mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-20 08:29:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

shadow: upgrade from 4.1.4.3 to 4.2.1

Browse Source 
Upgrade shadow from 4.1.4.3 to 4.2.1.

Changes during this upgrade are as following.

1. Remove the "merged" patches. These patches are either merged or
   the same functionality has been implemented upstream.

   add_root_cmd_groupmems.patch
   add_root_cmd_options.patch
   fix-etc-gshadow-reading.patch
   shadow-4.1.4.2-env-reset-keep-locale.patch
   shadow-4.1.4.2-groupmod-pam-check.patch
   shadow-4.1.4.2-su_no_sanitize_env.patch
   shadow.automake-1.11.patch
   shadow_fix_for_automake-1.12.patch
   useradd.patch

2. Remove the unneeded patch.
   The following patch has been removed because the logic in the related
   codes of the new version has been changed. In specific, the codes now
   can handle the 'NULL' return value. So there's no need for the following
   patch.

   slackware_fix_for_glib-2.17_crypt.patch

3. Teak the current patch to match the new version.

   allow-for-setting-password-in-clear-text.patch

4. Add a patch to fix compilation failure.

   usermod-fix-compilation-failure-with-subids-disabled.patch

5. Add a patch to fix the installation failure.

   fix-installation-failure-with-subids-disabled.patch

5. Add a patch to fix the failure at rootfs time if extrausers is inherited.

   commonio.c-fix-unexpected-open-failure-in-chroot-env.patch

6. Fix the bad section in the recipe.

7. Disable the new subids feature in the new version as it doesn't support
   cross compilation for now.

8. Modify the pkg_postinst to `exit 1' if the `pwconv' or `grpconv' fails.
   Also, fix the arguments to use '--root $D' instead of '--root=$D'.

9. Add a patch for shadow-native to create parent directories when necessary.

   0001-useradd.c-create-parent-directories-when-necessary.patch

(From OE-Core rev: b73e5cd51551556f9e6a4f7d9e7deec4d9d661bd)

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Chen Qi
2014-07-17 15:53:34 +08:00
committed by Richard Purdie
parent 3ab35e4a47
commit 012a572e86
19 changed files with 333 additions and 1936 deletions
Download Patch File Download Diff File Expand all files Collapse all files

109
meta/recipes-extended/shadow/files/0001-useradd.c-create-parent-directories-when-necessary.patch Normal file
View File

@@ -0,0 +1,109 @@
Upstream-Status: Inappropriate [OE specific]
Subject: useradd.c: create parent directories when necessary
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
src/useradd.c | 72 +++++++++++++++++++++++++++++++++++++++------------------
1 file changed, 49 insertions(+), 23 deletions(-)
diff --git a/src/useradd.c b/src/useradd.c
index 4bd969d..cb5dd6c 100644
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -1893,6 +1893,35 @@ static void usr_update (void)
}
/*
+ * mkdir_p - create directories, including parent directories when needed
+ *
+ * similar to `mkdir -p'
+ */
+void mkdir_p(const char *path) {
+ int len = strlen(path);
+ char newdir[len + 1];
+ mode_t mode = 0755;
+ int i = 0;
+
+ if (path[i] == '\0') {
+ return;
+ }
+
+ /* skip the leading '/' */
+ i++;
+
+ while(path[i] != '\0') {
+ if (path[i] == '/') {
+ strncpy(newdir, path, i);
+ newdir[i] = '\0';
+ mkdir(newdir, mode);
+ }
+ i++;
+ }
+ mkdir(path, mode);
+}
+
+/*
* create_home - create the user's home directory
*
* create_home() creates the user's home directory if it does not
@@ -1907,36 +1936,33 @@ static void create_home (void)
fail_exit (E_HOMEDIR);
}
#endif
- /* XXX - create missing parent directories. --marekm */
- if (mkdir (user_home, 0) != 0) {
- fprintf (stderr,
- _("%s: cannot create directory %s\n"),
- Prog, user_home);
-#ifdef WITH_AUDIT
- audit_logger (AUDIT_ADD_USER, Prog,
- "adding home directory",
- user_name, (unsigned int) user_id,
- SHADOW_AUDIT_FAILURE);
-#endif
- fail_exit (E_HOMEDIR);
- }
- chown (user_home, user_id, user_gid);
- chmod (user_home,
- 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));
- home_added = true;
+ mkdir_p(user_home);
+ }
+ if (access (user_home, F_OK) != 0) {
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
"adding home directory",
user_name, (unsigned int) user_id,
- SHADOW_AUDIT_SUCCESS);
+ SHADOW_AUDIT_FAILURE);
#endif
-#ifdef WITH_SELINUX
- /* Reset SELinux to create files with default contexts */
- if (reset_selinux_file_context () != 0) {
- fail_exit (E_HOMEDIR);
- }
+ fail_exit (E_HOMEDIR);
+ }
+ chown (user_home, user_id, user_gid);
+ chmod (user_home,
+ 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));
+ home_added = true;
+#ifdef WITH_AUDIT
+ audit_logger (AUDIT_ADD_USER, Prog,
+ "adding home directory",
+ user_name, (unsigned int) user_id,
+ SHADOW_AUDIT_SUCCESS);
#endif
+#ifdef WITH_SELINUX
+ /* Reset SELinux to create files with default contexts */
+ if (reset_selinux_file_context () != 0) {
+ fail_exit (E_HOMEDIR);
}
+#endif
}
/*
--
1.7.9.5

