shadow: update 4.6 -> 4.8

Drop two backports. Remove 0001-useradd.c-create-parent-directories-when-necessary.patch as upstream has addressed the issue: https://github.com/shadow-maint/shadow/commit/b3b6d9d77c1d18b98670b97157777bb74092cd69 Rebase the rest of the paches. Add a patch to remove the check for validity of login shells which does not work in our environment. Disable sssd cache support as that needs Fedora-specific tooling. (From OE-Core rev: fee6c063dfb80425caa7080083c61d1544d929c6) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2026-06-02 01:19:52 +00:00 · 2019-12-04 17:56:00 +01:00
parent 40f28d15c5
commit af2b2c4d9f
10 changed files with 133 additions and 333 deletions
@@ -1,4 +1,4 @@
-From 8cf3454d567f77233023be49a39a33e9f0836f89 Mon Sep 17 00:00:00 2001
+From fa2d9453656641002802d8165e80adb9e6a729d2 Mon Sep 17 00:00:00 2001
 From: Scott Garman <scott.a.garman@intel.com>
 Date: Thu, 14 Apr 2016 12:28:57 +0200
 Subject: [PATCH] Disable use of syslog for sysroot
@@ -12,6 +12,7 @@ Upstream-Status: Inappropriate [disable feature]
 Signed-off-by: Scott Garman <scott.a.garman@intel.com>
 Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
 Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
 ---
 src/groupadd.c  | 3 +++
 src/groupdel.c  | 3 +++
@@ -23,7 +24,7 @@ Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
 7 files changed, 21 insertions(+)
 diff --git a/src/groupadd.c b/src/groupadd.c
-index 63e1c48..a596c49 100644
+index 2dd8eec..e9c4bb7 100644
 --- a/src/groupadd.c
 +++ b/src/groupadd.c
@@ -34,6 +34,9 @@
@@ -37,7 +38,7 @@ index 63e1c48..a596c49 100644
 #include <fcntl.h>
 #include <getopt.h>
 diff --git a/src/groupdel.c b/src/groupdel.c
-index 70bed01..ababd81 100644
+index f941a84..5a70056 100644
 --- a/src/groupdel.c
 +++ b/src/groupdel.c
@@ -34,6 +34,9 @@
@@ -65,7 +66,7 @@ index fc91c8b..2842514 100644
 #include <getopt.h>
 #include <grp.h>
 diff --git a/src/groupmod.c b/src/groupmod.c
-index 72daf2c..8965f9d 100644
+index 1dca5fc..bc14438 100644
 --- a/src/groupmod.c
 +++ b/src/groupmod.c
@@ -34,6 +34,9 @@
@@ -79,7 +80,7 @@ index 72daf2c..8965f9d 100644
 #include <fcntl.h>
 #include <getopt.h>
 diff --git a/src/useradd.c b/src/useradd.c
-index 3aaf45c..1ab9174 100644
+index 4af0f7c..1b7bf06 100644
 --- a/src/useradd.c
 +++ b/src/useradd.c
@@ -34,6 +34,9 @@
@@ -93,7 +94,7 @@ index 3aaf45c..1ab9174 100644
 #include <ctype.h>
 #include <errno.h>
 diff --git a/src/userdel.c b/src/userdel.c
-index c8de1d3..24d3ea9 100644
+index cc951e5..153e0be 100644
 --- a/src/userdel.c
 +++ b/src/userdel.c
@@ -34,6 +34,9 @@
@@ -107,7 +108,7 @@ index c8de1d3..24d3ea9 100644
 #include <errno.h>
 #include <fcntl.h>
 diff --git a/src/usermod.c b/src/usermod.c
-index ccfbb99..24fb60d 100644
+index 05b9871..21c6da9 100644
 --- a/src/usermod.c
 +++ b/src/usermod.c
@@ -34,6 +34,9 @@
@@ -120,6 +121,3 @@ index ccfbb99..24fb60d 100644
 #include <assert.h>
 #include <ctype.h>
 #include <errno.h>
 -- 
 2.11.0
@@ -0,0 +1,29 @@
 From 0d0aded7307a9f4ee0d299951512acd18b3e029e Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex.kanavin@gmail.com>
 Date: Wed, 4 Dec 2019 19:28:48 +0100
 Subject: [PATCH] Do not check for validity of shell executable.
 This kind of check fails when building a rootfs.
