--- libpam-unix2-2.4.1.orig/config.guess +++ libpam-unix2-2.4.1/config.guess @@ -1,10 +1,10 @@ #! /bin/sh # Attempt to guess a canonical system name. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, -# Inc. +# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 +# Free Software Foundation, Inc. -timestamp='2006-07-02' +timestamp='2008-01-23' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -56,8 +56,8 @@ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 -Free Software Foundation, Inc. +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, +2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -139,16 +139,6 @@ UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown -case "${UNAME_MACHINE}" in - i?86) - test -z "$VENDOR" && VENDOR=pc - ;; - *) - test -z "$VENDOR" && VENDOR=unknown - ;; -esac -test -f /etc/SuSE-release -o -f /.buildenv && VENDOR=suse - # Note: order is significant - the case branches are not exclusive. case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in @@ -171,6 +161,7 @@ arm*) machine=arm-unknown ;; sh3el) machine=shl-unknown ;; sh3eb) machine=sh-unknown ;; + sh5el) machine=sh5le-unknown ;; *) machine=${UNAME_MACHINE_ARCH}-unknown ;; esac # The Operating System including object format, if it has switched @@ -339,7 +330,7 @@ sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; - i86pc:SunOS:5.*:*) + i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:6*:*) @@ -541,7 +532,7 @@ echo rs6000-ibm-aix3.2 fi exit ;; - *:AIX:*:[45]) + *:AIX:*:[456]) IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then IBM_ARCH=rs6000 @@ -790,7 +781,7 @@ i*:CYGWIN*:*) echo ${UNAME_MACHINE}-pc-cygwin exit ;; - i*:MINGW*:*) + *:MINGW*:*) echo ${UNAME_MACHINE}-pc-mingw32 exit ;; i*:windows32*:*) @@ -800,12 +791,18 @@ i*:PW*:*) echo ${UNAME_MACHINE}-pc-pw32 exit ;; - x86:Interix*:[3456]*) - echo i586-pc-interix${UNAME_RELEASE} - exit ;; - EM64T:Interix*:[3456]*) - echo x86_64-unknown-interix${UNAME_RELEASE} - exit ;; + *:Interix*:[3456]*) + case ${UNAME_MACHINE} in + x86) + echo i586-pc-interix${UNAME_RELEASE} + exit ;; + EM64T | authenticamd) + echo x86_64-unknown-interix${UNAME_RELEASE} + exit ;; + IA64) + echo ia64-unknown-interix${UNAME_RELEASE} + exit ;; + esac ;; [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) echo i${UNAME_MACHINE}-pc-mks exit ;; @@ -839,7 +836,14 @@ echo ${UNAME_MACHINE}-pc-minix exit ;; arm*:Linux:*:*) - echo ${UNAME_MACHINE}-${VENDOR}-linux-gnu + eval $set_cc_for_build + if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ARM_EABI__ + then + echo ${UNAME_MACHINE}-unknown-linux-gnu + else + echo ${UNAME_MACHINE}-unknown-linux-gnueabi + fi exit ;; avr32*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu @@ -851,16 +855,16 @@ echo crisv32-axis-linux-gnu exit ;; frv:Linux:*:*) - echo frv-${VENDOR}-linux-gnu + echo frv-unknown-linux-gnu exit ;; ia64:Linux:*:*) - echo ${UNAME_MACHINE}-${VENDOR}-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; m32r*:Linux:*:*) - echo ${UNAME_MACHINE}-${VENDOR}-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; m68*:Linux:*:*) - echo ${UNAME_MACHINE}-${VENDOR}-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; mips:Linux:*:*) eval $set_cc_for_build @@ -883,7 +887,7 @@ s: ::g p }'`" - test x"${CPU}" != x && { echo "${CPU}-${VENDOR}-linux-gnu"; exit; } + test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } ;; mips64:Linux:*:*) eval $set_cc_for_build @@ -906,16 +910,16 @@ s: ::g p }'`" - test x"${CPU}" != x && { echo "${CPU}-${VENDOR}-linux-gnu"; exit; } + test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } ;; or32:Linux:*:*) - echo or32-${VENDOR}-linux-gnu + echo or32-unknown-linux-gnu exit ;; ppc:Linux:*:*) - echo powerpc-${VENDOR}-linux-gnu + echo powerpc-unknown-linux-gnu exit ;; ppc64:Linux:*:*) - echo powerpc64-${VENDOR}-linux-gnu + echo powerpc64-unknown-linux-gnu exit ;; alpha:Linux:*:*) case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in @@ -929,36 +933,39 @@ esac objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi - echo ${UNAME_MACHINE}-${VENDOR}-linux-gnu${LIBC} + echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} exit ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in - PA7*) echo hppa1.1-${VENDOR}-linux-gnu ;; - PA8*) echo hppa2.0-${VENDOR}-linux-gnu ;; - *) echo hppa-${VENDOR}-linux-gnu ;; + PA7*) echo hppa1.1-unknown-linux-gnu ;; + PA8*) echo hppa2.0-unknown-linux-gnu ;; + *) echo hppa-unknown-linux-gnu ;; esac exit ;; parisc64:Linux:*:* | hppa64:Linux:*:*) - echo hppa64-${VENDOR}-linux-gnu + echo hppa64-unknown-linux-gnu exit ;; s390:Linux:*:* | s390x:Linux:*:*) echo ${UNAME_MACHINE}-ibm-linux exit ;; sh64*:Linux:*:*) - echo ${UNAME_MACHINE}-${VENDOR}-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; sh*:Linux:*:*) - echo ${UNAME_MACHINE}-${VENDOR}-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; sparc:Linux:*:* | sparc64:Linux:*:*) - echo ${UNAME_MACHINE}-${VENDOR}-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; vax:Linux:*:*) echo ${UNAME_MACHINE}-dec-linux-gnu exit ;; x86_64:Linux:*:*) - echo x86_64-${VENDOR}-linux-gnu + echo x86_64-unknown-linux-gnu + exit ;; + xtensa*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; i*86:Linux:*:*) # The BFD linker knows what the default object file format is, so @@ -973,18 +980,18 @@ p'` case "$ld_supported_targets" in elf32-i386) - TENTATIVE="${UNAME_MACHINE}-${VENDOR}-linux-gnu" + TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu" ;; a.out-i386-linux) - echo "${UNAME_MACHINE}-${VENDOR}-linux-gnuaout" + echo "${UNAME_MACHINE}-pc-linux-gnuaout" exit ;; coff-i386) - echo "${UNAME_MACHINE}-${VENDOR}-linux-gnucoff" + echo "${UNAME_MACHINE}-pc-linux-gnucoff" exit ;; "") # Either a pre-BFD a.out linker (linux-gnuoldld) or # one that does not give us useful --help. - echo "${UNAME_MACHINE}-${VENDOR}-linux-gnuoldld" + echo "${UNAME_MACHINE}-pc-linux-gnuoldld" exit ;; esac # Determine whether the default compiler is a.out or elf @@ -1018,7 +1025,7 @@ p }'`" test x"${LIBC}" != x && { - echo "${UNAME_MACHINE}-${VENDOR}-linux-${LIBC}" + echo "${UNAME_MACHINE}-pc-linux-${LIBC}" exit } test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; } @@ -1218,6 +1225,15 @@ SX-6:SUPER-UX:*:*) echo sx6-nec-superux${UNAME_RELEASE} exit ;; + SX-7:SUPER-UX:*:*) + echo sx7-nec-superux${UNAME_RELEASE} + exit ;; + SX-8:SUPER-UX:*:*) + echo sx8-nec-superux${UNAME_RELEASE} + exit ;; + SX-8R:SUPER-UX:*:*) + echo sx8r-nec-superux${UNAME_RELEASE} + exit ;; Power*:Rhapsody:*:*) echo powerpc-apple-rhapsody${UNAME_RELEASE} exit ;; @@ -1468,9 +1484,9 @@ the operating system you are using. It is advised that you download the most up to date version of the config scripts from - http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.guess + http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD and - http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.sub + http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD If the version you run ($0) is already up to date, please send the following data and any information you think might be --- libpam-unix2-2.4.1.orig/config.sub +++ libpam-unix2-2.4.1/config.sub @@ -1,10 +1,10 @@ #! /bin/sh # Configuration validation subroutine script. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, -# Inc. +# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 +# Free Software Foundation, Inc. -timestamp='2006-09-20' +timestamp='2008-01-16' # This file is (in principle) common to ALL GNU software. # The presence of a machine in this file suggests that SOME GNU software @@ -72,8 +72,8 @@ version="\ GNU config.sub ($timestamp) -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 -Free Software Foundation, Inc. +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, +2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -245,12 +245,12 @@ | bfin \ | c4x | clipper \ | d10v | d30v | dlx | dsp16xx \ - | fr30 | frv \ + | fido | fr30 | frv \ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ | i370 | i860 | i960 | ia64 \ | ip2k | iq2000 \ | m32c | m32r | m32rle | m68000 | m68k | m88k \ - | maxq | mb | microblaze | mcore \ + | maxq | mb | microblaze | mcore | mep \ | mips | mipsbe | mipseb | mipsel | mipsle \ | mips16 \ | mips64 | mips64el \ @@ -324,7 +324,7 @@ | clipper-* | craynv-* | cydra-* \ | d10v-* | d30v-* | dlx-* \ | elxsi-* \ - | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \ + | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ | h8300-* | h8500-* \ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ | i*86-* | i860-* | i960-* | ia64-* \ @@ -369,10 +369,14 @@ | v850-* | v850e-* | vax-* \ | we32k-* \ | x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \ - | xstormy16-* | xtensa-* \ + | xstormy16-* | xtensa*-* \ | ymp-* \ | z8k-*) ;; + # Recognize the basic CPU types without company name, with glob match. + xtensa*) + basic_machine=$basic_machine-unknown + ;; # Recognize the various machine names and aliases which stand # for a CPU type and a company and sometimes even an OS. 386bsd) @@ -443,6 +447,14 @@ basic_machine=ns32k-sequent os=-dynix ;; + blackfin) + basic_machine=bfin-unknown + os=-linux + ;; + blackfin-*) + basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'` + os=-linux + ;; c90) basic_machine=c90-cray os=-unicos @@ -475,8 +487,8 @@ basic_machine=craynv-cray os=-unicosmp ;; - cr16c) - basic_machine=cr16c-unknown + cr16) + basic_machine=cr16-unknown os=-elf ;; crds | unos) @@ -668,6 +680,14 @@ basic_machine=m68k-isi os=-sysv ;; + m68knommu) + basic_machine=m68k-unknown + os=-linux + ;; + m68knommu-*) + basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'` + os=-linux + ;; m88k-omron*) basic_machine=m88k-omron ;; @@ -683,6 +703,10 @@ basic_machine=i386-pc os=-mingw32 ;; + mingw32ce) + basic_machine=arm-unknown + os=-mingw32ce + ;; miniframe) basic_machine=m68000-convergent ;; @@ -809,6 +833,14 @@ basic_machine=i860-intel os=-osf ;; + parisc) + basic_machine=hppa-unknown + os=-linux + ;; + parisc-*) + basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'` + os=-linux + ;; pbd) basic_machine=sparc-tti ;; @@ -925,6 +957,9 @@ basic_machine=sh-hitachi os=-hms ;; + sh5el) + basic_machine=sh5le-unknown + ;; sh64) basic_machine=sh64-unknown ;; @@ -1014,6 +1049,10 @@ basic_machine=tic6x-unknown os=-coff ;; + tile*) + basic_machine=tile-unknown + os=-linux-gnu + ;; tx39) basic_machine=mipstx39-unknown ;; @@ -1219,7 +1258,7 @@ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ - | -skyos* | -haiku* | -rdos* | -toppers*) + | -skyos* | -haiku* | -rdos* | -toppers* | -drops*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) @@ -1414,6 +1453,9 @@ m68*-cisco) os=-aout ;; + mep-*) + os=-elf + ;; mips*-cisco) os=-elf ;; --- libpam-unix2-2.4.1.orig/debian/dirs +++ libpam-unix2-2.4.1/debian/dirs @@ -0,0 +1,2 @@ +lib/security +etc/security --- libpam-unix2-2.4.1.orig/debian/postrm +++ libpam-unix2-2.4.1/debian/postrm @@ -0,0 +1,45 @@ +#!/bin/sh +# postrm script for #PACKAGE# +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `remove' +# * `purge' +# * `upgrade' +# * `failed-upgrade' +# * `abort-install' +# * `abort-install' +# * `abort-upgrade' +# * `disappear' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + + purge) + #remove obsolete config file from etch version on purge + rm -f /etc/security/pam_unix2.conf + ;; + + remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + ;; + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 + + --- libpam-unix2-2.4.1.orig/debian/watch +++ libpam-unix2-2.4.1/debian/watch @@ -0,0 +1,7 @@ +# Example watch control file for uscan +# Rename this file to "watch" and then you can run the "uscan" command +# to check for upstream updates and more. +# Site Directory Pattern Version Script +version=2 +ftp://ftp.suse.com/pub/people/kukuk/pam/pam_unix2/pam_unix2-(\w+\.[\w\.]+)\.tar\.bz2 \ + debian uupdate --- libpam-unix2-2.4.1.orig/debian/docs +++ libpam-unix2-2.4.1/debian/docs @@ -0,0 +1,3 @@ +NEWS +README +TODO --- libpam-unix2-2.4.1.orig/debian/rules +++ libpam-unix2-2.4.1/debian/rules @@ -0,0 +1,142 @@ +#!/usr/bin/make -f +# -*- makefile -*- +# Sample debian/rules that uses debhelper. +# GNU copyright 1997 to 1999 by Joey Hess. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + + +# These are used for cross-compiling and for saving the configure script +# from having to guess our platform (since we know it already) +DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) +DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) + + +CFLAGS = -Wall -g +# 4) The module should be linked to libpam (-lpam) when compiled so that +# proper version dependencies will work. +LDFLAGS = -lpam + +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS += -O0 +else + CFLAGS += -O2 +endif +ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS))) + INSTALL_PROGRAM += -s +endif + +# shared library versions, option 1 +#version=2.0.5 +#major=2 +# option 2, assuming the library is created as src/.libs/libfoo.so.2.0.5 or so +#version=`ls src/.libs/lib*.so.* | \ +# awk '{if (match($$0,/[0-9]+\.[0-9]+\.[0-9]+$$/)) print substr($$0,RSTART)}'` +#major=`ls src/.libs/lib*.so.* | \ +# awk '{if (match($$0,/\.so\.