Accepting request 1080766 from Linux-PAM

OBS-URL: https://build.opensuse.org/request/show/1080766 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=130
2023-04-21 12:15:28 +00:00 · 2023-04-21 12:15:28 +00:00 · a121788e00
commit a121788e00
parent d77629b88f 81568528fd
13 changed files with 142 additions and 28024 deletions
--- a/Linux-PAM-1.5.2-docs.tar.xz
+++ b/Linux-PAM-1.5.2-docs.tar.xz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:bd75b3474dfbed60dff728721c48a6dd88bfea901b607c469bbe5fa5ccc535e4
 size 443276
--- a/Linux-PAM-1.5.2-docs.tar.xz.asc
+++ b/Linux-PAM-1.5.2-docs.tar.xz.asc
@ -1,16 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 iQIcBAABCgAGBQJhMg78AAoJEKgEH6g54W429wIP/1FdfjVSygdVkmCSbMl0Dvbp
 7/DOYkDb1W3KSzD4Y0pE76HXAxC5fL32781oioP3vx4YKLfP7VMxHM42ugFhKBcZ
 cdXZGwCHxvbfNesjm++Lg5I0w16Qh9BoJ5UNbcLoIur+bpadmhPorj2SutPY/U9j
 klKESN5AQtdnqUivTWbm4z8CrmZs3NoQTCfkv+ABW33olrj2gJtZucuMjfwDMQFS
 oDikxPUErpz7tUDuWEM5Gp26B9iuz4mX/2pUmta18r0Y6RGSl6QtmjEhTlGR2n5R
 XEDIZX4vLAYzWum63bzJH/xiyoRMur0lO55GSPtpLnLYPdaot8fWYzdpvRdfg7DR
 rristlSYNtRhs3ORbMvvxqgkdzVKa6CLm9WuJiTHPY2dxNP6q8TYdHxyPtrscyz0
 ijhvxAYGHvJ47JESvV16pLaQhTKdVp95aM+pC8A2WfCMZf8WfKM8ZpT9JtZ6tjwC
 wc79KWEX9SARoiqk0ZuqITu1pR9gzzDS5WBehwvJkTFm95PkaxQyPNCYwbUIouUf
 c+mg5u2xaXrR4NWLMZZid0HRivwYb3/nK8hqUqRaUEri2KoSl6N5f8KlNiyLQiUN
 JYB/GRWFueCkGPzuhCREyxdQ0Pxh3H1Us6TLgFHYv/ZdJjYY9GpqLXx7PuoKhZUU
 kfOtmSc7D8FhaXULOtvi
 =ijjK
 -----END PGP SIGNATURE-----
--- a/Linux-PAM-1.5.2.90.tar.xz
+++ b/Linux-PAM-1.5.2.90.tar.xz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:5a819c1b629b8101543e6c964a4e22d23b29f3456d28b4ba403dd280e46a6315
 size 1009900
--- a/Linux-PAM-1.5.2.tar.xz
+++ b/Linux-PAM-1.5.2.tar.xz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:e4ec7131a91da44512574268f493c6d8ca105c87091691b8e9b56ca685d4f94d
 size 988784
--- a/Linux-PAM-1.5.2.tar.xz.asc
+++ b/Linux-PAM-1.5.2.tar.xz.asc
@ -1,16 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 iQIcBAABCgAGBQJhMg48AAoJEKgEH6g54W42TUgP/0feavEYuZpjTWche32Ug2nu
 h6TGQbqkAasDexkHf6S2p+LYbt/6Nl+EpzOtELY/F3qRq8aYgTlHpJETSSBcZ++t
 tIhoaPAhEt+N5vb4YfTQcYIGihdgAzQCj0LViEuG/1PgSUjPdbW8RyvfJTw6I3Ch
 XUulrEwyudPCZHDpdW06DMv2we/7oTzrWHVDEmY/TTFKCvDSuAixLrxZrLO/MRK4
 huhXhe3oGv+TtLCqPcr0nJDTl44XNQOTbP/Dl+EI/5tXlDLXLH+IiPEMvnDRbsdd
 ngqdwM6wsOenEtlcA27YkDID/FRwgGJILKNaaUKSIa/uk8Tzy+Lx0j1wKEmE8P4T
 JI+24IIP5Gw8Sxd+NB8lSjtHXlyJF8psAFRWnTb67mgVTXruDXo771Mhqqy2Vu74
 sjf03w6jYrcGGKHlr7Q08jncghmMHFdW6jAcOG02oNO1oNrSu67MjAIqFox36Byu
 FmCajrGBwCR6bWmHCFRGT9qESWg9zRjPL7vkVBmAQg4J4og8FExUi8wBqt1zFH8W
 vGTgCDB/Oue3nYTws27hNKEeYumA8emOHyCG4n80vyA6DbRp+7nrtcDnJQir0lzf
 8UfWxooIJNqFH9ohnAqMTqJbKJkjLswLnTVpuyJvgzDwGl4sdSvIToxTo/2jp2W+
 q1y3BpSxAA1wOd9/mTM+
 =KMIz
 -----END PGP SIGNATURE-----
--- a/docbook5.patch
+++ b/docbook5.patch
--- a/pam-bsc1177858-dont-free-environment-string.patch
+++ b/pam-bsc1177858-dont-free-environment-string.patch
@ -1,26 +0,0 @@
 Index: Linux-PAM-1.4.0/modules/pam_xauth/pam_xauth.c
 ===================================================================
 --- Linux-PAM-1.4.0.orig/modules/pam_xauth/pam_xauth.c
 +++ Linux-PAM-1.4.0/modules/pam_xauth/pam_xauth.c
@@ -701,8 +701,9 @@ pam_sm_open_session (pam_handle_t *pamh,
 			pam_syslog(pamh, LOG_ERR,
 				   "can't set environment variable '%s'",
 				   xauthority);
 -		putenv (xauthority); /* The environment owns this string now. */
 -		/* Don't free environment variables nor set them to NULL. */
 +		if (putenv (xauthority) == 0) /* The environment owns this string now. */
 +		    xauthority = NULL;
 +		/* Don't free environment variables. */
 		/* set $DISPLAY in pam handle to make su - work */
 		{
@@ -765,7 +766,8 @@ cleanup:
 		unsetenv (XAUTHENV);
 	free(cookiefile);
 	free(cookie);
 -	free(xauthority);
 +	if (xauthority != NULL)	/* If it hasn't been successfully passed to putenv() ... */
 +	    free(xauthority);
 	return retval;
 }
--- a/pam-git.diff
+++ b/pam-git.diff
--- a/pam-xauth_ownership.patch
+++ b/pam-xauth_ownership.patch
@ -1,105 +0,0 @@
 diff -urN Linux-PAM-1.5.0/modules/pam_xauth/pam_xauth.c Linux-PAM-1.5.0.xauth/modules/pam_xauth/pam_xauth.c
 --- Linux-PAM-1.5.0/modules/pam_xauth/pam_xauth.c	2020-11-10 16:46:13.000000000 +0100
 +++ Linux-PAM-1.5.0.xauth/modules/pam_xauth/pam_xauth.c	2020-11-19 11:50:54.176925556 +0100
@@ -355,11 +355,13 @@
 	char *cookiefile = NULL, *xauthority = NULL,
 	     *cookie = NULL, *display = NULL, *tmp = NULL,
 	     *xauthlocalhostname = NULL;
 -	const char *user, *xauth = NULL;
 +	const char *user, *xauth = NULL, *login_name;
 	struct passwd *tpwd, *rpwd;
 	int fd, i, debug = 0;
 	int retval = PAM_SUCCESS;
 -	uid_t systemuser = 499, targetuser = 0;
 +	uid_t systemuser = 499, targetuser = 0, uid;
 +	gid_t gid;
 +	struct stat st;
 	/* Parse arguments.  We don't understand many, so no sense in breaking
 	 * this into a separate function. */
@@ -429,7 +431,16 @@
