diff options
Diffstat (limited to 'poky/meta/recipes-extended')
38 files changed, 268 insertions, 629 deletions
diff --git a/poky/meta/recipes-extended/acpica/acpica_20201113.bb b/poky/meta/recipes-extended/acpica/acpica_20201217.bb index f2d17ca54..91bcd8a46 100644 --- a/poky/meta/recipes-extended/acpica/acpica_20201113.bb +++ b/poky/meta/recipes-extended/acpica/acpica_20201217.bb @@ -17,7 +17,7 @@ COMPATIBLE_HOST = "(i.86|x86_64|arm|aarch64).*-linux" DEPENDS = "m4-native flex-native bison-native" SRC_URI = "https://acpica.org/sites/acpica/files/acpica-unix-${PV}.tar.gz" -SRC_URI[sha256sum] = "48c4e0c07b42581d017487cc9264470e6420605ddd24cbb5d16410d02a771461" +SRC_URI[sha256sum] = "df6bb667c60577c89df5abe3270539c1b9716b69409d1074d6a7fc5c2fea087b" UPSTREAM_CHECK_URI = "https://acpica.org/downloads" diff --git a/poky/meta/recipes-extended/bash/bash/bash-CVE-2019-18276.patch b/poky/meta/recipes-extended/bash/bash/CVE-2019-18276.patch index 7b2073201..7b2073201 100644 --- a/poky/meta/recipes-extended/bash/bash/bash-CVE-2019-18276.patch +++ b/poky/meta/recipes-extended/bash/bash/CVE-2019-18276.patch diff --git a/poky/meta/recipes-extended/bash/bash_5.0.bb b/poky/meta/recipes-extended/bash/bash_5.0.bb index 257a03bd8..53e05869c 100644 --- a/poky/meta/recipes-extended/bash/bash_5.0.bb +++ b/poky/meta/recipes-extended/bash/bash_5.0.bb @@ -30,7 +30,7 @@ SRC_URI = "${GNU_MIRROR}/bash/${BP}.tar.gz;name=tarball \ file://run-ptest \ file://run-bash-ptests \ file://fix-run-builtins.patch \ - file://bash-CVE-2019-18276.patch \ + file://CVE-2019-18276.patch \ " SRC_URI[tarball.md5sum] = "2b44b47b905be16f45709648f671820b" diff --git a/poky/meta/recipes-extended/bzip2/bzip2/Makefile.am b/poky/meta/recipes-extended/bzip2/bzip2/Makefile.am index d4498947e..7338df03e 100644 --- a/poky/meta/recipes-extended/bzip2/bzip2/Makefile.am +++ b/poky/meta/recipes-extended/bzip2/bzip2/Makefile.am @@ -46,7 +46,7 @@ runtest: else echo "FAIL: sample2 decompress"; fi @if cmp sample3.tst sample3.ref; then echo "PASS: sample3 decompress";\ else echo "FAIL: sample3 decompress"; fi - ./bzip2-tests/run-tests.sh --tests-dir="$(PWD)/bzip2-tests" + ./bzip2-tests/run-tests.sh --without-valgrind --tests-dir="$(PWD)/bzip2-tests" install-ptest: sed -n '/^runtest:/,/^install-ptest:/{/^install-ptest:/!p}' \ diff --git a/poky/meta/recipes-extended/cups/cups.inc b/poky/meta/recipes-extended/cups/cups.inc index df8d4d284..e7a704134 100644 --- a/poky/meta/recipes-extended/cups/cups.inc +++ b/poky/meta/recipes-extended/cups/cups.inc @@ -20,6 +20,10 @@ SRC_URI = "https://github.com/apple/cups/releases/download/v${PV}/${BP}-source.t UPSTREAM_CHECK_URI = "https://github.com/apple/cups/releases" UPSTREAM_CHECK_REGEX = "cups-(?P<pver>\d+\.\d+(\.\d+)?)-source.tar" +# Issue only applies to MacOS +CVE_CHECK_WHITELIST += "CVE-2008-1033" +# Issue affects pdfdistiller plugin used with but not part of cups +CVE_CHECK_WHITELIST += "CVE-2009-0032" # This is an Ubuntu only issue. CVE_CHECK_WHITELIST += "CVE-2018-6553" diff --git a/poky/meta/recipes-extended/ethtool/ethtool/avoid_parallel_tests.patch b/poky/meta/recipes-extended/ethtool/ethtool/avoid_parallel_tests.patch index 673b35033..54aec0128 100644 --- a/poky/meta/recipes-extended/ethtool/ethtool/avoid_parallel_tests.patch +++ b/poky/meta/recipes-extended/ethtool/ethtool/avoid_parallel_tests.patch @@ -1,4 +1,4 @@ -From 538bd5ec36d88f17803cb848cbbfe62ad51fc2f4 Mon Sep 17 00:00:00 2001 +From b493e2fb472307997576eef33cce784594070f44 Mon Sep 17 00:00:00 2001 From: Tudor Florea <tudor.florea@enea.com> Date: Wed, 28 May 2014 18:59:54 +0200 Subject: [PATCH] ethtool: use serial-tests config needed by ptest. @@ -15,11 +15,11 @@ Upstream-Status: Inappropriate 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac -index 0162155..6866e72 100644 +index 13c2bc0..0b6ca1d 100644 --- a/configure.ac +++ b/configure.ac @@ -2,7 +2,7 @@ dnl Process this file with autoconf to produce a configure script. - AC_INIT(ethtool, 5.9, netdev@vger.kernel.org) + AC_INIT(ethtool, 5.10, netdev@vger.kernel.org) AC_PREREQ(2.52) AC_CONFIG_SRCDIR([ethtool.c]) -AM_INIT_AUTOMAKE([gnu subdir-objects]) diff --git a/poky/meta/recipes-extended/ethtool/ethtool_5.9.bb b/poky/meta/recipes-extended/ethtool/ethtool_5.10.bb index 2d2f9b77f..5c0df3acb 100644 --- a/poky/meta/recipes-extended/ethtool/ethtool_5.9.bb +++ b/poky/meta/recipes-extended/ethtool/ethtool_5.10.bb @@ -11,7 +11,7 @@ SRC_URI = "${KERNELORG_MIRROR}/software/network/ethtool/ethtool-${PV}.tar.gz \ file://avoid_parallel_tests.patch \ " -SRC_URI[sha256sum] = "f934a830554c46d7d60b1a9147f4cab15589b7e09344c4b79b1948b740f0a725" +SRC_URI[sha256sum] = "4b86adb3ed913c1ef14a276301981f696ab4ec360c19f0a5b68235c4756abae5" UPSTREAM_CHECK_URI = "https://www.kernel.org/pub/software/network/ethtool/" diff --git a/poky/meta/recipes-extended/gawk/gawk_5.1.0.bb b/poky/meta/recipes-extended/gawk/gawk_5.1.0.bb index 8c6411c86..ae897be62 100644 --- a/poky/meta/recipes-extended/gawk/gawk_5.1.0.bb +++ b/poky/meta/recipes-extended/gawk/gawk_5.1.0.bb @@ -53,4 +53,8 @@ do_install_ptest() { RDEPENDS_${PN}-ptest += "make" +RDEPENDS_${PN}-ptest_append_libc-glibc = "\ + locale-base-en-us.iso-8859-1 \ +" + BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-extended/grep/grep_3.6.bb b/poky/meta/recipes-extended/grep/grep_3.6.bb index edf9b29c8..cb009b913 100644 --- a/poky/meta/recipes-extended/grep/grep_3.6.bb +++ b/poky/meta/recipes-extended/grep/grep_3.6.bb @@ -41,3 +41,5 @@ ALTERNATIVE_${PN} = "grep egrep fgrep" ALTERNATIVE_LINK_NAME[grep] = "${base_bindir}/grep" ALTERNATIVE_LINK_NAME[egrep] = "${base_bindir}/egrep" ALTERNATIVE_LINK_NAME[fgrep] = "${base_bindir}/fgrep" + +BBCLASSEXTEND = "nativesdk" diff --git a/poky/meta/recipes-extended/groff/groff_1.22.4.bb b/poky/meta/recipes-extended/groff/groff_1.22.4.bb index e39847834..0867452ce 100644 --- a/poky/meta/recipes-extended/groff/groff_1.22.4.bb +++ b/poky/meta/recipes-extended/groff/groff_1.22.4.bb @@ -28,7 +28,7 @@ MULTILIB_SCRIPTS = "${PN}:${bindir}/gpinyin ${PN}:${bindir}/groffer ${PN}:${bind EXTRA_OECONF = "--without-x --without-doc" PARALLEL_MAKE = "" -CACHED_CONFIGUREVARS += "ac_cv_path_PERL='/usr/bin/env perl' ac_cv_path_BASH_PROG='no'" +CACHED_CONFIGUREVARS += "ac_cv_path_PERL='/usr/bin/env perl' ac_cv_path_BASH_PROG='no' PAGE=A4" do_install_append() { # Some distros have both /bin/perl and /usr/bin/perl, but we set perl location diff --git a/poky/meta/recipes-extended/libaio/libaio/destdir.patch b/poky/meta/recipes-extended/libaio/libaio/destdir.patch deleted file mode 100644 index 0f90406be..000000000 --- a/poky/meta/recipes-extended/libaio/libaio/destdir.patch +++ /dev/null @@ -1,17 +0,0 @@ -Upstream-Status: Pending - -from openembedded, added by Qing He <qing.he@intel.com> - -Index: libaio-0.3.110/Makefile -=================================================================== ---- libaio-0.3.110.orig/Makefile -+++ libaio-0.3.110/Makefile -@@ -15,7 +15,7 @@ all: - @$(MAKE) -C src - - install: -- @$(MAKE) -C src install prefix=$(prefix) includedir=$(includedir) libdir=$(libdir) -+ @$(MAKE) -C src install prefix=$(DESTDIR)$(prefix) includedir=$(DESTDIR)$(includedir) libdir=$(DESTDIR)$(libdir) - - check: - @$(MAKE) -C harness check diff --git a/poky/meta/recipes-extended/libaio/libaio/system-linkage.patch b/poky/meta/recipes-extended/libaio/libaio/system-linkage.patch index 0b1f47569..cc91ea99d 100644 --- a/poky/meta/recipes-extended/libaio/libaio/system-linkage.patch +++ b/poky/meta/recipes-extended/libaio/libaio/system-linkage.patch @@ -12,26 +12,22 @@ undefined reference to `__stack_chk_fail_local' Upstream-Status: Pending Signed-off-by: Ross Burton <ross.burton@intel.com> --- - src/Makefile | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) + src/Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Makefile b/src/Makefile -index eadb336..56ab701 100644 +index 37ae219..22e0c9a 100644 --- a/src/Makefile +++ b/src/Makefile -@@ -3,10 +3,10 @@ includedir=$(prefix)/include - libdir=$(prefix)/lib - - CFLAGS ?= -g -fomit-frame-pointer -O2 --CFLAGS += -nostdlib -nostartfiles -Wall -I. -fPIC -+CFLAGS += -Wall -I. -fPIC +@@ -6,7 +6,7 @@ CFLAGS ?= -g -fomit-frame-pointer -O2 + CFLAGS += -Wall -I. -fPIC SO_CFLAGS=-shared $(CFLAGS) L_CFLAGS=$(CFLAGS) -LINK_FLAGS= +LINK_FLAGS=$(LDFLAGS) LINK_FLAGS+=$(LDFLAGS) + ENABLE_SHARED ?= 1 - soname=libaio.so.1 -- -2.1.4 +2.25.1 diff --git a/poky/meta/recipes-extended/libaio/libaio_0.3.111.bb b/poky/meta/recipes-extended/libaio/libaio_0.3.112.bb index 8e1cd349a..b3606474a 100644 --- a/poky/meta/recipes-extended/libaio/libaio_0.3.111.bb +++ b/poky/meta/recipes-extended/libaio/libaio_0.3.112.bb @@ -7,11 +7,10 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d8045f3b8f929c1cb29a1e3fd737b499" SRC_URI = "git://pagure.io/libaio.git;protocol=https \ file://00_arches.patch \ - file://destdir.patch \ file://libaio_fix_for_mips_syscalls.patch \ file://system-linkage.patch \ " -SRCREV = "f66be22ab0a59a39858900ab72a8c6a6e8b0b7ec" +SRCREV = "d025927efa75a0d1b46ca3a5ef331caa2f46ee0e" S = "${WORKDIR}/git" EXTRA_OEMAKE =+ "prefix=${prefix} includedir=${includedir} libdir=${libdir}" diff --git a/poky/meta/recipes-extended/libtirpc/libtirpc_1.2.6.bb b/poky/meta/recipes-extended/libtirpc/libtirpc_1.3.1.bb index 10a324c3b..579226425 100644 --- a/poky/meta/recipes-extended/libtirpc/libtirpc_1.2.6.bb +++ b/poky/meta/recipes-extended/libtirpc/libtirpc_1.3.1.bb @@ -12,8 +12,7 @@ PROVIDES = "virtual/librpc" SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BP}.tar.bz2" UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/libtirpc/files/libtirpc/" UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)/" -SRC_URI[md5sum] = "b25f9cc18bfad50f7c446c77f4ae00bb" -SRC_URI[sha256sum] = "4278e9a5181d5af9cd7885322fdecebc444f9a3da87c526e7d47f7a12a37d1cc" +SRC_URI[sha256sum] = "245895caf066bec5e3d4375942c8cb4366adad184c29c618d97f724ea309ee17" inherit autotools pkgconfig diff --git a/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.56.bb b/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.57.bb index 97d3a2aab..9a9cad68c 100644 --- a/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.56.bb +++ b/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.57.bb @@ -19,8 +19,7 @@ SRC_URI = "http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-${PV}.t file://0001-Use-pkg-config-for-pcre-dependency-instead-of-config.patch \ " -SRC_URI[md5sum] = "9d94f68c8106bfcdfe7aafa0a13f45a8" -SRC_URI[sha256sum] = "e4ce84cd79e8ae8ba193c7a7cc79c4afba9a076b443ef9f8d4bcd13a3354df77" +SRC_URI[sha256sum] = "52ca961b89c12f7ecbb2e4e0c5a9e79b2863c64e33c42832a165e7f894d6217f" PACKAGECONFIG ??= "openssl pcre zlib \ ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \ diff --git a/poky/meta/recipes-extended/ltp/ltp/0001-ltp-pan-Use-long-long-int-to-print-time_t.patch b/poky/meta/recipes-extended/ltp/ltp/0001-ltp-pan-Use-long-long-int-to-print-time_t.patch new file mode 100644 index 000000000..381ac417c --- /dev/null +++ b/poky/meta/recipes-extended/ltp/ltp/0001-ltp-pan-Use-long-long-int-to-print-time_t.patch @@ -0,0 +1,33 @@ +From 6c2085badea7b461245837c452a0d3d8a8c2afff Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Sun, 20 Dec 2020 22:09:28 -0800 +Subject: [PATCH] ltp-pan: Use long long int to print time_t + +Some newer 32bit architectures ( e.g. riscv32 ) uses 64bit time_t so +using %ld is not sufficient to print time_t, this also fixes a crash in +ltp-pan on riscv32 + +Upstream-Status: Submitted [https://patchwork.ozlabs.org/project/ltp/patch/20201221061415.2540216-1-raj.khem@gmail.com/] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + pan/ltp-pan.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/pan/ltp-pan.c b/pan/ltp-pan.c +index 8b9fbe5594..54b7cb8f26 100644 +--- a/pan/ltp-pan.c ++++ b/pan/ltp-pan.c +@@ -1389,8 +1389,8 @@ static void write_test_start(struct tag_pgrp *running, int no_kmsg) + if (!strcmp(reporttype, "rts")) { + + printf +- ("%s\ntag=%s stime=%ld\ncmdline=\"%s\"\ncontacts=\"%s\"\nanalysis=%s\n%s\n", +- "<<<test_start>>>", running->cmd->name, running->mystime, ++ ("%s\ntag=%s stime=%lld\ncmdline=\"%s\"\ncontacts=\"%s\"\nanalysis=%s\n%s\n", ++ "<<<test_start>>>", running->cmd->name, (long long)running->mystime, + running->cmd->cmdline, "", "exit", "<<<test_output>>>"); + } + fflush(stdout); +-- +2.29.2 + diff --git a/poky/meta/recipes-extended/ltp/ltp_20200930.bb b/poky/meta/recipes-extended/ltp/ltp_20200930.bb index 7acf15b36..e3c49fbf5 100644 --- a/poky/meta/recipes-extended/ltp/ltp_20200930.bb +++ b/poky/meta/recipes-extended/ltp/ltp_20200930.bb @@ -34,6 +34,7 @@ SRC_URI = "git://github.com/linux-test-project/ltp.git \ file://0007-Fix-test_proc_kill-hanging.patch \ file://0001-Add-more-musl-exclusions.patch \ file://0001-Remove-OOM-tests-from-runtest-mm.patch \ + file://0001-ltp-pan-Use-long-long-int-to-print-time_t.patch \ " S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-extended/man-db/man-db_2.9.3.bb b/poky/meta/recipes-extended/man-db/man-db_2.9.3.bb index 0e6016a73..e8da92bd1 100644 --- a/poky/meta/recipes-extended/man-db/man-db_2.9.3.bb +++ b/poky/meta/recipes-extended/man-db/man-db_2.9.3.bb @@ -11,6 +11,7 @@ SRC_URI[sha256sum] = "fa5aa11ab0692daf737e76947f45669225db310b2801a5911bceb7551c DEPENDS = "libpipeline gdbm groff-native base-passwd" RDEPENDS_${PN} += "base-passwd" +PACKAGE_WRITE_DEPS += "base-passwd" # | /usr/src/debug/man-db/2.8.0-r0/man-db-2.8.0/src/whatis.c:939: undefined reference to `_nl_msg_cat_cntr' USE_NLS_libc-musl = "no" @@ -20,6 +21,11 @@ inherit gettext pkgconfig autotools systemd EXTRA_OECONF = "--with-pager=less --with-systemdsystemunitdir=${systemd_unitdir}/system" EXTRA_AUTORECONF += "-I ${S}/gl/m4" +# Can be dropped when the output next changes, avoids failures after +# reproducibility issues +PR = "r1" +HASHEQUIV_HASH_VERSION .= ".1" + do_install() { autotools_do_install diff --git a/poky/meta/recipes-extended/man-pages/man-pages_5.09.bb b/poky/meta/recipes-extended/man-pages/man-pages_5.10.bb index 00d6eb5c2..8874516aa 100644 --- a/poky/meta/recipes-extended/man-pages/man-pages_5.09.bb +++ b/poky/meta/recipes-extended/man-pages/man-pages_5.10.bb @@ -7,7 +7,7 @@ LICENSE = "GPLv2+" LIC_FILES_CHKSUM = "file://README;md5=207f70f56526417514ac46b6680e314f" SRC_URI = "${KERNELORG_MIRROR}/linux/docs/${BPN}/${BP}.tar.gz" -SRC_URI[sha256sum] = "3bd9029b94520c730fe1a1fb78ed7d8d878236da0f725ca86ee71c1969de6c4f" +SRC_URI[sha256sum] = "f2ce94a7250c49910db91806996699e1deac656097d4d53bdf56bdab4b61f228" inherit manpages diff --git a/poky/meta/recipes-extended/minicom/minicom_2.7.1.bb b/poky/meta/recipes-extended/minicom/minicom_2.7.1.bb index c584b7589..12003ff49 100644 --- a/poky/meta/recipes-extended/minicom/minicom_2.7.1.bb +++ b/poky/meta/recipes-extended/minicom/minicom_2.7.1.bb @@ -29,3 +29,5 @@ do_install() { } RRECOMMENDS_${PN} += "lrzsz" + +RDEPENDS_${PN} += "ncurses-terminfo-base" diff --git a/poky/meta/recipes-extended/msmtp/msmtp_1.8.13.bb b/poky/meta/recipes-extended/msmtp/msmtp_1.8.14.bb index 994f1c5d9..3bd5f9ede 100644 --- a/poky/meta/recipes-extended/msmtp/msmtp_1.8.13.bb +++ b/poky/meta/recipes-extended/msmtp/msmtp_1.8.14.bb @@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" UPSTREAM_CHECK_URI = "https://marlam.de/msmtp/download/" SRC_URI = "https://marlam.de/${BPN}/releases/${BP}.tar.xz" -SRC_URI[sha256sum] = "ada945ab8d519102bb632f197273b3326ded25b38c003b0cf3861d1d6d4a9bb9" +SRC_URI[sha256sum] = "d56f065d711486e9c234618515a02a48a48dab4051b34f3e108fbecb6fb773b4" inherit gettext autotools update-alternatives pkgconfig diff --git a/poky/meta/recipes-extended/pam/libpam/0001-Add-support-for-defining-missing-funcitonality.patch b/poky/meta/recipes-extended/pam/libpam/0001-Add-support-for-defining-missing-funcitonality.patch deleted file mode 100644 index c55b64813..000000000 --- a/poky/meta/recipes-extended/pam/libpam/0001-Add-support-for-defining-missing-funcitonality.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 45d1ed58927593968faead7dbb295f3922f41a2f Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Sat, 8 Aug 2015 14:16:43 -0700 -Subject: [PATCH] Add support for defining missing funcitonality - -In order to support alternative libc on linux ( musl, bioninc ) etc we -need to check for glibc-only features and provide alternatives, in this -list strndupa is first one, when configure detects that its not included -in system C library then the altrnative implementation from missing.h is -used - -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- -Upstream-Status: Pending - - configure.ac | 3 +++ - libpam/include/missing.h | 12 ++++++++++++ - modules/pam_exec/pam_exec.c | 1 + - 3 files changed, 16 insertions(+) - create mode 100644 libpam/include/missing.h - -diff --git a/configure.ac b/configure.ac -index 9e1257f..cbed979 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -599,6 +599,9 @@ dnl - AC_CHECK_DECL(__NR_keyctl, [have_key_syscalls=1],[have_key_syscalls=0],[#include <sys/syscall.h>]) - AC_CHECK_DECL(ENOKEY, [have_key_errors=1],[have_key_errors=0],[#include <errno.h>]) - -+# musl and bionic don't have strndupa -+AC_CHECK_DECLS_ONCE([strndupa]) -+ - HAVE_KEY_MANAGEMENT=0 - if test $have_key_syscalls$have_key_errors = 11 - then -diff --git a/libpam/include/missing.h b/libpam/include/missing.h -new file mode 100644 -index 0000000..3cf011c ---- /dev/null -+++ b/libpam/include/missing.h -@@ -0,0 +1,12 @@ -+#pragma once -+ -+#if !HAVE_DECL_STRNDUPA -+#define strndupa(s, n) \ -+ ({ \ -+ const char *__old = (s); \ -+ size_t __len = strnlen(__old, (n)); \ -+ char *__new = alloca(__len + 1); \ -+ __new[__len] = '\0'; \ -+ memcpy(__new, __old, __len); \ -+ }) -+#endif -diff --git a/modules/pam_exec/pam_exec.c b/modules/pam_exec/pam_exec.c -index 17ba6ca..3aa2694 100644 ---- a/modules/pam_exec/pam_exec.c -+++ b/modules/pam_exec/pam_exec.c -@@ -59,6 +59,7 @@ - #include <security/pam_modutil.h> - #include <security/pam_ext.h> - #include <security/_pam_macros.h> -+#include <missing.h> - - #define ENV_ITEM(n) { (n), #n } - static struct { --- -2.1.4 - diff --git a/poky/meta/recipes-extended/pam/libpam/0001-Makefile.am-support-usrmage.patch b/poky/meta/recipes-extended/pam/libpam/0001-Makefile.am-support-usrmage.patch new file mode 100644 index 000000000..5c6bc9270 --- /dev/null +++ b/poky/meta/recipes-extended/pam/libpam/0001-Makefile.am-support-usrmage.patch @@ -0,0 +1,28 @@ +From c09e012590c1ec2d3b622b64f1bfc10a2286c9ea Mon Sep 17 00:00:00 2001 +From: Changqing Li <changqing.li@windriver.com> +Date: Wed, 6 Jan 2021 12:08:20 +0800 +Subject: [PATCH] Makefile.am: support usrmage + +Upstream-Status: Inappropriate [oe-specific] + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + modules/pam_namespace/Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/modules/pam_namespace/Makefile.am b/modules/pam_namespace/Makefile.am +index ddd5fc0..a1f1bec 100644 +--- a/modules/pam_namespace/Makefile.am ++++ b/modules/pam_namespace/Makefile.am +@@ -18,7 +18,7 @@ TESTS = $(dist_check_SCRIPTS) + securelibdir = $(SECUREDIR) + secureconfdir = $(SCONFIGDIR) + namespaceddir = $(SCONFIGDIR)/namespace.d +-servicedir = /lib/systemd/system ++servicedir = $(systemd_system_unitdir) + + AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + -DSECURECONF_DIR=\"$(SCONFIGDIR)/\" $(WARN_CFLAGS) +-- +2.17.1 + diff --git a/poky/meta/recipes-extended/pam/libpam/0001-modules-pam_namespace-Makefile.am-correctly-install-.patch b/poky/meta/recipes-extended/pam/libpam/0001-modules-pam_namespace-Makefile.am-correctly-install-.patch new file mode 100644 index 000000000..b41d1e596 --- /dev/null +++ b/poky/meta/recipes-extended/pam/libpam/0001-modules-pam_namespace-Makefile.am-correctly-install-.patch @@ -0,0 +1,28 @@ +From e2db4082f6b988f1d5803028e9e47aee5f3519ac Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex.kanavin@gmail.com> +Date: Sun, 27 Dec 2020 00:30:45 +0100 +Subject: [PATCH] modules/pam_namespace/Makefile.am: correctly install systemd + unit file + +Upstream-Status: Pending +Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> +--- + modules/pam_namespace/Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/modules/pam_namespace/Makefile.am b/modules/pam_namespace/Makefile.am +index 21e1b33..ddd5fc0 100644 +--- a/modules/pam_namespace/Makefile.am ++++ b/modules/pam_namespace/Makefile.am +@@ -18,7 +18,7 @@ TESTS = $(dist_check_SCRIPTS) + securelibdir = $(SECUREDIR) + secureconfdir = $(SCONFIGDIR) + namespaceddir = $(SCONFIGDIR)/namespace.d +-servicedir = $(prefix)/lib/systemd/system ++servicedir = /lib/systemd/system + + AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + -DSECURECONF_DIR=\"$(SCONFIGDIR)/\" $(WARN_CFLAGS) +-- +2.24.0 + diff --git a/poky/meta/recipes-extended/pam/libpam/crypt_configure.patch b/poky/meta/recipes-extended/pam/libpam/crypt_configure.patch deleted file mode 100644 index 917a8af64..000000000 --- a/poky/meta/recipes-extended/pam/libpam/crypt_configure.patch +++ /dev/null @@ -1,40 +0,0 @@ -From b86575ab4a0df07da160283459da270e1c0372a0 Mon Sep 17 00:00:00 2001 -From: "Maxin B. John" <maxin.john@intel.com> -Date: Tue, 24 May 2016 14:11:09 +0300 -Subject: [PATCH] crypt_configure - -This patch fixes a case where it find crypt defined in libc (musl) but -not in specified libraries then it ends up assigning -LIBCRYPT="-l" which then goes into makefile cause all sort of problems -e.g. - -ld: cannot find -l-m32 -| collect2: error: ld returned 1 exit status -The reason is that -l appears on commandline with -out any library and compiler treats the next argument as library name -whatever it is. - -Upstream-Status: Pending - -Signed-off-by: Khem Raj <raj.khem@gmail.com> -Signed-off-by: Maxin B. John <maxin.john@intel.com> ---- - configure.ac | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index df39d07..e68d856 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -401,7 +401,7 @@ AS_IF([test "x$ac_cv_header_xcrypt_h" = "xyes"], - [crypt_libs="crypt"]) - - BACKUP_LIBS=$LIBS --AC_SEARCH_LIBS([crypt],[$crypt_libs], LIBCRYPT="${ac_lib:+-l$ac_lib}", LIBCRYPT="") -+AC_SEARCH_LIBS([crypt],[$crypt_libs], [test "$ac_cv_search_crypt" = "none required" || LIBCRYPT="$ac_cv_search_crypt"]) - AC_CHECK_FUNCS(crypt_r crypt_gensalt_r) - LIBS=$BACKUP_LIBS - AC_SUBST(LIBCRYPT) --- -2.4.0 - diff --git a/poky/meta/recipes-extended/pam/libpam/include_paths_header.patch b/poky/meta/recipes-extended/pam/libpam/include_paths_header.patch deleted file mode 100644 index e4eb95669..000000000 --- a/poky/meta/recipes-extended/pam/libpam/include_paths_header.patch +++ /dev/null @@ -1,59 +0,0 @@ -This patch adds missing include for paths.h which should provide -_PATH_LASTLOG definition - -Upstream-Status: Pending - -Signed-off-by: Khem Raj <raj.khem@gmail.com> -Index: Linux-PAM-1.1.6/modules/pam_lastlog/pam_lastlog.c -=================================================================== ---- Linux-PAM-1.1.6.orig/modules/pam_lastlog/pam_lastlog.c -+++ Linux-PAM-1.1.6/modules/pam_lastlog/pam_lastlog.c -@@ -23,9 +23,11 @@ - #include <stdarg.h> - #include <stdio.h> - #include <string.h> -+#include <sys/file.h> - #include <sys/types.h> - #include <syslog.h> - #include <unistd.h> -+#include <paths.h> - - #if defined(hpux) || defined(sunos) || defined(solaris) - # ifndef _PATH_LASTLOG -@@ -332,6 +334,23 @@ last_login_read(pam_handle_t *pamh, int - return retval; - } - -+#ifndef __GLIBC__ -+static void logwtmp(const char * line, const char * name, const char * host) -+{ -+ struct utmp u; -+ memset(&u, 0, sizeof(u)); -+ -+ u.ut_pid = getpid(); -+ u.ut_type = name[0] ? USER_PROCESS : DEAD_PROCESS; -+ strncpy(u.ut_line, line, sizeof(u.ut_line)); -+ strncpy(u.ut_name, name, sizeof(u.ut_name)); -+ strncpy(u.ut_host, host, sizeof(u.ut_host)); -+ gettimeofday(&(u.ut_tv), NULL); -+ -+ updwtmp(_PATH_WTMP, &u); -+} -+#endif /* __GLIBC__ */ -+ - static int - last_login_write(pam_handle_t *pamh, int announce, int last_fd, - uid_t uid, const char *user) -Index: Linux-PAM-1.1.6/modules/Makefile.am -=================================================================== ---- Linux-PAM-1.1.6.orig/modules/Makefile.am -+++ Linux-PAM-1.1.6/modules/Makefile.am -@@ -7,7 +7,7 @@ SUBDIRS = pam_access pam_cracklib pam_de - pam_group pam_issue pam_keyinit pam_lastlog pam_limits \ - pam_listfile pam_localuser pam_loginuid pam_mail \ - pam_mkhomedir pam_motd pam_namespace pam_nologin \ -- pam_permit pam_pwhistory pam_rhosts pam_rootok pam_securetty \ -+ pam_permit pam_pwhistory pam_rootok pam_securetty \ - pam_selinux pam_sepermit pam_shells pam_stress \ - pam_succeed_if pam_tally pam_tally2 pam_time pam_timestamp \ - pam_tty_audit pam_umask \ diff --git a/poky/meta/recipes-extended/pam/libpam/pam-security-abstract-securetty-handling.patch b/poky/meta/recipes-extended/pam/libpam/pam-security-abstract-securetty-handling.patch deleted file mode 100644 index 9b8d4c297..000000000 --- a/poky/meta/recipes-extended/pam/libpam/pam-security-abstract-securetty-handling.patch +++ /dev/null @@ -1,203 +0,0 @@ -Description: extract the securetty logic for use with the "nullok_secure" option - introduced in the "055_pam_unix_nullok_secure" patch. - -Upstream-Status: Pending - -Signed-off-by: Ming Liu <ming.liu@windriver.com> -=================================================================== -Index: Linux-PAM-1.3.0/modules/pam_securetty/Makefile.am -=================================================================== ---- Linux-PAM-1.3.0.orig/modules/pam_securetty/Makefile.am -+++ Linux-PAM-1.3.0/modules/pam_securetty/Makefile.am -@@ -24,6 +24,10 @@ endif - securelib_LTLIBRARIES = pam_securetty.la - pam_securetty_la_LIBADD = $(top_builddir)/libpam/libpam.la - -+pam_securetty_la_SOURCES = \ -+ pam_securetty.c \ -+ tty_secure.c -+ - if ENABLE_REGENERATE_MAN - noinst_DATA = README - README: pam_securetty.8.xml -Index: Linux-PAM-1.3.0/modules/pam_securetty/pam_securetty.c -=================================================================== ---- Linux-PAM-1.3.0.orig/modules/pam_securetty/pam_securetty.c -+++ Linux-PAM-1.3.0/modules/pam_securetty/pam_securetty.c -@@ -1,7 +1,5 @@ - /* pam_securetty module */ - --#define SECURETTY_FILE "/etc/securetty" --#define TTY_PREFIX "/dev/" - #define CMDLINE_FILE "/proc/cmdline" - #define CONSOLEACTIVE_FILE "/sys/class/tty/console/active" - -@@ -40,6 +38,9 @@ - #include <security/pam_modutil.h> - #include <security/pam_ext.h> - -+extern int _pammodutil_tty_secure(const pam_handle_t *pamh, -+ const char *uttyname); -+ - #define PAM_DEBUG_ARG 0x0001 - #define PAM_NOCONSOLE_ARG 0x0002 - -@@ -73,11 +74,7 @@ securetty_perform_check (pam_handle_t *p - const char *username; - const char *uttyname; - const void *void_uttyname; -- char ttyfileline[256]; -- char ptname[256]; -- struct stat ttyfileinfo; - struct passwd *user_pwd; -- FILE *ttyfile; - - /* log a trail for debugging */ - if (ctrl & PAM_DEBUG_ARG) { -@@ -105,50 +102,7 @@ securetty_perform_check (pam_handle_t *p - return PAM_SERVICE_ERR; - } - -- /* The PAM_TTY item may be prefixed with "/dev/" - skip that */ -- if (strncmp(TTY_PREFIX, uttyname, sizeof(TTY_PREFIX)-1) == 0) { -- uttyname += sizeof(TTY_PREFIX)-1; -- } -- -- if (stat(SECURETTY_FILE, &ttyfileinfo)) { -- pam_syslog(pamh, LOG_NOTICE, "Couldn't open %s: %m", SECURETTY_FILE); -- return PAM_SUCCESS; /* for compatibility with old securetty handling, -- this needs to succeed. But we still log the -- error. */ -- } -- -- if ((ttyfileinfo.st_mode & S_IWOTH) || !S_ISREG(ttyfileinfo.st_mode)) { -- /* If the file is world writable or is not a -- normal file, return error */ -- pam_syslog(pamh, LOG_ERR, -- "%s is either world writable or not a normal file", -- SECURETTY_FILE); -- return PAM_AUTH_ERR; -- } -- -- ttyfile = fopen(SECURETTY_FILE,"r"); -- if (ttyfile == NULL) { /* Check that we opened it successfully */ -- pam_syslog(pamh, LOG_ERR, "Error opening %s: %m", SECURETTY_FILE); -- return PAM_SERVICE_ERR; -- } -- -- if (isdigit(uttyname[0])) { -- snprintf(ptname, sizeof(ptname), "pts/%s", uttyname); -- } else { -- ptname[0] = '\0'; -- } -- -- retval = 1; -- -- while ((fgets(ttyfileline, sizeof(ttyfileline)-1, ttyfile) != NULL) -- && retval) { -- if (ttyfileline[strlen(ttyfileline) - 1] == '\n') -- ttyfileline[strlen(ttyfileline) - 1] = '\0'; -- -- retval = ( strcmp(ttyfileline, uttyname) -- && (!ptname[0] || strcmp(ptname, uttyname)) ); -- } -- fclose(ttyfile); -+ retval = _pammodutil_tty_secure(pamh, uttyname); - - if (retval && !(ctrl & PAM_NOCONSOLE_ARG)) { - FILE *cmdlinefile; -Index: Linux-PAM-1.3.0/modules/pam_securetty/tty_secure.c -=================================================================== ---- /dev/null -+++ Linux-PAM-1.3.0/modules/pam_securetty/tty_secure.c -@@ -0,0 +1,90 @@ -+/* -+ * A function to determine if a particular line is in /etc/securetty -+ */ -+ -+ -+#define SECURETTY_FILE "/etc/securetty" -+#define TTY_PREFIX "/dev/" -+ -+/* This function taken out of pam_securetty by Sam Hartman -+ * <hartmans@debian.org>*/ -+/* -+ * by Elliot Lee <sopwith@redhat.com>, Red Hat Software. -+ * July 25, 1996. -+ * Slight modifications AGM. 1996/12/3 -+ */ -+ -+#include <unistd.h> -+#include <sys/types.h> -+#include <sys/stat.h> -+#include <security/pam_modules.h> -+#include <stdarg.h> -+#include <syslog.h> -+#include <sys/syslog.h> -+#include <stdio.h> -+#include <string.h> -+#include <stdlib.h> -+#include <ctype.h> -+#include <security/pam_modutil.h> -+#include <security/pam_ext.h> -+ -+extern int _pammodutil_tty_secure(const pam_handle_t *pamh, -+ const char *uttyname); -+ -+int _pammodutil_tty_secure(const pam_handle_t *pamh, const char *uttyname) -+{ -+ int retval = PAM_AUTH_ERR; -+ char ttyfileline[256]; -+ char ptname[256]; -+ struct stat ttyfileinfo; -+ FILE *ttyfile; -+ /* The PAM_TTY item may be prefixed with "/dev/" - skip that */ -+ if (strncmp(TTY_PREFIX, uttyname, sizeof(TTY_PREFIX)-1) == 0) -+ uttyname += sizeof(TTY_PREFIX)-1; -+ -+ if (stat(SECURETTY_FILE, &ttyfileinfo)) { -+ pam_syslog(pamh, LOG_NOTICE, "Couldn't open %s: %m", -+ SECURETTY_FILE); -+ return PAM_SUCCESS; /* for compatibility with old securetty handling, -+ this needs to succeed. But we still log the -+ error. */ -+ } -+ -+ if ((ttyfileinfo.st_mode & S_IWOTH) || !S_ISREG(ttyfileinfo.st_mode)) { -+ /* If the file is world writable or is not a -+ normal file, return error */ -+ pam_syslog(pamh, LOG_ERR, -+ "%s is either world writable or not a normal file", -+ SECURETTY_FILE); -+ return PAM_AUTH_ERR; -+ } -+ -+ ttyfile = fopen(SECURETTY_FILE,"r"); -+ if(ttyfile == NULL) { /* Check that we opened it successfully */ -+ pam_syslog(pamh, LOG_ERR, "Error opening %s: %m", SECURETTY_FILE); -+ return PAM_SERVICE_ERR; -+ } -+ -+ if (isdigit(uttyname[0])) { -+ snprintf(ptname, sizeof(ptname), "pts/%s", uttyname); -+ } else { -+ ptname[0] = '\0'; -+ } -+ -+ retval = 1; -+ -+ while ((fgets(ttyfileline,sizeof(ttyfileline)-1, ttyfile) != NULL) -+ && retval) { -+ if(ttyfileline[strlen(ttyfileline) - 1] == '\n') -+ ttyfileline[strlen(ttyfileline) - 1] = '\0'; -+ retval = ( strcmp(ttyfileline,uttyname) -+ && (!ptname[0] || strcmp(ptname, uttyname)) ); -+ } -+ fclose(ttyfile); -+ -+ if(retval) { -+ retval = PAM_AUTH_ERR; -+ } -+ -+ return retval; -+} diff --git a/poky/meta/recipes-extended/pam/libpam/pam-unix-nullok-secure.patch b/poky/meta/recipes-extended/pam/libpam/pam-unix-nullok-secure.patch deleted file mode 100644 index d2cc66882..000000000 --- a/poky/meta/recipes-extended/pam/libpam/pam-unix-nullok-secure.patch +++ /dev/null @@ -1,195 +0,0 @@ -From b6545b83f94c5fb7aec1478b8d458a1393f479c8 Mon Sep 17 00:00:00 2001 -From: "Maxin B. John" <maxin.john@intel.com> -Date: Wed, 25 May 2016 14:12:25 +0300 -Subject: [PATCH] pam_unix: support 'nullok_secure' option - -Debian patch to add a new 'nullok_secure' option to pam_unix, -which accepts users with null passwords only when the applicant is -connected from a tty listed in /etc/securetty. - -Authors: Sam Hartman <hartmans@debian.org>, - Steve Langasek <vorlon@debian.org> - -Upstream-Status: Pending - -Signed-off-by: Ming Liu <ming.liu@windriver.com> -Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com> -Signed-off-by: Maxin B. John <maxin.john@intel.com> ---- - modules/pam_unix/Makefile.am | 3 ++- - modules/pam_unix/pam_unix.8.xml | 19 ++++++++++++++++++- - modules/pam_unix/support.c | 40 +++++++++++++++++++++++++++++++++++----- - modules/pam_unix/support.h | 8 ++++++-- - 4 files changed, 61 insertions(+), 9 deletions(-) - -diff --git a/modules/pam_unix/Makefile.am b/modules/pam_unix/Makefile.am -index 56df178..2bba460 100644 ---- a/modules/pam_unix/Makefile.am -+++ b/modules/pam_unix/Makefile.am -@@ -30,7 +30,8 @@ if HAVE_VERSIONING - pam_unix_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map - endif - pam_unix_la_LIBADD = $(top_builddir)/libpam/libpam.la \ -- @LIBCRYPT@ @LIBSELINUX@ @TIRPC_LIBS@ @NSL_LIBS@ -+ @LIBCRYPT@ @LIBSELINUX@ @TIRPC_LIBS@ @NSL_LIBS@ \ -+ ../pam_securetty/tty_secure.lo - - securelib_LTLIBRARIES = pam_unix.la - -diff --git a/modules/pam_unix/pam_unix.8.xml b/modules/pam_unix/pam_unix.8.xml -index 1b318f1..be0330e 100644 ---- a/modules/pam_unix/pam_unix.8.xml -+++ b/modules/pam_unix/pam_unix.8.xml -@@ -159,7 +159,24 @@ - <para> - The default action of this module is to not permit the - user access to a service if their official password is blank. -- The <option>nullok</option> argument overrides this default. -+ The <option>nullok</option> argument overrides this default -+ and allows any user with a blank password to access the -+ service. -+ </para> -+ </listitem> -+ </varlistentry> -+ <varlistentry> -+ <term> -+ <option>nullok_secure</option> -+ </term> -+ <listitem> -+ <para> -+ The default action of this module is to not permit the -+ user access to a service if their official password is blank. -+ The <option>nullok_secure</option> argument overrides this -+ default and allows any user with a blank password to access -+ the service as long as the value of PAM_TTY is set to one of -+ the values found in /etc/securetty. - </para> - </listitem> - </varlistentry> -diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c -index fc8595e..29e3341 100644 ---- a/modules/pam_unix/support.c -+++ b/modules/pam_unix/support.c -@@ -183,13 +183,22 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, - /* now parse the arguments to this module */ - - for (; argc-- > 0; ++argv) { -+ int sl; - - D(("pam_unix arg: %s", *argv)); - - for (j = 0; j < UNIX_CTRLS_; ++j) { -- if (unix_args[j].token -- && !strncmp(*argv, unix_args[j].token, strlen(unix_args[j].token))) { -- break; -+ if (unix_args[j].token) { -+ sl = strlen(unix_args[j].token); -+ if (unix_args[j].token[sl-1] == '=') { -+ /* exclude argument from comparison */ -+ if (!strncmp(*argv, unix_args[j].token, sl)) -+ break; -+ } else { -+ /* compare full strings */ -+ if (!strcmp(*argv, unix_args[j].token)) -+ break; -+ } - } - } - -@@ -560,6 +569,7 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, - if (child == 0) { - static char *envp[] = { NULL }; - const char *args[] = { NULL, NULL, NULL, NULL }; -+ int nullok = off(UNIX__NONULL, ctrl); - - /* XXX - should really tidy up PAM here too */ - -@@ -587,7 +597,16 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, - /* exec binary helper */ - args[0] = CHKPWD_HELPER; - args[1] = user; -- if (off(UNIX__NONULL, ctrl)) { /* this means we've succeeded */ -+ if (on(UNIX_NULLOK_SECURE, ctrl)) { -+ const void *uttyname; -+ retval = pam_get_item(pamh, PAM_TTY, &uttyname); -+ if (retval != PAM_SUCCESS || uttyname == NULL -+ || _pammodutil_tty_secure(pamh, (const char *)uttyname) != PAM_SUCCESS) { -+ nullok = 0; -+ } -+ } -+ -+ if (nullok) { - args[2]="nullok"; - } else { - args[2]="nonull"; -@@ -672,6 +691,17 @@ _unix_blankpasswd (pam_handle_t *pamh, unsigned int ctrl, const char *name) - if (on(UNIX__NONULL, ctrl)) - return 0; /* will fail but don't let on yet */ - -+ if (on(UNIX_NULLOK_SECURE, ctrl)) { -+ int retval2; -+ const void *uttyname; -+ retval2 = pam_get_item(pamh, PAM_TTY, &uttyname); -+ if (retval2 != PAM_SUCCESS || uttyname == NULL) -+ return 0; -+ -+ if (_pammodutil_tty_secure(pamh, (const char *)uttyname) != PAM_SUCCESS) -+ return 0; -+ } -+ - /* UNIX passwords area */ - - retval = get_pwd_hash(pamh, name, &pwd, &salt); -@@ -758,7 +788,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name - } - } - } else { -- retval = verify_pwd_hash(p, salt, off(UNIX__NONULL, ctrl)); -+ retval = verify_pwd_hash(p, salt, _unix_blankpasswd(pamh, ctrl, name)); - } - - if (retval == PAM_SUCCESS) { -diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h -index b4c279c..8da4a8e 100644 ---- a/modules/pam_unix/support.h -+++ b/modules/pam_unix/support.h -@@ -98,8 +98,9 @@ typedef struct { - #define UNIX_QUIET 28 /* Don't print informational messages */ - #define UNIX_NO_PASS_EXPIRY 29 /* Don't check for password expiration if not used for authentication */ - #define UNIX_DES 30 /* DES, default */ -+#define UNIX_NULLOK_SECURE 31 /* NULL passwords allowed only on secure ttys */ - /* -------------- */ --#define UNIX_CTRLS_ 31 /* number of ctrl arguments defined */ -+#define UNIX_CTRLS_ 32 /* number of ctrl arguments defined */ - - #define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl)) - -@@ -117,7 +118,7 @@ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] = - /* UNIX_AUTHTOK_TYPE */ {"authtok_type=", _ALL_ON_, 0100, 0}, - /* UNIX__PRELIM */ {NULL, _ALL_ON_^(0600), 0200, 0}, - /* UNIX__UPDATE */ {NULL, _ALL_ON_^(0600), 0400, 0}, --/* UNIX__NONULL */ {NULL, _ALL_ON_, 01000, 0}, -+/* UNIX__NONULL */ {NULL, _ALL_ON_^(02000000000), 01000, 0}, - /* UNIX__QUIET */ {NULL, _ALL_ON_, 02000, 0}, - /* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 04000, 0}, - /* UNIX_SHADOW */ {"shadow", _ALL_ON_, 010000, 0}, -@@ -139,6 +140,7 @@ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] = - /* UNIX_QUIET */ {"quiet", _ALL_ON_, 01000000000, 0}, - /* UNIX_NO_PASS_EXPIRY */ {"no_pass_expiry", _ALL_ON_, 02000000000, 0}, - /* UNIX_DES */ {"des", _ALL_ON_^(0260420000), 0, 1}, -+/* UNIX_NULLOK_SECURE */ {"nullok_secure", _ALL_ON_^(01000), 02000000000, 0}, - }; - - #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) -@@ -172,6 +174,8 @@ extern int _unix_read_password(pam_handle_t * pamh - ,const char *data_name - ,const void **pass); - -+extern int _pammodutil_tty_secure(const pam_handle_t *pamh, const char *uttyname); -+ - extern int _unix_run_verify_binary(pam_handle_t *pamh, - unsigned int ctrl, const char *user, int *daysleft); - #endif /* _PAM_UNIX_SUPPORT_H */ --- -2.4.0 - diff --git a/poky/meta/recipes-extended/pam/libpam_1.3.1.bb b/poky/meta/recipes-extended/pam/libpam_1.5.1.bb index bc72afe6a..8c008a970 100644 --- a/poky/meta/recipes-extended/pam/libpam_1.3.1.bb +++ b/poky/meta/recipes-extended/pam/libpam_1.5.1.bb @@ -21,17 +21,11 @@ SRC_URI = "https://github.com/linux-pam/linux-pam/releases/download/v${PV}/Linux file://pam.d/common-session-noninteractive \ file://pam.d/other \ file://libpam-xtests.patch \ - file://pam-security-abstract-securetty-handling.patch \ - file://pam-unix-nullok-secure.patch \ - file://crypt_configure.patch \ - " + file://0001-modules-pam_namespace-Makefile.am-correctly-install-.patch \ + file://0001-Makefile.am-support-usrmage.patch \ + " -SRC_URI[md5sum] = "558ff53b0fc0563ca97f79e911822165" -SRC_URI[sha256sum] = "eff47a4ecd833fbf18de9686632a70ee8d0794b79aecb217ebd0ce11db4cd0db" - -SRC_URI_append_libc-musl = " file://0001-Add-support-for-defining-missing-funcitonality.patch \ - file://include_paths_header.patch \ - " +SRC_URI[sha256sum] = "201d40730b1135b1b3cdea09f2c28ac634d73181ccd0172ceddee3649c5792fc" DEPENDS = "bison-native flex flex-native cracklib libxml2-native virtual/crypt" @@ -39,13 +33,14 @@ EXTRA_OECONF = "--includedir=${includedir}/security \ --libdir=${base_libdir} \ --disable-nis \ --disable-regenerate-docu \ + --disable-doc \ --disable-prelude" CFLAGS_append = " -fPIC " S = "${WORKDIR}/Linux-PAM-${PV}" -inherit autotools gettext pkgconfig +inherit autotools gettext pkgconfig systemd PACKAGECONFIG ??= "" PACKAGECONFIG[audit] = "--enable-audit,--disable-audit,audit," @@ -54,7 +49,7 @@ PACKAGECONFIG[userdb] = "--enable-db=db,--enable-db=no,db," PACKAGES += "${PN}-runtime ${PN}-xtests" FILES_${PN} = "${base_libdir}/lib*${SOLIBS}" FILES_${PN}-dev += "${base_libdir}/security/*.la ${base_libdir}/*.la ${base_libdir}/lib*${SOLIBSDEV}" -FILES_${PN}-runtime = "${sysconfdir}" +FILES_${PN}-runtime = "${sysconfdir} ${sbindir} ${systemd_system_unitdir}" FILES_${PN}-xtests = "${datadir}/Linux-PAM/xtests" PACKAGES_DYNAMIC += "^${MLPREFIX}pam-plugin-.*" @@ -77,11 +72,10 @@ RDEPENDS_${PN}-runtime = "${PN}-${libpam_suffix} \ RDEPENDS_${PN}-xtests = "${PN}-${libpam_suffix} \ ${MLPREFIX}pam-plugin-access-${libpam_suffix} \ ${MLPREFIX}pam-plugin-debug-${libpam_suffix} \ - ${MLPREFIX}pam-plugin-cracklib-${libpam_suffix} \ ${MLPREFIX}pam-plugin-pwhistory-${libpam_suffix} \ ${MLPREFIX}pam-plugin-succeed-if-${libpam_suffix} \ ${MLPREFIX}pam-plugin-time-${libpam_suffix} \ - coreutils" + bash coreutils" # FIXME: Native suffix breaks here, disable it for now RRECOMMENDS_${PN} = "${PN}-runtime-${libpam_suffix}" diff --git a/poky/meta/recipes-extended/parted/parted_3.3.bb b/poky/meta/recipes-extended/parted/parted_3.3.bb index a1fd3ef07..ce40c04ad 100644 --- a/poky/meta/recipes-extended/parted/parted_3.3.bb +++ b/poky/meta/recipes-extended/parted/parted_3.3.bb @@ -3,7 +3,7 @@ HOMEPAGE = "http://www.gnu.org/software/parted/parted.html" LICENSE = "GPLv3+" LIC_FILES_CHKSUM = "file://COPYING;md5=2f31b266d3440dd7ee50f92cf67d8e6c" SECTION = "console/tools" -DEPENDS = "ncurses readline util-linux virtual/libiconv" +DEPENDS = "ncurses util-linux virtual/libiconv" SRC_URI = "${GNU_MIRROR}/parted/parted-${PV}.tar.xz \ file://no_check.patch \ @@ -22,6 +22,9 @@ EXTRA_OECONF = "--disable-device-mapper" inherit autotools pkgconfig gettext texinfo ptest +PACKAGECONFIG ?= "readline" +PACKAGECONFIG[readline] = "--with-readline,--without-readline,readline" + BBCLASSEXTEND = "native nativesdk" do_compile_ptest() { diff --git a/poky/meta/recipes-extended/sed/sed_4.8.bb b/poky/meta/recipes-extended/sed/sed_4.8.bb index 39e3a61df..048db47e1 100644 --- a/poky/meta/recipes-extended/sed/sed_4.8.bb +++ b/poky/meta/recipes-extended/sed/sed_4.8.bb @@ -63,3 +63,5 @@ do_install_ptest() { } RPROVIDES_${PN} += "${@bb.utils.contains('DISTRO_FEATURES', 'usrmerge', '/bin/sed', '', d)}" + +BBCLASSEXTEND = "nativesdk" diff --git a/poky/meta/recipes-extended/shadow/shadow.inc b/poky/meta/recipes-extended/shadow/shadow.inc index f86e5e03c..4ae7a78c5 100644 --- a/poky/meta/recipes-extended/shadow/shadow.inc +++ b/poky/meta/recipes-extended/shadow/shadow.inc @@ -71,6 +71,8 @@ PAM_PLUGINS = "libpam-runtime \ pam-plugin-shells \ pam-plugin-rootok" +PAM_PLUGINS_remove_libc-musl = "pam-plugin-lastlog" + PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \ ${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}" PACKAGECONFIG_class-native ??= "${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}" diff --git a/poky/meta/recipes-extended/stress-ng/stress-ng_0.11.24.bb b/poky/meta/recipes-extended/stress-ng/stress-ng_0.12.00.bb index 3516c1545..3b38b3989 100644 --- a/poky/meta/recipes-extended/stress-ng/stress-ng_0.11.24.bb +++ b/poky/meta/recipes-extended/stress-ng/stress-ng_0.12.00.bb @@ -9,7 +9,7 @@ SRC_URI = "https://kernel.ubuntu.com/~cking/tarballs/${BPN}/${BP}.tar.xz \ file://0001-Do-not-preserve-ownership-when-installing-example-jo.patch \ file://no_daddr_t.patch \ " -SRC_URI[sha256sum] = "5b3a724a85eed48743dedf37eab851b617ecf921b7fff427c6d0bbf405534671" +SRC_URI[sha256sum] = "b2b738f574671926654b1623103a7aa58ee6911894ac78760ee188c4bfa96fe2" DEPENDS = "coreutils-native" diff --git a/poky/meta/recipes-extended/sudo/sudo_1.9.3p1.bb b/poky/meta/recipes-extended/sudo/sudo_1.9.4p1.bb index ba61a7f24..040130b49 100644 --- a/poky/meta/recipes-extended/sudo/sudo_1.9.3p1.bb +++ b/poky/meta/recipes-extended/sudo/sudo_1.9.4p1.bb @@ -7,7 +7,7 @@ SRC_URI = "https://www.sudo.ws/dist/sudo-${PV}.tar.gz \ PAM_SRC_URI = "file://sudo.pam" -SRC_URI[sha256sum] = "dcb9de53e45e1c39042074b847f5e0d8ae1890725dd6a9d9101a81569e6eb49e" +SRC_URI[sha256sum] = "1172099dfcdd2fa497e13a3c274a9f5920abd36ae7d2f7aaacd6bc6bc92fd677" DEPENDS += " virtual/crypt ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" RDEPENDS_${PN} += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-limits pam-plugin-keyinit', '', d)}" diff --git a/poky/meta/recipes-extended/timezone/timezone.inc b/poky/meta/recipes-extended/timezone/timezone.inc index 5368464f3..9a19093e2 100644 --- a/poky/meta/recipes-extended/timezone/timezone.inc +++ b/poky/meta/recipes-extended/timezone/timezone.inc @@ -6,7 +6,7 @@ SECTION = "base" LICENSE = "PD & BSD & BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba" -PV = "2020d" +PV = "2020f" SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode \ http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata \ @@ -14,5 +14,5 @@ SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones" -SRC_URI[tzcode.sha256sum] = "6cf050ba28e8053029d3f32d71341d11a794c6b5dd51a77fc769d6dae364fad5" -SRC_URI[tzdata.sha256sum] = "8d813957de363387696f05af8a8889afa282ab5016a764c701a20758d39cbaf3" +SRC_URI[tzcode.sha256sum] = "cfeeea2a7745164f64bd9f6d76e47916f4ac820c4434493674adbbd4324329c5" +SRC_URI[tzdata.sha256sum] = "121131918c3ae6dc5d40f0eb87563a2be920b71a76e2392c09519a5e4a666881" diff --git a/poky/meta/recipes-extended/which/which_2.21.bb b/poky/meta/recipes-extended/which/which_2.21.bb index fc9185061..1da69c548 100644 --- a/poky/meta/recipes-extended/which/which_2.21.bb +++ b/poky/meta/recipes-extended/which/which_2.21.bb @@ -33,3 +33,5 @@ ALTERNATIVE_PRIORITY = "100" ALTERNATIVE_${PN}-doc = "which.1" ALTERNATIVE_LINK_NAME[which.1] = "${mandir}/man1/which.1" + +BBCLASSEXTEND = "nativesdk" diff --git a/poky/meta/recipes-extended/zstd/zstd/0001-Makefile-sort-all-wildcard-file-list-expansions.patch b/poky/meta/recipes-extended/zstd/zstd/0001-Makefile-sort-all-wildcard-file-list-expansions.patch new file mode 100644 index 000000000..178124a2e --- /dev/null +++ b/poky/meta/recipes-extended/zstd/zstd/0001-Makefile-sort-all-wildcard-file-list-expansions.patch @@ -0,0 +1,80 @@ +From 8d01b0753162681dcdbb7cf56f1e393c261e3eb0 Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex.kanavin@gmail.com> +Date: Wed, 23 Dec 2020 19:14:32 +0100 +Subject: [PATCH] Makefile: sort all wildcard file list expansions + +Otherwise the order is non-deterministic and breaks +reproducible builds. + +Upstream-Status: Pending +Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> +--- + programs/Makefile | 10 +++++----- + tests/Makefile | 4 ++-- + tests/fuzz/Makefile | 2 +- + 3 files changed, 8 insertions(+), 8 deletions(-) + +diff --git a/programs/Makefile b/programs/Makefile +index 8641d0ee..26fee45f 100644 +--- a/programs/Makefile ++++ b/programs/Makefile +@@ -72,11 +72,11 @@ ZSTDLEGACY_DIR := $(ZSTDDIR)/legacy + + vpath %.c $(ZSTDLIB_COMMON) $(ZSTDLIB_COMPRESS) $(ZSTDLIB_DECOMPRESS) $(ZDICT_DIR) $(ZSTDLEGACY_DIR) + +-ZSTDLIB_COMMON_C := $(wildcard $(ZSTDLIB_COMMON)/*.c) +-ZSTDLIB_COMPRESS_C := $(wildcard $(ZSTDLIB_COMPRESS)/*.c) +-ZSTDLIB_DECOMPRESS_C := $(wildcard $(ZSTDLIB_DECOMPRESS)/*.c) ++ZSTDLIB_COMMON_C := $(sort $(wildcard $(ZSTDLIB_COMMON)/*.c)) ++ZSTDLIB_COMPRESS_C := $(sort $(wildcard $(ZSTDLIB_COMPRESS)/*.c)) ++ZSTDLIB_DECOMPRESS_C := $(sort $(wildcard $(ZSTDLIB_DECOMPRESS)/*.c)) + ZSTDLIB_CORE_SRC := $(ZSTDLIB_DECOMPRESS_C) $(ZSTDLIB_COMMON_C) $(ZSTDLIB_COMPRESS_C) +-ZDICT_SRC := $(wildcard $(ZDICT_DIR)/*.c) ++ZDICT_SRC := $(sort $(wildcard $(ZDICT_DIR)/*.c)) + + ZSTD_LEGACY_SUPPORT ?= 5 + ZSTDLEGACY_SRC := +@@ -91,7 +91,7 @@ ZSTDLIB_FULL_SRC = $(sort $(ZSTDLIB_CORE_SRC) $(ZSTDLEGACY_SRC) $(ZDICT_SRC)) + ZSTDLIB_LOCAL_SRC := $(notdir $(ZSTDLIB_FULL_SRC)) + ZSTDLIB_LOCAL_OBJ := $(ZSTDLIB_LOCAL_SRC:.c=.o) + +-ZSTD_CLI_SRC := $(wildcard *.c) ++ZSTD_CLI_SRC := $(sort $(wildcard *.c)) + ZSTD_CLI_OBJ := $(ZSTD_CLI_SRC:.c=.o) + + ZSTD_ALL_SRC := $(ZSTDLIB_LOCAL_SRC) $(ZSTD_CLI_SRC) +diff --git a/tests/Makefile b/tests/Makefile +index 42bc353c..5f5654f0 100644 +--- a/tests/Makefile ++++ b/tests/Makefile +@@ -49,7 +49,7 @@ ZSTD_FILES := $(ZSTDDECOMP_FILES) $(ZSTDCOMMON_FILES) $(ZSTDCOMP_FILES) + ZBUFF_FILES := $(ZSTDDIR)/deprecated/*.c + ZDICT_FILES := $(ZSTDDIR)/dictBuilder/*.c + +-ZSTD_F1 := $(wildcard $(ZSTD_FILES)) ++ZSTD_F1 := $(sort $(wildcard $(ZSTD_FILES))) + ZSTD_OBJ1 := $(subst $(ZSTDDIR)/common/,zstdm_,$(ZSTD_F1)) + ZSTD_OBJ2 := $(subst $(ZSTDDIR)/compress/,zstdc_,$(ZSTD_OBJ1)) + ZSTD_OBJ3 := $(subst $(ZSTDDIR)/decompress/,zstdd_,$(ZSTD_OBJ2)) +@@ -212,7 +212,7 @@ bigdict: $(ZSTDMT_OBJECTS) $(PRGDIR)/datagen.c bigdict.c + invalidDictionaries : $(ZSTD_OBJECTS) invalidDictionaries.c + + legacy : CPPFLAGS += -I$(ZSTDDIR)/legacy -DZSTD_LEGACY_SUPPORT=4 +-legacy : $(ZSTD_FILES) $(wildcard $(ZSTDDIR)/legacy/*.c) legacy.c ++legacy : $(ZSTD_FILES) $(sort $(wildcard $(ZSTDDIR)/legacy/*.c)) legacy.c + + decodecorpus : LDLIBS += -lm + decodecorpus : $(filter-out zstdc_zstd_compress.o, $(ZSTD_OBJECTS)) $(ZDICT_FILES) $(PRGDIR)/util.c $(PRGDIR)/timefn.c decodecorpus.c +diff --git a/tests/fuzz/Makefile b/tests/fuzz/Makefile +index 36232a8c..574fe877 100644 +--- a/tests/fuzz/Makefile ++++ b/tests/fuzz/Makefile +@@ -58,7 +58,7 @@ FUZZ_SRC := \ + $(ZSTDCOMP_SRC) \ + $(ZSTDDICT_SRC) \ + $(ZSTDLEGACY_SRC) +-FUZZ_SRC := $(wildcard $(FUZZ_SRC)) ++FUZZ_SRC := $(sort $(wildcard $(FUZZ_SRC))) + + FUZZ_D_OBJ1 := $(subst $(ZSTDDIR)/common/,d_lib_common_,$(FUZZ_SRC)) + FUZZ_D_OBJ2 := $(subst $(ZSTDDIR)/compress/,d_lib_compress_,$(FUZZ_D_OBJ1)) diff --git a/poky/meta/recipes-extended/zstd/zstd_1.4.8.bb b/poky/meta/recipes-extended/zstd/zstd_1.4.8.bb new file mode 100644 index 000000000..10a6334cb --- /dev/null +++ b/poky/meta/recipes-extended/zstd/zstd_1.4.8.bb @@ -0,0 +1,37 @@ +SUMMARY = "Zstandard - Fast real-time compression algorithm" +DESCRIPTION = "Zstandard is a fast lossless compression algorithm, targeting \ +real-time compression scenarios at zlib-level and better compression ratios. \ +It's backed by a very fast entropy stage, provided by Huff0 and FSE library." +HOMEPAGE = "http://www.zstd.net/" +SECTION = "console/utils" + +LICENSE = "BSD-3-Clause & GPLv2" +LIC_FILES_CHKSUM = "file://LICENSE;md5=c7f0b161edbe52f5f345a3d1311d0b32 \ + file://COPYING;md5=39bba7d2cf0ba1036f2a6e2be52fe3f0" + +SRC_URI = "git://github.com/facebook/zstd.git;branch=release \ + file://0001-Makefile-sort-all-wildcard-file-list-expansions.patch \ + " + +SRCREV = "97a3da1df009d4dc67251de0c4b1c9d7fe286fc1" +UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)" + +S = "${WORKDIR}/git" + +PACKAGECONFIG ??= "" +PACKAGECONFIG[lz4] = "HAVE_LZ4=1,HAVE_LZ4=0,lz4" +PACKAGECONFIG[lzma] = "HAVE_LZMA=1,HAVE_LZMA=0,xz" +PACKAGECONFIG[zlib] = "HAVE_ZLIB=1,HAVE_ZLIB=0,zlib" + +# See programs/README.md for how to use this +ZSTD_LEGACY_SUPPORT ??= "4" + +do_compile () { + oe_runmake ${PACKAGECONFIG_CONFARGS} ZSTD_LEGACY_SUPPORT=${ZSTD_LEGACY_SUPPORT} +} + +do_install () { + oe_runmake install 'DESTDIR=${D}' +} + +BBCLASSEXTEND = "native nativesdk" |