diff options
| author | Chen Qi <Qi.Chen@windriver.com> | 2018-07-27 16:04:34 +0800 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-07-30 12:44:35 +0100 |
| commit | ffb63803eac6ba97d1b9e1f3d648bc4d81bf0276 (patch) | |
| tree | d29c106cf81ae93e47b30aaaf87e10bbcdfc10eb | |
| parent | 96f011e628fe360644bfdd7650145b996d61740c (diff) | |
| download | poky-ffb63803eac6ba97d1b9e1f3d648bc4d81bf0276.tar.gz | |
shadow: upgrade 4.2.1 -> 4.6
The following patches are removed because problems have been fixed in this version.
0001-shadow-CVE-2017-12424
fix-installation-failure-with-subids-disabled.patch
usermod-fix-compilation-failure-with-subids-disabled.patch
CVE-2017-2616.patch
check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch
0001-Do-not-read-login.defs-before-doing-chroot.patch
The following patches are rebased.
0001-Disable-use-of-syslog-for-sysroot.patch
0001-useradd-copy-extended-attributes-of-home.patch
0001-useradd.c-create-parent-directories-when-necessary.patch
allow-for-setting-password-in-clear-text.patch
(From OE-Core rev: 79dd22729d5b8a2f2cf4294ff6b261c9d6ecd977)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
14 files changed, 209 insertions, 375 deletions
diff --git a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch b/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch index a6f604b652..aac2d42b12 100644 --- a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch +++ b/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch | |||
| @@ -11,6 +11,7 @@ Upstream-Status: Inappropriate [disable feature] | |||
| 11 | 11 | ||
| 12 | Signed-off-by: Scott Garman <scott.a.garman@intel.com> | 12 | Signed-off-by: Scott Garman <scott.a.garman@intel.com> |
| 13 | Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> | 13 | Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> |
| 14 | Signed-off-by: Chen Qi <Qi.Chen@windriver.com> | ||
| 14 | --- | 15 | --- |
| 15 | src/groupadd.c | 3 +++ | 16 | src/groupadd.c | 3 +++ |
| 16 | src/groupdel.c | 3 +++ | 17 | src/groupdel.c | 3 +++ |
| @@ -22,7 +23,7 @@ Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> | |||
| 22 | 7 files changed, 21 insertions(+) | 23 | 7 files changed, 21 insertions(+) |
| 23 | 24 | ||
| 24 | diff --git a/src/groupadd.c b/src/groupadd.c | 25 | diff --git a/src/groupadd.c b/src/groupadd.c |
| 25 | index 39b4ec0..f716f57 100644 | 26 | index 63e1c48..a596c49 100644 |
| 26 | --- a/src/groupadd.c | 27 | --- a/src/groupadd.c |
| 27 | +++ b/src/groupadd.c | 28 | +++ b/src/groupadd.c |
| 28 | @@ -34,6 +34,9 @@ | 29 | @@ -34,6 +34,9 @@ |
| @@ -36,7 +37,7 @@ index 39b4ec0..f716f57 100644 | |||
| 36 | #include <fcntl.h> | 37 | #include <fcntl.h> |
| 37 | #include <getopt.h> | 38 | #include <getopt.h> |
| 38 | diff --git a/src/groupdel.c b/src/groupdel.c | 39 | diff --git a/src/groupdel.c b/src/groupdel.c |
| 39 | index da99347..46a679c 100644 | 40 | index 70bed01..ababd81 100644 |
| 40 | --- a/src/groupdel.c | 41 | --- a/src/groupdel.c |
| 41 | +++ b/src/groupdel.c | 42 | +++ b/src/groupdel.c |
| 42 | @@ -34,6 +34,9 @@ | 43 | @@ -34,6 +34,9 @@ |
| @@ -50,7 +51,7 @@ index da99347..46a679c 100644 | |||
| 50 | #include <fcntl.h> | 51 | #include <fcntl.h> |
| 51 | #include <grp.h> | 52 | #include <grp.h> |
| 52 | diff --git a/src/groupmems.c b/src/groupmems.c | 53 | diff --git a/src/groupmems.c b/src/groupmems.c |
| 53 | index e4f107f..95cb073 100644 | 54 | index fc91c8b..2842514 100644 |
| 54 | --- a/src/groupmems.c | 55 | --- a/src/groupmems.c |
| 55 | +++ b/src/groupmems.c | 56 | +++ b/src/groupmems.c |
| 56 | @@ -32,6 +32,9 @@ | 57 | @@ -32,6 +32,9 @@ |
| @@ -64,7 +65,7 @@ index e4f107f..95cb073 100644 | |||
| 64 | #include <getopt.h> | 65 | #include <getopt.h> |
| 65 | #include <grp.h> | 66 | #include <grp.h> |
| 66 | diff --git a/src/groupmod.c b/src/groupmod.c | 67 | diff --git a/src/groupmod.c b/src/groupmod.c |
| 67 | index d9d3807..6229737 100644 | 68 | index 72daf2c..8965f9d 100644 |
| 68 | --- a/src/groupmod.c | 69 | --- a/src/groupmod.c |
| 69 | +++ b/src/groupmod.c | 70 | +++ b/src/groupmod.c |
| 70 | @@ -34,6 +34,9 @@ | 71 | @@ -34,6 +34,9 @@ |
| @@ -78,7 +79,7 @@ index d9d3807..6229737 100644 | |||
| 78 | #include <fcntl.h> | 79 | #include <fcntl.h> |
| 79 | #include <getopt.h> | 80 | #include <getopt.h> |
| 80 | diff --git a/src/useradd.c b/src/useradd.c | 81 | diff --git a/src/useradd.c b/src/useradd.c |
| 81 | index e1ebf50..25679d8 100644 | 82 | index 3aaf45c..1ab9174 100644 |
| 82 | --- a/src/useradd.c | 83 | --- a/src/useradd.c |
| 83 | +++ b/src/useradd.c | 84 | +++ b/src/useradd.c |
| 84 | @@ -34,6 +34,9 @@ | 85 | @@ -34,6 +34,9 @@ |
| @@ -92,7 +93,7 @@ index e1ebf50..25679d8 100644 | |||
| 92 | #include <ctype.h> | 93 | #include <ctype.h> |
| 93 | #include <errno.h> | 94 | #include <errno.h> |
| 94 | diff --git a/src/userdel.c b/src/userdel.c | 95 | diff --git a/src/userdel.c b/src/userdel.c |
| 95 | index 19b12bc..a083929 100644 | 96 | index c8de1d3..24d3ea9 100644 |
| 96 | --- a/src/userdel.c | 97 | --- a/src/userdel.c |
| 97 | +++ b/src/userdel.c | 98 | +++ b/src/userdel.c |
| 98 | @@ -34,6 +34,9 @@ | 99 | @@ -34,6 +34,9 @@ |
| @@ -102,11 +103,11 @@ index 19b12bc..a083929 100644 | |||
| 102 | +/* Disable use of syslog since we're running this command against a sysroot */ | 103 | +/* Disable use of syslog since we're running this command against a sysroot */ |
| 103 | +#undef USE_SYSLOG | 104 | +#undef USE_SYSLOG |
| 104 | + | 105 | + |
| 106 | #include <assert.h> | ||
| 105 | #include <errno.h> | 107 | #include <errno.h> |
| 106 | #include <fcntl.h> | 108 | #include <fcntl.h> |
| 107 | #include <getopt.h> | ||
| 108 | diff --git a/src/usermod.c b/src/usermod.c | 109 | diff --git a/src/usermod.c b/src/usermod.c |
| 109 | index 685b50a..28e5cfc 100644 | 110 | index ccfbb99..24fb60d 100644 |
| 110 | --- a/src/usermod.c | 111 | --- a/src/usermod.c |
| 111 | +++ b/src/usermod.c | 112 | +++ b/src/usermod.c |
| 112 | @@ -34,6 +34,9 @@ | 113 | @@ -34,6 +34,9 @@ |
| @@ -116,9 +117,9 @@ index 685b50a..28e5cfc 100644 | |||
| 116 | +/* Disable use of syslog since we're running this command against a sysroot */ | 117 | +/* Disable use of syslog since we're running this command against a sysroot */ |
| 117 | +#undef USE_SYSLOG | 118 | +#undef USE_SYSLOG |
| 118 | + | 119 | + |
| 120 | #include <assert.h> | ||
| 119 | #include <ctype.h> | 121 | #include <ctype.h> |
| 120 | #include <errno.h> | 122 | #include <errno.h> |
| 121 | #include <fcntl.h> | ||
| 122 | -- | 123 | -- |
| 123 | 2.1.0 | 124 | 2.11.0 |
| 124 | 125 | ||
diff --git a/meta/recipes-extended/shadow/files/0001-Do-not-read-login.defs-before-doing-chroot.patch b/meta/recipes-extended/shadow/files/0001-Do-not-read-login.defs-before-doing-chroot.patch deleted file mode 100644 index 828b95a572..0000000000 --- a/meta/recipes-extended/shadow/files/0001-Do-not-read-login.defs-before-doing-chroot.patch +++ /dev/null | |||
