Merged update from upstream sources

This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/pam.git#75940340ad3cd336f66d68188d95d43b45233fa4

pam-1.4.0-motd-privilege-message.patch

@@ -0,0 +1,27 @@
+From 9f24bbeeb4fe04bc396898cd9825478ad52c5ac7 Mon Sep 17 00:00:00 2001
+From: ikerexxe <ipedrosa@redhat.com>
+Date: Wed, 21 Oct 2020 09:47:20 +0200
+Subject: [PATCH] pam_motd: unset prompt value to drop privileges
+
+modules/pam_motd/pam_motd.c: set NULL value instead of "key user" for the
+prompt when dropping privileges.
+---
+ modules/pam_motd/pam_motd.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c
+index a4fd0e59..6ac8cba2 100644
+--- a/modules/pam_motd/pam_motd.c
++++ b/modules/pam_motd/pam_motd.c
+@@ -288,7 +288,7 @@ static int drop_privileges(pam_handle_t *pamh, struct pam_modutil_privs *privs)
+     const char *username;
+     int retval;
+ 
+-    retval = pam_get_user(pamh, &username, "key user");
++    retval = pam_get_user(pamh, &username, NULL);
+ 
+     if (retval == PAM_SUCCESS) {
+         pw = pam_modutil_getpwnam (pamh, username);
+-- 
+2.26.2
+

pam-1.4.0-unix-init-daysleft.patch

@@ -0,0 +1,32 @@
+From db6b293046aee4735f3aa2d1713742ed4b533219 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tmraz@fedoraproject.org>
+Date: Wed, 22 Jul 2020 11:47:55 +0200
+Subject: [PATCH] Fix missing initialization of daysleft
+
+The daysleft otherwise stays uninitialized if there is no shadow entry.
+
+Regression from commit f5adefa.
+
+Fixes #255
+
+* modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Initialize daysleft.
+---
+ modules/pam_unix/pam_unix_acct.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c
+index de8d65c1..f46f2308 100644
+--- a/modules/pam_unix/pam_unix_acct.c
++++ b/modules/pam_unix/pam_unix_acct.c
+@@ -189,7 +189,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv)
+ 	unsigned long long ctrl;
+ 	const void *void_uname;
+ 	const char *uname;
+-	int retval, daysleft;
++	int retval, daysleft = -1;
+ 	char buf[256];
+ 
+ 	D(("called."));
+-- 
+2.26.2
+

pam.spec

@@ -3,7 +3,7 @@
 Summary: An extensible library which provides authentication for applications
 Name: pam
 Version: 1.4.0
-Release: 5%{?dist}
+Release: 6%{?dist}
 # The library is BSD licensed with option to relicense as GPLv2+
 # - this option is redundant as the BSD license allows that anyway.
 # pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
@@ -48,6 +48,10 @@ Patch58: pam-1.3.1-faillock-change-file-permissions.patch
 # https://github.com/linux-pam/linux-pam/commit/16cebfeb30a8bd7c7dc269190a054c25b0f8d044
 # https://github.com/linux-pam/linux-pam/commit/ad8b6feaf8ea989368676acaea905998a807986e
 Patch59: pam-1.4.0-motd-filter-files.patch
+# https://github.com/linux-pam/linux-pam/commit/db6b293046aee4735f3aa2d1713742ed4b533219
+Patch60: pam-1.4.0-unix-init-daysleft.patch
+# https://github.com/linux-pam/linux-pam/commit/9f24bbeeb4fe04bc396898cd9825478ad52c5ac7
+Patch61: pam-1.4.0-motd-privilege-message.patch
 
 %global _pamlibdir %{_libdir}
 %global _moduledir %{_libdir}/security
@@ -139,6 +143,8 @@ cp %{SOURCE18} .
 %patch57 -p1 -b .determine-user-exists
 %patch58 -p1 -b .faillock-change-file-permissions
 %patch59 -p1 -b .motd-filter-files
+%patch60 -p1 -b .unix-init-daysleft
+%patch61 -p1 -b .motd-privilege-message
 
 autoreconf -i
 
@@ -398,6 +404,10 @@ done
 %doc doc/sag/*.txt doc/sag/html
 
 %changelog
+* Mon Oct 19 2020 Iker Pedrosa <ipedrosa@redhat.com> - 1.4.0-6
+- pam_unix: fix missing initialization of daysleft  (#1887077)
+- pam_motd: change privilege message prompt to default (#1861640)
+
 * Wed Oct 14 2020 Iker Pedrosa <ipedrosa@redhat.com> - 1.4.0-5
 - pam_motd: read motd files with target user credentials skipping unreadable ones (#1861640)
 - Clarify upstreamed patches