diff --git a/_servicedata b/_servicedata
index bf2e116..ea102f1 100644
--- a/_servicedata
+++ b/_servicedata
@@ -1,6 +1,6 @@
 <servicedata>
   <service name="tar_scm">
     <param name="url">git://github.com/linux-pam/linux-pam.git</param>
-    <param name="changesrevision">e31dd6c7d0faa7a06d3ebd50a0b6957b9f822d15</param>
+    <param name="changesrevision">ea78d6764353c5510b235846452e6810d009b78e</param>
  </service>
 </servicedata>
\ No newline at end of file
diff --git a/libeconf.patch b/libeconf.patch
new file mode 100644
index 0000000..e2e943b
--- /dev/null
+++ b/libeconf.patch
@@ -0,0 +1,74 @@
+diff --git a/libpam/Makefile.am b/libpam/Makefile.am
+index 875031e..9f27c16 100644
+--- a/libpam/Makefile.am
++++ b/libpam/Makefile.am
+@@ -3,7 +3,8 @@
+ #
+ 
+ AM_CFLAGS = -DDEFAULT_MODULE_PATH=\"$(SECUREDIR)/\" -DLIBPAM_COMPILE \
+-	-I$(srcdir)/include $(LIBPRELUDE_CFLAGS) -DPAM_VERSION=\"$(VERSION)\"
++	-I$(srcdir)/include $(LIBPRELUDE_CFLAGS) \
++	-DPAM_VERSION=\"$(VERSION)\" @ECONF_CFLAGS@
+ if HAVE_LIBSELINUX
+   AM_CFLAGS += -D"WITH_SELINUX"
+ endif
+@@ -21,7 +22,7 @@ noinst_HEADERS = pam_prelude.h pam_private.h pam_tokens.h \
+ 		pam_modutil_private.h
+ 
+ libpam_la_LDFLAGS = -no-undefined -version-info 84:2:84
+-libpam_la_LIBADD = @LIBAUDIT@ $(LIBPRELUDE_LIBS) @LIBDL@
++libpam_la_LIBADD = @LIBAUDIT@ $(LIBPRELUDE_LIBS) @LIBDL@ @ECONF_LIBS@
+ 
+ if HAVE_VERSIONING
+   libpam_la_LDFLAGS += -Wl,--version-script=$(srcdir)/libpam.map
+diff --git a/libpam/pam_modutil_searchkey.c b/libpam/pam_modutil_searchkey.c
+index 338b44f..8e4061f 100644
+--- a/libpam/pam_modutil_searchkey.c
++++ b/libpam/pam_modutil_searchkey.c
+@@ -13,9 +13,34 @@
+ #include <string.h>
+ #include <stdlib.h>
+ #include <ctype.h>
++#ifdef USE_ECONF
++#include <libeconf.h>
++#endif
+ 
+ #define BUF_SIZE 8192
+ 
++#ifdef USE_ECONF
++#define LOGIN_DEFS "/etc/login.defs"
++
++static char *
++econf_search_key (const char *name, const char *suffix, const char *key)
++{
++  econf_file *key_file = NULL;
++  char *val;
++
++  if (econf_readDirs (&key_file, "/usr/etc", "/etc", name, suffix, " \t", "#"))
++    return NULL;
++
++  if (econf_getStringValue (key_file, NULL, key, &val))
++    return NULL;
++
++  econf_free (key_file);
++
++  return val;
++}
++
++#endif
++
+ /* lookup a value for key in login.defs file or similar key value format */
+ char *
+ pam_modutil_search_key(pam_handle_t *pamh UNUSED,
+@@ -27,6 +52,11 @@ pam_modutil_search_key(pam_handle_t *pamh UNUSED,
+ 	size_t buflen = 0;
+ 	char *retval = NULL;
+ 
++#ifdef USE_ECONF
++	if (strcmp (file_name, LOGIN_DEFS) == 0)
++	  return econf_search_key ("login", ".defs", key);
++#endif
++
+ 	fp = fopen(file_name, "r");
+ 	if (NULL == fp)
+ 		return NULL;
diff --git a/linux-pam-1.3.1+git20190807.e31dd6c.tar.xz b/linux-pam-1.3.1+git20190807.e31dd6c.tar.xz
deleted file mode 100644
index 71e65e1..0000000
--- a/linux-pam-1.3.1+git20190807.e31dd6c.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:5203477a4c8ea91e038e08f18efeb3836aa7b395de8b518f405eb3f43ea7fdbf
-size 530264
diff --git a/linux-pam-1.3.1+git20190923.ea78d67.tar.xz b/linux-pam-1.3.1+git20190923.ea78d67.tar.xz
new file mode 100644
index 0000000..bb14cc8
--- /dev/null
+++ b/linux-pam-1.3.1+git20190923.ea78d67.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a56e27836c298e46b09e14d6d3aaa78d1e9e02dee8785818141ea73fa4e4622f
+size 970564
diff --git a/linux-pam-man-pages-1.3.1+git20190807.e31dd6c.tar.xz b/linux-pam-man-pages-1.3.1+git20190807.e31dd6c.tar.xz
deleted file mode 100644
index 6e424fe..0000000
--- a/linux-pam-man-pages-1.3.1+git20190807.e31dd6c.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:89397d7cb52e6a331b766d6219c6aaf3e3cc57c384ef8223f10c1f0ff4217bac
-size 64012
diff --git a/pam.changes b/pam.changes
index e52b4d2..36d5586 100644
--- a/pam.changes
+++ b/pam.changes
@@ -1,3 +1,34 @@
+-------------------------------------------------------------------
+Tue Sep 24 11:15:19 UTC 2019 - kukuk@suse.com
+
+- Update to version 1.3.1+git20190923.ea78d67:
+  * Fixed missing quotes in configure script
+  * Add support for a vendor directory and libeconf (#136)
+  * pam_lastlog: document the 'unlimited' option
+  * pam_lastlog: prevent crash due to reduced 'fsize' limit
+  * pam_unix_sess.c add uid for opening session
+  * Fix the man page for "pam_fail_delay()"
+  * Fix a typo
+  * Update a function comment
+- drop usr-etc-support.patch (accepted upstream)
+
+-------------------------------------------------------------------
+Thu Sep  5 10:09:05 CEST 2019 - kukuk@suse.de
+
+- Add migration support from /etc to /usr/etc during upgrade
+
+-------------------------------------------------------------------
+Wed Sep 04 19:06:01 UTC 2019 - kukuk@suse.com
+
+- Update to version 1.3.1+git20190902.9de67ee:
+  * pwhistory: fix read of uninitialized data and memory leak when modifying opasswd
+
+-------------------------------------------------------------------
+Tue Aug 27 18:41:10 UTC 2019 - kukuk@suse.com
+
+- Update to version 1.3.1+git20190826.1b087ed:
+  * libpam/pam_modutil_sanitize.c: optimize the way to close fds
+
 -------------------------------------------------------------------
 Thu Aug 22 20:29:24 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
 
