summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/shadow
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-extended/shadow')
-rw-r--r--meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch123
-rw-r--r--meta/recipes-extended/shadow/files/0001-lib-copydir-copy_entry-use-temporary-stat-buffer.patch37
-rw-r--r--meta/recipes-extended/shadow/files/0002-Allow-for-setting-password-in-clear-text.patch301
-rw-r--r--meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch13
-rw-r--r--meta/recipes-extended/shadow/files/login.defs_shadow-sysroot1
-rw-r--r--meta/recipes-extended/shadow/files/pam.d/login4
-rw-r--r--meta/recipes-extended/shadow/files/securetty1
-rw-r--r--meta/recipes-extended/shadow/files/shadow-4.1.3-dots-in-usernames.patch27
-rw-r--r--meta/recipes-extended/shadow/files/shadow-relaxed-usernames.patch111
-rw-r--r--meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch83
-rw-r--r--meta/recipes-extended/shadow/files/useradd8
-rw-r--r--meta/recipes-extended/shadow/shadow-securetty_4.6.bb1
-rw-r--r--meta/recipes-extended/shadow/shadow-sysroot_4.6.bb5
-rw-r--r--meta/recipes-extended/shadow/shadow.inc123
-rw-r--r--meta/recipes-extended/shadow/shadow_4.15.0.bb10
-rw-r--r--meta/recipes-extended/shadow/shadow_4.8.1.bb10
16 files changed, 192 insertions, 666 deletions
diff --git a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch b/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch
deleted file mode 100644
index ab317b9aa0..0000000000
--- a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch
+++ /dev/null
@@ -1,123 +0,0 @@
1From fa2d9453656641002802d8165e80adb9e6a729d2 Mon Sep 17 00:00:00 2001
2From: Scott Garman <scott.a.garman@intel.com>
3Date: Thu, 14 Apr 2016 12:28:57 +0200
4Subject: [PATCH] Disable use of syslog for sysroot
5
6Disable use of syslog to prevent sysroot user and group additions from
7writing entries to the host's syslog. This patch should only be used
8with the shadow-native recipe.
9
10Upstream-Status: Inappropriate [disable feature]
11
12Signed-off-by: Scott Garman <scott.a.garman@intel.com>
13Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
14Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
15
16---
17 src/groupadd.c | 3 +++
18 src/groupdel.c | 3 +++
19 src/groupmems.c | 3 +++
20 src/groupmod.c | 3 +++
21 src/useradd.c | 3 +++
22 src/userdel.c | 3 +++
23 src/usermod.c | 3 +++
24 7 files changed, 21 insertions(+)
25
26diff --git a/src/groupadd.c b/src/groupadd.c
27index 2dd8eec..e9c4bb7 100644
28--- a/src/groupadd.c
29+++ b/src/groupadd.c
30@@ -34,6 +34,9 @@
31
32 #ident "$Id$"
33
34+/* Disable use of syslog since we're running this command against a sysroot */
35+#undef USE_SYSLOG
36+
37 #include <ctype.h>
38 #include <fcntl.h>
39 #include <getopt.h>
40diff --git a/src/groupdel.c b/src/groupdel.c
41index f941a84..5a70056 100644
42--- a/src/groupdel.c
43+++ b/src/groupdel.c
44@@ -34,6 +34,9 @@
45
46 #ident "$Id$"
47
48+/* Disable use of syslog since we're running this command against a sysroot */
49+#undef USE_SYSLOG
50+
51 #include <ctype.h>
52 #include <fcntl.h>
53 #include <grp.h>
54diff --git a/src/groupmems.c b/src/groupmems.c
55index fc91c8b..2842514 100644
56--- a/src/groupmems.c
57+++ b/src/groupmems.c
58@@ -32,6 +32,9 @@
59
60 #include <config.h>
61
62+/* Disable use of syslog since we're running this command against a sysroot */
63+#undef USE_SYSLOG
64+
65 #include <fcntl.h>
66 #include <getopt.h>
67 #include <grp.h>
68diff --git a/src/groupmod.c b/src/groupmod.c
69index 1dca5fc..bc14438 100644
70--- a/src/groupmod.c
71+++ b/src/groupmod.c
72@@ -34,6 +34,9 @@
73
74 #ident "$Id$"
75
76+/* Disable use of syslog since we're running this command against a sysroot */
77+#undef USE_SYSLOG
78+
79 #include <ctype.h>
80 #include <fcntl.h>
81 #include <getopt.h>
82diff --git a/src/useradd.c b/src/useradd.c
83index 4af0f7c..1b7bf06 100644
84--- a/src/useradd.c
85+++ b/src/useradd.c
86@@ -34,6 +34,9 @@
87
88 #ident "$Id$"
89
90+/* Disable use of syslog since we're running this command against a sysroot */
91+#undef USE_SYSLOG
92+
93 #include <assert.h>
94 #include <ctype.h>
95 #include <errno.h>
96diff --git a/src/userdel.c b/src/userdel.c
97index cc951e5..153e0be 100644
98--- a/src/userdel.c
99+++ b/src/userdel.c
100@@ -34,6 +34,9 @@
101
102 #ident "$Id$"
103
104+/* Disable use of syslog since we're running this command against a sysroot */
105+#undef USE_SYSLOG
106+
107 #include <assert.h>
108 #include <errno.h>
109 #include <fcntl.h>
110diff --git a/src/usermod.c b/src/usermod.c
111index 05b9871..21c6da9 100644
112--- a/src/usermod.c
113+++ b/src/usermod.c
114@@ -34,6 +34,9 @@
115
116 #ident "$Id$"
117
118+/* Disable use of syslog since we're running this command against a sysroot */
119+#undef USE_SYSLOG
120+
121 #include <assert.h>
122 #include <ctype.h>
123 #include <errno.h>
diff --git a/meta/recipes-extended/shadow/files/0001-lib-copydir-copy_entry-use-temporary-stat-buffer.patch b/meta/recipes-extended/shadow/files/0001-lib-copydir-copy_entry-use-temporary-stat-buffer.patch
new file mode 100644
index 0000000000..2e5503bfd4
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/0001-lib-copydir-copy_entry-use-temporary-stat-buffer.patch
@@ -0,0 +1,37 @@
1From af4b8cb780587aa736692a3baa76b60474f19c5d Mon Sep 17 00:00:00 2001
2From: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
3Date: Mon, 18 Mar 2024 12:14:21 +0100
4Subject: [PATCH] lib/copydir:copy_entry(): use temporary stat buffer
5
6There are no guarantees that fstatat() does not clobber the stat
7buffer on errors.
8
9Use a temporary buffer so that the following code sees correct
10attributes of the source entry.
11
12Upstream-Status: Submitted [https://github.com/shadow-maint/shadow/pull/974]
13
14Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
15---
16 lib/copydir.c | 3 ++-
17 1 file changed, 2 insertions(+), 1 deletion(-)
18
19--- a/lib/copydir.c
20+++ b/lib/copydir.c
21@@ -400,6 +400,7 @@ static int copy_entry (const struct path
22 {
23 int err = 0;
24 struct stat sb;
25+ struct stat tmp_sb;
26 struct link_name *lp;
27 struct timespec mt[2];
28
29@@ -423,7 +424,7 @@ static int copy_entry (const struct path
30 * If the destination already exists do nothing.
31 * This is after the copy_dir above to still iterate into subdirectories.
