| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libpam does not support 'obscure' checks to password,
there are the same checks in pam_cracklib module.
And this fix can remove the below error message while
updating password with 'passwd':
pam_unix(passwd:chauthtok):unrecognized option[obscure]
(From OE-Core rev: 76a63a5e1d572703c7e5e1360e24c05b87186e8b)
Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ea761dbac90be77797308666fe1586b05e3df824)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add userdb packageconfig to control the building of the pam_userdb.so module.
This depends on dbm support being compiled in for the berkley db package.
Also, remove "--with-db-uniquename=_pam" from EXTRA_OECONF. It makes the checks
for libdb fail because it searches for the wrong symbols in libdb (and libdb
was not configured with --with-uniquename=_pam option).
db.do_configure:
checking if --with-uniquename=NAME option specified... no
libpam.do_configure:
checking for db_create_pam... no
checking for db_create... no
checking for dbm_store_pam... no
checking for dbm_store... no
checking for dbm_store in -lndbm... no
(From OE-Core rev: 3130f43c51fb9b2aed9bb7805a820ea90e68276a)
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
| |
(From OE-Core rev: 6d79a39856c1b325d0ed6f057d8eaef64e31569f)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
rename
Besides checking DISTRO_FEATURES for required or conflicting features,
being able to check MACHINE_FEATURES and/or COMBINED_FEATURES may also
be useful at times.
Temporarily support the old class name with a warning about future
deprecation.
(From OE-Core rev: 5f4875b950ce199e91f99c8e945a0c709166dc14)
Signed-off-by: Denys Dmytriyenko <denys@ti.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
| |
(From OE-Core rev: f1d5273d53d66b217f3d4975f5cb5eb367b1aab1)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
Recent upgrade to the recipe moved SRC_URI to github. Fix the version
check accordingly.
(From OE-Core rev: 6119272f8855f949d428e12ab4da987d43a6adbf)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
Remove patch applied upstream.
Upstream tarball location changed.
(From OE-Core rev: 40b1825a4434334f3513f94775b176545f8d2f3a)
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
Or alternatively GPL, the same as the top-level Linux-PAM COPYING.
(From OE-Core rev: 025c1b384635ef7a85e9f45f048901d6680563ae)
Signed-off-by: Douglas Royds <douglas.royds@taitradio.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix handling of escape characters in regexs and hence fix python
Deprecation warnings which will be problematic in python 3.8.
Note that some show up as:
"""
meta/classes/package.bbclass:1293: DeprecationWarning: invalid escape sequence \.
"""
where the problem isn't on 1293 in package.bbclass but in some _prepend to a
package.bbclass function in a different file like mesa.inc, often from
do_package_split() calls.
(From OE-Core rev: 4b1c0c7d5525fc4cea9e0f02ec54e92a6fbc6199)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
| |
(From OE-Core rev: 0842bd7093040d1f99ffa0523b993341653b1c87)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The patch tool will apply patches by default with "fuzz", which is where if the
hunk context isn't present but what is there is close enough, it will force the
patch in.
Whilst this is useful when there's just whitespace changes, when applied to
source it is possible for a patch applied with fuzz to produce broken code which
still compiles (see #10450). This is obviously bad.
We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For
that to be realistic the existing patches with fuzz need to be rebased and
reviewed.
(From OE-Core rev: 994e43acc67efeb33d859be071609daa844e9b77)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* replace do_pam_sanity function with distro_features_check inherit
* fixes:
WARNING: libpam-1.3.0-r5 do_pam_sanity: Building libpam but 'pam' isn't in DISTRO_FEATURES, PAM won't work correctly
in world builds and prevents user to build libpam at all without pam
in DISTRO_FEATURES, I don't see any users of this which wouldn't respect
pam in DISTRO_FEATURES
* only libuser is depending on libpam without respecting DISTRO_FEATURES
* there are few recipes in meta-oe layers depending on libpam without
respecting DISTRO_FEATURES, I've sent patch for them:
samba, openwsman, pam-ssh-agent-auth, sblim-sfcb, passwdqc, python-pam, smbnetfs
and omxplayer in meta-raspberrypi, I've sent PR for that one:
https://github.com/agherzan/meta-raspberrypi/pull/192
* poky-lsb will need to add pam to DISTRO_FEATURES in order to build
packagegroup-core-lsb
(From OE-Core rev: c9e7a276859d38aaa03845ee09428f62760ad147)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
uclibc support was removed a while ago and musl works much better. Start to
remove the various overrides and patches related to uclibc which are no longer
needed.
