From f3a482b47678819b4a91bb58810c7bc6ef9e6f3e Mon Sep 17 00:00:00 2001 From: Yu Ke Date: Mon, 28 Feb 2011 19:34:45 +0800 Subject: shadow: upgrade to 4.1.4.3 to fix security vulnerability For CVE-2011-0721: http://lists.debian.org/debian-security-announce/2011/msg00030.html Signed-off-by: Yu Ke --- .../shadow/files/login_defs_pam.sed | 32 ++++ meta/recipes-extended/shadow/files/pam.d/chfn | 14 ++ meta/recipes-extended/shadow/files/pam.d/chpasswd | 4 + meta/recipes-extended/shadow/files/pam.d/chsh | 19 ++ meta/recipes-extended/shadow/files/pam.d/login | 91 +++++++++ meta/recipes-extended/shadow/files/pam.d/newusers | 4 + meta/recipes-extended/shadow/files/pam.d/passwd | 5 + meta/recipes-extended/shadow/files/pam.d/su | 60 ++++++ meta/recipes-extended/shadow/files/securetty | 206 +++++++++++++++++++++ .../files/shadow-4.1.3-dots-in-usernames.patch | 23 +++ .../shadow-4.1.4.2-env-reset-keep-locale.patch | 27 +++ .../files/shadow-4.1.4.2-groupmod-pam-check.patch | 32 ++++ .../files/shadow-4.1.4.2-su_no_sanitize_env.patch | 27 +++ .../shadow/files/shadow.automake-1.11.patch | 102 ++++++++++ .../shadow/shadow-4.1.4.2/login_defs_pam.sed | 32 ---- .../shadow/shadow-4.1.4.2/pam.d/chfn | 14 -- .../shadow/shadow-4.1.4.2/pam.d/chpasswd | 4 - .../shadow/shadow-4.1.4.2/pam.d/chsh | 19 -- .../shadow/shadow-4.1.4.2/pam.d/login | 91 --------- .../shadow/shadow-4.1.4.2/pam.d/newusers | 4 - .../shadow/shadow-4.1.4.2/pam.d/passwd | 5 - .../shadow/shadow-4.1.4.2/pam.d/su | 60 ------ .../shadow/shadow-4.1.4.2/securetty | 206 --------------------- .../shadow-4.1.3-dots-in-usernames.patch | 23 --- .../shadow-4.1.4.2-env-reset-keep-locale.patch | 27 --- .../shadow-4.1.4.2-groupmod-pam-check.patch | 32 ---- .../shadow-4.1.4.2-su_no_sanitize_env.patch | 27 --- .../shadow-4.1.4.2/shadow.automake-1.11.patch | 102 ---------- meta/recipes-extended/shadow/shadow_4.1.4.2.bb | 14 -- meta/recipes-extended/shadow/shadow_4.1.4.3.bb | 14 ++ 30 files changed, 660 insertions(+), 660 deletions(-) create mode 100644 meta/recipes-extended/shadow/files/login_defs_pam.sed create mode 100644 meta/recipes-extended/shadow/files/pam.d/chfn create mode 100644 meta/recipes-extended/shadow/files/pam.d/chpasswd create mode 100644 meta/recipes-extended/shadow/files/pam.d/chsh create mode 100644 meta/recipes-extended/shadow/files/pam.d/login create mode 100644 meta/recipes-extended/shadow/files/pam.d/newusers create mode 100644 meta/recipes-extended/shadow/files/pam.d/passwd create mode 100644 meta/recipes-extended/shadow/files/pam.d/su create mode 100644 meta/recipes-extended/shadow/files/securetty create mode 100644 meta/recipes-extended/shadow/files/shadow-4.1.3-dots-in-usernames.patch create mode 100644 meta/recipes-extended/shadow/files/shadow-4.1.4.2-env-reset-keep-locale.patch create mode 100644 meta/recipes-extended/shadow/files/shadow-4.1.4.2-groupmod-pam-check.patch create mode 100644 meta/recipes-extended/shadow/files/shadow-4.1.4.2-su_no_sanitize_env.patch create mode 100644 meta/recipes-extended/shadow/files/shadow.automake-1.11.patch delete mode 100644 meta/recipes-extended/shadow/shadow-4.1.4.2/login_defs_pam.sed delete mode 100644 meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/chfn delete mode 100644 meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/chpasswd delete mode 100644 meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/chsh delete mode 100644 meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/login delete mode 100644 meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/newusers delete mode 100644 meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/passwd delete mode 100644 meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/su delete mode 100644 meta/recipes-extended/shadow/shadow-4.1.4.2/securetty delete mode 100644 meta/recipes-extended/shadow/shadow-4.1.4.2/shadow-4.1.3-dots-in-usernames.patch delete mode 100644 meta/recipes-extended/shadow/shadow-4.1.4.2/shadow-4.1.4.2-env-reset-keep-locale.patch delete mode 100644 meta/recipes-extended/shadow/shadow-4.1.4.2/shadow-4.1.4.2-groupmod-pam-check.patch delete mode 100644 meta/recipes-extended/shadow/shadow-4.1.4.2/shadow-4.1.4.2-su_no_sanitize_env.patch delete mode 100644 meta/recipes-extended/shadow/shadow-4.1.4.2/shadow.automake-1.11.patch delete mode 100644 meta/recipes-extended/shadow/shadow_4.1.4.2.bb create mode 100644 meta/recipes-extended/shadow/shadow_4.1.4.3.bb (limited to 'meta/recipes-extended/shadow') diff --git a/meta/recipes-extended/shadow/files/login_defs_pam.sed b/meta/recipes-extended/shadow/files/login_defs_pam.sed new file mode 100644 index 0000000000..0a1f3be4af --- /dev/null +++ b/meta/recipes-extended/shadow/files/login_defs_pam.sed @@ -0,0 +1,32 @@ +/^FAILLOG_ENAB/b comment +/^LASTLOG_ENAB/b comment +/^MAIL_CHECK_ENAB/b comment +/^OBSCURE_CHECKS_ENAB/b comment +/^PORTTIME_CHECKS_ENAB/b comment +/^QUOTAS_ENAB/b comment +/^MOTD_FILE/b comment +/^FTMP_FILE/b comment +/^NOLOGINS_FILE/b comment +/^ENV_HZ/b comment +/^ENV_TZ/b comment +/^PASS_MIN_LEN/b comment +/^SU_WHEEL_ONLY/b comment +/^CRACKLIB_DICTPATH/b comment +/^PASS_CHANGE_TRIES/b comment +/^PASS_ALWAYS_WARN/b comment +/^PASS_MAX_LEN/b comment +/^PASS_MIN_LEN/b comment +/^CHFN_AUTH/b comment +/^CHSH_AUTH/b comment +/^ISSUE_FILE/b comment +/^LOGIN_STRING/b comment +/^ULIMIT/b comment +/^ENVIRON_FILE/b comment + +b exit + +: comment + s:^:#: + +: exit + diff --git a/meta/recipes-extended/shadow/files/pam.d/chfn b/meta/recipes-extended/shadow/files/pam.d/chfn new file mode 100644 index 0000000000..baf7698bba --- /dev/null +++ b/meta/recipes-extended/shadow/files/pam.d/chfn @@ -0,0 +1,14 @@ +# +# The PAM configuration file for the Shadow `chfn' service +# + +# This allows root to change user infomation without being +# prompted for a password +auth sufficient pam_rootok.so + +# The standard Unix authentication modules, used with +# NIS (man nsswitch) as well as