From 250f6043afeee53e3cd7b3c5d29d1ba380dab769 Mon Sep 17 00:00:00 2001
From: SumitJenaHCL <v-sumitjena@microsoft.com>
Date: Fri, 6 Mar 2026 20:22:35 +0530
Subject: [PATCH] Patch for CVE-2026-2739

---
 SPECS/reaper/CVE-2026-2739.patch | 131 +++++++++++++++++++++++++++++++
 SPECS/reaper/reaper.spec         |   6 +-
 2 files changed, 136 insertions(+), 1 deletion(-)
 create mode 100644 SPECS/reaper/CVE-2026-2739.patch

diff --git a/SPECS/reaper/CVE-2026-2739.patch b/SPECS/reaper/CVE-2026-2739.patch
new file mode 100644
index 00000000000..9d142e38b2f
--- /dev/null
+++ b/SPECS/reaper/CVE-2026-2739.patch
@@ -0,0 +1,131 @@
+From 33df26b5771e824f303a79ec6407409376baa64b Mon Sep 17 00:00:00 2001
+From: Kirill Fomichev <fanatid@ya.ru>
+Date: Wed, 18 Feb 2026 20:38:33 -0500
+Subject: [PATCH] Fix CVE-2026-2739 by Kirill Fomichev
+
+Upstream Patch Reference: https://github.com/indutny/bn.js/commit/33df26b5771e824f303a79ec6407409376baa64b.patch
+---
+ src/ui/node_modules/asn1.js/node_modules/bn.js/lib/bn.js     | 5 +++++
+ src/ui/node_modules/bn.js/lib/bn.js                          | 5 +++++
+ src/ui/node_modules/create-ecdh/node_modules/bn.js/lib/bn.js | 5 +++++
+ .../node_modules/diffie-hellman/node_modules/bn.js/lib/bn.js | 5 +++++
+ src/ui/node_modules/elliptic/node_modules/bn.js/lib/bn.js    | 5 +++++
+ .../node_modules/miller-rabin/node_modules/bn.js/lib/bn.js   | 5 +++++
+ .../node_modules/public-encrypt/node_modules/bn.js/lib/bn.js | 5 +++++
+ 7 files changed, 35 insertions(+)
+
+diff --git a/src/ui/node_modules/asn1.js/node_modules/bn.js/lib/bn.js b/src/ui/node_modules/asn1.js/node_modules/bn.js/lib/bn.js
+index 3a4371ea..f580acf1 100644
+--- a/src/ui/node_modules/asn1.js/node_modules/bn.js/lib/bn.js
++++ b/src/ui/node_modules/asn1.js/node_modules/bn.js/lib/bn.js
+@@ -2128,6 +2128,11 @@
+       this.words[this.length - 1] &= mask;
+     }
+ 
++    if (this.length === 0) {
++      this.words[0] = 0;
++      this.length = 1;
++    }
++
+     return this.strip();
+   };
+ 
+diff --git a/src/ui/node_modules/bn.js/lib/bn.js b/src/ui/node_modules/bn.js/lib/bn.js
+index adecc949..48e0e2e3 100644
+--- a/src/ui/node_modules/bn.js/lib/bn.js
++++ b/src/ui/node_modules/bn.js/lib/bn.js
+@@ -2215,6 +2215,11 @@
+       this.words[this.length - 1] &= mask;
+     }
+ 
++    if (this.length === 0) {
++      this.words[0] = 0;
++      this.length = 1;
++    }
++    
+     return this._strip();
+   };
+ 
+diff --git a/src/ui/node_modules/create-ecdh/node_modules/bn.js/lib/bn.js b/src/ui/node_modules/create-ecdh/node_modules/bn.js/lib/bn.js
+index 3a4371ea..04349f6d 100644
+--- a/src/ui/node_modules/create-ecdh/node_modules/bn.js/lib/bn.js
++++ b/src/ui/node_modules/create-ecdh/node_modules/bn.js/lib/bn.js
+@@ -2128,6 +2128,11 @@
+       this.words[this.length - 1] &= mask;
+     }
+ 
++    if (this.length === 0) {
++      this.words[0] = 0;
++      this.length = 1;
++    }
++    
+     return this.strip();
+   };
+ 
+diff --git a/src/ui/node_modules/diffie-hellman/node_modules/bn.js/lib/bn.js b/src/ui/node_modules/diffie-hellman/node_modules/bn.js/lib/bn.js
+index 3a4371ea..04349f6d 100644
+--- a/src/ui/node_modules/diffie-hellman/node_modules/bn.js/lib/bn.js
++++ b/src/ui/node_modules/diffie-hellman/node_modules/bn.js/lib/bn.js
+@@ -2128,6 +2128,11 @@
+       this.words[this.length - 1] &= mask;
+     }
+ 
++    if (this.length === 0) {
++      this.words[0] = 0;
++      this.length = 1;
++    }
++    
+     return this.strip();
+   };
+ 
+diff --git a/src/ui/node_modules/elliptic/node_modules/bn.js/lib/bn.js b/src/ui/node_modules/elliptic/node_modules/bn.js/lib/bn.js
+index 3a4371ea..04349f6d 100644
+--- a/src/ui/node_modules/elliptic/node_modules/bn.js/lib/bn.js
++++ b/src/ui/node_modules/elliptic/node_modules/bn.js/lib/bn.js
+@@ -2128,6 +2128,11 @@
+       this.words[this.length - 1] &= mask;
+     }
+ 
++    if (this.length === 0) {
++      this.words[0] = 0;
++      this.length = 1;
++    }
++    
+     return this.strip();
+   };
+ 
+diff --git a/src/ui/node_modules/miller-rabin/node_modules/bn.js/lib/bn.js b/src/ui/node_modules/miller-rabin/node_modules/bn.js/lib/bn.js
+index 3a4371ea..04349f6d 100644
+--- a/src/ui/node_modules/miller-rabin/node_modules/bn.js/lib/bn.js
++++ b/src/ui/node_modules/miller-rabin/node_modules/bn.js/lib/bn.js
+@@ -2128,6 +2128,11 @@
+       this.words[this.length - 1] &= mask;
+     }
+ 
++    if (this.length === 0) {
++      this.words[0] = 0;
++      this.length = 1;
++    }
++    
+     return this.strip();
+   };
+ 
+diff --git a/src/ui/node_modules/public-encrypt/node_modules/bn.js/lib/bn.js b/src/ui/node_modules/public-encrypt/node_modules/bn.js/lib/bn.js
+index 3a4371ea..04349f6d 100644
+--- a/src/ui/node_modules/public-encrypt/node_modules/bn.js/lib/bn.js
++++ b/src/ui/node_modules/public-encrypt/node_modules/bn.js/lib/bn.js
+@@ -2128,6 +2128,11 @@
+       this.words[this.length - 1] &= mask;
+     }
+ 
++    if (this.length === 0) {
++      this.words[0] = 0;
++      this.length = 1;
++    }
++    
+     return this.strip();
+   };
+ 
+-- 
+2.45.4
+
diff --git a/SPECS/reaper/reaper.spec b/SPECS/reaper/reaper.spec
index 916ba57580c..2bde0bd8aa7 100755
--- a/SPECS/reaper/reaper.spec
+++ b/SPECS/reaper/reaper.spec
@@ -6,7 +6,7 @@
 Summary:        Reaper for cassandra is a tool for running Apache Cassandra repairs against single or multi-site clusters.
 Name:           reaper
 Version:        3.1.1
-Release:        22%{?dist}
+Release:        23%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -57,6 +57,7 @@ Patch21:        CVE-2025-12816.patch
 Patch22:        CVE-2025-66031.patch
 Patch23:        CVE-2025-66030.patch
 Patch24:        CVE-2024-6485.patch
+Patch25:        CVE-2026-2739.patch
 
 BuildRequires:  git
 BuildRequires:  javapackages-tools
@@ -205,6 +206,9 @@ fi
 %{_unitdir}/cassandra-%{name}.service
 
 %changelog
+* Fri Mar 06 2026 Sumit Jena <v-sumitjena@microsoft.com> - 3.1.1-23
+- Patch CVE-2026-2739
+
 * Tue Dec 09 2025 Akhila Guruju <v-guakhila@microsoft.com> - 3.1.1-22
 - Patch CVE-2024-6485