From: Gustavo Zacarias <gustavo@zacarias.com.ar>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH] polarssl: security bump to version 1.2.18
Date: Thu, 12 Nov 2015 16:30:46 -0300 [thread overview]
Message-ID: <1447356646-19912-1-git-send-email-gustavo@zacarias.com.ar> (raw)
Fixes a potential heap corruption on Windows when
mbedtls_x509_crt_parse_path() is passed a path longer than 2GB. This
cannot be triggered remotely. Found by Guido Vranken, Intelworks.
Fixes a potential buffer overflow in some asn1_write_xxx() functions.
This cannot be triggered remotely unless you create X.509 certificates
based on untrusted input or write keys of untrusted origin. Found by
Guido Vranken, Intelworks.
The X509 max_pathlen constraint was not enforced on intermediate
certificates. Found by Nicholas Wilson, and fix and tests provided by
Janos Follath.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
| 4 ++--
| 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
--git a/package/polarssl/polarssl.hash b/package/polarssl/polarssl.hash
index c203392..71f7c29 100644
--- a/package/polarssl/polarssl.hash
+++ b/package/polarssl/polarssl.hash
@@ -1,2 +1,2 @@
-# From https://tls.mbed.org/tech-updates/releases/mbedtls-2.1.2-and-1.3.14-and-polarssl-1.2.17-released
-sha256 9301d4ebec3eb45bc9f28f2d79bfdb0c3dd351c386aa6cc66643e1b2be274d52 polarssl-1.2.17-gpl.tgz
+# From https://tls.mbed.org/tech-updates/releases/mbedtls-2.2.0-2.1.3-1.3.15-and-polarssl.1.2.18-released
+sha256 63c4ed4d9f6a241088e2287958f265403f874248d6a98b98f27cd3aa2f90f030 polarssl-1.2.18-gpl.tgz
--git a/package/polarssl/polarssl.mk b/package/polarssl/polarssl.mk
index aaa6759..c589ec7 100644
--- a/package/polarssl/polarssl.mk
+++ b/package/polarssl/polarssl.mk
@@ -5,7 +5,7 @@
################################################################################
POLARSSL_SITE = https://tls.mbed.org/code/releases
-POLARSSL_VERSION = 1.2.17
+POLARSSL_VERSION = 1.2.18
POLARSSL_SOURCE = polarssl-$(POLARSSL_VERSION)-gpl.tgz
POLARSSL_CONF_OPTS = \
-DENABLE_PROGRAMS=$(if $(BR2_PACKAGE_POLARSSL_PROGRAMS),ON,OFF)
--
2.4.10
next reply other threads:[~2015-11-12 19:30 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-12 19:30 Gustavo Zacarias [this message]
2015-11-12 21:41 ` [Buildroot] [PATCH] polarssl: security bump to version 1.2.18 Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1447356646-19912-1-git-send-email-gustavo@zacarias.com.ar \
--to=gustavo@zacarias.com.ar \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.