diff --git a/package/polarssl/0003-fix-CVE-2015-1182.patch b/package/polarssl/0003-fix-CVE-2015-1182.patch deleted file mode 100644 index 9309c9d281..0000000000 --- a/package/polarssl/0003-fix-CVE-2015-1182.patch +++ /dev/null @@ -1,19 +0,0 @@ -Fix CVE-2015-1182 - Remote attack using crafted certificates. -Patch status: from upstream see: -https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04 - -Signed-off-by: Gustavo Zacarias - -diff --git a/library/asn1parse.c b/library/asn1parse.c -index a3a2b56..e2117bf 100644 ---- a/library/asn1parse.c -+++ b/library/asn1parse.c -@@ -278,6 +278,8 @@ int asn1_get_sequence_of( unsigned char **p, - if( cur->next == NULL ) - return( POLARSSL_ERR_ASN1_MALLOC_FAILED ); - -+ memset( cur->next, 0, sizeof( asn1_sequence ) ); -+ - cur = cur->next; - } - } diff --git a/package/polarssl/polarssl.hash b/package/polarssl/polarssl.hash index 9769788724..d68185b944 100644 --- a/package/polarssl/polarssl.hash +++ b/package/polarssl/polarssl.hash @@ -1,2 +1,2 @@ -# From https://polarssl.org/tech-updates/releases/polarssl-1.2.12-released -sha256 63dd60e78d25c438648607bb177b063dcf5fbf3ced9ee794fcb165d101940131 polarssl-1.2.12-gpl.tgz +# From https://polarssl.org/tech-updates/releases/polarssl-1.2.13-released +sha256 62f44f2a9f39b5cefb229e5dd2644ca20ead477cb1843d6ff30671624315b021 polarssl-1.2.13-gpl.tgz diff --git a/package/polarssl/polarssl.mk b/package/polarssl/polarssl.mk index 046c6bfd0c..83e18514dd 100644 --- a/package/polarssl/polarssl.mk +++ b/package/polarssl/polarssl.mk @@ -5,7 +5,7 @@ ################################################################################ POLARSSL_SITE = https://polarssl.org/code/releases -POLARSSL_VERSION = 1.2.12 +POLARSSL_VERSION = 1.2.13 POLARSSL_SOURCE = polarssl-$(POLARSSL_VERSION)-gpl.tgz POLARSSL_CONF_OPTS = \ -DENABLE_PROGRAMS=$(if $(BR2_PACKAGE_POLARSSL_PROGRAMS),ON,OFF)