 Upstream-Status: Inappropriate [oe-core specific]
 Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
 ---
 src/useradd.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)
 diff --git a/src/useradd.c b/src/useradd.c
 index 4af0f7c..898fe02 100644
 --- a/src/useradd.c
 +++ b/src/useradd.c
@@ -1328,10 +1328,7 @@ static void process_flags (int argc, char **argv)
 				if (   ( !VALID (optarg) )
 				    || (   ('\0' != optarg[0])
 				        && ('/'  != optarg[0])
 -				        && ('*'  != optarg[0]) )
 -				    || (stat(optarg, &st) != 0)
 -				    || (S_ISDIR(st.st_mode))
 -				    || (access(optarg, X_OK) != 0)) {
 +				        && ('*'  != optarg[0]) )) {
 					fprintf (stderr,
 					         _("%s: invalid shell '%s'\n"),
 					         Prog, optarg);
@@ -1,89 +0,0 @@
 From fe34a2a0e44bc80ff213bfd185046a5f10c94997 Mon Sep 17 00:00:00 2001
 From: Chris Lamb <chris@chris-lamb.co.uk>
 Date: Wed, 2 Jan 2019 18:06:16 +0000
 Subject: [PATCH 1/2] Make the sp_lstchg shadow field reproducible (re. #71)
 From <https://github.com/shadow-maint/shadow/pull/71>:
 ```
 The third field in the /etc/shadow file (sp_lstchg) contains the date of
 the last password change expressed as the number of days since Jan 1, 1970.
 As this is a relative time, creating a user today will result in:
 username:17238:0:99999:7:::
 whilst creating the same user tomorrow will result in:
 username:17239:0:99999:7:::
 This has an impact for the Reproducible Builds[0] project where we aim to
 be independent of as many elements the build environment as possible,
 including the current date.
 This patch changes the behaviour to use the SOURCE_DATE_EPOCH[1]
 environment variable (instead of Jan 1, 1970) if valid.
 ```
 This updated PR adds some missing calls to gettime (). This was originally
 filed by Johannes Schauer in Debian as #917773 [2].
 [0] https://reproducible-builds.org/
 [1] https://reproducible-builds.org/specs/source-date-epoch/
 [2] https://bugs.debian.org/917773
 Upstream-Status: Backport
 Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
 ---
 libmisc/pwd2spwd.c | 3 +--
 src/pwck.c         | 2 +-
 src/pwconv.c       | 2 +-
 3 files changed, 3 insertions(+), 4 deletions(-)
 diff --git a/libmisc/pwd2spwd.c b/libmisc/pwd2spwd.c
 index c1b9b29ac873..6799dd50d490 100644
 --- a/libmisc/pwd2spwd.c
 +++ b/libmisc/pwd2spwd.c
@@ -40,7 +40,6 @@
 #include "prototypes.h"
 #include "defines.h"
 #include <pwd.h>
 -extern time_t time (time_t *);
 /*
  * pwd_to_spwd - create entries for new spwd structure
@@ -66,7 +65,7 @@ struct spwd *pwd_to_spwd (const struct passwd *pw)
 		 */
 		sp.sp_min = 0;
 		sp.sp_max = (10000L * DAY) / SCALE;
 -		sp.sp_lstchg = (long) time ((time_t *) 0) / SCALE;
 +		sp.sp_lstchg = (long) gettime () / SCALE;
 		if (0 == sp.sp_lstchg) {
 			/* Better disable aging than requiring a password
 			 * change */
 diff --git a/src/pwck.c b/src/pwck.c
 index 0ffb711efb13..f70071b12500 100644
 --- a/src/pwck.c
 +++ b/src/pwck.c
@@ -609,7 +609,7 @@ static void check_pw_file (int *errors, bool *changed)
 					sp.sp_inact  = -1;
 					sp.sp_expire = -1;
 					sp.sp_flag   = SHADOW_SP_FLAG_UNSET;
 -					sp.sp_lstchg = (long) time ((time_t *) 0) / SCALE;
 +					sp.sp_lstchg = (long) gettime () / SCALE;
 					if (0 == sp.sp_lstchg) {
 						/* Better disable aging than
 						 * requiring a password change
 diff --git a/src/pwconv.c b/src/pwconv.c
 index 9c69fa131d8e..f932f266c59c 100644
 --- a/src/pwconv.c
 +++ b/src/pwconv.c
@@ -267,7 +267,7 @@ int main (int argc, char **argv)
 			spent.sp_flag   = SHADOW_SP_FLAG_UNSET;
 		}
 		spent.sp_pwdp = pw->pw_passwd;
 -		spent.sp_lstchg = (long) time ((time_t *) 0) / SCALE;
 +		spent.sp_lstchg = (long) gettime () / SCALE;
 		if (0 == spent.sp_lstchg) {
 			/* Better disable aging than requiring a password
 			 * change */
 -- 
 2.17.1
@@ -1,36 +0,0 @@
 From 3c52a84ff8775590e7e9da9c0d4408c23494305e Mon Sep 17 00:00:00 2001
 From: Yi Zhao <yi.zhao@windriver.com>
 Date: Mon, 17 Jun 2019 15:36:34 +0800
 Subject: [PATCH] configure.ac: fix configure error with dash
 A configure error occurs when /bin/sh -> dash:
  checking for is_selinux_enabled in -lselinux... yes
  checking for semanage_connect in -lsemanage... yes
  configure: 16322: test: yesyes: unexpected operator
 Use "=" instead of "==" since dash doesn't support this operator.
