1 files changed, 12 insertions, 5 deletions

diff --git a/debian/patches/pam_unix_dont_trust_chkpwd_caller.patch b/debian/patches/pam_unix_dont_trust_chkpwd_caller.patch
index 6a9e525e..5a94c25d 100644
--- a/debian/patches/pam_unix_dont_trust_chkpwd_caller.patch
+++ b/debian/patches/pam_unix_dont_trust_chkpwd_caller.patch
@@ -1,3 +1,7 @@
+From: Sam Hartman <hartmans@debian.org>
+Date: Mon, 11 Sep 2023 14:00:42 -0600
+Subject: pam_unix_dont_trust_chkpwd_caller
+
 Dropping suid bits is not enough to let us trust the caller; the unix_chkpwd
 helper could be sgid shadow instead of suid root, as it is in Debian and
 Ubuntu by default.  Drop any sgid bits as well.
@@ -6,12 +10,15 @@ Authors: Steve Langasek <vorlon@debian.org>,
          Michael Spang <mspang@csclub.uwaterloo.ca>
 
 Upstream status: to be submitted
+---
+ modules/pam_unix/unix_chkpwd.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
 
-Index: pam/modules/pam_unix/unix_chkpwd.c
-===================================================================
---- pam.orig/modules/pam_unix/unix_chkpwd.c
-+++ pam/modules/pam_unix/unix_chkpwd.c
-@@ -138,9 +138,10 @@
+diff --git a/modules/pam_unix/unix_chkpwd.c b/modules/pam_unix/unix_chkpwd.c
+index 556a2e2..5e7b571 100644
+--- a/modules/pam_unix/unix_chkpwd.c
++++ b/modules/pam_unix/unix_chkpwd.c
+@@ -138,9 +138,10 @@ int main(int argc, char *argv[])
  	  /* if the caller specifies the username, verify that user
  	     matches it */
  	  if (user == NULL || strcmp(user, argv[1])) {