6 files changed, 379 insertions, 0 deletions
diff --git a/app-admin/augeas/files/augeas-0.10.0-gets.patch b/app-admin/augeas/files/augeas-0.10.0-gets.patch
new file mode 100644
index 000000000000..5f754955be6c
--- /dev/null
+++ b/app-admin/augeas/files/augeas-0.10.0-gets.patch
@@ -0,0 +1,15 @@
+ gnulib/lib/stdio.in.h | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/gnulib/lib/stdio.in.h b/gnulib/lib/stdio.in.h
+index 9091497..fa7e3fb 100644
+--- a/gnulib/lib/stdio.in.h
++++ b/gnulib/lib/stdio.in.h
+@@ -162,7 +162,6 @@ _GL_WARN_ON_USE (fflush, "fflush is not always POSIX compliant - "
+    so any use of gets warrants an unconditional warning.  Assume it is
+    always declared, since it is required by C89.  */
+ #undef gets
+-_GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
+ 
+ #if @GNULIB_FOPEN@
+ # if @REPLACE_FOPEN@
diff --git a/app-admin/augeas/files/augeas-0.10.0-libxml2-pkgconfig.patch b/app-admin/augeas/files/augeas-0.10.0-libxml2-pkgconfig.patch
new file mode 100644
index 000000000000..aaa418670154
--- /dev/null
+++ b/app-admin/augeas/files/augeas-0.10.0-libxml2-pkgconfig.patch
@@ -0,0 +1,24 @@
+From b41deef293841da50a236023bad486ea3f57e4dc Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Sat, 3 Dec 2011 14:21:50 +0000
+Subject: [PATCH] pkg-config: Augeas requires libxml2.
+
+---
+ augeas.pc.in |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/augeas.pc.in b/augeas.pc.in
+index c97847d..9e166db 100644
+--- a/augeas.pc.in
++++ b/augeas.pc.in
+@@ -6,6 +6,6 @@ includedir=@includedir@
+ Name: augeas
+ Version: @VERSION@
+ Description: Augeas configuration editing library
+-Requires:
++Requires.private: libxml-2.0
+ Libs: -L${libdir} -laugeas @LIBS@
+ Cflags: -I${includedir}
+-- 
+1.7.6
+
diff --git a/app-admin/augeas/files/augeas-0.10.0-test.patch b/app-admin/augeas/files/augeas-0.10.0-test.patch
new file mode 100644
index 000000000000..e2630014f29a
--- /dev/null
+++ b/app-admin/augeas/files/augeas-0.10.0-test.patch
@@ -0,0 +1,56 @@
+From 075f8d35497fb36d9193e5364c055049c66fa5eb Mon Sep 17 00:00:00 2001
+From: Lubomir Rintel <lubo.rintel@gooddata.com>
+Date: Mon, 9 Jan 2012 18:52:11 +0100
+Subject: [PATCH 1/2] Allow JSON number literals to be followed by whitespace
+
+Add a test case.
+
+Fixes https://fedorahosted.org/augeas/ticket/247
+---
+ AUTHORS                    |    1 +
+ lenses/json.aug            |    2 +-
+ lenses/tests/test_json.aug |    3 +++
+ 3 files changed, 5 insertions(+), 1 deletions(-)
+
+diff --git a/AUTHORS b/AUTHORS
+index df63f95..e7870f2 100644
+--- a/AUTHORS
++++ b/AUTHORS
+@@ -44,6 +44,7 @@ Contributions by:
+   Bill Pemberton              <wfp5p@virginia.edu>
+   Alan Pevec                  <apevec@redhat.com>
+   Robin Lee Powell            <rlpowell@digitalkingdom.org>
++  Lubomir Rintel              <lubo.rintel@gooddata.com>
+   Roman Rakus                 <rrakus@redhat.com>
+   Satoru SATOH                <satoru.satoh@gmail.com>
+   Nicolas Valcárcel Scerpella <nvalcarcel@ubuntu.com>
+diff --git a/lenses/json.aug b/lenses/json.aug
+index c22ad90..6ceab09 100644
+--- a/lenses/json.aug
++++ b/lenses/json.aug
+@@ -29,7 +29,7 @@ let str_store =
+   let q =  del "\"" "\"" in
+   q . store /[^"]*/ . q . ws             (* " Emacs, relax *)
+ 
+-let number = [ label "number" . store /-?[0-9]+(\.[0-9]+)?([eE][+-]?[0-9]+)?/ ]
++let number = [ label "number" . store /-?[0-9]+(\.[0-9]+)?([eE][+-]?[0-9]+)?/ . ws ]
+ let str = [ label "string" . str_store ]
+ 
+ let const (r:regexp) = [ label "const" . store r . ws ]
+diff --git a/lenses/tests/test_json.aug b/lenses/tests/test_json.aug
+index 0bcd25d..d8b7fa8 100644
+--- a/lenses/tests/test_json.aug
++++ b/lenses/tests/test_json.aug
+@@ -8,6 +8,9 @@ test lns get "true" = { "const" = "true" }
+ 
+ test lns get "3.141" = { "number" = "3.141" }
+ 
++test lns get "{ \"key\" : 666 }" =
++  { "dict" { "entry" = "key" { "number" = "666" } } }
++
+ test lns get "[true, 0, \"yo\"]" =
+   { "array" { "const" = "true" } { "number" = "0" } { "string" = "yo" } }
+ 
+-- 
+1.7.7.5
+
diff --git a/app-admin/augeas/files/augeas-0.10.0-test2.patch b/app-admin/augeas/files/augeas-0.10.0-test2.patch
new file mode 100644
index 000000000000..743ccfdce1fc
--- /dev/null
+++ b/app-admin/augeas/files/augeas-0.10.0-test2.patch
@@ -0,0 +1,49 @@
+From 100a7b38222a63c6435a72b4974b55f39a28989e Mon Sep 17 00:00:00 2001
+From: Lubomir Rintel <lubo.rintel@gooddata.com>
+Date: Mon, 9 Jan 2012 19:24:41 +0100
+Subject: [PATCH 2/2] Correctly parse empty object and arrays in JSON
+
+Add a test case.
+Fix from David Lutterkort <lutter@redhat.com>.
+
+https://fedorahosted.org/augeas/ticket/248
+---
+ lenses/json.aug            |    4 ++--
+ lenses/tests/test_json.aug |    5 +++++
+ 2 files changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/lenses/json.aug b/lenses/json.aug
+index 6ceab09..2645806 100644
+--- a/lenses/json.aug
++++ b/lenses/json.aug
+@@ -37,9 +37,9 @@ let const (r:regexp) = [ label "const" . store r . ws ]
+ let value0 = str | number | const /true|false|null/
+ 
+ let fix_value (value:lens) =
+-  let array = [ label "array" . lbrack . Build.opt_list value comma . rbrack ] in
++  let array = [ label "array" . lbrack . (Build.opt_list value comma)? . rbrack ] in
+   let pair = [ label "entry" . str_store . colon . value ] in
+-  let obj = [ label "dict" . lbrace . Build.opt_list pair comma . rbrace ] in
++  let obj = [ label "dict" . lbrace . (Build.opt_list pair comma)? . rbrace ] in
+   (str | number | obj | array | const /true|false|null/)
+ 
+ (* Typecheck finitely deep nesting *)
+diff --git a/lenses/tests/test_json.aug b/lenses/tests/test_json.aug
+index d8b7fa8..aec7d4c 100644
+--- a/lenses/tests/test_json.aug
++++ b/lenses/tests/test_json.aug
+@@ -30,6 +30,11 @@ test lns get "{ \"0\": true, \"1\":false }" =
+ test lns get "{\"menu\": \"entry one\"}" =
+   { "dict" { "entry" = "menu" { "string" = "entry one" } } }
+ 
++test lns get "[ ]" =
++  { "array" }
++
++test lns get "{}" =
++  { "dict" }
+ 
+ let s = "{\"menu\": {
+   \"id\": \"file\",
+-- 
+1.7.7.5
+
diff --git a/app-admin/augeas/files/cve-2017-7555.patch b/app-admin/augeas/files/cve-2017-7555.patch
new file mode 100644
index 000000000000..aaacdc2674c0
--- /dev/null
+++ b/app-admin/augeas/files/cve-2017-7555.patch
@@ -0,0 +1,159 @@
+From 4cca923b732990bec0c699b2e69911c2221b2498 Mon Sep 17 00:00:00 2001
+From: David Lutterkort <lutter@watzmann.net>
+Date: Fri, 4 Aug 2017 17:13:52 -0700
+Subject: [PATCH] * src/pathx.c (parse_name): correctly handle trailing
+ whitespace in names
+
+When a name ended in whitespace, we incorrectly assumed it was always ok to
+trim that whitespace. That is not true if that whitespace is escaped,
+i.e. if the path expression is something like '/x\ '. In that case, the
+name really needs to be literally 'x ', i.e., we can not trim that
+whitespace.
+
+The incorrect behavior led to turning '/x\ ' first into 'x\' and then,
+because we assume that '\' is always followed by a character inside the
+string, when we removed the escaping '\', we would read beyond the end of
+the intermediate string result; if we were lucky, that would lead to a
+crash, otherwise we'd continue with junk.
+
+We now make sure that escaped whitespace at the end of a string does not
+get stripped, avoiding all these headaches.
+
+Fixes RHBZ https://bugzilla.redhat.com/show_bug.cgi?id=1475621
+---
+ src/pathx.c        | 27 +++++++++++++++++++------
+ tests/test-xpath.c | 59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 80 insertions(+), 6 deletions(-)
+
+diff --git a/src/pathx.c b/src/pathx.c
+index d292cb30..9a2f9c76 100644
+--- a/src/pathx.c
++++ b/src/pathx.c
+@@ -1710,6 +1710,16 @@ int pathx_escape_name(const char *in, char **out) {
+     return 0;
+ }
+ 
++/* Return true if POS is preceded by an odd number of backslashes, i.e., if
++ * POS is escaped. Stop the search when we get to START */
++static bool backslash_escaped(const char *pos, const char *start) {
++    bool result=false;
++    while (pos-- > start && *pos == '\\') {
++        result = !result;
++    }
++    return result;
++}
++
+ /*
+  * NameNoWS ::= [^][|/\= \t\n] | \\.
+  * NameWS   ::= [^][|/\=] | \\.
+@@ -1719,11 +1729,14 @@ static char *parse_name(struct state *state) {
+     const char *s = state->pos;
+     char *result;
+ 
++    /* Advance state->pos until it points to the first character that is
++     * not part of a name. */
+     while (*state->pos != '\0' && strchr(name_follow, *state->pos) == NULL) {
+-        /* This is a hack: since we allow spaces in names, we need to avoid
+-         * gobbling up stuff that is in follow(Name), e.g. 'or' so that
+-         * things like [name1 or name2] still work.
+-         */
++        /* Since we allow spaces in names, we need to avoid gobbling up
++         * stuff that is in follow(Name), e.g. 'or' so that things like
++         * [name1 or name2] still work. In other words, we'll parse 'x frob
++         * y' as one name, but for 'x or y', we consider 'x' a name in its
++         * own right. */
+         if (STREQLEN(state->pos, " or ", strlen(" or ")) ||
+             STREQLEN(state->pos, " and ", strlen(" and ")))
+             break;
+@@ -1738,10 +1751,12 @@ static char *parse_name(struct state *state) {
+         state->pos += 1;
+     }
+ 
+-    /* Strip trailing white space */
++    /* Strip trailing white space. Make sure we respect escaped whitespace
++     * and don't strip it as in "x\\ " */
+     if (state->pos > s) {
+         state->pos -= 1;
+-        while (isspace(*state->pos) && state->pos >= s)
++        while (isspace(*state->pos) && state->pos > s
++               && !backslash_escaped(state->pos, s))
+             state->pos -= 1;
+         state->pos += 1;
+     }
+diff --git a/tests/test-xpath.c b/tests/test-xpath.c
+index 3e418e5f..82986474 100644
+--- a/tests/test-xpath.c
++++ b/tests/test-xpath.c
+@@ -355,6 +355,62 @@ static int test_wrong_regexp_flag(struct augeas *aug) {
+     return -1;
+ }
+ 
++static int test_trailing_ws_in_name(struct augeas *aug) {
++    int r;
++
++    printf("%-30s ... ", "trailing_ws_in_name");
++
++    /* We used to incorrectly lop escaped whitespace off the end of a
++     * name. Make sure that we really create a tree node with label 'x '
++     * with the below set, and look for it in a number of ways to ensure we
++     * are not lopping off trailing whitespace. */
++    r = aug_set(aug, "/ws\\ ", "1");
++    if (r < 0) {
++        fprintf(stderr, "failed to set '/ws ': %d\n", r);
++        goto fail;
++    }
++    /* We did not create a node with label 'ws' */
++    r = aug_get(aug, "/ws", NULL);
++    if (r != 0) {
++        fprintf(stderr, "created '/ws' instead: %d\n", r);
++        goto fail;
++    }
++
++    /* We did not create a node with label 'ws\t' (this also checks that we
++     * don't create something like 'ws\\' by dropping the last whitespace
++     * character. */
++    r = aug_get(aug, "/ws\\\t", NULL);
++    if (r != 0) {
++        fprintf(stderr, "found '/ws\\t': %d\n", r);
++        goto fail;
++    }
++
++    /* But we did create 'ws ' */
++    r = aug_get(aug, "/ws\\ ", NULL);
++    if (r != 1) {
++        fprintf(stderr, "could not find '/ws ': %d\n", r);
++        goto fail;
++    }
++
++    /* If the whitespace is preceded by an even number of '\\' chars,
++     * whitespace must be stripped */
++    r = aug_set(aug, "/nows\\\\ ", "1");
++    if (r < 0) {
++        fprintf(stderr, "set of '/nows' failed: %d\n", r);
++        goto fail;
++    }
++    r = aug_get(aug, "/nows\\\\", NULL);
++    if (r != 1) {
++        fprintf(stderr, "could not get '/nows\\'\n");
++        goto fail;
++    }
++    printf("PASS\n");
++    return 0;
++ fail:
++    printf("FAIL\n");
++    return -1;
++}
++
+ static int run_tests(struct test *tests, int argc, char **argv) {
+     char *lensdir;
+     struct augeas *aug = NULL;
+@@ -398,6 +454,9 @@ static int run_tests(struct test *tests, int argc, char **argv) {
+ 
+         if (test_wrong_regexp_flag(aug) < 0)
+             result = EXIT_FAILURE;
++
++        if (test_trailing_ws_in_name(aug) < 0)
++            result = EXIT_FAILURE;
+     }
+     aug_close(aug);
+     free(lensdir);
diff --git a/app-admin/augeas/files/cve-bunch-of-them-symlink.patch b/app-admin/augeas/files/cve-bunch-of-them-symlink.patch
new file mode 100644
index 000000000000..3bd1d95ae42d
--- /dev/null
+++ b/app-admin/augeas/files/cve-bunch-of-them-symlink.patch
@@ -0,0 +1,76 @@
+From 051c73a9a7ffe9e525f6f0a1b8f5198ff8cc6752 Mon Sep 17 00:00:00 2001
+From: Dominic Cleal <dcleal@redhat.com>
+Date: Sat, 11 Aug 2012 20:39:14 +0100
+Subject: [PATCH] Fix regression in permissions of created files
+
+Commit 16387744 changed temporary file creation to use mkstemp, resulting in
+new files being created with 0600 permissions.  For brand new files created
+through Augeas, their permissions stayed at 0600 rather than being set by the
+umask as before.
+
+  * src/transform.c (transform_save): chmod after creating new files to
+    permissions implied by the umask
+---
+ src/transform.c        | 10 ++++++++++
+ tests/test-preserve.sh | 15 ++++++++++++++-
+ 2 files changed, 24 insertions(+), 1 deletion(-)
+
+diff --git a/src/transform.c b/src/transform.c
+index a3acd10..1ca3d5f 100644
+--- a/src/transform.c
++++ b/src/transform.c
+@@ -1096,6 +1096,16 @@ int transform_save(struct augeas *aug, struct tree *xfm,
+             err_status = "xfer_attrs";
+             goto done;
+         }
++    } else {
++        /* Since mkstemp is used, the temp file will have secure permissions
++         * instead of those implied by umask, so change them for new files */
++        mode_t curumsk = umask(022);
++        umask(curumsk);
++
++        if (fchmod(fileno(fp), 0666 - curumsk) < 0) {
++            err_status = "create_chmod";
++            return -1;
++        }
+     }
+ 
+     if (tree != NULL)
+diff --git a/tests/test-preserve.sh b/tests/test-preserve.sh
+index 042dab9..9719ac6 100755
+--- a/tests/test-preserve.sh
++++ b/tests/test-preserve.sh
+@@ -59,9 +59,12 @@ if [ $selinux = yes -a xetc_t != "x$act_con" ] ; then
+     exit 1
+ fi
+ 
+-# Check that we create new files without error
++# Check that we create new files without error and with permissions implied
++# from the umask
+ init_dirs
+ 
++oldumask=$(umask)
++umask 0002
+ $AUGTOOL > /dev/null <<EOF
+ set /files/etc/hosts/1/ipaddr 127.0.0.1
+ set /files/etc/hosts/1/canonical host.example.com
+@@ -71,6 +74,16 @@ if [ $? != 0 ] ; then
+     echo "augtool failed on new file"
+     exit 1
+ fi
++if [ ! -e $hosts ]; then
++    echo "augtool didn't create new /etc/hosts file"
++    exit 1
++fi
++act_mode=$(ls -l $hosts | cut -b 1-10)
++if [ x-rw-rw-r-- != "x$act_mode" ] ; then
++    echo "Expected mode 0664 due to $(umask) umask but got $act_mode"
++    exit 1
++fi
++umask $oldumask
+ 
+ # Check that we create new files without error when backups are requested
+ init_dirs
+-- 
+1.8.5.1
+