summaryrefslogtreecommitdiff
path: root/debian
diff options
context:
space:
mode:
Diffstat (limited to 'debian')
-rw-r--r--debian/patches-applied/007_modules_pam_unix136
-rw-r--r--debian/patches-applied/031_pam_include14
-rw-r--r--debian/patches-applied/045_pam_dispatch_jump_is_ignore14
-rw-r--r--debian/patches-applied/055_pam_unix_nullok_secure53
-rw-r--r--debian/patches-applied/PAM-manpage-section77
5 files changed, 154 insertions, 140 deletions
diff --git a/debian/patches-applied/007_modules_pam_unix b/debian/patches-applied/007_modules_pam_unix
index 95d2e354..5dae4064 100644
--- a/debian/patches-applied/007_modules_pam_unix
+++ b/debian/patches-applied/007_modules_pam_unix
@@ -2,7 +2,7 @@ Index: pam.debian/modules/pam_unix/pam_unix_passwd.c
===================================================================
--- pam.debian.orig/modules/pam_unix/pam_unix_passwd.c
+++ pam.debian/modules/pam_unix/pam_unix_passwd.c
-@@ -97,6 +97,9 @@
+@@ -102,6 +102,9 @@
# endif /* GNU libc 2.1 */
#endif
@@ -12,7 +12,7 @@ Index: pam.debian/modules/pam_unix/pam_unix_passwd.c
/*
How it works:
Gets in username (has to be done) from the calling program
-@@ -513,6 +516,11 @@
+@@ -521,6 +524,11 @@
return retval;
}
}
@@ -24,7 +24,7 @@ Index: pam.debian/modules/pam_unix/pam_unix_passwd.c
}
if (remark) {
_make_remark(pamh, ctrl, PAM_ERROR_MSG, remark);
-@@ -529,7 +537,7 @@
+@@ -536,7 +544,7 @@
int retval;
int remember = -1;
int rounds = -1;
@@ -37,7 +37,7 @@ Index: pam.debian/modules/pam_unix/support.h
===================================================================
--- pam.debian.orig/modules/pam_unix/support.h
+++ pam.debian/modules/pam_unix/support.h
-@@ -90,8 +90,9 @@
+@@ -97,8 +97,9 @@
password hash algorithms */
#define UNIX_BLOWFISH_PASS 26 /* new password hashes will use blowfish */
#define UNIX_MIN_PASS_LEN 27 /* min length for password */
@@ -48,67 +48,67 @@ Index: pam.debian/modules/pam_unix/support.h
#define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl))
-@@ -100,34 +101,35 @@
+@@ -107,34 +108,35 @@
/* symbol token name ctrl mask ctrl *
* ----------------------- ------------------- --------------------- -------- */
--/* UNIX__OLD_PASSWD */ {NULL, _ALL_ON_, 01},
--/* UNIX__VERIFY_PASSWD */ {NULL, _ALL_ON_, 02},
--/* UNIX__IAMROOT */ {NULL, _ALL_ON_, 04},
--/* UNIX_AUDIT */ {"audit", _ALL_ON_, 010},
--/* UNIX_USE_FIRST_PASS */ {"use_first_pass", _ALL_ON_^(060), 020},
--/* UNIX_TRY_FIRST_PASS */ {"try_first_pass", _ALL_ON_^(060), 040},
--/* UNIX_NOT_SET_PASS */ {"not_set_pass", _ALL_ON_, 0100},
--/* UNIX__PRELIM */ {NULL, _ALL_ON_^(0600), 0200},
--/* UNIX__UPDATE */ {NULL, _ALL_ON_^(0600), 0400},
--/* UNIX__NONULL */ {NULL, _ALL_ON_, 01000},
--/* UNIX__QUIET */ {NULL, _ALL_ON_, 02000},
--/* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 04000},
--/* UNIX_SHADOW */ {"shadow", _ALL_ON_, 010000},
--/* UNIX_MD5_PASS */ {"md5", _ALL_ON_^(0260420000), 020000},
--/* UNIX__NULLOK */ {"nullok", _ALL_ON_^(01000), 0},
--/* UNIX_DEBUG */ {"debug", _ALL_ON_, 040000},
--/* UNIX_NODELAY */ {"nodelay", _ALL_ON_, 0100000},
--/* UNIX_NIS */ {"nis", _ALL_ON_, 0200000},
--/* UNIX_BIGCRYPT */ {"bigcrypt", _ALL_ON_^(0260420000), 0400000},
--/* UNIX_LIKE_AUTH */ {"likeauth", _ALL_ON_, 01000000},
--/* UNIX_REMEMBER_PASSWD */ {"remember=", _ALL_ON_, 02000000},
--/* UNIX_NOREAP */ {"noreap", _ALL_ON_, 04000000},
--/* UNIX_BROKEN_SHADOW */ {"broken_shadow", _ALL_ON_, 010000000},
--/* UNIX_SHA256_PASS */ {"sha256", _ALL_ON_^(0260420000), 020000000},
--/* UNIX_SHA512_PASS */ {"sha512", _ALL_ON_^(0260420000), 040000000},
--/* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0100000000},
--/* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0260420000), 0200000000},
--/* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0400000000},
-+/* UNIX__OLD_PASSWD */ {NULL, _ALL_ON_, 0x1},
-+/* UNIX__VERIFY_PASSWD */ {NULL, _ALL_ON_, 0x2},
-+/* UNIX__IAMROOT */ {NULL, _ALL_ON_, 0x4},
-+/* UNIX_AUDIT */ {"audit", _ALL_ON_, 0x8},
-+/* UNIX_USE_FIRST_PASS */ {"use_first_pass", _ALL_ON_^(0x30), 0x10},
-+/* UNIX_TRY_FIRST_PASS */ {"try_first_pass", _ALL_ON_^(0x30), 0x20},
-+/* UNIX_NOT_SET_PASS */ {"not_set_pass", _ALL_ON_, 0x40},
-+/* UNIX__PRELIM */ {NULL, _ALL_ON_^(0x180), 0x80},
-+/* UNIX__UPDATE */ {NULL, _ALL_ON_^(0x180), 0x100},
-+/* UNIX__NONULL */ {NULL, _ALL_ON_, 0x200},
-+/* UNIX__QUIET */ {NULL, _ALL_ON_, 0x400},
-+/* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 0x800},
-+/* UNIX_SHADOW */ {"shadow", _ALL_ON_, 0x1000},
-+/* UNIX_MD5_PASS */ {"md5", _ALL_ON_^(0x2C22000), 0x2000},
-+/* UNIX__NULLOK */ {"nullok", _ALL_ON_^(0x200), 0},
-+/* UNIX_DEBUG */ {"debug", _ALL_ON_, 0x4000},
-+/* UNIX_NODELAY */ {"nodelay", _ALL_ON_, 0x8000},
-+/* UNIX_NIS */ {"nis", _ALL_ON_, 0x10000},
-+/* UNIX_BIGCRYPT */ {"bigcrypt", _ALL_ON_^(0x2C22000), 0x20000},
-+/* UNIX_LIKE_AUTH */ {"likeauth", _ALL_ON_, 0x40000},
-+/* UNIX_REMEMBER_PASSWD */ {"remember=", _ALL_ON_, 0x80000},
-+/* UNIX_NOREAP */ {"noreap", _ALL_ON_, 0x100000},
-+/* UNIX_BROKEN_SHADOW */ {"broken_shadow", _ALL_ON_, 0x200000},
-+/* UNIX_SHA256_PASS */ {"sha256", _ALL_ON_^(0x2C22000), 0x400000},
-+/* UNIX_SHA512_PASS */ {"sha512", _ALL_ON_^(0x2C22000), 0x800000},
-+/* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0x1000000},
-+/* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0x2C22000),0x2000000},
-+/* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0x4000000},
-+/* UNIX_OBSCURE_CHECKS */ {"obscure", _ALL_ON_, 0x8000000},
+-/* UNIX__OLD_PASSWD */ {NULL, _ALL_ON_, 01, 0},
+-/* UNIX__VERIFY_PASSWD */ {NULL, _ALL_ON_, 02, 0},
+-/* UNIX__IAMROOT */ {NULL, _ALL_ON_, 04, 0},
+-/* UNIX_AUDIT */ {"audit", _ALL_ON_, 010, 0},
+-/* UNIX_USE_FIRST_PASS */ {"use_first_pass", _ALL_ON_^(060), 020, 0},
+-/* UNIX_TRY_FIRST_PASS */ {"try_first_pass", _ALL_ON_^(060), 040, 0},
+-/* UNIX_NOT_SET_PASS */ {"not_set_pass", _ALL_ON_, 0100, 0},
+-/* UNIX__PRELIM */ {NULL, _ALL_ON_^(0600), 0200, 0},
+-/* UNIX__UPDATE */ {NULL, _ALL_ON_^(0600), 0400, 0},