normal /etc/passwd and +# /etc/shadow entries. +auth include common-auth +account include common-account +session include common-session diff --git a/meta/recipes-extended/shadow/files/pam.d/chpasswd b/meta/recipes-extended/shadow/files/pam.d/chpasswd new file mode 100644 index 0000000000..9e3efa68ba --- /dev/null +++ b/meta/recipes-extended/shadow/files/pam.d/chpasswd @@ -0,0 +1,4 @@ +# The PAM configuration file for the Shadow 'chpasswd' service +# + +password include common-password diff --git a/meta/recipes-extended/shadow/files/pam.d/chsh b/meta/recipes-extended/shadow/files/pam.d/chsh new file mode 100644 index 0000000000..8fb169f64e --- /dev/null +++ b/meta/recipes-extended/shadow/files/pam.d/chsh @@ -0,0 +1,19 @@ +# +# The PAM configuration file for the Shadow `chsh' service +# + +# This will not allow a user to change their shell unless +# their current one is listed in /etc/shells. This keeps +# accounts with special shells from changing them. +auth required pam_shells.so + +# This allows root to change user shell without being +# prompted for a password +auth sufficient pam_rootok.so + +# The standard Unix authentication modules, used with +# NIS (man nsswitch) as well as normal /etc/passwd and +# /etc/shadow entries. +auth include common-auth +account include common-account +session include common-session diff --git a/meta/recipes-extended/shadow/files/pam.d/login b/meta/recipes-extended/shadow/files/pam.d/login new file mode 100644 index 0000000000..e41eb04ec1 --- /dev/null +++ b/meta/recipes-extended/shadow/files/pam.d/login @@ -0,0 +1,91 @@ +# +# The PAM configuration file for the Shadow `login' service +# + +# Enforce a minimal delay in case of failure (in microseconds). +# (Replaces the `FAIL_DELAY' setting from login.defs) +# Note that other modules may require another minimal delay. (for example, +# to disable any delay, you should add the nodelay option to pam_unix) +auth optional pam_faildelay.so delay=3000000 + +# Outputs an issue file prior to each login prompt (Replaces the +# ISSUE_FILE option from login.defs). Uncomment for use +# auth required pam_issue.so issue=/etc/issue + +# Disallows root logins except on tty's listed in /etc/securetty +# (Replaces the `CONSOLE' setting from login.defs) +# Note that it is included as a "requisite" module. No password prompts will +# be displayed if this module fails to avoid having the root password +# transmitted on unsecure ttys. +# You can change it to a "required" module if you think it permits to +# guess valid user names of your system (invalid user names are considered +# as possibly being root). +auth [success=ok ignore=ignore user_unknown=ignore default=die] pam_securetty.so + +# Disallows other than root logins when /etc/nologin exists +# (Replaces the `NOLOGINS_FILE' option from login.defs) +auth requisite pam_nologin.so + +# SELinux needs to be the first session rule. This ensures that any +# lingering context has been cleared. Without out this it is possible +# that a module could execute code in the wrong domain. +# When the module is present, "required" would be sufficient (When SELinux +# is disabled, this returns success.) +session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close + +# This module parses environment configuration file(s) +# and also allows you to use an extended config +# file /etc/security/pam_env.conf. +# +# parsing /etc/environment needs "readenv=1" +session required pam_env.so readenv=1 +# locale variables are also kept into /etc/default/locale in etch +# reading this file *in addition to /etc/environment* does not hurt +session required pam_env.so readenv=1 envfile=/etc/default/locale + +# Standard Un*x authentication. +auth include common-auth + +# This allows certain extra groups to be granted to a user +# based on things like time of day, tty, service, and user. +# Please edit /etc/security/group.conf to fit your needs +# (Replaces the `CONSOLE_GROUPS' option in login.defs) +auth optional pam_group.so + +# Uncomment and edit /etc/security/time.conf if you need to set +# time restrainst on logins. +# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs +# as well as /etc/porttime) +# account requisite pam_time.so + +# Uncomment and edit /etc/security/access.conf if you need to +# set access limits. +# (Replaces /etc/login.access file) +# account required pam_access.so + +# Sets up user limits according to /etc/security/limits.conf +# (Replaces the use of /etc/limits in old login) +session required pam_limits.so + +# Prints the last login info upon succesful login +# (Replaces the `LASTLOG_ENAB' option from login.defs) +session optional pam_lastlog.so + +# Prints the motd upon succesful login +# (Replaces the `MOTD_FILE' option in login.defs) +session optional pam_motd.so + +# Prints the status of the user's mailbox upon succesful login +# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). +# +# This also defines the MAIL environment variable +# However, userdel also needs MAIL_DIR and MAIL_FILE variables +# in /etc/login.defs to make sure that removing a user +# also removes the user's mail spool file. +# See comments in /etc/login.defs +session optional pam_mail.so standard + +# Standard Un*x account and session +account include common-account +password include common-password +session include common-session diff --git a/meta/recipes-extended/shadow/files/pam.d/newusers b/meta/recipes-extended/shadow/files/pam.d/newusers new file mode 100644 index 0000000000..4aa3dde48b --- /dev/null +++ b/meta/recipes-extended/shadow/files/pam.d/newusers @@ -0,0 +1,4 @@ +# The PAM configuration file for the Shadow 'newusers' service +# + +password include common-password diff --git a/meta/recipes-extended/shadow/files/pam.d/passwd b/meta/recipes-extended/shadow/files/pam.d/passwd new file mode 100644 index 0000000000..f534992435 --- /dev/null +++ b/meta/recipes-extended/shadow/files/pam.d/passwd @@ -0,0 +1,5 @@ +# +# The PAM configuration file for the Shadow `passwd' service +# + +password include common-password diff --git a/meta/recipes-extended/shadow/files/pam.d/su b/meta/recipes-extended/shadow/files/pam.d/su new file mode 100644 index 0000000000..8e35137f37 --- /dev/null +++ b/meta/recipes-extended/shadow/files/pam.d/su @@ -0,0 +1,60 @@ +# +# The PAM configuration file for the Shadow `su' service +# + +# This allows root to su without passwords (normal operation) +auth sufficient pam_rootok.so + +# Uncomment this to force users to be a member of group root +# before they can use `su'. You can also add "group=foo" +# to the end of this line if you want to use a group other +# than the default "root" (but this may have side effect of +# denying "root" user, unless she's a member of "foo" or explicitly +# permitted earlier by e.g. "sufficient pam_rootok.so"). +# (Replaces the `SU_WHEEL_ONLY' option from login.defs) +# auth required pam_wheel.so + +# Uncomment this if you want wheel members to be able to +# su without a password. +# auth sufficient pam_wheel.so trust + +# Uncomment this if you want members of a specific group to not +# be allowed to use su at all. +# auth required pam_wheel.so deny group=nosu + +# Uncomment and edit /etc/security/time.conf if you need to set +# time restrainst on su usage. +# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs +# as well as /etc/porttime) +# account requisite pam_time.so + +# This module parses environment configuration file(s) +# and also allows you to use an extended config +# file /etc/security/pam_env.conf. +# +# parsing /etc/environment needs "readenv=1" +session required pam_env.so readenv=1 +# locale variables are also kept into /etc/default/locale in etch +# reading this file *in addition to /etc/environment* does not hurt +session required pam_env.so readenv=1 envfile=/etc/default/locale + +# Defines the MAIL environment variable +# However, userdel also needs MAIL_DIR and MAIL_FILE variables +# in /etc/login.defs to make sure that removing a user +# also removes the user's mail spool file. +# See comments in /etc/login.defs +# +# "nopen" stands to avoid reporting new mail when su'ing to another user +session optional pam_mail.so nopen + +# Sets up user limits, please uncomment and read /etc/security/limits.conf +# to enable this functionality. +# (Replaces the use of /etc/limits in old login) +# session required pam_limits.so + +# The standard Unix authentication modules, used with +# NIS (man nsswitch) as well as normal /etc/passwd and +# /etc/shadow entries. +auth include common-auth +account include common-account +session include common-session diff --git a/meta/recipes-extended/shadow/files/securetty b/meta/recipes-extended/shadow/files/securetty new file mode 100644 index 0000000000..28fa0afb72 --- /dev/null +++ b/meta/recipes-extended/shadow/files/securetty @@ -0,0 +1,206 @@ +# /etc/securetty: list of terminals on which root is allowed to login. +# See securetty(5) and login(1). +console + +# Standard serial ports +ttyS0 +ttyS1 +ttyS2 +ttyS3 + +# Samsung ARM SoCs +ttySAC0 +ttySAC1 +ttySAC2 +ttySAC3 + +# TI OMAP SoCs +ttyO0 +ttyO1 +ttyO2 +ttyO3 + +# USB dongles +ttyUSB0 +ttyUSB1 +ttyUSB2 + +# PowerMac +ttyPZ0 +ttyPZ1 +ttyPZ2 +ttyPZ3 + +# Embedded MPC platforms +ttyPSC0 +ttyPSC1 +ttyPSC2 +ttyPSC3 +ttyPSC4 +ttyPSC5 + +# PA-RISC mux ports +ttyB0 +ttyB1 + +# Standard hypervisor virtual console +hvc0 + +# Oldstyle Xen console +xvc0 + +# Standard consoles +tty1 +tty2 +tty3 +tty4 +tty5 +tty6 +tty7 +tty8 +tty9 +tty10 +tty11 +tty12 +tty13 +tty14 +tty15 +tty16 +tty17 +tty18 +tty19 +tty20 +tty21 +tty22 +tty23 +tty24 +tty25 +tty26 +tty27 +tty28 +tty29 +tty30 +tty31 +tty32 +tty33 +tty34 +tty35 +tty36 +tty37 +tty38 +tty39 +tty40 +tty41 +tty42 +tty43 +tty44 +tty45 +tty46 +tty47 +tty48 +tty49 +tty50 +tty51 +tty52 +tty53 +tty54 +tty55 +tty56 +tty57 +tty58 +tty59 +tty60 +tty61 +tty62 +tty63 + +# Local X displays (allows empty passwords with pam_unix's nullok_secure) +:0 +:0.0 +:0.1 +:1 +:1.0 +:1.1 +:2 +:2.0 +:2.1 +:3 +:3.0 +:3.1 + +# Embedded Freescale i.MX ports +ttymxc0 +ttymxc1 +ttymxc2 +ttymxc3 +ttymxc4 +ttymxc5 + +# Standard serial ports, with devfs +tts/0 +tts/1 + +# Standard consoles, with devfs +vc/1 +vc/2 +vc/3 +vc/4 +vc/5 +vc/6 +vc/7 +vc/8 +vc/9 +vc/10 +vc/11 +vc/12 +vc/13 +vc/14 +vc/15 +vc/16 +vc/17 +vc/18 +vc/19 +vc/20 +vc/21 +vc/22 +vc/23 +vc/24 +vc/25 +vc/26 +vc/27 +vc/28 +vc/29 +vc/30 +vc/31 +vc/32 +vc/33 +vc/34 +vc/35 +vc/36 +vc/37 +vc/38 +vc/39 +vc/40 +vc/41 +vc/42 +vc/43 +vc/44 +vc/45 +vc/46 +vc/47 +vc/48 +vc/49 +vc/50 +vc/51 +vc/52 +vc/53 +vc/54 +vc/55 +vc/56 +vc/57 +vc/58 +vc/59 +vc/60 +vc/61 +vc/62 +vc/63 diff --git a/meta/recipes-extended/shadow/files/shadow-4.1.3-dots-in-usernames.patch b/meta/recipes-extended/shadow/files/shadow-4.1.3-dots-in-usernames.patch new file mode 100644 index 0000000000..7a2ff2e24e --- /dev/null +++ b/meta/recipes-extended/shadow/files/shadow-4.1.3-dots-in-usernames.patch @@ -0,0 +1,23 @@ +# commit message copied from openembedded: +# commit 246c80637b135f3a113d319b163422f98174ee6c +# Author: Khem Raj +# Date: Wed Jun 9 13:37:03 2010 -0700 +# +# shadow-4.1.4.2: Add patches to support dots in login id. +# +# Signed-off-by: Khem Raj +# +# comment added by Kevin Tian , 2010-08-11 + +Index: shadow-4.1.4.2/libmisc/chkname.c +=================================================================== +--- shadow-4.1.4.2.orig/libmisc/chkname.c 2009-04-28 12:14:04.000000000 -0700 ++++ shadow-4.1.4.2/libmisc/chkname.c 2010-06-03 17:43:20.638973857 -0700 +@@ -61,6 +61,7 @@ static bool is_valid_name (const char *n + ( ('0' <= *name) && ('9' >= *name) ) || + ('_' == *name) || + ('-' == *name) || ++ ('.' == *name) || + ( ('$' == *name) && ('\0' == *(name + 1)) ) + )) { + return false; diff --git a/meta/recipes-extended/shadow/files/shadow-4.1.4.2-env-reset-keep-locale.patch