diff options
author | Steve Langasek <vorlon@debian.org> | 2014-01-14 09:30:06 +0000 |
---|---|---|
committer | Steve Langasek <vorlon@debian.org> | 2019-01-08 22:11:52 -0800 |
commit | 76063db40810118bf431971dade8871633d06864 (patch) | |
tree | bf04fce4c2288ebf24e3465697b25b40a267172e | |
parent | e4b6c30426509601fddd1611f7db99b076626c17 (diff) |
Another round of patch refreshing
-rw-r--r-- | debian/patches-applied/007_modules_pam_unix | 136 | ||||
-rw-r--r-- | debian/patches-applied/031_pam_include | 14 | ||||
-rw-r--r-- | debian/patches-applied/045_pam_dispatch_jump_is_ignore | 14 | ||||
-rw-r--r-- | debian/patches-applied/055_pam_unix_nullok_secure | 53 | ||||
-rw-r--r-- | debian/patches-applied/PAM-manpage-section | 77 |
5 files changed, 154 insertions, 140 deletions
diff --git a/debian/patches-applied/007_modules_pam_unix b/debian/patches-applied/007_modules_pam_unix index 95d2e354..5dae4064 100644 --- a/debian/patches-applied/007_modules_pam_unix +++ b/debian/patches-applied/007_modules_pam_unix @@ -2,7 +2,7 @@ Index: pam.debian/modules/pam_unix/pam_unix_passwd.c =================================================================== --- pam.debian.orig/modules/pam_unix/pam_unix_passwd.c +++ pam.debian/modules/pam_unix/pam_unix_passwd.c -@@ -97,6 +97,9 @@ +@@ -102,6 +102,9 @@ # endif /* GNU libc 2.1 */ #endif @@ -12,7 +12,7 @@ Index: pam.debian/modules/pam_unix/pam_unix_passwd.c /* How it works: Gets in username (has to be done) from the calling program -@@ -513,6 +516,11 @@ +@@ -521,6 +524,11 @@ return retval; } } @@ -24,7 +24,7 @@ Index: pam.debian/modules/pam_unix/pam_unix_passwd.c } if (remark) { _make_remark(pamh, ctrl, PAM_ERROR_MSG, remark); -@@ -529,7 +537,7 @@ +@@ -536,7 +544,7 @@ int retval; int remember = -1; int rounds = -1; @@ -37,7 +37,7 @@ Index: pam.debian/modules/pam_unix/support.h =================================================================== --- pam.debian.orig/modules/pam_unix/support.h +++ pam.debian/modules/pam_unix/support.h -@@ -90,8 +90,9 @@ +@@ -97,8 +97,9 @@ password hash algorithms */ #define UNIX_BLOWFISH_PASS 26 /* new password hashes will use blowfish */ #define UNIX_MIN_PASS_LEN 27 /* min length for password */ @@ -48,67 +48,67 @@ Index: pam.debian/modules/pam_unix/support.h #define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl)) -@@ -100,34 +101,35 @@ +@@ -107,34 +108,35 @@ /* symbol token name ctrl mask ctrl * * ----------------------- ------------------- --------------------- -------- */ --/* UNIX__OLD_PASSWD */ {NULL, _ALL_ON_, 01}, --/* UNIX__VERIFY_PASSWD */ {NULL, _ALL_ON_, 02}, --/* UNIX__IAMROOT */ {NULL, _ALL_ON_, 04}, --/* UNIX_AUDIT */ {"audit", _ALL_ON_, 010}, --/* UNIX_USE_FIRST_PASS */ {"use_first_pass", _ALL_ON_^(060), 020}, --/* UNIX_TRY_FIRST_PASS */ {"try_first_pass", _ALL_ON_^(060), 040}, --/* UNIX_NOT_SET_PASS */ {"not_set_pass", _ALL_ON_, 0100}, --/* UNIX__PRELIM */ {NULL, _ALL_ON_^(0600), 0200}, --/* UNIX__UPDATE */ {NULL, _ALL_ON_^(0600), 0400}, --/* UNIX__NONULL */ {NULL, _ALL_ON_, 01000}, --/* UNIX__QUIET */ {NULL, _ALL_ON_, 02000}, --/* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 04000}, --/* UNIX_SHADOW */ {"shadow", _ALL_ON_, 010000}, --/* UNIX_MD5_PASS */ {"md5", _ALL_ON_^(0260420000), 020000}, --/* UNIX__NULLOK */ {"nullok", _ALL_ON_^(01000), 0}, --/* UNIX_DEBUG */ {"debug", _ALL_ON_, 040000}, --/* UNIX_NODELAY */ {"nodelay", _ALL_ON_, 0100000}, --/* UNIX_NIS */ {"nis", _ALL_ON_, 