--- old/Linux-PAM-1.1.8/modules/pam_access/pam_access.c	2013-06-18 16:11:21.000000000 +0200
+++ new/linux-pam-1.1.8/modules/pam_access/pam_access.c	2014-01-09 16:28:39.000000000 +0100
@@ -573,7 +573,7 @@
 
     if (debug)
         pam_syslog (pamh, LOG_DEBUG,
-		    "group_match: grp=%s, user=%s", grptok, usr);
+		    "group_match: grp=%s, user=%s", tok, usr);
 
     if (strlen(tok) < 3)
         return NO;
--- old/Linux-PAM-1.1.8/modules/pam_lastlog/pam_lastlog.c	2013-06-18 16:11:21.000000000 +0200
+++ new/linux-pam-1.1.8/modules/pam_lastlog/pam_lastlog.c	2013-11-28 11:37:54.000000000 +0100
@@ -628,7 +628,8 @@
     lltime = (time(NULL) - lltime) / (24*60*60);
 
     if (lltime > inactive_days) {
-        pam_syslog(pamh, LOG_INFO, "user %s inactive for %d days - denied", user, lltime);
+        pam_syslog(pamh, LOG_INFO, "user %s inactive for %ld days - denied",
+		   user, (long) lltime);
         return PAM_AUTH_ERR;
     }
 
--- old/Linux-PAM-1.1.8/modules/pam_loginuid/pam_loginuid.c	2013-06-18 16:11:21.000000000 +0200
+++ new/linux-pam-1.1.8/modules/pam_loginuid/pam_loginuid.c	2013-11-28 11:37:54.000000000 +0100
@@ -52,10 +52,10 @@
 static int set_loginuid(pam_handle_t *pamh, uid_t uid)
 {
 	int fd, count, rc = 0;
-	char loginuid[24];
+	char loginuid[24], buf[24];
 
 	count = snprintf(loginuid, sizeof(loginuid), "%lu", (unsigned long)uid);
-	fd = open("/proc/self/loginuid", O_NOFOLLOW|O_WRONLY|O_TRUNC);
+	fd = open("/proc/self/loginuid", O_NOFOLLOW|O_RDWR);
 	if (fd < 0) {
 		if (errno != ENOENT) {
 			rc = 1;
@@ -64,8 +64,13 @@
 		}
 		return rc;
 	}
-	if (pam_modutil_write(fd, loginuid, count) != count)
+	if (pam_modutil_read(fd, buf, sizeof(buf)) == count &&
+	    memcmp(buf, loginuid, count) == 0)
+		goto done;	/* already correct */
+	if (lseek(fd, 0, SEEK_SET) == -1 || (ftruncate(fd, 0) == -1 ||
+	    pam_modutil_write(fd, loginuid, count) != count))
 		rc = 1;
+ done:
 	close(fd);
 	return rc;
 }
--- old/Linux-PAM-1.1.8/modules/pam_securetty/pam_securetty.c	2013-06-18 16:11:21.000000000 +0200
+++ new/linux-pam-1.1.8/modules/pam_securetty/pam_securetty.c	2013-11-28 11:37:54.000000000 +0100
@@ -159,11 +159,10 @@
         if (cmdlinefile != NULL) {
             char line[LINE_MAX], *p;
 
-            line[0] = 0;
-            fgets(line, sizeof(line), cmdlinefile);
+            p = fgets(line, sizeof(line), cmdlinefile);
             fclose(cmdlinefile);
 
-            for (p = line; p; p = strstr(p+1, "console=")) {
+            for (; p; p = strstr(p+1, "console=")) {
                 char *e;
 
                 /* Test whether this is a beginning of a word? */
--- old/Linux-PAM-1.1.8/modules/pam_unix/pam_unix_passwd.c	2013-09-16 11:09:47.000000000 +0200
+++ new/linux-pam-1.1.8/modules/pam_unix/pam_unix_passwd.c	2013-11-12 13:05:47.000000000 +0100
@@ -614,7 +614,8 @@
 
 		if (_unix_blankpasswd(pamh, ctrl, user)) {
 			return PAM_SUCCESS;
-		} else if (off(UNIX__IAMROOT, ctrl)) {
+		} else if (off(UNIX__IAMROOT, ctrl) ||
+			   (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, user, 0, 1))) {
 			/* instruct user what is happening */
 			if (asprintf(&Announce, _("Changing password for %s."),
 				user) < 0) {
@@ -795,6 +796,29 @@
 		 * rebuild the password database file.
 		 */
 
