import sysstat-11.7.3-9.el8

2023-03-28 13:16:41 +00:00 · 2023-03-28 13:16:41 +00:00 · 43f59f0e6a
commit 43f59f0e6a
parent b9c08b25e0
3 changed files with 197 additions and 1 deletions
--- a/SOURCES/0001-sadc-Add-a-f-flag-to-force-fdatasync-use.patch
+++ b/SOURCES/0001-sadc-Add-a-f-flag-to-force-fdatasync-use.patch
@ -0,0 +1,101 @@
 From 560d88cb5a16636acb0e350d6997fe915cc4253e Mon Sep 17 00:00:00 2001
 From: Kyle Walker <kwalker@redhat.com>
 Date: Wed, 30 Jan 2019 07:50:55 -0500
 Subject: [PATCH] sadc: Add a -f flag to force fdatasync() use
 For quite some time, the sadc utility has not used fdatasync() when writing
 stat information to disk. This resulted in instances where data files could
 be corrupted or entries lost if a system encountered a sudden reset
 condition. This change adds a "-f" flag which can be used to bring back the
 previous behaviour if end users require it.
 Note, the fdatasync() lowers the likelihood of lost data, but does so at
 the expense of performance within the write operation.
 ---
 man/sadc.in |  8 +++++++-
 sa.h        |  2 ++
 sadc.c      | 13 ++++++++++++-
 3 files changed, 21 insertions(+), 2 deletions(-)
 diff --git a/man/sadc.in b/man/sadc.in
 index 2d754b71..ce8ee230 100644
 --- a/man/sadc.in
 +++ b/man/sadc.in
@@ -4,7 +4,7 @@ sadc \- System activity data collector.
 .SH SYNOPSIS
 .B @SA_LIB_DIR@/sadc [ -C
 .I comment
 -.B ] [ -D ] [ -F ] [ -L ] [ -V ] [ -S { DISK | INT | IPV6 | POWER | SNMP | XDISK | ALL | XALL [,...] } ] [
 +.B ] [ -D ] [ -F ] [ -L ] [ -V ] [ -f ] [ -S { DISK | INT | IPV6 | POWER | SNMP | XDISK | ALL | XALL [,...] } ] [
 .I interval
 .B [
 .I count
@@ -106,6 +106,12 @@ then it will be truncated. This may be useful for daily data files
 created by an older version of
 .B sadc
 and whose format is no longer compatible with current one.
 +.IP -f
 +fdatasync() will be used to ensure data is written to disk. This differs
 +from the normal operation in that a sudden system reset is less likely to
 +result in the saDD datafiles being corrupted. However, this is at the
 +expense of performance within the sadc process as forward progress will be
 +blocked while data is written to underlying disk instead of just to cache.
 .IP -L
 .B sadc
 will try to get an exclusive lock on the
 diff --git a/sa.h b/sa.h
 index 1cd0c3d9..d3236f7c 100644
 --- a/sa.h
 +++ b/sa.h
@@ -110,5 +110,6 @@
 #define S_F_HUMAN_READ		0x01000000
 #define S_F_ZERO_OMIT		0x02000000
 +#define S_F_FDATASYNC		0x08000000
 #define WANT_SINCE_BOOT(m)		(((m) & S_F_SINCE_BOOT)   == S_F_SINCE_BOOT)
 #define WANT_SA_ROTAT(m)		(((m) & S_F_SA_ROTAT)     == S_F_SA_ROTAT)
@@ -138,5 +139,6 @@
 #define PACK_VIEWS(m)			(((m) & S_F_SVG_PACKED) == S_F_SVG_PACKED)
 #define DISPLAY_HUMAN_READ(m)		(((m) & S_F_HUMAN_READ) == S_F_HUMAN_READ)
 +#define FDATASYNC(m)			(((m) & S_F_FDATASYNC)    == S_F_FDATASYNC)
 #define AO_F_NULL		0x00000000
 diff --git a/sadc.c b/sadc.c
 index 826f4aed..139d490a 100644
 --- a/sadc.c
 +++ b/sadc.c
@@ -92,7 +92,7 @@ void usage(char *progname)
 		progname);
 	fprintf(stderr, _("Options are:\n"
 -			  "[ -C <comment> ] [ -D ] [ -F ] [ -L ] [ -V ]\n"
 +			  "[ -C <comment> ] [ -D ] [ -F ] [ -L ] [ -V ] [ -f ]\n"
 			  "[ -S { INT | DISK | IPV6 | POWER | SNMP | XDISK | ALL | XALL } ]\n"));
 	exit(1);
 }
@@ -1109,6 +1109,13 @@ void rw_sa_stat_loop(long count, int stdfd, int ofd, char ofile[],
 		/* Flush data */
 		fflush(stdout);
 +		if (FDATASYNC(flags)) {
 +			/* If indicated, sync the data to media */
 +			if (fdatasync(ofd) < 0) {
 +				perror("fdatasync");
 +				exit(4);
 +			}
 +		}
 		if (count > 0) {
 			count--;
@@ -1206,6 +1213,10 @@ int main(int argc, char **argv)
 			optz = 1;
 		}
 +		else if (!strcmp(argv[opt], "-f")) {
 +			flags |= S_F_FDATASYNC;
 +		}
 +
 		else if (!strcmp(argv[opt], "-C")) {
 			if (!argv[++opt]) {
 				usage(argv[0]);
--- a/SOURCES/CVE-2022-39377-arithmetic-overflow-in-allocate-structures-on-32-bit-systems.patch
+++ b/SOURCES/CVE-2022-39377-arithmetic-overflow-in-allocate-structures-on-32-bit-systems.patch
@ -0,0 +1,85 @@
 From 9c4eaf150662ad40607923389d4519bc83b93540 Mon Sep 17 00:00:00 2001
 From: Sebastien <seb@fedora-2.home>
 Date: Sat, 15 Oct 2022 14:24:22 +0200
 Subject: [PATCH] Fix size_t overflow in sa_common.c (GHSL-2022-074)
 allocate_structures function located in sa_common.c insufficiently
 checks bounds before arithmetic multiplication allowing for an
 overflow in the size allocated for the buffer representing system
 activities.
