From 1dd8187b8383cd15c625ae1802b585cb31fa9c61 Mon Sep 17 00:00:00 2001
From: yangxinyu <yangxinyu@nfschina.com>
Date: Wed, 14 May 2025 13:52:41 +0800
Subject: [PATCH] [CVE] fix cve-2025-29481 to #bug20227 fix cve-2025-29481
 Project: TC2024080204 Signed-off-by:yangxinyu <yangxinyu@nfschina.com>

---
 0001-libbpf-1.2.2-fix-cve-2025-29481.patch | 25 ++++++++++++++++++++++
 libbpf.spec                                |  9 ++++++--
 2 files changed, 32 insertions(+), 2 deletions(-)
 create mode 100644 0001-libbpf-1.2.2-fix-cve-2025-29481.patch

diff --git a/0001-libbpf-1.2.2-fix-cve-2025-29481.patch b/0001-libbpf-1.2.2-fix-cve-2025-29481.patch
new file mode 100644
index 0000000..935ee0c
--- /dev/null
+++ b/0001-libbpf-1.2.2-fix-cve-2025-29481.patch
@@ -0,0 +1,25 @@
+From 67934faffffd6c19cba51186ab3515d9331c846c Mon Sep 17 00:00:00 2001
+From: yangxinyu <yangxinyu@nfschina.com>
+Date: Wed, 14 May 2025 13:35:26 +0800
+Subject: [PATCH] fix-cve
+
+---
+ src/libbpf.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/libbpf.c b/src/libbpf.c
+index 1b95c06..36ec2e0 100644
+--- a/src/libbpf.c
++++ b/src/libbpf.c
+@@ -826,7 +826,7 @@ bpf_object__add_programs(struct bpf_object *obj, Elf_Data *sec_data,
+ 			return -LIBBPF_ERRNO__FORMAT;
+ 		}
+ 
+-		if (sec_off + prog_sz > sec_sz) {
++		if (sec_off >= sec_sz || sec_off + prog_sz > sec_sz) {
+ 			pr_warn("sec '%s': program at offset %zu crosses section boundary\n",
+ 				sec_name, sec_off);
+ 			return -LIBBPF_ERRNO__FORMAT;
+-- 
+2.41.0
+
diff --git a/libbpf.spec b/libbpf.spec
index 475c449..66ac73b 100644
--- a/libbpf.spec
+++ b/libbpf.spec
@@ -1,4 +1,4 @@
-%define anolis_release 1
+%define anolis_release 2
 %global libver       1.2.2
 
 Name:           libbpf
@@ -9,6 +9,8 @@ Summary:        Libbpf library
 License:        LGPLv2 or BSD
 URL:            https://github.com/%{name}/%{name}
 Source:         https://github.com/%{name}/%{name}/archive/v%{version}.tar.gz
+#https://github.com/kernel-patches/bpf/commit/ee684de5c1b0
+Patch0001: 0001-libbpf-1.2.2-fix-cve-2025-29481.patch
 BuildRequires:  gcc elfutils-libelf-devel elfutils-devel
 BuildRequires: make
 
@@ -67,7 +69,7 @@ developing applications that use %{name}
     DESTDIR=%{buildroot}
 
 %prep
-%autosetup -n %{name}-%{version}
+%autosetup -p1 -n %{name}-%{version}
 
 %build
 %make_build -C ./src %{make_flags}
@@ -92,6 +94,9 @@ developing applications that use %{name}
 %{_libdir}/%{name}.a
 
 %changelog
+* Wed May 14 2025 yangxinyu <yangxinyu@nfschina.com> - 1.2.2-2
+- fix cve-2025-29481
+
 * Wed Feb 28 2024 mgb01105731 <mgb01105731@alibaba-inc.com> - 1.2.2-1
 - update to 1.2.2
 
-- 
Gitee