 		retval = PAM_SESSION_ERR;
 		goto cleanup;
 	}
 -	rpwd = pam_modutil_getpwuid(pamh, getuid());
 +
 +	login_name = pam_modutil_getlogin(pamh);
 +	if (login_name == NULL) {
 +		login_name = "";
 +	}
 +	if (*login_name)
 +		rpwd = pam_modutil_getpwnam(pamh, login_name);
 +	else
 +		rpwd = pam_modutil_getpwuid(pamh, getuid());
 +
 	if (rpwd == NULL) {
 		pam_syslog(pamh, LOG_ERR,
 			   "error determining invoking user's name");
@@ -518,18 +529,26 @@
 			   cookiefile);
 	}
 +	/* Get owner and group of the cookiefile */
 +	uid = getuid();
 +	gid = getgid();
 +	if (stat(cookiefile, &st) == 0) {
 +		uid = st.st_uid;
 +		gid = st.st_gid;
 +	}
 +
 	/* Read the user's .Xauthority file.  Because the current UID is
 	 * the original user's UID, this will only fail if something has
 	 * gone wrong, or we have no cookies. */
 	if (debug) {
 		pam_syslog(pamh, LOG_DEBUG,
 -			   "running \"%s %s %s %s %s\" as %lu/%lu",
 -			   xauth, "-f", cookiefile, "nlist", display,
 -			   (unsigned long) getuid(), (unsigned long) getgid());
 +			   "running \"%s %s %s %s %s %s\" as %lu/%lu",
 +			   xauth, "-i", "-f", cookiefile, "nlist", display,
 +			   (unsigned long) uid, (unsigned long) gid);
 	}
 	if (run_coprocess(pamh, NULL, &cookie,
 -			  getuid(), getgid(),
 -			  xauth, "-f", cookiefile, "nlist", display,
 +			  uid, gid,
 +			  xauth, "-i", "-f", cookiefile, "nlist", display,
 			  NULL) == 0) {
 #ifdef WITH_SELINUX
 		char *context_raw = NULL;
@@ -583,12 +602,12 @@
 						       cookiefile,
 						       "nlist",
 						       t,
 -						       (unsigned long) getuid(),
 -						       (unsigned long) getgid());
 +						       (unsigned long) uid,
 +						       (unsigned long) gid);
 					}
 					run_coprocess(pamh, NULL, &cookie,
 -						      getuid(), getgid(),
 -						      xauth, "-f", cookiefile,
 +						      uid, gid,
 +						      xauth, "-i", "-f", cookiefile,
 						      "nlist", t, NULL);
 				}
 				free(t);
@@ -673,13 +692,17 @@
 			goto cleanup;
 		}
 +		if (debug) {
 +			pam_syslog(pamh, LOG_DEBUG, "set environment variable '%s'",
 +				   xauthority);
 +		}
 		/* Set the new variable in the environment. */
 		if (pam_putenv (pamh, xauthority) != PAM_SUCCESS)
 			pam_syslog(pamh, LOG_ERR,
 				   "can't set environment variable '%s'",
 				   xauthority);
 		putenv (xauthority); /* The environment owns this string now. */
 -		xauthority = NULL; /* Don't free environment variables. */
 +		/* Don't free environment variables nor set them to NULL. */
 		/* set $DISPLAY in pam handle to make su - work */
 		{
--- a/pam.changes
+++ b/pam.changes
@ -1,3 +1,39 @@
 -------------------------------------------------------------------
 Thu Apr 20 09:40:50 UTC 2023 - Thorsten Kukuk <kukuk@suse.com>
 - pam-extra: add split provide
 -------------------------------------------------------------------
 Wed Apr 12 11:28:48 UTC 2023 - Thorsten Kukuk <kukuk@suse.com>
 - pam-userdb: add split provide
 -------------------------------------------------------------------
 Tue Apr 11 07:53:44 UTC 2023 - Thorsten Kukuk <kukuk@suse.com>
 - Drop pam-xauth_ownership.patch, got fixed in sudo itself
 - Drop pam-bsc1177858-dont-free-environment-string.patch, was a 
  fix for above patch
 -------------------------------------------------------------------
 Thu Apr  6 12:11:30 UTC 2023 - Thorsten Kukuk <kukuk@suse.com>
 - Use bcond selinux to disable SELinux
 - Remove old pam_unix_* compat symlinks
 - Move pam_userdb to own pam-userdb sub-package
 - pam-extra contains now modules having extended dependencies like
  libsystemd
 - Update to 1.5.3.90 git snapshot
 - Drop merged patches:
  - pam-git.diff
  - docbook5.patch
  - pam_pwhistory-docu.patch
  - pam_xauth_data.3.xml.patch
 - Drop Linux-PAM-1.5.2.90.tar.xz as we have to rebuild all
  documentation anyways and don't use the prebuild versions
 - Move all devel manual pages to pam-manpages, too. Fixes the 
  problem that adjusted defaults not shown correct.
 -------------------------------------------------------------------
 Mon Mar 20 10:12:41 UTC 2023 - Thorsten Kukuk <kukuk@suse.com>
@ -45,7 +81,7 @@ Thu Dec 15 12:47:53 UTC 2022 - Thorsten Kukuk <kukuk@suse.com>
 Tue Dec  6 16:43:49 UTC 2022 - Thorsten Kukuk <kukuk@suse.com>
 - pam_pwhistory-docu.patch, docbook5.patch: convert docu to
-  docbook5 
+  docbook5
 -------------------------------------------------------------------
 Thu Dec  1 13:51:35 UTC 2022 - Thorsten Kukuk <kukuk@suse.com>
@ -129,7 +165,7 @@ Mon Nov 22 13:12:09 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
  - 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch
  - 0002-Only-include-vendordir-in-manual-page-if-set-401.patch
  - 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch
- For buggy bot: Makefile-pam_unix-nis.diff belonged to the other 
+- For buggy bot: Makefile-pam_unix-nis.diff belonged to the other
  spec file.
