From 6dd7a992d457c97819af25cefc712786849e0088 Mon Sep 17 00:00:00 2001
From: Azure Linux Security Servicing Account
 <azurelinux-security@microsoft.com>
Date: Sat, 28 Mar 2026 01:15:38 +0530
Subject: [PATCH 1/3] [AutoPR- Security] Patch telegraf for CVE-2026-4645
 [HIGH] (#16322)

(cherry picked from commit e81f959b8d3b490594cf64f6b154e83cca2a309b)
---
 SPECS/telegraf/CVE-2026-4645.patch | 34 ++++++++++++++++++++++++++++++
 SPECS/telegraf/telegraf.spec       | 10 +++++++++
 2 files changed, 44 insertions(+)
 create mode 100644 SPECS/telegraf/CVE-2026-4645.patch

diff --git a/SPECS/telegraf/CVE-2026-4645.patch b/SPECS/telegraf/CVE-2026-4645.patch
new file mode 100644
index 00000000000..10a6e7d4d32
--- /dev/null
+++ b/SPECS/telegraf/CVE-2026-4645.patch
@@ -0,0 +1,34 @@
+From 77ef55ce21fd12b8bd995e1eace449ca6cf8087a Mon Sep 17 00:00:00 2001
+From: zhengchun <zhengchunster@gmail.com>
+Date: Sat, 21 Feb 2026 21:32:17 +0800
+Subject: [PATCH] fix #121
+
+Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
+Upstream-reference: https://github.com/antchfx/xpath/commit/afd4762cc342af56345a3fb4002a59281fcab494.patch
+---
+ vendor/github.com/antchfx/xpath/query.go | 9 ---------
+ 1 file changed, 9 deletions(-)
+
+diff --git a/vendor/github.com/antchfx/xpath/query.go b/vendor/github.com/antchfx/xpath/query.go
+index fe6f4885..14177d2f 100644
+--- a/vendor/github.com/antchfx/xpath/query.go
++++ b/vendor/github.com/antchfx/xpath/query.go
+@@ -965,15 +965,6 @@ type logicalQuery struct {
+ }
+ 
+ func (l *logicalQuery) Select(t iterator) NodeNavigator {
+-	// When a XPath expr is logical expression.
+-	node := t.Current().Copy()
+-	val := l.Evaluate(t)
+-	switch val.(type) {
+-	case bool:
+-		if val.(bool) == true {
+-			return node
+-		}
+-	}
+ 	return nil
+ }
+ 
+-- 
+2.45.4
+
diff --git a/SPECS/telegraf/telegraf.spec b/SPECS/telegraf/telegraf.spec
index 1f768ac0c2a..68d7640f8a0 100644
--- a/SPECS/telegraf/telegraf.spec
+++ b/SPECS/telegraf/telegraf.spec
@@ -31,9 +31,14 @@ Patch16:        CVE-2025-47911.patch
 Patch17:        CVE-2025-58190.patch
 Patch18:        CVE-2026-2303.patch
 Patch19:        CVE-2026-26014.patch
+<<<<<<< HEAD
 # Patch added based on customer request https://microsoft.visualstudio.com/OS/_workitems/edit/61041768
 # Fix was introduced 1.37.2, this patch can be removed once we update to 1.37.2 or later
 Patch20:        cisco_telegraf_bug61041768.patch
+=======
+Patch20:        CVE-2026-4645.patch
+
+>>>>>>> e81f959b8 ([AutoPR- Security] Patch telegraf for CVE-2026-4645 [HIGH] (#16322))
 
 BuildRequires:  golang
 BuildRequires:  systemd-devel
@@ -98,9 +103,14 @@ fi
 %dir %{_sysconfdir}/%{name}/telegraf.d
 
 %changelog
+<<<<<<< HEAD
 * Fri Feb 27 2026 Sindhu Karri <lakarri@microsoft.com> - 1.31.0-16
 - Added patch to fix the issue reported in https://microsoft.visualstudio.com/OS/_workitems/edit/61041768
   Fix in telegraf to support cisco telemetry plugin that collects telemetry data from cisco NXOS switches.
+=======
+* Fri Mar 27 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 1.31.0-16
+- Patch for CVE-2026-4645
+>>>>>>> e81f959b8 ([AutoPR- Security] Patch telegraf for CVE-2026-4645 [HIGH] (#16322))
 
 * Fri Feb 27 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 1.31.0-15
 - Patch for CVE-2026-26014, CVE-2026-2303, CVE-2025-58190, CVE-2025-47911

From 9809bcda4db07d99f4a64ab11908f0d69a571641 Mon Sep 17 00:00:00 2001
From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com>
Date: Fri, 27 Mar 2026 12:53:03 -0700
Subject: [PATCH 2/3] Conflicts resolved by Auto-Cherry Pick for
 SPECS/telegraf/telegraf.spec

---
 SPECS/telegraf/telegraf.spec | 18 ++++++------------
 1 file changed, 6 insertions(+), 12 deletions(-)

diff --git a/SPECS/telegraf/telegraf.spec b/SPECS/telegraf/telegraf.spec
index 68d7640f8a0..6c2d1ae85bc 100644
--- a/SPECS/telegraf/telegraf.spec
+++ b/SPECS/telegraf/telegraf.spec
@@ -1,7 +1,7 @@
 Summary:        agent for collecting, processing, aggregating, and writing metrics.
 Name:           telegraf
 Version:        1.31.0
-Release:        16%{?dist}
+Release:        17%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -31,14 +31,10 @@ Patch16:        CVE-2025-47911.patch
 Patch17:        CVE-2025-58190.patch
 Patch18:        CVE-2026-2303.patch
 Patch19:        CVE-2026-26014.patch
-<<<<<<< HEAD
+Patch20:        CVE-2026-4645.patch
 # Patch added based on customer request https://microsoft.visualstudio.com/OS/_workitems/edit/61041768
 # Fix was introduced 1.37.2, this patch can be removed once we update to 1.37.2 or later
-Patch20:        cisco_telegraf_bug61041768.patch
-=======
-Patch20:        CVE-2026-4645.patch
-
->>>>>>> e81f959b8 ([AutoPR- Security] Patch telegraf for CVE-2026-4645 [HIGH] (#16322))
+Patch21:        cisco_telegraf_bug61041768.patch
 
 BuildRequires:  golang
 BuildRequires:  systemd-devel
@@ -103,17 +99,15 @@ fi
 %dir %{_sysconfdir}/%{name}/telegraf.d
 
 %changelog
-<<<<<<< HEAD
-* Fri Feb 27 2026 Sindhu Karri <lakarri@microsoft.com> - 1.31.0-16
+* Fri Mar 27 2026 Sindhu Karri <lakarri@microsoft.com> - 1.31.0-17
 - Added patch to fix the issue reported in https://microsoft.visualstudio.com/OS/_workitems/edit/61041768
   Fix in telegraf to support cisco telemetry plugin that collects telemetry data from cisco NXOS switches.
-=======
 * Fri Mar 27 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 1.31.0-16
 - Patch for CVE-2026-4645
->>>>>>> e81f959b8 ([AutoPR- Security] Patch telegraf for CVE-2026-4645 [HIGH] (#16322))
-
 * Fri Feb 27 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 1.31.0-15
 - Patch for CVE-2026-26014, CVE-2026-2303, CVE-2025-58190, CVE-2025-47911
+* Fri Feb 27 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 1.31.0-14
+- Patch for CVE-2025-11065
 
 * Fri Feb 27 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 1.31.0-14
 - Patch for CVE-2025-11065

From c7339ffa7f5f9b1b27f2bbc8a1b61429299a4dfe Mon Sep 17 00:00:00 2001
From: jslobodzian <joslobo@microsoft.com>
Date: Mon, 30 Mar 2026 15:48:20 -0400
Subject: [PATCH 3/3] Add patch for Cisco telemetry plugin support

Added a patch to support Cisco telemetry plugin for NXOS switches and fixed an issue reported in a work item.
---
 SPECS/telegraf/telegraf.spec | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/SPECS/telegraf/telegraf.spec b/SPECS/telegraf/telegraf.spec
index 6c2d1ae85bc..d8cdcb61dd8 100644
--- a/SPECS/telegraf/telegraf.spec
+++ b/SPECS/telegraf/telegraf.spec
@@ -102,12 +102,12 @@ fi
 * Fri Mar 27 2026 Sindhu Karri <lakarri@microsoft.com> - 1.31.0-17
 - Added patch to fix the issue reported in https://microsoft.visualstudio.com/OS/_workitems/edit/61041768
   Fix in telegraf to support cisco telemetry plugin that collects telemetry data from cisco NXOS switches.
+  
 * Fri Mar 27 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 1.31.0-16
 - Patch for CVE-2026-4645
+
 * Fri Feb 27 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 1.31.0-15
 - Patch for CVE-2026-26014, CVE-2026-2303, CVE-2025-58190, CVE-2025-47911
-* Fri Feb 27 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 1.31.0-14
-- Patch for CVE-2025-11065
 
 * Fri Feb 27 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 1.31.0-14
 - Patch for CVE-2025-11065