diff --git a/pam.spec b/pam.spec
index b22d1dd..2b53dfe 100644
--- a/pam.spec
+++ b/pam.spec
@@ -16,6 +16,11 @@
 #
 
 
+%if ! %{defined _distconfdir}
+  %define _distconfdir %{_sysconfdir}
+  %define config_noreplace 1
+%endif
+
 #
 %define enable_selinux 1
 %define libpam_so_version 0.84.2
@@ -23,7 +28,7 @@
 %define libpamc_so_version 0.82.1
 Name:           pam
 #
-Version:        1.3.1+git20190807.e31dd6c
+Version:        1.3.1+git20190923.ea78d67
 Release:        0
 Summary:        A Security Tool that Provides Authentication for Applications
 License:        GPL-2.0-or-later OR BSD-3-Clause
@@ -31,7 +36,6 @@ Group:          System/Libraries
 URL:            http://www.linux-pam.org/
 Source:         linux-pam-%{version}.tar.xz
 Source1:        Linux-PAM-1.3.1-docs.tar.xz
-Source2:        linux-pam-man-pages-1.3.1+git20190807.e31dd6c.tar.xz
 Source3:        other.pamd
 Source4:        common-auth.pamd
 Source5:        common-account.pamd
@@ -46,7 +50,6 @@ Patch0:         fix-man-links.dif
 Patch2:         pam-limit-nproc.patch
 Patch4:         pam-hostnames-in-access_conf.patch
 Patch5:         use-correct-IP-address.patch
-Patch6:         usr-etc-support.patch
 BuildRequires:  audit-devel
 # Remove with next version update:
 BuildRequires:  autoconf
@@ -64,6 +67,7 @@ Requires(post): permissions
 %if 0%{?suse_version} > 1320
 BuildRequires:  libdb-4_8-devel
 BuildRequires:  xz
+BuildRequires:  pkgconfig(libeconf)
 BuildRequires:  pkgconfig(libnsl)
 BuildRequires:  pkgconfig(libtirpc)
 %endif
@@ -109,14 +113,13 @@ This package contains header files and static libraries used for
 building both PAM-aware applications and modules for use with PAM.
 
