[PATCH] gnutls: upgrade 3.8.12 -> 3.8.13

Openembedded Core Discussions
 help / color / mirror / Atom feed

* [PATCH] gnutls: upgrade 3.8.12 -> 3.8.13
@ 2026-05-10 16:24 Peter Marko
  2026-05-11  9:14 ` [OE-core] " Mathieu Dubois-Briand
  0 siblings, 1 reply; 3+ messages in thread
From: Peter Marko @ 2026-05-10 16:24 UTC (permalink / raw)
  To: openembedded-core; +Cc: Peter Marko

From: Peter Marko <peter.marko@siemens.com>

Solves CVE-2026-33846, CVE-2026-42009, CVE-2026-33845, CVE-2026-42010,
CVE-2026-3833, CVE-2026-42011, CVE-2026-42012, CVE-2026-42013,
CVE-2026-42014, CVE-2026-5260, CVE-2026-42015, CVE-2026-3832 and
CVE-2026-5419.

Release notes: [1]

Rebase patches and drop patch included in this release.

[1] https://github.com/gnutls/gnutls/blob/3.8.13/NEWS

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 .../gnutls/gnutls/Add-ptest-support.patch     |  4 +-
 meta/recipes-support/gnutls/gnutls/c99.patch  | 41 -------------------
 .../{gnutls_3.8.12.bb => gnutls_3.8.13.bb}    |  3 +-
 3 files changed, 3 insertions(+), 45 deletions(-)
 delete mode 100644 meta/recipes-support/gnutls/gnutls/c99.patch
 rename meta/recipes-support/gnutls/{gnutls_3.8.12.bb => gnutls_3.8.13.bb} (97%)

diff --git a/meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch b/meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch
index 398c0464e0..8c867a5a40 100644
--- a/meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch
+++ b/meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch
@@ -29,7 +29,7 @@ diff --git a/configure.ac b/configure.ac
 index 1744813..efb9e34 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -1448,6 +1448,8 @@ AC_SUBST(LIBGNUTLS_CFLAGS)
+@@ -1413,6 +1413,8 @@ AC_SUBST(LIBGNUTLS_CFLAGS)
  
  AM_CONDITIONAL(NEEDS_LIBRT, test "$gnutls_needs_librt" = "yes")
  
@@ -42,7 +42,7 @@ diff --git a/tests/Makefile.am b/tests/Makefile.am
 index 189d068..8430b05 100644
 --- a/tests/Makefile.am
 +++ b/tests/Makefile.am
-@@ -721,6 +721,12 @@ SH_LOG_COMPILER = $(SHELL)
+@@ -745,6 +745,12 @@ SH_LOG_COMPILER = $(SHELL)
  AM_VALGRINDFLAGS = --suppressions=$(srcdir)/suppressions.valgrind
  LOG_COMPILER = $(LOG_VALGRIND)
  
