passwdqc: add new recipe and replace pam-passwdqc

passwdqc is a password/passphrase strength checking and policy enforcement toolset, including an optional PAM module (pam_passwdqc), command-line programs(pwqcheck and pwqgen), and a library(libpasswdqc). pam_passwdqc 1.0.5 is the final version of pam_passwdqc only before it's turned into passwdqc in 2009, so remove the pam-passwdqc recipe. Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
author: Jackie Huang <jackie.huang@windriver.com> 2017-06-16 10:41:12 +0800
committer: Martin Jansa <Martin.Jansa@gmail.com> 2017-06-19 19:30:41 +0200
commit: 3b96572070183a02ee4f085cc55f33b6b297bbc9 (patch)
tree: a92400d11c9563cff673d3fa599d6db38b89bf06 /meta-oe/recipes-support
parent: 0ec8bc87066e30177c8b64b45967a3268320aeba (diff)
download: meta-openembedded-3b96572070183a02ee4f085cc55f33b6b297bbc9.tar.gz
5 files changed, 94 insertions, 205 deletions
diff --git a/meta-oe/recipes-support/pam-passwdqc/files/1000patch-219201.patch b/meta-oe/recipes-support/pam-passwdqc/files/1000patch-219201.patch
deleted file mode 100644
index 366d461eb..000000000
--- a/meta-oe/recipes-support/pam-passwdqc/files/1000patch-219201.patch
+++ /dev/null
@@ -1,156 +0,0 @@
-diff -urNp pam_passwdqc-1.0.5-orig/pam_passwdqc.c pam_passwdqc-1.0.5/pam_passwdqc.c
--- pam_passwdqc-1.0.5-orig/pam_passwdqc.c      2008-02-12 15:11:13.000000000 -0500
-+++ pam_passwdqc-1.0.5/pam_passwdqc.c   2009-09-28 12:10:32.171696694 -0400
-@@ -70,6 +70,8 @@ typedef struct {
-        passwdqc_params_t qc;
-        int flags;
-        int retry;
-+       char oldpass_prompt_file[FILE_LEN+1];
-+       char newpass_prompt_file[FILE_LEN+1];
- } params_t;
- 
- static params_t defaults = {
-@@ -79,10 +81,13 @@ static params_t defaults = {
-                3,                              /* passphrase_words */
-                4,                              /* match_length */
-                1,                              /* similar_deny */
-               42                              /* random_bits */
-+               42,                             /* random_bits */
-+               1                               /* firstupper_lastdigit_check */
-        },
-        F_ENFORCE_EVERYONE,                     /* flags */
-       3                                       /* retry */
-+       3,                                      /* retry */
-+       "",                                     /* oldpass_prompt_file */
-+       ""                                      /* newpass_prompt_file */
- };
- 
- #define PROMPT_OLDPASS \
-@@ -361,6 +366,37 @@ static int parse(params_t *params, pam_h
-                if (!strcmp(*argv, "use_authtok")) {
-                        params->flags |= F_USE_AUTHTOK;
-                } else
-+               if (!strcmp(*argv, "disable_firstupper_lastdigit_check")) {
-+                       params->qc.firstupper_lastdigit_check = 0;
-+               } else
-+               if (!strncmp(*argv, "oldpass_prompt_file=", 20)) {
-+                       int n;
-+                       FILE *fp = fopen(*argv + 20, "r");
-+                       if (fp) {
-+                               n=fread(params->oldpass_prompt_file, sizeof(char), FILE_LEN, fp);
-+                               if (0==n || ferror(fp)!=0 ) {
-+                                       memset(params->oldpass_prompt_file, '\0', FILE_LEN+1);
-+                               }
-+                               else {
-+                                       feof(fp)? (params->oldpass_prompt_file[n-1]='\0'): (params->oldpass_prompt_file[n]='\0');
-+                               }
-+                               fclose(fp);
-+                       }
-+               } else
-+               if (!strncmp(*argv, "newpass_prompt_file=", 20)) {
-+                       int n;
-+                       FILE *fp = fopen(*argv + 20, "r");
-+                       if (fp) {
-+                               n=fread(params->newpass_prompt_file, sizeof(char), FILE_LEN, fp);
-+                               if (0==n || ferror(fp)!=0 ) {
