From 1f8d2c36c01e9290507f492a1ed7c4a527f64d1d Mon Sep 17 00:00:00 2001
From: Gyorgy Sarvari <skandigraun@gmail.com>
Date: Mon, 20 Apr 2026 13:50:58 +0200
Subject: [PATCH] botan: patch CVE-2026-34582

Details: https://nvd.nist.gov/vuln/detail/CVE-2026-34582

Debian has identified[1] the PR that fixes this, however the url seems to have a
typo - it was PR number 5499[2], and not 5599[3]. (The backported commit's description matches
the CVE's description)

[1]: https://security-tracker.debian.org/tracker/CVE-2026-34582
[2]: https://github.com/randombit/botan/pull/5499
[3]: https://github.com/randombit/botan/pull/5599

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 .../botan/botan/CVE-2026-34582.patch          | 28 +++++++++++++++++++
 meta-oe/recipes-crypto/botan/botan_3.10.0.bb  |  1 +
 2 files changed, 29 insertions(+)
 create mode 100644 meta-oe/recipes-crypto/botan/botan/CVE-2026-34582.patch

diff --git a/meta-oe/recipes-crypto/botan/botan/CVE-2026-34582.patch b/meta-oe/recipes-crypto/botan/botan/CVE-2026-34582.patch
new file mode 100644
index 0000000000..c7a09eae3b
--- /dev/null
+++ b/meta-oe/recipes-crypto/botan/botan/CVE-2026-34582.patch
@@ -0,0 +1,28 @@
+From daf4c8c148165a7c316d816d2bcdc25ba1f6887d Mon Sep 17 00:00:00 2001
+From: Jack Lloyd <jack@randombit.net>
+Date: Sun, 29 Mar 2026 08:25:18 -0400
+Subject: [PATCH] In TLS 1.3 require that the handshake is completed prior to
+ application data
+
+CVE: CVE-2026-34582
+Upstream-Status: Backport [https://github.com/randombit/botan/commit/4190398599413373f55b1073ac06fefd494af8c6]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/lib/tls/tls13/tls_channel_impl_13.cpp | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/lib/tls/tls13/tls_channel_impl_13.cpp b/src/lib/tls/tls13/tls_channel_impl_13.cpp
+index 82a8e38..eee9bad 100644
+--- a/src/lib/tls/tls13/tls_channel_impl_13.cpp
++++ b/src/lib/tls/tls13/tls_channel_impl_13.cpp
+@@ -163,6 +163,10 @@ size_t Channel_Impl_13::from_peer(std::span<const uint8_t> data) {
+          } else if(record.type == Record_Type::ChangeCipherSpec) {
+             process_dummy_change_cipher_spec();
+          } else if(record.type == Record_Type::ApplicationData) {
++            BOTAN_ASSERT_NONNULL(m_cipher_state);
++            if(!m_cipher_state->can_decrypt_application_traffic()) {
++               throw Unexpected_Message("Application data received before handshake completion");
++            }
+             BOTAN_ASSERT(record.seq_no.has_value(), "decrypted application traffic had a sequence number");
+             callbacks().tls_record_received(record.seq_no.value(), record.fragment);
+          } else if(record.type == Record_Type::Alert) {
diff --git a/meta-oe/recipes-crypto/botan/botan_3.10.0.bb b/meta-oe/recipes-crypto/botan/botan_3.10.0.bb
index 0986a76557..bedc49f714 100644
--- a/meta-oe/recipes-crypto/botan/botan_3.10.0.bb
+++ b/meta-oe/recipes-crypto/botan/botan_3.10.0.bb
@@ -8,6 +8,7 @@ SRC_URI = "https://botan.randombit.net/releases/Botan-${PV}.tar.xz \
            file://CVE-2026-32877.patch \
            file://CVE-2026-32883.patch \
            file://CVE-2026-32884.patch \
+           file://CVE-2026-34582.patch \
            "
 SRC_URI[sha256sum] = "fde194236f6d5434f136ea0a0627f6cc9d26af8b96e9f1e1c7d8c82cd90f4f24"