-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 12 Sep 2021 21:46:25 +0100 Source: gdm3 Architecture: source Version: 40.1-2 Distribution: unstable Urgency: medium Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org> Changed-By: Simon McVittie <smcv@debian.org> Closes: 953557 986046 Changes: gdm3 (40.1-2) unstable; urgency=medium . * Team upload . [ Marco Trevisan (Treviño) ] * debian/gbp.conf: Update upstream-vcs-tag format to work with pre-releases . [ Simon McVittie ] * Release to unstable . gdm3 (40.1-1) experimental; urgency=medium . [ Laurent Bigonville ] * debian/rules: Drop compatibility symlinks now that bullseye is released * debian/watch: Update the watch file to follow the new version scheme * debian/control.in: Suggest orca instead of gnome-orca. The latter is a transitonal package. . [ Simon McVittie ] * Add Recommends on gnome-session | x-session-manager. gdm3 already Depends on gnome-session | x-session-manager | x-window-manager | x-terminal-emulator, but not all packages that provide x-window-manager are usable as desktop environments (in particular, the example window manager in the mutter package does not have a built-in way to launch programs). Adding a Recommends here provides a stronger hint that nearly all gdm3 users are going to want an implementation of x-session-manager, preferably GNOME's. (Closes: #986046) * d/watch: Don't use @PACKAGE@. For historical reasons, the Debian package is gdm3 rather than gdm. * New upstream release - Includes changes from Marco Trevisan that were previously committed as patches (LP: #1935818) . gdm3 (3.38.2.1-3) experimental; urgency=medium . * debian/changelog: Remove bad entry meant to be in ubuntu side only It's not needed in debian * debian/patches: Correctly return from idle callback * debian/gdm3.gdm-smartcard-*: - Do not set user_readenv=1 in pam_env.so (keep it for ubuntu only). - Ignore invalid user errors on pam_succeed_if.so. We may call the gdm-smartcard module without an user, leaving the module to figure it out depending on the smartcard certificate. So we need to ignore PAM_USER_UNKNOWN errors on pam_suceed_if.so. While pam_sss.so already checks for the user being non root internally, it's always better to ensure early this in all the cases. In the pkcs11 case instead we need to check it again after the module has returned. (LP: #1917362) - Check for /var/run/nologin (and friends) only when an user is defined pam_nologin.so requires a PAM_USER to be defined in order to check if the request has been done by root, possibly stopping the login otherwise. And in case none was provided, it will trigger the fallback pam prompt. However, with smartcard authentication we may initiate the PAM session without an user defined and leave to the smartcard service to try to figure it out depending on the token that has been inserted, that may have an user associated with it. So, ensure that we load all the PAM modules that require an user after the smartcard one, that in case will set one for us. Only after that, we can fail in case /var/run/nologin is present (LP: #1917362) . gdm3 (3.38.2.1-2) experimental; urgency=medium . * debian: Add gdm-smartcard PAM module implemented with libpam_sss. The implementation uses update-alternatives to provide a generic gdm-smartcard PAM module that can be changed using the tool. Potentially other systems could be used or supported (such as pam_pkcs11 or pam_p11) by adding other modules implementing the gdm-smartcard auth service. (LP: #1865226, Closes: #953557) * debian: Add gdm-smartcard implementation using pkcs11 * debian/gdm3.gdm-smartcard-sssd-exclusive.pam: - PAM config to use exclusive (no fallback is supported) smartcard authentication via libpam_sss * debian/gdm3.gdm-smartcard-sssd-or-password.pam: - PAM config to optionally use smartcard authentication via libpam_sss, on failure it fallbacks to password authentication * debian/gdm3.gdm-smartcard-pkcs11-exclusive.pam: - PAM config to use exclusive (no fallback is supported) smartcard authentication via libpam_pkcs11 * debian/control: - Suggests libam-sss and libam-pkcs11 * debian/gdm3.alternatives: - Add gdm-smartcard alternatives to be used as /etc/pam.d/gdm-smartcard * debian/patches: Cherry-pick upstream fixes, including better auth error handling (LP: #1865838) Checksums-Sha1: 748002d07c0d8b2a76d968435e76d8036c175569 2919 gdm3_40.1-2.dsc 7ea8e09a80bec0e1e32c213a1d55259422ecc2bf 93784 gdm3_40.1-2.debian.tar.xz b17313ebbf6ec8c010b6dca871c54f07f57a9c05 15356 gdm3_40.1-2_source.buildinfo Checksums-Sha256: 21ea43323e688dd2ebe6d801137037e8d1141e8206675856a73bf7dbd14df8d0 2919 gdm3_40.1-2.dsc 1bed3294133865f9daac43629d80e91a214f494f929ee61327c0e500328065f0 93784 gdm3_40.1-2.debian.tar.xz 0fd3c12cee122fe6e60f38cab48a59666d4cf7b9984e6c0c326e544941db3581 15356 gdm3_40.1-2_source.buildinfo Files: d306acc8d98ff8d0dc2aaec794b643e4 2919 gnome optional gdm3_40.1-2.dsc 10af2352ac13f6f1f42f4a198f1eb79e 93784 gnome optional gdm3_40.1-2.debian.tar.xz fb7f7ba2ab88c0ff81f17d96d13990f4 15356 gnome optional gdm3_40.1-2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAmE/Fr8ACgkQ4FrhR4+B TE/grw/9HNrfasAEOjABqHvt5Wu1Hs+sSQGV7nmY9vI8Xn3FKWBfjpmPr/Yfvj8T +PyQ9efjAMwffK8kGdvDE+drmoYY2kk4rx/vxtM9TC4I5vDyqDCx/GcvOTZc5Sok nsFd/+hMaqXHRhBxzSYSJMem4GlcBfVIK8FClYbUx57bWIPd9ug0Vn9q8bDppu1V YhyMSFs6shQH1goFXGOWdsBj+b5w6WGAHwfrHw/7gmJs47U30QNAMJvw5GVlEa6Y rQUwwaXtJ6v+zzPO/D7xVt/Ngsc7ipOZZ1x7EFwWQprRWurNsj9sWlaYc17XLgcP mWq5DT00WB3xlYBzu7aE8aYsC8On7ycEuzRcLrJk8QYw9mI/YkrnP8jXvAwtluHH 75FJ35dhIQ80zGmXhFhDFLjxvhvtRUuxajGWl0c4UvQc20oDe13IJgVKM+D9WHVc cKOxre8ely1E0n6LMYx9nNWizw5wKHol+x2iYvnsaybkq6lyLTWFjDQyTB98rS/v 9SoMG3PRNKOwsT2Zb+3J6fbZPlvcfbVdLQeNoX8uYm1Alcf/Wq0VXi4fUUpXgCEm qTY1UlaoW4Pgl/dIFg5b3hRPykKxpG2uMVhgtEaAk3SD7GazdKG4dkuR8Uiem42V L8Nlo91ZhNgUN2Au/V4yfM76lZRfmiz03TBiMLNimZYnhJ4Jr24= =YO0l -----END PGP SIGNATURE-----
