summaryrefslogtreecommitdiff
path: root/source
diff options
context:
space:
mode:
authorPatrick J Volkerding <volkerdi@slackware.com>2020-05-18 19:17:21 +0000
committerEric Hameleers <alien@slackware.com>2020-05-18 23:25:14 +0200
commitffef56590d68c334819ecf26118a257bdafccf6b (patch)
tree6681fac1801c4a0569147ba9a731f323b38dff15 /source
parenteba2e5b781702a60ac9f9613c9b8456c1594215c (diff)
downloadcurrent-ffef56590d68c334819ecf26118a257bdafccf6b.tar.gz
Mon May 18 19:17:21 UTC 202020200518191721
Greetings! After three months in /testing, the PAM merge into the main tree is now complete. When updating, be sure to install the new pam, cracklib, and libpwquality packages or you may find yourself locked out of your machine. Otherwise, these changes should be completely transparent and you shouldn't notice any obvious operational differences. Be careful if you make any changes in /etc/pam.d/ - leaving an extra console logged in while testing PAM config changes is a recommended standard procedure. Thanks again to Robby Workman, Vincent Batts, Phantom X, and ivandi for help implementing this. It's not done yet and there will be more fine-tuning of the config files, but now we can move on to build some other updates. Enjoy! a/cracklib-2.9.7-x86_64-1.txz: Added. a/kernel-firmware-20200517_f8d32e4-noarch-1.txz: Upgraded. a/libcgroup-0.41-x86_64-7.txz: Rebuilt. Rebuilt to add PAM support. a/libpwquality-1.4.2-x86_64-1.txz: Added. a/lilo-24.2-x86_64-9.txz: Rebuilt. Enable the "compact" option by default. liloconfig: correctly set the root partition. a/pam-1.3.1-x86_64-1.txz: Added. a/shadow-4.8.1-x86_64-7.txz: Rebuilt. Rebuilt to add PAM support. a/utempter-1.2.0-x86_64-1.txz: Upgraded. a/util-linux-2.35.1-x86_64-6.txz: Rebuilt. Rebuilt to add PAM support. a/xfsprogs-5.6.0-x86_64-2.txz: Rebuilt. Recompiled against icu4c-67.1. ap/at-3.2.1-x86_64-2.txz: Rebuilt. Rebuilt to add PAM support. ap/cups-2.3.3-x86_64-2.txz: Rebuilt. Rebuilt to add PAM support. ap/hplip-3.20.5-x86_64-2.txz: Rebuilt. Rebuilt to add PAM support. ap/mariadb-10.4.13-x86_64-2.txz: Rebuilt. Rebuilt to add PAM support. ap/screen-4.8.0-x86_64-2.txz: Rebuilt. Rebuilt to add PAM support. ap/soma-3.3.0-noarch-1.txz: Upgraded. Thanks to David Woodfall. ap/sqlite-3.31.1-x86_64-2.txz: Rebuilt. Recompiled against icu4c-67.1. ap/sudo-1.9.0-x86_64-2.txz: Rebuilt. Rebuilt to add PAM support. ap/vim-8.2.0788-x86_64-1.txz: Upgraded. d/bison-3.6.2-x86_64-1.txz: Upgraded. d/meson-0.54.2-x86_64-1.txz: Upgraded. d/python-setuptools-46.4.0-x86_64-1.txz: Upgraded. d/vala-0.48.6-x86_64-1.txz: Upgraded. kde/calligra-2.9.11-x86_64-36.txz: Rebuilt. Recompiled against icu4c-67.1. kde/kde-workspace-4.11.22-x86_64-7.txz: Rebuilt. Rebuilt to add PAM support. l/ConsoleKit2-1.2.1-x86_64-4.txz: Rebuilt. Rebuilt to add PAM support. l/boost-1.73.0-x86_64-2.txz: Rebuilt. Recompiled against icu4c-67.1. l/gnome-keyring-3.36.0-x86_64-2.txz: Rebuilt. Rebuilt to add PAM support. l/harfbuzz-2.6.6-x86_64-2.txz: Rebuilt. Recompiled against icu4c-67.1. l/icu4c-67.1-x86_64-1.txz: Upgraded. Shared library .so-version bump. l/imagemagick-7.0.10_13-x86_64-1.txz: Upgraded. l/libcap-2.34-x86_64-2.txz: Rebuilt. Rebuilt to add PAM support. l/libical-3.0.8-x86_64-2.txz: Rebuilt. Recompiled against icu4c-67.1. l/libuv-1.38.0-x86_64-1.txz: Upgraded. l/libvisio-0.1.7-x86_64-3.txz: Rebuilt. Recompiled against icu4c-67.1. l/polkit-0.116-x86_64-3.txz: Rebuilt. Rebuilt to add PAM support. l/qt-4.8.7-x86_64-16.txz: Rebuilt. Recompiled against icu4c-67.1. l/qt5-5.13.2-x86_64-4.txz: Rebuilt. Recompiled against icu4c-67.1. l/qt5-webkit-5.212.0_alpha4-x86_64-2.txz: Rebuilt. Recompiled against icu4c-67.1. l/raptor2-2.0.15-x86_64-9.txz: Rebuilt. Recompiled against icu4c-67.1. l/system-config-printer-1.5.12-x86_64-4.txz: Rebuilt. Rebuilt to add PAM support. l/vte-0.60.2-x86_64-2.txz: Rebuilt. Recompiled against icu4c-67.1. n/cifs-utils-6.10-x86_64-4.txz: Rebuilt. Rebuilt to add PAM support. n/cyrus-sasl-2.1.27-x86_64-4.txz: Rebuilt. Rebuilt to add PAM support. n/dovecot-2.3.10.1-x86_64-1.txz: Upgraded. Rebuilt to add PAM support. Compiled against icu4c-67.1. This update fixes several denial-of-service vulnerabilities. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10957 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10958 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10967 (* Security fix *) n/mutt-1.14.1-x86_64-1.txz: Upgraded. n/netatalk-3.1.12-x86_64-3.txz: Rebuilt. Rebuilt to add PAM support. n/netkit-rsh-0.17-x86_64-3.txz: Rebuilt. Rebuilt to add PAM support. n/nss-pam-ldapd-0.9.11-x86_64-1.txz: Added. n/openssh-8.2p1-x86_64-3.txz: Rebuilt. Rebuilt to add PAM support. n/openvpn-2.4.9-x86_64-2.txz: Rebuilt. Rebuilt to add PAM support. n/pam-krb5-4.9-x86_64-1.txz: Added. n/php-7.4.6-x86_64-2.txz: Rebuilt. Recompiled against icu4c-67.1. n/popa3d-1.0.3-x86_64-4.txz: Rebuilt. Rebuilt to add PAM support. n/postfix-3.5.2-x86_64-1.txz: Upgraded. Compiled against icu4c-67.1. n/ppp-2.4.8-x86_64-2.txz: Rebuilt. Rebuilt to add PAM support. n/proftpd-1.3.6c-x86_64-2.txz: Rebuilt. Rebuilt to add PAM support. n/samba-4.12.2-x86_64-2.txz: Rebuilt. Rebuilt to add PAM support. Recompiled against icu4c-67.1. n/tin-2.4.4-x86_64-2.txz: Rebuilt. Recompiled against icu4c-67.1. n/vsftpd-3.0.3-x86_64-6.txz: Rebuilt. Rebuilt to add PAM support. t/texlive-2019.190626-x86_64-4.txz: Rebuilt. Recompiled against icu4c-67.1. x/vulkan-sdk-1.2.135.0-x86_64-1.txz: Upgraded. x/xdm-1.1.11-x86_64-10.txz: Rebuilt. Rebuilt to add PAM support. x/xisxwayland-1-x86_64-1.txz: Added. xap/sane-1.0.30-x86_64-1.txz: Upgraded. This update fixes several security issues. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12867 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12862 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12863 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12865 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12866 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12861 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12864 (* Security fix *) xap/vim-gvim-8.2.0788-x86_64-1.txz: Upgraded. xap/xlockmore-5.63-x86_64-2.txz: Rebuilt. Rebuilt to add PAM support. xap/xscreensaver-5.44-x86_64-2.txz: Rebuilt. Rebuilt to add PAM support. extra/brltty/brltty-6.1-x86_64-2.txz: Rebuilt. Recompiled against icu4c-67.1. extra/pure-alsa-system/qt5-5.13.2-x86_64-4_alsa.txz: Rebuilt. Recompiled against icu4c-67.1. isolinux/initrd.img: Rebuilt. Added PAM libraries, security modules, and config files. usb-and-pxe-installers/usbboot.img: Rebuilt. Added PAM libraries, security modules, and config files.
Diffstat (limited to 'source')
-rwxr-xr-xsource/a/cracklib/cracklib.SlackBuild149
-rw-r--r--source/a/cracklib/cracklib.url1
-rw-r--r--source/a/cracklib/slack-desc19
-rwxr-xr-xsource/a/libcgroup/libcgroup.SlackBuild2
-rw-r--r--source/a/libpwquality/doinst.sh14
-rwxr-xr-xsource/a/libpwquality/libpwquality.SlackBuild146
-rw-r--r--source/a/libpwquality/libpwquality.url1
-rw-r--r--source/a/libpwquality/slack-desc19
-rwxr-xr-xsource/a/lilo/lilo.SlackBuild2
-rw-r--r--source/a/lilo/liloconfig92
-rw-r--r--source/a/pam/doinst.sh14
-rw-r--r--source/a/pam/fedora-patches/pam-1.1.3-nouserenv.patch27
-rw-r--r--source/a/pam/fedora-patches/pam-1.1.6-limits-user.patch20
-rw-r--r--source/a/pam/fedora-patches/pam-1.1.8-audit-user-mgmt.patch31
-rw-r--r--source/a/pam/fedora-patches/pam-1.1.8-full-relro.patch67
-rw-r--r--source/a/pam/fedora-patches/pam-1.3.0-pwhistory-helper.patch806
-rw-r--r--source/a/pam/fedora-patches/pam-1.3.0-unix-nomsg.patch16
-rw-r--r--source/a/pam/fedora-patches/pam-1.3.1-coverity.patch185
-rw-r--r--source/a/pam/fedora-patches/pam-1.3.1-motd-multiple-paths.patch755
-rw-r--r--source/a/pam/fedora-patches/pam-1.3.1-noflex.patch24
-rw-r--r--source/a/pam/fedora-patches/pam-1.3.1-redhat-modules.patch78
-rw-r--r--source/a/pam/fedora-patches/pam-1.3.1-unix-bcrypt_b.patch34
-rw-r--r--source/a/pam/fedora-patches/pam-1.3.1-unix-checksalt_syslog.patch73
-rw-r--r--source/a/pam/fedora-patches/pam-1.3.1-unix-crypt_checksalt.patch40
-rw-r--r--source/a/pam/fedora-patches/pam-1.3.1-unix-fix_checksalt_syslog.patch104
-rw-r--r--source/a/pam/fedora-patches/pam-1.3.1-unix-gensalt-autoentropy.patch95
-rw-r--r--source/a/pam/fedora-patches/pam-1.3.1-unix-no-fallback.patch105
-rw-r--r--source/a/pam/fedora-patches/pam-1.3.1-unix-remove-obsolete-_unix_read_password-prototype.patch34
-rw-r--r--source/a/pam/fedora-patches/pam-1.3.1-unix-yescrypt.patch479
-rwxr-xr-xsource/a/pam/pam.SlackBuild230
-rw-r--r--source/a/pam/pam.url2
-rw-r--r--source/a/pam/patches/pam.etc.environment.better.comments.diff15
-rw-r--r--source/a/pam/patches/pam.pam_tally2.no.fsync.patch35
-rw-r--r--source/a/pam/patches/pam.pam_tally2.slackware.diff11
-rw-r--r--source/a/pam/slack-desc19
-rwxr-xr-xsource/a/shadow/shadow.SlackBuild2
-rw-r--r--source/a/utempter/slack-desc2
-rwxr-xr-xsource/a/utempter/utempter.SlackBuild6
-rw-r--r--source/a/utempter/utempter.url2
-rwxr-xr-xsource/a/util-linux/util-linux.SlackBuild2
-rwxr-xr-xsource/a/xfsprogs/xfsprogs.SlackBuild2
-rwxr-xr-xsource/ap/at/at.SlackBuild2
-rwxr-xr-xsource/ap/cups/cups.SlackBuild2
-rwxr-xr-xsource/ap/hplip/hplip.SlackBuild2
-rwxr-xr-xsource/ap/mariadb/mariadb.SlackBuild2
-rwxr-xr-xsource/ap/screen/screen.SlackBuild2
-rw-r--r--source/ap/soma/ChangeLog.txt203
-rw-r--r--source/ap/soma/README5
-rw-r--r--source/ap/soma/slack-desc.diff22
-rwxr-xr-xsource/ap/soma/soma.SlackBuild2
-rw-r--r--source/ap/soma/soma.info8
-rwxr-xr-xsource/ap/sqlite/sqlite.SlackBuild2
-rwxr-xr-xsource/ap/sudo/sudo.SlackBuild2
-rw-r--r--source/installer/ChangeLog.txt3
-rwxr-xr-xsource/installer/build_installer.sh15
-rw-r--r--source/kde/build/calligra2
-rw-r--r--source/kde/build/kde-workspace2
-rwxr-xr-xsource/l/ConsoleKit2/ConsoleKit2.SlackBuild2
-rwxr-xr-xsource/l/boost/boost.SlackBuild2
-rwxr-xr-xsource/l/gnome-keyring/gnome-keyring.SlackBuild2
-rwxr-xr-xsource/l/harfbuzz/harfbuzz.SlackBuild2
-rw-r--r--source/l/icu4c/icu4c.url2
-rwxr-xr-xsource/l/libcap/libcap.SlackBuild2
-rwxr-xr-xsource/l/libical/libical.SlackBuild2
-rwxr-xr-xsource/l/libvisio/libvisio.SlackBuild2
-rwxr-xr-xsource/l/polkit/polkit.SlackBuild2
-rwxr-xr-xsource/l/qt/qt-nowebkit.SlackBuild2
-rwxr-xr-xsource/l/qt5-webkit/qt5-webkit.SlackBuild2
-rwxr-xr-xsource/l/qt5/qt5.SlackBuild2
-rwxr-xr-xsource/l/raptor2/raptor2.SlackBuild2
-rwxr-xr-xsource/l/system-config-printer/system-config-printer.SlackBuild2
-rwxr-xr-xsource/l/vte/vte.SlackBuild2
-rwxr-xr-xsource/n/cifs-utils/cifs-utils.SlackBuild2
-rwxr-xr-xsource/n/cyrus-sasl/cyrus-sasl.SlackBuild2
-rwxr-xr-xsource/n/dovecot/dovecot.SlackBuild2
-rwxr-xr-xsource/n/netatalk/netatalk.SlackBuild2
-rwxr-xr-xsource/n/netkit-rsh/netkit-rsh.SlackBuild2
-rw-r--r--source/n/nss-pam-ldapd/1025d5de336d8c9585b79df3154b5649da344281.patch42
-rw-r--r--source/n/nss-pam-ldapd/548efe5333b56a0a042843a044e0348317f80065.patch37
-rw-r--r--source/n/nss-pam-ldapd/b33551895b3c02dc7082363c6aae13f8e336f4e5.patch26
-rw-r--r--source/n/nss-pam-ldapd/doinst.sh26
-rw-r--r--source/n/nss-pam-ldapd/fea0f5ed287b04406afca0835b1a333bd1fe617b.patch49
-rwxr-xr-xsource/n/nss-pam-ldapd/nss-pam-ldapd.SlackBuild152
-rw-r--r--source/n/nss-pam-ldapd/nss-pam-ldapd.url1
-rw-r--r--source/n/nss-pam-ldapd/rc.nss-pam-ldapd37
-rw-r--r--source/n/nss-pam-ldapd/slack-desc19
-rwxr-xr-xsource/n/openssh/openssh.SlackBuild2
-rwxr-xr-xsource/n/openvpn/openvpn.SlackBuild2
-rwxr-xr-xsource/n/pam-krb5/pam-krb5.SlackBuild125
-rw-r--r--source/n/pam-krb5/pam-krb5.url1
-rw-r--r--source/n/pam-krb5/slack-desc19
-rw-r--r--source/n/pam-krb5/system-auth.krb512
-rwxr-xr-xsource/n/php/php.SlackBuild2
-rwxr-xr-xsource/n/popa3d/popa3d.SlackBuild2
-rwxr-xr-xsource/n/ppp/ppp.SlackBuild2
-rwxr-xr-xsource/n/proftpd/proftpd.SlackBuild2
-rwxr-xr-xsource/n/samba/samba.SlackBuild2
-rwxr-xr-xsource/n/tin/tin.SlackBuild2
-rwxr-xr-xsource/n/vsftpd/vsftpd.SlackBuild2
-rwxr-xr-xsource/t/texlive/texlive.SlackBuild2
-rwxr-xr-xsource/x/vulkan-sdk/fetch-sources.sh4
-rw-r--r--source/x/x11/build/xdm2
-rw-r--r--source/x/x11/build/xisxwayland1
-rw-r--r--source/x/x11/configure/xisxwayland17
-rw-r--r--source/x/x11/make/xisxwayland6
-rw-r--r--source/x/x11/modularize1
-rw-r--r--source/x/x11/slack-desc/xisxwayland19
-rwxr-xr-xsource/xap/sane/sane.SlackBuild18
-rw-r--r--source/xap/sane/sane.url1
-rw-r--r--source/xap/sane/slack-desc2
-rwxr-xr-xsource/xap/xlockmore/xlockmore.SlackBuild2
-rwxr-xr-xsource/xap/xscreensaver/xscreensaver.SlackBuild2
112 files changed, 4380 insertions, 337 deletions
diff --git a/source/a/cracklib/cracklib.SlackBuild b/source/a/cracklib/cracklib.SlackBuild
new file mode 100755
index 00000000..e58c28d7
--- /dev/null
+++ b/source/a/cracklib/cracklib.SlackBuild
@@ -0,0 +1,149 @@
+#!/bin/sh
+
+# Copyright 2010,2011 Vincent Batts, Vienna, VA, USA
+# Copyright 2010, 2018 Patrick J. Volkerding, Sebeka, Minnesota, USA
+# All rights reserved.
+#
+# Redistribution and use of this script, with or without modification, is
+# permitted provided that the following conditions are met:
+#
+# 1. Redistributions of this script must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+cd $(dirname $0) ; CWD=$(pwd)
+
+PKGNAM=cracklib
+VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
+BUILD=${BUILD:-1}
+
+# Automatically determine the architecture we're building on:
+if [ -z "$ARCH" ]; then
+ case "$( uname -m )" in
+ i?86) export ARCH=i586 ;;
+ arm*) export ARCH=arm ;;
+ # Unless $ARCH is already set, use uname -m for all other archs:
+ *) export ARCH=$( uname -m ) ;;
+ esac
+fi
+
+# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
+# the name of the created package would be, and then exit. This information
+# could be useful to other scripts.
+if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
+ echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz"
+ exit 0
+fi
+
+NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
+
+TMP=${TMP:-/tmp}
+PKG=$TMP/package-$PKGNAM
+
+if [ "$ARCH" = "i586" ]; then
+ SLKCFLAGS="-O2 -march=i586 -mtune=i686"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "s390" ]; then
+ SLKCFLAGS="-O2"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "x86_64" ]; then
+ SLKCFLAGS="-O2 -fPIC"
+ LIBDIRSUFFIX="64"
+else
+ SLKCFLAGS="-O2"
+ LIBDIRSUFFIX=""
+fi
+
+rm -rf $PKG
+mkdir -p $TMP $PKG
+cd $TMP
+rm -rf $PKGNAM-$VERSION
+tar xvf $CWD/$PKGNAM-$VERSION.tar.?z || exit 1
+cd $PKGNAM-$VERSION || exit 1
+chown -R root:root .
+find . \
+ \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
+ -exec chmod 755 {} \+ -o \
+ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
+ -exec chmod 644 {} \+
+
+CFLAGS="$SLKCFLAGS" \
+CXXFLAGS="$SLKCFLAGS" \
+./configure \
+ --prefix=/usr \
+ --sbindir=/sbin \
+ --libdir=/usr/lib${LIBDIRSUFFIX} \
+ --sysconfdir=/etc \
+ --localstatedir=/var \
+ --mandir=/usr/man \
+ --docdir=/usr/doc/$PKGNAM-$VERSION \
+ --disable-static \
+ --without-python \
+ --build=$ARCH-slackware-linux || exit 1
+
+make $NUMJOBS || exit 1
+make install DESTDIR=$PKG || exit 1
+
+# Don't ship .la files:
+rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la
+
+mkdir -p $PKG/usr/share/cracklib
+
+# Fix perms on these first:
+chmod 755 ./util/create-cracklib-dict
+chmod 755 ./util/cracklib-format
+
+# If there's a large word list in the source directory, uncompress it to "cracklib-words":
+if [ -r $CWD/cracklib-words-*.xz ]; then
+ xz -dc $CWD/cracklib-words-*.xz > cracklib-words
+elif [ -r $CWD/cracklib-words-*.bz2 ]; then
+ bzip2 -dc $CWD/cracklib-words-*.bz2 > cracklib-words
+elif [ -r $CWD/cracklib-words-*.gz ]; then
+ gzip -dc $CWD/cracklib-words-*.gz > cracklib-words
+elif [ -r $CWD/cracklib-words-*.lz ]; then
+ lzip -dc $CWD/cracklib-words-*.lz > cracklib-words
+fi
+
+# If cracklib-words exists, add it to the dictionary. Otherwise go with the bundled list.
+if [ -r cracklib-words ]; then
+ PATH=$(pwd)/util:$PATH \
+ ./util/create-cracklib-dict \
+ -o $PKG/usr/share/cracklib/pw_dict \
+ dicts/cracklib-small cracklib-words
+else
+ PATH=$(pwd)/util:$PATH \
+ ./util/create-cracklib-dict \
+ -o $PKG/usr/share/cracklib/pw_dict \
+ dicts/cracklib-small
+fi
+
+mkdir -p $PKG/var/cache/cracklib
+( cd $PKG/var/cache/cracklib
+ln -s /usr/share/cracklib/pw_dict.pwd cracklib_dict.pwd
+ln -s /usr/share/cracklib/pw_dict.pwi cracklib_dict.pwi
+)
+
+find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \
+ | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true
+
+mkdir -p $PKG/usr/doc/$PKGNAM-$VERSION
+cp -a \
+ AUTHORS COPYING.LIB ChangeLog INSTALL NEWS README* \
+ $PKG/usr/doc/$PKGNAM-$VERSION
+
+mkdir -p $PKG/install
+cat $CWD/slack-desc > $PKG/install/slack-desc
+
+cd $PKG
+/sbin/makepkg -l y -c n $TMP/$PKGNAM-$VERSION-$ARCH-$BUILD.txz
+
diff --git a/source/a/cracklib/cracklib.url b/source/a/cracklib/cracklib.url
new file mode 100644
index 00000000..c7afd5ec
--- /dev/null
+++ b/source/a/cracklib/cracklib.url
@@ -0,0 +1 @@
+https://github.com/cracklib/cracklib
diff --git a/source/a/cracklib/slack-desc b/source/a/cracklib/slack-desc
new file mode 100644
index 00000000..07167861
--- /dev/null
+++ b/source/a/cracklib/slack-desc
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description. Line
+# up the first '|' above the ':' following the base package name, and the '|'
+# on the right side marks the last column you can put a character in. You must
+# make exactly 11 lines for the formatting to be correct. It's also
+# customary to leave one space after the ':'.
+
+ |-----handy-ruler------------------------------------------------------|
+cracklib: cracklib (password checking library)
+cracklib:
+cracklib: CrackLib is a library which may be used in a passwd-like program to
+cracklib: prevent users from choosing passwords that could be easily guessed.
+cracklib: This package is an updated and modernized distribution of CrackLib as
+cracklib: previously released by Alec Muffett.
+cracklib:
+cracklib: Homepage: https://github.com/cracklib/cracklib
+cracklib:
+cracklib:
+cracklib:
diff --git a/source/a/libcgroup/libcgroup.SlackBuild b/source/a/libcgroup/libcgroup.SlackBuild
index 32d00ea9..d10b3f84 100755
--- a/source/a/libcgroup/libcgroup.SlackBuild
+++ b/source/a/libcgroup/libcgroup.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=libcgroup
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-6}
+BUILD=${BUILD:-7}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
diff --git a/source/a/libpwquality/doinst.sh b/source/a/libpwquality/doinst.sh
new file mode 100644
index 00000000..044ad84c
--- /dev/null
+++ b/source/a/libpwquality/doinst.sh
@@ -0,0 +1,14 @@
+config() {
+ NEW="$1"
+ OLD="$(dirname $NEW)/$(basename $NEW .new)"
+ # If there's no config file by that name, mv it over:
+ if [ ! -r $OLD ]; then
+ mv $NEW $OLD
+ elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then
+ # toss the redundant copy
+ rm $NEW
+ fi
+ # Otherwise, we leave the .new copy for the admin to consider...
+}
+
+config etc/security/pwquality.conf.new
diff --git a/source/a/libpwquality/libpwquality.SlackBuild b/source/a/libpwquality/libpwquality.SlackBuild
new file mode 100755
index 00000000..c68b8cad
--- /dev/null
+++ b/source/a/libpwquality/libpwquality.SlackBuild
@@ -0,0 +1,146 @@
+#!/bin/bash
+
+# Copyright 2020 Patrick J. Volkerding, Sebeka, Minnesota, USA
+# All rights reserved.
+#
+# Redistribution and use of this script, with or without modification, is
+# permitted provided that the following conditions are met:
+#
+# 1. Redistributions of this script must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+cd $(dirname $0) ; CWD=$(pwd)
+
+PKGNAM=libpwquality
+VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
+BUILD=${BUILD:-1}
+
+# Automatically determine the architecture we're building on:
+if [ -z "$ARCH" ]; then
+ case "$(uname -m)" in
+ i?86) ARCH=i586 ;;
+ arm*) readelf /usr/bin/file -A | egrep -q "Tag_CPU.*[4,5]" && ARCH=arm || ARCH=armv7hl ;;
+ # Unless $ARCH is already set, use uname -m for all other archs:
+ *) ARCH=$(uname -m) ;;
+ esac
+ export ARCH
+fi
+
+# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
+# the name of the created package would be, and then exit. This information
+# could be useful to other scripts.
+if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
+ echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz"
+ exit 0
+fi
+
+NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
+
+if [ "$ARCH" = "i586" ]; then
+ SLKCFLAGS="-O2 -march=i586 -mtune=i686"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "i686" ]; then
+ SLKCFLAGS="-O2 -march=i686"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "s390" ]; then
+ SLKCFLAGS="-O2"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "x86_64" ]; then
+ SLKCFLAGS="-O2 -fPIC"
+ LIBDIRSUFFIX="64"
+elif [ "$ARCH" = "armv7hl" ]; then
+ SLKCFLAGS="-O3 -march=armv7-a -mfpu=vfpv3-d16"
+ LIBDIRSUFFIX=""
+else
+ SLKCFLAGS="-O2"
+ LIBDIRSUFFIX=""
+fi
+
+TMP=${TMP:-/tmp}
+PKG=$TMP/package-$PKGNAM
+
+rm -rf $PKG
+mkdir -p $TMP $PKG
+
+cd $TMP
+rm -rf $PKGNAM-$VERSION
+tar xvf $CWD/$PKGNAM-$VERSION.tar.?z || exit 1
+cd $PKGNAM-$VERSION || exit 1
+
+chown -R root:root .
+find . \
+ \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
+ -exec chmod 755 {} \+ -o \
+ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
+ -exec chmod 644 {} \+
+
+# this typo was driving me crazy
+sed -i "s/there defaults/their defaults/g" doc/man/pam_pwquality.8*
+
+# Configure, build, and install:
+CFLAGS="$SLKCFLAGS" \
+CXXFLAGS="$SLKCFLAGS" \
+./configure \
+ --prefix=/usr \
+ --libdir=/usr/lib${LIBDIRSUFFIX} \
+ --sysconfdir=/etc \
+ --localstatedir=/var \
+ --docdir=/usr/doc/$PKGNAM-$VERSION \
+ --mandir=/usr/man \
+ --infodir=/usr/info \
+ --disable-static \
+ --with-securedir=/lib${LIBDIRSUFFIX}/security \
+ --with-python-binary=python3 \
+ --build=$ARCH-slackware-linux || exit 1
+make $NUMJOBS || make || exit 1
+make install DESTDIR=$PKG || exit 1
+
+# Don't ship .la files:
+rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la
+
+# The ones in /lib${LIBDIRSUFFIX}/security can also go:
+rm -f $PKG/lib${LIBDIRSUFFIX}/security/*.la
+
+mv $PKG/etc/security/pwquality.conf $PKG/etc/security/pwquality.conf.new
+
+# Strip binaries:
+find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
+
+# Compress manual pages:
+find $PKG/usr/man -type f -exec gzip -9 {} \+
+for i in $( find $PKG/usr/man -type l ) ; do
+ ln -s $( readlink $i ).gz $i.gz
+ rm $i
+done
+
+# Add a documentation directory:
+mkdir -p $PKG/usr/doc/${PKGNAM}-$VERSION
+cp -a \
+ AUTHORS* ChangeLog COPYING* NEWS* README* \
+ $PKG/usr/doc/${PKGNAM}-$VERSION
+
+# If there's a ChangeLog, installing at least part of the recent history
+# is useful, but don't let it get totally out of control:
+if [ -r ChangeLog ]; then
+ DOCSDIR=$(echo $PKG/usr/doc/${PKGNAM}-$VERSION)
+ cat ChangeLog | head -n 1000 > $DOCSDIR/ChangeLog
+ touch -r ChangeLog $DOCSDIR/ChangeLog
+fi
+
+mkdir -p $PKG/install
+zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh
+cat $CWD/slack-desc > $PKG/install/slack-desc
+
+cd $PKG
+/sbin/makepkg -l y -c n $TMP/$PKGNAM-$VERSION-$ARCH-$BUILD.txz
diff --git a/source/a/libpwquality/libpwquality.url b/source/a/libpwquality/libpwquality.url
new file mode 100644
index 00000000..fe741a80
--- /dev/null
+++ b/source/a/libpwquality/libpwquality.url
@@ -0,0 +1 @@
+https://github.com/libpwquality/libpwquality
diff --git a/source/a/libpwquality/slack-desc b/source/a/libpwquality/slack-desc
new file mode 100644
index 00000000..0334b2ca
--- /dev/null
+++ b/source/a/libpwquality/slack-desc
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description. Line
+# up the first '|' above the ':' following the base package name, and the '|'
+# on the right side marks the last column you can put a character in. You must
+# make exactly 11 lines for the formatting to be correct. It's also
+# customary to leave one space after the ':'.
+
+ |-----handy-ruler------------------------------------------------------|
+libpwquality: libpwquality (password quality checking library)
+libpwquality:
+libpwquality: The libpwquality package provides common functions for password
+libpwquality: quality checking and also scoring them based on their apparent
+libpwquality: randomness. The library also provides a function for generating
+libpwquality: random passwords with good pronounceability.
