Skip to content

Commit 685b1cf

Browse files
azurelinux-securityazurelinux-security
authored
[AutoPR- Security] Patch terraform for CVE-2026-4645 [HIGH] (#16320)
1 parent 64f5398 commit 685b1cf

File tree

2 files changed

+39
-1
lines changed

2 files changed

+39
-1
lines changed

SPECS/terraform/CVE-2026-4645.patch

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,34 @@
1+
From 23302c7c2835c78efa0d218d66a0e2aa1f6a9a02 Mon Sep 17 00:00:00 2001
2+
From: zhengchun <zhengchunster@gmail.com>
3+
Date: Sat, 21 Feb 2026 21:32:17 +0800
4+
Subject: [PATCH] fix #121
5+
6+
Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
7+
Upstream-reference: https://github.com/antchfx/xpath/commit/afd4762cc342af56345a3fb4002a59281fcab494.patch
8+
---
9+
vendor/github.com/antchfx/xpath/query.go | 9 ---------
10+
1 file changed, 9 deletions(-)
11+
12+
diff --git a/vendor/github.com/antchfx/xpath/query.go b/vendor/github.com/antchfx/xpath/query.go
13+
index 47f8076..61cdaa2 100644
14+
--- a/vendor/github.com/antchfx/xpath/query.go
15+
+++ b/vendor/github.com/antchfx/xpath/query.go
16+
@@ -677,15 +677,6 @@ type logicalQuery struct {
17+
}
18+
19+
func (l *logicalQuery) Select(t iterator) NodeNavigator {
20+
- // When a XPath expr is logical expression.
21+
- node := t.Current().Copy()
22+
- val := l.Evaluate(t)
23+
- switch val.(type) {
24+
- case bool:
25+
- if val.(bool) == true {
26+
- return node
27+
- }
28+
- }
29+
return nil
30+
}
31+
32+
--
33+
2.45.4
34+

SPECS/terraform/terraform.spec

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
Summary: Infrastructure as code deployment management tool
22
Name: terraform
33
Version: 1.3.2
4-
Release: 29%{?dist}
4+
Release: 30%{?dist}
55
License: MPLv2.0
66
Vendor: Microsoft Corporation
77
Distribution: Mariner
@@ -42,6 +42,7 @@ Patch11: CVE-2023-48795.patch
4242
Patch12: CVE-2025-58058.patch
4343
Patch13: CVE-2025-11065.patch
4444
Patch14: CVE-2025-47911.patch
45+
Patch15: CVE-2026-4645.patch
4546

4647
%global debug_package %{nil}
4748
%define our_gopath %{_topdir}/.gopath
@@ -72,6 +73,9 @@ install -p -m 755 -t %{buildroot}%{_bindir} ./terraform
7273
%{_bindir}/terraform
7374

7475
%changelog
76+
* Fri Mar 27 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 1.3.2-30
77+
- Patch for CVE-2026-4645
78+
7579
* Wed Feb 18 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 1.3.2-29
7680
- Patch for CVE-2025-47911
7781

0 commit comments

Comments
 (0)