[Medium] Patch nbdkit for CVE-2025-47711 & CVE-2025-47712 (#14098)

Author: AkarshHCL

SPECS/nbdkit/CVE-2025-47711.patch

@@ -0,0 +1,40 @@
+From 474c0df27522beb33db2822e1478bdac946e2cb2 Mon Sep 17 00:00:00 2001
+From: AkarshHCL <v-akarshc@microsoft.com>
+Date: Thu, 19 Jun 2025 12:47:53 +0000
+Subject: [PATCH] Address CVE-2025-47711.patch
+
+Upstream Patch reference:https://gitlab.com/nbdkit/nbdkit/-/commit/c3c1950867ea8d9c2108ff066ed9e78dde3cfc3f
+
+---
+ server/protocol.c | 2 +-
+ tests/Makefile.am | 1 +
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/server/protocol.c b/server/protocol.c
+index d9a5e28..c32fec8 100644
+--- a/server/protocol.c
++++ b/server/protocol.c
+@@ -493,7 +493,7 @@ extents_to_block_descriptors (struct nbdkit_extents *extents,
+       (*nr_blocks)++;
+ 
+       pos += length;
+-      if (pos > offset + count) /* this must be the last block */
++      if (pos >= offset + count) /* this must be the last block */
+         break;
+ 
+       /* If we reach here then we must have consumed this whole
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index 429ba11..dae753f 100644
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -789,6 +789,7 @@ EXTRA_DIST += \
+ 	test-eval.sh \
+ 	test-eval-file.sh \
+ 	test-eval-exports.sh \
++	test-eval-extents.sh \
+ 	test-eval-cache.sh \
+ 	test-eval-dump-plugin.sh \
+ 	test-eval-disconnect.sh \
+-- 
+2.45.2
+

SPECS/nbdkit/CVE-2025-47712.patch

@@ -0,0 +1,50 @@
+From 7718fa6355d6f395d0822e824c943f74750500b4 Mon Sep 17 00:00:00 2001
+From: AkarshHCL <v-akarshc@microsoft.com>
+Date: Tue, 17 Jun 2025 05:45:34 +0000
+Subject: [PATCH] Address  CVE-2025-47712
+
+Upstream Patch reference: https://gitlab.com/nbdkit/nbdkit/-/commit/a486f88d1eea653ea88b0bf8804c4825dab25ec7
+
+---
+ filters/blocksize/blocksize.c | 5 +++--
+ tests/Makefile.am             | 2 ++
+ 2 files changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/filters/blocksize/blocksize.c b/filters/blocksize/blocksize.c
+index 09195ce..e5c8b74 100644
+--- a/filters/blocksize/blocksize.c
++++ b/filters/blocksize/blocksize.c
+@@ -482,8 +482,9 @@ blocksize_extents (nbdkit_next *next,
+     return -1;
+   }
+ 
+-  if (nbdkit_extents_aligned (next, MIN (ROUND_UP (count, h->minblock),
+-                                         h->maxlen),
++  if (nbdkit_extents_aligned (next,
++                              MIN (ROUND_UP ((uint64_t) count, h->minblock),
++                                   h->maxlen),
+                               ROUND_DOWN (offset, h->minblock), flags,
+                               h->minblock, extents2, err) == -1)
+     return -1;
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index 9233c37..429ba11 100644
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -1481,12 +1481,14 @@ test_layers_filter3_la_LIBADD = $(IMPORT_LIBRARY_ON_WINDOWS)
+ TESTS += \
+ 	test-blocksize.sh \
+ 	test-blocksize-extents.sh \
++	test-blocksize-extents-overflow.sh \
+ 	test-blocksize-default.sh \
+ 	test-blocksize-sharding.sh \
+ 	$(NULL)
+ EXTRA_DIST += \
+ 	test-blocksize.sh \
+ 	test-blocksize-extents.sh \
++	test-blocksize-extents-overflow.sh \
+ 	test-blocksize-default.sh \
+ 	test-blocksize-sharding.sh \
+ 	$(NULL)
+-- 
+2.45.2
+

SPECS/nbdkit/nbdkit.spec

@@ -51,14 +51,17 @@ Distribution:   Azure Linux
 
 Name:           nbdkit
 Version:        1.35.3
-Release:        6%{?dist}
+Release:        7%{?dist}
 Summary:        NBD server
 
 License:        BSD
 URL:            https://gitlab.com/nbdkit/nbdkit
 
 Source0:        http://libguestfs.org/download/nbdkit/%{source_directory}/%{name}-%{version}.tar.gz
 
+Patch0:  CVE-2025-47711.patch 
+Patch1:  CVE-2025-47712.patch
+
 BuildRequires: make
 %if 0%{patches_touch_autotools}
 BuildRequires:  autoconf, automake, libtool
@@ -1195,6 +1198,9 @@ export LIBGUESTFS_TRACE=1
 
 
 %changelog
+* Thu Jun 19 2025 Akarsh Chaudhary <v-akarshc@microsoft.com>- 1.35.3-7
+- Patch CVE-2025-47712 ,CVE-2025-47711
+
 * Thu Aug 29 2024 Pawel Winogrodzki <pawelwi@microsoft.com> - 1.35.3-6
 - Fixed test-time dependencies to match correct AZL paths.