Message ID | 20240111131521.2305172-1-alex@linutronix.de |
---|---|
State | Accepted, archived |
Commit | e85069acf304fe0b68583cf79fe3ec4f775dca68 |
Headers | show |
Series | [v3,1/2] shadow: update 4.13 -> 4.14.2 | expand |
I'm seeing build failures on Ubuntu 20.04. GCC version: 9.4.0 1. error: parameter name omitted The problem is that the active_sessions_count function's definition lacks parameter. I did change like below: -unsigned long active_sessions_count(const char *name, unsigned long unused) +unsigned long active_sessions_count(const char *name, unsigned long unused unused_parameter) But then I observed another error, as shown below. 2. undefined reference to `dlsym'. | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: ../lib/.libs/libshadow.a(libshadow_la-nss.o): in function `nss_exit': | nss.c:(.text+0x32): undefined reference to `dlclose' | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: ../lib/.libs/libshadow.a(libshadow_la-nss.o): in function `nss_init': | nss.c:(.text+0x1dd): undefined reference to `dlopen' | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: nss.c:(.text+0x21c): undefined reference to `dlsym' | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: nss.c:(.text+0x237): undefined reference to `dlsym' | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: nss.c:(.text+0x253): undefined reference to `dlsym' | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: nss.c:(.text+0x365): undefined reference to `dlclose' | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: nss.c:(.text+0x3b2): undefined reference to `dlerror' | collect2: error: ld returned 1 exit status | make[2]: *** [Makefile:1130: su] Error 1 On Ubuntu22.04, there's no such issue. Regards, Qi On 1/11/24 21:15, Alexander Kanavin wrote: > License-Update: formatting, spdx conversion > > Drop: > 0001-Disable-use-of-syslog-for-sysroot.patch > (issue fixed upstream) > > 0001-Fix-can-not-print-full-login.patch > 0001-Overhaul-valid_field.patch > CVE-2023-29383.patch > (backports) > > libbsd is a new native dependency, as otherwise glibc >= 2.38 > is needed. > > A similar fix is added to musl in order to define non-standard __BEGIN_DECLS/__END_DECLS. > > Signed-off-by: Alexander Kanavin <alex@linutronix.de> > --- > ...01-Disable-use-of-syslog-for-sysroot.patch | 52 ------- > .../0001-Fix-can-not-print-full-login.patch | 41 ----- > .../files/0001-Overhaul-valid_field.patch | 65 -------- > .../shadow/files/CVE-2023-29383.patch | 53 ------- > .../shadow/files/CVE-2023-4641.patch | 147 ------------------ > ...nexpected-open-failure-in-chroot-env.patch | 16 +- > meta/recipes-extended/shadow/shadow.inc | 20 +-- > .../{shadow_4.13.bb => shadow_4.14.2.bb} | 0 > 8 files changed, 16 insertions(+), 378 deletions(-) > delete mode 100644 meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch > delete mode 100644 meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch > delete mode 100644 meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch > delete mode 100644 meta/recipes-extended/shadow/files/CVE-2023-29383.patch > delete mode 100644 meta/recipes-extended/shadow/files/CVE-2023-4641.patch > rename meta/recipes-extended/shadow/{shadow_4.13.bb => shadow_4.14.2.bb} (100%) > > diff --git a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch b/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch > deleted file mode 100644 > index fa1532c8317..00000000000 > --- a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch > +++ /dev/null > @@ -1,52 +0,0 @@ > -From 85d0444229ee3d14fefcf10d093f49c862826f82 Mon Sep 17 00:00:00 2001 > -From: Richard Purdie <richard.purdie@linuxfoundation.org> > -Date: Thu, 14 Apr 2022 23:11:53 +0000 > -Subject: [PATCH] Disable use of syslog for shadow-native tools > - > -Disable use of syslog to prevent sysroot user and group additions from > -writing entries to the host's syslog. This patch should only be used > -with the shadow-native recipe. > - > -Upstream-Status: Inappropriate [OE specific configuration] > -Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> > -Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> > - > ---- > - configure.ac | 2 +- > - src/login_nopam.c | 3 ++- > - 2 files changed, 3 insertions(+), 2 deletions(-) > - > -diff --git a/configure.ac b/configure.ac > -index 924254a..603af81 100644 > ---- a/configure.ac > -+++ b/configure.ac > -@@ -191,7 +191,7 @@ AC_DEFINE_UNQUOTED(PASSWD_PROGRAM, "$shadow_cv_passwd_dir/passwd", > - [Path to passwd program.]) > - > - dnl XXX - quick hack, should disappear before anyone notices :). > --AC_DEFINE(USE_SYSLOG, 1, [Define to use syslog().]) > -+#AC_DEFINE(USE_SYSLOG, 1, [Define to use syslog().]) > - if test "$ac_cv_func_ruserok" = "yes"; then > - AC_DEFINE(RLOGIN, 1, [Define if login should support the -r flag for rlogind.]) > - AC_DEFINE(RUSEROK, 0, [Define to the ruserok() "success" return value (0 or 1).]) > -diff --git a/src/login_nopam.c b/src/login_nopam.c > -index df6ba88..fc24e13 100644 > ---- a/src/login_nopam.c > -+++ b/src/login_nopam.c > -@@ -29,7 +29,6 @@ > - #ifndef USE_PAM > - #ident "$Id$" > - > --#include "prototypes.h" > - /* > - * This module implements a simple but effective form of login access > - * control based on login names and on host (or domain) names, internet > -@@ -57,6 +56,8 @@ > - #include <netinet/in.h> > - #include <arpa/inet.h> /* for inet_ntoa() */ > - > -+#include "prototypes.h" > -+ > - #if !defined(MAXHOSTNAMELEN) || (MAXHOSTNAMELEN < 64) > - #undef MAXHOSTNAMELEN > - #define MAXHOSTNAMELEN 256 > diff --git a/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch b/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch > deleted file mode 100644 > index 89f9c05c8d3..00000000000 > --- a/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch > +++ /dev/null > @@ -1,41 +0,0 @@ > -commit 670cae834827a8f794e6f7464fa57790d911b63c > -Author: SoumyaWind <121475834+SoumyaWind@users.noreply.github.com> > -Date: Tue Dec 27 17:40:17 2022 +0530 > - > - shadow: Fix can not print full login timeout message > - > - Login timed out message prints only first few bytes when write is immediately followed by exit. > - Calling exit from new handler provides enough time to display full message. > - > -Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/670cae834827a8f794e6f7464fa57790d911b63c] > - > -diff --git a/src/login.c b/src/login.c > -index 116e2cb3..c55f4de0 100644 > ---- a/src/login.c > -+++ b/src/login.c > -@@ -120,6 +120,7 @@ static void get_pam_user (char **ptr_pam_user); > - > - static void init_env (void); > - static void alarm_handler (int); > -+static void exit_handler (int); > - > - /* > - * usage - print login command usage and exit > -@@ -391,11 +392,16 @@ static void init_env (void) > - #endif /* !USE_PAM */ > - } > - > -+static void exit_handler (unused int sig) > -+{ > -+ _exit (0); > -+} > - > - static void alarm_handler (unused int sig) > - { > - write (STDERR_FILENO, tmsg, strlen (tmsg)); > -- _exit (0); > -+ signal(SIGALRM, exit_handler); > -+ alarm(2); > - } > - > - #ifdef USE_PAM > diff --git a/meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch b/meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch > deleted file mode 100644 > index ac08be515bf..00000000000 > --- a/meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch > +++ /dev/null > @@ -1,65 +0,0 @@ > -From 2eaea70111f65b16d55998386e4ceb4273c19eb4 Mon Sep 17 00:00:00 2001 > -From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com> > -Date: Fri, 31 Mar 2023 14:46:50 +0200 > -Subject: [PATCH] Overhaul valid_field() > - > -e5905c4b ("Added control character check") introduced checking for > -control characters but had the logic inverted, so it rejects all > -characters that are not control ones. > - > -Cast the character to `unsigned char` before passing to the character > -checking functions to avoid UB. > - > -Use strpbrk(3) for the illegal character test and return early. > - > -Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/2eaea70111f65b16d55998386e4ceb4273c19eb4] > - > -Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> > ---- > - lib/fields.c | 24 ++++++++++-------------- > - 1 file changed, 10 insertions(+), 14 deletions(-) > - > -diff --git a/lib/fields.c b/lib/fields.c > -index fb51b582..53929248 100644 > ---- a/lib/fields.c > -+++ b/lib/fields.c > -@@ -37,26 +37,22 @@ int valid_field (const char *field, const char *illegal) > - > - /* For each character of field, search if it appears in the list > - * of illegal characters. */ > -+ if (illegal && NULL != strpbrk (field, illegal)) { > -+ return -1; > -+ } > -+ > -+ /* Search if there are non-printable or control characters */ > - for (cp = field; '\0' != *cp; cp++) { > -- if (strchr (illegal, *cp) != NULL) { > -+ unsigned char c = *cp; > -+ if (!isprint (c)) { > -+ err = 1; > -+ } > -+ if (iscntrl (c)) { > - err = -1; > - break; > - } > - } > - > -- if (0 == err) { > -- /* Search if there are non-printable or control characters */ > -- for (cp = field; '\0' != *cp; cp++) { > -- if (!isprint (*cp)) { > -- err = 1; > -- } > -- if (!iscntrl (*cp)) { > -- err = -1; > -- break; > -- } > -- } > -- } > -- > - return err; > - } > - > --- > -2.34.1 > - > diff --git a/meta/recipes-extended/shadow/files/CVE-2023-29383.patch b/meta/recipes-extended/shadow/files/CVE-2023-29383.patch > deleted file mode 100644 > index f53341d3fc2..00000000000 > --- a/meta/recipes-extended/shadow/files/CVE-2023-29383.patch > +++ /dev/null > @@ -1,53 +0,0 @@ > -From e5905c4b84d4fb90aefcd96ee618411ebfac663d Mon Sep 17 00:00:00 2001 > -From: tomspiderlabs <128755403+tomspiderlabs@users.noreply.github.com> > -Date: Thu, 23 Mar 2023 23:39:38 +0000 > -Subject: [PATCH] Added control character check > - > -Added control character check, returning -1 (to "err") if control characters are present. > - > -CVE: CVE-2023-29383 > -Upstream-Status: Backport > - > -Reference to upstream: > -https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d > - > -Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> > ---- > - lib/fields.c | 11 +++++++---- > - 1 file changed, 7 insertions(+), 4 deletions(-) > - > -diff --git a/lib/fields.c b/lib/fields.c > -index 640be931..fb51b582 100644 > ---- a/lib/fields.c > -+++ b/lib/fields.c > -@@ -21,9 +21,9 @@ > - * > - * The supplied field is scanned for non-printable and other illegal > - * characters. > -- * + -1 is returned if an illegal character is present. > -- * + 1 is returned if no illegal characters are present, but the field > -- * contains a non-printable character. > -+ * + -1 is returned if an illegal or control character is present. > -+ * + 1 is returned if no illegal or control characters are present, > -+ * but the field contains a non-printable character. > - * + 0 is returned otherwise. > - */ > - int valid_field (const char *field, const char *illegal) > -@@ -45,10 +45,13 @@ int valid_field (const char *field, const char *illegal) > - } > - > - if (0 == err) { > -- /* Search if there are some non-printable characters */ > -+ /* Search if there are non-printable or control characters */ > - for (cp = field; '\0' != *cp; cp++) { > - if (!isprint (*cp)) { > - err = 1; > -+ } > -+ if (!iscntrl (*cp)) { > -+ err = -1; > - break; > - } > - } > --- > -2.34.1 > - > diff --git a/meta/recipes-extended/shadow/files/CVE-2023-4641.patch b/meta/recipes-extended/shadow/files/CVE-2023-4641.patch > deleted file mode 100644 > index 1fabfe928e4..00000000000 > --- a/meta/recipes-extended/shadow/files/CVE-2023-4641.patch > +++ /dev/null > @@ -1,147 +0,0 @@ > -From 25dbe2ce166a13322b7536ff2f738786ea2e61e7 Mon Sep 17 00:00:00 2001 > -From: Alejandro Colomar <alx@kernel.org> > -Date: Sat, 10 Jun 2023 16:20:05 +0200 > -Subject: [PATCH] gpasswd(1): Fix password leak > - > -How to trigger this password leak? > -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > - > -When gpasswd(1) asks for the new password, it asks twice (as is usual > -for confirming the new password). Each of those 2 password prompts > -uses agetpass() to get the password. If the second agetpass() fails, > -the first password, which has been copied into the 'static' buffer > -'pass' via STRFCPY(), wasn't being zeroed. > - > -agetpass() is defined in <./libmisc/agetpass.c> (around line 91), and > -can fail for any of the following reasons: > - > -- malloc(3) or readpassphrase(3) failure. > - > - These are going to be difficult to trigger. Maybe getting the system > - to the limits of memory utilization at that exact point, so that the > - next malloc(3) gets ENOMEM, and possibly even the OOM is triggered. > - About readpassphrase(3), ENFILE and EINTR seem the only plausible > - ones, and EINTR probably requires privilege or being the same user; > - but I wouldn't discard ENFILE so easily, if a process starts opening > - files. > - > -- The password is longer than PASS_MAX. > - > - The is plausible with physical access. However, at that point, a > - keylogger will be a much simpler attack. > - > -And, the attacker must be able to know when the second password is being > -introduced, which is not going to be easy. > - > -How to read the password after the leak? > -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > - > -Provoking the leak yourself at the right point by entering a very long > -password is easy, and inspecting the process stack at that point should > -be doable. Try to find some consistent patterns. > - > -Then, search for those patterns in free memory, right after the victim > -leaks their password. > - > -Once you get the leak, a program should read all the free memory > -searching for patterns that gpasswd(1) leaves nearby the leaked > -password. > - > -On 6/10/23 03:14, Seth Arnold wrote: > -> An attacker process wouldn't be able to use malloc(3) for this task. > -> There's a handful of tools available for userspace to allocate memory: > -> > -> - brk / sbrk > -> - mmap MAP_ANONYMOUS > -> - mmap /dev/zero > -> - mmap some other file > -> - shm_open > -> - shmget > -> > -> Most of these return only pages of zeros to a process. Using mmap of an > -> existing file, you can get some of the contents of the file demand-loaded > -> into the memory space on the first use. > -> > -> The MAP_UNINITIALIZED flag only works if the kernel was compiled with > -> CONFIG_MMAP_ALLOW_UNINITIALIZED. This is rare. > -> > -> malloc(3) doesn't zero memory, to our collective frustration, but all the > -> garbage in the allocations is from previous allocations in the current > -> process. It isn't leftover from other processes. > -> > -> The avenues available for reading the memory: > -> - /dev/mem and /dev/kmem (requires root, not available with Secure Boot) > -> - /proc/pid/mem (requires ptrace privileges, mediated by YAMA) > -> - ptrace (requires ptrace privileges, mediated by YAMA) > -> - causing memory to be swapped to disk, and then inspecting the swap > -> > -> These all require a certain amount of privileges. > - > -How to fix it? > -~~~~~~~~~~~~~~ > - > -memzero(), which internally calls explicit_bzero(3), or whatever > -alternative the system provides with a slightly different name, will > -make sure that the buffer is zeroed in memory, and optimizations are not > -allowed to impede this zeroing. > - > -This is not really 100% effective, since compilers may place copies of > -the string somewhere hidden in the stack. Those copies won't get zeroed > -by explicit_bzero(3). However, that's arguably a compiler bug, since > -compilers should make everything possible to avoid optimizing strings > -that are later passed to explicit_bzero(3). But we all know that > -sometimes it's impossible to have perfect knowledge in the compiler, so > -this is plausible. Nevertheless, there's nothing we can do against such > -issues, except minimizing the time such passwords are stored in plain > -text. > - > -Security concerns > -~~~~~~~~~~~~~~~~~ > - > -We believe this isn't easy to exploit. Nevertheless, and since the fix > -is trivial, this fix should probably be applied soon, and backported to > -all supported distributions, to prevent someone else having more > -imagination than us to find a way. > - > -Affected versions > -~~~~~~~~~~~~~~~~~ > - > -All. Bug introduced in shadow 19990709. That's the second commit in > -the git history. > - > -Fixes: 45c6603cc86c ("[svn-upgrade] Integrating new upstream version, shadow (19990709)") > - > -CVE: CVE-2023-4641 > -Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/65c88a43a23c2391dcc90c0abda3e839e9c57904] > - > -Reported-by: Alejandro Colomar <alx@kernel.org> > -Cc: Serge Hallyn <serge@hallyn.com> > -Cc: Iker Pedrosa <ipedrosa@redhat.com> > -Cc: Seth Arnold <seth.arnold@canonical.com> > -Cc: Christian Brauner <christian@brauner.io> > -Cc: Balint Reczey <rbalint@debian.org> > -Cc: Sam James <sam@gentoo.org> > -Cc: David Runge <dvzrv@archlinux.org> > -Cc: Andreas Jaeger <aj@suse.de> > -Cc: <~hallyn/shadow@lists.sr.ht> > -Signed-off-by: Alejandro Colomar <alx@kernel.org> > -Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> > ---- > - src/gpasswd.c | 1 + > - 1 file changed, 1 insertion(+) > - > -diff --git a/src/gpasswd.c b/src/gpasswd.c > -index 5983f787..2d8869ef 100644 > ---- a/src/gpasswd.c > -+++ b/src/gpasswd.c > -@@ -896,6 +896,7 @@ static void change_passwd (struct group *gr) > - strzero (cp); > - cp = getpass (_("Re-enter new password: ")); > - if (NULL == cp) { > -+ memzero (pass, sizeof pass); > - exit (1); > - } > - > --- > -2.34.1 > - > diff --git a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch > index 85d91751056..4a932d2dbb1 100644 > --- a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch > +++ b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch > @@ -1,4 +1,4 @@ > -From 21583da072aa66901d859ac00ce209bac87ddecc Mon Sep 17 00:00:00 2001 > +From a773c6b240d27e23d6be41decef0edf24fcee523 Mon Sep 17 00:00:00 2001 > From: Chen Qi <Qi.Chen@windriver.com> > Date: Thu, 17 Jul 2014 15:53:34 +0800 > Subject: [PATCH] commonio.c-fix-unexpected-open-failure-in-chroot-env > @@ -15,35 +15,37 @@ Note that this patch doesn't change the logic in the code, it just expands > the codes. > > Signed-off-by: Chen Qi <Qi.Chen@windriver.com> > - > --- > lib/commonio.c | 16 ++++++++++++---- > 1 file changed, 12 insertions(+), 4 deletions(-) > > diff --git a/lib/commonio.c b/lib/commonio.c > -index 9a02ce1..61384ec 100644 > +index 73fdb3a..d1231e9 100644 > --- a/lib/commonio.c > +++ b/lib/commonio.c > -@@ -616,10 +616,18 @@ int commonio_open (struct commonio_db *db, int mode) > +@@ -606,10 +606,18 @@ int commonio_open (struct commonio_db *db, int mode) > db->cursor = NULL; > db->changed = false; > > - fd = open (db->filename, > - (db->readonly ? O_RDONLY : O_RDWR) > -- | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW); > +- | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW | O_CLOEXEC); > - saved_errno = errno; > + if (db->readonly) { > + fd = open (db->filename, > + (true ? O_RDONLY : O_RDWR) > -+ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW); > ++ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW | O_CLOEXEC); > + saved_errno = errno; > + } else { > + fd = open (db->filename, > + (false ? O_RDONLY : O_RDWR) > -+ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW); > ++ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW| O_CLOEXEC); > + saved_errno = errno; > + } > + > db->fp = NULL; > if (fd >= 0) { > #ifdef WITH_TCB > +-- > +2.30.2 > + > diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc > index ce3ce627156..c024746d4ff 100644 > --- a/meta/recipes-extended/shadow/shadow.inc > +++ b/meta/recipes-extended/shadow/shadow.inc > @@ -5,7 +5,7 @@ BUGTRACKER = "http://github.com/shadow-maint/shadow/issues" > SECTION = "base/utils" > LICENSE = "BSD-3-Clause" > LIC_FILES_CHKSUM = "file://COPYING;md5=c9a450b7be84eac23e6353efecb60b5b \ > - file://src/passwd.c;beginline=2;endline=30;md5=758c26751513b6795395275969dd3be1 \ > + file://src/passwd.c;beginline=2;endline=7;md5=67bcf314687820b2f010d4863fce3fc5 \ > " > > DEPENDS = "virtual/crypt" > @@ -14,10 +14,6 @@ GITHUB_BASE_URI = "https://github.com/shadow-maint/shadow/releases" > SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BP}.tar.gz \ > ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \ > file://useradd \ > - file://0001-Fix-can-not-print-full-login.patch \ > - file://CVE-2023-29383.patch \ > - file://0001-Overhaul-valid_field.patch \ > - file://CVE-2023-4641.patch \ > " > > SRC_URI:append:class-target = " \ > @@ -26,14 +22,9 @@ SRC_URI:append:class-target = " \ > " > > SRC_URI:append:class-native = " \ > - file://0001-Disable-use-of-syslog-for-sysroot.patch \ > file://commonio.c-fix-unexpected-open-failure-in-chroot-env.patch \ > " > -SRC_URI:append:class-nativesdk = " \ > - file://0001-Disable-use-of-syslog-for-sysroot.patch \ > - " > -SRC_URI[sha256sum] = "813057047499c7fe81108adcf0cffa3ad4ec75e19a80151f9cbaa458ff2e86cd" > - > +SRC_URI[sha256sum] = "a305edf5d19bddbdf5e836d2d609fa8bff2d35458819de4d9f06306a1cf24342" > > # Additional Policy files for PAM > PAM_SRC_URI = "file://pam.d/chfn \ > @@ -44,7 +35,7 @@ PAM_SRC_URI = "file://pam.d/chfn \ > file://pam.d/passwd \ > file://pam.d/su" > > -inherit autotools gettext github-releases > +inherit autotools gettext github-releases pkgconfig > > export CONFIG_SHELL="/bin/sh" > > @@ -54,6 +45,8 @@ EXTRA_OECONF += "--without-libcrack \ > --without-sssd \ > ${NSCDOPT}" > > +CFLAGS:append:libc-musl = " -DLIBBSD_OVERLAY" > + > NSCDOPT = "" > NSCDOPT:class-native = "--without-nscd" > NSCDOPT:class-nativesdk = "--without-nscd" > @@ -73,13 +66,14 @@ PAM_PLUGINS = "libpam-runtime \ > > PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \ > ${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}" > -PACKAGECONFIG:class-native ??= "${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}" > +PACKAGECONFIG:class-native ??= "${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)} libbsd" > PACKAGECONFIG:class-nativesdk = "" > PACKAGECONFIG[pam] = "--with-libpam,--without-libpam,libpam,${PAM_PLUGINS}" > PACKAGECONFIG[attr] = "--with-attr,--without-attr,attr" > PACKAGECONFIG[acl] = "--with-acl,--without-acl,acl" > PACKAGECONFIG[audit] = "--with-audit,--without-audit,audit" > PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux libsemanage" > +PACKAGECONFIG[libbsd] = "--with-libbsd,--without-libbsd,libbsd" > > RDEPENDS:${PN} = "shadow-securetty \ > base-passwd \ > diff --git a/meta/recipes-extended/shadow/shadow_4.13.bb b/meta/recipes-extended/shadow/shadow_4.14.2.bb > similarity index 100% > rename from meta/recipes-extended/shadow/shadow_4.13.bb > rename to meta/recipes-extended/shadow/shadow_4.14.2.bb > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#193542): https://lists.openembedded.org/g/openembedded-core/message/193542 > Mute This Topic: https://lists.openembedded.org/mt/103661547/7304865 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [Qi.Chen@eng.windriver.com] > -=-=-=-=-=-=-=-=-=-=-=- >
I just tried poky master on ubuntu 20.04, and the issues do not appear. Do you have a custom setup? Alex On Fri, 19 Jan 2024 at 04:06, ChenQi <Qi.Chen@windriver.com> wrote: > > I'm seeing build failures on Ubuntu 20.04. > GCC version: 9.4.0 > > 1. error: parameter name omitted > The problem is that the active_sessions_count function's definition > lacks parameter. I did change like below: > -unsigned long active_sessions_count(const char *name, unsigned long unused) > +unsigned long active_sessions_count(const char *name, unsigned long > unused unused_parameter) > But then I observed another error, as shown below. > > 2. undefined reference to `dlsym'. > | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: > ../lib/.libs/libshadow.a(libshadow_la-nss.o): in function `nss_exit': > | nss.c:(.text+0x32): undefined reference to `dlclose' > | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: > ../lib/.libs/libshadow.a(libshadow_la-nss.o): in function `nss_init': > | nss.c:(.text+0x1dd): undefined reference to `dlopen' > | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: > nss.c:(.text+0x21c): undefined reference to `dlsym' > | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: > nss.c:(.text+0x237): undefined reference to `dlsym' > | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: > nss.c:(.text+0x253): undefined reference to `dlsym' > | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: > nss.c:(.text+0x365): undefined reference to `dlclose' > | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: > nss.c:(.text+0x3b2): undefined reference to `dlerror' > | collect2: error: ld returned 1 exit status > | make[2]: *** [Makefile:1130: su] Error 1 > > On Ubuntu22.04, there's no such issue. > > Regards, > Qi > > On 1/11/24 21:15, Alexander Kanavin wrote: > > License-Update: formatting, spdx conversion > > > > Drop: > > 0001-Disable-use-of-syslog-for-sysroot.patch > > (issue fixed upstream) > > > > 0001-Fix-can-not-print-full-login.patch > > 0001-Overhaul-valid_field.patch > > CVE-2023-29383.patch > > (backports) > > > > libbsd is a new native dependency, as otherwise glibc >= 2.38 > > is needed. > > > > A similar fix is added to musl in order to define non-standard __BEGIN_DECLS/__END_DECLS. > > > > Signed-off-by: Alexander Kanavin <alex@linutronix.de> > > --- > > ...01-Disable-use-of-syslog-for-sysroot.patch | 52 ------- > > .../0001-Fix-can-not-print-full-login.patch | 41 ----- > > .../files/0001-Overhaul-valid_field.patch | 65 -------- > > .../shadow/files/CVE-2023-29383.patch | 53 ------- > > .../shadow/files/CVE-2023-4641.patch | 147 ------------------ > > ...nexpected-open-failure-in-chroot-env.patch | 16 +- > > meta/recipes-extended/shadow/shadow.inc | 20 +-- > > .../{shadow_4.13.bb => shadow_4.14.2.bb} | 0 > > 8 files changed, 16 insertions(+), 378 deletions(-) > > delete mode 100644 meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch > > delete mode 100644 meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch > > delete mode 100644 meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch > > delete mode 100644 meta/recipes-extended/shadow/files/CVE-2023-29383.patch > > delete mode 100644 meta/recipes-extended/shadow/files/CVE-2023-4641.patch > > rename meta/recipes-extended/shadow/{shadow_4.13.bb => shadow_4.14.2.bb} (100%) > > > > diff --git a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch b/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch > > deleted file mode 100644 > > index fa1532c8317..00000000000 > > --- a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch > > +++ /dev/null > > @@ -1,52 +0,0 @@ > > -From 85d0444229ee3d14fefcf10d093f49c862826f82 Mon Sep 17 00:00:00 2001 > > -From: Richard Purdie <richard.purdie@linuxfoundation.org> > > -Date: Thu, 14 Apr 2022 23:11:53 +0000 > > -Subject: [PATCH] Disable use of syslog for shadow-native tools > > - > > -Disable use of syslog to prevent sysroot user and group additions from > > -writing entries to the host's syslog. This patch should only be used > > -with the shadow-native recipe. > > - > > -Upstream-Status: Inappropriate [OE specific configuration] > > -Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> > > -Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> > > - > > ---- > > - configure.ac | 2 +- > > - src/login_nopam.c | 3 ++- > > - 2 files changed, 3 insertions(+), 2 deletions(-) > > - > > -diff --git a/configure.ac b/configure.ac > > -index 924254a..603af81 100644 > > ---- a/configure.ac > > -+++ b/configure.ac > > -@@ -191,7 +191,7 @@ AC_DEFINE_UNQUOTED(PASSWD_PROGRAM, "$shadow_cv_passwd_dir/passwd", > > - [Path to passwd program.]) > > - > > - dnl XXX - quick hack, should disappear before anyone notices :). > > --AC_DEFINE(USE_SYSLOG, 1, [Define to use syslog().]) > > -+#AC_DEFINE(USE_SYSLOG, 1, [Define to use syslog().]) > > - if test "$ac_cv_func_ruserok" = "yes"; then > > - AC_DEFINE(RLOGIN, 1, [Define if login should support the -r flag for rlogind.]) > > - AC_DEFINE(RUSEROK, 0, [Define to the ruserok() "success" return value (0 or 1).]) > > -diff --git a/src/login_nopam.c b/src/login_nopam.c > > -index df6ba88..fc24e13 100644 > > ---- a/src/login_nopam.c > > -+++ b/src/login_nopam.c > > -@@ -29,7 +29,6 @@ > > - #ifndef USE_PAM > > - #ident "$Id$" > > - > > --#include "prototypes.h" > > - /* > > - * This module implements a simple but effective form of login access > > - * control based on login names and on host (or domain) names, internet > > -@@ -57,6 +56,8 @@ > > - #include <netinet/in.h> > > - #include <arpa/inet.h> /* for inet_ntoa() */ > > - > > -+#include "prototypes.h" > > -+ > > - #if !defined(MAXHOSTNAMELEN) || (MAXHOSTNAMELEN < 64) > > - #undef MAXHOSTNAMELEN > > - #define MAXHOSTNAMELEN 256 > > diff --git a/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch b/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch > > deleted file mode 100644 > > index 89f9c05c8d3..00000000000 > > --- a/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch > > +++ /dev/null > > @@ -1,41 +0,0 @@ > > -commit 670cae834827a8f794e6f7464fa57790d911b63c > > -Author: SoumyaWind <121475834+SoumyaWind@users.noreply.github.com> > > -Date: Tue Dec 27 17:40:17 2022 +0530 > > - > > - shadow: Fix can not print full login timeout message > > - > > - Login timed out message prints only first few bytes when write is immediately followed by exit. > > - Calling exit from new handler provides enough time to display full message. > > - > > -Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/670cae834827a8f794e6f7464fa57790d911b63c] > > - > > -diff --git a/src/login.c b/src/login.c > > -index 116e2cb3..c55f4de0 100644 > > ---- a/src/login.c > > -+++ b/src/login.c > > -@@ -120,6 +120,7 @@ static void get_pam_user (char **ptr_pam_user); > > - > > - static void init_env (void); > > - static void alarm_handler (int); > > -+static void exit_handler (int); > > - > > - /* > > - * usage - print login command usage and exit > > -@@ -391,11 +392,16 @@ static void init_env (void) > > - #endif /* !USE_PAM */ > > - } > > - > > -+static void exit_handler (unused int sig) > > -+{ > > -+ _exit (0); > > -+} > > - > > - static void alarm_handler (unused int sig) > > - { > > - write (STDERR_FILENO, tmsg, strlen (tmsg)); > > -- _exit (0); > > -+ signal(SIGALRM, exit_handler); > > -+ alarm(2); > > - } > > - > > - #ifdef USE_PAM > > diff --git a/meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch b/meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch > > deleted file mode 100644 > > index ac08be515bf..00000000000 > > --- a/meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch > > +++ /dev/null > > @@ -1,65 +0,0 @@ > > -From 2eaea70111f65b16d55998386e4ceb4273c19eb4 Mon Sep 17 00:00:00 2001 > > -From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com> > > -Date: Fri, 31 Mar 2023 14:46:50 +0200 > > -Subject: [PATCH] Overhaul valid_field() > > - > > -e5905c4b ("Added control character check") introduced checking for > > -control characters but had the logic inverted, so it rejects all > > -characters that are not control ones. > > - > > -Cast the character to `unsigned char` before passing to the character > > -checking functions to avoid UB. > > - > > -Use strpbrk(3) for the illegal character test and return early. > > - > > -Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/2eaea70111f65b16d55998386e4ceb4273c19eb4] > > - > > -Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> > > ---- > > - lib/fields.c | 24 ++++++++++-------------- > > - 1 file changed, 10 insertions(+), 14 deletions(-) > > - > > -diff --git a/lib/fields.c b/lib/fields.c > > -index fb51b582..53929248 100644 > > ---- a/lib/fields.c > > -+++ b/lib/fields.c > > -@@ -37,26 +37,22 @@ int valid_field (const char *field, const char *illegal) > > - > > - /* For each character of field, search if it appears in the list > > - * of illegal characters. */ > > -+ if (illegal && NULL != strpbrk (field, illegal)) { > > -+ return -1; > > -+ } > > -+ > > -+ /* Search if there are non-printable or control characters */ > > - for (cp = field; '\0' != *cp; cp++) { > > -- if (strchr (illegal, *cp) != NULL) { > > -+ unsigned char c = *cp; > > -+ if (!isprint (c)) { > > -+ err = 1; > > -+ } > > -+ if (iscntrl (c)) { > > - err = -1; > > - break; > > - } > > - } > > - > > -- if (0 == err) { > > -- /* Search if there are non-printable or control characters */ > > -- for (cp = field; '\0' != *cp; cp++) { > > -- if (!isprint (*cp)) { > > -- err = 1; > > -- } > > -- if (!iscntrl (*cp)) { > > -- err = -1; > > -- break; > > -- } > > -- } > > -- } > > -- > > - return err; > > - } > > - > > --- > > -2.34.1 > > - > > diff --git a/meta/recipes-extended/shadow/files/CVE-2023-29383.patch b/meta/recipes-extended/shadow/files/CVE-2023-29383.patch > > deleted file mode 100644 > > index f53341d3fc2..00000000000 > > --- a/meta/recipes-extended/shadow/files/CVE-2023-29383.patch > > +++ /dev/null > > @@ -1,53 +0,0 @@ > > -From e5905c4b84d4fb90aefcd96ee618411ebfac663d Mon Sep 17 00:00:00 2001 > > -From: tomspiderlabs <128755403+tomspiderlabs@users.noreply.github.com> > > -Date: Thu, 23 Mar 2023 23:39:38 +0000 > > -Subject: [PATCH] Added control character check > > - > > -Added control character check, returning -1 (to "err") if control characters are present. > > - > > -CVE: CVE-2023-29383 > > -Upstream-Status: Backport > > - > > -Reference to upstream: > > -https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d > > - > > -Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> > > ---- > > - lib/fields.c | 11 +++++++---- > > - 1 file changed, 7 insertions(+), 4 deletions(-) > > - > > -diff --git a/lib/fields.c b/lib/fields.c > > -index 640be931..fb51b582 100644 > > ---- a/lib/fields.c > > -+++ b/lib/fields.c > > -@@ -21,9 +21,9 @@ > > - * > > - * The supplied field is scanned for non-printable and other illegal > > - * characters. > > -- * + -1 is returned if an illegal character is present. > > -- * + 1 is returned if no illegal characters are present, but the field > > -- * contains a non-printable character. > > -+ * + -1 is returned if an illegal or control character is present. > > -+ * + 1 is returned if no illegal or control characters are present, > > -+ * but the field contains a non-printable character. > > - * + 0 is returned otherwise. > > - */ > > - int valid_field (const char *field, const char *illegal) > > -@@ -45,10 +45,13 @@ int valid_field (const char *field, const char *illegal) > > - } > > - > > - if (0 == err) { > > -- /* Search if there are some non-printable characters */ > > -+ /* Search if there are non-printable or control characters */ > > - for (cp = field; '\0' != *cp; cp++) { > > - if (!isprint (*cp)) { > > - err = 1; > > -+ } > > -+ if (!iscntrl (*cp)) { > > -+ err = -1; > > - break; > > - } > > - } > > --- > > -2.34.1 > > - > > diff --git a/meta/recipes-extended/shadow/files/CVE-2023-4641.patch b/meta/recipes-extended/shadow/files/CVE-2023-4641.patch > > deleted file mode 100644 > > index 1fabfe928e4..00000000000 > > --- a/meta/recipes-extended/shadow/files/CVE-2023-4641.patch > > +++ /dev/null > > @@ -1,147 +0,0 @@ > > -From 25dbe2ce166a13322b7536ff2f738786ea2e61e7 Mon Sep 17 00:00:00 2001 > > -From: Alejandro Colomar <alx@kernel.org> > > -Date: Sat, 10 Jun 2023 16:20:05 +0200 > > -Subject: [PATCH] gpasswd(1): Fix password leak > > - > > -How to trigger this password leak? > > -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > - > > -When gpasswd(1) asks for the new password, it asks twice (as is usual > > -for confirming the new password). Each of those 2 password prompts > > -uses agetpass() to get the password. If the second agetpass() fails, > > -the first password, which has been copied into the 'static' buffer > > -'pass' via STRFCPY(), wasn't being zeroed. > > - > > -agetpass() is defined in <./libmisc/agetpass.c> (around line 91), and > > -can fail for any of the following reasons: > > - > > -- malloc(3) or readpassphrase(3) failure. > > - > > - These are going to be difficult to trigger. Maybe getting the system > > - to the limits of memory utilization at that exact point, so that the > > - next malloc(3) gets ENOMEM, and possibly even the OOM is triggered. > > - About readpassphrase(3), ENFILE and EINTR seem the only plausible > > - ones, and EINTR probably requires privilege or being the same user; > > - but I wouldn't discard ENFILE so easily, if a process starts opening > > - files. > > - > > -- The password is longer than PASS_MAX. > > - > > - The is plausible with physical access. However, at that point, a > > - keylogger will be a much simpler attack. > > - > > -And, the attacker must be able to know when the second password is being > > -introduced, which is not going to be easy. > > - > > -How to read the password after the leak? > > -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > - > > -Provoking the leak yourself at the right point by entering a very long > > -password is easy, and inspecting the process stack at that point should > > -be doable. Try to find some consistent patterns. > > - > > -Then, search for those patterns in free memory, right after the victim > > -leaks their password. > > - > > -Once you get the leak, a program should read all the free memory > > -searching for patterns that gpasswd(1) leaves nearby the leaked > > -password. > > - > > -On 6/10/23 03:14, Seth Arnold wrote: > > -> An attacker process wouldn't be able to use malloc(3) for this task. > > -> There's a handful of tools available for userspace to allocate memory: > > -> > > -> - brk / sbrk > > -> - mmap MAP_ANONYMOUS > > -> - mmap /dev/zero > > -> - mmap some other file > > -> - shm_open > > -> - shmget > > -> > > -> Most of these return only pages of zeros to a process. Using mmap of an > > -> existing file, you can get some of the contents of the file demand-loaded > > -> into the memory space on the first use. > > -> > > -> The MAP_UNINITIALIZED flag only works if the kernel was compiled with > > -> CONFIG_MMAP_ALLOW_UNINITIALIZED. This is rare. > > -> > > -> malloc(3) doesn't zero memory, to our collective frustration, but all the > > -> garbage in the allocations is from previous allocations in the current > > -> process. It isn't leftover from other processes. > > -> > > -> The avenues available for reading the memory: > > -> - /dev/mem and /dev/kmem (requires root, not available with Secure Boot) > > -> - /proc/pid/mem (requires ptrace privileges, mediated by YAMA) > > -> - ptrace (requires ptrace privileges, mediated by YAMA) > > -> - causing memory to be swapped to disk, and then inspecting the swap > > -> > > -> These all require a certain amount of privileges. > > - > > -How to fix it? > > -~~~~~~~~~~~~~~ > > - > > -memzero(), which internally calls explicit_bzero(3), or whatever > > -alternative the system provides with a slightly different name, will > > -make sure that the buffer is zeroed in memory, and optimizations are not > > -allowed to impede this zeroing. > > - > > -This is not really 100% effective, since compilers may place copies of > > -the string somewhere hidden in the stack. Those copies won't get zeroed > > -by explicit_bzero(3). However, that's arguably a compiler bug, since > > -compilers should make everything possible to avoid optimizing strings > > -that are later passed to explicit_bzero(3). But we all know that > > -sometimes it's impossible to have perfect knowledge in the compiler, so > > -this is plausible. Nevertheless, there's nothing we can do against such > > -issues, except minimizing the time such passwords are stored in plain > > -text. > > - > > -Security concerns > > -~~~~~~~~~~~~~~~~~ > > - > > -We believe this isn't easy to exploit. Nevertheless, and since the fix > > -is trivial, this fix should probably be applied soon, and backported to > > -all supported distributions, to prevent someone else having more > > -imagination than us to find a way. > > - > > -Affected versions > > -~~~~~~~~~~~~~~~~~ > > - > > -All. Bug introduced in shadow 19990709. That's the second commit in > > -the git history. > > - > > -Fixes: 45c6603cc86c ("[svn-upgrade] Integrating new upstream version, shadow (19990709)") > > - > > -CVE: CVE-2023-4641 > > -Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/65c88a43a23c2391dcc90c0abda3e839e9c57904] > > - > > -Reported-by: Alejandro Colomar <alx@kernel.org> > > -Cc: Serge Hallyn <serge@hallyn.com> > > -Cc: Iker Pedrosa <ipedrosa@redhat.com> > > -Cc: Seth Arnold <seth.arnold@canonical.com> > > -Cc: Christian Brauner <christian@brauner.io> > > -Cc: Balint Reczey <rbalint@debian.org> > > -Cc: Sam James <sam@gentoo.org> > > -Cc: David Runge <dvzrv@archlinux.org> > > -Cc: Andreas Jaeger <aj@suse.de> > > -Cc: <~hallyn/shadow@lists.sr.ht> > > -Signed-off-by: Alejandro Colomar <alx@kernel.org> > > -Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> > > ---- > > - src/gpasswd.c | 1 + > > - 1 file changed, 1 insertion(+) > > - > > -diff --git a/src/gpasswd.c b/src/gpasswd.c > > -index 5983f787..2d8869ef 100644 > > ---- a/src/gpasswd.c > > -+++ b/src/gpasswd.c > > -@@ -896,6 +896,7 @@ static void change_passwd (struct group *gr) > > - strzero (cp); > > - cp = getpass (_("Re-enter new password: ")); > > - if (NULL == cp) { > > -+ memzero (pass, sizeof pass); > > - exit (1); > > - } > > - > > --- > > -2.34.1 > > - > > diff --git a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch > > index 85d91751056..4a932d2dbb1 100644 > > --- a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch > > +++ b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch > > @@ -1,4 +1,4 @@ > > -From 21583da072aa66901d859ac00ce209bac87ddecc Mon Sep 17 00:00:00 2001 > > +From a773c6b240d27e23d6be41decef0edf24fcee523 Mon Sep 17 00:00:00 2001 > > From: Chen Qi <Qi.Chen@windriver.com> > > Date: Thu, 17 Jul 2014 15:53:34 +0800 > > Subject: [PATCH] commonio.c-fix-unexpected-open-failure-in-chroot-env > > @@ -15,35 +15,37 @@ Note that this patch doesn't change the logic in the code, it just expands > > the codes. > > > > Signed-off-by: Chen Qi <Qi.Chen@windriver.com> > > - > > --- > > lib/commonio.c | 16 ++++++++++++---- > > 1 file changed, 12 insertions(+), 4 deletions(-) > > > > diff --git a/lib/commonio.c b/lib/commonio.c > > -index 9a02ce1..61384ec 100644 > > +index 73fdb3a..d1231e9 100644 > > --- a/lib/commonio.c > > +++ b/lib/commonio.c > > -@@ -616,10 +616,18 @@ int commonio_open (struct commonio_db *db, int mode) > > +@@ -606,10 +606,18 @@ int commonio_open (struct commonio_db *db, int mode) > > db->cursor = NULL; > > db->changed = false; > > > > - fd = open (db->filename, > > - (db->readonly ? O_RDONLY : O_RDWR) > > -- | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW); > > +- | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW | O_CLOEXEC); > > - saved_errno = errno; > > + if (db->readonly) { > > + fd = open (db->filename, > > + (true ? O_RDONLY : O_RDWR) > > -+ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW); > > ++ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW | O_CLOEXEC); > > + saved_errno = errno; > > + } else { > > + fd = open (db->filename, > > + (false ? O_RDONLY : O_RDWR) > > -+ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW); > > ++ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW| O_CLOEXEC); > > + saved_errno = errno; > > + } > > + > > db->fp = NULL; > > if (fd >= 0) { > > #ifdef WITH_TCB > > +-- > > +2.30.2 > > + > > diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc > > index ce3ce627156..c024746d4ff 100644 > > --- a/meta/recipes-extended/shadow/shadow.inc > > +++ b/meta/recipes-extended/shadow/shadow.inc > > @@ -5,7 +5,7 @@ BUGTRACKER = "http://github.com/shadow-maint/shadow/issues" > > SECTION = "base/utils" > > LICENSE = "BSD-3-Clause" > > LIC_FILES_CHKSUM = "file://COPYING;md5=c9a450b7be84eac23e6353efecb60b5b \ > > - file://src/passwd.c;beginline=2;endline=30;md5=758c26751513b6795395275969dd3be1 \ > > + file://src/passwd.c;beginline=2;endline=7;md5=67bcf314687820b2f010d4863fce3fc5 \ > > " > > > > DEPENDS = "virtual/crypt" > > @@ -14,10 +14,6 @@ GITHUB_BASE_URI = "https://github.com/shadow-maint/shadow/releases" > > SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BP}.tar.gz \ > > ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \ > > file://useradd \ > > - file://0001-Fix-can-not-print-full-login.patch \ > > - file://CVE-2023-29383.patch \ > > - file://0001-Overhaul-valid_field.patch \ > > - file://CVE-2023-4641.patch \ > > " > > > > SRC_URI:append:class-target = " \ > > @@ -26,14 +22,9 @@ SRC_URI:append:class-target = " \ > > " > > > > SRC_URI:append:class-native = " \ > > - file://0001-Disable-use-of-syslog-for-sysroot.patch \ > > file://commonio.c-fix-unexpected-open-failure-in-chroot-env.patch \ > > " > > -SRC_URI:append:class-nativesdk = " \ > > - file://0001-Disable-use-of-syslog-for-sysroot.patch \ > > - " > > -SRC_URI[sha256sum] = "813057047499c7fe81108adcf0cffa3ad4ec75e19a80151f9cbaa458ff2e86cd" > > - > > +SRC_URI[sha256sum] = "a305edf5d19bddbdf5e836d2d609fa8bff2d35458819de4d9f06306a1cf24342" > > > > # Additional Policy files for PAM > > PAM_SRC_URI = "file://pam.d/chfn \ > > @@ -44,7 +35,7 @@ PAM_SRC_URI = "file://pam.d/chfn \ > > file://pam.d/passwd \ > > file://pam.d/su" > > > > -inherit autotools gettext github-releases > > +inherit autotools gettext github-releases pkgconfig > > > > export CONFIG_SHELL="/bin/sh" > > > > @@ -54,6 +45,8 @@ EXTRA_OECONF += "--without-libcrack \ > > --without-sssd \ > > ${NSCDOPT}" > > > > +CFLAGS:append:libc-musl = " -DLIBBSD_OVERLAY" > > + > > NSCDOPT = "" > > NSCDOPT:class-native = "--without-nscd" > > NSCDOPT:class-nativesdk = "--without-nscd" > > @@ -73,13 +66,14 @@ PAM_PLUGINS = "libpam-runtime \ > > > > PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \ > > ${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}" > > -PACKAGECONFIG:class-native ??= "${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}" > > +PACKAGECONFIG:class-native ??= "${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)} libbsd" > > PACKAGECONFIG:class-nativesdk = "" > > PACKAGECONFIG[pam] = "--with-libpam,--without-libpam,libpam,${PAM_PLUGINS}" > > PACKAGECONFIG[attr] = "--with-attr,--without-attr,attr" > > PACKAGECONFIG[acl] = "--with-acl,--without-acl,acl" > > PACKAGECONFIG[audit] = "--with-audit,--without-audit,audit" > > PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux libsemanage" > > +PACKAGECONFIG[libbsd] = "--with-libbsd,--without-libbsd,libbsd" > > > > RDEPENDS:${PN} = "shadow-securetty \ > > base-passwd \ > > diff --git a/meta/recipes-extended/shadow/shadow_4.13.bb b/meta/recipes-extended/shadow/shadow_4.14.2.bb > > similarity index 100% > > rename from meta/recipes-extended/shadow/shadow_4.13.bb > > rename to meta/recipes-extended/shadow/shadow_4.14.2.bb > > > > -=-=-=-=-=-=-=-=-=-=-=- > > Links: You receive all messages sent to this group. > > View/Reply Online (#193542): https://lists.openembedded.org/g/openembedded-core/message/193542 > > Mute This Topic: https://lists.openembedded.org/mt/103661547/7304865 > > Group Owner: openembedded-core+owner@lists.openembedded.org > > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [Qi.Chen@eng.windriver.com] > > -=-=-=-=-=-=-=-=-=-=-=- > > >
On Fri, 2024-01-19 at 11:12 +0100, Alexander Kanavin wrote: > I just tried poky master on ubuntu 20.04, and the issues do not > appear. Do you have a custom setup? There is another report about issues from the shadow static linking change. I'm worried that there are now accesses to files with are out of sight of pseudo so that some combinations of builds are breaking. I'd forgotten about pseudo in the push to fix the various sstate issues. It is worrying we don't have good test cases for these. I've also been thinking about how we could solve it. My proposal is that we go back to dyanmic linking, however we add copies of the libs we need into the shadow-native populate_sysroot sstate/sysroot output in a special directory and we add that directory to the shadow binaries as a RUNPATH/RPATH. Cheers, Richard
On Fri, 19 Jan 2024 at 11:24, Richard Purdie <richard.purdie@linuxfoundation.org> wrote: > There is another report about issues from the shadow static linking > change. > > I'm worried that there are now accesses to files with are out of sight > of pseudo so that some combinations of builds are breaking. I'd > forgotten about pseudo in the push to fix the various sstate issues. It > is worrying we don't have good test cases for these. > > I've also been thinking about how we could solve it. My proposal is > that we go back to dyanmic linking, however we add copies of the libs > we need into the shadow-native populate_sysroot sstate/sysroot output > in a special directory and we add that directory to the shadow binaries > as a RUNPATH/RPATH. Sounds good. I'll make a patch for this. Static linking in C world is something of an 'obsolete technology', it isn't tested or supported by anyone really. Alex
I didn't do anything particular, but as several people are sharing the server, it's possible that its environment is somewhat messed up. I'll check more and fix the environment. Thanks for your double check. Regards, Qi -----Original Message----- From: Alexander Kanavin <alex.kanavin@gmail.com> Sent: Friday, January 19, 2024 6:12 PM To: Chen, Qi <Qi.Chen@windriver.com> Cc: openembedded-core@lists.openembedded.org; Alexander Kanavin <alex@linutronix.de> Subject: Re: [OE-core] [PATCH v3 1/2] shadow: update 4.13 -> 4.14.2 I just tried poky master on ubuntu 20.04, and the issues do not appear. Do you have a custom setup? Alex On Fri, 19 Jan 2024 at 04:06, ChenQi <Qi.Chen@windriver.com> wrote: > > I'm seeing build failures on Ubuntu 20.04. > GCC version: 9.4.0 > > 1. error: parameter name omitted > The problem is that the active_sessions_count function's definition > lacks parameter. I did change like below: > -unsigned long active_sessions_count(const char *name, unsigned long > unused) > +unsigned long active_sessions_count(const char *name, unsigned long > unused unused_parameter) > But then I observed another error, as shown below. > > 2. undefined reference to `dlsym'. > | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: > ../lib/.libs/libshadow.a(libshadow_la-nss.o): in function `nss_exit': > | nss.c:(.text+0x32): undefined reference to `dlclose' > | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: > ../lib/.libs/libshadow.a(libshadow_la-nss.o): in function `nss_init': > | nss.c:(.text+0x1dd): undefined reference to `dlopen' > | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: > nss.c:(.text+0x21c): undefined reference to `dlsym' > | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: > nss.c:(.text+0x237): undefined reference to `dlsym' > | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: > nss.c:(.text+0x253): undefined reference to `dlsym' > | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: > nss.c:(.text+0x365): undefined reference to `dlclose' > | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: > nss.c:(.text+0x3b2): undefined reference to `dlerror' > | collect2: error: ld returned 1 exit status > | make[2]: *** [Makefile:1130: su] Error 1 > > On Ubuntu22.04, there's no such issue. > > Regards, > Qi > > On 1/11/24 21:15, Alexander Kanavin wrote: > > License-Update: formatting, spdx conversion > > > > Drop: > > 0001-Disable-use-of-syslog-for-sysroot.patch > > (issue fixed upstream) > > > > 0001-Fix-can-not-print-full-login.patch > > 0001-Overhaul-valid_field.patch > > CVE-2023-29383.patch > > (backports) > > > > libbsd is a new native dependency, as otherwise glibc >= 2.38 is > > needed. > > > > A similar fix is added to musl in order to define non-standard __BEGIN_DECLS/__END_DECLS. > > > > Signed-off-by: Alexander Kanavin <alex@linutronix.de> > > --- > > ...01-Disable-use-of-syslog-for-sysroot.patch | 52 ------- > > .../0001-Fix-can-not-print-full-login.patch | 41 ----- > > .../files/0001-Overhaul-valid_field.patch | 65 -------- > > .../shadow/files/CVE-2023-29383.patch | 53 ------- > > .../shadow/files/CVE-2023-4641.patch | 147 ------------------ > > ...nexpected-open-failure-in-chroot-env.patch | 16 +- > > meta/recipes-extended/shadow/shadow.inc | 20 +-- > > .../{shadow_4.13.bb => shadow_4.14.2.bb} | 0 > > 8 files changed, 16 insertions(+), 378 deletions(-) > > delete mode 100644 meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch > > delete mode 100644 meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch > > delete mode 100644 meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch > > delete mode 100644 meta/recipes-extended/shadow/files/CVE-2023-29383.patch > > delete mode 100644 meta/recipes-extended/shadow/files/CVE-2023-4641.patch > > rename meta/recipes-extended/shadow/{shadow_4.13.bb => > > shadow_4.14.2.bb} (100%) > > > > diff --git > > a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for- > > sysroot.patch > > b/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for- > > sysroot.patch > > deleted file mode 100644 > > index fa1532c8317..00000000000 > > --- > > a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for- > > sysroot.patch > > +++ /dev/null > > @@ -1,52 +0,0 @@ > > -From 85d0444229ee3d14fefcf10d093f49c862826f82 Mon Sep 17 00:00:00 > > 2001 > > -From: Richard Purdie <richard.purdie@linuxfoundation.org> > > -Date: Thu, 14 Apr 2022 23:11:53 +0000 > > -Subject: [PATCH] Disable use of syslog for shadow-native tools > > - > > -Disable use of syslog to prevent sysroot user and group additions > > from -writing entries to the host's syslog. This patch should only > > be used -with the shadow-native recipe. > > - > > -Upstream-Status: Inappropriate [OE specific configuration] > > -Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> > > -Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> > > - > > ---- > > - configure.ac | 2 +- > > - src/login_nopam.c | 3 ++- > > - 2 files changed, 3 insertions(+), 2 deletions(-) > > - > > -diff --git a/configure.ac b/configure.ac -index 924254a..603af81 > > 100644 > > ---- a/configure.ac > > -+++ b/configure.ac > > -@@ -191,7 +191,7 @@ AC_DEFINE_UNQUOTED(PASSWD_PROGRAM, "$shadow_cv_passwd_dir/passwd", > > - [Path to passwd program.]) > > - > > - dnl XXX - quick hack, should disappear before anyone notices :). > > --AC_DEFINE(USE_SYSLOG, 1, [Define to use syslog().]) > > -+#AC_DEFINE(USE_SYSLOG, 1, [Define to use syslog().]) > > - if test "$ac_cv_func_ruserok" = "yes"; then > > - AC_DEFINE(RLOGIN, 1, [Define if login should support the -r flag for rlogind.]) > > - AC_DEFINE(RUSEROK, 0, [Define to the ruserok() "success" return value (0 or 1).]) > > -diff --git a/src/login_nopam.c b/src/login_nopam.c -index > > df6ba88..fc24e13 100644 > > ---- a/src/login_nopam.c > > -+++ b/src/login_nopam.c > > -@@ -29,7 +29,6 @@ > > - #ifndef USE_PAM > > - #ident "$Id$" > > - > > --#include "prototypes.h" > > - /* > > - * This module implements a simple but effective form of login access > > - * control based on login names and on host (or domain) names, internet > > -@@ -57,6 +56,8 @@ > > - #include <netinet/in.h> > > - #include <arpa/inet.h> /* for inet_ntoa() */ > > - > > -+#include "prototypes.h" > > -+ > > - #if !defined(MAXHOSTNAMELEN) || (MAXHOSTNAMELEN < 64) > > - #undef MAXHOSTNAMELEN > > - #define MAXHOSTNAMELEN 256 > > diff --git > > a/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-log > > in.patch > > b/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-log > > in.patch > > deleted file mode 100644 > > index 89f9c05c8d3..00000000000 > > --- > > a/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-log > > in.patch > > +++ /dev/null > > @@ -1,41 +0,0 @@ > > -commit 670cae834827a8f794e6f7464fa57790d911b63c > > -Author: SoumyaWind <121475834+SoumyaWind@users.noreply.github.com> > > -Date: Tue Dec 27 17:40:17 2022 +0530 > > - > > - shadow: Fix can not print full login timeout message > > - > > - Login timed out message prints only first few bytes when write is immediately followed by exit. > > - Calling exit from new handler provides enough time to display full message. > > - > > -Upstream-Status: Backport > > [https://github.com/shadow-maint/shadow/commit/670cae834827a8f794e6f > > 7464fa57790d911b63c] > > - > > -diff --git a/src/login.c b/src/login.c -index 116e2cb3..c55f4de0 > > 100644 > > ---- a/src/login.c > > -+++ b/src/login.c > > -@@ -120,6 +120,7 @@ static void get_pam_user (char **ptr_pam_user); > > - > > - static void init_env (void); > > - static void alarm_handler (int); > > -+static void exit_handler (int); > > - > > - /* > > - * usage - print login command usage and exit -@@ -391,11 +392,16 > > @@ static void init_env (void) > > - #endif /* !USE_PAM */ > > - } > > - > > -+static void exit_handler (unused int sig) { > > -+ _exit (0); > > -+} > > - > > - static void alarm_handler (unused int sig) > > - { > > - write (STDERR_FILENO, tmsg, strlen (tmsg)); > > -- _exit (0); > > -+ signal(SIGALRM, exit_handler); > > -+ alarm(2); > > - } > > - > > - #ifdef USE_PAM > > diff --git > > a/meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch > > b/meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch > > deleted file mode 100644 > > index ac08be515bf..00000000000 > > --- > > a/meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch > > +++ /dev/null > > @@ -1,65 +0,0 @@ > > -From 2eaea70111f65b16d55998386e4ceb4273c19eb4 Mon Sep 17 00:00:00 > > 2001 > > -From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= > > <cgzones@googlemail.com> > > -Date: Fri, 31 Mar 2023 14:46:50 +0200 > > -Subject: [PATCH] Overhaul valid_field() > > - > > -e5905c4b ("Added control character check") introduced checking for > > -control characters but had the logic inverted, so it rejects all > > -characters that are not control ones. > > - > > -Cast the character to `unsigned char` before passing to the > > character -checking functions to avoid UB. > > - > > -Use strpbrk(3) for the illegal character test and return early. > > - > > -Upstream-Status: Backport > > [https://github.com/shadow-maint/shadow/commit/2eaea70111f65b16d5599 > > 8386e4ceb4273c19eb4] > > - > > -Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> > > ---- > > - lib/fields.c | 24 ++++++++++-------------- > > - 1 file changed, 10 insertions(+), 14 deletions(-) > > - > > -diff --git a/lib/fields.c b/lib/fields.c -index fb51b582..53929248 > > 100644 > > ---- a/lib/fields.c > > -+++ b/lib/fields.c > > -@@ -37,26 +37,22 @@ int valid_field (const char *field, const char > > *illegal) > > - > > - /* For each character of field, search if it appears in the list > > - * of illegal characters. */ > > -+ if (illegal && NULL != strpbrk (field, illegal)) { > > -+ return -1; > > -+ } > > -+ > > -+ /* Search if there are non-printable or control characters */ > > - for (cp = field; '\0' != *cp; cp++) { > > -- if (strchr (illegal, *cp) != NULL) { > > -+ unsigned char c = *cp; > > -+ if (!isprint (c)) { > > -+ err = 1; > > -+ } > > -+ if (iscntrl (c)) { > > - err = -1; > > - break; > > - } > > - } > > - > > -- if (0 == err) { > > -- /* Search if there are non-printable or control characters */ > > -- for (cp = field; '\0' != *cp; cp++) { > > -- if (!isprint (*cp)) { > > -- err = 1; > > -- } > > -- if (!iscntrl (*cp)) { > > -- err = -1; > > -- break; > > -- } > > -- } > > -- } > > -- > > - return err; > > - } > > - > > --- > > -2.34.1 > > - > > diff --git a/meta/recipes-extended/shadow/files/CVE-2023-29383.patch > > b/meta/recipes-extended/shadow/files/CVE-2023-29383.patch > > deleted file mode 100644 > > index f53341d3fc2..00000000000 > > --- a/meta/recipes-extended/shadow/files/CVE-2023-29383.patch > > +++ /dev/null > > @@ -1,53 +0,0 @@ > > -From e5905c4b84d4fb90aefcd96ee618411ebfac663d Mon Sep 17 00:00:00 > > 2001 > > -From: tomspiderlabs > > <128755403+tomspiderlabs@users.noreply.github.com> > > -Date: Thu, 23 Mar 2023 23:39:38 +0000 > > -Subject: [PATCH] Added control character check > > - > > -Added control character check, returning -1 (to "err") if control characters are present. > > - > > -CVE: CVE-2023-29383 > > -Upstream-Status: Backport > > - > > -Reference to upstream: > > -https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd > > 96ee618411ebfac663d > > - > > -Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> > > ---- > > - lib/fields.c | 11 +++++++---- > > - 1 file changed, 7 insertions(+), 4 deletions(-) > > - > > -diff --git a/lib/fields.c b/lib/fields.c -index 640be931..fb51b582 > > 100644 > > ---- a/lib/fields.c > > -+++ b/lib/fields.c > > -@@ -21,9 +21,9 @@ > > - * > > - * The supplied field is scanned for non-printable and other > > illegal > > - * characters. > > -- * + -1 is returned if an illegal character is present. > > -- * + 1 is returned if no illegal characters are present, but the field > > -- * contains a non-printable character. > > -+ * + -1 is returned if an illegal or control character is present. > > -+ * + 1 is returned if no illegal or control characters are present, > > -+ * but the field contains a non-printable character. > > - * + 0 is returned otherwise. > > - */ > > - int valid_field (const char *field, const char *illegal) -@@ > > -45,10 +45,13 @@ int valid_field (const char *field, const char *illegal) > > - } > > - > > - if (0 == err) { > > -- /* Search if there are some non-printable characters */ > > -+ /* Search if there are non-printable or control > > -+ characters */ > > - for (cp = field; '\0' != *cp; cp++) { > > - if (!isprint (*cp)) { > > - err = 1; > > -+ } > > -+ if (!iscntrl (*cp)) { > > -+ err = -1; > > - break; > > - } > > - } > > --- > > -2.34.1 > > - > > diff --git a/meta/recipes-extended/shadow/files/CVE-2023-4641.patch > > b/meta/recipes-extended/shadow/files/CVE-2023-4641.patch > > deleted file mode 100644 > > index 1fabfe928e4..00000000000 > > --- a/meta/recipes-extended/shadow/files/CVE-2023-4641.patch > > +++ /dev/null > > @@ -1,147 +0,0 @@ > > -From 25dbe2ce166a13322b7536ff2f738786ea2e61e7 Mon Sep 17 00:00:00 > > 2001 > > -From: Alejandro Colomar <alx@kernel.org> > > -Date: Sat, 10 Jun 2023 16:20:05 +0200 > > -Subject: [PATCH] gpasswd(1): Fix password leak > > - > > -How to trigger this password leak? > > -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > - > > -When gpasswd(1) asks for the new password, it asks twice (as is > > usual -for confirming the new password). Each of those 2 password > > prompts -uses agetpass() to get the password. If the second > > agetpass() fails, -the first password, which has been copied into > > the 'static' buffer -'pass' via STRFCPY(), wasn't being zeroed. > > - > > -agetpass() is defined in <./libmisc/agetpass.c> (around line 91), > > and -can fail for any of the following reasons: > > - > > -- malloc(3) or readpassphrase(3) failure. > > - > > - These are going to be difficult to trigger. Maybe getting the system > > - to the limits of memory utilization at that exact point, so that the > > - next malloc(3) gets ENOMEM, and possibly even the OOM is triggered. > > - About readpassphrase(3), ENFILE and EINTR seem the only plausible > > - ones, and EINTR probably requires privilege or being the same user; > > - but I wouldn't discard ENFILE so easily, if a process starts opening > > - files. > > - > > -- The password is longer than PASS_MAX. > > - > > - The is plausible with physical access. However, at that point, a > > - keylogger will be a much simpler attack. > > - > > -And, the attacker must be able to know when the second password is > > being -introduced, which is not going to be easy. > > - > > -How to read the password after the leak? > > -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > - > > -Provoking the leak yourself at the right point by entering a very > > long -password is easy, and inspecting the process stack at that > > point should -be doable. Try to find some consistent patterns. > > - > > -Then, search for those patterns in free memory, right after the > > victim -leaks their password. > > - > > -Once you get the leak, a program should read all the free memory > > -searching for patterns that gpasswd(1) leaves nearby the leaked > > -password. > > - > > -On 6/10/23 03:14, Seth Arnold wrote: > > -> An attacker process wouldn't be able to use malloc(3) for this task. > > -> There's a handful of tools available for userspace to allocate memory: > > -> > > -> - brk / sbrk > > -> - mmap MAP_ANONYMOUS > > -> - mmap /dev/zero > > -> - mmap some other file > > -> - shm_open > > -> - shmget > > -> > > -> Most of these return only pages of zeros to a process. Using > > -> mmap of an existing file, you can get some of the contents of the > > -> file demand-loaded into the memory space on the first use. > > -> > > -> The MAP_UNINITIALIZED flag only works if the kernel was compiled > > -> with CONFIG_MMAP_ALLOW_UNINITIALIZED. This is rare. > > -> > > -> malloc(3) doesn't zero memory, to our collective frustration, but > > -> all the garbage in the allocations is from previous allocations > > -> in the current process. It isn't leftover from other processes. > > -> > > -> The avenues available for reading the memory: > > -> - /dev/mem and /dev/kmem (requires root, not available with > > -> Secure Boot) > > -> - /proc/pid/mem (requires ptrace privileges, mediated by YAMA) > > -> - ptrace (requires ptrace privileges, mediated by YAMA) > > -> - causing memory to be swapped to disk, and then inspecting the > > -> swap > > -> > > -> These all require a certain amount of privileges. > > - > > -How to fix it? > > -~~~~~~~~~~~~~~ > > - > > -memzero(), which internally calls explicit_bzero(3), or whatever > > -alternative the system provides with a slightly different name, > > will -make sure that the buffer is zeroed in memory, and > > optimizations are not -allowed to impede this zeroing. > > - > > -This is not really 100% effective, since compilers may place copies > > of -the string somewhere hidden in the stack. Those copies won't > > get zeroed -by explicit_bzero(3). However, that's arguably a > > compiler bug, since -compilers should make everything possible to > > avoid optimizing strings -that are later passed to > > explicit_bzero(3). But we all know that -sometimes it's impossible > > to have perfect knowledge in the compiler, so -this is plausible. > > Nevertheless, there's nothing we can do against such -issues, except > > minimizing the time such passwords are stored in plain -text. > > - > > -Security concerns > > -~~~~~~~~~~~~~~~~~ > > - > > -We believe this isn't easy to exploit. Nevertheless, and since the > > fix -is trivial, this fix should probably be applied soon, and > > backported to -all supported distributions, to prevent someone else > > having more -imagination than us to find a way. > > - > > -Affected versions > > -~~~~~~~~~~~~~~~~~ > > - > > -All. Bug introduced in shadow 19990709. That's the second commit > > in -the git history. > > - > > -Fixes: 45c6603cc86c ("[svn-upgrade] Integrating new upstream > > version, shadow (19990709)") > > - > > -CVE: CVE-2023-4641 > > -Upstream-Status: Backport > > [https://github.com/shadow-maint/shadow/commit/65c88a43a23c2391dcc90 > > c0abda3e839e9c57904] > > - > > -Reported-by: Alejandro Colomar <alx@kernel.org> > > -Cc: Serge Hallyn <serge@hallyn.com> > > -Cc: Iker Pedrosa <ipedrosa@redhat.com> > > -Cc: Seth Arnold <seth.arnold@canonical.com> > > -Cc: Christian Brauner <christian@brauner.io> > > -Cc: Balint Reczey <rbalint@debian.org> > > -Cc: Sam James <sam@gentoo.org> > > -Cc: David Runge <dvzrv@archlinux.org> > > -Cc: Andreas Jaeger <aj@suse.de> > > -Cc: <~hallyn/shadow@lists.sr.ht> > > -Signed-off-by: Alejandro Colomar <alx@kernel.org> > > -Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> > > ---- > > - src/gpasswd.c | 1 + > > - 1 file changed, 1 insertion(+) > > - > > -diff --git a/src/gpasswd.c b/src/gpasswd.c -index > > 5983f787..2d8869ef 100644 > > ---- a/src/gpasswd.c > > -+++ b/src/gpasswd.c > > -@@ -896,6 +896,7 @@ static void change_passwd (struct group *gr) > > - strzero (cp); > > - cp = getpass (_("Re-enter new password: ")); > > - if (NULL == cp) { > > -+ memzero (pass, sizeof pass); > > - exit (1); > > - } > > - > > --- > > -2.34.1 > > - > > diff --git > > a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open- > > failure-in-chroot-env.patch > > b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open- > > failure-in-chroot-env.patch index 85d91751056..4a932d2dbb1 100644 > > --- > > a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open- > > failure-in-chroot-env.patch > > +++ b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-o > > +++ pen-failure-in-chroot-env.patch > > @@ -1,4 +1,4 @@ > > -From 21583da072aa66901d859ac00ce209bac87ddecc Mon Sep 17 00:00:00 > > 2001 > > +From a773c6b240d27e23d6be41decef0edf24fcee523 Mon Sep 17 00:00:00 > > +2001 > > From: Chen Qi <Qi.Chen@windriver.com> > > Date: Thu, 17 Jul 2014 15:53:34 +0800 > > Subject: [PATCH] > > commonio.c-fix-unexpected-open-failure-in-chroot-env > > @@ -15,35 +15,37 @@ Note that this patch doesn't change the logic in the code, it just expands > > the codes. > > > > Signed-off-by: Chen Qi <Qi.Chen@windriver.com> > > - > > --- > > lib/commonio.c | 16 ++++++++++++---- > > 1 file changed, 12 insertions(+), 4 deletions(-) > > > > diff --git a/lib/commonio.c b/lib/commonio.c -index > > 9a02ce1..61384ec 100644 > > +index 73fdb3a..d1231e9 100644 > > --- a/lib/commonio.c > > +++ b/lib/commonio.c > > -@@ -616,10 +616,18 @@ int commonio_open (struct commonio_db *db, > > int mode) > > +@@ -606,10 +606,18 @@ int commonio_open (struct commonio_db *db, > > +int mode) > > db->cursor = NULL; > > db->changed = false; > > > > - fd = open (db->filename, > > - (db->readonly ? O_RDONLY : O_RDWR) > > -- | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW); > > +- | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW | O_CLOEXEC); > > - saved_errno = errno; > > + if (db->readonly) { > > + fd = open (db->filename, > > + (true ? O_RDONLY : O_RDWR) > > -+ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW); > > ++ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW | > > ++ O_CLOEXEC); > > + saved_errno = errno; > > + } else { > > + fd = open (db->filename, > > + (false ? O_RDONLY : O_RDWR) > > -+ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW); > > ++ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW| > > ++ O_CLOEXEC); > > + saved_errno = errno; > > + } > > + > > db->fp = NULL; > > if (fd >= 0) { > > #ifdef WITH_TCB > > +-- > > +2.30.2 > > + > > diff --git a/meta/recipes-extended/shadow/shadow.inc > > b/meta/recipes-extended/shadow/shadow.inc > > index ce3ce627156..c024746d4ff 100644 > > --- a/meta/recipes-extended/shadow/shadow.inc > > +++ b/meta/recipes-extended/shadow/shadow.inc > > @@ -5,7 +5,7 @@ BUGTRACKER = "http://github.com/shadow-maint/shadow/issues" > > SECTION = "base/utils" > > LICENSE = "BSD-3-Clause" > > LIC_FILES_CHKSUM = "file://COPYING;md5=c9a450b7be84eac23e6353efecb60b5b \ > > - file://src/passwd.c;beginline=2;endline=30;md5=758c26751513b6795395275969dd3be1 \ > > + > > + file://src/passwd.c;beginline=2;endline=7;md5=67bcf314687820b2f010 > > + d4863fce3fc5 \ > > " > > > > DEPENDS = "virtual/crypt" > > @@ -14,10 +14,6 @@ GITHUB_BASE_URI = "https://github.com/shadow-maint/shadow/releases" > > SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BP}.tar.gz \ > > ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \ > > file://useradd \ > > - file://0001-Fix-can-not-print-full-login.patch \ > > - file://CVE-2023-29383.patch \ > > - file://0001-Overhaul-valid_field.patch \ > > - file://CVE-2023-4641.patch \ > > " > > > > SRC_URI:append:class-target = " \ > > @@ -26,14 +22,9 @@ SRC_URI:append:class-target = " \ > > " > > > > SRC_URI:append:class-native = " \ > > - file://0001-Disable-use-of-syslog-for-sysroot.patch \ > > file://commonio.c-fix-unexpected-open-failure-in-chroot-env.patch \ > > " > > -SRC_URI:append:class-nativesdk = " \ > > - file://0001-Disable-use-of-syslog-for-sysroot.patch \ > > - " > > -SRC_URI[sha256sum] = "813057047499c7fe81108adcf0cffa3ad4ec75e19a80151f9cbaa458ff2e86cd" > > - > > +SRC_URI[sha256sum] = "a305edf5d19bddbdf5e836d2d609fa8bff2d35458819de4d9f06306a1cf24342" > > > > # Additional Policy files for PAM > > PAM_SRC_URI = "file://pam.d/chfn \ @@ -44,7 +35,7 @@ PAM_SRC_URI = > > "file://pam.d/chfn \ > > file://pam.d/passwd \ > > file://pam.d/su" > > > > -inherit autotools gettext github-releases > > +inherit autotools gettext github-releases pkgconfig > > > > export CONFIG_SHELL="/bin/sh" > > > > @@ -54,6 +45,8 @@ EXTRA_OECONF += "--without-libcrack \ > > --without-sssd \ > > ${NSCDOPT}" > > > > +CFLAGS:append:libc-musl = " -DLIBBSD_OVERLAY" > > + > > NSCDOPT = "" > > NSCDOPT:class-native = "--without-nscd" > > NSCDOPT:class-nativesdk = "--without-nscd" > > @@ -73,13 +66,14 @@ PAM_PLUGINS = "libpam-runtime \ > > > > PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \ > > ${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}" > > -PACKAGECONFIG:class-native ??= "${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}" > > +PACKAGECONFIG:class-native ??= "${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)} libbsd" > > PACKAGECONFIG:class-nativesdk = "" > > PACKAGECONFIG[pam] = "--with-libpam,--without-libpam,libpam,${PAM_PLUGINS}" > > PACKAGECONFIG[attr] = "--with-attr,--without-attr,attr" > > PACKAGECONFIG[acl] = "--with-acl,--without-acl,acl" > > PACKAGECONFIG[audit] = "--with-audit,--without-audit,audit" > > PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux libsemanage" > > +PACKAGECONFIG[libbsd] = "--with-libbsd,--without-libbsd,libbsd" > > > > RDEPENDS:${PN} = "shadow-securetty \ > > base-passwd \ > > diff --git a/meta/recipes-extended/shadow/shadow_4.13.bb > > b/meta/recipes-extended/shadow/shadow_4.14.2.bb > > similarity index 100% > > rename from meta/recipes-extended/shadow/shadow_4.13.bb > > rename to meta/recipes-extended/shadow/shadow_4.14.2.bb > > > > -=-=-=-=-=-=-=-=-=-=-=- > > Links: You receive all messages sent to this group. > > View/Reply Online (#193542): > > https://lists.openembedded.org/g/openembedded-core/message/193542 > > Mute This Topic: https://lists.openembedded.org/mt/103661547/7304865 > > Group Owner: openembedded-core+owner@lists.openembedded.org > > Unsubscribe: > > https://lists.openembedded.org/g/openembedded-core/unsub > > [Qi.Chen@eng.windriver.com] > > -=-=-=-=-=-=-=-=-=-=-=- > > >
I've seen issues where static libraries built on one host were not usable on a different host with default compiler options. This may be another one of these. We're reverting to dynamic linking with libraries in a custom directory in sysroot that would be bundled together with shadow-native proper. Patch is coming. Alex On Fri, 19 Jan 2024 at 13:13, Chen, Qi <Qi.Chen@windriver.com> wrote: > > I didn't do anything particular, but as several people are sharing the server, it's possible that its environment is somewhat messed up. I'll check more and fix the environment. Thanks for your double check. > > Regards, > Qi > > -----Original Message----- > From: Alexander Kanavin <alex.kanavin@gmail.com> > Sent: Friday, January 19, 2024 6:12 PM > To: Chen, Qi <Qi.Chen@windriver.com> > Cc: openembedded-core@lists.openembedded.org; Alexander Kanavin <alex@linutronix.de> > Subject: Re: [OE-core] [PATCH v3 1/2] shadow: update 4.13 -> 4.14.2 > > I just tried poky master on ubuntu 20.04, and the issues do not appear. Do you have a custom setup? > > Alex > > On Fri, 19 Jan 2024 at 04:06, ChenQi <Qi.Chen@windriver.com> wrote: > > > > I'm seeing build failures on Ubuntu 20.04. > > GCC version: 9.4.0 > > > > 1. error: parameter name omitted > > The problem is that the active_sessions_count function's definition > > lacks parameter. I did change like below: > > -unsigned long active_sessions_count(const char *name, unsigned long > > unused) > > +unsigned long active_sessions_count(const char *name, unsigned long > > unused unused_parameter) > > But then I observed another error, as shown below. > > > > 2. undefined reference to `dlsym'. > > | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: > > ../lib/.libs/libshadow.a(libshadow_la-nss.o): in function `nss_exit': > > | nss.c:(.text+0x32): undefined reference to `dlclose' > > | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: > > ../lib/.libs/libshadow.a(libshadow_la-nss.o): in function `nss_init': > > | nss.c:(.text+0x1dd): undefined reference to `dlopen' > > | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: > > nss.c:(.text+0x21c): undefined reference to `dlsym' > > | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: > > nss.c:(.text+0x237): undefined reference to `dlsym' > > | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: > > nss.c:(.text+0x253): undefined reference to `dlsym' > > | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: > > nss.c:(.text+0x365): undefined reference to `dlclose' > > | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: > > nss.c:(.text+0x3b2): undefined reference to `dlerror' > > | collect2: error: ld returned 1 exit status > > | make[2]: *** [Makefile:1130: su] Error 1 > > > > On Ubuntu22.04, there's no such issue. > > > > Regards, > > Qi > > > > On 1/11/24 21:15, Alexander Kanavin wrote: > > > License-Update: formatting, spdx conversion > > > > > > Drop: > > > 0001-Disable-use-of-syslog-for-sysroot.patch > > > (issue fixed upstream) > > > > > > 0001-Fix-can-not-print-full-login.patch > > > 0001-Overhaul-valid_field.patch > > > CVE-2023-29383.patch > > > (backports) > > > > > > libbsd is a new native dependency, as otherwise glibc >= 2.38 is > > > needed. > > > > > > A similar fix is added to musl in order to define non-standard __BEGIN_DECLS/__END_DECLS. > > > > > > Signed-off-by: Alexander Kanavin <alex@linutronix.de> > > > --- > > > ...01-Disable-use-of-syslog-for-sysroot.patch | 52 ------- > > > .../0001-Fix-can-not-print-full-login.patch | 41 ----- > > > .../files/0001-Overhaul-valid_field.patch | 65 -------- > > > .../shadow/files/CVE-2023-29383.patch | 53 ------- > > > .../shadow/files/CVE-2023-4641.patch | 147 ------------------ > > > ...nexpected-open-failure-in-chroot-env.patch | 16 +- > > > meta/recipes-extended/shadow/shadow.inc | 20 +-- > > > .../{shadow_4.13.bb => shadow_4.14.2.bb} | 0 > > > 8 files changed, 16 insertions(+), 378 deletions(-) > > > delete mode 100644 meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch > > > delete mode 100644 meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch > > > delete mode 100644 meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch > > > delete mode 100644 meta/recipes-extended/shadow/files/CVE-2023-29383.patch > > > delete mode 100644 meta/recipes-extended/shadow/files/CVE-2023-4641.patch > > > rename meta/recipes-extended/shadow/{shadow_4.13.bb => > > > shadow_4.14.2.bb} (100%) > > > > > > diff --git > > > a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for- > > > sysroot.patch > > > b/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for- > > > sysroot.patch > > > deleted file mode 100644 > > > index fa1532c8317..00000000000 > > > --- > > > a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for- > > > sysroot.patch > > > +++ /dev/null > > > @@ -1,52 +0,0 @@ > > > -From 85d0444229ee3d14fefcf10d093f49c862826f82 Mon Sep 17 00:00:00 > > > 2001 > > > -From: Richard Purdie <richard.purdie@linuxfoundation.org> > > > -Date: Thu, 14 Apr 2022 23:11:53 +0000 > > > -Subject: [PATCH] Disable use of syslog for shadow-native tools > > > - > > > -Disable use of syslog to prevent sysroot user and group additions > > > from -writing entries to the host's syslog. This patch should only > > > be used -with the shadow-native recipe. > > > - > > > -Upstream-Status: Inappropriate [OE specific configuration] > > > -Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> > > > -Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> > > > - > > > ---- > > > - configure.ac | 2 +- > > > - src/login_nopam.c | 3 ++- > > > - 2 files changed, 3 insertions(+), 2 deletions(-) > > > - > > > -diff --git a/configure.ac b/configure.ac -index 924254a..603af81 > > > 100644 > > > ---- a/configure.ac > > > -+++ b/configure.ac > > > -@@ -191,7 +191,7 @@ AC_DEFINE_UNQUOTED(PASSWD_PROGRAM, "$shadow_cv_passwd_dir/passwd", > > > - [Path to passwd program.]) > > > - > > > - dnl XXX - quick hack, should disappear before anyone notices :). > > > --AC_DEFINE(USE_SYSLOG, 1, [Define to use syslog().]) > > > -+#AC_DEFINE(USE_SYSLOG, 1, [Define to use syslog().]) > > > - if test "$ac_cv_func_ruserok" = "yes"; then > > > - AC_DEFINE(RLOGIN, 1, [Define if login should support the -r flag for rlogind.]) > > > - AC_DEFINE(RUSEROK, 0, [Define to the ruserok() "success" return value (0 or 1).]) > > > -diff --git a/src/login_nopam.c b/src/login_nopam.c -index > > > df6ba88..fc24e13 100644 > > > ---- a/src/login_nopam.c > > > -+++ b/src/login_nopam.c > > > -@@ -29,7 +29,6 @@ > > > - #ifndef USE_PAM > > > - #ident "$Id$" > > > - > > > --#include "prototypes.h" > > > - /* > > > - * This module implements a simple but effective form of login access > > > - * control based on login names and on host (or domain) names, internet > > > -@@ -57,6 +56,8 @@ > > > - #include <netinet/in.h> > > > - #include <arpa/inet.h> /* for inet_ntoa() */ > > > - > > > -+#include "prototypes.h" > > > -+ > > > - #if !defined(MAXHOSTNAMELEN) || (MAXHOSTNAMELEN < 64) > > > - #undef MAXHOSTNAMELEN > > > - #define MAXHOSTNAMELEN 256 > > > diff --git > > > a/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-log > > > in.patch > > > b/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-log > > > in.patch > > > deleted file mode 100644 > > > index 89f9c05c8d3..00000000000 > > > --- > > > a/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-log > > > in.patch > > > +++ /dev/null > > > @@ -1,41 +0,0 @@ > > > -commit 670cae834827a8f794e6f7464fa57790d911b63c > > > -Author: SoumyaWind <121475834+SoumyaWind@users.noreply.github.com> > > > -Date: Tue Dec 27 17:40:17 2022 +0530 > > > - > > > - shadow: Fix can not print full login timeout message > > > - > > > - Login timed out message prints only first few bytes when write is immediately followed by exit. > > > - Calling exit from new handler provides enough time to display full message. > > > - > > > -Upstream-Status: Backport > > > [https://github.com/shadow-maint/shadow/commit/670cae834827a8f794e6f > > > 7464fa57790d911b63c] > > > - > > > -diff --git a/src/login.c b/src/login.c -index 116e2cb3..c55f4de0 > > > 100644 > > > ---- a/src/login.c > > > -+++ b/src/login.c > > > -@@ -120,6 +120,7 @@ static void get_pam_user (char **ptr_pam_user); > > > - > > > - static void init_env (void); > > > - static void alarm_handler (int); > > > -+static void exit_handler (int); > > > - > > > - /* > > > - * usage - print login command usage and exit -@@ -391,11 +392,16 > > > @@ static void init_env (void) > > > - #endif /* !USE_PAM */ > > > - } > > > - > > > -+static void exit_handler (unused int sig) { > > > -+ _exit (0); > > > -+} > > > - > > > - static void alarm_handler (unused int sig) > > > - { > > > - write (STDERR_FILENO, tmsg, strlen (tmsg)); > > > -- _exit (0); > > > -+ signal(SIGALRM, exit_handler); > > > -+ alarm(2); > > > - } > > > - > > > - #ifdef USE_PAM > > > diff --git > > > a/meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch > > > b/meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch > > > deleted file mode 100644 > > > index ac08be515bf..00000000000 > > > --- > > > a/meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch > > > +++ /dev/null > > > @@ -1,65 +0,0 @@ > > > -From 2eaea70111f65b16d55998386e4ceb4273c19eb4 Mon Sep 17 00:00:00 > > > 2001 > > > -From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= > > > <cgzones@googlemail.com> > > > -Date: Fri, 31 Mar 2023 14:46:50 +0200 > > > -Subject: [PATCH] Overhaul valid_field() > > > - > > > -e5905c4b ("Added control character check") introduced checking for > > > -control characters but had the logic inverted, so it rejects all > > > -characters that are not control ones. > > > - > > > -Cast the character to `unsigned char` before passing to the > > > character -checking functions to avoid UB. > > > - > > > -Use strpbrk(3) for the illegal character test and return early. > > > - > > > -Upstream-Status: Backport > > > [https://github.com/shadow-maint/shadow/commit/2eaea70111f65b16d5599 > > > 8386e4ceb4273c19eb4] > > > - > > > -Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> > > > ---- > > > - lib/fields.c | 24 ++++++++++-------------- > > > - 1 file changed, 10 insertions(+), 14 deletions(-) > > > - > > > -diff --git a/lib/fields.c b/lib/fields.c -index fb51b582..53929248 > > > 100644 > > > ---- a/lib/fields.c > > > -+++ b/lib/fields.c > > > -@@ -37,26 +37,22 @@ int valid_field (const char *field, const char > > > *illegal) > > > - > > > - /* For each character of field, search if it appears in the list > > > - * of illegal characters. */ > > > -+ if (illegal && NULL != strpbrk (field, illegal)) { > > > -+ return -1; > > > -+ } > > > -+ > > > -+ /* Search if there are non-printable or control characters */ > > > - for (cp = field; '\0' != *cp; cp++) { > > > -- if (strchr (illegal, *cp) != NULL) { > > > -+ unsigned char c = *cp; > > > -+ if (!isprint (c)) { > > > -+ err = 1; > > > -+ } > > > -+ if (iscntrl (c)) { > > > - err = -1; > > > - break; > > > - } > > > - } > > > - > > > -- if (0 == err) { > > > -- /* Search if there are non-printable or control characters */ > > > -- for (cp = field; '\0' != *cp; cp++) { > > > -- if (!isprint (*cp)) { > > > -- err = 1; > > > -- } > > > -- if (!iscntrl (*cp)) { > > > -- err = -1; > > > -- break; > > > -- } > > > -- } > > > -- } > > > -- > > > - return err; > > > - } > > > - > > > --- > > > -2.34.1 > > > - > > > diff --git a/meta/recipes-extended/shadow/files/CVE-2023-29383.patch > > > b/meta/recipes-extended/shadow/files/CVE-2023-29383.patch > > > deleted file mode 100644 > > > index f53341d3fc2..00000000000 > > > --- a/meta/recipes-extended/shadow/files/CVE-2023-29383.patch > > > +++ /dev/null > > > @@ -1,53 +0,0 @@ > > > -From e5905c4b84d4fb90aefcd96ee618411ebfac663d Mon Sep 17 00:00:00 > > > 2001 > > > -From: tomspiderlabs > > > <128755403+tomspiderlabs@users.noreply.github.com> > > > -Date: Thu, 23 Mar 2023 23:39:38 +0000 > > > -Subject: [PATCH] Added control character check > > > - > > > -Added control character check, returning -1 (to "err") if control characters are present. > > > - > > > -CVE: CVE-2023-29383 > > > -Upstream-Status: Backport > > > - > > > -Reference to upstream: > > > -https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd > > > 96ee618411ebfac663d > > > - > > > -Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> > > > ---- > > > - lib/fields.c | 11 +++++++---- > > > - 1 file changed, 7 insertions(+), 4 deletions(-) > > > - > > > -diff --git a/lib/fields.c b/lib/fields.c -index 640be931..fb51b582 > > > 100644 > > > ---- a/lib/fields.c > > > -+++ b/lib/fields.c > > > -@@ -21,9 +21,9 @@ > > > - * > > > - * The supplied field is scanned for non-printable and other > > > illegal > > > - * characters. > > > -- * + -1 is returned if an illegal character is present. > > > -- * + 1 is returned if no illegal characters are present, but the field > > > -- * contains a non-printable character. > > > -+ * + -1 is returned if an illegal or control character is present. > > > -+ * + 1 is returned if no illegal or control characters are present, > > > -+ * but the field contains a non-printable character. > > > - * + 0 is returned otherwise. > > > - */ > > > - int valid_field (const char *field, const char *illegal) -@@ > > > -45,10 +45,13 @@ int valid_field (const char *field, const char *illegal) > > > - } > > > - > > > - if (0 == err) { > > > -- /* Search if there are some non-printable characters */ > > > -+ /* Search if there are non-printable or control > > > -+ characters */ > > > - for (cp = field; '\0' != *cp; cp++) { > > > - if (!isprint (*cp)) { > > > - err = 1; > > > -+ } > > > -+ if (!iscntrl (*cp)) { > > > -+ err = -1; > > > - break; > > > - } > > > - } > > > --- > > > -2.34.1 > > > - > > > diff --git a/meta/recipes-extended/shadow/files/CVE-2023-4641.patch > > > b/meta/recipes-extended/shadow/files/CVE-2023-4641.patch > > > deleted file mode 100644 > > > index 1fabfe928e4..00000000000 > > > --- a/meta/recipes-extended/shadow/files/CVE-2023-4641.patch > > > +++ /dev/null > > > @@ -1,147 +0,0 @@ > > > -From 25dbe2ce166a13322b7536ff2f738786ea2e61e7 Mon Sep 17 00:00:00 > > > 2001 > > > -From: Alejandro Colomar <alx@kernel.org> > > > -Date: Sat, 10 Jun 2023 16:20:05 +0200 > > > -Subject: [PATCH] gpasswd(1): Fix password leak > > > - > > > -How to trigger this password leak? > > > -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > - > > > -When gpasswd(1) asks for the new password, it asks twice (as is > > > usual -for confirming the new password). Each of those 2 password > > > prompts -uses agetpass() to get the password. If the second > > > agetpass() fails, -the first password, which has been copied into > > > the 'static' buffer -'pass' via STRFCPY(), wasn't being zeroed. > > > - > > > -agetpass() is defined in <./libmisc/agetpass.c> (around line 91), > > > and -can fail for any of the following reasons: > > > - > > > -- malloc(3) or readpassphrase(3) failure. > > > - > > > - These are going to be difficult to trigger. Maybe getting the system > > > - to the limits of memory utilization at that exact point, so that the > > > - next malloc(3) gets ENOMEM, and possibly even the OOM is triggered. > > > - About readpassphrase(3), ENFILE and EINTR seem the only plausible > > > - ones, and EINTR probably requires privilege or being the same user; > > > - but I wouldn't discard ENFILE so easily, if a process starts opening > > > - files. > > > - > > > -- The password is longer than PASS_MAX. > > > - > > > - The is plausible with physical access. However, at that point, a > > > - keylogger will be a much simpler attack. > > > - > > > -And, the attacker must be able to know when the second password is > > > being -introduced, which is not going to be easy. > > > - > > > -How to read the password after the leak? > > > -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > - > > > -Provoking the leak yourself at the right point by entering a very > > > long -password is easy, and inspecting the process stack at that > > > point should -be doable. Try to find some consistent patterns. > > > - > > > -Then, search for those patterns in free memory, right after the > > > victim -leaks their password. > > > - > > > -Once you get the leak, a program should read all the free memory > > > -searching for patterns that gpasswd(1) leaves nearby the leaked > > > -password. > > > - > > > -On 6/10/23 03:14, Seth Arnold wrote: > > > -> An attacker process wouldn't be able to use malloc(3) for this task. > > > -> There's a handful of tools available for userspace to allocate memory: > > > -> > > > -> - brk / sbrk > > > -> - mmap MAP_ANONYMOUS > > > -> - mmap /dev/zero > > > -> - mmap some other file > > > -> - shm_open > > > -> - shmget > > > -> > > > -> Most of these return only pages of zeros to a process. Using > > > -> mmap of an existing file, you can get some of the contents of the > > > -> file demand-loaded into the memory space on the first use. > > > -> > > > -> The MAP_UNINITIALIZED flag only works if the kernel was compiled > > > -> with CONFIG_MMAP_ALLOW_UNINITIALIZED. This is rare. > > > -> > > > -> malloc(3) doesn't zero memory, to our collective frustration, but > > > -> all the garbage in the allocations is from previous allocations > > > -> in the current process. It isn't leftover from other processes. > > > -> > > > -> The avenues available for reading the memory: > > > -> - /dev/mem and /dev/kmem (requires root, not available with > > > -> Secure Boot) > > > -> - /proc/pid/mem (requires ptrace privileges, mediated by YAMA) > > > -> - ptrace (requires ptrace privileges, mediated by YAMA) > > > -> - causing memory to be swapped to disk, and then inspecting the > > > -> swap > > > -> > > > -> These all require a certain amount of privileges. > > > - > > > -How to fix it? > > > -~~~~~~~~~~~~~~ > > > - > > > -memzero(), which internally calls explicit_bzero(3), or whatever > > > -alternative the system provides with a slightly different name, > > > will -make sure that the buffer is zeroed in memory, and > > > optimizations are not -allowed to impede this zeroing. > > > - > > > -This is not really 100% effective, since compilers may place copies > > > of -the string somewhere hidden in the stack. Those copies won't > > > get zeroed -by explicit_bzero(3). However, that's arguably a > > > compiler bug, since -compilers should make everything possible to > > > avoid optimizing strings -that are later passed to > > > explicit_bzero(3). But we all know that -sometimes it's impossible > > > to have perfect knowledge in the compiler, so -this is plausible. > > > Nevertheless, there's nothing we can do against such -issues, except > > > minimizing the time such passwords are stored in plain -text. > > > - > > > -Security concerns > > > -~~~~~~~~~~~~~~~~~ > > > - > > > -We believe this isn't easy to exploit. Nevertheless, and since the > > > fix -is trivial, this fix should probably be applied soon, and > > > backported to -all supported distributions, to prevent someone else > > > having more -imagination than us to find a way. > > > - > > > -Affected versions > > > -~~~~~~~~~~~~~~~~~ > > > - > > > -All. Bug introduced in shadow 19990709. That's the second commit > > > in -the git history. > > > - > > > -Fixes: 45c6603cc86c ("[svn-upgrade] Integrating new upstream > > > version, shadow (19990709)") > > > - > > > -CVE: CVE-2023-4641 > > > -Upstream-Status: Backport > > > [https://github.com/shadow-maint/shadow/commit/65c88a43a23c2391dcc90 > > > c0abda3e839e9c57904] > > > - > > > -Reported-by: Alejandro Colomar <alx@kernel.org> > > > -Cc: Serge Hallyn <serge@hallyn.com> > > > -Cc: Iker Pedrosa <ipedrosa@redhat.com> > > > -Cc: Seth Arnold <seth.arnold@canonical.com> > > > -Cc: Christian Brauner <christian@brauner.io> > > > -Cc: Balint Reczey <rbalint@debian.org> > > > -Cc: Sam James <sam@gentoo.org> > > > -Cc: David Runge <dvzrv@archlinux.org> > > > -Cc: Andreas Jaeger <aj@suse.de> > > > -Cc: <~hallyn/shadow@lists.sr.ht> > > > -Signed-off-by: Alejandro Colomar <alx@kernel.org> > > > -Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> > > > ---- > > > - src/gpasswd.c | 1 + > > > - 1 file changed, 1 insertion(+) > > > - > > > -diff --git a/src/gpasswd.c b/src/gpasswd.c -index > > > 5983f787..2d8869ef 100644 > > > ---- a/src/gpasswd.c > > > -+++ b/src/gpasswd.c > > > -@@ -896,6 +896,7 @@ static void change_passwd (struct group *gr) > > > - strzero (cp); > > > - cp = getpass (_("Re-enter new password: ")); > > > - if (NULL == cp) { > > > -+ memzero (pass, sizeof pass); > > > - exit (1); > > > - } > > > - > > > --- > > > -2.34.1 > > > - > > > diff --git > > > a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open- > > > failure-in-chroot-env.patch > > > b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open- > > > failure-in-chroot-env.patch index 85d91751056..4a932d2dbb1 100644 > > > --- > > > a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open- > > > failure-in-chroot-env.patch > > > +++ b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-o > > > +++ pen-failure-in-chroot-env.patch > > > @@ -1,4 +1,4 @@ > > > -From 21583da072aa66901d859ac00ce209bac87ddecc Mon Sep 17 00:00:00 > > > 2001 > > > +From a773c6b240d27e23d6be41decef0edf24fcee523 Mon Sep 17 00:00:00 > > > +2001 > > > From: Chen Qi <Qi.Chen@windriver.com> > > > Date: Thu, 17 Jul 2014 15:53:34 +0800 > > > Subject: [PATCH] > > > commonio.c-fix-unexpected-open-failure-in-chroot-env > > > @@ -15,35 +15,37 @@ Note that this patch doesn't change the logic in the code, it just expands > > > the codes. > > > > > > Signed-off-by: Chen Qi <Qi.Chen@windriver.com> > > > - > > > --- > > > lib/commonio.c | 16 ++++++++++++---- > > > 1 file changed, 12 insertions(+), 4 deletions(-) > > > > > > diff --git a/lib/commonio.c b/lib/commonio.c -index > > > 9a02ce1..61384ec 100644 > > > +index 73fdb3a..d1231e9 100644 > > > --- a/lib/commonio.c > > > +++ b/lib/commonio.c > > > -@@ -616,10 +616,18 @@ int commonio_open (struct commonio_db *db, > > > int mode) > > > +@@ -606,10 +606,18 @@ int commonio_open (struct commonio_db *db, > > > +int mode) > > > db->cursor = NULL; > > > db->changed = false; > > > > > > - fd = open (db->filename, > > > - (db->readonly ? O_RDONLY : O_RDWR) > > > -- | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW); > > > +- | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW | O_CLOEXEC); > > > - saved_errno = errno; > > > + if (db->readonly) { > > > + fd = open (db->filename, > > > + (true ? O_RDONLY : O_RDWR) > > > -+ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW); > > > ++ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW | > > > ++ O_CLOEXEC); > > > + saved_errno = errno; > > > + } else { > > > + fd = open (db->filename, > > > + (false ? O_RDONLY : O_RDWR) > > > -+ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW); > > > ++ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW| > > > ++ O_CLOEXEC); > > > + saved_errno = errno; > > > + } > > > + > > > db->fp = NULL; > > > if (fd >= 0) { > > > #ifdef WITH_TCB > > > +-- > > > +2.30.2 > > > + > > > diff --git a/meta/recipes-extended/shadow/shadow.inc > > > b/meta/recipes-extended/shadow/shadow.inc > > > index ce3ce627156..c024746d4ff 100644 > > > --- a/meta/recipes-extended/shadow/shadow.inc > > > +++ b/meta/recipes-extended/shadow/shadow.inc > > > @@ -5,7 +5,7 @@ BUGTRACKER = "http://github.com/shadow-maint/shadow/issues" > > > SECTION = "base/utils" > > > LICENSE = "BSD-3-Clause" > > > LIC_FILES_CHKSUM = "file://COPYING;md5=c9a450b7be84eac23e6353efecb60b5b \ > > > - file://src/passwd.c;beginline=2;endline=30;md5=758c26751513b6795395275969dd3be1 \ > > > + > > > + file://src/passwd.c;beginline=2;endline=7;md5=67bcf314687820b2f010 > > > + d4863fce3fc5 \ > > > " > > > > > > DEPENDS = "virtual/crypt" > > > @@ -14,10 +14,6 @@ GITHUB_BASE_URI = "https://github.com/shadow-maint/shadow/releases" > > > SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BP}.tar.gz \ > > > ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \ > > > file://useradd \ > > > - file://0001-Fix-can-not-print-full-login.patch \ > > > - file://CVE-2023-29383.patch \ > > > - file://0001-Overhaul-valid_field.patch \ > > > - file://CVE-2023-4641.patch \ > > > " > > > > > > SRC_URI:append:class-target = " \ > > > @@ -26,14 +22,9 @@ SRC_URI:append:class-target = " \ > > > " > > > > > > SRC_URI:append:class-native = " \ > > > - file://0001-Disable-use-of-syslog-for-sysroot.patch \ > > > file://commonio.c-fix-unexpected-open-failure-in-chroot-env.patch \ > > > " > > > -SRC_URI:append:class-nativesdk = " \ > > > - file://0001-Disable-use-of-syslog-for-sysroot.patch \ > > > - " > > > -SRC_URI[sha256sum] = "813057047499c7fe81108adcf0cffa3ad4ec75e19a80151f9cbaa458ff2e86cd" > > > - > > > +SRC_URI[sha256sum] = "a305edf5d19bddbdf5e836d2d609fa8bff2d35458819de4d9f06306a1cf24342" > > > > > > # Additional Policy files for PAM > > > PAM_SRC_URI = "file://pam.d/chfn \ @@ -44,7 +35,7 @@ PAM_SRC_URI = > > > "file://pam.d/chfn \ > > > file://pam.d/passwd \ > > > file://pam.d/su" > > > > > > -inherit autotools gettext github-releases > > > +inherit autotools gettext github-releases pkgconfig > > > > > > export CONFIG_SHELL="/bin/sh" > > > > > > @@ -54,6 +45,8 @@ EXTRA_OECONF += "--without-libcrack \ > > > --without-sssd \ > > > ${NSCDOPT}" > > > > > > +CFLAGS:append:libc-musl = " -DLIBBSD_OVERLAY" > > > + > > > NSCDOPT = "" > > > NSCDOPT:class-native = "--without-nscd" > > > NSCDOPT:class-nativesdk = "--without-nscd" > > > @@ -73,13 +66,14 @@ PAM_PLUGINS = "libpam-runtime \ > > > > > > PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \ > > > ${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}" > > > -PACKAGECONFIG:class-native ??= "${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}" > > > +PACKAGECONFIG:class-native ??= "${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)} libbsd" > > > PACKAGECONFIG:class-nativesdk = "" > > > PACKAGECONFIG[pam] = "--with-libpam,--without-libpam,libpam,${PAM_PLUGINS}" > > > PACKAGECONFIG[attr] = "--with-attr,--without-attr,attr" > > > PACKAGECONFIG[acl] = "--with-acl,--without-acl,acl" > > > PACKAGECONFIG[audit] = "--with-audit,--without-audit,audit" > > > PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux libsemanage" > > > +PACKAGECONFIG[libbsd] = "--with-libbsd,--without-libbsd,libbsd" > > > > > > RDEPENDS:${PN} = "shadow-securetty \ > > > base-passwd \ > > > diff --git a/meta/recipes-extended/shadow/shadow_4.13.bb > > > b/meta/recipes-extended/shadow/shadow_4.14.2.bb > > > similarity index 100% > > > rename from meta/recipes-extended/shadow/shadow_4.13.bb > > > rename to meta/recipes-extended/shadow/shadow_4.14.2.bb > > > > > > -=-=-=-=-=-=-=-=-=-=-=- > > > Links: You receive all messages sent to this group. > > > View/Reply Online (#193542): > > > https://lists.openembedded.org/g/openembedded-core/message/193542 > > > Mute This Topic: https://lists.openembedded.org/mt/103661547/7304865 > > > Group Owner: openembedded-core+owner@lists.openembedded.org > > > Unsubscribe: > > > https://lists.openembedded.org/g/openembedded-core/unsub > > > [Qi.Chen@eng.windriver.com] > > > -=-=-=-=-=-=-=-=-=-=-=- > > > > >
I'm getting the same "parameter name omitted" error with today's master of poky on Ubuntu-20.04 machine. Is there a fix for that? Slava On 19.01.2024 13:24, Alexander Kanavin wrote: > I've seen issues where static libraries built on one host were not > usable on a different host with default compiler options. This may be > another one of these. > > We're reverting to dynamic linking with libraries in a custom > directory in sysroot that would be bundled together with shadow-native > proper. Patch is coming. > > Alex > > On Fri, 19 Jan 2024 at 13:13, Chen, Qi <Qi.Chen@windriver.com> wrote: >> I didn't do anything particular, but as several people are sharing the server, it's possible that its environment is somewhat messed up. I'll check more and fix the environment. Thanks for your double check. >> >> Regards, >> Qi >> >> -----Original Message----- >> From: Alexander Kanavin <alex.kanavin@gmail.com> >> Sent: Friday, January 19, 2024 6:12 PM >> To: Chen, Qi <Qi.Chen@windriver.com> >> Cc: openembedded-core@lists.openembedded.org; Alexander Kanavin <alex@linutronix.de> >> Subject: Re: [OE-core] [PATCH v3 1/2] shadow: update 4.13 -> 4.14.2 >> >> I just tried poky master on ubuntu 20.04, and the issues do not appear. Do you have a custom setup? >> >> Alex >> >> On Fri, 19 Jan 2024 at 04:06, ChenQi <Qi.Chen@windriver.com> wrote: >>> I'm seeing build failures on Ubuntu 20.04. >>> GCC version: 9.4.0 >>> >>> 1. error: parameter name omitted >>> The problem is that the active_sessions_count function's definition >>> lacks parameter. I did change like below: >>> -unsigned long active_sessions_count(const char *name, unsigned long >>> unused) >>> +unsigned long active_sessions_count(const char *name, unsigned long >>> unused unused_parameter) >>> But then I observed another error, as shown below. >>> >>> 2. undefined reference to `dlsym'. >>> | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: >>> ../lib/.libs/libshadow.a(libshadow_la-nss.o): in function `nss_exit': >>> | nss.c:(.text+0x32): undefined reference to `dlclose' >>> | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: >>> ../lib/.libs/libshadow.a(libshadow_la-nss.o): in function `nss_init': >>> | nss.c:(.text+0x1dd): undefined reference to `dlopen' >>> | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: >>> nss.c:(.text+0x21c): undefined reference to `dlsym' >>> | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: >>> nss.c:(.text+0x237): undefined reference to `dlsym' >>> | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: >>> nss.c:(.text+0x253): undefined reference to `dlsym' >>> | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: >>> nss.c:(.text+0x365): undefined reference to `dlclose' >>> | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: >>> nss.c:(.text+0x3b2): undefined reference to `dlerror' >>> | collect2: error: ld returned 1 exit status >>> | make[2]: *** [Makefile:1130: su] Error 1 >>> >>> On Ubuntu22.04, there's no such issue. >>> >>> Regards, >>> Qi >>> >>> On 1/11/24 21:15, Alexander Kanavin wrote: >>>> License-Update: formatting, spdx conversion >>>> >>>> Drop: >>>> 0001-Disable-use-of-syslog-for-sysroot.patch >>>> (issue fixed upstream) >>>> >>>> 0001-Fix-can-not-print-full-login.patch >>>> 0001-Overhaul-valid_field.patch >>>> CVE-2023-29383.patch >>>> (backports) >>>> >>>> libbsd is a new native dependency, as otherwise glibc >= 2.38 is >>>> needed. >>>> >>>> A similar fix is added to musl in order to define non-standard __BEGIN_DECLS/__END_DECLS. >>>> >>>> Signed-off-by: Alexander Kanavin <alex@linutronix.de> >>>> --- >>>> ...01-Disable-use-of-syslog-for-sysroot.patch | 52 ------- >>>> .../0001-Fix-can-not-print-full-login.patch | 41 ----- >>>> .../files/0001-Overhaul-valid_field.patch | 65 -------- >>>> .../shadow/files/CVE-2023-29383.patch | 53 ------- >>>> .../shadow/files/CVE-2023-4641.patch | 147 ------------------ >>>> ...nexpected-open-failure-in-chroot-env.patch | 16 +- >>>> meta/recipes-extended/shadow/shadow.inc | 20 +-- >>>> .../{shadow_4.13.bb => shadow_4.14.2.bb} | 0 >>>> 8 files changed, 16 insertions(+), 378 deletions(-) >>>> delete mode 100644 meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch >>>> delete mode 100644 meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch >>>> delete mode 100644 meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch >>>> delete mode 100644 meta/recipes-extended/shadow/files/CVE-2023-29383.patch >>>> delete mode 100644 meta/recipes-extended/shadow/files/CVE-2023-4641.patch >>>> rename meta/recipes-extended/shadow/{shadow_4.13.bb => >>>> shadow_4.14.2.bb} (100%) >>>> >>>> diff --git >>>> a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for- >>>> sysroot.patch >>>> b/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for- >>>> sysroot.patch >>>> deleted file mode 100644 >>>> index fa1532c8317..00000000000 >>>> --- >>>> a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for- >>>> sysroot.patch >>>> +++ /dev/null >>>> @@ -1,52 +0,0 @@ >>>> -From 85d0444229ee3d14fefcf10d093f49c862826f82 Mon Sep 17 00:00:00 >>>> 2001 >>>> -From: Richard Purdie <richard.purdie@linuxfoundation.org> >>>> -Date: Thu, 14 Apr 2022 23:11:53 +0000 >>>> -Subject: [PATCH] Disable use of syslog for shadow-native tools >>>> - >>>> -Disable use of syslog to prevent sysroot user and group additions >>>> from -writing entries to the host's syslog. This patch should only >>>> be used -with the shadow-native recipe. >>>> - >>>> -Upstream-Status: Inappropriate [OE specific configuration] >>>> -Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> >>>> -Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> >>>> - >>>> ---- >>>> - configure.ac | 2 +- >>>> - src/login_nopam.c | 3 ++- >>>> - 2 files changed, 3 insertions(+), 2 deletions(-) >>>> - >>>> -diff --git a/configure.ac b/configure.ac -index 924254a..603af81 >>>> 100644 >>>> ---- a/configure.ac >>>> -+++ b/configure.ac >>>> -@@ -191,7 +191,7 @@ AC_DEFINE_UNQUOTED(PASSWD_PROGRAM, "$shadow_cv_passwd_dir/passwd", >>>> - [Path to passwd program.]) >>>> - >>>> - dnl XXX - quick hack, should disappear before anyone notices :). >>>> --AC_DEFINE(USE_SYSLOG, 1, [Define to use syslog().]) >>>> -+#AC_DEFINE(USE_SYSLOG, 1, [Define to use syslog().]) >>>> - if test "$ac_cv_func_ruserok" = "yes"; then >>>> - AC_DEFINE(RLOGIN, 1, [Define if login should support the -r flag for rlogind.]) >>>> - AC_DEFINE(RUSEROK, 0, [Define to the ruserok() "success" return value (0 or 1).]) >>>> -diff --git a/src/login_nopam.c b/src/login_nopam.c -index >>>> df6ba88..fc24e13 100644 >>>> ---- a/src/login_nopam.c >>>> -+++ b/src/login_nopam.c >>>> -@@ -29,7 +29,6 @@ >>>> - #ifndef USE_PAM >>>> - #ident "$Id$" >>>> - >>>> --#include "prototypes.h" >>>> - /* >>>> - * This module implements a simple but effective form of login access >>>> - * control based on login names and on host (or domain) names, internet >>>> -@@ -57,6 +56,8 @@ >>>> - #include <netinet/in.h> >>>> - #include <arpa/inet.h> /* for inet_ntoa() */ >>>> - >>>> -+#include "prototypes.h" >>>> -+ >>>> - #if !defined(MAXHOSTNAMELEN) || (MAXHOSTNAMELEN < 64) >>>> - #undef MAXHOSTNAMELEN >>>> - #define MAXHOSTNAMELEN 256 >>>> diff --git >>>> a/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-log >>>> in.patch >>>> b/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-log >>>> in.patch >>>> deleted file mode 100644 >>>> index 89f9c05c8d3..00000000000 >>>> --- >>>> a/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-log >>>> in.patch >>>> +++ /dev/null >>>> @@ -1,41 +0,0 @@ >>>> -commit 670cae834827a8f794e6f7464fa57790d911b63c >>>> -Author: SoumyaWind <121475834+SoumyaWind@users.noreply.github.com> >>>> -Date: Tue Dec 27 17:40:17 2022 +0530 >>>> - >>>> - shadow: Fix can not print full login timeout message >>>> - >>>> - Login timed out message prints only first few bytes when write is immediately followed by exit. >>>> - Calling exit from new handler provides enough time to display full message. >>>> - >>>> -Upstream-Status: Backport >>>> [https://github.com/shadow-maint/shadow/commit/670cae834827a8f794e6f >>>> 7464fa57790d911b63c] >>>> - >>>> -diff --git a/src/login.c b/src/login.c -index 116e2cb3..c55f4de0 >>>> 100644 >>>> ---- a/src/login.c >>>> -+++ b/src/login.c >>>> -@@ -120,6 +120,7 @@ static void get_pam_user (char **ptr_pam_user); >>>> - >>>> - static void init_env (void); >>>> - static void alarm_handler (int); >>>> -+static void exit_handler (int); >>>> - >>>> - /* >>>> - * usage - print login command usage and exit -@@ -391,11 +392,16 >>>> @@ static void init_env (void) >>>> - #endif /* !USE_PAM */ >>>> - } >>>> - >>>> -+static void exit_handler (unused int sig) { >>>> -+ _exit (0); >>>> -+} >>>> - >>>> - static void alarm_handler (unused int sig) >>>> - { >>>> - write (STDERR_FILENO, tmsg, strlen (tmsg)); >>>> -- _exit (0); >>>> -+ signal(SIGALRM, exit_handler); >>>> -+ alarm(2); >>>> - } >>>> - >>>> - #ifdef USE_PAM >>>> diff --git >>>> a/meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch >>>> b/meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch >>>> deleted file mode 100644 >>>> index ac08be515bf..00000000000 >>>> --- >>>> a/meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch >>>> +++ /dev/null >>>> @@ -1,65 +0,0 @@ >>>> -From 2eaea70111f65b16d55998386e4ceb4273c19eb4 Mon Sep 17 00:00:00 >>>> 2001 >>>> -From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= >>>> <cgzones@googlemail.com> >>>> -Date: Fri, 31 Mar 2023 14:46:50 +0200 >>>> -Subject: [PATCH] Overhaul valid_field() >>>> - >>>> -e5905c4b ("Added control character check") introduced checking for >>>> -control characters but had the logic inverted, so it rejects all >>>> -characters that are not control ones. >>>> - >>>> -Cast the character to `unsigned char` before passing to the >>>> character -checking functions to avoid UB. >>>> - >>>> -Use strpbrk(3) for the illegal character test and return early. >>>> - >>>> -Upstream-Status: Backport >>>> [https://github.com/shadow-maint/shadow/commit/2eaea70111f65b16d5599 >>>> 8386e4ceb4273c19eb4] >>>> - >>>> -Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> >>>> ---- >>>> - lib/fields.c | 24 ++++++++++-------------- >>>> - 1 file changed, 10 insertions(+), 14 deletions(-) >>>> - >>>> -diff --git a/lib/fields.c b/lib/fields.c -index fb51b582..53929248 >>>> 100644 >>>> ---- a/lib/fields.c >>>> -+++ b/lib/fields.c >>>> -@@ -37,26 +37,22 @@ int valid_field (const char *field, const char >>>> *illegal) >>>> - >>>> - /* For each character of field, search if it appears in the list >>>> - * of illegal characters. */ >>>> -+ if (illegal && NULL != strpbrk (field, illegal)) { >>>> -+ return -1; >>>> -+ } >>>> -+ >>>> -+ /* Search if there are non-printable or control characters */ >>>> - for (cp = field; '\0' != *cp; cp++) { >>>> -- if (strchr (illegal, *cp) != NULL) { >>>> -+ unsigned char c = *cp; >>>> -+ if (!isprint (c)) { >>>> -+ err = 1; >>>> -+ } >>>> -+ if (iscntrl (c)) { >>>> - err = -1; >>>> - break; >>>> - } >>>> - } >>>> - >>>> -- if (0 == err) { >>>> -- /* Search if there are non-printable or control characters */ >>>> -- for (cp = field; '\0' != *cp; cp++) { >>>> -- if (!isprint (*cp)) { >>>> -- err = 1; >>>> -- } >>>> -- if (!iscntrl (*cp)) { >>>> -- err = -1; >>>> -- break; >>>> -- } >>>> -- } >>>> -- } >>>> -- >>>> - return err; >>>> - } >>>> - >>>> --- >>>> -2.34.1 >>>> - >>>> diff --git a/meta/recipes-extended/shadow/files/CVE-2023-29383.patch >>>> b/meta/recipes-extended/shadow/files/CVE-2023-29383.patch >>>> deleted file mode 100644 >>>> index f53341d3fc2..00000000000 >>>> --- a/meta/recipes-extended/shadow/files/CVE-2023-29383.patch >>>> +++ /dev/null >>>> @@ -1,53 +0,0 @@ >>>> -From e5905c4b84d4fb90aefcd96ee618411ebfac663d Mon Sep 17 00:00:00 >>>> 2001 >>>> -From: tomspiderlabs >>>> <128755403+tomspiderlabs@users.noreply.github.com> >>>> -Date: Thu, 23 Mar 2023 23:39:38 +0000 >>>> -Subject: [PATCH] Added control character check >>>> - >>>> -Added control character check, returning -1 (to "err") if control characters are present. >>>> - >>>> -CVE: CVE-2023-29383 >>>> -Upstream-Status: Backport >>>> - >>>> -Reference to upstream: >>>> -https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd >>>> 96ee618411ebfac663d >>>> - >>>> -Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> >>>> ---- >>>> - lib/fields.c | 11 +++++++---- >>>> - 1 file changed, 7 insertions(+), 4 deletions(-) >>>> - >>>> -diff --git a/lib/fields.c b/lib/fields.c -index 640be931..fb51b582 >>>> 100644 >>>> ---- a/lib/fields.c >>>> -+++ b/lib/fields.c >>>> -@@ -21,9 +21,9 @@ >>>> - * >>>> - * The supplied field is scanned for non-printable and other >>>> illegal >>>> - * characters. >>>> -- * + -1 is returned if an illegal character is present. >>>> -- * + 1 is returned if no illegal characters are present, but the field >>>> -- * contains a non-printable character. >>>> -+ * + -1 is returned if an illegal or control character is present. >>>> -+ * + 1 is returned if no illegal or control characters are present, >>>> -+ * but the field contains a non-printable character. >>>> - * + 0 is returned otherwise. >>>> - */ >>>> - int valid_field (const char *field, const char *illegal) -@@ >>>> -45,10 +45,13 @@ int valid_field (const char *field, const char *illegal) >>>> - } >>>> - >>>> - if (0 == err) { >>>> -- /* Search if there are some non-printable characters */ >>>> -+ /* Search if there are non-printable or control >>>> -+ characters */ >>>> - for (cp = field; '\0' != *cp; cp++) { >>>> - if (!isprint (*cp)) { >>>> - err = 1; >>>> -+ } >>>> -+ if (!iscntrl (*cp)) { >>>> -+ err = -1; >>>> - break; >>>> - } >>>> - } >>>> --- >>>> -2.34.1 >>>> - >>>> diff --git a/meta/recipes-extended/shadow/files/CVE-2023-4641.patch >>>> b/meta/recipes-extended/shadow/files/CVE-2023-4641.patch >>>> deleted file mode 100644 >>>> index 1fabfe928e4..00000000000 >>>> --- a/meta/recipes-extended/shadow/files/CVE-2023-4641.patch >>>> +++ /dev/null >>>> @@ -1,147 +0,0 @@ >>>> -From 25dbe2ce166a13322b7536ff2f738786ea2e61e7 Mon Sep 17 00:00:00 >>>> 2001 >>>> -From: Alejandro Colomar <alx@kernel.org> >>>> -Date: Sat, 10 Jun 2023 16:20:05 +0200 >>>> -Subject: [PATCH] gpasswd(1): Fix password leak >>>> - >>>> -How to trigger this password leak? >>>> -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >>>> - >>>> -When gpasswd(1) asks for the new password, it asks twice (as is >>>> usual -for confirming the new password). Each of those 2 password >>>> prompts -uses agetpass() to get the password. If the second >>>> agetpass() fails, -the first password, which has been copied into >>>> the 'static' buffer -'pass' via STRFCPY(), wasn't being zeroed. >>>> - >>>> -agetpass() is defined in <./libmisc/agetpass.c> (around line 91), >>>> and -can fail for any of the following reasons: >>>> - >>>> -- malloc(3) or readpassphrase(3) failure. >>>> - >>>> - These are going to be difficult to trigger. Maybe getting the system >>>> - to the limits of memory utilization at that exact point, so that the >>>> - next malloc(3) gets ENOMEM, and possibly even the OOM is triggered. >>>> - About readpassphrase(3), ENFILE and EINTR seem the only plausible >>>> - ones, and EINTR probably requires privilege or being the same user; >>>> - but I wouldn't discard ENFILE so easily, if a process starts opening >>>> - files. >>>> - >>>> -- The password is longer than PASS_MAX. >>>> - >>>> - The is plausible with physical access. However, at that point, a >>>> - keylogger will be a much simpler attack. >>>> - >>>> -And, the attacker must be able to know when the second password is >>>> being -introduced, which is not going to be easy. >>>> - >>>> -How to read the password after the leak? >>>> -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >>>> - >>>> -Provoking the leak yourself at the right point by entering a very >>>> long -password is easy, and inspecting the process stack at that >>>> point should -be doable. Try to find some consistent patterns. >>>> - >>>> -Then, search for those patterns in free memory, right after the >>>> victim -leaks their password. >>>> - >>>> -Once you get the leak, a program should read all the free memory >>>> -searching for patterns that gpasswd(1) leaves nearby the leaked >>>> -password. >>>> - >>>> -On 6/10/23 03:14, Seth Arnold wrote: >>>> -> An attacker process wouldn't be able to use malloc(3) for this task. >>>> -> There's a handful of tools available for userspace to allocate memory: >>>> -> >>>> -> - brk / sbrk >>>> -> - mmap MAP_ANONYMOUS >>>> -> - mmap /dev/zero >>>> -> - mmap some other file >>>> -> - shm_open >>>> -> - shmget >>>> -> >>>> -> Most of these return only pages of zeros to a process. Using >>>> -> mmap of an existing file, you can get some of the contents of the >>>> -> file demand-loaded into the memory space on the first use. >>>> -> >>>> -> The MAP_UNINITIALIZED flag only works if the kernel was compiled >>>> -> with CONFIG_MMAP_ALLOW_UNINITIALIZED. This is rare. >>>> -> >>>> -> malloc(3) doesn't zero memory, to our collective frustration, but >>>> -> all the garbage in the allocations is from previous allocations >>>> -> in the current process. It isn't leftover from other processes. >>>> -> >>>> -> The avenues available for reading the memory: >>>> -> - /dev/mem and /dev/kmem (requires root, not available with >>>> -> Secure Boot) >>>> -> - /proc/pid/mem (requires ptrace privileges, mediated by YAMA) >>>> -> - ptrace (requires ptrace privileges, mediated by YAMA) >>>> -> - causing memory to be swapped to disk, and then inspecting the >>>> -> swap >>>> -> >>>> -> These all require a certain amount of privileges. >>>> - >>>> -How to fix it? >>>> -~~~~~~~~~~~~~~ >>>> - >>>> -memzero(), which internally calls explicit_bzero(3), or whatever >>>> -alternative the system provides with a slightly different name, >>>> will -make sure that the buffer is zeroed in memory, and >>>> optimizations are not -allowed to impede this zeroing. >>>> - >>>> -This is not really 100% effective, since compilers may place copies >>>> of -the string somewhere hidden in the stack. Those copies won't >>>> get zeroed -by explicit_bzero(3). However, that's arguably a >>>> compiler bug, since -compilers should make everything possible to >>>> avoid optimizing strings -that are later passed to >>>> explicit_bzero(3). But we all know that -sometimes it's impossible >>>> to have perfect knowledge in the compiler, so -this is plausible. >>>> Nevertheless, there's nothing we can do against such -issues, except >>>> minimizing the time such passwords are stored in plain -text. >>>> - >>>> -Security concerns >>>> -~~~~~~~~~~~~~~~~~ >>>> - >>>> -We believe this isn't easy to exploit. Nevertheless, and since the >>>> fix -is trivial, this fix should probably be applied soon, and >>>> backported to -all supported distributions, to prevent someone else >>>> having more -imagination than us to find a way. >>>> - >>>> -Affected versions >>>> -~~~~~~~~~~~~~~~~~ >>>> - >>>> -All. Bug introduced in shadow 19990709. That's the second commit >>>> in -the git history. >>>> - >>>> -Fixes: 45c6603cc86c ("[svn-upgrade] Integrating new upstream >>>> version, shadow (19990709)") >>>> - >>>> -CVE: CVE-2023-4641 >>>> -Upstream-Status: Backport >>>> [https://github.com/shadow-maint/shadow/commit/65c88a43a23c2391dcc90 >>>> c0abda3e839e9c57904] >>>> - >>>> -Reported-by: Alejandro Colomar <alx@kernel.org> >>>> -Cc: Serge Hallyn <serge@hallyn.com> >>>> -Cc: Iker Pedrosa <ipedrosa@redhat.com> >>>> -Cc: Seth Arnold <seth.arnold@canonical.com> >>>> -Cc: Christian Brauner <christian@brauner.io> >>>> -Cc: Balint Reczey <rbalint@debian.org> >>>> -Cc: Sam James <sam@gentoo.org> >>>> -Cc: David Runge <dvzrv@archlinux.org> >>>> -Cc: Andreas Jaeger <aj@suse.de> >>>> -Cc: <~hallyn/shadow@lists.sr.ht> >>>> -Signed-off-by: Alejandro Colomar <alx@kernel.org> >>>> -Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> >>>> ---- >>>> - src/gpasswd.c | 1 + >>>> - 1 file changed, 1 insertion(+) >>>> - >>>> -diff --git a/src/gpasswd.c b/src/gpasswd.c -index >>>> 5983f787..2d8869ef 100644 >>>> ---- a/src/gpasswd.c >>>> -+++ b/src/gpasswd.c >>>> -@@ -896,6 +896,7 @@ static void change_passwd (struct group *gr) >>>> - strzero (cp); >>>> - cp = getpass (_("Re-enter new password: ")); >>>> - if (NULL == cp) { >>>> -+ memzero (pass, sizeof pass); >>>> - exit (1); >>>> - } >>>> - >>>> --- >>>> -2.34.1 >>>> - >>>> diff --git >>>> a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open- >>>> failure-in-chroot-env.patch >>>> b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open- >>>> failure-in-chroot-env.patch index 85d91751056..4a932d2dbb1 100644 >>>> --- >>>> a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open- >>>> failure-in-chroot-env.patch >>>> +++ b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-o >>>> +++ pen-failure-in-chroot-env.patch >>>> @@ -1,4 +1,4 @@ >>>> -From 21583da072aa66901d859ac00ce209bac87ddecc Mon Sep 17 00:00:00 >>>> 2001 >>>> +From a773c6b240d27e23d6be41decef0edf24fcee523 Mon Sep 17 00:00:00 >>>> +2001 >>>> From: Chen Qi <Qi.Chen@windriver.com> >>>> Date: Thu, 17 Jul 2014 15:53:34 +0800 >>>> Subject: [PATCH] >>>> commonio.c-fix-unexpected-open-failure-in-chroot-env >>>> @@ -15,35 +15,37 @@ Note that this patch doesn't change the logic in the code, it just expands >>>> the codes. >>>> >>>> Signed-off-by: Chen Qi <Qi.Chen@windriver.com> >>>> - >>>> --- >>>> lib/commonio.c | 16 ++++++++++++---- >>>> 1 file changed, 12 insertions(+), 4 deletions(-) >>>> >>>> diff --git a/lib/commonio.c b/lib/commonio.c -index >>>> 9a02ce1..61384ec 100644 >>>> +index 73fdb3a..d1231e9 100644 >>>> --- a/lib/commonio.c >>>> +++ b/lib/commonio.c >>>> -@@ -616,10 +616,18 @@ int commonio_open (struct commonio_db *db, >>>> int mode) >>>> +@@ -606,10 +606,18 @@ int commonio_open (struct commonio_db *db, >>>> +int mode) >>>> db->cursor = NULL; >>>> db->changed = false; >>>> >>>> - fd = open (db->filename, >>>> - (db->readonly ? O_RDONLY : O_RDWR) >>>> -- | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW); >>>> +- | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW | O_CLOEXEC); >>>> - saved_errno = errno; >>>> + if (db->readonly) { >>>> + fd = open (db->filename, >>>> + (true ? O_RDONLY : O_RDWR) >>>> -+ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW); >>>> ++ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW | >>>> ++ O_CLOEXEC); >>>> + saved_errno = errno; >>>> + } else { >>>> + fd = open (db->filename, >>>> + (false ? O_RDONLY : O_RDWR) >>>> -+ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW); >>>> ++ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW| >>>> ++ O_CLOEXEC); >>>> + saved_errno = errno; >>>> + } >>>> + >>>> db->fp = NULL; >>>> if (fd >= 0) { >>>> #ifdef WITH_TCB >>>> +-- >>>> +2.30.2 >>>> + >>>> diff --git a/meta/recipes-extended/shadow/shadow.inc >>>> b/meta/recipes-extended/shadow/shadow.inc >>>> index ce3ce627156..c024746d4ff 100644 >>>> --- a/meta/recipes-extended/shadow/shadow.inc >>>> +++ b/meta/recipes-extended/shadow/shadow.inc >>>> @@ -5,7 +5,7 @@ BUGTRACKER = "http://github.com/shadow-maint/shadow/issues" >>>> SECTION = "base/utils" >>>> LICENSE = "BSD-3-Clause" >>>> LIC_FILES_CHKSUM = "file://COPYING;md5=c9a450b7be84eac23e6353efecb60b5b \ >>>> - file://src/passwd.c;beginline=2;endline=30;md5=758c26751513b6795395275969dd3be1 \ >>>> + >>>> + file://src/passwd.c;beginline=2;endline=7;md5=67bcf314687820b2f010 >>>> + d4863fce3fc5 \ >>>> " >>>> >>>> DEPENDS = "virtual/crypt" >>>> @@ -14,10 +14,6 @@ GITHUB_BASE_URI = "https://github.com/shadow-maint/shadow/releases" >>>> SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BP}.tar.gz \ >>>> ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \ >>>> file://useradd \ >>>> - file://0001-Fix-can-not-print-full-login.patch \ >>>> - file://CVE-2023-29383.patch \ >>>> - file://0001-Overhaul-valid_field.patch \ >>>> - file://CVE-2023-4641.patch \ >>>> " >>>> >>>> SRC_URI:append:class-target = " \ >>>> @@ -26,14 +22,9 @@ SRC_URI:append:class-target = " \ >>>> " >>>> >>>> SRC_URI:append:class-native = " \ >>>> - file://0001-Disable-use-of-syslog-for-sysroot.patch \ >>>> file://commonio.c-fix-unexpected-open-failure-in-chroot-env.patch \ >>>> " >>>> -SRC_URI:append:class-nativesdk = " \ >>>> - file://0001-Disable-use-of-syslog-for-sysroot.patch \ >>>> - " >>>> -SRC_URI[sha256sum] = "813057047499c7fe81108adcf0cffa3ad4ec75e19a80151f9cbaa458ff2e86cd" >>>> - >>>> +SRC_URI[sha256sum] = "a305edf5d19bddbdf5e836d2d609fa8bff2d35458819de4d9f06306a1cf24342" >>>> >>>> # Additional Policy files for PAM >>>> PAM_SRC_URI = "file://pam.d/chfn \ @@ -44,7 +35,7 @@ PAM_SRC_URI = >>>> "file://pam.d/chfn \ >>>> file://pam.d/passwd \ >>>> file://pam.d/su" >>>> >>>> -inherit autotools gettext github-releases >>>> +inherit autotools gettext github-releases pkgconfig >>>> >>>> export CONFIG_SHELL="/bin/sh" >>>> >>>> @@ -54,6 +45,8 @@ EXTRA_OECONF += "--without-libcrack \ >>>> --without-sssd \ >>>> ${NSCDOPT}" >>>> >>>> +CFLAGS:append:libc-musl = " -DLIBBSD_OVERLAY" >>>> + >>>> NSCDOPT = "" >>>> NSCDOPT:class-native = "--without-nscd" >>>> NSCDOPT:class-nativesdk = "--without-nscd" >>>> @@ -73,13 +66,14 @@ PAM_PLUGINS = "libpam-runtime \ >>>> >>>> PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \ >>>> ${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}" >>>> -PACKAGECONFIG:class-native ??= "${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}" >>>> +PACKAGECONFIG:class-native ??= "${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)} libbsd" >>>> PACKAGECONFIG:class-nativesdk = "" >>>> PACKAGECONFIG[pam] = "--with-libpam,--without-libpam,libpam,${PAM_PLUGINS}" >>>> PACKAGECONFIG[attr] = "--with-attr,--without-attr,attr" >>>> PACKAGECONFIG[acl] = "--with-acl,--without-acl,acl" >>>> PACKAGECONFIG[audit] = "--with-audit,--without-audit,audit" >>>> PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux libsemanage" >>>> +PACKAGECONFIG[libbsd] = "--with-libbsd,--without-libbsd,libbsd" >>>> >>>> RDEPENDS:${PN} = "shadow-securetty \ >>>> base-passwd \ >>>> diff --git a/meta/recipes-extended/shadow/shadow_4.13.bb >>>> b/meta/recipes-extended/shadow/shadow_4.14.2.bb >>>> similarity index 100% >>>> rename from meta/recipes-extended/shadow/shadow_4.13.bb >>>> rename to meta/recipes-extended/shadow/shadow_4.14.2.bb >>>> >>>> >>>>
First you need to show how to reproduce it with plain poky. Alex On Thu, 8 Feb 2024 at 11:40, Vyacheslav Yurkov <uvv.mail@gmail.com> wrote: > > I'm getting the same "parameter name omitted" error with today's master > of poky on Ubuntu-20.04 machine. Is there a fix for that? > > Slava > > On 19.01.2024 13:24, Alexander Kanavin wrote: > > I've seen issues where static libraries built on one host were not > > usable on a different host with default compiler options. This may be > > another one of these. > > > > We're reverting to dynamic linking with libraries in a custom > > directory in sysroot that would be bundled together with shadow-native > > proper. Patch is coming. > > > > Alex > > > > On Fri, 19 Jan 2024 at 13:13, Chen, Qi <Qi.Chen@windriver.com> wrote: > >> I didn't do anything particular, but as several people are sharing the server, it's possible that its environment is somewhat messed up. I'll check more and fix the environment. Thanks for your double check. > >> > >> Regards, > >> Qi > >> > >> -----Original Message----- > >> From: Alexander Kanavin <alex.kanavin@gmail.com> > >> Sent: Friday, January 19, 2024 6:12 PM > >> To: Chen, Qi <Qi.Chen@windriver.com> > >> Cc: openembedded-core@lists.openembedded.org; Alexander Kanavin <alex@linutronix.de> > >> Subject: Re: [OE-core] [PATCH v3 1/2] shadow: update 4.13 -> 4.14.2 > >> > >> I just tried poky master on ubuntu 20.04, and the issues do not appear. Do you have a custom setup? > >> > >> Alex > >> > >> On Fri, 19 Jan 2024 at 04:06, ChenQi <Qi.Chen@windriver.com> wrote: > >>> I'm seeing build failures on Ubuntu 20.04. > >>> GCC version: 9.4.0 > >>> > >>> 1. error: parameter name omitted > >>> The problem is that the active_sessions_count function's definition > >>> lacks parameter. I did change like below: > >>> -unsigned long active_sessions_count(const char *name, unsigned long > >>> unused) > >>> +unsigned long active_sessions_count(const char *name, unsigned long > >>> unused unused_parameter) > >>> But then I observed another error, as shown below. > >>> > >>> 2. undefined reference to `dlsym'. > >>> | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: > >>> ../lib/.libs/libshadow.a(libshadow_la-nss.o): in function `nss_exit': > >>> | nss.c:(.text+0x32): undefined reference to `dlclose' > >>> | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: > >>> ../lib/.libs/libshadow.a(libshadow_la-nss.o): in function `nss_init': > >>> | nss.c:(.text+0x1dd): undefined reference to `dlopen' > >>> | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: > >>> nss.c:(.text+0x21c): undefined reference to `dlsym' > >>> | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: > >>> nss.c:(.text+0x237): undefined reference to `dlsym' > >>> | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: > >>> nss.c:(.text+0x253): undefined reference to `dlsym' > >>> | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: > >>> nss.c:(.text+0x365): undefined reference to `dlclose' > >>> | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: > >>> nss.c:(.text+0x3b2): undefined reference to `dlerror' > >>> | collect2: error: ld returned 1 exit status > >>> | make[2]: *** [Makefile:1130: su] Error 1 > >>> > >>> On Ubuntu22.04, there's no such issue. > >>> > >>> Regards, > >>> Qi > >>> > >>> On 1/11/24 21:15, Alexander Kanavin wrote: > >>>> License-Update: formatting, spdx conversion > >>>> > >>>> Drop: > >>>> 0001-Disable-use-of-syslog-for-sysroot.patch > >>>> (issue fixed upstream) > >>>> > >>>> 0001-Fix-can-not-print-full-login.patch > >>>> 0001-Overhaul-valid_field.patch > >>>> CVE-2023-29383.patch > >>>> (backports) > >>>> > >>>> libbsd is a new native dependency, as otherwise glibc >= 2.38 is > >>>> needed. > >>>> > >>>> A similar fix is added to musl in order to define non-standard __BEGIN_DECLS/__END_DECLS. > >>>> > >>>> Signed-off-by: Alexander Kanavin <alex@linutronix.de> > >>>> --- > >>>> ...01-Disable-use-of-syslog-for-sysroot.patch | 52 ------- > >>>> .../0001-Fix-can-not-print-full-login.patch | 41 ----- > >>>> .../files/0001-Overhaul-valid_field.patch | 65 -------- > >>>> .../shadow/files/CVE-2023-29383.patch | 53 ------- > >>>> .../shadow/files/CVE-2023-4641.patch | 147 ------------------ > >>>> ...nexpected-open-failure-in-chroot-env.patch | 16 +- > >>>> meta/recipes-extended/shadow/shadow.inc | 20 +-- > >>>> .../{shadow_4.13.bb => shadow_4.14.2.bb} | 0 > >>>> 8 files changed, 16 insertions(+), 378 deletions(-) > >>>> delete mode 100644 meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch > >>>> delete mode 100644 meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch > >>>> delete mode 100644 meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch > >>>> delete mode 100644 meta/recipes-extended/shadow/files/CVE-2023-29383.patch > >>>> delete mode 100644 meta/recipes-extended/shadow/files/CVE-2023-4641.patch > >>>> rename meta/recipes-extended/shadow/{shadow_4.13.bb => > >>>> shadow_4.14.2.bb} (100%) > >>>> > >>>> diff --git > >>>> a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for- > >>>> sysroot.patch > >>>> b/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for- > >>>> sysroot.patch > >>>> deleted file mode 100644 > >>>> index fa1532c8317..00000000000 > >>>> --- > >>>> a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for- > >>>> sysroot.patch > >>>> +++ /dev/null > >>>> @@ -1,52 +0,0 @@ > >>>> -From 85d0444229ee3d14fefcf10d093f49c862826f82 Mon Sep 17 00:00:00 > >>>> 2001 > >>>> -From: Richard Purdie <richard.purdie@linuxfoundation.org> > >>>> -Date: Thu, 14 Apr 2022 23:11:53 +0000 > >>>> -Subject: [PATCH] Disable use of syslog for shadow-native tools > >>>> - > >>>> -Disable use of syslog to prevent sysroot user and group additions > >>>> from -writing entries to the host's syslog. This patch should only > >>>> be used -with the shadow-native recipe. > >>>> - > >>>> -Upstream-Status: Inappropriate [OE specific configuration] > >>>> -Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> > >>>> -Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> > >>>> - > >>>> ---- > >>>> - configure.ac | 2 +- > >>>> - src/login_nopam.c | 3 ++- > >>>> - 2 files changed, 3 insertions(+), 2 deletions(-) > >>>> - > >>>> -diff --git a/configure.ac b/configure.ac -index 924254a..603af81 > >>>> 100644 > >>>> ---- a/configure.ac > >>>> -+++ b/configure.ac > >>>> -@@ -191,7 +191,7 @@ AC_DEFINE_UNQUOTED(PASSWD_PROGRAM, "$shadow_cv_passwd_dir/passwd", > >>>> - [Path to passwd program.]) > >>>> - > >>>> - dnl XXX - quick hack, should disappear before anyone notices :). > >>>> --AC_DEFINE(USE_SYSLOG, 1, [Define to use syslog().]) > >>>> -+#AC_DEFINE(USE_SYSLOG, 1, [Define to use syslog().]) > >>>> - if test "$ac_cv_func_ruserok" = "yes"; then > >>>> - AC_DEFINE(RLOGIN, 1, [Define if login should support the -r flag for rlogind.]) > >>>> - AC_DEFINE(RUSEROK, 0, [Define to the ruserok() "success" return value (0 or 1).]) > >>>> -diff --git a/src/login_nopam.c b/src/login_nopam.c -index > >>>> df6ba88..fc24e13 100644 > >>>> ---- a/src/login_nopam.c > >>>> -+++ b/src/login_nopam.c > >>>> -@@ -29,7 +29,6 @@ > >>>> - #ifndef USE_PAM > >>>> - #ident "$Id$" > >>>> - > >>>> --#include "prototypes.h" > >>>> - /* > >>>> - * This module implements a simple but effective form of login access > >>>> - * control based on login names and on host (or domain) names, internet > >>>> -@@ -57,6 +56,8 @@ > >>>> - #include <netinet/in.h> > >>>> - #include <arpa/inet.h> /* for inet_ntoa() */ > >>>> - > >>>> -+#include "prototypes.h" > >>>> -+ > >>>> - #if !defined(MAXHOSTNAMELEN) || (MAXHOSTNAMELEN < 64) > >>>> - #undef MAXHOSTNAMELEN > >>>> - #define MAXHOSTNAMELEN 256 > >>>> diff --git > >>>> a/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-log > >>>> in.patch > >>>> b/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-log > >>>> in.patch > >>>> deleted file mode 100644 > >>>> index 89f9c05c8d3..00000000000 > >>>> --- > >>>> a/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-log > >>>> in.patch > >>>> +++ /dev/null > >>>> @@ -1,41 +0,0 @@ > >>>> -commit 670cae834827a8f794e6f7464fa57790d911b63c > >>>> -Author: SoumyaWind <121475834+SoumyaWind@users.noreply.github.com> > >>>> -Date: Tue Dec 27 17:40:17 2022 +0530 > >>>> - > >>>> - shadow: Fix can not print full login timeout message > >>>> - > >>>> - Login timed out message prints only first few bytes when write is immediately followed by exit. > >>>> - Calling exit from new handler provides enough time to display full message. > >>>> - > >>>> -Upstream-Status: Backport > >>>> [https://github.com/shadow-maint/shadow/commit/670cae834827a8f794e6f > >>>> 7464fa57790d911b63c] > >>>> - > >>>> -diff --git a/src/login.c b/src/login.c -index 116e2cb3..c55f4de0 > >>>> 100644 > >>>> ---- a/src/login.c > >>>> -+++ b/src/login.c > >>>> -@@ -120,6 +120,7 @@ static void get_pam_user (char **ptr_pam_user); > >>>> - > >>>> - static void init_env (void); > >>>> - static void alarm_handler (int); > >>>> -+static void exit_handler (int); > >>>> - > >>>> - /* > >>>> - * usage - print login command usage and exit -@@ -391,11 +392,16 > >>>> @@ static void init_env (void) > >>>> - #endif /* !USE_PAM */ > >>>> - } > >>>> - > >>>> -+static void exit_handler (unused int sig) { > >>>> -+ _exit (0); > >>>> -+} > >>>> - > >>>> - static void alarm_handler (unused int sig) > >>>> - { > >>>> - write (STDERR_FILENO, tmsg, strlen (tmsg)); > >>>> -- _exit (0); > >>>> -+ signal(SIGALRM, exit_handler); > >>>> -+ alarm(2); > >>>> - } > >>>> - > >>>> - #ifdef USE_PAM > >>>> diff --git > >>>> a/meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch > >>>> b/meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch > >>>> deleted file mode 100644 > >>>> index ac08be515bf..00000000000 > >>>> --- > >>>> a/meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch > >>>> +++ /dev/null > >>>> @@ -1,65 +0,0 @@ > >>>> -From 2eaea70111f65b16d55998386e4ceb4273c19eb4 Mon Sep 17 00:00:00 > >>>> 2001 > >>>> -From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= > >>>> <cgzones@googlemail.com> > >>>> -Date: Fri, 31 Mar 2023 14:46:50 +0200 > >>>> -Subject: [PATCH] Overhaul valid_field() > >>>> - > >>>> -e5905c4b ("Added control character check") introduced checking for > >>>> -control characters but had the logic inverted, so it rejects all > >>>> -characters that are not control ones. > >>>> - > >>>> -Cast the character to `unsigned char` before passing to the > >>>> character -checking functions to avoid UB. > >>>> - > >>>> -Use strpbrk(3) for the illegal character test and return early. > >>>> - > >>>> -Upstream-Status: Backport > >>>> [https://github.com/shadow-maint/shadow/commit/2eaea70111f65b16d5599 > >>>> 8386e4ceb4273c19eb4] > >>>> - > >>>> -Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> > >>>> ---- > >>>> - lib/fields.c | 24 ++++++++++-------------- > >>>> - 1 file changed, 10 insertions(+), 14 deletions(-) > >>>> - > >>>> -diff --git a/lib/fields.c b/lib/fields.c -index fb51b582..53929248 > >>>> 100644 > >>>> ---- a/lib/fields.c > >>>> -+++ b/lib/fields.c > >>>> -@@ -37,26 +37,22 @@ int valid_field (const char *field, const char > >>>> *illegal) > >>>> - > >>>> - /* For each character of field, search if it appears in the list > >>>> - * of illegal characters. */ > >>>> -+ if (illegal && NULL != strpbrk (field, illegal)) { > >>>> -+ return -1; > >>>> -+ } > >>>> -+ > >>>> -+ /* Search if there are non-printable or control characters */ > >>>> - for (cp = field; '\0' != *cp; cp++) { > >>>> -- if (strchr (illegal, *cp) != NULL) { > >>>> -+ unsigned char c = *cp; > >>>> -+ if (!isprint (c)) { > >>>> -+ err = 1; > >>>> -+ } > >>>> -+ if (iscntrl (c)) { > >>>> - err = -1; > >>>> - break; > >>>> - } > >>>> - } > >>>> - > >>>> -- if (0 == err) { > >>>> -- /* Search if there are non-printable or control characters */ > >>>> -- for (cp = field; '\0' != *cp; cp++) { > >>>> -- if (!isprint (*cp)) { > >>>> -- err = 1; > >>>> -- } > >>>> -- if (!iscntrl (*cp)) { > >>>> -- err = -1; > >>>> -- break; > >>>> -- } > >>>> -- } > >>>> -- } > >>>> -- > >>>> - return err; > >>>> - } > >>>> - > >>>> --- > >>>> -2.34.1 > >>>> - > >>>> diff --git a/meta/recipes-extended/shadow/files/CVE-2023-29383.patch > >>>> b/meta/recipes-extended/shadow/files/CVE-2023-29383.patch > >>>> deleted file mode 100644 > >>>> index f53341d3fc2..00000000000 > >>>> --- a/meta/recipes-extended/shadow/files/CVE-2023-29383.patch > >>>> +++ /dev/null > >>>> @@ -1,53 +0,0 @@ > >>>> -From e5905c4b84d4fb90aefcd96ee618411ebfac663d Mon Sep 17 00:00:00 > >>>> 2001 > >>>> -From: tomspiderlabs > >>>> <128755403+tomspiderlabs@users.noreply.github.com> > >>>> -Date: Thu, 23 Mar 2023 23:39:38 +0000 > >>>> -Subject: [PATCH] Added control character check > >>>> - > >>>> -Added control character check, returning -1 (to "err") if control characters are present. > >>>> - > >>>> -CVE: CVE-2023-29383 > >>>> -Upstream-Status: Backport > >>>> - > >>>> -Reference to upstream: > >>>> -https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd > >>>> 96ee618411ebfac663d > >>>> - > >>>> -Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> > >>>> ---- > >>>> - lib/fields.c | 11 +++++++---- > >>>> - 1 file changed, 7 insertions(+), 4 deletions(-) > >>>> - > >>>> -diff --git a/lib/fields.c b/lib/fields.c -index 640be931..fb51b582 > >>>> 100644 > >>>> ---- a/lib/fields.c > >>>> -+++ b/lib/fields.c > >>>> -@@ -21,9 +21,9 @@ > >>>> - * > >>>> - * The supplied field is scanned for non-printable and other > >>>> illegal > >>>> - * characters. > >>>> -- * + -1 is returned if an illegal character is present. > >>>> -- * + 1 is returned if no illegal characters are present, but the field > >>>> -- * contains a non-printable character. > >>>> -+ * + -1 is returned if an illegal or control character is present. > >>>> -+ * + 1 is returned if no illegal or control characters are present, > >>>> -+ * but the field contains a non-printable character. > >>>> - * + 0 is returned otherwise. > >>>> - */ > >>>> - int valid_field (const char *field, const char *illegal) -@@ > >>>> -45,10 +45,13 @@ int valid_field (const char *field, const char *illegal) > >>>> - } > >>>> - > >>>> - if (0 == err) { > >>>> -- /* Search if there are some non-printable characters */ > >>>> -+ /* Search if there are non-printable or control > >>>> -+ characters */ > >>>> - for (cp = field; '\0' != *cp; cp++) { > >>>> - if (!isprint (*cp)) { > >>>> - err = 1; > >>>> -+ } > >>>> -+ if (!iscntrl (*cp)) { > >>>> -+ err = -1; > >>>> - break; > >>>> - } > >>>> - } > >>>> --- > >>>> -2.34.1 > >>>> - > >>>> diff --git a/meta/recipes-extended/shadow/files/CVE-2023-4641.patch > >>>> b/meta/recipes-extended/shadow/files/CVE-2023-4641.patch > >>>> deleted file mode 100644 > >>>> index 1fabfe928e4..00000000000 > >>>> --- a/meta/recipes-extended/shadow/files/CVE-2023-4641.patch > >>>> +++ /dev/null > >>>> @@ -1,147 +0,0 @@ > >>>> -From 25dbe2ce166a13322b7536ff2f738786ea2e61e7 Mon Sep 17 00:00:00 > >>>> 2001 > >>>> -From: Alejandro Colomar <alx@kernel.org> > >>>> -Date: Sat, 10 Jun 2023 16:20:05 +0200 > >>>> -Subject: [PATCH] gpasswd(1): Fix password leak > >>>> - > >>>> -How to trigger this password leak? > >>>> -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > >>>> - > >>>> -When gpasswd(1) asks for the new password, it asks twice (as is > >>>> usual -for confirming the new password). Each of those 2 password > >>>> prompts -uses agetpass() to get the password. If the second > >>>> agetpass() fails, -the first password, which has been copied into > >>>> the 'static' buffer -'pass' via STRFCPY(), wasn't being zeroed. > >>>> - > >>>> -agetpass() is defined in <./libmisc/agetpass.c> (around line 91), > >>>> and -can fail for any of the following reasons: > >>>> - > >>>> -- malloc(3) or readpassphrase(3) failure. > >>>> - > >>>> - These are going to be difficult to trigger. Maybe getting the system > >>>> - to the limits of memory utilization at that exact point, so that the > >>>> - next malloc(3) gets ENOMEM, and possibly even the OOM is triggered. > >>>> - About readpassphrase(3), ENFILE and EINTR seem the only plausible > >>>> - ones, and EINTR probably requires privilege or being the same user; > >>>> - but I wouldn't discard ENFILE so easily, if a process starts opening > >>>> - files. > >>>> - > >>>> -- The password is longer than PASS_MAX. > >>>> - > >>>> - The is plausible with physical access. However, at that point, a > >>>> - keylogger will be a much simpler attack. > >>>> - > >>>> -And, the attacker must be able to know when the second password is > >>>> being -introduced, which is not going to be easy. > >>>> - > >>>> -How to read the password after the leak? > >>>> -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > >>>> - > >>>> -Provoking the leak yourself at the right point by entering a very > >>>> long -password is easy, and inspecting the process stack at that > >>>> point should -be doable. Try to find some consistent patterns. > >>>> - > >>>> -Then, search for those patterns in free memory, right after the > >>>> victim -leaks their password. > >>>> - > >>>> -Once you get the leak, a program should read all the free memory > >>>> -searching for patterns that gpasswd(1) leaves nearby the leaked > >>>> -password. > >>>> - > >>>> -On 6/10/23 03:14, Seth Arnold wrote: > >>>> -> An attacker process wouldn't be able to use malloc(3) for this task. > >>>> -> There's a handful of tools available for userspace to allocate memory: > >>>> -> > >>>> -> - brk / sbrk > >>>> -> - mmap MAP_ANONYMOUS > >>>> -> - mmap /dev/zero > >>>> -> - mmap some other file > >>>> -> - shm_open > >>>> -> - shmget > >>>> -> > >>>> -> Most of these return only pages of zeros to a process. Using > >>>> -> mmap of an existing file, you can get some of the contents of the > >>>> -> file demand-loaded into the memory space on the first use. > >>>> -> > >>>> -> The MAP_UNINITIALIZED flag only works if the kernel was compiled > >>>> -> with CONFIG_MMAP_ALLOW_UNINITIALIZED. This is rare. > >>>> -> > >>>> -> malloc(3) doesn't zero memory, to our collective frustration, but > >>>> -> all the garbage in the allocations is from previous allocations > >>>> -> in the current process. It isn't leftover from other processes. > >>>> -> > >>>> -> The avenues available for reading the memory: > >>>> -> - /dev/mem and /dev/kmem (requires root, not available with > >>>> -> Secure Boot) > >>>> -> - /proc/pid/mem (requires ptrace privileges, mediated by YAMA) > >>>> -> - ptrace (requires ptrace privileges, mediated by YAMA) > >>>> -> - causing memory to be swapped to disk, and then inspecting the > >>>> -> swap > >>>> -> > >>>> -> These all require a certain amount of privileges. > >>>> - > >>>> -How to fix it? > >>>> -~~~~~~~~~~~~~~ > >>>> - > >>>> -memzero(), which internally calls explicit_bzero(3), or whatever > >>>> -alternative the system provides with a slightly different name, > >>>> will -make sure that the buffer is zeroed in memory, and > >>>> optimizations are not -allowed to impede this zeroing. > >>>> - > >>>> -This is not really 100% effective, since compilers may place copies > >>>> of -the string somewhere hidden in the stack. Those copies won't > >>>> get zeroed -by explicit_bzero(3). However, that's arguably a > >>>> compiler bug, since -compilers should make everything possible to > >>>> avoid optimizing strings -that are later passed to > >>>> explicit_bzero(3). But we all know that -sometimes it's impossible > >>>> to have perfect knowledge in the compiler, so -this is plausible. > >>>> Nevertheless, there's nothing we can do against such -issues, except > >>>> minimizing the time such passwords are stored in plain -text. > >>>> - > >>>> -Security concerns > >>>> -~~~~~~~~~~~~~~~~~ > >>>> - > >>>> -We believe this isn't easy to exploit. Nevertheless, and since the > >>>> fix -is trivial, this fix should probably be applied soon, and > >>>> backported to -all supported distributions, to prevent someone else > >>>> having more -imagination than us to find a way. > >>>> - > >>>> -Affected versions > >>>> -~~~~~~~~~~~~~~~~~ > >>>> - > >>>> -All. Bug introduced in shadow 19990709. That's the second commit > >>>> in -the git history. > >>>> - > >>>> -Fixes: 45c6603cc86c ("[svn-upgrade] Integrating new upstream > >>>> version, shadow (19990709)") > >>>> - > >>>> -CVE: CVE-2023-4641 > >>>> -Upstream-Status: Backport > >>>> [https://github.com/shadow-maint/shadow/commit/65c88a43a23c2391dcc90 > >>>> c0abda3e839e9c57904] > >>>> - > >>>> -Reported-by: Alejandro Colomar <alx@kernel.org> > >>>> -Cc: Serge Hallyn <serge@hallyn.com> > >>>> -Cc: Iker Pedrosa <ipedrosa@redhat.com> > >>>> -Cc: Seth Arnold <seth.arnold@canonical.com> > >>>> -Cc: Christian Brauner <christian@brauner.io> > >>>> -Cc: Balint Reczey <rbalint@debian.org> > >>>> -Cc: Sam James <sam@gentoo.org> > >>>> -Cc: David Runge <dvzrv@archlinux.org> > >>>> -Cc: Andreas Jaeger <aj@suse.de> > >>>> -Cc: <~hallyn/shadow@lists.sr.ht> > >>>> -Signed-off-by: Alejandro Colomar <alx@kernel.org> > >>>> -Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> > >>>> ---- > >>>> - src/gpasswd.c | 1 + > >>>> - 1 file changed, 1 insertion(+) > >>>> - > >>>> -diff --git a/src/gpasswd.c b/src/gpasswd.c -index > >>>> 5983f787..2d8869ef 100644 > >>>> ---- a/src/gpasswd.c > >>>> -+++ b/src/gpasswd.c > >>>> -@@ -896,6 +896,7 @@ static void change_passwd (struct group *gr) > >>>> - strzero (cp); > >>>> - cp = getpass (_("Re-enter new password: ")); > >>>> - if (NULL == cp) { > >>>> -+ memzero (pass, sizeof pass); > >>>> - exit (1); > >>>> - } > >>>> - > >>>> --- > >>>> -2.34.1 > >>>> - > >>>> diff --git > >>>> a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open- > >>>> failure-in-chroot-env.patch > >>>> b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open- > >>>> failure-in-chroot-env.patch index 85d91751056..4a932d2dbb1 100644 > >>>> --- > >>>> a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open- > >>>> failure-in-chroot-env.patch > >>>> +++ b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-o > >>>> +++ pen-failure-in-chroot-env.patch > >>>> @@ -1,4 +1,4 @@ > >>>> -From 21583da072aa66901d859ac00ce209bac87ddecc Mon Sep 17 00:00:00 > >>>> 2001 > >>>> +From a773c6b240d27e23d6be41decef0edf24fcee523 Mon Sep 17 00:00:00 > >>>> +2001 > >>>> From: Chen Qi <Qi.Chen@windriver.com> > >>>> Date: Thu, 17 Jul 2014 15:53:34 +0800 > >>>> Subject: [PATCH] > >>>> commonio.c-fix-unexpected-open-failure-in-chroot-env > >>>> @@ -15,35 +15,37 @@ Note that this patch doesn't change the logic in the code, it just expands > >>>> the codes. > >>>> > >>>> Signed-off-by: Chen Qi <Qi.Chen@windriver.com> > >>>> - > >>>> --- > >>>> lib/commonio.c | 16 ++++++++++++---- > >>>> 1 file changed, 12 insertions(+), 4 deletions(-) > >>>> > >>>> diff --git a/lib/commonio.c b/lib/commonio.c -index > >>>> 9a02ce1..61384ec 100644 > >>>> +index 73fdb3a..d1231e9 100644 > >>>> --- a/lib/commonio.c > >>>> +++ b/lib/commonio.c > >>>> -@@ -616,10 +616,18 @@ int commonio_open (struct commonio_db *db, > >>>> int mode) > >>>> +@@ -606,10 +606,18 @@ int commonio_open (struct commonio_db *db, > >>>> +int mode) > >>>> db->cursor = NULL; > >>>> db->changed = false; > >>>> > >>>> - fd = open (db->filename, > >>>> - (db->readonly ? O_RDONLY : O_RDWR) > >>>> -- | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW); > >>>> +- | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW | O_CLOEXEC); > >>>> - saved_errno = errno; > >>>> + if (db->readonly) { > >>>> + fd = open (db->filename, > >>>> + (true ? O_RDONLY : O_RDWR) > >>>> -+ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW); > >>>> ++ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW | > >>>> ++ O_CLOEXEC); > >>>> + saved_errno = errno; > >>>> + } else { > >>>> + fd = open (db->filename, > >>>> + (false ? O_RDONLY : O_RDWR) > >>>> -+ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW); > >>>> ++ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW| > >>>> ++ O_CLOEXEC); > >>>> + saved_errno = errno; > >>>> + } > >>>> + > >>>> db->fp = NULL; > >>>> if (fd >= 0) { > >>>> #ifdef WITH_TCB > >>>> +-- > >>>> +2.30.2 > >>>> + > >>>> diff --git a/meta/recipes-extended/shadow/shadow.inc > >>>> b/meta/recipes-extended/shadow/shadow.inc > >>>> index ce3ce627156..c024746d4ff 100644 > >>>> --- a/meta/recipes-extended/shadow/shadow.inc > >>>> +++ b/meta/recipes-extended/shadow/shadow.inc > >>>> @@ -5,7 +5,7 @@ BUGTRACKER = "http://github.com/shadow-maint/shadow/issues" > >>>> SECTION = "base/utils" > >>>> LICENSE = "BSD-3-Clause" > >>>> LIC_FILES_CHKSUM = "file://COPYING;md5=c9a450b7be84eac23e6353efecb60b5b \ > >>>> - file://src/passwd.c;beginline=2;endline=30;md5=758c26751513b6795395275969dd3be1 \ > >>>> + > >>>> + file://src/passwd.c;beginline=2;endline=7;md5=67bcf314687820b2f010 > >>>> + d4863fce3fc5 \ > >>>> " > >>>> > >>>> DEPENDS = "virtual/crypt" > >>>> @@ -14,10 +14,6 @@ GITHUB_BASE_URI = "https://github.com/shadow-maint/shadow/releases" > >>>> SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BP}.tar.gz \ > >>>> ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \ > >>>> file://useradd \ > >>>> - file://0001-Fix-can-not-print-full-login.patch \ > >>>> - file://CVE-2023-29383.patch \ > >>>> - file://0001-Overhaul-valid_field.patch \ > >>>> - file://CVE-2023-4641.patch \ > >>>> " > >>>> > >>>> SRC_URI:append:class-target = " \ > >>>> @@ -26,14 +22,9 @@ SRC_URI:append:class-target = " \ > >>>> " > >>>> > >>>> SRC_URI:append:class-native = " \ > >>>> - file://0001-Disable-use-of-syslog-for-sysroot.patch \ > >>>> file://commonio.c-fix-unexpected-open-failure-in-chroot-env.patch \ > >>>> " > >>>> -SRC_URI:append:class-nativesdk = " \ > >>>> - file://0001-Disable-use-of-syslog-for-sysroot.patch \ > >>>> - " > >>>> -SRC_URI[sha256sum] = "813057047499c7fe81108adcf0cffa3ad4ec75e19a80151f9cbaa458ff2e86cd" > >>>> - > >>>> +SRC_URI[sha256sum] = "a305edf5d19bddbdf5e836d2d609fa8bff2d35458819de4d9f06306a1cf24342" > >>>> > >>>> # Additional Policy files for PAM > >>>> PAM_SRC_URI = "file://pam.d/chfn \ @@ -44,7 +35,7 @@ PAM_SRC_URI = > >>>> "file://pam.d/chfn \ > >>>> file://pam.d/passwd \ > >>>> file://pam.d/su" > >>>> > >>>> -inherit autotools gettext github-releases > >>>> +inherit autotools gettext github-releases pkgconfig > >>>> > >>>> export CONFIG_SHELL="/bin/sh" > >>>> > >>>> @@ -54,6 +45,8 @@ EXTRA_OECONF += "--without-libcrack \ > >>>> --without-sssd \ > >>>> ${NSCDOPT}" > >>>> > >>>> +CFLAGS:append:libc-musl = " -DLIBBSD_OVERLAY" > >>>> + > >>>> NSCDOPT = "" > >>>> NSCDOPT:class-native = "--without-nscd" > >>>> NSCDOPT:class-nativesdk = "--without-nscd" > >>>> @@ -73,13 +66,14 @@ PAM_PLUGINS = "libpam-runtime \ > >>>> > >>>> PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \ > >>>> ${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}" > >>>> -PACKAGECONFIG:class-native ??= "${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}" > >>>> +PACKAGECONFIG:class-native ??= "${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)} libbsd" > >>>> PACKAGECONFIG:class-nativesdk = "" > >>>> PACKAGECONFIG[pam] = "--with-libpam,--without-libpam,libpam,${PAM_PLUGINS}" > >>>> PACKAGECONFIG[attr] = "--with-attr,--without-attr,attr" > >>>> PACKAGECONFIG[acl] = "--with-acl,--without-acl,acl" > >>>> PACKAGECONFIG[audit] = "--with-audit,--without-audit,audit" > >>>> PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux libsemanage" > >>>> +PACKAGECONFIG[libbsd] = "--with-libbsd,--without-libbsd,libbsd" > >>>> > >>>> RDEPENDS:${PN} = "shadow-securetty \ > >>>> base-passwd \ > >>>> diff --git a/meta/recipes-extended/shadow/shadow_4.13.bb > >>>> b/meta/recipes-extended/shadow/shadow_4.14.2.bb > >>>> similarity index 100% > >>>> rename from meta/recipes-extended/shadow/shadow_4.13.bb > >>>> rename to meta/recipes-extended/shadow/shadow_4.14.2.bb > >>>> > >>>> > >>>> >
I only ran 'oe-selftest -r overlayfs.OverlayFSEtcRunTimeTest' on a fresh poky clone with SANITY_TESTED_DISTROS = "" set in local.conf. I'm trying now the build with this commit reverted. Slava On 08.02.2024 11:45, Alexander Kanavin wrote: > First you need to show how to reproduce it with plain poky. > > Alex > > On Thu, 8 Feb 2024 at 11:40, Vyacheslav Yurkov <uvv.mail@gmail.com> wrote: >> I'm getting the same "parameter name omitted" error with today's master >> of poky on Ubuntu-20.04 machine. Is there a fix for that? >> >> Slava >> >> On 19.01.2024 13:24, Alexander Kanavin wrote: >>> I've seen issues where static libraries built on one host were not >>> usable on a different host with default compiler options. This may be >>> another one of these. >>> >>> We're reverting to dynamic linking with libraries in a custom >>> directory in sysroot that would be bundled together with shadow-native >>> proper. Patch is coming. >>> >>> Alex >>> >>> On Fri, 19 Jan 2024 at 13:13, Chen, Qi <Qi.Chen@windriver.com> wrote: >>>> I didn't do anything particular, but as several people are sharing the server, it's possible that its environment is somewhat messed up. I'll check more and fix the environment. Thanks for your double check. >>>> >>>> Regards, >>>> Qi >>>> >>>> -----Original Message----- >>>> From: Alexander Kanavin <alex.kanavin@gmail.com> >>>> Sent: Friday, January 19, 2024 6:12 PM >>>> To: Chen, Qi <Qi.Chen@windriver.com> >>>> Cc: openembedded-core@lists.openembedded.org; Alexander Kanavin <alex@linutronix.de> >>>> Subject: Re: [OE-core] [PATCH v3 1/2] shadow: update 4.13 -> 4.14.2 >>>> >>>> I just tried poky master on ubuntu 20.04, and the issues do not appear. Do you have a custom setup? >>>> >>>> Alex >>>> >>>> On Fri, 19 Jan 2024 at 04:06, ChenQi <Qi.Chen@windriver.com> wrote: >>>>> I'm seeing build failures on Ubuntu 20.04. >>>>> GCC version: 9.4.0 >>>>> >>>>> 1. error: parameter name omitted >>>>> The problem is that the active_sessions_count function's definition >>>>> lacks parameter. I did change like below: >>>>> -unsigned long active_sessions_count(const char *name, unsigned long >>>>> unused) >>>>> +unsigned long active_sessions_count(const char *name, unsigned long >>>>> unused unused_parameter) >>>>> But then I observed another error, as shown below. >>>>> >>>>> 2. undefined reference to `dlsym'. >>>>> | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: >>>>> ../lib/.libs/libshadow.a(libshadow_la-nss.o): in function `nss_exit': >>>>> | nss.c:(.text+0x32): undefined reference to `dlclose' >>>>> | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: >>>>> ../lib/.libs/libshadow.a(libshadow_la-nss.o): in function `nss_init': >>>>> | nss.c:(.text+0x1dd): undefined reference to `dlopen' >>>>> | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: >>>>> nss.c:(.text+0x21c): undefined reference to `dlsym' >>>>> | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: >>>>> nss.c:(.text+0x237): undefined reference to `dlsym' >>>>> | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: >>>>> nss.c:(.text+0x253): undefined reference to `dlsym' >>>>> | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: >>>>> nss.c:(.text+0x365): undefined reference to `dlclose' >>>>> | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: >>>>> nss.c:(.text+0x3b2): undefined reference to `dlerror' >>>>> | collect2: error: ld returned 1 exit status >>>>> | make[2]: *** [Makefile:1130: su] Error 1 >>>>> >>>>> On Ubuntu22.04, there's no such issue. >>>>> >>>>> Regards, >>>>> Qi >>>>> >>>>> On 1/11/24 21:15, Alexander Kanavin wrote: >>>>>> License-Update: formatting, spdx conversion >>>>>> >>>>>> Drop: >>>>>> 0001-Disable-use-of-syslog-for-sysroot.patch >>>>>> (issue fixed upstream) >>>>>> >>>>>> 0001-Fix-can-not-print-full-login.patch >>>>>> 0001-Overhaul-valid_field.patch >>>>>> CVE-2023-29383.patch >>>>>> (backports) >>>>>> >>>>>> libbsd is a new native dependency, as otherwise glibc >= 2.38 is >>>>>> needed. >>>>>> >>>>>> A similar fix is added to musl in order to define non-standard __BEGIN_DECLS/__END_DECLS. >>>>>> >>>>>> Signed-off-by: Alexander Kanavin <alex@linutronix.de> >>>>>> --- >>>>>> ...01-Disable-use-of-syslog-for-sysroot.patch | 52 ------- >>>>>> .../0001-Fix-can-not-print-full-login.patch | 41 ----- >>>>>> .../files/0001-Overhaul-valid_field.patch | 65 -------- >>>>>> .../shadow/files/CVE-2023-29383.patch | 53 ------- >>>>>> .../shadow/files/CVE-2023-4641.patch | 147 ------------------ >>>>>> ...nexpected-open-failure-in-chroot-env.patch | 16 +- >>>>>> meta/recipes-extended/shadow/shadow.inc | 20 +-- >>>>>> .../{shadow_4.13.bb => shadow_4.14.2.bb} | 0 >>>>>> 8 files changed, 16 insertions(+), 378 deletions(-) >>>>>> delete mode 100644 meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch >>>>>> delete mode 100644 meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch >>>>>> delete mode 100644 meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch >>>>>> delete mode 100644 meta/recipes-extended/shadow/files/CVE-2023-29383.patch >>>>>> delete mode 100644 meta/recipes-extended/shadow/files/CVE-2023-4641.patch >>>>>> rename meta/recipes-extended/shadow/{shadow_4.13.bb => >>>>>> shadow_4.14.2.bb} (100%) >>>>>> >>>>>> diff --git >>>>>> a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for- >>>>>> sysroot.patch >>>>>> b/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for- >>>>>> sysroot.patch >>>>>> deleted file mode 100644 >>>>>> index fa1532c8317..00000000000 >>>>>> --- >>>>>> a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for- >>>>>> sysroot.patch >>>>>> +++ /dev/null >>>>>> @@ -1,52 +0,0 @@ >>>>>> -From 85d0444229ee3d14fefcf10d093f49c862826f82 Mon Sep 17 00:00:00 >>>>>> 2001 >>>>>> -From: Richard Purdie <richard.purdie@linuxfoundation.org> >>>>>> -Date: Thu, 14 Apr 2022 23:11:53 +0000 >>>>>> -Subject: [PATCH] Disable use of syslog for shadow-native tools >>>>>> - >>>>>> -Disable use of syslog to prevent sysroot user and group additions >>>>>> from -writing entries to the host's syslog. This patch should only >>>>>> be used -with the shadow-native recipe. >>>>>> - >>>>>> -Upstream-Status: Inappropriate [OE specific configuration] >>>>>> -Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> >>>>>> -Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> >>>>>> - >>>>>> ---- >>>>>> - configure.ac | 2 +- >>>>>> - src/login_nopam.c | 3 ++- >>>>>> - 2 files changed, 3 insertions(+), 2 deletions(-) >>>>>> - >>>>>> -diff --git a/configure.ac b/configure.ac -index 924254a..603af81 >>>>>> 100644 >>>>>> ---- a/configure.ac >>>>>> -+++ b/configure.ac >>>>>> -@@ -191,7 +191,7 @@ AC_DEFINE_UNQUOTED(PASSWD_PROGRAM, "$shadow_cv_passwd_dir/passwd", >>>>>> - [Path to passwd program.]) >>>>>> - >>>>>> - dnl XXX - quick hack, should disappear before anyone notices :). >>>>>> --AC_DEFINE(USE_SYSLOG, 1, [Define to use syslog().]) >>>>>> -+#AC_DEFINE(USE_SYSLOG, 1, [Define to use syslog().]) >>>>>> - if test "$ac_cv_func_ruserok" = "yes"; then >>>>>> - AC_DEFINE(RLOGIN, 1, [Define if login should support the -r flag for rlogind.]) >>>>>> - AC_DEFINE(RUSEROK, 0, [Define to the ruserok() "success" return value (0 or 1).]) >>>>>> -diff --git a/src/login_nopam.c b/src/login_nopam.c -index >>>>>> df6ba88..fc24e13 100644 >>>>>> ---- a/src/login_nopam.c >>>>>> -+++ b/src/login_nopam.c >>>>>> -@@ -29,7 +29,6 @@ >>>>>> - #ifndef USE_PAM >>>>>> - #ident "$Id$" >>>>>> - >>>>>> --#include "prototypes.h" >>>>>> - /* >>>>>> - * This module implements a simple but effective form of login access >>>>>> - * control based on login names and on host (or domain) names, internet >>>>>> -@@ -57,6 +56,8 @@ >>>>>> - #include <netinet/in.h> >>>>>> - #include <arpa/inet.h> /* for inet_ntoa() */ >>>>>> - >>>>>> -+#include "prototypes.h" >>>>>> -+ >>>>>> - #if !defined(MAXHOSTNAMELEN) || (MAXHOSTNAMELEN < 64) >>>>>> - #undef MAXHOSTNAMELEN >>>>>> - #define MAXHOSTNAMELEN 256 >>>>>> diff --git >>>>>> a/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-log >>>>>> in.patch >>>>>> b/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-log >>>>>> in.patch >>>>>> deleted file mode 100644 >>>>>> index 89f9c05c8d3..00000000000 >>>>>> --- >>>>>> a/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-log >>>>>> in.patch >>>>>> +++ /dev/null >>>>>> @@ -1,41 +0,0 @@ >>>>>> -commit 670cae834827a8f794e6f7464fa57790d911b63c >>>>>> -Author: SoumyaWind <121475834+SoumyaWind@users.noreply.github.com> >>>>>> -Date: Tue Dec 27 17:40:17 2022 +0530 >>>>>> - >>>>>> - shadow: Fix can not print full login timeout message >>>>>> - >>>>>> - Login timed out message prints only first few bytes when write is immediately followed by exit. >>>>>> - Calling exit from new handler provides enough time to display full message. >>>>>> - >>>>>> -Upstream-Status: Backport >>>>>> [https://github.com/shadow-maint/shadow/commit/670cae834827a8f794e6f >>>>>> 7464fa57790d911b63c] >>>>>> - >>>>>> -diff --git a/src/login.c b/src/login.c -index 116e2cb3..c55f4de0 >>>>>> 100644 >>>>>> ---- a/src/login.c >>>>>> -+++ b/src/login.c >>>>>> -@@ -120,6 +120,7 @@ static void get_pam_user (char **ptr_pam_user); >>>>>> - >>>>>> - static void init_env (void); >>>>>> - static void alarm_handler (int); >>>>>> -+static void exit_handler (int); >>>>>> - >>>>>> - /* >>>>>> - * usage - print login command usage and exit -@@ -391,11 +392,16 >>>>>> @@ static void init_env (void) >>>>>> - #endif /* !USE_PAM */ >>>>>> - } >>>>>> - >>>>>> -+static void exit_handler (unused int sig) { >>>>>> -+ _exit (0); >>>>>> -+} >>>>>> - >>>>>> - static void alarm_handler (unused int sig) >>>>>> - { >>>>>> - write (STDERR_FILENO, tmsg, strlen (tmsg)); >>>>>> -- _exit (0); >>>>>> -+ signal(SIGALRM, exit_handler); >>>>>> -+ alarm(2); >>>>>> - } >>>>>> - >>>>>> - #ifdef USE_PAM >>>>>> diff --git >>>>>> a/meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch >>>>>> b/meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch >>>>>> deleted file mode 100644 >>>>>> index ac08be515bf..00000000000 >>>>>> --- >>>>>> a/meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch >>>>>> +++ /dev/null >>>>>> @@ -1,65 +0,0 @@ >>>>>> -From 2eaea70111f65b16d55998386e4ceb4273c19eb4 Mon Sep 17 00:00:00 >>>>>> 2001 >>>>>> -From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= >>>>>> <cgzones@googlemail.com> >>>>>> -Date: Fri, 31 Mar 2023 14:46:50 +0200 >>>>>> -Subject: [PATCH] Overhaul valid_field() >>>>>> - >>>>>> -e5905c4b ("Added control character check") introduced checking for >>>>>> -control characters but had the logic inverted, so it rejects all >>>>>> -characters that are not control ones. >>>>>> - >>>>>> -Cast the character to `unsigned char` before passing to the >>>>>> character -checking functions to avoid UB. >>>>>> - >>>>>> -Use strpbrk(3) for the illegal character test and return early. >>>>>> - >>>>>> -Upstream-Status: Backport >>>>>> [https://github.com/shadow-maint/shadow/commit/2eaea70111f65b16d5599 >>>>>> 8386e4ceb4273c19eb4] >>>>>> - >>>>>> -Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> >>>>>> ---- >>>>>> - lib/fields.c | 24 ++++++++++-------------- >>>>>> - 1 file changed, 10 insertions(+), 14 deletions(-) >>>>>> - >>>>>> -diff --git a/lib/fields.c b/lib/fields.c -index fb51b582..53929248 >>>>>> 100644 >>>>>> ---- a/lib/fields.c >>>>>> -+++ b/lib/fields.c >>>>>> -@@ -37,26 +37,22 @@ int valid_field (const char *field, const char >>>>>> *illegal) >>>>>> - >>>>>> - /* For each character of field, search if it appears in the list >>>>>> - * of illegal characters. */ >>>>>> -+ if (illegal && NULL != strpbrk (field, illegal)) { >>>>>> -+ return -1; >>>>>> -+ } >>>>>> -+ >>>>>> -+ /* Search if there are non-printable or control characters */ >>>>>> - for (cp = field; '\0' != *cp; cp++) { >>>>>> -- if (strchr (illegal, *cp) != NULL) { >>>>>> -+ unsigned char c = *cp; >>>>>> -+ if (!isprint (c)) { >>>>>> -+ err = 1; >>>>>> -+ } >>>>>> -+ if (iscntrl (c)) { >>>>>> - err = -1; >>>>>> - break; >>>>>> - } >>>>>> - } >>>>>> - >>>>>> -- if (0 == err) { >>>>>> -- /* Search if there are non-printable or control characters */ >>>>>> -- for (cp = field; '\0' != *cp; cp++) { >>>>>> -- if (!isprint (*cp)) { >>>>>> -- err = 1; >>>>>> -- } >>>>>> -- if (!iscntrl (*cp)) { >>>>>> -- err = -1; >>>>>> -- break; >>>>>> -- } >>>>>> -- } >>>>>> -- } >>>>>> -- >>>>>> - return err; >>>>>> - } >>>>>> - >>>>>> --- >>>>>> -2.34.1 >>>>>> - >>>>>> diff --git a/meta/recipes-extended/shadow/files/CVE-2023-29383.patch >>>>>> b/meta/recipes-extended/shadow/files/CVE-2023-29383.patch >>>>>> deleted file mode 100644 >>>>>> index f53341d3fc2..00000000000 >>>>>> --- a/meta/recipes-extended/shadow/files/CVE-2023-29383.patch >>>>>> +++ /dev/null >>>>>> @@ -1,53 +0,0 @@ >>>>>> -From e5905c4b84d4fb90aefcd96ee618411ebfac663d Mon Sep 17 00:00:00 >>>>>> 2001 >>>>>> -From: tomspiderlabs >>>>>> <128755403+tomspiderlabs@users.noreply.github.com> >>>>>> -Date: Thu, 23 Mar 2023 23:39:38 +0000 >>>>>> -Subject: [PATCH] Added control character check >>>>>> - >>>>>> -Added control character check, returning -1 (to "err") if control characters are present. >>>>>> - >>>>>> -CVE: CVE-2023-29383 >>>>>> -Upstream-Status: Backport >>>>>> - >>>>>> -Reference to upstream: >>>>>> -https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd >>>>>> 96ee618411ebfac663d >>>>>> - >>>>>> -Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> >>>>>> ---- >>>>>> - lib/fields.c | 11 +++++++---- >>>>>> - 1 file changed, 7 insertions(+), 4 deletions(-) >>>>>> - >>>>>> -diff --git a/lib/fields.c b/lib/fields.c -index 640be931..fb51b582 >>>>>> 100644 >>>>>> ---- a/lib/fields.c >>>>>> -+++ b/lib/fields.c >>>>>> -@@ -21,9 +21,9 @@ >>>>>> - * >>>>>> - * The supplied field is scanned for non-printable and other >>>>>> illegal >>>>>> - * characters. >>>>>> -- * + -1 is returned if an illegal character is present. >>>>>> -- * + 1 is returned if no illegal characters are present, but the field >>>>>> -- * contains a non-printable character. >>>>>> -+ * + -1 is returned if an illegal or control character is present. >>>>>> -+ * + 1 is returned if no illegal or control characters are present, >>>>>> -+ * but the field contains a non-printable character. >>>>>> - * + 0 is returned otherwise. >>>>>> - */ >>>>>> - int valid_field (const char *field, const char *illegal) -@@ >>>>>> -45,10 +45,13 @@ int valid_field (const char *field, const char *illegal) >>>>>> - } >>>>>> - >>>>>> - if (0 == err) { >>>>>> -- /* Search if there are some non-printable characters */ >>>>>> -+ /* Search if there are non-printable or control >>>>>> -+ characters */ >>>>>> - for (cp = field; '\0' != *cp; cp++) { >>>>>> - if (!isprint (*cp)) { >>>>>> - err = 1; >>>>>> -+ } >>>>>> -+ if (!iscntrl (*cp)) { >>>>>> -+ err = -1; >>>>>> - break; >>>>>> - } >>>>>> - } >>>>>> --- >>>>>> -2.34.1 >>>>>> - >>>>>> diff --git a/meta/recipes-extended/shadow/files/CVE-2023-4641.patch >>>>>> b/meta/recipes-extended/shadow/files/CVE-2023-4641.patch >>>>>> deleted file mode 100644 >>>>>> index 1fabfe928e4..00000000000 >>>>>> --- a/meta/recipes-extended/shadow/files/CVE-2023-4641.patch >>>>>> +++ /dev/null >>>>>> @@ -1,147 +0,0 @@ >>>>>> -From 25dbe2ce166a13322b7536ff2f738786ea2e61e7 Mon Sep 17 00:00:00 >>>>>> 2001 >>>>>> -From: Alejandro Colomar <alx@kernel.org> >>>>>> -Date: Sat, 10 Jun 2023 16:20:05 +0200 >>>>>> -Subject: [PATCH] gpasswd(1): Fix password leak >>>>>> - >>>>>> -How to trigger this password leak? >>>>>> -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >>>>>> - >>>>>> -When gpasswd(1) asks for the new password, it asks twice (as is >>>>>> usual -for confirming the new password). Each of those 2 password >>>>>> prompts -uses agetpass() to get the password. If the second >>>>>> agetpass() fails, -the first password, which has been copied into >>>>>> the 'static' buffer -'pass' via STRFCPY(), wasn't being zeroed. >>>>>> - >>>>>> -agetpass() is defined in <./libmisc/agetpass.c> (around line 91), >>>>>> and -can fail for any of the following reasons: >>>>>> - >>>>>> -- malloc(3) or readpassphrase(3) failure. >>>>>> - >>>>>> - These are going to be difficult to trigger. Maybe getting the system >>>>>> - to the limits of memory utilization at that exact point, so that the >>>>>> - next malloc(3) gets ENOMEM, and possibly even the OOM is triggered. >>>>>> - About readpassphrase(3), ENFILE and EINTR seem the only plausible >>>>>> - ones, and EINTR probably requires privilege or being the same user; >>>>>> - but I wouldn't discard ENFILE so easily, if a process starts opening >>>>>> - files. >>>>>> - >>>>>> -- The password is longer than PASS_MAX. >>>>>> - >>>>>> - The is plausible with physical access. However, at that point, a >>>>>> - keylogger will be a much simpler attack. >>>>>> - >>>>>> -And, the attacker must be able to know when the second password is >>>>>> being -introduced, which is not going to be easy. >>>>>> - >>>>>> -How to read the password after the leak? >>>>>> -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >>>>>> - >>>>>> -Provoking the leak yourself at the right point by entering a very >>>>>> long -password is easy, and inspecting the process stack at that >>>>>> point should -be doable. Try to find some consistent patterns. >>>>>> - >>>>>> -Then, search for those patterns in free memory, right after the >>>>>> victim -leaks their password. >>>>>> - >>>>>> -Once you get the leak, a program should read all the free memory >>>>>> -searching for patterns that gpasswd(1) leaves nearby the leaked >>>>>> -password. >>>>>> - >>>>>> -On 6/10/23 03:14, Seth Arnold wrote: >>>>>> -> An attacker process wouldn't be able to use malloc(3) for this task. >>>>>> -> There's a handful of tools available for userspace to allocate memory: >>>>>> -> >>>>>> -> - brk / sbrk >>>>>> -> - mmap MAP_ANONYMOUS >>>>>> -> - mmap /dev/zero >>>>>> -> - mmap some other file >>>>>> -> - shm_open >>>>>> -> - shmget >>>>>> -> >>>>>> -> Most of these return only pages of zeros to a process. Using >>>>>> -> mmap of an existing file, you can get some of the contents of the >>>>>> -> file demand-loaded into the memory space on the first use. >>>>>> -> >>>>>> -> The MAP_UNINITIALIZED flag only works if the kernel was compiled >>>>>> -> with CONFIG_MMAP_ALLOW_UNINITIALIZED. This is rare. >>>>>> -> >>>>>> -> malloc(3) doesn't zero memory, to our collective frustration, but >>>>>> -> all the garbage in the allocations is from previous allocations >>>>>> -> in the current process. It isn't leftover from other processes. >>>>>> -> >>>>>> -> The avenues available for reading the memory: >>>>>> -> - /dev/mem and /dev/kmem (requires root, not available with >>>>>> -> Secure Boot) >>>>>> -> - /proc/pid/mem (requires ptrace privileges, mediated by YAMA) >>>>>> -> - ptrace (requires ptrace privileges, mediated by YAMA) >>>>>> -> - causing memory to be swapped to disk, and then inspecting the >>>>>> -> swap >>>>>> -> >>>>>> -> These all require a certain amount of privileges. >>>>>> - >>>>>> -How to fix it? >>>>>> -~~~~~~~~~~~~~~ >>>>>> - >>>>>> -memzero(), which internally calls explicit_bzero(3), or whatever >>>>>> -alternative the system provides with a slightly different name, >>>>>> will -make sure that the buffer is zeroed in memory, and >>>>>> optimizations are not -allowed to impede this zeroing. >>>>>> - >>>>>> -This is not really 100% effective, since compilers may place copies >>>>>> of -the string somewhere hidden in the stack. Those copies won't >>>>>> get zeroed -by explicit_bzero(3). However, that's arguably a >>>>>> compiler bug, since -compilers should make everything possible to >>>>>> avoid optimizing strings -that are later passed to >>>>>> explicit_bzero(3). But we all know that -sometimes it's impossible >>>>>> to have perfect knowledge in the compiler, so -this is plausible. >>>>>> Nevertheless, there's nothing we can do against such -issues, except >>>>>> minimizing the time such passwords are stored in plain -text. >>>>>> - >>>>>> -Security concerns >>>>>> -~~~~~~~~~~~~~~~~~ >>>>>> - >>>>>> -We believe this isn't easy to exploit. Nevertheless, and since the >>>>>> fix -is trivial, this fix should probably be applied soon, and >>>>>> backported to -all supported distributions, to prevent someone else >>>>>> having more -imagination than us to find a way. >>>>>> - >>>>>> -Affected versions >>>>>> -~~~~~~~~~~~~~~~~~ >>>>>> - >>>>>> -All. Bug introduced in shadow 19990709. That's the second commit >>>>>> in -the git history. >>>>>> - >>>>>> -Fixes: 45c6603cc86c ("[svn-upgrade] Integrating new upstream >>>>>> version, shadow (19990709)") >>>>>> - >>>>>> -CVE: CVE-2023-4641 >>>>>> -Upstream-Status: Backport >>>>>> [https://github.com/shadow-maint/shadow/commit/65c88a43a23c2391dcc90 >>>>>> c0abda3e839e9c57904] >>>>>> - >>>>>> -Reported-by: Alejandro Colomar <alx@kernel.org> >>>>>> -Cc: Serge Hallyn <serge@hallyn.com> >>>>>> -Cc: Iker Pedrosa <ipedrosa@redhat.com> >>>>>> -Cc: Seth Arnold <seth.arnold@canonical.com> >>>>>> -Cc: Christian Brauner <christian@brauner.io> >>>>>> -Cc: Balint Reczey <rbalint@debian.org> >>>>>> -Cc: Sam James <sam@gentoo.org> >>>>>> -Cc: David Runge <dvzrv@archlinux.org> >>>>>> -Cc: Andreas Jaeger <aj@suse.de> >>>>>> -Cc: <~hallyn/shadow@lists.sr.ht> >>>>>> -Signed-off-by: Alejandro Colomar <alx@kernel.org> >>>>>> -Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> >>>>>> ---- >>>>>> - src/gpasswd.c | 1 + >>>>>> - 1 file changed, 1 insertion(+) >>>>>> - >>>>>> -diff --git a/src/gpasswd.c b/src/gpasswd.c -index >>>>>> 5983f787..2d8869ef 100644 >>>>>> ---- a/src/gpasswd.c >>>>>> -+++ b/src/gpasswd.c >>>>>> -@@ -896,6 +896,7 @@ static void change_passwd (struct group *gr) >>>>>> - strzero (cp); >>>>>> - cp = getpass (_("Re-enter new password: ")); >>>>>> - if (NULL == cp) { >>>>>> -+ memzero (pass, sizeof pass); >>>>>> - exit (1); >>>>>> - } >>>>>> - >>>>>> --- >>>>>> -2.34.1 >>>>>> - >>>>>> diff --git >>>>>> a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open- >>>>>> failure-in-chroot-env.patch >>>>>> b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open- >>>>>> failure-in-chroot-env.patch index 85d91751056..4a932d2dbb1 100644 >>>>>> --- >>>>>> a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open- >>>>>> failure-in-chroot-env.patch >>>>>> +++ b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-o >>>>>> +++ pen-failure-in-chroot-env.patch >>>>>> @@ -1,4 +1,4 @@ >>>>>> -From 21583da072aa66901d859ac00ce209bac87ddecc Mon Sep 17 00:00:00 >>>>>> 2001 >>>>>> +From a773c6b240d27e23d6be41decef0edf24fcee523 Mon Sep 17 00:00:00 >>>>>> +2001 >>>>>> From: Chen Qi <Qi.Chen@windriver.com> >>>>>> Date: Thu, 17 Jul 2014 15:53:34 +0800 >>>>>> Subject: [PATCH] >>>>>> commonio.c-fix-unexpected-open-failure-in-chroot-env >>>>>> @@ -15,35 +15,37 @@ Note that this patch doesn't change the logic in the code, it just expands >>>>>> the codes. >>>>>> >>>>>> Signed-off-by: Chen Qi <Qi.Chen@windriver.com> >>>>>> - >>>>>> --- >>>>>> lib/commonio.c | 16 ++++++++++++---- >>>>>> 1 file changed, 12 insertions(+), 4 deletions(-) >>>>>> >>>>>> diff --git a/lib/commonio.c b/lib/commonio.c -index >>>>>> 9a02ce1..61384ec 100644 >>>>>> +index 73fdb3a..d1231e9 100644 >>>>>> --- a/lib/commonio.c >>>>>> +++ b/lib/commonio.c >>>>>> -@@ -616,10 +616,18 @@ int commonio_open (struct commonio_db *db, >>>>>> int mode) >>>>>> +@@ -606,10 +606,18 @@ int commonio_open (struct commonio_db *db, >>>>>> +int mode) >>>>>> db->cursor = NULL; >>>>>> db->changed = false; >>>>>> >>>>>> - fd = open (db->filename, >>>>>> - (db->readonly ? O_RDONLY : O_RDWR) >>>>>> -- | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW); >>>>>> +- | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW | O_CLOEXEC); >>>>>> - saved_errno = errno; >>>>>> + if (db->readonly) { >>>>>> + fd = open (db->filename, >>>>>> + (true ? O_RDONLY : O_RDWR) >>>>>> -+ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW); >>>>>> ++ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW | >>>>>> ++ O_CLOEXEC); >>>>>> + saved_errno = errno; >>>>>> + } else { >>>>>> + fd = open (db->filename, >>>>>> + (false ? O_RDONLY : O_RDWR) >>>>>> -+ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW); >>>>>> ++ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW| >>>>>> ++ O_CLOEXEC); >>>>>> + saved_errno = errno; >>>>>> + } >>>>>> + >>>>>> db->fp = NULL; >>>>>> if (fd >= 0) { >>>>>> #ifdef WITH_TCB >>>>>> +-- >>>>>> +2.30.2 >>>>>> + >>>>>> diff --git a/meta/recipes-extended/shadow/shadow.inc >>>>>> b/meta/recipes-extended/shadow/shadow.inc >>>>>> index ce3ce627156..c024746d4ff 100644 >>>>>> --- a/meta/recipes-extended/shadow/shadow.inc >>>>>> +++ b/meta/recipes-extended/shadow/shadow.inc >>>>>> @@ -5,7 +5,7 @@ BUGTRACKER = "http://github.com/shadow-maint/shadow/issues" >>>>>> SECTION = "base/utils" >>>>>> LICENSE = "BSD-3-Clause" >>>>>> LIC_FILES_CHKSUM = "file://COPYING;md5=c9a450b7be84eac23e6353efecb60b5b \ >>>>>> - file://src/passwd.c;beginline=2;endline=30;md5=758c26751513b6795395275969dd3be1 \ >>>>>> + >>>>>> + file://src/passwd.c;beginline=2;endline=7;md5=67bcf314687820b2f010 >>>>>> + d4863fce3fc5 \ >>>>>> " >>>>>> >>>>>> DEPENDS = "virtual/crypt" >>>>>> @@ -14,10 +14,6 @@ GITHUB_BASE_URI = "https://github.com/shadow-maint/shadow/releases" >>>>>> SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BP}.tar.gz \ >>>>>> ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \ >>>>>> file://useradd \ >>>>>> - file://0001-Fix-can-not-print-full-login.patch \ >>>>>> - file://CVE-2023-29383.patch \ >>>>>> - file://0001-Overhaul-valid_field.patch \ >>>>>> - file://CVE-2023-4641.patch \ >>>>>> " >>>>>> >>>>>> SRC_URI:append:class-target = " \ >>>>>> @@ -26,14 +22,9 @@ SRC_URI:append:class-target = " \ >>>>>> " >>>>>> >>>>>> SRC_URI:append:class-native = " \ >>>>>> - file://0001-Disable-use-of-syslog-for-sysroot.patch \ >>>>>> file://commonio.c-fix-unexpected-open-failure-in-chroot-env.patch \ >>>>>> " >>>>>> -SRC_URI:append:class-nativesdk = " \ >>>>>> - file://0001-Disable-use-of-syslog-for-sysroot.patch \ >>>>>> - " >>>>>> -SRC_URI[sha256sum] = "813057047499c7fe81108adcf0cffa3ad4ec75e19a80151f9cbaa458ff2e86cd" >>>>>> - >>>>>> +SRC_URI[sha256sum] = "a305edf5d19bddbdf5e836d2d609fa8bff2d35458819de4d9f06306a1cf24342" >>>>>> >>>>>> # Additional Policy files for PAM >>>>>> PAM_SRC_URI = "file://pam.d/chfn \ @@ -44,7 +35,7 @@ PAM_SRC_URI = >>>>>> "file://pam.d/chfn \ >>>>>> file://pam.d/passwd \ >>>>>> file://pam.d/su" >>>>>> >>>>>> -inherit autotools gettext github-releases >>>>>> +inherit autotools gettext github-releases pkgconfig >>>>>> >>>>>> export CONFIG_SHELL="/bin/sh" >>>>>> >>>>>> @@ -54,6 +45,8 @@ EXTRA_OECONF += "--without-libcrack \ >>>>>> --without-sssd \ >>>>>> ${NSCDOPT}" >>>>>> >>>>>> +CFLAGS:append:libc-musl = " -DLIBBSD_OVERLAY" >>>>>> + >>>>>> NSCDOPT = "" >>>>>> NSCDOPT:class-native = "--without-nscd" >>>>>> NSCDOPT:class-nativesdk = "--without-nscd" >>>>>> @@ -73,13 +66,14 @@ PAM_PLUGINS = "libpam-runtime \ >>>>>> >>>>>> PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \ >>>>>> ${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}" >>>>>> -PACKAGECONFIG:class-native ??= "${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}" >>>>>> +PACKAGECONFIG:class-native ??= "${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)} libbsd" >>>>>> PACKAGECONFIG:class-nativesdk = "" >>>>>> PACKAGECONFIG[pam] = "--with-libpam,--without-libpam,libpam,${PAM_PLUGINS}" >>>>>> PACKAGECONFIG[attr] = "--with-attr,--without-attr,attr" >>>>>> PACKAGECONFIG[acl] = "--with-acl,--without-acl,acl" >>>>>> PACKAGECONFIG[audit] = "--with-audit,--without-audit,audit" >>>>>> PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux libsemanage" >>>>>> +PACKAGECONFIG[libbsd] = "--with-libbsd,--without-libbsd,libbsd" >>>>>> >>>>>> RDEPENDS:${PN} = "shadow-securetty \ >>>>>> base-passwd \ >>>>>> diff --git a/meta/recipes-extended/shadow/shadow_4.13.bb >>>>>> b/meta/recipes-extended/shadow/shadow_4.14.2.bb >>>>>> similarity index 100% >>>>>> rename from meta/recipes-extended/shadow/shadow_4.13.bb >>>>>> rename to meta/recipes-extended/shadow/shadow_4.14.2.bb >>>>>> >>>>>> >>>>>>
FTR, reverting the last 3 patches to shadow fixed the build of shadow-native for me. We still consider 20.04 to be a "supported" distribution, right? Slava On 08.02.2024 11:52, Vyacheslav Yurkov via lists.openembedded.org wrote: > I only ran 'oe-selftest -r overlayfs.OverlayFSEtcRunTimeTest' on a > fresh poky clone with SANITY_TESTED_DISTROS = "" set in local.conf. > > I'm trying now the build with this commit reverted. > > Slava > > On 08.02.2024 11:45, Alexander Kanavin wrote: >> First you need to show how to reproduce it with plain poky. >> >> Alex >> >> On Thu, 8 Feb 2024 at 11:40, Vyacheslav Yurkov <uvv.mail@gmail.com> >> wrote: >>> I'm getting the same "parameter name omitted" error with today's master >>> of poky on Ubuntu-20.04 machine. Is there a fix for that? >>> >>> Slava >>> >>> On 19.01.2024 13:24, Alexander Kanavin wrote: >>>> I've seen issues where static libraries built on one host were not >>>> usable on a different host with default compiler options. This may be >>>> another one of these. >>>> >>>> We're reverting to dynamic linking with libraries in a custom >>>> directory in sysroot that would be bundled together with shadow-native >>>> proper. Patch is coming. >>>> >>>> Alex >>>> >>>> On Fri, 19 Jan 2024 at 13:13, Chen, Qi <Qi.Chen@windriver.com> wrote: >>>>> I didn't do anything particular, but as several people are sharing >>>>> the server, it's possible that its environment is somewhat messed >>>>> up. I'll check more and fix the environment. Thanks for your >>>>> double check. >>>>> >>>>> Regards, >>>>> Qi >>>>> >>>>> -----Original Message----- >>>>> From: Alexander Kanavin <alex.kanavin@gmail.com> >>>>> Sent: Friday, January 19, 2024 6:12 PM >>>>> To: Chen, Qi <Qi.Chen@windriver.com> >>>>> Cc: openembedded-core@lists.openembedded.org; Alexander Kanavin >>>>> <alex@linutronix.de> >>>>> Subject: Re: [OE-core] [PATCH v3 1/2] shadow: update 4.13 -> 4.14.2 >>>>> >>>>> I just tried poky master on ubuntu 20.04, and the issues do not >>>>> appear. Do you have a custom setup? >>>>> >>>>> Alex >>>>> >>>>> On Fri, 19 Jan 2024 at 04:06, ChenQi <Qi.Chen@windriver.com> wrote: >>>>>> I'm seeing build failures on Ubuntu 20.04. >>>>>> GCC version: 9.4.0 >>>>>> >>>>>> 1. error: parameter name omitted >>>>>> The problem is that the active_sessions_count function's definition >>>>>> lacks parameter. I did change like below: >>>>>> -unsigned long active_sessions_count(const char *name, unsigned long >>>>>> unused) >>>>>> +unsigned long active_sessions_count(const char *name, unsigned long >>>>>> unused unused_parameter) >>>>>> But then I observed another error, as shown below. >>>>>> >>>>>> 2. undefined reference to `dlsym'. >>>>>> | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: >>>>>> ../lib/.libs/libshadow.a(libshadow_la-nss.o): in function >>>>>> `nss_exit': >>>>>> | nss.c:(.text+0x32): undefined reference to `dlclose' >>>>>> | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: >>>>>> ../lib/.libs/libshadow.a(libshadow_la-nss.o): in function >>>>>> `nss_init': >>>>>> | nss.c:(.text+0x1dd): undefined reference to `dlopen' >>>>>> | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: >>>>>> nss.c:(.text+0x21c): undefined reference to `dlsym' >>>>>> | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: >>>>>> nss.c:(.text+0x237): undefined reference to `dlsym' >>>>>> | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: >>>>>> nss.c:(.text+0x253): undefined reference to `dlsym' >>>>>> | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: >>>>>> nss.c:(.text+0x365): undefined reference to `dlclose' >>>>>> | /ala-lpggp72/qichen/Yocto/builds/build-master/tmp/hosttools/ld: >>>>>> nss.c:(.text+0x3b2): undefined reference to `dlerror' >>>>>> | collect2: error: ld returned 1 exit status >>>>>> | make[2]: *** [Makefile:1130: su] Error 1 >>>>>> >>>>>> On Ubuntu22.04, there's no such issue. >>>>>> >>>>>> Regards, >>>>>> Qi >>>>>> >>>>>> On 1/11/24 21:15, Alexander Kanavin wrote: >>>>>>> License-Update: formatting, spdx conversion >>>>>>> >>>>>>> Drop: >>>>>>> 0001-Disable-use-of-syslog-for-sysroot.patch >>>>>>> (issue fixed upstream) >>>>>>> >>>>>>> 0001-Fix-can-not-print-full-login.patch >>>>>>> 0001-Overhaul-valid_field.patch >>>>>>> CVE-2023-29383.patch >>>>>>> (backports) >>>>>>> >>>>>>> libbsd is a new native dependency, as otherwise glibc >= 2.38 is >>>>>>> needed. >>>>>>> >>>>>>> A similar fix is added to musl in order to define non-standard >>>>>>> __BEGIN_DECLS/__END_DECLS. >>>>>>> >>>>>>> Signed-off-by: Alexander Kanavin <alex@linutronix.de> >>>>>>> --- >>>>>>> ...01-Disable-use-of-syslog-for-sysroot.patch | 52 ------- >>>>>>> .../0001-Fix-can-not-print-full-login.patch | 41 ----- >>>>>>> .../files/0001-Overhaul-valid_field.patch | 65 -------- >>>>>>> .../shadow/files/CVE-2023-29383.patch | 53 ------- >>>>>>> .../shadow/files/CVE-2023-4641.patch | 147 >>>>>>> ------------------ >>>>>>> ...nexpected-open-failure-in-chroot-env.patch | 16 +- >>>>>>> meta/recipes-extended/shadow/shadow.inc | 20 +-- >>>>>>> .../{shadow_4.13.bb => shadow_4.14.2.bb} | 0 >>>>>>> 8 files changed, 16 insertions(+), 378 deletions(-) >>>>>>> delete mode 100644 >>>>>>> meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch >>>>>>> delete mode 100644 >>>>>>> meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch >>>>>>> delete mode 100644 >>>>>>> meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch >>>>>>> delete mode 100644 >>>>>>> meta/recipes-extended/shadow/files/CVE-2023-29383.patch >>>>>>> delete mode 100644 >>>>>>> meta/recipes-extended/shadow/files/CVE-2023-4641.patch >>>>>>> rename meta/recipes-extended/shadow/{shadow_4.13.bb => >>>>>>> shadow_4.14.2.bb} (100%) >>>>>>> >>>>>>> diff --git >>>>>>> a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for- >>>>>>> >>>>>>> sysroot.patch >>>>>>> b/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for- >>>>>>> >>>>>>> sysroot.patch >>>>>>> deleted file mode 100644 >>>>>>> index fa1532c8317..00000000000 >>>>>>> --- >>>>>>> a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for- >>>>>>> >>>>>>> sysroot.patch >>>>>>> +++ /dev/null >>>>>>> @@ -1,52 +0,0 @@ >>>>>>> -From 85d0444229ee3d14fefcf10d093f49c862826f82 Mon Sep 17 00:00:00 >>>>>>> 2001 >>>>>>> -From: Richard Purdie <richard.purdie@linuxfoundation.org> >>>>>>> -Date: Thu, 14 Apr 2022 23:11:53 +0000 >>>>>>> -Subject: [PATCH] Disable use of syslog for shadow-native tools >>>>>>> - >>>>>>> -Disable use of syslog to prevent sysroot user and group additions >>>>>>> from -writing entries to the host's syslog. This patch should only >>>>>>> be used -with the shadow-native recipe. >>>>>>> - >>>>>>> -Upstream-Status: Inappropriate [OE specific configuration] >>>>>>> -Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> >>>>>>> -Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> >>>>>>> - >>>>>>> ---- >>>>>>> - configure.ac | 2 +- >>>>>>> - src/login_nopam.c | 3 ++- >>>>>>> - 2 files changed, 3 insertions(+), 2 deletions(-) >>>>>>> - >>>>>>> -diff --git a/configure.ac b/configure.ac -index 924254a..603af81 >>>>>>> 100644 >>>>>>> ---- a/configure.ac >>>>>>> -+++ b/configure.ac >>>>>>> -@@ -191,7 +191,7 @@ AC_DEFINE_UNQUOTED(PASSWD_PROGRAM, >>>>>>> "$shadow_cv_passwd_dir/passwd", >>>>>>> - [Path to passwd program.]) >>>>>>> - >>>>>>> - dnl XXX - quick hack, should disappear before anyone notices :). >>>>>>> --AC_DEFINE(USE_SYSLOG, 1, [Define to use syslog().]) >>>>>>> -+#AC_DEFINE(USE_SYSLOG, 1, [Define to use syslog().]) >>>>>>> - if test "$ac_cv_func_ruserok" = "yes"; then >>>>>>> - AC_DEFINE(RLOGIN, 1, [Define if login should support the >>>>>>> -r flag for rlogind.]) >>>>>>> - AC_DEFINE(RUSEROK, 0, [Define to the ruserok() "success" >>>>>>> return value (0 or 1).]) >>>>>>> -diff --git a/src/login_nopam.c b/src/login_nopam.c -index >>>>>>> df6ba88..fc24e13 100644 >>>>>>> ---- a/src/login_nopam.c >>>>>>> -+++ b/src/login_nopam.c >>>>>>> -@@ -29,7 +29,6 @@ >>>>>>> - #ifndef USE_PAM >>>>>>> - #ident "$Id$" >>>>>>> - >>>>>>> --#include "prototypes.h" >>>>>>> - /* >>>>>>> - * This module implements a simple but effective form of >>>>>>> login access >>>>>>> - * control based on login names and on host (or domain) >>>>>>> names, internet >>>>>>> -@@ -57,6 +56,8 @@ >>>>>>> - #include <netinet/in.h> >>>>>>> - #include <arpa/inet.h> /* for inet_ntoa() */ >>>>>>> - >>>>>>> -+#include "prototypes.h" >>>>>>> -+ >>>>>>> - #if !defined(MAXHOSTNAMELEN) || (MAXHOSTNAMELEN < 64) >>>>>>> - #undef MAXHOSTNAMELEN >>>>>>> - #define MAXHOSTNAMELEN 256 >>>>>>> diff --git >>>>>>> a/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-log >>>>>>> >>>>>>> in.patch >>>>>>> b/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-log >>>>>>> >>>>>>> in.patch >>>>>>> deleted file mode 100644 >>>>>>> index 89f9c05c8d3..00000000000 >>>>>>> --- >>>>>>> a/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-log >>>>>>> >>>>>>> in.patch >>>>>>> +++ /dev/null >>>>>>> @@ -1,41 +0,0 @@ >>>>>>> -commit 670cae834827a8f794e6f7464fa57790d911b63c >>>>>>> -Author: SoumyaWind <121475834+SoumyaWind@users.noreply.github.com> >>>>>>> -Date: Tue Dec 27 17:40:17 2022 +0530 >>>>>>> - >>>>>>> - shadow: Fix can not print full login timeout message >>>>>>> - >>>>>>> - Login timed out message prints only first few bytes when >>>>>>> write is immediately followed by exit. >>>>>>> - Calling exit from new handler provides enough time to >>>>>>> display full message. >>>>>>> - >>>>>>> -Upstream-Status: Backport >>>>>>> [https://github.com/shadow-maint/shadow/commit/670cae834827a8f794e6f >>>>>>> >>>>>>> 7464fa57790d911b63c] >>>>>>> - >>>>>>> -diff --git a/src/login.c b/src/login.c -index 116e2cb3..c55f4de0 >>>>>>> 100644 >>>>>>> ---- a/src/login.c >>>>>>> -+++ b/src/login.c >>>>>>> -@@ -120,6 +120,7 @@ static void get_pam_user (char >>>>>>> **ptr_pam_user); >>>>>>> - >>>>>>> - static void init_env (void); >>>>>>> - static void alarm_handler (int); >>>>>>> -+static void exit_handler (int); >>>>>>> - >>>>>>> - /* >>>>>>> - * usage - print login command usage and exit -@@ -391,11 +392,16 >>>>>>> @@ static void init_env (void) >>>>>>> - #endif /* !USE_PAM */ >>>>>>> - } >>>>>>> - >>>>>>> -+static void exit_handler (unused int sig) { >>>>>>> -+ _exit (0); >>>>>>> -+} >>>>>>> - >>>>>>> - static void alarm_handler (unused int sig) >>>>>>> - { >>>>>>> - write (STDERR_FILENO, tmsg, strlen (tmsg)); >>>>>>> -- _exit (0); >>>>>>> -+ signal(SIGALRM, exit_handler); >>>>>>> -+ alarm(2); >>>>>>> - } >>>>>>> - >>>>>>> - #ifdef USE_PAM >>>>>>> diff --git >>>>>>> a/meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch >>>>>>> >>>>>>> b/meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch >>>>>>> >>>>>>> deleted file mode 100644 >>>>>>> index ac08be515bf..00000000000 >>>>>>> --- >>>>>>> a/meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch >>>>>>> >>>>>>> +++ /dev/null >>>>>>> @@ -1,65 +0,0 @@ >>>>>>> -From 2eaea70111f65b16d55998386e4ceb4273c19eb4 Mon Sep 17 00:00:00 >>>>>>> 2001 >>>>>>> -From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= >>>>>>> <cgzones@googlemail.com> >>>>>>> -Date: Fri, 31 Mar 2023 14:46:50 +0200 >>>>>>> -Subject: [PATCH] Overhaul valid_field() >>>>>>> - >>>>>>> -e5905c4b ("Added control character check") introduced checking for >>>>>>> -control characters but had the logic inverted, so it rejects all >>>>>>> -characters that are not control ones. >>>>>>> - >>>>>>> -Cast the character to `unsigned char` before passing to the >>>>>>> character -checking functions to avoid UB. >>>>>>> - >>>>>>> -Use strpbrk(3) for the illegal character test and return early. >>>>>>> - >>>>>>> -Upstream-Status: Backport >>>>>>> [https://github.com/shadow-maint/shadow/commit/2eaea70111f65b16d5599 >>>>>>> >>>>>>> 8386e4ceb4273c19eb4] >>>>>>> - >>>>>>> -Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> >>>>>>> ---- >>>>>>> - lib/fields.c | 24 ++++++++++-------------- >>>>>>> - 1 file changed, 10 insertions(+), 14 deletions(-) >>>>>>> - >>>>>>> -diff --git a/lib/fields.c b/lib/fields.c -index fb51b582..53929248 >>>>>>> 100644 >>>>>>> ---- a/lib/fields.c >>>>>>> -+++ b/lib/fields.c >>>>>>> -@@ -37,26 +37,22 @@ int valid_field (const char *field, const char >>>>>>> *illegal) >>>>>>> - >>>>>>> - /* For each character of field, search if it appears in >>>>>>> the list >>>>>>> - * of illegal characters. */ >>>>>>> -+ if (illegal && NULL != strpbrk (field, illegal)) { >>>>>>> -+ return -1; >>>>>>> -+ } >>>>>>> -+ >>>>>>> -+ /* Search if there are non-printable or control characters */ >>>>>>> - for (cp = field; '\0' != *cp; cp++) { >>>>>>> -- if (strchr (illegal, *cp) != NULL) { >>>>>>> -+ unsigned char c = *cp; >>>>>>> -+ if (!isprint (c)) { >>>>>>> -+ err = 1; >>>>>>> -+ } >>>>>>> -+ if (iscntrl (c)) { >>>>>>> - err = -1; >>>>>>> - break; >>>>>>> - } >>>>>>> - } >>>>>>> - >>>>>>> -- if (0 == err) { >>>>>>> -- /* Search if there are non-printable or control >>>>>>> characters */ >>>>>>> -- for (cp = field; '\0' != *cp; cp++) { >>>>>>> -- if (!isprint (*cp)) { >>>>>>> -- err = 1; >>>>>>> -- } >>>>>>> -- if (!iscntrl (*cp)) { >>>>>>> -- err = -1; >>>>>>> -- break; >>>>>>> -- } >>>>>>> -- } >>>>>>> -- } >>>>>>> -- >>>>>>> - return err; >>>>>>> - } >>>>>>> - >>>>>>> --- >>>>>>> -2.34.1 >>>>>>> - >>>>>>> diff --git >>>>>>> a/meta/recipes-extended/shadow/files/CVE-2023-29383.patch >>>>>>> b/meta/recipes-extended/shadow/files/CVE-2023-29383.patch >>>>>>> deleted file mode 100644 >>>>>>> index f53341d3fc2..00000000000 >>>>>>> --- a/meta/recipes-extended/shadow/files/CVE-2023-29383.patch >>>>>>> +++ /dev/null >>>>>>> @@ -1,53 +0,0 @@ >>>>>>> -From e5905c4b84d4fb90aefcd96ee618411ebfac663d Mon Sep 17 00:00:00 >>>>>>> 2001 >>>>>>> -From: tomspiderlabs >>>>>>> <128755403+tomspiderlabs@users.noreply.github.com> >>>>>>> -Date: Thu, 23 Mar 2023 23:39:38 +0000 >>>>>>> -Subject: [PATCH] Added control character check >>>>>>> - >>>>>>> -Added control character check, returning -1 (to "err") if >>>>>>> control characters are present. >>>>>>> - >>>>>>> -CVE: CVE-2023-29383 >>>>>>> -Upstream-Status: Backport >>>>>>> - >>>>>>> -Reference to upstream: >>>>>>> -https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd >>>>>>> >>>>>>> 96ee618411ebfac663d >>>>>>> - >>>>>>> -Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> >>>>>>> ---- >>>>>>> - lib/fields.c | 11 +++++++---- >>>>>>> - 1 file changed, 7 insertions(+), 4 deletions(-) >>>>>>> - >>>>>>> -diff --git a/lib/fields.c b/lib/fields.c -index 640be931..fb51b582 >>>>>>> 100644 >>>>>>> ---- a/lib/fields.c >>>>>>> -+++ b/lib/fields.c >>>>>>> -@@ -21,9 +21,9 @@ >>>>>>> - * >>>>>>> - * The supplied field is scanned for non-printable and other >>>>>>> illegal >>>>>>> - * characters. >>>>>>> -- * + -1 is returned if an illegal character is present. >>>>>>> -- * + 1 is returned if no illegal characters are present, but >>>>>>> the field >>>>>>> -- * contains a non-printable character. >>>>>>> -+ * + -1 is returned if an illegal or control character is >>>>>>> present. >>>>>>> -+ * + 1 is returned if no illegal or control characters are >>>>>>> present, >>>>>>> -+ * but the field contains a non-printable character. >>>>>>> - * + 0 is returned otherwise. >>>>>>> - */ >>>>>>> - int valid_field (const char *field, const char *illegal) -@@ >>>>>>> -45,10 +45,13 @@ int valid_field (const char *field, const char >>>>>>> *illegal) >>>>>>> - } >>>>>>> - >>>>>>> - if (0 == err) { >>>>>>> -- /* Search if there are some non-printable >>>>>>> characters */ >>>>>>> -+ /* Search if there are non-printable or control >>>>>>> -+ characters */ >>>>>>> - for (cp = field; '\0' != *cp; cp++) { >>>>>>> - if (!isprint (*cp)) { >>>>>>> - err = 1; >>>>>>> -+ } >>>>>>> -+ if (!iscntrl (*cp)) { >>>>>>> -+ err = -1; >>>>>>> - break; >>>>>>> - } >>>>>>> - } >>>>>>> --- >>>>>>> -2.34.1 >>>>>>> - >>>>>>> diff --git a/meta/recipes-extended/shadow/files/CVE-2023-4641.patch >>>>>>> b/meta/recipes-extended/shadow/files/CVE-2023-4641.patch >>>>>>> deleted file mode 100644 >>>>>>> index 1fabfe928e4..00000000000 >>>>>>> --- a/meta/recipes-extended/shadow/files/CVE-2023-4641.patch >>>>>>> +++ /dev/null >>>>>>> @@ -1,147 +0,0 @@ >>>>>>> -From 25dbe2ce166a13322b7536ff2f738786ea2e61e7 Mon Sep 17 00:00:00 >>>>>>> 2001 >>>>>>> -From: Alejandro Colomar <alx@kernel.org> >>>>>>> -Date: Sat, 10 Jun 2023 16:20:05 +0200 >>>>>>> -Subject: [PATCH] gpasswd(1): Fix password leak >>>>>>> - >>>>>>> -How to trigger this password leak? >>>>>>> -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >>>>>>> - >>>>>>> -When gpasswd(1) asks for the new password, it asks twice (as is >>>>>>> usual -for confirming the new password). Each of those 2 password >>>>>>> prompts -uses agetpass() to get the password. If the second >>>>>>> agetpass() fails, -the first password, which has been copied into >>>>>>> the 'static' buffer -'pass' via STRFCPY(), wasn't being zeroed. >>>>>>> - >>>>>>> -agetpass() is defined in <./libmisc/agetpass.c> (around line 91), >>>>>>> and -can fail for any of the following reasons: >>>>>>> - >>>>>>> -- malloc(3) or readpassphrase(3) failure. >>>>>>> - >>>>>>> - These are going to be difficult to trigger. Maybe getting >>>>>>> the system >>>>>>> - to the limits of memory utilization at that exact point, so >>>>>>> that the >>>>>>> - next malloc(3) gets ENOMEM, and possibly even the OOM is >>>>>>> triggered. >>>>>>> - About readpassphrase(3), ENFILE and EINTR seem the only >>>>>>> plausible >>>>>>> - ones, and EINTR probably requires privilege or being the >>>>>>> same user; >>>>>>> - but I wouldn't discard ENFILE so easily, if a process starts >>>>>>> opening >>>>>>> - files. >>>>>>> - >>>>>>> -- The password is longer than PASS_MAX. >>>>>>> - >>>>>>> - The is plausible with physical access. However, at that >>>>>>> point, a >>>>>>> - keylogger will be a much simpler attack. >>>>>>> - >>>>>>> -And, the attacker must be able to know when the second password is >>>>>>> being -introduced, which is not going to be easy. >>>>>>> - >>>>>>> -How to read the password after the leak? >>>>>>> -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >>>>>>> - >>>>>>> -Provoking the leak yourself at the right point by entering a very >>>>>>> long -password is easy, and inspecting the process stack at that >>>>>>> point should -be doable. Try to find some consistent patterns. >>>>>>> - >>>>>>> -Then, search for those patterns in free memory, right after the >>>>>>> victim -leaks their password. >>>>>>> - >>>>>>> -Once you get the leak, a program should read all the free memory >>>>>>> -searching for patterns that gpasswd(1) leaves nearby the leaked >>>>>>> -password. >>>>>>> - >>>>>>> -On 6/10/23 03:14, Seth Arnold wrote: >>>>>>> -> An attacker process wouldn't be able to use malloc(3) for >>>>>>> this task. >>>>>>> -> There's a handful of tools available for userspace to >>>>>>> allocate memory: >>>>>>> -> >>>>>>> -> - brk / sbrk >>>>>>> -> - mmap MAP_ANONYMOUS >>>>>>> -> - mmap /dev/zero >>>>>>> -> - mmap some other file >>>>>>> -> - shm_open >>>>>>> -> - shmget >>>>>>> -> >>>>>>> -> Most of these return only pages of zeros to a process. Using >>>>>>> -> mmap of an existing file, you can get some of the contents of >>>>>>> the >>>>>>> -> file demand-loaded into the memory space on the first use. >>>>>>> -> >>>>>>> -> The MAP_UNINITIALIZED flag only works if the kernel was compiled >>>>>>> -> with CONFIG_MMAP_ALLOW_UNINITIALIZED. This is rare. >>>>>>> -> >>>>>>> -> malloc(3) doesn't zero memory, to our collective frustration, >>>>>>> but >>>>>>> -> all the garbage in the allocations is from previous allocations >>>>>>> -> in the current process. It isn't leftover from other processes. >>>>>>> -> >>>>>>> -> The avenues available for reading the memory: >>>>>>> -> - /dev/mem and /dev/kmem (requires root, not available with >>>>>>> -> Secure Boot) >>>>>>> -> - /proc/pid/mem (requires ptrace privileges, mediated by YAMA) >>>>>>> -> - ptrace (requires ptrace privileges, mediated by YAMA) >>>>>>> -> - causing memory to be swapped to disk, and then inspecting the >>>>>>> -> swap >>>>>>> -> >>>>>>> -> These all require a certain amount of privileges. >>>>>>> - >>>>>>> -How to fix it? >>>>>>> -~~~~~~~~~~~~~~ >>>>>>> - >>>>>>> -memzero(), which internally calls explicit_bzero(3), or whatever >>>>>>> -alternative the system provides with a slightly different name, >>>>>>> will -make sure that the buffer is zeroed in memory, and >>>>>>> optimizations are not -allowed to impede this zeroing. >>>>>>> - >>>>>>> -This is not really 100% effective, since compilers may place >>>>>>> copies >>>>>>> of -the string somewhere hidden in the stack. Those copies won't >>>>>>> get zeroed -by explicit_bzero(3). However, that's arguably a >>>>>>> compiler bug, since -compilers should make everything possible to >>>>>>> avoid optimizing strings -that are later passed to >>>>>>> explicit_bzero(3). But we all know that -sometimes it's impossible >>>>>>> to have perfect knowledge in the compiler, so -this is plausible. >>>>>>> Nevertheless, there's nothing we can do against such -issues, >>>>>>> except >>>>>>> minimizing the time such passwords are stored in plain -text. >>>>>>> - >>>>>>> -Security concerns >>>>>>> -~~~~~~~~~~~~~~~~~ >>>>>>> - >>>>>>> -We believe this isn't easy to exploit. Nevertheless, and since >>>>>>> the >>>>>>> fix -is trivial, this fix should probably be applied soon, and >>>>>>> backported to -all supported distributions, to prevent someone else >>>>>>> having more -imagination than us to find a way. >>>>>>> - >>>>>>> -Affected versions >>>>>>> -~~~~~~~~~~~~~~~~~ >>>>>>> - >>>>>>> -All. Bug introduced in shadow 19990709. That's the second commit >>>>>>> in -the git history. >>>>>>> - >>>>>>> -Fixes: 45c6603cc86c ("[svn-upgrade] Integrating new upstream >>>>>>> version, shadow (19990709)") >>>>>>> - >>>>>>> -CVE: CVE-2023-4641 >>>>>>> -Upstream-Status: Backport >>>>>>> [https://github.com/shadow-maint/shadow/commit/65c88a43a23c2391dcc90 >>>>>>> >>>>>>> c0abda3e839e9c57904] >>>>>>> - >>>>>>> -Reported-by: Alejandro Colomar <alx@kernel.org> >>>>>>> -Cc: Serge Hallyn <serge@hallyn.com> >>>>>>> -Cc: Iker Pedrosa <ipedrosa@redhat.com> >>>>>>> -Cc: Seth Arnold <seth.arnold@canonical.com> >>>>>>> -Cc: Christian Brauner <christian@brauner.io> >>>>>>> -Cc: Balint Reczey <rbalint@debian.org> >>>>>>> -Cc: Sam James <sam@gentoo.org> >>>>>>> -Cc: David Runge <dvzrv@archlinux.org> >>>>>>> -Cc: Andreas Jaeger <aj@suse.de> >>>>>>> -Cc: <~hallyn/shadow@lists.sr.ht> >>>>>>> -Signed-off-by: Alejandro Colomar <alx@kernel.org> >>>>>>> -Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> >>>>>>> ---- >>>>>>> - src/gpasswd.c | 1 + >>>>>>> - 1 file changed, 1 insertion(+) >>>>>>> - >>>>>>> -diff --git a/src/gpasswd.c b/src/gpasswd.c -index >>>>>>> 5983f787..2d8869ef 100644 >>>>>>> ---- a/src/gpasswd.c >>>>>>> -+++ b/src/gpasswd.c >>>>>>> -@@ -896,6 +896,7 @@ static void change_passwd (struct group *gr) >>>>>>> - strzero (cp); >>>>>>> - cp = getpass (_("Re-enter new password: ")); >>>>>>> - if (NULL == cp) { >>>>>>> -+ memzero (pass, sizeof pass); >>>>>>> - exit (1); >>>>>>> - } >>>>>>> - >>>>>>> --- >>>>>>> -2.34.1 >>>>>>> - >>>>>>> diff --git >>>>>>> a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open- >>>>>>> >>>>>>> failure-in-chroot-env.patch >>>>>>> b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open- >>>>>>> >>>>>>> failure-in-chroot-env.patch index 85d91751056..4a932d2dbb1 100644 >>>>>>> --- >>>>>>> a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open- >>>>>>> >>>>>>> failure-in-chroot-env.patch >>>>>>> +++ >>>>>>> b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-o >>>>>>> +++ pen-failure-in-chroot-env.patch >>>>>>> @@ -1,4 +1,4 @@ >>>>>>> -From 21583da072aa66901d859ac00ce209bac87ddecc Mon Sep 17 00:00:00 >>>>>>> 2001 >>>>>>> +From a773c6b240d27e23d6be41decef0edf24fcee523 Mon Sep 17 00:00:00 >>>>>>> +2001 >>>>>>> From: Chen Qi <Qi.Chen@windriver.com> >>>>>>> Date: Thu, 17 Jul 2014 15:53:34 +0800 >>>>>>> Subject: [PATCH] >>>>>>> commonio.c-fix-unexpected-open-failure-in-chroot-env >>>>>>> @@ -15,35 +15,37 @@ Note that this patch doesn't change the >>>>>>> logic in the code, it just expands >>>>>>> the codes. >>>>>>> >>>>>>> Signed-off-by: Chen Qi <Qi.Chen@windriver.com> >>>>>>> - >>>>>>> --- >>>>>>> lib/commonio.c | 16 ++++++++++++---- >>>>>>> 1 file changed, 12 insertions(+), 4 deletions(-) >>>>>>> >>>>>>> diff --git a/lib/commonio.c b/lib/commonio.c -index >>>>>>> 9a02ce1..61384ec 100644 >>>>>>> +index 73fdb3a..d1231e9 100644 >>>>>>> --- a/lib/commonio.c >>>>>>> +++ b/lib/commonio.c >>>>>>> -@@ -616,10 +616,18 @@ int commonio_open (struct commonio_db *db, >>>>>>> int mode) >>>>>>> +@@ -606,10 +606,18 @@ int commonio_open (struct commonio_db *db, >>>>>>> +int mode) >>>>>>> db->cursor = NULL; >>>>>>> db->changed = false; >>>>>>> >>>>>>> - fd = open (db->filename, >>>>>>> - (db->readonly ? O_RDONLY : O_RDWR) >>>>>>> -- | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW); >>>>>>> +- | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW | O_CLOEXEC); >>>>>>> - saved_errno = errno; >>>>>>> + if (db->readonly) { >>>>>>> + fd = open (db->filename, >>>>>>> + (true ? O_RDONLY : O_RDWR) >>>>>>> -+ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW); >>>>>>> ++ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW | >>>>>>> ++ O_CLOEXEC); >>>>>>> + saved_errno = errno; >>>>>>> + } else { >>>>>>> + fd = open (db->filename, >>>>>>> + (false ? O_RDONLY : O_RDWR) >>>>>>> -+ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW); >>>>>>> ++ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW| >>>>>>> ++ O_CLOEXEC); >>>>>>> + saved_errno = errno; >>>>>>> + } >>>>>>> + >>>>>>> db->fp = NULL; >>>>>>> if (fd >= 0) { >>>>>>> #ifdef WITH_TCB >>>>>>> +-- >>>>>>> +2.30.2 >>>>>>> + >>>>>>> diff --git a/meta/recipes-extended/shadow/shadow.inc >>>>>>> b/meta/recipes-extended/shadow/shadow.inc >>>>>>> index ce3ce627156..c024746d4ff 100644 >>>>>>> --- a/meta/recipes-extended/shadow/shadow.inc >>>>>>> +++ b/meta/recipes-extended/shadow/shadow.inc >>>>>>> @@ -5,7 +5,7 @@ BUGTRACKER = >>>>>>> "http://github.com/shadow-maint/shadow/issues" >>>>>>> SECTION = "base/utils" >>>>>>> LICENSE = "BSD-3-Clause" >>>>>>> LIC_FILES_CHKSUM = >>>>>>> "file://COPYING;md5=c9a450b7be84eac23e6353efecb60b5b \ >>>>>>> - >>>>>>> file://src/passwd.c;beginline=2;endline=30;md5=758c26751513b6795395275969dd3be1 >>>>>>> \ >>>>>>> + >>>>>>> + >>>>>>> file://src/passwd.c;beginline=2;endline=7;md5=67bcf314687820b2f010 >>>>>>> + d4863fce3fc5 \ >>>>>>> " >>>>>>> >>>>>>> DEPENDS = "virtual/crypt" >>>>>>> @@ -14,10 +14,6 @@ GITHUB_BASE_URI = >>>>>>> "https://github.com/shadow-maint/shadow/releases" >>>>>>> SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BP}.tar.gz \ >>>>>>> ${@bb.utils.contains('PACKAGECONFIG', 'pam', >>>>>>> '${PAM_SRC_URI}', '', d)} \ >>>>>>> file://useradd \ >>>>>>> - file://0001-Fix-can-not-print-full-login.patch \ >>>>>>> - file://CVE-2023-29383.patch \ >>>>>>> - file://0001-Overhaul-valid_field.patch \ >>>>>>> - file://CVE-2023-4641.patch \ >>>>>>> " >>>>>>> >>>>>>> SRC_URI:append:class-target = " \ >>>>>>> @@ -26,14 +22,9 @@ SRC_URI:append:class-target = " \ >>>>>>> " >>>>>>> >>>>>>> SRC_URI:append:class-native = " \ >>>>>>> - file://0001-Disable-use-of-syslog-for-sysroot.patch \ >>>>>>> file://commonio.c-fix-unexpected-open-failure-in-chroot-env.patch \ >>>>>>> " >>>>>>> -SRC_URI:append:class-nativesdk = " \ >>>>>>> - file://0001-Disable-use-of-syslog-for-sysroot.patch \ >>>>>>> - " >>>>>>> -SRC_URI[sha256sum] = >>>>>>> "813057047499c7fe81108adcf0cffa3ad4ec75e19a80151f9cbaa458ff2e86cd" >>>>>>> - >>>>>>> +SRC_URI[sha256sum] = >>>>>>> "a305edf5d19bddbdf5e836d2d609fa8bff2d35458819de4d9f06306a1cf24342" >>>>>>> >>>>>>> # Additional Policy files for PAM >>>>>>> PAM_SRC_URI = "file://pam.d/chfn \ @@ -44,7 +35,7 @@ >>>>>>> PAM_SRC_URI = >>>>>>> "file://pam.d/chfn \ >>>>>>> file://pam.d/passwd \ >>>>>>> file://pam.d/su" >>>>>>> >>>>>>> -inherit autotools gettext github-releases >>>>>>> +inherit autotools gettext github-releases pkgconfig >>>>>>> >>>>>>> export CONFIG_SHELL="/bin/sh" >>>>>>> >>>>>>> @@ -54,6 +45,8 @@ EXTRA_OECONF += "--without-libcrack \ >>>>>>> --without-sssd \ >>>>>>> ${NSCDOPT}" >>>>>>> >>>>>>> +CFLAGS:append:libc-musl = " -DLIBBSD_OVERLAY" >>>>>>> + >>>>>>> NSCDOPT = "" >>>>>>> NSCDOPT:class-native = "--without-nscd" >>>>>>> NSCDOPT:class-nativesdk = "--without-nscd" >>>>>>> @@ -73,13 +66,14 @@ PAM_PLUGINS = "libpam-runtime \ >>>>>>> >>>>>>> PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', >>>>>>> 'pam', d)} \ >>>>>>> ${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}" >>>>>>> -PACKAGECONFIG:class-native ??= >>>>>>> "${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}" >>>>>>> +PACKAGECONFIG:class-native ??= >>>>>>> "${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', >>>>>>> d)} libbsd" >>>>>>> PACKAGECONFIG:class-nativesdk = "" >>>>>>> PACKAGECONFIG[pam] = >>>>>>> "--with-libpam,--without-libpam,libpam,${PAM_PLUGINS}" >>>>>>> PACKAGECONFIG[attr] = "--with-attr,--without-attr,attr" >>>>>>> PACKAGECONFIG[acl] = "--with-acl,--without-acl,acl" >>>>>>> PACKAGECONFIG[audit] = "--with-audit,--without-audit,audit" >>>>>>> PACKAGECONFIG[selinux] = >>>>>>> "--with-selinux,--without-selinux,libselinux libsemanage" >>>>>>> +PACKAGECONFIG[libbsd] = "--with-libbsd,--without-libbsd,libbsd" >>>>>>> >>>>>>> RDEPENDS:${PN} = "shadow-securetty \ >>>>>>> base-passwd \ >>>>>>> diff --git a/meta/recipes-extended/shadow/shadow_4.13.bb >>>>>>> b/meta/recipes-extended/shadow/shadow_4.14.2.bb >>>>>>> similarity index 100% >>>>>>> rename from meta/recipes-extended/shadow/shadow_4.13.bb >>>>>>> rename to meta/recipes-extended/shadow/shadow_4.14.2.bb >>>>>>> >>>>>>> >>>>>>>
On Thu, 2024-02-08 at 13:11 +0100, Vyacheslav Yurkov wrote: > FTR, reverting the last 3 patches to shadow fixed the build of > shadow-native for me. > We still consider 20.04 to be a "supported" distribution, right? I suspect some kind of host contamination and you have something installed on your distro which the rest of us don't. Can you share the do_configure logs? Cheers, Richard
shadow-native configure log is below. DEBUG: Executing python function extend_recipe_sysroot NOTE: Direct dependencies are ['/home/uvv/projects/upstream/poky-shadow/meta/recipes-core/gettext/gettext-minimal-native_0.22.4.bb:do_populate_sysroot', '/home/uvv/projects/upstream/poky-shadow/meta/recipes-devtools/libtool/libtool-native_2.4.7.bb:do_populate_sysroot', '/home/uvv/projects/upstream/poky-shadow/meta/recipes-devtools/quilt/quilt-native_0.67.bb:do_populate_sysroot', 'virtual:native:/home/uvv/projects/upstream/poky-shadow/meta/recipes-devtools/autoconf/autoconf_2.72e.bb:do_populate_sysroot', 'virtual:native:/home/uvv/projects/upstream/poky-shadow/meta/recipes-devtools/automake/automake_1.16.5.bb:do_populate_sysroot', 'virtual:native:/home/uvv/projects/upstream/poky-shadow/meta/recipes-devtools/pkgconfig/pkgconfig_git.bb:do_populate_sysroot', 'virtual:native:/home/uvv/projects/upstream/poky-shadow/meta/recipes-support/attr/attr_2.5.1.bb:do_populate_sysroot', 'virtual:native:/home/uvv/projects/upstream/poky-shadow/meta/recipes-support/libbsd/libbsd_0.11.8.bb:do_populate_sysroot'] NOTE: Installed into sysroot: [] NOTE: Skipping as already exists in sysroot: ['gettext-minimal-native', 'libtool-native', 'm4-native', 'quilt-native', 'texinfo-dummy-native', 'autoconf-native', 'automake-native', 'gnu-config-native', 'pkgconfig-native', 'xz-native', 'attr-native', 'libbsd-native', 'libmd-native'] DEBUG: Python function extend_recipe_sysroot finished DEBUG: Executing shell function autotools_preconfigure DEBUG: Shell function autotools_preconfigure finished DEBUG: Executing python function autotools_aclocals DEBUG: SITE files ['endian-little', 'common-linux', 'common-glibc', 'bit-64', 'x86_64-linux', 'common'] DEBUG: Python function autotools_aclocals finished DEBUG: Executing shell function do_configure automake (GNU automake) 1.16.5 Copyright (C) 2021 Free Software Foundation, Inc. License GPLv2+: GNU GPL version 2 or later <https://gnu.org/licenses/gpl-2.0.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Written by Tom Tromey <tromey@redhat.com> and Alexandre Duret-Lutz <adl@gnu.org>. AUTOV is 1.16 NOTE: Executing ACLOCAL="aclocal --system-acdir=/home/uvv/projects/upstream/poky-shadow/build/tmp/work/x86_64-linux/shadow-native/4.14.2/recipe-sysroot-native/usr/share/aclocal/ --automake-acdir=/home/uvv/projects/upstream/poky-shadow/build/tmp/work/x86_64-linux/shadow-native/4.14.2/recipe-sysroot-native/usr/share/aclocal-1.16" autoreconf -Wcross --verbose --install --force --exclude=autopoint -I /home/uvv/projects/upstream/poky-shadow/build/tmp/work/x86_64-linux/shadow-native/4.14.2/shadow-4.14.2/m4/ autoreconf: export WARNINGS=cross,no-obsolete autoreconf: Entering directory '.' autoreconf: running: aclocal --system-acdir=/home/uvv/projects/upstream/poky-shadow/build/tmp/work/x86_64-linux/shadow-native/4.14.2/recipe-sysroot-native/usr/share/aclocal/ --automake-acdir=/home/uvv/projects/upstream/poky-shadow/build/tmp/work/x86_64-linux/shadow-native/4.14.2/recipe-sysroot-native/usr/share/aclocal-1.16 -I /home/uvv/projects/upstream/poky-shadow/build/tmp/work/x86_64-linux/shadow-native/4.14.2/shadow-4.14.2/m4/ --force autoreconf: configure.ac: tracing autoreconf: running: libtoolize --copy --force libtoolize: putting auxiliary files in '.'. libtoolize: copying file './ltmain.sh' libtoolize: putting macros in AC_CONFIG_MACRO_DIRS, 'm4'. libtoolize: copying file 'm4/libtool.m4' libtoolize: copying file 'm4/ltoptions.m4' libtoolize: copying file 'm4/ltsugar.m4' libtoolize: copying file 'm4/ltversion.m4' libtoolize: copying file 'm4/lt~obsolete.m4' libtoolize: Consider adding '-I m4' to ACLOCAL_AMFLAGS in Makefile.am. autoreconf: configure.ac: not using Intltool autoreconf: configure.ac: not using Gtkdoc autoreconf: running: aclocal --system-acdir=/home/uvv/projects/upstream/poky-shadow/build/tmp/work/x86_64-linux/shadow-native/4.14.2/recipe-sysroot-native/usr/share/aclocal/ --automake-acdir=/home/uvv/projects/upstream/poky-shadow/build/tmp/work/x86_64-linux/shadow-native/4.14.2/recipe-sysroot-native/usr/share/aclocal-1.16 -I /home/uvv/projects/upstream/poky-shadow/build/tmp/work/x86_64-linux/shadow-native/4.14.2/shadow-4.14.2/m4/ --force autoreconf: running: /home/uvv/projects/upstream/poky-shadow/build/tmp/work/x86_64-linux/shadow-native/4.14.2/recipe-sysroot-native/usr/bin/autoconf --include=/home/uvv/projects/upstream/poky-shadow/build/tmp/work/x86_64-linux/shadow-native/4.14.2/shadow-4.14.2/m4/ --force autoreconf: running: /home/uvv/projects/upstream/poky-shadow/build/tmp/work/x86_64-linux/shadow-native/4.14.2/recipe-sysroot-native/usr/bin/autoheader --include=/home/uvv/projects/upstream/poky-shadow/build/tmp/work/x86_64-linux/shadow-native/4.14.2/shadow-4.14.2/m4/ --force autoreconf: running: automake --add-missing --copy --force-missing configure.ac:23: installing './compile' configure.ac:9: installing './missing' lib/Makefile.am: installing './depcomp' autoreconf: './install-sh' is updated autoreconf: './config.sub' is updated autoreconf: './config.guess' is updated autoreconf: Leaving directory '.' NOTE: Running ../shadow-4.14.2/configure --build=x86_64-linux --host=x86_64-linux --target=x86_64-linux --prefix=/home/uvv/projects/upstream/poky-shadow/build/tmp/work/x86_64-linux/shadow-native/4.14.2/recipe-sysroot-native/usr --exec_prefix=/home/uvv/projects/upstream/poky-shadow/build/tmp/work/x86_64-linux/shadow-native/4.14.2/recipe-sysroot-native/usr --bindir=/home/uvv/projects/upstream/poky-shadow/build/tmp/work/x86_64-linux/shadow-native/4.14.2/recipe-sysroot-native/usr/bin --sbindir=/home/uvv/projects/upstream/poky-shadow/build/tmp/work/x86_64-linux/shadow-native/4.14.2/recipe-sysroot-native/usr/sbin --libexecdir=/home/uvv/projects/upstream/poky-shadow/build/tmp/work/x86_64-linux/shadow-native/4.14.2/recipe-sysroot-native/usr/libexec --datadir=/home/uvv/projects/upstream/poky-shadow/build/tmp/work/x86_64-linux/shadow-native/4.14.2/recipe-sysroot-native/usr/share --sysconfdir=/home/uvv/projects/upstream/poky-shadow/build/tmp/work/x86_64-linux/shadow-native/4.14.2/recipe-sysroot-native/etc --sharedstatedir=/home/uvv/projects/upstream/poky-shadow/build/tmp/work/x86_64-linux/shadow-native/4.14.2/recipe-sysroot-native/com --localstatedir=/home/uvv/projects/upstream/poky-shadow/build/tmp/work/x86_64-linux/shadow-native/4.14.2/recipe-sysroot-native/var --libdir=/home/uvv/projects/upstream/poky-shadow/build/tmp/work/x86_64-linux/shadow-native/4.14.2/recipe-sysroot-native/usr/lib --includedir=/home/uvv/projects/upstream/poky-shadow/build/tmp/work/x86_64-linux/shadow-native/4.14.2/recipe-sysroot-native/usr/include --oldincludedir=/home/uvv/projects/upstream/poky-shadow/build/tmp/work/x86_64-linux/shadow-native/4.14.2/recipe-sysroot-native/usr/include --infodir=/home/uvv/projects/upstream/poky-shadow/build/tmp/work/x86_64-linux/shadow-native/4.14.2/recipe-sysroot-native/usr/share/info --mandir=/home/uvv/projects/upstream/poky-shadow/build/tmp/work/x86_64-linux/shadow-native/4.14.2/recipe-sysroot-native/usr/share/man --disable-silent-rules --disable-dependency-tracking --without-libcrack --with-group-name-max-length=24 --enable-subordinate-ids=yes --without-sssd --without-nscd --disable-static --without-acl --with-attr --without-audit --with-libbsd --without-libpam --without-selinux --disable-nls configure: loading site script /home/uvv/projects/upstream/poky-shadow/meta/site/endian-little configure: loading site script /home/uvv/projects/upstream/poky-shadow/meta/site/common-linux configure: loading site script /home/uvv/projects/upstream/poky-shadow/meta/site/common-glibc configure: loading site script /home/uvv/projects/upstream/poky-shadow/meta/site/x86_64-linux configure: loading site script /home/uvv/projects/upstream/poky-shadow/meta/site/common checking for a BSD-compatible install... /home/uvv/projects/upstream/poky-shadow/build/tmp/hosttools/install -c checking whether build environment is sane... yes checking for a race-free mkdir -p... /home/uvv/projects/upstream/poky-shadow/build/tmp/hosttools/mkdir -p checking for gawk... gawk checking whether make sets $(MAKE)... yes checking whether make supports nested variables... yes checking whether make supports nested variables... (cached) yes checking whether make supports the include directive... yes (GNU style) checking for x86_64-linux-gcc... gcc checking whether the C compiler works... yes checking for C compiler default output file name... a.out checking for suffix of executables... checking whether we are cross compiling... no checking for suffix of object files... o checking whether the compiler supports GNU C... yes checking whether gcc accepts -g... yes checking for gcc option to enable C11 features... none needed checking whether gcc understands -c and -o together... yes checking dependency style of gcc ... none checking for stdio.h... yes checking for stdlib.h... yes checking for string.h... yes checking for inttypes.h... yes checking for stdint.h... yes checking for strings.h... yes checking for sys/stat.h... yes checking for sys/types.h... yes checking for unistd.h... yes checking for wchar.h... yes checking for minix/config.h... no checking for utime.h... yes checking whether it is safe to define __EXTENSIONS__... yes checking whether _XOPEN_SOURCE should be defined... no checking whether to enable maintainer-specific portions of Makefiles... no checking for x86_64-linux-gcc... (cached) gcc checking whether the compiler supports GNU C... (cached) yes checking whether gcc accepts -g... (cached) yes checking for gcc option to enable C11 features... (cached) none needed checking whether gcc understands -c and -o together... (cached) yes checking dependency style of gcc ... (cached) none checking whether ln -s works... yes checking for bison... no checking for byacc... no checking build system type... x86_64-pc-linux-gnu checking host system type... x86_64-pc-linux-gnu checking how to print strings... printf checking for a sed that does not truncate output... (cached) sed checking for grep that handles long lines and -e... /home/uvv/projects/upstream/poky-shadow/build/tmp/hosttools/grep checking for egrep... /home/uvv/projects/upstream/poky-shadow/build/tmp/hosttools/grep -E checking for fgrep... /home/uvv/projects/upstream/poky-shadow/build/tmp/hosttools/grep -F checking for ld used by gcc ... ld checking if the linker (ld ) is GNU ld... yes checking for BSD- or MS-compatible name lister (nm)... nm checking the name lister (nm) interface... BSD nm checking the maximum length of command line arguments... 1572864 checking how to convert x86_64-pc-linux-gnu file names to x86_64-pc-linux-gnu format... func_convert_file_noop checking how to convert x86_64-pc-linux-gnu file names to toolchain format... func_convert_file_noop checking for ld option to reload object files... -r checking for x86_64-linux-file... no checking for file... file checking for x86_64-linux-objdump... objdump checking how to recognize dependent libraries... pass_all checking for x86_64-linux-dlltool... no checking for dlltool... no checking how to associate runtime and link libraries... printf %s\n checking for x86_64-linux-ar... ar checking for archiver @FILE support... @ checking for x86_64-linux-strip... strip checking for x86_64-linux-ranlib... ranlib -D checking command to parse nm output from gcc object... ok checking for sysroot... no checking for a working dd... /home/uvv/projects/upstream/poky-shadow/build/tmp/hosttools/dd checking how to truncate binary pipes... /home/uvv/projects/upstream/poky-shadow/build/tmp/hosttools/dd bs=4096 count=1 checking for x86_64-linux-mt... no checking for mt... no checking if : is a manifest tool... no checking for dlfcn.h... yes checking for objdir... .libs checking if gcc supports -fno-rtti -fno-exceptions... no checking for gcc option to produce PIC... -fPIC -DPIC checking if gcc PIC flag -fPIC -DPIC works... yes checking if gcc static flag -static works... yes checking if gcc supports -c -o file.o... yes checking if gcc supports -c -o file.o... (cached) yes checking whether the gcc linker (ld -m elf_x86_64) supports shared libraries... yes checking whether -lc should be explicitly linked in... no checking dynamic linker characteristics... GNU/Linux ld.so checking how to hardcode library paths into programs... immediate checking whether stripping libraries is possible... yes checking if libtool supports shared libraries... yes checking whether to build shared libraries... yes checking whether to build static libraries... no checking for crypt.h... yes checking for utmp.h... yes checking for termio.h... yes checking for sgtty.h... yes checking for sys/ioctl.h... yes checking for paths.h... yes checking for sys/capability.h... no checking for sys/random.h... yes checking for gshadow.h... yes checking for lastlog.h... yes checking for rpc/key_prot.h... yes checking for acl/libacl.h... no checking for attr/libattr.h... yes checking for attr/error_context.h... yes checking for shadow.h... yes checking for arc4random_buf... no checking for futimes... yes checking for getentropy... yes checking for getrandom... yes checking for getspnam... yes checking for getusershell... yes checking for initgroups... yes checking for lckpwdf... yes checking for lutimes... yes checking for mempcpy... yes checking for setgroups... yes checking for updwtmp... yes checking for updwtmpx... yes checking for innetgr... yes checking for getspnam_r... yes checking for rpmatch... yes checking for memset_explicit... no checking for explicit_bzero... yes checking for stpecpy... no checking for stpeprintf... no checking for gcc option to enable large file support... none needed checking for struct utmp.ut_type... yes checking for struct utmp.ut_id... yes checking for struct utmp.ut_name... yes checking for struct utmp.ut_user... yes checking for struct utmp.ut_host... yes checking for struct utmp.ut_syslen... no checking for struct utmp.ut_addr... yes checking for struct utmp.ut_addr_v6... yes checking for struct utmp.ut_time... yes checking for struct utmp.ut_xtime... yes checking for struct utmp.ut_tv... yes checking for uid_t... yes checking for gid_t... yes checking type of array argument to getgroups... gid_t checking whether utime accepts a null argument... (cached) yes checking for putgrent... yes checking for putpwent... yes checking for putspent... yes checking for sgetgrent... no checking for sgetpwent... no checking for sgetspent... yes checking for setpgrp... yes checking for secure_getenv... yes checking for working shadow group support... yes checking location of shared mail directory... (cached) /home/uvv/projects/upstream/poky-shadow/build/tmp/work/x86_64-linux/shadow-native/4.14.2/recipe-sysroot-native/var/spool/mail checking location of user mail file... (cached) Mailbox checking location of utmp... (cached) /home/uvv/projects/upstream/poky-shadow/build/tmp/work/x86_64-linux/shadow-native/4.14.2/recipe-sysroot-native/var/run checking location of faillog/lastlog/wtmp... (cached) /home/uvv/projects/upstream/poky-shadow/build/tmp/work/x86_64-linux/shadow-native/4.14.2/recipe-sysroot-native/var/log checking location of the passwd program... (cached) /home/uvv/projects/upstream/poky-shadow/build/tmp/work/x86_64-linux/shadow-native/4.14.2/recipe-sysroot-native/usr/bin checking for library containing gethostbyname... none required checking for econf_readDirs in -leconf... no checking size of uid_t... (cached) 4 checking size of gid_t... (cached) 4 checking for sd_session_get_remote_host in -lsystemd... yes checking for crypt in -lcrypt... yes checking for crypt in -lcrypt... (cached) yes checking for library containing readpassphrase... -lbsd checking for x86_64-linux-pkg-config... no checking for pkg-config... /home/uvv/projects/upstream/poky-shadow/build/tmp/work/x86_64-linux/shadow-native/4.14.2/recipe-sysroot-native/usr/bin/pkg-config checking pkg-config is at least version 0.9.0... yes checking for libbsd-overlay... yes checking for readpassphrase.h... yes checking for attr/libattr.h... (cached) yes checking for attr/error_context.h... (cached) yes checking for attr_copy_file in -lattr... yes checking for attr_copy_fd in -lattr... yes checking for sys/statfs.h... yes checking for linux/magic.h... yes checking for linux/btrfs_tree.h... yes checking for tcb.h... no checking use login and su access checking if PAM not used... yes checking for fgetpwent_r... yes checking whether NLS is requested... no checking for msgfmt... no checking for gmsgfmt... : checking for xgettext... no checking for msgmerge... no checking for ld... ld -m elf_x86_64 checking if the linker (ld -m elf_x86_64) is GNU ld... yes checking for shared library run path origin... done checking 32-bit host C ABI... no checking how to run the C preprocessor... gcc -E checking for egrep -e... (cached) /home/uvv/projects/upstream/poky-shadow/build/tmp/hosttools/grep -E checking for ELF binary format... yes checking for the common suffixes of directories in the library search path... lib,lib,lib64 checking for CFPreferencesCopyAppValue... no checking for CFLocaleCopyCurrent... no checking whether to use NLS... no configure: creating ./config.status config.status: creating Makefile config.status: creating po/Makefile.in config.status: creating doc/Makefile config.status: creating man/Makefile config.status: creating man/config.xml config.status: creating man/po/Makefile config.status: creating man/cs/Makefile config.status: creating man/da/Makefile config.status: creating man/de/Makefile config.status: creating man/es/Makefile config.status: creating man/fi/Makefile config.status: creating man/fr/Makefile config.status: creating man/hu/Makefile config.status: creating man/id/Makefile config.status: creating man/it/Makefile config.status: creating man/ja/Makefile config.status: creating man/ko/Makefile config.status: creating man/pl/Makefile config.status: creating man/pt_BR/Makefile config.status: creating man/ru/Makefile config.status: creating man/sv/Makefile config.status: creating man/tr/Makefile config.status: creating man/uk/Makefile config.status: creating man/zh_CN/Makefile config.status: creating man/zh_TW/Makefile config.status: creating lib/Makefile config.status: creating libsubid/Makefile config.status: creating libsubid/subid.h config.status: creating src/Makefile config.status: creating contrib/Makefile config.status: creating etc/Makefile config.status: creating etc/pam.d/Makefile config.status: creating etc/shadow-maint/Makefile config.status: creating shadow.spec config.status: creating config.h config.status: executing depfiles commands config.status: executing libtool commands config.status: executing po-directories commands config.status: creating po/POTFILES config.status: creating po/Makefile shadow will be compiled with the following features: auditing support: no CrackLib support: no PAM support: no SELinux support: no BtrFS support: yes ACL support: no Extended Attributes support: yes tcb support (incomplete): no shadow group support: yes S/Key support: no SHA passwords encryption: yes bcrypt passwords encryption: no yescrypt passwords encryption: no nscd support: no sssd support: no subordinate IDs support: yes enable lastlog: no enable logind: yes use file caps: no install su: yes enabled vendor dir: DEBUG: Shell function do_configure finished DEBUG: Executing python function do_qa_configure NOTE: Checking autotools environment for common misconfiguration NOTE: Checking configure output for unrecognised options DEBUG: Python function do_qa_configure finished DEBUG: Executing shell function autotools_postconfigure DEBUG: Shell function autotools_postconfigure finished On 08.02.2024 13:16, Richard Purdie wrote: > I suspect some kind of host contamination and you have something > installed on your distro which the rest of us don't. > > Can you share the do_configure logs? > > Cheers, > > Richard >
On Thu, 2024-02-08 at 14:09 +0100, Vyacheslav Yurkov wrote: > shadow-native configure log is below. Thanks, the line which jumped out at me is: > checking for sd_session_get_remote_host in -lsystemd... yes > since we don't (and shouldn't) build a systemd-native. You might want to see if there is a configure option we should be passing in to disable that. Cheers, Richard
On Thu, 8 Feb 2024 at 14:27, Richard Purdie <richard.purdie@linuxfoundation.org> wrote: > since we don't (and shouldn't) build a systemd-native. > > You might want to see if there is a configure option we should be > passing in to disable that. I just sent a patch that does that. Alex
diff --git a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch b/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch deleted file mode 100644 index fa1532c8317..00000000000 --- a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 85d0444229ee3d14fefcf10d093f49c862826f82 Mon Sep 17 00:00:00 2001 -From: Richard Purdie <richard.purdie@linuxfoundation.org> -Date: Thu, 14 Apr 2022 23:11:53 +0000 -Subject: [PATCH] Disable use of syslog for shadow-native tools - -Disable use of syslog to prevent sysroot user and group additions from -writing entries to the host's syslog. This patch should only be used -with the shadow-native recipe. - -Upstream-Status: Inappropriate [OE specific configuration] -Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> -Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> - ---- - configure.ac | 2 +- - src/login_nopam.c | 3 ++- - 2 files changed, 3 insertions(+), 2 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 924254a..603af81 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -191,7 +191,7 @@ AC_DEFINE_UNQUOTED(PASSWD_PROGRAM, "$shadow_cv_passwd_dir/passwd", - [Path to passwd program.]) - - dnl XXX - quick hack, should disappear before anyone notices :). --AC_DEFINE(USE_SYSLOG, 1, [Define to use syslog().]) -+#AC_DEFINE(USE_SYSLOG, 1, [Define to use syslog().]) - if test "$ac_cv_func_ruserok" = "yes"; then - AC_DEFINE(RLOGIN, 1, [Define if login should support the -r flag for rlogind.]) - AC_DEFINE(RUSEROK, 0, [Define to the ruserok() "success" return value (0 or 1).]) -diff --git a/src/login_nopam.c b/src/login_nopam.c -index df6ba88..fc24e13 100644 ---- a/src/login_nopam.c -+++ b/src/login_nopam.c -@@ -29,7 +29,6 @@ - #ifndef USE_PAM - #ident "$Id$" - --#include "prototypes.h" - /* - * This module implements a simple but effective form of login access - * control based on login names and on host (or domain) names, internet -@@ -57,6 +56,8 @@ - #include <netinet/in.h> - #include <arpa/inet.h> /* for inet_ntoa() */ - -+#include "prototypes.h" -+ - #if !defined(MAXHOSTNAMELEN) || (MAXHOSTNAMELEN < 64) - #undef MAXHOSTNAMELEN - #define MAXHOSTNAMELEN 256 diff --git a/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch b/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch deleted file mode 100644 index 89f9c05c8d3..00000000000 --- a/meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch +++ /dev/null @@ -1,41 +0,0 @@ -commit 670cae834827a8f794e6f7464fa57790d911b63c -Author: SoumyaWind <121475834+SoumyaWind@users.noreply.github.com> -Date: Tue Dec 27 17:40:17 2022 +0530 - - shadow: Fix can not print full login timeout message - - Login timed out message prints only first few bytes when write is immediately followed by exit. - Calling exit from new handler provides enough time to display full message. - -Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/670cae834827a8f794e6f7464fa57790d911b63c] - -diff --git a/src/login.c b/src/login.c -index 116e2cb3..c55f4de0 100644 ---- a/src/login.c -+++ b/src/login.c -@@ -120,6 +120,7 @@ static void get_pam_user (char **ptr_pam_user); - - static void init_env (void); - static void alarm_handler (int); -+static void exit_handler (int); - - /* - * usage - print login command usage and exit -@@ -391,11 +392,16 @@ static void init_env (void) - #endif /* !USE_PAM */ - } - -+static void exit_handler (unused int sig) -+{ -+ _exit (0); -+} - - static void alarm_handler (unused int sig) - { - write (STDERR_FILENO, tmsg, strlen (tmsg)); -- _exit (0); -+ signal(SIGALRM, exit_handler); -+ alarm(2); - } - - #ifdef USE_PAM diff --git a/meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch b/meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch deleted file mode 100644 index ac08be515bf..00000000000 --- a/meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 2eaea70111f65b16d55998386e4ceb4273c19eb4 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com> -Date: Fri, 31 Mar 2023 14:46:50 +0200 -Subject: [PATCH] Overhaul valid_field() - -e5905c4b ("Added control character check") introduced checking for -control characters but had the logic inverted, so it rejects all -characters that are not control ones. - -Cast the character to `unsigned char` before passing to the character -checking functions to avoid UB. - -Use strpbrk(3) for the illegal character test and return early. - -Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/2eaea70111f65b16d55998386e4ceb4273c19eb4] - -Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> ---- - lib/fields.c | 24 ++++++++++-------------- - 1 file changed, 10 insertions(+), 14 deletions(-) - -diff --git a/lib/fields.c b/lib/fields.c -index fb51b582..53929248 100644 ---- a/lib/fields.c -+++ b/lib/fields.c -@@ -37,26 +37,22 @@ int valid_field (const char *field, const char *illegal) - - /* For each character of field, search if it appears in the list - * of illegal characters. */ -+ if (illegal && NULL != strpbrk (field, illegal)) { -+ return -1; -+ } -+ -+ /* Search if there are non-printable or control characters */ - for (cp = field; '\0' != *cp; cp++) { -- if (strchr (illegal, *cp) != NULL) { -+ unsigned char c = *cp; -+ if (!isprint (c)) { -+ err = 1; -+ } -+ if (iscntrl (c)) { - err = -1; - break; - } - } - -- if (0 == err) { -- /* Search if there are non-printable or control characters */ -- for (cp = field; '\0' != *cp; cp++) { -- if (!isprint (*cp)) { -- err = 1; -- } -- if (!iscntrl (*cp)) { -- err = -1; -- break; -- } -- } -- } -- - return err; - } - --- -2.34.1 - diff --git a/meta/recipes-extended/shadow/files/CVE-2023-29383.patch b/meta/recipes-extended/shadow/files/CVE-2023-29383.patch deleted file mode 100644 index f53341d3fc2..00000000000 --- a/meta/recipes-extended/shadow/files/CVE-2023-29383.patch +++ /dev/null @@ -1,53 +0,0 @@ -From e5905c4b84d4fb90aefcd96ee618411ebfac663d Mon Sep 17 00:00:00 2001 -From: tomspiderlabs <128755403+tomspiderlabs@users.noreply.github.com> -Date: Thu, 23 Mar 2023 23:39:38 +0000 -Subject: [PATCH] Added control character check - -Added control character check, returning -1 (to "err") if control characters are present. - -CVE: CVE-2023-29383 -Upstream-Status: Backport - -Reference to upstream: -https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d - -Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> ---- - lib/fields.c | 11 +++++++---- - 1 file changed, 7 insertions(+), 4 deletions(-) - -diff --git a/lib/fields.c b/lib/fields.c -index 640be931..fb51b582 100644 ---- a/lib/fields.c -+++ b/lib/fields.c -@@ -21,9 +21,9 @@ - * - * The supplied field is scanned for non-printable and other illegal - * characters. -- * + -1 is returned if an illegal character is present. -- * + 1 is returned if no illegal characters are present, but the field -- * contains a non-printable character. -+ * + -1 is returned if an illegal or control character is present. -+ * + 1 is returned if no illegal or control characters are present, -+ * but the field contains a non-printable character. - * + 0 is returned otherwise. - */ - int valid_field (const char *field, const char *illegal) -@@ -45,10 +45,13 @@ int valid_field (const char *field, const char *illegal) - } - - if (0 == err) { -- /* Search if there are some non-printable characters */ -+ /* Search if there are non-printable or control characters */ - for (cp = field; '\0' != *cp; cp++) { - if (!isprint (*cp)) { - err = 1; -+ } -+ if (!iscntrl (*cp)) { -+ err = -1; - break; - } - } --- -2.34.1 - diff --git a/meta/recipes-extended/shadow/files/CVE-2023-4641.patch b/meta/recipes-extended/shadow/files/CVE-2023-4641.patch deleted file mode 100644 index 1fabfe928e4..00000000000 --- a/meta/recipes-extended/shadow/files/CVE-2023-4641.patch +++ /dev/null @@ -1,147 +0,0 @@ -From 25dbe2ce166a13322b7536ff2f738786ea2e61e7 Mon Sep 17 00:00:00 2001 -From: Alejandro Colomar <alx@kernel.org> -Date: Sat, 10 Jun 2023 16:20:05 +0200 -Subject: [PATCH] gpasswd(1): Fix password leak - -How to trigger this password leak? -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -When gpasswd(1) asks for the new password, it asks twice (as is usual -for confirming the new password). Each of those 2 password prompts -uses agetpass() to get the password. If the second agetpass() fails, -the first password, which has been copied into the 'static' buffer -'pass' via STRFCPY(), wasn't being zeroed. - -agetpass() is defined in <./libmisc/agetpass.c> (around line 91), and -can fail for any of the following reasons: - -- malloc(3) or readpassphrase(3) failure. - - These are going to be difficult to trigger. Maybe getting the system - to the limits of memory utilization at that exact point, so that the - next malloc(3) gets ENOMEM, and possibly even the OOM is triggered. - About readpassphrase(3), ENFILE and EINTR seem the only plausible - ones, and EINTR probably requires privilege or being the same user; - but I wouldn't discard ENFILE so easily, if a process starts opening - files. - -- The password is longer than PASS_MAX. - - The is plausible with physical access. However, at that point, a - keylogger will be a much simpler attack. - -And, the attacker must be able to know when the second password is being -introduced, which is not going to be easy. - -How to read the password after the leak? -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Provoking the leak yourself at the right point by entering a very long -password is easy, and inspecting the process stack at that point should -be doable. Try to find some consistent patterns. - -Then, search for those patterns in free memory, right after the victim -leaks their password. - -Once you get the leak, a program should read all the free memory -searching for patterns that gpasswd(1) leaves nearby the leaked -password. - -On 6/10/23 03:14, Seth Arnold wrote: -> An attacker process wouldn't be able to use malloc(3) for this task. -> There's a handful of tools available for userspace to allocate memory: -> -> - brk / sbrk -> - mmap MAP_ANONYMOUS -> - mmap /dev/zero -> - mmap some other file -> - shm_open -> - shmget -> -> Most of these return only pages of zeros to a process. Using mmap of an -> existing file, you can get some of the contents of the file demand-loaded -> into the memory space on the first use. -> -> The MAP_UNINITIALIZED flag only works if the kernel was compiled with -> CONFIG_MMAP_ALLOW_UNINITIALIZED. This is rare. -> -> malloc(3) doesn't zero memory, to our collective frustration, but all the -> garbage in the allocations is from previous allocations in the current -> process. It isn't leftover from other processes. -> -> The avenues available for reading the memory: -> - /dev/mem and /dev/kmem (requires root, not available with Secure Boot) -> - /proc/pid/mem (requires ptrace privileges, mediated by YAMA) -> - ptrace (requires ptrace privileges, mediated by YAMA) -> - causing memory to be swapped to disk, and then inspecting the swap -> -> These all require a certain amount of privileges. - -How to fix it? -~~~~~~~~~~~~~~ - -memzero(), which internally calls explicit_bzero(3), or whatever -alternative the system provides with a slightly different name, will -make sure that the buffer is zeroed in memory, and optimizations are not -allowed to impede this zeroing. - -This is not really 100% effective, since compilers may place copies of -the string somewhere hidden in the stack. Those copies won't get zeroed -by explicit_bzero(3). However, that's arguably a compiler bug, since -compilers should make everything possible to avoid optimizing strings -that are later passed to explicit_bzero(3). But we all know that -sometimes it's impossible to have perfect knowledge in the compiler, so -this is plausible. Nevertheless, there's nothing we can do against such -issues, except minimizing the time such passwords are stored in plain -text. - -Security concerns -~~~~~~~~~~~~~~~~~ - -We believe this isn't easy to exploit. Nevertheless, and since the fix -is trivial, this fix should probably be applied soon, and backported to -all supported distributions, to prevent someone else having more -imagination than us to find a way. - -Affected versions -~~~~~~~~~~~~~~~~~ - -All. Bug introduced in shadow 19990709. That's the second commit in -the git history. - -Fixes: 45c6603cc86c ("[svn-upgrade] Integrating new upstream version, shadow (19990709)") - -CVE: CVE-2023-4641 -Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/65c88a43a23c2391dcc90c0abda3e839e9c57904] - -Reported-by: Alejandro Colomar <alx@kernel.org> -Cc: Serge Hallyn <serge@hallyn.com> -Cc: Iker Pedrosa <ipedrosa@redhat.com> -Cc: Seth Arnold <seth.arnold@canonical.com> -Cc: Christian Brauner <christian@brauner.io> -Cc: Balint Reczey <rbalint@debian.org> -Cc: Sam James <sam@gentoo.org> -Cc: David Runge <dvzrv@archlinux.org> -Cc: Andreas Jaeger <aj@suse.de> -Cc: <~hallyn/shadow@lists.sr.ht> -Signed-off-by: Alejandro Colomar <alx@kernel.org> -Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> ---- - src/gpasswd.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/gpasswd.c b/src/gpasswd.c -index 5983f787..2d8869ef 100644 ---- a/src/gpasswd.c -+++ b/src/gpasswd.c -@@ -896,6 +896,7 @@ static void change_passwd (struct group *gr) - strzero (cp); - cp = getpass (_("Re-enter new password: ")); - if (NULL == cp) { -+ memzero (pass, sizeof pass); - exit (1); - } - --- -2.34.1 - diff --git a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch index 85d91751056..4a932d2dbb1 100644 --- a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch +++ b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch @@ -1,4 +1,4 @@ -From 21583da072aa66901d859ac00ce209bac87ddecc Mon Sep 17 00:00:00 2001 +From a773c6b240d27e23d6be41decef0edf24fcee523 Mon Sep 17 00:00:00 2001 From: Chen Qi <Qi.Chen@windriver.com> Date: Thu, 17 Jul 2014 15:53:34 +0800 Subject: [PATCH] commonio.c-fix-unexpected-open-failure-in-chroot-env @@ -15,35 +15,37 @@ Note that this patch doesn't change the logic in the code, it just expands the codes. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> - --- lib/commonio.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/lib/commonio.c b/lib/commonio.c -index 9a02ce1..61384ec 100644 +index 73fdb3a..d1231e9 100644 --- a/lib/commonio.c +++ b/lib/commonio.c -@@ -616,10 +616,18 @@ int commonio_open (struct commonio_db *db, int mode) +@@ -606,10 +606,18 @@ int commonio_open (struct commonio_db *db, int mode) db->cursor = NULL; db->changed = false; - fd = open (db->filename, - (db->readonly ? O_RDONLY : O_RDWR) -- | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW); +- | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW | O_CLOEXEC); - saved_errno = errno; + if (db->readonly) { + fd = open (db->filename, + (true ? O_RDONLY : O_RDWR) -+ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW); ++ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW | O_CLOEXEC); + saved_errno = errno; + } else { + fd = open (db->filename, + (false ? O_RDONLY : O_RDWR) -+ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW); ++ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW| O_CLOEXEC); + saved_errno = errno; + } + db->fp = NULL; if (fd >= 0) { #ifdef WITH_TCB +-- +2.30.2 + diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc index ce3ce627156..c024746d4ff 100644 --- a/meta/recipes-extended/shadow/shadow.inc +++ b/meta/recipes-extended/shadow/shadow.inc @@ -5,7 +5,7 @@ BUGTRACKER = "http://github.com/shadow-maint/shadow/issues" SECTION = "base/utils" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://COPYING;md5=c9a450b7be84eac23e6353efecb60b5b \ - file://src/passwd.c;beginline=2;endline=30;md5=758c26751513b6795395275969dd3be1 \ + file://src/passwd.c;beginline=2;endline=7;md5=67bcf314687820b2f010d4863fce3fc5 \ " DEPENDS = "virtual/crypt" @@ -14,10 +14,6 @@ GITHUB_BASE_URI = "https://github.com/shadow-maint/shadow/releases" SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BP}.tar.gz \ ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \ file://useradd \ - file://0001-Fix-can-not-print-full-login.patch \ - file://CVE-2023-29383.patch \ - file://0001-Overhaul-valid_field.patch \ - file://CVE-2023-4641.patch \ " SRC_URI:append:class-target = " \ @@ -26,14 +22,9 @@ SRC_URI:append:class-target = " \ " SRC_URI:append:class-native = " \ - file://0001-Disable-use-of-syslog-for-sysroot.patch \ file://commonio.c-fix-unexpected-open-failure-in-chroot-env.patch \ " -SRC_URI:append:class-nativesdk = " \ - file://0001-Disable-use-of-syslog-for-sysroot.patch \ - " -SRC_URI[sha256sum] = "813057047499c7fe81108adcf0cffa3ad4ec75e19a80151f9cbaa458ff2e86cd" - +SRC_URI[sha256sum] = "a305edf5d19bddbdf5e836d2d609fa8bff2d35458819de4d9f06306a1cf24342" # Additional Policy files for PAM PAM_SRC_URI = "file://pam.d/chfn \ @@ -44,7 +35,7 @@ PAM_SRC_URI = "file://pam.d/chfn \ file://pam.d/passwd \ file://pam.d/su" -inherit autotools gettext github-releases +inherit autotools gettext github-releases pkgconfig export CONFIG_SHELL="/bin/sh" @@ -54,6 +45,8 @@ EXTRA_OECONF += "--without-libcrack \ --without-sssd \ ${NSCDOPT}" +CFLAGS:append:libc-musl = " -DLIBBSD_OVERLAY" + NSCDOPT = "" NSCDOPT:class-native = "--without-nscd" NSCDOPT:class-nativesdk = "--without-nscd" @@ -73,13 +66,14 @@ PAM_PLUGINS = "libpam-runtime \ PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \ ${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}" -PACKAGECONFIG:class-native ??= "${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}" +PACKAGECONFIG:class-native ??= "${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)} libbsd" PACKAGECONFIG:class-nativesdk = "" PACKAGECONFIG[pam] = "--with-libpam,--without-libpam,libpam,${PAM_PLUGINS}" PACKAGECONFIG[attr] = "--with-attr,--without-attr,attr" PACKAGECONFIG[acl] = "--with-acl,--without-acl,acl" PACKAGECONFIG[audit] = "--with-audit,--without-audit,audit" PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux libsemanage" +PACKAGECONFIG[libbsd] = "--with-libbsd,--without-libbsd,libbsd" RDEPENDS:${PN} = "shadow-securetty \ base-passwd \ diff --git a/meta/recipes-extended/shadow/shadow_4.13.bb b/meta/recipes-extended/shadow/shadow_4.14.2.bb similarity index 100% rename from meta/recipes-extended/shadow/shadow_4.13.bb rename to meta/recipes-extended/shadow/shadow_4.14.2.bb
License-Update: formatting, spdx conversion Drop: 0001-Disable-use-of-syslog-for-sysroot.patch (issue fixed upstream) 0001-Fix-can-not-print-full-login.patch 0001-Overhaul-valid_field.patch CVE-2023-29383.patch (backports) libbsd is a new native dependency, as otherwise glibc >= 2.38 is needed. A similar fix is added to musl in order to define non-standard __BEGIN_DECLS/__END_DECLS. Signed-off-by: Alexander Kanavin <alex@linutronix.de> --- ...01-Disable-use-of-syslog-for-sysroot.patch | 52 ------- .../0001-Fix-can-not-print-full-login.patch | 41 ----- .../files/0001-Overhaul-valid_field.patch | 65 -------- .../shadow/files/CVE-2023-29383.patch | 53 ------- .../shadow/files/CVE-2023-4641.patch | 147 ------------------ ...nexpected-open-failure-in-chroot-env.patch | 16 +- meta/recipes-extended/shadow/shadow.inc | 20 +-- .../{shadow_4.13.bb => shadow_4.14.2.bb} | 0 8 files changed, 16 insertions(+), 378 deletions(-) delete mode 100644 meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch delete mode 100644 meta/recipes-extended/shadow/files/0001-Fix-can-not-print-full-login.patch delete mode 100644 meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch delete mode 100644 meta/recipes-extended/shadow/files/CVE-2023-29383.patch delete mode 100644 meta/recipes-extended/shadow/files/CVE-2023-4641.patch rename meta/recipes-extended/shadow/{shadow_4.13.bb => shadow_4.14.2.bb} (100%)