| @@ -1,46 +0,0 @@ | |||
| 1 | From 170c25c8e0b5c3dc2615d1db94c8d24a13ff99bf Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Peter Kjellerstedt <pkj@axis.com> | ||
| 3 | Date: Thu, 11 Sep 2014 15:11:23 +0200 | ||
| 4 | Subject: [PATCH] Do not read login.defs before doing chroot() | ||
| 5 | |||
| 6 | If "useradd --root <root> ..." was used, the login.defs file would still | ||
| 7 | be read from /etc/login.defs instead of <root>/etc/login.defs. This was | ||
| 8 | due to getdef_ulong() being called before process_root_flag(). | ||
| 9 | |||
| 10 | Upstream-Status: Submitted [http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/2014-September/010446.html] | ||
| 11 | |||
| 12 | Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> | ||
| 13 | --- | ||
| 14 | src/useradd.c | 8 ++++++-- | ||
| 15 | 1 file changed, 6 insertions(+), 2 deletions(-) | ||
| 16 | |||
| 17 | diff --git a/src/useradd.c b/src/useradd.c | ||
| 18 | index a8a1f76..e1ebf50 100644 | ||
| 19 | --- a/src/useradd.c | ||
| 20 | +++ b/src/useradd.c | ||
| 21 | @@ -1993,9 +1993,11 @@ int main (int argc, char **argv) | ||
| 22 | #endif /* USE_PAM */ | ||
| 23 | #endif /* ACCT_TOOLS_SETUID */ | ||
| 24 | |||
| 25 | +#ifdef ENABLE_SUBIDS | ||
| 26 | /* Needed for userns check */ | ||
| 27 | - uid_t uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL); | ||
| 28 | - uid_t uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL); | ||
| 29 | + uid_t uid_min; | ||
| 30 | + uid_t uid_max; | ||
| 31 | +#endif | ||
| 32 | |||
| 33 | /* | ||
| 34 | * Get my name so that I can use it to report errors. | ||
| 35 | @@ -2026,6 +2028,8 @@ int main (int argc, char **argv) | ||
| 36 | is_shadow_grp = sgr_file_present (); | ||
| 37 | #endif | ||
| 38 | #ifdef ENABLE_SUBIDS | ||
| 39 | + uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL); | ||
| 40 | + uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL); | ||
| 41 | is_sub_uid = sub_uid_file_present () && !rflg && | ||
| 42 | (!user_id || (user_id <= uid_max && user_id >= uid_min)); | ||
| 43 | is_sub_gid = sub_gid_file_present () && !rflg && | ||
| 44 | -- | ||
| 45 | 1.9.0 | ||
| 46 | |||
diff --git a/meta/recipes-extended/shadow/files/0001-shadow-CVE-2017-12424 b/meta/recipes-extended/shadow/files/0001-shadow-CVE-2017-12424 deleted file mode 100644 index 4d3e1e016c..0000000000 --- a/meta/recipes-extended/shadow/files/0001-shadow-CVE-2017-12424 +++ /dev/null | |||
| @@ -1,46 +0,0 @@ | |||
| 1 | From 954e3d2e7113e9ac06632aee3c69b8d818cc8952 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Tomas Mraz <tmraz@fedoraproject.org> | ||
| 3 | Date: Fri, 31 Mar 2017 16:25:06 +0200 | ||
| 4 | Subject: [PATCH] Fix buffer overflow if NULL line is present in db. | ||
| 5 | |||
| 6 | If ptr->line == NULL for an entry, the first cycle will exit, | ||
| 7 | but the second one will happily write past entries buffer. | ||
| 8 | We actually do not want to exit the first cycle prematurely | ||
| 9 | on ptr->line == NULL. | ||
| 10 | Signed-off-by: Tomas Mraz <tmraz@fedoraproject.org> | ||
| 11 | |||
| 12 | CVE: CVE-2017-12424 | ||
| 13 | Upstream-Status: Backport | ||
| 14 | Signed-off-by: Chen Qi <Qi.Chen@windriver.com> | ||
| 15 | --- | ||
| 16 | lib/commonio.c | 8 ++++---- | ||
| 17 | 1 file changed, 4 insertions(+), 4 deletions(-) | ||
| 18 | |||
| 19 | diff --git a/lib/commonio.c b/lib/commonio.c | ||
| 20 | index b10da06..31edbaa 100644 | ||
| 21 | --- a/lib/commonio.c | ||
| 22 | +++ b/lib/commonio.c | ||
| 23 | @@ -751,16 +751,16 @@ commonio_sort (struct commonio_db *db, int (*cmp) (const void *, const void *)) | ||
| 24 | for (ptr = db->head; | ||
| 25 | (NULL != ptr) | ||
| 26 | #if KEEP_NIS_AT_END | ||
| 27 | - && (NULL != ptr->line) | ||
| 28 | - && ( ('+' != ptr->line[0]) | ||
| 29 | - && ('-' != ptr->line[0])) | ||
| 30 | + && ((NULL == ptr->line) | ||
| 31 | + || (('+' != ptr->line[0]) | ||
| 32 | + && ('-' != ptr->line[0]))) | ||
| 33 | #endif | ||
| 34 | ; | ||
| 35 | ptr = ptr->next) { | ||
| 36 | n++; | ||
| 37 | } | ||
| 38 | #if KEEP_NIS_AT_END | ||
| 39 | - if ((NULL != ptr) && (NULL != ptr->line)) { | ||
| 40 | + if (NULL != ptr) { | ||
| 41 | nis = ptr; | ||
| 42 | } | ||
| 43 | #endif | ||
| 44 | -- | ||
| 45 | 2.1.0 | ||
| 46 | |||
diff --git a/meta/recipes-extended/shadow/files/0001-useradd-copy-extended-attributes-of-home.patch b/meta/recipes-extended/shadow/files/0001-useradd-copy-extended-attributes-of-home.patch index 60a46e1257..474b3a257e 100644 --- a/meta/recipes-extended/shadow/files/0001-useradd-copy-extended-attributes-of-home.patch +++ b/meta/recipes-extended/shadow/files/0001-useradd-copy-extended-attributes-of-home.patch | |||
| @@ -1,47 +1,41 @@ | |||
| 1 | From acec93540eba6899661c607408498ac72ab07a47 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh> | ||
| 3 | Date: Tue, 7 Mar 2017 16:03:03 +0100 | ||
| 4 | Subject: [PATCH] useradd: copy extended attributes of home | 1 | Subject: [PATCH] useradd: copy extended attributes of home |
| 5 | MIME-Version: 1.0 | ||
| 6 | Content-Type: text/plain; charset=UTF-8 | ||
| 7 | Content-Transfer-Encoding: 8bit | ||
| 8 | 2 | ||
| 9 | The Home directory wasn't getting the extended attributes | 3 | The Home directory wasn't getting the extended attributes |
| 10 | of /etc/skel. This patch fixes that issue and adds the copy | 4 | of /etc/skel. This patch fixes that issue and adds the copy |
| 11 | of the extended attributes of the root of the home directory. | 5 | of the extended attributes of the root of the home directory. |
| 12 | 6 | ||
| 13 | Upstream-Status: Submitted [http://lists.alioth.debian.org/pipermail/pkg-shadow-commits/2017-March/003804.html] | 7 | Upstream-Status: Pending |
| 14 | 8 | ||
| 15 | Change-Id: Icd633f7c6c494efd2a30cb8f04c306f749ad0c3b | ||
| 16 | Signed-off-by: José Bollo <jose.bollo@iot.bzh> | 9 | Signed-off-by: José Bollo <jose.bollo@iot.bzh> |
| 10 | Signed-off-by: Chen Qi <Qi.Chen@windriver.com> | ||
| 17 | --- | 11 | --- |
| 18 | src/useradd.c | 6 ++++++ | 12 | src/useradd.c | 6 ++++++ |
| 19 | 1 file changed, 6 insertions(+) | 13 | 1 file changed, 6 insertions(+) |
| 20 | 14 | ||
| 21 | diff --git a/src/useradd.c b/src/useradd.c | 15 | diff --git a/src/useradd.c b/src/useradd.c |
| 22 | index a8a1f76..8aefb9c 100644 | 16 | index e721e52..c74e491 100644 |
| 23 | --- a/src/useradd.c | 17 | --- a/src/useradd.c |
| 24 | +++ b/src/useradd.c | 18 | +++ b/src/useradd.c |
| 25 | @@ -52,6 +52,9 @@ | 19 | @@ -54,6 +54,9 @@ |
| 26 | #include <sys/stat.h> | 20 | #include <sys/wait.h> |
| 27 | #include <sys/types.h> | ||
| 28 | #include <time.h> | 21 | #include <time.h> |
| 22 | #include <unistd.h> | ||
| 29 | +#ifdef WITH_ATTR | 23 | +#ifdef WITH_ATTR |
| 30 | +#include <attr/libattr.h> | 24 | +#include <attr/libattr.h> |
| 31 | +#endif | 25 | +#endif |
| 32 | #include "chkname.h" | 26 | #include "chkname.h" |
| 33 | #include "defines.h" | 27 | #include "defines.h" |
