2 ماه پیش · 5e3b686673
--- a/meta/recipes-support/gnutls/gnutls/0001-psk-fix-read-buffer-overrun-in-the-pre_shared_key-ex.patch
+++ b/meta/recipes-support/gnutls/gnutls/0001-psk-fix-read-buffer-overrun-in-the-pre_shared_key-ex.patch
@@ -0,0 +1,34 @@
 
				+From 208c6478d5c20b9d8a9f0a293e3808aa16ee091f Mon Sep 17 00:00:00 2001
			
 
				+From: Andrew Hamilton <adhamilt@gmail.com>
			
 
				+Date: Mon, 7 Jul 2025 10:31:55 +0900
			
 
				+Subject: [PATCH] psk: fix read buffer overrun in the "pre_shared_key"
			
 
				+ extension
			
 
				+
			
 
				+While processing the "pre_shared_key" extension in TLS 1.3, if there
			
 
				+are certain malformed data in the extension headers, then the code may
			
 
				+read uninitialized memory (2 bytes) beyond the received TLS extension
			
 
				+buffer. Spotted by oss-fuzz at:
			
 
				+https://issues.oss-fuzz.com/issues/42513990
			
 
				+
			
 
				+Signed-off-by: Andrew Hamilton <adhamilt@gmail.com>
			
 
				+Signed-off-by: Daiki Ueno <ueno@gnu.org>
			
 
				+
			
 
				+Upstream-Status: Backport [https://gitlab.com/gnutls/gnutls/-/commit/208c6478d5c20b9d8a9f0a293e3808aa16ee091f]
			
 
				+Signed-off-by: Peter Marko <peter.marko@siemens.com>
			
 
				+---
			
 
				+ lib/ext/pre_shared_key.c                          |   2 ++
			
 
				+ 1 file changed, 2 insertions(+)
			
 
				+
			
 
				+diff --git a/lib/ext/pre_shared_key.c b/lib/ext/pre_shared_key.c
			
 
				+index 51c4891d5..2cb83e670 100644
			
 
				+--- a/lib/ext/pre_shared_key.c
			
 
				++++ b/lib/ext/pre_shared_key.c
			
 
				+@@ -839,6 +839,8 @@ static int _gnutls_psk_recv_params(gnutls_session_t session,
			
 
				+ 
			
 
				+ 	if (session->security_parameters.entity == GNUTLS_CLIENT) {
			
 
				+ 		if (session->internals.hsk_flags & HSK_PSK_KE_MODES_SENT) {
			
 
				++			DECR_LEN(len, 2);
			
 
				++
			
 
				+ 			uint16_t selected_identity = _gnutls_read_uint16(data);
			
 
				+ 
			
 
				+ 			for (i=0;i<sizeof(session->key.binders)/sizeof(session->key.binders[0]);i++) {
			
--- a/meta/recipes-support/gnutls/gnutls/5477db1bb507a35e8833c758ce344f4b5b246d8e
+++ b/meta/recipes-support/gnutls/gnutls/5477db1bb507a35e8833c758ce344f4b5b246d8e
--- a/meta/recipes-support/gnutls/gnutls_3.7.4.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.7.4.bb
@@ -31,6 +31,8 @@ SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar
 
				            file://CVE-2024-12243.patch \
			
 
				            file://CVE-2025-32989.patch \
			
 
				            file://04939b75417cc95b7372c6f208c4bda4579bdc34 \
			
 
				+           file://0001-psk-fix-read-buffer-overrun-in-the-pre_shared_key-ex.patch \
			
 
				+           file://5477db1bb507a35e8833c758ce344f4b5b246d8e \
			
 
				            "
			
 
				 
			
 
				 SRC_URI[sha256sum] = "e6adbebcfbc95867de01060d93c789938cf89cc1d1f6ef9ef661890f6217451f"
			
@@ -69,8 +71,9 @@ do_configure:prepend() {
 
				 	done
			
 
				 
			
 
				     # binary files cannot be delivered as diff
			
 
				-    mkdir -p ${S}/fuzz/gnutls_x509_parser_fuzzer.repro/
			
 
				+    mkdir -p ${S}/fuzz/gnutls_x509_parser_fuzzer.repro/ ${S}/fuzz/gnutls_psk_client_fuzzer.repro/
			
 
				     cp ${WORKDIR}/04939b75417cc95b7372c6f208c4bda4579bdc34 ${S}/fuzz/gnutls_x509_parser_fuzzer.repro/
			
 
				+    cp ${WORKDIR}/5477db1bb507a35e8833c758ce344f4b5b246d8e ${S}/fuzz/gnutls_psk_client_fuzzer.repro/
			
 
				 }
			
 
				 
			
 
				 PACKAGES =+ "${PN}-openssl ${PN}-xx"