diff options
Diffstat (limited to 'debian/patches-applied')
24 files changed, 0 insertions, 3545 deletions
diff --git a/debian/patches-applied/007_modules_pam_unix b/debian/patches-applied/007_modules_pam_unix deleted file mode 100644 index 218379c0..00000000 --- a/debian/patches-applied/007_modules_pam_unix +++ /dev/null @@ -1,524 +0,0 @@ -Index: pam/modules/pam_unix/pam_unix_passwd.c -=================================================================== ---- pam.orig/modules/pam_unix/pam_unix_passwd.c -+++ pam/modules/pam_unix/pam_unix_passwd.c -@@ -95,6 +95,9 @@ - # endif /* GNU libc 2.1 */ - #endif - -+extern const char *obscure_msg(const char *, const char *, const struct passwd *, -+ unsigned int); -+ - /* - How it works: - Gets in username (has to be done) from the calling program -@@ -593,6 +596,11 @@ - return retval; - } - } -+ if (!remark && pass_old != NULL) { /* only check if we don't already have a failure */ -+ struct passwd *pwd; -+ pwd = pam_modutil_getpwnam(pamh, user); -+ remark = (char *)obscure_msg(pass_old,pass_new,pwd,ctrl); /* do obscure checks */ -+ } - } - if (remark) { - _make_remark(pamh, ctrl, PAM_ERROR_MSG, remark); -@@ -608,7 +616,7 @@ - int retval; - int remember = -1; - int rounds = 0; -- int pass_min_len = 0; -+ int pass_min_len = 6; - - /* <DO NOT free() THESE> */ - const char *user; -Index: pam/modules/pam_unix/support.h -=================================================================== ---- pam.orig/modules/pam_unix/support.h -+++ pam/modules/pam_unix/support.h -@@ -101,50 +101,52 @@ - #define UNIX_GOST_YESCRYPT_PASS 31 /* new password hashes will use gost-yescrypt */ - #define UNIX_YESCRYPT_PASS 32 /* new password hashes will use yescrypt */ - #define UNIX_NULLRESETOK 33 /* allow empty password if password reset is enforced */ -+#define UNIX_OBSCURE_CHECKS 34 /* enable obscure checks on passwords */ - /* -------------- */ --#define UNIX_CTRLS_ 34 /* number of ctrl arguments defined */ -+#define UNIX_CTRLS_ 35 /* number of ctrl arguments defined */ - - #define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl)&&off(UNIX_GOST_YESCRYPT_PASS,ctrl)&&off(UNIX_YESCRYPT_PASS,ctrl)) - - static const UNIX_Ctrls unix_args[UNIX_CTRLS_] = - { --/* symbol token name ctrl mask ctrl * -- * --------------------------- -------------------- ------------------------- ---------------- */ -+/* symbol token name ctrl mask ctrl * -+ * --------------------------- -------------------- ------------------------- ------------ */ - --/* UNIX__OLD_PASSWD */ {NULL, _ALL_ON_, 01, 0}, --/* UNIX__VERIFY_PASSWD */ {NULL, _ALL_ON_, 02, 0}, --/* UNIX__IAMROOT */ {NULL, _ALL_ON_, 04, 0}, --/* UNIX_AUDIT */ {"audit", _ALL_ON_, 010, 0}, --/* UNIX_USE_FIRST_PASS */ {"use_first_pass", _ALL_ON_^(060ULL), 020, 0}, --/* UNIX_TRY_FIRST_PASS */ {"try_first_pass", _ALL_ON_^(060ULL), 040, 0}, --/* UNIX_AUTHTOK_TYPE */ {"authtok_type=", _ALL_ON_, 0100, 0}, --/* UNIX__PRELIM */ {NULL, _ALL_ON_^(0600ULL), 0200, 0}, --/* UNIX__UPDATE */ {NULL, _ALL_ON_^(0600ULL), 0400, 0}, --/* UNIX__NONULL */ {NULL, _ALL_ON_, 01000, 0}, --/* UNIX__QUIET */ {NULL, _ALL_ON_, 02000, 0}, --/* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 04000, 0}, --/* UNIX_SHADOW */ {"shadow", _ALL_ON_, 010000, 0}, --/* UNIX_MD5_PASS */ {"md5", _ALL_ON_^(015660420000ULL), 020000, 1}, --/* UNIX__NULLOK */ {"nullok", _ALL_ON_^(01000ULL), 0, 0}, --/* UNIX_DEBUG */ {"debug", _ALL_ON_, 040000, 0}, --/* UNIX_NODELAY */ {"nodelay", _ALL_ON_, 0100000, 0}, --/* UNIX_NIS */ {"nis", _ALL_ON_, 0200000, 0}, --/* UNIX_BIGCRYPT */ {"bigcrypt", _ALL_ON_^(015660420000ULL), 0400000, 1}, --/* UNIX_LIKE_AUTH */ {"likeauth", _ALL_ON_, 01000000, 0}, --/* UNIX_REMEMBER_PASSWD */ {"remember=", _ALL_ON_, 02000000, 0}, --/* UNIX_NOREAP */ {"noreap", _ALL_ON_, 04000000, 0}, --/* UNIX_BROKEN_SHADOW */ {"broken_shadow", _ALL_ON_, 010000000, 0}, --/* UNIX_SHA256_PASS */ {"sha256", _ALL_ON_^(015660420000ULL), 020000000, 1}, --/* UNIX_SHA512_PASS */ {"sha512", _ALL_ON_^(015660420000ULL), 040000000, 1}, --/* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0100000000, 0}, --/* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(015660420000ULL), 0200000000, 1}, --/* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0400000000, 0}, --/* UNIX_QUIET */ {"quiet", _ALL_ON_, 01000000000, 0}, --/* UNIX_NO_PASS_EXPIRY */ {"no_pass_expiry", _ALL_ON_, 02000000000, 0}, --/* UNIX_DES */ {"des", _ALL_ON_^(015660420000ULL), 0, 1}, --/* UNIX_GOST_YESCRYPT_PASS */ {"gost_yescrypt", _ALL_ON_^(015660420000ULL), 04000000000, 1}, --/* UNIX_YESCRYPT_PASS */ {"yescrypt", _ALL_ON_^(015660420000ULL), 010000000000, 1}, --/* UNIX_NULLRESETOK */ {"nullresetok", _ALL_ON_, 020000000000, 0}, -+/* UNIX__OLD_PASSWD */ {NULL, _ALL_ON_, 0x1, 0}, -+/* UNIX__VERIFY_PASSWD */ {NULL, _ALL_ON_, 0x2, 0}, -+/* UNIX__IAMROOT */ {NULL, _ALL_ON_, 0x4, 0}, -+/* UNIX_AUDIT */ {"audit", _ALL_ON_, 0x8, 0}, -+/* UNIX_USE_FIRST_PASS */ {"use_first_pass", _ALL_ON_^(0x30ULL), 0x10, 0}, -+/* UNIX_TRY_FIRST_PASS */ {"try_first_pass", _ALL_ON_^(0x30ULL), 0x20, 0}, -+/* UNIX_AUTHTOK_TYPE */ {"authtok_type=", _ALL_ON_, 0x40, 0}, -+/* UNIX__PRELIM */ {NULL, _ALL_ON_^(0x180ULL), 0x80, 0}, -+/* UNIX__UPDATE */ {NULL, _ALL_ON_^(0x180ULL), 0x100, 0}, -+/* UNIX__NONULL */ {NULL, _ALL_ON_, 0x200, 0}, -+/* UNIX__QUIET */ {NULL, _ALL_ON_, 0x400, 0}, -+/* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 0x800, 0}, -+/* UNIX_SHADOW */ {"shadow", _ALL_ON_, 0x1000, 0}, -+/* UNIX_MD5_PASS */ {"md5", _ALL_ON_^(0x6EC22000ULL), 0x2000, 1}, -+/* UNIX__NULLOK */ {"nullok", _ALL_ON_^(0x200ULL), 0, 0}, -+/* UNIX_DEBUG */ {"debug", _ALL_ON_, 0x4000, 0}, -+/* UNIX_NODELAY */ {"nodelay", _ALL_ON_, 0x8000, 0}, -+/* UNIX_NIS */ {"nis", _ALL_ON_, 0x10000, 0}, -+/* UNIX_BIGCRYPT */ {"bigcrypt", _ALL_ON_^(0x6EC22000ULL), 0x20000, 1}, -+/* UNIX_LIKE_AUTH */ {"likeauth", _ALL_ON_, 0x40000, 0}, -+/* UNIX_REMEMBER_PASSWD */ {"remember=", _ALL_ON_, 0x80000, 0}, -+/* UNIX_NOREAP */ {"noreap", _ALL_ON_, 0x100000, 0}, -+/* UNIX_BROKEN_SHADOW */ {"broken_shadow", _ALL_ON_, 0x200000, 0}, -+/* UNIX_SHA256_PASS */ {"sha256", _ALL_ON_^(0x6EC22000ULL), 0x400000, 1}, -+/* UNIX_SHA512_PASS */ {"sha512", _ALL_ON_^(0x6EC22000ULL), 0x800000, 1}, -+/* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0x1000000, 0}, -+/* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0x6EC22000ULL), 0x2000000, 1}, -+/* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0x4000000, 0}, -+/* UNIX_QUIET */ {"quiet", _ALL_ON_, 0x8000000, 0}, -+/* UNIX_NO_PASS_EXPIRY */ {"no_pass_expiry", _ALL_ON_, 0x10000000, 0}, -+/* UNIX_DES */ {"des", _ALL_ON_^(0x6EC22000ULL), 0, 1}, -+/* UNIX_GOST_YESCRYPT_PASS */ {"gost_yescrypt", _ALL_ON_^(0x6EC22000ULL), 0x20000000, 1}, -+/* UNIX_YESCRYPT_PASS */ {"yescrypt", _ALL_ON_^(0x6EC22000ULL), 0x40000000, 1}, -+/* UNIX_NULLRESETOK */ {"nullresetok", _ALL_ON_, 0x80000000, 0}, -+/* UNIX_OBSCURE_CHECKS */ {"obscure", _ALL_ON_, 0x100000000, 0}, - }; - - #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) -Index: pam/modules/pam_unix/pam_unix.8.xml -=================================================================== ---- pam.orig/modules/pam_unix/pam_unix.8.xml -+++ pam/modules/pam_unix/pam_unix.8.xml -@@ -400,8 +400,81 @@ - <listitem> - <para> - Set a minimum password length of <replaceable>n</replaceable> -- characters. The max. for DES crypt based passwords are 8 -- characters. -+ characters. The default value is 6. The maximum for DES -+ crypt-based passwords is 8 characters. -+ </para> -+ </listitem> -+ </varlistentry> -+ <varlistentry> -+ <term> -+ <option>obscure</option> -+ </term> -+ <listitem> -+ <para> -+ Enable some extra checks on password strength. These checks -+ are based on the "obscure" checks in the original shadow -+ package. The behavior is similar to the pam_cracklib -+ module, but for non-dictionary-based checks. The following -+ checks are implemented: -+ <variablelist> -+ <varlistentry> -+ <term> -+ <option>Palindrome</option> -+ </term> -+ <listitem> -+ <para> -+ Verifies that the new password is not a palindrome -+ of (i.e., the reverse of) the previous one. -+ </para> -+ </listitem> -+ </varlistentry> -+ <varlistentry> -+ <term> -+ <option>Case Change Only</option> -+ </term> -+ <listitem> -+ <para> -+ Verifies that the new password isn't the same as the -+ old one with a change of case. -+ </para> -+ </listitem> -+ </varlistentry> -+ <varlistentry> -+ <term> -+ <option>Similar</option> -+ </term> -+ <listitem> -+ <para> -+ Verifies that the new password isn't too much like -+ the previous one. -+ </para> -+ </listitem> -+ </varlistentry> -+ <varlistentry> -+ <term> -+ <option>Simple</option> -+ </term> -+ <listitem> -+ <para> -+ Is the new password too simple? This is based on -+ the length of the password and the number of -+ different types of characters (alpha, numeric, etc.) -+ used. -+ </para> -+ </listitem> -+ </varlistentry> -+ <varlistentry> -+ <term> -+ <option>Rotated</option> -+ </term> -+ <listitem> -+ <para> -+ Is the new password a rotated version of the old -+ password? (E.g., "billy" and "illyb") -+ </para> -+ </listitem> -+ </varlistentry> -+ </variablelist> - </para> - </listitem> - </varlistentry> -Index: pam/modules/pam_unix/obscure.c -=================================================================== ---- /dev/null -+++ pam/modules/pam_unix/obscure.c -@@ -0,0 +1,198 @@ -+/* -+ * Copyright 1989 - 1994, Julianne Frances Haugh -+ * All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. Neither the name of Julianne F. Haugh nor the names of its contributors -+ * may be used to endorse or promote products derived from this software -+ * without specific prior written permission. -+ * -+ * THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ */ -+ -+#include "config.h" -+ -+#include <ctype.h> -+#include <stdio.h> -+#include <unistd.h> -+#include <string.h> -+#include <stdlib.h> -+#include <pwd.h> -+#include <security/pam_modules.h> -+#include <security/_pam_macros.h> -+ -+ -+#include "support.h" -+ -+/* can't be a palindrome - like `R A D A R' or `M A D A M' */ -+static int palindrome(const char *old, const char *new) { -+ int i, j; -+ -+ i = strlen (new); -+ -+ for (j = 0;j < i;j++) -+ if (new[i - j - 1] != new[j]) -+ return 0; -+ -+ return 1; -+} -+ -+/* more than half of the characters are different ones. */ -+static int similar(const char *old, const char *new) { -+ int i, j; -+ -+ /* -+ * XXX - sometimes this fails when changing from a simple password -+ * to a really long one (MD5). For now, I just return success if -+ * the new password is long enough. Please feel free to suggest -+ * something better... --marekm -+ */ -+ if (strlen(new) >= 8) -+ return 0; -+ -+ for (i = j = 0; new[i] && old[i]; i++) -+ if (strchr(new, old[i])) -+ j++; -+ -+ if (i >= j * 2) -+ return 0; -+ -+ return 1; -+} -+ -+/* a nice mix of characters. */ -+static int simple(const char *old, const char *new) { -+ int digits = 0; -+ int uppers = 0; -+ int lowers = 0; -+ int others = 0; -+ int size; -+ int i; -+ -+ for (i = 0;new[i];i++) { -+ if (isdigit (new[i])) -+ digits++; -+ else if (isupper (new[i])) -+ uppers++; -+ else if (islower (new[i])) -+ lowers++; -+ else -+ others++; -+ } -+ -+ /* -+ * The scam is this - a password of only one character type -+ * must be 8 letters long. Two types, 7, and so on. -+ */ -+ -+ size = 9; -+ if (digits) size--; -+ if (uppers) size--; -+ if (lowers) size--; -+ if (others) size--; -+ -+ if (size <= i) -+ return 0; -+ -+ return 1; -+} -+ -+static char *str_lower(char *string) { -+ char *cp; -+ -+ for (cp = string; *cp; cp++) -+ *cp = tolower(*cp); -+ return string; -+} -+ -+static const char * password_check(const char *old, const char *new, -+ const struct passwd *pwdp) { -+ const char *msg = NULL; -+ char *oldmono, *newmono, *wrapped; -+ -+ if (strcmp(new, old) == 0) -+ return _("Bad: new password must be different than the old one"); -+ -+ newmono = str_lower(strdup(new)); -+ oldmono = str_lower(strdup(old)); -+ wrapped = (char *)malloc(strlen(oldmono) * 2 + 1); -+ strcpy (wrapped, oldmono); -+ strcat (wrapped, oldmono); -+ -+ if (palindrome(oldmono, newmono)) { -+ msg = _("Bad: new password cannot be a palindrome"); -+ } else if (strcmp(oldmono, newmono) == 0) { -+ msg = _("Bad: new and old password must differ by more than just case"); -+ } else if (similar(oldmono, newmono)) { -+ msg = _("Bad: new and old password are too similar"); -+ } else if (simple(old, new)) { -+ msg = _("Bad: new password is too simple"); -+ } else if (strstr(wrapped, newmono)) { -+ msg = _("Bad: new password is just a wrapped version of the old one"); -+ } -+ -+ _pam_delete(newmono); -+ _pam_delete(oldmono); -+ _pam_delete(wrapped); -+ -+ return msg; -+} -+ -+const char *obscure_msg(const char *old, const char *new, -+ const struct passwd *pwdp, unsigned int ctrl) { -+ int oldlen, newlen; -+ char *new1, *old1; -+ const char *msg; -+ -+ if (old == NULL) -+ return NULL; /* no check if old is NULL */ -+ -+ oldlen = strlen(old); -+ newlen = strlen(new); -+ -+ /* Remaining checks are optional. */ -+ if (off(UNIX_OBSCURE_CHECKS,ctrl)) -+ return NULL; -+ -+ if ((msg = password_check(old, new, pwdp)) != NULL) -+ return msg; -+ -+ /* The traditional crypt() truncates passwords to 8 chars. It is -+ possible to circumvent the above checks by choosing an easy -+ 8-char password and adding some random characters to it... -+ Example: "password$%^&*123". So check it again, this time -+ truncated to the maximum length. Idea from npasswd. --marekm */ -+ -+ if (!UNIX_DES_CRYPT(ctrl)) -+ return NULL; /* unlimited password length */ -+ -+ if (oldlen <= 8 && newlen <= 8) -+ return NULL; -+ -+ new1 = strndup(new,8); -+ old1 = strndup(old,8); -+ -+ msg = password_check(old1, new1, pwdp); -+ -+ _pam_delete(new1); -+ _pam_delete(old1); -+ -+ return msg; -+} -Index: pam/modules/pam_unix/Makefile.am -=================================================================== ---- pam.orig/modules/pam_unix/Makefile.am -+++ pam/modules/pam_unix/Makefile.am -@@ -39,7 +39,7 @@ - - pam_unix_la_SOURCES = bigcrypt.c pam_unix_acct.c \ - pam_unix_auth.c pam_unix_passwd.c pam_unix_sess.c support.c \ -- passverify.c yppasswd_xdr.c md5_good.c md5_broken.c -+ passverify.c yppasswd_xdr.c md5_good.c md5_broken.c obscure.c - - bigcrypt_SOURCES = bigcrypt.c bigcrypt_main.c - bigcrypt_CFLAGS = $(AM_CFLAGS) -Index: pam/modules/pam_unix/pam_unix.8 -=================================================================== ---- pam.orig/modules/pam_unix/pam_unix.8 -+++ pam/modules/pam_unix/pam_unix.8 -@@ -216,7 +216,38 @@ - .RS 4 - Set a minimum password length of - \fIn\fR --characters\&. The max\&. for DES crypt based passwords are 8 characters\&. -+characters\&. The default value is 6\&. The maximum for DES crypt\-based passwords is 8 characters\&. -+.RE -+.PP -+\fBobscure\fR -+.RS 4 -+Enable some extra checks on password strength\&. These checks are based on the "obscure" checks in the original shadow package\&. The behavior is similar to the pam_cracklib module, but for non\-dictionary\-based checks\&. The following checks are implemented: -+.PP -+\fBPalindrome\fR -+.RS 4 -+Verifies that the new password is not a palindrome of (i\&.e\&., the reverse of) the previous one\&. -+.RE -+.PP -+\fBCase Change Only\fR -+.RS 4 -+Verifies that the new password isn\*(Aqt the same as the old one with a change of case\&. -+.RE -+.PP -+\fBSimilar\fR -+.RS 4 -+Verifies that the new password isn\*(Aqt too much like the previous one\&. -+.RE -+.PP -+\fBSimple\fR -+.RS 4 -+Is the new password too simple? This is based on the length of the password and the number of different types of characters (alpha, numeric, etc\&.) used\&. -+.RE -+.PP -+\fBRotated\fR -+.RS 4 -+Is the new password a rotated version of the old password? (E\&.g\&., "billy" and "illyb") -+.RE -+.sp - .RE - .PP - \fBno_pass_expiry\fR -Index: pam/modules/pam_unix/README -=================================================================== ---- pam.orig/modules/pam_unix/README -+++ pam/modules/pam_unix/README -@@ -171,8 +171,40 @@ - - minlen=n - -- Set a minimum password length of n characters. The max. for DES crypt based -- passwords are 8 characters. -+ Set a minimum password length of n characters. The default value is 6. The -+ maximum for DES crypt-based passwords is 8 characters. -+ -+obscure -+ -+ Enable some extra checks on password strength. These checks are based on -+ the "obscure" checks in the original shadow package. The behavior is -+ similar to the pam_cracklib module, but for non-dictionary-based checks. -+ The following checks are implemented: -+ -+ Palindrome -+ -+ Verifies that the new password is not a palindrome of (i.e., the -+ reverse of) the previous one. -+ -+ Case Change Only -+ -+ Verifies that the new password isn't the same as the old one with a -+ change of case. -+ -+ Similar -+ -+ Verifies that the new password isn't too much like the previous one. -+ -+ Simple -+ -+ Is the new password too simple? This is based on the length of the -+ password and the number of different types of characters (alpha, -+ numeric, etc.) used. -+ -+ Rotated -+ -+ Is the new password a rotated version of the old password? (E.g., -+ "billy" and "illyb") - - no_pass_expiry - diff --git a/debian/patches-applied/008_modules_pam_limits_chroot b/debian/patches-applied/008_modules_pam_limits_chroot deleted file mode 100644 index 7a86fdd5..00000000 --- a/debian/patches-applied/008_modules_pam_limits_chroot +++ /dev/null @@ -1,132 +0,0 @@ -Index: pam/modules/pam_limits/pam_limits.c -=================================================================== ---- pam.orig/modules/pam_limits/pam_limits.c -+++ pam/modules/pam_limits/pam_limits.c -@@ -90,6 +90,7 @@ - specific user or to count all logins */ - int priority; /* the priority to run user process with */ - int nonewprivs; /* whether to prctl(PR_SET_NO_NEW_PRIVS) */ -+ char chroot_dir[8092]; /* directory to chroot into */ - struct user_limits_struct limits[RLIM_NLIMITS]; - const char *conf_file; - int utmp_after_pam_call; -@@ -101,6 +102,7 @@ - - #define LIMIT_PRI RLIM_NLIMITS+3 - #define LIMIT_NONEWPRIVS RLIM_NLIMITS+4 -+#define LIMIT_CHROOT RLIM_NLIMITS+5 - - #define LIMIT_SOFT 1 - #define LIMIT_HARD 2 -@@ -484,6 +486,8 @@ - pl->login_limit = -2; - pl->login_limit_def = LIMITS_DEF_NONE; - -+ pl->chroot_dir[0] = '\0'; -+ - return retval; - } - -@@ -591,6 +595,8 @@ - limit_item = LIMIT_PRI; - } else if (strcmp(lim_item, "nonewprivs") == 0) { - limit_item = LIMIT_NONEWPRIVS; -+ } else if (strcmp(lim_item, "chroot") == 0) { -+ limit_item = LIMIT_CHROOT; - } else { - pam_syslog(pamh, LOG_DEBUG, "unknown limit item '%s'", lim_item); - return; -@@ -640,9 +646,9 @@ - pam_syslog(pamh, LOG_DEBUG, - "wrong limit value '%s' for limit type '%s'", - lim_value, lim_type); -- return; -+ return; - } -- } else { -+ } else if (limit_item != LIMIT_CHROOT) { - #ifdef __USE_FILE_OFFSET64 - rlimit_value = strtoull (lim_value, &endptr, 10); - #else -@@ -717,7 +723,11 @@ - break; - } - -- if ( (limit_item != LIMIT_LOGIN) -+ if (limit_item == LIMIT_CHROOT) { -+ strncpy(pl->chroot_dir, value_orig, sizeof(pl->chroot_dir)-1); -+ pl->chroot_dir[sizeof(pl->chroot_dir)-1]='\0'; -+ } -+ else if ( (limit_item != LIMIT_LOGIN) - && (limit_item != LIMIT_NUMSYSLOGINS) - && (limit_item != LIMIT_PRI) - && (limit_item != LIMIT_NONEWPRIVS) ) { -@@ -1071,6 +1081,15 @@ - } - } - -+ if (!retval && pl->chroot_dir[0]) { -+ i = chdir(pl->chroot_dir); -+ if (i == 0) -+ i = chroot(pl->chroot_dir); -+ if (i == 0) -+ i = chdir("/"); -+ if (i != 0) -+ retval = LIMIT_ERR; -+ } - return retval; - } - -Index: pam/modules/pam_limits/limits.conf.5.xml -=================================================================== ---- pam.orig/modules/pam_limits/limits.conf.5.xml -+++ pam/modules/pam_limits/limits.conf.5.xml -@@ -273,6 +273,12 @@ - (Linux 2.6.12 and higher)</para> - </listitem> - </varlistentry> -+ <varlistentry> -+ <term><option>chroot</option></term> -+ <listitem> -+ <para>the directory to chroot the user to</para> -+ </listitem> -+ </varlistentry> - </variablelist> - </listitem> - </varlistentry> -Index: pam/modules/pam_limits/limits.conf.5 -=================================================================== ---- pam.orig/modules/pam_limits/limits.conf.5 -+++ pam/modules/pam_limits/limits.conf.5 -@@ -279,6 +279,11 @@ - .RS 4 - maximum realtime priority allowed for non\-privileged processes (Linux 2\&.6\&.12 and higher) - .RE -+.PP -+\fBchroot\fR -+.RS 4 -+the directory to chroot the user to -+.RE - .RE - .PP - All items support the values -Index: pam/modules/pam_limits/limits.conf -=================================================================== ---- pam.orig/modules/pam_limits/limits.conf -+++ pam/modules/pam_limits/limits.conf -@@ -46,6 +46,7 @@ - # - msgqueue - max memory used by POSIX message queues (bytes) - # - nice - max nice priority allowed to raise to values: [-20, 19] - # - rtprio - max realtime priority -+# - chroot - change root to directory (Debian-specific) - # - #<domain> <type> <item> <value> - # -@@ -56,6 +57,7 @@ - #@faculty soft nproc 20 - #@faculty hard nproc 50 - #ftp hard nproc 0 -+#ftp - chroot /ftp - #@student - maxlogins 4 - - # End of file diff --git a/debian/patches-applied/021_nis_cleanup b/debian/patches-applied/021_nis_cleanup deleted file mode 100644 index f05c7103..00000000 --- a/debian/patches-applied/021_nis_cleanup +++ /dev/null @@ -1,24 +0,0 @@ -Patch from Philippe Troin <phil@fifi.org> - -Originally this included a bunch of changes to locking, but the more -recent code pulled from Linux_pam CVS seems to fix that issue. - -Index: pam/modules/pam_unix/pam_unix_passwd.c -=================================================================== ---- pam.orig/modules/pam_unix/pam_unix_passwd.c -+++ pam/modules/pam_unix/pam_unix_passwd.c -@@ -708,9 +708,12 @@ - "password - (old) token not obtained"); - return retval; - } -- /* verify that this is the password for this user */ -+ /* verify that this is the password for this user -+ * if we're not using NIS */ - -- retval = _unix_verify_password(pamh, user, pass_old, ctrl); -+ if (off(UNIX_NIS, ctrl)) { -+ retval = _unix_verify_password(pamh, user, pass_old, ctrl); -+ } - } else { - D(("process run by root so do nothing this time around")); - pass_old = NULL; diff --git a/debian/patches-applied/022_pam_unix_group_time_miscfixes b/debian/patches-applied/022_pam_unix_group_time_miscfixes deleted file mode 100644 index 8239fd98..00000000 --- a/debian/patches-applied/022_pam_unix_group_time_miscfixes +++ /dev/null @@ -1,22 +0,0 @@ -Description: handle the case of flags being empty or only PAM_SILENT, which is - documented in other PAM implementations as meaning PAM_ESTABLISH_CRED: - http://publib.boulder.ibm.com/infocenter/aix/v6r1/index.jsp?topic=%2Fcom.ibm.aix.basetechref%2Fdoc%2Fbasetrf1%2Fpam_setcred.htm - -Index: pam/modules/pam_group/pam_group.c -=================================================================== ---- pam.orig/modules/pam_group/pam_group.c -+++ pam/modules/pam_group/pam_group.c -@@ -754,9 +754,12 @@ - unsigned setting; - - /* only interested in establishing credentials */ -+ /* PAM docs say that an empty flag is to be treated as PAM_ESTABLISH_CRED. -+ Some people just pass PAM_SILENT, so cope with it, too. */ - - setting = flags; -- if (!(setting & (PAM_ESTABLISH_CRED | PAM_REINITIALIZE_CRED))) { -+ if (!(setting & (PAM_ESTABLISH_CRED | PAM_REINITIALIZE_CRED)) -+ && (setting != 0) && (setting != PAM_SILENT)) { - D(("ignoring call - not for establishing credentials")); - return PAM_SUCCESS; /* don't fail because of this */ - } diff --git a/debian/patches-applied/026_pam_unix_passwd_unknown_user b/debian/patches-applied/026_pam_unix_passwd_unknown_user deleted file mode 100644 index d277fee9..00000000 --- a/debian/patches-applied/026_pam_unix_passwd_unknown_user +++ /dev/null @@ -1,33 +0,0 @@ -Description: distinguish between password manipulation failure and missing user. -Author: Martin Schwenke <martin@meltin.net> - -Index: pam/modules/pam_unix/passverify.c -=================================================================== ---- pam.orig/modules/pam_unix/passverify.c -+++ pam/modules/pam_unix/passverify.c -@@ -801,7 +801,7 @@ - struct passwd *tmpent = NULL; - struct stat st; - FILE *pwfile, *opwfile; -- int err = 1; -+ int err = 1, found = 0; - int oldmask; - #ifdef WITH_SELINUX - char *prev_context_raw = NULL; -@@ -872,6 +872,7 @@ - - tmpent->pw_passwd = assigned_passwd.charp; - err = 0; -+ found = 1; - } - if (putpwent(tmpent, pwfile)) { - D(("error writing entry to password file: %m")); -@@ -914,7 +915,7 @@ - return PAM_SUCCESS; - } else { - unlink(PW_TMPFILE); -- return PAM_AUTHTOK_ERR; -+ return found ? PAM_AUTHTOK_ERR : PAM_USER_UNKNOWN; - } - } - diff --git a/debian/patches-applied/027_pam_limits_better_init_allow_explicit_root b/debian/patches-applied/027_pam_limits_better_init_allow_explicit_root deleted file mode 100644 index c4603f5a..00000000 --- a/debian/patches-applied/027_pam_limits_better_init_allow_explicit_root +++ /dev/null @@ -1,253 +0,0 @@ -Description: Allow explicit limits for root and reset limits on each session - When crossing session boundaries (such as when su'ing from one user to - another), if the target account has no limit specified in limits.conf we - want to use the default, not the current value configured for the - source account. - . - If /proc/1/limits is unavailable, fall back to a set of hard-coded values - that shadow the currently known defaults on Linux. - . - Also, don't apply wildcard limits to the root account; only apply limits to - root that reference root by name. -Author: Peter Paluch <peterp@frcatel.fri.utc.sk>, - Ben Collins <bcollins@debian.org>, - Steve Langasek <vorlon@debian.org>, -Bug-Debian: http://bugs.debian.org/63230 -Index: pam/modules/pam_limits/pam_limits.c -=================================================================== ---- pam.orig/modules/pam_limits/pam_limits.c -+++ pam/modules/pam_limits/pam_limits.c -@@ -47,6 +47,14 @@ - #include <libaudit.h> - #endif - -+#ifndef MLOCK_LIMIT -+#ifdef __FreeBSD_kernel__ -+#define MLOCK_LIMIT RLIM_INFINITY -+#else -+#define MLOCK_LIMIT (64*1024) -+#endif -+#endif -+ - /* Module defines */ - #define LINE_LENGTH 1024 - -@@ -84,6 +92,7 @@ - - /* internal data */ - struct pam_limit_s { -+ int root; /* running as root? */ - int login_limit; /* the max logins limit */ - int login_limit_def; /* which entry set the login limit */ - int flag_numsyslogins; /* whether to limit logins only for a -@@ -447,9 +456,18 @@ - { - int i; - int retval = PAM_SUCCESS; -+ static int mlock_limit = 0; - - D(("called.")); - -+ pl->root = 0; -+ -+ if (mlock_limit == 0) { -+ mlock_limit = sysconf(_SC_PAGESIZE); -+ if (mlock_limit < MLOCK_LIMIT) -+ mlock_limit = MLOCK_LIMIT; -+ } -+ - for(i = 0; i < RLIM_NLIMITS; i++) { - int r = getrlimit(i, &pl->limits[i].limit); - if (r == -1) { -@@ -465,18 +483,68 @@ - } - - #ifdef __linux__ -- if (ctrl & PAM_SET_ALL) { -- parse_kernel_limits(pamh, pl, ctrl); -+ parse_kernel_limits(pamh, pl, ctrl); -+#endif - -- for(i = 0; i < RLIM_NLIMITS; i++) { -+ for(i = 0; i < RLIM_NLIMITS; i++) { - if (pl->limits[i].supported && - (pl->limits[i].src_soft == LIMITS_DEF_NONE || - pl->limits[i].src_hard == LIMITS_DEF_NONE)) { -- pam_syslog(pamh, LOG_WARNING, "Did not find kernel RLIMIT for %s, using PAM default", rlimit2str(i)); -+#ifdef __linux__ -+ pam_syslog(pamh, LOG_WARNING, "Did not find kernel RLIMIT for %s, using PAM default", rlimit2str(i)); -+#endif -+ pl->limits[i].src_soft = LIMITS_DEF_DEFAULT; -+ pl->limits[i].src_hard = LIMITS_DEF_DEFAULT; -+ switch(i) { -+ case RLIMIT_CPU: -+ case RLIMIT_FSIZE: -+ case RLIMIT_DATA: -+ case RLIMIT_RSS: -+ case RLIMIT_NPROC: -+#ifdef RLIMIT_AS -+ case RLIMIT_AS: -+#endif -+#ifdef RLIMIT_LOCKS -+ case RLIMIT_LOCKS: -+#endif -+ pl->limits[i].limit.rlim_cur = RLIM_INFINITY; -+ pl->limits[i].limit.rlim_max = RLIM_INFINITY; -+ break; -+ case RLIMIT_MEMLOCK: -+ pl->limits[i].limit.rlim_cur = mlock_limit; -+ pl->limits[i].limit.rlim_max = mlock_limit; -+ break; -+#ifdef RLIMIT_SIGPENDING -+ case RLIMIT_SIGPENDING: -+ pl->limits[i].limit.rlim_cur = 16382; -+ pl->limits[i].limit.rlim_max = 16382; -+ break; -+#endif -+#ifdef RLIMIT_MSGQUEUE -+ case RLIMIT_MSGQUEUE: -+ pl->limits[i].limit.rlim_cur = 819200; -+ pl->limits[i].limit.rlim_max = 819200; -+ break; -+#endif -+ case RLIMIT_CORE: -+ pl->limits[i].limit.rlim_cur = 0; -+ pl->limits[i].limit.rlim_max = RLIM_INFINITY; -+ break; -+ case RLIMIT_STACK: -+ pl->limits[i].limit.rlim_cur = 8192*1024; -+ pl->limits[i].limit.rlim_max = RLIM_INFINITY; -+ break; -+ case RLIMIT_NOFILE: -+ pl->limits[i].limit.rlim_cur = 1024; -+ pl->limits[i].limit.rlim_max = 1024; -+ break; -+ default: -+ pl->limits[i].src_soft = LIMITS_DEF_NONE; -+ pl->limits[i].src_hard = LIMITS_DEF_NONE; -+ break; -+ } - } -- } - } --#endif - - errno = 0; - pl->priority = getpriority (PRIO_PROCESS, 0); -@@ -881,7 +949,7 @@ - - if (strcmp(uname, domain) == 0) /* this user have a limit */ - process_limit(pamh, LIMITS_DEF_USER, ltype, item, value, ctrl, pl); -- else if (domain[0]=='@') { -+ else if (domain[0]=='@' && !pl->root) { - if (ctrl & PAM_DEBUG_ARG) { - pam_syslog(pamh, LOG_DEBUG, - "checking if %s is in group %s", -@@ -907,7 +975,7 @@ - process_limit(pamh, LIMITS_DEF_GROUP, ltype, item, value, ctrl, - pl); - } -- } else if (domain[0]=='%') { -+ } else if (domain[0]=='%' && !pl->root) { - if (ctrl & PAM_DEBUG_ARG) { - pam_syslog(pamh, LOG_DEBUG, - "checking if %s is in group %s", -@@ -941,7 +1009,7 @@ - } else { - switch(rngtype) { - case LIMIT_RANGE_NONE: -- if (strcmp(domain, "*") == 0) -+ if (strcmp(domain, "*") == 0 && !pl->root) - process_limit(pamh, LIMITS_DEF_DEFAULT, ltype, item, value, ctrl, - pl); - break; -@@ -1134,6 +1202,8 @@ - return PAM_ABORT; - } - -+ if (pwd->pw_uid == 0) -+ pl->root = 1; - retval = parse_config_file(pamh, pwd->pw_name, pwd->pw_uid, pwd->pw_gid, ctrl, pl); - if (retval == PAM_IGNORE) { - D(("the configuration file ('%s') has an applicable '<domain> -' entry", CONF_FILE)); -Index: pam/modules/pam_limits/limits.conf -=================================================================== ---- pam.orig/modules/pam_limits/limits.conf -+++ pam/modules/pam_limits/limits.conf -@@ -22,6 +22,9 @@ - # - the wildcard *, for default entry - # - the wildcard %, can be also used with %group syntax, - # for maxlogin limit -+# - NOTE: group and wildcard limits are not applied to root. -+# To apply a limit to the root user, <domain> must be -+# the literal username root. - # - #<type> can have the two values: - # - "soft" for enforcing the soft limits -@@ -52,6 +55,7 @@ - # - - #* soft core 0 -+#root hard core 100000 - #* hard rss 10000 - #@student hard nproc 20 - #@faculty soft nproc 20 -Index: pam/modules/pam_limits/limits.conf.5.xml -=================================================================== ---- pam.orig/modules/pam_limits/limits.conf.5.xml -+++ pam/modules/pam_limits/limits.conf.5.xml -@@ -96,6 +96,11 @@ - </para> - </listitem> - </itemizedlist> -+ <para> -+ <emphasis remap='B'>NOTE:</emphasis> group and wildcard limits are not -+ applied to the root user. To set a limit for the root user, this field -+ must contain the literal username <emphasis remap='B'>root</emphasis>. -+ </para> - </listitem> - </varlistentry> - -@@ -333,6 +338,7 @@ - </para> - <programlisting> - * soft core 0 -+root hard core 100000 - * hard nofile 512 - @student hard nproc 20 - @faculty soft nproc 20 -Index: pam/modules/pam_limits/limits.conf.5 -=================================================================== ---- pam.orig/modules/pam_limits/limits.conf.5 -+++ pam/modules/pam_limits/limits.conf.5 -@@ -145,6 +145,10 @@ - \fB%:\fR\fI<gid>\fR - applicable to maxlogins limit only\&. It limits the total number of logins of all users that are member of the group with the specified gid\&. - .RE -+.sp -+\fBNOTE:\fR -+group and wildcard limits are not applied to the root user\&. To set a limit for the root user, this field must contain the literal username -+\fBroot\fR\&. - .RE - .PP - \fB<type>\fR -@@ -327,6 +331,7 @@ - .\} - .nf - * soft core 0 -+root hard core 100000 - * hard nofile 512 - @student hard nproc 20 - @faculty soft nproc 20 -Index: pam/modules/pam_limits/README -=================================================================== ---- pam.orig/modules/pam_limits/README -+++ pam/modules/pam_limits/README -@@ -56,6 +56,7 @@ - limits.conf. - - * soft core 0 -+root hard core 100000 - * hard nofile 512 - @student hard nproc 20 - @faculty soft nproc 20 diff --git a/debian/patches-applied/031_pam_include b/debian/patches-applied/031_pam_include deleted file mode 100644 index 16cf6d31..00000000 --- a/debian/patches-applied/031_pam_include +++ /dev/null @@ -1,72 +0,0 @@ -Patch to implement an @include directive for use in pam.d config files. - -Authors: Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de> - -Upstream status: not yet submitted - -Index: pam/libpam/pam_handlers.c -=================================================================== ---- pam.orig/libpam/pam_handlers.c -+++ pam/libpam/pam_handlers.c -@@ -123,6 +123,10 @@ - module_type = PAM_T_ACCT; - } else if (!strcasecmp("password", tok)) { - module_type = PAM_T_PASS; -+ } else if (!strcasecmp("@include", tok)) { -+ pam_include = 1; -+ module_type = requested_module_type; -+ goto parsing_done; - } else { - /* Illegal module type */ - D(("_pam_init_handlers: bad module type: %s", tok)); -@@ -193,8 +197,10 @@ - _pam_set_default_control(actions, _PAM_ACTION_BAD); - } - -+parsing_done: - tok = _pam_StrTok(NULL, " \n\t", &nexttok); - if (pam_include) { -+ struct stat include_dir; - if (substack) { - res = _pam_add_handler(pamh, PAM_HT_SUBSTACK, other, - stack_level, module_type, actions, tok, -@@ -205,13 +211,35 @@ - return PAM_ABORT; - } - } -- if (_pam_load_conf_file(pamh, tok, this_service, module_type, -- stack_level + substack -+ if (tok[0] == '/') { -+ if (_pam_load_conf_file(pamh, tok, this_service, -+ module_type, stack_level + substack -+#ifdef PAM_READ_BOTH_CONFS -+ , !other -+#endif /* PAM_READ_BOTH_CONFS */ -+ ) == PAM_SUCCESS) -+ continue; -+ } -+ else if (!stat(PAM_CONFIG_D, &include_dir) -+ && S_ISDIR(include_dir.st_mode)) -+ { -+ char *include_file; -+ if (asprintf (&include_file, PAM_CONFIG_DF, tok) < 0) { -+ pam_syslog(pamh, LOG_CRIT, "asprintf failed"); -+ return PAM_ABORT; -+ } -+ if (_pam_load_conf_file(pamh, include_file, this_service, -+ module_type, stack_level + substack - #ifdef PAM_READ_BOTH_CONFS - , !other - #endif /* PAM_READ_BOTH_CONFS */ -- ) == PAM_SUCCESS) -- continue; -+ ) == PAM_SUCCESS) -+ { -+ free(include_file); -+ continue; -+ } -+ free(include_file); -+ } - _pam_set_default_control(actions, _PAM_ACTION_BAD); - mod_path = NULL; - handler_type = PAM_HT_MUST_FAIL; diff --git a/debian/patches-applied/032_pam_limits_EPERM_NOT_FATAL b/debian/patches-applied/032_pam_limits_EPERM_NOT_FATAL deleted file mode 100644 index ec97b441..00000000 --- a/debian/patches-applied/032_pam_limits_EPERM_NOT_FATAL +++ /dev/null @@ -1,22 +0,0 @@ -setrlimit will sometimes return EPERM for example if you try to increase the -number of open files too much. This is not something we want to consider -fatal. This also happens if you use non-root and try to decrease a limit. -Running PAM as non-root is not so great. - -Authors: ? - -Upstream status: submitted in <20070830171918.GB30563@dario.dodds.net> - -Index: pam/modules/pam_limits/pam_limits.c -=================================================================== ---- pam.orig/modules/pam_limits/pam_limits.c -+++ pam/modules/pam_limits/pam_limits.c -@@ -1111,6 +1111,8 @@ - if (res != 0) - pam_syslog(pamh, LOG_ERR, "Could not set limit for '%s': %m", - rlimit2str(i)); -+ if (res == -1 && errno == EPERM) -+ continue; - status |= res; - } - diff --git a/debian/patches-applied/036_pam_wheel_getlogin_considered_harmful b/debian/patches-applied/036_pam_wheel_getlogin_considered_harmful deleted file mode 100644 index 805c62f4..00000000 --- a/debian/patches-applied/036_pam_wheel_getlogin_considered_harmful +++ /dev/null @@ -1,157 +0,0 @@ -Patch for Debian bug #163787 et al - -Always use the process uid, not getlogin(), to identify an applicant in -pam_wheel; utmp may be wrong or may have no entry at all in the case of -an xterm - -Authors: Ben Collins <bcollins@debian.org> - -Upstream status: submitted in <20070901175405.GA26092@dario.dodds.net> - -Index: pam/modules/pam_wheel/pam_wheel.c -=================================================================== ---- pam.orig/modules/pam_wheel/pam_wheel.c -+++ pam/modules/pam_wheel/pam_wheel.c -@@ -47,9 +47,8 @@ - /* argument parsing */ - - #define PAM_DEBUG_ARG 0x0001 --#define PAM_USE_UID_ARG 0x0002 --#define PAM_TRUST_ARG 0x0004 --#define PAM_DENY_ARG 0x0010 -+#define PAM_TRUST_ARG 0x0002 -+#define PAM_DENY_ARG 0x0004 - #define PAM_ROOT_ONLY_ARG 0x0020 - - static int -@@ -68,8 +67,7 @@ - - if (!strcmp(*argv,"debug")) - ctrl |= PAM_DEBUG_ARG; -- else if (!strcmp(*argv,"use_uid")) -- ctrl |= PAM_USE_UID_ARG; -+ else if (!strcmp(*argv,"use_uid")); /* ignored for compat. */ - else if (!strcmp(*argv,"trust")) - ctrl |= PAM_TRUST_ARG; - else if (!strcmp(*argv,"deny")) -@@ -118,39 +116,14 @@ - } - } - -- if (ctrl & PAM_USE_UID_ARG) { -- tpwd = pam_modutil_getpwuid (pamh, getuid()); -- if (tpwd == NULL) { -- if (ctrl & PAM_DEBUG_ARG) { -- pam_syslog(pamh, LOG_NOTICE, "who is running me ?!"); -- } -- return PAM_SERVICE_ERR; -- } -- fromsu = tpwd->pw_name; -- } else { -- fromsu = pam_modutil_getlogin(pamh); -- -- /* if getlogin fails try a fallback to PAM_RUSER */ -- if (fromsu == NULL) { -- const char *rhostname; -- -- retval = pam_get_item(pamh, PAM_RHOST, (const void **)&rhostname); -- if (retval != PAM_SUCCESS || rhostname == NULL) { -- retval = pam_get_item(pamh, PAM_RUSER, (const void **)&fromsu); -- } -- } -- -- if (fromsu != NULL) { -- tpwd = pam_modutil_getpwnam (pamh, fromsu); -- } -- -- if (fromsu == NULL || tpwd == NULL) { -- if (ctrl & PAM_DEBUG_ARG) { -- pam_syslog(pamh, LOG_NOTICE, "who is running me ?!"); -- } -- return PAM_SERVICE_ERR; -+ tpwd = pam_modutil_getpwuid (pamh, getuid()); -+ if (tpwd == NULL) { -+ if (ctrl & PAM_DEBUG_ARG) { -+ pam_syslog(pamh, LOG_NOTICE, "who is running me ?!"); - } -+ return PAM_SERVICE_ERR; - } -+ fromsu = tpwd->pw_name; - - /* - * At this point fromsu = username-of-invoker; tpwd = pwd ptr for fromsu -Index: pam/modules/pam_wheel/pam_wheel.8.xml -=================================================================== ---- pam.orig/modules/pam_wheel/pam_wheel.8.xml -+++ pam/modules/pam_wheel/pam_wheel.8.xml -@@ -33,9 +33,6 @@ - <arg choice="opt"> - trust - </arg> -- <arg choice="opt"> -- use_uid -- </arg> - </cmdsynopsis> - </refsynopsisdiv> - -@@ -116,18 +113,6 @@ - </para> - </listitem> - </varlistentry> -- <varlistentry> -- <term> -- <option>use_uid</option> -- </term> -- <listitem> -- <para> -- The check will be done against the real uid of the calling process, -- instead of trying to obtain the user from the login session -- associated with the terminal in use. -- </para> -- </listitem> -- </varlistentry> - </variablelist> - </refsect1> - -Index: pam/modules/pam_wheel/pam_wheel.8 -=================================================================== ---- pam.orig/modules/pam_wheel/pam_wheel.8 -+++ pam/modules/pam_wheel/pam_wheel.8 -@@ -31,7 +31,7 @@ - pam_wheel \- Only permit root access to members of group wheel - .SH "SYNOPSIS" - .HP \w'\fBpam_wheel\&.so\fR\ 'u --\fBpam_wheel\&.so\fR [debug] [deny] [group=\fIname\fR] [root_only] [trust] [use_uid] -+\fBpam_wheel\&.so\fR [debug] [deny] [group=\fIname\fR] [root_only] [trust] - .SH "DESCRIPTION" - .PP - The pam_wheel PAM module is used to enforce the so\-called -@@ -72,11 +72,6 @@ - .RS 4 - The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the user is a member of the wheel group (thus with a little play stacking the modules the wheel members may be able to su to root without being prompted for a passwd)\&. - .RE --.PP --\fBuse_uid\fR --.RS 4 --The check will be done against the real uid of the calling process, instead of trying to obtain the user from the login session associated with the terminal in use\&. --.RE - .SH "MODULE TYPES PROVIDED" - .PP - The -Index: pam/modules/pam_wheel/README -=================================================================== ---- pam.orig/modules/pam_wheel/README -+++ pam/modules/pam_wheel/README -@@ -39,12 +39,6 @@ - modules the wheel members may be able to su to root without being prompted - for a passwd). - --use_uid -- -- The check will be done against the real uid of the calling process, instead -- of trying to obtain the user from the login session associated with the -- terminal in use. -- - EXAMPLES - - The root account gains access by default (rootok), only wheel members can diff --git a/debian/patches-applied/040_pam_limits_log_failure b/debian/patches-applied/040_pam_limits_log_failure deleted file mode 100644 index 0ef703bf..00000000 --- a/debian/patches-applied/040_pam_limits_log_failure +++ /dev/null @@ -1,36 +0,0 @@ -Patch for Debian bug #180310 - -Generate some (low-severity) log information whenever setrlimit() fails, -for debugging purposes. - -Authors: Sam Hartman <hartmans@debian.org> - -Upstream status: submitted in <20070830171918.GB30563@dario.dodds.net> - -Index: pam/modules/pam_limits/pam_limits.c -=================================================================== ---- pam.orig/modules/pam_limits/pam_limits.c -+++ pam/modules/pam_limits/pam_limits.c -@@ -1108,9 +1108,19 @@ - if (pl->limits[i].limit.rlim_cur > pl->limits[i].limit.rlim_max) - pl->limits[i].limit.rlim_cur = pl->limits[i].limit.rlim_max; - res = setrlimit(i, &pl->limits[i].limit); -- if (res != 0) -- pam_syslog(pamh, LOG_ERR, "Could not set limit for '%s': %m", -- rlimit2str(i)); -+ if (res != 0 && (i != RLIMIT_NOFILE -+ || pl->limits[i].limit.rlim_cur != RLIM_INFINITY)) -+ { -+ int save_errno = errno; -+ pam_syslog(pamh, LOG_DEBUG, -+ "Could not set limit for '%s' to soft=%d, hard=%d:" -+ " %m; uid=%lu,euid=%lu", rlimit2str(i), -+ pl->limits[i].limit.rlim_cur, -+ pl->limits[i].limit.rlim_max, -+ (unsigned long) getuid(), -+ (unsigned long) geteuid()); -+ errno = save_errno; -+ } - if (res == -1 && errno == EPERM) - continue; - status |= res; diff --git a/debian/patches-applied/045_pam_dispatch_jump_is_ignore b/debian/patches-applied/045_pam_dispatch_jump_is_ignore deleted file mode 100644 index e19a5456..00000000 --- a/debian/patches-applied/045_pam_dispatch_jump_is_ignore +++ /dev/null @@ -1,34 +0,0 @@ - -Previously jumps were treated as PAM_IGNORE in the freezing part of -the chain and PAM_OK (aka required) in the frozen part of the chain. -No one on pam-list was able to explain this behavior, so I changed it -to be consistent. - -Index: pam/libpam/pam_dispatch.c -=================================================================== ---- pam.orig/libpam/pam_dispatch.c -+++ pam/libpam/pam_dispatch.c -@@ -260,22 +260,7 @@ - if ( _PAM_ACTION_IS_JUMP(action) ) { - - /* If we are evaluating a cached chain, we treat this -- module as required (aka _PAM_ACTION_OK) as well as -- executing the jump. */ -- -- if (use_cached_chain) { -- if (impression == _PAM_UNDEF -- || (impression == _PAM_POSITIVE -- && status == PAM_SUCCESS) ) { -- if ( retval != PAM_IGNORE || cached_retval == retval ) { -- if ( impression == _PAM_UNDEF && retval == PAM_SUCCESS ) { -- h->grantor = 1; -- } -- impression = _PAM_POSITIVE; -- status = retval; -- } -- } -- } -+ module as ignored as well as executing the jump. */ - - /* this means that we need to skip #action stacked modules */ - while (h->next != NULL && h->next->stack_level >= stack_level && action > 0) { diff --git a/debian/patches-applied/PAM-manpage-section b/debian/patches-applied/PAM-manpage-section deleted file mode 100644 index 7cdadad3..00000000 --- a/debian/patches-applied/PAM-manpage-section +++ /dev/null @@ -1,1723 +0,0 @@ -Patch to put the PAM manpage in section 7 (general topics) instead of 8 -(system administration commands) - -Authors: Steve Langasek <vorlon@debian.org> - -Upstream status: maybe provide a backwards-compatibility link first? - -Index: pam/doc/man/pam.8.xml -=================================================================== ---- pam.orig/doc/man/pam.8.xml -+++ pam/doc/man/pam.8.xml -@@ -6,7 +6,7 @@ - - <refmeta> - <refentrytitle>pam</refentrytitle> -- <manvolnum>8</manvolnum> -+ <manvolnum>7</manvolnum> - <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> - </refmeta> - -@@ -209,7 +209,7 @@ - <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>PAM</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>PAM</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/doc/man/PAM.8 -=================================================================== ---- pam.orig/doc/man/PAM.8 -+++ pam/doc/man/PAM.8 -@@ -7,7 +7,7 @@ - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM" "8" "09/03/2021" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM" "7" "09/03/2021" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -@@ -146,4 +146,4 @@ - \fBpam_authenticate\fR(3), - \fBpam_sm_setcred\fR(3), - \fBpam_strerror\fR(3), --\fBPAM\fR(8) -+\fBPAM\fR(7) -Index: pam/modules/pam_access/access.conf.5.xml -=================================================================== ---- pam.orig/modules/pam_access/access.conf.5.xml -+++ pam/modules/pam_access/access.conf.5.xml -@@ -233,7 +233,7 @@ - <para> - <citerefentry><refentrytitle>pam_access</refentrytitle><manvolnum>8</manvolnum></citerefentry>, - <citerefentry><refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>, -- <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry> -+ <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum></citerefentry> - </para> - </refsect1> - -Index: pam/modules/pam_access/access.conf.5 -=================================================================== ---- pam.orig/modules/pam_access/access.conf.5 -+++ pam/modules/pam_access/access.conf.5 -@@ -210,7 +210,7 @@ - .PP - \fBpam_access\fR(8), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHORS" - .PP - Original -Index: pam/modules/pam_env/pam_env.conf.5.xml -=================================================================== ---- pam.orig/modules/pam_env/pam_env.conf.5.xml -+++ pam/modules/pam_env/pam_env.conf.5.xml -@@ -122,7 +122,7 @@ - <para> - <citerefentry><refentrytitle>pam_env</refentrytitle><manvolnum>8</manvolnum></citerefentry>, - <citerefentry><refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>, -- <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry>, -+ <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum></citerefentry>, - <citerefentry><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry> - </para> - </refsect1> -Index: pam/modules/pam_env/pam_env.conf.5 -=================================================================== ---- pam.orig/modules/pam_env/pam_env.conf.5 -+++ pam/modules/pam_env/pam_env.conf.5 -@@ -125,7 +125,7 @@ - .PP - \fBpam_env\fR(8), - \fBpam.d\fR(5), --\fBpam\fR(8), -+\fBpam\fR(7), - \fBenviron\fR(7) - .SH "AUTHOR" - .PP -Index: pam/modules/pam_group/group.conf.5.xml -=================================================================== ---- pam.orig/modules/pam_group/group.conf.5.xml -+++ pam/modules/pam_group/group.conf.5.xml -@@ -134,7 +134,7 @@ - <para> - <citerefentry><refentrytitle>pam_group</refentrytitle><manvolnum>8</manvolnum></citerefentry>, - <citerefentry><refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>, -- <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry> -+ <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum></citerefentry> - </para> - </refsect1> - -Index: pam/modules/pam_group/group.conf.5 -=================================================================== ---- pam.orig/modules/pam_group/group.conf.5 -+++ pam/modules/pam_group/group.conf.5 -@@ -115,7 +115,7 @@ - .PP - \fBpam_group\fR(8), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_group was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&. -Index: pam/modules/pam_limits/limits.conf.5.xml -=================================================================== ---- pam.orig/modules/pam_limits/limits.conf.5.xml -+++ pam/modules/pam_limits/limits.conf.5.xml -@@ -357,7 +357,7 @@ - <para> - <citerefentry><refentrytitle>pam_limits</refentrytitle><manvolnum>8</manvolnum></citerefentry>, - <citerefentry><refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>, -- <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry>, -+ <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum></citerefentry>, - <citerefentry><refentrytitle>getrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry>, - <citerefentry><refentrytitle>getrlimit</refentrytitle><manvolnum>3p</manvolnum></citerefentry> - </para> -Index: pam/modules/pam_limits/limits.conf.5 -=================================================================== ---- pam.orig/modules/pam_limits/limits.conf.5 -+++ pam/modules/pam_limits/limits.conf.5 -@@ -351,7 +351,7 @@ - .PP - \fBpam_limits\fR(8), - \fBpam.d\fR(5), --\fBpam\fR(8), -+\fBpam\fR(7), - \fBgetrlimit\fR(2), - \fBgetrlimit\fR(3p) - .SH "AUTHOR" -Index: pam/modules/pam_namespace/namespace.conf.5.xml -=================================================================== ---- pam.orig/modules/pam_namespace/namespace.conf.5.xml -+++ pam/modules/pam_namespace/namespace.conf.5.xml -@@ -209,7 +209,7 @@ - <para> - <citerefentry><refentrytitle>pam_namespace</refentrytitle><manvolnum>8</manvolnum></citerefentry>, - <citerefentry><refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>, -- <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry> -+ <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum></citerefentry> - </para> - </refsect1> - -Index: pam/modules/pam_namespace/namespace.conf.5 -=================================================================== ---- pam.orig/modules/pam_namespace/namespace.conf.5 -+++ pam/modules/pam_namespace/namespace.conf.5 -@@ -162,7 +162,7 @@ - .PP - \fBpam_namespace\fR(8), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHORS" - .PP - The namespace\&.conf manual page was written by Janak Desai <janak@us\&.ibm\&.com>\&. More features added by Tomas Mraz <tmraz@redhat\&.com>\&. -Index: pam/modules/pam_time/time.conf.5.xml -=================================================================== ---- pam.orig/modules/pam_time/time.conf.5.xml -+++ pam/modules/pam_time/time.conf.5.xml -@@ -136,7 +136,7 @@ - <para> - <citerefentry><refentrytitle>pam_time</refentrytitle><manvolnum>8</manvolnum></citerefentry>, - <citerefentry><refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>, -- <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry> -+ <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum></citerefentry> - </para> - </refsect1> - -Index: pam/modules/pam_time/time.conf.5 -=================================================================== ---- pam.orig/modules/pam_time/time.conf.5 -+++ pam/modules/pam_time/time.conf.5 -@@ -109,7 +109,7 @@ - .PP - \fBpam_time\fR(8), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_time was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&. -Index: pam/modules/pam_access/pam_access.8.xml -=================================================================== ---- pam.orig/modules/pam_access/pam_access.8.xml -+++ pam/modules/pam_access/pam_access.8.xml -@@ -246,7 +246,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry>. - </para> - </refsect1> -Index: pam/modules/pam_access/pam_access.8 -=================================================================== ---- pam.orig/modules/pam_access/pam_access.8 -+++ pam/modules/pam_access/pam_access.8 -@@ -133,7 +133,7 @@ - .PP - \fBaccess.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8)\&. -+\fBpam\fR(7)\&. - .SH "AUTHORS" - .PP - The logdaemon style login access control scheme was designed and implemented by Wietse Venema\&. The pam_access PAM module was developed by Alexei Nogin <alexei@nogin\&.dnttm\&.ru>\&. The IPv6 support and the network(address) / netmask feature was developed and provided by Mike Becher <mike\&.becher@lrz\-muenchen\&.de>\&. -Index: pam/modules/pam_debug/pam_debug.8.xml -=================================================================== ---- pam.orig/modules/pam_debug/pam_debug.8.xml -+++ pam/modules/pam_debug/pam_debug.8.xml -@@ -216,7 +216,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/modules/pam_debug/pam_debug.8 -=================================================================== ---- pam.orig/modules/pam_debug/pam_debug.8 -+++ pam/modules/pam_debug/pam_debug.8 -@@ -138,7 +138,7 @@ - .PP - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_debug was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&. -Index: pam/modules/pam_deny/pam_deny.8.xml -=================================================================== ---- pam.orig/modules/pam_deny/pam_deny.8.xml -+++ pam/modules/pam_deny/pam_deny.8.xml -@@ -120,7 +120,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/modules/pam_deny/pam_deny.8 -=================================================================== ---- pam.orig/modules/pam_deny/pam_deny.8 -+++ pam/modules/pam_deny/pam_deny.8 -@@ -96,7 +96,7 @@ - .PP - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_deny was written by Andrew G\&. Morgan <morgan@kernel\&.org> -Index: pam/modules/pam_echo/pam_echo.8.xml -=================================================================== ---- pam.orig/modules/pam_echo/pam_echo.8.xml -+++ pam/modules/pam_echo/pam_echo.8.xml -@@ -159,7 +159,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry></para> - </refsect1> - -Index: pam/modules/pam_echo/pam_echo.8 -=================================================================== ---- pam.orig/modules/pam_echo/pam_echo.8 -+++ pam/modules/pam_echo/pam_echo.8 -@@ -126,7 +126,7 @@ - .PP - \fBpam.conf\fR(8), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - Thorsten Kukuk <kukuk@thkukuk\&.de> -Index: pam/modules/pam_env/pam_env.8.xml -=================================================================== ---- pam.orig/modules/pam_env/pam_env.8.xml -+++ pam/modules/pam_env/pam_env.8.xml -@@ -254,7 +254,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum> -Index: pam/modules/pam_exec/pam_exec.8.xml -=================================================================== ---- pam.orig/modules/pam_exec/pam_exec.8.xml -+++ pam/modules/pam_exec/pam_exec.8.xml -@@ -303,7 +303,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/modules/pam_exec/pam_exec.8 -=================================================================== ---- pam.orig/modules/pam_exec/pam_exec.8 -+++ pam/modules/pam_exec/pam_exec.8 -@@ -182,7 +182,7 @@ - .PP - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_exec was written by Thorsten Kukuk <kukuk@thkukuk\&.de> and Josh Triplett <josh@joshtriplett\&.org>\&. -Index: pam/modules/pam_faildelay/pam_faildelay.8.xml -=================================================================== ---- pam.orig/modules/pam_faildelay/pam_faildelay.8.xml -+++ pam/modules/pam_faildelay/pam_faildelay.8.xml -@@ -121,7 +121,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/modules/pam_faildelay/pam_faildelay.8 -=================================================================== ---- pam.orig/modules/pam_faildelay/pam_faildelay.8 -+++ pam/modules/pam_faildelay/pam_faildelay.8 -@@ -87,7 +87,7 @@ - \fBpam_fail_delay\fR(3), - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_faildelay was written by Darren Tucker <dtucker@zip\&.com\&.au>\&. -Index: pam/modules/pam_filter/pam_filter.8.xml -=================================================================== ---- pam.orig/modules/pam_filter/pam_filter.8.xml -+++ pam/modules/pam_filter/pam_filter.8.xml -@@ -246,7 +246,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/modules/pam_filter/pam_filter.8 -=================================================================== ---- pam.orig/modules/pam_filter/pam_filter.8 -+++ pam/modules/pam_filter/pam_filter.8 -@@ -166,7 +166,7 @@ - .PP - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_filter was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&. -Index: pam/modules/pam_ftp/pam_ftp.8.xml -=================================================================== ---- pam.orig/modules/pam_ftp/pam_ftp.8.xml -+++ pam/modules/pam_ftp/pam_ftp.8.xml -@@ -168,7 +168,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/modules/pam_ftp/pam_ftp.8 -=================================================================== ---- pam.orig/modules/pam_ftp/pam_ftp.8 -+++ pam/modules/pam_ftp/pam_ftp.8 -@@ -119,7 +119,7 @@ - .PP - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_ftp was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&. -Index: pam/modules/pam_group/pam_group.8.xml -=================================================================== ---- pam.orig/modules/pam_group/pam_group.8.xml -+++ pam/modules/pam_group/pam_group.8.xml -@@ -148,7 +148,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry>. - </para> - </refsect1> -Index: pam/modules/pam_group/pam_group.8 -=================================================================== ---- pam.orig/modules/pam_group/pam_group.8 -+++ pam/modules/pam_group/pam_group.8 -@@ -103,7 +103,7 @@ - .PP - \fBgroup.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8)\&. -+\fBpam\fR(7)\&. - .SH "AUTHORS" - .PP - pam_group was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&. -Index: pam/modules/pam_issue/pam_issue.8.xml -=================================================================== ---- pam.orig/modules/pam_issue/pam_issue.8.xml -+++ pam/modules/pam_issue/pam_issue.8.xml -@@ -219,7 +219,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/modules/pam_issue/pam_issue.8 -=================================================================== ---- pam.orig/modules/pam_issue/pam_issue.8 -+++ pam/modules/pam_issue/pam_issue.8 -@@ -152,7 +152,7 @@ - .PP - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_issue was written by Ben Collins <bcollins@debian\&.org>\&. -Index: pam/modules/pam_keyinit/pam_keyinit.8.xml -=================================================================== ---- pam.orig/modules/pam_keyinit/pam_keyinit.8.xml -+++ pam/modules/pam_keyinit/pam_keyinit.8.xml -@@ -232,7 +232,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>keyctl</refentrytitle><manvolnum>1</manvolnum> -Index: pam/modules/pam_keyinit/pam_keyinit.8 -=================================================================== ---- pam.orig/modules/pam_keyinit/pam_keyinit.8 -+++ pam/modules/pam_keyinit/pam_keyinit.8 -@@ -137,7 +137,7 @@ - .PP - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8), -+\fBpam\fR(7), - \fBkeyctl\fR(1) - .SH "AUTHOR" - .PP -Index: pam/modules/pam_lastlog/pam_lastlog.8.xml -=================================================================== ---- pam.orig/modules/pam_lastlog/pam_lastlog.8.xml -+++ pam/modules/pam_lastlog/pam_lastlog.8.xml -@@ -325,7 +325,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/modules/pam_lastlog/pam_lastlog.8 -=================================================================== ---- pam.orig/modules/pam_lastlog/pam_lastlog.8 -+++ pam/modules/pam_lastlog/pam_lastlog.8 -@@ -189,7 +189,7 @@ - \fBlimits.conf\fR(5), - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_lastlog was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&. -Index: pam/modules/pam_limits/pam_limits.8.xml -=================================================================== ---- pam.orig/modules/pam_limits/pam_limits.8.xml -+++ pam/modules/pam_limits/pam_limits.8.xml -@@ -243,7 +243,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry>. - </para> - </refsect1> -Index: pam/modules/pam_limits/pam_limits.8 -=================================================================== ---- pam.orig/modules/pam_limits/pam_limits.8 -+++ pam/modules/pam_limits/pam_limits.8 -@@ -146,7 +146,7 @@ - .PP - \fBlimits.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8)\&. -+\fBpam\fR(7)\&. - .SH "AUTHORS" - .PP - pam_limits was initially written by Cristian Gafton <gafton@redhat\&.com> -Index: pam/modules/pam_listfile/pam_listfile.8.xml -=================================================================== ---- pam.orig/modules/pam_listfile/pam_listfile.8.xml -+++ pam/modules/pam_listfile/pam_listfile.8.xml -@@ -281,7 +281,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/modules/pam_listfile/pam_listfile.8 -=================================================================== ---- pam.orig/modules/pam_listfile/pam_listfile.8 -+++ pam/modules/pam_listfile/pam_listfile.8 -@@ -205,7 +205,7 @@ - .PP - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_listfile was written by Michael K\&. Johnson <johnsonm@redhat\&.com> and Elliot Lee <sopwith@cuc\&.edu>\&. -Index: pam/modules/pam_localuser/pam_localuser.8.xml -=================================================================== ---- pam.orig/modules/pam_localuser/pam_localuser.8.xml -+++ pam/modules/pam_localuser/pam_localuser.8.xml -@@ -187,7 +187,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/modules/pam_localuser/pam_localuser.8 -=================================================================== ---- pam.orig/modules/pam_localuser/pam_localuser.8 -+++ pam/modules/pam_localuser/pam_localuser.8 -@@ -117,7 +117,7 @@ - .PP - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_localuser was written by Nalin Dahyabhai <nalin@redhat\&.com>\&. -Index: pam/modules/pam_loginuid/pam_loginuid.8.xml -=================================================================== ---- pam.orig/modules/pam_loginuid/pam_loginuid.8.xml -+++ pam/modules/pam_loginuid/pam_loginuid.8.xml -@@ -121,7 +121,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>auditctl</refentrytitle><manvolnum>8</manvolnum> -Index: pam/modules/pam_loginuid/pam_loginuid.8 -=================================================================== ---- pam.orig/modules/pam_loginuid/pam_loginuid.8 -+++ pam/modules/pam_loginuid/pam_loginuid.8 -@@ -85,7 +85,7 @@ - .PP - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8), -+\fBpam\fR(7), - \fBauditctl\fR(8), - \fBauditd\fR(8) - .SH "AUTHOR" -Index: pam/modules/pam_mail/pam_mail.8.xml -=================================================================== ---- pam.orig/modules/pam_mail/pam_mail.8.xml -+++ pam/modules/pam_mail/pam_mail.8.xml -@@ -265,7 +265,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/modules/pam_mail/pam_mail.8 -=================================================================== ---- pam.orig/modules/pam_mail/pam_mail.8 -+++ pam/modules/pam_mail/pam_mail.8 -@@ -153,7 +153,7 @@ - .PP - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_mail was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&. -Index: pam/modules/pam_mkhomedir/pam_mkhomedir.8.xml -=================================================================== ---- pam.orig/modules/pam_mkhomedir/pam_mkhomedir.8.xml -+++ pam/modules/pam_mkhomedir/pam_mkhomedir.8.xml -@@ -205,7 +205,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry>. - </para> - </refsect1> -Index: pam/modules/pam_mkhomedir/pam_mkhomedir.8 -=================================================================== ---- pam.orig/modules/pam_mkhomedir/pam_mkhomedir.8 -+++ pam/modules/pam_mkhomedir/pam_mkhomedir.8 -@@ -129,7 +129,7 @@ - .SH "SEE ALSO" - .PP - \fBpam.d\fR(5), --\fBpam\fR(8)\&. -+\fBpam\fR(7)\&. - .SH "AUTHOR" - .PP - pam_mkhomedir was written by Jason Gunthorpe <jgg@debian\&.org>\&. -Index: pam/modules/pam_motd/pam_motd.8.xml -=================================================================== ---- pam.orig/modules/pam_motd/pam_motd.8.xml -+++ pam/modules/pam_motd/pam_motd.8.xml -@@ -196,7 +196,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/modules/pam_motd/pam_motd.8 -=================================================================== ---- pam.orig/modules/pam_motd/pam_motd.8 -+++ pam/modules/pam_motd/pam_motd.8 -@@ -185,7 +185,7 @@ - \fBmotd\fR(5), - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_motd was written by Ben Collins <bcollins@debian\&.org>\&. -Index: pam/modules/pam_namespace/pam_namespace.8.xml -=================================================================== ---- pam.orig/modules/pam_namespace/pam_namespace.8.xml -+++ pam/modules/pam_namespace/pam_namespace.8.xml -@@ -362,7 +362,7 @@ - <refentrytitle>mount</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry>. - </para> - </refsect1> -Index: pam/modules/pam_namespace/pam_namespace.8 -=================================================================== ---- pam.orig/modules/pam_namespace/pam_namespace.8 -+++ pam/modules/pam_namespace/pam_namespace.8 -@@ -148,7 +148,7 @@ - \fBnamespace.conf\fR(5), - \fBpam.d\fR(5), - \fBmount\fR(8), --\fBpam\fR(8)\&. -+\fBpam\fR(7)\&. - .SH "AUTHORS" - .PP - The namespace setup scheme was designed by Stephen Smalley, Janak Desai and Chad Sellers\&. The pam_namespace PAM module was developed by Janak Desai <janak@us\&.ibm\&.com>, Chad Sellers <csellers@tresys\&.com> and Steve Grubb <sgrubb@redhat\&.com>\&. Additional improvements by Xavier Toth <txtoth@gmail\&.com> and Tomas Mraz <tmraz@redhat\&.com>\&. -Index: pam/modules/pam_nologin/pam_nologin.8.xml -=================================================================== ---- pam.orig/modules/pam_nologin/pam_nologin.8.xml -+++ pam/modules/pam_nologin/pam_nologin.8.xml -@@ -160,7 +160,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/modules/pam_nologin/pam_nologin.8 -=================================================================== ---- pam.orig/modules/pam_nologin/pam_nologin.8 -+++ pam/modules/pam_nologin/pam_nologin.8 -@@ -124,7 +124,7 @@ - \fBnologin\fR(5), - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_nologin was written by Michael K\&. Johnson <johnsonm@redhat\&.com>\&. -Index: pam/modules/pam_permit/pam_permit.8.xml -=================================================================== ---- pam.orig/modules/pam_permit/pam_permit.8.xml -+++ pam/modules/pam_permit/pam_permit.8.xml -@@ -91,7 +91,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/modules/pam_permit/pam_permit.8 -=================================================================== ---- pam.orig/modules/pam_permit/pam_permit.8 -+++ pam/modules/pam_permit/pam_permit.8 -@@ -78,7 +78,7 @@ - .PP - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_permit was written by Andrew G\&. Morgan, <morgan@kernel\&.org>\&. -Index: pam/modules/pam_rhosts/pam_rhosts.8.xml -=================================================================== ---- pam.orig/modules/pam_rhosts/pam_rhosts.8.xml -+++ pam/modules/pam_rhosts/pam_rhosts.8.xml -@@ -156,7 +156,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/modules/pam_rhosts/pam_rhosts.8 -=================================================================== ---- pam.orig/modules/pam_rhosts/pam_rhosts.8 -+++ pam/modules/pam_rhosts/pam_rhosts.8 -@@ -122,7 +122,7 @@ - \fBrhosts\fR(5), - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_rhosts was written by Thorsten Kukuk <kukuk@thkukuk\&.de> -Index: pam/modules/pam_rootok/pam_rootok.8.xml -=================================================================== ---- pam.orig/modules/pam_rootok/pam_rootok.8.xml -+++ pam/modules/pam_rootok/pam_rootok.8.xml -@@ -116,7 +116,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/modules/pam_rootok/pam_rootok.8 -=================================================================== ---- pam.orig/modules/pam_rootok/pam_rootok.8 -+++ pam/modules/pam_rootok/pam_rootok.8 -@@ -100,7 +100,7 @@ - \fBsu\fR(1), - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_rootok was written by Andrew G\&. Morgan, <morgan@kernel\&.org>\&. -Index: pam/modules/pam_securetty/pam_securetty.8.xml -=================================================================== ---- pam.orig/modules/pam_securetty/pam_securetty.8.xml -+++ pam/modules/pam_securetty/pam_securetty.8.xml -@@ -187,7 +187,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/modules/pam_securetty/pam_securetty.8 -=================================================================== ---- pam.orig/modules/pam_securetty/pam_securetty.8 -+++ pam/modules/pam_securetty/pam_securetty.8 -@@ -134,7 +134,7 @@ - \fBsecuretty\fR(5), - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_securetty was written by Elliot Lee <sopwith@cuc\&.edu>\&. -Index: pam/modules/pam_selinux/pam_selinux.8.xml -=================================================================== ---- pam.orig/modules/pam_selinux/pam_selinux.8.xml -+++ pam/modules/pam_selinux/pam_selinux.8.xml -@@ -258,7 +258,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>selinux</refentrytitle><manvolnum>8</manvolnum> -Index: pam/modules/pam_selinux/pam_selinux.8 -=================================================================== ---- pam.orig/modules/pam_selinux/pam_selinux.8 -+++ pam/modules/pam_selinux/pam_selinux.8 -@@ -7,7 +7,7 @@ - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_SELINUX" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_SELINUX" "7" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -@@ -144,7 +144,7 @@ - \fBexecve\fR(2), - \fBtty\fR(4), - \fBpam.d\fR(5), --\fBpam\fR(8), -+\fBpam\fR(7), - \fBselinux\fR(8) - .SH "AUTHOR" - .PP -Index: pam/modules/pam_sepermit/pam_sepermit.8.xml -=================================================================== ---- pam.orig/modules/pam_sepermit/pam_sepermit.8.xml -+++ pam/modules/pam_sepermit/pam_sepermit.8.xml -@@ -176,7 +176,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - <citerefentry> - <refentrytitle>selinux</refentrytitle><manvolnum>8</manvolnum> -Index: pam/modules/pam_sepermit/pam_sepermit.8 -=================================================================== ---- pam.orig/modules/pam_sepermit/pam_sepermit.8 -+++ pam/modules/pam_sepermit/pam_sepermit.8 -@@ -124,7 +124,7 @@ - \fBsepermit.conf\fR(5), - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - \fBselinux\fR(8) - .SH "AUTHOR" - .PP -Index: pam/modules/pam_shells/pam_shells.8.xml -=================================================================== ---- pam.orig/modules/pam_shells/pam_shells.8.xml -+++ pam/modules/pam_shells/pam_shells.8.xml -@@ -102,7 +102,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/modules/pam_shells/pam_shells.8 -=================================================================== ---- pam.orig/modules/pam_shells/pam_shells.8 -+++ pam/modules/pam_shells/pam_shells.8 -@@ -85,7 +85,7 @@ - \fBshells\fR(5), - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_shells was written by Erik Troan <ewt@redhat\&.com>\&. -Index: pam/modules/pam_succeed_if/pam_succeed_if.8.xml -=================================================================== ---- pam.orig/modules/pam_succeed_if/pam_succeed_if.8.xml -+++ pam/modules/pam_succeed_if/pam_succeed_if.8.xml -@@ -295,7 +295,7 @@ - <refentrytitle>glob</refentrytitle><manvolnum>7</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/modules/pam_succeed_if/pam_succeed_if.8 -=================================================================== ---- pam.orig/modules/pam_succeed_if/pam_succeed_if.8 -+++ pam/modules/pam_succeed_if/pam_succeed_if.8 -@@ -220,7 +220,7 @@ - .SH "SEE ALSO" - .PP - \fBglob\fR(7), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - Nalin Dahyabhai <nalin@redhat\&.com> -Index: pam/modules/pam_time/pam_time.8.xml -=================================================================== ---- pam.orig/modules/pam_time/pam_time.8.xml -+++ pam/modules/pam_time/pam_time.8.xml -@@ -184,7 +184,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry>. - </para> - </refsect1> -Index: pam/modules/pam_time/pam_time.8 -=================================================================== ---- pam.orig/modules/pam_time/pam_time.8 -+++ pam/modules/pam_time/pam_time.8 -@@ -116,7 +116,7 @@ - .PP - \fBtime.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8)\&. -+\fBpam\fR(7)\&. - .SH "AUTHOR" - .PP - pam_time was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&. -Index: pam/modules/pam_umask/pam_umask.8.xml -=================================================================== ---- pam.orig/modules/pam_umask/pam_umask.8.xml -+++ pam/modules/pam_umask/pam_umask.8.xml -@@ -246,7 +246,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/modules/pam_umask/pam_umask.8 -=================================================================== ---- pam.orig/modules/pam_umask/pam_umask.8 -+++ pam/modules/pam_umask/pam_umask.8 -@@ -170,7 +170,7 @@ - .PP - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_umask was written by Thorsten Kukuk <kukuk@thkukuk\&.de>\&. -Index: pam/modules/pam_unix/pam_unix.8.xml -=================================================================== ---- pam.orig/modules/pam_unix/pam_unix.8.xml -+++ pam/modules/pam_unix/pam_unix.8.xml -@@ -559,7 +559,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/modules/pam_unix/pam_unix.8 -=================================================================== ---- pam.orig/modules/pam_unix/pam_unix.8 -+++ pam/modules/pam_unix/pam_unix.8 -@@ -310,7 +310,7 @@ - \fBlogin.defs\fR(5), - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_unix was written by various people\&. -Index: pam/doc/man/misc_conv.3.xml -=================================================================== ---- pam.orig/doc/man/misc_conv.3.xml -+++ pam/doc/man/misc_conv.3.xml -@@ -171,7 +171,7 @@ - <refentrytitle>pam_conv</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/doc/man/misc_conv.3 -=================================================================== ---- pam.orig/doc/man/misc_conv.3 -+++ pam/doc/man/misc_conv.3 -@@ -117,7 +117,7 @@ - .SH "SEE ALSO" - .PP - \fBpam_conv\fR(3), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "STANDARDS" - .PP - The -Index: pam/doc/man/pam_acct_mgmt.3.xml -=================================================================== ---- pam.orig/doc/man/pam_acct_mgmt.3.xml -+++ pam/doc/man/pam_acct_mgmt.3.xml -@@ -138,7 +138,7 @@ - <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/doc/man/pam_acct_mgmt.3 -=================================================================== ---- pam.orig/doc/man/pam_acct_mgmt.3 -+++ pam/doc/man/pam_acct_mgmt.3 -@@ -97,4 +97,4 @@ - \fBpam_authenticate\fR(3), - \fBpam_chauthtok\fR(3), - \fBpam_strerror\fR(3), --\fBpam\fR(8) -+\fBpam\fR(7) -Index: pam/doc/man/pam_authenticate.3.xml -=================================================================== ---- pam.orig/doc/man/pam_authenticate.3.xml -+++ pam/doc/man/pam_authenticate.3.xml -@@ -162,7 +162,7 @@ - <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/doc/man/pam_authenticate.3 -=================================================================== ---- pam.orig/doc/man/pam_authenticate.3 -+++ pam/doc/man/pam_authenticate.3 -@@ -107,4 +107,4 @@ - \fBpam_setcred\fR(3), - \fBpam_chauthtok\fR(3), - \fBpam_strerror\fR(3), --\fBpam\fR(8) -+\fBpam\fR(7) -Index: pam/doc/man/pam_chauthtok.3.xml -=================================================================== ---- pam.orig/doc/man/pam_chauthtok.3.xml -+++ pam/doc/man/pam_chauthtok.3.xml -@@ -157,7 +157,7 @@ - <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/doc/man/pam_chauthtok.3 -=================================================================== ---- pam.orig/doc/man/pam_chauthtok.3 -+++ pam/doc/man/pam_chauthtok.3 -@@ -106,4 +106,4 @@ - \fBpam_setcred\fR(3), - \fBpam_get_item\fR(3), - \fBpam_strerror\fR(3), --\fBpam\fR(8) -+\fBpam\fR(7) -Index: pam/doc/man/pam_conv.3.xml -=================================================================== ---- pam.orig/doc/man/pam_conv.3.xml -+++ pam/doc/man/pam_conv.3.xml -@@ -221,7 +221,7 @@ - <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/doc/man/pam_conv.3 -=================================================================== ---- pam.orig/doc/man/pam_conv.3 -+++ pam/doc/man/pam_conv.3 -@@ -174,4 +174,4 @@ - \fBpam_set_item\fR(3), - \fBpam_get_item\fR(3), - \fBpam_strerror\fR(3), --\fBpam\fR(8) -+\fBpam\fR(7) -Index: pam/doc/man/pam_error.3.xml -=================================================================== ---- pam.orig/doc/man/pam_error.3.xml -+++ pam/doc/man/pam_error.3.xml -@@ -105,7 +105,7 @@ - <refentrytitle>pam_vprompt</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/doc/man/pam_error.3 -=================================================================== ---- pam.orig/doc/man/pam_error.3 -+++ pam/doc/man/pam_error.3 -@@ -80,7 +80,7 @@ - \fBpam_vinfo\fR(3), - \fBpam_prompt\fR(3), - \fBpam_vprompt\fR(3), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "STANDARDS" - .PP - The -Index: pam/doc/man/pam_getenv.3.xml -=================================================================== ---- pam.orig/doc/man/pam_getenv.3.xml -+++ pam/doc/man/pam_getenv.3.xml -@@ -60,7 +60,7 @@ - <refentrytitle>pam_putenv</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/doc/man/pam_getenv.3 -=================================================================== ---- pam.orig/doc/man/pam_getenv.3 -+++ pam/doc/man/pam_getenv.3 -@@ -57,4 +57,4 @@ - \fBpam_start\fR(3), - \fBpam_getenvlist\fR(3), - \fBpam_putenv\fR(3), --\fBpam\fR(8) -+\fBpam\fR(7) -Index: pam/doc/man/pam_getenvlist.3.xml -=================================================================== ---- pam.orig/doc/man/pam_getenvlist.3.xml -+++ pam/doc/man/pam_getenvlist.3.xml -@@ -78,7 +78,7 @@ - <refentrytitle>pam_putenv</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/doc/man/pam_getenvlist.3 -=================================================================== ---- pam.orig/doc/man/pam_getenvlist.3 -+++ pam/doc/man/pam_getenvlist.3 -@@ -63,4 +63,4 @@ - \fBpam_start\fR(3), - \fBpam_getenv\fR(3), - \fBpam_putenv\fR(3), --\fBpam\fR(8) -+\fBpam\fR(7) -Index: pam/doc/man/pam_info.3.xml -=================================================================== ---- pam.orig/doc/man/pam_info.3.xml -+++ pam/doc/man/pam_info.3.xml -@@ -93,7 +93,7 @@ - <title>SEE ALSO</title> - <para> - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/doc/man/pam_info.3 -=================================================================== ---- pam.orig/doc/man/pam_info.3 -+++ pam/doc/man/pam_info.3 -@@ -76,7 +76,7 @@ - .RE - .SH "SEE ALSO" - .PP --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "STANDARDS" - .PP - The -Index: pam/doc/man/pam_misc_drop_env.3.xml -=================================================================== ---- pam.orig/doc/man/pam_misc_drop_env.3.xml -+++ pam/doc/man/pam_misc_drop_env.3.xml -@@ -46,7 +46,7 @@ - <refentrytitle>pam_getenvlist</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/doc/man/pam_misc_drop_env.3 -=================================================================== ---- pam.orig/doc/man/pam_misc_drop_env.3 -+++ pam/doc/man/pam_misc_drop_env.3 -@@ -52,7 +52,7 @@ - .SH "SEE ALSO" - .PP - \fBpam_getenvlist\fR(3), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "STANDARDS" - .PP - The -Index: pam/doc/man/pam_misc_paste_env.3.xml -=================================================================== ---- pam.orig/doc/man/pam_misc_paste_env.3.xml -+++ pam/doc/man/pam_misc_paste_env.3.xml -@@ -44,7 +44,7 @@ - <refentrytitle>pam_putenv</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/doc/man/pam_misc_paste_env.3 -=================================================================== ---- pam.orig/doc/man/pam_misc_paste_env.3 -+++ pam/doc/man/pam_misc_paste_env.3 -@@ -47,7 +47,7 @@ - .SH "SEE ALSO" - .PP - \fBpam_putenv\fR(3), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "STANDARDS" - .PP - The -Index: pam/doc/man/pam_misc_setenv.3.xml -=================================================================== ---- pam.orig/doc/man/pam_misc_setenv.3.xml -+++ pam/doc/man/pam_misc_setenv.3.xml -@@ -51,7 +51,7 @@ - <refentrytitle>pam_putenv</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/doc/man/pam_misc_setenv.3 -=================================================================== ---- pam.orig/doc/man/pam_misc_setenv.3 -+++ pam/doc/man/pam_misc_setenv.3 -@@ -52,7 +52,7 @@ - .SH "SEE ALSO" - .PP - \fBpam_putenv\fR(3), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "STANDARDS" - .PP - The -Index: pam/doc/man/pam_prompt.3.xml -=================================================================== ---- pam.orig/doc/man/pam_prompt.3.xml -+++ pam/doc/man/pam_prompt.3.xml -@@ -95,7 +95,7 @@ - <title>SEE ALSO</title> - <para> - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_conv</refentrytitle><manvolnum>3</manvolnum> -Index: pam/doc/man/pam_prompt.3 -=================================================================== ---- pam.orig/doc/man/pam_prompt.3 -+++ pam/doc/man/pam_prompt.3 -@@ -70,7 +70,7 @@ - .RE - .SH "SEE ALSO" - .PP --\fBpam\fR(8), -+\fBpam\fR(7), - \fBpam_conv\fR(3) - .SH "STANDARDS" - .PP -Index: pam/doc/man/pam_putenv.3.xml -=================================================================== ---- pam.orig/doc/man/pam_putenv.3.xml -+++ pam/doc/man/pam_putenv.3.xml -@@ -145,7 +145,7 @@ - <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/doc/man/pam_putenv.3 -=================================================================== ---- pam.orig/doc/man/pam_putenv.3 -+++ pam/doc/man/pam_putenv.3 -@@ -108,4 +108,4 @@ - \fBpam_getenv\fR(3), - \fBpam_getenvlist\fR(3), - \fBpam_strerror\fR(3), --\fBpam\fR(8) -+\fBpam\fR(7) -Index: pam/doc/man/pam_strerror.3.xml -=================================================================== ---- pam.orig/doc/man/pam_strerror.3.xml -+++ pam/doc/man/pam_strerror.3.xml -@@ -51,7 +51,7 @@ - <title>SEE ALSO</title> - <para> - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/doc/man/pam_strerror.3 -=================================================================== ---- pam.orig/doc/man/pam_strerror.3 -+++ pam/doc/man/pam_strerror.3 -@@ -49,4 +49,4 @@ - This function returns always a pointer to a string\&. - .SH "SEE ALSO" - .PP --\fBpam\fR(8) -+\fBpam\fR(7) -Index: pam/doc/man/pam_syslog.3.xml -=================================================================== ---- pam.orig/doc/man/pam_syslog.3.xml -+++ pam/doc/man/pam_syslog.3.xml -@@ -66,7 +66,7 @@ - <title>SEE ALSO</title> - <para> - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/doc/man/pam_syslog.3 -=================================================================== ---- pam.orig/doc/man/pam_syslog.3 -+++ pam/doc/man/pam_syslog.3 -@@ -67,7 +67,7 @@ - variable argument list macros\&. - .SH "SEE ALSO" - .PP --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "STANDARDS" - .PP - The -Index: pam/modules/pam_userdb/pam_userdb.8.xml -=================================================================== ---- pam.orig/modules/pam_userdb/pam_userdb.8.xml -+++ pam/modules/pam_userdb/pam_userdb.8.xml -@@ -279,7 +279,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/modules/pam_userdb/pam_userdb.8 -=================================================================== ---- pam.orig/modules/pam_userdb/pam_userdb.8 -+++ pam/modules/pam_userdb/pam_userdb.8 -@@ -152,7 +152,7 @@ - \fBcrypt\fR(3), - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_userdb was written by Cristian Gafton >gafton@redhat\&.com<\&. -Index: pam/modules/pam_warn/pam_warn.8.xml -=================================================================== ---- pam.orig/modules/pam_warn/pam_warn.8.xml -+++ pam/modules/pam_warn/pam_warn.8.xml -@@ -90,7 +90,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/modules/pam_warn/pam_warn.8 -=================================================================== ---- pam.orig/modules/pam_warn/pam_warn.8 -+++ pam/modules/pam_warn/pam_warn.8 -@@ -83,7 +83,7 @@ - .PP - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_warn was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&. -Index: pam/modules/pam_wheel/pam_wheel.8.xml -=================================================================== ---- pam.orig/modules/pam_wheel/pam_wheel.8.xml -+++ pam/modules/pam_wheel/pam_wheel.8.xml -@@ -213,7 +213,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/modules/pam_wheel/pam_wheel.8 -=================================================================== ---- pam.orig/modules/pam_wheel/pam_wheel.8 -+++ pam/modules/pam_wheel/pam_wheel.8 -@@ -136,7 +136,7 @@ - .PP - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_wheel was written by Cristian Gafton <gafton@redhat\&.com>\&. -Index: pam/modules/pam_xauth/pam_xauth.8.xml -=================================================================== ---- pam.orig/modules/pam_xauth/pam_xauth.8.xml -+++ pam/modules/pam_xauth/pam_xauth.8.xml -@@ -276,7 +276,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/modules/pam_xauth/pam_xauth.8 -=================================================================== ---- pam.orig/modules/pam_xauth/pam_xauth.8 -+++ pam/modules/pam_xauth/pam_xauth.8 -@@ -177,7 +177,7 @@ - .PP - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_xauth was written by Nalin Dahyabhai <nalin@redhat\&.com>, based on original version by Michael K\&. Johnson <johnsonm@redhat\&.com>\&. -Index: pam/modules/pam_env/pam_env.8 -=================================================================== ---- pam.orig/modules/pam_env/pam_env.8 -+++ pam/modules/pam_env/pam_env.8 -@@ -7,7 +7,7 @@ - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_ENV" "8" "09/03/2021" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_ENV" "7" "09/03/2021" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -Index: pam/modules/pam_pwhistory/pam_pwhistory.8.xml -=================================================================== ---- pam.orig/modules/pam_pwhistory/pam_pwhistory.8.xml -+++ pam/modules/pam_pwhistory/pam_pwhistory.8.xml -@@ -229,7 +229,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - <citerefentry> - <refentrytitle>pam_get_authtok</refentrytitle><manvolnum>3</manvolnum> -Index: pam/modules/pam_pwhistory/pam_pwhistory.8 -=================================================================== ---- pam.orig/modules/pam_pwhistory/pam_pwhistory.8 -+++ pam/modules/pam_pwhistory/pam_pwhistory.8 -@@ -156,7 +156,7 @@ - .PP - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - \fBpam_get_authtok\fR(3) - .SH "AUTHOR" - .PP -Index: pam/modules/pam_sepermit/sepermit.conf.5.xml -=================================================================== ---- pam.orig/modules/pam_sepermit/sepermit.conf.5.xml -+++ pam/modules/pam_sepermit/sepermit.conf.5.xml -@@ -96,7 +96,7 @@ - <para> - <citerefentry><refentrytitle>pam_sepermit</refentrytitle><manvolnum>8</manvolnum></citerefentry>, - <citerefentry><refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>, -- <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry>, -+ <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum></citerefentry>, - <citerefentry><refentrytitle>selinux</refentrytitle><manvolnum>8</manvolnum></citerefentry>, - </para> - </refsect1> -Index: pam/modules/pam_sepermit/sepermit.conf.5 -=================================================================== ---- pam.orig/modules/pam_sepermit/sepermit.conf.5 -+++ pam/modules/pam_sepermit/sepermit.conf.5 -@@ -110,7 +110,7 @@ - .PP - \fBpam_sepermit\fR(8), - \fBpam.d\fR(5), --\fBpam\fR(8), -+\fBpam\fR(7), - \fBselinux\fR(8), - .SH "AUTHOR" - .PP -Index: pam/modules/pam_timestamp/pam_timestamp.8.xml -=================================================================== ---- pam.orig/modules/pam_timestamp/pam_timestamp.8.xml -+++ pam/modules/pam_timestamp/pam_timestamp.8.xml -@@ -193,7 +193,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/modules/pam_timestamp/pam_timestamp.8 -=================================================================== ---- pam.orig/modules/pam_timestamp/pam_timestamp.8 -+++ pam/modules/pam_timestamp/pam_timestamp.8 -@@ -129,7 +129,7 @@ - \fBpam_timestamp_check\fR(8), - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_timestamp was written by Nalin Dahyabhai\&. -Index: pam/modules/pam_timestamp/pam_timestamp_check.8.xml -=================================================================== ---- pam.orig/modules/pam_timestamp/pam_timestamp_check.8.xml -+++ pam/modules/pam_timestamp/pam_timestamp_check.8.xml -@@ -192,7 +192,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/modules/pam_timestamp/pam_timestamp_check.8 -=================================================================== ---- pam.orig/modules/pam_timestamp/pam_timestamp_check.8 -+++ pam/modules/pam_timestamp/pam_timestamp_check.8 -@@ -127,7 +127,7 @@ - \fBpam_timestamp_check\fR(8), - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_timestamp was written by Nalin Dahyabhai\&. -Index: pam/modules/pam_tty_audit/pam_tty_audit.8.xml -=================================================================== ---- pam.orig/modules/pam_tty_audit/pam_tty_audit.8.xml -+++ pam/modules/pam_tty_audit/pam_tty_audit.8.xml -@@ -181,7 +181,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/modules/pam_tty_audit/pam_tty_audit.8 -=================================================================== ---- pam.orig/modules/pam_tty_audit/pam_tty_audit.8 -+++ pam/modules/pam_tty_audit/pam_tty_audit.8 -@@ -129,7 +129,7 @@ - \fBaureport\fR(8), - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_tty_audit was written by Miloslav Trmač <mitr@redhat\&.com>\&. The log_passwd option was added by Richard Guy Briggs <rgb@redhat\&.com>\&. -Index: pam/doc/man/pam_get_authtok.3.xml -=================================================================== ---- pam.orig/doc/man/pam_get_authtok.3.xml -+++ pam/doc/man/pam_get_authtok.3.xml -@@ -232,7 +232,7 @@ - <title>SEE ALSO</title> - <para> - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/doc/man/pam_get_authtok.3 -=================================================================== ---- pam.orig/doc/man/pam_get_authtok.3 -+++ pam/doc/man/pam_get_authtok.3 -@@ -162,7 +162,7 @@ - .RE - .SH "SEE ALSO" - .PP --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "STANDARDS" - .PP - The diff --git a/debian/patches-applied/do_not_check_nis_accidentally b/debian/patches-applied/do_not_check_nis_accidentally deleted file mode 100644 index 29ce6097..00000000 --- a/debian/patches-applied/do_not_check_nis_accidentally +++ /dev/null @@ -1,22 +0,0 @@ -Patch for Debian bug #469635 - -Always call _unix_getpwnam() consistent with the value of the 'nis' -option, so that we only grab from the backends we're expecting. - -Authors: Quentin Godfroy <godfroy@clipper.ens.fr> - -Upstream status: should be submitted - -Index: pam/modules/pam_unix/pam_unix_passwd.c -=================================================================== ---- pam.orig/modules/pam_unix/pam_unix_passwd.c -+++ pam/modules/pam_unix/pam_unix_passwd.c -@@ -669,7 +669,7 @@ - return PAM_USER_UNKNOWN; - } else { - struct passwd *pwd; -- _unix_getpwnam(pamh, user, 1, 1, &pwd); -+ _unix_getpwnam(pamh, user, 1, on(UNIX_NIS, ctrl), &pwd); - if (pwd == NULL) { - pam_syslog(pamh, LOG_DEBUG, - "user \"%s\" has corrupted passwd entry", diff --git a/debian/patches-applied/fix-autoreconf.patch b/debian/patches-applied/fix-autoreconf.patch deleted file mode 100644 index bdd96262..00000000 --- a/debian/patches-applied/fix-autoreconf.patch +++ /dev/null @@ -1,27 +0,0 @@ -From: Andreas Henriksson <andreas@fatal.se> -Date: Thu, 8 Nov 2018 19:09:21 +0100 -Subject: fix-autoreconf.patch - -Do not override user variables in Makefile.am, see the -"Flag Variables Ordering" section of the automake manual. ---- - doc/specs/Makefile.am | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -Index: pam/doc/specs/Makefile.am -=================================================================== ---- pam.orig/doc/specs/Makefile.am -+++ pam/doc/specs/Makefile.am -@@ -12,9 +12,9 @@ - AM_YFLAGS = -d - - CC = @CC_FOR_BUILD@ --CPPFLAGS = @BUILD_CPPFLAGS@ --CFLAGS = @BUILD_CFLAGS@ --LDFLAGS = @BUILD_LDFLAGS@ -+AM_CPPFLAGS = @BUILD_CPPFLAGS@ -+AM_CFLAGS = @BUILD_CFLAGS@ -+AM_LDFLAGS = @BUILD_LDFLAGS@ - - padout_CFLAGS = $(WARN_CFLAGS) -Wno-unused-function -Wno-sign-compare - diff --git a/debian/patches-applied/hurd_no_setfsuid b/debian/patches-applied/hurd_no_setfsuid deleted file mode 100644 index 00610a87..00000000 --- a/debian/patches-applied/hurd_no_setfsuid +++ /dev/null @@ -1,77 +0,0 @@ -On systems without setfsuid(), use setreuid() instead. - -Authors: Steve Langasek <vorlon@debian.org> - -Upstream status: to be forwarded, now that pam_modutil_{drop,regain}_priv - are implemented - -Index: pam/libpam/pam_modutil_priv.c -=================================================================== ---- pam.orig/libpam/pam_modutil_priv.c -+++ pam/libpam/pam_modutil_priv.c -@@ -14,7 +14,9 @@ - #include <syslog.h> - #include <pwd.h> - #include <grp.h> -+#ifdef HAVE_SYS_FSUID_H - #include <sys/fsuid.h> -+#endif /* HAVE_SYS_FSUID_H */ - - /* - * Two setfsuid() calls in a row are necessary to check -@@ -22,17 +24,55 @@ - */ - static int change_uid(uid_t uid, uid_t *save) - { -+#ifdef HAVE_SYS_FSUID_H - uid_t tmp = setfsuid(uid); - if (save) - *save = tmp; - return (uid_t) setfsuid(uid) == uid ? 0 : -1; -+#else -+ uid_t euid = geteuid(); -+ uid_t ruid = getuid(); -+ if (save) -+ *save = ruid; -+ if (ruid == uid && uid != 0) -+ if (setreuid(euid, uid)) -+ return -1; -+ else { -+ setreuid(0, -1); -+ if (setreuid(-1, uid)) { -+ setreuid(-1, 0); -+ setreuid(0, -1); -+ if (setreuid(-1, uid)) -+ return -1; -+ } -+ } -+#endif - } - static int change_gid(gid_t gid, gid_t *save) - { -+#ifdef HAVE_SYS_FSUID_H - gid_t tmp = setfsgid(gid); - if (save) - *save = tmp; - return (gid_t) setfsgid(gid) == gid ? 0 : -1; -+#else -+ gid_t egid = getegid(); -+ gid_t rgid = getgid(); -+ if (save) -+ *save = rgid; -+ if (rgid == gid) -+ if (setregid(egid, gid)) -+ return -1; -+ else { -+ setregid(0, -1); -+ if (setregid(-1, gid)) { -+ setregid(-1, 0); -+ setregid(0, -1); -+ if (setregid(-1, gid)) -+ return -1; -+ } -+ } -+#endif - } - - static int cleanup(struct pam_modutil_privs *p) diff --git a/debian/patches-applied/lib_security_multiarch_compat b/debian/patches-applied/lib_security_multiarch_compat deleted file mode 100644 index e386ff39..00000000 --- a/debian/patches-applied/lib_security_multiarch_compat +++ /dev/null @@ -1,72 +0,0 @@ -Unqualified module paths should always be looked up in *both* the default -module dir, *and* the ISA dir. That's what paths are for. - -This lets us have a soft transition to multiarch for modules without having -to rewrite /etc/pam.d/ files or add ugly symlinks. - -Authors: Steve Langasek <vorlon@debian.org> - -Upstream status: not ready to be committed - this needs tweaked, we're -currently abusing the existing variables and inverting their meaning in -order to get everything installed where we want it and get absolute paths -the way we want them. - -Index: pam-1.4.0/libpam/pam_handlers.c -=================================================================== ---- pam-1.4.0.orig/libpam/pam_handlers.c -+++ pam-1.4.0/libpam/pam_handlers.c -@@ -735,7 +735,27 @@ _pam_load_module(pam_handle_t *pamh, con - success = PAM_ABORT; - - D(("_pam_load_module: _pam_dlopen(%s)", mod_path)); -- mod->dl_handle = _pam_dlopen(mod_path); -+ if (mod_path[0] == '/') { -+ mod->dl_handle = _pam_dlopen(mod_path); -+ } else { -+ char *mod_full_path = NULL; -+ if (asprintf(&mod_full_path, "%s%s", -+ DEFAULT_MODULE_PATH, mod_path) >= 0) { -+ mod->dl_handle = _pam_dlopen(mod_full_path); -+ _pam_drop(mod_full_path); -+ } else { -+ pam_syslog(pamh, LOG_CRIT, "cannot malloc full mod path"); -+ } -+ if (!mod->dl_handle) { -+ if (asprintf(&mod_full_path, "%s/%s", -+ _PAM_ISA, mod_path) >= 0) { -+ mod->dl_handle = _pam_dlopen(mod_full_path); -+ _pam_drop(mod_full_path); -+ } else { -+ pam_syslog(pamh, LOG_CRIT, "cannot malloc full mod path"); -+ } -+ } -+ } - D(("_pam_load_module: _pam_dlopen'ed")); - D(("_pam_load_module: dlopen'ed")); - if (mod->dl_handle == NULL) { -@@ -812,7 +832,6 @@ int _pam_add_handler(pam_handle_t *pamh - struct handler **handler_p2; - struct handlers *the_handlers; - const char *sym, *sym2; -- char *mod_full_path; - servicefn func, func2; - int mod_type = PAM_MT_FAULTY_MOD; - -@@ -824,16 +843,7 @@ int _pam_add_handler(pam_handle_t *pamh - - if ((handler_type == PAM_HT_MODULE || handler_type == PAM_HT_SILENT_MODULE) && - mod_path != NULL) { -- if (mod_path[0] == '/') { -- mod = _pam_load_module(pamh, mod_path, handler_type); -- } else