From: "Alexander Kanavin" <alex.kanavin@gmail.com>
To: openembedded-core@lists.openembedded.org
Cc: Alexander Kanavin <alex.kanavin@gmail.com>
Subject: [PATCH 11/22] libpam: update 1.3.1 -> 1.5.1
Date: Mon, 28 Dec 2020 21:04:25 +0100 [thread overview]
Message-ID: <20201228200436.78130-11-alex.kanavin@gmail.com> (raw)
In-Reply-To: <20201228200436.78130-1-alex.kanavin@gmail.com>
Remove crypt_configure.patch, issue fixed upstream.
Remove pam-security-abstract-securetty-handling.patch and
pam-unix-nullok-secure.patch, patches coming from debian,
difficult to rebase, and their purpose is unclear.
Disable doc generation, as libpam messes up native and target
compiler options.
Adjust dependencies and packaging.
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
---
...space-Makefile.am-correctly-install-.patch | 28 +++
.../pam/libpam/crypt_configure.patch | 40 ----
...security-abstract-securetty-handling.patch | 203 ------------------
.../pam/libpam/pam-unix-nullok-secure.patch | 195 -----------------
.../pam/{libpam_1.3.1.bb => libpam_1.5.1.bb} | 17 +-
5 files changed, 35 insertions(+), 448 deletions(-)
create mode 100644 meta/recipes-extended/pam/libpam/0001-modules-pam_namespace-Makefile.am-correctly-install-.patch
delete mode 100644 meta/recipes-extended/pam/libpam/crypt_configure.patch
delete mode 100644 meta/recipes-extended/pam/libpam/pam-security-abstract-securetty-handling.patch
delete mode 100644 meta/recipes-extended/pam/libpam/pam-unix-nullok-secure.patch
rename meta/recipes-extended/pam/{libpam_1.3.1.bb => libpam_1.5.1.bb} (93%)
diff --git a/meta/recipes-extended/pam/libpam/0001-modules-pam_namespace-Makefile.am-correctly-install-.patch b/meta/recipes-extended/pam/libpam/0001-modules-pam_namespace-Makefile.am-correctly-install-.patch
new file mode 100644
index 0000000000..b41d1e5962
--- /dev/null
+++ b/meta/recipes-extended/pam/libpam/0001-modules-pam_namespace-Makefile.am-correctly-install-.patch
@@ -0,0 +1,28 @@
+From e2db4082f6b988f1d5803028e9e47aee5f3519ac Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex.kanavin@gmail.com>
+Date: Sun, 27 Dec 2020 00:30:45 +0100
+Subject: [PATCH] modules/pam_namespace/Makefile.am: correctly install systemd
+ unit file
+
+Upstream-Status: Pending
+Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+---
+ modules/pam_namespace/Makefile.am | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/modules/pam_namespace/Makefile.am b/modules/pam_namespace/Makefile.am
+index 21e1b33..ddd5fc0 100644
+--- a/modules/pam_namespace/Makefile.am
++++ b/modules/pam_namespace/Makefile.am
+@@ -18,7 +18,7 @@ TESTS = $(dist_check_SCRIPTS)
+ securelibdir = $(SECUREDIR)
+ secureconfdir = $(SCONFIGDIR)
+ namespaceddir = $(SCONFIGDIR)/namespace.d
+-servicedir = $(prefix)/lib/systemd/system
++servicedir = /lib/systemd/system
+
+ AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+ -DSECURECONF_DIR=\"$(SCONFIGDIR)/\" $(WARN_CFLAGS)
+--
+2.24.0
+
diff --git a/meta/recipes-extended/pam/libpam/crypt_configure.patch b/meta/recipes-extended/pam/libpam/crypt_configure.patch
deleted file mode 100644
index 917a8af64d..0000000000
--- a/meta/recipes-extended/pam/libpam/crypt_configure.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From b86575ab4a0df07da160283459da270e1c0372a0 Mon Sep 17 00:00:00 2001
-From: "Maxin B. John" <maxin.john@intel.com>
-Date: Tue, 24 May 2016 14:11:09 +0300
-Subject: [PATCH] crypt_configure
-
-This patch fixes a case where it find crypt defined in libc (musl) but
-not in specified libraries then it ends up assigning
-LIBCRYPT="-l" which then goes into makefile cause all sort of problems
-e.g.