+-/* UNIX__NONULL */ {NULL, _ALL_ON_, 01000, 0},
+-/* UNIX__QUIET */ {NULL, _ALL_ON_, 02000, 0},
+-/* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 04000, 0},
+-/* UNIX_SHADOW */ {"shadow", _ALL_ON_, 010000, 0},
+-/* UNIX_MD5_PASS */ {"md5", _ALL_ON_^(0260420000), 020000, 1},
+-/* UNIX__NULLOK */ {"nullok", _ALL_ON_^(01000), 0, 0},
+-/* UNIX_DEBUG */ {"debug", _ALL_ON_, 040000, 0},
+-/* UNIX_NODELAY */ {"nodelay", _ALL_ON_, 0100000, 0},
+-/* UNIX_NIS */ {"nis", _ALL_ON_, 0200000, 0},
+-/* UNIX_BIGCRYPT */ {"bigcrypt", _ALL_ON_^(0260420000), 0400000, 1},
+-/* UNIX_LIKE_AUTH */ {"likeauth", _ALL_ON_, 01000000, 0},
+-/* UNIX_REMEMBER_PASSWD */ {"remember=", _ALL_ON_, 02000000, 0},
+-/* UNIX_NOREAP */ {"noreap", _ALL_ON_, 04000000, 0},
+-/* UNIX_BROKEN_SHADOW */ {"broken_shadow", _ALL_ON_, 010000000, 0},
+-/* UNIX_SHA256_PASS */ {"sha256", _ALL_ON_^(0260420000), 020000000, 1},
+-/* UNIX_SHA512_PASS */ {"sha512", _ALL_ON_^(0260420000), 040000000, 1},
+-/* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0100000000, 0},
+-/* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0260420000), 0200000000, 1},
+-/* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0400000000, 0},
++/* UNIX__OLD_PASSWD */ {NULL, _ALL_ON_, 0x1, 0},
++/* UNIX__VERIFY_PASSWD */ {NULL, _ALL_ON_, 0x2, 0},
++/* UNIX__IAMROOT */ {NULL, _ALL_ON_, 0x4, 0},
++/* UNIX_AUDIT */ {"audit", _ALL_ON_, 0x8, 0},
++/* UNIX_USE_FIRST_PASS */ {"use_first_pass", _ALL_ON_^(0x30), 0x10, 0},
++/* UNIX_TRY_FIRST_PASS */ {"try_first_pass", _ALL_ON_^(0x30), 0x20, 0},
++/* UNIX_NOT_SET_PASS */ {"not_set_pass", _ALL_ON_, 0x40, 0},
++/* UNIX__PRELIM */ {NULL, _ALL_ON_^(0x180), 0x80, 0},
++/* UNIX__UPDATE */ {NULL, _ALL_ON_^(0x180), 0x100, 0},
++/* UNIX__NONULL */ {NULL, _ALL_ON_, 0x200, 0},
++/* UNIX__QUIET */ {NULL, _ALL_ON_, 0x400, 0},
++/* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 0x800, 0},
++/* UNIX_SHADOW */ {"shadow", _ALL_ON_, 0x1000, 0},
++/* UNIX_MD5_PASS */ {"md5", _ALL_ON_^(0x2C22000), 0x2000, 1},
++/* UNIX__NULLOK */ {"nullok", _ALL_ON_^(0x200), 0, 0},
++/* UNIX_DEBUG */ {"debug", _ALL_ON_, 0x4000, 0},
++/* UNIX_NODELAY */ {"nodelay", _ALL_ON_, 0x8000, 0},
++/* UNIX_NIS */ {"nis", _ALL_ON_, 0x10000, 0},
++/* UNIX_BIGCRYPT */ {"bigcrypt", _ALL_ON_^(0x2C22000), 0x20000, 1},
++/* UNIX_LIKE_AUTH */ {"likeauth", _ALL_ON_, 0x40000, 0},
++/* UNIX_REMEMBER_PASSWD */ {"remember=", _ALL_ON_, 0x80000, 0},
++/* UNIX_NOREAP */ {"noreap", _ALL_ON_, 0x100000, 0},
++/* UNIX_BROKEN_SHADOW */ {"broken_shadow", _ALL_ON_, 0x200000, 0},
++/* UNIX_SHA256_PASS */ {"sha256", _ALL_ON_^(0x2C22000), 0x400000, 1},
++/* UNIX_SHA512_PASS */ {"sha512", _ALL_ON_^(0x2C22000), 0x800000, 1},
++/* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0x1000000, 0},
++/* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0x2C22000),0x2000000, 1},
++/* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0x4000000, 0},
++/* UNIX_OBSCURE_CHECKS */ {"obscure", _ALL_ON_, 0x8000000, 0},
};
#define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag)
