diff --git a/SOURCES/pam-1.5.1-pam-faillock-avoid-logging-erroneous.patch b/SOURCES/pam-1.5.1-pam-faillock-avoid-logging-erroneous.patch
new file mode 100644
index 0000000..016bb15
--- /dev/null
+++ b/SOURCES/pam-1.5.1-pam-faillock-avoid-logging-erroneous.patch
@@ -0,0 +1,37 @@
+From 10086bc69663fa819277af244eeb5b629a2403b8 Mon Sep 17 00:00:00 2001
+From: Deepak Das <ddas@redhat.com>
+Date: Mon, 10 Oct 2022 21:21:35 +0530
+Subject: [PATCH] pam_faillock: avoid logging an erroneous consecutive login
+ failure message
+
+* modules/pam_faillock/pam_faillock.c (write_tally): Avoid logging
+a consecutive login failure message for the root user in case when
+even_deny_root is not set.
+
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2082442
+---
+ modules/pam_faillock/pam_faillock.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/modules/pam_faillock/pam_faillock.c b/modules/pam_faillock/pam_faillock.c
+index ddbb90e7..ca1c7035 100644
+--- a/modules/pam_faillock/pam_faillock.c
++++ b/modules/pam_faillock/pam_faillock.c
+@@ -374,9 +374,11 @@ write_tally(pam_handle_t *pamh, struct options *opts, struct tally_data *tallies
+ 		}
+ 		close(audit_fd);
+ #endif
+-		if (!(opts->flags & FAILLOCK_FLAG_NO_LOG_INFO)) {
+-			pam_syslog(pamh, LOG_INFO, "Consecutive login failures for user %s account temporarily locked",
+-				opts->user);
++		if (!(opts->flags & FAILLOCK_FLAG_NO_LOG_INFO) &&
++		    ((opts->flags & FAILLOCK_FLAG_DENY_ROOT) || (opts->uid != 0))) {
++			pam_syslog(pamh, LOG_INFO,
++				   "Consecutive login failures for user %s account temporarily locked",
++				   opts->user);
+ 		}
+ 	}
+ 
+-- 
+2.38.1
+
diff --git a/SOURCES/pam-1.5.1-pam-faillock-clarify-missing-user.patch b/SOURCES/pam-1.5.1-pam-faillock-clarify-missing-user.patch
new file mode 100644
index 0000000..3f15eb8
--- /dev/null
+++ b/SOURCES/pam-1.5.1-pam-faillock-clarify-missing-user.patch
@@ -0,0 +1,53 @@
+From bcbf145ce925934214e48200c27c9ff736452549 Mon Sep 17 00:00:00 2001
+From: Deepak Das <ddas@redhat.com>
+Date: Mon, 10 Oct 2022 17:55:53 +0530
+Subject: [PATCH] pam_faillock: Clarify missing user faillock files after
+ reboot
+
+* modules/pam_faillock/faillock.conf.5.xml: Adding note related to missing
+user specific faillock files after reboot.
+
+* modules/pam_faillock/pam_faillock.8.xml: Adding note related to missing
+user specific faillock files after reboot.
+
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2062512
+---
+ modules/pam_faillock/faillock.conf.5.xml | 4 ++++
+ modules/pam_faillock/pam_faillock.8.xml  | 6 ++++++
+ 2 files changed, 10 insertions(+)
+
+diff --git a/modules/pam_faillock/faillock.conf.5.xml b/modules/pam_faillock/faillock.conf.5.xml
+index 04a84107..8faa5915 100644
+--- a/modules/pam_faillock/faillock.conf.5.xml
++++ b/modules/pam_faillock/faillock.conf.5.xml
+@@ -44,6 +44,10 @@
+                   The directory where the user files with the failure records are kept. The
+                   default is <filename>/var/run/faillock</filename>.
+                 </para>
++                <para>
++                  Note: These files will disappear after reboot on systems configured with
++                  directory <filename>/var/run/faillock</filename> mounted on virtual memory.
