Bug#1068378: [PATCH] Add the pam_keyinit session module to create new sessionkeyring on login
This commit replicates commits[1][2] from the openssh package. Closes [1] https://salsa.debian.org/ssh-team/openssh/-/commit/ca7f6f719ad5f168b25165caaff658f21c784c4e [2] https://salsa.debian.org/ssh-team/openssh/-/commit/dc461e571bcc56f8d95e83c731007636d8e79da5 Closes: #1068378 --- debian/rules | 10 +- debian/xdm.pam| 19 --- debian/xdm.pam.in | 20 3 files changed, 29 insertions(+), 20 deletions(-) delete mode 100644 debian/xdm.pam create mode 100644 debian/xdm.pam.in diff --git a/debian/rules b/debian/rules index 5d2dbd3..ab9f5d4 100755 --- a/debian/rules +++ b/debian/rules @@ -38,6 +38,7 @@ ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) endif DEB_HOST_ARCH ?= $(shell dpkg-architecture -qDEB_HOST_ARCH) +DEB_HOST_ARCH_OS ?= $(shell dpkg-architecture -qDEB_HOST_ARCH_OS) DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) DEB_BUILD_ARCH_OS ?= $(shell dpkg-architecture -qDEB_BUILD_ARCH_OS) DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) @@ -58,6 +59,13 @@ endif BUILD_DIR := build +debian/xdm.pam: debian/xdm.pam.in +ifeq ($(DEB_HOST_ARCH_OS),linux) + sed 's/^@IF_KEYINIT@//' $< > $@ +else + sed '/^@IF_KEYINIT@/d' $< > $@ +endif + stampdir_targets+=config config: $(STAMP_DIR)/config $(STAMP_DIR)/config: $(STAMP_DIR)/patch @@ -121,7 +129,7 @@ clean: xsfclean dh_clean # Build architecture-dependent files here. -binary-arch: $(STAMP_DIR)/install +binary-arch: $(STAMP_DIR)/install debian/xdm.pam dh_testdir dh_testroot diff --git a/debian/xdm.pam b/debian/xdm.pam deleted file mode 100644 index 1108a71..000 --- a/debian/xdm.pam +++ /dev/null @@ -1,19 +0,0 @@ -auth requisite pam_nologin.so -auth requiredpam_env.so -auth requiredpam_env.so envfile=/etc/default/locale - -# SELinux needs to be the first session rule. This ensures that any -# lingering context has been cleared. Without this it is possible -# that a module could execute code in the wrong domain. -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close -session requiredpam_loginuid.so -# SELinux needs to intervene at login time to ensure that the process -# starts in the proper default security context. Only sessions which are -# intended to run in the user's context should be run after this. -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open -sessionrequiredpam_limits.so - -@include common-auth -@include common-account -@include common-session -@include common-password diff --git a/debian/xdm.pam.in b/debian/xdm.pam.in new file mode 100644 index 000..92c46b7 --- /dev/null +++ b/debian/xdm.pam.in @@ -0,0 +1,20 @@ +auth requisite pam_nologin.so +auth requiredpam_env.so +auth requiredpam_env.so envfile=/etc/default/locale + +# SELinux needs to be the first session rule. This ensures that any +# lingering context has been cleared. Without this it is possible +# that a module could execute code in the wrong domain. +session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close +session requiredpam_loginuid.so +@IF_KEYINIT@session optionalpam_keyinit.so force revoke +# SELinux needs to intervene at login time to ensure that the process +# starts in the proper default security context. Only sessions which are +# intended to run in the user's context should be run after this. +session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open +sessionrequiredpam_limits.so + +@include common-auth +@include common-account +@include common-session +@include common-password -- 2.39.2
Bug#1068378: xdm: pam_keyinit is missing from /etc/pam.d/xdm
Package: xdm Version: 1:1.1.11-3+b2 Severity: normal X-Debbugs-Cc: none, Łukasz Stelmach Dear Maintainer, pam_keyinit is missing from the /etc/pam.d/xdm configuration file. Therefore, it is not possible to access the session keyring from programs running in a session started by xdm. The patch will follow. PS. Below there is a modifide pam file from my system which makes it possible to access the session keyring. -- System Information: Debian Release: 12.