shadow: upgrade to 4.1.4.3 to fix security vulnerability

For CVE-2011-0721: http://lists.debian.org/debian-security-announce/2011/msg00030.html

Signed-off-by: Yu Ke <ke.yu@intel.com>

14 files changed, 646 insertions, 0 deletions

diff --git a/meta/recipes-extended/shadow/files/login_defs_pam.sed b/meta/recipes-extended/shadow/files/login_defs_pam.sed
new file mode 100644
index 0000000000..0a1f3be4af
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/login_defs_pam.sed
@@ -0,0 +1,32 @@
+/^FAILLOG_ENAB/b comment
+/^LASTLOG_ENAB/b comment
+/^MAIL_CHECK_ENAB/b comment
+/^OBSCURE_CHECKS_ENAB/b comment
+/^PORTTIME_CHECKS_ENAB/b comment
+/^QUOTAS_ENAB/b comment
+/^MOTD_FILE/b comment
+/^FTMP_FILE/b comment
+/^NOLOGINS_FILE/b comment
+/^ENV_HZ/b comment
+/^ENV_TZ/b comment
+/^PASS_MIN_LEN/b comment
+/^SU_WHEEL_ONLY/b comment
+/^CRACKLIB_DICTPATH/b comment
+/^PASS_CHANGE_TRIES/b comment
+/^PASS_ALWAYS_WARN/b comment
+/^PASS_MAX_LEN/b comment
+/^PASS_MIN_LEN/b comment
+/^CHFN_AUTH/b comment
+/^CHSH_AUTH/b comment
+/^ISSUE_FILE/b comment
+/^LOGIN_STRING/b comment
+/^ULIMIT/b comment
+/^ENVIRON_FILE/b comment
+
+b exit
+
+: comment
+  s:^:#:
+
+: exit
+
diff --git a/meta/recipes-extended/shadow/files/pam.d/chfn b/meta/recipes-extended/shadow/files/pam.d/chfn
new file mode 100644
index 0000000000..baf7698bba
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/pam.d/chfn
@@ -0,0 +1,14 @@
+#
+# The PAM configuration file for the Shadow `chfn' service
+#
+
+# This allows root to change user infomation without being
+# prompted for a password
+auth		sufficient	pam_rootok.so
+
+# The standard Unix authentication modules, used with
+# NIS (man nsswitch) as well as normal /etc/passwd and
+# /etc/shadow entries.
+auth       include      common-auth
+account    include      common-account
+session    include      common-session
diff --git a/meta/recipes-extended/shadow/files/pam.d/chpasswd b/meta/recipes-extended/shadow/files/pam.d/chpasswd
new file mode 100644
index 0000000000..9e3efa68ba
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/pam.d/chpasswd
@@ -0,0 +1,4 @@
+# The PAM configuration file for the Shadow 'chpasswd' service
+#
+
+password   include      common-password
diff --git a/meta/recipes-extended/shadow/files/pam.d/chsh b/meta/recipes-extended/shadow/files/pam.d/chsh
new file mode 100644
index 0000000000..8fb169f64e
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/pam.d/chsh
@@ -0,0 +1,19 @@
+#
+# The PAM configuration file for the Shadow `chsh' service
+#
+
+# This will not allow a user to change their shell unless
+# their current one is listed in /etc/shells. This keeps
+# accounts with special shells from changing them.
+auth       required   pam_shells.so
+
+# This allows root to change user shell without being
+# prompted for a password
+auth		sufficient	pam_rootok.so
+
+# The standard Unix authentication modules, used with
+# NIS (man nsswitch) as well as normal /etc/passwd and
+# /etc/shadow entries.
+auth       include      common-auth
+account    include      common-account
+session    include      common-session
diff --git a/meta/recipes-extended/shadow/files/pam.d/login b/meta/recipes-extended/shadow/files/pam.d/login
new file mode 100644
index 0000000000..e41eb04ec1
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/pam.d/login
@@ -0,0 +1,91 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+# Note that it is included as a "requisite" module. No password prompts will
+# be displayed if this module fails to avoid having the root password
+# transmitted on unsecure ttys.
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root).
+auth       [success=ok ignore=ignore user_unknown=ignore default=die]  pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+auth       include      common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time restrainst on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon succesful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon succesful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon succesful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+account    include      common-account
+password   include      common-password
+session    include      common-session
diff --git a/meta/recipes-extended/shadow/files/pam.d/newusers b/meta/recipes-extended/shadow/files/pam.d/newusers
new file mode 100644
index 0000000000..4aa3dde48b
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/pam.d/newusers
@@ -0,0 +1,4 @@
+# The PAM configuration file for the Shadow 'newusers' service
+#
+
+password   include      common-password
diff --git a/meta/recipes-extended/shadow/files/pam.d/passwd b/meta/recipes-extended/shadow/files/pam.d/passwd
new file mode 100644
index 0000000000..f534992435
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/pam.d/passwd
@@ -0,0 +1,5 @@
+#
+# The PAM configuration file for the Shadow `passwd' service
+#
+
+password   include      common-password
diff --git a/meta/recipes-extended/shadow/files/pam.d/su b/meta/recipes-extended/shadow/files/pam.d/su
new file mode 100644
index 0000000000..8e35137f37
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/pam.d/su
@@ -0,0 +1,60 @@
+#
+# The PAM configuration file for the Shadow `su' service
+#
+
+# This allows root to su without passwords (normal operation)
+auth       sufficient pam_rootok.so
+
+# Uncomment this to force users to be a member of group root
+# before they can use `su'. You can also add "group=foo"
+# to the end of this line if you want to use a group other
+# than the default "root" (but this may have side effect of
+# denying "root" user, unless she's a member of "foo" or explicitly
+# permitted earlier by e.g. "sufficient pam_rootok.so").
+# (Replaces the `SU_WHEEL_ONLY' option from login.defs)
+# auth       required   pam_wheel.so
+
+# Uncomment this if you want wheel members to be able to
+# su without a password.
+# auth       sufficient pam_wheel.so trust
+
+# Uncomment this if you want members of a specific group to not
+# be allowed to use su at all.
+# auth       required   pam_wheel.so deny group=nosu
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time restrainst on su usage.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+#
+# "nopen" stands to avoid reporting new mail when su'ing to another user
+session    optional   pam_mail.so nopen
+
+# Sets up user limits, please uncomment and read /etc/security/limits.conf
+# to enable this functionality.
+# (Replaces the use of /etc/limits in old login)
+# session    required   pam_limits.so
+
+# The standard Unix authentication modules, used with
+# NIS (man nsswitch) as well as normal /etc/passwd and
+# /etc/shadow entries.
+auth       include      common-auth
+account    include      common-account
+session    include      common-session
diff --git a/meta/recipes-extended/shadow/files/securetty b/meta/recipes-extended/shadow/files/securetty
new file mode 100644
index 0000000000..28fa0afb72
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/securetty
@@ -0,0 +1,206 @@
+# /etc/securetty: list of terminals on which root is allowed to login.
+# See securetty(5) and login(1).
+console
+
+# Standard serial ports
+ttyS0
+ttyS1
+ttyS2
+ttyS3
+
+# Samsung ARM SoCs
+ttySAC0
+ttySAC1
+ttySAC2
+ttySAC3
+
+# TI OMAP SoCs
+ttyO0
+ttyO1
+ttyO2
+ttyO3
+
+# USB dongles
+ttyUSB0
+ttyUSB1
+ttyUSB2
+
+# PowerMac
+ttyPZ0
+ttyPZ1
+ttyPZ2
+ttyPZ3
+
+# Embedded MPC platforms
+ttyPSC0
+ttyPSC1
+ttyPSC2
+ttyPSC3
+ttyPSC4
+ttyPSC5
+
+# PA-RISC mux ports
+ttyB0
+ttyB1
+
+# Standard hypervisor virtual console
+hvc0
+
+# Oldstyle Xen console
+xvc0
+
+# Standard consoles
+tty1
+tty2
+tty3
+tty4
+tty5
+tty6
+tty7
+tty8
+tty9
+tty10
+tty11
+tty12
+tty13
+tty14
+tty15
+tty16
+tty17
+tty18
+tty19
+tty20
+tty21
+tty22
+tty23
+tty24
+tty25
+tty26
+tty27
+tty28
+tty29
