[PATCH 1/9] cmake: update 3.21.0 -> 3.21.1

[PATCH 1/9] cmake: update 3.21.0 -> 3.21.1

[Alexander Kanavin]

Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
---
 .../cmake/{cmake-native_3.21.0.bb => cmake-native_3.21.1.bb}    | 0
 meta/recipes-devtools/cmake/cmake.inc                           | 2 +-
 .../recipes-devtools/cmake/{cmake_3.21.0.bb => cmake_3.21.1.bb} | 0
 3 files changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-devtools/cmake/{cmake-native_3.21.0.bb => cmake-native_3.21.1.bb} (100%)
 rename meta/recipes-devtools/cmake/{cmake_3.21.0.bb => cmake_3.21.1.bb} (100%)

diff --git a/meta/recipes-devtools/cmake/cmake-native_3.21.0.bb b/meta/recipes-devtools/cmake/cmake-native_3.21.1.bb
similarity index 100%
rename from meta/recipes-devtools/cmake/cmake-native_3.21.0.bb
rename to meta/recipes-devtools/cmake/cmake-native_3.21.1.bb
diff --git a/meta/recipes-devtools/cmake/cmake.inc b/meta/recipes-devtools/cmake/cmake.inc
index 358f284279..7f0aff8118 100644
--- a/meta/recipes-devtools/cmake/cmake.inc
+++ b/meta/recipes-devtools/cmake/cmake.inc
@@ -21,7 +21,7 @@ SRC_URI = "https://cmake.org/files/v${CMAKE_MAJOR_VERSION}/cmake-${PV}.tar.gz \
            file://0004-Fail-silently-if-system-Qt-installation-is-broken.patch \
 "
 
-SRC_URI[sha256sum] = "4a42d56449a51f4d3809ab4d3b61fd4a96a469e56266e896ce1009b5768bd2ab"
+SRC_URI[sha256sum] = "fac3915171d4dff25913975d712f76e69aef44bf738ba7b976793a458b4cfed4"
 
 UPSTREAM_CHECK_REGEX = "cmake-(?P<pver>\d+(\.\d+)+)\.tar"
 
diff --git a/meta/recipes-devtools/cmake/cmake_3.21.0.bb b/meta/recipes-devtools/cmake/cmake_3.21.1.bb
similarity index 100%
rename from meta/recipes-devtools/cmake/cmake_3.21.0.bb
rename to meta/recipes-devtools/cmake/cmake_3.21.1.bb
-- 
2.31.1

[PATCH 2/9] mtools: update 4.0.32 -> 4.0.34

[Alexander Kanavin]

Drop no-x11.gplv3.patch (the libraries are now
dynamically enabled from configure.in).

Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
---
 .../mtools/disable-hardcoded-configs.patch     |  4 ++--
 .../mtools/mtools/no-x11.gplv3.patch           | 18 ------------------
 .../{mtools_4.0.32.bb => mtools_4.0.34.bb}     |  3 +--
 3 files changed, 3 insertions(+), 22 deletions(-)
 delete mode 100644 meta/recipes-devtools/mtools/mtools/no-x11.gplv3.patch
 rename meta/recipes-devtools/mtools/{mtools_4.0.32.bb => mtools_4.0.34.bb} (91%)

diff --git a/meta/recipes-devtools/mtools/mtools/disable-hardcoded-configs.patch b/meta/recipes-devtools/mtools/mtools/disable-hardcoded-configs.patch
index 81d76d060e..c78f73d255 100644
--- a/meta/recipes-devtools/mtools/mtools/disable-hardcoded-configs.patch
+++ b/meta/recipes-devtools/mtools/mtools/disable-hardcoded-configs.patch
@@ -1,4 +1,4 @@
-From 630dbcabc408cf5d73edaa7cf64a48194976b290 Mon Sep 17 00:00:00 2001
+From bd2ec723326b6d57350da73b444dd43e923011e8 Mon Sep 17 00:00:00 2001
 From: Ed Bartosh <ed.bartosh@linux.intel.com>
 Date: Tue, 13 Jun 2017 14:55:52 +0300
 Subject: [PATCH] Disabled reading host configs.
@@ -12,7 +12,7 @@ Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com>
  1 file changed, 8 deletions(-)
 
 diff --git a/config.c b/config.c
-index bb13682..9186c77 100644
+index 173eae0..0654cc1 100644
 --- a/config.c
 +++ b/config.c
 @@ -836,14 +836,6 @@ void read_config(void)
diff --git a/meta/recipes-devtools/mtools/mtools/no-x11.gplv3.patch b/meta/recipes-devtools/mtools/mtools/no-x11.gplv3.patch
deleted file mode 100644
index 9cb3e39f5c..0000000000
--- a/meta/recipes-devtools/mtools/mtools/no-x11.gplv3.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-Disable building with X11 support.
-
-Upstream-Status: Inappropriate [disable feature]
-
-Signed-off-by: Scott Garman <scott.a.garman@intel.com>
-
-diff -urN mtools-4.0.15.orig//Makefile.in mtools-4.0.15//Makefile.in
---- mtools-4.0.15.orig//Makefile.in	2010-10-17 08:41:09.000000000 -0700
-+++ mtools-4.0.15//Makefile.in	2010-11-23 13:59:49.258258374 -0800
-@@ -146,7 +146,7 @@
- CXXFLAGS  = $(CPPFLAGS) $(DEFS) $(MYCXXFLAGS) -I. @extraincludedir@ -I@srcdir@ $(USERCFLAGS)
- LINK      = $(CC) $(LDFLAGS) $(USERLDFLAGS) @extralibdir@
- ALLLIBS   = $(USERLDLIBS) $(MACHDEPLIBS) $(SHLIB) $(LIBS)
--X_LDFLAGS = $(X_EXTRA_LIBS) $(X_LIBS) -lXau -lX11 $(LIBS)
-+X_LDFLAGS = $(X_EXTRA_LIBS) $(X_LIBS) $(LIBS)
- X_CCFLAGS = $(X_CFLAGS) $(CFLAGS)
- 
- all:    mtools $(LINKS) mkmanifest @FLOPPYD@ mtools.1 mtools.5
diff --git a/meta/recipes-devtools/mtools/mtools_4.0.32.bb b/meta/recipes-devtools/mtools/mtools_4.0.34.bb
similarity index 91%
rename from meta/recipes-devtools/mtools/mtools_4.0.32.bb
rename to meta/recipes-devtools/mtools/mtools_4.0.34.bb
index 501875037a..3d2702ac36 100644
--- a/meta/recipes-devtools/mtools/mtools_4.0.32.bb
+++ b/meta/recipes-devtools/mtools/mtools_4.0.34.bb
@@ -24,11 +24,10 @@ RRECOMMENDS_${PN}_libc-glibc = "\
 	glibc-gconv-ibm866 \
 	glibc-gconv-ibm869 \
 	"
-SRC_URI[sha256sum] = "62498cd51ae7c79a27c879a45f0d2a8c44e1404cbb901372d09b02735ef5ad89"
+SRC_URI[sha256sum] = "ada543eb1b0ffe5440d4ee42634309ea1e286d7ebb80c99ba50db5cb2c360cab"
 
 SRC_URI = "${GNU_MIRROR}/mtools/mtools-${PV}.tar.bz2 \
            file://mtools-makeinfo.patch \
-           file://no-x11.gplv3.patch \
            file://clang_UNUSED.patch \
            "
 
-- 
2.31.1

[PATCH 3/9] util-linux: update 2.37 -> 2.37.1

[Alexander Kanavin]

Drop backports.

Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
---
 ...d_2.37.bb => util-linux-libuuid_2.37.1.bb} |  0
 meta/recipes-core/util-linux/util-linux.inc   |  9 +-
 .../0001-login-fix-close_range-use.patch      | 62 -------------
 ...74160b96498d672e3652827aa7e6d7f3a120.patch | 29 ------
 .../util-linux/tests-blkdiscard.patch         | 31 -------
 .../util-linux/util-linux/tests-eject.patch   | 56 ------------
 .../util-linux/util-linux/tests-kill.patch    | 88 -------------------
 .../util-linux/util-linux/tests-lscpu.patch   | 42 ---------
 .../util-linux/util-linux/tests-ul.patch      | 35 --------
 ...til-linux_2.37.bb => util-linux_2.37.1.bb} |  0
 10 files changed, 1 insertion(+), 351 deletions(-)
 rename meta/recipes-core/util-linux/{util-linux-libuuid_2.37.bb => util-linux-libuuid_2.37.1.bb} (100%)
 delete mode 100644 meta/recipes-core/util-linux/util-linux/0001-login-fix-close_range-use.patch
 delete mode 100644 meta/recipes-core/util-linux/util-linux/8a3a74160b96498d672e3652827aa7e6d7f3a120.patch
 delete mode 100644 meta/recipes-core/util-linux/util-linux/tests-blkdiscard.patch
 delete mode 100644 meta/recipes-core/util-linux/util-linux/tests-eject.patch
 delete mode 100644 meta/recipes-core/util-linux/util-linux/tests-kill.patch
 delete mode 100644 meta/recipes-core/util-linux/util-linux/tests-lscpu.patch
 delete mode 100644 meta/recipes-core/util-linux/util-linux/tests-ul.patch
 rename meta/recipes-core/util-linux/{util-linux_2.37.bb => util-linux_2.37.1.bb} (100%)

diff --git a/meta/recipes-core/util-linux/util-linux-libuuid_2.37.bb b/meta/recipes-core/util-linux/util-linux-libuuid_2.37.1.bb
similarity index 100%
rename from meta/recipes-core/util-linux/util-linux-libuuid_2.37.bb
rename to meta/recipes-core/util-linux/util-linux-libuuid_2.37.1.bb
diff --git a/meta/recipes-core/util-linux/util-linux.inc b/meta/recipes-core/util-linux/util-linux.inc
index 0648366baf..264c2e84f7 100644
--- a/meta/recipes-core/util-linux/util-linux.inc
+++ b/meta/recipes-core/util-linux/util-linux.inc
@@ -35,13 +35,6 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/util-linux/v${MAJOR_VERSION}/util-lin
            file://run-ptest \
            file://display_testname_for_subtest.patch \
            file://avoid_parallel_tests.patch \
-           file://8a3a74160b96498d672e3652827aa7e6d7f3a120.patch \
-           file://tests-kill.patch \
-           file://tests-blkdiscard.patch \
-           file://tests-ul.patch \
-           file://tests-eject.patch \
-           file://tests-lscpu.patch \
-           file://0001-login-fix-close_range-use.patch \
            "
 
-SRC_URI[sha256sum] = "bd07b7e98839e0359842110525a3032fdb8eaf3a90bedde3dd1652d32d15cce5"
+SRC_URI[sha256sum] = "8e4bd42053b726cf86eb4d13a73bc1d9225a2c2e1a2e0d2a891f1020f83e6b76"
diff --git a/meta/recipes-core/util-linux/util-linux/0001-login-fix-close_range-use.patch b/meta/recipes-core/util-linux/util-linux/0001-login-fix-close_range-use.patch
deleted file mode 100644
index 7a47597bd6..0000000000
--- a/meta/recipes-core/util-linux/util-linux/0001-login-fix-close_range-use.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From 76ae0badd3fd7c8653fa4d3c78d2dcfcec51d23d Mon Sep 17 00:00:00 2001
-From: Karel Zak <kzak@redhat.com>
-Date: Wed, 14 Jul 2021 17:25:57 +0200
-Subject: [PATCH] login: fix close_range() use
-
-This new syscall comes with three arguments (see kernel commit
-278a5fbaed89dacd04e9d052f4594ffd0e0585de). Not sure why util-linux
-assume only two.
-
-Upstream-Status: Backport [https://github.com/karelzak/util-linux/commit/b8d99a618baffb4fc03cda4c40e29778b6d77ad4]
-Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1981729
-Signed-off-by: Karel Zak <kzak@redhat.com>
----
- include/fileutils.h | 4 ++--
- lib/fileutils.c     | 2 +-
- login-utils/login.c | 2 +-
- 3 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/include/fileutils.h b/include/fileutils.h
-index ad54b95..f86426b 100644
---- a/include/fileutils.h
-+++ b/include/fileutils.h
-@@ -82,9 +82,9 @@ static inline struct dirent *xreaddir(DIR *dp)
- # if defined(SYS_close_range)
- #  include <sys/types.h>
- #  ifndef HAVE_CLOSE_RANGE
--static inline int close_range(unsigned int first, unsigned int last)
-+static inline int close_range(unsigned int first, unsigned int last, int flags)
- {
--	return syscall(SYS_close_range, first, last);
-+	return syscall(SYS_close_range, first, last, flags);
- }
- #  endif
- #  define HAVE_CLOSE_RANGE 1
-diff --git a/lib/fileutils.c b/lib/fileutils.c
-index 846b718..a979b03 100644
---- a/lib/fileutils.c
-+++ b/lib/fileutils.c
-@@ -189,7 +189,7 @@ int main(int argc, char *argv[])
- 		ignore_result( dup(STDIN_FILENO) );
-
- # ifdef HAVE_CLOSE_RANGE
--		close_range(STDERR_FILENO + 1, ~0U);
-+		close_range(STDERR_FILENO + 1, ~0U, 0);
- # else
- 		ul_close_all_fds(STDERR_FILENO + 1, ~0U);
- # endif
-diff --git a/login-utils/login.c b/login-utils/login.c
-index 7fefd05..94a042d 100644
---- a/login-utils/login.c
-+++ b/login-utils/login.c
-@@ -1358,7 +1358,7 @@ static void initialize(int argc, char **argv, struct login_context *cxt)
- #endif
- 	}
- #ifdef HAVE_CLOSE_RANGE
--	close_range(STDERR_FILENO + 1, ~0U);
-+	close_range(STDERR_FILENO + 1, ~0U, 0);
- #else
- 	ul_close_all_fds(STDERR_FILENO + 1, ~0U);
- #endif
---
-2.32.0
diff --git a/meta/recipes-core/util-linux/util-linux/8a3a74160b96498d672e3652827aa7e6d7f3a120.patch b/meta/recipes-core/util-linux/util-linux/8a3a74160b96498d672e3652827aa7e6d7f3a120.patch
deleted file mode 100644
index a5bb00ab65..0000000000
--- a/meta/recipes-core/util-linux/util-linux/8a3a74160b96498d672e3652827aa7e6d7f3a120.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 8a3a74160b96498d672e3652827aa7e6d7f3a120 Mon Sep 17 00:00:00 2001
-From: Karel Zak <kzak@redhat.com>
-Date: Tue, 15 Jun 2021 12:04:43 +0200
-Subject: [PATCH] mkswap: fix holes detection (infinite loop and/or
- stack-buffer-underflow)
-
-Reported-by: Brian Lane <bcl@redhat.com>
-Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1971877
-Fix: https://github.com/karelzak/util-linux/issues/1348
-Signed-off-by: Karel Zak <kzak@redhat.com>
-Upstream-Status: Backport
-Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
----
- disk-utils/mkswap.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/disk-utils/mkswap.c b/disk-utils/mkswap.c
-index 27374fd72..c45a3a317 100644
---- a/disk-utils/mkswap.c
-+++ b/disk-utils/mkswap.c
-@@ -267,6 +267,8 @@ static void check_extents(struct mkswap_control *ctl)
- 			return;
- 
- 		n = fiemap->fm_mapped_extents;
-+		if (n == 0)
-+			break;
- 
- 		for (i = 0; i < n; i++) {
- 			struct fiemap_extent *e = &fiemap->fm_extents[i];
diff --git a/meta/recipes-core/util-linux/util-linux/tests-blkdiscard.patch b/meta/recipes-core/util-linux/util-linux/tests-blkdiscard.patch
deleted file mode 100644
index 34b07a4b2d..0000000000
--- a/meta/recipes-core/util-linux/util-linux/tests-blkdiscard.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@arm.com>
-
-From 45fe65d934df2c938701f1c3cd3e0a6f3bdf25e6 Mon Sep 17 00:00:00 2001
-From: Ross Burton <ross.burton@arm.com>
-Date: Tue, 29 Jun 2021 18:10:40 +0100
-Subject: [PATCH] tests/blkdiscard: check correct log file for errors
-
-When checking if the discard ioctl is supported, look in stderr not stdout.
-
-Signed-off-by: Ross Burton <ross.burton@arm.com>
----
- tests/ts/blkdiscard/offsets | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/tests/ts/blkdiscard/offsets b/tests/ts/blkdiscard/offsets
-index 9dddc35e2..5e724d51b 100755
---- a/tests/ts/blkdiscard/offsets
-+++ b/tests/ts/blkdiscard/offsets
-@@ -48,7 +48,7 @@ ts_log "testing offsets with full block size"
- run_tscmd $TS_CMD_BLKDISCARD -v $DEVICE
- if [ "$?" != "0" ]; then
- 	# Skip the rest? For example loop backing files on NFS seem unsupported.
--	grep -q "BLKDISCARD ioctl failed: Operation not supported" "$TS_OUTPUT" \
-+	grep -q "BLKDISCARD ioctl failed: Operation not supported" "$TS_ERRLOG" \
- 		&& ts_skip "BLKDISCARD not supported"
- fi
- run_tscmd $TS_CMD_BLKDISCARD -v -o 1 $DEVICE
--- 
-2.25.1
-
diff --git a/meta/recipes-core/util-linux/util-linux/tests-eject.patch b/meta/recipes-core/util-linux/util-linux/tests-eject.patch
deleted file mode 100644
index 51e914d566..0000000000
--- a/meta/recipes-core/util-linux/util-linux/tests-eject.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-Upstream-Status: Submitted [https://github.com/karelzak/util-linux/pull/1375]
-Signed-off-by: Ross Burton <ross.burton@arm.com>
-
-From dd956268ba89fc1caf83c45c3c495f34d261e0e2 Mon Sep 17 00:00:00 2001
-From: Ross Burton <ross.burton@arm.com>
-Date: Thu, 1 Jul 2021 20:44:31 +0100
-Subject: [PATCH] test/eject: guard asan LD_PRELOAD with use-system-commands
- check
-
-This test tries to add asan to LD_PRELOAD because the just-built eject
-will call the host /bin/umount, and apparently asan doesn't like this.
-
-However, if ldd isn't present, this fails as the path to asan is the
-error message saying that ldd isn't present.
-
-As the asan workaround is only needed when executing the binaries that
-have just been built and not the system binaries, only use it if the
-test is on the built binaries.
-
-Closes #1373.
-
-Signed-off-by: Ross Burton <ross.burton@arm.com>
----
- tests/ts/eject/umount | 16 +++++++++-------
- 1 file changed, 9 insertions(+), 7 deletions(-)
-
-diff --git a/tests/ts/eject/umount b/tests/ts/eject/umount
-index a829d46c0..2be281ee3 100755
---- a/tests/ts/eject/umount
-+++ b/tests/ts/eject/umount
-@@ -60,13 +60,15 @@ function deinit_device {
- 	ts_scsi_debug_rmmod
- }
- 
--# As the eject binary execl()s an uninstrumented /bin/umount binary, we need
--# to explicitly $LD_PRELOAD the ASan's runtime DSO, otherwise ASan will complain.
--# Since all three utilities used by this test (eject, fdisk, mount) are just
--# libtool wrappers, let's check the kill binary instead, which should have
--# the needed DSO information.
--ASAN_RT_PATH="$(ts_get_asan_rt_path "$TS_CMD_KILL")"
--[ -n "$ASAN_RT_PATH" ] && export LD_PRELOAD="$ASAN_RT_PATH:$LD_PRELOAD"
-+if [ "$TS_USE_SYSTEM_COMMANDS" != "yes" ]; then
-+	# As the eject binary execl()s an uninstrumented /bin/umount binary, we need
-+	# to explicitly $LD_PRELOAD the ASan's runtime DSO, otherwise ASan will complain.
-+	# Since all three utilities used by this test (eject, fdisk, mount) are just
-+	# libtool wrappers, let's check the kill binary instead, which should have
-+	# the needed DSO information.
-+	ASAN_RT_PATH="$(ts_get_asan_rt_path "$TS_CMD_KILL")"
-+	[ -n "$ASAN_RT_PATH" ] && export LD_PRELOAD="$ASAN_RT_PATH:$LD_PRELOAD"
-+fi
- 
- ts_init_subtest "by-disk"
- init_device
--- 
-2.25.1
-
diff --git a/meta/recipes-core/util-linux/util-linux/tests-kill.patch b/meta/recipes-core/util-linux/util-linux/tests-kill.patch
deleted file mode 100644
index fa49fd4142..0000000000
--- a/meta/recipes-core/util-linux/util-linux/tests-kill.patch
+++ /dev/null
@@ -1,88 +0,0 @@
-Don't hardcode the use of /bin/kill, as this could be kill.procps.  Instead ask
-the shell what kill binary to use, which will be the symlink in
-/usr/lib/util-linux/ptest/bin/.
-
-Upstream-Status: Backport [https://github.com/karelzak/util-linux/pull/1367]
-Signed-off-by: Ross Burton <ross.burton@arm.com>
-
-From e3f8a88cf688dffacb5f6033a8d24e2db40f75f6 Mon Sep 17 00:00:00 2001
-From: Ross Burton <ross.burton@arm.com>
-Date: Tue, 29 Jun 2021 16:34:20 +0100
-Subject: [PATCH] Don't hardcode /bin
-
----
- tests/ts/kill/all_processes  | 2 +-
- tests/ts/kill/name_to_number | 2 +-
- tests/ts/kill/options        | 2 +-
- tests/ts/kill/print_pid      | 2 +-
- tests/ts/kill/queue          | 2 +-
- 5 files changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/tests/ts/kill/all_processes b/tests/ts/kill/all_processes
-index 0b137574d..b2280777f 100755
---- a/tests/ts/kill/all_processes
-+++ b/tests/ts/kill/all_processes
-@@ -22,7 +22,7 @@ ts_skip_nonroot
- 
- # make sure we do not use shell built-in command
- if [ "$TS_USE_SYSTEM_COMMANDS" == "yes" ]; then
--	TS_CMD_KILL="/bin/kill"
-+	TS_CMD_KILL="$(which kill)"
- fi
- 
- ts_check_test_command "$TS_CMD_KILL"
-diff --git a/tests/ts/kill/name_to_number b/tests/ts/kill/name_to_number
-index 9f4881cb7..8a7f4bef0 100755
---- a/tests/ts/kill/name_to_number
-+++ b/tests/ts/kill/name_to_number
-@@ -20,7 +20,7 @@ ts_init "$*"
- 
- # make sure we do not use shell built-in command
- if [ "$TS_USE_SYSTEM_COMMANDS" == "yes" ]; then
--	TS_CMD_KILL="/bin/kill"
-+	TS_CMD_KILL="$(which kill)"
- fi
- 
- ts_check_test_command "$TS_CMD_KILL"
-diff --git a/tests/ts/kill/options b/tests/ts/kill/options
-index 2788c70a2..10653a543 100755
---- a/tests/ts/kill/options
-+++ b/tests/ts/kill/options
-@@ -20,7 +20,7 @@ ts_init "$*"
- 
- # make sure we do not use shell built-in command
- if [ "$TS_USE_SYSTEM_COMMANDS" == "yes" ]; then
--	TS_CMD_KILL="/bin/kill"
-+	TS_CMD_KILL="$(which kill)"
- fi
- 
- ts_check_test_command "$TS_CMD_KILL"
-diff --git a/tests/ts/kill/print_pid b/tests/ts/kill/print_pid
-index 6926a3714..6e2db3711 100755
---- a/tests/ts/kill/print_pid
-+++ b/tests/ts/kill/print_pid
-@@ -20,7 +20,7 @@ ts_init "$*"
- 
- # make sure we do not use shell built-in command
- if [ "$TS_USE_SYSTEM_COMMANDS" == "yes" ]; then
--	TS_CMD_KILL="/bin/kill"
-+	TS_CMD_KILL="$(which kill)"
- fi
- 
- ts_check_test_command "$TS_CMD_KILL"
-diff --git a/tests/ts/kill/queue b/tests/ts/kill/queue
-index 18f10e8c2..6c9e9efc9 100755
---- a/tests/ts/kill/queue
-+++ b/tests/ts/kill/queue
-@@ -20,7 +20,7 @@ ts_init "$*"
- 
- # make sure we do not use shell built-in command
- if [ "$TS_USE_SYSTEM_COMMANDS" == "yes" ]; then
--	TS_CMD_KILL="/bin/kill"
-+	TS_CMD_KILL="$(which kill)"
- fi
- 
- ts_check_test_command "$TS_CMD_KILL"
--- 
-2.25.1
-
diff --git a/meta/recipes-core/util-linux/util-linux/tests-lscpu.patch b/meta/recipes-core/util-linux/util-linux/tests-lscpu.patch
deleted file mode 100644
index 36a19bd5a5..0000000000
--- a/meta/recipes-core/util-linux/util-linux/tests-lscpu.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@arm.com>
-
-From c2ca2837a27a3f1344904037ea691bfdbb288f02 Mon Sep 17 00:00:00 2001
-From: Karel Zak <kzak@redhat.com>
-Date: Fri, 2 Jul 2021 13:12:13 +0200
-Subject: [PATCH] lscpu: don't use DMI if executed with --sysroot
-
-Signed-off-by: Karel Zak <kzak@redhat.com>
----
- sys-utils/lscpu-arm.c | 8 +++++---
- 1 file changed, 5 insertions(+), 3 deletions(-)
-
-diff --git a/sys-utils/lscpu-arm.c b/sys-utils/lscpu-arm.c
-index d52765f9d..c7128094c 100644
---- a/sys-utils/lscpu-arm.c
-+++ b/sys-utils/lscpu-arm.c
-@@ -322,7 +322,8 @@ static void arm_decode(struct lscpu_cxt *cxt, struct lscpu_cputype *ct)
- 
- 	arm_ids_decode(ct);
- 	arm_rXpY_decode(ct);
--	if (cxt->is_cluster)
-+
-+	if (!cxt->noalive && cxt->is_cluster)
- 		ct->nr_socket_on_cluster = get_number_of_physical_sockets_from_dmi();
- }
- 
-@@ -330,8 +331,9 @@ static int is_cluster_arm(struct lscpu_cxt *cxt)
- {
- 	struct stat st;
- 
--	if (!(strcmp(cxt->arch->name, "aarch64")) &&
--	     (stat(_PATH_ACPI_PPTT, &st) < 0) && (cxt->ncputypes == 1))
-+	if (!cxt->noalive
-+	    && strcmp(cxt->arch->name, "aarch64") == 0
-+	    && stat(_PATH_ACPI_PPTT, &st) < 0 && cxt->ncputypes == 1)
- 		return 1;
- 	else
- 		return 0;
--- 
-2.25.1
-
diff --git a/meta/recipes-core/util-linux/util-linux/tests-ul.patch b/meta/recipes-core/util-linux/util-linux/tests-ul.patch
deleted file mode 100644
index 6896393105..0000000000
--- a/meta/recipes-core/util-linux/util-linux/tests-ul.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@arm.com>
-
-From b1c71f19ea404e74d36ca5b8fbb0484043cdaef3 Mon Sep 17 00:00:00 2001
-From: Ross Burton <ross.burton@arm.com>
-Date: Wed, 30 Jun 2021 11:25:01 +0100
-Subject: [PATCH] tests: mark ul/ul as a known failure
-
-As with ul/basic, this test produces different output when ran under
-different terminals, which isn't very useful.
-
-Set TS_KNOWN_FAIL so that these problems don't cause the test to fail.
-
-Signed-off-by: Ross Burton <ross.burton@arm.com>
----
- tests/ts/ul/ul | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/tests/ts/ul/ul b/tests/ts/ul/ul
-index b856e33db..c707658ac 100755
---- a/tests/ts/ul/ul
-+++ b/tests/ts/ul/ul
-@@ -20,6 +20,9 @@ ts_init "$*"
- 
- ts_check_test_command "$TS_CMD_UL"
- 
-+# This test provides different result on some terminals and virtual machines
-+TS_KNOWN_FAIL="yes"
-+
- printf "a\x08ab\x5F\x08c\\n\\ttab\\f\\b\\r" |
- 	$TS_CMD_UL -t xterm >> $TS_OUTPUT 2>> $TS_ERRLOG
- 
--- 
-2.25.1
-
diff --git a/meta/recipes-core/util-linux/util-linux_2.37.bb b/meta/recipes-core/util-linux/util-linux_2.37.1.bb
similarity index 100%
rename from meta/recipes-core/util-linux/util-linux_2.37.bb
rename to meta/recipes-core/util-linux/util-linux_2.37.1.bb
-- 
2.31.1

[PATCH 4/9] iputils: update 20210202 -> 20210722

[Alexander Kanavin]

Drop rdisc part from 0001-rarpd-rdisc-Drop-PrivateUsers.patch
as it's been fixed upstream; rarpd still isn't.

Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
---
 .../0001-rarpd-rdisc-Drop-PrivateUsers.patch  | 31 ++++---------------
 ...putils_20210202.bb => iputils_20210722.bb} |  2 +-
 2 files changed, 7 insertions(+), 26 deletions(-)
 rename meta/recipes-extended/iputils/{iputils_20210202.bb => iputils_20210722.bb} (98%)

diff --git a/meta/recipes-extended/iputils/iputils/0001-rarpd-rdisc-Drop-PrivateUsers.patch b/meta/recipes-extended/iputils/iputils/0001-rarpd-rdisc-Drop-PrivateUsers.patch
index d7367caf78..c61e39dc80 100644
--- a/meta/recipes-extended/iputils/iputils/0001-rarpd-rdisc-Drop-PrivateUsers.patch
+++ b/meta/recipes-extended/iputils/iputils/0001-rarpd-rdisc-Drop-PrivateUsers.patch
@@ -1,20 +1,20 @@
-From 6e51d529988cfc0bb357751fd767e9f1478e2b81 Mon Sep 17 00:00:00 2001
+From dfeeb3f1328d09f516edeb6349bd63e3c87f9397 Mon Sep 17 00:00:00 2001
 From: Alex Kiernan <alex.kiernan@gmail.com>
 Date: Thu, 13 Feb 2020 06:08:45 +0000
-Subject: [PATCH] rarpd: rdisc: Drop PrivateUsers
+Subject: [PATCH] rarpd:Drop PrivateUsers
 
-Neither rarpd nor rdisc can gain the necessary capabilities with
+rarpd cannot gain the necessary capabilities with
 PrivateUsers enabled.
 