uclibc support in a layer would still be possible. I have strong reasons to
believe nobody is still using uclibc since patches are missing and I doubt
the metadata even parses anymore.
(From OE-Core rev: 653704e9cf325cb494eb23facca19e9f05132ffd)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
bb.data.expand(x, d) is deprecated API.
[YOCTO #10678]
(From OE-Core rev: a361babe443da635aed83be46679067457fd6a58)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
getVar() now defaults to expanding by default, thus remove the True
option from getVar() calls with a regex search and replace.
Search made with the following regex: getVar ?\(( ?[^,()]*), True\)
(From OE-Core rev: 7c552996597faaee2fbee185b250c0ee30ea3b5f)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Depend only on bison-native as configure script is checking
only for bison binary and libpam itself doesn't need target bison.
Add libxml2-native for deterministic build (it detects xmlcatalog
and xmllint)
(From OE-Core rev: d904d24a9cb1f15688b9924981d9c3d4dac7065f)
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1.2.1 -> 1.3.0
Remove upstreamed patch:
a) pam-no-innetgr.patch
Refreshed the following patches for 1.3.0:
a) crypt_configure.patch
b) pam-unix-nullok-secure.patch
(From OE-Core rev: ac512ff9fbe41428e3d71d3e943aaa871d8b155a)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Based as security reason, the system must limit users to
simultaneous system logins, or a site-defined number.
To avoid overwriting the /etc/security/limits.conf file after
upgrading this rpm package, we will define the file as
CONFFILES of package libpam-runtime.
(From OE-Core rev: bdd7c1b088f24e54cf0be83324dd6ffe677af079)
Signed-off-by: Zhixiong Chi <Zhixiong.Chi@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
With the autodebug package generation logic, specifically setting FILES_${PN}-dbg
isn't needed in most cases, we can remove them.
(From OE-Core rev: 3ab59d49dd7c18e194b58d1248b4b87709b5a738)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Define strndupa if not available in libc additionally fix headers
to explicitly needed include files which glibc was including indirectly
(From OE-Core rev: 24097d8bb481ed1312c45b2e93527a271f56e4be)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
libpam needs to adjust for posix utmpx
uclibc now disables utmp
Change-Id: Ibcb7cb621527f318eb8b6e2741647ccb4c6bb39c
(From OE-Core rev: e4c8a15d36d05d2b17b1dcf1d4238616c5b814f5)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
"0x200" became "0200" during the upgrade to libpam 1.2.1 in:
http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=88dd997d9941b63ae9eead6690ecf2b785c0740c
and this broke the IMAGE_FEATURES like debug-tweaks.
I've converted all the values to octal here to match the original
header file convention and make it clearer.
[YOCTO #8033]
(From OE-Core rev: 588e19058f631a1cc78002e1969a5459cd626afb)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Dropped upstreamed patches(commit-id):
- add-checks-for-crypt-returning-NULL.patch(8dc056c)
- destdirfix.patch(d7e6b92)
- libpam-fix-for-CVE-2010-4708.patch(4c430f6)
Dropped backported patches(commit-id):
- pam_timestamp-fix-potential-directory-traversal-issu.patch(9dcead8)
- reflect-the-enforce_for_root-semantics-change-in-pam.patch(bd07ad3)
Forward ported patches:
- pam-unix-nullok-secure.patch
- crypt_configure.patch
(From OE-Core rev: 8683206f7ba85f693751415f896a0cc62931e3c4)
Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Surfaced when building with musl This details are in patch headers
Enabel innetgr.patch for musl as well
(From OE-Core rev: 6ec229d8dec6a5978ebf6b264c332590c8be0b3a)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use CONFFILES to mark editable files as such,
/etc/pam.d/common-session
/etc/pam.d/common-auth
/etc/pam.d/common-password
/etc/pam.d/common-session-noninteractive
/etc/pam.d/common-account
If there is no %config micro before the file name in the spec file,
this file will be overwritten after updating package.
