1 files changed, 86 insertions, 0 deletions
diff --git a/debian/patches-applied/024_debian_cracklib_dict_path b/debian/patches-applied/024_debian_cracklib_dict_path
new file mode 100644
index 00000000..229c87e8
--- /dev/null
+++ b/debian/patches-applied/024_debian_cracklib_dict_path
@@ -0,0 +1,86 @@
+Fix the cracklib autoconf check so that HAVE_CRACK_H gets defined.
+
+Don't copy around the cracklib dictpath into a fixed-width buffer, when
+we can just point at the existing strings; and allow the means to
+specify a default dictionary when no dictionary is specified in
+pam.conf.
+
+Authors: Steve Langasek <vorlon@debian.org>
+
+Upstream status: committed to CVS
+
+Index: Linux-PAM/modules/pam_cracklib/pam_cracklib.c
+===================================================================
+--- Linux-PAM/modules/pam_cracklib/pam_cracklib.c.orig
++++ Linux-PAM/modules/pam_cracklib/pam_cracklib.c
+@@ -56,6 +56,10 @@
+ extern char *FascistCheck(char *pw, const char *dictpath);
+ #endif
+ 
++#ifndef CRACKLIB_DICTS
++#define CRACKLIB_DICTS NULL
++#endif
++
+ /* For Translators: "%s%s" could be replaced with "<service> " or "". */
+ #define PROMPT1 _("New %s%spassword: ")
+ /* For Translators: "%s%s" could be replaced with "<service> " or "". */
+@@ -94,7 +98,7 @@
+ 	int oth_credit;
+ 	int use_authtok;
+ 	char prompt_type[BUFSIZ];
+-        char cracklib_dictpath[PATH_MAX];
++        char *cracklib_dictpath;
+ };
+ 
+ #define CO_RETRY_TIMES  1
+@@ -159,14 +163,15 @@
+ 	 } else if (!strncmp(*argv,"use_authtok",11)) {
+ 		 opt->use_authtok = 1;
+ 	 } else if (!strncmp(*argv,"dictpath=",9)) {
+-	     strncpy(opt->cracklib_dictpath, *argv+9,
+-		     sizeof(opt->cracklib_dictpath) - 1);
++	     opt->cracklib_dictpath = *argv+9;
++	     if (!*(opt->cracklib_dictpath)) {
++		 opt->cracklib_dictpath = CRACKLIB_DICTS;
++	     }
+ 	 } else {
+ 	     pam_syslog(pamh,LOG_ERR,"pam_parse: unknown option; %s",*argv);
+ 	 }
+      }
+      opt->prompt_type[sizeof(opt->prompt_type) - 1] = '\0';
+-     opt->cracklib_dictpath[sizeof(opt->cracklib_dictpath) - 1] = '\0';
+ 
+      return ctrl;
+ }
+@@ -514,8 +519,7 @@
+     options.use_authtok = CO_USE_AUTHTOK;
+     memset(options.prompt_type, 0, BUFSIZ);
+     strcpy(options.prompt_type,"UNIX");
+-    memset(options.cracklib_dictpath, 0,
+-	   sizeof (options.cracklib_dictpath));
++    options.cracklib_dictpath = CRACKLIB_DICTS;
+ 
+     ctrl = _pam_parse(pamh, &options, argc, argv);
+ 
+@@ -609,7 +613,7 @@
+             const char *crack_msg;
+ 
+ 	    D(("against cracklib"));
+-            if ((crack_msg = FascistCheck(token1,options.cracklib_dictpath[0] == '\0'?NULL:options.cracklib_dictpath))) {
++            if ((crack_msg = FascistCheck(token1,options.cracklib_dictpath))) {
+                 if (ctrl & PAM_DEBUG_ARG)
+                     pam_syslog(pamh,LOG_DEBUG,"bad password: %s",crack_msg);
+                 pam_error(pamh, _("BAD PASSWORD: %s"), crack_msg);
+Index: Linux-PAM/configure.in
+===================================================================
+--- Linux-PAM/configure.in.orig
++++ Linux-PAM/configure.in
+@@ -312,7 +312,7 @@
+         AC_HELP_STRING([--disable-cracklib],[do not use cracklib]),
+         WITH_CRACKLIB=$enableval, WITH_CRACKLIB=yes)
+ if test x"$WITH_CRACKLIB" != xno ; then
+-        AC_CHECK_HEADER([crack.h],
++        AC_CHECK_HEADERS([crack.h],
+               AC_CHECK_LIB([crack], [FascistCheck], LIBCRACK="-lcrack", LIBCRACK=""))
+ else
+ 	LIBCRACK=""