[AUTO-CHERRYPICK] [AutoPR- Security] Patch gnutls for CVE-2025-32990, CVE-2025-32989, CVE-2025-32988 - branch 3.0-dev (microsoft#14289)

Co-authored-by: Azure Linux Security Servicing Account <[email protected]>

Author: CBL-Mariner-Bot

SPECS/gnutls/CVE-2025-32988.patch

@@ -0,0 +1,34 @@
+From aee5e661655a57617e7c1742440acd802ed15d5e Mon Sep 17 00:00:00 2001
+From: Azure Linux Security Servicing Account
+ <[email protected]>
+Date: Mon, 14 Jul 2025 13:55:55 +0000
+Subject: [PATCH] Fix CVE CVE-2025-32988 in gnutls
+
+Upstream Patch Reference: https://gitlab.com/gnutls/gnutls/-/commit/608829769cbc247679ffe98841109fc73875e573.patch
+---
+ lib/x509/extensions.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/lib/x509/extensions.c b/lib/x509/extensions.c
+index 6c2da8f..e8be12e 100644
+--- a/lib/x509/extensions.c
++++ b/lib/x509/extensions.c
+@@ -754,7 +754,6 @@ int _gnutls_write_new_othername(asn1_node ext, const char *ext_name,
+ 	result = asn1_write_value(ext, name2, oid, 1);
+ 	if (result != ASN1_SUCCESS) {
+ 		gnutls_assert();
+-		asn1_delete_structure(&ext);
+ 		return _gnutls_asn2err(result);
+ 	}
+ 
+@@ -763,7 +762,6 @@ int _gnutls_write_new_othername(asn1_node ext, const char *ext_name,
+ 	result = asn1_write_value(ext, name2, data, data_size);
+ 	if (result != ASN1_SUCCESS) {
+ 		gnutls_assert();
+-		asn1_delete_structure(&ext);
+ 		return _gnutls_asn2err(result);
+ 	}
+ 
+-- 
+2.45.3
+

SPECS/gnutls/CVE-2025-32989.patch

@@ -0,0 +1,27 @@
+From 8bd8fed8a12f671eb479776196ac02098a179083 Mon Sep 17 00:00:00 2001
+From: Azure Linux Security Servicing Account
+ <[email protected]>
+Date: Mon, 14 Jul 2025 13:56:14 +0000
+Subject: [PATCH] Fix CVE CVE-2025-32989 in gnutls
+
+Upstream Patch Reference: https://gitlab.com/gnutls/gnutls/-/commit/8e5ca951257202089246fa37e93a99d210ee5ca2.patch
+---
+ lib/x509/x509_ext.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/x509/x509_ext.c b/lib/x509/x509_ext.c
+index 064ca83..05336a0 100644
+--- a/lib/x509/x509_ext.c
++++ b/lib/x509/x509_ext.c
+@@ -3757,7 +3757,7 @@ int gnutls_x509_ext_ct_import_scts(const gnutls_datum_t *ext,
+ 	}
+ 
+ 	length = _gnutls_read_uint16(scts_content.data);
+-	if (length < 4) {
++	if (length < 4 || length > scts_content.size) {
+ 		gnutls_free(scts_content.data);
+ 		return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ 	}
+-- 
+2.45.3
+

SPECS/gnutls/CVE-2025-32990.patch

@@ -0,0 +1,36 @@
+From bdc30f568829c08f52705ee60ad4914502345d29 Mon Sep 17 00:00:00 2001
+From: Azure Linux Security Servicing Account
+ <[email protected]>
+Date: Mon, 14 Jul 2025 13:56:33 +0000
+Subject: [PATCH] Fix CVE CVE-2025-32990 in gnutls
+
+Upstream Patch Reference: https://gitlab.com/gnutls/gnutls/-/commit/8a36455fd75ce76391cfc00c53213d8b0e1648da.patch
+---
+ src/certtool-cfg.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/certtool-cfg.c b/src/certtool-cfg.c
+index 2d7a1dc..bce2390 100644
+--- a/src/certtool-cfg.c
++++ b/src/certtool-cfg.c
+@@ -257,7 +257,7 @@ void cfg_init(void)
+ 	if (val != NULL) {                                                 \
+ 		if (s_name == NULL) {                                      \
+ 			i = 0;                                             \
+-			s_name = malloc(sizeof(char *) * MAX_ENTRIES);     \
++			s_name = calloc(MAX_ENTRIES + 1, sizeof(char *));  \
+ 			CHECK_MALLOC(s_name);                              \
+ 			do {                                               \
+ 				if (val && strcmp(val->name, k_name) != 0) \
+@@ -279,7 +279,7 @@ void cfg_init(void)
+ 		char *p;                                                      \
+ 		if (s_name == NULL) {                                         \
+ 			i = 0;                                                \
+-			s_name = malloc(sizeof(char *) * MAX_ENTRIES);        \
++			s_name = calloc(MAX_ENTRIES + 1, sizeof(char *));     \
+ 			CHECK_MALLOC(s_name);                                 \
+ 			do {                                                  \
+ 				if (val && strcmp(val->name, k_name) != 0)    \
+-- 
+2.45.3
+

SPECS/gnutls/gnutls.spec

@@ -1,7 +1,7 @@
 Summary:        The GnuTLS Transport Layer Security Library
 Name:           gnutls
 Version:        3.8.3
-Release:        4%{?dist}
+Release:        5%{?dist}
 License:        GPLv3+ AND LGPLv2.1+
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -14,6 +14,9 @@ Patch1:         CVE-2024-28834.patch
 Patch2:         CVE-2024-28835.patch
 Patch3:         CVE-2024-12133.patch
 Patch4:         CVE-2024-12243.patch
+Patch5:         CVE-2025-32990.patch
+Patch6:         CVE-2025-32989.patch
+Patch7:         CVE-2025-32988.patch
 BuildRequires:  autogen-libopts-devel
 BuildRequires:  gc-devel
 BuildRequires:  libtasn1-devel
@@ -95,6 +98,9 @@ sed -i 's/TESTS += test-ciphers-openssl.sh//'  tests/slow/Makefile.am
 %{_mandir}/man3/*
 
 %changelog
+* Mon Jul 14 2025 Azure Linux Security Servicing Account <[email protected]> - 3.8.3-5
+- Patch for CVE-2025-32990, CVE-2025-32989, CVE-2025-32988
+
 * Tue Mar 11 2025 Sreeniavsulu Malavathula <[email protected]> - 3.8.3-4
 - Patch CVE-2024-12243