1. photon
  2. Commit 2a69ae081dacb667d0ec77ef49d126c1c58e8c76
Browse code

procps-ng: upgrade to v4.0.4

Change-Id: I3e58b7f0d313d13e77fa1076ee7619174904007d
Signed-off-by: Shreenidhi Shedi <shreenidhi.shedi@broadcom.com>
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/c/photon/+/23697
Tested-by: gerrit-photon <photon-checkins@vmware.com>

Shreenidhi Shedi authored on 2024/04/08 23:40:27
Showing 2 changed files
SPECS/procps-ng/CVE-2023-4016.patch
History View file @ 2a69ae0
1 1 
deleted file mode 100644
... ... 
@@ -1,83 +0,0 @@
1 
-From 2c933ecba3bb1d3041a5a7a53a7b4078a6003413 Mon Sep 17 00:00:00 2001
2 
-From: Craig Small <csmall@dropbear.xyz>
3 
-Date: Thu, 10 Aug 2023 21:18:38 +1000
4 
-Subject: [PATCH] ps: Fix possible buffer overflow in -C option
5 
-
6 
-ps allocates memory using malloc(length of arg * len of struct).
7 
-In certain strange circumstances, the arg length could be very large
8 
-and the multiplecation will overflow, allocating a small amount of
9 
-memory.
10 
-
11 
-Subsequent strncpy() will then write into unallocated memory.
12 
-The fix is to use calloc. It's slower but this is a one-time
13 
-allocation. Other malloc(x * y) calls have also been replaced
14 
-by calloc(x, y)
15 
-
16 
-References:
17 
- https://www.freelists.org/post/procps/ps-buffer-overflow-CVE-20234016
18 
- https://nvd.nist.gov/vuln/detail/CVE-2023-4016
19 
- https://gitlab.com/procps-ng/procps/-/issues/297
20 
- https://bugs.debian.org/1042887
21 
-
22 
-Signed-off-by: Craig Small <csmall@dropbear.xyz>
23 
-
24 
-[srish: - resolved hunk failure in NEWS
25 
-        - corrected file path for parser.c]
26 
-Signed-off-by: Srish Srinivasan <srish.srinivasan@broadcom.com>
27 
- NEWS            | 1 +
28 
- ps/parser.c | 8 ++++----
29 
- 2 files changed, 5 insertions(+), 4 deletions(-)
30 
-
31 
-diff --git a/NEWS b/NEWS
32 
-index c89fd2e..35da95a 100644
33 
-+++ b/NEWS
34 
-@@ -1,5 +1,6 @@
35 
- procps-ng-NEXT
36 
- ---------------
37 
-+  * ps: Fix buffer overflow in -C option CVE-2023-4016     Debian #1042887, issue #297
38 
-   * Rename pwait to pidwait
39 
-   * free: Add committed line option                        merge #25
40 
-   * free: Fix -h --si combined options                     issue #133, #223
41 
-diff --git a/src/ps/parser.c b/src/ps/parser.c
42 
-index 248aa741..15873dfa 100644
43 
-+++ b/ps/parser.c
44 
-@@ -189,7 +189,6 @@ static const char *parse_list(const char *arg, const char *(*parse_fn)(char *, s
45 
-   const char *err;       /* error code that could or did happen */
46 
-   /*** prepare to operate ***/
47 
-   node = xmalloc(sizeof(selection_node));
48 
--  node->u = xmalloc(strlen(arg)*sizeof(sel_union)); /* waste is insignificant */
49 
-   node->n = 0;
50 
-   buf = strdup(arg);
51 
-   /*** sanity check and count items ***/
52 
-@@ -210,6 +209,7 @@ static const char *parse_list(const char *arg, const char *(*parse_fn)(char *, s
53 
-   } while (*++walk);
54 
-   if(need_item) goto parse_error;
55 
-   node->n = items;
56 
-+  node->u = xcalloc(items, sizeof(sel_union));
57 
-   /*** actually parse the list ***/
58 
-   walk = buf;
59 
-   while(items--){
60 
-@@ -1050,15 +1050,15 @@ static const char *parse_trailing_pids(void){
61 
-   thisarg = ps_argc - 1;   /* we must be at the end now */
62 
-
63 
-   pidnode = xmalloc(sizeof(selection_node));
64 
--  pidnode->u = xmalloc(i*sizeof(sel_union)); /* waste is insignificant */
65 
-+  pidnode->u = xcalloc(i, sizeof(sel_union)); /* waste is insignificant */
66 
-   pidnode->n = 0;
67 
-
68 
-   grpnode = xmalloc(sizeof(selection_node));
69 
--  grpnode->u = xmalloc(i*sizeof(sel_union)); /* waste is insignificant */
70 
-+  grpnode->u = xcalloc(i,sizeof(sel_union)); /* waste is insignificant */
71 
-   grpnode->n = 0;
72 
-
73 
-   sidnode = xmalloc(sizeof(selection_node));
74 