++                </para>
+               </listitem>
+             </varlistentry>
+             <varlistentry>
+diff --git a/modules/pam_faillock/pam_faillock.8.xml b/modules/pam_faillock/pam_faillock.8.xml
+index 79bcbbd0..b7b7b0db 100644
+--- a/modules/pam_faillock/pam_faillock.8.xml
++++ b/modules/pam_faillock/pam_faillock.8.xml
+@@ -327,6 +327,12 @@ session  required       pam_selinux.so open
+         <term><filename>/var/run/faillock/*</filename></term>
+         <listitem>
+           <para>the files logging the authentication failures for users</para>
++          <para>
++            Note: These files will disappear after reboot on systems configured with
++            directory <filename>/var/run/faillock</filename> mounted on virtual memory.
++            For persistent storage use the option <emphasis>dir=</emphasis> in
++            file <filename>/etc/security/faillock.conf</filename>.
++          </para>
+         </listitem>
+       </varlistentry>
+       <varlistentry>
+-- 
+2.38.1
+
diff --git a/SOURCES/pam-1.5.1-pam-lastlog-check-localtime_r-return-value.patch b/SOURCES/pam-1.5.1-pam-lastlog-check-localtime_r-return-value.patch
new file mode 100644
index 0000000..80ad508
--- /dev/null
+++ b/SOURCES/pam-1.5.1-pam-lastlog-check-localtime_r-return-value.patch
@@ -0,0 +1,41 @@
+From 40c271164dbcebfc5304d0537a42fb42e6b6803c Mon Sep 17 00:00:00 2001
+From: Iker Pedrosa <ipedrosa@redhat.com>
+Date: Mon, 26 Sep 2022 12:16:53 +0200
+Subject: [PATCH] pam_lastlog: check localtime_r() return value
+
+Check the return value of localtime_r() before calling strftime(). This
+function crashes if the argument is NULL.
+
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2012871
+
+Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
+---
+ modules/pam_lastlog/pam_lastlog.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/modules/pam_lastlog/pam_lastlog.c b/modules/pam_lastlog/pam_lastlog.c
+index abd048df..121e7560 100644
+--- a/modules/pam_lastlog/pam_lastlog.c
++++ b/modules/pam_lastlog/pam_lastlog.c
+@@ -573,12 +573,12 @@ last_login_failed(pam_handle_t *pamh, int announce, const char *user, time_t llt
+ 	    time_t lf_time;
+ 
+ 	    lf_time = utuser.ut_tv.tv_sec;
+-	    tm = localtime_r (&lf_time, &tm_buf);
+-	    strftime (the_time, sizeof (the_time),
+-	        /* TRANSLATORS: "strftime options for date of last login" */
+-		_(" %a %b %e %H:%M:%S %Z %Y"), tm);
+-
+-	    date = the_time;
++	    if ((tm = localtime_r (&lf_time, &tm_buf)) != NULL) {
++	        strftime (the_time, sizeof (the_time),
++	            /* TRANSLATORS: "strftime options for date of last login" */
++	                  _(" %a %b %e %H:%M:%S %Z %Y"), tm);
++	        date = the_time;
++	    }
+ 	}
+ 
+ 	/* we want & have the host? */
+-- 
+2.38.1
+
diff --git a/SOURCES/pam-1.5.1-pam-pwhistory-load-conf-from-file.patch b/SOURCES/pam-1.5.1-pam-pwhistory-load-conf-from-file.patch
new file mode 100644
index 0000000..4320292
--- /dev/null
+++ b/SOURCES/pam-1.5.1-pam-pwhistory-load-conf-from-file.patch
@@ -0,0 +1,489 @@
+diff -up Linux-PAM-1.5.1/modules/pam_pwhistory/Makefile.am.pam-pwhistory-load-conf-from-file Linux-PAM-1.5.1/modules/pam_pwhistory/Makefile.am
