From e8f014fc085ed82d8a6441d2ff0d80b9ec513588 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Mon, 8 Jul 2013 15:15:02 +0200
Subject: [PATCH] treat empty user or old password as NULL

---
 libpwquality-1.2.2-empty-user.patch | 16 ++++++++++++++++
 libpwquality.spec                   |  7 ++++++-
 2 files changed, 22 insertions(+), 1 deletion(-)
 create mode 100644 libpwquality-1.2.2-empty-user.patch

diff --git a/libpwquality-1.2.2-empty-user.patch b/libpwquality-1.2.2-empty-user.patch
new file mode 100644
index 0000000..d104066
--- /dev/null
+++ b/libpwquality-1.2.2-empty-user.patch
@@ -0,0 +1,16 @@
+diff -r e8035cfc9647 src/check.c
+--- a/src/check.c	Wed Jun 19 17:41:41 2013 +0200
++++ b/src/check.c	Mon Jul 08 14:46:04 2013 +0200
+@@ -654,6 +654,12 @@
+                 return PWQ_ERROR_EMPTY_PASSWORD;
+         }
+ 
++        if (user && *user == '\0')
++                user = NULL;
++
++        if (oldpassword && *oldpassword == '\0')
++                oldpassword = NULL;
++
+         if (oldpassword && strcmp(oldpassword, password) == 0) {
+                 return PWQ_ERROR_SAME_PASSWORD;
+         }
diff --git a/libpwquality.spec b/libpwquality.spec
index 08fbbad..050d6f4 100644
--- a/libpwquality.spec
+++ b/libpwquality.spec
@@ -1,12 +1,13 @@
 Summary: A library for password generation and password quality checking
 Name: libpwquality
 Version: 1.2.2
-Release: 1%{?dist}
+Release: 2%{?dist}
 # The package is BSD licensed with option to relicense as GPLv2+
 # - this option is redundant as the BSD license allows that anyway.
 License: BSD or GPLv2+
 Group: System Environment/Base
 Source0: http://fedorahosted.org/releases/l/i/libpwquality/libpwquality-%{version}.tar.bz2
+Patch1: libpwquality-1.2.2-empty-user.patch
 
 %global _moduledir /%{_lib}/security
 %global _secconfdir %{_sysconfdir}/security
@@ -53,6 +54,7 @@ pronounceable passwords from Python applications.
 
 %prep
 %setup -q
+%patch1 -p0 -b .empty-user
 
 %build
 %configure \
@@ -104,6 +106,9 @@ rm -f $RPM_BUILD_ROOT%{_moduledir}/*.la
 %{python_sitearch}/pwquality.so
 
 %changelog
+* Mon Jul  8 2013 Tomas Mraz <tmraz@redhat.com> 1.2.2-2
+- treat empty user or old password as NULL
+
 * Wed Jun 19 2013 Tomas Mraz <tmraz@redhat.com> 1.2.2-1
 - manual page fixes
 - make it possible to set the maxsequence configuration value