 Upstream-Status: Backport
 [https://github.com/shadow-maint/shadow/commit/3c52a84ff8775590e7e9da9c0d4408c23494305e]
 Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
 ---
 configure.ac | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/configure.ac b/configure.ac
 index 6762556..1907afb 100644
 --- a/configure.ac
 +++ b/configure.ac
@@ -500,7 +500,7 @@ if test "$with_selinux" != "no"; then
 			AC_MSG_ERROR([libsemanage not found])
 		fi
 -		if test "$selinux_lib$semanage_lib" == "yesyes" ; then
 +		if test "$selinux_lib$semanage_lib" = "yesyes" ; then
 			AC_DEFINE(WITH_SELINUX, 1,
 			          [Build shadow with SELinux support])
 			LIBSELINUX="-lselinux"
 -- 
 2.7.4
@@ -1,116 +0,0 @@
 Subject: [PATCH] useradd.c: create parent directories when necessary
 Upstream-Status: Inappropriate [OE specific]
 Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
 ---
 src/useradd.c | 80 +++++++++++++++++++++++++++++++++++++++--------------------
 1 file changed, 53 insertions(+), 27 deletions(-)
 diff --git a/src/useradd.c b/src/useradd.c
 index 00a3c30..9ecbb58 100644
 --- a/src/useradd.c
 +++ b/src/useradd.c
@@ -2021,6 +2021,35 @@ static void usr_update (void)
 }
 /*
 + * mkdir_p - create directories, including parent directories when needed
 + *
 + * similar to `mkdir -p'
 + */
 +void mkdir_p(const char *path) {
 +	int len = strlen(path);
 +	char newdir[len + 1];
 +	mode_t mode = 0755;
 +	int i = 0;
 +
 +	if (path[i] == '\0') {
 +		return;
 +	}
 +
 +	/* skip the leading '/' */
 +	i++;
 +
 +	while(path[i] != '\0') {
 +		if (path[i] == '/') {
 +			strncpy(newdir, path, i);
 +			newdir[i] = '\0';
 +			mkdir(newdir, mode);
 +		}
 +		i++;
 +	}
 +	mkdir(path, mode);
 +}
 +
 +/*
  * create_home - create the user's home directory
  *
  *	create_home() creates the user's home directory if it does not
@@ -2038,39 +2067,36 @@ static void create_home (void)
 			fail_exit (E_HOMEDIR);
 		}
 #endif
 -		/* XXX - create missing parent directories.  --marekm */
 -		if (mkdir (prefix_user_home, 0) != 0) {
 -			fprintf (stderr,
 -			         _("%s: cannot create directory %s\n"),
 -			         Prog, prefix_user_home);
 +		mkdir_p(user_home);
 +	}
 +	if (access (prefix_user_home, F_OK) != 0) {
 #ifdef WITH_AUDIT
 -			audit_logger (AUDIT_ADD_USER, Prog,
 -			              "adding home directory",
 -			              user_name, (unsigned int) user_id,
 -			              SHADOW_AUDIT_FAILURE);
 +		audit_logger (AUDIT_ADD_USER, Prog,
 +			      "adding home directory",
 +			      user_name, (unsigned int) user_id,
 +			      SHADOW_AUDIT_FAILURE);
 #endif
 -			fail_exit (E_HOMEDIR);
 -		}
 -		(void) chown (prefix_user_home, user_id, user_gid);
 -		chmod (prefix_user_home,
 -		       0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));
 -		home_added = true;
 +		fail_exit (E_HOMEDIR);
 +	}
 +	(void) chown (prefix_user_home, user_id, user_gid);
 +	chmod (prefix_user_home,
 +	       0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));
 +	home_added = true;
 #ifdef WITH_AUDIT
 -		audit_logger (AUDIT_ADD_USER, Prog,
 -		              "adding home directory",
 -		              user_name, (unsigned int) user_id,
 -		              SHADOW_AUDIT_SUCCESS);
 +	audit_logger (AUDIT_ADD_USER, Prog,
 +		      "adding home directory",
 +		      user_name, (unsigned int) user_id,
 +		      SHADOW_AUDIT_SUCCESS);
 #endif
 #ifdef WITH_SELINUX
 -		/* Reset SELinux to create files with default contexts */
 -		if (reset_selinux_file_context () != 0) {
 -			fprintf (stderr,
 -			         _("%s: cannot reset SELinux file creation context\n"),
 -			         Prog);
 -			fail_exit (E_HOMEDIR);
 -		}
 -#endif
 +	/* Reset SELinux to create files with default contexts */
 +	if (reset_selinux_file_context () != 0) {
 +		fprintf (stderr,
