.gitignore

@@ -1 +1 @@
-/sysstat-11.7.3.tar.xz
+SOURCES/sysstat-11.7.3.tar.xz

0001-Add-more-overflow-checks.patch

@@ -1,234 +0,0 @@
-From c9a11d35df4aecfcf22aef827bac6cd57def9d4e Mon Sep 17 00:00:00 2001
-From: Sebastien GODARD <sysstat@users.noreply.github.com>
-Date: Sun, 23 Oct 2022 16:22:28 +0200
-Subject: [PATCH] Add more overflow checks
-
-Signed-off-by: Sebastien GODARD <sysstat@users.noreply.github.com>
-
-Cherry-picked-by: Lukáš Zaoral <lzaoral@redhat.com>
-Upstream-commit: c9a11d35df4aecfcf22aef827bac6cd57def9d4e
----
-diff --git a/common.c b/common.c
-index 1a84b052..27249772 100644
---- a/common.c
-+++ b/common.c
-@@ -274,6 +274,28 @@ void sysstat_panic(const char *function, int error_code)
- 	exit(1);
- }
- 
-+/*
-+ * **************************************************************************
-+ * Check if the multiplication of the 3 values may be greater than UINT_MAX.
-+ *
-+ * IN:
-+ * @val1	First value.
-+ * @val2	Second value.
-+ * @val3	Third value.
-+ ***************************************************************************
-+ */
-+void check_overflow(unsigned long long val1, unsigned long long val2,
-+		    unsigned long long val3)
-+{
-+	if (val1 * val2 * val3 > UINT_MAX) {
-+#ifdef DEBUG
-+		fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n",
-+			__FUNCTION__, val1 * val2 * val3);
-+#endif
-+	exit(4);
-+		}
-+}
-+
- #ifndef SOURCE_SADC
- /*
-  ***************************************************************************
-@@ -1656,28 +1677,4 @@ int parse_values(char *strargv, unsigned char bitmap[], int max_val, const char
- 	return 0;
- }
- 
--/*
-- ***************************************************************************
-- * Check if the multiplication of the 3 values may be greater than UINT_MAX.
-- *
-- * IN:
-- * @val1	First value.
-- * @val2	Second value.
-- * @val3	Third value.
-- ***************************************************************************
-- */
--void check_overflow(size_t val1, size_t val2, size_t val3)
--{
--	if ((unsigned long long) val1 *
--	    (unsigned long long) val2 *
--	    (unsigned long long) val3 > UINT_MAX) {
--#ifdef DEBUG
--		fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n",
--			__FUNCTION__,
--			(unsigned long long) val1 * (unsigned long long) val2 *	(unsigned long long) val3);
--#endif
--	exit(4);
--	}
--}
--
- #endif /* SOURCE_SADC undefined */
-diff --git a/common.h b/common.h
-index e8ab98ab..715b2da2 100644
---- a/common.h
-+++ b/common.h
-@@ -241,10 +241,10 @@ int is_device
- 	(char *, int);
- void sysstat_panic
- 	(const char *, int);
-+void check_overflow
-+	(unsigned long long, unsigned long long, unsigned long long);
- 
- #ifndef SOURCE_SADC
--void check_overflow
--	(size_t, size_t, size_t);
- int count_bits
- 	(void *, int);
- int count_csvalues
-diff --git a/sa_common.c b/sa_common.c
-index b2cec4ad..3460257a 100644
---- a/sa_common.c
-+++ b/sa_common.c
-@@ -463,8 +463,9 @@ void allocate_structures(struct activity *act[])
- 		if (act[i]->nr_ini > 0) {
- 
- 			/* Look for a possible overflow */
--			check_overflow((size_t) act[i]->msize, (size_t) act[i]->nr_ini,
--				       (size_t) act[i]->nr2);
-+			check_overflow((unsigned long long) act[i]->msize,
-+				       (unsigned long long) act[i]->nr_ini,
-+				       (unsigned long long) act[i]->nr2);
- 
- 			for (j = 0; j < 3; j++) {
- 				SREALLOC(act[i]->buf[j], void,
-@@ -529,6 +530,10 @@ void reallocate_all_buffers(struct activity *a, __nr_t nr_min)
- 		while (nr_realloc < nr_min);
- 	}
- 
-+	/* Look for a possible overflow */
-+	check_overflow((unsigned long long) a->msize, nr_realloc,
-+		       (unsigned long long) a->nr2);
-+
- 	for (j = 0; j < 3; j++) {
- 		SREALLOC(a->buf[j], void,
- 			(size_t) a->msize * nr_realloc * (size_t) a->nr2);
-diff --git a/sadc.c b/sadc.c
-index 3458d089..123bf8e0 100644
---- a/sadc.c
-+++ b/sadc.c
-@@ -360,6 +360,12 @@ void sa_sys_init(void)
- 		}
- 
