Openembedded Core Discussions
 help / color / mirror / Atom feed
* [OE-core][PATCH v1] util-linux: backport pam_lastlog2 libpam linking fix
@ 2026-06-25  9:02 Siva Balasubramanian
  2026-06-25 12:55 ` Mathieu Dubois-Briand
                   ` (2 more replies)
  0 siblings, 3 replies; 8+ messages in thread
From: Siva Balasubramanian @ 2026-06-25  9:02 UTC (permalink / raw)
  To: openembedded-core; +Cc: Chen Qi

pam_lastlog2.so uses pam_syslog() and other libpam symbols but the
autotools build did not link the module against libpam. With the
linker default of --as-needed, libpam was discarded and did not end
up in the module's ELF NEEDED entries. The module then fails to load
via dlopen() in processes that do not themselves link libpam (e.g.
systemd on recent Fedora, or weston on journald-based systems without
syslog):

  PAM unable to dlopen(/usr/lib/security/pam_lastlog2.so): undefined symbol: pam_syslog
  PAM adding faulty module: /usr/lib/security/pam_lastlog2.so

Backport the upstream fix (in 2.41.5) that moves -lpam into LIBADD so
it is placed after the object files and retained as a NEEDED entry.
Against 2.41.3 only the LIBADD line needs changing.

[YOCTO #16320]

Signed-off-by: Siva Balasubramanian <sivakumar.bs@gmail.com>
---
Verified by building util-linux with pam in DISTRO_FEATURES (qemux86-64):
without the patch the resulting pam_lastlog2.so has no libpam in its ELF
NEEDED entries; with the patch readelf -d reports libpam.so.0, matching
the upstream fix and resolving the dlopen() failure from the bug report.

This is also a candidate for the stable 6.0.x branch (per the bug
report), which also ships util-linux 2.41.3; the same single-hunk
backport applies.

 meta/recipes-core/util-linux/util-linux.inc   |  1 +
 ...ix-libpam-linking-in-autotools-build.patch | 51 +++++++++++++++++++
 2 files changed, 52 insertions(+)
 create mode 100644 meta/recipes-core/util-linux/util-linux/0001-pam_lastlog2-fix-libpam-linking-in-autotools-build.patch

diff --git a/meta/recipes-core/util-linux/util-linux.inc b/meta/recipes-core/util-linux/util-linux.inc
index 0235862666..3cdc1e2c0f 100644
--- a/meta/recipes-core/util-linux/util-linux.inc
+++ b/meta/recipes-core/util-linux/util-linux.inc
@@ -21,6 +21,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/util-linux/v${MAJOR_VERSION}/util-lin
            file://0001-ts-kill-decode-use-RTMIN-from-kill-L-instead-of-hard.patch \
            file://0001-tests-script-Disable-size-option-test.patch \
            file://0001-loopdev-add-LOOPDEV_FL_NOFOLLOW-to-prevent-symlink-a.patch \
+           file://0001-pam_lastlog2-fix-libpam-linking-in-autotools-build.patch \
            "
 
 SRC_URI[sha256sum] = "3330d873f0fceb5560b89a7dc14e4f3288bbd880e96903ed9b50ec2b5799e58b"
diff --git a/meta/recipes-core/util-linux/util-linux/0001-pam_lastlog2-fix-libpam-linking-in-autotools-build.patch b/meta/recipes-core/util-linux/util-linux/0001-pam_lastlog2-fix-libpam-linking-in-autotools-build.patch
new file mode 100644
index 0000000000..9aaa56e7b4
--- /dev/null
+++ b/meta/recipes-core/util-linux/util-linux/0001-pam_lastlog2-fix-libpam-linking-in-autotools-build.patch
@@ -0,0 +1,51 @@
+From c8d0af0421f6491ab1cb2301d2e197315289d34c Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Tue, 19 May 2026 10:54:57 +0200
+Subject: [PATCH] pam_lastlog2: fix libpam linking in autotools build
+
+The pam_lastlog2 module uses pam_syslog() and other libpam symbols but
+the autotools build did not link the module against libpam. With the
+linker default of --as-needed (and -lpam previously only in LDFLAGS,
+before the object files), libpam was discarded and did not appear in the
+module's ELF NEEDED entries.
+
+The module then fails to load with dlopen() if the calling process does
+not itself link against libpam (e.g. systemd on recent Fedora, or weston
+on journald-based systems without syslog):
+
+  PAM unable to dlopen(/usr/lib/security/pam_lastlog2.so): undefined symbol: pam_syslog
+  PAM adding faulty module: /usr/lib/security/pam_lastlog2.so
+
+Move -lpam into pam_lastlog2_la_LIBADD so it is placed after the object
+files on the link line and is retained in the NEEDED entries. The meson
+build already links libpam correctly via cc.find_library('pam').
+
+Note for this backport: against 2.41.3 only the LIBADD line needs to
+change. The upstream commit also removes -lpam from LDFLAGS, but that
+LDFLAGS reference was added after 2.41.3 and is not present here, so the
+net change is the single LIBADD hunk below.
+
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2453457
+
+Upstream-Status: Backport [https://github.com/util-linux/util-linux/commit/c8d0af0421f6491ab1cb2301d2e197315289d34c]
+Signed-off-by: Karel Zak <kzak@redhat.com>
+Signed-off-by: Siva Balasubramanian <sivakumar.bs@gmail.com>
+---
+ pam_lastlog2/src/Makemodule.am | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/pam_lastlog2/src/Makemodule.am b/pam_lastlog2/src/Makemodule.am
+index 40d597c58..876171e9f 100644
+--- a/pam_lastlog2/src/Makemodule.am
++++ b/pam_lastlog2/src/Makemodule.am
+@@ -11,7 +11,7 @@ pam_lastlog2_la_CFLAGS = \
+ 	 $(SOLIB_CFLAGS) \
+ 	 -I$(ul_liblastlog2_incdir)
+
+-pam_lastlog2_la_LIBADD = liblastlog2.la
++pam_lastlog2_la_LIBADD = liblastlog2.la -lpam
+
+ pam_lastlog2_la_LDFLAGS = $(SOLIB_LDFLAGS) -module -avoid-version -shared
+ if HAVE_VSCRIPT
+--
+2.43.0
-- 
2.34.1



^ permalink raw reply related	[flat|nested] 8+ messages in thread

* Re: [OE-core][PATCH v1] util-linux: backport pam_lastlog2 libpam linking fix
  2026-06-25  9:02 [OE-core][PATCH v1] util-linux: backport pam_lastlog2 libpam linking fix Siva Balasubramanian
@ 2026-06-25 12:55 ` Mathieu Dubois-Briand
  2026-06-25 15:06   ` Siva Kumar Balasubramanian
  2026-07-06  6:30 ` [OE-core][wrynose][PATCH v2] " Siva Balasubramanian
  2026-07-06 11:55 ` [OE-core][wrynose][PATCH] util-linux: upgrade 2.41.3 -> 2.41.5 Siva Balasubramanian
  2 siblings, 1 reply; 8+ messages in thread
From: Mathieu Dubois-Briand @ 2026-06-25 12:55 UTC (permalink / raw)
  To: sivakumar.bs, openembedded-core; +Cc: Chen Qi

