summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSteve Langasek <steve.langasek@canonical.com>2022-08-17 16:21:14 -0700
committerSteve Langasek <steve.langasek@canonical.com>2022-08-17 23:35:06 +0000
commit6b25469cd26d79e424e1e58aa0a4e3bfa9855982 (patch)
treee0e66398e144833a8d058787f2204ef7cb0782bc
parent7561896529a7af05201dc31e959a05897ef99e19 (diff)
Refresh patches
-rw-r--r--debian/changelog7
-rw-r--r--debian/patches-applied/008_modules_pam_limits_chroot40
-rw-r--r--debian/patches-applied/022_pam_unix_group_time_miscfixes2
-rw-r--r--debian/patches-applied/026_pam_unix_passwd_unknown_user8
-rw-r--r--debian/patches-applied/027_pam_limits_better_init_allow_explicit_root28
-rw-r--r--debian/patches-applied/031_pam_include6
-rw-r--r--debian/patches-applied/032_pam_limits_EPERM_NOT_FATAL2
-rw-r--r--debian/patches-applied/036_pam_wheel_getlogin_considered_harmful74
-rw-r--r--debian/patches-applied/040_pam_limits_log_failure2
-rw-r--r--debian/patches-applied/PAM-manpage-section118
-rw-r--r--debian/patches-applied/make_documentation_reproducible.patch2
-rw-r--r--debian/patches-applied/pam-limits-nofile-fd-setsize-cap2
-rw-r--r--debian/patches-applied/pam_env-allow-environment-files-without-EOL-at-EOF.patch30
-rw-r--r--debian/patches-applied/pam_faillock_create_directory31
-rw-r--r--debian/patches-applied/pam_mkhomedir_stat_before_opendir4
-rw-r--r--debian/patches-applied/pam_unix_avoid_checksalt43
-rw-r--r--debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch4
-rw-r--r--debian/patches-applied/pam_unix_fix_sgid_shadow_auth.patch25
-rw-r--r--debian/patches-applied/pam_unix_initialize_daysleft29
-rw-r--r--debian/patches-applied/series6
-rw-r--r--debian/patches-applied/update-motd12
21 files changed, 126 insertions, 349 deletions
diff --git a/debian/changelog b/debian/changelog
index 7649336c..e5b27e96 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,13 @@ pam (1.5.2-1) UNRELEASED; urgency=medium
* New upstream release.
- fixes compatibility with libpam-systemd. Closes: #1017467.
+ * Refresh patches.
+ * Drop patches included or obsoleted upstream:
+ - debian/patches-applied/pam_unix_fix_sgid_shadow_auth.patch
+ - debian/patches-applied/pam_unix_initialize_daysleft
+ - debian/patches-applied/pam_faillock_create_directory
+ - debian/patches-applied/pam_unix_avoid_checksalt
+ - debian/patches-applied/pam_env-allow-environment-files-without-EOL-at-EOF.patch
-- Steve Langasek <vorlon@debian.org> Wed, 17 Aug 2022 05:10:03 +0000
diff --git a/debian/patches-applied/008_modules_pam_limits_chroot b/debian/patches-applied/008_modules_pam_limits_chroot
index acbdc1a9..7a86fdd5 100644
--- a/debian/patches-applied/008_modules_pam_limits_chroot
+++ b/debian/patches-applied/008_modules_pam_limits_chroot
@@ -2,19 +2,19 @@ Index: pam/modules/pam_limits/pam_limits.c
===================================================================
--- pam.orig/modules/pam_limits/pam_limits.c
+++ pam/modules/pam_limits/pam_limits.c
-@@ -88,6 +88,7 @@
- int flag_numsyslogins; /* whether to limit logins only for a
+@@ -90,6 +90,7 @@
specific user or to count all logins */
int priority; /* the priority to run user process with */
+ int nonewprivs; /* whether to prctl(PR_SET_NO_NEW_PRIVS) */
+ char chroot_dir[8092]; /* directory to chroot into */
struct user_limits_struct limits[RLIM_NLIMITS];
const char *conf_file;
int utmp_after_pam_call;
-@@ -98,6 +99,7 @@
- #define LIMIT_NUMSYSLOGINS RLIM_NLIMITS+2
+@@ -101,6 +102,7 @@
#define LIMIT_PRI RLIM_NLIMITS+3
-+#define LIMIT_CHROOT RLIM_NLIMITS+4
+ #define LIMIT_NONEWPRIVS RLIM_NLIMITS+4
++#define LIMIT_CHROOT RLIM_NLIMITS+5
#define LIMIT_SOFT 1
#define LIMIT_HARD 2
@@ -27,16 +27,16 @@ Index: pam/modules/pam_limits/pam_limits.c
return retval;
}
-@@ -554,6 +558,8 @@
- pl->flag_numsyslogins = 1;
- } else if (strcmp(lim_item, "priority") == 0) {
+@@ -591,6 +595,8 @@
limit_item = LIMIT_PRI;
+ } else if (strcmp(lim_item, "nonewprivs") == 0) {
+ limit_item = LIMIT_NONEWPRIVS;
+ } else if (strcmp(lim_item, "chroot") == 0) {
-+ limit_item = LIMIT_CHROOT;
++ limit_item = LIMIT_CHROOT;
} else {
pam_syslog(pamh, LOG_DEBUG, "unknown limit item '%s'", lim_item);
return;
-@@ -591,9 +597,9 @@
+@@ -640,9 +646,9 @@
pam_syslog(pamh, LOG_DEBUG,
"wrong limit value '%s' for limit type '%s'",
lim_value, lim_type);
@@ -48,8 +48,8 @@ Index: pam/modules/pam_limits/pam_limits.c
#ifdef __USE_FILE_OFFSET64
rlimit_value = strtoull (lim_value, &endptr, 10);
#else
-@@ -654,7 +660,11 @@
- #endif
+@@ -717,7 +723,11 @@
+ break;
}
- if ( (limit_item != LIMIT_LOGIN)
@@ -59,10 +59,10 @@ Index: pam/modules/pam_limits/pam_limits.c
+ }
+ else if ( (limit_item != LIMIT_LOGIN)
&& (limit_item != LIMIT_NUMSYSLOGINS)
- && (limit_item != LIMIT_PRI) ) {
- if (limit_type & LIMIT_SOFT) {
-@@ -998,6 +1008,15 @@
- retval |= LOGIN_ERR;
+ && (limit_item != LIMIT_PRI)
+ && (limit_item != LIMIT_NONEWPRIVS) ) {
+@@ -1071,6 +1081,15 @@
+ }
}
+ if (!retval && pl->chroot_dir[0]) {
@@ -81,7 +81,7 @@ Index: pam/modules/pam_limits/limits.conf.5.xml