75
meta/recipes-extended/shadow/files/add_root_cmd_groupmems.patch
View File

@@ -1,75 +0,0 @@
Add a --root command option to groupmems utility.
This option allows the utility to be chrooted when run under pseudo.
Signed-off-by: Mikhail Durnev <mikhail_durnev@mentor.com>
diff -Naur old/src/groupmems.c new/src/groupmems.c
--- old/src/groupmems.c 2011-02-13 11:58:16.000000000 -0600
+++ new/src/groupmems.c 2013-05-30 04:45:38.000000000 -0500
@@ -60,6 +60,7 @@
#define EXIT_MEMBER_EXISTS 7 /* member of group already exists */
#define EXIT_INVALID_USER 8 /* specified user does not exist */
#define EXIT_INVALID_GROUP 9 /* specified group does not exist */
+#define EXIT_BAD_ARG 10 /* invalid argument to option */
/*
* Global variables
@@ -79,6 +80,7 @@
static bool is_shadowgrp;
static bool sgr_locked = false;
#endif
+static const char *newroot = "";
/* local function prototypes */
static char *whoami (void);
@@ -368,6 +370,7 @@
"Options:\n"
" -g, --group groupname change groupname instead of the user's group\n"
" (root only)\n"
+ " -R, --root CHROOT_DIR directory to chroot into\n"
"\n"
"Actions:\n"
" -a, --add username add username to the members of the group\n"
@@ -391,10 +394,11 @@
{"group", required_argument, NULL, 'g'},
{"list", no_argument, NULL, 'l'},
{"purge", no_argument, NULL, 'p'},
+ {"root", required_argument, NULL, 'R'},
{NULL, 0, NULL, '\0'}
};
- while ((arg = getopt_long (argc, argv, "a:d:g:lp", long_options,
+ while ((arg = getopt_long (argc, argv, "a:d:g:lpR:", long_options,
&option_index)) != EOF) {
switch (arg) {
case 'a':
@@ -416,6 +420,28 @@
purge = true;
++exclusive;
break;
+ case 'R':
+ if ('/' != optarg[0]) {
+ fprintf (stderr,
+ _("%s: invalid chroot path '%s'\n"),
+ Prog, optarg);
+ exit (EXIT_BAD_ARG);
+ }
+ newroot = optarg;
+
+ if (access (newroot, F_OK) != 0) {
+ fprintf(stderr,
+ _("%s: chroot directory %s does not exist\n"),
+ Prog, newroot);
+ exit (EXIT_BAD_ARG);
+ }
+ if ( chroot(newroot) != 0 ) {
+ fprintf(stderr,
+ _("%s: unable to chroot to directory %s\n"),
+ Prog, newroot);
+ exit (EXIT_BAD_ARG);
+ }
+ break;
default:
usage ();
}

