Hello community, here is the log from the commit of package sysstat for openSUSE:Factory checked in at 2019-02-24 16:56:00 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/sysstat (Old) and /work/SRC/openSUSE:Factory/.sysstat.new.28833 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sysstat" Sun Feb 24 16:56:00 2019 rev:79 rq:673022 version:12.0.3 Changes: -------- --- /work/SRC/openSUSE:Factory/sysstat/sysstat.changes 2018-11-28 11:15:09.950750331 +0100 +++ /work/SRC/openSUSE:Factory/.sysstat.new.28833/sysstat.changes 2019-02-24 16:56:05.728888787 +0100 @@ -1,0 +2,18 @@ +Wed Jan 23 11:13:24 UTC 2019 - Pedro Monreal Gonzalez <[email protected]> + +- Version update to 12.0.3 + * 2018/12/14: Version 12.0.3 - Sebastien Godard (sysstat<at>orange.fr) + * sadf: Fix out of bound reads security issues (CVE-2018-19416 + and CVE-2018-19517). + * sadf: Fix possible infinite loop. + * [Todd Walton]: Clarify sadc manual page and FAQ on using + multiple -S keywords. + * Remove remap_struct() prototype from sa.h. + * [Steve Kay]: Use memcpy rather than strncpy, in order to + avoid truncation warning. + * [Steve Kay]: Cosmetic fixes in configure file. + * [Anatoly Pugachev]: Fix comment in sar.c. +- Dropped patch fixed upstream: + * sysstat-12.0.2-CVE-2018-19416-and-CVE-2018-19517.patch + +------------------------------------------------------------------- Old: ---- sysstat-12.0.2-CVE-2018-19416-and-CVE-2018-19517.patch sysstat-12.0.2.tar.xz New: ---- sysstat-12.0.3.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sysstat.spec ++++++ --- /var/tmp/diff_new_pack.4vsXwg/_old 2019-02-24 16:56:07.588887903 +0100 +++ /var/tmp/diff_new_pack.4vsXwg/_new 2019-02-24 16:56:07.592887901 +0100 @@ -1,7 +1,7 @@ # # spec file for package sysstat # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: sysstat -Version: 12.0.2 +Version: 12.0.3 Release: 0 Summary: Sar and Iostat Commands for Linux License: GPL-2.0-or-later @@ -33,8 +33,6 @@ # PATCH-FIX-OPENSUSE should be upstreamed # use getpagesize() instead of kb_shift for hugetable archs Patch2: sysstat-8.0.4-pagesize.diff -# PATCH-FIX-UPSTREAM CVE-2018-19416 CVE-2018-19517 bsc#1117001 bsc#1117260 -Patch3: sysstat-12.0.2-CVE-2018-19416-and-CVE-2018-19517.patch BuildRequires: findutils BuildRequires: pkgconfig BuildRequires: sed @@ -73,7 +71,6 @@ %setup -q %patch0 -p1 %patch2 -p1 -%patch3 -p1 cp %{SOURCE1} %{SOURCE2} %{SOURCE4} . # remove date and time from objects find ./ -name \*.c -exec sed -i -e 's: " compiled " __DATE__ " " __TIME__::g' {} \; ++++++ sysstat-12.0.2.tar.xz -> sysstat-12.0.3.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysstat-12.0.2/CHANGES new/sysstat-12.0.3/CHANGES --- old/sysstat-12.0.2/CHANGES 2018-10-13 09:29:36.000000000 +0200 +++ new/sysstat-12.0.3/CHANGES 2018-12-14 15:08:26.000000000 +0100 @@ -1,5 +1,16 @@ Changes: +2018/12/14: Version 12.0.3 - Sebastien Godard (sysstat <at> orange.fr) + * sadf: Fix out of bound reads security issues (CVE-2018-19416 and + CVE-2018-19517). + * sadf: Fix possible infinite loop. + * [Todd Walton]: Clarify sadc manual page and FAQ on using multiple -S keywords. + * Remove remap_struct() prototype from sa.h. + * [Steve Kay]: Use memcpy rather than strncpy, in order to avoid truncation + warning. + * [Steve Kay]: Cosmetic fixes in configure file. + * [Anatoly Pugachev]: Fix comment in sar.c. + 2018/10/13: Version 12.0.2 - Sebastien Godard (sysstat <at> orange.fr) * sar: Fix timestamp format in report output. * sar: Fortify remap_struct() function. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysstat-12.0.2/FAQ.md new/sysstat-12.0.3/FAQ.md --- old/sysstat-12.0.2/FAQ.md 2018-10-13 09:28:34.000000000 +0200 +++ new/sysstat-12.0.3/FAQ.md 2018-12-14 15:06:43.000000000 +0100 @@ -536,10 +536,10 @@ in my binary daily data files? -A: sadc's option -S followed by a keyword (DISK, SNMP...) can already -be used to specify which optional activities are to be collected. -Without this option, sadc collects a default set of activities (CPU -activity, memory activity, network activity, etc.) +A: sadc's option -S followed by one or more keywords (DISK, SNMP...) +can already be used to specify which optional activities are to be +collected. Without this option, sadc collects a default set of +activities (CPU activity, memory activity, network activity, etc.) Yet it is actually possible to specify explicitly which activities should be collected by sadc! You have to use sadc's option -S followed by the report name corresponding to the activity you want diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysstat-12.0.2/configure new/sysstat-12.0.3/configure --- old/sysstat-12.0.2/configure 2018-10-13 09:28:34.000000000 +0200 +++ new/sysstat-12.0.3/configure 2018-12-14 15:06:43.000000000 +0100 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for sysstat 12.0.2. +# Generated by GNU Autoconf 2.69 for sysstat 12.0.3. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -577,8 +577,8 @@ # Identity of this package. PACKAGE_NAME='sysstat' PACKAGE_TARNAME='sysstat' -PACKAGE_VERSION='12.0.2' -PACKAGE_STRING='sysstat 12.0.2' +PACKAGE_VERSION='12.0.3' +PACKAGE_STRING='sysstat 12.0.3' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -1304,7 +1304,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures sysstat 12.0.2 to adapt to many kinds of systems. +\`configure' configures sysstat 12.0.3 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1365,7 +1365,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of sysstat 12.0.2:";; + short | recursive ) echo "Configuration of sysstat 12.0.3:";; esac cat <<\_ACEOF @@ -1482,7 +1482,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -sysstat configure 12.0.2 +sysstat configure 12.0.3 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1901,7 +1901,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by sysstat $as_me 12.0.2, which was +It was created by sysstat $as_me 12.0.3, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -4859,15 +4859,15 @@ # --enable-compress-manpg compress manual pages # --enable-debuginfo enable debug output (--debuginfo option) # --disable-documentation do not install documentation (man pages...) -# --disable-sensors do not link against libsensors even if available +# --disable-sensors do not link against libsensors even if available # --disable-stripping do not strip object files -# --enablle-copy-only only copy files when installing sysstat +# --enable-copy-only only copy files when installing sysstat # # Some influential environment variables: -# rcdir directory where startup scripts are installed +# rcdir directory where startup scripts are installed # sa_lib_dir sadc, sa1 and sa2 directory # sa_dir system activity daily datafiles directory -# conf_dir sysstat configuration directory (default is /etc/sysconfig) +# conf_dir sysstat configuration directory (default is /etc/sysconfig) # history number of daily datafiles to keep (default value is 7) # compressafter number of days after which datafiles are compressed # man_group group for man pages @@ -4877,7 +4877,7 @@ # # Fine tuning the installation directories: # --mandir=DIR man documentation directory [PREFIX/man] -# --docdir=DIR other documentation directory [PREFIX/share/doc] +# --docdir=DIR other documentation directory [PREFIX/share/doc] # # Installation directories: # --prefix=PREFIX install architecture-independent files in PREFIX @@ -5959,7 +5959,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by sysstat $as_me 12.0.2, which was +This file was extended by sysstat $as_me 12.0.3, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -6012,7 +6012,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -sysstat config.status 12.0.2 +sysstat config.status 12.0.3 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysstat-12.0.2/configure.in new/sysstat-12.0.3/configure.in --- old/sysstat-12.0.2/configure.in 2018-10-13 09:28:34.000000000 +0200 +++ new/sysstat-12.0.3/configure.in 2018-12-14 15:06:43.000000000 +0100 @@ -4,7 +4,7 @@ # Modified by Sebastien Godard (sysstat <at> orange.fr) # Initialization of $PACKAGE_VERSION and $PACKAGE_NAME variables -AC_INIT(sysstat, 12.0.2) +AC_INIT(sysstat, 12.0.3) # Ensure that a recent enough version of Autoconf is being used AC_PREREQ(2.53) @@ -139,15 +139,15 @@ # --enable-compress-manpg compress manual pages # --enable-debuginfo enable debug output (--debuginfo option) # --disable-documentation do not install documentation (man pages...) -# --disable-sensors do not link against libsensors even if available +# --disable-sensors do not link against libsensors even if available # --disable-stripping do not strip object files -# --enablle-copy-only only copy files when installing sysstat +# --enable-copy-only only copy files when installing sysstat # # Some influential environment variables: -# rcdir directory where startup scripts are installed +# rcdir directory where startup scripts are installed # sa_lib_dir sadc, sa1 and sa2 directory # sa_dir system activity daily datafiles directory -# conf_dir sysstat configuration directory (default is /etc/sysconfig) +# conf_dir sysstat configuration directory (default is /etc/sysconfig) # history number of daily datafiles to keep (default value is 7) # compressafter number of days after which datafiles are compressed # man_group group for man pages @@ -157,7 +157,7 @@ # # Fine tuning the installation directories: # --mandir=DIR man documentation directory [PREFIX/man] -# --docdir=DIR other documentation directory [PREFIX/share/doc] +# --docdir=DIR other documentation directory [PREFIX/share/doc] # # Installation directories: # --prefix=PREFIX install architecture-independent files in PREFIX diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysstat-12.0.2/man/sadc.in new/sysstat-12.0.3/man/sadc.in --- old/sysstat-12.0.2/man/sadc.in 2018-10-13 09:28:35.000000000 +0200 +++ new/sysstat-12.0.3/man/sadc.in 2018-12-02 17:59:46.000000000 +0100 @@ -4,7 +4,7 @@ .SH SYNOPSIS .B @SA_LIB_DIR@/sadc [ -C .I comment -.B ] [ -D ] [ -F ] [ -L ] [ -V ] [ -S { DISK | INT | IPV6 | POWER | SNMP | XDISK | ALL | XALL [,...] } ] [ +.B ] [ -D ] [ -F ] [ -L ] [ -V ] [ -S { keyword [,...] | ALL | XALL } ] [ .I interval .B [ .I count @@ -124,7 +124,9 @@ .B sadc might still be running when cron starts a new one. Without locking, this situation can result in a corrupted system activity file. -.IP "-S { DISK | INT | IPV6 | POWER | SNMP | XDISK | ALL | XALL [,...] }" +.IP "-S { keyword [,...] | ALL | XALL }" +Possible keywords are DISK, INT, IPV6, POWER, SNMP, XDISK, ALL, and XALL. + Specify which optional activities should be collected by .BR sadc . Some activities are optional to prevent data files from growing too large. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysstat-12.0.2/nls/sysstat.pot new/sysstat-12.0.3/nls/sysstat.pot --- old/sysstat-12.0.2/nls/sysstat.pot 2018-10-13 09:28:45.000000000 +0200 +++ new/sysstat-12.0.3/nls/sysstat.pot 2018-12-14 15:07:05.000000000 +0100 @@ -8,7 +8,7 @@ msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sysstat <at> orange.fr\n" -"POT-Creation-Date: 2018-10-13 09:28+0200\n" +"POT-Creation-Date: 2018-12-14 15:07+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <[email protected]>\n" @@ -55,7 +55,7 @@ msgid "Cannot find disk data\n" msgstr "" -#: iostat.c:1832 sa_common.c:2110 +#: iostat.c:1832 sa_common.c:2136 #, c-format msgid "Invalid type of persistent device name\n" msgstr "" @@ -91,7 +91,7 @@ msgstr "" #: sadc.c:692 sadc.c:755 count.c:118 ioconf.c:506 rd_stats.c:75 -#: sa_common.c:1664 +#: sa_common.c:1689 #, c-format msgid "Cannot open %s: %s\n" msgstr "" @@ -321,22 +321,22 @@ msgid "Inconsistent input data\n" msgstr "" -#: sar.c:876 +#: sar.c:877 #, c-format msgid "Using a wrong data collector from a different sysstat version\n" msgstr "" -#: sar.c:1483 +#: sar.c:1484 #, c-format msgid "-f and -o options are mutually exclusive\n" msgstr "" -#: sar.c:1489 +#: sar.c:1490 #, c-format msgid "Not reading from a system activity file (use -f option)\n" msgstr "" -#: sar.c:1636 +#: sar.c:1637 #, c-format msgid "Cannot find the data collector (%s)\n" msgstr "" @@ -486,22 +486,22 @@ msgid "Current sysstat version cannot read the format of this file (%#x)\n" msgstr "" -#: sa_common.c:1367 +#: sa_common.c:1390 #, c-format msgid "Error while reading system activity file: %s\n" msgstr "" -#: sa_common.c:1377 +#: sa_common.c:1400 #, c-format msgid "End of system activity file unexpected\n" msgstr "" -#: sa_common.c:1667 +#: sa_common.c:1692 #, c-format msgid "Please check if data collecting is enabled\n" msgstr "" -#: sa_common.c:1989 +#: sa_common.c:2015 #, c-format msgid "Requested activities not available in file %s\n" msgstr "" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysstat-12.0.2/rd_stats.c new/sysstat-12.0.3/rd_stats.c --- old/sysstat-12.0.2/rd_stats.c 2018-10-13 09:28:35.000000000 +0200 +++ new/sysstat-12.0.3/rd_stats.c 2018-12-14 15:06:43.000000000 +0100 @@ -2587,7 +2587,7 @@ st_fc_i->f_txframes = tx_frames; st_fc_i->f_rxwords = rx_words; st_fc_i->f_txwords = tx_words; - strncpy(st_fc_i->fchost_name, drd->d_name, MAX_FCH_LEN); + memcpy(st_fc_i->fchost_name, drd->d_name, MAX_FCH_LEN); st_fc_i->fchost_name[MAX_FCH_LEN - 1] = '\0'; } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysstat-12.0.2/sa.h new/sysstat-12.0.3/sa.h --- old/sysstat-12.0.2/sa.h 2018-10-13 09:28:35.000000000 +0200 +++ new/sysstat-12.0.3/sa.h 2018-12-14 15:06:43.000000000 +0100 @@ -1355,11 +1355,9 @@ __nr_t read_nr_value (int, char *, struct file_magic *, int, int, int); int read_record_hdr - (int, void *, struct record_header *, struct file_header *, int, int); + (int, void *, struct record_header *, struct file_header *, int, int, size_t); void reallocate_all_buffers (struct activity *, __nr_t); -void remap_struct - (unsigned int [], unsigned int [], void *, unsigned int, unsigned int); void replace_nonprintable_char (int, char *); int sa_fread diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysstat-12.0.2/sa_common.c new/sysstat-12.0.3/sa_common.c --- old/sysstat-12.0.2/sa_common.c 2018-10-13 09:28:35.000000000 +0200 +++ new/sysstat-12.0.3/sa_common.c 2018-12-14 15:06:43.000000000 +0100 @@ -1280,12 +1280,14 @@ * @f_size Size of the structure containing statistics. This is the * size of the structure *read from file*. * @g_size Size of the structure expected by current sysstat version. + * @b_size Size of the buffer pointed by @ps. *************************************************************************** */ void remap_struct(unsigned int gtypes_nr[], unsigned int ftypes_nr[], - void *ps, unsigned int f_size, unsigned int g_size) + void *ps, unsigned int f_size, unsigned int g_size, size_t b_size) { int d; + size_t n; /* Sanity check */ if (MAP_SIZE(ftypes_nr) > f_size) @@ -1294,10 +1296,14 @@ /* Remap [unsigned] long fields */ d = gtypes_nr[0] - ftypes_nr[0]; if (d) { + n = MINIMUM(f_size - ftypes_nr[0] * ULL_ALIGNMENT_WIDTH, + g_size - gtypes_nr[0] * ULL_ALIGNMENT_WIDTH); + if ((ftypes_nr[0] * ULL_ALIGNMENT_WIDTH >= b_size) || + (gtypes_nr[0] * ULL_ALIGNMENT_WIDTH + n > b_size) || + (ftypes_nr[0] * ULL_ALIGNMENT_WIDTH + n > b_size)) + return; memmove(((char *) ps) + gtypes_nr[0] * ULL_ALIGNMENT_WIDTH, - ((char *) ps) + ftypes_nr[0] * ULL_ALIGNMENT_WIDTH, - MINIMUM(f_size - ftypes_nr[0] * ULL_ALIGNMENT_WIDTH, - g_size - gtypes_nr[0] * ULL_ALIGNMENT_WIDTH)); + ((char *) ps) + ftypes_nr[0] * ULL_ALIGNMENT_WIDTH, n); if (d > 0) { memset(((char *) ps) + ftypes_nr[0] * ULL_ALIGNMENT_WIDTH, 0, d * ULL_ALIGNMENT_WIDTH); @@ -1306,14 +1312,21 @@ /* Remap [unsigned] int fields */ d = gtypes_nr[1] - ftypes_nr[1]; if (d) { + n = MINIMUM(f_size - ftypes_nr[0] * ULL_ALIGNMENT_WIDTH + - ftypes_nr[1] * UL_ALIGNMENT_WIDTH, + g_size - gtypes_nr[0] * ULL_ALIGNMENT_WIDTH + - gtypes_nr[1] * UL_ALIGNMENT_WIDTH); + if ((gtypes_nr[0] * ULL_ALIGNMENT_WIDTH + + ftypes_nr[1] * UL_ALIGNMENT_WIDTH >= b_size) || + (gtypes_nr[0] * ULL_ALIGNMENT_WIDTH + + gtypes_nr[1] * UL_ALIGNMENT_WIDTH + n > b_size) || + (gtypes_nr[0] * ULL_ALIGNMENT_WIDTH + + ftypes_nr[1] * UL_ALIGNMENT_WIDTH + n > b_size)) + return; memmove(((char *) ps) + gtypes_nr[0] * ULL_ALIGNMENT_WIDTH + gtypes_nr[1] * UL_ALIGNMENT_WIDTH, ((char *) ps) + gtypes_nr[0] * ULL_ALIGNMENT_WIDTH - + ftypes_nr[1] * UL_ALIGNMENT_WIDTH, - MINIMUM(f_size - ftypes_nr[0] * ULL_ALIGNMENT_WIDTH - - ftypes_nr[1] * UL_ALIGNMENT_WIDTH, - g_size - gtypes_nr[0] * ULL_ALIGNMENT_WIDTH - - gtypes_nr[1] * UL_ALIGNMENT_WIDTH)); + + ftypes_nr[1] * UL_ALIGNMENT_WIDTH, n); if (d > 0) { memset(((char *) ps) + gtypes_nr[0] * ULL_ALIGNMENT_WIDTH + ftypes_nr[1] * UL_ALIGNMENT_WIDTH, @@ -1323,18 +1336,28 @@ /* Remap possible fields (like strings of chars) following int fields */ d = gtypes_nr[2] - ftypes_nr[2]; if (d) { + n = MINIMUM(f_size - ftypes_nr[0] * ULL_ALIGNMENT_WIDTH + - ftypes_nr[1] * UL_ALIGNMENT_WIDTH + - ftypes_nr[2] * U_ALIGNMENT_WIDTH, + g_size - gtypes_nr[0] * ULL_ALIGNMENT_WIDTH + - gtypes_nr[1] * UL_ALIGNMENT_WIDTH + - gtypes_nr[2] * U_ALIGNMENT_WIDTH); + if ((gtypes_nr[0] * ULL_ALIGNMENT_WIDTH + + gtypes_nr[1] * UL_ALIGNMENT_WIDTH + + ftypes_nr[2] * U_ALIGNMENT_WIDTH >= b_size) || + (gtypes_nr[0] * ULL_ALIGNMENT_WIDTH + + gtypes_nr[1] * UL_ALIGNMENT_WIDTH + + gtypes_nr[2] * U_ALIGNMENT_WIDTH + n > b_size) || + (gtypes_nr[0] * ULL_ALIGNMENT_WIDTH + + gtypes_nr[1] * UL_ALIGNMENT_WIDTH + + ftypes_nr[2] * U_ALIGNMENT_WIDTH + n > b_size)) + return; memmove(((char *) ps) + gtypes_nr[0] * ULL_ALIGNMENT_WIDTH + gtypes_nr[1] * UL_ALIGNMENT_WIDTH + gtypes_nr[2] * U_ALIGNMENT_WIDTH, ((char *) ps) + gtypes_nr[0] * ULL_ALIGNMENT_WIDTH + gtypes_nr[1] * UL_ALIGNMENT_WIDTH - + ftypes_nr[2] * U_ALIGNMENT_WIDTH, - MINIMUM(f_size - ftypes_nr[0] * ULL_ALIGNMENT_WIDTH - - ftypes_nr[1] * UL_ALIGNMENT_WIDTH - - ftypes_nr[2] * U_ALIGNMENT_WIDTH, - g_size - gtypes_nr[0] * ULL_ALIGNMENT_WIDTH - - gtypes_nr[1] * UL_ALIGNMENT_WIDTH - - gtypes_nr[2] * U_ALIGNMENT_WIDTH)); + + ftypes_nr[2] * U_ALIGNMENT_WIDTH, n); if (d > 0) { memset(((char *) ps) + gtypes_nr[0] * ULL_ALIGNMENT_WIDTH + gtypes_nr[1] * UL_ALIGNMENT_WIDTH @@ -1396,6 +1419,7 @@ * @endian_mismatch * TRUE if data read from file don't match current machine's * endianness. + * @b_size @buffer size. * * OUT: * @record_hdr Record header for current sample. @@ -1405,7 +1429,8 @@ *************************************************************************** */ int read_record_hdr(int ifd, void *buffer, struct record_header *record_hdr, - struct file_header *file_hdr, int arch_64, int endian_mismatch) + struct file_header *file_hdr, int arch_64, int endian_mismatch, + size_t b_size) { if (sa_fread(ifd, buffer, (size_t) file_hdr->rec_size, SOFT_SIZE)) /* End of sa data file */ @@ -1413,7 +1438,7 @@ /* Remap record header structure to that expected by current version */ remap_struct(rec_types_nr, file_hdr->rec_types_nr, buffer, - file_hdr->rec_size, RECORD_HEADER_SIZE); + file_hdr->rec_size, RECORD_HEADER_SIZE, b_size); memcpy(record_hdr, buffer, RECORD_HEADER_SIZE); /* Normalize endianness */ @@ -1622,7 +1647,7 @@ for (j = 0; j < (nr_value * act[p]->nr2); j++) { remap_struct(act[p]->gtypes_nr, act[p]->ftypes_nr, (char *) act[p]->buf[curr] + j * act[p]->msize, - act[p]->fsize, act[p]->msize); + act[p]->fsize, act[p]->msize, act[p]->msize); } } } @@ -1804,7 +1829,7 @@ * then copy its contents to the expected structure. */ remap_struct(hdr_types_nr, file_magic->hdr_types_nr, buffer, - file_magic->header_size, FILE_HEADER_SIZE); + file_magic->header_size, FILE_HEADER_SIZE, file_magic->header_size); memcpy(file_hdr, buffer, FILE_HEADER_SIZE); free(buffer); buffer = NULL; @@ -1853,7 +1878,7 @@ * then copy its contents to the expected structure. */ remap_struct(act_types_nr, file_hdr->act_types_nr, buffer, - file_hdr->act_size, FILE_ACTIVITY_SIZE); + file_hdr->act_size, FILE_ACTIVITY_SIZE, file_hdr->act_size); memcpy(fal, buffer, FILE_ACTIVITY_SIZE); /* Normalize endianness for file_activity structures */ @@ -1863,7 +1888,7 @@ /* * Every activity, known or unknown, should have - * at least one item and sub-item. + * at least one item and sub-item, and a positive size value. * Also check that the number of items and sub-items * doesn't exceed a max value. This is necessary * because we will use @nr and @nr2 to @@ -1873,7 +1898,8 @@ * activities which have each a specific max value. */ if ((fal->nr < 1) || (fal->nr2 < 1) || - (fal->nr > NR_MAX) || (fal->nr2 > NR2_MAX)) { + (fal->nr > NR_MAX) || (fal->nr2 > NR2_MAX) || + (fal->size <= 0)) { #ifdef DEBUG fprintf(stderr, "%s: id=%d nr=%d nr2=%d\n", __FUNCTION__, fal->id, fal->nr, fal->nr2); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysstat-12.0.2/sadf.c new/sysstat-12.0.3/sadf.c --- old/sysstat-12.0.2/sadf.c 2018-10-13 09:28:35.000000000 +0200 +++ new/sysstat-12.0.3/sadf.c 2018-12-14 15:06:43.000000000 +0100 @@ -232,7 +232,7 @@ /* Read current record */ if (read_record_hdr(ifd, rec_hdr_tmp, &record_hdr[curr], &file_hdr, - arch_64, endian_mismatch)) + arch_64, endian_mismatch, sizeof(rec_hdr_tmp)) != 0) /* End of sa file */ return TRUE; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysstat-12.0.2/sar.c new/sysstat-12.0.3/sar.c --- old/sysstat-12.0.2/sar.c 2018-10-13 09:28:35.000000000 +0200 +++ new/sysstat-12.0.3/sar.c 2018-12-14 15:06:43.000000000 +0100 @@ -601,7 +601,7 @@ * @cur_date Date string of current restart message (unused here). * @cur_time Time string of current restart message. * @utc True if @cur_time is expressed in UTC (unused here). - * @file_hdr System activity file standard header (unused here). + * @file_hdr System activity file standard header. *************************************************************************** */ __printf_funct_t print_sar_restart(int *tab, int action, char *cur_date, char *cur_time, @@ -727,6 +727,7 @@ * @endian_mismatch * TRUE if file's data don't match current machine's endianness. * @arch_64 TRUE if file's data come from a 64 bit machine. + * @b_size Size of @rec_hdr_tmp buffer. * * OUT: * @curr Index in array for next sample statistics. @@ -740,7 +741,7 @@ int rows, unsigned int act_id, int *reset, struct file_activity *file_actlst, char *file, struct file_magic *file_magic, void *rec_hdr_tmp, - int endian_mismatch, int arch_64) + int endian_mismatch, int arch_64, size_t b_size) { int p, reset_cd; unsigned long lines = 0; @@ -774,7 +775,7 @@ * Start with reading current sample's record header. */ *eosaf = read_record_hdr(ifd, rec_hdr_tmp, &record_hdr[*curr], - &file_hdr, arch_64, endian_mismatch); + &file_hdr, arch_64, endian_mismatch, b_size); rtype = record_hdr[*curr].record_type; if (!*eosaf && (rtype != R_RESTART) && (rtype != R_COMMENT)) { @@ -1003,7 +1004,7 @@ */ do { if (read_record_hdr(ifd, rec_hdr_tmp, &record_hdr[0], &file_hdr, - arch_64, endian_mismatch)) { + arch_64, endian_mismatch, sizeof(rec_hdr_tmp))) { /* End of sa data file */ return; } @@ -1069,7 +1070,7 @@ handle_curr_act_stats(ifd, fpos, &curr, &cnt, &eosaf, rows, act[p]->id, &reset, file_actlst, from_file, &file_magic, rec_hdr_tmp, - endian_mismatch, arch_64); + endian_mismatch, arch_64, sizeof(rec_hdr_tmp)); } else { unsigned int optf, msk; @@ -1083,7 +1084,7 @@ handle_curr_act_stats(ifd, fpos, &curr, &cnt, &eosaf, rows, act[p]->id, &reset, file_actlst, from_file, &file_magic, rec_hdr_tmp, - endian_mismatch, arch_64); + endian_mismatch, arch_64, sizeof(rec_hdr_tmp)); act[p]->opt_flags = optf; } } @@ -1095,7 +1096,7 @@ do { /* Read next record header */ eosaf = read_record_hdr(ifd, rec_hdr_tmp, &record_hdr[curr], - &file_hdr, arch_64, endian_mismatch); + &file_hdr, arch_64, endian_mismatch, sizeof(rec_hdr_tmp)); rtype = record_hdr[curr].record_type; if (!eosaf && (rtype != R_RESTART) && (rtype != R_COMMENT)) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysstat-12.0.2/sysstat-12.0.2.lsm new/sysstat-12.0.3/sysstat-12.0.2.lsm --- old/sysstat-12.0.2/sysstat-12.0.2.lsm 2018-10-13 09:32:23.000000000 +0200 +++ new/sysstat-12.0.3/sysstat-12.0.2.lsm 1970-01-01 01:00:00.000000000 +0100 @@ -1,35 +0,0 @@ -Begin4 -Title: sysstat - the sar, sadf, mpstat, iostat, tapestat, pidstat and cifsiostat commands for Linux -Version: 12.0.2 -Entered-date: 2018-10-13 -Description: The sysstat package contains the sar, sadf, mpstat, iostat, tapestat, - pidstat, cifsiostat and sa tools for Linux. - The sar command collects and reports system activity - information. - The information collected by sar can be saved in a file - in a binary format for future inspection. - The statistics reported by sar concern I/O transfer rates, - paging activity, process-related activities, interrupts, - network activity, memory and swap space utilization, CPU - utilization, kernel activities and TTY statistics, among - others. Both UP and SMP machines are fully supported. - The sadf command is used to display data collected by sar in various - formats (XML, database-friendly, etc.) and to draw graphs (SVG). - The mpstat command reports global and per-processor statistics. - The iostat command reports CPU utilization and I/O statistics - for disks. - The tapestat command reports statistics for tape drives connected - to the system. - The pidstat command reports statistics for Linux tasks (processes). - The cifsiostat command reports I/O statistics for CIFS filesystems. - NB: Send bugs, patches, suggestions and/or questions to - (sysstat [at] orange.fr). - URL: http://pagesperso-orange.fr/sebastien.godard/ -Keywords: system administration, system monitoring, sar, sadf, iostat, mpstat, tapestat, pidstat, system accounting, performance, tuning -Author: [email protected] (Sebastien Godard) -Maintained-by: [email protected] (Sebastien Godard) -Primary-site: http://pagesperso-orange.fr/sebastien.godard/ - 589kiB sysstat-12.0.2.tar.xz -Alternate-site: -Copying-policy: GPL -End diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysstat-12.0.2/sysstat-12.0.2.spec new/sysstat-12.0.3/sysstat-12.0.2.spec --- old/sysstat-12.0.2/sysstat-12.0.2.spec 2018-10-13 09:30:09.000000000 +0200 +++ new/sysstat-12.0.3/sysstat-12.0.2.spec 1970-01-01 01:00:00.000000000 +0100 @@ -1,83 +0,0 @@ -Summary: SAR, SADF, MPSTAT, IOSTAT, TAPESTAT, PIDSTAT and CIFSIOSTAT for Linux -Name: sysstat -Version: 12.0.2 -Release: 1 -License: GPL -Group: Applications/System -Source0: %{name}-%{version}.tar.gz -URL: http://pagesperso-orange.fr/sebastien.godard/ -Packager: Sebastien Godard <sysstat _at_ orange.fr> -BuildRoot: %{_tmppath}/%{name}-%{version}-root-%(id -u -n) -Requires: gettext - -%description -The sysstat package contains the sar, sadf, mpstat, iostat, tapestat, -pidstat, cifsiostat and sa tools for Linux. -The sar command collects and reports system activity information. -The information collected by sar can be saved in a file in a binary -format for future inspection. The statistics reported by sar concern -I/O transfer rates, paging activity, process-related activities, -interrupts, network activity, memory and swap space utilization, CPU -utilization, kernel activities and TTY statistics, among others. Both -UP and SMP machines are fully supported. -The sadf command may be used to display data collected by sar in -various formats (CSV, XML, etc.) and to draw graphs (SVG). -The iostat command reports CPU utilization and I/O statistics for disks. -The tapestat command reports statistics for tapes connected to the system. -The mpstat command reports global and per-processor statistics. -The pidstat command reports statistics for Linux tasks (processes). -The cifsiostat command reports I/O statistics for CIFS filesystems. - -%define debug_package %{nil} - -%prep -%setup - -%build -# To include cron installation, add options --enable-install-cron and --enable-copy-only -./configure --prefix=%{_prefix} \ - --disable-file-attr \ - sa_lib_dir=%{_libdir}/sa \ - --mandir=%{_mandir} \ - DESTDIR=$RPM_BUILD_ROOT -make - -%install -rm -rf $RPM_BUILD_ROOT -install -d $RPM_BUILD_ROOT/var/log/sa - -make install - -mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d -install -m 755 sysstat $RPM_BUILD_ROOT/etc/rc.d/init.d/sysstat -mkdir -p $RPM_BUILD_ROOT/etc/sysconfig -install -m 644 sysstat.sysconfig $RPM_BUILD_ROOT/etc/sysconfig/sysstat -install -m 644 sysstat.ioconf $RPM_BUILD_ROOT/etc/sysconfig/sysstat.ioconf -mkdir -p $RPM_BUILD_ROOT/etc/cron.d -install -m 644 cron/sysstat.crond.sample $RPM_BUILD_ROOT/etc/cron.d/sysstat -mkdir -p $RPM_BUILD_ROOT/etc/rc2.d -cd $RPM_BUILD_ROOT/etc/rc2.d && ln -sf ../init.d/sysstat S01sysstat -mkdir -p $RPM_BUILD_ROOT/etc/rc3.d -cd $RPM_BUILD_ROOT/etc/rc3.d && ln -sf ../init.d/sysstat S01sysstat -mkdir -p $RPM_BUILD_ROOT/etc/rc5.d -cd $RPM_BUILD_ROOT/etc/rc5.d && ln -sf ../init.d/sysstat S01sysstat - -%clean -rm -rf $RPM_BUILD_ROOT - -%files -%defattr(644,root,root,755) -%doc %{_datadir}/doc/sysstat-%{version}/* -%attr(755,root,root) %{_bindir}/* -%attr(755,root,root) %{_libdir}/sa/* -%attr(644,root,root) %{_mandir}/man*/* -%attr(644,root,root) %{_datadir}/locale/*/LC_MESSAGES/sysstat.mo -%attr(755,root,root) %dir /var/log/sa -%attr(755,root,root) /etc/rc.d/init.d/sysstat -%attr(644,root,root) /etc/sysconfig/sysstat -%attr(644,root,root) /etc/sysconfig/sysstat.ioconf -/etc/rc2.d/S01sysstat -/etc/rc3.d/S01sysstat -/etc/rc5.d/S01sysstat -%config(noreplace) %attr(0644,root,root) /etc/cron.d/sysstat - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysstat-12.0.2/sysstat-12.0.3.lsm new/sysstat-12.0.3/sysstat-12.0.3.lsm --- old/sysstat-12.0.2/sysstat-12.0.3.lsm 1970-01-01 01:00:00.000000000 +0100 +++ new/sysstat-12.0.3/sysstat-12.0.3.lsm 2018-12-14 15:10:30.000000000 +0100 @@ -0,0 +1,35 @@ +Begin4 +Title: sysstat - the sar, sadf, mpstat, iostat, tapestat, pidstat and cifsiostat commands for Linux +Version: 12.0.3 +Entered-date: 2018-12-14 +Description: The sysstat package contains the sar, sadf, mpstat, iostat, tapestat, + pidstat, cifsiostat and sa tools for Linux. + The sar command collects and reports system activity + information. + The information collected by sar can be saved in a file + in a binary format for future inspection. + The statistics reported by sar concern I/O transfer rates, + paging activity, process-related activities, interrupts, + network activity, memory and swap space utilization, CPU + utilization, kernel activities and TTY statistics, among + others. Both UP and SMP machines are fully supported. + The sadf command is used to display data collected by sar in various + formats (XML, database-friendly, etc.) and to draw graphs (SVG). + The mpstat command reports global and per-processor statistics. + The iostat command reports CPU utilization and I/O statistics + for disks. + The tapestat command reports statistics for tape drives connected + to the system. + The pidstat command reports statistics for Linux tasks (processes). + The cifsiostat command reports I/O statistics for CIFS filesystems. + NB: Send bugs, patches, suggestions and/or questions to + (sysstat [at] orange.fr). + URL: http://pagesperso-orange.fr/sebastien.godard/ +Keywords: system administration, system monitoring, sar, sadf, iostat, mpstat, tapestat, pidstat, system accounting, performance, tuning +Author: [email protected] (Sebastien Godard) +Maintained-by: [email protected] (Sebastien Godard) +Primary-site: http://pagesperso-orange.fr/sebastien.godard/ + 589kiB sysstat-12.0.3.tar.xz +Alternate-site: +Copying-policy: GPL +End diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysstat-12.0.2/sysstat-12.0.3.spec new/sysstat-12.0.3/sysstat-12.0.3.spec --- old/sysstat-12.0.2/sysstat-12.0.3.spec 1970-01-01 01:00:00.000000000 +0100 +++ new/sysstat-12.0.3/sysstat-12.0.3.spec 2018-12-14 15:09:22.000000000 +0100 @@ -0,0 +1,83 @@ +Summary: SAR, SADF, MPSTAT, IOSTAT, TAPESTAT, PIDSTAT and CIFSIOSTAT for Linux +Name: sysstat +Version: 12.0.3 +Release: 1 +License: GPL +Group: Applications/System +Source0: %{name}-%{version}.tar.gz +URL: http://pagesperso-orange.fr/sebastien.godard/ +Packager: Sebastien Godard <sysstat _at_ orange.fr> +BuildRoot: %{_tmppath}/%{name}-%{version}-root-%(id -u -n) +Requires: gettext + +%description +The sysstat package contains the sar, sadf, mpstat, iostat, tapestat, +pidstat, cifsiostat and sa tools for Linux. +The sar command collects and reports system activity information. +The information collected by sar can be saved in a file in a binary +format for future inspection. The statistics reported by sar concern +I/O transfer rates, paging activity, process-related activities, +interrupts, network activity, memory and swap space utilization, CPU +utilization, kernel activities and TTY statistics, among others. Both +UP and SMP machines are fully supported. +The sadf command may be used to display data collected by sar in +various formats (CSV, XML, etc.) and to draw graphs (SVG). +The iostat command reports CPU utilization and I/O statistics for disks. +The tapestat command reports statistics for tapes connected to the system. +The mpstat command reports global and per-processor statistics. +The pidstat command reports statistics for Linux tasks (processes). +The cifsiostat command reports I/O statistics for CIFS filesystems. + +%define debug_package %{nil} + +%prep +%setup + +%build +# To include cron installation, add options --enable-install-cron and --enable-copy-only +./configure --prefix=%{_prefix} \ + --disable-file-attr \ + sa_lib_dir=%{_libdir}/sa \ + --mandir=%{_mandir} \ + DESTDIR=$RPM_BUILD_ROOT +make + +%install +rm -rf $RPM_BUILD_ROOT +install -d $RPM_BUILD_ROOT/var/log/sa + +make install + +mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d +install -m 755 sysstat $RPM_BUILD_ROOT/etc/rc.d/init.d/sysstat +mkdir -p $RPM_BUILD_ROOT/etc/sysconfig +install -m 644 sysstat.sysconfig $RPM_BUILD_ROOT/etc/sysconfig/sysstat +install -m 644 sysstat.ioconf $RPM_BUILD_ROOT/etc/sysconfig/sysstat.ioconf +mkdir -p $RPM_BUILD_ROOT/etc/cron.d +install -m 644 cron/sysstat.crond.sample $RPM_BUILD_ROOT/etc/cron.d/sysstat +mkdir -p $RPM_BUILD_ROOT/etc/rc2.d +cd $RPM_BUILD_ROOT/etc/rc2.d && ln -sf ../init.d/sysstat S01sysstat +mkdir -p $RPM_BUILD_ROOT/etc/rc3.d +cd $RPM_BUILD_ROOT/etc/rc3.d && ln -sf ../init.d/sysstat S01sysstat +mkdir -p $RPM_BUILD_ROOT/etc/rc5.d +cd $RPM_BUILD_ROOT/etc/rc5.d && ln -sf ../init.d/sysstat S01sysstat + +%clean +rm -rf $RPM_BUILD_ROOT + +%files +%defattr(644,root,root,755) +%doc %{_datadir}/doc/sysstat-%{version}/* +%attr(755,root,root) %{_bindir}/* +%attr(755,root,root) %{_libdir}/sa/* +%attr(644,root,root) %{_mandir}/man*/* +%attr(644,root,root) %{_datadir}/locale/*/LC_MESSAGES/sysstat.mo +%attr(755,root,root) %dir /var/log/sa +%attr(755,root,root) /etc/rc.d/init.d/sysstat +%attr(644,root,root) /etc/sysconfig/sysstat +%attr(644,root,root) /etc/sysconfig/sysstat.ioconf +/etc/rc2.d/S01sysstat +/etc/rc3.d/S01sysstat +/etc/rc5.d/S01sysstat +%config(noreplace) %attr(0644,root,root) /etc/cron.d/sysstat +
