[AutoPR- Security] Patch fluent-bit for CVE-2025-12970 [HIGH] (microsoft#15194)

Signed-off-by: Kanishk Bansal <[email protected]>
Co-authored-by: Kanishk Bansal <[email protected]>
Co-authored-by: Kanishk Bansal <[email protected]>
Co-authored-by: jslobodzian <[email protected]>

Author: 4 people

SPECS/fluent-bit/CVE-2025-12970.patch

@@ -0,0 +1,191 @@
+From 8a25d3b24fa4edde3e9cfdb878ce6c2c6e3d7e5b Mon Sep 17 00:00:00 2001
+From: Eduardo Silva <[email protected]>
+Date: Thu, 2 Oct 2025 16:36:54 -0600
+Subject: [PATCH] in_docker: add helper for container name parsing
+
+Signed-off-by: Eduardo Silva <[email protected]>
+Signed-off-by: Azure Linux Security Servicing Account <[email protected]>
+Upstream-reference: https://github.com/fluent/fluent-bit/pull/10972.patch
+---
+ plugins/in_docker/cgroup_v1.c | 32 +----------------------
+ plugins/in_docker/cgroup_v2.c | 32 +----------------------
+ plugins/in_docker/docker.c    | 48 +++++++++++++++++++++++++++++++++++
+ plugins/in_docker/docker.h    |  2 ++
+ 4 files changed, 52 insertions(+), 62 deletions(-)
+
+diff --git a/plugins/in_docker/cgroup_v1.c b/plugins/in_docker/cgroup_v1.c
+index ab40147..86a64b1 100644
+--- a/plugins/in_docker/cgroup_v1.c
++++ b/plugins/in_docker/cgroup_v1.c
+@@ -213,36 +213,6 @@ static char *get_config_file(struct flb_docker *ctx, char *id)
+     return path;
+ }
+ 
+-static char *extract_name(char *line, char *start)
+-{
+-    int skip = 9;
+-    int len = 0;
+-    char *name;
+-    char buff[256];
+-    char *curr;
+-
+-    if (start != NULL) {
+-        curr = start + skip;
+-        while (*curr != '"') {
+-            buff[len++] = *curr;
+-            curr++;
+-        }
+-
+-        if (len > 0) {
+-            name = (char *) flb_calloc(len + 1, sizeof(char));
+-            if (!name) {
+-                flb_errno();
+-                return NULL;
+-            }
+-            memcpy(name, buff, len);
+-
+-            return name;
+-        }
+-    }
+-
+-    return NULL;
+-}
+-
+ static char *get_container_name(struct flb_docker *ctx, char *id)
+ {
+     char *container_name = NULL;
+@@ -266,7 +236,7 @@ static char *get_container_name(struct flb_docker *ctx, char *id)
+     while ((line = read_line(f))) {
+         char *index = strstr(line, DOCKER_NAME_ARG);
+         if (index != NULL) {
+-            container_name = extract_name(line, index);
++            container_name = docker_extract_name(line, index);
+             flb_free(line);
+             break;
+         }
+diff --git a/plugins/in_docker/cgroup_v2.c b/plugins/in_docker/cgroup_v2.c
+index 295483c..301fceb 100644
+--- a/plugins/in_docker/cgroup_v2.c
++++ b/plugins/in_docker/cgroup_v2.c
+@@ -230,36 +230,6 @@ static char *get_config_file(struct flb_docker *ctx, char *id)
+     return path;
+ }
+ 
+-static char *extract_name(char *line, char *start)
+-{
+-    int skip = 9;
+-    int len = 0;
+-    char *name;
+-    char buff[256];
+-    char *curr;
+-
+-    if (start != NULL) {
+-        curr = start + skip;
+-        while (*curr != '"') {
+-            buff[len++] = *curr;
+-            curr++;
+-        }
+-
+-        if (len > 0) {
+-            name = (char *) flb_calloc(len + 1, sizeof(char));
+-            if (!name) {
+-                flb_errno();
+-                return NULL;
+-            }
+-            memcpy(name, buff, len);
+-
+-            return name;
+-        }
+-    }
+-
+-    return NULL;
+-}
+-
+ static char *get_container_name(struct flb_docker *ctx, char *id)
+ {
+     char *container_name = NULL;
+@@ -283,7 +253,7 @@ static char *get_container_name(struct flb_docker *ctx, char *id)
+     while ((line = read_line(f))) {
+         char *index = strstr(line, DOCKER_NAME_ARG);
+         if (index != NULL) {
+-            container_name = extract_name(line, index);
++            container_name = docker_extract_name(line, index);
+             flb_free(line);
+             break;
+         }
+diff --git a/plugins/in_docker/docker.c b/plugins/in_docker/docker.c
+index 2a1389e..5701c68 100644
+--- a/plugins/in_docker/docker.c
++++ b/plugins/in_docker/docker.c
+@@ -29,9 +29,57 @@
+ #include <string.h>
+ #include <stdlib.h>
+ #include <stdint.h>
++#include <ctype.h>
+ 
+ #include "docker.h"
+ 
++char *docker_extract_name(const char *line, const char *start)
++{
++    const char *curr;
++    const char *end;
++    size_t len;
++    char *name;
++
++    if (line == NULL || start == NULL) {
++        return NULL;
++    }
++
++    curr = start + strlen(DOCKER_NAME_ARG);
++    if (*curr != ':') {
++        curr = strchr(curr, ':');
++        if (curr == NULL) {
++            return NULL;
++        }
++    }
++
++    curr++;
++    while (*curr != '\0' && isspace((unsigned char) *curr)) {
++        curr++;
++    }
++
++    if (*curr != '"') {
++        return NULL;
++    }
++
++    curr++;
++    end = strchr(curr, '"');
++    if (end == NULL || end <= curr) {
++        return NULL;
++    }
++
++    len = end - curr;
++    name = flb_malloc(len + 1);
++    if (name == NULL) {
++        flb_errno();
++        return NULL;
++    }
++
++    memcpy(name, curr, len);
++    name[len] = '\0';
++
++    return name;
++}
++
+ static int cb_docker_collect(struct flb_input_instance *i_ins,
+                              struct flb_config *config, void *in_context);
+ 
+diff --git a/plugins/in_docker/docker.h b/plugins/in_docker/docker.h
+index e6f61c1..9a1c9ae 100644
+--- a/plugins/in_docker/docker.h
++++ b/plugins/in_docker/docker.h
+@@ -119,4 +119,6 @@ struct flb_docker {
+ int in_docker_collect(struct flb_input_instance *i_ins,
+                       struct flb_config *config, void *in_context);
+ docker_info *in_docker_init_docker_info(char *id);
++char *docker_extract_name(const char *line, const char *start);
++
+ #endif
+-- 
+2.45.4
+

SPECS/fluent-bit/fluent-bit.signatures.json

@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "fluent-bit-3.1.9.tar.gz": "ac3a3e235e7f8a92d35f10c99f400f0b0571417a92e3c4caa467073733d42547"
+  "fluent-bit-3.1.10.tar.gz": "9ec909e8ce04bc8f3b09862c781956c40da18f60e8ae92b154114b4e20edc5fa"
  }
 }

SPECS/fluent-bit/fluent-bit.spec

@@ -1,7 +1,7 @@
 Summary:        Fast and Lightweight Log processor and forwarder for Linux, BSD and OSX
 Name:           fluent-bit
-Version:        3.1.9
-Release:        6%{?dist}
+Version:        3.1.10
+Release:        2%{?dist}
 License:        Apache-2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -15,6 +15,7 @@ Patch4:         CVE-2024-50609.patch
 Patch5:         CVE-2025-31498.patch
 Patch6:         CVE-2025-54126.patch
 Patch7:         CVE-2025-58749.patch
+Patch8:         CVE-2025-12970.patch
 BuildRequires:  bison
 BuildRequires:  cmake
 BuildRequires:  cyrus-sasl-devel
@@ -89,6 +90,12 @@ Development files for %{name}
 %{_libdir}/fluent-bit/*.so
 
 %changelog
+* Mon Dec 01 2025 Azure Linux Security Servicing Account <[email protected]> - 3.1.10-2
+- Patch for CVE-2025-12970
+
+* Mon Dec 01 2025 Kanishk Bansal <[email protected]> - 3.1.10-1
+- Upgrade to 3.1.10
+
 * Thu Sep 25 2025 Aditya Singh <[email protected]> - 3.1.9-6
 - Patch for CVE-2025-58749
 

cgmanifest.json

@@ -3718,8 +3718,8 @@
         "type": "other",
         "other": {
           "name": "fluent-bit",
-          "version": "3.1.9",
-          "downloadUrl": "https://github.com/fluent/fluent-bit/archive/refs/tags/v3.1.9.tar.gz"
+          "version": "3.1.10",
+          "downloadUrl": "https://github.com/fluent/fluent-bit/archive/refs/tags/v3.1.10.tar.gz"
         }
       }
     },