Fixes CVE-2015-1182 - Remote attack using crafted certificates.
Also rename patches to new naming convention.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
--- /dev/null
+Add BUILD_TESTS option to disable test suite
+
+By default, PolarSSL builds a fairly extensive test suite to validate
+the library. In the context of Buildroot, building this test suite is
+not really useful, so we add a BUILD_TESTS to disable its build.
+
+[Gustavo: update for 1.2.11]
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
+
+diff -Nura polarssl-1.2.11.orig/CMakeLists.txt polarssl-1.2.11/CMakeLists.txt
+--- polarssl-1.2.11.orig/CMakeLists.txt 2014-07-11 17:14:43.414651327 -0300
++++ polarssl-1.2.11/CMakeLists.txt 2014-07-11 17:23:00.573498626 -0300
+@@ -49,9 +49,11 @@
+ add_subdirectory(library)
+ add_subdirectory(include)
+
+-if(CMAKE_COMPILER_IS_GNUCC)
++option(BUILD_TESTS "Build tests." ON)
++
++if(CMAKE_COMPILER_IS_GNUCC AND BUILD_TESTS)
+ add_subdirectory(tests)
+-endif(CMAKE_COMPILER_IS_GNUCC)
++endif(CMAKE_COMPILER_IS_GNUCC AND BUILD_TESTS)
+ if(CMAKE_COMPILER_IS_CLANG)
+ add_subdirectory(tests)
+ endif(CMAKE_COMPILER_IS_CLANG)
--- /dev/null
+From a14028b0878c1ba27f7c7a6d0962874d0f7f3801 Mon Sep 17 00:00:00 2001
+From: Samuel Martin <s.martin49@gmail.com>
+Date: Sun, 31 Aug 2014 11:54:37 +0200
+Subject: [PATCH 3/3] cmake: use the standard CMake flag to drive the shared
+ object build
+
+If BUILD_SHARED_LIBS is set and not USE_SHARED_POLARSSL_LIBRARY, then
+drive USE_SHARED_POLARSSL_LIBRARY with the BUILD_SHARED_LIBS value.
+
+Signed-off-by: Samuel Martin <s.martin49@gmail.com>
+---
+ library/CMakeLists.txt | 14 ++++++++++++--
+ 1 file changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
+index 27bd2e0..2ae0aba 100644
+--- a/library/CMakeLists.txt
++++ b/library/CMakeLists.txt
+@@ -1,5 +1,15 @@
+-option(USE_STATIC_POLARSSL_LIBRARY "Build PolarSSL static library." ON)
+-option(USE_SHARED_POLARSSL_LIBRARY "Build PolarSSL shared library." OFF)
++# Use the standard CMake flag to drive the shared object build.
++if(DEFINED BUILD_SHARED_LIBS AND NOT DEFINED USE_STATIC_POLARSSL_LIBRARY AND NOT DEFINED USE_SHARED_POLARSSL_LIBRARY)
++ set(USE_STATIC_POLARSSL_LIBRARY ON)
++ if(BUILD_SHARED_LIBS)
++ set(USE_SHARED_POLARSSL_LIBRARY ON)
++ else()
++ set(USE_SHARED_POLARSSL_LIBRARY OFF)
++ endif()
++else()
++ option(USE_STATIC_POLARSSL_LIBRARY "Build PolarSSL static library." ON)
++ option(USE_SHARED_POLARSSL_LIBRARY "Build PolarSSL shared library." OFF)
++endif()
+
+ set(src
+ aes.c
+--
+2.1.0
+
--- /dev/null
+Fix CVE-2015-1182 - Remote attack using crafted certificates.