1384
meta/recipes-extended/shadow/files/add_root_cmd_options.patch
View File

File diff suppressed because it is too large Load Diff

215
meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch
View File

@@ -3,20 +3,19 @@ Upstream-Status: Inappropriate [OE specific]
Allow for setting password in clear text.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
src/Makefile.am | 8 ++++----
src/groupadd.c | 8 +++++++-
src/groupmod.c | 9 ++++++++-
src/groupmod.c | 8 +++++++-
src/useradd.c | 9 +++++++--
src/usermod.c | 10 ++++++++--
5 files changed, 34 insertions(+), 10 deletions(-)
src/usermod.c | 8 +++++++-
5 files changed, 32 insertions(+), 9 deletions(-)
diff --git a/src/Makefile.am b/src/Makefile.am
index 6a3b4c5..1ffdbc6 100644
index 25e288d..856b087 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -76,10 +76,10 @@ chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT)
@@ -88,10 +88,10 @@ chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT)
chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT)
gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT)
@@ -29,47 +28,46 @@ index 6a3b4c5..1ffdbc6 100644
grpck_LDADD = $(LDADD) $(LIBSELINUX)
grpconv_LDADD = $(LDADD) $(LIBSELINUX)
grpunconv_LDADD = $(LDADD) $(LIBSELINUX)
@@ -99,9 +99,9 @@ su_SOURCES = \
@@ -111,9 +111,9 @@ su_SOURCES = \
suauth.c
su_LDADD = $(LDADD) $(LIBPAM) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
sulogin_LDADD = $(LDADD) $(LIBCRYPT)
-useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
+useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT)
userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
-usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
+usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT)
-useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR)
+useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBCRYPT)
userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE)
-usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR)
+usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBCRYPT)
vipw_LDADD = $(LDADD) $(LIBSELINUX)
install-am: all-am
diff --git a/src/groupadd.c b/src/groupadd.c
index 66b38de..3157486 100644
index f716f57..4e28c26 100644
--- a/src/groupadd.c
+++ b/src/groupadd.c
@@ -124,6 +124,7 @@ static void usage (void)
@@ -124,6 +124,7 @@ static /*@noreturn@*/void usage (int status)
(void) fputs (_(" -o, --non-unique allow to create groups with duplicate\n"
" (non-unique) GID\n"), stderr);
(void) fputs (_(" -p, --password PASSWORD use this encrypted password for the new group\n"), stderr);
+ (void) fputs (_(" -P, --clear-password PASSWORD use this clear text password for the new group\n"), stderr);
(void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), stderr);
(void) fputs (_(" -r, --system create a system account\n"), stderr);
(void) fputs ("\n", stderr);
@@ -388,13 +389,14 @@ static void process_flags (int argc, char **argv)
{"key", required_argument, NULL, 'K'},
{"non-unique", no_argument, NULL, 'o'},
{"password", required_argument, NULL, 'p'},
" (non-unique) GID\n"), usageout);
(void) fputs (_(" -p, --password PASSWORD use this encrypted password for the new group\n"), usageout);
+ (void) fputs (_(" -P, --clear-password PASSWORD use this clear password for the new group\n"), usageout);
(void) fputs (_(" -r, --system create a system account\n"), usageout);
(void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
(void) fputs ("\n", usageout);
@@ -387,12 +388,13 @@ static void process_flags (int argc, char **argv)
{"key", required_argument, NULL, 'K'},
{"non-unique", no_argument, NULL, 'o'},
{"password", required_argument, NULL, 'p'},
+ {"clear-password", required_argument, NULL, 'P'},
{"root", required_argument, NULL, 'R'},
{"system", no_argument, NULL, 'r'},
{"system", no_argument, NULL, 'r'},
{"root", required_argument, NULL, 'R'},
{NULL, 0, NULL, '\0'}
};
while ((c =
- getopt_long (argc, argv, "fg:hK:op:R:r", long_options,
+ getopt_long (argc, argv, "fg:hK:op:P:R:r", long_options,
&option_index)) != -1) {
- while ((c = getopt_long (argc, argv, "fg:hK:op:rR:",
+ while ((c = getopt_long (argc, argv, "fg:hK:op:P:rR:",
long_options, NULL)) != -1) {
switch (c) {
case 'f':
@@ -446,6 +448,10 @@ static void process_flags (int argc, char **argv)
@@ -444,6 +446,10 @@ static void process_flags (int argc, char **argv)
pflg = true;
group_passwd = optarg;
break;
@@ -77,37 +75,35 @@ index 66b38de..3157486 100644
+ pflg = true;
+ group_passwd = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
+ break;
case 'R':
if ('/' != optarg[0]) {
fprintf (stderr,
case 'r':
rflg = true;
break;
diff --git a/src/groupmod.c b/src/groupmod.c
index 27eb159..17acbc3 100644
index d9d3807..68f49d1 100644
--- a/src/groupmod.c
+++ b/src/groupmod.c
@@ -127,6 +127,8 @@ static void usage (void)
(void) fputs (_(" -o, --non-unique allow to use a duplicate (non-unique) GID\n"), stderr);
@@ -127,6 +127,7 @@ static void usage (int status)
(void) fputs (_(" -o, --non-unique allow to use a duplicate (non-unique) GID\n"), usageout);
(void) fputs (_(" -p, --password PASSWORD change the password to this (encrypted)\n"
" PASSWORD\n"), stderr);
+ (void) fputs (_(" -P, --clear-password PASSWORD change the password to this (clear text)\n"
+ " PASSWORD\n"), stderr);
(void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), stderr);
(void) fputs ("\n", stderr);
exit (E_USAGE);
@@ -348,11 +350,12 @@ static void process_flags (int argc, char **argv)
{"new-name", required_argument, NULL, 'n'},
{"non-unique", no_argument, NULL, 'o'},
{"password", required_argument, NULL, 'p'},
" PASSWORD\n"), usageout);
+ (void) fputs (_(" -P, --clear-password PASSWORD change the password to this clear PASSWORD\n"), usageout);
(void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
(void) fputs ("\n", usageout);
exit (status);
@@ -375,10 +376,11 @@ static void process_flags (int argc, char **argv)
{"new-name", required_argument, NULL, 'n'},
{"non-unique", no_argument, NULL, 'o'},
{"password", required_argument, NULL, 'p'},
+ {"clear-password", required_argument, NULL, 'P'},
{"root", required_argument, NULL, 'R'},
{"root", required_argument, NULL, 'R'},
{NULL, 0, NULL, '\0'}
};
while ((c =
- getopt_long (argc, argv, "g:hn:op:R:",
+ getopt_long (argc, argv, "g:hn:op:P:R:",
long_options, &option_index)) != -1) {
- while ((c = getopt_long (argc, argv, "g:hn:op:R:",
+ while ((c = getopt_long (argc, argv, "g:hn:op:P:R:",
long_options, NULL)) != -1) {
