diff -Nru erlang-24.2.1+dfsg/debian/changelog erlang-24.2.1+dfsg/debian/changelog
--- erlang-24.2.1+dfsg/debian/changelog	2022-02-07 07:48:20.000000000 +0000
+++ erlang-24.2.1+dfsg/debian/changelog	2023-04-26 08:44:55.000000000 +0000
@@ -1,3 +1,14 @@
+erlang (1:24.2.1+dfsg-1ubuntu0.1) jammy-security; urgency=medium
+
+  * SECURITY UPDATE: SSL, TLS and DTLS client authentication bypass
+    - d/p/CVE-2022-37026-1.patch: fix handling of unexpected
+      messages. Based on upstream patch.
+    - d/p/CVE-2022-37026-2.patch: correct guard check. Based on upstream
+      patch.
+    - CVE-2022-37026  
+
+ -- Alex Murray <alex.murray@canonical.com>  Wed, 26 Apr 2023 10:44:55 +0200
+
 erlang (1:24.2.1+dfsg-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru erlang-24.2.1+dfsg/debian/control erlang-24.2.1+dfsg/debian/control
--- erlang-24.2.1+dfsg/debian/control	2022-02-07 07:48:20.000000000 +0000
+++ erlang-24.2.1+dfsg/debian/control	2023-04-26 08:44:55.000000000 +0000
@@ -1,5 +1,6 @@
 Source: erlang
-Maintainer: Debian Erlang Packagers <pkg-erlang-devel@lists.alioth.debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Debian Erlang Packagers <pkg-erlang-devel@lists.alioth.debian.org>
 Uploaders: Sergei Golovan <sgolovan@debian.org>
 Section: interpreters
 Priority: optional
diff -Nru erlang-24.2.1+dfsg/debian/control.in erlang-24.2.1+dfsg/debian/control.in
--- erlang-24.2.1+dfsg/debian/control.in	2022-02-07 07:48:20.000000000 +0000
+++ erlang-24.2.1+dfsg/debian/control.in	2023-04-26 08:44:55.000000000 +0000
@@ -1,5 +1,6 @@
 Source: erlang
-Maintainer: Debian Erlang Packagers <pkg-erlang-devel@lists.alioth.debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Debian Erlang Packagers <pkg-erlang-devel@lists.alioth.debian.org>
 Uploaders: Sergei Golovan <sgolovan@debian.org>
 Section: interpreters
 Priority: optional
diff -Nru erlang-24.2.1+dfsg/debian/patches/CVE-2022-37026-1.patch erlang-24.2.1+dfsg/debian/patches/CVE-2022-37026-1.patch
--- erlang-24.2.1+dfsg/debian/patches/CVE-2022-37026-1.patch	1970-01-01 00:00:00.000000000 +0000
+++ erlang-24.2.1+dfsg/debian/patches/CVE-2022-37026-1.patch	2023-04-26 08:43:51.000000000 +0000
@@ -0,0 +1,567 @@
+From cd5024867e7b7d3a6e94194af9e01e1fb77e36c9 Mon Sep 17 00:00:00 2001
+From: Ingela Anderton Andin <ingela@erlang.org>
+Date: Tue, 24 May 2022 17:52:02 +0200
+Subject: [PATCH] ssl: Enhanch handling of unexpected messages
+
+Make better use of gen_statem. Rename flag and values to better names.
+---
+ lib/ssl/src/dtls_connection.erl     |  25 ++++-
+ lib/ssl/src/ssl_connection.hrl      |   6 +-
+ lib/ssl/src/ssl_gen_statem.erl      |   3 -
+ lib/ssl/src/tls_connection.erl      |  21 +++-
+ lib/ssl/src/tls_dtls_connection.erl | 155 +++++++++++++++++-----------
+ lib/ssl/src/tls_gen_connection.erl  |  23 ++++-
+ lib/ssl/src/tls_handshake_1_3.erl   |   8 +-
+ lib/ssl/test/ssl_npn_SUITE.erl      |   8 +-
+ 8 files changed, 171 insertions(+), 78 deletions(-)
+
+--- a/lib/ssl/src/dtls_connection.erl
++++ b/lib/ssl/src/dtls_connection.erl
+@@ -46,7 +46,8 @@
+ %%    ClientKeyExchange                                          \
+ %%    CertificateVerify*                                          Flight 5
+ %%    [ChangeCipherSpec]                                         /
+-%%    Finished                -------->                         /
++%%    NextProtocol*                                             /
++%%    Finished                -------->                        /
+ %%
+ %%                                        [ChangeCipherSpec]    \ Flight 6
+ %%                            <--------             Finished    /
+@@ -64,7 +65,8 @@
+ %%                             <--------             Finished    / part 2
+ %%
+ %%    [ChangeCipherSpec]                                         \ Abbrev Flight 3
+-%%    Finished                 -------->                         /
++%%    NextProtocol*                                              /      
++%%    Finished                 -------->                        /
+ %%
+ %% 
+ %%                  Message Flights for Abbbriviated Handshake
+@@ -142,6 +144,7 @@
+          user_hello/3,
+          wait_ocsp_stapling/3,
+          certify/3,
++         wait_cert_verify/3,
+          cipher/3,
+          abbreviated/3,
+ 	 connection/3]). 