===================================================================
--- pam.orig/modules/pam_limits/limits.conf.5.xml
+++ pam/modules/pam_limits/limits.conf.5.xml
-@@ -266,6 +266,12 @@
+@@ -273,6 +273,12 @@
(Linux 2.6.12 and higher)</para>
</listitem>
</varlistentry>
@@ -98,7 +98,7 @@ Index: pam/modules/pam_limits/limits.conf.5
===================================================================
--- pam.orig/modules/pam_limits/limits.conf.5
+++ pam/modules/pam_limits/limits.conf.5
-@@ -271,6 +271,11 @@
+@@ -279,6 +279,11 @@
.RS 4
maximum realtime priority allowed for non\-privileged processes (Linux 2\&.6\&.12 and higher)
.RE
@@ -114,7 +114,7 @@ Index: pam/modules/pam_limits/limits.conf
===================================================================
--- pam.orig/modules/pam_limits/limits.conf
+++ pam/modules/pam_limits/limits.conf
-@@ -35,6 +35,7 @@
+@@ -46,6 +46,7 @@
# - msgqueue - max memory used by POSIX message queues (bytes)
# - nice - max nice priority allowed to raise to values: [-20, 19]
# - rtprio - max realtime priority
@@ -122,7 +122,7 @@ Index: pam/modules/pam_limits/limits.conf
#
#<domain> <type> <item> <value>
#
-@@ -45,6 +46,7 @@
+@@ -56,6 +57,7 @@
#@faculty soft nproc 20
#@faculty hard nproc 50
#ftp hard nproc 0
diff --git a/debian/patches-applied/022_pam_unix_group_time_miscfixes b/debian/patches-applied/022_pam_unix_group_time_miscfixes
index b940aa27..8239fd98 100644
--- a/debian/patches-applied/022_pam_unix_group_time_miscfixes
+++ b/debian/patches-applied/022_pam_unix_group_time_miscfixes
@@ -6,7 +6,7 @@ Index: pam/modules/pam_group/pam_group.c
===================================================================
--- pam.orig/modules/pam_group/pam_group.c
+++ pam/modules/pam_group/pam_group.c
-@@ -761,9 +761,12 @@
+@@ -754,9 +754,12 @@
unsigned setting;
/* only interested in establishing credentials */
diff --git a/debian/patches-applied/026_pam_unix_passwd_unknown_user b/debian/patches-applied/026_pam_unix_passwd_unknown_user
index 99ac3f62..d277fee9 100644
--- a/debian/patches-applied/026_pam_unix_passwd_unknown_user
+++ b/debian/patches-applied/026_pam_unix_passwd_unknown_user
@@ -5,7 +5,7 @@ Index: pam/modules/pam_unix/passverify.c
===================================================================
--- pam.orig/modules/pam_unix/passverify.c
+++ pam/modules/pam_unix/passverify.c
-@@ -749,7 +749,7 @@
+@@ -801,7 +801,7 @@
struct passwd *tmpent = NULL;
struct stat st;
FILE *pwfile, *opwfile;
@@ -13,8 +13,8 @@ Index: pam/modules/pam_unix/passverify.c
+ int err = 1, found = 0;
int oldmask;
#ifdef WITH_SELINUX
- security_context_t prev_context=NULL;
-@@ -820,6 +820,7 @@
+ char *prev_context_raw = NULL;
+@@ -872,6 +872,7 @@
tmpent->pw_passwd = assigned_passwd.charp;
err = 0;
@@ -22,7 +22,7 @@ Index: pam/modules/pam_unix/passverify.c
}
if (putpwent(tmpent, pwfile)) {
D(("error writing entry to password file: %m"));
-@@ -862,7 +863,7 @@
+@@ -914,7 +915,7 @@
return PAM_SUCCESS;
} else {
unlink(PW_TMPFILE);
diff --git a/debian/patches-applied/027_pam_limits_better_init_allow_explicit_root b/debian/patches-applied/027_pam_limits_better_init_allow_explicit_root
index 5ac946f5..c4603f5a 100644
--- a/debian/patches-applied/027_pam_limits_better_init_allow_explicit_root
+++ b/debian/patches-applied/027_pam_limits_better_init_allow_explicit_root
@@ -17,7 +17,7 @@ Index: pam/modules/pam_limits/pam_limits.c
===================================================================
--- pam.orig/modules/pam_limits/pam_limits.c
+++ pam/modules/pam_limits/pam_limits.c
-@@ -46,6 +46,14 @@
+@@ -47,6 +47,14 @@
#include <libaudit.h>
#endif
@@ -32,7 +32,7 @@ Index: pam/modules/pam_limits/pam_limits.c
/* Module defines */
#define LINE_LENGTH 1024
-@@ -83,6 +91,7 @@
+@@ -84,6 +92,7 @@
/* internal data */
struct pam_limit_s {
@@ -40,7 +40,7 @@ Index: pam/modules/pam_limits/pam_limits.c
int login_limit; /* the max logins limit */
int login_limit_def; /* which entry set the login limit */
int flag_numsyslogins; /* whether to limit logins only for a
-@@ -448,9 +457,18 @@
+@@ -447,9 +456,18 @@
{
int i;
int retval = PAM_SUCCESS;
@@ -59,7 +59,7 @@ Index: pam/modules/pam_limits/pam_limits.c
for(i = 0; i < RLIM_NLIMITS; i++) {
int r = getrlimit(i, &pl->limits[i].limit);
if (r == -1) {
-@@ -466,18 +484,68 @@
+@@ -465,18 +483,68 @@
}
#ifdef __linux__
@@ -134,7 +134,7 @@ Index: pam/modules/pam_limits/pam_limits.c
errno = 0;
pl->priority = getpriority (PRIO_PROCESS, 0);
-@@ -816,7 +884,7 @@
+@@ -881,7 +949,7 @@
if (strcmp(uname, domain) == 0) /* this user have a limit */
process_limit(pamh, LIMITS_DEF_USER, ltype, item, value, ctrl, pl);
@@ -143,7 +143,7 @@ Index: pam/modules/pam_limits/pam_limits.c
if (ctrl & PAM_DEBUG_ARG) {
pam_syslog(pamh, LOG_DEBUG,
"checking if %s is in group %s",
-@@ -842,7 +910,7 @@
+@@ -907,7 +975,7 @@
process_limit(pamh, LIMITS_DEF_GROUP, ltype, item, value, ctrl,
pl);
}
@@ -152,7 +152,7 @@ Index: pam/modules/pam_limits/pam_limits.c
if (ctrl & PAM_DEBUG_ARG) {
pam_syslog(pamh, LOG_DEBUG,
