--- Begin Message ---
Package: release.debian.org
Severity: normal
X-Debbugs-Cc: acct@packages.debian.org
Control: affects -1 + src:acct
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package acct
Please reduce the required age for acct from 20 days to 18 or fewer days.
[ Reason ]
acct may be about a day too new to migrate to testing before the full freeze.
The reason for this version is to import a fix present in Ubuntu for a buffer
overflow in the dump-acct tool.
The change also includes an autopkgtest designed to avoid needing release team
intervention but unfortunately we timed this wrong and now need a bump!
acct (6.6.4-8) unstable; urgency=medium
acct (6.6.4-7) experimental; urgency=medium
* Import sprintf buffer overflow fix from Ubuntu. (Closes: #1108428)
* Add autopkgtest for process accounting
[ Impact ]
Trixie users run code with a known buffer overflow.
There is no known user impact from this in Debian as the bug has only been
observed to cause problems with -D_FORTIFY_SOURCE=3, which is enabled for
Ubuntu builds, where the dump-acct command will always crash but not Debian
ones.
[ Tests ]
I and the sponsor of the package both verified that the crash can be
triggered when built with -D_FORTIFY_SOURCE=3 without the fix and that
with the fix this does not happen.
The affected tool works fine *from the user-visible perspective* in the
*Debian-built* package as expected either way due to the lack of the
hardening build option.
[ Risks ]
The bugfix is trivial and has been in Ubuntu since February.
With the new autopkgtest this has been road-tested through Debian
experimental and unstable 13 days so far.
I see no risk in accepting this package into testing. Realistically, it's
probably ready to migrate now.
[ Checklist ]
[X] all changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
[ Other info ]
https://bugs.debian.org/1108428
I also directly attach the patch that is applied to the upstream code for
your convenience - this is the only non-autopkgtest change present.
$ git diff --stat debian/6.6.4-6 debian/6.6.4-8
debian/changelog | 19 ++++++++++
debian/patches/07_sprintf-buffer-overflow.patch | 21 +++++++++++
debian/patches/series | 1 +
debian/tests/control | 3 ++
debian/tests/pacct | 59 +++++++++++++++++++++++++++++
debian/tests/src/Makefile | 16 ++++++++
debian/tests/src/fake-acct.c | 44 ++++++++++++++++++++++
debian/tests/src/gen-acct.c | 156 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
8 files changed, 319 insertions(+)
Thanks!
unblock acct/6.6.4-8
diff -Nru acct-6.6.4/debian/changelog acct-6.6.4/debian/changelog
--- acct-6.6.4/debian/changelog 2025-06-07 07:57:39.000000000 +0100
+++ acct-6.6.4/debian/changelog 2025-07-07 16:09:45.000000000 +0100
@@ -1,3 +1,22 @@
+acct (6.6.4-8) unstable; urgency=medium
+
+ * Team upload.
+ * Upload to unstable. Thanks to Andrew Bower for all the work.
+
+ -- Carlos Henrique Lima Melara <charlesmelara@riseup.net> Mon, 07 Jul 2025 12:09:45 -0300
+
+acct (6.6.4-7) experimental; urgency=medium
+
+ * Team upload.
+
+ [ Matthew L. Dailey ]
+ * Import sprintf buffer overflow fix from Ubuntu. (Closes: #1108428)
+
+ [ Andrew Bower ]
+ * Add autopkgtest for process accounting
+
+ -- Andrew Bower <andrew@bower.uk> Sun, 06 Jul 2025 16:58:06 +0100
+
acct (6.6.4-6) unstable; urgency=medium
* Team upload.
diff -Nru acct-6.6.4/debian/patches/07_sprintf-buffer-overflow.patch acct-6.6.4/debian/patches/07_sprintf-buffer-overflow.patch
--- acct-6.6.4/debian/patches/07_sprintf-buffer-overflow.patch 1970-01-01 01:00:00.000000000 +0100
+++ acct-6.6.4/debian/patches/07_sprintf-buffer-overflow.patch 2025-07-06 18:39:49.000000000 +0100
@@ -0,0 +1,21 @@
+Description: Fix buffer overflow in dev_hash.c
+Author: Jan Rybar
+Bug-Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=2190057
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/2095035
+Bug-Debian: https://bugs.debian.org/1108428
+Bug: http://savannah.gnu.org/bugs/?67028
+Last-Update: 2025-07-06
+
+Index: acct-6.6.4/dev_hash.c
+===================================================================
+--- acct-6.6.4.orig/dev_hash.c
++++ acct-6.6.4/dev_hash.c
+@@ -147,7 +147,7 @@ static void setup_devices(char *dirname)
+ {
+ char *fullname = (char *) alloca ((strlen (dirname)
+ + NAMLEN (dp)
+- + 1) * sizeof (char));
++ + 2) * sizeof (char)); /* slash + null; Fedora BZ#2190057 */
+
+ (void)sprintf (fullname, "%s/%s", dirname, dp->d_name);
+ if (stat (fullname, &sp))
diff -Nru acct-6.6.4/debian/patches/series acct-6.6.4/debian/patches/series
--- acct-6.6.4/debian/patches/series 2025-06-07 07:57:39.000000000 +0100
+++ acct-6.6.4/debian/patches/series 2025-07-06 18:39:49.000000000 +0100
@@ -4,3 +4,4 @@
04_Fix-spelling-errors.patch
05_Adapt_dump.acct.8-manpage.patch
06_adapt_dump-utmp.8-manpage.patch
+07_sprintf-buffer-overflow.patch
diff -Nru acct-6.6.4/debian/tests/control acct-6.6.4/debian/tests/control
--- acct-6.6.4/debian/tests/control 1970-01-01 01:00:00.000000000 +0100
+++ acct-6.6.4/debian/tests/control 2025-07-06 18:39:49.000000000 +0100
@@ -0,0 +1,3 @@
+Tests: pacct
+Depends: @, gcc, make, libc6-dev
+Restrictions: needs-root, breaks-testbed, allow-stderr
diff -Nru acct-6.6.4/debian/tests/pacct acct-6.6.4/debian/tests/pacct
--- acct-6.6.4/debian/tests/pacct 1970-01-01 01:00:00.000000000 +0100
+++ acct-6.6.4/debian/tests/pacct 2025-07-06 18:39:49.000000000 +0100
@@ -0,0 +1,59 @@
+#!/bin/sh
+#
+# Generate fake process accounting data via the package's installed
+# service defitions and sanity check the output from lastcomm.
+
+#set -x
+set -e
+
+FILE=/var/log/account/pacct
+
+fail () { echo $1 >&2; exit 1; }
+
+# Stop process accounting if it has already started
+service acct stop >/dev/null 2>/dev/null || true
+[ ! -s "$FILE" ] || truncate --size 0 "$FILE"
+
+# Install test library
+cp -a debian/tests/src $AUTOPKGTEST_TMP
+cd $AUTOPKGTEST_TMP
+make -C src
+install -t /usr/local/bin src/gen-acct
+install -t /usr/local/lib src/fake-acct.so
+echo "/usr/local/lib/fake-acct.so" >> /etc/ld.so.preload
+
+# Start fake process accounting
+[ ! -s "$FILE" ] || fail "pacct already populated"
+service acct start 2>&1
+sleep 5
+[ -f "$FILE" ] || fail "pacct did not get created"
+sleep 20
+service acct stop 2>&1
+[ -s "$FILE" ] || fail "pacct did not grow"
+sleep 5
+sz=$(stat -c %b "$FILE")
+sleep 10
+[ "$sz" = $(stat -c %b "$FILE") ] || fail "psacct did not stop growing"
+
+lastcomm > lastcomm.out 2> lastcomm.err
+echo "First 5 lines of $(wc -l < lastcomm.out) from lastcomm:"
+head -n5 lastcomm.out | cat -n
+[ $(wc -l < lastcomm.out) -gt 10 ] || fail "lastcomm output too short"
+if [ -s lastcomm.err ]
+then
+ echo "Error output from lastcomm:"
+ cat lastcomm.err | cat -n
+ exit 1
+fi
+
+cat lastcomm.out | cut -d\ -f1 > lastprocs
+cat lastprocs | sort | uniq > a
+ls /usr/bin > b1
+ls /usr/sbin > b2
+cat b1 b2 | cut -c1-16 | sort | uniq > b
+
+echo "Some system binaries included in lastcomm output:"
+comm -1 -2 a b | head -n5 | cat -n
+common=$(comm -1 -2 -3 --total a b | cut -f3)
+
+[ $common -gt 5 ] || fail "too few system binaries feature in lastcomm output"
diff -Nru acct-6.6.4/debian/tests/src/fake-acct.c acct-6.6.4/debian/tests/src/fake-acct.c
--- acct-6.6.4/debian/tests/src/fake-acct.c 1970-01-01 01:00:00.000000000 +0100
+++ acct-6.6.4/debian/tests/src/fake-acct.c 2025-07-06 18:39:49.000000000 +0100
@@ -0,0 +1,44 @@
+/* fake-acct
+ * An ld preload library to fake the libc wrapper for the acct(2) syscall
+ * and enable fake process accounting generation using gen-acct.
