Hello Steve and Andreas, On Thu, Jan 24, 2019 at 12:10:18AM +0100, Florian Vessaz wrote: [...] > I'll take the time to review those differences tomorrow or Friday night.
I compared the two branches: [a] https://gitlab.gnugen.ch:fvessaz/pkg-pam.git ah/master [b] https://salsa.debian.org/ah/pam.git master The differences I observed are: - Changelog entry for version 1.3.1-1 are different, the one in [b] looks better to me. - [a] contains patches metadata (author, date) retrieved from VCS history or BTS while [b] does not. - In patches/007_modules_pam_unix, [b] is is not adding the "obscure" argument which gates the functionality added by that same patch. - In patches/055_pam_unix_nullok_secure, [a] adds the "int nullok = off(UNIX__NONULL, ctrl);" at the tail of the list of already present declarations at the start of the if block while [b] adds it at the top. As far as I can tell, both versions have the same result and there is no apparent advantage of one over the other: [a] static char *envp[] = { NULL }; const char *args[] = { NULL, NULL, NULL, NULL }; int nullok = off(UNIX__NONULL, ctrl); [b] int nullok = off(UNIX__NONULL, ctrl); static char *envp[] = { NULL }; const char *args[] = { NULL, NULL, NULL, NULL }; Another difference is that [a] does not use an implicit declaration of _pammodutil_tty_secure. [b] is thus triggering an additional implicit declaration warning during the build. Finally, it appears that [b] was not adapted to the change made upstream to how unix_args is defined in modules/pam_unix/support.h. - In patches/PAM-manpage-section, [a] is doing pam.8.xml -> pam.7 -> PAM.7 while [b] is doing pam.8.xml -> pam.8 -> PAM.7. Same result in both cases. I updated [a] to do as [b] since [b] is changing less lines for the same result. Thus, at the time you are reading this e-mail, this difference will not be present. - patches/cve-2010-4708.patch is still included in [b] while upstream settled the issue in pam 1.1.3. As the patch description does not provide any argument for keeping it despite upstream settling the issue, [a] dropped it. If it is preferred to keep the patch, in my opinion the patch description should mention the reason. - In patches/make_documentation_reproducible.patch [a] uses "LC_ALL=C.UTF-8" while [b] uses "LC_ALL=C". Usage of "LC_ALL=C.UTF-8" was introduced by 4b9ee4f1ec73d87668ce40f0a362ecbc58159d9f. - In patches/update-motd [a] clarifies a sentence. Please let me know if my branch should be updated, I can take the time to do so if I receive feedback. And don't hesitate to replace my commit with the changelog entry. Thank you, -- Florian
signature.asc
Description: PGP signature
