From 34628ad546e1f2ff113881199cd509074e44c8e6 Mon Sep 17 00:00:00 2001
From: Gyorgy Sarvari <skandigraun@gmail.com>
Date: Mon, 6 Apr 2026 14:03:09 +0200
Subject: [PATCH] botan: mark CVE-2026-32877 and CVE-2026-32883 patched

Both CVEs were fixed in version 3.11.0, however NVD tracks them
without version/CPE info.

Relevant commits:
CVE-2026-32877: https://github.com/randombit/botan/commit/798a332e11949afa8b004564bb9031e66c1a4d13
CVE-2026-32883: https://github.com/randombit/botan/commit/6ecc62a4e36937d036df8c8eda6a85708abb8c37

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
---
 meta-oe/recipes-crypto/botan/botan_3.11.1.bb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta-oe/recipes-crypto/botan/botan_3.11.1.bb b/meta-oe/recipes-crypto/botan/botan_3.11.1.bb
index d3d0498ec6..2d6b64ad64 100644
--- a/meta-oe/recipes-crypto/botan/botan_3.11.1.bb
+++ b/meta-oe/recipes-crypto/botan/botan_3.11.1.bb
@@ -65,3 +65,6 @@ FILES:${PN}-test = "${bindir}/botan-test  ${datadir}/${PN}/tests/data"
 COMPATIBLE_HOST:riscv32 = "null"
 
 BBCLASSEXTEND = "native nativesdk"
+
+CVE_STATUS[CVE-2026-32877] = "fixed-version: fixed since 3.11.0"
+CVE_STATUS[CVE-2026-32883] = "fixed-version: fixed since 3.11.0"