diff options
| author | Gustavo Zacarias <gustavo@zacarias.com.ar> | 2015-02-18 15:16:09 -0300 |
|---|---|---|
| committer | Thomas Petazzoni <thomas.petazzoni@free-electrons.com> | 2015-02-19 21:28:11 +0100 |
| commit | ad951abd86cf7a8728bf3ce47ba0d1f596aec295 (patch) | |
| tree | 9905895170e07cb72a050d577117e8fd864bb9fa | |
| parent | f08a9db47e4de299058d427b27354066ab30eaec (diff) | |
| download | buildroot-ad951abd86cf7a8728bf3ce47ba0d1f596aec295.tar.gz buildroot-ad951abd86cf7a8728bf3ce47ba0d1f596aec295.zip | |
polarssl: security bump to version 1.2.13
Includes the previous CVE-2015-1182 fix (patch dropped) and other fixes
(security and non) from the 1.3 branch (no CVEs yet), see release notes:
https://polarssl.org/tech-updates/releases/polarssl-1.2.13-released
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
| -rw-r--r-- | package/polarssl/0003-fix-CVE-2015-1182.patch | 19 | ||||
| -rw-r--r-- | package/polarssl/polarssl.hash | 4 | ||||
| -rw-r--r-- | package/polarssl/polarssl.mk | 2 |
3 files changed, 3 insertions, 22 deletions
diff --git a/package/polarssl/0003-fix-CVE-2015-1182.patch b/package/polarssl/0003-fix-CVE-2015-1182.patch deleted file mode 100644 index 9309c9d281..0000000000 --- a/package/polarssl/0003-fix-CVE-2015-1182.patch +++ /dev/null @@ -1,19 +0,0 @@ -Fix CVE-2015-1182 - Remote attack using crafted certificates. -Patch status: from upstream see: -https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04 - -Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> - -diff --git a/library/asn1parse.c b/library/asn1parse.c -index a3a2b56..e2117bf 100644 ---- a/library/asn1parse.c -+++ b/library/asn1parse.c -@@ -278,6 +278,8 @@ int asn1_get_sequence_of( unsigned char **p, - if( cur->next == NULL ) - return( POLARSSL_ERR_ASN1_MALLOC_FAILED ); - -+ memset( cur->next, 0, sizeof( asn1_sequence ) ); -+ - cur = cur->next; - } - } diff --git a/package/polarssl/polarssl.hash b/package/polarssl/polarssl.hash index 9769788724..d68185b944 100644 --- a/package/polarssl/polarssl.hash +++ b/package/polarssl/polarssl.hash @@ -1,2 +1,2 @@ -# From https://polarssl.org/tech-updates/releases/polarssl-1.2.12-released -sha256 63dd60e78d25c438648607bb177b063dcf5fbf3ced9ee794fcb165d101940131 polarssl-1.2.12-gpl.tgz +# From https://polarssl.org/tech-updates/releases/polarssl-1.2.13-released +sha256 62f44f2a9f39b5cefb229e5dd2644ca20ead477cb1843d6ff30671624315b021 polarssl-1.2.13-gpl.tgz diff --git a/package/polarssl/polarssl.mk b/package/polarssl/polarssl.mk index 046c6bfd0c..83e18514dd 100644 --- a/package/polarssl/polarssl.mk +++ b/package/polarssl/polarssl.mk @@ -5,7 +5,7 @@ ################################################################################ POLARSSL_SITE = https://polarssl.org/code/releases -POLARSSL_VERSION = 1.2.12 +POLARSSL_VERSION = 1.2.13 POLARSSL_SOURCE = polarssl-$(POLARSSL_VERSION)-gpl.tgz POLARSSL_CONF_OPTS = \ -DENABLE_PROGRAMS=$(if $(BR2_PACKAGE_POLARSSL_PROGRAMS),ON,OFF) |
