wolfssl: patch CVE-2026-5392

Backport commit from the PR[1] mentioned in the nvd[2]

[1]https://github.com/wolfSSL/wolfssl/pull/10039
[2]https://nvd.nist.gov/vuln/detail/CVE-2026-5392

Dropped unit test changes during the backport.

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>

meta-networking/recipes-connectivity/wolfssl/files/CVE-2026-5392.patch

@@ -0,0 +1,33 @@
+From 02c53b7cb22ba520d1b9a061476a1066eef45a42 Mon Sep 17 00:00:00 2001
+From: Anthony Hu <anthony@wolfssl.com>
+Date: Fri, 20 Mar 2026 21:32:14 -0400
+Subject: [PATCH] Add bounds check in PKCS7 streaming indefinite-length
+ end-of-content parsing
+
+(cherry picked from commit 6721bde8e0f4074b76c1ea5e8987b8c2a746b3fa)
+
+CVE: CVE-2026-5392
+Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/6721bde8e0f4074b76c1ea5e8987b8c2a746b3fa]
+
+Dropped unit test changes during the backport.
+
+Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+---
+ wolfcrypt/src/pkcs7.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
+index a8545ba0a..92dab5080 100644
+--- a/wolfcrypt/src/pkcs7.c
++++ b/wolfcrypt/src/pkcs7.c
+@@ -6485,6 +6485,10 @@ static int PKCS7_VerifySignedData(wc_PKCS7* pkcs7, const byte* hashBuf,
+                 word32 sz = (word32)pkcs7->stream->cntIdfCnt * ASN_INDEF_END_SZ;
+                 localIdx = idx;
+                 for (i = 0; i < sz; i++) {
++                    if (localIdx + i >= pkiMsg2Sz) {
++                        ret = ASN_PARSE_E;
++                        break;
++                    }
+                     if (pkiMsg2[localIdx + i] == 0)
+                         continue;
+                     else {

meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb

@@ -40,6 +40,7 @@ SRC_URI = " \
     file://CVE-2026-1005.patch \
     file://CVE-2026-3580.patch \
     file://CVE-2026-5188.patch \
+    file://CVE-2026-5392.patch \
 "
 
 SRCREV = "b077c81eb635392e694ccedbab8b644297ec0285"