Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH] polarssl: security bump to version 1.2.13
@ 2015-02-18 18:16 Gustavo Zacarias
  2015-02-19 20:28 ` Thomas Petazzoni
  0 siblings, 1 reply; 2+ messages in thread
From: Gustavo Zacarias @ 2015-02-18 18:16 UTC (permalink / raw)
  To: buildroot

Includes the previous CVE-2015-1182 fix (patch dropped) and other fixes
(security and non) from the 1.3 branch (no CVEs yet), see release notes:
https://polarssl.org/tech-updates/releases/polarssl-1.2.13-released

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
 package/polarssl/0003-fix-CVE-2015-1182.patch | 19 -------------------
 package/polarssl/polarssl.hash                |  4 ++--
 package/polarssl/polarssl.mk                  |  2 +-
 3 files changed, 3 insertions(+), 22 deletions(-)
 delete mode 100644 package/polarssl/0003-fix-CVE-2015-1182.patch

diff --git a/package/polarssl/0003-fix-CVE-2015-1182.patch b/package/polarssl/0003-fix-CVE-2015-1182.patch
deleted file mode 100644
index 9309c9d..0000000
--- a/package/polarssl/0003-fix-CVE-2015-1182.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-Fix CVE-2015-1182 - Remote attack using crafted certificates.
-Patch status: from upstream see:
-https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04
-
-Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
-
-diff --git a/library/asn1parse.c b/library/asn1parse.c
-index a3a2b56..e2117bf 100644
---- a/library/asn1parse.c
-+++ b/library/asn1parse.c
-@@ -278,6 +278,8 @@ int asn1_get_sequence_of( unsigned char **p,
-             if( cur->next == NULL )
-                 return( POLARSSL_ERR_ASN1_MALLOC_FAILED );
-
-+            memset( cur->next, 0, sizeof( asn1_sequence ) );
-+
-             cur = cur->next;
-         }
-     }
diff --git a/package/polarssl/polarssl.hash b/package/polarssl/polarssl.hash
index 9769788..d68185b 100644
--- a/package/polarssl/polarssl.hash
+++ b/package/polarssl/polarssl.hash
@@ -1,2 +1,2 @@
-# From https://polarssl.org/tech-updates/releases/polarssl-1.2.12-released
-sha256	63dd60e78d25c438648607bb177b063dcf5fbf3ced9ee794fcb165d101940131	polarssl-1.2.12-gpl.tgz
+# From https://polarssl.org/tech-updates/releases/polarssl-1.2.13-released
+sha256	62f44f2a9f39b5cefb229e5dd2644ca20ead477cb1843d6ff30671624315b021	polarssl-1.2.13-gpl.tgz
diff --git a/package/polarssl/polarssl.mk b/package/polarssl/polarssl.mk
index 046c6bf..83e1851 100644
--- a/package/polarssl/polarssl.mk
+++ b/package/polarssl/polarssl.mk
@@ -5,7 +5,7 @@
 ################################################################################
 
 POLARSSL_SITE = https://polarssl.org/code/releases
-POLARSSL_VERSION = 1.2.12
+POLARSSL_VERSION = 1.2.13
 POLARSSL_SOURCE = polarssl-$(POLARSSL_VERSION)-gpl.tgz
 POLARSSL_CONF_OPTS = \
 	-DENABLE_PROGRAMS=$(if $(BR2_PACKAGE_POLARSSL_PROGRAMS),ON,OFF)
-- 
2.0.5

^ permalink raw reply related	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-02-19 20:28 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-02-18 18:16 [Buildroot] [PATCH] polarssl: security bump to version 1.2.13 Gustavo Zacarias
2015-02-19 20:28 ` Thomas Petazzoni

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox