2 files changed, 47 insertions, 0 deletions
diff --git a/meta/recipes-extended/shadow/files/0001-Do-not-read-login.defs-before-doing-chroot.patch b/meta/recipes-extended/shadow/files/0001-Do-not-read-login.defs-before-doing-chroot.patch
new file mode 100644
index 0000000000..828b95a572
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/0001-Do-not-read-login.defs-before-doing-chroot.patch
@@ -0,0 +1,46 @@
+From 170c25c8e0b5c3dc2615d1db94c8d24a13ff99bf Mon Sep 17 00:00:00 2001
+From: Peter Kjellerstedt <pkj@axis.com>
+Date: Thu, 11 Sep 2014 15:11:23 +0200
+Subject: [PATCH] Do not read login.defs before doing chroot()
+If "useradd --root <root> ..." was used, the login.defs file would still
+be read from /etc/login.defs instead of <root>/etc/login.defs. This was
+due to getdef_ulong() being called before process_root_flag().
+Upstream-Status: Submitted [http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/2014-September/010446.html]
+Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
+---
+ src/useradd.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+diff --git a/src/useradd.c b/src/useradd.c
+index a8a1f76..e1ebf50 100644
+--- a/src/useradd.c
+++ b/src/useradd.c
+@@ -1993,9 +1993,11 @@ int main (int argc, char **argv)
+ #endif                         /* USE_PAM */
+ #endif                         /* ACCT_TOOLS_SETUID */
+ 
+#ifdef ENABLE_SUBIDS
+        /* Needed for userns check */
+-       uid_t uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL);
+-       uid_t uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
+       uid_t uid_min;
+       uid_t uid_max;
+#endif
+ 
+        /*
+         * Get my name so that I can use it to report errors.
+@@ -2026,6 +2028,8 @@ int main (int argc, char **argv)
+        is_shadow_grp = sgr_file_present ();
+ #endif
+ #ifdef ENABLE_SUBIDS
+       uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL);
+       uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
+        is_sub_uid = sub_uid_file_present () && !rflg &&
+            (!user_id || (user_id <= uid_max && user_id >= uid_min));
+        is_sub_gid = sub_gid_file_present () && !rflg &&
+-- 
+1.9.0
diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc
index 84d1f864b7..6a769dfc5c 100644
--- a/meta/recipes-extended/shadow/shadow.inc
+++ b/meta/recipes-extended/shadow/shadow.inc
@@ -15,6 +15,7 @@ SRC_URI = "http://pkg-shadow.alioth.debian.org/releases/${BPN}-${PV}.tar.xz \
           file://usermod-fix-compilation-failure-with-subids-disabled.patch \
           file://fix-installation-failure-with-subids-disabled.patch \
           file://0001-su.c-fix-to-exec-command-correctly.patch \
+           file://0001-Do-not-read-login.defs-before-doing-chroot.patch \
           ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \
           "

diff --git a/meta/recipes-extended/shadow/files/0001-Do-not-read-login.defs-before-doing-chroot.patch b/meta/recipes-extended/shadow/files/0001-Do-not-read-login.defs-before-doing-chroot.patch new file mode 100644 index 0000000000..828b95a572 --- /dev/null +++ b/meta/recipes-extended/shadow/files/0001-Do-not-read-login.defs-before-doing-chroot.patch
@@ -0,0 +1,46 @@
		1	From 170c25c8e0b5c3dc2615d1db94c8d24a13ff99bf Mon Sep 17 00:00:00 2001
		2	From: Peter Kjellerstedt <pkj@axis.com>
		3	Date: Thu, 11 Sep 2014 15:11:23 +0200
		4	Subject: [PATCH] Do not read login.defs before doing chroot()
		5
		6	If "useradd --root <root> ..." was used, the login.defs file would still
		7	be read from /etc/login.defs instead of <root>/etc/login.defs. This was
		8	due to getdef_ulong() being called before process_root_flag().
		9
		10	Upstream-Status: Submitted [http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/2014-September/010446.html]
		11
		12	Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
		13	---
		14	src/useradd.c \| 8 ++++++--
		15	1 file changed, 6 insertions(+), 2 deletions(-)
		16
		17	diff --git a/src/useradd.c b/src/useradd.c
		18	index a8a1f76..e1ebf50 100644
		19	--- a/src/useradd.c
		20	+++ b/src/useradd.c
		21	@@ -1993,9 +1993,11 @@ int main (int argc, char **argv)
		22	#endif /* USE_PAM */
		23	#endif /* ACCT_TOOLS_SETUID */
		24
		25	+#ifdef ENABLE_SUBIDS
		26	/* Needed for userns check */
		27	- uid_t uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL);
		28	- uid_t uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
		29	+ uid_t uid_min;
		30	+ uid_t uid_max;
		31	+#endif
		32
		33	/*
		34	* Get my name so that I can use it to report errors.
		35	@@ -2026,6 +2028,8 @@ int main (int argc, char **argv)
		36	is_shadow_grp = sgr_file_present ();
		37	#endif
		38	#ifdef ENABLE_SUBIDS
		39	+ uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL);
		40	+ uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
		41	is_sub_uid = sub_uid_file_present () && !rflg &&
		42	(!user_id \|\| (user_id <= uid_max && user_id >= uid_min));
		43	is_sub_gid = sub_gid_file_present () && !rflg &&
		44	--
		45	1.9.0
		46


diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc index 84d1f864b7..6a769dfc5c 100644 --- a/meta/recipes-extended/shadow/shadow.inc +++ b/meta/recipes-extended/shadow/shadow.inc
@@ -15,6 +15,7 @@ SRC_URI = "http://pkg-shadow.alioth.debian.org/releases/${BPN}-${PV}.tar.xz \
15	file://usermod-fix-compilation-failure-with-subids-disabled.patch \	15	file://usermod-fix-compilation-failure-with-subids-disabled.patch \
16	file://fix-installation-failure-with-subids-disabled.patch \	16	file://fix-installation-failure-with-subids-disabled.patch \
17	file://0001-su.c-fix-to-exec-command-correctly.patch \	17	file://0001-su.c-fix-to-exec-command-correctly.patch \
		18	file://0001-Do-not-read-login.defs-before-doing-chroot.patch \
18	${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \	19	${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \
19	"	20	"
20		21