From bceda2e6cf53c7a9a6e8446ff4da51fef4ec0e8f Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: May 09 2023 05:39:04 +0000 Subject: import procps-ng-3.3.17-11.el9 --- diff --git a/SOURCES/display-sig-unsafe.patch b/SOURCES/display-sig-unsafe.patch new file mode 100644 index 0000000..5109346 --- /dev/null +++ b/SOURCES/display-sig-unsafe.patch @@ -0,0 +1,44 @@ +diff -up ./ps/display.c.ori ./ps/display.c +--- ./ps/display.c.ori 2021-02-09 11:11:25.000000000 +0100 ++++ ./ps/display.c 2022-11-29 18:39:13.254573784 +0100 +@@ -44,6 +44,8 @@ + #define SIGCHLD SIGCLD + #endif + ++#define SIG_IS_TERM_OR_HUP(signo) (((signo) == SIGTERM) || (signo) == SIGHUP) ++ + char *myname; + + /* just reports a crash */ +@@ -54,20 +56,23 @@ static void signal_handler(int signo){ + sigprocmask(SIG_BLOCK, &ss, NULL); + if(signo==SIGPIPE) _exit(0); /* "ps | head" will cause this */ + /* fprintf() is not reentrant, but we _exit() anyway */ +- fprintf(stderr, +- _("Signal %d (%s) caught by %s (%s).\n"), +- signo, +- signal_number_to_name(signo), +- myname, +- PACKAGE_VERSION +- ); ++ if (!SIG_IS_TERM_OR_HUP(signo)) { ++ fprintf(stderr, ++ _("Signal %d (%s) caught by %s (%s).\n"), ++ signo, ++ signal_number_to_name(signo), ++ myname, ++ PACKAGE_VERSION ++ ); ++ } + switch (signo) { + case SIGHUP: + case SIGUSR1: + case SIGUSR2: + exit(EXIT_FAILURE); + default: +- error_at_line(0, 0, __FILE__, __LINE__, "%s", _("please report this bug")); ++ if (!SIG_IS_TERM_OR_HUP(signo)) ++ error_at_line(0, 0, __FILE__, __LINE__, "%s", _("please report this bug")); + signal(signo, SIG_DFL); /* allow core file creation */ + sigemptyset(&ss); + sigaddset(&ss, signo); diff --git a/SOURCES/ps-out-of-bonds-read.patch b/SOURCES/ps-out-of-bonds-read.patch new file mode 100644 index 0000000..a0030cb --- /dev/null +++ b/SOURCES/ps-out-of-bonds-read.patch @@ -0,0 +1,23 @@ +diff --git a/ps/display.c b/ps/display.c +index 1927fd6..e7ab351 100644 +--- a/ps/display.c ++++ b/ps/display.c +@@ -357,7 +357,7 @@ static void simple_spew(void){ + if (selection_list && selection_list->typecode == SEL_PID_QUICK) { + flags |= PROC_PID; + +- pidlist = (pid_t*) malloc(selection_list->n * sizeof(pid_t)); ++ pidlist = (pid_t*) malloc((selection_list->n + 1) * sizeof(pid_t)); + if (!pidlist) { + fprintf(stderr, _("error: not enough memory\n")); + exit(1); +@@ -366,6 +366,9 @@ static void simple_spew(void){ + for (i = 0; i < selection_list->n; i++) { + pidlist[i] = selection_list->u[selection_list->n-i-1].pid; + } ++ ++ // delimit the array with nul object (0); RHBZ#2153813 ++ pidlist[selection_list->n] = (pid_t)0; + } + + ptp = openproc(flags, pidlist); diff --git a/SPECS/procps-ng.spec b/SPECS/procps-ng.spec index 1fa0759..26f5efd 100644 --- a/SPECS/procps-ng.spec +++ b/SPECS/procps-ng.spec @@ -4,7 +4,7 @@ Summary: System and process monitoring utilities Name: procps-ng Version: 3.3.17 -Release: 8%{?dist} +Release: 11%{?dist} License: GPL+ and GPLv2 and GPLv2+ and GPLv3+ and LGPLv2+ URL: https://sourceforge.net/projects/procps-ng/ @@ -22,6 +22,8 @@ Patch4: free-new-used-calc.patch Patch5: sysctl-support-systemd-globs.patch Patch6: sysctl-print-dotted-keys-again.patch Patch7: pgrep-uid-gid-overflow-backport.patch +Patch8: display-sig-unsafe.patch +Patch9: ps-out-of-bonds-read.patch BuildRequires: make @@ -165,6 +167,18 @@ ln -s %{_bindir}/pidof %{buildroot}%{_sbindir}/pidof %files i18n -f %{name}.lang %changelog +* Thu Jan 26 2023 Jan Rybar - 3.3.17-11 +- version bump requested to create -devel subpkg for CRB inclusion +- Resolves: rhbz#2158253 + +* Wed Jan 18 2023 Jan Rybar - 3.3.17-10 +- ps: out-of-bonds read in quick mode +- Resolves: rhbz#2161648 + +* Tue Nov 29 2022 Jan Rybar - 3.3.17-9 +- display.c: backport: async-signal-unsafe handler deadlocks on SIGHUP +- Resolves: rhbz#2141697 + * Thu Aug 18 2022 Jan Rybar - 3.3.17-8 - pgrep: uid/gid overflow fix backport - Resolves: rhbz#2119083