update pam 1.3.1, probably fixed issue with systemd-nspawn and lxc containers

2025-02-23 16:32:51 +00:00 · 2020-05-11 23:29:40 +00:00 · 2020-05-11 23:29:40 +00:00 · 038cf86210
commit 038cf86210
parent 0ef3e4d71d
19 changed files with 80 additions and 2640 deletions
--- a/.abf.yml
+++ b/.abf.yml
@ -1,3 +1,3 @@
 sources:
-  Linux-PAM-1.3.0.tar.bz2: e956252e81d824c35a60c9b50919ca0767f8a8ec
+  Linux-PAM-1.3.1.tar.xz: e89b6d279c9bf8cb495dfc0b3f3931eb50f818e9
-  pam-redhat-0.99.11.tar.bz2: 42206fe8319723ef23ab646b2eab496c86de3f5b
+  pam-redhat-1.1.1.tar.bz2: c97c3e0a4f488453eda2683d30fe4d63e41538c9
--- a/Linux-PAM-0.99.11-pbuild-rh.patch
+++ b/Linux-PAM-0.99.11-pbuild-rh.patch
@ -1,12 +0,0 @@
 diff -urN Linux-PAM-1.3.0/modules/pam_console/Makefile.am Linux-PAM-1.3.0-patched/modules/pam_console/Makefile.am
 --- Linux-PAM-1.3.0/modules/pam_console/Makefile.am	2014-02-01 00:17:53.000000000 +1100
 +++ Linux-PAM-1.3.0-patched/modules/pam_console/Makefile.am	2016-09-19 17:27:50.713209337 +1000
@@ -50,6 +50,8 @@
 pam_console_la_CFLAGS = $(AM_CFLAGS)
 pam_console_apply_CFLAGS = $(AM_CFLAGS)
 +configfile.tab.h: configfile.tab.c
 +
 configfile.tab.c: configfile.y
 	$(YACC) $(BISON_OPTS) -o $@ -p _pc_yy $<
 	sh $(srcdir)/sed-static $@
--- a/Linux-PAM-0.99.3.0-enable_rt.patch
+++ b/Linux-PAM-0.99.3.0-enable_rt.patch
@ -1,12 +0,0 @@
 --- Linux-PAM-0.99.3.0/modules/pam_limits/limits.conf.enable_rt	2005-08-16 16:02:28.000000000 +0200
 +++ Linux-PAM-0.99.3.0/modules/pam_limits/limits.conf	2006-01-28 14:51:28.000000000 +0100
@@ -47,4 +47,9 @@
 #ftp             hard    nproc           0
 #@student        -       maxlogins       4
 +*               -       rtprio           0
 +*               -       nice             0
 +@audio          -       rtprio           50
 +@audio          -       nice             -10
 +
 # End of file
--- a/Linux-PAM-1.1.4-group_add_users.patch
+++ b/Linux-PAM-1.1.4-group_add_users.patch
@ -4,7 +4,7 @@
 #xsh; tty* ;%admin;Al0000-2400;plugdev
-+*;*;*;Al0000-2400;users, lp
+*;*;*;Al0000-2400;users
 +
 #
 # End of group.conf file
--- a/pam-1.1.0-console-nochmod.patch
+++ b/pam-1.1.0-console-nochmod.patch
@ -1,26 +0,0 @@
 diff -up Linux-PAM-1.1.0/modules/pam_console/console.handlers.nochmod Linux-PAM-1.1.0/modules/pam_console/console.handlers
 --- Linux-PAM-1.1.0/modules/pam_console/console.handlers.nochmod	2008-12-16 13:37:52.000000000 +0100
 +++ Linux-PAM-1.1.0/modules/pam_console/console.handlers	2009-09-01 17:20:08.000000000 +0200
@@ -15,5 +15,3 @@
 # touch unlock wait /var/run/console-unlocked
 console consoledevs tty[0-9][0-9]* vc/[0-9][0-9]* :[0-9]+\.[0-9]+ :[0-9]+
 -/sbin/pam_console_apply lock logfail wait -t tty -s
 -/sbin/pam_console_apply unlock logfail wait -r -t tty -s
 diff -up Linux-PAM-1.1.0/modules/pam_console/Makefile.am.nochmod Linux-PAM-1.1.0/modules/pam_console/Makefile.am
 --- Linux-PAM-1.1.0/modules/pam_console/Makefile.am.nochmod	2008-12-16 13:37:52.000000000 +0100
 +++ Linux-PAM-1.1.0/modules/pam_console/Makefile.am	2009-09-01 17:42:47.000000000 +0200
@@ -38,7 +38,6 @@ sbin_PROGRAMS = pam_console_apply
 secureconf_DATA = console.perms console.handlers
 -permsd_DATA = 50-default.perms
 FLEX_OPTS = -Cr
 BISON_OPTS = -d
@@ -62,4 +61,5 @@ configfile.c: configfile.tab.c configfil
 install-data-local:
 	mkdir -p $(DESTDIR)$(secureconfdir)/console.apps
 +	mkdir -p $(DESTDIR)$(permsddir)
 	mkdir -m $(LOCKMODE) -p -p $(DESTDIR)$(LOCKDIR)
--- a/pam-1.1.0-console-nopermsd.patch
+++ b/pam-1.1.0-console-nopermsd.patch
@ -1,11 +0,0 @@
 --- Linux-PAM-1.1.0/modules/pam_console/pam_console_apply.c.error	2009-10-06 17:34:02.000000000 +0200
 +++ Linux-PAM-1.1.0/modules/pam_console/pam_console_apply.c	2009-10-06 17:39:14.000000000 +0200
@@ -65,7 +65,7 @@ parse_files(void)
 	on system locale */
 	oldlocale = setlocale(LC_COLLATE, "C");
 -	rc = glob(PERMS_GLOB, GLOB_NOCHECK, NULL, &globbuf);
 +	rc = glob(PERMS_GLOB, 0, NULL, &globbuf);
 	setlocale(LC_COLLATE, oldlocale);
 	if (rc)
 		return;
--- a/pam-1.1.0-notally.patch
+++ b/pam-1.1.0-notally.patch
@ -1,12 +0,0 @@
 diff -up Linux-PAM-1.1.0/modules/Makefile.am.notally Linux-PAM-1.1.0/modules/Makefile.am
 --- Linux-PAM-1.1.0/modules/Makefile.am.notally	2009-07-27 17:39:25.000000000 +0200
 +++ Linux-PAM-1.1.0/modules/Makefile.am	2009-09-01 17:40:16.000000000 +0200
@@ -10,7 +10,7 @@ SUBDIRS = pam_access pam_cracklib pam_de
 	pam_mkhomedir pam_motd pam_namespace pam_nologin \
 	pam_permit pam_pwhistory pam_rhosts pam_rootok pam_securetty \
 	pam_selinux pam_sepermit pam_shells pam_stress \
 -	pam_succeed_if pam_tally pam_tally2 pam_time pam_timestamp \
 +	pam_succeed_if pam_tally2 pam_time pam_timestamp \
 	pam_tty_audit pam_umask \
 	pam_unix pam_userdb pam_warn pam_wheel pam_xauth
--- a/pam-1.1.5-limits-user.patch
+++ b/pam-1.1.5-limits-user.patch
@ -1,12 +0,0 @@
 diff -up Linux-PAM-1.1.5/modules/pam_limits/limits.conf.limits Linux-PAM-1.1.5/modules/pam_limits/limits.conf
 --- Linux-PAM-1.1.5/modules/pam_limits/limits.conf.limits	2011-06-21 11:04:56.000000000 +0200
 +++ Linux-PAM-1.1.5/modules/pam_limits/limits.conf	2011-12-21 09:09:17.000000000 +0100
@@ -1,5 +1,8 @@
 # /etc/security/limits.conf
 #
 +#This file sets the resource limits for the users logged in via PAM.
