From 985735386e0d979e6e20225b9b9c29f04a5aaa46 Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Sun, 20 Nov 2022 14:31:13 +0100
Subject: shadow: update 4.12.3 -> 4.13

Drop
0001-Drop-nsswitch.conf-message-when-not-in-place-eg.-musl.patch
(issue fixed upstream)
0001-shadow-use-relaxed-usernames.patch
(merged upstream)

(From OE-Core rev: 03917700e4bba2c979e055b5f0939f14ebe09525)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 .../0001-Disable-use-of-syslog-for-sysroot.patch   |   6 +-
 ...h.conf-message-when-not-in-place-eg.-musl.patch |  27 ------
 .../files/0001-shadow-use-relaxed-usernames.patch  | 104 ---------------------
 ...fix-unexpected-open-failure-in-chroot-env.patch |   6 +-
 meta/recipes-extended/shadow/shadow.inc            |   4 +-
 meta/recipes-extended/shadow/shadow_4.12.3.bb      |  11 ---
 meta/recipes-extended/shadow/shadow_4.13.bb        |  11 +++
 7 files changed, 18 insertions(+), 151 deletions(-)
 delete mode 100644 meta/recipes-extended/shadow/files/0001-Drop-nsswitch.conf-message-when-not-in-place-eg.-musl.patch
 delete mode 100644 meta/recipes-extended/shadow/files/0001-shadow-use-relaxed-usernames.patch
 delete mode 100644 meta/recipes-extended/shadow/shadow_4.12.3.bb
 create mode 100644 meta/recipes-extended/shadow/shadow_4.13.bb

(limited to 'meta/recipes-extended/shadow')

diff --git a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch b/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch
index 628db42136..fa1532c831 100644
--- a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch
+++ b/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch
@@ -1,4 +1,4 @@
-From 8b845fff891798a03bdf21354b52e4487c2c0200 Mon Sep 17 00:00:00 2001
+From 85d0444229ee3d14fefcf10d093f49c862826f82 Mon Sep 17 00:00:00 2001
 From: Richard Purdie <richard.purdie@linuxfoundation.org>
 Date: Thu, 14 Apr 2022 23:11:53 +0000
 Subject: [PATCH] Disable use of syslog for shadow-native tools
@@ -17,10 +17,10 @@ Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
  2 files changed, 3 insertions(+), 2 deletions(-)
 
 diff --git a/configure.ac b/configure.ac
-index 5dcae19..b2c58f5 100644
+index 924254a..603af81 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -204,7 +204,7 @@ AC_DEFINE_UNQUOTED(PASSWD_PROGRAM, "$shadow_cv_passwd_dir/passwd",
+@@ -191,7 +191,7 @@ AC_DEFINE_UNQUOTED(PASSWD_PROGRAM, "$shadow_cv_passwd_dir/passwd",
  	[Path to passwd program.])
  