switch (c) {
case 'g':
@@ -376,6 +379,10 @@ static void process_flags (int argc, char **argv)
@@ -405,6 +407,10 @@ static void process_flags (int argc, char **argv)
group_passwd = optarg;
pflg = true;
break;
@@ -115,84 +111,81 @@ index 27eb159..17acbc3 100644
+ group_passwd = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
+ pflg = true;
+ break;
case 'R':
if ('/' != optarg[0]) {
fprintf (stderr,
case 'R': /* no-op, handled in process_root_flag () */
break;
default:
diff --git a/src/useradd.c b/src/useradd.c
index 2102630..390909c 100644
index b3bd451..4416f90 100644
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -716,6 +716,7 @@ static void usage (void)
@@ -773,6 +773,7 @@ static void usage (int status)
(void) fputs (_(" -o, --non-unique allow to create users with duplicate\n"
" (non-unique) UID\n"), stderr);
(void) fputs (_(" -p, --password PASSWORD encrypted password of the new account\n"), stderr);
+ (void) fputs (_(" -P, --clear-password PASSWORD clear text password of the new account\n"), stderr);
(void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), stderr);
(void) fputs (_(" -r, --system create a system account\n"), stderr);
(void) fputs (_(" -s, --shell SHELL login shell of the new account\n"), stderr);
@@ -1035,6 +1036,7 @@ static void process_flags (int argc, char **argv)
{"no-user-group", no_argument, NULL, 'N'},
{"non-unique", no_argument, NULL, 'o'},
{"password", required_argument, NULL, 'p'},
" (non-unique) UID\n"), usageout);
(void) fputs (_(" -p, --password PASSWORD encrypted password of the new account\n"), usageout);
+ (void) fputs (_(" -P, --clear-password PASSWORD clear password of the new account\n"), usageout);
(void) fputs (_(" -r, --system create a system account\n"), usageout);
(void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
(void) fputs (_(" -s, --shell SHELL login shell of the new account\n"), usageout);
@@ -1047,6 +1048,7 @@ static void process_flags (int argc, char **argv)
{"no-user-group", no_argument, NULL, 'N'},
{"non-unique", no_argument, NULL, 'o'},
{"password", required_argument, NULL, 'p'},
+ {"clear-password", required_argument, NULL, 'P'},
{"root", required_argument, NULL, 'R'},
{"system", no_argument, NULL, 'r'},
{"shell", required_argument, NULL, 's'},
@@ -1047,9 +1049,9 @@ static void process_flags (int argc, char **argv)
{"system", no_argument, NULL, 'r'},
{"root", required_argument, NULL, 'R'},
{"shell", required_argument, NULL, 's'},
@@ -1059,9 +1061,9 @@ static void process_flags (int argc, char **argv)
};
while ((c = getopt_long (argc, argv,
#ifdef WITH_SELINUX
- "b:c:d:De:f:g:G:k:K:lmMNop:R:rs:u:UZ:",
+ "b:c:d:De:f:g:G:k:K:lmMNop:P:R:rs:u:UZ:",
#else
- "b:c:d:De:f:g:G:k:K:lmMNop:R:rs:u:U",
+ "b:c:d:De:f:g:G:k:K:lmMNop:P:R:rs:u:U",
#endif
- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:UZ:",
+ "b:c:d:De:f:g:G:hk:K:lmMNop:P:rR:s:u:UZ:",
#else /* !WITH_SELINUX */
- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:U",
+ "b:c:d:De:f:g:G:hk:K:lmMNop:P:rR:s:u:U",
#endif /* !WITH_SELINUX */
long_options, NULL)) != -1) {
switch (c) {
@@ -1214,6 +1216,9 @@ static void process_flags (int argc, char **argv)
@@ -1227,6 +1229,9 @@ static void process_flags (int argc, char **argv)
}
user_pass = optarg;
break;
+ case 'P': /* set clear text password */
+ case 'P': /* set clear text password */
+ user_pass = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
+ break;
case 'R':
/* no-op since we handled this in process_root_flag() earlier */
case 'r':
rflg = true;
break;
diff --git a/src/usermod.c b/src/usermod.c
index 8363597..f4c1cee 100644
index e7d4351..b79f7a3 100644
--- a/src/usermod.c
+++ b/src/usermod.c
@@ -325,6 +325,7 @@ static void usage (void)
" new location (use only with -d)\n"
" -o, --non-unique allow using duplicate (non-unique) UID\n"
" -p, --password PASSWORD use encrypted password for the new password\n"
+ " -P, --clear-password PASSWORD use clear text password for the new password\n"
" -R --root CHROOT_DIR directory to chroot into\n"
" -s, --shell SHELL new login shell for the user account\n"
" -u, --uid UID new UID for the user account\n"
@@ -950,6 +951,7 @@ static void process_flags (int argc, char **argv)
{"move-home", no_argument, NULL, 'm'},
{"non-unique", no_argument, NULL, 'o'},
{"password", required_argument, NULL, 'p'},
@@ -419,6 +419,7 @@ static /*@noreturn@*/void usage (int status)
" new location (use only with -d)\n"), usageout);
(void) fputs (_(" -o, --non-unique allow using duplicate (non-unique) UID\n"), usageout);
(void) fputs (_(" -p, --password PASSWORD use encrypted password for the new password\n"), usageout);
+ (void) fputs (_(" -P, --clear-password PASSWORD use clear password for the new password\n"), usageout);
(void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
(void) fputs (_(" -s, --shell SHELL new login shell for the user account\n"), usageout);
(void) fputs (_(" -u, --uid UID new UID for the user account\n"), usageout);
@@ -996,6 +997,7 @@ static void process_flags (int argc, char **argv)
{"move-home", no_argument, NULL, 'm'},
{"non-unique", no_argument, NULL, 'o'},
{"password", required_argument, NULL, 'p'},
+ {"clear-password", required_argument, NULL, 'P'},
{"root", required_argument, NULL, 'R'},
#ifdef WITH_SELINUX
{"selinux-user", required_argument, NULL, 'Z'},
@@ -961,9 +963,9 @@ static void process_flags (int argc, char **argv)
{"root", required_argument, NULL, 'R'},
{"shell", required_argument, NULL, 's'},
{"uid", required_argument, NULL, 'u'},
@@ -1012,7 +1014,7 @@ static void process_flags (int argc, char **argv)
{NULL, 0, NULL, '\0'}
};
while ((c = getopt_long (argc, argv,
#ifdef WITH_SELINUX
- "ac:d:e:f:g:G:hl:Lmop:R:s:u:UZ:",
+ "ac:d:e:f:g:G:hl:Lmop:P:R:s:u:UZ:",
#else
- "ac:d:e:f:g:G:hl:Lmop:R:s:u:U",
+ "ac:d:e:f:g:G:hl:Lmop:P:R:s:u:U",
#endif
long_options, NULL)) != -1) {
switch (c) {
@@ -1055,6 +1057,10 @@ static void process_flags (int argc, char **argv)
- "ac:d:e:f:g:G:hl:Lmop:R:s:u:U"
+ "ac:d:e:f:g:G:hl:Lmop:P:R:s:u:U"
#ifdef ENABLE_SUBIDS
"v:w:V:W:"
#endif /* ENABLE_SUBIDS */
@@ -1112,6 +1114,10 @@ static void process_flags (int argc, char **argv)
user_pass = optarg;
pflg = true;
break;
@@ -200,9 +193,9 @@ index 8363597..f4c1cee 100644
+ user_pass = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
+ pflg = true;
+ break;
case 'R':
/* no-op since we handled this in process_root_flag() earlier */
case 'R': /* no-op, handled in process_root_flag () */
break;
case 's':
--
1.7.9.5