- 		if (IS_COLLECTED(act[i]->options) && (act[i]->nr_ini > 0)) {
-+
-+			/* Look for a possible overflow */
-+			check_overflow((unsigned long long) act[i]->msize,
-+				       (unsigned long long) act[i]->nr_ini,
-+				       (unsigned long long) act[i]->nr2);
-+
- 			/* Allocate structures for current activity (using nr_ini and nr2 results) */
- 			SREALLOC(act[i]->_buf0, void,
- 				 (size_t) act[i]->msize * (size_t) act[i]->nr_ini * (size_t) act[i]->nr2);
--- 
-2.45.0
-
-From 44f1dc159242c1e434a3b836cda49f084c5a96cc Mon Sep 17 00:00:00 2001
-From: Sebastien GODARD <sysstat@users.noreply.github.com>
-Date: Sun, 6 Nov 2022 15:48:16 +0100
-Subject: [PATCH] Make sure values to be compared are unsigned integers
-
-It seems safer to make sure that input values are unsigned int before
-casting them to unsigned long long and making the comparison.
-
-Signed-off-by: Sebastien GODARD <sysstat@users.noreply.github.com>
-
-Cherry-picked-by: Lukáš Zaoral <lzaoral@redhat.com>
-Upstream-commit: 44f1dc159242c1e434a3b836cda49f084c5a96cc
----
-diff --git a/common.c b/common.c
-index 27249772..3b7fdcd5 100644
---- a/common.c
-+++ b/common.c
-@@ -425,13 +425,15 @@ int check_dir(char *dirname)
-  * @val3	Third value.
-  ***************************************************************************
-  */
--void check_overflow(unsigned long long val1, unsigned long long val2,
--		    unsigned long long val3)
-+void check_overflow(unsigned int val1, unsigned int val2,
-+		    unsigned int val3)
- {
--	if (val1 * val2 * val3 > UINT_MAX) {
-+	if ((unsigned long long) val1 * (unsigned long long) val2 *
-+	    (unsigned long long) val3 > UINT_MAX) {
- #ifdef DEBUG
- 		fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n",
--			__FUNCTION__, val1 * val2 * val3);
-+			__FUNCTION__, (unsigned long long) val1 * (unsigned long long) val2 *
-+			(unsigned long long) val3);
- #endif
- 	exit(4);
- 		}
-diff --git a/common.h b/common.h
-index 715b2da2..fc8a1a0d 100644
---- a/common.h
-+++ b/common.h
-@@ -241,7 +241,7 @@ int is_device
- void sysstat_panic
- 	(const char *, int);
- void check_overflow
--	(unsigned long long, unsigned long long, unsigned long long);
-+	(unsigned int, unsigned int, unsigned int);
- 
- #ifndef SOURCE_SADC
- int count_bits
-diff --git a/sa_common.c b/sa_common.c
-index 3460257a..0ca8b039 100644
---- a/sa_common.c
-+++ b/sa_common.c
-@@ -463,9 +463,9 @@ void allocate_structures(struct activity *act[])
- 		if (act[i]->nr_ini > 0) {
- 
- 			/* Look for a possible overflow */
--			check_overflow((unsigned long long) act[i]->msize,
--				       (unsigned long long) act[i]->nr_ini,
--				       (unsigned long long) act[i]->nr2);
-+			check_overflow((unsigned int) act[i]->msize,
-+				       (unsigned int) act[i]->nr_ini,
-+				       (unsigned int) act[i]->nr2);
- 
- 			for (j = 0; j < 3; j++) {
- 				SREALLOC(act[i]->buf[j], void,
-@@ -531,8 +531,8 @@ void reallocate_all_buffers(struct activity *a, __nr_t nr_min)
- 	}
- 
- 	/* Look for a possible overflow */
--	check_overflow((unsigned long long) a->msize, nr_realloc,
--		       (unsigned long long) a->nr2);
-+	check_overflow((unsigned int) a->msize, (unsigned int) nr_realloc,
-+		       (unsigned int) a->nr2);
- 
- 	for (j = 0; j < 3; j++) {
- 		SREALLOC(a->buf[j], void,
-diff --git a/sadc.c b/sadc.c
-index 123bf8e0..40a1e15b 100644
---- a/sadc.c
-+++ b/sadc.c
-@@ -362,9 +362,9 @@ void sa_sys_init(void)
- 		if (IS_COLLECTED(act[i]->options) && (act[i]->nr_ini > 0)) {
- 
- 			/* Look for a possible overflow */
--			check_overflow((unsigned long long) act[i]->msize,
--				       (unsigned long long) act[i]->nr_ini,
--				       (unsigned long long) act[i]->nr2);
-+			check_overflow((unsigned int) act[i]->msize,
-+				       (unsigned int) act[i]->nr_ini,
-+				       (unsigned int) act[i]->nr2);
- 
- 			/* Allocate structures for current activity (using nr_ini and nr2 results) */
- 			SREALLOC(act[i]->_buf0, void,
--- 
-2.45.0
-

