import sysstat-11.7.3-5.el8

This commit is contained in:
CentOS Sources 2021-03-30 14:36:17 -04:00 committed by Stepan Oksanichenko
parent 8705842fc9
commit 640394b54d
2 changed files with 57 additions and 1 deletions

View File

@ -0,0 +1,43 @@
--- sa_common.c
+++ sa_common.c
@@ -1249,6 +1249,11 @@
/* Remap [unsigned] long fields */
d = gtypes_nr[0] - ftypes_nr[0];
if (d) {
+
+ if (ftypes_nr[0] * ULL_ALIGNMENT_WIDTH < ftypes_nr[0])
+ /* Overflow */
+ return;
+
memmove(((char *) ps) + gtypes_nr[0] * ULL_ALIGNMENT_WIDTH,
((char *) ps) + ftypes_nr[0] * ULL_ALIGNMENT_WIDTH,
st_size - ftypes_nr[0] * ULL_ALIGNMENT_WIDTH);
@@ -1260,7 +1265,13 @@
/* Remap [unsigned] int fields */
d = gtypes_nr[1] - ftypes_nr[1];
if (d) {
- memmove(((char *) ps) + gtypes_nr[0] * ULL_ALIGNMENT_WIDTH
+
+ if (gtypes_nr[0] * ULL_ALIGNMENT_WIDTH +
+ ftypes_nr[1] * UL_ALIGNMENT_WIDTH < ftypes_nr[1])
+ /* Overflow */
+ return;
+
+ memmove(((char *) ps) + gtypes_nr[0] * ULL_ALIGNMENT_WIDTH
+ gtypes_nr[1] * UL_ALIGNMENT_WIDTH,
((char *) ps) + gtypes_nr[0] * ULL_ALIGNMENT_WIDTH
+ ftypes_nr[1] * UL_ALIGNMENT_WIDTH,
@@ -1275,6 +1286,13 @@
/* Remap possible fields (like strings of chars) following int fields */
d = gtypes_nr[2] - ftypes_nr[2];
if (d) {
+
+ if (gtypes_nr[0] * ULL_ALIGNMENT_WIDTH +
+ gtypes_nr[1] * UL_ALIGNMENT_WIDTH +
+ ftypes_nr[2] * U_ALIGNMENT_WIDTH < ftypes_nr[2])
+ /* Overflow */
+ return;
+
memmove(((char *) ps) + gtypes_nr[0] * ULL_ALIGNMENT_WIDTH
+ gtypes_nr[1] * UL_ALIGNMENT_WIDTH
+ gtypes_nr[2] * U_ALIGNMENT_WIDTH,

View File

@ -1,7 +1,7 @@
Summary: Collection of performance monitoring tools for Linux Summary: Collection of performance monitoring tools for Linux
Name: sysstat Name: sysstat
Version: 11.7.3 Version: 11.7.3
Release: 2%{?dist} Release: 5%{?dist}
License: GPLv2+ License: GPLv2+
Group: Applications/System Group: Applications/System
URL: http://sebastien.godard.pagesperso-orange.fr/ URL: http://sebastien.godard.pagesperso-orange.fr/
@ -11,6 +11,9 @@ Source: http://pagesperso-orange.fr/sebastien.godard/%{name}-%{version}.tar.xz
Source10: colorsysstat.csh Source10: colorsysstat.csh
Source11: colorsysstat.sh Source11: colorsysstat.sh
# Downstream patches
Patch01: CVE-2019-16167_memory-corruption-due-to-an-integer-overflow.patch
BuildRequires: gettext, lm_sensors-devel, systemd BuildRequires: gettext, lm_sensors-devel, systemd
Requires: findutils, xz Requires: findutils, xz
@ -38,6 +41,7 @@ The cifsiostat command reports I/O statistics for CIFS file systems.
%prep %prep
%setup -q %setup -q
%patch01 -p0
%build %build
export CFLAGS="$RPM_OPT_FLAGS -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld" export CFLAGS="$RPM_OPT_FLAGS -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld"
@ -86,6 +90,15 @@ fi
%{_localstatedir}/log/sa %{_localstatedir}/log/sa
%changelog %changelog
* Fri Jul 10 2020 Jan Macku <jamacku@redhat.com> - 11.7.3-5
- Rebuild
* Fri Apr 17 2020 Jan Macku <jamacku@redhat.com> - 11.7.3-4
- Package onboarded to gating
* Thu Feb 20 2020 Jan Macku <jamacku@redhat.com> - 11.7.3-3
- Fix memory corruption bug due to integer overflow (#1790608)
* Thu Oct 25 2018 Michal Sekletár <msekleta@redhat.com> - 11.7.3-2 * Thu Oct 25 2018 Michal Sekletár <msekleta@redhat.com> - 11.7.3-2
- sysstat's buildsystem doesn't really use LDFLAGS, we have to merge CFLAGS and LDFLAGS to get binaries with full RELRO (#1624177) - sysstat's buildsystem doesn't really use LDFLAGS, we have to merge CFLAGS and LDFLAGS to get binaries with full RELRO (#1624177)