diff -Nru systemd-242/debian/changelog systemd-242/debian/changelog --- systemd-242/debian/changelog 2019-11-01 21:33:08.000000000 +0100 +++ systemd-242/debian/changelog 2020-01-20 14:56:54.000000000 +0100 @@ -1,3 +1,15 @@ +systemd (242-7ubuntu3.3) eoan; urgency=medium + + * d/p/lp1762391/0001-user-util-Add-helper-functions-for-gid-lists-operati.patch, + d/p/lp1762391/0002-execute-Restore-call-to-pam_setcred.patch, + d/p/lp1762391/0003-execute-Detect-groups-added-by-PAM-and-merge-them-wi.patch, + d/p/lp1762391/0004-test-Add-tests-for-gid-list-ops.patch, + d/p/lp1762391/0005-execute-add-const-to-array-parameters-where-possible.patch, + d/p/lp1762391/0006-execute-allow-pam_setcred-to-fail-ignore-errors.patch: + - Restore call to pam_setcred (LP: #1762391) + + -- Dariusz Gadomski Mon, 20 Jan 2020 14:56:54 +0100 + systemd (242-7ubuntu3.2) eoan; urgency=medium [ Dan Streetman ] diff -Nru systemd-242/debian/patches/lp1762391/0001-user-util-Add-helper-functions-for-gid-lists-operati.patch systemd-242/debian/patches/lp1762391/0001-user-util-Add-helper-functions-for-gid-lists-operati.patch --- systemd-242/debian/patches/lp1762391/0001-user-util-Add-helper-functions-for-gid-lists-operati.patch 1970-01-01 01:00:00.000000000 +0100 +++ systemd-242/debian/patches/lp1762391/0001-user-util-Add-helper-functions-for-gid-lists-operati.patch 2020-01-20 14:56:54.000000000 +0100 @@ -0,0 +1,139 @@ +From 0c5d667932f8abaf02814ee9ada6d0e63d63f8bb Mon Sep 17 00:00:00 2001 +From: Dariusz Gadomski +Date: Wed, 8 Jan 2020 16:22:29 +0100 +Subject: [PATCH 1/3] user-util: Add helper functions for gid lists operations +Bug: https://github.com/systemd/systemd/issues/11198 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1762391 +Origin: upstream, https://github.com/systemd/systemd/pull/11199 + +--- a/src/basic/user-util.c ++++ b/src/basic/user-util.c +@@ -407,10 +407,16 @@ + return ret; + } + ++static bool gid_list_has(const gid_t *list, size_t size, gid_t val) { ++ for (size_t i = 0; i < size; i++) ++ if (list[i] == val) ++ return true; ++ return false; ++} ++ + int in_gid(gid_t gid) { +- long ngroups_max; +- gid_t *gids; +- int r, i; ++ _cleanup_free_ gid_t *gids = NULL; ++ int ngroups; + + if (getgid() == gid) + return 1; +@@ -421,20 +427,11 @@ + if (!gid_is_valid(gid)) + return -EINVAL; + +- ngroups_max = sysconf(_SC_NGROUPS_MAX); +- assert(ngroups_max > 0); +- +- gids = newa(gid_t, ngroups_max); +- +- r = getgroups(ngroups_max, gids); +- if (r < 0) +- return -errno; +- +- for (i = 0; i < r; i++) +- if (gids[i] == gid) +- return 1; ++ ngroups = getgroups_alloc(&gids); ++ if (ngroups < 0) ++ return ngroups; + +- return 0; ++ return gid_list_has(gids, ngroups, gid); + } + + int in_group(const char *name) { +@@ -448,6 +445,71 @@ + return in_gid(gid); + } + ++int merge_gid_lists(const gid_t *list1, size_t size1, const gid_t *list2, size_t size2, gid_t **ret) { ++ size_t nresult = 0; ++ assert(ret); ++ ++ if (size2 > INT_MAX - size1) ++ return -ENOBUFS; ++ ++ gid_t *buf = new(gid_t, size1 + size2); ++ if (!buf) ++ return -ENOMEM; ++ ++ /* Duplicates need to be skipped on merging, otherwise they'll be passed on and stored in the kernel. */ ++ for (size_t i = 0; i < size1; i++) ++ if (!gid_list_has(buf, nresult, list1[i])) ++ buf[nresult++] = list1[i]; ++ for (size_t i = 0; i < size2; i++) ++ if (!gid_list_has(buf, nresult, list2[i])) ++ buf[nresult++] = list2[i]; ++ *ret = buf; ++ return (int)nresult; ++} ++ ++int getgroups_alloc(gid_t** gids) { ++ gid_t *allocated; ++ _cleanup_free_ gid_t *p = NULL; ++ int ngroups = 8; ++ unsigned attempt = 0; ++ ++ allocated = new(gid_t, ngroups); ++ if (!allocated) ++ return -ENOMEM; ++ p = allocated; ++ ++ for (;;) { ++ ngroups = getgroups(ngroups, p); ++ if (ngroups >= 0) ++ break; ++ if (errno != EINVAL) ++ return -errno; ++ ++ /* Give up eventually */ ++ if (attempt++ > 10) ++ return -EINVAL; ++ ++ /* Get actual size needed, and size the array explicitly. Note that this is potentially racy ++ * to use (in multi-threaded programs), hence let's call this in a loop. */ ++ ngroups = getgroups(0, NULL); ++ if (ngroups < 0) ++ return -errno; ++ if (ngroups == 0) ++ return false; ++ ++ free(allocated); ++ ++ allocated = new(gid_t, ngroups); ++ if (!allocated) ++ return -ENOMEM; ++ ++ p = allocated; ++ } ++ ++ *gids = TAKE_PTR(p); ++ return ngroups; ++} ++ + int get_home_dir(char **_h) { + struct passwd *p; + const char *e; +--- a/src/basic/user-util.h ++++ b/src/basic/user-util.h +@@ -42,6 +42,9 @@ + int in_gid(gid_t gid); + int in_group(const char *name); + ++int merge_gid_lists(const gid_t *list1, size_t size1, const gid_t *list2, size_t size2, gid_t **result); ++int getgroups_alloc(gid_t** gids); ++ + int get_home_dir(char **ret); + int get_shell(char **_ret); + diff -Nru systemd-242/debian/patches/lp1762391/0002-execute-Restore-call-to-pam_setcred.patch systemd-242/debian/patches/lp1762391/0002-execute-Restore-call-to-pam_setcred.patch --- systemd-242/debian/patches/lp1762391/0002-execute-Restore-call-to-pam_setcred.patch 1970-01-01 01:00:00.000000000 +0100 +++ systemd-242/debian/patches/lp1762391/0002-execute-Restore-call-to-pam_setcred.patch 2020-01-20 14:56:54.000000000 +0100 @@ -0,0 +1,32 @@ +From 3bb39ea936a51a6a63a8b65a135521df098c32c4 Mon Sep 17 00:00:00 2001 +From: Dariusz Gadomski +Date: Wed, 8 Jan 2020 16:24:11 +0100 +Subject: [PATCH 2/3] execute: Restore call to pam_setcred +Bug: https://github.com/systemd/systemd/issues/11198 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1762391 +Origin: upstream, https://github.com/systemd/systemd/pull/11199 + +--- systemd-242.orig/src/core/execute.c ++++ systemd-242/src/core/execute.c +@@ -1205,6 +1205,10 @@ static int setup_pam( + if (pam_code != PAM_SUCCESS) + goto fail; + ++ pam_code = pam_setcred(handle, PAM_ESTABLISH_CRED | flags); ++ if (pam_code != PAM_SUCCESS) ++ goto fail; ++ + pam_code = pam_open_session(handle, flags); + if (pam_code != PAM_SUCCESS) + goto fail; +@@ -1289,6 +1293,10 @@ static int setup_pam( + } + } + ++ pam_code = pam_setcred(handle, PAM_DELETE_CRED | flags); ++ if (pam_code != PAM_SUCCESS) ++ goto child_finish; ++ + /* If our parent died we'll end the session */ + if (getppid() != parent_pid) { + pam_code = pam_close_session(handle, flags); diff -Nru systemd-242/debian/patches/lp1762391/0003-execute-Detect-groups-added-by-PAM-and-merge-them-wi.patch systemd-242/debian/patches/lp1762391/0003-execute-Detect-groups-added-by-PAM-and-merge-them-wi.patch --- systemd-242/debian/patches/lp1762391/0003-execute-Detect-groups-added-by-PAM-and-merge-them-wi.patch 1970-01-01 01:00:00.000000000 +0100 +++ systemd-242/debian/patches/lp1762391/0003-execute-Detect-groups-added-by-PAM-and-merge-them-wi.patch 2020-01-20 14:56:54.000000000 +0100 @@ -0,0 +1,57 @@ +From afb11bf1b8433f642062384964b6c3efe8b226b1 Mon Sep 17 00:00:00 2001 +From: Dariusz Gadomski +Date: Wed, 8 Jan 2020 16:24:45 +0100 +Subject: [PATCH 3/3] execute: Detect groups added by PAM and merge them with + supplementary groups +Bug: https://github.com/systemd/systemd/issues/11198 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1762391 +Origin: upstream, https://github.com/systemd/systemd/pull/11199 + +--- systemd-242.orig/src/core/execute.c ++++ systemd-242/src/core/execute.c +@@ -2921,6 +2921,8 @@ static int exec_child( + size_t n_fds; + ExecDirectoryType dt; + int secure_bits; ++ _cleanup_free_ gid_t *gids_after_pam = NULL; ++ int ngids_after_pam = 0; + + assert(unit); + assert(command); +@@ -3330,6 +3332,12 @@ static int exec_child( + *exit_status = EXIT_PAM; + return log_unit_error_errno(unit, r, "Failed to set up PAM session: %m"); + } ++ ++ ngids_after_pam = getgroups_alloc(&gids_after_pam); ++ if (ngids_after_pam < 0) { ++ *exit_status = EXIT_MEMORY; ++ return log_unit_error_errno(unit, ngids_after_pam, "Failed to obtain groups after setting up PAM: %m"); ++ } + } + } + +@@ -3376,7 +3384,22 @@ static int exec_child( + + /* Drop groups as early as possbile */ + if (needs_setuid) { +- r = enforce_groups(gid, supplementary_gids, ngids); ++ _cleanup_free_ gid_t *gids_to_enforce = NULL; ++ int ngids_to_enforce = 0; ++ ++ ngids_to_enforce = merge_gid_lists(supplementary_gids, ++ ngids, ++ gids_after_pam, ++ ngids_after_pam, ++ &gids_to_enforce); ++ if (ngids_to_enforce < 0) { ++ *exit_status = EXIT_MEMORY; ++ return log_unit_error_errno(unit, ++ ngids_to_enforce, ++ "Failed to merge group lists. Group membership might be incorrect: %m"); ++ } ++ ++ r = enforce_groups(gid, gids_to_enforce, ngids_to_enforce); + if (r < 0) { + *exit_status = EXIT_GROUP; + return log_unit_error_errno(unit, r, "Changing group credentials failed: %m"); diff -Nru systemd-242/debian/patches/lp1762391/0004-test-Add-tests-for-gid-list-ops.patch systemd-242/debian/patches/lp1762391/0004-test-Add-tests-for-gid-list-ops.patch --- systemd-242/debian/patches/lp1762391/0004-test-Add-tests-for-gid-list-ops.patch 1970-01-01 01:00:00.000000000 +0100 +++ systemd-242/debian/patches/lp1762391/0004-test-Add-tests-for-gid-list-ops.patch 2020-01-20 14:56:54.000000000 +0100 @@ -0,0 +1,66 @@ +From c6cecb744b53561efd329309af7d02a3f9979ed1 Mon Sep 17 00:00:00 2001 +From: Dariusz Gadomski +Date: Wed, 8 Jan 2020 16:25:15 +0100 +Subject: [PATCH] test: Add tests for gid list ops +Bug: https://github.com/systemd/systemd/issues/11198 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1762391 +Origin: upstream, https://github.com/systemd/systemd/pull/11199 + +--- systemd-242.orig/src/test/test-user-util.c ++++ systemd-242/src/test/test-user-util.c +@@ -4,6 +4,7 @@ + #include "format-util.h" + #include "log.h" + #include "macro.h" ++#include "memory-util.h" + #include "path-util.h" + #include "string-util.h" + #include "user-util.h" +@@ -191,6 +192,39 @@ static