+--- Linux-PAM-1.5.1/modules/pam_pwhistory/Makefile.am.pam-pwhistory-load-conf-from-file	2020-11-25 17:57:02.000000000 +0100
++++ Linux-PAM-1.5.1/modules/pam_pwhistory/Makefile.am	2022-08-22 09:08:48.916487811 +0200
+@@ -9,9 +9,10 @@ MAINTAINERCLEANFILES = $(MANS) README
+ EXTRA_DIST = $(XMLS)
+ 
+ if HAVE_DOC
+-dist_man_MANS = pam_pwhistory.8 pwhistory_helper.8
++dist_man_MANS = pam_pwhistory.8 pwhistory_helper.8 pwhistory.conf.5
+ endif
+-XMLS = README.xml pam_pwhistory.8.xml pwhistory_helper.8.xml
++XMLS = README.xml pam_pwhistory.8.xml pwhistory_helper.8.xml \
++  pwhistory.conf.5.xml
+ dist_check_SCRIPTS = tst-pam_pwhistory
+ TESTS = $(dist_check_SCRIPTS)
+ 
+@@ -26,12 +27,14 @@ if HAVE_VERSIONING
+   pam_pwhistory_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
+ endif
+ 
+-noinst_HEADERS = opasswd.h
++noinst_HEADERS = opasswd.h pwhistory_config.h
++
++dist_secureconf_DATA = pwhistory.conf
+ 
+ securelib_LTLIBRARIES = pam_pwhistory.la
+ pam_pwhistory_la_CFLAGS = $(AM_CFLAGS)
+ pam_pwhistory_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBCRYPT@ @LIBSELINUX@
+-pam_pwhistory_la_SOURCES = pam_pwhistory.c opasswd.c
++pam_pwhistory_la_SOURCES = pam_pwhistory.c opasswd.c pwhistory_config.c
+ 
+ sbin_PROGRAMS = pwhistory_helper
+ pwhistory_helper_CFLAGS = $(AM_CFLAGS) -DHELPER_COMPILE=\"pwhistory_helper\" @EXE_CFLAGS@
+diff -up Linux-PAM-1.5.1/modules/pam_pwhistory/pam_pwhistory.8.xml.pam-pwhistory-load-conf-from-file Linux-PAM-1.5.1/modules/pam_pwhistory/pam_pwhistory.8.xml
+--- Linux-PAM-1.5.1/modules/pam_pwhistory/pam_pwhistory.8.xml.pam-pwhistory-load-conf-from-file	2020-11-25 17:57:02.000000000 +0100
++++ Linux-PAM-1.5.1/modules/pam_pwhistory/pam_pwhistory.8.xml	2022-08-22 09:13:08.715628372 +0200
+@@ -36,6 +36,9 @@
+       <arg choice="opt">
+         authtok_type=<replaceable>STRING</replaceable>
+       </arg>
++      <arg choice="opt">
++	      conf=<replaceable>/path/to/config-file</replaceable>
++      </arg>
+ 
+     </cmdsynopsis>
+   </refsynopsisdiv>
+@@ -104,7 +107,7 @@
+         <listitem>
+           <para>
+             The last <replaceable>N</replaceable> passwords for each
+-            user are saved in <filename>/etc/security/opasswd</filename>.
++            user are saved.
+             The default is <emphasis>10</emphasis>. Value of
+             <emphasis>0</emphasis> makes the module to keep the existing
+             contents of the <filename>opasswd</filename> file unchanged.
+@@ -137,7 +140,26 @@
+           </listitem>
+         </varlistentry>
+ 
++        <varlistentry>
++          <term>
++            <option>conf=<replaceable>/path/to/config-file</replaceable></option>
++          </term>
++          <listitem>
++            <para>
++              Use another configuration file instead of the default
++              <filename>/etc/security/pwhistory.conf</filename>.
++            </para>
++          </listitem>
++        </varlistentry>
++
+     </variablelist>
++    <para>
++      The options for configuring the module behavior are described in the
++      <citerefentry><refentrytitle>pwhistory.conf</refentrytitle>
++      <manvolnum>5</manvolnum></citerefentry> manual page. The options
++      specified on the module command line override the values from the
++      configuration file.
