From 10cdd66fe800cffe3f2cbf5c95550b4f7902a311 Mon Sep 17 00:00:00 2001 From: Ming Liu Date: Thu, 18 Jul 2013 10:04:22 +0800 Subject: libpam: add a new 'nullok_secure' option support to pam_unix Debian patch to add a new 'nullok_secure' option to pam_unix, which accepts users with null passwords only when the applicant is connected from a tty listed in /etc/securetty. The original pam_unix.so was configured with nullok_secure in meta/recipes-extended/pam/libpam/pam.d/common-auth, but no such code exists actually. The patch set comes from: http://patch-tracker.debian.org/patch/series/view/pam/1.1.3-7.1/054_pam_security_abstract_securetty_handling http://patch-tracker.debian.org/patch/series/view/pam/1.1.3-7.1/055_pam_unix_nullok_secure Signed-off-by: Ming Liu Signed-off-by: Saul Wold --- meta/recipes-extended/pam/libpam_1.1.6.bb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'meta/recipes-extended/pam/libpam_1.1.6.bb') diff --git a/meta/recipes-extended/pam/libpam_1.1.6.bb b/meta/recipes-extended/pam/libpam_1.1.6.bb index 62ad7b16a2..3d8999de41 100644 --- a/meta/recipes-extended/pam/libpam_1.1.6.bb +++ b/meta/recipes-extended/pam/libpam_1.1.6.bb @@ -23,6 +23,8 @@ SRC_URI = "http://linux-pam.org/library/Linux-PAM-${PV}.tar.bz2 \ file://reflect-the-enforce_for_root-semantics-change-in-pam.patch \ file://add-checks-for-crypt-returning-NULL.patch \ file://libpam-fix-for-CVE-2010-4708.patch \ + file://pam-security-abstract-securetty-handling.patch \ + file://pam-unix-nullok-secure.patch \ " SRC_URI[md5sum] = "7b73e58b7ce79ffa321d408de06db2c4" SRC_URI[sha256sum] = "bab887d6280f47fc3963df3b95735a27a16f0f663636163ddf3acab5f1149fc2" @@ -39,7 +41,7 @@ EXTRA_OECONF = "--with-db-uniquename=_pam \ CFLAGS_append = " -fPIC " -PR = "r2" +PR = "r3" S = "${WORKDIR}/Linux-PAM-${PV}" -- cgit 1.2.3-korg