useradd: Do not reset non-existent data in {last,fail}log

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>

shadow-4.12.3-useradd-stop-last-fail-log-reset.patch

@@ -0,0 +1,42 @@
+From ebf9b232b012725d2be5e750876c7336cf1c37fd Mon Sep 17 00:00:00 2001
+From: David Kalnischkies <david@kalnischkies.de>
+Date: Wed, 24 Aug 2022 13:21:01 +0200
+Subject: [PATCH] useradd: Do not reset non-existent data in {last,fail}log
+
+useradd does not create the files if they don't exist, but if they exist
+it will reset user data even if the data did not exist before creating
+a hole and an explicitly zero'd data point resulting (especially for
+high UIDs) in a lot of zeros ending up in containers and tarballs.
+---
+ src/useradd.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/useradd.c b/src/useradd.c
+index 6eaeb533..39a744ee 100644
+--- a/src/useradd.c
++++ b/src/useradd.c
+@@ -1996,8 +1996,9 @@ static void faillog_reset (uid_t uid)
+ 	struct faillog fl;
+ 	int fd;
+ 	off_t offset_uid = (off_t) (sizeof fl) * uid;
++	struct stat st;
+ 
+-	if (access (FAILLOG_FILE, F_OK) != 0) {
++	if (stat (FAILLOG_FILE, &st) != 0 || st.st_size <= offset_uid) {
+ 		return;
+ 	}
+ 
+@@ -2033,8 +2034,9 @@ static void lastlog_reset (uid_t uid)
+ 	int fd;
+ 	off_t offset_uid = (off_t) (sizeof ll) * uid;
+ 	uid_t max_uid;
++	struct stat st;
+ 
+-	if (access (LASTLOG_FILE, F_OK) != 0) {
++	if (stat (LASTLOG_FILE, &st) != 0 || st.st_size <= offset_uid) {
+ 		return;
+ 	}
+ 
+-- 
+2.37.3
+

shadow-utils.spec

@@ -1,7 +1,7 @@
 Summary: Utilities for managing accounts and shadow password files
 Name: shadow-utils
 Version: 4.12.3
-Release: 1%{?dist}
+Release: 2%{?dist}
 Epoch: 2
 License: BSD and GPLv2+
 URL: https://github.com/shadow-maint/shadow
@@ -19,7 +19,7 @@ Source6: shadow-utils.HOME_MODE.xml
 ### Patches ###
 # Misc small changes - most probably non-upstreamable
 Patch0: shadow-4.12.3-redhat.patch
-# Be more lenient with acceptable user/group names - non upstreamable
+# https://github.com/shadow-maint/shadow/commit/cfc981df2afc615e3792b918e9ee49e631b0a3a9
 Patch1: shadow-4.12.3-goodname.patch
 # SElinux related - upstreamability unknown
 Patch3: shadow-4.9-default-range.patch
@@ -43,6 +43,8 @@ Patch11: shadow-4.12.3-long-entry.patch
 Patch12: shadow-4.6-sysugid-min-limit.patch
 # Ignore LOGIN_PLAIN_PROMPT in login.defs - upstreamability unknown
 Patch13: shadow-4.8-ignore-login-prompt.patch
+# https://github.com/shadow-maint/shadow/commit/ebf9b232b012725d2be5e750876c7336cf1c37fd
+Patch14: shadow-4.12.3-useradd-stop-last-fail-log-reset.patch
 
 ### Dependencies ###
 Requires: audit-libs >= 1.6.5
@@ -116,6 +118,7 @@ Development files for shadow-utils-subid.
 %patch11 -p1 -b .long-entry
 %patch12 -p1 -b .sysugid-min-limit
 %patch13 -p1 -b .login-prompt
+%patch14 -p1 -b .useradd-stop-last-fail-log-reset
 
 iconv -f ISO88591 -t utf-8  doc/HOWTO > doc/HOWTO.utf8
 cp -f doc/HOWTO.utf8 doc/HOWTO
@@ -289,6 +292,9 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.a
 %{_libdir}/libsubid.so
 
 %changelog
+* Fri Sep  9 2022 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.12.3-2
+- useradd: Do not reset non-existent data in {last,fail}log
+
 * Mon Aug 22 2022 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.12.3-1
 - Rebase to version 4.12.3. Resolves: #2117809