@@ -116,7 +116,7 @@ Index: pam.debian/modules/pam_unix/pam_unix.8.xml
===================================================================
--- pam.debian.orig/modules/pam_unix/pam_unix.8.xml
+++ pam.debian/modules/pam_unix/pam_unix.8.xml
-@@ -333,8 +333,81 @@
+@@ -337,8 +337,81 @@
<listitem>
<para>
Set a minimum password length of <replaceable>n</replaceable>
@@ -407,20 +407,20 @@ Index: pam.debian/modules/pam_unix/Makefile.am
===================================================================
--- pam.debian.orig/modules/pam_unix/Makefile.am
+++ pam.debian/modules/pam_unix/Makefile.am
-@@ -42,7 +42,7 @@
+@@ -43,7 +43,7 @@
pam_unix_la_SOURCES = bigcrypt.c pam_unix_acct.c \
pam_unix_auth.c pam_unix_passwd.c pam_unix_sess.c support.c \
- passverify.c yppasswd_xdr.c md5_good.c md5_broken.c
+ passverify.c yppasswd_xdr.c md5_good.c md5_broken.c obscure.c
-
- bigcrypt_SOURCES = bigcrypt.c bigcrypt_main.c
- bigcrypt_CFLAGS = $(AM_CFLAGS)
+ if STATIC_MODULES
+ pam_unix_la_SOURCES += pam_unix_static.c
+ endif
Index: pam.debian/modules/pam_unix/pam_unix.8
===================================================================
--- pam.debian.orig/modules/pam_unix/pam_unix.8
+++ pam.debian/modules/pam_unix/pam_unix.8
-@@ -178,7 +178,38 @@
+@@ -183,7 +183,38 @@
.RS 4
Set a minimum password length of
\fIn\fR
diff --git a/debian/patches-applied/031_pam_include b/debian/patches-applied/031_pam_include
index 23962ad1..da689047 100644
--- a/debian/patches-applied/031_pam_include
+++ b/debian/patches-applied/031_pam_include
@@ -4,10 +4,10 @@ Authors: Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>
Upstream status: not yet submitted
-Index: pam.deb/libpam/pam_handlers.c
+Index: pam.debian/libpam/pam_handlers.c
===================================================================
---- pam.deb.orig/libpam/pam_handlers.c
-+++ pam.deb/libpam/pam_handlers.c
+--- pam.debian.orig/libpam/pam_handlers.c
++++ pam.debian/libpam/pam_handlers.c
@@ -122,6 +122,10 @@
module_type = PAM_T_ACCT;
} else if (!strcasecmp("password", tok)) {
@@ -27,13 +27,13 @@ Index: pam.deb/libpam/pam_handlers.c
tok = _pam_StrTok(NULL, " \n\t", &nexttok);
if (pam_include) {
+ struct stat include_dir;
- if (substack) {
+ if (substack) {
res = _pam_add_handler(pamh, PAM_HT_SUBSTACK, other,
- stack_level, module_type, actions, tok,
+ stack_level, module_type, actions, tok,
@@ -204,13 +210,35 @@
return PAM_ABORT;
- }
- }
+ }
+ }
- if (_pam_load_conf_file(pamh, tok, this_service, module_type,
- stack_level + substack
+ if (tok[0] == '/') {
diff --git a/debian/patches-applied/045_pam_dispatch_jump_is_ignore b/debian/patches-applied/045_pam_dispatch_jump_is_ignore
index 672ab44d..0e3491d3 100644
--- a/debian/patches-applied/045_pam_dispatch_jump_is_ignore
+++ b/debian/patches-applied/045_pam_dispatch_jump_is_ignore
@@ -4,11 +4,11 @@ the chain and PAM_OK (aka required) in the frozen part of the chain.
No one on pam-list was able to explain this behavior, so I changed it
to be consistent.
