diff options
| author | Qing He <qing.he@intel.com> | 2011-04-15 16:11:08 +0800 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2011-04-18 05:51:20 +0100 |
| commit | 47cb36d1c897ac72718ce67f0acdf118da894228 (patch) | |
| tree | d51755484ba02aecc8d63283e53b0e958eb712b1 /meta/recipes-connectivity/openssl/openssl-0.9.8r/debian/rehash-crt.patch | |
| parent | 2f3c46d953da38193fc2255b442b3f4903f48036 (diff) | |
| download | poky-47cb36d1c897ac72718ce67f0acdf118da894228.tar.gz | |
openssl: upgrade to version 0.9.8r
[YOCTO #979]
from 0.9.8p
fixes CVE-2010-4180, CVE-2010-4252, CVE-2010-0014
(From OE-Core rev: e28e11930a22a4e89075e7e026e58c081f984ddf)
Signed-off-by: Qing He <qing.he@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/openssl/openssl-0.9.8r/debian/rehash-crt.patch')
| -rw-r--r-- | meta/recipes-connectivity/openssl/openssl-0.9.8r/debian/rehash-crt.patch | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl-0.9.8r/debian/rehash-crt.patch b/meta/recipes-connectivity/openssl/openssl-0.9.8r/debian/rehash-crt.patch new file mode 100644 index 0000000000..a8ff28c6f3 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl-0.9.8r/debian/rehash-crt.patch | |||
| @@ -0,0 +1,33 @@ | |||
| 1 | Index: openssl-0.9.8k/tools/c_rehash.in | ||
| 2 | =================================================================== | ||
| 3 | --- openssl-0.9.8k.orig/tools/c_rehash.in 2002-10-11 22:31:27.000000000 +0200 | ||
| 4 | +++ openssl-0.9.8k/tools/c_rehash.in 2009-07-19 11:36:26.000000000 +0200 | ||
| 5 | @@ -59,12 +59,15 @@ | ||
| 6 | } | ||
| 7 | } | ||
| 8 | closedir DIR; | ||
| 9 | - FILE: foreach $fname (grep {/\.pem$/} @flist) { | ||
| 10 | + FILE: foreach $fname (grep {/\.pem$|\.crt$/} @flist) { | ||
| 11 | # Check to see if certificates and/or CRLs present. | ||
| 12 | my ($cert, $crl) = check_file($fname); | ||
| 13 | if(!$cert && !$crl) { | ||
| 14 | - print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n"; | ||
| 15 | - next; | ||
| 16 | + ($cert, $crl) = check_file("$openssl x509 -in \"$fname\" -inform der -outform pem | "); | ||
| 17 | + if(!$cert && !$crl) { | ||
| 18 | + print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n"; | ||
| 19 | + next; | ||
| 20 | + } | ||
| 21 | } | ||
| 22 | link_hash_cert($fname) if($cert); | ||
| 23 | link_hash_crl($fname) if($crl); | ||
| 24 | @@ -102,6 +105,9 @@ | ||
| 25 | my $fname = $_[0]; | ||
| 26 | $fname =~ s/'/'\\''/g; | ||
| 27 | my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in '$fname'`; | ||
| 28 | + if(!$hash || !fprint) { | ||
| 29 | + ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in '$fname' -inform der`; | ||
| 30 | + } | ||
| 31 | chomp $hash; | ||
| 32 | chomp $fprint; | ||
| 33 | $fprint =~ s/^.*=//; | ||