From 840aa7a9802beba62660243aa767574479366e0e Mon Sep 17 00:00:00 2001
From: Johannes Schauer Marin Rodrigues <josch@debian.org>
Date: Tue, 6 Sep 2022 07:56:54 +0200
Subject: useradd: avoid creating several GB worth of sparse lastlog and
 faillog files

Closes: #1019245
---
 debian/changelog                                   |  6 ++++
 ..._lastlog_faillog_do_not_reset_non-existent_data | 37 ++++++++++++++++++++++
 debian/patches/series                              |  2 ++
 3 files changed, 45 insertions(+)
 create mode 100644 debian/patches/301_lastlog_faillog_do_not_reset_non-existent_data

diff --git a/debian/changelog b/debian/changelog
index 607477b3..d0806cc0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,8 +1,14 @@
 shadow (1:4.12.3+dfsg1-1) UNRELEASED; urgency=medium
 
+  [ Balint Reczey ]
   * New upstream release
   * Refresh patches
 
+  [ Johannes Schauer Marin Rodrigues ]
+  * useradd: cherry-pick patch from upstream to avoid creating several GB worth
+    of sparse lastlog and faillog files for users with high uid values
+    (Closes: #1019245)
+
  -- Balint Reczey <balint@balintreczey.hu>  Sat, 20 Aug 2022 18:18:43 +0200
 
 shadow (1:4.11.1+dfsg1-2) unstable; urgency=medium
diff --git a/debian/patches/301_lastlog_faillog_do_not_reset_non-existent_data b/debian/patches/301_lastlog_faillog_do_not_reset_non-existent_data
new file mode 100644
index 00000000..0e20995b
--- /dev/null
+++ b/debian/patches/301_lastlog_faillog_do_not_reset_non-existent_data
@@ -0,0 +1,37 @@
+From ebf9b232b012725d2be5e750876c7336cf1c37fd Mon Sep 17 00:00:00 2001
+From: David Kalnischkies <david@kalnischkies.de>
+Date: Wed, 24 Aug 2022 13:21:01 +0200
+Subject: [PATCH] useradd: Do not reset non-existent data in {last,fail}log
+
+useradd does not create the files if they don't exist, but if they exist
+it will reset user data even if the data did not exist before creating
+a hole and an explicitly zero'd data point resulting (especially for
+high UIDs) in a lot of zeros ending up in containers and tarballs.
+---
+ src/useradd.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/src/useradd.c
++++ b/src/useradd.c
+@@ -1997,8 +1997,9 @@ static void faillog_reset (uid_t uid)
+ 	struct faillog fl;
+ 	int fd;
+ 	off_t offset_uid = (off_t) (sizeof fl) * uid;
++	struct stat st;
+ 
+-	if (access (FAILLOG_FILE, F_OK) != 0) {
++	if (stat (FAILLOG_FILE, &st) != 0 || st.st_size <= offset_uid) {
+ 		return;
+ 	}
+ 
+@@ -2034,8 +2035,9 @@ static void lastlog_reset (uid_t uid)
+ 	int fd;
+ 	off_t offset_uid = (off_t) (sizeof ll) * uid;
+ 	uid_t max_uid;
++	struct stat st;
+ 
+-	if (access (LASTLOG_FILE, F_OK) != 0) {
++	if (stat (LASTLOG_FILE, &st) != 0 || st.st_size <= offset_uid) {
+ 		return;
+ 	}
+ 
diff --git a/debian/patches/series b/debian/patches/series
index b25583aa..6ecd3726 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -14,3 +14,5 @@
 463_login_delay_obeys_to_PAM
 505_useradd_recommend_adduser
 501_commonio_group_shadow
+
+301_lastlog_faillog_do_not_reset_non-existent_data
-- 
cgit v1.2.1