| 34 | #include "faillog.h" | 28 | #include "faillog.h" |
| 35 | @@ -1915,6 +1918,9 @@ static void create_home (void) | 29 | @@ -2042,6 +2045,9 @@ static void create_home (void) |
| 36 | chown (user_home, user_id, user_gid); | 30 | (void) chown (prefix_user_home, user_id, user_gid); |
| 37 | chmod (user_home, | 31 | chmod (prefix_user_home, |
| 38 | 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK)); | 32 | 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK)); |
| 39 | +#ifdef WITH_ATTR | 33 | +#ifdef WITH_ATTR |
| 40 | + attr_copy_file (def_template, user_home, NULL, NULL); | 34 | + attr_copy_file (def_template, user_home, NULL, NULL); |
| 41 | +#endif | 35 | +#endif |
| 42 | home_added = true; | 36 | home_added = true; |
| 43 | #ifdef WITH_AUDIT | 37 | #ifdef WITH_AUDIT |
| 44 | audit_logger (AUDIT_ADD_USER, Prog, | 38 | audit_logger (AUDIT_ADD_USER, Prog, |
| 45 | -- | 39 | -- |
| 46 | 2.9.3 | 40 | 2.11.0 |
| 47 | 41 | ||
diff --git a/meta/recipes-extended/shadow/files/0001-useradd.c-create-parent-directories-when-necessary.patch b/meta/recipes-extended/shadow/files/0001-useradd.c-create-parent-directories-when-necessary.patch index 2f084b4e9b..7024136593 100644 --- a/meta/recipes-extended/shadow/files/0001-useradd.c-create-parent-directories-when-necessary.patch +++ b/meta/recipes-extended/shadow/files/0001-useradd.c-create-parent-directories-when-necessary.patch | |||
| @@ -1,17 +1,17 @@ | |||
| 1 | Upstream-Status: Inappropriate [OE specific] | 1 | Subject: [PATCH] useradd.c: create parent directories when necessary |
| 2 | 2 | ||
| 3 | Subject: useradd.c: create parent directories when necessary | 3 | Upstream-Status: Inappropriate [OE specific] |
| 4 | 4 | ||
| 5 | Signed-off-by: Chen Qi <Qi.Chen@windriver.com> | 5 | Signed-off-by: Chen Qi <Qi.Chen@windriver.com> |
| 6 | --- | 6 | --- |
| 7 | src/useradd.c | 72 +++++++++++++++++++++++++++++++++++++++------------------ | 7 | src/useradd.c | 82 +++++++++++++++++++++++++++++++++++++++-------------------- |
| 8 | 1 file changed, 49 insertions(+), 23 deletions(-) | 8 | 1 file changed, 54 insertions(+), 28 deletions(-) |
| 9 | 9 | ||
| 10 | diff --git a/src/useradd.c b/src/useradd.c | 10 | diff --git a/src/useradd.c b/src/useradd.c |
| 11 | index 4bd969d..cb5dd6c 100644 | 11 | index 7214e72..3aaf45c 100644 |
| 12 | --- a/src/useradd.c | 12 | --- a/src/useradd.c |
| 13 | +++ b/src/useradd.c | 13 | +++ b/src/useradd.c |
| 14 | @@ -1896,6 +1896,35 @@ static void usr_update (void) | 14 | @@ -2021,6 +2021,35 @@ static void usr_update (void) |
| 15 | } | 15 | } |
| 16 | 16 | ||
| 17 | /* | 17 | /* |
| @@ -47,63 +47,68 @@ index 4bd969d..cb5dd6c 100644 | |||
| 47 | * create_home - create the user's home directory | 47 | * create_home - create the user's home directory |
| 48 | * | 48 | * |
| 49 | * create_home() creates the user's home directory if it does not | 49 | * create_home() creates the user's home directory if it does not |
| 50 | @@ -1910,39 +1939,36 @@ static void create_home (void) | 50 | @@ -2038,42 +2067,39 @@ static void create_home (void) |
| 51 | fail_exit (E_HOMEDIR); | 51 | fail_exit (E_HOMEDIR); |
| 52 | } | 52 | } |
| 53 | #endif | 53 | #endif |
| 54 | - /* XXX - create missing parent directories. --marekm */ | 54 | - /* XXX - create missing parent directories. --marekm */ |
| 55 | - if (mkdir (user_home, 0) != 0) { | 55 | - if (mkdir (prefix_user_home, 0) != 0) { |
| 56 | - fprintf (stderr, | 56 | - fprintf (stderr, |
| 57 | - _("%s: cannot create directory %s\n"), | 57 | - _("%s: cannot create directory %s\n"), |
| 58 | - Prog, user_home); | 58 | - Prog, prefix_user_home); |
| 59 | -#ifdef WITH_AUDIT | 59 | + mkdir_p(user_home); |
| 60 | + } | ||
| 61 | + if (access (prefix_user_home, F_OK) != 0) { | ||
| 62 | #ifdef WITH_AUDIT | ||
| 60 | - audit_logger (AUDIT_ADD_USER, Prog, | 63 | - audit_logger (AUDIT_ADD_USER, Prog, |
| 61 | - "adding home directory", | 64 | - "adding home directory", |
| 62 | - user_name, (unsigned int) user_id, | 65 | - user_name, (unsigned int) user_id, |
| 63 | - SHADOW_AUDIT_FAILURE); | 66 | - SHADOW_AUDIT_FAILURE); |
| 64 | -#endif | 67 | + audit_logger (AUDIT_ADD_USER, Prog, |
| 65 | - fail_exit (E_HOMEDIR); | 68 | + "adding home directory", |
| 66 | - } | 69 | + user_name, (unsigned int) user_id, |
| 67 | - chown (user_home, user_id, user_gid); | 70 | + SHADOW_AUDIT_FAILURE); |
| 68 | - chmod (user_home, | ||
| 69 | - 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK)); | ||
| 70 | -#ifdef WITH_ATTR | ||
| 71 | - attr_copy_file (def_template, user_home, NULL, NULL); | ||
| 72 | -#endif | ||
| 73 | - home_added = true; | ||
| 74 | + mkdir_p(user_home); | ||
| 75 | + } | ||
| 76 | + if (access (user_home, F_OK) != 0) { | ||
| 77 | #ifdef WITH_AUDIT | ||
| 78 | audit_logger (AUDIT_ADD_USER, Prog, | ||
| 79 | "adding home directory", | ||
| 80 | user_name, (unsigned int) user_id, | ||
| 81 | - SHADOW_AUDIT_SUCCESS); | ||
| 82 | + SHADOW_AUDIT_FAILURE); | ||
| 83 | #endif | 71 | #endif |
| 84 | -#ifdef WITH_SELINUX | ||
| 85 | - /* Reset SELinux to create files with default contexts */ | ||
| 86 | - if (reset_selinux_file_context () != 0) { | ||
| 87 | - fail_exit (E_HOMEDIR); | 72 | - fail_exit (E_HOMEDIR); |
| 88 | - } | 73 | - } |
| 74 | - (void) chown (prefix_user_home, user_id, user_gid); | ||
| 75 | - chmod (prefix_user_home, | ||
| 76 | - 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK)); | ||
| 89 | + fail_exit (E_HOMEDIR); | 77 | + fail_exit (E_HOMEDIR); |
| 90 | + } | 78 | + } |
| 91 | + chown (user_home, user_id, user_gid); | 79 | + (void) chown (prefix_user_home, user_id, user_gid); |
| 92 | + chmod (user_home, | 80 | + chmod (prefix_user_home, |
| 93 | + 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK)); | 81 | + 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK)); |
| 94 | +#ifdef WITH_ATTR | 82 | #ifdef WITH_ATTR |
| 83 | - attr_copy_file (def_template, user_home, NULL, NULL); | ||
| 95 | + attr_copy_file (def_template, user_home, NULL, NULL); | 84 | + attr_copy_file (def_template, user_home, NULL, NULL); |
| 96 | +#endif | 85 | #endif |
| 86 | - home_added = true; | ||
| 97 | + home_added = true; | 87 | + home_added = true; |
| 98 | +#ifdef WITH_AUDIT | 88 | #ifdef WITH_AUDIT |
| 89 | - audit_logger (AUDIT_ADD_USER, Prog, | ||
| 90 | - "adding home directory", | ||
| 91 | - user_name, (unsigned int) user_id, | ||
| 92 | - SHADOW_AUDIT_SUCCESS); | ||
| 99 | + audit_logger (AUDIT_ADD_USER, Prog, | 93 | + audit_logger (AUDIT_ADD_USER, Prog, |
| 100 | + "adding home directory", | 94 | + "adding home directory", |
| 101 | + user_name, (unsigned int) user_id, | 95 | + user_name, (unsigned int) user_id, |
| 102 | + SHADOW_AUDIT_SUCCESS); | 96 | + SHADOW_AUDIT_SUCCESS); |
| 103 | #endif | 97 | #endif |
| 104 | +#ifdef WITH_SELINUX | 98 | #ifdef WITH_SELINUX |
| 99 | - /* Reset SELinux to create files with default contexts */ | ||