-+                                       memset(params->newpass_prompt_file, '\0', FILE_LEN+1);
-+                               }
-+                               else {
-+                                        feof(fp)? (params->newpass_prompt_file[n-1]='\0'): (params->newpass_prompt_file[n]='\0');
-+                               }
-+                               fclose(fp);
-+                       }
-+               } else
-                        break;
-                argc--; argv++;
-        }
-@@ -406,7 +442,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand
- 
-        if (ask_oldauthtok && !am_root(pamh)) {
-                status = converse(pamh, PAM_PROMPT_ECHO_OFF,
-                   PROMPT_OLDPASS, &resp);
-+                   strlen(params.oldpass_prompt_file) ? params.oldpass_prompt_file : PROMPT_OLDPASS, &resp);
- 
-                if (status == PAM_SUCCESS) {
-                        if (resp && resp->resp) {
-@@ -540,8 +576,7 @@ retry:
-                    MESSAGE_RANDOMFAILED : MESSAGE_MISCONFIGURED);
-                return PAM_AUTHTOK_ERR;
-        }
-
-       status = converse(pamh, PAM_PROMPT_ECHO_OFF, PROMPT_NEWPASS1, &resp);
-+       status = converse(pamh, PAM_PROMPT_ECHO_OFF, strlen(params.newpass_prompt_file) ? params.newpass_prompt_file : PROMPT_NEWPASS1, &resp);
-        if (status == PAM_SUCCESS && (!resp || !resp->resp))
-                status = PAM_AUTHTOK_ERR;
- 
-diff -urNp pam_passwdqc-1.0.5-orig/passwdqc_check.c pam_passwdqc-1.0.5/passwdqc_check.c
--- pam_passwdqc-1.0.5-orig/passwdqc_check.c    2008-02-12 14:31:52.000000000 -0500
-+++ pam_passwdqc-1.0.5/passwdqc_check.c 2009-09-25 22:45:16.080842425 -0400
-@@ -90,10 +90,12 @@ static int is_simple(passwdqc_params_t *
- 
- /* Upper case characters and digits used in common ways don't increase the
-  * strength of a password */
-       c = (unsigned char)newpass[0];
-       if (uppers && isascii(c) && isupper(c)) uppers--;
-       c = (unsigned char)newpass[length - 1];
-       if (digits && isascii(c) && isdigit(c)) digits--;
-+       if (params->firstupper_lastdigit_check) {
-+               c = (unsigned char)newpass[0];
-+               if (uppers && isascii(c) && isupper(c)) uppers--;
-+               c = (unsigned char)newpass[length - 1];
-+               if (digits && isascii(c) && isdigit(c)) digits--;
-+       }
- 
- /* Count the number of different character classes we've seen.  We assume
-  * that there are no non-ASCII characters for digits. */
-diff -urNp pam_passwdqc-1.0.5-orig/passwdqc.h pam_passwdqc-1.0.5/passwdqc.h
--- pam_passwdqc-1.0.5-orig/passwdqc.h  2008-02-12 14:30:00.000000000 -0500
-+++ pam_passwdqc-1.0.5/passwdqc.h       2009-09-25 14:08:56.214695858 -0400
-@@ -7,12 +7,15 @@
- 
- #include <pwd.h>
- 
-+#define FILE_LEN               4096    /* Max file len = 4096 */
-+
- typedef struct {
-        int min[5], max;
-        int passphrase_words;
-        int match_length;
-        int similar_deny;
-        int random_bits;
-+       int firstupper_lastdigit_check;
- } passwdqc_params_t;
- 
- extern char _passwdqc_wordset_4k[0x1000][6];
-diff -urNp pam_passwdqc-1.0.5-orig/README pam_passwdqc-1.0.5/README
--- pam_passwdqc-1.0.5-orig/README      2008-02-12 14:43:33.000000000 -0500
-+++ pam_passwdqc-1.0.5/README   2009-09-28 12:12:40.251016423 -0400
-@@ -41,9 +41,12 @@ words (see the "passphrase" option below
- N3 and N4 are used for passwords consisting of characters from three
- and four character classes, respectively.
- 
-+       disable_firstupper_lastdigit_check      []
-+
- When calculating the number of character classes, upper-case letters
- used as the first character and digits used as the last character of a
-password are not counted.
-+password are not counted. To disable this, you can specify 
-+"disable_firstupper_lastdigit_check".
- 
- In addition to being sufficiently long, passwords are required to
- contain enough different characters for the character classes and
-@@ -142,6 +145,14 @@ This disables user interaction within pa
- the only difference between "use_first_pass" and "use_authtok" is that
- the former is incompatible with "ask_oldauthtok".