-
-ld: cannot find -l-m32
-| collect2: error: ld returned 1 exit status
-The reason is that -l appears on commandline with
-out any library and compiler treats the next argument as library name
-whatever it is.
-
-Upstream-Status: Pending
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-Signed-off-by: Maxin B. John <maxin.john@intel.com>
----
- configure.ac | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index df39d07..e68d856 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -401,7 +401,7 @@ AS_IF([test "x$ac_cv_header_xcrypt_h" = "xyes"],
- [crypt_libs="crypt"])
-
- BACKUP_LIBS=$LIBS
--AC_SEARCH_LIBS([crypt],[$crypt_libs], LIBCRYPT="${ac_lib:+-l$ac_lib}", LIBCRYPT="")
-+AC_SEARCH_LIBS([crypt],[$crypt_libs], [test "$ac_cv_search_crypt" = "none required" || LIBCRYPT="$ac_cv_search_crypt"])
- AC_CHECK_FUNCS(crypt_r crypt_gensalt_r)
- LIBS=$BACKUP_LIBS
- AC_SUBST(LIBCRYPT)
---
-2.4.0
-
diff --git a/meta/recipes-extended/pam/libpam/pam-security-abstract-securetty-handling.patch b/meta/recipes-extended/pam/libpam/pam-security-abstract-securetty-handling.patch
deleted file mode 100644
index 9b8d4c2975..0000000000
--- a/meta/recipes-extended/pam/libpam/pam-security-abstract-securetty-handling.patch
+++ /dev/null
@@ -1,203 +0,0 @@
-Description: extract the securetty logic for use with the "nullok_secure" option
- introduced in the "055_pam_unix_nullok_secure" patch.
-
-Upstream-Status: Pending
-
-Signed-off-by: Ming Liu <ming.liu@windriver.com>
-===================================================================
-Index: Linux-PAM-1.3.0/modules/pam_securetty/Makefile.am
-===================================================================
---- Linux-PAM-1.3.0.orig/modules/pam_securetty/Makefile.am
-+++ Linux-PAM-1.3.0/modules/pam_securetty/Makefile.am
-@@ -24,6 +24,10 @@ endif
- securelib_LTLIBRARIES = pam_securetty.la
- pam_securetty_la_LIBADD = $(top_builddir)/libpam/libpam.la
-
-+pam_securetty_la_SOURCES = \
-+ pam_securetty.c \
-+ tty_secure.c
-+
- if ENABLE_REGENERATE_MAN
- noinst_DATA = README
- README: pam_securetty.8.xml
-Index: Linux-PAM-1.3.0/modules/pam_securetty/pam_securetty.c
-===================================================================
---- Linux-PAM-1.3.0.orig/modules/pam_securetty/pam_securetty.c
-+++ Linux-PAM-1.3.0/modules/pam_securetty/pam_securetty.c
-@@ -1,7 +1,5 @@
- /* pam_securetty module */
-
--#define SECURETTY_FILE "/etc/securetty"
--#define TTY_PREFIX "/dev/"
- #define CMDLINE_FILE "/proc/cmdline"
- #define CONSOLEACTIVE_FILE "/sys/class/tty/console/active"
-
-@@ -40,6 +38,9 @@
- #include <security/pam_modutil.h>
- #include <security/pam_ext.h>
-
