--- libpam-radius-auth-1.3.16.orig/debian/control
+++ libpam-radius-auth-1.3.16/debian/control
@@ -0,0 +1,16 @@
+Source: libpam-radius-auth
+Maintainer: Fabio M. Di Nitto <fabbione@fabbione.net>
+Section: libs
+Priority: extra
+Standards-Version: 3.6.2
+Build-Depends: libpam0g-dev | libpam-dev, debhelper (>= 4.1.16)
+
+Package: libpam-radius-auth
+Architecture: any
+Depends: ${shlibs:Depends}
+Suggests: radius-server
+Description: The PAM RADIUS authentication module
+ This is the PAM to RADIUS authentication module. It allows any PAM-capable
+ machine to become a RADIUS client for authentication and accounting
+ requests. You will, however, need to supply your own RADIUS server to
+ perform the actual authentication
--- libpam-radius-auth-1.3.16.orig/debian/copyright
+++ libpam-radius-auth-1.3.16/debian/copyright
@@ -0,0 +1,54 @@
+This package was debianized by Fabio M. Di Nitto <fabbione@fabbione.net> on
+Thu, 31 Oct 2002 09:56:49 +0100
+
+It was downloaded from ftp://ftp.freeradius.org/pub/radius/
+
+Copyright (extracted from pam_radius_auth.c):
+
+/*
+ *  This module is a merger of an old version of pam_radius.c, and
+ * code which went into mod_auth_radius.c, with further modifications
+ * by Alan DeKok of CRYPTOCard Inc..
+ *
+ * The original pam_radius.c code is copyright (c) Cristian Gafton, 1996,
+ *                                             <gafton@redhat.com>
+ *
+ * The additional code is copyright (c) CRYPTOCard Inc, 1998.
+ *
+ *                                              All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, and the entire permission notice in its entirety,
+ *    including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior
+ *    written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions.  (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+On Debian GNU/Linux systems, the complete text of the GNU General
+Public License can be found in /usr/share/common-licenses/GPL file.
--- libpam-radius-auth-1.3.16.orig/debian/index.html
+++ libpam-radius-auth-1.3.16/debian/index.html
@@ -0,0 +1,36 @@
+<HTML>
+<HEAD>
+<TITLE><code>pam_radius_auth</CODE>: The PAM RADIUS authentication module</TITLE>
+<BODY BGCOLOR=#FFFFFF TEXT=#000000>
+
+<H1><code>pam_radius_auth</CODE>: The PAM RADIUS authentication module</H1>
+
+This is the PAM to RADIUS authentication module.  It allows any
+PAM-capable machine to become a RADIUS client for authentication and
+accounting requests.  You will need a RADIUS server to perform the
+actual authentication.
+
+<P><HR>
+<H2>Files included with the module</H2>
+
+<A HREF="../README.gz">README</A> <EM>Introduction and documentation</EM><BR>
+<A HREF="../examples/INSTALL.gz">INSTALL</A> <EM>Installation instructions</EM><BR>
+<A HREF="../USAGE.gz">USAGE</A> <EM>Module configuration and usage documentation</EM><BR>
+<A HREF="../changelog.gz">Changelog</A> <EM>What's changed</EM><BR>
+<A HREF="../examples/pam_radius_auth.conf">pam_radius_auth.conf</A> <EM>Sample
+configuration file for telling the client the location of the RADIUS server.</EM><BR>
+<A HREF="../examples/pam_example">Mini Debian HOWTO</A> <EM>C source file</EM><BR>
+<A HREF=""></A> <EM></EM><BR>
+
+
+<P><HR>
+<H2>Updates</H2>
+
+For the latest version and updates, see the main web or ftp site:
+<P>
+<A HREF="http://www.freeradius.org/pam_radius_auth/">http://www.freeradius.org/pam_radius_auth/</A><BR>
+<A HREF="ftp://ftp.freeradius.org/pub/radius/pam_radius_auth.tar">ftp://ftp.freeradius.org/pub/radius/pam_radius_auth.tar</A>
+<P><HR>
+<EM>$Id: index.html,v 1.4 2001/03/30 19:01:56 aland Exp $</EM>
+</BODY>
+</HTML>
--- libpam-radius-auth-1.3.16.orig/debian/pam_example
+++ libpam-radius-auth-1.3.16/debian/pam_example
@@ -0,0 +1,64 @@
+This is a simple and safe example on how to enable radius
+authentication to the console login on a Debian system and
+you are too lazy to read the USAGE documentation.
