[Bug 1686393] Re: [MIR] gdm3
I reviewed gdm3 version 3.24.2-1ubuntu2 as checked into artful. This should not be considered a full security audit but a quick gauge of maintainability. UCT has two CVEs: first, holding esc key allowed bypassing the lock screen. Second, one REJECTed CVE that was assigned for the usual "desktop visible shortly after suspend" issue that for some reason everyone is affected by all the time. (It may not be user-friendly but locking before suspending is the usual Linux way to make sure it's locked when re-waking.) - gdm3 is a login/lock display manager - Build-Depends: gnome-pkg-tools, debhelper, dconf-cli, intltool, libdbus-glib-1-dev, libglib2.0-dev, libgtk-3-dev, libpango1.0-dev, libcanberra-gtk3-dev, libfontconfig1-dev, libaccountsservice-dev, gnome-settings-daemon-dev, gnome-settings-daemon, libnss3-dev, libxcb1-dev, libx11-dev, libxau-dev, libxt-dev, libxext-dev, check, libgirepository1.0-dev, gobject-introspection, libpam0g-dev, libkeyutils-dev, libxdmcp-dev, libwrap0-dev, libxft-dev, libxi-dev, libxinerama-dev, libplymouth-dev plymouth-dev, yelp-tools, libselinux1-dev, libattr1-dev, iso-codes, libaudit-dev, docbook-xml, gsettings-desktop-schemas, libsystemd-dev, xserver-xorg-dev - Does not itself do encryption - Appears it still supports xdmcp - pre-inst file deletes /etc/pam.d/gdm-launch-environment if upgrading from 3.10.0.1-3~ or earlier - pre-rm file has very involved script to manage debconf and systemd service files - post-inst file has involved script to add gdm group and user, manage debconf, systemd service files, convert gsettings to gconf, and restart gdm3 via invoke-rc.d - post-rm file removes init scripts, /etc files, /var/*/gdm3 directories, gdm user, gdm group, and manages debconf - initscript starts systemd logind, rebuilds configuration, uses start-stop-daemon to run gdm3 - systemd unit checks with /etc/X11/default-display-manager before running, loads in the environment from /etc/default/locale - Fairly complicated dbus interfaces - No setuid executables - gdm-screenshot gdm3 and gdmflexiserver executables in the PATH - No sudo fragments - No udev rules - Processes spawned extensively via glib wrappers. I didn't see any cases of unsafe data being mishandled but the amount of extra overhead in each execution is surprising. - Memory management looked careful if wasteful. - File management may suffer from leaky abstractions: e.g. create_auth_file() uses g_open() on the results of g_build_filename(), g_mkdir_with_parents(), and g_get_user_runtime_dir(), which doesn't have any error checking on most of these calls. (There's also no O_EXCL, O_NONBLOCK, O_NOCTTY, O_NOFOLLOW; I don't know if any of these would fit in the threat model of the application so they may not be security issues, but O_EXCL may be important for reliability.) Errors here appear to percolate to a NULL pointer added to an array in spawn_x_server() which will hopefully cause X to fail with an error ("expected argument" for the -auth parameter), but may have other consequences. - Extensive logging, looked safe. - Uses WAYLAND_DISPLAY RUNNING_UNDER_GDM GTK_MODULES DISPLAY XAUTHORITY GDM_SESSION_DBUS_ADDRESS GDM_SESSION_FOR_REAUTH XDG_VTNR WINDOWPATH PATH variables - Sets GTK_MODULES XORG_RUN_AS_USER_OK DISPLAY XAUTHORITY DBUS_SESSION_BUS_ADDRESS WINDOWPATH WINDOWPATH PATH LOGNAME USER USERNAME HOME SHELL variables - Privileged operations sometimes do not check return errors - No cryptography - Temporary files appear to be created safely - No WebKit - Clean cppcheck (three cppcheck errors) - I didn't see polkit use Here's some notes I took while reading the source code: - 88 cases of "deprecation warning" - chown and chmod errors in the build logs (below) - chmod/chown in debian/: WARNING: debian/gdm3.postinst:chown -R gdm:gdm /var/lib/gdm3 - /bin/sh as shell in debian/: WARNING: debian/gdm3.prerm:#!