+@@ -468,6 +471,24 @@
+ certify(Type, Event, State) ->
+     gen_handshake(?FUNCTION_NAME, Type, Event, State).
+ 
++
++%%--------------------------------------------------------------------
++-spec wait_cert_verify(gen_statem:event_type(), term(), #state{}) ->
++          gen_statem:state_function_result().
++%%--------------------------------------------------------------------
++wait_cert_verify(enter, _Event, State0) ->
++    {State, Actions} = handle_flight_timer(State0),
++    {keep_state, State, Actions};
++wait_cert_verify(info, Event, State) ->
++    gen_info(Event, ?FUNCTION_NAME, State);
++wait_cert_verify(state_timeout, Event, State) ->
++    handle_state_timeout(Event, ?FUNCTION_NAME, State);
++wait_cert_verify(Type, Event, #state{connection_env = #connection_env{negotiated_version = Version}} = State) ->
++    try tls_dtls_connection:gen_handshake(?FUNCTION_NAME, Type, Event, State)
++    catch throw:#alert{} = Alert ->
++            ssl_gen_statem:handle_own_alert(Alert, Version, ?FUNCTION_NAME, State)
++    end.
++
+ %%--------------------------------------------------------------------
+ -spec cipher(gen_statem:event_type(), term(), #state{}) ->
+ 		    gen_statem:state_function_result().
+--- a/lib/ssl/src/ssl_connection.hrl
++++ b/lib/ssl/src/ssl_connection.hrl
+@@ -116,7 +116,7 @@
+                 %% need to worry about packet loss in TLS. In DTLS we
+                 %% need to track DTLS handshake seqnr
+                 flight_buffer = []   :: list() | map(),  
+-                client_certificate_requested = false :: boolean(),
++                client_certificate_status = not_requested :: not_requested | requested  | empty | needs_verifying | verified,
+                 protocol_specific = #{}      :: map(),
+                 session               :: #session{} | secret_printout(),
+                 key_share,
+@@ -148,8 +148,8 @@
+ %%   session_cache_cb             - not implemented
+ %%   crl_db                       - not implemented
+ %%   client_hello_version         - Bleichenbacher mitigation in TLS 1.2
+-%%   client_certificate_requested - Built into TLS 1.3 state machine
+-%%   key_algorithm                - not used
++%%   client_certificate_status    - only uses non_requested| requested
++%%   key_algorithm                - only uses  not_requested and requested 
+ %%   diffie_hellman_params        - used in TLS 1.2 ECDH key exchange
+ %%   diffie_hellman_keys          - used in TLS 1.2 ECDH key exchange
+ %%   psk_identity                 - not used
+--- a/lib/ssl/src/ssl_gen_statem.erl
++++ b/lib/ssl/src/ssl_gen_statem.erl
+@@ -707,8 +707,6 @@
+     Connection:handle_protocol_record(TLSorDTLSRecord, StateName, State);
+ handle_common_event(timeout, hibernate, _, _) ->
+     {keep_state_and_data, [hibernate]};
+-handle_common_event(internal, #change_cipher_spec{type = <<1>>}, StateName, State) ->
+-    handle_own_alert(?ALERT_REC(?FATAL, ?HANDSHAKE_FAILURE), StateName, State);
+ handle_common_event({timeout, handshake}, close, _StateName, #state{start_or_recv_from = StartFrom} = State) ->
+     {stop_and_reply,
+      {shutdown, user_timeout},
+--- a/lib/ssl/src/tls_connection.erl
++++ b/lib/ssl/src/tls_connection.erl
+@@ -34,6 +34,7 @@
+ %%       ClientKeyExchange                                             \
+ %%       CertificateVerify*                                             Flight 3 part 1
+ %%       [ChangeCipherSpec]                                            / 
++%%       NextProtocol*
+ %%       Finished                     -------->                       / Flight 3 part 2
+ %%                                                [ChangeCipherSpec]  
+ %%                                    <--------             Finished Flight 4
+@@ -48,6 +49,7 @@
+ %%                                                 [ChangeCipherSpec]
+ %%                                     <--------             Finished  Abbrev Flight 2 part 2
+ %%       [ChangeCipherSpec]
++%%       NextProtocol*
+ %%       Finished                      -------->                       Abbrev Flight 3
+ %%       Application Data              <------->     Application Data
+ %%
+@@ -70,13 +72,14 @@
+ %%                                             |
+ %%                                New session  | Resumed session
+ %%  WAIT_OCSP_STAPELING   CERTIFY  <----------------------------------> ABBRIVIATED
+-%%     
++%%  WAIT_CERT_VERIFY   