[0-9]+$$/)) print substr($$0,RSTART+4)}'` + +config.status: configure + dh_testdir + # Add here commands to configure the package. + CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" ./configure --host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE) --prefix=/usr --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info + + +build: build-stamp +build-stamp: patch config.status + dh_testdir + + # Add here commands to compile the package. + $(MAKE) + $(MAKE) -C unix2_chkpwd + + touch build-stamp + +patch: patch-stamp +patch-stamp: + dpatch apply-all + dpatch cat-all >patch-stamp + +unpatch: + dpatch deapply-all + rm -rf patch-stamp debian/patched + +clean: unpatch + dh_testdir + dh_testroot + rm -f build-stamp + + # Add here commands to clean up after the build process. + -$(MAKE) distclean + + #bah. this doesn't work because we're already unpatched + #-$(MAKE) -C unix2_chkpwd clean + #so just do it manually + rm -f unix2_chkpwd/unix2_chkpwd unix2_chkpwd/unix2_chkpwd.o + +ifneq "$(wildcard /usr/share/misc/config.sub)" "" + cp -f /usr/share/misc/config.sub config.sub +endif +ifneq "$(wildcard /usr/share/misc/config.guess)" "" + cp -f /usr/share/misc/config.guess config.guess +endif + + + dh_clean + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + # Add here commands to install the package into debian/tmp + $(MAKE) install DESTDIR=$(CURDIR)/debian/tmp + $(MAKE) -C unix2_chkpwd install DESTDIR=$(CURDIR)/debian/tmp + + #kludge this into our location + mkdir debian/tmp/etc/security + mv debian/tmp/etc/default/passwd debian/tmp/etc/security/pam_unix2.default + rmdir debian/tmp/etc/default + + dh_movefiles + + + +# Build architecture-independent files here. +binary-indep: build install +# We have nothing to do by default. + +# Build architecture-dependent files here. +binary-arch: build install + dh_testdir + dh_testroot + dh_installchangelogs ChangeLog + dh_installdocs + dh_installexamples +# dh_install +# dh_installmenu +# dh_installdebconf +# dh_installlogrotate +# dh_installemacsen +# dh_installpam +# dh_installmime +# dh_installinit +# dh_installcron +# dh_installinfo + dh_installman + dh_link + dh_strip + dh_compress + dh_fixperms --exclude /sbin/unix2_chkpwd +# dh_perl +# dh_python +# dh_makeshlibs + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install --- libpam-unix2-2.4.1.orig/debian/compat +++ libpam-unix2-2.4.1/debian/compat @@ -0,0 +1 @@ +4 --- libpam-unix2-2.4.1.orig/debian/libpam-unix2.files +++ libpam-unix2-2.4.1/debian/libpam-unix2.files @@ -0,0 +1,5 @@ +lib/security/pam*.so +etc/security/pam_unix2.* +usr/share/locale/*/*/* +usr/share/man/*/* +sbin/* --- libpam-unix2-2.4.1.orig/debian/changelog +++ libpam-unix2-2.4.1/debian/changelog @@ -0,0 +1,99 @@ +libpam-unix2 (1:2.4.1-4) unstable; urgency=low + + * Don't error out on purging when obsolete /etc/security/pam_unix2.conf + doesn't exist (closes: Bug#530903). + + -- Ivan Kohler Mon, 08 Jun 2009 19:56:56 -0700 + +libpam-unix2 (1:2.4.1-3) unstable; urgency=low + + * Fix watch file to be more accurate. + + -- Ivan Kohler Tue, 26 Aug 2008 09:42:37 -0700 + +libpam-unix2 (1:2.4.1-2) unstable; urgency=low + + * Update Build-Deps on libxcrypt to 1:2.4 to fix FTBFS (closes: Bug#492814) + + -- Ivan Kohler Tue, 29 Jul 2008 19:17:52 -0700 + +libpam-unix2 (1:2.4.1-1) unstable; urgency=low + + * Revert to upstream 2.4.1 to get this compiled & working against lenny + libxcrypt (closes: Bug#487487). + + -- Ivan Kohler Tue, 22 Jul 2008 15:47:23 -0700 + +libpam-unix2 (2.5.0-3) unstable; urgency=low + + * Update watch file for new upstream x.y.z versioning. + + -- Ivan Kohler Tue, 10 Jun 2008 14:24:34 -0700 + +libpam-unix2 (2.5.0-2) unstable; urgency=low + + * Remove obsolete /etc/security/pam_unix2.conf config file from etch version + on purge (closes: Bug#455033). + * Clean up after unix2_chkpwd on "make clean". + + -- Ivan Kohler Tue, 03 Jun 2008 16:42:08 -0700 + +libpam-unix2 (2.5.0-1) unstable; urgency=low + + * New upstream release + * Many, many thanks to Christoph Pleger for the unix2_chkpwd helper binary + patch and to Steve Kemp for auditing the changes (closes: Bug#295526) + + -- Ivan Kohler Mon, 19 May 2008 19:17:29 -0700 + +libpam-unix2 (2.1-5) unstable; urgency=low + + * Use unix2_chkpwd as helper binary + + -- Christoph Pleger Tue, 13 May 2008 13:33:53 +0200 + +libpam-unix2 (2.1-4) unstable; urgency=low + + * Build against pam 0.99.7.1-1 (closes: Bug#429023) + + -- Ivan Kohler Wed, 08 Aug 2007 18:03:27 -0700 + +libpam-unix2 (2.1-3) unstable; urgency=low + + * Add Build-Dep: libpam0g-dev (>= 0.81) (closes: Bug#429023) + + -- Ivan Kohler Tue, 19 Jun 2007 12:10:19 -0700 + +libpam-unix2 (2.1-2) unstable; urgency=low + + * Brown-Paper-Bag-Release: Build-Dep on dpatch, though! (closes: Bug#428553) + + -- Ivan Kohler Tue, 12 Jun 2007 09:59:12 -0700 + +libpam-unix2 (2.1-1) unstable; urgency=low + + * New upstream release + + Fix segfault on amd64 arch (& warning on i386) by replacing alloca with + malloc (closes: Bug#351217) + + Updates de.po translation; incorporates still-relevant changes from + outstanding translation patch (closes: Bug#313780) + * Properly implement the + /etc/default/passwd to /etc/security/pam_unix2.default substitution with a + dpatch, so it doesn't accidentally get lost again (closes: Bug#427058) + * Acknowledge NMU removing Build-Dep on automake (closes: Bug#376556), thanks + to Eric Dorland. + + -- Ivan Kohler Mon, 11 Jun 2007 17:16:26 -0700 + +libpam-unix2 (1.25-1) unstable; urgency=low + + * New upstream release + + -- Ivan Kohler Fri, 21 Jan 2005 18:31:54 -0800 + +libpam-unix2 (1.23-1) unstable; urgency=low + + * Initial Release (closes: Bug#237856). + + -- Ivan Kohler Sun, 8 Aug 2004 06:09:49 -0700 + --- libpam-unix2-2.4.1.orig/debian/copyright +++ libpam-unix2-2.4.1/debian/copyright @@ -0,0 +1,51 @@ +This package was debianized by Ivan Kohler on +Sun, 8 Aug 2004 06:09:49 -0700. + +It was downloaded from ftp://ftp.suse.com/pub/people/kukuk/pam/pam_unix2/ + +Upstream Author: Thorsten Kukuk + Olaf Kirch + +Copyright: + +Copyright (C) 2001-2004 SuSE Linux AG Nuernberg, Germany + +/* + * Copyright (c) 2000 SuSE GmbH Nuernberg, Germany. + * Author: Thorsten Kukuk + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +On Debian GNU/Linux systems, the complete text of the GNU General +Public License can be found in `/usr/share/common-licenses/GPL'. + --- libpam-unix2-2.4.1.orig/debian/README.Debian +++ libpam-unix2-2.4.1/debian/README.Debian @@ -0,0 +1,19 @@ +libpam-unix2 for Debian +----------------------- + +I had to migrate an OpenBSD server to Debian, so this is a +package of the blowfish-capable pam_unix2 for Debian. + + -- Ivan Kohler , Sat Jan 24 16:16:26 PST 2004 + +The new /etc/default/passwd from upstream has been moved to +/etc/security/pam_unix2.default + +Super-quick HOWTO: +- To recognize bcrypt hashes, edit /etc/pam.d/common-auth and + /etc/pam.d/common-password, replacing pam_unix.so with pam_unix2.so +- You can use "blowfish" instead of "md5" in common-password if you want + bcrypt encryption to be the default + + -- Ivan Kohler , Sun Aug 8 07:52:50 PDT 2004 + --- libpam-unix2-2.4.1.orig/debian/control +++ libpam-unix2-2.4.1/debian/control @@ -0,0 +1,14 @@ +Source: libpam-unix2 +Section: admin +Priority: extra +Maintainer: Ivan Kohler +Build-Depends: debhelper (>= 4.0.0), libpam0g-dev (>= 0.81), autoconf, libtool, libxcrypt-dev (>= 1:2.4), libxcrypt-dev (< 1:3.0), dpatch +Build-Conflicts: libxcrypt2 +Standards-Version: 3.6.0 + +Package: libpam-unix2 +Architecture: any +Depends: ${shlibs:Depends} +Description: Blowfish-capable PAM module + This is a PAM module, backward-compatible with pam_unix, that additionally + supports bcrypt Blowfish-based password hashing. --- libpam-unix2-2.4.1.orig/debian/patches/02_helper.dpatch +++ libpam-unix2-2.4.1/debian/patches/02_helper.dpatch @@ -0,0 +1,504 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 02_helper.dpatch by Christoph Pleger +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Call helper binary in case of possibly insufficient permissions + +@DPATCH@ +diff -Naurp libpam-unix2-2.5.0.orig/src/unix_auth.c libpam-unix2-2.5.0/src/unix_auth.c +--- libpam-unix2-2.5.0.orig/src/unix_auth.c 2006-11-06 14:57:01.000000000 +0100 ++++ libpam-unix2-2.5.0/src/unix_auth.c 2008-05-13 10:55:31.736738261 +0200 +@@ -57,6 +57,7 @@ + + #define PAM_SM_AUTH + #include ++#include + #if defined (HAVE_SECURITY_PAM_EXT_H) + #include + #endif +@@ -69,6 +70,7 @@ + + #include "public.h" + ++#define CHKPWD_HELPER "/sbin/unix2_chkpwd" + + /* This module actually performs UNIX/shadow authentication. */ + +@@ -121,6 +123,76 @@ need_password (pam_handle_t *pamh, const + return 0; + } + ++static int _unix2_run_helper_binary(pam_handle_t *pamh, const char *passwd, ++ const char *user, const options_t *options) ++{ ++ int retval, child, fds[2]; ++ sigset_t sigset; ++ char *service; ++ ++ pam_get_item (pamh, PAM_SERVICE, (void *) &service); ++ ++ if (options->debug) ++ pam_syslog (pamh, LOG_DEBUG, "_unix2_run_helper_binary