32 */
33- if (fstatat(dst->dirfd, dst->name, &sb, AT_SYMLINK_NOFOLLOW) != -1) {
34+ if (fstatat(dst->dirfd, dst->name, &tmp_sb, AT_SYMLINK_NOFOLLOW) != -1) {
35 return err;
36 }
37
diff --git a/meta/recipes-extended/shadow/files/0002-Allow-for-setting-password-in-clear-text.patch b/meta/recipes-extended/shadow/files/0002-Allow-for-setting-password-in-clear-text.patch
deleted file mode 100644
index c6332e4f76..0000000000
--- a/meta/recipes-extended/shadow/files/0002-Allow-for-setting-password-in-clear-text.patch
+++ /dev/null
@@ -1,301 +0,0 @@
1From a7d995228491ad5255ad86c1f04ba071f6880897 Mon Sep 17 00:00:00 2001
2From: Chen Qi <Qi.Chen@windriver.com>
3Date: Sat, 16 Nov 2013 15:27:47 +0800
4Subject: [PATCH] Allow for setting password in clear text
5
6Upstream-Status: Inappropriate [OE specific]
7
8Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
9
10---
11 src/Makefile.am | 8 ++++----
12 src/groupadd.c | 20 +++++++++++++++-----
13 src/groupmod.c | 20 +++++++++++++++-----
14 src/useradd.c | 21 +++++++++++++++------
15 src/usermod.c | 20 +++++++++++++++-----
16 5 files changed, 64 insertions(+), 25 deletions(-)
17
18diff --git a/src/Makefile.am b/src/Makefile.am
19index f31fd7a..4a317a3 100644
20--- a/src/Makefile.am
21+++ b/src/Makefile.am
22@@ -103,10 +103,10 @@ chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM)
23 chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF)
24 expiry_LDADD = $(LDADD) $(LIBECONF)
25 gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF)
26-groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
27+groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) $(LIBCRYPT)
28 groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
29 groupmems_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
30-groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
31+groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) $(LIBCRYPT)
32 grpck_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
33 grpconv_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
34 grpunconv_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
35@@ -127,9 +127,9 @@ su_SOURCES = \
36 suauth.c
37 su_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF)
38 sulogin_LDADD = $(LDADD) $(LIBCRYPT) $(LIBECONF)
39-useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF)
40+useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) $(LIBCRYPT)
41 userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBECONF)
42-usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF)
43+usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) $(LIBCRYPT)
44 vipw_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
45
46 install-am: all-am
47diff --git a/src/groupadd.c b/src/groupadd.c
48index e9c4bb7..d572c00 100644
49--- a/src/groupadd.c
50+++ b/src/groupadd.c
51@@ -127,9 +127,10 @@ static /*@noreturn@*/void usage (int status)
52 (void) fputs (_(" -o, --non-unique allow to create groups with duplicate\n"
53 " (non-unique) GID\n"), usageout);
54 (void) fputs (_(" -p, --password PASSWORD use this encrypted password for the new group\n"), usageout);
55+ (void) fputs (_(" -P, --clear-password PASSWORD use this clear password for the new group\n"), usageout);
56 (void) fputs (_(" -r, --system create a system account\n"), usageout);
57 (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
58- (void) fputs (_(" -P, --prefix PREFIX_DIR directory prefix\n"), usageout);
59+ (void) fputs (_(" -A, --prefix PREFIX_DIR directory prefix\n"), usageout);
60 (void) fputs ("\n", usageout);
61 exit (status);
62 }
63@@ -391,13 +392,14 @@ static void process_flags (int argc, char **argv)
64 {"key", required_argument, NULL, 'K'},
65 {"non-unique", no_argument, NULL, 'o'},
66 {"password", required_argument, NULL, 'p'},
67+ {"clear-password", required_argument, NULL, 'P'},
68 {"system", no_argument, NULL, 'r'},
69 {"root", required_argument, NULL, 'R'},
70- {"prefix", required_argument, NULL, 'P'},
71+ {"prefix", required_argument, NULL, 'A'},
72 {NULL, 0, NULL, '\0'}
73 };
74
75- while ((c = getopt_long (argc, argv, "fg:hK:op:rR:P:",
76+ while ((c = getopt_long (argc, argv, "fg:hK:op:P:rR:A:",
77 long_options, NULL)) != -1) {
78 switch (c) {
79 case 'f':
80@@ -449,12 +451,20 @@ static void process_flags (int argc, char **argv)
81 pflg = true;
82 group_passwd = optarg;
83 break;
84+ case 'P':
85+ pflg = true;
86+ group_passwd = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
87+ break;
88 case 'r':
89 rflg = true;
90 break;
91 case 'R': /* no-op, handled in process_root_flag () */
92 break;
93- case 'P': /* no-op, handled in process_prefix_flag () */
94+ case 'A': /* no-op, handled in process_prefix_flag () */
95+ fprintf (stderr,
96+ _("%s: -A is deliberately not supported \n"),
97+ Prog);
98+ exit (E_BAD_ARG);
99 break;
100 default:
101 usage (E_USAGE);
102@@ -588,7 +598,7 @@ int main (int argc, char **argv)
103 (void) textdomain (PACKAGE);
104
105 process_root_flag ("-R", argc, argv);
106- prefix = process_prefix_flag ("-P", argc, argv);
107+ prefix = process_prefix_flag ("-A", argc, argv);
108
109 OPENLOG ("groupadd");
110 #ifdef WITH_AUDIT
111diff --git a/src/groupmod.c b/src/groupmod.c
112index bc14438..25ccb44 100644
113--- a/src/groupmod.c
114+++ b/src/groupmod.c
115@@ -138,8 +138,9 @@ static void usage (int status)
116 (void) fputs (_(" -o, --non-unique allow to use a duplicate (non-unique) GID\n"), usageout);
117 (void) fputs (_(" -p, --password PASSWORD change the password to this (encrypted)\n"
118 " PASSWORD\n"), usageout);
119+ (void) fputs (_(" -P, --clear-password PASSWORD change the password to this clear PASSWORD\n"), usageout);
120 (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
121- (void) fputs (_(" -P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout);
122+ (void) fputs (_(" -A, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout);
123 (void) fputs ("\n", usageout);
124 exit (status);
125 }
126@@ -387,11 +388,12 @@ static void process_flags (int argc, char **argv)
127 {"new-name", required_argument, NULL, 'n'},
128 {"non-unique", no_argument, NULL, 'o'},
129 {"password", required_argument, NULL, 'p'},
130+ {"clear-password", required_argument, NULL, 'P'},
131 {"root", required_argument, NULL, 'R'},
132- {"prefix", required_argument, NULL, 'P'},
133+ {"prefix", required_argument, NULL, 'A'},
134 {NULL, 0, NULL, '\0'}
135 };
136- while ((c = getopt_long (argc, argv, "g:hn:op:R:P:",
137+ while ((c = getopt_long (argc, argv, "g:hn:op:P:R:A:",
138 long_options, NULL)) != -1) {
139 switch (c) {
140 case 'g':
141@@ -418,9 +420,17 @@ static void process_flags (int argc, char **argv)
142 group_passwd = optarg;
143 pflg = true;
144 break;
145+ case 'P':
146+ group_passwd = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
147+ pflg = true;
148+ break;
149 case 'R': /* no-op, handled in process_root_flag () */
150 break;
151- case 'P': /* no-op, handled in process_prefix_flag () */
152+ case 'A': /* no-op, handled in process_prefix_flag () */
153+ fprintf (stderr,
