From 330293703f39f604bca7d6764bc43ae417fe3c07 Mon Sep 17 00:00:00 2001 From: Steve Langasek Date: Tue, 11 Aug 2020 22:18:09 +0000 Subject: Refresh patches --- debian/patches-applied/007_modules_pam_unix | 169 +++++++++++---------- debian/patches-applied/PAM-manpage-section | 111 +++++++------- debian/patches-applied/fix-autoreconf.patch | 12 +- .../patches-applied/lib_security_multiarch_compat | 22 +-- .../make_documentation_reproducible.patch | 8 +- debian/patches-applied/update-motd | 45 +++--- 6 files changed, 186 insertions(+), 181 deletions(-) (limited to 'debian') diff --git a/debian/patches-applied/007_modules_pam_unix b/debian/patches-applied/007_modules_pam_unix index ae00a79d..218379c0 100644 --- a/debian/patches-applied/007_modules_pam_unix +++ b/debian/patches-applied/007_modules_pam_unix @@ -2,7 +2,7 @@ Index: pam/modules/pam_unix/pam_unix_passwd.c =================================================================== --- pam.orig/modules/pam_unix/pam_unix_passwd.c +++ pam/modules/pam_unix/pam_unix_passwd.c -@@ -98,6 +98,9 @@ +@@ -95,6 +95,9 @@ # endif /* GNU libc 2.1 */ #endif @@ -27,7 +27,7 @@ Index: pam/modules/pam_unix/pam_unix_passwd.c @@ -608,7 +616,7 @@ int retval; int remember = -1; - int rounds = -1; + int rounds = 0; - int pass_min_len = 0; + int pass_min_len = 6; @@ -37,84 +37,93 @@ Index: pam/modules/pam_unix/support.h =================================================================== --- pam.orig/modules/pam_unix/support.h +++ pam/modules/pam_unix/support.h -@@ -98,8 +98,9 @@ - #define UNIX_QUIET 28 /* Don't print informational messages */ - #define UNIX_NO_PASS_EXPIRY 29 /* Don't check for password expiration if not used for authentication */ - #define UNIX_DES 30 /* DES, default */ -+#define UNIX_OBSCURE_CHECKS 31 /* enable obscure checks on passwords */ +@@ -101,50 +101,52 @@ + #define UNIX_GOST_YESCRYPT_PASS 31 /* new password hashes will use gost-yescrypt */ + #define UNIX_YESCRYPT_PASS 32 /* new password hashes will use yescrypt */ + #define UNIX_NULLRESETOK 33 /* allow empty password if password reset is enforced */ ++#define UNIX_OBSCURE_CHECKS 34 /* enable obscure checks on passwords */ /* -------------- */ --#define UNIX_CTRLS_ 31 /* number of ctrl arguments defined */ -+#define UNIX_CTRLS_ 32 /* number of ctrl arguments defined */ +-#define UNIX_CTRLS_ 34 /* number of ctrl arguments defined */ ++#define UNIX_CTRLS_ 35 /* number of ctrl arguments defined */ - #define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl)) + #define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl)&&off(UNIX_GOST_YESCRYPT_PASS,ctrl)&&off(UNIX_YESCRYPT_PASS,ctrl)) -@@ -108,37 +109,38 @@ - /* symbol token name ctrl mask ctrl * - * ----------------------- ------------------- --------------------- -------- */ + static const UNIX_Ctrls unix_args[UNIX_CTRLS_] = + { +-/* symbol token name ctrl mask ctrl * +- * --------------------------- -------------------- ------------------------- ---------------- */ ++/* symbol token name ctrl mask ctrl * ++ * --------------------------- -------------------- ------------------------- ------------ */ --/* UNIX__OLD_PASSWD */ {NULL, _ALL_ON_, 01, 0}, --/* UNIX__VERIFY_PASSWD */ {NULL, _ALL_ON_, 02, 0}, --/* UNIX__IAMROOT */ {NULL, _ALL_ON_, 04, 0}, --/* UNIX_AUDIT */ {"audit", _ALL_ON_, 010, 0}, --/* UNIX_USE_FIRST_PASS */ {"use_first_pass", _ALL_ON_^(060), 020, 0}, --/* UNIX_TRY_FIRST_PASS */ {"try_first_pass", _ALL_ON_^(060), 040, 0}, --/* UNIX_AUTHTOK_TYPE */ {"authtok_type=", _ALL_ON_, 0100, 0}, --/* UNIX__PRELIM */ {NULL, _ALL_ON_^(0600), 0200, 0}, --/* UNIX__UPDATE */ {NULL, _ALL_ON_^(0600), 0400, 0}, --/* UNIX__NONULL */ {NULL, _ALL_ON_, 01000, 0}, --/* UNIX__QUIET */ {NULL, _ALL_ON_, 02000, 0}, --/* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 04000, 0}, --/* UNIX_SHADOW */ {"shadow", _ALL_ON_, 010000, 0}, --/* UNIX_MD5_PASS */ {"md5", _ALL_ON_^(0260420000), 020000, 1}, --/* UNIX__NULLOK */ {"nullok", _ALL_ON_^(01000), 0, 0}, --/* UNIX_DEBUG */ {"debug", _ALL_ON_, 040000, 0}, --/* UNIX_NODELAY */ {"nodelay", _ALL_ON_, 0100000, 0}, --/* UNIX_NIS */ {"nis", _ALL_ON_, 0200000, 0}, --/* UNIX_BIGCRYPT */ {"bigcrypt", _ALL_ON_^(0260420000), 0400000, 1}, --/* UNIX_LIKE_AUTH */ {"likeauth", _ALL_ON_, 01000000, 0}, --/* UNIX_REMEMBER_PASSWD */ {"remember=", _ALL_ON_, 02000000, 0}, --/* UNIX_NOREAP */ {"noreap", _ALL_ON_, 04000000, 0}, --/* UNIX_BROKEN_SHADOW */ {"broken_shadow", _ALL_ON_, 010000000, 0}, --/* UNIX_SHA256_PASS */ {"sha256", _ALL_ON_^(0260420000), 020000000, 1}, --/* UNIX_SHA512_PASS */ {"sha512", _ALL_ON_^(0260420000), 040000000, 1}, --/* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0100000000, 0}, --/* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0260420000), 0200000000, 1}, --/* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0400000000, 0}, --/* UNIX_QUIET */ {"quiet", _ALL_ON_, 01000000000, 0}, --/* UNIX_NO_PASS_EXPIRY */ {"no_pass_expiry", _ALL_ON_, 02000000000, 0}, --/* UNIX_DES */ {"des", _ALL_ON_^(0260420000), 0, 1}, -+/* UNIX__OLD_PASSWD */ {NULL, _ALL_ON_, 0x1, 0}, -+/* UNIX__VERIFY_PASSWD */ {NULL, _ALL_ON_, 0x2, 0}, -+/* UNIX__IAMROOT */ {NULL, _ALL_ON_, 0x4, 0}, -+/* UNIX_AUDIT */ {"audit", _ALL_ON_, 0x8, 0}, -+/* UNIX_USE_FIRST_PASS */ {"use_first_pass", _ALL_ON_^(0x30), 0x10, 0}, -+/* UNIX_TRY_FIRST_PASS */ {"try_first_pass", _ALL_ON_^(0x30), 0x20, 0}, -+/* UNIX_AUTHTOK_TYPE */ {"authtok_type=", _ALL_ON_, 0x40, 0}, -+/* UNIX__PRELIM */ {NULL, _ALL_ON_^(0x180), 0x80, 0}, -+/* UNIX__UPDATE */ {NULL, _ALL_ON_^(0x180), 0x100, 0}, -+/* UNIX__NONULL */ {NULL, _ALL_ON_, 0x200, 0}, -+/* UNIX__QUIET */ {NULL, _ALL_ON_, 0x400, 0}, -+/* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 0x800, 0}, -+/* UNIX_SHADOW */ {"shadow", _ALL_ON_, 0x1000, 0}, -+/* UNIX_MD5_PASS */ {"md5", _ALL_ON_^(0x2C22000), 0x2000, 1}, -+/* UNIX__NULLOK */ {"nullok", _ALL_ON_^(0x200), 0, 0}, -+/* UNIX_DEBUG */ {"debug", _ALL_ON_, 0x4000, 0}, -+/* UNIX_NODELAY */ {"nodelay", _ALL_ON_, 0x8000, 0}, -+/* UNIX_NIS */ {"nis", _ALL_ON_, 0x10000, 0}, -+/* UNIX_BIGCRYPT */ {"bigcrypt", _ALL_ON_^(0x2C22000), 0x20000, 1}, -+/* UNIX_LIKE_AUTH */ {"likeauth", _ALL_ON_, 0x40000, 0}, -+/* UNIX_REMEMBER_PASSWD */ {"remember=", _ALL_ON_, 0x80000, 0}, -+/* UNIX_NOREAP */ {"noreap", _ALL_ON_, 0x100000, 0}, -+/* UNIX_BROKEN_SHADOW */ {"broken_shadow", _ALL_ON_, 0x200000, 0}, -+/* UNIX_SHA256_PASS */ {"sha256", _ALL_ON_^(0x2C22000), 0x400000, 1}, -+/* UNIX_SHA512_PASS */ {"sha512", _ALL_ON_^(0x2C22000), 0x800000, 1}, -+/* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0x1000000, 0}, -+/* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0x2C22000),0x2000000, 1}, -+/* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0x4000000, 0}, -+/* UNIX_QUIET */ {"quiet", _ALL_ON_, 0x8000000, 0}, -+/* UNIX_NO_PASS_EXPIRY */ {"no_pass_expiry", _ALL_ON_, 0x10000000, 0}, -+/* UNIX_DES */ {"des", _ALL_ON_^(0x2C22000), 0, 1}, -+/* UNIX_OBSCURE_CHECKS */ {"obscure", _ALL_ON_, 0x20000000, 0}, +-/* UNIX__OLD_PASSWD */ {NULL, _ALL_ON_, 01, 0}, +-/* UNIX__VERIFY_PASSWD */ {NULL, _ALL_ON_, 02, 0}, +-/* UNIX__IAMROOT */ {NULL, _ALL_ON_, 04, 0}, +-/* UNIX_AUDIT */ {"audit", _ALL_ON_, 010, 0}, +-/* UNIX_USE_FIRST_PASS */ {"use_first_pass", _ALL_ON_^(060ULL), 020, 0}, +-/* UNIX_TRY_FIRST_PASS */ {"try_first_pass", _ALL_ON_^(060ULL), 040, 0}, +-/* UNIX_AUTHTOK_TYPE */ {"authtok_type=", _ALL_ON_, 0100, 0}, +-/* UNIX__PRELIM */ {NULL, _ALL_ON_^(0600ULL), 0200, 0}, +-/* UNIX__UPDATE */ {NULL, _ALL_ON_^(0600ULL), 0400, 0}, +-/* UNIX__NONULL */ {NULL, _ALL_ON_, 01000, 0}, +-/* UNIX__QUIET */ {NULL, _ALL_ON_, 02000, 0}, +-/* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 04000, 0}, +-/* UNIX_SHADOW */ {"shadow", _ALL_ON_, 010000, 0}, +-/* UNIX_MD5_PASS */ {"md5", _ALL_ON_^(015660420000ULL), 020000, 1}, +-/* UNIX__NULLOK */ {"nullok", _ALL_ON_^(01000ULL), 0, 0}, +-/* UNIX_DEBUG */ {"debug", _ALL_ON_, 040000, 0}, +-/* UNIX_NODELAY */ {"nodelay", _ALL_ON_, 0100000, 0}, +-/* UNIX_NIS */ {"nis", _ALL_ON_, 0200000, 0}, +-/* UNIX_BIGCRYPT */ {"bigcrypt", _ALL_ON_^(015660420000ULL), 0400000, 1}, +-/* UNIX_LIKE_AUTH */ {"likeauth", _ALL_ON_, 01000000, 0}, +-/* UNIX_REMEMBER_PASSWD */ {"remember=", _ALL_ON_, 02000000, 0}, +-/* UNIX_NOREAP */ {"noreap", _ALL_ON_, 04000000, 0}, +-/* UNIX_BROKEN_SHADOW */ {"broken_shadow", _ALL_ON_, 010000000, 0}, +-/* UNIX_SHA256_PASS */ {"sha256", _ALL_ON_^(015660420000ULL), 020000000, 