diff --git a/meta/recipes-support/gnutls/gnutls/c99.patch b/meta/recipes-support/gnutls/gnutls/c99.patch
deleted file mode 100644
index 3f41241deb..0000000000
--- a/meta/recipes-support/gnutls/gnutls/c99.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 203d8f2187bb7f483290e0f8b7b48b152b1d027f Mon Sep 17 00:00:00 2001
-From: Ross Burton <ross.burton@arm.com>
-Date: Thu, 5 Mar 2026 11:33:57 +0000
-Subject: [PATCH] configure: make the C99 detection more resiliant
-
-autoconf 2.73 will default to C23 by default, which means that the >C99
-detection logic in configure.ac will fail because it only handles c11
-and c99.
-
-Instead of adding c23 to the list and then breaking again in the future,
-flip the logic around (as suggested by Zack Weinberg) and check
-explicitly for just c89.
-
-Closes #1806.
-
-Upstream-Status: Backport [https://gitlab.com/gnutls/gnutls/-/merge_requests/2081]
-Signed-off-by: Ross Burton <ross.burton@arm.com>
----
- configure.ac | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 740fb6339..c708d8f5e 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -54,9 +54,9 @@ AC_USE_SYSTEM_EXTENSIONS
- # Require C99 support
- #
- AS_CASE([$ac_prog_cc_stdc],
--  [c11 | c99], [AC_DEFINE([C99_MACROS], 1, [C99 macros are supported])],
--  [AC_MSG_WARN([[Compiler does not support C99. It may not be able to compile the project.]])]
--)
-+  [c89],
-+  [AC_MSG_WARN([[Compiler does not support C99. It may not be able to compile the project.]])],
-+  [AC_DEFINE([C99_MACROS], 1, [C99 macros are supported])])
- 
- AM_CONDITIONAL(CROSS_COMPILING, test "$cross_compiling" = yes)
- 
--- 
-2.43.0
-
diff --git a/meta/recipes-support/gnutls/gnutls_3.8.12.bb b/meta/recipes-support/gnutls/gnutls_3.8.13.bb
similarity index 97%
rename from meta/recipes-support/gnutls/gnutls_3.8.12.bb
rename to meta/recipes-support/gnutls/gnutls_3.8.13.bb
index 8554ab943d..8fadbdc738 100644
--- a/meta/recipes-support/gnutls/gnutls_3.8.12.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.8.13.bb
@@ -23,10 +23,9 @@ SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar
            file://0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch \
            file://run-ptest \
            file://Add-ptest-support.patch \
-           file://c99.patch \
            "
 
-SRC_URI[sha256sum] = "a7b341421bfd459acf7a374ca4af3b9e06608dcd7bd792b2bf470bea012b8e51"
+SRC_URI[sha256sum] = "ffed8ec1bf09c2426d4f14aae377de4753b53e537d685e604e99a8b16ca9c97e"
 
 inherit autotools texinfo pkgconfig gettext lib_package gtk-doc ptest
 


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [OE-core] [PATCH] gnutls: upgrade 3.8.12 -> 3.8.13
  2026-05-10 16:24 [PATCH] gnutls: upgrade 3.8.12 -> 3.8.13 Peter Marko
@ 2026-05-11  9:14 ` Mathieu Dubois-Briand
  2026-05-11 21:19   ` Marko, Peter
  0 siblings, 1 reply; 3+ messages in thread
From: Mathieu Dubois-Briand @ 2026-05-11  9:14 UTC (permalink / raw)
  To: peter.marko, openembedded-core

On Sun May 10, 2026 at 6:24 PM CEST, Peter Marko via lists.openembedded.org wrote:
> From: Peter Marko <peter.marko@siemens.com>
>
> Solves CVE-2026-33846, CVE-2026-42009, CVE-2026-33845, CVE-2026-42010,
> CVE-2026-3833, CVE-2026-42011, CVE-2026-42012, CVE-2026-42013,
> CVE-2026-42014, CVE-2026-5260, CVE-2026-42015, CVE-2026-3832 and
> CVE-2026-5419.
>
> Release notes: [1]
>
> Rebase patches and drop patch included in this release.
>
> [1] https://github.com/gnutls/gnutls/blob/3.8.13/NEWS
>
> Signed-off-by: Peter Marko <peter.marko@siemens.com>
> ---

Hi Peter,

Thanks for the upgrade.

I note some issues on the autobuilder: build issues with musl and ptest
failures.

