Bug#1106046: marked as done (unblock (pre-approval): finit/4.12-1)

Debian Bug Tracking System Tue, 20 May 2025 10:55:40 -0700

Your message dated Tue, 20 May 2025 17:49:09 +0000
with message-id <e1uhr5r-0048gd...@respighi.debian.org>
and subject line unblock finit
has caused the Debian Bug report #1106046,
regarding unblock (pre-approval): finit/4.12-1
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1106046: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106046
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: release.debian.org
Severity: normal
X-Debbugs-Cc: fi...@packages.debian.org
Control: affects -1 + src:finit
User: release.debian....@packages.debian.org
Usertags: unblock

Please unblock package finit

This fixes CVE-2025-32022 (#1104932).

I also took the opportunity to catch up with the latest upstream version.

The diff is fairly small, so I can manually verify that hopefully no
breakage will be introduced.

unblock finit/4.12-1

diff --git a/ChangeLog.md b/ChangeLog.md
index 031c3359..9b014b99 100644
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -3,6 +3,19 @@ Change Log
 
 All relevant changes are documented in this file.
 
+
+[4.12][] - 2025-04-28
+---------------------
+
+### Changes
+ - Improve notify:s6 readiness compatibility, by Aaron Andersen
+ - Update `runparts` usage text
+
+### Fixes
+ - Fix variable overloading in urandom plugin
+ - Fix buffer overwrite in urandom plugin, reported by Aaron Andersen
+
+
 [4.11][] - 2025-03-27
 ---------------------
 
@@ -1785,6 +1798,7 @@ Major bug fix release.
 * Initial release
 
 [UNRELEASED]: https://github.com/troglobit/finit/compare/4.11...HEAD
+[4.12]: https://github.com/troglobit/finit/compare/4.11...4.12
 [4.11]: https://github.com/troglobit/finit/compare/4.10...4.11
 [4.10]: https://github.com/troglobit/finit/compare/4.9...4.10
 [4.9]:  https://github.com/troglobit/finit/compare/4.8...4.9
diff --git a/README.md b/README.md
index 9767e5f8..9b91207d 100644
--- a/README.md
+++ b/README.md
@@ -251,7 +251,7 @@ All services in runlevel S) are started first, followed by the desired
 run-time runlevel.  Run tasks in runlevel S can be started in sequence
 by using `run [S] cmd`.  Changing runlevels at runtime is done like any
 other init, e.g. <kbd>init 4</kbd>, but also using the more advanced
-`intictl` tool.
+[`initctl`](#commands--status) tool.
 
 
 **Conditions**
diff --git a/configure b/configure
index e2791a20..36467f2f 100755
--- a/configure
+++ b/configure
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.71 for Finit 4.11.
+# Generated by GNU Autoconf 2.71 for Finit 4.12.
 #
 # Report bugs to <https://github.com/troglobit/finit/issues>.
 #
@@ -621,8 +621,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='Finit'
 PACKAGE_TARNAME='finit'
-PACKAGE_VERSION='4.11'
-PACKAGE_STRING='Finit 4.11'
+PACKAGE_VERSION='4.12'
+PACKAGE_STRING='Finit 4.12'
 PACKAGE_BUGREPORT='https://github.com/troglobit/finit/issues'
 PACKAGE_URL='https://troglobit.com/projects/finit/'
 
@@ -1464,7 +1464,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures Finit 4.11 to adapt to many kinds of systems.
+\`configure' configures Finit 4.12 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1535,7 +1535,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of Finit 4.11:";;
+     short | recursive ) echo "Configuration of Finit 4.12:";;
    esac
   cat <<\_ACEOF
 
@@ -1731,7 +1731,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-Finit configure 4.11
+Finit configure 4.12
 generated by GNU Autoconf 2.71
 
 Copyright (C) 2021 Free Software Foundation, Inc.
@@ -2006,7 +2006,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by Finit $as_me 4.11, which was
+It was created by Finit $as_me 4.12, which was
 generated by GNU Autoconf 2.71.  Invocation command line was
 
   $ $0$ac_configure_args_raw
@@ -3276,7 +3276,7 @@ fi
 
 # Define the identity of the package.
  PACKAGE='finit'
- VERSION='4.11'
+ VERSION='4.12'
 
 
 printf "%s\n" "#define PACKAGE \"$PACKAGE\"" >>confdefs.h
@@ -16299,7 +16299,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by Finit $as_me 4.11, which was
+This file was extended by Finit $as_me 4.12, which was
 generated by GNU Autoconf 2.71.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -16368,7 +16368,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config='$ac_cs_config_escaped'
 ac_cs_version="\\
-Finit config.status 4.11
+Finit config.status 4.12
 configured by $0, generated by GNU Autoconf 2.71,
   with options \\"\$ac_cs_config\\"
 
diff --git a/configure.ac b/configure.ac
index 5ffcce4a..b5e9bbe2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-AC_INIT([Finit], [4.11], [https://github.com/troglobit/finit/issues],
+AC_INIT([Finit], [4.12], [https://github.com/troglobit/finit/issues],
 	[finit], [https://troglobit.com/projects/finit/])
 AC_CONFIG_AUX_DIR(aux)
 AM_INIT_AUTOMAKE([1.11 foreign dist-xz subdir-objects])
diff --git a/debian/changelog b/debian/changelog
index 15e257ea..bd4e2ddc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+finit (4.12-1) unstable; urgency=medium
+
+  * New upstream release
+    * Fix CVE-2025-32022 (Closes: #1104932)
+
+ -- Yangfl <mmyan...@gmail.com>  Fri, 09 May 2025 23:26:56 +0800
+
 finit (4.11-1) unstable; urgency=medium
 
   * New upstream release
diff --git a/plugins/urandom.c b/plugins/urandom.c
index d2a54983..2de5f820 100644
--- a/plugins/urandom.c
+++ b/plugins/urandom.c
@@ -78,6 +78,7 @@ static void setup(void *arg)
 {
 #ifdef RANDOMSEED
 	struct rand_pool_info *rpi;
+	unsigned char *rpi_buf;
 	ssize_t len = 0;
 	struct stat st;
 	int rc = -1;
@@ -103,13 +104,14 @@ static void setup(void *arg)
 			hw = fopen(hwrng, "r");
 			if (hw) {
 				char buf[512];
-				size_t len;
+				size_t num;
 
-				len = fread(buf, sizeof(buf[0]), sizeof(buf), hw);
-				if (len == 0)
+				num = fread(buf, sizeof(buf[0]), sizeof(buf), hw);
+				if (num == 0)
 					fallback(fp);
 				else
-					len = fwrite(buf, sizeof(buf[0]), len, fp);
+					fwrite(buf, sizeof(buf[0]), num, fp);
+
 				fclose(hw);
 			} else {
 				fallback(fp);
@@ -137,10 +139,11 @@ static void setup(void *arg)
 		goto fallback;
 	}
 
+	rpi_buf = (unsigned char *)rpi->buf;
 	do {
 		ssize_t num;
 
-		num = read(fd, &rpi->buf[len], RANDOM_BYTES - len);
+		num = read(fd, &rpi_buf[len], RANDOM_BYTES - len);
 		if (num <= 0) {
 			if (num == -1 && errno == EINTR)
 				continue;
diff --git a/src/cond.c b/src/cond.c
index 2b8badea..3d1b06c1 100644
--- a/src/cond.c
+++ b/src/cond.c
@@ -96,16 +96,16 @@ enum cond_state cond_get(const char *name)
 
 enum cond_state cond_get_agg(const char *names)
 {
-	static char conds[MAX_COND_LEN];
 	enum cond_state s = COND_ON;
-	char *cond;
 
-	if (!names)
-		return COND_ON;
+	if (names) {
+		char conds[strlen(names) + 1];
+		const char *cond;
 
-	strlcpy(conds, names, sizeof(conds));
-	for (cond = strtok(conds, ","); s && cond; cond = strtok(NULL, ","))
-		s = min(s, cond_get(cond));
+		strlcpy(conds, names, sizeof(conds));
+		for (cond = strtok(conds, ","); s && cond; cond = strtok(NULL, ","))
+			s = min(s, cond_get(cond));
+	}
 
 	return s;
 }
diff --git a/src/runparts.c b/src/runparts.c
index c4225ceb..51984b94 100644
--- a/src/runparts.c
+++ b/src/runparts.c
@@ -193,7 +193,7 @@ int run_parts(char *dir, char *cmd, const char *env[], int progress, int sysv)
 #ifndef __FINIT__
 static int usage(int rc)
 {
-	warnx("usage: runparts [-dhps?] DIRECTORY");
+	warnx("usage: runparts [-bdhps?] DIRECTORY");
 	return rc;
 }
 
diff --git a/src/service.c b/src/service.c
index ae997e7b..023b9bc1 100644
--- a/src/service.c
+++ b/src/service.c
@@ -2912,7 +2912,7 @@ void service_notify_cb(uev_t *w, void *arg, int events)
 	}
 
 	len = read(w->fd, buf, sizeof(buf) - 1);
-	if (len == -1) {
+	if (len <= 0) {
 		warn("Failed reading notification from %s", svc_ident(svc, NULL, 0));
 		return;
 	}
@@ -2920,7 +2920,7 @@ void service_notify_cb(uev_t *w, void *arg, int events)
 	buf[len] = 0;
 
 	/* systemd and s6, respectively.  The latter then closes the socket */
-	if (!strcmp(buf, "READY=1\n") || !strcmp(buf, "\n")) {
+	if (!strcmp(buf, "READY=1\n") || buf[len - 1] == '\n') {
 		/*
 		 * native (pidfile) services are marked as started by
 		 * the pidfile plugin.

--- End Message ---

--- Begin Message ---
Unblocked.
--- End Message ---

Bug#1106046: marked as done (unblock (pre-approval): finit/4.12-1)

Reply via email to