1}, +-/* UNIX_SHA512_PASS */ {"sha512", _ALL_ON_^(015660420000ULL), 040000000, 1}, +-/* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0100000000, 0}, +-/* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(015660420000ULL), 0200000000, 1}, +-/* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0400000000, 0}, +-/* UNIX_QUIET */ {"quiet", _ALL_ON_, 01000000000, 0}, +-/* UNIX_NO_PASS_EXPIRY */ {"no_pass_expiry", _ALL_ON_, 02000000000, 0}, +-/* UNIX_DES */ {"des", _ALL_ON_^(015660420000ULL), 0, 1}, +-/* UNIX_GOST_YESCRYPT_PASS */ {"gost_yescrypt", _ALL_ON_^(015660420000ULL), 04000000000, 1}, +-/* UNIX_YESCRYPT_PASS */ {"yescrypt", _ALL_ON_^(015660420000ULL), 010000000000, 1}, +-/* UNIX_NULLRESETOK */ {"nullresetok", _ALL_ON_, 020000000000, 0}, ++/* UNIX__OLD_PASSWD */ {NULL, _ALL_ON_, 0x1, 0}, ++/* UNIX__VERIFY_PASSWD */ {NULL, _ALL_ON_, 0x2, 0}, ++/* UNIX__IAMROOT */ {NULL, _ALL_ON_, 0x4, 0}, ++/* UNIX_AUDIT */ {"audit", _ALL_ON_, 0x8, 0}, ++/* UNIX_USE_FIRST_PASS */ {"use_first_pass", _ALL_ON_^(0x30ULL), 0x10, 0}, ++/* UNIX_TRY_FIRST_PASS */ {"try_first_pass", _ALL_ON_^(0x30ULL), 0x20, 0}, ++/* UNIX_AUTHTOK_TYPE */ {"authtok_type=", _ALL_ON_, 0x40, 0}, ++/* UNIX__PRELIM */ {NULL, _ALL_ON_^(0x180ULL), 0x80, 0}, ++/* UNIX__UPDATE */ {NULL, _ALL_ON_^(0x180ULL), 0x100, 0}, ++/* UNIX__NONULL */ {NULL, _ALL_ON_, 0x200, 0}, ++/* UNIX__QUIET */ {NULL, _ALL_ON_, 0x400, 0}, ++/* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 0x800, 0}, ++/* UNIX_SHADOW */ {"shadow", _ALL_ON_, 0x1000, 0}, ++/* UNIX_MD5_PASS */ {"md5", _ALL_ON_^(0x6EC22000ULL), 0x2000, 1}, ++/* UNIX__NULLOK */ {"nullok", _ALL_ON_^(0x200ULL), 0, 0}, ++/* UNIX_DEBUG */ {"debug", _ALL_ON_, 0x4000, 0}, ++/* UNIX_NODELAY */ {"nodelay", _ALL_ON_, 0x8000, 0}, ++/* UNIX_NIS */ {"nis", _ALL_ON_, 0x10000, 0}, ++/* UNIX_BIGCRYPT */ {"bigcrypt", _ALL_ON_^(0x6EC22000ULL), 0x20000, 1}, ++/* UNIX_LIKE_AUTH */ {"likeauth", _ALL_ON_, 0x40000, 0}, ++/* UNIX_REMEMBER_PASSWD */ {"remember=", _ALL_ON_, 0x80000, 0}, ++/* UNIX_NOREAP */ {"noreap", _ALL_ON_, 0x100000, 0}, ++/* UNIX_BROKEN_SHADOW */ {"broken_shadow", _ALL_ON_, 0x200000, 0}, ++/* UNIX_SHA256_PASS */ {"sha256", _ALL_ON_^(0x6EC22000ULL), 0x400000, 1}, ++/* UNIX_SHA512_PASS */ {"sha512", _ALL_ON_^(0x6EC22000ULL), 0x800000, 1}, ++/* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0x1000000, 0}, ++/* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0x6EC22000ULL), 0x2000000, 1}, ++/* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0x4000000, 0}, ++/* UNIX_QUIET */ {"quiet", _ALL_ON_, 0x8000000, 0}, ++/* UNIX_NO_PASS_EXPIRY */ {"no_pass_expiry", _ALL_ON_, 0x10000000, 0}, ++/* UNIX_DES */ {"des", _ALL_ON_^(0x6EC22000ULL), 0, 1}, ++/* UNIX_GOST_YESCRYPT_PASS */ {"gost_yescrypt", _ALL_ON_^(0x6EC22000ULL), 0x20000000, 1}, ++/* UNIX_YESCRYPT_PASS */ {"yescrypt", _ALL_ON_^(0x6EC22000ULL), 0x40000000, 1}, ++/* UNIX_NULLRESETOK */ {"nullresetok", _ALL_ON_, 0x80000000, 0}, ++/* UNIX_OBSCURE_CHECKS */ {"obscure", _ALL_ON_, 0x100000000, 0}, }; #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) @@ -122,7 +131,7 @@ Index: pam/modules/pam_unix/pam_unix.8.xml =================================================================== --- pam.orig/modules/pam_unix/pam_unix.8.xml +++ pam/modules/pam_unix/pam_unix.8.xml -@@ -361,8 +361,81 @@ +@@ -400,8 +400,81 @@ Set a minimum password length of n @@ -413,7 +422,7 @@ Index: pam/modules/pam_unix/Makefile.am =================================================================== --- pam.orig/modules/pam_unix/Makefile.am +++ pam/modules/pam_unix/Makefile.am -@@ -42,7 +42,7 @@ +@@ -39,7 +39,7 @@ pam_unix_la_SOURCES = bigcrypt.c pam_unix_acct.c \ pam_unix_auth.c pam_unix_passwd.c pam_unix_sess.c support.c \ @@ -426,7 +435,7 @@ Index: pam/modules/pam_unix/pam_unix.8 =================================================================== --- pam.orig/modules/pam_unix/pam_unix.8 +++ pam/modules/pam_unix/pam_unix.8 -@@ -193,7 +193,38 @@ +@@ -216,7 +216,38 @@ .RS 4 Set a minimum password length of \fIn\fR @@ -470,7 +479,7 @@ Index: pam/modules/pam_unix/README =================================================================== --- pam.orig/modules/pam_unix/README +++ pam/modules/pam_unix/README -@@ -155,8 +155,40 @@ +@@ -171,8 +171,40 @@ minlen=n diff --git a/debian/patches-applied/PAM-manpage-section b/debian/patches-applied/PAM-manpage-section index 4a367527..815c2614 100644 --- a/debian/patches-applied/PAM-manpage-section +++ b/debian/patches-applied/PAM-manpage-section @@ -18,7 +18,7 @@ Index: pam/doc/man/pam.8.xml Linux-PAM Manual -@@ -196,7 +196,7 @@ +@@ -209,7 +209,7 @@ pam_strerror3 , @@ -35,12 +35,12 @@ Index: pam/doc/man/PAM.8 .