!71 [sync] PR-67: fix CVE-2025-2588

From: @openeuler-sync-bot Reviewed-by: @t_feng Signed-off-by: @t_feng
fix CVE-2025-2588
2025-04-09 08:56:07 +00:00 · 2025-04-09 14:25:56 +08:00 · 2023-12-29 07:14:47 +00:00 · 2023-12-28 17:07:11 +08:00 · 2023-02-07 08:47:40 +00:00 · 2023-02-02 06:05:14 +00:00
5 changed files with 121 additions and 7 deletions
--- a/augeas-1.13.0.tar.gz
+++ b/augeas-1.13.0.tar.gz
--- a/augeas-1.14.1.tar.gz
+++ b/augeas-1.14.1.tar.gz
--- a/augeas.spec
+++ b/augeas.spec
@ -1,10 +1,10 @@
 Name:               augeas
-Version:            1.13.0
+Version:            1.14.1
-Release:            4
+Release:            2
 Summary:            Augeas is a configuration editing tool for changing configuration files
 License:            LGPLv2+
 URL:                https://augeas.net/
-Source0:            https://github.com/hercules-team/augeas/archive/refs/tags/release-%{version}.tar.gz#/%{name}-%{version}.tar.gz
+Source0:            https://github.com/hercules-team/augeas/releases/download/release-%{version}/%{name}-%{version}.tar.gz
 BuildRequires:      gcc libselinux-devel libxml2-devel readline-devel 
 BuildRequires:      autoconf automake libtool git gnulib flex
@ -14,9 +14,11 @@ Obsoletes:          augeas-libs < %{version}-%{release}
 Patch0001: 	    avoid-NULL-pointer-dereference-in-function-re_case_expand.patch
 Patch6000:	    backport-revert-add-else-operator-to-augeas-path-filter-expressions.patch
 Patch6001:	    backport-CVE-2025-2588.patch
 %if "0%{?product_family}" != "0"
 Patch9000:          decrease-HASHCOUNT_T_MAX-to-avoid-the-OOM-during-the-Fuzz-test.patch
 %endif
 Patch9001:          fix-segment-fault-when-use-augtool.patch
 %description
 Augeas is a configuration editing tool. It parses configuration files in their native
@ -42,12 +44,11 @@ Provide header files and libraries for the use of building a extension library f
 %package_help
 %prep
-%autosetup -n %{name}-release-%{version} -p1
+%autosetup -n %{name}-%{version} -p1
 %build
 git init
-cp /usr/bin/gnulib-tool %{_builddir}/%{name}-release-%{version}/.gnulib
+cp /usr/bin/gnulib-tool %{_builddir}/%{name}-%{version}/.gnulib
 ./autogen.sh
 %configure
 %make_build -j1
@ -101,8 +102,21 @@ make check
 %defattr(-,root,root)
 %doc NEWS
 %doc %{_mandir}/man1/au*.1.gz
 %doc %{_datadir}/bash-completion/completions/aug*
 %changelog
 * Thu Apr 03 2025 zhangpan <zhangpan103@h-partners.com> - 1.14.1-2
 - fix CVE-2025-2588
 * Thu Dec 28 2023 Paul Thomas <paulthomas100199@gmail.com> - 1.14.1-1
 - update to version 1.14.1
 * Thu Feb 02 2023 zhouwenpei <zhouwenpei1@h-partners.com> - 1.14.0-1
 - update to 1.14.0
 * Tue Dec 13 2022 wangkerong <wangkerong@h-partners.com> - 1.13.0-5
 - fix segment fault when use augtool command
 * Thu Jun 16 2022 wangkerong <wangkerong@h-partners.com> - 1.13.0-4
 - revert this patch,resolv use-after-free issue when fuzz test
@ -116,7 +130,7 @@ make check
 * Fri Dec 03 2021 wangkerong <wangkerong@huawei.com> - 1.13.0-1
 - update to 1.13.0
-* Tue Mar 18 2021 chengguipeng <chengguipeng1@huawei.com> - 1.12.0-7
+* Thu Mar 18 2021 chengguipeng <chengguipeng1@huawei.com> - 1.12.0-7
 - Type:bugfix
 - ID:NA
 - SUG:NA
--- a/backport-CVE-2025-2588.patch
+++ b/backport-CVE-2025-2588.patch
@ -0,0 +1,76 @@
 From af2aa88ab37fc48167d8c5e43b1770a4ba2ff403 Mon Sep 17 00:00:00 2001
 From: Alexander Bokovoy <abbra@users.noreply.github.com>
 Date: Sun, 30 Mar 2025 12:27:04 +0300
 Subject: [PATCH] CVE-2025-2588: return _REG_ENOSYS if no specific error was
 set yet parse_regexp failed (#854)
 parse_regexp() supposed to set an error on the parser state in case of a
 failure. If no specific error was set, return _REG_ENOSYS to indicate a
 generic failure.
 Fixes: https://github.com/hercules-team/augeas/issues/671
 Fixes: https://github.com/hercules-team/augeas/issues/778
 Fixes: https://github.com/hercules-team/augeas/issues/852
 Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
 Reference:https://github.com/hercules-team/augeas/commit/af2aa88ab37fc48167d8c5e43b1770a4ba2ff403
 Conflict:NA
 ---
 src/fa.c       | 2 ++
 src/fa.h       | 3 ++-
 tests/fatest.c | 6 ++++++
 3 files changed, 10 insertions(+), 1 deletion(-)
 diff --git a/src/fa.c b/src/fa.c
 index 66ac70784..4de5675b9 100644
 --- a/src/fa.c
 +++ b/src/fa.c
@@ -3550,6 +3550,8 @@ static struct re *parse_regexp(struct re_parse *parse) {
     return re;
  error:
 +    if (re == NULL && parse->error == REG_NOERROR)
 +        parse->error = _REG_ENOSYS;
     re_unref(re);
     return NULL;
 }
 diff --git a/src/fa.h b/src/fa.h
 index 1fd754ad0..89c9b17e9 100644
 --- a/src/fa.h
 +++ b/src/fa.h
@@ -81,7 +81,8 @@ extern int fa_minimization_algorithm;
  *
  * On success, FA points to the newly allocated automaton constructed for
  * RE, and the function returns REG_NOERROR. Otherwise, FA is NULL, and the
 - * return value indicates the error.
 + * return value indicates the error. Special value _REG_ENOSYS indicates
 + * fa_compile() couldn't identify the syntax issue with regexp.
  *
  * The FA is case sensitive. Call FA_NOCASE to switch it to
  * case-insensitive.
 diff --git a/tests/fatest.c b/tests/fatest.c
 index 0c9ca7696..6717af8f4 100644
 --- a/tests/fatest.c
 +++ b/tests/fatest.c
@@ -589,6 +589,7 @@ static void testExpandNoCase(CuTest *tc) {
     const char *p1 = "aB";
     const char *p2 = "[a-cUV]";
     const char *p3 = "[^a-z]";
 +    const char *wrong_regexp = "{&.{";
     char *s;
     size_t len;
     int r;
@@ -607,6 +608,11 @@ static void testExpandNoCase(CuTest *tc) {
     CuAssertIntEquals(tc, 0, r);
     CuAssertStrEquals(tc, "[^A-Za-z]", s);
     free(s);
 +
 +    /* Test that fa_expand_nocase does return _REG_ENOSYS */
 +    r = fa_expand_nocase(wrong_regexp, strlen(wrong_regexp), &s, &len);
 +    CuAssertIntEquals(tc, _REG_ENOSYS, r);
 +    free(s);
 }
 static void testNoCaseComplement(CuTest *tc) {
--- a/fix-segment-fault-when-use-augtool.patch
+++ b/fix-segment-fault-when-use-augtool.patch
@ -0,0 +1,24 @@
 From f13e8f91110e1fa3dbd1e053c8f6ffee9e6cdd5d Mon Sep 17 00:00:00 2001
 From: wangkerong <wangkerong@h-partners.com>
 Date: Tue, 10 May 2022 14:35:21 +0800
 Subject: [PATCH] modify-augtool-err.patch
 ---
 src/get.c | 1 +
 1 file changed, 1 insertion(+)
 diff --git a/src/get.c b/src/get.c
 index 94b9ba2..64dc5c1 100644
 --- a/src/get.c
 +++ b/src/get.c
@@ -455,6 +455,7 @@ static int match(struct state *state, struct lens *lens,
     if (count < -1) {
         regexp_match_error(state, lens, count, re);
         FREE(regs);
 +        FREE(re->re);
         return -1;
     }
     state->regs = regs;
 -- 
 2.27.0
Author	SHA1	Message	Date
openeuler-ci-bot	935d8d672b	!71 [sync] PR-67: fix CVE-2025-2588 From: @openeuler-sync-bot Reviewed-by: @t_feng Signed-off-by: @t_feng	2025-04-09 08:56:07 +00:00
zhangpan	a1e0136e5d	fix CVE-2025-2588 (cherry picked from commit 373284f7b6e7df53ae58192fdc544a9fe6faffe2)	2025-04-09 14:25:56 +08:00
openeuler-ci-bot	b62b12860f	!66 update to version 1.14.1 From: @paulthomas100199 Reviewed-by: @open-bot Signed-off-by: @open-bot	2023-12-29 07:14:47 +00:00
lwg	6b227ba7be	update to version 1.14.1	2023-12-28 17:07:11 +08:00
openeuler-ci-bot	1f7254ad61	!65 update to 1.14.0 From: @zhouwenpei Reviewed-by: @t_feng Signed-off-by: @t_feng	2023-02-07 08:47:40 +00:00
zhouwenpei	0bbea0416b	update to 1.14.0	2023-02-02 06:05:14 +00:00
openeuler-ci-bot	9697ed6b74	!58 fix segment fault when use augtool command From: @kerongw Reviewed-by: @t_feng Signed-off-by: @t_feng	2022-12-14 02:19:26 +00:00
wangkerong	3f359199e0	-amend	2022-12-14 01:28:17 +00:00
wangkerong	cf84eeb5ec	fix segment fault when use augtool command	2022-12-13 08:49:51 +00:00
openeuler-ci-bot	372aaf557c	!44 【轻量级 PR】：update changelog date From: @zhangshaoning_uniontech Reviewed-by: @t_feng Signed-off-by: @t_feng	2022-11-17 07:26:42 +00:00
zhangshaoning	488ca4779e	update changelog date	2022-05-12 08:43:17 +00:00