 Upstream-Status: Pending
 Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
+
 ---
  systemd/rarpd.service.in | 1 -
- systemd/rdisc.service.in | 3 ++-
- 2 files changed, 2 insertions(+), 2 deletions(-)
+ 1 file changed, 1 deletion(-)
 
 diff --git a/systemd/rarpd.service.in b/systemd/rarpd.service.in
-index e600c10c93e6..f5d7621a7ce8 100644
+index e600c10..f5d7621 100644
 --- a/systemd/rarpd.service.in
 +++ b/systemd/rarpd.service.in
 @@ -12,7 +12,6 @@ AmbientCapabilities=CAP_NET_RAW
@@ -25,22 +25,3 @@ index e600c10c93e6..f5d7621a7ce8 100644
  ProtectSystem=strict
  ProtectHome=yes
  ProtectControlGroups=yes
-diff --git a/systemd/rdisc.service.in b/systemd/rdisc.service.in
-index 4e2a1ec9d0e5..a71b87d36b37 100644
---- a/systemd/rdisc.service.in
-+++ b/systemd/rdisc.service.in
-@@ -8,9 +8,10 @@ After=network.target
- EnvironmentFile=-/etc/sysconfig/rdisc
- ExecStart=@sbindir@/rdisc -f -t $OPTIONS $SEND_ADDRESS $RECEIVE_ADDRESS
- 
-+CapabilityBoundingSet=CAP_NET_RAW
- AmbientCapabilities=CAP_NET_RAW
- PrivateTmp=yes
--PrivateUsers=yes
-+DynamicUser=yes
- ProtectSystem=strict
- ProtectHome=yes
- ProtectControlGroups=yes
--- 
-2.17.1
-
diff --git a/meta/recipes-extended/iputils/iputils_20210202.bb b/meta/recipes-extended/iputils/iputils_20210722.bb
similarity index 98%
rename from meta/recipes-extended/iputils/iputils_20210202.bb
rename to meta/recipes-extended/iputils/iputils_20210722.bb
index 02a303782e..b5a774073e 100644
--- a/meta/recipes-extended/iputils/iputils_20210202.bb
+++ b/meta/recipes-extended/iputils/iputils_20210722.bb
@@ -13,7 +13,7 @@ DEPENDS = "gnutls"
 SRC_URI = "git://github.com/iputils/iputils \
            file://0001-rarpd-rdisc-Drop-PrivateUsers.patch \
            "
-SRCREV = "cc16da6b574ce6637f3e6e9ab3c1a728663006ff"
+SRCREV = "71bb2a6c72e9f658e90ac618c73d873a76bbaa81"
 
 S = "${WORKDIR}/git"
 
-- 
2.31.1

[PATCH 5/9] freetype: update 2.10.4 -> 2.11.0

[Alexander Kanavin]

License-Update: formatting, changed location in source tree.

Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
---
 .../freetype/freetype/use-right-libtool.patch | 23 ++++++++++++++++---
 ...{freetype_2.10.4.bb => freetype_2.11.0.bb} |  4 ++--
 2 files changed, 22 insertions(+), 5 deletions(-)
 rename meta/recipes-graphics/freetype/{freetype_2.10.4.bb => freetype_2.11.0.bb} (91%)

diff --git a/meta/recipes-graphics/freetype/freetype/use-right-libtool.patch b/meta/recipes-graphics/freetype/freetype/use-right-libtool.patch
index 3368f7ddd3..b389455f5d 100644
--- a/meta/recipes-graphics/freetype/freetype/use-right-libtool.patch
+++ b/meta/recipes-graphics/freetype/freetype/use-right-libtool.patch
@@ -1,3 +1,8 @@
+From 50499e4482d40cff2ef05905c658ba4380e7e6fc Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@intel.com>
+Date: Thu, 7 Jan 2016 21:13:07 +0000
+Subject: [PATCH] freetype: enable out-of-tree builds, and use host zlib
+
 Freetype think that it knows best about where libtool is, and explicitly the
 libtool autoconf macros telling it where to find the libtool script.  Of course
 we prefix the script with the target triplet, so it's wrong.  Fix this by
@@ -7,8 +12,20 @@ put libtool is used.
 Upstream-Status: Pending
 Signed-off-by: Ross Burton <ross.burton@intel.com>
 
---- freetype-2.6/builds/unix/unix-cc.in.orig	2016-01-07 19:21:45.244943479 +0000
-+++ freetype-2.6/builds/unix/unix-cc.in	2016-01-07 19:21:50.213112131 +0000
-@@ -19,1 +18,1 @@
+---
+ builds/unix/unix-cc.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/builds/unix/unix-cc.in b/builds/unix/unix-cc.in
+index 89be450..72609d3 100644
+--- a/builds/unix/unix-cc.in
++++ b/builds/unix/unix-cc.in
+@@ -16,7 +16,7 @@ CC           := @CC@
+ COMPILER_SEP := $(SEP)
+ FT_LIBTOOL_DIR ?= $(PLATFORM_DIR)
+ 
 -LIBTOOL := $(FT_LIBTOOL_DIR)/libtool
 +LIBTOOL := $(FT_LIBTOOL_DIR)/@LIBTOOL@ --tag CC
+ 
+ 
+ # The object file extension (for standard and static libraries).  This can be
diff --git a/meta/recipes-graphics/freetype/freetype_2.10.4.bb b/meta/recipes-graphics/freetype/freetype_2.11.0.bb
similarity index 91%
rename from meta/recipes-graphics/freetype/freetype_2.10.4.bb
rename to meta/recipes-graphics/freetype/freetype_2.11.0.bb
index 8462cd3511..2893e21fec 100644
--- a/meta/recipes-graphics/freetype/freetype_2.10.4.bb
+++ b/meta/recipes-graphics/freetype/freetype_2.11.0.bb
@@ -8,14 +8,14 @@ BUGTRACKER = "https://savannah.nongnu.org/bugs/?group=freetype"
 SECTION = "libs"
 
 LICENSE = "FreeType | GPLv2+"
-LIC_FILES_CHKSUM = "file://docs/LICENSE.TXT;md5=4af6221506f202774ef74f64932878a1 \
+LIC_FILES_CHKSUM = "file://LICENSE.TXT;md5=a5927784d823d443c6cae55701d01553 \
                     file://docs/FTL.TXT;md5=9f37b4e6afa3fef9dba8932b16bd3f97 \
                     file://docs/GPLv2.TXT;md5=8ef380476f642c20ebf40fecb0add2ec"
 
 SRC_URI = "${SAVANNAH_NONGNU_MIRROR}/${BPN}/${BP}.tar.xz \
            file://use-right-libtool.patch \
           "
-SRC_URI[sha256sum] = "86a854d8905b19698bbc8f23b860bc104246ce4854dcea8e3b0fb21284f75784"
+SRC_URI[sha256sum] = "8bee39bd3968c4804b70614a0a3ad597299ad0e824bc8aad5ce8aaf48067bde7"
 
 UPSTREAM_CHECK_REGEX = "freetype-(?P<pver>\d+(\.\d+)+)"
 
-- 
2.31.1

[PATCH 6/9] shadow: update 4.8.1 -> 4.9

[Alexander Kanavin]

Add a couple backports to fix builds.

Drop 0002-Allow-for-setting-password-in-clear-text.patch;
what it adds is horribly insecure and AB testing didn't reveal any
regressions or use cases for it.

Drop /etc/default/ tweaks as files are no longer installed there.

Drop manpage alternatives as manpages are no longer installed.

Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
---
 ...01-Disable-use-of-syslog-for-sysroot.patch |  29 +-
 ...builds-with-respect-to-libsubid-incl.patch | 114 +++++++
 .../0001-libsubid-link-to-PAM-libraries.patch |  31 ++
 ...w-for-setting-password-in-clear-text.patch | 301 ------------------
 ...nexpected-open-failure-in-chroot-env.patch |   6 +-
 meta/recipes-extended/shadow/shadow.inc       |  21 +-
 .../shadow/{shadow_4.8.1.bb => shadow_4.9.bb} |   0
 7 files changed, 167 insertions(+), 335 deletions(-)
 create mode 100644 meta/recipes-extended/shadow/files/0001-Fix-out-of-tree-builds-with-respect-to-libsubid-incl.patch
 create mode 100644 meta/recipes-extended/shadow/files/0001-libsubid-link-to-PAM-libraries.patch
 delete mode 100644 meta/recipes-extended/shadow/files/0002-Allow-for-setting-password-in-clear-text.patch
 rename meta/recipes-extended/shadow/{shadow_4.8.1.bb => shadow_4.9.bb} (100%)

diff --git a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch b/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch
index ab317b9aa0..95728bcd3f 100644
--- a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch
+++ b/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch
@@ -1,4 +1,4 @@
-From fa2d9453656641002802d8165e80adb9e6a729d2 Mon Sep 17 00:00:00 2001
+From 30a3906a0a21120fa6bbc918b6258ab9303fbeaa Mon Sep 17 00:00:00 2001
 From: Scott Garman <scott.a.garman@intel.com>
 Date: Thu, 14 Apr 2016 12:28:57 +0200
 Subject: [PATCH] Disable use of syslog for sysroot
@@ -19,12 +19,12 @@ Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
  src/groupmems.c | 3 +++
  src/groupmod.c  | 3 +++
  src/useradd.c   | 3 +++
- src/userdel.c   | 3 +++
+ src/userdel.c   | 4 ++++
  src/usermod.c   | 3 +++
- 7 files changed, 21 insertions(+)
+ 7 files changed, 22 insertions(+)
 
 diff --git a/src/groupadd.c b/src/groupadd.c
-index 2dd8eec..e9c4bb7 100644
+index d7f68b1..5fe5f43 100644
 --- a/src/groupadd.c
 +++ b/src/groupadd.c
 @@ -34,6 +34,9 @@
@@ -38,7 +38,7 @@ index 2dd8eec..e9c4bb7 100644
  #include <fcntl.h>
  #include <getopt.h>
 diff --git a/src/groupdel.c b/src/groupdel.c
-index f941a84..5a70056 100644
+index 5c89312..2aefc5a 100644
 --- a/src/groupdel.c
 +++ b/src/groupdel.c
 @@ -34,6 +34,9 @@
@@ -52,7 +52,7 @@ index f941a84..5a70056 100644
  #include <fcntl.h>
  #include <grp.h>
 diff --git a/src/groupmems.c b/src/groupmems.c
-index fc91c8b..2842514 100644
+index 654a8f3..6b2026b 100644
 --- a/src/groupmems.c
 +++ b/src/groupmems.c
 @@ -32,6 +32,9 @@
@@ -66,7 +66,7 @@ index fc91c8b..2842514 100644
  #include <getopt.h>
  #include <grp.h>
 diff --git a/src/groupmod.c b/src/groupmod.c
-index 1dca5fc..bc14438 100644
+index acd6f35..a2c5247 100644
 --- a/src/groupmod.c
 +++ b/src/groupmod.c
 @@ -34,6 +34,9 @@
@@ -80,7 +80,7 @@ index 1dca5fc..bc14438 100644
  #include <fcntl.h>
  #include <getopt.h>
 diff --git a/src/useradd.c b/src/useradd.c
-index 4af0f7c..1b7bf06 100644
+index 127177e..b80e505 100644
 --- a/src/useradd.c
 +++ b/src/useradd.c
 @@ -34,6 +34,9 @@
@@ -94,21 +94,22 @@ index 4af0f7c..1b7bf06 100644
  #include <ctype.h>
  #include <errno.h>
 diff --git a/src/userdel.c b/src/userdel.c
-index cc951e5..153e0be 100644
+index 79a7c89..c1e010a 100644
 --- a/src/userdel.c
 +++ b/src/userdel.c
-@@ -34,6 +34,9 @@
- 
- #ident "$Id$"
+@@ -31,6 +31,10 @@
+  */
  
+ #include <config.h>
++
 +/* Disable use of syslog since we're running this command against a sysroot */
 +#undef USE_SYSLOG
 +
  #include <assert.h>
+ #include <dirent.h>
  #include <errno.h>
- #include <fcntl.h>
 diff --git a/src/usermod.c b/src/usermod.c
-index 05b9871..21c6da9 100644
+index 03bb9b9..e15fdd4 100644
 --- a/src/usermod.c
 +++ b/src/usermod.c
 @@ -34,6 +34,9 @@
diff --git a/meta/recipes-extended/shadow/files/0001-Fix-out-of-tree-builds-with-respect-to-libsubid-incl.patch b/meta/recipes-extended/shadow/files/0001-Fix-out-of-tree-builds-with-respect-to-libsubid-incl.patch
new file mode 100644
index 0000000000..c577be6505
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/0001-Fix-out-of-tree-builds-with-respect-to-libsubid-incl.patch
@@ -0,0 +1,114 @@
+From eced8077b57946fe0b723e7c6c510e8f344ce89b Mon Sep 17 00:00:00 2001
+From: Serge Hallyn <serge@hallyn.com>
+Date: Fri, 23 Jul 2021 17:51:13 -0500
+Subject: [PATCH] Fix out of tree builds with respect to libsubid includes
+
+There's a better way to do this, and I hope to clean that up,
+but this fixes out of tree builds for me right now.
+
+Closes #386
+
+Signed-off-by: Serge Hallyn <serge@hallyn.com>
+Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/537b8cd90be7b47b45c45cfd27765ef85eb0ebf1]
+Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+---
+ lib/Makefile.am      | 2 ++
+ libmisc/Makefile.am  | 2 +-
+ libsubid/Makefile.am | 4 ++--
+ src/Makefile.am      | 6 ++++++
+ 4 files changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/lib/Makefile.am b/lib/Makefile.am
+index ecf3ee25..5ac2e111 100644
+--- a/lib/Makefile.am
++++ b/lib/Makefile.am
+@@ -10,6 +10,8 @@ if HAVE_VENDORDIR
+ libshadow_la_CPPFLAGS += -DVENDORDIR=\"$(VENDORDIR)\"
+ endif
+ 
++libshadow_la_CPPFLAGS += -I$(top_srcdir)
++
+ libshadow_la_SOURCES = \
+ 	commonio.c \
+ 	commonio.h \
+diff --git a/libmisc/Makefile.am b/libmisc/Makefile.am
+index 9766a7ec..9f237e0d 100644
+--- a/libmisc/Makefile.am
++++ b/libmisc/Makefile.am
+@@ -1,7 +1,7 @@
+ 
+ EXTRA_DIST = .indent.pro xgetXXbyYY.c
+ 
+-AM_CPPFLAGS = -I$(top_srcdir)/lib $(ECONF_CPPFLAGS)
++AM_CPPFLAGS = -I$(top_srcdir)/lib -I$(top_srcdir) $(ECONF_CPPFLAGS)
+ 
+ noinst_LTLIBRARIES = libmisc.la
+ 
+diff --git a/libsubid/Makefile.am b/libsubid/Makefile.am
+index 189165b0..cdc41fe6 100644
+--- a/libsubid/Makefile.am
++++ b/libsubid/Makefile.am
+@@ -19,8 +19,8 @@ MISCLIBS = \
+ 	$(LIBTCB)
+ 
+ libsubid_la_LIBADD = \
+-	$(top_srcdir)/lib/libshadow.la \
+-	$(top_srcdir)/libmisc/libmisc.la \
++	$(top_builddir)/lib/libshadow.la \
++	$(top_builddir)/libmisc/libmisc.la \
+ 	$(MISCLIBS) -ldl
+ 
+ AM_CPPFLAGS = \
+diff --git a/src/Makefile.am b/src/Makefile.am
+index 35027013..7c1a3491 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -10,6 +10,7 @@ sgidperms = 2755
+ AM_CPPFLAGS = \
+ 	-I${top_srcdir}/lib \
+ 	-I$(top_srcdir)/libmisc \
++	-I$(top_srcdir) \
+ 	-DLOCALEDIR=\"$(datadir)/locale\"
+ 
+ # XXX why are login and su in /bin anyway (other than for
+@@ -183,6 +184,7 @@ list_subid_ranges_LDADD = \
+ list_subid_ranges_CPPFLAGS = \
+ 	-I$(top_srcdir)/lib \
+ 	-I$(top_srcdir)/libmisc \
++	-I$(top_srcdir) \
+ 	-I$(top_srcdir)/libsubid
+ 
+ get_subid_owners_LDADD = \
+@@ -194,11 +196,13 @@ get_subid_owners_LDADD = \
+ get_subid_owners_CPPFLAGS = \
+ 	-I$(top_srcdir)/lib \
+ 	-I$(top_srcdir)/libmisc \
++	-I$(top_srcdir) \
+ 	-I$(top_srcdir)/libsubid
+ 
+ new_subid_range_CPPFLAGS = \
+ 	-I$(top_srcdir)/lib \
+ 	-I$(top_srcdir)/libmisc \
++	-I$(top_srcdir) \
+ 	-I$(top_srcdir)/libsubid
+ 
+ new_subid_range_LDADD = \
+@@ -210,6 +214,7 @@ new_subid_range_LDADD = \
+ free_subid_range_CPPFLAGS = \
+ 	-I$(top_srcdir)/lib \
+ 	-I$(top_srcdir)/libmisc \
++	-I$(top_srcdir) \
+ 	-I$(top_srcdir)/libsubid
+ 
+ free_subid_range_LDADD = \
+@@ -220,6 +225,7 @@ free_subid_range_LDADD = \
+ 
+ check_subid_range_CPPFLAGS = \
+ 	-I$(top_srcdir)/lib \
++	-I$(top_srcdir) \
+ 	-I$(top_srcdir)/libmisc
+ 
+ check_subid_range_LDADD = \
+-- 
+2.31.1
+
diff --git a/meta/recipes-extended/shadow/files/0001-libsubid-link-to-PAM-libraries.patch b/meta/recipes-extended/shadow/files/0001-libsubid-link-to-PAM-libraries.patch
new file mode 100644
index 0000000000..ea7a99dbf7
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/0001-libsubid-link-to-PAM-libraries.patch
@@ -0,0 +1,31 @@
+From 4f44617af3a0c59be267ac5fcc33586e3783f5e6 Mon Sep 17 00:00:00 2001
+From: Xi Ruoyao <xry111@mengyan1223.wang>
+Date: Fri, 23 Jul 2021 14:38:08 +0800
+Subject: [PATCH] libsubid: link to PAM libraries
+
+libsubid.so links to libmisc.a, which contains several routines referring to
+PAM functions.
+
+Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/f4a84efb468b8be21be124700ce35159c444e9d6]
+Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+---
+ libsubid/Makefile.am | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/libsubid/Makefile.am b/libsubid/Makefile.am
+index cdc41fe6..99308c1f 100644
+--- a/libsubid/Makefile.am
++++ b/libsubid/Makefile.am
+@@ -16,7 +16,8 @@ MISCLIBS = \
+ 	$(LIBCRYPT) \
+ 	$(LIBACL) \
+ 	$(LIBATTR) \
+-	$(LIBTCB)
++	$(LIBTCB) \
++	$(LIBPAM)
+ 
+ libsubid_la_LIBADD = \
+ 	$(top_builddir)/lib/libshadow.la \
+-- 
+2.31.1
+
diff --git a/meta/recipes-extended/shadow/files/0002-Allow-for-setting-password-in-clear-text.patch b/meta/recipes-extended/shadow/files/0002-Allow-for-setting-password-in-clear-text.patch
deleted file mode 100644
index c6332e4f76..0000000000
--- a/meta/recipes-extended/shadow/files/0002-Allow-for-setting-password-in-clear-text.patch
+++ /dev/null
@@ -1,301 +0,0 @@
-From a7d995228491ad5255ad86c1f04ba071f6880897 Mon Sep 17 00:00:00 2001
-From: Chen Qi <Qi.Chen@windriver.com>
-Date: Sat, 16 Nov 2013 15:27:47 +0800
-Subject: [PATCH] Allow for setting password in clear text
-
-Upstream-Status: Inappropriate [OE specific]
-
-Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
-
----
- src/Makefile.am |  8 ++++----
- src/groupadd.c  | 20 +++++++++++++++-----
- src/groupmod.c  | 20 +++++++++++++++-----
- src/useradd.c   | 21 +++++++++++++++------
- src/usermod.c   | 20 +++++++++++++++-----
- 5 files changed, 64 insertions(+), 25 deletions(-)
-
-diff --git a/src/Makefile.am b/src/Makefile.am
-index f31fd7a..4a317a3 100644
---- a/src/Makefile.am
-+++ b/src/Makefile.am
-@@ -103,10 +103,10 @@ chsh_LDADD     = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM)
- chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF)
- expiry_LDADD = $(LDADD) $(LIBECONF)
- gpasswd_LDADD  = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF)
--groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
-+groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) $(LIBCRYPT)
- groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
- groupmems_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
--groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
-+groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) $(LIBCRYPT)
- grpck_LDADD    = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
- grpconv_LDADD  = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
- grpunconv_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
-@@ -127,9 +127,9 @@ su_SOURCES     = \
- 	suauth.c
- su_LDADD       = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF)
- sulogin_LDADD  = $(LDADD) $(LIBCRYPT) $(LIBECONF)
--useradd_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF)
-+useradd_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) $(LIBCRYPT)
- userdel_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBECONF)
--usermod_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF)
-+usermod_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) $(LIBCRYPT)
- vipw_LDADD     = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
- 
- install-am: all-am
-diff --git a/src/groupadd.c b/src/groupadd.c
-index e9c4bb7..d572c00 100644
---- a/src/groupadd.c
-+++ b/src/groupadd.c
-@@ -127,9 +127,10 @@ static /*@noreturn@*/void usage (int status)
- 	(void) fputs (_("  -o, --non-unique              allow to create groups with duplicate\n"
- 	                "                                (non-unique) GID\n"), usageout);
- 	(void) fputs (_("  -p, --password PASSWORD       use this encrypted password for the new group\n"), usageout);
-+	(void) fputs (_("  -P, --clear-password PASSWORD use this clear password for the new group\n"), usageout);
- 	(void) fputs (_("  -r, --system                  create a system account\n"), usageout);
- 	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), usageout);
--	(void) fputs (_("  -P, --prefix PREFIX_DIR       directory prefix\n"), usageout);
-+	(void) fputs (_("  -A, --prefix PREFIX_DIR       directory prefix\n"), usageout);
- 	(void) fputs ("\n", usageout);
- 	exit (status);
- }
-@@ -391,13 +392,14 @@ static void process_flags (int argc, char **argv)
- 		{"key",        required_argument, NULL, 'K'},
- 		{"non-unique", no_argument,       NULL, 'o'},
- 		{"password",   required_argument, NULL, 'p'},
-+		{"clear-password", required_argument, NULL, 'P'},
- 		{"system",     no_argument,       NULL, 'r'},
- 		{"root",       required_argument, NULL, 'R'},
--		{"prefix",     required_argument, NULL, 'P'},
-+		{"prefix",     required_argument, NULL, 'A'},
- 		{NULL, 0, NULL, '\0'}
- 	};
- 
--	while ((c = getopt_long (argc, argv, "fg:hK:op:rR:P:",
-+	while ((c = getopt_long (argc, argv, "fg:hK:op:P:rR:A:",
- 		                 long_options, NULL)) != -1) {
- 		switch (c) {
- 		case 'f':
-@@ -449,12 +451,20 @@ static void process_flags (int argc, char **argv)
- 			pflg = true;
- 			group_passwd = optarg;
- 			break;
-+		case 'P':
-+			pflg = true;
-+			group_passwd = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
-+			break;
- 		case 'r':
- 			rflg = true;
- 			break;
- 		case 'R': /* no-op, handled in process_root_flag () */
- 			break;
--		case 'P': /* no-op, handled in process_prefix_flag () */
-+		case 'A': /* no-op, handled in process_prefix_flag () */
-+			fprintf (stderr,
-+				 _("%s: -A is deliberately not supported \n"),
-+				 Prog);
-+			exit (E_BAD_ARG);
- 			break;
- 		default:
- 			usage (E_USAGE);
-@@ -588,7 +598,7 @@ int main (int argc, char **argv)
- 	(void) textdomain (PACKAGE);
- 
- 	process_root_flag ("-R", argc, argv);
--	prefix = process_prefix_flag ("-P", argc, argv);
-+	prefix = process_prefix_flag ("-A", argc, argv);
- 
- 	OPENLOG ("groupadd");
- #ifdef WITH_AUDIT
-diff --git a/src/groupmod.c b/src/groupmod.c
-index bc14438..25ccb44 100644
---- a/src/groupmod.c
-+++ b/src/groupmod.c
-@@ -138,8 +138,9 @@ static void usage (int status)
- 	(void) fputs (_("  -o, --non-unique              allow to use a duplicate (non-unique) GID\n"), usageout);
- 	(void) fputs (_("  -p, --password PASSWORD       change the password to this (encrypted)\n"
- 	                "                                PASSWORD\n"), usageout);
-+	(void) fputs (_("  -P, --clear-password PASSWORD change the password to this clear PASSWORD\n"), usageout);
- 	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), usageout);
--	(void) fputs (_("  -P, --prefix PREFIX_DIR       prefix directory where are located the /etc/* files\n"), usageout);
-+	(void) fputs (_("  -A, --prefix PREFIX_DIR       prefix directory where are located the /etc/* files\n"), usageout);
- 	(void) fputs ("\n", usageout);
- 	exit (status);
- }
-@@ -387,11 +388,12 @@ static void process_flags (int argc, char **argv)
- 		{"new-name",   required_argument, NULL, 'n'},
- 		{"non-unique", no_argument,       NULL, 'o'},
- 		{"password",   required_argument, NULL, 'p'},
-+		{"clear-password", required_argument, NULL, 'P'},
- 		{"root",       required_argument, NULL, 'R'},
--		{"prefix",     required_argument, NULL, 'P'},
-+		{"prefix",     required_argument, NULL, 'A'},
- 		{NULL, 0, NULL, '\0'}
- 	};
--	while ((c = getopt_long (argc, argv, "g:hn:op:R:P:",
-+	while ((c = getopt_long (argc, argv, "g:hn:op:P:R:A:",
- 		                 long_options, NULL)) != -1) {
- 		switch (c) {
- 		case 'g':
-@@ -418,9 +420,17 @@ static void process_flags (int argc, char **argv)
- 			group_passwd = optarg;
- 			pflg = true;
- 			break;
-+		case 'P':
-+			group_passwd = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
-+			pflg = true;
-+			break;
- 		case 'R': /* no-op, handled in process_root_flag () */
- 			break;
--		case 'P': /* no-op, handled in process_prefix_flag () */
-+		case 'A': /* no-op, handled in process_prefix_flag () */
-+			fprintf (stderr,
-+				 _("%s: -A is deliberately not supported \n"),
-+				 Prog);
-+			exit (E_BAD_ARG);
- 			break;
- 		default:
- 			usage (E_USAGE);
-@@ -761,7 +771,7 @@ int main (int argc, char **argv)
- 	(void) textdomain (PACKAGE);
- 
- 	process_root_flag ("-R", argc, argv);
--	prefix = process_prefix_flag ("-P", argc, argv);
-+	prefix = process_prefix_flag ("-A", argc, argv);
- 
- 	OPENLOG ("groupmod");
- #ifdef WITH_AUDIT
-diff --git a/src/useradd.c b/src/useradd.c
-index 1b7bf06..44f09e2 100644
---- a/src/useradd.c
-+++ b/src/useradd.c
-@@ -853,9 +853,10 @@ static void usage (int status)
- 	(void) fputs (_("  -o, --non-unique              allow to create users with duplicate\n"
- 	                "                                (non-unique) UID\n"), usageout);
- 	(void) fputs (_("  -p, --password PASSWORD       encrypted password of the new account\n"), usageout);
-+	(void) fputs (_("  -P, --clear-password PASSWORD clear password of the new account\n"), usageout);
- 	(void) fputs (_("  -r, --system                  create a system account\n"), usageout);
- 	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), usageout);
--	(void) fputs (_("  -P, --prefix PREFIX_DIR       prefix directory where are located the /etc/* files\n"), usageout);
-+	(void) fputs (_("  -A, --prefix PREFIX_DIR       prefix directory where are located the /etc/* files\n"), usageout);
- 	(void) fputs (_("  -s, --shell SHELL             login shell of the new account\n"), usageout);
- 	(void) fputs (_("  -u, --uid UID                 user ID of the new account\n"), usageout);
- 	(void) fputs (_("  -U, --user-group              create a group with the same name as the user\n"), usageout);
-@@ -1133,9 +1134,10 @@ static void process_flags (int argc, char **argv)
- 			{"no-user-group",  no_argument,       NULL, 'N'},
- 			{"non-unique",     no_argument,       NULL, 'o'},
- 			{"password",       required_argument, NULL, 'p'},
-+			{"clear-password", required_argument, NULL, 'P'},
- 			{"system",         no_argument,       NULL, 'r'},
- 			{"root",           required_argument, NULL, 'R'},
--			{"prefix",         required_argument, NULL, 'P'},
-+			{"prefix",         required_argument, NULL, 'A'},
- 			{"shell",          required_argument, NULL, 's'},
- 			{"uid",            required_argument, NULL, 'u'},
- 			{"user-group",     no_argument,       NULL, 'U'},
-@@ -1146,9 +1148,9 @@ static void process_flags (int argc, char **argv)
- 		};
- 		while ((c = getopt_long (argc, argv,
- #ifdef WITH_SELINUX
--		                         "b:c:d:De:f:g:G:hk:K:lmMNop:rR:P:s:u:UZ:",
-+		                         "b:c:d:De:f:g:G:hk:K:lmMNop:P:rR:A:s:u:UZ:",
- #else				/* !WITH_SELINUX */
--		                         "b:c:d:De:f:g:G:hk:K:lmMNop:rR:P:s:u:U",
-+		                         "b:c:d:De:f:g:G:hk:K:lmMNop:P:rR:A:s:u:U",
- #endif				/* !WITH_SELINUX */
- 		                         long_options, NULL)) != -1) {
- 			switch (c) {
-@@ -1320,12 +1322,19 @@ static void process_flags (int argc, char **argv)
- 				}
- 				user_pass = optarg;
- 				break;
-+			case 'P': /* set clear text password */
-+				user_pass = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
-+				break;
- 			case 'r':
- 				rflg = true;
- 				break;
- 			case 'R': /* no-op, handled in process_root_flag () */
- 				break;
--			case 'P': /* no-op, handled in process_prefix_flag () */
-+			case 'A': /* no-op, handled in process_prefix_flag () */
-+				fprintf (stderr,
-+					 _("%s: -A is deliberately not supported \n"),
-+					 Prog);
-+				exit (E_BAD_ARG);
- 				break;
- 			case 's':
- 				if (   ( !VALID (optarg) )
-@@ -2257,7 +2266,7 @@ int main (int argc, char **argv)
- 
- 	process_root_flag ("-R", argc, argv);
- 
--	prefix = process_prefix_flag("-P", argc, argv);
-+	prefix = process_prefix_flag("-A", argc, argv);
- 
- 	OPENLOG ("useradd");
- #ifdef WITH_AUDIT
-diff --git a/src/usermod.c b/src/usermod.c
-index 21c6da9..cffdb3e 100644
---- a/src/usermod.c
-+++ b/src/usermod.c
-@@ -431,8 +431,9 @@ static /*@noreturn@*/void usage (int status)
- 	                "                                new location (use only with -d)\n"), usageout);
- 	(void) fputs (_("  -o, --non-unique              allow using duplicate (non-unique) UID\n"), usageout);
- 	(void) fputs (_("  -p, --password PASSWORD       use encrypted password for the new password\n"), usageout);
-+	(void) fputs (_("  -P, --clear-password PASSWORD use clear password for the new password\n"), usageout);
- 	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), usageout);
--	(void) fputs (_("  -P, --prefix PREFIX_DIR       prefix directory where are located the /etc/* files\n"), usageout);
-+	(void) fputs (_("  -A, --prefix PREFIX_DIR       prefix directory where are located the /etc/* files\n"), usageout);
- 	(void) fputs (_("  -s, --shell SHELL             new login shell for the user account\n"), usageout);
- 	(void) fputs (_("  -u, --uid UID                 new UID for the user account\n"), usageout);
- 	(void) fputs (_("  -U, --unlock                  unlock the user account\n"), usageout);
-@@ -1010,8 +1011,9 @@ static void process_flags (int argc, char **argv)
- 			{"move-home",    no_argument,       NULL, 'm'},
- 			{"non-unique",   no_argument,       NULL, 'o'},
- 			{"password",     required_argument, NULL, 'p'},
-+			{"clear-password", required_argument, NULL, 'P'},
- 			{"root",         required_argument, NULL, 'R'},
--			{"prefix",       required_argument, NULL, 'P'},
-+			{"prefix",       required_argument, NULL, 'A'},
- 			{"shell",        required_argument, NULL, 's'},
- 			{"uid",          required_argument, NULL, 'u'},
- 			{"unlock",       no_argument,       NULL, 'U'},
-@@ -1027,7 +1029,7 @@ static void process_flags (int argc, char **argv)
- 			{NULL, 0, NULL, '\0'}
- 		};
- 		while ((c = getopt_long (argc, argv,
--		                         "abc:d:e:f:g:G:hl:Lmop:R:s:u:UP:"
-+		                         "abc:d:e:f:g:G:hl:Lmop:P:R:s:u:UA:"
- #ifdef ENABLE_SUBIDS
- 		                         "v:w:V:W:"
- #endif				/* ENABLE_SUBIDS */
-@@ -1130,9 +1132,17 @@ static void process_flags (int argc, char **argv)
- 				user_pass = optarg;
- 				pflg = true;
- 				break;
-+			case 'P':
-+				user_pass = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
-+				pflg = true;
-+				break;
- 			case 'R': /* no-op, handled in process_root_flag () */
- 				break;
--			case 'P': /* no-op, handled in process_prefix_flag () */
-+			case 'A': /* no-op, handled in process_prefix_flag () */
-+				fprintf (stderr,
-+					 _("%s: -A is deliberately not supported \n"),
-+					 Prog);
-+				exit (E_BAD_ARG);
- 				break;
- 			case 's':
- 				if (!VALID (optarg)) {
-@@ -2127,7 +2137,7 @@ int main (int argc, char **argv)
- 	(void) textdomain (PACKAGE);
- 
- 	process_root_flag ("-R", argc, argv);
--	prefix = process_prefix_flag ("-P", argc, argv);
-+	prefix = process_prefix_flag ("-A", argc, argv);
- 
- 	OPENLOG ("usermod");
- #ifdef WITH_AUDIT
diff --git a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch
index 9825216369..bd24626a26 100644
--- a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch
+++ b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch
@@ -1,4 +1,4 @@
-From 66533c7c6f347d257020675a1ed6e0c59cbbc3f0 Mon Sep 17 00:00:00 2001
+From 1422c24f7266b553c82100e3d18a10c55cd91063 Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Thu, 17 Jul 2014 15:53:34 +0800
 Subject: [PATCH] commonio.c-fix-unexpected-open-failure-in-chroot-env
@@ -21,10 +21,10 @@ Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
  1 file changed, 12 insertions(+), 4 deletions(-)
 