\" Source: Linux-PAM Manual .\" Language: English .\" --.TH "PAM" "8" "05/18/2018" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM" "7" "05/18/2018" "Linux-PAM Manual" "Linux-PAM Manual" +-.TH "PAM" "8" "06/08/2020" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM" "7" "06/08/2020" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- -@@ -135,4 +135,4 @@ +@@ -146,4 +146,4 @@ \fBpam_authenticate\fR(3), \fBpam_sm_setcred\fR(3), \fBpam_strerror\fR(3), @@ -50,7 +50,7 @@ Index: pam/modules/pam_access/access.conf.5.xml =================================================================== --- pam.orig/modules/pam_access/access.conf.5.xml +++ pam/modules/pam_access/access.conf.5.xml -@@ -227,7 +227,7 @@ +@@ -233,7 +233,7 @@ pam_access8, pam.d5, @@ -63,7 +63,7 @@ Index: pam/modules/pam_access/access.conf.5 =================================================================== --- pam.orig/modules/pam_access/access.conf.5 +++ pam/modules/pam_access/access.conf.5 -@@ -204,7 +204,7 @@ +@@ -210,7 +210,7 @@ .PP \fBpam_access\fR(8), \fBpam.d\fR(5), @@ -102,7 +102,7 @@ Index: pam/modules/pam_group/group.conf.5.xml =================================================================== --- pam.orig/modules/pam_group/group.conf.5.xml +++ pam/modules/pam_group/group.conf.5.xml -@@ -128,7 +128,7 @@ +@@ -134,7 +134,7 @@ pam_group8, pam.d5, @@ -115,7 +115,7 @@ Index: pam/modules/pam_group/group.conf.5 =================================================================== --- pam.orig/modules/pam_group/group.conf.5 +++ pam/modules/pam_group/group.conf.5 -@@ -113,7 +113,7 @@ +@@ -115,7 +115,7 @@ .PP \fBpam_group\fR(8), \fBpam.d\fR(5), @@ -141,7 +141,7 @@ Index: pam/modules/pam_limits/limits.conf.5 =================================================================== --- pam.orig/modules/pam_limits/limits.conf.5 +++ pam/modules/pam_limits/limits.conf.5 -@@ -340,7 +340,7 @@ +@@ -343,7 +343,7 @@ .PP \fBpam_limits\fR(8), \fBpam.d\fR(5), @@ -154,7 +154,7 @@ Index: pam/modules/pam_namespace/namespace.conf.5.xml =================================================================== --- pam.orig/modules/pam_namespace/namespace.conf.5.xml +++ pam/modules/pam_namespace/namespace.conf.5.xml -@@ -204,7 +204,7 @@ +@@ -209,7 +209,7 @@ pam_namespace8, pam.d5, @@ -167,7 +167,7 @@ Index: pam/modules/pam_namespace/namespace.conf.5 =================================================================== --- pam.orig/modules/pam_namespace/namespace.conf.5 +++ pam/modules/pam_namespace/namespace.conf.5 -@@ -155,7 +155,7 @@ +@@ -162,7 +162,7 @@ .PP \fBpam_namespace\fR(8), \fBpam.d\fR(5), @@ -180,7 +180,7 @@ Index: pam/modules/pam_time/time.conf.5.xml =================================================================== --- pam.orig/modules/pam_time/time.conf.5.xml +++ pam/modules/pam_time/time.conf.5.xml -@@ -130,7 +130,7 @@ +@@ -136,7 +136,7 @@ pam_time8, pam.d5, @@ -193,7 +193,7 @@ Index: pam/modules/pam_time/time.conf.5 =================================================================== --- pam.orig/modules/pam_time/time.conf.5 +++ pam/modules/pam_time/time.conf.5 -@@ -107,7 +107,7 @@ +@@ -109,7 +109,7 @@ .PP \fBpam_time\fR(8), \fBpam.d\fR(5), @@ -349,7 +349,7 @@ Index: pam/modules/pam_exec/pam_exec.8.xml =================================================================== --- pam.orig/modules/pam_exec/pam_exec.8.xml +++ pam/modules/pam_exec/pam_exec.8.xml -@@ -258,7 +258,7 @@ +@@ -287,7 +287,7 @@ pam.d5 , @@ -362,7 +362,7 @@ Index: pam/modules/pam_exec/pam_exec.8 =================================================================== --- pam.orig/modules/pam_exec/pam_exec.8 +++ pam/modules/pam_exec/pam_exec.8 -@@ -162,7 +162,7 @@ +@@ -177,7 +177,7 @@ .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), @@ -505,33 +505,33 @@ Index: pam/modules/pam_keyinit/pam_keyinit.8.xml =================================================================== --- pam.orig/modules/pam_keyinit/pam_keyinit.8.xml +++ pam/modules/pam_keyinit/pam_keyinit.8.xml -@@ -223,7 +223,7 @@ +@@ -232,7 +232,7 @@ pam.d5 , - pam8 + pam7 - + , keyctl1 Index: pam/modules/pam_keyinit/pam_keyinit.8 =================================================================== --- pam.orig/modules/pam_keyinit/pam_keyinit.8 +++ pam/modules/pam_keyinit/pam_keyinit.8 -@@ -130,7 +130,7 @@ +@@ -137,7 +137,7 @@ .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), --\fBpam\fR(8)\fBkeyctl\fR(1) -+\fBpam\fR(7)\fBkeyctl\fR(1) +-\fBpam\fR(8), ++\fBpam\fR(7), + \fBkeyctl\fR(1) .SH "AUTHOR" .PP - pam_keyinit was written by David Howells, \&. Index: pam/modules/pam_lastlog/pam_lastlog.8.xml =================================================================== --- pam.orig/modules/pam_lastlog/pam_lastlog.8.xml +++ pam/modules/pam_lastlog/pam_lastlog.8.xml -@@ -298,7 +298,7 @@ +@@ -325,7 +325,7 @@ pam.d5 , @@ -544,8 +544,8 @@ Index: pam/modules/pam_lastlog/pam_lastlog.8 =================================================================== --- pam.orig/modules/pam_lastlog/pam_lastlog.8 +++ pam/modules/pam_lastlog/pam_lastlog.8 -@@ -173,7 +173,7 @@ - .PP +@@ -189,7 +189,7 @@ + \fBlimits.conf\fR(5), \fBpam.conf\fR(5), \fBpam.d\fR(5), -\fBpam\fR(8) @@ -557,7 +557,7 @@ Index: pam/modules/pam_limits/pam_limits.8.xml =================================================================== --- pam.orig/modules/pam_limits/pam_limits.8.xml +++ pam/modules/pam_limits/pam_limits.8.xml -@@ -241,7 +241,7 @@ +@@ -243,7 +243,7 @@ pam.d5 , @@ -609,7 +609,7 @@ Index: pam/modules/pam_localuser/pam_localuser.8.xml =================================================================== --- pam.orig/modules/pam_localuser/pam_localuser.8.xml +++ pam/modules/pam_localuser/pam_localuser.8.xml -@@ -158,7 +158,7 @@ +@@ -187,7 +187,7 @@ pam.d5 , @@ -622,7 +622,7 @@ Index: pam/modules/pam_localuser/pam_localuser.8 =================================================================== --- pam.orig/modules/pam_localuser/pam_localuser.8 +++ pam/modules/pam_localuser/pam_localuser.8 -@@ -102,7 +102,7 @@ +@@ -117,7 +117,7 @@ .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), @@ -687,7 +687,7 @@ Index: pam/modules/pam_mkhomedir/pam_mkhomedir.8.xml =================================================================== --- pam.orig/modules/pam_mkhomedir/pam_mkhomedir.8.xml +++ pam/modules/pam_mkhomedir/pam_mkhomedir.8.xml -@@ -189,7 +189,7 @@ +@@ -198,7 +198,7 @@ pam.d5 , @@ -700,7 +700,7 @@ Index: pam/modules/pam_mkhomedir/pam_mkhomedir.8 =================================================================== --- pam.orig/modules/pam_mkhomedir/pam_mkhomedir.8 +++ pam/modules/pam_mkhomedir/pam_mkhomedir.8 -@@ -123,7 +123,7 @@ +@@ -124,7 +124,7 @@ .SH "SEE ALSO" .PP \fBpam.d\fR(5), @@ -713,7 +713,7 @@ Index: pam/modules/pam_motd/pam_motd.8.xml =================================================================== --- pam.orig/modules/pam_motd/pam_motd.8.xml +++ pam/modules/pam_motd/pam_motd.8.xml -@@ -129,7 +129,7 @@ +@@ -195,7 +195,7 @@ pam.d5 , @@ -726,7 +726,7 @@ Index: pam/modules/pam_motd/pam_motd.8 =================================================================== --- pam.orig/modules/pam_motd/pam_motd.8 +++ pam/modules/pam_motd/pam_motd.8 -@@ -122,7 +122,7 @@ +@@ -185,7 +185,7 @@ \fBmotd\fR(5), \fBpam.conf\fR(5), \fBpam.d\fR(5), @@ -856,7 +856,7 @@ Index: pam/modules/pam_rootok/pam_rootok.8 =================================================================== --- pam.orig/modules/pam_rootok/pam_rootok.8 +++ pam/modules/pam_rootok/pam_rootok.8 -@@ -99,7 +99,7 @@ +@@ -100,7 +100,7 @@ \fBsu\fR(1), \fBpam.conf\fR(5), \fBpam.d\fR(5), @@ -869,7 +869,7 @@ Index: pam/modules/pam_securetty/pam_securetty.8.xml =================================================================== --- pam.orig/modules/pam_securetty/pam_securetty.8.xml +++ pam/modules/pam_securetty/pam_securetty.8.xml -@@ -168,7 +168,7 @@ +@@ -187,7 +187,7 @@ pam.d5 , @@ -882,7 +882,7 @@ Index: pam/modules/pam_securetty/pam_securetty.8 =================================================================== --- pam.orig/modules/pam_securetty/pam_securetty.8 +++ pam/modules/pam_securetty/pam_securetty.8 -@@ -119,7 +119,7 @@ +@@ -134,7 +134,7 @@ \fBsecuretty\fR(5), \fBpam.conf\fR(5), \fBpam.d\fR(5), @@ -912,8 +912,8 @@ Index: pam/modules/pam_selinux/pam_selinux.8 .\" Source: Linux-PAM Manual .\" Language: English .\" --.TH "PAM_SELINUX" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_SELINUX" "7" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual" +-.TH "PAM_SELINUX" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_SELINUX" "7" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -947,11 +947,11 @@ Index: pam/modules/pam_sepermit/pam_sepermit.8 \fBsepermit.conf\fR(5), \fBpam.conf\fR(5), \fBpam.d\fR(5), --\fBpam\fR(8)\fBselinux\fR(8) -+\fBpam\fR(7)\fBselinux\fR(8) +-\fBpam\fR(8) ++\fBpam\fR(7) + \fBselinux\fR(8) .SH "AUTHOR" .PP - pam_sepermit and this manual page were written by Tomas Mraz \&. Index: pam/modules/pam_shells/pam_shells.8.xml =================================================================== --- pam.orig/modules/pam_shells/pam_shells.8.xml @@ -1021,7 +1021,7 @@ Index: pam/modules/pam_tally/pam_tally.8 =================================================================== --- pam.orig/modules/pam_tally/pam_tally.8 +++ pam/modules/pam_tally/pam_tally.8 -@@ -248,7 +248,7 @@ +@@ -250,7 +250,7 @@ \fBfaillog\fR(8), \fBpam.conf\fR(5), \fBpam.d\fR(5), @@ -1034,7 +1034,7 @@ Index: pam/modules/pam_time/pam_time.8.xml =================================================================== --- pam.orig/modules/pam_time/pam_time.8.xml +++ pam/modules/pam_time/pam_time.8.xml -@@ -169,7 +169,7 @@ +@@ -184,7 +184,7 @@ pam.d5 , @@ -1047,7 +1047,7 @@ Index: pam/modules/pam_time/pam_time.8 =================================================================== --- pam.orig/modules/pam_time/pam_time.8 +++ pam/modules/pam_time/pam_time.8 -@@ -109,7 +109,7 @@ +@@ -116,7 +116,7 @@ .PP \fBtime.conf\fR(5), \fBpam.d\fR(5), @@ -1060,7 +1060,7 @@ Index: pam/modules/pam_umask/pam_umask.8.xml =================================================================== --- pam.orig/modules/pam_umask/pam_umask.8.xml +++ pam/modules/pam_umask/pam_umask.8.xml -@@ -201,7 +201,7 @@ +@@ -246,7 +246,7 @@ pam.d5 , @@ -1073,7 +1073,7 @@ Index: pam/modules/pam_umask/pam_umask.8 =================================================================== --- pam.orig/modules/pam_umask/pam_umask.8 +++ pam/modules/pam_umask/pam_umask.8 -@@ -150,7 +150,7 @@ +@@ -170,7 +170,7 @@ .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), @@ -1086,7 +1086,7 @@ Index: pam/modules/pam_unix/pam_unix.8.xml =================================================================== --- pam.orig/modules/pam_unix/pam_unix.8.xml +++ pam/modules/pam_unix/pam_unix.8.xml -@@ -537,7 +537,7 @@ +@@ -559,7 +559,7 @@ pam.d5 , @@ -1099,7 +1099,7 @@ Index: pam/modules/pam_unix/pam_unix.8 =================================================================== --- pam.orig/modules/pam_unix/pam_unix.8 +++ pam/modules/pam_unix/pam_unix.8 -@@ -294,7 +294,7 @@ +@@ -310,7 +310,7 @@ \fBlogin.defs\fR(5), \fBpam.conf\fR(5), \fBpam.d\fR(5), @@ -1612,8 +1612,8 @@ Index: pam/modules/pam_env/pam_env.8 .\" Source: Linux-PAM Manual .\" Language: English .\" --.TH "PAM_ENV" "8" "05/18/2017" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_ENV" "7" "05/18/2017" "Linux-PAM Manual" "Linux-PAM Manual" +-.TH "PAM_ENV" "8" "06/08/2020" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_ENV" "7" "06/08/2020" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -1634,16 +1634,15 @@ Index: pam/modules/pam_pwhistory/pam_pwhistory.8 =================================================================== --- pam.orig/modules/pam_pwhistory/pam_pwhistory.8 +++ pam/modules/pam_pwhistory/pam_pwhistory.8 -@@ -156,7 +156,8 @@ +@@ -156,7 +156,7 @@ .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), --\fBpam\fR(8)\fBpam_get_authtok\fR(3) +-\fBpam\fR(8) +\fBpam\fR(7) -+\fBpam_get_authtok\fR(3) + \fBpam_get_authtok\fR(3) .SH "AUTHOR" .PP - pam_pwhistory was written by Thorsten Kukuk Index: pam/modules/pam_sepermit/sepermit.conf.5.xml =================================================================== --- pam.orig/modules/pam_sepermit/sepermit.conf.5.xml @@ -1687,7 +1686,7 @@ Index: pam/modules/pam_tally2/pam_tally2.8 =================================================================== --- pam.orig/modules/pam_tally2/pam_tally2.8 +++ pam/modules/pam_tally2/pam_tally2.8 -@@ -236,7 +236,7 @@ +@@ -238,7 +238,7 @@ .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), @@ -1752,7 +1751,7 @@ Index: pam/modules/pam_tty_audit/pam_tty_audit.8.xml =================================================================== --- pam.orig/modules/pam_tty_audit/pam_tty_audit.8.xml +++ pam/modules/pam_tty_audit/pam_tty_audit.8.xml -@@ -174,7 +174,7 @@ +@@ -181,7 +181,7 @@ pam.d5 , @@ -1765,7 +1764,7 @@ Index: pam/modules/pam_tty_audit/pam_tty_audit.8 =================================================================== --- pam.orig/modules/pam_tty_audit/pam_tty_audit.8 +++ pam/modules/pam_tty_audit/pam_tty_audit.8 -@@ -125,7 +125,7 @@ +@@ -129,7 +129,7 @@ \fBaureport\fR(8), \fBpam.conf\fR(5), \fBpam.d\fR(5), @@ -1791,7 +1790,7 @@ Index: pam/doc/man/pam_get_authtok.3 =================================================================== --- pam.orig/doc/man/pam_get_authtok.3 +++ pam/doc/man/pam_get_authtok.3 -@@ -161,7 +161,7 @@ +@@ -162,7 +162,7 @@ .RE .SH "SEE ALSO" .PP diff --git a/debian/patches-applied/fix-autoreconf.patch b/debian/patches-applied/fix-autoreconf.patch index 037f7ff8..bdd96262 100644 --- a/debian/patches-applied/fix-autoreconf.patch +++ b/debian/patches-applied/fix-autoreconf.patch @@ -8,11 +8,11 @@ Do not override user variables in Makefile.am, see the doc/specs/Makefile.am | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) -diff --git a/doc/specs/Makefile.am b/doc/specs/Makefile.am -index 99ecc70..b94e5ef 100644 ---- a/doc/specs/Makefile.am -+++ b/doc/specs/Makefile.am -@@ -12,9 +12,9 @@ draft-morgan-pam-current.txt: padout draft-morgan-pam.raw +Index: pam/doc/specs/Makefile.am +=================================================================== +--- pam.orig/doc/specs/Makefile.am ++++ pam/doc/specs/Makefile.am +@@ -12,9 +12,9 @@ AM_YFLAGS = -d CC = @CC_FOR_BUILD@ @@ -23,5 +23,5 @@ index 99ecc70..b94e5ef 100644 +AM_CFLAGS = @BUILD_CFLAGS@ +AM_LDFLAGS = @BUILD_LDFLAGS@ - BUILT_SOURCES = parse_y.h + padout_CFLAGS = $(WARN_CFLAGS) -Wno-unused-function -Wno-sign-compare diff --git a/debian/patches-applied/lib_security_multiarch_compat b/debian/patches-applied/lib_security_multiarch_compat index 82b48fc4..c43a733e 100644 --- a/debian/patches-applied/lib_security_multiarch_compat +++ b/debian/patches-applied/lib_security_multiarch_compat @@ -15,7 +15,7 @@ Index: pam/libpam/pam_handlers.c =================================================================== --- pam.orig/libpam/pam_handlers.c +++ pam/libpam/pam_handlers.c -@@ -728,7 +728,26 @@ +@@ -735,7 +735,18 @@ success = PAM_ABORT; D(("_pam_load_module: _pam_dlopen(%s)", mod_path)); @@ -23,27 +23,19 @@ Index: pam/libpam/pam_handlers.c + if (mod_path[0] == '/') { + mod->dl_handle = _pam_dlopen(mod_path); + } else { -+ if (asprintf(&mod_full_isa_path, "%s%s", ++ char *mod_full_path = NULL; ++ if (asprintf(&mod_full_path, "%s%s", + DEFAULT_MODULE_PATH, mod_path) >= 0) { -+ mod->dl_handle = _pam_dlopen(mod_full_isa_path); -+ _pam_drop(mod_full_isa_path); ++ mod->dl_handle = _pam_dlopen(mod_full_path); ++ _pam_drop(mod_full_path); + } else { + pam_syslog(pamh, LOG_CRIT, "cannot malloc full mod path"); + } -+ if (!mod->dl_handle) { -+ if (asprintf(&mod_full_isa_path, "%s/%s", -+ _PAM_ISA, mod_path) >= 0) { -+ mod->dl_handle = _pam_dlopen(mod_full_isa_path); -+ _pam_drop(mod_full_isa_path); -+ } else { -+ pam_syslog(pamh, LOG_CRIT, "cannot malloc full mod path"); -+ } -+ } + } D(("_pam_load_module: _pam_dlopen'ed")); D(("_pam_load_module: dlopen'ed")); if (mod->dl_handle == NULL) { -@@ -797,7 +816,6 @@ +@@ -812,7 +823,6 @@ struct handler **handler_p2; struct handlers *the_handlers; const char *sym, *sym2; @@ -51,7 +43,7 @@ Index: pam/libpam/pam_handlers.c servicefn func, func2; int mod_type = PAM_MT_FAULTY_MOD; -@@ -809,16 +827,7 @@ +@@ -824,16 +834,7 @@ if ((handler_type == PAM_HT_MODULE || handler_type == PAM_HT_SILENT_MODULE) && mod_path != NULL) { diff --git a/debian/patches-applied/make_documentation_reproducible.patch