[ Steve Langasek ] * Never remove the .pam-old files; just avoid creating them if --force isn't set. * Add a manpage for pam-auth-update. * Automatically upgrade the boilerplate for /etc/pam.d/common-* if we detect that they have not been locally modified.
[ Kees Cook ] * debian/local/common-password, debian/pam-configs/unix: switch from "md5" to "sha512" as password crypt default.