Debian Bug report logs - #661745
Please enable pam_loginuid by default

version graph

Package: gdm3; Maintainer for gdm3 is Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>; Source for gdm3 is src:gdm3.

Reported by: Michael Biebl <biebl@debian.org>

Date: Wed, 29 Feb 2012 22:27:01 UTC

Severity: wishlist

Found in version gdm3/3.0.4-4

Fixed in version gdm3/3.4.1-1

Done: Josselin Mouette <joss@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Steve Langasek <vorlon@debian.org>:
Bug#661745; Package libpam-runtime. (Wed, 29 Feb 2012 22:27:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Michael Biebl <biebl@debian.org>:
New Bug report received and forwarded. Copy sent to Steve Langasek <vorlon@debian.org>. (Wed, 29 Feb 2012 22:27:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Michael Biebl <biebl@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Please enable pam_loginuid by default
Date: Wed, 29 Feb 2012 23:25:42 +0100
Package: libpam-runtime
Version: 1.1.3-7
Severity: wishlist

Hi,

please consider enabling pam_loginuid by default.
consolekit relies on that information to setup a correct
login-session-id property and a correct context in case the X session is
started via startx.

With pam_loginuid:
Session1:
	unix-user = '0'
	realname = 'root'
	seat = 'Seat1'
	session-type = ''
	active = FALSE
	x11-display = ''
	x11-display-device = ''
	display-device = '/dev/tty1'
	remote-host-name = ''
	is-local = TRUE
	on-since = '2012-02-29T22:18:56.526879Z'
	login-session-id = '2'
Session2:
	unix-user = '1000'
	realname = 'Michael Biebl'
	seat = 'Seat1'
	session-type = 'x11'
	active = TRUE
	x11-display = ':0'
	x11-display-device = '/dev/tty8'
	display-device = ''
	remote-host-name = ''
	is-local = TRUE
	on-since = '2012-02-29T22:10:53.291835Z'
	login-session-id = '1'


Without pam_loginuid:
Session1:
	unix-user = '0'
	realname = 'root'
	seat = 'Seat1'
	session-type = ''
	active = FALSE
	x11-display = ''
	x11-display-device = ''
	display-device = '/dev/tty1'
	remote-host-name = ''
	is-local = TRUE
	on-since = '2012-02-29T22:18:56.526879Z'
	login-session-id = '4294967295'
Session2:
	unix-user = '1000'
	realname = 'Michael Biebl'
	seat = 'Seat1'
	session-type = 'x11'
	active = TRUE
	x11-display = ':0'
	x11-display-device = '/dev/tty8'
	display-device = ''
	remote-host-name = ''
	is-local = TRUE
	on-since = '2012-02-29T22:10:53.291835Z'
	login-session-id = '4294967295'



Note the broken login-session-id property.

If you want to use ConsoleKit via startx, setting up pam_loginuid is a
prerequisite, otherwise the session won't be marked as active.
For that it needs to be loaded *before* pam_ck_connector. [1]

I think a "session required        pam_loginuid.so" line in
common-session, directly after pam_permit and the Additional block,
would be a suitable place.

Cheers,
Michael

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=597937




-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libpam-runtime depends on:
ii  debconf         1.5.41
ii  libpam-modules  1.1.3-7

libpam-runtime recommends no packages.

libpam-runtime suggests no packages.

-- debconf information excluded




Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#661745; Package libpam-runtime. (Wed, 29 Feb 2012 22:51:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Steve Langasek <vorlon@debian.org>:
Extra info received and forwarded to list. (Wed, 29 Feb 2012 22:51:05 GMT) Full text and rfc822 format available.

Message #10 received at submit@bugs.debian.org (full text, mbox):

From: Steve Langasek <vorlon@debian.org>
To: Michael Biebl <biebl@debian.org>, 661745@bugs.debian.org
Cc: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Re: Bug#661745: Please enable pam_loginuid by default
Date: Wed, 29 Feb 2012 14:46:37 -0800
[Message part 1 (text/plain, inline)]
On Wed, Feb 29, 2012 at 11:25:42PM +0100, Michael Biebl wrote:

> please consider enabling pam_loginuid by default.
> consolekit relies on that information to setup a correct
> login-session-id property and a correct context in case the X session is
> started via startx.