void test_get_group_creds_one(con + assert_se(rgid == gid); + } + ++static void test_gid_lists_ops(void) { ++ static const gid_t l1[] = { 5, 10, 15, 20, 25}; ++ static const gid_t l2[] = { 1, 2, 3, 15, 20, 25}; ++ static const gid_t l3[] = { 5, 10, 15, 20, 25, 26, 27}; ++ static const gid_t l4[] = { 25, 26, 20, 15, 5, 27, 10}; ++ ++ static const gid_t result1[] = {1, 2, 3, 5, 10, 15, 20, 25, 26, 27}; ++ static const gid_t result2[] = {5, 10, 15, 20, 25, 26, 27}; ++ ++ _cleanup_free_ gid_t *gids = NULL; ++ _cleanup_free_ gid_t *res1 = NULL; ++ _cleanup_free_ gid_t *res2 = NULL; ++ _cleanup_free_ gid_t *res3 = NULL; ++ _cleanup_free_ gid_t *res4 = NULL; ++ int nresult; ++ ++ nresult = merge_gid_lists(l2, ELEMENTSOF(l2), l3, ELEMENTSOF(l3), &res1); ++ assert_se(memcmp_nn(res1, nresult, result1, ELEMENTSOF(result1)) == 0); ++ ++ nresult = merge_gid_lists(NULL, 0, l2, ELEMENTSOF(l2), &res2); ++ assert_se(memcmp_nn(res2, nresult, l2, ELEMENTSOF(l2)) == 0); ++ ++ nresult = merge_gid_lists(l1, ELEMENTSOF(l1), l1, ELEMENTSOF(l1), &res3); ++ assert_se(memcmp_nn(l1, ELEMENTSOF(l1), res3, nresult) == 0); ++ ++ nresult = merge_gid_lists(l1, ELEMENTSOF(l1), l4, ELEMENTSOF(l4), &res4); ++ assert_se(memcmp_nn(result2, ELEMENTSOF(result2), res4, nresult) == 0); ++ ++ nresult = getgroups_alloc(&gids); ++ assert_se(nresult >= 0 || nresult == -EINVAL || nresult == -ENOMEM); ++ assert_se(gids); ++} ++ + int main(int argc, char *argv[]) { + test_uid_to_name_one(0, "root"); + test_uid_to_name_one(UID_NOBODY, NOBODY_USER_NAME); +@@ -221,5 +255,7 @@ int main(int argc, char *argv[]) { + test_valid_gecos(); + test_valid_home(); + ++ test_gid_lists_ops(); ++ + return 0; + } diff -Nru systemd-242/debian/patches/lp1762391/0005-execute-add-const-to-array-parameters-where-possible.patch systemd-242/debian/patches/lp1762391/0005-execute-add-const-to-array-parameters-where-possible.patch --- systemd-242/debian/patches/lp1762391/0005-execute-add-const-to-array-parameters-where-possible.patch 1970-01-01 01:00:00.000000000 +0100 +++ systemd-242/debian/patches/lp1762391/0005-execute-add-const-to-array-parameters-where-possible.patch 2020-01-20 14:56:54.000000000 +0100 @@ -0,0 +1,28 @@ +From 5b8d1f6b7757781eb55ac15a1e079dcb7bc6792a Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Wed, 15 Jan 2020 17:08:25 +0100 +Subject: [PATCH] execute: add const to array parameters, where possible +Bug: https://github.com/systemd/systemd/issues/14567 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1762391 +Origin: upstream, https://github.com/systemd/systemd/pull/14581 + +--- systemd-242.orig/src/core/execute.c ++++ systemd-242/src/core/execute.c +@@ -1137,7 +1137,7 @@ static int setup_pam( + gid_t gid, + const char *tty, + char ***env, +- int fds[], size_t n_fds) { ++ const int fds[], size_t n_fds) { + + #if HAVE_PAM + +@@ -2709,7 +2709,7 @@ static int close_remaining_fds( + int user_lookup_fd, + int socket_fd, + int exec_fd, +- int *fds, size_t n_fds) { ++ const int *fds, size_t n_fds) { + + size_t n_dont_close = 0; + int dont_close[n_fds + 12]; diff -Nru systemd-242/debian/patches/lp1762391/0006-execute-allow-pam_setcred-to-fail-ignore-errors.patch systemd-242/debian/patches/lp1762391/0006-execute-allow-pam_setcred-to-fail-ignore-errors.patch --- systemd-242/debian/patches/lp1762391/0006-execute-allow-pam_setcred-to-fail-ignore-errors.patch 1970-01-01 01:00:00.000000000 +0100 +++ systemd-242/debian/patches/lp1762391/0006-execute-allow-pam_setcred-to-fail-ignore-errors.patch 2020-01-20 14:56:54.000000000 +0100 @@ -0,0 +1,19 @@ +From 46d7c6afbf92e74fb96b6df2858d858ec77db991 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Wed, 15 Jan 2020 17:09:36 +0100 +Subject: [PATCH] execute: allow pam_setcred() to fail, ignore errors +Bug: https://github.com/systemd/systemd/issues/14567 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1762391 +Origin: upstream, https://github.com/systemd/systemd/pull/14581 + +--- systemd-242.orig/src/core/execute.c ++++ systemd-242/src/core/execute.c +@@ -1207,7 +1207,7 @@ static int setup_pam( + + pam_code = pam_setcred(handle, PAM_ESTABLISH_CRED | flags); + if (pam_code != PAM_SUCCESS) +- goto fail; ++ log_debug("pam_setcred() failed, ignoring: %s", pam_strerror(handle, pam_code)); + + pam_code = pam_open_session(handle, flags); + if (pam_code != PAM_SUCCESS) diff -Nru systemd-242/debian/patches/lp17623910001-user-util-Add-helper-functions-for-gid-lists-operati.patch, systemd-242/debian/patches/lp17623910001-user-util-Add-helper-functions-for-gid-lists-operati.patch, --- systemd-242/debian/patches/lp17623910001-user-util-Add-helper-functions-for-gid-lists-operati.patch, 1970-01-01 01:00:00.000000000 +0100 +++ systemd-242/debian/patches/lp17623910001-user-util-Add-helper-functions-for-gid-lists-operati.patch, 2020-01-20 14:56:54.000000000 +0100 @@ -0,0 +1,151 @@ +Description: + TODO: Put a short summary on the line above and replace this paragraph + with a longer explanation of this change. Complete the meta-information + with other relevant fields (see below for details). To make it easier, the + information below has been extracted from the changelog. Adjust it or drop + it. + . + systemd (242-7ubuntu3.3) eoan; urgency=medium + . + * d/p/lp1762391/0001-user-util-Add-helper-functions-for-gid-lists-operati.patch, + d/p/lp1762391/0002-execute-Restore-call-to-pam_setcred.patch, + d/p/lp1762391/0003-execute-Detect-groups-added-by-PAM-and-merge-them-wi.patch, + d/p/lp1762391/0004-test-Add-tests-for-gid-list-ops.patch, + d/p/lp1762391/0005-execute-add-const-to-array-parameters-where-possible.patch, + d/p/lp1762391/0006-execute-allow-pam_setcred-to-fail-ignore-errors.patch: + - Restore call to pam_setcred (LP: #1762391) +Author: Dariusz Gadomski +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1762391 + +--- +The information above should follow the Patch Tagging Guidelines, please +checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here +are templates for supplementary fields that you might want to add: + +Origin: , +Bug: +Bug-Debian: https://bugs.debian.org/ +Bug-Ubuntu: https://launchpad.net/bugs/ +Forwarded: +Reviewed-By: +Last-Update: 2020-01-20 + +--- systemd-242.orig/src/basic/user-util.c ++++ systemd-242/src/basic/user-util.c +@@ -407,10 +407,16 @@ char* gid_to_name(gid_t gid) { + return ret; + } + ++static bool gid_list_has(const gid_t *list, size_t size, gid_t val) { ++ for (size_t i = 0; i < size; i++) ++ if (list[i] == val) ++ return true; ++ return false; ++} ++ + int in_gid(gid_t gid) { +- long ngroups_max; +- gid_t *gids; +- int r, i; ++ _cleanup_free_ gid_t *gids = NULL; ++ int ngroups; + + if (getgid() == gid) + return 1; +@@ -421,20 +427,11 @@ int in_gid(gid_t gid) { + if (!gid_is_valid(gid)) + return -EINVAL; + +- ngroups_max = sysconf(_SC_NGROUPS_MAX); +- assert(ngroups_max > 0); +- +- gids = newa(gid_t, ngroups_max); +- +- r = getgroups(ngroups_max, gids); +- if (r < 0) +- return -errno; +- +- for (i = 0; i < r; i++) +- if (gids[i] == gid) +- return 1; ++ ngroups = getgroups_alloc(&gids); ++ if (ngroups < 0) ++ return ngroups; + +- return 0; ++ return gid_list_has(gids, ngroups, gid); + } + + int in_group(const char *name) { +@@ -448,6 +445,71 @@ int in_group(const char *name) { + return in_gid(gid); + } + ++int merge_gid_lists(const gid_t *list1, size_t size1, const gid_t *list2, size_t size2, gid_t **ret) { ++ size_t nresult = 0; ++ assert(ret); ++ ++ if (size2 > INT_MAX - size1) ++ return -ENOBUFS; ++ ++ gid_t *buf = new(gid_t, size1 + size2); ++ if (!buf) ++ return -ENOMEM; ++ ++ /* Duplicates need to be skipped on merging, otherwise they'll be passed on and stored in the kernel. */ ++ for (size_t i = 0; i < size1; i++) ++ if (!gid_list_has(buf, nresult, list1[i])) ++ buf[nresult++] = list1[i]; ++ for (size_t i = 0; i < size2; i++) ++ if (!gid_list_has(buf, nresult, list2[i])) ++ buf[nresult++] = list2[i]; ++ *ret = buf; ++ return (int)nresult; ++} ++ ++int getgroups_alloc(gid_t** gids) { ++ gid_t *allocated; ++ _cleanup_free_ gid_t *p = NULL; ++ int ngroups = 8; ++ unsigned attempt = 0; ++ ++ allocated = new(gid_t, ngroups); ++ if (!allocated) ++ return -ENOMEM; ++ p = allocated; ++ ++ for (;;) { ++ ngroups = getgroups(ngroups, p); ++ if (ngroups >= 0) ++ break; ++ if (errno != EINVAL) ++ return -errno; ++ ++ /* Give up eventually */ ++ if (attempt++ > 10) ++ return -EINVAL; ++ ++ /* Get actual size needed, and size the array explicitly. Note that this is potentially racy ++ * to use (in multi-threaded programs), hence let's call this in a loop. */ ++ ngroups = getgroups(0, NULL); ++ if (ngroups < 0) ++ return -errno; ++ if (ngroups == 0) ++ return false; ++ ++ free(allocated); ++ ++ allocated = new(gid_t, ngroups); ++ if (!allocated) ++ return -ENOMEM; ++ ++ p = allocated; ++ } ++ ++ *gids = TAKE_PTR(p); ++ return ngroups; ++} ++ + int get_home_dir(char **_h) { + struct passwd *p; + const char *e; diff -Nru systemd-242/debian/patches/series systemd-242/debian/patches/series --- systemd-242/debian/patches/series 2019-11-01 21:33:08.000000000 +0100 +++ systemd-242/debian/patches/series 2020-01-20 14:56:54.000000000 +0100 @@ -78,3 +78,9 @@ lp1815101-03-network-add-KeepConfiguration-dhcp-on-stop.patch lp1815101-04-network-make-KeepConfiguration-static-drop-DHCP-addr.patch lp1815101-05-man-add-documentation-about-KeepConfiguration.patch +lp1762391/0001-user-util-Add-helper-functions-for-gid-lists-operati.patch +lp1762391/0002-execute-Restore-call-to-pam_setcred.patch +lp1762391/0003-execute-Detect-groups-added-by-PAM-and-merge-them-wi.patch +lp1762391/0004-test-Add-tests-for-gid-list-ops.patch +lp1762391/0005-execute-add-const-to-array-parameters-where-possible.patch +lp1762391/0006-execute-allow-pam_setcred-to-fail-ignore-errors.patch