-+extern int _pammodutil_tty_secure(const pam_handle_t *pamh,
-+ const char *uttyname);
-+
- #define PAM_DEBUG_ARG 0x0001
- #define PAM_NOCONSOLE_ARG 0x0002
-
-@@ -73,11 +74,7 @@ securetty_perform_check (pam_handle_t *p
- const char *username;
- const char *uttyname;
- const void *void_uttyname;
-- char ttyfileline[256];
-- char ptname[256];
-- struct stat ttyfileinfo;
- struct passwd *user_pwd;
-- FILE *ttyfile;
-
- /* log a trail for debugging */
- if (ctrl & PAM_DEBUG_ARG) {
-@@ -105,50 +102,7 @@ securetty_perform_check (pam_handle_t *p
- return PAM_SERVICE_ERR;
- }
-
-- /* The PAM_TTY item may be prefixed with "/dev/" - skip that */
-- if (strncmp(TTY_PREFIX, uttyname, sizeof(TTY_PREFIX)-1) == 0) {
-- uttyname += sizeof(TTY_PREFIX)-1;
-- }
--
-- if (stat(SECURETTY_FILE, &ttyfileinfo)) {
-- pam_syslog(pamh, LOG_NOTICE, "Couldn't open %s: %m", SECURETTY_FILE);
-- return PAM_SUCCESS; /* for compatibility with old securetty handling,
-- this needs to succeed. But we still log the
-- error. */
-- }
--
-- if ((ttyfileinfo.st_mode & S_IWOTH) || !S_ISREG(ttyfileinfo.st_mode)) {
-- /* If the file is world writable or is not a
-- normal file, return error */
-- pam_syslog(pamh, LOG_ERR,
-- "%s is either world writable or not a normal file",
-- SECURETTY_FILE);
-- return PAM_AUTH_ERR;
-- }
--
-- ttyfile = fopen(SECURETTY_FILE,"r");
-- if (ttyfile == NULL) { /* Check that we opened it successfully */
-- pam_syslog(pamh, LOG_ERR, "Error opening %s: %m", SECURETTY_FILE);
-- return PAM_SERVICE_ERR;
-- }
--
-- if (isdigit(uttyname[0])) {
-- snprintf(ptname, sizeof(ptname), "pts/%s", uttyname);
-- } else {
-- ptname[0] = '\0';
-- }
--
-- retval = 1;
--
-- while ((fgets(ttyfileline, sizeof(ttyfileline)-1, ttyfile) != NULL)
-- && retval) {
-- if (ttyfileline[strlen(ttyfileline) - 1] == '\n')
-- ttyfileline[strlen(ttyfileline) - 1] = '\0';
--
-- retval = ( strcmp(ttyfileline, uttyname)
-- && (!ptname[0] || strcmp(ptname, uttyname)) );
-- }
-- fclose(ttyfile);
-+ retval = _pammodutil_tty_secure(pamh, uttyname);
-
- if (retval && !(ctrl & PAM_NOCONSOLE_ARG)) {
- FILE *cmdlinefile;
-Index: Linux-PAM-1.3.0/modules/pam_securetty/tty_secure.c
-===================================================================
---- /dev/null
-+++ Linux-PAM-1.3.0/modules/pam_securetty/tty_secure.c
-@@ -0,0 +1,90 @@
-+/*
-+ * A function to determine if a particular line is in /etc/securetty
-+ */
-+
-+
-+#define SECURETTY_FILE "/etc/securetty"
-+#define TTY_PREFIX "/dev/"
-+
-+/* This function taken out of pam_securetty by Sam Hartman
-+ * <hartmans@debian.org>*/
-+/*
-+ * by Elliot Lee <sopwith@redhat.com>, Red Hat Software.
-+ * July 25, 1996.
