libpam: backport patches from upstream

Backport patches from linux-pam git repo to fix test case
tst-pam_pwhistory1 failure.

[YOCTO #4107]

(From OE-Core rev: 65e4a9f050ae588ec794808315a206d94ca7a861)

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

meta/recipes-extended/pam/libpam/add-checks-for-crypt-returning-NULL.patch

@@ -0,0 +1,63 @@
+Backport from linux-pam git repo.
+
+[YOCTO #4107]
+
+Upstream-Status: Backport
+
+Signed-off-by: Kang Kai <kai.kang@windriver.com>
+
+From 8dc056c1c8bc7acb66c4decc49add2c3a24e6310 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tmraz@fedoraproject.org>
+Date: Fri, 8 Feb 2013 15:04:26 +0100
+Subject: [PATCH] Add checks for crypt() returning NULL.
+
+modules/pam_pwhistory/opasswd.c (compare_password): Add check for crypt() NULL return.
+modules/pam_unix/bigcrypt.c (bigcrypt): Likewise.
+---
+ modules/pam_pwhistory/opasswd.c |    2 +-
+ modules/pam_unix/bigcrypt.c     |    9 +++++++++
+ 2 files changed, 10 insertions(+), 1 deletions(-)
+
+diff --git a/modules/pam_pwhistory/opasswd.c b/modules/pam_pwhistory/opasswd.c
+index 274fdb9..836d713 100644
+--- a/modules/pam_pwhistory/opasswd.c
++++ b/modules/pam_pwhistory/opasswd.c
+@@ -108,7 +108,7 @@ compare_password(const char *newpass, const char *oldpass)
+   outval = crypt (newpass, oldpass);
+ #endif
+ 
+-  return strcmp(outval, oldpass) == 0;
++  return outval != NULL && strcmp(outval, oldpass) == 0;
+ }
+ 
+ /* Check, if the new password is already in the opasswd file.  */
+diff --git a/modules/pam_unix/bigcrypt.c b/modules/pam_unix/bigcrypt.c
+index e10d1c5..e1d57a0 100644
+--- a/modules/pam_unix/bigcrypt.c
++++ b/modules/pam_unix/bigcrypt.c
+@@ -109,6 +109,10 @@ char *bigcrypt(const char *key, const char *salt)
+ #else
+ 	tmp_ptr = crypt(plaintext_ptr, salt);	/* libc crypt() */
+ #endif
++	if (tmp_ptr == NULL) {
++		free(dec_c2_cryptbuf);
++		return NULL;
++	}
+ 	/* and place in the static area */
+ 	strncpy(cipher_ptr, tmp_ptr, 13);
+ 	cipher_ptr += ESEGMENT_SIZE + SALT_SIZE;
+@@ -130,6 +134,11 @@ char *bigcrypt(const char *key, const char *salt)
+ #else
+ 			tmp_ptr = crypt(plaintext_ptr, salt_ptr);
+ #endif
++			if (tmp_ptr == NULL) {
++				_pam_overwrite(dec_c2_cryptbuf);
++				free(dec_c2_cryptbuf);
++				return NULL;
++			}
+ 
+ 			/* skip the salt for seg!=0 */
+ 			strncpy(cipher_ptr, (tmp_ptr + SALT_SIZE), ESEGMENT_SIZE);
+-- 
+1.7.5.4
+

meta/recipes-extended/pam/libpam/reflect-the-enforce_for_root-semantics-change-in-pam.patch

@@ -0,0 +1,35 @@
+Backport from linux-pam git repo.
+
+[YOCTO #4107]
+
+Upstream-Status: Backport
+
+Signed-off-by: Kang Kai <kai.kang@windriver.com>
+
+From bd07ad3adc626f842a4391d256541883426fd389 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tmraz@fedoraproject.org>
+Date: Tue, 13 Nov 2012 09:19:05 +0100
+Subject: [PATCH] Reflect the enforce_for_root semantics change in
+ pam_pwhistory xtest.
+
+xtests/tst-pam_pwhistory1.pamd: Use enforce_for_root as the test is
+running with real uid == 0.
+---
+ xtests/tst-pam_pwhistory1.pamd | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/xtests/tst-pam_pwhistory1.pamd b/xtests/tst-pam_pwhistory1.pamd
+index 68e1b94..d60db7c 100644
+--- a/xtests/tst-pam_pwhistory1.pamd
++++ b/xtests/tst-pam_pwhistory1.pamd
+@@ -1,6 +1,6 @@
+ #%PAM-1.0
+ auth     required       pam_permit.so
+ account  required       pam_permit.so
+-password required	pam_pwhistory.so remember=10 retry=1
++password required	pam_pwhistory.so remember=10 retry=1 enforce_for_root
+ password required	pam_unix.so	use_authtok md5
+ session  required       pam_permit.so
+-- 
+1.7.11.7
+

meta/recipes-extended/pam/libpam_1.1.6.bb

@@ -15,6 +15,8 @@ SRC_URI = "http://linux-pam.org/library/Linux-PAM-${PV}.tar.bz2 \
            file://libpam-xtests.patch \
            file://destdirfix.patch \
            file://fixsepbuild.patch \
+           file://reflect-the-enforce_for_root-semantics-change-in-pam.patch \
+           file://add-checks-for-crypt-returning-NULL.patch \
           "
 SRC_URI[md5sum] = "7b73e58b7ce79ffa321d408de06db2c4"
 SRC_URI[sha256sum] = "bab887d6280f47fc3963df3b95735a27a16f0f663636163ddf3acab5f1149fc2"