- 
-+       oldpass_prompt_file=absolute-file-path  []
-+       newpass_prompt_file=abosulte-file-path  []
-+
-+The options "oldpass_prompt_file" and "newpass_prompt_file" can be used
-+to override prompts while requesting old password and new password, 
-+respectively. The maximum size of the prompt files can be 4096 
-+characters at present. If the file size is more than 4096 characters, the
-+output will be truncated to 4096 characters.
- -- 
- Solar Designer <solar at openwall.com>
- 
diff --git a/meta-oe/recipes-support/pam-passwdqc/files/7000Makefile-fix-CC.patch b/meta-oe/recipes-support/pam-passwdqc/files/7000Makefile-fix-CC.patch
deleted file mode 100644
index 536fba132..000000000
--- a/meta-oe/recipes-support/pam-passwdqc/files/7000Makefile-fix-CC.patch
+++ /dev/null
@@ -1,11 +0,0 @@
--- pam_passwdqc-1.0.5/Makefile.orig    2012-10-02 20:53:55.443592886 +0900
-+++ pam_passwdqc-1.0.5/Makefile 2012-10-02 20:54:19.076108001 +0900
-@@ -2,7 +2,7 @@
- # Copyright (c) 2000-2003,2005 by Solar Designer.  See LICENSE.
- #
- 
-CC = gcc
-+#CC = gcc
- LD = $(CC)
- RM = rm -f
- MKDIR = mkdir -p
diff --git a/meta-oe/recipes-support/pam-passwdqc/pam-passwdqc_1.0.5.bb b/meta-oe/recipes-support/pam-passwdqc/pam-passwdqc_1.0.5.bb
deleted file mode 100644
index cb9aa22cf..000000000
--- a/meta-oe/recipes-support/pam-passwdqc/pam-passwdqc_1.0.5.bb
+++ /dev/null
@@ -1,38 +0,0 @@
-SUMMARY = "Pluggable password quality-control module."
-DESCRIPTION = "pam_passwdqc is a simple password strength checking module for \
-PAM-aware password changing programs, such as passwd(1). In addition \
-to checking regular passwords, it offers support for passphrases and \
-can provide randomly generated passwords. All features are optional \
-and can be (re-)configured without rebuilding."
-HOMEPAGE = "http://www.openwall.com/passwdqc/"
-SECTION = "System Environment/Base"
-LICENSE = "BSD"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=e284d013ef08e66d4737f446c5890550"
-SRC_URI = "http://www.openwall.com/pam/modules/pam_passwdqc/pam_passwdqc-1.0.5.tar.gz \
-    file://1000patch-219201.patch \
-    file://7000Makefile-fix-CC.patch \
-"
-SRC_URI[md5sum] = "cd9c014f736158b1a60384a8e2bdc28a"
-SRC_URI[sha256sum] = "32528ddf7d8219c788b6e7702361611ff16c6340b6dc0f418ff164aadc4a4a88"
-S = "${WORKDIR}/pam_passwdqc-${PV}"
-DEPENDS = "libpam"
-EXTRA_OEMAKE = "CFLAGS="${CFLAGS} -Wall -fPIC -DHAVE_SHADOW" \
-    SECUREDIR=${base_libdir}/security \
-"
-TARGET_CC_ARCH += "${LDFLAGS}"
-do_install() {
-    oe_runmake install DESTDIR=${D}
-}
-FILES_${PN} += "${base_libdir}/security/pam_passwdqc.so"
-FILES_${PN}-dbg += "${base_libdir}/security/.debug"
diff --git a/meta-oe/recipes-support/passwdqc/passwdqc/makefile-add-ldflags.patch b/meta-oe/recipes-support/passwdqc/passwdqc/makefile-add-ldflags.patch
new file mode 100644
index 000000000..e9023492e
--- /dev/null
+++ b/meta-oe/recipes-support/passwdqc/passwdqc/makefile-add-ldflags.patch
@@ -0,0 +1,31 @@
+Add LDFLAGS variable to Makefile so that extra linker flags can be sent via this variable.
+Upstream-Status: Pending
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+diff --git a/Makefile b/Makefile
+index 49d622d..cd17334 100644
+--- a/Makefile
+++ b/Makefile
+@@ -48,18 +48,17 @@ CFLAGS = -Wall -W -O2
+ CFLAGS_lib = $(CFLAGS) -fPIC
+ CFLAGS_bin = $(CFLAGS) -fomit-frame-pointer
+ 
+-LDFLAGS =
+ LDFLAGS_shared = --shared
+ LDFLAGS_shared_LINUX = --shared
+ LDFLAGS_shared_SUN = -G
+ LDFLAGS_shared_HP = -b
+ LDFLAGS_lib = $(LDFLAGS_shared)
+-LDFLAGS_lib_LINUX = $(LDFLAGS_shared_LINUX) \
+LDFLAGS_lib_LINUX = $(LDFLAGS) $(LDFLAGS_shared_LINUX) \
+        -Wl,--soname,$(SHARED_LIB),--version-script,$(MAP_LIB)
+ LDFLAGS_lib_SUN = $(LDFLAGS_shared_SUN)
+ LDFLAGS_lib_HP = $(LDFLAGS_shared_HP)
+ LDFLAGS_pam = $(LDFLAGS_shared)
+-LDFLAGS_pam_LINUX = $(LDFLAGS_shared_LINUX) \
+LDFLAGS_pam_LINUX = $(LDFLAGS) $(LDFLAGS_shared_LINUX) \
+        -Wl,--version-script,$(MAP_PAM)
+ LDFLAGS_pam_SUN = $(LDFLAGS_shared_SUN)
+ LDFLAGS_pam_HP = $(LDFLAGS_shared_HP)
diff --git a/meta-oe/recipes-support/passwdqc/passwdqc_1.3.1.bb b/meta-oe/recipes-support/passwdqc/passwdqc_1.3.1.bb
new file mode 100644
index 000000000..b8f923c29
--- /dev/null
+++ b/meta-oe/recipes-support/passwdqc/passwdqc_1.3.1.bb
@@ -0,0 +1,63 @@
+SUMMARY = "A password/passphrase strength checking and enforcement toolset"
+DESCRIPTION = "\
+passwdqc is a password/passphrase strength checking and policy enforcement \
+toolset, including an optional PAM module (pam_passwdqc), command-line \
+programs (pwqcheck and pwqgen), and a library (libpasswdqc). \
+pam_passwdqc is normally invoked on password changes by programs such as \
+passwd(1).  It is capable of checking password or passphrase strength, \
+enforcing a policy, and offering randomly-generated passphrases, with \
+all of these features being optional and easily (re-)configurable. \
+\
+pwqcheck and pwqgen are standalone password/passphrase strength checking \
+and random passphrase generator programs, respectively, which are usable \
+from scripts. \
+\
+libpasswdqc is the underlying library, which may also be used from \
+third-party programs. \
+"
+HOMEPAGE = "http://www.openwall.com/passwdqc"
+SECTION = "System Environment/Base"
+DEPENDS += "libpam"
+LICENSE = "BSD"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=1b4af6f3d4ee079a38107366e93b334d"
+SRC_URI = "http://www.openwall.com/${BPN}/${BP}.tar.gz \
+           file://makefile-add-ldflags.patch \
+          "
+SRC_URI[md5sum] = "3878b57bcd3fdbcf3d4b362dbc6228b9"
+SRC_URI[sha256sum] = "d1fedeaf759e8a0f32d28b5811ef11b5a5365154849190f4b7fab670a70ffb14"
+# explicitly define LINUX_PAM in case DISTRO_FEATURES no pam
+# this package's pam_passwdqc.so needs pam
+CFLAGS_append += "-Wall -fPIC -DHAVE_SHADOW -DLINUX_PAM"
+# -e is no longer default setting in bitbake.conf
+EXTRA_OEMAKE = "-e"
+do_compile() {
+    # make sure sub make use environment to override variables in Makefile
+    # Linux)    $(MAKE), there is a tab between
+    sed -i -e 's/Linux) $(MAKE) CFLAGS_lib/Linux)       $(MAKE) -e CFLAGS_lib/' ${S}/Makefile
+    # LD_lib and LD must be CC because of Makefile
+    oe_runmake LD="${CC}"
+}
+do_install() {
+    oe_runmake install DESTDIR=${D} SHARED_LIBDIR=${base_libdir} \
+           DEVEL_LIBDIR=${libdir} SECUREDIR=${base_libdir}/security \
+           INSTALL="install -p"
+}
+PROVIDES += "pam-${BPN}"
+PACKAGES =+ "lib${BPN} pam-${BPN}"
+FILES_lib${BPN} = "${base_libdir}/libpasswdqc.so.0"
