Hello community, here is the log from the commit of package polarssl for openSUSE:Factory checked in at 2015-01-21 22:13:50 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/polarssl (Old) and /work/SRC/openSUSE:Factory/.polarssl.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "polarssl" Changes: -------- --- /work/SRC/openSUSE:Factory/polarssl/polarssl.changes 2014-11-10 17:28:27.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.polarssl.new/polarssl.changes 2015-01-22 01:02:49.000000000 +0100 @@ -1,0 +2,6 @@ +Tue Jan 20 19:33:12 UTC 2015 - fisiu@opensuse.org + +- Add polarssl-CVE-2015-1182.patch: Remote attack using crafted certificates: + fix boo#913903, CVE-2015-1182. + +------------------------------------------------------------------- New: ---- polarssl-CVE-2015-1182.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ polarssl.spec ++++++ --- /var/tmp/diff_new_pack.PISSxb/_old 2015-01-22 01:02:50.000000000 +0100 +++ /var/tmp/diff_new_pack.PISSxb/_new 2015-01-22 01:02:50.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package polarssl # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,6 +26,8 @@ Group: Development/Libraries/C and C++ Url: http://polarssl.org/ Source: https://polarssl.org/download/%{name}-%{version}-gpl.tgz +# PATCH-FIX-UPSTREAM -- polarssl-CVE-2015-1182.patch -- Remote attack using crafted certificates CVE-2015-1182 +Patch0: polarssl-CVE-2015-1182.patch BuildRequires: cmake %if 0%{?suse_version} < 1200 BuildRequires: zlib-devel @@ -57,6 +59,7 @@ %prep %setup -q +%patch0 -p0 sed -i 's|//\(#define POLARSSL_THREADING_C\)|\1|' include/polarssl/config.h sed -i 's|//\(#define POLARSSL_THREADING_PTHREAD\)|\1|' include/polarssl/config.h ++++++ polarssl-CVE-2015-1182.patch ++++++ Index: library/asn1parse.c =================================================================== --- library/asn1parse.c.orig +++ library/asn1parse.c @@ -278,6 +278,8 @@ int asn1_get_sequence_of( unsigned char if( cur->next == NULL ) return( POLARSSL_ERR_ASN1_MALLOC_FAILED ); + memset( cur->next, 0, sizeof( asn1_sequence ) ); + cur = cur->next; } } -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org