  dnl XXX - quick hack, should disappear before anyone notices :).
diff --git a/meta/recipes-extended/shadow/files/0001-Drop-nsswitch.conf-message-when-not-in-place-eg.-musl.patch b/meta/recipes-extended/shadow/files/0001-Drop-nsswitch.conf-message-when-not-in-place-eg.-musl.patch
deleted file mode 100644
index 21c9a1415c..0000000000
--- a/meta/recipes-extended/shadow/files/0001-Drop-nsswitch.conf-message-when-not-in-place-eg.-musl.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 11290e897a49adddee215833944a518443d9b0d6 Mon Sep 17 00:00:00 2001
-From: Andrei Gherzan <andrei.gherzan@huawei.com>
-Date: Wed, 24 Aug 2022 00:54:47 +0200
-Subject: [PATCH] Drop nsswitch.conf message when not in place - eg. musl
-
-Upstream-Status: Inappropriate [issue reported at https://github.com/shadow-maint/shadow/issues/557]
-Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
----
- lib/nss.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/lib/nss.c b/lib/nss.c
-index 06fa48e..44245da 100644
---- a/lib/nss.c
-+++ b/lib/nss.c
-@@ -59,7 +59,7 @@ void nss_init(const char *nsswitch_path) {
- 	//   subid:	files
- 	nssfp = fopen(nsswitch_path, "r");
- 	if (!nssfp) {
--		fprintf(shadow_logfd, "Failed opening %s: %m\n", nsswitch_path);
-+		//fprintf(shadow_logfd, "Failed opening %s: %m\n", nsswitch_path);
- 		atomic_store(&nss_init_completed, true);
- 		return;
- 	}
--- 
-2.25.1
-
diff --git a/meta/recipes-extended/shadow/files/0001-shadow-use-relaxed-usernames.patch b/meta/recipes-extended/shadow/files/0001-shadow-use-relaxed-usernames.patch
deleted file mode 100644
index 6c7abcef1d..0000000000
--- a/meta/recipes-extended/shadow/files/0001-shadow-use-relaxed-usernames.patch
+++ /dev/null
@@ -1,104 +0,0 @@
-From b182c52d63bea0f08e1befcec5c3797dd97cdef5 Mon Sep 17 00:00:00 2001
-From: Alexander Kanavin <alex@linutronix.de>
-Date: Tue, 16 Aug 2022 13:46:22 +0200
-Subject: [PATCH] shadow: use relaxed usernames
-
-The groupadd from shadow does not allow upper case group names, the
-same is true for the upstream shadow. But distributions like
-Debian/Ubuntu/CentOS has their own way to cope with this problem,
-this patch is picked up from CentOS release 7.0 to relax the usernames
-restrictions to allow the upper case group names, and the relaxation is
-POSIX compliant because POSIX indicate that usernames are composed of
-characters from the portable filename character set [A-Za-z0-9._-].
-
-Upstream-Status: Submitted [https://github.com/shadow-maint/shadow/pull/551]
-
-Signed-off-by: Shan Hai <shan.hai@windriver.com>
-Signed-off-by: Alexander Kanavin <alex@linutronix.de>
----
- libmisc/chkname.c  | 29 ++++++++++++++++++-----------
- man/groupadd.8.xml |  6 ------
- man/useradd.8.xml  |  6 ------
- 3 files changed, 18 insertions(+), 23 deletions(-)
-
-diff --git a/libmisc/chkname.c b/libmisc/chkname.c
-index cb002a14..c0306c5a 100644
---- a/libmisc/chkname.c
-+++ b/libmisc/chkname.c
-@@ -32,21 +32,28 @@ static bool is_valid_name (const char *name)
- 	}
- 
- 	/*
--	 * User/group names must match [a-z_][a-z0-9_-]*[$]
--	 */
--
--	if (('\0' == *name) ||
--	    !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) {
-+         * User/group names must match gnu e-regex:
-+         *    [a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]?
-+         *
-+         * as a non-POSIX, extension, allow "$" as the last char for
-+         * sake of Samba 3.x "add machine script"
-+         */
-+	if ( ('\0' == *name) ||
-+             !((*name >= 'a' && *name <= 'z') ||
-+               (*name >= 'A' && *name <= 'Z') ||
-+               (*name >= '0' && *name <= '9') ||
-+               (*name == '_') || (*name == '.') 
-+	      )) {
- 		return false;
- 	}
- 
- 	while ('\0' != *++name) {
--		if (!(( ('a' <= *name) && ('z' >= *name) ) ||
--		      ( ('0' <= *name) && ('9' >= *name) ) ||
--		      ('_' == *name) ||
--		      ('-' == *name) ||
--		      ( ('$' == *name) && ('\0' == *(name + 1)) )
--		     )) {
-+                if (!(  (*name >= 'a' && *name <= 'z') ||
-+                        (*name >= 'A' && *name <= 'Z') ||
-+                        (*name >= '0' && *name <= '9') ||
-+                        (*name == '_') || (*name == '.') || (*name == '-') ||
-+                        (*name == '$' && *(name + 1) == '\0') 
-+                     )) {
- 			return false;
- 		}
- 	}
-diff --git a/man/groupadd.8.xml b/man/groupadd.8.xml
-index 26671f92..3eacaa09 100644
---- a/man/groupadd.8.xml
-+++ b/man/groupadd.8.xml
-@@ -63,12 +63,6 @@
-       values from the system. The new group will be entered into the system
-       files as needed.
-     </para>
--     <para>
--       Groupnames must start with a lower case letter or an underscore,
--       followed by lower case letters, digits, underscores, or dashes.
--       They can end with a dollar sign.
--       In regular expression terms: [a-z_][a-z0-9_-]*[$]?
--     </para>
-      <para>
-        Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long.
-      </para>
-diff --git a/man/useradd.8.xml b/man/useradd.8.xml
-index c7f95b47..e056d141 100644
---- a/man/useradd.8.xml
-+++ b/man/useradd.8.xml
-@@ -691,12 +691,6 @@
-       the user account creation request.
-     </para>
- 
--    <para>
--      Usernames must start with a lower case letter or an underscore,
--      followed by lower case letters, digits, underscores, or dashes.
--      They can end with a dollar sign.
--      In regular expression terms: [a-z_][a-z0-9_-]*[$]?
--    </para>
-     <para>
-       Usernames may only be up to 32 characters long.
-     </para>
--- 
-2.30.2
-
diff --git a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch
index 173e8a937d..85d9175105 100644
--- a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch
+++ b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch
@@ -1,4 +1,4 @@
-From d767f776e631f1493fd7b266f2026d630ecf70fe Mon Sep 17 00:00:00 2001
+From 21583da072aa66901d859ac00ce209bac87ddecc Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Thu, 17 Jul 2014 15:53:34 +0800
 Subject: [PATCH] commonio.c-fix-unexpected-open-failure-in-chroot-env
@@ -21,10 +21,10 @@ Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
  1 file changed, 12 insertions(+), 4 deletions(-)
 