+ * -- Andrew Bower <andrew@bower.uk> Thu, 19 Jun 2025 07:27:24 +0100
+ */
+
+#include <errno.h>
+#include <signal.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+static const char *tool = "/usr/local/bin/gen-acct";
+static const char *lock = "/run/gen-acct.pid";
+
+int acct(const char *filename) {
+ char *cmd;
+ int rc;
+
+ if (filename) {
+ if ((rc = asprintf(&cmd, "%s %s %s", tool, lock, filename)) != -1) {
+ rc = system(cmd);
+ free(cmd);
+ }
+ } else {
+ if ((rc = access(lock, R_OK | W_OK)) != -1) {
+ FILE *pidf = fopen(lock, "r");
+ pid_t pid;
+ if (pidf == NULL)
+ return -1;
+ if (fscanf(pidf, "%d", &pid) == 1) {
+ if (pid > 0) {
+ rc = kill(pid, SIGTERM);
+ } else {
+ rc = -1;
+ errno = ESRCH;
+ }
+ }
+ fclose(pidf);
+ unlink(lock);
+ }
+ }
+ return rc;
+}
diff -Nru acct-6.6.4/debian/tests/src/gen-acct.c acct-6.6.4/debian/tests/src/gen-acct.c
--- acct-6.6.4/debian/tests/src/gen-acct.c 1970-01-01 01:00:00.000000000 +0100
+++ acct-6.6.4/debian/tests/src/gen-acct.c 2025-07-06 18:39:49.000000000 +0100
@@ -0,0 +1,156 @@
+/* gen-acct
+ * Generate fake acct(5) data that looks vaguely plausible to the
+ * running system by using the system's binary names. This application
+ * daemonises, writes its pid into a lock file and populates the log file
+ * in the background.
+ * -- Andrew Bower <andrew@bower.uk> Thu, 19 Jun 2025 07:27:24 +0100
+ */
+
+#include <dirent.h>
+#include <errno.h>
+#include <math.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include <unistd.h>
+#include <sys/acct.h>
+
+struct evt_src {
+ char comm[ACCT_COMM];
+ double cumulative_probability;
+};
+
+const uid_t uids[] = { 0, 1000, 1001 };
+constexpr int num_uids = sizeof uids / sizeof *uids;
+
+struct evt_src *sources = NULL;
+int num_sources = 0;
+
+static int file_filter(const struct dirent *d) {
+ return d->d_type == DT_REG || d->d_type == DT_UNKNOWN;
+}
+
+int populate_sources(void) {
+ struct dirent **files;
+ int i;
+ double p = 0.1;
+ double pp = 0.0;
+ int rc = 0;
+
+ num_sources = scandir("/usr/bin", &files, file_filter, alphasort);
+ if (num_sources == -1) {
+ num_sources = 0;
+ rc = errno;
+ goto fail;
+ }
+
+ sources = malloc(num_sources * sizeof *sources);
+ if (sources == NULL) {
+ rc = errno;
+ goto fail1;
+ }
+
+ for (i = 0; i < num_sources; i++) {
+ struct evt_src *s = sources + i;
+
+ strncpy(s->comm, files[i]->d_name, sizeof s->comm);
+ s->cumulative_probability = pp += (1 - pp) * p;
+ }
+
+fail1:
+ free(files);
+fail:
+ return rc;
+}
+
+void free_sources(void) {
+ sources = NULL;
+ num_sources = 0;
+}
+
+int main(int argc, char *argv[]) {
+ const char *lockpath;
+ const char *fnam;
+ FILE *file;
+ size_t sz;
+ pid_t pid = -1;
+
+ if (argc != 3) {
+ fprintf(stderr, "usage: %s <lock-file> <acct-file>\n", argv[0]);
+ return EXIT_FAILURE;
+ }