-+ * Slight modifications AGM. 1996/12/3
-+ */
-+
-+#include <unistd.h>
-+#include <sys/types.h>
-+#include <sys/stat.h>
-+#include <security/pam_modules.h>
-+#include <stdarg.h>
-+#include <syslog.h>
-+#include <sys/syslog.h>
-+#include <stdio.h>
-+#include <string.h>
-+#include <stdlib.h>
-+#include <ctype.h>
-+#include <security/pam_modutil.h>
-+#include <security/pam_ext.h>
-+
-+extern int _pammodutil_tty_secure(const pam_handle_t *pamh,
-+ const char *uttyname);
-+
-+int _pammodutil_tty_secure(const pam_handle_t *pamh, const char *uttyname)
-+{
-+ int retval = PAM_AUTH_ERR;
-+ char ttyfileline[256];
-+ char ptname[256];
-+ struct stat ttyfileinfo;
-+ FILE *ttyfile;
-+ /* The PAM_TTY item may be prefixed with "/dev/" - skip that */
-+ if (strncmp(TTY_PREFIX, uttyname, sizeof(TTY_PREFIX)-1) == 0)
-+ uttyname += sizeof(TTY_PREFIX)-1;
-+
-+ if (stat(SECURETTY_FILE, &ttyfileinfo)) {
-+ pam_syslog(pamh, LOG_NOTICE, "Couldn't open %s: %m",
-+ SECURETTY_FILE);
-+ return PAM_SUCCESS; /* for compatibility with old securetty handling,
-+ this needs to succeed. But we still log the
-+ error. */
-+ }
-+
-+ if ((ttyfileinfo.st_mode & S_IWOTH) || !S_ISREG(ttyfileinfo.st_mode)) {
-+ /* If the file is world writable or is not a
-+ normal file, return error */
-+ pam_syslog(pamh, LOG_ERR,
-+ "%s is either world writable or not a normal file",
-+ SECURETTY_FILE);
-+ return PAM_AUTH_ERR;
-+ }
-+
-+ ttyfile = fopen(SECURETTY_FILE,"r");
-+ if(ttyfile == NULL) { /* Check that we opened it successfully */
-+ pam_syslog(pamh, LOG_ERR, "Error opening %s: %m", SECURETTY_FILE);
-+ return PAM_SERVICE_ERR;
-+ }
-+
-+ if (isdigit(uttyname[0])) {
-+ snprintf(ptname, sizeof(ptname), "pts/%s", uttyname);
-+ } else {
-+ ptname[0] = '\0';
-+ }
-+
-+ retval = 1;
-+
-+ while ((fgets(ttyfileline,sizeof(ttyfileline)-1, ttyfile) != NULL)
-+ && retval) {
-+ if(ttyfileline[strlen(ttyfileline) - 1] == '\n')
-+ ttyfileline[strlen(ttyfileline) - 1] = '\0';
-+ retval = ( strcmp(ttyfileline,uttyname)
-+ && (!ptname[0] || strcmp(ptname, uttyname)) );
-+ }
-+ fclose(ttyfile);
-+
-+ if(retval) {
-+ retval = PAM_AUTH_ERR;
-+ }
-+
-+ return retval;
-+}
diff --git a/meta/recipes-extended/pam/libpam/pam-unix-nullok-secure.patch b/meta/recipes-extended/pam/libpam/pam-unix-nullok-secure.patch
deleted file mode 100644
index d2cc66882e..0000000000
--- a/meta/recipes-extended/pam/libpam/pam-unix-nullok-secure.patch
+++ /dev/null
@@ -1,195 +0,0 @@
-From b6545b83f94c5fb7aec1478b8d458a1393f479c8 Mon Sep 17 00:00:00 2001
-From: "Maxin B. John" <maxin.john@intel.com>
-Date: Wed, 25 May 2016 14:12:25 +0300
-Subject: [PATCH] pam_unix: support 'nullok_secure' option
-
-Debian patch to add a new 'nullok_secure' option to pam_unix,
-which accepts users with null passwords only when the applicant is
-connected from a tty listed in /etc/securetty.