 -------------------------------------------------------------------
@ -296,7 +332,7 @@ Fri Nov 27 09:10:28 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
 -------------------------------------------------------------------
 Thu Nov 26 13:31:52 UTC 2020 - Ludwig Nussel <lnussel@suse.de>
- add macros.pam to abstract directory for pam modules 
+- add macros.pam to abstract directory for pam modules
 -------------------------------------------------------------------
 Thu Nov 19 15:43:33 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
@ -678,8 +714,8 @@ Thu Dec  8 12:41:05 UTC 2016 - josef.moellers@suse.com
 -------------------------------------------------------------------
 Sun Jul 31 11:08:19 UTC 2016 - develop7@develop7.info
- pam-limit-nproc.patch: increased process limit to help 
+- pam-limit-nproc.patch: increased process limit to help
-  Chrome/Chromuim users with really lots of tabs. New limit gets 
+  Chrome/Chromuim users with really lots of tabs. New limit gets
  closer to UserTasksMax parameter in logind.conf
 -------------------------------------------------------------------
@ -803,7 +839,7 @@ Mon Jan 27 17:05:11 CET 2014 - kukuk@suse.de
 -------------------------------------------------------------------
 Mon Jan 27 15:14:34 CET 2014 - kukuk@suse.de
- Update to current git (Linux-PAM-git-20140127.diff), which 
+- Update to current git (Linux-PAM-git-20140127.diff), which
  obsoletes pam_loginuid-part1.diff, pam_loginuid-part2.diff and
  Linux-PAM-git-20140109.diff.
  - Fix gratuitous use of strdup and x_strdup
@ -865,7 +901,7 @@ Sat Sep 28 09:26:21 UTC 2013 - mc@suse.com
 -------------------------------------------------------------------
 Fri Sep 20 21:42:54 UTC 2013 - hrvoje.senjan@gmail.com
- Explicitly add pam_systemd.so to list of modules in 
+- Explicitly add pam_systemd.so to list of modules in
  common-session.pamd (bnc#812462)
 -------------------------------------------------------------------
@ -886,7 +922,7 @@ Mon Sep 16 11:54:15 CEST 2013 - kukuk@suse.de
 -------------------------------------------------------------------
 Thu Sep 12 10:05:53 CEST 2013 - kukuk@suse.de
- Remove pam_unix-login.defs.diff, not needed anymore 
+- Remove pam_unix-login.defs.diff, not needed anymore
 -------------------------------------------------------------------
 Thu Sep 12 09:47:52 CEST 2013 - kukuk@suse.de
@ -908,7 +944,7 @@ Mon May 27 12:26:53 CEST 2013 - kukuk@suse.de
 -------------------------------------------------------------------
 Fri Apr 26 10:25:06 UTC 2013 - mmeister@suse.com
- Added libtool as BuildRequire, and autoreconf -i option to fix 
+- Added libtool as BuildRequire, and autoreconf -i option to fix
  build with new automake
 -------------------------------------------------------------------
@ -1004,7 +1040,7 @@ Wed May 25 16:15:30 CEST 2011 - kukuk@suse.de
 Wed Feb 23 12:45:03 UTC 2011 - vcizek@novell.com
 - bnc#673826 rework
-  * manpage is left intact, as it was 
+  * manpage is left intact, as it was
  * correct parsing of "quiet" option
 -------------------------------------------------------------------
@ -1037,7 +1073,7 @@ Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de
 -------------------------------------------------------------------
 Mon May 10 14:22:18 CEST 2010 - kukuk@suse.de
- Update to current CVS version (pam_rootok: Add support for 
+- Update to current CVS version (pam_rootok: Add support for
  chauthtok and acct_mgmt, [bnc#533249])
 -------------------------------------------------------------------
@ -1087,13 +1123,13 @@ Fri Apr  3 21:43:48 CEST 2009 - rguenther@suse.de
 Fri Mar 27 11:41:23 CET 2009 - kukuk@suse.de
 - Update to version 1.0.91 aka 1.1 Beta2:
-  * Changes in the behavior of the password stack. Results of 
+  * Changes in the behavior of the password stack. Results of
    PRELIM_CHECK are not used for the final run.
  * Redefine LOCAL keyword of pam_access configuration file
-  * Add support for try_first_pass and use_first_pass to 
+  * Add support for try_first_pass and use_first_pass to
    pam_cracklib
  * New password quality tests in pam_cracklib
-  * Add support for passing PAM_AUTHTOK to stdin of helpers from 
+  * Add support for passing PAM_AUTHTOK to stdin of helpers from
    pam_exec
  * New options for pam_lastlog to show last failed login attempt and
    to disable lastlog update
@ -1137,7 +1173,7 @@ Thu Dec  4 12:34:56 CET 2008 - olh@suse.de
 -------------------------------------------------------------------
 Thu Nov 27 15:56:51 CET 2008 - mc@suse.de
- enhance the man page for limits.conf (bnc#448314) 
+- enhance the man page for limits.conf (bnc#448314)
 -------------------------------------------------------------------
 Mon Nov 24 17:21:19 CET 2008 - kukuk@suse.de
@ -1154,7 +1190,7 @@ Wed Nov 19 11:13:31 CET 2008 - kukuk@suse.de
 Tue Nov  4 13:42:03 CET 2008 - mc@suse.de
 - pam_xauth: put XAUTHLOCALHOSTNAME into new enviroment
-  (bnc#441314) 
+  (bnc#441314)
 -------------------------------------------------------------------
 Fri Oct 17 14:02:31 CEST 2008 - kukuk@suse.de
@ -1263,7 +1299,7 @@ Mon Mar 26 15:48:13 CEST 2007 - rguenther@suse.de
 Wed Jan 24 11:27:16 CET 2007 - mc@suse.de
 - add %verify_permissions for /sbin/unix_chkpwd
-  [#237625] 
+  [#237625]
 -------------------------------------------------------------------
 Tue Jan 23 13:19:51 CET 2007 - kukuk@suse.de
@ -1422,7 +1458,7 @@ Thu Mar  2 16:49:10 CET 2006 - kukuk@suse.de
 -------------------------------------------------------------------
 Thu Feb 23 13:21:22 CET 2006 - kukuk@suse.de
- pam_lastlog: 
+- pam_lastlog:
  - Initialize correct struct member [SF#1427401]
  - Mark strftime fmt string for translation [SF#1428269]
@ -1434,13 +1470,13 @@ Sun Feb 19 09:15:42 CET 2006 - kukuk@suse.de
 -------------------------------------------------------------------
 Sat Feb 18 12:45:19 CET 2006 - ro@suse.de
- really disable audit if header file not present 
+- really disable audit if header file not present
 -------------------------------------------------------------------
 Tue Feb 14 13:29:42 CET 2006 - kukuk@suse.de
 - Update fi.po
- Add km.po 
+- Add km.po
 - Update pl.po
 -------------------------------------------------------------------
@ -1603,7 +1639,7 @@ Fri May 20 13:18:43 CEST 2005 - kukuk@suse.de
 -------------------------------------------------------------------
 Thu May 12 16:37:07 CEST 2005 - schubi@suse.de
- Bug 82687 - pam_client.h redefines __u8 and __u32 
+- Bug 82687 - pam_client.h redefines __u8 and __u32
 -------------------------------------------------------------------
 Fri Apr 29 11:18:16 CEST 2005 - kukuk@suse.de
@ -1629,7 +1665,7 @@ Mon Jan 24 16:02:11 CET 2005 - kukuk@suse.de
 Mon Jan 24 11:30:27 CET 2005 - schubi@suse.de
 - Made patch of latest CVS tree
- Removed patch pam_handler.diff ( included in CVS now ) 
+- Removed patch pam_handler.diff ( included in CVS now )
 - moved Linux-PAM-0.78.dif to pam_group_time.diff
 -------------------------------------------------------------------
@ -1692,7 +1728,7 @@ Fri Mar 12 14:32:27 CET 2004 - kukuk@suse.de
 -------------------------------------------------------------------
 Sun Jan 18 12:11:37 CET 2004 - meissner@suse.de
- We no longer have pam in the buildsystem, so we 
+- We no longer have pam in the buildsystem, so we
  need some buildroot magic flags for the dlopen tests.
