From 92d21e3fed33aad966b7b0ca6568e0cda8c7a8b5 Mon Sep 17 00:00:00 2001
From: Steffan Karger <steffan.karger@fox-it.com>
Date: Tue, 22 Oct 2013 14:45:17 +0200
Subject: [PATCH] Require polarssl >= 1.2.10 for polarssl-builds, which fixes
 CVE-2013-5915.

PolarSSL 1.2.9 fixes a possible timing attack in PolarSSL's RSA-CRT
implementation. See CVE-2013-5915 for details. This commit bumps the
minimum polarssl version required by configure.ac to 1.2.10, because 1.2.9
also introduced a memory leak, which is fixed in 1.2.10.

Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1382445917-2974-1-git-send-email-steffan.karger@fox-it.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7925
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---
 configure.ac | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/configure.ac b/configure.ac
index 073dde7f5..5fad0af68 100644
--- a/configure.ac
+++ b/configure.ac
@@ -814,13 +814,13 @@ if test "${with_crypto_library}" = "polarssl" ; then
 #include <polarssl/version.h>
 			]],
 			[[
-#if POLARSSL_VERSION_NUMBER < 0x01020500
+#if POLARSSL_VERSION_NUMBER < 0x01020A00
 #error invalid version
 #endif
 			]]
 		)],
 		[AC_MSG_RESULT([ok])],
-		[AC_MSG_ERROR([PolarSSL 1.2.5 or newer required])]
+		[AC_MSG_ERROR([PolarSSL 1.2.10 or newer required])]
 	)
 
 	polarssl_with_pkcs11="no"
-- 
2.47.2