++    </para>
+   </refsect1>
+ 
+   <refsect1 id="pam_pwhistory-types">
+@@ -223,6 +245,9 @@ password     required       pam_unix.so
+     <title>SEE ALSO</title>
+     <para>
+       <citerefentry>
++	<refentrytitle>pwhistory.conf</refentrytitle><manvolnum>5</manvolnum>
++      </citerefentry>,
++      <citerefentry>
+ 	<refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
+       </citerefentry>,
+       <citerefentry>
+diff -up Linux-PAM-1.5.1/modules/pam_pwhistory/pam_pwhistory.c.pam-pwhistory-load-conf-from-file Linux-PAM-1.5.1/modules/pam_pwhistory/pam_pwhistory.c
+--- Linux-PAM-1.5.1/modules/pam_pwhistory/pam_pwhistory.c.pam-pwhistory-load-conf-from-file	2020-11-25 17:57:02.000000000 +0100
++++ Linux-PAM-1.5.1/modules/pam_pwhistory/pam_pwhistory.c	2022-08-22 09:11:34.949855242 +0200
+@@ -63,14 +63,8 @@
+ 
+ #include "opasswd.h"
+ #include "pam_inline.h"
++#include "pwhistory_config.h"
+ 
+-struct options_t {
+-  int debug;
+-  int enforce_for_root;
+-  int remember;
+-  int tries;
+-};
+-typedef struct options_t options_t;
+ 
+ 
+ static void
+@@ -299,6 +293,8 @@ pam_sm_chauthtok (pam_handle_t *pamh, in
+   options.remember = 10;
+   options.tries = 1;
+ 
++  parse_config_file(pamh, argc, argv, &options);
++
+   /* Parse parameters for module */
+   for ( ; argc-- > 0; argv++)
+     parse_option (pamh, *argv, &options);
+@@ -306,7 +302,6 @@ pam_sm_chauthtok (pam_handle_t *pamh, in
+   if (options.debug)
+     pam_syslog (pamh, LOG_DEBUG, "pam_sm_chauthtok entered");
+ 
+-
+   if (options.remember == 0)
+     return PAM_IGNORE;
+ 
+diff -up Linux-PAM-1.5.1/modules/pam_pwhistory/pwhistory.conf.5.xml.pam-pwhistory-load-conf-from-file Linux-PAM-1.5.1/modules/pam_pwhistory/pwhistory.conf.5.xml
+--- Linux-PAM-1.5.1/modules/pam_pwhistory/pwhistory.conf.5.xml.pam-pwhistory-load-conf-from-file	2022-08-22 09:08:48.916487811 +0200
++++ Linux-PAM-1.5.1/modules/pam_pwhistory/pwhistory.conf.5.xml	2022-08-22 09:08:48.916487811 +0200
+@@ -0,0 +1,155 @@
++<?xml version="1.0" encoding='UTF-8'?>
++<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
++	"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
++
++<refentry id="pwhistory.conf">
++
++  <refmeta>
++    <refentrytitle>pwhistory.conf</refentrytitle>
++    <manvolnum>5</manvolnum>
++    <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
++  </refmeta>
++
++  <refnamediv id="pwhistory.conf-name">
++    <refname>pwhistory.conf</refname>
++    <refpurpose>pam_pwhistory configuration file</refpurpose>
++  </refnamediv>
++
++  <refsect1 id="pwhistory.conf-description">
++
++    <title>DESCRIPTION</title>
++    <para>
++       <emphasis remap='B'>pwhistory.conf</emphasis> provides a way to configure the
++       default settings for saving the last passwords for each user.
++       This file is read by the <emphasis>pam_pwhistory</emphasis> module and is the
++       preferred method over configuring <emphasis>pam_pwhistory</emphasis> directly.
++    </para>
++    <para>
++       The file has a very simple <emphasis>name = value</emphasis> format with possible comments
++       starting with <emphasis>#</emphasis> character. The whitespace at the beginning of line, end
++       of line, and around the <emphasis>=</emphasis> sign is ignored.
++    </para>
++  </refsect1>
++
++  <refsect1 id="pwhistory.conf-options">
++
++    <title>OPTIONS</title>
++         <variablelist>
++            <varlistentry>
++              <term>
++                <option>debug</option>
++              </term>
++              <listitem>
++                <para>
++                  Turns on debugging via
++                  <citerefentry>
++                    <refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum>
++                  </citerefentry>.
++                </para>
++              </listitem>
++            </varlistentry>
++            <varlistentry>
++              <term>
++                <option>enforce_for_root</option>
++              </term>
++              <listitem>
++                <para>
++                  If this option is set, the check is enforced for root, too.
++                </para>
++              </listitem>
++            </varlistentry>
++            <varlistentry>
++              <term>
++                <option>remember=<replaceable>N</replaceable></option>
++              </term>
++              <listitem>
++                <para>
++                  The last <replaceable>N</replaceable> passwords for each
++                  user are saved.
++                  The default is <emphasis>10</emphasis>. Value of
++                  <emphasis>0</emphasis> makes the module to keep the existing
++                  contents of the <filename>opasswd</filename> file unchanged.
