linux-pam: pull upstream fix to restore empty password handling

Before the change the login into users without passwords was failing: https://github.com/NixOS/nixpkgs/issues/297920 It used to work when `linux-pam` used direct `shadow` access when ran as root. The switch to external helper have broken that use case. Let's pull accepted upstream fix to restore empty password handling.
author: Sergei Trofimovich <slyich@gmail.com> 2024-03-25 19:27:46 +0000
committer: Sergei Trofimovich <slyich@gmail.com> 2024-03-29 12:12:23 +0000
commit: 26154be2779fbe3f8cd9b8903710ecc8a86c9dd1 (patch)
tree: f63099b8af02c79007f13a2ebc878456a1a8d185
parent: 0ea4f4d8af2f83ca26f804451d985621c130d82a (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/pkgs/os-specific/linux/pam/default.nix b/pkgs/os-specific/linux/pam/default.nix
index c956dfad4c64f..2b0c327fbc2e6 100644
--- a/pkgs/os-specific/linux/pam/default.nix
+++ b/pkgs/os-specific/linux/pam/default.nix
@@ -22,6 +22,15 @@ stdenv.mkDerivation rec {
       url = "https://github.com/linux-pam/linux-pam/commit/cc9d40b7cdbd3e15ccaa324a0dda1680ef9dea13.patch";
       hash = "sha256-tCnH2yPO4dBbJOZA0fP2gm1EavHRMEJyfzB5Vy7YjAA=";
     })
+
+    # Resotre handling of empty passwords:
+    #   https://github.com/linux-pam/linux-pam/pull/784
+    # TODO: drop upstreamed patch on 1.6.1 update.
+    (fetchpatch {
+      name = "revert-unconditional-helper.patch";
+      url = "https://github.com/linux-pam/linux-pam/commit/8d0c575336ad301cd14e16ad2fdec6fe621764b8.patch";
+      hash = "sha256-z9KfMxxqXQVnmNaixaVjLnQqaGsH8MBHhHbiP/8fvhE=";
+    })
   ];
 
   # Case-insensitivity workaround for https://github.com/linux-pam/linux-pam/issues/569
author	Sergei Trofimovich <slyich@gmail.com>	2024-03-25 19:27:46 +0000
committer	Sergei Trofimovich <slyich@gmail.com>	2024-03-29 12:12:23 +0000
commit	26154be2779fbe3f8cd9b8903710ecc8a86c9dd1 (patch)
tree	f63099b8af02c79007f13a2ebc878456a1a8d185
parent	0ea4f4d8af2f83ca26f804451d985621c130d82a (diff)