"checking if %s is in group %s",
-@@ -876,7 +944,7 @@
+@@ -941,7 +1009,7 @@
} else {
switch(rngtype) {
case LIMIT_RANGE_NONE:
@@ -161,7 +161,7 @@ Index: pam/modules/pam_limits/pam_limits.c
process_limit(pamh, LIMITS_DEF_DEFAULT, ltype, item, value, ctrl,
pl);
break;
-@@ -1062,6 +1130,8 @@
+@@ -1134,6 +1202,8 @@
return PAM_ABORT;
}
@@ -174,7 +174,7 @@ Index: pam/modules/pam_limits/limits.conf
===================================================================
--- pam.orig/modules/pam_limits/limits.conf
+++ pam/modules/pam_limits/limits.conf
-@@ -11,6 +11,9 @@
+@@ -22,6 +22,9 @@
# - the wildcard *, for default entry
# - the wildcard %, can be also used with %group syntax,
# for maxlogin limit
@@ -184,7 +184,7 @@ Index: pam/modules/pam_limits/limits.conf
#
#<type> can have the two values:
# - "soft" for enforcing the soft limits
-@@ -41,6 +44,7 @@
+@@ -52,6 +55,7 @@
#
#* soft core 0
@@ -208,7 +208,7 @@ Index: pam/modules/pam_limits/limits.conf.5.xml
</listitem>
</varlistentry>
-@@ -323,6 +328,7 @@
+@@ -333,6 +338,7 @@
</para>
<programlisting>
* soft core 0
@@ -220,7 +220,7 @@ Index: pam/modules/pam_limits/limits.conf.5
===================================================================
--- pam.orig/modules/pam_limits/limits.conf.5
+++ pam/modules/pam_limits/limits.conf.5
-@@ -142,6 +142,10 @@
+@@ -145,6 +145,10 @@
\fB%:\fR\fI<gid>\fR
applicable to maxlogins limit only\&. It limits the total number of logins of all users that are member of the group with the specified gid\&.
.RE
@@ -231,7 +231,7 @@ Index: pam/modules/pam_limits/limits.conf.5
.RE
.PP
\fB<type>\fR
-@@ -317,6 +321,7 @@
+@@ -327,6 +331,7 @@
.\}
.nf
* soft core 0
@@ -243,7 +243,7 @@ Index: pam/modules/pam_limits/README
===================================================================
--- pam.orig/modules/pam_limits/README
+++ pam/modules/pam_limits/README
-@@ -54,6 +54,7 @@
+@@ -56,6 +56,7 @@
limits.conf.
* soft core 0
diff --git a/debian/patches-applied/031_pam_include b/debian/patches-applied/031_pam_include
index 1948f894..16cf6d31 100644
--- a/debian/patches-applied/031_pam_include
+++ b/debian/patches-applied/031_pam_include
@@ -8,7 +8,7 @@ Index: pam/libpam/pam_handlers.c
===================================================================
--- pam.orig/libpam/pam_handlers.c
+++ pam/libpam/pam_handlers.c
-@@ -122,6 +122,10 @@
+@@ -123,6 +123,10 @@
module_type = PAM_T_ACCT;
} else if (!strcasecmp("password", tok)) {
module_type = PAM_T_PASS;
@@ -19,7 +19,7 @@ Index: pam/libpam/pam_handlers.c
} else {
/* Illegal module type */
D(("_pam_init_handlers: bad module type: %s", tok));
-@@ -192,8 +196,10 @@
+@@ -193,8 +197,10 @@
_pam_set_default_control(actions, _PAM_ACTION_BAD);
}
@@ -30,7 +30,7 @@ Index: pam/libpam/pam_handlers.c
if (substack) {
res = _pam_add_handler(pamh, PAM_HT_SUBSTACK, other,
stack_level, module_type, actions, tok,
-@@ -204,13 +210,35 @@
+@@ -205,13 +211,35 @@
return PAM_ABORT;
}
}
diff --git a/debian/patches-applied/032_pam_limits_EPERM_NOT_FATAL b/debian/patches-applied/032_pam_limits_EPERM_NOT_FATAL
index d5ce6953..ec97b441 100644
--- a/debian/patches-applied/032_pam_limits_EPERM_NOT_FATAL
+++ b/debian/patches-applied/032_pam_limits_EPERM_NOT_FATAL
@@ -11,7 +11,7 @@ Index: pam/modules/pam_limits/pam_limits.c
===================================================================
--- pam.orig/modules/pam_limits/pam_limits.c
+++ pam/modules/pam_limits/pam_limits.c
-@@ -1046,6 +1046,8 @@
+@@ -1111,6 +1111,8 @@
if (res != 0)
pam_syslog(pamh, LOG_ERR, "Could not set limit for '%s': %m",
rlimit2str(i));
diff --git a/debian/patches-applied/036_pam_wheel_getlogin_considered_harmful b/debian/patches-applied/036_pam_wheel_getlogin_considered_harmful
index ca465d99..805c62f4 100644
--- a/debian/patches-applied/036_pam_wheel_getlogin_considered_harmful
+++ b/debian/patches-applied/036_pam_wheel_getlogin_considered_harmful
@@ -12,7 +12,7 @@ Index: pam/modules/pam_wheel/pam_wheel.c
===================================================================
--- pam.orig/modules/pam_wheel/pam_wheel.c
+++ pam/modules/pam_wheel/pam_wheel.c
-@@ -60,9 +60,8 @@
+@@ -47,9 +47,8 @@
/* argument parsing */
#define PAM_DEBUG_ARG 0x0001
@@ -24,7 +24,7 @@ Index: pam/modules/pam_wheel/pam_wheel.c
#define PAM_ROOT_ONLY_ARG 0x0020
static int
-@@ -80,8 +79,7 @@
+@@ -68,8 +67,7 @@
if (!strcmp(*argv,"debug"))
ctrl |= PAM_DEBUG_ARG;
@@ -34,35 +34,47 @@ Index: pam/modules/pam_wheel/pam_wheel.c
else if (!strcmp(*argv,"trust"))
ctrl |= PAM_TRUST_ARG;
else if (!strcmp(*argv,"deny"))
-@@ -129,27 +127,14 @@
+@@ -118,39 +116,14 @@
}
}
- if (ctrl & PAM_USE_UID_ARG) {
-- tpwd = pam_modutil_getpwuid (pamh, getuid());
-- if (!tpwd) {
-- if (ctrl & PAM_DEBUG_ARG) {
+- tpwd = pam_modutil_getpwuid (pamh, getuid());
+- if (tpwd == NULL) {
+- if (ctrl & PAM_DEBUG_ARG) {
- pam_syslog(pamh, LOG_NOTICE, "who is running me ?!");
-- }
-- return PAM_SERVICE_ERR;
-- }
-- fromsu = tpwd->pw_name;
+- }
+- return PAM_SERVICE_ERR;
+- }
+- fromsu = tpwd->pw_name;
- } else {