 This patch checks that the post-multiplied value is not greater than
 UINT_MAX.
 Signed-off-by: Sebastien <seb@fedora-2.home>
 ---
 common.c    | 25 +++++++++++++++++++++++++
 common.h    |  2 ++
 sa_common.c |  6 ++++++
 3 files changed, 33 insertions(+)
 diff --git a/common.c b/common.c
 index 81c77624..1a84b052 100644
 --- a/common.c
 +++ b/common.c
@@ -1655,4 +1655,29 @@ int parse_values(char *strargv, unsigned char bitmap[], int max_val, const char
 	return 0;
 }
 +
 +/*
 + ***************************************************************************
 + * Check if the multiplication of the 3 values may be greater than UINT_MAX.
 + *
 + * IN:
 + * @val1	First value.
 + * @val2	Second value.
 + * @val3	Third value.
 + ***************************************************************************
 + */
 +void check_overflow(size_t val1, size_t val2, size_t val3)
 +{
 +	if ((unsigned long long) val1 *
 +	    (unsigned long long) val2 *
 +	    (unsigned long long) val3 > UINT_MAX) {
 +#ifdef DEBUG
 +		fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n",
 +			__FUNCTION__,
 +			(unsigned long long) val1 * (unsigned long long) val2 *	(unsigned long long) val3);
 +#endif
 +	exit(4);
 +	}
 +}
 +
 #endif /* SOURCE_SADC undefined */
 diff --git a/common.h b/common.h
 index 55b6657d..e8ab98ab 100644
 --- a/common.h
 +++ b/common.h
@@ -260,6 +260,8 @@ int check_dir
 	(const char *, int);
 #ifndef SOURCE_SADC
 +void check_overflow
 +	(size_t, size_t, size_t);
 int count_bits
 	(void *, int);
 int count_csvalues
 diff --git a/sa_common.c b/sa_common.c
 index 3699a840..b2cec4ad 100644
 --- a/sa_common.c
 +++ b/sa_common.c
@@ -459,7 +459,13 @@ void allocate_structures(struct activity *act[])
 	int i, j;
 	for (i = 0; i < NR_ACT; i++) {
 +
 		if (act[i]->nr_ini > 0) {
 +
 +			/* Look for a possible overflow */
 +			check_overflow((size_t) act[i]->msize, (size_t) act[i]->nr_ini,
 +				       (size_t) act[i]->nr2);
 +
 			for (j = 0; j < 3; j++) {
 				SREALLOC(act[i]->buf[j], void,
 						(size_t) act[i]->msize * (size_t) act[i]->nr_ini * (size_t) act[i]->nr2);
--- a/SPECS/sysstat.spec
+++ b/SPECS/sysstat.spec
@ -1,7 +1,7 @@
 Summary: Collection of performance monitoring tools for Linux
 Name: sysstat
 Version: 11.7.3
-Release: 7%{?dist}
+Release: 9%{?dist}
 License: GPLv2+
 Group: Applications/System
 URL: http://sebastien.godard.pagesperso-orange.fr/
@ -17,6 +17,8 @@ Patch02: 0001-ignoring-autofs-as-real-filesystem-by-counting-numbe.patch
 Patch03: 0001-sar-Add-missing-gnice-CPU-value-for-tickless-CPU.patch
 Patch04: 0001-sadf-Fix-seg-fault-on-empty-data-files.patch
 Patch05: 0001-sar-Fix-typo-in-manual-page.patch
 Patch06: CVE-2022-39377-arithmetic-overflow-in-allocate-structures-on-32-bit-systems.patch
 Patch07: 0001-sadc-Add-a-f-flag-to-force-fdatasync-use.patch
 BuildRequires: gettext, lm_sensors-devel, systemd
@ -50,6 +52,8 @@ The cifsiostat command reports I/O statistics for CIFS file systems.
 %patch03 -p1
 %patch04 -p1
 %patch05 -p1
 %patch06 -p1
 %patch07 -p1
 %build
 export CFLAGS="$RPM_OPT_FLAGS -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld"
@ -98,6 +102,12 @@ fi
 %{_localstatedir}/log/sa
 %changelog
 * Wed Dec 14 2022 Lukáš Zaoral <lzaoral@redhat.com> - 11.7.3-9
 - add -f flag to force fdatasync() after sa file update (#2153192)
 * Thu Nov 10 2022 Lukáš Zaoral <lzaoral@redhat.com> - 11.7.3-8
 - arithmetic overflow in allocate_structures() on 32 bit systems (CVE-2022-39377)
 * Mon Nov 29 2021  <msekleta@redhat.com> - 11.7.3-7
 - Don't trigger autofs mounts when running sadc (#2000910)
 - sar: Add missing %gnice CPU value for tickless CPU (#2000916)