Age | Commit message (Collapse) | Author |
|
Since we want to be able to stop unpacking to WORKDIR, correct the WORKDIR
references in recipe do_compile/do_install tasks to use UNPACKDIR in the
appropraite places instead.
(From OE-Core rev: d73595df69667fe9d12ecd407b77a0b8dae2109c)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
0001-pam_namespace-include-stdint-h.patch
removed since it's included in 1.6.1
Changelog:
===========
* build: fail if specified configure options cannot be satisfied.
* pam_env: fixed --disable-econf --enable-vendordir support.
* pam_unix: do not warn if password aging is disabled.
* pam_unix: try to set uid to 0 before unix_chkpwd invocation.
* pam_unix: allow empty passwords with non-empty hashes.
* Multiple minor bug fixes, build fixes, portability fixes,
documentation improvements, and translation updates.
(From OE-Core rev: 2758bc1e521270c77c768a6d9701cb15dd30ea82)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 2a194d5dd1d82f233fa28a44412aea1ba4ccd434)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Apply a backported patch
(From OE-Core rev: e4fbb97fda6fe6232df743e655d0488f2353a24e)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
do_install_ptest is only called if ptest is enabled, so don't guard it
again.
(From OE-Core rev: 7f9d0f331ce5b5292117b3d8c23f747a369cfde6)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Since systemd-v255, pam-plugin-umask is pulled in by by the logind
package config for systemd. This causes /etc/environment to be installed
as part of libpam-runtime. In our case, this broke do_rootfs for our
image, because /etc/environment is already provided by another (custom)
recipe.
Fix this by making the /etc/environment file part of the pam-plugin-env
package, which isn't automatically pulled in by systemd-logind. It also
happens to be the where it should be, as the file is installed as part
of the pam_env plugin.
(From OE-Core rev: 778fcc8d2e6eb1bd2c88a6abb14dbd6666720205)
Signed-off-by: Martin Hundebøll <martin@geanix.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The documentation of systemd states that /etc/tmpfiles.d should be
reserved for the local administrator and packages should put their files
in /usr/lib/tmpfiles.d [1].
[1] https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html
(From OE-Core rev: 0a1d791e47b71b14c3dd7f41fc175c2aafacd392)
Signed-off-by: Malte Schmidt <malte.schmidt@weidmueller.com>
Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>
Signed-off-by: Lukas Funke <lukas.funke@weidmueller.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
- Drop dependency on gnu-efi, add dependency on pyelftools for EFI builds
- Refresh patches
- Ship new files and directories
- Use meson target to build sd-boot instead of filenames
- Change libpam recipe to set ANY_OF_DISTRO_FEATURES = "pam systemd" to let
logind pull in pam-plugin-umask
(From OE-Core rev: 95ed1fa4ff74a77deade51ad73b2f8963ff81548)
Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This came with latest libpam upgrade
../../Linux-PAM-1.5.3/examples/tty_conv.c:9:10: fatal error: 'termio.h' file not found
^~~~~~~~~~
1 error generated.
(From OE-Core rev: 00b5cbad49ccce7f2886b2e70b93e60e054f8f46)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: ddb5e0f8a2cc7c48e1fb53b665e2fd5ed263bb19)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Reproducer:
1.Enable the ptest of libpam and build the image.
2.Boot the rootfs with nfs, then run the following tests as root:
cd /usr/share/Linux-PAM/xtests
/usr/share/Linux-PAM/xtests# ./run-xtests.sh . tst-pam_motd1
/usr/share/Linux-PAM/xtests# ./run-xtests.sh . tst-pam_motd3
After applying this patch, the ptest doesn't be failed.
(From OE-Core rev: 549e54ad6a175359b0a57987ccdab8989df9d3a9)
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
libpam does not have a direct build time dependency toward flex.
The libpam code does not have any references to the lib and does not use
flex for anything else at runtime.
(From OE-Core rev: d48fc8e1f26120e75377caefb5f66eedce50081c)
Signed-off-by: Martin Larsson <martin.larsson@actia.se>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows
authentication bypass for SSH logins. The pam_access.so module doesn't
correctly restrict login if a user tries to connect from an IP address
that is not resolvable via DNS. In such conditions, a user with denied
access to a machine can still get access. NOTE: the relevance of this
issue is largely limited to openSUSE Tumbleweed and openSUSE Factory;
it does not affect Linux-PAM upstream.
References:
https://nvd.nist.gov/vuln/detail/CVE-2022-28321
Upstream patches:
https://github.com/linux-pam/linux-pam/commit/08992030c56c940c0707ccbc442b1c325aa01e6d
https://github.com/linux-pam/linux-pam/commit/23393bef92c1e768eda329813d7af55481c6ca9f
(From OE-Core rev: b1fd799af0086347de1ec4b72d562b1fb490def1)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: b04316bdd28b7945c2c91b4e43c007b650eedc14)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Update the deprecated path to remove the systemd warning:
/etc/tmpfiles.d/pam.conf:2: Line references path below
legacy directory /var/run/, updating /var/run/console
/run/console; please update the tmpfiles.d/
(From OE-Core rev: 7865234fadf01a434d1f7097881b70905c1b8aa2)
Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
/var/run in deprecated by systemd, use /run instead, as suggested by systemd.
This fixes the following systemd boot warning:
systemd-tmpfiles[340]: /etc/tmpfiles.d/pam.conf:1: Line references path
below legacy directory /var/run/, updating /var/run/sepermit →
/run/sepermit; please update the tmpfiles.d/ drop-in file accordingly.
(From OE-Core rev: 09eabeff2168c416c18b1c375e095b472830a9b0)
Signed-off-by: Ricardo Salveti <ricardo@foundries.io>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
In commit ceda3238 (meta/meta-selftest/meta-skeleton: Update LICENSE
variable to use SPDX license identifiers) all LICENSE variables were
updated to only use SPDX license identifiers.
This does the same for comments and other variables where it is
appropriate to use the official SPDX license identifiers. There are
still references to, e.g., "GPLv3", but they are then typically in
descriptive text where they refer to the license in a generic sense.
(From OE-Core rev: 165759dced7fbe73b1db2ede67047896071dc6d0)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
license identifiers
An automated conversion using scripts/contrib/convert-spdx-licenses.py to
convert to use the standard SPDX license identifiers. Two recipes in meta-selftest
were not converted as they're that way specifically for testing. A change in
linux-firmware was also skipped and may need a more manual tweak.
(From OE-Core rev: ceda3238cdbf1beb216ae9ddb242470d5dfc25e0)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport a patch to check whether files exist.
Before the patch:
# ./run-xtests.sh . tst-pam_access1
mv: cannot stat '/etc/security/opasswd': No such file or directory
PASS: tst-pam_access1
mv: cannot stat '/etc/security/opasswd-pam-xtests': No such file or directory
==================
1 tests passed
0 tests not run
==================
After the patch:
# ./run-xtests.sh . tst-pam_access1
PASS: tst-pam_access1
==================
1 tests passed
0 tests not run
==================
(From OE-Core rev: 4903fdbace057df2e39c10aaef3440f89748eed2)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 71780bb9ac3c9e096888128d9cf3441c1758d816)
Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Drop patches: issues fixed upstream.
Move .pc files to correct place as libpam is instructed to install them in /lib via
--libdir.
(From OE-Core rev: b2aeaab36d7d46d47301d0729b634d182277cfbd)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Make the license more accurate by specifying the specific variant of BSD
license instead of the generic one. This helps with SPDX license
attribution as "BSD" is not a valid SPDX license.
(From OE-Core rev: d9948d0439cf26af9f570e9a9d0d214294bae504)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is the result of automated script conversion:
scripts/contrib/convert-overrides.py <oe-core directory>
converting the metadata to use ":" as the override character instead of "_".
(From OE-Core rev: 42344347be29f0997cc2f7636d9603b1fe1875ae)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
tst-pam_start_confdir needs a file called confdir and it should reside
in directory pointed by srcdir env variable, therefore copy confdir into
ptest package and export srcdir before running the ptests
(From OE-Core rev: 149d84b7eba8240737a301d0fd75b69e8a767854)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: f0de19e31122abd225bd75c6202839094194a36d)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add ptest support.
(From OE-Core rev: 016efb82e90a56707995d2a6addd34e6b28b6b99)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
from commit b0384720a46fb25c4ad180e3f256ffdeb53dc8a6,
which upgrade libpam to 1.5.1, packaging is adjustd,
and the binary is packaged into libpam-runtime, so we
don't need to append them to pam-plugin-xxx.
(From OE-Core rev: 7b5a53152c0213f5efcf39c2442bb3b630f8cc09)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: d7864a46092b8030accbc8c9a1c9055a762d69ba)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
These issues are addressed in libpam overtime and no longer needed thusly
in 1.5.x
(From OE-Core rev: 488c554623839d17436333894f9f4b244347de9d)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Remove crypt_configure.patch, issue fixed upstream.
Remove pam-security-abstract-securetty-handling.patch and
pam-unix-nullok-secure.patch, patches coming from debian,
difficult to rebase, and their purpose is unclear.
Disable doc generation, as libpam messes up native and target
compiler options.
Adjust dependencies and packaging.
(From OE-Core rev: 43e3d014748b1ccff25c232b1e6d9345859c0f29)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
libpam does not support 'obscure' checks to password,
there are the same checks in pam_cracklib module.
And this fix can remove the below error message while
updating password with 'passwd':
pam_unix(passwd:chauthtok):unrecognized option[obscure]
(From OE-Core rev: ea761dbac90be77797308666fe1586b05e3df824)
Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add userdb packageconfig to control the building of the pam_userdb.so module.
This depends on dbm support being compiled in for the berkley db package.
Also, remove "--with-db-uniquename=_pam" from EXTRA_OECONF. It makes the checks
for libdb fail because it searches for the wrong symbols in libdb (and libdb
was not configured with --with-uniquename=_pam option).
db.do_configure:
checking if --with-uniquename=NAME option specified... no
libpam.do_configure:
checking for db_create_pam... no
checking for db_create... no
checking for dbm_store_pam... no
checking for dbm_store... no
checking for dbm_store in -lndbm... no
(From OE-Core rev: 3130f43c51fb9b2aed9bb7805a820ea90e68276a)
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 6d79a39856c1b325d0ed6f057d8eaef64e31569f)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
rename
Besides checking DISTRO_FEATURES for required or conflicting features,
being able to check MACHINE_FEATURES and/or COMBINED_FEATURES may also
be useful at times.
Temporarily support the old class name with a warning about future
deprecation.
(From OE-Core rev: 5f4875b950ce199e91f99c8e945a0c709166dc14)
Signed-off-by: Denys Dmytriyenko <denys@ti.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: f1d5273d53d66b217f3d4975f5cb5eb367b1aab1)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Recent upgrade to the recipe moved SRC_URI to github. Fix the version
check accordingly.
(From OE-Core rev: 6119272f8855f949d428e12ab4da987d43a6adbf)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Remove patch applied upstream.
Upstream tarball location changed.
(From OE-Core rev: 40b1825a4434334f3513f94775b176545f8d2f3a)
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Or alternatively GPL, the same as the top-level Linux-PAM COPYING.
(From OE-Core rev: 025c1b384635ef7a85e9f45f048901d6680563ae)
Signed-off-by: Douglas Royds <douglas.royds@taitradio.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fix handling of escape characters in regexs and hence fix python
Deprecation warnings which will be problematic in python 3.8.
Note that some show up as:
"""
meta/classes/package.bbclass:1293: DeprecationWarning: invalid escape sequence \.
"""
where the problem isn't on 1293 in package.bbclass but in some _prepend to a
package.bbclass function in a different file like mesa.inc, often from
do_package_split() calls.
(From OE-Core rev: 4b1c0c7d5525fc4cea9e0f02ec54e92a6fbc6199)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 0842bd7093040d1f99ffa0523b993341653b1c87)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The patch tool will apply patches by default with "fuzz", which is where if the
hunk context isn't present but what is there is close enough, it will force the
patch in.
Whilst this is useful when there's just whitespace changes, when applied to
source it is possible for a patch applied with fuzz to produce broken code which
still compiles (see #10450). This is obviously bad.
We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For
that to be realistic the existing patches with fuzz need to be rebased and
reviewed.
(From OE-Core rev: 994e43acc67efeb33d859be071609daa844e9b77)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* replace do_pam_sanity function with distro_features_check inherit
* fixes:
WARNING: libpam-1.3.0-r5 do_pam_sanity: Building libpam but 'pam' isn't in DISTRO_FEATURES, PAM won't work correctly
in world builds and prevents user to build libpam at all without pam
in DISTRO_FEATURES, I don't see any users of this which wouldn't respect
pam in DISTRO_FEATURES
* only libuser is depending on libpam without respecting DISTRO_FEATURES
* there are few recipes in meta-oe layers depending on libpam without
respecting DISTRO_FEATURES, I've sent patch for them:
samba, openwsman, pam-ssh-agent-auth, sblim-sfcb, passwdqc, python-pam, smbnetfs
and omxplayer in meta-raspberrypi, I've sent PR for that one:
https://github.com/agherzan/meta-raspberrypi/pull/192
* poky-lsb will need to add pam to DISTRO_FEATURES in order to build
packagegroup-core-lsb
(From OE-Core rev: c9e7a276859d38aaa03845ee09428f62760ad147)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
uclibc support was removed a while ago and musl works much better. Start to
remove the various overrides and patches related to uclibc which are no longer
needed.
uclibc support in a layer would still be possible. I have strong reasons to
believe nobody is still using uclibc since patches are missing and I doubt
the metadata even parses anymore.
(From OE-Core rev: 653704e9cf325cb494eb23facca19e9f05132ffd)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
bb.data.expand(x, d) is deprecated API.
[YOCTO #10678]
(From OE-Core rev: a361babe443da635aed83be46679067457fd6a58)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
getVar() now defaults to expanding by default, thus remove the True
option from getVar() calls with a regex search and replace.
Search made with the following regex: getVar ?\(( ?[^,()]*), True\)
(From OE-Core rev: 7c552996597faaee2fbee185b250c0ee30ea3b5f)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Depend only on bison-native as configure script is checking
only for bison binary and libpam itself doesn't need target bison.
Add libxml2-native for deterministic build (it detects xmlcatalog
and xmllint)
(From OE-Core rev: d904d24a9cb1f15688b9924981d9c3d4dac7065f)
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
1.2.1 -> 1.3.0
Remove upstreamed patch:
a) pam-no-innetgr.patch
Refreshed the following patches for 1.3.0:
a) crypt_configure.patch
b) pam-unix-nullok-secure.patch
(From OE-Core rev: ac512ff9fbe41428e3d71d3e943aaa871d8b155a)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Based as security reason, the system must limit users to
simultaneous system logins, or a site-defined number.
To avoid overwriting the /etc/security/limits.conf file after
upgrading this rpm package, we will define the file as
CONFFILES of package libpam-runtime.
(From OE-Core rev: bdd7c1b088f24e54cf0be83324dd6ffe677af079)
Signed-off-by: Zhixiong Chi <Zhixiong.Chi@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
With the autodebug package generation logic, specifically setting FILES_${PN}-dbg
isn't needed in most cases, we can remove them.
(From OE-Core rev: 3ab59d49dd7c18e194b58d1248b4b87709b5a738)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Define strndupa if not available in libc additionally fix headers
to explicitly needed include files which glibc was including indirectly
(From OE-Core rev: 24097d8bb481ed1312c45b2e93527a271f56e4be)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|