154+ _("%s: -A is deliberately not supported \n"),
155+ Prog);
156+ exit (E_BAD_ARG);
157 break;
158 default:
159 usage (E_USAGE);
160@@ -761,7 +771,7 @@ int main (int argc, char **argv)
161 (void) textdomain (PACKAGE);
162
163 process_root_flag ("-R", argc, argv);
164- prefix = process_prefix_flag ("-P", argc, argv);
165+ prefix = process_prefix_flag ("-A", argc, argv);
166
167 OPENLOG ("groupmod");
168 #ifdef WITH_AUDIT
169diff --git a/src/useradd.c b/src/useradd.c
170index 1b7bf06..44f09e2 100644
171--- a/src/useradd.c
172+++ b/src/useradd.c
173@@ -853,9 +853,10 @@ static void usage (int status)
174 (void) fputs (_(" -o, --non-unique allow to create users with duplicate\n"
175 " (non-unique) UID\n"), usageout);
176 (void) fputs (_(" -p, --password PASSWORD encrypted password of the new account\n"), usageout);
177+ (void) fputs (_(" -P, --clear-password PASSWORD clear password of the new account\n"), usageout);
178 (void) fputs (_(" -r, --system create a system account\n"), usageout);
179 (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
180- (void) fputs (_(" -P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout);
181+ (void) fputs (_(" -A, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout);
182 (void) fputs (_(" -s, --shell SHELL login shell of the new account\n"), usageout);
183 (void) fputs (_(" -u, --uid UID user ID of the new account\n"), usageout);
184 (void) fputs (_(" -U, --user-group create a group with the same name as the user\n"), usageout);
185@@ -1133,9 +1134,10 @@ static void process_flags (int argc, char **argv)
186 {"no-user-group", no_argument, NULL, 'N'},
187 {"non-unique", no_argument, NULL, 'o'},
188 {"password", required_argument, NULL, 'p'},
189+ {"clear-password", required_argument, NULL, 'P'},
190 {"system", no_argument, NULL, 'r'},
191 {"root", required_argument, NULL, 'R'},
192- {"prefix", required_argument, NULL, 'P'},
193+ {"prefix", required_argument, NULL, 'A'},
194 {"shell", required_argument, NULL, 's'},
195 {"uid", required_argument, NULL, 'u'},
196 {"user-group", no_argument, NULL, 'U'},
197@@ -1146,9 +1148,9 @@ static void process_flags (int argc, char **argv)
198 };
199 while ((c = getopt_long (argc, argv,
200 #ifdef WITH_SELINUX
201- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:P:s:u:UZ:",
202+ "b:c:d:De:f:g:G:hk:K:lmMNop:P:rR:A:s:u:UZ:",
203 #else /* !WITH_SELINUX */
204- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:P:s:u:U",
205+ "b:c:d:De:f:g:G:hk:K:lmMNop:P:rR:A:s:u:U",
206 #endif /* !WITH_SELINUX */
207 long_options, NULL)) != -1) {
208 switch (c) {
209@@ -1320,12 +1322,19 @@ static void process_flags (int argc, char **argv)
210 }
211 user_pass = optarg;
212 break;
213+ case 'P': /* set clear text password */
214+ user_pass = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
215+ break;
216 case 'r':
217 rflg = true;
218 break;
219 case 'R': /* no-op, handled in process_root_flag () */
220 break;
221- case 'P': /* no-op, handled in process_prefix_flag () */
222+ case 'A': /* no-op, handled in process_prefix_flag () */
223+ fprintf (stderr,
224+ _("%s: -A is deliberately not supported \n"),
225+ Prog);
226+ exit (E_BAD_ARG);
227 break;
228 case 's':
229 if ( ( !VALID (optarg) )
230@@ -2257,7 +2266,7 @@ int main (int argc, char **argv)
231
232 process_root_flag ("-R", argc, argv);
233
234- prefix = process_prefix_flag("-P", argc, argv);
235+ prefix = process_prefix_flag("-A", argc, argv);
236
237 OPENLOG ("useradd");
238 #ifdef WITH_AUDIT
239diff --git a/src/usermod.c b/src/usermod.c
240index 21c6da9..cffdb3e 100644
241--- a/src/usermod.c
242+++ b/src/usermod.c
243@@ -431,8 +431,9 @@ static /*@noreturn@*/void usage (int status)
244 " new location (use only with -d)\n"), usageout);
245 (void) fputs (_(" -o, --non-unique allow using duplicate (non-unique) UID\n"), usageout);
246 (void) fputs (_(" -p, --password PASSWORD use encrypted password for the new password\n"), usageout);
247+ (void) fputs (_(" -P, --clear-password PASSWORD use clear password for the new password\n"), usageout);
248 (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
249- (void) fputs (_(" -P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout);
250+ (void) fputs (_(" -A, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout);
251 (void) fputs (_(" -s, --shell SHELL new login shell for the user account\n"), usageout);
252 (void) fputs (_(" -u, --uid UID new UID for the user account\n"), usageout);
253 (void) fputs (_(" -U, --unlock unlock the user account\n"), usageout);
254@@ -1010,8 +1011,9 @@ static void process_flags (int argc, char **argv)
255 {"move-home", no_argument, NULL, 'm'},
256 {"non-unique", no_argument, NULL, 'o'},
257 {"password", required_argument, NULL, 'p'},
258+ {"clear-password", required_argument, NULL, 'P'},
259 {"root", required_argument, NULL, 'R'},
260- {"prefix", required_argument, NULL, 'P'},
261+ {"prefix", required_argument, NULL, 'A'},
262 {"shell", required_argument, NULL, 's'},
263 {"uid", required_argument, NULL, 'u'},
264 {"unlock", no_argument, NULL, 'U'},
265@@ -1027,7 +1029,7 @@ static void process_flags (int argc, char **argv)
266 {NULL, 0, NULL, '\0'}
267 };
268 while ((c = getopt_long (argc, argv,
269- "abc:d:e:f:g:G:hl:Lmop:R:s:u:UP:"
270+ "abc:d:e:f:g:G:hl:Lmop:P:R:s:u:UA:"
271 #ifdef ENABLE_SUBIDS
272 "v:w:V:W:"
273 #endif /* ENABLE_SUBIDS */
274@@ -1130,9 +1132,17 @@ static void process_flags (int argc, char **argv)
275 user_pass = optarg;
276 pflg = true;
277 break;
278+ case 'P':
279+ user_pass = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
280+ pflg = true;
281+ break;
282 case 'R': /* no-op, handled in process_root_flag () */
283 break;
284- case 'P': /* no-op, handled in process_prefix_flag () */
285+ case 'A': /* no-op, handled in process_prefix_flag () */
286+ fprintf (stderr,
287+ _("%s: -A is deliberately not supported \n"),
288+ Prog);
289+ exit (E_BAD_ARG);
290 break;
291 case 's':
292 if (!VALID (optarg)) {
293@@ -2127,7 +2137,7 @@ int main (int argc, char **argv)
294 (void) textdomain (PACKAGE);
295
296 process_root_flag ("-R", argc, argv);
297- prefix = process_prefix_flag ("-P", argc, argv);
298+ prefix = process_prefix_flag ("-A", argc, argv);
299
300 OPENLOG ("usermod");
301 #ifdef WITH_AUDIT
diff --git a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch
index 9825216369..cd99aad135 100644
--- a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch
+++ b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch
@@ -1,4 +1,4 @@
1From 66533c7c6f347d257020675a1ed6e0c59cbbc3f0 Mon Sep 17 00:00:00 2001 1From f512071dd3a4c29d4bf048c5a89c4ba9160e37b1 Mon Sep 17 00:00:00 2001
2From: Chen Qi <Qi.Chen@windriver.com> 2From: Chen Qi <Qi.Chen@windriver.com>
3Date: Thu, 17 Jul 2014 15:53:34 +0800 3Date: Thu, 17 Jul 2014 15:53:34 +0800
4Subject: [PATCH] commonio.c-fix-unexpected-open-failure-in-chroot-env 4Subject: [PATCH] commonio.c-fix-unexpected-open-failure-in-chroot-env
@@ -15,32 +15,31 @@ Note that this patch doesn't change the logic in the code, it just expands
15the codes. 15the codes.
