Control: tags 1101714 + patch Control: tags 1101714 + pending Dear maintainer,
I've prepared an NMU for augeas (versioned as 1.14.1-1.1) and uploaded it to DELAYED/2. Please feel free to tell me if I should cancel it. cu Adrian
diffstat for augeas-1.14.1 augeas-1.14.1 changelog | 8 + patches/0001-CVE-2025-2588-return-_REG_ENOSYS-if-no-specific-erro.patch | 75 ++++++++++ patches/series | 1 3 files changed, 84 insertions(+) diff -Nru augeas-1.14.1/debian/changelog augeas-1.14.1/debian/changelog --- augeas-1.14.1/debian/changelog 2023-07-16 15:17:30.000000000 +0300 +++ augeas-1.14.1/debian/changelog 2026-03-04 19:08:37.000000000 +0200 @@ -1,3 +1,11 @@ +augeas (1.14.1-1.1) unstable; urgency=medium + + * Non-maintainer upload. + * CVE-2025-2588: NULL Pointer Dereference in re_case_expand() + (Closes: #1101714) + + -- Adrian Bunk <[email protected]> Wed, 04 Mar 2026 19:08:37 +0200 + augeas (1.14.1-1) unstable; urgency=medium * New upstream version 1.14.1 diff -Nru augeas-1.14.1/debian/patches/0001-CVE-2025-2588-return-_REG_ENOSYS-if-no-specific-erro.patch augeas-1.14.1/debian/patches/0001-CVE-2025-2588-return-_REG_ENOSYS-if-no-specific-erro.patch --- augeas-1.14.1/debian/patches/0001-CVE-2025-2588-return-_REG_ENOSYS-if-no-specific-erro.patch 1970-01-01 02:00:00.000000000 +0200 +++ augeas-1.14.1/debian/patches/0001-CVE-2025-2588-return-_REG_ENOSYS-if-no-specific-erro.patch 2026-03-04 19:07:57.000000000 +0200 @@ -0,0 +1,75 @@ +From 94186679cc9ea4637537bdefe66c6a33fff1dc3a Mon Sep 17 00:00:00 2001 +From: Alexander Bokovoy <[email protected]> +Date: Sun, 30 Mar 2025 12:27:04 +0300 +Subject: CVE-2025-2588: return _REG_ENOSYS if no specific error was set yet + parse_regexp failed (#854) + +parse_regexp() supposed to set an error on the parser state in case of a +failure. If no specific error was set, return _REG_ENOSYS to indicate a +generic failure. + +Fixes: https://github.com/hercules-team/augeas/issues/671 +Fixes: https://github.com/hercules-team/augeas/issues/778 +Fixes: https://github.com/hercules-team/augeas/issues/852 + +Signed-off-by: Alexander Bokovoy <[email protected]> +--- + src/fa.c | 2 ++ + src/fa.h | 3 ++- + tests/fatest.c | 6 ++++++ + 3 files changed, 10 insertions(+), 1 deletion(-) + +diff --git a/src/fa.c b/src/fa.c +index 66ac7078..4de5675b 100644 +--- a/src/fa.c ++++ b/src/fa.c +@@ -3550,6 +3550,8 @@ static struct re *parse_regexp(struct re_parse *parse) { + return re; + + error: ++ if (re == NULL && parse->error == REG_NOERROR) ++ parse->error = _REG_ENOSYS; + re_unref(re); + return NULL; + } +diff --git a/src/fa.h b/src/fa.h +index 1fd754ad..89c9b17e 100644 +--- a/src/fa.h ++++ b/src/fa.h +@@ -81,7 +81,8 @@ extern int fa_minimization_algorithm; + * + * On success, FA points to the newly allocated automaton constructed for + * RE, and the function returns REG_NOERROR. Otherwise, FA is NULL, and the +- * return value indicates the error. ++ * return value indicates the error. Special value _REG_ENOSYS indicates ++ * fa_compile() couldn't identify the syntax issue with regexp. + * + * The FA is case sensitive. Call FA_NOCASE to switch it to + * case-insensitive. +diff --git a/tests/fatest.c b/tests/fatest.c +index 0c9ca769..6717af8f 100644 +--- a/tests/fatest.c ++++ b/tests/fatest.c +@@ -589,6 +589,7 @@ static void testExpandNoCase(CuTest *tc) { + const char *p1 = "aB"; + const char *p2 = "[a-cUV]"; + const char *p3 = "[^a-z]"; ++ const char *wrong_regexp = "{&.{"; + char *s; + size_t len; + int r; +@@ -607,6 +608,11 @@ static void testExpandNoCase(CuTest *tc) { + CuAssertIntEquals(tc, 0, r); + CuAssertStrEquals(tc, "[^A-Za-z]", s); + free(s); ++ ++ /* Test that fa_expand_nocase does return _REG_ENOSYS */ ++ r = fa_expand_nocase(wrong_regexp, strlen(wrong_regexp), &s, &len); ++ CuAssertIntEquals(tc, _REG_ENOSYS, r); ++ free(s); + } + + static void testNoCaseComplement(CuTest *tc) { +-- +2.47.3 + diff -Nru augeas-1.14.1/debian/patches/series augeas-1.14.1/debian/patches/series --- augeas-1.14.1/debian/patches/series 2022-12-11 17:48:41.000000000 +0200 +++ augeas-1.14.1/debian/patches/series 2026-03-04 19:08:36.000000000 +0200 @@ -2,3 +2,4 @@ 0002-Skip-tests-that-need-root-privileges-when-fakeroot-h.patch 0003-Make-NRPE-lens-less-strict.patch 0004-Add-Debian-specific-paths-for-ClamAV-configuration-f.patch +0001-CVE-2025-2588-return-_REG_ENOSYS-if-no-specific-erro.patch
