From 6e02380a0fc76bb2ab1432502a9615c1040a56bc Mon Sep 17 00:00:00 2001
From: Iker Pedrosa <ipedrosa@redhat.com>
Date: Thu, 15 Feb 2024 12:59:05 +0100
Subject: [PATCH] pam_unix: do not warn if password aging is disabled

Resolves: #2263689

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
---
 pam-1.6.0-unix-warn-passwd.patch | 30 ++++++++++++++++++++++++++++++
 pam.spec                         |  7 ++++++-
 2 files changed, 36 insertions(+), 1 deletion(-)
 create mode 100644 pam-1.6.0-unix-warn-passwd.patch

diff --git a/pam-1.6.0-unix-warn-passwd.patch b/pam-1.6.0-unix-warn-passwd.patch
new file mode 100644
index 0000000..0464bd9
--- /dev/null
+++ b/pam-1.6.0-unix-warn-passwd.patch
@@ -0,0 +1,30 @@
+From 470b5bdd8fd29d6b35e3a80f9a57bdd4b2438200 Mon Sep 17 00:00:00 2001
+From: Tobias Stoeckmann <tobias@stoeckmann.org>
+Date: Fri, 19 Jan 2024 10:09:00 +0100
+Subject: [PATCH] pam_unix: do not warn if password aging is disabled
+
+Later checks will print a warning if daysleft is 0. If password
+aging is disabled, leave daysleft at -1.
+
+Resolves: https://github.com/linux-pam/linux-pam/issues/743
+Fixes: 9ebc14085a3b ("pam_unix: allow disabled password aging")
+Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
+---
+ modules/pam_unix/passverify.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
+index 5c4f862e..1bc98fa2 100644
+--- a/modules/pam_unix/passverify.c
++++ b/modules/pam_unix/passverify.c
+@@ -314,7 +314,6 @@ PAMH_ARG_DECL(int check_shadow_expiry,
+ 	}
+ 	if (spent->sp_lstchg < 0) {
+ 		D(("password aging disabled"));
+-		*daysleft = 0;
+ 		return PAM_SUCCESS;
+ 	}
+ 	if (curdays < spent->sp_lstchg) {
+-- 
+2.43.0
+
diff --git a/pam.spec b/pam.spec
index f7ae0fc..640e174 100644
--- a/pam.spec
+++ b/pam.spec
@@ -4,7 +4,7 @@
 Summary: An extensible library which provides authentication for applications
 Name: pam
 Version: 1.6.0
-Release: 1%{?dist}
+Release: 2%{?dist}
 # The library is BSD licensed with option to relicense as GPLv2+
 # - this option is redundant as the BSD license allows that anyway.
 # pam_timestamp and pam_loginuid modules are GPLv2+.
@@ -25,6 +25,7 @@ Source18: https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
 Patch1:  pam-1.6.0-redhat-modules.patch
 Patch2:  pam-1.6.0-noflex.patch
 Patch3:  pam-1.5.3-unix-nomsg.patch
+Patch4:  pam-1.6.0-unix-warn-passwd.patch
 
 %{load:%{SOURCE3}}
 
@@ -119,6 +120,7 @@ cp %{SOURCE18} .
 %patch -P 1 -p1 -b .redhat-modules
 %patch -P 2 -p1 -b .noflex
 %patch -P 3 -p1 -b .nomsg
+%patch -P 4 -p1 -b .unix-warn-passwd
 
 autoreconf -i
 
@@ -356,6 +358,9 @@ done
 %{_pam_libdir}/libpam_misc.so.%{so_ver}*
 
 %changelog
+* Thu Feb 15 2024 Iker Pedrosa <ipedrosa@redhat.com> - 1.6.0-2
+- pam_unix: do not warn if password aging is disabled (#2263689)
+
 * Tue Jan 23 2024 Iker Pedrosa <ipedrosa@redhat.com> - 1.6.0-1
 - Rebase to release 1.6.0
   Resolves: #2258964