This will make our settings lost.
(From OE-Core rev: 078fedcc0b7d50e7001c587968319f1b45b3c1ba)
Signed-off-by: Jian Liu <jian.liu@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
WARNING: QA Issue: lib64-libpam: Files/directories were installed but
not shipped
/usr/sbin/pam_console_apply
Because the package name is changed to mlprefix-pam-plugin-console. The file
must be appended to that item.
(From OE-Core rev: a9bc116ab80d920b781a8ae31370220fac683f3d)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There's not bash specific syntax in the xtests scripts:
$ cd Linux-PAM-1.1.6/xtests
# replace /bin/bash to /bin/sh and check the bashisms:
$ checkbashisms *.sh
No output
So the runtime dependency to bash could be removed.
(From OE-Core rev: 1917bf7aa74aa1b86756c73c56537db2591115e5)
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The commit df3038768f59f7a0c814974ff674d4e59cbdfca4 changed 'libpam' to
'pn', then we don't need the "MLPREFIX + pn" any more, otherwise we
would get the name like: "lib32-lib32-libpam-x", and the warn:
WARNING: QA Issue: lib32-pam-plugin-access rdepends on
lib32-lib32-libpam-suffix, but it isn't a build dependency? [build-deps]
(From OE-Core rev: 804c1284891c2654e1431fe4d777ca41ac466120)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
The plugin runtime dependencies were not including the multilib
prefix, fix it.
(From OE-Core rev: 48ca9989e4ac098532d3e0d4ce2a59eab9159b24)
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The runtime providers were commented out. Removing the comment brings
up a issue with the native renaming which has been workarounded
disabling the runtime recommendation. This is indeed a workaround so a
FIXME comment has been added to remind about it in case we someday
move to native prefix.
(From OE-Core rev: bb25eac63cb9b2d0e1a45f5002a5e90562471aa1)
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
Add bash, python or perl to the ptest pkgs to fix the RDEPENDS issues.
(From OE-Core rev: d081a85fc76e2b7a469c6c70175ecf7aed9de053)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The recipe had libpam hardcoded in some places which were causing
failures as the metadata renaming hooks does not change those,
generating a broken dependencies list.
This patch fixes those and add the native and nativesdk support.
(From OE-Core rev: df3038768f59f7a0c814974ff674d4e59cbdfca4)
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
v2 changes:
* update format for commit log
* add Upstream-Status for patch
Multiple directory traversal vulnerabilities in pam_timestamp.c in the
pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to
create aribitrary files or possibly bypass authentication via a .. (dot
dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY
value to the check_tty funtion, which is used by the
format_timestamp_name function.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2583
(From OE-Core rev: 69255c84ebd99629da8174e1e73fd8c715e49b52)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
The base_contains is kept as a compatibility method and we ought to
not use it in OE-Core so we can remove it from base metadata in
future.
(From OE-Core rev: d83b16dbf0862be387f84228710cb165c6d2b03b)
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While the BSP is configured as a 64-bit kernel and 32-bit userspace,
add a 64-bit version of libpam to the filesystem, there was a failure:
...
| Computing transaction...error: Can't install
pam-plugin-unix-1.1.6-r2@lib64_x86_64: no package provides libpam-lib64
|
| Saving cache...
...
While using 'lib64' as the multilib suffix of libpam RPROVIDES , the
RPROVIDES was overridden by map_depends_variable in classextend.py.
...
