diff options
| author | Chen Qi <Qi.Chen@windriver.com> | 2018-07-27 16:04:34 +0800 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-07-30 12:44:35 +0100 |
| commit | ffb63803eac6ba97d1b9e1f3d648bc4d81bf0276 (patch) | |
| tree | d29c106cf81ae93e47b30aaaf87e10bbcdfc10eb /meta/recipes-extended/shadow/shadow-securetty_4.6.bb | |
| parent | 96f011e628fe360644bfdd7650145b996d61740c (diff) | |
| download | poky-ffb63803eac6ba97d1b9e1f3d648bc4d81bf0276.tar.gz | |
shadow: upgrade 4.2.1 -> 4.6
The following patches are removed because problems have been fixed in this version.
0001-shadow-CVE-2017-12424
fix-installation-failure-with-subids-disabled.patch
usermod-fix-compilation-failure-with-subids-disabled.patch
CVE-2017-2616.patch
check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch
0001-Do-not-read-login.defs-before-doing-chroot.patch
The following patches are rebased.
0001-Disable-use-of-syslog-for-sysroot.patch
0001-useradd-copy-extended-attributes-of-home.patch
0001-useradd.c-create-parent-directories-when-necessary.patch
allow-for-setting-password-in-clear-text.patch
(From OE-Core rev: 79dd22729d5b8a2f2cf4294ff6b261c9d6ecd977)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended/shadow/shadow-securetty_4.6.bb')
| -rw-r--r-- | meta/recipes-extended/shadow/shadow-securetty_4.6.bb | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/meta/recipes-extended/shadow/shadow-securetty_4.6.bb b/meta/recipes-extended/shadow/shadow-securetty_4.6.bb new file mode 100644 index 0000000000..c78f888cf4 --- /dev/null +++ b/meta/recipes-extended/shadow/shadow-securetty_4.6.bb | |||
| @@ -0,0 +1,38 @@ | |||
| 1 | SUMMARY = "Provider of the machine specific securetty file" | ||
| 2 | SECTION = "base utils" | ||
| 3 | LICENSE = "MIT" | ||
| 4 | LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" | ||
| 5 | |||
| 6 | INHIBIT_DEFAULT_DEPS = "1" | ||
| 7 | |||
| 8 | PR = "r3" | ||
| 9 | |||
| 10 | SRC_URI = "file://securetty" | ||
| 11 | |||
| 12 | S = "${WORKDIR}" | ||
| 13 | |||
| 14 | # Since SERIAL_CONSOLES is likely to be set from the machine configuration | ||
| 15 | PACKAGE_ARCH = "${MACHINE_ARCH}" | ||
| 16 | |||
| 17 | do_install () { | ||
| 18 | # Ensure we add a suitable securetty file to the package that has | ||
| 19 | # most common embedded TTYs defined. | ||
| 20 | install -d ${D}${sysconfdir} | ||
| 21 | install -m 0400 ${WORKDIR}/securetty ${D}${sysconfdir}/securetty | ||
| 22 | if [ ! -z "${SERIAL_CONSOLES}" ]; then | ||
| 23 | # Our SERIAL_CONSOLES contains a baud rate and sometimes extra | ||
| 24 | # options as well. The following pearl :) takes that and converts | ||
| 25 | # it into newline-separated tty's and appends them into | ||
| 26 | # securetty. So if a machine has a weird looking console device | ||
| 27 | # node (e.g. ttyAMA0) that securetty does not know, it will get | ||
| 28 | # appended to securetty and root logins will be allowed on that | ||
| 29 | # console. | ||
| 30 | tmp="${SERIAL_CONSOLES}" | ||
| 31 | for entry in $tmp ; do | ||
| 32 | ttydev=`echo "$entry" | sed -e 's/^[0-9]*\;//' -e 's/\;.*//'` | ||
| 33 | if ! grep -q $ttydev ${D}${sysconfdir}/securetty; then | ||
| 34 | echo $ttydev >> ${D}${sysconfdir}/securetty | ||
| 35 | fi | ||
| 36 | done | ||
| 37 | fi | ||
| 38 | } | ||