summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/shadow
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-extended/shadow')
-rw-r--r--meta/recipes-extended/shadow/files/0001-lib-copydir-copy_entry-use-temporary-stat-buffer.patch37
-rw-r--r--meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch6
-rw-r--r--meta/recipes-extended/shadow/files/disable_syslog.patch22
-rw-r--r--meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch18
-rw-r--r--meta/recipes-extended/shadow/shadow-securetty_4.6.bb5
-rw-r--r--meta/recipes-extended/shadow/shadow-sysroot_4.6.bb3
-rw-r--r--meta/recipes-extended/shadow/shadow_4.15.0.bb10
-rw-r--r--meta/recipes-extended/shadow/shadow_4.18.0.bb (renamed from meta/recipes-extended/shadow/shadow.inc)41
8 files changed, 65 insertions, 77 deletions
diff --git a/meta/recipes-extended/shadow/files/0001-lib-copydir-copy_entry-use-temporary-stat-buffer.patch b/meta/recipes-extended/shadow/files/0001-lib-copydir-copy_entry-use-temporary-stat-buffer.patch
deleted file mode 100644
index 2e5503bfd4..0000000000
--- a/meta/recipes-extended/shadow/files/0001-lib-copydir-copy_entry-use-temporary-stat-buffer.patch
+++ /dev/null
@@ -1,37 +0,0 @@
1From af4b8cb780587aa736692a3baa76b60474f19c5d Mon Sep 17 00:00:00 2001
2From: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
3Date: Mon, 18 Mar 2024 12:14:21 +0100
4Subject: [PATCH] lib/copydir:copy_entry(): use temporary stat buffer
5
6There are no guarantees that fstatat() does not clobber the stat
7buffer on errors.
8
9Use a temporary buffer so that the following code sees correct
10attributes of the source entry.
11
12Upstream-Status: Submitted [https://github.com/shadow-maint/shadow/pull/974]
13
14Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
15---
16 lib/copydir.c | 3 ++-
17 1 file changed, 2 insertions(+), 1 deletion(-)
18
19--- a/lib/copydir.c
20+++ b/lib/copydir.c
21@@ -400,6 +400,7 @@ static int copy_entry (const struct path
22 {
23 int err = 0;
24 struct stat sb;
25+ struct stat tmp_sb;
26 struct link_name *lp;
27 struct timespec mt[2];
28
29@@ -423,7 +424,7 @@ static int copy_entry (const struct path
30 * If the destination already exists do nothing.
31 * This is after the copy_dir above to still iterate into subdirectories.
32 */
33- if (fstatat(dst->dirfd, dst->name, &sb, AT_SYMLINK_NOFOLLOW) != -1) {
34+ if (fstatat(dst->dirfd, dst->name, &tmp_sb, AT_SYMLINK_NOFOLLOW) != -1) {
35 return err;
36 }
37
diff --git a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch
index cd99aad135..699269ed64 100644
--- a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch
+++ b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch
@@ -1,4 +1,4 @@
1From f512071dd3a4c29d4bf048c5a89c4ba9160e37b1 Mon Sep 17 00:00:00 2001 1From f7b765c022e4cad9140ac44712885c66e149abdc Mon Sep 17 00:00:00 2001
2From: Chen Qi <Qi.Chen@windriver.com> 2From: Chen Qi <Qi.Chen@windriver.com>
3Date: Thu, 17 Jul 2014 15:53:34 +0800 3Date: Thu, 17 Jul 2014 15:53:34 +0800
4Subject: [PATCH] commonio.c-fix-unexpected-open-failure-in-chroot-env 4Subject: [PATCH] commonio.c-fix-unexpected-open-failure-in-chroot-env
@@ -20,10 +20,10 @@ Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
20 1 file changed, 12 insertions(+), 4 deletions(-) 20 1 file changed, 12 insertions(+), 4 deletions(-)
21 21
22diff --git a/lib/commonio.c b/lib/commonio.c 22diff --git a/lib/commonio.c b/lib/commonio.c
23index 01a26c9..82b2868 100644 23index 4d83e83..9ee0e13 100644
24--- a/lib/commonio.c 24--- a/lib/commonio.c
25+++ b/lib/commonio.c 25+++ b/lib/commonio.c
26@@ -601,10 +601,18 @@ int commonio_open (struct commonio_db *db, int mode) 26@@ -604,10 +604,18 @@ int commonio_open (struct commonio_db *db, int mode)
27 db->cursor = NULL; 27 db->cursor = NULL;
28 db->changed = false; 28 db->changed = false;
29 29
diff --git a/meta/recipes-extended/shadow/files/disable_syslog.patch b/meta/recipes-extended/shadow/files/disable_syslog.patch
new file mode 100644
index 0000000000..7299a8e61c
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/disable_syslog.patch
@@ -0,0 +1,22 @@
1When building images using shadow-native, we shouldn't be spamming the host's
2log with lots of syslog messages which aren't relavent. Disable syslog use
3in the native case.
4
5Upstream-Status: Inappropriate [Would upstream accept a configure option?]
6Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
7
8Index: shadow-4.17.2/lib/defines.h
9===================================================================
10--- shadow-4.17.2.orig/lib/defines.h
11+++ shadow-4.17.2/lib/defines.h
12@@ -88,7 +88,9 @@
13
14 /* cleaner than lots of #ifdefs everywhere - use this as follows:
15 SYSLOG((LOG_CRIT, "user %s cracked root", user)); */
16-#ifdef ENABLE_NLS
17+#if 1
18+#define SYSLOG(x)
19+#elif ENABLE_NLS
20 /* Temporarily set LC_TIME to "C" to avoid strange dates in syslog.
21 This is a workaround for a more general syslog(d) design problem -
22 syslogd should log the current system time for each event, and not
diff --git a/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch b/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch
index 1eacb8a53f..318e2665c2 100644
--- a/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch
+++ b/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch
@@ -1,4 +1,4 @@
1From 38882ab288fd4d2cc2e45dff222ae3412c8fe357 Mon Sep 17 00:00:00 2001 1From eb17cd91d8e4d76ee95de9c0c9f4938ba2e3e82a Mon Sep 17 00:00:00 2001
2From: Kang Kai <kai.kang@windriver.com> 2From: Kang Kai <kai.kang@windriver.com>
3Date: Wed, 20 Jul 2011 19:18:14 +0800 3Date: Wed, 20 Jul 2011 19:18:14 +0800
4Subject: [PATCH] shadow: update pam related configure files 4Subject: [PATCH] shadow: update pam related configure files
@@ -15,7 +15,6 @@ Upstream-Status: Inappropriate [oe-core specific]
15 15
16Signed-off-by: Kang Kai <kai.kang@windriver.com> 16Signed-off-by: Kang Kai <kai.kang@windriver.com>
17--- 17---
18 etc/pam.d/chage | 2 +-
19 etc/pam.d/chgpasswd | 2 +- 18 etc/pam.d/chgpasswd | 2 +-
20 etc/pam.d/groupadd | 2 +- 19 etc/pam.d/groupadd | 2 +-
21 etc/pam.d/groupdel | 2 +- 20 etc/pam.d/groupdel | 2 +-
@@ -24,18 +23,8 @@ Signed-off-by: Kang Kai <kai.kang@windriver.com>
24 etc/pam.d/useradd | 2 +- 23 etc/pam.d/useradd | 2 +-
25 etc/pam.d/userdel | 2 +- 24 etc/pam.d/userdel | 2 +-
26 etc/pam.d/usermod | 2 +- 25 etc/pam.d/usermod | 2 +-
27 9 files changed, 9 insertions(+), 9 deletions(-) 26 8 files changed, 8 insertions(+), 8 deletions(-)
28 27
29diff --git a/etc/pam.d/chage b/etc/pam.d/chage
30index 8f49f5c..b1f365d 100644
31--- a/etc/pam.d/chage
32+++ b/etc/pam.d/chage
33@@ -1,4 +1,4 @@
34 #%PAM-1.0
35 auth sufficient pam_rootok.so
36 account required pam_permit.so
37-password include system-auth
38+password include common-password
39diff --git a/etc/pam.d/chgpasswd b/etc/pam.d/chgpasswd 28diff --git a/etc/pam.d/chgpasswd b/etc/pam.d/chgpasswd
40index 8f49f5c..b1f365d 100644 29index 8f49f5c..b1f365d 100644
41--- a/etc/pam.d/chgpasswd 30--- a/etc/pam.d/chgpasswd
@@ -116,3 +105,6 @@ index 8f49f5c..b1f365d 100644
116 account required pam_permit.so 105 account required pam_permit.so
117-password include system-auth 106-password include system-auth
118+password include common-password 107+password include common-password
108--
1092.43.0
110
diff --git a/meta/recipes-extended/shadow/shadow-securetty_4.6.bb b/meta/recipes-extended/shadow/shadow-securetty_4.6.bb
index fe51ea1874..e94e1caf22 100644
--- a/meta/recipes-extended/shadow/shadow-securetty_4.6.bb
+++ b/meta/recipes-extended/shadow/shadow-securetty_4.6.bb
@@ -5,10 +5,9 @@ LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384
5 5
6INHIBIT_DEFAULT_DEPS = "1" 6INHIBIT_DEFAULT_DEPS = "1"
7 7
8
9SRC_URI = "file://securetty" 8SRC_URI = "file://securetty"
10 9
11S = "${WORKDIR}" 10S = "${UNPACKDIR}"
12 11
13# Since SERIAL_CONSOLES is likely to be set from the machine configuration 12# Since SERIAL_CONSOLES is likely to be set from the machine configuration
14PACKAGE_ARCH = "${MACHINE_ARCH}" 13PACKAGE_ARCH = "${MACHINE_ARCH}"
@@ -17,7 +16,7 @@ do_install () {
17 # Ensure we add a suitable securetty file to the package that has 16 # Ensure we add a suitable securetty file to the package that has
18 # most common embedded TTYs defined. 17 # most common embedded TTYs defined.
19 install -d ${D}${sysconfdir} 18 install -d ${D}${sysconfdir}
20 install -m 0400 ${WORKDIR}/securetty ${D}${sysconfdir}/securetty 19 install -m 0400 ${S}/securetty ${D}${sysconfdir}/securetty
21 if [ ! -z "${SERIAL_CONSOLES}" ]; then 20 if [ ! -z "${SERIAL_CONSOLES}" ]; then
22 # Our SERIAL_CONSOLES contains a baud rate and sometimes extra 21 # Our SERIAL_CONSOLES contains a baud rate and sometimes extra
23 # options as well. The following pearl :) takes that and converts 22 # options as well. The following pearl :) takes that and converts
diff --git a/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb b/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb
index 00ab58b38c..d66ef1e6a4 100644
--- a/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb
+++ b/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb
@@ -7,13 +7,12 @@ LIC_FILES_CHKSUM = "file://login.defs_shadow-sysroot;endline=1;md5=ceddfb61608e4
7 7
8DEPENDS = "base-passwd" 8DEPENDS = "base-passwd"
9 9
10
11# The sole purpose of this recipe is to provide the /etc/login.defs 10# The sole purpose of this recipe is to provide the /etc/login.defs
12# file for the target sysroot - needed so the shadow-native utilities 11# file for the target sysroot - needed so the shadow-native utilities
13# can add custom users/groups for recipes that use inherit useradd. 12# can add custom users/groups for recipes that use inherit useradd.
14SRC_URI = "file://login.defs_shadow-sysroot" 13SRC_URI = "file://login.defs_shadow-sysroot"
15 14
16S = "${WORKDIR}" 15S = "${UNPACKDIR}"
17 16
18do_install() { 17do_install() {
19 install -d ${D}${sysconfdir} 18 install -d ${D}${sysconfdir}
diff --git a/meta/recipes-extended/shadow/shadow_4.15.0.bb b/meta/recipes-extended/shadow/shadow_4.15.0.bb
deleted file mode 100644
index e57676c1da..0000000000
--- a/meta/recipes-extended/shadow/shadow_4.15.0.bb
+++ /dev/null
@@ -1,10 +0,0 @@
1require shadow.inc
2
3# Build falsely assumes that if --enable-libpam is set, we don't need to link against
4# libcrypt. This breaks chsh.
5BUILD_LDFLAGS:append:class-target = " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '-lcrypt', '', d)}"
6
7BBCLASSEXTEND = "native nativesdk"
8
9# https://bugzilla.redhat.com/show_bug.cgi?id=884658
10CVE_STATUS[CVE-2013-4235] = "upstream-wontfix: Severity is low and marked as closed and won't fix."
diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow_4.18.0.bb
index 7b9763d6db..6842a46dd7 100644
--- a/meta/recipes-extended/shadow/shadow.inc
+++ b/meta/recipes-extended/shadow/shadow_4.18.0.bb
@@ -12,7 +12,6 @@ DEPENDS = "virtual/crypt"
12 12
13GITHUB_BASE_URI = "https://github.com/shadow-maint/shadow/releases" 13GITHUB_BASE_URI = "https://github.com/shadow-maint/shadow/releases"
14SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BP}.tar.gz \ 14SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BP}.tar.gz \
15 file://0001-lib-copydir-copy_entry-use-temporary-stat-buffer.patch \
16 ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \ 15 ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \
17 file://useradd \ 16 file://useradd \
18 " 17 "
@@ -24,8 +23,10 @@ SRC_URI:append:class-target = " \
24 23
25SRC_URI:append:class-native = " \ 24SRC_URI:append:class-native = " \
26 file://commonio.c-fix-unexpected-open-failure-in-chroot-env.patch \ 25 file://commonio.c-fix-unexpected-open-failure-in-chroot-env.patch \
26 file://disable_syslog.patch \
27 " 27 "
28SRC_URI[sha256sum] = "377fe0d7c1a0aa5e3514c08fdf5ddc70c9dcbb391678c2134445ed97326bcc26" 28SRC_URI[sha256sum] = "ae486ce4c0bce55c42d76d8478e428c41586f1da2f89fbf5228243fb4d849db4"
29UPSTREAM_CHECK_REGEX = "releases/tag/v?(?P<pver>\d+(\.\d+)+)$"
29 30
30# Additional Policy files for PAM 31# Additional Policy files for PAM
31PAM_SRC_URI = "file://pam.d/chfn \ 32PAM_SRC_URI = "file://pam.d/chfn \
@@ -38,7 +39,7 @@ PAM_SRC_URI = "file://pam.d/chfn \
38 39
39inherit autotools gettext github-releases pkgconfig 40inherit autotools gettext github-releases pkgconfig
40 41
41export CONFIG_SHELL="/bin/sh" 42export CONFIG_SHELL = "/bin/sh"
42 43
43EXTRA_OECONF += " \ 44EXTRA_OECONF += " \
44 --with-group-name-max-length=24 \ 45 --with-group-name-max-length=24 \
@@ -111,7 +112,7 @@ do_install() {
111 sed -i 's/^#ENCRYPT_METHOD.*$/ENCRYPT_METHOD SHA512/' ${D}${sysconfdir}/login.defs 112 sed -i 's/^#ENCRYPT_METHOD.*$/ENCRYPT_METHOD SHA512/' ${D}${sysconfdir}/login.defs
112 113
113 install -d ${D}${sysconfdir}/default 114 install -d ${D}${sysconfdir}/default
114 install -m 0644 ${WORKDIR}/useradd ${D}${sysconfdir}/default 115 install -m 0644 ${UNPACKDIR}/useradd ${D}${sysconfdir}/default
115} 116}
116 117
117do_install:append() { 118do_install:append() {
@@ -121,11 +122,11 @@ do_install:append() {
121 install -m 0775 -d ${D}${localstatedir}/spool/mail 122 install -m 0775 -d ${D}${localstatedir}/spool/mail
122 chown root:mail ${D}${localstatedir}/spool/mail 123 chown root:mail ${D}${localstatedir}/spool/mail
123 124
124 if [ -e ${WORKDIR}/pam.d ]; then 125 if [ -e ${UNPACKDIR}/pam.d ]; then
125 install -d ${D}${sysconfdir}/pam.d/ 126 install -d ${D}${sysconfdir}/pam.d/
126 install -m 0644 ${WORKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/ 127 install -m 0644 ${UNPACKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/
127 # Remove defaults that are not used when supporting PAM. 128 # Remove defaults that are not used when supporting PAM.
128 sed -i -f ${WORKDIR}/login_defs_pam.sed ${D}${sysconfdir}/login.defs 129 sed -i -f ${UNPACKDIR}/login_defs_pam.sed ${D}${sysconfdir}/login.defs
129 fi 130 fi
130 131
131 install -d ${D}${sbindir} ${D}${base_sbindir} ${D}${base_bindir} 132 install -d ${D}${sbindir} ${D}${base_sbindir} ${D}${base_bindir}
@@ -168,13 +169,20 @@ do_install:append:class-native() {
168SYSROOT_DIRS:append:class-native = " ${STAGING_DIR_NATIVE}/lib-shadow-deps/" 169SYSROOT_DIRS:append:class-native = " ${STAGING_DIR_NATIVE}/lib-shadow-deps/"
169INSANE_SKIP:${PN}:class-native = "already-stripped" 170INSANE_SKIP:${PN}:class-native = "already-stripped"
170 171
172do_install:append:class-nativesdk() {
173 oe_runmake -C ${B}/man DESTDIR="${D}" sbindir="${base_sbindir}" usbindir="${sbindir}" install-man
174}
175
176do_install:append:class-target() {
177 oe_runmake -C ${B}/man DESTDIR="${D}" sbindir="${base_sbindir}" usbindir="${sbindir}" install-man
178}
179
171PACKAGES =+ "${PN}-base" 180PACKAGES =+ "${PN}-base"
172FILES:${PN}-base = "\ 181FILES:${PN}-base = "\
173 ${base_bindir}/login.shadow \ 182 ${base_bindir}/login.shadow \
174 ${base_bindir}/su.shadow \ 183 ${base_bindir}/su.shadow \
175 ${bindir}/sg \ 184 ${bindir}/sg \
176 ${bindir}/newgrp.shadow \ 185 ${bindir}/newgrp.shadow \
177 ${bindir}/groups.shadow \
178 ${sysconfdir}/pam.d/login \ 186 ${sysconfdir}/pam.d/login \
179 ${sysconfdir}/pam.d/su \ 187 ${sysconfdir}/pam.d/su \
180 ${sysconfdir}/login.defs \ 188 ${sysconfdir}/login.defs \
@@ -193,7 +201,13 @@ ALTERNATIVE_LINK_NAME[vipw] = "${base_sbindir}/vipw"
193ALTERNATIVE_LINK_NAME[vigr] = "${base_sbindir}/vigr" 201ALTERNATIVE_LINK_NAME[vigr] = "${base_sbindir}/vigr"
194ALTERNATIVE_LINK_NAME[nologin] = "${base_sbindir}/nologin" 202ALTERNATIVE_LINK_NAME[nologin] = "${base_sbindir}/nologin"
195 203
196ALTERNATIVE:${PN}-base = "newgrp groups login su" 204ALTERNATIVE:${PN}-doc = "chfn.1 chsh.1 su.1 nologin.8"
205ALTERNATIVE_LINK_NAME[chfn.1] = "${mandir}/man1/chfn.1"
206ALTERNATIVE_LINK_NAME[chsh.1] = "${mandir}/man1/chsh.1"
207ALTERNATIVE_LINK_NAME[su.1] = "${mandir}/man1/su.1"
208ALTERNATIVE_LINK_NAME[nologin.8] = "${mandir}/man8/nologin.8"
209
210ALTERNATIVE:${PN}-base = "newgrp login su"
197ALTERNATIVE_LINK_NAME[login] = "${base_bindir}/login" 211ALTERNATIVE_LINK_NAME[login] = "${base_bindir}/login"
198ALTERNATIVE_LINK_NAME[su] = "${base_bindir}/su" 212ALTERNATIVE_LINK_NAME[su] = "${base_bindir}/su"
199 213
@@ -208,3 +222,12 @@ pkg_postinst:${PN}:class-target () {
208 pwconv $rootarg || exit 1 222 pwconv $rootarg || exit 1
209 grpconv $rootarg || exit 1 223 grpconv $rootarg || exit 1
210} 224}
225
226# Build falsely assumes that if --enable-libpam is set, we don't need to link against
227# libcrypt. This breaks chsh.
228BUILD_LDFLAGS:append:class-target = " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '-lcrypt', '', d)}"
229
230BBCLASSEXTEND = "native nativesdk"
231
232# https://bugzilla.redhat.com/show_bug.cgi?id=884658
233CVE_STATUS[CVE-2013-4235] = "upstream-wontfix: Severity is low and marked as closed and won't fix."
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-07-08 22:27:26 +0000