| 100 | - if (reset_selinux_file_context () != 0) { | ||
| 101 | - fprintf (stderr, | ||
| 102 | - _("%s: cannot reset SELinux file creation context\n"), | ||
| 103 | - Prog); | ||
| 104 | - fail_exit (E_HOMEDIR); | ||
| 105 | - } | ||
| 106 | -#endif | ||
| 105 | + /* Reset SELinux to create files with default contexts */ | 107 | + /* Reset SELinux to create files with default contexts */ |
| 106 | + if (reset_selinux_file_context () != 0) { | 108 | + if (reset_selinux_file_context () != 0) { |
| 109 | + fprintf (stderr, | ||
| 110 | + _("%s: cannot reset SELinux file creation context\n"), | ||
| 111 | + Prog); | ||
| 107 | + fail_exit (E_HOMEDIR); | 112 | + fail_exit (E_HOMEDIR); |
| 108 | } | 113 | } |
| 109 | +#endif | 114 | +#endif |
| @@ -111,5 +116,5 @@ index 4bd969d..cb5dd6c 100644 | |||
| 111 | 116 | ||
| 112 | /* | 117 | /* |
| 113 | -- | 118 | -- |
| 114 | 1.7.9.5 | 119 | 2.11.0 |
| 115 | 120 | ||
diff --git a/meta/recipes-extended/shadow/files/CVE-2017-2616.patch b/meta/recipes-extended/shadow/files/CVE-2017-2616.patch deleted file mode 100644 index ee728f0952..0000000000 --- a/meta/recipes-extended/shadow/files/CVE-2017-2616.patch +++ /dev/null | |||
| @@ -1,64 +0,0 @@ | |||
| 1 | shadow-4.2.1: Fix CVE-2017-2616 | ||
| 2 | |||
| 3 | [No upstream tracking] -- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855943 | ||
| 4 | |||
| 5 | su: properly clear child PID | ||
| 6 | |||
| 7 | If su is compiled with PAM support, it is possible for any local user | ||
| 8 | to send SIGKILL to other processes with root privileges. There are | ||
| 9 | only two conditions. First, the user must be able to perform su with | ||
| 10 | a successful login. This does NOT have to be the root user, even using | ||
| 11 | su with the same id is enough, e.g. "su $(whoami)". Second, SIGKILL | ||
| 12 | can only be sent to processes which were executed after the su process. | ||
| 13 | It is not possible to send SIGKILL to processes which were already | ||
| 14 | running. I consider this as a security vulnerability, because I was | ||
| 15 | able to write a proof of concept which unlocked a screen saver of | ||
| 16 | another user this way. | ||
| 17 | |||
| 18 | Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/08fd4b69e84364677a10e519ccb25b71710ee686] | ||
| 19 | CVE: CVE-2017-2616 | ||
| 20 | bug: 855943 | ||
| 21 | Signed-off-by: Andrej Valek <andrej.valek@siemens.com> | ||
| 22 | |||
| 23 | diff --git a/src/su.c b/src/su.c | ||
| 24 | index 3704217..1efcd61 100644 | ||
| 25 | --- a/src/su.c | ||
| 26 | +++ b/src/su.c | ||
| 27 | @@ -363,20 +363,35 @@ static void prepare_pam_close_session (void) | ||
| 28 | /* wake child when resumed */ | ||
| 29 | kill (pid, SIGCONT); | ||
| 30 | stop = false; | ||
| 31 | + } else { | ||
| 32 | + pid_child = 0; | ||
| 33 | } | ||
| 34 | } while (!stop); | ||
| 35 | } | ||
| 36 | |||
| 37 | - if (0 != caught) { | ||
| 38 | + if (0 != caught && 0 != pid_child) { | ||
| 39 | (void) fputs ("\n", stderr); | ||
| 40 | (void) fputs (_("Session terminated, terminating shell..."), | ||
| 41 | stderr); | ||
| 42 | (void) kill (-pid_child, caught); | ||
| 43 | |||
| 44 | (void) signal (SIGALRM, kill_child); | ||
| 45 | + (void) signal (SIGCHLD, catch_signals); | ||
| 46 | (void) alarm (2); | ||
| 47 | |||
| 48 | - (void) wait (&status); | ||
| 49 | + sigemptyset (&ourset); | ||
| 50 | + if ((sigaddset (&ourset, SIGALRM) != 0) | ||
| 51 | + || (sigprocmask (SIG_BLOCK, &ourset, NULL) != 0)) { | ||
| 52 | + fprintf (stderr, _("%s: signal masking malfunction\n"), Prog); | ||
| 53 | + kill_child (0); | ||
| 54 | + } else { | ||
| 55 | + while (0 == waitpid (pid_child, &status, WNOHANG)) { | ||
| 56 | + sigsuspend (&ourset); | ||
| 57 | + } | ||
| 58 | + pid_child = 0; | ||
| 59 | + (void) sigprocmask (SIG_UNBLOCK, &ourset, NULL); | ||
| 60 | + } | ||
| 61 | + | ||
| 62 | (void) fputs (_(" ...terminated.\n"), stderr); | ||
| 63 | } | ||
| 64 | |||
diff --git a/meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch b/meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch index 615c6e002d..fa7eb07aa5 100644 --- a/meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch +++ b/meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch | |||
| @@ -1,21 +1,21 @@ | |||
| 1 | Upstream-Status: Inappropriate [OE specific] | 1 | Subject: [PATCH] Allow for setting password in clear text |
| 2 | 2 | ||
| 3 | Allow for setting password in clear text. | 3 | Upstream-Status: Inappropriate [OE specific] |
| 4 | 4 | ||
| 5 | Signed-off-by: Chen Qi <Qi.Chen@windriver.com> | 5 | Signed-off-by: Chen Qi <Qi.Chen@windriver.com> |
| 6 | --- | 6 | --- |
| 7 | src/Makefile.am | 8 ++++---- | 7 | src/Makefile.am | 8 ++++---- |
| 8 | src/groupadd.c | 8 +++++++- | 8 | src/groupadd.c | 20 +++++++++++++++----- |
| 9 | src/groupmod.c | 8 +++++++- | 9 | src/groupmod.c | 20 +++++++++++++++----- |
| 10 | src/useradd.c | 9 +++++++-- | 10 | src/useradd.c | 21 +++++++++++++++------ |
| 11 | src/usermod.c | 8 +++++++- | 11 | src/usermod.c | 20 +++++++++++++++----- |
| 12 | 5 files changed, 32 insertions(+), 9 deletions(-) | 12 | 5 files changed, 64 insertions(+), 25 deletions(-) |
| 13 | 13 | ||
| 14 | diff --git a/src/Makefile.am b/src/Makefile.am | 14 | diff --git a/src/Makefile.am b/src/Makefile.am |
| 15 | index 25e288d..856b087 100644 | 15 | index 3c98a8d..b8093d5 100644 |
| 16 | --- a/src/Makefile.am | 16 | --- a/src/Makefile.am |
| 17 | +++ b/src/Makefile.am | 17 | +++ b/src/Makefile.am |
| 18 | @@ -88,10 +88,10 @@ chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT) | 18 | @@ -93,10 +93,10 @@ chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT) |
| 19 | chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) | 19 | chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) |
| 20 | chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT) | 20 | chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT) |
| 21 | gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) | 21 | gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) |
| @@ -28,9 +28,9 @@ index 25e288d..856b087 100644 | |||
| 28 | grpck_LDADD = $(LDADD) $(LIBSELINUX) | 28 | grpck_LDADD = $(LDADD) $(LIBSELINUX) |
| 29 | grpconv_LDADD = $(LDADD) $(LIBSELINUX) | 29 | grpconv_LDADD = $(LDADD) $(LIBSELINUX) |
| 30 | grpunconv_LDADD = $(LDADD) $(LIBSELINUX) | 30 | grpunconv_LDADD = $(LDADD) $(LIBSELINUX) |
| 31 | @@ -111,9 +111,9 @@ su_SOURCES = \ | 31 | @@ -117,9 +117,9 @@ su_SOURCES = \ |
| 32 | suauth.c | 32 | suauth.c |
| 33 | su_LDADD = $(LDADD) $(LIBPAM) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) | 33 | su_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) |
| 34 | sulogin_LDADD = $(LDADD) $(LIBCRYPT) | 34 | sulogin_LDADD = $(LDADD) $(LIBCRYPT) |
| 35 | -useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) | 35 | -useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) |
