Skip to content

Commit 6b27e71

Browse files
akhila-gurujuakhila-guruju
authored
[Medium] Patch azl-compliance for CVE-2025-4574 (#13827)
1 parent b2ef8d0 commit 6b27e71

File tree

2 files changed

+42
-2
lines changed

2 files changed

+42
-2
lines changed

SPECS/azl-compliance/CVE-2025-4574.patch

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
From 0fefd25a35344a596916302b46a2e674ae2c4f1f Mon Sep 17 00:00:00 2001
2+
From: akhila-guruju <[email protected]>
3+
Date: Mon, 19 May 2025 11:23:37 +0000
4+
Subject: [PATCH] Address CVE-2025-4574
5+
6+
Upstream Patch reference: https://github.com/crossbeam-rs/crossbeam/commit/6ec74ecae896df5fc239518b45a1bfd258c9db68
7+
8+
---
9+
azl-compliance/vendor/crossbeam-channel/.cargo-checksum.json | 2 +-
10+
azl-compliance/vendor/crossbeam-channel/src/flavors/list.rs | 2 +-
11+
2 files changed, 2 insertions(+), 2 deletions(-)
12+
13+
diff --git a/azl-compliance/vendor/crossbeam-channel/.cargo-checksum.json b/azl-compliance/vendor/crossbeam-channel/.cargo-checksum.json
14+
index 6784db9..b073176 100644
15+
--- a/azl-compliance/vendor/crossbeam-channel/.cargo-checksum.json
16+
+++ b/azl-compliance/vendor/crossbeam-channel/.cargo-checksum.json
17+
@@ -1 +1 @@
18+
-{"files":{"CHANGELOG.md":"6b520b783f5e0c17c6caa975defb9ed6e0ae1254a6a41a9bcd03d249bc942289","Cargo.lock":"605ed4a922e22b42c8a7b75624dfd55d6f0bc96bf76bbf016b003a2c44ddc29a","Cargo.toml":"0f7a8020ede552c5370c101973e8b77cdf5ce6d41f4b6f7b1420b97491fd1e24","LICENSE-APACHE":"a60eea817514531668d7e00765731449fe14d059d3249e0bc93b36de45f759f2","LICENSE-MIT":"5734ed989dfca1f625b40281ee9f4530f91b2411ec01cb748223e7eb87e201ab","LICENSE-THIRD-PARTY":"b16db96b93b1d7cf7bea533f572091ec6bca3234fbe0a83038be772ff391a44c","README.md":"5dfb91ebb498dec49948a440a53977109ec532388170e567c3c2a0339589aa4c","benches/crossbeam.rs":"96cb1abd23cac3ef8a7174a802e94609926b555bb02c9658c78723d433f1dd92","examples/fibonacci.rs":"4e88fa40048cdc31e9c7bb60347d46f92543d7ddf39cab3b52bfe44affdb6a02","examples/matching.rs":"63c250e164607a7a9f643d46f107bb5da846d49e89cf9069909562d20e530f71","examples/stopwatch.rs":"d02121258f08d56f1eb7997e19bcb9bacb6836cfa0abbba90a9e59d8a50ae5cf","src/channel.rs":"13fbbe12d4ec361855af1c3587fc80aea5f537db8dc44dd4f66c9e2b4ae9f5c1","src/context.rs":"477cc2b7bac7502fd2459288a58cc76f015b1ec8e87b853cda77ccb1808c6334","src/counter.rs":"b8f1e48ec634a7dab8e04c485209161587ecbbd2d57b0825467164d4554c6249","src/err.rs":"44cb2024ee6b0cd6fd24996430e53720769f64b4ac35016bc3e05cb9db48681d","src/flavors/array.rs":"79bc219187c9f40b156b9fe551c1176b66bf73e6d48905b23a2d74c6366a2205","src/flavors/at.rs":"04e07861534f2f7d5b5f884f2f5bc9c008427e6d0afa1c8ad401e1d7e54b57eb","src/flavors/list.rs":"280f55b51cefe9351a52c8d2186de368b688ad06885d083efe7e831726846520","src/flavors/mod.rs":"3d9d43bc38b0adb18c96c995c2bd3421d8e33ab6c30b20c3c467d21d48e485dc","src/flavors/never.rs":"747da857aa1a7601641f23f4930e6ad00ebaf50456d9be5c7aa270e2ecc24dcb","src/flavors/tick.rs":"0916ca3faef30b8cc591137701c456d5fc5b5b49cb1edad1e3a80d35bae222bb","src/flavors/zero.rs":"f9cbc9e035fadce808a4af86a223cfded89990ba1e9acfe731fb17a7fe12b432","src/lib.rs":"5b1c406fd1ce6140feae9000be361858da2aabe7fc9fffd0eafcb88020d2b268","src/select.rs":"7aa8addb82427141b0a4afa16fa4d23a02becab115a0a5a6d6d327728fd0672f","src/select_macro.rs":"522cfc8155825c1f260922c17ea6ef8ae672cf94863750c1a6115db2cbc9fc18","src/utils.rs":"9bd81aeb385a81409a63f4b9edc35444c7fd1d2724725f9c34ad7ca39dd69a18","src/waker.rs":"017f87a120d945502701c0dba79062c7fe55d44e5907cc6f8605b4510c90d529","tests/after.rs":"0154a8e152880db17a20514ecdd49dabc361d3629858d119b9746b5e932c780c","tests/array.rs":"a57ae6264e676f573d7adb5c4b024994e98bc6811352516adb3444f880f7125e","tests/golang.rs":"7b2ef219ba8a21841c133512f3a540f8279a2458304e9bbed7da81d6091ecd82","tests/iter.rs":"25dc02135bbae9d47a30f9047661648e66bdc134e40ba78bc2fbacbb8b3819bc","tests/list.rs":"3d1a4ae23bb6b4767242b8109a8efda26f1d3b28c0f90da3368f8eb9ca0eee37","tests/mpsc.rs":"5fbb5342fa7c9e4bcda5545255e0979dc6b9ba638edee127acf75372c18c925f","tests/never.rs":"ee40c4fc4dd5af4983fae8de6927f52b81174d222c162f745b26c4a6c7108e4f","tests/ready.rs":"4361352fa94254041e6c73e97b13be032c2d51c741f2a50519efe3000cf4dc28","tests/same_channel.rs":"2bab761443671e841e1b2476bd8082d75533a2f6be7946f5dbcee67cdc82dccb","tests/select.rs":"101ea8afd9a40d24c2d2aec29e5f2fdc4faac51aa1d7c9fe077b364f12edd206","tests/select_macro.rs":"4d6d52ad48f385c5b8f5023a590e00e7a4b632e80bd929b6fc89a53f5faee515","tests/thread_locals.rs":"f42fcddca959b3b44cd545b92949d65e33a54332b27f490ec92f9f29b7f8290c","tests/tick.rs":"5f697bd14c48505d932e82065b5302ef668e1cc19cac18e8ac22e0c83c221c1d","tests/zero.rs":"9c5af802d5efb2c711f8242b8905ed29cc2601e48dbd95e41c7e6fbfe2918398"},"package":"33480d6946193aa8033910124896ca395333cae7e2d1113d1fef6c3272217df2"}
19+
\ No newline at end of file
20+
+{"files":{"CHANGELOG.md":"6b520b783f5e0c17c6caa975defb9ed6e0ae1254a6a41a9bcd03d249bc942289","Cargo.lock":"605ed4a922e22b42c8a7b75624dfd55d6f0bc96bf76bbf016b003a2c44ddc29a","Cargo.toml":"0f7a8020ede552c5370c101973e8b77cdf5ce6d41f4b6f7b1420b97491fd1e24","LICENSE-APACHE":"a60eea817514531668d7e00765731449fe14d059d3249e0bc93b36de45f759f2","LICENSE-MIT":"5734ed989dfca1f625b40281ee9f4530f91b2411ec01cb748223e7eb87e201ab","LICENSE-THIRD-PARTY":"b16db96b93b1d7cf7bea533f572091ec6bca3234fbe0a83038be772ff391a44c","README.md":"5dfb91ebb498dec49948a440a53977109ec532388170e567c3c2a0339589aa4c","benches/crossbeam.rs":"96cb1abd23cac3ef8a7174a802e94609926b555bb02c9658c78723d433f1dd92","examples/fibonacci.rs":"4e88fa40048cdc31e9c7bb60347d46f92543d7ddf39cab3b52bfe44affdb6a02","examples/matching.rs":"63c250e164607a7a9f643d46f107bb5da846d49e89cf9069909562d20e530f71","examples/stopwatch.rs":"d02121258f08d56f1eb7997e19bcb9bacb6836cfa0abbba90a9e59d8a50ae5cf","src/channel.rs":"13fbbe12d4ec361855af1c3587fc80aea5f537db8dc44dd4f66c9e2b4ae9f5c1","src/context.rs":"477cc2b7bac7502fd2459288a58cc76f015b1ec8e87b853cda77ccb1808c6334","src/counter.rs":"b8f1e48ec634a7dab8e04c485209161587ecbbd2d57b0825467164d4554c6249","src/err.rs":"44cb2024ee6b0cd6fd24996430e53720769f64b4ac35016bc3e05cb9db48681d","src/flavors/array.rs":"79bc219187c9f40b156b9fe551c1176b66bf73e6d48905b23a2d74c6366a2205","src/flavors/at.rs":"04e07861534f2f7d5b5f884f2f5bc9c008427e6d0afa1c8ad401e1d7e54b57eb","src/flavors/list.rs":"048e31bda49b8d2b7bdbe36cae07065745c69990b6adf73d283b52543429baad","src/flavors/mod.rs":"3d9d43bc38b0adb18c96c995c2bd3421d8e33ab6c30b20c3c467d21d48e485dc","src/flavors/never.rs":"747da857aa1a7601641f23f4930e6ad00ebaf50456d9be5c7aa270e2ecc24dcb","src/flavors/tick.rs":"0916ca3faef30b8cc591137701c456d5fc5b5b49cb1edad1e3a80d35bae222bb","src/flavors/zero.rs":"f9cbc9e035fadce808a4af86a223cfded89990ba1e9acfe731fb17a7fe12b432","src/lib.rs":"5b1c406fd1ce6140feae9000be361858da2aabe7fc9fffd0eafcb88020d2b268","src/select.rs":"7aa8addb82427141b0a4afa16fa4d23a02becab115a0a5a6d6d327728fd0672f","src/select_macro.rs":"522cfc8155825c1f260922c17ea6ef8ae672cf94863750c1a6115db2cbc9fc18","src/utils.rs":"9bd81aeb385a81409a63f4b9edc35444c7fd1d2724725f9c34ad7ca39dd69a18","src/waker.rs":"017f87a120d945502701c0dba79062c7fe55d44e5907cc6f8605b4510c90d529","tests/after.rs":"0154a8e152880db17a20514ecdd49dabc361d3629858d119b9746b5e932c780c","tests/array.rs":"a57ae6264e676f573d7adb5c4b024994e98bc6811352516adb3444f880f7125e","tests/golang.rs":"7b2ef219ba8a21841c133512f3a540f8279a2458304e9bbed7da81d6091ecd82","tests/iter.rs":"25dc02135bbae9d47a30f9047661648e66bdc134e40ba78bc2fbacbb8b3819bc","tests/list.rs":"3d1a4ae23bb6b4767242b8109a8efda26f1d3b28c0f90da3368f8eb9ca0eee37","tests/mpsc.rs":"5fbb5342fa7c9e4bcda5545255e0979dc6b9ba638edee127acf75372c18c925f","tests/never.rs":"ee40c4fc4dd5af4983fae8de6927f52b81174d222c162f745b26c4a6c7108e4f","tests/ready.rs":"4361352fa94254041e6c73e97b13be032c2d51c741f2a50519efe3000cf4dc28","tests/same_channel.rs":"2bab761443671e841e1b2476bd8082d75533a2f6be7946f5dbcee67cdc82dccb","tests/select.rs":"101ea8afd9a40d24c2d2aec29e5f2fdc4faac51aa1d7c9fe077b364f12edd206","tests/select_macro.rs":"4d6d52ad48f385c5b8f5023a590e00e7a4b632e80bd929b6fc89a53f5faee515","tests/thread_locals.rs":"f42fcddca959b3b44cd545b92949d65e33a54332b27f490ec92f9f29b7f8290c","tests/tick.rs":"5f697bd14c48505d932e82065b5302ef668e1cc19cac18e8ac22e0c83c221c1d","tests/zero.rs":"9c5af802d5efb2c711f8242b8905ed29cc2601e48dbd95e41c7e6fbfe2918398"},"package":"33480d6946193aa8033910124896ca395333cae7e2d1113d1fef6c3272217df2"}
21+
diff --git a/azl-compliance/vendor/crossbeam-channel/src/flavors/list.rs b/azl-compliance/vendor/crossbeam-channel/src/flavors/list.rs
22+
index e7fb615..bad76e8 100644
23+
--- a/azl-compliance/vendor/crossbeam-channel/src/flavors/list.rs
24+
+++ b/azl-compliance/vendor/crossbeam-channel/src/flavors/list.rs
25+
@@ -596,7 +596,7 @@ impl<T> Channel<T> {
26+
// In that case, just wait until it gets initialized.
27+
while block.is_null() {
28+
backoff.snooze();
29+
- block = self.head.block.load(Ordering::Acquire);
30+
+ block = self.head.block.swap(ptr::null_mut(), Ordering::AcqRel);
31+
}
32+
}
33+
34+
--
35+
2.45.2
36+

SPECS/azl-compliance/azl-compliance.spec

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,14 @@
11
Summary: Azure Linux compliance package to meet all sorts of compliance rules
22
Name: azl-compliance
33
Version: 1.0.2
4-
Release: 1%{?dist}
4+
Release: 2%{?dist}
55
License: BSD-3-Clause
66
Vendor: Microsoft Corporation
77
Distribution: Mariner
88
Group: System Environment/Base
99
URL: https://aka.ms/mariner
1010
Source0: %{_mariner_sources_url}/%{name}-%{version}.tar.gz
11+
Patch0: CVE-2025-4574.patch
1112
Requires: dnf
1213
Requires: gnutls
1314
Requires: grub2
@@ -21,7 +22,7 @@ BuildRequires: rust
2122
Azure Linux compliance package to configure systems to meet FIPS and FedRAMP compliance.
2223

2324
%prep
24-
%autosetup
25+
%autosetup -p1
2526

2627
%build
2728
cd azl-compliance
@@ -53,6 +54,9 @@ cd azl-compliance
5354
cargo test --release --offline
5455

5556
%changelog
57+
* Mon May 19 2025 Akhila Guruju <[email protected]> - 1.0.2-2
58+
- Patch CVE-2025-4574
59+
5660
* Thu Jun 06 2024 Tobias Brick <[email protected]> 1.0.2-1
5761
- Update to version 1.0.2
5862

0 commit comments

Comments
 (0)