 -------------------------------------------------------------------
@ -1756,7 +1792,7 @@ Tue Jun 10 12:08:56 CEST 2003 - kukuk@suse.de
 -------------------------------------------------------------------
 Tue May 27 16:26:00 CEST 2003 - ro@suse.de
- added cracklib-devel to neededforbuild 
+- added cracklib-devel to neededforbuild
 -------------------------------------------------------------------
 Thu Feb 13 14:56:05 CET 2003 - kukuk@suse.de
@ -1776,7 +1812,7 @@ Mon Nov 11 11:26:13 CET 2002 - ro@suse.de
 -------------------------------------------------------------------
 Sat Sep 14 18:12:49 CEST 2002 - ro@suse.de
- changed securetty / use extra file 
+- changed securetty / use extra file
 -------------------------------------------------------------------
 Fri Sep 13 18:21:35 CEST 2002 - bk@suse.de
@ -1830,7 +1866,7 @@ Wed Mar 13 10:44:20 CET 2002 - kukuk@suse.de
 -------------------------------------------------------------------
 Mon Feb 11 22:46:43 CET 2002 - ro@suse.de
- tar option for bz2 is "j" 
+- tar option for bz2 is "j"
 -------------------------------------------------------------------
 Fri Jan 25 18:55:26 CET 2002 - kukuk@suse.de
@ -1933,7 +1969,7 @@ Tue Feb 13 14:17:13 CET 2001 - kukuk@suse.de
 -------------------------------------------------------------------
 Tue Feb  6 01:34:06 CET 2001 - ro@suse.de
- pam_issue.c: include time.h to make it compile 
+- pam_issue.c: include time.h to make it compile
 -------------------------------------------------------------------
 Fri Jan  5 22:51:44 CET 2001 - kukuk@suse.de
@ -1964,12 +2000,12 @@ Thu Oct 26 16:36:09 CEST 2000 - kukuk@suse.de
 -------------------------------------------------------------------
 Fri Oct 20 12:03:07 CEST 2000 - kukuk@suse.de
- Don't link PAM modules against old libpam library 
+- Don't link PAM modules against old libpam library
 -------------------------------------------------------------------
 Wed Oct 18 11:53:34 CEST 2000 - kukuk@suse.de
- Create new "devel" subpackage 
+- Create new "devel" subpackage
 -------------------------------------------------------------------
 Thu Oct 12 15:16:55 CEST 2000 - kukuk@suse.de
@ -1979,7 +2015,7 @@ Thu Oct 12 15:16:55 CEST 2000 - kukuk@suse.de
 -------------------------------------------------------------------
 Tue Oct  3 15:05:00 CEST 2000 - kukuk@suse.de
- Fix problems with new gcc and glibc 2.2 header files 
+- Fix problems with new gcc and glibc 2.2 header files
 -------------------------------------------------------------------
 Wed Sep 13 13:12:08 CEST 2000 - kukuk@suse.de
@ -2034,7 +2070,7 @@ Tue Feb 15 17:47:50 CET 2000 - kukuk@suse.de
 -------------------------------------------------------------------
 Mon Feb  7 17:55:42 CET 2000 - kukuk@suse.de
- pwdb: Update to 0.61 
+- pwdb: Update to 0.61
 -------------------------------------------------------------------
 Thu Jan 27 16:54:03 CET 2000 - kukuk@suse.de
@ -2053,7 +2089,7 @@ Thu Jan 13 18:22:10 CET 2000 - kukuk@suse.de
 -------------------------------------------------------------------
 Wed Oct 13 16:48:51 MEST 1999 - kukuk@suse.de
- pam_pwdb: Add security fixes from RedHat 
+- pam_pwdb: Add security fixes from RedHat
 -------------------------------------------------------------------
 Mon Oct 11 20:34:18 MEST 1999 - kukuk@suse.de
@ -2077,14 +2113,14 @@ Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de
 Sat Sep 11 17:38:50 MEST 1999 - kukuk@suse.de
 - Add pam_wheel to file list
- pam_wheel: Minor fixes 
+- pam_wheel: Minor fixes
 - pam_unix2: root is allowed to change passwords with wrong
             password aging information
 -------------------------------------------------------------------
 Mon Aug 30 10:16:43 MEST 1999 - kukuk@suse.de
- pam_unix2: Fix typo 
+- pam_unix2: Fix typo
 -------------------------------------------------------------------
 Thu Aug 19 16:05:09 MEST 1999 - kukuk@suse.de
@ -2104,7 +2140,7 @@ Tue Jul 13 11:09:41 MEST 1999 - kukuk@suse.de
 -------------------------------------------------------------------
 Sat Jul 10 18:41:00 MEST 1999 - kukuk@suse.de
- Add HP-UX password aging to pam_unix2. 
+- Add HP-UX password aging to pam_unix2.