+libpwquality:
+libpwquality: Homepage: https://github.com/libpwquality/libpwquality
+libpwquality:
+libpwquality:
+libpwquality:
diff --git a/source/a/lilo/lilo.SlackBuild b/source/a/lilo/lilo.SlackBuild
index 22fcf50e..fec93554 100755
--- a/source/a/lilo/lilo.SlackBuild
+++ b/source/a/lilo/lilo.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=lilo
VERSION=${VERSION:-24.2}
-BUILD=${BUILD:-8}
+BUILD=${BUILD:-9}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
diff --git a/source/a/lilo/liloconfig b/source/a/lilo/liloconfig
index 81ad2ca0..2129c6e1 100644
--- a/source/a/lilo/liloconfig
+++ b/source/a/lilo/liloconfig
@@ -2,7 +2,7 @@
#
# Copyright 1994, 1998, 1999 Patrick Volkerding, Moorhead, Minnesota USA
# Copyright 2002, 2003 Slackware Linux, Inc, Concord, CA
-# Copyright 2007, 2008, 2011, 2013, 2018 Patrick Volkerding, Sebeka, Minnesota, USA
+# Copyright 2007, 2008, 2011, 2013, 2018, 2020 Patrick Volkerding, Sebeka, Minnesota, USA
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
@@ -45,7 +45,7 @@ LILO designed to work with EFI/UEFI systems." \
if [ $? = 1 -o $? = 255 ]; then
exit
fi
- REPLY="`cat $TMP/reply`"
+ REPLY="$(cat $TMP/reply)"
rm -f $TMP/reply
if [ "$REPLY" = "skip" ]; then
exit
@@ -191,7 +191,7 @@ or the standard Linux console?" 0 0 0 \
# "1024x768x16m" "Frame buffer console, 1024x768x16.8m" \
# "1280x1024x16m" "Frame buffer console, 1280x1024x16.8m" \
# "1600x1200x16m" "Frame buffer console, 1600x1200x16.8m"
- CONSOLETYPE="`cat $TMP/reply`"
+ CONSOLETYPE="$(cat $TMP/reply)"
if [ "$CONSOLETYPE" = "1600x1200x16m" ]; then
CONSOLENUM=799
elif [ "$CONSOLETYPE" = "1600x1200x64k" ]; then
@@ -260,7 +260,7 @@ simplelilo()
if [ $? = 1 -o $? = 255 ]; then
APPEND=""
fi
- APPEND="`cat $TMP/reply`"
+ APPEND="$(cat $TMP/reply)"
# If we got here, we either don't have boot manager or don't want to use it
# Note 3/2018: or OS/2 Boot Manager cruft was removed ;-)
@@ -284,7 +284,7 @@ Which option would you like?" \
if [ $? = 1 -o $? = 255 ]; then
exit
fi
- TG="`cat $TMP/reply`"
+ TG="$(cat $TMP/reply)"
rm -r $TMP/reply
dialog --infobox "\nScanning partitions and generating /etc/lilo.conf..." 5 57
sleep 1
@@ -292,8 +292,8 @@ Which option would you like?" \
MBR_TARGET=/dev/sda
echo $MBR_TARGET > $TMP/LILOMBR
cat /proc/partitions | while read LINE ; do
- MAJOR="`echo $LINE | cut -f 1 -d ' '`"
- MINOR="`echo $LINE | cut -f 2 -d ' '`"
+ MAJOR="$(echo $LINE | cut -f 1 -d ' ')"
+ MINOR="$(echo $LINE | cut -f 2 -d ' ')"
if [ ! "$MINOR" = "0" -a ! "$MINOR" = "64" ]; then # ignore whole devices to weed out CD drives
if [ "$MAJOR" = "3" ]; then
MBR_TARGET=/dev/hda
@@ -321,9 +321,9 @@ Which option would you like?" \
fi
fi
done
- LILO_TARGET=`cat $TMP/LILOMBR`
+ LILO_TARGET=$(cat $TMP/LILOMBR)
elif [ "$TG" = "Root" ]; then
- LILO_TARGET=`echo $ROOT_DEVICE`
+ LILO_TARGET=$(echo $ROOT_DEVICE)
elif [ "$TG" = "Floppy" ]; then
LILO_TARGET="/dev/fd0"
fi
@@ -344,7 +344,8 @@ EOF
fi
cat << EOF >> $T_PX/etc/lilo.conf
boot = $LILO_TARGET
-#compact # faster, but won't work on all systems.
+# This option loads the kernel and initrd much faster:
+compact
# Boot BMP Image.
# Bitmap in BMP format: 640x480x8
@@ -434,10 +435,10 @@ W95
FAT12
FAT16
HPFS" | grep -v "Ext'd" | grep -v "Extend" | sort )"
- DOSP="`echo $DOSP | cut -f 1 -d ' '`"
+ DOSP="$(echo $DOSP | cut -f 1 -d ' ')"
fi
if [ ! "$DOSP" = "" ]; then
- TABLE="`echo $DOSP | cut -b1-8`"
+ TABLE="$(echo $DOSP | cut -b1-8)"
cat << EOF >> $T_PX/etc/lilo.conf
# Windows bootable partition config begins
other = $DOSP
@@ -448,8 +449,8 @@ EOF
echo "Windows - (Windows FAT/NTFS partition)" >> $T_PX/boot/boot_message.txt
fi
# Next, we search for Linux partitions:
- LNXP="`PROBE -l | grep "Linux$"`"
- LNXP="`echo $LNXP | cut -f 1 -d ' ' | sort`"
+ LNXP="$(PROBE -l | grep "Linux$")"
+ LNXP="$(echo $LNXP | cut -f 1 -d ' ' | sort)"
if [ ! "$LNXP" = "" ]; then
cat << EOF >> $T_PX/etc/lilo.conf
# Linux bootable partition config begins
@@ -463,10 +464,10 @@ EOF
fi
# DEAD CODE, BUT IN CASE OS/2 MAKES A COMEBACK!
# # OK, hopefully we can remember how to deal with OS/2 :^)
-# OS2P="`PROBE -l | grep "HPFS"`"
-# OS2P="`echo $OS2P | cut -f 1 -d ' ' | sort`"
+# OS2P="$(PROBE -l | grep "HPFS")"
+# OS2P="$(echo $OS2P | cut -f 1 -d ' ' | sort)"
# if [ ! "$OS2P" = "" ]; then
-# TABLE="`echo $OS2P | cut -b1-8`"
+# TABLE="$(echo $OS2P | cut -b1-8)"
# if [ "$TABLE" = "/dev/hda" ]; then
# cat << EOF >> $T_PX/etc/lilo.conf
## OS/2 bootable partition config begins
@@ -635,13 +636,13 @@ EOF
# 'probe()' borrowed from LILO QuickInst.
probe()
{
- [ ! -z "`dd if=$1 bs=1 count=1 2>/dev/null | tr '\0' x`" ]
+ [ ! -z "$(dd if=$1 bs=1 count=1 2>/dev/null | tr '\0' x)" ]
return
}
# Figure out if we're installing from the hard drive
if [ -r $TMP/SeTT_PX ]; then
- T_PX="`cat $TMP/SeTT_PX`"
+ T_PX="$(cat $TMP/SeTT_PX)"
else
if [ "$T_PX" = "" -a ! "$1" = "" ]; then
T_PX=$1
@@ -658,9 +659,9 @@ LNX="no" # this means no Linux partition has been defined as bootable
ROOT_DEVICE=$2
if [ "$ROOT_DEVICE" = "" ]; then
if [ -r $TMP/SeTrootdev ]; then
- ROOT_DEVICE="`cat $TMP/SeTrootdev`"
+ ROOT_DEVICE="$(cat $TMP/SeTrootdev)"
else
- ROOT_DEVICE="`mount | cut -f 1 -d " " | sed -n "1 p"`"
+ ROOT_DEVICE="$(mount | grep " on $T_PX " | cut -f 1 -d " " | head -n 1)"
fi
fi
# Figure out where the kernel is:
@@ -707,7 +708,7 @@ it later with the 'liloconfig' command. Which option would you like?" \
if [ $? = 1 -o $? = 255 ]; then
exit
fi
- REPLY="`cat $TMP/reply`"
+ REPLY="$(cat $TMP/reply)"
rm -f $TMP/reply
if [ "$REPLY" = "skip" ]; then
exit
@@ -737,7 +738,7 @@ Which option would you like?" 21 73 8 \
if [ $? = 1 -o $? = 255 ]; then
REPLY="Skip"
else
- REPLY="`cat $TMP/reply`"
+ REPLY="$(cat $TMP/reply)"
fi
rm -r $TMP/reply
if [ "$REPLY" = "Begin" ]; then
@@ -747,7 +748,7 @@ Which option would you like?" 21 73 8 \
HDR="no"
continue;
else
- APPEND="`cat $TMP/reply`"
+ APPEND="$(cat $TMP/reply)"
fi
#ask_utf;
#if [ $? = 1 -o $? = 255 ]; then
@@ -772,15 +773,15 @@ selection. Please pick a target location:" 15 65 3 \
continue;
else
LNX="no"
- TG="`cat $TMP/reply`"
+ TG="$(cat $TMP/reply)"
fi
rm -r $TMP/reply
if [ "$TG" = "MBR" ]; then
MBR_TARGET=/dev/sda
echo $MBR_TARGET > $TMP/LILOMBR
cat /proc/partitions | while read LINE ; do
- MAJOR="`echo $LINE | cut -f 1 -d ' '`"
- MINOR="`echo $LINE | cut -f 2 -d ' '`"
+ MAJOR="$(echo $LINE | cut -f 1 -d ' ')"
+ MINOR="$(echo $LINE | cut -f 2 -d ' ')"
if [ ! "$MINOR" = "0" -a ! "$MINOR" = "64" ]; then # ignore whole devices to weed out CD drives
if [ "$MAJOR" = "3" ]; then
MBR_TARGET=/dev/hda
@@ -797,17 +798,17 @@ selection. Please pick a target location:" 15 65 3 \
fi
fi
done
- LILO_TARGET=`cat $TMP/LILOMBR`
+ LILO_TARGET=$(cat $TMP/LILOMBR)
dialog --title "CONFIRM LOCATION TO INSTALL LILO" --inputbox \
"The auto-detected location to install the LILO boot block is shown below. \
If you need to make any changes, you can make them below. Otherwise, hit \
ENTER to accept the target location shown." 11 60 $LILO_TARGET 2> $TMP/reply
if [ $? = 0 ]; then
- LILO_TARGET="`cat $TMP/reply`"
+ LILO_TARGET="$(cat $TMP/reply)"
fi
rm -f $TMP/reply
elif [ "$TG" = "Root" ]; then
- LILO_TARGET=`echo $ROOT_DEVICE`
+ LILO_TARGET=$(echo $ROOT_DEVICE)
elif [ "$TG" = "Floppy" ]; then
LILO_TARGET="/dev/fd0"
else
@@ -826,7 +827,7 @@ default." 13 74 4 \
HDR="no"
continue;
else
- TIMEOUT="`cat $TMP/reply`"
+ TIMEOUT="$(cat $TMP/reply)"
fi
rm -r $TMP/reply
if [ "$TIMEOUT" = "None" ]; then
@@ -852,7 +853,8 @@ default." 13 74 4 \
# Start LILO global section
boot = $LILO_TARGET
-#compact # faster, but won't work on all systems.
+# This option loads the kernel and initrd much faster:
+compact
EOF
# Boot splash
@@ -954,7 +956,7 @@ EOF
continue
fi
rm $TMP/tmpmsg
- LINUX_PART="`cat $TMP/reply`"
+ LINUX_PART="$(cat $TMP/reply)"
checkp_dialog $LINUX_PART
if [ ! $? = 0 ]; then
continue;
@@ -967,7 +969,7 @@ SINGLE WORD." 11 60 2> $TMP/reply
if [ $? = 1 -o $? = 255 ]; then
continue
fi
- LABEL="`cat $TMP/reply`"
+ LABEL="$(cat $TMP/reply)"
cat << EOF >> $TMP/lilo.conf
# Linux bootable partition config begins
image = $KERNEL
@@ -995,13 +997,13 @@ partitions unless you start over with a new LILO header." 6 60
echo >> $TMP/tmpmsg
echo "Which one would you like LILO to boot?" >> $TMP/tmpmsg
dialog --title "SELECT OS/2 PARTITION" --no-collapse --inputbox \
-"`cat $TMP/tmpmsg`" 20 74 2> $TMP/reply
+"$(cat $TMP/tmpmsg)" 20 74 2> $TMP/reply
if [ $? = 1 -o $? = 255 ]; then
rm $TMP/tmpmsg
continue
fi
rm $TMP/tmpmsg
- OS_2_PART="`cat $TMP/reply`"
+ OS_2_PART="$(cat $TMP/reply)"
checkp_dialog $OS_2_PART
if [ ! $? = 0 ]; then
continue;
@@ -1014,9 +1016,9 @@ SINGLE WORD." 11 60 2> $TMP/reply
if [ $? = 1 -o $? = 255 ]; then
continue
fi
- LABEL="`cat $TMP/reply`"
- TABLE="`echo $OS_2_PART | cut -b1-8`"
- if [ "`echo $TABLE | cut -b6-8`" = "hda" ]; then
+ LABEL="$(cat $TMP/reply)"
+ TABLE="$(echo $OS_2_PART | cut -b1-8)"
+ if [ "$(echo $TABLE | cut -b6-8)" = "hda" ]; then
cat << EOF >> $TMP/lilo.conf
# OS/2 bootable partition config begins
other = $OS_2_PART
@@ -1061,13 +1063,13 @@ HPFS" | grep -v "Ext'd" | grep -v "Extend" | sort | grep "$($OSPROBER 2> /dev/nu
echo >> $TMP/tmpmsg
echo "Which one would you like LILO to boot?" >> $TMP/tmpmsg
dialog --title "SELECT WINDOWS PARTITION" --no-collapse --inputbox \
-"`cat $TMP/tmpmsg`" 20 74 2> $TMP/reply
+"$(cat $TMP/tmpmsg)" 20 74 2> $TMP/reply
if [ $? = 1 -o $? = 255 ]; then
rm $TMP/tmpmsg
continue
fi
rm $TMP/tmpmsg
- DOSPART="`cat $TMP/reply`"
+ DOSPART="$(cat $TMP/reply)"
checkp_dialog $DOSPART
if [ ! $? = 0 ]; then
continue;
@@ -1080,13 +1082,13 @@ SINGLE WORD." 11 60 2> $TMP/reply
if [ $? = 1 -o $? = 255 ]; then
continue
fi
- LABEL="`cat $TMP/reply`"
+ LABEL="$(cat $TMP/reply)"
unset USE_LOADER
- TABLE="`echo $DOSPART | cut -b1-8`"
- if [ "`echo $TABLE | cut -b6-8`" = "hda" ]; then
+ TABLE="$(echo $DOSPART | cut -b1-8)"
+ if [ "$(echo $TABLE | cut -b6-8)" = "hda" ]; then
USE_LOADER="no"
fi
- if [ "`echo $TABLE | cut -b6-8`" = "sda" ]; then
+ if [ "$(echo $TABLE | cut -b6-8)" = "sda" ]; then
if probe /dev/hda; then
USE_LOADER="yes"
else
diff --git a/source/a/pam/doinst.sh b/source/a/pam/doinst.sh
new file mode 100644
index 00000000..e96721a1
--- /dev/null
+++ b/source/a/pam/doinst.sh
@@ -0,0 +1,14 @@
+
+config() {
+ NEW="$1"
+ OLD="$(dirname $NEW)/$(basename $NEW .new)"
+ # If there's no config file by that name, mv it over:
+ if [ ! -r $OLD ]; then
+ mv $NEW $OLD
+ elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then
+ # toss the redundant copy
+ rm $NEW
+ fi
+ # Otherwise, we leave the .new copy for the admin to consider...
+}
+
diff --git a/source/a/pam/fedora-patches/pam-1.1.3-nouserenv.patch b/source/a/pam/fedora-patches/pam-1.1.3-nouserenv.patch
new file mode 100644
index 00000000..f3a742c8
--- /dev/null
+++ b/source/a/pam/fedora-patches/pam-1.1.3-nouserenv.patch
@@ -0,0 +1,27 @@
+diff -up pam/modules/pam_env/pam_env.c.nouserenv pam/modules/pam_env/pam_env.c
+--- pam/modules/pam_env/pam_env.c.nouserenv 2010-10-20 09:59:30.000000000 +0200
++++ pam/modules/pam_env/pam_env.c 2010-11-01 14:42:01.000000000 +0100
+@@ -10,7 +10,7 @@
+ #define DEFAULT_READ_ENVFILE 1
+
+ #define DEFAULT_USER_ENVFILE ".pam_environment"
+-#define DEFAULT_USER_READ_ENVFILE 1
++#define DEFAULT_USER_READ_ENVFILE 0
+
+ #include "config.h"
+
+diff -up pam/modules/pam_env/pam_env.8.xml.nouserenv pam/modules/pam_env/pam_env.8.xml
+--- pam/modules/pam_env/pam_env.8.xml.nouserenv 2010-10-20 09:59:30.000000000 +0200
++++ pam/modules/pam_env/pam_env.8.xml 2010-11-01 14:42:01.000000000 +0100
+@@ -147,7 +147,10 @@
+ <listitem>
+ <para>
+ Turns on or off the reading of the user specific environment
+- file. 0 is off, 1 is on. By default this option is on.
++ file. 0 is off, 1 is on. By default this option is off as user
++ supplied environment variables in the PAM environment could affect
++ behavior of subsequent modules in the stack without the consent
++ of the system administrator.
+ </para>
+ </listitem>
+ </varlistentry>
diff --git a/source/a/pam/fedora-patches/pam-1.1.6-limits-user.patch b/source/a/pam/fedora-patches/pam-1.1.6-limits-user.patch
new file mode 100644
index 00000000..3c17b781
--- /dev/null
+++ b/source/a/pam/fedora-patches/pam-1.1.6-limits-user.patch
@@ -0,0 +1,20 @@
+diff -up Linux-PAM-1.1.6/modules/pam_limits/limits.conf.limits Linux-PAM-1.1.6/modules/pam_limits/limits.conf
+--- Linux-PAM-1.1.6/modules/pam_limits/limits.conf.limits 2012-08-15 13:08:43.000000000 +0200
++++ Linux-PAM-1.1.6/modules/pam_limits/limits.conf 2013-03-14 16:43:37.615087671 +0100
+@@ -1,5 +1,16 @@
+ # /etc/security/limits.conf
+ #
++#This file sets the resource limits for the users logged in via PAM.
++#It does not affect resource limits of the system services.
++#
++#Also note that configuration files in /etc/security/limits.d directory,
++#which are read in alphabetical order, override the settings in this
++#file in case the domain is the same or more specific.
++#That means for example that setting a limit for wildcard domain here
++#can be overriden with a wildcard setting in a config file in the
++#subdirectory, but a user specific setting here can be overriden only
++#with a user specific setting in the subdirectory.
++#
+ #Each line describes a limit for a user in the form:
+ #
+ #<domain> <type> <item> <value>
diff --git a/source/a/pam/fedora-patches/pam-1.1.8-audit-user-mgmt.patch b/source/a/pam/fedora-patches/pam-1.1.8-audit-user-mgmt.patch
new file mode 100644
index 00000000..277a5699
--- /dev/null
+++ b/source/a/pam/fedora-patches/pam-1.1.8-audit-user-mgmt.patch
@@ -0,0 +1,31 @@
+diff -up Linux-PAM-1.1.8/modules/pam_tally2/pam_tally2.c.audit-user-mgmt Linux-PAM-1.1.8/modules/pam_tally2/pam_tally2.c
+--- Linux-PAM-1.1.8/modules/pam_tally2/pam_tally2.c.audit-user-mgmt 2013-06-18 16:11:21.000000000 +0200
++++ Linux-PAM-1.1.8/modules/pam_tally2/pam_tally2.c 2014-10-17 12:09:12.965490940 +0200
+@@ -997,9 +997,9 @@ main( int argc UNUSED, char **argv )
+ #ifdef HAVE_LIBAUDIT
+ char buf[64];
+ int audit_fd = audit_open();
+- snprintf(buf, sizeof(buf), "pam_tally2 uid=%u reset=%hu", uid, cline_reset);
+- audit_log_user_message(audit_fd, AUDIT_USER_ACCT,
+- buf, NULL, NULL, ttyname(STDIN_FILENO), 1);
++ snprintf(buf, sizeof(buf), "pam_tally2 reset=%hu", cline_reset);
++ audit_log_acct_message(audit_fd, AUDIT_USER_MGMT, NULL,
++ buf, NULL, uid, NULL, NULL, ttyname(STDIN_FILENO), 1);
+ if (audit_fd >=0)
+ close(audit_fd);
+ #endif
+@@ -1040,11 +1040,10 @@ main( int argc UNUSED, char **argv )
+ }
+ else if ( !cline_reset ) {
+ #ifdef HAVE_LIBAUDIT
+- char buf[64];
+ int audit_fd = audit_open();
+- snprintf(buf, sizeof(buf), "pam_tally2 uid=all reset=0");
+- audit_log_user_message(audit_fd, AUDIT_USER_ACCT,
+- buf, NULL, NULL, ttyname(STDIN_FILENO), 1);
++ audit_log_acct_message(audit_fd, AUDIT_USER_MGMT, NULL,
++ "pam_tally2-reset-all-accts reset=0", "*", -1,
++ NULL, NULL, ttyname(STDIN_FILENO), 1);
+ if (audit_fd >=0)
+ close(audit_fd);
+ #endif
diff --git a/source/a/pam/fedora-patches/pam-1.1.8-full-relro.patch b/source/a/pam/fedora-patches/pam-1.1.8-full-relro.patch
new file mode 100644
index 00000000..b2d8526f
--- /dev/null
+++ b/source/a/pam/fedora-patches/pam-1.1.8-full-relro.patch
@@ -0,0 +1,67 @@
+diff -up Linux-PAM-1.1.8/modules/pam_filter/upperLOWER/Makefile.am.relro Linux-PAM-1.1.8/modules/pam_filter/upperLOWER/Makefile.am
+--- Linux-PAM-1.1.8/modules/pam_filter/upperLOWER/Makefile.am.relro 2014-09-10 17:17:20.273401344 +0200
++++ Linux-PAM-1.1.8/modules/pam_filter/upperLOWER/Makefile.am 2014-09-10 17:17:07.857115369 +0200
+@@ -9,7 +9,7 @@ securelibfilterdir = $(SECUREDIR)/pam_fi
+
+ AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+ -I$(srcdir)/.. @PIE_CFLAGS@
+-AM_LDFLAGS = @PIE_LDFLAGS@
++AM_LDFLAGS = -Wl,-z,now @PIE_LDFLAGS@
+ LDADD = $(top_builddir)/libpam/libpam.la
+
+ securelibfilter_PROGRAMS = upperLOWER
+diff -up Linux-PAM-1.1.8/modules/pam_mkhomedir/Makefile.am.relro Linux-PAM-1.1.8/modules/pam_mkhomedir/Makefile.am
+--- Linux-PAM-1.1.8/modules/pam_mkhomedir/Makefile.am.relro 2013-06-18 16:11:21.000000000 +0200
++++ Linux-PAM-1.1.8/modules/pam_mkhomedir/Makefile.am 2014-09-10 17:18:42.922304935 +0200
+@@ -30,6 +30,8 @@ endif
+
+ sbin_PROGRAMS = mkhomedir_helper
+ mkhomedir_helper_SOURCES = mkhomedir_helper.c
++mkhomedir_helper_CFLAGS = $(AM_CFLAGS) @PIE_CFLAGS@
++mkhomedir_helper_LDFLAGS = -Wl,-z,now @PIE_LDFLAGS@
+ mkhomedir_helper_LDADD = $(top_builddir)/libpam/libpam.la
+
+ if ENABLE_REGENERATE_MAN
+diff -up Linux-PAM-1.1.8/modules/pam_tally2/Makefile.am.relro Linux-PAM-1.1.8/modules/pam_tally2/Makefile.am
+--- Linux-PAM-1.1.8/modules/pam_tally2/Makefile.am.relro 2013-06-18 16:11:21.000000000 +0200
++++ Linux-PAM-1.1.8/modules/pam_tally2/Makefile.am 2014-09-10 17:22:04.339944040 +0200
+@@ -26,6 +26,8 @@ if HAVE_VERSIONING
+ pam_tally2_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
+ endif
+
++pam_tally2_CFLAGS = $(AM_CFLAGS) @PIE_CFLAGS@
++pam_tally2_LDFLAGS = -Wl,-z,now @PIE_LDFLAGS@
+ pam_tally2_LDADD = $(top_builddir)/libpam/libpam.la $(LIBAUDIT)
+
+ securelib_LTLIBRARIES = pam_tally2.la
+diff -up Linux-PAM-1.1.8/modules/pam_timestamp/Makefile.am.relro Linux-PAM-1.1.8/modules/pam_timestamp/Makefile.am
+--- Linux-PAM-1.1.8/modules/pam_timestamp/Makefile.am.relro 2013-06-18 16:11:21.000000000 +0200
++++ Linux-PAM-1.1.8/modules/pam_timestamp/Makefile.am 2014-08-13 16:02:49.906688139 +0200
+@@ -36,7 +36,7 @@ pam_timestamp_la_CFLAGS = $(AM_CFLAGS)
+ pam_timestamp_check_SOURCES = pam_timestamp_check.c
+ pam_timestamp_check_CFLAGS = $(AM_CFLAGS) @PIE_CFLAGS@
+ pam_timestamp_check_LDADD = $(top_builddir)/libpam/libpam.la
+-pam_timestamp_check_LDFLAGS = @PIE_LDFLAGS@
++pam_timestamp_check_LDFLAGS = -Wl,-z,now @PIE_LDFLAGS@
+
+ hmacfile_SOURCES = hmacfile.c hmacsha1.c sha1.c
+ hmacfile_LDADD = $(top_builddir)/libpam/libpam.la
+diff -up Linux-PAM-1.1.8/modules/pam_unix/Makefile.am.relro Linux-PAM-1.1.8/modules/pam_unix/Makefile.am
+--- Linux-PAM-1.1.8/modules/pam_unix/Makefile.am.relro 2013-06-18 16:11:21.000000000 +0200
++++ Linux-PAM-1.1.8/modules/pam_unix/Makefile.am 2014-08-13 16:02:49.906688139 +0200
+@@ -55,13 +55,13 @@ bigcrypt_LDADD = @LIBCRYPT@
+ unix_chkpwd_SOURCES = unix_chkpwd.c md5_good.c md5_broken.c bigcrypt.c \
+ passverify.c
+ unix_chkpwd_CFLAGS = $(AM_CFLAGS) @PIE_CFLAGS@ -DHELPER_COMPILE=\"unix_chkpwd\"
+-unix_chkpwd_LDFLAGS = @PIE_LDFLAGS@
++unix_chkpwd_LDFLAGS = -Wl,-z,now @PIE_LDFLAGS@
+ unix_chkpwd_LDADD = @LIBCRYPT@ @LIBSELINUX@ @LIBAUDIT@
+
+ unix_update_SOURCES = unix_update.c md5_good.c md5_broken.c bigcrypt.c \
+ passverify.c
+ unix_update_CFLAGS = $(AM_CFLAGS) @PIE_CFLAGS@ -DHELPER_COMPILE=\"unix_update\"
+-unix_update_LDFLAGS = @PIE_LDFLAGS@
++unix_update_LDFLAGS = -Wl,-z,now @PIE_LDFLAGS@
+ unix_update_LDADD = @LIBCRYPT@ @LIBSELINUX@
+
+ if ENABLE_REGENERATE_MAN
diff --git a/source/a/pam/fedora-patches/pam-1.3.0-pwhistory-helper.patch b/source/a/pam/fedora-patches/pam-1.3.0-pwhistory-helper.patch
new file mode 100644
index 00000000..554e5c8f
--- /dev/null
+++ b/source/a/pam/fedora-patches/pam-1.3.0-pwhistory-helper.patch
@@ -0,0 +1,806 @@
+diff -up Linux-PAM-1.3.0/modules/pam_pwhistory/Makefile.am.pwhhelper Linux-PAM-1.3.0/modules/pam_pwhistory/Makefile.am
+--- Linux-PAM-1.3.0/modules/pam_pwhistory/Makefile.am.pwhhelper 2016-03-24 12:45:42.000000000 +0100
++++ Linux-PAM-1.3.0/modules/pam_pwhistory/Makefile.am 2016-05-06 15:18:42.307637933 +0200
+@@ -1,5 +1,6 @@
+ #
+ # Copyright (c) 2008, 2009 Thorsten Kukuk <kukuk@suse.de>
++# Copyright (c) 2013 Red Hat, Inc.
+ #
+
+ CLEANFILES = *~
+@@ -9,25 +10,34 @@ EXTRA_DIST = README $(MANS) $(XMLS) tst-
+
+ TESTS = tst-pam_pwhistory
+
+-man_MANS = pam_pwhistory.8
++man_MANS = pam_pwhistory.8 pwhistory_helper.8
+
+-XMLS = README.xml pam_pwhistory.8.xml
++XMLS = README.xml pam_pwhistory.8.xml pwhistory_helper.8.xml
+
+ securelibdir = $(SECUREDIR)
+ secureconfdir = $(SCONFIGDIR)
+
+-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+-AM_LDFLAGS = -no-undefined -avoid-version -module
++AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
++ -DPWHISTORY_HELPER=\"$(sbindir)/pwhistory_helper\"
++
++pam_pwhistory_la_LDFLAGS = -no-undefined -avoid-version -module
+ if HAVE_VERSIONING
+- AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
++ pam_pwhistory_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
+ endif
+
+ noinst_HEADERS = opasswd.h
+
+ securelib_LTLIBRARIES = pam_pwhistory.la
+-pam_pwhistory_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBCRYPT@
++pam_pwhistory_la_CFLAGS = $(AM_CFLAGS)
++pam_pwhistory_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBCRYPT@ @LIBSELINUX@
+ pam_pwhistory_la_SOURCES = pam_pwhistory.c opasswd.c
+
++sbin_PROGRAMS = pwhistory_helper
++pwhistory_helper_CFLAGS = $(AM_CFLAGS) -DHELPER_COMPILE=\"pwhistory_helper\" @PIE_CFLAGS@
++pwhistory_helper_SOURCES = pwhistory_helper.c opasswd.c
++pwhistory_helper_LDFLAGS = -Wl,-z,now @PIE_LDFLAGS@
++pwhistory_helper_LDADD = $(top_builddir)/libpam/libpam.la @LIBCRYPT@
++
+ if ENABLE_REGENERATE_MAN
+ noinst_DATA = README
+ README: pam_pwhistory.8.xml
+diff -up Linux-PAM-1.3.0/modules/pam_pwhistory/opasswd.c.pwhhelper Linux-PAM-1.3.0/modules/pam_pwhistory/opasswd.c
+--- Linux-PAM-1.3.0/modules/pam_pwhistory/opasswd.c.pwhhelper 2016-03-24 12:45:42.000000000 +0100
++++ Linux-PAM-1.3.0/modules/pam_pwhistory/opasswd.c 2016-05-06 15:18:42.307637933 +0200
+@@ -1,5 +1,6 @@
+ /*
+ * Copyright (c) 2008 Thorsten Kukuk <kukuk@suse.de>
++ * Copyright (c) 2013 Red Hat, Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+@@ -38,6 +39,7 @@
+ #endif
+
+ #include <pwd.h>
++#include <shadow.h>
+ #include <time.h>
+ #include <ctype.h>
+ #include <errno.h>
+@@ -47,6 +49,7 @@
+ #include <string.h>
+ #include <stdlib.h>
+ #include <syslog.h>
++#include <stdarg.h>
+ #include <sys/stat.h>
+
+ #if defined (HAVE_XCRYPT_H)
+@@ -55,7 +58,14 @@
+ #include <crypt.h>
+ #endif
+
++#ifdef HELPER_COMPILE
++#define pam_modutil_getpwnam(h,n) getpwnam(n)
++#define pam_modutil_getspnam(h,n) getspnam(n)
++#define pam_syslog(h,a,...) helper_log_err(a,__VA_ARGS__)
++#else
++#include <security/pam_modutil.h>
+ #include <security/pam_ext.h>
++#endif
+ #include <security/pam_modules.h>
+
+ #include "opasswd.h"
+@@ -76,6 +86,19 @@ typedef struct {
+ char *old_passwords;
+ } opwd;
+
++#ifdef HELPER_COMPILE
++void
++helper_log_err(int err, const char *format, ...)
++{
++ va_list args;
++
++ va_start(args, format);
++ openlog(HELPER_COMPILE, LOG_CONS | LOG_PID, LOG_AUTHPRIV);
++ vsyslog(err, format, args);
++ va_end(args);
++ closelog();
++}
++#endif
+
+ static int
+ parse_entry (char *line, opwd *data)
+@@ -117,8 +140,8 @@ compare_password(const char *newpass, co
+ }
+
+ /* Check, if the new password is already in the opasswd file. */
+-int
+-check_old_pass (pam_handle_t *pamh, const char *user,
++PAMH_ARG_DECL(int
++check_old_pass, const char *user,
+ const char *newpass, int debug)
+ {
+ int retval = PAM_SUCCESS;
+@@ -128,6 +151,11 @@ check_old_pass (pam_handle_t *pamh, cons
+ opwd entry;
+ int found = 0;
+
++#ifndef HELPER_COMPILE
++ if (SELINUX_ENABLED)
++ return PAM_PWHISTORY_RUN_HELPER;
++#endif
++
+ if ((oldpf = fopen (OLD_PASSWORDS_FILE, "r")) == NULL)
+ {
+ if (errno != ENOENT)
+@@ -213,9 +241,9 @@ check_old_pass (pam_handle_t *pamh, cons
+ return retval;
+ }
+
+-int
+-save_old_pass (pam_handle_t *pamh, const char *user, uid_t uid,
+- const char *oldpass, int howmany, int debug UNUSED)
++PAMH_ARG_DECL(int
++save_old_pass, const char *user,
++ int howmany, int debug UNUSED)
+ {
+ char opasswd_tmp[] = TMP_PASSWORDS_FILE;
+ struct stat opasswd_stat;
+@@ -226,10 +254,35 @@ save_old_pass (pam_handle_t *pamh, const
+ char *buf = NULL;
+ size_t buflen = 0;
+ int found = 0;
++ struct passwd *pwd;
++ const char *oldpass;
++
++ pwd = pam_modutil_getpwnam (pamh, user);
++ if (pwd == NULL)
++ return PAM_USER_UNKNOWN;
+
+ if (howmany <= 0)
+ return PAM_SUCCESS;
+
++#ifndef HELPER_COMPILE
++ if (SELINUX_ENABLED)
++ return PAM_PWHISTORY_RUN_HELPER;
++#endif
++
++ if ((strcmp(pwd->pw_passwd, "x") == 0) ||
++ ((pwd->pw_passwd[0] == '#') &&
++ (pwd->pw_passwd[1] == '#') &&
++ (strcmp(pwd->pw_name, pwd->pw_passwd + 2) == 0)))
++ {
++ struct spwd *spw = pam_modutil_getspnam (pamh, user);
++
++ if (spw == NULL)
++ return PAM_USER_UNKNOWN;
++ oldpass = spw->sp_pwdp;
++ }
++ else
++ oldpass = pwd->pw_passwd;
++
+ if (oldpass == NULL || *oldpass == '\0')
+ return PAM_SUCCESS;
+
+@@ -452,7 +505,7 @@ save_old_pass (pam_handle_t *pamh, const
+ {
+ char *out;
+
+- if (asprintf (&out, "%s:%d:1:%s\n", user, uid, oldpass) < 0)
++ if (asprintf (&out, "%s:%d:1:%s\n", user, pwd->pw_uid, oldpass) < 0)
+ {
+ retval = PAM_AUTHTOK_ERR;
+ if (oldpf)
+diff -up Linux-PAM-1.3.0/modules/pam_pwhistory/opasswd.h.pwhhelper Linux-PAM-1.3.0/modules/pam_pwhistory/opasswd.h
+--- Linux-PAM-1.3.0/modules/pam_pwhistory/opasswd.h.pwhhelper 2016-03-24 12:45:42.000000000 +0100
++++ Linux-PAM-1.3.0/modules/pam_pwhistory/opasswd.h 2016-05-06 15:18:42.307637933 +0200
+@@ -1,5 +1,6 @@
+ /*
+ * Copyright (c) 2008 Thorsten Kukuk <kukuk@suse.de>
++ * Copyright (c) 2013 Red Hat, Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+@@ -36,10 +37,32 @@
+ #ifndef __OPASSWD_H__
+ #define __OPASSWD_H__
+
+-extern int check_old_pass (pam_handle_t *pamh, const char *user,
+- const char *newpass, int debug);
+-extern int save_old_pass (pam_handle_t *pamh, const char *user,
+- uid_t uid, const char *oldpass,
+- int howmany, int debug);
++#define PAM_PWHISTORY_RUN_HELPER PAM_CRED_INSUFFICIENT
++
++#ifdef WITH_SELINUX
++#include <selinux/selinux.h>
++#define SELINUX_ENABLED is_selinux_enabled()>0
++#else
++#define SELINUX_ENABLED 0
++#endif
++
++#ifdef HELPER_COMPILE
++#define PAMH_ARG_DECL(fname, ...) fname(__VA_ARGS__)
++#define PAMH_ARG(...) __VA_ARGS__
++#else
++#define PAMH_ARG_DECL(fname, ...) fname(pam_handle_t *pamh, __VA_ARGS__)
++#define PAMH_ARG(...) pamh, __VA_ARGS__
++#endif
++
++#ifdef HELPER_COMPILE
++void
++helper_log_err(int err, const char *format, ...);
++#endif
++
++PAMH_ARG_DECL(int
++check_old_pass, const char *user, const char *newpass, int debug);
++
++PAMH_ARG_DECL(int
++save_old_pass, const char *user, int howmany, int debug);
+
+ #endif /* __OPASSWD_H__ */
+diff -up Linux-PAM-1.3.0/modules/pam_pwhistory/pam_pwhistory.c.pwhhelper Linux-PAM-1.3.0/modules/pam_pwhistory/pam_pwhistory.c
+--- Linux-PAM-1.3.0/modules/pam_pwhistory/pam_pwhistory.c.pwhhelper 2016-04-04 11:22:28.000000000 +0200
++++ Linux-PAM-1.3.0/modules/pam_pwhistory/pam_pwhistory.c 2016-05-06 15:19:31.610785512 +0200
+@@ -1,6 +1,7 @@
+ /*
+ * Copyright (c) 2008, 2012 Thorsten Kukuk
+ * Author: Thorsten Kukuk <kukuk@thkukuk.de>
++ * Copyright (c) 2013 Red Hat, Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+@@ -46,10 +47,14 @@
+ #include <stdlib.h>
+ #include <string.h>
+ #include <unistd.h>
+-#include <shadow.h>
+ #include <syslog.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
++#include <sys/time.h>
++#include <sys/resource.h>
++#include <sys/wait.h>
++#include <signal.h>
++#include <fcntl.h>
+
+ #include <security/pam_modules.h>
+ #include <security/pam_modutil.h>
+@@ -59,6 +64,7 @@
+ #include "opasswd.h"
+
+ #define DEFAULT_BUFLEN 2048
++#define MAX_FD_NO 20000
+
+ struct options_t {
+ int debug;
+@@ -102,6 +108,184 @@ parse_option (pam_handle_t *pamh, const
+ pam_syslog (pamh, LOG_ERR, "pam_pwhistory: unknown option: %s", argv);
+ }
+
++static int
++run_save_helper(pam_handle_t *pamh, const char *user,
++ int howmany, int debug)
++{
++ int retval, child;
++ struct sigaction newsa, oldsa;
++
++ memset(&newsa, '\0', sizeof(newsa));
++ newsa.sa_handler = SIG_DFL;
++ sigaction(SIGCHLD, &newsa, &oldsa);
++
++ child = fork();
++ if (child == 0)
++ {
++ int i = 0;
++ struct rlimit rlim;
++ int dummyfds[2];
++ static char *envp[] = { NULL };
++ char *args[] = { NULL, NULL, NULL, NULL, NULL, NULL };
++
++ /* replace std file descriptors with a dummy pipe */
++ if (pipe2(dummyfds, O_NONBLOCK) == 0)
++ {
++ dup2(dummyfds[0], STDIN_FILENO);
++ dup2(dummyfds[1], STDOUT_FILENO);
++ dup2(dummyfds[1], STDERR_FILENO);
++ }
++
++ if (getrlimit(RLIMIT_NOFILE,&rlim) == 0)
++ {
++ if (rlim.rlim_max >= MAX_FD_NO)
++ rlim.rlim_max = MAX_FD_NO;
++ for (i = STDERR_FILENO + 1; i < (int)rlim.rlim_max; i++)
++ {
++ if (i != dummyfds[0])
++ close(i);
++ }
++ }
++
++ /* exec binary helper */
++ args[0] = strdup(PWHISTORY_HELPER);
++ args[1] = strdup("save");
++ args[2] = x_strdup(user);
++ asprintf(&args[3], "%d", howmany);
++ asprintf(&args[4], "%d", debug);
++
++ execve(args[0], args, envp);
++
++ _exit(PAM_SYSTEM_ERR);
++ }
++ else if (child > 0)
++ {
++ /* wait for child */
++ int rc = 0;
++ rc = waitpid(child, &retval, 0); /* wait for helper to complete */
++ if (rc < 0)
++ {
++ pam_syslog(pamh, LOG_ERR, "pwhistory_helper save waitpid returned %d: %m", rc);
++ retval = PAM_SYSTEM_ERR;
++ }
++ else if (!WIFEXITED(retval))
++ {
++ pam_syslog(pamh, LOG_ERR, "pwhistory_helper save abnormal exit: %d", retval);
++ retval = PAM_SYSTEM_ERR;
++ }
++ else
++ {
++ retval = WEXITSTATUS(retval);
++ }
++ }
++ else
++ {
++ retval = PAM_SYSTEM_ERR;
++ }
++
++ sigaction(SIGCHLD, &oldsa, NULL); /* restore old signal handler */
++
++ return retval;
++}
++
++static int
++run_check_helper(pam_handle_t *pamh, const char *user,
++ const char *newpass, int debug)
++{
++ int retval, child, fds[2];
++ struct sigaction newsa, oldsa;
++
++ /* create a pipe for the password */
++ if (pipe(fds) != 0)
++ return PAM_SYSTEM_ERR;
++
++ memset(&newsa, '\0', sizeof(newsa));
++ newsa.sa_handler = SIG_DFL;
++ sigaction(SIGCHLD, &newsa, &oldsa);
++
++ child = fork();
++ if (child == 0)
++ {
++ int i = 0;
++ struct rlimit rlim;
++ int dummyfds[2];
++ static char *envp[] = { NULL };
++ char *args[] = { NULL, NULL, NULL, NULL, NULL };
++
++ /* reopen stdin as pipe */
++ dup2(fds[0], STDIN_FILENO);
++
++ /* replace std file descriptors with a dummy pipe */
++ if (pipe2(dummyfds, O_NONBLOCK) == 0)
++ {
++ dup2(dummyfds[1], STDOUT_FILENO);
++ dup2(dummyfds[1], STDERR_FILENO);
++ }
++
++ if (getrlimit(RLIMIT_NOFILE,&rlim) == 0)
++ {
++ if (rlim.rlim_max >= MAX_FD_NO)
++ rlim.rlim_max = MAX_FD_NO;
++ for (i = STDERR_FILENO + 1; i < (int)rlim.rlim_max; i++)
++ {
++ if (i != dummyfds[0])
++ close(i);
++ }
++ }
++
++ /* exec binary helper */
++ args[0] = strdup(PWHISTORY_HELPER);
++ args[1] = strdup("check");
++ args[2] = x_strdup(user);
++ asprintf(&args[3], "%d", debug);
++
++ execve(args[0], args, envp);
++
++ _exit(PAM_SYSTEM_ERR);
++ }
++ else if (child > 0)
++ {
++ /* wait for child */
++ int rc = 0;
++ if (newpass == NULL)
++ newpass = "";
++
++ /* send the password to the child */
++ if (write(fds[1], newpass, strlen(newpass)+1) == -1)
++ {
++ pam_syslog(pamh, LOG_ERR, "Cannot send password to helper: %m");
++ retval = PAM_SYSTEM_ERR;
++ }
++ newpass = NULL;
++ close(fds[0]); /* close here to avoid possible SIGPIPE above */
++ close(fds[1]);
++ rc = waitpid(child, &retval, 0); /* wait for helper to complete */
++ if (rc < 0)
++ {
++ pam_syslog(pamh, LOG_ERR, "pwhistory_helper check waitpid returned %d: %m", rc);
++ retval = PAM_SYSTEM_ERR;
++ }
++ else if (!WIFEXITED(retval))
++ {
++ pam_syslog(pamh, LOG_ERR, "pwhistory_helper check abnormal exit: %d", retval);
++ retval = PAM_SYSTEM_ERR;
++ }
++ else
++ {
++ retval = WEXITSTATUS(retval);
++ }
++ }
++ else
++ {
++ close(fds[0]);
++ close(fds[1]);
++ retval = PAM_SYSTEM_ERR;
++ }
++
++ sigaction(SIGCHLD, &oldsa, NULL); /* restore old signal handler */
++
++ return retval;
++}
+
+ /* This module saves the current crypted password in /etc/security/opasswd
+ and then compares the new password with all entries in this file. */
+@@ -109,7 +293,6 @@ parse_option (pam_handle_t *pamh, const
+ int
+ pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv)
+ {
+- struct passwd *pwd;
+ const char *newpass;
+ const char *user;
+ int retval, tries;
+@@ -154,31 +337,13 @@ pam_sm_chauthtok (pam_handle_t *pamh, in
+ return PAM_SUCCESS;
+ }
+
+- pwd = pam_modutil_getpwnam (pamh, user);
+- if (pwd == NULL)
+- return PAM_USER_UNKNOWN;
+-
+- if ((strcmp(pwd->pw_passwd, "x") == 0) ||
+- ((pwd->pw_passwd[0] == '#') &&
+- (pwd->pw_passwd[1] == '#') &&
+- (strcmp(pwd->pw_name, pwd->pw_passwd + 2) == 0)))
+- {
+- struct spwd *spw = pam_modutil_getspnam (pamh, user);
+- if (spw == NULL)
+- return PAM_USER_UNKNOWN;
++ retval = save_old_pass (pamh, user, options.remember, options.debug);
+
+- retval = save_old_pass (pamh, user, pwd->pw_uid, spw->sp_pwdp,
+- options.remember, options.debug);
+- if (retval != PAM_SUCCESS)
+- return retval;
+- }
+- else
+- {
+- retval = save_old_pass (pamh, user, pwd->pw_uid, pwd->pw_passwd,
+- options.remember, options.debug);
+- if (retval != PAM_SUCCESS)
+- return retval;
+- }
++ if (retval == PAM_PWHISTORY_RUN_HELPER)
++ retval = run_save_helper(pamh, user, options.remember, options.debug);
++
++ if (retval != PAM_SUCCESS)
++ return retval;
+
+ newpass = NULL;
+ tries = 0;
+@@ -207,8 +372,11 @@ pam_sm_chauthtok (pam_handle_t *pamh, in
+ if (options.debug)
+ pam_syslog (pamh, LOG_DEBUG, "check against old password file");
+
+- if (check_old_pass (pamh, user, newpass,
+- options.debug) != PAM_SUCCESS)
++ retval = check_old_pass (pamh, user, newpass, options.debug);
++ if (retval == PAM_PWHISTORY_RUN_HELPER)
++ retval = run_check_helper(pamh, user, newpass, options.debug);
++
++ if (retval != PAM_SUCCESS)
+ {
+ if (getuid() || options.enforce_for_root ||
+ (flags & PAM_CHANGE_EXPIRED_AUTHTOK))
+diff -up Linux-PAM-1.3.0/modules/pam_pwhistory/pwhistory_helper.c.pwhhelper Linux-PAM-1.3.0/modules/pam_pwhistory/pwhistory_helper.c
+--- Linux-PAM-1.3.0/modules/pam_pwhistory/pwhistory_helper.c.pwhhelper 2016-05-06 15:18:42.308637957 +0200
++++ Linux-PAM-1.3.0/modules/pam_pwhistory/pwhistory_helper.c 2016-05-06 15:18:42.308637957 +0200
+@@ -0,0 +1,209 @@
++/*
++ * Copyright (c) 2013 Red Hat, Inc.
++ * Author: Tomas Mraz <tmraz@redhat.com>
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, and the entire permission notice in its entirety,
++ * including the disclaimer of warranties.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in the
++ * documentation and/or other materials provided with the distribution.
++ * 3. The name of the author may not be used to endorse or promote
++ * products derived from this software without specific prior
++ * written permission.
++ *
++ * ALTERNATIVELY, this product may be distributed under the terms of
++ * the GNU Public License, in which case the provisions of the GPL are
++ * required INSTEAD OF the above restrictions. (This clause is
++ * necessary due to a potential bad interaction between the GPL and
++ * the restrictions contained in a BSD-style copyright.)
++ *
++ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
++ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
++ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
++ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
++ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
++ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ */
++
++#include "config.h"
++
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <syslog.h>
++#include <errno.h>
++#include <unistd.h>
++#include <signal.h>
++#include <security/_pam_types.h>
++#include <security/_pam_macros.h>
++#include "opasswd.h"
++
++#define MAXPASS 200
++
++static void
++su_sighandler(int sig)
++{
++#ifndef SA_RESETHAND
++ /* emulate the behaviour of the SA_RESETHAND flag */
++ if ( sig == SIGILL || sig == SIGTRAP || sig == SIGBUS || sig = SIGSERV ) {
++ struct sigaction sa;
++ memset(&sa, '\0', sizeof(sa));
++ sa.sa_handler = SIG_DFL;
++ sigaction(sig, &sa, NULL);
++ }
++#endif
++ if (sig > 0) {
++ _exit(sig);
++ }
++}
++
++static void
++setup_signals(void)
++{
++ struct sigaction action; /* posix signal structure */
++
++ /*
++ * Setup signal handlers
++ */
++ (void) memset((void *) &action, 0, sizeof(action));
++ action.sa_handler = su_sighandler;
++#ifdef SA_RESETHAND
++ action.sa_flags = SA_RESETHAND;
++#endif
++ (void) sigaction(SIGILL, &action, NULL);
++ (void) sigaction(SIGTRAP, &action, NULL);
++ (void) sigaction(SIGBUS, &action, NULL);
++ (void) sigaction(SIGSEGV, &action, NULL);
++ action.sa_handler = SIG_IGN;
++ action.sa_flags = 0;
++ (void) sigaction(SIGTERM, &action, NULL);
++ (void) sigaction(SIGHUP, &action, NULL);
++ (void) sigaction(SIGINT, &action, NULL);
++ (void) sigaction(SIGQUIT, &action, NULL);
++}
++
++static int
++read_passwords(int fd, int npass, char **passwords)
++{
++ int rbytes = 0;
++ int offset = 0;
++ int i = 0;
++ char *pptr;
++ while (npass > 0)
++ {
++ rbytes = read(fd, passwords[i]+offset, MAXPASS-offset);
++
++ if (rbytes < 0)
++ {
++ if (errno == EINTR) continue;
++ break;
++ }
++ if (rbytes == 0)
++ break;
++
++ while (npass > 0 && (pptr=memchr(passwords[i]+offset, '\0', rbytes))
++ != NULL)
++ {
++ rbytes -= pptr - (passwords[i]+offset) + 1;
++ i++;
++ offset = 0;
++ npass--;
++ if (rbytes > 0)
++ {
++ if (npass > 0)
++ memcpy(passwords[i], pptr+1, rbytes);
++ memset(pptr+1, '\0', rbytes);
++ }
++ }
++ offset += rbytes;
++ }
++
++ /* clear up */
++ if (offset > 0 && npass > 0)
++ memset(passwords[i], '\0', offset);
++
++ return i;
++}
++
++
++static int
++check_history(const char *user, const char *debug)
++{
++ char pass[MAXPASS + 1];
++ char *passwords[] = { pass };
++ int npass;
++ int dbg = atoi(debug); /* no need to be too fancy here */
++ int retval;
++
++ /* read the password from stdin (a pipe from the pam_pwhistory module) */
++ npass = read_passwords(STDIN_FILENO, 1, passwords);
++
++ if (npass != 1)
++ { /* is it a valid password? */
++ helper_log_err(LOG_DEBUG, "no password supplied");
++ return PAM_AUTHTOK_ERR;
++ }
++
++ retval = check_old_pass(user, pass, dbg);
++
++ memset(pass, '\0', MAXPASS); /* clear memory of the password */
++
++ return retval;
++}
++
++static int
++save_history(const char *user, const char *howmany, const char *debug)
++{
++ int num = atoi(howmany);
++ int dbg = atoi(debug); /* no need to be too fancy here */
++ int retval;
++
++ retval = save_old_pass(user, num, dbg);
++
++ return retval;
++}
++
++int
++main(int argc, char *argv[])
++{
++ const char *option;
++ const char *user;
++
++ /*
++ * Catch or ignore as many signal as possible.
++ */
++ setup_signals();
++
++ /*
++ * we establish that this program is running with non-tty stdin.
++ * this is to discourage casual use.
++ */
++
++ if (isatty(STDIN_FILENO) || argc < 4)
++ {
++ fprintf(stderr,
++ "This binary is not designed for running in this way.\n");
++ sleep(10); /* this should discourage/annoy the user */
++ return PAM_SYSTEM_ERR;
++ }
++
++ option = argv[1];
++ user = argv[2];
++
++ if (strcmp(option, "check") == 0 && argc == 4)
++ return check_history(user, argv[3]);
++ else if (strcmp(option, "save") == 0 && argc == 5)
++ return save_history(user, argv[3], argv[4]);
++
++ return PAM_SYSTEM_ERR;
++}
++
+diff -up Linux-PAM-1.3.0/modules/pam_pwhistory/pwhistory_helper.8.xml.pwhhelper Linux-PAM-1.3.0/modules/pam_pwhistory/pwhistory_helper.8.xml
+--- Linux-PAM-1.3.0/modules/pam_pwhistory/pwhistory_helper.8.xml.pwhhelper 2016-05-06 15:18:42.308637957 +0200
++++ Linux-PAM-1.3.0/modules/pam_pwhistory/pwhistory_helper.8.xml 2016-05-06 15:18:42.308637957 +0200
+@@ -0,0 +1,68 @@
++<?xml version="1.0" encoding='UTF-8'?>
++<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
++ "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
++
++<refentry id="pwhistory_helper">
++
++ <refmeta>
++ <refentrytitle>pwhistory_helper</refentrytitle>
++ <manvolnum>8</manvolnum>
++ <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
++ </refmeta>
++
++ <refnamediv id="pwhistory_helper-name">
++ <refname>pwhistory_helper</refname>
++ <refpurpose>Helper binary that transfers password hashes from passwd or shadow to opasswd</refpurpose>
++ </refnamediv>
++
++ <refsynopsisdiv>
++ <cmdsynopsis id="pwhistory_helper-cmdsynopsis">
++ <command>pwhistory_helper</command>
++ <arg choice="opt">
++ ...
++ </arg>
++ </cmdsynopsis>
++ </refsynopsisdiv>
++
++ <refsect1 id="pwhistory_helper-description">
++
++ <title>DESCRIPTION</title>
++
++ <para>
++ <emphasis>pwhistory_helper</emphasis> is a helper program for the
++ <emphasis>pam_pwhistory</emphasis> module that transfers password hashes
++ from passwd or shadow file to the opasswd file and checks a password
++ supplied by user against the existing hashes in the opasswd file.
++ </para>
++
++ <para>
++ The purpose of the helper is to enable tighter confinement of
++ login and password changing services. The helper is thus called only
++ when SELinux is enabled on the system.
++ </para>
++
++ <para>
++ The interface of the helper - command line options, and input/output
++ data format are internal to the <emphasis>pam_pwhistory</emphasis>
++ module and it should not be called directly from applications.
++ </para>
++ </refsect1>
++
++ <refsect1 id='pwhistory_helper-see_also'>
++ <title>SEE ALSO</title>
++ <para>
++ <citerefentry>
++ <refentrytitle>pam_pwhistory</refentrytitle><manvolnum>8</manvolnum>
++ </citerefentry>
++ </para>
++ </refsect1>
++
++ <refsect1 id='pwhistory_helper-author'>
++ <title>AUTHOR</title>
++ <para>
++ Written by Tomas Mraz based on the code originally in
++ <emphasis>pam_pwhistory and pam_unix</emphasis> modules.
++ </para>
++ </refsect1>
++
++</refentry>
diff --git a/source/a/pam/fedora-patches/pam-1.3.0-unix-nomsg.patch b/source/a/pam/fedora-patches/pam-1.3.0-unix-nomsg.patch
new file mode 100644
index 00000000..33c22677
--- /dev/null
+++ b/source/a/pam/fedora-patches/pam-1.3.0-unix-nomsg.patch
@@ -0,0 +1,16 @@
+diff -up Linux-PAM-1.3.0/modules/pam_unix/pam_unix_passwd.c.nomsg Linux-PAM-1.3.0/modules/pam_unix/pam_unix_passwd.c
+--- Linux-PAM-1.3.0/modules/pam_unix/pam_unix_passwd.c.nomsg 2016-04-11 13:08:47.000000000 +0200
++++ Linux-PAM-1.3.0/modules/pam_unix/pam_unix_passwd.c 2017-04-20 16:51:24.853106709 +0200
+@@ -687,12 +687,6 @@ pam_sm_chauthtok(pam_handle_t *pamh, int
+ return PAM_SUCCESS;
+ } else if (off(UNIX__IAMROOT, ctrl) ||
+ (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, user, 0, 1))) {
+- /* instruct user what is happening */
+- if (off(UNIX__QUIET, ctrl)) {
+- retval = pam_info(pamh, _("Changing password for %s."), user);
+- if (retval != PAM_SUCCESS)
+- return retval;
+- }
+ retval = pam_get_authtok(pamh, PAM_OLDAUTHTOK, &pass_old, NULL);
+
+ if (retval != PAM_SUCCESS) {
diff --git a/source/a/pam/fedora-patches/pam-1.3.1-coverity.patch b/source/a/pam/fedora-patches/pam-1.3.1-coverity.patch
new file mode 100644
index 00000000..cecf768f
--- /dev/null
+++ b/source/a/pam/fedora-patches/pam-1.3.1-coverity.patch
@@ -0,0 +1,185 @@
+diff --git a/libpam/pam_handlers.c b/libpam/pam_handlers.c
+index 106ef7c..b2e94c7 100644
+--- a/libpam/pam_handlers.c
++++ b/libpam/pam_handlers.c
+@@ -282,7 +282,6 @@ _pam_open_config_file(pam_handle_t *pamh
+ {
+ char *p;
+ FILE *f;
+- int err = 0;
+
+ /* Absolute path */
+ if (service[0] == '/') {
+diff --git a/libpam_misc/misc_conv.c b/libpam_misc/misc_conv.c
+index be53f34..07dce36 100644
+--- a/libpam_misc/misc_conv.c
++++ b/libpam_misc/misc_conv.c
+@@ -211,7 +211,7 @@ static int read_string(int echo, const char *prompt, char **retstr)
+ line[nc] = '\0';
+ }
+ *retstr = strdup(line);
+- _pam_overwrite(line);
++ _pam_overwrite_n(line, sizeof(line));
+ if (!*retstr) {
+ D(("no memory for response string"));
+ nc = -1;
+@@ -244,7 +244,7 @@ static int read_string(int echo, const char *prompt, char **retstr)
+ D(("the timer appears to have expired"));
+
+ *retstr = NULL;
+- _pam_overwrite(line);
++ _pam_overwrite_n(line, sizeof(line));
+
+ cleanexit:
+
+diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c
+index 80d885d..3801862 100644
+--- a/modules/pam_access/pam_access.c
++++ b/modules/pam_access/pam_access.c
+@@ -806,7 +806,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
+ const char *user=NULL;
+ const void *void_from=NULL;
+ const char *from;
+- const char const *default_config = PAM_ACCESS_CONFIG;
++ const char * const default_config = PAM_ACCESS_CONFIG;
+ struct passwd *user_pw;
+ char hostname[MAXHOSTNAMELEN + 1];
+ int rv;
+diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c
+index 4bc4ae7..f8476b4 100644
+--- a/modules/pam_limits/pam_limits.c
++++ b/modules/pam_limits/pam_limits.c
+@@ -342,7 +342,7 @@ static const char *lnames[RLIM_NLIMITS] = {
+ #endif
+ };
+
+-static int str2rlimit(char *name) {
++static int str2rlimit(const char *name) {
+ int i;
+ if (!name || *name == '\0')
+ return -1;
+@@ -352,7 +352,7 @@ static int str2rlimit(char *name) {
+ return -1;
+ }
+
+-static rlim_t str2rlim_t(char *value) {
++static rlim_t str2rlim_t(const char *value) {
+ unsigned long long rlimit = 0;
+
+ if (!value) return (rlim_t)rlimit;
+@@ -384,7 +384,7 @@ static void parse_kernel_limits(pam_handle_t *pamh, struct pam_limit_s *pl, int
+ FILE *limitsfile;
+ const char *proclimits = "/proc/1/limits";
+ char line[256];
+- char *units, *hard, *soft, *name;
++ const char *units, *hard, *soft, *name;
+
+ if (!(limitsfile = fopen(proclimits, "r"))) {
+ pam_syslog(pamh, LOG_WARNING, "Could not read %s (%s), using PAM defaults", proclimits, strerror(errno));
+diff --git a/modules/pam_loginuid/pam_loginuid.c b/modules/pam_loginuid/pam_loginuid.c
+index 96bfd98..66d202c 100644
+--- a/modules/pam_loginuid/pam_loginuid.c
++++ b/modules/pam_loginuid/pam_loginuid.c
+@@ -64,7 +64,7 @@ static int set_loginuid(pam_handle_t *pamh, uid_t uid)
+ fd = open("/proc/self/uid_map", O_RDONLY);
+ if (fd >= 0) {
+ count = pam_modutil_read(fd, uid_map, sizeof(uid_map));
+- if (strncmp(uid_map, host_uid_map, count) != 0)
++ if (count <= 0 || strncmp(uid_map, host_uid_map, count) != 0)
+ rc = PAM_IGNORE;
+ close(fd);
+ }
+diff --git a/modules/pam_mkhomedir/mkhomedir_helper.c b/modules/pam_mkhomedir/mkhomedir_helper.c
+index 9e204c1..4b8d6b7 100644
+--- a/modules/pam_mkhomedir/mkhomedir_helper.c
++++ b/modules/pam_mkhomedir/mkhomedir_helper.c
+@@ -232,6 +232,8 @@ create_homedir(const struct passwd *pwd,
+ {
+ pam_syslog(NULL, LOG_DEBUG,
+ "unable to open or stat src file %s: %m", newsource);
++ if (srcfd >= 0)
++ close(srcfd);
+ closedir(d);
+
+ #ifndef PATH_MAX
+diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c
+index f541f89..85f5efa 100644
+--- a/modules/pam_namespace/pam_namespace.c
++++ b/modules/pam_namespace/pam_namespace.c
+@@ -1418,6 +1418,7 @@ static int create_instance(struct polydir_s *polyptr, char *ipath, struct stat *
+ if (fstat(fd, &newstatbuf) < 0) {
+ pam_syslog(idata->pamh, LOG_ERR, "Error stating %s, %m",
+ ipath);
++ close(fd);
+ rmdir(ipath);
+ return PAM_SESSION_ERR;
+ }
+diff --git a/modules/pam_pwhistory/opasswd.c b/modules/pam_pwhistory/opasswd.c
+index e6cf346..813f579 100644
+--- a/modules/pam_pwhistory/opasswd.c
++++ b/modules/pam_pwhistory/opasswd.c
+@@ -326,6 +326,9 @@ save_old_pass (pam_handle_t *pamh, const char *user, uid_t uid,
+ n = strlen (buf);
+ #endif /* HAVE_GETLINE / HAVE_GETDELIM */
+
++ if (n < 1)
++ break;
++
+ cp = buf;
+ save = strdup (buf); /* Copy to write the original data back. */
+ if (save == NULL)
+@@ -336,9 +339,6 @@ save_old_pass (pam_handle_t *pamh, const char *user, uid_t uid,
+ goto error_opasswd;
+ }
+
+- if (n < 1)
+- break;
+-
+ tmp = strchr (cp, '#'); /* remove comments */
+ if (tmp)
+ *tmp = '\0';
+diff --git a/modules/pam_rootok/pam_rootok.c b/modules/pam_rootok/pam_rootok.c
+index 17baabe..a9d9140 100644
+--- a/modules/pam_rootok/pam_rootok.c
++++ b/modules/pam_rootok/pam_rootok.c
+@@ -66,14 +66,17 @@ log_callback (int type, const char *fmt, ...)
+ int audit_fd;
+ va_list ap;
+
+- va_start(ap, fmt);
+ #ifdef HAVE_LIBAUDIT
+ audit_fd = audit_open();
+
+ if (audit_fd >= 0) {
+ char *buf;
++ int ret;
+
+- if (vasprintf (&buf, fmt, ap) < 0)
++ va_start(ap, fmt);
++ ret = vasprintf (&buf, fmt, ap);
++ va_end(ap);
++ if (ret < 0)
+ return 0;
+ audit_log_user_avc_message(audit_fd, AUDIT_USER_AVC, buf, NULL, NULL,
+ NULL, 0);
+@@ -83,6 +86,7 @@ log_callback (int type, const char *fmt, ...)
+ }
+
+ #endif
++ va_start(ap, fmt);
+ vsyslog (LOG_USER | LOG_INFO, fmt, ap);
+ va_end(ap);
+ return 0;
+diff --git a/modules/pam_sepermit/pam_sepermit.c b/modules/pam_sepermit/pam_sepermit.c
+index c653290..f37af0f 100644
+--- a/modules/pam_sepermit/pam_sepermit.c
++++ b/modules/pam_sepermit/pam_sepermit.c
+@@ -353,7 +353,7 @@ sepermit_match(pam_handle_t *pamh, const char *cfgfile, const char *user,
+ if (*sense == PAM_SUCCESS) {
+ if (ignore)
+ *sense = PAM_IGNORE;
+- if (geteuid() == 0 && exclusive && get_loginuid(pamh) == -1)
++ if (geteuid() == 0 && exclusive && get_loginuid(pamh) == (uid_t)-1)
+ if (sepermit_lock(pamh, user, debug) < 0)
+ *sense = PAM_AUTH_ERR;
+ }
diff --git a/source/a/pam/fedora-patches/pam-1.3.1-motd-multiple-paths.patch b/source/a/pam/fedora-patches/pam-1.3.1-motd-multiple-paths.patch
new file mode 100644
index 00000000..a0b06981
--- /dev/null
+++ b/source/a/pam/fedora-patches/pam-1.3.1-motd-multiple-paths.patch
@@ -0,0 +1,755 @@
+diff --git a/modules/pam_motd/pam_motd.8.xml b/modules/pam_motd/pam_motd.8.xml
+index 906c4ed..4e2110c 100644
+--- a/modules/pam_motd/pam_motd.8.xml
++++ b/modules/pam_motd/pam_motd.8.xml
+@@ -21,6 +21,9 @@
+ <arg choice="opt">
+ motd=<replaceable>/path/filename</replaceable>
+ </arg>
++ <arg choice="opt">
++ motd_dir=<replaceable>/path/dirname.d</replaceable>
++ </arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+@@ -31,10 +34,49 @@
+ <para>
+ pam_motd is a PAM module that can be used to display
+ arbitrary motd (message of the day) files after a successful
+- login. By default the <filename>/etc/motd</filename> file is
+- shown. The message size is limited to 64KB.
++ login. By default, pam_motd shows files in the
++ following locations:
++ </para>
++ <para>
++ <simplelist type='vert'>
++ <member><filename>/etc/motd</filename></member>
++ <member><filename>/run/motd</filename></member>
++ <member><filename>/usr/lib/motd</filename></member>
++ <member><filename>/etc/motd.d/</filename></member>
++ <member><filename>/run/motd.d/</filename></member>
++ <member><filename>/usr/lib/motd.d/</filename></member>
++ </simplelist>
++ </para>
++ <para>
++ Each message size is limited to 64KB.
++ </para>
++ <para>
++ If <filename>/etc/motd</filename> does not exist,
++ then <filename>/run/motd</filename> is shown. If
++ <filename>/run/motd</filename> does not exist, then
++ <filename>/usr/lib/motd</filename> is shown.
++ </para>
++ <para>
++ Similar overriding behavior applies to the directories.
++ Files in <filename>/etc/motd.d/</filename> override files
++ with the same name in <filename>/run/motd.d/</filename> and
++ <filename>/usr/lib/motd.d/</filename>. Files in <filename>/run/motd.d/</filename>
++ override files with the same name in <filename>/usr/lib/motd.d/</filename>.
++ </para>
++ <para>
++ Files the in the directories listed above are displayed in
++ lexicographic order by name.
++ </para>
++ <para>
++ To silence a message,
++ a symbolic link with target <filename>/dev/null</filename>
++ may be placed in <filename>/etc/motd.d</filename> with
++ the same filename as the message to be silenced. Example:
++ Creating a symbolic link as follows silences <filename>/usr/lib/motd.d/my_motd</filename>.
++ </para>
++ <para>
++ <command>ln -s /dev/null /etc/motd.d/my_motd</command>
+ </para>
+-
+ </refsect1>
+
+ <refsect1 id="pam_motd-options">
+@@ -47,8 +89,10 @@
+ </term>
+ <listitem>
+ <para>
+- The <filename>/path/filename</filename> file is displayed
+- as message of the day.
++ The <filename>/path/filename</filename> file is displayed
++ as message of the day. Multiple paths to try can be
++ specified as a colon-separated list. By default this option
++ is set to <filename>/etc/motd:/run/motd:/usr/lib/motd</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
+@@ -59,16 +103,17 @@
+ <listitem>
+ <para>
+ The <filename>/path/dirname.d</filename> directory is scanned
+- and each file contained inside of it is displayed.
++ and each file contained inside of it is displayed. Multiple
++ directories to scan can be specified as a colon-separated list.
++ By default this option is set to <filename>/etc/motd.d:/run/motd.d:/usr/lib/motd.d</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ <para>
+- When no options are given, the default is to display both
+- <filename>/etc/motd</filename> and the contents of
+- <filename>/etc/motd.d</filename>. Specifying either option (or both)
+- will disable this default behavior.
++ When no options are given, the default behavior applies for both
++ options. Specifying either option (or both) will disable the
++ default behavior for both options.
+ </para>
+ </refsect1>
+
+diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c
+index cc828d7..ec3ebd5 100644
+--- a/modules/pam_motd/pam_motd.c
++++ b/modules/pam_motd/pam_motd.c
+@@ -33,8 +33,8 @@
+ */
+
+ #define PAM_SM_SESSION
+-#define DEFAULT_MOTD "/etc/motd"
+-#define DEFAULT_MOTD_D "/etc/motd.d"
++#define DEFAULT_MOTD "/etc/motd:/run/motd:/usr/lib/motd"
++#define DEFAULT_MOTD_D "/etc/motd.d:/run/motd.d:/usr/lib/motd.d"
+
+ #include <security/pam_modules.h>
+ #include <security/pam_modutil.h>
+@@ -97,12 +97,234 @@ static void try_to_display_directory(pam_handle_t *pamh, const char *dirname)
+ }
+ }
+
++/*
++ * Split a DELIM-separated string ARG into an array.
++ * Outputs a newly allocated array of strings OUT_ARG_SPLIT
++ * and the number of strings OUT_NUM_STRS.
++ * Returns 0 in case of error, 1 in case of success.
++ */
++static int pam_split_string(const pam_handle_t *pamh, char *arg, char delim,
++ char ***out_arg_split, uint *out_num_strs)
++{
++ char *arg_extracted = NULL;
++ const char *arg_ptr = arg;
++ char **arg_split = NULL;
++ char delim_str[2];
++ int i = 0;
++ uint num_strs = 0;
++ int retval = 0;
++
++ delim_str[0] = delim;
++ delim_str[1] = '\0';
++
++ if (arg == NULL) {
++ goto out;
++ }
++
++ while (arg_ptr != NULL) {
++ num_strs++;
++ arg_ptr = strchr(arg_ptr + sizeof(const char), delim);
++ }
++
++ arg_split = (char **)calloc(num_strs, sizeof(char *));
++ if (arg_split == NULL) {
++ pam_syslog(pamh, LOG_CRIT, "pam_motd: failed to allocate string array");
++ goto out;
++ }
++
++ arg_extracted = strtok_r(arg, delim_str, &arg);
++ while (arg_extracted != NULL && i < num_strs) {
++ arg_split[i++] = arg_extracted;
++ arg_extracted = strtok_r(NULL, delim_str, &arg);
++ }
++
++ retval = 1;
++
++ out:
++ *out_num_strs = num_strs;
++ *out_arg_split = arg_split;
++
++ return retval;
++}
++
++/* Join A_STR and B_STR, inserting a "/" between them if one is not already trailing
++ * in A_STR or beginning B_STR. A pointer to a newly allocated string holding the
++ * joined string is returned in STRP_OUT.
++ * Returns -1 in case of error, or the number of bytes in the joined string in
++ * case of success. */
++static int join_dir_strings(char **strp_out, const char *a_str, const char *b_str)
++{
++ int has_sep = 0;
++ int retval = -1;
++ char *join_strp = NULL;
++
++ if (strp_out == NULL || a_str == NULL || b_str == NULL) {
++ goto out;
++ }
++ if (strlen(a_str) == 0) {
++ goto out;
++ }
++
++ has_sep = (a_str[strlen(a_str) - 1] == '/') || (b_str[0] == '/');
++
++ retval = asprintf(&join_strp, "%s%s%s", a_str,
++ (has_sep == 1) ? "" : "/", b_str);
++
++ if (retval < 0) {
++ goto out;
++ }
++
++ *strp_out = join_strp;
++
++ out:
++ return retval;
++}
++
++static int compare_strings(const void * a, const void * b)
++{
++ const char *a_str = *(char **)a;
++ const char *b_str = *(char **)b;
++
++ if (a_str == NULL && b_str == NULL) {
++ return 0;
++ }
++ else if (a_str == NULL) {
++ return -1;
++ }
++ else if (b_str == NULL) {
++ return 1;
++ }
++ else {
++ return strcmp(a_str, b_str);
++ }
++}
++
++static int filter_dirents(const struct dirent *d)
++{
++ return (d->d_type == DT_REG || d->d_type == DT_LNK);
++}
++
++static void try_to_display_directories_with_overrides(pam_handle_t *pamh,
++ char **motd_dir_path_split, int num_motd_dirs)
++{
++ struct dirent ***dirscans = NULL;
++ int *dirscans_sizes = NULL;
++ int dirscans_size_total = 0;
++ char **dirnames_all = NULL;
++ int i;
++ int i_dirnames = 0;
++
++ if (pamh == NULL || motd_dir_path_split == NULL) {
++ goto out;
++ }
++ if (num_motd_dirs < 1) {
++ goto out;
++ }
++
++ if ((dirscans = (struct dirent ***)calloc(num_motd_dirs,
++ sizeof(struct dirent **))) == NULL) {
++ pam_syslog(pamh, LOG_CRIT, "pam_motd: failed to allocate dirent arrays");
++ goto out;
++ }
++ if ((dirscans_sizes = (int *)calloc(num_motd_dirs, sizeof(int))) == NULL) {
++ pam_syslog(pamh, LOG_CRIT, "pam_motd: failed to allocate dirent array sizes");
++ goto out;
++ }
++
++ for (i = 0; i < num_motd_dirs; i++) {
++ dirscans_sizes[i] = scandir(motd_dir_path_split[i], &(dirscans[i]),
++ filter_dirents, alphasort);
++ if (dirscans_sizes[i] < 0) {
++ pam_syslog(pamh, LOG_ERR, "pam_motd: error scanning directory %s", motd_dir_path_split[i]);
++ dirscans_sizes[i] = 0;
++ }
++ dirscans_size_total += dirscans_sizes[i];
++ }
++
++ /* Allocate space for all file names found in the directories, including duplicates. */
++ if ((dirnames_all = (char **)calloc(dirscans_size_total,
++ sizeof(char *))) == NULL) {
++ pam_syslog(pamh, LOG_CRIT, "pam_motd: failed to allocate dirname array");
++ goto out;
++ }
++
++ for (i = 0; i < dirscans_size_total; i++) {
++ dirnames_all[i] = NULL;
++ }
++
++ for (i = 0; i < num_motd_dirs; i++) {
++ int j;
++
++ for (j = 0; j < dirscans_sizes[i]; j++) {
++ dirnames_all[i_dirnames] = dirscans[i][j]->d_name;
++ i_dirnames++;
++ }
++ }
++
++ qsort(dirnames_all, dirscans_size_total,
++ sizeof(const char *), compare_strings);
++
++ for (i = 0; i < dirscans_size_total; i++) {
++ int j;
++
++ if (dirnames_all[i] == NULL) {
++ continue;
++ }
++
++ /* Skip duplicate file names. */
++ if (i > 0 && strcmp(dirnames_all[i], dirnames_all[i - 1]) == 0) {
++ continue;
++ }
++
++ for (j = 0; j < num_motd_dirs; j++) {
++ char *abs_path = NULL;
++
++ if (join_dir_strings(&abs_path, motd_dir_path_split[j],
++ dirnames_all[i]) < 0) {
++ continue;
++ }
++
++ if (abs_path != NULL) {
++ int fd = open(abs_path, O_RDONLY, 0);
++ if (fd >= 0) {
++ try_to_display_fd(pamh, fd);
++ close(fd);
++
++ /* We displayed a file, skip to the next file name. */
++ break;
++ }
++ }
++ _pam_drop(abs_path);
++ }
++ }
++
++ out:
++ _pam_drop(dirnames_all);
++ for (i = 0; i < num_motd_dirs; i++) {
++ int j;
++ for (j = 0; j < dirscans_sizes[i]; j++) {
++ _pam_drop(dirscans[i][j]);
++ }
++ _pam_drop(dirscans[i]);
++ }
++ _pam_drop(dirscans_sizes);
++ _pam_drop(dirscans);
++
++ return;
++}
++
+ int pam_sm_open_session(pam_handle_t *pamh, int flags,
+ int argc, const char **argv)
+ {
+ int retval = PAM_IGNORE;
+ const char *motd_path = NULL;
++ char *motd_path_copy = NULL;
++ int num_motd_paths = 0;
++ char **motd_path_split = NULL;
+ const char *motd_dir_path = NULL;
++ char *motd_dir_path_copy = NULL;
++ int num_motd_dir_paths = 0;
++ char **motd_dir_path_split = NULL;
+
+ if (flags & PAM_SILENT) {
+ return retval;
+@@ -141,16 +363,52 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags,
+ }
+
+ if (motd_path != NULL) {
+- int fd = open(motd_path, O_RDONLY, 0);
++ motd_path_copy = strdup(motd_path);
++ }
++
++ if (motd_path_copy != NULL) {
++ if (pam_split_string(pamh, motd_path_copy, ':',
++ &motd_path_split, &num_motd_paths) == 0) {
++ goto out;
++ }
++ }
++
++ if (motd_dir_path != NULL) {
++ motd_dir_path_copy = strdup(motd_dir_path);
++ }
+
+- if (fd >= 0) {
+- try_to_display_fd(pamh, fd);
+- close(fd);
++ if (motd_dir_path_copy != NULL) {
++ if (pam_split_string(pamh, motd_dir_path_copy, ':',
++ &motd_dir_path_split, &num_motd_dir_paths) == 0) {
++ goto out;
+ }
+ }
+
+- if (motd_dir_path != NULL)
+- try_to_display_directory(pamh, motd_dir_path);
++ if (motd_path_split != NULL) {
++ int i;
++
++ for (i = 0; i < num_motd_paths; i++) {
++ int fd = open(motd_path_split[i], O_RDONLY, 0);
++
++ if (fd >= 0) {
++ try_to_display_fd(pamh, fd);
++ close(fd);
++
++ /* We found and displayed a file, move onto next filename. */
++ break;
++ }
++ }
++ }
++
++ if (motd_dir_path_split != NULL)
++ try_to_display_directories_with_overrides(pamh, motd_dir_path_split,
++ num_motd_dir_paths);
++
++ out:
++ _pam_drop(motd_path_copy);
++ _pam_drop(motd_path_split);
++ _pam_drop(motd_dir_path_copy);
++ _pam_drop(motd_dir_path_split);
+
+ return retval;
+ }
+diff --git a/xtests/Makefile.am b/xtests/Makefile.am
+index a6d6f8d..4d5aba3 100644
+--- a/xtests/Makefile.am
++++ b/xtests/Makefile.am
+@@ -32,7 +32,10 @@ EXTRA_DIST = run-xtests.sh tst-pam_dispatch1.pamd tst-pam_dispatch2.pamd \
+ tst-pam_substack5.pamd tst-pam_substack5a.pamd tst-pam_substack5.sh \
+ tst-pam_assemble_line1.pamd tst-pam_assemble_line1.sh \
+ tst-pam_pwhistory1.pamd tst-pam_pwhistory1.sh \
+- tst-pam_time1.pamd time.conf
++ tst-pam_time1.pamd time.conf \
++ tst-pam_motd.sh tst-pam_motd1.sh tst-pam_motd2.sh \
++ tst-pam_motd3.sh tst-pam_motd4.sh tst-pam_motd1.pamd \
++ tst-pam_motd2.pamd tst-pam_motd3.pamd tst-pam_motd4.pamd
+
+ XTESTS = tst-pam_dispatch1 tst-pam_dispatch2 tst-pam_dispatch3 \
+ tst-pam_dispatch4 tst-pam_dispatch5 \
+@@ -41,7 +44,7 @@ XTESTS = tst-pam_dispatch1 tst-pam_dispatch2 tst-pam_dispatch3 \
+ tst-pam_access1 tst-pam_access2 tst-pam_access3 \
+ tst-pam_access4 tst-pam_limits1 tst-pam_succeed_if1 \
+ tst-pam_group1 tst-pam_authfail tst-pam_authsucceed \
+- tst-pam_pwhistory1 tst-pam_time1
++ tst-pam_pwhistory1 tst-pam_time1 tst-pam_motd
+
+ NOSRCTESTS = tst-pam_substack1 tst-pam_substack2 tst-pam_substack3 \
+ tst-pam_substack4 tst-pam_substack5 tst-pam_assemble_line1
+diff --git a/xtests/tst-pam_motd.c b/xtests/tst-pam_motd.c
+new file mode 100644
+index 0000000..bba2f9d
+--- /dev/null
++++ b/xtests/tst-pam_motd.c
+@@ -0,0 +1,69 @@
++/*
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, and the entire permission notice in its entirety,
++ * including the disclaimer of warranties.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in the
++ * documentation and/or other materials provided with the distribution.
++ * 3. The name of the author may not be used to endorse or promote
++ * products derived from this software without specific prior
++ * written permission.
++ *
++ * ALTERNATIVELY, this product may be distributed under the terms of
++ * the GNU Public License, in which case the provisions of the GPL are
++ * required INSTEAD OF the above restrictions. (This clause is
++ * necessary due to a potential bad interaction between the GPL and
++ * the restrictions contained in a BSD-style copyright.)
++ *
++ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
++ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
++ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
++ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
++ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
++ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ */
++
++#ifdef HAVE_CONFIG_H
++#include <config.h>
++#endif
++
++#include <stdio.h>
++#include <stdlib.h>
++#include <security/pam_appl.h>
++#include <security/pam_misc.h>
++
++static struct pam_conv conv = {
++ misc_conv,
++ NULL
++};
++
++int main(int argc, char *argv[])
++{
++ pam_handle_t *pamh=NULL;
++ char *tst_arg = NULL;
++ int retval;
++
++ if (argc > 1)
++ tst_arg = argv[1];
++
++ retval = pam_start(tst_arg, NULL, &conv, &pamh);
++
++ retval = pam_open_session(pamh, 0);
++
++ retval = pam_close_session(pamh, 0);
++
++ if (pam_end(pamh,retval) != PAM_SUCCESS) { /* close Linux-PAM */
++ pamh = NULL;
++ exit(1);
++ }
++
++ return ( retval == PAM_SUCCESS ? 0:1 ); /* indicate success */
++}
+diff --git a/xtests/tst-pam_motd.sh b/xtests/tst-pam_motd.sh
+new file mode 100755
+index 0000000..9080128
+--- /dev/null
++++ b/xtests/tst-pam_motd.sh
+@@ -0,0 +1,8 @@
++#!/bin/bash
++
++set -e
++
++./tst-pam_motd1.sh
++./tst-pam_motd2.sh
++./tst-pam_motd3.sh
++./tst-pam_motd4.sh
+diff --git a/xtests/tst-pam_motd1.pamd b/xtests/tst-pam_motd1.pamd
+new file mode 100644
+index 0000000..ddea82c
+--- /dev/null
++++ b/xtests/tst-pam_motd1.pamd
+@@ -0,0 +1,3 @@
++#%PAM-1.0
++session required pam_permit.so
++session optional pam_motd.so motd=tst-pam_motd1.d/etc/motd motd_dir=tst-pam_motd1.d/etc/motd.d
+diff --git a/xtests/tst-pam_motd1.sh b/xtests/tst-pam_motd1.sh
+new file mode 100755
+index 0000000..cc88854
+--- /dev/null
++++ b/xtests/tst-pam_motd1.sh
+@@ -0,0 +1,36 @@
++#!/bin/bash
++
++TST_DIR="tst-pam_motd1.d"
++
++function tst_cleanup() {
++ rm -rf "${TST_DIR}"
++ rm -f tst-pam_motd1.out
++}
++
++mkdir -p ${TST_DIR}
++mkdir -p ${TST_DIR}/etc/motd.d
++
++# Verify the case of single motd and motd.d directory works
++echo "motd: /etc/motd" > ${TST_DIR}/etc/motd
++echo "motd: /etc/motd.d/test" > ${TST_DIR}/etc/motd.d/test
++
++./tst-pam_motd tst-pam_motd1 > tst-pam_motd1.out
++
++RET=$?
++
++motd_to_show_output=$(cat tst-pam_motd1.out | grep "motd: /etc/motd")
++if [ -z "${motd_to_show_output}" ];
++then
++ tst_cleanup
++ exit 1
++fi
++
++motd_dir_to_show_output=$(cat tst-pam_motd1.out | grep "motd: /etc/motd.d/test")
++if [ -z "${motd_dir_to_show_output}" ];
++then
++ tst_cleanup
++ exit 1
++fi
++
++tst_cleanup
++exit $RET
+diff --git a/xtests/tst-pam_motd2.pamd b/xtests/tst-pam_motd2.pamd
+new file mode 100644
+index 0000000..8200191
+--- /dev/null
++++ b/xtests/tst-pam_motd2.pamd
+@@ -0,0 +1,3 @@
++#%PAM-1.0
++session required pam_permit.so
++session optional pam_motd.so motd=tst-pam_motd2.d/etc/motd:tst-pam_motd2.d/run/motd:tst-pam_motd2.d/usr/lib/motd motd_dir=tst-pam_motd2.d/etc/motd.d:tst-pam_motd2.d/run/motd.d:tst-pam_motd2.d/usr/lib/motd.d
+diff --git a/xtests/tst-pam_motd2.sh b/xtests/tst-pam_motd2.sh
+new file mode 100755
+index 0000000..d26ea92
+--- /dev/null
++++ b/xtests/tst-pam_motd2.sh
+@@ -0,0 +1,53 @@
++#!/bin/bash
++
++TST_DIR="tst-pam_motd2.d"
++
++function tst_cleanup() {
++ rm -rf "${TST_DIR}"
++ rm -f tst-pam_motd2.out
++}
++
++mkdir -p ${TST_DIR}
++mkdir -p ${TST_DIR}/etc/motd.d
++mkdir -p ${TST_DIR}/run/motd.d
++mkdir -p ${TST_DIR}/usr/lib/motd.d
++
++echo "motd: /etc/motd" > ${TST_DIR}/etc/motd
++echo "motd: /run/motd" > ${TST_DIR}/run/motd
++echo "motd: /usr/lib/motd" > ${TST_DIR}/usr/lib/motd
++
++# Drop a motd file in test directories such that every overriding
++# condition (for 3 directories in this case) will be seen.
++echo "motd: e0r0u1 in usr/lib - will show" > ${TST_DIR}/usr/lib/motd.d/e0r0u1.motd
++echo "motd: e0r1u0 in run - will show" > ${TST_DIR}/run/motd.d/e0r1u0.motd
++echo "motd: e0r1u1 in usr/lib - not show" > ${TST_DIR}/usr/lib/motd.d/e0r1u1.motd
++echo "motd: e0r1u1 in run - will show" > ${TST_DIR}/run/motd.d/e0r1u1.motd
++echo "motd: e1r0u0 in etc - will show" > ${TST_DIR}/etc/motd.d/e1r0u0.motd
++echo "motd: e1r0u1 in usr/lib - not show" > ${TST_DIR}/usr/lib/motd.d/e1r0u1.motd
++echo "motd: e1r0u1 in etc - will show" > ${TST_DIR}/etc/motd.d/e1r0u1.motd
++echo "motd: e1r1u0 in run - not show" > ${TST_DIR}/run/motd.d/e1r1u0.motd
++echo "motd: e1r1u0 in etc - will show" > ${TST_DIR}/etc/motd.d/e1r1u0.motd
++echo "motd: e1r1u1 in usr/lib - not show" > ${TST_DIR}/usr/lib/motd.d/e1r1u1.motd
++echo "motd: e1r1u1 in run - not show" > ${TST_DIR}/run/motd.d/e1r1u1.motd
++echo "motd: e1r1u1 in etc - will show" > ${TST_DIR}/etc/motd.d/e1r1u1.motd
++
++./tst-pam_motd tst-pam_motd2 > tst-pam_motd2.out
++
++RET=$?
++
++motd_to_show_output=$(cat tst-pam_motd2.out | grep "motd: /etc/motd")
++if [ -z "${motd_to_show_output}" ];
++then
++ tst_cleanup
++ exit 1
++fi
++
++motd_dir_not_show_output=$(cat tst-pam_motd2.out | grep "not show")
++if [ -n "${motd_dir_not_show_output}" ];
++then
++ tst_cleanup
++ exit 1
++fi
++
++tst_cleanup
++exit $RET
+diff --git a/xtests/tst-pam_motd3.pamd b/xtests/tst-pam_motd3.pamd
+new file mode 100644
+index 0000000..a8b8cbf
+--- /dev/null
++++ b/xtests/tst-pam_motd3.pamd
+@@ -0,0 +1,3 @@
++#%PAM-1.0
++session required pam_permit.so
++session optional pam_motd.so motd=tst-pam_motd3.d/etc/motd:tst-pam_motd3.d/run/motd:tst-pam_motd3.d/usr/lib/motd motd_dir=tst-pam_motd3.d/etc/motd.d:tst-pam_motd3.d/run/motd.d:tst-pam_motd3.d/usr/lib/motd.d
+diff --git a/xtests/tst-pam_motd3.sh b/xtests/tst-pam_motd3.sh
+new file mode 100755
+index 0000000..e18856b
+--- /dev/null
++++ b/xtests/tst-pam_motd3.sh
+@@ -0,0 +1,53 @@
++#!/bin/bash
++
++TST_DIR="tst-pam_motd3.d"
++
++function tst_cleanup() {
++ rm -rf "${TST_DIR}"
++ rm -f tst-pam_motd3.out
++}
++
++mkdir -p ${TST_DIR}
++mkdir -p ${TST_DIR}/etc/motd.d
++mkdir -p ${TST_DIR}/run/motd.d
++mkdir -p ${TST_DIR}/usr/lib/motd.d
++
++# Verify motd is still displayed when not overridden
++echo "motd: test-show in run - show" > ${TST_DIR}/run/motd.d/test-show.motd
++
++# Test overridden by a symlink to a file that isn't /dev/null; symlink target should show
++echo "motd: hidden-by-symlink in usr/lib - not show" > ${TST_DIR}/usr/lib/motd.d/hidden-by-symlink.motd
++echo "motd: test-from-symlink - show" > ${TST_DIR}/test-from-symlink.motd
++ln -sr ${TST_DIR}/test-from-symlink.motd ${TST_DIR}/run/motd.d/hidden-by-symlink.motd
++
++# Test hidden by a null symlink
++echo "motd: hidden-by-null-symlink in run - not show" > ${TST_DIR}/run/motd.d/hidden-by-null-symlink.motd
++ln -s /dev/null ${TST_DIR}/etc/motd.d/hidden-by-null-symlink.motd
++
++./tst-pam_motd tst-pam_motd3 > tst-pam_motd3.out
++
++RET=$?
++
++motd_dir_not_show_output=$(cat tst-pam_motd3.out | grep "not show")
++if [ -n "${motd_dir_not_show_output}" ];
++then
++ tst_cleanup
++ exit 1
++fi
++
++motd_test_show_output=$(cat tst-pam_motd3.out | grep "test-show.*- show")
++if [ -z "${motd_test_show_output}" ];
++then
++ tst_cleanup
++ exit 1
++fi
++
++motd_general_symlink_show_output=$(cat tst-pam_motd3.out | grep "test-from-symlink.*- show")
++if [ -z "${motd_general_symlink_show_output}" ];
++then
++ tst_cleanup
++ exit 1
++fi
++
++tst_cleanup
++exit $RET
+diff --git a/xtests/tst-pam_motd4.pamd b/xtests/tst-pam_motd4.pamd
+new file mode 100644
+index 0000000..9dc311a
+--- /dev/null
++++ b/xtests/tst-pam_motd4.pamd
+@@ -0,0 +1,3 @@
++#%PAM-1.0
++session required pam_permit.so
++session optional pam_motd.so motd=tst-pam_motd4.d/etc/motd
+diff --git a/xtests/tst-pam_motd4.sh b/xtests/tst-pam_motd4.sh
+new file mode 100755
+index 0000000..6022177
+--- /dev/null
++++ b/xtests/tst-pam_motd4.sh
+@@ -0,0 +1,27 @@
++#!/bin/bash
++
++TST_DIR="tst-pam_motd4.d"
++
++function tst_cleanup() {
++ rm -rf "${TST_DIR}"
++ rm -f tst-pam_motd4.out
++}
++
++mkdir -p ${TST_DIR}/etc
++
++# Verify the case of single motd with no motd_dir given in tst-pam_motd4.pamd
++echo "motd: /etc/motd" > ${TST_DIR}/etc/motd
++
++./tst-pam_motd tst-pam_motd4 > tst-pam_motd4.out
++
++RET=$?
