From 46d33a45d654c018ea283d36015060e8af1905db Mon Sep 17 00:00:00 2001 From: Alexander Kanavin Date: Wed, 13 Mar 2024 18:33:32 +0100 Subject: shadow: update 4.14.2 -> 4.15.0 libcrack support was dropped. (From OE-Core rev: c976d67cc73948eb09700be349d63a5d3840acdc) Signed-off-by: Alexander Kanavin Signed-off-by: Richard Purdie --- ...ydir-copy_entry-use-temporary-stat-buffer.patch | 24 +++---- ...fix-unexpected-open-failure-in-chroot-env.patch | 9 +-- .../shadow/files/shadow-update-pam-conf.patch | 79 ++++++++++++++-------- meta/recipes-extended/shadow/shadow.inc | 4 +- meta/recipes-extended/shadow/shadow_4.14.2.bb | 10 --- meta/recipes-extended/shadow/shadow_4.15.0.bb | 10 +++ 6 files changed, 78 insertions(+), 58 deletions(-) delete mode 100644 meta/recipes-extended/shadow/shadow_4.14.2.bb create mode 100644 meta/recipes-extended/shadow/shadow_4.15.0.bb (limited to 'meta/recipes-extended/shadow') diff --git a/meta/recipes-extended/shadow/files/0001-lib-copydir-copy_entry-use-temporary-stat-buffer.patch b/meta/recipes-extended/shadow/files/0001-lib-copydir-copy_entry-use-temporary-stat-buffer.patch index d278a4cda3..2e5503bfd4 100644 --- a/meta/recipes-extended/shadow/files/0001-lib-copydir-copy_entry-use-temporary-stat-buffer.patch +++ b/meta/recipes-extended/shadow/files/0001-lib-copydir-copy_entry-use-temporary-stat-buffer.patch @@ -16,11 +16,9 @@ Signed-off-by: Enrico Scholz lib/copydir.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) -Index: shadow-4.14.2/lib/copydir.c -=================================================================== ---- shadow-4.14.2.orig/lib/copydir.c -+++ shadow-4.14.2/lib/copydir.c -@@ -415,6 +415,7 @@ static int copy_entry (const struct path +--- a/lib/copydir.c ++++ b/lib/copydir.c +@@ -400,6 +400,7 @@ static int copy_entry (const struct path { int err = 0; struct stat sb; @@ -28,12 +26,12 @@ Index: shadow-4.14.2/lib/copydir.c struct link_name *lp; struct timespec mt[2]; -@@ -436,7 +437,7 @@ static int copy_entry (const struct path - * If the destination already exists do nothing. - * This is after the copy_dir above to still iterate into subdirectories. - */ -- if (fstatat(dst->dirfd, dst->name, &sb, AT_SYMLINK_NOFOLLOW) != -1) { -+ if (fstatat(dst->dirfd, dst->name, &tmp_sb, AT_SYMLINK_NOFOLLOW) != -1) { - return 0; - } +@@ -423,7 +424,7 @@ static int copy_entry (const struct path + * If the destination already exists do nothing. + * This is after the copy_dir above to still iterate into subdirectories. + */ +- if (fstatat(dst->dirfd, dst->name, &sb, AT_SYMLINK_NOFOLLOW) != -1) { ++ if (fstatat(dst->dirfd, dst->name, &tmp_sb, AT_SYMLINK_NOFOLLOW) != -1) { + return err; + } diff --git a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch index 4a932d2dbb..cd99aad135 100644 --- a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch +++ b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch @@ -1,4 +1,4 @@ -From a773c6b240d27e23d6be41decef0edf24fcee523 Mon Sep 17 00:00:00 2001 +From f512071dd3a4c29d4bf048c5a89c4ba9160e37b1 Mon Sep 17 00:00:00 2001 From: Chen Qi Date: Thu, 17 Jul 2014 15:53:34 +0800 Subject: [PATCH] commonio.c-fix-unexpected-open-failure-in-chroot-env @@ -20,10 +20,10 @@ Signed-off-by: Chen Qi 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/lib/commonio.c b/lib/commonio.c -index 73fdb3a..d1231e9 100644 +index 01a26c9..82b2868 100644 --- a/lib/commonio.c +++ b/lib/commonio.c -@@ -606,10 +606,18 @@ int commonio_open (struct commonio_db *db, int mode) +@@ -601,10 +601,18 @@ int commonio_open (struct commonio_db *db, int mode) db->cursor = NULL; db->changed = false; @@ -46,6 +46,3 @@ index 73fdb3a..d1231e9 100644 db->fp = NULL; if (fd >= 0) { #ifdef WITH_TCB --- -2.30.2 - diff --git a/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch b/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch index 3b61b75e5b..1eacb8a53f 100644 --- a/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch +++ b/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch @@ -1,3 +1,8 @@ +From 38882ab288fd4d2cc2e45dff222ae3412c8fe357 Mon Sep 17 00:00:00 2001 +From: Kang Kai +Date: Wed, 20 Jul 2011 19:18:14 +0800 +Subject: [PATCH] shadow: update pam related configure files + The system-auth in the configure files is from Fedora which put all the 4 pam type rules in one file. In yocto it obey the way with Debian/Ubuntu, and the names are common-auth, common-account, @@ -9,82 +14,102 @@ See meta/recipes-extended/pam/libpam/pam.d/common-password Upstream-Status: Inappropriate [oe-core specific] Signed-off-by: Kang Kai +--- + etc/pam.d/chage | 2 +- + etc/pam.d/chgpasswd | 2 +- + etc/pam.d/groupadd | 2 +- + etc/pam.d/groupdel | 2 +- + etc/pam.d/groupmems | 2 +- + etc/pam.d/groupmod | 2 +- + etc/pam.d/useradd | 2 +- + etc/pam.d/userdel | 2 +- + etc/pam.d/usermod | 2 +- + 9 files changed, 9 insertions(+), 9 deletions(-) -diff -Nur shadow-4.1.4.3/etc/pam.d.orig/chage shadow-4.1.4.3/etc/pam.d/chage ---- shadow-4.1.4.3/etc/pam.d.orig/chage 2011-07-20 19:02:27.384844958 +0800 -+++ shadow-4.1.4.3/etc/pam.d/chage 2011-07-20 19:03:08.964844958 +0800 +diff --git a/etc/pam.d/chage b/etc/pam.d/chage +index 8f49f5c..b1f365d 100644 +--- a/etc/pam.d/chage ++++ b/etc/pam.d/chage @@ -1,4 +1,4 @@ #%PAM-1.0 auth sufficient pam_rootok.so account required pam_permit.so -password include system-auth +password include common-password -diff -Nur shadow-4.1.4.3/etc/pam.d.orig/chgpasswd shadow-4.1.4.3/etc/pam.d/chgpasswd ---- shadow-4.1.4.3/etc/pam.d.orig/chgpasswd 2011-07-20 19:02:27.384844958 +0800 -+++ shadow-4.1.4.3/etc/pam.d/chgpasswd 2011-07-20 19:03:26.544844958 +0800 +diff --git a/etc/pam.d/chgpasswd b/etc/pam.d/chgpasswd +index 8f49f5c..b1f365d 100644 +--- a/etc/pam.d/chgpasswd ++++ b/etc/pam.d/chgpasswd @@ -1,4 +1,4 @@ #%PAM-1.0 auth sufficient pam_rootok.so account required pam_permit.so -password include system-auth +password include common-password -diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupadd shadow-4.1.4.3/etc/pam.d/groupadd ---- shadow-4.1.4.3/etc/pam.d.orig/groupadd 2011-07-20 19:02:27.384844958 +0800 -+++ shadow-4.1.4.3/etc/pam.d/groupadd 2011-07-20 19:04:08.124844958 +0800 +diff --git a/etc/pam.d/groupadd b/etc/pam.d/groupadd +index 8f49f5c..b1f365d 100644 +--- a/etc/pam.d/groupadd ++++ b/etc/pam.d/groupadd @@ -1,4 +1,4 @@ #%PAM-1.0 auth sufficient pam_rootok.so account required pam_permit.so -password include system-auth +password include common-password -diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupdel shadow-4.1.4.3/etc/pam.d/groupdel ---- shadow-4.1.4.3/etc/pam.d.orig/groupdel 2011-07-20 19:02:27.384844958 +0800 -+++ shadow-4.1.4.3/etc/pam.d/groupdel 2011-07-20 19:04:26.114844958 +0800 +diff --git a/etc/pam.d/groupdel b/etc/pam.d/groupdel +index 8f49f5c..b1f365d 100644 +--- a/etc/pam.d/groupdel ++++ b/etc/pam.d/groupdel @@ -1,4 +1,4 @@ #%PAM-1.0 auth sufficient pam_rootok.so account required pam_permit.so -password include system-auth +password include common-password -diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupmems shadow-4.1.4.3/etc/pam.d/groupmems ---- shadow-4.1.4.3/etc/pam.d.orig/groupmems 2011-07-20 19:02:27.384844958 +0800 -+++ shadow-4.1.4.3/etc/pam.d/groupmems 2011-07-20 19:04:35.074844958 +0800 +diff --git a/etc/pam.d/groupmems b/etc/pam.d/groupmems +index 8f49f5c..b1f365d 100644 +--- a/etc/pam.d/groupmems ++++ b/etc/pam.d/groupmems @@ -1,4 +1,4 @@ #%PAM-1.0 auth sufficient pam_rootok.so account required pam_permit.so -password include system-auth +password include common-password -diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupmod shadow-4.1.4.3/etc/pam.d/groupmod ---- shadow-4.1.4.3/etc/pam.d.orig/groupmod 2011-07-20 19:02:27.384844958 +0800 -+++ shadow-4.1.4.3/etc/pam.d/groupmod 2011-07-20 19:04:44.864844958 +0800 +diff --git a/etc/pam.d/groupmod b/etc/pam.d/groupmod +index 