+ lockpath = argv[1];
+ fnam = argv[2];
+
+ if (populate_sources() != 0) {
+ perror("populating sources");
+ goto finish;
+ }
+
+ /* Check access first because we want to fail on missing file */
+ if (access(fnam, W_OK) != 0) {
+ perror("access");
+ goto finish;
+ }
+
+ /* Spawn daemon */
+ pid = fork();
+ if (pid == -1) {
+ perror("fork");
+ goto finish;
+ }
+
+ /* Parent actions - write PID to lock file */
+ if (pid != 0) {
+ FILE *lock = fopen(lockpath, "w");
+ if (lock == NULL) {
+ perror("fopen(lock)");
+ goto finish;
+ }
+ fprintf(lock, "%d\n", pid);
+ fflush(lock);
+ goto finish;
+ }
+
+ /* Child actions - open log file */
+ file = fopen(fnam, "a");
+ if (file == NULL) {
+ perror("fopen(log)");
+ goto child_fail;
+ }
+
+ srand48(time(nullptr));
+
+ while (true) {
+ struct acct_v3 r;
+ struct evt_src *s;
+ double p = drand48();
+ time_t t = time(nullptr);
+
+ for (s = sources; s - sources < num_sources && p > s->cumulative_probability; s++);
+ if (s - sources < num_sources) {
+ memset(&r, '\0', sizeof r);
+ r.ac_version = 3;
+ r.ac_etime = sqrt(3600.0 * drand48());
+ r.ac_btime = t - ceil(r.ac_etime);
+ r.ac_uid = uids[(int) (num_uids * drand48())];
+ r.ac_gid = r.ac_uid;
+ memcpy(&r.ac_comm, s->comm, sizeof r.ac_comm);
+ sz = fwrite(&r, sizeof r, 1, file);
+ if (sz != 1) {
+ perror("fwrite");
+ fclose(file);
+ goto child_fail;
+ }
+ }
+ usleep(20000);
+ }
+
+child_fail:
+ unlink(lockpath);
+
+finish:
+ free(sources);
+ return pid > 0 ? EXIT_SUCCESS : EXIT_FAILURE;
+}
diff -Nru acct-6.6.4/debian/tests/src/Makefile acct-6.6.4/debian/tests/src/Makefile
--- acct-6.6.4/debian/tests/src/Makefile 1970-01-01 01:00:00.000000000 +0100
+++ acct-6.6.4/debian/tests/src/Makefile 2025-07-06 18:39:49.000000000 +0100
@@ -0,0 +1,16 @@
+CFLAGS+=-std=gnu23 -g -Wall -Wextra -Werror -fPIC
+LDLIBS+=-lm
+
+TARGETS=gen-acct fake-acct.so
+
+all: $(TARGETS)
+.PHONY: all
+
+.PHONY: clean
+clean:
+ $(RM) $(TARGETS) gen-acct.o fake-acct.o
+
+gen-acct: gen-acct.o
+
+fake-acct.so: fake-acct.o
+ $(LINK.o) $^ -fPIC -shared -ldl -o $@
Description: Fix buffer overflow in dev_hash.c
Author: Jan Rybar
Bug-Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=2190057
Bug-Ubuntu: https://bugs.launchpad.net/bugs/2095035
Bug-Debian: https://bugs.debian.org/1108428
Bug: http://savannah.gnu.org/bugs/?67028
Last-Update: 2025-07-06
Index: acct-6.6.4/dev_hash.c
===================================================================
--- acct-6.6.4.orig/dev_hash.c
+++ acct-6.6.4/dev_hash.c
@@ -147,7 +147,7 @@ static void setup_devices(char *dirname)
{
char *fullname = (char *) alloca ((strlen (dirname)
+ NAMLEN (dp)
- + 1) * sizeof (char));
+ + 2) * sizeof (char)); /* slash + null; Fedora BZ#2190057 */
(void)sprintf (fullname, "%s/%s", dirname, dp->d_name);
if (stat (fullname, &sp))
--- End Message ---