From da3a70abe78520793333860b58495ed4b04f93ed Mon Sep 17 00:00:00 2001 From: "Anselmo L. S. Melo" Date: Thu, 14 Nov 2019 10:47:40 -0800 Subject: [PATCH] psutil: Fix for CVE-2019-18874 https://github.com/giampaolo/psutil/pull/1616 https://github.com/giampaolo/psutil/commit/7d512c8e4442a896d56505be3e78f1156f443465 CVE fix commit message by Riccardo Schirone: Use Py_CLEAR instead of Py_DECREF to also set the variable to NULL These files contain loops that convert system data into python objects and during the process they create objects and dereference their refcounts after they have been added to the resulting list. However, in case of errors during the creation of those python objects, the refcount to previously allocated objects is dropped again with Py_XDECREF, which should be a no-op in case the paramater is NULL. Even so, in most of these loops the variables pointing to the objects are never set to NULL, even after Py_DECREF is called at the end of the loop iteration. This means, after the first iteration, if an error occurs those python objects will get their refcount dropped two times, resulting in a possible double-free. master (#1616) -- CVEs fixed in this build: CVE-2019-18874 --- CVE-2019-18874.patch | 623 +++++++++++++++++++++++++++++++++++++++++++ options.conf | 2 +- psutil.spec | 21 +- release | 2 +- series | 1 + 5 files changed, 638 insertions(+), 11 deletions(-) create mode 100644 CVE-2019-18874.patch create mode 100644 series diff --git a/CVE-2019-18874.patch b/CVE-2019-18874.patch new file mode 100644 index 0000000..74d954f --- /dev/null +++ b/CVE-2019-18874.patch @@ -0,0 +1,623 @@ +From 7d512c8e4442a896d56505be3e78f1156f443465 Mon Sep 17 00:00:00 2001 +From: Riccardo Schirone +Date: Wed, 13 Nov 2019 14:54:21 +0100 +Subject: [PATCH] Use Py_CLEAR instead of Py_DECREF to also set the variable to + NULL (#1616) + +These files contain loops that convert system data into python objects +and during the process they create objects and dereference their +refcounts after they have been added to the resulting list. + +However, in case of errors during the creation of those python objects, +the refcount to previously allocated objects is dropped again with +Py_XDECREF, which should be a no-op in case the paramater is NULL. Even +so, in most of these loops the variables pointing to the objects are +never set to NULL, even after Py_DECREF is called at the end of the loop +iteration. This means, after the first iteration, if an error occurs +those python objects will get their refcount dropped two times, +resulting in a possible double-free. +--- + psutil/_psutil_aix.c | 18 +++++++------- + psutil/_psutil_bsd.c | 30 +++++++++++----------- + psutil/_psutil_linux.c | 14 +++++------ + psutil/_psutil_osx.c | 39 ++++++++++++++--------------- + psutil/_psutil_sunos.c | 43 ++++++++++++++++---------------- + psutil/_psutil_windows.c | 54 ++++++++++++++++++++-------------------- + 6 files changed, 97 insertions(+), 101 deletions(-) + +diff --git a/psutil/_psutil_aix.c b/psutil/_psutil_aix.c +index 8c055a432..9f58f606b 100644 +--- a/psutil/_psutil_aix.c ++++ b/psutil/_psutil_aix.c +@@ -265,8 +265,8 @@ psutil_proc_environ(PyObject *self, PyObject *args) { + goto error; + if (PyDict_SetItem(py_retdict, py_key, py_val)) + goto error; +- Py_DECREF(py_key); +- Py_DECREF(py_val); ++ Py_CLEAR(py_key); ++ Py_CLEAR(py_val); + } + curvar = strchr(curvar, '\0') + 1; + } +@@ -510,10 +510,10 @@ psutil_users(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_DECREF(py_username); +- Py_DECREF(py_tty); +- Py_DECREF(py_hostname); +- Py_DECREF(py_tuple); ++ Py_CLEAR(py_username); ++ Py_CLEAR(py_tty); ++ Py_CLEAR(py_hostname); ++ Py_CLEAR(py_tuple); + } + endutxent(); + +@@ -570,9 +570,9 @@ psutil_disk_partitions(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_DECREF(py_dev); +- Py_DECREF(py_mountp); +- Py_DECREF(py_tuple); ++ Py_CLEAR(py_dev); ++ Py_CLEAR(py_mountp); ++ Py_CLEAR(py_tuple); + mt = getmntent(file); + } + endmntent(file); +diff --git a/psutil/_psutil_bsd.c b/psutil/_psutil_bsd.c +index 33bb0c2df..e07ddcc1a 100644 +--- a/psutil/_psutil_bsd.c ++++ b/psutil/_psutil_bsd.c +@@ -154,7 +154,7 @@ psutil_pids(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_pid)) + goto error; +- Py_DECREF(py_pid); ++ Py_CLEAR(py_pid); + proclist++; + } + free(orig_address); +@@ -507,8 +507,8 @@ psutil_proc_open_files(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_DECREF(py_path); +- Py_DECREF(py_tuple); ++ Py_CLEAR(py_path); ++ Py_CLEAR(py_tuple); + } + } + free(freep); +@@ -670,9 +670,9 @@ psutil_disk_partitions(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_DECREF(py_dev); +- Py_DECREF(py_mountp); +- Py_DECREF(py_tuple); ++ Py_CLEAR(py_dev); ++ Py_CLEAR(py_mountp); ++ Py_CLEAR(py_tuple); + } + + free(fs); +@@ -765,7 +765,7 @@ psutil_net_io_counters(PyObject *self, PyObject *args) { + goto error; + if (PyDict_SetItemString(py_retdict, ifc_name, py_ifc_info)) + goto error; +- Py_DECREF(py_ifc_info); ++ Py_CLEAR(py_ifc_info); + } + else { + continue; +@@ -840,10 +840,10 @@ psutil_users(PyObject *self, PyObject *args) { + fclose(fp); + goto error; + } +- Py_DECREF(py_username); +- Py_DECREF(py_tty); +- Py_DECREF(py_hostname); +- Py_DECREF(py_tuple); ++ Py_CLEAR(py_username); ++ Py_CLEAR(py_tty); ++ Py_CLEAR(py_hostname); ++ Py_CLEAR(py_tuple); + } + + fclose(fp); +@@ -883,10 +883,10 @@ psutil_users(PyObject *self, PyObject *args) { + endutxent(); + goto error; + } +- Py_DECREF(py_username); +- Py_DECREF(py_tty); +- Py_DECREF(py_hostname); +- Py_DECREF(py_tuple); ++ Py_CLEAR(py_username); ++ Py_CLEAR(py_tty); ++ Py_CLEAR(py_hostname); ++ Py_CLEAR(py_tuple); + } + + endutxent(); +diff --git a/psutil/_psutil_linux.c b/psutil/_psutil_linux.c +index 717723d08..0d16eb427 100644 +--- a/psutil/_psutil_linux.c ++++ b/psutil/_psutil_linux.c +@@ -241,9 +241,9 @@ psutil_disk_partitions(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_DECREF(py_dev); +- Py_DECREF(py_mountp); +- Py_DECREF(py_tuple); ++ Py_CLEAR(py_dev); ++ Py_CLEAR(py_mountp); ++ Py_CLEAR(py_tuple); + } + endmntent(file); + return py_retlist; +@@ -454,10 +454,10 @@ psutil_users(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_DECREF(py_username); +- Py_DECREF(py_tty); +- Py_DECREF(py_hostname); +- Py_DECREF(py_tuple); ++ Py_CLEAR(py_username); ++ Py_CLEAR(py_tty); ++ Py_CLEAR(py_hostname); ++ Py_CLEAR(py_tuple); + } + endutent(); + return py_retlist; +diff --git a/psutil/_psutil_osx.c b/psutil/_psutil_osx.c +index d2ca94b58..76ec0ee85 100644 +--- a/psutil/_psutil_osx.c ++++ b/psutil/_psutil_osx.c +@@ -138,7 +138,7 @@ psutil_pids(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_pid)) + goto