++
++motd_to_show_output=$(cat tst-pam_motd4.out | grep "motd: /etc/motd")
++if [ -z "${motd_to_show_output}" ];
++then
++ tst_cleanup
++ exit 1
++fi
++
++tst_cleanup
++exit $RET
diff --git a/source/a/pam/fedora-patches/pam-1.3.1-noflex.patch b/source/a/pam/fedora-patches/pam-1.3.1-noflex.patch
new file mode 100644
index 00000000..c65d2253
--- /dev/null
+++ b/source/a/pam/fedora-patches/pam-1.3.1-noflex.patch
@@ -0,0 +1,24 @@
+diff -up Linux-PAM-1.3.1/doc/Makefile.am.noflex Linux-PAM-1.3.1/doc/Makefile.am
+--- Linux-PAM-1.3.1/doc/Makefile.am.noflex 2017-02-10 11:10:15.000000000 +0100
++++ Linux-PAM-1.3.1/doc/Makefile.am 2018-05-18 14:53:50.300997606 +0200
+@@ -2,7 +2,7 @@
+ # Copyright (c) 2005, 2006 Thorsten Kukuk <kukuk@suse.de>
+ #
+
+-SUBDIRS = man specs sag adg mwg
++SUBDIRS = man sag adg mwg
+
+ CLEANFILES = *~
+
+diff -up Linux-PAM-1.3.1/Makefile.am.noflex Linux-PAM-1.3.1/Makefile.am
+--- Linux-PAM-1.3.1/Makefile.am.noflex 2018-05-18 14:53:50.301997629 +0200
++++ Linux-PAM-1.3.1/Makefile.am 2018-05-18 14:55:31.576353800 +0200
+@@ -4,7 +4,7 @@
+
+ AUTOMAKE_OPTIONS = 1.9 gnu dist-bzip2 dist-xz check-news
+
+-SUBDIRS = libpam tests libpamc libpam_misc modules po conf doc examples xtests
++SUBDIRS = libpam tests libpamc libpam_misc modules po doc examples xtests
+
+ CLEANFILES = *~
+
diff --git a/source/a/pam/fedora-patches/pam-1.3.1-redhat-modules.patch b/source/a/pam/fedora-patches/pam-1.3.1-redhat-modules.patch
new file mode 100644
index 00000000..4d3f3741
--- /dev/null
+++ b/source/a/pam/fedora-patches/pam-1.3.1-redhat-modules.patch
@@ -0,0 +1,78 @@
+diff -up Linux-PAM-1.3.1/configure.ac.redhat-modules Linux-PAM-1.3.1/configure.ac
+--- Linux-PAM-1.3.1/configure.ac.redhat-modules 2018-05-18 12:57:57.000000000 +0200
++++ Linux-PAM-1.3.1/configure.ac 2018-11-26 12:58:14.623545121 +0100
+@@ -611,10 +611,12 @@ AC_CONFIG_FILES([Makefile libpam/Makefil
+ libpam_misc/Makefile conf/Makefile conf/pam_conv1/Makefile \
+ po/Makefile.in \
+ modules/Makefile \
++ modules/pam_chroot/Makefile modules/pam_console/Makefile \
++ modules/pam_postgresok/Makefile \
+ modules/pam_access/Makefile modules/pam_cracklib/Makefile \
+ modules/pam_debug/Makefile modules/pam_deny/Makefile \
+ modules/pam_echo/Makefile modules/pam_env/Makefile \
+- modules/pam_faildelay/Makefile \
++ modules/pam_faildelay/Makefile modules/pam_faillock/Makefile \
+ modules/pam_filter/Makefile modules/pam_filter/upperLOWER/Makefile \
+ modules/pam_ftp/Makefile modules/pam_group/Makefile \
+ modules/pam_issue/Makefile modules/pam_keyinit/Makefile \
+diff -up Linux-PAM-1.3.1/doc/sag/pam_faillock.xml.redhat-modules Linux-PAM-1.3.1/doc/sag/pam_faillock.xml
+--- Linux-PAM-1.3.1/doc/sag/pam_faillock.xml.redhat-modules 2018-11-26 12:58:14.623545121 +0100
++++ Linux-PAM-1.3.1/doc/sag/pam_faillock.xml 2018-11-26 12:58:14.623545121 +0100
+@@ -0,0 +1,38 @@
++<?xml version='1.0' encoding='UTF-8'?>
++<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
++ "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
++<section id='sag-pam_faillock'>
++ <title>pam_faillock - temporarily locking access based on failed authentication attempts during an interval</title>
++ <cmdsynopsis>
++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
++ href="../../modules/pam_faillock/pam_faillock.8.xml" xpointer='xpointer(//cmdsynopsis[@id = "pam_faillock-cmdsynopsisauth"]/*)'/>
++ </cmdsynopsis>
++ <cmdsynopsis>
++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
++ href="../../modules/pam_faillock/pam_faillock.8.xml" xpointer='xpointer(//cmdsynopsis[@id = "pam_faillock-cmdsynopsisacct"]/*)'/>
++ </cmdsynopsis>
++ <section id='sag-pam_faillock-description'>
++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
++ href="../../modules/pam_faillock/pam_faillock.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faillock-description"]/*)'/>
++ </section>
++ <section id='sag-pam_faillock-options'>
++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
++ href="../../modules/pam_faillock/pam_faillock.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faillock-options"]/*)'/>
++ </section>
++ <section id='sag-pam_faillock-types'>
++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
++ href="../../modules/pam_faillock/pam_faillock.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faillock-types"]/*)'/>
++ </section>
++ <section id='sag-pam_faillock-return_values'>
++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
++ href="../../modules/pam_faillock/pam_faillock.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faillock-return_values"]/*)'/>
++ </section>
++ <section id='sag-pam_faillock-examples'>
++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
++ href="../../modules/pam_faillock/pam_faillock.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faillock-examples"]/*)'/>
++ </section>
++ <section id='sag-pam_faillock-author'>
++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
++ href="../../modules/pam_faillock/pam_faillock.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faillock-author"]/*)'/>
++ </section>
++</section>
+diff -up Linux-PAM-1.3.1/modules/Makefile.am.redhat-modules Linux-PAM-1.3.1/modules/Makefile.am
+--- Linux-PAM-1.3.1/modules/Makefile.am.redhat-modules 2017-02-10 11:10:15.000000000 +0100
++++ Linux-PAM-1.3.1/modules/Makefile.am 2018-11-26 12:58:14.623545121 +0100
+@@ -3,13 +3,14 @@
+ #
+
+ SUBDIRS = pam_access pam_cracklib pam_debug pam_deny pam_echo \
++ pam_chroot pam_console pam_postgresok pam_faillock \
+ pam_env pam_exec pam_faildelay pam_filter pam_ftp \
+ pam_group pam_issue pam_keyinit pam_lastlog pam_limits \
+ pam_listfile pam_localuser pam_loginuid pam_mail \
+ pam_mkhomedir pam_motd pam_namespace pam_nologin \
+ pam_permit pam_pwhistory pam_rhosts pam_rootok pam_securetty \
+ pam_selinux pam_sepermit pam_shells pam_stress \
+- pam_succeed_if pam_tally pam_tally2 pam_time pam_timestamp \
++ pam_succeed_if pam_time pam_timestamp \
+ pam_tty_audit pam_umask \
+ pam_unix pam_userdb pam_warn pam_wheel pam_xauth
+
diff --git a/source/a/pam/fedora-patches/pam-1.3.1-unix-bcrypt_b.patch b/source/a/pam/fedora-patches/pam-1.3.1-unix-bcrypt_b.patch
new file mode 100644
index 00000000..bff9d47e
--- /dev/null
+++ b/source/a/pam/fedora-patches/pam-1.3.1-unix-bcrypt_b.patch
@@ -0,0 +1,34 @@
+From f7abb8c1ef3aa31e6c2564a8aaf69683a77c2016 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
+Date: Thu, 15 Nov 2018 15:01:57 +0100
+Subject: [PATCH] pam_unix: Use bcrypt b-variant for computing new hashes.
+
+Bcrypt hashes used the "$2a$" prefix since 1997.
+However, in 2011 an implementation bug was discovered in bcrypt
+affecting the handling of characters in passphrases with the 8th
+bit set.
+
+Besides fixing the bug, OpenBSD 5.5 introduced the "$2b$" prefix
+for a behavior that exactly matches crypt_blowfish's "$2y$", and
+the crypt_blowfish implementation supports it as well since v1.1.
+
+That said new computed bcrypt hashes should use the "$2b$" prefix.
+
+* modules/pam_unix/passverify.c: Use bcrypt b-variant.
+---
+ modules/pam_unix/passverify.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
+index 9c1771e2..1f433b3a 100644
+--- a/modules/pam_unix/passverify.c
++++ b/modules/pam_unix/passverify.c
+@@ -385,7 +385,7 @@ PAMH_ARG_DECL(char * create_password_hash,
+ /* algoid = "$1" */
+ return crypt_md5_wrapper(password);
+ } else if (on(UNIX_BLOWFISH_PASS, ctrl)) {
+- algoid = "$2a$";
++ algoid = "$2b$";
+ } else if (on(UNIX_SHA256_PASS, ctrl)) {
+ algoid = "$5$";
+ } else if (on(UNIX_SHA512_PASS, ctrl)) {
diff --git a/source/a/pam/fedora-patches/pam-1.3.1-unix-checksalt_syslog.patch b/source/a/pam/fedora-patches/pam-1.3.1-unix-checksalt_syslog.patch
new file mode 100644
index 00000000..5cbc35b0
--- /dev/null
+++ b/source/a/pam/fedora-patches/pam-1.3.1-unix-checksalt_syslog.patch
@@ -0,0 +1,73 @@
+From 86eed7ca01864b9fd17099e57f10f2b9b6b568a1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
+Date: Mon, 26 Nov 2018 22:33:17 +0100
+Subject: [PATCH] pam_unix: Report unusable hashes found by checksalt to
+ syslog.
+
+libxcrypt can be build-time configured to support (or not support)
+various hashing methods. Future versions will also have support for
+runtime configuration by the system's vendor and/or administrator.
+
+For that reason adminstrator should be notified by pam if users cannot
+log into their account anymore because of such a change in the system's
+configuration of libxcrypt.
+
+Also check for malformed hashes, like descrypt hashes starting with
+"$2...", which might have been generated by unsafe base64 encoding
+functions as used in glibc <= 2.16.
+Such hashes are likely to be rejected by many recent implementations
+of libcrypt.
+
+* modules/pam_unix/passverify.c (verify_pwd_hash): Report unusable
+hashes found by checksalt to syslog.
+---
+ modules/pam_unix/passverify.c | 36 +++++++++++++++++++++++++++++++++++
+ 1 file changed, 36 insertions(+)
+
+diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
+index eb2444bb..2c808eb5 100644
+--- a/modules/pam_unix/passverify.c
++++ b/modules/pam_unix/passverify.c
+@@ -103,6 +103,42 @@ verify_pwd_hash(const char *p, char *hash, unsigned int nullok)
+ * Ok, we don't know the crypt algorithm, but maybe
+ * libcrypt knows about it? We should try it.
+ */
++#if defined(CRYPT_CHECKSALT_AVAILABLE) && CRYPT_CHECKSALT_AVAILABLE
++ /* Get the status of the hash from checksalt */
++ int retval_checksalt = crypt_checksalt(hash);
++
++ /*
++ * Check for hashing methods that are disabled by
++ * libcrypt configuration and/or system preset.
++ */
++ if (retval_checksalt == CRYPT_SALT_METHOD_DISABLED) {
++ /*
++ * pam_syslog() needs a pam handle,
++ * but that's not available here.
++ */
++ helper_log_err(LOG_ERR,
++ "pam_unix(verify_pwd_hash): The method "
++ "for computing the hash \"%.6s\" has been "
++ "disabled in libcrypt by the preset from "
++ "the system's vendor and/or administrator.",
++ hash);
++ }
++ /*
++ * Check for malformed hashes, like descrypt hashes
++ * starting with "$2...", which might have been
++ * generated by unsafe base64 encoding functions
++ * as used in glibc <= 2.16.
++ * Such hashes are likely to be rejected by many
++ * recent implementations of libcrypt.
++ */
++ if (retval_checksalt == CRYPT_SALT_INVALID) {
++ helper_log_err(LOG_ERR,
++ "pam_unix(verify_pwd_hash): The hash \"%.6s\""
++ "does not use a method known by the version "
++ "of libcrypt this system is supplied with.",
++ hash);
++ }
++#endif
+ #ifdef HAVE_CRYPT_R
+ struct crypt_data *cdata;
+ cdata = malloc(sizeof(*cdata));
diff --git a/source/a/pam/fedora-patches/pam-1.3.1-unix-crypt_checksalt.patch b/source/a/pam/fedora-patches/pam-1.3.1-unix-crypt_checksalt.patch
new file mode 100644
index 00000000..0a74e940
--- /dev/null
+++ b/source/a/pam/fedora-patches/pam-1.3.1-unix-crypt_checksalt.patch
@@ -0,0 +1,40 @@
+From 62425bf2a0c72d0e23139d0b285547a7add26251 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
+Date: Thu, 15 Nov 2018 19:49:44 +0100
+Subject: [PATCH] pam_unix: Add support for crypt_checksalt, if libcrypt
+ supports it.
+
+libxcrypt v4.3 has added the crypt_checksalt function to whether
+the prefix at the begining of a given hash string refers to a
+supported hashing method.
+
+Future revisions of this function will add support to check whether
+the hashing method, the prefix refers to, was disabled or considered
+deprecated by the system's factory presets or system administrator.
+Furthermore it will be able to detect whether the parameters, which
+are used by the corresponding hashing method, being encoded in the
+hash string are not considered to be strong enough anymore.
+
+*modules/pam_unix/passverify.c: Add support for crypt_checksalt.
+---
+ modules/pam_unix/passverify.c | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+
+diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
+index 1f433b3a..6132130a 100644
+--- a/modules/pam_unix/passverify.c
++++ b/modules/pam_unix/passverify.c
+@@ -244,7 +244,13 @@ PAMH_ARG_DECL(int check_shadow_expiry,
+ D(("account expired"));
+ return PAM_ACCT_EXPIRED;
+ }
++#if defined(CRYPT_CHECKSALT_AVAILABLE) && CRYPT_CHECKSALT_AVAILABLE
++ if (spent->sp_lstchg == 0 ||
++ crypt_checksalt(spent->sp_pwdp) == CRYPT_SALT_METHOD_LEGACY ||
++ crypt_checksalt(spent->sp_pwdp) == CRYPT_SALT_TOO_CHEAP) {
++#else
+ if (spent->sp_lstchg == 0) {
++#endif
+ D(("need a new password"));
+ *daysleft = 0;
+ return PAM_NEW_AUTHTOK_REQD;
diff --git a/source/a/pam/fedora-patches/pam-1.3.1-unix-fix_checksalt_syslog.patch b/source/a/pam/fedora-patches/pam-1.3.1-unix-fix_checksalt_syslog.patch
new file mode 100644
index 00000000..41733ae0
--- /dev/null
+++ b/source/a/pam/fedora-patches/pam-1.3.1-unix-fix_checksalt_syslog.patch
@@ -0,0 +1,104 @@
+From d8d11db2cef65da5d2afa7acf21aa9c8cd88abed Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tmraz@fedoraproject.org>
+Date: Tue, 27 Nov 2018 16:11:03 +0100
+Subject: [PATCH] pam_unix: Use pam_syslog instead of helper_log_err.
+
+* modules/pam_unix/passverify.c (verify_pwd_hash): Add pamh argument via
+ PAMH_ARG_DECL. Call pam_syslog() instead of helper_log_err().
+* modules/pam_unix/passverify.h: Adjust the declaration of verify_pwd_hash().
+* modules/pam_unix/support.c (_unix_verify_password): Add the pamh argument
+ to verify_pwd_hash() call.
+---
+ modules/pam_unix/passverify.c | 24 +++++++++++++-----------
+ modules/pam_unix/passverify.h | 6 +++---
+ modules/pam_unix/support.c | 2 +-
+ 3 files changed, 17 insertions(+), 15 deletions(-)
+
+diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
+index 2c808eb5..80e32767 100644
+--- a/modules/pam_unix/passverify.c
++++ b/modules/pam_unix/passverify.c
+@@ -65,8 +65,8 @@ strip_hpux_aging(char *hash)
+ }
+ }
+
+-int
+-verify_pwd_hash(const char *p, char *hash, unsigned int nullok)
++PAMH_ARG_DECL(int verify_pwd_hash,
++ const char *p, char *hash, unsigned int nullok)
+ {
+ size_t hash_len;
+ char *pp = NULL;
+@@ -116,11 +116,10 @@ verify_pwd_hash(const char *p, char *hash, unsigned int nullok)
+ * pam_syslog() needs a pam handle,
+ * but that's not available here.
+ */
+- helper_log_err(LOG_ERR,
+- "pam_unix(verify_pwd_hash): The method "
+- "for computing the hash \"%.6s\" has been "
+- "disabled in libcrypt by the preset from "
+- "the system's vendor and/or administrator.",
++ pam_syslog(pamh, LOG_ERR,
++ "The support for password hash \"%.6s\" "
++ "has been disabled in libcrypt "
++ "configuration.",
+ hash);
+ }
+ /*
+@@ -132,12 +131,15 @@ verify_pwd_hash(const char *p, char *hash, unsigned int nullok)
+ * recent implementations of libcrypt.
+ */
+ if (retval_checksalt == CRYPT_SALT_INVALID) {
+- helper_log_err(LOG_ERR,
+- "pam_unix(verify_pwd_hash): The hash \"%.6s\""
+- "does not use a method known by the version "
+- "of libcrypt this system is supplied with.",
++ pam_syslog(pamh, LOG_ERR,
++ "The password hash \"%.6s\" is unknown to "
++ "libcrypt.",
+ hash);
+ }
++#else
++#ifndef HELPER_COMPILE
++ (void)pamh;
++#endif
+ #endif
+ #ifdef HAVE_CRYPT_R
+ struct crypt_data *cdata;
+diff --git a/modules/pam_unix/passverify.h b/modules/pam_unix/passverify.h
+index 086c28ac..e9a88fbf 100644
+--- a/modules/pam_unix/passverify.h
++++ b/modules/pam_unix/passverify.h
+@@ -12,9 +12,6 @@
+
+ #define OLD_PASSWORDS_FILE "/etc/security/opasswd"
+
+-int
+-verify_pwd_hash(const char *p, char *hash, unsigned int nullok);
+-
+ int
+ is_pwd_shadowed(const struct passwd *pwd);
+
+@@ -65,6 +62,9 @@ read_passwords(int fd, int npass, char **passwords);
+ #define PAMH_ARG(...) pamh, __VA_ARGS__
+ #endif
+
++PAMH_ARG_DECL(int verify_pwd_hash,
++ const char *p, char *hash, unsigned int nullok);
++
+ PAMH_ARG_DECL(char * create_password_hash,
+ const char *password, unsigned long long ctrl, int rounds);
+
+diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
+index 6894288d..ea5594d2 100644
+--- a/modules/pam_unix/support.c
++++ b/modules/pam_unix/support.c
+@@ -770,7 +770,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
+ }
+ }
+ } else {
+- retval = verify_pwd_hash(p, salt, off(UNIX__NONULL, ctrl));
++ retval = verify_pwd_hash(pamh, p, salt, off(UNIX__NONULL, ctrl));
+ }
+
+ if (retval == PAM_SUCCESS) {
diff --git a/source/a/pam/fedora-patches/pam-1.3.1-unix-gensalt-autoentropy.patch b/source/a/pam/fedora-patches/pam-1.3.1-unix-gensalt-autoentropy.patch
new file mode 100644
index 00000000..8ae4abfd
--- /dev/null
+++ b/source/a/pam/fedora-patches/pam-1.3.1-unix-gensalt-autoentropy.patch
@@ -0,0 +1,95 @@
+From 05aa693b7db6b818d31e41f0cab1d5fb4f49600e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
+Date: Thu, 15 Nov 2018 15:58:56 +0100
+Subject: [PATCH] pam_unix: Prefer a gensalt function, that supports auto
+ entropy.
+
+* modules/pam_unix/pam_unix_passwd.c: Initialize rounds parameter to 0.
+* modules/pam_unix/passverify.c: Prefer gensalt with auto entropy.
+* modules/pam_unix/support.c: Fix sanitizing of rounds parameter.
+---
+ modules/pam_unix/pam_unix_passwd.c | 2 +-
+ modules/pam_unix/passverify.c | 13 +++++++++++++
+ modules/pam_unix/support.c | 7 +++++--
+ 3 files changed, 19 insertions(+), 3 deletions(-)
+
+Index: Linux-PAM-1.3.1/modules/pam_unix/pam_unix_passwd.c
+===================================================================
+--- Linux-PAM-1.3.1.orig/modules/pam_unix/pam_unix_passwd.c
++++ Linux-PAM-1.3.1/modules/pam_unix/pam_unix_passwd.c
+@@ -607,7 +607,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int
+ unsigned int ctrl, lctrl;
+ int retval;
+ int remember = -1;
+- int rounds = -1;
++ int rounds = 0;
+ int pass_min_len = 0;
+
+ /* <DO NOT free() THESE> */
+Index: Linux-PAM-1.3.1/modules/pam_unix/passverify.c
+===================================================================
+--- Linux-PAM-1.3.1.orig/modules/pam_unix/passverify.c
++++ Linux-PAM-1.3.1/modules/pam_unix/passverify.c
+@@ -375,7 +375,12 @@ PAMH_ARG_DECL(char * create_password_has
+ const char *password, unsigned int ctrl, int rounds)
+ {
+ const char *algoid;
++#if defined(CRYPT_GENSALT_OUTPUT_SIZE) && CRYPT_GENSALT_OUTPUT_SIZE > 64
++ /* Strings returned by crypt_gensalt_rn will be no longer than this. */
++ char salt[CRYPT_GENSALT_OUTPUT_SIZE];
++#else
+ char salt[64]; /* contains rounds number + max 16 bytes of salt + algo id */
++#endif
+ char *sp;
+ #ifdef HAVE_CRYPT_R
+ struct crypt_data *cdata = NULL;
+@@ -406,6 +411,13 @@ PAMH_ARG_DECL(char * create_password_has
+ return crypted;
+ }
+
++#if defined(CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY) && CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY
++ /*
++ * Any version of libcrypt supporting auto entropy is
++ * guaranteed to have crypt_gensalt_rn().
++ */
++ sp = crypt_gensalt_rn(algoid, rounds, NULL, 0, salt, sizeof(salt));
++#else
+ #ifdef HAVE_CRYPT_GENSALT_R
+ if (on(UNIX_BLOWFISH_PASS, ctrl)) {
+ char entropy[17];
+@@ -423,6 +435,7 @@ PAMH_ARG_DECL(char * create_password_has
+ #ifdef HAVE_CRYPT_GENSALT_R
+ }
+ #endif
++#endif /* CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY */
+ #ifdef HAVE_CRYPT_R
+ sp = NULL;
+ cdata = malloc(sizeof(*cdata));
+Index: Linux-PAM-1.3.1/modules/pam_unix/support.c
+===================================================================
+--- Linux-PAM-1.3.1.orig/modules/pam_unix/support.c
++++ Linux-PAM-1.3.1/modules/pam_unix/support.c
+@@ -175,6 +175,7 @@ int _set_ctrl(pam_handle_t *pamh, int fl
+
+ if (val) {
+ *rounds = strtol(val, NULL, 10);
++ set(UNIX_ALGO_ROUNDS, ctrl);
+ free (val);
+ }
+ }
+@@ -254,11 +255,13 @@ int _set_ctrl(pam_handle_t *pamh, int fl
+ if (*rounds < 4 || *rounds > 31)
+ *rounds = 5;
+ } else if (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl)) {
+- if ((*rounds < 1000) || (*rounds == INT_MAX))
++ if ((*rounds < 1000) || (*rounds == INT_MAX)) {
+ /* don't care about bogus values */
++ *rounds = 0;
+ unset(UNIX_ALGO_ROUNDS, ctrl);
+- if (*rounds >= 10000000)
++ } else if (*rounds >= 10000000) {
+ *rounds = 9999999;
++ }
+ }
+ }
+
diff --git a/source/a/pam/fedora-patches/pam-1.3.1-unix-no-fallback.patch b/source/a/pam/fedora-patches/pam-1.3.1-unix-no-fallback.patch
new file mode 100644
index 00000000..8755cf60
--- /dev/null
+++ b/source/a/pam/fedora-patches/pam-1.3.1-unix-no-fallback.patch
@@ -0,0 +1,105 @@
+Index: Linux-PAM-1.3.1/modules/pam_unix/pam_unix.8.xml
+===================================================================
+--- Linux-PAM-1.3.1.orig/modules/pam_unix/pam_unix.8.xml
++++ Linux-PAM-1.3.1/modules/pam_unix/pam_unix.8.xml
+@@ -293,11 +293,10 @@
+ <listitem>
+ <para>
+ When a user changes their password next,
+- encrypt it with the SHA256 algorithm. If the
+- SHA256 algorithm is not known to the <citerefentry>
++ encrypt it with the SHA256 algorithm. The
++ SHA256 algorithm must be supported by the <citerefentry>
+ <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
+- </citerefentry> function,
+- fall back to MD5.
++ </citerefentry> function.
+ </para>
+ </listitem>
+ </varlistentry>
+@@ -308,11 +307,10 @@
+ <listitem>
+ <para>
+ When a user changes their password next,
+- encrypt it with the SHA512 algorithm. If the
+- SHA512 algorithm is not known to the <citerefentry>
++ encrypt it with the SHA512 algorithm. The
++ SHA512 algorithm must be supported by the <citerefentry>
+ <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
+- </citerefentry> function,
+- fall back to MD5.
++ </citerefentry> function.
+ </para>
+ </listitem>
+ </varlistentry>
+@@ -323,11 +321,10 @@
+ <listitem>
+ <para>
+ When a user changes their password next,
+- encrypt it with the blowfish algorithm. If the
+- blowfish algorithm is not known to the <citerefentry>
++ encrypt it with the blowfish algorithm. The
++ blowfish algorithm must be supported by the <citerefentry>
+ <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
+- </citerefentry> function,
+- fall back to MD5.
++ </citerefentry> function.
+ </para>
+ </listitem>
+ </varlistentry>
+@@ -338,11 +335,10 @@
+ <listitem>
+ <para>
+ When a user changes their password next,
+- encrypt it with the gost-yescrypt algorithm. If the
+- gost-yescrypt algorithm is not known to the <citerefentry>
++ encrypt it with the gost-yescrypt algorithm. The
++ gost-yescrypt algorithm must be supported by the <citerefentry>
+ <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
+- </citerefentry> function,
+- fall back to MD5.
++ </citerefentry> function.
+ </para>
+ </listitem>
+ </varlistentry>
+@@ -353,11 +349,10 @@
+ <listitem>
+ <para>
+ When a user changes their password next,
+- encrypt it with the yescrypt algorithm. If the
+- yescrypt algorithm is not known to the <citerefentry>
++ encrypt it with the yescrypt algorithm. The
++ yescrypt algorithm must be supported by the <citerefentry>
+ <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
+- </citerefentry> function,
+- fall back to MD5.
++ </citerefentry> function.
+ </para>
+ </listitem>
+ </varlistentry>
+Index: Linux-PAM-1.3.1/modules/pam_unix/passverify.c
+===================================================================
+--- Linux-PAM-1.3.1.orig/modules/pam_unix/passverify.c
++++ Linux-PAM-1.3.1/modules/pam_unix/passverify.c
+@@ -466,10 +466,9 @@ PAMH_ARG_DECL(char * create_password_has
+ sp = crypt(password, salt);
+ #endif
+ if (!sp || strncmp(algoid, sp, strlen(algoid)) != 0) {
+- /* libxcrypt/libc doesn't know the algorithm, use MD5 */
++ /* libxcrypt/libc doesn't know the algorithm, error out */
+ pam_syslog(pamh, LOG_ERR,
+- "Algo %s not supported by the crypto backend, "
+- "falling back to MD5\n",
++ "Algo %s not supported by the crypto backend.\n",
+ on(UNIX_YESCRYPT_PASS, ctrl) ? "yescrypt" :
+ on(UNIX_GOST_YESCRYPT_PASS, ctrl) ? "gost_yescrypt" :
+ on(UNIX_BLOWFISH_PASS, ctrl) ? "blowfish" :
+@@ -481,7 +480,7 @@ PAMH_ARG_DECL(char * create_password_has
+ #ifdef HAVE_CRYPT_R
+ free(cdata);
+ #endif
+- return crypt_md5_wrapper(password);
++ return NULL;
+ }
+ sp = x_strdup(sp);
+ #ifdef HAVE_CRYPT_R
diff --git a/source/a/pam/fedora-patches/pam-1.3.1-unix-remove-obsolete-_unix_read_password-prototype.patch b/source/a/pam/fedora-patches/pam-1.3.1-unix-remove-obsolete-_unix_read_password-prototype.patch
new file mode 100644
index 00000000..14f285de
--- /dev/null
+++ b/source/a/pam/fedora-patches/pam-1.3.1-unix-remove-obsolete-_unix_read_password-prototype.patch
@@ -0,0 +1,34 @@
+From a2b72aeb86f297d349bc9e6a8f059fedf97a499a Mon Sep 17 00:00:00 2001
+From: "Dmitry V. Levin" <ldv@altlinux.org>
+Date: Thu, 31 May 2018 00:20:18 +0000
+Subject: [PATCH] pam_unix: remove obsolete _unix_read_password prototype
+
+The function was removed by commit Linux-PAM-1.3.0~5
+so the function prototype should go as well.
+
+* modules/pam_unix/support.h (_unix_read_password): Remove.
+
+Complements: 7e09188c5dc4 ("pam_unix: Use pam_get_authtok() instead of
+direct pam_prompt() calls.")
+---
+ modules/pam_unix/support.h | 7 -------
+ 1 file changed, 7 deletions(-)
+
+diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h
+index b4c279c3..543e9b9f 100644
+--- a/modules/pam_unix/support.h
++++ b/modules/pam_unix/support.h
+@@ -164,13 +164,6 @@ extern int _unix_blankpasswd(pam_handle_t *pamh,unsigned int ctrl,
+ const char *name);
+ extern int _unix_verify_password(pam_handle_t * pamh, const char *name
+ ,const char *p, unsigned int ctrl);
+-extern int _unix_read_password(pam_handle_t * pamh
+- ,unsigned int ctrl
+- ,const char *comment
+- ,const char *prompt1
+- ,const char *prompt2
+- ,const char *data_name
+- ,const void **pass);
+
+ extern int _unix_run_verify_binary(pam_handle_t *pamh,
+ unsigned int ctrl, const char *user, int *daysleft);
diff --git a/source/a/pam/fedora-patches/pam-1.3.1-unix-yescrypt.patch b/source/a/pam/fedora-patches/pam-1.3.1-unix-yescrypt.patch
new file mode 100644
index 00000000..f04a59ce
--- /dev/null
+++ b/source/a/pam/fedora-patches/pam-1.3.1-unix-yescrypt.patch
@@ -0,0 +1,479 @@
+From 16bd523f85ede9fa9115f80e826f2d803d7e61d4 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
+Date: Thu, 15 Nov 2018 16:38:05 +0100
+Subject: [PATCH] pam_unix: Add support for (gost-)yescrypt hashing methods.
+
+libxcrypt (v4.2 and later) has added support for the yescrypt
+hashing method; gost-yescrypt has been added in v4.3.
+
+* modules/pam_unix/pam_unix.8.xml: Documentation for (gost-)yescrypt.
+* modules/pam_unix/pam_unix_acct.c: Use 64 bit type for control flags.
+* modules/pam_unix/pam_unix_auth.c: Likewise.
+* modules/pam_unix/pam_unix_passwd.c: Likewise.
+* modules/pam_unix/pam_unix_sess.c: Likewise.
+* modules/pam_unix/passverify.c: Add support for (gost-)yescrypt.
+* modules/pam_unix/passverify.h: Use 64 bit type for control flags.
+* modules/pam_unix/support.c: Set sane rounds for (gost-)yescrypt.
+* modules/pam_unix/support.h: Add support for (gost-)yescrypt.
+---
+ modules/pam_unix/pam_unix.8.xml | 35 +++++++++-
+ modules/pam_unix/pam_unix_acct.c | 4 +-
+ modules/pam_unix/pam_unix_auth.c | 4 +-
+ modules/pam_unix/pam_unix_passwd.c | 12 ++--
+ modules/pam_unix/pam_unix_sess.c | 4 +-
+ modules/pam_unix/passverify.c | 8 ++-
+ modules/pam_unix/passverify.h | 2 +-
+ modules/pam_unix/support.c | 33 ++++++----
+ modules/pam_unix/support.h | 101 +++++++++++++++--------------
+ 9 files changed, 128 insertions(+), 75 deletions(-)
+
+diff --git a/modules/pam_unix/pam_unix.8.xml b/modules/pam_unix/pam_unix.8.xml
+index 1b318f11..cae2aeaa 100644
+--- a/modules/pam_unix/pam_unix.8.xml
++++ b/modules/pam_unix/pam_unix.8.xml
+@@ -331,14 +331,45 @@
+ </para>
+ </listitem>
+ </varlistentry>
++ <varlistentry>
++ <term>
++ <option>gost_yescrypt</option>
++ </term>
++ <listitem>
++ <para>
++ When a user changes their password next,
++ encrypt it with the gost-yescrypt algorithm. If the
++ gost-yescrypt algorithm is not known to the <citerefentry>
++ <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
++ </citerefentry> function,
++ fall back to MD5.
++ </para>
++ </listitem>
++ </varlistentry>
++ <varlistentry>
++ <term>
++ <option>yescrypt</option>
++ </term>
++ <listitem>
++ <para>
++ When a user changes their password next,
++ encrypt it with the yescrypt algorithm. If the
++ yescrypt algorithm is not known to the <citerefentry>
++ <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
++ </citerefentry> function,
++ fall back to MD5.
++ </para>
++ </listitem>
++ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>rounds=<replaceable>n</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+- Set the optional number of rounds of the SHA256, SHA512
+- and blowfish password hashing algorithms to
++ Set the optional number of rounds of the SHA256, SHA512,
++ blowfish, gost-yescrypt, and yescrypt password hashing
++ algorithms to
+ <replaceable>n</replaceable>.
+ </para>
+ </listitem>
+diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c
+index fbc84e2f..d8d084ac 100644
+--- a/modules/pam_unix/pam_unix_acct.c
++++ b/modules/pam_unix/pam_unix_acct.c
+@@ -62,7 +62,7 @@
+ #include "support.h"
+ #include "passverify.h"
+
+-int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl,
++int _unix_run_verify_binary(pam_handle_t *pamh, unsigned long long ctrl,
+ const char *user, int *daysleft)
+ {
+ int retval=0, child, fds[2];
+@@ -185,7 +185,7 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl,
+ int
+ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv)
+ {
+- unsigned int ctrl;
++ unsigned long long ctrl;
+ const void *void_uname;
+ const char *uname;
+ int retval, daysleft;
+diff --git a/modules/pam_unix/pam_unix_auth.c b/modules/pam_unix/pam_unix_auth.c
+index 9d9f709d..905fc66c 100644
+--- a/modules/pam_unix/pam_unix_auth.c
++++ b/modules/pam_unix/pam_unix_auth.c
+@@ -96,7 +96,7 @@ setcred_free (pam_handle_t *pamh UNUSED, void *ptr, int err UNUSED)
+ int
+ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
+ {
+- unsigned int ctrl;
++ unsigned long long ctrl;
+ int retval, *ret_data = NULL;
+ const char *name;
+ const char *p;
+@@ -194,7 +194,7 @@ pam_sm_setcred (pam_handle_t *pamh, int flags,
+ {
+ int retval;
+ const void *pretval = NULL;
+- unsigned int ctrl;
++ unsigned long long ctrl;
+
+ D(("called."));
+
+diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c
+index f2c42513..df4c1233 100644
+--- a/modules/pam_unix/pam_unix_passwd.c
++++ b/modules/pam_unix/pam_unix_passwd.c
+@@ -138,7 +138,7 @@ __taddr2port (const struct netconfig *nconf, const struct netbuf *nbuf)
+ }
+ #endif
+
+-static char *getNISserver(pam_handle_t *pamh, unsigned int ctrl)
++static char *getNISserver(pam_handle_t *pamh, unsigned long long ctrl)
+ {
+ char *master;
+ char *domainname;
+@@ -233,7 +233,7 @@ static char *getNISserver(pam_handle_t *pamh, unsigned int ctrl)
+
+ #ifdef WITH_SELINUX
+
+-static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const char *user,
++static int _unix_run_update_binary(pam_handle_t *pamh, unsigned long long ctrl, const char *user,
+ const char *fromwhat, const char *towhat, int remember)
+ {
+ int retval, child, fds[2];
+@@ -388,7 +388,7 @@ static int check_old_password(const char *forwho, const char *newpass)
+
+ static int _do_setpass(pam_handle_t* pamh, const char *forwho,
+ const char *fromwhat,
+- char *towhat, unsigned int ctrl, int remember)
++ char *towhat, unsigned long long ctrl, int remember)
+ {
+ struct passwd *pwd = NULL;
+ int retval = 0;
+@@ -512,7 +512,7 @@ static int _do_setpass(pam_handle_t* pamh, const char *forwho,
+ return retval;
+ }
+
+-static int _unix_verify_shadow(pam_handle_t *pamh, const char *user, unsigned int ctrl)
++static int _unix_verify_shadow(pam_handle_t *pamh, const char *user, unsigned long long ctrl)
+ {
+ struct passwd *pwent = NULL; /* Password and shadow password */
+ struct spwd *spent = NULL; /* file entries for the user */
+@@ -542,7 +542,7 @@ static int _unix_verify_shadow(pam_handle_t *pamh, const char *user, unsigned in
+ }
+
+ static int _pam_unix_approve_pass(pam_handle_t * pamh
+- ,unsigned int ctrl
++ ,unsigned long long ctrl
+ ,const char *pass_old
+ ,const char *pass_new,
+ int pass_min_len)
+@@ -600,7 +600,7 @@ static int _pam_unix_approve_pass(pam_handle_t * pamh
+ int
+ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv)
+ {
+- unsigned int ctrl, lctrl;
++ unsigned long long ctrl, lctrl;
+ int retval;
+ int remember = -1;
+ int rounds = 0;
+diff --git a/modules/pam_unix/pam_unix_sess.c b/modules/pam_unix/pam_unix_sess.c
+index 03e7dcd9..4b8af530 100644
+--- a/modules/pam_unix/pam_unix_sess.c
++++ b/modules/pam_unix/pam_unix_sess.c
+@@ -67,7 +67,7 @@ int
+ pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
+ {
+ char *user_name, *service;
+- unsigned int ctrl;
++ unsigned long long ctrl;
+ int retval;
+ const char *login_name;
+
+@@ -103,7 +103,7 @@ int
+ pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
+ {
+ char *user_name, *service;
+- unsigned int ctrl;
++ unsigned long long ctrl;
+ int retval;
+
+ D(("called."));
+diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
+index 95dfe528..39e2bfac 100644
+--- a/modules/pam_unix/passverify.c
++++ b/modules/pam_unix/passverify.c
+@@ -387,7 +387,7 @@ crypt_md5_wrapper(const char *pass_new)
+ }
+
+ PAMH_ARG_DECL(char * create_password_hash,
+- const char *password, unsigned int ctrl, int rounds)
++ const char *password, unsigned long long ctrl, int rounds)
+ {
+ const char *algoid;
+ #if defined(CRYPT_GENSALT_OUTPUT_SIZE) && CRYPT_GENSALT_OUTPUT_SIZE > 64
+@@ -404,6 +404,10 @@ PAMH_ARG_DECL(char * create_password_hash,
+ if (on(UNIX_MD5_PASS, ctrl)) {
+ /* algoid = "$1" */
+ return crypt_md5_wrapper(password);
++ } else if (on(UNIX_YESCRYPT_PASS, ctrl)) {
++ algoid = "$y$";
++ } else if (on(UNIX_GOST_YESCRYPT_PASS, ctrl)) {
++ algoid = "$gy$";
+ } else if (on(UNIX_BLOWFISH_PASS, ctrl)) {
+ algoid = "$2b$";
+ } else if (on(UNIX_SHA256_PASS, ctrl)) {
+@@ -466,6 +470,8 @@ PAMH_ARG_DECL(char * create_password_hash,
+ pam_syslog(pamh, LOG_ERR,
+ "Algo %s not supported by the crypto backend, "
+ "falling back to MD5\n",
++ on(UNIX_YESCRYPT_PASS, ctrl) ? "yescrypt" :
++ on(UNIX_GOST_YESCRYPT_PASS, ctrl) ? "gost_yescrypt" :
+ on(UNIX_BLOWFISH_PASS, ctrl) ? "blowfish" :
+ on(UNIX_SHA256_PASS, ctrl) ? "sha256" :
+ on(UNIX_SHA512_PASS, ctrl) ? "sha512" : algoid);
+diff --git a/modules/pam_unix/passverify.h b/modules/pam_unix/passverify.h
+index caf7ae8a..086c28ac 100644
+--- a/modules/pam_unix/passverify.h
++++ b/modules/pam_unix/passverify.h
+@@ -66,7 +66,7 @@ read_passwords(int fd, int npass, char **passwords);
+ #endif
+
+ PAMH_ARG_DECL(char * create_password_hash,
+- const char *password, unsigned int ctrl, int rounds);
++ const char *password, unsigned long long ctrl, int rounds);
+
+ PAMH_ARG_DECL(int get_account_info,
+ const char *name, struct passwd **pwd, struct spwd **spwdent);
+diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
+index 8cbc4217..6894288d 100644
+--- a/modules/pam_unix/support.c
++++ b/modules/pam_unix/support.c
+@@ -107,7 +107,7 @@ search_key (const char *key, const char *filename)
+
+ /* this is a front-end for module-application conversations */
+
+-int _make_remark(pam_handle_t * pamh, unsigned int ctrl,
++int _make_remark(pam_handle_t * pamh, unsigned long long ctrl,
+ int type, const char *text)
+ {
+ int retval = PAM_SUCCESS;
+@@ -122,10 +122,11 @@ int _make_remark(pam_handle_t * pamh, unsigned int ctrl,
+ * set the control flags for the UNIX module.
+ */
+
+-int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds,
+- int *pass_min_len, int argc, const char **argv)
++unsigned long long _set_ctrl(pam_handle_t *pamh, int flags, int *remember,
++ int *rounds, int *pass_min_len, int argc,
++ const char **argv)
+ {
+- unsigned int ctrl;
++ unsigned long long ctrl;
+ char *val;
+ int j;
+
+@@ -243,15 +244,23 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds,
+ set(UNIX__NONULL, ctrl);
+ }
+
+- /* Set default rounds for blowfish */
+- if (on(UNIX_BLOWFISH_PASS, ctrl) && off(UNIX_ALGO_ROUNDS, ctrl) && rounds != NULL) {
+- *rounds = 5;
+- set(UNIX_ALGO_ROUNDS, ctrl);
++ /* Set default rounds for blowfish, gost-yescrypt and yescrypt */
++ if (off(UNIX_ALGO_ROUNDS, ctrl) && rounds != NULL) {
++ if (on(UNIX_BLOWFISH_PASS, ctrl) ||
++ on(UNIX_GOST_YESCRYPT_PASS, ctrl) ||
++ on(UNIX_YESCRYPT_PASS, ctrl)) {
++ *rounds = 5;
++ set(UNIX_ALGO_ROUNDS, ctrl);
++ }
+ }
+
+ /* Enforce sane "rounds" values */
+ if (on(UNIX_ALGO_ROUNDS, ctrl)) {
+- if (on(UNIX_BLOWFISH_PASS, ctrl)) {
++ if (on(UNIX_GOST_YESCRYPT_PASS, ctrl) ||
++ on(UNIX_YESCRYPT_PASS, ctrl)) {
++ if (*rounds < 3 || *rounds > 11)
++ *rounds = 5;
++ } else if (on(UNIX_BLOWFISH_PASS, ctrl)) {
+ if (*rounds < 4 || *rounds > 31)
+ *rounds = 5;
+ } else if (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl)) {
+@@ -532,7 +541,7 @@ int _unix_comesfromsource(pam_handle_t *pamh,
+ #include <sys/wait.h>
+
+ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd,
+- unsigned int ctrl, const char *user)
++ unsigned long long ctrl, const char *user)
+ {
+ int retval, child, fds[2];
+ struct sigaction newsa, oldsa;
+@@ -658,7 +667,7 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd,
+ */
+
+ int
+-_unix_blankpasswd (pam_handle_t *pamh, unsigned int ctrl, const char *name)
++_unix_blankpasswd (pam_handle_t *pamh, unsigned long long ctrl, const char *name)
+ {
+ struct passwd *pwd = NULL;
+ char *salt = NULL;
+@@ -706,7 +715,7 @@ _unix_blankpasswd (pam_handle_t *pamh, unsigned int ctrl, const char *name)
+ }
+
+ int _unix_verify_password(pam_handle_t * pamh, const char *name
+- ,const char *p, unsigned int ctrl)
++ ,const char *p, unsigned long long ctrl)
+ {
+ struct passwd *pwd = NULL;
+ char *salt = NULL;
+diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h
+index 543e9b9f..e02c05e0 100644
+--- a/modules/pam_unix/support.h
++++ b/modules/pam_unix/support.h
+@@ -22,8 +22,8 @@
+
+ typedef struct {
+ const char *token;
+- unsigned int mask; /* shall assume 32 bits of flags */
+- unsigned int flag;
++ unsigned long long mask; /* shall assume 64 bits of flags */
++ unsigned long long flag;
+ unsigned int is_hash_algo;
+ } UNIX_Ctrls;
+
+@@ -48,7 +48,7 @@ typedef struct {
+
+ /* the generic mask */
+
+-#define _ALL_ON_ (~0U)
++#define _ALL_ON_ (~0ULL)
+
+ /* end of macro definitions definitions for the control flags */
+
+@@ -98,47 +98,51 @@ typedef struct {
+ #define UNIX_QUIET 28 /* Don't print informational messages */
+ #define UNIX_NO_PASS_EXPIRY 29 /* Don't check for password expiration if not used for authentication */
+ #define UNIX_DES 30 /* DES, default */
++#define UNIX_GOST_YESCRYPT_PASS 31 /* new password hashes will use gost-yescrypt */
++#define UNIX_YESCRYPT_PASS 32 /* new password hashes will use yescrypt */
+ /* -------------- */
+-#define UNIX_CTRLS_ 31 /* number of ctrl arguments defined */
++#define UNIX_CTRLS_ 33 /* number of ctrl arguments defined */
+
+-#define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl))
++#define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl)&&off(UNIX_GOST_YESCRYPT_PASS,ctrl)&&off(UNIX_YESCRYPT_PASS,ctrl))
+
+ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] =
+ {
+-/* symbol token name ctrl mask ctrl *
+- * ----------------------- ------------------- --------------------- -------- */
+-
+-/* UNIX__OLD_PASSWD */ {NULL, _ALL_ON_, 01, 0},
+-/* UNIX__VERIFY_PASSWD */ {NULL, _ALL_ON_, 02, 0},
+-/* UNIX__IAMROOT */ {NULL, _ALL_ON_, 04, 0},
+-/* UNIX_AUDIT */ {"audit", _ALL_ON_, 010, 0},
+-/* UNIX_USE_FIRST_PASS */ {"use_first_pass", _ALL_ON_^(060), 020, 0},
+-/* UNIX_TRY_FIRST_PASS */ {"try_first_pass", _ALL_ON_^(060), 040, 0},
+-/* UNIX_AUTHTOK_TYPE */ {"authtok_type=", _ALL_ON_, 0100, 0},
+-/* UNIX__PRELIM */ {NULL, _ALL_ON_^(0600), 0200, 0},
+-/* UNIX__UPDATE */ {NULL, _ALL_ON_^(0600), 0400, 0},
+-/* UNIX__NONULL */ {NULL, _ALL_ON_, 01000, 0},
+-/* UNIX__QUIET */ {NULL, _ALL_ON_, 02000, 0},
+-/* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 04000, 0},
+-/* UNIX_SHADOW */ {"shadow", _ALL_ON_, 010000, 0},
+-/* UNIX_MD5_PASS */ {"md5", _ALL_ON_^(0260420000), 020000, 1},
+-/* UNIX__NULLOK */ {"nullok", _ALL_ON_^(01000), 0, 0},
+-/* UNIX_DEBUG */ {"debug", _ALL_ON_, 040000, 0},
+-/* UNIX_NODELAY */ {"nodelay", _ALL_ON_, 0100000, 0},
+-/* UNIX_NIS */ {"nis", _ALL_ON_, 0200000, 0},
+-/* UNIX_BIGCRYPT */ {"bigcrypt", _ALL_ON_^(0260420000), 0400000, 1},
+-/* UNIX_LIKE_AUTH */ {"likeauth", _ALL_ON_, 01000000, 0},
+-/* UNIX_REMEMBER_PASSWD */ {"remember=", _ALL_ON_, 02000000, 0},
+-/* UNIX_NOREAP */ {"noreap", _ALL_ON_, 04000000, 0},
+-/* UNIX_BROKEN_SHADOW */ {"broken_shadow", _ALL_ON_, 010000000, 0},
+-/* UNIX_SHA256_PASS */ {"sha256", _ALL_ON_^(0260420000), 020000000, 1},
+-/* UNIX_SHA512_PASS */ {"sha512", _ALL_ON_^(0260420000), 040000000, 1},
+-/* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0100000000, 0},
+-/* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0260420000), 0200000000, 1},
+-/* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0400000000, 0},
+-/* UNIX_QUIET */ {"quiet", _ALL_ON_, 01000000000, 0},
+-/* UNIX_NO_PASS_EXPIRY */ {"no_pass_expiry", _ALL_ON_, 02000000000, 0},
+-/* UNIX_DES */ {"des", _ALL_ON_^(0260420000), 0, 1},
++/* symbol token name ctrl mask ctrl *
++ * --------------------------- -------------------- ------------------------- ---------------- */
++
++/* UNIX__OLD_PASSWD */ {NULL, _ALL_ON_, 01, 0},
++/* UNIX__VERIFY_PASSWD */ {NULL, _ALL_ON_, 02, 0},
++/* UNIX__IAMROOT */ {NULL, _ALL_ON_, 04, 0},
++/* UNIX_AUDIT */ {"audit", _ALL_ON_, 010, 0},
++/* UNIX_USE_FIRST_PASS */ {"use_first_pass", _ALL_ON_^(060ULL), 020, 0},
++/* UNIX_TRY_FIRST_PASS */ {"try_first_pass", _ALL_ON_^(060ULL), 040, 0},
++/* UNIX_AUTHTOK_TYPE */ {"authtok_type=", _ALL_ON_, 0100, 0},
++/* UNIX__PRELIM */ {NULL, _ALL_ON_^(0600ULL), 0200, 0},
++/* UNIX__UPDATE */ {NULL, _ALL_ON_^(0600ULL), 0400, 0},
++/* UNIX__NONULL */ {NULL, _ALL_ON_, 01000, 0},
++/* UNIX__QUIET */ {NULL, _ALL_ON_, 02000, 0},
++/* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 04000, 0},
++/* UNIX_SHADOW */ {"shadow", _ALL_ON_, 010000, 0},
++/* UNIX_MD5_PASS */ {"md5", _ALL_ON_^(015660420000ULL), 020000, 1},
++/* UNIX__NULLOK */ {"nullok", _ALL_ON_^(01000ULL), 0, 0},
++/* UNIX_DEBUG */ {"debug", _ALL_ON_, 040000, 0},
++/* UNIX_NODELAY */ {"nodelay", _ALL_ON_, 0100000, 0},
++/* UNIX_NIS */ {"nis", _ALL_ON_, 0200000, 0},
++/* UNIX_BIGCRYPT */ {"bigcrypt", _ALL_ON_^(015660420000ULL), 0400000, 1},
++/* UNIX_LIKE_AUTH */ {"likeauth", _ALL_ON_, 01000000, 0},
++/* UNIX_REMEMBER_PASSWD */ {"remember=", _ALL_ON_, 02000000, 0},
++/* UNIX_NOREAP */ {"noreap", _ALL_ON_, 04000000, 0},
++/* UNIX_BROKEN_SHADOW */ {"broken_shadow", _ALL_ON_, 010000000, 0},
++/* UNIX_SHA256_PASS */ {"sha256", _ALL_ON_^(015660420000ULL), 020000000, 1},
++/* UNIX_SHA512_PASS */ {"sha512", _ALL_ON_^(015660420000ULL), 040000000, 1},
++/* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0100000000, 0},
++/* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(015660420000ULL), 0200000000, 1},
++/* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0400000000, 0},
++/* UNIX_QUIET */ {"quiet", _ALL_ON_, 01000000000, 0},
++/* UNIX_NO_PASS_EXPIRY */ {"no_pass_expiry", _ALL_ON_, 02000000000, 0},
++/* UNIX_DES */ {"des", _ALL_ON_^(015660420000ULL), 0, 1},
++/* UNIX_GOST_YESCRYPT_PASS */ {"gost_yescrypt", _ALL_ON_^(015660420000ULL), 04000000000, 1},
++/* UNIX_YESCRYPT_PASS */ {"yescrypt", _ALL_ON_^(015660420000ULL), 010000000000, 1},
+ };
+
+ #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag)
+@@ -151,20 +155,23 @@ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] =
+ _pam_drop(xx); \
+ }
+
+-extern int _make_remark(pam_handle_t * pamh, unsigned int ctrl
+- ,int type, const char *text);
+-extern int _set_ctrl(pam_handle_t * pamh, int flags, int *remember, int *rounds,
+- int *pass_min_len, int argc, const char **argv);
++extern int _make_remark(pam_handle_t * pamh, unsigned long long ctrl,
++ int type, const char *text);
++extern unsigned long long _set_ctrl(pam_handle_t * pamh, int flags,
++ int *remember, int *rounds,
++ int *pass_min_len,
++ int argc, const char **argv);
+ extern int _unix_getpwnam (pam_handle_t *pamh,
+ const char *name, int files, int nis,
+ struct passwd **ret);
+ extern int _unix_comesfromsource (pam_handle_t *pamh,
+ const char *name, int files, int nis);
+-extern int _unix_blankpasswd(pam_handle_t *pamh,unsigned int ctrl,
++extern int _unix_blankpasswd(pam_handle_t *pamh, unsigned long long ctrl,
+ const char *name);
+-extern int _unix_verify_password(pam_handle_t * pamh, const char *name
+- ,const char *p, unsigned int ctrl);
++extern int _unix_verify_password(pam_handle_t * pamh, const char *name,
++ const char *p, unsigned long long ctrl);
+
+ extern int _unix_run_verify_binary(pam_handle_t *pamh,
+- unsigned int ctrl, const char *user, int *daysleft);
++ unsigned long long ctrl,
++ const char *user, int *daysleft);
+ #endif /* _PAM_UNIX_SUPPORT_H */
diff --git a/source/a/pam/pam.SlackBuild b/source/a/pam/pam.SlackBuild
new file mode 100755
index 00000000..23aad8bc
--- /dev/null
+++ b/source/a/pam/pam.SlackBuild
@@ -0,0 +1,230 @@
+#!/bin/sh
+
+# Copyright 2010 Vincent Batts, vbatts@hashbangbash.com
+# Copyright 2010, 2011 Patrick J. Volkerding, Sebeka, Minnesota, USA
+# All rights reserved.
+#
+# Redistribution and use of this script, with or without modification, is
+# permitted provided that the following conditions are met:
+#
+# 1. Redistributions of this script must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+cd $(dirname $0) ; CWD=$(pwd)
+
+SRCNAM=Linux-PAM
+PKGNAM=pam
+PAMRHVER=${PAMRHVER:-$(echo pam-redhat-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
+VERSION=${VERSION:-$(echo $SRCNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
+BUILD=${BUILD:-1}
+
+# Automatically determine the architecture we're building on:
+if [ -z "$ARCH" ]; then
+ case "$( uname -m )" in
+ i?86) export ARCH=i586 ;;
+ arm*) export ARCH=arm ;;
+ # Unless $ARCH is already set, use uname -m for all other archs:
+ *) export ARCH=$( uname -m ) ;;
+ esac
+fi
+
+# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
+# the name of the created package would be, and then exit. This information
+# could be useful to other scripts.
+if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
+ echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz"
+ exit 0
+fi
+
+NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
+
+if [ "$ARCH" = "i586" ]; then
+ SLKCFLAGS="-O2 -march=i586 -mtune=i686"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "s390" ]; then
+ SLKCFLAGS="-O2"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "x86_64" ]; then
+ SLKCFLAGS="-O2 -fPIC"
+ LIBDIRSUFFIX="64"
+else
+ SLKCFLAGS="-O2"
+ LIBDIRSUFFIX=""
+fi
+
+TMP=${TMP:-/tmp}
+PKG=$TMP/package-$PKGNAM
+
+rm -rf $PKG
+mkdir -p $TMP $PKG
+
+cd $TMP
+rm -rf $SRCNAM-$VERSION
+tar xvf $CWD/$SRCNAM-$VERSION.tar.?z || exit 1
+cd $SRCNAM-$VERSION || exit 1
+
+chown -R root:root .
+find . \
+ \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
+ -exec chmod 755 {} \+ -o \
+ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
+ -exec chmod 644 {} \+
+
+# Better take the Red Hat added modules and patches, because that's very
+# likely to be the most standard as far as PAM goes:
+tar xvf $CWD/pam-redhat-$PAMRHVER.tar.?z || exit 1
+for file in CHANGELOG COPYING README ; do
+ mv pam-redhat-$PAMRHVER/${file}* ./${file}.pam-redhat
+done
+mv pam-redhat-$PAMRHVER/* modules
+zcat $CWD/fedora-patches/pam-1.3.1-redhat-modules.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/fedora-patches/pam-1.3.1-noflex.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/fedora-patches/pam-1.1.3-nouserenv.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/fedora-patches/pam-1.1.6-limits-user.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/fedora-patches/pam-1.1.8-full-relro.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/fedora-patches/pam-1.3.0-pwhistory-helper.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/fedora-patches/pam-1.1.8-audit-user-mgmt.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/fedora-patches/pam-1.3.0-unix-nomsg.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/fedora-patches/pam-1.3.1-coverity.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/fedora-patches/pam-1.3.1-unix-remove-obsolete-_unix_read_password-prototype.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/fedora-patches/pam-1.3.1-unix-bcrypt_b.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/fedora-patches/pam-1.3.1-unix-gensalt-autoentropy.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/fedora-patches/pam-1.3.1-unix-crypt_checksalt.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/fedora-patches/pam-1.3.1-unix-yescrypt.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/fedora-patches/pam-1.3.1-unix-no-fallback.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/fedora-patches/pam-1.3.1-motd-multiple-paths.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/fedora-patches/pam-1.3.1-unix-checksalt_syslog.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/fedora-patches/pam-1.3.1-unix-fix_checksalt_syslog.patch.gz | patch -p1 --verbose || exit 1
+
+# pam_tally2 removed in recent redhat-modules.patch, but we'll keep it
+# for now since system-auth in the shadow package uses it. Perhaps see if
+# pam_faillock can replace the usage there?
+zcat $CWD/patches/pam.pam_tally2.slackware.diff.gz | patch -p1 --verbose || exit 1
+
+# Upstream git patch to prevent pam_tally2 from doing an fsync()
+# with every failed login. This can cause system slowdowns, especially
+# on Internet-connected machines that may endure endless dictionary
+# attacks.
+zcat $CWD/patches/pam.pam_tally2.no.fsync.patch.gz | patch -p1 --verbose || exit 1
+
+# Improve the comments in /etc/environment:
+zcat $CWD/patches/pam.etc.environment.better.comments.diff.gz | patch -p1 --verbose || exit 1
+
+autoreconf -ivf || exit 1
+
+CFLAGS="$SLKCFLAGS" \
+CXXFLAGS="$SLKCFLAGS" \
+./configure \
+ --prefix=/ \
+ --libdir=/lib${LIBDIRSUFFIX} \
+ --sysconfdir=/etc \
+ --includedir=/usr/include/security \
+ --enable-securedir=/lib${LIBDIRSUFFIX}/security \
+ --datarootdir=/usr/share \
+ --localstatedir=/var \
+ --mandir=/usr/man \
+ --docdir=/usr/doc/$PKGNAM-$VERSION \
+ --disable-regenerate-docu \
+ --disable-audit \
+ --disable-prelude \
+ --disable-rpath \
+ --disable-selinux \
+ --disable-static \
+ --build=$ARCH-slackware-linux || exit 1
+
+# Make these man pages or the build falls over later
+xmlto man modules/pam_faillock/faillock.8.xml -o modules/pam_faillock/
+xmlto man modules/pam_faillock/pam_faillock.8.xml -o modules/pam_faillock/
+xmlto man modules/pam_pwhistory/pwhistory_helper.8.xml -o modules/pam_pwhistory/
+
+make -C po update-gmo
+make $NUMJOBS || make || exit 1
+make install DESTDIR=$PKG || exit 1
+
+# Don't ship .la files:
+rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la
+
+# The ones in /lib${LIBDIRSUFFIX}/security can also go:
+rm -f $PKG/lib${LIBDIRSUFFIX}/security/*.la
+
+# Add extra symlinks added by pam.spec:
+( cd $PKG/lib${LIBDIRSUFFIX}/security
+ for type in acct auth passwd session ; do
+ ln -sf pam_unix.so pam_unix_${type}.so
+ done
+)
+
+# This is a pam helper that can only be called from pam
+chown root:root $PKG/sbin/unix_chkpwd
+chmod 6755 $PKG/sbin/unix_chkpwd
+
+# This package can own the /etc/pam.d/ directory
+mkdir -p $PKG/etc/pam.d
+
+# Strip binaries:
+( cd $PKG
+ find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
+ find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
+)
+
+# Don't clobber config files:
+find $PKG/etc -type f -exec mv {} {}.new \;
+
+# Compress and if needed symlink the man pages:
+if [ -d $PKG/usr/man ]; then
+ ( cd $PKG/usr/man
+ for manpagedir in $(find . -type d -name "man*") ; do
+ ( cd $manpagedir
+ for eachpage in $( find . -type l -maxdepth 1) ; do
+ ln -s $( readlink $eachpage ).gz $eachpage.gz
+ rm $eachpage
+ done
+ gzip -9 *.?
+ )
+ done
+ )
+fi
+
+mkdir -p $PKG/usr/doc/$PKGNAM-$VERSION
+cp -a \
+ AUTHORS COPYING* Copyright NEWS README* \
+ $PKG/usr/doc/$PKGNAM-$VERSION
+
+# If there's a ChangeLog, installing at least part of the recent history
+# is useful, but don't let it get totally out of control:
+if [ -r ChangeLog ]; then
+ DOCSDIR=$(echo $PKG/usr/doc/${PKGNAM}-$VERSION)
+ cat ChangeLog | head -n 1000 > $DOCSDIR/ChangeLog
+ touch -r ChangeLog $DOCSDIR/ChangeLog
+fi
+if [ -r CHANGELOG ]; then
+ DOCSDIR=$(echo $PKG/usr/doc/${PKGNAM}-$VERSION)
+ cat CHANGELOG | head -n 1000 > $DOCSDIR/CHANGELOG
+ touch -r CHANGELOG $DOCSDIR/CHANGELOG
+fi
+rm -f $PKG/usr/doc/$PKGNAM-$VERSION/index.html
+
+mkdir -p $PKG/install
+cat $CWD/slack-desc > $PKG/install/slack-desc
+zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh
+
+# Append config statements to the install/doinst.sh:
+( cd $PKG
+ for i in $(find etc -type f -name "*.new") ; do
+ echo "config $i" >> $PKG/install/doinst.sh ;
+ done
+)
+
+cd $PKG
+/sbin/makepkg -p -l y -c n $TMP/$PKGNAM-$VERSION-$ARCH-$BUILD.txz
diff --git a/source/a/pam/pam.url b/source/a/pam/pam.url
new file mode 100644
index 00000000..07dfcb99
--- /dev/null
+++ b/source/a/pam/pam.url
@@ -0,0 +1,2 @@
+#http://www.linux-pam.org/library/Linux-PAM-1.3.1.tar.bz2
+https://github.com/linux-pam/linux-pam/releases
diff --git a/source/a/pam/patches/pam.etc.environment.better.comments.diff b/source/a/pam/patches/pam.etc.environment.better.comments.diff
new file mode 100644
index 00000000..6899e4c1
--- /dev/null
+++ b/source/a/pam/patches/pam.etc.environment.better.comments.diff
@@ -0,0 +1,15 @@
+--- ./modules/pam_env/environment.orig 2017-02-10 04:10:15.000000000 -0600
++++ ./modules/pam_env/environment 2020-01-02 14:40:48.793005303 -0600
+@@ -1,5 +1,10 @@
+-#
+-# This file is parsed by pam_env module
++# /etc/environment
++# This file is parsed by pam_env module.
++# This file may contain environment variable settings that should be used
++# system-wide. Please note that it is not a script file and should only
++# contain assignment expressions, one per line.
++# The environment variables in this file will be loaded before those in other
++# files such as: /etc/profile, /etc/profile.d/*, ~/.profile, etc.
+ #
+ # Syntax: simple "KEY=VAL" pairs on separate lines
+ #
diff --git a/source/a/pam/patches/pam.pam_tally2.no.fsync.patch b/source/a/pam/patches/pam.pam_tally2.no.fsync.patch
new file mode 100644
index 00000000..15b40115
--- /dev/null
+++ b/source/a/pam/patches/pam.pam_tally2.no.fsync.patch
@@ -0,0 +1,35 @@
+From b136bff25e93be6f11de74aca03569022364b973 Mon Sep 17 00:00:00 2001
+From: "Maciej S. Szmigiero" <mail@maciej.szmigiero.name>
+Date: Mon, 25 Feb 2019 20:50:48 +0100
+Subject: [PATCH] pam_tally2: Remove unnecessary fsync()
+
+pam_tally2 does fsync() after writing to a tally file.
+This causes hard drive cache flushes on every failed SSH login on many
+(if not most) filesystems.
+And an internet-exposed machine can have a lot of these failed logins.
+
+This operation however doesn't seem to be necessary - the pam_tally2
+module does not do any operation which would need explicit post-crash
+ordering, it just does simple file reads and writes.
+And doing a fsync() after them doesn't close any race if the system happens
+to crash between a write being posted and its fsync() completion.
+
+Let's remove this operation to get rid of all these extra cache flushes.
+---
+ modules/pam_tally2/pam_tally2.c | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/modules/pam_tally2/pam_tally2.c b/modules/pam_tally2/pam_tally2.c
+index 984edf6a..ce7f5aee 100644
+--- a/modules/pam_tally2/pam_tally2.c
++++ b/modules/pam_tally2/pam_tally2.c
+@@ -484,10 +484,6 @@ set_tally(pam_handle_t *pamh, uid_t uid,
+ }
+ }
+
+- if (fsync(*tfile)) {
+- pam_syslog(pamh, LOG_ALERT, "update (fsync) failed for %s: %m", filename);
+- return PAM_AUTH_ERR;
+- }
+ return PAM_SUCCESS;
+ }
diff --git a/source/a/pam/patches/pam.pam_tally2.slackware.diff b/source/a/pam/patches/pam.pam_tally2.slackware.diff
new file mode 100644
index 00000000..8ab85321
--- /dev/null
+++ b/source/a/pam/patches/pam.pam_tally2.slackware.diff
@@ -0,0 +1,11 @@
+--- ./modules/Makefile.am.orig 2019-07-16 13:18:28.619322386 -0500
++++ ./modules/Makefile.am 2019-07-16 13:45:49.260371056 -0500
+@@ -10,7 +10,7 @@
+ pam_mkhomedir pam_motd pam_namespace pam_nologin \
+ pam_permit pam_pwhistory pam_rhosts pam_rootok pam_securetty \
+ pam_selinux pam_sepermit pam_shells pam_stress \
+- pam_succeed_if pam_time pam_timestamp \
++ pam_succeed_if pam_tally2 pam_time pam_timestamp \
+ pam_tty_audit pam_umask \
+ pam_unix pam_userdb pam_warn pam_wheel pam_xauth
+
diff --git a/source/a/pam/slack-desc b/source/a/pam/slack-desc
new file mode 100644
index 00000000..7c0bcbbd
--- /dev/null
+++ b/source/a/pam/slack-desc
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description. Line
+# up the first '|' above the ':' following the base package name, and the '|'
+# on the right side marks the last column you can put a character in. You must
+# make exactly 11 lines for the formatting to be correct. It's also
+# customary to leave one space after the ':'.
