security/polarssl:

- Add upstream patch to address crafted certificates vulnerability - Add USES cpe MFH: 2015Q1 Security: CVE-2015-1182 Security: a5856eba-a015-11e4-a680-1c6f65c3c4ff
svn path=/head/; revision=377482
2024-12-28 05:29:48 +00:00 · 2015-01-19 21:19:31 +00:00 · 2015-01-19 21:19:31 +00:00 · f57e5d76bd · 2021-03-31 03:12:20 +00:00
commit f57e5d76bd
parent b9b681fab9
2 changed files with 13 additions and 1 deletions
--- a/security/polarssl/Makefile
+++ b/security/polarssl/Makefile
@ -2,6 +2,7 @@

 PORTNAME=	polarssl
 PORTVERSION=	1.2.12
+PORTREVISION=	1
 DISTVERSIONSUFFIX=	-gpl
 CATEGORIES=	security devel
 MASTER_SITES=	http://polarssl.org/download/
@ -13,7 +14,7 @@ LICENSE=	GPLv2

 ALL_TARGET=	no_test

-USES=	gmake tar:tgz
+USES=	cpe gmake tar:tgz
 USE_LDCONFIG=	yes

 WRKSRC=		${WRKDIR}/${PORTNAME}-${PORTVERSION}
--- a/security/polarssl/files/patch-library-asn1parse_c
+++ b/security/polarssl/files/patch-library-asn1parse_c
@ -0,0 +1,11 @@
+--- library/asn1parse.c.orig	2015-01-19 19:31:49.664592954 +0000
+++ library/asn1parse.c	2015-01-19 19:34:11.583587052 +0000
+@@ -244,6 +244,8 @@
+             if( cur->next == NULL )
+                 return( POLARSSL_ERR_ASN1_MALLOC_FAILED );
+ 
+            memset( cur->next, 0, sizeof( asn1_sequence ) );
+
+             cur = cur->next;
+         }
+     }