46
meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch Normal file
View File

@@ -0,0 +1,46 @@
Upstream-Status: Inappropriate [OE specific]
commonio.c: fix unexpected open failure in chroot environment
When using commands with '-R <newroot>' option in our pseudo environment,
we would usually get the 'Pemission Denied' error. This patch serves as
a workaround to this problem.
Note that this patch doesn't change the logic in the code, it just expands
the codes.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
lib/commonio.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/lib/commonio.c b/lib/commonio.c
index cc536bf..51cafd9 100644
--- a/lib/commonio.c
+++ b/lib/commonio.c
@@ -613,10 +613,18 @@ int commonio_open (struct commonio_db *db, int mode)
db->cursor = NULL;
db->changed = false;
- fd = open (db->filename,
- (db->readonly ? O_RDONLY : O_RDWR)
- | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW);
- saved_errno = errno;
+ if (db->readonly) {
+ fd = open (db->filename,
+ (true ? O_RDONLY : O_RDWR)
+ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW);
+ saved_errno = errno;
+ } else {
+ fd = open (db->filename,
+ (false ? O_RDONLY : O_RDWR)
+ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW);
+ saved_errno = errno;
+ }
+
db->fp = NULL;
if (fd >= 0) {
#ifdef WITH_TCB
--
1.7.9.5

36
meta/recipes-extended/shadow/files/fix-etc-gshadow-reading.patch
View File

@@ -1,36 +0,0 @@
shadow: Fix parsing of gshadow entries
Upstream-Status: Backport [http://anonscm.debian.org/viewvc/pkg-shadow?view=revision&revision=3096]
newgrp command does not function properly.
Even with the valid password, it outputs: "'Invalid password'"
Signed-off-by: Roy.Li <rongqing.li@windriver.com>
2010-02-14 Michael Bunk <mb@computer-leipzig.com>
* NEWS, lib/gshadow.c: Fix parsing of gshadow entries.
diff -urpN a/lib/gshadow.c b/lib/gshadow.c
--- a/lib/gshadow.c 2013-07-11 10:18:15.745450428 +0800
+++ b/lib/gshadow.c 2013-07-11 10:17:30.465450280 +0800
@@ -222,6 +222,7 @@ void endsgent (void)
if (NULL == buf) {
return NULL;
}
+ buflen = BUFSIZ;
}
if (NULL == fp) {
@@ -229,9 +230,9 @@ void endsgent (void)
}
#ifdef USE_NIS
- while (fgetsx (buf, (int) sizeof buf, fp) == buf)
+ while (fgetsx (buf, (int) buflen, fp) == buf)
#else
- if (fgetsx (buf, (int) sizeof buf, fp) == buf)
+ if (fgetsx (buf, (int) buflen, fp) == buf)
#endif
{
while ( ((cp = strrchr (buf, '\n')) == NULL)

28
meta/recipes-extended/shadow/files/fix-installation-failure-with-subids-disabled.patch Normal file
View File

@@ -0,0 +1,28 @@
Upstream-Status: Pending
Subject: fix installation failure with subids disabled
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
src/Makefile.am | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/Makefile.am b/src/Makefile.am
index 25e288d..076f8ef 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -52,7 +52,10 @@ usbin_PROGRAMS = \
noinst_PROGRAMS = id sulogin
suidbins = su
-suidubins = chage chfn chsh expiry gpasswd newgrp passwd newuidmap newgidmap
+suidubins = chage chfn chsh expiry gpasswd newgrp passwd
+if ENABLE_SUBIDS
+suidubins += newgidmap newuidmap
+endif
if ACCT_TOOLS_SETUID
suidubins += chage chgpasswd chpasswd groupadd groupdel groupmod newusers useradd userdel usermod
endif
--
1.7.9.5

31
meta/recipes-extended/shadow/files/shadow-4.1.4.2-env-reset-keep-locale.patch
View File

@@ -1,31 +0,0 @@
# commit message copied from openembedded:
# commit 246c80637b135f3a113d319b163422f98174ee6c
# Author: Khem Raj <raj.khem@gmail.com>
# Date: Wed Jun 9 13:37:03 2010 -0700
#
# shadow-4.1.4.2: Add patches to support dots in login id.
#
# Signed-off-by: Khem Raj <raj.khem@gmail.com>
#
# comment added by Kevin Tian <kevin.tian@intel.com>, 2010-08-11
http://bugs.gentoo.org/283725
https://alioth.debian.org/tracker/index.php?func=detail&aid=311740&group_id=30580&atid=411480
Upstream-Status: Pending
Signed-off-by: Scott Garman <scott.a.garman@intel.com>
Index: shadow-4.1.4.2/libmisc/env.c
===================================================================
--- shadow-4.1.4.2.orig/libmisc/env.c 2009-04-27 13:07:56.000000000 -0700
+++ shadow-4.1.4.2/libmisc/env.c 2010-06-03 17:44:51.456408474 -0700
@@ -251,7 +251,7 @@ void sanitize_env (void)
if (strncmp (*cur, *bad, strlen (*bad)) != 0) {
continue;
}
- if (strchr (*cur, '/') != NULL) {
+ if (strchr (*cur, '/') == NULL) {
continue; /* OK */
}
for (move = cur; NULL != *move; move++) {

36
meta/recipes-extended/shadow/files/shadow-4.1.4.2-groupmod-pam-check.patch
View File

@@ -1,36 +0,0 @@
# commit message copied from openembedded:
# commit 246c80637b135f3a113d319b163422f98174ee6c
# Author: Khem Raj <raj.khem@gmail.com>
# Date: Wed Jun 9 13:37:03 2010 -0700
#
# shadow-4.1.4.2: Add patches to support dots in login id.
#
# Signed-off-by: Khem Raj <raj.khem@gmail.com>
#
# comment added by Kevin Tian <kevin.tian@intel.com>, 2010-08-11
http://bugs.gentoo.org/300790
http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/2009-November/007850.html
2009-11-05 Nicolas François <nicolas.francois@centraliens.net>
* NEWS, src/groupmod.c: Fixed groupmod when configured with
--enable-account-tools-setuid.
Upstream-Status: Pending
Signed-off-by: Scott Garman <scott.a.garman@intel.com>
Index: shadow-4.1.4.2/src/groupmod.c
===================================================================
--- shadow-4.1.4.2.orig/src/groupmod.c 2009-06-05 15:16:58.000000000 -0700
+++ shadow-4.1.4.2/src/groupmod.c 2010-06-03 17:45:43.828952613 -0700
@@ -720,7 +720,7 @@ int main (int argc, char **argv)
{
struct passwd *pampw;
pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
- if (NULL == pamh) {
+ if (NULL == pampw) {
fprintf (stderr,
_("%s: Cannot determine your user name.\n"),
Prog);

31
meta/recipes-extended/shadow/files/shadow-4.1.4.2-su_no_sanitize_env.patch
View File

@@ -1,31 +0,0 @@
# commit message copied from openembedded:
# commit 246c80637b135f3a113d319b163422f98174ee6c
# Author: Khem Raj <raj.khem@gmail.com>
# Date: Wed Jun 9 13:37:03 2010 -0700
#
# shadow-4.1.4.2: Add patches to support dots in login id.
#
# Signed-off-by: Khem Raj <raj.khem@gmail.com>
#
# comment added by Kevin Tian <kevin.tian@intel.com>, 2010-08-11
http://bugs.gentoo.org/show_bug.cgi?id=301957
https://alioth.debian.org/scm/browser.php?group_id=30580
Upstream-Status: Pending
Signed-off-by: Scott Garman <scott.a.garman@intel.com>
Index: shadow-4.1.4.2/src/su.c
===================================================================
--- shadow-4.1.4.2.orig/src/su.c 2009-07-23 13:38:56.000000000 -0700
+++ shadow-4.1.4.2/src/su.c 2010-06-03 17:46:47.718944010 -0700
@@ -378,7 +378,7 @@ int main (int argc, char **argv)
#endif
#endif /* !USE_PAM */
- sanitize_env ();
+ /* sanitize_env (); */
(void) setlocale (LC_ALL, "");
(void) bindtextdomain (PACKAGE, LOCALEDIR);

106
meta/recipes-extended/shadow/files/shadow.automake-1.11.patch
View File

@@ -1,106 +0,0 @@
# patch is from openembedded:
# commit 2db61370333f7a2fc1dbb86385734883387e0217
# Author: Martin Jansa <Martin.Jansa@gmail.com>
# Date: Fri Apr 2 07:34:46 2010 +0200
#
# shadow: fix do_install with automake-1.11
#
# Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
#
# comment added by Kevin Tian <kevin.tian@intel.com>
man_nopan is for !USE_PAM already included in man_MANS and automake-1.11 hates to install some file twice
Upstream-Status: Pending
Signed-off-by: Scott Garman <scott.a.garman@intel.com>
diff -uNr shadow-4.1.4.2.orig/man/Makefile.am shadow-4.1.4.2/man/Makefile.am
--- shadow-4.1.4.2.orig/man/Makefile.am 2009-03-14 15:40:10.000000000 +0100
+++ shadow-4.1.4.2/man/Makefile.am 2010-04-02 07:31:17.000000000 +0200
@@ -163,7 +163,6 @@
$(man_MANS) \
$(man_XMANS) \
$(addprefix login.defs.d/,$(login_defs_v)) \
- $(man_nopam) \
id.1 \
id.1.xml \
sulogin.8 \
diff -uNr shadow-4.1.4.2.orig/man/fr/Makefile.am shadow-4.1.4.2/man/fr/Makefile.am
--- shadow-4.1.4.2.orig/man/fr/Makefile.am 2008-09-06 18:44:45.000000000 +0200
+++ shadow-4.1.4.2/man/fr/Makefile.am 2010-04-02 07:42:11.000000000 +0200
@@ -52,7 +52,6 @@
EXTRA_DIST = \
$(man_MANS) \
- $(man_nopam) \
id.1
include ../generate_translations.mak
diff -uNr shadow-4.1.4.2.orig/man/it/Makefile.am shadow-4.1.4.2/man/it/Makefile.am
--- shadow-4.1.4.2.orig/man/it/Makefile.am 2008-09-06 18:44:45.000000000 +0200
+++ shadow-4.1.4.2/man/it/Makefile.am 2010-04-02 07:42:20.000000000 +0200
@@ -46,7 +46,6 @@
EXTRA_DIST = \
$(man_MANS) \
- $(man_nopam) \
id.1 \
logoutd.8
diff -uNr shadow-4.1.4.2.orig/man/ja/Makefile.am shadow-4.1.4.2/man/ja/Makefile.am
--- shadow-4.1.4.2.orig/man/ja/Makefile.am 2007-12-31 17:48:28.000000000 +0100
+++ shadow-4.1.4.2/man/ja/Makefile.am 2010-04-02 07:42:17.000000000 +0200
@@ -49,7 +49,6 @@
EXTRA_DIST = \
$(man_MANS) \
- $(man_nopam) \
id.1 \
shadow.3 \
sulogin.8
diff -uNr shadow-4.1.4.2.orig/man/pl/Makefile.am shadow-4.1.4.2/man/pl/Makefile.am
--- shadow-4.1.4.2.orig/man/pl/Makefile.am 2008-09-06 18:44:45.000000000 +0200
+++ shadow-4.1.4.2/man/pl/Makefile.am 2010-04-02 07:42:07.000000000 +0200
@@ -49,7 +49,6 @@
EXTRA_DIST = \
$(man_MANS) \
- $(man_nopam) \
getspnam.3 \
id.1 \
shadow.3 \
diff -uNr shadow-4.1.4.2.orig/man/ru/Makefile.am shadow-4.1.4.2/man/ru/Makefile.am
--- shadow-4.1.4.2.orig/man/ru/Makefile.am 2010-04-02 07:39:00.000000000 +0200
+++ shadow-4.1.4.2/man/ru/Makefile.am 2010-04-02 07:42:01.000000000 +0200
@@ -54,7 +54,6 @@
EXTRA_DIST = \
$(man_MANS) \
- $(man_nopam) \
id.1 \
sulogin.8
diff -uNr shadow-4.1.4.2.orig/man/sv/Makefile.am shadow-4.1.4.2/man/sv/Makefile.am
--- shadow-4.1.4.2.orig/man/sv/Makefile.am 2008-09-06 18:44:45.000000000 +0200
+++ shadow-4.1.4.2/man/sv/Makefile.am 2010-04-02 07:42:24.000000000 +0200
@@ -53,8 +53,7 @@
endif
EXTRA_DIST = \
- $(man_MANS) \
- $(man_nopam)
+ $(man_MANS)
include ../generate_translations.mak
--- shadow-4.1.4.2.orig/man/ru/Makefile.am 2010-04-02 07:54:09.000000000 +0200
+++ shadow-4.1.4.2/man/ru/Makefile.am 2010-04-02 07:51:57.000000000 +0200
@@ -1,7 +1,6 @@
mandir = @mandir@/ru
man_MANS = \
- $(man_nopam) \
chage.1 \
chfn.1 \
chgpasswd.8 \