if (asprintf(&mod_full_path, "%s%s", -- DEFAULT_MODULE_PATH, mod_path) >= 0) { -- mod = _pam_load_module(pamh, mod_full_path, handler_type); -- _pam_drop(mod_full_path); -- } else { -- pam_syslog(pamh, LOG_CRIT, "cannot malloc full mod path"); -- return PAM_ABORT; -- } -+ mod = _pam_load_module(pamh, mod_path, handler_type); - - if (mod == NULL) { - /* if we get here with NULL it means allocation error */ diff --git a/debian/patches-applied/make_documentation_reproducible.patch b/debian/patches-applied/make_documentation_reproducible.patch deleted file mode 100644 index b6a4bfe3..00000000 --- a/debian/patches-applied/make_documentation_reproducible.patch +++ /dev/null @@ -1,19 +0,0 @@ -Description: Make documentation reproducible - Add LC_ALL=C.UTF-8 to w3m to avoid changes in the output when build the - documentation with different locales. -Author: Juan Picca <jumapico@gmail.com>, Steve Langasek <vorlon@debian.org> -Last-Update: 2019-01-06 - -Index: pam/configure.ac -=================================================================== ---- pam.orig/configure.ac -+++ pam/configure.ac -@@ -585,7 +585,7 @@ - - AC_PATH_PROG([BROWSER], [w3m]) - if test -n "$BROWSER"; then -- BROWSER="$BROWSER -T text/html -dump" -+ BROWSER="LC_ALL=C.UTF-8 $BROWSER -T text/html -dump" - else - AC_PATH_PROG([BROWSER], [elinks]) - if test -n "$BROWSER"; then diff --git a/debian/patches-applied/no_PATH_MAX_on_hurd b/debian/patches-applied/no_PATH_MAX_on_hurd deleted file mode 100644 index ab2403dd..00000000 --- a/debian/patches-applied/no_PATH_MAX_on_hurd +++ /dev/null @@ -1,22 +0,0 @@ -Description: define PATH_MAX for compatibility when it's not already set - Some platforms, such as the Hurd, don't set PATH_MAX. Set a reasonable - default value in this case. -Author: Steve Langasek <vorlon@debian.org> -Bug-Debian: http://bugs.debian.org/552043 - -Index: pam/tests/tst-dlopen.c -=================================================================== ---- pam.orig/tests/tst-dlopen.c -+++ pam/tests/tst-dlopen.c -@@ -16,6 +16,11 @@ - #include <limits.h> - #include <sys/stat.h> - -+/* Hurd compatibility */ -+#ifndef PATH_MAX -+#define PATH_MAX 4096 -+#endif -+ - /* Simple program to see if dlopen() would succeed. */ - int main(int argc, char **argv) - { diff --git a/debian/patches-applied/nullok_secure-compat.patch b/debian/patches-applied/nullok_secure-compat.patch deleted file mode 100644 index d85aa9fe..00000000 --- a/debian/patches-applied/nullok_secure-compat.patch +++ /dev/null @@ -1,27 +0,0 @@ -Description: Support nullok_secure as a deprecated alias for nullok -Author: Steve Langasek <vorlon@debian.org> -Last-Update: 2020-08-11 - -Index: pam/modules/pam_unix/support.h -=================================================================== ---- pam.orig/modules/pam_unix/support.h -+++ pam/modules/pam_unix/support.h -@@ -102,8 +102,9 @@ - #define UNIX_YESCRYPT_PASS 32 /* new password hashes will use yescrypt */ - #define UNIX_NULLRESETOK 33 /* allow empty password if password reset is enforced */ - #define UNIX_OBSCURE_CHECKS 34 /* enable obscure checks on passwords */ -+#define UNIX_NULLOK_SECURE 35 /* deprecated alias for nullok */ - /* -------------- */ --#define UNIX_CTRLS_ 35 /* number of ctrl arguments defined */ -+#define UNIX_CTRLS_ 36 /* number of ctrl arguments defined */ - - #define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl)&&off(UNIX_GOST_YESCRYPT_PASS,ctrl)&&off(UNIX_YESCRYPT_PASS,ctrl)) - -@@ -147,6 +148,7 @@ - /* UNIX_YESCRYPT_PASS */ {"yescrypt", _ALL_ON_^(0x6EC22000ULL), 0x40000000, 1}, - /* UNIX_NULLRESETOK */ {"nullresetok", _ALL_ON_, 0x80000000, 0}, - /* UNIX_OBSCURE_CHECKS */ {"obscure", _ALL_ON_, 0x100000000, 0}, -+/* UNIX_NULLOK_SECURE */ {"nullok_secure", _ALL_ON_^(0x200ULL), 0, 0}, - }; - - #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) diff --git a/debian/patches-applied/pam-limits-nofile-fd-setsize-cap b/debian/patches-applied/pam-limits-nofile-fd-setsize-cap deleted file mode 100644 index 9c0503c7..00000000 --- a/debian/patches-applied/pam-limits-nofile-fd-setsize-cap +++ /dev/null @@ -1,60 +0,0 @@ -From: Robie Basak <robie.basak@ubuntu.com> -Subject: pam_limits: cap the default soft nofile limit read from pid 1 to FD_SETSIZE - -Cap the default soft nofile limit read from pid 1 to FD_SETSIZE since -larger values can cause problems with fd_set overflow and systemd sets -itself higher. - -See: -https://lists.ubuntu.com/archives/ubuntu-devel/2010-September/031446.html -http://www.outflux.net/blog/archives/2014/06/13/5-year-old-glibc-select-weakness-fixed/ -https://sourceware.org/bugzilla/show_bug.cgi?id=10352 -https://github.com/systemd/systemd/commit/4096d6f5879aef73e20dd7b62a01f447629945b0 - -pam_limits reads the default limits from /proc/1/limits. Previously, -using upstart, this resulted in a 1024 nofile soft limit on Ubuntu -systems by default. Using systemd, this results in a limit of 65536 -instead. This is not the intention of systemd upstream. See systemd -commit 4096d6f for an explanation of systemd's behaviour. - -If we want to make such a change to the default distribution soft limit -in PAM, we should do it deliberately and carefully, not accidentally. A -change should consider what uses select(2) and might inadvertently (and -incorrectly) assume that file descriptors will always fit into an -fd_set, what vulnerabilities or crashes the change could consequently -create, and whether the protection now present with FORTIFY_SOURCE is -suitably enabled in all relevant builds. - -So this keeps the soft limit at 1024 for now. The hard limit will rise -to 65536 along with systemd. Anything that knows that it will not be -buggy with respect to fd_set and FD_SETSIZE, such as by using poll(2) or -epoll(7) instead of select(2), can always raise the soft limit itself -without issue. - -20:54 <rbasak> slangasek: [...] I'm also not sure how to go about -upstreaming this as pam_limits seems to be heavily patched already. - -Forwarded: no -Reviewed-by: Adam Conrad <adconrad@ubuntu.com> -Reviewed-by: Martin Pitt <martin.pitt@ubuntu.com> -Last-Update: 2015-04-22 - -Index: pam/modules/pam_limits/pam_limits.c -=================================================================== ---- pam.orig/modules/pam_limits/pam_limits.c -+++ pam/modules/pam_limits/pam_limits.c -@@ -450,6 +450,14 @@ - pl->limits[i].src_hard = LIMITS_DEF_KERNEL; - } - fclose(limitsfile); -+ -+ /* Cap the default soft nofile limit read from pid 1 to FD_SETSIZE -+ * since larger values can cause problems with fd_set overflow and -+ * systemd sets itself higher. */ -+ if (pl->limits[RLIMIT_NOFILE].src_soft == LIMITS_DEF_KERNEL && -+ pl->limits[RLIMIT_NOFILE].limit.rlim_cur > FD_SETSIZE) { -+ pl->limits[RLIMIT_NOFILE].limit.rlim_cur = FD_SETSIZE; -+ } - } - - static int init_limits(pam_handle_t *pamh, struct pam_limit_s *pl, int ctrl) diff --git a/debian/patches-applied/pam_mkhomedir_stat_before_opendir b/debian/patches-applied/pam_mkhomedir_stat_before_opendir deleted file mode 100644 index aec49b69..00000000 --- a/debian/patches-applied/pam_mkhomedir_stat_before_opendir +++ /dev/null @@ -1,25 +0,0 @@ -Index: pam/modules/pam_mkhomedir/mkhomedir_helper.c -=================================================================== ---- pam.orig/modules/pam_mkhomedir/mkhomedir_helper.c -+++ pam/modules/pam_mkhomedir/mkhomedir_helper.c -@@ -39,6 +39,7 @@ - DIR *d; - struct dirent *dent; - int retval = PAM_SESSION_ERR; -+ struct stat stat_buf; - - /* Create the new directory */ - if (mkdir(dest, 0700) && errno != EEXIST) -@@ -54,6 +55,12 @@ - goto go_out; - } - -+ /* Various things such as an autofs mount with browsing disabled -+ * can cause the directory to appear only on stat. The intent is -+ * to minimize network traversal when a file explorer tries to -+ * traverse large chunks of a directory tree. So stat first.*/ -+ stat(source, &stat_buf); -+ - /* Scan the directory */ - d = opendir(source); - if (d == NULL) diff --git a/debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch b/debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch deleted file mode 100644 index 6a9e525e..00000000 --- a/debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch +++ /dev/null @@ -1,25 +0,0 @@ -Dropping suid bits is not enough to let us trust the caller; the unix_chkpwd -helper could be sgid shadow instead of suid root, as it is in Debian and -Ubuntu by default. Drop any sgid bits as well. - -Authors: Steve Langasek <vorlon@debian.org>, - Michael Spang <mspang@csclub.uwaterloo.ca> - -Upstream status: to be submitted - -Index: pam/modules/pam_unix/unix_chkpwd.c -=================================================================== ---- pam.orig/modules/pam_unix/unix_chkpwd.c -+++ pam/modules/pam_unix/unix_chkpwd.c -@@ -138,9 +138,10 @@ - /* if the caller specifies the username, verify that user - matches it */ - if (user == NULL || strcmp(user, argv[1])) { -+ gid_t gid = getgid(); - user = argv[1]; - /* no match -> permanently change to the real user and proceed */ -- if (setuid(getuid()) != 0) -+ if (setresgid(gid, gid, gid) != 0 || setuid(getuid()) != 0) - return PAM_AUTH_ERR; - } - } diff --git a/debian/patches-applied/series b/debian/patches-applied/series deleted file mode 100644 index 3ea285ae..00000000 --- a/debian/patches-applied/series +++ /dev/null @@ -1,24 +0,0 @@ -pam_unix_dont_trust_chkpwd_caller.patch -make_documentation_reproducible.patch -007_modules_pam_unix -008_modules_pam_limits_chroot -021_nis_cleanup -022_pam_unix_group_time_miscfixes -026_pam_unix_passwd_unknown_user -do_not_check_nis_accidentally -027_pam_limits_better_init_allow_explicit_root -031_pam_include -032_pam_limits_EPERM_NOT_FATAL -036_pam_wheel_getlogin_considered_harmful -hurd_no_setfsuid -040_pam_limits_log_failure -045_pam_dispatch_jump_is_ignore -PAM-manpage-section -update-motd -no_PATH_MAX_on_hurd -lib_security_multiarch_compat -pam-limits-nofile-fd-setsize-cap -fix-autoreconf.patch -nullok_secure-compat.patch - -pam_mkhomedir_stat_before_opendir diff --git a/debian/patches-applied/update-motd b/debian/patches-applied/update-motd deleted file mode 100644 index 14d5fee4..00000000 --- a/debian/patches-applied/update-motd +++ /dev/null @@ -1,113 +0,0 @@ -Provide a more dynamic MOTD, based on the short-lived update-motd project. - -Authors: Dustin Kirkland <kirkland@canonical.com> - -Last-Update: 2019-02-12 -Forwarded: no -Bug-Ubuntu: https://bugs.launchpad.net/bugs/399071 - -Index: pam/modules/pam_motd/pam_motd.c -=================================================================== ---- pam.orig/modules/pam_motd/pam_motd.c -+++ pam/modules/pam_motd/pam_motd.c -@@ -352,6 +352,7 @@ - int argc, const char **argv) - { - int retval = PAM_IGNORE; -+ int do_update = 1; - const char *motd_path = NULL; - char *motd_path_copy = NULL; - unsigned int num_motd_paths = 0; -@@ -361,6 +362,7 @@ - unsigned int num_motd_dir_paths = 0; - char **motd_dir_path_split = NULL; - int report_missing; -+ struct stat st; - - if (flags & PAM_SILENT) { - return retval; -@@ -390,6 +392,9 @@ - "motd_dir= specification missing argument - ignored"); - } - } -+ else if (!strcmp(*argv,"noupdate")) { -+ do_update = 0; -+ } - else - pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); - } -@@ -402,6 +407,19 @@ - report_missing = 1; - } - -+ /* Run the update-motd dynamic motd scripts, outputting to /run/motd.dynamic. -+ This will be displayed only when calling pam_motd with -+ motd=/run/motd.dynamic; current /etc/pam.d/login and /etc/pam.d/sshd -+ display both this file and /etc/motd. */ -+ if (do_update && (stat("/etc/update-motd.d", &st) == 0) -+ && S_ISDIR(st.st_mode)) -+ { -+ mode_t old_mask = umask(0022); -+ if (!system("/usr/bin/env -i PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin run-parts --lsbsysinit /etc/update-motd.d > /run/motd.dynamic.new")) -+ rename("/run/motd.dynamic.new", "/run/motd.dynamic"); -+ umask(old_mask); -+ } -+ - if (motd_path != NULL) { - motd_path_copy = strdup(motd_path); - } -Index: pam/modules/pam_motd/pam_motd.8.xml -=================================================================== ---- pam.orig/modules/pam_motd/pam_motd.8.xml -+++ pam/modules/pam_motd/pam_motd.8.xml -@@ -115,6 +115,17 @@ - </para> - </listitem> - </varlistentry> -+ <varlistentry> -+ <term> -+ <option>noupdate</option> -+ </term> -+ <listitem> -+ <para> -+ Don't run the scripts in <filename>/etc/update-motd.d</filename> -+ to refresh the motd file. -+ </para> -+ </listitem> -+ </varlistentry> - </variablelist> - <para> - When no options are given, the default behavior applies for both -Index: pam/modules/pam_motd/pam_motd.8 -=================================================================== ---- pam.orig/modules/pam_motd/pam_motd.8 -+++ pam/modules/pam_motd/pam_motd.8 -@@ -109,6 +109,13 @@ - /etc/motd\&.d:/run/motd\&.d:/usr/lib/motd\&.d\&. - .RE - .PP -+\fBnoupdate\fR -+.RS 4 -+Don\*(Aqt run the scripts in -+/etc/update\-motd\&.d -+to refresh the motd file\&. -+.RE -+.PP - When no options are given, the default behavior applies for both options\&. Specifying either option (or both) will disable the default behavior for both options\&. - .SH "MODULE TYPES PROVIDED" - .PP -Index: pam/modules/pam_motd/README -=================================================================== ---- pam.orig/modules/pam_motd/README -+++ pam/modules/pam_motd/README -@@ -52,6 +52,10 @@ - colon-separated list. By default this option is set to /etc/motd.d:/run/ - motd.d:/usr/lib/motd.d. - -+noupdate -+ -+ Don't run the scripts in /etc/update-motd.d to refresh the motd file. -+ - When no options are given, the default behavior applies for both options. - Specifying either option (or both) will disable the default behavior for both - options. |