From 5bbcd8f9bad73877325151b2024c6cdd858174b5 Mon Sep 17 00:00:00 2001 From: Steve Langasek Date: Tue, 22 Jan 2019 15:21:19 -0800 Subject: Refresh patches --- debian/patches-applied/007_modules_pam_unix | 115 +-- .../patches-applied/008_modules_pam_limits_chroot | 42 +- debian/patches-applied/021_nis_cleanup | 28 +- .../022_pam_unix_group_time_miscfixes | 8 +- .../026_pam_unix_passwd_unknown_user | 12 +- .../027_pam_limits_better_init_allow_explicit_root | 54 +- debian/patches-applied/031_pam_include | 6 +- .../patches-applied/032_pam_limits_EPERM_NOT_FATAL | 8 +- .../036_pam_wheel_getlogin_considered_harmful | 26 +- debian/patches-applied/040_pam_limits_log_failure | 8 +- .../045_pam_dispatch_jump_is_ignore | 11 +- .../054_pam_security_abstract_securetty_handling | 18 +- debian/patches-applied/055_pam_unix_nullok_secure | 104 +- debian/patches-applied/PAM-manpage-section | 1026 ++++++++++++-------- debian/patches-applied/README-rebuild | 146 --- debian/patches-applied/cve-2010-4708.patch | 39 +- debian/patches-applied/cve-2013-7041.patch | 44 - debian/patches-applied/cve-2014-2583.patch | 47 - debian/patches-applied/cve-2015-3238.patch | 213 ---- .../patches-applied/do_not_check_nis_accidentally | 8 +- debian/patches-applied/hurd_no_setfsuid | 6 +- .../patches-applied/lib_security_multiarch_compat | 16 +- .../make_documentation_reproducible.patch | 12 +- debian/patches-applied/no_PATH_MAX_on_hurd | 6 +- .../pam-limits-nofile-fd-setsize-cap | 8 +- debian/patches-applied/pam-loginuid-in-containers | 146 --- .../pam_namespace_fix_bashism.patch | 61 -- .../pam_unix_dont_trust_chkpwd_caller.patch | 6 +- .../pam_unix_fix_sgid_shadow_auth.patch | 8 +- debian/patches-applied/series | 6 - debian/patches-applied/update-motd | 33 +- 31 files changed, 855 insertions(+), 1416 deletions(-) delete mode 100644 debian/patches-applied/README-rebuild delete mode 100644 debian/patches-applied/cve-2013-7041.patch delete mode 100644 debian/patches-applied/cve-2014-2583.patch delete mode 100644 debian/patches-applied/cve-2015-3238.patch delete mode 100644 debian/patches-applied/pam-loginuid-in-containers delete mode 100644 debian/patches-applied/pam_namespace_fix_bashism.patch (limited to 'debian/patches-applied') diff --git a/debian/patches-applied/007_modules_pam_unix b/debian/patches-applied/007_modules_pam_unix index d88bb979..ae00a79d 100644 --- a/debian/patches-applied/007_modules_pam_unix +++ b/debian/patches-applied/007_modules_pam_unix @@ -1,8 +1,8 @@ -Index: pam.debian/modules/pam_unix/pam_unix_passwd.c +Index: pam/modules/pam_unix/pam_unix_passwd.c =================================================================== ---- pam.debian.orig/modules/pam_unix/pam_unix_passwd.c -+++ pam.debian/modules/pam_unix/pam_unix_passwd.c -@@ -102,6 +102,9 @@ +--- pam.orig/modules/pam_unix/pam_unix_passwd.c ++++ pam/modules/pam_unix/pam_unix_passwd.c +@@ -98,6 +98,9 @@ # endif /* GNU libc 2.1 */ #endif @@ -12,7 +12,7 @@ Index: pam.debian/modules/pam_unix/pam_unix_passwd.c /* How it works: Gets in username (has to be done) from the calling program -@@ -521,6 +524,11 @@ +@@ -593,6 +596,11 @@ return retval; } } @@ -24,7 +24,7 @@ Index: pam.debian/modules/pam_unix/pam_unix_passwd.c } if (remark) { _make_remark(pamh, ctrl, PAM_ERROR_MSG, remark); -@@ -536,7 +544,7 @@ +@@ -608,7 +616,7 @@ int retval; int remember = -1; int rounds = -1; @@ -33,22 +33,22 @@ Index: pam.debian/modules/pam_unix/pam_unix_passwd.c /* */ const char *user; -Index: pam.debian/modules/pam_unix/support.h +Index: pam/modules/pam_unix/support.h =================================================================== ---- pam.debian.orig/modules/pam_unix/support.h -+++ pam.debian/modules/pam_unix/support.h -@@ -97,8 +97,9 @@ - password hash algorithms */ - #define UNIX_BLOWFISH_PASS 26 /* new password hashes will use blowfish */ - #define UNIX_MIN_PASS_LEN 27 /* min length for password */ -+#define UNIX_OBSCURE_CHECKS 28 /* enable obscure checks on passwords */ +--- pam.orig/modules/pam_unix/support.h ++++ pam/modules/pam_unix/support.h +@@ -98,8 +98,9 @@ + #define UNIX_QUIET 28 /* Don't print informational messages */ + #define UNIX_NO_PASS_EXPIRY 29 /* Don't check for password expiration if not used for authentication */ + #define UNIX_DES 30 /* DES, default */ ++#define UNIX_OBSCURE_CHECKS 31 /* enable obscure checks on passwords */ /* -------------- */ --#define UNIX_CTRLS_ 28 /* number of ctrl arguments defined */ -+#define UNIX_CTRLS_ 29 /* number of ctrl arguments defined */ +-#define UNIX_CTRLS_ 31 /* number of ctrl arguments defined */ ++#define UNIX_CTRLS_ 32 /* number of ctrl arguments defined */ #define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl)) -@@ -107,34 +108,35 @@ +@@ -108,37 +109,38 @@ /* symbol token name ctrl mask ctrl * * ----------------------- ------------------- --------------------- -------- */ @@ -58,7 +58,7 @@ Index: pam.debian/modules/pam_unix/support.h -/* UNIX_AUDIT */ {"audit", _ALL_ON_, 010, 0}, -/* UNIX_USE_FIRST_PASS */ {"use_first_pass", _ALL_ON_^(060), 020, 0}, -/* UNIX_TRY_FIRST_PASS */ {"try_first_pass", _ALL_ON_^(060), 040, 0}, --/* UNIX_NOT_SET_PASS */ {"not_set_pass", _ALL_ON_, 0100, 0}, +-/* UNIX_AUTHTOK_TYPE */ {"authtok_type=", _ALL_ON_, 0100, 0}, -/* UNIX__PRELIM */ {NULL, _ALL_ON_^(0600), 0200, 0}, -/* UNIX__UPDATE */ {NULL, _ALL_ON_^(0600), 0400, 0}, -/* UNIX__NONULL */ {NULL, _ALL_ON_, 01000, 0}, @@ -80,13 +80,16 @@ Index: pam.debian/modules/pam_unix/support.h -/* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0100000000, 0}, -/* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0260420000), 0200000000, 1}, -/* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0400000000, 0}, +-/* UNIX_QUIET */ {"quiet", _ALL_ON_, 01000000000, 0}, +-/* UNIX_NO_PASS_EXPIRY */ {"no_pass_expiry", _ALL_ON_, 02000000000, 0}, +-/* UNIX_DES */ {"des", _ALL_ON_^(0260420000), 0, 1}, +/* UNIX__OLD_PASSWD */ {NULL, _ALL_ON_, 0x1, 0}, +/* UNIX__VERIFY_PASSWD */ {NULL, _ALL_ON_, 0x2, 0}, +/* UNIX__IAMROOT */ {NULL, _ALL_ON_, 0x4, 0}, +/* UNIX_AUDIT */ {"audit", _ALL_ON_, 0x8, 0}, +/* UNIX_USE_FIRST_PASS */ {"use_first_pass", _ALL_ON_^(0x30), 0x10, 0}, +/* UNIX_TRY_FIRST_PASS */ {"try_first_pass", _ALL_ON_^(0x30), 0x20, 0}, -+/* UNIX_NOT_SET_PASS */ {"not_set_pass", _ALL_ON_, 0x40, 0}, ++/* UNIX_AUTHTOK_TYPE */ {"authtok_type=", _ALL_ON_, 0x40, 0}, +/* UNIX__PRELIM */ {NULL, _ALL_ON_^(0x180), 0x80, 0}, +/* UNIX__UPDATE */ {NULL, _ALL_ON_^(0x180), 0x100, 0}, +/* UNIX__NONULL */ {NULL, _ALL_ON_, 0x200, 0}, @@ -108,15 +111,18 @@ Index: pam.debian/modules/pam_unix/support.h +/* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0x1000000, 0}, +/* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0x2C22000),0x2000000, 1}, +/* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0x4000000, 0}, -+/* UNIX_OBSCURE_CHECKS */ {"obscure", _ALL_ON_, 0x8000000, 0}, ++/* UNIX_QUIET */ {"quiet", _ALL_ON_, 0x8000000, 0}, ++/* UNIX_NO_PASS_EXPIRY */ {"no_pass_expiry", _ALL_ON_, 0x10000000, 0}, ++/* UNIX_DES */ {"des", _ALL_ON_^(0x2C22000), 0, 1}, ++/* UNIX_OBSCURE_CHECKS */ {"obscure", _ALL_ON_, 0x20000000, 0}, }; #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) -Index: pam.debian/modules/pam_unix/pam_unix.8.xml +Index: pam/modules/pam_unix/pam_unix.8.xml =================================================================== ---- pam.debian.orig/modules/pam_unix/pam_unix.8.xml -+++ pam.debian/modules/pam_unix/pam_unix.8.xml -@@ -337,8 +337,81 @@ +--- pam.orig/modules/pam_unix/pam_unix.8.xml ++++ pam/modules/pam_unix/pam_unix.8.xml +@@ -361,8 +361,81 @@ Set a minimum password length of n @@ -200,10 +206,10 @@ Index: pam.debian/modules/pam_unix/pam_unix.8.xml -Index: pam.debian/modules/pam_unix/obscure.c +Index: pam/modules/pam_unix/obscure.c =================================================================== --- /dev/null -+++ pam.debian/modules/pam_unix/obscure.c ++++ pam/modules/pam_unix/obscure.c @@ -0,0 +1,198 @@ +/* + * Copyright 1989 - 1994, Julianne Frances Haugh @@ -403,24 +409,24 @@ Index: pam.debian/modules/pam_unix/obscure.c + + return msg; +} -Index: pam.debian/modules/pam_unix/Makefile.am +Index: pam/modules/pam_unix/Makefile.am =================================================================== ---- pam.debian.orig/modules/pam_unix/Makefile.am -+++ pam.debian/modules/pam_unix/Makefile.am -@@ -43,7 +43,7 @@ +--- pam.orig/modules/pam_unix/Makefile.am ++++ pam/modules/pam_unix/Makefile.am +@@ -42,7 +42,7 @@ pam_unix_la_SOURCES = bigcrypt.c pam_unix_acct.c \ pam_unix_auth.c pam_unix_passwd.c pam_unix_sess.c support.c \ - passverify.c yppasswd_xdr.c md5_good.c md5_broken.c + passverify.c yppasswd_xdr.c md5_good.c md5_broken.c obscure.c - if STATIC_MODULES - pam_unix_la_SOURCES += pam_unix_static.c - endif -Index: pam.debian/modules/pam_unix/pam_unix.8 + + bigcrypt_SOURCES = bigcrypt.c bigcrypt_main.c + bigcrypt_CFLAGS = $(AM_CFLAGS) +Index: pam/modules/pam_unix/pam_unix.8 =================================================================== ---- pam.debian.orig/modules/pam_unix/pam_unix.8 -+++ pam.debian/modules/pam_unix/pam_unix.8 -@@ -183,7 +183,38 @@ +--- pam.orig/modules/pam_unix/pam_unix.8 ++++ pam/modules/pam_unix/pam_unix.8 +@@ -193,7 +193,38 @@ .RS 4 Set a minimum password length of \fIn\fR @@ -459,33 +465,12 @@ Index: pam.debian/modules/pam_unix/pam_unix.8 +.sp .RE .PP - Invalid arguments are logged with -diff --git a/modules/pam_unix/README b/modules/pam_unix/README -index 26c06e23..a1289409 100644 ---- a/modules/pam_unix/README -+++ b/modules/pam_unix/README -@@ -12,9 +12,9 @@ shadow file as well if shadow is enabled. - The account component performs the task of establishing the status of the - user's account and password based on the following shadow elements: expire, - last_change, max_change, min_change, warn_change. In the case of the latter, it --may offer advice to the user on changing their password or, through the -+may offer advice to the user on changing their password or, through the - PAM_AUTHTOKEN_REQD return, delay giving service to the user until they have --established a new password. The entries listed above are documented in the -+established a new password. The entries listed above are documented in the - shadow(5) manual page. Should the user's record not contain one or more of - these entries, the corresponding shadow check is not performed. - -@@ -100,7 +100,7 @@ remember=n - - The last n passwords for each user are saved in /etc/security/opasswd in - order to force password change history and keep the user from alternating -- between the same password too frequently. Instead of this option the -+ between the same password too frequently. Instead of this option the - pam_pwhistory module should be used. - - shadow -@@ -146,8 +146,40 @@ broken_shadow + \fBno_pass_expiry\fR +Index: pam/modules/pam_unix/README +=================================================================== +--- pam.orig/modules/pam_unix/README ++++ pam/modules/pam_unix/README +@@ -155,8 +155,40 @@ minlen=n @@ -526,5 +511,5 @@ index 26c06e23..a1289409 100644 + Is the new password a rotated version of the old password? (E.g., + "billy" and "illyb") - Invalid arguments are logged with syslog(3). + no_pass_expiry diff --git a/debian/patches-applied/008_modules_pam_limits_chroot b/debian/patches-applied/008_modules_pam_limits_chroot index fd4fc3a8..acbdc1a9 100644 --- a/debian/patches-applied/008_modules_pam_limits_chroot +++ b/debian/patches-applied/008_modules_pam_limits_chroot @@ -1,8 +1,8 @@ -Index: pam.debian/modules/pam_limits/pam_limits.c +Index: pam/modules/pam_limits/pam_limits.c =================================================================== ---- pam.debian.orig/modules/pam_limits/pam_limits.c -+++ pam.debian/modules/pam_limits/pam_limits.c -@@ -87,6 +87,7 @@ +--- pam.orig/modules/pam_limits/pam_limits.c ++++ pam/modules/pam_limits/pam_limits.c +@@ -88,6 +88,7 @@ int flag_numsyslogins; /* whether to limit logins only for a specific user or to count all logins */ int priority; /* the priority to run user process with */ @@ -10,7 +10,7 @@ Index: pam.debian/modules/pam_limits/pam_limits.c struct user_limits_struct limits[RLIM_NLIMITS]; const char *conf_file; int utmp_after_pam_call; -@@ -97,6 +98,7 @@ +@@ -98,6 +99,7 @@ #define LIMIT_NUMSYSLOGINS RLIM_NLIMITS+2 #define LIMIT_PRI RLIM_NLIMITS+3 @@ -18,7 +18,7 @@ Index: pam.debian/modules/pam_limits/pam_limits.c #define LIMIT_SOFT 1 #define LIMIT_HARD 2 -@@ -472,6 +474,8 @@ +@@ -484,6 +486,8 @@ pl->login_limit = -2; pl->login_limit_def = LIMITS_DEF_NONE; @@ -27,7 +27,7 @@ Index: pam.debian/modules/pam_limits/pam_limits.c return retval; } -@@ -542,6 +546,8 @@ +@@ -554,6 +558,8 @@ pl->flag_numsyslogins = 1; } else if (strcmp(lim_item, "priority") == 0) { limit_item = LIMIT_PRI; @@ -36,7 +36,7 @@ Index: pam.debian/modules/pam_limits/pam_limits.c } else { pam_syslog(pamh, LOG_DEBUG, "unknown limit item '%s'", lim_item); return; -@@ -579,9 +585,9 @@ +@@ -591,9 +597,9 @@ pam_syslog(pamh, LOG_DEBUG, "wrong limit value '%s' for limit type '%s'", lim_value, lim_type); @@ -48,7 +48,7 @@ Index: pam.debian/modules/pam_limits/pam_limits.c #ifdef __USE_FILE_OFFSET64 rlimit_value = strtoull (lim_value, &endptr, 10); #else -@@ -642,7 +648,11 @@ +@@ -654,7 +660,11 @@ #endif } @@ -61,7 +61,7 @@ Index: pam.debian/modules/pam_limits/pam_limits.c && (limit_item != LIMIT_NUMSYSLOGINS) && (limit_item != LIMIT_PRI) ) { if (limit_type & LIMIT_SOFT) { -@@ -986,6 +996,15 @@ +@@ -998,6 +1008,15 @@ retval |= LOGIN_ERR; } @@ -77,11 +77,11 @@ Index: pam.debian/modules/pam_limits/pam_limits.c return retval; } -Index: pam.debian/modules/pam_limits/limits.conf.5.xml +Index: pam/modules/pam_limits/limits.conf.5.xml =================================================================== ---- pam.debian.orig/modules/pam_limits/limits.conf.5.xml -+++ pam.debian/modules/pam_limits/limits.conf.5.xml -@@ -255,6 +255,12 @@ +--- pam.orig/modules/pam_limits/limits.conf.5.xml ++++ pam/modules/pam_limits/limits.conf.5.xml +@@ -266,6 +266,12 @@ (Linux 2.6.12 and higher) @@ -94,11 +94,11 @@ Index: pam.debian/modules/pam_limits/limits.conf.5.xml -Index: pam.debian/modules/pam_limits/limits.conf.5 +Index: pam/modules/pam_limits/limits.conf.5 =================================================================== ---- pam.debian.orig/modules/pam_limits/limits.conf.5 -+++ pam.debian/modules/pam_limits/limits.conf.5 -@@ -260,6 +260,11 @@ +--- pam.orig/modules/pam_limits/limits.conf.5 ++++ pam/modules/pam_limits/limits.conf.5 +@@ -271,6 +271,11 @@ .RS 4 maximum realtime priority allowed for non\-privileged processes (Linux 2\&.6\&.12 and higher) .RE @@ -110,10 +110,10 @@ Index: pam.debian/modules/pam_limits/limits.conf.5 .RE .PP All items support the values -Index: pam.debian/modules/pam_limits/limits.conf +Index: pam/modules/pam_limits/limits.conf =================================================================== ---- pam.debian.orig/modules/pam_limits/limits.conf -+++ pam.debian/modules/pam_limits/limits.conf +--- pam.orig/modules/pam_limits/limits.conf ++++ pam/modules/pam_limits/limits.conf @@ -35,6 +35,7 @@ # - msgqueue - max memory used by POSIX message queues (bytes) # - nice - max nice priority allowed to raise to values: [-20, 19] diff --git a/debian/patches-applied/021_nis_cleanup b/debian/patches-applied/021_nis_cleanup index 6b62bb7a..f05c7103 100644 --- a/debian/patches-applied/021_nis_cleanup +++ b/debian/patches-applied/021_nis_cleanup @@ -3,31 +3,11 @@ Patch from Philippe Troin Originally this included a bunch of changes to locking, but the more recent code pulled from Linux_pam CVS seems to fix that issue. -Index: pam.deb/modules/pam_unix/pam_unix_passwd.c +Index: pam/modules/pam_unix/pam_unix_passwd.c =================================================================== ---- pam.deb.orig/modules/pam_unix/pam_unix_passwd.c -+++ pam.deb/modules/pam_unix/pam_unix_passwd.c -@@ -577,7 +577,7 @@ - - if (_unix_blankpasswd(pamh, ctrl, user)) { - return PAM_SUCCESS; -- } else if (off(UNIX__IAMROOT, ctrl)) { -+ } else if (off(UNIX__IAMROOT, ctrl) || on(UNIX_NIS, ctrl)) { - /* instruct user what is happening */ - if (asprintf(&Announce, _("Changing password for %s."), - user) < 0) { -@@ -590,7 +590,9 @@ - set(UNIX__OLD_PASSWD, lctrl); - retval = _unix_read_password(pamh, lctrl - ,Announce -- ,_("(current) UNIX password: ") -+ ,(on(UNIX__IAMROOT, ctrl) -+ ? _("NIS server root password: ") -+ : _("(current) UNIX password: ")) - ,NULL - ,_UNIX_OLD_AUTHTOK - ,&pass_old); -@@ -601,9 +603,12 @@ +--- pam.orig/modules/pam_unix/pam_unix_passwd.c ++++ pam/modules/pam_unix/pam_unix_passwd.c +@@ -708,9 +708,12 @@ "password - (old) token not obtained"); return retval; } diff --git a/debian/patches-applied/022_pam_unix_group_time_miscfixes b/debian/patches-applied/022_pam_unix_group_time_miscfixes index 73cba7a2..b940aa27 100644 --- a/debian/patches-applied/022_pam_unix_group_time_miscfixes +++ b/debian/patches-applied/022_pam_unix_group_time_miscfixes @@ -2,11 +2,11 @@ Description: handle the case of flags being empty or only PAM_SILENT, which is documented in other PAM implementations as meaning PAM_ESTABLISH_CRED: http://publib.boulder.ibm.com/infocenter/aix/v6r1/index.jsp?topic=%2Fcom.ibm.aix.basetechref%2Fdoc%2Fbasetrf1%2Fpam_setcred.htm -Index: pam.deb/modules/pam_group/pam_group.c +Index: pam/modules/pam_group/pam_group.c =================================================================== ---- pam.deb.orig/modules/pam_group/pam_group.c -+++ pam.deb/modules/pam_group/pam_group.c -@@ -765,9 +765,12 @@ +--- pam.orig/modules/pam_group/pam_group.c ++++ pam/modules/pam_group/pam_group.c +@@ -761,9 +761,12 @@ unsigned setting; /* only interested in establishing credentials */ diff --git a/debian/patches-applied/026_pam_unix_passwd_unknown_user b/debian/patches-applied/026_pam_unix_passwd_unknown_user index 1b1aade2..99ac3f62 100644 --- a/debian/patches-applied/026_pam_unix_passwd_unknown_user +++ b/debian/patches-applied/026_pam_unix_passwd_unknown_user @@ -1,11 +1,11 @@ Description: distinguish between password manipulation failure and missing user. Author: Martin Schwenke -Index: pam.deb/modules/pam_unix/passverify.c +Index: pam/modules/pam_unix/passverify.c =================================================================== ---- pam.deb.orig/modules/pam_unix/passverify.c -+++ pam.deb/modules/pam_unix/passverify.c -@@ -719,7 +719,7 @@ +--- pam.orig/modules/pam_unix/passverify.c ++++ pam/modules/pam_unix/passverify.c +@@ -749,7 +749,7 @@ struct passwd *tmpent = NULL; struct stat st; FILE *pwfile, *opwfile; @@ -14,7 +14,7 @@ Index: pam.deb/modules/pam_unix/passverify.c int oldmask; #ifdef WITH_SELINUX security_context_t prev_context=NULL; -@@ -790,6 +790,7 @@ +@@ -820,6 +820,7 @@ tmpent->pw_passwd = assigned_passwd.charp; err = 0; @@ -22,7 +22,7 @@ Index: pam.deb/modules/pam_unix/passverify.c } if (putpwent(tmpent, pwfile)) { D(("error writing entry to password file: %m")); -@@ -832,7 +833,7 @@ +@@ -862,7 +863,7 @@ return PAM_SUCCESS; } else { unlink(PW_TMPFILE); diff --git a/debian/patches-applied/027_pam_limits_better_init_allow_explicit_root b/debian/patches-applied/027_pam_limits_better_init_allow_explicit_root index 717fdd5c..5ac946f5 100644 --- a/debian/patches-applied/027_pam_limits_better_init_allow_explicit_root +++ b/debian/patches-applied/027_pam_limits_better_init_allow_explicit_root @@ -13,11 +13,11 @@ Author: Peter Paluch , Ben Collins , Steve Langasek , Bug-Debian: http://bugs.debian.org/63230 -Index: pam.debian/modules/pam_limits/pam_limits.c +Index: pam/modules/pam_limits/pam_limits.c =================================================================== ---- pam.debian.orig/modules/pam_limits/pam_limits.c -+++ pam.debian/modules/pam_limits/pam_limits.c -@@ -45,6 +45,14 @@ +--- pam.orig/modules/pam_limits/pam_limits.c ++++ pam/modules/pam_limits/pam_limits.c +@@ -46,6 +46,14 @@ #include #endif @@ -32,7 +32,7 @@ Index: pam.debian/modules/pam_limits/pam_limits.c /* Module defines */ #define LINE_LENGTH 1024 -@@ -82,6 +90,7 @@ +@@ -83,6 +91,7 @@ /* internal data */ struct pam_limit_s { @@ -40,7 +40,7 @@ Index: pam.debian/modules/pam_limits/pam_limits.c int login_limit; /* the max logins limit */ int login_limit_def; /* which entry set the login limit */ int flag_numsyslogins; /* whether to limit logins only for a -@@ -436,9 +445,18 @@ +@@ -448,9 +457,18 @@ { int i; int retval = PAM_SUCCESS; @@ -59,7 +59,7 @@ Index: pam.debian/modules/pam_limits/pam_limits.c for(i = 0; i < RLIM_NLIMITS; i++) { int r = getrlimit(i, &pl->limits[i].limit); if (r == -1) { -@@ -454,18 +472,68 @@ +@@ -466,18 +484,68 @@ } #ifdef __linux__ @@ -134,7 +134,7 @@ Index: pam.debian/modules/pam_limits/pam_limits.c errno = 0; pl->priority = getpriority (PRIO_PROCESS, 0); -@@ -804,7 +872,7 @@ +@@ -816,7 +884,7 @@ if (strcmp(uname, domain) == 0) /* this user have a limit */ process_limit(pamh, LIMITS_DEF_USER, ltype, item, value, ctrl, pl); @@ -143,7 +143,7 @@ Index: pam.debian/modules/pam_limits/pam_limits.c if (ctrl & PAM_DEBUG_ARG) { pam_syslog(pamh, LOG_DEBUG, "checking if %s is in group %s", -@@ -830,7 +898,7 @@ +@@ -842,7 +910,7 @@ process_limit(pamh, LIMITS_DEF_GROUP, ltype, item, value, ctrl, pl); } @@ -152,7 +152,7 @@ Index: pam.debian/modules/pam_limits/pam_limits.c if (ctrl & PAM_DEBUG_ARG) { pam_syslog(pamh, LOG_DEBUG, "checking if %s is in group %s", -@@ -864,7 +932,7 @@ +@@ -876,7 +944,7 @@ } else { switch(rngtype) { case LIMIT_RANGE_NONE: @@ -161,7 +161,7 @@ Index: pam.debian/modules/pam_limits/pam_limits.c process_limit(pamh, LIMITS_DEF_DEFAULT, ltype, item, value, ctrl, pl); break; -@@ -1050,6 +1118,8 @@ +@@ -1062,6 +1130,8 @@ return PAM_ABORT; } @@ -170,10 +170,10 @@ Index: pam.debian/modules/pam_limits/pam_limits.c retval = parse_config_file(pamh, pwd->pw_name, pwd->pw_uid, pwd->pw_gid, ctrl, pl); if (retval == PAM_IGNORE) { D(("the configuration file ('%s') has an applicable ' -' entry", CONF_FILE)); -Index: pam.debian/modules/pam_limits/limits.conf +Index: pam/modules/pam_limits/limits.conf =================================================================== ---- pam.debian.orig/modules/pam_limits/limits.conf -+++ pam.debian/modules/pam_limits/limits.conf +--- pam.orig/modules/pam_limits/limits.conf ++++ pam/modules/pam_limits/limits.conf @@ -11,6 +11,9 @@ # - the wildcard *, for default entry # - the wildcard %, can be also used with %group syntax, @@ -192,11 +192,11 @@ Index: pam.debian/modules/pam_limits/limits.conf #* hard rss 10000 #@student hard nproc 20 #@faculty soft nproc 20 -Index: pam.debian/modules/pam_limits/limits.conf.5.xml +Index: pam/modules/pam_limits/limits.conf.5.xml =================================================================== ---- pam.debian.orig/modules/pam_limits/limits.conf.5.xml -+++ pam.debian/modules/pam_limits/limits.conf.5.xml -@@ -88,6 +88,11 @@ +--- pam.orig/modules/pam_limits/limits.conf.5.xml ++++ pam/modules/pam_limits/limits.conf.5.xml +@@ -96,6 +96,11 @@ @@ -208,7 +208,7 @@ Index: pam.debian/modules/pam_limits/limits.conf.5.xml -@@ -309,6 +314,7 @@ +@@ -323,6 +328,7 @@ * soft core 0 @@ -216,11 +216,11 @@ Index: pam.debian/modules/pam_limits/limits.conf.5.xml * hard nofile 512 @student hard nproc 20 @faculty soft nproc 20 -Index: pam.debian/modules/pam_limits/limits.conf.5 +Index: pam/modules/pam_limits/limits.conf.5 =================================================================== ---- pam.debian.orig/modules/pam_limits/limits.conf.5 -+++ pam.debian/modules/pam_limits/limits.conf.5 -@@ -132,6 +132,10 @@ +--- pam.orig/modules/pam_limits/limits.conf.5 ++++ pam/modules/pam_limits/limits.conf.5 +@@ -142,6 +142,10 @@ \fB%:\fR\fI\fR applicable to maxlogins limit only\&. It limits the total number of logins of all users that are member of the group with the specified gid\&. .RE @@ -231,7 +231,7 @@ Index: pam.debian/modules/pam_limits/limits.conf.5 .RE .PP \fB\fR -@@ -304,6 +308,7 @@ +@@ -317,6 +321,7 @@ .\} .nf * soft core 0 @@ -239,10 +239,10 @@ Index: pam.debian/modules/pam_limits/limits.conf.5 * hard nofile 512 @student hard nproc 20 @faculty soft nproc 20 -Index: pam.debian/modules/pam_limits/README +Index: pam/modules/pam_limits/README =================================================================== ---- pam.debian.orig/modules/pam_limits/README -+++ pam.debian/modules/pam_limits/README +--- pam.orig/modules/pam_limits/README ++++ pam/modules/pam_limits/README @@ -54,6 +54,7 @@ limits.conf. diff --git a/debian/patches-applied/031_pam_include b/debian/patches-applied/031_pam_include index da689047..1948f894 100644 --- a/debian/patches-applied/031_pam_include +++ b/debian/patches-applied/031_pam_include @@ -4,10 +4,10 @@ Authors: Jan Christoph Nordholz Upstream status: not yet submitted -Index: pam.debian/libpam/pam_handlers.c +Index: pam/libpam/pam_handlers.c =================================================================== ---- pam.debian.orig/libpam/pam_handlers.c -+++ pam.debian/libpam/pam_handlers.c +--- pam.orig/libpam/pam_handlers.c ++++ pam/libpam/pam_handlers.c @@ -122,6 +122,10 @@ module_type = PAM_T_ACCT; } else if (!strcasecmp("password", tok)) { diff --git a/debian/patches-applied/032_pam_limits_EPERM_NOT_FATAL b/debian/patches-applied/032_pam_limits_EPERM_NOT_FATAL index 58fab0ee..d5ce6953 100644 --- a/debian/patches-applied/032_pam_limits_EPERM_NOT_FATAL +++ b/debian/patches-applied/032_pam_limits_EPERM_NOT_FATAL @@ -7,11 +7,11 @@ Authors: ? Upstream status: submitted in <20070830171918.GB30563@dario.dodds.net> -Index: pam.deb/modules/pam_limits/pam_limits.c +Index: pam/modules/pam_limits/pam_limits.c =================================================================== ---- pam.deb.orig/modules/pam_limits/pam_limits.c -+++ pam.deb/modules/pam_limits/pam_limits.c -@@ -735,6 +735,8 @@ +--- pam.orig/modules/pam_limits/pam_limits.c ++++ pam/modules/pam_limits/pam_limits.c +@@ -1046,6 +1046,8 @@ if (res != 0) pam_syslog(pamh, LOG_ERR, "Could not set limit for '%s': %m", rlimit2str(i)); diff --git a/debian/patches-applied/036_pam_wheel_getlogin_considered_harmful b/debian/patches-applied/036_pam_wheel_getlogin_considered_harmful index 146d3e0a..ca465d99 100644 --- a/debian/patches-applied/036_pam_wheel_getlogin_considered_harmful +++ b/debian/patches-applied/036_pam_wheel_getlogin_considered_harmful @@ -8,10 +8,10 @@ Authors: Ben Collins Upstream status: submitted in <20070901175405.GA26092@dario.dodds.net> -Index: pam.debian/modules/pam_wheel/pam_wheel.c +Index: pam/modules/pam_wheel/pam_wheel.c =================================================================== ---- pam.debian.orig/modules/pam_wheel/pam_wheel.c -+++ pam.debian/modules/pam_wheel/pam_wheel.c +--- pam.orig/modules/pam_wheel/pam_wheel.c ++++ pam/modules/pam_wheel/pam_wheel.c @@ -60,9 +60,8 @@ /* argument parsing */ @@ -68,10 +68,10 @@ Index: pam.debian/modules/pam_wheel/pam_wheel.c /* * At this point fromsu = username-of-invoker; tpwd = pwd ptr for fromsu -Index: pam.debian/modules/pam_wheel/pam_wheel.8.xml +Index: pam/modules/pam_wheel/pam_wheel.8.xml =================================================================== ---- pam.debian.orig/modules/pam_wheel/pam_wheel.8.xml -+++ pam.debian/modules/pam_wheel/pam_wheel.8.xml +--- pam.orig/modules/pam_wheel/pam_wheel.8.xml ++++ pam/modules/pam_wheel/pam_wheel.8.xml @@ -33,9 +33,6 @@ trust @@ -82,7 +82,7 @@ Index: pam.debian/modules/pam_wheel/pam_wheel.8.xml -@@ -115,18 +112,6 @@ +@@ -116,18 +113,6 @@ @@ -101,10 +101,10 @@ Index: pam.debian/modules/pam_wheel/pam_wheel.8.xml -Index: pam.debian/modules/pam_wheel/pam_wheel.8 +Index: pam/modules/pam_wheel/pam_wheel.8 =================================================================== ---- pam.debian.orig/modules/pam_wheel/pam_wheel.8 -+++ pam.debian/modules/pam_wheel/pam_wheel.8 +--- pam.orig/modules/pam_wheel/pam_wheel.8 ++++ pam/modules/pam_wheel/pam_wheel.8 @@ -31,7 +31,7 @@ pam_wheel \- Only permit root access to members of group wheel .SH "SYNOPSIS" @@ -126,10 +126,10 @@ Index: pam.debian/modules/pam_wheel/pam_wheel.8 .SH "MODULE TYPES PROVIDED" .PP The -Index: pam.debian/modules/pam_wheel/README +Index: pam/modules/pam_wheel/README =================================================================== ---- pam.debian.orig/modules/pam_wheel/README -+++ pam.debian/modules/pam_wheel/README +--- pam.orig/modules/pam_wheel/README ++++ pam/modules/pam_wheel/README @@ -39,12 +39,6 @@ modules the wheel members may be able to su to root without being prompted for a passwd). diff --git a/debian/patches-applied/040_pam_limits_log_failure b/debian/patches-applied/040_pam_limits_log_failure index f80273e7..616887c3 100644 --- a/debian/patches-applied/040_pam_limits_log_failure +++ b/debian/patches-applied/040_pam_limits_log_failure @@ -7,11 +7,11 @@ Authors: Sam Hartman Upstream status: submitted in <20070830171918.GB30563@dario.dodds.net> -Index: pam.deb/modules/pam_limits/pam_limits.c +Index: pam/modules/pam_limits/pam_limits.c =================================================================== ---- pam.deb.orig/modules/pam_limits/pam_limits.c -+++ pam.deb/modules/pam_limits/pam_limits.c -@@ -732,9 +732,19 @@ +--- pam.orig/modules/pam_limits/pam_limits.c ++++ pam/modules/pam_limits/pam_limits.c +@@ -1043,9 +1043,19 @@ if (pl->limits[i].limit.rlim_cur > pl->limits[i].limit.rlim_max) pl->limits[i].limit.rlim_cur = pl->limits[i].limit.rlim_max; res = setrlimit(i, &pl->limits[i].limit); diff --git a/debian/patches-applied/045_pam_dispatch_jump_is_ignore b/debian/patches-applied/045_pam_dispatch_jump_is_ignore index 0e3491d3..e19a5456 100644 --- a/debian/patches-applied/045_pam_dispatch_jump_is_ignore +++ b/debian/patches-applied/045_pam_dispatch_jump_is_ignore @@ -4,11 +4,11 @@ the chain and PAM_OK (aka required) in the frozen part of the chain. No one on pam-list was able to explain this behavior, so I changed it to be consistent. -Index: pam.debian/libpam/pam_dispatch.c +Index: pam/libpam/pam_dispatch.c =================================================================== ---- pam.debian.orig/libpam/pam_dispatch.c -+++ pam.debian/libpam/pam_dispatch.c -@@ -254,19 +254,7 @@ +--- pam.orig/libpam/pam_dispatch.c ++++ pam/libpam/pam_dispatch.c +@@ -260,22 +260,7 @@ if ( _PAM_ACTION_IS_JUMP(action) ) { /* If we are evaluating a cached chain, we treat this @@ -20,6 +20,9 @@ Index: pam.debian/libpam/pam_dispatch.c - || (impression == _PAM_POSITIVE - && status == PAM_SUCCESS) ) { - if ( retval != PAM_IGNORE || cached_retval == retval ) { +- if ( impression == _PAM_UNDEF && retval == PAM_SUCCESS ) { +- h->grantor = 1; +- } - impression = _PAM_POSITIVE; - status = retval; - } diff --git a/debian/patches-applied/054_pam_security_abstract_securetty_handling b/debian/patches-applied/054_pam_security_abstract_securetty_handling index 91d6809f..96222710 100644 --- a/debian/patches-applied/054_pam_security_abstract_securetty_handling +++ b/debian/patches-applied/054_pam_security_abstract_securetty_handling @@ -1,10 +1,10 @@ Description: extract the securetty logic for use with the "nullok_secure" option introduced in the "055_pam_unix_nullok_secure" patch. -Index: pam.debian/modules/pam_securetty/pam_securetty.c +Index: pam/modules/pam_securetty/pam_securetty.c =================================================================== ---- pam.debian.orig/modules/pam_securetty/pam_securetty.c -+++ pam.debian/modules/pam_securetty/pam_securetty.c +--- pam.orig/modules/pam_securetty/pam_securetty.c ++++ pam/modules/pam_securetty/pam_securetty.c @@ -1,7 +1,5 @@ /* pam_securetty module */ @@ -87,10 +87,10 @@ Index: pam.debian/modules/pam_securetty/pam_securetty.c if (retval && !(ctrl & PAM_NOCONSOLE_ARG)) { FILE *cmdlinefile; -Index: pam.debian/modules/pam_securetty/tty_secure.c +Index: pam/modules/pam_securetty/tty_secure.c =================================================================== --- /dev/null -+++ pam.debian/modules/pam_securetty/tty_secure.c ++++ pam/modules/pam_securetty/tty_secure.c @@ -0,0 +1,90 @@ +/* + * A function to determine if a particular line is in /etc/securetty @@ -182,13 +182,13 @@ Index: pam.debian/modules/pam_securetty/tty_secure.c + + return retval; +} -Index: pam.debian/modules/pam_securetty/Makefile.am +Index: pam/modules/pam_securetty/Makefile.am =================================================================== ---- pam.debian.orig/modules/pam_securetty/Makefile.am -+++ pam.debian/modules/pam_securetty/Makefile.am +--- pam.orig/modules/pam_securetty/Makefile.am ++++ pam/modules/pam_securetty/Makefile.am @@ -24,6 +24,10 @@ securelib_LTLIBRARIES = pam_securetty.la - pam_securetty_la_LIBADD = -L$(top_builddir)/libpam -lpam + pam_securetty_la_LIBADD = $(top_builddir)/libpam/libpam.la +pam_securetty_la_SOURCES = \ + pam_securetty.c \ diff --git a/debian/patches-applied/055_pam_unix_nullok_secure b/debian/patches-applied/055_pam_unix_nullok_secure index 8c1b84c7..8a8cfdd7 100644 --- a/debian/patches-applied/055_pam_unix_nullok_secure +++ b/debian/patches-applied/055_pam_unix_nullok_secure @@ -7,11 +7,11 @@ Authors: Sam Hartman , Upstream status: not yet submitted -Index: pam.debian/modules/pam_unix/support.c +Index: pam/modules/pam_unix/support.c =================================================================== ---- pam.debian.orig/modules/pam_unix/support.c -+++ pam.debian/modules/pam_unix/support.c -@@ -189,13 +189,22 @@ +--- pam.orig/modules/pam_unix/support.c ++++ pam/modules/pam_unix/support.c +@@ -183,13 +183,22 @@ /* now parse the arguments to this module */ for (; argc-- > 0; ++argv) { @@ -37,20 +37,19 @@ Index: pam.debian/modules/pam_unix/support.c } } -@@ -565,6 +574,7 @@ +@@ -558,6 +567,7 @@ + /* fork */ child = fork(); if (child == 0) { - int i=0; -+ int nullok = off(UNIX__NONULL, ctrl); - struct rlimit rlim; ++ int nullok = off(UNIX__NONULL, ctrl); static char *envp[] = { NULL }; - char *args[] = { NULL, NULL, NULL, NULL }; -@@ -595,7 +605,18 @@ + const char *args[] = { NULL, NULL, NULL, NULL }; + +@@ -587,7 +597,17 @@ /* exec binary helper */ - args[0] = strdup(CHKPWD_HELPER); - args[1] = x_strdup(user); + args[0] = CHKPWD_HELPER; + args[1] = user; - if (off(UNIX__NONULL, ctrl)) { /* this means we've succeeded */ -+ + if (on(UNIX_NULLOK_SECURE, ctrl)) { + const void *uttyname; + retval = pam_get_item(pamh, PAM_TTY, &uttyname); @@ -62,10 +61,10 @@ Index: pam.debian/modules/pam_unix/support.c + } + + if (nullok) { - args[2]=strdup("nullok"); + args[2]="nullok"; } else { - args[2]=strdup("nonull"); -@@ -675,6 +696,17 @@ + args[2]="nonull"; +@@ -672,6 +692,17 @@ if (on(UNIX__NONULL, ctrl)) return 0; /* will fail but don't let on yet */ @@ -83,7 +82,7 @@ Index: pam.debian/modules/pam_unix/support.c /* UNIX passwords area */ retval = get_pwd_hash(pamh, name, &pwd, &salt); -@@ -761,7 +793,8 @@ +@@ -758,7 +789,8 @@ } } } else { @@ -93,23 +92,24 @@ Index: pam.debian/modules/pam_unix/support.c } if (retval == PAM_SUCCESS) { -Index: pam.debian/modules/pam_unix/support.h +Index: pam/modules/pam_unix/support.h =================================================================== ---- pam.debian.orig/modules/pam_unix/support.h -+++ pam.debian/modules/pam_unix/support.h -@@ -98,8 +98,9 @@ - #define UNIX_BLOWFISH_PASS 26 /* new password hashes will use blowfish */ - #define UNIX_MIN_PASS_LEN 27 /* min length for password */ - #define UNIX_OBSCURE_CHECKS 28 /* enable obscure checks on passwords */ -+#define UNIX_NULLOK_SECURE 29 /* NULL passwords allowed only on secure ttys */ +--- pam.orig/modules/pam_unix/support.h ++++ pam/modules/pam_unix/support.h +@@ -99,8 +99,10 @@ + #define UNIX_NO_PASS_EXPIRY 29 /* Don't check for password expiration if not used for authentication */ + #define UNIX_DES 30 /* DES, default */ + #define UNIX_OBSCURE_CHECKS 31 /* enable obscure checks on passwords */ ++#define UNIX_NULLOK_SECURE 32 /* NULL passwords allowed only on secure ttys */ ++ /* -------------- */ --#define UNIX_CTRLS_ 29 /* number of ctrl arguments defined */ -+#define UNIX_CTRLS_ 30 /* number of ctrl arguments defined */ +-#define UNIX_CTRLS_ 32 /* number of ctrl arguments defined */ ++#define UNIX_CTRLS_ 33 /* number of ctrl arguments defined */ #define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl)) -@@ -117,7 +118,7 @@ - /* UNIX_NOT_SET_PASS */ {"not_set_pass", _ALL_ON_, 0x40, 0}, +@@ -118,7 +120,7 @@ + /* UNIX_AUTHTOK_TYPE */ {"authtok_type=", _ALL_ON_, 0x40, 0}, /* UNIX__PRELIM */ {NULL, _ALL_ON_^(0x180), 0x80, 0}, /* UNIX__UPDATE */ {NULL, _ALL_ON_^(0x180), 0x100, 0}, -/* UNIX__NONULL */ {NULL, _ALL_ON_, 0x200, 0}, @@ -117,15 +117,15 @@ Index: pam.debian/modules/pam_unix/support.h /* UNIX__QUIET */ {NULL, _ALL_ON_, 0x400, 0}, /* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 0x800, 0}, /* UNIX_SHADOW */ {"shadow", _ALL_ON_, 0x1000, 0}, -@@ -137,6 +138,7 @@ - /* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0x2C22000),0x2000000, 