Package: libpam-modules Version: 1.1.8-3.1+deb8u1 Severity: important Dear Maintainer,
The update for pam in Jessie (1.1.8-3.1+deb8u1) introduces differences in files in a Multi-Arch: same package. The man pages pam_exec.8.gz and pam_unix.8.gz contain different information. Unpacking and comparing the two packages: $ diff -r libpam-modules_1.1.8-3.1+deb8u1_amd64 libpam-modules_1.1.8-3.1+deb8u1_i386 Only in libpam-modules_1.1.8-3.1+deb8u1_i386/lib: i386-linux-gnu Only in libpam-modules_1.1.8-3.1+deb8u1_amd64/lib: x86_64-linux-gnu Binary files libpam-modules_1.1.8-3.1+deb8u1_amd64/usr/share/man/man8/pam_exec.8.gz and libpam-modules_1.1.8-3.1+deb8u1_i386/usr/share/man/man8/pam_exec.8.gz differ Binary files libpam-modules_1.1.8-3.1+deb8u1_amd64/usr/share/man/man8/pam_unix.8.gz and libpam-modules_1.1.8-3.1+deb8u1_i386/usr/share/man/man8/pam_unix.8.gz differ $ diff -r libpam-modules_1.1.8-3.1+deb8u1_amd64 libpam-modules_1.1.8-3.1+deb8u1_i386 Only in libpam-modules_1.1.8-3.1+deb8u1_i386/lib: i386-linux-gnu Only in libpam-modules_1.1.8-3.1+deb8u1_amd64/lib: x86_64-linux-gnu diff -r libpam-modules_1.1.8-3.1+deb8u1_amd64/usr/share/man/man8/pam_exec.8 libpam-modules_1.1.8-3.1+deb8u1_i386/usr/share/man/man8/pam_exec.8 5c5 < .\" Date: 01/07/2016 --- > .\" Date: 09/19/2013 10c10 < .TH "PAM_EXEC" "8" "01/07/2016" "Linux-PAM Manual" "Linux\-PAM Manual" --- > .TH "PAM_EXEC" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" 68,70c68 < \fBstdin\fR(3)\&. Only first < \fIPAM_MAX_RESP_SIZE\fR < bytes of a password are provided to the command\&. --- > \fBstdin\fR(3)\&. diff -r libpam-modules_1.1.8-3.1+deb8u1_amd64/usr/share/man/man8/pam_unix.8 libpam-modules_1.1.8-3.1+deb8u1_i386/usr/share/man/man8/pam_unix.8 5c5 < .\" Date: 01/07/2016 --- > .\" Date: 09/19/2013 10c10 < .TH "PAM_UNIX" "8" "01/07/2016" "Linux-PAM Manual" "Linux\-PAM Manual" --- > .TH "PAM_UNIX" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" 58,61d57 < .PP < The maximum length of a password supported by the pam_unix module via the helper binary is < \fIPAM_MAX_RESP_SIZE\fR < \- currently 512 bytes\&. The rest of the password provided by the conversation function to the module will be ignored\&. It would appear that the i386 and amd64 packages were built from different sources or with different patches applied. Three issues: * why are there different sources and was something missed out in one of these builds? (Presumably the i386 build based on that output) * where are the sources as per our DFSG obligations? * These M-A: same packages are now no longer co-installable. Either of the first two points may warrent increasing the severity of this bug. I've not checked other architectures but it obviously makes sense to do so as a next step. cheers Stuart -- System Information: Debian Release: 8.3 APT prefers stable-updates APT policy: (550, 'stable-updates'), (550, 'proposed-updates'), (550, 'stable'), (60, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages libpam-modules depends on: ii debconf [debconf-2.0] 1.5.56 ii libaudit1 1:2.4-1+b1 ii libc6 2.19-18+deb8u2 ii libdb5.3 5.3.28-9 ii libpam-modules-bin 1.1.8-3.1+deb8u1 ii libpam0g 1.1.8-3.1+deb8u1 ii libselinux1 2.3-2 libpam-modules recommends no packages. libpam-modules suggests no packages. -- debconf information excluded