| 36 | +useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBCRYPT) | 36 | +useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBCRYPT) |
| @@ -41,33 +41,39 @@ index 25e288d..856b087 100644 | |||
| 41 | 41 | ||
| 42 | install-am: all-am | 42 | install-am: all-am |
| 43 | diff --git a/src/groupadd.c b/src/groupadd.c | 43 | diff --git a/src/groupadd.c b/src/groupadd.c |
| 44 | index f716f57..4e28c26 100644 | 44 | index b57006c..63e1c48 100644 |
| 45 | --- a/src/groupadd.c | 45 | --- a/src/groupadd.c |
| 46 | +++ b/src/groupadd.c | 46 | +++ b/src/groupadd.c |
| 47 | @@ -124,6 +124,7 @@ static /*@noreturn@*/void usage (int status) | 47 | @@ -123,9 +123,10 @@ static /*@noreturn@*/void usage (int status) |
| 48 | (void) fputs (_(" -o, --non-unique allow to create groups with duplicate\n" | 48 | (void) fputs (_(" -o, --non-unique allow to create groups with duplicate\n" |
| 49 | " (non-unique) GID\n"), usageout); | 49 | " (non-unique) GID\n"), usageout); |
| 50 | (void) fputs (_(" -p, --password PASSWORD use this encrypted password for the new group\n"), usageout); | 50 | (void) fputs (_(" -p, --password PASSWORD use this encrypted password for the new group\n"), usageout); |
| 51 | + (void) fputs (_(" -P, --clear-password PASSWORD use this clear password for the new group\n"), usageout); | 51 | + (void) fputs (_(" -P, --clear-password PASSWORD use this clear password for the new group\n"), usageout); |
| 52 | (void) fputs (_(" -r, --system create a system account\n"), usageout); | 52 | (void) fputs (_(" -r, --system create a system account\n"), usageout); |
| 53 | (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); | 53 | (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); |
| 54 | - (void) fputs (_(" -P, --prefix PREFIX_DIR directory prefix\n"), usageout); | ||
| 55 | + (void) fputs (_(" -A, --prefix PREFIX_DIR directory prefix\n"), usageout); | ||
| 54 | (void) fputs ("\n", usageout); | 56 | (void) fputs ("\n", usageout); |
| 55 | @@ -387,12 +388,13 @@ static void process_flags (int argc, char **argv) | 57 | exit (status); |
| 58 | } | ||
| 59 | @@ -387,13 +388,14 @@ static void process_flags (int argc, char **argv) | ||
| 56 | {"key", required_argument, NULL, 'K'}, | 60 | {"key", required_argument, NULL, 'K'}, |
| 57 | {"non-unique", no_argument, NULL, 'o'}, | 61 | {"non-unique", no_argument, NULL, 'o'}, |
| 58 | {"password", required_argument, NULL, 'p'}, | 62 | {"password", required_argument, NULL, 'p'}, |
| 59 | + {"clear-password", required_argument, NULL, 'P'}, | 63 | + {"clear-password", required_argument, NULL, 'P'}, |
| 60 | {"system", no_argument, NULL, 'r'}, | 64 | {"system", no_argument, NULL, 'r'}, |
| 61 | {"root", required_argument, NULL, 'R'}, | 65 | {"root", required_argument, NULL, 'R'}, |
| 66 | - {"prefix", required_argument, NULL, 'P'}, | ||
| 67 | + {"prefix", required_argument, NULL, 'A'}, | ||
| 62 | {NULL, 0, NULL, '\0'} | 68 | {NULL, 0, NULL, '\0'} |
| 63 | }; | 69 | }; |
| 64 | 70 | ||
| 65 | - while ((c = getopt_long (argc, argv, "fg:hK:op:rR:", | 71 | - while ((c = getopt_long (argc, argv, "fg:hK:op:rR:P:", |
| 66 | + while ((c = getopt_long (argc, argv, "fg:hK:op:P:rR:", | 72 | + while ((c = getopt_long (argc, argv, "fg:hK:op:P:rR:A:", |
| 67 | long_options, NULL)) != -1) { | 73 | long_options, NULL)) != -1) { |
| 68 | switch (c) { | 74 | switch (c) { |
| 69 | case 'f': | 75 | case 'f': |
| 70 | @@ -444,6 +446,10 @@ static void process_flags (int argc, char **argv) | 76 | @@ -445,12 +447,20 @@ static void process_flags (int argc, char **argv) |
| 71 | pflg = true; | 77 | pflg = true; |
| 72 | group_passwd = optarg; | 78 | group_passwd = optarg; |
| 73 | break; | 79 | break; |
| @@ -78,32 +84,57 @@ index f716f57..4e28c26 100644 | |||
| 78 | case 'r': | 84 | case 'r': |
| 79 | rflg = true; | 85 | rflg = true; |
| 80 | break; | 86 | break; |
| 87 | case 'R': /* no-op, handled in process_root_flag () */ | ||
| 88 | break; | ||
| 89 | - case 'P': /* no-op, handled in process_prefix_flag () */ | ||
| 90 | + case 'A': /* no-op, handled in process_prefix_flag () */ | ||
| 91 | + fprintf (stderr, | ||
| 92 | + _("%s: -A is deliberately not supported \n"), | ||
| 93 | + Prog); | ||
| 94 | + exit (E_BAD_ARG); | ||
| 95 | break; | ||
| 96 | default: | ||
| 97 | usage (E_USAGE); | ||
| 98 | @@ -584,7 +594,7 @@ int main (int argc, char **argv) | ||
| 99 | (void) textdomain (PACKAGE); | ||
| 100 | |||
| 101 | process_root_flag ("-R", argc, argv); | ||
| 102 | - prefix = process_prefix_flag ("-P", argc, argv); | ||
| 103 | + prefix = process_prefix_flag ("-A", argc, argv); | ||
| 104 | |||
| 105 | OPENLOG ("groupadd"); | ||
| 106 | #ifdef WITH_AUDIT | ||
| 81 | diff --git a/src/groupmod.c b/src/groupmod.c | 107 | diff --git a/src/groupmod.c b/src/groupmod.c |
| 82 | index d9d3807..68f49d1 100644 | 108 | index b293b98..72daf2c 100644 |
| 83 | --- a/src/groupmod.c | 109 | --- a/src/groupmod.c |
| 84 | +++ b/src/groupmod.c | 110 | +++ b/src/groupmod.c |
| 85 | @@ -127,6 +127,7 @@ static void usage (int status) | 111 | @@ -134,8 +134,9 @@ static void usage (int status) |
| 86 | (void) fputs (_(" -o, --non-unique allow to use a duplicate (non-unique) GID\n"), usageout); | 112 | (void) fputs (_(" -o, --non-unique allow to use a duplicate (non-unique) GID\n"), usageout); |
| 87 | (void) fputs (_(" -p, --password PASSWORD change the password to this (encrypted)\n" | 113 | (void) fputs (_(" -p, --password PASSWORD change the password to this (encrypted)\n" |
| 88 | " PASSWORD\n"), usageout); | 114 | " PASSWORD\n"), usageout); |
| 89 | + (void) fputs (_(" -P, --clear-password PASSWORD change the password to this clear PASSWORD\n"), usageout); | 115 | + (void) fputs (_(" -P, --clear-password PASSWORD change the password to this clear PASSWORD\n"), usageout); |
| 90 | (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); | 116 | (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); |
| 117 | - (void) fputs (_(" -P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout); | ||
| 118 | + (void) fputs (_(" -A, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout); | ||
| 91 | (void) fputs ("\n", usageout); | 119 | (void) fputs ("\n", usageout); |
| 92 | exit (status); | 120 | exit (status); |
| 93 | @@ -375,10 +376,11 @@ static void process_flags (int argc, char **argv) | 121 | } |
| 122 | @@ -383,11 +384,12 @@ static void process_flags (int argc, char **argv) | ||
| 94 | {"new-name", required_argument, NULL, 'n'}, | 123 | {"new-name", required_argument, NULL, 'n'}, |
| 95 | {"non-unique", no_argument, NULL, 'o'}, | 124 | {"non-unique", no_argument, NULL, 'o'}, |
| 96 | {"password", required_argument, NULL, 'p'}, | 125 | {"password", required_argument, NULL, 'p'}, |
| 97 | + {"clear-password", required_argument, NULL, 'P'}, | 126 | + {"clear-password", required_argument, NULL, 'P'}, |