-- fromsu = pam_modutil_getlogin(pamh);
-- if (fromsu) {
-- tpwd = pam_modutil_getpwnam (pamh, fromsu);
-- }
-- if (!fromsu || !tpwd) {
-- if (ctrl & PAM_DEBUG_ARG) {
-- pam_syslog(pamh, LOG_NOTICE, "who is running me ?!");
-- }
-- return PAM_SERVICE_ERR;
+- fromsu = pam_modutil_getlogin(pamh);
+-
+- /* if getlogin fails try a fallback to PAM_RUSER */
+- if (fromsu == NULL) {
+- const char *rhostname;
+-
+- retval = pam_get_item(pamh, PAM_RHOST, (const void **)&rhostname);
+- if (retval != PAM_SUCCESS || rhostname == NULL) {
+- retval = pam_get_item(pamh, PAM_RUSER, (const void **)&fromsu);
+- }
+- }
+-
+- if (fromsu != NULL) {
+- tpwd = pam_modutil_getpwnam (pamh, fromsu);
+- }
+-
+- if (fromsu == NULL || tpwd == NULL) {
+- if (ctrl & PAM_DEBUG_ARG) {
+- pam_syslog(pamh, LOG_NOTICE, "who is running me ?!");
+- }
+- return PAM_SERVICE_ERR;
+ tpwd = pam_modutil_getpwuid (pamh, getuid());
-+ if (!tpwd) {
-+ if (ctrl & PAM_DEBUG_ARG) {
-+ pam_syslog(pamh, LOG_NOTICE, "who is running me ?!");
- }
-+ return PAM_SERVICE_ERR;
++ if (tpwd == NULL) {
++ if (ctrl & PAM_DEBUG_ARG) {
++ pam_syslog(pamh, LOG_NOTICE, "who is running me ?!");
+ }
++ return PAM_SERVICE_ERR;
}
+ fromsu = tpwd->pw_name;
@@ -92,9 +104,9 @@ Index: pam/modules/pam_wheel/pam_wheel.8.xml
- </term>
- <listitem>
- <para>
-- The check for wheel membership will be done against
-- the current uid instead of the original one (useful when
-- jumping with su from one account to another for example).
+- The check will be done against the real uid of the calling process,
+- instead of trying to obtain the user from the login session
+- associated with the terminal in use.
- </para>
- </listitem>
- </varlistentry>
@@ -121,7 +133,7 @@ Index: pam/modules/pam_wheel/pam_wheel.8
-.PP
-\fBuse_uid\fR
-.RS 4
--The check for wheel membership will be done against the current uid instead of the original one (useful when jumping with su from one account to another for example)\&.
+-The check will be done against the real uid of the calling process, instead of trying to obtain the user from the login session associated with the terminal in use\&.
-.RE
.SH "MODULE TYPES PROVIDED"
.PP
@@ -136,9 +148,9 @@ Index: pam/modules/pam_wheel/README
-use_uid
-
-- The check for wheel membership will be done against the current uid instead
-- of the original one (useful when jumping with su from one account to
-- another for example).
+- The check will be done against the real uid of the calling process, instead
+- of trying to obtain the user from the login session associated with the
+- terminal in use.
-
EXAMPLES
diff --git a/debian/patches-applied/040_pam_limits_log_failure b/debian/patches-applied/040_pam_limits_log_failure
index 616887c3..0ef703bf 100644
--- a/debian/patches-applied/040_pam_limits_log_failure
+++ b/debian/patches-applied/040_pam_limits_log_failure
@@ -11,7 +11,7 @@ Index: pam/modules/pam_limits/pam_limits.c
===================================================================
--- pam.orig/modules/pam_limits/pam_limits.c
+++ pam/modules/pam_limits/pam_limits.c
-@@ -1043,9 +1043,19 @@
+@@ -1108,9 +1108,19 @@
if (pl->limits[i].limit.rlim_cur > pl->limits[i].limit.rlim_max)
pl->limits[i].limit.rlim_cur = pl->limits[i].limit.rlim_max;
res = setrlimit(i, &pl->limits[i].limit);
diff --git a/debian/patches-applied/PAM-manpage-section b/debian/patches-applied/PAM-manpage-section
index 815c2614..7cdadad3 100644
--- a/debian/patches-applied/PAM-manpage-section
+++ b/debian/patches-applied/PAM-manpage-section
@@ -35,8 +35,8 @@ Index: pam/doc/man/PAM.8
.\" Source: Linux-PAM Manual
.\" Language: English
.\"
--.TH "PAM" "8" "06/08/2020" "Linux-PAM Manual" "Linux-PAM Manual"
-+.TH "PAM" "7" "06/08/2020" "Linux-PAM Manual" "Linux-PAM Manual"
+-.TH "PAM" "8" "09/03/2021" "Linux-PAM Manual" "Linux-PAM Manual"
++.TH "PAM" "7" "09/03/2021" "Linux-PAM Manual" "Linux-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -128,7 +128,7 @@ Index: pam/modules/pam_limits/limits.conf.5.xml
===================================================================
--- pam.orig/modules/pam_limits/limits.conf.5.xml
+++ pam/modules/pam_limits/limits.conf.5.xml
-@@ -346,7 +346,7 @@
+@@ -357,7 +357,7 @@
<para>
<citerefentry><refentrytitle>pam_limits</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
@@ -141,7 +141,7 @@ Index: pam/modules/pam_limits/limits.conf.5
===================================================================
--- pam.orig/modules/pam_limits/limits.conf.5
+++ pam/modules/pam_limits/limits.conf.5
-@@ -343,7 +343,7 @@
+@@ -351,7 +351,7 @@
.PP
\fBpam_limits\fR(8),
\fBpam.d\fR(5),
@@ -228,32 +228,6 @@ Index: pam/modules/pam_access/pam_access.8
.SH "AUTHORS"
.PP
The logdaemon style login access control scheme was designed and implemented by Wietse Venema\&. The pam_access PAM module was developed by Alexei Nogin <alexei@nogin\&.dnttm\&.ru>\&. The IPv6 support and the network(address) / netmask feature was developed and provided by Mike Becher <mike\&.becher@lrz\-muenchen\&.de>\&.