b/meta/recipes-extended/shadow/files/shadow-4.1.4.2-env-reset-keep-locale.patch new file mode 100644 index 0000000000..124065c7f9 --- /dev/null +++ b/meta/recipes-extended/shadow/files/shadow-4.1.4.2-env-reset-keep-locale.patch @@ -0,0 +1,27 @@ +# commit message copied from openembedded: +# commit 246c80637b135f3a113d319b163422f98174ee6c +# Author: Khem Raj +# Date: Wed Jun 9 13:37:03 2010 -0700 +# +# shadow-4.1.4.2: Add patches to support dots in login id. +# +# Signed-off-by: Khem Raj +# +# comment added by Kevin Tian , 2010-08-11 + +http://bugs.gentoo.org/283725 +https://alioth.debian.org/tracker/index.php?func=detail&aid=311740&group_id=30580&atid=411480 + +Index: shadow-4.1.4.2/libmisc/env.c +=================================================================== +--- shadow-4.1.4.2.orig/libmisc/env.c 2009-04-27 13:07:56.000000000 -0700 ++++ shadow-4.1.4.2/libmisc/env.c 2010-06-03 17:44:51.456408474 -0700 +@@ -251,7 +251,7 @@ void sanitize_env (void) + if (strncmp (*cur, *bad, strlen (*bad)) != 0) { + continue; + } +- if (strchr (*cur, '/') != NULL) { ++ if (strchr (*cur, '/') == NULL) { + continue; /* OK */ + } + for (move = cur; NULL != *move; move++) { diff --git a/meta/recipes-extended/shadow/files/shadow-4.1.4.2-groupmod-pam-check.patch b/meta/recipes-extended/shadow/files/shadow-4.1.4.2-groupmod-pam-check.patch new file mode 100644 index 0000000000..6682fe8078 --- /dev/null +++ b/meta/recipes-extended/shadow/files/shadow-4.1.4.2-groupmod-pam-check.patch @@ -0,0 +1,32 @@ +# commit message copied from openembedded: +# commit 246c80637b135f3a113d319b163422f98174ee6c +# Author: Khem Raj +# Date: Wed Jun 9 13:37:03 2010 -0700 +# +# shadow-4.1.4.2: Add patches to support dots in login id. +# +# Signed-off-by: Khem Raj +# +# comment added by Kevin Tian , 2010-08-11 + +http://bugs.gentoo.org/300790 +http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/2009-November/007850.html + +2009-11-05 Nicolas François + + * NEWS, src/groupmod.c: Fixed groupmod when configured with + --enable-account-tools-setuid. + +Index: shadow-4.1.4.2/src/groupmod.c +=================================================================== +--- shadow-4.1.4.2.orig/src/groupmod.c 2009-06-05 15:16:58.000000000 -0700 ++++ shadow-4.1.4.2/src/groupmod.c 2010-06-03 17:45:43.828952613 -0700 +@@ -720,7 +720,7 @@ int main (int argc, char **argv) + { + struct passwd *pampw; + pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */ +- if (NULL == pamh) { ++ if (NULL == pampw) { + fprintf (stderr, + _("%s: Cannot determine your user name.\n"), + Prog); diff --git a/meta/recipes-extended/shadow/files/shadow-4.1.4.2-su_no_sanitize_env.patch b/meta/recipes-extended/shadow/files/shadow-4.1.4.2-su_no_sanitize_env.patch new file mode 100644 index 0000000000..f67251c840 --- /dev/null +++ b/meta/recipes-extended/shadow/files/shadow-4.1.4.2-su_no_sanitize_env.patch @@ -0,0 +1,27 @@ +# commit message copied from openembedded: +# commit 246c80637b135f3a113d319b163422f98174ee6c +# Author: Khem Raj +# Date: Wed Jun 9 13:37:03 2010 -0700 +# +# shadow-4.1.4.2: Add patches to support dots in login id. +# +# Signed-off-by: Khem Raj +# +# comment added by Kevin Tian , 2010-08-11 + +http://bugs.gentoo.org/show_bug.cgi?id=301957 +https://alioth.debian.org/scm/browser.php?group_id=30580 + +Index: shadow-4.1.4.2/src/su.c +=================================================================== +--- shadow-4.1.4.2.orig/src/su.c 2009-07-23 13:38:56.000000000 -0700 ++++ shadow-4.1.4.2/src/su.c 2010-06-03 17:46:47.718944010 -0700 +@@ -378,7 +378,7 @@ int main (int argc, char **argv) + #endif + #endif /* !USE_PAM */ + +- sanitize_env (); ++ /* sanitize_env (); */ + + (void) setlocale (LC_ALL, ""); + (void) bindtextdomain (PACKAGE, LOCALEDIR); diff --git a/meta/recipes-extended/shadow/files/shadow.automake-1.11.patch b/meta/recipes-extended/shadow/files/shadow.automake-1.11.patch new file mode 100644 index 0000000000..36d7be6fd0 --- /dev/null +++ b/meta/recipes-extended/shadow/files/shadow.automake-1.11.patch @@ -0,0 +1,102 @@ +# patch is from openembedded: +# commit 2db61370333f7a2fc1dbb86385734883387e0217 +# Author: Martin Jansa +# Date: Fri Apr 2 07:34:46 2010 +0200 +# +# shadow: fix do_install with automake-1.11 +# +# Signed-off-by: Martin Jansa +# +# comment added by Kevin Tian + +man_nopan is for !USE_PAM already included in man_MANS and automake-1.11 hates to install some file twice + +diff -uNr shadow-4.1.4.2.orig/man/Makefile.am shadow-4.1.4.2/man/Makefile.am +--- shadow-4.1.4.2.orig/man/Makefile.am 2009-03-14 15:40:10.000000000 +0100 ++++ shadow-4.1.4.2/man/Makefile.am 2010-04-02 07:31:17.000000000 +0200 +@@ -163,7 +163,6 @@ + $(man_MANS) \ + $(man_XMANS) \ + $(addprefix login.defs.d/,$(login_defs_v)) \ +- $(man_nopam) \ + id.1 \ + id.1.xml \ + sulogin.8 \ +diff -uNr shadow-4.1.4.2.orig/man/fr/Makefile.am shadow-4.1.4.2/man/fr/Makefile.am +--- shadow-4.1.4.2.orig/man/fr/Makefile.am 2008-09-06 18:44:45.000000000 +0200 ++++ shadow-4.1.4.2/man/fr/Makefile.am 2010-04-02 07:42:11.000000000 +0200 +@@ -52,7 +52,6 @@ + + EXTRA_DIST = \ + $(man_MANS) \ +- $(man_nopam) \ + id.1 + + include ../generate_translations.mak +diff -uNr shadow-4.1.4.2.orig/man/it/Makefile.am shadow-4.1.4.2/man/it/Makefile.am +--- shadow-4.1.4.2.orig/man/it/Makefile.am 2008-09-06 18:44:45.000000000 +0200 ++++ shadow-4.1.4.2/man/it/Makefile.am 2010-04-02 07:42:20.000000000 +0200 +@@ -46,7 +46,6 @@ + + EXTRA_DIST = \ + $(man_MANS) \ +- $(man_nopam) \ + id.1 \ + logoutd.8 + +diff -uNr shadow-4.1.4.2.orig/man/ja/Makefile.am shadow-4.1.4.2/man/ja/Makefile.am +--- shadow-4.1.4.2.orig/man/ja/Makefile.am 2007-12-31 17:48:28.000000000 +0100 ++++ shadow-4.1.4.2/man/ja/Makefile.am 2010-04-02 07:42:17.000000000 +0200 +@@ -49,7 +49,6 @@ + + EXTRA_DIST = \ + $(man_MANS) \ +- $(man_nopam) \ + id.1 \ + shadow.3 \ + sulogin.8 +diff -uNr shadow-4.1.4.2.orig/man/pl/Makefile.am shadow-4.1.4.2/man/pl/Makefile.am +--- shadow-4.1.4.2.orig/man/pl/Makefile.am 2008-09-06 18:44:45.000000000 +0200 ++++ shadow-4.1.4.2/man/pl/Makefile.am 2010-04-02 07:42:07.000000000 +0200 +@@ -49,7 +49,6 @@ + + EXTRA_DIST = \ + $(man_MANS) \ +- $(man_nopam) \ + getspnam.3 \ + id.1 \ + shadow.3 \ +diff -uNr shadow-4.1.4.2.orig/man/ru/Makefile.am shadow-4.1.4.2/man/ru/Makefile.am +--- shadow-4.1.4.2.orig/man/ru/Makefile.am 2010-04-02 07:39:00.000000000 +0200 ++++ shadow-4.1.4.2/man/ru/Makefile.am 2010-04-02 07:42:01.000000000 +0200 +@@ -54,7 +54,6 @@ + + EXTRA_DIST = \ + $(man_MANS) \ +- $(man_nopam) \ + id.1 \ + sulogin.8 + +diff -uNr shadow-4.1.4.2.orig/man/sv/Makefile.am shadow-4.1.4.2/man/sv/Makefile.am +--- shadow-4.1.4.2.orig/man/sv/Makefile.am 2008-09-06 18:44:45.000000000 +0200 ++++ shadow-4.1.4.2/man/sv/Makefile.am 2010-04-02 07:42:24.000000000 +0200 +@@ -53,8 +53,7 @@ + endif + + EXTRA_DIST = \ +- $(man_MANS) \ +- $(man_nopam) ++ $(man_MANS) + + include ../generate_translations.mak + +--- shadow-4.1.4.2.orig/man/ru/Makefile.am 2010-04-02 07:54:09.000000000 +0200 ++++ shadow-4.1.4.2/man/ru/Makefile.am 2010-04-02 07:51:57.000000000 +0200 +@@ -1,7 +1,6 @@ + mandir = @mandir@/ru + + man_MANS = \ +- $(man_nopam) \ + chage.1 \ + chfn.1 \ + chgpasswd.8 \ diff --git a/meta/recipes-extended/shadow/shadow-4.1.4.2/login_defs_pam.sed b/meta/recipes-extended/shadow/shadow-4.1.4.2/login_defs_pam.sed deleted file mode 100644 index 0a1f3be4af..0000000000 --- a/meta/recipes-extended/shadow/shadow-4.1.4.2/login_defs_pam.sed +++ /dev/null @@ -1,32 +0,0 @@ -/^FAILLOG_ENAB/b comment -/^LASTLOG_ENAB/b comment -/^MAIL_CHECK_ENAB/b comment -/^OBSCURE_CHECKS_ENAB/b comment -/^PORTTIME_CHECKS_ENAB/b comment -/^QUOTAS_ENAB/b comment -/^MOTD_FILE/b comment -/^FTMP_FILE/b comment -/^NOLOGINS_FILE/b comment -/^ENV_HZ/b comment -/^ENV_TZ/b comment -/^PASS_MIN_LEN/b comment -/^SU_WHEEL_ONLY/b comment -/^CRACKLIB_DICTPATH/b comment -/^PASS_CHANGE_TRIES/b comment -/^PASS_ALWAYS_WARN/b comment -/^PASS_MAX_LEN/b comment -/^PASS_MIN_LEN/b comment -/^CHFN_AUTH/b comment -/^CHSH_AUTH/b comment -/^ISSUE_FILE/b comment -/^LOGIN_STRING/b comment -/^ULIMIT/b comment -/^ENVIRON_FILE/b comment - -b exit - -: comment - s:^:#: - -: exit - diff --git a/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/chfn b/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/chfn deleted file mode 100644 index baf7698bba..0000000000 --- a/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/chfn +++ /dev/null @@ -1,14 +0,0 @@ -# -# The PAM configuration file for the Shadow `chfn' service -# - -# This allows root to change user infomation without being -# prompted for a password -auth sufficient pam_rootok.so - -# The standard Unix authentication modules, used with -# NIS (man nsswitch) as well as normal /etc/passwd and -# /etc/shadow entries. -auth include common-auth -account include common-account -session include common-session diff --git a/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/chpasswd b/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/chpasswd deleted file mode 100644 index 9e3efa68ba..0000000000 --- a/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/chpasswd +++ /dev/null @@ -1,4 +0,0 @@ -# The PAM configuration file for the Shadow 'chpasswd' service -# - -password include common-password diff --git a/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/chsh b/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/chsh deleted file mode 100644 index 8fb169f64e..0000000000 --- a/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/chsh +++ /dev/null @@ -1,19 +0,0 @@ -# -# The PAM configuration file for the Shadow `chsh' service -# - -# This will not allow a user to change their shell unless -# their current one is listed in /etc/shells. This keeps -# accounts with special shells from changing them. -auth required pam_shells.so - -# This allows root to change user shell without being -# prompted for a password -auth sufficient pam_rootok.so - -# The standard Unix authentication modules, used with -# NIS (man nsswitch) as well as normal /etc/passwd and -# /etc/shadow entries. -auth include common-auth -account include common-account -session include common-session diff --git a/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/login b/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/login deleted file mode 100644 index e41eb04ec1..0000000000 --- a/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/login +++ /dev/null @@ -1,91 +0,0 @@ -# -# The PAM configuration file for the Shadow `login' service -# - -# Enforce a minimal delay in case of failure (in microseconds). -# (Replaces the `FAIL_DELAY' setting from login.defs) -# Note that other modules may require another minimal delay. (for example, -# to disable any delay, you should add the nodelay option to pam_unix) -auth optional pam_faildelay.so delay=3000000 - -# Outputs an issue file prior to each login prompt (Replaces the -# ISSUE_FILE option from login.defs). Uncomment for use -# auth required pam_issue.so issue=/etc/issue - -# Disallows root logins except on tty's listed in /etc/securetty -# (Replaces the `CONSOLE' setting from login.defs) -# Note that it is included as a "requisite" module. No password prompts will -# be displayed if this module fails to avoid having the root password -# transmitted on unsecure ttys. -# You can change it to a "required" module if you think it permits to -# guess valid user names of your system (invalid user names are considered -# as possibly being root). -auth [success=ok ignore=ignore user_unknown=ignore default=die] pam_securetty.so - -# Disallows other than root logins when /etc/nologin exists -# (Replaces the `NOLOGINS_FILE' option from login.defs) -auth requisite pam_nologin.so - -# SELinux needs to be the first session rule. This ensures that any -# lingering context has been cleared. Without out this it is possible -# that a module could execute