pam: Update to version 1.6.0

- Update from version 1.5.3 to 1.6.0
- Update of rootfile
- A build bug was found with 1.6.0 if --enable-read-both-confs was set in the configure.
   A commit fixing this has been released and converted into a patch for IPFire. This
   will end up in the next pam release version and the IPFire patch can then be removed.
- Changelog
    1.6.0
	* Added support of configuration files with arbitrarily long lines.
	* build: fixed build outside of the source tree.
	* libpam: added use of getrandom(2) as a source of randomness if available.
	* libpam: fixed calculation of fail delay with very long delays.
	* libpam: fixed potential infinite recursion with includes.
	* libpam: implemented string to number conversions validation when parsing
	  controls in configuration.
	* pam_access: added quiet_log option.
	* pam_access: fixed truncation of very long group names.
	* pam_canonicalize_user: new module to canonicalize user name.
	* pam_echo: fixed file handling to prevent overflows and short reads.
	* pam_env: added support of '\' character in environment variable values.
	* pam_exec: allowed expose_authtok for password PAM_TYPE.
	* pam_exec: fixed stack overflow with binary output of programs.
	* pam_faildelay: implemented parameter ranges validation.
	* pam_listfile: changed to treat \r and \n exactly the same in configuration.
	* pam_mkhomedir: hardened directory creation against timing attacks.
	  Please note that using *at functions leads to more open file handles
	  during creation.
	* pam_namespace: fixed potential local DoS (CVE-2024-22365).
	* pam_nologin: fixed file handling to prevent short reads.
	* pam_pwhistory: helper binary is now built only if SELinux support is enabled.
	* pam_pwhistory: implemented reliable usernames handling when remembering
	  passwords.
	* pam_shells: changed to allow shell entries with absolute paths only.
	* pam_succeed_if: fixed treating empty strings as numerical value 0.
	* pam_unix: added support of disabled password aging.
	* pam_unix: synchronized password aging with shadow.
	* pam_unix: implemented string to number conversions validation.
	* pam_unix: fixed truncation of very long user names.
	* pam_unix: corrected rounds retrieval for configured encryption method.
	* pam_unix: implemented reliable usernames handling when remembering passwords.
	* pam_unix: changed to always run the helper to obtain shadow password entries.
	* pam_unix: unix_update helper binary is now built only if SELinux support
	  is enabled.
	* pam_unix: added audit support to unix_update helper.
	* pam_userdb: added gdbm support.
	* Multiple minor bug fixes, portability fixes, documentation improvements,
	  and translation updates.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

src/patches/Linux-PAM-1.6.0-libpam:_fix_build_with_--enable-read-both-confs.patch

@@ -0,0 +1,11 @@
+--- Linux-PAM-1.6.0/libpam/pam_handlers.c.orig	2024-01-17 11:29:36.000000000 +0100
++++ Linux-PAM-1.6.0/libpam/pam_handlers.c	2024-01-22 16:02:45.546376172 +0100
+@@ -500,7 +500,7 @@
+ 
+ 		if (pamh->confdir == NULL
+ 		    && (f = fopen(PAM_CONFIG,"r")) != NULL) {
+-		    retval = _pam_parse_conf_file(pamh, f, NULL, PAM_T_ANY, 0, 1);
++		    retval = _pam_parse_conf_file(pamh, f, NULL, PAM_T_ANY, 0, 0, 1);
+ 		    fclose(f);
+ 		} else
+ #endif /* PAM_READ_BOTH_CONFS */