 +			 _("%s: cannot reset SELinux file creation context\n"),
 +			 Prog);
 +		fail_exit (E_HOMEDIR);
 	}
 +#endif
 }
 /*
 -- 
 2.11.0
@@ -1,8 +1,12 @@
 From a7d995228491ad5255ad86c1f04ba071f6880897 Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Sat, 16 Nov 2013 15:27:47 +0800
 Subject: [PATCH] Allow for setting password in clear text
 Upstream-Status: Inappropriate [OE specific]
 Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
 ---
 src/Makefile.am |  8 ++++----
 src/groupadd.c  | 20 +++++++++++++++-----
@@ -12,39 +16,39 @@ Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
 5 files changed, 64 insertions(+), 25 deletions(-)
 diff --git a/src/Makefile.am b/src/Makefile.am
-index 3c98a8d..b8093d5 100644
+index f31fd7a..4a317a3 100644
 --- a/src/Makefile.am
 +++ b/src/Makefile.am
-@@ -93,10 +93,10 @@ chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT)
+@@ -103,10 +103,10 @@ chsh_LDADD     = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM)
- chsh_LDADD     = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
+ chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF)
- chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT)
+ expiry_LDADD = $(LDADD) $(LIBECONF)
- gpasswd_LDADD  = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT)
+ gpasswd_LDADD  = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF)
-groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
+-groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
-+groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT)
+groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) $(LIBCRYPT)
- groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
+ groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
- groupmems_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX)
+ groupmems_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
-groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
+-groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
-+groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT)
+groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) $(LIBCRYPT)
- grpck_LDADD    = $(LDADD) $(LIBSELINUX)
+ grpck_LDADD    = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
- grpconv_LDADD  = $(LDADD) $(LIBSELINUX)
+ grpconv_LDADD  = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
- grpunconv_LDADD = $(LDADD) $(LIBSELINUX)
+ grpunconv_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
-@@ -117,9 +117,9 @@ su_SOURCES     = \
+@@ -127,9 +127,9 @@ su_SOURCES     = \
 	suauth.c
- su_LDADD       = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
+ su_LDADD       = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF)
- sulogin_LDADD  = $(LDADD) $(LIBCRYPT)
+ sulogin_LDADD  = $(LDADD) $(LIBCRYPT) $(LIBECONF)
-useradd_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR)
+-useradd_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF)
-+useradd_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBCRYPT)
+useradd_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) $(LIBCRYPT)
- userdel_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE)
+ userdel_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBECONF)
-usermod_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR)
+-usermod_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF)
-+usermod_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBCRYPT)
+usermod_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) $(LIBCRYPT)
- vipw_LDADD     = $(LDADD) $(LIBSELINUX)
+ vipw_LDADD     = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
 install-am: all-am
 diff --git a/src/groupadd.c b/src/groupadd.c
-index b57006c..63e1c48 100644
+index e9c4bb7..d572c00 100644
 --- a/src/groupadd.c
 +++ b/src/groupadd.c
-@@ -123,9 +123,10 @@ static /*@noreturn@*/void usage (int status)
