diff --git a/SPECS/fluent-bit/CVE-2024-25431.patch b/SPECS/fluent-bit/CVE-2024-25431.patch new file mode 100644 index 00000000000..d0b4906e6c0 --- /dev/null +++ b/SPECS/fluent-bit/CVE-2024-25431.patch @@ -0,0 +1,48 @@ +diff --git a/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_loader.c b/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_loader.c +index 2a06f42..506ee29 100644 +--- a/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_loader.c ++++ b/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/interpreter/wasm_loader.c +@@ -3980,14 +3980,22 @@ check_wasi_abi_compatibility(const WASMModule *module, + /* clang-format on */ + + WASMExport *initialize = NULL, *memory = NULL, *start = NULL; ++ uint32 import_function_count = module->import_function_count; ++ WASMType *func_type; + + /* (func (export "_start") (...) */ + start = wasm_loader_find_export(module, "", "_start", EXPORT_KIND_FUNC, + error_buf, error_buf_size); + if (start) { +- WASMType *func_type = +- module->functions[start->index - module->import_function_count] +- ->func_type; ++ if (start->index < import_function_count) { ++ set_error_buf( ++ error_buf, error_buf_size, ++ "the builtin _start function can not be an import function"); ++ return false; ++ } ++ ++ func_type = ++ module->functions[start->index - import_function_count]->func_type; + if (func_type->param_count || func_type->result_count) { + set_error_buf(error_buf, error_buf_size, + "the signature of builtin _start function is wrong"); +@@ -3999,8 +4007,15 @@ check_wasi_abi_compatibility(const WASMModule *module, + initialize = wasm_loader_find_export( + module, "", "_initialize", EXPORT_KIND_FUNC, error_buf, error_buf_size); + if (initialize) { +- WASMType *func_type = +- module->functions[initialize->index - module->import_function_count] ++ if (initialize->index < import_function_count) { ++ set_error_buf(error_buf, error_buf_size, ++ "the builtin _initialize function can not be an " ++ "import function"); ++ return false; ++ } ++ ++ func_type = ++ module->functions[initialize->index - import_function_count] + ->func_type; + if (func_type->param_count || func_type->result_count) { + set_error_buf( diff --git a/SPECS/fluent-bit/fluent-bit.spec b/SPECS/fluent-bit/fluent-bit.spec index d53d88689a4..a2b25ca5b80 100644 --- a/SPECS/fluent-bit/fluent-bit.spec +++ b/SPECS/fluent-bit/fluent-bit.spec @@ -1,13 +1,24 @@ Summary: Fast and Lightweight Log processor and forwarder for Linux, BSD and OSX Name: fluent-bit +<<<<<<< HEAD Version: 3.1.9 Release: 1%{?dist} +======= +Version: 3.0.6 +Release: 3%{?dist} +>>>>>>> 3988fcb62 (fluent-bit: Address CVE-2024-25431 (#11096)) License: Apache-2.0 Vendor: Microsoft Corporation Distribution: Azure Linux URL: https://fluentbit.io Source0: https://github.com/fluent/%{name}/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz Patch0: CVE-2024-34250.patch +<<<<<<< HEAD +======= +Patch1: CVE-2024-25629.patch +Patch2: CVE-2024-28182.patch +Patch3: CVE-2024-25431.patch +>>>>>>> 3988fcb62 (fluent-bit: Address CVE-2024-25431 (#11096)) BuildRequires: bison BuildRequires: cmake BuildRequires: cyrus-sasl-devel @@ -82,9 +93,14 @@ Development files for %{name} %{_libdir}/fluent-bit/*.so %changelog +<<<<<<< HEAD * Tue Nov 05 2024 Paul Meyer - 3.1.9-1 - Update to 3.1.9 to enable Lua filter plugin using system luajit library. - Remove patches for CVE-2024-25629 and CVE-2024-28182 as they are fixed in 3.1.9. +======= +* Fri Nov 15 2024 Ankita Pareek - 3.0.6-3 +- Address CVE-2024-25431 +>>>>>>> 3988fcb62 (fluent-bit: Address CVE-2024-25431 (#11096)) * Tue Oct 15 2024 Chris Gunn - 3.0.6-2 - CVE-2024-34250