Patch gnutls for CVE-2026-42009

azurelinux-security · azurelinux-security · commit f939c32eee6a · 2026-05-25T08:51:13.000Z
diff --git a/SPECS/gnutls/CVE-2026-42009.patch b/SPECS/gnutls/CVE-2026-42009.patch
@@ -0,0 +1,55 @@
+From c98e21a34e93c5d76cfafd4e42af2e076b8122e7 Mon Sep 17 00:00:00 2001
+From: AllSpark <allspark@microsoft.com>
+Date: Mon, 25 May 2026 08:44:24 +0000
+Subject: [PATCH] lib/buffers: ensure packets with duplicate sequence but
+ mismatched type are discarded; fix comparator to return 0 when sequence equal
+ for stable sort (backport)
+
+Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
+Upstream-reference: AI Backport of https://gitlab.com/gnutls/gnutls/-/commit/f01e21441e29052a6f0963840794c41d3b3ee66d.patch https://gitlab.com/gnutls/gnutls/-/commit/f341441fad91142897d83b44a175ffc8f925b76f.patch
+---
+ lib/buffers.c | 21 +++++++++++++++------
+ 1 file changed, 15 insertions(+), 6 deletions(-)
+
+diff --git a/lib/buffers.c b/lib/buffers.c
+index f419193..e412915 100644
+--- a/lib/buffers.c
++++ b/lib/buffers.c
+@@ -845,10 +845,7 @@ static int handshake_compare(const void *_e1, const void *_e2)
+ 	const handshake_buffer_st *e1 = _e1;
+ 	const handshake_buffer_st *e2 = _e2;
+ 
+-	if (e1->sequence <= e2->sequence)
+-		return 1;
+-	else
+-		return -1;
++	return (e1->sequence < e2->sequence) - (e1->sequence > e2->sequence);
+ }
+ 
+ #define SSL2_HEADERS 1
+@@ -967,8 +964,20 @@ static int merge_handshake_packet(gnutls_session_t session,
+ 	int ret;
+ 
+ 	for (i = 0; i < session->internals.handshake_recv_buffer_size; i++) {
+-		if (session->internals.handshake_recv_buffer[i].htype ==
+-		    hsk->htype) {
++		if (session->internals.handshake_recv_buffer[i].sequence == hsk->sequence) {
++			if (session->internals.handshake_recv_buffer[i].htype != hsk->htype) {
++				_gnutls_audit_log(
++					session,
++					"Discarded unexpected handshake packet "
++					"with duplicate sequence %d, but "
++					"mismatched type %s (previously %s)\n",
++					hsk->sequence,
++					_gnutls_handshake2str(hsk->htype),
++					_gnutls_handshake2str(
++						session->internals.handshake_recv_buffer[i].htype));
++				_gnutls_handshake_buffer_clear(hsk);
++				return 0;
++			}
+ 			exists = 1;
+ 			pos = i;
+ 			break;
+-- 
+2.45.4
+
diff --git a/SPECS/gnutls/gnutls.spec b/SPECS/gnutls/gnutls.spec
@@ -1,7 +1,7 @@
 Summary:        The GnuTLS Transport Layer Security Library
 Name:           gnutls
 Version:        3.8.3
-Release:        9%{?dist}
+Release:        10%{?dist}
 License:        GPLv3+ AND LGPLv2.1+
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -21,6 +21,7 @@ Patch8:         CVE-2025-6395.patch
 Patch9:         CVE-2025-13151.patch
 Patch10:        CVE-2025-9820.patch
 Patch11:        CVE-2026-33845.patch
+Patch12:        CVE-2026-42009.patch
 BuildRequires:  autogen-libopts-devel
 BuildRequires:  gc-devel
 BuildRequires:  libtasn1-devel
@@ -102,6 +103,9 @@ sed -i 's/TESTS += test-ciphers-openssl.sh//'  tests/slow/Makefile.am
 %{_mandir}/man3/*
 
 %changelog
+* Mon May 25 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 3.8.3-10
+- Patch for CVE-2026-42009
+
 * Thu May 07 2026 Akarsh Chaudhary <v-akarshc@microsoft.com>- 3.8.3-9
 - Patch for CVE-2026-33845
 
