From 179d925d85a207933b9f6e1964c6c11edd80c1d0 Mon Sep 17 00:00:00 2001
From: jow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Date: Tue, 20 Jan 2015 13:02:38 +0000
Subject: [PATCH] BB: polarssl: update to v1.3.9 and patch CVE-2015-1182

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@44061 3c298f89-4303-0410-b956-a3cf2f4a3e73
---
 package/libs/polarssl/Makefile                |  7 ++--
 .../patches/210-gen_key_config_fix.patch      | 38 -------------------
 .../polarssl/patches/300-CVE-2015-1182.patch  | 11 ++++++
 3 files changed, 15 insertions(+), 41 deletions(-)
 delete mode 100644 package/libs/polarssl/patches/210-gen_key_config_fix.patch
 create mode 100644 package/libs/polarssl/patches/300-CVE-2015-1182.patch

diff --git a/package/libs/polarssl/Makefile b/package/libs/polarssl/Makefile
index bab39e9..384853e 100644
--- a/package/libs/polarssl/Makefile
+++ b/package/libs/polarssl/Makefile
@@ -1,5 +1,5 @@
 # 
-# Copyright (C) 2011-2013 OpenWrt.org
+# Copyright (C) 2011-2015 OpenWrt.org
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
@@ -8,15 +8,16 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=polarssl
-PKG_VERSION:=1.3.8
+PKG_VERSION:=1.3.9
 PKG_RELEASE:=2
 PKG_USE_MIPS16:=0
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-gpl.tgz
 PKG_SOURCE_URL:=https://polarssl.org/code/releases
-PKG_MD5SUM:=d1a2b4f21727e888f143414d2e3144e6
+PKG_MD5SUM:=48af7d1f0d5de512cbd6dacf5407884c
 
 PKG_BUILD_PARALLEL:=1
+PKG_LICENSE:=GPL-2.0+
 
 include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/cmake.mk
diff --git a/package/libs/polarssl/patches/210-gen_key_config_fix.patch b/package/libs/polarssl/patches/210-gen_key_config_fix.patch
deleted file mode 100644
index b17e744..0000000
--- a/package/libs/polarssl/patches/210-gen_key_config_fix.patch
+++ /dev/null
@@ -1,38 +0,0 @@
---- a/programs/pkey/gen_key.c
-+++ b/programs/pkey/gen_key.c
-@@ -215,7 +215,9 @@ int main( int argc, char *argv[] )
- 
-     opt.type                = DFL_TYPE;
-     opt.rsa_keysize         = DFL_RSA_KEYSIZE;
-+#if defined(POLARSSL_ECP_C)
-     opt.ec_curve            = DFL_EC_CURVE;
-+#endif
-     opt.filename            = DFL_FILENAME;
-     opt.format              = DFL_FORMAT;
-     opt.use_dev_random      = DFL_USE_DEV_RANDOM;
-@@ -231,8 +233,10 @@ int main( int argc, char *argv[] )
-         {
-             if( strcmp( q, "rsa" ) == 0 )
-                 opt.type = POLARSSL_PK_RSA;
-+#if defined(POLARSSL_ECP_C)
-             else if( strcmp( q, "ec" ) == 0 )
-                 opt.type = POLARSSL_PK_ECKEY;
-+#endif
-             else
-                 goto usage;
-         }
-@@ -251,12 +255,14 @@ int main( int argc, char *argv[] )
-             if( opt.rsa_keysize < 1024 || opt.rsa_keysize > 8192 )
-                 goto usage;
-         }
-+#if defined(POLARSSL_ECP_C)
-         else if( strcmp( p, "ec_curve" ) == 0 )
-         {
-             if( ( curve_info = ecp_curve_info_from_name( q ) ) == NULL )
-                 goto usage;
-             opt.ec_curve = curve_info->grp_id;
-         }
-+#endif
-         else if( strcmp( p, "filename" ) == 0 )
-             opt.filename = q;
-         else if( strcmp( p, "use_dev_random" ) == 0 )
diff --git a/package/libs/polarssl/patches/300-CVE-2015-1182.patch b/package/libs/polarssl/patches/300-CVE-2015-1182.patch
new file mode 100644
index 0000000..5961d37
--- /dev/null
+++ b/package/libs/polarssl/patches/300-CVE-2015-1182.patch
@@ -0,0 +1,11 @@
+--- a/library/asn1parse.c
++++ b/library/asn1parse.c
+@@ -278,6 +278,8 @@ int asn1_get_sequence_of( unsigned char
+             if( cur->next == NULL )
+                 return( POLARSSL_ERR_ASN1_MALLOC_FAILED );
+ 
++            memset( cur->next, 0, sizeof( asn1_sequence ) );
++
+             cur = cur->next;
+         }
+     }