+FILES_pam-${BPN} = "${base_libdir}/security/pam_passwdqc.so"
+FILES_${PN}-dbg += "${base_libdir}/security/.debug"
+RDEPENDS_${PN} = "lib${BPN}"
+RDEPENDS_pam-${BPN} = "lib${BPN}"
author	Jackie Huang <jackie.huang@windriver.com>	2017-06-16 10:41:12 +0800
committer	Martin Jansa <Martin.Jansa@gmail.com>	2017-06-19 19:30:41 +0200
commit	3b96572070183a02ee4f085cc55f33b6b297bbc9 (patch)
tree	a92400d11c9563cff673d3fa599d6db38b89bf06 /meta-oe/recipes-support
parent	0ec8bc87066e30177c8b64b45967a3268320aeba (diff)
download	meta-openembedded-3b96572070183a02ee4f085cc55f33b6b297bbc9.tar.gz

diff --git a/meta-oe/recipes-support/pam-passwdqc/files/1000patch-219201.patch b/meta-oe/recipes-support/pam-passwdqc/files/1000patch-219201.patch deleted file mode 100644 index 366d461eb..000000000 --- a/meta-oe/recipes-support/pam-passwdqc/files/1000patch-219201.patch +++ /dev/null
@@ -1,156 +0,0 @@
1	diff -urNp pam_passwdqc-1.0.5-orig/pam_passwdqc.c pam_passwdqc-1.0.5/pam_passwdqc.c
2	--- pam_passwdqc-1.0.5-orig/pam_passwdqc.c 2008-02-12 15:11:13.000000000 -0500
3	+++ pam_passwdqc-1.0.5/pam_passwdqc.c 2009-09-28 12:10:32.171696694 -0400
4	@@ -70,6 +70,8 @@ typedef struct {
5	passwdqc_params_t qc;
6	int flags;
7	int retry;
8	+ char oldpass_prompt_file[FILE_LEN+1];
9	+ char newpass_prompt_file[FILE_LEN+1];
10	} params_t;
11
12	static params_t defaults = {
13	@@ -79,10 +81,13 @@ static params_t defaults = {
14	3, /* passphrase_words */
15	4, /* match_length */
16	1, /* similar_deny */
17	- 42 /* random_bits */
18	+ 42, /* random_bits */
19	+ 1 /* firstupper_lastdigit_check */
20	},
21	F_ENFORCE_EVERYONE, /* flags */
22	- 3 /* retry */
23	+ 3, /* retry */
24	+ "", /* oldpass_prompt_file */
25	+ "" /* newpass_prompt_file */
26	};
27
28	#define PROMPT_OLDPASS \
29	@@ -361,6 +366,37 @@ static int parse(params_t *params, pam_h
30	if (!strcmp(*argv, "use_authtok")) {
31	params->flags \|= F_USE_AUTHTOK;
32	} else
33	+ if (!strcmp(*argv, "disable_firstupper_lastdigit_check")) {
34	+ params->qc.firstupper_lastdigit_check = 0;
35	+ } else
36	+ if (!strncmp(*argv, "oldpass_prompt_file=", 20)) {
37	+ int n;
38	+ FILE fp = fopen(argv + 20, "r");
39	+ if (fp) {
40	+ n=fread(params->oldpass_prompt_file, sizeof(char), FILE_LEN, fp);
41	+ if (0==n \|\| ferror(fp)!=0 ) {
42	+ memset(params->oldpass_prompt_file, '\0', FILE_LEN+1);
43	+ }
44	+ else {
45	+ feof(fp)? (params->oldpass_prompt_file[n-1]='\0'): (params->oldpass_prompt_file[n]='\0');
46	+ }
47	+ fclose(fp);
48	+ }
49	+ } else
50	+ if (!strncmp(*argv, "newpass_prompt_file=", 20)) {
51	+ int n;
52	+ FILE fp = fopen(argv + 20, "r");
53	+ if (fp) {
54	+ n=fread(params->newpass_prompt_file, sizeof(char), FILE_LEN, fp);
55	+ if (0==n \|\| ferror(fp)!=0 ) {
56	+ memset(params->newpass_prompt_file, '\0', FILE_LEN+1);
57	+ }
58	+ else {
59	+ feof(fp)? (params->newpass_prompt_file[n-1]='\0'): (params->newpass_prompt_file[n]='\0');
60	+ }
61	+ fclose(fp);
62	+ }
63	+ } else
64	break;
65	argc--; argv++;
66	}
67	@@ -406,7 +442,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand
68
69	if (ask_oldauthtok && !am_root(pamh)) {
70	status = converse(pamh, PAM_PROMPT_ECHO_OFF,
71	- PROMPT_OLDPASS, &resp);
72	+ strlen(params.oldpass_prompt_file) ? params.oldpass_prompt_file : PROMPT_OLDPASS, &resp);
73
74	if (status == PAM_SUCCESS) {
75	if (resp && resp->resp) {
76	@@ -540,8 +576,7 @@ retry:
77	MESSAGE_RANDOMFAILED : MESSAGE_MISCONFIGURED);
78	return PAM_AUTHTOK_ERR;
79	}
80	-
