diff --git a/Linux-PAM-1.3.91-docs.tar.xz b/Linux-PAM-1.3.91-docs.tar.xz
deleted file mode 100644
index f4919b6..0000000
--- a/Linux-PAM-1.3.91-docs.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:3bf5336ef11158dd52d22c7919eb24ac7e381a60d8937179a87f09f77e74fe99
-size 464136
diff --git a/Linux-PAM-1.3.91.tar.xz b/Linux-PAM-1.3.91.tar.xz
deleted file mode 100644
index c3fa0da..0000000
--- a/Linux-PAM-1.3.91.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:426895651da97d3c0f139ddcd878067962eb0809ddc17e1138081249c51ac2b8
-size 975112
diff --git a/Linux-PAM-1.3.92-docs.tar.xz b/Linux-PAM-1.3.92-docs.tar.xz
new file mode 100644
index 0000000..cef9c1b
--- /dev/null
+++ b/Linux-PAM-1.3.92-docs.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:58af8e875cdcaffcf5bc2ca2d228dcb2f1589e73448391f2de562dfed186cf8a
+size 464148
diff --git a/Linux-PAM-1.3.92.tar.xz b/Linux-PAM-1.3.92.tar.xz
new file mode 100644
index 0000000..bfd8bbf
--- /dev/null
+++ b/Linux-PAM-1.3.92.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:12bb1b2128fa4cffdd3ba5950e2f985602db35f2ff984129709e84b8f5e6225b
+size 982628
diff --git a/baselibs.conf b/baselibs.conf
index 4cd0578..aa1a812 100644
--- a/baselibs.conf
+++ b/baselibs.conf
@@ -1,2 +1,4 @@
 pam
+pam-extra
+pam-deprecated
 pam-devel
diff --git a/pam.changes b/pam.changes
index 3cfc512..ecbc36b 100644
--- a/pam.changes
+++ b/pam.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Wed May 27 09:27:32 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
+
+- Update to current Linux-PAM snapshot
+  - pam_tally* and pam_cracklib got deprecated
+- Disable pam_faillock and pam_setquota until they are whitelisted
+
 -------------------------------------------------------------------
 Tue May 12 11:44:19 UTC 2020 - Josef Möllers <josef.moellers@suse.com>
 
diff --git a/pam.spec b/pam.spec
index e3037f9..82bb5fd 100644
--- a/pam.spec
+++ b/pam.spec
@@ -16,19 +16,18 @@
 #
 
 
-%if ! %{defined _distconfdir}
-  %define _distconfdir %{_sysconfdir}
-  %define config_noreplace 1
-%endif
-
 #
 %define enable_selinux 1
 %define libpam_so_version 0.85.1
 %define libpam_misc_so_version 0.82.1
 %define libpamc_so_version 0.82.1
+%if ! %{defined _distconfdir}
+  %define _distconfdir %{_sysconfdir}
+  %define config_noreplace 1
+%endif
 Name:           pam
 #
-Version:        1.3.91
+Version:        1.3.92
 Release:        0
 Summary:        A Security Tool that Provides Authentication for Applications
 License:        GPL-2.0-or-later OR BSD-3-Clause
@@ -54,12 +53,12 @@ BuildRequires:  bison
 BuildRequires:  cracklib-devel
 BuildRequires:  flex
 BuildRequires:  libtool
+BuildRequires:  xz
+Requires(post): permissions
 # All login.defs variables require support from shadow side.
 # Upgrade this symbol version only if new variables appear!
 # Verify by shadow-login_defs-check.sh from shadow source package.
 Recommends:     login_defs-support-for-pam >= 1.3.1
-Requires(post): permissions
-BuildRequires:  xz
 %if 0%{?suse_version} > 1320
 BuildRequires:  pkgconfig(libeconf)
 BuildRequires:  pkgconfig(libnsl)
@@ -80,7 +79,7 @@ having to recompile programs that do authentication.
 
 %package extra
 Summary:        PAM module to authenticate against a separate database
-Group:          System/Libraries%description
+Group:          System/Libraries
 BuildRequires:  libdb-4_8-devel
 BuildRequires:  pam-devel
 
@@ -121,6 +120,21 @@ having to recompile programs which do authentication.
 This package contains header files and static libraries used for
 building both PAM-aware applications and modules for use with PAM.
 