DESCRIPTION
       The pam_loginuid module sets the loginuid process attribute for the
       process that was authenticated. This is necessary for applications to
       be correctly audited. This PAM module should only be used for entry
       point applications like: login, sshd, gdm, vsftpd, crond and atd. 

This appears to make it inappropriate to include by default via
libpam-runtime.  Some of these services are interactive, some are
noninteractive; there are both interactive and noninteractive services that
don't count as initial login services.

> Note the broken login-session-id property.

> If you want to use ConsoleKit via startx, setting up pam_loginuid is a
> prerequisite, otherwise the session won't be marked as active.
> For that it needs to be loaded *before* pam_ck_connector. [1]

Why in the world does a login session ID have anything to do with a session
being "active"?  That seems like a buggy definition to me.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek@ubuntu.com                                     vorlon@debian.org
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#661745; Package libpam-runtime. (Wed, 29 Feb 2012 22:51:16 GMT) Full text and rfc822 format available.

Acknowledgement sent to Steve Langasek <vorlon@debian.org>:
Extra info received and forwarded to list. (Wed, 29 Feb 2012 22:51:17 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Steve Langasek <vorlon@debian.org>:
Bug#661745; Package libpam-runtime. (Wed, 29 Feb 2012 22:57:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Michael Biebl <biebl@debian.org>:
Extra info received and forwarded to list. Copy sent to Steve Langasek <vorlon@debian.org>. (Wed, 29 Feb 2012 22:57:06 GMT) Full text and rfc822 format available.

Message #20 received at 661745@bugs.debian.org (full text, mbox):

From: Michael Biebl <biebl@debian.org>
To: Steve Langasek <vorlon@debian.org>
Cc: 661745@bugs.debian.org
Subject: Re: Bug#661745: Please enable pam_loginuid by default
Date: Wed, 29 Feb 2012 23:54:19 +0100
[Message part 1 (text/plain, inline)]
On 29.02.2012 23:46, Steve Langasek wrote:
> On Wed, Feb 29, 2012 at 11:25:42PM +0100, Michael Biebl wrote:
> 
>> please consider enabling pam_loginuid by default.
>> consolekit relies on that information to setup a correct
>> login-session-id property and a correct context in case the X session is
>> started via startx.
> 
> DESCRIPTION
>        The pam_loginuid module sets the loginuid process attribute for the
>        process that was authenticated. This is necessary for applications to
>        be correctly audited. This PAM module should only be used for entry
>        point applications like: login, sshd, gdm, vsftpd, crond and atd. 
> 
> This appears to make it inappropriate to include by default via
> libpam-runtime.  Some of these services are interactive, some are
> noninteractive; there are both interactive and noninteractive services that
> don't count as initial login services.

Well, what is the problem of enabling pam_loginuid for
non-entry-point-applications? Does this cause any unwanted side-effects?
If so, which ones? I've been using this configuration without noticing
any problem, so I'm curious.


>> Note the broken login-session-id property.
> 
>> If you want to use ConsoleKit via startx, setting up pam_loginuid is a
>> prerequisite, otherwise the session won't be marked as active.
>> For that it needs to be loaded *before* pam_ck_connector. [1]
> 
> Why in the world does a login session ID have anything to do with a session
> being "active"?  That seems like a buggy definition to me.

Sorry, I meant "local" here.



-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

[signature.asc (application/pgp-signature, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#661745; Package libpam-runtime. (Wed, 29 Feb 2012 23:27:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Steve Langasek <vorlon@debian.org>:
Extra info received and forwarded to list. (Wed, 29 Feb 2012 23:27:06 GMT) Full text and rfc822 format available.

Message #25 received at 661745@bugs.debian.org (full text, mbox):

From: Steve Langasek <vorlon@debian.org>
To: Michael Biebl <biebl@debian.org>
Cc: 661745@bugs.debian.org
Subject: Re: Bug#661745: Please enable pam_loginuid by default
Date: Wed, 29 Feb 2012 15:24:28 -0800
[Message part 1 (text/plain, inline)]
On Wed, Feb 29, 2012 at 11:54:19PM +0100, Michael Biebl wrote:
> On 29.02.2012 23:46, Steve Langasek wrote:
> > On Wed, Feb 29, 2012 at 11:25:42PM +0100, Michael Biebl wrote:

> > DESCRIPTION
> >        The pam_loginuid module sets the loginuid process attribute for the
> >        process that was authenticated. This is necessary for applications to
> >        be correctly audited. This PAM module should only be used for entry
> >        point applications like: login, sshd, gdm, vsftpd, crond and atd. 

