[oe-commits] [openembedded-core] 07/13: shadow: musl now supports secure_getenv

Wed Aug 21 14:30:51 UTC 2019

This is an automated email from the git hooks/post-receive script.

rpurdie pushed a commit to branch master
in repository openembedded-core.

commit 30b6ae3084f63df437a4d6dd859bca674ca01e12
Author: Adrian Bunk <bunk at stusta.de>
AuthorDate: Sun Aug 18 18:00:31 2019 +0300

    shadow: musl now supports secure_getenv
    
    This fixed a potential security vulnerability on musl and made
    the patch obsolete.
    
    Signed-off-by: Adrian Bunk <bunk at stusta.de>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
---
 ...002-gettime-Use-secure_getenv-over-getenv.patch | 71 ----------------------
 meta/recipes-extended/shadow/shadow.inc            |  1 -
 2 files changed, 72 deletions(-)

diff --git a/meta/recipes-extended/shadow/files/0002-gettime-Use-secure_getenv-over-getenv.patch b/meta/recipes-extended/shadow/files/0002-gettime-Use-secure_getenv-over-getenv.patch
deleted file mode 100644
index 8c8234d..0000000
--- a/meta/recipes-extended/shadow/files/0002-gettime-Use-secure_getenv-over-getenv.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From 3d921155e0a761f61c8f1ec37328724aee1e2eda Mon Sep 17 00:00:00 2001
-From: Chris Lamb <chris at chris-lamb.co.uk>
-Date: Sun, 31 Mar 2019 15:59:45 +0100
-Subject: [PATCH 2/2] gettime: Use secure_getenv over getenv.
-
-Upstream-Status: Backport
-Signed-off-by: Alex Kiernan <alex.kiernan at gmail.com>
----
- README            | 1 +
- configure.ac      | 3 +++
- lib/defines.h     | 6 ++++++
- libmisc/gettime.c | 2 +-
- 4 files changed, 11 insertions(+), 1 deletion(-)
-
-diff --git a/README b/README
-index 952ac5787f06..26cfff1e8fa8 100644
---- a/README
-+++ b/README
-@@ -51,6 +51,7 @@ Brian R. Gaeke <brg at dgate.org>
- Calle Karlsson <ckn at kash.se>
- Chip Rosenthal <chip at unicom.com>
- Chris Evans <lady0110 at sable.ox.ac.uk>
-+Chris Lamb <chris at chris-lamb.co.uk>
- Cristian Gafton <gafton at sorosis.ro>
- Dan Walsh <dwalsh at redhat.com>
- Darcy Boese <possum at chardonnay.niagara.com>
-diff --git a/configure.ac b/configure.ac
-index da236722766b..a738ad662cc3 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -110,6 +110,9 @@ AC_REPLACE_FUNCS(sgetgrent sgetpwent sgetspent)
- AC_REPLACE_FUNCS(snprintf strcasecmp strdup strerror strstr)
- 
- AC_CHECK_FUNC(setpgrp)
-+AC_CHECK_FUNC(secure_getenv, [AC_DEFINE(HAS_SECURE_GETENV,
-+                                        1,
-+                                        [Defined to 1 if you have the declaration of 'secure_getenv'])])
- 
- if test "$ac_cv_header_shadow_h" = "yes"; then
- 	AC_CACHE_CHECK(for working shadow group support,
-diff --git a/lib/defines.h b/lib/defines.h
-index cded1417fd12..2fb1b56eca6b 100644
---- a/lib/defines.h
-+++ b/lib/defines.h
-@@ -382,4 +382,10 @@ extern char *strerror ();
- # endif
- #endif
- 
-+#ifdef HAVE_SECURE_GETENV
-+#  define shadow_getenv(name) secure_getenv(name)
-+# else
-+#  define shadow_getenv(name) getenv(name)
-+#endif
-+
- #endif				/* _DEFINES_H_ */
-diff --git a/libmisc/gettime.c b/libmisc/gettime.c
-index 53eaf51670bb..0e25a4b75061 100644
---- a/libmisc/gettime.c
-+++ b/libmisc/gettime.c
-@@ -52,7 +52,7 @@
- 	unsigned long long epoch;
- 
- 	fallback = time (NULL);
--	source_date_epoch = getenv ("SOURCE_DATE_EPOCH");
-+	source_date_epoch = shadow_getenv ("SOURCE_DATE_EPOCH");
- 
- 	if (!source_date_epoch)
- 		return fallback;
--- 
-2.17.1
-
diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc
index 7f82d20..acd753d 100644
--- a/meta/recipes-extended/shadow/shadow.inc
+++ b/meta/recipes-extended/shadow/shadow.inc
@@ -12,7 +12,6 @@ UPSTREAM_CHECK_URI = "https://github.com/shadow-maint/shadow/releases"
 SRC_URI = "https://github.com/shadow-maint/shadow/releases/download/${PV}/${BP}.tar.gz \
            file://shadow-4.1.3-dots-in-usernames.patch \
            file://0001-Make-the-sp_lstchg-shadow-field-reproducible-re.-71.patch  \
-           file://0002-gettime-Use-secure_getenv-over-getenv.patch \
            file://0001-configure.ac-fix-configure-error-with-dash.patch \
            ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \
            "

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.
