shadow: musl now supports secure_getenv

This fixed a potential security vulnerability on musl and made the patch obsolete. (From OE-Core rev: 30b6ae3084f63df437a4d6dd859bca674ca01e12) Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2026-04-26 18:32:13 +02:00 · 2019-08-18 18:00:31 +03:00
parent f45a48887f
commit fe6d059212
2 changed files with 0 additions and 72 deletions
--- a/meta/recipes-extended/shadow/files/0002-gettime-Use-secure_getenv-over-getenv.patch
+++ b/meta/recipes-extended/shadow/files/0002-gettime-Use-secure_getenv-over-getenv.patch
@@ -1,71 +0,0 @@
-From 3d921155e0a761f61c8f1ec37328724aee1e2eda Mon Sep 17 00:00:00 2001
-From: Chris Lamb <chris@chris-lamb.co.uk>
-Date: Sun, 31 Mar 2019 15:59:45 +0100
-Subject: [PATCH 2/2] gettime: Use secure_getenv over getenv.
-
-Upstream-Status: Backport
-Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
---
- README            | 1 +
- configure.ac      | 3 +++
- lib/defines.h     | 6 ++++++
- libmisc/gettime.c | 2 +-
- 4 files changed, 11 insertions(+), 1 deletion(-)
-
-diff --git a/README b/README
-index 952ac5787f06..26cfff1e8fa8 100644
--- a/README
-+++ b/README
-@@ -51,6 +51,7 @@ Brian R. Gaeke <brg@dgate.org>
- Calle Karlsson <ckn@kash.se>
- Chip Rosenthal <chip@unicom.com>
- Chris Evans <lady0110@sable.ox.ac.uk>
-+Chris Lamb <chris@chris-lamb.co.uk>
- Cristian Gafton <gafton@sorosis.ro>
- Dan Walsh <dwalsh@redhat.com>
- Darcy Boese <possum@chardonnay.niagara.com>
-diff --git a/configure.ac b/configure.ac
-index da236722766b..a738ad662cc3 100644
--- a/configure.ac
-+++ b/configure.ac
-@@ -110,6 +110,9 @@ AC_REPLACE_FUNCS(sgetgrent sgetpwent sgetspent)
- AC_REPLACE_FUNCS(snprintf strcasecmp strdup strerror strstr)
- 
- AC_CHECK_FUNC(setpgrp)
-+AC_CHECK_FUNC(secure_getenv, [AC_DEFINE(HAS_SECURE_GETENV,
-+                                        1,
-+                                        [Defined to 1 if you have the declaration of 'secure_getenv'])])
- 
- if test "$ac_cv_header_shadow_h" = "yes"; then
- 	AC_CACHE_CHECK(for working shadow group support,
-diff --git a/lib/defines.h b/lib/defines.h
-index cded1417fd12..2fb1b56eca6b 100644
--- a/lib/defines.h
-+++ b/lib/defines.h
-@@ -382,4 +382,10 @@ extern char *strerror ();
- # endif
- #endif
- 
-+#ifdef HAVE_SECURE_GETENV
-+#  define shadow_getenv(name) secure_getenv(name)
-+# else
-+#  define shadow_getenv(name) getenv(name)
-+#endif
-+
- #endif				/* _DEFINES_H_ */
-diff --git a/libmisc/gettime.c b/libmisc/gettime.c
-index 53eaf51670bb..0e25a4b75061 100644
--- a/libmisc/gettime.c
-+++ b/libmisc/gettime.c
-@@ -52,7 +52,7 @@
- 	unsigned long long epoch;
- 
- 	fallback = time (NULL);
-	source_date_epoch = getenv ("SOURCE_DATE_EPOCH");
-+	source_date_epoch = shadow_getenv ("SOURCE_DATE_EPOCH");
- 
- 	if (!source_date_epoch)
- 		return fallback;
-- 
-2.17.1
-
--- a/meta/recipes-extended/shadow/shadow.inc
+++ b/meta/recipes-extended/shadow/shadow.inc
@@ -12,7 +12,6 @@ UPSTREAM_CHECK_URI = "https://github.com/shadow-maint/shadow/releases"
 SRC_URI = "https://github.com/shadow-maint/shadow/releases/download/${PV}/${BP}.tar.gz \
           file://shadow-4.1.3-dots-in-usernames.patch \
           file://0001-Make-the-sp_lstchg-shadow-field-reproducible-re.-71.patch  \
-           file://0002-gettime-Use-secure_getenv-over-getenv.patch \
           file://0001-configure.ac-fix-configure-error-with-dash.patch \
           ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \
           "