--  sidnode->u = xmalloc(i*sizeof(sel_union)); /* waste is insignificant */
75 
-+  sidnode->u = xcalloc(i, sizeof(sel_union)); /* waste is insignificant */
76 
-   sidnode->n = 0;
77 
-
78 
-   while(i--){
79 
-GitLab
SPECS/procps-ng/procps-ng.spec
History View file @ 2a69ae0
... ... 
@@ -1,7 +1,7 @@
1 1 
 Summary:        Programs for monitoring processes
2 2 
 Name:           procps-ng
3 
-Version:        4.0.0
4 
-Release:        4%{?dist}
3 
+Version:        4.0.4
4 
+Release:        1%{?dist}
5 5 
 License:        GPLv2
6 6 
 URL:            https://sourceforge.net/projects/procps-ng
7 7 
 Group:          Applications/System
... ... 
@@ -9,9 +9,7 @@ Vendor:         VMware, Inc.
9 9 
 Distribution:   Photon
10 10
11 11 
 Source0: https://sourceforge.net/projects/procps-ng/files/Production/%{name}-%{version}.tar.xz
12 
-%define sha512 %{name}=1749375f72fdede58b394a7b64127b7ef7f432854995669c73802d5d626e611d23b0f6eca85106590a0b6cc21057c7c389c459dbff8f02ec52ed506723330541
13 
-
14 
-Patch0:        CVE-2023-4016.patch
12 
+%define sha512 %{name}=94375544e2422fefc23d7634063c49ef1be62394c46039444f85e6d2e87e45cfadc33accba5ca43c96897b4295bfb0f88d55a30204598ddb26ef66f0420cefb4
15 13
16 14 
 BuildRequires: ncurses-devel
17 15
... ... 
@@ -46,22 +44,30 @@ if [ %{_host} != %{_build} ]; then
46 46 
   export ac_cv_func_realloc_0_nonnull=yes
47 47 
 fi
48 48
49 
-%configure --docdir=%{_docdir}/%{name}-%{version} \
50 
-           --disable-static \
51 
-           --disable-kill \
52 
-           --disable-silent-rules
49 
+%configure \
50 
+  --docdir=%{_docdir}/%{name}-%{version} \
51 
+  --disable-static \
52 
+  --disable-kill \
53 
+  --disable-silent-rules
53 54
54 55 
 %make_build
55 56
56 57 
 %install
57 58 
 %make_install %{?_smp_mflags}
58 
-ln -srv %{_bindir}/pidof %{buildroot}%{_sbindir}/pidof
59 
+ln -srv %{buildroot}%{_bindir}/pidof %{buildroot}%{_sbindir}/pidof
60 
+
61 
+rm -rf %{buildroot}%{_mandir}/de/ \
62 
+       %{buildroot}%{_mandir}/fr/ \
63 
+       %{buildroot}%{_mandir}/pl/ \
64 
+       %{buildroot}%{_mandir}/pt_BR/ \
65 
+       %{buildroot}%{_mandir}/ro/ \
66 
+       %{buildroot}%{_mandir}/sv/ \
67 
+       %{buildroot}%{_mandir}/uk/
68 
+
59 69 
 %find_lang %{name}
60 70
61 
-%if 0%{?with_check}
62 71 
 %check
63 
-make %{?_smp_mflags} check
64 
-%endif
72 
+%make_build check
65 73
66 74 
 %clean
67 75 
 rm -rf %{buildroot}
... ... 
@@ -88,36 +94,25 @@ rm -rf %{buildroot}
88 88 
 %{_sbindir}/sysctl
89 89 
 %{_sbindir}/pidof
90 90 
 %_datadir/locale/*
91 
-%{_docdir}/procps-ng-*/*
91 
+%{_docdir}/%{name}-*/*
92 92 
 %{_mandir}/man8/*
93 93 
 %{_mandir}/man1/*
94 94 
 %{_mandir}/man5/*
95 
-%{_libdir}/libproc-2.so.*
95 
+%{_libdir}/*.so.*
96 96
97 97 
 %files devel
98 98 
 %defattr(-,root,root)
99 
-%{_libdir}/libproc-2.so
100 
-%{_includedir}/procps/diskstats.h
101 
-%{_includedir}/procps/meminfo.h
102 
-%{_includedir}/procps/misc.h
103 
-%{_includedir}/procps/pids.h
104 
-%{_includedir}/procps/slabinfo.h
105 
-%{_includedir}/procps/stat.h
106 
-%{_includedir}/procps/vmstat.h
107 
-%{_includedir}/procps/xtra-procps-debug.h
108 
-%{_mandir}/man3/*
109 
-%{_libdir}/pkgconfig/*.pc
110 
-%exclude %{_mandir}/pl/*
111 
-%exclude %{_mandir}/pt_BR/*
112 
-%exclude %{_mandir}/sv/*
113 
-%exclude %{_mandir}/uk/*
114 
-%exclude %{_mandir}/de/*
115 
-%exclude %{_mandir}/fr/*
99 
+%{_includedir}/libproc2/*.h
100 
+%{_libdir}/pkgconfig/libproc2.pc
101 
+%{_libdir}/*.so
102 
+%{_mandir}/man3/*.gz
116 103
117 104 
 %files lang -f %{name}.lang
118 105 
 %defattr(-,root,root)
119 106
120 107 
 %changelog
108 
+* Mon Apr 08 2024 Shreenidhi Shedi <shreenidhi.shedi@broadcom.com> 4.0.4-1
109 
+- Upgrade to v4.0.4
121 110 
 * Mon Jan 22 2024 Srish Srinivasan <srish.srinivasan@broadcom.com> 4.0.0-4
122 111 
 - Patched CVE-2023-4016
123 112 
 * Fri Jun 09 2023 Nitesh Kumar <kunitesh@vmware.com> 4.0.0-3