[AutoPR- Security] Patch gnutls for CVE-2026-42009 [MEDIUM] (#17433)

Co-authored-by: Durga Jagadeesh Palli <v-dpalli@microsoft.com>
Co-authored-by: kgodara912 <kshigodara@outlook.com>

Author: 3 people

SPECS/gnutls/CVE-2026-42009.patch

@@ -0,0 +1,61 @@
+From c98e21a34e93c5d76cfafd4e42af2e076b8122e7 Mon Sep 17 00:00:00 2001
+From: AllSpark <allspark@microsoft.com>
+Date: Mon, 25 May 2026 08:44:24 +0000
+Subject: [PATCH] lib/buffers: ensure packets with duplicate sequence but
+ mismatched type are discarded; fix comparator to return 0 when sequence equal
+ for stable sort (backport)
+
+Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
+Upstream-reference: AI Backport of https://gitlab.com/gnutls/gnutls/-/commit/f01e21441e29052a6f0963840794c41d3b3ee66d.patch https://gitlab.com/gnutls/gnutls/-/commit/f341441fad91142897d83b44a175ffc8f925b76f.patch
+
+---
+ lib/buffers.c | 25 ++++++++++++++++++-------
+ 1 file changed, 18 insertions(+), 7 deletions(-)
+
+diff --git a/lib/buffers.c b/lib/buffers.c
+index f419193..e41ecde 100644
+--- a/lib/buffers.c
++++ b/lib/buffers.c
+@@ -844,11 +844,7 @@ static int handshake_compare(const void *_e1, const void *_e2)
+ {
+ 	const handshake_buffer_st *e1 = _e1;
+ 	const handshake_buffer_st *e2 = _e2;
+-
+-	if (e1->sequence <= e2->sequence)
+-		return 1;
+-	else
+-		return -1;
++	return (e1->sequence < e2->sequence) - (e1->sequence > e2->sequence);
+ }
+ 
+ #define SSL2_HEADERS 1
+@@ -966,9 +962,24 @@ static int merge_handshake_packet(gnutls_session_t session,
+	int exists = 0, i, pos = 0;
+ 	int ret;
+ 
++	handshake_buffer_st *recv_buf =
++		session->internals.handshake_recv_buffer;
++
+ 	for (i = 0; i < session->internals.handshake_recv_buffer_size; i++) {
+-		if (session->internals.handshake_recv_buffer[i].htype ==
+-		    hsk->htype) {
++		if (recv_buf[i].sequence == hsk->sequence) {
++			if (recv_buf[i].htype != hsk->htype) {
++				_gnutls_audit_log(
++					session,
++					"Discarded unexpected handshake packet "
++					"with duplicate sequence %d, but "
++					"mismatched type %s (previously %s)\n",
++					hsk->sequence,
++					_gnutls_handshake2str(hsk->htype),
++					_gnutls_handshake2str(
++						recv_buf[i].htype));
++				_gnutls_handshake_buffer_clear(hsk);
++				return 0;
++			}
+ 			exists = 1;
+ 			pos = i;
+ 			break;
+-- 
+2.45.4
+

SPECS/gnutls/gnutls.spec

@@ -1,7 +1,7 @@
 Summary:        The GnuTLS Transport Layer Security Library
 Name:           gnutls
 Version:        3.8.3
-Release:        10%{?dist}
+Release:        11%{?dist}
 License:        GPLv3+ AND LGPLv2.1+
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -24,6 +24,7 @@ Patch11:        CVE-2026-33845.patch
 Patch12:        CVE-2026-33846.patch
 Patch13:        CVE-2026-3832.patch
 Patch14:        CVE-2026-42010.patch
+Patch15:        CVE-2026-42009.patch
 
 BuildRequires:  autogen-libopts-devel
 BuildRequires:  gc-devel
@@ -106,6 +107,9 @@ sed -i 's/TESTS += test-ciphers-openssl.sh//'  tests/slow/Makefile.am
 %{_mandir}/man3/*
 
 %changelog
+* Mon May 25 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 3.8.3-11
+- Patch for CVE-2026-42009
+
 * Fri May 08 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 3.8.3-10
 - Patch for CVE-2026-3832, CVE-2026-33846, CVE-2026-42010