+
+		/* if it is a NIS account, check for special hash algo */
+		if (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, user, 0, 1)) {
+		  /* preset encryption method with value from /etc/login.defs */
+		  int j;
+		  char *val = _unix_search_key ("ENCRYPT_METHOD_NIS", LOGIN_DEFS);
+		  if (val) {
+		    for (j = 0; j < UNIX_CTRLS_; ++j) {
+		      if (unix_args[j].token && unix_args[j].is_hash_algo
+			  && !strncasecmp(val, unix_args[j].token, strlen(unix_args[j].token))) {
+			break;
+		      }
+		    }
+		    if (j >= UNIX_CTRLS_) {
+		      pam_syslog(pamh, LOG_WARNING, "unrecognized ENCRYPT_METHOD_NIS value [%s]", val);
+		    } else {
+		      ctrl &= unix_args[j].mask;  /* for turning things off */
+		      ctrl |= unix_args[j].flag;  /* for turning things on  */
+		    }
+		    free (val);
+		  }
+		}
+
 		/*
 		 * First we encrypt the new password.
 		 */
--- old/Linux-PAM-1.1.8/modules/pam_unix/README	2013-09-19 10:02:20.000000000 +0200
+++ new/linux-pam-1.1.8/modules/pam_unix/README	2014-01-09 16:29:02.000000000 +0100
@@ -36,7 +36,8 @@
 
 The password component of this module performs the task of updating the user's
 password. The default encryption hash is taken from the ENCRYPT_METHOD variable
-from /etc/login.defs
+from /etc/login.defs. For NIS accounts, the ENCRYPT_METHOD_NIS variable from /
+etc/login.defs is preferred.
 
 The session component of this module logs when a user logins or leave the
 system.
--- old/Linux-PAM-1.1.8/modules/pam_unix/support.c	2013-09-16 11:11:51.000000000 +0200
+++ new/linux-pam-1.1.8/modules/pam_unix/support.c	2013-11-12 13:05:24.000000000 +0100
@@ -37,8 +37,8 @@
 #define SELINUX_ENABLED 0
 #endif
 
-static char *
-search_key (const char *key, const char *filename)
+char *
+_unix_search_key (const char *key, const char *filename)
 {
   FILE *fp;
   char *buf = NULL;
@@ -159,7 +159,7 @@
 	}
 
 	/* preset encryption method with value from /etc/login.defs */
-	val = search_key ("ENCRYPT_METHOD", LOGIN_DEFS);
+	val = _unix_search_key ("ENCRYPT_METHOD", LOGIN_DEFS);
 	if (val) {
 	  for (j = 0; j < UNIX_CTRLS_; ++j) {
 	    if (unix_args[j].token && unix_args[j].is_hash_algo
@@ -177,7 +177,7 @@
 
 	  /* read number of rounds for crypt algo */
 	  if (rounds && (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl))) {
-	    val=search_key ("SHA_CRYPT_MAX_ROUNDS", LOGIN_DEFS);
+	    val=_unix_search_key ("SHA_CRYPT_MAX_ROUNDS", LOGIN_DEFS);
 
 	    if (val) {
 	      *rounds = strtol(val, NULL, 10);
--- old/Linux-PAM-1.1.8/modules/pam_unix/support.h	2013-06-18 16:24:05.000000000 +0200
+++ new/linux-pam-1.1.8/modules/pam_unix/support.h	2013-11-12 13:05:04.000000000 +0100
@@ -97,8 +97,9 @@
 					   password hash algorithms */
 #define UNIX_BLOWFISH_PASS       26	/* new password hashes will use blowfish */
 #define UNIX_MIN_PASS_LEN        27	/* min length for password */
+#define UNIX_DES                 28     /* DES, default */
 /* -------------- */
-#define UNIX_CTRLS_              28	/* number of ctrl arguments defined */
+#define UNIX_CTRLS_              29	/* number of ctrl arguments defined */
 
 #define UNIX_DES_CRYPT(ctrl)	(off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl))
 