++                </para>
++              </listitem>
++            </varlistentry>
++            <varlistentry>
++              <term>
++                <option>retry=<replaceable>N</replaceable></option>
++              </term>
++              <listitem>
++                <para>
++                  Prompt user at most <replaceable>N</replaceable> times
++                  before returning with error. The default is 1.
++                </para>
++              </listitem>
++            </varlistentry>
++            <varlistentry>
++              <term>
++                <option>file=<replaceable>/path/filename</replaceable></option>
++              </term>
++              <listitem>
++                <para>
++                  Store password history in file
++                  <replaceable>/path/filename</replaceable> rather than the default
++                  location. The default location is
++	                <filename>/etc/security/opasswd</filename>.
++                </para>
++              </listitem>
++            </varlistentry>
++        </variablelist>
++  </refsect1>
++
++  <refsect1 id='pwhistory.conf-examples'>
++    <title>EXAMPLES</title>
++    <para>
++      /etc/security/pwhistory.conf file example:
++    </para>
++    <programlisting>
++debug
++remember=5
++file=/tmp/opasswd
++    </programlisting>
++  </refsect1>
++
++  <refsect1 id="pwhistory.conf-files">
++    <title>FILES</title>
++    <variablelist>
++      <varlistentry>
++        <term><filename>/etc/security/pwhistory.conf</filename></term>
++        <listitem>
++          <para>the config file for custom options</para>
++        </listitem>
++      </varlistentry>
++    </variablelist>
++  </refsect1>
++
++  <refsect1 id='pwhistory.conf-see_also'>
++    <title>SEE ALSO</title>
++    <para>
++      <citerefentry>
++        <refentrytitle>pwhistory</refentrytitle><manvolnum>8</manvolnum>
++      </citerefentry>,
++      <citerefentry>
++        <refentrytitle>pam_pwhistory</refentrytitle><manvolnum>8</manvolnum>
++      </citerefentry>,
++      <citerefentry>
++        <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
++      </citerefentry>,
++      <citerefentry>
++        <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
++      </citerefentry>,
++      <citerefentry>
++        <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
++      </citerefentry>
++    </para>
++  </refsect1>
++
++  <refsect1 id='pwhistory.conf-author'>
++    <title>AUTHOR</title>
++      <para>
++        pam_pwhistory was written by Thorsten Kukuk. The support for
++        pwhistory.conf was written by Iker Pedrosa.
++      </para>
++  </refsect1>
++
++</refentry>
+diff -up Linux-PAM-1.5.1/modules/pam_pwhistory/pwhistory_config.c.pam-pwhistory-load-conf-from-file Linux-PAM-1.5.1/modules/pam_pwhistory/pwhistory_config.c
+--- Linux-PAM-1.5.1/modules/pam_pwhistory/pwhistory_config.c.pam-pwhistory-load-conf-from-file	2022-08-22 09:08:48.916487811 +0200
++++ Linux-PAM-1.5.1/modules/pam_pwhistory/pwhistory_config.c	2022-08-22 09:08:48.916487811 +0200
+@@ -0,0 +1,115 @@
++/*
++ * Copyright (c) 2022 Iker Pedrosa <ipedrosa@redhat.com>
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, and the entire permission notice in its entirety,
++ *    including the disclaimer of warranties.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in the
++ *    documentation and/or other materials provided with the distribution.
++ * 3. The name of the author may not be used to endorse or promote
++ *    products derived from this software without specific prior
++ *    written permission.
++ *
++ * ALTERNATIVELY, this product may be distributed under the terms of
++ * the GNU Public License, in which case the provisions of the GPL are
++ * required INSTEAD OF the above restrictions.  (This clause is
++ * necessary due to a potential bad interaction between the GPL and
++ * the restrictions contained in a BSD-style copyright.)
++ *
++ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
++ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
++ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
++ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
++ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
++ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ */
++
++#include "config.h"
++
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <syslog.h>
++
++#include <security/pam_modutil.h>
++
++#include "pam_inline.h"
++#include "pwhistory_config.h"
++
++#define PWHISTORY_DEFAULT_CONF "/etc/security/pwhistory.conf"
++
++void
++parse_config_file(pam_handle_t *pamh, int argc, const char **argv,
++                  struct options_t *options)
++{
++    const char *fname = NULL;
++    int i;
++    char *val;
++
++    for (i = 0; i < argc; ++i) {
++        const char *str = pam_str_skip_prefix(argv[i], "conf=");
++
++        if (str != NULL) {
++            fname = str;
++        }
++    }
++
++    if (fname == NULL) {
++        fname = PWHISTORY_DEFAULT_CONF;
++    }
++
++    val = pam_modutil_search_key (pamh, fname, "debug");
++    if (val != NULL) {
++        options->debug = 1;
++        free(val);
++    }
++
++    val = pam_modutil_search_key (pamh, fname, "enforce_for_root");
++    if (val != NULL) {
++        options->enforce_for_root = 1;
++        free(val);
++    }
++
++    val = pam_modutil_search_key (pamh, fname, "remember");
++    if (val != NULL) {
++        unsigned int temp;
++        if (sscanf(val, "%u", &temp) != 1) {
++            pam_syslog(pamh, LOG_ERR,
++                "Bad number supplied for remember argument");
++        } else {
++            options->remember = temp;
++        }
++        free(val);
++    }
++
++    val = pam_modutil_search_key (pamh, fname, "retry");
++    if (val != NULL) {
++        unsigned int temp;
++        if (sscanf(val, "%u", &temp) != 1) {
++            pam_syslog(pamh, LOG_ERR,
++                "Bad number supplied for retry argument");
++        } else {
++            options->tries = temp;
++        }
++        free(val);
++    }
++
++    val = pam_modutil_search_key (pamh, fname, "file");
++    if (val != NULL) {
++        if (*val != '/') {
++            pam_syslog (pamh, LOG_ERR,
++                "File path should be absolute: %s", val);
++        } else {
++            options->filename = val;
++        }
++    }
++}
+diff -up Linux-PAM-1.5.1/modules/pam_pwhistory/pwhistory_config.h.pam-pwhistory-load-conf-from-file Linux-PAM-1.5.1/modules/pam_pwhistory/pwhistory_config.h
+--- Linux-PAM-1.5.1/modules/pam_pwhistory/pwhistory_config.h.pam-pwhistory-load-conf-from-file	2022-08-22 09:08:48.916487811 +0200
++++ Linux-PAM-1.5.1/modules/pam_pwhistory/pwhistory_config.h	2022-08-22 09:08:48.916487811 +0200
+@@ -0,0 +1,54 @@
++/*
++ * Copyright (c) 2022 Iker Pedrosa <ipedrosa@redhat.com>
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, and the entire permission notice in its entirety,
++ *    including the disclaimer of warranties.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in the
++ *    documentation and/or other materials provided with the distribution.
++ * 3. The name of the author may not be used to endorse or promote
++ *    products derived from this software without specific prior
++ *    written permission.
++ *
++ * ALTERNATIVELY, this product may be distributed under the terms of
++ * the GNU Public License, in which case the provisions of the GPL are
++ * required INSTEAD OF the above restrictions.  (This clause is
++ * necessary due to a potential bad interaction between the GPL and
++ * the restrictions contained in a BSD-style copyright.)
++ *
++ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
++ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
++ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
++ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
++ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
++ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ */
++
++#ifndef _PWHISTORY_CONFIG_H
++#define _PWHISTORY_CONFIG_H
++
++#include <security/pam_ext.h>
++
++struct options_t {
++    int debug;
++    int enforce_for_root;
++    int remember;
++    int tries;
++    const char *filename;
++};
++typedef struct options_t options_t;
++
++void
++parse_config_file(pam_handle_t *pamh, int argc, const char **argv,
++                  struct options_t *options);
++
++#endif /* _PWHISTORY_CONFIG_H */
+diff -up Linux-PAM-1.5.1/modules/pam_pwhistory/pwhistory.conf.pam-pwhistory-load-conf-from-file Linux-PAM-1.5.1/modules/pam_pwhistory/pwhistory.conf
+--- Linux-PAM-1.5.1/modules/pam_pwhistory/pwhistory.conf.pam-pwhistory-load-conf-from-file	2022-08-22 09:08:48.916487811 +0200
++++ Linux-PAM-1.5.1/modules/pam_pwhistory/pwhistory.conf	2022-08-22 09:08:48.916487811 +0200
+@@ -0,0 +1,21 @@
++# Configuration for remembering the last passwords used by a user.
++#
++# Enable the debugging logs.
++# Enabled if option is present.
++# debug
++#
++# root account's passwords are also remembered.
++# Enabled if option is present.
++# enforce_for_root
++#
++# Number of passwords to remember.
