app-admin/sysstat: backport second part of CVE-2022-39377 fix

Bug: https://bugs.gentoo.org/880543 Signed-off-by: Marek Szuba <[email protected]>
johu · May 23, 2023 · ecf1324 · ecf1324
1 parent 31ba2d8
commit ecf1324
Show file tree

Hide file tree

Showing 2 changed files with 106 additions and 0 deletions.
diff --git a/app-admin/sysstat/files/sysstat-12.6.2-check_overflow.patch b/app-admin/sysstat/files/sysstat-12.6.2-check_overflow.patch
@@ -0,0 +1,18 @@
+Backported upstream fix for the fix for CVE-2022-39377.
+
+--- a/common.c
++++ b/common.c
+@@ -431,8 +431,11 @@ int check_dir(char *dirname)
+ void check_overflow(unsigned int val1, unsigned int val2,
+ 		    unsigned int val3)
+ {
+-	if ((unsigned long long) val1 * (unsigned long long) val2 *
+-	    (unsigned long long) val3 > UINT_MAX) {
++	if ((val1 != 0) && (val2 != 0) && (val3 != 0) &&
++		(((unsigned long long)UINT_MAX / (unsigned long long)val1 <
++		(unsigned long long)val2) ||
++		((unsigned long long)UINT_MAX / ((unsigned long long)val1 *
++		(unsigned long long)val2) < (unsigned long long)val3)) {
+ #ifdef DEBUG
+ 		fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n",
+ 			__FUNCTION__, (unsigned long long) val1 * (unsigned long long) val2 *
diff --git a/app-admin/sysstat/sysstat-12.6.2-r1.ebuild b/app-admin/sysstat/sysstat-12.6.2-r1.ebuild
@@ -0,0 +1,88 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit systemd toolchain-funcs
+
+DESCRIPTION="System performance tools for Linux"
+HOMEPAGE="http://sebastien.godard.pagesperso-orange.fr/"
+SRC_URI="https://github.com/${PN}/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+IUSE="dcron debug nls lm-sensors lto selinux systemd"
+
+BDEPEND="
+	virtual/pkgconfig
+	nls? ( sys-devel/gettext )
+"
+
+COMMON_DEPEND="
+	nls? ( virtual/libintl )
+	lm-sensors? ( sys-apps/lm-sensors:= )
+"
+
+DEPEND="${COMMON_DEPEND}"
+
+RDEPEND="
+	${COMMON_DEPEND}
+	!dcron? ( !sys-process/dcron )
+	selinux? ( sec-policy/selinux-sysstat )
+"
+
+REQUIRED_USE="dcron? ( !systemd )"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-12.6.2-check_overflow.patch
+)
+
+src_prepare() {
+	if use dcron; then
+		sed -i 's/@CRON_OWNER@ //g' cron/sysstat.crond.in || die
+	fi
+	default
+}
+
+src_configure() {
+	tc-export AR
+
+	sa_lib_dir=/usr/lib/sa \
+		conf_dir=/etc \
+		econf \
+			$(use_enable !systemd use-crond) \
+			$(use_enable lm-sensors sensors) \
+			$(use_enable lto) \
+			$(use_enable nls) \
+			$(usex debug --enable-debuginfo '') \
+			--disable-compress-manpg \
+			--disable-stripping \
+			--disable-pcp \
+			--enable-copy-only \
+			--enable-documentation \
+			--enable-install-cron \
+			--with-systemdsystemunitdir=$(systemd_get_systemunitdir)
+}
+
+src_compile() {
+	LFLAGS="${LDFLAGS}" default
+}
+
+src_install() {
+	keepdir /var/log/sa
+
+	emake \
+		CHOWN=true \
+		DESTDIR="${D}" \
+		DOC_DIR=/usr/share/doc/${PF} \
+		MANGRPARG='' \
+		install
+
+	dodoc -r contrib/
+
+	newinitd "${FILESDIR}"/${PN}.init.d ${PN}
+	systemd_dounit ${PN}.service
+
+	rm "${D}"/usr/share/doc/${PF}/COPYING || die
+}