 -------------------------------------------------------------------
 Wed Jul  7 17:45:04 MEST 1999 - kukuk@suse.de
@ -2130,7 +2166,7 @@ Tue Jun 29 10:57:18 MEST 1999 - kukuk@suse.de
 -------------------------------------------------------------------
 Mon Jun 28 13:59:18 MEST 1999 - kukuk@suse.de
- pam_warn: Add missing functions 
+- pam_warn: Add missing functions
 - other.pamd: Update
 - Add more doku
@ -2144,19 +2180,19 @@ Thu Jun 24 14:24:54 MEST 1999 - kukuk@suse.de
 Mon Jun 21 10:10:35 MEST 1999 - kukuk@suse.de
 - Update to Linux-PAM 0.67
- Add Debian pam_env patch 
+- Add Debian pam_env patch
 -------------------------------------------------------------------
 Thu Jun 17 15:59:30 MEST 1999 - kukuk@suse.de
- pam_ftp malloc (core dump) fix 
+- pam_ftp malloc (core dump) fix
 -------------------------------------------------------------------
 Tue Jun 15 18:57:03 MEST 1999 - kukuk@suse.de
- pam_unix2 fixes 
+- pam_unix2 fixes
 -------------------------------------------------------------------
 Mon Jun  7 11:34:48 MEST 1999 - kukuk@suse.de
- First PAM package: pam 0.66, pwdb 0.57 and pam_unix2 
+- First PAM package: pam 0.66, pwdb 0.57 and pam_unix2
--- a/pam.spec
+++ b/pam.spec
@ -35,6 +35,7 @@
 %define livepatchable 0
 %endif
 %bcond_without selinux
 %bcond_with debug
 %define flavor @BUILD_FLAVOR@%{nil}
@ -46,15 +47,18 @@
 %if "%{flavor}" == "full"
 %define build_main 0
 %define build_doc 1
 %define build_extra 1
 %define build_userdb 1
 %define name_suffix -%{flavor}-src
 %else
 %define build_main 1
 %define build_doc 0
 %define build_extra 0
 %define build_userdb 0
 %define name_suffix %{nil}
 %endif
 #
 %define enable_selinux 1
 %define libpam_so_version 0.85.1
 %define libpam_misc_so_version 0.82.1
 %define libpamc_so_version 0.82.1
@ -67,14 +71,14 @@
 #
 Name:           pam%{name_suffix}
 #
-Version:        1.5.2
+Version:        1.5.2.90
 Release:        0
 Summary:        A Security Tool that Provides Authentication for Applications
 License:        GPL-2.0-or-later OR BSD-3-Clause
 Group:          System/Libraries
-URL:            http://www.linux-pam.org/
+URL:            https://github.com/linux-pam/linux-pam
 Source:         Linux-PAM-%{version}.tar.xz
-Source1:        Linux-PAM-%{version}-docs.tar.xz
+# XXX Source1:        Linux-PAM-%{version}.tar.xz.asc
 Source2:        macros.pam
 Source3:        other.pamd
 Source4:        common-auth.pamd
@ -86,20 +90,12 @@ Source10:       unix2_chkpwd.c
 Source11:       unix2_chkpwd.8
 Source12:       pam-login_defs-check.sh
 Source13:       pam.tmpfiles
 Source14:       Linux-PAM-%{version}-docs.tar.xz.asc
 Source15:       Linux-PAM-%{version}.tar.xz.asc
 Source20:       common-session-nonlogin.pamd
 Source21:       postlogin-auth.pamd
 Source22:       postlogin-account.pamd
 Source23:       postlogin-password.pamd
 Source24:       postlogin-session.pamd
 Patch1:         pam-limit-nproc.patch
 Patch3:         pam-xauth_ownership.patch
 Patch4:         pam-bsc1177858-dont-free-environment-string.patch
 Patch5:        pam_xauth_data.3.xml.patch
 Patch11:        pam-git.diff
 Patch13:        pam_pwhistory-docu.patch
 Patch14:        docbook5.patch
 BuildRequires:  audit-devel
 BuildRequires:  bison
 BuildRequires:  flex
@ -110,39 +106,55 @@ Requires(post): permissions
 # Upgrade this symbol version only if new variables appear!
 # Verify by shadow-login_defs-check.sh from shadow source package.
 Recommends:     login_defs-support-for-pam >= 1.5.2
 %if 0%{?suse_version} > 1320
 BuildRequires:  pkgconfig(libeconf)
-%endif
+%if %{with selinux}
 %if %{enable_selinux}
 BuildRequires:  libselinux-devel
 %endif
 Obsoletes:      pam_unix
 Obsoletes:      pam_unix-nis
 Recommends:     pam-manpages
 %if 0%{?suse_version} >= 1330
 Requires(pre):  group(shadow)
 Requires(pre):  user(root)
 %endif
 %description
 PAM (Pluggable Authentication Modules) is a system security tool that
 allows system administrators to set authentication policies without
 having to recompile programs that do authentication.
-%package extra
+%if %{build_userdb}
 %package -n pam-userdb
 Summary:        PAM module to authenticate against a separate database
 Group:          System/Libraries
 Provides:       pam-extra:%{_pam_moduledir}/pam_userdb.so
 BuildRequires:  libdb-4_8-devel
 BuildRequires:  pam-devel
-%description extra
+%description -n pam-userdb
 PAM (Pluggable Authentication Modules) is a system security tool that
 allows system administrators to set authentication policies without
 having to recompile programs that do authentication.
-This package contains useful extra modules eg pam_userdb which is
+This package contains pam_userdb which is used to verify a
-used to verify a username/password pair against values stored in
+username/password pair against values stored in a Berkeley DB database.
-a Berkeley DB database.
+%endif
 %if %{build_extra}
 %package -n pam-extra
 Summary:        PAM module with extended dependencies
 Group:          System/Libraries
 BuildRequires:  pkgconfig(systemd)
 BuildRequires:  pam-devel
 Provides:	pam:%{_sbindir}/pam_timestamp_check
 %description -n pam-extra
 PAM (Pluggable Authentication Modules) is a system security tool that
 allows system administrators to set authentication policies without
 having to recompile programs that do authentication.
 This package contains extra modules eg pam_issue and pam_timestamp which
 can have extended dependencies.
 %endif
 %if %{build_doc}
@ -191,17 +203,9 @@ This package contains header files and static libraries used for
 building both PAM-aware applications and modules for use with PAM.
 %prep
-%setup -q -n Linux-PAM-%{version} -b 1
+%setup -q -n Linux-PAM-%{version}
 cp -a %{SOURCE12} .