-
-Authors: Sam Hartman <hartmans@debian.org>,
- Steve Langasek <vorlon@debian.org>
-
-Upstream-Status: Pending
-
-Signed-off-by: Ming Liu <ming.liu@windriver.com>
-Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com>
-Signed-off-by: Maxin B. John <maxin.john@intel.com>
----
- modules/pam_unix/Makefile.am | 3 ++-
- modules/pam_unix/pam_unix.8.xml | 19 ++++++++++++++++++-
- modules/pam_unix/support.c | 40 +++++++++++++++++++++++++++++++++++-----
- modules/pam_unix/support.h | 8 ++++++--
- 4 files changed, 61 insertions(+), 9 deletions(-)
-
-diff --git a/modules/pam_unix/Makefile.am b/modules/pam_unix/Makefile.am
-index 56df178..2bba460 100644
---- a/modules/pam_unix/Makefile.am
-+++ b/modules/pam_unix/Makefile.am
-@@ -30,7 +30,8 @@ if HAVE_VERSIONING
- pam_unix_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
- endif
- pam_unix_la_LIBADD = $(top_builddir)/libpam/libpam.la \
-- @LIBCRYPT@ @LIBSELINUX@ @TIRPC_LIBS@ @NSL_LIBS@
-+ @LIBCRYPT@ @LIBSELINUX@ @TIRPC_LIBS@ @NSL_LIBS@ \
-+ ../pam_securetty/tty_secure.lo
-
- securelib_LTLIBRARIES = pam_unix.la
-
-diff --git a/modules/pam_unix/pam_unix.8.xml b/modules/pam_unix/pam_unix.8.xml
-index 1b318f1..be0330e 100644
---- a/modules/pam_unix/pam_unix.8.xml
-+++ b/modules/pam_unix/pam_unix.8.xml
-@@ -159,7 +159,24 @@
- <para>
- The default action of this module is to not permit the
- user access to a service if their official password is blank.
-- The <option>nullok</option> argument overrides this default.
-+ The <option>nullok</option> argument overrides this default
-+ and allows any user with a blank password to access the
-+ service.
-+ </para>
-+ </listitem>
-+ </varlistentry>
-+ <varlistentry>
-+ <term>
-+ <option>nullok_secure</option>
-+ </term>
-+ <listitem>
-+ <para>
-+ The default action of this module is to not permit the
-+ user access to a service if their official password is blank.
-+ The <option>nullok_secure</option> argument overrides this
-+ default and allows any user with a blank password to access
-+ the service as long as the value of PAM_TTY is set to one of
-+ the values found in /etc/securetty.
- </para>
- </listitem>
- </varlistentry>
-diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
-index fc8595e..29e3341 100644
---- a/modules/pam_unix/support.c
-+++ b/modules/pam_unix/support.c
-@@ -183,13 +183,22 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds,
- /* now parse the arguments to this module */
-
- for (; argc-- > 0; ++argv) {
-+ int sl;
-
- D(("pam_unix arg: %s", *argv));
-
- for (j = 0; j < UNIX_CTRLS_; ++j) {
-- if (unix_args[j].token
-- && !strncmp(*argv, unix_args[j].token, strlen(unix_args[j].token))) {
-- break;
-+ if (unix_args[j].token) {
-+ sl = strlen(unix_args[j].token);
-+ if (unix_args[j].token[sl-1] == '=') {
-+ /* exclude argument from comparison */
-+ if (!strncmp(*argv, unix_args[j].token, sl))
-+ break;
-+ } else {
-+ /* compare full strings */