1}, - /* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0x4000000, 0}, - /* UNIX_OBSCURE_CHECKS */ {"obscure", _ALL_ON_, 0x8000000, 0}, -+/* UNIX_NULLOK_SECURE */ {"nullok_secure", _ALL_ON_^(0x200), 0x10000000, 0}, +@@ -141,6 +143,7 @@ + /* UNIX_NO_PASS_EXPIRY */ {"no_pass_expiry", _ALL_ON_, 0x10000000, 0}, + /* UNIX_DES */ {"des", _ALL_ON_^(0x2C22000), 0, 1}, + /* UNIX_OBSCURE_CHECKS */ {"obscure", _ALL_ON_, 0x20000000, 0}, ++/* UNIX_NULLOK_SECURE */ {"nullok_secure", _ALL_ON_^(0x200), 0x40000000, 0}, }; #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) -@@ -172,6 +174,9 @@ +@@ -174,6 +177,9 @@ ,const char *data_name ,const void **pass); @@ -135,25 +135,25 @@ Index: pam.debian/modules/pam_unix/support.h extern int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, const char *user, int *daysleft); #endif /* _PAM_UNIX_SUPPORT_H */ -Index: pam.debian/modules/pam_unix/Makefile.am +Index: pam/modules/pam_unix/Makefile.am =================================================================== ---- pam.debian.orig/modules/pam_unix/Makefile.am -+++ pam.debian/modules/pam_unix/Makefile.am +--- pam.orig/modules/pam_unix/Makefile.am ++++ pam/modules/pam_unix/Makefile.am @@ -30,7 +30,8 @@ pam_unix_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map endif pam_unix_la_LIBADD = $(top_builddir)/libpam/libpam.la \ -- @LIBCRYPT@ @LIBSELINUX@ $(NIS_LIBS) -+ @LIBCRYPT@ @LIBSELINUX@ $(NIS_LIBS) \ +- @LIBCRYPT@ @LIBSELINUX@ @TIRPC_LIBS@ @NSL_LIBS@ ++ @LIBCRYPT@ @LIBSELINUX@ @TIRPC_LIBS@ @NSL_LIBS@ \ + ../pam_securetty/tty_secure.lo securelib_LTLIBRARIES = pam_unix.la -Index: pam.debian/modules/pam_unix/README +Index: pam/modules/pam_unix/README =================================================================== ---- pam.debian.orig/modules/pam_unix/README -+++ pam.debian/modules/pam_unix/README -@@ -58,7 +58,16 @@ +--- pam.orig/modules/pam_unix/README ++++ pam/modules/pam_unix/README +@@ -67,7 +67,16 @@ The default action of this module is to not permit the user access to a service if their official password is blank. The nullok argument overrides @@ -171,11 +171,11 @@ Index: pam.debian/modules/pam_unix/README try_first_pass -Index: pam.debian/modules/pam_unix/pam_unix.8 +Index: pam/modules/pam_unix/pam_unix.8 =================================================================== ---- pam.debian.orig/modules/pam_unix/pam_unix.8 -+++ pam.debian/modules/pam_unix/pam_unix.8 -@@ -82,7 +82,14 @@ +--- pam.orig/modules/pam_unix/pam_unix.8 ++++ pam/modules/pam_unix/pam_unix.8 +@@ -92,7 +92,14 @@ .RS 4 The default action of this module is to not permit the user access to a service if their official password is blank\&. The \fBnullok\fR @@ -191,11 +191,11 @@ Index: pam.debian/modules/pam_unix/pam_unix.8 .RE .PP \fBtry_first_pass\fR -Index: pam.debian/modules/pam_unix/pam_unix.8.xml +Index: pam/modules/pam_unix/pam_unix.8.xml =================================================================== ---- pam.debian.orig/modules/pam_unix/pam_unix.8.xml -+++ pam.debian/modules/pam_unix/pam_unix.8.xml -@@ -137,7 +137,24 @@ +--- pam.orig/modules/pam_unix/pam_unix.8.xml ++++ pam/modules/pam_unix/pam_unix.8.xml +@@ -159,7 +159,24 @@ The default action of this module is to not permit the user access to a service if their official password is blank. diff --git a/debian/patches-applied/PAM-manpage-section b/debian/patches-applied/PAM-manpage-section index fc0dcab4..1e06f18d 100644 --- a/debian/patches-applied/PAM-manpage-section +++ b/debian/patches-applied/PAM-manpage-section @@ -5,10 +5,10 @@ Authors: Steve Langasek Upstream status: maybe provide a backwards-compatibility link first? -Index: pam.debian/doc/man/pam.8.xml +Index: pam/doc/man/pam.8.xml =================================================================== ---- pam.debian.orig/doc/man/pam.8.xml -+++ pam.debian/doc/man/pam.8.xml +--- pam.orig/doc/man/pam.8.xml ++++ pam/doc/man/pam.8.xml @@ -6,7 +6,7 @@ @@ -18,7 +18,7 @@ Index: pam.debian/doc/man/pam.8.xml Linux-PAM Manual -@@ -179,7 +179,7 @@ +@@ -197,7 +197,7 @@ pam_strerror3 , @@ -27,36 +27,30 @@ Index: pam.debian/doc/man/pam.8.xml -Index: pam.debian/doc/man/PAM.8 -=================================================================== ---- pam.debian.orig/doc/man/PAM.8 -+++ pam.debian/doc/man/PAM.8 -@@ -2,12 +2,12 @@ - .\" Title: pam - .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/16/2014 - .\" Manual: Linux-PAM Manual +Index: pam/doc/man/PAM.8 +=================================================================== +--- pam.orig/doc/man/PAM.8 ++++ pam/doc/man/PAM.8 +@@ -7,7 +7,7 @@ .\" Source: Linux-PAM Manual .\" Language: English .\" --.TH "PAM" "8" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM" "7" "01/16/2014" "Linux-PAM Manual" "Linux-PAM Manual" +-.TH "PAM" "8" "04/01/2016" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM" "7" "04/01/2016" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- -@@ -118,4 +118,4 @@ +@@ -135,4 +135,4 @@ \fBpam_authenticate\fR(3), \fBpam_sm_setcred\fR(3), \fBpam_strerror\fR(3), -\fBPAM\fR(8) +\fBPAM\fR(7) -Index: pam.debian/modules/pam_access/access.conf.5.xml +Index: pam/modules/pam_access/access.conf.5.xml =================================================================== ---- pam.debian.orig/modules/pam_access/access.conf.5.xml -+++ pam.debian/modules/pam_access/access.conf.5.xml -@@ -191,7 +191,7 @@ +--- pam.orig/modules/pam_access/access.conf.5.xml ++++ pam/modules/pam_access/access.conf.5.xml +@@ -215,7 +215,7 @@ pam_access8, pam.d5, @@ -65,11 +59,11 @@ Index: pam.debian/modules/pam_access/access.conf.5.xml -Index: pam.debian/modules/pam_access/access.conf.5 +Index: pam/modules/pam_access/access.conf.5 =================================================================== ---- pam.debian.orig/modules/pam_access/access.conf.5 -+++ pam.debian/modules/pam_access/access.conf.5 -@@ -181,7 +181,7 @@ +--- pam.orig/modules/pam_access/access.conf.5 ++++ pam/modules/pam_access/access.conf.5 +@@ -199,7 +199,7 @@ .PP \fBpam_access\fR(8), \fBpam.d\fR(5), @@ -78,36 +72,36 @@ Index: pam.debian/modules/pam_access/access.conf.5 .SH "AUTHORS" .PP Original -Index: pam.debian/modules/pam_env/pam_env.conf.5.xml +Index: pam/modules/pam_env/pam_env.conf.5.xml =================================================================== ---- pam.debian.orig/modules/pam_env/pam_env.conf.5.xml -+++ pam.debian/modules/pam_env/pam_env.conf.5.xml -@@ -110,7 +110,7 @@ +--- pam.orig/modules/pam_env/pam_env.conf.5.xml ++++ pam/modules/pam_env/pam_env.conf.5.xml +@@ -122,7 +122,7 @@ pam_env8, pam.d5, -- pam8 -+ pam7 +- pam8, ++ pam7, + environ7 - -Index: pam.debian/modules/pam_env/pam_env.conf.5 +Index: pam/modules/pam_env/pam_env.conf.5 =================================================================== ---- pam.debian.orig/modules/pam_env/pam_env.conf.5 -+++ pam.debian/modules/pam_env/pam_env.conf.5 -@@ -112,7 +112,7 @@ +--- pam.orig/modules/pam_env/pam_env.conf.5 ++++ pam/modules/pam_env/pam_env.conf.5 +@@ -125,7 +125,7 @@ .PP \fBpam_env\fR(8), \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) +-\fBpam\fR(8), ++\fBpam\fR(7), + \fBenviron\fR(7) .SH "AUTHOR" .PP - pam_env was written by Dave Kinchlea \&. -Index: pam.debian/modules/pam_group/group.conf.5.xml +Index: pam/modules/pam_group/group.conf.5.xml =================================================================== ---- pam.debian.orig/modules/pam_group/group.conf.5.xml -+++ pam.debian/modules/pam_group/group.conf.5.xml +--- pam.orig/modules/pam_group/group.conf.5.xml ++++ pam/modules/pam_group/group.conf.5.xml @@ -128,7 +128,7 @@ pam_group8, @@ -117,10 +111,10 @@ Index: pam.debian/modules/pam_group/group.conf.5.xml -Index: pam.debian/modules/pam_group/group.conf.5 +Index: pam/modules/pam_group/group.conf.5 =================================================================== ---- pam.debian.orig/modules/pam_group/group.conf.5 -+++ pam.debian/modules/pam_group/group.conf.5 +--- pam.orig/modules/pam_group/group.conf.5 ++++ pam/modules/pam_group/group.conf.5 @@ -113,7 +113,7 @@ .PP \fBpam_group\fR(8), @@ -130,11 +124,11 @@ Index: pam.debian/modules/pam_group/group.conf.5 .SH "AUTHOR" .PP pam_group was written by Andrew G\&. Morgan \&. -Index: pam.debian/modules/pam_limits/limits.conf.5.xml +Index: pam/modules/pam_limits/limits.conf.5.xml =================================================================== ---- pam.debian.orig/modules/pam_limits/limits.conf.5.xml -+++ pam.debian/modules/pam_limits/limits.conf.5.xml -@@ -343,7 +343,7 @@ +--- pam.orig/modules/pam_limits/limits.conf.5.xml ++++ pam/modules/pam_limits/limits.conf.5.xml +@@ -346,7 +346,7 @@ pam_limits8, pam.d5, @@ -143,11 +137,11 @@ Index: pam.debian/modules/pam_limits/limits.conf.5.xml getrlimit2 getrlimit3p -Index: pam.debian/modules/pam_limits/limits.conf.5 +Index: pam/modules/pam_limits/limits.conf.5 =================================================================== ---- pam.debian.orig/modules/pam_limits/limits.conf.5 -+++ pam.debian/modules/pam_limits/limits.conf.5 -@@ -339,7 +339,7 @@ +--- pam.orig/modules/pam_limits/limits.conf.5 ++++ pam/modules/pam_limits/limits.conf.5 +@@ -340,7 +340,7 @@ .PP \fBpam_limits\fR(8), \fBpam.d\fR(5), @@ -156,10 +150,10 @@ Index: pam.debian/modules/pam_limits/limits.conf.5 \fBgetrlimit\fR(2)\fBgetrlimit\fR(3p) .SH "AUTHOR" .PP -Index: pam.debian/modules/pam_namespace/namespace.conf.5.xml +Index: pam/modules/pam_namespace/namespace.conf.5.xml =================================================================== ---- pam.debian.orig/modules/pam_namespace/namespace.conf.5.xml -+++ pam.debian/modules/pam_namespace/namespace.conf.5.xml +--- pam.orig/modules/pam_namespace/namespace.conf.5.xml ++++ pam/modules/pam_namespace/namespace.conf.5.xml @@ -204,7 +204,7 @@ pam_namespace8, @@ -169,10 +163,10 @@ Index: pam.debian/modules/pam_namespace/namespace.conf.5.xml -Index: pam.debian/modules/pam_namespace/namespace.conf.5 +Index: pam/modules/pam_namespace/namespace.conf.5 =================================================================== ---- pam.debian.orig/modules/pam_namespace/namespace.conf.5 -+++ pam.debian/modules/pam_namespace/namespace.conf.5 +--- pam.orig/modules/pam_namespace/namespace.conf.5 ++++ pam/modules/pam_namespace/namespace.conf.5 @@ -155,7 +155,7 @@ .PP \fBpam_namespace\fR(8), @@ -182,10 +176,10 @@ Index: pam.debian/modules/pam_namespace/namespace.conf.5 .SH "AUTHORS" .PP The namespace\&.conf manual page was written by Janak Desai \&. More features added by Tomas Mraz \&. -Index: pam.debian/modules/pam_time/time.conf.5.xml +Index: pam/modules/pam_time/time.conf.5.xml =================================================================== ---- pam.debian.orig/modules/pam_time/time.conf.5.xml -+++ pam.debian/modules/pam_time/time.conf.5.xml +--- pam.orig/modules/pam_time/time.conf.5.xml ++++ pam/modules/pam_time/time.conf.5.xml @@ -130,7 +130,7 @@ pam_time8, @@ -195,10 +189,10 @@ Index: pam.debian/modules/pam_time/time.conf.5.xml -Index: pam.debian/modules/pam_time/time.conf.5 +Index: pam/modules/pam_time/time.conf.5 =================================================================== ---- pam.debian.orig/modules/pam_time/time.conf.5 -+++ pam.debian/modules/pam_time/time.conf.5 +--- pam.orig/modules/pam_time/time.conf.5 ++++ pam/modules/pam_time/time.conf.5 @@ -107,7 +107,7 @@ .PP \fBpam_time\fR(8), @@ -208,11 +202,11 @@ Index: pam.debian/modules/pam_time/time.conf.5 .SH "AUTHOR" .PP pam_time was written by Andrew G\&. Morgan \&. -Index: pam.debian/modules/pam_access/pam_access.8.xml +Index: pam/modules/pam_access/pam_access.8.xml =================================================================== ---- pam.debian.orig/modules/pam_access/pam_access.8.xml -+++ pam.debian/modules/pam_access/pam_access.8.xml -@@ -237,7 +237,7 @@ +--- pam.orig/modules/pam_access/pam_access.8.xml ++++ pam/modules/pam_access/pam_access.8.xml +@@ -238,7 +238,7 @@ pam.d5 , @@ -221,11 +215,11 @@ Index: pam.debian/modules/pam_access/pam_access.8.xml . -Index: pam.debian/modules/pam_access/pam_access.8 +Index: pam/modules/pam_access/pam_access.8 =================================================================== ---- pam.debian.orig/modules/pam_access/pam_access.8 -+++ pam.debian/modules/pam_access/pam_access.8 -@@ -125,7 +125,7 @@ +--- pam.orig/modules/pam_access/pam_access.8 ++++ pam/modules/pam_access/pam_access.8 +@@ -127,7 +127,7 @@ .PP \fBaccess.conf\fR(5), \fBpam.d\fR(5), @@ -234,10 +228,10 @@ Index: pam.debian/modules/pam_access/pam_access.8 .SH "AUTHORS" .PP The logdaemon style login access control scheme was designed and implemented by Wietse Venema\&. The pam_access PAM module was developed by Alexei Nogin \&. The IPv6 support and the network(address) / netmask feature was developed and provided by Mike Becher \&. -Index: pam.debian/modules/pam_cracklib/pam_cracklib.8.xml +Index: pam/modules/pam_cracklib/pam_cracklib.8.xml =================================================================== ---- pam.debian.orig/modules/pam_cracklib/pam_cracklib.8.xml -+++ pam.debian/modules/pam_cracklib/pam_cracklib.8.xml +--- pam.orig/modules/pam_cracklib/pam_cracklib.8.xml ++++ pam/modules/pam_cracklib/pam_cracklib.8.xml @@ -577,7 +577,7 @@ pam.d5 , @@ -247,10 +241,10 @@ Index: pam.debian/modules/pam_cracklib/pam_cracklib.8.xml -Index: pam.debian/modules/pam_cracklib/pam_cracklib.8 +Index: pam/modules/pam_cracklib/pam_cracklib.8 =================================================================== ---- pam.debian.orig/modules/pam_cracklib/pam_cracklib.8 -+++ pam.debian/modules/pam_cracklib/pam_cracklib.8 +--- pam.orig/modules/pam_cracklib/pam_cracklib.8 ++++ pam/modules/pam_cracklib/pam_cracklib.8 @@ -357,7 +357,7 @@ .PP \fBpam.conf\fR(5), @@ -260,10 +254,10 @@ Index: pam.debian/modules/pam_cracklib/pam_cracklib.8 .SH "AUTHOR" .PP pam_cracklib was written by Cristian Gafton -Index: pam.debian/modules/pam_debug/pam_debug.8.xml +Index: pam/modules/pam_debug/pam_debug.8.xml =================================================================== ---- pam.debian.orig/modules/pam_debug/pam_debug.8.xml -+++ pam.debian/modules/pam_debug/pam_debug.8.xml +--- pam.orig/modules/pam_debug/pam_debug.8.xml ++++ pam/modules/pam_debug/pam_debug.8.xml @@ -216,7 +216,7 @@ pam.d5 , @@ -273,10 +267,10 @@ Index: pam.debian/modules/pam_debug/pam_debug.8.xml -Index: pam.debian/modules/pam_debug/pam_debug.8 +Index: pam/modules/pam_debug/pam_debug.8 =================================================================== ---- pam.debian.orig/modules/pam_debug/pam_debug.8 -+++ pam.debian/modules/pam_debug/pam_debug.8 +--- pam.orig/modules/pam_debug/pam_debug.8 ++++ pam/modules/pam_debug/pam_debug.8 @@ -138,7 +138,7 @@ .PP \fBpam.conf\fR(5), @@ -286,10 +280,10 @@ Index: pam.debian/modules/pam_debug/pam_debug.8 .SH "AUTHOR" .PP pam_debug was written by Andrew G\&. Morgan \&. -Index: pam.debian/modules/pam_deny/pam_deny.8.xml +Index: pam/modules/pam_deny/pam_deny.8.xml =================================================================== ---- pam.debian.orig/modules/pam_deny/pam_deny.8.xml -+++ pam.debian/modules/pam_deny/pam_deny.8.xml +--- pam.orig/modules/pam_deny/pam_deny.8.xml ++++ pam/modules/pam_deny/pam_deny.8.xml @@ -120,7 +120,7 @@ pam.d5 , @@ -299,10 +293,10 @@ Index: pam.debian/modules/pam_deny/pam_deny.8.xml -Index: pam.debian/modules/pam_deny/pam_deny.8 +Index: pam/modules/pam_deny/pam_deny.8 =================================================================== ---- pam.debian.orig/modules/pam_deny/pam_deny.8 -+++ pam.debian/modules/pam_deny/pam_deny.8 +--- pam.orig/modules/pam_deny/pam_deny.8 ++++ pam/modules/pam_deny/pam_deny.8 @@ -96,7 +96,7 @@ .PP \fBpam.conf\fR(5), @@ -312,10 +306,10 @@ Index: pam.debian/modules/pam_deny/pam_deny.8 .SH "AUTHOR" .PP pam_deny was written by Andrew G\&. Morgan -Index: pam.debian/modules/pam_echo/pam_echo.8.xml +Index: pam/modules/pam_echo/pam_echo.8.xml =================================================================== ---- pam.debian.orig/modules/pam_echo/pam_echo.8.xml -+++ pam.debian/modules/pam_echo/pam_echo.8.xml +--- pam.orig/modules/pam_echo/pam_echo.8.xml ++++ pam/modules/pam_echo/pam_echo.8.xml @@ -159,7 +159,7 @@ pam.d5 , @@ -325,10 +319,10 @@ Index: pam.debian/modules/pam_echo/pam_echo.8.xml -Index: pam.debian/modules/pam_echo/pam_echo.8 +Index: pam/modules/pam_echo/pam_echo.8 =================================================================== ---- pam.debian.orig/modules/pam_echo/pam_echo.8 -+++ pam.debian/modules/pam_echo/pam_echo.8 +--- pam.orig/modules/pam_echo/pam_echo.8 ++++ pam/modules/pam_echo/pam_echo.8 @@ -126,7 +126,7 @@ .PP \fBpam.conf\fR(8), @@ -338,24 +332,24 @@ Index: pam.debian/modules/pam_echo/pam_echo.8 .SH "AUTHOR" .PP Thorsten Kukuk -Index: pam.debian/modules/pam_env/pam_env.8.xml +Index: pam/modules/pam_env/pam_env.8.xml =================================================================== ---- pam.debian.orig/modules/pam_env/pam_env.8.xml -+++ pam.debian/modules/pam_env/pam_env.8.xml -@@ -235,7 +235,7 @@ +--- pam.orig/modules/pam_env/pam_env.8.xml ++++ pam/modules/pam_env/pam_env.8.xml +@@ -246,7 +246,7 @@ pam.d5 , - pam8 + pam7 - . - - -Index: pam.debian/modules/pam_exec/pam_exec.8.xml + , + + environ7 +Index: pam/modules/pam_exec/pam_exec.8.xml =================================================================== ---- pam.debian.orig/modules/pam_exec/pam_exec.8.xml -+++ pam.debian/modules/pam_exec/pam_exec.8.xml -@@ -257,7 +257,7 @@ +--- pam.orig/modules/pam_exec/pam_exec.8.xml ++++ pam/modules/pam_exec/pam_exec.8.xml +@@ -258,7 +258,7 @@ pam.d5 , @@ -364,11 +358,11 @@ Index: pam.debian/modules/pam_exec/pam_exec.8.xml -Index: pam.debian/modules/pam_exec/pam_exec.8 +Index: pam/modules/pam_exec/pam_exec.8 =================================================================== ---- pam.debian.orig/modules/pam_exec/pam_exec.8 -+++ pam.debian/modules/pam_exec/pam_exec.8 -@@ -160,7 +160,7 @@ +--- pam.orig/modules/pam_exec/pam_exec.8 ++++ pam/modules/pam_exec/pam_exec.8 +@@ -162,7 +162,7 @@ .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), @@ -377,10 +371,10 @@ Index: pam.debian/modules/pam_exec/pam_exec.8 .SH "AUTHOR" .PP pam_exec was written by Thorsten Kukuk and Josh Triplett \&. -Index: pam.debian/modules/pam_faildelay/pam_faildelay.8.xml +Index: pam/modules/pam_faildelay/pam_faildelay.8.xml =================================================================== ---- pam.debian.orig/modules/pam_faildelay/pam_faildelay.8.xml -+++ pam.debian/modules/pam_faildelay/pam_faildelay.8.xml +--- pam.orig/modules/pam_faildelay/pam_faildelay.8.xml ++++ pam/modules/pam_faildelay/pam_faildelay.8.xml @@ -121,7 +121,7 @@ pam.d5 , @@ -390,10 +384,10 @@ Index: pam.debian/modules/pam_faildelay/pam_faildelay.8.xml -Index: pam.debian/modules/pam_faildelay/pam_faildelay.8 +Index: pam/modules/pam_faildelay/pam_faildelay.8 =================================================================== ---- pam.debian.orig/modules/pam_faildelay/pam_faildelay.8 -+++ pam.debian/modules/pam_faildelay/pam_faildelay.8 +--- pam.orig/modules/pam_faildelay/pam_faildelay.8 ++++ pam/modules/pam_faildelay/pam_faildelay.8 @@ -87,7 +87,7 @@ \fBpam_fail_delay\fR(3), \fBpam.conf\fR(5), @@ -403,10 +397,10 @@ Index: pam.debian/modules/pam_faildelay/pam_faildelay.8 .SH "AUTHOR" .PP pam_faildelay was written by Darren Tucker \&. -Index: pam.debian/modules/pam_filter/pam_filter.8.xml +Index: pam/modules/pam_filter/pam_filter.8.xml =================================================================== ---- pam.debian.orig/modules/pam_filter/pam_filter.8.xml -+++ pam.debian/modules/pam_filter/pam_filter.8.xml +--- pam.orig/modules/pam_filter/pam_filter.8.xml ++++ pam/modules/pam_filter/pam_filter.8.xml @@ -246,7 +246,7 @@ pam.d5 , @@ -416,10 +410,10 @@ Index: pam.debian/modules/pam_filter/pam_filter.8.xml -Index: pam.debian/modules/pam_filter/pam_filter.8 +Index: pam/modules/pam_filter/pam_filter.8 =================================================================== ---- pam.debian.orig/modules/pam_filter/pam_filter.8 -+++ pam.debian/modules/pam_filter/pam_filter.8 +--- pam.orig/modules/pam_filter/pam_filter.8 ++++ pam/modules/pam_filter/pam_filter.8 @@ -166,7 +166,7 @@ .PP \fBpam.conf\fR(5), @@ -429,10 +423,10 @@ Index: pam.debian/modules/pam_filter/pam_filter.8 .SH "AUTHOR" .PP pam_filter was written by Andrew G\&. Morgan \&. -Index: pam.debian/modules/pam_ftp/pam_ftp.8.xml +Index: pam/modules/pam_ftp/pam_ftp.8.xml =================================================================== ---- pam.debian.orig/modules/pam_ftp/pam_ftp.8.xml -+++ pam.debian/modules/pam_ftp/pam_ftp.8.xml +--- pam.orig/modules/pam_ftp/pam_ftp.8.xml ++++ pam/modules/pam_ftp/pam_ftp.8.xml @@ -168,7 +168,7 @@ pam.d5 , @@ -442,10 +436,10 @@ Index: pam.debian/modules/pam_ftp/pam_ftp.8.xml -Index: pam.debian/modules/pam_ftp/pam_ftp.8 +Index: pam/modules/pam_ftp/pam_ftp.8 =================================================================== ---- pam.debian.orig/modules/pam_ftp/pam_ftp.8 -+++ pam.debian/modules/pam_ftp/pam_ftp.8 +--- pam.orig/modules/pam_ftp/pam_ftp.8 ++++ pam/modules/pam_ftp/pam_ftp.8 @@ -119,7 +119,7 @@ .PP \fBpam.conf\fR(5), @@ -455,10 +449,10 @@ Index: pam.debian/modules/pam_ftp/pam_ftp.8 .SH "AUTHOR" .PP pam_ftp was written by Andrew G\&. Morgan \&. -Index: pam.debian/modules/pam_group/pam_group.8.xml +Index: pam/modules/pam_group/pam_group.8.xml =================================================================== ---- pam.debian.orig/modules/pam_group/pam_group.8.xml -+++ pam.debian/modules/pam_group/pam_group.8.xml +--- pam.orig/modules/pam_group/pam_group.8.xml ++++ pam/modules/pam_group/pam_group.8.xml @@ -148,7 +148,7 @@ pam.d5 , @@ -468,10 +462,10 @@ Index: pam.debian/modules/pam_group/pam_group.8.xml . -Index: pam.debian/modules/pam_group/pam_group.8 +Index: pam/modules/pam_group/pam_group.8 =================================================================== ---- pam.debian.orig/modules/pam_group/pam_group.8 -+++ pam.debian/modules/pam_group/pam_group.8 +--- pam.orig/modules/pam_group/pam_group.8 ++++ pam/modules/pam_group/pam_group.8 @@ -103,7 +103,7 @@ .PP \fBgroup.conf\fR(5), @@ -481,10 +475,10 @@ Index: pam.debian/modules/pam_group/pam_group.8 .SH "AUTHORS" .PP pam_group was written by Andrew G\&. Morgan \&. -Index: pam.debian/modules/pam_issue/pam_issue.8.xml +Index: pam/modules/pam_issue/pam_issue.8.xml =================================================================== ---- pam.debian.orig/modules/pam_issue/pam_issue.8.xml -+++ pam.debian/modules/pam_issue/pam_issue.8.xml +--- pam.orig/modules/pam_issue/pam_issue.8.xml ++++ pam/modules/pam_issue/pam_issue.8.xml @@ -219,7 +219,7 @@ pam.d5 , @@ -494,10 +488,10 @@ Index: pam.debian/modules/pam_issue/pam_issue.8.xml -Index: pam.debian/modules/pam_issue/pam_issue.8 +Index: pam/modules/pam_issue/pam_issue.8 =================================================================== ---- pam.debian.orig/modules/pam_issue/pam_issue.8 -+++ pam.debian/modules/pam_issue/pam_issue.8 +--- pam.orig/modules/pam_issue/pam_issue.8 ++++ pam/modules/pam_issue/pam_issue.8 @@ -152,7 +152,7 @@ .PP \fBpam.conf\fR(5), @@ -507,10 +501,10 @@ Index: pam.debian/modules/pam_issue/pam_issue.8 .SH "AUTHOR" .PP pam_issue was written by Ben Collins \&. -Index: pam.debian/modules/pam_keyinit/pam_keyinit.8.xml +Index: pam/modules/pam_keyinit/pam_keyinit.8.xml =================================================================== ---- pam.debian.orig/modules/pam_keyinit/pam_keyinit.8.xml -+++ pam.debian/modules/pam_keyinit/pam_keyinit.8.xml +--- pam.orig/modules/pam_keyinit/pam_keyinit.8.xml ++++ pam/modules/pam_keyinit/pam_keyinit.8.xml @@ -223,7 +223,7 @@ pam.d5 , @@ -520,10 +514,10 @@ Index: pam.debian/modules/pam_keyinit/pam_keyinit.8.xml keyctl1 -Index: pam.debian/modules/pam_keyinit/pam_keyinit.8 +Index: pam/modules/pam_keyinit/pam_keyinit.8 =================================================================== ---- pam.debian.orig/modules/pam_keyinit/pam_keyinit.8 -+++ pam.debian/modules/pam_keyinit/pam_keyinit.8 +--- pam.orig/modules/pam_keyinit/pam_keyinit.8 ++++ pam/modules/pam_keyinit/pam_keyinit.8 @@ -130,7 +130,7 @@ .PP \fBpam.conf\fR(5), @@ -533,10 +527,10 @@ Index: pam.debian/modules/pam_keyinit/pam_keyinit.8 .SH "AUTHOR" .PP pam_keyinit was written by David Howells, \&. -Index: pam.debian/modules/pam_lastlog/pam_lastlog.8.xml +Index: pam/modules/pam_lastlog/pam_lastlog.8.xml =================================================================== ---- pam.debian.orig/modules/pam_lastlog/pam_lastlog.8.xml -+++ pam.debian/modules/pam_lastlog/pam_lastlog.8.xml +--- pam.orig/modules/pam_lastlog/pam_lastlog.8.xml ++++ pam/modules/pam_lastlog/pam_lastlog.8.xml @@ -298,7 +298,7 @@ pam.d5 , @@ -546,10 +540,10 @@ Index: pam.debian/modules/pam_lastlog/pam_lastlog.8.xml -Index: pam.debian/modules/pam_lastlog/pam_lastlog.8 +Index: pam/modules/pam_lastlog/pam_lastlog.8 =================================================================== ---- pam.debian.orig/modules/pam_lastlog/pam_lastlog.8 -+++ pam.debian/modules/pam_lastlog/pam_lastlog.8 +--- pam.orig/modules/pam_lastlog/pam_lastlog.8 ++++ pam/modules/pam_lastlog/pam_lastlog.8 @@ -173,7 +173,7 @@ .PP \fBpam.conf\fR(5), @@ -559,10 +553,10 @@ Index: pam.debian/modules/pam_lastlog/pam_lastlog.8 .SH "AUTHOR" .PP pam_lastlog was written by Andrew G\&. Morgan \&. -Index: pam.debian/modules/pam_limits/pam_limits.8.xml +Index: pam/modules/pam_limits/pam_limits.8.xml =================================================================== ---- pam.debian.orig/modules/pam_limits/pam_limits.8.xml -+++ pam.debian/modules/pam_limits/pam_limits.8.xml +--- pam.orig/modules/pam_limits/pam_limits.8.xml ++++ pam/modules/pam_limits/pam_limits.8.xml @@ -241,7 +241,7 @@ pam.d5 , @@ -572,10 +566,10 @@ Index: pam.debian/modules/pam_limits/pam_limits.8.xml . -Index: pam.debian/modules/pam_limits/pam_limits.8 +Index: pam/modules/pam_limits/pam_limits.8 =================================================================== ---- pam.debian.orig/modules/pam_limits/pam_limits.8 -+++ pam.debian/modules/pam_limits/pam_limits.8 +--- pam.orig/modules/pam_limits/pam_limits.8 ++++ pam/modules/pam_limits/pam_limits.8 @@ -146,7 +146,7 @@ .PP \fBlimits.conf\fR(5), @@ -585,10 +579,10 @@ Index: pam.debian/modules/pam_limits/pam_limits.8 .SH "AUTHORS" .PP pam_limits was initially written by Cristian Gafton -Index: pam.debian/modules/pam_listfile/pam_listfile.8.xml +Index: pam/modules/pam_listfile/pam_listfile.8.xml =================================================================== ---- pam.debian.orig/modules/pam_listfile/pam_listfile.8.xml -+++ pam.debian/modules/pam_listfile/pam_listfile.8.xml +--- pam.orig/modules/pam_listfile/pam_listfile.8.xml ++++ pam/modules/pam_listfile/pam_listfile.8.xml @@ -281,7 +281,7 @@ pam.d5 , @@ -598,10 +592,10 @@ Index: pam.debian/modules/pam_listfile/pam_listfile.8.xml -Index: pam.debian/modules/pam_listfile/pam_listfile.8 +Index: pam/modules/pam_listfile/pam_listfile.8 =================================================================== ---- pam.debian.orig/modules/pam_listfile/pam_listfile.8 -+++ pam.debian/modules/pam_listfile/pam_listfile.8 +--- pam.orig/modules/pam_listfile/pam_listfile.8 ++++ pam/modules/pam_listfile/pam_listfile.8 @@ -205,7 +205,7 @@ .PP \fBpam.conf\fR(5), @@ -611,10 +605,10 @@ Index: pam.debian/modules/pam_listfile/pam_listfile.8 .SH "AUTHOR" .PP pam_listfile was written by Michael K\&. Johnson and Elliot Lee \&. -Index: pam.debian/modules/pam_localuser/pam_localuser.8.xml +Index: pam/modules/pam_localuser/pam_localuser.8.xml =================================================================== ---- pam.debian.orig/modules/pam_localuser/pam_localuser.8.xml -+++ pam.debian/modules/pam_localuser/pam_localuser.8.xml +--- pam.orig/modules/pam_localuser/pam_localuser.8.xml ++++ pam/modules/pam_localuser/pam_localuser.8.xml @@ -158,7 +158,7 @@ pam.d5 , @@ -624,10 +618,10 @@ Index: pam.debian/modules/pam_localuser/pam_localuser.8.xml -Index: pam.debian/modules/pam_localuser/pam_localuser.8 +Index: pam/modules/pam_localuser/pam_localuser.8 =================================================================== ---- pam.debian.orig/modules/pam_localuser/pam_localuser.8 -+++ pam.debian/modules/pam_localuser/pam_localuser.8 +--- pam.orig/modules/pam_localuser/pam_localuser.8 ++++ pam/modules/pam_localuser/pam_localuser.8 @@ -102,7 +102,7 @@ .PP \fBpam.conf\fR(5), @@ -637,11 +631,11 @@ Index: pam.debian/modules/pam_localuser/pam_localuser.8 .SH "AUTHOR" .PP pam_localuser was written by Nalin Dahyabhai \&. -Index: pam.debian/modules/pam_loginuid/pam_loginuid.8.xml +Index: pam/modules/pam_loginuid/pam_loginuid.8.xml =================================================================== ---- pam.debian.orig/modules/pam_loginuid/pam_loginuid.8.xml -+++ pam.debian/modules/pam_loginuid/pam_loginuid.8.xml -@@ -104,7 +104,7 @@ +--- pam.orig/modules/pam_loginuid/pam_loginuid.8.xml ++++ pam/modules/pam_loginuid/pam_loginuid.8.xml +@@ -121,7 +121,7 @@ pam.d5 , @@ -650,11 +644,11 @@ Index: pam.debian/modules/pam_loginuid/pam_loginuid.8.xml , auditctl8 -Index: pam.debian/modules/pam_loginuid/pam_loginuid.8 +Index: pam/modules/pam_loginuid/pam_loginuid.8 =================================================================== ---- pam.debian.orig/modules/pam_loginuid/pam_loginuid.8 -+++ pam.debian/modules/pam_loginuid/pam_loginuid.8 -@@ -75,7 +75,7 @@ +--- pam.orig/modules/pam_loginuid/pam_loginuid.8 ++++ pam/modules/pam_loginuid/pam_loginuid.8 +@@ -85,7 +85,7 @@ .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), @@ -663,10 +657,10 @@ Index: pam.debian/modules/pam_loginuid/pam_loginuid.8 \fBauditctl\fR(8), \fBauditd\fR(8) .SH "AUTHOR" -Index: pam.debian/modules/pam_mail/pam_mail.8.xml +Index: pam/modules/pam_mail/pam_mail.8.xml =================================================================== ---- pam.debian.orig/modules/pam_mail/pam_mail.8.xml -+++ pam.debian/modules/pam_mail/pam_mail.8.xml +--- pam.orig/modules/pam_mail/pam_mail.8.xml ++++ pam/modules/pam_mail/pam_mail.8.xml @@ -265,7 +265,7 @@ pam.d5 , @@ -676,10 +670,10 @@ Index: pam.debian/modules/pam_mail/pam_mail.8.xml -Index: pam.debian/modules/pam_mail/pam_mail.8 +Index: pam/modules/pam_mail/pam_mail.8 =================================================================== ---- pam.debian.orig/modules/pam_mail/pam_mail.8 -+++ pam.debian/modules/pam_mail/pam_mail.8 +--- pam.orig/modules/pam_mail/pam_mail.8 ++++ pam/modules/pam_mail/pam_mail.8 @@ -153,7 +153,7 @@ .PP \fBpam.conf\fR(5), @@ -689,10 +683,10 @@ Index: pam.debian/modules/pam_mail/pam_mail.8 .SH "AUTHOR" .PP pam_mail was written by Andrew G\&. Morgan \&. -Index: pam.debian/modules/pam_mkhomedir/pam_mkhomedir.8.xml +Index: pam/modules/pam_mkhomedir/pam_mkhomedir.8.xml =================================================================== ---- pam.debian.orig/modules/pam_mkhomedir/pam_mkhomedir.8.xml -+++ pam.debian/modules/pam_mkhomedir/pam_mkhomedir.8.xml +--- pam.orig/modules/pam_mkhomedir/pam_mkhomedir.8.xml ++++ pam/modules/pam_mkhomedir/pam_mkhomedir.8.xml @@ -189,7 +189,7 @@ pam.d5 , @@ -702,10 +696,10 @@ Index: pam.debian/modules/pam_mkhomedir/pam_mkhomedir.8.xml . -Index: pam.debian/modules/pam_mkhomedir/pam_mkhomedir.8 +Index: pam/modules/pam_mkhomedir/pam_mkhomedir.8 =================================================================== ---- pam.debian.orig/modules/pam_mkhomedir/pam_mkhomedir.8 -+++ pam.debian/modules/pam_mkhomedir/pam_mkhomedir.8 +--- pam.orig/modules/pam_mkhomedir/pam_mkhomedir.8 ++++ pam/modules/pam_mkhomedir/pam_mkhomedir.8 @@ -123,7 +123,7 @@ .SH "SEE ALSO" .PP @@ -715,10 +709,10 @@ Index: pam.debian/modules/pam_mkhomedir/pam_mkhomedir.8 .SH "AUTHOR" .PP pam_mkhomedir was written by Jason Gunthorpe \&. -Index: pam.debian/modules/pam_motd/pam_motd.8.xml +Index: pam/modules/pam_motd/pam_motd.8.xml =================================================================== ---- pam.debian.orig/modules/pam_motd/pam_motd.8.xml -+++ pam.debian/modules/pam_motd/pam_motd.8.xml +--- pam.orig/modules/pam_motd/pam_motd.8.xml ++++ pam/modules/pam_motd/pam_motd.8.xml @@ -99,7 +99,7 @@ pam.d5 , @@ -728,10 +722,10 @@ Index: pam.debian/modules/pam_motd/pam_motd.8.xml -Index: pam.debian/modules/pam_motd/pam_motd.8 +Index: pam/modules/pam_motd/pam_motd.8 =================================================================== ---- pam.debian.orig/modules/pam_motd/pam_motd.8 -+++ pam.debian/modules/pam_motd/pam_motd.8 +--- pam.orig/modules/pam_motd/pam_motd.8 ++++ pam/modules/pam_motd/pam_motd.8 @@ -78,7 +78,7 @@ \fBmotd\fR(5), \fBpam.conf\fR(5), @@ -741,10 +735,10 @@ Index: pam.debian/modules/pam_motd/pam_motd.8 .SH "AUTHOR" .PP pam_motd was written by Ben Collins \&. -Index: pam.debian/modules/pam_namespace/pam_namespace.8.xml +Index: pam/modules/pam_namespace/pam_namespace.8.xml =================================================================== ---- pam.debian.orig/modules/pam_namespace/pam_namespace.8.xml -+++ pam.debian/modules/pam_namespace/pam_namespace.8.xml +--- pam.orig/modules/pam_namespace/pam_namespace.8.xml ++++ pam/modules/pam_namespace/pam_namespace.8.xml @@ -399,7 +399,7 @@ mount8 , @@ -754,10 +748,10 @@ Index: pam.debian/modules/pam_namespace/pam_namespace.8.xml . -Index: pam.debian/modules/pam_namespace/pam_namespace.8 +Index: pam/modules/pam_namespace/pam_namespace.8 =================================================================== ---- pam.debian.orig/modules/pam_namespace/pam_namespace.8 -+++ pam.debian/modules/pam_namespace/pam_namespace.8 +--- pam.orig/modules/pam_namespace/pam_namespace.8 ++++ pam/modules/pam_namespace/pam_namespace.8 @@ -178,7 +178,7 @@ \fBnamespace.conf\fR(5), \fBpam.d\fR(5), @@ -767,10 +761,10 @@ Index: pam.debian/modules/pam_namespace/pam_namespace.8 .SH "AUTHORS" .PP The namespace setup scheme was designed by Stephen Smalley, Janak Desai and Chad Sellers\&. The pam_namespace PAM module was developed by Janak Desai , Chad Sellers and Steve Grubb \&. Additional improvements by Xavier Toth and Tomas Mraz \&. -Index: pam.debian/modules/pam_nologin/pam_nologin.8.xml +Index: pam/modules/pam_nologin/pam_nologin.8.xml =================================================================== ---- pam.debian.orig/modules/pam_nologin/pam_nologin.8.xml -+++ pam.debian/modules/pam_nologin/pam_nologin.8.xml +--- pam.orig/modules/pam_nologin/pam_nologin.8.xml ++++ pam/modules/pam_nologin/pam_nologin.8.xml @@ -160,7 +160,7 @@ pam.d5 , @@ -780,10 +774,10 @@ Index: pam.debian/modules/pam_nologin/pam_nologin.8.xml -Index: pam.debian/modules/pam_nologin/pam_nologin.8 +Index: pam/modules/pam_nologin/pam_nologin.8 =================================================================== ---- pam.debian.orig/modules/pam_nologin/pam_nologin.8 -+++ pam.debian/modules/pam_nologin/pam_nologin.8 +--- pam.orig/modules/pam_nologin/pam_nologin.8 ++++ pam/modules/pam_nologin/pam_nologin.8 @@ -124,7 +124,7 @@ \fBnologin\fR(5), \fBpam.conf\fR(5), @@ -793,10 +787,10 @@ Index: pam.debian/modules/pam_nologin/pam_nologin.8 .SH "AUTHOR" .PP pam_nologin was written by Michael K\&. Johnson \&. -Index: pam.debian/modules/pam_permit/pam_permit.8.xml +Index: pam/modules/pam_permit/pam_permit.8.xml =================================================================== ---- pam.debian.orig/modules/pam_permit/pam_permit.8.xml -+++ pam.debian/modules/pam_permit/pam_permit.8.xml +--- pam.orig/modules/pam_permit/pam_permit.8.xml ++++ pam/modules/pam_permit/pam_permit.8.xml @@ -91,7 +91,7 @@ pam.d5 , @@ -806,10 +800,10 @@ Index: pam.debian/modules/pam_permit/pam_permit.8.xml -Index: pam.debian/modules/pam_permit/pam_permit.8 +Index: pam/modules/pam_permit/pam_permit.8 =================================================================== ---- pam.debian.orig/modules/pam_permit/pam_permit.8 -+++ pam.debian/modules/pam_permit/pam_permit.8 +--- pam.orig/modules/pam_permit/pam_permit.8 ++++ pam/modules/pam_permit/pam_permit.8 @@ -78,7 +78,7 @@ .PP \fBpam.conf\fR(5), @@ -819,10 +813,10 @@ Index: pam.debian/modules/pam_permit/pam_permit.8 .SH "AUTHOR" .PP pam_permit was written by Andrew G\&. Morgan, \&. -Index: pam.debian/modules/pam_rhosts/pam_rhosts.8.xml +Index: pam/modules/pam_rhosts/pam_rhosts.8.xml =================================================================== ---- pam.debian.orig/modules/pam_rhosts/pam_rhosts.8.xml -+++ pam.debian/modules/pam_rhosts/pam_rhosts.8.xml +--- pam.orig/modules/pam_rhosts/pam_rhosts.8.xml ++++ pam/modules/pam_rhosts/pam_rhosts.8.xml @@ -156,7 +156,7 @@ pam.d5 , @@ -832,10 +826,10 @@ Index: pam.debian/modules/pam_rhosts/pam_rhosts.8.xml -Index: pam.debian/modules/pam_rhosts/pam_rhosts.8 +Index: pam/modules/pam_rhosts/pam_rhosts.8 =================================================================== ---- pam.debian.orig/modules/pam_rhosts/pam_rhosts.8 -+++ pam.debian/modules/pam_rhosts/pam_rhosts.8 +--- pam.orig/modules/pam_rhosts/pam_rhosts.8 ++++ pam/modules/pam_rhosts/pam_rhosts.8 @@ -122,7 +122,7 @@ \fBrhosts\fR(5), \fBpam.conf\fR(5), @@ -845,10 +839,10 @@ Index: pam.debian/modules/pam_rhosts/pam_rhosts.8 .SH "AUTHOR" .PP pam_rhosts was written by Thorsten Kukuk -Index: pam.debian/modules/pam_rootok/pam_rootok.8.xml +Index: pam/modules/pam_rootok/pam_rootok.8.xml =================================================================== ---- pam.debian.orig/modules/pam_rootok/pam_rootok.8.xml -+++ pam.debian/modules/pam_rootok/pam_rootok.8.xml +--- pam.orig/modules/pam_rootok/pam_rootok.8.xml ++++ pam/modules/pam_rootok/pam_rootok.8.xml @@ -116,7 +116,7 @@ pam.d5 , @@ -858,10 +852,10 @@ Index: pam.debian/modules/pam_rootok/pam_rootok.8.xml -Index: pam.debian/modules/pam_rootok/pam_rootok.8 +Index: pam/modules/pam_rootok/pam_rootok.8 =================================================================== ---- pam.debian.orig/modules/pam_rootok/pam_rootok.8 -+++ pam.debian/modules/pam_rootok/pam_rootok.8 +--- pam.orig/modules/pam_rootok/pam_rootok.8 ++++ pam/modules/pam_rootok/pam_rootok.8 @@ -99,7 +99,7 @@ \fBsu\fR(1), \fBpam.conf\fR(5), @@ -871,10 +865,10 @@ Index: pam.debian/modules/pam_rootok/pam_rootok.8 .SH "AUTHOR" .PP pam_rootok was written by Andrew G\&. Morgan, \&. -Index: pam.debian/modules/pam_securetty/pam_securetty.8.xml +Index: pam/modules/pam_securetty/pam_securetty.8.xml =================================================================== ---- pam.debian.orig/modules/pam_securetty/pam_securetty.8.xml -+++ pam.debian/modules/pam_securetty/pam_securetty.8.xml +--- pam.orig/modules/pam_securetty/pam_securetty.8.xml ++++ pam/modules/pam_securetty/pam_securetty.8.xml @@ -168,7 +168,7 @@ pam.d5 , @@ -884,10 +878,10 @@ Index: pam.debian/modules/pam_securetty/pam_securetty.8.xml -Index: pam.debian/modules/pam_securetty/pam_securetty.8 +Index: pam/modules/pam_securetty/pam_securetty.8 =================================================================== ---- pam.debian.orig/modules/pam_securetty/pam_securetty.8 -+++ pam.debian/modules/pam_securetty/pam_securetty.8 +--- pam.orig/modules/pam_securetty/pam_securetty.8 ++++ pam/modules/pam_securetty/pam_securetty.8 @@ -119,7 +119,7 @@ \fBsecuretty\fR(5), \fBpam.conf\fR(5), @@ -897,10 +891,10 @@ Index: pam.debian/modules/pam_securetty/pam_securetty.8 .SH "AUTHOR" .PP pam_securetty was written by Elliot Lee \&. -Index: pam.debian/modules/pam_selinux/pam_selinux.8.xml +Index: pam/modules/pam_selinux/pam_selinux.8.xml =================================================================== ---- pam.debian.orig/modules/pam_selinux/pam_selinux.8.xml -+++ pam.debian/modules/pam_selinux/pam_selinux.8.xml +--- pam.orig/modules/pam_selinux/pam_selinux.8.xml ++++ pam/modules/pam_selinux/pam_selinux.8.xml @@ -258,7 +258,7 @@ pam.d5 , @@ -910,22 +904,16 @@ Index: pam.debian/modules/pam_selinux/pam_selinux.8.xml , selinux8 -Index: pam.debian/modules/pam_selinux/pam_selinux.8 -=================================================================== ---- pam.debian.orig/modules/pam_selinux/pam_selinux.8 -+++ pam.debian/modules/pam_selinux/pam_selinux.8 -@@ -2,12 +2,12 @@ - .\" Title: pam_selinux - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 06/18/2013 -+.\" Date: 01/14/2014 - .\" Manual: Linux-PAM Manual +Index: pam/modules/pam_selinux/pam_selinux.8 +=================================================================== +--- pam.orig/modules/pam_selinux/pam_selinux.8 ++++ pam/modules/pam_selinux/pam_selinux.8 +@@ -7,7 +7,7 @@ .\" Source: Linux-PAM Manual .\" Language: English .\" --.TH "PAM_SELINUX" "8" "06/18/2013" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_SELINUX" "8" "01/14/2014" "Linux-PAM Manual" "Linux\-PAM Manual" +-.TH "PAM_SELINUX" "8" "04/01/2016" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_SELINUX" "7" "04/01/2016" "Linux-PAM Manual" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -938,10 +926,10 @@ Index: pam.debian/modules/pam_selinux/pam_selinux.8 \fBselinux\fR(8) .SH "AUTHOR" .PP -Index: pam.debian/modules/pam_sepermit/pam_sepermit.8.xml +Index: pam/modules/pam_sepermit/pam_sepermit.8.xml =================================================================== ---- pam.debian.orig/modules/pam_sepermit/pam_sepermit.8.xml -+++ pam.debian/modules/pam_sepermit/pam_sepermit.8.xml +--- pam.orig/modules/pam_sepermit/pam_sepermit.8.xml ++++ pam/modules/pam_sepermit/pam_sepermit.8.xml @@ -176,7 +176,7 @@ pam.d5 , @@ -951,10 +939,10 @@ Index: pam.debian/modules/pam_sepermit/pam_sepermit.8.xml selinux8 -Index: pam.debian/modules/pam_sepermit/pam_sepermit.8 +Index: pam/modules/pam_sepermit/pam_sepermit.8 =================================================================== ---- pam.debian.orig/modules/pam_sepermit/pam_sepermit.8 -+++ pam.debian/modules/pam_sepermit/pam_sepermit.8 +--- pam.orig/modules/pam_sepermit/pam_sepermit.8 ++++ pam/modules/pam_sepermit/pam_sepermit.8 @@ -124,7 +124,7 @@ \fBsepermit.conf\fR(5), \fBpam.conf\fR(5), @@ -964,10 +952,10 @@ Index: pam.debian/modules/pam_sepermit/pam_sepermit.8 .SH "AUTHOR" .PP pam_sepermit and this manual page were written by Tomas Mraz \&. -Index: pam.debian/modules/pam_shells/pam_shells.8.xml +Index: pam/modules/pam_shells/pam_shells.8.xml =================================================================== ---- pam.debian.orig/modules/pam_shells/pam_shells.8.xml -+++ pam.debian/modules/pam_shells/pam_shells.8.xml +--- pam.orig/modules/pam_shells/pam_shells.8.xml ++++ pam/modules/pam_shells/pam_shells.8.xml @@ -102,7 +102,7 @@ pam.d5 , @@ -977,10 +965,10 @@ Index: pam.debian/modules/pam_shells/pam_shells.8.xml -Index: pam.debian/modules/pam_shells/pam_shells.8 +Index: pam/modules/pam_shells/pam_shells.8 =================================================================== ---- pam.debian.orig/modules/pam_shells/pam_shells.8 -+++ pam.debian/modules/pam_shells/pam_shells.8 +--- pam.orig/modules/pam_shells/pam_shells.8 ++++ pam/modules/pam_shells/pam_shells.8 @@ -85,7 +85,7 @@ \fBshells\fR(5), \fBpam.conf\fR(5), @@ -990,10 +978,10 @@ Index: pam.debian/modules/pam_shells/pam_shells.8 .SH "AUTHOR" .PP pam_shells was written by Erik Troan \&. -Index: pam.debian/modules/pam_succeed_if/pam_succeed_if.8.xml +Index: pam/modules/pam_succeed_if/pam_succeed_if.8.xml =================================================================== ---- pam.debian.orig/modules/pam_succeed_if/pam_succeed_if.8.xml -+++ pam.debian/modules/pam_succeed_if/pam_succeed_if.8.xml +--- pam.orig/modules/pam_succeed_if/pam_succeed_if.8.xml ++++ pam/modules/pam_succeed_if/pam_succeed_if.8.xml @@ -295,7 +295,7 @@ glob7 , @@ -1003,10 +991,10 @@ Index: pam.debian/modules/pam_succeed_if/pam_succeed_if.8.xml -Index: pam.debian/modules/pam_succeed_if/pam_succeed_if.8 +Index: pam/modules/pam_succeed_if/pam_succeed_if.8 =================================================================== ---- pam.debian.orig/modules/pam_succeed_if/pam_succeed_if.8 -+++ pam.debian/modules/pam_succeed_if/pam_succeed_if.8 +--- pam.orig/modules/pam_succeed_if/pam_succeed_if.8 ++++ pam/modules/pam_succeed_if/pam_succeed_if.8 @@ -220,7 +220,7 @@ .SH "SEE ALSO" .PP @@ -1016,10 +1004,10 @@ Index: pam.debian/modules/pam_succeed_if/pam_succeed_if.8 .SH "AUTHOR" .PP Nalin Dahyabhai -Index: pam.debian/modules/pam_tally/pam_tally.8.xml +Index: pam/modules/pam_tally/pam_tally.8.xml =================================================================== ---- pam.debian.orig/modules/pam_tally/pam_tally.8.xml -+++ pam.debian/modules/pam_tally/pam_tally.8.xml +--- pam.orig/modules/pam_tally/pam_tally.8.xml ++++ pam/modules/pam_tally/pam_tally.8.xml @@ -444,7 +444,7 @@ pam.d5 , @@ -1029,10 +1017,10 @@ Index: pam.debian/modules/pam_tally/pam_tally.8.xml -Index: pam.debian/modules/pam_tally/pam_tally.8 +Index: pam/modules/pam_tally/pam_tally.8 =================================================================== ---- pam.debian.orig/modules/pam_tally/pam_tally.8 -+++ pam.debian/modules/pam_tally/pam_tally.8 +--- pam.orig/modules/pam_tally/pam_tally.8 ++++ pam/modules/pam_tally/pam_tally.8 @@ -248,7 +248,7 @@ \fBfaillog\fR(8), \fBpam.conf\fR(5), @@ -1042,10 +1030,10 @@ Index: pam.debian/modules/pam_tally/pam_tally.8 .SH "AUTHOR" .PP pam_tally was written by Tim Baverstock and Tomas Mraz\&. -Index: pam.debian/modules/pam_time/pam_time.8.xml +Index: pam/modules/pam_time/pam_time.8.xml =================================================================== ---- pam.debian.orig/modules/pam_time/pam_time.8.xml -+++ pam.debian/modules/pam_time/pam_time.8.xml +--- pam.orig/modules/pam_time/pam_time.8.xml ++++ pam/modules/pam_time/pam_time.8.xml @@ -169,7 +169,7 @@ pam.d5 , @@ -1055,10 +1043,10 @@ Index: pam.debian/modules/pam_time/pam_time.8.xml . -Index: pam.debian/modules/pam_time/pam_time.8 +Index: pam/modules/pam_time/pam_time.8 =================================================================== ---- pam.debian.orig/modules/pam_time/pam_time.8 -+++ pam.debian/modules/pam_time/pam_time.8 +--- pam.orig/modules/pam_time/pam_time.8 ++++ pam/modules/pam_time/pam_time.8 @@ -109,7 +109,7 @@ .PP \fBtime.conf\fR(5), @@ -1068,10 +1056,10 @@ Index: pam.debian/modules/pam_time/pam_time.8 .SH "AUTHOR" .PP pam_time was written by Andrew G\&. Morgan \&. -Index: pam.debian/modules/pam_umask/pam_umask.8.xml +Index: pam/modules/pam_umask/pam_umask.8.xml =================================================================== ---- pam.debian.orig/modules/pam_umask/pam_umask.8.xml -+++ pam.debian/modules/pam_umask/pam_umask.8.xml +--- pam.orig/modules/pam_umask/pam_umask.8.xml ++++ pam/modules/pam_umask/pam_umask.8.xml @@ -201,7 +201,7 @@ pam.d5 , @@ -1081,10 +1069,10 @@ Index: pam.debian/modules/pam_umask/pam_umask.8.xml -Index: pam.debian/modules/pam_umask/pam_umask.8 +Index: pam/modules/pam_umask/pam_umask.8 =================================================================== ---- pam.debian.orig/modules/pam_umask/pam_umask.8 -+++ pam.debian/modules/pam_umask/pam_umask.8 +--- pam.orig/modules/pam_umask/pam_umask.8 ++++ pam/modules/pam_umask/pam_umask.8 @@ -150,7 +150,7 @@ .PP \fBpam.conf\fR(5), @@ -1094,11 +1082,11 @@ Index: pam.debian/modules/pam_umask/pam_umask.8 .SH "AUTHOR" .PP pam_umask was written by Thorsten Kukuk \&. -Index: pam.debian/modules/pam_unix/pam_unix.8.xml +Index: pam/modules/pam_unix/pam_unix.8.xml =================================================================== ---- pam.debian.orig/modules/pam_unix/pam_unix.8.xml -+++ pam.debian/modules/pam_unix/pam_unix.8.xml -@@ -494,7 +494,7 @@ +--- pam.orig/modules/pam_unix/pam_unix.8.xml ++++ pam/modules/pam_unix/pam_unix.8.xml +@@ -537,7 +537,7 @@ pam.d5 , @@ -1107,11 +1095,11 @@ Index: pam.debian/modules/pam_unix/pam_unix.8.xml -Index: pam.debian/modules/pam_unix/pam_unix.8 +Index: pam/modules/pam_unix/pam_unix.8 =================================================================== ---- pam.debian.orig/modules/pam_unix/pam_unix.8 -+++ pam.debian/modules/pam_unix/pam_unix.8 -@@ -269,7 +269,7 @@ +--- pam.orig/modules/pam_unix/pam_unix.8 ++++ pam/modules/pam_unix/pam_unix.8 +@@ -294,7 +294,7 @@ \fBlogin.defs\fR(5), \fBpam.conf\fR(5), \fBpam.d\fR(5), @@ -1120,10 +1108,10 @@ Index: pam.debian/modules/pam_unix/pam_unix.8 .SH "AUTHOR" .PP pam_unix was written by various people\&. -Index: pam.debian/doc/man/misc_conv.3.xml +Index: pam/doc/man/misc_conv.3.xml =================================================================== ---- pam.debian.orig/doc/man/misc_conv.3.xml -+++ pam.debian/doc/man/misc_conv.3.xml +--- pam.orig/doc/man/misc_conv.3.xml ++++ pam/doc/man/misc_conv.3.xml @@ -171,7 +171,7 @@ pam_conv3 , @@ -1133,10 +1121,10 @@ Index: pam.debian/doc/man/misc_conv.3.xml -Index: pam.debian/doc/man/misc_conv.3 +Index: pam/doc/man/misc_conv.3 =================================================================== ---- pam.debian.orig/doc/man/misc_conv.3 -+++ pam.debian/doc/man/misc_conv.3 +--- pam.orig/doc/man/misc_conv.3 ++++ pam/doc/man/misc_conv.3 @@ -117,7 +117,7 @@ .SH "SEE ALSO" .PP @@ -1146,10 +1134,10 @@ Index: pam.debian/doc/man/misc_conv.3 .SH "STANDARDS" .PP The -Index: pam.debian/doc/man/pam_acct_mgmt.3.xml +Index: pam/doc/man/pam_acct_mgmt.3.xml =================================================================== ---- pam.debian.orig/doc/man/pam_acct_mgmt.3.xml -+++ pam.debian/doc/man/pam_acct_mgmt.3.xml +--- pam.orig/doc/man/pam_acct_mgmt.3.xml ++++ pam/doc/man/pam_acct_mgmt.3.xml @@ -138,7 +138,7 @@ pam_strerror3 , @@ -1159,20 +1147,20 @@ Index: pam.debian/doc/man/pam_acct_mgmt.3.xml -Index: pam.debian/doc/man/pam_acct_mgmt.3 +Index: pam/doc/man/pam_acct_mgmt.3 =================================================================== ---- pam.debian.orig/doc/man/pam_acct_mgmt.3 -+++ pam.debian/doc/man/pam_acct_mgmt.3 +--- pam.orig/doc/man/pam_acct_mgmt.3 ++++ pam/doc/man/pam_acct_mgmt.3 @@ -97,4 +97,4 @@ \fBpam_authenticate\fR(3), \fBpam_chauthtok\fR(3), \fBpam_strerror\fR(3), -\fBpam\fR(8) +\fBpam\fR(7) -Index: pam.debian/doc/man/pam_authenticate.3.xml +Index: pam/doc/man/pam_authenticate.3.xml =================================================================== ---- pam.debian.orig/doc/man/pam_authenticate.3.xml -+++ pam.debian/doc/man/pam_authenticate.3.xml +--- pam.orig/doc/man/pam_authenticate.3.xml ++++ pam/doc/man/pam_authenticate.3.xml @@ -162,7 +162,7 @@ pam_strerror3 , @@ -1182,20 +1170,20 @@ Index: pam.debian/doc/man/pam_authenticate.3.xml -Index: pam.debian/doc/man/pam_authenticate.3 +Index: pam/doc/man/pam_authenticate.3 =================================================================== ---- pam.debian.orig/doc/man/pam_authenticate.3 -+++ pam.debian/doc/man/pam_authenticate.3 +--- pam.orig/doc/man/pam_authenticate.3 ++++ pam/doc/man/pam_authenticate.3 @@ -107,4 +107,4 @@ \fBpam_setcred\fR(3), \fBpam_chauthtok\fR(3), \fBpam_strerror\fR(3), -\fBpam\fR(8) +\fBpam\fR(7) -Index: pam.debian/doc/man/pam_chauthtok.3.xml +Index: pam/doc/man/pam_chauthtok.3.xml =================================================================== ---- pam.debian.orig/doc/man/pam_chauthtok.3.xml -+++ pam.debian/doc/man/pam_chauthtok.3.xml +--- pam.orig/doc/man/pam_chauthtok.3.xml ++++ pam/doc/man/pam_chauthtok.3.xml @@ -157,7 +157,7 @@ pam_strerror3 , @@ -1205,20 +1193,20 @@ Index: pam.debian/doc/man/pam_chauthtok.3.xml -Index: pam.debian/doc/man/pam_chauthtok.3 +Index: pam/doc/man/pam_chauthtok.3 =================================================================== ---- pam.debian.orig/doc/man/pam_chauthtok.3 -+++ pam.debian/doc/man/pam_chauthtok.3 +--- pam.orig/doc/man/pam_chauthtok.3 ++++ pam/doc/man/pam_chauthtok.3 @@ -106,4 +106,4 @@ \fBpam_setcred\fR(3), \fBpam_get_item\fR(3), \fBpam_strerror\fR(3), -\fBpam\fR(8) +\fBpam\fR(7) -Index: pam.debian/doc/man/pam_conv.3.xml +Index: pam/doc/man/pam_conv.3.xml =================================================================== ---- pam.debian.orig/doc/man/pam_conv.3.xml -+++ pam.debian/doc/man/pam_conv.3.xml +--- pam.orig/doc/man/pam_conv.3.xml ++++ pam/doc/man/pam_conv.3.xml @@ -221,7 +221,7 @@ pam_strerror3 , @@ -1228,20 +1216,20 @@ Index: pam.debian/doc/man/pam_conv.3.xml -Index: pam.debian/doc/man/pam_conv.3 +Index: pam/doc/man/pam_conv.3 =================================================================== ---- pam.debian.orig/doc/man/pam_conv.3 -+++ pam.debian/doc/man/pam_conv.3 +--- pam.orig/doc/man/pam_conv.3 ++++ pam/doc/man/pam_conv.3 @@ -174,4 +174,4 @@ \fBpam_set_item\fR(3), \fBpam_get_item\fR(3), \fBpam_strerror\fR(3), -\fBpam\fR(8) +\fBpam\fR(7) -Index: pam.debian/doc/man/pam_error.3.xml +Index: pam/doc/man/pam_error.3.xml =================================================================== ---- pam.debian.orig/doc/man/pam_error.3.xml -+++ pam.debian/doc/man/pam_error.3.xml +--- pam.orig/doc/man/pam_error.3.xml ++++ pam/doc/man/pam_error.3.xml @@ -105,7 +105,7 @@ pam_vprompt3 , @@ -1251,10 +1239,10 @@ Index: pam.debian/doc/man/pam_error.3.xml -Index: pam.debian/doc/man/pam_error.3 +Index: pam/doc/man/pam_error.3 =================================================================== ---- pam.debian.orig/doc/man/pam_error.3 -+++ pam.debian/doc/man/pam_error.3 +--- pam.orig/doc/man/pam_error.3 ++++ pam/doc/man/pam_error.3 @@ -80,7 +80,7 @@ \fBpam_vinfo\fR(3), \fBpam_prompt\fR(3), @@ -1264,10 +1252,10 @@ Index: pam.debian/doc/man/pam_error.3 .SH "STANDARDS" .PP The -Index: pam.debian/doc/man/pam_getenv.3.xml +Index: pam/doc/man/pam_getenv.3.xml =================================================================== ---- pam.debian.orig/doc/man/pam_getenv.3.xml -+++ pam.debian/doc/man/pam_getenv.3.xml +--- pam.orig/doc/man/pam_getenv.3.xml ++++ pam/doc/man/pam_getenv.3.xml @@ -60,7 +60,7 @@ pam_putenv3 , @@ -1277,20 +1265,20 @@ Index: pam.debian/doc/man/pam_getenv.3.xml -Index: pam.debian/doc/man/pam_getenv.3 +Index: pam/doc/man/pam_getenv.3 =================================================================== ---- pam.debian.orig/doc/man/pam_getenv.3 -+++ pam.debian/doc/man/pam_getenv.3 +--- pam.orig/doc/man/pam_getenv.3 ++++ pam/doc/man/pam_getenv.3 @@ -57,4 +57,4 @@ \fBpam_start\fR(3), \fBpam_getenvlist\fR(3), \fBpam_putenv\fR(3), -\fBpam\fR(8) +\fBpam\fR(7) -Index: pam.debian/doc/man/pam_getenvlist.3.xml +Index: pam/doc/man/pam_getenvlist.3.xml =================================================================== ---- pam.debian.orig/doc/man/pam_getenvlist.3.xml -+++ pam.debian/doc/man/pam_getenvlist.3.xml +--- pam.orig/doc/man/pam_getenvlist.3.xml ++++ pam/doc/man/pam_getenvlist.3.xml @@ -78,7 +78,7 @@ pam_putenv3 , @@ -1300,20 +1288,20 @@ Index: pam.debian/doc/man/pam_getenvlist.3.xml -Index: pam.debian/doc/man/pam_getenvlist.3 +Index: pam/doc/man/pam_getenvlist.3 =================================================================== ---- pam.debian.orig/doc/man/pam_getenvlist.3 -+++ pam.debian/doc/man/pam_getenvlist.3 +--- pam.orig/doc/man/pam_getenvlist.3 ++++ pam/doc/man/pam_getenvlist.3 @@ -63,4 +63,4 @@ \fBpam_start\fR(3), \fBpam_getenv\fR(3), \fBpam_putenv\fR(3), -\fBpam\fR(8) +\fBpam\fR(7) -Index: pam.debian/doc/man/pam_info.3.xml +Index: pam/doc/man/pam_info.3.xml =================================================================== ---- pam.debian.orig/doc/man/pam_info.3.xml -+++ pam.debian/doc/man/pam_info.3.xml +--- pam.orig/doc/man/pam_info.3.xml ++++ pam/doc/man/pam_info.3.xml @@ -93,7 +93,7 @@ SEE ALSO @@ -1323,10 +1311,10 @@ Index: pam.debian/doc/man/pam_info.3.xml -Index: pam.debian/doc/man/pam_info.3 +Index: pam/doc/man/pam_info.3 =================================================================== ---- pam.debian.orig/doc/man/pam_info.3 -+++ pam.debian/doc/man/pam_info.3 +--- pam.orig/doc/man/pam_info.3 ++++ pam/doc/man/pam_info.3 @@ -76,7 +76,7 @@ .RE .SH "SEE ALSO" @@ -1336,10 +1324,10 @@ Index: pam.debian/doc/man/pam_info.3 .SH "STANDARDS" .PP The -Index: pam.debian/doc/man/pam_misc_drop_env.3.xml +Index: pam/doc/man/pam_misc_drop_env.3.xml =================================================================== ---- pam.debian.orig/doc/man/pam_misc_drop_env.3.xml -+++ pam.debian/doc/man/pam_misc_drop_env.3.xml +--- pam.orig/doc/man/pam_misc_drop_env.3.xml ++++ pam/doc/man/pam_misc_drop_env.3.xml @@ -46,7 +46,7 @@ pam_getenvlist3 , @@ -1349,10 +1337,10 @@ Index: pam.debian/doc/man/pam_misc_drop_env.3.xml -Index: pam.debian/doc/man/pam_misc_drop_env.3 +Index: pam/doc/man/pam_misc_drop_env.3 =================================================================== ---- pam.debian.orig/doc/man/pam_misc_drop_env.3 -+++ pam.debian/doc/man/pam_misc_drop_env.3 +--- pam.orig/doc/man/pam_misc_drop_env.3 ++++ pam/doc/man/pam_misc_drop_env.3 @@ -52,7 +52,7 @@ .SH "SEE ALSO" .PP @@ -1362,10 +1350,10 @@ Index: pam.debian/doc/man/pam_misc_drop_env.3 .SH "STANDARDS" .PP The -Index: pam.debian/doc/man/pam_misc_paste_env.3.xml +Index: pam/doc/man/pam_misc_paste_env.3.xml =================================================================== ---- pam.debian.orig/doc/man/pam_misc_paste_env.3.xml -+++ pam.debian/doc/man/pam_misc_paste_env.3.xml +--- pam.orig/doc/man/pam_misc_paste_env.3.xml ++++ pam/doc/man/pam_misc_paste_env.3.xml @@ -44,7 +44,7 @@ pam_putenv3 , @@ -1375,10 +1363,10 @@ Index: pam.debian/doc/man/pam_misc_paste_env.3.xml -Index: pam.debian/doc/man/pam_misc_paste_env.3 +Index: pam/doc/man/pam_misc_paste_env.3 =================================================================== ---- pam.debian.orig/doc/man/pam_misc_paste_env.3 -+++ pam.debian/doc/man/pam_misc_paste_env.3 +--- pam.orig/doc/man/pam_misc_paste_env.3 ++++ pam/doc/man/pam_misc_paste_env.3 @@ -47,7 +47,7 @@ .SH "SEE ALSO" .PP @@ -1388,10 +1376,10 @@ Index: pam.debian/doc/man/pam_misc_paste_env.3 .SH "STANDARDS" .PP The -Index: pam.debian/doc/man/pam_misc_setenv.3.xml +Index: pam/doc/man/pam_misc_setenv.3.xml =================================================================== ---- pam.debian.orig/doc/man/pam_misc_setenv.3.xml -+++ pam.debian/doc/man/pam_misc_setenv.3.xml +--- pam.orig/doc/man/pam_misc_setenv.3.xml ++++ pam/doc/man/pam_misc_setenv.3.xml @@ -51,7 +51,7 @@ pam_putenv3 , @@ -1401,10 +1389,10 @@ Index: pam.debian/doc/man/pam_misc_setenv.3.xml -Index: pam.debian/doc/man/pam_misc_setenv.3 +Index: pam/doc/man/pam_misc_setenv.3 =================================================================== ---- pam.debian.orig/doc/man/pam_misc_setenv.3 -+++ pam.debian/doc/man/pam_misc_setenv.3 +--- pam.orig/doc/man/pam_misc_setenv.3 ++++ pam/doc/man/pam_misc_setenv.3 @@ -52,7 +52,7 @@ .SH "SEE ALSO" .PP @@ -1414,10 +1402,10 @@ Index: pam.debian/doc/man/pam_misc_setenv.3 .SH "STANDARDS" .PP The -Index: pam.debian/doc/man/pam_prompt.3.xml +Index: pam/doc/man/pam_prompt.3.xml =================================================================== ---- pam.debian.orig/doc/man/pam_prompt.3.xml -+++ pam.debian/doc/man/pam_prompt.3.xml +--- pam.orig/doc/man/pam_prompt.3.xml ++++ pam/doc/man/pam_prompt.3.xml @@ -95,7 +95,7 @@ SEE ALSO @@ -1427,10 +1415,10 @@ Index: pam.debian/doc/man/pam_prompt.3.xml , pam_conv3 -Index: pam.debian/doc/man/pam_prompt.3 +Index: pam/doc/man/pam_prompt.3 =================================================================== ---- pam.debian.orig/doc/man/pam_prompt.3 -+++ pam.debian/doc/man/pam_prompt.3 +--- pam.orig/doc/man/pam_prompt.3 ++++ pam/doc/man/pam_prompt.3 @@ -70,7 +70,7 @@ .RE .SH "SEE ALSO" @@ -1440,10 +1428,10 @@ Index: pam.debian/doc/man/pam_prompt.3 \fBpam_conv\fR(3) .SH "STANDARDS" .PP -Index: pam.debian/doc/man/pam_putenv.3.xml +Index: pam/doc/man/pam_putenv.3.xml =================================================================== ---- pam.debian.orig/doc/man/pam_putenv.3.xml -+++ pam.debian/doc/man/pam_putenv.3.xml +--- pam.orig/doc/man/pam_putenv.3.xml ++++ pam/doc/man/pam_putenv.3.xml @@ -145,7 +145,7 @@ pam_strerror3 , @@ -1453,20 +1441,20 @@ Index: pam.debian/doc/man/pam_putenv.3.xml -Index: pam.debian/doc/man/pam_putenv.3 +Index: pam/doc/man/pam_putenv.3 =================================================================== ---- pam.debian.orig/doc/man/pam_putenv.3 -+++ pam.debian/doc/man/pam_putenv.3 +--- pam.orig/doc/man/pam_putenv.3 ++++ pam/doc/man/pam_putenv.3 @@ -108,4 +108,4 @@ \fBpam_getenv\fR(3), \fBpam_getenvlist\fR(3), \fBpam_strerror\fR(3), -\fBpam\fR(8) +\fBpam\fR(7) -Index: pam.debian/doc/man/pam_strerror.3.xml +Index: pam/doc/man/pam_strerror.3.xml =================================================================== ---- pam.debian.orig/doc/man/pam_strerror.3.xml -+++ pam.debian/doc/man/pam_strerror.3.xml +--- pam.orig/doc/man/pam_strerror.3.xml ++++ pam/doc/man/pam_strerror.3.xml @@ -51,7 +51,7 @@ SEE ALSO @@ -1476,20 +1464,20 @@ Index: pam.debian/doc/man/pam_strerror.3.xml -Index: pam.debian/doc/man/pam_strerror.3 +Index: pam/doc/man/pam_strerror.3 =================================================================== ---- pam.debian.orig/doc/man/pam_strerror.3 -+++ pam.debian/doc/man/pam_strerror.3 +--- pam.orig/doc/man/pam_strerror.3 ++++ pam/doc/man/pam_strerror.3 @@ -49,4 +49,4 @@ This function returns always a pointer to a string\&. .SH "SEE ALSO" .PP -\fBpam\fR(8) +\fBpam\fR(7) -Index: pam.debian/doc/man/pam_syslog.3.xml +Index: pam/doc/man/pam_syslog.3.xml =================================================================== ---- pam.debian.orig/doc/man/pam_syslog.3.xml -+++ pam.debian/doc/man/pam_syslog.3.xml +--- pam.orig/doc/man/pam_syslog.3.xml ++++ pam/doc/man/pam_syslog.3.xml @@ -66,7 +66,7 @@ SEE ALSO @@ -1499,10 +1487,10 @@ Index: pam.debian/doc/man/pam_syslog.3.xml -Index: pam.debian/doc/man/pam_syslog.3 +Index: pam/doc/man/pam_syslog.3 =================================================================== ---- pam.debian.orig/doc/man/pam_syslog.3 -+++ pam.debian/doc/man/pam_syslog.3 +--- pam.orig/doc/man/pam_syslog.3 ++++ pam/doc/man/pam_syslog.3 @@ -67,7 +67,7 @@ variable argument list macros\&. .SH "SEE ALSO" @@ -1512,11 +1500,11 @@ Index: pam.debian/doc/man/pam_syslog.3 .SH "STANDARDS" .PP The -Index: pam.debian/modules/pam_userdb/pam_userdb.8.xml +Index: pam/modules/pam_userdb/pam_userdb.8.xml =================================================================== ---- pam.debian.orig/modules/pam_userdb/pam_userdb.8.xml -+++ pam.debian/modules/pam_userdb/pam_userdb.8.xml -@@ -277,7 +277,7 @@ +--- pam.orig/modules/pam_userdb/pam_userdb.8.xml ++++ pam/modules/pam_userdb/pam_userdb.8.xml +@@ -278,7 +278,7 @@ pam.d5 , @@ -1525,11 +1513,11 @@ Index: pam.debian/modules/pam_userdb/pam_userdb.8.xml -Index: pam.debian/modules/pam_userdb/pam_userdb.8 +Index: pam/modules/pam_userdb/pam_userdb.8 =================================================================== ---- pam.debian.orig/modules/pam_userdb/pam_userdb.8 -+++ pam.debian/modules/pam_userdb/pam_userdb.8 -@@ -150,7 +150,7 @@ +--- pam.orig/modules/pam_userdb/pam_userdb.8 ++++ pam/modules/pam_userdb/pam_userdb.8 +@@ -152,7 +152,7 @@ \fBcrypt\fR(3), \fBpam.conf\fR(5), \fBpam.d\fR(5), @@ -1538,10 +1526,10 @@ Index: pam.debian/modules/pam_userdb/pam_userdb.8 .SH "AUTHOR" .PP pam_userdb was written by Cristian Gafton >gafton@redhat\&.com<\&. -Index: pam.debian/modules/pam_warn/pam_warn.8.xml +Index: pam/modules/pam_warn/pam_warn.8.xml =================================================================== ---- pam.debian.orig/modules/pam_warn/pam_warn.8.xml -+++ pam.debian/modules/pam_warn/pam_warn.8.xml +--- pam.orig/modules/pam_warn/pam_warn.8.xml ++++ pam/modules/pam_warn/pam_warn.8.xml @@ -90,7 +90,7 @@ pam.d5 , @@ -1551,10 +1539,10 @@ Index: pam.debian/modules/pam_warn/pam_warn.8.xml -Index: pam.debian/modules/pam_warn/pam_warn.8 +Index: pam/modules/pam_warn/pam_warn.8 =================================================================== ---- pam.debian.orig/modules/pam_warn/pam_warn.8 -+++ pam.debian/modules/pam_warn/pam_warn.8 +--- pam.orig/modules/pam_warn/pam_warn.8 ++++ pam/modules/pam_warn/pam_warn.8 @@ -83,7 +83,7 @@ .PP \fBpam.conf\fR(5), @@ -1564,11 +1552,11 @@ Index: pam.debian/modules/pam_warn/pam_warn.8 .SH "AUTHOR" .PP pam_warn was written by Andrew G\&. Morgan \&. -Index: pam.debian/modules/pam_wheel/pam_wheel.8.xml +Index: pam/modules/pam_wheel/pam_wheel.8.xml =================================================================== ---- pam.debian.orig/modules/pam_wheel/pam_wheel.8.xml -+++ pam.debian/modules/pam_wheel/pam_wheel.8.xml -@@ -212,7 +212,7 @@ +--- pam.orig/modules/pam_wheel/pam_wheel.8.xml ++++ pam/modules/pam_wheel/pam_wheel.8.xml +@@ -213,7 +213,7 @@ pam.d5 , @@ -1577,10 +1565,10 @@ Index: pam.debian/modules/pam_wheel/pam_wheel.8.xml -Index: pam.debian/modules/pam_wheel/pam_wheel.8 +Index: pam/modules/pam_wheel/pam_wheel.8 =================================================================== ---- pam.debian.orig/modules/pam_wheel/pam_wheel.8 -+++ pam.debian/modules/pam_wheel/pam_wheel.8 +--- pam.orig/modules/pam_wheel/pam_wheel.8 ++++ pam/modules/pam_wheel/pam_wheel.8 @@ -136,7 +136,7 @@ .PP \fBpam.conf\fR(5), @@ -1590,10 +1578,10 @@ Index: pam.debian/modules/pam_wheel/pam_wheel.8 .SH "AUTHOR" .PP pam_wheel was written by Cristian Gafton \&. -Index: pam.debian/modules/pam_xauth/pam_xauth.8.xml +Index: pam/modules/pam_xauth/pam_xauth.8.xml =================================================================== ---- pam.debian.orig/modules/pam_xauth/pam_xauth.8.xml -+++ pam.debian/modules/pam_xauth/pam_xauth.8.xml +--- pam.orig/modules/pam_xauth/pam_xauth.8.xml ++++ pam/modules/pam_xauth/pam_xauth.8.xml @@ -276,7 +276,7 @@ pam.d5 , @@ -1603,10 +1591,10 @@ Index: pam.debian/modules/pam_xauth/pam_xauth.8.xml -Index: pam.debian/modules/pam_xauth/pam_xauth.8 +Index: pam/modules/pam_xauth/pam_xauth.8 =================================================================== ---- pam.debian.orig/modules/pam_xauth/pam_xauth.8 -+++ pam.debian/modules/pam_xauth/pam_xauth.8 +--- pam.orig/modules/pam_xauth/pam_xauth.8 ++++ pam/modules/pam_xauth/pam_xauth.8 @@ -177,7 +177,7 @@ .PP \fBpam.conf\fR(5), @@ -1616,22 +1604,198 @@ Index: pam.debian/modules/pam_xauth/pam_xauth.8 .SH "AUTHOR" .PP pam_xauth was written by Nalin Dahyabhai , based on original version by Michael K\&. Johnson \&. -Index: pam.debian/modules/pam_env/pam_env.8 -=================================================================== ---- pam.debian.orig/modules/pam_env/pam_env.8 -+++ pam.debian/modules/pam_env/pam_env.8 -@@ -2,12 +2,12 @@ - .\" Title: pam_env - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 01/15/2014 -+.\" Date: 01/16/2014 - .\" Manual: Linux-PAM Manual +Index: pam/modules/pam_env/pam_env.8 +=================================================================== +--- pam.orig/modules/pam_env/pam_env.8 ++++ pam/modules/pam_env/pam_env.8 +@@ -7,7 +7,7 @@ .\" Source: Linux-PAM Manual .\" Language: English .\" --.TH "PAM_ENV" "8" "01/15/2014" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_ENV" "8" "01/16/2014" "Linux-PAM Manual" "Linux-PAM Manual" +-.TH "PAM_ENV" "8" "04/01/2016" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_ENV" "7" "04/01/2016" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- +Index: pam/modules/pam_pwhistory/pam_pwhistory.8 +=================================================================== +--- pam.orig/modules/pam_pwhistory/pam_pwhistory.8 ++++ pam/modules/pam_pwhistory/pam_pwhistory.8 +@@ -156,7 +156,7 @@ + .PP + \fBpam.conf\fR(5), + \fBpam.d\fR(5), +-\fBpam\fR(8)\fBpam_get_authtok\fR(3) ++\fBpam\fR(7)\fBpam_get_authtok\fR(3) + .SH "AUTHOR" + .PP + pam_pwhistory was written by Thorsten Kukuk +Index: pam/modules/pam_pwhistory/pam_pwhistory.8.xml +=================================================================== +--- pam.orig/modules/pam_pwhistory/pam_pwhistory.8.xml ++++ pam/modules/pam_pwhistory/pam_pwhistory.8.xml +@@ -229,7 +229,7 @@ + pam.d5 + , + +- pam8 ++ pam7 + + + pam_get_authtok3 +Index: pam/modules/pam_sepermit/sepermit.conf.5 +=================================================================== +--- pam.orig/modules/pam_sepermit/sepermit.conf.5 ++++ pam/modules/pam_sepermit/sepermit.conf.5 +@@ -110,7 +110,7 @@ + .PP + \fBpam_sepermit\fR(8), + \fBpam.d\fR(5), +-\fBpam\fR(8), ++\fBpam\fR(7), + \fBselinux\fR(8), + .SH "AUTHOR" + .PP +Index: pam/modules/pam_sepermit/sepermit.conf.5.xml +=================================================================== +--- pam.orig/modules/pam_sepermit/sepermit.conf.5.xml ++++ pam/modules/pam_sepermit/sepermit.conf.5.xml +@@ -96,7 +96,7 @@ + + pam_sepermit8, + pam.d5, +- pam8, ++ pam7, + selinux8, + + +Index: pam/modules/pam_tally2/pam_tally2.8 +=================================================================== +--- pam.orig/modules/pam_tally2/pam_tally2.8 ++++ pam/modules/pam_tally2/pam_tally2.8 +@@ -236,7 +236,7 @@ + .PP + \fBpam.conf\fR(5), + \fBpam.d\fR(5), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "AUTHOR" + .PP + pam_tally2 was written by Tim Baverstock and Tomas Mraz\&. +Index: pam/modules/pam_tally2/pam_tally2.8.xml +=================================================================== +--- pam.orig/modules/pam_tally2/pam_tally2.8.xml ++++ pam/modules/pam_tally2/pam_tally2.8.xml +@@ -435,7 +435,7 @@ + pam.d5 + , + +- pam8 ++ pam7 + + + +Index: pam/modules/pam_timestamp/pam_timestamp.8 +=================================================================== +--- pam.orig/modules/pam_timestamp/pam_timestamp.8 ++++ pam/modules/pam_timestamp/pam_timestamp.8 +@@ -124,7 +124,7 @@ + \fBpam_timestamp_check\fR(8), + \fBpam.conf\fR(5), + \fBpam.d\fR(5), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "AUTHOR" + .PP + pam_timestamp was written by Nalin Dahyabhai\&. +Index: pam/modules/pam_timestamp/pam_timestamp.8.xml +=================================================================== +--- pam.orig/modules/pam_timestamp/pam_timestamp.8.xml ++++ pam/modules/pam_timestamp/pam_timestamp.8.xml +@@ -188,7 +188,7 @@ + pam.d5 + , + +- pam8 ++ pam7 + + + +Index: pam/modules/pam_timestamp/pam_timestamp_check.8 +=================================================================== +--- pam.orig/modules/pam_timestamp/pam_timestamp_check.8 ++++ pam/modules/pam_timestamp/pam_timestamp_check.8 +@@ -127,7 +127,7 @@ + \fBpam_timestamp_check\fR(8), + \fBpam.conf\fR(5), + \fBpam.d\fR(5), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "AUTHOR" + .PP + pam_tally was written by Nalin Dahyabhai\&. +Index: pam/modules/pam_timestamp/pam_timestamp_check.8.xml +=================================================================== +--- pam.orig/modules/pam_timestamp/pam_timestamp_check.8.xml ++++ pam/modules/pam_timestamp/pam_timestamp_check.8.xml +@@ -192,7 +192,7 @@ + pam.d5 + , + +- pam8 ++ pam7 + + + +Index: pam/modules/pam_tty_audit/pam_tty_audit.8 +=================================================================== +--- pam.orig/modules/pam_tty_audit/pam_tty_audit.8 ++++ pam/modules/pam_tty_audit/pam_tty_audit.8 +@@ -109,7 +109,7 @@ + \fBaureport\fR(8), + \fBpam.conf\fR(5), + \fBpam.d\fR(5), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "AUTHOR" + .PP + pam_tty_audit was written by Miloslav Trmač \&. The log_passwd option was added by Richard Guy Briggs \&. +Index: pam/modules/pam_tty_audit/pam_tty_audit.8.xml +=================================================================== +--- pam.orig/modules/pam_tty_audit/pam_tty_audit.8.xml ++++ pam/modules/pam_tty_audit/pam_tty_audit.8.xml +@@ -164,7 +164,7 @@ + pam.d5 + , + +- pam8 ++ pam7 + + + +Index: pam/doc/man/pam_get_authtok.3 +=================================================================== +--- pam.orig/doc/man/pam_get_authtok.3 ++++ pam/doc/man/pam_get_authtok.3 +@@ -161,7 +161,7 @@ + .RE + .SH "SEE ALSO" + .PP +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "STANDARDS" + .PP + The +Index: pam/doc/man/pam_get_authtok.3.xml +=================================================================== +--- pam.orig/doc/man/pam_get_authtok.3.xml ++++ pam/doc/man/pam_get_authtok.3.xml +@@ -232,7 +232,7 @@ + SEE ALSO + + +- pam8 ++ pam7 + + + diff --git a/debian/patches-applied/README-rebuild b/debian/patches-applied/README-rebuild deleted file mode 100644 index 8a95f8cc..00000000 --- a/debian/patches-applied/README-rebuild +++ /dev/null @@ -1,146 +0,0 @@ -Description: rebuild README files with current docs toolchain - This incorporates certain insignificant changes to whitespace handling - in the toolchain for documentation generation, which allows us to have a - clean ./debian/rules build; ./debian/rules clean round-trip. -Author: Steve Langasek -Last-Updated: 2018-01-08 -Forwarded: not-needed - -diff --git a/modules/pam_access/README b/modules/pam_access/README -index 3ab46871..8ee1b2f4 100644 ---- a/modules/pam_access/README -+++ b/modules/pam_access/README -@@ -83,7 +83,7 @@ instead. The same meaning of 192.168.201. is 192.168.201.0/24 or 192.168.201.0/ - - + : root : 192.168.201. - --User root should be able to have access from hosts foo1.bar.org and -+User root should be able to have access from hosts foo1.bar.org and - foo2.bar.org (uses string matching also). - - + : root : foo1.bar.org foo2.bar.org -diff --git a/modules/pam_filter/README b/modules/pam_filter/README -index 4d4e2194..2978e546 100644 ---- a/modules/pam_filter/README -+++ b/modules/pam_filter/README -@@ -45,17 +45,17 @@ runX - have read the pam(3) manual page. Basically, for each management group - there are up to two ways of calling the module's functions. In the case of - the authentication and session components there are actually two separate -- functions. For the case of authentication, these functions are -+ functions. For the case of authentication, these functions are - pam_authenticate(3) and pam_setcred(3), here run1 means run the filter from - the pam_authenticate function and run2 means run the filter from - pam_setcred. In the case of the session modules, run1 implies that the -- filter is invoked at the pam_open_session(3) stage, and run2 for -+ filter is invoked at the pam_open_session(3) stage, and run2 for - pam_close_session(3). - - For the case of the account component. Either run1 or run2 may be used. - - For the case of the password component, run1 is used to indicate that the -- filter is run on the first occasion of pam_chauthtok(3) (the -+ filter is run on the first occasion of pam_chauthtok(3) (the - PAM_PRELIM_CHECK phase) and run2 is used to indicate that the filter is run - on the second occasion (the PAM_UPDATE_AUTHTOK phase). - -diff --git a/modules/pam_ftp/README b/modules/pam_ftp/README -index 15f4130e..b9ef7857 100644 ---- a/modules/pam_ftp/README -+++ b/modules/pam_ftp/README -@@ -7,7 +7,7 @@ DESCRIPTION - pam_ftp is a PAM module which provides a pluggable anonymous ftp mode of - access. - --This module intercepts the user's name and password. If the name is ftp or -+This module intercepts the user's name and password. If the name is ftp or - anonymous, the user's password is broken up at the @ delimiter into a PAM_RUSER - and a PAM_RHOST part; these pam-items being set accordingly. The username ( - PAM_USER) is set to ftp. In this case the module succeeds. Alternatively, the -diff --git a/modules/pam_listfile/README b/modules/pam_listfile/README -index e1aaf8cc..5f926bdf 100644 ---- a/modules/pam_listfile/README -+++ b/modules/pam_listfile/README -@@ -7,7 +7,7 @@ DESCRIPTION - pam_listfile is a PAM module which provides a way to deny or allow services - based on an arbitrary file. - --The module gets the item of the type specified -- user specifies the username, -+The module gets the item of the type specified -- user specifies the username, - PAM_USER; tty specifies the name of the terminal over which the request has - been made, PAM_TTY; rhost specifies the name of the remote host (if any) from - which the request was made, PAM_RHOST; and ruser specifies the name of the -@@ -24,7 +24,7 @@ appropriate) will be returned. - - An additional argument, apply=, can be used to restrict the application of the - above to a specific user (apply=username) or a given group (apply=@groupname). --This added restriction is only meaningful when used with the tty, rhost and -+This added restriction is only meaningful when used with the tty, rhost and - shell items. - - Besides this last one, all arguments should be specified; do not count on any -diff --git a/modules/pam_mail/README b/modules/pam_mail/README -index a0a0b7d9..8fe8721c 100644 ---- a/modules/pam_mail/README -+++ b/modules/pam_mail/README -@@ -45,7 +45,7 @@ noenv - - nopen - -- Don't print any mail information on login. This flag is useful to get the -+ Don't print any mail information on login. This flag is useful to get the - MAIL environment variable set, but to not display any information about it. - - quiet -diff --git a/modules/pam_namespace/README b/modules/pam_namespace/README -index 41cc5403..6c580d6a 100644 ---- a/modules/pam_namespace/README -+++ b/modules/pam_namespace/README -@@ -173,7 +173,7 @@ the tmpfs instance that is created by the mount call. See mount(8) for details. - - The directory where polyinstantiated instances are to be created, must exist - and must have, by default, the mode of 0000. The requirement that the instance --parent be of mode 0000 can be overridden with the command line option -+parent be of mode 0000 can be overridden with the command line option - ignore_instance_parent_mode - - In case of context or level polyinstantiation the SELinux context which is used -diff --git a/modules/pam_rhosts/README b/modules/pam_rhosts/README -index b1911785..aedc0f5d 100644 ---- a/modules/pam_rhosts/README -+++ b/modules/pam_rhosts/README -@@ -17,7 +17,7 @@ identical to their local one, or if their remote account has an entry in their - personal configuration file. - - The module authenticates a remote user (internally specified by the item --PAM_RUSER connecting from the remote host (internally specified by the item -+PAM_RUSER connecting from the remote host (internally specified by the item - PAM_RHOST). Accordingly, for applications to be compatible this authentication - module they must set these items prior to calling pam_authenticate(). The - module is not capable of independently probing the network connection for such -diff --git a/modules/pam_tally/README b/modules/pam_tally/README -index 06e8f092..85aa1607 100644 ---- a/modules/pam_tally/README -+++ b/modules/pam_tally/README -@@ -32,7 +32,7 @@ GLOBAL OPTIONS - - onerr=[fail|succeed] - -- If something weird happens (like unable to open the file), return with -+ If something weird happens (like unable to open the file), return with - PAM_SUCCESS if onerr=succeed is given, else with the corresponding PAM - error code. - -diff --git a/modules/pam_userdb/README b/modules/pam_userdb/README -index 8e1a5ffd..0c256a90 100644 ---- a/modules/pam_userdb/README -+++ b/modules/pam_userdb/README -@@ -13,7 +13,7 @@ OPTIONS - crypt=[crypt|none] - - Indicates whether encrypted or plaintext passwords are stored in the -- database. If it is crypt, passwords should be stored in the database in -+ database. If it is crypt, passwords should be stored in the database in - crypt(3) form. If none is selected, passwords should be stored in the - database as plaintext. - diff --git a/debian/patches-applied/cve-2010-4708.patch b/debian/patches-applied/cve-2010-4708.patch index 10128284..0ab2a8e4 100644 --- a/debian/patches-applied/cve-2010-4708.patch +++ b/debian/patches-applied/cve-2010-4708.patch @@ -16,7 +16,7 @@ Index: pam/modules/pam_env/pam_env.8.xml =================================================================== --- pam.orig/modules/pam_env/pam_env.8.xml +++ pam/modules/pam_env/pam_env.8.xml -@@ -147,7 +147,7 @@ +@@ -158,7 +158,7 @@ Turns on or off the reading of the user specific environment @@ -29,22 +29,7 @@ Index: pam/modules/pam_env/pam_env.8 =================================================================== --- pam.orig/modules/pam_env/pam_env.8 +++ pam/modules/pam_env/pam_env.8 -@@ -2,12 +2,12 @@ - .\" Title: pam_env - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/15/2014 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_ENV" "8" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_ENV" "8" "01/15/2014" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -@@ -88,7 +88,7 @@ +@@ -101,7 +101,7 @@ .PP \fBuser_readenv=\fR\fB\fI0|1\fR\fR .RS 4 @@ -53,29 +38,11 @@ Index: pam/modules/pam_env/pam_env.8 .RE .SH "MODULE TYPES PROVIDED" .PP -@@ -138,7 +138,7 @@ - .PP - \fBpam_env.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8)\&. -+\fBpam\fR(7)\&. - .SH "AUTHOR" - .PP - pam_env was written by Dave Kinchlea \&. Index: pam/modules/pam_env/README =================================================================== --- pam.orig/modules/pam_env/README +++ pam/modules/pam_env/README -@@ -5,7 +5,7 @@ - DESCRIPTION - - The pam_env PAM module allows the (un)setting of environment variables. --Supported is the use of previously set environment variables as well as -+Supported is the use of previously set environment variables as well as - PAM_ITEMs such as PAM_RHOST. - - By default rules for (un)setting of variables is taken from the config file / -@@ -50,7 +50,7 @@ +@@ -57,7 +57,7 @@ user_readenv=0|1 Turns on or off the reading of the user specific environment file. 0 is diff --git a/debian/patches-applied/cve-2013-7041.patch b/debian/patches-applied/cve-2013-7041.patch deleted file mode 100644 index dac35b25..00000000 --- a/debian/patches-applied/cve-2013-7041.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 57a1e2b274d0a6376d92ada9926e5c5741e7da20 Mon Sep 17 00:00:00 2001 -From: "Dmitry V. Levin" -Date: Fri, 24 Jan 2014 22:18:32 +0000 -Subject: pam_userdb: fix password hash comparison - -Starting with commit Linux-PAM-0-77-28-g0b3e583 that introduced hashed -passwords support in pam_userdb, hashes are compared case-insensitively. -This bug leads to accepting hashes for completely different passwords in -addition to those that should be accepted. - -Additionally, commit Linux-PAM-1_1_6-13-ge2a8187 that added support for -modern password hashes with different lengths and settings, did not -update the hash comparison accordingly, which leads to accepting -computed hashes longer than stored hashes when the latter is a prefix -of the former. - -* modules/pam_userdb/pam_userdb.c (user_lookup): Reject the computed -hash whose length differs from the stored hash length. -Compare computed and stored hashes case-sensitively. -Fixes CVE-2013-7041. - -Bug-Debian: http://bugs.debian.org/731368 - ---- a/modules/pam_userdb/pam_userdb.c -+++ b/modules/pam_userdb/pam_userdb.c -@@ -222,12 +222,15 @@ user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode, - } else { - cryptpw = crypt (pass, data.dptr); - -- if (cryptpw) { -- compare = strncasecmp (data.dptr, cryptpw, data.dsize); -+ if (cryptpw && strlen(cryptpw) == (size_t)data.dsize) { -+ compare = memcmp(data.dptr, cryptpw, data.dsize); - } else { - compare = -2; - if (ctrl & PAM_DEBUG_ARG) { -- pam_syslog(pamh, LOG_INFO, "crypt() returned NULL"); -+ if (cryptpw) -+ pam_syslog(pamh, LOG_INFO, "lengths of computed and stored hashes differ"); -+ else -+ pam_syslog(pamh, LOG_INFO, "crypt() returned NULL"); - } - }; - diff --git a/debian/patches-applied/cve-2014-2583.patch b/debian/patches-applied/cve-2014-2583.patch deleted file mode 100644 index 3eb91702..00000000 --- a/debian/patches-applied/cve-2014-2583.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 9dcead87e6d7f66d34e7a56d11a30daca367dffb Mon Sep 17 00:00:00 2001 -From: "Dmitry V. Levin" -Date: Wed, 26 Mar 2014 22:17:23 +0000 -Subject: pam_timestamp: fix potential directory traversal issue (ticket #27) - -pam_timestamp uses values of PAM_RUSER and PAM_TTY as components of -the timestamp pathname it creates, so extra care should be taken to -avoid potential directory traversal issues. - -* modules/pam_timestamp/pam_timestamp.c (check_tty): Treat -"." and ".." tty values as invalid. -(get_ruser): Treat "." and ".." ruser values, as well as any ruser -value containing '/', as invalid. - -Fixes CVE-2014-2583. - -Reported-by: Sebastian Krahmer - ---- a/modules/pam_timestamp/pam_timestamp.c -+++ b/modules/pam_timestamp/pam_timestamp.c -@@ -158,7 +158,7 @@ check_tty(const char *tty) - tty = strrchr(tty, '/') + 1; - } - /* Make sure the tty wasn't actually a directory (no basename). */ -- if (strlen(tty) == 0) { -+ if (!strlen(tty) || !strcmp(tty, ".") || !strcmp(tty, "..")) { - return NULL; - } - return tty; -@@ -243,6 +243,17 @@ get_ruser(pam_handle_t *pamh, char *ruserbuf, size_t ruserbuflen) - if (pwd != NULL) { - ruser = pwd->pw_name; - } -+ } else { -+ /* -+ * This ruser is used by format_timestamp_name as a component -+ * of constructed timestamp pathname, so ".", "..", and '/' -+ * are disallowed to avoid potential path traversal issues. -+ */ -+ if (!strcmp(ruser, ".") || -+ !strcmp(ruser, "..") || -+ strchr(ruser, '/')) { -+ ruser = NULL; -+ } - } - if (ruser == NULL || strlen(ruser) >= ruserbuflen) { - *ruserbuf = '\0'; diff --git a/debian/patches-applied/cve-2015-3238.patch b/debian/patches-applied/cve-2015-3238.patch deleted file mode 100644 index 50dd746e..00000000 --- a/debian/patches-applied/cve-2015-3238.patch +++ /dev/null @@ -1,213 +0,0 @@ -From e89d4c97385ff8180e6e81e84c5aa745daf28a79 Mon Sep 17 00:00:00 2001 -From: Thorsten Kukuk -Date: Mon, 22 Jun 2015 14:53:01 +0200 -Subject: Release version 1.2.1 - -Security fix: CVE-2015-3238 - -If the process executing pam_sm_authenticate or pam_sm_chauthtok method -of pam_unix is not privileged enough to check the password, e.g. -if selinux is enabled, the _unix_run_helper_binary function is called. -When a long enough password is supplied (16 pages or more, i.e. 65536+ -bytes on a system with 4K pages), this helper function hangs -indefinitely, blocked in the write(2) call while writing to a blocking -pipe that has a limited capacity. -With this fix, the verifiable password length will be limited to -PAM_MAX_RESP_SIZE bytes (i.e. 512 bytes) for pam_exec and pam_unix. - -Index: pam/modules/pam_exec/pam_exec.8.xml -=================================================================== ---- pam.orig/modules/pam_exec/pam_exec.8.xml -+++ pam/modules/pam_exec/pam_exec.8.xml -@@ -106,7 +106,8 @@ - During authentication the calling command can read - the password from - stdin3 -- . -+ . Only first PAM_MAX_RESP_SIZE -+ bytes of a password are provided to the command. - - - -Index: pam/modules/pam_exec/pam_exec.c -=================================================================== ---- pam.orig/modules/pam_exec/pam_exec.c -+++ pam/modules/pam_exec/pam_exec.c -@@ -178,11 +178,11 @@ - } - - pam_set_item (pamh, PAM_AUTHTOK, resp); -- authtok = strdupa (resp); -+ authtok = strndupa (resp, PAM_MAX_RESP_SIZE); - _pam_drop (resp); - } - else -- authtok = void_pass; -+ authtok = strndupa (void_pass, PAM_MAX_RESP_SIZE); - - if (pipe(fds) != 0) - { -Index: pam/modules/pam_unix/pam_unix.8.xml -=================================================================== ---- pam.orig/modules/pam_unix/pam_unix.8.xml -+++ pam/modules/pam_unix/pam_unix.8.xml -@@ -80,6 +80,13 @@ - - - -+ The maximum length of a password supported by the pam_unix module -+ via the helper binary is PAM_MAX_RESP_SIZE -+ - currently 512 bytes. The rest of the password provided by the -+ conversation function to the module will be ignored. -+ -+ -+ - The password component of this module performs the task of updating - the user's password. The default encryption hash is taken from the - ENCRYPT_METHOD variable from -Index: pam/modules/pam_unix/pam_unix_passwd.c -=================================================================== ---- pam.orig/modules/pam_unix/pam_unix_passwd.c -+++ pam/modules/pam_unix/pam_unix_passwd.c -@@ -245,15 +245,22 @@ - /* wait for child */ - /* if the stored password is NULL */ - int rc=0; -- if (fromwhat) -- pam_modutil_write(fds[1], fromwhat, strlen(fromwhat)+1); -- else -- pam_modutil_write(fds[1], "", 1); -- if (towhat) { -- pam_modutil_write(fds[1], towhat, strlen(towhat)+1); -+ if (fromwhat) { -+ int len = strlen(fromwhat); -+ -+ if (len > PAM_MAX_RESP_SIZE) -+ len = PAM_MAX_RESP_SIZE; -+ pam_modutil_write(fds[1], fromwhat, len); - } -- else -- pam_modutil_write(fds[1], "", 1); -+ pam_modutil_write(fds[1], "", 1); -+ if (towhat) { -+ int len = strlen(towhat); -+ -+ if (len > PAM_MAX_RESP_SIZE) -+ len = PAM_MAX_RESP_SIZE; -+ pam_modutil_write(fds[1], towhat, len); -+ } -+ pam_modutil_write(fds[1], "", 1); - - close(fds[0]); /* close here to avoid possible SIGPIPE above */ - close(fds[1]); -Index: pam/modules/pam_unix/passverify.c -=================================================================== ---- pam.orig/modules/pam_unix/passverify.c -+++ pam/modules/pam_unix/passverify.c -@@ -1086,12 +1086,15 @@ - int - read_passwords(int fd, int npass, char **passwords) - { -+ /* The passwords array must contain npass preallocated -+ * buffers of length MAXPASS + 1 -+ */ - int rbytes = 0; - int offset = 0; - int i = 0; - char *pptr; - while (npass > 0) { -- rbytes = read(fd, passwords[i]+offset, MAXPASS-offset); -+ rbytes = read(fd, passwords[i]+offset, MAXPASS+1-offset); - - if (rbytes < 0) { - if (errno == EINTR) continue; -Index: pam/modules/pam_unix/passverify.h -=================================================================== ---- pam.orig/modules/pam_unix/passverify.h -+++ pam/modules/pam_unix/passverify.h -@@ -8,7 +8,7 @@ - - #define PAM_UNIX_RUN_HELPER PAM_CRED_INSUFFICIENT - --#define MAXPASS 200 /* the maximum length of a password */ -+#define MAXPASS PAM_MAX_RESP_SIZE /* the maximum length of a password */ - - #define OLD_PASSWORDS_FILE "/etc/security/opasswd" - -Index: pam/modules/pam_unix/support.c -=================================================================== ---- pam.orig/modules/pam_unix/support.c -+++ pam/modules/pam_unix/support.c -@@ -632,7 +632,12 @@ - /* if the stored password is NULL */ - int rc=0; - if (passwd != NULL) { /* send the password to the child */ -- if (write(fds[1], passwd, strlen(passwd)+1) == -1) { -+ int len = strlen(passwd); -+ -+ if (len > PAM_MAX_RESP_SIZE) -+ len = PAM_MAX_RESP_SIZE; -+ if (write(fds[1], passwd, len) == -1 || -+ write(fds[1], "", 1) == -1) { - pam_syslog (pamh, LOG_ERR, "Cannot send password to helper: %m"); - retval = PAM_AUTH_ERR; - } -Index: pam/modules/pam_unix/pam_unix.8 -=================================================================== ---- pam.orig/modules/pam_unix/pam_unix.8 -+++ pam/modules/pam_unix/pam_unix.8 -@@ -56,6 +56,10 @@ - \fBnoreap\fR - module argument can be used to suppress this temporary shielding and may be needed for use with certain applications\&. - .PP -+The maximum length of a password supported by the pam_unix module via the helper binary is -+\fIPAM_MAX_RESP_SIZE\fR -+\- currently 512 bytes\&. The rest of the password provided by the conversation function to the module will be ignored\&. -+.PP - The password component of this module performs the task of updating the user\*(Aqs password\&. The default encryption hash is taken from the - \fBENCRYPT_METHOD\fR - variable from -Index: pam/modules/pam_exec/pam_exec.8 -=================================================================== ---- pam.orig/modules/pam_exec/pam_exec.8 -+++ pam/modules/pam_exec/pam_exec.8 -@@ -65,7 +65,9 @@ - \fBexpose_authtok\fR - .RS 4 - During authentication the calling command can read the password from --\fBstdin\fR(3)\&. -+\fBstdin\fR(3)\&. Only first -+\fIPAM_MAX_RESP_SIZE\fR -+bytes of a password are provided to the command\&. - .RE - .PP - \fBlog=\fR\fB\fIfile\fR\fR -Index: pam/modules/pam_exec/README -=================================================================== ---- pam.orig/modules/pam_exec/README -+++ pam/modules/pam_exec/README -@@ -24,7 +24,8 @@ - expose_authtok - - During authentication the calling command can read the password from stdin -- (3). -+ (3). Only first PAM_MAX_RESP_SIZE bytes of a password are provided to the -+ command. - - log=file - -Index: pam/modules/pam_unix/README -=================================================================== ---- pam.orig/modules/pam_unix/README -+++ pam/modules/pam_unix/README -@@ -34,6 +34,10 @@ - suppress this temporary shielding and may be needed for use with certain - applications. - -+The maximum length of a password supported by the pam_unix module via the -+helper binary is PAM_MAX_RESP_SIZE - currently 512 bytes. The rest of the -+password provided by the conversation function to the module will be ignored. -+ - The password component of this module performs the task of updating the user's - password. The default encryption hash is taken from the ENCRYPT_METHOD variable - from /etc/login.defs diff --git a/debian/patches-applied/do_not_check_nis_accidentally b/debian/patches-applied/do_not_check_nis_accidentally index 8d85bfc3..29ce6097 100644 --- a/debian/patches-applied/do_not_check_nis_accidentally +++ b/debian/patches-applied/do_not_check_nis_accidentally @@ -7,11 +7,11 @@ Authors: Quentin Godfroy Upstream status: should be submitted -Index: pam.deb/modules/pam_unix/pam_unix_passwd.c +Index: pam/modules/pam_unix/pam_unix_passwd.c =================================================================== ---- pam.deb.orig/modules/pam_unix/pam_unix_passwd.c -+++ pam.deb/modules/pam_unix/pam_unix_passwd.c -@@ -551,7 +551,7 @@ +--- pam.orig/modules/pam_unix/pam_unix_passwd.c ++++ pam/modules/pam_unix/pam_unix_passwd.c +@@ -669,7 +669,7 @@ return PAM_USER_UNKNOWN; } else { struct passwd *pwd; diff --git a/debian/patches-applied/hurd_no_setfsuid b/debian/patches-applied/hurd_no_setfsuid index a2bf783c..00610a87 100644 --- a/debian/patches-applied/hurd_no_setfsuid +++ b/debian/patches-applied/hurd_no_setfsuid @@ -5,10 +5,10 @@ Authors: Steve Langasek Upstream status: to be forwarded, now that pam_modutil_{drop,regain}_priv are implemented -Index: pam.debian/libpam/pam_modutil_priv.c +Index: pam/libpam/pam_modutil_priv.c =================================================================== ---- pam.debian.orig/libpam/pam_modutil_priv.c -+++ pam.debian/libpam/pam_modutil_priv.c +--- pam.orig/libpam/pam_modutil_priv.c ++++ pam/libpam/pam_modutil_priv.c @@ -14,7 +14,9 @@ #include #include diff --git a/debian/patches-applied/lib_security_multiarch_compat b/debian/patches-applied/lib_security_multiarch_compat index 9d6d40a9..82b48fc4 100644 --- a/debian/patches-applied/lib_security_multiarch_compat +++ b/debian/patches-applied/lib_security_multiarch_compat @@ -11,13 +11,13 @@ currently abusing the existing variables and inverting their meaning in order to get everything installed where we want it and get absolute paths the way we want them. -Index: multiarch/libpam/pam_handlers.c +Index: pam/libpam/pam_handlers.c =================================================================== ---- multiarch.orig/libpam/pam_handlers.c -+++ multiarch/libpam/pam_handlers.c -@@ -705,7 +705,26 @@ - } - #else +--- pam.orig/libpam/pam_handlers.c ++++ pam/libpam/pam_handlers.c +@@ -728,7 +728,26 @@ + success = PAM_ABORT; + D(("_pam_load_module: _pam_dlopen(%s)", mod_path)); - mod->dl_handle = _pam_dlopen(mod_path); + if (mod_path[0] == '/') { @@ -43,7 +43,7 @@ Index: multiarch/libpam/pam_handlers.c D(("_pam_load_module: _pam_dlopen'ed")); D(("_pam_load_module: dlopen'ed")); if (mod->dl_handle == NULL) { -@@ -775,7 +794,6 @@ +@@ -797,7 +816,6 @@ struct handler **handler_p2; struct handlers *the_handlers; const char *sym, *sym2; @@ -51,7 +51,7 @@ Index: multiarch/libpam/pam_handlers.c servicefn func, func2; int mod_type = PAM_MT_FAULTY_MOD; -@@ -787,16 +805,7 @@ +@@ -809,16 +827,7 @@ if ((handler_type == PAM_HT_MODULE || handler_type == PAM_HT_SILENT_MODULE) && mod_path != NULL) { diff --git a/debian/patches-applied/make_documentation_reproducible.patch b/debian/patches-applied/make_documentation_reproducible.patch index 04c5f02d..f953b237 100644 --- a/debian/patches-applied/make_documentation_reproducible.patch +++ b/debian/patches-applied/make_documentation_reproducible.patch @@ -4,14 +4,16 @@ Description: Make documentation reproducible Author: Juan Picca , Steve Langasek Last-Update: 2019-01-06 ---- pam.orig/configure.in -+++ pam/configure.in -@@ -554,7 +554,7 @@ JH_CHECK_XML_CATALOG([http://docbook.sou +Index: pam/configure.ac +=================================================================== +--- pam.orig/configure.ac ++++ pam/configure.ac +@@ -556,7 +556,7 @@ AC_PATH_PROG([BROWSER], [w3m]) if test ! -z "$BROWSER"; then - BROWSER="$BROWSER -T text/html -dump" + BROWSER="LC_ALL=C.UTF-8 $BROWSER -T text/html -dump" else - enable_docu=no - fi + AC_PATH_PROG([BROWSER], [links]) + if test ! -z "$BROWSER"; then diff --git a/debian/patches-applied/no_PATH_MAX_on_hurd b/debian/patches-applied/no_PATH_MAX_on_hurd index ab7d506c..ab2403dd 100644 --- a/debian/patches-applied/no_PATH_MAX_on_hurd +++ b/debian/patches-applied/no_PATH_MAX_on_hurd @@ -4,10 +4,10 @@ Description: define PATH_MAX for compatibility when it's not already set Author: Steve Langasek Bug-Debian: http://bugs.debian.org/552043 -Index: pam.deb/tests/tst-dlopen.c +Index: pam/tests/tst-dlopen.c =================================================================== ---- pam.deb.orig/tests/tst-dlopen.c -+++ pam.deb/tests/tst-dlopen.c +--- pam.orig/tests/tst-dlopen.c ++++ pam/tests/tst-dlopen.c @@ -16,6 +16,11 @@ #include #include diff --git a/debian/patches-applied/pam-limits-nofile-fd-setsize-cap b/debian/patches-applied/pam-limits-nofile-fd-setsize-cap index 176d7845..302c911f 100644 --- a/debian/patches-applied/pam-limits-nofile-fd-setsize-cap +++ b/debian/patches-applied/pam-limits-nofile-fd-setsize-cap @@ -39,9 +39,11 @@ Reviewed-by: Adam Conrad Reviewed-by: Martin Pitt Last-Update: 2015-04-22 ---- a/modules/pam_limits/pam_limits.c -+++ b/modules/pam_limits/pam_limits.c -@@ -439,6 +439,14 @@ static void parse_kernel_limits(pam_hand +Index: pam/modules/pam_limits/pam_limits.c +=================================================================== +--- pam.orig/modules/pam_limits/pam_limits.c ++++ pam/modules/pam_limits/pam_limits.c +@@ -451,6 +451,14 @@ pl->limits[i].src_hard = LIMITS_DEF_KERNEL; } fclose(limitsfile); diff --git a/debian/patches-applied/pam-loginuid-in-containers b/debian/patches-applied/pam-loginuid-in-containers deleted file mode 100644 index 1e965b2d..00000000 --- a/debian/patches-applied/pam-loginuid-in-containers +++ /dev/null @@ -1,146 +0,0 @@ -Author: Stéphane Graber -Description: pam_loginuid: Ignore failure in user namespaces - When running pam_loginuid in a container using the user namespaces, even - uid 0 isn't allowed to set the loginuid property. - . - This change catches the EACCES from opening loginuid, checks if the user - is in the host namespace (by comparing the uid_map with the host's one) - and only if that's the case, sets rc to 1. - . - Should uid_map not exist or be unreadable for some reason, it'll be - assumed that the process is running on the host's namespace. - . - The initial reason behind this change was failure to ssh into an - unprivileged container (using a 3.13 kernel and current LXC) when using - a standard pam profile for sshd (which requires success from - pam_loginuid). - . - I believe this solution doesn't have any drawback and will allow people - to use unprivileged containers normally. An alternative would be to have - all distros set pam_loginuid as optional but that'd be bad for any of - the other potential failure case which people may care about. - . - There has also been some discussions to get some of the audit features - tied with the user namespaces but currently none of that has been merged - upstream and the currently proposed implementation doesn't cover - loginuid (nor is it clear how this should even work when loginuid is set - as immutable after initial write). - . - Signed-off-by: Steve Langasek - Signed-off-by: Dmitry V. Levin - -Index: ubuntu/modules/pam_loginuid/pam_loginuid.c -=================================================================== ---- ubuntu.orig/modules/pam_loginuid/pam_loginuid.c 2014-01-31 21:07:08.665185675 +0000 -+++ ubuntu/modules/pam_loginuid/pam_loginuid.c 2014-01-31 21:05:05.000000000 +0000 -@@ -47,25 +47,56 @@ - - /* - * This function writes the loginuid to the /proc system. It returns -- * 0 on success and 1 on failure. -+ * PAM_SUCCESS on success, -+ * PAM_IGNORE when /proc/self/loginuid does not exist, -+ * PAM_SESSION_ERR in case of any other error. - */ - static int set_loginuid(pam_handle_t *pamh, uid_t uid) - { -- int fd, count, rc = 0; -- char loginuid[24]; -+ int fd, count, rc = PAM_SESSION_ERR; -+ char loginuid[24], buf[24]; -+ static const char host_uid_map[] = " 0 0 4294967295\n"; -+ char uid_map[sizeof(host_uid_map)]; -+ -+ /* loginuid in user namespaces currently isn't writable and in some -+ case, not even readable, so consider any failure as ignorable (but try -+ anyway, in case we hit a kernel which supports it). */ -+ fd = open("/proc/self/uid_map", O_RDONLY); -+ if (fd >= 0) { -+ count = pam_modutil_read(fd, uid_map, sizeof(uid_map)); -+ if (strncmp(uid_map, host_uid_map, count) != 0) -+ rc = PAM_IGNORE; -+ close(fd); -+ } - -- count = snprintf(loginuid, sizeof(loginuid), "%lu", (unsigned long)uid); -- fd = open("/proc/self/loginuid", O_NOFOLLOW|O_WRONLY|O_TRUNC); -+ fd = open("/proc/self/loginuid", O_NOFOLLOW|O_RDWR); - if (fd < 0) { -- if (errno != ENOENT) { -- rc = 1; -- pam_syslog(pamh, LOG_ERR, -- "Cannot open /proc/self/loginuid: %m"); -+ if (errno == ENOENT) { -+ rc = PAM_IGNORE; -+ } -+ if (rc != PAM_IGNORE) { -+ pam_syslog(pamh, LOG_ERR, "Cannot open %s: %m", -+ "/proc/self/loginuid"); - } - return rc; - } -- if (pam_modutil_write(fd, loginuid, count) != count) -- rc = 1; -+ -+ count = snprintf(loginuid, sizeof(loginuid), "%lu", (unsigned long)uid); -+ if (pam_modutil_read(fd, buf, sizeof(buf)) == count && -+ memcmp(buf, loginuid, count) == 0) { -+ rc = PAM_SUCCESS; -+ goto done; /* already correct */ -+ } -+ if (lseek(fd, 0, SEEK_SET) == 0 && ftruncate(fd, 0) == 0 && -+ pam_modutil_write(fd, loginuid, count) == count) { -+ rc = PAM_SUCCESS; -+ } else { -+ if (rc != PAM_IGNORE) { -+ pam_syslog(pamh, LOG_ERR, "Error writing %s: %m", -+ "/proc/self/loginuid"); -+ } -+ } -+ done: - close(fd); - return rc; - } -@@ -165,6 +196,7 @@ - { - const char *user = NULL; - struct passwd *pwd; -+ int ret; - #ifdef HAVE_LIBAUDIT - int require_auditd = 0; - #endif -@@ -183,9 +215,14 @@ - return PAM_SESSION_ERR; - } - -- if (set_loginuid(pamh, pwd->pw_uid)) { -- pam_syslog(pamh, LOG_ERR, "set_loginuid failed\n"); -- return PAM_SESSION_ERR; -+ ret = set_loginuid(pamh, pwd->pw_uid); -+ switch (ret) { -+ case PAM_SUCCESS: -+ case PAM_IGNORE: -+ break; -+ default: -+ pam_syslog(pamh, LOG_ERR, "set_loginuid failed"); -+ return ret; - } - - #ifdef HAVE_LIBAUDIT -@@ -195,11 +232,12 @@ - argv++; - } - -- if (require_auditd) -- return check_auditd(); -- else -+ if (require_auditd) { -+ int rc = check_auditd(); -+ return rc != PAM_SUCCESS ? rc : ret; -+ } else - #endif -- return PAM_SUCCESS; -+ return ret; - } - - /* diff --git a/debian/patches-applied/pam_namespace_fix_bashism.patch b/debian/patches-applied/pam_namespace_fix_bashism.patch deleted file mode 100644 index 6c6f1861..00000000 --- a/debian/patches-applied/pam_namespace_fix_bashism.patch +++ /dev/null @@ -1,61 +0,0 @@ -From fbc65c39d6853af268c9a093923afc876d0b138e Mon Sep 17 00:00:00 2001 -From: Steve Langasek -Date: Tue, 14 Jan 2014 19:48:51 -0800 -Subject: pam_namespace: don't use bashisms in default namespace.init script - -* modules/pam_namespace/pam_namespace.c: call setuid() before execing the -namespace init script, so that scripts run with maximum privilege regardless -of the shell implementation. -* modules/pam_namespace/namespace.init: drop the '-p' bashism from the -shebang line - -This is not a POSIX standard option, it's a bashism. The bash manpage says -that it's used to prevent the effective user id from being reset to the real -user id on startup, and to ignore certain unsafe variables from the -environment. - -In the case of pam_namespace, the -p is not necessary for environment -sanitizing because the PAM module (properly) sanitizes the environment -before execing the script. - -The stated reason given in CVS history for passing -p is to "preserve euid -when called from setuid apps (su, newrole)." This should be done more -portably, by calling setuid() before spawning the shell. - -Signed-off-by: Steve Langasek -Bug-Debian: http://bugs.debian.org/624842 -Bug-Ubuntu: https://bugs.launchpad.net/bugs/1081323 ---- - modules/pam_namespace/namespace.init | 2 +- - modules/pam_namespace/pam_namespace.c | 5 +++++ - 2 files changed, 6 insertions(+), 1 deletion(-) - -diff --git a/modules/pam_namespace/namespace.init b/modules/pam_namespace/namespace.init -index 9ab5806..67d4aa2 100755 ---- a/modules/pam_namespace/namespace.init -+++ b/modules/pam_namespace/namespace.init -@@ -1,4 +1,4 @@ --#!/bin/sh -p -+#!/bin/sh - # It receives polydir path as $1, the instance path as $2, - # a flag whether the instance dir was newly created (0 - no, 1 - yes) in $3, - # and user name in $4. -diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c -index e0d5e30..92883f5 100644 ---- a/modules/pam_namespace/pam_namespace.c -+++ b/modules/pam_namespace/pam_namespace.c -@@ -1205,6 +1205,11 @@ static int inst_init(const struct polydir_s *polyptr, const char *ipath, - _exit(1); - } - #endif -+ /* Pass maximum privs when we exec() */ -+ if (setuid(geteuid()) < 0) { -+ /* ignore failures, they don't matter */ -+ } -+ - if (execle(init_script, init_script, - polyptr->dir, ipath, newdir?"1":"0", idata->user, NULL, envp) < 0) - _exit(1); --- -cgit v0.12 - diff --git a/debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch b/debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch index 87336651..11d4ee31 100644 --- a/debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch +++ b/debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch @@ -7,10 +7,10 @@ Authors: Steve Langasek , Upstream status: to be submitted -Index: pam-debian/modules/pam_unix/unix_chkpwd.c +Index: pam/modules/pam_unix/unix_chkpwd.c =================================================================== ---- pam-debian.orig/modules/pam_unix/unix_chkpwd.c 2011-10-10 16:22:06.270705822 -0700 -+++ pam-debian/modules/pam_unix/unix_chkpwd.c 2011-10-10 16:24:06.080224301 -0700 +--- pam.orig/modules/pam_unix/unix_chkpwd.c ++++ pam/modules/pam_unix/unix_chkpwd.c @@ -137,9 +137,10 @@ /* if the caller specifies the username, verify that user matches it */ diff --git a/debian/patches-applied/pam_unix_fix_sgid_shadow_auth.patch b/debian/patches-applied/pam_unix_fix_sgid_shadow_auth.patch index df3dc65a..0ce85eb7 100644 --- a/debian/patches-applied/pam_unix_fix_sgid_shadow_auth.patch +++ b/debian/patches-applied/pam_unix_fix_sgid_shadow_auth.patch @@ -5,11 +5,11 @@ Authors: Steve Langasek Upstream status: to be submitted (and debated...) -Index: debian-pkg-pam/modules/pam_unix/passverify.c +Index: pam/modules/pam_unix/passverify.c =================================================================== ---- debian-pkg-pam.orig/modules/pam_unix/passverify.c 2009-04-17 12:46:39.000000000 -0700 -+++ debian-pkg-pam/modules/pam_unix/passverify.c 2009-04-17 12:46:40.000000000 -0700 -@@ -203,11 +203,11 @@ +--- pam.orig/modules/pam_unix/passverify.c ++++ pam/modules/pam_unix/passverify.c +@@ -198,11 +198,11 @@ * ...and shadow password file entry for this user, * if shadowing is enabled */ diff --git a/debian/patches-applied/series b/debian/patches-applied/series index 29ba63b0..ea529795 100644 --- a/debian/patches-applied/series +++ b/debian/patches-applied/series @@ -1,7 +1,6 @@ pam_unix_fix_sgid_shadow_auth.patch pam_unix_dont_trust_chkpwd_caller.patch make_documentation_reproducible.patch -README-rebuild 007_modules_pam_unix 008_modules_pam_limits_chroot 021_nis_cleanup @@ -22,9 +21,4 @@ PAM-manpage-section update-motd no_PATH_MAX_on_hurd lib_security_multiarch_compat -pam-loginuid-in-containers -cve-2013-7041.patch -cve-2014-2583.patch -cve-2015-3238.patch pam-limits-nofile-fd-setsize-cap -pam_namespace_fix_bashism.patch diff --git a/debian/patches-applied/update-motd b/debian/patches-applied/update-motd index 6c2af5bb..e649a2f4 100644 --- a/debian/patches-applied/update-motd +++ b/debian/patches-applied/update-motd @@ -6,11 +6,11 @@ Authors: Dustin Kirkland Upstream status: not yet submitted -Index: pam.debian/modules/pam_motd/pam_motd.c +Index: pam/modules/pam_motd/pam_motd.c =================================================================== ---- pam.debian.orig/modules/pam_motd/pam_motd.c -+++ pam.debian/modules/pam_motd/pam_motd.c -@@ -48,14 +48,39 @@ +--- pam.orig/modules/pam_motd/pam_motd.c ++++ pam/modules/pam_motd/pam_motd.c +@@ -48,13 +48,38 @@ static char default_motd[] = DEFAULT_MOTD; @@ -39,7 +39,6 @@ Index: pam.debian/modules/pam_motd/pam_motd.c + close(fd); +} + - PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { @@ -52,7 +51,7 @@ Index: pam.debian/modules/pam_motd/pam_motd.c if (flags & PAM_SILENT) { return retval; -@@ -73,6 +98,9 @@ +@@ -72,6 +97,9 @@ "motd= specification missing argument - ignored"); } } @@ -62,7 +61,7 @@ Index: pam.debian/modules/pam_motd/pam_motd.c else pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); } -@@ -80,34 +108,23 @@ +@@ -79,34 +107,23 @@ if (motd_path == NULL) motd_path = default_motd; @@ -110,11 +109,11 @@ Index: pam.debian/modules/pam_motd/pam_motd.c + return retval; } - -Index: pam.debian/modules/pam_motd/pam_motd.8.xml + /* end of module definition */ +Index: pam/modules/pam_motd/pam_motd.8.xml =================================================================== ---- pam.debian.orig/modules/pam_motd/pam_motd.8.xml -+++ pam.debian/modules/pam_motd/pam_motd.8.xml +--- pam.orig/modules/pam_motd/pam_motd.8.xml ++++ pam/modules/pam_motd/pam_motd.8.xml @@ -52,6 +52,17 @@ @@ -133,10 +132,10 @@ Index: pam.debian/modules/pam_motd/pam_motd.8.xml -Index: pam.debian/modules/pam_motd/pam_motd.8 +Index: pam/modules/pam_motd/pam_motd.8 =================================================================== ---- pam.debian.orig/modules/pam_motd/pam_motd.8 -+++ pam.debian/modules/pam_motd/pam_motd.8 +--- pam.orig/modules/pam_motd/pam_motd.8 ++++ pam/modules/pam_motd/pam_motd.8 @@ -45,6 +45,13 @@ /path/filename file is displayed as message of the day\&. @@ -151,10 +150,10 @@ Index: pam.debian/modules/pam_motd/pam_motd.8 .SH "MODULE TYPES PROVIDED" .PP Only the -Index: pam.debian/modules/pam_motd/README +Index: pam/modules/pam_motd/README =================================================================== ---- pam.debian.orig/modules/pam_motd/README -+++ pam.debian/modules/pam_motd/README +--- pam.orig/modules/pam_motd/README ++++ pam/modules/pam_motd/README @@ -14,6 +14,10 @@ The /path/filename file is displayed as message of the day. -- cgit v1.2.3