mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-13 17:39:57 +00:00
Code Issues Projects Releases Wiki Activity

botan: patch CVE-2026-34582

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-34582

Debian has identified[1] the PR that fixes this, however the url seems to have a
typo - it was PR number 5499[2], and not 5599[3]. (The backported commit's description matches
the CVE's description)

[1]: https://security-tracker.debian.org/tracker/CVE-2026-34582
[2]: https://github.com/randombit/botan/pull/5499
[3]: https://github.com/randombit/botan/pull/5599

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
Gyorgy Sarvari
2026-04-20 13:50:58 +02:00
committed by Anuj Mittal
parent 4c4eaf1d21
commit 1f8d2c36c0
2 changed files with 29 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-crypto/botan/botan/CVE-2026-34582.patch
+28
View File
@@ -0,0 +1,28 @@
From daf4c8c148165a7c316d816d2bcdc25ba1f6887d Mon Sep 17 00:00:00 2001
From: Jack Lloyd <jack@randombit.net>
Date: Sun, 29 Mar 2026 08:25:18 -0400
Subject: [PATCH] In TLS 1.3 require that the handshake is completed prior to
application data
CVE: CVE-2026-34582
Upstream-Status: Backport [https://github.com/randombit/botan/commit/4190398599413373f55b1073ac06fefd494af8c6]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
src/lib/tls/tls13/tls_channel_impl_13.cpp | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/lib/tls/tls13/tls_channel_impl_13.cpp b/src/lib/tls/tls13/tls_channel_impl_13.cpp
index 82a8e38..eee9bad 100644
--- a/src/lib/tls/tls13/tls_channel_impl_13.cpp
+++ b/src/lib/tls/tls13/tls_channel_impl_13.cpp
@@ -163,6 +163,10 @@ size_t Channel_Impl_13::from_peer(std::span<const uint8_t> data) {
} else if(record.type == Record_Type::ChangeCipherSpec) {
process_dummy_change_cipher_spec();
} else if(record.type == Record_Type::ApplicationData) {
+ BOTAN_ASSERT_NONNULL(m_cipher_state);
+ if(!m_cipher_state->can_decrypt_application_traffic()) {
+ throw Unexpected_Message("Application data received before handshake completion");
+ }
BOTAN_ASSERT(record.seq_no.has_value(), "decrypted application traffic had a sequence number");
callbacks().tls_record_received(record.seq_no.value(), record.fragment);
} else if(record.type == Record_Type::Alert) {
meta-oe/recipes-crypto/botan/botan_3.10.0.bb
+1
View File
@@ -8,6 +8,7 @@ SRC_URI = "https://botan.randombit.net/releases/Botan-${PV}.tar.xz \
file://CVE-2026-32877.patch \
file://CVE-2026-32883.patch \
file://CVE-2026-32884.patch \
file://CVE-2026-34582.patch \
"
SRC_URI[sha256sum] = "fde194236f6d5434f136ea0a0627f6cc9d26af8b96e9f1e1c7d8c82cd90f4f24"