81	- status = converse(pamh, PAM_PROMPT_ECHO_OFF, PROMPT_NEWPASS1, &resp);
82	+ status = converse(pamh, PAM_PROMPT_ECHO_OFF, strlen(params.newpass_prompt_file) ? params.newpass_prompt_file : PROMPT_NEWPASS1, &resp);
83	if (status == PAM_SUCCESS && (!resp \|\| !resp->resp))
84	status = PAM_AUTHTOK_ERR;
85
86	diff -urNp pam_passwdqc-1.0.5-orig/passwdqc_check.c pam_passwdqc-1.0.5/passwdqc_check.c
87	--- pam_passwdqc-1.0.5-orig/passwdqc_check.c 2008-02-12 14:31:52.000000000 -0500
88	+++ pam_passwdqc-1.0.5/passwdqc_check.c 2009-09-25 22:45:16.080842425 -0400
89	@@ -90,10 +90,12 @@ static int is_simple(passwdqc_params_t *
90
91	/* Upper case characters and digits used in common ways don't increase the
92	* strength of a password */
93	- c = (unsigned char)newpass[0];
94	- if (uppers && isascii(c) && isupper(c)) uppers--;
95	- c = (unsigned char)newpass[length - 1];
96	- if (digits && isascii(c) && isdigit(c)) digits--;
97	+ if (params->firstupper_lastdigit_check) {
98	+ c = (unsigned char)newpass[0];
99	+ if (uppers && isascii(c) && isupper(c)) uppers--;
100	+ c = (unsigned char)newpass[length - 1];
101	+ if (digits && isascii(c) && isdigit(c)) digits--;
102	+ }
103
104	/* Count the number of different character classes we've seen. We assume
105	* that there are no non-ASCII characters for digits. */
106	diff -urNp pam_passwdqc-1.0.5-orig/passwdqc.h pam_passwdqc-1.0.5/passwdqc.h
107	--- pam_passwdqc-1.0.5-orig/passwdqc.h 2008-02-12 14:30:00.000000000 -0500
108	+++ pam_passwdqc-1.0.5/passwdqc.h 2009-09-25 14:08:56.214695858 -0400
109	@@ -7,12 +7,15 @@
110
111	#include <pwd.h>
112
113	+#define FILE_LEN 4096 /* Max file len = 4096 */
114	+
115	typedef struct {
116	int min[5], max;
117	int passphrase_words;
118	int match_length;
119	int similar_deny;
120	int random_bits;
121	+ int firstupper_lastdigit_check;
122	} passwdqc_params_t;
123
124	extern char _passwdqc_wordset_4k[0x1000][6];
125	diff -urNp pam_passwdqc-1.0.5-orig/README pam_passwdqc-1.0.5/README
126	--- pam_passwdqc-1.0.5-orig/README 2008-02-12 14:43:33.000000000 -0500
127	+++ pam_passwdqc-1.0.5/README 2009-09-28 12:12:40.251016423 -0400
128	@@ -41,9 +41,12 @@ words (see the "passphrase" option below
129	N3 and N4 are used for passwords consisting of characters from three
130	and four character classes, respectively.
131
132	+ disable_firstupper_lastdigit_check []
133	+
134	When calculating the number of character classes, upper-case letters
135	used as the first character and digits used as the last character of a
136	-password are not counted.
137	+password are not counted. To disable this, you can specify
138	+"disable_firstupper_lastdigit_check".
139
140	In addition to being sufficiently long, passwords are required to
141	contain enough different characters for the character classes and
142	@@ -142,6 +145,14 @@ This disables user interaction within pa
143	the only difference between "use_first_pass" and "use_authtok" is that
144	the former is incompatible with "ask_oldauthtok".
145
146	+ oldpass_prompt_file=absolute-file-path []
147	+ newpass_prompt_file=abosulte-file-path []
148	+
149	+The options "oldpass_prompt_file" and "newpass_prompt_file" can be used
150	+to override prompts while requesting old password and new password,
151	+respectively. The maximum size of the prompt files can be 4096
152	+characters at present. If the file size is more than 4096 characters, the
153	+output will be truncated to 4096 characters.