| 98 | {"root", required_argument, NULL, 'R'}, | 127 | {"root", required_argument, NULL, 'R'}, |
| 128 | - {"prefix", required_argument, NULL, 'P'}, | ||
| 129 | + {"prefix", required_argument, NULL, 'A'}, | ||
| 99 | {NULL, 0, NULL, '\0'} | 130 | {NULL, 0, NULL, '\0'} |
| 100 | }; | 131 | }; |
| 101 | - while ((c = getopt_long (argc, argv, "g:hn:op:R:", | 132 | - while ((c = getopt_long (argc, argv, "g:hn:op:R:P:", |
| 102 | + while ((c = getopt_long (argc, argv, "g:hn:op:P:R:", | 133 | + while ((c = getopt_long (argc, argv, "g:hn:op:P:R:A:", |
| 103 | long_options, NULL)) != -1) { | 134 | long_options, NULL)) != -1) { |
| 104 | switch (c) { | 135 | switch (c) { |
| 105 | case 'g': | 136 | case 'g': |
| 106 | @@ -405,6 +407,10 @@ static void process_flags (int argc, char **argv) | 137 | @@ -414,9 +416,17 @@ static void process_flags (int argc, char **argv) |
| 107 | group_passwd = optarg; | 138 | group_passwd = optarg; |
| 108 | pflg = true; | 139 | pflg = true; |
| 109 | break; | 140 | break; |
| @@ -113,40 +144,65 @@ index d9d3807..68f49d1 100644 | |||
| 113 | + break; | 144 | + break; |
| 114 | case 'R': /* no-op, handled in process_root_flag () */ | 145 | case 'R': /* no-op, handled in process_root_flag () */ |
| 115 | break; | 146 | break; |
| 147 | - case 'P': /* no-op, handled in process_prefix_flag () */ | ||
| 148 | + case 'A': /* no-op, handled in process_prefix_flag () */ | ||
| 149 | + fprintf (stderr, | ||
| 150 | + _("%s: -A is deliberately not supported \n"), | ||
| 151 | + Prog); | ||
| 152 | + exit (E_BAD_ARG); | ||
| 153 | break; | ||
| 116 | default: | 154 | default: |
| 155 | usage (E_USAGE); | ||
| 156 | @@ -757,7 +767,7 @@ int main (int argc, char **argv) | ||
| 157 | (void) textdomain (PACKAGE); | ||
| 158 | |||
| 159 | process_root_flag ("-R", argc, argv); | ||
| 160 | - prefix = process_prefix_flag ("-P", argc, argv); | ||
| 161 | + prefix = process_prefix_flag ("-A", argc, argv); | ||
| 162 | |||
| 163 | OPENLOG ("groupmod"); | ||
| 164 | #ifdef WITH_AUDIT | ||
| 117 | diff --git a/src/useradd.c b/src/useradd.c | 165 | diff --git a/src/useradd.c b/src/useradd.c |
| 118 | index b3bd451..4416f90 100644 | 166 | index c74e491..7214e72 100644 |
| 119 | --- a/src/useradd.c | 167 | --- a/src/useradd.c |
| 120 | +++ b/src/useradd.c | 168 | +++ b/src/useradd.c |
| 121 | @@ -776,6 +776,7 @@ static void usage (int status) | 169 | @@ -829,9 +829,10 @@ static void usage (int status) |
| 122 | (void) fputs (_(" -o, --non-unique allow to create users with duplicate\n" | 170 | (void) fputs (_(" -o, --non-unique allow to create users with duplicate\n" |
| 123 | " (non-unique) UID\n"), usageout); | 171 | " (non-unique) UID\n"), usageout); |
| 124 | (void) fputs (_(" -p, --password PASSWORD encrypted password of the new account\n"), usageout); | 172 | (void) fputs (_(" -p, --password PASSWORD encrypted password of the new account\n"), usageout); |
| 125 | + (void) fputs (_(" -P, --clear-password PASSWORD clear password of the new account\n"), usageout); | 173 | + (void) fputs (_(" -P, --clear-password PASSWORD clear password of the new account\n"), usageout); |
| 126 | (void) fputs (_(" -r, --system create a system account\n"), usageout); | 174 | (void) fputs (_(" -r, --system create a system account\n"), usageout); |
| 127 | (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); | 175 | (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); |
| 176 | - (void) fputs (_(" -P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout); | ||
| 177 | + (void) fputs (_(" -A, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout); | ||
| 128 | (void) fputs (_(" -s, --shell SHELL login shell of the new account\n"), usageout); | 178 | (void) fputs (_(" -s, --shell SHELL login shell of the new account\n"), usageout); |
| 129 | @@ -1050,6 +1051,7 @@ static void process_flags (int argc, char **argv) | 179 | (void) fputs (_(" -u, --uid UID user ID of the new account\n"), usageout); |
| 180 | (void) fputs (_(" -U, --user-group create a group with the same name as the user\n"), usageout); | ||
| 181 | @@ -1104,9 +1105,10 @@ static void process_flags (int argc, char **argv) | ||
| 130 | {"no-user-group", no_argument, NULL, 'N'}, | 182 | {"no-user-group", no_argument, NULL, 'N'}, |
| 131 | {"non-unique", no_argument, NULL, 'o'}, | 183 | {"non-unique", no_argument, NULL, 'o'}, |
| 132 | {"password", required_argument, NULL, 'p'}, | 184 | {"password", required_argument, NULL, 'p'}, |
| 133 | + {"clear-password", required_argument, NULL, 'P'}, | 185 | + {"clear-password", required_argument, NULL, 'P'}, |
| 134 | {"system", no_argument, NULL, 'r'}, | 186 | {"system", no_argument, NULL, 'r'}, |
| 135 | {"root", required_argument, NULL, 'R'}, | 187 | {"root", required_argument, NULL, 'R'}, |
| 188 | - {"prefix", required_argument, NULL, 'P'}, | ||
| 189 | + {"prefix", required_argument, NULL, 'A'}, | ||
| 136 | {"shell", required_argument, NULL, 's'}, | 190 | {"shell", required_argument, NULL, 's'}, |
| 137 | @@ -1062,9 +1064,9 @@ static void process_flags (int argc, char **argv) | 191 | {"uid", required_argument, NULL, 'u'}, |
| 192 | {"user-group", no_argument, NULL, 'U'}, | ||
| 193 | @@ -1117,9 +1119,9 @@ static void process_flags (int argc, char **argv) | ||
| 138 | }; | 194 | }; |
| 139 | while ((c = getopt_long (argc, argv, | 195 | while ((c = getopt_long (argc, argv, |
| 140 | #ifdef WITH_SELINUX | 196 | #ifdef WITH_SELINUX |
| 141 | - "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:UZ:", | 197 | - "b:c:d:De:f:g:G:hk:K:lmMNop:rR:P:s:u:UZ:", |
| 142 | + "b:c:d:De:f:g:G:hk:K:lmMNop:P:rR:s:u:UZ:", | 198 | + "b:c:d:De:f:g:G:hk:K:lmMNop:P:rR:A:s:u:UZ:", |
| 143 | #else /* !WITH_SELINUX */ | 199 | #else /* !WITH_SELINUX */ |
| 144 | - "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:U", | 200 | - "b:c:d:De:f:g:G:hk:K:lmMNop:rR:P:s:u:U", |
| 145 | + "b:c:d:De:f:g:G:hk:K:lmMNop:P:rR:s:u:U", | 201 | + "b:c:d:De:f:g:G:hk:K:lmMNop:P:rR:A:s:u:U", |
| 146 | #endif /* !WITH_SELINUX */ | 202 | #endif /* !WITH_SELINUX */ |
| 147 | long_options, NULL)) != -1) { | 203 | long_options, NULL)) != -1) { |
| 148 | switch (c) { | 204 | switch (c) { |
| 149 | @@ -1230,6 +1232,9 @@ static void process_flags (int argc, char **argv) | 205 | @@ -1285,12 +1287,19 @@ static void process_flags (int argc, char **argv) |
| 150 | } | 206 | } |
| 151 | user_pass = optarg; | 207 | user_pass = optarg; |
| 152 | break; | 208 | break; |
| @@ -156,36 +212,62 @@ index b3bd451..4416f90 100644 | |||
| 156 | case 'r': | 212 | case 'r': |
| 157 | rflg = true; | 213 | rflg = true; |
| 158 | break; | 214 | break; |
| 215 | case 'R': /* no-op, handled in process_root_flag () */ | ||
| 216 | break; | ||
| 217 | - case 'P': /* no-op, handled in process_prefix_flag () */ | ||
| 218 | + case 'A': /* no-op, handled in process_prefix_flag () */ | ||
| 219 | + fprintf (stderr, | ||
| 220 | + _("%s: -A is deliberately not supported \n"), | ||
