Bug#1106046: unblock (pre-approval): finit/4.12-1

To: Yangfl <mmyangfl@gmail.com>, 1106046@bugs.debian.org
Subject: Bug#1106046: unblock (pre-approval): finit/4.12-1
From: Sebastian Ramacher <sramacher@debian.org>
Date: Mon, 19 May 2025 16:44:47 +0200
Message-id: <[🔎] aCtD3-oXy3fCngx5@ramacher.at>
Reply-to: Sebastian Ramacher <sramacher@debian.org>, 1106046@bugs.debian.org
In-reply-to: <[🔎] CAAXyoMNmOwNZqYe-0oC6fZ=71qarBVq99-Uu_On=cqhN_qzcAQ@mail.gmail.com>
References: <[🔎] CAAXyoMNmOwNZqYe-0oC6fZ=71qarBVq99-Uu_On=cqhN_qzcAQ@mail.gmail.com> <[🔎] CAAXyoMNmOwNZqYe-0oC6fZ=71qarBVq99-Uu_On=cqhN_qzcAQ@mail.gmail.com>

Control: tags -1 confirmed

On 2025-05-19 17:13:16 +0800, Yangfl wrote:
> Package: release.debian.org
> Severity: normal
> X-Debbugs-Cc: finit@packages.debian.org
> Control: affects -1 + src:finit
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Please unblock package finit
> 
> This fixes CVE-2025-32022 (#1104932).

Please go ahead

Cheers

> 
> I also took the opportunity to catch up with the latest upstream version.
> 
> The diff is fairly small, so I can manually verify that hopefully no
> breakage will be introduced.
> 
> unblock finit/4.12-1

> diff --git a/ChangeLog.md b/ChangeLog.md
> index 031c3359..9b014b99 100644
> --- a/ChangeLog.md
> +++ b/ChangeLog.md
> @@ -3,6 +3,19 @@ Change Log
>  
>  All relevant changes are documented in this file.
>  
> +
> +[4.12][] - 2025-04-28
> +---------------------
> +
> +### Changes
> + - Improve notify:s6 readiness compatibility, by Aaron Andersen
> + - Update `runparts` usage text
> +
> +### Fixes
> + - Fix variable overloading in urandom plugin
> + - Fix buffer overwrite in urandom plugin, reported by Aaron Andersen
> +
> +
>  [4.11][] - 2025-03-27
>  ---------------------
>  
> @@ -1785,6 +1798,7 @@ Major bug fix release.
>  * Initial release
>  
>  [UNRELEASED]: https://github.com/troglobit/finit/compare/4.11...HEAD
> +[4.12]: https://github.com/troglobit/finit/compare/4.11...4.12
>  [4.11]: https://github.com/troglobit/finit/compare/4.10...4.11
>  [4.10]: https://github.com/troglobit/finit/compare/4.9...4.10
>  [4.9]:  https://github.com/troglobit/finit/compare/4.8...4.9
> diff --git a/README.md b/README.md
> index 9767e5f8..9b91207d 100644
> --- a/README.md
> +++ b/README.md
> @@ -251,7 +251,7 @@ All services in runlevel S) are started first, followed by the desired
>  run-time runlevel.  Run tasks in runlevel S can be started in sequence
>  by using `run [S] cmd`.  Changing runlevels at runtime is done like any
>  other init, e.g. <kbd>init 4</kbd>, but also using the more advanced
> -`intictl` tool.
> +[`initctl`](#commands--status) tool.
>  
>  
>  **Conditions**
> diff --git a/configure b/configure
> index e2791a20..36467f2f 100755
> --- a/configure
> +++ b/configure
> @@ -1,6 +1,6 @@
>  #! /bin/sh
>  # Guess values for system-dependent variables and create Makefiles.
> -# Generated by GNU Autoconf 2.71 for Finit 4.11.
> +# Generated by GNU Autoconf 2.71 for Finit 4.12.
>  #
>  # Report bugs to <https://github.com/troglobit/finit/issues>.
>  #
> @@ -621,8 +621,8 @@ MAKEFLAGS=
>  # Identity of this package.
>  PACKAGE_NAME='Finit'
>  PACKAGE_TARNAME='finit'
> -PACKAGE_VERSION='4.11'
> -PACKAGE_STRING='Finit 4.11'
> +PACKAGE_VERSION='4.12'
> +PACKAGE_STRING='Finit 4.12'
>  PACKAGE_BUGREPORT='https://github.com/troglobit/finit/issues'
>  PACKAGE_URL='https://troglobit.com/projects/finit/'
>  
> @@ -1464,7 +1464,7 @@ if test "$ac_init_help" = "long"; then
>    # Omit some internal or obsolete options to make the list less imposing.
>    # This message is too long to be a string in the A/UX 3.1 sh.
>    cat <<_ACEOF
> -\`configure' configures Finit 4.11 to adapt to many kinds of systems.
> +\`configure' configures Finit 4.12 to adapt to many kinds of systems.
>  
>  Usage: $0 [OPTION]... [VAR=VALUE]...
>  
> @@ -1535,7 +1535,7 @@ fi
>  
>  if test -n "$ac_init_help"; then
>    case $ac_init_help in
> -     short | recursive ) echo "Configuration of Finit 4.11:";;
> +     short | recursive ) echo "Configuration of Finit 4.12:";;
>     esac
>    cat <<\_ACEOF
>  
> @@ -1731,7 +1731,7 @@ fi
>  test -n "$ac_init_help" && exit $ac_status
>  if $ac_init_version; then
>    cat <<\_ACEOF
> -Finit configure 4.11
> +Finit configure 4.12
>  generated by GNU Autoconf 2.71
>  
>  Copyright (C) 2021 Free Software Foundation, Inc.
> @@ -2006,7 +2006,7 @@ cat >config.log <<_ACEOF
>  This file contains any messages produced by compilers while
>  running configure, to aid debugging if configure makes a mistake.
>  
> -It was created by Finit $as_me 4.11, which was
> +It was created by Finit $as_me 4.12, which was
>  generated by GNU Autoconf 2.71.  Invocation command line was
>  
>    $ $0$ac_configure_args_raw
> @@ -3276,7 +3276,7 @@ fi
>  
>  # Define the identity of the package.
>   PACKAGE='finit'
> - VERSION='4.11'
> + VERSION='4.12'
>  
>  
>  printf "%s\n" "#define PACKAGE \"$PACKAGE\"" >>confdefs.h
> @@ -16299,7 +16299,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
>  # report actual input values of CONFIG_FILES etc. instead of their
>  # values after options handling.
>  ac_log="
> -This file was extended by Finit $as_me 4.11, which was
> +This file was extended by Finit $as_me 4.12, which was
>  generated by GNU Autoconf 2.71.  Invocation command line was
>  
>    CONFIG_FILES    = $CONFIG_FILES
> @@ -16368,7 +16368,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\
>  cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
>  ac_cs_config='$ac_cs_config_escaped'
>  ac_cs_version="\\
> -Finit config.status 4.11
> +Finit config.status 4.12
>  configured by $0, generated by GNU Autoconf 2.71,
>    with options \\"\$ac_cs_config\\"
>  
> diff --git a/configure.ac b/configure.ac
> index 5ffcce4a..b5e9bbe2 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -1,4 +1,4 @@
> -AC_INIT([Finit], [4.11], [https://github.com/troglobit/finit/issues],
> +AC_INIT([Finit], [4.12], [https://github.com/troglobit/finit/issues],
>  	[finit], [https://troglobit.com/projects/finit/])
>  AC_CONFIG_AUX_DIR(aux)
>  AM_INIT_AUTOMAKE([1.11 foreign dist-xz subdir-objects])
> diff --git a/debian/changelog b/debian/changelog
> index 15e257ea..bd4e2ddc 100644
> --- a/debian/changelog
> +++ b/debian/changelog
> @@ -1,3 +1,10 @@
> +finit (4.12-1) unstable; urgency=medium
> +
> +  * New upstream release
> +    * Fix CVE-2025-32022 (Closes: #1104932)
> +
> + -- Yangfl <mmyangfl@gmail.com>  Fri, 09 May 2025 23:26:56 +0800
> +
>  finit (4.11-1) unstable; urgency=medium
>  
>    * New upstream release
> diff --git a/plugins/urandom.c b/plugins/urandom.c
> index d2a54983..2de5f820 100644
> --- a/plugins/urandom.c
> +++ b/plugins/urandom.c
> @@ -78,6 +78,7 @@ static void setup(void *arg)
>  {
>  #ifdef RANDOMSEED
>  	struct rand_pool_info *rpi;
> +	unsigned char *rpi_buf;
>  	ssize_t len = 0;
>  	struct stat st;
>  	int rc = -1;
> @@ -103,13 +104,14 @@ static void setup(void *arg)
>  			hw = fopen(hwrng, "r");
>  			if (hw) {
>  				char buf[512];
> -				size_t len;
> +				size_t num;
>  
> -				len = fread(buf, sizeof(buf[0]), sizeof(buf), hw);
> -				if (len == 0)
> +				num = fread(buf, sizeof(buf[0]), sizeof(buf), hw);
> +				if (num == 0)
>  					fallback(fp);
>  				else
> -					len = fwrite(buf, sizeof(buf[0]), len, fp);
> +					fwrite(buf, sizeof(buf[0]), num, fp);
> +
>  				fclose(hw);
>  			} else {
>  				fallback(fp);
> @@ -137,10 +139,11 @@ static void setup(void *arg)
>  		goto fallback;
>  	}
>  
> +	rpi_buf = (unsigned char *)rpi->buf;
>  	do {
>  		ssize_t num;
>  
> -		num = read(fd, &rpi->buf[len], RANDOM_BYTES - len);
> +		num = read(fd, &rpi_buf[len], RANDOM_BYTES - len);
>  		if (num <= 0) {
>  			if (num == -1 && errno == EINTR)
>  				continue;
> diff --git a/src/cond.c b/src/cond.c
> index 2b8badea..3d1b06c1 100644
> --- a/src/cond.c
> +++ b/src/cond.c
> @@ -96,16 +96,16 @@ enum cond_state cond_get(const char *name)
>  
>  enum cond_state cond_get_agg(const char *names)
>  {
> -	static char conds[MAX_COND_LEN];
>  	enum cond_state s = COND_ON;
> -	char *cond;
>  
> -	if (!names)
> -		return COND_ON;
> +	if (names) {
> +		char conds[strlen(names) + 1];
> +		const char *cond;
>  
> -	strlcpy(conds, names, sizeof(conds));
> -	for (cond = strtok(conds, ","); s && cond; cond = strtok(NULL, ","))
> -		s = min(s, cond_get(cond));
> +		strlcpy(conds, names, sizeof(conds));
> +		for (cond = strtok(conds, ","); s && cond; cond = strtok(NULL, ","))
> +			s = min(s, cond_get(cond));
> +	}
>  
>  	return s;
>  }
> diff --git a/src/runparts.c b/src/runparts.c
> index c4225ceb..51984b94 100644
> --- a/src/runparts.c
> +++ b/src/runparts.c
> @@ -193,7 +193,7 @@ int run_parts(char *dir, char *cmd, const char *env[], int progress, int sysv)
>  #ifndef __FINIT__
>  static int usage(int rc)
>  {
> -	warnx("usage: runparts [-dhps?] DIRECTORY");
> +	warnx("usage: runparts [-bdhps?] DIRECTORY");
>  	return rc;
>  }
>  
> diff --git a/src/service.c b/src/service.c
> index ae997e7b..023b9bc1 100644
> --- a/src/service.c
> +++ b/src/service.c
> @@ -2912,7 +2912,7 @@ void service_notify_cb(uev_t *w, void *arg, int events)
>  	}
>  
>  	len = read(w->fd, buf, sizeof(buf) - 1);
> -	if (len == -1) {
> +	if (len <= 0) {
>  		warn("Failed reading notification from %s", svc_ident(svc, NULL, 0));
>  		return;
>  	}
> @@ -2920,7 +2920,7 @@ void service_notify_cb(uev_t *w, void *arg, int events)
>  	buf[len] = 0;
>  
>  	/* systemd and s6, respectively.  The latter then closes the socket */
> -	if (!strcmp(buf, "READY=1\n") || !strcmp(buf, "\n")) {
> +	if (!strcmp(buf, "READY=1\n") || buf[len - 1] == '\n') {
>  		/*
>  		 * native (pidfile) services are marked as started by
>  		 * the pidfile plugin.


-- 
Sebastian Ramacher

Reply to:

References:
- Bug#1106046: unblock (pre-approval): finit/4.12-1
  - From: Yangfl <mmyangfl@gmail.com>

Prev by Date: Bug#1106042: marked as done (unblock: devscripts/2.25.12)
Next by Date: Bug#1106043: marked as done (unblock: connman/1.44-3)
Previous by thread: Processed: Re: Bug#1106046: unblock (pre-approval): finit/4.12-1
Next by thread: Bug#1106046: marked as done (unblock (pre-approval): finit/4.12-1)
Index(es):
- Date
- Thread