+
+Edit /etc/pam.d/login
+
+The default looks like:
+
+[SNIP]
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# This module parses /etc/environment (the standard for setting
+# environ vars) and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# (Replaces the `ENVIRON_FILE' setting from login.defs)
+auth       required   pam_env.so
+
+# Standard Un*x authentication. The "nullok" line allows passwordless
+# accounts.
+@include common-auth
+
+[SNIP]
+
+
+Insert the following line:
+
+auth       sufficient   pam_radius_auth.so
+
+AFTER
+
+auth       required   pam_env.so
+
+and BEFORE
+
+# Standard Un*x authentication. The "nullok" line allows passwordless
+# accounts.
+@include common-auth
+
+so that it will looks like:
+
+[SNIP]
+
+# This module parses /etc/environment (the standard for setting
+# environ vars) and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# (Replaces the `ENVIRON_FILE' setting from login.defs)
+auth       required   pam_env.so
+
+##### RADIUS #####
+auth       sufficient   pam_radius_auth.so
+
+# Standard Un*x authentication. The "nullok" line allows passwordless
+# accounts.
+@include common-auth
+
+[SNIP]
+
+Try now to login in one of the consoles using the radius password.
+If it fails the system will prompt again for a password. This time
+provide the local one.
+
--- libpam-radius-auth-1.3.16.orig/debian/README.Debian
+++ libpam-radius-auth-1.3.16/debian/README.Debian
@@ -0,0 +1,5 @@
+NOTE: The Debian version of libpam-radius-auth uses as default configuration
+file /etc/pam_radius_auth.conf.
+Upstream has a default set to /etc/raddb/server that does not fit in Debian.
+Be aware that the documentation references has not been changed and they
+reflect upstream setups.
--- libpam-radius-auth-1.3.16.orig/debian/rules
+++ libpam-radius-auth-1.3.16/debian/rules
@@ -0,0 +1,97 @@
+#!/usr/bin/make -f
+
+# Uncomment this to turn on verbose mode.
+export DH_VERBOSE=1
+
+# Build options.
+CC=gcc
+CFLAGS= -g -Wall -fPIC -DCONF_FILE=\"/etc/pam_radius_auth.conf\"
+LDFLAGS=
+
+ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
+	CFLAGS += -O0
+else
+	CFLAGS += -O2
+endif
+
+ifeq ($(DEB_HOST_GNU_CPU),(hppa|m68k|mips|powerpc|s390|sparc|sparc64|sheb))
+	CFLAGS += -DHIGHFIRST
+endif
+
+export CFLAGS
+export LDFLAGS
+export CC
+
+build: patch build-stamp
+
+build-stamp:
+	dh_testdir
+
+	# Add here commands to compile the package.
+	$(MAKE) -e
+
+	touch build-stamp
+
+patch:
+	if [ ! -f patch-stamp ]; then \
+	 patch -p1 < debian/patches/001.fix_Makefile.diff && \
+	 patch -p1 < debian/patches/002.CAN2005-0108.diff && \
+	 touch patch-stamp; \
+	fi
+
+unpatch:
+	if [ -f patch-stamp ]; then \
+	 patch -Rp1 < debian/patches/002.CAN2005-0108.diff && \
+	 patch -Rp1 < debian/patches/001.fix_Makefile.diff && \
+	 rm -f patch-stamp; \
+	fi
+
+clean: unpatch real-clean
+real-clean:
+	dh_testdir
+	dh_testroot
+	rm -f build-stamp
+
+	# Add here commands to clean up after the build process.
