svn commit: r377487 - in branches/2015Q1/security/polarssl: . files
Jase Thew
jase at FreeBSD.org
Mon Jan 19 22:01:03 UTC 2015
Author: jase
Date: Mon Jan 19 22:01:01 2015
New Revision: 377487
URL: https://svnweb.freebsd.org/changeset/ports/377487
QAT: https://qat.redports.org/buildarchive/r377487/
Log:
MFH: r377482
security/polarssl:
- Add upstream patch to address crafted certificates vulnerability
- Add USES cpe
Security: CVE-2015-1182
Security: a5856eba-a015-11e4-a680-1c6f65c3c4ff
Approved by: ports-secteam (zi)
Added:
branches/2015Q1/security/polarssl/files/patch-library-asn1parse_c
- copied unchanged from r377482, head/security/polarssl/files/patch-library-asn1parse_c
Modified:
branches/2015Q1/security/polarssl/Makefile
Directory Properties:
branches/2015Q1/ (props changed)
Modified: branches/2015Q1/security/polarssl/Makefile
==============================================================================
--- branches/2015Q1/security/polarssl/Makefile Mon Jan 19 21:43:06 2015 (r377486)
+++ branches/2015Q1/security/polarssl/Makefile Mon Jan 19 22:01:01 2015 (r377487)
@@ -2,6 +2,7 @@
PORTNAME= polarssl
PORTVERSION= 1.2.12
+PORTREVISION= 1
DISTVERSIONSUFFIX= -gpl
CATEGORIES= security devel
MASTER_SITES= http://polarssl.org/download/
@@ -13,7 +14,7 @@ LICENSE= GPLv2
ALL_TARGET= no_test
-USES= gmake tar:tgz
+USES= cpe gmake tar:tgz
USE_LDCONFIG= yes
WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION}
Copied: branches/2015Q1/security/polarssl/files/patch-library-asn1parse_c (from r377482, head/security/polarssl/files/patch-library-asn1parse_c)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2015Q1/security/polarssl/files/patch-library-asn1parse_c Mon Jan 19 22:01:01 2015 (r377487, copy of r377482, head/security/polarssl/files/patch-library-asn1parse_c)
@@ -0,0 +1,11 @@
+--- library/asn1parse.c.orig 2015-01-19 19:31:49.664592954 +0000
++++ library/asn1parse.c 2015-01-19 19:34:11.583587052 +0000
+@@ -244,6 +244,8 @@
+ if( cur->next == NULL )
+ return( POLARSSL_ERR_ASN1_MALLOC_FAILED );
+
++ memset( cur->next, 0, sizeof( asn1_sequence ) );
++
+ cur = cur->next;
+ }
+ }
More information about the svn-ports-all
mailing list