1 files changed, 45 insertions, 0 deletions
diff --git a/meta/recipes-support/gnutls/libtasn1/CVE-2021-46848.patch b/meta/recipes-support/gnutls/libtasn1/CVE-2021-46848.patch
new file mode 100644
index 0000000000..9a8ceecbe7
--- /dev/null
+++ b/meta/recipes-support/gnutls/libtasn1/CVE-2021-46848.patch
@@ -0,0 +1,45 @@
+From 22fd12b290adea788122044cb58dc9e77754644f Mon Sep 17 00:00:00 2001
+From: Vivek Kumbhar <vkumbhar@mvista.com>
+Date: Thu, 17 Nov 2022 12:07:50 +0530
+Subject: [PATCH] CVE-2021-46848
+Upstream-Status: Backport [https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5]
+CVE: CVE-2021-46848
+Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
+Fix ETYPE_OK off by one array size check.
+---
+ NEWS      | 4 ++++
+ lib/int.h | 2 +-
+ 2 files changed, 5 insertions(+), 1 deletion(-)
+diff --git a/NEWS b/NEWS
+index f042481..d8f684e 100644
+--- a/NEWS
+++ b/NEWS
+@@ -1,5 +1,9 @@
+ GNU Libtasn1 NEWS                                     -*- outline -*-
+ 
+* Noteworthy changes in release ?.? (????-??-??) [?]
+- Fix ETYPE_OK out of bounds read.  Closes: #32.
+- Update gnulib files and various maintenance fixes.
+
+ * Noteworthy changes in release 4.16.0 (released 2020-02-01) [stable]
+ - asn1_decode_simple_ber: added support for constructed definite
+   octet strings. This allows this function decode the whole set of
+diff --git a/lib/int.h b/lib/int.h
+index ea16257..c877282 100644
+--- a/lib/int.h
+++ b/lib/int.h
+@@ -97,7 +97,7 @@ typedef struct tag_and_class_st
+ #define ETYPE_TAG(etype) (_asn1_tags[etype].tag)
+ #define ETYPE_CLASS(etype) (_asn1_tags[etype].class)
+ #define ETYPE_OK(etype) (((etype) != ASN1_ETYPE_INVALID && \
+-                          (etype) <= _asn1_tags_size && \
+                          (etype) < _asn1_tags_size && \
+                           _asn1_tags[(etype)].desc != NULL)?1:0)
+ 
+ #define ETYPE_IS_STRING(etype) ((etype == ASN1_ETYPE_GENERALSTRING || \
+-- 
+2.25.1

diff --git a/meta/recipes-support/gnutls/libtasn1/CVE-2021-46848.patch b/meta/recipes-support/gnutls/libtasn1/CVE-2021-46848.patch new file mode 100644 index 0000000000..9a8ceecbe7 --- /dev/null +++ b/meta/recipes-support/gnutls/libtasn1/CVE-2021-46848.patch
@@ -0,0 +1,45 @@
	1	From 22fd12b290adea788122044cb58dc9e77754644f Mon Sep 17 00:00:00 2001
	2	From: Vivek Kumbhar <vkumbhar@mvista.com>
	3	Date: Thu, 17 Nov 2022 12:07:50 +0530
	4	Subject: [PATCH] CVE-2021-46848
	5
	6	Upstream-Status: Backport [https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5]
	7	CVE: CVE-2021-46848
	8	Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
	9
	10	Fix ETYPE_OK off by one array size check.
	11	---
	12	NEWS \| 4 ++++
	13	lib/int.h \| 2 +-
	14	2 files changed, 5 insertions(+), 1 deletion(-)
	15
	16	diff --git a/NEWS b/NEWS
	17	index f042481..d8f684e 100644
	18	--- a/NEWS
	19	+++ b/NEWS
	20	@@ -1,5 +1,9 @@
	21	GNU Libtasn1 NEWS -- outline --
	22
	23	+* Noteworthy changes in release ?.? (????-??-??) [?]
	24	+- Fix ETYPE_OK out of bounds read. Closes: #32.
	25	+- Update gnulib files and various maintenance fixes.
	26	+
	27	* Noteworthy changes in release 4.16.0 (released 2020-02-01) [stable]
	28	- asn1_decode_simple_ber: added support for constructed definite
	29	octet strings. This allows this function decode the whole set of
	30	diff --git a/lib/int.h b/lib/int.h
	31	index ea16257..c877282 100644
	32	--- a/lib/int.h
	33	+++ b/lib/int.h
	34	@@ -97,7 +97,7 @@ typedef struct tag_and_class_st
	35	#define ETYPE_TAG(etype) (_asn1_tags[etype].tag)
	36	#define ETYPE_CLASS(etype) (_asn1_tags[etype].class)
	37	#define ETYPE_OK(etype) (((etype) != ASN1_ETYPE_INVALID && \
	38	- (etype) <= _asn1_tags_size && \
	39	+ (etype) < _asn1_tags_size && \
	40	_asn1_tags[(etype)].desc != NULL)?1:0)
	41
	42	#define ETYPE_IS_STRING(etype) ((etype == ASN1_ETYPE_GENERALSTRING \|\| \
	43	--
	44	2.25.1
	45