Path to this page:
Subject: CVS commit: pkgsrc/security/polarssl
From: OBATA Akio
Date: 2014-11-14 12:21:12
Message id: 20141114112112.7F0D798@cvs.netbsd.org
Log Message:
Update polarssl to 1.2.12.
PolarSSL ChangeLog
= Version 1.2.12 released 2014-10-24
Security
* Remotely-triggerable memory leak when parsing some X.509 certificates
(server is not affected if it doesn't ask for a client certificate).
(Found using Codenomicon Defensics.)
Bugfix
* Fix potential bad read in parsing ServerHello (found by Adrien
Vialletelle).
* ssl_close_notify() could send more than one message in some circumstances
with non-blocking I/O.
* x509_crt_parse() did not increase total_failed on PEM error
* Fix compiler warnings on iOS (found by Sander Niemeijer).
* Don't print uninitialised buffer in ssl_mail_client (found by Marc Abel).
* Fix net_accept() regarding non-blocking sockets (found by Luca Pesce).
* ssl_read() could return non-application data records on server while
renegotation was pending, and on client when a HelloRequest was received.
* Fix warnings from Clang's scan-build (contributed by Alfred Klomp).
Changes
* X.509 certificates with more than one AttributeTypeAndValue per
RelativeDistinguishedName are not accepted any more.
* ssl_read() now returns POLARSSL_ERR_NET_WANT_READ rather than
POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE on harmless alerts.
* Accept spaces at end of line or end of buffer in base64_decode().
Files: