summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--debian/changelog2
-rw-r--r--debian/patches-applied/nullok_secure-compat.patch27
-rw-r--r--debian/patches-applied/series1
3 files changed, 30 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index 82d8b2dd..28224bb3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,6 +5,8 @@ pam (1.4.0-1) UNRELEASED; urgency=medium
* Drop patches to implement "nullok_secure" option for pam_unix.
Closes: #674857, #936071, LP: #1860826.
* debian/patches-applied/cve-2010-4708.patch: drop, applied upstream.
+ * debian/patches-applied/nullok_secure-compat.patch: Support
+ nullok_secure as a deprecated alias for nullok.
-- Steve Langasek <vorlon@debian.org> Tue, 11 Aug 2020 14:58:13 -0700
diff --git a/debian/patches-applied/nullok_secure-compat.patch b/debian/patches-applied/nullok_secure-compat.patch
new file mode 100644
index 00000000..d85aa9fe
--- /dev/null
+++ b/debian/patches-applied/nullok_secure-compat.patch
@@ -0,0 +1,27 @@
+Description: Support nullok_secure as a deprecated alias for nullok
+Author: Steve Langasek <vorlon@debian.org>
+Last-Update: 2020-08-11
+
+Index: pam/modules/pam_unix/support.h
+===================================================================
+--- pam.orig/modules/pam_unix/support.h
++++ pam/modules/pam_unix/support.h
+@@ -102,8 +102,9 @@
+ #define UNIX_YESCRYPT_PASS 32 /* new password hashes will use yescrypt */
+ #define UNIX_NULLRESETOK 33 /* allow empty password if password reset is enforced */
+ #define UNIX_OBSCURE_CHECKS 34 /* enable obscure checks on passwords */
++#define UNIX_NULLOK_SECURE 35 /* deprecated alias for nullok */
+ /* -------------- */
+-#define UNIX_CTRLS_ 35 /* number of ctrl arguments defined */
++#define UNIX_CTRLS_ 36 /* number of ctrl arguments defined */
+
+ #define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl)&&off(UNIX_GOST_YESCRYPT_PASS,ctrl)&&off(UNIX_YESCRYPT_PASS,ctrl))
+
+@@ -147,6 +148,7 @@
+ /* UNIX_YESCRYPT_PASS */ {"yescrypt", _ALL_ON_^(0x6EC22000ULL), 0x40000000, 1},
+ /* UNIX_NULLRESETOK */ {"nullresetok", _ALL_ON_, 0x80000000, 0},
+ /* UNIX_OBSCURE_CHECKS */ {"obscure", _ALL_ON_, 0x100000000, 0},
++/* UNIX_NULLOK_SECURE */ {"nullok_secure", _ALL_ON_^(0x200ULL), 0, 0},
+ };
+
+ #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag)
diff --git a/debian/patches-applied/series b/debian/patches-applied/series
index 689f2dcf..4d562185 100644
--- a/debian/patches-applied/series
+++ b/debian/patches-applied/series
@@ -20,3 +20,4 @@ no_PATH_MAX_on_hurd
lib_security_multiarch_compat
pam-limits-nofile-fd-setsize-cap
fix-autoreconf.patch
+nullok_secure-compat.patch