From patchwork Tue Dec 17 20:54:52 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 54259
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 85900E77184
	for <webhook@archiver.kernel.org>; Tue, 17 Dec 2024 20:55:20 +0000 (UTC)
Received: from mail-pf1-f171.google.com (mail-pf1-f171.google.com
 [209.85.210.171])
 by mx.groups.io with SMTP id smtpd.web10.91464.1734468920287494200
 for <openembedded-core@lists.openembedded.org>;
 Tue, 17 Dec 2024 12:55:20 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=1wk+W4Z1;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.171,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f171.google.com with SMTP id
 d2e1a72fcca58-725ea1e19f0so5045557b3a.3
        for <openembedded-core@lists.openembedded.org>;
 Tue, 17 Dec 2024 12:55:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1734468919;
 x=1735073719; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=eEiaKCU+x1U9N63VvuvSXEhINv/647jg0nO0w0XYr0Y=;
        b=1wk+W4Z1IM7TUCX3iLwAs2bZEErwz4pvDRH00JZ+EfqA+q+2SgU4ElvAKRumoyNOU+
         GL+q/zatv48DyYUlaWlIlLK68wmf6aAKKMQEaBVKph9qvS5sY+7t3aaIDBMro0I2xVnN
         mQp9PRfQ8jNkbyUllkcQf4+wBVn5LYupQ27kSQGegCCTXisFke2VxVwV4dapF5XgpdK8
         TCD/V2kyNKx/v7KLCFx8uxKrsGNQ7xiscRJe1ePq+rENaN/YMn2C/y6pRkH5GJz/ptcA
         9ez4QAbrXGQvjuUItmRNGbkVjbdDtwAYRCKeYKScF5eH1LQP5kPkA5INqw9Ta2TiDJ0b
         cCSw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1734468919; x=1735073719;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=eEiaKCU+x1U9N63VvuvSXEhINv/647jg0nO0w0XYr0Y=;
        b=MwnMqlo8VNGWfm4ah4+N3X3jmYLsVQsRLCRANhRTX06en6R/lNa0VwGTWTp7Y5P6h2
         ruZ/tN3ORw1j6y19hyEg4qeC2PVUj3CAw7W5xdITolf9yceyVO7zb9ijTHnUDg/xYTLF
         DNIqLXeJAgDSGMTw0d/aF1GU9oeag/ALXDqypWJ89UA6pIdNdbkla/nb9l5uLIC+tazT
         ZO4xJ5qf4KCuFSeoMZVIp/JQkbICWUZyejBt9TktnJiX04wy6SpiMw7HzcXr5O4Nu/i1
         YpJM4svgb1ZnkfspmWYuKT9nGbF3XApIAaDZZinfqx0kcVUHeV0bMstXezH9Ul/0Y1eK
         +hYQ==
X-Gm-Message-State: AOJu0YxYSLkTOXGDc73VzMFq/Ghd53xecnco65jwC4EKmrc6u8AVxTY5
	dWfNaqPBe8lYY/2AQVzr+NwFCeA0JJ/5YN2RnfOvNgGRbzZk1GrXw4MGtsR22G49d3szhuhHtut
	u
X-Gm-Gg: ASbGncu92b5QSS1v9Un32QxEoEwTo4i6IChY7djBYNn7C2tjJb9qmi7yY5pWG4C74o4
	iFGC6evlQEcVmQV8PAGgr38/ofc5uHQK3VO4t+Rs+/OCy/Bp+n0rA7L9DJdWgJi4RzTqVLnsbJp
	kg47oyYzr/KlSklMBnCmkVg8cfPUCqeTTaR8EREGfciWpioxJmxfJ+PGTexhfitTjhfSGpbC4v/
	4d694mLy8NmweMh2etaYEIPI64JXit3+wUPgoc1f1T9Og==
X-Google-Smtp-Source: 
 AGHT+IHlsaEQSTNQMhbsTh/MKKoYA7h2xmGqrEZvUghDMcb7Imu8TgAyaVJt5qXBc3BFBvueNEdbEw==
X-Received: by 2002:a05:6a00:3a19:b0:725:ead7:fcae with SMTP id
 d2e1a72fcca58-72a8d2a5e90mr670720b3a.18.1734468919513;
        Tue, 17 Dec 2024 12:55:19 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-72918ad5bc5sm7353294b3a.69.2024.12.17.12.55.18
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 17 Dec 2024 12:55:19 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 1/9] xserver-xorg: fix CVE-2024-9632
Date: Tue, 17 Dec 2024 12:54:52 -0800
Message-Id: 
 <5c0bfc80311b31646df9abfa02436825024baec1.1734468756.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1734468756.git.steve@sakoman.com>
References: <cover.1734468756.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 17 Dec 2024 20:55:20 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/208847

From: Yogita Urade <yogita.urade@windriver.com>

A flaw was found in the X.org server. Due to improperly
tracked allocation size in _XkbSetCompatMap, a local
attacker may be able to trigger a buffer overflow condition
via a specially crafted payload, leading to denial of service
or local privilege escalation in distributions where the
X.org server is run with root privileges.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-9632

Upstream patch:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/ba1d14f8eff2a123bd7ff4d48c02e1d5131358e0

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../xserver-xorg/CVE-2024-9632.patch          | 58 +++++++++++++++++++
 .../xorg-xserver/xserver-xorg_21.1.8.bb       |  1 +
 2 files changed, 59 insertions(+)
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-9632.patch

diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-9632.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-9632.patch
new file mode 100644
index 0000000000..387cdaa3c9
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-9632.patch
@@ -0,0 +1,58 @@
+From ba1d14f8eff2a123bd7ff4d48c02e1d5131358e0 Mon Sep 17 00:00:00 2001
+From: Matthieu Herrb <matthieu@herrb.eu>
+Date: Thu, 10 Oct 2024 10:37:28 +0200
+Subject: [PATCH] xkb: Fix buffer overflow in _XkbSetCompatMap()
+
+The _XkbSetCompatMap() function attempts to resize the `sym_interpret`
+buffer.
+
+However, It didn't update its size properly. It updated `num_si` only,
+without updating `size_si`.
+
+This may lead to local privilege escalation if the server is run as root
+or remote code execution (e.g. x11 over ssh).
+
+CVE-2024-9632, ZDI-CAN-24756
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Tested-by: Peter Hutterer <peter.hutterer@who-t.net>
+Reviewed-by: José Expósito <jexposit@redhat.com>
+(cherry picked from commit 85b77657)
+
+Part-of: <!1734>
+
+CVE: CVE-2024-9632
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/ba1d14f8eff2a123bd7ff4d48c02e1d5131358e0]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ xkb/xkb.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/xkb/xkb.c b/xkb/xkb.c
+index 276dc19..7da00a0 100644
+--- a/xkb/xkb.c
++++ b/xkb/xkb.c
+@@ -2992,13 +2992,13 @@ _XkbSetCompatMap(ClientPtr client, DeviceIntPtr dev,
+         XkbSymInterpretPtr sym;
+         unsigned int skipped = 0;
+
+-        if ((unsigned) (req->firstSI + req->nSI) > compat->num_si) {
+-            compat->num_si = req->firstSI + req->nSI;
++        if ((unsigned) (req->firstSI + req->nSI) > compat->size_si) {
++            compat->num_si = compat->size_si = req->firstSI + req->nSI;
+             compat->sym_interpret = reallocarray(compat->sym_interpret,
+-                                                 compat->num_si,
++                                                 compat->size_si,
+                                                  sizeof(XkbSymInterpretRec));
+             if (!compat->sym_interpret) {
+-                compat->num_si = 0;
++                compat->num_si = compat->size_si = 0;
+                 return BadAlloc;
+             }
+         }
+--
+2.40.0
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
index fe577050d9..a9cb1b5bde 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
@@ -21,6 +21,7 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat
            file://CVE-2024-31082.patch \
            file://CVE-2024-31083-0001.patch \
            file://CVE-2024-31083-0002.patch \
+           file://CVE-2024-9632.patch \
            "
 SRC_URI[sha256sum] = "38aadb735650c8024ee25211c190bf8aad844c5f59632761ab1ef4c4d5aeb152"
 

From patchwork Tue Dec 17 20:54:53 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 54263
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id A16E8E7718A
	for <webhook@archiver.kernel.org>; Tue, 17 Dec 2024 20:55:30 +0000 (UTC)
Received: from mail-pf1-f172.google.com (mail-pf1-f172.google.com
 [209.85.210.172])
 by mx.groups.io with SMTP id smtpd.web11.91803.1734468923504652962
 for <openembedded-core@lists.openembedded.org>;
 Tue, 17 Dec 2024 12:55:23 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=yg0ZyGl7;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.172,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f172.google.com with SMTP id
 d2e1a72fcca58-725e71a11f7so76456b3a.1
        for <openembedded-core@lists.openembedded.org>;
 Tue, 17 Dec 2024 12:55:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1734468923;
 x=1735073723; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=GGuO1kIe2VkHlZOFZUuUBzDMghj3MDM/w6g5xSf+pog=;
        b=yg0ZyGl7w0uzyAgSyVk+TniZ+G5pkCxkbvDSinjJBBXjAEf7w0MV/cSfATR8oaeoHL
         FHliLmEsd7uPQt97WlbeG7VP6hi45On7ZbpuvRhBRapYXVTkm31WgTPpV30xY3o2NCvl
         ZNOAzQGQBGDG0npakXieKQhf2zCJu08DFB0m5r5pOq9+J7KMMH2vc/M6aPyoCVMQ0Qiw
         9Ael6Lp9Gvn73lI1p6G4OL6sm+ZzF6UWIDK+ZOCUVYZyiTvgLjO32wK3wlrbUFzIsyZG
         Krn5kEsQIjT2uS+M7J2OOBbxQ9P4d0AnmeskyyXTkghmzvMSi7G7dOCmdvrvqA5T28AF
         dAwg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1734468923; x=1735073723;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=GGuO1kIe2VkHlZOFZUuUBzDMghj3MDM/w6g5xSf+pog=;
        b=uqsScEVn2ybGiYNmxbWmetM2gJEDNK1TW9+00NteInEu2KumtX+5tVX6Z5TXv/hudP
         y75BxlFd/OmT+frPkoaDVa8FLk9zmW5eQCA1/iW/crZ+3VFo98veYNsf3O86ErvaEKrX
         4gMh3pqAgCJssBzxMcEzAeToE/2y7ghhLoUWanLBATaUQ8RelhUw8PeK42nZ4MlkVcDW
         2oenub2F9vrovPBrL6VlkYP2GUC3gSAlIEnhglnH50STbshbEffKHN+bTZiW+vksv12S
         X1x8wWtWtyeS0S/d3bBhIWQclCJQPTCoTk0O/mQea4uXyWDdKfrzgQrdcYtGHwLMsRBD
         Vabw==
X-Gm-Message-State: AOJu0YxpUn/S+5R2GYGK2MlS3nx5n2Ced6ykxYemcz5duCrp79SrWx18
	KPLlzG6b7sqvGirjONVGumgA23jQuQIQp87I2fZYxsFwqmsBxezV2OqOS+i3sFF/hBH6Hn4Sjg/
	c
X-Gm-Gg: ASbGncsfdebOA5hVEjsrW8PVch81VOwfvn0FfeiptYhcBoLKP42fOuuRNz2GbBvgCAc
	YuG/MhZcx7tLszC5cJr664xQ6s6tsTMSA49ID1HPVADP8zPVuG1h867BuuMSgY11pKsmAzdz9HD
	YdLfQw0+J+Xtu7AbHiIMY/kBEljoTM+2AX68u1s0X/Z0b5kqKZ1SBP+6euPwicRHMy9BCDf9q8a
	hONjitUdMXt3Zx5lBf+GPi5qP0aKqz3SEhAFAe+tOheSw==
X-Google-Smtp-Source: 
 AGHT+IG1TWPt77W0OHan5e5u2sStcPv+WJC8LOUfOOgZx7+/Tx2cJnKpvOWUnoLsJfs/HDlGhMbg7Q==
X-Received: by 2002:a05:6a20:9f46:b0:1e1:b0e8:11dc with SMTP id
 adf61e73a8af0-1e5b5a799e5mr346648637.21.1734468921217;
        Tue, 17 Dec 2024 12:55:21 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-72918ad5bc5sm7353294b3a.69.2024.12.17.12.55.20
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 17 Dec 2024 12:55:20 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 2/9] subversion: fix CVE-2024-46901
Date: Tue, 17 Dec 2024 12:54:53 -0800
Message-Id: 
 <1ecab37b4c3cdc8a45b267f4da203daf9abac77a.1734468756.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1734468756.git.steve@sakoman.com>
References: <cover.1734468756.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 17 Dec 2024 20:55:30 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/208849

From: Jiaying Song <jiaying.song.cn@windriver.com>

Insufficient validation of filenames against control characters in
Apache Subversion repositories served via mod_dav_svn allows
authenticated users with commit access to commit a corrupted revision,
leading to disruption for users of the repository. All versions of
Subversion up to and including Subversion 1.14.4 are affected if serving
repositories via mod_dav_svn. Users are recommended to upgrade to
version 1.14.5, which fixes this issue. Repositories served via other
access methods are not affected.