| 221 | + Prog); | ||
| 222 | + exit (E_BAD_ARG); | ||
| 223 | break; | ||
| 224 | case 's': | ||
| 225 | if ( ( !VALID (optarg) ) | ||
| 226 | @@ -2148,7 +2157,7 @@ int main (int argc, char **argv) | ||
| 227 | |||
| 228 | process_root_flag ("-R", argc, argv); | ||
| 229 | |||
| 230 | - prefix = process_prefix_flag("-P", argc, argv); | ||
| 231 | + prefix = process_prefix_flag("-A", argc, argv); | ||
| 232 | |||
| 233 | OPENLOG ("useradd"); | ||
| 234 | #ifdef WITH_AUDIT | ||
| 159 | diff --git a/src/usermod.c b/src/usermod.c | 235 | diff --git a/src/usermod.c b/src/usermod.c |
| 160 | index e7d4351..b79f7a3 100644 | 236 | index e571426..ccfbb99 100644 |
| 161 | --- a/src/usermod.c | 237 | --- a/src/usermod.c |
| 162 | +++ b/src/usermod.c | 238 | +++ b/src/usermod.c |
| 163 | @@ -419,6 +419,7 @@ static /*@noreturn@*/void usage (int status) | 239 | @@ -424,8 +424,9 @@ static /*@noreturn@*/void usage (int status) |
| 164 | " new location (use only with -d)\n"), usageout); | 240 | " new location (use only with -d)\n"), usageout); |
| 165 | (void) fputs (_(" -o, --non-unique allow using duplicate (non-unique) UID\n"), usageout); | 241 | (void) fputs (_(" -o, --non-unique allow using duplicate (non-unique) UID\n"), usageout); |
| 166 | (void) fputs (_(" -p, --password PASSWORD use encrypted password for the new password\n"), usageout); | 242 | (void) fputs (_(" -p, --password PASSWORD use encrypted password for the new password\n"), usageout); |
| 167 | + (void) fputs (_(" -P, --clear-password PASSWORD use clear password for the new password\n"), usageout); | 243 | + (void) fputs (_(" -P, --clear-password PASSWORD use clear password for the new password\n"), usageout); |
| 168 | (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); | 244 | (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); |
| 245 | - (void) fputs (_(" -P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout); | ||
| 246 | + (void) fputs (_(" -A, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout); | ||
| 169 | (void) fputs (_(" -s, --shell SHELL new login shell for the user account\n"), usageout); | 247 | (void) fputs (_(" -s, --shell SHELL new login shell for the user account\n"), usageout); |
| 170 | (void) fputs (_(" -u, --uid UID new UID for the user account\n"), usageout); | 248 | (void) fputs (_(" -u, --uid UID new UID for the user account\n"), usageout); |
| 171 | @@ -996,6 +997,7 @@ static void process_flags (int argc, char **argv) | 249 | (void) fputs (_(" -U, --unlock unlock the user account\n"), usageout); |
| 250 | @@ -1002,8 +1003,9 @@ static void process_flags (int argc, char **argv) | ||
| 172 | {"move-home", no_argument, NULL, 'm'}, | 251 | {"move-home", no_argument, NULL, 'm'}, |
| 173 | {"non-unique", no_argument, NULL, 'o'}, | 252 | {"non-unique", no_argument, NULL, 'o'}, |
| 174 | {"password", required_argument, NULL, 'p'}, | 253 | {"password", required_argument, NULL, 'p'}, |
| 175 | + {"clear-password", required_argument, NULL, 'P'}, | 254 | + {"clear-password", required_argument, NULL, 'P'}, |
| 176 | {"root", required_argument, NULL, 'R'}, | 255 | {"root", required_argument, NULL, 'R'}, |
| 256 | - {"prefix", required_argument, NULL, 'P'}, | ||
| 257 | + {"prefix", required_argument, NULL, 'A'}, | ||
| 177 | {"shell", required_argument, NULL, 's'}, | 258 | {"shell", required_argument, NULL, 's'}, |
| 178 | {"uid", required_argument, NULL, 'u'}, | 259 | {"uid", required_argument, NULL, 'u'}, |
| 179 | @@ -1012,7 +1014,7 @@ static void process_flags (int argc, char **argv) | 260 | {"unlock", no_argument, NULL, 'U'}, |
| 261 | @@ -1019,7 +1021,7 @@ static void process_flags (int argc, char **argv) | ||
| 180 | {NULL, 0, NULL, '\0'} | 262 | {NULL, 0, NULL, '\0'} |
| 181 | }; | 263 | }; |
| 182 | while ((c = getopt_long (argc, argv, | 264 | while ((c = getopt_long (argc, argv, |
| 183 | - "ac:d:e:f:g:G:hl:Lmop:R:s:u:U" | 265 | - "ac:d:e:f:g:G:hl:Lmop:R:s:u:UP:" |
| 184 | + "ac:d:e:f:g:G:hl:Lmop:P:R:s:u:U" | 266 | + "ac:d:e:f:g:G:hl:Lmop:P:R:s:u:UA:" |
| 185 | #ifdef ENABLE_SUBIDS | 267 | #ifdef ENABLE_SUBIDS |
| 186 | "v:w:V:W:" | 268 | "v:w:V:W:" |
| 187 | #endif /* ENABLE_SUBIDS */ | 269 | #endif /* ENABLE_SUBIDS */ |
| 188 | @@ -1112,6 +1114,10 @@ static void process_flags (int argc, char **argv) | 270 | @@ -1119,9 +1121,17 @@ static void process_flags (int argc, char **argv) |
| 189 | user_pass = optarg; | 271 | user_pass = optarg; |
| 190 | pflg = true; | 272 | pflg = true; |
| 191 | break; | 273 | break; |
| @@ -195,7 +277,24 @@ index e7d4351..b79f7a3 100644 | |||
| 195 | + break; | 277 | + break; |
| 196 | case 'R': /* no-op, handled in process_root_flag () */ | 278 | case 'R': /* no-op, handled in process_root_flag () */ |
| 197 | break; | 279 | break; |
| 280 | - case 'P': /* no-op, handled in process_prefix_flag () */ | ||
| 281 | + case 'A': /* no-op, handled in process_prefix_flag () */ | ||
| 282 | + fprintf (stderr, | ||
| 283 | + _("%s: -A is deliberately not supported \n"), | ||
| 284 | + Prog); | ||
| 285 | + exit (E_BAD_ARG); | ||
| 286 | break; | ||
| 198 | case 's': | 287 | case 's': |
| 288 | if (!VALID (optarg)) { | ||
| 289 | @@ -2098,7 +2108,7 @@ int main (int argc, char **argv) | ||
| 290 | (void) textdomain (PACKAGE); | ||
| 291 | |||
| 292 | process_root_flag ("-R", argc, argv); | ||
| 293 | - prefix = process_prefix_flag ("-P", argc, argv); | ||
| 294 | + prefix = process_prefix_flag ("-A", argc, argv); | ||
| 295 | |||
| 296 | OPENLOG ("usermod"); | ||
| 297 | #ifdef WITH_AUDIT | ||
| 199 | -- | 298 | -- |
| 200 | 1.7.9.5 | 299 | 2.11.0 |
| 201 | 300 | ||
diff --git a/meta/recipes-extended/shadow/files/check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch b/meta/recipes-extended/shadow/files/check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch deleted file mode 100644 index 185590cabd..0000000000 --- a/meta/recipes-extended/shadow/files/check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch +++ /dev/null | |||
| @@ -1,41 +0,0 @@ | |||
| 1 | From 2cb54158b80cdbd97ca3b36df83f9255e923ae3f Mon Sep 17 00:00:00 2001 | ||
| 2 | From: James Le Cuirot <chewi@aura-online.co.uk> | ||
| 3 | Date: Sat, 23 Aug 2014 09:46:39 +0100 | ||
| 4 | Subject: [PATCH] Check size of uid_t and gid_t using AC_CHECK_SIZEOF | ||
| 5 | |||
| 6 | This built-in check is simpler than the previous method and, most | ||
| 7 | importantly, works when cross-compiling. | ||
| 8 | |||
| 9 | Upstream-Status: Accepted | ||
| 10 | [https://github.com/shadow-maint/shadow/commit/2cb54158b80cdbd97ca3b36df83f9255e923ae3f] | ||
| 11 | |||
| 12 | Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> | ||
| 13 | --- | ||
| 14 | configure.in | 14 ++++---------- | ||
| 15 | 1 file changed, 4 insertions(+), 10 deletions(-) | ||
| 16 | |||
| 17 | diff --git a/configure.in b/configure.in | ||
| 18 | index 1a3f841..4a4d6d0 100644 | ||
| 19 | --- a/configure.in | ||