$RPROVIDES_lib64-libpam [2 operations]
set data_smart.py:429 [finalize]
" libpam-${baselib}"
set classextend.py:71 [map_depends_variable]4532
"lib64-libpam"
computed:
"lib64-libpam"
RPROVIDES_lib64-libpam="lib64-libpam"
...
Rename the suffix could fix this issue.
[YOCTO #4532]
(From OE-Core rev: 77e3d60fa00a41424fe65977b2bf307727a5a26c)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libpam might miss ABI specific dependencies for pam-plugins-*, for RPM uses
generic names to check the packages depending on it and doesn't consider the
arch, which will lead to packaging issues in mulbilib build.
pam_plugin_hook is added because the plugin packages are dynamically
generated, so we need to manually process multilib names by add baselib to
RPROVIDES/RDEPENDS as ABI specific tag.
(From OE-Core rev: d08e64a98316d7659b0fb56812667c534f66a1a8)
Signed-off-by: Ming Liu <ming.liu@windriver.com>
I worked with Ming Liu on this particular issue. You may wonder why
this is necessary let me attempt to explain the underlying causes.
In deb/ipk on a multilib package, the package name has specific multilib
references in it. I.e. the alternative libraries start with something
like lib32-... This was done primarily because deb/ipk do not allow two
packages with the same name (but different architectures) to be
installed at the same time. So the name has to be unique.
In RPM however, the names of the packages and matches with the
architectures and if they are not the same we can do these multilib
installs. This matches the behavior of other RPM based distributions
and in many ways the tools people are used to working with RPM. For the
most part this works fine in multilib configurations because additional
per-file dependencies are added that capture the shared library
dependencies with ABI specific information. This unfortunately fails in
a few cases where plugins are dynamically loaded via dlopen -- such as
libpam.
One possible fix is simply to follow the deb/ipk package naming, but
this causes a design advantage of rpm. When a package has a dependency
on 'bash', we really don't care what bash is installed, only that -a-
bash is installed. In the deb/ipk case, the lib32- packages would end
up with a lib32-bash dependency and you could potentially end up with
two 'bash' packages being installed.
So the fix I recommended for the issue was to add the baselib path to
the internal dependencies. Since we know that the libpam installed in
'lib' needs the modules that were compiled to also work with the 'lib'
version of libpam. While the libpam in 'lib64' need the modules to work
with the 'lib64' version of the plugins.
Existing dependencies are preserved so there is no impact in the ipk/deb
case, the RPM case is resolved as the additional dependency information
is now present for the package manager to select the package we really
want.
If anyone else has a suggestion for an alternative fix, we're interested
-- but this is the best answer we could come up with. (If any of the
above should be added to the commit message, the YP bug, or
documentation, please let me know and I'll make sure it gets added.)
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
[YOCTO #4532]
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* resolves following warnings:
WARNING: Use of PRINC 17 was detected in the recipe meta-openembedded/meta-systemd/recipes-core/systemd/systemd-machine-units_1.0.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe meta-openembedded/meta-gpe/recipes-support/fbreader/fbreader_0.12.10.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe meta-openembedded/meta-gpe/recipes-support/fbreader/fbreader_git.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe meta-openembedded/meta-multimedia/recipes-multimedia/sox/sox_14.4.0.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe meta-openembedded/meta-oe/recipes-multimedia/mplayer/mplayer-common.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe meta-smartphone/meta-android/recipes-bsp/chroot-script/chroot-script_1.0.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-connectivity/avahi/avahi-ui_0.6.31.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-connectivity/bind/bind_9.8.1.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-core/systemd/systemd-serialgetty.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-core/sysvinit/sysvinit-inittab_2.88dsf.