+tty30
+tty31
+tty32
+tty33
+tty34
+tty35
+tty36
+tty37
+tty38
+tty39
+tty40
+tty41
+tty42
+tty43
+tty44
+tty45
+tty46
+tty47
+tty48
+tty49
+tty50
+tty51
+tty52
+tty53
+tty54
+tty55
+tty56
+tty57
+tty58
+tty59
+tty60
+tty61
+tty62
+tty63
+
+# Local X displays (allows empty passwords with pam_unix's nullok_secure)
+:0
+:0.0
+:0.1
+:1
+:1.0
+:1.1
+:2
+:2.0
+:2.1
+:3
+:3.0
+:3.1
+
+# Embedded Freescale i.MX ports
+ttymxc0
+ttymxc1
+ttymxc2
+ttymxc3
+ttymxc4
+ttymxc5
+
+# Standard serial ports, with devfs
+tts/0
+tts/1
+
+# Standard consoles, with devfs
+vc/1
+vc/2
+vc/3
+vc/4
+vc/5
+vc/6
+vc/7
+vc/8
+vc/9
+vc/10
+vc/11
+vc/12
+vc/13
+vc/14
+vc/15
+vc/16
+vc/17
+vc/18
+vc/19
+vc/20
+vc/21
+vc/22
+vc/23
+vc/24
+vc/25
+vc/26
+vc/27
+vc/28
+vc/29
+vc/30
+vc/31
+vc/32
+vc/33
+vc/34
+vc/35
+vc/36
+vc/37
+vc/38
+vc/39
+vc/40
+vc/41
+vc/42
+vc/43
+vc/44
+vc/45
+vc/46
+vc/47
+vc/48
+vc/49
+vc/50
+vc/51
+vc/52
+vc/53
+vc/54
+vc/55
+vc/56
+vc/57
+vc/58
+vc/59
+vc/60
+vc/61
+vc/62
+vc/63
diff --git a/meta/recipes-extended/shadow/files/shadow-4.1.3-dots-in-usernames.patch b/meta/recipes-extended/shadow/files/shadow-4.1.3-dots-in-usernames.patch
new file mode 100644
index 0000000000..7a2ff2e24e
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/shadow-4.1.3-dots-in-usernames.patch
@@ -0,0 +1,23 @@
+# commit message copied from openembedded:
+#    commit 246c80637b135f3a113d319b163422f98174ee6c
+#    Author: Khem Raj <raj.khem@gmail.com>
+#    Date:   Wed Jun 9 13:37:03 2010 -0700
+#
+#    shadow-4.1.4.2: Add patches to support dots in login id.
+#    
+#    Signed-off-by: Khem Raj <raj.khem@gmail.com>
+#
+# comment added by Kevin Tian <kevin.tian@intel.com>, 2010-08-11
+
+Index: shadow-4.1.4.2/libmisc/chkname.c
+===================================================================
+--- shadow-4.1.4.2.orig/libmisc/chkname.c	2009-04-28 12:14:04.000000000 -0700
++++ shadow-4.1.4.2/libmisc/chkname.c	2010-06-03 17:43:20.638973857 -0700
+@@ -61,6 +61,7 @@ static bool is_valid_name (const char *n
+ 		      ( ('0' <= *name) && ('9' >= *name) ) ||
+ 		      ('_' == *name) ||
+ 		      ('-' == *name) ||
++		      ('.' == *name) ||
+ 		      ( ('$' == *name) && ('\0' == *(name + 1)) )
+ 		     )) {
+ 			return false;
diff --git a/meta/recipes-extended/shadow/files/shadow-4.1.4.2-env-reset-keep-locale.patch b/meta/recipes-extended/shadow/files/shadow-4.1.4.2-env-reset-keep-locale.patch
new file mode 100644
index 0000000000..124065c7f9
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/shadow-4.1.4.2-env-reset-keep-locale.patch
@@ -0,0 +1,27 @@
+# commit message copied from openembedded:
+#    commit 246c80637b135f3a113d319b163422f98174ee6c
+#    Author: Khem Raj <raj.khem@gmail.com>
+#    Date:   Wed Jun 9 13:37:03 2010 -0700
+#
+#    shadow-4.1.4.2: Add patches to support dots in login id.
+#    
+#    Signed-off-by: Khem Raj <raj.khem@gmail.com>
+#
+# comment added by Kevin Tian <kevin.tian@intel.com>, 2010-08-11
+
+http://bugs.gentoo.org/283725
+https://alioth.debian.org/tracker/index.php?func=detail&aid=311740&group_id=30580&atid=411480
+
+Index: shadow-4.1.4.2/libmisc/env.c
+===================================================================
+--- shadow-4.1.4.2.orig/libmisc/env.c	2009-04-27 13:07:56.000000000 -0700
++++ shadow-4.1.4.2/libmisc/env.c	2010-06-03 17:44:51.456408474 -0700
+@@ -251,7 +251,7 @@ void sanitize_env (void)
+ 			if (strncmp (*cur, *bad, strlen (*bad)) != 0) {
+ 				continue;
+ 			}
+-			if (strchr (*cur, '/') != NULL) {
++			if (strchr (*cur, '/') == NULL) {
+ 				continue;	/* OK */
+ 			}
+ 			for (move = cur; NULL != *move; move++) {
diff --git a/meta/recipes-extended/shadow/files/shadow-4.1.4.2-groupmod-pam-check.patch b/meta/recipes-extended/shadow/files/shadow-4.1.4.2-groupmod-pam-check.patch
new file mode 100644
index 0000000000..6682fe8078
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/shadow-4.1.4.2-groupmod-pam-check.patch
@@ -0,0 +1,32 @@
+# commit message copied from openembedded:
+#    commit 246c80637b135f3a113d319b163422f98174ee6c
+#    Author: Khem Raj <raj.khem@gmail.com>
+#    Date:   Wed Jun 9 13:37:03 2010 -0700
+#
+#    shadow-4.1.4.2: Add patches to support dots in login id.