/bin/bash - dh: unable to load addon gnome: Can't locate Debian/Debhelper/Sequence/gnome.pm in @INC (you may need to install the Debian::Debhelper::Sequence::gnome module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.22.1 /usr/local/share/perl/5.22.1 /usr/lib/x86_64-linux-gnu/perl5/5.22 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.22 /usr/share/perl/5.22 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base .) at (eval 13) line 2. jbicha reports the lintians are false positives [removed here], and filed: https://bugzilla.gnome.org/783079 (chown) https://bugzilla.gnome.org/783080 https://bugzilla.gnome.org/783081 https://bugzilla.gnome.org/783082 No response 48 days later. (Also, wow, I'm sorry this review took 48 days.) - gdm_get_script_environment() comment claims to populate the hash with the existing environment but I don't see it. If it no longer does then the call to remove MAIL can be removed. - gdm_get_script_environment() builds an environment that pretends either the user's home directory is the PWD or /
[Bug 1686393] Re: [MIR] gdm3
Override component to main gdm3 3.24.2-1ubuntu3 in artful: universe/gnome -> main gdm3 3.24.2-1ubuntu3 in artful amd64: universe/gnome/optional/100% -> main gdm3 3.24.2-1ubuntu3 in artful arm64: universe/gnome/optional/100% -> main gdm3 3.24.2-1ubuntu3 in artful armhf: universe/gnome/optional/100% -> main gdm3 3.24.2-1ubuntu3 in artful i386: universe/gnome/optional/100% -> main gdm3 3.24.2-1ubuntu3 in artful ppc64el: universe/gnome/optional/100% -> main gdm3 3.24.2-1ubuntu3 in artful s390x: universe/gnome/optional/100% -> main gir1.2-gdm-1.0 3.24.2-1ubuntu3 in artful amd64: universe/introspection/optional/100% -> main gir1.2-gdm-1.0 3.24.2-1ubuntu3 in artful arm64: universe/introspection/optional/100% -> main gir1.2-gdm-1.0 3.24.2-1ubuntu3 in artful armhf: universe/introspection/optional/100% -> main gir1.2-gdm-1.0 3.24.2-1ubuntu3 in artful i386: universe/introspection/optional/100% -> main gir1.2-gdm-1.0 3.24.2-1ubuntu3 in artful ppc64el: universe/introspection/optional/100% -> main gir1.2-gdm-1.0 3.24.2-1ubuntu3 in artful s390x: universe/introspection/optional/100% -> main libgdm-dev 3.24.2-1ubuntu3 in artful amd64: universe/libdevel/optional/100% -> main libgdm-dev 3.24.2-1ubuntu3 in artful arm64: universe/libdevel/optional/100% -> main libgdm-dev 3.24.2-1ubuntu3 in artful armhf: universe/libdevel/optional/100% -> main libgdm-dev 3.24.2-1ubuntu3 in artful i386: universe/libdevel/optional/100% -> main libgdm-dev 3.24.2-1ubuntu3 in artful ppc64el: universe/libdevel/optional/100% -> main libgdm-dev 3.24.2-1ubuntu3 in artful s390x: universe/libdevel/optional/100% -> main libgdm1 3.24.2-1ubuntu3 in artful amd64: universe/libs/optional/100% -> main libgdm1 3.24.2-1ubuntu3 in artful arm64: universe/libs/optional/100% -> main libgdm1 3.24.2-1ubuntu3 in artful armhf: universe/libs/optional/100% -> main libgdm1 3.24.2-1ubuntu3 in artful i386: universe/libs/optional/100% -> main libgdm1 3.24.2-1ubuntu3 in artful ppc64el: universe/libs/optional/100% -> main libgdm1 3.24.2-1ubuntu3 in artful s390x: universe/libs/optional/100% -> main Override [y|N]? y 25 publications overridden. ** Changed in: gdm3 (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gdm3 in Ubuntu. https://bugs.launchpad.net/bugs/1686393 Title: [MIR] gdm3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1686393/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1686393] Re: [MIR] gdm3
As Mathieu is currently on holidays and security +1 it, let's get that moved so that it can be seeded in tomorrow's image. Handling the promotion. ** Changed in: gdm3 (Ubuntu) Status: Confirmed => Fix Committed -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gdm3 in Ubuntu. https://bugs.launchpad.net/bugs/1686393 Title: [MIR] gdm3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1686393/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1686393] Re: [MIR] gdm3