References:
https://nvd.nist.gov/vuln/detail/CVE-2024-46901

Upstream patches:
https://subversion.apache.org/security/CVE-2024-46901-advisory.txt

Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../subversion/CVE-2024-46901.patch           | 161 ++++++++++++++++++
 .../subversion/subversion_1.14.2.bb           |   3 +-
 2 files changed, 163 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-devtools/subversion/subversion/CVE-2024-46901.patch

diff --git a/meta/recipes-devtools/subversion/subversion/CVE-2024-46901.patch b/meta/recipes-devtools/subversion/subversion/CVE-2024-46901.patch
new file mode 100644
index 0000000000..4b28a58507
--- /dev/null
+++ b/meta/recipes-devtools/subversion/subversion/CVE-2024-46901.patch
@@ -0,0 +1,161 @@
+From 149e299cd7eaadc8248480300b6e13b097c5b3fa Mon Sep 17 00:00:00 2001
+From: Jiaying Song <jiaying.song.cn@windriver.com>
+Date: Fri, 13 Dec 2024 12:19:43 +0800
+Subject: [PATCH] Fix CVE-2024-46901
+
+It has been discovered that the patch for CVE-2013-1968 was incomplete and unintentionally left mod_dav_svn vulnerable to control characters in filenames.
+
+Upstream-Status: Backport
+[https://subversion.apache.org/security/CVE-2024-46901-advisory.txt]
+
+CVE: CVE-2024-46901
+
+Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
+---
+ .../include/private/svn_repos_private.h       |  8 +++++
+ subversion/libsvn_repos/commit.c              |  3 +-
+ subversion/libsvn_repos/repos.c               | 10 +++++++
+ subversion/mod_dav_svn/lock.c                 |  7 +++++
+ subversion/mod_dav_svn/repos.c                | 29 +++++++++++++++++++
+ 5 files changed, 55 insertions(+), 2 deletions(-)
+
+diff --git a/subversion/include/private/svn_repos_private.h b/subversion/include/private/svn_repos_private.h
+index 1fd34e8..1d5fc9c 100644
+--- a/subversion/include/private/svn_repos_private.h
++++ b/subversion/include/private/svn_repos_private.h
+@@ -390,6 +390,14 @@ svn_repos__get_dump_editor(const svn_delta_editor_t **editor,
+                            const char *update_anchor_relpath,
+                            apr_pool_t *pool);
+ 
++/* Validate that the given PATH is a valid pathname that can be stored in
++ * a Subversion repository, according to the name constraints used by the
++ * svn_repos_* layer.
++ */
++svn_error_t *
++svn_repos__validate_new_path(const char *path,
++                             apr_pool_t *scratch_pool);
++
+ #ifdef __cplusplus
+ }
+ #endif /* __cplusplus */
+diff --git a/subversion/libsvn_repos/commit.c b/subversion/libsvn_repos/commit.c
+index 515600d..aad37ee 100644
+--- a/subversion/libsvn_repos/commit.c
++++ b/subversion/libsvn_repos/commit.c
+@@ -308,8 +308,7 @@ add_file_or_directory(const char *path,
+   svn_boolean_t was_copied = FALSE;
+   const char *full_path, *canonicalized_path;
+ 
+-  /* Reject paths which contain control characters (related to issue #4340). */
+-  SVN_ERR(svn_path_check_valid(path, pool));
++  SVN_ERR(svn_repos__validate_new_path(path, pool));
+ 
+   SVN_ERR(svn_relpath_canonicalize_safe(&canonicalized_path, NULL, path,
+                                         pool, pool));
+diff --git a/subversion/libsvn_repos/repos.c b/subversion/libsvn_repos/repos.c
+index 2189de8..119f04b 100644
+--- a/subversion/libsvn_repos/repos.c
++++ b/subversion/libsvn_repos/repos.c
+@@ -2092,3 +2092,13 @@ svn_repos__fs_type(const char **fs_type,
+                      svn_dirent_join(repos_path, SVN_REPOS__DB_DIR, pool),
+                      pool);
+ }
++
++svn_error_t *
++svn_repos__validate_new_path(const char *path,
++                             apr_pool_t *scratch_pool)
++{
++  /* Reject paths which contain control characters (related to issue #4340). */
++  SVN_ERR(svn_path_check_valid(path, scratch_pool));
++
++  return SVN_NO_ERROR;
++}
+diff --git a/subversion/mod_dav_svn/lock.c b/subversion/mod_dav_svn/lock.c
+index 7e9c94b..d2a6aa9 100644
+--- a/subversion/mod_dav_svn/lock.c
++++ b/subversion/mod_dav_svn/lock.c
+@@ -36,6 +36,7 @@
+ #include "svn_pools.h"
+ #include "svn_props.h"
+ #include "private/svn_log.h"
++#include "private/svn_repos_private.h"
+ 
+ #include "dav_svn.h"
+ 
+@@ -717,6 +718,12 @@ append_locks(dav_lockdb *lockdb,
+ 
+       /* Commit a 0-byte file: */
+ 
++      if ((serr = svn_repos__validate_new_path(resource->info->repos_path,
++                                               resource->pool)))
++        return dav_svn__convert_err(serr, HTTP_BAD_REQUEST,
++                                    "Request specifies an invalid path.",
++                                    resource->pool);
++
+       if ((serr = dav_svn__get_youngest_rev(&rev, repos, resource->pool)))
+         return dav_svn__convert_err(serr, HTTP_INTERNAL_SERVER_ERROR,
+                                     "Could not determine youngest revision",
+diff --git a/subversion/mod_dav_svn/repos.c b/subversion/mod_dav_svn/repos.c
+index 8cbd5e7..778ae9b 100644
+--- a/subversion/mod_dav_svn/repos.c
++++ b/subversion/mod_dav_svn/repos.c
+@@ -2928,6 +2928,15 @@ open_stream(const dav_resource *resource,
+ 
+   if (kind == svn_node_none) /* No existing file. */
+     {
++      serr = svn_repos__validate_new_path(resource->info->repos_path,
++                                          resource->pool);
++
++      if (serr != NULL)
++        {
++          return dav_svn__convert_err(serr, HTTP_BAD_REQUEST,
++                                      "Request specifies an invalid path.",
++                                      resource->pool);
++        }
+       serr = svn_fs_make_file(resource->info->root.root,
+                               resource->info->repos_path,
+                               resource->pool);
+@@ -4120,6 +4129,14 @@ create_collection(dav_resource *resource)
+         return err;
+     }
+ 
++  if ((serr = svn_repos__validate_new_path(resource->info->repos_path,
++                                           resource->pool)) != NULL)
++    {
++      return dav_svn__convert_err(serr, HTTP_BAD_REQUEST,
++                                  "Request specifies an invalid path.",
++                                  resource->pool);
++    }
++
+   if ((serr = svn_fs_make_dir(resource->info->root.root,
+                               resource->info->repos_path,
+                               resource->pool)) != NULL)
+@@ -4193,6 +4210,12 @@ copy_resource(const dav_resource *src,
+       if (err)
+         return err;
+     }
++  
++  serr = svn_repos__validate_new_path(dst->info->repos_path, dst->pool);
++  if (serr)
++    return dav_svn__convert_err(serr, HTTP_BAD_REQUEST,
++                                "Request specifies an invalid path.",
++                                dst->pool);
+ 
+   src_repos_path = svn_repos_path(src->info->repos->repos, src->pool);
+   dst_repos_path = svn_repos_path(dst->info->repos->repos, dst->pool);
+@@ -4430,6 +4453,12 @@ move_resource(dav_resource *src,
+   if (err)
+     return err;
+ 
++  serr = svn_repos__validate_new_path(dst->info->repos_path, dst->pool);
++  if (serr)
++    return dav_svn__convert_err(serr, HTTP_BAD_REQUEST,
++                                "Request specifies an invalid path.",
++                                dst->pool);
++
+   /* Copy the src to the dst. */
+   serr = svn_fs_copy(src->info->root.root,  /* the root object of src rev*/
+                      src->info->repos_path, /* the relative path of src */
+-- 
+2.25.1
+
diff --git a/meta/recipes-devtools/subversion/subversion_1.14.2.bb b/meta/recipes-devtools/subversion/subversion_1.14.2.bb
index ba208d922f..35da95f39d 100644
--- a/meta/recipes-devtools/subversion/subversion_1.14.2.bb
+++ b/meta/recipes-devtools/subversion/subversion_1.14.2.bb
@@ -10,7 +10,8 @@ DEPENDS:append:class-native = " file-replacement-native"
 
 SRC_URI = "${APACHE_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
            file://serfmacro.patch \
-           "
+           file://CVE-2024-46901.patch \
+          "
 
 SRC_URI[sha256sum] = "c9130e8d0b75728a66f0e7038fc77052e671830d785b5616aad53b4810d3cc28"
 

From patchwork Tue Dec 17 20:54:54 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 54260
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 83A31E7717F
	for <webhook@archiver.kernel.org>; Tue, 17 Dec 2024 20:55:30 +0000 (UTC)
Received: from mail-pf1-f174.google.com (mail-pf1-f174.google.com
 [209.85.210.174])
 by mx.groups.io with SMTP id smtpd.web10.91465.1734468923324781986
 for <openembedded-core@lists.openembedded.org>;
 Tue, 17 Dec 2024 12:55:23 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=b3hMZl46;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.174,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f174.google.com with SMTP id
 d2e1a72fcca58-728e81257bfso4721300b3a.2
        for <openembedded-core@lists.openembedded.org>;
 Tue, 17 Dec 2024 12:55:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1734468922;
 x=1735073722; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=YBBwbKkJNkAxbV6reQGMzig9wXJR+66083INzpvkMfc=;
        b=b3hMZl46ygg46T+FczN82mvY7SOpkqjTis77twg2I/6MM4nQo+AU7Im1MWiBbf/i4U
         QedO623D3CLlfW/Y6oW/D0n2NltJuYdZRDYQh8vO0p3BqgrbY5n/IzTjWy5dhoN0oPMp
         bksA6Cc9J3ei4ruMljNMWLwp9d0rXxp8sL4X+vq8aklyz6QnZ+bnHMMzHJOwq4dhd+Ml
         PQCZqdDmDFbcvtJTb4wnNEyawTr3JZoiiDfGAUhcMXDbtyeafN8vxXx6RqacR0tjeqfC
         5RVj2MsP6DF1G2WEBzSwEvu8GJRF/7JELmWwgxiQ9MsLgav8xzLKQPygTdRnCt1GWbQO
         NzIg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1734468922; x=1735073722;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=YBBwbKkJNkAxbV6reQGMzig9wXJR+66083INzpvkMfc=;
        b=XmikGVqktZOe1QroZ83dvxlwtcvjcnZTuoEbbfE27cuh150ZkbuGadkMF9vwC7auWJ
         cgsJOSweS/Op3t/Hyt3Yw0dxQ7pnu7yTEeT7XbFkRxvubTUMW2wPU93PxikMKQr/TH+d
         gMG+kcpCms9EIN9pjSTItiIacQvOulgvT6JMi86ko4151yH03jCUuxlSreVwIBLo8LCg
         rgxG1JwXRpBpC0haln0rN1ZV0yuakE/S9e5ms2DPpFmS4Bgxfm91HQ7QRMHlt0KLRDDS
         xmi4vJGV3BzVKhHMu80Mgm41Tj/xoZRFf3f4w8vW11KCc3N+48BFHvWuaGLI2Sac6SR1
         mk7A==
X-Gm-Message-State: AOJu0YwPDezl0SHF9YSNDdjohiaxqhS1hdCZwMK0pJsF1vx7XWgF2Aeo
	42xYUVSmKFC954COjIQrIQj9AhU4iphJ6CGNOa/GbcQdE3j+StxbBX2FgYY1hcw/H4C3cZcG9Hy
	K
X-Gm-Gg: ASbGncuaJviSIePS0DIWmZyIGq74KNHSETPB72AAJVgZCiBnOifDCwbb4x83idOz2c7
	NnFLLej/KKlB3eQxp6A4sDjaiLt3ZZzIAW7ByxR2+kC0uo5R+YMhgXCYu9yxjCT/kgbCjrJEVgL
	frwJSdG/KBGDCsNieZ3p8Yu4Cbdu13n1HW7R5UCdntyHRkvtgFseS7YQu5YbXe8dQkLLthSKA8W
	Ia3ncjmcoHE5zouB/+elmPfbSkA6ZC9sMS5EOufrCh2fg==
X-Google-Smtp-Source: 
 AGHT+IGGP+UBY/EESNoQGcrAOzPr+WwAni9By+620dge/xqBnd/UZnoFri3yC6EPPlyTnITxCNl60Q==
X-Received: by 2002:a05:6a20:9f04:b0:1e1:f281:8d07 with SMTP id
 adf61e73a8af0-1e5b47fb4bbmr754733637.10.1734468922586;
        Tue, 17 Dec 2024 12:55:22 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-72918ad5bc5sm7353294b3a.69.2024.12.17.12.55.22
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 17 Dec 2024 12:55:22 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 3/9] package.bbclass: Use shlex instead of
 deprecated pipes
Date: Tue, 17 Dec 2024 12:54:54 -0800
Message-Id: 
 <bcaab04c20cbefced7d20beb9c37e042f8dc1577.1734468756.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1734468756.git.steve@sakoman.com>
References: <cover.1734468756.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 17 Dec 2024 20:55:30 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/208848

From: Ernst Persson <ernst.persson@non.se.com>

The pipes library is deprecated in Python 3.11 and will be removed in
Python 3.13. pipes.quote is just an import of shlex.quote anyway.