 %patch11 -p1
 %patch1 -p1
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
 %if %{build_doc}
 %patch13 -p1
 %patch14 -p1
 %endif
 %build
 bash ./pam-login_defs-check.sh
@ -220,6 +224,7 @@ CFLAGS="$CFLAGS -fpatchable-function-entry=16,14 -fdump-ipa-clones"
 	--enable-isadir=../..%{_pam_moduledir} \
 	--enable-securedir=%{_pam_moduledir} \
 	--enable-vendordir=%{_prefix}/etc \
 	--disable-nis \
 %if %{with debug}
 	--enable-debug
 %endif
@ -291,9 +296,6 @@ mkdir -p %{buildroot}%{_prefix}/lib/motd.d
 # Remove crap
 #
 find %{buildroot} -type f -name "*.la" -delete -print
 for x in pam_unix_auth pam_unix_acct pam_unix_passwd pam_unix_session; do
  ln -f %{buildroot}%{_pam_moduledir}/pam_unix.so %{buildroot}%{_pam_moduledir}/$x.so
 done
 #
 # Install READMEs of PAM modules
 #
@ -312,27 +314,25 @@ install -D -m 644 %{SOURCE2} %{buildroot}%{_rpmmacrodir}/macros.pam
 # /run/motd.d
 install -Dm0644 %{SOURCE13} %{buildroot}%{_tmpfilesdir}/pam.conf
-mkdir -p %{buildroot}%{_pam_secdistconfdir}
+mkdir -p %{buildroot}%{_pam_secdistconfdir}/{limits.d,namespace.d}
 mv %{buildroot}%{_sysconfdir}/security/{limits.conf,faillock.conf,group.conf,pam_env.conf,access.conf,limits.d,sepermit.conf,time.conf} %{buildroot}%{_pam_secdistconfdir}/
 mv %{buildroot}%{_sysconfdir}/security/{namespace.conf,namespace.d,namespace.init} %{buildroot}%{_pam_secdistconfdir}/
 mv %{buildroot}%{_sysconfdir}/environment %{buildroot}%{_distconfdir}/environment
 # Remove manual pages for main package
 %if !%{build_doc}
-rm -rf %{buildroot}%{_mandir}/man[58]/*
+rm -rf %{buildroot}%{_mandir}/man?/*
 install -m 644 modules/pam_userdb/pam_userdb.8 %{buildroot}/%{_mandir}/man8/
 %else
 install -m 644 %{_sourcedir}/unix2_chkpwd.8 %{buildroot}/%{_mandir}/man8/
 # bsc#1188724
 echo '.so man8/pam_motd.8' > %{buildroot}%{_mandir}/man5/motd.5
 %endif
 %if !%{build_main}
 rm -rf %{buildroot}{%{_sysconfdir},%{_distconfdir},%{_sbindir},%{_pam_secconfdir},%{_pam_confdir},%{_datadir}/locale}
 rm -rf %{buildroot}{%{_includedir},%{_libdir},%{_prefix}/lib}
 rm -rf %{buildroot}%{_mandir}/man3/*
 rm -rf %{buildroot}%{_mandir}/man8/pam_userdb.8*
 %if !%{build_main}
 rm -rf %{buildroot}{%{_sysconfdir},%{_distconfdir},%{_sbindir}/{f*,m*,pam_n*,pw*,u*},%{_pam_secconfdir},%{_pam_confdir},%{_datadir}/locale}
 rm -rf %{buildroot}{%{_includedir},%{_libdir}/{libpam*,pkgconfig},%{_pam_vendordir},%{_rpmmacrodir},%{_tmpfilesdir}}
 rm -rf %{buildroot}%{_pam_moduledir}/pam_{a,b,c,d,e,f,g,h,j,k,l,m,n,o,p,q,r,s,v,w,x,y,z,time.,tt,um,un,usertype}*
 %else
 # Delete files for extra package
 rm -rf  %{buildroot}{%{_pam_moduledir}/pam_issue.so,%{_pam_moduledir}/pam_timestamp.so,%{_sbindir}/pam_timestamp_check}
 # Create filelist with translations
 %find_lang Linux-PAM
@ -392,13 +392,13 @@ done
 %{_pam_secdistconfdir}/faillock.conf
 %{_pam_secdistconfdir}/limits.conf
 %{_pam_secdistconfdir}/pam_env.conf
-%if %{enable_selinux}
+%if %{with selinux}
 %{_pam_secdistconfdir}/sepermit.conf
 %endif
 %{_pam_secdistconfdir}/time.conf
 %{_pam_secdistconfdir}/namespace.conf
 %{_pam_secdistconfdir}/namespace.init
-%config(noreplace) %{_pam_secconfdir}/pwhistory.conf
+%{_pam_secdistconfdir}/pwhistory.conf
 %dir %{_pam_secdistconfdir}/namespace.d
 %{_libdir}/libpam.so.0
 %{_libdir}/libpam.so.%{libpam_so_version}
@ -420,9 +420,7 @@ done
 %{_pam_moduledir}//pam_filter/upperLOWER
 %{_pam_moduledir}/pam_ftp.so
 %{_pam_moduledir}/pam_group.so
 %{_pam_moduledir}/pam_issue.so
 %{_pam_moduledir}/pam_keyinit.so
 %{_pam_moduledir}/pam_lastlog.so
 %{_pam_moduledir}/pam_limits.so
 %{_pam_moduledir}/pam_listfile.so
 %{_pam_moduledir}/pam_localuser.so
@ -437,7 +435,7 @@ done
 %{_pam_moduledir}/pam_rhosts.so
 %{_pam_moduledir}/pam_rootok.so
 %{_pam_moduledir}/pam_securetty.so
-%if %{enable_selinux}
+%if %{with selinux}
 %{_pam_moduledir}/pam_selinux.so
 %{_pam_moduledir}/pam_sepermit.so
 %endif
@ -446,14 +444,9 @@ done
 %{_pam_moduledir}/pam_stress.so
 %{_pam_moduledir}/pam_succeed_if.so
 %{_pam_moduledir}/pam_time.so
 %{_pam_moduledir}/pam_timestamp.so
 %{_pam_moduledir}/pam_tty_audit.so
 %{_pam_moduledir}/pam_umask.so
 %{_pam_moduledir}/pam_unix.so
 %{_pam_moduledir}/pam_unix_acct.so
 %{_pam_moduledir}/pam_unix_auth.so
 %{_pam_moduledir}/pam_unix_passwd.so
 %{_pam_moduledir}/pam_unix_session.so
 %{_pam_moduledir}/pam_usertype.so
 %{_pam_moduledir}/pam_warn.so
 %{_pam_moduledir}/pam_wheel.so
@ -461,7 +454,6 @@ done
 %{_sbindir}/faillock
 %{_sbindir}/mkhomedir_helper
 %{_sbindir}/pam_namespace_helper
 %{_sbindir}/pam_timestamp_check
 %{_sbindir}/pwhistory_helper
 %verify(not mode) %attr(4755,root,shadow) %{_sbindir}/unix_chkpwd
 %verify(not mode) %attr(4755,root,shadow) %{_sbindir}/unix2_chkpwd
@ -469,23 +461,30 @@ done
 %{_unitdir}/pam_namespace.service
 %{_tmpfilesdir}/pam.conf
 %files extra
 %defattr(-,root,root,755)
 %{_pam_moduledir}/pam_userdb.so
 %{_mandir}/man8/pam_userdb.8%{?ext_man}
 %files devel
 %defattr(644,root,root,755)
 %dir %{_includedir}/security
 %{_mandir}/man3/pam*
 %{_mandir}/man3/misc_conv.3%{?ext_man}
 %{_includedir}/security/*.h
 %{_libdir}/libpam.so
 %{_libdir}/libpamc.so
 %{_libdir}/libpam_misc.so
 %{_rpmmacrodir}/macros.pam
 %{_libdir}/pkgconfig/pam*.pc
 %endif
 %if %{build_userdb}
 %files -n pam-userdb
 %defattr(-,root,root,755)
 %{_pam_moduledir}/pam_userdb.so
 %{_mandir}/man8/pam_userdb.8%{?ext_man}
 %endif
 %if %{build_extra}
 %files -n pam-extra
 %defattr(-,root,root,755)
 %{_pam_moduledir}/pam_issue.so
 %{_pam_moduledir}/pam_timestamp.so
 %{_sbindir}/pam_timestamp_check
 %endif
 %if %{build_doc}
@ -499,6 +498,8 @@ done
 %doc %{_defaultdocdir}/pam/*.txt
 %files -n pam-manpages
 %{_mandir}/man3/pam*.3%{?ext_man}
 %{_mandir}/man3/misc_conv.3%{?ext_man}
 %{_mandir}/man5/environment.5%{?ext_man}
 %{_mandir}/man5/*.conf.5%{?ext_man}
 %{_mandir}/man5/pam.d.5%{?ext_man}
@ -520,7 +521,6 @@ done
 %{_mandir}/man8/pam_group.8%{?ext_man}
 %{_mandir}/man8/pam_issue.8%{?ext_man}
 %{_mandir}/man8/pam_keyinit.8%{?ext_man}
 %{_mandir}/man8/pam_lastlog.8%{?ext_man}
 %{_mandir}/man8/pam_limits.8%{?ext_man}
 %{_mandir}/man8/pam_listfile.8%{?ext_man}
 %{_mandir}/man8/pam_localuser.8%{?ext_man}
--- a/pam_pwhistory-docu.patch
+++ b/pam_pwhistory-docu.patch
