From f57e5d76bd1df4855e494542fa47544ac05bc752 Mon Sep 17 00:00:00 2001
From: Jase Thew <jase@FreeBSD.org>
Date: Mon, 19 Jan 2015 21:19:31 +0000
Subject: [PATCH] security/polarssl: - Add upstream patch to address crafted
 certificates vulnerability - Add USES cpe

MFH:		2015Q1
Security:	CVE-2015-1182
Security:	a5856eba-a015-11e4-a680-1c6f65c3c4ff
---
 security/polarssl/Makefile                        |  3 ++-
 security/polarssl/files/patch-library-asn1parse_c | 11 +++++++++++
 2 files changed, 13 insertions(+), 1 deletion(-)
 create mode 100644 security/polarssl/files/patch-library-asn1parse_c

diff --git a/security/polarssl/Makefile b/security/polarssl/Makefile
index df3c0ebca22c..cfb460f6985b 100644
--- a/security/polarssl/Makefile
+++ b/security/polarssl/Makefile
@@ -2,6 +2,7 @@
 
 PORTNAME=	polarssl
 PORTVERSION=	1.2.12
+PORTREVISION=	1
 DISTVERSIONSUFFIX=	-gpl
 CATEGORIES=	security devel
 MASTER_SITES=	http://polarssl.org/download/
@@ -13,7 +14,7 @@ LICENSE=	GPLv2
 
 ALL_TARGET=	no_test
 
-USES=	gmake tar:tgz
+USES=	cpe gmake tar:tgz
 USE_LDCONFIG=	yes
 
 WRKSRC=		${WRKDIR}/${PORTNAME}-${PORTVERSION}
diff --git a/security/polarssl/files/patch-library-asn1parse_c b/security/polarssl/files/patch-library-asn1parse_c
new file mode 100644
index 000000000000..07f3c46af7f3
--- /dev/null
+++ b/security/polarssl/files/patch-library-asn1parse_c
@@ -0,0 +1,11 @@
+--- library/asn1parse.c.orig	2015-01-19 19:31:49.664592954 +0000
++++ library/asn1parse.c	2015-01-19 19:34:11.583587052 +0000
+@@ -244,6 +244,8 @@
+             if( cur->next == NULL )
+                 return( POLARSSL_ERR_ASN1_MALLOC_FAILED );
+ 
++            memset( cur->next, 0, sizeof( asn1_sequence ) );
++
+             cur = cur->next;
+         }
+     }