Description of the patch:
This update for gnutls fixes the following issues
- CVE-2026-3832: cert-session: fix multi-entry OCSP revocation bypass (bsc#1263706).
- CVE-2026-3833: x509/name-constraints: compare domain names case-insensitive (bsc#1263707).
- CVE-2026-5260: lib/pkcs11_privkey: guard against overreading on short ciphertexts (bsc#1263715).
- CVE-2026-5419: gnutls_cipher_decrypt3: make PKCS#7 unpadding branch free (bsc#1263716).
- CVE-2026-33845: buffers: switch from end_offset over to frag_length (bsc#1263704).
- CVE-2026-33846: buffers: add more checks to DTLS reassembly (bsc#1263705).
- CVE-2026-42009: lib/buffers: ensure packets have differing sequence numbers (bsc#1263708).
- CVE-2026-42010: lib/auth/rsa_psk: fix binary PSK identity lookup (bsc#1263709).
- CVE-2026-42011: x509/name_constraints: fix intersecting empty constraints (bsc#1263710).
- CVE-2026-42012: x509/hostname-verify: make URI/SRV SAN preclude CN fallback (bsc#1263711).
- CVE-2026-42013: x509: prevent fallback on oversized SAN (bsc#1263712).
- CVE-2026-42014: pkcs11_write: fix UAF and leak in gnutls_pkcs11_token_set_pin (bsc#1263713).
- CVE-2026-42015: x509/pkcs12_bag: fix off-by-one in bag element bounds chec (bsc#1263714).