+Patch status: from upstream see:
+https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04
+
+Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
+
+diff --git a/library/asn1parse.c b/library/asn1parse.c
+index a3a2b56..e2117bf 100644
+--- a/library/asn1parse.c
++++ b/library/asn1parse.c
+@@ -278,6 +278,8 @@ int asn1_get_sequence_of( unsigned char **p,
+ if( cur->next == NULL )
+ return( POLARSSL_ERR_ASN1_MALLOC_FAILED );
+
++ memset( cur->next, 0, sizeof( asn1_sequence ) );
++
+ cur = cur->next;
+ }
+ }
+++ /dev/null
-Add BUILD_TESTS option to disable test suite
-
-By default, PolarSSL builds a fairly extensive test suite to validate
-the library. In the context of Buildroot, building this test suite is
-not really useful, so we add a BUILD_TESTS to disable its build.
-
-[Gustavo: update for 1.2.11]
-Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
-Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
-
-diff -Nura polarssl-1.2.11.orig/CMakeLists.txt polarssl-1.2.11/CMakeLists.txt
---- polarssl-1.2.11.orig/CMakeLists.txt 2014-07-11 17:14:43.414651327 -0300
-+++ polarssl-1.2.11/CMakeLists.txt 2014-07-11 17:23:00.573498626 -0300
-@@ -49,9 +49,11 @@
- add_subdirectory(library)
- add_subdirectory(include)
-
--if(CMAKE_COMPILER_IS_GNUCC)
-+option(BUILD_TESTS "Build tests." ON)
-+
-+if(CMAKE_COMPILER_IS_GNUCC AND BUILD_TESTS)
- add_subdirectory(tests)
--endif(CMAKE_COMPILER_IS_GNUCC)
-+endif(CMAKE_COMPILER_IS_GNUCC AND BUILD_TESTS)
- if(CMAKE_COMPILER_IS_CLANG)
- add_subdirectory(tests)
- endif(CMAKE_COMPILER_IS_CLANG)
+++ /dev/null
-From a14028b0878c1ba27f7c7a6d0962874d0f7f3801 Mon Sep 17 00:00:00 2001
-From: Samuel Martin <s.martin49@gmail.com>
-Date: Sun, 31 Aug 2014 11:54:37 +0200
-Subject: [PATCH 3/3] cmake: use the standard CMake flag to drive the shared
- object build
-
-If BUILD_SHARED_LIBS is set and not USE_SHARED_POLARSSL_LIBRARY, then
-drive USE_SHARED_POLARSSL_LIBRARY with the BUILD_SHARED_LIBS value.
-
-Signed-off-by: Samuel Martin <s.martin49@gmail.com>
----
- library/CMakeLists.txt | 14 ++++++++++++--
- 1 file changed, 12 insertions(+), 2 deletions(-)
-
-diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
-index 27bd2e0..2ae0aba 100644
---- a/library/CMakeLists.txt
-+++ b/library/CMakeLists.txt
-@@ -1,5 +1,15 @@
--option(USE_STATIC_POLARSSL_LIBRARY "Build PolarSSL static library." ON)
--option(USE_SHARED_POLARSSL_LIBRARY "Build PolarSSL shared library." OFF)
-+# Use the standard CMake flag to drive the shared object build.
-+if(DEFINED BUILD_SHARED_LIBS AND NOT DEFINED USE_STATIC_POLARSSL_LIBRARY AND NOT DEFINED USE_SHARED_POLARSSL_LIBRARY)
-+ set(USE_STATIC_POLARSSL_LIBRARY ON)
-+ if(BUILD_SHARED_LIBS)
-+ set(USE_SHARED_POLARSSL_LIBRARY ON)
-+ else()
-+ set(USE_SHARED_POLARSSL_LIBRARY OFF)
-+ endif()
-+else()
-+ option(USE_STATIC_POLARSSL_LIBRARY "Build PolarSSL static library." ON)
-+ option(USE_SHARED_POLARSSL_LIBRARY "Build PolarSSL shared library." OFF)
-+endif()
-
- set(src
- aes.c
---
-2.1.0
-
projects / buildroot.git / commitdiff