From e115bc8ecf84b089c7c36c425922dacb66dc165c Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Mar 30 2021 18:36:17 +0000 Subject: import sysstat-11.7.3-5.el8 --- diff --git a/SOURCES/CVE-2019-16167_memory-corruption-due-to-an-integer-overflow.patch b/SOURCES/CVE-2019-16167_memory-corruption-due-to-an-integer-overflow.patch new file mode 100644 index 0000000..ad739fd --- /dev/null +++ b/SOURCES/CVE-2019-16167_memory-corruption-due-to-an-integer-overflow.patch @@ -0,0 +1,43 @@ +--- sa_common.c ++++ sa_common.c +@@ -1249,6 +1249,11 @@ + /* Remap [unsigned] long fields */ + d = gtypes_nr[0] - ftypes_nr[0]; + if (d) { ++ ++ if (ftypes_nr[0] * ULL_ALIGNMENT_WIDTH < ftypes_nr[0]) ++ /* Overflow */ ++ return; ++ + memmove(((char *) ps) + gtypes_nr[0] * ULL_ALIGNMENT_WIDTH, + ((char *) ps) + ftypes_nr[0] * ULL_ALIGNMENT_WIDTH, + st_size - ftypes_nr[0] * ULL_ALIGNMENT_WIDTH); +@@ -1260,7 +1265,13 @@ + /* Remap [unsigned] int fields */ + d = gtypes_nr[1] - ftypes_nr[1]; + if (d) { +- memmove(((char *) ps) + gtypes_nr[0] * ULL_ALIGNMENT_WIDTH ++ ++ if (gtypes_nr[0] * ULL_ALIGNMENT_WIDTH + ++ ftypes_nr[1] * UL_ALIGNMENT_WIDTH < ftypes_nr[1]) ++ /* Overflow */ ++ return; ++ ++ memmove(((char *) ps) + gtypes_nr[0] * ULL_ALIGNMENT_WIDTH + + gtypes_nr[1] * UL_ALIGNMENT_WIDTH, + ((char *) ps) + gtypes_nr[0] * ULL_ALIGNMENT_WIDTH + + ftypes_nr[1] * UL_ALIGNMENT_WIDTH, +@@ -1275,6 +1286,13 @@ + /* Remap possible fields (like strings of chars) following int fields */ + d = gtypes_nr[2] - ftypes_nr[2]; + if (d) { ++ ++ if (gtypes_nr[0] * ULL_ALIGNMENT_WIDTH + ++ gtypes_nr[1] * UL_ALIGNMENT_WIDTH + ++ ftypes_nr[2] * U_ALIGNMENT_WIDTH < ftypes_nr[2]) ++ /* Overflow */ ++ return; ++ + memmove(((char *) ps) + gtypes_nr[0] * ULL_ALIGNMENT_WIDTH + + gtypes_nr[1] * UL_ALIGNMENT_WIDTH + + gtypes_nr[2] * U_ALIGNMENT_WIDTH, diff --git a/SPECS/sysstat.spec b/SPECS/sysstat.spec index b5bb77d..bebdb49 100644 --- a/SPECS/sysstat.spec +++ b/SPECS/sysstat.spec @@ -1,7 +1,7 @@ Summary: Collection of performance monitoring tools for Linux Name: sysstat Version: 11.7.3 -Release: 2%{?dist} +Release: 5%{?dist} License: GPLv2+ Group: Applications/System URL: http://sebastien.godard.pagesperso-orange.fr/ @@ -11,6 +11,9 @@ Source: http://pagesperso-orange.fr/sebastien.godard/%{name}-%{version}.tar.xz Source10: colorsysstat.csh Source11: colorsysstat.sh +# Downstream patches +Patch01: CVE-2019-16167_memory-corruption-due-to-an-integer-overflow.patch + BuildRequires: gettext, lm_sensors-devel, systemd Requires: findutils, xz @@ -38,6 +41,7 @@ The cifsiostat command reports I/O statistics for CIFS file systems. %prep %setup -q +%patch01 -p0 %build export CFLAGS="$RPM_OPT_FLAGS -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld" @@ -86,6 +90,15 @@ fi %{_localstatedir}/log/sa %changelog +* Fri Jul 10 2020 Jan Macku - 11.7.3-5 +- Rebuild + +* Fri Apr 17 2020 Jan Macku - 11.7.3-4 +- Package onboarded to gating + +* Thu Feb 20 2020 Jan Macku - 11.7.3-3 +- Fix memory corruption bug due to integer overflow (#1790608) + * Thu Oct 25 2018 Michal Sekletár - 11.7.3-2 - sysstat's buildsystem doesn't really use LDFLAGS, we have to merge CFLAGS and LDFLAGS to get binaries with full RELRO (#1624177)