@@ -135,6 +136,7 @@
 /* UNIX_ALGO_ROUNDS */     {"rounds=",         _ALL_ON_,          0100000000, 0},
 /* UNIX_BLOWFISH_PASS */   {"blowfish",    _ALL_ON_^(0260420000), 0200000000, 1},
 /* UNIX_MIN_PASS_LEN */    {"minlen=",		_ALL_ON_,         0400000000, 0},
+/* UNIX_DES */             {"des",             _ALL_ON_^(0260420000),      0, 1},
 };
 
 #define UNIX_DEFAULTS  (unix_args[UNIX__NONULL].flag)
@@ -172,4 +174,5 @@
 
 extern int _unix_run_verify_binary(pam_handle_t *pamh,
 			unsigned int ctrl, const char *user, int *daysleft);
+extern char *_unix_search_key(const char *key, const char *filename);
 #endif /* _PAM_UNIX_SUPPORT_H */
--- old/Linux-PAM-1.1.8/modules/pam_warn/pam_warn.c	2013-06-18 16:11:21.000000000 +0200
+++ new/linux-pam-1.1.8/modules/pam_warn/pam_warn.c	2013-11-28 11:37:54.000000000 +0100
@@ -33,7 +33,7 @@
      value = value ? value : default_value ;                    \
 } while (0)
 
-static void log_items(pam_handle_t *pamh, const char *function)
+static void log_items(pam_handle_t *pamh, const char *function, int flags)
 {
      const void *service=NULL, *user=NULL, *terminal=NULL,
 	 *rhost=NULL, *ruser=NULL;
@@ -45,8 +45,8 @@
      OBTAIN(PAM_RHOST, rhost, "<unknown>");
 
      pam_syslog(pamh, LOG_NOTICE,
-		"function=[%s] service=[%s] terminal=[%s] user=[%s]"
-		" ruser=[%s] rhost=[%s]\n", function,
+		"function=[%s] flags=%#x service=[%s] terminal=[%s] user=[%s]"
+		" ruser=[%s] rhost=[%s]\n", function, flags,
 		(const char *) service, (const char *) terminal,
 		(const char *) user, (const char *) ruser,
 		(const char *) rhost);
@@ -55,52 +55,52 @@
 /* --- authentication management functions (only) --- */
 
 PAM_EXTERN
-int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED,
+int pam_sm_authenticate(pam_handle_t *pamh, int flags,
 			int argc UNUSED, const char **argv UNUSED)
 {
-    log_items(pamh, __FUNCTION__);
+    log_items(pamh, __FUNCTION__, flags);
     return PAM_IGNORE;
 }
 
 PAM_EXTERN
-int pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED,
+int pam_sm_setcred(pam_handle_t *pamh, int flags,
 		   int argc UNUSED, const char **argv UNUSED)
 {
-    log_items(pamh, __FUNCTION__);
+    log_items(pamh, __FUNCTION__, flags);
     return PAM_IGNORE;
 }
 
 /* password updating functions */
 
 PAM_EXTERN
-int pam_sm_chauthtok(pam_handle_t *pamh, int flags UNUSED,
+int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
 		     int argc UNUSED, const char **argv UNUSED)
 {
-    log_items(pamh, __FUNCTION__);
+    log_items(pamh, __FUNCTION__, flags);
     return PAM_IGNORE;
 }
 
 PAM_EXTERN int
-pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED,
+pam_sm_acct_mgmt(pam_handle_t *pamh, int flags,
 		 int argc UNUSED, const char **argv UNUSED)
 {
-    log_items(pamh, __FUNCTION__);
+    log_items(pamh, __FUNCTION__, flags);
     return PAM_IGNORE;
 }
 
 PAM_EXTERN int
-pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
+pam_sm_open_session(pam_handle_t *pamh, int flags,
 		    int argc UNUSED, const char **argv UNUSED)
 {
-    log_items(pamh, __FUNCTION__);
+    log_items(pamh, __FUNCTION__, flags);
     return PAM_IGNORE;
 }
 
 PAM_EXTERN int
-pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED,
+pam_sm_close_session(pam_handle_t *pamh, int flags,
 		     int argc UNUSED, const char **argv UNUSED)
 {
-    log_items(pamh, __FUNCTION__);
+    log_items(pamh, __FUNCTION__, flags);
     return PAM_IGNORE;
 }