2 months ago · 37cd90079b
--- a/meta/recipes-support/gnutls/gnutls/0001-x509-reject-zero-length-version-in-certificate-reque.patch
+++ b/meta/recipes-support/gnutls/gnutls/0001-x509-reject-zero-length-version-in-certificate-reque.patch
@@ -0,0 +1,37 @@
 
				+From 61c0505634a6faacf9fa0723843408aa0d3fb90a Mon Sep 17 00:00:00 2001
			
 
				+From: Andrew Hamilton <adhamilt@gmail.com>
			
 
				+Date: Mon, 7 Jul 2025 10:35:54 +0900
			
 
				+Subject: [PATCH] x509: reject zero-length version in certificate request
			
 
				+
			
 
				+Ensure zero size asn1 values are considered invalid in
			
 
				+gnutls_x509_crq_get_version, this ensures crq version is not used
			
 
				+uninitialized. Spotted by oss-fuzz at:
			
 
				+https://issues.oss-fuzz.com/issues/42536706
			
 
				+
			
 
				+Signed-off-by: Andrew Hamilton <adhamilt@gmail.com>
			
 
				+Signed-off-by: Daiki Ueno <ueno@gnu.org>
			
 
				+
			
 
				+Upstream-Status: Backport [https://gitlab.com/gnutls/gnutls/-/commit/61c0505634a6faacf9fa0723843408aa0d3fb90a]
			
 
				+Signed-off-by: Peter Marko <peter.marko@siemens.com>
			
 
				+---
			
 
				+ lib/x509/crq.c                                    |   7 +++++++
			
 
				+ 1 file changed, 7 insertions(+)
			
 
				+
			
 
				+diff --git a/lib/x509/crq.c b/lib/x509/crq.c
			
 
				+index 19e13623c..9e9801d2b 100644
			
 
				+--- a/lib/x509/crq.c
			
 
				++++ b/lib/x509/crq.c
			
 
				+@@ -635,6 +635,13 @@ int gnutls_x509_crq_get_version(gnutls_x509_crq_t crq)
			
 
				+ 		return _gnutls_asn2err(result);
			
 
				+ 	}
			
 
				+ 
			
 
				++	/* Note that asn1_read_value can return success with */
			
 
				++	/* len set to zero (without setting the data) in some */
			
 
				++	/* conditions. */
			
 
				++	if (unlikely(len <= 0)) {
			
 
				++		return gnutls_assert_val(GNUTLS_E_ASN1_VALUE_NOT_VALID);
			
 
				++	}
			
 
				++
			
 
				+ 	return (int) version[0] + 1;
			
 
				+ }
			
 
				+ 
			
--- a/meta/recipes-support/gnutls/gnutls/3e94dcdff862ef5d6db8b5cc8e59310b5f0cdfe2
+++ b/meta/recipes-support/gnutls/gnutls/3e94dcdff862ef5d6db8b5cc8e59310b5f0cdfe2
--- a/meta/recipes-support/gnutls/gnutls_3.7.4.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.7.4.bb
@@ -33,6 +33,8 @@ SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar
 
				            file://04939b75417cc95b7372c6f208c4bda4579bdc34 \
			
 
				            file://0001-psk-fix-read-buffer-overrun-in-the-pre_shared_key-ex.patch \
			
 
				            file://5477db1bb507a35e8833c758ce344f4b5b246d8e \
			
 
				+           file://0001-x509-reject-zero-length-version-in-certificate-reque.patch \
			
 
				+           file://3e94dcdff862ef5d6db8b5cc8e59310b5f0cdfe2 \
			
 
				            "
			
 
				 
			
 
				 SRC_URI[sha256sum] = "e6adbebcfbc95867de01060d93c789938cf89cc1d1f6ef9ef661890f6217451f"
			
@@ -71,9 +73,10 @@ do_configure:prepend() {
 
				 	done
			
 
				 
			
 
				     # binary files cannot be delivered as diff
			
 
				-    mkdir -p ${S}/fuzz/gnutls_x509_parser_fuzzer.repro/ ${S}/fuzz/gnutls_psk_client_fuzzer.repro/
			
 
				+    mkdir -p ${S}/fuzz/gnutls_x509_parser_fuzzer.repro/ ${S}/fuzz/gnutls_psk_client_fuzzer.repro/ ${S}/fuzz/gnutls_x509_crq_parser_fuzzer.repro/
			
 
				     cp ${WORKDIR}/04939b75417cc95b7372c6f208c4bda4579bdc34 ${S}/fuzz/gnutls_x509_parser_fuzzer.repro/
			
 
				     cp ${WORKDIR}/5477db1bb507a35e8833c758ce344f4b5b246d8e ${S}/fuzz/gnutls_psk_client_fuzzer.repro/
			
 
				+    cp ${WORKDIR}/3e94dcdff862ef5d6db8b5cc8e59310b5f0cdfe2 ${S}/fuzz/gnutls_x509_crq_parser_fuzzer.repro/
			
 
				 }
			
 
				 
			
 
				 PACKAGES =+ "${PN}-openssl ${PN}-xx"