.sysstat.metadata

@@ -1 +0,0 @@
-d60fe0d4789cb377105c9a30f73e8e2158d3d288 SOURCES/sysstat-11.7.3.tar.xz

SOURCES/0001-mpstat-incorrect-cpu-usage-iowait.patch

@@ -0,0 +1,63 @@
+From 1f5949d4a6fcb33065dbb1d509f356db039998ed Mon Sep 17 00:00:00 2001
+From: Sebastien GODARD <sysstat@users.noreply.github.com>
+Date: Wed, 2 Sep 2020 19:04:04 +0200
+Subject: [PATCH] Workaround for iowait being decremented
+
+The iowait value reported by the kernel on NO_HZ systems can decrement
+as a result of inaccurate iowait tracking. Waiting on IO can be first
+accounted as iowait but then instead as idle.
+
+Function get_per_cpu_interval() considers iowait going backwards between
+two readings as a CPU coming back online and resets the iowait value of
+the first reading to 0. If iowait is decremented only because of
+inaccurate tracking, this causes that almost all time between the two
+readings is incorrectly recognized by sar as being spent in iowait.
+
+The patch updates the code in get_per_cpu_interval() to recognize this
+situation. If the iowait value between two readings decremented but the
+idle value did not then the code now considers it as a problem with the
+iowait reporting and corrects the first value according to the second
+reading. Otherwise, the code remains treating decremented iowait as a
+CPU coming back online.
+
+Fixes #14.
+
+Signed-off-by: Sebastien GODARD <sysstat@users.noreply.github.com>
+---
+ rd_stats.c | 20 +++++++++++++++++---
+ 1 file changed, 17 insertions(+), 3 deletions(-)
+
+diff --git a/rd_stats.c b/rd_stats.c
+index 56d42d00..fb93f23f 100644
+--- a/rd_stats.c
++++ b/rd_stats.c
+@@ -440,12 +440,26 @@ unsigned long long get_per_cpu_interval(struct stats_cpu *scc,
+ 	 * value was greater than ULLONG_MAX - 0x7ffff (the counter probably
+ 	 * overflew).
+ 	 */
++	if ((scc->cpu_iowait < scp->cpu_iowait) && (scp->cpu_iowait < (ULLONG_MAX - 0x7ffff))) {
++		/*
++		 * The iowait value reported by the kernel can also decrement as
++		 * a result of inaccurate iowait tracking. Waiting on IO can be
++		 * first accounted as iowait but then instead as idle.
++		 * Therefore if the idle value during the same period did not
++		 * decrease then consider this is a problem with the iowait
++		 * reporting and correct the previous value according to the new
++		 * reading. Otherwise, treat this as CPU coming back online.
++		 */
++		if ((scc->cpu_idle > scp->cpu_idle) || (scp->cpu_idle >= (ULLONG_MAX - 0x7ffff))) {
++			scp->cpu_iowait = scc->cpu_iowait;
++		}
++		else {
++			scp->cpu_iowait = 0;
++		}
++	}
+ 	if ((scc->cpu_idle < scp->cpu_idle) && (scp->cpu_idle < (ULLONG_MAX - 0x7ffff))) {
+ 		scp->cpu_idle = 0;
+ 	}
+-	if ((scc->cpu_iowait < scp->cpu_iowait) && (scp->cpu_iowait < (ULLONG_MAX - 0x7ffff))) {
+-		scp->cpu_iowait = 0;
+-	}
+ 
+ 	/*
+ 	 * Don't take cpu_guest and cpu_guest_nice into account

SOURCES/0001-sa1-fix-sar-error-when-the-directory-var-log-sa-was-.patch

@@ -0,0 +1,28 @@
+From 06e226703bee77e507f9f480807e230f677f0cb9 Mon Sep 17 00:00:00 2001
+From: Sdrkun <shanzhikun@gmail.com>
+Date: Tue, 28 Apr 2020 10:31:54 -0400
+Subject: [PATCH] sa1: fix sar error when the directory var/log/sa was removed.
+
+Signed-off-by: Sdrkun <shanzhikun@gmail.com>
+
+Cherry-picked-by: Lukáš Zaoral <lzaoral@redhat.com>
+Upstream-commit: 06e226703bee77e507f9f480807e230f677f0cb9
+---
+ sa1.in | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/sa1.in b/sa1.in
+index e908ad33..e9047d06 100644
+--- a/sa1.in
++++ b/sa1.in
+@@ -16,6 +16,7 @@
+ 
+ [ -r ${SYSCONFIG_DIR}/sysstat ] && . ${SYSCONFIG_DIR}/sysstat
+ [ -d ${SA_DIR} ] || SA_DIR=@SA_DIR@
++[ -d @SA_DIR@ ] || mkdir @SA_DIR@
+ 
+ if [ ${HISTORY} -gt 28 ]
+ then
+-- 
+2.43.0
+

