Your message dated Wed, 08 Jul 2026 16:49:25 +0000
with message-id <[email protected]>
and subject line Bug#1141076: fixed in pam 1.7.0-8
has caused the Debian Bug report #1141076,
regarding `pam_start_confdir()` does not use `confdir` for include and substack
directives.
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1141076: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1141076
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: PAM
Version: 1.7.0-5 (Debian)
`pam_start_confdir()` successfully opens the first service in the
supplied `confdir`. Included services are however expected to be placed
in /etc/pam.d and are therefore not found if they are placed in the
`confdir` that was supplied.
Example:
`$ cat /tmp/ml-login-cli-test`:
```
auth include ml-common-auth
account include ml-common-auth
```
`cat /tmp/test_confdir.c`:
```
#include <security/pam_appl.h>
#include <stdio.h>
static int conv(int, const struct pam_message **, struct pam_response **, void
*) {
return PAM_CONV_ERR;
}
int main() {
struct pam_conv c = {conv, NULL};
pam_handle_t *pamh = NULL;
int ret = pam_start_confdir("ml-login-cli-test", "test", &c, "/tmp", &pamh);
printf("pam_start_confdir: %d\n", ret);
if (ret == PAM_SUCCESS) {
ret = pam_authenticate(pamh, 0);
printf("pam_authenticate: %d (%s)\n", ret, pam_strerror(pamh, ret));
pam_end(pamh, ret);
}
}
```
Compile and run the test:
```
$ cc -std=c23 -o /tmp/test_confdir /tmp/test_confdir.c -Wall -Wextra -lpam
$ strace -e openat /tmp/test_confdir 2>&1 | grep -E 'pam.d|/tmp|ml-'
openat(AT_FDCWD, "/tmp/ml-login-cli-test", O_RDONLY) = 3
openat(AT_FDCWD, "/etc/pam.d/ml-common-auth", O_RDONLY) = -1 ENOENT (No such
file or directory)
openat(AT_FDCWD, "/etc/pam.d/ml-common-auth", O_RDONLY) = -1 ENOENT (No such
file or directory)
openat(AT_FDCWD, "/tmp/other", O_RDONLY) = -1 ENOENT (No such file or
directory)
```
As shown in the output, it is not searching in /tmp for ml-common-auth
but goes directly to /etc/pam.d.
Running the same example on Fedora 43 produces the expected output where
it searches for ml-common-auth in /tmp:
```
openat(AT_FDCWD, "/tmp/ml-login-cli-test", O_RDONLY) = 3
openat(AT_FDCWD, "/tmp/ml-common-auth", O_RDONLY) = -1 ENOENT (No such file or
directory)
openat(AT_FDCWD, "/tmp/ml-common-auth", O_RDONLY) = -1 ENOENT (No such file or
directory)
openat(AT_FDCWD, "/tmp/other", O_RDONLY) = -1 ENOENT (No such file or directory)
```
Debian GNU/Linux 13 (trixie)
kernel: 4.18.0-553.123.1.el8_10.x86_64
ldd (Debian GLIBC 2.41-12+deb13u2) 2.41
Best regards,
Ted Lyngmo
--- End Message ---
--- Begin Message ---
Source: pam
Source-Version: 1.7.0-8
Done: Sam Hartman <[email protected]>
We believe that the bug you reported is fixed in the latest version of
pam, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sam Hartman <[email protected]> (supplier of updated pam package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 08 Jul 2026 09:51:33 -0600
Source: pam
Architecture: source
Version: 1.7.0-8
Distribution: unstable
Urgency: high
Maintainer: Sam Hartman <[email protected]>
Changed-By: Sam Hartman <[email protected]>
Closes: 1141076
Changes:
pam (1.7.0-8) unstable; urgency=high
.
* Fix debian/patches stack from 1.7.0-7, Closes: #1141076
- Somehow gbp pq export lost a patch between 1.7.0-6 and 1.7.0-7. I
have not been able to reproduce the issue; apparently my local
patch-queue branch was in an inconsistent state.
- So regenerate and reaudit patch-queue.
Checksums-Sha1:
9d0d6a0fdf6a9fb0de55472edd91ea4b530fa2a9 2282 pam_1.7.0-8.dsc
1224d69ceb1b457965c0ce3249707f1dfe0968f4 144168 pam_1.7.0-8.debian.tar.xz
Checksums-Sha256:
4bc591c59c32411cc73ac9c1b62278a2bc1a8e960333fefae46f9c8a0ce365a9 2282
pam_1.7.0-8.dsc
646da1f17bec967f46ff1fae6890ed3b3b35fe4fb3342e17d9db9ebeb0b6c171 144168
pam_1.7.0-8.debian.tar.xz
Files:
7b11b36050c1e9ed3eaaaee885704a2d 2282 libs optional pam_1.7.0-8.dsc
a0c1958e4b3874903b0ca091e78028d8 144168 libs optional pam_1.7.0-8.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iHUEARYKAB0WIQSj2jRwbAdKzGY/4uAsbEw8qDeGdAUCak58BgAKCRAsbEw8qDeG
dLbDAP41+bVG1pMdijOkiNQb7Q2I2OgqgjOZnnzaXxh7iDDhXAEA1N2J/A3CJ2S8
ZA2BWY8guERCf1Ojyi1nKF4ItSYdEQU=
=vmim
-----END PGP SIGNATURE-----
pgpI3WLp0ug7f.pgp
Description: PGP signature
--- End Message ---