svn commit: r377482 - in head/security/polarssl: . files
Jase Thew
jase at FreeBSD.org
Mon Jan 19 21:19:32 UTC 2015
Author: jase
Date: Mon Jan 19 21:19:31 2015
New Revision: 377482
URL: https://svnweb.freebsd.org/changeset/ports/377482
QAT: https://qat.redports.org/buildarchive/r377482/
Log:
security/polarssl:
- Add upstream patch to address crafted certificates vulnerability
- Add USES cpe
MFH: 2015Q1
Security: CVE-2015-1182
Security: a5856eba-a015-11e4-a680-1c6f65c3c4ff
Added:
head/security/polarssl/files/patch-library-asn1parse_c (contents, props changed)
Modified:
head/security/polarssl/Makefile
Modified: head/security/polarssl/Makefile
==============================================================================
--- head/security/polarssl/Makefile Mon Jan 19 21:14:35 2015 (r377481)
+++ head/security/polarssl/Makefile Mon Jan 19 21:19:31 2015 (r377482)
@@ -2,6 +2,7 @@
PORTNAME= polarssl
PORTVERSION= 1.2.12
+PORTREVISION= 1
DISTVERSIONSUFFIX= -gpl
CATEGORIES= security devel
MASTER_SITES= http://polarssl.org/download/
@@ -13,7 +14,7 @@ LICENSE= GPLv2
ALL_TARGET= no_test
-USES= gmake tar:tgz
+USES= cpe gmake tar:tgz
USE_LDCONFIG= yes
WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION}
Added: head/security/polarssl/files/patch-library-asn1parse_c
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/polarssl/files/patch-library-asn1parse_c Mon Jan 19 21:19:31 2015 (r377482)
@@ -0,0 +1,11 @@
+--- library/asn1parse.c.orig 2015-01-19 19:31:49.664592954 +0000
++++ library/asn1parse.c 2015-01-19 19:34:11.583587052 +0000
+@@ -244,6 +244,8 @@
+ if( cur->next == NULL )
+ return( POLARSSL_ERR_ASN1_MALLOC_FAILED );
+
++ memset( cur->next, 0, sizeof( asn1_sequence ) );
++
+ cur = cur->next;
+ }
+ }
More information about the svn-ports-head
mailing list