code in the wrong domain. -# When the module is present, "required" would be sufficient (When SELinux -# is disabled, this returns success.) -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close - -# This module parses environment configuration file(s) -# and also allows you to use an extended config -# file /etc/security/pam_env.conf. -# -# parsing /etc/environment needs "readenv=1" -session required pam_env.so readenv=1 -# locale variables are also kept into /etc/default/locale in etch -# reading this file *in addition to /etc/environment* does not hurt -session required pam_env.so readenv=1 envfile=/etc/default/locale - -# Standard Un*x authentication. -auth include common-auth - -# This allows certain extra groups to be granted to a user -# based on things like time of day, tty, service, and user. -# Please edit /etc/security/group.conf to fit your needs -# (Replaces the `CONSOLE_GROUPS' option in login.defs) -auth optional pam_group.so - -# Uncomment and edit /etc/security/time.conf if you need to set -# time restrainst on logins. -# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs -# as well as /etc/porttime) -# account requisite pam_time.so - -# Uncomment and edit /etc/security/access.conf if you need to -# set access limits. -# (Replaces /etc/login.access file) -# account required pam_access.so - -# Sets up user limits according to /etc/security/limits.conf -# (Replaces the use of /etc/limits in old login) -session required pam_limits.so - -# Prints the last login info upon succesful login -# (Replaces the `LASTLOG_ENAB' option from login.defs) -session optional pam_lastlog.so - -# Prints the motd upon succesful login -# (Replaces the `MOTD_FILE' option in login.defs) -session optional pam_motd.so - -# Prints the status of the user's mailbox upon succesful login -# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). -# -# This also defines the MAIL environment variable -# However, userdel also needs MAIL_DIR and MAIL_FILE variables -# in /etc/login.defs to make sure that removing a user -# also removes the user's mail spool file. -# See comments in /etc/login.defs -session optional pam_mail.so standard - -# Standard Un*x account and session -account include common-account -password include common-password -session include common-session diff --git a/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/newusers b/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/newusers deleted file mode 100644 index 4aa3dde48b..0000000000 --- a/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/newusers +++ /dev/null @@ -1,4 +0,0 @@ -# The PAM configuration file for the Shadow 'newusers' service -# - -password include common-password diff --git a/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/passwd b/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/passwd deleted file mode 100644 index f534992435..0000000000 --- a/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/passwd +++ /dev/null @@ -1,5 +0,0 @@ -# -# The PAM configuration file for the Shadow `passwd' service -# - -password include common-password diff --git a/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/su b/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/su deleted file mode 100644 index 8e35137f37..0000000000 --- a/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/su +++ /dev/null @@ -1,60 +0,0 @@ -# -# The PAM configuration file for the Shadow `su' service -# - -# This allows root to su without passwords (normal operation) -auth sufficient pam_rootok.so - -# Uncomment this to force users to be a member of group root -# before they can use `su'. You can also add "group=foo" -# to the end of this line if you want to use a group other -# than the default "root" (but this may have side effect of -# denying "root" user, unless she's a member of "foo" or explicitly -# permitted earlier by e.g. "sufficient pam_rootok.so"). -# (Replaces the `SU_WHEEL_ONLY' option from login.defs) -# auth required pam_wheel.so - -# Uncomment this if you want wheel members to be able to -# su without a password. -# auth sufficient pam_wheel.so trust - -# Uncomment this if you want members of a specific group to not -# be allowed to use su at all. -# auth required pam_wheel.so deny group=nosu - -# Uncomment and edit /etc/security/time.conf if you need to set -# time restrainst on su usage. -# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs -# as well as /etc/porttime) -# account requisite pam_time.so - -# This module parses environment configuration file(s) -# and also allows you to use an extended config -# file /etc/security/pam_env.conf. -# -# parsing /etc/environment needs "readenv=1" -session required pam_env.so readenv=1 -# locale variables are also kept into /etc/default/locale in etch -# reading this file *in addition to /etc/environment* does not hurt -session required pam_env.so readenv=1 envfile=/etc/default/locale - -# Defines the MAIL environment variable -# However, userdel also needs MAIL_DIR and MAIL_FILE variables -# in /etc/login.defs to make sure that removing a user -# also removes the user's mail spool file. -# See comments in /etc/login.defs -# -# "nopen" stands to avoid reporting new mail when su'ing to another user -session optional pam_mail.so nopen - -# Sets up user limits, please uncomment and read /etc/security/limits.conf -# to enable this functionality. -# (Replaces the use of /etc/limits in old login) -# session required pam_limits.so - -# The standard Unix authentication modules, used with -# NIS (man nsswitch) as well as normal /etc/passwd and -# /etc/shadow entries. -auth include common-auth -account include common-account -session include common-session diff --git a/meta/recipes-extended/shadow/shadow-4.1.4.2/securetty b/meta/recipes-extended/shadow/shadow-4.1.4.2/securetty deleted file mode 100644 index 28fa0afb72..0000000000 --- a/meta/recipes-extended/shadow/shadow-4.1.4.2/securetty +++ /dev/null @@ -1,206 +0,0 @@ -# /etc/securetty: list of terminals on which root is allowed to login. -# See securetty(5) and login(1). -console - -# Standard serial ports -ttyS0 -ttyS1 -ttyS2 -ttyS3 - -# Samsung ARM SoCs -ttySAC0 -ttySAC1 -ttySAC2 -ttySAC3 - -# TI OMAP SoCs -ttyO0 -ttyO1 -ttyO2 -ttyO3 - -# USB dongles -ttyUSB0 -ttyUSB1 -ttyUSB2 - -# PowerMac -ttyPZ0 -ttyPZ1 -ttyPZ2 -ttyPZ3 - -# Embedded MPC platforms -ttyPSC0 -ttyPSC1 -ttyPSC2 -ttyPSC3 -ttyPSC4 -ttyPSC5 - -# PA-RISC mux ports -ttyB0 -ttyB1 - -# Standard hypervisor virtual console -hvc0 - -# Oldstyle Xen console -xvc0 - -# Standard consoles -tty1 -tty2 -tty3 -tty4 -tty5 -tty6 -tty7 -tty8 -tty9 -tty10 -tty11 -tty12 -tty13 -tty14 -tty15 -tty16 -tty17 -tty18 -tty19 -tty20 -tty21 -tty22 -tty23 -tty24 -tty25 -tty26 -tty27 -tty28 -tty29 -tty30 -tty31 -tty32 -tty33 -tty34 -tty35 -tty36 -tty37 -tty38 -tty39 -tty40 -tty41 -tty42 -tty43 -tty44 -tty45 -tty46 -tty47 -tty48 -tty49 -tty50 -tty51 -tty52 -tty53 -tty54 -tty55 -tty56 -tty57 -tty58 -tty59 -tty60 -tty61 -tty62 -tty63 - -# Local X displays (allows empty passwords with pam_unix's nullok_secure) -:0 -:0.0 -:0.1 -:1 -:1.0 -:1.1 -:2 -:2.0 -:2.1 -:3 -:3.0 -:3.1 - -# Embedded Freescale i.MX ports -ttymxc0 -ttymxc1 -ttymxc2 -ttymxc3 -ttymxc4 -ttymxc5 - -# Standard serial ports, with devfs -tts/0 -tts/1 - -# Standard consoles, with devfs -vc/1 -vc/2 -vc/3 -vc/4 -vc/5 -vc/6 -vc/7 -vc/8 -vc/9 -vc/10 -vc/11 -vc/12 -vc/13 -vc/14 -vc/15 -vc/16 -vc/17 -vc/18 -vc/19 -vc/20 -vc/21 -vc/22 -vc/23 -vc/24 -vc/25 -vc/26 -vc/27 -vc/28 -vc/29 -vc/30 -vc/31 -vc/32 -vc/33 -vc/34 -vc/35 -vc/36 -vc/37 -vc/38 -vc/39 -vc/40 -vc/41 -vc/42 -vc/43 -vc/44 -vc/45 -vc/46 -vc/47 -vc/48 -vc/49 -vc/50 -vc/51 -vc/52 -vc/53 -vc/54 -vc/55 -vc/56 -vc/57 -vc/58 -vc/59 -vc/60 -vc/61 -vc/62 -vc/63 diff --git a/meta/recipes-extended/shadow/shadow-4.1.4.2/shadow-4.1.3-dots-in-usernames.patch b/meta/recipes-extended/shadow/shadow-4.1.4.2/shadow-4.1.3-dots-in-usernames.patch deleted file mode 100644 index 7a2ff2e24e..0000000000 --- a/meta/recipes-extended/shadow/shadow-4.1.4.2/shadow-4.1.3-dots-in-usernames.patch +++ /dev/null @@ -1,23 +0,0 @@ -# commit message copied from openembedded: -# commit 246c80637b135f3a113d319b163422f98174ee6c -# Author: Khem Raj -# Date: Wed Jun 9 13:37:03 2010 -0700 -# -# shadow-4.1.4.2: Add patches to support dots in login id. -# -# Signed-off-by: Khem Raj -# -# comment added by Kevin Tian , 2010-08-11 - -Index: shadow-4.1.4.2/libmisc/chkname.c -=================================================================== ---- shadow-4.1.4.2.orig/libmisc/chkname.c 2009-04-28 12:14:04.000000000 -0700 -+++ shadow-4.1.4.2/libmisc/chkname.c 2010-06-03 17:43:20.638973857 -0700 -@@ -61,6 +61,7 @@ static bool is_valid_name (const char *n - ( ('0' <= *name) && ('9' >= *name) ) || - ('_' == *name) || - ('-' == *name) || -+ ('.' == *name) || - ( ('$' == *name) && ('\0' == *(name + 1)) ) - )) { - return false; diff --git a/meta/recipes-extended/shadow/shadow-4.1.4.2/shadow-4.1.4.2-env-reset-keep-locale.patch b/meta/recipes-extended/shadow/shadow-4.1.4.2/shadow-4.1.4.2-env-reset-keep-locale.patch deleted file mode 100644 index 124065c7f9..0000000000 --- a/meta/recipes-extended/shadow/shadow-4.1.4.2/shadow-4.1.4.2-env-reset-keep-locale.patch +++ /dev/null @@ -1,27 +0,0 @@ -# commit message copied from openembedded: -# commit 246c80637b135f3a113d319b163422f98174ee6c -# Author: Khem Raj -# Date: Wed Jun 9 13:37:03 2010 -0700 -# -# shadow-4.1.4.2: Add patches to support dots in login id. -# -# Signed-off-by: Khem Raj -# -# comment added by Kevin Tian , 2010-08-11 - -http://bugs.gentoo.org/283725 -https://alioth.debian.org/tracker/index.php?func=detail&aid=311740&group_id=30580&atid=411480 - -Index: shadow-4.1.4.2/libmisc/env.c -=================================================================== ---- shadow-4.1.4.2.orig/libmisc/env.c 2009-04-27 13:07:56.000000000 -0700 -+++ shadow-4.1.4.2/libmisc/env.c 2010-06-03 17:44:51.456408474 -0700 -@@ -251,7 +251,7 @@ void sanitize_env (void) - if (strncmp (*cur, *bad, strlen (*bad)) != 0) { - continue; - } -- if (strchr (*cur, '/') != NULL) { -+ if (strchr (*cur, '/') == NULL) { - continue; /* OK */ - } - for (move = cur; NULL != *move; move++) { diff --git a/meta/recipes-extended/shadow/shadow-4.1.4.2/shadow-4.1.4.2-groupmod-pam-check.patch b/meta/recipes-extended/shadow/shadow-4.1.4.2/shadow-4.1.4.2-groupmod-pam-check.patch deleted file mode 100644 index 6682fe8078..0000000000 --- a/meta/recipes-extended/shadow/shadow-4.1.4.2/shadow-4.1.4.2-groupmod-pam-check.patch +++ /dev/null @@ -1,32 +0,0 @@ -# commit message copied from openembedded: -# commit 246c80637b135f3a113d319b163422f98174ee6c -# Author: Khem Raj -# Date: Wed Jun 9 13:37:03 2010 -0700 -# -# shadow-4.1.4.2: Add patches to support dots in login id. -# -# Signed-off-by: Khem Raj -# -# comment added by Kevin Tian , 2010-08-11 - -http://bugs.gentoo.org/300790 -http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/2009-November/007850.html - -2009-11-05 Nicolas François - - * NEWS, src/groupmod.c: Fixed groupmod when configured with - --enable-account-tools-setuid. - -Index: shadow-4.1.4.2/src/groupmod.c -=================================================================== ---- shadow-4.1.4.2.orig/src/groupmod.c 2009-06-05 15:16:58.000000000 -0700 -+++ shadow-4.1.4.2/src/groupmod.c 2010-06-03 17:45:43.828952613 -0700 -@@ -720,7 +720,7 @@ int main (int argc, char **argv) - { - struct passwd *pampw; - pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */ -- if (NULL == pamh) { -+ if (NULL == pampw) { - fprintf (stderr, - _("%s: Cannot determine your user name.\n"), - Prog); diff --git a/meta/recipes-extended/shadow/shadow-4.1.4.2/shadow-4.1.4.2-su_no_sanitize_env.patch b/meta/recipes-extended/shadow/shadow-4.1.4.2/shadow-4.1.4.2-su_no_sanitize_env.patch deleted file mode 100644 index f67251c840..0000000000 --- a/meta/recipes-extended/shadow/shadow-4.1.4.2/shadow-4.1.4.2-su_no_sanitize_env.patch +++ /dev/null @@ -1,27 +0,0 @@ -# commit message copied from openembedded: -# commit 246c80637b135f3a113d319b163422f98174ee6c -# Author: Khem Raj -# Date: Wed Jun 9 13:37:03 2010 -0700 -# -# shadow-4.1.4.2: Add patches to support dots in login id. -# -# Signed-off-by: Khem Raj -# -# comment added by Kevin Tian , 2010-08-11 - -http://bugs.gentoo.org/show_bug.cgi?id=301957 -https://alioth.debian.org/scm/browser.php?group_id=30580 - -Index: shadow-4.1.4.2/src/su.c -=================================================================== ---- shadow-4.1.4.2.orig/src/su.c 2009-07-23 13:38:56.000000000 -0700 -+++ shadow-4.1.4.2/src/su.c 2010-06-03 17:46:47.718944010 -0700 -@@ -378,7 +378,7 @@ int main (int argc, char **argv) - #endif - #endif /* !USE_PAM */ - -- sanitize_env (); -+ /* sanitize_env (); */ - - (void) setlocale (LC_ALL, ""); - (void) bindtextdomain (PACKAGE, LOCALEDIR); diff --git a/meta/recipes-extended/shadow/shadow-4.1.4.2/shadow.automake-1.11.patch b/meta/recipes-extended/shadow/shadow-4.1.4.2/shadow.automake-1.11.patch deleted file mode 100644 index 36d7be6fd0..0000000000 --- a/meta/recipes-extended/shadow/shadow-4.1.4.2/shadow.automake-1.11.patch +++ /dev/null @@ -1,102 +0,0 @@ -# patch is from openembedded: -# commit 2db61370333f7a2fc1dbb86385734883387e0217 -# Author: Martin Jansa -# Date: Fri Apr 2 07:34:46 2010 +0200 -# -# shadow: fix do_install with automake-1.11 -# -# Signed-off-by: Martin Jansa -# -# comment added by Kevin Tian - -man_nopan is for !USE_PAM already included in man_MANS and automake-1.11 hates to install some file twice - -diff -uNr shadow-4.1.4.2.orig/man/Makefile.am shadow-4.1.4.2/man/Makefile.am ---- shadow-4.1.4.2.orig/man/Makefile.am 2009-03-14 15:40:10.000000000 +0100 -+++ shadow-4.1.4.2/man/Makefile.am 2010-04-02 07:31:17.000000000 +0200 -@@ -163,7 +163,6 @@ - $(man_MANS) \ - $(man_XMANS) \ - $(addprefix login.defs.d/,$(login_defs_v)) \ -- $(man_nopam) \ - id.1 \ - id.1.xml \ - sulogin.8 \ -diff -uNr shadow-4.1.4.2.orig/man/fr/Makefile.am shadow-4.1.4.2/man/fr/Makefile.am ---- shadow-4.1.4.2.orig/man/fr/Makefile.am 2008-09-06 18:44:45.000000000 +0200 -+++ shadow-4.1.4.2/man/fr/Makefile.am 2010-04-02 07:42:11.000000000 +0200 -@@ -52,7 +52,6 @@ - - EXTRA_DIST = \ - $(man_MANS) \ -- $(man_nopam) \ - id.1 - - include ../generate_translations.mak -diff -uNr shadow-4.1.4.2.orig/man/it/Makefile.am shadow-4.1.4.2/man/it/Makefile.am ---- shadow-4.1.4.2.orig/man/it/Makefile.am 2008-09-06 18:44:45.000000000 +0200 -+++ shadow-4.1.4.2/man/it/Makefile.am 2010-04-02 07:42:20.000000000 +0200 -@@ -46,7 +46,6 @@ - - EXTRA_DIST = \ - $(man_MANS) \ -- $(man_nopam) \ - id.1 \ - logoutd.8 - -diff -uNr shadow-4.1.4.2.orig/man/ja/Makefile.am shadow-4.1.4.2/man/ja/Makefile.am ---- shadow-4.1.4.2.orig/man/ja/Makefile.am 2007-12-31 17:48:28.000000000 +0100 -+++ shadow-4.1.4.2/man/ja/Makefile.am 2010-04-02 07:42:17.000000000 +0200 -@@ -49,7 +49,6 @@ - - EXTRA_DIST = \ - $(man_MANS) \ -- $(man_nopam) \ - id.1 \ - shadow.3 \ - sulogin.8 -diff -uNr shadow-4.1.4.2.orig/man/pl/Makefile.am shadow-4.1.4.2/man/pl/Makefile.am ---- shadow-4.1.4.2.orig/man/pl/Makefile.am 2008-09-06 18:44:45.000000000 +0200 -+++ shadow-4.1.4.2/man/pl/Makefile.am 2010-04-02 07:42:07.000000000 +0200 -@@ -49,7 +49,6 @@ - - EXTRA_DIST = \ - $(man_MANS) \ -- $(man_nopam) \ - getspnam.3 \ - id.1 \ - shadow.3 \ -diff -uNr shadow-4.1.4.2.orig/man/ru/Makefile.am shadow-4.1.4.2/man/ru/Makefile.am ---- shadow-4.1.4.2.orig/man/ru/Makefile.am 2010-04-02 07:39:00.000000000 +0200 -+++ shadow-4.1.4.2/man/ru/Makefile.am 2010-04-02 07:42:01.000000000 +0200 -@@ -54,7 +54,6 @@ - - EXTRA_DIST = \ - $(man_MANS) \ -- $(man_nopam) \ - id.1 \ - sulogin.8 - -diff -uNr shadow-4.1.4.2.orig/man/sv/Makefile.am shadow-4.1.4.2/man/sv/Makefile.am ---- shadow-4.1.4.2.orig/man/sv/Makefile.am 2008-09-06 18:44:45.000000000 +0200 -+++ shadow-4.1.4.2/man/sv/Makefile.am 2010-04-02 07:42:24.000000000 +0200 -@@ -53,8 +53,7 @@ - endif - - EXTRA_DIST = \ -- $(man_MANS) \ -- $(man_nopam) -+ $(man_MANS) - - include ../generate_translations.mak - ---- shadow-4.1.4.2.orig/man/ru/Makefile.am 2010-04-02 07:54:09.000000000 +0200 -+++ shadow-4.1.4.2/man/ru/Makefile.am 2010-04-02 07:51:57.000000000 +0200 -@@ -1,7 +1,6 @@ - mandir = @mandir@/ru - - man_MANS = \ -- $(man_nopam) \ - chage.1 \ - chfn.1 \ - chgpasswd.8 \ diff --git a/meta/recipes-extended/shadow/shadow_4.1.4.2.bb b/meta/recipes-extended/shadow/shadow_4.1.4.2.bb deleted file mode 100644 index 224ae5e38f..0000000000 --- a/meta/recipes-extended/shadow/shadow_4.1.4.2.bb +++ /dev/null @@ -1,14 +0,0 @@ -require shadow.inc - -PR = "r1" - -SRC_URI += "file://shadow.automake-1.11.patch \ - file://shadow-4.1.3-dots-in-usernames.patch \ - file://shadow-4.1.4.2-env-reset-keep-locale.patch \ - file://shadow-4.1.4.2-groupmod-pam-check.patch \ - file://shadow-4.1.4.2-su_no_sanitize_env.patch" - -SRC_URI[md5sum] = "d593a9cab93c48ee0a6ba056db8c1997" -SRC_URI[sha256sum] = "97987f6a7967a85e6aa0dba2a1d52db8bd69af5a717391de5693db768fb78990" - -EXTRA_OECONF_libc-uclibc += " --with-nscd=no " diff --git a/meta/recipes-extended/shadow/shadow_4.1.4.3.bb b/meta/recipes-extended/shadow/shadow_4.1.4.3.bb new file mode 100644 index 0000000000..c8aa223b65 --- /dev/null +++ b/meta/recipes-extended/shadow/shadow_4.1.4.3.bb @@ -0,0 +1,14 @@ +require shadow.inc + +PR = "r1" + +SRC_URI += "file://shadow.automake-1.11.patch \ + file://shadow-4.1.3-dots-in-usernames.patch \ + file://shadow-4.1.4.2-env-reset-keep-locale.patch \ + file://shadow-4.1.4.2-groupmod-pam-check.patch \ + file://shadow-4.1.4.2-su_no_sanitize_env.patch" + +SRC_URI[md5sum] = "b8608d8294ac88974f27b20f991c0e79" +SRC_URI[sha256sum] = "633f5bb4ea0c88c55f3642c97f9d25cbef74f82e0b4cf8d54e7ad6f9f9caa778" + +EXTRA_OECONF_libc-uclibc += " --with-nscd=no " -- cgit v1.2.3-54-g00ecf