154	--
155	Solar Designer <solar at openwall.com>
156


diff --git a/meta-oe/recipes-support/pam-passwdqc/files/7000Makefile-fix-CC.patch b/meta-oe/recipes-support/pam-passwdqc/files/7000Makefile-fix-CC.patch deleted file mode 100644 index 536fba132..000000000 --- a/meta-oe/recipes-support/pam-passwdqc/files/7000Makefile-fix-CC.patch +++ /dev/null
@@ -1,11 +0,0 @@
1	--- pam_passwdqc-1.0.5/Makefile.orig 2012-10-02 20:53:55.443592886 +0900
2	+++ pam_passwdqc-1.0.5/Makefile 2012-10-02 20:54:19.076108001 +0900
3	@@ -2,7 +2,7 @@
4	# Copyright (c) 2000-2003,2005 by Solar Designer. See LICENSE.
5	#
6
7	-CC = gcc
8	+#CC = gcc
9	LD = $(CC)
10	RM = rm -f
11	MKDIR = mkdir -p


diff --git a/meta-oe/recipes-support/pam-passwdqc/pam-passwdqc_1.0.5.bb b/meta-oe/recipes-support/pam-passwdqc/pam-passwdqc_1.0.5.bb deleted file mode 100644 index cb9aa22cf..000000000 --- a/meta-oe/recipes-support/pam-passwdqc/pam-passwdqc_1.0.5.bb +++ /dev/null
@@ -1,38 +0,0 @@
1	SUMMARY = "Pluggable password quality-control module."
2	DESCRIPTION = "pam_passwdqc is a simple password strength checking module for \
3	PAM-aware password changing programs, such as passwd(1). In addition \
4	to checking regular passwords, it offers support for passphrases and \
5	can provide randomly generated passwords. All features are optional \
6	and can be (re-)configured without rebuilding."
7
8	HOMEPAGE = "http://www.openwall.com/passwdqc/"
9	SECTION = "System Environment/Base"
10
11	LICENSE = "BSD"
12	LIC_FILES_CHKSUM = "file://LICENSE;md5=e284d013ef08e66d4737f446c5890550"
13
14	SRC_URI = "http://www.openwall.com/pam/modules/pam_passwdqc/pam_passwdqc-1.0.5.tar.gz \
15	file://1000patch-219201.patch \
16	file://7000Makefile-fix-CC.patch \
17	"
18	SRC_URI[md5sum] = "cd9c014f736158b1a60384a8e2bdc28a"
19	SRC_URI[sha256sum] = "32528ddf7d8219c788b6e7702361611ff16c6340b6dc0f418ff164aadc4a4a88"
20
21
22	S = "${WORKDIR}/pam_passwdqc-${PV}"
23
24	DEPENDS = "libpam"
25
26	EXTRA_OEMAKE = "CFLAGS="${CFLAGS} -Wall -fPIC -DHAVE_SHADOW" \
27	SECUREDIR=${base_libdir}/security \
28	"
29
30	TARGET_CC_ARCH += "${LDFLAGS}"
31
32	do_install() {
33	oe_runmake install DESTDIR=${D}
34	}
35
36	FILES_${PN} += "${base_libdir}/security/pam_passwdqc.so"
37	FILES_${PN}-dbg += "${base_libdir}/security/.debug"
38


diff --git a/meta-oe/recipes-support/passwdqc/passwdqc/makefile-add-ldflags.patch b/meta-oe/recipes-support/passwdqc/passwdqc/makefile-add-ldflags.patch new file mode 100644 index 000000000..e9023492e --- /dev/null +++ b/meta-oe/recipes-support/passwdqc/passwdqc/makefile-add-ldflags.patch