> > This appears to make it inappropriate to include by default via
> > libpam-runtime.  Some of these services are interactive, some are
> > noninteractive; there are both interactive and noninteractive services that
> > don't count as initial login services.

> Well, what is the problem of enabling pam_loginuid for
> non-entry-point-applications? Does this cause any unwanted side-effects?
> If so, which ones? I've been using this configuration without noticing
> any problem, so I'm curious.

The problem is that it's no longer serving the stated function of recording
a *login* uid, and as a result is giving wrong information to any
applications that want this information!

If it's ok to have wrong information being fed to consolekit, then it should
also be ok to fix consolekit to not use loginuid at all.

> >> Note the broken login-session-id property.

> >> If you want to use ConsoleKit via startx, setting up pam_loginuid is a
> >> prerequisite, otherwise the session won't be marked as active.
> >> For that it needs to be loaded *before* pam_ck_connector. [1]

> > Why in the world does a login session ID have anything to do with a
> > session being "active"?  That seems like a buggy definition to me.

> Sorry, I meant "local" here.

Ah, ok.  So by default, a session without a known login uid is regarded as
remote?  How does consolekit distinguish between local and remote sessions
if the login uid *is* set?  Are they all then considered local?  In that
case, why shouldn't this be the default?  Or if consolekit somehow
distinguishes between local and remote services, what should happen if a
user ssh's in and runs startx?

I just don't see any way that pam_loginuid provides any new information here
that's at all useful - and certainly not if we're using it in a way other
than it's designed to be used.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek@ubuntu.com                                     vorlon@debian.org
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Steve Langasek <vorlon@debian.org>:
Bug#661745; Package libpam-runtime. (Thu, 01 Mar 2012 22:21:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Michael Biebl <biebl@debian.org>:
Extra info received and forwarded to list. Copy sent to Steve Langasek <vorlon@debian.org>. (Thu, 01 Mar 2012 22:21:06 GMT) Full text and rfc822 format available.

Message #30 received at 661745@bugs.debian.org (full text, mbox):

From: Michael Biebl <biebl@debian.org>
To: Steve Langasek <vorlon@debian.org>
Cc: 661745@bugs.debian.org
Subject: Re: Bug#661745: Please enable pam_loginuid by default
Date: Thu, 01 Mar 2012 23:16:36 +0100
[Message part 1 (text/plain, inline)]
On 01.03.2012 00:24, Steve Langasek wrote:
> On Wed, Feb 29, 2012 at 11:54:19PM +0100, Michael Biebl wrote:
>> On 29.02.2012 23:46, Steve Langasek wrote:
>>> On Wed, Feb 29, 2012 at 11:25:42PM +0100, Michael Biebl wrote:
> 
>>> DESCRIPTION
>>>        The pam_loginuid module sets the loginuid process attribute for the
>>>        process that was authenticated. This is necessary for applications to
>>>        be correctly audited. This PAM module should only be used for entry
>>>        point applications like: login, sshd, gdm, vsftpd, crond and atd. 
> 
>>> This appears to make it inappropriate to include by default via
>>> libpam-runtime.  Some of these services are interactive, some are
>>> noninteractive; there are both interactive and noninteractive services that
>>> don't count as initial login services.
> 
>> Well, what is the problem of enabling pam_loginuid for
>> non-entry-point-applications? Does this cause any unwanted side-effects?
>> If so, which ones? I've been using this configuration without noticing
>> any problem, so I'm curious.
> 
> The problem is that it's no longer serving the stated function of recording
> a *login* uid, and as a result is giving wrong information to any
> applications that want this information!

Ok, fair enough. I guess I'm going to clone/reassign this bug to login,
sshd, *dm (gdm3,kdm,lightdm), crond and atd.

From what I can see, this would also help auditd to work better ootb,
since it has
lib/libaudit.c:	o = open("/proc/self/loginuid",
O_NOFOLLOW|O_WRONLY|O_TRUNC);

Does the above list look reasonable to you?
Would you recommend to load the pam_module as optional or required?