| 20 | +++ b/configure.in | ||
| 21 | @@ -335,16 +335,10 @@ if test "$enable_subids" != "no"; then | ||
| 22 | dnl | ||
| 23 | dnl FIXME: check if 32 bit UIDs/GIDs are supported by libc | ||
| 24 | dnl | ||
| 25 | - AC_RUN_IFELSE([AC_LANG_SOURCE([ | ||
| 26 | -#include <sys/types.h> | ||
| 27 | -int main(void) { | ||
| 28 | - uid_t u; | ||
| 29 | - gid_t g; | ||
| 30 | - return (sizeof u < 4) || (sizeof g < 4); | ||
| 31 | -} | ||
| 32 | - ])], [id32bit="yes"], [id32bit="no"]) | ||
| 33 | - | ||
| 34 | - if test "x$id32bit" = "xyes"; then | ||
| 35 | + AC_CHECK_SIZEOF([uid_t],, [#include "sys/types.h"]) | ||
| 36 | + AC_CHECK_SIZEOF([gid_t],, [#include "sys/types.h"]) | ||
| 37 | + | ||
| 38 | + if test "$ac_cv_sizeof_uid_t" -ge 4 && test "$ac_cv_sizeof_gid_t" -ge 4; then | ||
| 39 | AC_DEFINE(ENABLE_SUBIDS, 1, [Define to support the subordinate IDs.]) | ||
| 40 | enable_subids="yes" | ||
| 41 | else | ||
diff --git a/meta/recipes-extended/shadow/files/fix-installation-failure-with-subids-disabled.patch b/meta/recipes-extended/shadow/files/fix-installation-failure-with-subids-disabled.patch deleted file mode 100644 index 02cb91aafd..0000000000 --- a/meta/recipes-extended/shadow/files/fix-installation-failure-with-subids-disabled.patch +++ /dev/null | |||
| @@ -1,28 +0,0 @@ | |||
| 1 | Upstream-Status: Pending | ||
| 2 | |||
| 3 | Subject: fix installation failure with subids disabled | ||
| 4 | |||
| 5 | Signed-off-by: Chen Qi <Qi.Chen@windriver.com> | ||
| 6 | --- | ||
| 7 | src/Makefile.am | 5 ++++- | ||
| 8 | 1 file changed, 4 insertions(+), 1 deletion(-) | ||
| 9 | |||
| 10 | diff --git a/src/Makefile.am b/src/Makefile.am | ||
| 11 | index 25e288d..076f8ef 100644 | ||
| 12 | --- a/src/Makefile.am | ||
| 13 | +++ b/src/Makefile.am | ||
| 14 | @@ -52,7 +52,10 @@ usbin_PROGRAMS = \ | ||
| 15 | noinst_PROGRAMS = id sulogin | ||
| 16 | |||
| 17 | suidbins = su | ||
| 18 | -suidubins = chage chfn chsh expiry gpasswd newgrp passwd newuidmap newgidmap | ||
| 19 | +suidubins = chage chfn chsh expiry gpasswd newgrp passwd | ||
| 20 | +if ENABLE_SUBIDS | ||
| 21 | +suidubins += newgidmap newuidmap | ||
| 22 | +endif | ||
| 23 | if ACCT_TOOLS_SETUID | ||
| 24 | suidubins += chage chgpasswd chpasswd groupadd groupdel groupmod newusers useradd userdel usermod | ||
| 25 | endif | ||
| 26 | -- | ||
| 27 | 1.7.9.5 | ||
| 28 | |||
diff --git a/meta/recipes-extended/shadow/files/usermod-fix-compilation-failure-with-subids-disabled.patch b/meta/recipes-extended/shadow/files/usermod-fix-compilation-failure-with-subids-disabled.patch deleted file mode 100644 index 37dc153fca..0000000000 --- a/meta/recipes-extended/shadow/files/usermod-fix-compilation-failure-with-subids-disabled.patch +++ /dev/null | |||
| @@ -1,33 +0,0 @@ | |||
| 1 | Upstream-Status: Pending | ||
| 2 | |||
| 3 | usermod: fix compilation failure with subids disabled | ||
| 4 | |||
| 5 | Signed-off-by: Chen Qi <Qi.Chen@windriver.com> | ||
| 6 | --- | ||
| 7 | src/usermod.c | 3 ++- | ||
| 8 | 1 file changed, 2 insertions(+), 1 deletion(-) | ||
| 9 | |||
| 10 | diff --git a/src/usermod.c b/src/usermod.c | ||
| 11 | index e7d4351..685b50a 100644 | ||
| 12 | --- a/src/usermod.c | ||
| 13 | +++ b/src/usermod.c | ||
| 14 | @@ -1360,7 +1360,7 @@ static void process_flags (int argc, char **argv) | ||
| 15 | Prog, (unsigned long) user_newid); | ||
| 16 | exit (E_UID_IN_USE); | ||
| 17 | } | ||
| 18 | - | ||
| 19 | +#ifdef ENABLE_SUBIDS | ||
| 20 | if ( (vflg || Vflg) | ||
| 21 | && !is_sub_uid) { | ||
| 22 | fprintf (stderr, | ||
| 23 | @@ -1376,6 +1376,7 @@ static void process_flags (int argc, char **argv) | ||
| 24 | Prog, sub_gid_dbname (), "-w", "-W"); | ||
| 25 | exit (E_USAGE); | ||
| 26 | } | ||
| 27 | +#endif | ||
| 28 | } | ||
| 29 | |||
| 30 | /* | ||
| 31 | -- | ||
| 32 | 1.7.9.5 | ||
| 33 | |||
diff --git a/meta/recipes-extended/shadow/shadow-securetty_4.2.1.bb b/meta/recipes-extended/shadow/shadow-securetty_4.6.bb index c78f888cf4..c78f888cf4 100644 --- a/meta/recipes-extended/shadow/shadow-securetty_4.2.1.bb +++ b/meta/recipes-extended/shadow/shadow-securetty_4.6.bb | |||
diff --git a/meta/recipes-extended/shadow/shadow-sysroot_4.2.1.bb b/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb index ef014628f6..ef014628f6 100644 --- a/meta/recipes-extended/shadow/shadow-sysroot_4.2.1.bb +++ b/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb | |||
diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc index 6efe4a9119..0fa80a282a 100644 --- a/meta/recipes-extended/shadow/shadow.inc +++ b/meta/recipes-extended/shadow/shadow.inc | |||
| @@ -9,16 +9,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=ed80ff1c2b40843cf5768e5229cf16e5 \ | |||
| 9 | DEPENDS = "virtual/crypt" | 9 | DEPENDS = "virtual/crypt" |
| 10 | 10 | ||
| 11 | UPSTREAM_CHECK_URI = "https://github.com/shadow-maint/shadow/releases" | 11 | UPSTREAM_CHECK_URI = "https://github.com/shadow-maint/shadow/releases" |
| 12 | 12 | SRC_URI = "https://github.com/shadow-maint/shadow/releases/download/${PV}/${BP}.tar.gz \ | |
| 13 | SRC_URI = "https://downloads.yoctoproject.org/mirror/sources/${BP}.tar.xz \ | ||
| 14 | file://shadow-4.1.3-dots-in-usernames.patch \ | 13 | file://shadow-4.1.3-dots-in-usernames.patch \ |
| 15 | file://usermod-fix-compilation-failure-with-subids-disabled.patch \ | ||
| 16 | file://fix-installation-failure-with-subids-disabled.patch \ | ||
| 17 | file://0001-Do-not-read-login.defs-before-doing-chroot.patch \ | ||
| 18 | file://check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch \ | ||
| 19 | file://0001-useradd-copy-extended-attributes-of-home.patch \ | 14 | file://0001-useradd-copy-extended-attributes-of-home.patch \ |
| 20 | file://0001-shadow-CVE-2017-12424 \ | ||
| 21 | file://CVE-2017-2616.patch \ | ||
| 22 | ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \ | 15 | ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \ |
| 23 | " | 16 | " |
| 24 | 17 | ||
| @@ -38,8 +31,8 @@ SRC_URI_append_class-nativesdk = " \ | |||
| 38 | file://0001-Disable-use-of-syslog-for-sysroot.patch \ | 31 | file://0001-Disable-use-of-syslog-for-sysroot.patch \ |
| 39 | " | 32 | " |
| 40 | 33 | ||
| 41 | SRC_URI[md5sum] = "2bfafe7d4962682d31b5eba65dba4fc8" | 34 | SRC_URI[md5sum] = "36feb15665338ae3de414f2a88e434db" |
| 42 | SRC_URI[sha256sum] = "3b0893d1476766868cd88920f4f1231c4795652aa407569faff802bcda0f3d41" | 35 | SRC_URI[sha256sum] = "4668f99bd087399c4a586084dc3b046b75f560720d83e92fd23bf7a89dda4d31" |
| 43 | 36 | ||
| 44 | # Additional Policy files for PAM | 37 | # Additional Policy files for PAM |
| 45 | PAM_SRC_URI = "file://pam.d/chfn \ | 38 | PAM_SRC_URI = "file://pam.d/chfn \ |
diff --git a/meta/recipes-extended/shadow/shadow_4.2.1.bb b/meta/recipes-extended/shadow/shadow_4.6.bb index 5675cb8cc9..5675cb8cc9 100644 --- a/meta/recipes-extended/shadow/shadow_4.2.1.bb +++ b/meta/recipes-extended/shadow/shadow_4.6.bb | |||