On Thu Jun 25, 2026 at 11:02 AM CEST, Siva Balasubramanian via lists.openembedded.org wrote:
> pam_lastlog2.so uses pam_syslog() and other libpam symbols but the
> autotools build did not link the module against libpam. With the
> linker default of --as-needed, libpam was discarded and did not end
> up in the module's ELF NEEDED entries. The module then fails to load
> via dlopen() in processes that do not themselves link libpam (e.g.
> systemd on recent Fedora, or weston on journald-based systems without
> syslog):
>
>   PAM unable to dlopen(/usr/lib/security/pam_lastlog2.so): undefined symbol: pam_syslog
>   PAM adding faulty module: /usr/lib/security/pam_lastlog2.so
>
> Backport the upstream fix (in 2.41.5) that moves -lpam into LIBADD so
> it is placed after the object files and retained as a NEEDED entry.
> Against 2.41.3 only the LIBADD line needs changing.
>
> [YOCTO #16320]
>
> Signed-off-by: Siva Balasubramanian <sivakumar.bs@gmail.com>
> ---
> Verified by building util-linux with pam in DISTRO_FEATURES (qemux86-64):
> without the patch the resulting pam_lastlog2.so has no libpam in its ELF
> NEEDED entries; with the patch readelf -d reports libpam.so.0, matching
> the upstream fix and resolving the dlopen() failure from the bug report.
>
> This is also a candidate for the stable 6.0.x branch (per the bug
> report), which also ships util-linux 2.41.3; the same single-hunk
> backport applies.

Hi Siva,

Thanks for the patch.

We already have a pending patch for master, upgrading to 2.42.2 [1]. So
I believe this patch won't be needed for master. It probably still makes
sense for stable branches.

[1]: https://lore.kernel.org/openembedded-core/20260619083305.3505156-2-alex.kanavin@gmail.com/

Thanks,
Mathieu

-- 
Mathieu Dubois-Briand, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com



^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [OE-core][PATCH v1] util-linux: backport pam_lastlog2 libpam linking fix
  2026-06-25 12:55 ` Mathieu Dubois-Briand
@ 2026-06-25 15:06   ` Siva Kumar Balasubramanian
  0 siblings, 0 replies; 8+ messages in thread
From: Siva Kumar Balasubramanian @ 2026-06-25 15:06 UTC (permalink / raw)
  To: Mathieu Dubois-Briand; +Cc: openembedded-core, Chen Qi

[-- Attachment #1: Type: text/plain, Size: 2433 bytes --]

Hi Mathieu,

Sent a [wrynose][PATCH] version targeting that branch:

https://patchwork.yoctoproject.org/project/oe-core/patch/20260625150015.2832246-1-sivakumar.bs@gmail.com/

Same fix, verified the same way (readelf -d / dlopen test) since wrynose is
still on util-linux 2.41.3, same as master.

Thanks,
Siva

On Thu, Jun 25, 2026 at 6:25 PM Mathieu Dubois-Briand <
mathieu.dubois-briand@bootlin.com> wrote:

> On Thu Jun 25, 2026 at 11:02 AM CEST, Siva Balasubramanian via
> lists.openembedded.org wrote:
> > pam_lastlog2.so uses pam_syslog() and other libpam symbols but the
> > autotools build did not link the module against libpam. With the
> > linker default of --as-needed, libpam was discarded and did not end
> > up in the module's ELF NEEDED entries. The module then fails to load
> > via dlopen() in processes that do not themselves link libpam (e.g.
> > systemd on recent Fedora, or weston on journald-based systems without
> > syslog):
> >
> >   PAM unable to dlopen(/usr/lib/security/pam_lastlog2.so): undefined
> symbol: pam_syslog
> >   PAM adding faulty module: /usr/lib/security/pam_lastlog2.so
> >
> > Backport the upstream fix (in 2.41.5) that moves -lpam into LIBADD so
> > it is placed after the object files and retained as a NEEDED entry.
> > Against 2.41.3 only the LIBADD line needs changing.
> >
> > [YOCTO #16320]
> >
> > Signed-off-by: Siva Balasubramanian <sivakumar.bs@gmail.com>
> > ---
> > Verified by building util-linux with pam in DISTRO_FEATURES (qemux86-64):
> > without the patch the resulting pam_lastlog2.so has no libpam in its ELF
> > NEEDED entries; with the patch readelf -d reports libpam.so.0, matching
> > the upstream fix and resolving the dlopen() failure from the bug report.
> >
> > This is also a candidate for the stable 6.0.x branch (per the bug
> > report), which also ships util-linux 2.41.3; the same single-hunk
> > backport applies.
>
> Hi Siva,
>
> Thanks for the patch.
>
> We already have a pending patch for master, upgrading to 2.42.2 [1]. So
> I believe this patch won't be needed for master. It probably still makes
> sense for stable branches.
>
> [1]:
> https://lore.kernel.org/openembedded-core/20260619083305.3505156-2-alex.kanavin@gmail.com/
>
> Thanks,
> Mathieu
>
> --
> Mathieu Dubois-Briand, Bootlin
> Embedded Linux and Kernel engineering
> https://bootlin.com
>
>

-- 

Sivakumar B

[-- Attachment #2: Type: text/html, Size: 4417 bytes --]

^ permalink raw reply	[flat|nested] 8+ messages in thread

* [OE-core][wrynose][PATCH v2] util-linux: backport pam_lastlog2 libpam linking fix
  2026-06-25  9:02 [OE-core][PATCH v1] util-linux: backport pam_lastlog2 libpam linking fix Siva Balasubramanian
  2026-06-25 12:55 ` Mathieu Dubois-Briand
@ 2026-07-06  6:30 ` Siva Balasubramanian
  2026-07-06  9:31   ` Yoann Congal
  2026-07-06 11:55 ` [OE-core][wrynose][PATCH] util-linux: upgrade 2.41.3 -> 2.41.5 Siva Balasubramanian
  2 siblings, 1 reply; 8+ messages in thread
From: Siva Balasubramanian @ 2026-07-06  6:30 UTC (permalink / raw)
  To: openembedded-core; +Cc: Yoann Congal, Chen Qi, Siva Balasubramanian

pam_lastlog2.so uses pam_syslog() and other libpam symbols but the
autotools build did not link the module against libpam. With the
linker default of --as-needed, libpam was discarded and did not end
up in the module's ELF NEEDED entries. The module then fails to load
via dlopen() in processes that do not themselves link libpam (e.g.
systemd on recent Fedora, or weston on journald-based systems without
syslog):

  PAM unable to dlopen(/usr/lib/security/pam_lastlog2.so): undefined symbol: pam_syslog
  PAM adding faulty module: /usr/lib/security/pam_lastlog2.so

Backport the upstream fix (in 2.41.5) that moves -lpam into LIBADD so
it is placed after the object files and retained as a NEEDED entry.
Against 2.41.3 only the LIBADD line needs changing.