Signed-off-by: Ernst Persson <ernst.persson@non.se.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/package.bbclass | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/classes/package.bbclass b/meta/classes/package.bbclass
index 07bf5eb426..e6ba79346c 100644
--- a/meta/classes/package.bbclass
+++ b/meta/classes/package.bbclass
@@ -1850,7 +1850,7 @@ SHLIBSWORKDIR = "${PKGDESTWORK}/${MLPREFIX}shlibs2"
 
 python package_do_shlibs() {
     import itertools
-    import re, pipes
+    import re, shlex
     import subprocess
 
     exclude_shlibs = d.getVar('EXCLUDE_FROM_SHLIBS', False)
@@ -1894,7 +1894,7 @@ python package_do_shlibs() {
         sonames = set()
         renames = []
         ldir = os.path.dirname(file).replace(pkgdest + "/" + pkg, '')
-        cmd = d.getVar('OBJDUMP') + " -p " + pipes.quote(file) + " 2>/dev/null"
+        cmd = d.getVar('OBJDUMP') + " -p " + shlex.quote(file) + " 2>/dev/null"
         fd = os.popen(cmd)
         lines = fd.readlines()
         fd.close()

From patchwork Tue Dec 17 20:54:55 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 54264
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 901A1E77187
	for <webhook@archiver.kernel.org>; Tue, 17 Dec 2024 20:55:30 +0000 (UTC)
Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com
 [209.85.210.179])
 by mx.groups.io with SMTP id smtpd.web10.91466.1734468925144453824
 for <openembedded-core@lists.openembedded.org>;
 Tue, 17 Dec 2024 12:55:25 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=vJJp+7eE;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.179,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f179.google.com with SMTP id
 d2e1a72fcca58-725f4623df7so5138236b3a.2
        for <openembedded-core@lists.openembedded.org>;
 Tue, 17 Dec 2024 12:55:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1734468924;
 x=1735073724; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=UhYKbWxRCDoCa2+tI15x6/KdXeJyes4iXljh1q2ZsS4=;
        b=vJJp+7eEafkucVghf0+VG5eJ3FTM/4mLO4j/8B0MQutwCprpUJvF2eTJdwNksDYdBA
         djVm1WuQXUVjviIAuVPv68vsbi7PFhv0sSHA+PkdffnKetXneze2u+mPlGf0ANz92KFQ
         We9zU7eFXoFpBOav8aoOb7ahQ6QvxbSHSP+wbDQwqdqTvD2D2LNogyitsfre3AA77l+f
         jFQ0sojPaLSR69AKyWtCVi7vV8RF/S4pQBWSsw13QvXgV70jpGgT6DAyBHxoeQzoeQzA
         WvoMS9sZSKbIzEjwDKobtcRpeaKBR/3zwAQ0hL+tB4JxMaI9C/1JsxeuOHr+l9vM3SLb
         QOLQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1734468924; x=1735073724;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=UhYKbWxRCDoCa2+tI15x6/KdXeJyes4iXljh1q2ZsS4=;
        b=i817z+rNRKIOcF3C0V2QS6XkMY2xImyIq6/l07ggoB1fG07fyR4dB2c0wyhSpdTfPi
         ynXwG5les1bm9tQecsnhMwtqInE7dvXhPHPA3xHtuyAlJgCuIPExxzuCvrgtESYZvnoz
         2UCwz9MSDNZ/3yhPaQviYgijimg30LyngNRlKm6MDc/dSCcNlfRh8+14pR2QM9jltqXU
         B2/ySDu27oLuQ6xqSTOnCJ/GSBpFfl3C6NIDLUsQG3YTnpm6Mn98H0xMpGnuLMA9R8fj
         KldXmpHw81GRQDEXNEkf37dxiX+UsAylpvm6ZuUvp7c3AIEW+F8uOU3N9WHRd4S6lYyL
         8Pig==
X-Gm-Message-State: AOJu0YxZUDgXAM1+NNA8zjzd8NXGSFQ22opS2VT128i3HksnVJAyJLyN
	TfzwjMu35hYrFhR0sHugh+UUyz0gsqeanmIvEKseJ8a6Se0rkA1WSfYPaKtpTzVWQaBLsc0/0Qf
	M
X-Gm-Gg: ASbGncsI7syDM1PHWnyVgXDpgwfB3bYojkDEWsv50SEahLxJyl7pUkpQYKyuIFJ7qYW
	My0Cvhw6nMHTPmRRmfle3YMeYW3Pasxqdh9OMwHJrcJewVxZuniWxz/CC7ywe5LGH/gJcL0MH+7
	ra7LHI6qcQtMvNDMuBlSGzYV8vPndvIvNuOtfZz4uvmBzmnPnIcNDHJX6Ry78SoOueJzkf8FLIL
	2CL8aODTT0dg/NXCh3prbwUJUGr+F6lLxbl0JkKpT390w==
X-Google-Smtp-Source: 
 AGHT+IHQ6ze3uWvt2qe0LasibSAMpHfnqNxw77qoXAv9/jKewEzsCdwTEVYt+vO/BnIHMrEKQxN2jA==
X-Received: by 2002:a05:6a00:3307:b0:725:90f9:daf9 with SMTP id
 d2e1a72fcca58-72a8d261072mr585314b3a.15.1734468924234;
        Tue, 17 Dec 2024 12:55:24 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-72918ad5bc5sm7353294b3a.69.2024.12.17.12.55.23
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 17 Dec 2024 12:55:23 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 4/9] base-passwd: Regenerate the patches
Date: Tue, 17 Dec 2024 12:54:55 -0800
Message-Id: 
 <1e146868b59b5d3982576c18376331a8678e539f.1734468756.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1734468756.git.steve@sakoman.com>
References: <cover.1734468756.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 17 Dec 2024 20:55:30 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/208850

From: Peter Kjellerstedt <peter.kjellerstedt@axis.com>

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6515d96c12b080b9e7f344799e26dba3b98e17e2)
Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../0001-Add-a-shutdown-group.patch           | 26 +++++++++++++++++++
 ...nstead-of-bin-bash-for-the-root-user.patch | 23 ++++++++++++++++
 ...-since-we-do-not-have-an-etc-shadow.patch} | 15 ++++++++---
 ...put-group-for-the-dev-input-devices.patch} | 17 ++++++------
 .../{kvm.patch => 0005-Add-kvm-group.patch}   |  2 +-
 ...006-Disable-shell-for-default-users.patch} |  5 +---
 ...ble-generation-of-the-documentation.patch} | 22 +++++++++++-----
 .../base-passwd/add_shutdown.patch            | 19 --------------
 .../base-passwd/base-passwd/nobash.patch      | 15 -----------
 .../base-passwd/base-passwd_3.5.29.bb         | 14 +++++-----
 10 files changed, 93 insertions(+), 65 deletions(-)
 create mode 100644 meta/recipes-core/base-passwd/base-passwd/0001-Add-a-shutdown-group.patch
 create mode 100644 meta/recipes-core/base-passwd/base-passwd/0002-Use-bin-sh-instead-of-bin-bash-for-the-root-user.patch
 rename meta/recipes-core/base-passwd/base-passwd/{noshadow.patch => 0003-Remove-for-root-since-we-do-not-have-an-etc-shadow.patch} (40%)
 rename meta/recipes-core/base-passwd/base-passwd/{input.patch => 0004-Add-an-input-group-for-the-dev-input-devices.patch} (42%)
 rename meta/recipes-core/base-passwd/base-passwd/{kvm.patch => 0005-Add-kvm-group.patch} (88%)
 rename meta/recipes-core/base-passwd/base-passwd/{disable-shell.patch => 0006-Disable-shell-for-default-users.patch} (96%)
 rename meta/recipes-core/base-passwd/base-passwd/{disable-docs.patch => 0007-Disable-generation-of-the-documentation.patch} (40%)
 delete mode 100644 meta/recipes-core/base-passwd/base-passwd/add_shutdown.patch
 delete mode 100644 meta/recipes-core/base-passwd/base-passwd/nobash.patch

diff --git a/meta/recipes-core/base-passwd/base-passwd/0001-Add-a-shutdown-group.patch b/meta/recipes-core/base-passwd/base-passwd/0001-Add-a-shutdown-group.patch
new file mode 100644
index 0000000000..e50efc9623
--- /dev/null
+++ b/meta/recipes-core/base-passwd/base-passwd/0001-Add-a-shutdown-group.patch
@@ -0,0 +1,26 @@
+From 8f3ace87df3aaad85946c22cae240532ea3e73b8 Mon Sep 17 00:00:00 2001
+From: Saul Wold <sgw@linux.intel.com>
+Date: Fri, 29 Apr 2022 13:32:27 +0000
+Subject: [PATCH] Add a shutdown group
+
+We need to have a shutdown group to allow the shutdown icon to work
+correctly. Any users that want to use shutdown like the xuser should
+be added to this group.
+
+Upstream-Status: Inappropriate [Embedded]
+Signed-off-by: Saul Wold <sgw@linux.intel.com>
+---
+ group.master | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/group.master b/group.master
+index ad1dd2d..1b5e2fb 100644
+--- a/group.master
++++ b/group.master
+@@ -35,5 +35,6 @@ sasl:*:45:
+ plugdev:*:46:
+ staff:*:50:
+ games:*:60:
++shutdown:*:70:
+ users:*:100:
+ nogroup:*:65534:
diff --git a/meta/recipes-core/base-passwd/base-passwd/0002-Use-bin-sh-instead-of-bin-bash-for-the-root-user.patch b/meta/recipes-core/base-passwd/base-passwd/0002-Use-bin-sh-instead-of-bin-bash-for-the-root-user.patch
new file mode 100644
index 0000000000..ea0256684b
--- /dev/null
+++ b/meta/recipes-core/base-passwd/base-passwd/0002-Use-bin-sh-instead-of-bin-bash-for-the-root-user.patch
@@ -0,0 +1,23 @@
+From 4411fc0df77566d52bee11ec0bad4be30a96e99e Mon Sep 17 00:00:00 2001
+From: Scott Garman <scott.a.garman@intel.com>
+Date: Fri, 29 Apr 2022 13:32:27 +0000
+Subject: [PATCH] Use /bin/sh instead of /bin/bash for the root user
+
+/bin/bash may not be included in some images such as minimal.
+
+Upstream-Status: Inappropriate [configuration]
+Signed-off-by: Scott Garman <scott.a.garman@intel.com>
+---
+ passwd.master | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/passwd.master b/passwd.master
+index a01a6aa..b54ff51 100644
+--- a/passwd.master
++++ b/passwd.master
+@@ -1,4 +1,4 @@
+-root:*:0:0:root:/root:/bin/bash
++root:*:0:0:root:/root:/bin/sh
+ daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+ bin:*:2:2:bin:/bin:/bin/sh
+ sys:*:3:3:sys:/dev:/bin/sh
diff --git a/meta/recipes-core/base-passwd/base-passwd/noshadow.patch b/meta/recipes-core/base-passwd/base-passwd/0003-Remove-for-root-since-we-do-not-have-an-etc-shadow.patch
similarity index 40%
rename from meta/recipes-core/base-passwd/base-passwd/noshadow.patch
rename to meta/recipes-core/base-passwd/base-passwd/0003-Remove-for-root-since-we-do-not-have-an-etc-shadow.patch
index e27bf7d9be..88cc5be66c 100644
--- a/meta/recipes-core/base-passwd/base-passwd/noshadow.patch
+++ b/meta/recipes-core/base-passwd/base-passwd/0003-Remove-for-root-since-we-do-not-have-an-etc-shadow.patch
@@ -1,11 +1,18 @@
-remove "*" for root since we don't have a /etc/shadow so far.
+From 13a1a284a134d18a454625a5b4485c0d99079ae9 Mon Sep 17 00:00:00 2001
+From: Scott Garman <scott.a.garman@intel.com>
+Date: Fri, 29 Apr 2022 13:32:28 +0000
+Subject: [PATCH] Remove "*" for root since we do not have an /etc/shadow
 
 Upstream-Status: Inappropriate [configuration]
-
 Signed-off-by: Scott Garman <scott.a.garman@intel.com>
+---
+ passwd.master | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
 
---- base-passwd/passwd.master~nobash
-+++ base-passwd/passwd.master
+diff --git a/passwd.master b/passwd.master
+index b54ff51..e1c32ff 100644
+--- a/passwd.master
++++ b/passwd.master
 @@ -1,4 +1,4 @@
 -root:*:0:0:root:/root:/bin/sh
 +root::0:0:root:/root:/bin/sh
diff --git a/meta/recipes-core/base-passwd/base-passwd/input.patch b/meta/recipes-core/base-passwd/base-passwd/0004-Add-an-input-group-for-the-dev-input-devices.patch
similarity index 42%
rename from meta/recipes-core/base-passwd/base-passwd/input.patch
rename to meta/recipes-core/base-passwd/base-passwd/0004-Add-an-input-group-for-the-dev-input-devices.patch
index 3abbcad5d5..394a0f01d3 100644
--- a/meta/recipes-core/base-passwd/base-passwd/input.patch
+++ b/meta/recipes-core/base-passwd/base-passwd/0004-Add-an-input-group-for-the-dev-input-devices.patch
@@ -1,17 +1,18 @@
-Add an input group for the /dev/input/* devices.
+From c5f012750f8102ff54af73ccc2d2b7bfa1f26db4 Mon Sep 17 00:00:00 2001
+From: Darren Hart <dvhart@linux.intel.com>
+Date: Fri, 29 Apr 2022 13:32:28 +0000
+Subject: [PATCH] Add an input group for the /dev/input/* devices
 
 Upstream-Status: Inappropriate [configuration]
-
 Signed-off-by: Darren Hart <dvhart@linux.intel.com>
-
 ---
- group.master |    1 +
+ group.master | 1 +
  1 file changed, 1 insertion(+)
 
-Index: base-passwd-3.5.26/group.master
-===================================================================
---- base-passwd-3.5.26.orig/group.master
-+++ base-passwd-3.5.26/group.master
+diff --git a/group.master b/group.master
+index 1b5e2fb..cea9d60 100644
+--- a/group.master
++++ b/group.master
 @@ -12,6 +12,7 @@ uucp:*:10:
  man:*:12:
  proxy:*:13:
diff --git a/meta/recipes-core/base-passwd/base-passwd/kvm.patch b/meta/recipes-core/base-passwd/base-passwd/0005-Add-kvm-group.patch
similarity index 88%
rename from meta/recipes-core/base-passwd/base-passwd/kvm.patch
rename to meta/recipes-core/base-passwd/base-passwd/0005-Add-kvm-group.patch
index 113d5151e7..72e6ee333c 100644
--- a/meta/recipes-core/base-passwd/base-passwd/kvm.patch
+++ b/meta/recipes-core/base-passwd/base-passwd/0005-Add-kvm-group.patch
@@ -1,4 +1,4 @@
-From 6355278b9f744291864c373a32a8da8f84aaaf37 Mon Sep 17 00:00:00 2001
+From 6cf19461fb31d7a7a3010629aae9aab49c26a01b Mon Sep 17 00:00:00 2001
 From: Jacob Kroon <jacob.kroon@gmail.com>
 Date: Wed, 30 Jan 2019 04:53:48 +0000
 Subject: [PATCH] Add kvm group
diff --git a/meta/recipes-core/base-passwd/base-passwd/disable-shell.patch b/meta/recipes-core/base-passwd/base-passwd/0006-Disable-shell-for-default-users.patch
similarity index 96%
rename from meta/recipes-core/base-passwd/base-passwd/disable-shell.patch
rename to meta/recipes-core/base-passwd/base-passwd/0006-Disable-shell-for-default-users.patch
index bfaa786018..2bcb829d9c 100644
--- a/meta/recipes-core/base-passwd/base-passwd/disable-shell.patch
+++ b/meta/recipes-core/base-passwd/base-passwd/0006-Disable-shell-for-default-users.patch
@@ -1,4 +1,4 @@
-From 91e0db96741359173ddf2be083aafcc1a3c32472 Mon Sep 17 00:00:00 2001
+From f35eb24213475d3024ad45297fd855c6abfbbac0 Mon Sep 17 00:00:00 2001
 From: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
 Date: Mon, 18 Apr 2022 11:22:43 +0800
 Subject: [PATCH] Disable shell for default users
@@ -52,6 +52,3 @@ index e1c32ff..0cd5ffd 100644
 +irc:*:39:39:ircd:/var/run/ircd:/sbin/nologin
 +gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/sbin/nologin
 +nobody:*:65534:65534:nobody:/nonexistent:/sbin/nologin
---
-2.32.0
-
diff --git a/meta/recipes-core/base-passwd/base-passwd/disable-docs.patch b/meta/recipes-core/base-passwd/base-passwd/0007-Disable-generation-of-the-documentation.patch
similarity index 40%
rename from meta/recipes-core/base-passwd/base-passwd/disable-docs.patch
rename to meta/recipes-core/base-passwd/base-passwd/0007-Disable-generation-of-the-documentation.patch
index 14c08b7484..4a19f91c35 100644
--- a/meta/recipes-core/base-passwd/base-passwd/disable-docs.patch
+++ b/meta/recipes-core/base-passwd/base-passwd/0007-Disable-generation-of-the-documentation.patch
@@ -1,14 +1,22 @@
-Disable documentation for now as it uses tools currently not supported
-by OE-Core. It uses sgmltools and po4a.
+From 7ccf8227cb10d78f1958a7a7feed75a390a6b133 Mon Sep 17 00:00:00 2001
+From: Saul Wold <sgw@linux.intel.com>
+Date: Fri, 29 Apr 2022 13:32:28 +0000
+Subject: [PATCH] Disable generation of the documentation
+
+It uses tools currently not supported by OE-Core. It uses sgmltools
+and po4a.
 
 Upstream-Status: Inappropriate [OE-Core specific]
 Signed-off-by: Saul Wold <sgw@linux.intel.com>
+---
+ Makefile.in | 3 ---
+ 1 file changed, 3 deletions(-)
 
-Index: base-passwd-3.5.28/Makefile.in
-===================================================================
---- base-passwd-3.5.28.orig/Makefile.in
-+++ base-passwd-3.5.28/Makefile.in
-@@ -25,13 +25,10 @@ gen_configure	= config.cache config.stat
+diff --git a/Makefile.in b/Makefile.in
+index 9ba097c..d3ea47c 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -25,13 +25,10 @@ gen_configure	= config.cache config.status config.log \
  		  confdefhs.h config.h Makefile
  
  all: update-passwd
diff --git a/meta/recipes-core/base-passwd/base-passwd/add_shutdown.patch b/meta/recipes-core/base-passwd/base-passwd/add_shutdown.patch
deleted file mode 100644
index 5f357d8895..0000000000
--- a/meta/recipes-core/base-passwd/base-passwd/add_shutdown.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-
-We need to have a shutdown group to allow the shutdown icon
-to work correctly. Any users that want to use shutdown like
-the xuser should be added to this group.
-
-Upstream-Status: Inappropriate [Embedded]
-
-Signed-off-by: Saul Wold <sgw@linux.intel.com>
-Index: base-passwd-3.5.26/group.master
-===================================================================
---- base-passwd-3.5.26.orig/group.master
-+++ base-passwd-3.5.26/group.master
-@@ -36,5 +36,6 @@ sasl:*:45:
- plugdev:*:46:
- staff:*:50:
- games:*:60:
-+shutdown:*:70:
- users:*:100:
- nogroup:*:65534:
diff --git a/meta/recipes-core/base-passwd/base-passwd/nobash.patch b/meta/recipes-core/base-passwd/base-passwd/nobash.patch
deleted file mode 100644
index b5a692295b..0000000000
--- a/meta/recipes-core/base-passwd/base-passwd/nobash.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-use /bin/sh instead of /bin/bash, since the latter may not be included in
-some images such as minimal
-
-Upstream-Status: Inappropriate [configuration]
-
-Signed-off-by: Scott Garman <scott.a.garman@intel.com>
-
---- base-passwd/passwd.master~nobash
-+++ base-passwd/passwd.master
-@@ -1,4 +1,4 @@
--root:*:0:0:root:/root:/bin/bash
-+root:*:0:0:root:/root:/bin/sh
- daemon:*:1:1:daemon:/usr/sbin:/bin/sh
- bin:*:2:2:bin:/bin:/bin/sh
- sys:*:3:3:sys:/dev:/bin/sh
diff --git a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb b/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
index ef7792ae49..e561599136 100644
--- a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
+++ b/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
@@ -8,13 +8,13 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a"
 RECIPE_NO_UPDATE_REASON = "Version 3.5.38 requires cdebconf for update-passwd utility"
 
 SRC_URI = "https://launchpad.net/debian/+archive/primary/+files/${BPN}_${PV}.tar.gz \
-           file://add_shutdown.patch \
-           file://nobash.patch \
-           file://noshadow.patch \
-           file://input.patch \
-           file://disable-docs.patch \
-           file://kvm.patch \
-           file://disable-shell.patch \
+           file://0001-Add-a-shutdown-group.patch \
+           file://0002-Use-bin-sh-instead-of-bin-bash-for-the-root-user.patch \
+           file://0003-Remove-for-root-since-we-do-not-have-an-etc-shadow.patch \
+           file://0004-Add-an-input-group-for-the-dev-input-devices.patch \
+           file://0005-Add-kvm-group.patch \
+           file://0006-Disable-shell-for-default-users.patch \
+           file://0007-Disable-generation-of-the-documentation.patch \
            "
 
 SRC_URI[md5sum] = "6beccac48083fe8ae5048acd062e5421"

From patchwork Tue Dec 17 20:54:56 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 54265
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 97437E77189
	for <webhook@archiver.kernel.org>; Tue, 17 Dec 2024 20:55:30 +0000 (UTC)
Received: from mail-pf1-f178.google.com (mail-pf1-f178.google.com
 [209.85.210.178])
 by mx.groups.io with SMTP id smtpd.web10.91468.1734468926833834155
 for <openembedded-core@lists.openembedded.org>;
 Tue, 17 Dec 2024 12:55:26 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=GhQ4jDox;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.178,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f178.google.com with SMTP id
 d2e1a72fcca58-725dac69699so5060542b3a.0
        for <openembedded-core@lists.openembedded.org>;
 Tue, 17 Dec 2024 12:55:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1734468926;
 x=1735073726; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=epEg/UvaRoqYhOK10qEzATAms6mZ4cvRE30/L4q48Gc=;
        b=GhQ4jDoxTB+5I5GM4iwlRPlwib7ua9yziGqS50ibK8cMBMdB5mW9COG9RZTiouM/1a
         1Inje5/TXexz3six9MsOwR/VP7fKGalQBh+Sg3NGFlQXm9Lw1qb0GUptpQZE8NYqTdFi
         1L9YGsQegGWMLqcf9wCmUqkT2Eh5k2mxyZPj2uivXTWp0VMxB+UC6uhKmoJfDG+hUKw0
         MByT4QuvBES4eYJ6fdyqUCk831+YvE748GiW4EOmmDpPENIevPc2n+dqU5KWY9D2lnf4
         kb4UtdEqR9o3tJtfMUU0odAFqa8Rmze5+Lql0O2IFBhyYu2FVHdxmDAD8nzuMOGSYCNJ
         uFuw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1734468926; x=1735073726;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=epEg/UvaRoqYhOK10qEzATAms6mZ4cvRE30/L4q48Gc=;
        b=wglOTSXgZzsZp6OvTbdx7C3BAbNi9Ujqth7rSV6Oa57qFepS/4LUNLaglQ1sklquJm
         4uO/xg9FWbir0xOh4hq1k5MQ0Dm0zHhJNg3dEX+WA5s9k1o5oO3+WczPdREFb+b/3Bvw
         Zf5KJ4V3QLKYlnS0yoGWJtGNKwom1SpSRxXxr8Dcj9zFiHs+02Jdo1D3R33nRMaaRx0C
         F/Qzd/boL8zsFA8/XmLUa12RE7mYvTrAbWhY3L3lu2nQFejQ7auK5pyyGWioOa6XQhsf
         EDBW7GaHBqcgqM2YpYh8/SQHLDVZtmh8iiDhJ67FXGsGqjm3TUZyct1nh6/kyUupmhJc
         Jo4g==
X-Gm-Message-State: AOJu0YzNQJtgCjZ5GNyRl0WvyzSh/vRup2y2SVVkjgDuEA+5+wpBhI9s
	UWkY8dGDmWYDpG8AznrTXyg7y09Aa07pSDyxc9Vazshp2tlSY30Q5a6cGgDldfPQu2ZpKM0j1Za
	i
X-Gm-Gg: ASbGnctZ2d5m4k4t2NQpVTysx4mCWpy9CTYEj3RFsc7QMdE5R9jLCMdURrO3U6f95sU
	LjxXzKU75EANLJdoW3BxEloPuxMBnS0BdcblrvAnRerMOEEPou/gE610AweInaTfhfMNGFKnqEE
	fG9xwcfQfsuA96IcBMkYUk14daDZ9IuOOXvEKMzBDg/1s8DIVS8suTKk4/3nWhvxS6An6uEyW++
	jX3qfEd3QHBcytpSXk3Lo/fJk2qMoBd6XBS3UOeWqVdpQ==
X-Google-Smtp-Source: 
 AGHT+IGVO0Rxn5IRD1REnnfu0lQMm6EaSmWfzJsWvs5Ug56gXCWV+2RIYMWYP8R1aOQBzFBBIE1Ccw==
X-Received: by 2002:a05:6a21:7789:b0:1e1:a434:295e with SMTP id
 adf61e73a8af0-1e5b48a1aa7mr604352637.43.1734468925750;
        Tue, 17 Dec 2024 12:55:25 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-72918ad5bc5sm7353294b3a.69.2024.12.17.12.55.25
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 17 Dec 2024 12:55:25 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 5/9] base-passwd: Update to 3.5.52
Date: Tue, 17 Dec 2024 12:54:56 -0800
Message-Id: 
 <6e1dafe445a7ab3638edf27e8186386d961ccad8.1734468756.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1734468756.git.steve@sakoman.com>
References: <cover.1734468756.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 17 Dec 2024 20:55:30 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/208851

From: Peter Kjellerstedt <peter.kjellerstedt@axis.com>

* Add a patch to allow the use of debconf to be disabled.
* Replace 0007-Disable-generation-of-the-documentation.patch with a new
  patch to disable the generation of the documentation using a
  configuration option.
* Replace 0006-Disable-shell-for-default-users.patch with a sed
  expression that uses a variable, NOLOGIN, to specify what command to
  use for users that are not expected to login. This allows to use some
  other command than "nologin", e.g., "false". Also, by using
  ${base_sbindir}, it adheres to usrmerge being configured.

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e7abf63cc8bdc61c8d978b3c21a38e17716fc292)
Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...nstead-of-bin-bash-for-the-root-user.patch |   8 +-
 ...t-since-we-do-not-have-an-etc-shadow.patch |   8 +-
 ...0006-Disable-shell-for-default-users.patch |  54 --------
 ...ble-to-build-without-debconf-support.patch | 129 ++++++++++++++++++
 ...able-generation-of-the-documentation.patch |  32 -----
 ...-to-disable-the-generation-of-the-do.patch |  46 +++++++
 ...passwd_3.5.29.bb => base-passwd_3.5.52.bb} |  18 ++-
 7 files changed, 194 insertions(+), 101 deletions(-)
 delete mode 100644 meta/recipes-core/base-passwd/base-passwd/0006-Disable-shell-for-default-users.patch
 create mode 100644 meta/recipes-core/base-passwd/base-passwd/0006-Make-it-possible-to-build-without-debconf-support.patch
 delete mode 100644 meta/recipes-core/base-passwd/base-passwd/0007-Disable-generation-of-the-documentation.patch
 create mode 100644 meta/recipes-core/base-passwd/base-passwd/0007-Make-it-possible-to-disable-the-generation-of-the-do.patch
 rename meta/recipes-core/base-passwd/{base-passwd_3.5.29.bb => base-passwd_3.5.52.bb} (89%)

diff --git a/meta/recipes-core/base-passwd/base-passwd/0002-Use-bin-sh-instead-of-bin-bash-for-the-root-user.patch b/meta/recipes-core/base-passwd/base-passwd/0002-Use-bin-sh-instead-of-bin-bash-for-the-root-user.patch
index ea0256684b..09f8cfea9c 100644
--- a/meta/recipes-core/base-passwd/base-passwd/0002-Use-bin-sh-instead-of-bin-bash-for-the-root-user.patch
+++ b/meta/recipes-core/base-passwd/base-passwd/0002-Use-bin-sh-instead-of-bin-bash-for-the-root-user.patch
@@ -12,12 +12,12 @@ Signed-off-by: Scott Garman <scott.a.garman@intel.com>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/passwd.master b/passwd.master
-index a01a6aa..b54ff51 100644
+index 7cd4e24..041685a 100644
 --- a/passwd.master
 +++ b/passwd.master
 @@ -1,4 +1,4 @@
 -root:*:0:0:root:/root:/bin/bash
 +root:*:0:0:root:/root:/bin/sh
- daemon:*:1:1:daemon:/usr/sbin:/bin/sh
- bin:*:2:2:bin:/bin:/bin/sh
- sys:*:3:3:sys:/dev:/bin/sh
+ daemon:*:1:1:daemon:/usr/sbin:/usr/sbin/nologin
+ bin:*:2:2:bin:/bin:/usr/sbin/nologin
+ sys:*:3:3:sys:/dev:/usr/sbin/nologin
diff --git a/meta/recipes-core/base-passwd/base-passwd/0003-Remove-for-root-since-we-do-not-have-an-etc-shadow.patch b/meta/recipes-core/base-passwd/base-passwd/0003-Remove-for-root-since-we-do-not-have-an-etc-shadow.patch
index 88cc5be66c..06222ab04c 100644
--- a/meta/recipes-core/base-passwd/base-passwd/0003-Remove-for-root-since-we-do-not-have-an-etc-shadow.patch
+++ b/meta/recipes-core/base-passwd/base-passwd/0003-Remove-for-root-since-we-do-not-have-an-etc-shadow.patch
@@ -10,12 +10,12 @@ Signed-off-by: Scott Garman <scott.a.garman@intel.com>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/passwd.master b/passwd.master
-index b54ff51..e1c32ff 100644
+index 041685a..31a84d4 100644
 --- a/passwd.master
 +++ b/passwd.master
 @@ -1,4 +1,4 @@
 -root:*:0:0:root:/root:/bin/sh
 +root::0:0:root:/root:/bin/sh
- daemon:*:1:1:daemon:/usr/sbin:/bin/sh
- bin:*:2:2:bin:/bin:/bin/sh
- sys:*:3:3:sys:/dev:/bin/sh
+ daemon:*:1:1:daemon:/usr/sbin:/usr/sbin/nologin
+ bin:*:2:2:bin:/bin:/usr/sbin/nologin
+ sys:*:3:3:sys:/dev:/usr/sbin/nologin
diff --git a/meta/recipes-core/base-passwd/base-passwd/0006-Disable-shell-for-default-users.patch b/meta/recipes-core/base-passwd/base-passwd/0006-Disable-shell-for-default-users.patch
deleted file mode 100644
index 2bcb829d9c..0000000000
--- a/meta/recipes-core/base-passwd/base-passwd/0006-Disable-shell-for-default-users.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From f35eb24213475d3024ad45297fd855c6abfbbac0 Mon Sep 17 00:00:00 2001
-From: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
-Date: Mon, 18 Apr 2022 11:22:43 +0800
-Subject: [PATCH] Disable shell for default users
-
-Change the shell of all global static users other than root (which
-retains /bin/sh) and sync (as /bin/sync is rather harmless) to
-/sbin/nologin (as /usr/sbin/nologin does not exist in openembedded)
-
-Upstream-Status: Backport [https://launchpad.net/ubuntu/+source/base-passwd/3.5.30]
-Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
----
- passwd.master | 32 ++++++++++++++++----------------
- 1 file changed, 16 insertions(+), 16 deletions(-)
-
-diff --git a/passwd.master b/passwd.master
-index e1c32ff..0cd5ffd 100644
---- a/passwd.master
-+++ b/passwd.master
-@@ -1,18 +1,18 @@
- root::0:0:root:/root:/bin/sh
--daemon:*:1:1:daemon:/usr/sbin:/bin/sh
--bin:*:2:2:bin:/bin:/bin/sh
--sys:*:3:3:sys:/dev:/bin/sh
-+daemon:*:1:1:daemon:/usr/sbin:/sbin/nologin
-+bin:*:2:2:bin:/bin:/sbin/nologin
-+sys:*:3:3:sys:/dev:/sbin/nologin
- sync:*:4:65534:sync:/bin:/bin/sync
--games:*:5:60:games:/usr/games:/bin/sh
--man:*:6:12:man:/var/cache/man:/bin/sh
--lp:*:7:7:lp:/var/spool/lpd:/bin/sh
--mail:*:8:8:mail:/var/mail:/bin/sh
--news:*:9:9:news:/var/spool/news:/bin/sh
--uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
--proxy:*:13:13:proxy:/bin:/bin/sh
--www-data:*:33:33:www-data:/var/www:/bin/sh
--backup:*:34:34:backup:/var/backups:/bin/sh
--list:*:38:38:Mailing List Manager:/var/list:/bin/sh
--irc:*:39:39:ircd:/var/run/ircd:/bin/sh
--gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
--nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
-+games:*:5:60:games:/usr/games:/sbin/nologin
-+man:*:6:12:man:/var/cache/man:/sbin/nologin
-+lp:*:7:7:lp:/var/spool/lpd:/sbin/nologin
-+mail:*:8:8:mail:/var/mail:/sbin/nologin
-+news:*:9:9:news:/var/spool/news:/sbin/nologin
-+uucp:*:10:10:uucp:/var/spool/uucp:/sbin/nologin
-+proxy:*:13:13:proxy:/bin:/sbin/nologin
-+www-data:*:33:33:www-data:/var/www:/sbin/nologin
-+backup:*:34:34:backup:/var/backups:/sbin/nologin
-+list:*:38:38:Mailing List Manager:/var/list:/sbin/nologin
-+irc:*:39:39:ircd:/var/run/ircd:/sbin/nologin
-+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/sbin/nologin
-+nobody:*:65534:65534:nobody:/nonexistent:/sbin/nologin
diff --git a/meta/recipes-core/base-passwd/base-passwd/0006-Make-it-possible-to-build-without-debconf-support.patch b/meta/recipes-core/base-passwd/base-passwd/0006-Make-it-possible-to-build-without-debconf-support.patch
new file mode 100644
index 0000000000..61ed1641a1
--- /dev/null
+++ b/meta/recipes-core/base-passwd/base-passwd/0006-Make-it-possible-to-build-without-debconf-support.patch
@@ -0,0 +1,129 @@
+From 236d6c8c0dd7e15d9a9795813b94bc87ce09eec5 Mon Sep 17 00:00:00 2001
+From: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
+Date: Fri, 29 Apr 2022 19:32:29 +0200
+Subject: [PATCH] Make it possible to build without debconf support
+
+Not all systems have the debconfclient library available.
+
+Upstream-Status: Submitted [https://salsa.debian.org/debian/base-passwd/-/merge_requests/11]
+Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
+---
+ Makefile.am     |  1 -
+ configure.ac    | 13 +++++++++++++
+ update-passwd.c | 15 +++++++++++++++
+ 3 files changed, 28 insertions(+), 1 deletion(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index 223916f..4bdd769 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -3,7 +3,6 @@ SUBDIRS = doc man
+ sbin_PROGRAMS = update-passwd
+ 
+ update_passwd_SOURCES = update-passwd.c
+-update_passwd_LDADD = -ldebconfclient
+ 
+ pkgdata_DATA = passwd.master group.master
+ 
+diff --git a/configure.ac b/configure.ac
+index 9d1ace5..1e35ad1 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -14,6 +14,19 @@ AC_SYS_LARGEFILE
+ dnl Scan for things we need
+ AC_CHECK_FUNCS([putgrent])
+ 
++dnl Check for debconf
++AC_MSG_CHECKING([whether to enable debconf support])
++AC_ARG_ENABLE([debconf],
++  [AS_HELP_STRING([--disable-debconf], [disable support for debconf])],
++  [],
++  [enable_debconf=yes])
++AC_MSG_RESULT($enable_debconf)
++AS_IF([test "x$enable_debconf" != xno],
++  [AC_CHECK_LIB([debconfclient], [debconfclient_new], [],
++    [AC_MSG_ERROR(
++      [debconf support not available (use --disable-debconf to disable)])])
++   AC_DEFINE([HAVE_DEBCONF], [1], [Define if you have libdebconfclient])])
++
+ dnl Finally output everything
+ AC_CONFIG_FILES([Makefile doc/Makefile man/Makefile])
+ AC_OUTPUT
+diff --git a/update-passwd.c b/update-passwd.c
+index 3f3dffa..5b49740 100644
+--- a/update-passwd.c
++++ b/update-passwd.c
+@@ -39,7 +39,9 @@
+ #include <stdarg.h>
+ #include <ctype.h>
+ 
++#ifdef HAVE_DEBCONF
+ #include <cdebconf/debconfclient.h>
++#endif
+ 
+ #define DEFAULT_PASSWD_MASTER	"/usr/share/base-passwd/passwd.master"
+ #define DEFAULT_GROUP_MASTER	"/usr/share/base-passwd/group.master"
+@@ -143,6 +145,7 @@ int		flag_debconf	= 0;
+ const char*	user_domain	= DEFAULT_DEBCONF_DOMAIN;
+ const char*	group_domain	= DEFAULT_DEBCONF_DOMAIN;
+ 
++#ifdef HAVE_DEBCONF
+ struct debconfclient*	debconf	= NULL;
+ 
+ /* Abort the program if talking to debconf fails.  Use ret exactly once. */
+@@ -162,6 +165,10 @@ struct debconfclient*	debconf	= NULL;
+     DEBCONF_CHECK(debconf_register(debconf, (template), (question)))
+ #define DEBCONF_SUBST(question, var, value) \
+     DEBCONF_CHECK(debconf_subst(debconf, (question), (var), (value)))
++#else
++#define DEBCONF_REGISTER(template, question)
++#define DEBCONF_SUBST(question, var, value)
++#endif
+ 
+ 
+ /* malloc() with out-of-memory checking.
+@@ -621,6 +628,7 @@ void version() {
+  * flag.  Aborts the problem on any failure.
+  */
+ int ask_debconf(const char* priority, const char* question) {
++#ifdef HAVE_DEBCONF
+     int		ret;
+     const char*	response;
+ 
+@@ -640,6 +648,9 @@ int ask_debconf(const char* priority, const char* question) {
+ 	return 1;
+     else
+ 	return 0;
++#else
++	return 0;
++#endif
+ }
+ 
+ 
+@@ -1427,6 +1438,7 @@ int main(int argc, char** argv) {
+     /* If DEBIAN_HAS_FRONTEND is set in the environment, we're running under
+      * debconf.  Enable debconf prompting unless --dry-run was also given.
+      */
++#ifdef HAVE_DEBCONF
+     if (getenv("DEBIAN_HAS_FRONTEND")!=NULL && !opt_dryrun) {
+ 	debconf=debconfclient_new();
+ 	if (debconf==NULL) {
+@@ -1435,6 +1447,7 @@ int main(int argc, char** argv) {
+ 	}
+ 	flag_debconf=1;
+     }
++#endif
+ 
+     if (read_passwd(&master_accounts, master_passwd)!=0)
+ 	return 2;
+@@ -1480,8 +1493,10 @@ int main(int argc, char** argv) {
+ 	if (!unlock_files())
+ 	    return 5;
+ 
++#ifdef HAVE_DEBCONF
+     if (debconf!=NULL)
+ 	debconfclient_delete(debconf);
++#endif
+ 
+     if (opt_dryrun)
+ 	return flag_dirty;
diff --git a/meta/recipes-core/base-passwd/base-passwd/0007-Disable-generation-of-the-documentation.patch b/meta/recipes-core/base-passwd/base-passwd/0007-Disable-generation-of-the-documentation.patch
deleted file mode 100644
index 4a19f91c35..0000000000
--- a/meta/recipes-core/base-passwd/base-passwd/0007-Disable-generation-of-the-documentation.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 7ccf8227cb10d78f1958a7a7feed75a390a6b133 Mon Sep 17 00:00:00 2001
-From: Saul Wold <sgw@linux.intel.com>
-Date: Fri, 29 Apr 2022 13:32:28 +0000
-Subject: [PATCH] Disable generation of the documentation
-
-It uses tools currently not supported by OE-Core. It uses sgmltools
-and po4a.
-
-Upstream-Status: Inappropriate [OE-Core specific]
-Signed-off-by: Saul Wold <sgw@linux.intel.com>
----
- Makefile.in | 3 ---
- 1 file changed, 3 deletions(-)
-
-diff --git a/Makefile.in b/Makefile.in
-index 9ba097c..d3ea47c 100644
---- a/Makefile.in
-+++ b/Makefile.in
-@@ -25,13 +25,10 @@ gen_configure	= config.cache config.status config.log \
- 		  confdefhs.h config.h Makefile
- 
- all: update-passwd
--	$(MAKE) -C doc all
--	$(MAKE) -C man all
- 
- install: all
- 	mkdir -p $(DESTDIR)$(sbindir)
- 	$(INSTALL) update-passwd $(DESTDIR)$(sbindir)/
--	$(MAKE) -C man install
- 
- update-passwd.o: version.h
- 
diff --git a/meta/recipes-core/base-passwd/base-passwd/0007-Make-it-possible-to-disable-the-generation-of-the-do.patch b/meta/recipes-core/base-passwd/base-passwd/0007-Make-it-possible-to-disable-the-generation-of-the-do.patch
new file mode 100644
index 0000000000..2bec065cdb
--- /dev/null
+++ b/meta/recipes-core/base-passwd/base-passwd/0007-Make-it-possible-to-disable-the-generation-of-the-do.patch
@@ -0,0 +1,46 @@
+From 63e8270141a296843cfe1daba38e1969ac6d75ae Mon Sep 17 00:00:00 2001
+From: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
+Date: Sat, 30 Apr 2022 00:35:34 +0200
+Subject: [PATCH] Make it possible to disable the generation of the
+ documentation
+
+Not all systems have docbook and po4a available.
+
+Upstream-Status: Submitted [https://salsa.debian.org/debian/base-passwd/-/merge_requests/11]
+Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
+---
+ Makefile.am  | 2 ++
+ configure.ac | 9 +++++++++
+ 2 files changed, 11 insertions(+)
+
+diff --git a/Makefile.am b/Makefile.am
+index 4bdd769..97b4f42 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -1,4 +1,6 @@
++if ENABLE_DOCS
+ SUBDIRS = doc man
++endif
+ 
+ sbin_PROGRAMS = update-passwd
+ 
+diff --git a/configure.ac b/configure.ac
+index 1e35ad1..b98374e 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -27,6 +27,15 @@ AS_IF([test "x$enable_debconf" != xno],
+       [debconf support not available (use --disable-debconf to disable)])])
+    AC_DEFINE([HAVE_DEBCONF], [1], [Define if you have libdebconfclient])])
+ 
++dnl Check whether to build the documentation 
++AC_MSG_CHECKING([whether to build the documentation])
++AC_ARG_ENABLE([docs],
++  [AC_HELP_STRING([--disable-docs], [do not build and install documentation])],
++  [],
++  [enable_docs=yes])
++AC_MSG_RESULT($enable_docs)
++AM_CONDITIONAL(ENABLE_DOCS, test "x$enable_docs" = xyes)
++
+ dnl Finally output everything
+ AC_CONFIG_FILES([Makefile doc/Makefile man/Makefile])
+ AC_OUTPUT
diff --git a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb b/meta/recipes-core/base-passwd/base-passwd_3.5.52.bb
similarity index 89%
rename from meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
rename to meta/recipes-core/base-passwd/base-passwd_3.5.52.bb
index e561599136..f89752c077 100644
--- a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
+++ b/meta/recipes-core/base-passwd/base-passwd_3.5.52.bb
@@ -5,27 +5,30 @@ SECTION = "base"
 LICENSE = "GPL-2.0-only"
 LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a"
 
-RECIPE_NO_UPDATE_REASON = "Version 3.5.38 requires cdebconf for update-passwd utility"
-
-SRC_URI = "https://launchpad.net/debian/+archive/primary/+files/${BPN}_${PV}.tar.gz \
+SRC_URI = "https://launchpad.net/debian/+archive/primary/+files/${BPN}_${PV}.tar.xz \
            file://0001-Add-a-shutdown-group.patch \
            file://0002-Use-bin-sh-instead-of-bin-bash-for-the-root-user.patch \
            file://0003-Remove-for-root-since-we-do-not-have-an-etc-shadow.patch \
            file://0004-Add-an-input-group-for-the-dev-input-devices.patch \
            file://0005-Add-kvm-group.patch \
-           file://0006-Disable-shell-for-default-users.patch \
-           file://0007-Disable-generation-of-the-documentation.patch \
+           file://0006-Make-it-possible-to-build-without-debconf-support.patch \
+           file://0007-Make-it-possible-to-disable-the-generation-of-the-do.patch \
            "
 
-SRC_URI[md5sum] = "6beccac48083fe8ae5048acd062e5421"
-SRC_URI[sha256sum] = "f0b66388b2c8e49c15692439d2bee63bcdd4bbbf7a782c7f64accc55986b6a36"
+SRC_URI[sha256sum] = "5dfec6556b5a16ecf14dd3f7c95b591d929270289268123f31a3d6317f95ccea"
 
 # the package is taken from launchpad; that source is static and goes stale
 # so we check the latest upstream from a directory that does get updated
 UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/b/base-passwd/"
 
+S = "${WORKDIR}/work"
+
 inherit autotools
 
+EXTRA_OECONF += "--disable-debconf --disable-docs"
+
+NOLOGIN ?= "${base_sbindir}/nologin"
+
 do_install () {
 	install -d -m 755 ${D}${sbindir}
 	install -o root -g root -p -m 755 ${B}/update-passwd ${D}${sbindir}/
@@ -37,6 +40,7 @@ do_install () {
 	install -d -m 755 ${D}${datadir}/base-passwd
 	install -o root -g root -p -m 644 ${S}/passwd.master ${D}${datadir}/base-passwd/
 	sed -i 's#:/root:#:${ROOT_HOME}:#' ${D}${datadir}/base-passwd/passwd.master
+	sed -i 's#/usr/sbin/nologin#${NOLOGIN}#' ${D}${datadir}/base-passwd/passwd.master
 	install -o root -g root -p -m 644 ${S}/group.master ${D}${datadir}/base-passwd/
 
 	install -d -m 755 ${D}${docdir}/${BPN}

From patchwork Tue Dec 17 20:54:57 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 54261
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 8202BE77184
	for <webhook@archiver.kernel.org>; Tue, 17 Dec 2024 20:55:30 +0000 (UTC)
Received: from mail-pf1-f178.google.com (mail-pf1-f178.google.com
 [209.85.210.178])
 by mx.groups.io with SMTP id smtpd.web11.91805.1734468927883110204
 for <openembedded-core@lists.openembedded.org>;
 Tue, 17 Dec 2024 12:55:27 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=vDLRL6uI;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.178,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f178.google.com with SMTP id
 d2e1a72fcca58-728f28744c5so5364544b3a.1
        for <openembedded-core@lists.openembedded.org>;
 Tue, 17 Dec 2024 12:55:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1734468927;
 x=1735073727; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=zI3+eTbEVDAgCfm5eO4/6Ei6247N9xzFs6dU5gxOS2E=;
        b=vDLRL6uIi11aMMv20/sFDe1dbKbNwzMBPvERz7P+c9AwfCa9nWojNVmiaWfv1QIGqi
         emaU/Fk8DakFnBmE4MU4L3X0H5E46XoC4yjCCDSpPiQ2/blApTQDx1oyT/+oGCbFTMj3
         Wf6bQqCEnPuf1w6hwtx/oH2w+0EhLIVUE73g96SRq06sgnmNBYhBVaBxAEoRZw+409n2
         4Yy9/HsF9ETC5KTo6aqdFq4iFdw+if8bzIpBHNeqBXvyi8GIwgw+WrJad6X2ljUZD/KP
         XbSEG5jqbdLOSL/5o147HctbzCW3r8Xv2DehDUDzqmnu9xafzV+M9WkJVVrSZIQMB/2t
         ipHQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1734468927; x=1735073727;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=zI3+eTbEVDAgCfm5eO4/6Ei6247N9xzFs6dU5gxOS2E=;
        b=txg5RV6MbxtOCacQo2vEMZwpdeVjd3TbcYVy/SBj7e2Q7VPqYaFjbcwqne2EUzuIZ0
         g4YUqRdj7ubqZfpv8uAQrmwFz91E7kdlWQVZ9L9oQPZEKsrELBNUv9DHCiom6kqp8Biw
         sjxyppMURG/a/ajpxIX7ZuUrsUF+2mZYlTXWLY3aH5A+TmuVIlb8Lz/plSk+2MhPhRwj
         W3TLwDW0in/lytboTPybV0DmWOFv/Z1puYJrIeYsCwEofHm1/X1/OdDbgbYOWBysyil9
         xjn7PtyM6jgr7e8dfr1nXo23ZzfZ1h6/48PC3TcI6BoiP4lmWkTIoe8ad2pYOU/Apr8H
         VWpw==
X-Gm-Message-State: AOJu0YwaraRFUB6n0JxunbPDSbKg5KRoIJFfmSngPA5HyPGtEY1wQTqQ
	poa2ruKzguNSmjcbZDgKTBJOfFzGezWYe0g8seroZS9JMcDjwCduRJUeckky3bjiwipTF4xxrDz
	m
X-Gm-Gg: ASbGncvbC5+IssGxIby9mtpwGYptxPWB1iEzMQYEZsQpIx1PYSGN1Jwon2i3up7ksmF
	L7s3EqGhxmEgVeC8JMIRlAZqgHfmHF+Hb/ZxSlpQ5TSzy7742cIJ35BKc9yWNqG1GMQVkiXQdnk
	cx6BqkEcStx5k/JCccftHckgdMVREvx8VX0bAnvdrH6msnBdhgFoCsXMR2YyaMpSQicYGyuypzF
	mNnMCjs/6p0bWkALDFLBANcEvbVKY4zXjrGTr602D+TTg==
X-Google-Smtp-Source: 
 AGHT+IE353cUW/m3woC4CPr3sAXOat7sBZWS9STdr8+whBr3qEvEfS5qwJP9+8oy6BsPgCYnflPilQ==
X-Received: by 2002:a05:6a00:8008:b0:726:41e:b310 with SMTP id
 d2e1a72fcca58-72a8d24a875mr567945b3a.12.1734468927130;
        Tue, 17 Dec 2024 12:55:27 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-72918ad5bc5sm7353294b3a.69.2024.12.17.12.55.26
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 17 Dec 2024 12:55:26 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 6/9] base-passwd: Update the status for two
 patches
Date: Tue, 17 Dec 2024 12:54:57 -0800
Message-Id: 
 <d3cb6839a7a6ed32f33af315f36f19d7b10d5da5.1734468756.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1734468756.git.steve@sakoman.com>
References: <cover.1734468756.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 17 Dec 2024 20:55:30 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/208852

From: Peter Kjellerstedt <peter.kjellerstedt@axis.com>

The two patches to disable use of debconf and generation of
documentation have been merged upstream.

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit aca8844d7c05b4ba937625e59275d3f7953d3da7)
Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...0006-Make-it-possible-to-build-without-debconf-support.patch | 2 +-
 ...7-Make-it-possible-to-disable-the-generation-of-the-do.patch | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-core/base-passwd/base-passwd/0006-Make-it-possible-to-build-without-debconf-support.patch b/meta/recipes-core/base-passwd/base-passwd/0006-Make-it-possible-to-build-without-debconf-support.patch
index 61ed1641a1..6e236993f5 100644
--- a/meta/recipes-core/base-passwd/base-passwd/0006-Make-it-possible-to-build-without-debconf-support.patch
+++ b/meta/recipes-core/base-passwd/base-passwd/0006-Make-it-possible-to-build-without-debconf-support.patch
@@ -5,7 +5,7 @@ Subject: [PATCH] Make it possible to build without debconf support
 
 Not all systems have the debconfclient library available.
 
-Upstream-Status: Submitted [https://salsa.debian.org/debian/base-passwd/-/merge_requests/11]
+Upstream-Status: Backport [https://salsa.debian.org/debian/base-passwd/-/commit/c72aa5dd25a952da25e307761f4526db2c8c39ec]
 Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
 ---
  Makefile.am     |  1 -
diff --git a/meta/recipes-core/base-passwd/base-passwd/0007-Make-it-possible-to-disable-the-generation-of-the-do.patch b/meta/recipes-core/base-passwd/base-passwd/0007-Make-it-possible-to-disable-the-generation-of-the-do.patch
index 2bec065cdb..5c63599143 100644
--- a/meta/recipes-core/base-passwd/base-passwd/0007-Make-it-possible-to-disable-the-generation-of-the-do.patch
+++ b/meta/recipes-core/base-passwd/base-passwd/0007-Make-it-possible-to-disable-the-generation-of-the-do.patch
@@ -6,7 +6,7 @@ Subject: [PATCH] Make it possible to disable the generation of the
 
 Not all systems have docbook and po4a available.
 
-Upstream-Status: Submitted [https://salsa.debian.org/debian/base-passwd/-/merge_requests/11]
+Upstream-Status: Backport [https://salsa.debian.org/debian/base-passwd/-/commit/2a6d16e595c93084e279d0dcbef37d960b44fd1a]
 Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
 ---
  Makefile.am  | 2 ++

From patchwork Tue Dec 17 20:54:58 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 54262
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 850F1E77188
	for <webhook@archiver.kernel.org>; Tue, 17 Dec 2024 20:55:30 +0000 (UTC)
Received: from mail-pf1-f181.google.com (mail-pf1-f181.google.com
 [209.85.210.181])
 by mx.groups.io with SMTP id smtpd.web10.91469.1734468929359035510
 for <openembedded-core@lists.openembedded.org>;
 Tue, 17 Dec 2024 12:55:29 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=K1RcZV36;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.181,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f181.google.com with SMTP id
 d2e1a72fcca58-728ea1573c0so5045170b3a.0
        for <openembedded-core@lists.openembedded.org>;
 Tue, 17 Dec 2024 12:55:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1734468928;
 x=1735073728; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=c4xeq3ZMMGhk/FnEpgO8e6Czls9Wy1A312FsBq9FL0I=;
        b=K1RcZV36LU7dh0O/ikidUJc5nJC02A6bcnLbq0mCCGhwM4sQa1UfHpwe8BMLvaG7Kq
         +9YXnsNXUQd55fGWRlaUxpbjR/2R1wCcYD8HM9nZcgd5pziY16w1QpZBeRpr/iiYwsoJ
         BMC3Oghsq+NzSZyC9l7oLbXYd6Ba0qNeMuWp7ygwrJQLmoAtp4y7Ddhnt0S7zoc0nWNC
         xzrHLR+iX0R9OQM6qBmQ3qdcJQjprs8mSWt5PgFArZ5VLC0Mmn/a1YlT00lI2sFYPdDR
         bLgGGbm9EQUN0p5J0KqmdDz7tCXSoPzrrJe0lGvI1mNesygRBaciAHuHVPyey16Iuu/u
         uB3w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1734468928; x=1735073728;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=c4xeq3ZMMGhk/FnEpgO8e6Czls9Wy1A312FsBq9FL0I=;
        b=HrmaayqT829fegLScTFzRbySplGiX3xSdf4sbdD4ghr8xkkfj+pJG2/lU86W2bt5EU
         7KIujlDtHYWmflqFg1BNaV9oBpsJwEcLo+VS+gjR3HrexsHK7MPB9FQ/lsmJLhp3MD5l
         10ZZAVsvoPBBhp9wxk1CX8zqy3MU6yCpXm4n0+pjX7KGg7J6Z074uTlTNt1OpNCpoxY0
         9EWoFfcawLe1P5ebVgY1NzewlRzLSD7I7kkbrxmgg2HmztfOM1wm4kQod4FI4Aikg2Bg
         kju6tEMiuS+38Eq0JZgVw3rj/SBJ87+1AbH9sjdfQlyGfyBO5FybZLZhK6n/I5jtmInp
         Kvzw==
X-Gm-Message-State: AOJu0YyqHUe5452AU/tPqlmowTqjgLXq5D2yjrJpdTYMKZyeXxsexGyn
	Mlg9Eyl5/H0U2WCyKlkWAzLJAHGnkcDJK87y+6OQmZgFLqOGbdbxUl9PTDNbbzpBUD8k1aGN0kw
	Z
X-Gm-Gg: ASbGnctXSDJELILbHUvu5Q74TiY8arR4Bi2sTnSKWIdfLIoO9MqlW2dVl9F/TwIm+Wg
	ZdU9Uu1cZLrfKPiha27EGmzacdlZv0qfl1Q+LE8ohlVdtfWKI4Tn8vp0hqtb5RgY3Y2+PsiPLpr
	8Zzxaz/1XscBqdJpKW9YZrXIOFELsf+waH7x6XKLv0UHndEW23vf7Iu+ZMIv31jFyotFrgVZGwG
	J1pwnr1/Prl17hGJZ3XFZxh381h47H8+96n0lMZHjhK+g==
X-Google-Smtp-Source: 
 AGHT+IF4a0K9IyCLF4NgOcnUIRgz+j3M2mCyd52ZMD9D868Q7mLbh7N1ZfE1LnQEOK6HjZD2f8SneQ==
X-Received: by 2002:a05:6a00:2405:b0:725:f212:12e5 with SMTP id
 d2e1a72fcca58-72a8d2ddd0emr670920b3a.24.1734468928576;
        Tue, 17 Dec 2024 12:55:28 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-72918ad5bc5sm7353294b3a.69.2024.12.17.12.55.28
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 17 Dec 2024 12:55:28 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 7/9] base-passwd: add the wheel group
Date: Tue, 17 Dec 2024 12:54:58 -0800
Message-Id: 
 <9b0f71dbd5319af98af4554ccd8ca94ff2a2af04.1734468756.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1734468756.git.steve@sakoman.com>
References: <cover.1734468756.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 17 Dec 2024 20:55:30 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/208853

From: Louis Rannou <lrannou@baylibre.com>

The wheel group is not declared while it can be used to access the systemd
journal and to configure printers in CUPS. It can also be used for su and sudo
permissions.

So far it was created later in the rootfs postcommand systemd_create_users.

Signed-off-by: Louis Rannou <lrannou@baylibre.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bebe52ae9576393ebb9d7405fc77fba21e84ba5b)
Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../base-passwd/0008-Add-wheel-group.patch    | 20 +++++++++++++++++++
 .../base-passwd/base-passwd_3.5.52.bb         |  1 +
 2 files changed, 21 insertions(+)
 create mode 100644 meta/recipes-core/base-passwd/base-passwd/0008-Add-wheel-group.patch

diff --git a/meta/recipes-core/base-passwd/base-passwd/0008-Add-wheel-group.patch b/meta/recipes-core/base-passwd/base-passwd/0008-Add-wheel-group.patch
new file mode 100644
index 0000000000..00eaec38a2
--- /dev/null
+++ b/meta/recipes-core/base-passwd/base-passwd/0008-Add-wheel-group.patch
@@ -0,0 +1,20 @@
+
+We need to have a wheel group which has some system privileges to consult the
+systemd journal or manage printers with cups.
+
+Upstream status says the group does not exist by default.
+
+Upstream-Status: Inappropriate [enable feature]
+
+Signed-off-by: Louis Rannou <lrannou@baylibre.com>
+Index: base-passwd-3.5.26/group.master
+===================================================================
+--- base-passwd-3.5.29.orig/group.master
++++ base-passwd-3.5.29/group.master
+@@ -38,5 +38,6 @@
+ staff:*:50:
+ games:*:60:
+ shutdown:*:70:
++wheel:*:80:
+ users:*:100:
+ nogroup:*:65534:
diff --git a/meta/recipes-core/base-passwd/base-passwd_3.5.52.bb b/meta/recipes-core/base-passwd/base-passwd_3.5.52.bb
index f89752c077..66b5a0e7dc 100644
--- a/meta/recipes-core/base-passwd/base-passwd_3.5.52.bb
+++ b/meta/recipes-core/base-passwd/base-passwd_3.5.52.bb
@@ -13,6 +13,7 @@ SRC_URI = "https://launchpad.net/debian/+archive/primary/+files/${BPN}_${PV}.tar
            file://0005-Add-kvm-group.patch \
            file://0006-Make-it-possible-to-build-without-debconf-support.patch \
            file://0007-Make-it-possible-to-disable-the-generation-of-the-do.patch \
+           file://0008-Add-wheel-group.patch \
            "
 
 SRC_URI[sha256sum] = "5dfec6556b5a16ecf14dd3f7c95b591d929270289268123f31a3d6317f95ccea"

From patchwork Tue Dec 17 20:54:59 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 54266
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 9D273E77184
	for <webhook@archiver.kernel.org>; Tue, 17 Dec 2024 20:55:40 +0000 (UTC)
Received: from mail-pf1-f174.google.com (mail-pf1-f174.google.com
 [209.85.210.174])
 by mx.groups.io with SMTP id smtpd.web10.91471.1734468930667743429
 for <openembedded-core@lists.openembedded.org>;
 Tue, 17 Dec 2024 12:55:30 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=2/U2oVBt;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.174,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f174.google.com with SMTP id
 d2e1a72fcca58-728e1799d95so6775986b3a.2
        for <openembedded-core@lists.openembedded.org>;
 Tue, 17 Dec 2024 12:55:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1734468930;
 x=1735073730; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=ajwKsg7Z3PK5lyhHbFqM8ASByw+k09tJ8aO/Qe9DlUg=;
        b=2/U2oVBtwBmecNG9LvR8dto9gcAj1EfZ3qvZLNooqEkmdVlgBDnJZ/k2HjwwMMaAlL
         imPn0mlxl1Wbea0ZxaFYbmzN1GUtts+30jjlznyMzf3yp/vbr9RnrAX/cN5TBb0zDpRR
         PSMyGUWFo5g4Etg46wmId3L9Yp01mYOp3I954VkHi9vYM9ofu2AjwxU/uNUZPYDKNeSJ
         Yo+lUZpXoPHeqUPHTWw92rAc4GFSCb1uLB31Z2ucMWvtfnHYDQmMfzU0dhUCdWJ+VXm6
         f4pCxTkc5OizzNm2uG8dvtU4QeECaRvboQfuPBmali9Vy0SacHPHwils8dA7HTKHztXY
         Qc9w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1734468930; x=1735073730;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=ajwKsg7Z3PK5lyhHbFqM8ASByw+k09tJ8aO/Qe9DlUg=;
        b=RFp2sG81w9L2UCPQr24DevlWNsRL0fm08JJFjk9VTvQUB9TtOPgAGn1LfXI3wVj2E0
         U28vtzxDsr2pwLagVSIsax1yonQe+ZgX31ai26lB9R9jhmc1ma/rjw6YxYFizz8nSL0e
         2HapZHcMmCBpenmi+xMeO6e2EY7MntNX2FqPgDo/8L+vePI5VMGQHIspiUKBhicWdnou
         Owel71GrNXroEb7K2njDKemHFsZdx46ZRR1fgI09sSny2m9Gv+rIKMJ1V+GW+sGZtNJa
         BRwVEWA+CgMEJC9ZcRhnruRs1K907bdkvBT3u/tYb6tTwr/FEtKz+zHIeCOlRwreQ+dR
         NriQ==
X-Gm-Message-State: AOJu0YxRG3u00CklwvLDmNRvksfOxIreRJ+I15gw86m7ONHG0xAquFWu
	JlrETAfdnFkz9sA2Jy+bEABXtNpoJrQPPhNJAQABGsp0E0N+lRN2+7a6ISzAdD0xfIC69mSY4Wp
	Q
X-Gm-Gg: ASbGncvrxOEKQe5KWNbyDM6GNJssYmkQbbb7zFmfv4S+EWXyHB9oHUCvG/DyOhhTqEK
	b+rVjE2VW/jNnmtDCscT0awWZatA1cDOc0mKh/bQBf+JXmJaWsMGQdbRd26wvFFI3Ebuf3nICys
	vpOn+E5MFKW4o2iTy1R56+VM6yzbXEwSewp4sgHWQTGyegPZFlGnTDQNTO+eHsMg+2Cf+G/VL2Y
	jwKUNO0r5SZp+sATzIjJJfzopuuSVRkfonGWWuPRKfP8g==
X-Google-Smtp-Source: 
 AGHT+IH4FmIuaMZiHxG8cU76u4DSjY0RCRFnbAfeVUVQ0DOI7QJEkfY+P/ykxbILISksRzkSYghdDg==
X-Received: by 2002:a05:6a21:9013:b0:1e1:bdae:e045 with SMTP id
 adf61e73a8af0-1e5b482106emr741957637.23.1734468929976;
        Tue, 17 Dec 2024 12:55:29 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-72918ad5bc5sm7353294b3a.69.2024.12.17.12.55.29
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 17 Dec 2024 12:55:29 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 8/9] base-passwd: fix patchreview warning
Date: Tue, 17 Dec 2024 12:54:59 -0800
Message-Id: 
 <7fac3b8ce8f90a79d470c2ce532750039eaa0e2f.1734468756.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1734468756.git.steve@sakoman.com>
References: <cover.1734468756.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 17 Dec 2024 20:55:40 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/208854

From: Alexandre Belloni <alexandre.belloni@bootlin.com>

Fix:

Malformed Upstream-Status 'Upstream status' (meta/recipes-core/base-passwd/base-passwd/0007-Add-wheel-group.patch)
Unknown Upstream-Status value 'says' (meta/recipes-core/base-passwd/base-passwd/0007-Add-wheel-group.patch)

Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7b62b32fe154ca40a3bf731eaa5994ec351cf507)
Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../base-passwd/base-passwd/0008-Add-wheel-group.patch          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-core/base-passwd/base-passwd/0008-Add-wheel-group.patch b/meta/recipes-core/base-passwd/base-passwd/0008-Add-wheel-group.patch
index 00eaec38a2..d77122789d 100644
--- a/meta/recipes-core/base-passwd/base-passwd/0008-Add-wheel-group.patch
+++ b/meta/recipes-core/base-passwd/base-passwd/0008-Add-wheel-group.patch
@@ -2,7 +2,7 @@
 We need to have a wheel group which has some system privileges to consult the
 systemd journal or manage printers with cups.
 
-Upstream status says the group does not exist by default.
+Upstream says the group does not exist by default.
 
 Upstream-Status: Inappropriate [enable feature]
 

From patchwork Tue Dec 17 20:55:00 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 54267
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 9C35EE7717F
	for <webhook@archiver.kernel.org>; Tue, 17 Dec 2024 20:55:40 +0000 (UTC)
Received: from mail-pf1-f172.google.com (mail-pf1-f172.google.com
 [209.85.210.172])
 by mx.groups.io with SMTP id smtpd.web11.91809.1734468932076599529
 for <openembedded-core@lists.openembedded.org>;
 Tue, 17 Dec 2024 12:55:32 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=l63vqGPR;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.172,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f172.google.com with SMTP id
 d2e1a72fcca58-7242f559a9fso7367944b3a.1
        for <openembedded-core@lists.openembedded.org>;
 Tue, 17 Dec 2024 12:55:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1734468931;
 x=1735073731; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=Be1NpRqqfe8CY2xkcJuFYygK0QxoNikft6c5AM0sNjk=;
        b=l63vqGPRQH9lk3Z4UiTMsClIY8xqSjZ5HWdTvKS9LBOp1sOlixN68/Zp03apTkkMCw
         EMldf0II8MyYIDtT72gAkF/pik9zCD//xC5K+/2VuEi/hmpu58KshlasXH67ZK1yDGUn
         D9cytgxfFpcfwiM/F2DGs5B+UPc6f58Jq9Dx53CBhI94occQgqWhaKdqlBKaAJ+T/vvu
         2rQ8B5sgQAlP4c+145JEz/ME4+asiAYoO3G/bUml8NIqeoS7xINY6nur09YiJUTpumZU
         +HOKhN5l6pnw+gKnaQCHHvnp/q5716kfyCyE/g0+mLad1/WqAAtfhdDZH9vfcdO7NCaB
         MU8A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1734468931; x=1735073731;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=Be1NpRqqfe8CY2xkcJuFYygK0QxoNikft6c5AM0sNjk=;
        b=R+YQ67Bitc3UD4N7wtVqlDyqAS9AnTUI0ZxYBw/jw0j0ILEhD5V/0wWyAf3S7I5pvD
         qutmcSVCSKcqXFz8zLpJLUXu41mFP0JuVJUQOcLzGjCKK66ioWjsBD2D14uBrCmwSeSV
         s2I04CP9xrmFCKZELQEv5vlx+Uf5xmChTuWnzzy6Gd0KH89N6nSheQIlUUjPQQHPcHJe
         v42/xx+k+aept8fYYbIYmoVhm4Qv0hF4fm40aEjmQU6ruSDwBjXAyPChmjP7t6lmcJFQ
         2c07erKfZOzPnu7zlaHw0kNPoik5UQWGu6bZoq99ehzAYaXe8CUvuZMT43e1FG7zh9Ip
         DZtw==
X-Gm-Message-State: AOJu0YwKH/F5yuymjV2tHlcwnrlNbuHSEgndZLaJqy3dRLh2vPIGZTR9
	QLnSCjR8t3d40udzSCqEgCHwLK9fNUVegM2vR+JvvEqy6Ufpk9MxBj36YW95QnrpmaDa65gDa4y
	3
X-Gm-Gg: ASbGncuoqRcGPYWsce42SRoCpGeJPQJA7uN58Akm1eJPR8BCIeZthcpgNArcph/4eCo
	OjzY4ofwojDsPGk4SN9nPm/14UeIwZlfe+ZrZDAxMcr+xnrg3B4cxYs5Zc5UijwAS/ZZJRDxPa6
	Z2z9spUnd8K87C+wJc5JYsq/2WBZcEeL+qwM8hA/GE2Sl+I4SN7ij7noBEUy0pIk1sBpnVTe0vj
	Gk/5DLALj10A0TxwI4UoqlAUMUIAFEp89ReFllrrdX7rg==
X-Google-Smtp-Source: 
 AGHT+IF7WqLinfx/vS5L4cL90+DE2x1+s8H4f5NTvnDbS07G0tuJUeX8MCvMuqNC6gwr32uhaP7V4g==
X-Received: by 2002:a05:6a00:3cd0:b0:728:e182:a8b with SMTP id
 d2e1a72fcca58-72a8d226adbmr656182b3a.9.1734468931401;
        Tue, 17 Dec 2024 12:55:31 -0800 (PST)
Received: from hexa.. ([98.142.47.158])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-72918ad5bc5sm7353294b3a.69.2024.12.17.12.55.30
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 17 Dec 2024 12:55:31 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 9/9] base-passwd: Add the sgx group
Date: Tue, 17 Dec 2024 12:55:00 -0800
Message-Id: 
 <cd7618319cf14cf1e65320b0eb57ca12028efc0f.1734468756.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1734468756.git.steve@sakoman.com>
References: <cover.1734468756.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 17 Dec 2024 20:55:40 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/208855

From: Alex Kiernan <alex.kiernan@gmail.com>

To avoid errors from eudev/udev we need an sgx group, but if we add it
via groupadd that causes shadow login to be brought into an image, which
causes images which have CONFIG_MULTIUSER unset to fail with `setgid:
Function not implemented` as shadow's login doesn't implement the
heuristics which busybox has to handle this kernel configuration.

Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a1c81ac4a869cc57394071ace2ca086eb8ac47a4)
Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../0001-base-passwd-Add-the-sgx-group.patch  | 30 +++++++++++++++++++
 .../base-passwd/base-passwd_3.5.52.bb         |  1 +
 2 files changed, 31 insertions(+)
 create mode 100644 meta/recipes-core/base-passwd/base-passwd/0001-base-passwd-Add-the-sgx-group.patch

diff --git a/meta/recipes-core/base-passwd/base-passwd/0001-base-passwd-Add-the-sgx-group.patch b/meta/recipes-core/base-passwd/base-passwd/0001-base-passwd-Add-the-sgx-group.patch
new file mode 100644
index 0000000000..e1340e1b70
--- /dev/null
+++ b/meta/recipes-core/base-passwd/base-passwd/0001-base-passwd-Add-the-sgx-group.patch
@@ -0,0 +1,30 @@
+From 9e57771d138ac423d5139b984b8c869122ce4976 Mon Sep 17 00:00:00 2001
+From: Alex Kiernan <alexk@zuma.ai>
+Date: Fri, 28 Jul 2023 10:28:57 +0100
+Subject: [PATCH] base-passwd: Add the sgx group
+
+To avoid errors from eudev/udev we need an sgx group, but if we add it
+via groupadd that causes shadow login to be brought into an image, which
+causes images which have CONFIG_MULTIUSER unset to fail with `setgid:
+Function not implemented` as shadow's login doesn't implement the
+heuristics which busybox has to handle this kernel configuration.
+
+Upstream-Status: Inappropriate [oe-specific]
+
+Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
+---
+ group.master | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/group.master b/group.master
+index d34d2b832d43..e54fd1d2c6dc 100644
+--- a/group.master
++++ b/group.master
+@@ -34,6 +34,7 @@ video:*:44:
+ sasl:*:45:
+ plugdev:*:46:
+ kvm:*:47:
++sgx:*:48:
+ staff:*:50:
+ games:*:60:
+ shutdown:*:70:
diff --git a/meta/recipes-core/base-passwd/base-passwd_3.5.52.bb b/meta/recipes-core/base-passwd/base-passwd_3.5.52.bb
index 66b5a0e7dc..9fbba7e9c0 100644
--- a/meta/recipes-core/base-passwd/base-passwd_3.5.52.bb
+++ b/meta/recipes-core/base-passwd/base-passwd_3.5.52.bb
@@ -14,6 +14,7 @@ SRC_URI = "https://launchpad.net/debian/+archive/primary/+files/${BPN}_${PV}.tar
            file://0006-Make-it-possible-to-build-without-debconf-support.patch \
            file://0007-Make-it-possible-to-disable-the-generation-of-the-do.patch \
            file://0008-Add-wheel-group.patch \
+           file://0001-base-passwd-Add-the-sgx-group.patch \
            "
 
 SRC_URI[sha256sum] = "5dfec6556b5a16ecf14dd3f7c95b591d929270289268123f31a3d6317f95ccea"