summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/pam/libpam
Commit message (Collapse)AuthorAgeFilesLines
* libpam: refresh patchesRoss Burton2018-03-092-16/+21
| | | | | | | | | | | | | | | | | | | | | The patch tool will apply patches by default with "fuzz", which is where if the hunk context isn't present but what is there is close enough, it will force the patch in. Whilst this is useful when there's just whitespace changes, when applied to source it is possible for a patch applied with fuzz to produce broken code which still compiles (see #10450). This is obviously bad. We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For that to be realistic the existing patches with fuzz need to be rebased and reviewed. (From OE-Core rev: 994e43acc67efeb33d859be071609daa844e9b77) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: Drop remnants of uclibc supportRichard Purdie2017-06-221-233/+0
| | | | | | | | | | | | | | uclibc support was removed a while ago and musl works much better. Start to remove the various overrides and patches related to uclibc which are no longer needed. uclibc support in a layer would still be possible. I have strong reasons to believe nobody is still using uclibc since patches are missing and I doubt the metadata even parses anymore. (From OE-Core rev: 653704e9cf325cb494eb23facca19e9f05132ffd) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpam: update to 1.3.0Maxin B. John2016-05-303-193/+60
| | | | | | | | | | | | | | | | | 1.2.1 -> 1.3.0 Remove upstreamed patch: a) pam-no-innetgr.patch Refreshed the following patches for 1.3.0: a) crypt_configure.patch b) pam-unix-nullok-secure.patch (From OE-Core rev: ac512ff9fbe41428e3d71d3e943aaa871d8b155a) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpam: Fix build with muslKhem Raj2015-12-122-0/+127
| | | | | | | | | | | Define strndupa if not available in libc additionally fix headers to explicitly needed include files which glibc was including indirectly (From OE-Core rev: 24097d8bb481ed1312c45b2e93527a271f56e4be) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpam: Fix build with uclibcKhem Raj2015-10-271-0/+233
| | | | | | | | | | | | libpam needs to adjust for posix utmpx uclibc now disables utmp Change-Id: Ibcb7cb621527f318eb8b6e2741647ccb4c6bb39c (From OE-Core rev: e4c8a15d36d05d2b17b1dcf1d4238616c5b814f5) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpam: Fix patch broken during upgrade1.9_M2Richard Purdie2015-08-091-2/+2
| | | | | | | | | | | | | | | "0x200" became "0200" during the upgrade to libpam 1.2.1 in: http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=88dd997d9941b63ae9eead6690ecf2b785c0740c and this broke the IMAGE_FEATURES like debug-tweaks. I've converted all the values to octal here to match the original header file convention and make it clearer. [YOCTO #8033] (From OE-Core rev: 588e19058f631a1cc78002e1969a5459cd626afb) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpam: Upgrade v1.1.6 -> v1.2.1Amarnath Valluri2015-07-207-332/+124
| | | | | | | | | | | | | | | | | | | | | Dropped upstreamed patches(commit-id): - add-checks-for-crypt-returning-NULL.patch(8dc056c) - destdirfix.patch(d7e6b92) - libpam-fix-for-CVE-2010-4708.patch(4c430f6) Dropped backported patches(commit-id): - pam_timestamp-fix-potential-directory-traversal-issu.patch(9dcead8) - reflect-the-enforce_for_root-semantics-change-in-pam.patch(bd07ad3) Forward ported patches: - pam-unix-nullok-secure.patch - crypt_configure.patch (From OE-Core rev: 8683206f7ba85f693751415f896a0cc62931e3c4) Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpam: Fix wrong crypt library detectionKhem Raj2015-06-081-0/+31
| | | | | | | | | | | Surfaced when building with musl This details are in patch headers Enabel innetgr.patch for musl as well (From OE-Core rev: 6ec229d8dec6a5978ebf6b264c332590c8be0b3a) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpam / xtests: remove bash dependencyWenzong Fan2014-09-291-0/+226
| | | | | | | | | | | | | | | | | There's not bash specific syntax in the xtests scripts: $ cd Linux-PAM-1.1.6/xtests # replace /bin/bash to /bin/sh and check the bashisms: $ checkbashisms *.sh No output So the runtime dependency to bash could be removed. (From OE-Core rev: 1917bf7aa74aa1b86756c73c56537db2591115e5) Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpam: Security Advisory - CVE-2014-2583Yue Tao2014-06-171-0/+63
| | | | | | | | | | | | | | | | | | | | | v2 changes: * update format for commit log * add Upstream-Status for patch Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create aribitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty funtion, which is used by the format_timestamp_name function. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2583 (From OE-Core rev: 69255c84ebd99629da8174e1e73fd8c715e49b52) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpam: only use pam_systemd.so if systemd is enabledRoss Burton2013-09-221-2/+0
