svn commit: r377673 - in head/security/polarssl13: . files
Jase Thew
jase at FreeBSD.org
Thu Jan 22 17:28:11 UTC 2015
Author: jase
Date: Thu Jan 22 17:28:10 2015
New Revision: 377673
URL: https://svnweb.freebsd.org/changeset/ports/377673
QAT: https://qat.redports.org/buildarchive/r377673/
Log:
security/polarssl13:
- Add upstream patch to address crafted certificates vulnerability
- Add USES cpe
MFH: 2015Q1
Security: CVE-2015-1182
Security: a5856eba-a015-11e4-a680-1c6f65c3c4ff
Approved by: maintainer (chris at bsdjunk.com)
Added:
head/security/polarssl13/files/patch-library-asn1parse_c (contents, props changed)
Modified:
head/security/polarssl13/Makefile
Modified: head/security/polarssl13/Makefile
==============================================================================
--- head/security/polarssl13/Makefile Thu Jan 22 17:27:05 2015 (r377672)
+++ head/security/polarssl13/Makefile Thu Jan 22 17:28:10 2015 (r377673)
@@ -2,6 +2,7 @@
PORTNAME= polarssl
PORTVERSION= 1.3.9
+PORTREVISION= 1
DISTVERSIONSUFFIX= -gpl
CATEGORIES= security devel
MASTER_SITES= http://polarssl.org/download/
@@ -14,7 +15,7 @@ LICENSE= GPLv2
ALL_TARGET= no_test
-USES= gmake tar:tgz
+USES= cpe gmake tar:tgz
USE_LDCONFIG= yes
WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION}
Added: head/security/polarssl13/files/patch-library-asn1parse_c
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/polarssl13/files/patch-library-asn1parse_c Thu Jan 22 17:28:10 2015 (r377673)
@@ -0,0 +1,11 @@
+--- library/asn1parse.c.orig 2015-01-20 10:12:00.469677333 +0000
++++ library/asn1parse.c 2015-01-20 10:14:00.764667419 +0000
+@@ -278,6 +278,8 @@
+ if( cur->next == NULL )
+ return( POLARSSL_ERR_ASN1_MALLOC_FAILED );
+
++ memset( cur->next, 0, sizeof( asn1_sequence ) );
++
+ cur = cur->next;
+ }
+ }
More information about the svn-ports-head
mailing list