 diff --git a/lib/commonio.c b/lib/commonio.c
-index 16fa7e7..d6bc297 100644
+index cef404b..66908fb 100644
 --- a/lib/commonio.c
 +++ b/lib/commonio.c
-@@ -632,10 +632,18 @@ int commonio_open (struct commonio_db *db, int mode)
+@@ -646,10 +646,18 @@ int commonio_open (struct commonio_db *db, int mode)
  	db->cursor = NULL;
  	db->changed = false;
  
diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc
index 2cbdfbc1cf..51d2ca5f16 100644
--- a/meta/recipes-extended/shadow/shadow.inc
+++ b/meta/recipes-extended/shadow/shadow.inc
@@ -10,10 +10,12 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=ed80ff1c2b40843cf5768e5229cf16e5 \
 DEPENDS = "virtual/crypt"
 
 UPSTREAM_CHECK_URI = "https://github.com/shadow-maint/shadow/releases"
-SRC_URI = "https://github.com/shadow-maint/shadow/releases/download/${PV}/${BP}.tar.gz \
+SRC_URI = "https://github.com/shadow-maint/shadow/releases/download/v${PV}/${BP}.tar.gz \
            file://shadow-4.1.3-dots-in-usernames.patch \
            ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \
            file://shadow-relaxed-usernames.patch \
+           file://0001-Fix-out-of-tree-builds-with-respect-to-libsubid-incl.patch \
+           file://0001-libsubid-link-to-PAM-libraries.patch \
            "
 
 SRC_URI_append_class-target = " \
@@ -23,15 +25,13 @@ SRC_URI_append_class-target = " \
 
 SRC_URI_append_class-native = " \
            file://0001-Disable-use-of-syslog-for-sysroot.patch \
-           file://0002-Allow-for-setting-password-in-clear-text.patch \
            file://commonio.c-fix-unexpected-open-failure-in-chroot-env.patch \
            "
 SRC_URI_append_class-nativesdk = " \
            file://0001-Disable-use-of-syslog-for-sysroot.patch \
            "
 
-SRC_URI[md5sum] = "3d97f11e66bfb0b14702b115fa8be480"
-SRC_URI[sha256sum] = "3ee3081fbbcbcfea5c8916419e46bc724807bab271072104f23e7a29e9668f3a"
+SRC_URI[sha256sum] = "6c4627ff9c9422b96664517ae753c944f2902e92809d0698b65f5fef11985212"
 
 # Additional Policy files for PAM
 PAM_SRC_URI = "file://pam.d/chfn \
@@ -115,12 +115,6 @@ do_install() {
 	# Use proper encryption for passwords
 	sed -i 's/^#ENCRYPT_METHOD.*$/ENCRYPT_METHOD SHA512/' ${D}${sysconfdir}/login.defs
 
-	# Now we don't have a mail system. Disable mail creation for now.
-	sed -i 's:/bin/bash:/bin/sh:g' ${D}${sysconfdir}/default/useradd
-	sed -i '/^CREATE_MAIL_SPOOL/ s:^:#:' ${D}${sysconfdir}/default/useradd
-
-	# Use users group by default
-	sed -i 's,^GROUP=1000,GROUP=100,g' ${D}${sysconfdir}/default/useradd
 }
 
 do_install_append() {
@@ -184,13 +178,6 @@ ALTERNATIVE_${PN}-base = "newgrp groups login su"
 ALTERNATIVE_LINK_NAME[login] = "${base_bindir}/login"
 ALTERNATIVE_LINK_NAME[su] = "${base_bindir}/su"
 
-ALTERNATIVE_${PN}-doc = "passwd.5 getspnam.3 groups.1 su.1 nologin.8"
-ALTERNATIVE_LINK_NAME[passwd.5] = "${mandir}/man5/passwd.5"
-ALTERNATIVE_LINK_NAME[getspnam.3] = "${mandir}/man3/getspnam.3"
-ALTERNATIVE_LINK_NAME[groups.1] = "${mandir}/man1/groups.1"
-ALTERNATIVE_LINK_NAME[su.1] = "${mandir}/man1/su.1"
-ALTERNATIVE_LINK_NAME[nologin.8] = "${mandir}/man8/nologin.8"
-
 PACKAGE_WRITE_DEPS += "shadow-native"
 pkg_postinst_${PN}_class-target () {
 	if [ "x$D" != "x" ]; then
diff --git a/meta/recipes-extended/shadow/shadow_4.8.1.bb b/meta/recipes-extended/shadow/shadow_4.9.bb
similarity index 100%
rename from meta/recipes-extended/shadow/shadow_4.8.1.bb
rename to meta/recipes-extended/shadow/shadow_4.9.bb
-- 
2.31.1

[PATCH 7/9] devtool: print a warning on upgrades if PREFERRED_VERSION is set

[Alexander Kanavin]

Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
---
 scripts/lib/devtool/upgrade.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/scripts/lib/devtool/upgrade.py b/scripts/lib/devtool/upgrade.py
index da1456a01a..65e19853dc 100644
--- a/scripts/lib/devtool/upgrade.py
+++ b/scripts/lib/devtool/upgrade.py
@@ -583,6 +583,9 @@ def upgrade(args, config, basepath, workspace):
         logger.info('New recipe is %s' % rf)
         if license_diff:
             logger.info('License checksums have been updated in the new recipe; please refer to it for the difference between the old and the new license texts.')
+        preferred_version = rd.getVar('PREFERRED_VERSION_%s' % rd.getVar('PN'))
+        if preferred_version:
+            logger.warning('Version is pinned to %s via PREFERRED_VERSION; it may need adjustment to match the new version before any further steps are taken' % preferred_version)
     finally:
         tinfoil.shutdown()
     return 0
-- 
2.31.1

[PATCH 8/9] rpm: do not RRECOMMEND rpm-build

[Alexander Kanavin]

This avoids pulling in perl, python and (especially) bash;
rpm building functionality should be neither hard nor soft
dependency of rpm package management.

Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
---
 meta/recipes-devtools/rpm/rpm_4.16.1.3.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/rpm/rpm_4.16.1.3.bb b/meta/recipes-devtools/rpm/rpm_4.16.1.3.bb
index 95a6f5cf71..33834eca9f 100644
--- a/meta/recipes-devtools/rpm/rpm_4.16.1.3.bb
+++ b/meta/recipes-devtools/rpm/rpm_4.16.1.3.bb
@@ -148,7 +148,7 @@ FILES_${PN}-dev += "${libdir}/rpm-plugins/*.la \
                     "
 PACKAGE_BEFORE_PN += "${PN}-build ${PN}-sign ${PN}-archive"
 
-RRECOMMENDS_${PN} += "rpm-build rpm-sign rpm-archive"
+RRECOMMENDS_${PN} += "rpm-sign rpm-archive"
 
 FILES_${PN}-build = "\
     ${bindir}/rpmbuild \
-- 
2.31.1

[PATCH 9/9] selftest: add core-image-weston to no-gpl3-no-meta-gpl2 image test

[Alexander Kanavin]

This demonstrates more of the tricks and techniques that can be used
to achieve gpl3-free images withough having to roll back to ancient
versions of various core items via meta-gpl2.

Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
---
 .../oeqa/selftest/cases/incompatible_lic.py   | 28 +++++++++++++------
 1 file changed, 20 insertions(+), 8 deletions(-)

diff --git a/meta/lib/oeqa/selftest/cases/incompatible_lic.py b/meta/lib/oeqa/selftest/cases/incompatible_lic.py
index 152da6332a..6944becb58 100644
--- a/meta/lib/oeqa/selftest/cases/incompatible_lic.py
+++ b/meta/lib/oeqa/selftest/cases/incompatible_lic.py
@@ -122,14 +122,26 @@ INCOMPATIBLE_LICENSE_pn-core-image-minimal = "GPL-3.0 LGPL-3.0"
 """)
         bitbake('core-image-minimal')
 
-    def test_core_image_full_cmdline(self):
+    def test_core_image_full_cmdline_weston(self):
         self.write_config("""
-INHERIT += "testimage"\n
-INCOMPATIBLE_LICENSE_pn-core-image-full-cmdline = "GPL-3.0 LGPL-3.0"\n
-RDEPENDS_packagegroup-core-full-cmdline-utils_remove = "bash bc coreutils cpio ed findutils gawk grep mc mc-fish mc-helpers mc-helpers-perl sed tar time"\n
-RDEPENDS_packagegroup-core-full-cmdline-dev-utils_remove = "diffutils m4 make patch"\n
-RDEPENDS_packagegroup-core-full-cmdline-multiuser_remove = "gzip"\n
+INHERIT += "testimage"
+INCOMPATIBLE_LICENSE_pn-core-image-full-cmdline = "GPL-3.0 LGPL-3.0"
+INCOMPATIBLE_LICENSE_pn-core-image-weston = "GPL-3.0 LGPL-3.0"
+# Settings for full-cmdline
+RDEPENDS_packagegroup-core-full-cmdline-utils_remove = "bash bc coreutils cpio ed findutils gawk grep mc mc-fish mc-helpers mc-helpers-perl sed tar time"
+RDEPENDS_packagegroup-core-full-cmdline-dev-utils_remove = "diffutils m4 make patch"
+RDEPENDS_packagegroup-core-full-cmdline-multiuser_remove = "gzip"
+# Settings for weston
+# direct gpl3 dependencies
+RRECOMMENDS_packagegroup-base-vfat_remove = "dosfstools"
+PACKAGECONFIG_remove_pn-bluez5 = "readline"
+# dnf pulls in gpg which is gpl3; it also pulls in python3-rpm which pulls in rpm-build which pulls in bash
+# so install rpm but not dnf
+IMAGE_FEATURES_remove_pn-core-image-weston = "package-management"
+CORE_IMAGE_EXTRA_INSTALL_pn-core-image-weston += "rpm"
+# matchbox-terminal depends on vte, which is gpl3
+CORE_IMAGE_BASE_INSTALL_remove_pn-core-image-weston = "matchbox-terminal"
 """)
-        bitbake('core-image-full-cmdline')
-        bitbake('-c testimage core-image-full-cmdline')
+        bitbake('core-image-full-cmdline core-image-weston')
+        bitbake('-c testimage core-image-full-cmdline core-image-weston')
 
-- 
2.31.1

Re: [OE-core] [PATCH 4/9] iputils: update 20210202 -> 20210722

[Martin Jansa]

[-- Attachment #1: Type: text/plain, Size: 3802 bytes --]

This upgrade causes iputils to fail building on hosts without ip:

../git/ping/meson.build:38:0: ERROR: Program or command 'ip' not found or
not executable

It would need
https://github.com/iputils/iputils/commit/3163c49f9f4ad473a00d8a345ee334a028376011
and -DSKIP_TESTS=true

On Fri, Jul 30, 2021 at 1:45 PM Alexander Kanavin <alex.kanavin@gmail.com>
wrote:

> Drop rdisc part from 0001-rarpd-rdisc-Drop-PrivateUsers.patch
> as it's been fixed upstream; rarpd still isn't.
>
> Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
> ---
>  .../0001-rarpd-rdisc-Drop-PrivateUsers.patch  | 31 ++++---------------
>  ...putils_20210202.bb => iputils_20210722.bb} |  2 +-
>  2 files changed, 7 insertions(+), 26 deletions(-)
>  rename meta/recipes-extended/iputils/{iputils_20210202.bb =>
> iputils_20210722.bb} (98%)
>
> diff --git
> a/meta/recipes-extended/iputils/iputils/0001-rarpd-rdisc-Drop-PrivateUsers.patch
> b/meta/recipes-extended/iputils/iputils/0001-rarpd-rdisc-Drop-PrivateUsers.patch
> index d7367caf78..c61e39dc80 100644
> ---
> a/meta/recipes-extended/iputils/iputils/0001-rarpd-rdisc-Drop-PrivateUsers.patch
> +++
> b/meta/recipes-extended/iputils/iputils/0001-rarpd-rdisc-Drop-PrivateUsers.patch
> @@ -1,20 +1,20 @@
> -From 6e51d529988cfc0bb357751fd767e9f1478e2b81 Mon Sep 17 00:00:00 2001
> +From dfeeb3f1328d09f516edeb6349bd63e3c87f9397 Mon Sep 17 00:00:00 2001
>  From: Alex Kiernan <alex.kiernan@gmail.com>
>  Date: Thu, 13 Feb 2020 06:08:45 +0000
> -Subject: [PATCH] rarpd: rdisc: Drop PrivateUsers
> +Subject: [PATCH] rarpd:Drop PrivateUsers
>
> -Neither rarpd nor rdisc can gain the necessary capabilities with
> +rarpd cannot gain the necessary capabilities with
>  PrivateUsers enabled.
>
>  Upstream-Status: Pending
>  Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
> +
>  ---
>   systemd/rarpd.service.in | 1 -
> - systemd/rdisc.service.in | 3 ++-
> - 2 files changed, 2 insertions(+), 2 deletions(-)
> + 1 file changed, 1 deletion(-)
>
>  diff --git a/systemd/rarpd.service.in b/systemd/rarpd.service.in
> -index e600c10c93e6..f5d7621a7ce8 100644
> +index e600c10..f5d7621 100644
>  --- a/systemd/rarpd.service.in
>  +++ b/systemd/rarpd.service.in
>  @@ -12,7 +12,6 @@ AmbientCapabilities=CAP_NET_RAW
> @@ -25,22 +25,3 @@ index e600c10c93e6..f5d7621a7ce8 100644
>   ProtectSystem=strict
>   ProtectHome=yes
>   ProtectControlGroups=yes
> -diff --git a/systemd/rdisc.service.in b/systemd/rdisc.service.in
> -index 4e2a1ec9d0e5..a71b87d36b37 100644
> ---- a/systemd/rdisc.service.in
> -+++ b/systemd/rdisc.service.in
> -@@ -8,9 +8,10 @@ After=network.target
> - EnvironmentFile=-/etc/sysconfig/rdisc
> - ExecStart=@sbindir@/rdisc -f -t $OPTIONS $SEND_ADDRESS $RECEIVE_ADDRESS
> -
> -+CapabilityBoundingSet=CAP_NET_RAW
> - AmbientCapabilities=CAP_NET_RAW
> - PrivateTmp=yes
> --PrivateUsers=yes
> -+DynamicUser=yes
> - ProtectSystem=strict
> - ProtectHome=yes
> - ProtectControlGroups=yes
> ---
> -2.17.1
> -
> diff --git a/meta/recipes-extended/iputils/iputils_20210202.bb
> b/meta/recipes-extended/iputils/iputils_20210722.bb
> similarity index 98%
> rename from meta/recipes-extended/iputils/iputils_20210202.bb
> rename to meta/recipes-extended/iputils/iputils_20210722.bb
> index 02a303782e..b5a774073e 100644
> --- a/meta/recipes-extended/iputils/iputils_20210202.bb
> +++ b/meta/recipes-extended/iputils/iputils_20210722.bb
> @@ -13,7 +13,7 @@ DEPENDS = "gnutls"
>  SRC_URI = "git://github.com/iputils/iputils \
>             file://0001-rarpd-rdisc-Drop-PrivateUsers.patch \
>             "
> -SRCREV = "cc16da6b574ce6637f3e6e9ab3c1a728663006ff"
> +SRCREV = "71bb2a6c72e9f658e90ac618c73d873a76bbaa81"
>
>  S = "${WORKDIR}/git"
>
> --
> 2.31.1
>
>
> 
>
>

[-- Attachment #2: Type: text/html, Size: 6221 bytes --]

Re: [OE-core] [PATCH 6/9] shadow: update 4.8.1 -> 4.9

[Yi Zhao]

[-- Attachment #1: Type: text/plain, Size: 30357 bytes --]


On 7/30/21 7:45 PM, Alexander Kanavin wrote:
> Add a couple backports to fix builds.
>
> Drop 0002-Allow-for-setting-password-in-clear-text.patch;
> what it adds is horribly insecure and AB testing didn't reveal any
> regressions or use cases for it.

Dropping this patch makes the password setting function in 
extrausers.bbclass unavailable:
https://docs.yoctoproject.org/singleindex.html#extrausers-bbclass


