From 137bde0333fd1b8ef71fc79c840dd30582a712d6 Mon Sep 17 00:00:00 2001
From: Iker Pedrosa <ipedrosa@redhat.com>
Date: Sep 26 2022 07:24:59 +0000
Subject: useradd: Do not reset non-existent data in {last,fail}log


Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>

---

diff --git a/shadow-4.11.1-useradd-stop-last-fail-log-reset.patch b/shadow-4.11.1-useradd-stop-last-fail-log-reset.patch
new file mode 100644
index 0000000..8662672
--- /dev/null
+++ b/shadow-4.11.1-useradd-stop-last-fail-log-reset.patch
@@ -0,0 +1,42 @@
+From ebf9b232b012725d2be5e750876c7336cf1c37fd Mon Sep 17 00:00:00 2001
+From: David Kalnischkies <david@kalnischkies.de>
+Date: Wed, 24 Aug 2022 13:21:01 +0200
+Subject: [PATCH] useradd: Do not reset non-existent data in {last,fail}log
+
+useradd does not create the files if they don't exist, but if they exist
+it will reset user data even if the data did not exist before creating
+a hole and an explicitly zero'd data point resulting (especially for
+high UIDs) in a lot of zeros ending up in containers and tarballs.
+---
+ src/useradd.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/useradd.c b/src/useradd.c
+index 6eaeb533..39a744ee 100644
+--- a/src/useradd.c
++++ b/src/useradd.c
+@@ -1996,8 +1996,9 @@ static void faillog_reset (uid_t uid)
+ 	struct faillog fl;
+ 	int fd;
+ 	off_t offset_uid = (off_t) (sizeof fl) * uid;
++	struct stat st;
+ 
+-	if (access (FAILLOG_FILE, F_OK) != 0) {
++	if (stat (FAILLOG_FILE, &st) != 0 || st.st_size <= offset_uid) {
+ 		return;
+ 	}
+ 
+@@ -2033,8 +2034,9 @@ static void lastlog_reset (uid_t uid)
+ 	int fd;
+ 	off_t offset_uid = (off_t) (sizeof ll) * uid;
+ 	uid_t max_uid;
++	struct stat st;
+ 
+-	if (access (LASTLOG_FILE, F_OK) != 0) {
++	if (stat (LASTLOG_FILE, &st) != 0 || st.st_size <= offset_uid) {
+ 		return;
+ 	}
+ 
+-- 
+2.37.3
+
diff --git a/shadow-utils.spec b/shadow-utils.spec
index 1eba8b5..7a6eff7 100644
--- a/shadow-utils.spec
+++ b/shadow-utils.spec
@@ -1,7 +1,7 @@
 Summary: Utilities for managing accounts and shadow password files
 Name: shadow-utils
 Version: 4.11.1
-Release: 4%{?dist}
+Release: 5%{?dist}
 Epoch: 2
 License: BSD and GPLv2+
 URL: https://github.com/shadow-maint/shadow
@@ -49,6 +49,8 @@ Patch14: shadow-4.9-nss-get-shadow-logfd-with-log-get-logfd.patch
 Patch15: shadow-4.11.1-useradd-modify-check-ID-range-for-system-users.patch
 # https://github.com/shadow-maint/shadow/commit/3ec32f9975f262073f8fbdecd2bfaee4a1d3db48
 Patch16: shadow-4.11.1-subordinateio-also-compare-the-owner-ID.patch
+# https://github.com/shadow-maint/shadow/commit/ebf9b232b012725d2be5e750876c7336cf1c37fd
+Patch17: shadow-4.11.1-useradd-stop-last-fail-log-reset.patch
 
 ### Dependencies ###
 Requires: audit-libs >= 1.6.5
@@ -125,6 +127,7 @@ Development files for shadow-utils-subid.
 %patch14 -p1 -b .nss-get-shadow-logfd-with-log-get-logfd
 %patch15 -p1 -b .useradd-modify-check-ID-range-for-system-users
 %patch16 -p1 -b .subordinateio-also-compare-the-owner-ID
+%patch17 -p1 -b .useradd-stop-last-fail-log-reset
 
 iconv -f ISO88591 -t utf-8  doc/HOWTO > doc/HOWTO.utf8
 cp -f doc/HOWTO.utf8 doc/HOWTO
@@ -298,6 +301,9 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.a
 %{_libdir}/libsubid.so
 
 %changelog
+* Mon Sep 26 2022 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.11.1-5
+- useradd: Do not reset non-existent data in {last,fail}log
+
 * Wed Sep 14 2022 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.11.1-4
 - subordinateio: also compare the owner ID. Resolves: #2118227