+
+ |-----handy-ruler------------------------------------------------------|
+pam: pam (Pluggable Authentication Modules)
+pam:
+pam: PAM = Pluggable Authentication Modules. Basically, it is a flexible
+pam: mechanism for authenticating users. PAM provides a way to develop
+pam: programs that are independent of authentication scheme. However,
+pam: these programs will need "authentication modules" (and libpam) at
+pam: run-time in order to work.
+pam:
+pam: Homepage: http://www.linux-pam.org/
+pam:
+pam:
diff --git a/source/a/shadow/shadow.SlackBuild b/source/a/shadow/shadow.SlackBuild
index c7c33a83..21d4d875 100755
--- a/source/a/shadow/shadow.SlackBuild
+++ b/source/a/shadow/shadow.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=shadow
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-6}
+BUILD=${BUILD:-7}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
diff --git a/source/a/utempter/slack-desc b/source/a/utempter/slack-desc
index 5c490b91..3e57078f 100644
--- a/source/a/utempter/slack-desc
+++ b/source/a/utempter/slack-desc
@@ -12,7 +12,7 @@ utempter: The utempter package provides a utility and shared library that
utempter: allows terminal applications such as xterm and screen to update
utempter: /var/run/utmp and /var/log/wtmp without requiring root privileges.
utempter:
-utempter:
+utempter: Homepage: https://github.com/altlinux/libutempter
utempter:
utempter:
utempter:
diff --git a/source/a/utempter/utempter.SlackBuild b/source/a/utempter/utempter.SlackBuild
index 09d244e8..8cef68aa 100755
--- a/source/a/utempter/utempter.SlackBuild
+++ b/source/a/utempter/utempter.SlackBuild
@@ -27,8 +27,8 @@
cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=utempter
-VERSION=1.1.6
-BUILD=${BUILD:-3}
+VERSION=1.2.0
+BUILD=${BUILD:-1}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
@@ -69,7 +69,7 @@ rm -rf $PKG
mkdir -p $TMP $PKG/usr
cd $TMP
rm -rf libutempter-$VERSION
-tar xvf $CWD/libutempter-$VERSION.tar.bz2 || exit 1
+tar xvf $CWD/libutempter-$VERSION.tar.?z || exit 1
cd libutempter-$VERSION || exit 1
chown -R root:root .
find . \
diff --git a/source/a/utempter/utempter.url b/source/a/utempter/utempter.url
new file mode 100644
index 00000000..305d4756
--- /dev/null
+++ b/source/a/utempter/utempter.url
@@ -0,0 +1,2 @@
+https://github.com/altlinux/libutempter
+ftp://ftp.altlinux.org/pub/people/ldv/utempter
diff --git a/source/a/util-linux/util-linux.SlackBuild b/source/a/util-linux/util-linux.SlackBuild
index 381c89d1..52f86384 100755
--- a/source/a/util-linux/util-linux.SlackBuild
+++ b/source/a/util-linux/util-linux.SlackBuild
@@ -26,7 +26,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=util-linux
VERSION=${VERSION:-$(echo util-linux*.tar.xz | cut -d - -f 3 | rev | cut -f 3- -d . | rev)}
-BUILD=${BUILD:-5}
+BUILD=${BUILD:-6}
ADJTIMEXVERS=1.29
SETSERIALVERS=2.17
diff --git a/source/a/xfsprogs/xfsprogs.SlackBuild b/source/a/xfsprogs/xfsprogs.SlackBuild
index fe5d5e8f..1fbf978d 100755
--- a/source/a/xfsprogs/xfsprogs.SlackBuild
+++ b/source/a/xfsprogs/xfsprogs.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=xfsprogs
VERSION=${VERSION:-$(echo xfsprogs-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
diff --git a/source/ap/at/at.SlackBuild b/source/ap/at/at.SlackBuild
index caf04831..2c8b93ac 100755
--- a/source/ap/at/at.SlackBuild
+++ b/source/ap/at/at.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=at
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
diff --git a/source/ap/cups/cups.SlackBuild b/source/ap/cups/cups.SlackBuild
index 60ff31fc..4a9f85ac 100755
--- a/source/ap/cups/cups.SlackBuild
+++ b/source/ap/cups/cups.SlackBuild
@@ -26,7 +26,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=cups
VERSION=${VERSION:-$(echo $PKGNAM-*-source.tar.?z | cut -f 2 -d -)}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
diff --git a/source/ap/hplip/hplip.SlackBuild b/source/ap/hplip/hplip.SlackBuild
index 4d4f143e..a6882040 100755
--- a/source/ap/hplip/hplip.SlackBuild
+++ b/source/ap/hplip/hplip.SlackBuild
@@ -27,7 +27,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=hplip
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
diff --git a/source/ap/mariadb/mariadb.SlackBuild b/source/ap/mariadb/mariadb.SlackBuild
index 473b90e8..9aefaca0 100755
--- a/source/ap/mariadb/mariadb.SlackBuild
+++ b/source/ap/mariadb/mariadb.SlackBuild
@@ -30,7 +30,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=mariadb
VERSION=${VERSION:-$(echo ${PKGNAM}-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
# To reduce the package size, the embedded server may be omitted. Currently
# only amarok uses this. To build without embedded support, set this to NO.
diff --git a/source/ap/screen/screen.SlackBuild b/source/ap/screen/screen.SlackBuild
index ee5b24ae..d21b0af2 100755
--- a/source/ap/screen/screen.SlackBuild
+++ b/source/ap/screen/screen.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=screen
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
diff --git a/source/ap/soma/ChangeLog.txt b/source/ap/soma/ChangeLog.txt
deleted file mode 100644
index a51b7c0e..00000000
--- a/source/ap/soma/ChangeLog.txt
+++ /dev/null
@@ -1,203 +0,0 @@
-==============================================================================
-Thu 28 Feb 02:13:19 UTC 2019
-3.2.3
-Fixed the Intergalactic FM stations.
-==============================================================================
-Wed 27 Feb 23:49:44 UTC 2020
-3.2.2
-Add alpha sorting to lists.
-Stop hitting escape, and some keys that contain escape, to exit the main menu.
-==============================================================================
-Thu 27 Dec 14:06:02 UTC 2018
-3.2.1
-Remove debugging helper line.
-==============================================================================
-Sun 18 Nov 05:42:15 UTC 2018
-3.2.0
-Add proxy support.
-==============================================================================
-Fri 16 Nov 00:05:05 UTC 2018
-3.1.1
-Update README
-==============================================================================
-Wed 14 Nov 22:51:50 UTC 2018
-3.1.0
-Improve timeout check.
-==============================================================================
-Version 3.0.8
-Precreate 'soma-status'.
-Fix indentation. Vim was confused.
-Fix killing of orphaned mencoder process if recording failed.
-==============================================================================
-Version 3.0.7
-Precreate 'soma-playing'.
-==============================================================================
-Version 3.0.6
-Rename options.conf/stations.conf -> .new
-==============================================================================
-Version 3.0.5
-
-Bugs fixed:
-
-Finally fixed the flashing window bug with newer versions of dialog. Hopefully.
-Sometimes menus were broken after choosing a station from the local genre list.
-
-Added:
-
-Recording. See RECORDING.txt or 'soma --record-info | less' for detailed info.
-
-Changes:
-
-Some new stations added and dead ones removed.
-Removed TAG from the SlackBuild.
-Added the doinst.sh.gz from Slackware -current and adjusted the SlackBuild
-according to the diff that Pat uses.
-==============================================================================
-Version 3.0.4
-Somebody stole the ChangeLog.
-==============================================================================
-Version 3.0.3
-Add check for empty input in text input box.
-==============================================================================
-Version 3.0.2
-Edit purge files function slightly.
-==============================================================================
-Version 3.0.1
-Add new theme.
-Edit purge files function slightly to make it safer.
-==============================================================================
-Version 3.0.0
-Fixed BBC Radio 4 and BBC Radio 4 Extra URLs.
-Add menu options for genres, bookmarks and themes.
-Add schedules and volume indicators.
-Add more options for timeformat, caret etc.
-==============================================================================
-Version 2.13.2
-Fixes for new dialog in -current.
-==============================================================================
-Version 2.13.1
-Bugfix where sometimes station list is broken.
-==============================================================================
-Version 2.13.0
-Fix another scheduler bug.
-Add genre support.
-Move Theme option to main menu.
-Add time format option.
-Updated all broken BBC URLs.
-Removed some broken URLs.
-==============================================================================
-Version 2.12.3
-Fix scheduler bug.
-==============================================================================
-Version 2.12.2
-Fixed some options that were zeroing out if 'back' was
-pressed.
-==============================================================================
-Version 2.12.1
-Fixed missing output devices bug.
-==============================================================================
-Version 2.12.0
-
-Stations added:
-Kisstory
-ABC Classic FM
-Heart
-Radio X
-Capital
-CapitalXtra
-
-New options:
-New options menu item in main menu. This is to edit
-the config variables and then reread the config.
-'t' shortcut to change theme from status window.
-'o' shortcut to go to options menu.
-The 'Theme' option lists everything in ~/.soma/themes
-Added tfonz's turbo theme.
-
-Removed:
-TERM environment setting. Now soma overrides this.
-Took out the initial typing of device detection because it
-starts up so fast now that you just see a flicker.
-
-Enhancements:
-A vast improvement in loading speed due to new method
-of loading station list.
-==============================================================================
-Version 2.11.3
-Added:
-ABC Oldies,http://orion.shoutca.st:8569
-ABC 60s,http://149.56.23.7:20314/stream
-ABC 70s,http://149.56.23.7:20258/stream
-ABC 80s,http://cabhs31.sonixcast.com:20168
-Flower Power Radio,http://50.7.129.122:8433/stream
-KZRO,http://war.str3am.com:7930
-Morcegão FM,http://69.64.34.198:8000/morcegao
-Floyd,http://archlinux.uk:9001
-Floyd Too,http://cirrus.turtil.net:9001
-
-Major code overhaul.
-Added more themes + themes directory.
-==============================================================================
-Version 2.11.2
-Added:
-Radio Swing
-1920s Radio
-Smooth Jazz
-Big Blue
-KCEA
-WITR 89.7
-KKJZ FM
-4625 KHz
-The Buzzer
-==============================================================================
-Version 2.11.1
-Add 3WK and Krypton stations.
-==============================================================================
-Version 2.11.0
-Add SAVE_LIST_AT_QUIT option.
-==============================================================================
-Version 2.10.8
-Set default CACHE is blank..
-==============================================================================
-Version 2.10.7
-Add CACHE option.
-==============================================================================
-Version 2.10.6
-Add HD BBC stations.
-Support for .m3u8 URLs.
-==============================================================================
-Version 2.10.5
-Add function to add SETVOL to config.
-==============================================================================
-Version 2.10.4
-Clean up Name finding code.
-==============================================================================
-Version 2.10.3
-Fix Names containing colons.
-==============================================================================
-Version 2.10.2
-Tidy menu.
-==============================================================================
-Version 2.10.1
-Fix bug in mixer selection.
-==============================================================================
-Version 2.10.0
-Changed dialog theme back to original way.
-Added a 'greenrc' theme.
-==============================================================================
-Version 2.9.2
-Update stations URLS. Remove dead.
-==============================================================================
-Version 2.9.1
-Better station parsing.
-==============================================================================
-Version 2.9.0
-Add keyboard sortcuts for volume:
-keys 1-0 = 10% 20% ... 100%
-This volume is saved and reapplied on startup.
-Added a few new somafm stations and a couple of talk radio stations
-==============================================================================
-Version 2.8.9
-Use ~/.soma/dialogrc-$VERSION.
-Some fixes to the station 'tuner' function.
-==============================================================================
diff --git a/source/ap/soma/README b/source/ap/soma/README
index 20299b6f..cb60a62c 100644
--- a/source/ap/soma/README
+++ b/source/ap/soma/README
@@ -30,7 +30,8 @@ Startup Flags:
Key commands supported in status window:
1 - 0 Volume 10% - 100% () Volume -5/+5
- Space Pause ` Volume 0
+ F1-F12 Bookmarks ` Volume 0
+ Space Pause
a Add schedule A Toggle audio codec info
b Station browser (genre) B Station browser (all)
d Disconnect/Reconnect/Play/Stop D Toggle debug mode
@@ -98,5 +99,3 @@ attrcolor b ".I"
You might want to comment it out and try again as it seems to turn off the bold
attribute. See the screen man page for more info.
-
-Please mail me at dave@dawoodfall.net for new radio urls or bug reports etc.
diff --git a/source/ap/soma/slack-desc.diff b/source/ap/soma/slack-desc.diff
deleted file mode 100644
index b8eeefa3..00000000
--- a/source/ap/soma/slack-desc.diff
+++ /dev/null
@@ -1,22 +0,0 @@
---- slack-desc.orig 2019-02-27 21:33:45.000000000 -0600
-+++ slack-desc 2018-11-28 16:37:00.644976546 -0600
-@@ -1,14 +1,14 @@
- # HOW TO EDIT THIS FILE:
--# The "handy ruler" below makes it easier to edit a package description. Line
-+# The "handy ruler" below makes it easier to edit a package description. Line
- # up the first '|' above the ':' following the base package name, and the '|'
--# on the right side marks the last column you can put a character in. You must
--# make exactly 11 lines for the formatting to be correct. It's also
-+# on the right side marks the last column you can put a character in. You must
-+# make exactly 11 lines for the formatting to be correct. It's also
- # customary to leave one space after the ':'.
-
- |-----handy-ruler------------------------------------------------------|
--soma: Soma - a dialog/mplayer internet radio player and recorder.
-+soma: soma (a dialog/MPlayer internet radio player and recorder)
- soma:
--soma: Soma handles playing any internet audio stream supported by mplayer.
-+soma: Soma handles playing any internet audio stream supported by MPlayer.
- soma: It also supports playlists such as pls,m3u and ram.
- soma:
- soma: Homepage: http://tty1.uk/slackbuilds/noversion/soma
diff --git a/source/ap/soma/soma.SlackBuild b/source/ap/soma/soma.SlackBuild
index be4a4139..af32a201 100755
--- a/source/ap/soma/soma.SlackBuild
+++ b/source/ap/soma/soma.SlackBuild
@@ -25,7 +25,7 @@
cd $(dirname $0) ; CWD=$(pwd)
PRGNAM=soma
-VERSION=${VERSION:-3.2.3}
+VERSION=${VERSION:-3.3.0}
ARCH=noarch
BUILD=${BUILD:-1}
diff --git a/source/ap/soma/soma.info b/source/ap/soma/soma.info
index 4eeb7176..7fc398ce 100644
--- a/source/ap/soma/soma.info
+++ b/source/ap/soma/soma.info
@@ -1,10 +1,8 @@
PRGNAM="soma"
-VERSION="3.2.3"
+VERSION="3.3.0"
HOMEPAGE="http://tty1.uk/slackbuilds/noversion/soma/"
-DOWNLOAD="http://git.tty1.uk/cgit.cgi/soma/snapshot/soma-3.2.3.tar.gz"
-MD5SUM="1b3b8dc0e0b60b4f2eede63bdfb39e32"
+DOWNLOAD="http://git.tty1.uk/cgit.cgi/soma/snapshot/soma-3.3.0.tar.gz"
+MD5SUM="783296fbd79ac0626e55ac326526e9e1"
DOWNLOAD_x86_64=""
MD5SUM_x86_64=""
REQUIRES=""
-MAINTAINER="Dave Woodfall"
-EMAIL="dave@tty1.uk"
diff --git a/source/ap/sqlite/sqlite.SlackBuild b/source/ap/sqlite/sqlite.SlackBuild
index 6e4df6f0..781f7d40 100755
--- a/source/ap/sqlite/sqlite.SlackBuild
+++ b/source/ap/sqlite/sqlite.SlackBuild
@@ -26,7 +26,7 @@
cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=sqlite
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
# First, convert the .zip file if needed:
if ls *.zip 1> /dev/null 2> /dev/null ; then
diff --git a/source/ap/sudo/sudo.SlackBuild b/source/ap/sudo/sudo.SlackBuild
index a47e63e6..984c7e0b 100755
--- a/source/ap/sudo/sudo.SlackBuild
+++ b/source/ap/sudo/sudo.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=sudo
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
diff --git a/source/installer/ChangeLog.txt b/source/installer/ChangeLog.txt
index 3d504073..2d749cfd 100644
--- a/source/installer/ChangeLog.txt
+++ b/source/installer/ChangeLog.txt
@@ -1,3 +1,6 @@
+Sun May 17 19:57:48 UTC 2020
+ Added PAM libraries, security modules, and config files.
++--------------------------+
Tue Mar 31 18:02:13 UTC 2020
In series selection menu, don't (falsely) mention Qt being in the KDE series.
+--------------------------+
diff --git a/source/installer/build_installer.sh b/source/installer/build_installer.sh
index 284c7928..c26bdfbb 100755
--- a/source/installer/build_installer.sh
+++ b/source/installer/build_installer.sh
@@ -883,6 +883,7 @@ a/mdadm \
a/ncompress \
a/openssl-solibs \
a/os-prober \
+a/pam \
a/pciutils \
a/plzip \
a/pkgtools \
@@ -1119,6 +1120,19 @@ cp --remove-destination -fa${VERBOSE1} ${EXTRA_PKGS_USRBIN} \
usb-devices \
$PKG/$ARCH-installer-filesystem/usr/bin/
+# Copy PAM's security directory:
+cd $TMP/extract-packages/lib${LIBDIRSUFFIX}
+cp -a security $PKG/$ARCH-installer-filesystem/lib${LIBDIRSUFFIX}
+
+# Copy PAM's config files:
+cd $TMP/extract-packages/etc
+cp -a pam.d $PKG/$ARCH-installer-filesystem/etc
+( cd $PKG/$ARCH-installer-filesystem/etc/pam.d
+ for file in *.new ; do
+ mv $file $(basename $file .new)
+ done
+)
+
# Grab a couple of terminus fonts that we'll need to prevent
# blindness from microscopic KMS terminal fonts:
cd $TMP/extract-packages/usr/share/kbd/consolefonts
@@ -1216,6 +1230,7 @@ cp -fa${VERBOSE1} \
libkrb5support.so* \
liblzma*so* \
libmount.so* \
+ libpam*.so* \
libpcre.so* \
libpopt*.so* \
libsmartcols.so* \
diff --git a/source/kde/build/calligra b/source/kde/build/calligra
index 8f92bfdd..7facc899 100644
--- a/source/kde/build/calligra
+++ b/source/kde/build/calligra
@@ -1 +1 @@
-35
+36
diff --git a/source/kde/build/kde-workspace b/source/kde/build/kde-workspace
index 1e8b3149..7f8f011e 100644
--- a/source/kde/build/kde-workspace
+++ b/source/kde/build/kde-workspace
@@ -1 +1 @@
-6
+7
diff --git a/source/l/ConsoleKit2/ConsoleKit2.SlackBuild b/source/l/ConsoleKit2/ConsoleKit2.SlackBuild
index bb0d8052..1c5c07a2 100755
--- a/source/l/ConsoleKit2/ConsoleKit2.SlackBuild
+++ b/source/l/ConsoleKit2/ConsoleKit2.SlackBuild
@@ -28,7 +28,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=ConsoleKit2
VERSION=${VERSION:-1.2.1}
-BUILD=${BUILD:-3}
+BUILD=${BUILD:-4}
# Maximum storage quota for XDG_RUNTIME_DIR:
XDG_RUNTIME_QUOTA=${XDG_RUNTIME_QUOTA:-size=100M}
diff --git a/source/l/boost/boost.SlackBuild b/source/l/boost/boost.SlackBuild
index 0ed7d87f..80d32a63 100755
--- a/source/l/boost/boost.SlackBuild
+++ b/source/l/boost/boost.SlackBuild
@@ -30,7 +30,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=boost
VERSION=${VERSION:-$(echo $PKGNAM_*.tar.?z | rev | cut -f 3- -d . | rev | cut -f 2- -d _)}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
PKG_VERSION=$(echo $VERSION | tr _ .) # Leave this alone
NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
diff --git a/source/l/gnome-keyring/gnome-keyring.SlackBuild b/source/l/gnome-keyring/gnome-keyring.SlackBuild
index 3eaade87..ffda5043 100755
--- a/source/l/gnome-keyring/gnome-keyring.SlackBuild
+++ b/source/l/gnome-keyring/gnome-keyring.SlackBuild
@@ -26,7 +26,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=gnome-keyring
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
if [ -z "$ARCH" ]; then
case "$( uname -m )" in
diff --git a/source/l/harfbuzz/harfbuzz.SlackBuild b/source/l/harfbuzz/harfbuzz.SlackBuild
index 07d9ddaf..2f8ba30b 100755
--- a/source/l/harfbuzz/harfbuzz.SlackBuild
+++ b/source/l/harfbuzz/harfbuzz.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=harfbuzz
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
diff --git a/source/l/icu4c/icu4c.url b/source/l/icu4c/icu4c.url
index 94751976..45fce69f 100644
--- a/source/l/icu4c/icu4c.url
+++ b/source/l/icu4c/icu4c.url
@@ -1 +1 @@
-http://download.icu-project.org/files/icu4c
+http://site.icu-project.org/download
diff --git a/source/l/libcap/libcap.SlackBuild b/source/l/libcap/libcap.SlackBuild
index d31535d3..6a0f4563 100755
--- a/source/l/libcap/libcap.SlackBuild
+++ b/source/l/libcap/libcap.SlackBuild
@@ -26,7 +26,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=libcap
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.xz | cut -d - -f 2 | rev | cut -f 3- -d . | rev)}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
# Building Go support is currently disabled until something actually needs it:
GOSUPPORT=${GOSUPPORT:-no}
diff --git a/source/l/libical/libical.SlackBuild b/source/l/libical/libical.SlackBuild
index 9fea6a54..56d88000 100755
--- a/source/l/libical/libical.SlackBuild
+++ b/source/l/libical/libical.SlackBuild
@@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=libical
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
diff --git a/source/l/libvisio/libvisio.SlackBuild b/source/l/libvisio/libvisio.SlackBuild
index 7c07894e..1e3caad9 100755
--- a/source/l/libvisio/libvisio.SlackBuild
+++ b/source/l/libvisio/libvisio.SlackBuild
@@ -27,7 +27,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=libvisio
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-2}
+BUILD=${BUILD:-3}
NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
diff --git a/source/l/polkit/polkit.SlackBuild b/source/l/polkit/polkit.SlackBuild
index 0a01494c..6501e1f6 100755
--- a/source/l/polkit/polkit.SlackBuild
+++ b/source/l/polkit/polkit.SlackBuild
@@ -26,7 +26,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=polkit
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-2}
+BUILD=${BUILD:-3}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
diff --git a/source/l/qt/qt-nowebkit.SlackBuild b/source/l/qt/qt-nowebkit.SlackBuild
index 1b72d99d..b29a32a2 100755
--- a/source/l/qt/qt-nowebkit.SlackBuild
+++ b/source/l/qt/qt-nowebkit.SlackBuild
@@ -43,7 +43,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=qt
VERSION=$(ls qt-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)
-BUILD=${BUILD:-15}
+BUILD=${BUILD:-16}
NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
diff --git a/source/l/qt5-webkit/qt5-webkit.SlackBuild b/source/l/qt5-webkit/qt5-webkit.SlackBuild
index c54430e7..db8fd914 100755
--- a/source/l/qt5-webkit/qt5-webkit.SlackBuild
+++ b/source/l/qt5-webkit/qt5-webkit.SlackBuild
@@ -28,7 +28,7 @@ PKGNAM=qt5-webkit
SRCNAM=qtwebkit
SRCVER=${SRCVER:-5.212.0-alpha4}
VERSION=$(echo $SRCVER | tr - _)
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
diff --git a/source/l/qt5/qt5.SlackBuild b/source/l/qt5/qt5.SlackBuild
index 0821b2ae..60f6bf8b 100755
--- a/source/l/qt5/qt5.SlackBuild
+++ b/source/l/qt5/qt5.SlackBuild
@@ -31,7 +31,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=qt5
VERSION=$(ls qt-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)
-BUILD=${BUILD:-3}
+BUILD=${BUILD:-4}
PKGSRC=$(echo $VERSION | cut -d - -f 1)
PKGVER=$(echo $VERSION | tr - _)
diff --git a/source/l/raptor2/raptor2.SlackBuild b/source/l/raptor2/raptor2.SlackBuild
index 98b4a1aa..18cd705a 100755
--- a/source/l/raptor2/raptor2.SlackBuild
+++ b/source/l/raptor2/raptor2.SlackBuild
@@ -29,7 +29,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=raptor2
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-8}
+BUILD=${BUILD:-9}
NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
diff --git a/source/l/system-config-printer/system-config-printer.SlackBuild b/source/l/system-config-printer/system-config-printer.SlackBuild
index 4153529c..5fa4a72d 100755
--- a/source/l/system-config-printer/system-config-printer.SlackBuild
+++ b/source/l/system-config-printer/system-config-printer.SlackBuild
@@ -27,7 +27,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=system-config-printer
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-3}
+BUILD=${BUILD:-4}
NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
diff --git a/source/l/vte/vte.SlackBuild b/source/l/vte/vte.SlackBuild
index 9937c978..2b6d2076 100755
--- a/source/l/vte/vte.SlackBuild
+++ b/source/l/vte/vte.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=vte
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
diff --git a/source/n/cifs-utils/cifs-utils.SlackBuild b/source/n/cifs-utils/cifs-utils.SlackBuild
index dbf860ed..a8bcb035 100755
--- a/source/n/cifs-utils/cifs-utils.SlackBuild
+++ b/source/n/cifs-utils/cifs-utils.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=cifs-utils
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-3}
+BUILD=${BUILD:-4}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
diff --git a/source/n/cyrus-sasl/cyrus-sasl.SlackBuild b/source/n/cyrus-sasl/cyrus-sasl.SlackBuild
index 0be565e2..8b355e00 100755
--- a/source/n/cyrus-sasl/cyrus-sasl.SlackBuild
+++ b/source/n/cyrus-sasl/cyrus-sasl.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=cyrus-sasl
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | cut -f 3- -d - | rev | cut -f 3- -d . | rev)}
-BUILD=${BUILD:-3}
+BUILD=${BUILD:-4}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
diff --git a/source/n/dovecot/dovecot.SlackBuild b/source/n/dovecot/dovecot.SlackBuild
index 7993a195..1c5dfaff 100755
--- a/source/n/dovecot/dovecot.SlackBuild
+++ b/source/n/dovecot/dovecot.SlackBuild
@@ -26,7 +26,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=dovecot
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-2}
+BUILD=${BUILD:-1}
if [ -z "$ARCH" ]; then
case "$( uname -m )" in
diff --git a/source/n/netatalk/netatalk.SlackBuild b/source/n/netatalk/netatalk.SlackBuild
index 7295fdd2..b5bfa85e 100755
--- a/source/n/netatalk/netatalk.SlackBuild
+++ b/source/n/netatalk/netatalk.SlackBuild
@@ -26,7 +26,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=netatalk
VERSION=${VERSION:-$(echo netatalk-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-2}
+BUILD=${BUILD:-3}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
diff --git a/source/n/netkit-rsh/netkit-rsh.SlackBuild b/source/n/netkit-rsh/netkit-rsh.SlackBuild
index d4f78e0a..7152f769 100755
--- a/source/n/netkit-rsh/netkit-rsh.SlackBuild
+++ b/source/n/netkit-rsh/netkit-rsh.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=netkit-rsh
VERSION=0.17
-BUILD=${BUILD:-2}
+BUILD=${BUILD:-3}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
diff --git a/source/n/nss-pam-ldapd/1025d5de336d8c9585b79df3154b5649da344281.patch b/source/n/nss-pam-ldapd/1025d5de336d8c9585b79df3154b5649da344281.patch
new file mode 100644
index 00000000..b21ab09e
--- /dev/null
+++ b/source/n/nss-pam-ldapd/1025d5de336d8c9585b79df3154b5649da344281.patch
@@ -0,0 +1,42 @@
+From 1025d5de336d8c9585b79df3154b5649da344281 Mon Sep 17 00:00:00 2001
+From: Arthur de Jong <arthur@arthurdejong.org>
+Date: Sun, 13 Oct 2019 17:23:20 +0200
+Subject: [PATCH] Fix Python 3 compatibility in chsh.ldap
+
+---
+ utils/chsh.py | 6 +++---
+ utils/shells.py | 2 +-
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/utils/chsh.py b/utils/chsh.py
+index e7537e71..0f24bfcc 100755
+--- a/utils/chsh.py
++++ b/utils/chsh.py
+@@ -43,11 +43,11 @@
+ def ask_shell(oldshell):
+ """Ask the user to provide a shell."""
+ # Provide Python 2 compatibility
++ prompt = ' Login Shell [%s]: ' % oldshell
+ try:
+- input = raw_input
++ shell = raw_input(prompt)
+ except NameError:
+- pass
+- shell = input(' Login Shell [%s]: ' % oldshell)
++ shell = input(prompt)
+ return shell or oldshell
+
+
+diff --git a/utils/shells.py b/utils/shells.py
+index 92dba2f2..327b35e7 100644
+--- a/utils/shells.py
++++ b/utils/shells.py
+@@ -35,7 +35,7 @@ def list_shells():
+ shell = getusershell()
+ if not shell:
+ break
+- yield shell
++ yield shell.decode('utf-8')
+ libc.endusershell()
+
+
diff --git a/source/n/nss-pam-ldapd/548efe5333b56a0a042843a044e0348317f80065.patch b/source/n/nss-pam-ldapd/548efe5333b56a0a042843a044e0348317f80065.patch
new file mode 100644
index 00000000..d03f1552
--- /dev/null
+++ b/source/n/nss-pam-ldapd/548efe5333b56a0a042843a044e0348317f80065.patch
@@ -0,0 +1,37 @@
+From 548efe5333b56a0a042843a044e0348317f80065 Mon Sep 17 00:00:00 2001
+From: Arthur de Jong <arthur@arthurdejong.org>
+Date: Mon, 11 Nov 2019 23:06:20 +0100
+Subject: [PATCH] Log the correct timeout value
+
+This fixes logging of the LDAP_OPT_TIMEOUT, LDAP_OPT_NETWORK_TIMEOUT and
+LDAP_X_OPT_CONNECT_TIMEOUT options to actually log the value of the
+bind_timelimit option instead of the timelimit option.
+---
+ nslcd/myldap.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/nslcd/myldap.c b/nslcd/myldap.c
+index 02b97195..0ee1be80 100644
+--- a/nslcd/myldap.c
++++ b/nslcd/myldap.c
+@@ -911,17 +911,17 @@ static int do_set_options(MYLDAP_SESSION *session)
+ tv.tv_usec = 0;
+ #ifdef LDAP_OPT_TIMEOUT
+ log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_TIMEOUT,%d)",
+- nslcd_cfg->timelimit);
++ nslcd_cfg->bind_timelimit);
+ LDAP_SET_OPTION(session->ld, LDAP_OPT_TIMEOUT, &tv);
+ #endif /* LDAP_OPT_TIMEOUT */
+ #ifdef LDAP_OPT_NETWORK_TIMEOUT
+ log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,%d)",
+- nslcd_cfg->timelimit);
++ nslcd_cfg->bind_timelimit);
+ LDAP_SET_OPTION(session->ld, LDAP_OPT_NETWORK_TIMEOUT, &tv);
+ #endif /* LDAP_OPT_NETWORK_TIMEOUT */
+ #ifdef LDAP_X_OPT_CONNECT_TIMEOUT
+ log_log(LOG_DEBUG, "ldap_set_option(LDAP_X_OPT_CONNECT_TIMEOUT,%d)",
+- nslcd_cfg->timelimit);
++ nslcd_cfg->bind_timelimit);
+ LDAP_SET_OPTION(session->ld, LDAP_X_OPT_CONNECT_TIMEOUT, &tv);
+ #endif /* LDAP_X_OPT_CONNECT_TIMEOUT */
+ log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_REFERRALS,%s)",
diff --git a/source/n/nss-pam-ldapd/b33551895b3c02dc7082363c6aae13f8e336f4e5.patch b/source/n/nss-pam-ldapd/b33551895b3c02dc7082363c6aae13f8e336f4e5.patch
new file mode 100644
index 00000000..127243e0
--- /dev/null
+++ b/source/n/nss-pam-ldapd/b33551895b3c02dc7082363c6aae13f8e336f4e5.patch
@@ -0,0 +1,26 @@
+From b33551895b3c02dc7082363c6aae13f8e336f4e5 Mon Sep 17 00:00:00 2001
+From: Arthur de Jong <arthur@arthurdejong.org>
+Date: Mon, 10 Feb 2020 22:52:16 +0100
+Subject: [PATCH] Fix typo in manual page
+
+Thanks Benedict Reuschling for pointing this out.
+
+Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/39
+Fixes b93838d
+---
+ man/nslcd.conf.5.xml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/man/nslcd.conf.5.xml b/man/nslcd.conf.5.xml
+index 7ae56b28..4e81645c 100644
+--- a/man/nslcd.conf.5.xml
++++ b/man/nslcd.conf.5.xml
+@@ -514,7 +514,7 @@
+ <term><option>idle_timelimit</option> <replaceable>SECONDS</replaceable></term>
+ <listitem>
+ <para>
+- Specifies the period if inactivity (in seconds) after which the
++ Specifies the period of inactivity (in seconds) after which the
+ connection to the <acronym>LDAP</acronym> server will be closed.
+ The default is not to time out connections.
+ </para>
diff --git a/source/n/nss-pam-ldapd/doinst.sh b/source/n/nss-pam-ldapd/doinst.sh
new file mode 100644
index 00000000..d483abce
--- /dev/null
+++ b/source/n/nss-pam-ldapd/doinst.sh
@@ -0,0 +1,26 @@
+config() {
+ NEW="$1"
+ OLD="$(dirname $NEW)/$(basename $NEW .new)"
+ # If there's no config file by that name, mv it over:
+ if [ ! -r $OLD ]; then
+ mv $NEW $OLD
+ elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then
+ # toss the redundant copy
+ rm $NEW
+ fi
+ # Otherwise, we leave the .new copy for the admin to consider...
+}
+
+preserve_perms() {
+ NEW="$1"
+ OLD="$(dirname $NEW)/$(basename $NEW .new)"
+ if [ -e $OLD ]; then
+ cp -a $OLD ${NEW}.incoming
+ cat $NEW > ${NEW}.incoming
+ mv ${NEW}.incoming $NEW
+ fi
+ config $NEW
+}
+
+config etc/nslcd.conf.new
+preserve_perms etc/rc.d/rc.nss-pam-ldapd.new
diff --git a/source/n/nss-pam-ldapd/fea0f5ed287b04406afca0835b1a333bd1fe617b.patch b/source/n/nss-pam-ldapd/fea0f5ed287b04406afca0835b1a333bd1fe617b.patch
new file mode 100644
index 00000000..13b0ace7
--- /dev/null
+++ b/source/n/nss-pam-ldapd/fea0f5ed287b04406afca0835b1a333bd1fe617b.patch
@@ -0,0 +1,49 @@
+From fea0f5ed287b04406afca0835b1a333bd1fe617b Mon Sep 17 00:00:00 2001
+From: Arthur de Jong <arthur@arthurdejong.org>
+Date: Sun, 13 Oct 2019 17:24:36 +0200
+Subject: [PATCH] Add pam_authc_ppolicy support in pynslcd
+
+See https://bugs.debian.org/900253
+---
+ pynslcd/cfg.py | 3 ++-
+ pynslcd/pam.py | 6 ++++--
+ 2 files changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/pynslcd/cfg.py b/pynslcd/cfg.py
+index 877d4427..b970b5a7 100644
+--- a/pynslcd/cfg.py
++++ b/pynslcd/cfg.py
+@@ -87,6 +87,7 @@
+ nss_getgrent_skipmembers = False
+ nss_disable_enumeration = False
+ validnames = re.compile(r'^[a-z0-9._@$][a-z0-9._@$ \\~-]{0,98}[a-z0-9._@$~-]$', re.IGNORECASE)
++pam_authc_ppolicy = True
+ pam_authz_searches = []
+ pam_password_prohibit_message = None
+ reconnect_invalidate = set()
+@@ -184,7 +185,7 @@ def read(filename): # noqa: C901 (many simple branches)
+ # parse options with a single boolean argument
+ m = re.match(
+ r'(?P<keyword>referrals|nss_nested_groups|nss_getgrent_skipmembers|'
+- r'nss_disable_enumeration)\s+(?P<value>%s)' % (
++ r'nss_disable_enumeration|pam_authc_ppolicy)\s+(?P<value>%s)' % (
+ '|'.join(_boolean_options.keys())),
+ line, re.IGNORECASE)
+ if m:
+diff --git a/pynslcd/pam.py b/pynslcd/pam.py
+index b372cdda..5f5486b3 100644
+--- a/pynslcd/pam.py
++++ b/pynslcd/pam.py
+@@ -42,8 +42,10 @@ def authenticate(binddn, password):
+ # open a new connection
+ conn = search.Connection()
+ # bind using the specified credentials
+- pwctrl = PasswordPolicyControl()
+- res, data, msgid, ctrls = conn.simple_bind_s(binddn, password, serverctrls=[pwctrl])
++ serverctrls = []
++ if cfg.pam_authc_ppolicy:
++ serverctrls.append(PasswordPolicyControl())
++ res, data, msgid, ctrls = conn.simple_bind_s(binddn, password, serverctrls=serverctrls)
+ # go over bind result server controls
+ for ctrl in ctrls:
+ if ctrl.controlType == PasswordPolicyControl.controlType:
diff --git a/source/n/nss-pam-ldapd/nss-pam-ldapd.SlackBuild b/source/n/nss-pam-ldapd/nss-pam-ldapd.SlackBuild
new file mode 100755
index 00000000..204e9603
--- /dev/null
+++ b/source/n/nss-pam-ldapd/nss-pam-ldapd.SlackBuild
@@ -0,0 +1,152 @@
+#!/bin/bash
+
+# Copyright 2020 Patrick J. Volkerding, Sebeka, Minnesota, USA
+# All rights reserved.
+#
+# Redistribution and use of this script, with or without modification, is
+# permitted provided that the following conditions are met:
+#
+# 1. Redistributions of this script must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+cd $(dirname $0) ; CWD=$(pwd)
+
+PKGNAM=nss-pam-ldapd
+VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
+BUILD=${BUILD:-1}
+
+# Automatically determine the architecture we're building on:
+if [ -z "$ARCH" ]; then
+ case "$(uname -m)" in
+ i?86) ARCH=i586 ;;
+ arm*) readelf /usr/bin/file -A | egrep -q "Tag_CPU.*[4,5]" && ARCH=arm || ARCH=armv7hl ;;
+ # Unless $ARCH is already set, use uname -m for all other archs:
+ *) ARCH=$(uname -m) ;;
+ esac
+ export ARCH
+fi
+
+# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
+# the name of the created package would be, and then exit. This information
+# could be useful to other scripts.
+if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
+ echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz"
+ exit 0
+fi
+
+NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
+
+if [ "$ARCH" = "i586" ]; then
+ SLKCFLAGS="-O2 -march=i586 -mtune=i686"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "i686" ]; then
+ SLKCFLAGS="-O2 -march=i686"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "s390" ]; then
+ SLKCFLAGS="-O2"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "x86_64" ]; then
+ SLKCFLAGS="-O2 -fPIC"
+ LIBDIRSUFFIX="64"
+elif [ "$ARCH" = "armv7hl" ]; then
+ SLKCFLAGS="-O3 -march=armv7-a -mfpu=vfpv3-d16"
+ LIBDIRSUFFIX=""
+else
+ SLKCFLAGS="-O2"
+ LIBDIRSUFFIX=""
+fi
+
+TMP=${TMP:-/tmp}
+PKG=$TMP/package-$PKGNAM
+
+rm -rf $PKG
+mkdir -p $TMP $PKG
+
+cd $TMP
+rm -rf $PKGNAM-$VERSION
+tar xvf $CWD/$PKGNAM-$VERSION.tar.?z || exit 1
+cd $PKGNAM-$VERSION || exit 1
+
+chown -R root:root .
+find . \
+ \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
+ -exec chmod 755 {} \+ -o \
+ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
+ -exec chmod 644 {} \+
+
+# Upstream patches from git:
+zcat $CWD/1025d5de336d8c9585b79df3154b5649da344281.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/548efe5333b56a0a042843a044e0348317f80065.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/b33551895b3c02dc7082363c6aae13f8e336f4e5.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/fea0f5ed287b04406afca0835b1a333bd1fe617b.patch.gz | patch -p1 --verbose || exit 1
+
+export PYTHON=python3
+
+# Configure, build, and install:
+CFLAGS="$SLKCFLAGS" \
+CXXFLAGS="$SLKCFLAGS" \
+./configure \
+ --prefix=/usr \
+ --libdir=/usr/lib${LIBDIRSUFFIX} \
+ --sysconfdir=/etc \
+ --localstatedir=/var \
+ --mandir=/usr/man \
+ --docdir=/usr/doc/$PKGNAM-$VERSION \
+ --with-pam-seclib-dir=/lib$LIBDIRSUFFIX/security \
+ --build=$ARCH-slackware-linux || exit 1
+make $NUMJOBS || make || exit 1
+make install DESTDIR=$PKG || exit 1
+
+# Don't ship .la files:
+rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la
+
+# Install config file as .new:
+mv $PKG/etc/nslcd.conf $PKG/etc/nslcd.conf.new
+# Restrict access since this file may include a secret credential:
+chmod 600 $PKG/etc/nslcd.conf.new
+
+# Install init script:
+mkdir -p $PKG/etc/rc.d
+cat $CWD/rc.nss-pam-ldapd > $PKG/etc/rc.d/rc.nss-pam-ldapd.new
+
+# Strip binaries:
+find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
+
+# Compress manual pages:
+find $PKG/usr/man -type f -exec gzip -9 {} \+
+for i in $( find $PKG/usr/man -type l ) ; do
+ ln -s $( readlink $i ).gz $i.gz
+ rm $i
+done
+
+# Add a documentation directory:
+mkdir -p $PKG/usr/doc/${PKGNAM}-$VERSION
+cp -a \
+ AUTHORS* ChangeLog COPYING* HACKING* LICENSE* NEWS* README* TODO* \
+ $PKG/usr/doc/${PKGNAM}-$VERSION
+
+# If there's a ChangeLog, installing at least part of the recent history
+# is useful, but don't let it get totally out of control:
+if [ -r ChangeLog ]; then
+ DOCSDIR=$(echo $PKG/usr/doc/${PKGNAM}-$VERSION)
+ cat ChangeLog | head -n 1000 > $DOCSDIR/ChangeLog
+ touch -r ChangeLog $DOCSDIR/ChangeLog
+fi
+
+mkdir -p $PKG/install
+zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh
+cat $CWD/slack-desc > $PKG/install/slack-desc
+
+cd $PKG
+/sbin/makepkg -l y -c n $TMP/$PKGNAM-$VERSION-$ARCH-$BUILD.txz
diff --git a/source/n/nss-pam-ldapd/nss-pam-ldapd.url b/source/n/nss-pam-ldapd/nss-pam-ldapd.url
new file mode 100644
index 00000000..2644c0eb
--- /dev/null
+++ b/source/n/nss-pam-ldapd/nss-pam-ldapd.url
@@ -0,0 +1 @@
+https://arthurdejong.org/nss-pam-ldapd
diff --git a/source/n/nss-pam-ldapd/rc.nss-pam-ldapd b/source/n/nss-pam-ldapd/rc.nss-pam-ldapd
new file mode 100644
index 00000000..7a4252a3
--- /dev/null
+++ b/source/n/nss-pam-ldapd/rc.nss-pam-ldapd
@@ -0,0 +1,37 @@
+#!/bin/sh
+#
+# rc.nss-pam-ldapd: start/stop/restart nslcd
+#
+# nslcd is a daemon that will do LDAP queries for local processes that want
+# to do user, group, and other naming lookups (NSS), or do user authentication,
+# authorization, or password modification (PAM).
+
+nslcd_start() {
+ if [ -x /usr/sbin/nslcd -a -r /etc/nslcd.conf ]; then
+ # Ensure /run directory exists:
+ mkdir -p /run/nslcd
+ echo "Starting local LDAP name service daemon: /usr/sbin/nslcd"
+ /usr/sbin/nslcd
+ fi
+}
+
+nslcd_stop() {
+ echo "Stopping local LDAP name service daemon."
+ killall --ns $$ nslcd
+}
+
+case "$1" in
+'start')
+ nslcd_start
+ ;;
+'stop')
+ nslcd_stop
+ ;;
+'restart')
+ nslcd_stop
+ sleep 2
+ nslcd_start
+ ;;
+*)
+ echo "usage $0 start|stop|restart"
+esac
diff --git a/source/n/nss-pam-ldapd/slack-desc b/source/n/nss-pam-ldapd/slack-desc
new file mode 100644
index 00000000..fed065b2
--- /dev/null
+++ b/source/n/nss-pam-ldapd/slack-desc
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description.
+# Line up the first '|' above the ':' following the base package name, and
+# the '|' on the right side marks the last column you can put a character in.
+# You must make exactly 11 lines for the formatting to be correct. It's also
+# customary to leave one space after the ':' except on otherwise blank lines.
+
+ |-----handy-ruler------------------------------------------------------|
+nss-pam-ldapd: nss-pam-ldapd (LDAP NSS/PAM module)
+nss-pam-ldapd:
+nss-pam-ldapd: nss-pam-ldapd is an NSS and PAM module that allows your LDAP server to
+nss-pam-ldapd: provide user account, group, host name, alias, netgroup, and basically
+nss-pam-ldapd: any other information that you would normally get from /etc/ flat
+nss-pam-ldapd: files or NIS. It also allows you to do authentication to an LDAP
+nss-pam-ldapd: server.
+nss-pam-ldapd:
+nss-pam-ldapd: Homepage: https://arthurdejong.org/nss-pam-ldapd/
+nss-pam-ldapd:
+nss-pam-ldapd:
diff --git a/source/n/openssh/openssh.SlackBuild b/source/n/openssh/openssh.SlackBuild
index 3a423c91..9465bbb7 100755
--- a/source/n/openssh/openssh.SlackBuild
+++ b/source/n/openssh/openssh.SlackBuild
@@ -30,7 +30,7 @@ PKG=$TMP/package-openssh
PKGNAM=openssh
VERSION=${VERSION:-$(echo openssh-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-2}
+BUILD=${BUILD:-3}
NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
diff --git a/source/n/openvpn/openvpn.SlackBuild b/source/n/openvpn/openvpn.SlackBuild
index 21406b8b..7390d1d6 100755
--- a/source/n/openvpn/openvpn.SlackBuild
+++ b/source/n/openvpn/openvpn.SlackBuild
@@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=openvpn
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
diff --git a/source/n/pam-krb5/pam-krb5.SlackBuild b/source/n/pam-krb5/pam-krb5.SlackBuild
new file mode 100755
index 00000000..e2ba9a03
--- /dev/null
+++ b/source/n/pam-krb5/pam-krb5.SlackBuild
@@ -0,0 +1,125 @@
+#!/bin/bash
+
+# Copyright 2020 Patrick J. Volkerding, Sebeka, Minnesota, USA
+# All rights reserved.
+#
+# Redistribution and use of this script, with or without modification, is
+# permitted provided that the following conditions are met:
+#
+# 1. Redistributions of this script must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+cd $(dirname $0) ; CWD=$(pwd)
+
+PKGNAM=pam-krb5
+VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
+BUILD=${BUILD:-1}
+
+# Automatically determine the architecture we're building on:
+if [ -z "$ARCH" ]; then
+ case "$(uname -m)" in
+ i?86) ARCH=i586 ;;
+ arm*) readelf /usr/bin/file -A | egrep -q "Tag_CPU.*[4,5]" && ARCH=arm || ARCH=armv7hl ;;
+ # Unless $ARCH is already set, use uname -m for all other archs:
+ *) ARCH=$(uname -m) ;;
+ esac
+ export ARCH
+fi
+
+# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
+# the name of the created package would be, and then exit. This information
+# could be useful to other scripts.
+if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
+ echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz"
+ exit 0
+fi
+
+NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
+
+if [ "$ARCH" = "i586" ]; then
+ SLKCFLAGS="-O2 -march=i586 -mtune=i686"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "i686" ]; then
+ SLKCFLAGS="-O2 -march=i686"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "s390" ]; then
+ SLKCFLAGS="-O2"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "x86_64" ]; then
+ SLKCFLAGS="-O2 -fPIC"
+ LIBDIRSUFFIX="64"
+elif [ "$ARCH" = "armv7hl" ]; then
+ SLKCFLAGS="-O3 -march=armv7-a -mfpu=vfpv3-d16"
+ LIBDIRSUFFIX=""
+else
+ SLKCFLAGS="-O2"
+ LIBDIRSUFFIX=""
+fi
+
+TMP=${TMP:-/tmp}
+PKG=$TMP/package-$PKGNAM
+
+rm -rf $PKG
+mkdir -p $TMP $PKG
+
+cd $TMP
+rm -rf $PKGNAM-$VERSION
+tar xvf $CWD/$PKGNAM-$VERSION.tar.?z || exit 1
+cd $PKGNAM-$VERSION || exit 1
+
+chown -R root:root .
+find . \
+ \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
+ -exec chmod 755 {} \+ -o \
+ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
+ -exec chmod 644 {} \+
+
+# Configure, build, and install:
+CFLAGS="$SLKCFLAGS" \
+CXXFLAGS="$SLKCFLAGS" \
+./configure \
+ --prefix=/usr \
+ --libdir=/usr/lib${LIBDIRSUFFIX} \
+ --sysconfdir=/etc \
+ --localstatedir=/var \
+ --docdir=/usr/doc/$PKGNAM-$VERSION \
+ --mandir=/usr/man \
+ --build=$ARCH-slackware-linux || exit 1
+make $NUMJOBS || make || exit 1
+make install DESTDIR=$PKG || exit 1
+
+# Don't ship .la files:
+rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la
+
+# Strip binaries:
+find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
+
+# Compress manual pages:
+find $PKG/usr/man -type f -exec gzip -9 {} \+
+for i in $( find $PKG/usr/man -type l ) ; do
+ ln -s $( readlink $i ).gz $i.gz
+ rm $i
+done
+
+# Add a documentation directory:
+mkdir -p $PKG/usr/doc/${PKGNAM}-$VERSION
+cp -a \
+ LICENSE* NEWS* README* TODO* \
+ $PKG/usr/doc/${PKGNAM}-$VERSION
+
+mkdir -p $PKG/install
+cat $CWD/slack-desc > $PKG/install/slack-desc
+
+cd $PKG
+/sbin/makepkg -l y -c n $TMP/$PKGNAM-$VERSION-$ARCH-$BUILD.txz
diff --git a/source/n/pam-krb5/pam-krb5.url b/source/n/pam-krb5/pam-krb5.url
new file mode 100644
index 00000000..08a19c59
--- /dev/null
+++ b/source/n/pam-krb5/pam-krb5.url
@@ -0,0 +1 @@
+https://archives.eyrie.org/software/kerberos
diff --git a/source/n/pam-krb5/slack-desc b/source/n/pam-krb5/slack-desc
new file mode 100644
index 00000000..1cbb0356
--- /dev/null
+++ b/source/n/pam-krb5/slack-desc
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description. Line
+# up the first '|' above the ':' following the base package name, and the '|'
+# on the right side marks the last column you can put a character in. You must
+# make exactly 11 lines for the formatting to be correct. It's also
+# customary to leave one space after the ':'.
+
+ |-----handy-ruler------------------------------------------------------|
+pam-krb5: pam-krb5 (PAM module for Kerberos v5)
+pam-krb5:
+pam-krb5: pam-krb5 is a Kerberos PAM module that supports ticket refreshing
+pam-krb5: by screen savers, configurable authorization handling,
+pam-krb5: authentication of non-local accounts for network services,
+pam-krb5: password changing, and password expiration, as well as all the
+pam-krb5: standard expected PAM features.
+pam-krb5:
+pam-krb5: Homepage: https://archives.eyrie.org/software/kerberos
+pam-krb5:
+pam-krb5:
diff --git a/source/n/pam-krb5/system-auth.krb5 b/source/n/pam-krb5/system-auth.krb5
new file mode 100644
index 00000000..04fa299b
--- /dev/null
+++ b/source/n/pam-krb5/system-auth.krb5
@@ -0,0 +1,12 @@
+auth sufficient pam_krb5.so
+auth required pam_unix.so use_first_pass use_authtok nullok
+
+account sufficient pam_krb5.so
+account required pam_unix.so use_first_pass use_authtok
+
+session required pam_mkhomedir.so
+session sufficient pam_krb5.so
+session required pam_unix.so use_first_pass use_authtok
+
+password sufficient pam_krb5.so
+password required pam_unix.so nullok
diff --git a/source/n/php/php.SlackBuild b/source/n/php/php.SlackBuild
index 2205ffe6..097ea470 100755
--- a/source/n/php/php.SlackBuild
+++ b/source/n/php/php.SlackBuild
@@ -28,7 +28,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=php
VERSION=${VERSION:-$(echo php-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
ALPINE=2.22
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
diff --git a/source/n/popa3d/popa3d.SlackBuild b/source/n/popa3d/popa3d.SlackBuild
index 511b8aa9..8dd9422c 100755
--- a/source/n/popa3d/popa3d.SlackBuild
+++ b/source/n/popa3d/popa3d.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=popa3d
VERSION=1.0.3
-BUILD=${BUILD:-3}
+BUILD=${BUILD:-4}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
diff --git a/source/n/ppp/ppp.SlackBuild b/source/n/ppp/ppp.SlackBuild
index c4f4f556..2b2ba60e 100755
--- a/source/n/ppp/ppp.SlackBuild
+++ b/source/n/ppp/ppp.SlackBuild
@@ -26,7 +26,7 @@ PKGNAM=ppp
VERSION=2.4.8
RADVER=1.1.7
PPPVER=1.98
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
diff --git a/source/n/proftpd/proftpd.SlackBuild b/source/n/proftpd/proftpd.SlackBuild
index 2d436cea..53eba37b 100755
--- a/source/n/proftpd/proftpd.SlackBuild
+++ b/source/n/proftpd/proftpd.SlackBuild
@@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=proftpd
VERSION=1.3.6c
DIRVER=1.3.6c
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
diff --git a/source/n/samba/samba.SlackBuild b/source/n/samba/samba.SlackBuild
index 854483e3..8c09f50c 100755
--- a/source/n/samba/samba.SlackBuild
+++ b/source/n/samba/samba.SlackBuild
@@ -26,7 +26,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=samba
VERSION=${VERSION:-$(echo samba-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
if [ -e $CWD/machine.conf ]; then
. $CWD/machine.conf ]
diff --git a/source/n/tin/tin.SlackBuild b/source/n/tin/tin.SlackBuild
index 53e983ee..0fa8b83c 100755
--- a/source/n/tin/tin.SlackBuild
+++ b/source/n/tin/tin.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=tin
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
diff --git a/source/n/vsftpd/vsftpd.SlackBuild b/source/n/vsftpd/vsftpd.SlackBuild
index 2f7f1209..91af9cbe 100755
--- a/source/n/vsftpd/vsftpd.SlackBuild
+++ b/source/n/vsftpd/vsftpd.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=vsftpd
VERSION=${VERSION:-$(echo ${PKGNAM}-*.tar.gz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-5}
+BUILD=${BUILD:-6}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
diff --git a/source/t/texlive/texlive.SlackBuild b/source/t/texlive/texlive.SlackBuild
index a6eaf8f1..92e1f908 100755
--- a/source/t/texlive/texlive.SlackBuild
+++ b/source/t/texlive/texlive.SlackBuild
@@ -33,7 +33,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=texlive
SOURCEVERSION=${SOURCEVERSION:-20190410}
VERSION=${VERSION:-2019.190626}
-BUILD=${BUILD:-3}
+BUILD=${BUILD:-4}
TMP=${TMP:-/tmp}
PKG=$TMP/package-texlive
diff --git a/source/x/vulkan-sdk/fetch-sources.sh b/source/x/vulkan-sdk/fetch-sources.sh
index 8d557bbe..daa83a63 100755
--- a/source/x/vulkan-sdk/fetch-sources.sh
+++ b/source/x/vulkan-sdk/fetch-sources.sh
@@ -27,8 +27,8 @@
#
# Example: VERSION=1.1.92.1 ./fetch-sources.sh
-VERSION=${VERSION:-1.2.131.2}
-BRANCH=${BRANCH:-sdk-1.2.131}
+VERSION=${VERSION:-1.2.135.0}
+BRANCH=${BRANCH:-sdk-1.2.135}
rm -rf Vulkan-*-*.tar.?z glslang* SPIRV-Tools* SPIRV-Headers* \
Vulkan-Headers-sdk-${VERSION}* \
diff --git a/source/x/x11/build/xdm b/source/x/x11/build/xdm
index ec635144..f599e28b 100644
--- a/source/x/x11/build/xdm
+++ b/source/x/x11/build/xdm
@@ -1 +1 @@
-9
+10
diff --git a/source/x/x11/build/xisxwayland b/source/x/x11/build/xisxwayland
new file mode 100644
index 00000000..d00491fd
--- /dev/null
+++ b/source/x/x11/build/xisxwayland
@@ -0,0 +1 @@
+1
diff --git a/source/x/x11/configure/xisxwayland b/source/x/x11/configure/xisxwayland
new file mode 100644
index 00000000..cd149401
--- /dev/null
+++ b/source/x/x11/configure/xisxwayland
@@ -0,0 +1,17 @@
+export CFLAGS="$SLKCFLAGS"
+export CXXFLAGS="$SLKCFLAGS"
+mkdir build
+cd build
+meson setup \
+ --prefix=/usr \
+ --libdir=lib${LIBDIRSUFFIX} \
+ --libexecdir /usr/libexec \
+ --bindir /usr/bin \
+ --sbindir /usr/sbin \
+ --includedir /usr/include \
+ --datadir /usr/share \
+ --mandir /usr/man \
+ --sysconfdir /etc \
+ --localstatedir /var \
+ --buildtype=release \
+ .. || exit 1
diff --git a/source/x/x11/make/xisxwayland b/source/x/x11/make/xisxwayland
new file mode 100644
index 00000000..b22bc0de
--- /dev/null
+++ b/source/x/x11/make/xisxwayland
@@ -0,0 +1,6 @@
+export CFLAGS="$SLKCFLAGS"
+export CXXFLAGS="$SLKCFLAGS"
+cd build
+ ninja || exit 1
+ DESTDIR=$PKG ninja install || exit 1
+cd ..
diff --git a/source/x/x11/modularize b/source/x/x11/modularize
index 94d7fe7c..077288f2 100644
--- a/source/x/x11/modularize
+++ b/source/x/x11/modularize
@@ -233,6 +233,7 @@ xhost
xineramaproto
xinit
xinput
+xisxwayland
xkbcomp
xkbevd
xkbprint
diff --git a/source/x/x11/slack-desc/xisxwayland b/source/x/x11/slack-desc/xisxwayland
new file mode 100644
index 00000000..b155cfe5
--- /dev/null
+++ b/source/x/x11/slack-desc/xisxwayland
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description. Line
+# up the first '|' above the ':' following the base package name, and the '|'
+# on the right side marks the last column you can put a character in. You must
+# make exactly 11 lines for the formatting to be correct. It's also
+# customary to leave one space after the ':'.
+
+ |-----handy-ruler------------------------------------------------------|
+xisxwayland: xisxwayland (determine if Xwayland is in use)
+xisxwayland:
+xisxwayland: xisxwayland is a tool to be used within shell scripts to determine
+xisxwayland: whether the X server in use is Xwayland. It exits with status 0 if
+xisxwayland: the server is an Xwayland server and 1 otherwise. Any error results
+xisxwayland: in an exit code of 3.
+xisxwayland:
+xisxwayland:
+xisxwayland:
+xisxwayland:
+xisxwayland:
diff --git a/source/xap/sane/sane.SlackBuild b/source/xap/sane/sane.SlackBuild
index 301ec1b6..641a50c1 100755
--- a/source/xap/sane/sane.SlackBuild
+++ b/source/xap/sane/sane.SlackBuild
@@ -1,6 +1,6 @@
#!/bin/bash
-# Copyright 2008, 2009, 2010, 2011, 2012, 2013, 2018, 2019 Patrick Volkerding, Sebeka, MN, USA
+# Copyright 2008, 2009, 2010, 2011, 2012, 2013, 2018, 2019, 2020 Patrick Volkerding, Sebeka, MN, USA
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
@@ -23,8 +23,8 @@
cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=sane
-VERSION=1.0.29
-BACKVER=1.0.29
+VERSION=1.0.30
+BACKVER=1.0.30
FRONTVER=1.0.14
BUILD=${BUILD:-1}
@@ -120,6 +120,14 @@ cat tools/udev/libsane.rules \
install -D -m644 tools/sane-backends.pc \
$PKG/usr/lib$LIBDIRSUFFIX/pkgconfig/sane-backends.pc
+# If there's a ChangeLog, installing at least part of the recent history
+# is useful, but don't let it get totally out of control:
+if [ -r ChangeLog ]; then
+ DOCSDIR=$(echo $PKG/usr/doc/${PKGNAM}-$VERSION)
+ cat ChangeLog | head -n 1000 > $DOCSDIR/ChangeLog
+ touch -r ChangeLog $DOCSDIR/ChangeLog
+fi
+
# Now let's build the frontends:
cd $TMP
rm -rf sane-frontends-$FRONTVER
@@ -182,10 +190,12 @@ if [ -d $PKG/usr/man ]; then
)
fi
+# Do not include ancient ChangeLogs:
+rm -rf $PKG/usr/doc/${PKGNAM}-$VERSION/ChangeLogs
+
mkdir -p $PKG/install
cat $CWD/slack-desc > $PKG/install/slack-desc
zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh
cd $PKG
/sbin/makepkg -l y -c n $TMP/sane-$VERSION-$ARCH-$BUILD.txz
-
diff --git a/source/xap/sane/sane.url b/source/xap/sane/sane.url
new file mode 100644
index 00000000..a5d74eaa
--- /dev/null
+++ b/source/xap/sane/sane.url
@@ -0,0 +1 @@
+http://www.sane-project.org/source.html
diff --git a/source/xap/sane/slack-desc b/source/xap/sane/slack-desc
index 44ef6348..b123e8bf 100644
--- a/source/xap/sane/slack-desc
+++ b/source/xap/sane/slack-desc
@@ -13,7 +13,7 @@ sane: access to any raster image scanner hardware, such as flatbed scanners,
sane: hand-held scanners, video and still cameras, frame-grabbers, and other
sane: similar devices.
sane:
-sane:
+sane: Homepage: http://www.sane-project.org
sane:
sane:
sane:
diff --git a/source/xap/xlockmore/xlockmore.SlackBuild b/source/xap/xlockmore/xlockmore.SlackBuild
index 25322d6c..68d9e298 100755
--- a/source/xap/xlockmore/xlockmore.SlackBuild
+++ b/source/xap/xlockmore/xlockmore.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=xlockmore
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
diff --git a/source/xap/xscreensaver/xscreensaver.SlackBuild b/source/xap/xscreensaver/xscreensaver.SlackBuild
index cb9c10cd..5fbbcd92 100755
--- a/source/xap/xscreensaver/xscreensaver.SlackBuild
+++ b/source/xap/xscreensaver/xscreensaver.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=xscreensaver
VERSION=${VERSION:-$(echo xscreensaver-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then