+	[ ! -f Makefile ] || $(MAKE) clean
+
+	dh_clean
+
+install: build
+	dh_testdir
+	dh_testroot
+	dh_clean -k
+	dh_installdirs /lib /lib/security /etc /usr/share/doc/libpam-radius-auth/html
+
+	install -p pam_radius_auth.so debian/libpam-radius-auth/lib/security/pam_radius_auth.so
+	install -p pam_radius_auth.conf debian/libpam-radius-auth/etc/pam_radius_auth.conf
+	install -p index.html debian/libpam-radius-auth/usr/share/doc/libpam-radius-auth/html/index.html
+	install -p debian/index.html debian/libpam-radius-auth/usr/share/doc/libpam-radius-auth/html/index.debian.html
+
+# Build architecture-independent
+binary-indep: build install
+	# nothing to do
+
+# Build architecture-dependent files here.
+binary-arch: build install
+	dh_testdir
+	dh_testroot
+	dh_installchangelogs Changelog
+	dh_installdocs README TODO USAGE debian/README.Debian
+	dh_installexamples pam_radius_auth.conf debian/pam_example INSTALL
+	dh_strip
+	dh_compress usr/share/doc/libpam-radius-auth/README\
+		    usr/share/doc/libpam-radius-auth/README.Debian\
+	            usr/share/doc/libpam-radius-auth/USAGE\
+		    usr/share/doc/libpam-radius-auth/examples/INSTALL
+	dh_fixperms
+	chmod 600 debian/libpam-radius-auth/etc/pam_radius_auth.conf
+	dh_makeshlibs
+	dh_installdeb
+	dh_shlibdeps
+	dh_gencontrol
+	dh_md5sums
+	dh_builddeb
+
+binary: binary-arch binary-indep
+.PHONY: build clean binary-arch binary install patch unpatch
--- libpam-radius-auth-1.3.16.orig/debian/compat
+++ libpam-radius-auth-1.3.16/debian/compat
@@ -0,0 +1 @@
+4
--- libpam-radius-auth-1.3.16.orig/debian/changelog
+++ libpam-radius-auth-1.3.16/debian/changelog
@@ -0,0 +1,202 @@
+libpam-radius-auth (1.3.16-4.4) unstable; urgency=low
+
+  * Non-maintainer upload to fix pending l10n issues.
+  * Remove debconf stuff that deals with a prehistoric transition.
+    Closes: #414926, #482458, #483032, #483081
+  * [Lintian] Set debhelper compatibility level in debian/compat
+  * [Lintian] No longer ignore errors in "make clean"
+  * [Lintian] Remove debian/conffiles that only contains a file in /etc
+    which is anyway automatically added
+
+ -- Christian Perrier <bubulle@debian.org>  Thu, 22 May 2008 19:14:50 +0200
+
+libpam-radius-auth (1.3.16-4.3) unstable; urgency=low
+
+  * NUM with maintainers consent
+  * Add German debconf translation. (Closes: #410536)
+
+ -- Helge Kreutzmann <debian@helgefjell.de>  Mon, 12 Feb 2007 18:01:57 +0100
+
+libpam-radius-auth (1.3.16-4.2) unstable; urgency=low
+
+  * NMU
+  * Add Spanish debconf translation. (Closes: #405445)
+
+ -- Javier Ruano <Javier.ruano@estudiante.uam.es>  Thu,  4 Jan 2007 14:08:51 +0100
+
+libpam-radius-auth (1.3.16-4.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Remove bashisms in debian/rules. (Closes: #379498)
+
+ -- Christine Spang <spang@mit.edu>  Wed, 23 Aug 2006 07:14:29 -0400
+
+libpam-radius-auth (1.3.16-4) unstable; urgency=low
+
+  * Add alternate Depends to unblock debconf-2.0 transition.
+  (Closes: #332003)
+
+  * Add Vietnamese debconf translation.
+  (Closes: #312442)
+
+  * Add Czech debconf translation.
+  (Closes: #316889)
+
+  * Add Swedish debconf translation.
+  (Closes: #333145)
+
+  * Bump standard version. No changes.