ERROR: gnutls-3.8.13-r0 do_install_ptest_base: Execution of '/srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/core2-32-poky-linux-musl/gnutls/3.8.13/temp/run.do_install_ptest_base.4034882' failed with exit code 1
...
| /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/core2-32-poky-linux-musl/gnutls/3.8.13/recipe-sysroot-native/usr/bin/i686-poky-linux-musl/i686-poky-linux-musl-ld: mini_dtls_fragments-mini-dtls-fragments.o: in function `split_client_hello':
| /usr/src/debug/gnutls/3.8.13/tests/mini-dtls-fragments.c:429:(.text+0x6c): undefined reference to `rpl_malloc'
| /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/core2-32-poky-linux-musl/gnutls/3.8.13/recipe-sysroot-native/usr/bin/i686-poky-linux-musl/i686-poky-linux-musl-ld: /usr/src/debug/gnutls/3.8.13/tests/mini-dtls-fragments.c:431:(.text+0x8b): undefined reference to `rpl_malloc'
| /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/core2-32-poky-linux-musl/gnutls/3.8.13/recipe-sysroot-native/usr/bin/i686-poky-linux-musl/i686-poky-linux-musl-ld: mini_dtls_fragments-mini-dtls-fragments.o: in function `queue_put_renumbered':
| /usr/src/debug/gnutls/3.8.13/tests/mini-dtls-fragments.c:412:(.text+0x391): undefined reference to `rpl_malloc'
| /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/core2-32-poky-linux-musl/gnutls/3.8.13/recipe-sysroot-native/usr/bin/i686-poky-linux-musl/i686-poky-linux-musl-ld: /usr/src/debug/gnutls/3.8.13/tests/mini-dtls-fragments.c:417:(.text+0x44c): undefined reference to `rpl_free'
| /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/core2-32-poky-linux-musl/gnutls/3.8.13/recipe-sysroot-native/usr/bin/i686-poky-linux-musl/i686-poky-linux-musl-ld: mini_dtls_fragments-mini-dtls-fragments.o: in function `client_push_split_hello':
| /usr/src/debug/gnutls/3.8.13/tests/mini-dtls-fragments.c:472:(.text+0x535): undefined reference to `rpl_free'
| /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/core2-32-poky-linux-musl/gnutls/3.8.13/recipe-sysroot-native/usr/bin/i686-poky-linux-musl/i686-poky-linux-musl-ld: /usr/src/debug/gnutls/3.8.13/tests/mini-dtls-fragments.c:473:(.text+0x541): undefined reference to `rpl_free'
| /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/core2-32-poky-linux-musl/gnutls/3.8.13/recipe-sysroot-native/usr/bin/i686-poky-linux-musl/i686-poky-linux-musl-ld: mini_dtls_fragments-mini-dtls-fragments.o: in function `client_push_split_hello_bad_seq':
| /usr/src/debug/gnutls/3.8.13/tests/mini-dtls-fragments.c:500:(.text+0x629): undefined reference to `rpl_free'
| /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/core2-32-poky-linux-musl/gnutls/3.8.13/recipe-sysroot-native/usr/bin/i686-poky-linux-musl/i686-poky-linux-musl-ld: /usr/src/debug/gnutls/3.8.13/tests/mini-dtls-fragments.c:501:(.text+0x635): undefined reference to `rpl_free'
| /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/core2-32-poky-linux-musl/gnutls/3.8.13/recipe-sysroot-native/usr/bin/i686-poky-linux-musl/i686-poky-linux-musl-ld: mini_dtls_fragments-mini-dtls-fragments.o: in function `client_push_inj0':
| /usr/src/debug/gnutls/3.8.13/tests/mini-dtls-fragments.c:192:(.text+0x139d): undefined reference to `rpl_malloc'
| /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/core2-32-poky-linux-musl/gnutls/3.8.13/recipe-sysroot-native/usr/bin/i686-poky-linux-musl/i686-poky-linux-musl-ld: /usr/src/debug/gnutls/3.8.13/tests/mini-dtls-fragments.c:208:(.text+0x1424): undefined reference to `rpl_free'
| collect2: error: ld returned 1 exit status

https://autobuilder.yoctoproject.org/valkyrie/#/builders/6/builds/3767
https://autobuilder.yoctoproject.org/valkyrie/#/builders/109/builds/391
https://autobuilder.yoctoproject.org/valkyrie/#/builders/110/builds/375

Failed ptests:
{'gnutls': ['key-openssl']}
https://autobuilder.yoctoproject.org/valkyrie/#/builders/73/builds/3652

Can you have a look at the issues?

Thanks,
Mathieu

-- 
Mathieu Dubois-Briand, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

^ permalink raw reply	[flat|nested] 3+ messages in thread

* RE: [OE-core] [PATCH] gnutls: upgrade 3.8.12 -> 3.8.13
  2026-05-11  9:14 ` [OE-core] " Mathieu Dubois-Briand
@ 2026-05-11 21:19   ` Marko, Peter
  0 siblings, 0 replies; 3+ messages in thread
From: Marko, Peter @ 2026-05-11 21:19 UTC (permalink / raw)
  To: Mathieu Dubois-Briand, openembedded-core@lists.openembedded.org



> -----Original Message-----
> From: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
> Sent: Monday, May 11, 2026 11:14 AM
> To: Marko, Peter (FT D EU SK BFS1) <Peter.Marko@siemens.com>;
> openembedded-core@lists.openembedded.org
> Subject: Re: [OE-core] [PATCH] gnutls: upgrade 3.8.12 -> 3.8.13
> 
> On Sun May 10, 2026 at 6:24 PM CEST, Peter Marko via lists.openembedded.org
> wrote:
> > From: Peter Marko <peter.marko@siemens.com>
> >
> > Solves CVE-2026-33846, CVE-2026-42009, CVE-2026-33845, CVE-2026-42010,
> > CVE-2026-3833, CVE-2026-42011, CVE-2026-42012, CVE-2026-42013,
> > CVE-2026-42014, CVE-2026-5260, CVE-2026-42015, CVE-2026-3832 and
> > CVE-2026-5419.
> >
> > Release notes: [1]
> >
> > Rebase patches and drop patch included in this release.
> >
> > [1] https://github.com/gnutls/gnutls/blob/3.8.13/NEWS
> >
> > Signed-off-by: Peter Marko <peter.marko@siemens.com>
> > ---
> 
> Hi Peter,
> 
> Thanks for the upgrade.
> 
> I note some issues on the autobuilder: build issues with musl and ptest
> failures.
> 
> ERROR: gnutls-3.8.13-r0 do_install_ptest_base: Execution of '/srv/pokybuild/yocto-
> worker/musl-qemux86/build/build/tmp/work/core2-32-poky-linux-
> musl/gnutls/3.8.13/temp/run.do_install_ptest_base.4034882' failed with exit code 1
> ...
> | /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/core2-32-poky-
> linux-musl/gnutls/3.8.13/recipe-sysroot-native/usr/bin/i686-poky-linux-musl/i686-poky-
> linux-musl-ld: mini_dtls_fragments-mini-dtls-fragments.o: in function
> `split_client_hello':
> | /usr/src/debug/gnutls/3.8.13/tests/mini-dtls-fragments.c:429:(.text+0x6c): undefined
> reference to `rpl_malloc'
> | /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/core2-32-poky-
> linux-musl/gnutls/3.8.13/recipe-sysroot-native/usr/bin/i686-poky-linux-musl/i686-poky-
> linux-musl-ld: /usr/src/debug/gnutls/3.8.13/tests/mini-dtls-
> fragments.c:431:(.text+0x8b): undefined reference to `rpl_malloc'
> | /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/core2-32-poky-
> linux-musl/gnutls/3.8.13/recipe-sysroot-native/usr/bin/i686-poky-linux-musl/i686-poky-
> linux-musl-ld: mini_dtls_fragments-mini-dtls-fragments.o: in function
> `queue_put_renumbered':
> | /usr/src/debug/gnutls/3.8.13/tests/mini-dtls-fragments.c:412:(.text+0x391): undefined
> reference to `rpl_malloc'
> | /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/core2-32-poky-
> linux-musl/gnutls/3.8.13/recipe-sysroot-native/usr/bin/i686-poky-linux-musl/i686-poky-
> linux-musl-ld: /usr/src/debug/gnutls/3.8.13/tests/mini-dtls-
> fragments.c:417:(.text+0x44c): undefined reference to `rpl_free'
> | /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/core2-32-poky-
> linux-musl/gnutls/3.8.13/recipe-sysroot-native/usr/bin/i686-poky-linux-musl/i686-poky-
> linux-musl-ld: mini_dtls_fragments-mini-dtls-fragments.o: in function
> `client_push_split_hello':
> | /usr/src/debug/gnutls/3.8.13/tests/mini-dtls-fragments.c:472:(.text+0x535): undefined
> reference to `rpl_free'
> | /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/core2-32-poky-
> linux-musl/gnutls/3.8.13/recipe-sysroot-native/usr/bin/i686-poky-linux-musl/i686-poky-
> linux-musl-ld: /usr/src/debug/gnutls/3.8.13/tests/mini-dtls-
> fragments.c:473:(.text+0x541): undefined reference to `rpl_free'
> | /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/core2-32-poky-
> linux-musl/gnutls/3.8.13/recipe-sysroot-native/usr/bin/i686-poky-linux-musl/i686-poky-
> linux-musl-ld: mini_dtls_fragments-mini-dtls-fragments.o: in function
> `client_push_split_hello_bad_seq':
> | /usr/src/debug/gnutls/3.8.13/tests/mini-dtls-fragments.c:500:(.text+0x629): undefined
> reference to `rpl_free'
> | /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/core2-32-poky-
> linux-musl/gnutls/3.8.13/recipe-sysroot-native/usr/bin/i686-poky-linux-musl/i686-poky-
> linux-musl-ld: /usr/src/debug/gnutls/3.8.13/tests/mini-dtls-
> fragments.c:501:(.text+0x635): undefined reference to `rpl_free'
> | /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/core2-32-poky-
> linux-musl/gnutls/3.8.13/recipe-sysroot-native/usr/bin/i686-poky-linux-musl/i686-poky-
> linux-musl-ld: mini_dtls_fragments-mini-dtls-fragments.o: in function `client_push_inj0':
> | /usr/src/debug/gnutls/3.8.13/tests/mini-dtls-fragments.c:192:(.text+0x139d):
> undefined reference to `rpl_malloc'
> | /srv/pokybuild/yocto-worker/musl-qemux86/build/build/tmp/work/core2-32-poky-
> linux-musl/gnutls/3.8.13/recipe-sysroot-native/usr/bin/i686-poky-linux-musl/i686-poky-
> linux-musl-ld: /usr/src/debug/gnutls/3.8.13/tests/mini-dtls-
> fragments.c:208:(.text+0x1424): undefined reference to `rpl_free'
> | collect2: error: ld returned 1 exit status
> 
> https://autobuilder.yoctoproject.org/valkyrie/#/builders/6/builds/3767
> https://autobuilder.yoctoproject.org/valkyrie/#/builders/109/builds/391
> https://autobuilder.yoctoproject.org/valkyrie/#/builders/110/builds/375
> 
> Failed ptests:
> {'gnutls': ['key-openssl']}
> https://autobuilder.yoctoproject.org/valkyrie/#/builders/73/builds/3652
> 
> 
> Can you have a look at the issues?

I have backported two patches to fix musl build.

I also increased memory needed to pass the tests.
Unfortunately, I am usually testing with custom image much larger than core-image-ptest...

v2 is out.

Peter


> 
> Thanks,
> Mathieu
> 
> --
> Mathieu Dubois-Briand, Bootlin
> Embedded Linux and Kernel engineering
> https://bootlin.com


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2026-05-11 21:19 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-10 16:24 [PATCH] gnutls: upgrade 3.8.12 -> 3.8.13 Peter Marko
2026-05-11  9:14 ` [OE-core] " Mathieu Dubois-Briand
2026-05-11 21:19   ` Marko, Peter

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox