Bump buildroot to version 2017-02

TG-3 #closed

bsp/buildroot/package/linux-pam/0003-Conditionally-compile-per-innetgr-availability.patch

@@ -1,84 +0,0 @@
-innetgr is not available/functional in uclibc, provide conditions for
-compilation.
-
-Patch originally by Dmitry Golubovsky <golubovsky@gmail.com> - porting
-to linux-pam 1.2.1.
-
-Signed-off-by: Brendan Heading <brendanheading@gmail.com>
-
-Upstream-status: pending
-
----
- modules/pam_group/pam_group.c           | 8 +++++++-
- modules/pam_succeed_if/pam_succeed_if.c | 4 ++++
- modules/pam_time/pam_time.c             | 8 +++++++-
- 3 files changed, 18 insertions(+), 2 deletions(-)
-
-diff --git a/modules/pam_group/pam_group.c b/modules/pam_group/pam_group.c
-index be5f20f..0982de8 100644
---- a/modules/pam_group/pam_group.c
-+++ b/modules/pam_group/pam_group.c
-@@ -655,8 +655,14 @@ static int check_account(pam_handle_t *pamh, const char *service,
- 	    continue;
- 	}
- 	/* If buffer starts with @, we are using netgroups */
--	if (buffer[0] == '@')
-+	if (buffer[0] == '@') {
-+#ifdef HAVE_INNETGR
- 	  good &= innetgr (&buffer[1], NULL, user, NULL);
-+#else
-+	  good = 0;
-+	  pam_syslog (pamh, LOG_ERR, "pam_group does not have netgroup support");
-+#endif  /* HAVE_INNETGR */
-+	}
- 	/* otherwise, if the buffer starts with %, it's a UNIX group */
- 	else if (buffer[0] == '%')
-           good &= pam_modutil_user_in_group_nam_nam(pamh, user, &buffer[1]);
-diff --git a/modules/pam_succeed_if/pam_succeed_if.c b/modules/pam_succeed_if/pam_succeed_if.c
-index aa828fc..c09d669 100644
---- a/modules/pam_succeed_if/pam_succeed_if.c
-+++ b/modules/pam_succeed_if/pam_succeed_if.c
-@@ -233,16 +233,20 @@ evaluate_notingroup(pam_handle_t *pamh, const char *user, const char *group)
- static int
- evaluate_innetgr(const char *host, const char *user, const char *group)
- {
-+#ifdef HAVE_INNETGR
- 	if (innetgr(group, host, user, NULL) == 1)
- 		return PAM_SUCCESS;
-+#endif /* HAVE_INNETGR */
- 	return PAM_AUTH_ERR;
- }
- /* Return PAM_SUCCESS if the (host,user) is NOT in the netgroup. */
- static int
- evaluate_notinnetgr(const char *host, const char *user, const char *group)
- {
-+#ifdef HAVE_INNETGR
- 	if (innetgr(group, host, user, NULL) == 0)
- 		return PAM_SUCCESS;
-+#endif /* HAVE_INNETGR */
- 	return PAM_AUTH_ERR;
- }
- 
-diff --git a/modules/pam_time/pam_time.c b/modules/pam_time/pam_time.c
-index c94737c..4898fd2 100644
---- a/modules/pam_time/pam_time.c
-+++ b/modules/pam_time/pam_time.c
-@@ -554,8 +554,14 @@ check_account(pam_handle_t *pamh, const char *service,
- 	       continue;
- 	  }
- 	  /* If buffer starts with @, we are using netgroups */
--	  if (buffer[0] == '@')
-+	  if (buffer[0] == '@') {
-+#ifdef HAVE_INNETGR
- 	    good &= innetgr (&buffer[1], NULL, user, NULL);
-+#else
-+	    good = 0;
-+	    pam_syslog (pamh, LOG_ERR, "pam_time does not have netgroup support");
-+#endif /* HAVE_INNETGR */
-+	  }
- 	  else
- 	    good &= logic_field(pamh, user, buffer, count, is_same);
- 	  D(("with user: %s", good ? "passes":"fails" ));
--- 
-2.4.3
-

bsp/buildroot/package/linux-pam/Config.in

@@ -3,14 +3,8 @@ config BR2_PACKAGE_LINUX_PAM
 	select BR2_PACKAGE_GETTEXT if BR2_NEEDS_GETTEXT_IF_LOCALE
 	select BR2_PACKAGE_FLEX
 	depends on (BR2_ENABLE_LOCALE && BR2_USE_WCHAR)
-	# While linux-pam does have some support for statically linked
-	# modules (through --enable-static-modules), it doesn't work
-	# properly due to a build cycle between libpam and
-	# modules. See
-	# https://lists.fedorahosted.org/pipermail/linux-pam-commits/2012-February/000105.html
-	# for details.
 	depends on !BR2_STATIC_LIBS
-	depends on !BR2_TOOLCHAIN_USES_MUSL # linux-pam
+	depends on !BR2_TOOLCHAIN_USES_MUSL
 	depends on BR2_USE_MMU # fork()
 	help
 	  A Security Framework that Provides Authentication for Applications

bsp/buildroot/package/linux-pam/linux-pam.hash

@@ -1,2 +1,2 @@
 # Locally computed hashes, not provided by upstream
-sha256	342b1211c0d3b203a7df2540a5b03a428a087bd8a48c17e49ae268f992b334d9	Linux-PAM-1.2.1.tar.bz2
+sha256 241aed1ef522f66ed672719ecf2205ec513fd0075ed80cda8e086a5b1a01d1bb  Linux-PAM-1.3.0.tar.bz2

bsp/buildroot/package/linux-pam/linux-pam.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LINUX_PAM_VERSION = 1.2.1
+LINUX_PAM_VERSION = 1.3.0
 LINUX_PAM_SOURCE = Linux-PAM-$(LINUX_PAM_VERSION).tar.bz2
 LINUX_PAM_SITE = http://linux-pam.org/library
 LINUX_PAM_INSTALL_STAGING = YES
@@ -29,6 +29,10 @@ endif
 ifeq ($(BR2_PACKAGE_LIBSELINUX),y)
 LINUX_PAM_CONF_OPTS += --enable-selinux
 LINUX_PAM_DEPENDENCIES += libselinux
+define LINUX_PAM_SELINUX_PAMFILE_TWEAK
+	$(SED) 's/^# \(.*pam_selinux.so.*\)$$/\1/' \
+		$(TARGET_DIR)/etc/pam.d/login
+endef
 else
 LINUX_PAM_CONF_OPTS += --disable-selinux
 endif
@@ -46,6 +50,7 @@ define LINUX_PAM_INSTALL_CONFIG
 		$(TARGET_DIR)/etc/pam.d/login
 	$(INSTALL) -m 0644 -D package/linux-pam/other.pam \
 		$(TARGET_DIR)/etc/pam.d/other
+	$(LINUX_PAM_SELINUX_PAMFILE_TWEAK)
 endef
 
 LINUX_PAM_POST_INSTALL_TARGET_HOOKS += LINUX_PAM_INSTALL_CONFIG

bsp/buildroot/package/linux-pam/login.pam

@@ -4,7 +4,9 @@ account		required	pam_unix.so
 
 password	required	pam_unix.so nullok
 
+# session	required	pam_selinux.so close
 session		required	pam_limits.so
 session		required	pam_env.so
 session		required	pam_unix.so
 session		optional	pam_lastlog.so
+# session	required	pam_selinux.so open