called."); ++ /* create a pipe for the password */ ++ if (pipe(fds) != 0) { ++ if (options->debug) ++ pam_syslog (pamh, LOG_DEBUG, "could not make pipe"); ++ return PAM_AUTH_ERR; ++ } ++ ++ /* Block SIGCHLD */ ++ sigemptyset(&sigset); ++ sigaddset(&sigset, SIGCHLD); ++ sigprocmask(SIG_BLOCK, &sigset, 0); ++ ++ /* fork */ ++ child = fork(); ++ if (child == 0) { ++ char *args[] = { NULL, NULL, NULL, NULL }; ++ static char *envp[] = { NULL }; ++ ++ /* XXX - should really tidy up PAM here too */ ++ ++ /* reopen stdin as pipe */ ++ close(fds[1]); ++ dup2(fds[0], STDIN_FILENO); ++ ++ /* exec binary helper */ ++ args[0] = x_strdup(CHKPWD_HELPER); ++ args[1] = x_strdup(service); ++ args[2] = x_strdup(user); ++ ++ execve(CHKPWD_HELPER, args, envp); ++ ++ /* should not get here: exit with error */ ++ if (options->debug) ++ pam_syslog (pamh, LOG_DEBUG, "helper binary is not available"); ++ exit(PAM_AUTHINFO_UNAVAIL); ++ } else if (child > 0) { ++ if (passwd != NULL) { /* send the password to the child */ ++ write(fds[1], passwd, strlen(passwd)+1); ++ passwd = NULL; ++ } else { ++ write(fds[1], "", 1); /* blank password */ ++ } ++ close(fds[0]); /* close here to avoid possible SIGPIPE above */ ++ close(fds[1]); ++ (void) waitpid(child, &retval, 0); /* wait for helper to complete */ ++ retval = (retval == 0) ? PAM_SUCCESS:PAM_AUTH_ERR; ++ } else { ++ if (options->debug) ++ pam_syslog (pamh, LOG_DEBUG, "fork failed"); ++ retval = PAM_AUTH_ERR; ++ } ++ ++ /* Unblock SIGCHLD */ ++ sigprocmask(SIG_BLOCK, &sigset, 0); ++ ++ if (options->debug) ++ pam_syslog (pamh, LOG_DEBUG, "returning %d", retval); ++ return retval; ++} + + int + pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc, +@@ -303,7 +375,7 @@ pam_sm_authenticate (pam_handle_t *pamh, + salt = strdupa (sp->sp_pwdp); + else + { +- if (strcmp (pw->pw_passwd, "x") == 0) ++ if ((strcmp (pw->pw_passwd, "x") == 0) && ((geteuid() == 0))) + __write_message (pamh, flags, PAM_TEXT_INFO, + _("Permissions on the password database may be too restrictive.")); + salt = strdupa (pw->pw_passwd); +@@ -325,10 +397,21 @@ pam_sm_authenticate (pam_handle_t *pamh, + + if (strcmp (crypt_r (password, salt, &output), salt) != 0) + { ++ if (geteuid()) ++ { ++ /* we are not root, perhaps this is the reason? Run helper */ ++ if (options.debug) ++ pam_syslog (pamh, LOG_DEBUG, "running helper binary"); ++ ++ retval = _unix2_run_helper_binary(pamh, password, name, &options); ++ return retval; ++ } ++ + if (options.debug) + pam_syslog (pamh, LOG_DEBUG, "wrong password, return PAM_AUTH_ERR"); + return PAM_AUTH_ERR; + } ++ + if (options.debug) + pam_syslog (pamh, LOG_DEBUG, "pam_sm_authenticate: PAM_SUCCESS"); + return PAM_SUCCESS; +diff -Naurp libpam-unix2-2.5.0.orig/unix2_chkpwd/Makefile libpam-unix2-2.5.0/unix2_chkpwd/Makefile +--- libpam-unix2-2.5.0.orig/unix2_chkpwd/Makefile 1970-01-01 01:00:00.000000000 +0100 ++++ libpam-unix2-2.5.0/unix2_chkpwd/Makefile 2008-05-13 13:49:17.116733781 +0200 +@@ -0,0 +1,15 @@ ++# Author: Christoph Pleger ++ ++all: unix2_chkpwd ++ ++unix2_chkpwd: unix2_chkpwd.o ++ gcc -lpam -o unix2_chkpwd unix2_chkpwd.o ++ ++clean: ++ rm -f unix2_chkpwd unix2_chkpwd.o ++ ++install: all ++ install -m 755 -d $(DESTDIR)/sbin ++ install -m u=rxs,g=rx,o=rx unix2_chkpwd $(DESTDIR)/sbin ++ install -m 755 -d $(DESTDIR)/usr/share/man/man8 ++ install -m 644 unix2_chkpwd.8 $(DESTDIR)/usr/share/man/man8 +diff -Naurp libpam-unix2-2.5.0.orig/unix2_chkpwd/unix2_chkpwd.8 libpam-unix2-2.5.0/unix2_chkpwd/unix2_chkpwd.8 +--- libpam-unix2-2.5.0.orig/unix2_chkpwd/unix2_chkpwd.8 1970-01-01 01:00:00.000000000 +0100 ++++ libpam-unix2-2.5.0/unix2_chkpwd/unix2_chkpwd.8 2008-05-13 10:39:40.388734561 +0200 +@@ -0,0 +1,79 @@ ++.\" Copyright (C) 2003 International Business Machines Corporation ++.\" This file is distributed according to the GNU General Public License. ++.\" See the file COPYING in the top level source directory for details. ++.\" ++.de Sh \" Subsection ++.br ++.if t .Sp ++.ne 5 ++.PP ++\fB\\$1\fR ++.PP ++.. ++.de Sp \" Vertical space (when we can't use .PP) ++.if t .sp .5v ++.if n .sp ++.. ++.de Ip \" List item ++.br ++.ie \\n(.