shadow: upgrade to 4.1.4.3 to fix security vulnerability

For CVE-2011-0721: http://lists.debian.org/debian-security-announce/2011/msg00030.html

Signed-off-by: Yu Ke <ke.yu@intel.com>

7 files changed, 0 insertions, 197 deletions

diff --git a/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/chfn b/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/chfn
deleted file mode 100644
index baf7698bb..000000000
--- a/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/chfn
+++ /dev/null
@@ -1,14 +0,0 @@
-#
-# The PAM configuration file for the Shadow `chfn' service
-#
-
-# This allows root to change user infomation without being
-# prompted for a password
-auth		sufficient	pam_rootok.so
-
-# The standard Unix authentication modules, used with
-# NIS (man nsswitch) as well as normal /etc/passwd and
-# /etc/shadow entries.
-auth       include      common-auth
-account    include      common-account
-session    include      common-session
diff --git a/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/chpasswd b/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/chpasswd
deleted file mode 100644
index 9e3efa68b..000000000
--- a/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/chpasswd
+++ /dev/null
@@ -1,4 +0,0 @@
-# The PAM configuration file for the Shadow 'chpasswd' service
-#
-
-password   include      common-password
diff --git a/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/chsh b/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/chsh
deleted file mode 100644
index 8fb169f64..000000000
--- a/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/chsh
+++ /dev/null
@@ -1,19 +0,0 @@
-#
-# The PAM configuration file for the Shadow `chsh' service
-#
-
-# This will not allow a user to change their shell unless
-# their current one is listed in /etc/shells. This keeps
-# accounts with special shells from changing them.
-auth       required   pam_shells.so
-
-# This allows root to change user shell without being
-# prompted for a password
-auth		sufficient	pam_rootok.so
-
-# The standard Unix authentication modules, used with
-# NIS (man nsswitch) as well as normal /etc/passwd and
-# /etc/shadow entries.
-auth       include      common-auth
-account    include      common-account
-session    include      common-session
diff --git a/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/login b/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/login
deleted file mode 100644
index e41eb04ec..000000000
--- a/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/login
+++ /dev/null
@@ -1,91 +0,0 @@
-#
-# The PAM configuration file for the Shadow `login' service
-#
-
-# Enforce a minimal delay in case of failure (in microseconds).
-# (Replaces the `FAIL_DELAY' setting from login.defs)
-# Note that other modules may require another minimal delay. (for example,
-# to disable any delay, you should add the nodelay option to pam_unix)
-auth       optional   pam_faildelay.so  delay=3000000
-
-# Outputs an issue file prior to each login prompt (Replaces the
-# ISSUE_FILE option from login.defs). Uncomment for use
-# auth       required   pam_issue.so issue=/etc/issue
-
-# Disallows root logins except on tty's listed in /etc/securetty
-# (Replaces the `CONSOLE' setting from login.defs)
-# Note that it is included as a "requisite" module. No password prompts will
-# be displayed if this module fails to avoid having the root password
-# transmitted on unsecure ttys.
-# You can change it to a "required" module if you think it permits to
-# guess valid user names of your system (invalid user names are considered
-# as possibly being root).
-auth       [success=ok ignore=ignore user_unknown=ignore default=die]  pam_securetty.so
-
-# Disallows other than root logins when /etc/nologin exists
-# (Replaces the `NOLOGINS_FILE' option from login.defs)
-auth       requisite  pam_nologin.so
-
-# SELinux needs to be the first session rule. This ensures that any 
-# lingering context has been cleared. Without out this it is possible 
-# that a module could execute code in the wrong domain.
-# When the module is present, "required" would be sufficient (When SELinux
-# is disabled, this returns success.)
-session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
-
-# This module parses environment configuration file(s)
-# and also allows you to use an extended config
-# file /etc/security/pam_env.conf.
-# 
-# parsing /etc/environment needs "readenv=1"
-session       required   pam_env.so readenv=1
-# locale variables are also kept into /etc/default/locale in etch
-# reading this file *in addition to /etc/environment* does not hurt
-session       required   pam_env.so readenv=1 envfile=/etc/default/locale
-
-# Standard Un*x authentication.
-auth       include      common-auth
-
-# This allows certain extra groups to be granted to a user
-# based on things like time of day, tty, service, and user.
-# Please edit /etc/security/group.conf to fit your needs
-# (Replaces the `CONSOLE_GROUPS' option in login.defs)
-auth       optional   pam_group.so
-
-# Uncomment and edit /etc/security/time.conf if you need to set
-# time restrainst on logins.
-# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
-# as well as /etc/porttime)
-# account    requisite  pam_time.so
-
-# Uncomment and edit /etc/security/access.conf if you need to
-# set access limits.
-# (Replaces /etc/login.access file)
-# account  required       pam_access.so
-
-# Sets up user limits according to /etc/security/limits.conf
-# (Replaces the use of /etc/limits in old login)
-session    required   pam_limits.so
-
-# Prints the last login info upon succesful login
-# (Replaces the `LASTLOG_ENAB' option from login.defs)
-session    optional   pam_lastlog.so
-
-# Prints the motd upon succesful login
-# (Replaces the `MOTD_FILE' option in login.defs)
-session    optional   pam_motd.so
-
-# Prints the status of the user's mailbox upon succesful login
-# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
-#
-# This also defines the MAIL environment variable
-# However, userdel also needs MAIL_DIR and MAIL_FILE variables
-# in /etc/login.defs to make sure that removing a user 
-# also removes the user's mail spool file.
-# See comments in /etc/login.defs
-session    optional   pam_mail.so standard
-
-# Standard Un*x account and session
-account    include      common-account
-password   include      common-password
-session    include      common-session
diff --git a/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/newusers b/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/newusers
deleted file mode 100644
index 4aa3dde48..000000000
--- a/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/newusers
+++ /dev/null
@@ -1,4 +0,0 @@
-# The PAM configuration file for the Shadow 'newusers' service
-#
-
-password   include      common-password
diff --git a/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/passwd b/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/passwd
deleted file mode 100644
index f53499243..000000000
--- a/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/passwd
+++ /dev/null
@@ -1,5 +0,0 @@
-#
-# The PAM configuration file for the Shadow `passwd' service
-#
-
-password   include      common-password
diff --git a/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/su b/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/su
deleted file mode 100644
index 8e35137f3..000000000
--- a/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/su
+++ /dev/null
@@ -1,60 +0,0 @@
-#
-# The PAM configuration file for the Shadow `su' service
-#
-
-# This allows root to su without passwords (normal operation)
-auth       sufficient pam_rootok.so
-
-# Uncomment this to force users to be a member of group root
-# before they can use `su'. You can also add "group=foo"
-# to the end of this line if you want to use a group other
-# than the default "root" (but this may have side effect of
-# denying "root" user, unless she's a member of "foo" or explicitly
-# permitted earlier by e.g. "sufficient pam_rootok.so").
-# (Replaces the `SU_WHEEL_ONLY' option from login.defs)
-# auth       required   pam_wheel.so
-
-# Uncomment this if you want wheel members to be able to
-# su without a password.
-# auth       sufficient pam_wheel.so trust
-
-# Uncomment this if you want members of a specific group to not
-# be allowed to use su at all.
-# auth       required   pam_wheel.so deny group=nosu
-
-# Uncomment and edit /etc/security/time.conf if you need to set
-# time restrainst on su usage.
-# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
-# as well as /etc/porttime)
-# account    requisite  pam_time.so
-
-# This module parses environment configuration file(s)
-# and also allows you to use an extended config
-# file /etc/security/pam_env.conf.
-# 
-# parsing /etc/environment needs "readenv=1"
-session       required   pam_env.so readenv=1
-# locale variables are also kept into /etc/default/locale in etch
-# reading this file *in addition to /etc/environment* does not hurt
-session       required   pam_env.so readenv=1 envfile=/etc/default/locale
-
-# Defines the MAIL environment variable
-# However, userdel also needs MAIL_DIR and MAIL_FILE variables
-# in /etc/login.defs to make sure that removing a user 
-# also removes the user's mail spool file.
-# See comments in /etc/login.defs
-#
-# "nopen" stands to avoid reporting new mail when su'ing to another user
-session    optional   pam_mail.so nopen
-
-# Sets up user limits, please uncomment and read /etc/security/limits.conf
-# to enable this functionality.
-# (Replaces the use of /etc/limits in old login)
-# session    required   pam_limits.so
-
-# The standard Unix authentication modules, used with
-# NIS (man nsswitch) as well as normal /etc/passwd and
-# /etc/shadow entries.
-auth       include      common-auth
-account    include      common-account
-session    include      common-session