+#    
+#    Signed-off-by: Khem Raj <raj.khem@gmail.com>
+#
+# comment added by Kevin Tian <kevin.tian@intel.com>, 2010-08-11
+
+http://bugs.gentoo.org/300790
+http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/2009-November/007850.html
+
+2009-11-05  Nicolas François  <nicolas.francois@centraliens.net>
+
+	* NEWS, src/groupmod.c: Fixed groupmod when configured with
+	--enable-account-tools-setuid.
+
+Index: shadow-4.1.4.2/src/groupmod.c
+===================================================================
+--- shadow-4.1.4.2.orig/src/groupmod.c	2009-06-05 15:16:58.000000000 -0700
++++ shadow-4.1.4.2/src/groupmod.c	2010-06-03 17:45:43.828952613 -0700
+@@ -720,7 +720,7 @@ int main (int argc, char **argv)
+ 	{
+ 		struct passwd *pampw;
+ 		pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
+-		if (NULL == pamh) {
++		if (NULL == pampw) {
+ 			fprintf (stderr,
+ 			         _("%s: Cannot determine your user name.\n"),
+ 			         Prog);
diff --git a/meta/recipes-extended/shadow/files/shadow-4.1.4.2-su_no_sanitize_env.patch b/meta/recipes-extended/shadow/files/shadow-4.1.4.2-su_no_sanitize_env.patch
new file mode 100644
index 0000000000..f67251c840
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/shadow-4.1.4.2-su_no_sanitize_env.patch
@@ -0,0 +1,27 @@
+# commit message copied from openembedded:
+#    commit 246c80637b135f3a113d319b163422f98174ee6c
+#    Author: Khem Raj <raj.khem@gmail.com>
+#    Date:   Wed Jun 9 13:37:03 2010 -0700
+#
+#    shadow-4.1.4.2: Add patches to support dots in login id.
+#    
+#    Signed-off-by: Khem Raj <raj.khem@gmail.com>
+#
+# comment added by Kevin Tian <kevin.tian@intel.com>, 2010-08-11
+
+http://bugs.gentoo.org/show_bug.cgi?id=301957
+https://alioth.debian.org/scm/browser.php?group_id=30580
+
+Index: shadow-4.1.4.2/src/su.c
+===================================================================
+--- shadow-4.1.4.2.orig/src/su.c	2009-07-23 13:38:56.000000000 -0700
++++ shadow-4.1.4.2/src/su.c	2010-06-03 17:46:47.718944010 -0700
+@@ -378,7 +378,7 @@ int main (int argc, char **argv)
+ #endif
+ #endif				/* !USE_PAM */
+ 
+-	sanitize_env ();
++	/* sanitize_env (); */
+ 
+ 	(void) setlocale (LC_ALL, "");
+ 	(void) bindtextdomain (PACKAGE, LOCALEDIR);
diff --git a/meta/recipes-extended/shadow/files/shadow.automake-1.11.patch b/meta/recipes-extended/shadow/files/shadow.automake-1.11.patch
new file mode 100644
index 0000000000..36d7be6fd0
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/shadow.automake-1.11.patch
@@ -0,0 +1,102 @@
+# patch is from openembedded:
+#    commit 2db61370333f7a2fc1dbb86385734883387e0217
+#    Author: Martin Jansa <Martin.Jansa@gmail.com>
+#    Date:   Fri Apr 2 07:34:46 2010 +0200
+#
+#    shadow: fix do_install with automake-1.11
+#    
+#    Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
+#
+# comment added by Kevin Tian <kevin.tian@intel.com>
+
