From e17596bd99923bb8592f5534f50c1b453749d68e Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Thu, 2 Feb 2023 20:10:57 +0000 Subject: [PATCH] Auto sync2gitlab import of procps-ng-3.3.15-13.el8.src.rpm --- procps-ng-3.3.15-ps-out-of-bonds-read.patch | 23 +++++++++++++++++++++ procps-ng.spec | 11 +++++++++- 2 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 procps-ng-3.3.15-ps-out-of-bonds-read.patch diff --git a/procps-ng-3.3.15-ps-out-of-bonds-read.patch b/procps-ng-3.3.15-ps-out-of-bonds-read.patch new file mode 100644 index 0000000..a0030cb --- /dev/null +++ b/procps-ng-3.3.15-ps-out-of-bonds-read.patch @@ -0,0 +1,23 @@ +diff --git a/ps/display.c b/ps/display.c +index 1927fd6..e7ab351 100644 +--- a/ps/display.c ++++ b/ps/display.c +@@ -357,7 +357,7 @@ static void simple_spew(void){ + if (selection_list && selection_list->typecode == SEL_PID_QUICK) { + flags |= PROC_PID; + +- pidlist = (pid_t*) malloc(selection_list->n * sizeof(pid_t)); ++ pidlist = (pid_t*) malloc((selection_list->n + 1) * sizeof(pid_t)); + if (!pidlist) { + fprintf(stderr, _("error: not enough memory\n")); + exit(1); +@@ -366,6 +366,9 @@ static void simple_spew(void){ + for (i = 0; i < selection_list->n; i++) { + pidlist[i] = selection_list->u[selection_list->n-i-1].pid; + } ++ ++ // delimit the array with nul object (0); RHBZ#2153813 ++ pidlist[selection_list->n] = (pid_t)0; + } + + ptp = openproc(flags, pidlist); diff --git a/procps-ng.spec b/procps-ng.spec index 9b98f5a..fc85699 100644 --- a/procps-ng.spec +++ b/procps-ng.spec @@ -4,7 +4,7 @@ Summary: System and process monitoring utilities Name: procps-ng Version: 3.3.15 -Release: 11%{?dist} +Release: 13%{?dist} License: GPL+ and GPLv2 and GPLv2+ and GPLv3+ and LGPLv2+ Group: Applications/System URL: https://sourceforge.net/projects/procps-ng/ @@ -27,6 +27,7 @@ Patch8: procps-ng-3.3.15-sysctl-config-dir-order.patch Patch9: procps-ng-3.3.15-pgrep-uid-gid-overflow.patch Patch10: procps-ng-3.3.15-display-sig-unsafe.patch Patch11: procps-ng-3.3.15-ps-select.patch +Patch12: procps-ng-3.3.15-ps-out-of-bonds-read.patch BuildRequires: ncurses-devel BuildRequires: libtool @@ -169,6 +170,14 @@ ln -s %{_bindir}/pidof %{buildroot}%{_sbindir}/pidof %files i18n -f %{name}.lang %changelog +* Tue Jan 17 2023 Jan Rybar - 3.3.15-13 +- version bump requested to create -devel subpkg for CRB inclusion +- Resolves: rhbz#2164781 + +* Tue Jan 17 2023 Jan Rybar - 3.3.15-12 +- ps: out-of-bonds read in quick mode +- Resolves: rhbz#2153813 + * Tue Dec 13 2022 Kyle Walker - 3.3.15-11 - ps: revert increase command name length to 64 ____ (catch up) - Resolves: rhbz#2144978