+
+ -- Fabio M. Di Nitto <fabbione@fabbione.net>  Sat, 15 Oct 2005 18:13:44 +0200
+
+libpam-radius-auth (1.3.16-3) unstable; urgency=high
+
+  * [SECURITY] Fix Denial of service:
+    - Add patch 002.CAN2005-0108.diff. (CAN2005-0108)
+
+  * Add french debconf translation. (Closes: #268027)
+
+  * Add dutch debconf translation. (Closes: #274897)
+
+ -- Fabio M. Di Nitto <fabbione@fabbione.net>  Wed, 19 Jan 2005 10:42:18 +0100
+
+libpam-radius-auth (1.3.16-2) unstable; urgency=high
+
+  * Acknowledge NMU. Thanks Michael for your help! (Closes: #266924)
+  * Remove spurious "echo foo1" from debian/config ;)
+
+ -- Fabio M. Di Nitto <fabbione@fabbione.net>  Mon, 23 Aug 2004 07:46:17 +0200
+
+libpam-radius-auth (1.3.16-1.2) unstable; urgency=high
+
+  * NMU: SECURITY: clarify logic in preinst
+
+ -- Michael Stone <mstone@debian.org>  Sat, 21 Aug 2004 11:26:34 -0400
+
+libpam-radius-auth (1.3.16-1.1) unstable; urgency=high
+
+  * NMU: SECURITY: fix incorrect permissions on /etc/pam_radius_auth.conf
+
+ -- Michael Stone <mstone@debian.org>  Sat, 21 Aug 2004 09:50:17 -0400
+
+libpam-radius-auth (1.3.16-1) unstable; urgency=low
+
+  * New upstream release
+  * New standard version: 3.6.1
+  * Removed patches that were accepted by upstream
+
+ -- Fabio M. Di Nitto <fabbione@fabbione.net>  Wed, 29 Oct 2003 07:12:50 +0100
+
+libpam-radius-auth (1.3.15-8) unstable; urgency=low
+
+  * New standard version 3.5.10
+  * fixed clean target in debian/rules
+  * fixed a call to the linker to avoid unresolved symbols on some archs
+    (Thanks to Jochen Friedrich <jochen@scram.de>)
+
+ -- Fabio M. Di Nitto <fabbione@fabbione.net>  Sun, 18 May 2003 10:05:07 +0200
+
+libpam-radius-auth (1.3.15-7) unstable; urgency=low
+
+  * The "fixed in NMU" upload fix (Closes: #188314)
+
+ -- Fabio M. Di Nitto <fabbione@fabbione.net>  Tue, 15 Apr 2003 07:05:44 +0200
+
+libpam-radius-auth (1.3.15-6) unstable; urgency=low
+
+  * Bumped standard version to: 3.5.9
+  * username (253 bytes) and password (128 bytes) length
+    are now RFC2138 compliant (Closes: #188314)
+
+ -- Fabio M. Di Nitto <fabbione@fabbione.net>  Thu, 10 Apr 2003 22:13:50 +0200
+
+libpam-radius-auth (1.3.15-5) unstable; urgency=low
+
+  * Reincluded the original INSTALL
+  * Included index.debian.html to point to the correct files.
+  * Added README.Debian with notes about configfile
+    location (Closes: #180576)
+
+ -- Fabio M. Di Nitto <fabbione@fabbione.net>  Mon, 10 Mar 2003 18:36:33 +0100
+
+libpam-radius-auth (1.3.15-4) unstable; urgency=low
+
+  * removed dh_testroot from debian/rules (build section)
+    to permit normal users to compile the package again
+
+ -- Fabio M. Di Nitto <fabbione@fabbione.net>  Thu, 16 Jan 2003 19:41:06 +0100
+
+libpam-radius-auth (1.3.15-3) unstable; urgency=low
+
+  * fixed a compilation warning for gcc3.2
+  * lintian and linda cleanup
+  * removed symlink in /usr/doc
+  * added two examples in the doc section
+  * updated to Standards-Version: 3.5.8
+  * new debian/rules to use debhelper
+  * moved *.diff in debian/patches
+
+ -- Fabio M. Di Nitto <fabbione@fabbione.net>  Thu, 16 Jan 2003 17:11:29 +0100
+
+libpam-radius-auth (1.3.15-2) unstable; urgency=low
+
+  * New maintainer upload, closes: #151254
+  * s/-Bshareable/-shared/g, closes: #156962
+  * made Suggests: point to radius-server, closes: #153987
+
+ -- Fabio M. Di Nitto <fabbione@fabbione.net>  Thu, 24 Oct 2002 22:35:23 +0200
+
+libpam-radius-auth (1.3.15-1) unstable; urgency=high (for big endians)
+
+  * New upstream release.
