From: Steffan Karger <steffan.karger@fox-it.com>
Date: Tue, 22 Oct 2013 12:45:17 +0000 (+0200)
Subject: Require polarssl >= 1.2.10 for polarssl-builds, which fixes CVE-2013-5915.
X-Git-Tag: v2.3.3~33
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=402ace5477ba582fedf93b31d049d83860407351;p=thirdparty%2Fopenvpn.git

Require polarssl >= 1.2.10 for polarssl-builds, which fixes CVE-2013-5915.

PolarSSL 1.2.9 fixes a possible timing attack in PolarSSL's RSA-CRT
implementation. See CVE-2013-5915 for details. This commit bumps the
minimum polarssl version required by configure.ac to 1.2.10, because 1.2.9
also introduced a memory leak, which is fixed in 1.2.10.

Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1382445917-2974-1-git-send-email-steffan.karger@fox-it.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7925
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 92d21e3fed33aad966b7b0ca6568e0cda8c7a8b5)
---

diff --git a/configure.ac b/configure.ac
index e0db333e6..9e666cdb6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -809,13 +809,13 @@ if test "${with_crypto_library}" = "polarssl" ; then
 #include <polarssl/version.h>
 			]],
 			[[
-#if POLARSSL_VERSION_NUMBER < 0x01020500
+#if POLARSSL_VERSION_NUMBER < 0x01020A00
 #error invalid version
 #endif
 			]]
 		)],
 		[AC_MSG_RESULT([ok])],
-		[AC_MSG_ERROR([PolarSSL 1.2.5 or newer required])]
+		[AC_MSG_ERROR([PolarSSL 1.2.10 or newer required])]
 	)
 
 	polarssl_with_pkcs11="no"