//Yi


>
> Drop /etc/default/ tweaks as files are no longer installed there.
>
> Drop manpage alternatives as manpages are no longer installed.
>
> Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
> ---
>   ...01-Disable-use-of-syslog-for-sysroot.patch |  29 +-
>   ...builds-with-respect-to-libsubid-incl.patch | 114 +++++++
>   .../0001-libsubid-link-to-PAM-libraries.patch |  31 ++
>   ...w-for-setting-password-in-clear-text.patch | 301 ------------------
>   ...nexpected-open-failure-in-chroot-env.patch |   6 +-
>   meta/recipes-extended/shadow/shadow.inc       |  21 +-
>   .../shadow/{shadow_4.8.1.bb => shadow_4.9.bb} |   0
>   7 files changed, 167 insertions(+), 335 deletions(-)
>   create mode 100644 meta/recipes-extended/shadow/files/0001-Fix-out-of-tree-builds-with-respect-to-libsubid-incl.patch
>   create mode 100644 meta/recipes-extended/shadow/files/0001-libsubid-link-to-PAM-libraries.patch
>   delete mode 100644 meta/recipes-extended/shadow/files/0002-Allow-for-setting-password-in-clear-text.patch
>   rename meta/recipes-extended/shadow/{shadow_4.8.1.bb => shadow_4.9.bb} (100%)
>
> diff --git a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch b/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch
> index ab317b9aa0..95728bcd3f 100644
> --- a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch
> +++ b/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch
> @@ -1,4 +1,4 @@
> -From fa2d9453656641002802d8165e80adb9e6a729d2 Mon Sep 17 00:00:00 2001
> +From 30a3906a0a21120fa6bbc918b6258ab9303fbeaa Mon Sep 17 00:00:00 2001
>   From: Scott Garman <scott.a.garman@intel.com>
>   Date: Thu, 14 Apr 2016 12:28:57 +0200
>   Subject: [PATCH] Disable use of syslog for sysroot
> @@ -19,12 +19,12 @@ Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
>    src/groupmems.c | 3 +++
>    src/groupmod.c  | 3 +++
>    src/useradd.c   | 3 +++
> - src/userdel.c   | 3 +++
> + src/userdel.c   | 4 ++++
>    src/usermod.c   | 3 +++
> - 7 files changed, 21 insertions(+)
> + 7 files changed, 22 insertions(+)
>   
>   diff --git a/src/groupadd.c b/src/groupadd.c
> -index 2dd8eec..e9c4bb7 100644
> +index d7f68b1..5fe5f43 100644
>   --- a/src/groupadd.c
>   +++ b/src/groupadd.c
>   @@ -34,6 +34,9 @@
> @@ -38,7 +38,7 @@ index 2dd8eec..e9c4bb7 100644
>    #include <fcntl.h>
>    #include <getopt.h>
>   diff --git a/src/groupdel.c b/src/groupdel.c
> -index f941a84..5a70056 100644
> +index 5c89312..2aefc5a 100644
>   --- a/src/groupdel.c
>   +++ b/src/groupdel.c
>   @@ -34,6 +34,9 @@
> @@ -52,7 +52,7 @@ index f941a84..5a70056 100644
>    #include <fcntl.h>
>    #include <grp.h>
>   diff --git a/src/groupmems.c b/src/groupmems.c
> -index fc91c8b..2842514 100644
> +index 654a8f3..6b2026b 100644
>   --- a/src/groupmems.c
>   +++ b/src/groupmems.c
>   @@ -32,6 +32,9 @@
> @@ -66,7 +66,7 @@ index fc91c8b..2842514 100644
>    #include <getopt.h>
>    #include <grp.h>
>   diff --git a/src/groupmod.c b/src/groupmod.c
> -index 1dca5fc..bc14438 100644
> +index acd6f35..a2c5247 100644
>   --- a/src/groupmod.c
>   +++ b/src/groupmod.c
>   @@ -34,6 +34,9 @@
> @@ -80,7 +80,7 @@ index 1dca5fc..bc14438 100644
>    #include <fcntl.h>
>    #include <getopt.h>
>   diff --git a/src/useradd.c b/src/useradd.c
> -index 4af0f7c..1b7bf06 100644
> +index 127177e..b80e505 100644
>   --- a/src/useradd.c
>   +++ b/src/useradd.c
>   @@ -34,6 +34,9 @@
> @@ -94,21 +94,22 @@ index 4af0f7c..1b7bf06 100644
>    #include <ctype.h>
>    #include <errno.h>
>   diff --git a/src/userdel.c b/src/userdel.c
> -index cc951e5..153e0be 100644
> +index 79a7c89..c1e010a 100644
>   --- a/src/userdel.c
>   +++ b/src/userdel.c
> -@@ -34,6 +34,9 @@
> -
> - #ident "$Id$"
> +@@ -31,6 +31,10 @@
> +  */
>    
> + #include <config.h>
> ++
>   +/* Disable use of syslog since we're running this command against a sysroot */
>   +#undef USE_SYSLOG
>   +
>    #include <assert.h>
> + #include <dirent.h>
>    #include <errno.h>
> - #include <fcntl.h>
>   diff --git a/src/usermod.c b/src/usermod.c
> -index 05b9871..21c6da9 100644
> +index 03bb9b9..e15fdd4 100644
>   --- a/src/usermod.c
>   +++ b/src/usermod.c
>   @@ -34,6 +34,9 @@
> diff --git a/meta/recipes-extended/shadow/files/0001-Fix-out-of-tree-builds-with-respect-to-libsubid-incl.patch b/meta/recipes-extended/shadow/files/0001-Fix-out-of-tree-builds-with-respect-to-libsubid-incl.patch
> new file mode 100644
> index 0000000000..c577be6505
> --- /dev/null
> +++ b/meta/recipes-extended/shadow/files/0001-Fix-out-of-tree-builds-with-respect-to-libsubid-incl.patch
> @@ -0,0 +1,114 @@
> +From eced8077b57946fe0b723e7c6c510e8f344ce89b Mon Sep 17 00:00:00 2001
> +From: Serge Hallyn <serge@hallyn.com>
> +Date: Fri, 23 Jul 2021 17:51:13 -0500
> +Subject: [PATCH] Fix out of tree builds with respect to libsubid includes
> +
> +There's a better way to do this, and I hope to clean that up,
> +but this fixes out of tree builds for me right now.
> +
> +Closes #386
> +
> +Signed-off-by: Serge Hallyn <serge@hallyn.com>
> +Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/537b8cd90be7b47b45c45cfd27765ef85eb0ebf1]
> +Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
> +---
> + lib/Makefile.am      | 2 ++
> + libmisc/Makefile.am  | 2 +-
> + libsubid/Makefile.am | 4 ++--
> + src/Makefile.am      | 6 ++++++
> + 4 files changed, 11 insertions(+), 3 deletions(-)
> +
> +diff --git a/lib/Makefile.am b/lib/Makefile.am
> +index ecf3ee25..5ac2e111 100644
> +--- a/lib/Makefile.am
> ++++ b/lib/Makefile.am
> +@@ -10,6 +10,8 @@ if HAVE_VENDORDIR
> + libshadow_la_CPPFLAGS += -DVENDORDIR=\"$(VENDORDIR)\"
> + endif
> +
> ++libshadow_la_CPPFLAGS += -I$(top_srcdir)
> ++
> + libshadow_la_SOURCES = \
> + 	commonio.c \
> + 	commonio.h \
> +diff --git a/libmisc/Makefile.am b/libmisc/Makefile.am
> +index 9766a7ec..9f237e0d 100644
> +--- a/libmisc/Makefile.am
> ++++ b/libmisc/Makefile.am
> +@@ -1,7 +1,7 @@
> +
> + EXTRA_DIST = .indent.pro xgetXXbyYY.c
> +
> +-AM_CPPFLAGS = -I$(top_srcdir)/lib $(ECONF_CPPFLAGS)
> ++AM_CPPFLAGS = -I$(top_srcdir)/lib -I$(top_srcdir) $(ECONF_CPPFLAGS)
> +
> + noinst_LTLIBRARIES = libmisc.la
> +
> +diff --git a/libsubid/Makefile.am b/libsubid/Makefile.am
> +index 189165b0..cdc41fe6 100644
> +--- a/libsubid/Makefile.am
> ++++ b/libsubid/Makefile.am
> +@@ -19,8 +19,8 @@ MISCLIBS = \
> + 	$(LIBTCB)
> +
> + libsubid_la_LIBADD = \
> +-	$(top_srcdir)/lib/libshadow.la \
> +-	$(top_srcdir)/libmisc/libmisc.la \
> ++	$(top_builddir)/lib/libshadow.la \
> ++	$(top_builddir)/libmisc/libmisc.la \
> + 	$(MISCLIBS) -ldl
> +
> + AM_CPPFLAGS = \
> +diff --git a/src/Makefile.am b/src/Makefile.am
> +index 35027013..7c1a3491 100644
> +--- a/src/Makefile.am
> ++++ b/src/Makefile.am
> +@@ -10,6 +10,7 @@ sgidperms = 2755
> + AM_CPPFLAGS = \
> + 	-I${top_srcdir}/lib \
> + 	-I$(top_srcdir)/libmisc \
> ++	-I$(top_srcdir) \
> + 	-DLOCALEDIR=\"$(datadir)/locale\"
> +
> + # XXX why are login and su in /bin anyway (other than for
> +@@ -183,6 +184,7 @@ list_subid_ranges_LDADD = \
> + list_subid_ranges_CPPFLAGS = \
> + 	-I$(top_srcdir)/lib \
> + 	-I$(top_srcdir)/libmisc \
> ++	-I$(top_srcdir) \
> + 	-I$(top_srcdir)/libsubid
> +
> + get_subid_owners_LDADD = \
> +@@ -194,11 +196,13 @@ get_subid_owners_LDADD = \
> + get_subid_owners_CPPFLAGS = \
> + 	-I$(top_srcdir)/lib \
> + 	-I$(top_srcdir)/libmisc \
> ++	-I$(top_srcdir) \
> + 	-I$(top_srcdir)/libsubid
> +
> + new_subid_range_CPPFLAGS = \
> + 	-I$(top_srcdir)/lib \
> + 	-I$(top_srcdir)/libmisc \
> ++	-I$(top_srcdir) \
> + 	-I$(top_srcdir)/libsubid
> +
> + new_subid_range_LDADD = \
> +@@ -210,6 +214,7 @@ new_subid_range_LDADD = \
> + free_subid_range_CPPFLAGS = \
> + 	-I$(top_srcdir)/lib \
> + 	-I$(top_srcdir)/libmisc \
> ++	-I$(top_srcdir) \
> + 	-I$(top_srcdir)/libsubid
> +
> + free_subid_range_LDADD = \
> +@@ -220,6 +225,7 @@ free_subid_range_LDADD = \
> +
> + check_subid_range_CPPFLAGS = \
> + 	-I$(top_srcdir)/lib \
> ++	-I$(top_srcdir) \
> + 	-I$(top_srcdir)/libmisc
> +
> + check_subid_range_LDADD = \
> +--
> +2.31.1
> +
> diff --git a/meta/recipes-extended/shadow/files/0001-libsubid-link-to-PAM-libraries.patch b/meta/recipes-extended/shadow/files/0001-libsubid-link-to-PAM-libraries.patch
> new file mode 100644
> index 0000000000..ea7a99dbf7
> --- /dev/null
> +++ b/meta/recipes-extended/shadow/files/0001-libsubid-link-to-PAM-libraries.patch
> @@ -0,0 +1,31 @@
> +From 4f44617af3a0c59be267ac5fcc33586e3783f5e6 Mon Sep 17 00:00:00 2001
> +From: Xi Ruoyao <xry111@mengyan1223.wang>
> +Date: Fri, 23 Jul 2021 14:38:08 +0800
> +Subject: [PATCH] libsubid: link to PAM libraries
> +
> +libsubid.so links to libmisc.a, which contains several routines referring to
> +PAM functions.
> +
> +Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/f4a84efb468b8be21be124700ce35159c444e9d6]
> +Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
> +---
> + libsubid/Makefile.am | 3 ++-
> + 1 file changed, 2 insertions(+), 1 deletion(-)
> +
> +diff --git a/libsubid/Makefile.am b/libsubid/Makefile.am
> +index cdc41fe6..99308c1f 100644
> +--- a/libsubid/Makefile.am
> ++++ b/libsubid/Makefile.am
> +@@ -16,7 +16,8 @@ MISCLIBS = \
> + 	$(LIBCRYPT) \
> + 	$(LIBACL) \
> + 	$(LIBATTR) \
> +-	$(LIBTCB)
> ++	$(LIBTCB) \
> ++	$(LIBPAM)
> +
> + libsubid_la_LIBADD = \
> + 	$(top_builddir)/lib/libshadow.la \
> +--
> +2.31.1
> +
> diff --git a/meta/recipes-extended/shadow/files/0002-Allow-for-setting-password-in-clear-text.patch b/meta/recipes-extended/shadow/files/0002-Allow-for-setting-password-in-clear-text.patch
> deleted file mode 100644
> index c6332e4f76..0000000000
> --- a/meta/recipes-extended/shadow/files/0002-Allow-for-setting-password-in-clear-text.patch
> +++ /dev/null
> @@ -1,301 +0,0 @@
> -From a7d995228491ad5255ad86c1f04ba071f6880897 Mon Sep 17 00:00:00 2001
> -From: Chen Qi <Qi.Chen@windriver.com>
> -Date: Sat, 16 Nov 2013 15:27:47 +0800
> -Subject: [PATCH] Allow for setting password in clear text
> -
> -Upstream-Status: Inappropriate [OE specific]
> -
> -Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
> -
> ----
> - src/Makefile.am |  8 ++++----
> - src/groupadd.c  | 20 +++++++++++++++-----
> - src/groupmod.c  | 20 +++++++++++++++-----
> - src/useradd.c   | 21 +++++++++++++++------
> - src/usermod.c   | 20 +++++++++++++++-----
> - 5 files changed, 64 insertions(+), 25 deletions(-)
> -
> -diff --git a/src/Makefile.am b/src/Makefile.am
> -index f31fd7a..4a317a3 100644
> ---- a/src/Makefile.am
> -+++ b/src/Makefile.am
> -@@ -103,10 +103,10 @@ chsh_LDADD     = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM)
> - chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF)
> - expiry_LDADD = $(LDADD) $(LIBECONF)
> - gpasswd_LDADD  = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF)
> --groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
> -+groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) $(LIBCRYPT)
> - groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
> - groupmems_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
> --groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
> -+groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) $(LIBCRYPT)
> - grpck_LDADD    = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
> - grpconv_LDADD  = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
> - grpunconv_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
> -@@ -127,9 +127,9 @@ su_SOURCES     = \
> - 	suauth.c
> - su_LDADD       = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF)
> - sulogin_LDADD  = $(LDADD) $(LIBCRYPT) $(LIBECONF)
> --useradd_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF)
> -+useradd_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) $(LIBCRYPT)
> - userdel_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBECONF)
> --usermod_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF)
> -+usermod_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) $(LIBCRYPT)
> - vipw_LDADD     = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
> -
> - install-am: all-am
> -diff --git a/src/groupadd.c b/src/groupadd.c
> -index e9c4bb7..d572c00 100644
> ---- a/src/groupadd.c
> -+++ b/src/groupadd.c
> -@@ -127,9 +127,10 @@ static /*@noreturn@*/void usage (int status)
> - 	(void) fputs (_("  -o, --non-unique              allow to create groups with duplicate\n"
> - 	                "                                (non-unique) GID\n"), usageout);
> - 	(void) fputs (_("  -p, --password PASSWORD       use this encrypted password for the new group\n"), usageout);
> -+	(void) fputs (_("  -P, --clear-password PASSWORD use this clear password for the new group\n"), usageout);
> - 	(void) fputs (_("  -r, --system                  create a system account\n"), usageout);
> - 	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), usageout);
> --	(void) fputs (_("  -P, --prefix PREFIX_DIR       directory prefix\n"), usageout);
> -+	(void) fputs (_("  -A, --prefix PREFIX_DIR       directory prefix\n"), usageout);
> - 	(void) fputs ("\n", usageout);
> - 	exit (status);
> - }
> -@@ -391,13 +392,14 @@ static void process_flags (int argc, char **argv)
> - 		{"key",        required_argument, NULL, 'K'},
> - 		{"non-unique", no_argument,       NULL, 'o'},
> - 		{"password",   required_argument, NULL, 'p'},
> -+		{"clear-password", required_argument, NULL, 'P'},
> - 		{"system",     no_argument,       NULL, 'r'},
> - 		{"root",       required_argument, NULL, 'R'},
> --		{"prefix",     required_argument, NULL, 'P'},
> -+		{"prefix",     required_argument, NULL, 'A'},
> - 		{NULL, 0, NULL, '\0'}
> - 	};
> -
> --	while ((c = getopt_long (argc, argv, "fg:hK:op:rR:P:",
> -+	while ((c = getopt_long (argc, argv, "fg:hK:op:P:rR:A:",
> - 		                 long_options, NULL)) != -1) {
> - 		switch (c) {
> - 		case 'f':
> -@@ -449,12 +451,20 @@ static void process_flags (int argc, char **argv)
> - 			pflg = true;
> - 			group_passwd = optarg;
> - 			break;
> -+		case 'P':
> -+			pflg = true;
> -+			group_passwd = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
> -+			break;
> - 		case 'r':
> - 			rflg = true;
> - 			break;
> - 		case 'R': /* no-op, handled in process_root_flag () */
> - 			break;
> --		case 'P': /* no-op, handled in process_prefix_flag () */
> -+		case 'A': /* no-op, handled in process_prefix_flag () */
> -+			fprintf (stderr,
> -+				 _("%s: -A is deliberately not supported \n"),
> -+				 Prog);
> -+			exit (E_BAD_ARG);
> - 			break;
> - 		default:
> - 			usage (E_USAGE);
> -@@ -588,7 +598,7 @@ int main (int argc, char **argv)
> - 	(void) textdomain (PACKAGE);
> -
> - 	process_root_flag ("-R", argc, argv);
> --	prefix = process_prefix_flag ("-P", argc, argv);
> -+	prefix = process_prefix_flag ("-A", argc, argv);
> -
> - 	OPENLOG ("groupadd");
> - #ifdef WITH_AUDIT
> -diff --git a/src/groupmod.c b/src/groupmod.c
> -index bc14438..25ccb44 100644
> ---- a/src/groupmod.c
> -+++ b/src/groupmod.c
> -@@ -138,8 +138,9 @@ static void usage (int status)
> - 	(void) fputs (_("  -o, --non-unique              allow to use a duplicate (non-unique) GID\n"), usageout);
> - 	(void) fputs (_("  -p, --password PASSWORD       change the password to this (encrypted)\n"
> - 	                "                                PASSWORD\n"), usageout);
> -+	(void) fputs (_("  -P, --clear-password PASSWORD change the password to this clear PASSWORD\n"), usageout);
> - 	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), usageout);
> --	(void) fputs (_("  -P, --prefix PREFIX_DIR       prefix directory where are located the /etc/* files\n"), usageout);
> -+	(void) fputs (_("  -A, --prefix PREFIX_DIR       prefix directory where are located the /etc/* files\n"), usageout);
> - 	(void) fputs ("\n", usageout);
> - 	exit (status);
> - }
> -@@ -387,11 +388,12 @@ static void process_flags (int argc, char **argv)
> - 		{"new-name",   required_argument, NULL, 'n'},
> - 		{"non-unique", no_argument,       NULL, 'o'},
> - 		{"password",   required_argument, NULL, 'p'},
> -+		{"clear-password", required_argument, NULL, 'P'},
> - 		{"root",       required_argument, NULL, 'R'},
> --		{"prefix",     required_argument, NULL, 'P'},
> -+		{"prefix",     required_argument, NULL, 'A'},
> - 		{NULL, 0, NULL, '\0'}
> - 	};
> --	while ((c = getopt_long (argc, argv, "g:hn:op:R:P:",
> -+	while ((c = getopt_long (argc, argv, "g:hn:op:P:R:A:",
> - 		                 long_options, NULL)) != -1) {
> - 		switch (c) {
> - 		case 'g':
> -@@ -418,9 +420,17 @@ static void process_flags (int argc, char **argv)
> - 			group_passwd = optarg;
> - 			pflg = true;
> - 			break;
> -+		case 'P':
> -+			group_passwd = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
> -+			pflg = true;
> -+			break;
> - 		case 'R': /* no-op, handled in process_root_flag () */
> - 			break;
> --		case 'P': /* no-op, handled in process_prefix_flag () */
> -+		case 'A': /* no-op, handled in process_prefix_flag () */
> -+			fprintf (stderr,
> -+				 _("%s: -A is deliberately not supported \n"),
> -+				 Prog);
> -+			exit (E_BAD_ARG);
> - 			break;
> - 		default:
> - 			usage (E_USAGE);
> -@@ -761,7 +771,7 @@ int main (int argc, char **argv)
> - 	(void) textdomain (PACKAGE);
> -
> - 	process_root_flag ("-R", argc, argv);
> --	prefix = process_prefix_flag ("-P", argc, argv);
> -+	prefix = process_prefix_flag ("-A", argc, argv);
> -
> - 	OPENLOG ("groupmod");
> - #ifdef WITH_AUDIT
> -diff --git a/src/useradd.c b/src/useradd.c
> -index 1b7bf06..44f09e2 100644
> ---- a/src/useradd.c
> -+++ b/src/useradd.c
> -@@ -853,9 +853,10 @@ static void usage (int status)
> - 	(void) fputs (_("  -o, --non-unique              allow to create users with duplicate\n"
> - 	                "                                (non-unique) UID\n"), usageout);
> - 	(void) fputs (_("  -p, --password PASSWORD       encrypted password of the new account\n"), usageout);
> -+	(void) fputs (_("  -P, --clear-password PASSWORD clear password of the new account\n"), usageout);
> - 	(void) fputs (_("  -r, --system                  create a system account\n"), usageout);
> - 	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), usageout);
> --	(void) fputs (_("  -P, --prefix PREFIX_DIR       prefix directory where are located the /etc/* files\n"), usageout);
> -+	(void) fputs (_("  -A, --prefix PREFIX_DIR       prefix directory where are located the /etc/* files\n"), usageout);
> - 	(void) fputs (_("  -s, --shell SHELL             login shell of the new account\n"), usageout);
> - 	(void) fputs (_("  -u, --uid UID                 user ID of the new account\n"), usageout);
> - 	(void) fputs (_("  -U, --user-group              create a group with the same name as the user\n"), usageout);
> -@@ -1133,9 +1134,10 @@ static void process_flags (int argc, char **argv)
> - 			{"no-user-group",  no_argument,       NULL, 'N'},
> - 			{"non-unique",     no_argument,       NULL, 'o'},
> - 			{"password",       required_argument, NULL, 'p'},
> -+			{"clear-password", required_argument, NULL, 'P'},
> - 			{"system",         no_argument,       NULL, 'r'},
> - 			{"root",           required_argument, NULL, 'R'},
> --			{"prefix",         required_argument, NULL, 'P'},
> -+			{"prefix",         required_argument, NULL, 'A'},
> - 			{"shell",          required_argument, NULL, 's'},
> - 			{"uid",            required_argument, NULL, 'u'},
> - 			{"user-group",     no_argument,       NULL, 'U'},
> -@@ -1146,9 +1148,9 @@ static void process_flags (int argc, char **argv)
> - 		};
> - 		while ((c = getopt_long (argc, argv,
> - #ifdef WITH_SELINUX
> --		                         "b:c:d:De:f:g:G:hk:K:lmMNop:rR:P:s:u:UZ:",
> -+		                         "b:c:d:De:f:g:G:hk:K:lmMNop:P:rR:A:s:u:UZ:",
> - #else				/* !WITH_SELINUX */
> --		                         "b:c:d:De:f:g:G:hk:K:lmMNop:rR:P:s:u:U",
> -+		                         "b:c:d:De:f:g:G:hk:K:lmMNop:P:rR:A:s:u:U",
> - #endif				/* !WITH_SELINUX */
> - 		                         long_options, NULL)) != -1) {
> - 			switch (c) {
> -@@ -1320,12 +1322,19 @@ static void process_flags (int argc, char **argv)
> - 				}
> - 				user_pass = optarg;
> - 				break;
> -+			case 'P': /* set clear text password */
> -+				user_pass = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
> -+				break;
> - 			case 'r':
> - 				rflg = true;
> - 				break;
> - 			case 'R': /* no-op, handled in process_root_flag () */
> - 				break;
> --			case 'P': /* no-op, handled in process_prefix_flag () */
> -+			case 'A': /* no-op, handled in process_prefix_flag () */
> -+				fprintf (stderr,
> -+					 _("%s: -A is deliberately not supported \n"),
> -+					 Prog);
> -+				exit (E_BAD_ARG);
> - 				break;
> - 			case 's':
> - 				if (   ( !VALID (optarg) )
> -@@ -2257,7 +2266,7 @@ int main (int argc, char **argv)
> -
> - 	process_root_flag ("-R", argc, argv);
> -
> --	prefix = process_prefix_flag("-P", argc, argv);
> -+	prefix = process_prefix_flag("-A", argc, argv);
> -
> - 	OPENLOG ("useradd");
> - #ifdef WITH_AUDIT
> -diff --git a/src/usermod.c b/src/usermod.c
> -index 21c6da9..cffdb3e 100644
> ---- a/src/usermod.c
> -+++ b/src/usermod.c
> -@@ -431,8 +431,9 @@ static /*@noreturn@*/void usage (int status)
> - 	                "                                new location (use only with -d)\n"), usageout);
> - 	(void) fputs (_("  -o, --non-unique              allow using duplicate (non-unique) UID\n"), usageout);
> - 	(void) fputs (_("  -p, --password PASSWORD       use encrypted password for the new password\n"), usageout);
> -+	(void) fputs (_("  -P, --clear-password PASSWORD use clear password for the new password\n"), usageout);
> - 	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), usageout);
> --	(void) fputs (_("  -P, --prefix PREFIX_DIR       prefix directory where are located the /etc/* files\n"), usageout);
> -+	(void) fputs (_("  -A, --prefix PREFIX_DIR       prefix directory where are located the /etc/* files\n"), usageout);
> - 	(void) fputs (_("  -s, --shell SHELL             new login shell for the user account\n"), usageout);
> - 	(void) fputs (_("  -u, --uid UID                 new UID for the user account\n"), usageout);
> - 	(void) fputs (_("  -U, --unlock                  unlock the user account\n"), usageout);
> -@@ -1010,8 +1011,9 @@ static void process_flags (int argc, char **argv)
> - 			{"move-home",    no_argument,       NULL, 'm'},
> - 			{"non-unique",   no_argument,       NULL, 'o'},
> - 			{"password",     required_argument, NULL, 'p'},
> -+			{"clear-password", required_argument, NULL, 'P'},
> - 			{"root",         required_argument, NULL, 'R'},
> --			{"prefix",       required_argument, NULL, 'P'},
> -+			{"prefix",       required_argument, NULL, 'A'},
> - 			{"shell",        required_argument, NULL, 's'},
> - 			{"uid",          required_argument, NULL, 'u'},
> - 			{"unlock",       no_argument,       NULL, 'U'},
> -@@ -1027,7 +1029,7 @@ static void process_flags (int argc, char **argv)
> - 			{NULL, 0, NULL, '\0'}
> - 		};
> - 		while ((c = getopt_long (argc, argv,
> --		                         "abc:d:e:f:g:G:hl:Lmop:R:s:u:UP:"
> -+		                         "abc:d:e:f:g:G:hl:Lmop:P:R:s:u:UA:"
> - #ifdef ENABLE_SUBIDS
> - 		                         "v:w:V:W:"
> - #endif				/* ENABLE_SUBIDS */
> -@@ -1130,9 +1132,17 @@ static void process_flags (int argc, char **argv)
> - 				user_pass = optarg;
> - 				pflg = true;
> - 				break;
> -+			case 'P':
> -+				user_pass = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
> -+				pflg = true;
> -+				break;
> - 			case 'R': /* no-op, handled in process_root_flag () */
> - 				break;
> --			case 'P': /* no-op, handled in process_prefix_flag () */
> -+			case 'A': /* no-op, handled in process_prefix_flag () */
> -+				fprintf (stderr,
> -+					 _("%s: -A is deliberately not supported \n"),
> -+					 Prog);
> -+				exit (E_BAD_ARG);
> - 				break;
> - 			case 's':
> - 				if (!VALID (optarg)) {
> -@@ -2127,7 +2137,7 @@ int main (int argc, char **argv)
> - 	(void) textdomain (PACKAGE);
> -
> - 	process_root_flag ("-R", argc, argv);
> --	prefix = process_prefix_flag ("-P", argc, argv);
> -+	prefix = process_prefix_flag ("-A", argc, argv);
> -
> - 	OPENLOG ("usermod");
> - #ifdef WITH_AUDIT
> diff --git a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch
> index 9825216369..bd24626a26 100644
> --- a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch
> +++ b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch
> @@ -1,4 +1,4 @@
> -From 66533c7c6f347d257020675a1ed6e0c59cbbc3f0 Mon Sep 17 00:00:00 2001
> +From 1422c24f7266b553c82100e3d18a10c55cd91063 Mon Sep 17 00:00:00 2001
>   From: Chen Qi <Qi.Chen@windriver.com>
>   Date: Thu, 17 Jul 2014 15:53:34 +0800
>   Subject: [PATCH] commonio.c-fix-unexpected-open-failure-in-chroot-env
> @@ -21,10 +21,10 @@ Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
>    1 file changed, 12 insertions(+), 4 deletions(-)
>   
>   diff --git a/lib/commonio.c b/lib/commonio.c
> -index 16fa7e7..d6bc297 100644
> +index cef404b..66908fb 100644
>   --- a/lib/commonio.c
>   +++ b/lib/commonio.c
> -@@ -632,10 +632,18 @@ int commonio_open (struct commonio_db *db, int mode)
> +@@ -646,10 +646,18 @@ int commonio_open (struct commonio_db *db, int mode)
>    	db->cursor = NULL;
>    	db->changed = false;
>    
> diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc
> index 2cbdfbc1cf..51d2ca5f16 100644
> --- a/meta/recipes-extended/shadow/shadow.inc
> +++ b/meta/recipes-extended/shadow/shadow.inc
> @@ -10,10 +10,12 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=ed80ff1c2b40843cf5768e5229cf16e5 \
>   DEPENDS = "virtual/crypt"
>   
>   UPSTREAM_CHECK_URI = "https://github.com/shadow-maint/shadow/releases"
> -SRC_URI = "https://github.com/shadow-maint/shadow/releases/download/${PV}/${BP}.tar.gz \
> +SRC_URI = "https://github.com/shadow-maint/shadow/releases/download/v${PV}/${BP}.tar.gz \
>              file://shadow-4.1.3-dots-in-usernames.patch \
>              ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \
>              file://shadow-relaxed-usernames.patch \
> +           file://0001-Fix-out-of-tree-builds-with-respect-to-libsubid-incl.patch \
> +           file://0001-libsubid-link-to-PAM-libraries.patch \
>              "
>   
>   SRC_URI_append_class-target = " \
> @@ -23,15 +25,13 @@ SRC_URI_append_class-target = " \
>   
>   SRC_URI_append_class-native = " \
>              file://0001-Disable-use-of-syslog-for-sysroot.patch \
> -           file://0002-Allow-for-setting-password-in-clear-text.patch \
>              file://commonio.c-fix-unexpected-open-failure-in-chroot-env.patch \
>              "
>   SRC_URI_append_class-nativesdk = " \
>              file://0001-Disable-use-of-syslog-for-sysroot.patch \
>              "
>   
> -SRC_URI[md5sum] = "3d97f11e66bfb0b14702b115fa8be480"
> -SRC_URI[sha256sum] = "3ee3081fbbcbcfea5c8916419e46bc724807bab271072104f23e7a29e9668f3a"
> +SRC_URI[sha256sum] = "6c4627ff9c9422b96664517ae753c944f2902e92809d0698b65f5fef11985212"
>   
>   # Additional Policy files for PAM
>   PAM_SRC_URI = "file://pam.d/chfn \
> @@ -115,12 +115,6 @@ do_install() {
>   	# Use proper encryption for passwords
>   	sed -i 's/^#ENCRYPT_METHOD.*$/ENCRYPT_METHOD SHA512/' ${D}${sysconfdir}/login.defs
>   
> -	# Now we don't have a mail system. Disable mail creation for now.
> -	sed -i 's:/bin/bash:/bin/sh:g' ${D}${sysconfdir}/default/useradd
> -	sed -i '/^CREATE_MAIL_SPOOL/ s:^:#:' ${D}${sysconfdir}/default/useradd
> -
> -	# Use users group by default
> -	sed -i 's,^GROUP=1000,GROUP=100,g' ${D}${sysconfdir}/default/useradd
>   }
>   
>   do_install_append() {
> @@ -184,13 +178,6 @@ ALTERNATIVE_${PN}-base = "newgrp groups login su"
>   ALTERNATIVE_LINK_NAME[login] = "${base_bindir}/login"
>   ALTERNATIVE_LINK_NAME[su] = "${base_bindir}/su"
>   
> -ALTERNATIVE_${PN}-doc = "passwd.5 getspnam.3 groups.1 su.1 nologin.8"
> -ALTERNATIVE_LINK_NAME[passwd.5] = "${mandir}/man5/passwd.5"
> -ALTERNATIVE_LINK_NAME[getspnam.3] = "${mandir}/man3/getspnam.3"
> -ALTERNATIVE_LINK_NAME[groups.1] = "${mandir}/man1/groups.1"
> -ALTERNATIVE_LINK_NAME[su.1] = "${mandir}/man1/su.1"
> -ALTERNATIVE_LINK_NAME[nologin.8] = "${mandir}/man8/nologin.8"
> -
>   PACKAGE_WRITE_DEPS += "shadow-native"
>   pkg_postinst_${PN}_class-target () {
>   	if [ "x$D" != "x" ]; then
> diff --git a/meta/recipes-extended/shadow/shadow_4.8.1.bb b/meta/recipes-extended/shadow/shadow_4.9.bb
> similarity index 100%
> rename from meta/recipes-extended/shadow/shadow_4.8.1.bb
> rename to meta/recipes-extended/shadow/shadow_4.9.bb
>
> 
>

[-- Attachment #2: Type: text/html, Size: 33652 bytes --]

Re: [OE-core] [PATCH 6/9] shadow: update 4.8.1 -> 4.9

[Alexander Kanavin]

[-- Attachment #1: Type: text/plain, Size: 30977 bytes --]

Yes, plaintext passwords can no longer be there, which is a good thing I'd
say? The hashed/salted passwords can still be provided through the same
class, but this needs to be documented, and perhaps tested too.