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-extended/screen/screen_4.0.3.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-extended/shadow/shadow-securetty_4.1.4.3.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-extended/shadow/shadow_4.1.4.3.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-graphics/libsdl/libsdl_1.2.15.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-graphics/packagegroups/packagegroup-core-x11-xserver.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-kernel/modutils-initscripts/modutils-initscripts.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.25.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-support/libcap/libcap_2.22.bb (or one of its .bbappends)
WARNING: Use of PRINC 11 was detected in the recipe openembedded-core/meta/recipes-bsp/keymaps/keymaps_1.0.bb (or one of its .bbappends)
WARNING: Use of PRINC 11 was detected in the recipe openembedded-core/meta/recipes-core/systemd/systemd-compat-units.bb (or one of its .bbappends)
WARNING: Use of PRINC 12 was detected in the recipe openembedded-core/meta/recipes-core/initscripts/initscripts_1.0.bb (or one of its .bbappends)
WARNING: Use of PRINC 13 was detected in the recipe openembedded-core/meta/recipes-core/base-files/base-files_3.0.14.bb (or one of its .bbappends)
WARNING: Use of PRINC 2 was detected in the recipe meta-openembedded/meta-oe/recipes-navigation/navit/navit_svn.bb (or one of its .bbappends)
WARNING: Use of PRINC 2 was detected in the recipe meta-openembedded/meta-oe/recipes-support/lvm2/lvm2_2.02.97.bb (or one of its .bbappends)
WARNING: Use of PRINC 2 was detected in the recipe openembedded-core/meta/recipes-connectivity/portmap/portmap_6.0.bb (or one of its .bbappends)
WARNING: Use of PRINC 2 was detected in the recipe openembedded-core/meta/recipes-extended/pam/libpam_1.1.6.bb (or one of its .bbappends)
WARNING: Use of PRINC 2 was detected in the recipe openembedded-core/meta/recipes-graphics/packagegroups/packagegroup-core-x11.bb (or one of its .bbappends)
WARNING: Use of PRINC 3 was detected in the recipe meta-openembedded/meta-efl/recipes-efl/efl/entrance_svn.bb (or one of its .bbappends)
WARNING: Use of PRINC 3 was detected in the recipe meta-openembedded/meta-oe/recipes-multimedia/mplayer/mplayer2_git.bb (or one of its .bbappends)
WARNING: Use of PRINC 3 was detected in the recipe openembedded-core/meta/recipes-bsp/formfactor/formfactor_0.0.bb (or one of its .bbappends)
WARNING: Use of PRINC 3 was detected in the recipe openembedded-core/meta/recipes-connectivity/avahi/avahi_0.6.31.bb (or one of its .bbappends)
WARNING: Use of PRINC 3 was detected in the recipe openembedded-core/meta/recipes-connectivity/dhcp/dhcp_4.2.5-P1.bb (or one of its .bbappends)
WARNING: Use of PRINC 3 was detected in the recipe openembedded-core/meta/recipes-core/init-ifupdown/init-ifupdown_1.0.bb (or one of its .bbappends)
WARNING: Use of PRINC 3 was detected in the recipe openembedded-core/meta/recipes-graphics/xinput-calibrator/pointercal-xinput_0.0.bb (or one of its .bbappends)
WARNING: Use of PRINC 5 was detected in the recipe meta-openembedded/meta-oe/recipes-core/meta/distro-feed-configs.bb (or one of its .bbappends)
WARNING: Use of PRINC 5 was detected in the recipe openembedded-core/meta/recipes-connectivity/bluez/bluez4_4.101.bb (or one of its .bbappends)
WARNING: Use of PRINC 6 was detected in the recipe openembedded-core/meta/recipes-core/packagegroups/packagegroup-base.bb (or one of its .bbappends)
WARNING: Use of PRINC 6 was detected in the recipe openembedded-core/meta/recipes-core/packagegroups/packagegroup-core-boot.bb (or one of its .bbappends)
WARNING: Use of PRINC 6 was detected in the recipe openembedded-core/meta/recipes-graphics/xorg-xserver/xserver-xf86-config_0.1.bb (or one of its .bbappends)
WARNING: Use of PRINC 7 was detected in the recipe meta-openembedded/meta-oe/recipes-navigation/gpsd/gpsd_3.7.bb (or one of its .bbappends)
WARNING: Use of PRINC 7 was detected in the recipe openembedded-core/meta/recipes-core/udev/udev-extraconf_1.0.bb (or one of its .bbappends)
(From OE-Core rev: c6825ec6e92e20bb64a051d1576f363c16e98d68)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
Using the contains function results in more optimal sstate checksums
resulting in better cache reuse as we as more consistent code.
