Hi Anuj, I didn't checked after applying patch if the crash went away or not.
Thanks, Best Regards, Ranjitsinh Rathod Technical Leader | | KPIT Technologies Ltd. Cellphone: +91-84606 92403 __________________________________________ KPIT<http://www.kpit.com/> | Follow us on LinkedIn<http://www.kpit.com/linkedin> [cid:b5864a47-0d77-4ed4-88b7-4211465b5226]<https://www.kpit.com/TheNewBrand> ________________________________ From: openembedded-core@lists.openembedded.org <openembedded-core@lists.openembedded.org> on behalf of Anuj Mittal via lists.openembedded.org <anuj.mittal=intel....@lists.openembedded.org> Sent: Friday, February 23, 2024 2:21 PM To: ranjitsinhrathod1...@gmail.com <ranjitsinhrathod1...@gmail.com>; openembedded-core@lists.openembedded.org <openembedded-core@lists.openembedded.org> Cc: Ranjitsinh Rathod <ranjitsinh.rat...@kpit.com> Subject: Re: [OE-Core][dunfell][PATCH] gnutls: Backport of CVE-2024-0567 Caution: This email originated from outside of the KPIT. Do not click links or open attachments unless you recognize the sender and know the content is safe. Hi On Fri, 2024-02-23 at 13:42 +0530, Ranjitsinh Rathod wrote: > From: Ranjitsinh Rathod <ranjitsinh.rat...@kpit.com> > > A vulnerability was found in GnuTLS, where a cockpit (which uses > gnuTLS) > rejects a certificate chain with distributed trust. This issue occurs > when validating a certificate chain with cockpit-certificate-ensure. > This flaw allows an unauthenticated, remote client or attacker to > initiate a denial of service attack. > > Link: > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2024-0567&data=05%7C02%7Cranjitsinh.rathod%40kpit.com%7C3469f6cc73444e4b431508dc344ca848%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C638442751081633877%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=joGRSbtXT4Vqw3ElPAMUGhl0Cib%2FJaFZmyjBOunskuY%3D&reserved=0<https://nvd.nist.gov/vuln/detail/CVE-2024-0567> > Link: > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitlab.com%2Fgnutls%2Fgnutls%2F-%2Fissues%2F1521&data=05%7C02%7Cranjitsinh.rathod%40kpit.com%7C3469f6cc73444e4b431508dc344ca848%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C638442751081640347%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=cdib7a%2F6vvTJrC9Yf190DawOxodPO%2FysRQ%2FaRJI9b90%3D&reserved=0<https://gitlab.com/gnutls/gnutls/-/issues/1521> Did you check whether the reproducer in this issue crashes for this version of GnuTLS as well and gets fixed after applying this modified patch? The code looks different so it'd be good to check if you haven't already. It doesn't seem to be