0200000}, --/* UNIX_BIGCRYPT */ {"bigcrypt", _ALL_ON_^(0260420000), 0400000}, --/* UNIX_LIKE_AUTH */ {"likeauth", _ALL_ON_, 01000000}, --/* UNIX_REMEMBER_PASSWD */ {"remember=", _ALL_ON_, 02000000}, --/* UNIX_NOREAP */ {"noreap", _ALL_ON_, 04000000}, --/* UNIX_BROKEN_SHADOW */ {"broken_shadow", _ALL_ON_, 010000000}, --/* UNIX_SHA256_PASS */ {"sha256", _ALL_ON_^(0260420000), 020000000}, --/* UNIX_SHA512_PASS */ {"sha512", _ALL_ON_^(0260420000), 040000000}, --/* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0100000000}, --/* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0260420000), 0200000000}, --/* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0400000000}, -+/* UNIX__OLD_PASSWD */ {NULL, _ALL_ON_, 0x1}, -+/* UNIX__VERIFY_PASSWD */ {NULL, _ALL_ON_, 0x2}, -+/* UNIX__IAMROOT */ {NULL, _ALL_ON_, 0x4}, -+/* UNIX_AUDIT */ {"audit", _ALL_ON_, 0x8}, -+/* UNIX_USE_FIRST_PASS */ {"use_first_pass", _ALL_ON_^(0x30), 0x10}, -+/* UNIX_TRY_FIRST_PASS */ {"try_first_pass", _ALL_ON_^(0x30), 0x20}, -+/* UNIX_NOT_SET_PASS */ {"not_set_pass", _ALL_ON_, 0x40}, -+/* UNIX__PRELIM */ {NULL, _ALL_ON_^(0x180), 0x80}, -+/* UNIX__UPDATE */ {NULL, _ALL_ON_^(0x180), 0x100}, -+/* UNIX__NONULL */ {NULL, _ALL_ON_, 0x200}, -+/* UNIX__QUIET */ {NULL, _ALL_ON_, 0x400}, -+/* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 0x800}, -+/* UNIX_SHADOW */ {"shadow", _ALL_ON_, 0x1000}, -+/* UNIX_MD5_PASS */ {"md5", _ALL_ON_^(0x2C22000), 0x2000}, -+/* UNIX__NULLOK */ {"nullok", _ALL_ON_^(0x200), 0}, -+/* UNIX_DEBUG */ {"debug", _ALL_ON_, 0x4000}, -+/* UNIX_NODELAY */ {"nodelay", _ALL_ON_, 0x8000}, -+/* UNIX_NIS */ {"nis", _ALL_ON_, 0x10000}, -+/* UNIX_BIGCRYPT */ {"bigcrypt", _ALL_ON_^(0x2C22000), 0x20000}, -+/* UNIX_LIKE_AUTH */ {"likeauth", _ALL_ON_, 0x40000}, -+/* UNIX_REMEMBER_PASSWD */ {"remember=", _ALL_ON_, 0x80000}, -+/* UNIX_NOREAP */ {"noreap", _ALL_ON_, 0x100000}, -+/* UNIX_BROKEN_SHADOW */ {"broken_shadow", _ALL_ON_, 0x200000}, -+/* UNIX_SHA256_PASS */ {"sha256", _ALL_ON_^(0x2C22000), 0x400000}, -+/* UNIX_SHA512_PASS */ {"sha512", _ALL_ON_^(0x2C22000), 0x800000}, -+/* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0x1000000}, -+/* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0x2C22000),0x2000000}, -+/* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0x4000000}, -+/* UNIX_OBSCURE_CHECKS */ {"obscure", _ALL_ON_, 0x8000000}, +-/* UNIX__OLD_PASSWD */ {NULL, _ALL_ON_, 01, 0}, +-/* UNIX__VERIFY_PASSWD */ {NULL, _ALL_ON_, 02, 0}, +-/* UNIX__IAMROOT */ {NULL, _ALL_ON_, 04, 0}, +-/* UNIX_AUDIT */ {"audit", _ALL_ON_, 010, 0}, +-/* UNIX_USE_FIRST_PASS */ {"use_first_pass", _ALL_ON_^(060), 020, 0}, +-/* UNIX_TRY_FIRST_PASS */ {"try_first_pass", _ALL_ON_^(060), 040, 0}, +-/* UNIX_NOT_SET_PASS */ {"not_set_pass", _ALL_ON_, 0100, 0}, +-/* UNIX__PRELIM */ {NULL, _ALL_ON_^(0600), 0200, 0}, +-/* UNIX__UPDATE */ {NULL, _ALL_ON_^(0600), 0400, 0}, +-/* UNIX__NONULL */ {NULL, _ALL_ON_, 01000, 0}, +-/* UNIX__QUIET */ {NULL, _ALL_ON_, 02000, 0}, +-/* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 04000, 0}, +-/* UNIX_SHADOW */ {"shadow", _ALL_ON_, 010000, 0}, +-/* UNIX_MD5_PASS */ {"md5", _ALL_ON_^(0260420000), 020000, 1}, +-/* UNIX__NULLOK */ {"nullok", _ALL_ON_^(01000), 0, 0}, +-/* UNIX_DEBUG */ {"debug", _ALL_ON_, 040000, 0}, +-/* UNIX_NODELAY */ {"nodelay", _ALL_ON_, 0100000, 0}, +-/* UNIX_NIS */ {"nis", _ALL_ON_, 0200000, 0}, +-/* UNIX_BIGCRYPT */ {"bigcrypt", _ALL_ON_^(0260420000), 0400000, 1}, +-/* UNIX_LIKE_AUTH */ {"likeauth", _ALL_ON_, 01000000, 0}, +-/* UNIX_REMEMBER_PASSWD */ {"remember=", _ALL_ON_, 02000000, 0}, +-/* UNIX_NOREAP */ {"noreap", _ALL_ON_, 04000000, 0}, +-/* UNIX_BROKEN_SHADOW */ {"broken_shadow", _ALL_ON_, 010000000, 0}, +-/* UNIX_SHA256_PASS */ {"sha256", _ALL_ON_^(0260420000), 020000000, 1}, +-/* UNIX_SHA512_PASS */ {"sha512", _ALL_ON_^(0260420000), 040000000, 1}, +-/* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0100000000, 0}, +-/* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0260420000), 0200000000, 1}, +-/* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0400000000, 0}, ++/* UNIX__OLD_PASSWD */ {NULL, _ALL_ON_, 0x1, 0}, ++/* UNIX__VERIFY_PASSWD */ {NULL, _ALL_ON_, 0x2, 0}, ++/* UNIX__IAMROOT */ {NULL, _ALL_ON_, 0x4, 0}, ++/* UNIX_AUDIT */ {"audit", _ALL_ON_, 0x8, 0}, ++/* UNIX_USE_FIRST_PASS */ {"use_first_pass", _ALL_ON_^(0x30), 0x10, 0}, ++/* UNIX_TRY_FIRST_PASS */ {"try_first_pass", _ALL_ON_^(0x30), 0x20, 0}, ++/* UNIX_NOT_SET_PASS */ {"not_set_pass", _ALL_ON_, 0x40, 0}, ++/* UNIX__PRELIM */ {NULL, _ALL_ON_^(0x180), 0x80, 0}, ++/* UNIX__UPDATE */ {NULL, _ALL_ON_^(0x180), 0x100, 0}, ++/* UNIX__NONULL */ {NULL, _ALL_ON_, 0x200, 0}, ++/* UNIX__QUIET */ {NULL, _ALL_ON_, 0x400, 0}, ++/* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 0x800, 0}, ++/* UNIX_SHADOW */ {"shadow", _ALL_ON_, 0x1000, 0}, ++/* UNIX_MD5_PASS */ {"md5", _ALL_ON_^(0x2C22000), 0x2000, 1}, ++/* UNIX__NULLOK */ {"nullok", _ALL_ON_^(0x200), 0, 0}, ++/* UNIX_DEBUG */ {"debug", _ALL_ON_, 0x4000, 0}, ++/* UNIX_NODELAY */ {"nodelay", _ALL_ON_, 0x8000, 0}, ++/* UNIX_NIS */ {"nis", _ALL_ON_, 0x10000, 0}, ++/* UNIX_BIGCRYPT */ {"bigcrypt", _ALL_ON_^(0x2C22000), 0x20000, 1}, ++/* UNIX_LIKE_AUTH */ {"likeauth", _ALL_ON_, 0x40000, 0}, ++/* UNIX_REMEMBER_PASSWD */ {"remember=", _ALL_ON_, 0x80000, 0}, ++/* UNIX_NOREAP */ {"noreap", _ALL_ON_, 0x100000, 0}, ++/* UNIX_BROKEN_SHADOW */ {"broken_shadow", _ALL_ON_, 0x200000, 0}, ++/* UNIX_SHA256_PASS */ {"sha256", _ALL_ON_^(0x2C22000), 0x400000, 1}, ++/* UNIX_SHA512_PASS */ {"sha512", _ALL_ON_^(0x2C22000), 0x800000, 1}, ++/* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0x1000000, 0}, ++/* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0x2C22000),0x2000000, 1}, ++/* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0x4000000, 0}, ++/* UNIX_OBSCURE_CHECKS */ {"obscure", _ALL_ON_, 0x8000000, 0}, }; #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) @@ -116,7 +116,7 @@ Index: pam.debian/modules/pam_unix/pam_unix.8.xml =================================================================== --- pam.debian.orig/modules/pam_unix/pam_unix.8.xml +++ pam.debian/modules/pam_unix/pam_unix.8.xml -@@ -333,8 +333,81 @@ +@@ -337,8 +337,81 @@ <listitem> <para> Set a minimum password length of <replaceable>n</replaceable> @@ -407,20 +407,20 @@ Index: pam.debian/modules/pam_unix/Makefile.am =================================================================== --- pam.debian.orig/modules/pam_unix/Makefile.am +++ pam.debian/modules/pam_unix/Makefile.am -@@ -42,7 +42,7 @@ +@@ -43,7 +43,7 @@ pam_unix_la_SOURCES = bigcrypt.c pam_unix_acct.c \ pam_unix_auth.c pam_unix_passwd.c pam_unix_sess.c support.c \ - passverify.c yppasswd_xdr.c md5_good.c md5_broken.c + passverify.c yppasswd_xdr.c md5_good.c md5_broken.c obscure.c - - bigcrypt_SOURCES = bigcrypt.c bigcrypt_main.c - bigcrypt_CFLAGS = $(AM_CFLAGS) + if STATIC_MODULES + pam_unix_la_SOURCES += pam_unix_static.c + endif Index: pam.debian/modules/pam_unix/pam_unix.8 =================================================================== --- pam.debian.orig/modules/pam_unix/pam_unix.8 +++ pam.debian/modules/pam_unix/pam_unix.8 -@@ -178,7 +178,38 @@ +@@ -183,7 +183,38 @@ .RS 4 Set a minimum password length of \fIn\fR diff --git a/debian/patches-applied/031_pam_include b/debian/patches-applied/031_pam_include index 23962ad1..da689047 100644 --- a/debian/patches-applied/031_pam_include +++ b/debian/patches-applied/031_pam_include @@ -4,10 +4,10 @@ Authors: Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de> Upstream status: not yet submitted -Index: pam.deb/libpam/pam_handlers.c +Index: pam.debian/libpam/pam_handlers.c =================================================================== ---- pam.deb.orig/libpam/pam_handlers.c -+++ pam.deb/libpam/pam_handlers.c +--- pam.debian.orig/libpam/pam_handlers.c ++++ pam.debian/libpam/pam_handlers.c @@ -122,6 +122,10 @@ module_type = PAM_T_ACCT; } else if (!strcasecmp("password", tok)) { @@ -27,13 +27,13 @@ Index: pam.deb/libpam/pam_handlers.c tok = _pam_StrTok(NULL, " \n\t", &nexttok); if (pam_include) { + struct stat include_dir; - if (substack) { + if (substack) { res = _pam_add_handler(pamh, PAM_HT_SUBSTACK, other, - stack_level, module_type, actions, tok, + stack_level, module_type, actions, tok, @@ -204,13 +210,35 @@ return PAM_ABORT; - } - } + } + } - if (_pam_load_conf_file(pamh, tok, this_service, module_type, - stack_level + substack + if (tok[0] == '/') { diff --git a/debian/patches-applied/045_pam_dispatch_jump_is_ignore b/debian/patches-applied/045_pam_dispatch_jump_is_ignore index 672ab44d..0e3491d3 100644 --- a/debian/patches-applied/045_pam_dispatch_jump_is_ignore +++ b/debian/patches-applied/045_pam_dispatch_jump_is_ignore @@ -4,11 +4,11 @@ the chain and PAM_OK (aka required) in the frozen part of the chain. No one on pam-list was able to explain this behavior, so I changed it to be consistent. -Index: pam.deb/libpam/pam_dispatch.c +Index: pam.debian/libpam/pam_dispatch.c =================================================================== ---- pam.deb.orig/libpam/pam_dispatch.c -+++ pam.deb/libpam/pam_dispatch.c -@@ -251,19 +251,7 @@ +--- pam.debian.orig/libpam/pam_dispatch.c ++++ pam.debian/libpam/pam_dispatch.c +@@ -254,19 +254,7 @@ if ( _PAM_ACTION_IS_JUMP(action) ) { /* If we are evaluating a cached chain, we treat this @@ -19,10 +19,10 @@ Index: pam.deb/libpam/pam_dispatch.c - if (impression == _PAM_UNDEF - || (impression == _PAM_POSITIVE - && status == PAM_SUCCESS) ) { -- if ( retval != PAM_IGNORE || cached_retval == retval ) { +- if ( retval != PAM_IGNORE || cached_retval == retval ) { - impression = _PAM_POSITIVE; -- status = retval; -- } +- status = retval; +- } - } - } + module as ignored as well as executing the jump. */ diff --git a/debian/patches-applied/055_pam_unix_nullok_secure b/debian/patches-applied/055_pam_unix_nullok_secure index f0b0a3d2..8c1b84c7 100644 --- a/debian/patches-applied/055_pam_unix_nullok_secure +++ b/debian/patches-applied/055_pam_unix_nullok_secure @@ -11,12 +11,11 @@ Index: pam.debian/modules/pam_unix/support.c =================================================================== --- pam.debian.orig/modules/pam_unix/support.c +++ pam.debian/modules/pam_unix/support.c -@@ -84,14 +84,22 @@ +@@ -189,13 +189,22 @@ /* now parse the arguments to this module */ for (; argc-- > 0; ++argv) { -- int j; -+ int j, sl; ++ int sl; D(("pam_unix arg: %s", *argv)); @@ -38,7 +37,7 @@ Index: pam.debian/modules/pam_unix/support.c } } -@@ -461,6 +469,7 @@ +@@ -565,6 +574,7 @@ child = fork(); if (child == 0) { int i=0; @@ -46,7 +45,7 @@ Index: pam.debian/modules/pam_unix/support.c struct rlimit rlim; static char *envp[] = { NULL }; char *args[] = { NULL, NULL, NULL, NULL }; -@@ -488,7 +497,18 @@ +@@ -595,7 +605,18 @@ /* exec binary helper */ args[0] = strdup(CHKPWD_HELPER); args[1] = x_strdup(user); @@ -66,7 +65,7 @@ Index: pam.debian/modules/pam_unix/support.c args[2]=strdup("nullok"); } else { args[2]=strdup("nonull"); -@@ -567,6 +587,17 @@ +@@ -675,6 +696,17 @@ if (on(UNIX__NONULL, ctrl)) return 0; /* will fail but don't let on yet */ @@ -84,7 +83,7 @@ Index: pam.debian/modules/pam_unix/support.c /* UNIX passwords area */ retval = get_pwd_hash(pamh, name, &pwd, &salt); -@@ -653,7 +684,8 @@ +@@ -761,7 +793,8 @@ } } } else { @@ -98,7 +97,7 @@ Index: pam.debian/modules/pam_unix/support.h =================================================================== --- pam.debian.orig/modules/pam_unix/support.h +++ pam.debian/modules/pam_unix/support.h -@@ -91,8 +91,9 @@ +@@ -98,8 +98,9 @@ #define UNIX_BLOWFISH_PASS 26 /* new password hashes will use blowfish */ #define UNIX_MIN_PASS_LEN 27 /* min length for password */ #define UNIX_OBSCURE_CHECKS 28 /* enable obscure checks on passwords */ @@ -109,24 +108,24 @@ Index: pam.debian/modules/pam_unix/support.h #define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl)) -@@ -110,7 +111,7 @@ - /* UNIX_NOT_SET_PASS */ {"not_set_pass", _ALL_ON_, 0x40}, - /* UNIX__PRELIM */ {NULL, _ALL_ON_^(0x180), 0x80}, - /* UNIX__UPDATE */ {NULL, _ALL_ON_^(0x180), 0x100}, --/* UNIX__NONULL */ {NULL, _ALL_ON_, 0x200}, -+/* UNIX__NONULL */ {NULL, _ALL_ON_^(0x10000000), 0x200}, - /* UNIX__QUIET */ {NULL, _ALL_ON_, 0x400}, - /* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 0x800}, - /* UNIX_SHADOW */ {"shadow", _ALL_ON_, 0x1000}, -@@ -130,6 +131,7 @@ - /* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0x2C22000),0x2000000}, - /* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0x4000000}, - /* UNIX_OBSCURE_CHECKS */ {"obscure", _ALL_ON_, 0x8000000}, -+/* UNIX_NULLOK_SECURE */ {"nullok_secure", _ALL_ON_^(0x200), 0x10000000}, +@@ -117,7 +118,7 @@ + /* UNIX_NOT_SET_PASS */ {"not_set_pass", _ALL_ON_, 0x40, 0}, + /* UNIX__PRELIM */ {NULL, _ALL_ON_^(0x180), 0x80, 0}, + /* UNIX__UPDATE */ {NULL, _ALL_ON_^(0x180), 0x100, 0}, +-/* UNIX__NONULL */ {NULL, _ALL_ON_, 0x200, 0}, ++/* UNIX__NONULL */ {NULL, _ALL_ON_^(0x10000000), 0x200, 0}, + /* UNIX__QUIET */ {NULL, _ALL_ON_, 0x400, 0}, + /* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 0x800, 0}, + /* UNIX_SHADOW */ {"shadow", _ALL_ON_, 0x1000, 0}, +@@ -137,6 +138,7 @@ + /* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0x2C22000),0x2000000, 1}, + /* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0x4000000, 0}, + /* UNIX_OBSCURE_CHECKS */ {"obscure", _ALL_ON_, 0x8000000, 0}, ++/* UNIX_NULLOK_SECURE */ {"nullok_secure", _ALL_ON_^(0x200), 0x10000000, 0}, }; #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) -@@ -165,6 +167,9 @@ +@@ -172,6 +174,9 @@ ,const char *data_name ,const void **pass); @@ -143,7 +142,7 @@ Index: pam.debian/modules/pam_unix/Makefile.am @@ -30,7 +30,8 @@ pam_unix_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map endif - pam_unix_la_LIBADD = -L$(top_builddir)/libpam -lpam \ + pam_unix_la_LIBADD = $(top_builddir)/libpam/libpam.la \ - @LIBCRYPT@ @LIBSELINUX@ $(NIS_LIBS) + @LIBCRYPT@ @LIBSELINUX@ $(NIS_LIBS) \ + ../pam_securetty/tty_secure.lo @@ -154,7 +153,7 @@ Index: pam.debian/modules/pam_unix/README =================================================================== --- pam.debian.orig/modules/pam_unix/README +++ pam.debian/modules/pam_unix/README -@@ -57,7 +57,16 @@ +@@ -58,7 +58,16 @@ The default action of this module is to not permit the user access to a service if their official password is blank. The nullok argument overrides @@ -176,7 +175,7 @@ Index: pam.debian/modules/pam_unix/pam_unix.8 =================================================================== --- pam.debian.orig/modules/pam_unix/pam_unix.8 +++ pam.debian/modules/pam_unix/pam_unix.8 -@@ -79,7 +79,14 @@ +@@ -82,7 +82,14 @@ .RS 4 The default action of this module is to not permit the user access to a service if their official password is blank\&. The \fBnullok\fR @@ -196,7 +195,7 @@ Index: pam.debian/modules/pam_unix/pam_unix.8.xml =================================================================== --- pam.debian.orig/modules/pam_unix/pam_unix.8.xml +++ pam.debian/modules/pam_unix/pam_unix.8.xml -@@ -135,7 +135,24 @@ +@@ -137,7 +137,24 @@ <para> The default action of this module is to not permit the user access to a service if their official password is blank. diff --git a/debian/patches-applied/PAM-manpage-section b/debian/patches-applied/PAM-manpage-section index a6dbf7ca..5a4c846e 100644 --- a/debian/patches-applied/PAM-manpage-section +++ b/debian/patches-applied/PAM-manpage-section @@ -119,7 +119,7 @@ Index: pam.debian/modules/pam_limits/limits.conf.5 =================================================================== --- pam.debian.orig/modules/pam_limits/limits.conf.5 +++ pam.debian/modules/pam_limits/limits.conf.5 -@@ -327,7 +327,7 @@ +@@ -339,7 +339,7 @@ .PP \fBpam_limits\fR(8), \fBpam.d\fR(5), @@ -132,7 +132,7 @@ Index: pam.debian/modules/pam_limits/limits.conf.5.xml =================================================================== --- pam.debian.orig/modules/pam_limits/limits.conf.5.xml +++ pam.debian/modules/pam_limits/limits.conf.5.xml -@@ -332,7 +332,7 @@ +@@ -343,7 +343,7 @@ <para> <citerefentry><refentrytitle>pam_limits</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>, @@ -145,7 +145,7 @@ Index: pam.debian/modules/pam_namespace/namespace.conf.5 =================================================================== --- pam.debian.orig/modules/pam_namespace/namespace.conf.5 +++ pam.debian/modules/pam_namespace/namespace.conf.5 -@@ -150,7 +150,7 @@ +@@ -155,7 +155,7 @@ .PP \fBpam_namespace\fR(8), \fBpam.d\fR(5), @@ -158,7 +158,7 @@ Index: pam.debian/modules/pam_namespace/namespace.conf.5.xml =================================================================== --- pam.debian.orig/modules/pam_namespace/namespace.conf.5.xml +++ pam.debian/modules/pam_namespace/namespace.conf.5.xml -@@ -196,7 +196,7 @@ +@@ -204,7 +204,7 @@ <para> <citerefentry><refentrytitle>pam_namespace</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>, @@ -171,7 +171,7 @@ Index: pam.debian/modules/pam_time/time.conf.5 =================================================================== --- pam.debian.orig/modules/pam_time/time.conf.5 +++ pam.debian/modules/pam_time/time.conf.5 -@@ -108,7 +108,7 @@ +@@ -107,7 +107,7 @@ .PP \fBpam_time\fR(8), \fBpam.d\fR(5), @@ -223,7 +223,7 @@ Index: pam.debian/modules/pam_cracklib/pam_cracklib.8 =================================================================== --- pam.debian.orig/modules/pam_cracklib/pam_cracklib.8 +++ pam.debian/modules/pam_cracklib/pam_cracklib.8 -@@ -345,7 +345,7 @@ +@@ -357,7 +357,7 @@ .