 %prep
-%setup -q -n linux-pam-%{version} -b 1 -a 2
+%setup -q -n linux-pam-%{version} -b 1
 cp -av ../Linux-PAM-1.3.1/* .
 cp -a %{SOURCE12} .
 %patch0 -p1
 %patch2 -p1
 %patch4
 %patch5 -p1
-%patch6
 
 %build
 bash ./pam-login_defs-check.sh
@@ -130,7 +133,8 @@ export CFLAGS="%{optflags} -DNDEBUG"
 	--pdfdir=%{_docdir}/pam/pdf \
         --libdir=/%{_lib} \
 	--enable-isadir=../../%{_lib}/security \
-        --enable-securedir=/%{_lib}/security
+        --enable-securedir=/%{_lib}/security \
+	--enable-vendordir=%{_distconfdir}
 make %{?_smp_mflags}
 gcc -fwhole-program -fpie -pie -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE %{optflags} -I%{_builddir}/linux-pam-%{version}/libpam/include %{SOURCE10} -o %{_builddir}/unix2_chkpwd -L%{_builddir}/linux-pam-%{version}/libpam/.libs/ -lpam
 
@@ -139,7 +143,7 @@ make %{?_smp_mflags} check
 
 %install
 mkdir -p %{buildroot}%{_sysconfdir}/pam.d
-mkdir -p %{buildroot}%{_prefix}%{_sysconfdir}/pam.d
+mkdir -p %{buildroot}%{_distconfdir}/pam.d
 mkdir -p %{buildroot}%{_includedir}/security
 mkdir -p %{buildroot}/%{_lib}/security
 mkdir -p %{buildroot}/sbin
@@ -149,20 +153,20 @@ mkdir -p -m 755 %{buildroot}%{_libdir}
 # Install documentation
 %make_install -C doc
 # install securetty
-install -m 644 %{SOURCE8} %{buildroot}%{_sysconfdir}
+install -m 644 %{SOURCE8} %{buildroot}%{_distconfdir}
 %ifarch s390 s390x
 for i in ttyS0 ttyS1 hvc0 hvc1 hvc2 hvc3 hvc4 hvc5 hvc6 hvc7 sclp_line0 ttysclp0; do
-	echo "$i" >>%{buildroot}/%{_sysconfdir}/securetty
+	echo "$i" >>%{buildroot}/%{_distconfdir}/securetty
 done
 %endif
 # install /etc/security/namespace.d used by pam_namespace.so for namespace.conf iscript
 install -d %{buildroot}%{_sysconfdir}/security/namespace.d
 # install other.pamd and common-*.pamd
-install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/pam.d/other
-install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/common-auth
-install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/pam.d/common-account
-install -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/pam.d/common-password
-install -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/pam.d/common-session
+install -m 644 %{SOURCE3} %{buildroot}%{_distconfdir}/pam.d/other
+install -m 644 %{SOURCE4} %{buildroot}%{_distconfdir}/pam.d/common-auth
+install -m 644 %{SOURCE5} %{buildroot}%{_distconfdir}/pam.d/common-account
+install -m 644 %{SOURCE6} %{buildroot}%{_distconfdir}/pam.d/common-password
+install -m 644 %{SOURCE7} %{buildroot}%{_distconfdir}/pam.d/common-session
 rm %{buildroot}/%{_lib}/libpam.so
 ln -sf ../../%{_lib}/libpam.so.%{libpam_so_version} %{buildroot}%{_libdir}/libpam.so
 rm %{buildroot}/%{_lib}/libpamc.so
@@ -210,15 +214,32 @@ install -m 644 %{_sourcedir}/unix2_chkpwd.8 %{buildroot}/%{_mandir}/man8/
 
