- Update to 1.5.0

- obsoletes pam-bsc1178727-initialize-daysleft.patch
  - Multiple minor bug fixes, portability fixes, and documentation improvements.
  - Extended libpam API with pam_modutil_check_user_in_passwd function.
  - pam_faillock: changed /run/faillock/$USER permissions from 0600 to 0660.
  - pam_motd: read motd files with target user credentials skipping unreadable ones.
  - pam_pwhistory: added a SELinux helper executable.
  - pam_unix, pam_usertype: implemented avoidance of certain timing attacks.
  - pam_wheel: implemented PAM_RUSER fallback for the case when getlogin fails.
  - pam_env: Reading of the user environment is deprecated and will be removed
             at some point in the future.
  - libpam: pam_modutil_drop_priv() now correctly sets the target user's
    supplementary groups, allowing pam_motd to filter messages accordingly
- Refresh pam-xauth_ownership.patch
- pam_tally2-removal.patch: Re-add pam_tally2 for deprecated sub-package
- pam_cracklib-removal.patch: Re-add pam_cracklib for deprecated sub-package

OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=228

pam-xauth_ownership.patch

@@ -1,8 +1,7 @@
-Index: Linux-PAM-1.4.0/modules/pam_xauth/pam_xauth.c
-===================================================================
---- Linux-PAM-1.4.0.orig/modules/pam_xauth/pam_xauth.c
-+++ Linux-PAM-1.4.0/modules/pam_xauth/pam_xauth.c
-@@ -355,11 +355,13 @@ pam_sm_open_session (pam_handle_t *pamh,
+diff -urN Linux-PAM-1.5.0/modules/pam_xauth/pam_xauth.c Linux-PAM-1.5.0.xauth/modules/pam_xauth/pam_xauth.c
+--- Linux-PAM-1.5.0/modules/pam_xauth/pam_xauth.c	2020-11-10 16:46:13.000000000 +0100
++++ Linux-PAM-1.5.0.xauth/modules/pam_xauth/pam_xauth.c	2020-11-19 11:50:54.176925556 +0100
+@@ -355,11 +355,13 @@
  	char *cookiefile = NULL, *xauthority = NULL,
  	     *cookie = NULL, *display = NULL, *tmp = NULL,
  	     *xauthlocalhostname = NULL;
@@ -18,7 +17,7 @@ Index: Linux-PAM-1.4.0/modules/pam_xauth/pam_xauth.c
  
  	/* Parse arguments.  We don't understand many, so no sense in breaking
  	 * this into a separate function. */
-@@ -429,7 +431,16 @@ pam_sm_open_session (pam_handle_t *pamh,
+@@ -429,7 +431,16 @@
  		retval = PAM_SESSION_ERR;
  		goto cleanup;
  	}
@@ -36,7 +35,7 @@ Index: Linux-PAM-1.4.0/modules/pam_xauth/pam_xauth.c
  	if (rpwd == NULL) {
  		pam_syslog(pamh, LOG_ERR,
  			   "error determining invoking user's name");
-@@ -518,18 +529,26 @@ pam_sm_open_session (pam_handle_t *pamh,
+@@ -518,18 +529,26 @@
  			   cookiefile);
  	}
  
@@ -67,8 +66,8 @@ Index: Linux-PAM-1.4.0/modules/pam_xauth/pam_xauth.c
 +			  xauth, "-i", "-f", cookiefile, "nlist", display,
  			  NULL) == 0) {
  #ifdef WITH_SELINUX
- 		security_context_t context = NULL;
-@@ -583,12 +602,12 @@ pam_sm_open_session (pam_handle_t *pamh,
+ 		char *context_raw = NULL;
+@@ -583,12 +602,12 @@
  						       cookiefile,
  						       "nlist",
  						       t,
@@ -85,7 +84,7 @@ Index: Linux-PAM-1.4.0/modules/pam_xauth/pam_xauth.c
  						      "nlist", t, NULL);
  				}
  				free(t);
-@@ -673,13 +692,17 @@ pam_sm_open_session (pam_handle_t *pamh,
+@@ -673,13 +692,17 @@
  			goto cleanup;
  		}