Patchwork [3/3] shadow: upgrade from 4.1.4.3 to 4.2.1

login
register
mail settings
Submitter Qi.Chen@windriver.com
Date June 3, 2014, 1:41 a.m.
Message ID <be91d99713af1c7fa85dd26ba9959625d4776721.1401419076.git.Qi.Chen@windriver.com>
Download mbox | patch
Permalink /patch/73095/
State New
Headers show

Comments

Qi.Chen@windriver.com - June 3, 2014, 1:41 a.m.
Upgrade shadow from 4.1.4.3 to 4.2.1.

Changes during this upgrade are as following.

1. Remove the "merged" patches. These patches are either merged or
   the same functionality has been implemented upstream.

   add_root_cmd_groupmems.patch
   add_root_cmd_options.patch
   fix-etc-gshadow-reading.patch
   shadow-4.1.4.2-env-reset-keep-locale.patch
   shadow-4.1.4.2-groupmod-pam-check.patch
   shadow-4.1.4.2-su_no_sanitize_env.patch
   shadow.automake-1.11.patch
   shadow_fix_for_automake-1.12.patch
   useradd.patch

2. Remove the unneeded patch.
   The following patch has been removed because the logic in the related
   codes of the new version has been changed. In specific, the codes now
   can handle the 'NULL' return value. So there's no need for the following
   patch.

   slackware_fix_for_glib-2.17_crypt.patch

3. Teak the current patch to match the new version.

   allow-for-setting-password-in-clear-text.patch

4. Add a patch to fix compilation failure.

   usermod-fix-compilation-failure-with-subids-disabled.patch

5. Add a patch to fix the installation failure.

   fix-installation-failure-with-subids-disabled.patch

5. Add a patch to fix the failure at rootfs time if extrausers is inherited.

   commonio.c-fix-unexpected-open-failure-in-chroot-env.patch

6. Fix the bad section in the recipe.

7. Disable the new subids feature in the new version as it doesn't support
   cross compilation for now.

8. Modify the pkg_postinst to `exit 1' if the `pwconv' or `grpconv' fails.

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
 .../shadow/files/add_root_cmd_groupmems.patch      |   75 --
 .../shadow/files/add_root_cmd_options.patch        | 1384 --------------------
 .../allow-for-setting-password-in-clear-text.patch |  215 ++-
 ...fix-unexpected-open-failure-in-chroot-env.patch |   46 +
 .../shadow/files/fix-etc-gshadow-reading.patch     |   36 -
 ...installation-failure-with-subids-disabled.patch |   28 +
 .../shadow-4.1.4.2-env-reset-keep-locale.patch     |   31 -
 .../files/shadow-4.1.4.2-groupmod-pam-check.patch  |   36 -
 .../files/shadow-4.1.4.2-su_no_sanitize_env.patch  |   31 -
 .../shadow/files/shadow.automake-1.11.patch        |  106 --
 .../files/shadow_fix_for_automake-1.12.patch       |   23 -
 .../files/slackware_fix_for_glib-2.17_crypt.patch  |   63 -
 meta/recipes-extended/shadow/files/useradd.patch   |   17 -
 ...-compilation-failure-with-subids-disabled.patch |   33 +
 ...uretty_4.1.4.3.bb => shadow-securetty_4.2.1.bb} |    0
 ...-sysroot_4.1.4.3.bb => shadow-sysroot_4.2.1.bb} |    0
 meta/recipes-extended/shadow/shadow.inc            |   33 +-
 .../shadow/{shadow_4.1.4.3.bb => shadow_4.2.1.bb}  |    0
 18 files changed, 222 insertions(+), 1935 deletions(-)
 delete mode 100644 meta/recipes-extended/shadow/files/add_root_cmd_groupmems.patch
 delete mode 100644 meta/recipes-extended/shadow/files/add_root_cmd_options.patch
 create mode 100644 meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch
 delete mode 100644 meta/recipes-extended/shadow/files/fix-etc-gshadow-reading.patch
 create mode 100644 meta/recipes-extended/shadow/files/fix-installation-failure-with-subids-disabled.patch
 delete mode 100644 meta/recipes-extended/shadow/files/shadow-4.1.4.2-env-reset-keep-locale.patch
 delete mode 100644 meta/recipes-extended/shadow/files/shadow-4.1.4.2-groupmod-pam-check.patch
 delete mode 100644 meta/recipes-extended/shadow/files/shadow-4.1.4.2-su_no_sanitize_env.patch
 delete mode 100644 meta/recipes-extended/shadow/files/shadow.automake-1.11.patch
 delete mode 100644 meta/recipes-extended/shadow/files/shadow_fix_for_automake-1.12.patch
 delete mode 100644 meta/recipes-extended/shadow/files/slackware_fix_for_glib-2.17_crypt.patch
 delete mode 100644 meta/recipes-extended/shadow/files/useradd.patch
 create mode 100644 meta/recipes-extended/shadow/files/usermod-fix-compilation-failure-with-subids-disabled.patch
 rename meta/recipes-extended/shadow/{shadow-securetty_4.1.4.3.bb => shadow-securetty_4.2.1.bb} (100%)
 rename meta/recipes-extended/shadow/{shadow-sysroot_4.1.4.3.bb => shadow-sysroot_4.2.1.bb} (100%)
 rename meta/recipes-extended/shadow/{shadow_4.1.4.3.bb => shadow_4.2.1.bb} (100%)

Patch

diff --git a/meta/recipes-extended/shadow/files/add_root_cmd_groupmems.patch b/meta/recipes-extended/shadow/files/add_root_cmd_groupmems.patch
deleted file mode 100644
index 4044496..0000000
--- a/meta/recipes-extended/shadow/files/add_root_cmd_groupmems.patch
+++ /dev/null
@@ -1,75 +0,0 @@ 
-Add a --root command option to groupmems utility.
-
-This option allows the utility to be chrooted when run under pseudo.
-
-Signed-off-by: Mikhail Durnev <mikhail_durnev@mentor.com>
-
-diff -Naur old/src/groupmems.c new/src/groupmems.c
---- old/src/groupmems.c	2011-02-13 11:58:16.000000000 -0600
-+++ new/src/groupmems.c	2013-05-30 04:45:38.000000000 -0500
-@@ -60,6 +60,7 @@
- #define EXIT_MEMBER_EXISTS	7	/* member of group already exists */
- #define EXIT_INVALID_USER	8	/* specified user does not exist */
- #define EXIT_INVALID_GROUP	9	/* specified group does not exist */
-+#define EXIT_BAD_ARG		10	/* invalid argument to option */
-
- /*
-  * Global variables
-@@ -79,6 +80,7 @@
- static bool is_shadowgrp;
- static bool sgr_locked = false;
- #endif
-+static const char *newroot = "";
-
- /* local function prototypes */
- static char *whoami (void);
-@@ -368,6 +370,7 @@
-	                "Options:\n"
-	                "  -g, --group groupname         change groupname instead of the user's group\n"
-	                "                                (root only)\n"
-+	                "  -R, --root CHROOT_DIR         directory to chroot into\n"
-	                "\n"
-	                "Actions:\n"
-	                "  -a, --add username            add username to the members of the group\n"
-@@ -391,10 +394,11 @@
-		{"group", required_argument, NULL, 'g'},
-		{"list", no_argument, NULL, 'l'},
-		{"purge", no_argument, NULL, 'p'},
-+		{"root", required_argument, NULL, 'R'},
-		{NULL, 0, NULL, '\0'}
-	};
-
--	while ((arg = getopt_long (argc, argv, "a:d:g:lp", long_options,
-+	while ((arg = getopt_long (argc, argv, "a:d:g:lpR:", long_options,
-	                           &option_index)) != EOF) {
-		switch (arg) {
-		case 'a':
-@@ -416,6 +420,28 @@
-			purge = true;
-			++exclusive;
-			break;
-+		case 'R':
-+			if ('/' != optarg[0]) {
-+				fprintf (stderr,
-+					 _("%s: invalid chroot path '%s'\n"),
-+					Prog, optarg);
-+				exit (EXIT_BAD_ARG);
-+			}
-+			newroot = optarg;
-+
-+			if (access (newroot, F_OK) != 0) {
-+				fprintf(stderr,
-+					_("%s: chroot directory %s does not exist\n"),
-+					Prog, newroot);
-+				exit (EXIT_BAD_ARG);
-+			}
-+			if ( chroot(newroot) != 0 ) {
-+				fprintf(stderr,
-+					_("%s: unable to chroot to directory %s\n"),
-+					Prog, newroot);
-+				exit (EXIT_BAD_ARG);
-+			}
-+			break;
-		default:
-			usage ();
-		}
diff --git a/meta/recipes-extended/shadow/files/add_root_cmd_options.patch b/meta/recipes-extended/shadow/files/add_root_cmd_options.patch
deleted file mode 100644
index ab87e35..0000000
--- a/meta/recipes-extended/shadow/files/add_root_cmd_options.patch
+++ /dev/null
@@ -1,1384 +0,0 @@ 
-Add a --root command option to the following utilties:
-
-* useradd
-* groupadd
-* usermod
-* groupmod
-* userdel
-* groupdel
-* passwd
-* gpasswd
-* pwconv
-* pwunconv
-* grpconv
-* grpunconv
-
-This option allows the utilities to be chrooted when run under pseudo.
-They can then be used to manipulate user and group account information
-in target sysroots.
-
-The useradd utility was also modified to create home directories
-recursively when necessary.
-
-Upstream-Status: Inappropriate [Other]
-Workaround is specific to our build system.
-
-Signed-off-by: Scott Garman <scott.a.garman@intel.com>
-
-2011-09-29 Fix the parsing of the --root option in gpasswd, useradd, usermod:
-
-In programs which need to scan the command line in two passes to handle 
---root option separately from the rest of the arguments, replace the first
-calls to getopt_long with a simple iteration over the argument list since 
-getopt_long has the bad habit of reordering arguments on the command line.
-
-Signed-off-by: Julian Pidancet <julian.pidancet@gmail.com>
-
-diff -urN shadow-4.1.4.3.orig//src/gpasswd.c shadow-4.1.4.3//src/gpasswd.c
---- shadow-4.1.4.3.orig//src/gpasswd.c	2011-09-29 12:00:45.211000091 +0100
-+++ shadow-4.1.4.3//src/gpasswd.c	2011-09-29 12:09:54.590000090 +0100
-@@ -63,6 +63,7 @@
-  * (/etc/gshadow present) */
- static bool is_shadowgrp;
- #endif
-+static const char *newroot = "";
- 
- /* Flags set by options */
- static bool aflg = false;
-@@ -97,6 +98,7 @@
- static void usage (void);
- static RETSIGTYPE catch_signals (int killed);
- static bool is_valid_user_list (const char *users);
-+static void process_root_flag (int argc, char **argv);
- static void process_flags (int argc, char **argv);
- static void check_flags (int argc, int opt_index);
- static void open_files (void);
-@@ -136,6 +138,7 @@
- 	           "Options:\n"
- 	           "  -a, --add USER                add USER to GROUP\n"
- 	           "  -d, --delete USER             remove USER from GROUP\n"
-+	           "  -Q  --root CHROOT_DIR         directory to chroot into\n"
- 	           "  -r, --remove-password         remove the GROUP's password\n"
- 	           "  -R, --restrict                restrict access to GROUP to its members\n"
- 	           "  -M, --members USER,...        set the list of members of GROUP\n"
-@@ -226,6 +229,57 @@
- }
- 
- /*
-+ * process_root_flag - chroot if given the --root option
-+ *
-+ * We do this outside of process_flags() because
-+ * the is_shadow_pwd boolean needs to be set before
-+ * process_flags(), and if we do need to chroot() we
-+ * must do so before is_shadow_pwd gets set.
-+ */
-+static void process_root_flag (int argc, char **argv)
-+{
-+	/*
-+	 * Parse the command line options.
-+	 */
-+	int i;
-+        char *root;
-+
-+        for (i = 0; i < argc; i++) {
-+		if (!strcmp (argv[i], "--root") || !strcmp (argv[i], "-Q")) {
-+			if (i + 1 == argc) {
-+				fprintf (stderr,
-+				         _("%s: option '%s' requires an argument\n"),
-+				         Prog, argv[i]);
-+				exit (E_BAD_ARG);
-+			}
-+			root = argv[i + 1];
-+
-+			if ('/' != root[0]) {
-+				fprintf (stderr,
-+				         _("%s: invalid chroot path '%s'\n"),
-+				         Prog, root);
-+				exit (E_BAD_ARG);
-+			}
-+			newroot = root;
-+
-+			if (access (newroot, F_OK) != 0) {
-+				fprintf(stderr,
-+				        _("%s: chroot directory %s does not exist\n"),
-+				        Prog, newroot);
-+				exit (E_BAD_ARG);
-+			}
-+			if ( chroot(newroot) != 0 ) {
-+				fprintf(stderr,
-+				        _("%s: unable to chroot to directory %s\n"),
-+				        Prog, newroot);
-+				exit (E_BAD_ARG);
-+			}
-+			break;
-+		}
-+	}
-+}
-+
-+/*
-  * process_flags - process the command line options and arguments
-  */
- static void process_flags (int argc, char **argv)
-@@ -235,6 +289,7 @@
- 	static struct option long_options[] = {
- 		{"add", required_argument, NULL, 'a'},
- 		{"delete", required_argument, NULL, 'd'},
-+		{"root", required_argument, NULL, 'Q'},
- 		{"remove-password", no_argument, NULL, 'r'},
- 		{"restrict", no_argument, NULL, 'R'},
- 		{"administrators", required_argument, NULL, 'A'},
-@@ -242,7 +297,7 @@
- 		{NULL, 0, NULL, '\0'}
- 		};
- 
--	while ((flag = getopt_long (argc, argv, "a:A:d:gM:rR", long_options, &option_index)) != -1) {
-+	while ((flag = getopt_long (argc, argv, "a:A:d:gM:Q:rR", long_options, &option_index)) != -1) {
- 		switch (flag) {
- 		case 'a':	/* add a user */
- 			aflg = true;
-@@ -283,6 +338,9 @@
- 			}
- 			Mflg = true;
- 			break;
-+		case 'Q':
-+			/* no-op since we handled this in process_root_flag() earlier */
-+			break;
- 		case 'r':	/* remove group password */
- 			rflg = true;
- 			break;
-@@ -995,6 +1053,8 @@
- 	setbuf (stdout, NULL);
- 	setbuf (stderr, NULL);
- 
-+	process_root_flag (argc, argv);
-+
- #ifdef SHADOWGRP
- 	is_shadowgrp = sgr_file_present ();
- #endif
-diff -urN shadow-4.1.4.3.orig//src/groupadd.c shadow-4.1.4.3//src/groupadd.c
---- shadow-4.1.4.3.orig//src/groupadd.c	2011-09-29 12:00:45.212000091 +0100
-+++ shadow-4.1.4.3//src/groupadd.c	2011-09-29 11:59:28.386000092 +0100
-@@ -76,6 +76,7 @@
- static gid_t group_id;
- static /*@null@*/char *group_passwd;
- static /*@null@*/char *empty_list = NULL;
-+static const char *newroot = "";
- 
- static bool oflg = false;	/* permit non-unique group ID to be specified with -g */
- static bool gflg = false;	/* ID value for the new group */
-@@ -120,6 +121,7 @@
- 	(void) fputs (_("  -o, --non-unique              allow to create groups with duplicate\n"
- 	                "                                (non-unique) GID\n"), stderr);
- 	(void) fputs (_("  -p, --password PASSWORD       use this encrypted password for the new group\n"), stderr);
-+	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), stderr);
- 	(void) fputs (_("  -r, --system                  create a system account\n"), stderr);
- 	(void) fputs ("\n", stderr);
- 	exit (E_USAGE);
-@@ -383,12 +385,13 @@
- 		{"key", required_argument, NULL, 'K'},
- 		{"non-unique", no_argument, NULL, 'o'},
- 		{"password", required_argument, NULL, 'p'},
-+		{"root", required_argument, NULL, 'R'},
- 		{"system", no_argument, NULL, 'r'},
- 		{NULL, 0, NULL, '\0'}
- 	};
- 
- 	while ((c =
--		getopt_long (argc, argv, "fg:hK:op:r", long_options,
-+		getopt_long (argc, argv, "fg:hK:op:R:r", long_options,
- 		             &option_index)) != -1) {
- 		switch (c) {
- 		case 'f':
-@@ -440,6 +443,28 @@
- 			pflg = true;
- 			group_passwd = optarg;
- 			break;
-+		case 'R':
-+			if ('/' != optarg[0]) {
-+				fprintf (stderr,
-+				         _("%s: invalid chroot path '%s'\n"),
-+				         Prog, optarg);
-+				exit (E_BAD_ARG);
-+			}
-+			newroot = optarg;
-+
-+			if (access (newroot, F_OK) != 0) {
-+				fprintf(stderr,
-+				        _("%s: chroot directory %s does not exist\n"),
-+				        Prog, newroot);
-+				exit (E_BAD_ARG);
-+			}
-+			if ( chroot(newroot) != 0 ) {
-+				fprintf(stderr,
-+				        _("%s: unable to chroot to directory %s\n"),
-+				        Prog, newroot);
-+				exit (E_BAD_ARG);
-+			}
-+			break;
- 		case 'r':
- 			rflg = true;
- 			break;
-diff -urN shadow-4.1.4.3.orig//src/groupdel.c shadow-4.1.4.3//src/groupdel.c
---- shadow-4.1.4.3.orig//src/groupdel.c	2011-09-29 12:00:45.212000091 +0100
-+++ shadow-4.1.4.3//src/groupdel.c	2011-09-29 11:59:28.386000092 +0100
-@@ -36,6 +36,7 @@
- 
- #include <ctype.h>
- #include <fcntl.h>
-+#include <getopt.h>
- #include <grp.h>
- #include <pwd.h>
- #ifdef ACCT_TOOLS_SETUID
-@@ -59,6 +60,7 @@
- 
- static char *group_name;
- static gid_t group_id = -1;
-+static const char *newroot = "";
- 
- #ifdef	SHADOWGRP
- static bool is_shadow_grp;
-@@ -70,12 +72,14 @@
- /*@-exitarg@*/
- #define E_SUCCESS	0	/* success */
- #define E_USAGE		2	/* invalid command syntax */
-+#define E_BAD_ARG	3	/* invalid argument to option */
- #define E_NOTFOUND	6	/* specified group doesn't exist */
- #define E_GROUP_BUSY	8	/* can't remove user's primary group */
- #define E_GRP_UPDATE	10	/* can't update group file */
- 
- /* local function prototypes */
- static void usage (void);
-+static void process_flags (int argc, char **argv);
- static void grp_update (void);
- static void close_files (void);
- static void open_files (void);
-@@ -86,11 +90,78 @@
-  */
- static void usage (void)
- {
--	fputs (_("Usage: groupdel group\n"), stderr);
-+	(void) fprintf (stderr,
-+					_("Usage: groupdel [options]\n"
-+					  "\n"
-+					  "Options:\n"),
-+					Prog);
-+	(void) fputs (_("  -g, --group GROUP            group name to delete\n"), stderr);
-+	(void) fputs (_("  -h, --help                   display this help message and exit\n"), stderr);
-+	(void) fputs (_("  -R, --root CHROOT_DIR        directory to chroot into\n"), stderr);
-+	(void) fputs ("\n", stderr);
- 	exit (E_USAGE);
- }
- 
- /*
-+ * process_flags - perform command line argument setting
-+ *
-+ *	process_flags() interprets the command line arguments and sets
-+ *	the values that the user will be created with accordingly. The
-+ *	values are checked for sanity.
-+ */
-+static void process_flags (int argc, char **argv)
-+{
-+	{
-+		/*
-+		 * Parse the command line options.
-+		 */
-+		int c;
-+		static struct option long_options[] = {
-+			{"group", required_argument, NULL, 'g'},
-+			{"help", no_argument, NULL, 'h'},
-+			{"root", required_argument, NULL, 'R'},
-+			{NULL, 0, NULL, '\0'}
-+		};
-+		while ((c = getopt_long (argc, argv,
-+								 "g:R:",
-+								 long_options, NULL)) != -1) {
-+			switch (c) {
-+			case 'g':
-+				group_name = optarg;
-+				break;
-+			case 'h':
-+				usage ();
-+				break;
-+			case 'R':
-+				if ('/' != optarg[0]) {
-+					fprintf (stderr,
-+							_("%s: invalid chroot path '%s'\n"),
-+							Prog, optarg);
-+					exit (E_BAD_ARG);
-+				}
-+				newroot = optarg;
-+
-+				if (access (newroot, F_OK) != 0) {
-+					fprintf(stderr,
-+							_("%s: chroot directory %s does not exist\n"),
-+							Prog, newroot);
-+					exit (E_BAD_ARG);
-+				}
-+				if ( chroot(newroot) != 0 ) {
-+					fprintf(stderr,
-+							_("%s: unable to chroot to directory %s\n"),
-+							Prog, newroot);
-+					exit (E_BAD_ARG);
-+				}
-+				break;
-+			default:
-+				usage ();
-+			}
-+		}
-+	}
-+}
-+
-+/*
-  * grp_update - update group file entries
-  *
-  *	grp_update() writes the new records to the group files.
-@@ -328,14 +399,14 @@
- 	(void) bindtextdomain (PACKAGE, LOCALEDIR);
- 	(void) textdomain (PACKAGE);
- 
--	if (argc != 2) {
-+   if (argc == 1) {
- 		usage ();
- 	}
- 
--	group_name = argv[1];
--
- 	OPENLOG ("groupdel");
- 
-+	process_flags (argc, argv);
-+
- #ifdef ACCT_TOOLS_SETUID
- #ifdef USE_PAM
- 	{
-diff -urN shadow-4.1.4.3.orig//src/groupmod.c shadow-4.1.4.3//src/groupmod.c
---- shadow-4.1.4.3.orig//src/groupmod.c	2011-09-29 12:00:45.212000091 +0100
-+++ shadow-4.1.4.3//src/groupmod.c	2011-09-29 11:59:28.387000092 +0100
-@@ -79,6 +79,7 @@
- static char *group_passwd;
- static gid_t group_id;
- static gid_t group_newid;
-+static char *newroot = "";
- 
- struct cleanup_info_mod info_passwd;
- struct cleanup_info_mod info_group;
-@@ -126,6 +127,7 @@
- 	(void) fputs (_("  -o, --non-unique              allow to use a duplicate (non-unique) GID\n"), stderr);
- 	(void) fputs (_("  -p, --password PASSWORD       change the password to this (encrypted)\n"
- 	                "                                PASSWORD\n"), stderr);
-+	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), stderr);
- 	(void) fputs ("\n", stderr);
- 	exit (E_USAGE);
- }
-@@ -346,10 +348,11 @@
- 		{"new-name", required_argument, NULL, 'n'},
- 		{"non-unique", no_argument, NULL, 'o'},
- 		{"password", required_argument, NULL, 'p'},
-+		{"root", required_argument, NULL, 'R'},
- 		{NULL, 0, NULL, '\0'}
- 	};
- 	while ((c =
--		getopt_long (argc, argv, "g:hn:op:",
-+		getopt_long (argc, argv, "g:hn:op:R:",
- 		             long_options, &option_index)) != -1) {
- 		switch (c) {
- 		case 'g':
-@@ -373,6 +376,28 @@
- 			group_passwd = optarg;
- 			pflg = true;
- 			break;
-+		case 'R':
-+			if ('/' != optarg[0]) {
-+				fprintf (stderr,
-+				         _("%s: invalid chroot path '%s'\n"),
-+				         Prog, optarg);
-+				exit (E_BAD_ARG);
-+			}
-+			newroot = optarg;
-+
-+			if (access (newroot, F_OK) != 0) {
-+				fprintf(stderr,
-+				        _("%s: chroot directory %s does not exist\n"),
-+				        Prog, newroot);
-+				exit (E_BAD_ARG);
-+			}
-+			if ( chroot(newroot) != 0 ) {
-+				fprintf(stderr,
-+				        _("%s: unable to chroot to directory %s\n"),
-+				        Prog, newroot);
-+				exit (E_BAD_ARG);
-+			}
-+			break;
- 		default:
- 			usage ();
- 		}
-diff -urN shadow-4.1.4.3.orig//src/grpconv.c shadow-4.1.4.3//src/grpconv.c
---- shadow-4.1.4.3.orig//src/grpconv.c	2011-09-29 12:00:45.213000091 +0100
-+++ shadow-4.1.4.3//src/grpconv.c	2011-09-29 11:59:28.387000092 +0100
-@@ -39,6 +39,7 @@
- 
- #include <errno.h>
- #include <fcntl.h>
-+#include <getopt.h>
- #include <grp.h>
- #include <stdio.h>
- #include <stdlib.h>
-@@ -50,6 +51,14 @@
- #ifdef SHADOWGRP
- #include "groupio.h"
- #include "sgroupio.h"
-+
-+/*
-+ * exit status values
-+ */
-+/*@-exitarg@*/
-+#define E_USAGE		2	/* invalid command syntax */
-+#define E_BAD_ARG	3	/* invalid argument to option */
-+
- /*
-  * Global variables
-  */
-@@ -57,9 +66,12 @@
- 
- static bool gr_locked  = false;
- static bool sgr_locked = false;
-+static const char *newroot = "";
- 
- /* local function prototypes */
- static void fail_exit (int status);
-+static void usage (void);
-+static void process_flags (int argc, char **argv);
- 
- static void fail_exit (int status)
- {
-@@ -82,6 +94,77 @@
- 	exit (status);
- }
- 
-+/*
-+ * usage - display usage message and exit
-+ */
-+static void usage (void)
-+{
-+	(void) fprintf (stderr,
-+					_("Usage: grpconv [options]\n"
-+					  "\n"
-+					  "Options:\n"),
-+					Prog);
-+	(void) fputs (_("  -h, --help                    display this help message and exit\n"), stderr);
-+	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), stderr);
-+	(void) fputs ("\n", stderr);
-+	exit (E_USAGE);
-+}
-+
-+/*
-+ * process_flags - perform command line argument setting
-+ *
-+ *	process_flags() interprets the command line arguments and sets
-+ *	the values that the user will be created with accordingly. The
-+ *	values are checked for sanity.
-+ */
-+static void process_flags (int argc, char **argv)
-+{
-+	{
-+		/*
-+		 * Parse the command line options.
-+		 */
-+		int c;
-+		static struct option long_options[] = {
-+			{"help", no_argument, NULL, 'h'},
-+			{"root", required_argument, NULL, 'R'},
-+			{NULL, 0, NULL, '\0'}
-+		};
-+		while ((c = getopt_long (argc, argv,
-+								 "R:",
-+								 long_options, NULL)) != -1) {
-+			switch (c) {
-+			case 'h':
-+				usage ();
-+				break;
-+			case 'R':
-+				if ('/' != optarg[0]) {
-+					fprintf (stderr,
-+					         _("%s: invalid chroot path '%s'\n"),
-+					         Prog, optarg);
-+					exit (E_BAD_ARG);
-+				}
-+				newroot = optarg;
-+
-+				if (access (newroot, F_OK) != 0) {
-+					fprintf(stderr,
-+					        _("%s: chroot directory %s does not exist\n"),
-+					        Prog, newroot);
-+					exit (E_BAD_ARG);
-+				}
-+				if ( chroot(newroot) != 0 ) {
-+					fprintf(stderr,
-+					        _("%s: unable to chroot to directory %s\n"),
-+					        Prog, newroot);
-+					exit (E_BAD_ARG);
-+				}
-+				break;
-+			default:
-+				usage ();
-+			}
-+		}
-+	}
-+}
-+
- int main (int argc, char **argv)
- {
- 	const struct group *gr;
-@@ -89,9 +172,6 @@
- 	const struct sgrp *sg;
- 	struct sgrp sgent;
- 
--	if (1 != argc) {
--		(void) fputs (_("Usage: grpconv\n"), stderr);
--	}
- 	Prog = Basename (argv[0]);
- 
- 	(void) setlocale (LC_ALL, "");
-@@ -100,6 +180,8 @@
- 
- 	OPENLOG ("grpconv");
- 
-+	process_flags (argc, argv);
-+
- 	if (gr_lock () == 0) {
- 		fprintf (stderr,
- 		         _("%s: cannot lock %s; try again later.\n"),
-diff -urN shadow-4.1.4.3.orig//src/grpunconv.c shadow-4.1.4.3//src/grpunconv.c
---- shadow-4.1.4.3.orig//src/grpunconv.c	2011-09-29 12:00:45.213000091 +0100
-+++ shadow-4.1.4.3//src/grpunconv.c	2011-09-29 11:59:28.387000092 +0100
-@@ -43,6 +43,7 @@
- #include <stdlib.h>
- #include <string.h>
- #include <fcntl.h>
-+#include <getopt.h>
- #include <time.h>
- #include <unistd.h>
- #include <grp.h>
-@@ -51,6 +52,14 @@
- #ifdef SHADOWGRP
- #include "groupio.h"
- #include "sgroupio.h"
-+
-+/*
-+ * exit status values
-+ */
-+/*@-exitarg@*/
-+#define E_USAGE		2	/* invalid command syntax */
-+#define E_BAD_ARG	3	/* invalid argument to option */
-+
- /*
-  * Global variables
-  */
-@@ -58,9 +67,12 @@
- 
- static bool gr_locked  = false;
- static bool sgr_locked = false;
-+static const char *newroot = "";
- 
- /* local function prototypes */
- static void fail_exit (int status);
-+static void usage (void);
-+static void process_flags (int argc, char **argv);
- 
- static void fail_exit (int status)
- {
-@@ -83,6 +95,77 @@
- 	exit (status);
- }
- 
-+/*
-+ * usage - display usage message and exit
-+ */
-+static void usage (void)
-+{
-+	(void) fprintf (stderr,
-+					_("Usage: grpunconv [options]\n"
-+					  "\n"
-+					  "Options:\n"),
-+					Prog);
-+	(void) fputs (_("  -h, --help                    display this help message and exit\n"), stderr);
-+	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), stderr);
-+	(void) fputs ("\n", stderr);
-+	exit (E_USAGE);
-+}
-+
-+/*
-+ * process_flags - perform command line argument setting
-+ *
-+ * process_flags() interprets the command line arguments and sets
-+ * the values that the user will be created with accordingly. The
-+ * values are checked for sanity.
-+ */
-+static void process_flags (int argc, char **argv)
-+{
-+	{
-+		/*
-+		 * Parse the command line options.
-+		 */
-+		int c;
-+		static struct option long_options[] = {
-+			{"help", no_argument, NULL, 'h'},
-+			{"root", required_argument, NULL, 'R'},
-+			{NULL, 0, NULL, '\0'}
-+		};
-+		while ((c = getopt_long (argc, argv,
-+								 "R:",
-+								 long_options, NULL)) != -1) {
-+			switch (c) {
-+			case 'h':
-+				usage ();
-+				break;
-+			case 'R':
-+				if ('/' != optarg[0]) {
-+					fprintf (stderr,
-+					         _("%s: invalid chroot path '%s'\n"),
-+					         Prog, optarg);
-+					exit (E_BAD_ARG);
-+				}
-+				newroot = optarg;
-+
-+				if (access (newroot, F_OK) != 0) {
-+					fprintf(stderr,
-+					        _("%s: chroot directory %s does not exist\n"),
-+					        Prog, newroot);
-+					exit (E_BAD_ARG);
-+				}
-+				if ( chroot(newroot) != 0 ) {
-+					fprintf(stderr,
-+					        _("%s: unable to chroot to directory %s\n"),
-+					        Prog, newroot);
-+					exit (E_BAD_ARG);
-+				}
-+				break;
-+			default:
-+				usage ();
-+			}
-+		}
-+	}
-+}
-+
- int main (int argc, char **argv)
- {
- 	const struct group *gr;
-@@ -100,6 +183,8 @@
- 
- 	OPENLOG ("grpunconv");
- 
-+	process_flags (argc, argv);
-+
- 	if (sgr_file_present () == 0) {
- 		exit (0);	/* no /etc/gshadow, nothing to do */
- 	}
-diff -urN shadow-4.1.4.3.orig//src/passwd.c shadow-4.1.4.3//src/passwd.c
---- shadow-4.1.4.3.orig//src/passwd.c	2011-09-29 12:00:45.214000091 +0100
-+++ shadow-4.1.4.3//src/passwd.c	2011-09-29 11:59:28.388000092 +0100
-@@ -75,6 +75,7 @@
- static char *name;		/* The name of user whose password is being changed */
- static char *myname;		/* The current user's name */
- static bool amroot;		/* The caller's real UID was 0 */
-+static const char *newroot = "";
- 
- static bool
-     aflg = false,			/* -a - show status for all users */
-@@ -174,6 +175,7 @@
- 	         "  -n, --mindays MIN_DAYS        set minimum number of days before password\n"
- 	         "                                change to MIN_DAYS\n"
- 	         "  -q, --quiet                   quiet mode\n"
-+	         "  -R, --root CHROOT_DIR         directory to chroot into\n"
- 	         "  -r, --repository REPOSITORY   change password in REPOSITORY repository\n"
- 	         "  -S, --status                  report password status on the named account\n"
- 	         "  -u, --unlock                  unlock the password of the named account\n"
-@@ -803,6 +805,7 @@
- 			{"lock", no_argument, NULL, 'l'},
- 			{"mindays", required_argument, NULL, 'n'},
- 			{"quiet", no_argument, NULL, 'q'},
-+			{"root", required_argument, NULL, 'R'},
- 			{"repository", required_argument, NULL, 'r'},
- 			{"status", no_argument, NULL, 'S'},
- 			{"unlock", no_argument, NULL, 'u'},
-@@ -811,7 +814,7 @@
- 			{NULL, 0, NULL, '\0'}
- 		};
- 
--		while ((c = getopt_long (argc, argv, "adei:kln:qr:Suw:x:",
-+		while ((c = getopt_long (argc, argv, "adei:kln:qR:r:Suw:x:",
- 		                         long_options, &option_index)) != -1) {
- 			switch (c) {
- 			case 'a':
-@@ -858,6 +861,28 @@
- 			case 'q':
- 				qflg = true;	/* ok for users */
- 				break;
-+			case 'R':
-+				if ('/' != optarg[0]) {
-+					fprintf (stderr,
-+					         _("%s: invalid chroot path '%s'\n"),
-+					         Prog, optarg);
-+					exit (E_BAD_ARG);
-+				}
-+				newroot = optarg;
-+
-+				if (access (newroot, F_OK) != 0) {
-+					fprintf(stderr,
-+					        _("%s: chroot directory %s does not exist\n"),
-+					        Prog, newroot);
-+					exit (E_BAD_ARG);
-+				}
-+				if ( chroot(newroot) != 0 ) {
-+					fprintf(stderr,
-+				            _("%s: unable to chroot to directory %s\n"),
-+					        Prog, newroot);
-+					exit (E_BAD_ARG);
-+				}
-+				break;
- 			case 'r':
- 				/* -r repository (files|nis|nisplus) */
- 				/* only "files" supported for now */
-diff -urN shadow-4.1.4.3.orig//src/pwconv.c shadow-4.1.4.3//src/pwconv.c
---- shadow-4.1.4.3.orig//src/pwconv.c	2011-09-29 12:00:45.214000091 +0100
-+++ shadow-4.1.4.3//src/pwconv.c	2011-09-29 11:59:28.388000092 +0100
-@@ -59,6 +59,7 @@
- 
- #include <errno.h>
- #include <fcntl.h>
-+#include <getopt.h>
- #include <pwd.h>
- #include <stdio.h>
- #include <stdlib.h>
-@@ -79,6 +80,7 @@
- #define E_SUCCESS	0	/* success */
- #define E_NOPERM	1	/* permission denied */
- #define E_USAGE		2	/* invalid command syntax */
-+#define E_BAD_ARG	3	/* invalid argument to option */
- #define E_FAILURE	3	/* unexpected failure, nothing done */
- #define E_MISSING	4	/* unexpected failure, passwd file missing */
- #define E_PWDBUSY	5	/* passwd file(s) busy */
-@@ -90,9 +92,12 @@
- 
- static bool spw_locked = false;
- static bool pw_locked = false;
-+static const char *newroot = "";
- 
- /* local function prototypes */
- static void fail_exit (int status);
-+static void usage (void);
-+static void process_flags (int argc, char **argv);
- 
- static void fail_exit (int status)
- {
-@@ -115,6 +120,77 @@
- 	exit (status);
- }
- 
-+/*
-+ * usage - display usage message and exit
-+ */
-+static void usage (void)
-+{
-+	(void) fprintf (stderr,
-+					_("Usage: pwconv [options]\n"
-+					  "\n"
-+					  "Options:\n"),
-+					Prog);
-+	(void) fputs (_("  -h, --help                    display this help message and exit\n"), stderr);
-+	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), stderr);
-+	(void) fputs ("\n", stderr);
-+	exit (E_USAGE);
-+}
-+
-+/*
-+ * process_flags - perform command line argument setting
-+ *
-+ *	process_flags() interprets the command line arguments and sets
-+ *	the values that the user will be created with accordingly. The
-+ *	values are checked for sanity.
-+ */
-+static void process_flags (int argc, char **argv)
-+{
-+	{
-+		/*
-+		 * Parse the command line options.
-+		 */
-+		int c;
-+		static struct option long_options[] = {
-+			{"help", no_argument, NULL, 'h'},
-+			{"root", required_argument, NULL, 'R'},
-+			{NULL, 0, NULL, '\0'}
-+		};
-+		while ((c = getopt_long (argc, argv,
-+								 "R:",
-+								 long_options, NULL)) != -1) {
-+			switch (c) {
-+			case 'h':
-+				usage ();
-+				break;
-+			case 'R':
-+				if ('/' != optarg[0]) {
-+					fprintf (stderr,
-+					         _("%s: invalid chroot path '%s'\n"),
-+					         Prog, optarg);
-+					exit (E_BAD_ARG);
-+				}
-+				newroot = optarg;
-+
-+				if (access (newroot, F_OK) != 0) {
-+					fprintf(stderr,
-+					        _("%s: chroot directory %s does not exist\n"),
-+					        Prog, newroot);
-+					exit (E_BAD_ARG);
-+				}
-+				if ( chroot(newroot) != 0 ) {
-+					fprintf(stderr,
-+					        _("%s: unable to chroot to directory %s\n"),
-+					        Prog, newroot);
-+					exit (E_BAD_ARG);
-+				}
-+				break;
-+			default:
-+				usage ();
-+			}
-+		}
-+	}
-+}
-+
- int main (int argc, char **argv)
- {
- 	const struct passwd *pw;
-@@ -122,9 +198,6 @@
- 	const struct spwd *sp;
- 	struct spwd spent;
- 
--	if (1 != argc) {
--		(void) fputs (_("Usage: pwconv\n"), stderr);
--	}
- 	Prog = Basename (argv[0]);
- 
- 	(void) setlocale (LC_ALL, "");
-@@ -133,6 +206,8 @@
- 
- 	OPENLOG ("pwconv");
- 
-+	process_flags (argc, argv);
-+
- 	if (pw_lock () == 0) {
- 		fprintf (stderr,
- 		         _("%s: cannot lock %s; try again later.\n"),
-diff -urN shadow-4.1.4.3.orig//src/pwunconv.c shadow-4.1.4.3//src/pwunconv.c
---- shadow-4.1.4.3.orig//src/pwunconv.c	2011-09-29 12:00:45.214000091 +0100
-+++ shadow-4.1.4.3//src/pwunconv.c	2011-09-29 11:59:28.388000092 +0100
-@@ -35,6 +35,7 @@
- #ident "$Id: pwunconv.c 2852 2009-04-30 21:44:35Z nekral-guest $"
- 
- #include <fcntl.h>
-+#include <getopt.h>
- #include <pwd.h>
- #include <stdio.h>
- #include <sys/types.h>
-@@ -46,15 +47,24 @@
- #include "shadowio.h"
- 
- /*
-+ * exit status values
-+ */
-+/*@-exitarg@*/
-+#define E_USAGE		2	/* invalid command syntax */
-+#define E_BAD_ARG	3	/* invalid argument to option */
-+/*
-  * Global variables
-  */
- char *Prog;
- 
- static bool spw_locked = false;
- static bool pw_locked = false;
-+static const char *newroot = "";
- 
- /* local function prototypes */
- static void fail_exit (int status);
-+static void usage (void);
-+static void process_flags (int argc, char **argv);
- 
- static void fail_exit (int status)
- {
-@@ -75,6 +85,76 @@
- 	exit (status);
- }
- 
-+/*
-+ * usage - display usage message and exit
-+ */
-+static void usage (void)
-+{
-+	(void) fprintf (stderr,
-+					_("Usage: pwunconv [options]\n"
-+					  "\n"
-+					  "Options:\n"),
-+					Prog);
-+	(void) fputs (_("  -h, --help                    display this help message and exit\n"), stderr);
-+	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), stderr);
-+	(void) fputs ("\n", stderr);
-+	exit (E_USAGE);
-+}
-+
-+/*
-+ * process_flags - perform command line argument setting
-+ *
-+ * process_flags() interprets the command line arguments and sets
-+ * the values that the user will be created with accordingly. The
-+ * values are checked for sanity.
-+ */
-+static void process_flags (int argc, char **argv)
-+{
-+	{
-+		/*
-+		 * Parse the command line options.
-+		 */
-+		int c;
-+		static struct option long_options[] = {
-+			{"help", no_argument, NULL, 'h'},
-+			{"root", required_argument, NULL, 'R'},
-+			{NULL, 0, NULL, '\0'}
-+		};
-+		while ((c = getopt_long (argc, argv,
-+								 "R:",
-+								 long_options, NULL)) != -1) {
-+			switch (c) {
-+			case 'h':
-+				usage ();
-+				break;
-+			case 'R':
-+				if ('/' != optarg[0]) {
-+					fprintf (stderr,
-+					         _("%s: invalid chroot path '%s'\n"),
-+					         Prog, optarg);
-+					exit (E_BAD_ARG);
-+				}
-+				newroot = optarg;
-+
-+				if (access (newroot, F_OK) != 0) {
-+					fprintf(stderr,
-+					        _("%s: chroot directory %s does not exist\n"),
-+					        Prog, newroot);
-+					exit (E_BAD_ARG);
-+				}
-+				if ( chroot(newroot) != 0 ) {
-+					fprintf(stderr,
-+					        _("%s: unable to chroot to directory %s\n"),
-+					        Prog, newroot);
-+					exit (E_BAD_ARG);
-+				}
-+				break;
-+			default:
-+				usage ();
-+			}
-+		}
-+	}
-+}
- 
- int main (int argc, char **argv)
- {
-@@ -93,6 +173,8 @@
- 
- 	OPENLOG ("pwunconv");
- 
-+	process_flags (argc, argv);
-+
- 	if (!spw_file_present ()) {
- 		/* shadow not installed, do nothing */
- 		exit (0);
-diff -urN shadow-4.1.4.3.orig//src/useradd.c shadow-4.1.4.3//src/useradd.c
---- shadow-4.1.4.3.orig//src/useradd.c	2011-09-29 12:00:45.215000091 +0100
-+++ shadow-4.1.4.3//src/useradd.c	2011-09-29 11:59:28.520000092 +0100
-@@ -112,6 +112,7 @@
- #ifdef WITH_SELINUX
- static const char *user_selinux = "";
- #endif
-+static const char *newroot = "";
- 
- static long user_expire = -1;
- static bool is_shadow_pwd;
-@@ -189,6 +190,7 @@
- static void new_spent (struct spwd *);
- static void grp_update (void);
- 
-+static void process_root_flag (int argc, char **argv);
- static void process_flags (int argc, char **argv);
- static void close_files (void);
- static void open_files (void);
-@@ -711,6 +713,7 @@
- 	(void) fputs (_("  -o, --non-unique              allow to create users with duplicate\n"
- 	                "                                (non-unique) UID\n"), stderr);
- 	(void) fputs (_("  -p, --password PASSWORD       encrypted password of the new account\n"), stderr);
-+	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), stderr);
- 	(void) fputs (_("  -r, --system                  create a system account\n"), stderr);
- 	(void) fputs (_("  -s, --shell SHELL             login shell of the new account\n"), stderr);
- 	(void) fputs (_("  -u, --uid UID                 user ID of the new account\n"), stderr);
-@@ -943,6 +946,57 @@
- }
- 
- /*
-+ * process_root_flag - chroot if given the --root option
-+ *
-+ * We do this outside of process_flags() because
-+ * the is_shadow_pwd boolean needs to be set before
-+ * process_flags(), and if we do need to chroot() we
-+ * must do so before is_shadow_pwd gets set.
-+ */
-+static void process_root_flag (int argc, char **argv)
-+{
-+	/*
-+	 * Parse the command line options.
-+	 */
-+	int i;
-+        char *root;
-+
-+        for (i = 0; i < argc; i++) {
-+		if (!strcmp (argv[i], "--root") || !strcmp (argv[i], "-R")) {
-+			if (i + 1 == argc) {
-+				fprintf (stderr,
-+				         _("%s: option '%s' requires an argument\n"),
-+				         Prog, argv[i]);
-+				exit (E_BAD_ARG);
-+			}
-+			root = argv[i + 1];
-+
-+			if ('/' != root[0]) {
-+				fprintf (stderr,
-+				         _("%s: invalid chroot path '%s'\n"),
-+				         Prog, root);
-+				exit (E_BAD_ARG);
-+			}
-+			newroot = root;
-+
-+			if (access (newroot, F_OK) != 0) {
-+				fprintf(stderr,
-+				        _("%s: chroot directory %s does not exist\n"),
-+				        Prog, newroot);
-+				exit (E_BAD_ARG);
-+			}
-+			if ( chroot(newroot) != 0 ) {
-+				fprintf(stderr,
-+				        _("%s: unable to chroot to directory %s\n"),
-+				        Prog, newroot);
-+				exit (E_BAD_ARG);
-+			}
-+			break;
-+		}
-+	}
-+}
-+
-+/*
-  * process_flags - perform command line argument setting
-  *
-  *	process_flags() interprets the command line arguments and sets
-@@ -978,6 +1032,7 @@
- 			{"no-user-group", no_argument, NULL, 'N'},
- 			{"non-unique", no_argument, NULL, 'o'},
- 			{"password", required_argument, NULL, 'p'},
-+			{"root", required_argument, NULL, 'R'},
- 			{"system", no_argument, NULL, 'r'},
- 			{"shell", required_argument, NULL, 's'},
- #ifdef WITH_SELINUX
-@@ -989,9 +1044,9 @@
- 		};
- 		while ((c = getopt_long (argc, argv,
- #ifdef WITH_SELINUX
--		                         "b:c:d:De:f:g:G:k:K:lmMNop:rs:u:UZ:",
-+		                         "b:c:d:De:f:g:G:k:K:lmMNop:R:rs:u:UZ:",
- #else
--		                         "b:c:d:De:f:g:G:k:K:lmMNop:rs:u:U",
-+		                         "b:c:d:De:f:g:G:k:K:lmMNop:R:rs:u:U",
- #endif
- 		                         long_options, NULL)) != -1) {
- 			switch (c) {
-@@ -1156,6 +1211,9 @@
- 				}
- 				user_pass = optarg;
- 				break;
-+			case 'R':
-+				/* no-op since we handled this in process_root_flag() earlier */
-+				break;
- 			case 'r':
- 				rflg = true;
- 				break;
-@@ -1735,6 +1793,36 @@
- 	}
- }
- #endif
-+
-+/*
-+ * mkdir_p - create directories, including parent directories when needed
-+ *
-+ * similar to mkdir -p
-+ */
-+void mkdir_p(const char *path) {
-+	int len = strlen(path);
-+	char newdir[len + 1];
-+	mode_t mode = 0755;
-+	int i = 0;
-+
-+	if (path[i] == '\0') {
-+		return;
-+	}
-+
-+	/* skip the leading '/' */
-+	i++;
-+
-+	while(path[i] != '\0') {
-+		if (path[i] == '/') {
-+			strncpy(newdir, path, i);
-+			newdir[i] = '\0';
-+			mkdir(newdir, mode);
-+		}
-+		i++;
-+	}
-+	mkdir(path, mode);
-+}
-+
- /*
-  * create_home - create the user's home directory
-  *
-@@ -1748,34 +1836,31 @@
- #ifdef WITH_SELINUX
- 		selinux_file_context (user_home);
- #endif
--		/* XXX - create missing parent directories.  --marekm */
--		if (mkdir (user_home, 0) != 0) {
--			fprintf (stderr,
--			         _("%s: cannot create directory %s\n"),
--			         Prog, user_home);
--#ifdef WITH_AUDIT
--			audit_logger (AUDIT_ADD_USER, Prog,
--			              "adding home directory",
--			              user_name, (unsigned int) user_id,
--			              SHADOW_AUDIT_FAILURE);
--#endif
--			fail_exit (E_HOMEDIR);
--		}
--		chown (user_home, user_id, user_gid);
--		chmod (user_home,
--		       0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));
--		home_added = true;
-+		mkdir_p(user_home);
-+	}
-+	if (access (user_home, F_OK) != 0) {
- #ifdef WITH_AUDIT
- 		audit_logger (AUDIT_ADD_USER, Prog,
- 		              "adding home directory",
- 		              user_name, (unsigned int) user_id,
--		              SHADOW_AUDIT_SUCCESS);
-+		              SHADOW_AUDIT_FAILURE);
-+#endif
-+		fail_exit (E_HOMEDIR);
-+	}
-+	chown (user_home, user_id, user_gid);
-+	chmod (user_home,
-+	       0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));
-+	home_added = true;
-+#ifdef WITH_AUDIT
-+	audit_logger (AUDIT_ADD_USER, Prog,
-+	              "adding home directory",
-+	              user_name, (unsigned int) user_id,
-+	              SHADOW_AUDIT_SUCCESS);
- #endif
- #ifdef WITH_SELINUX
--		/* Reset SELinux to create files with default contexts */
--		setfscreatecon (NULL);
-+	/* Reset SELinux to create files with default contexts */
-+	setfscreatecon (NULL);
- #endif
--	}
- }
- 
- /*
-@@ -1861,6 +1946,7 @@
- 	 */
- 	user_groups[0] = (char *) 0;
- 
-+	process_root_flag (argc, argv);
- 
- 	is_shadow_pwd = spw_file_present ();
- #ifdef SHADOWGRP
-diff -urN shadow-4.1.4.3.orig//src/userdel.c shadow-4.1.4.3//src/userdel.c
---- shadow-4.1.4.3.orig//src/userdel.c	2011-09-29 12:00:45.216000091 +0100
-+++ shadow-4.1.4.3//src/userdel.c	2011-09-29 11:59:28.389000092 +0100
-@@ -79,6 +79,7 @@
- static char *user_name;
- static uid_t user_id;
- static char *user_home;
-+static const char *newroot = "";
- 
- static bool fflg = false;
- static bool rflg = false;
-@@ -119,6 +120,7 @@
- 	         "  -f, --force                   force removal of files,\n"
- 	         "                                even if not owned by user\n"
- 	         "  -h, --help                    display this help message and exit\n"
-+	         "  -R, --root CHROOT_DIR         directory to chroot into\n"
- 	         "  -r, --remove                  remove home directory and mail spool\n"
- 	         "\n"), stderr);
- 	exit (E_USAGE);
-@@ -768,12 +770,34 @@
- 			{"remove", no_argument, NULL, 'r'},
- 			{NULL, 0, NULL, '\0'}
- 		};
--		while ((c = getopt_long (argc, argv, "fhr",
-+		while ((c = getopt_long (argc, argv, "fhR:r",
- 		                         long_options, NULL)) != -1) {
- 			switch (c) {
- 			case 'f':	/* force remove even if not owned by user */
- 				fflg = true;
- 				break;
-+			case 'R':
-+				if ('/' != optarg[0]) {
-+					fprintf (stderr,
-+					         _("%s: invalid chroot path '%s'\n"),
-+					         Prog, optarg);
-+					exit (E_BAD_ARG);
-+				}
-+				newroot = optarg;
-+
-+				if (access (newroot, F_OK) != 0) {
-+					fprintf(stderr,
-+					        _("%s: chroot directory %s does not exist\n"),
-+					        Prog, newroot);
-+					exit (E_BAD_ARG);
-+				}
-+				if ( chroot(newroot) != 0 ) {
-+					fprintf(stderr,
-+					        _("%s: unable to chroot to directory %s\n"),
-+					        Prog, newroot);
-+					exit (E_BAD_ARG);
-+				}
-+				break;
- 			case 'r':	/* remove home dir and mailbox */
- 				rflg = true;
- 				break;
-diff -urN shadow-4.1.4.3.orig//src/usermod.c shadow-4.1.4.3//src/usermod.c
---- shadow-4.1.4.3.orig//src/usermod.c	2011-09-29 12:00:45.216000091 +0100
-+++ shadow-4.1.4.3//src/usermod.c	2011-09-29 11:59:28.390000092 +0100
-@@ -110,6 +110,7 @@
- static long user_newinactive;
- static long sys_ngroups;
- static char **user_groups;	/* NULL-terminated list */
-+static const char *newroot = "";
- 
- static bool
-     aflg = false,		/* append to existing secondary group set */
-@@ -164,6 +165,7 @@
- #endif
- static void grp_update (void);
- 
-+static void process_root_flag (int, char **);
- static void process_flags (int, char **);
- static void close_files (void);
- static void open_files (void);
-@@ -323,6 +325,7 @@
- 	         "                                new location (use only with -d)\n"
- 	         "  -o, --non-unique              allow using duplicate (non-unique) UID\n"
- 	         "  -p, --password PASSWORD       use encrypted password for the new password\n"
-+	         "  -R  --root CHROOT_DIR         directory to chroot into\n"
- 	         "  -s, --shell SHELL             new login shell for the user account\n"
- 	         "  -u, --uid UID                 new UID for the user account\n"
- 	         "  -U, --unlock                  unlock the user account\n"
-@@ -802,6 +805,58 @@
- }
- 
- /*
-+ * process_root_flag - chroot if given the --root option
-+ *
-+ * We do this outside of process_flags() because
-+ * the is_shadow_pwd boolean needs to be set before
-+ * process_flags(), and if we do need to chroot() we
-+ * must do so before is_shadow_pwd gets set.
-+ */
-+static void process_root_flag (int argc, char **argv)
-+{
-+	/*
-+	 * Parse the command line options.
-+	 */
-+	int i;
-+        char *root;
-+
-+        for (i = 0; i < argc; i++) {
-+		if (!strcmp (argv[i], "--root") || !strcmp (argv[i], "-R")) {
-+			if (i + 1 == argc) {
-+				fprintf (stderr,
-+				         _("%s: option '%s' requires an argument\n"),
-+				         Prog, argv[i]);
-+				exit (E_BAD_ARG);
-+			}
-+			root = argv[i + 1];
-+
-+			if (    (!VALID (root) ) 
-+				|| (   ('/' != root[0]) ) ) {
-+				fprintf (stderr,
-+				         _("%s: invalid chroot path '%s'\n"),
-+				         Prog, root);
-+				exit (E_BAD_ARG);
-+			}
-+			newroot = root;
-+
-+			if (access (newroot, F_OK) != 0) {
-+				fprintf(stderr,
-+				        _("%s: chroot directory %s does not exist\n"),
-+				        Prog, newroot);
-+				exit (E_BAD_ARG);
-+			}
-+			if ( chroot(newroot) != 0 ) {
-+				fprintf(stderr,
-+				        _("%s: unable to chroot to directory %s\n"),
-+				        Prog, newroot);
-+				exit (E_BAD_ARG);
-+			}
-+			break;
-+		}
-+	}
-+}
-+
-+/*
-  * process_flags - perform command line argument setting
-  *
-  *	process_flags() interprets the command line arguments and sets the
-@@ -895,6 +950,7 @@
- 			{"move-home", no_argument, NULL, 'm'},
- 			{"non-unique", no_argument, NULL, 'o'},
- 			{"password", required_argument, NULL, 'p'},
-+			{"root", required_argument, NULL, 'R'},
- #ifdef WITH_SELINUX
- 			{"selinux-user", required_argument, NULL, 'Z'},
- #endif
-@@ -905,9 +961,9 @@
- 		};
- 		while ((c = getopt_long (argc, argv,
- #ifdef WITH_SELINUX
--			                 "ac:d:e:f:g:G:hl:Lmop:s:u:UZ:",
-+			                 "ac:d:e:f:g:G:hl:Lmop:R:s:u:UZ:",
- #else
--			                 "ac:d:e:f:g:G:hl:Lmop:s:u:U",
-+			                 "ac:d:e:f:g:G:hl:Lmop:R:s:u:U",
- #endif
- 			                 long_options, NULL)) != -1) {
- 			switch (c) {
-@@ -999,6 +1055,9 @@
- 				user_pass = optarg;
- 				pflg = true;
- 				break;
-+			case 'R':
-+				/* no-op since we handled this in process_root_flag() earlier */
-+				break;
- 			case 's':
- 				if (!VALID (optarg)) {
- 					fprintf (stderr,
-@@ -1715,6 +1774,8 @@
- 
- 	OPENLOG ("usermod");
- 
-+	process_root_flag (argc, argv);
-+
- 	is_shadow_pwd = spw_file_present ();
- #ifdef SHADOWGRP
- 	is_shadow_grp = sgr_file_present ();
diff --git a/meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch b/meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch
index eafb935..68da25f 100644
--- a/meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch
+++ b/meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch
@@ -3,20 +3,19 @@  Upstream-Status: Inappropriate [OE specific]
 Allow for setting password in clear text.
 
 Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
-
 ---
  src/Makefile.am |    8 ++++----
  src/groupadd.c  |    8 +++++++-
- src/groupmod.c  |    9 ++++++++-
+ src/groupmod.c  |    8 +++++++-
  src/useradd.c   |    9 +++++++--
- src/usermod.c   |   10 ++++++++--
- 5 files changed, 34 insertions(+), 10 deletions(-)
+ src/usermod.c   |    8 +++++++-
+ 5 files changed, 32 insertions(+), 9 deletions(-)
 
 diff --git a/src/Makefile.am b/src/Makefile.am
-index 6a3b4c5..1ffdbc6 100644
+index 25e288d..856b087 100644
 --- a/src/Makefile.am
 +++ b/src/Makefile.am
-@@ -76,10 +76,10 @@ chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT)
+@@ -88,10 +88,10 @@ chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT)
  chsh_LDADD     = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
  chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT)
  gpasswd_LDADD  = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT)
@@ -29,47 +28,46 @@  index 6a3b4c5..1ffdbc6 100644
  grpck_LDADD    = $(LDADD) $(LIBSELINUX)
  grpconv_LDADD  = $(LDADD) $(LIBSELINUX)
  grpunconv_LDADD = $(LDADD) $(LIBSELINUX)
-@@ -99,9 +99,9 @@ su_SOURCES     = \
+@@ -111,9 +111,9 @@ su_SOURCES     = \
  	suauth.c
  su_LDADD       = $(LDADD) $(LIBPAM) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
  sulogin_LDADD  = $(LDADD) $(LIBCRYPT)
--useradd_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
-+useradd_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT)
- userdel_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
--usermod_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
-+usermod_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT)
+-useradd_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR)
++useradd_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBCRYPT)
+ userdel_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE)
+-usermod_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR)
++usermod_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBCRYPT)
  vipw_LDADD     = $(LDADD) $(LIBSELINUX)
  
  install-am: all-am
 diff --git a/src/groupadd.c b/src/groupadd.c
-index 66b38de..3157486 100644
+index f716f57..4e28c26 100644
 --- a/src/groupadd.c
 +++ b/src/groupadd.c
-@@ -124,6 +124,7 @@ static void usage (void)
+@@ -124,6 +124,7 @@ static /*@noreturn@*/void usage (int status)
  	(void) fputs (_("  -o, --non-unique              allow to create groups with duplicate\n"
- 	                "                                (non-unique) GID\n"), stderr);
- 	(void) fputs (_("  -p, --password PASSWORD       use this encrypted password for the new group\n"), stderr);
-+	(void) fputs (_("  -P, --clear-password PASSWORD use this clear text password for the new group\n"), stderr);
- 	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), stderr);
- 	(void) fputs (_("  -r, --system                  create a system account\n"), stderr);
- 	(void) fputs ("\n", stderr);
-@@ -388,13 +389,14 @@ static void process_flags (int argc, char **argv)
- 		{"key", required_argument, NULL, 'K'},
- 		{"non-unique", no_argument, NULL, 'o'},
- 		{"password", required_argument, NULL, 'p'},
+ 	                "                                (non-unique) GID\n"), usageout);
+ 	(void) fputs (_("  -p, --password PASSWORD       use this encrypted password for the new group\n"), usageout);
++	(void) fputs (_("  -P, --clear-password PASSWORD use this clear password for the new group\n"), usageout);
+ 	(void) fputs (_("  -r, --system                  create a system account\n"), usageout);
+ 	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), usageout);
+ 	(void) fputs ("\n", usageout);
+@@ -387,12 +388,13 @@ static void process_flags (int argc, char **argv)
+ 		{"key",        required_argument, NULL, 'K'},
+ 		{"non-unique", no_argument,       NULL, 'o'},
+ 		{"password",   required_argument, NULL, 'p'},
 +		{"clear-password", required_argument, NULL, 'P'},
- 		{"root", required_argument, NULL, 'R'},
- 		{"system", no_argument, NULL, 'r'},
+ 		{"system",     no_argument,       NULL, 'r'},
+ 		{"root",       required_argument, NULL, 'R'},
  		{NULL, 0, NULL, '\0'}
  	};
  
- 	while ((c =
--		getopt_long (argc, argv, "fg:hK:op:R:r", long_options,
-+		getopt_long (argc, argv, "fg:hK:op:P:R:r", long_options,
- 		             &option_index)) != -1) {
+-	while ((c = getopt_long (argc, argv, "fg:hK:op:rR:",
++	while ((c = getopt_long (argc, argv, "fg:hK:op:P:rR:",
+ 		                 long_options, NULL)) != -1) {
  		switch (c) {
  		case 'f':
-@@ -446,6 +448,10 @@ static void process_flags (int argc, char **argv)
+@@ -444,6 +446,10 @@ static void process_flags (int argc, char **argv)
  			pflg = true;
  			group_passwd = optarg;
  			break;
@@ -77,37 +75,35 @@  index 66b38de..3157486 100644
 +			pflg = true;
 +			group_passwd = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
 +			break;
- 		case 'R':
- 			if ('/' != optarg[0]) {
- 				fprintf (stderr,
+ 		case 'r':
+ 			rflg = true;
+ 			break;
 diff --git a/src/groupmod.c b/src/groupmod.c
-index 27eb159..17acbc3 100644
+index d9d3807..68f49d1 100644
 --- a/src/groupmod.c
 +++ b/src/groupmod.c
-@@ -127,6 +127,8 @@ static void usage (void)
- 	(void) fputs (_("  -o, --non-unique              allow to use a duplicate (non-unique) GID\n"), stderr);
+@@ -127,6 +127,7 @@ static void usage (int status)
+ 	(void) fputs (_("  -o, --non-unique              allow to use a duplicate (non-unique) GID\n"), usageout);
  	(void) fputs (_("  -p, --password PASSWORD       change the password to this (encrypted)\n"
- 	                "                                PASSWORD\n"), stderr);
-+	(void) fputs (_("  -P, --clear-password PASSWORD change the password to this (clear text)\n"
-+	                "                                PASSWORD\n"), stderr);
- 	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), stderr);
- 	(void) fputs ("\n", stderr);
- 	exit (E_USAGE);
-@@ -348,11 +350,12 @@ static void process_flags (int argc, char **argv)
- 		{"new-name", required_argument, NULL, 'n'},
- 		{"non-unique", no_argument, NULL, 'o'},
- 		{"password", required_argument, NULL, 'p'},
+ 	                "                                PASSWORD\n"), usageout);
++	(void) fputs (_("  -P, --clear-password PASSWORD change the password to this clear PASSWORD\n"), usageout);
+ 	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), usageout);
+ 	(void) fputs ("\n", usageout);
+ 	exit (status);
+@@ -375,10 +376,11 @@ static void process_flags (int argc, char **argv)
+ 		{"new-name",   required_argument, NULL, 'n'},
+ 		{"non-unique", no_argument,       NULL, 'o'},
+ 		{"password",   required_argument, NULL, 'p'},
 +		{"clear-password", required_argument, NULL, 'P'},
- 		{"root", required_argument, NULL, 'R'},
+ 		{"root",       required_argument, NULL, 'R'},
  		{NULL, 0, NULL, '\0'}
  	};
- 	while ((c =
--		getopt_long (argc, argv, "g:hn:op:R:",
-+		getopt_long (argc, argv, "g:hn:op:P:R:",
- 		             long_options, &option_index)) != -1) {
+-	while ((c = getopt_long (argc, argv, "g:hn:op:R:",
++	while ((c = getopt_long (argc, argv, "g:hn:op:P:R:",
+ 		                 long_options, NULL)) != -1) {
  		switch (c) {
  		case 'g':
-@@ -376,6 +379,10 @@ static void process_flags (int argc, char **argv)
+@@ -405,6 +407,10 @@ static void process_flags (int argc, char **argv)
  			group_passwd = optarg;
  			pflg = true;
  			break;
@@ -115,84 +111,81 @@  index 27eb159..17acbc3 100644
 +			group_passwd = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
 +			pflg = true;
 +			break;
- 		case 'R':
- 			if ('/' != optarg[0]) {
- 				fprintf (stderr,
+ 		case 'R': /* no-op, handled in process_root_flag () */
+ 			break;
+ 		default:
 diff --git a/src/useradd.c b/src/useradd.c
-index 2102630..390909c 100644
+index b3bd451..4416f90 100644
 --- a/src/useradd.c
 +++ b/src/useradd.c
-@@ -716,6 +716,7 @@ static void usage (void)
+@@ -773,6 +773,7 @@ static void usage (int status)
  	(void) fputs (_("  -o, --non-unique              allow to create users with duplicate\n"
- 	                "                                (non-unique) UID\n"), stderr);
- 	(void) fputs (_("  -p, --password PASSWORD       encrypted password of the new account\n"), stderr);
-+	(void) fputs (_("  -P, --clear-password PASSWORD clear text password of the new account\n"), stderr);
- 	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), stderr);
- 	(void) fputs (_("  -r, --system                  create a system account\n"), stderr);
- 	(void) fputs (_("  -s, --shell SHELL             login shell of the new account\n"), stderr);
-@@ -1035,6 +1036,7 @@ static void process_flags (int argc, char **argv)
- 			{"no-user-group", no_argument, NULL, 'N'},
- 			{"non-unique", no_argument, NULL, 'o'},
- 			{"password", required_argument, NULL, 'p'},
+ 	                "                                (non-unique) UID\n"), usageout);
+ 	(void) fputs (_("  -p, --password PASSWORD       encrypted password of the new account\n"), usageout);
++	(void) fputs (_("  -P, --clear-password PASSWORD clear password of the new account\n"), usageout);
+ 	(void) fputs (_("  -r, --system                  create a system account\n"), usageout);
+ 	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), usageout);
+ 	(void) fputs (_("  -s, --shell SHELL             login shell of the new account\n"), usageout);
+@@ -1047,6 +1048,7 @@ static void process_flags (int argc, char **argv)
+ 			{"no-user-group",  no_argument,       NULL, 'N'},
+ 			{"non-unique",     no_argument,       NULL, 'o'},
+ 			{"password",       required_argument, NULL, 'p'},
 +			{"clear-password", required_argument, NULL, 'P'},
- 			{"root", required_argument, NULL, 'R'},
- 			{"system", no_argument, NULL, 'r'},
- 			{"shell", required_argument, NULL, 's'},
-@@ -1047,9 +1049,9 @@ static void process_flags (int argc, char **argv)
+ 			{"system",         no_argument,       NULL, 'r'},
+ 			{"root",           required_argument, NULL, 'R'},
+ 			{"shell",          required_argument, NULL, 's'},
+@@ -1059,9 +1061,9 @@ static void process_flags (int argc, char **argv)
  		};
  		while ((c = getopt_long (argc, argv,
  #ifdef WITH_SELINUX
--		                         "b:c:d:De:f:g:G:k:K:lmMNop:R:rs:u:UZ:",
-+		                         "b:c:d:De:f:g:G:k:K:lmMNop:P:R:rs:u:UZ:",
- #else
--		                         "b:c:d:De:f:g:G:k:K:lmMNop:R:rs:u:U",
-+		                         "b:c:d:De:f:g:G:k:K:lmMNop:P:R:rs:u:U",
- #endif
+-		                         "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:UZ:",
++		                         "b:c:d:De:f:g:G:hk:K:lmMNop:P:rR:s:u:UZ:",
+ #else				/* !WITH_SELINUX */
+-		                         "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:U",
++		                         "b:c:d:De:f:g:G:hk:K:lmMNop:P:rR:s:u:U",
+ #endif				/* !WITH_SELINUX */
  		                         long_options, NULL)) != -1) {
  			switch (c) {
-@@ -1214,6 +1216,9 @@ static void process_flags (int argc, char **argv)
+@@ -1227,6 +1229,9 @@ static void process_flags (int argc, char **argv)
  				}
  				user_pass = optarg;
  				break;
-+			case 'P':	/* set clear text password */
++			case 'P': /* set clear text password */
 +				user_pass = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
 +				break;
- 			case 'R':
- 				/* no-op since we handled this in process_root_flag() earlier */
+ 			case 'r':
+ 				rflg = true;
  				break;
 diff --git a/src/usermod.c b/src/usermod.c
-index 8363597..f4c1cee 100644
+index e7d4351..b79f7a3 100644
 --- a/src/usermod.c
 +++ b/src/usermod.c
-@@ -325,6 +325,7 @@ static void usage (void)
- 	         "                                new location (use only with -d)\n"
- 	         "  -o, --non-unique              allow using duplicate (non-unique) UID\n"
- 	         "  -p, --password PASSWORD       use encrypted password for the new password\n"
-+	         "  -P, --clear-password PASSWORD       use clear text password for the new password\n"
- 	         "  -R  --root CHROOT_DIR         directory to chroot into\n"
- 	         "  -s, --shell SHELL             new login shell for the user account\n"
- 	         "  -u, --uid UID                 new UID for the user account\n"
-@@ -950,6 +951,7 @@ static void process_flags (int argc, char **argv)
- 			{"move-home", no_argument, NULL, 'm'},
- 			{"non-unique", no_argument, NULL, 'o'},
- 			{"password", required_argument, NULL, 'p'},
+@@ -419,6 +419,7 @@ static /*@noreturn@*/void usage (int status)
+ 	                "                                new location (use only with -d)\n"), usageout);
+ 	(void) fputs (_("  -o, --non-unique              allow using duplicate (non-unique) UID\n"), usageout);
+ 	(void) fputs (_("  -p, --password PASSWORD       use encrypted password for the new password\n"), usageout);
++	(void) fputs (_("  -P, --clear-password PASSWORD use clear password for the new password\n"), usageout);
+ 	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), usageout);
+ 	(void) fputs (_("  -s, --shell SHELL             new login shell for the user account\n"), usageout);
+ 	(void) fputs (_("  -u, --uid UID                 new UID for the user account\n"), usageout);
+@@ -996,6 +997,7 @@ static void process_flags (int argc, char **argv)
+ 			{"move-home",    no_argument,       NULL, 'm'},
+ 			{"non-unique",   no_argument,       NULL, 'o'},
+ 			{"password",     required_argument, NULL, 'p'},
 +			{"clear-password", required_argument, NULL, 'P'},
- 			{"root", required_argument, NULL, 'R'},
- #ifdef WITH_SELINUX
- 			{"selinux-user", required_argument, NULL, 'Z'},
-@@ -961,9 +963,9 @@ static void process_flags (int argc, char **argv)
+ 			{"root",         required_argument, NULL, 'R'},
+ 			{"shell",        required_argument, NULL, 's'},
+ 			{"uid",          required_argument, NULL, 'u'},
+@@ -1012,7 +1014,7 @@ static void process_flags (int argc, char **argv)
+ 			{NULL, 0, NULL, '\0'}
  		};
  		while ((c = getopt_long (argc, argv,
- #ifdef WITH_SELINUX
--			                 "ac:d:e:f:g:G:hl:Lmop:R:s:u:UZ:",
-+			                 "ac:d:e:f:g:G:hl:Lmop:P:R:s:u:UZ:",
- #else
--			                 "ac:d:e:f:g:G:hl:Lmop:R:s:u:U",
-+			                 "ac:d:e:f:g:G:hl:Lmop:P:R:s:u:U",
- #endif
- 			                 long_options, NULL)) != -1) {
- 			switch (c) {
-@@ -1055,6 +1057,10 @@ static void process_flags (int argc, char **argv)
+-		                         "ac:d:e:f:g:G:hl:Lmop:R:s:u:U"
++		                         "ac:d:e:f:g:G:hl:Lmop:P:R:s:u:U"
+ #ifdef ENABLE_SUBIDS
+ 		                         "v:w:V:W:"
+ #endif				/* ENABLE_SUBIDS */
+@@ -1112,6 +1114,10 @@ static void process_flags (int argc, char **argv)
  				user_pass = optarg;
  				pflg = true;
  				break;
@@ -200,9 +193,9 @@  index 8363597..f4c1cee 100644
 +				user_pass = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
 +				pflg = true;
 +				break;
- 			case 'R':
- 				/* no-op since we handled this in process_root_flag() earlier */
+ 			case 'R': /* no-op, handled in process_root_flag () */
  				break;
+ 			case 's':
 -- 
 1.7.9.5
 
diff --git a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch
new file mode 100644
index 0000000..4fa3d18
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch
@@ -0,0 +1,46 @@ 
+Upstream-Status: Inappropriate [OE specific]
+
+commonio.c: fix unexpected open failure in chroot environment
+
+When using commands with '-R <newroot>' option in our pseudo environment,
+we would usually get the 'Pemission Denied' error. This patch serves as
+a workaround to this problem.
+
+Note that this patch doesn't change the logic in the code, it just expands
+the codes.
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ lib/commonio.c |   16 ++++++++++++----
+ 1 file changed, 12 insertions(+), 4 deletions(-)
+
+diff --git a/lib/commonio.c b/lib/commonio.c
+index cc536bf..51cafd9 100644
+--- a/lib/commonio.c
++++ b/lib/commonio.c
+@@ -613,10 +613,18 @@ int commonio_open (struct commonio_db *db, int mode)
+ 	db->cursor = NULL;
+ 	db->changed = false;
+ 
+-	fd = open (db->filename,
+-	             (db->readonly ? O_RDONLY : O_RDWR)
+-	           | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW);
+-	saved_errno = errno;
++	if (db->readonly) {
++		fd = open (db->filename,
++			   (true ? O_RDONLY : O_RDWR)
++			   | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW);
++		saved_errno = errno;
++	} else {
++		fd = open (db->filename,
++			   (false ? O_RDONLY : O_RDWR)
++			   | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW);
++		saved_errno = errno;
++	}
++
+ 	db->fp = NULL;
+ 	if (fd >= 0) {
+ #ifdef WITH_TCB
+-- 
+1.7.9.5
+
diff --git a/meta/recipes-extended/shadow/files/fix-etc-gshadow-reading.patch b/meta/recipes-extended/shadow/files/fix-etc-gshadow-reading.patch
deleted file mode 100644
index 80ebdc2..0000000
--- a/meta/recipes-extended/shadow/files/fix-etc-gshadow-reading.patch
+++ /dev/null
@@ -1,36 +0,0 @@ 
-shadow: Fix parsing of gshadow entries
-
-Upstream-Status: Backport [http://anonscm.debian.org/viewvc/pkg-shadow?view=revision&revision=3096]
-
-newgrp command does not function properly.
-Even with the valid password, it outputs: "'Invalid password'"
-
-Signed-off-by: Roy.Li <rongqing.li@windriver.com>
-
-2010-02-14  Michael Bunk  <mb@computer-leipzig.com>
-
-	* NEWS, lib/gshadow.c: Fix parsing of gshadow entries.
-
-diff -urpN a/lib/gshadow.c b/lib/gshadow.c
---- a/lib/gshadow.c	2013-07-11 10:18:15.745450428 +0800
-+++ b/lib/gshadow.c	2013-07-11 10:17:30.465450280 +0800
-@@ -222,6 +222,7 @@ void endsgent (void)
- 		if (NULL == buf) {
- 			return NULL;
- 		}
-+		buflen = BUFSIZ;
- 	}
- 
- 	if (NULL == fp) {
-@@ -229,9 +230,9 @@ void endsgent (void)
- 	}
- 
- #ifdef	USE_NIS
--	while (fgetsx (buf, (int) sizeof buf, fp) == buf)
-+	while (fgetsx (buf, (int) buflen, fp) == buf)
- #else
--	if (fgetsx (buf, (int) sizeof buf, fp) == buf)
-+	if (fgetsx (buf, (int) buflen, fp) == buf)
- #endif
- 	{
- 		while (   ((cp = strrchr (buf, '\n')) == NULL)
diff --git a/meta/recipes-extended/shadow/files/fix-installation-failure-with-subids-disabled.patch b/meta/recipes-extended/shadow/files/fix-installation-failure-with-subids-disabled.patch
new file mode 100644
index 0000000..aca5252
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/fix-installation-failure-with-subids-disabled.patch
@@ -0,0 +1,28 @@ 
+From 384f8c0b4800eb910a975ab9bd3b8bd2e1d89269 Mon Sep 17 00:00:00 2001
+From: Chen Qi <Qi.Chen@windriver.com>
+Date: Tue, 27 May 2014 14:23:56 +0800
+Subject: [PATCH] fix installation failure with subids disabled
+
+---
+ src/Makefile.am |    5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/Makefile.am b/src/Makefile.am
+index 25e288d..076f8ef 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -52,7 +52,10 @@ usbin_PROGRAMS = \
+ noinst_PROGRAMS = id sulogin
+ 
+ suidbins       = su
+-suidubins      = chage chfn chsh expiry gpasswd newgrp passwd newuidmap newgidmap
++suidubins      = chage chfn chsh expiry gpasswd newgrp passwd
++if ENABLE_SUBIDS
++suidubins += newgidmap newuidmap
++endif
+ if ACCT_TOOLS_SETUID
+ 	suidubins += chage chgpasswd chpasswd groupadd groupdel groupmod newusers useradd userdel usermod
+ endif
+-- 
+1.7.9.5
+
diff --git a/meta/recipes-extended/shadow/files/shadow-4.1.4.2-env-reset-keep-locale.patch b/meta/recipes-extended/shadow/files/shadow-4.1.4.2-env-reset-keep-locale.patch
deleted file mode 100644
index 6514746..0000000
--- a/meta/recipes-extended/shadow/files/shadow-4.1.4.2-env-reset-keep-locale.patch
+++ /dev/null
@@ -1,31 +0,0 @@ 
-# commit message copied from openembedded:
-#    commit 246c80637b135f3a113d319b163422f98174ee6c
-#    Author: Khem Raj <raj.khem@gmail.com>
-#    Date:   Wed Jun 9 13:37:03 2010 -0700
-#
-#    shadow-4.1.4.2: Add patches to support dots in login id.
-#    
-#    Signed-off-by: Khem Raj <raj.khem@gmail.com>
-#
-# comment added by Kevin Tian <kevin.tian@intel.com>, 2010-08-11
-
-http://bugs.gentoo.org/283725
-https://alioth.debian.org/tracker/index.php?func=detail&aid=311740&group_id=30580&atid=411480
-
-Upstream-Status: Pending
-
-Signed-off-by: Scott Garman <scott.a.garman@intel.com>
-
-Index: shadow-4.1.4.2/libmisc/env.c
-===================================================================
---- shadow-4.1.4.2.orig/libmisc/env.c	2009-04-27 13:07:56.000000000 -0700
-+++ shadow-4.1.4.2/libmisc/env.c	2010-06-03 17:44:51.456408474 -0700
-@@ -251,7 +251,7 @@ void sanitize_env (void)
- 			if (strncmp (*cur, *bad, strlen (*bad)) != 0) {
- 				continue;
- 			}
--			if (strchr (*cur, '/') != NULL) {
-+			if (strchr (*cur, '/') == NULL) {
- 				continue;	/* OK */
- 			}
- 			for (move = cur; NULL != *move; move++) {
diff --git a/meta/recipes-extended/shadow/files/shadow-4.1.4.2-groupmod-pam-check.patch b/meta/recipes-extended/shadow/files/shadow-4.1.4.2-groupmod-pam-check.patch
deleted file mode 100644
index 640200b..0000000
--- a/meta/recipes-extended/shadow/files/shadow-4.1.4.2-groupmod-pam-check.patch
+++ /dev/null
@@ -1,36 +0,0 @@ 
-# commit message copied from openembedded:
-#    commit 246c80637b135f3a113d319b163422f98174ee6c
-#    Author: Khem Raj <raj.khem@gmail.com>
-#    Date:   Wed Jun 9 13:37:03 2010 -0700
-#
-#    shadow-4.1.4.2: Add patches to support dots in login id.
-#    
-#    Signed-off-by: Khem Raj <raj.khem@gmail.com>
-#
-# comment added by Kevin Tian <kevin.tian@intel.com>, 2010-08-11
-
-http://bugs.gentoo.org/300790
-http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/2009-November/007850.html
-
-2009-11-05  Nicolas Fran├žois  <nicolas.francois@centraliens.net>
-
-	* NEWS, src/groupmod.c: Fixed groupmod when configured with
-	--enable-account-tools-setuid.
-
-Upstream-Status: Pending
-
-Signed-off-by: Scott Garman <scott.a.garman@intel.com>
-
-Index: shadow-4.1.4.2/src/groupmod.c
-===================================================================
---- shadow-4.1.4.2.orig/src/groupmod.c	2009-06-05 15:16:58.000000000 -0700
-+++ shadow-4.1.4.2/src/groupmod.c	2010-06-03 17:45:43.828952613 -0700
-@@ -720,7 +720,7 @@ int main (int argc, char **argv)
- 	{
- 		struct passwd *pampw;
- 		pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
--		if (NULL == pamh) {
-+		if (NULL == pampw) {
- 			fprintf (stderr,
- 			         _("%s: Cannot determine your user name.\n"),
- 			         Prog);
diff --git a/meta/recipes-extended/shadow/files/shadow-4.1.4.2-su_no_sanitize_env.patch b/meta/recipes-extended/shadow/files/shadow-4.1.4.2-su_no_sanitize_env.patch
deleted file mode 100644
index 0dc4d75..0000000
--- a/meta/recipes-extended/shadow/files/shadow-4.1.4.2-su_no_sanitize_env.patch
+++ /dev/null
@@ -1,31 +0,0 @@ 
-# commit message copied from openembedded:
-#    commit 246c80637b135f3a113d319b163422f98174ee6c
-#    Author: Khem Raj <raj.khem@gmail.com>
-#    Date:   Wed Jun 9 13:37:03 2010 -0700
-#
-#    shadow-4.1.4.2: Add patches to support dots in login id.
-#    
-#    Signed-off-by: Khem Raj <raj.khem@gmail.com>
-#
-# comment added by Kevin Tian <kevin.tian@intel.com>, 2010-08-11
-
-http://bugs.gentoo.org/show_bug.cgi?id=301957
-https://alioth.debian.org/scm/browser.php?group_id=30580
-
-Upstream-Status: Pending
-
-Signed-off-by: Scott Garman <scott.a.garman@intel.com>
-
-Index: shadow-4.1.4.2/src/su.c
-===================================================================
---- shadow-4.1.4.2.orig/src/su.c	2009-07-23 13:38:56.000000000 -0700
-+++ shadow-4.1.4.2/src/su.c	2010-06-03 17:46:47.718944010 -0700
-@@ -378,7 +378,7 @@ int main (int argc, char **argv)
- #endif
- #endif				/* !USE_PAM */
- 
--	sanitize_env ();
-+	/* sanitize_env (); */
- 
- 	(void) setlocale (LC_ALL, "");
- 	(void) bindtextdomain (PACKAGE, LOCALEDIR);
diff --git a/meta/recipes-extended/shadow/files/shadow.automake-1.11.patch b/meta/recipes-extended/shadow/files/shadow.automake-1.11.patch
deleted file mode 100644
index a793f09..0000000
--- a/meta/recipes-extended/shadow/files/shadow.automake-1.11.patch
+++ /dev/null
@@ -1,106 +0,0 @@ 
-# patch is from openembedded:
-#    commit 2db61370333f7a2fc1dbb86385734883387e0217
-#    Author: Martin Jansa <Martin.Jansa@gmail.com>
-#    Date:   Fri Apr 2 07:34:46 2010 +0200
-#
-#    shadow: fix do_install with automake-1.11
-#    
-#    Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
-#
-# comment added by Kevin Tian <kevin.tian@intel.com>
-
-man_nopan is for !USE_PAM already included in man_MANS and automake-1.11 hates to install some file twice
-
-Upstream-Status: Pending
-
-Signed-off-by: Scott Garman <scott.a.garman@intel.com>
-
-diff -uNr shadow-4.1.4.2.orig/man/Makefile.am shadow-4.1.4.2/man/Makefile.am
---- shadow-4.1.4.2.orig/man/Makefile.am	2009-03-14 15:40:10.000000000 +0100
-+++ shadow-4.1.4.2/man/Makefile.am	2010-04-02 07:31:17.000000000 +0200
-@@ -163,7 +163,6 @@
- 	$(man_MANS) \
- 	$(man_XMANS) \
- 	$(addprefix login.defs.d/,$(login_defs_v)) \
--	$(man_nopam) \
- 	id.1 \
- 	id.1.xml \
- 	sulogin.8 \
-diff -uNr shadow-4.1.4.2.orig/man/fr/Makefile.am shadow-4.1.4.2/man/fr/Makefile.am
---- shadow-4.1.4.2.orig/man/fr/Makefile.am	2008-09-06 18:44:45.000000000 +0200
-+++ shadow-4.1.4.2/man/fr/Makefile.am	2010-04-02 07:42:11.000000000 +0200
-@@ -52,7 +52,6 @@
- 
- EXTRA_DIST = \
- 	$(man_MANS) \
--	$(man_nopam) \
- 	id.1
- 
- include ../generate_translations.mak
-diff -uNr shadow-4.1.4.2.orig/man/it/Makefile.am shadow-4.1.4.2/man/it/Makefile.am
---- shadow-4.1.4.2.orig/man/it/Makefile.am	2008-09-06 18:44:45.000000000 +0200
-+++ shadow-4.1.4.2/man/it/Makefile.am	2010-04-02 07:42:20.000000000 +0200
-@@ -46,7 +46,6 @@
-                         
- EXTRA_DIST = \
- 	$(man_MANS) \
--	$(man_nopam) \
- 	id.1 \
- 	logoutd.8
- 
-diff -uNr shadow-4.1.4.2.orig/man/ja/Makefile.am shadow-4.1.4.2/man/ja/Makefile.am
---- shadow-4.1.4.2.orig/man/ja/Makefile.am	2007-12-31 17:48:28.000000000 +0100
-+++ shadow-4.1.4.2/man/ja/Makefile.am	2010-04-02 07:42:17.000000000 +0200
-@@ -49,7 +49,6 @@
- 
- EXTRA_DIST = \
- 	$(man_MANS) \
--	$(man_nopam) \
- 	id.1 \
- 	shadow.3 \
- 	sulogin.8
-diff -uNr shadow-4.1.4.2.orig/man/pl/Makefile.am shadow-4.1.4.2/man/pl/Makefile.am
---- shadow-4.1.4.2.orig/man/pl/Makefile.am	2008-09-06 18:44:45.000000000 +0200
-+++ shadow-4.1.4.2/man/pl/Makefile.am	2010-04-02 07:42:07.000000000 +0200
-@@ -49,7 +49,6 @@
- 
- EXTRA_DIST = \
- 	$(man_MANS) \
--	$(man_nopam) \
- 	getspnam.3 \
- 	id.1 \
- 	shadow.3 \
-diff -uNr shadow-4.1.4.2.orig/man/ru/Makefile.am shadow-4.1.4.2/man/ru/Makefile.am
---- shadow-4.1.4.2.orig/man/ru/Makefile.am	2010-04-02 07:39:00.000000000 +0200
-+++ shadow-4.1.4.2/man/ru/Makefile.am	2010-04-02 07:42:01.000000000 +0200
-@@ -54,7 +54,6 @@
- 
- EXTRA_DIST = \
- 	$(man_MANS) \
--	$(man_nopam) \
- 	id.1 \
- 	sulogin.8
- 
-diff -uNr shadow-4.1.4.2.orig/man/sv/Makefile.am shadow-4.1.4.2/man/sv/Makefile.am
---- shadow-4.1.4.2.orig/man/sv/Makefile.am	2008-09-06 18:44:45.000000000 +0200
-+++ shadow-4.1.4.2/man/sv/Makefile.am	2010-04-02 07:42:24.000000000 +0200
-@@ -53,8 +53,7 @@
- endif
- 
- EXTRA_DIST = \
--	$(man_MANS) \
--	$(man_nopam)
-+	$(man_MANS)
- 
- include ../generate_translations.mak
- 
---- shadow-4.1.4.2.orig/man/ru/Makefile.am	2010-04-02 07:54:09.000000000 +0200
-+++ shadow-4.1.4.2/man/ru/Makefile.am	2010-04-02 07:51:57.000000000 +0200
-@@ -1,7 +1,6 @@
- mandir = @mandir@/ru
- 
- man_MANS = \
--	$(man_nopam) \
- 	chage.1 \
- 	chfn.1 \
- 	chgpasswd.8 \
diff --git a/meta/recipes-extended/shadow/files/shadow_fix_for_automake-1.12.patch b/meta/recipes-extended/shadow/files/shadow_fix_for_automake-1.12.patch
deleted file mode 100644
index 6a27ed3..0000000
--- a/meta/recipes-extended/shadow/files/shadow_fix_for_automake-1.12.patch
+++ /dev/null
@@ -1,23 +0,0 @@ 
-Upstream-Status: pending
-
-Automake 1.12 has deprecated automatic de-ANSI-fication support
-
-This patch avoids this issue with automake 1.12:
-
-| configure.in:22: error: automatic de-ANSI-fication support has been removed
-
-Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com>
-2012/05/02
-
-Index: shadow-4.1.4.3/configure.in
-===================================================================
---- shadow-4.1.4.3.orig/configure.in
-+++ shadow-4.1.4.3/configure.in
-@@ -19,7 +19,6 @@ AC_PROG_CC
- AC_ISC_POSIX
- AC_PROG_LN_S
- AC_PROG_YACC
--AM_C_PROTOTYPES
- AM_PROG_LIBTOOL
- 
- dnl Checks for libraries.
diff --git a/meta/recipes-extended/shadow/files/slackware_fix_for_glib-2.17_crypt.patch b/meta/recipes-extended/shadow/files/slackware_fix_for_glib-2.17_crypt.patch
deleted file mode 100644
index 7cd45af..0000000
--- a/meta/recipes-extended/shadow/files/slackware_fix_for_glib-2.17_crypt.patch
+++ /dev/null
@@ -1,63 +0,0 @@ 
-
-This patch is from Slackware, I tried to find the actual
-author to add that attribution.  The comment below is the
-best summary, I will not repeat it here.
-
-Upstream-Status: Backport from slackware
-
-Signed-off-by: Saul Wold <sgw@linux.intel.com>
-
-Index: shadow-4.1.4.3/lib/encrypt.c
-===================================================================
---- shadow-4.1.4.3.orig/lib/encrypt.c
-+++ shadow-4.1.4.3/lib/encrypt.c
-@@ -45,15 +45,40 @@ char *pw_encrypt (const char *clear, con
- 	static char cipher[128];
- 	char *cp;
- 
--	cp = crypt (clear, salt);
--	if (!cp) {
--		/*
--		 * Single Unix Spec: crypt() may return a null pointer,
--		 * and set errno to indicate an error.  The caller doesn't
--		 * expect us to return NULL, so...
--		 */
--		perror ("crypt");
--		exit (EXIT_FAILURE);
-+ 	cp = crypt (clear, salt);
-+ 	if (!cp) {
-+ 		/*
-+		 * In glibc-2.17 and newer, crypt() will return NULL if
-+		 * it was called using an invalid salt format.  Previous
-+		 * versions of glibc would go ahead and compute a DES hash
-+		 * using the invalid salt.  The salt value in this case was
-+		 * always '!'.  We might arrive at this place if either the
-+		 * user does not exist, or if the hash in /etc/shadow doesn't
-+		 * have the proper magic for one of the supported hash
-+		 * formats (for example, if the account was locked using
-+		 * "passwd -l".  To handle this situation, we will recompute
-+		 * the hash using a hardcoded salt as was previously done
-+		 * by glibc.  The hash returned by the old glibc function
-+		 * always began with "!!", which would ensure that it could
-+		 * never match an otherwise valid hash in /etc/shadow that
-+		 * was disabled with a "!" at the beginning (since the second
-+		 * character would never be "!" as well), so we will also
-+		 * prepend the resulting hash with "!!".  Finally, in case
-+		 * crypt() failed for some other reason we will check to see
-+		 * if we still get NULL from crypt even with the valid salt
-+		 * and will fail if that's the case.
-+ 		 */
-+
-+		/* Recalculate hash using a hardcoded, valid SHA512 salt: */
-+		cp = crypt (clear, "$6$8IIcy/1EPOk/");
-+
-+		if (!cp) {
-+			perror ("crypt");
-+			exit (EXIT_FAILURE);
-+		} else {
-+			sprintf (cipher, "!!%s", cp);
-+			return cipher;
-+		}
- 	}
- 
- 	/* The GNU crypt does not return NULL if the algorithm is not
diff --git a/meta/recipes-extended/shadow/files/useradd.patch b/meta/recipes-extended/shadow/files/useradd.patch
deleted file mode 100644
index ff5016c..0000000
--- a/meta/recipes-extended/shadow/files/useradd.patch
+++ /dev/null
@@ -1,17 +0,0 @@ 
-Work around a bug introduced with the --root option which was causing
-all other arguments to be ignored.
-
-Upstream-Status: inappropriate
-Signed-off-by: Phil Blundell <philb@gnu.org>
-
---- a/src/useradd.c~	2011-09-01 15:36:40.398234861 +0100
-+++ b/src/useradd.c	2011-09-01 17:29:00.782004133 +0100
-@@ -1957,6 +1957,8 @@
- 
- 	get_defaults ();
- 
-+	optind = 1;
-+
- 	process_flags (argc, argv);
- 
- #ifdef ACCT_TOOLS_SETUID
diff --git a/meta/recipes-extended/shadow/files/usermod-fix-compilation-failure-with-subids-disabled.patch b/meta/recipes-extended/shadow/files/usermod-fix-compilation-failure-with-subids-disabled.patch
new file mode 100644
index 0000000..37dc153
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/usermod-fix-compilation-failure-with-subids-disabled.patch
@@ -0,0 +1,33 @@ 
+Upstream-Status: Pending
+
+usermod: fix compilation failure with subids disabled
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ src/usermod.c |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/usermod.c b/src/usermod.c
+index e7d4351..685b50a 100644
+--- a/src/usermod.c
++++ b/src/usermod.c
+@@ -1360,7 +1360,7 @@ static void process_flags (int argc, char **argv)
+ 		         Prog, (unsigned long) user_newid);
+ 		exit (E_UID_IN_USE);
+ 	}
+-
++#ifdef ENABLE_SUBIDS
+ 	if (   (vflg || Vflg)
+ 	    && !is_sub_uid) {
+ 		fprintf (stderr,
+@@ -1376,6 +1376,7 @@ static void process_flags (int argc, char **argv)
+ 		         Prog, sub_gid_dbname (), "-w", "-W");
+ 		exit (E_USAGE);
+ 	}
++#endif
+ }
+ 
+ /*
+-- 
+1.7.9.5
+
diff --git a/meta/recipes-extended/shadow/shadow-securetty_4.1.4.3.bb b/meta/recipes-extended/shadow/shadow-securetty_4.2.1.bb
similarity index 100%
rename from meta/recipes-extended/shadow/shadow-securetty_4.1.4.3.bb
rename to meta/recipes-extended/shadow/shadow-securetty_4.2.1.bb
diff --git a/meta/recipes-extended/shadow/shadow-sysroot_4.1.4.3.bb b/meta/recipes-extended/shadow/shadow-sysroot_4.2.1.bb
similarity index 100%
rename from meta/recipes-extended/shadow/shadow-sysroot_4.1.4.3.bb
rename to meta/recipes-extended/shadow/shadow-sysroot_4.2.1.bb
diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc
index 6848e05..d2f68f6 100644
--- a/meta/recipes-extended/shadow/shadow.inc
+++ b/meta/recipes-extended/shadow/shadow.inc
@@ -1,50 +1,38 @@ 
 SUMMARY = "Tools to change and administer password and group data"
 HOMEPAGE = "http://pkg-shadow.alioth.debian.org"
 BUGTRACKER = "https://alioth.debian.org/tracker/?group_id=30580"
-SECTION = "base utils"
+SECTION = "base/utils"
 LICENSE = "BSD | Artistic-1.0"
-LIC_FILES_CHKSUM = "file://COPYING;md5=08c553a87d4e51bbed50b20e0adcaede \
+LIC_FILES_CHKSUM = "file://COPYING;md5=ed80ff1c2b40843cf5768e5229cf16e5 \
                     file://src/passwd.c;beginline=8;endline=30;md5=d83888ea14ae61951982d77125947661"
 
 DEPENDS = "shadow-native"
 DEPENDS_class-native = ""
 DEPENDS_class-nativesdk = ""
 
-SRC_URI = "http://pkg-shadow.alioth.debian.org/releases/${BPN}-${PV}.tar.bz2 \
-           file://shadow.automake-1.11.patch \
-           file://shadow_fix_for_automake-1.12.patch \
+SRC_URI = "http://pkg-shadow.alioth.debian.org/releases/${BPN}-${PV}.tar.xz \
            file://shadow-4.1.3-dots-in-usernames.patch \
-           file://shadow-4.1.4.2-env-reset-keep-locale.patch \
+           file://usermod-fix-compilation-failure-with-subids-disabled.patch \
+           file://fix-installation-failure-with-subids-disabled.patch \
            ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \
            "
 
 SRC_URI_append_class-target = " \
            file://login_defs_pam.sed \
-           file://shadow-4.1.4.2-groupmod-pam-check.patch \
-           file://shadow-4.1.4.2-su_no_sanitize_env.patch \
            file://shadow-update-pam-conf.patch \
-           file://slackware_fix_for_glib-2.17_crypt.patch \
-           file://fix-etc-gshadow-reading.patch \
            "
 
 SRC_URI_append_class-native = " \
-           file://add_root_cmd_options.patch \
            file://disable-syslog.patch \
-           file://useradd.patch \
-           file://add_root_cmd_groupmems.patch \
            file://allow-for-setting-password-in-clear-text.patch \
+           file://commonio.c-fix-unexpected-open-failure-in-chroot-env.patch \
            "
 SRC_URI_append_class-nativesdk = " \
-           file://add_root_cmd_options.patch \
            file://disable-syslog.patch \
-           file://useradd.patch \
-           file://add_root_cmd_groupmems.patch \
            "
 
-SRC_URI[md5sum] = "b8608d8294ac88974f27b20f991c0e79"
-SRC_URI[sha256sum] = "633f5bb4ea0c88c55f3642c97f9d25cbef74f82e0b4cf8d54e7ad6f9f9caa778"
-
-PR = "r14"
+SRC_URI[md5sum] = "2bfafe7d4962682d31b5eba65dba4fc8"
+SRC_URI[sha256sum] = "3b0893d1476766868cd88920f4f1231c4795652aa407569faff802bcda0f3d41"
 
 # Additional Policy files for PAM
 PAM_SRC_URI = "file://pam.d/chfn \
@@ -61,6 +49,7 @@  EXTRA_OECONF += "--without-audit \
                  --without-libcrack \
                  --without-selinux \
                  --with-group-name-max-length=24 \
+                 --enable-subordinate-ids=no \
                  ${NSCDOPT}"
 
 NSCDOPT = ""
@@ -171,6 +160,6 @@  pkg_postinst_${PN} () {
 	  rootarg=""
 	fi
 
-	pwconv $rootarg
-	grpconv $rootarg
+	pwconv $rootarg || exit 1
+	grpconv $rootarg || exit 1
 }
diff --git a/meta/recipes-extended/shadow/shadow_4.1.4.3.bb b/meta/recipes-extended/shadow/shadow_4.2.1.bb
similarity index 100%
rename from meta/recipes-extended/shadow/shadow_4.1.4.3.bb
rename to meta/recipes-extended/shadow/shadow_4.2.1.bb