++# The default is 10.
++# remember = 10
++#
++# Number of times to prompt for the password.
++# The default is 1.
++# retry = 1
++#
++# The directory where the last passwords are kept.
++# The default is /etc/security/opasswd.
++# file = /etc/security/opasswd
diff --git a/SPECS/pam.spec b/SPECS/pam.spec
index 0886d95..abdcb4f 100644
--- a/SPECS/pam.spec
+++ b/SPECS/pam.spec
@@ -3,7 +3,7 @@
 Summary: An extensible library which provides authentication for applications
 Name: pam
 Version: 1.5.1
-Release: 12%{?dist}
+Release: 14%{?dist}
 # The library is BSD licensed with option to relicense as GPLv2+
 # - this option is redundant as the BSD license allows that anyway.
 # pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
@@ -39,6 +39,15 @@ Patch7:  pam-1.5.1-pam-keyinit-thread-safe.patch
 Patch8:  pam-1.5.1-faillock-load-conf-from-file.patch
 # https://github.com/linux-pam/linux-pam/commit/370064ef6f99581b08d473a42bb3417d5dda3e4e
 Patch9:  pam-1.5.1-pam-usertype-SYS_UID_MAX.patch
+# https://github.com/linux-pam/linux-pam/commit/ba2f6dd8b81ea2a58262c1709bec906b6852591d
+# https://github.com/linux-pam/linux-pam/commit/1180bde923a22605fe8075cd1fe7992ed7513411
+Patch10: pam-1.5.1-pam-pwhistory-load-conf-from-file.patch
+# https://github.com/linux-pam/linux-pam/commit/40c271164dbcebfc5304d0537a42fb42e6b6803c
+Patch11: pam-1.5.1-pam-lastlog-check-localtime_r-return-value.patch
+# https://github.com/linux-pam/linux-pam/commit/bcbf145ce925934214e48200c27c9ff736452549
+Patch12: pam-1.5.1-pam-faillock-clarify-missing-user.patch
+# https://github.com/linux-pam/linux-pam/commit/10086bc69663fa819277af244eeb5b629a2403b8
+Patch13: pam-1.5.1-pam-faillock-avoid-logging-erroneous.patch
 
 %global _pamlibdir %{_libdir}
 %global _moduledir %{_libdir}/security
@@ -130,6 +139,10 @@ cp %{SOURCE18} .
 %patch7 -p1 -b .pam-keyinit-thread-safe
 %patch8 -p1 -b .faillock-load-conf-from-file
 %patch9 -p1 -b .pam-usertype-SYS_UID_MAX
+%patch10 -p1 -b .pam-pwhistory-load-conf-from-file
+%patch11 -p1 -b .pam-lastlog-check-localtime_r-return-value
+%patch12 -p1 -b .pam-faillock-clarify-missing-user
+%patch13 -p1 -b .pam-faillock-avoid-logging-erroneous
 
 autoreconf -i
 
@@ -352,6 +365,7 @@ done
 %dir %{_secconfdir}/namespace.d
 %attr(755,root,root) %config(noreplace) %{_secconfdir}/namespace.init
 %config(noreplace) %{_secconfdir}/pam_env.conf
+%config(noreplace) %{_secconfdir}/pwhistory.conf
 %config(noreplace) %{_secconfdir}/time.conf
 %config(noreplace) %{_secconfdir}/opasswd
 %dir %{_secconfdir}/console.apps
@@ -384,6 +398,14 @@ done
 %doc doc/sag/*.txt doc/sag/html
 
 %changelog
+* Tue Nov 29 2022 Iker Pedrosa <ipedrosa@redhat.com> - 1.5.1-14
+- pam_lastlog: check localtime_r() return value. Resolves: #2130124
+- pam_faillock: clarify missing user faillock files after reboot. Resolves: #2126632
+- pam_faillock: avoid logging an erroneous consecutive login failure message. Resolves: #2126648
+
+* Wed Sep 28 2022 Iker Pedrosa <ipedrosa@redhat.com> - 1.5.1-13
+- pam_pwhistory: load configuration from file. Resolves: #2126640
+
 * Thu Jun 23 2022 Iker Pedrosa <ipedrosa@redhat.com> - 1.5.1-12
 - pam_usertype: only use SYS_UID_MAX for system users. Resolves: #2078421