diff mbox series

gnutls: upgrade 3.8.12 -> 3.8.13

Message ID 20260510162450.1988369-1-peter.marko@siemens.com
State Changes Requested
Headers show
Series gnutls: upgrade 3.8.12 -> 3.8.13 | expand

Commit Message

Peter Marko May 10, 2026, 4:24 p.m. UTC 
From: Peter Marko <peter.marko@siemens.com>

Solves CVE-2026-33846, CVE-2026-42009, CVE-2026-33845, CVE-2026-42010,
CVE-2026-3833, CVE-2026-42011, CVE-2026-42012, CVE-2026-42013,
CVE-2026-42014, CVE-2026-5260, CVE-2026-42015, CVE-2026-3832 and
CVE-2026-5419.

Release notes: [1]

Rebase patches and drop patch included in this release.

[1] https://github.com/gnutls/gnutls/blob/3.8.13/NEWS

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 .../gnutls/gnutls/Add-ptest-support.patch     |  4 +-
 meta/recipes-support/gnutls/gnutls/c99.patch  | 41 -------------------
 .../{gnutls_3.8.12.bb => gnutls_3.8.13.bb}    |  3 +-
 3 files changed, 3 insertions(+), 45 deletions(-)
 delete mode 100644 meta/recipes-support/gnutls/gnutls/c99.patch
 rename meta/recipes-support/gnutls/{gnutls_3.8.12.bb => gnutls_3.8.13.bb} (97%)

Comments

Mathieu Dubois-Briand May 11, 2026, 9:14 a.m. UTC | #1 
On Sun May 10, 2026 at 6:24 PM CEST, Peter Marko via lists.openembedded.org wrote:
> From: Peter Marko <peter.marko@siemens.com>
>
> Solves CVE-2026-33846, CVE-2026-42009, CVE-2026-33845, CVE-2026-42010,
> CVE-2026-3833, CVE-2026-42011, CVE-2026-42012, CVE-2026-42013,
> CVE-2026-42014, CVE-2026-5260, CVE-2026-42015, CVE-2026-3832 and
> CVE-2026-5419.
>
> Release notes: [1]
>
> Rebase patches and drop patch included in this release.
>
> [1] https://github.com/gnutls/gnutls/blob/3.8.13/NEWS
>
> Signed-off-by: Peter Marko <peter.marko@siemens.com>
> ---

Hi Peter,

Thanks for the upgrade.

I note some issues on the autobuilder: build issues with musl and ptest
failures.

ERROR: gnutls-3.8.13-r0 do_install_ptest_base: Execution of '/srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/core2-32-poky-linux-musl/gnutls/3.8.13/temp/run.do_install_ptest_base.4034882' failed with exit code 1
...
| /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/core2-32-poky-linux-musl/gnutls/3.8.13/recipe-sysroot-native/usr/bin/i686-poky-linux-musl/i686-poky-linux-musl-ld: mini_dtls_fragments-mini-dtls-fragments.o: in function `split_client_hello':
| /usr/src/debug/gnutls/3.8.13/tests/mini-dtls-fragments.c:429:(.text+0x6c): undefined reference to `rpl_malloc'
| /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/core2-32-poky-linux-musl/gnutls/3.8.13/recipe-sysroot-native/usr/bin/i686-poky-linux-musl/i686-poky-linux-musl-ld: /usr/src/debug/gnutls/3.8.13/tests/mini-dtls-fragments.c:431:(.text+0x8b): undefined reference to `rpl_malloc'
| /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/core2-32-poky-linux-musl/gnutls/3.8.13/recipe-sysroot-native/usr/bin/i686-poky-linux-musl/i686-poky-linux-musl-ld: mini_dtls_fragments-mini-dtls-fragments.o: in function `queue_put_renumbered':
| /usr/src/debug/gnutls/3.8.13/tests/mini-dtls-fragments.c:412:(.text+0x391): undefined reference to `rpl_malloc'
| /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/core2-32-poky-linux-musl/gnutls/3.8.13/recipe-sysroot-native/usr/bin/i686-poky-linux-musl/i686-poky-linux-musl-ld: /usr/src/debug/gnutls/3.8.13/tests/mini-dtls-fragments.c:417:(.text+0x44c): undefined reference to `rpl_free'
| /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/core2-32-poky-linux-musl/gnutls/3.8.13/recipe-sysroot-native/usr/bin/i686-poky-linux-musl/i686-poky-linux-musl-ld: mini_dtls_fragments-mini-dtls-fragments.o: in function `client_push_split_hello':
| /usr/src/debug/gnutls/3.8.13/tests/mini-dtls-fragments.c:472:(.text+0x535): undefined reference to `rpl_free'
| /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/core2-32-poky-linux-musl/gnutls/3.8.13/recipe-sysroot-native/usr/bin/i686-poky-linux-musl/i686-poky-linux-musl-ld: /usr/src/debug/gnutls/3.8.13/tests/mini-dtls-fragments.c:473:(.text+0x541): undefined reference to `rpl_free'
| /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/core2-32-poky-linux-musl/gnutls/3.8.13/recipe-sysroot-native/usr/bin/i686-poky-linux-musl/i686-poky-linux-musl-ld: mini_dtls_fragments-mini-dtls-fragments.o: in function `client_push_split_hello_bad_seq':
| /usr/src/debug/gnutls/3.8.13/tests/mini-dtls-fragments.c:500:(.text+0x629): undefined reference to `rpl_free'
| /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/core2-32-poky-linux-musl/gnutls/3.8.13/recipe-sysroot-native/usr/bin/i686-poky-linux-musl/i686-poky-linux-musl-ld: /usr/src/debug/gnutls/3.8.13/tests/mini-dtls-fragments.c:501:(.text+0x635): undefined reference to `rpl_free'
| /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/core2-32-poky-linux-musl/gnutls/3.8.13/recipe-sysroot-native/usr/bin/i686-poky-linux-musl/i686-poky-linux-musl-ld: mini_dtls_fragments-mini-dtls-fragments.o: in function `client_push_inj0':
| /usr/src/debug/gnutls/3.8.13/tests/mini-dtls-fragments.c:192:(.text+0x139d): undefined reference to `rpl_malloc'
| /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/core2-32-poky-linux-musl/gnutls/3.8.13/recipe-sysroot-native/usr/bin/i686-poky-linux-musl/i686-poky-linux-musl-ld: /usr/src/debug/gnutls/3.8.13/tests/mini-dtls-fragments.c:208:(.text+0x1424): undefined reference to `rpl_free'
| collect2: error: ld returned 1 exit status

https://autobuilder.yoctoproject.org/valkyrie/#/builders/6/builds/3767
https://autobuilder.yoctoproject.org/valkyrie/#/builders/109/builds/391
https://autobuilder.yoctoproject.org/valkyrie/#/builders/110/builds/375

Failed ptests:
{'gnutls': ['key-openssl']}
https://autobuilder.yoctoproject.org/valkyrie/#/builders/73/builds/3652


Can you have a look at the issues?

Thanks,
Mathieu
diff mbox series

Patch

diff --git a/meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch b/meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch
index 398c0464e0..8c867a5a40 100644
--- a/meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch
+++ b/meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch
@@ -29,7 +29,7 @@  diff --git a/configure.ac b/configure.ac
 index 1744813..efb9e34 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -1448,6 +1448,8 @@ AC_SUBST(LIBGNUTLS_CFLAGS)
+@@ -1413,6 +1413,8 @@ AC_SUBST(LIBGNUTLS_CFLAGS)
  
  AM_CONDITIONAL(NEEDS_LIBRT, test "$gnutls_needs_librt" = "yes")
  
@@ -42,7 +42,7 @@  diff --git a/tests/Makefile.am b/tests/Makefile.am
 index 189d068..8430b05 100644
 --- a/tests/Makefile.am
 +++ b/tests/Makefile.am
-@@ -721,6 +721,12 @@ SH_LOG_COMPILER = $(SHELL)
+@@ -745,6 +745,12 @@ SH_LOG_COMPILER = $(SHELL)
  AM_VALGRINDFLAGS = --suppressions=$(srcdir)/suppressions.valgrind
  LOG_COMPILER = $(LOG_VALGRIND)
  
diff --git a/meta/recipes-support/gnutls/gnutls/c99.patch b/meta/recipes-support/gnutls/gnutls/c99.patch
deleted file mode 100644
index 3f41241deb..0000000000
--- a/meta/recipes-support/gnutls/gnutls/c99.patch
+++ /dev/null
@@ -1,41 +0,0 @@ 
-From 203d8f2187bb7f483290e0f8b7b48b152b1d027f Mon Sep 17 00:00:00 2001
-From: Ross Burton <ross.burton@arm.com>
-Date: Thu, 5 Mar 2026 11:33:57 +0000
-Subject: [PATCH] configure: make the C99 detection more resiliant
-
-autoconf 2.73 will default to C23 by default, which means that the >C99
-detection logic in configure.ac will fail because it only handles c11
-and c99.
-
-Instead of adding c23 to the list and then breaking again in the future,
-flip the logic around (as suggested by Zack Weinberg) and check
-explicitly for just c89.
-
-Closes #1806.
-
-Upstream-Status: Backport [https://gitlab.com/gnutls/gnutls/-/merge_requests/2081]
-Signed-off-by: Ross Burton <ross.burton@arm.com>
----
- configure.ac | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 740fb6339..c708d8f5e 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -54,9 +54,9 @@ AC_USE_SYSTEM_EXTENSIONS
- # Require C99 support
- #
- AS_CASE([$ac_prog_cc_stdc],
--  [c11 | c99], [AC_DEFINE([C99_MACROS], 1, [C99 macros are supported])],
--  [AC_MSG_WARN([[Compiler does not support C99. It may not be able to compile the project.]])]
--)
-+  [c89],
-+  [AC_MSG_WARN([[Compiler does not support C99. It may not be able to compile the project.]])],
-+  [AC_DEFINE([C99_MACROS], 1, [C99 macros are supported])])
- 
- AM_CONDITIONAL(CROSS_COMPILING, test "$cross_compiling" = yes)
- 
--- 
-2.43.0
-
diff --git a/meta/recipes-support/gnutls/gnutls_3.8.12.bb b/meta/recipes-support/gnutls/gnutls_3.8.13.bb
similarity index 97%
rename from meta/recipes-support/gnutls/gnutls_3.8.12.bb
rename to meta/recipes-support/gnutls/gnutls_3.8.13.bb
index 8554ab943d..8fadbdc738 100644
--- a/meta/recipes-support/gnutls/gnutls_3.8.12.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.8.13.bb
@@ -23,10 +23,9 @@  SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar
            file://0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch \
            file://run-ptest \
            file://Add-ptest-support.patch \
-           file://c99.patch \
            "
 
-SRC_URI[sha256sum] = "a7b341421bfd459acf7a374ca4af3b9e06608dcd7bd792b2bf470bea012b8e51"
+SRC_URI[sha256sum] = "ffed8ec1bf09c2426d4f14aae377de4753b53e537d685e604e99a8b16ca9c97e"
 
 inherit autotools texinfo pkgconfig gettext lib_package gtk-doc ptest