 +#It does not affect resource limits of the system services.
 +#
 #Each line describes a limit for a user in the form:
 #
 #<domain>        <type>  <item>  <value>
--- a/pam-1.1.6-noflex.patch
+++ b/pam-1.1.6-noflex.patch
@ -1,24 +0,0 @@
 diff -up Linux-PAM-1.1.6/doc/Makefile.am.noflex Linux-PAM-1.1.6/doc/Makefile.am
 --- Linux-PAM-1.1.6/doc/Makefile.am.noflex	2012-08-15 13:08:43.000000000 +0200
 +++ Linux-PAM-1.1.6/doc/Makefile.am	2012-08-17 14:13:11.904949748 +0200
@@ -2,7 +2,7 @@
 # Copyright (c) 2005, 2006 Thorsten Kukuk <kukuk@suse.de>
 #
 -SUBDIRS = man specs sag adg mwg
 +SUBDIRS = man sag adg mwg
 CLEANFILES = *~
 diff -up Linux-PAM-1.1.6/Makefile.am.noflex Linux-PAM-1.1.6/Makefile.am
 --- Linux-PAM-1.1.6/Makefile.am.noflex	2012-08-15 13:08:43.000000000 +0200
 +++ Linux-PAM-1.1.6/Makefile.am	2012-08-17 14:15:36.705359892 +0200
@@ -4,7 +4,7 @@
 AUTOMAKE_OPTIONS = 1.9 gnu dist-bzip2 check-news
 -SUBDIRS = libpam tests libpamc libpam_misc modules po conf doc examples xtests
 +SUBDIRS = libpam tests libpamc libpam_misc modules po doc examples xtests
 CLEANFILES = *~
--- a/pam-1.1.7-unix-build.patch
+++ b/pam-1.1.7-unix-build.patch
@ -1,34 +0,0 @@
 diff -up Linux-PAM-1.1.5/modules/pam_unix/pam_unix_acct.c.build Linux-PAM-1.1.5/modules/pam_unix/pam_unix_acct.c
 --- Linux-PAM-1.1.5/modules/pam_unix/pam_unix_acct.c.build	2012-07-23 18:46:27.709804094 +0200
 +++ Linux-PAM-1.1.5/modules/pam_unix/pam_unix_acct.c	2012-07-23 18:46:27.764805293 +0200
@@ -47,6 +47,8 @@
 #include <time.h>		/* for time() */
 #include <errno.h>
 #include <sys/wait.h>
 +#include <sys/time.h>
 +#include <sys/resource.h>
 #include <security/_pam_macros.h>
 diff -up Linux-PAM-1.1.5/modules/pam_unix/pam_unix_passwd.c.build Linux-PAM-1.1.5/modules/pam_unix/pam_unix_passwd.c
 --- Linux-PAM-1.1.5/modules/pam_unix/pam_unix_passwd.c.build	2012-07-23 18:55:16.433314731 +0200
 +++ Linux-PAM-1.1.5/modules/pam_unix/pam_unix_passwd.c	2012-07-23 18:54:48.064697131 +0200
@@ -53,6 +53,7 @@
 #include <fcntl.h>
 #include <ctype.h>
 #include <sys/time.h>
 +#include <sys/resource.h>
 #include <sys/stat.h>
 #include <signal.h>
 diff -up Linux-PAM-1.1.5/modules/pam_unix/support.c.build Linux-PAM-1.1.5/modules/pam_unix/support.c
 --- Linux-PAM-1.1.5/modules/pam_unix/support.c.build	2012-07-23 18:46:27.000000000 +0200
 +++ Linux-PAM-1.1.5/modules/pam_unix/support.c	2012-07-23 18:54:23.645165507 +0200
@@ -18,6 +18,7 @@
 #include <signal.h>
 #include <ctype.h>
 #include <syslog.h>
 +#include <sys/time.h>
 #include <sys/resource.h>
 #ifdef HAVE_RPCSVC_YPCLNT_H
 #include <rpcsvc/ypclnt.h>
--- a/pam-1.2.0-redhat-modules.patch
+++ b/pam-1.2.0-redhat-modules.patch
@ -1,23 +0,0 @@
 diff -up Linux-PAM-1.2.0/configure.ac.redhat-modules Linux-PAM-1.2.0/configure.ac
 --- Linux-PAM-1.2.0/configure.ac.redhat-modules	2015-03-25 16:50:10.000000000 +0100
 +++ Linux-PAM-1.2.0/configure.ac	2015-05-15 15:46:50.996074677 +0200
@@ -616,6 +616,8 @@ AC_CONFIG_FILES([Makefile libpam/Makefil
 	libpam_misc/Makefile conf/Makefile conf/pam_conv1/Makefile \
 	po/Makefile.in \
 	modules/Makefile \
 +	modules/pam_chroot/Makefile modules/pam_console/Makefile \
 +	modules/pam_postgresok/Makefile \
 	modules/pam_access/Makefile modules/pam_cracklib/Makefile \
         modules/pam_debug/Makefile modules/pam_deny/Makefile \
 	modules/pam_echo/Makefile modules/pam_env/Makefile \
 diff -up Linux-PAM-1.2.0/modules/Makefile.am.redhat-modules Linux-PAM-1.2.0/modules/Makefile.am
 --- Linux-PAM-1.2.0/modules/Makefile.am.redhat-modules	2015-03-24 13:02:32.000000000 +0100
 +++ Linux-PAM-1.2.0/modules/Makefile.am	2015-05-15 15:46:50.995074654 +0200
@@ -3,6 +3,7 @@
 #
 SUBDIRS = pam_access pam_cracklib pam_debug pam_deny pam_echo \
 +	pam_chroot pam_console pam_postgresok \
 	pam_env pam_exec pam_faildelay pam_filter pam_ftp \
 	pam_group pam_issue pam_keyinit pam_lastlog pam_limits \
 	pam_listfile pam_localuser pam_loginuid pam_mail \
--- a/pam-1.2.0-unix-no-fallback.patch
+++ b/pam-1.2.0-unix-no-fallback.patch
@ -1,73 +0,0 @@
 diff -up Linux-PAM-1.2.0/modules/pam_unix/pam_unix.8.xml.no-fallback Linux-PAM-1.2.0/modules/pam_unix/pam_unix.8.xml
 --- Linux-PAM-1.2.0/modules/pam_unix/pam_unix.8.xml.no-fallback	2015-04-27 16:38:03.000000000 +0200
 +++ Linux-PAM-1.2.0/modules/pam_unix/pam_unix.8.xml	2015-05-15 15:54:21.524440864 +0200
@@ -284,11 +284,10 @@
         <listitem>
           <para>
             When a user changes their password next,
 -            encrypt it with the SHA256 algorithm. If the
 -            SHA256 algorithm is not known to the <citerefentry>
 +            encrypt it with the SHA256 algorithm. The
 +            SHA256 algorithm must be supported by the <citerefentry>
 	    <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
 -            </citerefentry> function,
 -            fall back to MD5.
