USER to be defined in order to check if the request has been done by root, possibly stopping the login otherwise. And in case none was provided, it will trigger the fallback pam prompt. However, with smartcard authentication we may initiate the PAM session without an user defined and leave to the smartcard service to try to figure it out depending on the token that has been inserted, that may have an user associated with it. So, ensure that we load all the PAM modules that require an user after the smartcard one, that in case will set one for us. Only after that, we can fail in case /var/run/nologin is present (LP: #1917362) Checksums-Sha1: 31880228f383930cd9168f07352f94911bd969dc 2838 gdm3_3.38.2.1-3.dsc 8467655b637bcf56439b4f781493f36f6418c92c 97156 gdm3_3.38.2.1-3.debian.tar.xz ba81fce92b5041ffb0e327e3d4012e83dbdfbe4b 19552 gdm3_3.38.2.1-3_source.buildinfo Checksums-Sha256: f42a46151bb13601c5de1c68f66650a6dddb81eae5897f8689c76b40d0a26232 2838 gdm3_3.38.2.1-3.dsc 945c83a42d2153d95f996a5aa1c5ce262b90822d89ffd104389926de47a3aab3 97156 gdm3_3.38.2.1-3.debian.tar.xz 54829ce234137c5d7d41a0c698ea732693213259bf35597198ba5327958db607 19552 gdm3_3.38.2.1-3_source.buildinfo Files: daadb756e1d4872372cdf44259ddfdb9 2838 gnome optional gdm3_3.38.2.1-3.dsc bf7dc8b9cab42a89354bfe4ff8fefa38 97156 gnome optional gdm3_3.38.2.1-3.debian.tar.xz 6c87384d7c2547d6b3eaecd3846850c0 19552 gnome optional gdm3_3.38.2.1-3_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE1MUB2kjreXoIF1CTlEnC9QmWY18FAmB4Yg8ACgkQlEnC9QmW Y19A1A//S5TB7L109y/qCIKT1CFlE7UO14BghyRnIIwiVorhS4N4nBtZikAhWsw1 wies9oBu2VTXZ6Iv/72rEc07jVaNiHsgZi3O7UqZyVoPFIIHlPdpJlLti7t2tReB 4kW7lt2CnyCXIhhKuiKdPTjgl6tLLvAgdBcyTBD6VhSoMvfynACc9XxvpdGfhNqs bFBabRkZC0xC9gYeRWZqAK2BZqVvjA8WH9z5g33Gte2VtxfwIv38MI8LCfsRXEUO E1UJA26Tob/ICQ3hoyTu9x35GWImSjDjXqb1sBHYruxT89GO96zWtiasoxtqFRdG tJx/ZekYVtN7NqpCiiyjTWq680mVQV0ZUdLWk1XoUstHvh7AavdqH3e/ujY0vm3p Bq/uMl9hnO8ajrwgKVf6/eSylA4RjG1S3G+1vnXvVw1VhlAK+Owkm1KJ4Zjscoya q+k4pyH+vO81n+ej237AG/DziN4iN3B8b18lbezlGANbAbvdqrL5u+OLvcNlbXPk sYvIkR0jZZht6b1+L5+k5VZYNNKdzQHCbsQ+UcZnqx54fSjQv2IEFUk2jW0rnJHm QlUqsYbbQ1gvSW5cc7eTtIBgCwyACkIsRnYGpUlD/QGmpBffpOEgZDsDwg4FBoaO V6I5o2gyqOkazHCA+VC8+bVpcdoSDZuRWGlPy3Vrih5a1uJGIsc= =5z4j -----END PGP SIGNATURE-----