| | | | | | | | | | | | So that sysvinit images don't warn on every login only add it to common-session if systemd is a DISTRO_FEATURE. [ YOCTO #3805 ] (From OE-Core rev: 3ccb0855a7a6b147e5025855c6376747ba72986a) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpam: deny all services for the OTHER entriesMing Liu2013-07-311-9/+6
| | | | | | | | | | | To be secure, change behavior of the OTHER entries to warn and deny access to everything by stating pam_deny.so on all services. (From OE-Core rev: 4ca0af699b5b4b3cf95b3e76482651949fd922ac) Signed-off-by: Ming Liu <ming.liu@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpam: add a new 'nullok_secure' option support to pam_unixMing Liu2013-07-242-0/+422
| | | | | | | | | | | | | | | | | | | | Debian patch to add a new 'nullok_secure' option to pam_unix, which accepts users with null passwords only when the applicant is connected from a tty listed in /etc/securetty. The original pam_unix.so was configured with nullok_secure in meta/recipes-extended/pam/libpam/pam.d/common-auth, but no such code exists actually. The patch set comes from: http://patch-tracker.debian.org/patch/series/view/pam/1.1.3-7.1/054_pam_security_abstract_securetty_handling http://patch-tracker.debian.org/patch/series/view/pam/1.1.3-7.1/055_pam_unix_nullok_secure (From OE-Core rev: 10cdd66fe800cffe3f2cbf5c95550b4f7902a311) Signed-off-by: Ming Liu <ming.liu@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpam: Fix for CVE-2010-4708Wenzong Fan2013-06-191-0/+41
| | | | | | | | | | | | | | | | Change default for user_readenv to 0 and document the new default for user_readenv. This fix from: http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_env /pam_env.c?r1=1.22&r2=1.23&view=patch http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_env /pam_env.8.xml?r1=1.7&r2=1.8&view=patch (From OE-Core rev: 871ae7a6453b3b66610fd8bbaa770c92be850e19) Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpam: backport patches from upstreamKai Kang2013-04-172-0/+98
| | | | | | | | | | | | Backport patches from linux-pam git repo to fix test case tst-pam_pwhistory1 failure. [YOCTO #4107] (From OE-Core rev: 65e4a9f050ae588ec794808315a206d94ca7a861) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* pam: Fix case where ${B} != ${S}Richard Purdie2013-03-221-0/+24
| | | | | | (From OE-Core rev: 3d27366f17e597380fee738f14f119d880a77985) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpam: register PAM session with logindKoen Kooi2013-01-201-1/+3
| | | | | | | | | | | This make screen/tmux/etc work as intended. (From OE-Core rev: 58731bbdbd4ab4cfd560f14758a65efdfad2e28f) Signed-off-by: Martin Donnelly <martin.donnelly@ge.com> Signed-off-by: Koen Kooi <koen@dominion.thruhere.net> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpam: Fix missing DESTDIR for a mkdir causing build failuresRichard Purdie2012-08-191-0/+24
| | | | | | (From OE-Core rev: c39e823138cbf4210e17bdb95ca322ec0a6c8f78) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpam: Update recipes from 1.1.5 -> 1.1.6Khem Raj2012-08-191-12/+0
| | | | | | | | | | | | Drop include-sys-resource.patch already fixed upstream LIC_FILE_CHKSUM change is due to deletion of space in COPYING file see http://git.fedorahosted.org/cgit/linux-pam.git/commit/COPYING?id=1814aec611a5f9e03eceee81237ad3a3f51c954a (From OE-Core rev: 619092b699bfd79e060755fa41645cac7ac4fd0d) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpam: Fix build with eglibc 2.16Khem Raj2012-07-171-0/+12
| | | | | | | | | | | | | | | pam_unix_acct.c: In function '_unix_run_verify_binary': pam_unix_acct.c:97:19: error: storage size of 'rlim' isn't known pam_unix_acct.c:106:19: error: 'RLIMIT_NOFILE' undeclared (first use in this function) pam_unix_acct.c:106:19: note: each undeclared identifier is reported only once for each function it appears in (From OE-Core rev: e59a0bac95ce025a6b826be28ccc9e42ca4b5a29) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpam: update to 1.1.4 and add subpackage xtestsKang Kai2011-07-271-0/+35
| | | | | | | | | | | | Update libpam to 1.1.4, and add dependecy cracklib because run xtexts will need pam-plugin-cracklib. There are some additional checks under subdirectory xtests and make it as a subpackage libpam-xtests. (From OE-Core rev: f9158bf219479c2da56dd21a13ecee3176cd6f8a) Signed-off-by: Kang Kai <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* recipes: Add Upstream-Status to various recipe patchesScott Garman2011-05-171-0/+5
| | | | | | | | | | | | | | | | | | | Add Upstream-Status tag to patches for the following recipes: openssh dbus-glib expat opensp sgml-common at cpio (GPLv3 version) libpam icu (From OE-Core rev: 0702602332ad63c2cfaa207516497bb0b75bfdf3) Signed-off-by: Scott Garman <scott.a.garman@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpam_1.1.3.bb: Fix compilation on uclibc when innetgr is absentKhem Raj2011-04-041-0/+92
| | | | | | | (From OE-Core rev: a0d441ec7c43fe1b4490c1c9b03a0cf5811109fd) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpam: upgrade to version 1.1.3Scott Garman2010-11-247-0/+135
* Removed obsolete crossbinary patch * Added source checksums * Added LIC_FILES_CHKSUM and SUMMARY entries Signed-off-by: Scott Garman <scott.a.garman@intel.com>