[YOCTO #16320]

Signed-off-by: Siva Balasubramanian <sivakumar.bs@gmail.com>
---
v2:
 - Preserve the upstream commit message verbatim in the backported
   patch and only append the backport info (Upstream-Status, dropped
   LDFLAGS hunk note), per review feedback from Yoann Congal.
 - Point Upstream-Status at the util-linux master commit
   5683ed6320e00205146cbb3d0c76462733530eca (PR #4358). It is also in
   the v2.41 stable branch as c8d0af0421f6 (released in 2.41.5) and is
   already present in 2.42.x, so this backport targets the wrynose
   branch (still on util-linux 2.41.3).
 - Retag the subject for the wrynose branch.

 meta/recipes-core/util-linux/util-linux.inc   |  1 +
 ...ix-libpam-linking-in-autotools-build.patch | 43 +++++++++++++++++++
 2 files changed, 44 insertions(+)
 create mode 100644 meta/recipes-core/util-linux/util-linux/0001-pam_lastlog2-fix-libpam-linking-in-autotools-build.patch

diff --git a/meta/recipes-core/util-linux/util-linux.inc b/meta/recipes-core/util-linux/util-linux.inc
index 0235862666..3cdc1e2c0f 100644
--- a/meta/recipes-core/util-linux/util-linux.inc
+++ b/meta/recipes-core/util-linux/util-linux.inc
@@ -21,6 +21,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/util-linux/v${MAJOR_VERSION}/util-lin
            file://0001-ts-kill-decode-use-RTMIN-from-kill-L-instead-of-hard.patch \
            file://0001-tests-script-Disable-size-option-test.patch \
            file://0001-loopdev-add-LOOPDEV_FL_NOFOLLOW-to-prevent-symlink-a.patch \
+           file://0001-pam_lastlog2-fix-libpam-linking-in-autotools-build.patch \
            "
 
 SRC_URI[sha256sum] = "3330d873f0fceb5560b89a7dc14e4f3288bbd880e96903ed9b50ec2b5799e58b"
diff --git a/meta/recipes-core/util-linux/util-linux/0001-pam_lastlog2-fix-libpam-linking-in-autotools-build.patch b/meta/recipes-core/util-linux/util-linux/0001-pam_lastlog2-fix-libpam-linking-in-autotools-build.patch
new file mode 100644
index 0000000000..90532dde7a
--- /dev/null
+++ b/meta/recipes-core/util-linux/util-linux/0001-pam_lastlog2-fix-libpam-linking-in-autotools-build.patch
@@ -0,0 +1,43 @@
+From 5683ed6320e00205146cbb3d0c76462733530eca Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Tue, 19 May 2026 10:54:57 +0200
+Subject: [PATCH] pam_lastlog2: fix libpam linking in autotools build
+
+Move -lpam from LDFLAGS to LIBADD. When -lpam is in LDFLAGS it
+appears on the linker command line before object files, so the
+--as-needed linker flag (default on Fedora) discards it before
+seeing any undefined PAM symbols. This results in pam_lastlog2.so
+missing libpam.so in its ELF NEEDED entries.
+
+The module then fails to load with dlopen() if the calling process
+does not itself link against libpam (e.g., systemd in Fedora 44+):
+
+  PAM unable to dlopen(pam_lastlog2.so): undefined symbol: pam_syslog
+
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2453457
+Signed-off-by: Karel Zak <kzak@redhat.com>
+
+Upstream-Status: Backport [https://github.com/util-linux/util-linux/commit/5683ed6320e00205146cbb3d0c76462733530eca]
+[Dropped the LDFLAGS hunk: the -lpam in LDFLAGS was introduced upstream
+ after 2.41.3 and is not present in this tree, so only the LIBADD hunk
+ applies here.]
+Signed-off-by: Siva Balasubramanian <sivakumar.bs@gmail.com>
+---
+ pam_lastlog2/src/Makemodule.am | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/pam_lastlog2/src/Makemodule.am b/pam_lastlog2/src/Makemodule.am
+index 40d597c58..876171e9f 100644
+--- a/pam_lastlog2/src/Makemodule.am
++++ b/pam_lastlog2/src/Makemodule.am
+@@ -11,7 +11,7 @@ pam_lastlog2_la_CFLAGS = \
+ 	 $(SOLIB_CFLAGS) \
+ 	 -I$(ul_liblastlog2_incdir)
+
+-pam_lastlog2_la_LIBADD = liblastlog2.la
++pam_lastlog2_la_LIBADD = liblastlog2.la -lpam
+
+ pam_lastlog2_la_LDFLAGS = $(SOLIB_LDFLAGS) -module -avoid-version -shared
+ if HAVE_VSCRIPT
+--
+2.43.0
-- 
2.34.1



^ permalink raw reply related	[flat|nested] 8+ messages in thread

* Re: [OE-core][wrynose][PATCH v2] util-linux: backport pam_lastlog2 libpam linking fix
  2026-07-06  6:30 ` [OE-core][wrynose][PATCH v2] " Siva Balasubramanian
@ 2026-07-06  9:31   ` Yoann Congal
  2026-07-06 10:56     ` Siva Kumar Balasubramanian
  0 siblings, 1 reply; 8+ messages in thread
From: Yoann Congal @ 2026-07-06  9:31 UTC (permalink / raw)
  To: Siva Balasubramanian, openembedded-core; +Cc: Chen Qi

On Mon Jul 6, 2026 at 8:30 AM CEST, Siva Balasubramanian wrote:
> pam_lastlog2.so uses pam_syslog() and other libpam symbols but the
> autotools build did not link the module against libpam. With the
> linker default of --as-needed, libpam was discarded and did not end
> up in the module's ELF NEEDED entries. The module then fails to load
> via dlopen() in processes that do not themselves link libpam (e.g.
> systemd on recent Fedora, or weston on journald-based systems without
> syslog):
>
>   PAM unable to dlopen(/usr/lib/security/pam_lastlog2.so): undefined symbol: pam_syslog
>   PAM adding faulty module: /usr/lib/security/pam_lastlog2.so
>
> Backport the upstream fix (in 2.41.5) that moves -lpam into LIBADD so
> it is placed after the object files and retained as a NEEDED entry.
> Against 2.41.3 only the LIBADD line needs changing.

Hello,

I quickly looked at util-linux v2.41.5 and it look like we can upgrade
instead of backporting:
https://github.com/util-linux/util-linux/compare/v2.41.3...v2.41.5

Could you check and, if you think that the upgrade complies with the
stable policy, send the upgrade?

Thanks!