+%package deprecated
+Summary:        Deprecated PAM Modules
+Group:          System/Libraries
+Provides:       pam:/%{_lib}/security/pam_cracklib.so
+Provides:       pam:/%{_lib}/security/pam_tally2.so
+
+%description deprecated
+PAM (Pluggable Authentication Modules) is a system security tool that
+allows system administrators to set authentication policies without
+having to recompile programs that do authentication.
+
+This package contains deprecated extra modules like pam_cracklib and
+pam_tally2, which are no longer supported upstream and will be completly
+removed with one of the next releases.
+
 %prep
 %setup -q -n Linux-PAM-%{version} -b 1
 cp -a %{SOURCE12} .
@@ -140,12 +154,13 @@ export CFLAGS="%{optflags} -DNDEBUG"
         --libdir=/%{_lib} \
 	--enable-isadir=../../%{_lib}/security \
         --enable-securedir=/%{_lib}/security \
-	--enable-vendordir=%{_distconfdir}
+	--enable-vendordir=%{_distconfdir} \
+	--enable-tally2 --enable-cracklib
 make %{?_smp_mflags}
-gcc -fwhole-program -fpie -pie -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE %{optflags} -I%{_builddir}/linux-pam-%{version}/libpam/include %{SOURCE10} -o %{_builddir}/unix2_chkpwd -L%{_builddir}/linux-pam-%{version}/libpam/.libs/ -lpam
+gcc -fwhole-program -fpie -pie -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE %{optflags} -I%{_builddir}/Linux-PAM-%{version}/libpam/include %{SOURCE10} -o %{_builddir}/unix2_chkpwd -L%{_builddir}/Linux-PAM-%{version}/libpam/.libs -lpam
 
 %check
-make %{?_smp_mflags} check
+%make_build check
 
 %install
 mkdir -p %{buildroot}%{_sysconfdir}/pam.d
@@ -197,13 +212,9 @@ for i in pam_*/README; do
 	cp -fpv "$i" "$DOC/modules/README.${i%/*}"
 done
 popd
-#
-# pam_tally is deprecated since ages
-#
-rm -f %{buildroot}/%{_lib}/security/pam_tally.so
-rm -f %{buildroot}/sbin/pam_tally
-rm -f %{buildroot}%{_mandir}/man8/pam_tally.8*
-rm -f %{buildroot}%{_defaultdocdir}/pam/modules/README.pam_tally
+# XXX Remove until whitelisted
+rm %{buildroot}/%{_lib}/security/pam_setquota.so
+rm %{buildroot}/%{_lib}/security/pam_faillock.so
 # Install unix2_chkpwd
 install -m 755 %{_builddir}/unix2_chkpwd %{buildroot}/sbin/
 install -m 644 %{_sourcedir}/unix2_chkpwd.8 %{buildroot}/%{_mandir}/man8/
@@ -220,16 +231,15 @@ install -m 644 %{_sourcedir}/unix2_chkpwd.8 %{buildroot}/%{_mandir}/man8/
 %set_permissions /sbin/unix2_chkpwd
 
 %postun -p /sbin/ldconfig
-
 %pre
 for i in securetty pam.d/other pam.d/common-account pam.d/common-auth pam.d/common-password pam.d/common-session ; do
-  test -f /etc/${i}.rpmsave && mv -v /etc/${i}.rpmsave /etc/${i}.rpmsave.old ||:
+  test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||:
 done
 
 %posttrans
 # Migration to /usr/etc.
 for i in securetty pam.d/other pam.d/common-account pam.d/common-auth pam.d/common-password pam.d/common-session ; do
-  test -f /etc/${i}.rpmsave && mv -v /etc/${i}.rpmsave /etc/${i} ||:
+  test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||:
 done
 
 %files -f Linux-PAM.lang
@@ -266,59 +276,57 @@ done
 %{_mandir}/man5/environment.5%{?ext_man}
 %{_mandir}/man5/*.conf.5%{?ext_man}
 %{_mandir}/man5/pam.d.5%{?ext_man}
-%{_mandir}/man8/PAM.8.gz
-%{_mandir}/man8/faillock.8.gz
-%{_mandir}/man8/mkhomedir_helper.8.gz
-%{_mandir}/man8/pam.8.gz
-%{_mandir}/man8/pam_access.8.gz
-%{_mandir}/man8/pam_cracklib.8.gz
-%{_mandir}/man8/pam_debug.8.gz
-%{_mandir}/man8/pam_deny.8.gz
-%{_mandir}/man8/pam_echo.8.gz
-%{_mandir}/man8/pam_env.8.gz
-%{_mandir}/man8/pam_exec.8.gz
-%{_mandir}/man8/pam_faildelay.8.gz
-%{_mandir}/man8/pam_faillock.8.gz
-%{_mandir}/man8/pam_filter.8.gz
-%{_mandir}/man8/pam_ftp.8.gz
-%{_mandir}/man8/pam_group.8.gz
-%{_mandir}/man8/pam_issue.8.gz
-%{_mandir}/man8/pam_keyinit.8.gz
-%{_mandir}/man8/pam_lastlog.8.gz
-%{_mandir}/man8/pam_limits.8.gz
-%{_mandir}/man8/pam_listfile.8.gz
-%{_mandir}/man8/pam_localuser.8.gz
-%{_mandir}/man8/pam_loginuid.8.gz
-%{_mandir}/man8/pam_mail.8.gz
-%{_mandir}/man8/pam_mkhomedir.8.gz
-%{_mandir}/man8/pam_motd.8.gz
-%{_mandir}/man8/pam_namespace.8.gz
-%{_mandir}/man8/pam_namespace_helper.8.gz
-%{_mandir}/man8/pam_nologin.8.gz
-%{_mandir}/man8/pam_permit.8.gz
-%{_mandir}/man8/pam_pwhistory.8.gz
-%{_mandir}/man8/pam_rhosts.8.gz
-%{_mandir}/man8/pam_rootok.8.gz
-%{_mandir}/man8/pam_securetty.8.gz
-%{_mandir}/man8/pam_selinux.8.gz
-%{_mandir}/man8/pam_sepermit.8.gz
-%{_mandir}/man8/pam_setquota.8.gz
-%{_mandir}/man8/pam_shells.8.gz
-%{_mandir}/man8/pam_succeed_if.8.gz
-%{_mandir}/man8/pam_tally2.8.gz
-%{_mandir}/man8/pam_time.8.gz
-%{_mandir}/man8/pam_timestamp.8.gz
-%{_mandir}/man8/pam_timestamp_check.8.gz
-%{_mandir}/man8/pam_tty_audit.8.gz
-%{_mandir}/man8/pam_umask.8.gz
-%{_mandir}/man8/pam_unix.8.gz
-%{_mandir}/man8/pam_usertype.8.gz
-%{_mandir}/man8/pam_warn.8.gz
-%{_mandir}/man8/pam_wheel.8.gz
-%{_mandir}/man8/pam_xauth.8.gz
-%{_mandir}/man8/unix2_chkpwd.8.gz
-%{_mandir}/man8/unix_chkpwd.8.gz
-%{_mandir}/man8/unix_update.8.gz
+%{_mandir}/man8/PAM.8%{?ext_man}
+%{_mandir}/man8/faillock.8%{?ext_man}
+%{_mandir}/man8/mkhomedir_helper.8%{?ext_man}
+%{_mandir}/man8/pam.8%{?ext_man}
+%{_mandir}/man8/pam_access.8%{?ext_man}
+%{_mandir}/man8/pam_debug.8%{?ext_man}
+%{_mandir}/man8/pam_deny.8%{?ext_man}
+%{_mandir}/man8/pam_echo.8%{?ext_man}
+%{_mandir}/man8/pam_env.8%{?ext_man}
+%{_mandir}/man8/pam_exec.8%{?ext_man}
+%{_mandir}/man8/pam_faildelay.8%{?ext_man}
+%{_mandir}/man8/pam_faillock.8%{?ext_man}
+%{_mandir}/man8/pam_filter.8%{?ext_man}
+%{_mandir}/man8/pam_ftp.8%{?ext_man}
+%{_mandir}/man8/pam_group.8%{?ext_man}
+%{_mandir}/man8/pam_issue.8%{?ext_man}
+%{_mandir}/man8/pam_keyinit.8%{?ext_man}
+%{_mandir}/man8/pam_lastlog.8%{?ext_man}
+%{_mandir}/man8/pam_limits.8%{?ext_man}
+%{_mandir}/man8/pam_listfile.8%{?ext_man}
+%{_mandir}/man8/pam_localuser.8%{?ext_man}
+%{_mandir}/man8/pam_loginuid.8%{?ext_man}
+%{_mandir}/man8/pam_mail.8%{?ext_man}
+%{_mandir}/man8/pam_mkhomedir.8%{?ext_man}
+%{_mandir}/man8/pam_motd.8%{?ext_man}
+%{_mandir}/man8/pam_namespace.8%{?ext_man}
+%{_mandir}/man8/pam_namespace_helper.8%{?ext_man}
+%{_mandir}/man8/pam_nologin.8%{?ext_man}
+%{_mandir}/man8/pam_permit.8%{?ext_man}
+%{_mandir}/man8/pam_pwhistory.8%{?ext_man}
+%{_mandir}/man8/pam_rhosts.8%{?ext_man}
+%{_mandir}/man8/pam_rootok.8%{?ext_man}
+%{_mandir}/man8/pam_securetty.8%{?ext_man}
+%{_mandir}/man8/pam_selinux.8%{?ext_man}
+%{_mandir}/man8/pam_sepermit.8%{?ext_man}
+%{_mandir}/man8/pam_setquota.8%{?ext_man}
+%{_mandir}/man8/pam_shells.8%{?ext_man}
+%{_mandir}/man8/pam_succeed_if.8%{?ext_man}
+%{_mandir}/man8/pam_time.8%{?ext_man}
+%{_mandir}/man8/pam_timestamp.8%{?ext_man}
+%{_mandir}/man8/pam_timestamp_check.8%{?ext_man}
+%{_mandir}/man8/pam_tty_audit.8%{?ext_man}
+%{_mandir}/man8/pam_umask.8%{?ext_man}
+%{_mandir}/man8/pam_unix.8%{?ext_man}
+%{_mandir}/man8/pam_usertype.8%{?ext_man}
+%{_mandir}/man8/pam_warn.8%{?ext_man}
+%{_mandir}/man8/pam_wheel.8%{?ext_man}
+%{_mandir}/man8/pam_xauth.8%{?ext_man}
+%{_mandir}/man8/unix2_chkpwd.8%{?ext_man}
+%{_mandir}/man8/unix_chkpwd.8%{?ext_man}
+%{_mandir}/man8/unix_update.8%{?ext_man}
 /%{_lib}/libpam.so.0
 /%{_lib}/libpam.so.%{libpam_so_version}
 /%{_lib}/libpamc.so.0
@@ -327,14 +335,13 @@ done
 /%{_lib}/libpam_misc.so.%{libpam_misc_so_version}
 %dir /%{_lib}/security
 /%{_lib}/security/pam_access.so
-/%{_lib}/security/pam_cracklib.so
 /%{_lib}/security/pam_debug.so
 /%{_lib}/security/pam_deny.so
 /%{_lib}/security/pam_echo.so
 /%{_lib}/security/pam_env.so
 /%{_lib}/security/pam_exec.so
 /%{_lib}/security/pam_faildelay.so
-/%{_lib}/security/pam_faillock.so
+#/%{_lib}/security/pam_faillock.so
 /%{_lib}/security/pam_filter.so
 %dir /%{_lib}/security/pam_filter
 /%{_lib}/security//pam_filter/upperLOWER
@@ -361,11 +368,10 @@ done
 /%{_lib}/security/pam_selinux.so
 /%{_lib}/security/pam_sepermit.so
 %endif
-/%{_lib}/security/pam_setquota.so
+#/%{_lib}/security/pam_setquota.so
 /%{_lib}/security/pam_shells.so
 /%{_lib}/security/pam_stress.so
 /%{_lib}/security/pam_succeed_if.so
-/%{_lib}/security/pam_tally2.so
 /%{_lib}/security/pam_time.so
 /%{_lib}/security/pam_timestamp.so
 /%{_lib}/security/pam_tty_audit.so
@@ -382,7 +388,6 @@ done
 /sbin/faillock
 /sbin/mkhomedir_helper
 /sbin/pam_namespace_helper
-/sbin/pam_tally2
 /sbin/pam_timestamp_check
 %verify(not mode) %attr(4755,root,shadow) /sbin/unix_chkpwd
 %verify(not mode) %attr(4755,root,shadow) /sbin/unix2_chkpwd
@@ -391,8 +396,16 @@ done
 
 %files extra
 %defattr(-,root,root,755)
-%attr(755,root,root) /%{_lib}/security/pam_userdb.so
-%attr(644,root,root) %doc %{_mandir}/man8/pam_userdb.8.gz
+/%{_lib}/security/pam_userdb.so
+%{_mandir}/man8/pam_userdb.8%{?ext_man}
+
+%files deprecated
+%defattr(-,root,root,755)
+/%{_lib}/security/pam_cracklib.so
+/%{_lib}/security/pam_tally2.so
+/sbin/pam_tally2
+%{_mandir}/man8/pam_cracklib.8%{?ext_man}
+%{_mandir}/man8/pam_tally2.8%{?ext_man}
 
 %files doc
 %defattr(644,root,root,755)