@ -1,264 +0,0 @@
 diff --git a/modules/pam_pwhistory/Makefile.am b/modules/pam_pwhistory/Makefile.am
 index 8a4dbcb2..c29a8e11 100644
 --- a/modules/pam_pwhistory/Makefile.am
 +++ b/modules/pam_pwhistory/Makefile.am
@@ -9,9 +9,10 @@ MAINTAINERCLEANFILES = $(MANS) README
 EXTRA_DIST = $(XMLS)
 if HAVE_DOC
 -dist_man_MANS = pam_pwhistory.8 pwhistory_helper.8
 +dist_man_MANS = pam_pwhistory.8 pwhistory_helper.8 pwhistory.conf.5
 endif
 -XMLS = README.xml pam_pwhistory.8.xml pwhistory_helper.8.xml
 +XMLS = README.xml pam_pwhistory.8.xml pwhistory_helper.8.xml \
 +  pwhistory.conf.5.xml
 dist_check_SCRIPTS = tst-pam_pwhistory
 TESTS = $(dist_check_SCRIPTS)
 diff --git a/modules/pam_pwhistory/pam_pwhistory.8.xml b/modules/pam_pwhistory/pam_pwhistory.8.xml
 index d88115c2..2a8fa7f6 100644
 --- a/modules/pam_pwhistory/pam_pwhistory.8.xml
 +++ b/modules/pam_pwhistory/pam_pwhistory.8.xml
@@ -36,6 +36,12 @@
       <arg choice="opt">
         authtok_type=<replaceable>STRING</replaceable>
       </arg>
 +      <arg choice="opt">
 +	      file=<replaceable>/path/filename</replaceable>
 +      </arg>
 +      <arg choice="opt">
 +	      conf=<replaceable>/path/to/config-file</replaceable>
 +      </arg>
     </cmdsynopsis>
   </refsynopsisdiv>
@@ -104,7 +110,7 @@
         <listitem>
           <para>
             The last <replaceable>N</replaceable> passwords for each
 -            user are saved in <filename>/etc/security/opasswd</filename>.
 +            user are saved.
             The default is <emphasis>10</emphasis>. Value of
             <emphasis>0</emphasis> makes the module to keep the existing
             contents of the <filename>opasswd</filename> file unchanged.
@@ -137,7 +143,39 @@
           </listitem>
         </varlistentry>
 +        <varlistentry>
 +          <term>
 +            <option>file=<replaceable>/path/filename</replaceable></option>
 +          </term>
 +          <listitem>
 +            <para>
 +              Store password history in file <filename>/path/filename</filename>
 +              rather than the default location. The default location is
 +	      <filename>/etc/security/opasswd</filename>.
 +            </para>
 +          </listitem>
 +        </varlistentry>
 +
 +        <varlistentry>
 +          <term>
 +            <option>conf=<replaceable>/path/to/config-file</replaceable></option>
 +          </term>
 +          <listitem>
 +            <para>
 +              Use another configuration file instead of the default
 +              <filename>/etc/security/pwhistory.conf</filename>.
 +            </para>
 +          </listitem>
 +        </varlistentry>
 +
     </variablelist>
 +    <para>
 +      The options for configuring the module behavior are described in the
 +      <citerefentry><refentrytitle>pwhistory.conf</refentrytitle>
 +      <manvolnum>5</manvolnum></citerefentry> manual page. The options
 +      specified on the module command line override the values from the
 +      configuration file.
 +    </para>
   </refsect1>
   <refsect1 id="pam_pwhistory-types">
@@ -213,7 +251,7 @@ password     required       pam_unix.so        use_authtok
       <varlistentry>
         <term><filename>/etc/security/opasswd</filename></term>
         <listitem>
 -          <para>File with password history</para>
 +          <para>Default file with password history</para>
         </listitem>
       </varlistentry>
     </variablelist>
@@ -222,6 +260,9 @@ password     required       pam_unix.so        use_authtok
   <refsect1 id='pam_pwhistory-see_also'>
     <title>SEE ALSO</title>
     <para>
 +      <citerefentry>
 +	<refentrytitle>pwhistory.conf</refentrytitle><manvolnum>5</manvolnum>
 +      </citerefentry>,
       <citerefentry>
 	<refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
       </citerefentry>,
 diff --git a/modules/pam_pwhistory/pwhistory.conf.5.xml b/modules/pam_pwhistory/pwhistory.conf.5.xml
 new file mode 100644
 index 00000000..bac5ffed
 --- /dev/null
 +++ b/modules/pam_pwhistory/pwhistory.conf.5.xml
@@ -0,0 +1,155 @@
 +<?xml version="1.0" encoding='UTF-8'?>
 +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
 +	"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
 +
 +<refentry id="pwhistory.conf">
 +
 +  <refmeta>
 +    <refentrytitle>pwhistory.conf</refentrytitle>
 +    <manvolnum>5</manvolnum>
 +    <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
 +  </refmeta>
 +
 +  <refnamediv id="pwhistory.conf-name">
 +    <refname>pwhistory.conf</refname>
 +    <refpurpose>pam_pwhistory configuration file</refpurpose>
 +  </refnamediv>
 +
 +  <refsect1 id="pwhistory.conf-description">
 +
 +    <title>DESCRIPTION</title>
 +    <para>
 +       <emphasis remap='B'>pwhistory.conf</emphasis> provides a way to configure the
 +       default settings for saving the last passwords for each user.
 +       This file is read by the <emphasis>pam_pwhistory</emphasis> module and is the
 +       preferred method over configuring <emphasis>pam_pwhistory</emphasis> directly.
 +    </para>
 +    <para>
 +       The file has a very simple <emphasis>name = value</emphasis> format with possible comments
 +       starting with <emphasis>#</emphasis> character. The whitespace at the beginning of line, end
 +       of line, and around the <emphasis>=</emphasis> sign is ignored.
 +    </para>
 +  </refsect1>
 +
 +  <refsect1 id="pwhistory.conf-options">
 +
 +    <title>OPTIONS</title>
 +         <variablelist>
 +            <varlistentry>
 +              <term>
 +                <option>debug</option>
 +              </term>
 +              <listitem>
 +                <para>
 +                  Turns on debugging via
 +                  <citerefentry>
 +                    <refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum>
 +                  </citerefentry>.
 +                </para>
 +              </listitem>
 +            </varlistentry>
 +            <varlistentry>
 +              <term>
 +                <option>enforce_for_root</option>
 +              </term>
 +              <listitem>
 +                <para>
 +                  If this option is set, the check is enforced for root, too.
