commit sysstat for openSUSE:Leap:15.2

Mon, 01 Jun 2020 03:10:02 -0700 

Hello community,

here is the log from the commit of package sysstat for openSUSE:Leap:15.2 
checked in at 2020-06-01 12:09:41
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Leap:15.2/sysstat (Old)
 and      /work/SRC/openSUSE:Leap:15.2/.sysstat.new.3606 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "sysstat"

Mon Jun  1 12:09:41 2020 rev:23 rq:810222 version:12.0.2

Changes:
--------
--- /work/SRC/openSUSE:Leap:15.2/sysstat/sysstat.changes        2020-01-15 
16:04:59.975975679 +0100
+++ /work/SRC/openSUSE:Leap:15.2/.sysstat.new.3606/sysstat.changes      
2020-06-01 12:09:46.166426849 +0200
@@ -1,0 +2,7 @@
+Thu Dec 12 15:20:43 UTC 2019 - Pedro Monreal Gonzalez 
<pmonrealgonza...@suse.com>
+
+- Security fix: [bsc#1159104, CVE-2019-19725]
+  * Double free in check_file_actlst in sa_common.c
+- Add sysstat-CVE-2019-19725.patch
+
+-------------------------------------------------------------------

New:
----
  sysstat-CVE-2019-19725.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ sysstat.spec ++++++
--- /var/tmp/diff_new_pack.CTMkLz/_old  2020-06-01 12:09:46.522427968 +0200
+++ /var/tmp/diff_new_pack.CTMkLz/_new  2020-06-01 12:09:46.526427980 +0200
@@ -39,6 +39,8 @@
 Patch4:         sysstat-mtab-symlinks-and-automounter.patch
 # PATCH-FIX-UPSTREAM bsc#1150114 CVE-2019-16167 sysstat-CVE-2019-16167.patch
 Patch5:         sysstat-CVE-2019-16167.patch
+# PATCH-FIX-UPSTREAM CVE-2019-19725 bsc#159104 double free in check_file_actlst
+Patch6:         sysstat-CVE-2019-19725.patch
 BuildRequires:  findutils
 BuildRequires:  pkgconfig
 BuildRequires:  sed
@@ -80,6 +82,7 @@
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
+%patch6 -p1
 cp %{SOURCE1} %{SOURCE2} %{SOURCE4} .
 # remove date and time from objects
 find ./ -name \*.c -exec sed -i -e 's: " compiled " __DATE__ " " __TIME__::g' 
{} \;

++++++ sysstat-CVE-2019-19725.patch ++++++
>From a5c8abd4a481ee6e27a3acf00e6d9b0f023e20ed Mon Sep 17 00:00:00 2001
From: Sebastien GODARD <syss...@users.noreply.github.com>
Date: Mon, 9 Dec 2019 17:54:07 +0100
Subject: [PATCH] Fix #242: Double free in check_file_actlst()

Avoid freeing buffer() twice.

Signed-off-by: Sebastien GODARD <syss...@users.noreply.github.com>
---
 sa_common.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sa_common.c b/sa_common.c
index cf52aefe..856a3715 100644
--- a/sa_common.c
+++ b/sa_common.c
@@ -2153,6 +2153,7 @@ void check_file_actlst(int *ifd, char *dfile, struct 
activity *act[], uint64_t f
        }
 
        free(buffer);
+       buffer = NULL;
 
        /* Check that at least one activity selected by the user is available 
in file */
        for (i = 0; i < NR_ACT; i++) {

Reply via email to