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: arm64, armel Kernel: Linux 6.5.0-0.deb12.4-amd64 (SMP w/16 CPU threads; PREEMPT) Kernel taint flags: TAINT_WARN Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages xdm depends on: ii cpp4:12.2.0-3 ii debconf [debconf-2.0] 1.5.82 ii libc6 2.36-9+deb12u4 ii libcrypt1 1:4.4.33-2 ii libpam0g 1.5.2-6+deb12u1 ii libselinux13.4-1+b6 ii libx11-6 2:1.8.4-2+deb12u2 ii libxau61:1.0.9-1 ii libxaw72:1.0.14-1 ii libxdmcp6 1:1.1.2-3 ii libxext6 2:1.3.4-1+b1 ii libxft22.3.6-1 ii libxinerama1 2:1.1.4-3 ii libxmu62:1.1.3-3 ii libxpm41:3.5.12-1.1+deb12u1 ii libxrender11:0.9.10-1.1 ii libxt6 1:1.2.1-1.1 ii lsb-base 11.6 ii procps 2:4.0.2-3 ii sysvinit-utils [lsb-base] 3.06-4 ii x11-utils 7.7+5 ii x11-xserver-utils 7.7+9+b1 xdm recommends no packages. xdm suggests no packages. -- Configuration Files: /etc/pam.d/xdm changed: authrequisite pam_nologin.so authrequiredpam_env.so authrequiredpam_env.so envfile=/etc/default/locale session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close session requiredpam_loginuid.so session optionalpam_keyinit.so force revoke session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open session requiredpam_limits.so @include common-auth @include common-account @include common-session @include common-password -- debconf information: * shared/default-x-display-manager: xdm xdm/daemon_name: /usr/bin/xdm xdm/stop_running_server_with_children: false -- Łukasz Stelmach Samsung R&D Institute Poland Samsung Electronics signature.asc Description: PGP signature
Bug#913413: [PATCH] Map Shift+Win to Menu
It was <2018-11-13 wto 18:26>, when G. Branden Robinson wrote: > At 2018-11-13T10:37:20+0100, Łukasz Stelmach wrote: >> +// Pressing the Shift+Win (left or right, respectively) acts as Menu >> +// while Shift+Win acts as Menu. > > I don't understand this comment; it seems tautologous. > > Shouldn't it be more like: > > // Pressing left or right Win acts as Win, while Shift+Win acts as Menu. > > ? Yes. It was too late apparently (-; -- Łukasz Stelmach Samsung R&D Institute Poland Samsung Electronics signature.asc Description: PGP signature
Bug#913413: +patch
Control: tag -1 + patch
Bug#913413: [PATCH] Map Shift+Win to Menu
--- rules/base.o_s.part | 3 +++ rules/base.xml.in | 18 ++ symbols/altwin | 18 ++ 3 files changed, 39 insertions(+) Patch created against debian-unstable branch of https://salsa.debian.org/xorg-team/data/xkb-data.git diff --git a/rules/base.o_s.part b/rules/base.o_s.part index 505f094..1893ba6 100644 --- a/rules/base.o_s.part +++ b/rules/base.o_s.part @@ -10,6 +10,9 @@ altwin:swap_lalt_lwin= +altwin(swap_lalt_lwin) altwin:swap_alt_win = +altwin(swap_alt_win) altwin:prtsc_rwin= +altwin(prtsc_rwin) + altwin:lwin_menu = +altwin(lwin_menu) + altwin:rwin_menu = +altwin(rwin_menu) + altwin:win_menu = +altwin(win_menu) grab:debug = +srvr_ctrl(grab_debug) grp:switch = +group(switch) grp:lswitch = +group(lswitch) diff --git a/rules/base.xml.in b/rules/base.xml.in index 3a3a9cd..531755c 100644 --- a/rules/base.xml.in +++ b/rules/base.xml.in @@ -6789,6 +6789,24 @@ <_description>Win is mapped to PrtSc and the usual Win + + + altwin:rwin_menu + <_description>Map Shift+Right Win to Menu + + + + + altwin:lwin_menu + <_description>Map Shift+Left Win to Menu + + + + + altwin:win_menu + <_description>Map Shift+Win (left and right) to Menu + + diff --git a/symbols/altwin b/symbols/altwin index 7240ab8..587c215 100644 --- a/symbols/altwin +++ b/symbols/altwin @@ -114,3 +114,21 @@ xkb_symbols "prtsc_rwin" { replace key { [ Super_R, Super_R ] }; modifier_map Mod4 { , }; }; + +// Pressing the Shift+Win (left or right, respectively) acts as Menu +// while Shift+Win acts as Menu. +partial modifier_keys +xkb_symbols "win_switch" { +include "altwin(lwin_menu)" +include "altwin(rwin_menu)" +}; + +partial modifier_keys +xkb_symbols "rwin_menu" { +key { [ Super_R, Menu ] }; +}; + +partial modifier_keys +xkb_symbols "lwin_menu" { +key { [ Super_L, Menu ] }; +}; -- 2.19.1
Bug#913413: xkb-data: Map Shift+Win to Menu
Package: xkb-data Version: 2.19-1+deb9u1 Severity: wishlist File: /usr/share/X11/xkb/symbols/altwin Dear Maintainer, My laptop has got only one "Window" key and no Menu keys. I needed to add the following lines to the altwin file to make the Shift+Win_L combination act as a Menu key. --8<---cut here---start->8--- partial modifier_keys xkb_symbols "lwin_menu" { key { [ Super_L, Menu ] }; }; --8<---cut here---end--->8--- Most probably the following line may be useful (I haven't tested them) for others --8<---cut here---start->8--- // Pressing the Shift+Win (left or right, respectively) acts as Menu // while Shift+Win acts as Menu. partial modifier_keys xkb_symbols "win_switch" { include "altwin(lwin_menu)" include "altwin(rwin_menu)" }; partial modifier_keys xkb_symbols "rwin_menu" { key { [ Super_R, Menu ] }; }; --8<---cut here---end--->8--- Apparently also /share/X11/xkb/rules/evdev and (probably) /usr/share/X11/xkb/rules/base need to be modified by adding --8<---cut here---start->8--- altwin:lwin_menu = +altwin(rwin_menu) altwin:rwin_menu = +altwin(rwin_menu) altwin:win_menu = +altwin(win_menu) --8<---cut here---end--->8--- next to other altwin declarations. From this moment on setting altwin:lwin_menu is available as an xkb option e.g. in /etc/default/keyboard. -- System Information: Debian Release: 9.