 +                </para>
 +              </listitem>
 +            </varlistentry>
 +            <varlistentry>
 +              <term>
 +                <option>remember=<replaceable>N</replaceable></option>
 +              </term>
 +              <listitem>
 +                <para>
 +                  The last <replaceable>N</replaceable> passwords for each
 +                  user are saved.
 +                  The default is <emphasis>10</emphasis>. Value of
 +                  <emphasis>0</emphasis> makes the module to keep the existing
 +                  contents of the <filename>opasswd</filename> file unchanged.
 +                </para>
 +              </listitem>
 +            </varlistentry>
 +            <varlistentry>
 +              <term>
 +                <option>retry=<replaceable>N</replaceable></option>
 +              </term>
 +              <listitem>
 +                <para>
 +                  Prompt user at most <replaceable>N</replaceable> times
 +                  before returning with error. The default is 1.
 +                </para>
 +              </listitem>
 +            </varlistentry>
 +            <varlistentry>
 +              <term>
 +                <option>file=<replaceable>/path/filename</replaceable></option>
 +              </term>
 +              <listitem>
 +                <para>
 +                  Store password history in file
 +                  <replaceable>/path/filename</replaceable> rather than the default
 +                  location. The default location is
 +	                <filename>/etc/security/opasswd</filename>.
 +                </para>
 +              </listitem>
 +            </varlistentry>
 +        </variablelist>
 +  </refsect1>
 +
 +  <refsect1 id='pwhistory.conf-examples'>
 +    <title>EXAMPLES</title>
 +    <para>
 +      /etc/security/pwhistory.conf file example:
 +    </para>
 +    <programlisting>
 +debug
 +remember=5
 +file=/tmp/opasswd
 +    </programlisting>
 +  </refsect1>
 +
 +  <refsect1 id="pwhistory.conf-files">
 +    <title>FILES</title>
 +    <variablelist>
 +      <varlistentry>
 +        <term><filename>/etc/security/pwhistory.conf</filename></term>
 +        <listitem>
 +          <para>the config file for custom options</para>
 +        </listitem>
 +      </varlistentry>
 +    </variablelist>
 +  </refsect1>
 +
 +  <refsect1 id='pwhistory.conf-see_also'>
 +    <title>SEE ALSO</title>
 +    <para>
 +      <citerefentry>
 +        <refentrytitle>pwhistory</refentrytitle><manvolnum>8</manvolnum>
 +      </citerefentry>,
 +      <citerefentry>
 +        <refentrytitle>pam_pwhistory</refentrytitle><manvolnum>8</manvolnum>
 +      </citerefentry>,
 +      <citerefentry>
 +        <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
 +      </citerefentry>,
 +      <citerefentry>
 +        <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
 +      </citerefentry>,
 +      <citerefentry>
 +        <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
 +      </citerefentry>
 +    </para>
 +  </refsect1>
 +
 +  <refsect1 id='pwhistory.conf-author'>
 +    <title>AUTHOR</title>
 +      <para>
 +        pam_pwhistory was written by Thorsten Kukuk. The support for
 +        pwhistory.conf was written by Iker Pedrosa.
 +      </para>
 +  </refsect1>
 +
 +</refentry>
--- a/pam_xauth_data.3.xml.patch
+++ b/pam_xauth_data.3.xml.patch
@ -1,97 +0,0 @@
 --- a/doc/man/pam_xauth_data.3.xml	2021-11-01 12:04:45.640077994 +0100
 +++ b/doc/man/pam_xauth_data.3.xml	2019-09-24 13:06:13.531781973 +0200
@@ -0,0 +1,94 @@
 +<?xml version="1.0" encoding="UTF-8"?>
 +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
 +                   "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
 +
 +<refentry id="pam_xauth_data">
 +
 +  <refmeta>
 +    <refentrytitle>pam_xauth_data</refentrytitle>
 +    <manvolnum>3</manvolnum>
 +    <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo>
 +  </refmeta>
 +
 +  <refnamediv id="pam_xauth_data-name">
 +    <refname>pam_xauth_data</refname>
 +    <refpurpose>structure containing X authentication data</refpurpose>
 +  </refnamediv>
 +
 +<!-- body begins here -->
 +
 +  <refsynopsisdiv>
 +    <funcsynopsis id="pam_xauth_data-synopsis">
 +      <funcsynopsisinfo>#include &lt;security/pam_appl.h&gt;</funcsynopsisinfo>
 +    </funcsynopsis>
 +    <programlisting>
 +struct pam_xauth_data {
 +    int namelen;
 +    char *name;
 +    int datalen;
 +    char *data;
 +};
 +    </programlisting>
 +  </refsynopsisdiv>
 +
 +  <refsect1 id='pam_xauth_data-description'>
 +    <title>DESCRIPTION</title>
 +    <para>
 +      The <function>pam_xauth_data</function> structure contains X
 +      authentication data used to make a connection to an X display.
 +      Using this mechanism, an application can communicate X
 +      authentication data to PAM service modules.  This allows modules to
 +      make a connection to the user's X display in order to label the
 +      user's session on login, display visual feedback or for other
 +      purposes.
 +    </para>
 +    <para>
 +      The <emphasis>name</emphasis> field contains the name of the
 +      authentication method, such as "MIT-MAGIC-COOKIE-1".  The
 +      <emphasis>namelen</emphasis> field contains the length of this string,
 +      not including the trailing NUL character.
 +    </para>
 +    <para>
 +      The <emphasis>data</emphasis> field contains the authentication
 +      method-specific data corresponding to the specified name.  The
 +      <emphasis>datalen</emphasis> field contains its length in bytes.
 +    </para>
 +    <para>
 +      The X authentication data can be changed with the
 +      <emphasis>PAM_XAUTH_DATA</emphasis> item. It can be queried and
 +      set with
 +      <citerefentry>
 +        <refentrytitle>pam_get_item</refentrytitle><manvolnum>3</manvolnum>
 +      </citerefentry>
 +      and
 +      <citerefentry>
 +        <refentrytitle>pam_set_item </refentrytitle><manvolnum>3</manvolnum>
 +      </citerefentry>  respectively.  The value used to set it should be
 +      a pointer to a pam_xauth_data structure.  An internal copy of both
 +      the structure itself and its fields is made by PAM when setting the
 +      item.
 +    </para>
 +  </refsect1>
 +
 +  <refsect1 id='pam_xauth_data-see_also'>
 +    <title>SEE ALSO</title>
 +    <para>
 +      <citerefentry>
 +        <refentrytitle>pam_start</refentrytitle><manvolnum>3</manvolnum>
 +      </citerefentry>,
 +      <citerefentry>
 +        <refentrytitle>pam_get_item</refentrytitle><manvolnum>3</manvolnum>
 +      </citerefentry>,
 +    </para>
 +  </refsect1>
 +
 +  <refsect1 id='pam_xauth_data-standards'>
 +    <title>STANDARDS</title>
 +    <para>
 +      The <function>pam_xauth_data</function> structure and
 +      <emphasis>PAM_XAUTH_DATA</emphasis> item are
 +      Linux-PAM extensions.
 +    </para>
 +  </refsect1>
 +
 +</refentry>