Peter Korsgaard
e91cf0ae73
Fixes the following security vulnerabilities: CVE-2026-1584: libgnutls: Fix NULL pointer dereference in PSK binder verification A TLS 1.3 resumption attempt with an invalid PSK binder value in ClientHello could lead to a denial of service attack via crashing the server. The updated code guards against the problematic dereference. CVE-2025-14831: libgnutls: Fix name constraint processing performance issue Verifying certificates with pathological amounts of name constraints could lead to a denial of service attack via resource exhaustion. Reworked processing algorithms exhibit better performance characteristics. For more details, see the release notes: https://lists.gnupg.org/pipermail/gnutls-help/2026-February/004914.html Drop now upstreamed 0001-audit-crau-fix-compilation-with-gcc-11.patch: https://gitlab.com/gnutls/gnutls/-/commit/f5666f8f1f653cfe2bef808a9c9b61534f279ed1 Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Julien Olivain <ju.o@free.fr>