+  * It now compiles correctly for big endian architectures, closes: #149323
+  * Also it compiles correctly for 64-bit architectures.
+  * Removed misleading note in conffile, closes: #144502
+
+ -- Piotr Roszatycki <dexter@debian.org>  Tue, 11 Jun 2002 12:38:40 +0200
+
+libpam-radius-auth (1.3.14-1) unstable; urgency=low
+
+  * New upstream release, closes: #108189
+
+ -- Piotr Roszatycki <dexter@debian.org>  Mon, 27 Aug 2001 19:44:08 +0200
+
+libpam-radius-auth (1.3.13-1) unstable; urgency=low
+
+  * New upstream release
+  * Lintian clean
+
+ -- Piotr Roszatycki <dexter@debian.org>  Tue, 10 Jul 2001 16:10:09 +0200
+
+libpam-radius-auth (1.3.11-3) unstable; urgency=low
+
+  * Removed yada from Debian source, closes: #89268
+
+ -- Piotr Roszatycki <dexter@debian.org>  Tue, 13 Mar 2001 13:26:32 +0100
+
+libpam-radius-auth (1.3.11-2) unstable; urgency=low
+
+  * New yada and standards.
+  * Updates Build-Depends, closes: #84941
+
+ -- Piotr Roszatycki <dexter@debian.org>  Thu, 15 Feb 2001 18:47:23 +0000
+
+libpam-radius-auth (1.3.11-1) unstable; urgency=low
+
+  * New upstream release
+
+ -- Piotr Roszatycki <dexter@debian.org>  Wed, 19 Jul 2000 18:43:52 +0200
+
+libpam-radius-auth (1.3.10-2) unstable; urgency=medium
+
+  * New upstream source from CVS server.
+  * This version works well with ppp.
+
+ -- Piotr Roszatycki <dexter@debian.org>  Tue, 18 Jul 2000 17:29:06 +0200
+
+libpam-radius-auth (1.3.10-1) unstable; urgency=low
+
+  * UNRELEASED
+  * Initial Debian version.
+
+ -- Piotr Roszatycki <dexter@debian.org>  Sat, 15 Jul 2000 15:30:45 +0200
--- libpam-radius-auth-1.3.16.orig/debian/patches/001.fix_Makefile.diff
+++ libpam-radius-auth-1.3.16/debian/patches/001.fix_Makefile.diff
@@ -0,0 +1,12 @@
+diff -Naurd libpam-radius-auth-1.3.15.org/Makefile libpam-radius-auth-1.3.15/Makefile
+--- libpam-radius-auth-1.3.15.org/Makefile	2002-10-31 09:22:26.000000000 +0100
++++ libpam-radius-auth-1.3.15/Makefile	2002-10-31 09:22:50.000000000 +0100
+@@ -39,7 +39,7 @@
+ #  On Solaris, you might try using '-G', instead.
+ #
+ pam_radius_auth.so: pam_radius_auth.o md5.o
+-	ld -Bshareable pam_radius_auth.o md5.o -lpam -o pam_radius_auth.so
++	gcc -shared pam_radius_auth.o md5.o -lpam -lc -o pam_radius_auth.so
+ 
+ ######################################################################
+ #
--- libpam-radius-auth-1.3.16.orig/debian/patches/002.CAN2005-0108.diff
+++ libpam-radius-auth-1.3.16/debian/patches/002.CAN2005-0108.diff
@@ -0,0 +1,13 @@
+diff -Naurd libpam-radius-auth-1.3.16.orig/pam_radius_auth.c libpam-radius-auth-1.3.16/pam_radius_auth.c
+--- libpam-radius-auth-1.3.16.orig/pam_radius_auth.c	2003-02-27 18:01:07.000000000 +0000
++++ libpam-radius-auth-1.3.16/pam_radius_auth.c	2005-01-19 09:48:04.000000000 +0000
+@@ -1176,6 +1176,9 @@
+       goto error;
+     }
+     
++    if (a_reply->length < 2 || a_state->length < 2)
++      goto error;
++    
+     memcpy(challenge, a_reply->data, a_reply->length - 2);
+     challenge[a_reply->length - 2] = 0;
+