open-edge-platform · cheeyanglee · Apr 20, 2026 · Apr 17, 2026
@@ -0,0 +1,105 @@
+From 5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1 Mon Sep 17 00:00:00 2001
+From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
+Date: Wed, 18 Feb 2026 18:04:30 +0900
+Subject: [PATCH] Fix missing iframe->state validations to avoid assertion
+ failure
+
+---
+ lib/nghttp2_session.c | 32 ++++++++++++++++++++++++++++++++
+ 1 file changed, 32 insertions(+)
+
+diff --git a/lib/nghttp2/lib/nghttp2_session.c b/lib/nghttp2/lib/nghttp2_session.c
+index 51ed449..91a3960 100644
+--- a/lib/nghttp2/lib/nghttp2_session.c
++++ b/lib/nghttp2/lib/nghttp2_session.c
+@@ -6027,6 +6027,10 @@ ssize_t nghttp2_session_mem_recv(nghttp2_session *session, const uint8_t *in,
+           return rv;
+         }
+
++        if (iframe->state == NGHTTP2_IB_IGN_ALL) {
++          return (ssize_t)inlen;
++        }
++
+         on_begin_frame_called = 1;
+
+         rv = session_process_headers_frame(session);
+@@ -6393,6 +6397,10 @@ ssize_t nghttp2_session_mem_recv(nghttp2_session *session, const uint8_t *in,
+           if (nghttp2_is_fatal(rv)) {
+             return rv;
+           }
++
++          if (iframe->state == NGHTTP2_IB_IGN_ALL) {
++            return (ssize_t)inlen;
++          }
+         }
+       }
+
+@@ -6649,6 +6657,10 @@ ssize_t nghttp2_session_mem_recv(nghttp2_session *session, const uint8_t *in,
+           return rv;
+         }
+
++        if (iframe->state == NGHTTP2_IB_IGN_ALL) {
++          return (ssize_t)inlen;
++        }
++
+         session_inbound_frame_reset(session);
+
+         break;
+@@ -6952,6 +6964,10 @@ ssize_t nghttp2_session_mem_recv(nghttp2_session *session, const uint8_t *in,
+         if (nghttp2_is_fatal(rv)) {
+           return rv;
+         }
++
++        if (iframe->state == NGHTTP2_IB_IGN_ALL) {
++          return (ssize_t)inlen;
++        }
+       } else {
+         iframe->state = NGHTTP2_IB_IGN_HEADER_BLOCK;
+       }
+@@ -7124,6 +7140,10 @@ ssize_t nghttp2_session_mem_recv(nghttp2_session *session, const uint8_t *in,
+             if (nghttp2_is_fatal(rv)) {
+               return NGHTTP2_ERR_CALLBACK_FAILURE;
+             }
++
++            if (iframe->state == NGHTTP2_IB_IGN_ALL) {
++              return (ssize_t)inlen;
++            }
+           }
+         }
+       }
+@@ -7204,6 +7224,10 @@ ssize_t nghttp2_session_mem_recv(nghttp2_session *session, const uint8_t *in,
+           return rv;
+         }
+
++        if (iframe->state == NGHTTP2_IB_IGN_ALL) {
++          return (ssize_t)inlen;
++        }
++
+         if (rv != 0) {
+           busy = 1;
+
+@@ -7222,6 +7246,10 @@ ssize_t nghttp2_session_mem_recv(nghttp2_session *session, const uint8_t *in,
+         return rv;
+       }
+
++      if (iframe->state == NGHTTP2_IB_IGN_ALL) {
++        return (ssize_t)inlen;
++      }
++
+       session_inbound_frame_reset(session);
+
+       break;
+@@ -7250,6 +7278,10 @@ ssize_t nghttp2_session_mem_recv(nghttp2_session *session, const uint8_t *in,
+         return rv;
+       }
+
++      if (iframe->state == NGHTTP2_IB_IGN_ALL) {
++        return (ssize_t)inlen;
++      }
++
+       session_inbound_frame_reset(session);
+
+       break;
+-- 
+2.34.1
+
@@ -1,7 +1,7 @@
 Summary:        Fast and Lightweight Log processor and forwarder for Linux, BSD and OSX
 Name:           fluent-bit
 Version:        3.1.10
-Release:        4%{?dist}
+Release:        5%{?dist}
 License:        Apache-2.0
 Vendor:         Intel Corporation
 Distribution:   Edge Microvisor Toolkit
@@ -22,6 +22,7 @@ Patch8:         CVE-2025-12970.patch
 Patch9:         CVE-2025-12977.patch
 Patch10:        CVE-2025-12969.patch
 Patch11:        CVE-2025-62408.patch
+Patch12:        CVE-2026-27135.patch
 BuildRequires:  bison
 BuildRequires:  cmake
 BuildRequires:  cyrus-sasl-devel
@@ -191,6 +192,9 @@ install -m 644 %{modulename}.pp %{buildroot}%{_datadir}/selinux/packages/%{modul
 %selinux_modules_uninstall -s %{selinuxtype} %{modulename}
 
 %changelog
+* Fri Apr 17 2026 Basavarajx unniche <basavarajx.unniche@intel.com> - 3.1.10-5
+- Patch for CVE-2026-27135
+
 * Mon Feb 23 2026 Lee Chee Yang <chee.yang.lee@intel.com> - 3.1.10-4
 - merge from Azure Linux 3.0.20260107-3.0
 - Patch for CVE-2025-62408