-+ if (!strcmp(*argv, unix_args[j].token))
-+ break;
-+ }
- }
- }
-
-@@ -560,6 +569,7 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd,
- if (child == 0) {
- static char *envp[] = { NULL };
- const char *args[] = { NULL, NULL, NULL, NULL };
-+ int nullok = off(UNIX__NONULL, ctrl);
-
- /* XXX - should really tidy up PAM here too */
-
-@@ -587,7 +597,16 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd,
- /* exec binary helper */
- args[0] = CHKPWD_HELPER;
- args[1] = user;
-- if (off(UNIX__NONULL, ctrl)) { /* this means we've succeeded */
-+ if (on(UNIX_NULLOK_SECURE, ctrl)) {
-+ const void *uttyname;
-+ retval = pam_get_item(pamh, PAM_TTY, &uttyname);
-+ if (retval != PAM_SUCCESS || uttyname == NULL
-+ || _pammodutil_tty_secure(pamh, (const char *)uttyname) != PAM_SUCCESS) {
-+ nullok = 0;
-+ }
-+ }
-+
-+ if (nullok) {
- args[2]="nullok";
- } else {
- args[2]="nonull";
-@@ -672,6 +691,17 @@ _unix_blankpasswd (pam_handle_t *pamh, unsigned int ctrl, const char *name)
- if (on(UNIX__NONULL, ctrl))
- return 0; /* will fail but don't let on yet */
-
-+ if (on(UNIX_NULLOK_SECURE, ctrl)) {
-+ int retval2;
-+ const void *uttyname;
-+ retval2 = pam_get_item(pamh, PAM_TTY, &uttyname);
-+ if (retval2 != PAM_SUCCESS || uttyname == NULL)
-+ return 0;
-+
-+ if (_pammodutil_tty_secure(pamh, (const char *)uttyname) != PAM_SUCCESS)
-+ return 0;
-+ }
-+
- /* UNIX passwords area */
-
- retval = get_pwd_hash(pamh, name, &pwd, &salt);
-@@ -758,7 +788,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
- }
- }
- } else {
-- retval = verify_pwd_hash(p, salt, off(UNIX__NONULL, ctrl));
-+ retval = verify_pwd_hash(p, salt, _unix_blankpasswd(pamh, ctrl, name));
- }
-
- if (retval == PAM_SUCCESS) {
-diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h
-index b4c279c..8da4a8e 100644
---- a/modules/pam_unix/support.h
-+++ b/modules/pam_unix/support.h
-@@ -98,8 +98,9 @@ typedef struct {
- #define UNIX_QUIET 28 /* Don't print informational messages */
- #define UNIX_NO_PASS_EXPIRY 29 /* Don't check for password expiration if not used for authentication */
- #define UNIX_DES 30 /* DES, default */
-+#define UNIX_NULLOK_SECURE 31 /* NULL passwords allowed only on secure ttys */
- /* -------------- */
--#define UNIX_CTRLS_ 31 /* number of ctrl arguments defined */
-+#define UNIX_CTRLS_ 32 /* number of ctrl arguments defined */
-
- #define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl))
-
-@@ -117,7 +118,7 @@ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] =
- /* UNIX_AUTHTOK_TYPE */ {"authtok_type=", _ALL_ON_, 0100, 0},
- /* UNIX__PRELIM */ {NULL, _ALL_ON_^(0600), 0200, 0},
- /* UNIX__UPDATE */ {NULL, _ALL_ON_^(0600), 0400, 0},
--/* UNIX__NONULL */ {NULL, _ALL_ON_, 01000, 0},
-+/* UNIX__NONULL */ {NULL, _ALL_ON_^(02000000000), 01000, 0},
- /* UNIX__QUIET */ {NULL, _ALL_ON_, 02000, 0},
- /* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 04000, 0},