-Index: pam/modules/pam_cracklib/pam_cracklib.8.xml
-===================================================================
---- pam.orig/modules/pam_cracklib/pam_cracklib.8.xml
-+++ pam/modules/pam_cracklib/pam_cracklib.8.xml
-@@ -577,7 +577,7 @@
- <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
- </citerefentry>,
- <citerefentry>
-- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
-+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum>
- </citerefentry>
- </para>
- </refsect1>
-Index: pam/modules/pam_cracklib/pam_cracklib.8
-===================================================================
---- pam.orig/modules/pam_cracklib/pam_cracklib.8
-+++ pam/modules/pam_cracklib/pam_cracklib.8
-@@ -357,7 +357,7 @@
- .PP
- \fBpam.conf\fR(5),
- \fBpam.d\fR(5),
--\fBpam\fR(8)
-+\fBpam\fR(7)
- .SH "AUTHOR"
- .PP
- pam_cracklib was written by Cristian Gafton <gafton@redhat\&.com>
Index: pam/modules/pam_debug/pam_debug.8.xml
===================================================================
--- pam.orig/modules/pam_debug/pam_debug.8.xml
@@ -336,7 +310,7 @@ Index: pam/modules/pam_env/pam_env.8.xml
===================================================================
--- pam.orig/modules/pam_env/pam_env.8.xml
+++ pam/modules/pam_env/pam_env.8.xml
-@@ -246,7 +246,7 @@
+@@ -254,7 +254,7 @@
<refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
@@ -349,7 +323,7 @@ Index: pam/modules/pam_exec/pam_exec.8.xml
===================================================================
--- pam.orig/modules/pam_exec/pam_exec.8.xml
+++ pam/modules/pam_exec/pam_exec.8.xml
-@@ -287,7 +287,7 @@
+@@ -303,7 +303,7 @@
<refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
@@ -362,7 +336,7 @@ Index: pam/modules/pam_exec/pam_exec.8
===================================================================
--- pam.orig/modules/pam_exec/pam_exec.8
+++ pam/modules/pam_exec/pam_exec.8
-@@ -177,7 +177,7 @@
+@@ -182,7 +182,7 @@
.PP
\fBpam.conf\fR(5),
\fBpam.d\fR(5),
@@ -687,7 +661,7 @@ Index: pam/modules/pam_mkhomedir/pam_mkhomedir.8.xml
===================================================================
--- pam.orig/modules/pam_mkhomedir/pam_mkhomedir.8.xml
+++ pam/modules/pam_mkhomedir/pam_mkhomedir.8.xml
-@@ -198,7 +198,7 @@
+@@ -205,7 +205,7 @@
<refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
@@ -700,7 +674,7 @@ Index: pam/modules/pam_mkhomedir/pam_mkhomedir.8
===================================================================
--- pam.orig/modules/pam_mkhomedir/pam_mkhomedir.8
+++ pam/modules/pam_mkhomedir/pam_mkhomedir.8
-@@ -124,7 +124,7 @@
+@@ -129,7 +129,7 @@
.SH "SEE ALSO"
.PP
\fBpam.d\fR(5),
@@ -713,7 +687,7 @@ Index: pam/modules/pam_motd/pam_motd.8.xml
===================================================================
--- pam.orig/modules/pam_motd/pam_motd.8.xml
+++ pam/modules/pam_motd/pam_motd.8.xml
-@@ -195,7 +195,7 @@
+@@ -196,7 +196,7 @@
<refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
@@ -739,7 +713,7 @@ Index: pam/modules/pam_namespace/pam_namespace.8.xml
===================================================================
--- pam.orig/modules/pam_namespace/pam_namespace.8.xml
+++ pam/modules/pam_namespace/pam_namespace.8.xml
-@@ -399,7 +399,7 @@
+@@ -362,7 +362,7 @@
<refentrytitle>mount</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
@@ -752,7 +726,7 @@ Index: pam/modules/pam_namespace/pam_namespace.8
===================================================================
--- pam.orig/modules/pam_namespace/pam_namespace.8
+++ pam/modules/pam_namespace/pam_namespace.8
-@@ -178,7 +178,7 @@
+@@ -148,7 +148,7 @@
\fBnamespace.conf\fR(5),
\fBpam.d\fR(5),
\fBmount\fR(8),
@@ -912,8 +886,8 @@ Index: pam/modules/pam_selinux/pam_selinux.8
.\" Source: Linux-PAM Manual
.\" Language: English
.\"
--.TH "PAM_SELINUX" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_SELINUX" "7" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+-.TH "PAM_SELINUX" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
++.TH "PAM_SELINUX" "7" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -1004,32 +978,6 @@ Index: pam/modules/pam_succeed_if/pam_succeed_if.8
.SH "AUTHOR"
.PP
Nalin Dahyabhai <nalin@redhat\&.com>
-Index: pam/modules/pam_tally/pam_tally.8.xml
-===================================================================
---- pam.orig/modules/pam_tally/pam_tally.8.xml
-+++ pam/modules/pam_tally/pam_tally.8.xml
-@@ -444,7 +444,7 @@
- <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
- </citerefentry>,
- <citerefentry>
-- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
-+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum>
- </citerefentry>
- </para>
- </refsect1>
-Index: pam/modules/pam_tally/pam_tally.8
-===================================================================
---- pam.orig/modules/pam_tally/pam_tally.8
-+++ pam/modules/pam_tally/pam_tally.8
-@@ -250,7 +250,7 @@
- \fBfaillog\fR(8),
- \fBpam.conf\fR(5),
- \fBpam.d\fR(5),
--\fBpam\fR(8)
-+\fBpam\fR(7)
- .SH "AUTHOR"
- .PP
- pam_tally was written by Tim Baverstock and Tomas Mraz\&.