Michael
-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

[signature.asc (application/pgp-signature, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Steve Langasek <vorlon@debian.org>:
Bug#661745; Package libpam-runtime. (Thu, 07 Jun 2012 15:09:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Laurent Bigonville <bigon@debian.org>:
Extra info received and forwarded to list. Copy sent to Steve Langasek <vorlon@debian.org>. (Thu, 07 Jun 2012 15:09:05 GMT) Full text and rfc822 format available.

Message #35 received at 661745@bugs.debian.org (full text, mbox):

From: Laurent Bigonville <bigon@debian.org>
To: Debian Bug Tracking System <661745@bugs.debian.org>
Subject: Re: Please enable pam_loginuid by default
Date: Thu, 07 Jun 2012 17:07:20 +0200
Package: libpam-runtime
Followup-For: Bug #661745

Hi,

For the record it seems that auditd package is already adding this at
the end of the session's, see /usr/share/pam-configs/auditd

Name: Security audit login UID
Default: yes
Priority: 0
Session-Type: Additional
Session-Final:
        required        pam_loginuid.so

On a side note, the modules is added *after* pam_ck_connector and not
before.

Cheers

Laurent Bigonville

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_BE.utf8, LC_CTYPE=fr_BE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libpam-runtime depends on:
ii  debconf         1.5.43
ii  libpam-modules  1.1.3-7.1

libpam-runtime recommends no packages.

libpam-runtime suggests no packages.

-- debconf information:
  libpam-runtime/override: false
* libpam-runtime/profiles: unix, systemd, gnome-keyring, consolekit, auditd
  libpam-runtime/title:
  libpam-runtime/conflicts:
  libpam-runtime/no_profiles_chosen:




Information forwarded to debian-bugs-dist@lists.debian.org, Steve Langasek <vorlon@debian.org>:
Bug#661745; Package libpam-runtime. (Sun, 10 Jun 2012 22:18:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Laurent Bigonville <bigon@debian.org>:
Extra info received and forwarded to list. Copy sent to Steve Langasek <vorlon@debian.org>. (Sun, 10 Jun 2012 22:18:04 GMT) Full text and rfc822 format available.

Message #40 received at 661745@bugs.debian.org (full text, mbox):

From: Laurent Bigonville <bigon@debian.org>
To: Steve Langasek <vorlon@debian.org>
Cc: 661745@bugs.debian.org, Michael Biebl <biebl@debian.org>
Subject: Re: Please enable pam_loginuid by default
Date: Mon, 11 Jun 2012 00:16:20 +0200
Hi,

Please find here the services where pam_loginuid and pam_ck_connector
are used on a default Fedora 17 installation.


[bigon@localhost pam.d]$ grep -r loginuid *
atd:session    required    pam_loginuid.so
crond:session    required   pam_loginuid.so
gdm-autologin:session    required    pam_loginuid.so
gdm-fingerprint:session     required      pam_loginuid.so
gdm-password:session     required      pam_loginuid.so
gdm-smartcard:session     required      pam_loginuid.so
gdm-welcome:session    required    pam_loginuid.so
login:session    required     pam_loginuid.so
remote:session    required     pam_loginuid.so
sshd:session    required     pam_loginuid.so

[bigon@localhost pam.d]$ grep -r pam_ck_connector *
gdm-autologin:-session    optional    pam_ck_connector.so
gdm-fingerprint:-session    optional    pam_ck_connector.so
gdm-password:-session    optional    pam_ck_connector.so
gdm-smartcard:-session    optional    pam_ck_connector.so
login:-session   optional     pam_ck_connector.so

Cheers

Laurent Bigonville




Added indication that bug 661745 blocks 676527 Request was from Laurent Bigonville <bigon@debian.org> to control@bugs.debian.org. (Sun, 10 Jun 2012 22:45:15 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Steve Langasek <vorlon@debian.org>:
Bug#661745; Package libpam-runtime. (Wed, 13 Jun 2012 23:30:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Laurent Bigonville <bigon@debian.org>:
Extra info received and forwarded to list. Copy sent to Steve Langasek <vorlon@debian.org>. (Wed, 13 Jun 2012 23:30:03 GMT) Full text and rfc822 format available.

Message #47 received at 661745@bugs.debian.org (full text, mbox):

From: Laurent Bigonville <bigon@debian.org>
To: 661745@bugs.debian.org
Subject: Re: Please enable pam_loginuid by default
Date: Thu, 14 Jun 2012 01:26:46 +0200
Hi,

pam_loginuid must be added in login (like) services:

 session required pam_loginuid.so

This line must be added between the selinux open/close calls.

Laurent Bigonville




Bug 661745 cloned as bugs 677435, 677436, 677437, 677438, 677439, 677440, 677441, 677442, 677443 Request was from Laurent Bigonville <bigon@debian.org> to control@bugs.debian.org. (Wed, 13 Jun 2012 23:45:05 GMT) Full text and rfc822 format available.

Bug reassigned from package 'libpam-runtime' to 'gdm3'. Request was from Laurent Bigonville <bigon@debian.org> to control@bugs.debian.org. (Wed, 13 Jun 2012 23:45:19 GMT) Full text and rfc822 format available.

No longer marked as found in versions pam/1.1.3-7. Request was from Laurent Bigonville <bigon@debian.org> to control@bugs.debian.org. (Wed, 13 Jun 2012 23:45:19 GMT) Full text and rfc822 format available.

Marked as found in versions gdm3/3.0.4-4. Request was from Laurent Bigonville <bigon@debian.org> to control@bugs.debian.org. (Wed, 13 Jun 2012 23:45:20 GMT) Full text and rfc822 format available.

Added tag(s) pending. Request was from Laurent Bigonville <bigon@debian.org> to control@bugs.debian.org. (Wed, 13 Jun 2012 23:57:02 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>:
Bug#661745; Package gdm3. (Thu, 14 Jun 2012 09:51:26 GMT) Full text and rfc822 format available.

Acknowledgement sent to Laurent Bigonville <bigon@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>. (Thu, 14 Jun 2012 09:51:34 GMT) Full text and rfc822 format available.

Message #62 received at 661745@bugs.debian.org (full text, mbox):

From: Laurent Bigonville <bigon@debian.org>
To: 677438@bugs.debian.org, 661745@bugs.debian.org, 677435@bugs.debian.org, 677436@bugs.debian.org, 677441@bugs.debian.org, 677440@bugs.debian.org, 677442@bugs.debian.org, 677437@bugs.debian.org, 677443@bugs.debian.org, 677439@bugs.debian.org
Subject: Re: Please enable pam_loginuid by default
Date: Thu, 14 Jun 2012 11:48:27 +0200
Hi,

So let's try to be more clear about this bug.

pam_loginuid is used to track user login. This module is needed
by different things: the audit daemon, consolekit and systemd (for the
later, the lack of calling this module, produces some nasty issues, like
breaking sudo).

The module must only be called in login-like services (login, xDM,...)
and not in services like sudo as this is defeating the purpose of
having a UID per login. The pam-auth-update is currently laking (see
#677288) a way to add modules to login services only.

pam_loginuid.so module is already present in the libpam-modules package
which is Priority: required which means it's installed on every system
by default.

The module need to be added in between the call to selinux close/open
and before pam_ck_connector modules (if they are already present in your
pam service file), I also recommend to add it before the
common-session(-noninteractive) include. For example:

 session required        pam_selinux.so close
 [...]
 session required        pam_loginuid.so   << Add it here
 @include common-session
 session required        pam_selinux.so open

Cheers

Laurent Bigonville




Reply sent to Josselin Mouette <joss@debian.org>:
You have taken responsibility. (Wed, 20 Jun 2012 22:51:28 GMT) Full text and rfc822 format available.

Notification sent to Michael Biebl <biebl@debian.org>:
Bug acknowledged by developer. (Wed, 20 Jun 2012 22:51:28 GMT) Full text and rfc822 format available.

Message #67 received at 661745-close@bugs.debian.org (full text, mbox):

From: Josselin Mouette <joss@debian.org>
To: 661745-close@bugs.debian.org
Subject: Bug#661745: fixed in gdm3 3.4.1-1
Date: Wed, 20 Jun 2012 22:47:35 +0000
Source: gdm3
Source-Version: 3.4.1-1

We believe that the bug you reported is fixed in the latest version of
gdm3, which is due to be installed in the Debian FTP archive:

gdm3_3.4.1-1.debian.tar.gz
  to main/g/gdm3/gdm3_3.4.1-1.debian.tar.gz
gdm3_3.4.1-1.dsc
  to main/g/gdm3/gdm3_3.4.1-1.dsc
gdm3_3.4.1-1_amd64.deb
  to main/g/gdm3/gdm3_3.4.1-1_amd64.deb
gdm3_3.4.1.orig.tar.xz
  to main/g/gdm3/gdm3_3.4.1.orig.tar.xz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 661745@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Josselin Mouette <joss@debian.org> (supplier of updated gdm3 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 21 Jun 2012 00:18:36 +0200
Source: gdm3
Binary: gdm3
Architecture: source amd64
Version: 3.4.1-1
Distribution: unstable
Urgency: low
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
Changed-By: Josselin Mouette <joss@debian.org>
Description: 
 gdm3       - Next generation GNOME Display Manager
Closes: 580627 610826 648666 650183 655328 656384 661289 661745
Changes: 
 gdm3 (3.4.1-1) unstable; urgency=low
 .
   [ Jordi Mallach ]
   * Update po-up/ca.po.
 .
   [ Josselin Mouette ]
   * gdm3.init: remove .ICEauthority before starting. Closes: #648666.
   * x11-common will now include xhost code to give access to the
     local user if xhost is installed (see #586685).
     + Depend on the appropriate x11-common version.
     + Depend on x11-xserver-utils so that it actually works.
   * New upstream release.
   * Updated build-dependencies: nss, glib.
   * 01_language.patch: dropped, merged upstream.
   * 04_no_fatal_criticals.patch: dropped, obsolete.
   * 07_libexec-paths.patch: removed unused variables/files.
   * 08_frequent-users_greeter.patch: reworked according to upstream
     changes.
   * 10_gdm3_pam.patch: updated for the new version. Do not prefix the
     PAM files for multistack, they have new names anyway.
   * 14_pam_dialog.patch: dropped, upstream merged an improved version.
   * 18_parametrize_create_display.patch: updated for the new version.
   * 19_static_transient_display.patch: unfuzzed.
   * 29_grep_path.patch: dropped, merged upstream.
   * 91_dconf_override.patch: dropped, the configuration generation has
     completely changed.
   * 93_xdg_data_dirs.patch: dropped, similar functionality merged
     upstream.
   * Drop the dconf-gsettings-backend dependency.
   * greeter.gconf-defaults:
     + Drop the g-p-m setting.
   * greeter.gsettings:
     + Force gdm-fallback as the default session.
     + Document how to use gdm-shell.
     + Document how to change the background. Closes: #655328.
   * rules:
     + Generate xx_upstream.gschema.override from the new
       00-upstream-settings file (much simpler).
     + Remove /etc/dconf from the installed files.
     + Drop all development libraries/headers.
     + Explicitly disable introspection.
     + (All of this can be shipped in separate packages if actual
       packages start using this library.)
     + Explicitly disable split authentication, it will not work properly
       with the Debianized PAM stack.
     + Remove the associated PAM files.
     + Disable dh_makeshlibs.
     + Install the dconf stuff in /usr/share/gdm.
   * gdm3.postinst:
     + Remove the old gsettings file upon upgrade.
   * gdm3.links:
     + Remove the old gsettings link.
   * gdm3.init:
     + Replace the gsettings generation by a dconf-based one.
     + Do a conversion for the configuration file so that it remains
       compatible.
   * 92_gsettings_path.patch: updated to force the dconf directory to be
     in the GDM runtime directory.
   * gdm3.install:
     + Stop installing MIME files by hand.
   * 93_private_lib.patch: new patch. Install the shared library in a
     private directory.