+ %%  <- Possibly Receive  --  |                                              |
+-%%     OCSP Stapel ------>   |  Flight 3 part 1                             |
++%% OCSP Stapel/CertVerify -> |  Flight 3 part 1                             |
+ %%                           |                                              |
+ %%                           V                                              |  Abbrev Flight 2 part 2 to Abbrev Flight 3
+ %%                         CIPHER                                           |
+ %%                           |                                              |
++%%                           |                                              |
+ %%                           | Fligth 3 part 2 to Flight 4                  |   
+ %%                           |                                              |   
+ %%                           V                                              V   
+@@ -121,6 +124,7 @@
+          user_hello/3,
+          wait_ocsp_stapling/3,
+          certify/3,
++         wait_cert_verify/3,
+          cipher/3,
+          abbreviated/3,
+ 	 connection/3]).
+@@ -304,6 +308,19 @@
+             ssl_gen_statem:handle_own_alert(Alert, ?FUNCTION_NAME, State)
+     end.
+ 
++
++%%--------------------------------------------------------------------
++-spec wait_cert_verify(gen_statem:event_type(), term(), #state{}) ->
++          gen_statem:state_function_result().
++%%--------------------------------------------------------------------
++wait_cert_verify(info, Event, State) ->
++    gen_info(Event, ?FUNCTION_NAME, State);
++wait_cert_verify(Type, Event, #state{connection_env = #connection_env{negotiated_version = Version}} = State) ->
++    try tls_dtls_connection:gen_handshake(?FUNCTION_NAME, Type, Event, State)
++    catch throw:#alert{} = Alert ->
++            ssl_gen_statem:handle_own_alert(Alert, Version, ?FUNCTION_NAME, State)
++    end.
++
+ %%--------------------------------------------------------------------
+ -spec certify(gen_statem:event_type(), term(), #state{}) ->
+ 		     gen_statem:state_function_result().
+--- a/lib/ssl/src/tls_dtls_connection.erl
++++ b/lib/ssl/src/tls_dtls_connection.erl
+@@ -56,6 +56,7 @@
+          user_hello/3,
+          abbreviated/3,
+          certify/3,
++         wait_cert_verify/3,
+          wait_ocsp_stapling/3,
+          cipher/3,
+          connection/3,
+@@ -316,7 +317,7 @@
+ 	       ssl_options = #{verify := verify_peer,
+                                fail_if_no_peer_cert := false}} =
+ 	State0) ->
+-    Connection:next_event(?FUNCTION_NAME, no_record, State0#state{client_certificate_requested = false});
++    Connection:next_event(?FUNCTION_NAME, no_record, State0#state{client_certificate_status = empty});
+ certify(internal, #certificate{},
+ 	#state{static_env = #static_env{role = server},
+ 	       ssl_options = #{verify := verify_none}}) ->
+@@ -338,14 +339,19 @@
+                                   ocsp_stapling_state = #{ocsp_expect := Status} = OcspState},
+                connection_env = #connection_env{
+                                    negotiated_version = Version},
+-               ssl_options = Opts} = State) when Status =/= staple ->
++               ssl_options = Opts} = State0) when Status =/= staple ->
+     OcspInfo = ocsp_info(OcspState, Opts, Peer),
+     case ssl_handshake:certify(Cert, CertDbHandle, CertDbRef,
+                                Opts, CRLDbInfo, Role, Host,
+                                ensure_tls(Version), OcspInfo) of
+         {PeerCert, PublicKeyInfo} ->
+-	        handle_peer_cert(Role, PeerCert, PublicKeyInfo,
+-                                 State#state{client_certificate_requested = false}, Connection, []);
++            State = case Role of
++                        server ->
++                            State0#state{client_certificate_status = needs_verifying};
++                        client ->
++                            State0
++                    end,
++            handle_peer_cert(Role, PeerCert, PublicKeyInfo, State, Connection, []);
+         #alert{} = Alert ->
+             throw(Alert)
+     end;
+@@ -412,7 +418,7 @@
+     %% The client does not have a certificate and will send an empty reply, the server may fail 
+     %% or accept the connection by its own preference. No signature algorihms needed as there is
+     %% no certificate to verify.