>
> [YOCTO #16320]
>
> Signed-off-by: Siva Balasubramanian <sivakumar.bs@gmail.com>
> ---
> v2:
>  - Preserve the upstream commit message verbatim in the backported
>    patch and only append the backport info (Upstream-Status, dropped
>    LDFLAGS hunk note), per review feedback from Yoann Congal.
>  - Point Upstream-Status at the util-linux master commit
>    5683ed6320e00205146cbb3d0c76462733530eca (PR #4358). It is also in
>    the v2.41 stable branch as c8d0af0421f6 (released in 2.41.5) and is
>    already present in 2.42.x, so this backport targets the wrynose
>    branch (still on util-linux 2.41.3).
>  - Retag the subject for the wrynose branch.
>
>  meta/recipes-core/util-linux/util-linux.inc   |  1 +
>  ...ix-libpam-linking-in-autotools-build.patch | 43 +++++++++++++++++++
>  2 files changed, 44 insertions(+)
>  create mode 100644 meta/recipes-core/util-linux/util-linux/0001-pam_lastlog2-fix-libpam-linking-in-autotools-build.patch
>
> diff --git a/meta/recipes-core/util-linux/util-linux.inc b/meta/recipes-core/util-linux/util-linux.inc
> index 0235862666..3cdc1e2c0f 100644
> --- a/meta/recipes-core/util-linux/util-linux.inc
> +++ b/meta/recipes-core/util-linux/util-linux.inc
> @@ -21,6 +21,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/util-linux/v${MAJOR_VERSION}/util-lin
>             file://0001-ts-kill-decode-use-RTMIN-from-kill-L-instead-of-hard.patch \
>             file://0001-tests-script-Disable-size-option-test.patch \
>             file://0001-loopdev-add-LOOPDEV_FL_NOFOLLOW-to-prevent-symlink-a.patch \
> +           file://0001-pam_lastlog2-fix-libpam-linking-in-autotools-build.patch \
>             "
>  
>  SRC_URI[sha256sum] = "3330d873f0fceb5560b89a7dc14e4f3288bbd880e96903ed9b50ec2b5799e58b"
> diff --git a/meta/recipes-core/util-linux/util-linux/0001-pam_lastlog2-fix-libpam-linking-in-autotools-build.patch b/meta/recipes-core/util-linux/util-linux/0001-pam_lastlog2-fix-libpam-linking-in-autotools-build.patch
> new file mode 100644
> index 0000000000..90532dde7a
> --- /dev/null
> +++ b/meta/recipes-core/util-linux/util-linux/0001-pam_lastlog2-fix-libpam-linking-in-autotools-build.patch
> @@ -0,0 +1,43 @@
> +From 5683ed6320e00205146cbb3d0c76462733530eca Mon Sep 17 00:00:00 2001
> +From: Karel Zak <kzak@redhat.com>
> +Date: Tue, 19 May 2026 10:54:57 +0200
> +Subject: [PATCH] pam_lastlog2: fix libpam linking in autotools build
> +
> +Move -lpam from LDFLAGS to LIBADD. When -lpam is in LDFLAGS it
> +appears on the linker command line before object files, so the
> +--as-needed linker flag (default on Fedora) discards it before
> +seeing any undefined PAM symbols. This results in pam_lastlog2.so
> +missing libpam.so in its ELF NEEDED entries.
> +
> +The module then fails to load with dlopen() if the calling process
> +does not itself link against libpam (e.g., systemd in Fedora 44+):
> +
> +  PAM unable to dlopen(pam_lastlog2.so): undefined symbol: pam_syslog
> +
> +Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2453457
> +Signed-off-by: Karel Zak <kzak@redhat.com>
> +
> +Upstream-Status: Backport [https://github.com/util-linux/util-linux/commit/5683ed6320e00205146cbb3d0c76462733530eca]
> +[Dropped the LDFLAGS hunk: the -lpam in LDFLAGS was introduced upstream
> + after 2.41.3 and is not present in this tree, so only the LIBADD hunk
> + applies here.]
> +Signed-off-by: Siva Balasubramanian <sivakumar.bs@gmail.com>
> +---
> + pam_lastlog2/src/Makemodule.am | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/pam_lastlog2/src/Makemodule.am b/pam_lastlog2/src/Makemodule.am
> +index 40d597c58..876171e9f 100644
> +--- a/pam_lastlog2/src/Makemodule.am
> ++++ b/pam_lastlog2/src/Makemodule.am
> +@@ -11,7 +11,7 @@ pam_lastlog2_la_CFLAGS = \
> + 	 $(SOLIB_CFLAGS) \
> + 	 -I$(ul_liblastlog2_incdir)
> +
> +-pam_lastlog2_la_LIBADD = liblastlog2.la
> ++pam_lastlog2_la_LIBADD = liblastlog2.la -lpam
> +
> + pam_lastlog2_la_LDFLAGS = $(SOLIB_LDFLAGS) -module -avoid-version -shared
> + if HAVE_VSCRIPT
> +--
> +2.43.0


-- 
Yoann Congal
Smile ECS



^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [OE-core][wrynose][PATCH v2] util-linux: backport pam_lastlog2 libpam linking fix
  2026-07-06  9:31   ` Yoann Congal
@ 2026-07-06 10:56     ` Siva Kumar Balasubramanian
  2026-07-06 12:16       ` Yoann Congal
  0 siblings, 1 reply; 8+ messages in thread
From: Siva Kumar Balasubramanian @ 2026-07-06 10:56 UTC (permalink / raw)
  To: Yoann Congal; +Cc: openembedded-core, Chen Qi

Hello Yoann,

Good call, I checked and the upgrade does comply with the stable policy,
so I'll send it instead of the backport.

2.41.4 and 2.41.5 are point releases within the same 2.41 stable series
and carry only bug fixes and security fixes, no new features and no
API/ABI breaks. The v2.41.3...v2.41.5 range is mostly mount(8) TOCTOU /
symlink hardening (including CVE-2026-27456), a libblkid integer overflow
in parse_dos_extended() and a use-after-free in partition probing, plus
the pam_lastlog2 libpam linking fix that this bug was about
(c8d0af0421f6, in 2.41.5).

A nice side effect: the upgrade lets us drop two backports that wrynose
currently carries and that are now part of the release -
0001-loopdev-add-LOOPDEV_FL_NOFOLLOW-... (upstream f55f9906, in 2.41.4)
and the pam_lastlog2 backport from my v2.

I built util-linux with pam enabled on top of 2.41.5 and confirmed
pam_lastlog2.so now lists libpam.so.0 in its NEEDED entries, so
YOCTO #16320 is fixed.

I'll send the upgrade as a separate patch (this supersedes the
pam_lastlog2 backport v1/v2).

Thanks!
Siva

On Mon, Jul 6, 2026 at 3:01 PM Yoann Congal <yoann.congal@smile.fr> wrote:
>
> On Mon Jul 6, 2026 at 8:30 AM CEST, Siva Balasubramanian wrote:
> > pam_lastlog2.so uses pam_syslog() and other libpam symbols but the
> > autotools build did not link the module against libpam. With the
> > linker default of --as-needed, libpam was discarded and did not end
> > up in the module's ELF NEEDED entries. The module then fails to load
> > via dlopen() in processes that do not themselves link libpam (e.g.
> > systemd on recent Fedora, or weston on journald-based systems without
> > syslog):
> >
> >   PAM unable to dlopen(/usr/lib/security/pam_lastlog2.so): undefined symbol: pam_syslog
> >   PAM adding faulty module: /usr/lib/security/pam_lastlog2.so
> >
> > Backport the upstream fix (in 2.41.5) that moves -lpam into LIBADD so
> > it is placed after the object files and retained as a NEEDED entry.
> > Against 2.41.3 only the LIBADD line needs changing.
>
> Hello,
>
> I quickly looked at util-linux v2.41.5 and it look like we can upgrade
> instead of backporting:
> https://github.com/util-linux/util-linux/compare/v2.41.3...v2.41.5
>
> Could you check and, if you think that the upgrade complies with the
> stable policy, send the upgrade?
>
> Thanks!
>
> >
> > [YOCTO #16320]
> >
> > Signed-off-by: Siva Balasubramanian <sivakumar.bs@gmail.com>
> > ---
> > v2:
> >  - Preserve the upstream commit message verbatim in the backported
> >    patch and only append the backport info (Upstream-Status, dropped
> >    LDFLAGS hunk note), per review feedback from Yoann Congal.
> >  - Point Upstream-Status at the util-linux master commit
> >    5683ed6320e00205146cbb3d0c76462733530eca (PR #4358). It is also in
> >    the v2.41 stable branch as c8d0af0421f6 (released in 2.41.5) and is
> >    already present in 2.42.x, so this backport targets the wrynose
> >    branch (still on util-linux 2.41.3).
> >  - Retag the subject for the wrynose branch.
> >
> >  meta/recipes-core/util-linux/util-linux.inc   |  1 +
> >  ...ix-libpam-linking-in-autotools-build.patch | 43 +++++++++++++++++++
> >  2 files changed, 44 insertions(+)
> >  create mode 100644 meta/recipes-core/util-linux/util-linux/0001-pam_lastlog2-fix-libpam-linking-in-autotools-build.patch
> >
> > diff --git a/meta/recipes-core/util-linux/util-linux.inc b/meta/recipes-core/util-linux/util-linux.inc
> > index 0235862666..3cdc1e2c0f 100644
> > --- a/meta/recipes-core/util-linux/util-linux.inc
> > +++ b/meta/recipes-core/util-linux/util-linux.inc
> > @@ -21,6 +21,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/util-linux/v${MAJOR_VERSION}/util-lin
> >             file://0001-ts-kill-decode-use-RTMIN-from-kill-L-instead-of-hard.patch \
> >             file://0001-tests-script-Disable-size-option-test.patch \
> >             file://0001-loopdev-add-LOOPDEV_FL_NOFOLLOW-to-prevent-symlink-a.patch \
> > +           file://0001-pam_lastlog2-fix-libpam-linking-in-autotools-build.patch \
> >             "
> >
> >  SRC_URI[sha256sum] = "3330d873f0fceb5560b89a7dc14e4f3288bbd880e96903ed9b50ec2b5799e58b"
> > diff --git a/meta/recipes-core/util-linux/util-linux/0001-pam_lastlog2-fix-libpam-linking-in-autotools-build.patch b/meta/recipes-core/util-linux/util-linux/0001-pam_lastlog2-fix-libpam-linking-in-autotools-build.patch
> > new file mode 100644
> > index 0000000000..90532dde7a
> > --- /dev/null
> > +++ b/meta/recipes-core/util-linux/util-linux/0001-pam_lastlog2-fix-libpam-linking-in-autotools-build.patch
> > @@ -0,0 +1,43 @@
> > +From 5683ed6320e00205146cbb3d0c76462733530eca Mon Sep 17 00:00:00 2001
> > +From: Karel Zak <kzak@redhat.com>
> > +Date: Tue, 19 May 2026 10:54:57 +0200
> > +Subject: [PATCH] pam_lastlog2: fix libpam linking in autotools build
> > +
> > +Move -lpam from LDFLAGS to LIBADD. When -lpam is in LDFLAGS it
> > +appears on the linker command line before object files, so the
> > +--as-needed linker flag (default on Fedora) discards it before
> > +seeing any undefined PAM symbols. This results in pam_lastlog2.so
> > +missing libpam.so in its ELF NEEDED entries.
> > +
> > +The module then fails to load with dlopen() if the calling process
> > +does not itself link against libpam (e.g., systemd in Fedora 44+):
> > +
> > +  PAM unable to dlopen(pam_lastlog2.so): undefined symbol: pam_syslog
> > +
> > +Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2453457
> > +Signed-off-by: Karel Zak <kzak@redhat.com>
> > +
> > +Upstream-Status: Backport [https://github.com/util-linux/util-linux/commit/5683ed6320e00205146cbb3d0c76462733530eca]
> > +[Dropped the LDFLAGS hunk: the -lpam in LDFLAGS was introduced upstream
> > + after 2.41.3 and is not present in this tree, so only the LIBADD hunk
> > + applies here.]
> > +Signed-off-by: Siva Balasubramanian <sivakumar.bs@gmail.com>
> > +---
> > + pam_lastlog2/src/Makemodule.am | 2 +-
> > + 1 file changed, 1 insertion(+), 1 deletion(-)
> > +
> > +diff --git a/pam_lastlog2/src/Makemodule.am b/pam_lastlog2/src/Makemodule.am
> > +index 40d597c58..876171e9f 100644
> > +--- a/pam_lastlog2/src/Makemodule.am
> > ++++ b/pam_lastlog2/src/Makemodule.am
> > +@@ -11,7 +11,7 @@ pam_lastlog2_la_CFLAGS = \
> > +      $(SOLIB_CFLAGS) \
> > +      -I$(ul_liblastlog2_incdir)
> > +
> > +-pam_lastlog2_la_LIBADD = liblastlog2.la
> > ++pam_lastlog2_la_LIBADD = liblastlog2.la -lpam
> > +
> > + pam_lastlog2_la_LDFLAGS = $(SOLIB_LDFLAGS) -module -avoid-version -shared
> > + if HAVE_VSCRIPT
> > +--
> > +2.43.0
>
>
> --
> Yoann Congal
> Smile ECS
>


-- 

Sivakumar B


^ permalink raw reply	[flat|nested] 8+ messages in thread

* [OE-core][wrynose][PATCH] util-linux: upgrade 2.41.3 -> 2.41.5
  2026-06-25  9:02 [OE-core][PATCH v1] util-linux: backport pam_lastlog2 libpam linking fix Siva Balasubramanian
  2026-06-25 12:55 ` Mathieu Dubois-Briand
  2026-07-06  6:30 ` [OE-core][wrynose][PATCH v2] " Siva Balasubramanian
@ 2026-07-06 11:55 ` Siva Balasubramanian
  2 siblings, 0 replies; 8+ messages in thread
From: Siva Balasubramanian @ 2026-07-06 11:55 UTC (permalink / raw)
  To: openembedded-core; +Cc: Yoann Congal, Chen Qi, Siva Balasubramanian

2.41.4 and 2.41.5 are point releases in the same 2.41 stable series and
contain only bug fixes and security fixes (no new features, no API/ABI
breaks), so the upgrade complies with the stable branch policy.

Among the fixes pulled in:
 - Several mount(8) TOCTOU / symlink hardening fixes (incl. CVE-2026-27456)
 - libblkid integer overflow in parse_dos_extended() and a use-after-free
   in partition probing
 - pam_lastlog2: fix libpam linking in the autotools build so
   pam_lastlog2.so links against libpam (fixes the runtime "undefined
   symbol: pam_syslog" / dlopen failure) [YOCTO #16320]

Drop two backports that are now part of the release:
 - 0001-loopdev-add-LOOPDEV_FL_NOFOLLOW-to-prevent-symlink-a.patch
   (upstream f55f9906, released in 2.41.4)
 - the pam_lastlog2 libpam linking backport (upstream 5683ed6320e0,
   cherry-picked to the 2.41 stable branch as c8d0af0421f6, released in
   2.41.5)

Full changes: https://github.com/util-linux/util-linux/compare/v2.41.3...v2.41.5

Signed-off-by: Siva Balasubramanian <sivakumar.bs@gmail.com>
---
 ...2.41.3.bb => util-linux-libuuid_2.41.5.bb} |   0
 meta/recipes-core/util-linux/util-linux.inc   |   3 +-
 ...DEV_FL_NOFOLLOW-to-prevent-symlink-a.patch | 114 ------------------
 ...l-linux_2.41.3.bb => util-linux_2.41.5.bb} |   0
 4 files changed, 1 insertion(+), 116 deletions(-)
 rename meta/recipes-core/util-linux/{util-linux-libuuid_2.41.3.bb => util-linux-libuuid_2.41.5.bb} (100%)
 delete mode 100644 meta/recipes-core/util-linux/util-linux/0001-loopdev-add-LOOPDEV_FL_NOFOLLOW-to-prevent-symlink-a.patch
 rename meta/recipes-core/util-linux/{util-linux_2.41.3.bb => util-linux_2.41.5.bb} (100%)

diff --git a/meta/recipes-core/util-linux/util-linux-libuuid_2.41.3.bb b/meta/recipes-core/util-linux/util-linux-libuuid_2.41.5.bb
similarity index 100%
rename from meta/recipes-core/util-linux/util-linux-libuuid_2.41.3.bb
rename to meta/recipes-core/util-linux/util-linux-libuuid_2.41.5.bb
diff --git a/meta/recipes-core/util-linux/util-linux.inc b/meta/recipes-core/util-linux/util-linux.inc
index 0235862666..aec8721ca3 100644
--- a/meta/recipes-core/util-linux/util-linux.inc
+++ b/meta/recipes-core/util-linux/util-linux.inc
@@ -20,9 +20,8 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/util-linux/v${MAJOR_VERSION}/util-lin
            file://0001-lsfd-mkfds-foreign-sockets-skip-when-lacking-sock_di.patch \
            file://0001-ts-kill-decode-use-RTMIN-from-kill-L-instead-of-hard.patch \
            file://0001-tests-script-Disable-size-option-test.patch \
-           file://0001-loopdev-add-LOOPDEV_FL_NOFOLLOW-to-prevent-symlink-a.patch \
            "
 
-SRC_URI[sha256sum] = "3330d873f0fceb5560b89a7dc14e4f3288bbd880e96903ed9b50ec2b5799e58b"
+SRC_URI[sha256sum] = "f586e35d320ff537aab3ffeca37e9ecd482ccbe013590db4429a414d8aa6a728"
 
 CVE_PRODUCT = "util-linux"
diff --git a/meta/recipes-core/util-linux/util-linux/0001-loopdev-add-LOOPDEV_FL_NOFOLLOW-to-prevent-symlink-a.patch b/meta/recipes-core/util-linux/util-linux/0001-loopdev-add-LOOPDEV_FL_NOFOLLOW-to-prevent-symlink-a.patch
deleted file mode 100644
index 0951c9f5fb..0000000000
--- a/meta/recipes-core/util-linux/util-linux/0001-loopdev-add-LOOPDEV_FL_NOFOLLOW-to-prevent-symlink-a.patch
+++ /dev/null
@@ -1,114 +0,0 @@
-From f55f9906b4f6eeb2b4a4120317df9de935253c10 Mon Sep 17 00:00:00 2001
-From: Karel Zak <kzak@redhat.com>
-Date: Thu, 19 Feb 2026 13:59:46 +0100
-Subject: [PATCH] loopdev: add LOOPDEV_FL_NOFOLLOW to prevent symlink attacks
-
-Add a new LOOPDEV_FL_NOFOLLOW flag for loop device context that
-prevents symlink following in both path canonicalization and file open.
-
-When set:
-- loopcxt_set_backing_file() uses strdup() instead of
-  ul_canonicalize_path() (which calls realpath() and follows symlinks)
-- loopcxt_setup_device() adds O_NOFOLLOW to open() flags
-
-The flag is set for non-root (restricted) mount operations in
-libmount's loop device hook. This prevents a TOCTOU race condition
-where an attacker could replace the backing file (specified in
-/etc/fstab) with a symlink to an arbitrary root-owned file between
-path resolution and open().
-
-Vulnerable Code Flow:
-
-  mount /mnt/point (non-root, SUID)
-    mount.c: sanitize_paths() on user args (mountpoint only)
-    mnt_context_mount()
-      mnt_context_prepare_mount()
-        mnt_context_apply_fstab()           <-- source path from fstab
-        hooks run at MNT_STAGE_PREP_SOURCE
-          hook_loopdev.c: setup_loopdev()
-            backing_file = fstab source path ("/home/user/disk.img")
-            loopcxt_set_backing_file()       <-- calls realpath() as ROOT
-              ul_canonicalize_path()         <-- follows symlinks!
-            loopcxt_setup_device()
-              open(lc->filename, O_RDWR|O_CLOEXEC)  <-- no O_NOFOLLOW
-
-Two vulnerabilities in the path:
-
-1) loopcxt_set_backing_file() calls ul_canonicalize_path() which uses
-   realpath() -- this follows symlinks as euid=0. If the attacker swaps
-   the file to a symlink before this call, lc->filename becomes the
-   resolved target path (e.g., /root/secret.img).
-
-2) loopcxt_setup_device() opens lc->filename without O_NOFOLLOW. Even
-   if canonicalization happened correctly, the file can be swapped to a
-   symlink between canonicalize and open.
-
-Addresses: https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g
-Signed-off-by: Karel Zak <kzak@redhat.com>
-(cherry picked from commit 5e390467b26a3cf3fecc04e1a0d482dff3162fc4)
-
-CVE: CVE-2026-27456
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@arm.com>
----
- include/loopdev.h           | 3 ++-
- lib/loopdev.c               | 7 ++++++-
- libmount/src/hook_loopdev.c | 3 ++-
- 3 files changed, 10 insertions(+), 3 deletions(-)
-
-diff --git a/include/loopdev.h b/include/loopdev.h
-index e5ec1c98a..6bdb1393a 100644
---- a/include/loopdev.h
-+++ b/include/loopdev.h
-@@ -140,7 +140,8 @@ enum {
- 	LOOPDEV_FL_NOIOCTL	= (1 << 6),
- 	LOOPDEV_FL_DEVSUBDIR	= (1 << 7),
- 	LOOPDEV_FL_CONTROL	= (1 << 8),	/* system with /dev/loop-control */
--	LOOPDEV_FL_SIZELIMIT	= (1 << 9)
-+	LOOPDEV_FL_SIZELIMIT	= (1 << 9),
-+	LOOPDEV_FL_NOFOLLOW	= (1 << 10)	/* O_NOFOLLOW, don't follow symlinks */
- };
- 
- /*
-diff --git a/lib/loopdev.c b/lib/loopdev.c
-index 2359bf781..76685be70 100644
---- a/lib/loopdev.c
-+++ b/lib/loopdev.c
-@@ -1267,7 +1267,10 @@ int loopcxt_set_backing_file(struct loopdev_cxt *lc, const char *filename)
- 	if (!lc)
- 		return -EINVAL;
- 
--	lc->filename = canonicalize_path(filename);
-+	if (lc->flags & LOOPDEV_FL_NOFOLLOW)
-+		lc->filename = strdup(filename);
-+	else
-+		lc->filename = canonicalize_path(filename);
- 	if (!lc->filename)
- 		return -errno;
- 
-@@ -1408,6 +1411,8 @@ int loopcxt_setup_device(struct loopdev_cxt *lc)
- 
- 	if (lc->config.info.lo_flags & LO_FLAGS_DIRECT_IO)
- 		flags |= O_DIRECT;
-+	if (lc->flags & LOOPDEV_FL_NOFOLLOW)
-+		flags |= O_NOFOLLOW;
- 
- 	if ((file_fd = open(lc->filename, mode | flags)) < 0) {
- 		if (mode != O_RDONLY && (errno == EROFS || errno == EACCES))
-diff --git a/libmount/src/hook_loopdev.c b/libmount/src/hook_loopdev.c
-index 444d69d6f..34351116c 100644
---- a/libmount/src/hook_loopdev.c
-+++ b/libmount/src/hook_loopdev.c
-@@ -272,7 +272,8 @@ static int setup_loopdev(struct libmnt_context *cxt,
- 	}
- 
- 	DBG(LOOP, ul_debugobj(cxt, "not found; create a new loop device"));
--	rc = loopcxt_init(&lc, 0);
-+	rc = loopcxt_init(&lc,
-+			mnt_context_is_restricted(cxt) ? LOOPDEV_FL_NOFOLLOW : 0);
- 	if (rc)
- 		goto done_no_deinit;
- 	if (mnt_opt_has_value(loopopt)) {
--- 
-2.43.0
-
diff --git a/meta/recipes-core/util-linux/util-linux_2.41.3.bb b/meta/recipes-core/util-linux/util-linux_2.41.5.bb
similarity index 100%
rename from meta/recipes-core/util-linux/util-linux_2.41.3.bb
rename to meta/recipes-core/util-linux/util-linux_2.41.5.bb
-- 
2.34.1



^ permalink raw reply related	[flat|nested] 8+ messages in thread

* Re: [OE-core][wrynose][PATCH v2] util-linux: backport pam_lastlog2 libpam linking fix
  2026-07-06 10:56     ` Siva Kumar Balasubramanian
@ 2026-07-06 12:16       ` Yoann Congal
  0 siblings, 0 replies; 8+ messages in thread
From: Yoann Congal @ 2026-07-06 12:16 UTC (permalink / raw)
  To: Siva Kumar Balasubramanian; +Cc: openembedded-core, Chen Qi

On Mon Jul 6, 2026 at 12:56 PM CEST, Siva Kumar Balasubramanian wrote:
> Hello Yoann,
>
> Good call, I checked and the upgrade does comply with the stable policy,
> so I'll send it instead of the backport.
>
> 2.41.4 and 2.41.5 are point releases within the same 2.41 stable series
> and carry only bug fixes and security fixes, no new features and no
> API/ABI breaks. The v2.41.3...v2.41.5 range is mostly mount(8) TOCTOU /
> symlink hardening (including CVE-2026-27456), a libblkid integer overflow
> in parse_dos_extended() and a use-after-free in partition probing, plus
> the pam_lastlog2 libpam linking fix that this bug was about
> (c8d0af0421f6, in 2.41.5).
>
> A nice side effect: the upgrade lets us drop two backports that wrynose
> currently carries and that are now part of the release -
> 0001-loopdev-add-LOOPDEV_FL_NOFOLLOW-... (upstream f55f9906, in 2.41.4)
> and the pam_lastlog2 backport from my v2.
>
> I built util-linux with pam enabled on top of 2.41.5 and confirmed
> pam_lastlog2.so now lists libpam.so.0 in its NEEDED entries, so
> YOCTO #16320 is fixed.
>
> I'll send the upgrade as a separate patch (this supersedes the
> pam_lastlog2 backport v1/v2).

Thanks!
Sounds good.

I will review the upgrade in the next review cycle.

Regards,

>
> Thanks!
> Siva
>
> On Mon, Jul 6, 2026 at 3:01 PM Yoann Congal <yoann.congal@smile.fr> wrote:
>>
>> On Mon Jul 6, 2026 at 8:30 AM CEST, Siva Balasubramanian wrote:
>> > pam_lastlog2.so uses pam_syslog() and other libpam symbols but the
>> > autotools build did not link the module against libpam. With the
>> > linker default of --as-needed, libpam was discarded and did not end
>> > up in the module's ELF NEEDED entries. The module then fails to load
>> > via dlopen() in processes that do not themselves link libpam (e.g.
>> > systemd on recent Fedora, or weston on journald-based systems without
>> > syslog):
>> >
>> >   PAM unable to dlopen(/usr/lib/security/pam_lastlog2.so): undefined symbol: pam_syslog
>> >   PAM adding faulty module: /usr/lib/security/pam_lastlog2.so
>> >
>> > Backport the upstream fix (in 2.41.5) that moves -lpam into LIBADD so
>> > it is placed after the object files and retained as a NEEDED entry.
>> > Against 2.41.3 only the LIBADD line needs changing.
>>
>> Hello,
>>
>> I quickly looked at util-linux v2.41.5 and it look like we can upgrade
>> instead of backporting:
>> https://github.com/util-linux/util-linux/compare/v2.41.3...v2.41.5
>>
>> Could you check and, if you think that the upgrade complies with the
>> stable policy, send the upgrade?
>>
>> Thanks!
>>
>> >
>> > [YOCTO #16320]
>> >
>> > Signed-off-by: Siva Balasubramanian <sivakumar.bs@gmail.com>
>> > ---
>> > v2:
>> >  - Preserve the upstream commit message verbatim in the backported
>> >    patch and only append the backport info (Upstream-Status, dropped
>> >    LDFLAGS hunk note), per review feedback from Yoann Congal.
>> >  - Point Upstream-Status at the util-linux master commit
>> >    5683ed6320e00205146cbb3d0c76462733530eca (PR #4358). It is also in
>> >    the v2.41 stable branch as c8d0af0421f6 (released in 2.41.5) and is
>> >    already present in 2.42.x, so this backport targets the wrynose
>> >    branch (still on util-linux 2.41.3).
>> >  - Retag the subject for the wrynose branch.
>> >
>> >  meta/recipes-core/util-linux/util-linux.inc   |  1 +
>> >  ...ix-libpam-linking-in-autotools-build.patch | 43 +++++++++++++++++++
>> >  2 files changed, 44 insertions(+)
>> >  create mode 100644 meta/recipes-core/util-linux/util-linux/0001-pam_lastlog2-fix-libpam-linking-in-autotools-build.patch
>> >
>> > diff --git a/meta/recipes-core/util-linux/util-linux.inc b/meta/recipes-core/util-linux/util-linux.inc
>> > index 0235862666..3cdc1e2c0f 100644
>> > --- a/meta/recipes-core/util-linux/util-linux.inc
>> > +++ b/meta/recipes-core/util-linux/util-linux.inc
>> > @@ -21,6 +21,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/util-linux/v${MAJOR_VERSION}/util-lin
>> >             file://0001-ts-kill-decode-use-RTMIN-from-kill-L-instead-of-hard.patch \
>> >             file://0001-tests-script-Disable-size-option-test.patch \
>> >             file://0001-loopdev-add-LOOPDEV_FL_NOFOLLOW-to-prevent-symlink-a.patch \
>> > +           file://0001-pam_lastlog2-fix-libpam-linking-in-autotools-build.patch \
>> >             "
>> >
>> >  SRC_URI[sha256sum] = "3330d873f0fceb5560b89a7dc14e4f3288bbd880e96903ed9b50ec2b5799e58b"
>> > diff --git a/meta/recipes-core/util-linux/util-linux/0001-pam_lastlog2-fix-libpam-linking-in-autotools-build.patch b/meta/recipes-core/util-linux/util-linux/0001-pam_lastlog2-fix-libpam-linking-in-autotools-build.patch
>> > new file mode 100644
>> > index 0000000000..90532dde7a
>> > --- /dev/null
>> > +++ b/meta/recipes-core/util-linux/util-linux/0001-pam_lastlog2-fix-libpam-linking-in-autotools-build.patch
>> > @@ -0,0 +1,43 @@
>> > +From 5683ed6320e00205146cbb3d0c76462733530eca Mon Sep 17 00:00:00 2001
>> > +From: Karel Zak <kzak@redhat.com>
>> > +Date: Tue, 19 May 2026 10:54:57 +0200
>> > +Subject: [PATCH] pam_lastlog2: fix libpam linking in autotools build
>> > +
>> > +Move -lpam from LDFLAGS to LIBADD. When -lpam is in LDFLAGS it
>> > +appears on the linker command line before object files, so the
>> > +--as-needed linker flag (default on Fedora) discards it before
>> > +seeing any undefined PAM symbols. This results in pam_lastlog2.so
>> > +missing libpam.so in its ELF NEEDED entries.
>> > +
>> > +The module then fails to load with dlopen() if the calling process
>> > +does not itself link against libpam (e.g., systemd in Fedora 44+):
>> > +
>> > +  PAM unable to dlopen(pam_lastlog2.so): undefined symbol: pam_syslog
>> > +
>> > +Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2453457
>> > +Signed-off-by: Karel Zak <kzak@redhat.com>
>> > +
>> > +Upstream-Status: Backport [https://github.com/util-linux/util-linux/commit/5683ed6320e00205146cbb3d0c76462733530eca]
>> > +[Dropped the LDFLAGS hunk: the -lpam in LDFLAGS was introduced upstream
>> > + after 2.41.3 and is not present in this tree, so only the LIBADD hunk
>> > + applies here.]
>> > +Signed-off-by: Siva Balasubramanian <sivakumar.bs@gmail.com>
>> > +---
>> > + pam_lastlog2/src/Makemodule.am | 2 +-
>> > + 1 file changed, 1 insertion(+), 1 deletion(-)
>> > +
>> > +diff --git a/pam_lastlog2/src/Makemodule.am b/pam_lastlog2/src/Makemodule.am
>> > +index 40d597c58..876171e9f 100644
>> > +--- a/pam_lastlog2/src/Makemodule.am
>> > ++++ b/pam_lastlog2/src/Makemodule.am
>> > +@@ -11,7 +11,7 @@ pam_lastlog2_la_CFLAGS = \
>> > +      $(SOLIB_CFLAGS) \
>> > +      -I$(ul_liblastlog2_incdir)
>> > +
>> > +-pam_lastlog2_la_LIBADD = liblastlog2.la
>> > ++pam_lastlog2_la_LIBADD = liblastlog2.la -lpam
>> > +
>> > + pam_lastlog2_la_LDFLAGS = $(SOLIB_LDFLAGS) -module -avoid-version -shared
>> > + if HAVE_VSCRIPT
>> > +--
>> > +2.43.0
>>
>>
>> --
>> Yoann Congal
>> Smile ECS
>>


-- 
Yoann Congal
Smile ECS



^ permalink raw reply	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2026-07-06 12:16 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-06-25  9:02 [OE-core][PATCH v1] util-linux: backport pam_lastlog2 libpam linking fix Siva Balasubramanian
2026-06-25 12:55 ` Mathieu Dubois-Briand
2026-06-25 15:06   ` Siva Kumar Balasubramanian
2026-07-06  6:30 ` [OE-core][wrynose][PATCH v2] " Siva Balasubramanian
2026-07-06  9:31   ` Yoann Congal
2026-07-06 10:56     ` Siva Kumar Balasubramanian
2026-07-06 12:16       ` Yoann Congal
2026-07-06 11:55 ` [OE-core][wrynose][PATCH] util-linux: upgrade 2.41.3 -> 2.41.5 Siva Balasubramanian

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox