diff --git a/SPECS/influxdb/CVE-2025-65637.patch b/SPECS/influxdb/CVE-2025-65637.patch new file mode 100644 index 00000000000..abb455a13dc --- /dev/null +++ b/SPECS/influxdb/CVE-2025-65637.patch @@ -0,0 +1,136 @@ +From 0842623b5831c81806004affadbd658e196d4d85 Mon Sep 17 00:00:00 2001 +From: Chris +Date: Fri, 10 Mar 2023 13:45:41 -0800 +Subject: [PATCH 1/2] This commit fixes a potential denial of service + vulnerability in logrus.Writer() that could be triggered by logging text + longer than 64kb without newlines. Previously, the bufio.Scanner used by + Writer() would hang indefinitely when reading such text without newlines, + causing the application to become unresponsive. + +--- + vendor/github.com/sirupsen/logrus/writer.go | 33 ++++++++++++++++++++- + 1 file changed, 32 insertions(+), 1 deletion(-) + +diff --git a/vendor/github.com/sirupsen/logrus/writer.go b/vendor/github.com/sirupsen/logrus/writer.go +index 72e8e3a..36032d0 100644 +--- a/vendor/github.com/sirupsen/logrus/writer.go ++++ b/vendor/github.com/sirupsen/logrus/writer.go +@@ -4,6 +4,7 @@ import ( + "bufio" + "io" + "runtime" ++ "strings" + ) + + // Writer at INFO level. See WriterLevel for details. +@@ -20,15 +21,18 @@ func (logger *Logger) WriterLevel(level Level) *io.PipeWriter { + return NewEntry(logger).WriterLevel(level) + } + ++// Writer returns an io.Writer that writes to the logger at the info log level + func (entry *Entry) Writer() *io.PipeWriter { + return entry.WriterLevel(InfoLevel) + } + ++// WriterLevel returns an io.Writer that writes to the logger at the given log level + func (entry *Entry) WriterLevel(level Level) *io.PipeWriter { + reader, writer := io.Pipe() + + var printFunc func(args ...interface{}) + ++ // Determine which log function to use based on the specified log level + switch level { + case TraceLevel: + printFunc = entry.Trace +@@ -48,23 +52,50 @@ func (entry *Entry) WriterLevel(level Level) *io.PipeWriter { + printFunc = entry.Print + } + ++ // Start a new goroutine to scan the input and write it to the logger using the specified print function. ++ // It splits the input into chunks of up to 64KB to avoid buffer overflows. + go entry.writerScanner(reader, printFunc) ++ ++ // Set a finalizer function to close the writer when it is garbage collected + runtime.SetFinalizer(writer, writerFinalizer) + + return writer + } + ++// writerScanner scans the input from the reader and writes it to the logger + func (entry *Entry) writerScanner(reader *io.PipeReader, printFunc func(args ...interface{})) { + scanner := bufio.NewScanner(reader) ++ ++ // Set the buffer size to the maximum token size to avoid buffer overflows ++ scanner.Buffer(make([]byte, bufio.MaxScanTokenSize), bufio.MaxScanTokenSize) ++ ++ // Define a split function to split the input into chunks of up to 64KB ++ chunkSize := 64 * 1024 // 64KB ++ splitFunc := func(data []byte, atEOF bool) (int, []byte, error) { ++ if len(data) > chunkSize { ++ return chunkSize, data[:chunkSize], nil ++ } ++ return 0, nil, nil ++ } ++ ++ //Use the custom split function to split the input ++ scanner.Split(splitFunc) ++ ++ // Scan the input and write it to the logger using the specified print function + for scanner.Scan() { +- printFunc(scanner.Text()) ++ printFunc(strings.TrimRight(scanner.Text(), "\r\n")) + } ++ ++ // If there was an error while scanning the input, log an error + if err := scanner.Err(); err != nil { + entry.Errorf("Error while reading from Writer: %s", err) + } ++ ++ // Close the reader when we are done + reader.Close() + } + ++// WriterFinalizer is a finalizer function that closes then given writer when it is garbage collected + func writerFinalizer(writer *io.PipeWriter) { + writer.Close() + } +-- +2.45.4 + + +From fe01eda79721f43c2dbbe451a51767aee2c1ca22 Mon Sep 17 00:00:00 2001 +From: Chris +Date: Fri, 10 Mar 2023 13:45:41 -0800 +Subject: [PATCH 2/2] Scan text in 64KB chunks + +This commit fixes a potential denial of service +vulnerability in logrus.Writer() that could be +triggered by logging text longer than 64KB +without newlines. Previously, the bufio.Scanner +used by Writer() would hang indefinitely when +reading such text without newlines, causing the +application to become unresponsive. + +Signed-off-by: Azure Linux Security Servicing Account +Upstream-reference: https://github.com/sirupsen/logrus/pull/1376.patch +--- + vendor/github.com/sirupsen/logrus/writer.go | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/vendor/github.com/sirupsen/logrus/writer.go b/vendor/github.com/sirupsen/logrus/writer.go +index 36032d0..7e7703c 100644 +--- a/vendor/github.com/sirupsen/logrus/writer.go ++++ b/vendor/github.com/sirupsen/logrus/writer.go +@@ -75,7 +75,8 @@ func (entry *Entry) writerScanner(reader *io.PipeReader, printFunc func(args ... + if len(data) > chunkSize { + return chunkSize, data[:chunkSize], nil + } +- return 0, nil, nil ++ ++ return len(data), data, nil + } + + //Use the custom split function to split the input +-- +2.45.4 + diff --git a/SPECS/influxdb/influxdb.spec b/SPECS/influxdb/influxdb.spec index 978ebfa3f6a..23a5e689a70 100644 --- a/SPECS/influxdb/influxdb.spec +++ b/SPECS/influxdb/influxdb.spec @@ -18,7 +18,7 @@ Summary: Scalable datastore for metrics, events, and real-time analytics Name: influxdb Version: 2.6.1 -Release: 27%{?dist} +Release: 28%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -64,6 +64,7 @@ Patch5: CVE-2025-27144.patch Patch6: CVE-2025-22870.patch Patch7: CVE-2024-51744.patch Patch8: CVE-2025-10543.patch +Patch9: CVE-2025-65637.patch BuildRequires: clang BuildRequires: golang <= 1.18.8 BuildRequires: kernel-headers @@ -153,6 +154,9 @@ go test ./... %{_tmpfilesdir}/influxdb.conf %changelog +* Fri Dec 26 2025 Azure Linux Security Servicing Account - 2.6.1-28 +- Patch for CVE-2025-65637 + * Mon Dec 22 2025 Jon Slobodzian - 2.6.1-27 - Revert Patch for CVE-2025-65637 as it breaks selftest