16 16
17Signed-off-by: Chen Qi <Qi.Chen@windriver.com> 17Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
18
19--- 18---
20 lib/commonio.c | 16 ++++++++++++---- 19 lib/commonio.c | 16 ++++++++++++----
21 1 file changed, 12 insertions(+), 4 deletions(-) 20 1 file changed, 12 insertions(+), 4 deletions(-)
22 21
23diff --git a/lib/commonio.c b/lib/commonio.c 22diff --git a/lib/commonio.c b/lib/commonio.c
24index 16fa7e7..d6bc297 100644 23index 01a26c9..82b2868 100644
25--- a/lib/commonio.c 24--- a/lib/commonio.c
26+++ b/lib/commonio.c 25+++ b/lib/commonio.c
27@@ -632,10 +632,18 @@ int commonio_open (struct commonio_db *db, int mode) 26@@ -601,10 +601,18 @@ int commonio_open (struct commonio_db *db, int mode)
28 db->cursor = NULL; 27 db->cursor = NULL;
29 db->changed = false; 28 db->changed = false;
30 29
31- fd = open (db->filename, 30- fd = open (db->filename,
32- (db->readonly ? O_RDONLY : O_RDWR) 31- (db->readonly ? O_RDONLY : O_RDWR)
33- | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW); 32- | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW | O_CLOEXEC);
34- saved_errno = errno; 33- saved_errno = errno;
35+ if (db->readonly) { 34+ if (db->readonly) {
36+ fd = open (db->filename, 35+ fd = open (db->filename,
37+ (true ? O_RDONLY : O_RDWR) 36+ (true ? O_RDONLY : O_RDWR)
38+ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW); 37+ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW | O_CLOEXEC);
39+ saved_errno = errno; 38+ saved_errno = errno;
40+ } else { 39+ } else {
41+ fd = open (db->filename, 40+ fd = open (db->filename,
42+ (false ? O_RDONLY : O_RDWR) 41+ (false ? O_RDONLY : O_RDWR)
43+ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW); 42+ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW| O_CLOEXEC);
44+ saved_errno = errno; 43+ saved_errno = errno;
45+ } 44+ }
46+ 45+
diff --git a/meta/recipes-extended/shadow/files/login.defs_shadow-sysroot b/meta/recipes-extended/shadow/files/login.defs_shadow-sysroot
index 8a68dd341a..09df77d2e7 100644
--- a/meta/recipes-extended/shadow/files/login.defs_shadow-sysroot
+++ b/meta/recipes-extended/shadow/files/login.defs_shadow-sysroot
@@ -1,3 +1,4 @@
1# SPDX-License-Identifier: BSD-3-Clause OR Artistic-1.0
1# 2#
2# /etc/login.defs - Configuration control definitions for the shadow package. 3# /etc/login.defs - Configuration control definitions for the shadow package.
3# 4#
diff --git a/meta/recipes-extended/shadow/files/pam.d/login b/meta/recipes-extended/shadow/files/pam.d/login
index b340058539..d39e09b1ea 100644
--- a/meta/recipes-extended/shadow/files/pam.d/login
+++ b/meta/recipes-extended/shadow/files/pam.d/login
@@ -57,10 +57,6 @@ auth optional pam_group.so
57# (Replaces the use of /etc/limits in old login) 57# (Replaces the use of /etc/limits in old login)
58session required pam_limits.so 58session required pam_limits.so
59 59
60# Prints the last login info upon succesful login
61# (Replaces the `LASTLOG_ENAB' option from login.defs)
62session optional pam_lastlog.so
63
64# Prints the motd upon succesful login 60# Prints the motd upon succesful login
65# (Replaces the `MOTD_FILE' option in login.defs) 61# (Replaces the `MOTD_FILE' option in login.defs)
66session optional pam_motd.so 62session optional pam_motd.so
diff --git a/meta/recipes-extended/shadow/files/securetty b/meta/recipes-extended/shadow/files/securetty
index 2be341a216..820728faa6 100644
--- a/meta/recipes-extended/shadow/files/securetty
+++ b/meta/recipes-extended/shadow/files/securetty
@@ -7,6 +7,7 @@ ttyS0
7ttyS1 7ttyS1
8ttyS2 8ttyS2
9ttyS3 9ttyS3
10ttyS4
10 11
11# ARM AMBA SoCs 12# ARM AMBA SoCs
12ttyAM0 13ttyAM0
diff --git a/meta/recipes-extended/shadow/files/shadow-4.1.3-dots-in-usernames.patch b/meta/recipes-extended/shadow/files/shadow-4.1.3-dots-in-usernames.patch
deleted file mode 100644
index a7bb0a9290..0000000000
--- a/meta/recipes-extended/shadow/files/shadow-4.1.3-dots-in-usernames.patch
+++ /dev/null
@@ -1,27 +0,0 @@
1# commit message copied from openembedded:
2# commit 246c80637b135f3a113d319b163422f98174ee6c
3# Author: Khem Raj <raj.khem@gmail.com>
4# Date: Wed Jun 9 13:37:03 2010 -0700
5#
6# shadow-4.1.4.2: Add patches to support dots in login id.
7#
8# Signed-off-by: Khem Raj <raj.khem@gmail.com>
9#
10# comment added by Kevin Tian <kevin.tian@intel.com>, 2010-08-11
11
12Upstream-Status: Pending
13
14Signed-off-by: Scott Garman <scott.a.garman@intel.com>
15
16Index: shadow-4.1.4.2/libmisc/chkname.c
17===================================================================
18--- shadow-4.1.4.2.orig/libmisc/chkname.c 2009-04-28 12:14:04.000000000 -0700
19+++ shadow-4.1.4.2/libmisc/chkname.c 2010-06-03 17:43:20.638973857 -0700
20@@ -61,6 +61,7 @@ static bool is_valid_name (const char *n
21 ( ('0' <= *name) && ('9' >= *name) ) ||
22 ('_' == *name) ||
23 ('-' == *name) ||
24+ ('.' == *name) ||
25 ( ('$' == *name) && ('\0' == *(name + 1)) )
26 )) {
27 return false;
diff --git a/meta/recipes-extended/shadow/files/shadow-relaxed-usernames.patch b/meta/recipes-extended/shadow/files/shadow-relaxed-usernames.patch
deleted file mode 100644
index cc833362e9..0000000000
--- a/meta/recipes-extended/shadow/files/shadow-relaxed-usernames.patch
+++ /dev/null
@@ -1,111 +0,0 @@
1From ca472d6866e545aaa70a70020e3226f236a8aafc Mon Sep 17 00:00:00 2001
2From: Shan Hai <shan.hai@windriver.com>
3Date: Tue, 13 Sep 2016 13:45:46 +0800
4Subject: [PATCH] shadow: use relaxed usernames
5
6The groupadd from shadow does not allow upper case group names, the
7same is true for the upstream shadow. But distributions like
8Debian/Ubuntu/CentOS has their own way to cope with this problem,
9this patch is picked up from CentOS release 7.0 to relax the usernames
10restrictions to allow the upper case group names, and the relaxation is
11POSIX compliant because POSIX indicate that usernames are composed of
12characters from the portable filename character set [A-Za-z0-9._-].
13
14Upstream-Status: Pending
15
16Signed-off-by: Shan Hai <shan.hai@windriver.com>
17
18---
19 libmisc/chkname.c | 30 ++++++++++++++++++------------
20 man/groupadd.8.xml | 6 ------
21 man/useradd.8.xml | 8 +-------
22 3 files changed, 19 insertions(+), 25 deletions(-)
23
24diff --git a/libmisc/chkname.c b/libmisc/chkname.c
25index 90f185c..65762b4 100644
26--- a/libmisc/chkname.c
27+++ b/libmisc/chkname.c
28@@ -55,22 +55,28 @@ static bool is_valid_name (const char *name)
29 }
30
31 /*
32- * User/group names must match [a-z_][a-z0-9_-]*[$]
33- */
34-
35- if (('\0' == *name) ||
36- !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) {
37+ * User/group names must match gnu e-regex:
38+ * [a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]?
39+ *
40+ * as a non-POSIX, extension, allow "$" as the last char for
41+ * sake of Samba 3.x "add machine script"
42+ */
43+ if ( ('\0' == *name) ||
44+ !((*name >= 'a' && *name <= 'z') ||
45+ (*name >= 'A' && *name <= 'Z') ||
46+ (*name >= '0' && *name <= '9') ||
47+ (*name == '_') || (*name == '.')