23
meta/recipes-extended/shadow/files/shadow_fix_for_automake-1.12.patch
View File

@@ -1,23 +0,0 @@
Upstream-Status: pending
Automake 1.12 has deprecated automatic de-ANSI-fication support
This patch avoids this issue with automake 1.12:
| configure.in:22: error: automatic de-ANSI-fication support has been removed
Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com>
2012/05/02
Index: shadow-4.1.4.3/configure.in
===================================================================
--- shadow-4.1.4.3.orig/configure.in
+++ shadow-4.1.4.3/configure.in
@@ -19,7 +19,6 @@ AC_PROG_CC
AC_ISC_POSIX
AC_PROG_LN_S
AC_PROG_YACC
-AM_C_PROTOTYPES
AM_PROG_LIBTOOL
dnl Checks for libraries.

63
meta/recipes-extended/shadow/files/slackware_fix_for_glib-2.17_crypt.patch
View File

@@ -1,63 +0,0 @@
This patch is from Slackware, I tried to find the actual
author to add that attribution. The comment below is the
best summary, I will not repeat it here.
Upstream-Status: Backport from slackware
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Index: shadow-4.1.4.3/lib/encrypt.c
===================================================================
--- shadow-4.1.4.3.orig/lib/encrypt.c
+++ shadow-4.1.4.3/lib/encrypt.c
@@ -45,15 +45,40 @@ char *pw_encrypt (const char *clear, con
static char cipher[128];
char *cp;
- cp = crypt (clear, salt);
- if (!cp) {
- /*
- * Single Unix Spec: crypt() may return a null pointer,
- * and set errno to indicate an error. The caller doesn't
- * expect us to return NULL, so...
- */
- perror ("crypt");
- exit (EXIT_FAILURE);
+ cp = crypt (clear, salt);
+ if (!cp) {
+ /*
+ * In glibc-2.17 and newer, crypt() will return NULL if
+ * it was called using an invalid salt format. Previous
+ * versions of glibc would go ahead and compute a DES hash
+ * using the invalid salt. The salt value in this case was
+ * always '!'. We might arrive at this place if either the
+ * user does not exist, or if the hash in /etc/shadow doesn't
+ * have the proper magic for one of the supported hash
+ * formats (for example, if the account was locked using
+ * "passwd -l". To handle this situation, we will recompute
+ * the hash using a hardcoded salt as was previously done
+ * by glibc. The hash returned by the old glibc function
+ * always began with "!!", which would ensure that it could
+ * never match an otherwise valid hash in /etc/shadow that
+ * was disabled with a "!" at the beginning (since the second
+ * character would never be "!" as well), so we will also
+ * prepend the resulting hash with "!!". Finally, in case
+ * crypt() failed for some other reason we will check to see
+ * if we still get NULL from crypt even with the valid salt
+ * and will fail if that's the case.
+ */
+
+ /* Recalculate hash using a hardcoded, valid SHA512 salt: */
+ cp = crypt (clear, "$6$8IIcy/1EPOk/");
+
+ if (!cp) {
+ perror ("crypt");
+ exit (EXIT_FAILURE);
+ } else {
+ sprintf (cipher, "!!%s", cp);
+ return cipher;
+ }
}
/* The GNU crypt does not return NULL if the algorithm is not