Index: pam/modules/pam_time/pam_time.8.xml
===================================================================
--- pam.orig/modules/pam_time/pam_time.8.xml
@@ -1504,7 +1452,7 @@ Index: pam/modules/pam_userdb/pam_userdb.8.xml
===================================================================
--- pam.orig/modules/pam_userdb/pam_userdb.8.xml
+++ pam/modules/pam_userdb/pam_userdb.8.xml
-@@ -278,7 +278,7 @@
+@@ -279,7 +279,7 @@
<refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
@@ -1612,8 +1560,8 @@ Index: pam/modules/pam_env/pam_env.8
.\" Source: Linux-PAM Manual
.\" Language: English
.\"
--.TH "PAM_ENV" "8" "06/08/2020" "Linux-PAM Manual" "Linux-PAM Manual"
-+.TH "PAM_ENV" "7" "06/08/2020" "Linux-PAM Manual" "Linux-PAM Manual"
+-.TH "PAM_ENV" "8" "09/03/2021" "Linux-PAM Manual" "Linux-PAM Manual"
++.TH "PAM_ENV" "7" "09/03/2021" "Linux-PAM Manual" "Linux-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -1669,37 +1617,11 @@ Index: pam/modules/pam_sepermit/sepermit.conf.5
\fBselinux\fR(8),
.SH "AUTHOR"
.PP
-Index: pam/modules/pam_tally2/pam_tally2.8.xml
-===================================================================
---- pam.orig/modules/pam_tally2/pam_tally2.8.xml
-+++ pam/modules/pam_tally2/pam_tally2.8.xml
-@@ -435,7 +435,7 @@
- <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
- </citerefentry>,
- <citerefentry>
-- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
-+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum>
- </citerefentry>
- </para>
- </refsect1>
-Index: pam/modules/pam_tally2/pam_tally2.8
-===================================================================
---- pam.orig/modules/pam_tally2/pam_tally2.8
-+++ pam/modules/pam_tally2/pam_tally2.8
-@@ -238,7 +238,7 @@
- .PP
- \fBpam.conf\fR(5),
- \fBpam.d\fR(5),
--\fBpam\fR(8)
-+\fBpam\fR(7)
- .SH "AUTHOR"
- .PP
- pam_tally2 was written by Tim Baverstock and Tomas Mraz\&.
Index: pam/modules/pam_timestamp/pam_timestamp.8.xml
===================================================================
--- pam.orig/modules/pam_timestamp/pam_timestamp.8.xml
+++ pam/modules/pam_timestamp/pam_timestamp.8.xml
-@@ -188,7 +188,7 @@
+@@ -193,7 +193,7 @@
<refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
@@ -1712,7 +1634,7 @@ Index: pam/modules/pam_timestamp/pam_timestamp.8
===================================================================
--- pam.orig/modules/pam_timestamp/pam_timestamp.8
+++ pam/modules/pam_timestamp/pam_timestamp.8
-@@ -124,7 +124,7 @@
+@@ -129,7 +129,7 @@
\fBpam_timestamp_check\fR(8),
\fBpam.conf\fR(5),
\fBpam.d\fR(5),
@@ -1746,7 +1668,7 @@ Index: pam/modules/pam_timestamp/pam_timestamp_check.8
+\fBpam\fR(7)
.SH "AUTHOR"
.PP
- pam_tally was written by Nalin Dahyabhai\&.
+ pam_timestamp was written by Nalin Dahyabhai\&.
Index: pam/modules/pam_tty_audit/pam_tty_audit.8.xml
===================================================================
--- pam.orig/modules/pam_tty_audit/pam_tty_audit.8.xml
diff --git a/debian/patches-applied/make_documentation_reproducible.patch b/debian/patches-applied/make_documentation_reproducible.patch
index ed15df13..b6a4bfe3 100644
--- a/debian/patches-applied/make_documentation_reproducible.patch
+++ b/debian/patches-applied/make_documentation_reproducible.patch
@@ -8,7 +8,7 @@ Index: pam/configure.ac
===================================================================
--- pam.orig/configure.ac
+++ pam/configure.ac
-@@ -619,7 +619,7 @@
+@@ -585,7 +585,7 @@
AC_PATH_PROG([BROWSER], [w3m])
if test -n "$BROWSER"; then
diff --git a/debian/patches-applied/pam-limits-nofile-fd-setsize-cap b/debian/patches-applied/pam-limits-nofile-fd-setsize-cap
index 302c911f..9c0503c7 100644
--- a/debian/patches-applied/pam-limits-nofile-fd-setsize-cap
+++ b/debian/patches-applied/pam-limits-nofile-fd-setsize-cap
@@ -43,7 +43,7 @@ Index: pam/modules/pam_limits/pam_limits.c
===================================================================
--- pam.orig/modules/pam_limits/pam_limits.c
+++ pam/modules/pam_limits/pam_limits.c
-@@ -451,6 +451,14 @@
+@@ -450,6 +450,14 @@
pl->limits[i].src_hard = LIMITS_DEF_KERNEL;
}
fclose(limitsfile);
diff --git a/debian/patches-applied/pam_env-allow-environment-files-without-EOL-at-EOF.patch b/debian/patches-applied/pam_env-allow-environment-files-without-EOL-at-EOF.patch
deleted file mode 100644
index 340e4a7f..00000000
--- a/debian/patches-applied/pam_env-allow-environment-files-without-EOL-at-EOF.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From: Tomas Mraz <tmraz@fedoraproject.org>
-Date: Wed, 4 Nov 2020 09:37:36 +0100
-Subject: pam_env: allow environment files without EOL at EOF
-
-Fixes #263
-
-* modules/pam_env/pam_env.c (_assemble_line): Do not error out if at feof()
-
-Origin: upstream, https://github.com/linux-pam/linux-pam/commit/12824dd648b0668968231044ed805d1f3b212d7e
-Applied-Upstream: 1.5.0
-Bug: https://github.com/linux-pam/linux-pam/issues/263
-Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1953201
-Reviewed-By: Sergio Durigan Junior <sergiodj@ubuntu.com>
----
- modules/pam_env/pam_env.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c
-index 79d4372..4aa3777 100644
---- a/modules/pam_env/pam_env.c
-+++ b/modules/pam_env/pam_env.c
-@@ -311,7 +311,7 @@ static int _assemble_line(FILE *f, char *buffer, int buf_len)
- D(("_assemble_line: corrupted or binary file"));
- return -1;
- }
-- if (p[strlen(p)-1] != '\n') {
-+ if (p[strlen(p)-1] != '\n' && !feof(f)) {
- D(("_assemble_line: line too long"));
- return -1;
- }
diff --git a/debian/patches-applied/pam_faillock_create_directory b/debian/patches-applied/pam_faillock_create_directory
deleted file mode 100644
index 420e2937..00000000
--- a/debian/patches-applied/pam_faillock_create_directory
+++ /dev/null
@@ -1,31 +0,0 @@
-commit d54870f993e97fe75e2cd0470a3701d5af22877c
-Author: Changqing Li <changqing.li@windriver.com>
-Date: Tue Jan 12 14:45:34 2021 +0800
-
- faillock: create tallydir before creating tallyfile
-
- The default tallydir is "/var/run/faillock", and this default
- tallydir may not exist.
-
- Function open may fail as tallydir does not exist when creating
- the tallyfile. Therefore, faillock will not work well.
-
- Fix this problem by creating tallydir before creating tallyfile
- when the tallydir does not exist.
-
- Signed-off-by: Changqing Li <changqing.li@windriver.com>
-
-Index: pam/modules/pam_faillock/faillock.c
-===================================================================
---- pam.orig/modules/pam_faillock/faillock.c
-+++ pam/modules/pam_faillock/faillock.c
-@@ -74,6 +74,9 @@ open_tally (const char *dir, const char
-
- if (create) {
- flags |= O_CREAT;
-+ if (access(dir, F_OK) != 0) {
-+ mkdir(dir, 0755);
-+ }
- }
-
- fd = open(path, flags, 0600);
diff --git a/debian/patches-applied/pam_mkhomedir_stat_before_opendir b/debian/patches-applied/pam_mkhomedir_stat_before_opendir
index 3e5f0a12..aec49b69 100644
--- a/debian/patches-applied/pam_mkhomedir_stat_before_opendir
+++ b/debian/patches-applied/pam_mkhomedir_stat_before_opendir
@@ -2,7 +2,7 @@ Index: pam/modules/pam_mkhomedir/mkhomedir_helper.c
===================================================================
--- pam.orig/modules/pam_mkhomedir/mkhomedir_helper.c
+++ pam/modules/pam_mkhomedir/mkhomedir_helper.c
-@@ -38,6 +38,7 @@ create_homedir(const struct passwd *pwd,
+@@ -39,6 +39,7 @@
DIR *d;
struct dirent *dent;
int retval = PAM_SESSION_ERR;
@@ -10,7 +10,7 @@ Index: pam/modules/pam_mkhomedir/mkhomedir_helper.c
/* Create the new directory */
if (mkdir(dest, 0700) && errno != EEXIST)
-@@ -53,6 +54,12 @@ create_homedir(const struct passwd *pwd,
+@@ -54,6 +55,12 @@
goto go_out;
}
diff --git a/debian/patches-applied/pam_unix_avoid_checksalt b/debian/patches-applied/pam_unix_avoid_checksalt
deleted file mode 100644
index 5a441145..00000000
--- a/debian/patches-applied/pam_unix_avoid_checksalt
+++ /dev/null
@@ -1,43 +0,0 @@
-debian-bug: #992848
-upstream-bug: https://github.com/linux-pam/linux-pam/issues/367
-
-
-From 980d90c9232fe5325d1a4deddd42c597cf9e1a54 Mon Sep 17 00:00:00 2001
-From: "Dmitry V. Levin" <ldv@altlinux.org>
-Date: Thu, 10 Jun 2021 14:00:00 +0000
-Subject: [PATCH] pam_unix: do not use crypt_checksalt when checking for
- password expiration
-
-According to Zack Weinberg, the intended meaning of
-CRYPT_SALT_METHOD_LEGACY is "passwd(1) should not use this hashing
-method", it is not supposed to mean "force a password change on next
-login for any user with an existing stored hash using this method".
-
-This reverts commit 4da9febc39b955892a30686e8396785b96bb8ba5.
-
-* modules/pam_unix/passverify.c (check_shadow_expiry)
-[CRYPT_CHECKSALT_AVAILABLE]: Remove.
-
-Closes: https://github.com/linux-pam/linux-pam/issues/367
----
- modules/pam_unix/passverify.c | 6 ------
- 1 file changed, 6 deletions(-)
-
-diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
-index f6132f805..5a19ed856 100644
---- a/modules/pam_unix/passverify.c
-+++ b/modules/pam_unix/passverify.c
-@@ -289,13 +289,7 @@ PAMH_ARG_DECL(int check_shadow_expiry,
- D(("account expired"));
- return PAM_ACCT_EXPIRED;
- }
--#if defined(CRYPT_CHECKSALT_AVAILABLE) && CRYPT_CHECKSALT_AVAILABLE
-- if (spent->sp_lstchg == 0 ||
-- crypt_checksalt(spent->sp_pwdp) == CRYPT_SALT_METHOD_LEGACY ||
-- crypt_checksalt(spent->sp_pwdp) == CRYPT_SALT_TOO_CHEAP) {
--#else
- if (spent->sp_lstchg == 0) {
--#endif
- D(("need a new password"));
- *daysleft = 0;
- return PAM_NEW_AUTHTOK_REQD;
diff --git a/debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch b/debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch
index 11d4ee31..6a9e525e 100644
--- a/debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch
+++ b/debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch
@@ -11,10 +11,10 @@ Index: pam/modules/pam_unix/unix_chkpwd.c
===================================================================
--- pam.orig/modules/pam_unix/unix_chkpwd.c
+++ pam/modules/pam_unix/unix_chkpwd.c
-@@ -137,9 +137,10 @@
+@@ -138,9 +138,10 @@
/* if the caller specifies the username, verify that user
matches it */
- if (strcmp(user, argv[1])) {
+ if (user == NULL || strcmp(user, argv[1])) {
+ gid_t gid = getgid();
user = argv[1];
/* no match -> permanently change to the real user and proceed */
diff --git a/debian/patches-applied/pam_unix_fix_sgid_shadow_auth.patch b/debian/patches-applied/pam_unix_fix_sgid_shadow_auth.patch
deleted file mode 100644
index 0ce85eb7..00000000
--- a/debian/patches-applied/pam_unix_fix_sgid_shadow_auth.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-Revert upstream change that prevents pam_unix from working with sgid
-shadow applications.
