6 changed files with 1 additions and 389 deletions
--- a/.sysstata.metadata
+++ b/.sysstata.metadata
--- a/SOURCES/0001-Add-more-overflow-checks.patch
+++ b/SOURCES/0001-Add-more-overflow-checks.patch
@ -1,234 +0,0 @@
 From c9a11d35df4aecfcf22aef827bac6cd57def9d4e Mon Sep 17 00:00:00 2001
 From: Sebastien GODARD <sysstat@users.noreply.github.com>
 Date: Sun, 23 Oct 2022 16:22:28 +0200
 Subject: [PATCH] Add more overflow checks
 Signed-off-by: Sebastien GODARD <sysstat@users.noreply.github.com>
 Cherry-picked-by: Lukáš Zaoral <lzaoral@redhat.com>
 Upstream-commit: c9a11d35df4aecfcf22aef827bac6cd57def9d4e
 ---
 diff --git a/common.c b/common.c
 index 1a84b052..27249772 100644
 --- a/common.c
 +++ b/common.c
@@ -274,6 +274,28 @@ void sysstat_panic(const char *function, int error_code)
 	exit(1);
 }
 +/*
 + * **************************************************************************
 + * Check if the multiplication of the 3 values may be greater than UINT_MAX.
 + *
 + * IN:
 + * @val1	First value.
 + * @val2	Second value.
 + * @val3	Third value.
 + ***************************************************************************
 + */
 +void check_overflow(unsigned long long val1, unsigned long long val2,
 +		    unsigned long long val3)
 +{
 +	if (val1 * val2 * val3 > UINT_MAX) {
 +#ifdef DEBUG
 +		fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n",
 +			__FUNCTION__, val1 * val2 * val3);
 +#endif
 +	exit(4);
 +		}
 +}
 +
 #ifndef SOURCE_SADC
 /*
  ***************************************************************************
@@ -1656,28 +1677,4 @@ int parse_values(char *strargv, unsigned char bitmap[], int max_val, const char
 	return 0;
 }
 -/*
 - ***************************************************************************
 - * Check if the multiplication of the 3 values may be greater than UINT_MAX.
 - *
 - * IN:
 - * @val1	First value.
 - * @val2	Second value.
 - * @val3	Third value.
 - ***************************************************************************
 - */
 -void check_overflow(size_t val1, size_t val2, size_t val3)
 -{
 -	if ((unsigned long long) val1 *
 -	    (unsigned long long) val2 *
 -	    (unsigned long long) val3 > UINT_MAX) {
 -#ifdef DEBUG
 -		fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n",
 -			__FUNCTION__,
 -			(unsigned long long) val1 * (unsigned long long) val2 *	(unsigned long long) val3);
 -#endif
 -	exit(4);
 -	}
 -}
 -
 #endif /* SOURCE_SADC undefined */
 diff --git a/common.h b/common.h
 index e8ab98ab..715b2da2 100644
 --- a/common.h
 +++ b/common.h
@@ -241,10 +241,10 @@ int is_device
 	(char *, int);
 void sysstat_panic
 	(const char *, int);
 +void check_overflow
 +	(unsigned long long, unsigned long long, unsigned long long);
 #ifndef SOURCE_SADC
 -void check_overflow
 -	(size_t, size_t, size_t);
 int count_bits
 	(void *, int);
 int count_csvalues
 diff --git a/sa_common.c b/sa_common.c
 index b2cec4ad..3460257a 100644
 --- a/sa_common.c
 +++ b/sa_common.c
@@ -463,8 +463,9 @@ void allocate_structures(struct activity *act[])
 		if (act[i]->nr_ini > 0) {
 			/* Look for a possible overflow */
 -			check_overflow((size_t) act[i]->msize, (size_t) act[i]->nr_ini,
 -				       (size_t) act[i]->nr2);
 +			check_overflow((unsigned long long) act[i]->msize,
 +				       (unsigned long long) act[i]->nr_ini,
 +				       (unsigned long long) act[i]->nr2);
 			for (j = 0; j < 3; j++) {
 				SREALLOC(act[i]->buf[j], void,
@@ -529,6 +530,10 @@ void reallocate_all_buffers(struct activity *a, __nr_t nr_min)
 		while (nr_realloc < nr_min);
 	}
 +	/* Look for a possible overflow */
 +	check_overflow((unsigned long long) a->msize, nr_realloc,
 +		       (unsigned long long) a->nr2);
 +
 	for (j = 0; j < 3; j++) {
 		SREALLOC(a->buf[j], void,
 			(size_t) a->msize * nr_realloc * (size_t) a->nr2);
 diff --git a/sadc.c b/sadc.c
 index 3458d089..123bf8e0 100644
 --- a/sadc.c
 +++ b/sadc.c
@@ -360,6 +360,12 @@ void sa_sys_init(void)
 		}
 		if (IS_COLLECTED(act[i]->options) && (act[i]->nr_ini > 0)) {
 +
 +			/* Look for a possible overflow */
 +			check_overflow((unsigned long long) act[i]->msize,
 +				       (unsigned long long) act[i]->nr_ini,
 +				       (unsigned long long) act[i]->nr2);
 +
 			/* Allocate structures for current activity (using nr_ini and nr2 results) */
 			SREALLOC(act[i]->_buf0, void,
 				 (size_t) act[i]->msize * (size_t) act[i]->nr_ini * (size_t) act[i]->nr2);
 -- 
 2.45.0
 From 44f1dc159242c1e434a3b836cda49f084c5a96cc Mon Sep 17 00:00:00 2001
 From: Sebastien GODARD <sysstat@users.noreply.github.com>
 Date: Sun, 6 Nov 2022 15:48:16 +0100
 Subject: [PATCH] Make sure values to be compared are unsigned integers
 It seems safer to make sure that input values are unsigned int before
 casting them to unsigned long long and making the comparison.
 Signed-off-by: Sebastien GODARD <sysstat@users.noreply.github.com>
 Cherry-picked-by: Lukáš Zaoral <lzaoral@redhat.com>
 Upstream-commit: 44f1dc159242c1e434a3b836cda49f084c5a96cc
 ---
 diff --git a/common.c b/common.c
 index 27249772..3b7fdcd5 100644
 --- a/common.c
 +++ b/common.c
@@ -425,13 +425,15 @@ int check_dir(char *dirname)
  * @val3	Third value.
  ***************************************************************************
  */
 -void check_overflow(unsigned long long val1, unsigned long long val2,
 -		    unsigned long long val3)
 +void check_overflow(unsigned int val1, unsigned int val2,
 +		    unsigned int val3)
 {
 -	if (val1 * val2 * val3 > UINT_MAX) {
 +	if ((unsigned long long) val1 * (unsigned long long) val2 *
 +	    (unsigned long long) val3 > UINT_MAX) {
 #ifdef DEBUG
 		fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n",
 -			__FUNCTION__, val1 * val2 * val3);
 +			__FUNCTION__, (unsigned long long) val1 * (unsigned long long) val2 *
 +			(unsigned long long) val3);
 #endif
 	exit(4);
 		}
 diff --git a/common.h b/common.h
 index 715b2da2..fc8a1a0d 100644
 --- a/common.h
 +++ b/common.h
@@ -241,7 +241,7 @@ int is_device
 void sysstat_panic
 	(const char *, int);
 void check_overflow
 -	(unsigned long long, unsigned long long, unsigned long long);
 +	(unsigned int, unsigned int, unsigned int);
 #ifndef SOURCE_SADC
 int count_bits
 diff --git a/sa_common.c b/sa_common.c
 index 3460257a..0ca8b039 100644
 --- a/sa_common.c
 +++ b/sa_common.c
@@ -463,9 +463,9 @@ void allocate_structures(struct activity *act[])
 		if (act[i]->nr_ini > 0) {
 			/* Look for a possible overflow */
 -			check_overflow((unsigned long long) act[i]->msize,
 -				       (unsigned long long) act[i]->nr_ini,
 -				       (unsigned long long) act[i]->nr2);
 +			check_overflow((unsigned int) act[i]->msize,
 +				       (unsigned int) act[i]->nr_ini,
 +				       (unsigned int) act[i]->nr2);
 			for (j = 0; j < 3; j++) {
 				SREALLOC(act[i]->buf[j], void,
@@ -531,8 +531,8 @@ void reallocate_all_buffers(struct activity *a, __nr_t nr_min)
 	}
 	/* Look for a possible overflow */
 -	check_overflow((unsigned long long) a->msize, nr_realloc,
 -		       (unsigned long long) a->nr2);
 +	check_overflow((unsigned int) a->msize, (unsigned int) nr_realloc,
 +		       (unsigned int) a->nr2);
 	for (j = 0; j < 3; j++) {
 		SREALLOC(a->buf[j], void,
 diff --git a/sadc.c b/sadc.c
 index 123bf8e0..40a1e15b 100644
 --- a/sadc.c
 +++ b/sadc.c
@@ -362,9 +362,9 @@ void sa_sys_init(void)
 		if (IS_COLLECTED(act[i]->options) && (act[i]->nr_ini > 0)) {
 			/* Look for a possible overflow */
 -			check_overflow((unsigned long long) act[i]->msize,
 -				       (unsigned long long) act[i]->nr_ini,
 -				       (unsigned long long) act[i]->nr2);
 +			check_overflow((unsigned int) act[i]->msize,
 +				       (unsigned int) act[i]->nr_ini,
 +				       (unsigned int) act[i]->nr2);
 			/* Allocate structures for current activity (using nr_ini and nr2 results) */
 			SREALLOC(act[i]->_buf0, void,
 -- 
 2.45.0
--- a/SOURCES/0001-mpstat-incorrect-cpu-usage-iowait.patch
+++ b/SOURCES/0001-mpstat-incorrect-cpu-usage-iowait.patch
@ -1,63 +0,0 @@
 From 1f5949d4a6fcb33065dbb1d509f356db039998ed Mon Sep 17 00:00:00 2001
 From: Sebastien GODARD <sysstat@users.noreply.github.com>
 Date: Wed, 2 Sep 2020 19:04:04 +0200
 Subject: [PATCH] Workaround for iowait being decremented
 The iowait value reported by the kernel on NO_HZ systems can decrement
 as a result of inaccurate iowait tracking. Waiting on IO can be first
 accounted as iowait but then instead as idle.
 Function get_per_cpu_interval() considers iowait going backwards between
 two readings as a CPU coming back online and resets the iowait value of
 the first reading to 0. If iowait is decremented only because of
 inaccurate tracking, this causes that almost all time between the two
 readings is incorrectly recognized by sar as being spent in iowait.
 The patch updates the code in get_per_cpu_interval() to recognize this
 situation. If the iowait value between two readings decremented but the
 idle value did not then the code now considers it as a problem with the
 iowait reporting and corrects the first value according to the second
 reading. Otherwise, the code remains treating decremented iowait as a
 CPU coming back online.
 Fixes #14.
 Signed-off-by: Sebastien GODARD <sysstat@users.noreply.github.com>
 ---
 rd_stats.c | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)
 diff --git a/rd_stats.c b/rd_stats.c
 index 56d42d00..fb93f23f 100644
 --- a/rd_stats.c
 +++ b/rd_stats.c
@@ -440,12 +440,26 @@ unsigned long long get_per_cpu_interval(struct stats_cpu *scc,
 	 * value was greater than ULLONG_MAX - 0x7ffff (the counter probably
 	 * overflew).