SOURCES/0001-sadc-Add-a-f-flag-to-force-fdatasync-use.patch

@@ -0,0 +1,101 @@
+From 560d88cb5a16636acb0e350d6997fe915cc4253e Mon Sep 17 00:00:00 2001
+From: Kyle Walker <kwalker@redhat.com>
+Date: Wed, 30 Jan 2019 07:50:55 -0500
+Subject: [PATCH] sadc: Add a -f flag to force fdatasync() use
+
+For quite some time, the sadc utility has not used fdatasync() when writing
+stat information to disk. This resulted in instances where data files could
+be corrupted or entries lost if a system encountered a sudden reset
+condition. This change adds a "-f" flag which can be used to bring back the
+previous behaviour if end users require it.
+
+Note, the fdatasync() lowers the likelihood of lost data, but does so at
+the expense of performance within the write operation.
+---
+ man/sadc.in |  8 +++++++-
+ sa.h        |  2 ++
+ sadc.c      | 13 ++++++++++++-
+ 3 files changed, 21 insertions(+), 2 deletions(-)
+
+diff --git a/man/sadc.in b/man/sadc.in
+index 2d754b71..ce8ee230 100644
+--- a/man/sadc.in
++++ b/man/sadc.in
+@@ -4,7 +4,7 @@ sadc \- System activity data collector.
+ .SH SYNOPSIS
+ .B @SA_LIB_DIR@/sadc [ -C
+ .I comment
+-.B ] [ -D ] [ -F ] [ -L ] [ -V ] [ -S { DISK | INT | IPV6 | POWER | SNMP | XDISK | ALL | XALL [,...] } ] [
++.B ] [ -D ] [ -F ] [ -L ] [ -V ] [ -f ] [ -S { DISK | INT | IPV6 | POWER | SNMP | XDISK | ALL | XALL [,...] } ] [
+ .I interval
+ .B [
+ .I count
+@@ -106,6 +106,12 @@ then it will be truncated. This may be useful for daily data files
+ created by an older version of
+ .B sadc
+ and whose format is no longer compatible with current one.
++.IP -f
++fdatasync() will be used to ensure data is written to disk. This differs
++from the normal operation in that a sudden system reset is less likely to
++result in the saDD datafiles being corrupted. However, this is at the
++expense of performance within the sadc process as forward progress will be
++blocked while data is written to underlying disk instead of just to cache.
+ .IP -L
+ .B sadc
+ will try to get an exclusive lock on the
+diff --git a/sa.h b/sa.h
+index 1cd0c3d9..d3236f7c 100644
+--- a/sa.h
++++ b/sa.h
+@@ -110,5 +110,6 @@
+ #define S_F_HUMAN_READ		0x01000000
+ #define S_F_ZERO_OMIT		0x02000000
++#define S_F_FDATASYNC		0x08000000
+ 
+ #define WANT_SINCE_BOOT(m)		(((m) & S_F_SINCE_BOOT)   == S_F_SINCE_BOOT)
+ #define WANT_SA_ROTAT(m)		(((m) & S_F_SA_ROTAT)     == S_F_SA_ROTAT)
+@@ -138,5 +139,6 @@
+ #define PACK_VIEWS(m)			(((m) & S_F_SVG_PACKED) == S_F_SVG_PACKED)
+ #define DISPLAY_HUMAN_READ(m)		(((m) & S_F_HUMAN_READ) == S_F_HUMAN_READ)
++#define FDATASYNC(m)			(((m) & S_F_FDATASYNC)    == S_F_FDATASYNC)
+ 
+ #define AO_F_NULL		0x00000000
+ 
+diff --git a/sadc.c b/sadc.c
+index 826f4aed..139d490a 100644
+--- a/sadc.c
++++ b/sadc.c
+@@ -92,7 +92,7 @@ void usage(char *progname)
+ 		progname);
+ 
+ 	fprintf(stderr, _("Options are:\n"
+-			  "[ -C <comment> ] [ -D ] [ -F ] [ -L ] [ -V ]\n"
++			  "[ -C <comment> ] [ -D ] [ -F ] [ -L ] [ -V ] [ -f ]\n"
+ 			  "[ -S { INT | DISK | IPV6 | POWER | SNMP | XDISK | ALL | XALL } ]\n"));
+ 	exit(1);
+ }
+@@ -1109,6 +1109,13 @@ void rw_sa_stat_loop(long count, int stdfd, int ofd, char ofile[],
+ 
+ 		/* Flush data */
+ 		fflush(stdout);
++		if (FDATASYNC(flags)) {
++			/* If indicated, sync the data to media */
++			if (fdatasync(ofd) < 0) {
++				perror("fdatasync");
++				exit(4);
++			}
++		}
+ 
+ 		if (count > 0) {
+ 			count--;
+@@ -1206,6 +1213,10 @@ int main(int argc, char **argv)
+ 			optz = 1;
+ 		}
+ 
++		else if (!strcmp(argv[opt], "-f")) {
++			flags |= S_F_FDATASYNC;
++		}
++
+ 		else if (!strcmp(argv[opt], "-C")) {
+ 			if (!argv[++opt]) {
+ 				usage(argv[0]);

SOURCES/CVE-2023-33204.patch

@@ -0,0 +1,23 @@
+From 954ff2e2673cef48f0ed44668c466eab041db387 Mon Sep 17 00:00:00 2001
+From: Pavel Kopylov <pkopylov@cloudlinux.com>
+Date: Wed, 17 May 2023 11:33:45 +0200
+Subject: [PATCH] Fix an overflow which is still possible for some values.
+diff --git a/common.c b/common.c
+index 583a0ca..6d73b1b 100644
+--- a/common.c
++++ b/common.c
+@@ -1639,9 +1639,11 @@ int parse_values(char *strargv, unsigned char bitmap[], int max_val, const char
+  */
+ void check_overflow(size_t val1, size_t val2, size_t val3)
+ {
+-	if ((unsigned long long) val1 *
+-	    (unsigned long long) val2 *
+-	    (unsigned long long) val3 > UINT_MAX) {
++if ((val1 != 0) && (val2 != 0) && (val3 != 0) &&
++		(((unsigned long long)UINT_MAX / (unsigned long long)val1 <
++		(unsigned long long)val2) ||
++		((unsigned long long)UINT_MAX / ((unsigned long long)val1 *
++		(unsigned long long)val2) < (unsigned long long)val3))) {
+ #ifdef DEBUG
+ 		fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n",
+ 			__FUNCTION__,

SPECS/sysstat.spec

@@ -1,7 +1,7 @@
 Summary: Collection of performance monitoring tools for Linux
 Name: sysstat
 Version: 11.7.3
-Release: 8%{?dist}
+Release: 12%{?dist}
 License: GPLv2+
 Group: Applications/System
 URL: http://sebastien.godard.pagesperso-orange.fr/
@@ -18,7 +18,10 @@ Patch03: 0001-sar-Add-missing-gnice-CPU-value-for-tickless-CPU.patch
 Patch04: 0001-sadf-Fix-seg-fault-on-empty-data-files.patch
 Patch05: 0001-sar-Fix-typo-in-manual-page.patch
 Patch06: CVE-2022-39377-arithmetic-overflow-in-allocate-structures-on-32-bit-systems.patch
-
+Patch07: 0001-sadc-Add-a-f-flag-to-force-fdatasync-use.patch
+Patch08: 0001-mpstat-incorrect-cpu-usage-iowait.patch
+Patch09: CVE-2023-33204.patch
+Patch10: 0001-sa1-fix-sar-error-when-the-directory-var-log-sa-was-.patch
 BuildRequires: gettext, lm_sensors-devel, systemd
 
 Requires: findutils, xz
@@ -52,6 +55,10 @@ The cifsiostat command reports I/O statistics for CIFS file systems.
 %patch04 -p1
 %patch05 -p1
 %patch06 -p1
+%patch07 -p1
+%patch08 -p1
+%patch09 -p1
+%patch10 -p1
 
 %build
 export CFLAGS="$RPM_OPT_FLAGS -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld"
@@ -100,6 +107,18 @@ fi
 %{_localstatedir}/log/sa
 
 %changelog
+* Wed Dec 13 2023 Lukáš Zaoral <lzaoral@redhat.com> - 11.7.3-12
+- fix sar error when the directory /var/log/sa was removed (RHEL-19301)
+
+* Fri Jul 07 2023 psimovec <psimovec@redhat.com> - 11.7.3-11
+- fix the arithmetic overflow in allocate_structures() that is still possible on some 32 bit systems (CVE-2023-33204)
+
+* Thu Mar 16 2023 Lukáš Zaoral <lzaoral@redhat.com> - 11.7.3-10
+- Fix incorrect CPU usage on ALL CPU field for iowait in mpstat (#2178863)
+
+* Wed Dec 14 2022 Lukáš Zaoral <lzaoral@redhat.com> - 11.7.3-9
+- add -f flag to force fdatasync() after sa file update (#2153192)
+
 * Thu Nov 10 2022 Lukáš Zaoral <lzaoral@redhat.com> - 11.7.3-8
 - arithmetic overflow in allocate_structures() on 32 bit systems (CVE-2022-39377)