 %postun -p /sbin/ldconfig
 
+%pre
+for i in securetty pam.d/other pam.d/common-account pam.d/common-auth pam.d/common-password pam.d/common-session ; do
+  test -f /etc/${i}.rpmsave && mv -v /etc/${i}.rpmsave /etc/${i}.rpmsave.old ||:
+done
+
+%posttrans
+# Migration to /usr/etc.
+for i in securetty pam.d/other pam.d/common-account pam.d/common-auth pam.d/common-password pam.d/common-session ; do
+  test -f /etc/${i}.rpmsave && mv -v /etc/${i}.rpmsave /etc/${i} ||:
+done
+
 %files -f Linux-PAM.lang
 %dir %{_sysconfdir}/pam.d
-%dir %{_prefix}%{_sysconfdir}/pam.d
+%dir %{_distconfdir}/pam.d
 %dir %{_sysconfdir}/security
 %dir %{_sysconfdir}/security/limits.d
 %dir %{_defaultdocdir}/pam
+%if %{defined config_noreplace}
 %config(noreplace) %{_sysconfdir}/pam.d/other
 %config(noreplace) %{_sysconfdir}/pam.d/common-*
 %config(noreplace) %{_sysconfdir}/securetty
+%else
+%{_distconfdir}/pam.d/other
+%{_distconfdir}/pam.d/common-*
+%{_distconfdir}/securetty
+%endif
 %config(noreplace) %{_sysconfdir}/environment
 %config(noreplace) %{_sysconfdir}/security/access.conf
 %config(noreplace) %{_sysconfdir}/security/group.conf
diff --git a/usr-etc-support.patch b/usr-etc-support.patch
deleted file mode 100644
index 631b095..0000000
--- a/usr-etc-support.patch
+++ /dev/null
@@ -1,81 +0,0 @@
---- doc/man/pam.8.xml
-+++ doc/man/pam.8.xml	2019/08/16 13:37:44
-@@ -53,11 +53,13 @@
- 
-     <para>
-       Vendor-supplied PAM configuration files might be installed in
--      the system directory <filename>/usr/lib/pam.d/</filename> instead
-+      the system directory <filename>/usr/lib/pam.d/</filename> or
-+      <filename>/usr/etc/pam.d/</filename> instead
-       of the machine configuration directory <filename>/etc/pam.d/</filename>.
-       If no machine configuration file is found, the vendor-supplied file
-       is used. All files in <filename>/etc/pam.d/</filename> override
--      files with the same name in <filename>/usr/lib/pam.d/</filename>.
-+      files with the same name in <filename>/usr/lib/pam.d/</filename>,
-+      which override files with the same name in <filename>/usr/etc/pam.d/</filename>.
-     </para>
- 
- <para>From the point of view of the system administrator, for whom this
-@@ -157,6 +159,16 @@
-           </para>
-         </listitem>
-       </varlistentry>
-+      <term><filename>/usr/etc/pam.d</filename></term>
-+        <listitem>
-+          <para>
-+            the <emphasis remap='B'>Linux-PAM</emphasis> vendor configuration
-+	    directory. Files in <filename>/etc/pam.d</filename> and
-+	    <filename>/usr/lib/pam.d</filename> override files with the same
-+	    name in this directory.
-+          </para>
-+        </listitem>
-+      </varlistentry>
-     </variablelist>
-   </refsect1>
- 
---- libpam/pam_handlers.c
-+++ libpam/pam_handlers.c	2019/08/16 13:35:31
-@@ -329,6 +329,21 @@
- 	    *file = f;
- 	    return PAM_SUCCESS;
-     }
-+
-+    /* System Configuration /usr/etc/pam.d/ */
-+    _pam_drop(p);
-+    if (asprintf (&p, PAM_CONFIG_DIST2_DF, service) < 0) {
-+        pam_syslog(pamh, LOG_CRIT, "asprintf failed");
-+        return PAM_BUF_ERR;
-+    }
-+    D(("opening %s", p));
-+    f = fopen(p, "r");
-+    if (f != NULL) {
-+            *path = p;
-+            *file = f;
-+            return PAM_SUCCESS;
-+    }
-+
-     _pam_drop(p);
- 
-     return PAM_ABORT;
-@@ -447,7 +462,8 @@
- 
- 	/* Is there a PAM_CONFIG_D directory? */
- 	if ((stat(PAM_CONFIG_D, &test_d) == 0 && S_ISDIR(test_d.st_mode)) ||
--	    (stat(PAM_CONFIG_DIST_D, &test_d) == 0 && S_ISDIR(test_d.st_mode))) {
-+	    (stat(PAM_CONFIG_DIST_D, &test_d) == 0 && S_ISDIR(test_d.st_mode)) ||
-+	    (stat(PAM_CONFIG_DIST2_D, &test_d) == 0 && S_ISDIR(test_d.st_mode))) {
- 	    char *path = NULL;
- 	    int read_something=0;
- 
---- libpam/pam_private.h
-+++ libpam/pam_private.h	2019/08/16 13:33:04
-@@ -29,6 +29,9 @@
- #define PAM_CONFIG_DF      "/etc/pam.d/%s"
- #define PAM_CONFIG_DIST_D  "/usr/lib/pam.d"
- #define PAM_CONFIG_DIST_DF "/usr/lib/pam.d/%s"
-+#define PAM_CONFIG_DIST2_D  "/usr/etc/pam.d"
-+#define PAM_CONFIG_DIST2_DF "/usr/etc/pam.d/%s"
-+
- 
- #define PAM_DEFAULT_SERVICE        "other"     /* lower case */
-