 	 */
 +	if ((scc->cpu_iowait < scp->cpu_iowait) && (scp->cpu_iowait < (ULLONG_MAX - 0x7ffff))) {
 +		/*
 +		 * The iowait value reported by the kernel can also decrement as
 +		 * a result of inaccurate iowait tracking. Waiting on IO can be
 +		 * first accounted as iowait but then instead as idle.
 +		 * Therefore if the idle value during the same period did not
 +		 * decrease then consider this is a problem with the iowait
 +		 * reporting and correct the previous value according to the new
 +		 * reading. Otherwise, treat this as CPU coming back online.
 +		 */
 +		if ((scc->cpu_idle > scp->cpu_idle) || (scp->cpu_idle >= (ULLONG_MAX - 0x7ffff))) {
 +			scp->cpu_iowait = scc->cpu_iowait;
 +		}
 +		else {
 +			scp->cpu_iowait = 0;
 +		}
 +	}
 	if ((scc->cpu_idle < scp->cpu_idle) && (scp->cpu_idle < (ULLONG_MAX - 0x7ffff))) {
 		scp->cpu_idle = 0;
 	}
 -	if ((scc->cpu_iowait < scp->cpu_iowait) && (scp->cpu_iowait < (ULLONG_MAX - 0x7ffff))) {
 -		scp->cpu_iowait = 0;
 -	}
 	/*
 	 * Don't take cpu_guest and cpu_guest_nice into account
--- a/SOURCES/0001-sa1-fix-sar-error-when-the-directory-var-log-sa-was-.patch
+++ b/SOURCES/0001-sa1-fix-sar-error-when-the-directory-var-log-sa-was-.patch
@ -1,28 +0,0 @@
 From 06e226703bee77e507f9f480807e230f677f0cb9 Mon Sep 17 00:00:00 2001
 From: Sdrkun <shanzhikun@gmail.com>
 Date: Tue, 28 Apr 2020 10:31:54 -0400
 Subject: [PATCH] sa1: fix sar error when the directory var/log/sa was removed.
 Signed-off-by: Sdrkun <shanzhikun@gmail.com>
 Cherry-picked-by: Lukáš Zaoral <lzaoral@redhat.com>
 Upstream-commit: 06e226703bee77e507f9f480807e230f677f0cb9
 ---
 sa1.in | 1 +
 1 file changed, 1 insertion(+)
 diff --git a/sa1.in b/sa1.in
 index e908ad33..e9047d06 100644
 --- a/sa1.in
 +++ b/sa1.in
@@ -16,6 +16,7 @@
 [ -r ${SYSCONFIG_DIR}/sysstat ] && . ${SYSCONFIG_DIR}/sysstat
 [ -d ${SA_DIR} ] || SA_DIR=@SA_DIR@
 +[ -d @SA_DIR@ ] || mkdir @SA_DIR@
 if [ ${HISTORY} -gt 28 ]
 then
 -- 
 2.43.0
--- a/SOURCES/CVE-2023-33204.patch
+++ b/SOURCES/CVE-2023-33204.patch
@ -1,38 +0,0 @@
 commit 6f8dc568e6ab072bb8205b732f04e685bf9237c0
 Merge: c43167cc 954ff2e2
 Author: Sebastien GODARD <sysstat@users.noreply.github.com>
 Date:   Wed May 17 21:10:31 2023 +0200
    Merge branch 'pkopylov-master'
    Signed-off-by: Sebastien GODARD <sysstat@users.noreply.github.com>
 diff --git a/common.c b/common.c
 index 48493b5f..0efe7ee3 100644
 --- a/common.c
 +++ b/common.c
@@ -431,15 +431,17 @@ int check_dir(char *dirname)
 void check_overflow(unsigned int val1, unsigned int val2,
 		    unsigned int val3)
 {
 -	if ((unsigned long long) val1 * (unsigned long long) val2 *
 -	    (unsigned long long) val3 > UINT_MAX) {
 +	if ((val1 != 0) && (val2 != 0) && (val3 != 0) &&
 +	    (((unsigned long long) UINT_MAX / (unsigned long long) val1 <
