From 4205930e66e818504c9ce996942c5f02d15d7d95 Mon Sep 17 00:00:00 2001
From: Azure Linux Security Servicing Account
 <azurelinux-security@microsoft.com>
Date: Sat, 30 May 2026 09:39:53 +0530
Subject: [PATCH 1/3] [AutoPR- Security] Patch rabbitmq-server for
 CVE-2026-8466 [HIGH] (#17452)

(cherry picked from commit 455f6491fde74bde3b9aad9d652d54ac5d3d959d)
---
 SPECS/rabbitmq-server/CVE-2026-8466.patch  | 55 ++++++++++++++++++++++
 SPECS/rabbitmq-server/rabbitmq-server.spec |  9 ++++
 2 files changed, 64 insertions(+)
 create mode 100644 SPECS/rabbitmq-server/CVE-2026-8466.patch

diff --git a/SPECS/rabbitmq-server/CVE-2026-8466.patch b/SPECS/rabbitmq-server/CVE-2026-8466.patch
new file mode 100644
index 00000000000..e4a8b70e115
--- /dev/null
+++ b/SPECS/rabbitmq-server/CVE-2026-8466.patch
@@ -0,0 +1,55 @@
+From fe423c373907c1eee207964c52e73740ea293f05 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Lo=C3=AFc=20Hoguin?= <essen@ninenines.eu>
+Date: Tue, 12 May 2026 12:12:20 +0200
+Subject: [PATCH] Reject multipart header blocks above 2048 bytes
+
+This is a soft limit. If the data is already in the buffer,
+the header block will be parsed normally.
+
+A hardcoded value of 2048 was chosen because it is twice
+larger than the largest expected multipart header blocks.
+
+Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
+Upstream-reference: https://github.com/ninenines/cowboy/commit/5c6a2061b41bb5771c4659fac7d5a822dca5bafb.patch
+---
+ deps/cowboy/src/cowboy_req.erl | 16 ++++++++++++----
+ 1 file changed, 12 insertions(+), 4 deletions(-)
+
+diff --git a/deps/cowboy/src/cowboy_req.erl b/deps/cowboy/src/cowboy_req.erl
+index 3f87677..e910b7f 100644
+--- a/deps/cowboy/src/cowboy_req.erl
++++ b/deps/cowboy/src/cowboy_req.erl
+@@ -611,11 +611,9 @@ read_part(Req, Opts) ->
+ read_part(Buffer, Opts, Req=#{multipart := {Boundary, _}}) ->
+ 	try cow_multipart:parse_headers(Buffer, Boundary) of
+ 		more ->
+-			{Data, Req2} = stream_multipart(Req, Opts, headers),
+-			read_part(<< Buffer/binary, Data/binary >>, Opts, Req2);
++			read_part_more(Buffer, Opts, Req);
+ 		{more, Buffer2} ->
+-			{Data, Req2} = stream_multipart(Req, Opts, headers),
+-			read_part(<< Buffer2/binary, Data/binary >>, Opts, Req2);
++			read_part_more(Buffer2, Opts, Req);
+ 		{ok, Headers0, Rest} ->
+ 			Headers = maps:from_list(Headers0),
+ 			%% Reject multipart content containing duplicate headers.
+@@ -630,6 +628,16 @@ read_part(Buffer, Opts, Req=#{multipart := {Boundary, _}}) ->
+ 		}, Stacktrace)
+ 	end.
+ 
++%% We reject multipart header blocks that are twice the maximum
++%% size of the largest expected multipart header blocks.
++read_part_more(Buffer, _, _) when byte_size(Buffer) > 2048 ->
++	exit({request_error, {multipart, headers},
++		'Malformed body; multipart header block too large.'
++	});
++read_part_more(Buffer, Opts, Req0) ->
++	{Data, Req} = stream_multipart(Req0, Opts, headers),
++	read_part(<<Buffer/binary, Data/binary>>, Opts, Req).
++
+ -spec read_part_body(Req)
+ 	-> {ok, binary(), Req} | {more, binary(), Req}
+ 	when Req::req().
+-- 
+2.45.4
+
diff --git a/SPECS/rabbitmq-server/rabbitmq-server.spec b/SPECS/rabbitmq-server/rabbitmq-server.spec
index d2dd158f21e..088f4a55934 100644
--- a/SPECS/rabbitmq-server/rabbitmq-server.spec
+++ b/SPECS/rabbitmq-server/rabbitmq-server.spec
@@ -11,8 +11,12 @@ URL:            https://rabbitmq.com
 Source0:        https://github.com/rabbitmq/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.xz
 Patch0:			CVE-2025-30219.patch
 Patch1:			CVE-2025-50200.patch
+<<<<<<< HEAD
 Patch2:			CVE-2026-43968.patch
 Patch3:			CVE-2026-7790.patch
+=======
+Patch2:			CVE-2026-8466.patch
+>>>>>>> 455f6491fd ([AutoPR- Security] Patch rabbitmq-server for CVE-2026-8466 [HIGH] (#17452))
 
 BuildRequires:  elixir
 BuildRequires:  erlang
@@ -69,8 +73,13 @@ done
 %{_libdir}/rabbitmq/lib/rabbitmq_server-%{version}/*
 
 %changelog
+<<<<<<< HEAD
 * Fri May 15 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 3.13.7-4
 - Patch for CVE-2026-7790, CVE-2026-43968
+=======
+* Wed May 27 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 3.13.7-4
+- Patch for CVE-2026-8466
+>>>>>>> 455f6491fd ([AutoPR- Security] Patch rabbitmq-server for CVE-2026-8466 [HIGH] (#17452))
 
 * Wed Oct 29 2025 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 3.13.7-3
 - Patch for CVE-2025-50200

From 0dca053b39f0014adbae6810c4f595fd46858814 Mon Sep 17 00:00:00 2001
From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com>
Date: Fri, 29 May 2026 21:16:55 -0700
Subject: [PATCH 2/3] Conflicts resolved by Auto-Cherry Pick for
 SPECS/rabbitmq-server/rabbitmq-server.spec

---
 SPECS/rabbitmq-server/rabbitmq-server.spec | 21 ++++++++-------------
 1 file changed, 8 insertions(+), 13 deletions(-)

diff --git a/SPECS/rabbitmq-server/rabbitmq-server.spec b/SPECS/rabbitmq-server/rabbitmq-server.spec
index 088f4a55934..17c410b057d 100644
--- a/SPECS/rabbitmq-server/rabbitmq-server.spec
+++ b/SPECS/rabbitmq-server/rabbitmq-server.spec
@@ -2,7 +2,7 @@
 Summary:        rabbitmq-server
 Name:           rabbitmq-server
 Version:        3.13.7
-Release:        4%{?dist}
+Release:        5%{?dist}
 License:        Apache-2.0 and MPL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -11,12 +11,9 @@ URL:            https://rabbitmq.com
 Source0:        https://github.com/rabbitmq/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.xz
 Patch0:			CVE-2025-30219.patch
 Patch1:			CVE-2025-50200.patch
-<<<<<<< HEAD
-Patch2:			CVE-2026-43968.patch
-Patch3:			CVE-2026-7790.patch
-=======
 Patch2:			CVE-2026-8466.patch
->>>>>>> 455f6491fd ([AutoPR- Security] Patch rabbitmq-server for CVE-2026-8466 [HIGH] (#17452))
+Patch3:			CVE-2026-43968.patch
+Patch4:			CVE-2026-7790.patch
 
 BuildRequires:  elixir
 BuildRequires:  erlang
@@ -73,16 +70,14 @@ done
 %{_libdir}/rabbitmq/lib/rabbitmq_server-%{version}/*
 
 %changelog
-<<<<<<< HEAD
-* Fri May 15 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 3.13.7-4
-- Patch for CVE-2026-7790, CVE-2026-43968
-=======
+* Sat May 30 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 3.13.7-5
+ - Patch for CVE-2026-7790, CVE-2026-43968
+
 * Wed May 27 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 3.13.7-4
-- Patch for CVE-2026-8466
->>>>>>> 455f6491fd ([AutoPR- Security] Patch rabbitmq-server for CVE-2026-8466 [HIGH] (#17452))
+ - Patch for CVE-2026-8466
 
 * Wed Oct 29 2025 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 3.13.7-3
-- Patch for CVE-2025-50200
+ - Patch for CVE-2025-50200
 
 * Mon Mar 31 2025 Ankita Pareek <ankitapareek@microsoft.com> - 3.13.7-2
 - Address CVE-2025-30219 with a patch

From 7869a2cc7d5745daeeca1ef94b0de6b3b111e66d Mon Sep 17 00:00:00 2001
From: jslobodzian <joslobo@microsoft.com>
Date: Sat, 30 May 2026 09:09:27 -0700
Subject: [PATCH 3/3] Update rabbitmq-server.spec

Fixed indentation issue
---
 SPECS/rabbitmq-server/rabbitmq-server.spec | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/SPECS/rabbitmq-server/rabbitmq-server.spec b/SPECS/rabbitmq-server/rabbitmq-server.spec
index 17c410b057d..3d8898a3a2e 100644
--- a/SPECS/rabbitmq-server/rabbitmq-server.spec
+++ b/SPECS/rabbitmq-server/rabbitmq-server.spec
@@ -71,13 +71,13 @@ done
 
 %changelog
 * Sat May 30 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 3.13.7-5
- - Patch for CVE-2026-7790, CVE-2026-43968
+- Patch for CVE-2026-7790, CVE-2026-43968
 
 * Wed May 27 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 3.13.7-4
- - Patch for CVE-2026-8466
+- Patch for CVE-2026-8466
 
 * Wed Oct 29 2025 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 3.13.7-3
- - Patch for CVE-2025-50200
+- Patch for CVE-2025-50200
 
 * Mon Mar 31 2025 Ankita Pareek <ankitapareek@microsoft.com> - 3.13.7-2
 - Address CVE-2025-30219 with a patch