+@@ -127,9 +127,10 @@ static /*@noreturn@*/void usage (int status)
 	(void) fputs (_("  -o, --non-unique              allow to create groups with duplicate\n"
 	                "                                (non-unique) GID\n"), usageout);
 	(void) fputs (_("  -p, --password PASSWORD       use this encrypted password for the new group\n"), usageout);
@@ -56,7 +60,7 @@ index b57006c..63e1c48 100644
 	(void) fputs ("\n", usageout);
 	exit (status);
 }
-@@ -387,13 +388,14 @@ static void process_flags (int argc, char **argv)
+@@ -391,13 +392,14 @@ static void process_flags (int argc, char **argv)
 		{"key",        required_argument, NULL, 'K'},
 		{"non-unique", no_argument,       NULL, 'o'},
 		{"password",   required_argument, NULL, 'p'},
@@ -73,7 +77,7 @@ index b57006c..63e1c48 100644
 		                 long_options, NULL)) != -1) {
 		switch (c) {
 		case 'f':
-@@ -445,12 +447,20 @@ static void process_flags (int argc, char **argv)
+@@ -449,12 +451,20 @@ static void process_flags (int argc, char **argv)
 			pflg = true;
 			group_passwd = optarg;
 			break;
@@ -95,7 +99,7 @@ index b57006c..63e1c48 100644
 			break;
 		default:
 			usage (E_USAGE);
-@@ -584,7 +594,7 @@ int main (int argc, char **argv)
+@@ -588,7 +598,7 @@ int main (int argc, char **argv)
 	(void) textdomain (PACKAGE);
 	process_root_flag ("-R", argc, argv);
@@ -105,10 +109,10 @@ index b57006c..63e1c48 100644
 	OPENLOG ("groupadd");
 #ifdef WITH_AUDIT
 diff --git a/src/groupmod.c b/src/groupmod.c
-index b293b98..72daf2c 100644
+index bc14438..25ccb44 100644
 --- a/src/groupmod.c
 +++ b/src/groupmod.c
-@@ -134,8 +134,9 @@ static void usage (int status)
+@@ -138,8 +138,9 @@ static void usage (int status)
 	(void) fputs (_("  -o, --non-unique              allow to use a duplicate (non-unique) GID\n"), usageout);
 	(void) fputs (_("  -p, --password PASSWORD       change the password to this (encrypted)\n"
 	                "                                PASSWORD\n"), usageout);
@@ -119,7 +123,7 @@ index b293b98..72daf2c 100644
 	(void) fputs ("\n", usageout);
 	exit (status);
 }
-@@ -383,11 +384,12 @@ static void process_flags (int argc, char **argv)
+@@ -387,11 +388,12 @@ static void process_flags (int argc, char **argv)
 		{"new-name",   required_argument, NULL, 'n'},
 		{"non-unique", no_argument,       NULL, 'o'},
 		{"password",   required_argument, NULL, 'p'},
@@ -134,7 +138,7 @@ index b293b98..72daf2c 100644
 		                 long_options, NULL)) != -1) {
 		switch (c) {
 		case 'g':
-@@ -414,9 +416,17 @@ static void process_flags (int argc, char **argv)
+@@ -418,9 +420,17 @@ static void process_flags (int argc, char **argv)
 			group_passwd = optarg;
 			pflg = true;
 			break;
@@ -153,7 +157,7 @@ index b293b98..72daf2c 100644
 			break;
 		default:
 			usage (E_USAGE);
-@@ -757,7 +767,7 @@ int main (int argc, char **argv)
+@@ -761,7 +771,7 @@ int main (int argc, char **argv)
 	(void) textdomain (PACKAGE);
 	process_root_flag ("-R", argc, argv);
@@ -163,10 +167,10 @@ index b293b98..72daf2c 100644
 	OPENLOG ("groupmod");
 #ifdef WITH_AUDIT
 diff --git a/src/useradd.c b/src/useradd.c
-index c74e491..7214e72 100644
+index 1b7bf06..44f09e2 100644
 --- a/src/useradd.c
 +++ b/src/useradd.c
-@@ -829,9 +829,10 @@ static void usage (int status)
+@@ -853,9 +853,10 @@ static void usage (int status)
 	(void) fputs (_("  -o, --non-unique              allow to create users with duplicate\n"
 	                "                                (non-unique) UID\n"), usageout);
 	(void) fputs (_("  -p, --password PASSWORD       encrypted password of the new account\n"), usageout);
@@ -178,7 +182,7 @@ index c74e491..7214e72 100644
 	(void) fputs (_("  -s, --shell SHELL             login shell of the new account\n"), usageout);
 	(void) fputs (_("  -u, --uid UID                 user ID of the new account\n"), usageout);
 	(void) fputs (_("  -U, --user-group              create a group with the same name as the user\n"), usageout);
-@@ -1104,9 +1105,10 @@ static void process_flags (int argc, char **argv)
+@@ -1133,9 +1134,10 @@ static void process_flags (int argc, char **argv)
 			{"no-user-group",  no_argument,       NULL, 'N'},
 			{"non-unique",     no_argument,       NULL, 'o'},
 			{"password",       required_argument, NULL, 'p'},
@@ -190,7 +194,7 @@ index c74e491..7214e72 100644
 			{"shell",          required_argument, NULL, 's'},
 			{"uid",            required_argument, NULL, 'u'},
 			{"user-group",     no_argument,       NULL, 'U'},
-@@ -1117,9 +1119,9 @@ static void process_flags (int argc, char **argv)
+@@ -1146,9 +1148,9 @@ static void process_flags (int argc, char **argv)
 		};
 		while ((c = getopt_long (argc, argv,
 #ifdef WITH_SELINUX
@@ -202,7 +206,7 @@ index c74e491..7214e72 100644
 #endif				/* !WITH_SELINUX */
 		                         long_options, NULL)) != -1) {
 			switch (c) {
-@@ -1285,12 +1287,19 @@ static void process_flags (int argc, char **argv)
+@@ -1320,12 +1322,19 @@ static void process_flags (int argc, char **argv)
 				}
 				user_pass = optarg;
 				break;
@@ -223,7 +227,7 @@ index c74e491..7214e72 100644
 				break;
 			case 's':
 				if (   ( !VALID (optarg) )
-@@ -2148,7 +2157,7 @@ int main (int argc, char **argv)
+@@ -2257,7 +2266,7 @@ int main (int argc, char **argv)
 	process_root_flag ("-R", argc, argv);
@@ -233,10 +237,10 @@ index c74e491..7214e72 100644
 	OPENLOG ("useradd");
 #ifdef WITH_AUDIT
 diff --git a/src/usermod.c b/src/usermod.c
-index e571426..ccfbb99 100644
+index 21c6da9..cffdb3e 100644
 --- a/src/usermod.c
 +++ b/src/usermod.c
-@@ -424,8 +424,9 @@ static /*@noreturn@*/void usage (int status)
+@@ -431,8 +431,9 @@ static /*@noreturn@*/void usage (int status)
 	                "                                new location (use only with -d)\n"), usageout);
 	(void) fputs (_("  -o, --non-unique              allow using duplicate (non-unique) UID\n"), usageout);
 	(void) fputs (_("  -p, --password PASSWORD       use encrypted password for the new password\n"), usageout);
@@ -247,7 +251,7 @@ index e571426..ccfbb99 100644
 	(void) fputs (_("  -s, --shell SHELL             new login shell for the user account\n"), usageout);
 	(void) fputs (_("  -u, --uid UID                 new UID for the user account\n"), usageout);
 	(void) fputs (_("  -U, --unlock                  unlock the user account\n"), usageout);
-@@ -1002,8 +1003,9 @@ static void process_flags (int argc, char **argv)
+@@ -1010,8 +1011,9 @@ static void process_flags (int argc, char **argv)
 			{"move-home",    no_argument,       NULL, 'm'},
 			{"non-unique",   no_argument,       NULL, 'o'},
 			{"password",     required_argument, NULL, 'p'},
@@ -258,16 +262,16 @@ index e571426..ccfbb99 100644
 			{"shell",        required_argument, NULL, 's'},
 			{"uid",          required_argument, NULL, 'u'},
 			{"unlock",       no_argument,       NULL, 'U'},
-@@ -1019,7 +1021,7 @@ static void process_flags (int argc, char **argv)
+@@ -1027,7 +1029,7 @@ static void process_flags (int argc, char **argv)
 			{NULL, 0, NULL, '\0'}
 		};
 		while ((c = getopt_long (argc, argv,
-		                         "ac:d:e:f:g:G:hl:Lmop:R:s:u:UP:"
+-		                         "abc:d:e:f:g:G:hl:Lmop:R:s:u:UP:"
-+		                         "ac:d:e:f:g:G:hl:Lmop:P:R:s:u:UA:"
+		                         "abc:d:e:f:g:G:hl:Lmop:P:R:s:u:UA:"
 #ifdef ENABLE_SUBIDS
 		                         "v:w:V:W:"
 #endif				/* ENABLE_SUBIDS */
-@@ -1119,9 +1121,17 @@ static void process_flags (int argc, char **argv)
+@@ -1130,9 +1132,17 @@ static void process_flags (int argc, char **argv)
 				user_pass = optarg;
 				pflg = true;
 				break;
@@ -286,7 +290,7 @@ index e571426..ccfbb99 100644
 				break;
 			case 's':
 				if (!VALID (optarg)) {
-@@ -2098,7 +2108,7 @@ int main (int argc, char **argv)
+@@ -2127,7 +2137,7 @@ int main (int argc, char **argv)
 	(void) textdomain (PACKAGE);
 	process_root_flag ("-R", argc, argv);
@@ -295,6 +299,3 @@ index e571426..ccfbb99 100644
 	OPENLOG ("usermod");
 #ifdef WITH_AUDIT
 -- 
 2.11.0
@@ -1,3 +1,8 @@
 From 66533c7c6f347d257020675a1ed6e0c59cbbc3f0 Mon Sep 17 00:00:00 2001
 From: Chen Qi <Qi.Chen@windriver.com>
 Date: Thu, 17 Jul 2014 15:53:34 +0800
 Subject: [PATCH] commonio.c-fix-unexpected-open-failure-in-chroot-env
 Upstream-Status: Inappropriate [OE specific]
 commonio.c: fix unexpected open failure in chroot environment
@@ -10,15 +15,16 @@ Note that this patch doesn't change the logic in the code, it just expands
 the codes.
 Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
 ---
- lib/commonio.c |   16 ++++++++++++----
+ lib/commonio.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)
 diff --git a/lib/commonio.c b/lib/commonio.c
-index cc536bf..51cafd9 100644
+index 16fa7e7..d6bc297 100644
 --- a/lib/commonio.c
 +++ b/lib/commonio.c
-@@ -613,10 +613,18 @@ int commonio_open (struct commonio_db *db, int mode)
+@@ -632,10 +632,18 @@ int commonio_open (struct commonio_db *db, int mode)
 	db->cursor = NULL;
 	db->changed = false;
@@ -41,6 +47,3 @@ index cc536bf..51cafd9 100644
 	db->fp = NULL;
 	if (fd >= 0) {
 #ifdef WITH_TCB
 -- 
 1.7.9.5
@@ -1,26 +1,37 @@
 From ca472d6866e545aaa70a70020e3226f236a8aafc Mon Sep 17 00:00:00 2001
 From: Shan Hai <shan.hai@windriver.com>
 Date: Tue, 13 Sep 2016 13:45:46 +0800
 Subject: [PATCH] shadow: use relaxed usernames
 The groupadd from shadow does not allow upper case group names, the
 same is true for the upstream shadow. But distributions like
 Debian/Ubuntu/CentOS has their own way to cope with this problem,
 this patch is picked up from CentOS release 7.0 to relax the usernames
 restrictions to allow the upper case group names, and the relaxation is
-POSIX compliant because POSIX indicate that usernames are composed of 
+POSIX compliant because POSIX indicate that usernames are composed of
 characters from the portable filename character set [A-Za-z0-9._-].
 Upstream-Status: Pending
-Signed-off-by: Shan Hai <shan.hai@windriver.com> 
+Signed-off-by: Shan Hai <shan.hai@windriver.com>
-diff -urpN a/libmisc/chkname.c b/libmisc/chkname.c
+---
-index 5089112..f40a0da 100644
+ libmisc/chkname.c  | 30 ++++++++++++++++++------------
 man/groupadd.8.xml |  6 ------
 man/useradd.8.xml  |  8 +-------
 3 files changed, 19 insertions(+), 25 deletions(-)
 diff --git a/libmisc/chkname.c b/libmisc/chkname.c
 index 90f185c..65762b4 100644
 --- a/libmisc/chkname.c
 +++ b/libmisc/chkname.c
-@@ -49,21 +49,28 @@
+@@ -55,22 +55,28 @@ static bool is_valid_name (const char *name)
- static bool is_valid_name (const char *name)
+ 	}
- {
+ 
 	/*
 -	 * User/group names must match [a-z_][a-z0-9_-]*[$]
 -	 */
 -
 -	if (('\0' == *name) ||
 -	    !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) {
 +         * User/group names must match gnu e-regex:
@@ -55,28 +66,28 @@ index 5089112..f40a0da 100644
 			return false;
 		}
 	}
-diff -urpN a/man/groupadd.8.xml b/man/groupadd.8.xml
+diff --git a/man/groupadd.8.xml b/man/groupadd.8.xml
-index 230fd0c..94f7807 100644
+index 1e58f09..d804b61 100644
 --- a/man/groupadd.8.xml
 +++ b/man/groupadd.8.xml
-@@ -222,12 +222,6 @@
+@@ -272,12 +272,6 @@
    <refsect1 id='caveats'>
      <title>CAVEATS</title>
-      <para>
+-     <para>
 -       Groupnames must start with a lower case letter or an underscore,
 -       followed by lower case letters, digits, underscores, or dashes.
 -       They can end with a dollar sign.
 -       In regular expression terms: [a-z_][a-z0-9_-]*[$]?
 -     </para>
-     <para>
+      <para>
        Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long.
      </para>
-      <para>
+diff --git a/man/useradd.8.xml b/man/useradd.8.xml
-diff -urpN a/man/useradd.8.xml b/man/useradd.8.xml
+index a16d730..c0bd777 100644
 index 5dec989..fe623b9 100644
 --- a/man/useradd.8.xml
 +++ b/man/useradd.8.xml
-@@ -336,7 +336,7 @@
+@@ -366,7 +366,7 @@
 	</term>
 	<listitem>
 	  <para>
@@ -85,16 +96,16 @@ index 5dec989..fe623b9 100644
 	    wide setting from <filename>/etc/login.defs</filename>
 	    (<option>CREATE_HOME</option>) is set to
 	    <replaceable>yes</replaceable>.
-@@ -607,12 +607,6 @@
+@@ -660,12 +660,6 @@
       the user account creation request.
     </para>
-     <para>
+-    <para>
 -      Usernames must start with a lower case letter or an underscore,
 -      followed by lower case letters, digits, underscores, or dashes.
 -      They can end with a dollar sign.
 -      In regular expression terms: [a-z_][a-z0-9_-]*[$]?
 -    </para>
-    <para>
+     <para>
       Usernames may only be up to 32 characters long.
     </para>
   </refsect1>
@@ -11,8 +11,6 @@ DEPENDS = "virtual/crypt"
 UPSTREAM_CHECK_URI = "https://github.com/shadow-maint/shadow/releases"
 SRC_URI = "https://github.com/shadow-maint/shadow/releases/download/${PV}/${BP}.tar.gz \
           file://shadow-4.1.3-dots-in-usernames.patch \
           file://0001-Make-the-sp_lstchg-shadow-field-reproducible-re.-71.patch  \
           file://0001-configure.ac-fix-configure-error-with-dash.patch \
           ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \
           file://shadow-relaxed-usernames.patch \
           "
@@ -24,16 +22,16 @@ SRC_URI_append_class-target = " \
 SRC_URI_append_class-native = " \
           file://0001-Disable-use-of-syslog-for-sysroot.patch \
-           file://allow-for-setting-password-in-clear-text.patch \
+           file://0002-Allow-for-setting-password-in-clear-text.patch \
           file://commonio.c-fix-unexpected-open-failure-in-chroot-env.patch \
-           file://0001-useradd.c-create-parent-directories-when-necessary.patch \
+           file://0001-Do-not-check-for-validity-of-shell-executable.patch \
           "
 SRC_URI_append_class-nativesdk = " \
           file://0001-Disable-use-of-syslog-for-sysroot.patch \
           "
-SRC_URI[md5sum] = "36feb15665338ae3de414f2a88e434db"
+SRC_URI[md5sum] = "017ac773ba370bc28e157cee30dad71a"
-SRC_URI[sha256sum] = "4668f99bd087399c4a586084dc3b046b75f560720d83e92fd23bf7a89dda4d31"
+SRC_URI[sha256sum] = "82016d65317555fc8ce9e669eb187984d8d4b1f8ecda0769f4bc5412aed326e4"
 # Additional Policy files for PAM
 PAM_SRC_URI = "file://pam.d/chfn \
@@ -53,6 +51,7 @@ EXTRA_OECONF += "--without-audit \
                 --without-selinux \
                 --with-group-name-max-length=24 \
                 --enable-subordinate-ids=yes \
                 --without-sssd \
                 ${NSCDOPT}"
 NSCDOPT = ""