!110 fix uid gid overflow

From: @cenhuilin 
Reviewed-by: @liqingqing_1229, @SuperSix173 
Signed-off-by: @SuperSix173

backport-0014-ps-Fix-possible-buffer-overflow-in-C-option.patch

@@ -0,0 +1,70 @@
+From 2c933ecba3bb1d3041a5a7a53a7b4078a6003413 Mon Sep 17 00:00:00 2001
+From: Craig Small <csmall@dropbear.xyz>
+Date: Thu, 10 Aug 2023 21:18:38 +1000
+Subject: [PATCH] ps: Fix possible buffer overflow in -C option
+
+ps allocates memory using malloc(length of arg * len of struct).
+In certain strange circumstances, the arg length could be very large
+and the multiplecation will overflow, allocating a small amount of
+memory.
+
+Subsequent strncpy() will then write into unallocated memory.
+The fix is to use calloc. It's slower but this is a one-time
+allocation. Other malloc(x * y) calls have also been replaced
+by calloc(x, y)
+
+References:
+ https://www.freelists.org/post/procps/ps-buffer-overflow-CVE-20234016
+ https://nvd.nist.gov/vuln/detail/CVE-2023-4016
+ https://gitlab.com/procps-ng/procps/-/issues/297
+ https://bugs.debian.org/1042887
+
+Conflict: remove NEWS part
+
+Signed-off-by: Craig Small <csmall@dropbear.xyz>
+---
+ ps/parser.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/ps/parser.c b/ps/parser.c
+index 248aa741..15873dfa 100644
+--- a/ps/parser.c
++++ b/ps/parser.c
+@@ -189,7 +189,6 @@ static const char *parse_list(const char *arg, const char *(*parse_fn)(char *, s
+   const char *err;       /* error code that could or did happen */
+   /*** prepare to operate ***/
+   node = malloc(sizeof(selection_node));
+-  node->u = malloc(strlen(arg)*sizeof(sel_union)); /* waste is insignificant */
+   node->n = 0;
+   buf = strdup(arg);
+   /*** sanity check and count items ***/
+@@ -210,6 +209,7 @@ static const char *parse_list(const char *arg, const char *(*parse_fn)(char *, s
+   } while (*++walk);
+   if(need_item) goto parse_error;
+   node->n = items;
++  node->u = calloc(items, sizeof(sel_union));
+   /*** actually parse the list ***/
+   walk = buf;
+   while(items--){
+@@ -1050,15 +1050,15 @@ static const char *parse_trailing_pids(void){
+   thisarg = ps_argc - 1;   /* we must be at the end now */
+ 
+   pidnode = malloc(sizeof(selection_node));
+-  pidnode->u = malloc(i*sizeof(sel_union)); /* waste is insignificant */
++  pidnode->u = calloc(i, sizeof(sel_union)); /* waste is insignificant */
+   pidnode->n = 0;
+ 
+   grpnode = malloc(sizeof(selection_node));
+-  grpnode->u = malloc(i*sizeof(sel_union)); /* waste is insignificant */
++  grpnode->u = calloc(i,sizeof(sel_union)); /* waste is insignificant */
+   grpnode->n = 0;
+ 
+   sidnode = malloc(sizeof(selection_node));
+-  sidnode->u = malloc(i*sizeof(sel_union)); /* waste is insignificant */
++  sidnode->u = calloc(i, sizeof(sel_union)); /* waste is insignificant */
+   sidnode->n = 0;
+ 
+   while(i--){
+-- 
+2.33.0
+

pgrep-uid-gid-overflow.patch

@@ -0,0 +1,54 @@
+From d279b2cff46efec314836f8bac88d742647bab4e Mon Sep 17 00:00:00 2001
+From: Todd Lewis <todd_lewis@unc.edu>
+Date: Thu, 21 Mar 2024 10:57:31 +0800
+Subject: [PATCH] fix uid/gid > 2^31
+
+---
+ pgrep.c         |  6 +++++-
+ proc/readproc.h | 12 ++++++------
+ 2 files changed, 11 insertions(+), 7 deletions(-)
+
+diff --git a/pgrep.c b/pgrep.c
+index 52264b7..b72e32d 100644
+--- a/pgrep.c
++++ b/pgrep.c
+@@ -204,8 +204,12 @@ static int strict_atol (const char *restrict str, long *restrict value)
+ 
+ 	for ( ; *str; ++str) {
+ 		if (! isdigit (*str))
+-			return (0);
++                        return 0;
++                if (res >= LONG_MAX / 10)
++                        return 0;
+ 		res *= 10;
++                if (res >= LONG_MAX - (*str - '0'))
++                        return 0;
+ 		res += *str - '0';
+ 	}
+ 	*value = sign * res;
+diff --git a/proc/readproc.h b/proc/readproc.h
+index 7905ea9..7bdb37f 100644
+--- a/proc/readproc.h
++++ b/proc/readproc.h
+@@ -159,12 +159,12 @@ typedef struct proc_t {
+ 	session,	// stat            session id
+ 	nlwp,		// stat,status     number of threads, or 0 if no clue
+ 	tgid,		// (special)       thread group ID, the POSIX PID (see also: tid)
+-	tty,		// stat            full device number of controlling terminal
+-	/* FIXME: int uids & gids should be uid_t or gid_t from pwd.h */
+-        euid, egid,     // stat(),status   effective
+-        ruid, rgid,     // status          real
+-        suid, sgid,     // status          saved
+-        fuid, fgid,     // status          fs (used for file access only)
++	tty;            // stat            full device number of controlling terminal
++    uid_t euid; gid_t egid; // stat(),status effective
++    uid_t ruid; gid_t rgid; // status        real
++    uid_t suid; gid_t sgid; // status        saved
++    uid_t fuid; gid_t fgid; // status        fs (used for file access only)
++    int
+ 	tpgid,		// stat            terminal process group id
+ 	exit_signal,	// stat            might not be SIGCHLD
+ 	processor;      // stat            current (or most recent?) CPU
+-- 
+2.27.0
+