   * Break gnome-shell < 3.2 for correct shell support.
   * Suggest gnome-shell.
   * Require g-s-d and metacity, they are no longer optional. Requiring
     g-s-d 3.2 Closes: #656384.
   * Require d-conf 0.10.0-4 to configure the dconf path and parse
     defaults in order.
 .
   [ Laurent Bigonville ]
   * debian/gdm3.pam, debian/gdm3-autologin.pam: Call pam_selinux pam module
     (Closes: #661289)
   * debian/gdm3.pam, debian/gdm3-autologin.pam: Call pam_loginuid pam module
     (Closes: #661745)
 .
   [ Josselin Mouette ]
   * New upstream release.
     + Features the incredible capability to not try endlessly to start
       up X servers when they fail to start.
       Closes: #580627, #610826, #650183.
   * Move login manager defaults from gconf to gsettings.
     + Now we use full path for the icon.
   * Add the metacity default to gsettings too.
   * Require a metacity version which supports gsettings.
   * Get rid of anything related to GConf.
   * Use dh maintscript support to remove the old GConf config file.
   * Force disable systemd support.
   * 06_first_vt.patch, 17_switch_on_finish.patch: refreshed.
   * 07_libexec-paths.patch:
     + Use the binary path as provided by g-s-d.pc.
     + Add a check for gnome-session, which is also used.
   * 10_gdm3_pam.patch: handle the bucket of FAIL that is hardcoding the
     service name in various places since split authentication was
     introduced.
   * 18_parametrize_create_display.patch,
     19_static_transient_display.patch, 20_switch_kill_greeter.patch,
     21_static_display_purge.patch: adapt to systemd/multiseat changes.
   * Require dconf 0.12.1-2.
   * gdm3.post{inst,rm}: add a gdm-welcome PAM service, which is now
     needed for the login session. It's just a symlink.
   * 91_shell_version_control.patch: new patch, Debian-specific. Add
     strict version checking for gnome-shell in order to go to the fall
     back session in case of potential incompatibility.
   * 93_private_lib.patch: also install the typelib file in the private
     directory, and drop the gir file.
   * gdm3.dirs: /usr/lib/gnome-shell
   * rules:
     + Remove pre-built gdm.schemas which includes incorrect settings.
     + Enable introspection.
     + Instruct dh_girepository to look at the typelib file in the right
       place.
     + Add symbolic links for the library and typelib in the gnome-shell
       directory so that it can use them.
   * Add gir (build-)dependencies.
   * 23_start_polkit.patch: new patch. Start the policykit agent in the
     fallback session. Otherwise reboot/shutdown does nothing when
     someone is logged on.
Checksums-Sha1: 
 98602bf2110dea0737d8a390b369fb44fc1551e8 2089 gdm3_3.4.1-1.dsc
 9213fe32643b7dcb79e9026ed0be2372ef275a59 1615612 gdm3_3.4.1.orig.tar.xz
 6fa2aed36b78019430a40acb90eb9251b9f0834e 102344 gdm3_3.4.1-1.debian.tar.gz
 07171bd04ffbde35e97ecd41a49176a35311a08b 1493204 gdm3_3.4.1-1_amd64.deb
Checksums-Sha256: 
 e36bff0c0b2d455d7df7891be0379ecaf55e82b85486fd2019c767b8c92e8264 2089 gdm3_3.4.1-1.dsc
 6292968dff5fc89877b5e1aaa3c7d1484dd3ed2d4f388e935841d053439be665 1615612 gdm3_3.4.1.orig.tar.xz
 a71c9a38ed7d7ca05b8cb644fa02c662aa184a8095f8d3ea9f005d30d619ec59 102344 gdm3_3.4.1-1.debian.tar.gz
 7f11f1a9092f2361220708a05a5cd0d11f42c9834a8b4baae6b17c3fc1d1b21c 1493204 gdm3_3.4.1-1_amd64.deb
Files: 
 1f300f7f41f2aeecd4898dc90ee02ce2 2089 gnome optional gdm3_3.4.1-1.dsc
 fda0470340f9c0bc2f8daccb280af520 1615612 gnome optional gdm3_3.4.1.orig.tar.xz
 6ea2fdc30880252633842c29a0621b23 102344 gnome optional gdm3_3.4.1-1.debian.tar.gz
 82c4ff29f2f2f89fa328711d226afca2 1493204 gnome optional gdm3_3.4.1-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFP4k60rSla4ddfhTMRArr5AJ9Rd3MIUbwGTQ28uuIy3TaqkpzoLwCeJvjA
rXzAavXtfENtf0GN0C8c+ms=
=l395
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 20 Jul 2012 07:28:59 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 23 15:17:36 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.