import sysstat-12.5.4-5.el9

SOURCES/sysstat-12.5.4-CVE-2022-39377.patch

@@ -0,0 +1,85 @@
+From 9c4eaf150662ad40607923389d4519bc83b93540 Mon Sep 17 00:00:00 2001
+From: Sebastien <seb@fedora-2.home>
+Date: Sat, 15 Oct 2022 14:24:22 +0200
+Subject: [PATCH] Fix size_t overflow in sa_common.c (GHSL-2022-074)
+
+allocate_structures function located in sa_common.c insufficiently
+checks bounds before arithmetic multiplication allowing for an
+overflow in the size allocated for the buffer representing system
+activities.
+
+This patch checks that the post-multiplied value is not greater than
+UINT_MAX.
+
+Signed-off-by: Sebastien <seb@fedora-2.home>
+---
+ common.c    | 25 +++++++++++++++++++++++++
+ common.h    |  2 ++
+ sa_common.c |  6 ++++++
+ 3 files changed, 33 insertions(+)
+
+diff --git a/common.c b/common.c
+index 81c77624..1a84b052 100644
+--- a/common.c
++++ b/common.c
+@@ -1655,4 +1655,29 @@ int parse_values(char *strargv, unsigned char bitmap[], int max_val, const char
+ 
+ 	return 0;
+ }
++
++/*
++ ***************************************************************************
++ * Check if the multiplication of the 3 values may be greater than UINT_MAX.
++ *
++ * IN:
++ * @val1	First value.
++ * @val2	Second value.
++ * @val3	Third value.
++ ***************************************************************************
++ */
++void check_overflow(size_t val1, size_t val2, size_t val3)
++{
++	if ((unsigned long long) val1 *
++	    (unsigned long long) val2 *
++	    (unsigned long long) val3 > UINT_MAX) {
++#ifdef DEBUG
++		fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n",
++			__FUNCTION__,
++			(unsigned long long) val1 * (unsigned long long) val2 *	(unsigned long long) val3);
++#endif
++	exit(4);
++	}
++}
++
+ #endif /* SOURCE_SADC undefined */
+diff --git a/common.h b/common.h
+index 55b6657d..e8ab98ab 100644
+--- a/common.h
++++ b/common.h
+@@ -260,6 +260,8 @@ int check_dir
+ 	(char *);
+ 
+ #ifndef SOURCE_SADC
++void check_overflow
++	(size_t, size_t, size_t);
+ int count_bits
+ 	(void *, int);
+ int count_csvalues
+diff --git a/sa_common.c b/sa_common.c
+index 3699a840..b2cec4ad 100644
+--- a/sa_common.c
++++ b/sa_common.c
+@@ -459,7 +459,13 @@ void allocate_structures(struct activity *act[])
+ 	int i, j;
+ 
+ 	for (i = 0; i < NR_ACT; i++) {
++
+ 		if (act[i]->nr_ini > 0) {
++
++			/* Look for a possible overflow */
++			check_overflow((size_t) act[i]->msize, (size_t) act[i]->nr_ini,
++				       (size_t) act[i]->nr2);
++
+ 			for (j = 0; j < 3; j++) {
+ 				SREALLOC(act[i]->buf[j], void,
+ 						(size_t) act[i]->msize * (size_t) act[i]->nr_ini * (size_t) act[i]->nr2);

SOURCES/sysstat-12.5.4-bz2080650.patch

@@ -0,0 +1,112 @@
+From 398585bfe7b1340d41143f50dfc868ef8ab9a5e4 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Zaoral?= <lzaoral@redhat.com>
+Date: Tue, 21 Feb 2023 12:43:42 +0100
+Subject: [PATCH] Tools that take --dec=X option should only accept digits
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Right now the argument of --dec is passed to atoi(3) which returns 0
+on conversion error.  Therefore, --dec=A was not rejected and was
+equivalent to --dec=0 by mistake.
+
+Signed-off-by: Lukáš Zaoral <lzaoral@redhat.com>
+---
+ cifsiostat.c | 5 +++++
+ iostat.c     | 5 +++++
+ mpstat.c     | 5 +++++
+ pidstat.c    | 5 +++++
+ sar.c        | 6 ++++++
+ 5 files changed, 26 insertions(+)
+
+diff --git a/cifsiostat.c b/cifsiostat.c
+index 375b1ff..849583b 100644
+--- a/cifsiostat.c
++++ b/cifsiostat.c
+@@ -522,6 +522,11 @@ int main(int argc, char **argv)
+ 		}
+ 
+ 		else if (!strncmp(argv[opt], "--dec=", 6) && (strlen(argv[opt]) == 7)) {
++			/* Check that the argument is a digit */
++			if (!isdigit(argv[opt][6])) {
++				usage(argv[0]);
++			}
++
+ 			/* Get number of decimal places */
+ 			dplaces_nr = atoi(argv[opt] + 6);
+ 			if ((dplaces_nr < 0) || (dplaces_nr > 2)) {
+diff --git a/iostat.c b/iostat.c
+index 1d7ea3c..7ac56ef 100644
+--- a/iostat.c
++++ b/iostat.c
+@@ -2142,6 +2142,11 @@ int main(int argc, char **argv)
+ #endif
+ 
+ 		else if (!strncmp(argv[opt], "--dec=", 6) && (strlen(argv[opt]) == 7)) {
++			/* Check that the argument is a digit */
++			if (!isdigit(argv[opt][6])) {
++				usage(argv[0]);
++			}
++
+ 			/* Get number of decimal places */
+ 			dplaces_nr = atoi(argv[opt] + 6);
+ 			if ((dplaces_nr < 0) || (dplaces_nr > 2)) {
+diff --git a/mpstat.c b/mpstat.c
+index 90d6226..5045e45 100644
+--- a/mpstat.c
++++ b/mpstat.c
+@@ -2221,6 +2221,11 @@ int main(int argc, char **argv)
+ 	while (++opt < argc) {
+ 
+ 		if (!strncmp(argv[opt], "--dec=", 6) && (strlen(argv[opt]) == 7)) {
++			/* Check that the argument is a digit */
++			if (!isdigit(argv[opt][6])) {
++				usage(argv[0]);
++			}
++
+ 			/* Get number of decimal places */
+ 			dplaces_nr = atoi(argv[opt] + 6);
+ 			if ((dplaces_nr < 0) || (dplaces_nr > 2)) {
+diff --git a/pidstat.c b/pidstat.c
+index 21fed6c..d550605 100644
+--- a/pidstat.c
++++ b/pidstat.c
+@@ -2633,6 +2633,11 @@ int main(int argc, char **argv)
+ 		}
+ 
+ 		else if (!strncmp(argv[opt], "--dec=", 6) && (strlen(argv[opt]) == 7)) {
++			/* Check that the argument is a digit */
++			if (!isdigit(argv[opt][6])) {
++				usage(argv[0]);
++			}
++
+ 			/* Get number of decimal places */
+ 			dplaces_nr = atoi(argv[opt] + 6);
+ 			if ((dplaces_nr < 0) || (dplaces_nr > 2)) {
+diff --git a/sar.c b/sar.c
+index 4f06172..7691793 100644
+--- a/sar.c
++++ b/sar.c
+@@ -28,6 +28,7 @@
+ #include <errno.h>
+ #include <signal.h>
+ #include <sys/stat.h>
++#include <ctype.h>
+ 
+ #include "version.h"
+ #include "sa.h"
+@@ -1372,6 +1373,11 @@ int main(int argc, char **argv)
+ 		}
+ 
+ 		else if (!strncmp(argv[opt], "--dec=", 6) && (strlen(argv[opt]) == 7)) {
++			/* Check that the argument is a digit */
++			if (!isdigit(argv[opt][6])) {
++				usage(argv[0]);
++			}
++
+ 			/* Get number of decimal places */
+ 			dplaces_nr = atoi(argv[opt] + 6);
+ 			if ((dplaces_nr < 0) || (dplaces_nr > 2)) {
+-- 
+2.39.2
+

SPECS/sysstat.spec

@@ -1,7 +1,7 @@
 Summary: Collection of performance monitoring tools for Linux
 Name: sysstat
 Version: 12.5.4
-Release: 3%{?dist}
+Release: 5%{?dist}
 License: GPLv2+
 URL: http://sebastien.godard.pagesperso-orange.fr/
 Source: https://github.com/sysstat/sysstat/archive/v%{version}.tar.gz
@@ -10,6 +10,11 @@ Source: https://github.com/sysstat/sysstat/archive/v%{version}.tar.gz
 Source1: colorsysstat.csh
 Source2: colorsysstat.sh
 
+# arithmetic overflow in allocate_structures() on 32 bit systems (CVE-2022-39377)
+Patch1:  sysstat-12.5.4-CVE-2022-39377.patch
+# {cifsio,io,mp,pid}stat --dec and sar --dec report values from single alphabet other than defined (bz2080650)
+Patch2:  sysstat-12.5.4-bz2080650.patch
+
 BuildRequires: make
 BuildRequires: gcc, gettext, lm_sensors-devel, pcp-libs-devel, systemd, git
 
@@ -86,7 +91,13 @@ fi
 %{_localstatedir}/log/sa
 
 %changelog
-* Mon Feb 21 2021 Michal Sekletar <msekleta@redhat.com> 12.5.4-3
+* Tue Feb 21 2023 Lukáš Zaoral <lzaoral@redhat.com> - 12.5.4-5
+- Fix --dec argument validation (rhbz#2080650)
+
+* Thu Nov 10 2022 Lukáš Zaoral <lzaoral@redhat.com> - 12.5.4-4
+- arithmetic overflow in allocate_structures() on 32 bit systems (CVE-2022-39377)
+
+* Mon Feb 21 2022 Michal Sekletar <msekleta@redhat.com> 12.5.4-3
 - sysstat's buildsystem doesn't really use LDFLAGS, we have to merge CFLAGS and LDFLAGS to get binaries with full RELRO (#2044893)
 
 * Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 12.5.4-2