 +            </citerefentry> function.
           </para>
         </listitem>
       </varlistentry>
@@ -299,11 +298,10 @@
         <listitem>
           <para>
             When a user changes their password next,
 -            encrypt it with the SHA512 algorithm. If the
 -            SHA512 algorithm is not known to the <citerefentry>
 +            encrypt it with the SHA512 algorithm. The
 +            SHA512 algorithm must be supported by the <citerefentry>
 	    <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
 -            </citerefentry> function,
 -            fall back to MD5.
 +            </citerefentry> function.
           </para>
         </listitem>
       </varlistentry>
@@ -314,11 +312,10 @@
         <listitem>
           <para>
             When a user changes their password next,
 -            encrypt it with the blowfish algorithm. If the
 -            blowfish algorithm is not known to the <citerefentry>
 +            encrypt it with the blowfish algorithm. The
 +            blowfish algorithm must be supported by the <citerefentry>
 	    <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
 -            </citerefentry> function,
 -            fall back to MD5.
 +            </citerefentry> function.
           </para>
         </listitem>
       </varlistentry>
 diff -up Linux-PAM-1.2.0/modules/pam_unix/passverify.c.no-fallback Linux-PAM-1.2.0/modules/pam_unix/passverify.c
 --- Linux-PAM-1.2.0/modules/pam_unix/passverify.c.no-fallback	2015-05-15 15:54:21.525440887 +0200
 +++ Linux-PAM-1.2.0/modules/pam_unix/passverify.c	2015-05-15 15:57:23.138613273 +0200
@@ -437,10 +437,9 @@ PAMH_ARG_DECL(char * create_password_has
 	sp = crypt(password, salt);
 #endif
 	if (!sp || strncmp(algoid, sp, strlen(algoid)) != 0) {
 -		/* libxcrypt/libc doesn't know the algorithm, use MD5 */
 +		/* libxcrypt/libc doesn't know the algorithm, error out */
 		pam_syslog(pamh, LOG_ERR,
 -			   "Algo %s not supported by the crypto backend, "
 -			   "falling back to MD5\n",
 +			   "Algo %s not supported by the crypto backend.\n",
 			   on(UNIX_BLOWFISH_PASS, ctrl) ? "blowfish" :
 			   on(UNIX_SHA256_PASS, ctrl) ? "sha256" :
 			   on(UNIX_SHA512_PASS, ctrl) ? "sha512" : algoid);
@@ -450,7 +449,7 @@ PAMH_ARG_DECL(char * create_password_has
 #ifdef HAVE_CRYPT_R
 		free(cdata);
 #endif
 -		return crypt_md5_wrapper(password);
 +		return NULL;
 	}
 	sp = x_strdup(sp);
 #ifdef HAVE_CRYPT_R
--- a/pam-1.2.1-faillock.patch
+++ b/pam-1.2.1-faillock.patch
--- a/pam-1.3.0-browser.patch
+++ b/pam-1.3.0-browser.patch
@ -1,6 +1,6 @@
-diff -urN Linux-PAM-1.3.0/configure.ac Linux-PAM-1.3.0-patched/configure.ac
+diff -Naur Linux-PAM-1.3.1/configure.ac Linux-PAM-1.3.1.tpg/configure.ac
--- Linux-PAM-1.3.0/configure.ac	2016-04-28 21:21:59.000000000 +1000
+--- Linux-PAM-1.3.1/configure.ac	2018-05-23 16:50:06.256872000 +0000
-+++ Linux-PAM-1.3.0-patched/configure.ac	2016-09-19 17:20:03.612168890 +1000
+++ Linux-PAM-1.3.1.tpg/configure.ac	2018-05-23 16:51:46.867112227 +0000
@@ -554,9 +554,9 @@
 JH_CHECK_XML_CATALOG([http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl],
                 [DocBook XSL Stylesheets], [], enable_docu=no)
@ -11,5 +11,5 @@ diff -urN Linux-PAM-1.3.0/configure.ac Linux-PAM-1.3.0-patched/configure.ac
 -     BROWSER="$BROWSER -T text/html -dump"
 +     BROWSER="$BROWSER"
 else
-      AC_PATH_PROG([BROWSER], [links])
+      AC_PATH_PROG([BROWSER], [elinks])
      if test ! -z "$BROWSER"; then
--- a/pam-1.3.0_ru.po
+++ b/pam-1.3.0_ru.po
@ -1,590 +0,0 @@
 # SOME DESCRIPTIVE TITLE.
 # Copyright (C) YEAR Linux-PAM Project
 # This file is distributed under the same license as the PACKAGE package.
 #
 # Translators:
 # Aleksandr Brezhnev <abrezhnev@gmail.com>, 2012
 # Andrew Martynov <andrewm@inventa.ru>, 2008
 # Yulia <yulia.poyarkova@redhat.com>, 2007,2009
 # Yulia <yulia.poyarkova@redhat.com>, 2013
 # Tomáš Mráz <tmraz@fedoraproject.org>, 2016. #zanata
 # Victor Ryzhykh <victorr2007@yandex.ru>, 2019
 # Mikhail Novosyolov <m.novosyolov@rosalinux.ru>, 2019
 msgid ""
 msgstr ""
 "Project-Id-Version: Linux-PAM\n"
 "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n"
 "POT-Creation-Date: 2015-06-22 14:16+0200\n"
 "PO-Revision-Date: 2013-04-08 09:12-0400\n"
 "Last-Translator: Yulia <yulia.poyarkova@redhat.com>\n"
 "Language-Team: Russian <trans-ru@lists.fedoraproject.org>\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Language: ru\n"
 "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
 "X-Generator: Zanata 3.8.3\n"
 #: libpam_misc/misc_conv.c:33
 msgid "...Time is running out...\n"
 msgstr "...Время истекает...\n"
 #: libpam_misc/misc_conv.c:34
 msgid "...Sorry, your time is up!\n"
 msgstr "...Извините, ваше время истекло!\n"
 #: libpam_misc/misc_conv.c:346
 #, c-format
 msgid "erroneous conversation (%d)\n"
 msgstr "ошибочный диалог (%d)\n"
 #: libpam/pam_get_authtok.c:39 modules/pam_exec/pam_exec.c:170
 #: modules/pam_userdb/pam_userdb.c:64
 msgid "Password: "
 msgstr "Пароль: "
 #: libpam/pam_get_authtok.c:41
 msgid "Current %s%spassword: "
 msgstr "Текущий %s%sпароль: "
 #: libpam/pam_get_authtok.c:43 modules/pam_cracklib/pam_cracklib.c:68
 #, c-format
 msgid "New %s%spassword: "
 msgstr "Новый %s%sпароль: "
 #: libpam/pam_get_authtok.c:45 modules/pam_cracklib/pam_cracklib.c:70
 #, c-format
 msgid "Retype new %s%spassword: "
 msgstr "Повторите ввод нового пароля %s%s: "
 #: libpam/pam_get_authtok.c:46 modules/pam_cracklib/pam_cracklib.c:71
 msgid "Sorry, passwords do not match."