8f49f5c..b1f365d 100644 +--- a/etc/pam.d/groupmod ++++ b/etc/pam.d/groupmod @@ -1,4 +1,4 @@ #%PAM-1.0 auth sufficient pam_rootok.so account required pam_permit.so -password include system-auth +password include common-password -diff -Nur shadow-4.1.4.3/etc/pam.d.orig/useradd shadow-4.1.4.3/etc/pam.d/useradd ---- shadow-4.1.4.3/etc/pam.d.orig/useradd 2011-07-20 19:02:27.384844958 +0800 -+++ shadow-4.1.4.3/etc/pam.d/useradd 2011-07-20 19:07:26.244844958 +0800 +diff --git a/etc/pam.d/useradd b/etc/pam.d/useradd +index 8f49f5c..b1f365d 100644 +--- a/etc/pam.d/useradd ++++ b/etc/pam.d/useradd @@ -1,4 +1,4 @@ #%PAM-1.0 auth sufficient pam_rootok.so account required pam_permit.so -password include system-auth +password include common-password -diff -Nur shadow-4.1.4.3/etc/pam.d.orig/userdel shadow-4.1.4.3/etc/pam.d/userdel ---- shadow-4.1.4.3/etc/pam.d.orig/userdel 2011-07-20 19:02:27.384844958 +0800 -+++ shadow-4.1.4.3/etc/pam.d/userdel 2011-07-20 19:07:35.734844958 +0800 +diff --git a/etc/pam.d/userdel b/etc/pam.d/userdel +index 8f49f5c..b1f365d 100644 +--- a/etc/pam.d/userdel ++++ b/etc/pam.d/userdel @@ -1,4 +1,4 @@ #%PAM-1.0 auth sufficient pam_rootok.so account required pam_permit.so -password include system-auth +password include common-password -diff -Nur shadow-4.1.4.3/etc/pam.d.orig/usermod shadow-4.1.4.3/etc/pam.d/usermod ---- shadow-4.1.4.3/etc/pam.d.orig/usermod 2011-07-20 19:02:27.384844958 +0800 -+++ shadow-4.1.4.3/etc/pam.d/usermod 2011-07-20 19:07:42.024844958 +0800 +diff --git a/etc/pam.d/usermod b/etc/pam.d/usermod +index 8f49f5c..b1f365d 100644 +--- a/etc/pam.d/usermod ++++ b/etc/pam.d/usermod @@ -1,4 +1,4 @@ #%PAM-1.0 auth sufficient pam_rootok.so diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc index 40e6ab0b30..7b9763d6db 100644 --- a/meta/recipes-extended/shadow/shadow.inc +++ b/meta/recipes-extended/shadow/shadow.inc @@ -25,7 +25,7 @@ SRC_URI:append:class-target = " \ SRC_URI:append:class-native = " \ file://commonio.c-fix-unexpected-open-failure-in-chroot-env.patch \ " -SRC_URI[sha256sum] = "a305edf5d19bddbdf5e836d2d609fa8bff2d35458819de4d9f06306a1cf24342" +SRC_URI[sha256sum] = "377fe0d7c1a0aa5e3514c08fdf5ddc70c9dcbb391678c2134445ed97326bcc26" # Additional Policy files for PAM PAM_SRC_URI = "file://pam.d/chfn \ @@ -40,7 +40,7 @@ inherit autotools gettext github-releases pkgconfig export CONFIG_SHELL="/bin/sh" -EXTRA_OECONF += "--without-libcrack \ +EXTRA_OECONF += " \ --with-group-name-max-length=24 \ --enable-subordinate-ids=yes \ --without-sssd \ diff --git a/meta/recipes-extended/shadow/shadow_4.14.2.bb b/meta/recipes-extended/shadow/shadow_4.14.2.bb deleted file mode 100644 index e57676c1da..0000000000 --- a/meta/recipes-extended/shadow/shadow_4.14.2.bb +++ /dev/null @@ -1,10 +0,0 @@ -require shadow.inc - -# Build falsely assumes that if --enable-libpam is set, we don't need to link against -# libcrypt. This breaks chsh. -BUILD_LDFLAGS:append:class-target = " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '-lcrypt', '', d)}" - -BBCLASSEXTEND = "native nativesdk" - -# https://bugzilla.redhat.com/show_bug.cgi?id=884658 -CVE_STATUS[CVE-2013-4235] = "upstream-wontfix: Severity is low and marked as closed and won't fix." diff --git a/meta/recipes-extended/shadow/shadow_4.15.0.bb b/meta/recipes-extended/shadow/shadow_4.15.0.bb new file mode 100644 index 0000000000..e57676c1da --- /dev/null +++ b/meta/recipes-extended/shadow/shadow_4.15.0.bb @@ -0,0 +1,10 @@ +require shadow.inc + +# Build falsely assumes that if --enable-libpam is set, we don't need to link against +# libcrypt. This breaks chsh. +BUILD_LDFLAGS:append:class-target = " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '-lcrypt', '', d)}" + +BBCLASSEXTEND = "native nativesdk" + +# https://bugzilla.redhat.com/show_bug.cgi?id=884658 +CVE_STATUS[CVE-2013-4235] = "upstream-wontfix: Severity is low and marked as closed and won't fix." -- cgit v1.2.3-54-g00ecf