-Index: pam.deb/libpam/pam_dispatch.c
+Index: pam.debian/libpam/pam_dispatch.c
===================================================================
---- pam.deb.orig/libpam/pam_dispatch.c
-+++ pam.deb/libpam/pam_dispatch.c
-@@ -251,19 +251,7 @@
+--- pam.debian.orig/libpam/pam_dispatch.c
++++ pam.debian/libpam/pam_dispatch.c
+@@ -254,19 +254,7 @@
if ( _PAM_ACTION_IS_JUMP(action) ) {
/* If we are evaluating a cached chain, we treat this
@@ -19,10 +19,10 @@ Index: pam.deb/libpam/pam_dispatch.c
- if (impression == _PAM_UNDEF
- || (impression == _PAM_POSITIVE
- && status == PAM_SUCCESS) ) {
-- if ( retval != PAM_IGNORE || cached_retval == retval ) {
+- if ( retval != PAM_IGNORE || cached_retval == retval ) {
- impression = _PAM_POSITIVE;
-- status = retval;
-- }
+- status = retval;
+- }
- }
- }
+ module as ignored as well as executing the jump. */
diff --git a/debian/patches-applied/055_pam_unix_nullok_secure b/debian/patches-applied/055_pam_unix_nullok_secure
index f0b0a3d2..8c1b84c7 100644
--- a/debian/patches-applied/055_pam_unix_nullok_secure
+++ b/debian/patches-applied/055_pam_unix_nullok_secure
@@ -11,12 +11,11 @@ Index: pam.debian/modules/pam_unix/support.c
===================================================================
--- pam.debian.orig/modules/pam_unix/support.c
+++ pam.debian/modules/pam_unix/support.c
-@@ -84,14 +84,22 @@
+@@ -189,13 +189,22 @@
/* now parse the arguments to this module */
for (; argc-- > 0; ++argv) {
-- int j;
-+ int j, sl;
++ int sl;
D(("pam_unix arg: %s", *argv));
@@ -38,7 +37,7 @@ Index: pam.debian/modules/pam_unix/support.c
}
}
-@@ -461,6 +469,7 @@
+@@ -565,6 +574,7 @@
child = fork();
if (child == 0) {
int i=0;
@@ -46,7 +45,7 @@ Index: pam.debian/modules/pam_unix/support.c
struct rlimit rlim;
static char *envp[] = { NULL };
char *args[] = { NULL, NULL, NULL, NULL };
-@@ -488,7 +497,18 @@
+@@ -595,7 +605,18 @@
/* exec binary helper */
args[0] = strdup(CHKPWD_HELPER);
args[1] = x_strdup(user);
@@ -66,7 +65,7 @@ Index: pam.debian/modules/pam_unix/support.c
args[2]=strdup("nullok");
} else {
args[2]=strdup("nonull");
-@@ -567,6 +587,17 @@
+@@ -675,6 +696,17 @@
if (on(UNIX__NONULL, ctrl))
return 0; /* will fail but don't let on yet */
@@ -84,7 +83,7 @@ Index: pam.debian/modules/pam_unix/support.c
/* UNIX passwords area */
retval = get_pwd_hash(pamh, name, &pwd, &salt);
-@@ -653,7 +684,8 @@
+@@ -761,7 +793,8 @@
}
}
} else {
@@ -98,7 +97,7 @@ Index: pam.debian/modules/pam_unix/support.h
===================================================================
--- pam.debian.orig/modules/pam_unix/support.h
+++ pam.debian/modules/pam_unix/support.h
-@@ -91,8 +91,9 @@
+@@ -98,8 +98,9 @@
#define UNIX_BLOWFISH_PASS 26 /* new password hashes will use blowfish */
#define UNIX_MIN_PASS_LEN 27 /* min length for password */
#define UNIX_OBSCURE_CHECKS 28 /* enable obscure checks on passwords */
@@ -109,24 +108,24 @@ Index: pam.debian/modules/pam_unix/support.h
#define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl))
-@@ -110,7 +111,7 @@
- /* UNIX_NOT_SET_PASS */ {"not_set_pass", _ALL_ON_, 0x40},
- /* UNIX__PRELIM */ {NULL, _ALL_ON_^(0x180), 0x80},
- /* UNIX__UPDATE */ {NULL, _ALL_ON_^(0x180), 0x100},
--/* UNIX__NONULL */ {NULL, _ALL_ON_, 0x200},
-+/* UNIX__NONULL */ {NULL, _ALL_ON_^(0x10000000), 0x200},
- /* UNIX__QUIET */ {NULL, _ALL_ON_, 0x400},
- /* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 0x800},
- /* UNIX_SHADOW */ {"shadow", _ALL_ON_, 0x1000},
-@@ -130,6 +131,7 @@
- /* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0x2C22000),0x2000000},
- /* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0x4000000},
- /* UNIX_OBSCURE_CHECKS */ {"obscure", _ALL_ON_, 0x8000000},
-+/* UNIX_NULLOK_SECURE */ {"nullok_secure", _ALL_ON_^(0x200), 0x10000000},
+@@ -117,7 +118,7 @@
+ /* UNIX_NOT_SET_PASS */ {"not_set_pass", _ALL_ON_, 0x40, 0},
+ /* UNIX__PRELIM */ {NULL, _ALL_ON_^(0x180), 0x80, 0},
+ /* UNIX__UPDATE */ {NULL, _ALL_ON_^(0x180), 0x100, 0},
+-/* UNIX__NONULL */ {NULL, _ALL_ON_, 0x200, 0},
++/* UNIX__NONULL */ {NULL, _ALL_ON_^(0x10000000), 0x200, 0},
+ /* UNIX__QUIET */ {NULL, _ALL_ON_, 0x400, 0},
+ /* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 0x800, 0},
+ /* UNIX_SHADOW */ {"shadow", _ALL_ON_, 0x1000, 0},
+@@ -137,6 +138,7 @@
+ /* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0x2C22000),0x2000000, 1},
+ /* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0x4000000, 0},
+ /* UNIX_OBSCURE_CHECKS */ {"obscure", _ALL_ON_, 0x8000000, 0},
++/* UNIX_NULLOK_SECURE */ {"nullok_secure", _ALL_ON_^(0x200), 0x10000000, 0},
};
#define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag)
-@@ -165,6 +167,9 @@
+@@ -172,6 +174,9 @@
,const char *data_name
,const void **pass);
@@ -143,7 +142,7 @@ Index: pam.debian/modules/pam_unix/Makefile.am
@@ -30,7 +30,8 @@
pam_unix_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
endif
- pam_unix_la_LIBADD = -L$(top_builddir)/libpam -lpam \
+ pam_unix_la_LIBADD = $(top_builddir)/libpam/libpam.la \
- @LIBCRYPT@ @LIBSELINUX@ $(NIS_LIBS)
+ @LIBCRYPT@ @LIBSELINUX@ $(NIS_LIBS) \
+ ../pam_securetty/tty_secure.lo
@@ -154,7 +153,7 @@ Index: pam.debian/modules/pam_unix/README
===================================================================
--- pam.debian.orig/modules/pam_unix/README
+++ pam.debian/modules/pam_unix/README
-@@ -57,7 +57,16 @@
+@@ -58,7 +58,16 @@
The default action of this module is to not permit the user access to a
service if their official password is blank. The nullok argument overrides
@@ -176,7 +175,7 @@ Index: pam.debian/modules/pam_unix/pam_unix.8
===================================================================
--- pam.debian.orig/modules/pam_unix/pam_unix.8
+++ pam.debian/modules/pam_unix/pam_unix.8
-@@ -79,7 +79,14 @@
+@@ -82,7 +82,14 @@
.RS 4
The default action of this module is to not permit the user access to a service if their official password is blank\&. The
\fBnullok\fR
@@ -196,7 +195,7 @@ Index: pam.debian/modules/pam_unix/pam_unix.8.xml
===================================================================
--- pam.debian.orig/modules/pam_unix/pam_unix.8.xml
+++ pam.debian/modules/pam_unix/pam_unix.8.xml
-@@ -135,7 +135,24 @@
+@@ -137,7 +137,24 @@
<para>
The default action of this module is to not permit the
user access to a service if their official password is blank.
diff --git a/debian/patches-applied/PAM-manpage-section b/debian/patches-applied/PAM-manpage-section
index a6dbf7ca..5a4c846e 100644
--- a/debian/patches-applied/PAM-manpage-section
+++ b/debian/patches-applied/PAM-manpage-section
@@ -119,7 +119,7 @@ Index: pam.debian/modules/pam_limits/limits.conf.5
===================================================================
--- pam.debian.orig/modules/pam_limits/limits.conf.5
+++ pam.debian/modules/pam_limits/limits.conf.5
-@@ -327,7 +327,7 @@
+@@ -339,7 +339,7 @@
.PP
\fBpam_limits\fR(8),
\fBpam.d\fR(5),
@@ -132,7 +132,7 @@ Index: pam.debian/modules/pam_limits/limits.conf.5.xml
===================================================================
--- pam.debian.orig/modules/pam_limits/limits.conf.5.xml
+++ pam.debian/modules/pam_limits/limits.conf.5.xml
-@@ -332,7 +332,7 @@
+@@ -343,7 +343,7 @@
<para>
<citerefentry><refentrytitle>pam_limits</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
@@ -145,7 +145,7 @@ Index: pam.debian/modules/pam_namespace/namespace.conf.5
===================================================================
--- pam.debian.orig/modules/pam_namespace/namespace.conf.5
+++ pam.debian/modules/pam_namespace/namespace.conf.5
-@@ -150,7 +150,7 @@
+@@ -155,7 +155,7 @@
.PP
\fBpam_namespace\fR(8),
\fBpam.d\fR(5),
@@ -158,7 +158,7 @@ Index: pam.debian/modules/pam_namespace/namespace.conf.5.xml
===================================================================
--- pam.debian.orig/modules/pam_namespace/namespace.conf.5.xml
+++ pam.debian/modules/pam_namespace/namespace.conf.5.xml
-@@ -196,7 +196,7 @@
+@@ -204,7 +204,7 @@
<para>
<citerefentry><refentrytitle>pam_namespace</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
@@ -171,7 +171,7 @@ Index: pam.debian/modules/pam_time/time.conf.5
===================================================================
--- pam.debian.orig/modules/pam_time/time.conf.5
+++ pam.debian/modules/pam_time/time.conf.5
-@@ -108,7 +108,7 @@
+@@ -107,7 +107,7 @@
.PP
\fBpam_time\fR(8),
\fBpam.d\fR(5),
@@ -223,7 +223,7 @@ Index: pam.debian/modules/pam_cracklib/pam_cracklib.8
===================================================================
--- pam.debian.orig/modules/pam_cracklib/pam_cracklib.8
+++ pam.debian/modules/pam_cracklib/pam_cracklib.8
-@@ -345,7 +345,7 @@
+@@ -357,7 +357,7 @@
.PP
\fBpam.conf\fR(5),
\fBpam.d\fR(5),
@@ -236,7 +236,7 @@ Index: pam.debian/modules/pam_cracklib/pam_cracklib.8.xml
===================================================================
--- pam.debian.orig/modules/pam_cracklib/pam_cracklib.8.xml
+++ pam.debian/modules/pam_cracklib/pam_cracklib.8.xml
-@@ -532,7 +532,7 @@
+@@ -577,7 +577,7 @@
<refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
@@ -362,7 +362,7 @@ Index: pam.debian/modules/pam_exec/pam_exec.8
===================================================================
--- pam.debian.orig/modules/pam_exec/pam_exec.8
+++ pam.debian/modules/pam_exec/pam_exec.8
-@@ -147,7 +147,7 @@
+@@ -160,7 +160,7 @@
.PP
\fBpam.conf\fR(5),
\fBpam.d\fR(5),
@@ -370,12 +370,12 @@ Index: pam.debian/modules/pam_exec/pam_exec.8
+\fBpam\fR(7)
.SH "AUTHOR"
.PP
- pam_exec was written by Thorsten Kukuk <kukuk@thkukuk\&.de>\&.
+ pam_exec was written by Thorsten Kukuk <kukuk@thkukuk\&.de> and Josh Triplett <josh@joshtriplett\&.org>\&.
Index: pam.debian/modules/pam_exec/pam_exec.8.xml
===================================================================
--- pam.debian.orig/modules/pam_exec/pam_exec.8.xml
+++ pam.debian/modules/pam_exec/pam_exec.8.xml
-@@ -228,7 +228,7 @@
+@@ -257,7 +257,7 @@
<refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
@@ -544,7 +544,7 @@ Index: pam.debian/modules/pam_lastlog/pam_lastlog.8
===================================================================
--- pam.debian.orig/modules/pam_lastlog/pam_lastlog.8
+++ pam.debian/modules/pam_lastlog/pam_lastlog.8
-@@ -139,7 +139,7 @@
+@@ -173,7 +173,7 @@
.PP
\fBpam.conf\fR(5),
\fBpam.d\fR(5),
@@ -557,7 +557,7 @@ Index: pam.debian/modules/pam_lastlog/pam_lastlog.8.xml
===================================================================
--- pam.debian.orig/modules/pam_lastlog/pam_lastlog.8.xml
+++ pam.debian/modules/pam_lastlog/pam_lastlog.8.xml
-@@ -244,7 +244,7 @@
+@@ -298,7 +298,7 @@
<refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
@@ -752,7 +752,7 @@ Index: pam.debian/modules/pam_namespace/pam_namespace.8
===================================================================
--- pam.debian.orig/modules/pam_namespace/pam_namespace.8
+++ pam.debian/modules/pam_namespace/pam_namespace.8
-@@ -176,7 +176,7 @@
+@@ -178,7 +178,7 @@
\fBnamespace.conf\fR(5),
\fBpam.d\fR(5),
\fBmount\fR(8),
@@ -765,7 +765,7 @@ Index: pam.debian/modules/pam_namespace/pam_namespace.8.xml
===================================================================
--- pam.debian.orig/modules/pam_namespace/pam_namespace.8.xml
+++ pam.debian/modules/pam_namespace/pam_namespace.8.xml
-@@ -392,7 +392,7 @@
+@@ -399,7 +399,7 @@
<refentrytitle>mount</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
@@ -908,28 +908,43 @@ Index: pam.debian/modules/pam_selinux/pam_selinux.8
===================================================================
--- pam.debian.orig/modules/pam_selinux/pam_selinux.8
+++ pam.debian/modules/pam_selinux/pam_selinux.8
-@@ -123,7 +123,7 @@
- .PP
- \fBpam.conf\fR(5),
+@@ -2,12 +2,12 @@
+ .\" Title: pam_selinux
+ .\" Author: [see the "AUTHOR" section]
+ .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+-.\" Date: 06/18/2013
++.\" Date: 01/14/2014
+ .\" Manual: Linux-PAM Manual
+ .\" Source: Linux-PAM Manual
+ .\" Language: English
+ .\"
+-.TH "PAM_SELINUX" "8" "06/18/2013" "Linux-PAM Manual" "Linux\-PAM Manual"
++.TH "PAM_SELINUX" "8" "01/14/2014" "Linux-PAM Manual" "Linux\-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+@@ -144,7 +144,7 @@
+ \fBexecve\fR(2),
+ \fBtty\fR(4),
\fBpam.d\fR(5),
--\fBpam\fR(8)
-+\fBpam\fR(7)
+-\fBpam\fR(8),
++\fBpam\fR(7),
+ \fBselinux\fR(8)
.SH "AUTHOR"
.PP
- pam_selinux was written by Dan Walsh <dwalsh@redhat\&.com>\&.