 msgstr "Извините, но пароли не совпадают."
 #: libpam/pam_get_authtok.c:139 libpam/pam_get_authtok.c:220
 #, c-format
 msgid "Retype %s"
 msgstr "Повторите ввод %s"
 #: libpam/pam_get_authtok.c:164 libpam/pam_get_authtok.c:236
 msgid "Password change aborted."
 msgstr "Изменение пароля отменено."
 #: libpam/pam_item.c:311
 msgid "login:"
 msgstr "учетная запись:"
 #: libpam/pam_strerror.c:40
 msgid "Success"
 msgstr "Успех"
 #: libpam/pam_strerror.c:42
 msgid "Critical error - immediate abort"
 msgstr "Критическая ошибка -- незамедлительное прерывание операции"
 #: libpam/pam_strerror.c:44
 msgid "Failed to load module"
 msgstr "Не удалось загрузить модуль"
 #: libpam/pam_strerror.c:46
 msgid "Symbol not found"
 msgstr "Символ не найден"
 #: libpam/pam_strerror.c:48
 msgid "Error in service module"
 msgstr "Ошибка в модуле службы"
 #: libpam/pam_strerror.c:50
 msgid "System error"
 msgstr "Системная ошибка"
 #: libpam/pam_strerror.c:52
 msgid "Memory buffer error"
 msgstr "Ошибка буфера памяти"
 #: libpam/pam_strerror.c:54
 msgid "Permission denied"
 msgstr "Доступ запрещен"
 #: libpam/pam_strerror.c:56
 msgid "Authentication failure"
 msgstr "Сбой при проверке подлинности"
 #: libpam/pam_strerror.c:58
 msgid "Insufficient credentials to access authentication data"
 msgstr "Недостаточно учетных данных для доступа к данным проверки подлинности"
 #: libpam/pam_strerror.c:60
 msgid "Authentication service cannot retrieve authentication info"
 msgstr ""
 "Службе проверки подлинности не удается загрузить сведения аутентификации"
 #: libpam/pam_strerror.c:62
 msgid "User not known to the underlying authentication module"
 msgstr "Пользователь не известен базовому модулю проверки подлинности"
 #: libpam/pam_strerror.c:64
 msgid "Have exhausted maximum number of retries for service"
 msgstr "Использовано максимальное число попыток, заданное для службы"
 #: libpam/pam_strerror.c:66
 msgid "Authentication token is no longer valid; new one required"
 msgstr "Маркер проверки подлинности больше недействителен; требуется новый"
 #: libpam/pam_strerror.c:68
 msgid "User account has expired"
 msgstr "Срок действия учетной записи пользователя истек"
 #: libpam/pam_strerror.c:70
 msgid "Cannot make/remove an entry for the specified session"
 msgstr "Не удалось создать/удалить запись для указанного сеанса"
 #: libpam/pam_strerror.c:72
 msgid "Authentication service cannot retrieve user credentials"
 msgstr ""
 "Службе проверки подлинности не удается загрузить учетные данные пользователя"
 #: libpam/pam_strerror.c:74
 msgid "User credentials expired"
 msgstr "Срок действия учетных данных пользователя истек"
 #: libpam/pam_strerror.c:76
 msgid "Failure setting user credentials"
 msgstr "Сбой при настройке учетных данных пользователя"
 #: libpam/pam_strerror.c:78
 msgid "No module specific data is present"
 msgstr "Отсутствуют данные, специфичные для модуля"
 #: libpam/pam_strerror.c:80
 msgid "Bad item passed to pam_*_item()"
 msgstr "В pam_*_item() передан неверный элемент"
 #: libpam/pam_strerror.c:82
 msgid "Conversation error"
 msgstr "Ошибка диалога"
 #: libpam/pam_strerror.c:84
 msgid "Authentication token manipulation error"
 msgstr "Ошибка при операциях с маркером проверки подлинности"
 #: libpam/pam_strerror.c:86
 msgid "Authentication information cannot be recovered"
 msgstr "Не удается восстановить сведения аутентификации"
 #: libpam/pam_strerror.c:88
 msgid "Authentication token lock busy"
 msgstr "Блокировка маркера проверки подлинности занята"
 #: libpam/pam_strerror.c:90
 msgid "Authentication token aging disabled"
 msgstr "Ограничение срока действия маркера проверки подлинности отключено"
 #: libpam/pam_strerror.c:92
 msgid "Failed preliminary check by password service"
 msgstr "Службе паролей не удалось выполнить предварительную проверку"
 #: libpam/pam_strerror.c:94
 msgid "The return value should be ignored by PAM dispatch"
 msgstr "Возвращенное значение не должно учитываться при передаче в PAM"
 #: libpam/pam_strerror.c:96
 msgid "Module is unknown"
 msgstr "Неизвестный модуль"
 #: libpam/pam_strerror.c:98
 msgid "Authentication token expired"
 msgstr "Срок действия маркера проверки подлинности истек"
 #: libpam/pam_strerror.c:100
 msgid "Conversation is waiting for event"
 msgstr "Процесс диалога ожидает событие"
 #: libpam/pam_strerror.c:102
 msgid "Application needs to call libpam again"
 msgstr "Приложение должно повторно вызвать libpam"
 #: libpam/pam_strerror.c:105
 msgid "Unknown PAM error"
 msgstr "Неизвестная ошибка PAM"
 #: modules/pam_cracklib/pam_cracklib.c:618
 msgid "is the same as the old one"
 msgstr "совпадает со старым"
 #: modules/pam_cracklib/pam_cracklib.c:624
 #: modules/pam_cracklib/pam_cracklib.c:628
 #: modules/pam_cracklib/pam_cracklib.c:638
 msgid "memory allocation error"
 msgstr "ошибка выделения памяти"
 #: modules/pam_cracklib/pam_cracklib.c:643
 msgid "is a palindrome"
 msgstr "является палиндромом"
 #: modules/pam_cracklib/pam_cracklib.c:646
 msgid "case changes only"
 msgstr "изменения только в регистре"
 #: modules/pam_cracklib/pam_cracklib.c:649