 diff --git a/lib/commonio.c b/lib/commonio.c
-index 9e0fde6..7c3a1da 100644
+index 9a02ce1..61384ec 100644
 --- a/lib/commonio.c
 +++ b/lib/commonio.c
-@@ -624,10 +624,18 @@ int commonio_open (struct commonio_db *db, int mode)
+@@ -616,10 +616,18 @@ int commonio_open (struct commonio_db *db, int mode)
  	db->cursor = NULL;
  	db->changed = false;
  
diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc
index 5656a375b7..2c70a2d00e 100644
--- a/meta/recipes-extended/shadow/shadow.inc
+++ b/meta/recipes-extended/shadow/shadow.inc
@@ -12,7 +12,6 @@ DEPENDS = "virtual/crypt"
 
 GITHUB_BASE_URI = "https://github.com/shadow-maint/shadow/releases"
 SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BP}.tar.gz \
-           file://0001-shadow-use-relaxed-usernames.patch \
            ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \
            file://useradd \
            "
@@ -25,12 +24,11 @@ SRC_URI:append:class-target = " \
 SRC_URI:append:class-native = " \
            file://0001-Disable-use-of-syslog-for-sysroot.patch \
            file://commonio.c-fix-unexpected-open-failure-in-chroot-env.patch \
-           file://0001-Drop-nsswitch.conf-message-when-not-in-place-eg.-musl.patch \
            "
 SRC_URI:append:class-nativesdk = " \
            file://0001-Disable-use-of-syslog-for-sysroot.patch \
            "
-SRC_URI[sha256sum] = "f525154adc5605e4ebf03d3e7ee8be4d7f3c7cf9df2c2244043406b6eefca2da"
+SRC_URI[sha256sum] = "813057047499c7fe81108adcf0cffa3ad4ec75e19a80151f9cbaa458ff2e86cd"
 
 
 # Additional Policy files for PAM
diff --git a/meta/recipes-extended/shadow/shadow_4.12.3.bb b/meta/recipes-extended/shadow/shadow_4.12.3.bb
deleted file mode 100644
index 40b11345c9..0000000000
--- a/meta/recipes-extended/shadow/shadow_4.12.3.bb
+++ /dev/null
@@ -1,11 +0,0 @@
-require shadow.inc
-
-# Build falsely assumes that if --enable-libpam is set, we don't need to link against
-# libcrypt. This breaks chsh.
-BUILD_LDFLAGS:append:class-target = " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '-lcrypt', '', d)}"
-
-BBCLASSEXTEND = "native nativesdk"
-
-# Severity is low and marked as closed and won't fix.
-# https://bugzilla.redhat.com/show_bug.cgi?id=884658
-CVE_CHECK_IGNORE += "CVE-2013-4235"
diff --git a/meta/recipes-extended/shadow/shadow_4.13.bb b/meta/recipes-extended/shadow/shadow_4.13.bb
new file mode 100644
index 0000000000..40b11345c9
--- /dev/null
+++ b/meta/recipes-extended/shadow/shadow_4.13.bb
@@ -0,0 +1,11 @@
+require shadow.inc
+
+# Build falsely assumes that if --enable-libpam is set, we don't need to link against
+# libcrypt. This breaks chsh.
+BUILD_LDFLAGS:append:class-target = " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '-lcrypt', '', d)}"
+
+BBCLASSEXTEND = "native nativesdk"
+
+# Severity is low and marked as closed and won't fix.
+# https://bugzilla.redhat.com/show_bug.cgi?id=884658
+CVE_CHECK_IGNORE += "CVE-2013-4235"
-- 
cgit v1.2.3-54-g00ecf