Alex

On Wed, 4 Aug 2021 at 10:39, Yi Zhao <yi.zhao@windriver.com> wrote:

>
> On 7/30/21 7:45 PM, Alexander Kanavin wrote:
>
> Add a couple backports to fix builds.
>
> Drop 0002-Allow-for-setting-password-in-clear-text.patch;
> what it adds is horribly insecure and AB testing didn't reveal any
> regressions or use cases for it.
>
> Dropping this patch makes the password setting function in
> extrausers.bbclass unavailable:
> https://docs.yoctoproject.org/singleindex.html#extrausers-bbclass
>
>
> //Yi
>
>
> Drop /etc/default/ tweaks as files are no longer installed there.
>
> Drop manpage alternatives as manpages are no longer installed.
>
> Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> <alex.kanavin@gmail.com>
> ---
>  ...01-Disable-use-of-syslog-for-sysroot.patch |  29 +-
>  ...builds-with-respect-to-libsubid-incl.patch | 114 +++++++
>  .../0001-libsubid-link-to-PAM-libraries.patch |  31 ++
>  ...w-for-setting-password-in-clear-text.patch | 301 ------------------
>  ...nexpected-open-failure-in-chroot-env.patch |   6 +-
>  meta/recipes-extended/shadow/shadow.inc       |  21 +-
>  .../shadow/{shadow_4.8.1.bb => shadow_4.9.bb} |   0
>  7 files changed, 167 insertions(+), 335 deletions(-)
>  create mode 100644 meta/recipes-extended/shadow/files/0001-Fix-out-of-tree-builds-with-respect-to-libsubid-incl.patch
>  create mode 100644 meta/recipes-extended/shadow/files/0001-libsubid-link-to-PAM-libraries.patch
>  delete mode 100644 meta/recipes-extended/shadow/files/0002-Allow-for-setting-password-in-clear-text.patch
>  rename meta/recipes-extended/shadow/{shadow_4.8.1.bb => shadow_4.9.bb} (100%)
>
> diff --git a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch b/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch
> index ab317b9aa0..95728bcd3f 100644
> --- a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch
> +++ b/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch
> @@ -1,4 +1,4 @@
> -From fa2d9453656641002802d8165e80adb9e6a729d2 Mon Sep 17 00:00:00 2001
> +From 30a3906a0a21120fa6bbc918b6258ab9303fbeaa Mon Sep 17 00:00:00 2001
>  From: Scott Garman <scott.a.garman@intel.com> <scott.a.garman@intel.com>
>  Date: Thu, 14 Apr 2016 12:28:57 +0200
>  Subject: [PATCH] Disable use of syslog for sysroot
> @@ -19,12 +19,12 @@ Signed-off-by: Chen Qi <Qi.Chen@windriver.com> <Qi.Chen@windriver.com>
>   src/groupmems.c | 3 +++
>   src/groupmod.c  | 3 +++
>   src/useradd.c   | 3 +++
> - src/userdel.c   | 3 +++
> + src/userdel.c   | 4 ++++
>   src/usermod.c   | 3 +++
> - 7 files changed, 21 insertions(+)
> + 7 files changed, 22 insertions(+)
>
>  diff --git a/src/groupadd.c b/src/groupadd.c
> -index 2dd8eec..e9c4bb7 100644
> +index d7f68b1..5fe5f43 100644
>  --- a/src/groupadd.c
>  +++ b/src/groupadd.c
>  @@ -34,6 +34,9 @@
> @@ -38,7 +38,7 @@ index 2dd8eec..e9c4bb7 100644
>   #include <fcntl.h>
>   #include <getopt.h>
>  diff --git a/src/groupdel.c b/src/groupdel.c
> -index f941a84..5a70056 100644
> +index 5c89312..2aefc5a 100644
>  --- a/src/groupdel.c
>  +++ b/src/groupdel.c
>  @@ -34,6 +34,9 @@
> @@ -52,7 +52,7 @@ index f941a84..5a70056 100644
>   #include <fcntl.h>
>   #include <grp.h>
>  diff --git a/src/groupmems.c b/src/groupmems.c
> -index fc91c8b..2842514 100644
> +index 654a8f3..6b2026b 100644
>  --- a/src/groupmems.c
>  +++ b/src/groupmems.c
>  @@ -32,6 +32,9 @@
> @@ -66,7 +66,7 @@ index fc91c8b..2842514 100644
>   #include <getopt.h>
>   #include <grp.h>
>  diff --git a/src/groupmod.c b/src/groupmod.c
> -index 1dca5fc..bc14438 100644
> +index acd6f35..a2c5247 100644
>  --- a/src/groupmod.c
>  +++ b/src/groupmod.c
>  @@ -34,6 +34,9 @@
> @@ -80,7 +80,7 @@ index 1dca5fc..bc14438 100644
>   #include <fcntl.h>
>   #include <getopt.h>
>  diff --git a/src/useradd.c b/src/useradd.c
> -index 4af0f7c..1b7bf06 100644
> +index 127177e..b80e505 100644
>  --- a/src/useradd.c
>  +++ b/src/useradd.c
>  @@ -34,6 +34,9 @@
> @@ -94,21 +94,22 @@ index 4af0f7c..1b7bf06 100644
>   #include <ctype.h>
>   #include <errno.h>
>  diff --git a/src/userdel.c b/src/userdel.c
> -index cc951e5..153e0be 100644
> +index 79a7c89..c1e010a 100644
>  --- a/src/userdel.c
>  +++ b/src/userdel.c
> -@@ -34,6 +34,9 @@
> -
> - #ident "$Id$"
> +@@ -31,6 +31,10 @@
> +  */
>
> + #include <config.h>
> ++
>  +/* Disable use of syslog since we're running this command against a sysroot */
>  +#undef USE_SYSLOG
>  +
>   #include <assert.h>
> + #include <dirent.h>
>   #include <errno.h>
> - #include <fcntl.h>
>  diff --git a/src/usermod.c b/src/usermod.c
> -index 05b9871..21c6da9 100644
> +index 03bb9b9..e15fdd4 100644
>  --- a/src/usermod.c
>  +++ b/src/usermod.c
>  @@ -34,6 +34,9 @@
> diff --git a/meta/recipes-extended/shadow/files/0001-Fix-out-of-tree-builds-with-respect-to-libsubid-incl.patch b/meta/recipes-extended/shadow/files/0001-Fix-out-of-tree-builds-with-respect-to-libsubid-incl.patch
> new file mode 100644
> index 0000000000..c577be6505
> --- /dev/null
> +++ b/meta/recipes-extended/shadow/files/0001-Fix-out-of-tree-builds-with-respect-to-libsubid-incl.patch
> @@ -0,0 +1,114 @@
> +From eced8077b57946fe0b723e7c6c510e8f344ce89b Mon Sep 17 00:00:00 2001
> +From: Serge Hallyn <serge@hallyn.com> <serge@hallyn.com>
> +Date: Fri, 23 Jul 2021 17:51:13 -0500
> +Subject: [PATCH] Fix out of tree builds with respect to libsubid includes
> +
> +There's a better way to do this, and I hope to clean that up,
> +but this fixes out of tree builds for me right now.
> +
> +Closes #386
> +
> +Signed-off-by: Serge Hallyn <serge@hallyn.com> <serge@hallyn.com>
> +Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/537b8cd90be7b47b45c45cfd27765ef85eb0ebf1]
> +Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> <alex.kanavin@gmail.com>
> +---
> + lib/Makefile.am      | 2 ++
> + libmisc/Makefile.am  | 2 +-
> + libsubid/Makefile.am | 4 ++--
> + src/Makefile.am      | 6 ++++++
> + 4 files changed, 11 insertions(+), 3 deletions(-)
> +
> +diff --git a/lib/Makefile.am b/lib/Makefile.am
> +index ecf3ee25..5ac2e111 100644
> +--- a/lib/Makefile.am
> ++++ b/lib/Makefile.am
> +@@ -10,6 +10,8 @@ if HAVE_VENDORDIR
> + libshadow_la_CPPFLAGS += -DVENDORDIR=\"$(VENDORDIR)\"
> + endif
> +
> ++libshadow_la_CPPFLAGS += -I$(top_srcdir)
> ++
> + libshadow_la_SOURCES = \
> + 	commonio.c \
> + 	commonio.h \
> +diff --git a/libmisc/Makefile.am b/libmisc/Makefile.am
> +index 9766a7ec..9f237e0d 100644
> +--- a/libmisc/Makefile.am
> ++++ b/libmisc/Makefile.am
> +@@ -1,7 +1,7 @@
> +
> + EXTRA_DIST = .indent.pro xgetXXbyYY.c
> +
> +-AM_CPPFLAGS = -I$(top_srcdir)/lib $(ECONF_CPPFLAGS)
> ++AM_CPPFLAGS = -I$(top_srcdir)/lib -I$(top_srcdir) $(ECONF_CPPFLAGS)
> +
> + noinst_LTLIBRARIES = libmisc.la
> +
> +diff --git a/libsubid/Makefile.am b/libsubid/Makefile.am
> +index 189165b0..cdc41fe6 100644
> +--- a/libsubid/Makefile.am
> ++++ b/libsubid/Makefile.am
> +@@ -19,8 +19,8 @@ MISCLIBS = \
> + 	$(LIBTCB)
> +
> + libsubid_la_LIBADD = \
> +-	$(top_srcdir)/lib/libshadow.la \
> +-	$(top_srcdir)/libmisc/libmisc.la \
> ++	$(top_builddir)/lib/libshadow.la \
> ++	$(top_builddir)/libmisc/libmisc.la \
> + 	$(MISCLIBS) -ldl
> +
> + AM_CPPFLAGS = \
> +diff --git a/src/Makefile.am b/src/Makefile.am
> +index 35027013..7c1a3491 100644
> +--- a/src/Makefile.am
> ++++ b/src/Makefile.am
> +@@ -10,6 +10,7 @@ sgidperms = 2755
> + AM_CPPFLAGS = \
> + 	-I${top_srcdir}/lib \
> + 	-I$(top_srcdir)/libmisc \
> ++	-I$(top_srcdir) \
> + 	-DLOCALEDIR=\"$(datadir)/locale\"
> +
> + # XXX why are login and su in /bin anyway (other than for
> +@@ -183,6 +184,7 @@ list_subid_ranges_LDADD = \
> + list_subid_ranges_CPPFLAGS = \
> + 	-I$(top_srcdir)/lib \
> + 	-I$(top_srcdir)/libmisc \
> ++	-I$(top_srcdir) \
> + 	-I$(top_srcdir)/libsubid
> +
> + get_subid_owners_LDADD = \
> +@@ -194,11 +196,13 @@ get_subid_owners_LDADD = \
> + get_subid_owners_CPPFLAGS = \
> + 	-I$(top_srcdir)/lib \
> + 	-I$(top_srcdir)/libmisc \
> ++	-I$(top_srcdir) \
> + 	-I$(top_srcdir)/libsubid
> +
> + new_subid_range_CPPFLAGS = \
> + 	-I$(top_srcdir)/lib \
> + 	-I$(top_srcdir)/libmisc \
> ++	-I$(top_srcdir) \
> + 	-I$(top_srcdir)/libsubid
> +
> + new_subid_range_LDADD = \
> +@@ -210,6 +214,7 @@ new_subid_range_LDADD = \
> + free_subid_range_CPPFLAGS = \
> + 	-I$(top_srcdir)/lib \
> + 	-I$(top_srcdir)/libmisc \
> ++	-I$(top_srcdir) \
> + 	-I$(top_srcdir)/libsubid
> +
> + free_subid_range_LDADD = \
> +@@ -220,6 +225,7 @@ free_subid_range_LDADD = \
> +
> + check_subid_range_CPPFLAGS = \
> + 	-I$(top_srcdir)/lib \
> ++	-I$(top_srcdir) \
> + 	-I$(top_srcdir)/libmisc
> +
> + check_subid_range_LDADD = \
> +--
> +2.31.1
> +
> diff --git a/meta/recipes-extended/shadow/files/0001-libsubid-link-to-PAM-libraries.patch b/meta/recipes-extended/shadow/files/0001-libsubid-link-to-PAM-libraries.patch
> new file mode 100644
> index 0000000000..ea7a99dbf7
> --- /dev/null
> +++ b/meta/recipes-extended/shadow/files/0001-libsubid-link-to-PAM-libraries.patch
> @@ -0,0 +1,31 @@
> +From 4f44617af3a0c59be267ac5fcc33586e3783f5e6 Mon Sep 17 00:00:00 2001
> +From: Xi Ruoyao <xry111@mengyan1223.wang> <xry111@mengyan1223.wang>
> +Date: Fri, 23 Jul 2021 14:38:08 +0800
> +Subject: [PATCH] libsubid: link to PAM libraries
> +
> +libsubid.so links to libmisc.a, which contains several routines referring to
> +PAM functions.
> +
> +Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/f4a84efb468b8be21be124700ce35159c444e9d6]
> +Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> <alex.kanavin@gmail.com>
> +---
> + libsubid/Makefile.am | 3 ++-
> + 1 file changed, 2 insertions(+), 1 deletion(-)
> +
> +diff --git a/libsubid/Makefile.am b/libsubid/Makefile.am
> +index cdc41fe6..99308c1f 100644
> +--- a/libsubid/Makefile.am
> ++++ b/libsubid/Makefile.am
> +@@ -16,7 +16,8 @@ MISCLIBS = \
> + 	$(LIBCRYPT) \
> + 	$(LIBACL) \
> + 	$(LIBATTR) \
> +-	$(LIBTCB)
> ++	$(LIBTCB) \
> ++	$(LIBPAM)
> +
> + libsubid_la_LIBADD = \
> + 	$(top_builddir)/lib/libshadow.la \
> +--
> +2.31.1
> +
> diff --git a/meta/recipes-extended/shadow/files/0002-Allow-for-setting-password-in-clear-text.patch b/meta/recipes-extended/shadow/files/0002-Allow-for-setting-password-in-clear-text.patch
> deleted file mode 100644
> index c6332e4f76..0000000000
> --- a/meta/recipes-extended/shadow/files/0002-Allow-for-setting-password-in-clear-text.patch
> +++ /dev/null
> @@ -1,301 +0,0 @@
> -From a7d995228491ad5255ad86c1f04ba071f6880897 Mon Sep 17 00:00:00 2001
> -From: Chen Qi <Qi.Chen@windriver.com> <Qi.Chen@windriver.com>
> -Date: Sat, 16 Nov 2013 15:27:47 +0800
> -Subject: [PATCH] Allow for setting password in clear text
> -
> -Upstream-Status: Inappropriate [OE specific]
> -
> -Signed-off-by: Chen Qi <Qi.Chen@windriver.com> <Qi.Chen@windriver.com>
> -
> ----
> - src/Makefile.am |  8 ++++----
> - src/groupadd.c  | 20 +++++++++++++++-----
> - src/groupmod.c  | 20 +++++++++++++++-----
> - src/useradd.c   | 21 +++++++++++++++------
> - src/usermod.c   | 20 +++++++++++++++-----
> - 5 files changed, 64 insertions(+), 25 deletions(-)
> -
> -diff --git a/src/Makefile.am b/src/Makefile.am
> -index f31fd7a..4a317a3 100644
> ---- a/src/Makefile.am
> -+++ b/src/Makefile.am
> -@@ -103,10 +103,10 @@ chsh_LDADD     = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM)
> - chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF)
> - expiry_LDADD = $(LDADD) $(LIBECONF)
> - gpasswd_LDADD  = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF)
> --groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
> -+groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) $(LIBCRYPT)
> - groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
> - groupmems_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
> --groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
> -+groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) $(LIBCRYPT)
> - grpck_LDADD    = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
> - grpconv_LDADD  = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
> - grpunconv_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
> -@@ -127,9 +127,9 @@ su_SOURCES     = \
> - 	suauth.c
> - su_LDADD       = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF)
> - sulogin_LDADD  = $(LDADD) $(LIBCRYPT) $(LIBECONF)
> --useradd_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF)
> -+useradd_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) $(LIBCRYPT)
> - userdel_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBECONF)
> --usermod_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF)
> -+usermod_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) $(LIBCRYPT)
> - vipw_LDADD     = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
> -
> - install-am: all-am
> -diff --git a/src/groupadd.c b/src/groupadd.c
> -index e9c4bb7..d572c00 100644
> ---- a/src/groupadd.c
> -+++ b/src/groupadd.c
> -@@ -127,9 +127,10 @@ static /*@noreturn@*/void usage (int status)
> - 	(void) fputs (_("  -o, --non-unique              allow to create groups with duplicate\n"
> - 	                "                                (non-unique) GID\n"), usageout);
> - 	(void) fputs (_("  -p, --password PASSWORD       use this encrypted password for the new group\n"), usageout);
> -+	(void) fputs (_("  -P, --clear-password PASSWORD use this clear password for the new group\n"), usageout);
> - 	(void) fputs (_("  -r, --system                  create a system account\n"), usageout);
> - 	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), usageout);
> --	(void) fputs (_("  -P, --prefix PREFIX_DIR       directory prefix\n"), usageout);
> -+	(void) fputs (_("  -A, --prefix PREFIX_DIR       directory prefix\n"), usageout);
> - 	(void) fputs ("\n", usageout);
> - 	exit (status);
> - }
> -@@ -391,13 +392,14 @@ static void process_flags (int argc, char **argv)
> - 		{"key",        required_argument, NULL, 'K'},
> - 		{"non-unique", no_argument,       NULL, 'o'},
> - 		{"password",   required_argument, NULL, 'p'},
> -+		{"clear-password", required_argument, NULL, 'P'},
> - 		{"system",     no_argument,       NULL, 'r'},
> - 		{"root",       required_argument, NULL, 'R'},
> --		{"prefix",     required_argument, NULL, 'P'},
> -+		{"prefix",     required_argument, NULL, 'A'},
> - 		{NULL, 0, NULL, '\0'}
> - 	};
> -
> --	while ((c = getopt_long (argc, argv, "fg:hK:op:rR:P:",
> -+	while ((c = getopt_long (argc, argv, "fg:hK:op:P:rR:A:",
> - 		                 long_options, NULL)) != -1) {
> - 		switch (c) {
> - 		case 'f':
> -@@ -449,12 +451,20 @@ static void process_flags (int argc, char **argv)
> - 			pflg = true;
> - 			group_passwd = optarg;
> - 			break;
> -+		case 'P':
> -+			pflg = true;
> -+			group_passwd = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
> -+			break;
> - 		case 'r':
> - 			rflg = true;
> - 			break;
> - 		case 'R': /* no-op, handled in process_root_flag () */
> - 			break;
> --		case 'P': /* no-op, handled in process_prefix_flag () */
> -+		case 'A': /* no-op, handled in process_prefix_flag () */
> -+			fprintf (stderr,
> -+				 _("%s: -A is deliberately not supported \n"),
> -+				 Prog);
> -+			exit (E_BAD_ARG);
> - 			break;
> - 		default:
> - 			usage (E_USAGE);
> -@@ -588,7 +598,7 @@ int main (int argc, char **argv)
> - 	(void) textdomain (PACKAGE);
> -
> - 	process_root_flag ("-R", argc, argv);
> --	prefix = process_prefix_flag ("-P", argc, argv);
> -+	prefix = process_prefix_flag ("-A", argc, argv);
> -
> - 	OPENLOG ("groupadd");
> - #ifdef WITH_AUDIT
> -diff --git a/src/groupmod.c b/src/groupmod.c
> -index bc14438..25ccb44 100644
> ---- a/src/groupmod.c
> -+++ b/src/groupmod.c
> -@@ -138,8 +138,9 @@ static void usage (int status)
> - 	(void) fputs (_("  -o, --non-unique              allow to use a duplicate (non-unique) GID\n"), usageout);
> - 	(void) fputs (_("  -p, --password PASSWORD       change the password to this (encrypted)\n"
> - 	                "                                PASSWORD\n"), usageout);
> -+	(void) fputs (_("  -P, --clear-password PASSWORD change the password to this clear PASSWORD\n"), usageout);
> - 	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), usageout);
> --	(void) fputs (_("  -P, --prefix PREFIX_DIR       prefix directory where are located the /etc/* files\n"), usageout);
> -+	(void) fputs (_("  -A, --prefix PREFIX_DIR       prefix directory where are located the /etc/* files\n"), usageout);
> - 	(void) fputs ("\n", usageout);
> - 	exit (status);
> - }
> -@@ -387,11 +388,12 @@ static void process_flags (int argc, char **argv)
> - 		{"new-name",   required_argument, NULL, 'n'},
> - 		{"non-unique", no_argument,       NULL, 'o'},
> - 		{"password",   required_argument, NULL, 'p'},
> -+		{"clear-password", required_argument, NULL, 'P'},
> - 		{"root",       required_argument, NULL, 'R'},
> --		{"prefix",     required_argument, NULL, 'P'},
> -+		{"prefix",     required_argument, NULL, 'A'},
> - 		{NULL, 0, NULL, '\0'}
> - 	};
> --	while ((c = getopt_long (argc, argv, "g:hn:op:R:P:",
> -+	while ((c = getopt_long (argc, argv, "g:hn:op:P:R:A:",
> - 		                 long_options, NULL)) != -1) {
> - 		switch (c) {
> - 		case 'g':
> -@@ -418,9 +420,17 @@ static void process_flags (int argc, char **argv)
> - 			group_passwd = optarg;
> - 			pflg = true;
> - 			break;
> -+		case 'P':
> -+			group_passwd = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
> -+			pflg = true;
> -+			break;
> - 		case 'R': /* no-op, handled in process_root_flag () */
> - 			break;
> --		case 'P': /* no-op, handled in process_prefix_flag () */
> -+		case 'A': /* no-op, handled in process_prefix_flag () */
> -+			fprintf (stderr,
> -+				 _("%s: -A is deliberately not supported \n"),
> -+				 Prog);
> -+			exit (E_BAD_ARG);
> - 			break;
> - 		default:
> - 			usage (E_USAGE);
> -@@ -761,7 +771,7 @@ int main (int argc, char **argv)
> - 	(void) textdomain (PACKAGE);
> -
> - 	process_root_flag ("-R", argc, argv);
> --	prefix = process_prefix_flag ("-P", argc, argv);
> -+	prefix = process_prefix_flag ("-A", argc, argv);
> -
> - 	OPENLOG ("groupmod");
> - #ifdef WITH_AUDIT
> -diff --git a/src/useradd.c b/src/useradd.c
> -index 1b7bf06..44f09e2 100644
> ---- a/src/useradd.c
> -+++ b/src/useradd.c
> -@@ -853,9 +853,10 @@ static void usage (int status)
> - 	(void) fputs (_("  -o, --non-unique              allow to create users with duplicate\n"
> - 	                "                                (non-unique) UID\n"), usageout);
> - 	(void) fputs (_("  -p, --password PASSWORD       encrypted password of the new account\n"), usageout);
> -+	(void) fputs (_("  -P, --clear-password PASSWORD clear password of the new account\n"), usageout);
> - 	(void) fputs (_("  -r, --system                  create a system account\n"), usageout);
> - 	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), usageout);
> --	(void) fputs (_("  -P, --prefix PREFIX_DIR       prefix directory where are located the /etc/* files\n"), usageout);
> -+	(void) fputs (_("  -A, --prefix PREFIX_DIR       prefix directory where are located the /etc/* files\n"), usageout);
> - 	(void) fputs (_("  -s, --shell SHELL             login shell of the new account\n"), usageout);
> - 	(void) fputs (_("  -u, --uid UID                 user ID of the new account\n"), usageout);
> - 	(void) fputs (_("  -U, --user-group              create a group with the same name as the user\n"), usageout);
> -@@ -1133,9 +1134,10 @@ static void process_flags (int argc, char **argv)
> - 			{"no-user-group",  no_argument,       NULL, 'N'},
> - 			{"non-unique",     no_argument,       NULL, 'o'},
> - 			{"password",       required_argument, NULL, 'p'},
> -+			{"clear-password", required_argument, NULL, 'P'},
> - 			{"system",         no_argument,       NULL, 'r'},
> - 			{"root",           required_argument, NULL, 'R'},
> --			{"prefix",         required_argument, NULL, 'P'},
> -+			{"prefix",         required_argument, NULL, 'A'},
> - 			{"shell",          required_argument, NULL, 's'},
> - 			{"uid",            required_argument, NULL, 'u'},
> - 			{"user-group",     no_argument,       NULL, 'U'},
> -@@ -1146,9 +1148,9 @@ static void process_flags (int argc, char **argv)
> - 		};
> - 		while ((c = getopt_long (argc, argv,
> - #ifdef WITH_SELINUX
> --		                         "b:c:d:De:f:g:G:hk:K:lmMNop:rR:P:s:u:UZ:",
> -+		                         "b:c:d:De:f:g:G:hk:K:lmMNop:P:rR:A:s:u:UZ:",
> - #else				/* !WITH_SELINUX */
> --		                         "b:c:d:De:f:g:G:hk:K:lmMNop:rR:P:s:u:U",
> -+		                         "b:c:d:De:f:g:G:hk:K:lmMNop:P:rR:A:s:u:U",
> - #endif				/* !WITH_SELINUX */
> - 		                         long_options, NULL)) != -1) {
> - 			switch (c) {
> -@@ -1320,12 +1322,19 @@ static void process_flags (int argc, char **argv)
> - 				}
> - 				user_pass = optarg;
> - 				break;
> -+			case 'P': /* set clear text password */
> -+				user_pass = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
> -+				break;
> - 			case 'r':
> - 				rflg = true;
> - 				break;
> - 			case 'R': /* no-op, handled in process_root_flag () */
> - 				break;
> --			case 'P': /* no-op, handled in process_prefix_flag () */
> -+			case 'A': /* no-op, handled in process_prefix_flag () */
> -+				fprintf (stderr,
> -+					 _("%s: -A is deliberately not supported \n"),
> -+					 Prog);
> -+				exit (E_BAD_ARG);
> - 				break;
> - 			case 's':
> - 				if (   ( !VALID (optarg) )
> -@@ -2257,7 +2266,7 @@ int main (int argc, char **argv)
> -
> - 	process_root_flag ("-R", argc, argv);
> -
> --	prefix = process_prefix_flag("-P", argc, argv);
> -+	prefix = process_prefix_flag("-A", argc, argv);
> -
> - 	OPENLOG ("useradd");
> - #ifdef WITH_AUDIT
> -diff --git a/src/usermod.c b/src/usermod.c
> -index 21c6da9..cffdb3e 100644
> ---- a/src/usermod.c
> -+++ b/src/usermod.c
> -@@ -431,8 +431,9 @@ static /*@noreturn@*/void usage (int status)
> - 	                "                                new location (use only with -d)\n"), usageout);
> - 	(void) fputs (_("  -o, --non-unique              allow using duplicate (non-unique) UID\n"), usageout);
> - 	(void) fputs (_("  -p, --password PASSWORD       use encrypted password for the new password\n"), usageout);
> -+	(void) fputs (_("  -P, --clear-password PASSWORD use clear password for the new password\n"), usageout);
> - 	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), usageout);
> --	(void) fputs (_("  -P, --prefix PREFIX_DIR       prefix directory where are located the /etc/* files\n"), usageout);
> -+	(void) fputs (_("  -A, --prefix PREFIX_DIR       prefix directory where are located the /etc/* files\n"), usageout);
> - 	(void) fputs (_("  -s, --shell SHELL             new login shell for the user account\n"), usageout);
> - 	(void) fputs (_("  -u, --uid UID                 new UID for the user account\n"), usageout);
> - 	(void) fputs (_("  -U, --unlock                  unlock the user account\n"), usageout);
> -@@ -1010,8 +1011,9 @@ static void process_flags (int argc, char **argv)
> - 			{"move-home",    no_argument,       NULL, 'm'},
> - 			{"non-unique",   no_argument,       NULL, 'o'},
> - 			{"password",     required_argument, NULL, 'p'},
> -+			{"clear-password", required_argument, NULL, 'P'},
> - 			{"root",         required_argument, NULL, 'R'},
> --			{"prefix",       required_argument, NULL, 'P'},
> -+			{"prefix",       required_argument, NULL, 'A'},
> - 			{"shell",        required_argument, NULL, 's'},
> - 			{"uid",          required_argument, NULL, 'u'},
> - 			{"unlock",       no_argument,       NULL, 'U'},
> -@@ -1027,7 +1029,7 @@ static void process_flags (int argc, char **argv)
> - 			{NULL, 0, NULL, '\0'}
> - 		};
> - 		while ((c = getopt_long (argc, argv,
> --		                         "abc:d:e:f:g:G:hl:Lmop:R:s:u:UP:"
> -+		                         "abc:d:e:f:g:G:hl:Lmop:P:R:s:u:UA:"
> - #ifdef ENABLE_SUBIDS
> - 		                         "v:w:V:W:"
> - #endif				/* ENABLE_SUBIDS */
> -@@ -1130,9 +1132,17 @@ static void process_flags (int argc, char **argv)
> - 				user_pass = optarg;
> - 				pflg = true;
> - 				break;
> -+			case 'P':
> -+				user_pass = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
> -+				pflg = true;
> -+				break;
> - 			case 'R': /* no-op, handled in process_root_flag () */
> - 				break;
> --			case 'P': /* no-op, handled in process_prefix_flag () */
> -+			case 'A': /* no-op, handled in process_prefix_flag () */
> -+				fprintf (stderr,
> -+					 _("%s: -A is deliberately not supported \n"),
> -+					 Prog);
> -+				exit (E_BAD_ARG);
> - 				break;
> - 			case 's':
> - 				if (!VALID (optarg)) {
> -@@ -2127,7 +2137,7 @@ int main (int argc, char **argv)
> - 	(void) textdomain (PACKAGE);
> -
> - 	process_root_flag ("-R", argc, argv);
> --	prefix = process_prefix_flag ("-P", argc, argv);
> -+	prefix = process_prefix_flag ("-A", argc, argv);
> -
> - 	OPENLOG ("usermod");
> - #ifdef WITH_AUDIT
> diff --git a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch
> index 9825216369..bd24626a26 100644
> --- a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch
> +++ b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch
> @@ -1,4 +1,4 @@
> -From 66533c7c6f347d257020675a1ed6e0c59cbbc3f0 Mon Sep 17 00:00:00 2001
> +From 1422c24f7266b553c82100e3d18a10c55cd91063 Mon Sep 17 00:00:00 2001
>  From: Chen Qi <Qi.Chen@windriver.com> <Qi.Chen@windriver.com>
>  Date: Thu, 17 Jul 2014 15:53:34 +0800
>  Subject: [PATCH] commonio.c-fix-unexpected-open-failure-in-chroot-env
> @@ -21,10 +21,10 @@ Signed-off-by: Chen Qi <Qi.Chen@windriver.com> <Qi.Chen@windriver.com>
>   1 file changed, 12 insertions(+), 4 deletions(-)
>
>  diff --git a/lib/commonio.c b/lib/commonio.c
> -index 16fa7e7..d6bc297 100644
> +index cef404b..66908fb 100644
>  --- a/lib/commonio.c
>  +++ b/lib/commonio.c
> -@@ -632,10 +632,18 @@ int commonio_open (struct commonio_db *db, int mode)
> +@@ -646,10 +646,18 @@ int commonio_open (struct commonio_db *db, int mode)
>   	db->cursor = NULL;
>   	db->changed = false;
>
> diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc
> index 2cbdfbc1cf..51d2ca5f16 100644
> --- a/meta/recipes-extended/shadow/shadow.inc
> +++ b/meta/recipes-extended/shadow/shadow.inc
> @@ -10,10 +10,12 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=ed80ff1c2b40843cf5768e5229cf16e5 \
>  DEPENDS = "virtual/crypt"
>
>  UPSTREAM_CHECK_URI = "https://github.com/shadow-maint/shadow/releases" <https://github.com/shadow-maint/shadow/releases>
> -SRC_URI = "https://github.com/shadow-maint/shadow/releases/download/${PV}/${BP}.tar.gz \
> +SRC_URI = " <https://github.com/shadow-maint/shadow/releases/download/$%7BPV%7D/$%7BBP%7D.tar.gz%5C+SRC_URI=>https://github.com/shadow-maint/shadow/releases/download/v${PV}/${BP}.tar.gz \
>             file://shadow-4.1.3-dots-in-usernames.patch \
>             ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \
>             file://shadow-relaxed-usernames.patch \
> +           file://0001-Fix-out-of-tree-builds-with-respect-to-libsubid-incl.patch \
> +           file://0001-libsubid-link-to-PAM-libraries.patch \
>             "
>
>  SRC_URI_append_class-target = " \
> @@ -23,15 +25,13 @@ SRC_URI_append_class-target = " \
>
>  SRC_URI_append_class-native = " \
>             file://0001-Disable-use-of-syslog-for-sysroot.patch \
> -           file://0002-Allow-for-setting-password-in-clear-text.patch \
>             file://commonio.c-fix-unexpected-open-failure-in-chroot-env.patch \
>             "
>  SRC_URI_append_class-nativesdk = " \
>             file://0001-Disable-use-of-syslog-for-sysroot.patch \
>             "
>
> -SRC_URI[md5sum] = "3d97f11e66bfb0b14702b115fa8be480"
> -SRC_URI[sha256sum] = "3ee3081fbbcbcfea5c8916419e46bc724807bab271072104f23e7a29e9668f3a"
> +SRC_URI[sha256sum] = "6c4627ff9c9422b96664517ae753c944f2902e92809d0698b65f5fef11985212"
>
>  # Additional Policy files for PAM
>  PAM_SRC_URI = "file://pam.d/chfn \
> @@ -115,12 +115,6 @@ do_install() {
>  	# Use proper encryption for passwords
>  	sed -i 's/^#ENCRYPT_METHOD.*$/ENCRYPT_METHOD SHA512/' ${D}${sysconfdir}/login.defs
>
> -	# Now we don't have a mail system. Disable mail creation for now.
> -	sed -i 's:/bin/bash:/bin/sh:g' ${D}${sysconfdir}/default/useradd
> -	sed -i '/^CREATE_MAIL_SPOOL/ s:^:#:' ${D}${sysconfdir}/default/useradd
> -
> -	# Use users group by default
> -	sed -i 's,^GROUP=1000,GROUP=100,g' ${D}${sysconfdir}/default/useradd
>  }
>
>  do_install_append() {
> @@ -184,13 +178,6 @@ ALTERNATIVE_${PN}-base = "newgrp groups login su"
>  ALTERNATIVE_LINK_NAME[login] = "${base_bindir}/login"
>  ALTERNATIVE_LINK_NAME[su] = "${base_bindir}/su"
>
> -ALTERNATIVE_${PN}-doc = "passwd.5 getspnam.3 groups.1 su.1 nologin.8"
> -ALTERNATIVE_LINK_NAME[passwd.5] = "${mandir}/man5/passwd.5"
> -ALTERNATIVE_LINK_NAME[getspnam.3] = "${mandir}/man3/getspnam.3"
> -ALTERNATIVE_LINK_NAME[groups.1] = "${mandir}/man1/groups.1"
> -ALTERNATIVE_LINK_NAME[su.1] = "${mandir}/man1/su.1"
> -ALTERNATIVE_LINK_NAME[nologin.8] = "${mandir}/man8/nologin.8"
> -
>  PACKAGE_WRITE_DEPS += "shadow-native"
>  pkg_postinst_${PN}_class-target () {
>  	if [ "x$D" != "x" ]; then
> diff --git a/meta/recipes-extended/shadow/shadow_4.8.1.bb b/meta/recipes-extended/shadow/shadow_4.9.bb
> similarity index 100%
> rename from meta/recipes-extended/shadow/shadow_4.8.1.bb
> rename to meta/recipes-extended/shadow/shadow_4.9.bb
>
>
> 
>
>
>