 msgid "is too similar to the old one"
 msgstr "слишком похож на старый"
 #: modules/pam_cracklib/pam_cracklib.c:652
 msgid "is too simple"
 msgstr "слишком простой"
 #: modules/pam_cracklib/pam_cracklib.c:655
 msgid "is rotated"
 msgstr "является результатом чередования"
 #: modules/pam_cracklib/pam_cracklib.c:658
 msgid "not enough character classes"
 msgstr "слишком мало символов различных типов"
 #: modules/pam_cracklib/pam_cracklib.c:661
 msgid "contains too many same characters consecutively"
 msgstr "содержит слишком длинную последовательность одинаковых символов"
 #: modules/pam_cracklib/pam_cracklib.c:664
 msgid "contains too long of a monotonic character sequence"
 msgstr "содержит слишком много повторяющихся символов"
 #: modules/pam_cracklib/pam_cracklib.c:667
 msgid "contains the user name in some form"
 msgstr "содержит имя пользователя"
 #: modules/pam_cracklib/pam_cracklib.c:701
 #: modules/pam_unix/pam_unix_passwd.c:568
 msgid "No password supplied"
 msgstr "Пароль не указан"
 #: modules/pam_cracklib/pam_cracklib.c:701
 #: modules/pam_unix/pam_unix_passwd.c:568
 msgid "Password unchanged"
 msgstr "Пароль не изменен"
 #: modules/pam_cracklib/pam_cracklib.c:721
 #: modules/pam_cracklib/pam_cracklib.c:803
 #, c-format
 msgid "BAD PASSWORD: %s"
 msgstr "НЕУДАЧНЫЙ ПАРОЛЬ: %s"
 #: modules/pam_exec/pam_exec.c:273
 #, c-format
 msgid "%s failed: exit code %d"
 msgstr "Сбой %s. Код выхода: %d"
 #: modules/pam_exec/pam_exec.c:282
 #, c-format
 msgid "%s failed: caught signal %d%s"
 msgstr "Сбой %s. Получен сигнал %d%s"
 #: modules/pam_exec/pam_exec.c:291
 #, c-format
 msgid "%s failed: unknown status 0x%x"
 msgstr "Сбой %s. Неизвестный статус 0x%x"
 #. TRANSLATORS: "strftime options for date of last login"
 #: modules/pam_lastlog/pam_lastlog.c:282 modules/pam_lastlog/pam_lastlog.c:496
 msgid " %a %b %e %H:%M:%S %Z %Y"
 msgstr " %a %b %e %H:%M:%S %Z %Y"
 #. TRANSLATORS: " from <host>"
 #: modules/pam_lastlog/pam_lastlog.c:291 modules/pam_lastlog/pam_lastlog.c:505
 #, c-format
 msgid " from %.*s"
 msgstr " с %.*s"
 #. TRANSLATORS: " on <terminal>"
 #: modules/pam_lastlog/pam_lastlog.c:303 modules/pam_lastlog/pam_lastlog.c:517
 #, c-format
 msgid " on %.*s"
 msgstr " на %.*s"
 #. TRANSLATORS: "Last login: <date> from <host> on <terminal>"
 #: modules/pam_lastlog/pam_lastlog.c:313
 #, c-format
 msgid "Last login:%s%s%s"
 msgstr "Последний вход в систему:%s%s%s"
 #: modules/pam_lastlog/pam_lastlog.c:319
 msgid "Welcome to your new account!"
 msgstr "Добро пожаловать в новую учетную запись!"
 #. TRANSLATORS: "Last failed login: <date> from <host> on <terminal>"
 #: modules/pam_lastlog/pam_lastlog.c:527
 #, c-format
 msgid "Last failed login:%s%s%s"
 msgstr "Последняя неудачная попытка входа в систему:%s%s%s"
 #: modules/pam_lastlog/pam_lastlog.c:536 modules/pam_lastlog/pam_lastlog.c:543
 #, c-format
 msgid "There was %d failed login attempt since the last successful login."
 msgid_plural ""
 "There were %d failed login attempts since the last successful login."
 msgstr[0] "Со времени последнего входа была %d неудачная попытка."
 msgstr[1] "Число неудачных попыток со времени последнего входа: %d."
 msgstr[2] "Число неудачных попыток со времени последнего входа: %d."
 #. TRANSLATORS: only used if dngettext is not supported
 #: modules/pam_lastlog/pam_lastlog.c:548
 #, c-format
 msgid "There were %d failed login attempts since the last successful login."
 msgstr "Число неудачных попыток со времени последнего входа: %d."
 #: modules/pam_limits/pam_limits.c:1091
 #, c-format
 msgid "Too many logins for '%s'."
 msgstr "Слишком много регистраций в системе для «%s»."
 #: modules/pam_mail/pam_mail.c:297
 msgid "No mail."
 msgstr "Почты нет."
 #: modules/pam_mail/pam_mail.c:300
 msgid "You have new mail."
 msgstr "Есть новая почта."
 #: modules/pam_mail/pam_mail.c:303
 msgid "You have old mail."
 msgstr "Есть старая почта."
 #: modules/pam_mail/pam_mail.c:307
 msgid "You have mail."
 msgstr "Есть почта."
 #: modules/pam_mail/pam_mail.c:314
 #, c-format
 msgid "You have no mail in folder %s."
 msgstr "Нет почты в папке %s."
 #: modules/pam_mail/pam_mail.c:318
 #, c-format
 msgid "You have new mail in folder %s."
 msgstr "Есть новая почта в папке %s."
 #: modules/pam_mail/pam_mail.c:322
 #, c-format
 msgid "You have old mail in folder %s."
 msgstr "Есть старая почта в папке %s."
 #: modules/pam_mail/pam_mail.c:327
 #, c-format
 msgid "You have mail in folder %s."
 msgstr "Есть почта в папке %s."
 #: modules/pam_mkhomedir/pam_mkhomedir.c:111
 #, c-format
 msgid "Creating directory '%s'."
 msgstr "Создание каталога %s."
 #: modules/pam_mkhomedir/pam_mkhomedir.c:176
 #, c-format
 msgid "Unable to create and initialize directory '%s'."
 msgstr "Не удалось создать и инициализировать каталог %s."
 #: modules/pam_pwhistory/pam_pwhistory.c:217
 #: modules/pam_unix/pam_unix_passwd.c:589
 msgid "Password has been already used. Choose another."
 msgstr "Этот пароль уже был использован. Выберите другой."
 #: modules/pam_pwhistory/pam_pwhistory.c:224
 msgid "Password has been already used."
 msgstr "Этот пароль уже использовался."