48+ )) {
49 return false;
50 }
51
52 while ('\0' != *++name) {
53- if (!(( ('a' <= *name) && ('z' >= *name) ) ||
54- ( ('0' <= *name) && ('9' >= *name) ) ||
55- ('_' == *name) ||
56- ('-' == *name) ||
57- ('.' == *name) ||
58- ( ('$' == *name) && ('\0' == *(name + 1)) )
59- )) {
60+ if (!( (*name >= 'a' && *name <= 'z') ||
61+ (*name >= 'A' && *name <= 'Z') ||
62+ (*name >= '0' && *name <= '9') ||
63+ (*name == '_') || (*name == '.') || (*name == '-') ||
64+ (*name == '$' && *(name + 1) == '\0')
65+ )) {
66 return false;
67 }
68 }
69diff --git a/man/groupadd.8.xml b/man/groupadd.8.xml
70index 1e58f09..d804b61 100644
71--- a/man/groupadd.8.xml
72+++ b/man/groupadd.8.xml
73@@ -272,12 +272,6 @@
74
75 <refsect1 id='caveats'>
76 <title>CAVEATS</title>
77- <para>
78- Groupnames must start with a lower case letter or an underscore,
79- followed by lower case letters, digits, underscores, or dashes.
80- They can end with a dollar sign.
81- In regular expression terms: [a-z_][a-z0-9_-]*[$]?
82- </para>
83 <para>
84 Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long.
85 </para>
86diff --git a/man/useradd.8.xml b/man/useradd.8.xml
87index a16d730..c0bd777 100644
88--- a/man/useradd.8.xml
89+++ b/man/useradd.8.xml
90@@ -366,7 +366,7 @@
91 </term>
92 <listitem>
93 <para>
94- Do no create the user's home directory, even if the system
95+ Do not create the user's home directory, even if the system
96 wide setting from <filename>/etc/login.defs</filename>
97 (<option>CREATE_HOME</option>) is set to
98 <replaceable>yes</replaceable>.
99@@ -660,12 +660,6 @@
100 the user account creation request.
101 </para>
102
103- <para>
104- Usernames must start with a lower case letter or an underscore,
105- followed by lower case letters, digits, underscores, or dashes.
106- They can end with a dollar sign.
107- In regular expression terms: [a-z_][a-z0-9_-]*[$]?
108- </para>
109 <para>
110 Usernames may only be up to 32 characters long.
111 </para>
diff --git a/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch b/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch
index 15f8044fa2..1eacb8a53f 100644
--- a/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch
+++ b/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch
@@ -1,88 +1,115 @@
1From 38882ab288fd4d2cc2e45dff222ae3412c8fe357 Mon Sep 17 00:00:00 2001
2From: Kang Kai <kai.kang@windriver.com>
3Date: Wed, 20 Jul 2011 19:18:14 +0800
4Subject: [PATCH] shadow: update pam related configure files
5
1The system-auth in the configure files is from Fedora which put all the 4 pam type rules 6The system-auth in the configure files is from Fedora which put all the 4 pam type rules
2in one file. 7in one file.
3In yocto it obey the way with Debian/Ubuntu, and the names are common-auth, common-account, 8In yocto it obey the way with Debian/Ubuntu, and the names are common-auth, common-account,
4common-password and common-session. 9common-password and common-session.
5So update them with oe way. 10So update them with oe way.
6 11
7Upstream-Status: Pending 12See meta/recipes-extended/pam/libpam/pam.d/common-password
13
14Upstream-Status: Inappropriate [oe-core specific]
8 15
9Signed-off-by: Kang Kai <kai.kang@windriver.com> 16Signed-off-by: Kang Kai <kai.kang@windriver.com>
17---
18 etc/pam.d/chage | 2 +-
19 etc/pam.d/chgpasswd | 2 +-
20 etc/pam.d/groupadd | 2 +-
21 etc/pam.d/groupdel | 2 +-
22 etc/pam.d/groupmems | 2 +-
23 etc/pam.d/groupmod | 2 +-
24 etc/pam.d/useradd | 2 +-
25 etc/pam.d/userdel | 2 +-
26 etc/pam.d/usermod | 2 +-
27 9 files changed, 9 insertions(+), 9 deletions(-)
10 28
11diff -Nur shadow-4.1.4.3/etc/pam.d.orig/chage shadow-4.1.4.3/etc/pam.d/chage 29diff --git a/etc/pam.d/chage b/etc/pam.d/chage
12--- shadow-4.1.4.3/etc/pam.d.orig/chage 2011-07-20 19:02:27.384844958 +0800 30index 8f49f5c..b1f365d 100644
13+++ shadow-4.1.4.3/etc/pam.d/chage 2011-07-20 19:03:08.964844958 +0800 31--- a/etc/pam.d/chage
32+++ b/etc/pam.d/chage
14@@ -1,4 +1,4 @@ 33@@ -1,4 +1,4 @@
15 #%PAM-1.0 34 #%PAM-1.0
16 auth sufficient pam_rootok.so 35 auth sufficient pam_rootok.so
17 account required pam_permit.so 36 account required pam_permit.so
18-password include system-auth 37-password include system-auth
19+password include common-password 38+password include common-password
20diff -Nur shadow-4.1.4.3/etc/pam.d.orig/chgpasswd shadow-4.1.4.3/etc/pam.d/chgpasswd 39diff --git a/etc/pam.d/chgpasswd b/etc/pam.d/chgpasswd
21--- shadow-4.1.4.3/etc/pam.d.orig/chgpasswd 2011-07-20 19:02:27.384844958 +0800 40index 8f49f5c..b1f365d 100644
22+++ shadow-4.1.4.3/etc/pam.d/chgpasswd 2011-07-20 19:03:26.544844958 +0800 41--- a/etc/pam.d/chgpasswd
42+++ b/etc/pam.d/chgpasswd
23@@ -1,4 +1,4 @@ 43@@ -1,4 +1,4 @@
24 #%PAM-1.0 44 #%PAM-1.0
25 auth sufficient pam_rootok.so 45 auth sufficient pam_rootok.so
26 account required pam_permit.so 46 account required pam_permit.so
27-password include system-auth 47-password include system-auth
28+password include common-password 48+password include common-password
29diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupadd shadow-4.1.4.3/etc/pam.d/groupadd 49diff --git a/etc/pam.d/groupadd b/etc/pam.d/groupadd
30--- shadow-4.1.4.3/etc/pam.d.orig/groupadd 2011-07-20 19:02:27.384844958 +0800 50index 8f49f5c..b1f365d 100644
31+++ shadow-4.1.4.3/etc/pam.d/groupadd 2011-07-20 19:04:08.124844958 +0800 51--- a/etc/pam.d/groupadd
52+++ b/etc/pam.d/groupadd
32@@ -1,4 +1,4 @@ 53@@ -1,4 +1,4 @@
33 #%PAM-1.0 54 #%PAM-1.0
34 auth sufficient pam_rootok.so 55 auth sufficient pam_rootok.so
35 account required pam_permit.so 56 account required pam_permit.so
36-password include system-auth 57-password include system-auth
37+password include common-password 58+password include common-password
38diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupdel shadow-4.1.4.3/etc/pam.d/groupdel 59diff --git a/etc/pam.d/groupdel b/etc/pam.d/groupdel
39--- shadow-4.1.4.3/etc/pam.d.orig/groupdel 2011-07-20 19:02:27.384844958 +0800 60index 8f49f5c..b1f365d 100644
40+++ shadow-4.1.4.3/etc/pam.d/groupdel 2011-07-20 19:04:26.114844958 +0800 61--- a/etc/pam.d/groupdel
62+++ b/etc/pam.d/groupdel
41@@ -1,4 +1,4 @@ 63@@ -1,4 +1,4 @@
42 #%PAM-1.0 64 #%PAM-1.0
43 auth sufficient pam_rootok.so 65 auth sufficient pam_rootok.so
44 account required pam_permit.so 66 account required pam_permit.so
45-password include system-auth 67-password include system-auth
46+password include common-password 68+password include common-password
47diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupmems shadow-4.1.4.3/etc/pam.d/groupmems 69diff --git a/etc/pam.d/groupmems b/etc/pam.d/groupmems
48--- shadow-4.1.4.3/etc/pam.d.orig/groupmems 2011-07-20 19:02:27.384844958 +0800 70index 8f49f5c..b1f365d 100644
49+++ shadow-4.1.4.3/etc/pam.d/groupmems 2011-07-20 19:04:35.074844958 +0800 71--- a/etc/pam.d/groupmems
72+++ b/etc/pam.d/groupmems
50@@ -1,4 +1,4 @@ 73@@ -1,4 +1,4 @@
51 #%PAM-1.0 74 #%PAM-1.0
52 auth sufficient pam_rootok.so 75 auth sufficient pam_rootok.so
53 account required pam_permit.so 76 account required pam_permit.so
54-password include system-auth 77-password include system-auth
55+password include common-password 78+password include common-password
56diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupmod shadow-4.1.4.3/etc/pam.d/groupmod 79diff --git a/etc/pam.d/groupmod b/etc/pam.d/groupmod
57--- shadow-4.1.4.3/etc/pam.d.orig/groupmod 2011-07-20 19:02:27.384844958 +0800 80index 8f49f5c..b1f365d 100644
58+++ shadow-4.1.4.3/etc/pam.d/groupmod 2011-07-20 19:04:44.864844958 +0800 81--- a/etc/pam.d/groupmod
82+++ b/etc/pam.d/groupmod
59@@ -1,4 +1,4 @@ 83@@ -1,4 +1,4 @@
60 #%PAM-1.0 84 #%PAM-1.0
61 auth sufficient pam_rootok.so 85 auth sufficient pam_rootok.so
62 account required pam_permit.so 86 account required pam_permit.so
63-password include system-auth 87-password include system-auth
64+password include common-password 88+password include common-password
65diff -Nur shadow-4.1.4.3/etc/pam.d.orig/useradd shadow-4.1.4.3/etc/pam.d/useradd 89diff --git a/etc/pam.d/useradd b/etc/pam.d/useradd
66--- shadow-4.1.4.3/etc/pam.d.orig/useradd 2011-07-20 19:02:27.384844958 +0800 90index 8f49f5c..b1f365d 100644
67+++ shadow-4.1.4.3/etc/pam.d/useradd 2011-07-20 19:07:26.244844958 +0800 91--- a/etc/pam.d/useradd
92+++ b/etc/pam.d/useradd
68@@ -1,4 +1,4 @@ 93@@ -1,4 +1,4 @@
69 #%PAM-1.0 94 #%PAM-1.0
70 auth sufficient pam_rootok.so 95 auth sufficient pam_rootok.so
71 account required pam_permit.so 96 account required pam_permit.so
72-password include system-auth 97-password include system-auth
73+password include common-password 98+password include common-password
74diff -Nur shadow-4.1.4.3/etc/pam.d.orig/userdel shadow-4.1.4.3/etc/pam.d/userdel 99diff --git a/etc/pam.d/userdel b/etc/pam.d/userdel
75--- shadow-4.1.4.3/etc/pam.d.orig/userdel 2011-07-20 19:02:27.384844958 +0800 100index 8f49f5c..b1f365d 100644
76+++ shadow-4.1.4.3/etc/pam.d/userdel 2011-07-20 19:07:35.734844958 +0800 101--- a/etc/pam.d/userdel
102+++ b/etc/pam.d/userdel
77@@ -1,4 +1,4 @@ 103@@ -1,4 +1,4 @@
78 #%PAM-1.0 104 #%PAM-1.0
79 auth sufficient pam_rootok.so 105 auth sufficient pam_rootok.so
80 account required pam_permit.so 106 account required pam_permit.so
81-password include system-auth 107-password include system-auth
82+password include common-password 108+password include common-password
83diff -Nur shadow-4.1.4.3/etc/pam.d.orig/usermod shadow-4.1.4.3/etc/pam.d/usermod 109diff --git a/etc/pam.d/usermod b/etc/pam.d/usermod
84--- shadow-4.1.4.3/etc/pam.d.orig/usermod 2011-07-20 19:02:27.384844958 +0800 110index 8f49f5c..b1f365d 100644
85+++ shadow-4.1.4.3/etc/pam.d/usermod 2011-07-20 19:07:42.024844958 +0800 111--- a/etc/pam.d/usermod
112+++ b/etc/pam.d/usermod
86@@ -1,4 +1,4 @@ 113@@ -1,4 +1,4 @@
87 #%PAM-1.0 114 #%PAM-1.0
88 auth sufficient pam_rootok.so 115 auth sufficient pam_rootok.so
diff --git a/meta/recipes-extended/shadow/files/useradd b/meta/recipes-extended/shadow/files/useradd
new file mode 100644
index 0000000000..782aeef418
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/useradd
@@ -0,0 +1,8 @@
1# useradd defaults file
2GROUP=100
3HOME=/home
4INACTIVE=-1
5EXPIRE=
6SHELL=/bin/sh
7SKEL=/etc/skel
8CREATE_MAIL_SPOOL=no
diff --git a/meta/recipes-extended/shadow/shadow-securetty_4.6.bb b/meta/recipes-extended/shadow/shadow-securetty_4.6.bb
index c78f888cf4..fe51ea1874 100644
--- a/meta/recipes-extended/shadow/shadow-securetty_4.6.bb
+++ b/meta/recipes-extended/shadow/shadow-securetty_4.6.bb
@@ -5,7 +5,6 @@ LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384
5 5
6INHIBIT_DEFAULT_DEPS = "1" 6INHIBIT_DEFAULT_DEPS = "1"
7 7
8PR = "r3"
9 8
10SRC_URI = "file://securetty" 9SRC_URI = "file://securetty"
11 10
diff --git a/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb b/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb
index 1f6232e43c..00ab58b38c 100644
--- a/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb
+++ b/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb
@@ -2,12 +2,11 @@ SUMMARY = "Shadow utils requirements for useradd.bbclass"
2HOMEPAGE = "http://github.com/shadow-maint/shadow" 2HOMEPAGE = "http://github.com/shadow-maint/shadow"
3BUGTRACKER = "http://github.com/shadow-maint/shadow/issues" 3BUGTRACKER = "http://github.com/shadow-maint/shadow/issues"
4SECTION = "base utils" 4SECTION = "base utils"
5LICENSE = "BSD | Artistic-1.0" 5LICENSE = "BSD-3-Clause | Artistic-1.0"
6LIC_FILES_CHKSUM = "file://login.defs_shadow-sysroot;md5=25e2f2de4dfc8f966ac5cdfce45cd7d5" 6LIC_FILES_CHKSUM = "file://login.defs_shadow-sysroot;endline=1;md5=ceddfb61608e4db87012499555184aed"
7 7
8DEPENDS = "base-passwd" 8DEPENDS = "base-passwd"
9 9
10PR = "r3"
11 10
12# The sole purpose of this recipe is to provide the /etc/login.defs 11# The sole purpose of this recipe is to provide the /etc/login.defs
13# file for the target sysroot - needed so the shadow-native utilities 12# file for the target sysroot - needed so the shadow-native utilities
diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc
index 4ae7a78c52..c15715fc77 100644
--- a/meta/recipes-extended/shadow/shadow.inc
+++ b/meta/recipes-extended/shadow/shadow.inc
@@ -1,36 +1,31 @@
1SUMMARY = "Tools to change and administer password and group data" 1SUMMARY = "Tools to change and administer password and group data"
2HOMEPAGE = "http://github.com/shadow-maint/shadow" 2HOMEPAGE = "http://github.com/shadow-maint/shadow"
3DESCRIPTION = "${SUMMARY}"
3BUGTRACKER = "http://github.com/shadow-maint/shadow/issues" 4BUGTRACKER = "http://github.com/shadow-maint/shadow/issues"
4SECTION = "base/utils" 5SECTION = "base/utils"
5LICENSE = "BSD | Artistic-1.0" 6LICENSE = "BSD-3-Clause"
6LIC_FILES_CHKSUM = "file://COPYING;md5=ed80ff1c2b40843cf5768e5229cf16e5 \ 7LIC_FILES_CHKSUM = "file://COPYING;md5=c9a450b7be84eac23e6353efecb60b5b \
7 file://src/passwd.c;beginline=2;endline=30;md5=5720ff729a6ff39ecc9f64555d75f4af" 8 file://src/passwd.c;beginline=2;endline=7;md5=67bcf314687820b2f010d4863fce3fc5 \
9 "
8 10
9DEPENDS = "virtual/crypt" 11DEPENDS = "virtual/crypt"
10 12
11UPSTREAM_CHECK_URI = "https://github.com/shadow-maint/shadow/releases" 13GITHUB_BASE_URI = "https://github.com/shadow-maint/shadow/releases"
12SRC_URI = "https://github.com/shadow-maint/shadow/releases/download/${PV}/${BP}.tar.gz \ 14SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BP}.tar.gz \
13 file://shadow-4.1.3-dots-in-usernames.patch \ 15 file://0001-lib-copydir-copy_entry-use-temporary-stat-buffer.patch \
14 ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \ 16 ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \
15 file://shadow-relaxed-usernames.patch \ 17 file://useradd \
16 " 18 "
17 19
18SRC_URI_append_class-target = " \ 20SRC_URI:append:class-target = " \
19 file://login_defs_pam.sed \ 21 file://login_defs_pam.sed \
20 file://shadow-update-pam-conf.patch \ 22 file://shadow-update-pam-conf.patch \
21 " 23 "
22 24
23SRC_URI_append_class-native = " \ 25SRC_URI:append:class-native = " \
24 file://0001-Disable-use-of-syslog-for-sysroot.patch \
25 file://0002-Allow-for-setting-password-in-clear-text.patch \
26 file://commonio.c-fix-unexpected-open-failure-in-chroot-env.patch \ 26 file://commonio.c-fix-unexpected-open-failure-in-chroot-env.patch \
27 " 27 "
28SRC_URI_append_class-nativesdk = " \ 28SRC_URI[sha256sum] = "377fe0d7c1a0aa5e3514c08fdf5ddc70c9dcbb391678c2134445ed97326bcc26"
29 file://0001-Disable-use-of-syslog-for-sysroot.patch \
30 "
31
32SRC_URI[md5sum] = "3d97f11e66bfb0b14702b115fa8be480"
33SRC_URI[sha256sum] = "3ee3081fbbcbcfea5c8916419e46bc724807bab271072104f23e7a29e9668f3a"
34 29
35# Additional Policy files for PAM 30# Additional Policy files for PAM
36PAM_SRC_URI = "file://pam.d/chfn \ 31PAM_SRC_URI = "file://pam.d/chfn \
@@ -41,22 +36,22 @@ PAM_SRC_URI = "file://pam.d/chfn \
41 file://pam.d/passwd \ 36 file://pam.d/passwd \
42 file://pam.d/su" 37 file://pam.d/su"
43 38
44inherit autotools gettext 39inherit autotools gettext github-releases pkgconfig
45 40
46export CONFIG_SHELL="/bin/sh" 41export CONFIG_SHELL="/bin/sh"
47 42
48EXTRA_OECONF += "--without-audit \ 43EXTRA_OECONF += " \
49 --without-libcrack \
50 --without-selinux \
51 --with-group-name-max-length=24 \ 44 --with-group-name-max-length=24 \
52 --enable-subordinate-ids=yes \ 45 --enable-subordinate-ids=yes \
53 --without-sssd \ 46 --without-sssd \
54 ${NSCDOPT}" 47 ${NSCDOPT}"
55 48
49CFLAGS:append:libc-musl = " -DLIBBSD_OVERLAY"
50
56NSCDOPT = "" 51NSCDOPT = ""
57NSCDOPT_class-native = "--without-nscd" 52NSCDOPT:class-native = "--without-nscd"
58NSCDOPT_class-nativesdk = "--without-nscd" 53NSCDOPT:class-nativesdk = "--without-nscd"
59NSCDOPT_libc-glibc = "--with-nscd" 54NSCDOPT:libc-glibc = "--with-nscd"
60 55
61PAM_PLUGINS = "libpam-runtime \ 56PAM_PLUGINS = "libpam-runtime \
62 pam-plugin-faildelay \ 57 pam-plugin-faildelay \
@@ -65,27 +60,28 @@ PAM_PLUGINS = "libpam-runtime \
65 pam-plugin-env \ 60 pam-plugin-env \
66 pam-plugin-group \ 61 pam-plugin-group \
67 pam-plugin-limits \ 62 pam-plugin-limits \
68 pam-plugin-lastlog \
69 pam-plugin-motd \ 63 pam-plugin-motd \
70 pam-plugin-mail \ 64 pam-plugin-mail \
71 pam-plugin-shells \ 65 pam-plugin-shells \
72 pam-plugin-rootok" 66 pam-plugin-rootok"
73 67
74PAM_PLUGINS_remove_libc-musl = "pam-plugin-lastlog"
75
76PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \ 68PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \
77 ${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}" 69 ${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}"
78PACKAGECONFIG_class-native ??= "${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}" 70PACKAGECONFIG:class-native ??= "${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)} libbsd"
79PACKAGECONFIG_class-nativesdk = "" 71PACKAGECONFIG:class-nativesdk = ""
80PACKAGECONFIG[pam] = "--with-libpam,--without-libpam,libpam,${PAM_PLUGINS}" 72PACKAGECONFIG[pam] = "--with-libpam,--without-libpam,libpam,${PAM_PLUGINS}"
81PACKAGECONFIG[attr] = "--with-attr,--without-attr,attr" 73PACKAGECONFIG[attr] = "--with-attr,--without-attr,attr"
82PACKAGECONFIG[acl] = "--with-acl,--without-acl,acl" 74PACKAGECONFIG[acl] = "--with-acl,--without-acl,acl"
75PACKAGECONFIG[audit] = "--with-audit,--without-audit,audit"
76PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux libsemanage"
77PACKAGECONFIG[libbsd] = "--with-libbsd,--without-libbsd,libbsd"
78PACKAGECONFIG[logind] = "--enable-logind,--disable-logind,systemd"
83 79
84RDEPENDS_${PN} = "shadow-securetty \ 80RDEPENDS:${PN} = "shadow-securetty \
85 base-passwd \ 81 base-passwd \
86 util-linux-sulogin" 82 util-linux-sulogin"
87RDEPENDS_${PN}_class-native = "" 83RDEPENDS:${PN}:class-native = ""
88RDEPENDS_${PN}_class-nativesdk = "" 84RDEPENDS:${PN}:class-nativesdk = ""
89 85
90do_install() { 86do_install() {
91 oe_runmake DESTDIR="${D}" sbindir="${base_sbindir}" usbindir="${sbindir}" install 87 oe_runmake DESTDIR="${D}" sbindir="${base_sbindir}" usbindir="${sbindir}" install
@@ -114,15 +110,11 @@ do_install() {
114 # Use proper encryption for passwords 110 # Use proper encryption for passwords
115 sed -i 's/^#ENCRYPT_METHOD.*$/ENCRYPT_METHOD SHA512/' ${D}${sysconfdir}/login.defs 111 sed -i 's/^#ENCRYPT_METHOD.*$/ENCRYPT_METHOD SHA512/' ${D}${sysconfdir}/login.defs
116 112
117 # Now we don't have a mail system. Disable mail creation for now. 113 install -d ${D}${sysconfdir}/default
118 sed -i 's:/bin/bash:/bin/sh:g' ${D}${sysconfdir}/default/useradd 114 install -m 0644 ${WORKDIR}/useradd ${D}${sysconfdir}/default
119 sed -i '/^CREATE_MAIL_SPOOL/ s:^:#:' ${D}${sysconfdir}/default/useradd
120
121 # Use users group by default
122 sed -i 's,^GROUP=1000,GROUP=100,g' ${D}${sysconfdir}/default/useradd
123} 115}
124 116
125do_install_append() { 117do_install:append() {
126 # Ensure that the image has as a /var/spool/mail dir so shadow can 118 # Ensure that the image has as a /var/spool/mail dir so shadow can
127 # put mailboxes there if the user reconfigures shadow to its 119 # put mailboxes there if the user reconfigures shadow to its
128 # defaults (see sed below). 120 # defaults (see sed below).