CVE-2023-33204.patch

@@ -1,38 +0,0 @@
-commit 6f8dc568e6ab072bb8205b732f04e685bf9237c0
-Merge: c43167cc 954ff2e2
-Author: Sebastien GODARD <sysstat@users.noreply.github.com>
-Date:   Wed May 17 21:10:31 2023 +0200
-
-    Merge branch 'pkopylov-master'
-    
-    Signed-off-by: Sebastien GODARD <sysstat@users.noreply.github.com>
-
-diff --git a/common.c b/common.c
-index 48493b5f..0efe7ee3 100644
---- a/common.c
-+++ b/common.c
-@@ -431,15 +431,17 @@ int check_dir(char *dirname)
- void check_overflow(unsigned int val1, unsigned int val2,
- 		    unsigned int val3)
- {
--	if ((unsigned long long) val1 * (unsigned long long) val2 *
--	    (unsigned long long) val3 > UINT_MAX) {
-+	if ((val1 != 0) && (val2 != 0) && (val3 != 0) &&
-+	    (((unsigned long long) UINT_MAX / (unsigned long long) val1 <
-+	      (unsigned long long) val2) ||
-+	     ((unsigned long long) UINT_MAX / ((unsigned long long) val1 * (unsigned long long) val2) <
-+	      (unsigned long long) val3))) {
- #ifdef DEBUG
--		fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n",
--			__FUNCTION__, (unsigned long long) val1 * (unsigned long long) val2 *
--			(unsigned long long) val3);
-+		fprintf(stderr, "%s: Overflow detected (%u,%u,%u). Aborting...\n",
-+			__FUNCTION__, val1, val2, val3);
- #endif
--	exit(4);
--		}
-+		exit(4);
-+	}
- }
- 
- #ifndef SOURCE_SADC