- /* UNIX_SHADOW */ {"shadow", _ALL_ON_, 010000, 0},
-@@ -139,6 +140,7 @@ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] =
- /* UNIX_QUIET */ {"quiet", _ALL_ON_, 01000000000, 0},
- /* UNIX_NO_PASS_EXPIRY */ {"no_pass_expiry", _ALL_ON_, 02000000000, 0},
- /* UNIX_DES */ {"des", _ALL_ON_^(0260420000), 0, 1},
-+/* UNIX_NULLOK_SECURE */ {"nullok_secure", _ALL_ON_^(01000), 02000000000, 0},
- };
-
- #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag)
-@@ -172,6 +174,8 @@ extern int _unix_read_password(pam_handle_t * pamh
- ,const char *data_name
- ,const void **pass);
-
-+extern int _pammodutil_tty_secure(const pam_handle_t *pamh, const char *uttyname);
-+
- extern int _unix_run_verify_binary(pam_handle_t *pamh,
- unsigned int ctrl, const char *user, int *daysleft);
- #endif /* _PAM_UNIX_SUPPORT_H */
---
-2.4.0
-
diff --git a/meta/recipes-extended/pam/libpam_1.3.1.bb b/meta/recipes-extended/pam/libpam_1.5.1.bb
similarity index 93%
rename from meta/recipes-extended/pam/libpam_1.3.1.bb
rename to meta/recipes-extended/pam/libpam_1.5.1.bb
index bc72afe6ad..6af1d43c60 100644
--- a/meta/recipes-extended/pam/libpam_1.3.1.bb
+++ b/meta/recipes-extended/pam/libpam_1.5.1.bb
@@ -21,13 +21,10 @@ SRC_URI = "https://github.com/linux-pam/linux-pam/releases/download/v${PV}/Linux
file://pam.d/common-session-noninteractive \
file://pam.d/other \
file://libpam-xtests.patch \
- file://pam-security-abstract-securetty-handling.patch \
- file://pam-unix-nullok-secure.patch \
- file://crypt_configure.patch \
- "
+ file://0001-modules-pam_namespace-Makefile.am-correctly-install-.patch \
+ "
-SRC_URI[md5sum] = "558ff53b0fc0563ca97f79e911822165"
-SRC_URI[sha256sum] = "eff47a4ecd833fbf18de9686632a70ee8d0794b79aecb217ebd0ce11db4cd0db"
+SRC_URI[sha256sum] = "201d40730b1135b1b3cdea09f2c28ac634d73181ccd0172ceddee3649c5792fc"
SRC_URI_append_libc-musl = " file://0001-Add-support-for-defining-missing-funcitonality.patch \
file://include_paths_header.patch \
@@ -39,13 +36,14 @@ EXTRA_OECONF = "--includedir=${includedir}/security \
--libdir=${base_libdir} \
--disable-nis \
--disable-regenerate-docu \
+ --disable-doc \
--disable-prelude"
CFLAGS_append = " -fPIC "
S = "${WORKDIR}/Linux-PAM-${PV}"
-inherit autotools gettext pkgconfig
+inherit autotools gettext pkgconfig systemd
PACKAGECONFIG ??= ""
PACKAGECONFIG[audit] = "--enable-audit,--disable-audit,audit,"
@@ -54,7 +52,7 @@ PACKAGECONFIG[userdb] = "--enable-db=db,--enable-db=no,db,"
PACKAGES += "${PN}-runtime ${PN}-xtests"
FILES_${PN} = "${base_libdir}/lib*${SOLIBS}"
FILES_${PN}-dev += "${base_libdir}/security/*.la ${base_libdir}/*.la ${base_libdir}/lib*${SOLIBSDEV}"
-FILES_${PN}-runtime = "${sysconfdir}"
+FILES_${PN}-runtime = "${sysconfdir} ${sbindir} ${systemd_system_unitdir}"
FILES_${PN}-xtests = "${datadir}/Linux-PAM/xtests"
PACKAGES_DYNAMIC += "^${MLPREFIX}pam-plugin-.*"
@@ -77,11 +75,10 @@ RDEPENDS_${PN}-runtime = "${PN}-${libpam_suffix} \
RDEPENDS_${PN}-xtests = "${PN}-${libpam_suffix} \
${MLPREFIX}pam-plugin-access-${libpam_suffix} \
${MLPREFIX}pam-plugin-debug-${libpam_suffix} \
- ${MLPREFIX}pam-plugin-cracklib-${libpam_suffix} \
${MLPREFIX}pam-plugin-pwhistory-${libpam_suffix} \
${MLPREFIX}pam-plugin-succeed-if-${libpam_suffix} \
${MLPREFIX}pam-plugin-time-${libpam_suffix} \
- coreutils"
+ bash coreutils"
# FIXME: Native suffix breaks here, disable it for now
RRECOMMENDS_${PN} = "${PN}-runtime-${libpam_suffix}"
--
2.29.2
next prev parent reply other threads:[~2020-12-28 20:04 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-28 20:04 [PATCH 01/22] devtool: gitsm:// should be handled same as git:// in upgrades Alexander Kanavin
2020-12-28 20:04 ` [PATCH 02/22] ovmf: upgrade 202008 -> 202011 Alexander Kanavin
2020-12-28 20:04 ` [PATCH 03/22] libksba: update 1.4.0 -> 1.5.0 Alexander Kanavin
2020-12-28 20:04 ` [PATCH 04/22] libjitterentropy: update 2.2.0 -> 3.0.0 Alexander Kanavin
2020-12-28 20:04 ` [PATCH 05/22] icu: update 68.1 -> 68.2 Alexander Kanavin
2020-12-28 20:04 ` [PATCH 06/22] gnutls: update 3.6.15 -> 3.7.0 Alexander Kanavin
2020-12-28 20:04 ` [PATCH 07/22] gnupg: update 2.2.23 -> 2.2.26 Alexander Kanavin
2020-12-28 20:04 ` [PATCH 08/22] boost: update 1.74.0 -> 1.75.0 Alexander Kanavin
2020-12-28 20:04 ` [PATCH 09/22] kexec-tools: update 2.0.20 -> 2.0.21 Alexander Kanavin
2020-12-28 20:04 ` [PATCH 10/22] vulkan-samples: update to latest revision Alexander Kanavin
2020-12-28 20:04 ` Alexander Kanavin [this message]
2020-12-28 20:04 ` [PATCH 12/22] autotools.bbclass: make it possible to inhibit m4 deletion Alexander Kanavin
2020-12-28 20:04 ` [PATCH 13/22] bash: update 5.0 -> 5.1 Alexander Kanavin
2021-01-07 17:57 ` [OE-core] " Richard Purdie
2021-01-07 18:43 ` Joshua Watt
2021-01-07 19:07 ` Otavio Salvador
2021-01-07 19:10 ` Alexander Kanavin
2021-01-07 21:55 ` Richard Purdie
2020-12-28 20:04 ` [PATCH 14/22] strace: update 5.9 -> 5.10 Alexander Kanavin
2020-12-28 20:04 ` [PATCH 15/22] python3-pytest: update 6.1.2 -> 6.2.1 Alexander Kanavin
2020-12-28 20:04 ` [PATCH 16/22] mtools: update 4.0.25 -> 4.0.26 Alexander Kanavin
2020-12-28 20:04 ` [PATCH 17/22] gnu-config: update to latest revision Alexander Kanavin
2020-12-28 20:04 ` [PATCH 18/22] cmake: update 3.18.4 -> 3.19.2 Alexander Kanavin
2020-12-28 20:04 ` [PATCH 19/22] ccache: upgrade 3.7.11 -> 4.1 Alexander Kanavin
2020-12-28 20:04 ` [PATCH 20/22] ccache.bbclass: use ccache from host distribution Alexander Kanavin
2020-12-28 20:04 ` [PATCH 21/22] runtime_test.py: correct output check for bash 5.1 Alexander Kanavin
2020-12-28 20:04 ` [PATCH 22/22] gawk: add missing ptest dependency Alexander Kanavin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201228200436.78130-11-alex.kanavin@gmail.com \
--to=alex.kanavin@gmail.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.