@@ -152,10 +144,40 @@ do_install_append() {
152 # Handle link properly after rename, otherwise missing files would 144 # Handle link properly after rename, otherwise missing files would
153 # lead rpm failed dependencies. 145 # lead rpm failed dependencies.
154 ln -sf newgrp.${BPN} ${D}${bindir}/sg 146 ln -sf newgrp.${BPN} ${D}${bindir}/sg
147
148 # usermod requires the subuid/subgid files to be in place before being
149 # able to use the -v/-V flags otherwise it fails:
150 # usermod: /etc/subuid does not exist, you cannot use the flags -v or -V
151 install -d ${D}${sysconfdir}
152 touch ${D}${sysconfdir}/subuid
153 touch ${D}${sysconfdir}/subgid
154}
155
156# Make executables look for dynamically linked libraries in a custom location, and install
157# the needed libraries there. That way we can use them from sstate
158# in setscene tasks without worrying about the dependency libraries being available.
159do_install:append:class-native() {
160 binaries=$(find ${D}${base_bindir}/ ${D}${base_sbindir}/ ${D}${bindir}/ ${D}${sbindir}/ -executable -type f)
161 chrpath -k -r ${STAGING_DIR_NATIVE}/lib-shadow-deps $binaries
162 mkdir -p ${D}${STAGING_DIR_NATIVE}/lib-shadow-deps/
163 libattr=${@bb.utils.contains('DISTRO_FEATURES', 'xattr', "${STAGING_LIBDIR_NATIVE}/libattr.so.*", '', d)}
164 install $libattr ${STAGING_LIBDIR_NATIVE}/libbsd.so.* ${STAGING_LIBDIR_NATIVE}/libmd.so.* ${D}${STAGING_DIR_NATIVE}/lib-shadow-deps/
165 install ${D}${libdir}/*.so.* ${D}${STAGING_DIR_NATIVE}/lib-shadow-deps/
166}
167
168SYSROOT_DIRS:append:class-native = " ${STAGING_DIR_NATIVE}/lib-shadow-deps/"
169INSANE_SKIP:${PN}:class-native = "already-stripped"
170
171do_install:append:class-nativesdk() {
172 oe_runmake -C ${B}/man DESTDIR="${D}" sbindir="${base_sbindir}" usbindir="${sbindir}" install-man
173}
174
175do_install:append:class-target() {
176 oe_runmake -C ${B}/man DESTDIR="${D}" sbindir="${base_sbindir}" usbindir="${sbindir}" install-man
155} 177}
156 178
157PACKAGES =+ "${PN}-base" 179PACKAGES =+ "${PN}-base"
158FILES_${PN}-base = "\ 180FILES:${PN}-base = "\
159 ${base_bindir}/login.shadow \ 181 ${base_bindir}/login.shadow \
160 ${base_bindir}/su.shadow \ 182 ${base_bindir}/su.shadow \
161 ${bindir}/sg \ 183 ${bindir}/sg \
@@ -165,31 +187,30 @@ FILES_${PN}-base = "\
165 ${sysconfdir}/pam.d/su \ 187 ${sysconfdir}/pam.d/su \
166 ${sysconfdir}/login.defs \ 188 ${sysconfdir}/login.defs \
167" 189"
168RDEPENDS_${PN} += "${PN}-base" 190RDEPENDS:${PN} += "${PN}-base"
169 191
170inherit update-alternatives 192inherit update-alternatives
171 193
172ALTERNATIVE_PRIORITY = "200" 194ALTERNATIVE_PRIORITY = "200"
173 195
174ALTERNATIVE_${PN} = "passwd chfn chsh chpasswd vipw vigr nologin" 196ALTERNATIVE:${PN} = "passwd chfn chsh chpasswd vipw vigr nologin"
197ALTERNATIVE_LINK_NAME[chfn] = "${bindir}/chfn"
198ALTERNATIVE_LINK_NAME[chsh] = "${bindir}/chsh"
175ALTERNATIVE_LINK_NAME[chpasswd] = "${sbindir}/chpasswd" 199ALTERNATIVE_LINK_NAME[chpasswd] = "${sbindir}/chpasswd"
176ALTERNATIVE_LINK_NAME[vipw] = "${base_sbindir}/vipw" 200ALTERNATIVE_LINK_NAME[vipw] = "${base_sbindir}/vipw"
177ALTERNATIVE_LINK_NAME[vigr] = "${base_sbindir}/vigr" 201ALTERNATIVE_LINK_NAME[vigr] = "${base_sbindir}/vigr"
178ALTERNATIVE_LINK_NAME[nologin] = "${base_sbindir}/nologin" 202ALTERNATIVE_LINK_NAME[nologin] = "${base_sbindir}/nologin"
179 203
180ALTERNATIVE_${PN}-base = "newgrp groups login su" 204ALTERNATIVE:${PN}-doc = "chfn.1 chsh.1"
205ALTERNATIVE_LINK_NAME[chfn.1] = "${mandir}/man1/chfn.1"
206ALTERNATIVE_LINK_NAME[chsh.1] = "${mandir}/man1/chsh.1"
207
208ALTERNATIVE:${PN}-base = "newgrp groups login su"
181ALTERNATIVE_LINK_NAME[login] = "${base_bindir}/login" 209ALTERNATIVE_LINK_NAME[login] = "${base_bindir}/login"
182ALTERNATIVE_LINK_NAME[su] = "${base_bindir}/su" 210ALTERNATIVE_LINK_NAME[su] = "${base_bindir}/su"
183 211
184ALTERNATIVE_${PN}-doc = "passwd.5 getspnam.3 groups.1 su.1 nologin.8"
185ALTERNATIVE_LINK_NAME[passwd.5] = "${mandir}/man5/passwd.5"
186ALTERNATIVE_LINK_NAME[getspnam.3] = "${mandir}/man3/getspnam.3"
187ALTERNATIVE_LINK_NAME[groups.1] = "${mandir}/man1/groups.1"
188ALTERNATIVE_LINK_NAME[su.1] = "${mandir}/man1/su.1"
189ALTERNATIVE_LINK_NAME[nologin.8] = "${mandir}/man8/nologin.8"
190
191PACKAGE_WRITE_DEPS += "shadow-native" 212PACKAGE_WRITE_DEPS += "shadow-native"
192pkg_postinst_${PN}_class-target () { 213pkg_postinst:${PN}:class-target () {
193 if [ "x$D" != "x" ]; then 214 if [ "x$D" != "x" ]; then
194 rootarg="--root $D" 215 rootarg="--root $D"
195 else 216 else
diff --git a/meta/recipes-extended/shadow/shadow_4.15.0.bb b/meta/recipes-extended/shadow/shadow_4.15.0.bb
new file mode 100644
index 0000000000..e57676c1da
--- /dev/null
+++ b/meta/recipes-extended/shadow/shadow_4.15.0.bb
@@ -0,0 +1,10 @@
1require shadow.inc
2
3# Build falsely assumes that if --enable-libpam is set, we don't need to link against
4# libcrypt. This breaks chsh.
5BUILD_LDFLAGS:append:class-target = " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '-lcrypt', '', d)}"
6
7BBCLASSEXTEND = "native nativesdk"
8
9# https://bugzilla.redhat.com/show_bug.cgi?id=884658
10CVE_STATUS[CVE-2013-4235] = "upstream-wontfix: Severity is low and marked as closed and won't fix."
diff --git a/meta/recipes-extended/shadow/shadow_4.8.1.bb b/meta/recipes-extended/shadow/shadow_4.8.1.bb
deleted file mode 100644
index c975395ff8..0000000000
--- a/meta/recipes-extended/shadow/shadow_4.8.1.bb
+++ /dev/null
@@ -1,10 +0,0 @@
1require shadow.inc
2
3# Build falsely assumes that if --enable-libpam is set, we don't need to link against
4# libcrypt. This breaks chsh.
5BUILD_LDFLAGS_append_class-target = " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '-lcrypt', '', d)}"
6
7BBCLASSEXTEND = "native nativesdk"
8
9
10
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-02 05:45:22 +0000