@@ -0,0 +1,31 @@
		1	Add LDFLAGS variable to Makefile so that extra linker flags can be sent via this variable.
		2
		3	Upstream-Status: Pending
		4
		5	Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
		6
		7	diff --git a/Makefile b/Makefile
		8	index 49d622d..cd17334 100644
		9	--- a/Makefile
		10	+++ b/Makefile
		11	@@ -48,18 +48,17 @@ CFLAGS = -Wall -W -O2
		12	CFLAGS_lib = $(CFLAGS) -fPIC
		13	CFLAGS_bin = $(CFLAGS) -fomit-frame-pointer
		14
		15	-LDFLAGS =
		16	LDFLAGS_shared = --shared
		17	LDFLAGS_shared_LINUX = --shared
		18	LDFLAGS_shared_SUN = -G
		19	LDFLAGS_shared_HP = -b
		20	LDFLAGS_lib = $(LDFLAGS_shared)
		21	-LDFLAGS_lib_LINUX = $(LDFLAGS_shared_LINUX) \
		22	+LDFLAGS_lib_LINUX = $(LDFLAGS) $(LDFLAGS_shared_LINUX) \
		23	-Wl,--soname,$(SHARED_LIB),--version-script,$(MAP_LIB)
		24	LDFLAGS_lib_SUN = $(LDFLAGS_shared_SUN)
		25	LDFLAGS_lib_HP = $(LDFLAGS_shared_HP)
		26	LDFLAGS_pam = $(LDFLAGS_shared)
		27	-LDFLAGS_pam_LINUX = $(LDFLAGS_shared_LINUX) \
		28	+LDFLAGS_pam_LINUX = $(LDFLAGS) $(LDFLAGS_shared_LINUX) \
		29	-Wl,--version-script,$(MAP_PAM)
		30	LDFLAGS_pam_SUN = $(LDFLAGS_shared_SUN)
		31	LDFLAGS_pam_HP = $(LDFLAGS_shared_HP)


diff --git a/meta-oe/recipes-support/passwdqc/passwdqc_1.3.1.bb b/meta-oe/recipes-support/passwdqc/passwdqc_1.3.1.bb new file mode 100644 index 000000000..b8f923c29 --- /dev/null +++ b/meta-oe/recipes-support/passwdqc/passwdqc_1.3.1.bb
@@ -0,0 +1,63 @@
		1	SUMMARY = "A password/passphrase strength checking and enforcement toolset"
		2	DESCRIPTION = "\
		3	passwdqc is a password/passphrase strength checking and policy enforcement \
		4	toolset, including an optional PAM module (pam_passwdqc), command-line \
		5	programs (pwqcheck and pwqgen), and a library (libpasswdqc). \
		6	pam_passwdqc is normally invoked on password changes by programs such as \
		7	passwd(1). It is capable of checking password or passphrase strength, \
		8	enforcing a policy, and offering randomly-generated passphrases, with \
		9	all of these features being optional and easily (re-)configurable. \
		10	\
		11	pwqcheck and pwqgen are standalone password/passphrase strength checking \
		12	and random passphrase generator programs, respectively, which are usable \
		13	from scripts. \
		14	\
		15	libpasswdqc is the underlying library, which may also be used from \
		16	third-party programs. \
		17	"
		18
		19	HOMEPAGE = "http://www.openwall.com/passwdqc"
		20	SECTION = "System Environment/Base"
		21
		22	DEPENDS += "libpam"
		23
		24	LICENSE = "BSD"
		25	LIC_FILES_CHKSUM = "file://LICENSE;md5=1b4af6f3d4ee079a38107366e93b334d"
		26
		27	SRC_URI = "http://www.openwall.com/${BPN}/${BP}.tar.gz \
		28	file://makefile-add-ldflags.patch \
		29	"
		30	SRC_URI[md5sum] = "3878b57bcd3fdbcf3d4b362dbc6228b9"
		31	SRC_URI[sha256sum] = "d1fedeaf759e8a0f32d28b5811ef11b5a5365154849190f4b7fab670a70ffb14"
		32
		33	# explicitly define LINUX_PAM in case DISTRO_FEATURES no pam
		34	# this package's pam_passwdqc.so needs pam
		35	CFLAGS_append += "-Wall -fPIC -DHAVE_SHADOW -DLINUX_PAM"
		36
		37	# -e is no longer default setting in bitbake.conf
		38	EXTRA_OEMAKE = "-e"
		39
		40	do_compile() {
		41	# make sure sub make use environment to override variables in Makefile
		42	# Linux) $(MAKE), there is a tab between
		43	sed -i -e 's/Linux) $(MAKE) CFLAGS_lib/Linux) $(MAKE) -e CFLAGS_lib/' ${S}/Makefile
		44
		45	# LD_lib and LD must be CC because of Makefile
		46	oe_runmake LD="${CC}"
		47	}
		48
		49	do_install() {
		50	oe_runmake install DESTDIR=${D} SHARED_LIBDIR=${base_libdir} \
		51	DEVEL_LIBDIR=${libdir} SECUREDIR=${base_libdir}/security \
		52	INSTALL="install -p"
		53	}
		54
		55	PROVIDES += "pam-${BPN}"
		56	PACKAGES =+ "lib${BPN} pam-${BPN}"
		57
		58	FILES_lib${BPN} = "${base_libdir}/libpasswdqc.so.0"
		59	FILES_pam-${BPN} = "${base_libdir}/security/pam_passwdqc.so"
		60	FILES_${PN}-dbg += "${base_libdir}/security/.debug"
		61
		62	RDEPENDS_${PN} = "lib${BPN}"
		63	RDEPENDS_pam-${BPN} = "lib${BPN}"