procps-ng.spec

@@ -1,6 +1,6 @@
 Name: 		procps-ng
 Version: 	3.3.16
-Release:	14
+Release:	20
 Summary: 	Utilities that provide system information.
 License: 	GPL+ and GPLv2 and GPLv2+ and GPLv3+ and LGPLv2+
 URL: 		https://sourceforge.net/projects/procps-ng/
@@ -20,12 +20,15 @@ Patch0007: backport-0008-misc-eliminate-a-couple-of-miscellaneous-gcc-warning.pa
 Patch0008: backport-0009-top-fix-potential-SEGV-when-no-tasks-were-displayabl.patch
 Patch0009: backport-0010-top-fix-additional-SEGVs-if-no-tasks-were-displayabl.patch
 Patch0010: backport-0011-pgrep-Remove-memory-leak.patch
-Patch0011: backport-0012-Set-TZ-to-avoid-repeated-stat-etc-localtime.patch
-Patch0012: backport-0013-kill-Fix-argument-handling-for-negative-PIDs.patch
+Patch0011: backport-0012-Set-TZ-to-avoid-repeated-stat-etc-localtime.patch 
+Patch0012: backport-0013-kill-Fix-argument-handling-for-negative-PIDs.patch 
+Patch0013: backport-0014-ps-Fix-possible-buffer-overflow-in-C-option.patch
 
 Patch9000: 	feature-add-options-M-and-N-for-top.patch
 Patch9001: 	bugfix-top-exit-with-error-when-pid-overflow.patch
+Patch9002:	pgrep-uid-gid-overflow.patch
 
+Recommends:	%{name}-help = %{version}-%{release}
 BuildRequires: 	ncurses-devel libtool autoconf automake gcc gettext-devel systemd-devel
 
 Provides: 	procps = %{version}-%{release}
@@ -69,6 +72,9 @@ autoreconf -ivf
 
 make CFLAGS="%{optflags}"
 
+%check
+make check
+
 %install
 %make_install
 
@@ -107,10 +113,28 @@ ln -s %{_bindir}/pidof %{buildroot}%{_sbindir}/pidof
 %{_mandir}/translated
 
 %changelog
-* Sat Feb 27 2021 hewenliang <hewenliang4@huawei.com> - 3.3.16-14
-- sync patches
+* Thu Mar 21 2024 cenhuilin <cenhuilin@kylinos.cn> - 3.3.16-20
+- fix uid gid overflow
 
-* Thu Nov 03 2020 xinghe <xinghe1@huawei.com> - 3.3.16-13
+* Tue Aug 15 2023 Liu Chao <liuchao173@huawei.com> - 3.3.16-19
+- ps: Fix possible buffer overflow in -C option
+
+* Fri Apr 21 2023 zhoujie <zhoujie133@huawei.com> - 3.3.16-18
+- enable make check
+
+* Sat Feb 27 2021 hewenliang <314264452@qq.com> - 3.3.16-17
+- Sync patches from upstream
+
+* Mon Feb 08 2021 xinghe <xinghe1@huawei.com> - 3.3.16-16
+- rebuild package
+
+* Sun Feb 7 2021 xinghe <xinghe1@huawei.com> - 3.3.16-15
+- rebuild package
+
+* Thu Nov 12 2020 xinghe <xinghe1@huawei.com> - 3.3.16-14
+- add help for Recommends
+
+* Tue Nov 03 2020 xinghe <xinghe1@huawei.com> - 3.3.16-13
 - sync patchs
 
 * Wed Sep 23 2020 MarsChan <chenmingmin@huawei.com> - 3.3.16-12
@@ -175,5 +199,5 @@ ln -s %{_bindir}/pidof %{buildroot}%{_sbindir}/pidof
 - SUG:restart
 - DEC:add options -M and -N for top
 
-* Sat Jul 18 2018 openEuler Buildteam <buildteam@openeuler.org> - 3.3.15-4
+* Wed Jul 18 2018 openEuler Buildteam <buildteam@openeuler.org> - 3.3.15-4
 - Package init