(From OE-Core rev: 9c93526756e7cbbff027c88eb972f877bcb1f057)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since we dont use prelude in OE, we just disable autodetection of
prelude in the libpam configuration.
Seems like an old bug:
http://lists.openembedded.org/pipermail/openembedded-devel/2012-March/083804.html
(From OE-Core rev: 9096c6a46cf2467c90873c235b4533faf97d6175)
Signed-off-by: David Nyström <david.nystrom@enea.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
So that sysvinit images don't warn on every login only add it to common-session
if systemd is a DISTRO_FEATURE.
[ YOCTO #3805 ]
(From OE-Core rev: 3ccb0855a7a6b147e5025855c6376747ba72986a)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We do not want libpam to build using audit just
because it happens to be lying around, so we
create PACKAGECONFIG[] data to give us explicit
control.
(From OE-Core rev: 4db6aa2094447f8d2a9c234089a80ddcd78fcbd0)
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
To be secure, change behavior of the OTHER entries to warn and deny
access to everything by stating pam_deny.so on all services.
(From OE-Core rev: 4ca0af699b5b4b3cf95b3e76482651949fd922ac)
Signed-off-by: Ming Liu <ming.liu@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Debian patch to add a new 'nullok_secure' option to pam_unix, which
accepts users with null passwords only when the applicant is connected
from a tty listed in /etc/securetty.
The original pam_unix.so was configured with nullok_secure in
meta/recipes-extended/pam/libpam/pam.d/common-auth, but no such code
exists actually.
The patch set comes from:
http://patch-tracker.debian.org/patch/series/view/pam/1.1.3-7.1/054_pam_security_abstract_securetty_handling
http://patch-tracker.debian.org/patch/series/view/pam/1.1.3-7.1/055_pam_unix_nullok_secure
(From OE-Core rev: 10cdd66fe800cffe3f2cbf5c95550b4f7902a311)
Signed-off-by: Ming Liu <ming.liu@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* missing dependency on pkgconfig-native was causing
that PKG_CHECK_MODULES(DBUS, dbus-1) stayed unexpanded in
configure script:
checking for dbm_store in -lndbm... no
libpam/1.1.6-r2/Linux-PAM-1.1.6/configure:
line 14217: syntax error near unexpected token `libtirpc,'
libpam/1.1.6-r2/Linux-PAM-1.1.6/configure:
line 14217: ` PKG_CHECK_MODULES(libtirpc, libtirpc,'
Configure failed. The contents of all config.log files follows to aid
debugging
(From OE-Core rev: d8d230a164b4e98dbb3a9e6d9bb567c2aabee7f9)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: fd9bad3e48a605e9fd28c129413300ff6b548788)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 1b4b25d3cebab90398db208281d54e7442d43bcd)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Change default for user_readenv to 0 and document the
new default for user_readenv.
This fix from:
http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_env
/pam_env.c?r1=1.22&r2=1.23&view=patch
http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_env
/pam_env.8.xml?r1=1.7&r2=1.8&view=patch
(From OE-Core rev: 871ae7a6453b3b66610fd8bbaa770c92be850e19)
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove the wildcard from the SRC_URI. This causes problems when you .bbappend
and add a FILESEXTRAPATHS entry. The unpack task may be unable to find the
files to unpack leading to an error.
Avoid wildcards at all costs...
(From OE-Core rev: 6d3705123dd2f808a9778326aa04a2854f7b5378)
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport patches from linux-pam git repo to fix test case
tst-pam_pwhistory1 failure.
[YOCTO #4107]
(From OE-Core rev: 65e4a9f050ae588ec794808315a206d94ca7a861)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
| |
(From OE-Core rev: 3d27366f17e597380fee738f14f119d880a77985)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|