[-- Attachment #2: Type: text/html, Size: 34108 bytes --]

Re: [OE-core] [PATCH 6/9] shadow: update 4.8.1 -> 4.9

[Khem Raj]

On 8/4/21 3:12 AM, Alexander Kanavin wrote:
> Yes, plaintext passwords can no longer be there, which is a good thing 
> I'd say? The hashed/salted passwords can still be provided through the 
> same class, but this needs to be documented, and perhaps tested too.
> 

Its perhaps fine to discourage plaintext password setting, but it is a 
user visible feature as it seems. So the documentation should change for 
sure to not use it and it should also go into migration guide since it 
has a potential of tripping a lot of folks. I think documenting the 
intent to move away from plaintext is urgent, then the question is if
we want to fist deprecate it or delete this option all in one go.

> Alex
> 
> On Wed, 4 Aug 2021 at 10:39, Yi Zhao <yi.zhao@windriver.com 
> <mailto:yi.zhao@windriver.com>> wrote:
> 
> 
>     On 7/30/21 7:45 PM, Alexander Kanavin wrote:
>>     Add a couple backports to fix builds.
>>
>>     Drop 0002-Allow-for-setting-password-in-clear-text.patch;
>>     what it adds is horribly insecure and AB testing didn't reveal any
>>     regressions or use cases for it.
> 
>     Dropping this patch makes the password setting function in
>     extrausers.bbclass unavailable:
>     https://docs.yoctoproject.org/singleindex.html#extrausers-bbclass
>     <https://docs.yoctoproject.org/singleindex.html#extrausers-bbclass>
> 
> 
>     //Yi
> 
> 
>>     Drop /etc/default/ tweaks as files are no longer installed there.
>>
>>     Drop manpage alternatives as manpages are no longer installed.
>>
>>     Signed-off-by: Alexander Kanavin<alex.kanavin@gmail.com>  <mailto:alex.kanavin@gmail.com>
>>     ---
>>       ...01-Disable-use-of-syslog-for-sysroot.patch |  29 +-
>>       ...builds-with-respect-to-libsubid-incl.patch | 114 +++++++
>>       .../0001-libsubid-link-to-PAM-libraries.patch |  31 ++
>>       ...w-for-setting-password-in-clear-text.patch | 301 ------------------
>>       ...nexpected-open-failure-in-chroot-env.patch |   6 +-
>>       meta/recipes-extended/shadow/shadow.inc       |  21 +-
>>       .../shadow/{shadow_4.8.1.bb  <http://shadow_4.8.1.bb>  =>shadow_4.9.bb  <http://shadow_4.9.bb>} |   0
>>       7 files changed, 167 insertions(+), 335 deletions(-)
>>       create mode 100644 meta/recipes-extended/shadow/files/0001-Fix-out-of-tree-builds-with-respect-to-libsubid-incl.patch
>>       create mode 100644 meta/recipes-extended/shadow/files/0001-libsubid-link-to-PAM-libraries.patch
>>       delete mode 100644 meta/recipes-extended/shadow/files/0002-Allow-for-setting-password-in-clear-text.patch
>>       rename meta/recipes-extended/shadow/{shadow_4.8.1.bb  <http://shadow_4.8.1.bb>  =>shadow_4.9.bb  <http://shadow_4.9.bb>} (100%)
>>
>>     diff --git a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch b/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch
>>     index ab317b9aa0..95728bcd3f 100644
>>     --- a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch
>>     +++ b/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch
>>     @@ -1,4 +1,4 @@
>>     -From fa2d9453656641002802d8165e80adb9e6a729d2 Mon Sep 17 00:00:00 2001
>>     +From 30a3906a0a21120fa6bbc918b6258ab9303fbeaa Mon Sep 17 00:00:00 2001
>>       From: Scott Garman<scott.a.garman@intel.com>  <mailto:scott.a.garman@intel.com>
>>       Date: Thu, 14 Apr 2016 12:28:57 +0200
>>       Subject: [PATCH] Disable use of syslog for sysroot
>>     @@ -19,12 +19,12 @@ Signed-off-by: Chen Qi<Qi.Chen@windriver.com>  <mailto:Qi.Chen@windriver.com>
>>        src/groupmems.c | 3 +++
>>        src/groupmod.c  | 3 +++
>>        src/useradd.c   | 3 +++
>>     - src/userdel.c   | 3 +++
>>     + src/userdel.c   | 4 ++++
>>        src/usermod.c   | 3 +++
>>     - 7 files changed, 21 insertions(+)
>>     + 7 files changed, 22 insertions(+)
>>       
>>       diff --git a/src/groupadd.c b/src/groupadd.c
>>     -index 2dd8eec..e9c4bb7 100644
>>     +index d7f68b1..5fe5f43 100644
>>       --- a/src/groupadd.c
>>       +++ b/src/groupadd.c
>>       @@ -34,6 +34,9 @@
>>     @@ -38,7 +38,7 @@ index 2dd8eec..e9c4bb7 100644
>>        #include <fcntl.h>
>>        #include <getopt.h>
>>       diff --git a/src/groupdel.c b/src/groupdel.c
>>     -index f941a84..5a70056 100644
>>     +index 5c89312..2aefc5a 100644
>>       --- a/src/groupdel.c
>>       +++ b/src/groupdel.c
>>       @@ -34,6 +34,9 @@
>>     @@ -52,7 +52,7 @@ index f941a84..5a70056 100644
>>        #include <fcntl.h>
>>        #include <grp.h>
>>       diff --git a/src/groupmems.c b/src/groupmems.c
>>     -index fc91c8b..2842514 100644
>>     +index 654a8f3..6b2026b 100644
>>       --- a/src/groupmems.c
>>       +++ b/src/groupmems.c
>>       @@ -32,6 +32,9 @@
>>     @@ -66,7 +66,7 @@ index fc91c8b..2842514 100644
>>        #include <getopt.h>
>>        #include <grp.h>
>>       diff --git a/src/groupmod.c b/src/groupmod.c
>>     -index 1dca5fc..bc14438 100644
>>     +index acd6f35..a2c5247 100644
>>       --- a/src/groupmod.c
>>       +++ b/src/groupmod.c
>>       @@ -34,6 +34,9 @@
>>     @@ -80,7 +80,7 @@ index 1dca5fc..bc14438 100644
>>        #include <fcntl.h>
>>        #include <getopt.h>
>>       diff --git a/src/useradd.c b/src/useradd.c
>>     -index 4af0f7c..1b7bf06 100644
>>     +index 127177e..b80e505 100644
>>       --- a/src/useradd.c
>>       +++ b/src/useradd.c
>>       @@ -34,6 +34,9 @@
>>     @@ -94,21 +94,22 @@ index 4af0f7c..1b7bf06 100644
>>        #include <ctype.h>
>>        #include <errno.h>
>>       diff --git a/src/userdel.c b/src/userdel.c
>>     -index cc951e5..153e0be 100644
>>     +index 79a7c89..c1e010a 100644
>>       --- a/src/userdel.c
>>       +++ b/src/userdel.c
>>     -@@ -34,6 +34,9 @@
>>     -
>>     - #ident "$Id$"
>>     +@@ -31,6 +31,10 @@
>>     +  */
>>        
>>     + #include <config.h>
>>     ++
>>       +/* Disable use of syslog since we're running this command against a sysroot */
>>       +#undef USE_SYSLOG
>>       +
>>        #include <assert.h>
>>     + #include <dirent.h>
>>        #include <errno.h>
>>     - #include <fcntl.h>
>>       diff --git a/src/usermod.c b/src/usermod.c
>>     -index 05b9871..21c6da9 100644
>>     +index 03bb9b9..e15fdd4 100644
>>       --- a/src/usermod.c
>>       +++ b/src/usermod.c
>>       @@ -34,6 +34,9 @@
>>     diff --git a/meta/recipes-extended/shadow/files/0001-Fix-out-of-tree-builds-with-respect-to-libsubid-incl.patch b/meta/recipes-extended/shadow/files/0001-Fix-out-of-tree-builds-with-respect-to-libsubid-incl.patch
>>     new file mode 100644
>>     index 0000000000..c577be6505
>>     --- /dev/null
>>     +++ b/meta/recipes-extended/shadow/files/0001-Fix-out-of-tree-builds-with-respect-to-libsubid-incl.patch
>>     @@ -0,0 +1,114 @@
>>     +From eced8077b57946fe0b723e7c6c510e8f344ce89b Mon Sep 17 00:00:00 2001
>>     +From: Serge Hallyn<serge@hallyn.com>  <mailto:serge@hallyn.com>
>>     +Date: Fri, 23 Jul 2021 17:51:13 -0500
>>     +Subject: [PATCH] Fix out of tree builds with respect to libsubid includes
>>     +
>>     +There's a better way to do this, and I hope to clean that up,
>>     +but this fixes out of tree builds for me right now.
>>     +
>>     +Closes #386
>>     +
>>     +Signed-off-by: Serge Hallyn<serge@hallyn.com>  <mailto:serge@hallyn.com>
>>     +Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/537b8cd90be7b47b45c45cfd27765ef85eb0ebf1  <https://github.com/shadow-maint/shadow/commit/537b8cd90be7b47b45c45cfd27765ef85eb0ebf1>]
>>     +Signed-off-by: Alexander Kanavin<alex.kanavin@gmail.com>  <mailto:alex.kanavin@gmail.com>
>>     +---
>>     + lib/Makefile.am      | 2 ++
>>     + libmisc/Makefile.am  | 2 +-
>>     + libsubid/Makefile.am | 4 ++--
>>     + src/Makefile.am      | 6 ++++++
>>     + 4 files changed, 11 insertions(+), 3 deletions(-)
>>     +
>>     +diff --git a/lib/Makefile.am b/lib/Makefile.am
>>     +index ecf3ee25..5ac2e111 100644
>>     +--- a/lib/Makefile.am
>>     ++++ b/lib/Makefile.am
>>     +@@ -10,6 +10,8 @@ if HAVE_VENDORDIR
>>     + libshadow_la_CPPFLAGS += -DVENDORDIR=\"$(VENDORDIR)\"
>>     + endif
>>     +
>>     ++libshadow_la_CPPFLAGS += -I$(top_srcdir)
>>     ++
>>     + libshadow_la_SOURCES = \
>>     + 	commonio.c \
>>     + 	commonio.h \
>>     +diff --git a/libmisc/Makefile.am b/libmisc/Makefile.am
>>     +index 9766a7ec..9f237e0d 100644
>>     +--- a/libmisc/Makefile.am
>>     ++++ b/libmisc/Makefile.am
>>     +@@ -1,7 +1,7 @@
>>     +
>>     + EXTRA_DIST = .indent.pro  <http://indent.pro>  xgetXXbyYY.c
>>     +
>>     +-AM_CPPFLAGS = -I$(top_srcdir)/lib $(ECONF_CPPFLAGS)
>>     ++AM_CPPFLAGS = -I$(top_srcdir)/lib -I$(top_srcdir) $(ECONF_CPPFLAGS)
>>     +
>>     + noinst_LTLIBRARIES =libmisc.la  <http://libmisc.la>
>>     +
>>     +diff --git a/libsubid/Makefile.am b/libsubid/Makefile.am
>>     +index 189165b0..cdc41fe6 100644
>>     +--- a/libsubid/Makefile.am
>>     ++++ b/libsubid/Makefile.am
>>     +@@ -19,8 +19,8 @@ MISCLIBS = \
>>     + 	$(LIBTCB)
>>     +
>>     + libsubid_la_LIBADD = \
>>     +-	$(top_srcdir)/lib/libshadow.la  <http://libshadow.la>  \
>>     +-	$(top_srcdir)/libmisc/libmisc.la  <http://libmisc.la>  \
>>     ++	$(top_builddir)/lib/libshadow.la  <http://libshadow.la>  \
>>     ++	$(top_builddir)/libmisc/libmisc.la  <http://libmisc.la>  \
>>     + 	$(MISCLIBS) -ldl
>>     +
>>     + AM_CPPFLAGS = \
>>     +diff --git a/src/Makefile.am b/src/Makefile.am
>>     +index 35027013..7c1a3491 100644
>>     +--- a/src/Makefile.am
>>     ++++ b/src/Makefile.am
>>     +@@ -10,6 +10,7 @@ sgidperms = 2755
>>     + AM_CPPFLAGS = \
>>     + 	-I${top_srcdir}/lib \
>>     + 	-I$(top_srcdir)/libmisc \
>>     ++	-I$(top_srcdir) \
>>     + 	-DLOCALEDIR=\"$(datadir)/locale\"
>>     +
>>     + # XXX why are login and su in /bin anyway (other than for
>>     +@@ -183,6 +184,7 @@ list_subid_ranges_LDADD = \
>>     + list_subid_ranges_CPPFLAGS = \
>>     + 	-I$(top_srcdir)/lib \
>>     + 	-I$(top_srcdir)/libmisc \
>>     ++	-I$(top_srcdir) \
>>     + 	-I$(top_srcdir)/libsubid
>>     +
>>     + get_subid_owners_LDADD = \
>>     +@@ -194,11 +196,13 @@ get_subid_owners_LDADD = \
>>     + get_subid_owners_CPPFLAGS = \
>>     + 	-I$(top_srcdir)/lib \
>>     + 	-I$(top_srcdir)/libmisc \
>>     ++	-I$(top_srcdir) \
>>     + 	-I$(top_srcdir)/libsubid
>>     +
>>     + new_subid_range_CPPFLAGS = \
>>     + 	-I$(top_srcdir)/lib \
>>     + 	-I$(top_srcdir)/libmisc \
>>     ++	-I$(top_srcdir) \
>>     + 	-I$(top_srcdir)/libsubid
>>     +
>>     + new_subid_range_LDADD = \
>>     +@@ -210,6 +214,7 @@ new_subid_range_LDADD = \
>>     + free_subid_range_CPPFLAGS = \
>>     + 	-I$(top_srcdir)/lib \
>>     + 	-I$(top_srcdir)/libmisc \
>>     ++	-I$(top_srcdir) \
>>     + 	-I$(top_srcdir)/libsubid
>>     +
>>     + free_subid_range_LDADD = \
>>     +@@ -220,6 +225,7 @@ free_subid_range_LDADD = \
>>     +
>>     + check_subid_range_CPPFLAGS = \
>>     + 	-I$(top_srcdir)/lib \
>>     ++	-I$(top_srcdir) \
>>     + 	-I$(top_srcdir)/libmisc
>>     +
>>     + check_subid_range_LDADD = \
>>     +--
>>     +2.31.1
>>     +
>>     diff --git a/meta/recipes-extended/shadow/files/0001-libsubid-link-to-PAM-libraries.patch b/meta/recipes-extended/shadow/files/0001-libsubid-link-to-PAM-libraries.patch
>>     new file mode 100644
>>     index 0000000000..ea7a99dbf7
>>     --- /dev/null
>>     +++ b/meta/recipes-extended/shadow/files/0001-libsubid-link-to-PAM-libraries.patch
>>     @@ -0,0 +1,31 @@
>>     +From 4f44617af3a0c59be267ac5fcc33586e3783f5e6 Mon Sep 17 00:00:00 2001
>>     +From: Xi Ruoyao<xry111@mengyan1223.wang>  <mailto:xry111@mengyan1223.wang>
>>     +Date: Fri, 23 Jul 2021 14:38:08 +0800
>>     +Subject: [PATCH] libsubid: link to PAM libraries
>>     +
>>     +libsubid.so links to libmisc.a, which contains several routines referring to
>>     +PAM functions.
>>     +
>>     +Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/f4a84efb468b8be21be124700ce35159c444e9d6  <https://github.com/shadow-maint/shadow/commit/f4a84efb468b8be21be124700ce35159c444e9d6>]
>>     +Signed-off-by: Alexander Kanavin<alex.kanavin@gmail.com>  <mailto:alex.kanavin@gmail.com>
>>     +---
>>     + libsubid/Makefile.am | 3 ++-
>>     + 1 file changed, 2 insertions(+), 1 deletion(-)
>>     +
>>     +diff --git a/libsubid/Makefile.am b/libsubid/Makefile.am
>>     +index cdc41fe6..99308c1f 100644
>>     +--- a/libsubid/Makefile.am
>>     ++++ b/libsubid/Makefile.am
>>     +@@ -16,7 +16,8 @@ MISCLIBS = \
>>     + 	$(LIBCRYPT) \
>>     + 	$(LIBACL) \
>>     + 	$(LIBATTR) \
>>     +-	$(LIBTCB)
>>     ++	$(LIBTCB) \
>>     ++	$(LIBPAM)
>>     +
>>     + libsubid_la_LIBADD = \
>>     + 	$(top_builddir)/lib/libshadow.la  <http://libshadow.la>  \
>>     +--
>>     +2.31.1
>>     +
>>     diff --git a/meta/recipes-extended/shadow/files/0002-Allow-for-setting-password-in-clear-text.patch b/meta/recipes-extended/shadow/files/0002-Allow-for-setting-password-in-clear-text.patch
>>     deleted file mode 100644
>>     index c6332e4f76..0000000000
>>     --- a/meta/recipes-extended/shadow/files/0002-Allow-for-setting-password-in-clear-text.patch
>>     +++ /dev/null
>>     @@ -1,301 +0,0 @@
>>     -From a7d995228491ad5255ad86c1f04ba071f6880897 Mon Sep 17 00:00:00 2001
>>     -From: Chen Qi<Qi.Chen@windriver.com>  <mailto:Qi.Chen@windriver.com>
>>     -Date: Sat, 16 Nov 2013 15:27:47 +0800
>>     -Subject: [PATCH] Allow for setting password in clear text
>>     -
>>     -Upstream-Status: Inappropriate [OE specific]
>>     -
>>     -Signed-off-by: Chen Qi<Qi.Chen@windriver.com>  <mailto:Qi.Chen@windriver.com>
>>     -
>>     ----
>>     - src/Makefile.am |  8 ++++----
>>     - src/groupadd.c  | 20 +++++++++++++++-----
>>     - src/groupmod.c  | 20 +++++++++++++++-----
>>     - src/useradd.c   | 21 +++++++++++++++------
>>     - src/usermod.c   | 20 +++++++++++++++-----
>>     - 5 files changed, 64 insertions(+), 25 deletions(-)
>>     -
>>     -diff --git a/src/Makefile.am b/src/Makefile.am
>>     -index f31fd7a..4a317a3 100644
>>     ---- a/src/Makefile.am
>>     -+++ b/src/Makefile.am
>>     -@@ -103,10 +103,10 @@ chsh_LDADD     = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM)
>>     - chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF)
>>     - expiry_LDADD = $(LDADD) $(LIBECONF)
>>     - gpasswd_LDADD  = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF)
>>     --groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
>>     -+groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) $(LIBCRYPT)
>>     - groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
>>     - groupmems_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
>>     --groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
>>     -+groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) $(LIBCRYPT)
>>     - grpck_LDADD    = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
>>     - grpconv_LDADD  = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
>>     - grpunconv_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
>>     -@@ -127,9 +127,9 @@ su_SOURCES     = \
>>     - 	suauth.c
>>     - su_LDADD       = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF)
>>     - sulogin_LDADD  = $(LDADD) $(LIBCRYPT) $(LIBECONF)
>>     --useradd_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF)
>>     -+useradd_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) $(LIBCRYPT)
>>     - userdel_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBECONF)
>>     --usermod_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF)
>>     -+usermod_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) $(LIBCRYPT)
>>     - vipw_LDADD     = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
>>     -
>>     - install-am: all-am
>>     -diff --git a/src/groupadd.c b/src/groupadd.c
>>     -index e9c4bb7..d572c00 100644
>>     ---- a/src/groupadd.c
>>     -+++ b/src/groupadd.c
>>     -@@ -127,9 +127,10 @@ static /*@noreturn@*/void usage (int status)
>>     - 	(void) fputs (_("  -o, --non-unique              allow to create groups with duplicate\n"
>>     - 	                "                                (non-unique) GID\n"), usageout);
>>     - 	(void) fputs (_("  -p, --password PASSWORD       use this encrypted password for the new group\n"), usageout);
>>     -+	(void) fputs (_("  -P, --clear-password PASSWORD use this clear password for the new group\n"), usageout);
>>     - 	(void) fputs (_("  -r, --system                  create a system account\n"), usageout);
>>     - 	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), usageout);
>>     --	(void) fputs (_("  -P, --prefix PREFIX_DIR       directory prefix\n"), usageout);
>>     -+	(void) fputs (_("  -A, --prefix PREFIX_DIR       directory prefix\n"), usageout);
>>     - 	(void) fputs ("\n", usageout);
>>     - 	exit (status);
>>     - }
>>     -@@ -391,13 +392,14 @@ static void process_flags (int argc, char **argv)
>>     - 		{"key",        required_argument, NULL, 'K'},
>>     - 		{"non-unique", no_argument,       NULL, 'o'},
>>     - 		{"password",   required_argument, NULL, 'p'},
>>     -+		{"clear-password", required_argument, NULL, 'P'},
>>     - 		{"system",     no_argument,       NULL, 'r'},
>>     - 		{"root",       required_argument, NULL, 'R'},
>>     --		{"prefix",     required_argument, NULL, 'P'},
>>     -+		{"prefix",     required_argument, NULL, 'A'},
>>     - 		{NULL, 0, NULL, '\0'}
>>     - 	};
>>     -
>>     --	while ((c = getopt_long (argc, argv, "fg:hK:op:rR:P:",
>>     -+	while ((c = getopt_long (argc, argv, "fg:hK:op:P:rR:A:",
>>     - 		                 long_options, NULL)) != -1) {
>>     - 		switch (c) {
>>     - 		case 'f':
>>     -@@ -449,12 +451,20 @@ static void process_flags (int argc, char **argv)
>>     - 			pflg = true;
>>     - 			group_passwd = optarg;
>>     - 			break;
>>     -+		case 'P':
>>     -+			pflg = true;
>>     -+			group_passwd = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
>>     -+			break;
>>     - 		case 'r':
>>     - 			rflg = true;
>>     - 			break;
>>     - 		case 'R': /* no-op, handled in process_root_flag () */
>>     - 			break;
>>     --		case 'P': /* no-op, handled in process_prefix_flag () */
>>     -+		case 'A': /* no-op, handled in process_prefix_flag () */
>>     -+			fprintf (stderr,
>>     -+				 _("%s: -A is deliberately not supported \n"),
>>     -+				 Prog);
>>     -+			exit (E_BAD_ARG);
>>     - 			break;
>>     - 		default:
>>     - 			usage (E_USAGE);
>>     -@@ -588,7 +598,7 @@ int main (int argc, char **argv)
>>     - 	(void) textdomain (PACKAGE);
>>     -
>>     - 	process_root_flag ("-R", argc, argv);
>>     --	prefix = process_prefix_flag ("-P", argc, argv);
>>     -+	prefix = process_prefix_flag ("-A", argc, argv);
>>     -
>>     - 	OPENLOG ("groupadd");
>>     - #ifdef WITH_AUDIT
>>     -diff --git a/src/groupmod.c b/src/groupmod.c
>>     -index bc14438..25ccb44 100644
>>     ---- a/src/groupmod.c
>>     -+++ b/src/groupmod.c
>>     -@@ -138,8 +138,9 @@ static void usage (int status)
>>     - 	(void) fputs (_("  -o, --non-unique              allow to use a duplicate (non-unique) GID\n"), usageout);
>>     - 	(void) fputs (_("  -p, --password PASSWORD       change the password to this (encrypted)\n"
>>     - 	                "                                PASSWORD\n"), usageout);
>>     -+	(void) fputs (_("  -P, --clear-password PASSWORD change the password to this clear PASSWORD\n"), usageout);
>>     - 	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), usageout);
>>     --	(void) fputs (_("  -P, --prefix PREFIX_DIR       prefix directory where are located the /etc/* files\n"), usageout);
>>     -+	(void) fputs (_("  -A, --prefix PREFIX_DIR       prefix directory where are located the /etc/* files\n"), usageout);
>>     - 	(void) fputs ("\n", usageout);
>>     - 	exit (status);
>>     - }
>>     -@@ -387,11 +388,12 @@ static void process_flags (int argc, char **argv)
>>     - 		{"new-name",   required_argument, NULL, 'n'},
>>     - 		{"non-unique", no_argument,       NULL, 'o'},
>>     - 		{"password",   required_argument, NULL, 'p'},
>>     -+		{"clear-password", required_argument, NULL, 'P'},
>>     - 		{"root",       required_argument, NULL, 'R'},
>>     --		{"prefix",     required_argument, NULL, 'P'},
>>     -+		{"prefix",     required_argument, NULL, 'A'},
>>     - 		{NULL, 0, NULL, '\0'}
>>     - 	};
>>     --	while ((c = getopt_long (argc, argv, "g:hn:op:R:P:",
>>     -+	while ((c = getopt_long (argc, argv, "g:hn:op:P:R:A:",
>>     - 		                 long_options, NULL)) != -1) {
>>     - 		switch (c) {
>>     - 		case 'g':
>>     -@@ -418,9 +420,17 @@ static void process_flags (int argc, char **argv)
>>     - 			group_passwd = optarg;
>>     - 			pflg = true;
>>     - 			break;
>>     -+		case 'P':
>>     -+			group_passwd = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
>>     -+			pflg = true;
>>     -+			break;
>>     - 		case 'R': /* no-op, handled in process_root_flag () */
>>     - 			break;
>>     --		case 'P': /* no-op, handled in process_prefix_flag () */
>>     -+		case 'A': /* no-op, handled in process_prefix_flag () */
>>     -+			fprintf (stderr,
>>     -+				 _("%s: -A is deliberately not supported \n"),
>>     -+				 Prog);
>>     -+			exit (E_BAD_ARG);
>>     - 			break;
>>     - 		default:
>>     - 			usage (E_USAGE);
>>     -@@ -761,7 +771,7 @@ int main (int argc, char **argv)
>>     - 	(void) textdomain (PACKAGE);
>>     -
>>     - 	process_root_flag ("-R", argc, argv);
>>     --	prefix = process_prefix_flag ("-P", argc, argv);
>>     -+	prefix = process_prefix_flag ("-A", argc, argv);
>>     -
>>     - 	OPENLOG ("groupmod");
>>     - #ifdef WITH_AUDIT
>>     -diff --git a/src/useradd.c b/src/useradd.c
>>     -index 1b7bf06..44f09e2 100644
>>     ---- a/src/useradd.c
>>     -+++ b/src/useradd.c
>>     -@@ -853,9 +853,10 @@ static void usage (int status)
>>     - 	(void) fputs (_("  -o, --non-unique              allow to create users with duplicate\n"
>>     - 	                "                                (non-unique) UID\n"), usageout);
>>     - 	(void) fputs (_("  -p, --password PASSWORD       encrypted password of the new account\n"), usageout);
>>     -+	(void) fputs (_("  -P, --clear-password PASSWORD clear password of the new account\n"), usageout);
>>     - 	(void) fputs (_("  -r, --system                  create a system account\n"), usageout);
>>     - 	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), usageout);
>>     --	(void) fputs (_("  -P, --prefix PREFIX_DIR       prefix directory where are located the /etc/* files\n"), usageout);
>>     -+	(void) fputs (_("  -A, --prefix PREFIX_DIR       prefix directory where are located the /etc/* files\n"), usageout);
>>     - 	(void) fputs (_("  -s, --shell SHELL             login shell of the new account\n"), usageout);
>>     - 	(void) fputs (_("  -u, --uid UID                 user ID of the new account\n"), usageout);
>>     - 	(void) fputs (_("  -U, --user-group              create a group with the same name as the user\n"), usageout);
>>     -@@ -1133,9 +1134,10 @@ static void process_flags (int argc, char **argv)
>>     - 			{"no-user-group",  no_argument,       NULL, 'N'},
>>     - 			{"non-unique",     no_argument,       NULL, 'o'},
>>     - 			{"password",       required_argument, NULL, 'p'},
>>     -+			{"clear-password", required_argument, NULL, 'P'},
>>     - 			{"system",         no_argument,       NULL, 'r'},
>>     - 			{"root",           required_argument, NULL, 'R'},
>>     --			{"prefix",         required_argument, NULL, 'P'},
>>     -+			{"prefix",         required_argument, NULL, 'A'},
>>     - 			{"shell",          required_argument, NULL, 's'},
>>     - 			{"uid",            required_argument, NULL, 'u'},
>>     - 			{"user-group",     no_argument,       NULL, 'U'},
>>     -@@ -1146,9 +1148,9 @@ static void process_flags (int argc, char **argv)
>>     - 		};
>>     - 		while ((c = getopt_long (argc, argv,
>>     - #ifdef WITH_SELINUX
>>     --		                         "b:c:d:De:f:g:G:hk:K:lmMNop:rR:P:s:u:UZ:",
>>     -+		                         "b:c:d:De:f:g:G:hk:K:lmMNop:P:rR:A:s:u:UZ:",
>>     - #else				/* !WITH_SELINUX */
>>     --		                         "b:c:d:De:f:g:G:hk:K:lmMNop:rR:P:s:u:U",
>>     -+		                         "b:c:d:De:f:g:G:hk:K:lmMNop:P:rR:A:s:u:U",
>>     - #endif				/* !WITH_SELINUX */
>>     - 		                         long_options, NULL)) != -1) {
>>     - 			switch (c) {
>>     -@@ -1320,12 +1322,19 @@ static void process_flags (int argc, char **argv)
>>     - 				}
>>     - 				user_pass = optarg;
>>     - 				break;
>>     -+			case 'P': /* set clear text password */
>>     -+				user_pass = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
>>     -+				break;
>>     - 			case 'r':
>>     - 				rflg = true;
>>     - 				break;
>>     - 			case 'R': /* no-op, handled in process_root_flag () */
>>     - 				break;
>>     --			case 'P': /* no-op, handled in process_prefix_flag () */
>>     -+			case 'A': /* no-op, handled in process_prefix_flag () */
>>     -+				fprintf (stderr,
>>     -+					 _("%s: -A is deliberately not supported \n"),
>>     -+					 Prog);
>>     -+				exit (E_BAD_ARG);
>>     - 				break;
>>     - 			case 's':
>>     - 				if (   ( !VALID (optarg) )
>>     -@@ -2257,7 +2266,7 @@ int main (int argc, char **argv)
>>     -
>>     - 	process_root_flag ("-R", argc, argv);
>>     -
>>     --	prefix = process_prefix_flag("-P", argc, argv);
>>     -+	prefix = process_prefix_flag("-A", argc, argv);
>>     -
>>     - 	OPENLOG ("useradd");
>>     - #ifdef WITH_AUDIT
>>     -diff --git a/src/usermod.c b/src/usermod.c
>>     -index 21c6da9..cffdb3e 100644
>>     ---- a/src/usermod.c
>>     -+++ b/src/usermod.c
>>     -@@ -431,8 +431,9 @@ static /*@noreturn@*/void usage (int status)
>>     - 	                "                                new location (use only with -d)\n"), usageout);
>>     - 	(void) fputs (_("  -o, --non-unique              allow using duplicate (non-unique) UID\n"), usageout);
>>     - 	(void) fputs (_("  -p, --password PASSWORD       use encrypted password for the new password\n"), usageout);
>>     -+	(void) fputs (_("  -P, --clear-password PASSWORD use clear password for the new password\n"), usageout);
>>     - 	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), usageout);
>>     --	(void) fputs (_("  -P, --prefix PREFIX_DIR       prefix directory where are located the /etc/* files\n"), usageout);
>>     -+	(void) fputs (_("  -A, --prefix PREFIX_DIR       prefix directory where are located the /etc/* files\n"), usageout);
>>     - 	(void) fputs (_("  -s, --shell SHELL             new login shell for the user account\n"), usageout);
>>     - 	(void) fputs (_("  -u, --uid UID                 new UID for the user account\n"), usageout);
>>     - 	(void) fputs (_("  -U, --unlock                  unlock the user account\n"), usageout);
>>     -@@ -1010,8 +1011,9 @@ static void process_flags (int argc, char **argv)
>>     - 			{"move-home",    no_argument,       NULL, 'm'},
>>     - 			{"non-unique",   no_argument,       NULL, 'o'},
>>     - 			{"password",     required_argument, NULL, 'p'},
>>     -+			{"clear-password", required_argument, NULL, 'P'},
>>     - 			{"root",         required_argument, NULL, 'R'},
>>     --			{"prefix",       required_argument, NULL, 'P'},
>>     -+			{"prefix",       required_argument, NULL, 'A'},
>>     - 			{"shell",        required_argument, NULL, 's'},
>>     - 			{"uid",          required_argument, NULL, 'u'},
>>     - 			{"unlock",       no_argument,       NULL, 'U'},
>>     -@@ -1027,7 +1029,7 @@ static void process_flags (int argc, char **argv)
>>     - 			{NULL, 0, NULL, '\0'}
>>     - 		};
>>     - 		while ((c = getopt_long (argc, argv,
>>     --		                         "abc:d:e:f:g:G:hl:Lmop:R:s:u:UP:"
>>     -+		                         "abc:d:e:f:g:G:hl:Lmop:P:R:s:u:UA:"
>>     - #ifdef ENABLE_SUBIDS
>>     - 		                         "v:w:V:W:"
>>     - #endif				/* ENABLE_SUBIDS */
>>     -@@ -1130,9 +1132,17 @@ static void process_flags (int argc, char **argv)
>>     - 				user_pass = optarg;
>>     - 				pflg = true;
>>     - 				break;
>>     -+			case 'P':
>>     -+				user_pass = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
>>     -+				pflg = true;
>>     -+				break;
>>     - 			case 'R': /* no-op, handled in process_root_flag () */
>>     - 				break;
>>     --			case 'P': /* no-op, handled in process_prefix_flag () */
>>     -+			case 'A': /* no-op, handled in process_prefix_flag () */
>>     -+				fprintf (stderr,
>>     -+					 _("%s: -A is deliberately not supported \n"),
>>     -+					 Prog);
>>     -+				exit (E_BAD_ARG);
>>     - 				break;
>>     - 			case 's':
>>     - 				if (!VALID (optarg)) {
>>     -@@ -2127,7 +2137,7 @@ int main (int argc, char **argv)
>>     - 	(void) textdomain (PACKAGE);
>>     -
>>     - 	process_root_flag ("-R", argc, argv);
>>     --	prefix = process_prefix_flag ("-P", argc, argv);
>>     -+	prefix = process_prefix_flag ("-A", argc, argv);
>>     -
>>     - 	OPENLOG ("usermod");
>>     - #ifdef WITH_AUDIT
>>     diff --git a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch
>>     index 9825216369..bd24626a26 100644
>>     --- a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch
>>     +++ b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch
>>     @@ -1,4 +1,4 @@
>>     -From 66533c7c6f347d257020675a1ed6e0c59cbbc3f0 Mon Sep 17 00:00:00 2001
>>     +From 1422c24f7266b553c82100e3d18a10c55cd91063 Mon Sep 17 00:00:00 2001
>>       From: Chen Qi<Qi.Chen@windriver.com>  <mailto:Qi.Chen@windriver.com>
>>       Date: Thu, 17 Jul 2014 15:53:34 +0800
>>       Subject: [PATCH] commonio.c-fix-unexpected-open-failure-in-chroot-env
>>     @@ -21,10 +21,10 @@ Signed-off-by: Chen Qi<Qi.Chen@windriver.com>  <mailto:Qi.Chen@windriver.com>
>>        1 file changed, 12 insertions(+), 4 deletions(-)
>>       
>>       diff --git a/lib/commonio.c b/lib/commonio.c
>>     -index 16fa7e7..d6bc297 100644
>>     +index cef404b..66908fb 100644
>>       --- a/lib/commonio.c
>>       +++ b/lib/commonio.c
>>     -@@ -632,10 +632,18 @@ int commonio_open (struct commonio_db *db, int mode)
>>     +@@ -646,10 +646,18 @@ int commonio_open (struct commonio_db *db, int mode)
>>        	db->cursor = NULL;
>>        	db->changed = false;
>>        
>>     diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc
>>     index 2cbdfbc1cf..51d2ca5f16 100644
>>     --- a/meta/recipes-extended/shadow/shadow.inc
>>     +++ b/meta/recipes-extended/shadow/shadow.inc
>>     @@ -10,10 +10,12 @@ LIC_FILES_CHKSUM ="file://COPYING;md5=ed80ff1c2b40843cf5768e5229cf16e5 \ DEPENDS = "virtual/crypt"
>>       
>>       UPSTREAM_CHECK_URI ="https://github.com/shadow-maint/shadow/releases"  <https://github.com/shadow-maint/shadow/releases>
>>     -SRC_URI ="https://github.com/shadow-maint/shadow/releases/download/${PV}/${BP}.tar.gz
>>     \ +SRC_URI = "  <https://github.com/shadow-maint/shadow/releases/download/$%7BPV%7D/$%7BBP%7D.tar.gz%5C+SRC_URI=>https://github.com/shadow-maint/shadow/releases/download/v${PV}/${BP}.tar.gz  <https://github.com/shadow-maint/shadow/releases/download/v$%7BPV%7D/$%7BBP%7D.tar.gz>  \
>>                  file://shadow-4.1.3-dots-in-usernames.patch \
>>                  ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \
>>                  file://shadow-relaxed-usernames.patch \
>>     +           file://0001-Fix-out-of-tree-builds-with-respect-to-libsubid-incl.patch \
>>     +           file://0001-libsubid-link-to-PAM-libraries.patch \
>>                  "
>>       
>>       SRC_URI_append_class-target = " \
>>     @@ -23,15 +25,13 @@ SRC_URI_append_class-target = " \
>>       
>>       SRC_URI_append_class-native = " \
>>                  file://0001-Disable-use-of-syslog-for-sysroot.patch  \
>>     -file://0002-Allow-for-setting-password-in-clear-text.patch  \
>>                  file://commonio.c-fix-unexpected-open-failure-in-chroot-env.patch  \
>>                  "
>>       SRC_URI_append_class-nativesdk = " \
>>                  file://0001-Disable-use-of-syslog-for-sysroot.patch  \
>>                  "
>>       
>>     -SRC_URI[md5sum] = "3d97f11e66bfb0b14702b115fa8be480"
>>     -SRC_URI[sha256sum] = "3ee3081fbbcbcfea5c8916419e46bc724807bab271072104f23e7a29e9668f3a"
>>     +SRC_URI[sha256sum] = "6c4627ff9c9422b96664517ae753c944f2902e92809d0698b65f5fef11985212"
>>       
>>       # Additional Policy files for PAM
>>       PAM_SRC_URI ="file://pam.d/chfn \ @@ -115,12 +115,6 @@ do_install() { # Use
>>     proper encryption for passwords sed -i
>>     's/^#ENCRYPT_METHOD.*$/ENCRYPT_METHOD SHA512/'
>>     ${D}${sysconfdir}/login.defs - # Now we don't have a mail system.
>>     Disable mail creation for now. - sed -i 's:/bin/bash:/bin/sh:g'
>>     ${D}${sysconfdir}/default/useradd - sed -i '/^CREATE_MAIL_SPOOL/
>>     s:^:#:' ${D}${sysconfdir}/default/useradd - - # Use users group by
>>     default - sed -i 's,^GROUP=1000,GROUP=100,g'
>>     ${D}${sysconfdir}/default/useradd } do_install_append() { @@
>>     -184,13 +178,6 @@ ALTERNATIVE_${PN}-base = "newgrp groups login su"
>>       ALTERNATIVE_LINK_NAME[login] = "${base_bindir}/login"
>>       ALTERNATIVE_LINK_NAME[su] = "${base_bindir}/su"
>>       
>>     -ALTERNATIVE_${PN}-doc = "passwd.5 getspnam.3 groups.1 su.1 nologin.8"
>>     -ALTERNATIVE_LINK_NAME[passwd.5] = "${mandir}/man5/passwd.5"
>>     -ALTERNATIVE_LINK_NAME[getspnam.3] = "${mandir}/man3/getspnam.3"
>>     -ALTERNATIVE_LINK_NAME[groups.1] = "${mandir}/man1/groups.1"
>>     -ALTERNATIVE_LINK_NAME[su.1] = "${mandir}/man1/su.1"
>>     -ALTERNATIVE_LINK_NAME[nologin.8] = "${mandir}/man8/nologin.8"
>>     -
>>       PACKAGE_WRITE_DEPS += "shadow-native"
>>       pkg_postinst_${PN}_class-target () {
>>       	if [ "x$D" != "x" ]; then
>>     diff --git a/meta/recipes-extended/shadow/shadow_4.8.1.bb  <http://shadow_4.8.1.bb>  b/meta/recipes-extended/shadow/shadow_4.9.bb  <http://shadow_4.9.bb>
>>     similarity index 100%
>>     rename from meta/recipes-extended/shadow/shadow_4.8.1.bb  <http://shadow_4.8.1.bb>
>>     rename to meta/recipes-extended/shadow/shadow_4.9.bb  <http://shadow_4.9.bb>
>>
> 
> 
> 
> 

Re: [OE-core] [PATCH 6/9] shadow: update 4.8.1 -> 4.9

[Mark Hatle]

On 8/4/21 1:13 PM, Khem Raj wrote:
> 
> 
> On 8/4/21 3:12 AM, Alexander Kanavin wrote:
>> Yes, plaintext passwords can no longer be there, which is a good thing 
>> I'd say? The hashed/salted passwords can still be provided through the 
>> same class, but this needs to be documented, and perhaps tested too.
>>
> 
> Its perhaps fine to discourage plaintext password setting, but it is a 
> user visible feature as it seems. So the documentation should change for 
> sure to not use it and it should also go into migration guide since it 
> has a potential of tripping a lot of folks. I think documenting the 
> intent to move away from plaintext is urgent, then the question is if
> we want to fist deprecate it or delete this option all in one go.

We SHOULD discourage users from any hardcoded passwords!  But, there is little
to no functional difference between specifying a plain text or salted password,
but there is a HUGE developer/user difference in behavior.

So, if we have a way to set a default password for any account, then we really
do need a way to have a plaintext password specified.

From a security perspective, there is no advantage between a salted or plain
text password.  (Salted passwords can always be reversed through tables, etc!)

If the current implementation of the plain text passwords is not "secure" due to
bad salts, hash types, etc.  Then lets fix that and move to a more secure style.

If it is decided to remove the -P option for plain text passwords, then we need
to document for the user HOW to generate password hashes.  And if we're showing
them how to do it, it SHOULD be trivial to find a way to do the same thing
_using the build system_.

For example

useradd -P 'foobar' user

to

hash=$(echo 'foobar' | openssl passwd -1 -salt mysalt -stdin)
useradd -p $hash user


or

hash=$(python -c "import crypt; print crypt.crypt('foobar')")
useradd -p $hash user


or

....


but the point is, we SHOULD discourage _ANY_ hard coded passwords, not just
plain text.  However if a user wants to do this, the system should assist the
user in setting a password into their environment.

--Mark


>> Alex
>>
>> On Wed, 4 Aug 2021 at 10:39, Yi Zhao <yi.zhao@windriver.com 
>> <mailto:yi.zhao@windriver.com>> wrote:
>>
>>
>>     On 7/30/21 7:45 PM, Alexander Kanavin wrote:
>>>     Add a couple backports to fix builds.
>>>
>>>     Drop 0002-Allow-for-setting-password-in-clear-text.patch;
>>>     what it adds is horribly insecure and AB testing didn't reveal any
>>>     regressions or use cases for it.
>>
>>     Dropping this patch makes the password setting function in
>>     extrausers.bbclass unavailable:
>>     https://docs.yoctoproject.org/singleindex.html#extrausers-bbclass
>>     <https://docs.yoctoproject.org/singleindex.html#extrausers-bbclass>
>>
>>
>>     //Yi
>>
>>
>>>     Drop /etc/default/ tweaks as files are no longer installed there.
>>>
>>>     Drop manpage alternatives as manpages are no longer installed.
>>>
>>>     Signed-off-by: Alexander Kanavin<alex.kanavin@gmail.com>  <mailto:alex.kanavin@gmail.com>
>>>     ---
>>>       ...01-Disable-use-of-syslog-for-sysroot.patch |  29 +-
>>>       ...builds-with-respect-to-libsubid-incl.patch | 114 +++++++
>>>       .../0001-libsubid-link-to-PAM-libraries.patch |  31 ++
>>>       ...w-for-setting-password-in-clear-text.patch | 301 ------------------
>>>       ...nexpected-open-failure-in-chroot-env.patch |   6 +-
>>>       meta/recipes-extended/shadow/shadow.inc       |  21 +-
>>>       .../shadow/{shadow_4.8.1.bb  <http://shadow_4.8.1.bb>  =>shadow_4.9.bb  <http://shadow_4.9.bb>} |   0
>>>       7 files changed, 167 insertions(+), 335 deletions(-)
>>>       create mode 100644 meta/recipes-extended/shadow/files/0001-Fix-out-of-tree-builds-with-respect-to-libsubid-incl.patch
>>>       create mode 100644 meta/recipes-extended/shadow/files/0001-libsubid-link-to-PAM-libraries.patch
>>>       delete mode 100644 meta/recipes-extended/shadow/files/0002-Allow-for-setting-password-in-clear-text.patch
>>>       rename meta/recipes-extended/shadow/{shadow_4.8.1.bb  <http://shadow_4.8.1.bb>  =>shadow_4.9.bb  <http://shadow_4.9.bb>} (100%)
>>>
>>>     diff --git a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch b/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch
>>>     index ab317b9aa0..95728bcd3f 100644
>>>     --- a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch
>>>     +++ b/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch
>>>     @@ -1,4 +1,4 @@
>>>     -From fa2d9453656641002802d8165e80adb9e6a729d2 Mon Sep 17 00:00:00 2001
>>>     +From 30a3906a0a21120fa6bbc918b6258ab9303fbeaa Mon Sep 17 00:00:00 2001
>>>       From: Scott Garman<scott.a.garman@intel.com>  <mailto:scott.a.garman@intel.com>
>>>       Date: Thu, 14 Apr 2016 12:28:57 +0200
>>>       Subject: [PATCH] Disable use of syslog for sysroot
>>>     @@ -19,12 +19,12 @@ Signed-off-by: Chen Qi<Qi.Chen@windriver.com>  <mailto:Qi.Chen@windriver.com>
>>>        src/groupmems.c | 3 +++
>>>        src/groupmod.c  | 3 +++
>>>        src/useradd.c   | 3 +++
>>>     - src/userdel.c   | 3 +++
>>>     + src/userdel.c   | 4 ++++
>>>        src/usermod.c   | 3 +++
>>>     - 7 files changed, 21 insertions(+)
>>>     + 7 files changed, 22 insertions(+)
>>>       
>>>       diff --git a/src/groupadd.c b/src/groupadd.c
>>>     -index 2dd8eec..e9c4bb7 100644
>>>     +index d7f68b1..5fe5f43 100644
>>>       --- a/src/groupadd.c
>>>       +++ b/src/groupadd.c
>>>       @@ -34,6 +34,9 @@
>>>     @@ -38,7 +38,7 @@ index 2dd8eec..e9c4bb7 100644
>>>        #include <fcntl.h>
>>>        #include <getopt.h>
>>>       diff --git a/src/groupdel.c b/src/groupdel.c
>>>     -index f941a84..5a70056 100644
>>>     +index 5c89312..2aefc5a 100644
>>>       --- a/src/groupdel.c
>>>       +++ b/src/groupdel.c
>>>       @@ -34,6 +34,9 @@
>>>     @@ -52,7 +52,7 @@ index f941a84..5a70056 100644
>>>        #include <fcntl.h>
>>>        #include <grp.h>
>>>       diff --git a/src/groupmems.c b/src/groupmems.c
>>>     -index fc91c8b..2842514 100644
>>>     +index 654a8f3..6b2026b 100644
>>>       --- a/src/groupmems.c
>>>       +++ b/src/groupmems.c
>>>       @@ -32,6 +32,9 @@
>>>     @@ -66,7 +66,7 @@ index fc91c8b..2842514 100644
>>>        #include <getopt.h>
>>>        #include <grp.h>
>>>       diff --git a/src/groupmod.c b/src/groupmod.c
>>>     -index 1dca5fc..bc14438 100644
>>>     +index acd6f35..a2c5247 100644
>>>       --- a/src/groupmod.c
>>>       +++ b/src/groupmod.c
>>>       @@ -34,6 +34,9 @@
>>>     @@ -80,7 +80,7 @@ index 1dca5fc..bc14438 100644
>>>        #include <fcntl.h>
>>>        #include <getopt.h>
>>>       diff --git a/src/useradd.c b/src/useradd.c
>>>     -index 4af0f7c..1b7bf06 100644
>>>     +index 127177e..b80e505 100644
>>>       --- a/src/useradd.c
>>>       +++ b/src/useradd.c
>>>       @@ -34,6 +34,9 @@
>>>     @@ -94,21 +94,22 @@ index 4af0f7c..1b7bf06 100644
>>>        #include <ctype.h>
>>>        #include <errno.h>
>>>       diff --git a/src/userdel.c b/src/userdel.c
>>>     -index cc951e5..153e0be 100644
>>>     +index 79a7c89..c1e010a 100644
>>>       --- a/src/userdel.c
>>>       +++ b/src/userdel.c
>>>     -@@ -34,6 +34,9 @@
>>>     -
>>>     - #ident "$Id$"
>>>     +@@ -31,6 +31,10 @@
>>>     +  */
>>>        
>>>     + #include <config.h>
>>>     ++
>>>       +/* Disable use of syslog since we're running this command against a sysroot */
>>>       +#undef USE_SYSLOG
>>>       +
>>>        #include <assert.h>
>>>     + #include <dirent.h>
>>>        #include <errno.h>
>>>     - #include <fcntl.h>
>>>       diff --git a/src/usermod.c b/src/usermod.c
>>>     -index 05b9871..21c6da9 100644
>>>     +index 03bb9b9..e15fdd4 100644
>>>       --- a/src/usermod.c
>>>       +++ b/src/usermod.c
>>>       @@ -34,6 +34,9 @@
>>>     diff --git a/meta/recipes-extended/shadow/files/0001-Fix-out-of-tree-builds-with-respect-to-libsubid-incl.patch b/meta/recipes-extended/shadow/files/0001-Fix-out-of-tree-builds-with-respect-to-libsubid-incl.patch
>>>     new file mode 100644
>>>     index 0000000000..c577be6505
>>>     --- /dev/null
>>>     +++ b/meta/recipes-extended/shadow/files/0001-Fix-out-of-tree-builds-with-respect-to-libsubid-incl.patch
>>>     @@ -0,0 +1,114 @@
>>>     +From eced8077b57946fe0b723e7c6c510e8f344ce89b Mon Sep 17 00:00:00 2001
>>>     +From: Serge Hallyn<serge@hallyn.com>  <mailto:serge@hallyn.com>
>>>     +Date: Fri, 23 Jul 2021 17:51:13 -0500
>>>     +Subject: [PATCH] Fix out of tree builds with respect to libsubid includes
>>>     +
>>>     +There's a better way to do this, and I hope to clean that up,
>>>     +but this fixes out of tree builds for me right now.
>>>     +
>>>     +Closes #386
>>>     +
>>>     +Signed-off-by: Serge Hallyn<serge@hallyn.com>  <mailto:serge@hallyn.com>
>>>     +Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/537b8cd90be7b47b45c45cfd27765ef85eb0ebf1  <https://github.com/shadow-maint/shadow/commit/537b8cd90be7b47b45c45cfd27765ef85eb0ebf1>]
>>>     +Signed-off-by: Alexander Kanavin<alex.kanavin@gmail.com>  <mailto:alex.kanavin@gmail.com>
>>>     +---
>>>     + lib/Makefile.am      | 2 ++
>>>     + libmisc/Makefile.am  | 2 +-
>>>     + libsubid/Makefile.am | 4 ++--
>>>     + src/Makefile.am      | 6 ++++++
>>>     + 4 files changed, 11 insertions(+), 3 deletions(-)
>>>     +
>>>     +diff --git a/lib/Makefile.am b/lib/Makefile.am
>>>     +index ecf3ee25..5ac2e111 100644
>>>     +--- a/lib/Makefile.am
>>>     ++++ b/lib/Makefile.am
>>>     +@@ -10,6 +10,8 @@ if HAVE_VENDORDIR
>>>     + libshadow_la_CPPFLAGS += -DVENDORDIR=\"$(VENDORDIR)\"
>>>     + endif
>>>     +
>>>     ++libshadow_la_CPPFLAGS += -I$(top_srcdir)
>>>     ++
>>>     + libshadow_la_SOURCES = \
>>>     + 	commonio.c \
>>>     + 	commonio.h \
>>>     +diff --git a/libmisc/Makefile.am b/libmisc/Makefile.am
>>>     +index 9766a7ec..9f237e0d 100644
>>>     +--- a/libmisc/Makefile.am
>>>     ++++ b/libmisc/Makefile.am
>>>     +@@ -1,7 +1,7 @@
>>>     +
>>>     + EXTRA_DIST = .indent.pro  <http://indent.pro>  xgetXXbyYY.c
>>>     +
>>>     +-AM_CPPFLAGS = -I$(top_srcdir)/lib $(ECONF_CPPFLAGS)
>>>     ++AM_CPPFLAGS = -I$(top_srcdir)/lib -I$(top_srcdir) $(ECONF_CPPFLAGS)
>>>     +
>>>     + noinst_LTLIBRARIES =libmisc.la  <http://libmisc.la>
>>>     +
>>>     +diff --git a/libsubid/Makefile.am b/libsubid/Makefile.am
>>>     +index 189165b0..cdc41fe6 100644
>>>     +--- a/libsubid/Makefile.am
>>>     ++++ b/libsubid/Makefile.am
>>>     +@@ -19,8 +19,8 @@ MISCLIBS = \
>>>     + 	$(LIBTCB)
>>>     +
>>>     + libsubid_la_LIBADD = \
>>>     +-	$(top_srcdir)/lib/libshadow.la  <http://libshadow.la>  \
>>>     +-	$(top_srcdir)/libmisc/libmisc.la  <http://libmisc.la>  \
>>>     ++	$(top_builddir)/lib/libshadow.la  <http://libshadow.la>  \
>>>     ++	$(top_builddir)/libmisc/libmisc.la  <http://libmisc.la>  \
>>>     + 	$(MISCLIBS) -ldl
>>>     +
>>>     + AM_CPPFLAGS = \
>>>     +diff --git a/src/Makefile.am b/src/Makefile.am
>>>     +index 35027013..7c1a3491 100644
>>>     +--- a/src/Makefile.am
>>>     ++++ b/src/Makefile.am
>>>     +@@ -10,6 +10,7 @@ sgidperms = 2755
>>>     + AM_CPPFLAGS = \
>>>     + 	-I${top_srcdir}/lib \
>>>     + 	-I$(top_srcdir)/libmisc \
>>>     ++	-I$(top_srcdir) \
>>>     + 	-DLOCALEDIR=\"$(datadir)/locale\"
>>>     +
>>>     + # XXX why are login and su in /bin anyway (other than for
>>>     +@@ -183,6 +184,7 @@ list_subid_ranges_LDADD = \
>>>     + list_subid_ranges_CPPFLAGS = \
>>>     + 	-I$(top_srcdir)/lib \
>>>     + 	-I$(top_srcdir)/libmisc \
>>>     ++	-I$(top_srcdir) \
>>>     + 	-I$(top_srcdir)/libsubid
>>>     +
>>>     + get_subid_owners_LDADD = \
>>>     +@@ -194,11 +196,13 @@ get_subid_owners_LDADD = \
>>>     + get_subid_owners_CPPFLAGS = \
>>>     + 	-I$(top_srcdir)/lib \
>>>     + 	-I$(top_srcdir)/libmisc \
>>>     ++	-I$(top_srcdir) \
>>>     + 	-I$(top_srcdir)/libsubid
>>>     +
>>>     + new_subid_range_CPPFLAGS = \
>>>     + 	-I$(top_srcdir)/lib \
>>>     + 	-I$(top_srcdir)/libmisc \
>>>     ++	-I$(top_srcdir) \
>>>     + 	-I$(top_srcdir)/libsubid
>>>     +
>>>     + new_subid_range_LDADD = \
>>>     +@@ -210,6 +214,7 @@ new_subid_range_LDADD = \
>>>     + free_subid_range_CPPFLAGS = \
>>>     + 	-I$(top_srcdir)/lib \
>>>     + 	-I$(top_srcdir)/libmisc \
>>>     ++	-I$(top_srcdir) \
>>>     + 	-I$(top_srcdir)/libsubid
>>>     +
>>>     + free_subid_range_LDADD = \
>>>     +@@ -220,6 +225,7 @@ free_subid_range_LDADD = \
>>>     +
>>>     + check_subid_range_CPPFLAGS = \
>>>     + 	-I$(top_srcdir)/lib \
>>>     ++	-I$(top_srcdir) \
>>>     + 	-I$(top_srcdir)/libmisc
>>>     +
>>>     + check_subid_range_LDADD = \
>>>     +--
>>>     +2.31.1
>>>     +
>>>     diff --git a/meta/recipes-extended/shadow/files/0001-libsubid-link-to-PAM-libraries.patch b/meta/recipes-extended/shadow/files/0001-libsubid-link-to-PAM-libraries.patch
>>>     new file mode 100644
>>>     index 0000000000..ea7a99dbf7
>>>     --- /dev/null
>>>     +++ b/meta/recipes-extended/shadow/files/0001-libsubid-link-to-PAM-libraries.patch
>>>     @@ -0,0 +1,31 @@
>>>     +From 4f44617af3a0c59be267ac5fcc33586e3783f5e6 Mon Sep 17 00:00:00 2001
>>>     +From: Xi Ruoyao<xry111@mengyan1223.wang>  <mailto:xry111@mengyan1223.wang>
>>>     +Date: Fri, 23 Jul 2021 14:38:08 +0800
>>>     +Subject: [PATCH] libsubid: link to PAM libraries
>>>     +
>>>     +libsubid.so links to libmisc.a, which contains several routines referring to
>>>     +PAM functions.
>>>     +
>>>     +Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/f4a84efb468b8be21be124700ce35159c444e9d6  <https://github.com/shadow-maint/shadow/commit/f4a84efb468b8be21be124700ce35159c444e9d6>]
>>>     +Signed-off-by: Alexander Kanavin<alex.kanavin@gmail.com>  <mailto:alex.kanavin@gmail.com>
>>>     +---
>>>     + libsubid/Makefile.am | 3 ++-
>>>     + 1 file changed, 2 insertions(+), 1 deletion(-)
>>>     +
>>>     +diff --git a/libsubid/Makefile.am b/libsubid/Makefile.am
>>>     +index cdc41fe6..99308c1f 100644
>>>     +--- a/libsubid/Makefile.am
>>>     ++++ b/libsubid/Makefile.am
>>>     +@@ -16,7 +16,8 @@ MISCLIBS = \
>>>     + 	$(LIBCRYPT) \
>>>     + 	$(LIBACL) \
>>>     + 	$(LIBATTR) \
>>>     +-	$(LIBTCB)
>>>     ++	$(LIBTCB) \
>>>     ++	$(LIBPAM)
>>>     +
>>>     + libsubid_la_LIBADD = \
>>>     + 	$(top_builddir)/lib/libshadow.la  <http://libshadow.la>  \
>>>     +--
>>>     +2.31.1
>>>     +
>>>     diff --git a/meta/recipes-extended/shadow/files/0002-Allow-for-setting-password-in-clear-text.patch b/meta/recipes-extended/shadow/files/0002-Allow-for-setting-password-in-clear-text.patch
>>>     deleted file mode 100644
>>>     index c6332e4f76..0000000000
>>>     --- a/meta/recipes-extended/shadow/files/0002-Allow-for-setting-password-in-clear-text.patch
>>>     +++ /dev/null
>>>     @@ -1,301 +0,0 @@
>>>     -From a7d995228491ad5255ad86c1f04ba071f6880897 Mon Sep 17 00:00:00 2001
>>>     -From: Chen Qi<Qi.Chen@windriver.com>  <mailto:Qi.Chen@windriver.com>
>>>     -Date: Sat, 16 Nov 2013 15:27:47 +0800
>>>     -Subject: [PATCH] Allow for setting password in clear text
>>>     -
>>>     -Upstream-Status: Inappropriate [OE specific]
>>>     -
>>>     -Signed-off-by: Chen Qi<Qi.Chen@windriver.com>  <mailto:Qi.Chen@windriver.com>
>>>     -
>>>     ----
>>>     - src/Makefile.am |  8 ++++----
>>>     - src/groupadd.c  | 20 +++++++++++++++-----
>>>     - src/groupmod.c  | 20 +++++++++++++++-----
>>>     - src/useradd.c   | 21 +++++++++++++++------
>>>     - src/usermod.c   | 20 +++++++++++++++-----
>>>     - 5 files changed, 64 insertions(+), 25 deletions(-)
>>>     -
>>>     -diff --git a/src/Makefile.am b/src/Makefile.am
>>>     -index f31fd7a..4a317a3 100644
>>>     ---- a/src/Makefile.am
>>>     -+++ b/src/Makefile.am
>>>     -@@ -103,10 +103,10 @@ chsh_LDADD     = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM)
>>>     - chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF)
>>>     - expiry_LDADD = $(LDADD) $(LIBECONF)
>>>     - gpasswd_LDADD  = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF)
>>>     --groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
>>>     -+groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) $(LIBCRYPT)
>>>     - groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
>>>     - groupmems_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
>>>     --groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
>>>     -+groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) $(LIBCRYPT)
>>>     - grpck_LDADD    = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
>>>     - grpconv_LDADD  = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
>>>     - grpunconv_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
>>>     -@@ -127,9 +127,9 @@ su_SOURCES     = \
>>>     - 	suauth.c
>>>     - su_LDADD       = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF)
>>>     - sulogin_LDADD  = $(LDADD) $(LIBCRYPT) $(LIBECONF)
>>>     --useradd_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF)
>>>     -+useradd_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) $(LIBCRYPT)
>>>     - userdel_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBECONF)
>>>     --usermod_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF)
>>>     -+usermod_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) $(LIBCRYPT)
>>>     - vipw_LDADD     = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
>>>     -
>>>     - install-am: all-am
>>>     -diff --git a/src/groupadd.c b/src/groupadd.c
>>>     -index e9c4bb7..d572c00 100644
>>>     ---- a/src/groupadd.c
>>>     -+++ b/src/groupadd.c
>>>     -@@ -127,9 +127,10 @@ static /*@noreturn@*/void usage (int status)
>>>     - 	(void) fputs (_("  -o, --non-unique              allow to create groups with duplicate\n"
>>>     - 	                "                                (non-unique) GID\n"), usageout);
>>>     - 	(void) fputs (_("  -p, --password PASSWORD       use this encrypted password for the new group\n"), usageout);
>>>     -+	(void) fputs (_("  -P, --clear-password PASSWORD use this clear password for the new group\n"), usageout);
>>>     - 	(void) fputs (_("  -r, --system                  create a system account\n"), usageout);
>>>     - 	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), usageout);
>>>     --	(void) fputs (_("  -P, --prefix PREFIX_DIR       directory prefix\n"), usageout);
>>>     -+	(void) fputs (_("  -A, --prefix PREFIX_DIR       directory prefix\n"), usageout);
>>>     - 	(void) fputs ("\n", usageout);
>>>     - 	exit (status);
>>>     - }
>>>     -@@ -391,13 +392,14 @@ static void process_flags (int argc, char **argv)
>>>     - 		{"key",        required_argument, NULL, 'K'},
>>>     - 		{"non-unique", no_argument,       NULL, 'o'},
>>>     - 		{"password",   required_argument, NULL, 'p'},
>>>     -+		{"clear-password", required_argument, NULL, 'P'},
>>>     - 		{"system",     no_argument,       NULL, 'r'},
>>>     - 		{"root",       required_argument, NULL, 'R'},
>>>     --		{"prefix",     required_argument, NULL, 'P'},
>>>     -+		{"prefix",     required_argument, NULL, 'A'},
>>>     - 		{NULL, 0, NULL, '\0'}
>>>     - 	};
>>>     -
>>>     --	while ((c = getopt_long (argc, argv, "fg:hK:op:rR:P:",
>>>     -+	while ((c = getopt_long (argc, argv, "fg:hK:op:P:rR:A:",
>>>     - 		                 long_options, NULL)) != -1) {
>>>     - 		switch (c) {
>>>     - 		case 'f':
>>>     -@@ -449,12 +451,20 @@ static void process_flags (int argc, char **argv)
>>>     - 			pflg = true;
>>>     - 			group_passwd = optarg;
>>>     - 			break;
>>>     -+		case 'P':
>>>     -+			pflg = true;
>>>     -+			group_passwd = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
>>>     -+			break;
>>>     - 		case 'r':
>>>     - 			rflg = true;
>>>     - 			break;
>>>     - 		case 'R': /* no-op, handled in process_root_flag () */
>>>     - 			break;
>>>     --		case 'P': /* no-op, handled in process_prefix_flag () */
>>>     -+		case 'A': /* no-op, handled in process_prefix_flag () */
>>>     -+			fprintf (stderr,
>>>     -+				 _("%s: -A is deliberately not supported \n"),
>>>     -+				 Prog);
>>>     -+			exit (E_BAD_ARG);
>>>     - 			break;
>>>     - 		default:
>>>     - 			usage (E_USAGE);
>>>     -@@ -588,7 +598,7 @@ int main (int argc, char **argv)
>>>     - 	(void) textdomain (PACKAGE);
>>>     -
>>>     - 	process_root_flag ("-R", argc, argv);
>>>     --	prefix = process_prefix_flag ("-P", argc, argv);
>>>     -+	prefix = process_prefix_flag ("-A", argc, argv);
>>>     -
>>>     - 	OPENLOG ("groupadd");
>>>     - #ifdef WITH_AUDIT
>>>     -diff --git a/src/groupmod.c b/src/groupmod.c
>>>     -index bc14438..25ccb44 100644
>>>     ---- a/src/groupmod.c
>>>     -+++ b/src/groupmod.c
>>>     -@@ -138,8 +138,9 @@ static void usage (int status)
>>>     - 	(void) fputs (_("  -o, --non-unique              allow to use a duplicate (non-unique) GID\n"), usageout);
>>>     - 	(void) fputs (_("  -p, --password PASSWORD       change the password to this (encrypted)\n"
>>>     - 	                "                                PASSWORD\n"), usageout);
>>>     -+	(void) fputs (_("  -P, --clear-password PASSWORD change the password to this clear PASSWORD\n"), usageout);
>>>     - 	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), usageout);
>>>     --	(void) fputs (_("  -P, --prefix PREFIX_DIR       prefix directory where are located the /etc/* files\n"), usageout);
>>>     -+	(void) fputs (_("  -A, --prefix PREFIX_DIR       prefix directory where are located the /etc/* files\n"), usageout);
>>>     - 	(void) fputs ("\n", usageout);
>>>     - 	exit (status);
>>>     - }
>>>     -@@ -387,11 +388,12 @@ static void process_flags (int argc, char **argv)
>>>     - 		{"new-name",   required_argument, NULL, 'n'},
>>>     - 		{"non-unique", no_argument,       NULL, 'o'},
>>>     - 		{"password",   required_argument, NULL, 'p'},
>>>     -+		{"clear-password", required_argument, NULL, 'P'},
>>>     - 		{"root",       required_argument, NULL, 'R'},
>>>     --		{"prefix",     required_argument, NULL, 'P'},
>>>     -+		{"prefix",     required_argument, NULL, 'A'},
>>>     - 		{NULL, 0, NULL, '\0'}
>>>     - 	};
>>>     --	while ((c = getopt_long (argc, argv, "g:hn:op:R:P:",
>>>     -+	while ((c = getopt_long (argc, argv, "g:hn:op:P:R:A:",
>>>     - 		                 long_options, NULL)) != -1) {
>>>     - 		switch (c) {
>>>     - 		case 'g':
>>>     -@@ -418,9 +420,17 @@ static void process_flags (int argc, char **argv)
>>>     - 			group_passwd = optarg;
>>>     - 			pflg = true;
>>>     - 			break;
>>>     -+		case 'P':
>>>     -+			group_passwd = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
>>>     -+			pflg = true;
>>>     -+			break;
>>>     - 		case 'R': /* no-op, handled in process_root_flag () */
>>>     - 			break;
>>>     --		case 'P': /* no-op, handled in process_prefix_flag () */
>>>     -+		case 'A': /* no-op, handled in process_prefix_flag () */
>>>     -+			fprintf (stderr,
>>>     -+				 _("%s: -A is deliberately not supported \n"),
>>>     -+				 Prog);
>>>     -+			exit (E_BAD_ARG);
>>>     - 			break;
>>>     - 		default:
>>>     - 			usage (E_USAGE);
>>>     -@@ -761,7 +771,7 @@ int main (int argc, char **argv)
>>>     - 	(void) textdomain (PACKAGE);
>>>     -
>>>     - 	process_root_flag ("-R", argc, argv);
>>>     --	prefix = process_prefix_flag ("-P", argc, argv);
>>>     -+	prefix = process_prefix_flag ("-A", argc, argv);
>>>     -
>>>     - 	OPENLOG ("groupmod");
>>>     - #ifdef WITH_AUDIT
>>>     -diff --git a/src/useradd.c b/src/useradd.c
>>>     -index 1b7bf06..44f09e2 100644
>>>     ---- a/src/useradd.c
>>>     -+++ b/src/useradd.c
>>>     -@@ -853,9 +853,10 @@ static void usage (int status)
>>>     - 	(void) fputs (_("  -o, --non-unique              allow to create users with duplicate\n"
>>>     - 	                "                                (non-unique) UID\n"), usageout);
>>>     - 	(void) fputs (_("  -p, --password PASSWORD       encrypted password of the new account\n"), usageout);
>>>     -+	(void) fputs (_("  -P, --clear-password PASSWORD clear password of the new account\n"), usageout);
>>>     - 	(void) fputs (_("  -r, --system                  create a system account\n"), usageout);
>>>     - 	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), usageout);
>>>     --	(void) fputs (_("  -P, --prefix PREFIX_DIR       prefix directory where are located the /etc/* files\n"), usageout);
>>>     -+	(void) fputs (_("  -A, --prefix PREFIX_DIR       prefix directory where are located the /etc/* files\n"), usageout);
>>>     - 	(void) fputs (_("  -s, --shell SHELL             login shell of the new account\n"), usageout);
>>>     - 	(void) fputs (_("  -u, --uid UID                 user ID of the new account\n"), usageout);
>>>     - 	(void) fputs (_("  -U, --user-group              create a group with the same name as the user\n"), usageout);
>>>     -@@ -1133,9 +1134,10 @@ static void process_flags (int argc, char **argv)
>>>     - 			{"no-user-group",  no_argument,       NULL, 'N'},
>>>     - 			{"non-unique",     no_argument,       NULL, 'o'},
>>>     - 			{"password",       required_argument, NULL, 'p'},
>>>     -+			{"clear-password", required_argument, NULL, 'P'},
>>>     - 			{"system",         no_argument,       NULL, 'r'},
>>>     - 			{"root",           required_argument, NULL, 'R'},
>>>     --			{"prefix",         required_argument, NULL, 'P'},
>>>     -+			{"prefix",         required_argument, NULL, 'A'},
>>>     - 			{"shell",          required_argument, NULL, 's'},
>>>     - 			{"uid",            required_argument, NULL, 'u'},
>>>     - 			{"user-group",     no_argument,       NULL, 'U'},
>>>     -@@ -1146,9 +1148,9 @@ static void process_flags (int argc, char **argv)
>>>     - 		};
>>>     - 		while ((c = getopt_long (argc, argv,
>>>     - #ifdef WITH_SELINUX
>>>     --		                         "b:c:d:De:f:g:G:hk:K:lmMNop:rR:P:s:u:UZ:",
>>>     -+		                         "b:c:d:De:f:g:G:hk:K:lmMNop:P:rR:A:s:u:UZ:",
>>>     - #else				/* !WITH_SELINUX */
>>>     --		                         "b:c:d:De:f:g:G:hk:K:lmMNop:rR:P:s:u:U",
>>>     -+		                         "b:c:d:De:f:g:G:hk:K:lmMNop:P:rR:A:s:u:U",
>>>     - #endif				/* !WITH_SELINUX */
>>>     - 		                         long_options, NULL)) != -1) {
>>>     - 			switch (c) {
>>>     -@@ -1320,12 +1322,19 @@ static void process_flags (int argc, char **argv)
>>>     - 				}
>>>     - 				user_pass = optarg;
>>>     - 				break;
>>>     -+			case 'P': /* set clear text password */
>>>     -+				user_pass = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
>>>     -+				break;
>>>     - 			case 'r':
>>>     - 				rflg = true;
>>>     - 				break;
>>>     - 			case 'R': /* no-op, handled in process_root_flag () */
>>>     - 				break;
>>>     --			case 'P': /* no-op, handled in process_prefix_flag () */
>>>     -+			case 'A': /* no-op, handled in process_prefix_flag () */
>>>     -+				fprintf (stderr,
>>>     -+					 _("%s: -A is deliberately not supported \n"),
>>>     -+					 Prog);
>>>     -+				exit (E_BAD_ARG);
>>>     - 				break;
>>>     - 			case 's':
>>>     - 				if (   ( !VALID (optarg) )
>>>     -@@ -2257,7 +2266,7 @@ int main (int argc, char **argv)
>>>     -
>>>     - 	process_root_flag ("-R", argc, argv);
>>>     -
>>>     --	prefix = process_prefix_flag("-P", argc, argv);
>>>     -+	prefix = process_prefix_flag("-A", argc, argv);
>>>     -
>>>     - 	OPENLOG ("useradd");
>>>     - #ifdef WITH_AUDIT
>>>     -diff --git a/src/usermod.c b/src/usermod.c
>>>     -index 21c6da9..cffdb3e 100644
>>>     ---- a/src/usermod.c
>>>     -+++ b/src/usermod.c
>>>     -@@ -431,8 +431,9 @@ static /*@noreturn@*/void usage (int status)
>>>     - 	                "                                new location (use only with -d)\n"), usageout);
>>>     - 	(void) fputs (_("  -o, --non-unique              allow using duplicate (non-unique) UID\n"), usageout);
>>>     - 	(void) fputs (_("  -p, --password PASSWORD       use encrypted password for the new password\n"), usageout);
>>>     -+	(void) fputs (_("  -P, --clear-password PASSWORD use clear password for the new password\n"), usageout);
>>>     - 	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), usageout);
>>>     --	(void) fputs (_("  -P, --prefix PREFIX_DIR       prefix directory where are located the /etc/* files\n"), usageout);
>>>     -+	(void) fputs (_("  -A, --prefix PREFIX_DIR       prefix directory where are located the /etc/* files\n"), usageout);
>>>     - 	(void) fputs (_("  -s, --shell SHELL             new login shell for the user account\n"), usageout);
>>>     - 	(void) fputs (_("  -u, --uid UID                 new UID for the user account\n"), usageout);
>>>     - 	(void) fputs (_("  -U, --unlock                  unlock the user account\n"), usageout);
>>>     -@@ -1010,8 +1011,9 @@ static void process_flags (int argc, char **argv)
>>>     - 			{"move-home",    no_argument,       NULL, 'm'},
>>>     - 			{"non-unique",   no_argument,       NULL, 'o'},
>>>     - 			{"password",     required_argument, NULL, 'p'},
>>>     -+			{"clear-password", required_argument, NULL, 'P'},
>>>     - 			{"root",         required_argument, NULL, 'R'},
>>>     --			{"prefix",       required_argument, NULL, 'P'},
>>>     -+			{"prefix",       required_argument, NULL, 'A'},
>>>     - 			{"shell",        required_argument, NULL, 's'},
>>>     - 			{"uid",          required_argument, NULL, 'u'},
>>>     - 			{"unlock",       no_argument,       NULL, 'U'},
>>>     -@@ -1027,7 +1029,7 @@ static void process_flags (int argc, char **argv)
>>>     - 			{NULL, 0, NULL, '\0'}
>>>     - 		};
>>>     - 		while ((c = getopt_long (argc, argv,
>>>     --		                         "abc:d:e:f:g:G:hl:Lmop:R:s:u:UP:"
>>>     -+		                         "abc:d:e:f:g:G:hl:Lmop:P:R:s:u:UA:"
>>>     - #ifdef ENABLE_SUBIDS
>>>     - 		                         "v:w:V:W:"
>>>     - #endif				/* ENABLE_SUBIDS */
>>>     -@@ -1130,9 +1132,17 @@ static void process_flags (int argc, char **argv)
>>>     - 				user_pass = optarg;
>>>     - 				pflg = true;
>>>     - 				break;
>>>     -+			case 'P':
>>>     -+				user_pass = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
>>>     -+				pflg = true;
>>>     -+				break;
>>>     - 			case 'R': /* no-op, handled in process_root_flag () */
>>>     - 				break;
>>>     --			case 'P': /* no-op, handled in process_prefix_flag () */
>>>     -+			case 'A': /* no-op, handled in process_prefix_flag () */
>>>     -+				fprintf (stderr,
>>>     -+					 _("%s: -A is deliberately not supported \n"),
>>>     -+					 Prog);
>>>     -+				exit (E_BAD_ARG);
>>>     - 				break;
>>>     - 			case 's':
>>>     - 				if (!VALID (optarg)) {
>>>     -@@ -2127,7 +2137,7 @@ int main (int argc, char **argv)
>>>     - 	(void) textdomain (PACKAGE);
>>>     -
>>>     - 	process_root_flag ("-R", argc, argv);
>>>     --	prefix = process_prefix_flag ("-P", argc, argv);
>>>     -+	prefix = process_prefix_flag ("-A", argc, argv);
>>>     -
>>>     - 	OPENLOG ("usermod");
>>>     - #ifdef WITH_AUDIT
>>>     diff --git a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch
>>>     index 9825216369..bd24626a26 100644
>>>     --- a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch
>>>     +++ b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch
>>>     @@ -1,4 +1,4 @@
>>>     -From 66533c7c6f347d257020675a1ed6e0c59cbbc3f0 Mon Sep 17 00:00:00 2001
>>>     +From 1422c24f7266b553c82100e3d18a10c55cd91063 Mon Sep 17 00:00:00 2001
>>>       From: Chen Qi<Qi.Chen@windriver.com>  <mailto:Qi.Chen@windriver.com>
>>>       Date: Thu, 17 Jul 2014 15:53:34 +0800
>>>       Subject: [PATCH] commonio.c-fix-unexpected-open-failure-in-chroot-env
>>>     @@ -21,10 +21,10 @@ Signed-off-by: Chen Qi<Qi.Chen@windriver.com>  <mailto:Qi.Chen@windriver.com>
>>>        1 file changed, 12 insertions(+), 4 deletions(-)
>>>       
>>>       diff --git a/lib/commonio.c b/lib/commonio.c
>>>     -index 16fa7e7..d6bc297 100644
>>>     +index cef404b..66908fb 100644
>>>       --- a/lib/commonio.c
>>>       +++ b/lib/commonio.c
>>>     -@@ -632,10 +632,18 @@ int commonio_open (struct commonio_db *db, int mode)
>>>     +@@ -646,10 +646,18 @@ int commonio_open (struct commonio_db *db, int mode)
>>>        	db->cursor = NULL;
>>>        	db->changed = false;
>>>        
>>>     diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc
>>>     index 2cbdfbc1cf..51d2ca5f16 100644
>>>     --- a/meta/recipes-extended/shadow/shadow.inc
>>>     +++ b/meta/recipes-extended/shadow/shadow.inc
>>>     @@ -10,10 +10,12 @@ LIC_FILES_CHKSUM ="file://COPYING;md5=ed80ff1c2b40843cf5768e5229cf16e5 \ DEPENDS = "virtual/crypt"
>>>       
>>>       UPSTREAM_CHECK_URI ="https://github.com/shadow-maint/shadow/releases"  <https://github.com/shadow-maint/shadow/releases>
>>>     -SRC_URI ="https://github.com/shadow-maint/shadow/releases/download/${PV}/${BP}.tar.gz
>>>     \ +SRC_URI = "  <https://github.com/shadow-maint/shadow/releases/download/$%7BPV%7D/$%7BBP%7D.tar.gz%5C+SRC_URI=>https://github.com/shadow-maint/shadow/releases/download/v${PV}/${BP}.tar.gz  <https://github.com/shadow-maint/shadow/releases/download/v$%7BPV%7D/$%7BBP%7D.tar.gz>  \
>>>                  file://shadow-4.1.3-dots-in-usernames.patch \
>>>                  ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \
>>>                  file://shadow-relaxed-usernames.patch \
>>>     +           file://0001-Fix-out-of-tree-builds-with-respect-to-libsubid-incl.patch \
>>>     +           file://0001-libsubid-link-to-PAM-libraries.patch \
>>>                  "
>>>       
>>>       SRC_URI_append_class-target = " \
>>>     @@ -23,15 +25,13 @@ SRC_URI_append_class-target = " \
>>>       
>>>       SRC_URI_append_class-native = " \
>>>                  file://0001-Disable-use-of-syslog-for-sysroot.patch  \
>>>     -file://0002-Allow-for-setting-password-in-clear-text.patch  \
>>>                  file://commonio.c-fix-unexpected-open-failure-in-chroot-env.patch  \
>>>                  "
>>>       SRC_URI_append_class-nativesdk = " \
>>>                  file://0001-Disable-use-of-syslog-for-sysroot.patch  \
>>>                  "
>>>       
>>>     -SRC_URI[md5sum] = "3d97f11e66bfb0b14702b115fa8be480"
>>>     -SRC_URI[sha256sum] = "3ee3081fbbcbcfea5c8916419e46bc724807bab271072104f23e7a29e9668f3a"
>>>     +SRC_URI[sha256sum] = "6c4627ff9c9422b96664517ae753c944f2902e92809d0698b65f5fef11985212"
>>>       
>>>       # Additional Policy files for PAM
>>>       PAM_SRC_URI ="file://pam.d/chfn \ @@ -115,12 +115,6 @@ do_install() { # Use
>>>     proper encryption for passwords sed -i
>>>     's/^#ENCRYPT_METHOD.*$/ENCRYPT_METHOD SHA512/'
>>>     ${D}${sysconfdir}/login.defs - # Now we don't have a mail system.
>>>     Disable mail creation for now. - sed -i 's:/bin/bash:/bin/sh:g'
>>>     ${D}${sysconfdir}/default/useradd - sed -i '/^CREATE_MAIL_SPOOL/
>>>     s:^:#:' ${D}${sysconfdir}/default/useradd - - # Use users group by
>>>     default - sed -i 's,^GROUP=1000,GROUP=100,g'
>>>     ${D}${sysconfdir}/default/useradd } do_install_append() { @@
>>>     -184,13 +178,6 @@ ALTERNATIVE_${PN}-base = "newgrp groups login su"
>>>       ALTERNATIVE_LINK_NAME[login] = "${base_bindir}/login"
>>>       ALTERNATIVE_LINK_NAME[su] = "${base_bindir}/su"
>>>       
>>>     -ALTERNATIVE_${PN}-doc = "passwd.5 getspnam.3 groups.1 su.1 nologin.8"
>>>     -ALTERNATIVE_LINK_NAME[passwd.5] = "${mandir}/man5/passwd.5"
>>>     -ALTERNATIVE_LINK_NAME[getspnam.3] = "${mandir}/man3/getspnam.3"
>>>     -ALTERNATIVE_LINK_NAME[groups.1] = "${mandir}/man1/groups.1"
>>>     -ALTERNATIVE_LINK_NAME[su.1] = "${mandir}/man1/su.1"
>>>     -ALTERNATIVE_LINK_NAME[nologin.8] = "${mandir}/man8/nologin.8"
>>>     -
>>>       PACKAGE_WRITE_DEPS += "shadow-native"
>>>       pkg_postinst_${PN}_class-target () {
>>>       	if [ "x$D" != "x" ]; then
>>>     diff --git a/meta/recipes-extended/shadow/shadow_4.8.1.bb  <http://shadow_4.8.1.bb>  b/meta/recipes-extended/shadow/shadow_4.9.bb  <http://shadow_4.9.bb>
>>>     similarity index 100%
>>>     rename from meta/recipes-extended/shadow/shadow_4.8.1.bb  <http://shadow_4.8.1.bb>
>>>     rename to meta/recipes-extended/shadow/shadow_4.9.bb  <http://shadow_4.9.bb>
>>>
>>
>>
>>
>>
>>
>>
>> 
>>