b/debian/patches-applied/make_documentation_reproducible.patch index f953b237..ed15df13 100644 --- a/debian/patches-applied/make_documentation_reproducible.patch +++ b/debian/patches-applied/make_documentation_reproducible.patch @@ -8,12 +8,12 @@ Index: pam/configure.ac =================================================================== --- pam.orig/configure.ac +++ pam/configure.ac -@@ -556,7 +556,7 @@ +@@ -619,7 +619,7 @@ AC_PATH_PROG([BROWSER], [w3m]) - if test ! -z "$BROWSER"; then + if test -n "$BROWSER"; then - BROWSER="$BROWSER -T text/html -dump" + BROWSER="LC_ALL=C.UTF-8 $BROWSER -T text/html -dump" else - AC_PATH_PROG([BROWSER], [links]) - if test ! -z "$BROWSER"; then + AC_PATH_PROG([BROWSER], [elinks]) + if test -n "$BROWSER"; then diff --git a/debian/patches-applied/update-motd b/debian/patches-applied/update-motd index dececee5..d84ecf57 100644 --- a/debian/patches-applied/update-motd +++ b/debian/patches-applied/update-motd @@ -10,18 +10,23 @@ Index: pam/modules/pam_motd/pam_motd.c =================================================================== --- pam.orig/modules/pam_motd/pam_motd.c +++ pam/modules/pam_motd/pam_motd.c -@@ -101,8 +101,10 @@ +@@ -286,6 +286,7 @@ int argc, const char **argv) { int retval = PAM_IGNORE; + int do_update = 1; const char *motd_path = NULL; - const char *motd_dir_path = NULL; + char *motd_path_copy = NULL; + unsigned int num_motd_paths = 0; +@@ -295,6 +296,7 @@ + unsigned int num_motd_dir_paths = 0; + char **motd_dir_path_split = NULL; + int report_missing; + struct stat st; if (flags & PAM_SILENT) { return retval; -@@ -131,6 +133,9 @@ +@@ -324,6 +326,9 @@ "motd_dir= specification missing argument - ignored"); } } @@ -31,8 +36,8 @@ Index: pam/modules/pam_motd/pam_motd.c else pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); } -@@ -140,6 +145,19 @@ - motd_dir_path = default_motd_dir; +@@ -336,6 +341,19 @@ + report_missing = 1; } + /* Run the update-motd dynamic motd scripts, outputting to /run/motd.dynamic. @@ -49,13 +54,13 @@ Index: pam/modules/pam_motd/pam_motd.c + } + if (motd_path != NULL) { - int fd = open(motd_path, O_RDONLY, 0); - + motd_path_copy = strdup(motd_path); + } Index: pam/modules/pam_motd/pam_motd.8.xml =================================================================== --- pam.orig/modules/pam_motd/pam_motd.8.xml +++ pam/modules/pam_motd/pam_motd.8.xml -@@ -63,6 +63,17 @@ +@@ -114,6 +114,17 @@ @@ -72,13 +77,13 @@ Index: pam/modules/pam_motd/pam_motd.8.xml + - When no options are given, the default is to display both + When no options are given, the default behavior applies for both Index: pam/modules/pam_motd/pam_motd.8 =================================================================== --- pam.orig/modules/pam_motd/pam_motd.8 +++ pam/modules/pam_motd/pam_motd.8 -@@ -53,6 +53,13 @@ - directory is scanned and each file contained inside of it is displayed\&. +@@ -109,6 +109,13 @@ + /etc/motd\&.d:/run/motd\&.d:/usr/lib/motd\&.d\&. .RE .PP +\fBnoupdate\fR @@ -88,21 +93,21 @@ Index: pam/modules/pam_motd/pam_motd.8 +to refresh the motd file\&. +.RE +.PP - When no options are given, the default is to display both - /etc/motd - and the contents of + When no options are given, the default behavior applies for both options\&. Specifying either option (or both) will disable the default behavior for both options\&. + .SH "MODULE TYPES PROVIDED" + .PP Index: pam/modules/pam_motd/README =================================================================== --- pam.orig/modules/pam_motd/README +++ pam/modules/pam_motd/README -@@ -19,6 +19,10 @@ - The /path/dirname.d directory is scanned and each file contained inside of - it is displayed. +@@ -51,6 +51,10 @@ + colon-separated list. By default this option is set to /etc/motd.d:/run/ + motd.d:/usr/lib/motd.d. +noupdate + + Don't run the scripts in /etc/update-motd.d to refresh the motd file. + - When no options are given, the default is to display both /etc/motd and the - contents of /etc/motd.d. Specifying either option (or both) will disable this - default behavior. + When no options are given, the default behavior applies for both options. + Specifying either option (or both) will disable the default behavior for both + options. -- cgit v1.2.3