Index: pam.debian/modules/pam_selinux/pam_selinux.8.xml
===================================================================
--- pam.debian.orig/modules/pam_selinux/pam_selinux.8.xml
+++ pam.debian/modules/pam_selinux/pam_selinux.8.xml
-@@ -226,7 +226,7 @@
+@@ -258,7 +258,7 @@
<refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum>
- </citerefentry>
- </para>
- </refsect1>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>selinux</refentrytitle><manvolnum>8</manvolnum>
Index: pam.debian/modules/pam_sepermit/pam_sepermit.8
===================================================================
--- pam.debian.orig/modules/pam_sepermit/pam_sepermit.8
@@ -986,7 +1001,7 @@ Index: pam.debian/modules/pam_succeed_if/pam_succeed_if.8
===================================================================
--- pam.debian.orig/modules/pam_succeed_if/pam_succeed_if.8
+++ pam.debian/modules/pam_succeed_if/pam_succeed_if.8
-@@ -217,7 +217,7 @@
+@@ -220,7 +220,7 @@
.SH "SEE ALSO"
.PP
\fBglob\fR(7),
@@ -999,7 +1014,7 @@ Index: pam.debian/modules/pam_succeed_if/pam_succeed_if.8.xml
===================================================================
--- pam.debian.orig/modules/pam_succeed_if/pam_succeed_if.8.xml
+++ pam.debian/modules/pam_succeed_if/pam_succeed_if.8.xml
-@@ -294,7 +294,7 @@
+@@ -295,7 +295,7 @@
<refentrytitle>glob</refentrytitle><manvolnum>7</manvolnum>
</citerefentry>,
<citerefentry>
@@ -1064,7 +1079,7 @@ Index: pam.debian/modules/pam_umask/pam_umask.8
===================================================================
--- pam.debian.orig/modules/pam_umask/pam_umask.8
+++ pam.debian/modules/pam_umask/pam_umask.8
-@@ -171,7 +171,7 @@
+@@ -150,7 +150,7 @@
.PP
\fBpam.conf\fR(5),
\fBpam.d\fR(5),
@@ -1077,7 +1092,7 @@ Index: pam.debian/modules/pam_umask/pam_umask.8.xml
===================================================================
--- pam.debian.orig/modules/pam_umask/pam_umask.8.xml
+++ pam.debian/modules/pam_umask/pam_umask.8.xml
-@@ -204,7 +204,7 @@
+@@ -201,7 +201,7 @@
<refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
@@ -1090,8 +1105,8 @@ Index: pam.debian/modules/pam_unix/pam_unix.8
===================================================================
--- pam.debian.orig/modules/pam_unix/pam_unix.8
+++ pam.debian/modules/pam_unix/pam_unix.8
-@@ -263,7 +263,7 @@
- .PP
+@@ -269,7 +269,7 @@
+ \fBlogin.defs\fR(5),
\fBpam.conf\fR(5),
\fBpam.d\fR(5),
-\fBpam\fR(8)
@@ -1103,7 +1118,7 @@ Index: pam.debian/modules/pam_unix/pam_unix.8.xml
===================================================================
--- pam.debian.orig/modules/pam_unix/pam_unix.8.xml
+++ pam.debian/modules/pam_unix/pam_unix.8.xml
-@@ -487,7 +487,7 @@
+@@ -494,7 +494,7 @@
<refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>