 #: modules/pam_selinux/pam_selinux.c:210
 #, c-format
 msgid "Default Security Context %s\n"
 msgstr "Контекст безопасности по умолчанию %s\n"
 #: modules/pam_selinux/pam_selinux.c:214
 msgid "Would you like to enter a different role or level?"
 msgstr "Хотите ввести другую роль или уровень?"
 #: modules/pam_selinux/pam_selinux.c:227
 msgid "role:"
 msgstr "роль:"
 #: modules/pam_selinux/pam_selinux.c:230
 #, c-format
 msgid "No default type for role %s\n"
 msgstr "Для роли %s нет типа по умолчанию\n"
 #: modules/pam_selinux/pam_selinux.c:262
 msgid "level:"
 msgstr "уровень:"
 #: modules/pam_selinux/pam_selinux.c:295
 msgid "Not a valid security context"
 msgstr "Неверный контекст безопасности"
 #: modules/pam_selinux/pam_selinux.c:544
 #, c-format
 msgid "Unable to get valid context for %s"
 msgstr "Не удалось получить корректный контекст для %s"
 #: modules/pam_selinux/pam_selinux.c:663
 #, c-format
 msgid "Security Context %s Assigned"
 msgstr "Контекст безопасности %s назначен"
 #: modules/pam_selinux/pam_selinux.c:679
 #, c-format
 msgid "Key Creation Context %s Assigned"
 msgstr "Контекст %s, используемый при создании ключей, назначен"
 #: modules/pam_selinux/pam_selinux_check.c:99
 #, c-format
 msgid "failed to initialize PAM\n"
 msgstr "не удалось инициировать PAM\n"
 #: modules/pam_selinux/pam_selinux_check.c:105
 #, c-format
 msgid "failed to pam_set_item()\n"
 msgstr "не удалось выполнить pam_set_item()\n"
 #: modules/pam_selinux/pam_selinux_check.c:133
 #, c-format
 msgid "login: failure forking: %m"
 msgstr "регистрация: сбой при создании нового процесса: %m"
 #: modules/pam_stress/pam_stress.c:470
 #, c-format
 msgid "Changing STRESS password for %s."
 msgstr "Смена пароля STRESS для %s."
 #: modules/pam_stress/pam_stress.c:484
 msgid "Enter new STRESS password: "
 msgstr "Введите новый пароль STRESS: "
 #: modules/pam_stress/pam_stress.c:487
 msgid "Retype new STRESS password: "
 msgstr "Повторите ввод нового пароля STRESS: "
 #: modules/pam_stress/pam_stress.c:516
 msgid "Verification mis-typed; password unchanged"
 msgstr "Подтверждение введено неправильно; пароль не изменен"
 #: modules/pam_tally/pam_tally.c:541 modules/pam_tally2/pam_tally2.c:597
 #, c-format
 msgid "Account temporary locked (%ld seconds left)"
 msgstr "Учетная запись временно заблокирована (осталось %ld сек.)"
 #: modules/pam_tally/pam_tally.c:566 modules/pam_tally2/pam_tally2.c:580
 #, c-format
 msgid "Account locked due to %u failed logins"
 msgstr ""
 "Учетная запись заблокирована как следствие неудачных попыток входа (всего --"
 " %u)."
 #: modules/pam_tally/pam_tally.c:750 modules/pam_tally2/pam_tally2.c:863
 msgid "Authentication error"
 msgstr "Ошибка при проверке подлинности"
 #: modules/pam_tally/pam_tally.c:751 modules/pam_tally2/pam_tally2.c:864
 msgid "Service error"
 msgstr "Ошибка службы"
 #: modules/pam_tally/pam_tally.c:752 modules/pam_tally2/pam_tally2.c:865
 msgid "Unknown user"
 msgstr "Неизвестный пользователь"
 #: modules/pam_tally/pam_tally.c:753 modules/pam_tally2/pam_tally2.c:866
 msgid "Unknown error"
 msgstr "Неизвестная ошибка"
 #: modules/pam_tally/pam_tally.c:769 modules/pam_tally2/pam_tally2.c:885
 #, c-format
 msgid "%s: Bad number given to --reset=\n"
 msgstr "%s: указано неверное число для --reset=\n"
 #: modules/pam_tally/pam_tally.c:773 modules/pam_tally2/pam_tally2.c:889
 #, c-format
 msgid "%s: Unrecognised option %s\n"
 msgstr "%s: неопознанный параметр %s\n"
 #: modules/pam_tally/pam_tally.c:785
 #, c-format
 msgid ""
 "%s: [--file rooted-filename] [--user username] [--reset[=n]] [--quiet]\n"
 msgstr ""
 "%s: [--file имя_корневого_файла] [--user имя_пользователя] [--reset[=n]] [--"
 "quiet]\n"
 #: modules/pam_tally/pam_tally.c:859 modules/pam_tally2/pam_tally2.c:1016
 #, c-format
 msgid "%s: Can't reset all users to non-zero\n"
 msgstr ""
 "%s: не удается выполнить сброс всех пользователей в ненулевое значение\n"
 #: modules/pam_tally2/pam_tally2.c:917
 #, c-format
 msgid "Login           Failures Latest failure     From\n"
 msgstr "Учетная запись           Сбой Последний сбой     С\n"
 #: modules/pam_tally2/pam_tally2.c:933
 #, c-format
 msgid ""
 "%s: [-f rooted-filename] [--file rooted-filename]\n"
 "   [-u username] [--user username]\n"
 "   [-r] [--reset[=n]] [--quiet]\n"
 msgstr ""
 "%s: [-f имя_корневого_файла] [--file имя_корневого_файла]\n"
 "   [-u имя_пользователя] [--user имя_пользователя]\n"
 "   [-r] [--reset[=n]] [--quiet]\n"
 #: modules/pam_timestamp/pam_timestamp.c:357
 #, c-format
 msgid "Access granted (last access was %ld seconds ago)."
 msgstr "Доступ предоставлен (последнее обращение было %ld сек. назад)."
 #: modules/pam_unix/pam_unix_acct.c:253 modules/pam_unix/pam_unix_acct.c:275
 msgid "Your account has expired; please contact your system administrator"
 msgstr ""
 "Срок действия учетной записи истек; обратитесь к системному администратору"
 #: modules/pam_unix/pam_unix_acct.c:261
 #, fuzzy
 msgid ""
 "You are required to change your password immediately (administrator "
 "enforced)"
 msgstr ""
 "Вам необходимо немедленно сменить пароль (по требованию администратора)"
 #: modules/pam_unix/pam_unix_acct.c:267
 #, fuzzy
 msgid ""
 "You are required to change your password immediately (password expired)"
 msgstr "Вам необходимо немедленно сменить пароль (срок действия пароля истек)"
 #: modules/pam_unix/pam_unix_acct.c:288 modules/pam_unix/pam_unix_acct.c:295
 #, c-format
 msgid "Warning: your password will expire in %d day"
 msgid_plural "Warning: your password will expire in %d days"
 msgstr[0] "Предупреждение: срок действия пароля истекает через %d день"
 msgstr[1] "Предупреждение: срок действия пароля истекает через %d дня"
 msgstr[2] "Предупреждение: срок действия пароля истекает через %d дней"
 #. TRANSLATORS: only used if dngettext is not supported
 #: modules/pam_unix/pam_unix_acct.c:300
 #, c-format
 msgid "Warning: your password will expire in %d days"
 msgstr "Предупреждение: срок действия пароля истекает через %d дн(я)(ей)"
 #: modules/pam_unix/pam_unix_passwd.c:470
 msgid "NIS password could not be changed."
 msgstr "Пароль NIS изменить нельзя."
 #: modules/pam_unix/pam_unix_passwd.c:585
 msgid "You must choose a longer password"
 msgstr "Выберите пароль большей длины"
 #: modules/pam_unix/pam_unix_passwd.c:692
 #, c-format
 msgid "Changing password for %s."
 msgstr "Смена пароля для %s."
 #: modules/pam_unix/pam_unix_passwd.c:722
 msgid "You must wait longer to change your password"
 msgstr "До смены пароля должно пройти больше времени"
--- a/pam.spec
+++ b/pam.spec
@ -10,20 +10,20 @@
 %bcond_without selinux
-%define pam_redhat_version 0.99.11
+%define pam_redhat_version 1.1.1
 Summary:	A security tool which provides authentication for applications
 Name:		pam
-Version:	1.3.0
+Version:	1.3.1
-Release:	10
+Release:	1
 Epoch:		1
 # The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
 # as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,
 License:	BSD and GPLv2+
 Group:		System/Libraries
 Url:		http://www.kernel.org/pub/linux/libs/pam/index.html
-Source0:	ftp://ftp.kernel.org/pub/linux/libs/pam/library/Linux-PAM-%{version}.tar.bz2
+Source0:	https://github.com/linux-pam/linux-pam/releases/download/v%{version}/Linux-PAM-%{version}.tar.xz
-Source2:	pam-redhat-%{pam_redhat_version}.tar.bz2
+Source2:	https://releases.pagure.org/pam-redhat/pam-redhat-%{pam_redhat_version}.tar.bz2
 Source5:	other.pamd
 Source6:	system-auth.pamd
 Source7:	config-util.pamd
@ -39,43 +39,69 @@ Source16:	smartcard-auth.pamd
 #add missing documentation
 Source501:	pam_tty_audit.8
 Source502:	README
 Source503:	pam-%{version}_ru.po
 # RedHat patches
-Patch1:		pam-1.2.0-redhat-modules.patch
+Patch1:		https://src.fedoraproject.org/rpms/pam/raw/master/f/pam-1.3.1-redhat-modules.patch
-Patch2:		pam-1.2.0-fix-running-in-containers.patch
+Patch9:		https://src.fedoraproject.org/rpms/pam/raw/master/f/pam-1.3.1-noflex.patch
-Patch3:		pam-1.2.0-unix-no-fallback.patch
+Patch10:	https://src.fedoraproject.org/rpms/pam/raw/master/f/pam-1.1.3-nouserenv.patch
-Patch4:		pam-1.1.0-console-nochmod.patch
+Patch13:	https://src.fedoraproject.org/rpms/pam/raw/master/f/pam-1.1.6-limits-user.patch
-Patch5:		pam-1.1.0-notally.patch
+Patch15:	https://src.fedoraproject.org/rpms/pam/raw/master/f/pam-1.1.8-full-relro.patch
 Patch9:		pam-1.1.6-noflex.patch
 Patch10:	pam-1.1.3-nouserenv.patch
 Patch13:	pam-1.1.5-limits-user.patch
 Patch14:	pam-1.2.1-faillock.patch
 Patch22:	pam-1.1.7-unix-build.patch
 Patch43:	pam-1.3.0-pwhistory-helper.patch
-# ROSA specific sources/patches
+# Upstreamed partially
 Patch29:	https://src.fedoraproject.org/rpms/pam/raw/master/f/pam-1.3.0-pwhistory-helper.patch
 Patch31:	https://src.fedoraproject.org/rpms/pam/raw/master/f/pam-1.1.8-audit-user-mgmt.patch
 Patch33:	https://src.fedoraproject.org/rpms/pam/raw/master/f/pam-1.3.0-unix-nomsg.patch
 Patch34:	https://src.fedoraproject.org/rpms/pam/raw/master/f/pam-1.3.1-coverity.patch
 # https://github.com/linux-pam/linux-pam/commit/a2b72aeb86f297d349bc9e6a8f059fedf97a499a
 Patch36:	https://src.fedoraproject.org/rpms/pam/raw/master/f/pam-1.3.1-unix-remove-obsolete-_unix_read_password-prototype.patch
 # https://github.com/linux-pam/linux-pam/commit/f7abb8c1ef3aa31e6c2564a8aaf69683a77c2016.patch
 Patch37:	https://src.fedoraproject.org/rpms/pam/raw/master/f/pam-1.3.1-unix-bcrypt_b.patch
 # https://github.com/linux-pam/linux-pam/commit/dce80b3f11b3c3aa137d18f22699809094dd64b6
 Patch38:	https://src.fedoraproject.org/rpms/pam/raw/master/f/pam-1.3.1-unix-gensalt-autoentropy.patch
 # https://github.com/linux-pam/linux-pam/commit/4da9febc39b955892a30686e8396785b96bb8ba5
 Patch39:	https://src.fedoraproject.org/rpms/pam/raw/master/f/pam-1.3.1-unix-crypt_checksalt.patch
 # https://github.com/linux-pam/linux-pam/commit/16bd523f85ede9fa9115f80e826f2d803d7e61d4
 Patch40:	https://src.fedoraproject.org/rpms/pam/raw/master/f/pam-1.3.1-unix-yescrypt.patch
