diff -Nru ecryptfs-utils-53/debian/changelog ecryptfs-utils-53/debian/changelog
--- ecryptfs-utils-53/debian/changelog	2008-10-16 20:59:54.000000000 +0000
+++ ecryptfs-utils-53/debian/changelog	2008-10-16 20:59:54.000000000 +0000
@@ -1,3 +1,12 @@
+ecryptfs-utils (53-1ubuntu10) UNRELEASED; urgency=low
+
+  * debian/patches/50-error-on-empty-password.dpatch: return
+    PAM_AUTHTOK_RECOVER_ERR from the password changing module if we
+    didn't get a password from the other modules in the stack, instead
+    of returning success.  LP: #272232.
+
+ -- Steve Langasek <steve.langasek@ubuntu.com>  Thu, 16 Oct 2008 05:06:04 +0000
+
 ecryptfs-utils (53-1ubuntu9) intrepid; urgency=low
 
   * debian/patches/35-silence_useless_mount_messages.dpatch: silence error
diff -Nru ecryptfs-utils-53/debian/patches/00list ecryptfs-utils-53/debian/patches/00list
--- ecryptfs-utils-53/debian/patches/00list	2008-10-16 20:59:54.000000000 +0000
+++ ecryptfs-utils-53/debian/patches/00list	2008-10-16 20:59:54.000000000 +0000
@@ -5,3 +5,4 @@
 30-ecryptfs-setup-private_empty-dir-check.dpatch
 35-silence_useless_mount_messages.dpatch
 40-zero_out_grep_options.dpatch
+50-error-on-empty-password.dpatch
diff -Nru ecryptfs-utils-53/debian/patches/50-error-on-empty-password.dpatch ecryptfs-utils-53/debian/patches/50-error-on-empty-password.dpatch
--- ecryptfs-utils-53/debian/patches/50-error-on-empty-password.dpatch	1970-01-01 00:00:00.000000000 +0000
+++ ecryptfs-utils-53/debian/patches/50-error-on-empty-password.dpatch	2008-10-16 20:59:54.000000000 +0000
@@ -0,0 +1,38 @@
+#!/bin/sh /usr/share/dpatch/dpatch-run
+# 50-error-on-empty-password.dpatch
+# Steve Langasek <steve.langasek@canonical.com>
+#
+# Return PAM_AUTHTOK_RECOVER_ERR from pam_sm_chauthtok() if we didn't receive
+# a password from earlier modules in the stack
+
+@DPATCH@
+diff -urNad ecryptfs-utils-53~/src/pam_ecryptfs/pam_ecryptfs.c ecryptfs-utils-53/src/pam_ecryptfs/pam_ecryptfs.c
+--- ecryptfs-utils-53~/src/pam_ecryptfs/pam_ecryptfs.c	2008-10-16 20:38:49.000000000 +0000
++++ ecryptfs-utils-53/src/pam_ecryptfs/pam_ecryptfs.c	2008-10-16 20:52:25.000000000 +0000
+@@ -357,6 +357,18 @@
+ 		seteuid(saved_uid);
+ 		goto out;
+ 	}
++	/* On the first pass, do nothing except check that we have a password */
++	if ((flags & PAM_PRELIM_CHECK)) {
++		if (!old_passphrase)
++		{
++			syslog(LOG_WARNING, "eCryptfs PAM passphrase change "
++			       "module retrieved a NULL passphrase; nothing to "
++			       "do\n");
++			rc = PAM_AUTHTOK_RECOVER_ERR;
++		}
++		seteuid(saved_uid);
++		goto out;
++	}
+ 	if ((rc = pam_get_item(pamh, PAM_AUTHTOK,
+ 			       (const void **)&new_passphrase))
+ 	    != PAM_SUCCESS) {
+@@ -370,6 +382,7 @@
+ 		syslog(LOG_WARNING, "eCryptfs PAM passphrase change module "
+ 		       "retrieved at least one NULL passphrase; nothing to "
+ 		       "do\n");
++		rc = PAM_AUTHTOK_RECOVER_ERR;
+ 		goto out;
+ 	}
+ 	if ((rc = asprintf(&wrapped_pw_filename, "%s/.ecryptfs/%s", homedir,