diff --git a/pam.changes b/pam.changes
index 9e67946..cd646e3 100644
--- a/pam.changes
+++ b/pam.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Feb  5 17:28:25 CET 2013 - kukuk@suse.de
+
+- Update pam_unix-login.defs.diff patch to the final upstream
+  version.
+
 -------------------------------------------------------------------
 Tue Feb  5 14:09:06 CET 2013 - kukuk@suse.de
 
diff --git a/pam_unix-login.defs.diff b/pam_unix-login.defs.diff
index b13e1ab..613683a 100644
--- a/pam_unix-login.defs.diff
+++ b/pam_unix-login.defs.diff
@@ -1,15 +1,63 @@
-2013-02-05  Thorsten Kukuk  <kukuk@thkukuk.de>
-
 Use hash from /etc/login.defs as default if no
 other one is specified as argument.
 
 * modules/pam_unix/support.c: Add search_key, call from __set_ctrl
 * modules/pam_unix/support.h: Add define for /etc/login.defs
 * modules/pam_unix/pam_unix.8.xml: Document new behavior.
+* modules/pam_umask/pam_umask.c: Add missing NULL pointer check
 
---- modules/pam_unix/support.c
-+++ modules/pam_unix/support.c
-@@ -37,6 +37,76 @@
+diff --git a/modules/pam_umask/pam_umask.c b/modules/pam_umask/pam_umask.c
+index 6d2ec1a..863f038 100644
+--- a/modules/pam_umask/pam_umask.c
++++ b/modules/pam_umask/pam_umask.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2005, 2006, 2007, 2010 Thorsten Kukuk <kukuk@thkukuk.de>
++ * Copyright (c) 2005, 2006, 2007, 2010, 2013 Thorsten Kukuk <kukuk@thkukuk.de>
+  *
+  * Redistribution and use in source and binary forms, with or without
+  * modification, are permitted provided that the following conditions
+@@ -112,6 +112,10 @@ search_key (const char *filename)
+         {
+           buflen = BUF_SIZE;
+           buf = malloc (buflen);
++	  if (buf == NULL) {
++	    fclose (fp);
++	    return NULL;
++	  }
+         }
+       buf[0] = '\0';
+       if (fgets (buf, buflen - 1, fp) == NULL)
+diff --git a/modules/pam_unix/pam_unix.8.xml b/modules/pam_unix/pam_unix.8.xml
+index 0a42d7a..9ce084e 100644
+--- a/modules/pam_unix/pam_unix.8.xml
++++ b/modules/pam_unix/pam_unix.8.xml
+@@ -81,7 +81,9 @@
+ 
+     <para>
+       The password component of this module performs the task of updating
+-      the user's password.
++      the user's password. The default encryption hash is taken from the
++      <emphasis remap='B'>ENCRYPT_METHOD</emphasis> variable from
++      <emphasis>/etc/login.defs</emphasis>
+     </para>
+ 
+     <para>
+@@ -393,6 +395,9 @@ session    required   pam_unix.so
+     <title>SEE ALSO</title>
+     <para>
+       <citerefentry>
++	<refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
++      </citerefentry>,
++      <citerefentry>
+ 	<refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
+       </citerefentry>,
+       <citerefentry>
+diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
+index ab04535..527c380 100644
+--- a/modules/pam_unix/support.c
++++ b/modules/pam_unix/support.c
+@@ -37,6 +37,80 @@
  #define SELINUX_ENABLED 0
  #endif
  
@@ -39,6 +87,10 @@ other one is specified as argument.
 +        {
 +          buflen = BUF_SIZE;
 +          buf = malloc (buflen);
++	  if (buf == NULL) {
++	    fclose (fp);
++	    return NULL;
++	  }
 +        }
 +      buf[0] = '\0';
 +      if (fgets (buf, buflen - 1, fp) == NULL)
@@ -86,7 +138,7 @@ other one is specified as argument.
  /* this is a front-end for module-application conversations */
  
  int _make_remark(pam_handle_t * pamh, unsigned int ctrl,
-@@ -58,6 +128,8 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds,
+@@ -58,6 +132,8 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds,
  	      int *pass_min_len, int argc, const char **argv)
  {
  	unsigned int ctrl;
@@ -95,7 +147,7 @@ other one is specified as argument.
  
  	D(("called."));
  
-@@ -81,10 +153,27 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds,
+@@ -81,10 +157,28 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds,
  		D(("SILENT"));
  		set(UNIX__QUIET, ctrl);
  	}
@@ -110,11 +162,12 @@ other one is specified as argument.
 +	    }
 +	  }
 +	  if (j >= UNIX_CTRLS_) {
-+	    pam_syslog(pamh, LOG_WARNING, "unrecognized ENCRYPTION_METHOD value [%s]", val);
++	    pam_syslog(pamh, LOG_WARNING, "unrecognized ENCRYPT_METHOD value [%s]", val);
 +	  } else {
 +	    ctrl &= unix_args[j].mask;	/* for turning things off */
 +	    ctrl |= unix_args[j].flag;	/* for turning things on  */
 +	  }
++	  free (val);
 +	}
 +
  	/* now parse the arguments to this module */
@@ -124,8 +177,10 @@ other one is specified as argument.
  
  		D(("pam_unix arg: %s", *argv));
  
---- modules/pam_unix/support.h
-+++ modules/pam_unix/support.h
+diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h
+index db4cd95..d21e349 100644
+--- a/modules/pam_unix/support.h
++++ b/modules/pam_unix/support.h
 @@ -8,6 +8,12 @@
  #include <pwd.h>
  
@@ -139,26 +194,3 @@ other one is specified as argument.
   * here is the string to inform the user that the new passwords they
   * typed were not the same.
   */
---- modules/pam_unix/pam_unix.8.xml
-+++ modules/pam_unix/pam_unix.8.xml
-@@ -81,7 +81,9 @@
- 
-     <para>
-       The password component of this module performs the task of updating
--      the user's password.
-+      the user's password. The default encryption hash is taken from the
-+      <emphasis remap='B'>ENCYPTION_METHOD</emphasis> variable from
-+      <emphasis>/etc/login.defs</emphasis>
-     </para>
- 
-     <para>
-@@ -393,6 +395,9 @@ session    required   pam_unix.so
-     <title>SEE ALSO</title>
-     <para>
-       <citerefentry>
-+	<refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
-+      </citerefentry>,
-+      <citerefentry>
- 	<refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
-       </citerefentry>,
-       <citerefentry>