 # To be upstreamed soon.
 Patch41:	https://src.fedoraproject.org/rpms/pam/raw/master/f/pam-1.3.1-unix-no-fallback.patch
 # https://github.com/linux-pam/linux-pam/commit/f9c9c72121eada731e010ab3620762bcf63db08f
 # https://github.com/linux-pam/linux-pam/commit/8eaf5570cf011148a0b55c53570df5edaafebdb0
 Patch42:	https://src.fedoraproject.org/rpms/pam/raw/master/f/pam-1.3.1-motd-multiple-paths.patch
 # https://github.com/linux-pam/linux-pam/commit/86eed7ca01864b9fd17099e57f10f2b9b6b568a1
 Patch43:	https://src.fedoraproject.org/rpms/pam/raw/master/f/pam-1.3.1-unix-checksalt_syslog.patch
 # https://github.com/linux-pam/linux-pam/commit/d8d11db2cef65da5d2afa7acf21aa9c8cd88abed
 Patch44:	https://src.fedoraproject.org/rpms/pam/raw/master/f/pam-1.3.1-unix-fix_checksalt_syslog.patch
 Patch45:	https://src.fedoraproject.org/rpms/pam/raw/master/f/pam-1.3.1-namespace-mntopts.patch
 Patch46:	https://src.fedoraproject.org/rpms/pam/raw/master/f/pam-1.3.1-lastlog-no-showfailed.patch
 Patch47:	https://src.fedoraproject.org/rpms/pam/raw/master/f/pam-1.3.1-lastlog-unlimited-fsize.patch
 Patch48:	https://src.fedoraproject.org/rpms/pam/raw/master/f/pam-1.3.1-unix-improve-logging.patch
 Patch49:	https://src.fedoraproject.org/rpms/pam/raw/master/f/pam-1.3.1-tty-audit-manfix.patch
 Patch50:	https://src.fedoraproject.org/rpms/pam/raw/master/f/pam-1.3.1-fds-closing.patch
 Patch51:	https://src.fedoraproject.org/rpms/pam/raw/master/f/pam-1.3.1-authtok-verify-fix.patch
 # OpenMandriva specific sources/patches
 # (bero) fix running in docker and systemd-nspawn
 Patch500:	pam-1.2.0-fix-running-in-containers.patch
 # (fl) fix infinite loop
 Patch507:	pam-0.74-loop.patch
 # (fc) 0.75-29mdk don't complain when / is owned by root.adm
 Patch508:	Linux-PAM-0.99.3.0-pamtimestampadm.patch
-# (tv/blino) add defaults for nice/rtprio in /etc/security/limits.conf
+Patch509:	Linux-PAM-0.99.3.0-pbuild-rh.patch
-Patch517:	Linux-PAM-0.99.3.0-enable_rt.patch
+# (fl) pam_xauth: set extra groups because in high security levels
 #      access to /usr/X11R6/bin dir is controlled by a group
 Patch512:	Linux-PAM-1.1.1-xauth-groups.patch
 Patch700:	pam_fix_static_pam_console.patch
 # (fc) do not output error when no file is in /etc/security/console.perms.d/
 Patch701:	pam-1.1.0-console-nopermsd.patch
 # (proyvind): add missing constant that went with rpc removal from glibc 2.14
 Patch702:	Linux-PAM-1.1.4-add-now-missing-nis-constant.patch
-Patch703:	Linux-PAM-0.99.11-pbuild-rh.patch
+# (proyvind): move from /var/run/console to /run/console
-
+Patch703:	Linux-PAM-1.1.8-move-from-varrun-to-run.patch
-# (akdengi) add user to default group users which need for Samba
+# (akdengi> add user to default group users which need for Samba
 Patch801:	Linux-PAM-1.1.4-group_add_users.patch
 # use html2text instead of w3m
 Patch802:	pam-1.3.0-browser.patch
 # (din) use html2text instead of w3m
 Patch805:	pam-1.3.0-browser.patch
 %if %{with selinux}
 BuildRequires:	selinux-devel >= 2.1.6-7
 %endif
@ -127,7 +153,6 @@ having to recompile programs that handle authentication.
 %config %{_sysconfdir}/pam.d/password-auth
 %config %{_sysconfdir}/pam.d/smartcard-auth
 /sbin/pam_console_apply
 /sbin/pam_tally2
 /sbin/faillock
 %attr(4755,root,root) /sbin/pam_timestamp_check
 %attr(0755,root,root) /sbin/pwhistory_helper
@ -138,6 +163,7 @@ having to recompile programs that handle authentication.
 %config(noreplace) %{_sysconfdir}/security/chroot.conf
 %config(noreplace) %{_sysconfdir}/security/console.perms
 %config(noreplace) %{_sysconfdir}/security/console.handlers
 %config(noreplace) %{_sysconfdir}/security/faillock.conf
 %config(noreplace) %{_sysconfdir}/security/group.conf
 %config(noreplace) %{_sysconfdir}/security/limits.conf
 %config(noreplace) %{_sysconfdir}/security/namespace.conf
@ -257,7 +283,7 @@ This package contains the development libraries for %{name}.
 # Add custom modules.
 mv pam-redhat-%{pam_redhat_version}/* modules
-%apply_patches
+%autopatch -p1
 install -m644 %{SOURCE501} %{SOURCE502} modules/pam_tty_audit/
@ -265,7 +291,11 @@ install -m644 %{SOURCE501} %{SOURCE502} modules/pam_tty_audit/
 # Replace original po/ru.po with our fork.
 # Ported to upstream git master:
 # https://github.com/linux-pam/linux-pam/pull/152
-cp %{SOURCE503} po/ru.po
+rm -rf doc/txts/README.pam_tally*
 rm -rf doc/sag/html/*pam_tally*
 touch ChangeLog # to make autoreconf happy
 autoreconf -fi -I m4
 %build
 autoreconf -fi
@ -288,7 +318,8 @@ autoreconf -fi
 	--disable-selinux \
 %endif
 	--enable-audit
-%make
+
 %make_build
 %install
 mkdir -p doc/txts
--- a/postlogin.pamd
+++ b/postlogin.pamd
@ -1,7 +1,5 @@
 #%PAM-1.0
-# This file is auto-generated.
+session     optional      pam_umask.so silent
-# User changes will be destroyed the next time authconfig is run.
+session     [success=1 default=ignore] pam_succeed_if.so service !~ gdm* service !~ su* quiet
-
+session     [default=1]   pam_lastlog.so nowtmp showfailed
 session     [success=1 default=ignore] pam_succeed_if.so service !~ gdm* quiet
 session     [default=1]   pam_lastlog.so nowtmp silent
 session     optional      pam_lastlog.so silent noupdate showfailed
--- a/smartcard-auth.pamd
+++ b/smartcard-auth.pamd
@ -1,6 +1,4 @@
 #%PAM-1.0
 # This file is auto-generated.
 # User changes will be destroyed the next time authconfig is run.
 auth        required      pam_env.so
 auth        [success=done ignore=ignore default=die] pam_pkcs11.so wait_for_card
 auth        required      pam_deny.so
--- a/system-auth.pamd
+++ b/system-auth.pamd
@ -1,18 +1,19 @@
 #%PAM-1.0
 # This file is auto-generated.
 # User changes will be destroyed the next time authconfig is run.
 auth        required      pam_env.so
-auth        sufficient    pam_unix.so try_first_pass nullok
+auth        sufficient    pam_unix.so try_first_pass likeauth nullok
 auth        required      pam_deny.so
 account     required      pam_unix.so
-password    requisite     pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
+# Make sure you use use_authtok below if and only if you
-password    sufficient    pam_unix.so try_first_pass use_authtok nullok sha512 shadow
+# want to stack a password checking tool like pam_pwquality
 password    sufficient    pam_unix.so try_first_pass nullok sha512 shadow
 password    required      pam_deny.so
 session     optional      pam_keyinit.so revoke
 session     required      pam_limits.so
-session     optional      pam_systemd.so
+session     optional      pam_env.so
 session     optional      pam_umask.so
 session     optional      pam_systemd.so
 session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
 session     required      pam_unix.so