17
meta/recipes-extended/shadow/files/useradd.patch
View File

@@ -1,17 +0,0 @@
Work around a bug introduced with the --root option which was causing
all other arguments to be ignored.
Upstream-Status: inappropriate
Signed-off-by: Phil Blundell <philb@gnu.org>
--- a/src/useradd.c~ 2011-09-01 15:36:40.398234861 +0100
+++ b/src/useradd.c 2011-09-01 17:29:00.782004133 +0100
@@ -1957,6 +1957,8 @@
get_defaults ();
+ optind = 1;
+
process_flags (argc, argv);
#ifdef ACCT_TOOLS_SETUID

33
meta/recipes-extended/shadow/files/usermod-fix-compilation-failure-with-subids-disabled.patch Normal file
View File

@@ -0,0 +1,33 @@
Upstream-Status: Pending
usermod: fix compilation failure with subids disabled
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
src/usermod.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/usermod.c b/src/usermod.c
index e7d4351..685b50a 100644
--- a/src/usermod.c
+++ b/src/usermod.c
@@ -1360,7 +1360,7 @@ static void process_flags (int argc, char **argv)
Prog, (unsigned long) user_newid);
exit (E_UID_IN_USE);
}
-
+#ifdef ENABLE_SUBIDS
if ( (vflg || Vflg)
&& !is_sub_uid) {
fprintf (stderr,
@@ -1376,6 +1376,7 @@ static void process_flags (int argc, char **argv)
Prog, sub_gid_dbname (), "-w", "-W");
exit (E_USAGE);
}
+#endif
}
/*
--
1.7.9.5

0
meta/recipes-extended/shadow/shadow-securetty_4.1.4.3.bb → meta/recipes-extended/shadow/shadow-securetty_4.2.1.bb
View File

0
meta/recipes-extended/shadow/shadow-sysroot_4.1.4.3.bb → meta/recipes-extended/shadow/shadow-sysroot_4.2.1.bb
View File

36
meta/recipes-extended/shadow/shadow.inc
View File

@@ -1,50 +1,39 @@
SUMMARY = "Tools to change and administer password and group data"
HOMEPAGE = "http://pkg-shadow.alioth.debian.org"
BUGTRACKER = "https://alioth.debian.org/tracker/?group_id=30580"
SECTION = "base utils"
SECTION = "base/utils"
LICENSE = "BSD | Artistic-1.0"
LIC_FILES_CHKSUM = "file://COPYING;md5=08c553a87d4e51bbed50b20e0adcaede \
LIC_FILES_CHKSUM = "file://COPYING;md5=ed80ff1c2b40843cf5768e5229cf16e5 \
file://src/passwd.c;beginline=8;endline=30;md5=d83888ea14ae61951982d77125947661"
DEPENDS = "shadow-native"
DEPENDS_class-native = ""
DEPENDS_class-nativesdk = ""
SRC_URI = "http://pkg-shadow.alioth.debian.org/releases/${BPN}-${PV}.tar.bz2 \
file://shadow.automake-1.11.patch \
file://shadow_fix_for_automake-1.12.patch \
SRC_URI = "http://pkg-shadow.alioth.debian.org/releases/${BPN}-${PV}.tar.xz \
file://shadow-4.1.3-dots-in-usernames.patch \
file://shadow-4.1.4.2-env-reset-keep-locale.patch \
file://usermod-fix-compilation-failure-with-subids-disabled.patch \
file://fix-installation-failure-with-subids-disabled.patch \
${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \
"
SRC_URI_append_class-target = " \
file://login_defs_pam.sed \
file://shadow-4.1.4.2-groupmod-pam-check.patch \
file://shadow-4.1.4.2-su_no_sanitize_env.patch \
file://shadow-update-pam-conf.patch \
file://slackware_fix_for_glib-2.17_crypt.patch \
file://fix-etc-gshadow-reading.patch \
"
SRC_URI_append_class-native = " \
file://add_root_cmd_options.patch \
file://disable-syslog.patch \
file://useradd.patch \
file://add_root_cmd_groupmems.patch \
file://allow-for-setting-password-in-clear-text.patch \
file://commonio.c-fix-unexpected-open-failure-in-chroot-env.patch \
file://0001-useradd.c-create-parent-directories-when-necessary.patch \
"
SRC_URI_append_class-nativesdk = " \
file://add_root_cmd_options.patch \
file://disable-syslog.patch \
file://useradd.patch \
file://add_root_cmd_groupmems.patch \
"
SRC_URI[md5sum] = "b8608d8294ac88974f27b20f991c0e79"
SRC_URI[sha256sum] = "633f5bb4ea0c88c55f3642c97f9d25cbef74f82e0b4cf8d54e7ad6f9f9caa778"
PR = "r14"
SRC_URI[md5sum] = "2bfafe7d4962682d31b5eba65dba4fc8"
SRC_URI[sha256sum] = "3b0893d1476766868cd88920f4f1231c4795652aa407569faff802bcda0f3d41"
# Additional Policy files for PAM
PAM_SRC_URI = "file://pam.d/chfn \
@@ -61,6 +50,7 @@ EXTRA_OECONF += "--without-audit \
--without-libcrack \
--without-selinux \
--with-group-name-max-length=24 \
--enable-subordinate-ids=no \
${NSCDOPT}"
NSCDOPT = ""
@@ -166,11 +156,11 @@ ALTERNATIVE_LINK_NAME[su] = "${base_bindir}/su"
pkg_postinst_${PN} () {
if [ "x$D" != "x" ]; then
rootarg="--root=$D"
rootarg="--root $D"
else
rootarg=""
fi
pwconv $rootarg
grpconv $rootarg
pwconv $rootarg || exit 1
grpconv $rootarg || exit 1
}

0
meta/recipes-extended/shadow/shadow_4.1.4.3.bb → meta/recipes-extended/shadow/shadow_4.2.1.bb
View File