error; +- Py_DECREF(py_pid); ++ Py_CLEAR(py_pid); + proclist++; + } + free(orig_address); +@@ -653,7 +653,7 @@ psutil_per_cpu_times(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_cputime)) + goto error; +- Py_DECREF(py_cputime); ++ Py_CLEAR(py_cputime); + } + + ret = vm_deallocate(mach_task_self(), (vm_address_t)info_array, +@@ -841,9 +841,9 @@ psutil_disk_partitions(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_DECREF(py_dev); +- Py_DECREF(py_mountp); +- Py_DECREF(py_tuple); ++ Py_CLEAR(py_dev); ++ Py_CLEAR(py_mountp); ++ Py_CLEAR(py_tuple); + } + + free(fs); +@@ -911,7 +911,6 @@ psutil_proc_threads(PyObject *self, PyObject *args) { + } + + for (j = 0; j < thread_count; j++) { +- py_tuple = NULL; + thread_info_count = THREAD_INFO_MAX; + kr = thread_info(thread_list[j], THREAD_BASIC_INFO, + (thread_info_t)thinfo_basic, &thread_info_count); +@@ -934,7 +933,7 @@ psutil_proc_threads(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_DECREF(py_tuple); ++ Py_CLEAR(py_tuple); + } + + ret = vm_deallocate(task, (vm_address_t)thread_list, +@@ -1043,10 +1042,8 @@ psutil_proc_open_files(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_DECREF(py_tuple); +- py_tuple = NULL; +- Py_DECREF(py_path); +- py_path = NULL; ++ Py_CLEAR(py_tuple); ++ Py_CLEAR(py_path); + // --- /construct python list + } + } +@@ -1226,7 +1223,7 @@ psutil_proc_connections(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_DECREF(py_tuple); ++ Py_CLEAR(py_tuple); + } + else if (family == AF_UNIX) { + py_laddr = PyUnicode_DecodeFSDefault( +@@ -1248,9 +1245,9 @@ psutil_proc_connections(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_DECREF(py_tuple); +- Py_DECREF(py_laddr); +- Py_DECREF(py_raddr); ++ Py_CLEAR(py_tuple); ++ Py_CLEAR(py_laddr); ++ Py_CLEAR(py_raddr); + } + } + } +@@ -1370,7 +1367,7 @@ psutil_net_io_counters(PyObject *self, PyObject *args) { + goto error; + if (PyDict_SetItemString(py_retdict, ifc_name, py_ifc_info)) + goto error; +- Py_DECREF(py_ifc_info); ++ Py_CLEAR(py_ifc_info); + } + else { + continue; +@@ -1543,7 +1540,7 @@ psutil_disk_io_counters(PyObject *self, PyObject *args) { + goto error; + if (PyDict_SetItemString(py_retdict, disk_name, py_disk_info)) + goto error; +- Py_DECREF(py_disk_info); ++ Py_CLEAR(py_disk_info); + + CFRelease(parent_dict); + IOObjectRelease(parent); +@@ -1605,10 +1602,10 @@ psutil_users(PyObject *self, PyObject *args) { + endutxent(); + goto error; + } +- Py_DECREF(py_username); +- Py_DECREF(py_tty); +- Py_DECREF(py_hostname); +- Py_DECREF(py_tuple); ++ Py_CLEAR(py_username); ++ Py_CLEAR(py_tty); ++ Py_CLEAR(py_hostname); ++ Py_CLEAR(py_tuple); + } + + endutxent(); +diff --git a/psutil/_psutil_sunos.c b/psutil/_psutil_sunos.c +index 919e76d6e..31d6f364f 100644 +--- a/psutil/_psutil_sunos.c ++++ b/psutil/_psutil_sunos.c +@@ -300,8 +300,8 @@ psutil_proc_environ(PyObject *self, PyObject *args) { + if (PyDict_SetItem(py_retdict, py_envname, py_envval) < 0) + goto error; + +- Py_DECREF(py_envname); +- Py_DECREF(py_envval); ++ Py_CLEAR(py_envname); ++ Py_CLEAR(py_envval); + } + + psutil_free_cstrings_array(env, env_count); +@@ -655,10 +655,10 @@ psutil_users(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_DECREF(py_username); +- Py_DECREF(py_tty); +- Py_DECREF(py_hostname); +- Py_DECREF(py_tuple); ++ Py_CLEAR(py_username); ++ Py_CLEAR(py_tty); ++ Py_CLEAR(py_hostname); ++ Py_CLEAR(py_tuple); + } + endutxent(); + +@@ -714,9 +714,9 @@ psutil_disk_partitions(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_DECREF(py_dev); +- Py_DECREF(py_mountp); +- Py_DECREF(py_tuple); ++ Py_CLEAR(py_dev); ++ Py_CLEAR(py_mountp); ++ Py_CLEAR(py_tuple); + } + fclose(file); + return py_retlist; +@@ -767,8 +767,7 @@ psutil_per_cpu_times(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_cputime)) + goto error; +- Py_DECREF(py_cputime); +- py_cputime = NULL; ++ Py_CLEAR(py_cputime); + } + } + +@@ -824,7 +823,7 @@ psutil_disk_io_counters(PyObject *self, PyObject *args) { + if (PyDict_SetItemString(py_retdict, ksp->ks_name, + py_disk_info)) + goto error; +- Py_DECREF(py_disk_info); ++ Py_CLEAR(py_disk_info); + } + } + ksp = ksp->ks_next; +@@ -959,8 +958,8 @@ psutil_proc_memory_maps(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_DECREF(py_path); +- Py_DECREF(py_tuple); ++ Py_CLEAR(py_path); ++ Py_CLEAR(py_tuple); + + // increment pointer + p += 1; +@@ -1075,7 +1074,7 @@ psutil_net_io_counters(PyObject *self, PyObject *args) { + goto error; + if (PyDict_SetItemString(py_retdict, ksp->ks_name, py_ifc_info)) + goto error; +- Py_DECREF(py_ifc_info); ++ Py_CLEAR(py_ifc_info); + goto next; + + next: +@@ -1273,7 +1272,7 @@ psutil_net_connections(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_DECREF(py_tuple); ++ Py_CLEAR(py_tuple); + } + } + #if defined(AF_INET6) +@@ -1287,7 +1286,7 @@ psutil_net_connections(PyObject *self, PyObject *args) { + #ifdef NEW_MIB_COMPLIANT + processed_pid = tp6.tcp6ConnCreationProcess; + #else +- processed_pid = 0; ++ processed_pid = 0; + #endif + if (pid != -1 && processed_pid != pid) + continue; +@@ -1316,14 +1315,14 @@ psutil_net_connections(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_DECREF(py_tuple); ++ Py_CLEAR(py_tuple); + } + } + #endif + // UDPv4 + else if (mibhdr.level == MIB2_UDP || mibhdr.level == MIB2_UDP_ENTRY) { + num_ent = mibhdr.len / sizeof(mib2_udpEntry_t); +- assert(num_ent * sizeof(mib2_udpEntry_t) == mibhdr.len); ++ assert(num_ent * sizeof(mib2_udpEntry_t) == mibhdr.len); + for (i = 0; i < num_ent; i++) { + memcpy(&ude, databuf.buf + i * sizeof ude, sizeof ude); + #ifdef NEW_MIB_COMPLIANT +@@ -1355,7 +1354,7 @@ psutil_net_connections(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_DECREF(py_tuple); ++ Py_CLEAR(py_tuple); + } + } + #if defined(AF_INET6) +@@ -1388,7 +1387,7 @@ psutil_net_connections(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_DECREF(py_tuple); ++ Py_CLEAR(py_tuple); + } + } + #endif +@@ -1561,7 +1560,7 @@ psutil_net_if_stats(PyObject* self, PyObject* args) { + goto error; + if (PyDict_SetItemString(py_retdict, ksp->ks_name, py_ifc_info)) + goto error; +- Py_DECREF(py_ifc_info); ++ Py_CLEAR(py_ifc_info); + } + } + +diff --git a/psutil/_psutil_windows.c b/psutil/_psutil_windows.c +index beaba1830..08b208dc0 100644 +--- a/psutil/_psutil_windows.c ++++ b/psutil/_psutil_windows.c +@@ -221,7 +221,7 @@ psutil_pids(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_pid)) + goto error; +- Py_DECREF(py_pid); ++ Py_CLEAR(py_pid); + } + + // free C array allocated for PIDs +@@ -1003,7 +1003,7 @@ psutil_per_cpu_times(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_DECREF(py_tuple); ++ Py_CLEAR(py_tuple); + } + + free(sppi); +@@ -1156,7 +1156,7 @@ psutil_proc_threads(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_DECREF(py_tuple); ++ Py_CLEAR(py_tuple); + + CloseHandle(hThread); + } +@@ -1580,7 +1580,7 @@ psutil_net_connections(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_conn_tuple)) + goto error; +- Py_DECREF(py_conn_tuple); ++ Py_CLEAR(py_conn_tuple); + } + + free(table); +@@ -1667,7 +1667,7 @@ psutil_net_connections(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_conn_tuple)) + goto error; +- Py_DECREF(py_conn_tuple); ++ Py_CLEAR(py_conn_tuple); + } + + free(table); +@@ -1730,7 +1730,7 @@ psutil_net_connections(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_conn_tuple)) + goto error; +- Py_DECREF(py_conn_tuple); ++ Py_CLEAR(py_conn_tuple); + } + + free(table); +@@ -1793,7 +1793,7 @@ psutil_net_connections(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_conn_tuple)) + goto error; +- Py_DECREF(py_conn_tuple); ++ Py_CLEAR(py_conn_tuple); + } + + free(table); +@@ -2188,8 +2188,8 @@ psutil_net_io_counters(PyObject *self, PyObject *args) { + goto error; + if (PyDict_SetItem(py_retdict, py_nic_name, py_nic_info)) + goto error; +- Py_XDECREF(py_nic_name); +- Py_XDECREF(py_nic_info); ++ Py_CLEAR(py_nic_name); ++ Py_CLEAR(py_nic_info); + + free(pIfRow); + pCurrAddresses = pCurrAddresses->Next; +@@ -2304,7 +2304,7 @@ psutil_disk_io_counters(PyObject *self, PyObject *args) { + goto error; + if (PyDict_SetItemString(py_retdict, szDeviceDisplay, py_tuple)) + goto error; +- Py_XDECREF(py_tuple); ++ Py_CLEAR(py_tuple); + + next: + CloseHandle(hDevice); +@@ -2461,7 +2461,7 @@ psutil_disk_partitions(PyObject *self, PyObject *args) { + goto error; + } + +- Py_DECREF(py_tuple); ++ Py_CLEAR(py_tuple); + + // Continue looking for more mount points + mp_flag = FindNextVolumeMountPoint(mp_h, mp_buf, MAX_PATH); +@@ -2486,7 +2486,7 @@ psutil_disk_partitions(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_DECREF(py_tuple); ++ Py_CLEAR(py_tuple); + goto next; + + next: +@@ -2610,9 +2610,9 @@ psutil_users(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_XDECREF(py_username); +- Py_XDECREF(py_address); +- Py_XDECREF(py_tuple); ++ Py_CLEAR(py_username); ++ Py_CLEAR(py_address); ++ Py_CLEAR(py_tuple); + } + + WTSFreeMemory(sessions); +@@ -2838,8 +2838,8 @@ psutil_proc_memory_maps(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_DECREF(py_tuple); +- Py_DECREF(py_str); ++ Py_CLEAR(py_tuple); ++ Py_CLEAR(py_str); + } + previousAllocationBase = (ULONGLONG)basicInfo.AllocationBase; + baseAddress = (PCHAR)baseAddress + basicInfo.RegionSize; +@@ -2889,8 +2889,8 @@ psutil_ppid_map(PyObject *self, PyObject *args) { + goto error; + if (PyDict_SetItem(py_retdict, py_pid, py_ppid)) + goto error; +- Py_DECREF(py_pid); +- Py_DECREF(py_ppid); ++ Py_CLEAR(py_pid); ++ Py_CLEAR(py_ppid); + } while (Process32Next(handle, &pe)); + } + +@@ -2993,8 +2993,8 @@ psutil_net_if_addrs(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_DECREF(py_tuple); +- Py_DECREF(py_mac_address); ++ Py_CLEAR(py_tuple); ++ Py_CLEAR(py_mac_address); + } + + // find out the IP address associated with the NIC +@@ -3070,14 +3070,14 @@ psutil_net_if_addrs(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_DECREF(py_tuple); +- Py_DECREF(py_address); +- Py_DECREF(py_netmask); ++ Py_CLEAR(py_tuple); ++ Py_CLEAR(py_address); ++ Py_CLEAR(py_netmask); + + pUnicast = pUnicast->Next; + } + } +- Py_DECREF(py_nic_name); ++ Py_CLEAR(py_nic_name); + pCurrAddresses = pCurrAddresses->Next; + } + +@@ -3197,8 +3197,8 @@ psutil_net_if_stats(PyObject *self, PyObject *args) { + goto error; + if (PyDict_SetItem(py_retdict, py_nic_name, py_ifc_info)) + goto error; +- Py_DECREF(py_nic_name); +- Py_DECREF(py_ifc_info); ++ Py_CLEAR(py_nic_name); ++ Py_CLEAR(py_ifc_info); + } + + free(pIfTable); diff --git a/options.conf b/options.conf index 4b99dc9..1bd031d 100644 --- a/options.conf +++ b/options.conf @@ -43,7 +43,7 @@ optimize_size = false # set profile for pgo pgo = false # set flags for security-sensitive builds -security_sensitive = false +security_sensitive = true # do not run test suite skip_tests = true # add .so files to the lib package instead of dev diff --git a/psutil.spec b/psutil.spec index 7daa1f8..8ff6b69 100644 --- a/psutil.spec +++ b/psutil.spec @@ -4,7 +4,7 @@ # Name : psutil Version : 5.6.5 -Release : 68 +Release : 69 URL : https://files.pythonhosted.org/packages/03/9a/95c4b3d0424426e5fd94b5302ff74cea44d5d4f53466e1228ac8e73e14b4/psutil-5.6.5.tar.gz Source0 : https://files.pythonhosted.org/packages/03/9a/95c4b3d0424426e5fd94b5302ff74cea44d5d4f53466e1228ac8e73e14b4/psutil-5.6.5.tar.gz Summary : Cross-platform lib for process and system monitoring in Python. @@ -16,10 +16,12 @@ Requires: psutil-python3 = %{version}-%{release} BuildRequires : buildreq-distutils3 BuildRequires : procps-ng BuildRequires : python3-dev +BuildRequires : util-linux +Patch1: CVE-2019-18874.patch %description -This directory contains scripts which are meant to be used internally -(benchmarks, CI automation, etc.). +| |version| |py-versions| |packages| |license| + | |travis| |appveyor| |doc| |twitter| |tidelift| %package license Summary: license components for the psutil package. @@ -49,22 +51,23 @@ python3 components for the psutil package. %prep %setup -q -n psutil-5.6.5 +cd %{_builddir}/psutil-5.6.5 +%patch1 -p1 %build export http_proxy=http://127.0.0.1:9/ export https_proxy=http://127.0.0.1:9/ export no_proxy=localhost,127.0.0.1,0.0.0.0 export LANG=C.UTF-8 -export SOURCE_DATE_EPOCH=1573051994 -# -Werror is for werrorists +export SOURCE_DATE_EPOCH=1573757257 export GCC_IGNORE_WERROR=1 export AR=gcc-ar export RANLIB=gcc-ranlib export NM=gcc-nm -export CFLAGS="$CFLAGS -O3 -ffat-lto-objects -flto=4 " -export FCFLAGS="$CFLAGS -O3 -ffat-lto-objects -flto=4 " -export FFLAGS="$CFLAGS -O3 -ffat-lto-objects -flto=4 " -export CXXFLAGS="$CXXFLAGS -O3 -ffat-lto-objects -flto=4 " +export CFLAGS="$CFLAGS -O3 -ffat-lto-objects -flto=4 -fstack-protector-strong -mzero-caller-saved-regs=used " +export FCFLAGS="$CFLAGS -O3 -ffat-lto-objects -flto=4 -fstack-protector-strong -mzero-caller-saved-regs=used " +export FFLAGS="$CFLAGS -O3 -ffat-lto-objects -flto=4 -fstack-protector-strong -mzero-caller-saved-regs=used " +export CXXFLAGS="$CXXFLAGS -O3 -ffat-lto-objects -flto=4 -fstack-protector-strong -mzero-caller-saved-regs=used " export MAKEFLAGS=%{?_smp_mflags} python3 setup.py build diff --git a/release b/release index 38b10c1..b5489e5 100644 --- a/release +++ b/release @@ -1 +1 @@ -68 +69 diff --git a/series b/series new file mode 100644 index 0000000..b667dd2 --- /dev/null +++ b/series @@ -0,0 +1 @@ +CVE-2019-18874.patch