-
-Authors: Steve Langasek <vorlon@debian.org>
-
-Upstream status: to be submitted (and debated...)
-
-Index: pam/modules/pam_unix/passverify.c
-===================================================================
---- pam.orig/modules/pam_unix/passverify.c
-+++ pam/modules/pam_unix/passverify.c
-@@ -198,11 +198,11 @@
- * ...and shadow password file entry for this user,
- * if shadowing is enabled
- */
-+ *spwdent = pam_modutil_getspnam(pamh, name);
- #ifndef HELPER_COMPILE
-- if (geteuid() || SELINUX_ENABLED)
-+ if (*spwdent == NULL && (geteuid() || SELINUX_ENABLED))
- return PAM_UNIX_RUN_HELPER;
- #endif
-- *spwdent = pam_modutil_getspnam(pamh, name);
- if (*spwdent == NULL || (*spwdent)->sp_pwdp == NULL)
- return PAM_AUTHINFO_UNAVAIL;
- }
diff --git a/debian/patches-applied/pam_unix_initialize_daysleft b/debian/patches-applied/pam_unix_initialize_daysleft
deleted file mode 100644
index e304a16e..00000000
--- a/debian/patches-applied/pam_unix_initialize_daysleft
+++ /dev/null
@@ -1,29 +0,0 @@
-bug-debian: https://bugs.debian.org/980285
-
-commit db6b293046aee4735f3aa2d1713742ed4b533219
-Author: Tomas Mraz <tmraz@fedoraproject.org>
-Date: Wed Jul 22 11:47:55 2020 +0200
-
- Fix missing initialization of daysleft
-
- The daysleft otherwise stays uninitialized if there is no shadow entry.
-
- Regression from commit f5adefa.
-
- Fixes #255
-
- * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Initialize daysleft.
-
-Index: pam/modules/pam_unix/pam_unix_acct.c
-===================================================================
---- pam.orig/modules/pam_unix/pam_unix_acct.c
-+++ pam/modules/pam_unix/pam_unix_acct.c
-@@ -189,7 +189,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int
- unsigned long long ctrl;
- const void *void_uname;
- const char *uname;
-- int retval, daysleft;
-+ int retval, daysleft = -1;
- char buf[256];
-
- D(("called."));
diff --git a/debian/patches-applied/series b/debian/patches-applied/series
index d3f4a191..3ea285ae 100644
--- a/debian/patches-applied/series
+++ b/debian/patches-applied/series
@@ -1,4 +1,3 @@
-pam_unix_fix_sgid_shadow_auth.patch
pam_unix_dont_trust_chkpwd_caller.patch
make_documentation_reproducible.patch
007_modules_pam_unix
@@ -22,9 +21,4 @@ pam-limits-nofile-fd-setsize-cap
fix-autoreconf.patch
nullok_secure-compat.patch
-pam_unix_initialize_daysleft
-pam_faillock_create_directory
pam_mkhomedir_stat_before_opendir
-pam_unix_avoid_checksalt
-
-pam_env-allow-environment-files-without-EOL-at-EOF.patch
diff --git a/debian/patches-applied/update-motd b/debian/patches-applied/update-motd
index d84ecf57..14d5fee4 100644
--- a/debian/patches-applied/update-motd
+++ b/debian/patches-applied/update-motd
@@ -10,7 +10,7 @@ Index: pam/modules/pam_motd/pam_motd.c
===================================================================
--- pam.orig/modules/pam_motd/pam_motd.c
+++ pam/modules/pam_motd/pam_motd.c
-@@ -286,6 +286,7 @@
+@@ -352,6 +352,7 @@
int argc, const char **argv)
{
int retval = PAM_IGNORE;
@@ -18,7 +18,7 @@ Index: pam/modules/pam_motd/pam_motd.c
const char *motd_path = NULL;
char *motd_path_copy = NULL;
unsigned int num_motd_paths = 0;
-@@ -295,6 +296,7 @@
+@@ -361,6 +362,7 @@
unsigned int num_motd_dir_paths = 0;
char **motd_dir_path_split = NULL;
int report_missing;
@@ -26,7 +26,7 @@ Index: pam/modules/pam_motd/pam_motd.c
if (flags & PAM_SILENT) {
return retval;
-@@ -324,6 +326,9 @@
+@@ -390,6 +392,9 @@
"motd_dir= specification missing argument - ignored");
}
}
@@ -36,7 +36,7 @@ Index: pam/modules/pam_motd/pam_motd.c
else
pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv);
}
-@@ -336,6 +341,19 @@
+@@ -402,6 +407,19 @@
report_missing = 1;
}
@@ -60,7 +60,7 @@ Index: pam/modules/pam_motd/pam_motd.8.xml
===================================================================
--- pam.orig/modules/pam_motd/pam_motd.8.xml
+++ pam/modules/pam_motd/pam_motd.8.xml
-@@ -114,6 +114,17 @@
+@@ -115,6 +115,17 @@
</para>
</listitem>
</varlistentry>
@@ -100,7 +100,7 @@ Index: pam/modules/pam_motd/README
===================================================================
--- pam.orig/modules/pam_motd/README
+++ pam/modules/pam_motd/README
-@@ -51,6 +51,10 @@
+@@ -52,6 +52,10 @@
colon-separated list. By default this option is set to /etc/motd.d:/run/
motd.d:/usr/lib/motd.d.