This bug was fixed in the package gdm3 - 43.0-3ubuntu1 --------------- gdm3 (43.0-3ubuntu1) lunar; urgency=medium [ Simon McVittie ] * d/tests: Don't reset root password. Even if the root password is blank, we want to assert that authentication still doesn't succeed, because we explicitly don't allow smart card authentication as root. * d/tests: Explicitly use blank input when checking for blank password. Otherwise we could block indefinitely when running tests that have an interactive console available. [ Marco Trevisan (Treviño) ] * debian/tests/control: Add explicit dependency on libpam-sss. Even though it could be an implicit one it's still what we're testing * debian/tests/sssd-gdm-smartcard-pam-auth-tester.sh: Some minor cleanups * debian/tests/control, debian/tests/sssd-gdm-smartcard-pam-auth-tester-env.sh Manually use sudo as ubuntu autopkgtest does not support needs-sudo yet * debian/gdm3.install: Do not list config files, just install all gdm3 ones That's used as is in ubuntu (where we install more data and we use the upstream `custom.conf` name for config file), so we don't have to diverge. * Merge with debian, remaining changes: + readme.debian: update for correct paths in ubuntu + control.in: - don't recommend desktop-base - depend on bash for config_error_dialog.patch - update vcs field + rules: - don't override default user/group - -dgdm-xsession=true to install upstream xsession script - override dh_installinit with --no-start to avoid session being killed + rules, readme.debian, gdm3.8.pod: use upstream custom.conf instead of daemon.conf + gdm3.{postinst,postrm}: rename user and group back to gdm + debian/tests/control: - Use gdm user name - Use needs-root instead of needs-sudo (to remove when ubuntu autopkgtest will be updated to include such feature) + debian/tests/sssd-gdm-smartcard-pam-auth-tester-env.sh: - Added to use needs-root autopkgtest instead of needs-sudo + gdm3.*.pam: make pam_env read ~/.pam_environment, as we use in g-c-c settings + gdm3.install: - don't install debian/xsession + add run_xsession.d.patch + add xresources_is_a_dir.patch - fix loading from /etc/x11/xresources/* + add nvidia_prime.patch: - add hook to run prime-offload (as root) and prime-switch if nvidia-prime is installed + add revert_override_lang_with_accountservices.patch: - on ubuntu accountservices only stores the language and not the full locale as needed by lang. + add dont_set_language_env.patch: - don't run the set_up_session_language() function, since it overrides variable values set by ~/.pam_environment + add config_error_dialog.patch: - show warning dialog in case of error in ~/.profile etc. and don't let a syntax error make the login fail + add debian/patches/revert_nvidia_wayland_blacklist.patch: - don't blacklist nvidia for wayland + add gdm3.service-wait-for-drm-device-before-trying-to-start-i.patch: - wait for the first valid gdm device on pre-start + add prefer_ubuntu_session_fallback.patch: - Prefer ubuntu session as fallback instead of GNOME + add XSession-Use-x-terminal-emulator-as-fallback-instead-of-x.patch: - Use x-terminal-emulator as fallback instead of xterm + add Revert-data-Disable-GDM-on-hybrid-graphics-laptops-with-v.patch: - Don't disable Wayland on hybrid graphics laptops + add debian/default.pa - disable bluetooth audio devices in pulseaudio from gdm3. + debian/gdm3.install - added details of the default.pa file + debian/gdm3.postinst - added installation of default.pa and creation of dir if it doesn't exist. + debian/greeter.dconf-defaults: don't set debian settings in the greeter's dconf db gdm3 (43.0-3) unstable; urgency=medium * Team upload [ Marco Trevisan (Treviño) ] * debian/tests/control: Use multi-line Test-Command for easier maintenance * debian/tests/sssd-gdm-smartcard-pam-auth-tester.sh: Assert that entering the wrong PIN leads to authentication failure [ Patrice Duroux ] * d/rules: Generate one man page at a time. Otherwise, the content of one arbitrary .pod file gets duplicated into each of the man pages. (Closes: #1029839) [ Simon McVittie ] * d/tests: Avoid autopkgtest failure if test user has blank password. If the test user has a blank password (which might be the case in an expendable test VM) and PAM accepts blank passwords, then gdm-smartcard-sssd-or-password will always authenticate successfully. If that's the case, temporarily change the user's password to be non-empty while running our tests. Also do the same for root. * Move dbus-daemon security policy from /etc to /usr/share * d/control.in: Drop unnecessary dependency on lsb-base * d/control.in: Remove Multi-Arch: same from gir1.2-gdm-1.0. It is not usefully multi-arch co-installable because it depends on libgdm1, which contains /usr/bin/gdmflexiserver. * d/po/sv.po: Transcode from ISO-8859-1 to UTF-8 * Update syntax of Lintian overrides * Standards-Version: 4.6.2 (no changes required) gdm3 (43.0-2) unstable; urgency=medium * debian/gdm3-gdm-smartcard*: Do not fail if pam_succeed_if suceeded. We were not handling the success case in pam_succeed_if.so, and so even if other modules were successful, gdm-smartcard was failing with a permission denied error, because the pam_succeed_if default was bad, and this was applied to the success case too. Alternatively we could even just use success=ignore here, but it's better to be consistent with other usages. (LP: #1999884) * debian/gdm3.gdm-smartcard-sssd-or-password.pam: Always load gnome keyring and nologin. Ensure that we load the nologin and gnome-key-ring modules also if sss module succeeded. * debian/tests: Add autopkg tests testing gdm smartcard authentication. Create fake certificates from fake CA's and verify they can be used with from a virtual smartcard. -- Marco Trevisan (Treviño)