diff --git a/backport-CVE-2022-39377.patch b/backport-CVE-2022-39377.patch deleted file mode 100644 index ee6d64caee971ecbd7bffcaba3bc75b531404f80..0000000000000000000000000000000000000000 --- a/backport-CVE-2022-39377.patch +++ /dev/null @@ -1,87 +0,0 @@ -From 9c4eaf150662ad40607923389d4519bc83b93540 Mon Sep 17 00:00:00 2001 -From: Sebastien -Date: Sat, 15 Oct 2022 14:24:22 +0200 -Subject: [PATCH] Fix size_t overflow in sa_common.c (GHSL-2022-074) - -allocate_structures function located in sa_common.c insufficiently -checks bounds before arithmetic multiplication allowing for an -overflow in the size allocated for the buffer representing system -activities. - -This patch checks that the post-multiplied value is not greater than -UINT_MAX. - -Signed-off-by: Sebastien ---- - common.c | 25 +++++++++++++++++++++++++ - common.h | 2 ++ - sa_common.c | 6 ++++++ - 3 files changed, 33 insertions(+) - -diff --git a/common.c b/common.c -index 81c77624..1a84b052 100644 ---- a/common.c -+++ b/common.c -@@ -1655,4 +1655,29 @@ int parse_values(char *strargv, unsigned char bitmap[], int max_val, const char - - return 0; - } -+ -+/* -+ *************************************************************************** -+ * Check if the multiplication of the 3 values may be greater than UINT_MAX. -+ * -+ * IN: -+ * @val1 First value. -+ * @val2 Second value. -+ * @val3 Third value. -+ *************************************************************************** -+ */ -+void check_overflow(size_t val1, size_t val2, size_t val3) -+{ -+ if ((unsigned long long) val1 * -+ (unsigned long long) val2 * -+ (unsigned long long) val3 > UINT_MAX) { -+#ifdef DEBUG -+ fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n", -+ __FUNCTION__, -+ (unsigned long long) val1 * (unsigned long long) val2 * (unsigned long long) val3); -+#endif -+ exit(4); -+ } -+} -+ - #endif /* SOURCE_SADC undefined */ -diff --git a/common.h b/common.h -index 55b6657d..e8ab98ab 100644 ---- a/common.h -+++ b/common.h -@@ -260,6 +260,8 @@ int check_dir - (char *); - - #ifndef SOURCE_SADC -+void check_overflow -+ (size_t, size_t, size_t); - int count_bits - (void *, int); - int count_csvalues -diff --git a/sa_common.c b/sa_common.c -index 3699a840..b2cec4ad 100644 ---- a/sa_common.c -+++ b/sa_common.c -@@ -459,7 +459,13 @@ void allocate_structures(struct activity *act[]) - int i, j; - - for (i = 0; i < NR_ACT; i++) { -+ - if (act[i]->nr_ini > 0) { -+ -+ /* Look for a possible overflow */ -+ check_overflow((size_t) act[i]->msize, (size_t) act[i]->nr_ini, -+ (size_t) act[i]->nr2); -+ - for (j = 0; j < 3; j++) { - SREALLOC(act[i]->buf[j], void, - (size_t) act[i]->msize * (size_t) act[i]->nr_ini * (size_t) act[i]->nr2); - - diff --git a/sysstat-12.5.4.tar.gz b/sysstat-12.5.4.tar.gz deleted file mode 100644 index 4151cf3e6960dbb74d5d5b484a4c883544a664b3..0000000000000000000000000000000000000000 Binary files a/sysstat-12.5.4.tar.gz and /dev/null differ diff --git a/sysstat-12.6.2.tar.gz b/sysstat-12.6.2.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..21ce10e865d6175c22456bd827e785b539349449 Binary files /dev/null and b/sysstat-12.6.2.tar.gz differ diff --git a/sysstat.spec b/sysstat.spec index 3af5ba7068769046b919b8681903849fd0371b3c..eebc116994601fdeffa4ddcdd90df5566288b467 100644 --- a/sysstat.spec +++ b/sysstat.spec @@ -1,13 +1,11 @@ Name: sysstat -Version: 12.5.4 -Release: 5 +Version: 12.6.2 +Release: 1 Summary: System performance tools for the Linux operating system License: GPLv2+ URL: http://sebastien.godard.pagesperso-orange.fr/ Source0: https://github.com/sysstat/sysstat/archive/refs/tags/v%{version}/%{name}-%{version}.tar.gz -Patch0000: backport-CVE-2022-39377.patch - BuildRequires: gcc, gettext, lm_sensors-devel, systemd Requires: findutils, xz @@ -85,6 +83,9 @@ export compressafter="31" %{_mandir}/man*/* %changelog +* Fri Feb 03 2023 zhangpan - 12.6.2-1 +- update to 12.6.2 + * Fri Nov 25 2022 zhouwenpei - 12.5.4-5 - update Source0