SOURCES/CVE-2023-33204.patch

@@ -0,0 +1,23 @@
+From 954ff2e2673cef48f0ed44668c466eab041db387 Mon Sep 17 00:00:00 2001
+From: Pavel Kopylov <pkopylov@cloudlinux.com>
+Date: Wed, 17 May 2023 11:33:45 +0200
+Subject: [PATCH] Fix an overflow which is still possible for some values.
+diff --git a/common.c b/common.c
+index 583a0ca..6d73b1b 100644
+--- a/common.c
++++ b/common.c
+@@ -1639,9 +1639,11 @@ int parse_values(char *strargv, unsigned char bitmap[], int max_val, const char
+  */
+ void check_overflow(size_t val1, size_t val2, size_t val3)
+ {
+-	if ((unsigned long long) val1 *
+-	    (unsigned long long) val2 *
+-	    (unsigned long long) val3 > UINT_MAX) {
++if ((val1 != 0) && (val2 != 0) && (val3 != 0) &&
++		(((unsigned long long)UINT_MAX / (unsigned long long)val1 <
++		(unsigned long long)val2) ||
++		((unsigned long long)UINT_MAX / ((unsigned long long)val1 *
++		(unsigned long long)val2) < (unsigned long long)val3))) {
+ #ifdef DEBUG
+ 		fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n",
+ 			__FUNCTION__,

SPECS/sysstat.spec

@@ -1,7 +1,7 @@
 Summary: Collection of performance monitoring tools for Linux
 Name: sysstat
 Version: 11.7.3
-Release: 13%{?dist}
+Release: 12%{?dist}
 License: GPLv2+
 Group: Applications/System
 URL: http://sebastien.godard.pagesperso-orange.fr/
@@ -20,14 +20,8 @@ Patch05: 0001-sar-Fix-typo-in-manual-page.patch
 Patch06: CVE-2022-39377-arithmetic-overflow-in-allocate-structures-on-32-bit-systems.patch
 Patch07: 0001-sadc-Add-a-f-flag-to-force-fdatasync-use.patch
 Patch08: 0001-mpstat-incorrect-cpu-usage-iowait.patch
-Patch09: 0001-sa1-fix-sar-error-when-the-directory-var-log-sa-was-.patch
+Patch09: CVE-2023-33204.patch
-
+Patch10: 0001-sa1-fix-sar-error-when-the-directory-var-log-sa-was-.patch
-# https://github.com/sysstat/sysstat/commit/c9a11d35df4aecfcf22aef827bac6cd57def9d4e
-# https://github.com/sysstat/sysstat/commit/44f1dc159242c1e434a3b836cda49f084c5a96cc
-Patch10: 0001-Add-more-overflow-checks.patch
-# https://github.com/sysstat/sysstat/commit/6f8dc568e6ab072bb8205b732f04e685bf9237c0
-Patch11: CVE-2023-33204.patch
-
 BuildRequires: gettext, lm_sensors-devel, systemd
 
 Requires: findutils, xz
@@ -65,7 +59,6 @@ The cifsiostat command reports I/O statistics for CIFS file systems.
 %patch08 -p1
 %patch09 -p1
 %patch10 -p1
-%patch11 -p1
 
 %build
 export CFLAGS="$RPM_OPT_FLAGS -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld"
@@ -114,14 +107,10 @@ fi
 %{_localstatedir}/log/sa
 
 %changelog
-* Tue May 07 2024 Lukáš Zaoral <lzaoral@redhat.com> - 11.7.3-13
-- fix memory allocation errors with malformed sa files (RHEL-35511)
-- reorder patches to prevent errors during their application
-
 * Wed Dec 13 2023 Lukáš Zaoral <lzaoral@redhat.com> - 11.7.3-12
 - fix sar error when the directory /var/log/sa was removed (RHEL-19301)
 
-* Fri Jul 07 2023 Pavel Šimovec <psimovec@redhat.com> - 11.7.3-11
+* Fri Jul 07 2023 psimovec <psimovec@redhat.com> - 11.7.3-11
 - fix the arithmetic overflow in allocate_structures() that is still possible on some 32 bit systems (CVE-2023-33204)
 
 * Thu Mar 16 2023 Lukáš Zaoral <lzaoral@redhat.com> - 11.7.3-10

gating.yaml

@@ -1,6 +0,0 @@
---- !Policy
-product_versions:
-  - rhel-8
-decision_context: osci_compose_gate
-rules:
-  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}

sources

@@ -1 +0,0 @@
-SHA512 (sysstat-11.7.3.tar.xz) = c752ebba4d25a30147e68d0cb44d93020bb9b44823812c99550f6b34b42fc6f015c28ef0e6609a1e33ae6e4de566ae2d0e8a4711e412a4298baf5721dd15d27f