$>=3 .ne \\$3 ++.el .ne 3 ++.IP "\\$1" \\$2 ++.. ++.TH "UNIX2_CHKPWD" 8 "2003-03-21" "Linux-PAM 0.76" "Linux-PAM Manual" ++.SH NAME ++unix2_chkpwd \- helper binary that verifies the password of the current user ++.SH "SYNOPSIS" ++.ad l ++.hy 0 ++ ++/sbin/unix2_chkpwd \fIservicename\fR \fIusername\fR ++.sp ++.ad ++.hy ++.SH "DESCRIPTION" ++.PP ++\fBunix2_chkpwd\fR is a helper program for applications that verifies ++the password of the current user. It is not intended to be run directly from ++the command line and logs a security violation if done so. ++ ++It is typically installed setuid root or setgid shadow and called by ++applications, which only wishes to do an user authentification and ++nothing more. ++ ++.SH "OPTIONS" ++.PP ++unix2_pwdchk requires the following arguments: ++.TP ++\fIpam_service\fR ++The name of the service using unix2_chkpwd. This is required to be one of ++the services in /etc/pam.d ++.TP ++\fIusername\fR ++The name of the user whose password you want to verify. ++ ++.SH "INPUTS" ++.PP ++unix2_pwdchk expects the password via stdin. ++ ++.SH "RETURN CODES" ++.PP ++\fBunix2_chkpwd\fR has the following return codes: ++.TP ++1 ++unix2_chkpwd was inappropriately called from the command line or the password is incorrect. ++ ++.TP ++0 ++The password is correct. ++ ++.SH "HISTORY" ++Written by Olaf Kirch loosely based on unix_chkpwd by Andrew Morgan ++ ++.SH "SEE ALSO" ++ ++.PP ++\fBpam\fR(8) ++ ++.SH AUTHOR ++Emily Ratliff. +diff -Naurp libpam-unix2-2.5.0.orig/unix2_chkpwd/unix2_chkpwd.c libpam-unix2-2.5.0/unix2_chkpwd/unix2_chkpwd.c +--- libpam-unix2-2.5.0.orig/unix2_chkpwd/unix2_chkpwd.c 1970-01-01 01:00:00.000000000 +0100 ++++ libpam-unix2-2.5.0/unix2_chkpwd/unix2_chkpwd.c 2008-05-13 10:39:40.392734242 +0200 +@@ -0,0 +1,264 @@ ++/* ++ * Set*id helper program for PAM authentication. ++ * ++ * It is supposed to be called from pam_unix2's ++ * pam_sm_authenticate function if the function notices ++ * that it's unable to get the password from the shadow file ++ * because it doesn't have sufficient permissions. ++ * ++ * Copyright (C) 2002 SuSE Linux AG ++ * ++ * Written by okir@suse.de, loosely based on unix_chkpwd ++ * by Andrew Morgan. ++ */ ++ ++#include ++#include ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++enum { ++ UNIX_PASSED = 0, ++ UNIX_FAILED = 1 ++}; ++ ++static char * program_name; ++static char pass[64]; ++static int npass = -1; ++ ++/* ++ * Log error messages ++ */ ++static void ++_log_err(int err, const char *format,...) ++{ ++ va_list args; ++ ++ va_start(args, format); ++ openlog(program_name, LOG_CONS | LOG_PID, LOG_AUTH); ++ vsyslog(err, format, args); ++ va_end(args); ++ closelog(); ++} ++ ++static void ++su_sighandler(int sig) ++{ ++ if (sig > 0) { ++ _log_err(LOG_NOTICE, "caught signal %d.", sig); ++ exit(sig); ++ } ++} ++ ++/* ++ * Setup signal handlers ++ */ ++static void ++setup_signals(void) ++{ ++ struct sigaction action; ++ ++ memset((void *) &action, 0, sizeof(action)); ++ action.sa_handler = su_sighandler; ++ action.sa_flags = SA_RESETHAND; ++ sigaction(SIGILL, &action, NULL); ++ sigaction(SIGTRAP, &action, NULL); ++ sigaction(SIGBUS, &action, NULL); ++ sigaction(SIGSEGV, &action, NULL); ++ action.sa_handler = SIG_IGN; ++ action.sa_flags = 0; ++ sigaction(SIGTERM, &action, NULL); ++ sigaction(SIGHUP, &action, NULL); ++ sigaction(SIGINT, &action, NULL); ++ sigaction(SIGQUIT, &action, NULL); ++ sigaction(SIGALRM, &action, NULL); ++} ++ ++static int ++_converse(int num_msg, const struct pam_message **msg, ++ struct pam_response **resp, void *appdata_ptr) ++{ ++ struct pam_response *reply; ++ int num; ++ ++ if (!(reply = malloc(sizeof(*reply) * num_msg))) ++ return PAM_CONV_ERR; ++ ++ for (num = 0; num < num_msg; num++) { ++ reply[num].resp_retcode = PAM_SUCCESS; ++ reply[num].resp = NULL; ++ switch (msg[num]->msg_style) { ++ case PAM_PROMPT_ECHO_ON: ++ return PAM_CONV_ERR; ++ case PAM_PROMPT_ECHO_OFF: ++ /* read the password from stdin */ ++ if (npass < 0) { ++ npass = read(STDIN_FILENO, pass, sizeof(pass)-1); ++ if (npass < 0) { ++ _log_err(LOG_DEBUG, "error reading password"); ++ return UNIX_FAILED; ++ } ++ pass[npass] = '\0'; ++ } ++ reply[num].resp = strdup(pass); ++ break; ++ case PAM_TEXT_INFO: ++ case PAM_ERROR_MSG: ++ /* ignored */ ++ break; ++ default: ++ /* Must be an error of some sort... */ ++ return PAM_CONV_ERR; ++ } ++ } ++ ++ *resp = reply; ++ return PAM_SUCCESS; ++} ++ ++static int ++_authenticate(const char *service, const char *user) ++{ ++ struct pam_conv conv = { _converse, NULL }; ++ pam_handle_t *pamh; ++ int err; ++ ++ err = pam_start(service, user, &conv, &pamh); ++ if (err != PAM_SUCCESS) { ++ _log_err(LOG_ERR, "pam_start(%s, %s) failed (errno %d)", ++ service, user, err); ++ return UNIX_FAILED; ++ } ++ ++ err = pam_authenticate(pamh, 0); ++ if (err != PAM_SUCCESS) ++ _log_err(LOG_ERR, "pam_authenticate(%s, %s): %s", ++ service, user, ++ pam_strerror(pamh, err)); ++ pam_end(pamh, err); ++ ++ if (err != PAM_SUCCESS) ++ return UNIX_FAILED; ++ return UNIX_PASSED; ++} ++ ++static char * ++getuidname(uid_t uid) ++{ ++ struct passwd *pw; ++ static char username[32]; ++ ++ pw = getpwuid(uid); ++ if (pw == NULL) ++ return NULL; ++ ++ strncpy(username, pw->pw_name, sizeof(username)); ++ username[sizeof(username) - 1] = '\0'; ++ ++ endpwent(); ++ return username; ++} ++ ++static int ++sane_pam_service(const char *name) ++{ ++ const char *sp; ++ char path[128]; ++ ++ if (strlen(name) > 32) ++ return 0; ++ for (sp = name; *sp; sp++) { ++ if (!isalnum(*sp) && *sp != '_' && *sp != '-') ++ return 0; ++ } ++ ++ snprintf(path, sizeof(path), "/etc/pam.d/%s", name); ++ return access(path, R_OK) == 0; ++} ++ ++int ++main(int argc, char *argv[]) ++{ ++ const char *program_name; ++ char *service, *user; ++ int fd; ++ uid_t uid; ++ ++ uid = getuid(); ++ ++ /* ++ * Make sure standard file descriptors are connected. ++ */ ++ while ((fd = open("/dev/null", O_RDWR)) <= 2) ++ ; ++ close(fd); ++ ++ /* ++ * Get the program name ++ */ ++ if (argc == 0) ++ program_name = "unix2_chkpwd"; ++ else if ((program_name = strrchr(argv[0], '/')) != NULL) ++ program_name++; ++ else ++ program_name = argv[0]; ++ ++ /* ++ * Catch or ignore as many signal as possible. ++ */ ++ setup_signals(); ++ ++ /* ++ * Check argument list ++ */ ++ if (argc < 2 || argc > 3) { ++ _log_err(LOG_NOTICE, "Bad number of arguments (%d)", argc); ++ return UNIX_FAILED; ++ } ++ ++ /* ++ * Get the service name and do some sanity checks on it ++ */ ++ service = argv[1]; ++ if (!sane_pam_service(service)) { ++ _log_err(LOG_ERR, "Illegal service name '%s'", service); ++ return UNIX_FAILED; ++ } ++ ++ /* ++ * Discourage users messing around (fat chance) ++ */ ++ if (isatty(STDIN_FILENO) && uid != 0) { ++ _log_err(LOG_NOTICE, ++ "Inappropriate use of Unix helper binary [UID=%d]", ++ uid); ++ fprintf(stderr, ++ "This binary is not designed for running in this way\n" ++ "-- the system administrator has been informed\n"); ++ sleep(10); /* this should discourage/annoy the user */ ++ return UNIX_FAILED; ++ } ++ ++ /* ++ * determine the caller's user name ++ */ ++ user = getuidname(uid); ++ if (argc == 3 && strcmp(user, argv[2])) { ++ user = argv[2]; ++ /* Discourage use of this program as a ++ * password cracker */ ++ if (uid != 0) ++ sleep(5); ++ } ++ return _authenticate(service, user); ++} --- libpam-unix2-2.4.1.orig/debian/patches/00list +++ libpam-unix2-2.4.1/debian/patches/00list @@ -0,0 +1,2 @@ +01_conf_location.dpatch +02_helper.dpatch --- libpam-unix2-2.4.1.orig/debian/patches/01_conf_location.dpatch +++ libpam-unix2-2.4.1/debian/patches/01_conf_location.dpatch @@ -0,0 +1,41 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 01_conf_location.dpatch by Ivan Kohler +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Change upstream /etc/default/passwd to the more Debian/FHS-friendly +## DP: /etc/security/pam_unix2.default + +@DPATCH@ +diff -urNad libpam-unix2-2.5.0~/doc/pam_unix2.8 libpam-unix2-2.5.0/doc/pam_unix2.8 +--- libpam-unix2-2.5.0~/doc/pam_unix2.8 2006-08-23 03:13:37.000000000 -0700 ++++ libpam-unix2-2.5.0/doc/pam_unix2.8 2007-06-11 18:02:37.000000000 -0700 +@@ -18,7 +18,7 @@ + .PP + The options can be added in the PAM configuration files for every + single service. +-.B /etc/default/passwd ++.B /etc/security/pam_unix2.default + defines, which password encryption algorithm should be used in case of a + password change. + .SH OPTIONS +@@ -93,7 +93,7 @@ + and login expire are ignored, only on aging warning is printed. If no + shadow information exists, it always returns success. + .SH FILES +-/etc/default/passwd ++/etc/security/pam_unix2.default + .SH "SEE ALSO" + .BR login (1), + .BR passwd (1), +diff -urNad libpam-unix2-2.5.0~/src/logindefs.c libpam-unix2-2.5.0/src/logindefs.c +--- libpam-unix2-2.5.0~/src/logindefs.c 2006-01-12 09:16:30.000000000 -0800 ++++ libpam-unix2-2.5.0/src/logindefs.c 2007-06-11 18:03:22.000000000 -0700 +@@ -155,7 +155,7 @@ + static void + load_defaults (void) + { +- load_defaults_internal ("/etc/default/passwd"); ++ load_defaults_internal ("/etc/security/pam_unix2.default"); + load_defaults_internal ("/etc/login.defs"); + } +