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), @@ -236,7 +236,7 @@ Index: pam.debian/modules/pam_cracklib/pam_cracklib.8.xml =================================================================== --- pam.debian.orig/modules/pam_cracklib/pam_cracklib.8.xml +++ pam.debian/modules/pam_cracklib/pam_cracklib.8.xml -@@ -532,7 +532,7 @@ +@@ -577,7 +577,7 @@ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> @@ -362,7 +362,7 @@ Index: pam.debian/modules/pam_exec/pam_exec.8 =================================================================== --- pam.debian.orig/modules/pam_exec/pam_exec.8 +++ pam.debian/modules/pam_exec/pam_exec.8 -@@ -147,7 +147,7 @@ +@@ -160,7 +160,7 @@ .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), @@ -370,12 +370,12 @@ Index: pam.debian/modules/pam_exec/pam_exec.8 +\fBpam\fR(7) .SH "AUTHOR" .PP - pam_exec was written by Thorsten Kukuk <kukuk@thkukuk\&.de>\&. + pam_exec was written by Thorsten Kukuk <kukuk@thkukuk\&.de> and Josh Triplett <josh@joshtriplett\&.org>\&. Index: pam.debian/modules/pam_exec/pam_exec.8.xml =================================================================== --- pam.debian.orig/modules/pam_exec/pam_exec.8.xml +++ pam.debian/modules/pam_exec/pam_exec.8.xml -@@ -228,7 +228,7 @@ +@@ -257,7 +257,7 @@ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> @@ -544,7 +544,7 @@ Index: pam.debian/modules/pam_lastlog/pam_lastlog.8 =================================================================== --- pam.debian.orig/modules/pam_lastlog/pam_lastlog.8 +++ pam.debian/modules/pam_lastlog/pam_lastlog.8 -@@ -139,7 +139,7 @@ +@@ -173,7 +173,7 @@ .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), @@ -557,7 +557,7 @@ Index: pam.debian/modules/pam_lastlog/pam_lastlog.8.xml =================================================================== --- pam.debian.orig/modules/pam_lastlog/pam_lastlog.8.xml +++ pam.debian/modules/pam_lastlog/pam_lastlog.8.xml -@@ -244,7 +244,7 @@ +@@ -298,7 +298,7 @@ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> @@ -752,7 +752,7 @@ Index: pam.debian/modules/pam_namespace/pam_namespace.8 =================================================================== --- pam.debian.orig/modules/pam_namespace/pam_namespace.8 +++ pam.debian/modules/pam_namespace/pam_namespace.8 -@@ -176,7 +176,7 @@ +@@ -178,7 +178,7 @@ \fBnamespace.conf\fR(5), \fBpam.d\fR(5), \fBmount\fR(8), @@ -765,7 +765,7 @@ Index: pam.debian/modules/pam_namespace/pam_namespace.8.xml =================================================================== --- pam.debian.orig/modules/pam_namespace/pam_namespace.8.xml +++ pam.debian/modules/pam_namespace/pam_namespace.8.xml -@@ -392,7 +392,7 @@ +@@ -399,7 +399,7 @@ <refentrytitle>mount</refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> @@ -908,28 +908,43 @@ Index: pam.debian/modules/pam_selinux/pam_selinux.8 =================================================================== --- pam.debian.orig/modules/pam_selinux/pam_selinux.8 +++ pam.debian/modules/pam_selinux/pam_selinux.8 -@@ -123,7 +123,7 @@ - .PP - \fBpam.conf\fR(5), +@@ -2,12 +2,12 @@ + .