commit: ecf13248bdaba63272a52d2678ce688ffb161a9d Author: Marek Szuba <marecki <AT> gentoo <DOT> org> AuthorDate: Tue May 23 19:23:23 2023 +0000 Commit: Marek Szuba <marecki <AT> gentoo <DOT> org> CommitDate: Tue May 23 19:39:35 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ecf13248
app-admin/sysstat: backport second part of CVE-2022-39377 fix Bug: https://bugs.gentoo.org/880543 Signed-off-by: Marek Szuba <marecki <AT> gentoo.org> .../files/sysstat-12.6.2-check_overflow.patch | 18 +++++ app-admin/sysstat/sysstat-12.6.2-r1.ebuild | 88 ++++++++++++++++++++++ 2 files changed, 106 insertions(+) diff --git a/app-admin/sysstat/files/sysstat-12.6.2-check_overflow.patch b/app-admin/sysstat/files/sysstat-12.6.2-check_overflow.patch new file mode 100644 index 000000000000..3f36fd7ff090 --- /dev/null +++ b/app-admin/sysstat/files/sysstat-12.6.2-check_overflow.patch @@ -0,0 +1,18 @@ +Backported upstream fix for the fix for CVE-2022-39377. + +--- a/common.c ++++ b/common.c +@@ -431,8 +431,11 @@ int check_dir(char *dirname) + void check_overflow(unsigned int val1, unsigned int val2, + unsigned int val3) + { +- if ((unsigned long long) val1 * (unsigned long long) val2 * +- (unsigned long long) val3 > UINT_MAX) { ++ if ((val1 != 0) && (val2 != 0) && (val3 != 0) && ++ (((unsigned long long)UINT_MAX / (unsigned long long)val1 < ++ (unsigned long long)val2) || ++ ((unsigned long long)UINT_MAX / ((unsigned long long)val1 * ++ (unsigned long long)val2) < (unsigned long long)val3)) { + #ifdef DEBUG + fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n", + __FUNCTION__, (unsigned long long) val1 * (unsigned long long) val2 * diff --git a/app-admin/sysstat/sysstat-12.6.2-r1.ebuild b/app-admin/sysstat/sysstat-12.6.2-r1.ebuild new file mode 100644 index 000000000000..41f26b4b985a --- /dev/null +++ b/app-admin/sysstat/sysstat-12.6.2-r1.ebuild @@ -0,0 +1,88 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit systemd toolchain-funcs + +DESCRIPTION="System performance tools for Linux" +HOMEPAGE="http://sebastien.godard.pagesperso-orange.fr/"; +SRC_URI="https://github.com/${PN}/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +IUSE="dcron debug nls lm-sensors lto selinux systemd" + +BDEPEND=" + virtual/pkgconfig + nls? ( sys-devel/gettext ) +" + +COMMON_DEPEND=" + nls? ( virtual/libintl ) + lm-sensors? ( sys-apps/lm-sensors:= ) +" + +DEPEND="${COMMON_DEPEND}" + +RDEPEND=" + ${COMMON_DEPEND} + !dcron? ( !sys-process/dcron ) + selinux? ( sec-policy/selinux-sysstat ) +" + +REQUIRED_USE="dcron? ( !systemd )" + +PATCHES=( + "${FILESDIR}"/${PN}-12.6.2-check_overflow.patch +) + +src_prepare() { + if use dcron; then + sed -i 's/@CRON_OWNER@ //g' cron/sysstat.crond.in || die + fi + default +} + +src_configure() { + tc-export AR + + sa_lib_dir=/usr/lib/sa \ + conf_dir=/etc \ + econf \ + $(use_enable !systemd use-crond) \ + $(use_enable lm-sensors sensors) \ + $(use_enable lto) \ + $(use_enable nls) \ + $(usex debug --enable-debuginfo '') \ + --disable-compress-manpg \ + --disable-stripping \ + --disable-pcp \ + --enable-copy-only \ + --enable-documentation \ + --enable-install-cron \ + --with-systemdsystemunitdir=$(systemd_get_systemunitdir) +} + +src_compile() { + LFLAGS="${LDFLAGS}" default +} + +src_install() { + keepdir /var/log/sa + + emake \ + CHOWN=true \ + DESTDIR="${D}" \ + DOC_DIR=/usr/share/doc/${PF} \ + MANGRPARG='' \ + install + + dodoc -r contrib/ + + newinitd "${FILESDIR}"/${PN}.init.d ${PN} + systemd_dounit ${PN}.service + + rm "${D}"/usr/share/doc/${PF}/COPYING || die +}