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-8-amd64 (SMP w/4 CPU cores) Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8), LANGUAGE=pl_PL.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -- no debconf information -- Było mi bardzo miło. --- Rurku. --- ... >Łukasz<--- To dobrze, że mnie słuchasz. signature.asc Description: PGP signature
Bug#562066: xkb-data: /usr/share/X11/xkb/keycodes/evdev breaks my keyboard
Julien Cristau writes: > severity 562066 normal > tag 562066 moreinfo unreproducible > kthxbye > > On Tue, Dec 22, 2009 at 12:55:04 +0100, Łukasz Stelmach wrote: > >> Package: xkb-data >> Version: 1.7-1 >> Severity: grave >> Justification: renders package unusable > > no. OK but it is hard to use keyboard without those keys. >> After upgrade I've my keyboar became patially unusable. Some wierdo >> has cooked completely insane keybord mapping. Now my: >> >> LWIN has become END >> ALTR => LEFT [...] > How did you configure the keyboard mapping? I didn't. I just dist-upgraded. I admit it's irreproducible, everything's been fine since I rebooted. However, restarting X hadn't been enough. Happy Christmas and a Merry New Year -- Miłego dnia, Łukasz Stelmach -- To UNSUBSCRIBE, email to debian-x-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#562066: xkb-data: /usr/share/X11/xkb/keycodes/evdev breaks my keyboard
Package: xkb-data Version: 1.7-1 Severity: grave Justification: renders package unusable After upgrade I've my keyboar became patially unusable. Some wierdo has cooked completely insane keybord mapping. Now my: LWIN has become END ALTR => LEFT RWIN => DOWN MENU => PGDN RCTL => LNFD LEFT => HENK (wtf) RGHT => MUHE (wtf?) UP => KATA (wtf!) DOWN => KPEN PRSC => UP PAUS => HOME INS => KPDV HOME => ??? NoSymbol PGUP => HIRA DELE => PRSC END => ??? NoSymbol PGDN => RCTL -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.30-2-amd64 (SMP w/2 CPU cores) Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- no debconf information -- To UNSUBSCRIBE, email to debian-x-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#509102: xterm does not respond to Editres requests
Package: xterm Version: 235-1 Severity: normal XTerm, and some other Xt applications on my system, do not respond to Editres requests. To check if editres(1) works I connected to a remote host with the ssh(1) with X11 forwarding turned on. I started xterm (v.224) and asked it with locally running editres(1). I received expected answer. Then I copied the xterm(1) binary (32bit x86) from the remote host and launched it locally. It replied correctly. I also tried running xterm from Debian testing xterm_235-1_i386.deb package. It works fine. Editres (64bit) responds to its question correctly provided it asks for its own window. Asking for another process's window does not work. This is probably not an xterm(1) bug but rather one of X11 libs is broken but frankly speaking I have no blind ide which one this could be. libXmu seems to be the first in the line because it contains some "Editres" strings. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores) Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages xterm depends on: ii libc6 2.7-16 GNU C Library: Shared libraries ii libfontconfig12.6.0-3generic font configuration library ii libice6 2:1.0.4-1 X11 Inter-Client Exchange library ii libncurses5 5.6+20080830-1 shared libraries for terminal hand ii libsm62:1.0.3-2 X11 Session Management library ii libx11-6 2:1.1.5-2 X11 client-side library ii libxaw7 2:1.0.4-2 X11 Athena Widget library ii libxext6 2:1.0.4-1 X11 miscellaneous extension librar ii libxft2 2.1.12-3 FreeType-based font drawing librar ii libxmu6 2:1.0.4-1 X11 miscellaneous utility library ii libxt61:1.0.5-3 X11 toolkit intrinsics library ii xbitmaps 1.0.1-2Base X bitmaps Versions of packages xterm recommends: ii x11-utils 7.3+2 X11 utilities ii xutils1:7.3+18 X Window System utility programs m Versions of packages xterm suggests: pn xfonts-cyrillic(no description available) -- no debconf information -- To UNSUBSCRIBE, email to debian-x-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org