From 35569b9b83468249103ee2bc0826b1e31c9f6043 Mon Sep 17 00:00:00 2001
From: DistroBaker <osci-list@redhat.com>
Date: Tue, 27 Oct 2020 21:41:33 +0100
Subject: [PATCH] Merged update from upstream sources

This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/pam.git#75940340ad3cd336f66d68188d95d43b45233fa4
---
 pam-1.4.0-motd-privilege-message.patch | 27 ++++++++++++++++++++++
 pam-1.4.0-unix-init-daysleft.patch     | 32 ++++++++++++++++++++++++++
 pam.spec                               | 12 +++++++++-
 3 files changed, 70 insertions(+), 1 deletion(-)
 create mode 100644 pam-1.4.0-motd-privilege-message.patch
 create mode 100644 pam-1.4.0-unix-init-daysleft.patch

diff --git a/pam-1.4.0-motd-privilege-message.patch b/pam-1.4.0-motd-privilege-message.patch
new file mode 100644
index 0000000..065e3a0
--- /dev/null
+++ b/pam-1.4.0-motd-privilege-message.patch
@@ -0,0 +1,27 @@
+From 9f24bbeeb4fe04bc396898cd9825478ad52c5ac7 Mon Sep 17 00:00:00 2001
+From: ikerexxe <ipedrosa@redhat.com>
+Date: Wed, 21 Oct 2020 09:47:20 +0200
+Subject: [PATCH] pam_motd: unset prompt value to drop privileges
+
+modules/pam_motd/pam_motd.c: set NULL value instead of "key user" for the
+prompt when dropping privileges.
+---
+ modules/pam_motd/pam_motd.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c
+index a4fd0e59..6ac8cba2 100644
+--- a/modules/pam_motd/pam_motd.c
++++ b/modules/pam_motd/pam_motd.c
+@@ -288,7 +288,7 @@ static int drop_privileges(pam_handle_t *pamh, struct pam_modutil_privs *privs)
+     const char *username;
+     int retval;
+ 
+-    retval = pam_get_user(pamh, &username, "key user");
++    retval = pam_get_user(pamh, &username, NULL);
+ 
+     if (retval == PAM_SUCCESS) {
+         pw = pam_modutil_getpwnam (pamh, username);
+-- 
+2.26.2
+
diff --git a/pam-1.4.0-unix-init-daysleft.patch b/pam-1.4.0-unix-init-daysleft.patch
new file mode 100644
index 0000000..7939f2c
--- /dev/null
+++ b/pam-1.4.0-unix-init-daysleft.patch
@@ -0,0 +1,32 @@
+From db6b293046aee4735f3aa2d1713742ed4b533219 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tmraz@fedoraproject.org>
+Date: Wed, 22 Jul 2020 11:47:55 +0200
+Subject: [PATCH] Fix missing initialization of daysleft
+
+The daysleft otherwise stays uninitialized if there is no shadow entry.
+
+Regression from commit f5adefa.
+
+Fixes #255
+
+* modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Initialize daysleft.
+---
+ modules/pam_unix/pam_unix_acct.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c
+index de8d65c1..f46f2308 100644
+--- a/modules/pam_unix/pam_unix_acct.c
++++ b/modules/pam_unix/pam_unix_acct.c
+@@ -189,7 +189,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv)
+ 	unsigned long long ctrl;
+ 	const void *void_uname;
+ 	const char *uname;
+-	int retval, daysleft;
++	int retval, daysleft = -1;
+ 	char buf[256];
+ 
+ 	D(("called."));
+-- 
+2.26.2
+
diff --git a/pam.spec b/pam.spec
index ddb9b21..103d90d 100644
--- a/pam.spec
+++ b/pam.spec
@@ -3,7 +3,7 @@
 Summary: An extensible library which provides authentication for applications
 Name: pam
 Version: 1.4.0
-Release: 5%{?dist}
+Release: 6%{?dist}
 # The library is BSD licensed with option to relicense as GPLv2+
 # - this option is redundant as the BSD license allows that anyway.
 # pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
@@ -48,6 +48,10 @@ Patch58: pam-1.3.1-faillock-change-file-permissions.patch
 # https://github.com/linux-pam/linux-pam/commit/16cebfeb30a8bd7c7dc269190a054c25b0f8d044
 # https://github.com/linux-pam/linux-pam/commit/ad8b6feaf8ea989368676acaea905998a807986e
 Patch59: pam-1.4.0-motd-filter-files.patch
+# https://github.com/linux-pam/linux-pam/commit/db6b293046aee4735f3aa2d1713742ed4b533219
+Patch60: pam-1.4.0-unix-init-daysleft.patch
+# https://github.com/linux-pam/linux-pam/commit/9f24bbeeb4fe04bc396898cd9825478ad52c5ac7
+Patch61: pam-1.4.0-motd-privilege-message.patch
 
 %global _pamlibdir %{_libdir}
 %global _moduledir %{_libdir}/security
@@ -139,6 +143,8 @@ cp %{SOURCE18} .
 %patch57 -p1 -b .determine-user-exists
 %patch58 -p1 -b .faillock-change-file-permissions
 %patch59 -p1 -b .motd-filter-files
+%patch60 -p1 -b .unix-init-daysleft
+%patch61 -p1 -b .motd-privilege-message
 
 autoreconf -i
 
@@ -398,6 +404,10 @@ done
 %doc doc/sag/*.txt doc/sag/html
 
 %changelog
+* Mon Oct 19 2020 Iker Pedrosa <ipedrosa@redhat.com> - 1.4.0-6
+- pam_unix: fix missing initialization of daysleft  (#1887077)
+- pam_motd: change privilege message prompt to default (#1861640)
+
 * Wed Oct 14 2020 Iker Pedrosa <ipedrosa@redhat.com> - 1.4.0-5
 - pam_motd: read motd files with target user credentials skipping unreadable ones (#1861640)
 - Clarify upstreamed patches