** Changed in: gdm3 (Ubuntu) Assignee: Ubuntu Security Team (ubuntu-security) => Mathieu Trudel-Lapierre (cyphermox) -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gdm3 in Ubuntu. https://bugs.launchpad.net/bugs/1686393 Title: [MIR] gdm3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1686393/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1686393] Re: [MIR] gdm3
Since the decision to use gdm3 has been publicly announced, the Security Team does not want to hold up gdm3 from being promoted to main. The security review will continue and the results will be documented here (with additional bugs filed upstream as necessary) when complete. Meanwhile, gdm3 can move to main. -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gdm3 in Ubuntu. https://bugs.launchpad.net/bugs/1686393 Title: [MIR] gdm3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1686393/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1686393] Re: [MIR] gdm3
** Changed in: gdm3 (Ubuntu) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gdm3 in Ubuntu. https://bugs.launchpad.net/bugs/1686393 Title: [MIR] gdm3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1686393/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1686393] Re: [MIR] gdm3
Hi Iain, this has not been forgotten, but keeps being superseded with other work. Thanks -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gdm3 in Ubuntu. https://bugs.launchpad.net/bugs/1686393 Title: [MIR] gdm3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1686393/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1686393] Re: [MIR] gdm3
Guys? -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gdm3 in Ubuntu. https://bugs.launchpad.net/bugs/1686393 Title: [MIR] gdm3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1686393/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1686393] Re: [MIR] gdm3
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: gdm3 (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gdm3 in Ubuntu. https://bugs.launchpad.net/bugs/1686393 Title: [MIR] gdm3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1686393/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1686393] Re: [MIR] gdm3
I've re-assigned it to security to get the wheels turning again. Turns out robert's gnome-shell upload didn't completely work without libgdm1 installed. libgdm1 provides gsettings schema that gnome-shell requires. ** Changed in: gdm3 (Ubuntu) Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security) ** Changed in: gdm3 (Ubuntu) Status: Incomplete => New -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gdm3 in Ubuntu. https://bugs.launchpad.net/bugs/1686393 Title: [MIR] gdm3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1686393/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1686393] Re: [MIR] gdm3
lightdm does support GNOME on Wayland. It doesn't currently work on a default Ubuntu (Unity) 17.04 install because of LP: #1632772 but that was "fixed" in 17.10 by removing unity8 from the archives. (You're welcome to remove unity8 from your computer as a workaround.) -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gdm3 in Ubuntu. https://bugs.launchpad.net/bugs/1686393 Title: [MIR] gdm3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1686393/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1686393] Re: [MIR] gdm3
It's my understanding that gdm is required to start gnome-shell with wayland. I'm guessing "having lightdm fully support gnome-shell" will include wayland support? -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gdm3 in Ubuntu. https://bugs.launchpad.net/bugs/1686393 Title: [MIR] gdm3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1686393/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1686393] Re: [MIR] gdm3
I'm setting to Incomplete and unassigning Ubuntu Security for now since Robert got a basic gnome-shell working without gdm's gir. The Desktop Team will see what happens with the work on having lightdm fully support gnome-shell (LP: #1694962) to determine whether this MIR will still be needed. ** Changed in: gdm3 (Ubuntu) Status: New => Incomplete ** Changed in: gdm3 (Ubuntu) Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gdm3 in Ubuntu. https://bugs.launchpad.net/bugs/1686393 Title: [MIR] gdm3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1686393/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1686393] Re: [MIR] gdm3
Seth, some of your lintian warnings are because you are using an old version of lintian. I don't get any lintian warnings here. 'bash' is Essential so I'm not sure why a script that specifies /bin/bash would be an issue. I filed these bugs upstream: https://bugzilla.gnome.org/783079 (chown) https://bugzilla.gnome.org/783080 https://bugzilla.gnome.org/783081 https://bugzilla.gnome.org/783082 -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gdm3 in Ubuntu. https://bugs.launchpad.net/bugs/1686393 Title: [MIR] gdm3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1686393/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1686393] Re: [MIR] gdm3
I'm just getting started and thought I'd give some early feedback. There appears to be a lot more noise in the build logs than usual: - 88 cases of "deprecation warning" - chown and chmod errors in the build logs (below) - lintian error and warning: E: gdm3 source: missing-build-dependency-for-dh_-command dh_autoreconf => dh-autoreconf W: gdm3 source: newer-standards-version 3.9.8 (current is 3.9.7) - chmod/chown in debian/: WARNING: debian/gdm3.postinst:chown -R gdm:gdm /var/lib/gdm3 - /bin/sh as shell in debian/:WARNING: debian/gdm3.prerm:#!/bin/bash - dh: unable to load addon gnome: Can't locate Debian/Debhelper/Sequence/gnome.pm in @INC (you may need to install the Debian::Debhelper::Sequence::gnome module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.22.1 /usr/local/share/perl/5.22.1 /usr/lib/x86_64-linux-gnu/perl5/5.22 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.22 /usr/share/perl/5.22 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base .) at (eval 13) line 2. And the chown/chmod errors from the build logs: if test '!' -d /<>/debian/tmp/var/run/gdm3; then \ /bin/bash /<>/install-sh -d /<>/debian/tmp/var/run/gdm3; \ chmod 0711 /<>/debian/tmp/var/run/gdm3; \ chown root:gdm /<>/debian/tmp/var/run/gdm3 || : ; \ fi chown: invalid group: â<80><98>root:gdmâ<80><99> if test -n "gdm.service" -a '!' -d /<>/debian/tmp/lib/systemd/system; then \ /bin/bash /<>/install-sh -d /<>/debian/tmp/lib/systemd/system; \ chmod 0755 /<>/debian/tmp/lib/systemd/system; \ chown root:root /<>/debian/tmp/lib/systemd/system || : ; \ /usr/bin/install -c -m 644 ./gdm.service /<>/debian/tmp/lib/systemd/system/gdm.service; \ fi if test '!' -d /<>/debian/tmp/var/run/gdm3/greeter; then \ /bin/bash /<>/install-sh -d /<>/debian/tmp/var/run/gdm3/greeter; \ chmod 0755 /<>/debian/tmp/var/run/gdm3/greeter; \ chown gdm:gdm /<>/debian/tmp/var/run/gdm3/greeter || : ; \ fi chown: invalid user: â<80><98>gdm:gdmâ<80><99> if test '!' -d /<>/debian/tmp/var/lib/gdm3; then \ /bin/bash /<>/install-sh -d /<>/debian/tmp/var/lib/gdm3; \ chmod 1770 /<>/debian/tmp/var/lib/gdm3; \ chown root:gdm /<>/debian/tmp/var/lib/gdm3 || : ; \ fi chown: invalid group: â<80><98>root:gdmâ<80><99> if test '!' -d /<>/debian/tmp/var/lib/gdm3/.local/share/applications; then \ /bin/bash /<>/install-sh -d /<>/debian/tmp/var/lib/gdm3/.local/share/applications; \ chmod 0755 /<>/debian/tmp/var/lib/gdm3/.local/share/applications; \ chown gdm:gdm /<>/debian/tmp/var/lib/gdm3/.local/share/applications || : ; \ fi chown: invalid user: â<80><98>gdm:gdmâ<80><99> if test '!' -d /<>/debian/tmp/var/cache/gdm; then \ /bin/bash /<>/install-sh -d /<>/debian/tmp/var/cache/gdm; \ chmod 1755 /<>/debian/tmp/var/cache/gdm; \ chown root:gdm /<>/debian/tmp/var/cache/gdm || : ; \ fi chown: invalid group: â<80><98>root:gdmâ<80><99> Thanks -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gdm3 in Ubuntu. https://bugs.launchpad.net/bugs/1686393 Title: [MIR] gdm3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1686393/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1686393] Re: [MIR] gdm3
** Description changed: Availability Co-maintained with Debian GNOME. Built for all supported architectures. Changes from Debian: Update to 3.24 + README.Debian: update for correct paths in Ubuntu + control.in: - Don't recommend desktop-base - Depend on bash for ubuntu_config_error_dialog.patch + rules: - Don't override default user/group - --enable-gdm-xsession to install upstream Xsession script - override dh_installinit with --no-start to avoid session being killed + rules, README.Debian, gdm3.8.pod: Use upstream custom.conf instead of daemon.conf + gdm3.{postinst,postrm}: rename user and group back to gdm + gdm3.postinst: don't kill gdm on upgrade + gdm3.*.pam: Make pam_env read ~/.pam_environment (LP: #952185) + gdm3.install: - Stop installing default.desktop. It adds unnecessary clutter ("System Default") to the session chooser. - Don't install debian/Xsession + ubuntu_run_xsession.d.patch + ubuntu_upstart_event.patch: - Emit upstart events + ubuntu_xresources_is_a_dir.patch - Fix loading from /etc/X11/Xresources/* + ubuntu_nvidia_prime.patch: - Add hook to run prime-offload (as root) and prime-switch if nvidia-prime is installed (LP: #1262068) + revert_override_LANG_with_accountservices.patch: - On Ubuntu accountservices only stores the language and not the full locale as needed by LANG. + ubuntu_config_error_dialog.patch: - Show warning dialog in case of error in ~/.profile etc. and don't let a syntax error make the login fail (LP: #678421). + 09_default_session.patch: - Dropped, all the other Ubuntu flavors use LightDM and it only takes a gsettings override to set a different default session Rationale = gnome-shell (MIR LP: #1685870) depends on gir1.2-gdm-1.0 (which depends on libgdm1). gnome-shell currently will not run if that dependency is not installed. Robert Ancell was talking with the GDM developer Ray Strode about the possibility of GNOME switching to LightDM. So ask Robert about the status of that. Security https://security-tracker.debian.org/tracker/source-package/gdm3 There is one open CVE, but I think this is a common bug with Linux lock screens: https://security-tracker.debian.org/tracker/CVE-2016-102 Quality assurance = - Ubuntu Desktop Bugs is subscribed to this package. https://bugs.launchpad.net/ubuntu/+source/gdm3 https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=gdm3 https://bugzilla.gnome.org/buglist.cgi?quicksearch=product%3A"gdm; - No tests. + dh_auto_test runs the minimal upstream tests Dependencies All binary dependencies should be in main already. See Background information. Standards compliance 3.9.8 Maintenance === - Actively developed upstream https://git.gnome.org/browse/gdm https://code.launchpad.net/~ubuntu-desktop/gdm/ubuntu Debian packaging uses svn, but we're hoping to convert to git this year (which will allow for Ubuntu branches): https://sources.debian.net/src/gdm3/unstable/debian/ Background information == gdm3 was previously in main as 'gdm'. (There is no MIR bug for that since it was in Ubuntu before MIR bugs.) - At this time, we don't need the gdm3 binary promoted to main. The gdm3 - binary depends on gnome-session (source in main, binary in universe) and - recommends xserver-xephyr (source in main, binary in universe). + At this time, we don't need the gdm3 binary promoted to main, only + gir1.2-gdm-1.0 and libgdm1. The gdm3 binary depends on gnome-session + (source in main, binary in universe) and recommends xserver-xephyr + (source in main, binary in universe). -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gdm3 in Ubuntu. https://bugs.launchpad.net/bugs/1686393 Title: [MIR] gdm3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1686393/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1686393] Re: [MIR] gdm3
Since this was in main previously, I don't see any reason to really block it, but it still ought to have some review by the Security team given the obvious security history for gdm and being a login manager. ** Changed in: gdm3 (Ubuntu) Assignee: Mathieu Trudel-Lapierre (cyphermox) => Ubuntu Security Team (ubuntu-security) -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gdm3 in Ubuntu. https://bugs.launchpad.net/bugs/1686393 Title: [MIR] gdm3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1686393/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1686393] Re: [MIR] gdm3
** Changed in: gdm3 (Ubuntu) Assignee: (unassigned) => Mathieu Trudel-Lapierre (cyphermox) -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gdm3 in Ubuntu. https://bugs.launchpad.net/bugs/1686393 Title: [MIR] gdm3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1686393/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1686393] Re: [MIR] gdm3
** Description changed: Availability Co-maintained with Debian GNOME. Built for all supported architectures. Changes from Debian: Update to 3.24 + README.Debian: update for correct paths in Ubuntu + control.in: - Don't recommend desktop-base - Depend on bash for ubuntu_config_error_dialog.patch + rules: - Don't override default user/group - --enable-gdm-xsession to install upstream Xsession script - override dh_installinit with --no-start to avoid session being killed + rules, README.Debian, gdm3.8.pod: Use upstream custom.conf instead of daemon.conf + gdm3.{postinst,postrm}: rename user and group back to gdm + gdm3.postinst: don't kill gdm on upgrade + gdm3.*.pam: Make pam_env read ~/.pam_environment (LP: #952185) + gdm3.install: - Stop installing default.desktop. It adds unnecessary clutter ("System Default") to the session chooser. - Don't install debian/Xsession + ubuntu_run_xsession.d.patch + ubuntu_upstart_event.patch: - Emit upstart events + ubuntu_xresources_is_a_dir.patch - Fix loading from /etc/X11/Xresources/* + ubuntu_nvidia_prime.patch: - Add hook to run prime-offload (as root) and prime-switch if nvidia-prime is installed (LP: #1262068) + revert_override_LANG_with_accountservices.patch: - On Ubuntu accountservices only stores the language and not the full locale as needed by LANG. + ubuntu_config_error_dialog.patch: - Show warning dialog in case of error in ~/.profile etc. and don't let a syntax error make the login fail (LP: #678421). + 09_default_session.patch: - Dropped, all the other Ubuntu flavors use LightDM and it only takes a gsettings override to set a different default session Rationale = gnome-shell (MIR LP: #1685870) depends on gir1.2-gdm-1.0 (which depends on libgdm1). gnome-shell currently will not run if that dependency is not installed. Robert Ancell was talking with the GDM developer Ray Strode about the possibility of GNOME switching to LightDM. So ask Robert about the status of that. Security https://security-tracker.debian.org/tracker/source-package/gdm3 There is one open CVE, but I think this is a common bug with Linux lock screens: https://security-tracker.debian.org/tracker/CVE-2016-102 Quality assurance = - - Please subscribe Ubuntu Desktop Bugs to this package. + - Ubuntu Desktop Bugs is subscribed to this package. https://bugs.launchpad.net/ubuntu/+source/gdm3 https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=gdm3 https://bugzilla.gnome.org/buglist.cgi?quicksearch=product%3A"gdm; No tests. Dependencies All binary dependencies should be in main already. See Background information. Standards compliance 3.9.8 Maintenance === - Actively developed upstream https://git.gnome.org/browse/gdm https://code.launchpad.net/~ubuntu-desktop/gdm/ubuntu Debian packaging uses svn, but we're hoping to convert to git this year (which will allow for Ubuntu branches): https://sources.debian.net/src/gdm3/unstable/debian/ Background information == gdm3 was previously in main as 'gdm'. (There is no MIR bug for that since it was in Ubuntu before MIR bugs.) At this time, we don't need the gdm3 binary promoted to main. The gdm3 binary depends on gnome-session (source in main, binary in universe) and recommends xserver-xephyr (source in main, binary in universe). -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gdm3 in Ubuntu. https://bugs.launchpad.net/bugs/1686393 Title: [MIR] gdm3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1686393/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs