From 917dd49009214870ed8c59c2c2e5ff5d84632f26 Mon Sep 17 00:00:00 2001 From: Zhao Hang Date: Mon, 22 Jul 2024 14:23:50 +0800 Subject: [PATCH 1/2] update to sysstat-11.7.3-13.src.rpm Signed-off-by: Zhao Hang --- 0001-Add-more-overflow-checks.patch | 234 ++++++++++++++++++ ...r-when-the-directory-var-log-sa-was-.patch | 28 +++ CVE-2023-33204.patch | 49 ++-- dist | 2 +- sysstat.spec | 38 +-- 5 files changed, 314 insertions(+), 37 deletions(-) create mode 100644 0001-Add-more-overflow-checks.patch create mode 100644 0001-sa1-fix-sar-error-when-the-directory-var-log-sa-was-.patch diff --git a/0001-Add-more-overflow-checks.patch b/0001-Add-more-overflow-checks.patch new file mode 100644 index 0000000..eaa9196 --- /dev/null +++ b/0001-Add-more-overflow-checks.patch @@ -0,0 +1,234 @@ +From c9a11d35df4aecfcf22aef827bac6cd57def9d4e Mon Sep 17 00:00:00 2001 +From: Sebastien GODARD +Date: Sun, 23 Oct 2022 16:22:28 +0200 +Subject: [PATCH] Add more overflow checks + +Signed-off-by: Sebastien GODARD + +Cherry-picked-by: Lukáš Zaoral +Upstream-commit: c9a11d35df4aecfcf22aef827bac6cd57def9d4e +--- +diff --git a/common.c b/common.c +index 1a84b052..27249772 100644 +--- a/common.c ++++ b/common.c +@@ -274,6 +274,28 @@ void sysstat_panic(const char *function, int error_code) + exit(1); + } + ++/* ++ * ************************************************************************** ++ * Check if the multiplication of the 3 values may be greater than UINT_MAX. ++ * ++ * IN: ++ * @val1 First value. ++ * @val2 Second value. ++ * @val3 Third value. ++ *************************************************************************** ++ */ ++void check_overflow(unsigned long long val1, unsigned long long val2, ++ unsigned long long val3) ++{ ++ if (val1 * val2 * val3 > UINT_MAX) { ++#ifdef DEBUG ++ fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n", ++ __FUNCTION__, val1 * val2 * val3); ++#endif ++ exit(4); ++ } ++} ++ + #ifndef SOURCE_SADC + /* + *************************************************************************** +@@ -1656,28 +1677,4 @@ int parse_values(char *strargv, unsigned char bitmap[], int max_val, const char + return 0; + } + +-/* +- *************************************************************************** +- * Check if the multiplication of the 3 values may be greater than UINT_MAX. +- * +- * IN: +- * @val1 First value. +- * @val2 Second value. +- * @val3 Third value. +- *************************************************************************** +- */ +-void check_overflow(size_t val1, size_t val2, size_t val3) +-{ +- if ((unsigned long long) val1 * +- (unsigned long long) val2 * +- (unsigned long long) val3 > UINT_MAX) { +-#ifdef DEBUG +- fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n", +- __FUNCTION__, +- (unsigned long long) val1 * (unsigned long long) val2 * (unsigned long long) val3); +-#endif +- exit(4); +- } +-} +- + #endif /* SOURCE_SADC undefined */ +diff --git a/common.h b/common.h +index e8ab98ab..715b2da2 100644 +--- a/common.h ++++ b/common.h +@@ -241,10 +241,10 @@ int is_device + (char *, int); + void sysstat_panic + (const char *, int); ++void check_overflow ++ (unsigned long long, unsigned long long, unsigned long long); + + #ifndef SOURCE_SADC +-void check_overflow +- (size_t, size_t, size_t); + int count_bits + (void *, int); + int count_csvalues +diff --git a/sa_common.c b/sa_common.c +index b2cec4ad..3460257a 100644 +--- a/sa_common.c ++++ b/sa_common.c +@@ -463,8 +463,9 @@ void allocate_structures(struct activity *act[]) + if (act[i]->nr_ini > 0) { + + /* Look for a possible overflow */ +- check_overflow((size_t) act[i]->msize, (size_t) act[i]->nr_ini, +- (size_t) act[i]->nr2); ++ check_overflow((unsigned long long) act[i]->msize, ++ (unsigned long long) act[i]->nr_ini, ++ (unsigned long long) act[i]->nr2); + + for (j = 0; j < 3; j++) { + SREALLOC(act[i]->buf[j], void, +@@ -529,6 +530,10 @@ void reallocate_all_buffers(struct activity *a, __nr_t nr_min) + while (nr_realloc < nr_min); + } + ++ /* Look for a possible overflow */ ++ check_overflow((unsigned long long) a->msize, nr_realloc, ++ (unsigned long long) a->nr2); ++ + for (j = 0; j < 3; j++) { + SREALLOC(a->buf[j], void, + (size_t) a->msize * nr_realloc * (size_t) a->nr2); +diff --git a/sadc.c b/sadc.c +index 3458d089..123bf8e0 100644 +--- a/sadc.c ++++ b/sadc.c +@@ -360,6 +360,12 @@ void sa_sys_init(void) + } + + if (IS_COLLECTED(act[i]->options) && (act[i]->nr_ini > 0)) { ++ ++ /* Look for a possible overflow */ ++ check_overflow((unsigned long long) act[i]->msize, ++ (unsigned long long) act[i]->nr_ini, ++ (unsigned long long) act[i]->nr2); ++ + /* Allocate structures for current activity (using nr_ini and nr2 results) */ + SREALLOC(act[i]->_buf0, void, + (size_t) act[i]->msize * (size_t) act[i]->nr_ini * (size_t) act[i]->nr2); +-- +2.45.0 + +From 44f1dc159242c1e434a3b836cda49f084c5a96cc Mon Sep 17 00:00:00 2001 +From: Sebastien GODARD +Date: Sun, 6 Nov 2022 15:48:16 +0100 +Subject: [PATCH] Make sure values to be compared are unsigned integers + +It seems safer to make sure that input values are unsigned int before +casting them to unsigned long long and making the comparison. + +Signed-off-by: Sebastien GODARD + +Cherry-picked-by: Lukáš Zaoral +Upstream-commit: 44f1dc159242c1e434a3b836cda49f084c5a96cc +--- +diff --git a/common.c b/common.c +index 27249772..3b7fdcd5 100644 +--- a/common.c ++++ b/common.c +@@ -425,13 +425,15 @@ int check_dir(char *dirname) + * @val3 Third value. + *************************************************************************** + */ +-void check_overflow(unsigned long long val1, unsigned long long val2, +- unsigned long long val3) ++void check_overflow(unsigned int val1, unsigned int val2, ++ unsigned int val3) + { +- if (val1 * val2 * val3 > UINT_MAX) { ++ if ((unsigned long long) val1 * (unsigned long long) val2 * ++ (unsigned long long) val3 > UINT_MAX) { + #ifdef DEBUG + fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n", +- __FUNCTION__, val1 * val2 * val3); ++ __FUNCTION__, (unsigned long long) val1 * (unsigned long long) val2 * ++ (unsigned long long) val3); + #endif + exit(4); + } +diff --git a/common.h b/common.h +index 715b2da2..fc8a1a0d 100644 +--- a/common.h ++++ b/common.h +@@ -241,7 +241,7 @@ int is_device + void sysstat_panic + (const char *, int); + void check_overflow +- (unsigned long long, unsigned long long, unsigned long long); ++ (unsigned int, unsigned int, unsigned int); + + #ifndef SOURCE_SADC + int count_bits +diff --git a/sa_common.c b/sa_common.c +index 3460257a..0ca8b039 100644 +--- a/sa_common.c ++++ b/sa_common.c +@@ -463,9 +463,9 @@ void allocate_structures(struct activity *act[]) + if (act[i]->nr_ini > 0) { + + /* Look for a possible overflow */ +- check_overflow((unsigned long long) act[i]->msize, +- (unsigned long long) act[i]->nr_ini, +- (unsigned long long) act[i]->nr2); ++ check_overflow((unsigned int) act[i]->msize, ++ (unsigned int) act[i]->nr_ini, ++ (unsigned int) act[i]->nr2); + + for (j = 0; j < 3; j++) { + SREALLOC(act[i]->buf[j], void, +@@ -531,8 +531,8 @@ void reallocate_all_buffers(struct activity *a, __nr_t nr_min) + } + + /* Look for a possible overflow */ +- check_overflow((unsigned long long) a->msize, nr_realloc, +- (unsigned long long) a->nr2); ++ check_overflow((unsigned int) a->msize, (unsigned int) nr_realloc, ++ (unsigned int) a->nr2); + + for (j = 0; j < 3; j++) { + SREALLOC(a->buf[j], void, +diff --git a/sadc.c b/sadc.c +index 123bf8e0..40a1e15b 100644 +--- a/sadc.c ++++ b/sadc.c +@@ -362,9 +362,9 @@ void sa_sys_init(void) + if (IS_COLLECTED(act[i]->options) && (act[i]->nr_ini > 0)) { + + /* Look for a possible overflow */ +- check_overflow((unsigned long long) act[i]->msize, +- (unsigned long long) act[i]->nr_ini, +- (unsigned long long) act[i]->nr2); ++ check_overflow((unsigned int) act[i]->msize, ++ (unsigned int) act[i]->nr_ini, ++ (unsigned int) act[i]->nr2); + + /* Allocate structures for current activity (using nr_ini and nr2 results) */ + SREALLOC(act[i]->_buf0, void, +-- +2.45.0 + diff --git a/0001-sa1-fix-sar-error-when-the-directory-var-log-sa-was-.patch b/0001-sa1-fix-sar-error-when-the-directory-var-log-sa-was-.patch new file mode 100644 index 0000000..e484681 --- /dev/null +++ b/0001-sa1-fix-sar-error-when-the-directory-var-log-sa-was-.patch @@ -0,0 +1,28 @@ +From 06e226703bee77e507f9f480807e230f677f0cb9 Mon Sep 17 00:00:00 2001 +From: Sdrkun +Date: Tue, 28 Apr 2020 10:31:54 -0400 +Subject: [PATCH] sa1: fix sar error when the directory var/log/sa was removed. + +Signed-off-by: Sdrkun + +Cherry-picked-by: Lukáš Zaoral +Upstream-commit: 06e226703bee77e507f9f480807e230f677f0cb9 +--- + sa1.in | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/sa1.in b/sa1.in +index e908ad33..e9047d06 100644 +--- a/sa1.in ++++ b/sa1.in +@@ -16,6 +16,7 @@ + + [ -r ${SYSCONFIG_DIR}/sysstat ] && . ${SYSCONFIG_DIR}/sysstat + [ -d ${SA_DIR} ] || SA_DIR=@SA_DIR@ ++[ -d @SA_DIR@ ] || mkdir @SA_DIR@ + + if [ ${HISTORY} -gt 28 ] + then +-- +2.43.0 + diff --git a/CVE-2023-33204.patch b/CVE-2023-33204.patch index c5afb4e..f9aa99d 100644 --- a/CVE-2023-33204.patch +++ b/CVE-2023-33204.patch @@ -1,23 +1,38 @@ -From 954ff2e2673cef48f0ed44668c466eab041db387 Mon Sep 17 00:00:00 2001 -From: Pavel Kopylov -Date: Wed, 17 May 2023 11:33:45 +0200 -Subject: [PATCH] Fix an overflow which is still possible for some values. +commit 6f8dc568e6ab072bb8205b732f04e685bf9237c0 +Merge: c43167cc 954ff2e2 +Author: Sebastien GODARD +Date: Wed May 17 21:10:31 2023 +0200 + + Merge branch 'pkopylov-master' + + Signed-off-by: Sebastien GODARD + diff --git a/common.c b/common.c -index 583a0ca..6d73b1b 100644 +index 48493b5f..0efe7ee3 100644 --- a/common.c +++ b/common.c -@@ -1639,9 +1639,11 @@ int parse_values(char *strargv, unsigned char bitmap[], int max_val, const char - */ - void check_overflow(size_t val1, size_t val2, size_t val3) +@@ -431,15 +431,17 @@ int check_dir(char *dirname) + void check_overflow(unsigned int val1, unsigned int val2, + unsigned int val3) { -- if ((unsigned long long) val1 * -- (unsigned long long) val2 * +- if ((unsigned long long) val1 * (unsigned long long) val2 * - (unsigned long long) val3 > UINT_MAX) { -+if ((val1 != 0) && (val2 != 0) && (val3 != 0) && -+ (((unsigned long long)UINT_MAX / (unsigned long long)val1 < -+ (unsigned long long)val2) || -+ ((unsigned long long)UINT_MAX / ((unsigned long long)val1 * -+ (unsigned long long)val2) < (unsigned long long)val3))) { ++ if ((val1 != 0) && (val2 != 0) && (val3 != 0) && ++ (((unsigned long long) UINT_MAX / (unsigned long long) val1 < ++ (unsigned long long) val2) || ++ ((unsigned long long) UINT_MAX / ((unsigned long long) val1 * (unsigned long long) val2) < ++ (unsigned long long) val3))) { #ifdef DEBUG - fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n", - __FUNCTION__, +- fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n", +- __FUNCTION__, (unsigned long long) val1 * (unsigned long long) val2 * +- (unsigned long long) val3); ++ fprintf(stderr, "%s: Overflow detected (%u,%u,%u). Aborting...\n", ++ __FUNCTION__, val1, val2, val3); + #endif +- exit(4); +- } ++ exit(4); ++ } + } + + #ifndef SOURCE_SADC diff --git a/dist b/dist index 9c0e36e..1fe92cf 100644 --- a/dist +++ b/dist @@ -1 +1 @@ -an8 +an8_10 diff --git a/sysstat.spec b/sysstat.spec index 24b1f62..21fe364 100644 --- a/sysstat.spec +++ b/sysstat.spec @@ -1,8 +1,7 @@ -%define anolis_release .0.1 Summary: Collection of performance monitoring tools for Linux Name: sysstat Version: 11.7.3 -Release: 11%{anolis_release}%{?dist} +Release: 13%{?dist} License: GPLv2+ Group: Applications/System URL: http://sebastien.godard.pagesperso-orange.fr/ @@ -21,7 +20,14 @@ Patch05: 0001-sar-Fix-typo-in-manual-page.patch Patch06: CVE-2022-39377-arithmetic-overflow-in-allocate-structures-on-32-bit-systems.patch Patch07: 0001-sadc-Add-a-f-flag-to-force-fdatasync-use.patch Patch08: 0001-mpstat-incorrect-cpu-usage-iowait.patch -Patch09: CVE-2023-33204.patch +Patch09: 0001-sa1-fix-sar-error-when-the-directory-var-log-sa-was-.patch + +# https://github.com/sysstat/sysstat/commit/c9a11d35df4aecfcf22aef827bac6cd57def9d4e +# https://github.com/sysstat/sysstat/commit/44f1dc159242c1e434a3b836cda49f084c5a96cc +Patch10: 0001-Add-more-overflow-checks.patch +# https://github.com/sysstat/sysstat/commit/6f8dc568e6ab072bb8205b732f04e685bf9237c0 +Patch11: CVE-2023-33204.patch + BuildRequires: gettext, lm_sensors-devel, systemd Requires: findutils, xz @@ -47,14 +53,6 @@ The mpstat command reports global and per-processor statistics. The pidstat command reports statistics for Linux tasks (processes). The cifsiostat command reports I/O statistics for CIFS file systems. -%package doc -Summary: Documents for %{name} -BuildArch: noarch -Requires: %{name} = %{version}-%{release} - -%description doc -Doc pages for %{name}. - %prep %setup -q %patch01 -p0 @@ -66,6 +64,8 @@ Doc pages for %{name}. %patch07 -p1 %patch08 -p1 %patch09 -p1 +%patch10 -p1 +%patch11 -p1 %build export CFLAGS="$RPM_OPT_FLAGS -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld" @@ -89,8 +89,6 @@ mkdir -p %{buildroot}%{_sysconfdir}/profile.d install -p -m 644 %{SOURCE10} %{buildroot}%{_sysconfdir}/profile.d install -p -m 644 %{SOURCE11} %{buildroot}%{_sysconfdir}/profile.d -rm -rf $RPM_BUILD_ROOT/%{_docdir}/%{name} - %post %systemd_post sysstat.service sysstat-collect.timer sysstat-summary.timer @@ -105,6 +103,7 @@ fi %systemd_postun sysstat.service sysstat-collect.timer sysstat-summary.timer %files -f %{name}.lang +%doc CHANGES COPYING CREDITS FAQ.md README.md %{name}-%{version}.lsm %config(noreplace) %{_sysconfdir}/sysconfig/sysstat %config(noreplace) %{_sysconfdir}/sysconfig/sysstat.ioconf %config(noreplace) %{_sysconfdir}/profile.d/* @@ -114,14 +113,15 @@ fi %{_mandir}/man*/* %{_localstatedir}/log/sa -%files doc -%doc CHANGES COPYING CREDITS FAQ.md README.md %{name}-%{version}.lsm - %changelog -* Mon Dec 11 2023 Hangbo Fan - 11.7.3-11.0.1 -- Add doc sub package +* Tue May 07 2024 Lukáš Zaoral - 11.7.3-13 +- fix memory allocation errors with malformed sa files (RHEL-35511) +- reorder patches to prevent errors during their application + +* Wed Dec 13 2023 Lukáš Zaoral - 11.7.3-12 +- fix sar error when the directory /var/log/sa was removed (RHEL-19301) -* Fri Jul 07 2023 psimovec - 11.7.3-11 +* Fri Jul 07 2023 Pavel Šimovec - 11.7.3-11 - fix the arithmetic overflow in allocate_structures() that is still possible on some 32 bit systems (CVE-2023-33204) * Thu Mar 16 2023 Lukáš Zaoral - 11.7.3-10 -- Gitee From 34797b6281463909a855b834ffe2cb4951a4e1a1 Mon Sep 17 00:00:00 2001 From: HangBo Fan Date: Tue, 19 Jul 2022 19:23:39 +0800 Subject: [PATCH 2/2] spec: add doc sub package --- sysstat.spec | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/sysstat.spec b/sysstat.spec index 21fe364..0b331b5 100644 --- a/sysstat.spec +++ b/sysstat.spec @@ -1,7 +1,8 @@ +%define anolis_release .0.1 Summary: Collection of performance monitoring tools for Linux Name: sysstat Version: 11.7.3 -Release: 13%{?dist} +Release: 13%{anolis_release}%{?dist} License: GPLv2+ Group: Applications/System URL: http://sebastien.godard.pagesperso-orange.fr/ @@ -53,6 +54,14 @@ The mpstat command reports global and per-processor statistics. The pidstat command reports statistics for Linux tasks (processes). The cifsiostat command reports I/O statistics for CIFS file systems. +%package doc +Summary: Documents for %{name} +BuildArch: noarch +Requires: %{name} = %{version}-%{release} + +%description doc +Doc pages for %{name}. + %prep %setup -q %patch01 -p0 @@ -89,6 +98,8 @@ mkdir -p %{buildroot}%{_sysconfdir}/profile.d install -p -m 644 %{SOURCE10} %{buildroot}%{_sysconfdir}/profile.d install -p -m 644 %{SOURCE11} %{buildroot}%{_sysconfdir}/profile.d +rm -rf $RPM_BUILD_ROOT/%{_docdir}/%{name} + %post %systemd_post sysstat.service sysstat-collect.timer sysstat-summary.timer @@ -103,7 +114,6 @@ fi %systemd_postun sysstat.service sysstat-collect.timer sysstat-summary.timer %files -f %{name}.lang -%doc CHANGES COPYING CREDITS FAQ.md README.md %{name}-%{version}.lsm %config(noreplace) %{_sysconfdir}/sysconfig/sysstat %config(noreplace) %{_sysconfdir}/sysconfig/sysstat.ioconf %config(noreplace) %{_sysconfdir}/profile.d/* @@ -113,7 +123,13 @@ fi %{_mandir}/man*/* %{_localstatedir}/log/sa +%files doc +%doc CHANGES COPYING CREDITS FAQ.md README.md %{name}-%{version}.lsm + %changelog +* Mon Jul 22 2024 Hangbo Fan - 11.7.3-13.0.1 +- Add doc sub package + * Tue May 07 2024 Lukáš Zaoral - 11.7.3-13 - fix memory allocation errors with malformed sa files (RHEL-35511) - reorder patches to prevent errors during their application -- Gitee