CVS commit: pkgsrc/security/polarssl

["OBATA Akio" <obache%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   obache
Date:           Fri Nov 14 11:21:12 UTC 2014

Modified Files:
        pkgsrc/security/polarssl: Makefile distinfo

Log Message:
Update polarssl to 1.2.12.

PolarSSL ChangeLog

= Version 1.2.12 released 2014-10-24

Security
   * Remotely-triggerable memory leak when parsing some X.509 certificates
     (server is not affected if it doesn't ask for a client certificate).
     (Found using Codenomicon Defensics.)

Bugfix
   * Fix potential bad read in parsing ServerHello (found by Adrien
     Vialletelle).
   * ssl_close_notify() could send more than one message in some circumstances
     with non-blocking I/O.
   * x509_crt_parse() did not increase total_failed on PEM error
   * Fix compiler warnings on iOS (found by Sander Niemeijer).
   * Don't print uninitialised buffer in ssl_mail_client (found by Marc Abel).
   * Fix net_accept() regarding non-blocking sockets (found by Luca Pesce).
   * ssl_read() could return non-application data records on server while
     renegotation was pending, and on client when a HelloRequest was received.
   * Fix warnings from Clang's scan-build (contributed by Alfred Klomp).

Changes
   * X.509 certificates with more than one AttributeTypeAndValue per
     RelativeDistinguishedName are not accepted any more.
   * ssl_read() now returns POLARSSL_ERR_NET_WANT_READ rather than
     POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE on harmless alerts.
   * Accept spaces at end of line or end of buffer in base64_decode().


To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 pkgsrc/security/polarssl/Makefile
cvs rdiff -u -r1.3 -r1.4 pkgsrc/security/polarssl/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.