\" Title: pam_selinux + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> +-.\" Date: 06/18/2013 ++.\" Date: 01/14/2014 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_SELINUX" "8" "06/18/2013" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_SELINUX" "8" "01/14/2014" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +@@ -144,7 +144,7 @@ + \fBexecve\fR(2), + \fBtty\fR(4), \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) +-\fBpam\fR(8), ++\fBpam\fR(7), + \fBselinux\fR(8) .SH "AUTHOR" .PP - pam_selinux was written by Dan Walsh <dwalsh@redhat\&.com>\&. Index: pam.debian/modules/pam_selinux/pam_selinux.8.xml =================================================================== --- pam.debian.orig/modules/pam_selinux/pam_selinux.8.xml +++ pam.debian/modules/pam_selinux/pam_selinux.8.xml -@@ -226,7 +226,7 @@ +@@ -258,7 +258,7 @@ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> - <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> + <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> + </citerefentry>, + <citerefentry> + <refentrytitle>selinux</refentrytitle><manvolnum>8</manvolnum> Index: pam.debian/modules/pam_sepermit/pam_sepermit.8 =================================================================== --- pam.debian.orig/modules/pam_sepermit/pam_sepermit.8 @@ -986,7 +1001,7 @@ Index: pam.debian/modules/pam_succeed_if/pam_succeed_if.8 =================================================================== --- pam.debian.orig/modules/pam_succeed_if/pam_succeed_if.8 +++ pam.debian/modules/pam_succeed_if/pam_succeed_if.8 -@@ -217,7 +217,7 @@ +@@ -220,7 +220,7 @@ .SH "SEE ALSO" .PP \fBglob\fR(7), @@ -999,7 +1014,7 @@ Index: pam.debian/modules/pam_succeed_if/pam_succeed_if.8.xml =================================================================== --- pam.debian.orig/modules/pam_succeed_if/pam_succeed_if.8.xml +++ pam.debian/modules/pam_succeed_if/pam_succeed_if.8.xml -@@ -294,7 +294,7 @@ +@@ -295,7 +295,7 @@ <refentrytitle>glob</refentrytitle><manvolnum>7</manvolnum> </citerefentry>, <citerefentry> @@ -1064,7 +1079,7 @@ Index: pam.debian/modules/pam_umask/pam_umask.8 =================================================================== --- pam.debian.orig/modules/pam_umask/pam_umask.8 +++ pam.debian/modules/pam_umask/pam_umask.8 -@@ -171,7 +171,7 @@ +@@ -150,7 +150,7 @@ .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), @@ -1077,7 +1092,7 @@ Index: pam.debian/modules/pam_umask/pam_umask.8.xml =================================================================== --- pam.debian.orig/modules/pam_umask/pam_umask.8.xml +++ pam.debian/modules/pam_umask/pam_umask.8.xml -@@ -204,7 +204,7 @@ +@@ -201,7 +201,7 @@ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> @@ -1090,8 +1105,8 @@ Index: pam.debian/modules/pam_unix/pam_unix.8 =================================================================== --- pam.debian.orig/modules/pam_unix/pam_unix.8 +++ pam.debian/modules/pam_unix/pam_unix.8 -@@ -263,7 +263,7 @@ - .PP +@@ -269,7 +269,7 @@ + \fBlogin.defs\fR(5), \fBpam.conf\fR(5), \fBpam.d\fR(5), -\fBpam\fR(8) @@ -1103,7 +1118,7 @@ Index: pam.debian/modules/pam_unix/pam_unix.8.xml =================================================================== --- pam.debian.orig/modules/pam_unix/pam_unix.8.xml +++ pam.debian/modules/pam_unix/pam_unix.8.xml -@@ -487,7 +487,7 @@ +@@ -494,7 +494,7 @@ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> |