+man_nopan is for !USE_PAM already included in man_MANS and automake-1.11 hates to install some file twice
+
+diff -uNr shadow-4.1.4.2.orig/man/Makefile.am shadow-4.1.4.2/man/Makefile.am
+--- shadow-4.1.4.2.orig/man/Makefile.am	2009-03-14 15:40:10.000000000 +0100
++++ shadow-4.1.4.2/man/Makefile.am	2010-04-02 07:31:17.000000000 +0200
+@@ -163,7 +163,6 @@
+ 	$(man_MANS) \
+ 	$(man_XMANS) \
+ 	$(addprefix login.defs.d/,$(login_defs_v)) \
+-	$(man_nopam) \
+ 	id.1 \
+ 	id.1.xml \
+ 	sulogin.8 \
+diff -uNr shadow-4.1.4.2.orig/man/fr/Makefile.am shadow-4.1.4.2/man/fr/Makefile.am
+--- shadow-4.1.4.2.orig/man/fr/Makefile.am	2008-09-06 18:44:45.000000000 +0200
++++ shadow-4.1.4.2/man/fr/Makefile.am	2010-04-02 07:42:11.000000000 +0200
+@@ -52,7 +52,6 @@
+ 
+ EXTRA_DIST = \
+ 	$(man_MANS) \
+-	$(man_nopam) \
+ 	id.1
+ 
+ include ../generate_translations.mak
+diff -uNr shadow-4.1.4.2.orig/man/it/Makefile.am shadow-4.1.4.2/man/it/Makefile.am
+--- shadow-4.1.4.2.orig/man/it/Makefile.am	2008-09-06 18:44:45.000000000 +0200
++++ shadow-4.1.4.2/man/it/Makefile.am	2010-04-02 07:42:20.000000000 +0200
+@@ -46,7 +46,6 @@
+                         
+ EXTRA_DIST = \
+ 	$(man_MANS) \
+-	$(man_nopam) \
+ 	id.1 \
+ 	logoutd.8
+ 
+diff -uNr shadow-4.1.4.2.orig/man/ja/Makefile.am shadow-4.1.4.2/man/ja/Makefile.am
+--- shadow-4.1.4.2.orig/man/ja/Makefile.am	2007-12-31 17:48:28.000000000 +0100
++++ shadow-4.1.4.2/man/ja/Makefile.am	2010-04-02 07:42:17.000000000 +0200
+@@ -49,7 +49,6 @@
+ 
+ EXTRA_DIST = \
+ 	$(man_MANS) \
+-	$(man_nopam) \
+ 	id.1 \
+ 	shadow.3 \
+ 	sulogin.8
+diff -uNr shadow-4.1.4.2.orig/man/pl/Makefile.am shadow-4.1.4.2/man/pl/Makefile.am
+--- shadow-4.1.4.2.orig/man/pl/Makefile.am	2008-09-06 18:44:45.000000000 +0200
++++ shadow-4.1.4.2/man/pl/Makefile.am	2010-04-02 07:42:07.000000000 +0200
+@@ -49,7 +49,6 @@
+ 
+ EXTRA_DIST = \
+ 	$(man_MANS) \
+-	$(man_nopam) \
+ 	getspnam.3 \
+ 	id.1 \
+ 	shadow.3 \
+diff -uNr shadow-4.1.4.2.orig/man/ru/Makefile.am shadow-4.1.4.2/man/ru/Makefile.am
+--- shadow-4.1.4.2.orig/man/ru/Makefile.am	2010-04-02 07:39:00.000000000 +0200
++++ shadow-4.1.4.2/man/ru/Makefile.am	2010-04-02 07:42:01.000000000 +0200
+@@ -54,7 +54,6 @@
+ 
+ EXTRA_DIST = \
+ 	$(man_MANS) \
+-	$(man_nopam) \
+ 	id.1 \
+ 	sulogin.8
+ 
+diff -uNr shadow-4.1.4.2.orig/man/sv/Makefile.am shadow-4.1.4.2/man/sv/Makefile.am
+--- shadow-4.1.4.2.orig/man/sv/Makefile.am	2008-09-06 18:44:45.000000000 +0200
++++ shadow-4.1.4.2/man/sv/Makefile.am	2010-04-02 07:42:24.000000000 +0200
+@@ -53,8 +53,7 @@
+ endif
+ 
+ EXTRA_DIST = \
+-	$(man_MANS) \
+-	$(man_nopam)
++	$(man_MANS)
+ 
+ include ../generate_translations.mak
+ 
+--- shadow-4.1.4.2.orig/man/ru/Makefile.am	2010-04-02 07:54:09.000000000 +0200
++++ shadow-4.1.4.2/man/ru/Makefile.am	2010-04-02 07:51:57.000000000 +0200
+@@ -1,7 +1,6 @@
+ mandir = @mandir@/ru
+ 
+ man_MANS = \
+-	$(man_nopam) \
+ 	chage.1 \
+ 	chfn.1 \
+ 	chgpasswd.8 \