 +	      (unsigned long long) val2) ||
 +	     ((unsigned long long) UINT_MAX / ((unsigned long long) val1 * (unsigned long long) val2) <
 +	      (unsigned long long) val3))) {
 #ifdef DEBUG
 -		fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n",
 -			__FUNCTION__, (unsigned long long) val1 * (unsigned long long) val2 *
 -			(unsigned long long) val3);
 +		fprintf(stderr, "%s: Overflow detected (%u,%u,%u). Aborting...\n",
 +			__FUNCTION__, val1, val2, val3);
 #endif
 -	exit(4);
 -		}
 +		exit(4);
 +	}
 }
 #ifndef SOURCE_SADC
--- a/SPECS/sysstat.spec
+++ b/SPECS/sysstat.spec
@ -1,7 +1,7 @@
 Summary: Collection of performance monitoring tools for Linux
 Name: sysstat
 Version: 11.7.3
-Release: 13%{?dist}
+Release: 9%{?dist}
 License: GPLv2+
 Group: Applications/System
 URL: http://sebastien.godard.pagesperso-orange.fr/
@ -19,14 +19,6 @@ Patch04: 0001-sadf-Fix-seg-fault-on-empty-data-files.patch
 Patch05: 0001-sar-Fix-typo-in-manual-page.patch
 Patch06: CVE-2022-39377-arithmetic-overflow-in-allocate-structures-on-32-bit-systems.patch
 Patch07: 0001-sadc-Add-a-f-flag-to-force-fdatasync-use.patch
 Patch08: 0001-mpstat-incorrect-cpu-usage-iowait.patch
 Patch09: 0001-sa1-fix-sar-error-when-the-directory-var-log-sa-was-.patch
 # https://github.com/sysstat/sysstat/commit/c9a11d35df4aecfcf22aef827bac6cd57def9d4e
 # https://github.com/sysstat/sysstat/commit/44f1dc159242c1e434a3b836cda49f084c5a96cc
 Patch10: 0001-Add-more-overflow-checks.patch
 # https://github.com/sysstat/sysstat/commit/6f8dc568e6ab072bb8205b732f04e685bf9237c0
 Patch11: CVE-2023-33204.patch
 BuildRequires: gettext, lm_sensors-devel, systemd
@ -62,10 +54,6 @@ The cifsiostat command reports I/O statistics for CIFS file systems.
 %patch05 -p1
 %patch06 -p1
 %patch07 -p1
 %patch08 -p1
 %patch09 -p1
 %patch10 -p1
 %patch11 -p1
 %build
 export CFLAGS="$RPM_OPT_FLAGS -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld"
@ -114,19 +102,6 @@ fi
 %{_localstatedir}/log/sa
 %changelog
 * Tue May 07 2024 Lukáš Zaoral <lzaoral@redhat.com> - 11.7.3-13
 - fix memory allocation errors with malformed sa files (RHEL-35511)
 - reorder patches to prevent errors during their application
 * Wed Dec 13 2023 Lukáš Zaoral <lzaoral@redhat.com> - 11.7.3-12
 - fix sar error when the directory /var/log/sa was removed (RHEL-19301)
 * Fri Jul 07 2023 Pavel Šimovec <psimovec@redhat.com> - 11.7.3-11
 - fix the arithmetic overflow in allocate_structures() that is still possible on some 32 bit systems (CVE-2023-33204)
 * Thu Mar 16 2023 Lukáš Zaoral <lzaoral@redhat.com> - 11.7.3-10
 - Fix incorrect CPU usage on ALL CPU field for iowait in mpstat (#2178863)
 * Wed Dec 14 2022 Lukáš Zaoral <lzaoral@redhat.com> - 11.7.3-9
 - add -f flag to force fdatasync() after sa file update (#2153192)