Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package augeas for openSUSE:Factory checked in at 2025-04-24 17:25:07 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/augeas (Old) and /work/SRC/openSUSE:Factory/.augeas.new.30101 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "augeas" Thu Apr 24 17:25:07 2025 rev:61 rq:1272207 version:1.14.1 Changes: -------- --- /work/SRC/openSUSE:Factory/augeas/augeas.changes 2023-08-30 10:18:58.932933650 +0200 +++ /work/SRC/openSUSE:Factory/.augeas.new.30101/augeas.changes 2025-04-24 17:25:31.289354440 +0200 @@ -1,0 +2,6 @@ +Wed Apr 23 14:28:54 UTC 2025 - Martin Schreiner <martin.schrei...@suse.com> + +- Add patch, fix for bsc#1239909 / CVE-2025-2588: + * CVE-2025-2588.patch + +------------------------------------------------------------------- New: ---- CVE-2025-2588.patch BETA DEBUG BEGIN: New:- Add patch, fix for bsc#1239909 / CVE-2025-2588: * CVE-2025-2588.patch BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ augeas.spec ++++++ --- /var/tmp/diff_new_pack.yrKj14/_old 2025-04-24 17:25:31.789375422 +0200 +++ /var/tmp/diff_new_pack.yrKj14/_new 2025-04-24 17:25:31.789375422 +0200 @@ -1,7 +1,7 @@ # # spec file for package augeas # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2025 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -29,6 +29,7 @@ Patch0: augeas-modprobe-lense.patch # from https://patch-diff.githubusercontent.com/raw/hercules-team/augeas/pull/755.patch Patch1: gcc9-disable-broken-test.patch +Patch2: CVE-2025-2588.patch BuildRequires: glibc-locale BuildRequires: pkgconfig BuildRequires: readline-devel ++++++ CVE-2025-2588.patch ++++++ >From 6ce53562bde98cec1a0595b9a21403298c8ad99d Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy <aboko...@redhat.com> Date: Mon, 24 Mar 2025 09:48:19 +0200 Subject: [PATCH] CVE-2025-2588: return _REG_ENOSYS if no specific error was set yet parse_regexp failed parse_regexp() supposed to set an error on the parser state in case of a failure. If no specific error was set, return _REG_ENOSYS to indicate a generic failure. Fixes: https://github.com/hercules-team/augeas/issues/671 Fixes: https://github.com/hercules-team/augeas/issues/778 Fixes: https://github.com/hercules-team/augeas/issues/852 Signed-off-by: Alexander Bokovoy <aboko...@redhat.com> --- src/fa.c | 2 ++ src/fa.h | 3 ++- tests/fatest.c | 6 ++++++ 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/src/fa.c b/src/fa.c index 66ac70784..4de5675b9 100644 --- a/src/fa.c +++ b/src/fa.c @@ -3550,6 +3550,8 @@ static struct re *parse_regexp(struct re_parse *parse) { return re; error: + if (re == NULL && parse->error == REG_NOERROR) + parse->error = _REG_ENOSYS; re_unref(re); return NULL; } diff --git a/src/fa.h b/src/fa.h index 1fd754ad0..89c9b17e9 100644 --- a/src/fa.h +++ b/src/fa.h @@ -81,7 +81,8 @@ extern int fa_minimization_algorithm; * * On success, FA points to the newly allocated automaton constructed for * RE, and the function returns REG_NOERROR. Otherwise, FA is NULL, and the - * return value indicates the error. + * return value indicates the error. Special value _REG_ENOSYS indicates + * fa_compile() couldn't identify the syntax issue with regexp. * * The FA is case sensitive. Call FA_NOCASE to switch it to * case-insensitive. diff --git a/tests/fatest.c b/tests/fatest.c index 0c9ca7696..6717af8f4 100644 --- a/tests/fatest.c +++ b/tests/fatest.c @@ -589,6 +589,7 @@ static void testExpandNoCase(CuTest *tc) { const char *p1 = "aB"; const char *p2 = "[a-cUV]"; const char *p3 = "[^a-z]"; + const char *wrong_regexp = "{&.{"; char *s; size_t len; int r; @@ -607,6 +608,11 @@ static void testExpandNoCase(CuTest *tc) { CuAssertIntEquals(tc, 0, r); CuAssertStrEquals(tc, "[^A-Za-z]", s); free(s); + + /* Test that fa_expand_nocase does return _REG_ENOSYS */ + r = fa_expand_nocase(wrong_regexp, strlen(wrong_regexp), &s, &len); + CuAssertIntEquals(tc, _REG_ENOSYS, r); + free(s); } static void testNoCaseComplement(CuTest *tc) {