+-    Connection:next_event(?FUNCTION_NAME, no_record, State#state{client_certificate_requested = true});
++    Connection:next_event(?FUNCTION_NAME, no_record, State#state{client_certificate_status = requested});
+ certify(internal, #certificate_request{} = CertRequest,
+ 	#state{static_env = #static_env{role = client,
+                                        protocol_cb = Connection},
+@@ -426,7 +432,7 @@
+         {Hash, Sign} when TLSVersion == {3,3} andalso Hash =/= undefined andalso
+                           Sign =/= undefined ->
+            Connection:next_event(?FUNCTION_NAME, no_record,
+-                                 State#state{client_certificate_requested = true,
++                                 State#state{client_certificate_status = requested,
+                                              handshake_env = HsEnv#handshake_env{cert_hashsign_algorithm = NegotiatedHashSign}});
+        _ ->
+            case ssl_handshake:select_hashsign(CertRequest, Cert,
+@@ -435,7 +441,7 @@
+                    throw(Alert);
+                SelectedHashSign ->
+                    Connection:next_event(?FUNCTION_NAME, no_record,
+-                                         State#state{client_certificate_requested = true,
++                                         State#state{client_certificate_status = requested,
+                                                      handshake_env = HsEnv#handshake_env{cert_hashsign_algorithm = SelectedHashSign}})
+            end
+    end;
+@@ -516,7 +522,7 @@
+     end;
+ certify(internal = Type, #client_key_exchange{} = Msg,
+ 	#state{static_env = #static_env{role = server},
+-	       client_certificate_requested = true,
++	       client_certificate_status = requested,
+ 	       ssl_options = #{fail_if_no_peer_cert := true}}) ->
+     %% We expect a certificate here
+     throw(?ALERT_REC(?FATAL,?UNEXPECTED_MESSAGE, {unexpected_msg, {Type, Msg}}));
+@@ -537,37 +543,53 @@
+     ssl_gen_statem:handle_common_event(Type, Event, ?FUNCTION_NAME, State).
+  
+ %%--------------------------------------------------------------------
+--spec cipher(gen_statem:event_type(),
+-	     #hello_request{} | #certificate_verify{} | #finished{} | term(),
++-spec wait_cert_verify(gen_statem:event_type(),
++	      #hello_request{} | #certificate_verify{} | term(),
+ 	     #state{}) ->
+ 		    gen_statem:state_function_result().
+ %%--------------------------------------------------------------------
+-cipher({call, From}, Msg, State) ->
+-    handle_call(Msg, From, ?FUNCTION_NAME, State);
+-cipher(info, Msg, State) ->
+-    handle_info(Msg, ?FUNCTION_NAME, State);
+-cipher(internal, #certificate_verify{signature = Signature, 
+-				     hashsign_algorithm = CertHashSign},
+-       #state{static_env = #static_env{role = server,
+-                                       protocol_cb = Connection},
+-              handshake_env = #handshake_env{tls_handshake_history = Hist,
+-                                             kex_algorithm = KexAlg,
+-                                             public_key_info = PubKeyInfo} = HsEnv,
+-              connection_env = #connection_env{negotiated_version = Version},
+-	      session = #session{master_secret = MasterSecret}
+-	     } = State) ->
++wait_cert_verify(internal, #certificate_verify{signature = Signature, 
++                                               hashsign_algorithm = CertHashSign},
++                 #state{static_env = #static_env{role = server,
++                                                 protocol_cb = Connection},
++                        client_certificate_status = needs_verifying,
++                        handshake_env = #handshake_env{tls_handshake_history = Hist,
++                                                       kex_algorithm = KexAlg,
++                                             public_key_info = PubKeyInfo},
++                        connection_env = #connection_env{negotiated_version = Version},
++                        session = #session{master_secret = MasterSecret} = Session0
++                       } = State) ->
+     
+     TLSVersion = ssl:tls_version(Version),
+-    %% Use negotiated value if TLS-1.2 otherwhise return default
++    %% Use negotiated value if TLS-1.2 otherwise return default
+     HashSign = negotiated_hashsign(CertHashSign, KexAlg, PubKeyInfo, TLSVersion),
+     case ssl_handshake:certificate_verify(Signature, PubKeyInfo,
+ 					  TLSVersion, HashSign, MasterSecret, Hist) of
+ 	valid ->
+-	    Connection:next_event(?FUNCTION_NAME, no_record,
+-				  State#state{handshake_env = HsEnv#handshake_env{cert_hashsign_algorithm = HashSign}});
++	    Connection:next_event(cipher, no_record,
++				  State#state{client_certificate_status = verified,
++                                              session = Session0#session{sign_alg = HashSign}});
+ 	#alert{} = Alert ->
+             throw(Alert)
+     end;
++
++wait_cert_verify(internal, #hello_request{}, _) ->
++    keep_state_and_data;
++wait_cert_verify(Type, Event, State) ->
++    ssl_gen_statem:handle_common_event(Type, Event, ?FUNCTION_NAME, State).
++
++%%--------------------------------------------------------------------
++-spec cipher(gen_statem:event_type(),
++	     #hello_request{} | #finished{} | term(),
++	     #state{}) ->
++		    gen_statem:state_function_result().
++%%--------------------------------------------------------------------
++cipher({call, From}, Msg, State) ->
++    handle_call(Msg, From, ?FUNCTION_NAME, State);
++cipher(info, Msg, State) ->
++    handle_info(Msg, ?FUNCTION_NAME, State);
++
++
+ %% client must send a next protocol message if we are expecting it
+ cipher(internal, #finished{},
+        #state{static_env = #static_env{role = server},
+@@ -606,6 +628,7 @@
+     Connection:next_event(?FUNCTION_NAME, no_record,
+ 			  State#state{handshake_env = HsEnv#handshake_env{negotiated_protocol = SelectedProtocol,
+                                                                           expecting_next_protocol_negotiation = false}});
++
+ cipher(internal, #change_cipher_spec{type = <<1>>},
+        #state{handshake_env = HsEnv,
+               static_env = #static_env{protocol_cb = Connection},
+@@ -867,12 +890,12 @@
+ certify_client(#state{static_env = #static_env{role = client,
+                                                cert_db = CertDbHandle,
+                                                cert_db_ref = CertDbRef},
+-                      client_certificate_requested = true,
++                      client_certificate_status = requested,
+ 		      session = #session{own_certificates = OwnCerts}}
+ 	       = State, Connection) ->
+     Certificate = ssl_handshake:certificate(OwnCerts, CertDbHandle, CertDbRef, client),
+     Connection:queue_handshake(Certificate, State);
+-certify_client(#state{client_certificate_requested = false} = State, _) ->
++certify_client(#state{client_certificate_status = not_requested} = State, _) ->
+     State.
+ 
+ verify_client_cert(#state{static_env = #static_env{role = client},
+@@ -880,7 +903,7 @@
+                                                          cert_hashsign_algorithm = HashSign},
+                           connection_env = #connection_env{negotiated_version = Version,
+                                                            private_key = PrivateKey},
+-                          client_certificate_requested = true,
++                          client_certificate_status = requested,
+ 			  session = #session{master_secret = MasterSecret,
+ 					     own_certificates = OwnCerts}} = State, Connection) ->
+     case ssl_handshake:client_certificate_verify(OwnCerts, MasterSecret,
+@@ -892,13 +915,13 @@
+ 	#alert{} = Alert ->
+ 	    throw(Alert)
+     end;
+-verify_client_cert(#state{client_certificate_requested = false} = State, _) ->
++verify_client_cert(#state{client_certificate_status = not_requested} = State, _) ->
+     State.
+ 
+ client_certify_and_key_exchange(State0, Connection) ->
+     State1 = do_client_certify_and_key_exchange(State0, Connection),
+     {State2, Actions} = finalize_handshake(State1, certify, Connection),
+-    State = State2#state{client_certificate_requested = false},     %% Reinitialize
++    State = State2#state{client_certificate_status = requested},     %% Reinitialize
+     Connection:next_event(cipher, no_record, State, Actions).
+ 
+ do_client_certify_and_key_exchange(State0, Connection) ->
+@@ -913,8 +936,8 @@
+ 
+ certify_client_key_exchange(#encrypted_premaster_secret{premaster_secret= EncPMS},
+ 			    #state{connection_env = #connection_env{private_key = Key}, 
+-                                   handshake_env = #handshake_env{client_hello_version = {Major, Minor} = Version}}
+-                            = State, Connection) ->
++                                   handshake_env = #handshake_env{client_hello_version = {Major, Minor} = Version},
++                                   client_certificate_status = CCStatus} = State, Connection) ->
+     FakeSecret = make_premaster_secret(Version, rsa),
+     %% Countermeasure for Bleichenbacher attack always provide some kind of premaster secret
+     %% and fail handshake later.RFC 5246 section 7.4.7.1.
+@@ -933,55 +956,73 @@
+             #alert{description = ?DECRYPT_ERROR} ->
+                 FakeSecret
+         end,
+-    calculate_master_secret(PremasterSecret, State, Connection, certify, cipher);
++    calculate_master_secret(PremasterSecret, State, Connection, certify, client_kex_next_state(CCStatus));
+ certify_client_key_exchange(#client_diffie_hellman_public{dh_public = ClientPublicDhKey},
+ 			    #state{handshake_env = #handshake_env{diffie_hellman_params = #'DHParameter'{} = Params,
+-                                                                  kex_keys = {_, ServerDhPrivateKey}}
++                                                                  kex_keys = {_, ServerDhPrivateKey}},
++                                   client_certificate_status = CCStatus
+ 				  } = State,
+ 			    Connection) ->
+     PremasterSecret = ssl_handshake:premaster_secret(ClientPublicDhKey, ServerDhPrivateKey, Params),
+-    calculate_master_secret(PremasterSecret, State, Connection, certify, cipher);
++    calculate_master_secret(PremasterSecret, State, Connection, certify, client_kex_next_state(CCStatus));
+ 
+ certify_client_key_exchange(#client_ec_diffie_hellman_public{dh_public = ClientPublicEcDhPoint},
+-			    #state{handshake_env = #handshake_env{kex_keys = ECDHKey}} = State, Connection) ->
++			    #state{handshake_env = #handshake_env{kex_keys = ECDHKey},
++                                   client_certificate_status = CCStatus
++                                  } = State, Connection) ->
+     PremasterSecret = ssl_handshake:premaster_secret(#'ECPoint'{point = ClientPublicEcDhPoint}, ECDHKey),
+-    calculate_master_secret(PremasterSecret, State, Connection, certify, cipher);
++    calculate_master_secret(PremasterSecret, State, Connection, certify, client_kex_next_state(CCStatus));
+ certify_client_key_exchange(#client_psk_identity{} = ClientKey,
+ 			    #state{ssl_options = 
+-				       #{user_lookup_fun := PSKLookup}} = State0,
++				       #{user_lookup_fun := PSKLookup}, 
++                                   client_certificate_status = CCStatus 
++                                  } = State0,
+ 			    Connection) ->
+     PremasterSecret = ssl_handshake:premaster_secret(ClientKey, PSKLookup),
+-    calculate_master_secret(PremasterSecret, State0, Connection, certify, cipher);
++    calculate_master_secret(PremasterSecret, State0, Connection, certify, client_kex_next_state(CCStatus));
+ certify_client_key_exchange(#client_dhe_psk_identity{} = ClientKey,
+ 			    #state{handshake_env = #handshake_env{diffie_hellman_params = #'DHParameter'{} = Params,
+                                                                   kex_keys = {_, ServerDhPrivateKey}},
+ 				   ssl_options = 
+-				       #{user_lookup_fun := PSKLookup}} = State0,
++				       #{user_lookup_fun := PSKLookup}, 
++                                   client_certificate_status = CCStatus 
++                                  } = State0,
+ 			    Connection) ->
+     PremasterSecret = 
+ 	ssl_handshake:premaster_secret(ClientKey, ServerDhPrivateKey, Params, PSKLookup),
+-    calculate_master_secret(PremasterSecret, State0, Connection, certify, cipher);
++    calculate_master_secret(PremasterSecret, State0, Connection, certify, client_kex_next_state(CCStatus));
+ certify_client_key_exchange(#client_ecdhe_psk_identity{} = ClientKey,
+ 			    #state{handshake_env = #handshake_env{kex_keys = ServerEcDhPrivateKey},
+ 				   ssl_options =
+-				       #{user_lookup_fun := PSKLookup}} = State,
++				       #{user_lookup_fun := PSKLookup}, 
++                                   client_certificate_status = CCStatus 
++                                  } = State,
+ 			    Connection) ->
+     PremasterSecret =
+ 	ssl_handshake:premaster_secret(ClientKey, ServerEcDhPrivateKey, PSKLookup),
+-    calculate_master_secret(PremasterSecret, State, Connection, certify, cipher);
++    calculate_master_secret(PremasterSecret, State, Connection, certify, client_kex_next_state(CCStatus));
+ certify_client_key_exchange(#client_rsa_psk_identity{} = ClientKey,
+-			    #state{connection_env = #connection_env{private_key = Key},
++			    #state{connection_env = #connection_env{private_key = PrivateKey},
+ 				   ssl_options = 
+-				       #{user_lookup_fun := PSKLookup}} = State0,
++				       #{user_lookup_fun := PSKLookup}, 
++                                   client_certificate_status = CCStatus} = State0,
+ 			    Connection) ->
+-    PremasterSecret = ssl_handshake:premaster_secret(ClientKey, Key, PSKLookup),
+-    calculate_master_secret(PremasterSecret, State0, Connection, certify, cipher);
++    PremasterSecret = ssl_handshake:premaster_secret(ClientKey, PrivateKey, PSKLookup),
++    calculate_master_secret(PremasterSecret, State0, Connection, certify, client_kex_next_state(CCStatus));
+ certify_client_key_exchange(#client_srp_public{} = ClientKey,
+ 			    #state{handshake_env = #handshake_env{srp_params = Params,
+-                                                                  kex_keys = Key}
++                                                                  kex_keys = Key},
++                                   client_certificate_status = CCStatus
+ 				  } = State0, Connection) ->
+     PremasterSecret = ssl_handshake:premaster_secret(ClientKey, Key, Params),
+-    calculate_master_secret(PremasterSecret, State0, Connection, certify, cipher).
++    calculate_master_secret(PremasterSecret, State0, Connection, certify, client_kex_next_state(CCStatus)).
++
++client_kex_next_state(needs_verifying) ->
++    wait_cert_verify;
++client_kex_next_state(empty) ->
++    cipher;
++client_kex_next_state(not_requested) ->
++    cipher.
+ 
+ certify_server(#state{handshake_env = #handshake_env{kex_algorithm = KexAlg}} = 
+                    State, _) when KexAlg == dh_anon; 
+@@ -1306,7 +1347,7 @@
+     Msg = ssl_handshake:certificate_request(CipherSuite, CertDbHandle, CertDbRef, 
+ 					    HashSigns, TLSVersion),
+     State = Connection:queue_handshake(Msg, State0),
+-    State#state{client_certificate_requested = true};
++    State#state{client_certificate_status = requested};
+ 
+ request_client_cert(#state{ssl_options = #{verify := verify_none}} =
+ 		    State, _) ->
+--- a/lib/ssl/src/tls_gen_connection.erl
++++ b/lib/ssl/src/tls_gen_connection.erl
+@@ -347,7 +347,28 @@
+     {next_state, StateName, State, [{next_event, internal, Alert} | Actions]}.
+ 
+ %%% TLS record protocol level application data messages 
+-handle_protocol_record(#ssl_tls{type = ?APPLICATION_DATA, fragment = Data}, StateName, 
++handle_protocol_record(#ssl_tls{type = ?APPLICATION_DATA}, StateName,
++                       #state{static_env = #static_env{role = server},
++                              connection_env = #connection_env{negotiated_version = Version},
++                              handshake_env = #handshake_env{renegotiation = {false, first}}
++                             } = State) when StateName == initial_hello;
++                                             StateName == hello;
++                                             StateName == certify;
++                                             StateName == wait_cert_verify,
++                                             StateName == wait_ocsp_stapling,
++                                             StateName == abbreviated;
++                                             StateName == cipher
++                                             ->
++    %% Application data can not be sent before initial handshake pre TLS-1.3.
++    Alert = ?ALERT_REC(?FATAL, ?UNEXPECTED_MESSAGE, application_data_before_initial_handshake),
++    ssl_gen_statem:handle_own_alert(Alert, Version, StateName, State);
++handle_protocol_record(#ssl_tls{type = ?APPLICATION_DATA}, start = StateName,
++                       #state{static_env = #static_env{role = server},
++                              connection_env = #connection_env{negotiated_version = Version}
++                             } = State) ->
++    Alert = ?ALERT_REC(?FATAL, ?DECODE_ERROR, invalid_tls_13_message),
++    ssl_gen_statem:handle_own_alert(Alert, Version, StateName, State);
++handle_protocol_record(#ssl_tls{type = ?APPLICATION_DATA, fragment = Data}, StateName,
+                        #state{start_or_recv_from = From,
+                               socket_options = #socket_options{active = false}} = State0) when From =/= undefined ->
+     case ssl_gen_statem:read_application_data(Data, State0) of
+--- a/lib/ssl/src/tls_handshake_1_3.erl
++++ b/lib/ssl/src/tls_handshake_1_3.erl
+@@ -1203,7 +1203,7 @@
+ maybe_append_change_cipher_spec(State, Bin) ->
+     {State, Bin}.
+ 
+-maybe_queue_cert_cert_cv(#state{client_certificate_requested = false} = State) ->
++maybe_queue_cert_cert_cv(#state{client_certificate_status = not_requested} = State) ->
+     {ok, State};
+ maybe_queue_cert_cert_cv(#state{connection_states = _ConnectionStates0,
+                                 session = #session{session_id = _SessionId,
+@@ -1424,7 +1424,7 @@
+ 
+ process_certificate_request(#certificate_request_1_3{},
+                             #state{session = #session{own_certificates = undefined}} = State) ->
+-    {ok, {State#state{client_certificate_requested = true}, wait_cert}};
++    {ok, {State#state{client_certificate_status = requested}, wait_cert}};
+ 
+ process_certificate_request(#certificate_request_1_3{
+                                extensions = Extensions},
+@@ -1443,11 +1443,11 @@
+         %% Check if server supports signature algorithm of client certificate
+         case check_cert_sign_algo(SignAlgo, SignHash, ServerSignAlgs, ServerSignAlgsCert) of
+             ok ->
+-            {ok, {State#state{client_certificate_requested = true,
++            {ok, {State#state{client_certificate_status = requested,
+                               session = Session#session{sign_alg = SelectedSignAlg}}, wait_cert}};
+             {error, _} ->
+                 %% Certificate not supported: send empty certificate in state 'wait_finished'
+-                {ok, {State#state{client_certificate_requested = true,
++                {ok, {State#state{client_certificate_status = requested,
+                                   session = Session#session{own_certificates = undefined}}, wait_cert}}
+         end
+          catch
+--- a/lib/ssl/test/ssl_npn_SUITE.erl
++++ b/lib/ssl/test/ssl_npn_SUITE.erl
+@@ -68,14 +68,18 @@
+ all() ->
+     [{group, 'tlsv1.2'},
+      {group, 'tlsv1.1'},
+-     {group, 'tlsv1'}
++     {group, 'tlsv1'},
++     {group, 'dtlsv1.2'},
++     {group, 'dtlsv1'}
+     ].
+ 
+ groups() ->
+     [
+      {'tlsv1.2', [], next_protocol_tests()},
+      {'tlsv1.1', [], next_protocol_tests()},
+-     {'tlsv1', [], next_protocol_tests()}
++     {'tlsv1', [], next_protocol_tests()},
++     {'dtlsv1.2', [], next_protocol_tests()},
++     {'dtlsv1', [], next_protocol_tests()}
+     ].
+ 
+ next_protocol_tests() ->
diff -Nru erlang-24.2.1+dfsg/debian/patches/CVE-2022-37026-2.patch erlang-24.2.1+dfsg/debian/patches/CVE-2022-37026-2.patch
--- erlang-24.2.1+dfsg/debian/patches/CVE-2022-37026-2.patch	1970-01-01 00:00:00.000000000 +0000
+++ erlang-24.2.1+dfsg/debian/patches/CVE-2022-37026-2.patch	2023-04-26 08:44:13.000000000 +0000
@@ -0,0 +1,22 @@
+From 6a1baa36e4e6c1b682e8b48e0c141602e0b8e6e5 Mon Sep 17 00:00:00 2001
+From: Kiko Fernandez-Reyes <kiko@erlang.org>
+Date: Fri, 26 Aug 2022 13:52:13 +0200
+Subject: [PATCH] ssl: Correct guard check
+
+---
+ lib/ssl/src/tls_gen_connection.erl | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/lib/ssl/src/tls_gen_connection.erl
++++ b/lib/ssl/src/tls_gen_connection.erl
+@@ -354,8 +354,8 @@
+                              } = State) when StateName == initial_hello;
+                                              StateName == hello;
+                                              StateName == certify;
+-                                             StateName == wait_cert_verify,
+-                                             StateName == wait_ocsp_stapling,
++                                             StateName == wait_cert_verify;
++                                             StateName == wait_ocsp_stapling;
+                                              StateName == abbreviated;
+                                              StateName == cipher
+                                              ->
diff -Nru erlang-24.2.1+dfsg/debian/patches/series erlang-24.2.1+dfsg/debian/patches/series
--- erlang-24.2.1+dfsg/debian/patches/series	2022-02-07 07:48:20.000000000 +0000
+++ erlang-24.2.1+dfsg/debian/patches/series	2023-04-26 08:44:55.000000000 +0000
@@ -8,3 +8,5 @@
 javascript.patch
 x32.patch
 atomsfontlock.patch
+CVE-2022-37026-1.patch
+CVE-2022-37026-2.patch