Projetos/rpi-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/gnutls: security bump to version 3.8.10

Browse Source 
Fixes the following security issues:

GNUTLS-SA-2025-07-08-1 CVE-2025-32989
Severity Medium; Heap read buffer overflow

When an X.509 certificate contains an SCT (signed certificate timestamp)
extension and its length field is malformed, the library could read the memory
buffer past the boundary. The issue was reported in the issue tracker as
<https://gitlab.com/gnutls/gnutls/-/issues/1695>.

------------------------------------------------------------------------------

GNUTLS-SA-2025-07-08-2 CVE-2025-32988
Severity Low; Memory corruption on error path

When any error occurs during exporting a certificate with an otherName in the
SAN (subject alternative name) extension, the library could potentially double
free the ASN.1 structure. The issue was reported in the issue tracker as
<https://gitlab.com/gnutls/gnutls/-/issues/1694>.

------------------------------------------------------------------------------

GNUTLS-SA-2025-07-08-3 CVE-2025-32990
Severity Low; Heap write buffer overflow

When the certtool program is invoked with a template file with a number of
string pairs for a single keyword, a NULL pointer could be written past the
memory boundary. The issue was reported in the issue tracker as
<https://gitlab.com/gnutls/gnutls/-/issues/1696>.

------------------------------------------------------------------------------

GNUTLS-SA-2025-07-08-4 CVE-2025-6395
Severity Medium; Denial of service

When a TLS 1.3 handshake involves a Hello Retry Request and the second
Client Hello omits the PSK which was present in the first Client Hello,
the GnuTLS server can dereference a NULL pointer. The issue was reported
in the issue tracker as <https://gitlab.com/gnutls/gnutls/-/issues/1718>.

https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 16d4159d44)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
This commit is contained in:
Peter Korsgaard
2025-08-05 14:49:53 +02:00
committed by Thomas Perale
parent c2a5677a5b
commit 6336592f89
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
package/gnutls/gnutls.hash
View File

@@ -1,6 +1,6 @@
# Locally calculated after checking pgp signature
# https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.9.tar.xz.sig
sha256 69e113d802d1670c4d5ac1b99040b1f2d5c7c05daec5003813c049b5184820ed gnutls-3.8.9.tar.xz
# https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.10.tar.xz.sig
sha256 db7fab7cce791e7727ebbef2334301c821d79a550ec55c9ef096b610b03eb6b7 gnutls-3.8.10.tar.xz
# Locally calculated
sha256 3972dc9744f6499f0f9b2dbf76696f2ae7ad8af9b23dde66d6af86c9dfb36986 COPYING
sha256 20e50fe7aae3e56378ebf0417d9de904f55a0e61e4df315333e632a4d3555d95 COPYING.LESSERv2

2
package/gnutls/gnutls.mk
View File

@@ -6,7 +6,7 @@
# When bumping, make sure *all* --without-libfoo-prefix options are in GNUTLS_CONF_OPTS
GNUTLS_VERSION_MAJOR = 3.8
GNUTLS_VERSION = $(GNUTLS_VERSION_MAJOR).9
GNUTLS_VERSION = $(GNUTLS_VERSION_MAJOR).10
GNUTLS_SOURCE = gnutls-$(GNUTLS_VERSION).tar.xz
GNUTLS_SITE = https://www.gnupg.org/ftp/gcrypt/gnutls/v$(GNUTLS_VERSION_MAJOR)
GNUTLS_LICENSE = LGPL-2.1+ (core library)