subtree updatesnanbield

meta-arm: 79c52afe74..9a4ae38e84:
  Emekcan Aras (1):
        arm-bsp/optee: Improve PIN counter handling robustness

  Harsimran Singh Tungal (2):
        corstone1000:arm-bsp/tftf: Fix tftf tests on mps3
        arm-bsp/tf-a-tests: fix corstone1000

  Ross Burton (2):
        arm-bsp/documentation: upgrade Sphinx slightly
        CI: use https: to fetch meta-virtualization

meta-openembedded: 2da6e1b0e4..da9063bdfb:
  Changqing Li (2):
        postgresql: upgrade 15.4 -> 15.5
        redis: upgrade 6.2.13 -> 6.2.14

  Khem Raj (1):
        webkitgtk3: upgrade 2.42.0 -> 2.42.1

  Meenali Gupta (1):
        nginx: upgrade 1.25.2 -> 1.25.3

  Mingli Yu (1):
        mariadb: Upgrade to 10.11.6

  Wang Mingyu (5):
        strongswan: upgrade 5.9.12 -> 5.9.13
        webkitgtk3: upgrade 2.42.1 -> 2.42.2
        webkitgtk3: upgrade 2.42.2 -> 2.42.3
        webkitgtk3: upgrade 2.42.3 -> 2.42.4
        libssh: upgrade 0.10.5 -> 0.10.6

  Yi Zhao (1):
        samba: upgrade 4.18.8 -> 4.18.9

poky: 61a59d00a0..1a5c00f00c:
  Alassane Yattara (1):
        bitbake: toaster/toastergui: Bug-fix verify given layer path only if import/add local layer

  Alexander Kanavin (2):
        glibc-y2038-tests: do not run tests using 32 bit time APIs
        icon-naming-utils: take tarball from debian

  Alexander Sverdlin (1):
        linux-firmware: upgrade 20231030 -> 20231211

  Anuj Mittal (2):
        base-passwd: upgrade 3.6.2 -> 3.6.3
        glib-2.0: upgrade 2.78.1 -> 2.78.3

  Baruch Siach (1):
        contributor-guide: fix lore URL

  Benjamin Bara (1):
        glibc: stable 2.38 branch updates

  Bruce Ashfield (8):
        linux-yocto/6.1: update to v6.1.69
        linux-yocto/6.1: update to v6.1.70
        linux-yocto/6.1: update CVE exclusions
        linux-yocto/6.1: update to v6.1.72
        linux-yocto/6.1: update CVE exclusions
        linux-yocto/6.1: security/cfg: add configs to harden protection
        linux-yocto/6.1: update to v6.1.73
        linux-yocto/6.1: update CVE exclusions

  Chen Qi (2):
        sudo: upgrade from 1.9.15p2 to 1.9.15p5
        multilib_global.bbclass: fix parsing error with no kernel module split

  Clay Chang (1):
        devtool: deploy: provide max_process to strip_execs

  Enguerrand de Ribaucourt (1):
        manuals: document VSCode extension

  Ilya A. Kriveshko (1):
        dev-manual: update license manifest path

  Jason Andryuk (3):
        linux-firmware: Package iwlwifi .pnvm files
        linux-firmware: Change bnx2 packaging
        linux-firmware: Create bnx2x subpackage

  Jeremy A. Puhlman (1):
        create-spdx-2.2: combine spdx can try to write before dir creation

  Joao Marcos Costa (1):
        documentation.conf: fix do_menuconfig description

  Jonathan GUILLOT (1):
        udev-extraconf: fix unmount directories containing octal-escaped chars

  Jose Quaresma (2):
        go: update 1.20.10 -> 1.20.11
        go: update 1.20.11 -> 1.20.12

  Joshua Watt (2):
        rpcbind: Specify state directory under /run
        classes-global/sstate: Fix variable typo

  Julien Stephan (1):
        externalsrc: fix task dependency for do_populate_lic

  Jörg Sommer (1):
        documentation: Add UBOOT_BINARY, extend UBOOT_CONFIG

  Kai Kang (1):
        xserver-xorg: 21.1.9 -> 21.1.11

  Khem Raj (2):
        tiff: Backport fixes for CVE-2023-6277
        tcl: Fix prepending to run-ptest script

  Lee Chee Yang (5):
        curl: Fix CVE-2023-46219
        qemu: 8.1.2 -> 8.1.4
        migration-guide: add release notes for 4.3.2
        migration-guide: add release notes for 4.0.16
        migration-guide: add release notes for 4.3.3

  Markus Volk (1):
        libadwaita: update 1.4.0 -> 1.4.2

  Massimiliano Minella (1):
        zstd: fix LICENSE statement

  Maxin B. John (1):
        ref-manual: classes: remove insserv bbclass

  Michael Opdenacker (3):
        contributor-guide: use "apt" instead of "aptitude"
        release-notes-4.3: fix spacing
        migration-guides: fix release notes for 4.3.3

  Ming Liu (2):
        grub: fs/fat: Don't error when mtime is 0
        qemu.bbclass: fix a python TypeError

  Mingli Yu (1):
        python3-license-expression: Fix the ptest failure

  Peter Kjellerstedt (1):
        devtool: modify: Handle recipes with a menuconfig task correctly

  Peter Marko (4):
        dtc: preserve version also from shallow git clones
        sqlite3: upgrade 3.43.1 -> 3.43.2
        sqlite: drop obsolete CVE ignore
        zlib: ignore CVE-2023-6992

  Richard Purdie (9):
        pseudo: Update to pull in syncfs probe fix
        sstate: Fix dir ownership issues in SSTATE_DIR
        curl: Disable two intermittently failing tests
        lib/prservice: Improve lock handling robustness
        oeqa/selftest/prservice: Improve test robustness
        curl: Disable test 1091 due to intermittent failures
        allarch: Fix allarch corner case
        reproducible: Fix race with externalsrc/devtool over lockfile
        pseudo: Update to pull in gcc14 fix and missing statvfs64 intercept

  Robert Berger (1):
        uninative-tarball.xz - reproducibility fix

  Robert Joslyn (1):
        gtk: Set CVE_PRODUCT

  Robert Yang (2):
        nfs-utils: Upgrade 2.6.3 -> 2.6.4
        nfs-utils: Update Upstream-Status

  Rodrigo M. Duarte (1):
        linux-firmware: Fix the linux-firmware-bcm4373 FILES variable

  Ross Burton (4):
        avahi: update URL for new project location
        libssh2: backport fix for CVE-2023-48795
        cve_check: handle CVE_STATUS being set to the empty string
        cve_check: cleanup logging

  Saul Wold (1):
        package.py: OEHasPackage: Add MLPREFIX to packagename

  Simone Weiß (5):
        dev-manual: start.rst: Update use of Download page
        dev-manual: start.rst: Update use of Download page
        glibc: Set status for CVE-2023-5156 & CVE-2023-0687
        dev-manual: gen-tapdevs need iptables installed
        gcc: Update status of CVE-2023-4039

  Soumya Sambu (1):
        ncurses: Fix - tty is hung after reset

  Steve Sakoman (2):
        poky.conf: bump version for 4.3.3 release
        build-appliance-image: Update to nanbield head revision

  Trevor Gamblin (1):
        scripts/runqemu: fix regex escape sequences

  Wang Mingyu (9):
        xwayland: upgrade 23.2.2 -> 23.2.3
        libatomic-ops: upgrade 7.8.0 -> 7.8.2
        libva-utils: upgrade 2.20.0 -> 2.20.1
        kea: upgrade 2.4.0 -> 2.4.1
        gstreamer1.0: upgrade 1.22.7 -> 1.22.8
        aspell: upgrade 0.60.8 -> 0.60.8.1
        at-spi2-core: upgrade 2.50.0 -> 2.50.1
        cpio: upgrade 2.14 -> 2.15
        gstreamer: upgrade 1.22.8 -> 1.22.9

  William Lyu (1):
        elfutils: Update license information

  Xiangyu Chen (2):
        shadow: Fix for CVE-2023-4641
        sudo: upgrade 1.9.14p3 -> 1.9.15p2

  Yang Xu (1):
        rootfs.py: check depmodwrapper execution result

  Yogita Urade (2):
        tiff: fix CVE-2023-6228
        tiff: fix CVE-2023-52355 and CVE-2023-52356

  Zahir Hussain (1):
        cmake: Unset CMAKE_CXX_IMPLICIT_INCLUDE_DIRECTORIES

  baruch@tkos.co.il (1):
        overlayfs: add missing closing parenthesis in selftest

Change-Id: I613697694d0eb51ae9451f7e869b69d6c1ba1fd3
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

1 files changed, 125 insertions, 0 deletions

diff --git a/poky/meta/recipes-core/base-passwd/base-passwd_3.6.3.bb b/poky/meta/recipes-core/base-passwd/base-passwd_3.6.3.bb
new file mode 100644
index 0000000000..9d7703b1c0
--- /dev/null
+++ b/poky/meta/recipes-core/base-passwd/base-passwd_3.6.3.bb
@@ -0,0 +1,125 @@
+SUMMARY = "Base system master password/group files"
+DESCRIPTION = "The master copies of the user database files (/etc/passwd and /etc/group).  The update-passwd tool is also provided to keep the system databases synchronized with these master files."
+HOMEPAGE = "https://launchpad.net/base-passwd"
+SECTION = "base"
+LICENSE = "GPL-2.0-only"
+LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a"
+
+SRC_URI = "https://launchpad.net/debian/+archive/primary/+files/${BPN}_${PV}.tar.xz \
+           file://0001-Add-a-shutdown-group.patch \
+           file://0002-Use-bin-sh-instead-of-bin-bash-for-the-root-user.patch \
+           file://0003-Remove-for-root-since-we-do-not-have-an-etc-shadow.patch \
+           file://0004-Add-an-input-group-for-the-dev-input-devices.patch \
+           file://0005-Add-kvm-group.patch \
+           file://0007-Add-wheel-group.patch \
+           file://0001-base-passwd-Add-the-sgx-group.patch \
+           "
+
+SRC_URI[sha256sum] = "83575327d8318a419caf2d543341215c046044073d1afec2acc0ac4d8095ff39"
+
+# the package is taken from launchpad; that source is static and goes stale
+# so we check the latest upstream from a directory that does get updated
+UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/b/base-passwd/"
+
+S = "${WORKDIR}/work"
+
+PACKAGECONFIG = "${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)}"
+PACKAGECONFIG[selinux] = "--enable-selinux, --disable-selinux, libselinux"
+
+inherit autotools
+
+EXTRA_OECONF += "--disable-debconf --disable-docs"
+
+NOLOGIN ?= "${base_sbindir}/nologin"
+
+do_install () {
+	install -d -m 755 ${D}${sbindir}
+	install -o root -g root -p -m 755 ${B}/update-passwd ${D}${sbindir}/
+	install -d -m 755 ${D}${mandir}/man8 ${D}${mandir}/pl/man8
+	install -p -m 644 ${S}/man/update-passwd.8 ${D}${mandir}/man8/
+	install -p -m 644 ${S}/man/update-passwd.pl.8 \
+		${D}${mandir}/pl/man8/update-passwd.8
+	gzip -9 ${D}${mandir}/man8/* ${D}${mandir}/pl/man8/*
+	install -d -m 755 ${D}${datadir}/base-passwd
+	install -o root -g root -p -m 644 ${S}/passwd.master ${D}${datadir}/base-passwd/
+	sed -i 's#:/root:#:${ROOT_HOME}:#' ${D}${datadir}/base-passwd/passwd.master
+	sed -i 's#/usr/sbin/nologin#${NOLOGIN}#' ${D}${datadir}/base-passwd/passwd.master
+	install -o root -g root -p -m 644 ${S}/group.master ${D}${datadir}/base-passwd/
+
+	install -d -m 755 ${D}${docdir}/${BPN}
+	install -p -m 644 ${S}/debian/changelog ${D}${docdir}/${BPN}/
+	gzip -9 ${D}${docdir}/${BPN}/*
+	install -p -m 644 ${S}/README ${D}${docdir}/${BPN}/
+	install -p -m 644 ${S}/debian/copyright ${D}${docdir}/${BPN}/
+}
+
+basepasswd_sysroot_postinst() {
+#!/bin/sh
+
+# Install passwd.master and group.master to sysconfdir
+install -d -m 755 ${STAGING_DIR_TARGET}${sysconfdir}
+for i in passwd group; do
+	install -p -m 644 ${STAGING_DIR_TARGET}${datadir}/base-passwd/\$i.master \
+		${STAGING_DIR_TARGET}${sysconfdir}/\$i
+done
+
+# Run any useradd postinsts
+for script in ${STAGING_DIR_TARGET}${bindir}/postinst-useradd-*; do
+	if [ -f \$script ]; then
+		\$script
+	fi
+done
+}
+
+SYSROOT_DIRS += "${sysconfdir}"
+SYSROOT_PREPROCESS_FUNCS += "base_passwd_tweaksysroot"
+
+base_passwd_tweaksysroot () {
+	mkdir -p ${SYSROOT_DESTDIR}${bindir}
+	dest=${SYSROOT_DESTDIR}${bindir}/postinst-${PN}
+	echo "${basepasswd_sysroot_postinst}" > $dest
+	chmod 0755 $dest
+}
+
+python populate_packages:prepend() {
+    # Add in the preinst function for ${PN}
+    # We have to do this here as prior to this, passwd/group.master
+    # would be unavailable. We need to create these files at preinst
+    # time before the files from the package may be available, hence
+    # storing the data from the files in the preinst directly.
+
+    f = open(d.expand("${STAGING_DATADIR}/base-passwd/passwd.master"), 'r')
+    passwd = "".join(f.readlines())
+    f.close()
+    f = open(d.expand("${STAGING_DATADIR}/base-passwd/group.master"), 'r')
+    group = "".join(f.readlines())
+    f.close()
+
+    preinst = """#!/bin/sh
+mkdir -p $D${sysconfdir}
+if [ ! -e $D${sysconfdir}/passwd ]; then
+\tcat << 'EOF' > $D${sysconfdir}/passwd
+""" + passwd + """EOF
+fi
+if [ ! -e $D${sysconfdir}/group ]; then
+\tcat << 'EOF' > $D${sysconfdir}/group
+""" + group + """EOF
+fi
+"""
+    d.setVar(d.expand('pkg_preinst:${PN}'), preinst)
+}
+
+addtask do_package after do_populate_sysroot
+
+ALLOW_EMPTY:${PN} = "1"
+
+PACKAGES =+ "${PN}-update"
+FILES:${PN}-update = "${sbindir}/* ${datadir}/${PN}"
+
+pkg_postinst:${PN}-update () {
+#!/bin/sh
+if [ -n "$D" ]; then
+	exit 0
+fi
+${sbindir}/update-passwd
+}