reproducible in 3.6.13 for Ubuntu: https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fubuntu.com%2Fsecurity%2FCVE-2024-0567&data=05%7C02%7Cranjitsinh.rathod%40kpit.com%7C3469f6cc73444e4b431508dc344ca848%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C638442751081643577%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=OpxR0vIp%2B6sSpGm76IluOr%2FMELATaaM391d8cN1tukc%3D&reserved=0<https://ubuntu.com/security/CVE-2024-0567> Thanks, Anuj > Link: > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitlab.com%2Fgnutls%2Fgnutls%2F-%2Fcommit%2F9edbdaa84e38b1bfb53a7d72c1de44f8de373405&data=05%7C02%7Cranjitsinh.rathod%40kpit.com%7C3469f6cc73444e4b431508dc344ca848%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C638442751081646751%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=7YDtrJZ2GMG7YwOZ78BPAYJiEn5QfVhjQIPo2lsR5PI%3D&reserved=0<https://gitlab.com/gnutls/gnutls/-/commit/9edbdaa84e38b1bfb53a7d72c1de44f8de373405> > > Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rat...@kpit.com> > Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1...@gmail.com> > --- > .../gnutls/gnutls/CVE-2024-0567.patch | 190 > ++++++++++++++++++ > meta/recipes-support/gnutls/gnutls_3.6.14.bb | 1 + > 2 files changed, 191 insertions(+) > create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2024- > 0567.patch > > diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2024-0567.patch > b/meta/recipes-support/gnutls/gnutls/CVE-2024-0567.patch > new file mode 100644 > index 0000000000..1580cab277 > --- /dev/null > +++ b/meta/recipes-support/gnutls/gnutls/CVE-2024-0567.patch > @@ -0,0 +1,190 @@ > +From 9edbdaa84e38b1bfb53a7d72c1de44f8de373405 Mon Sep 17 00:00:00 > 2001 > +From: Daiki Ueno <u...@gnu.org> > +Date: Thu, 11 Jan 2024 15:45:11 +0900 > +Subject: [PATCH] x509: detect loop in certificate chain > +MIME-Version: 1.0 > +Content-Type: text/plain; charset=UTF-8 > +Content-Transfer-Encoding: 8bit > + > +There can be a loop in a certificate chain, when multiple CA > +certificates are cross-signed with each other, such as A → B, B → C, > +and C → A. Previously, the verification logic was not capable of > +handling this scenario while sorting the certificates in the chain > in > +_gnutls_sort_clist, resulting in an assertion failure. This patch > +properly detects such loop and aborts further processing in a > graceful > +manner. > + > +Signed-off-by: Daiki Ueno <u...@gnu.org> > + > +CVE: CVE-2024-0567 > +Upstream-Status: Backport > [https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitlab.com%2Fgnutls%2Fgnutls%2F-%2Fcommit%2F9edbdaa84e38b1bfb53a7d72c1&data=05%7C02%7Cranjitsinh.rathod%40kpit.com%7C3469f6cc73444e4b431508dc344ca848%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C638442751081650067%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=u6syQB%2FfLBsYLfq8M3UZjx0sQOK7YSYYhob%2FjtY7WFA%3D&reserved=0 > de44f8de373405] > +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rat...@kpit.com> > +Comment: Hunks refreshed to fix error during backporting this patch > + > +--- > + lib/x509/common.c | 4 ++ > + tests/test-chains.h | 125 > ++++++++++++++++++++++++++++++++++++++++++++ > + 2 files changed, 129 insertions(+) > + > +diff --git a/lib/x509/common.c b/lib/x509/common.c > +index 861cace4c8..d749a062cd 100644 > +--- a/lib/x509/common.c > ++++ b/lib/x509/common.c > +@@ -1761,6 +1761,11 @@ gnutls_x509_crt_t *_gnutls_sort_clist(gn > + *clist_size = i; > + break; > + } > ++ > ++ if (insorted[prev]) { /* loop detected */ > ++ break; > ++ } > ++ > + sorted[i] = clist[prev]; > + insorted[prev] = 1; > + } > +diff --git a/tests/test-chains.h b/tests/test-chains.h > +index 9ce23764da..3e559fecd5 100644 > +--- a/tests/test-chains.h > ++++ b/tests/test-chains.h > +@@ -4106,6 +4106,129 @@ static const char *superseding_ca[] = { > + NULL > + }; > + > ++static const char *cross_signed[] = { > ++ /* server (signed by A1) */ > ++ "-----BEGIN CERTIFICATE-----\n" > ++ "MIIBqDCCAVqgAwIBAgIUejlil+8DBffazcnMNwyOOP6yCCowBQYDK2VwMBo > xGDAW\n" > ++ "BgNVBAMTD0ludGVybWVkaWF0ZSBBMTAgFw0yNDAxMTEwNjI3MjJaGA85OTk > 5MTIz\n" > ++ "MTIzNTk1OVowNzEbMBkGA1UEChMSR251VExTIHRlc3Qgc2VydmVyMRgwFgY > DVQQD\n" > ++ "Ew90ZXN0LmdudXRscy5vcmcwKjAFBgMrZXADIQA1ZVS0PcNeTPQMZ+FuVz8 > 2AHrj\n" > ++ "qL5hWEpCDgpG4M4fxaOBkjCBjzAMBgNVHRMBAf8EAjAAMBoGA1UdEQQTMBG > CD3Rl\n" > ++ "c3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAOBgNVHQ8BAf8 > EBAMC\n" > ++ "B4AwHQYDVR0OBBYEFGtEUv+JSt+zPoO3lu0IiObZVoiNMB8GA1UdIwQYMBa > AFPnY\n" > ++ "v6Pw0IvKSqIlb6ewHyEAmTA3MAUGAytlcANBAAS2lyc87kH/aOvNKzPjqDw > UYxPA\n" > ++ "CfYjyaKea2d0DZLBM5+Bjnj/4aWwTKgVTJzWhLJcLtaSdVHrXqjr9NhEhQ0 > =\n" > ++ "-----END CERTIFICATE-----\n", > ++ /* A1 (signed by A) */ > ++ "-----BEGIN CERTIFICATE-----\n" > ++ "MIIBUjCCAQSgAwIBAgIUe/R+NVp04e74ySw2qgI6KZgFR20wBQYDK2VwMBE > xDzAN\n" > ++ "BgNVBAMTBlJvb3QgQTAgFw0yNDAxMTEwNjI1MDFaGA85OTk5MTIzMTIzNTk > 1OVow\n" > ++ "GjEYMBYGA1UEAxMPSW50ZXJtZWRpYXRlIEExMCowBQYDK2VwAyEAlkTNqwz > 973sy\n" > ++ "u3whMjSiUMs77CZu5YA7Gi5KcakExrKjYzBhMA8GA1UdEwEB/wQFMAMBAf8 > wDgYD\n" > ++ "VR0PAQH/BAQDAgIEMB0GA1UdDgQWBBT52L+j8NCLykqiJW+nsB8hAJkwNzA > fBgNV\n" > ++ "HSMEGDAWgBRbYgOkRGsd3Z74+CauX4htzLg0lzAFBgMrZXADQQBM0NBaFVP > d3cTJ\n" > ++ "DSaZNT34fsHuJk4eagpn8mBxKQpghq4s8Ap+nYtp2KiXjcizss53PeLXVnk > fyLi0\n" > ++ "TLVBHvUJ\n" > ++ "-----END CERTIFICATE-----\n", > ++ /* A (signed by B) */ > ++ "-----BEGIN CERTIFICATE-----\n" > ++ "MIIBSDCB+6ADAgECAhQtdJpg+qlPcLoRW8iiztJUD4xNvDAFBgMrZXAwETE > PMA0G\n" > ++ "A1UEAxMGUm9vdCBCMCAXDTI0MDExMTA2MTk1OVoYDzk5OTkxMjMxMjM1OTU > 5WjAR\n" > ++ "MQ8wDQYDVQQDEwZSb290IEEwKjAFBgMrZXADIQA0vDYyg3tgotSETL1Wq2h > Bs32p\n" > ++ "WbnINkmOSNmOiZlGHKNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8 > EBAMC\n" > ++ "AgQwHQYDVR0OBBYEFFtiA6REax3dnvj4Jq5fiG3MuDSXMB8GA1UdIwQYMBa > AFJFA\n" > ++ "s2rg6j8w9AKItRnOOOjG2FG6MAUGAytlcANBAPv674p9ek5GjRcRfVQhgN+ > kQlHU\n" > ++ "u774wL3Vx3fWA1E7+WchdMzcHrPoa5OKtKmxjIKUTO4SeDZL/AVpvulrWwk > =\n" > ++ "-----END CERTIFICATE-----\n", > ++ /* A (signed by C) */ > ++ "-----BEGIN CERTIFICATE-----\n" > ++ "MIIBSDCB+6ADAgECAhReNpCiVn7eFDUox3mvM5qE942AVzAFBgMrZXAwETE > PMA0G\n" > ++ "A1UEAxMGUm9vdCBDMCAXDTI0MDExMTA2MjEyMVoYDzk5OTkxMjMxMjM1OTU > 5WjAR\n" > ++ "MQ8wDQYDVQQDEwZSb290IEIwKjAFBgMrZXADIQAYX92hS97OGKbMzwrD7Re > VifwM\n" > ++ "3iz5tnfQHWQSkvvYMKNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8 > EBAMC\n" > ++ "AgQwHQYDVR0OBBYEFJFAs2rg6j8w9AKItRnOOOjG2FG6MB8GA1UdIwQYMBa > AFEh/\n" > ++ "XKjIuMeEavX5QVoy39Q+GhnwMAUGAytlcANBAIwghH3gelXty8qtoTGIEJb > 0+EBv\n" > ++ "BH4YOUh7TamxjxkjvvIhDA7ZdheofFb7NrklJco7KBcTATUSOvxakYRP9Q8 > =\n" > ++ "-----END CERTIFICATE-----\n", > ++ /* B1 (signed by B) */ > ++ "-----BEGIN CERTIFICATE-----\n" > ++ "MIIBUjCCAQSgAwIBAgIUfpmrVDc1XBA5/7QYMyGBuB9mTtUwBQYDK2VwMBE > xDzAN\n" > ++ "BgNVBAMTBlJvb3QgQjAgFw0yNDAxMTEwNjI1MjdaGA85OTk5MTIzMTIzNTk > 1OVow\n" > ++ "GjEYMBYGA1UEAxMPSW50ZXJtZWRpYXRlIEIxMCowBQYDK2VwAyEAh6ZTuJW > sweVB\n" > ++ "a5fsye5iq89kWDC2Y/Hlc0htLmjzMP+jYzBhMA8GA1UdEwEB/wQFMAMBAf8 > wDgYD\n" > ++ "VR0PAQH/BAQDAgIEMB0GA1UdDgQWBBTMQu37PKyLjKfPODZgxYCaayff+jA > fBgNV\n" > ++ "HSMEGDAWgBSRQLNq4Oo/MPQCiLUZzjjoxthRujAFBgMrZXADQQBblmguY+l > nYvOK\n" > ++ "rAZJnqpEUGfm1tIFyu3rnlE7WOVcXRXMIoNApLH2iHIipQjlvNWuSBFBTC1 > qdewh\n" > ++ "/e+0cgQB\n" > ++ "-----END CERTIFICATE-----\n", > ++ /* B (signed by A) */ > ++ "-----BEGIN CERTIFICATE-----\n" > ++ "MIIBSDCB+6ADAgECAhRpEm+dWNX6DMZh/nottkFfFFrXXDAFBgMrZXAwETE > PMA0G\n" > ++ "A1UEAxMGUm9vdCBBMCAXDTI0MDExMTA2MTcyNloYDzk5OTkxMjMxMjM1OTU > 5WjAR\n" > ++ "MQ8wDQYDVQQDEwZSb290IEIwKjAFBgMrZXADIQAYX92hS97OGKbMzwrD7Re > VifwM\n" > ++ "3iz5tnfQHWQSkvvYMKNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8 > EBAMC\n" > ++ "AgQwHQYDVR0OBBYEFJFAs2rg6j8w9AKItRnOOOjG2FG6MB8GA1UdIwQYMBa > AFFti\n" > ++ "A6REax3dnvj4Jq5fiG3MuDSXMAUGAytlcANBAFvmcK3Ida5ViVYDzxKVLPc > PsCHe\n" > ++ "3hxz99lBrerJC9iJSvRYTJoPBvjTxDYnBn5EFrQYMrUED+6i71lmGXNU9gs > =\n" > ++ "-----END CERTIFICATE-----\n", > ++ /* B (signed by C) */ > ++ "-----BEGIN CERTIFICATE-----\n" > ++ "MIIBSDCB+6ADAgECAhReNpCiVn7eFDUox3mvM5qE942AVzAFBgMrZXAwETE > PMA0G\n" > ++ "A1UEAxMGUm9vdCBDMCAXDTI0MDExMTA2MjEyMVoYDzk5OTkxMjMxMjM1OTU > 5WjAR\n" > ++ "MQ8wDQYDVQQDEwZSb290IEIwKjAFBgMrZXADIQAYX92hS97OGKbMzwrD7Re > VifwM\n" > ++ "3iz5tnfQHWQSkvvYMKNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8 > EBAMC\n" > ++ "AgQwHQYDVR0OBBYEFJFAs2rg6j8w9AKItRnOOOjG2FG6MB8GA1UdIwQYMBa > AFEh/\n" > ++ "XKjIuMeEavX5QVoy39Q+GhnwMAUGAytlcANBAIwghH3gelXty8qtoTGIEJb > 0+EBv\n" > ++ "BH4YOUh7TamxjxkjvvIhDA7ZdheofFb7NrklJco7KBcTATUSOvxakYRP9Q8 > =\n" > ++ "-----END CERTIFICATE-----\n", > ++ /* C1 (signed by C) */ > ++ "-----BEGIN CERTIFICATE-----\n" > ++ "MIIBUjCCAQSgAwIBAgIUSKsfY1wD3eD2VmaaK1wt5naPckMwBQYDK2VwMBE > xDzAN\n" > ++ "BgNVBAMTBlJvb3QgQzAgFw0yNDAxMTEwNjI1NDdaGA85OTk5MTIzMTIzNTk > 1OVow\n" > ++ "GjEYMBYGA1UEAxMPSW50ZXJtZWRpYXRlIEMxMCowBQYDK2VwAyEA/t7i1ch > ZlKkV\n" > ++ "qxJOrmmyATn8XnpK+nV/iT4OMHSHfAyjYzBhMA8GA1UdEwEB/wQFMAMBAf8 > wDgYD\n" > ++ "VR0PAQH/BAQDAgIEMB0GA1UdDgQWBBRmpF3JjoP3NiBzE5J5ANT0bvfRmjA > fBgNV\n" > ++ "HSMEGDAWgBRIf1yoyLjHhGr1+UFaMt/UPhoZ8DAFBgMrZXADQQAeRBXv6WC > TOp0G\n" > ++ "3wgd8bbEGrrILfpi+qH7aj/MywgkPIlppDYRQ3jL6ASd+So/408dlE0DV9D > XKBi0\n" > ++ "725XUUYO\n" > ++ "-----END CERTIFICATE-----\n", > ++ /* C (signed by A) */ > ++ "-----BEGIN CERTIFICATE-----\n" > ++ "MIIBSDCB+6ADAgECAhRvbZv3SRTjDOiAbyFWHH4y0yMZkjAFBgMrZXAwETE > PMA0G\n" > ++ "A1UEAxMGUm9vdCBBMCAXDTI0MDExMTA2MTg1MVoYDzk5OTkxMjMxMjM1OTU > 5WjAR\n" > ++ "MQ8wDQYDVQQDEwZSb290IEMwKjAFBgMrZXADIQDxm6Ubhsa0gSa1vBCIO5e > +qZEH\n" > ++ "8Oocz+buNHfIJbh5NaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8 > EBAMC\n" > ++ "AgQwHQYDVR0OBBYEFEh/XKjIuMeEavX5QVoy39Q+GhnwMB8GA1UdIwQYMBa > AFFti\n" > ++ "A6REax3dnvj4Jq5fiG3MuDSXMAUGAytlcANBAPl+SyiOfXJnjSWx8hFMhJ7 > w92mn\n" > ++ "tkGifCFHBpUhYcBIMeMtLw0RBLXqaaN0EKlTFimiEkLClsU7DKYrpEEJegs > =\n" > ++ "-----END CERTIFICATE-----\n", > ++ /* C (signed by B) */ > ++ "-----BEGIN CERTIFICATE-----\n" > ++ "MIIBSDCB+6ADAgECAhQU1OJWRVOLrGrgJiLwexd1/MwKkTAFBgMrZXAwETE > PMA0G\n" > ++ "A1UEAxMGUm9vdCBCMCAXDTI0MDExMTA2MjAzMFoYDzk5OTkxMjMxMjM1OTU > 5WjAR\n" > ++ "MQ8wDQYDVQQDEwZSb290IEMwKjAFBgMrZXADIQDxm6Ubhsa0gSa1vBCIO5e > +qZEH\n" > ++ "8Oocz+buNHfIJbh5NaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8 > EBAMC\n" > ++ "AgQwHQYDVR0OBBYEFEh/XKjIuMeEavX5QVoy39Q+GhnwMB8GA1UdIwQYMBa > AFJFA\n" > ++ "s2rg6j8w9AKItRnOOOjG2FG6MAUGAytlcANBALXeyuj8vj6Q8j4l17VzZwm > Jl0gN\n" > ++ "bCGoKMl0J/0NiN/fQRIsdbwQDh0RUN/RN3I6DTtB20ER6f3VdnzAh8nXkQ4 > =\n" > ++ "-----END CERTIFICATE-----\n", > ++ NULL > ++}; > ++ > ++static const char *cross_signed_ca[] = { > ++ /* A (self-signed) */ > ++ "-----BEGIN CERTIFICATE-----\n" > ++ "MIIBJzCB2qADAgECAhQs1Ur+gzPs1ISxs3Tbs700q0CZcjAFBgMrZXAwETE > PMA0G\n" > ++ "A1UEAxMGUm9vdCBBMCAXDTI0MDExMTA2MTYwMFoYDzk5OTkxMjMxMjM1OTU > 5WjAR\n" > ++ "MQ8wDQYDVQQDEwZSb290IEEwKjAFBgMrZXADIQA0vDYyg3tgotSETL1Wq2h > Bs32p\n" > ++ "WbnINkmOSNmOiZlGHKNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8 > EBAMC\n" > ++ "AgQwHQYDVR0OBBYEFFtiA6REax3dnvj4Jq5fiG3MuDSXMAUGAytlcANBAHr > Vv7E9\n" > ++ "5scuOVCH9gNRRm8Z9SUoLakRHAPnySdg6z/kI3vOgA/OM7reArpnW8l1H2F > apgpL\n" > ++ "bDeZ2XJH+BdVFwg=\n" > ++ "-----END CERTIFICATE-----\n", > ++ NULL > ++}; > ++ > + #if defined __clang__ || __GNUC__ > 4 || (__GNUC__ == 4 && > __GNUC_MINOR__ >= 5) > + # pragma GCC diagnostic push > + # pragma GCC diagnostic ignored "-Wunused-variable" > +@@ -4275,6 +4398,8 @@ static struct > + { "ed448 - ok", ed448, &ed448[0], > GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_ULTRA), > + 0, NULL, 1584352960, 1}, > + { "superseding - ok", superseding, superseding_ca, 0, 0, 0, > 1590928011 }, > ++ { "cross signed - ok", cross_signed, cross_signed_ca, 0, 0, 0, > ++ 1704955300 }, > + { NULL, NULL, NULL, 0, 0} > + }; > + > +-- > +GitLab > + > diff --git a/meta/recipes-support/gnutls/gnutls_3.6.14.bb > b/meta/recipes-support/gnutls/gnutls_3.6.14.bb > index a1451daf2c..66700ac1b4 100644 > --- a/meta/recipes-support/gnutls/gnutls_3.6.14.bb > +++ b/meta/recipes-support/gnutls/gnutls_3.6.14.bb > @@ -30,6 +30,7 @@ SRC_URI = > "https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.gnupg.org%2Fftp%2Fgcrypt%2Fgnutls%2Fv%24&data=05%7C02%7Cranjitsinh.rathod%40kpit.com%7C3469f6cc73444e4b431508dc344ca848%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C638442751081653296%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=Geq4fyg7vtGrR9z497BrJ26xMNU7jJMLSucMGmdBLPc%3D&reserved=0{SHRT_VER}/gnutls-${PV}.ta > r > file://CVE-2023-0361.patch \ > file://CVE-2023-5981.patch \ > file://CVE-2024-0553.patch \ > + file://CVE-2024-0567.patch \ > " > > SRC_URI[sha256sum] = > "5630751adec7025b8ef955af4d141d00d252a985769f51b4059e5affa3d39d63" > > > This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#196052): https://lists.openembedded.org/g/openembedded-core/message/196052 Mute This Topic: https://lists.openembedded.org/mt/104524743/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
