diff options
author | Qing He <qing.he@intel.com> | 2011-04-15 16:11:08 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2011-04-18 05:51:20 +0100 |
commit | 47cb36d1c897ac72718ce67f0acdf118da894228 (patch) | |
tree | d51755484ba02aecc8d63283e53b0e958eb712b1 /meta/recipes-connectivity/openssl/openssl-0.9.8r/debian/rehash-crt.patch | |
parent | 2f3c46d953da38193fc2255b442b3f4903f48036 (diff) | |
download | poky-47cb36d1c897ac72718ce67f0acdf118da894228.tar.gz |
openssl: upgrade to version 0.9.8r
[YOCTO #979]
from 0.9.8p
fixes CVE-2010-4180, CVE-2010-4252, CVE-2010-0014
(From OE-Core rev: e28e11930a22a4e89075e7e026e58c081f984ddf)
Signed-off-by: Qing He <qing.he@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/openssl/openssl-0.9.8r/debian/rehash-crt.patch')
-rw-r--r-- | meta/recipes-connectivity/openssl/openssl-0.9.8r/debian/rehash-crt.patch | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl-0.9.8r/debian/rehash-crt.patch b/meta/recipes-connectivity/openssl/openssl-0.9.8r/debian/rehash-crt.patch new file mode 100644 index 0000000000..a8ff28c6f3 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl-0.9.8r/debian/rehash-crt.patch | |||
@@ -0,0 +1,33 @@ | |||
1 | Index: openssl-0.9.8k/tools/c_rehash.in | ||
2 | =================================================================== | ||
3 | --- openssl-0.9.8k.orig/tools/c_rehash.in 2002-10-11 22:31:27.000000000 +0200 | ||
4 | +++ openssl-0.9.8k/tools/c_rehash.in 2009-07-19 11:36:26.000000000 +0200 | ||
5 | @@ -59,12 +59,15 @@ | ||
6 | } | ||
7 | } | ||
8 | closedir DIR; | ||
9 | - FILE: foreach $fname (grep {/\.pem$/} @flist) { | ||
10 | + FILE: foreach $fname (grep {/\.pem$|\.crt$/} @flist) { | ||
11 | # Check to see if certificates and/or CRLs present. | ||
12 | my ($cert, $crl) = check_file($fname); | ||
13 | if(!$cert && !$crl) { | ||
14 | - print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n"; | ||
15 | - next; | ||
16 | + ($cert, $crl) = check_file("$openssl x509 -in \"$fname\" -inform der -outform pem | "); | ||
17 | + if(!$cert && !$crl) { | ||
18 | + print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n"; | ||
19 | + next; | ||
20 | + } | ||
21 | } | ||
22 | link_hash_cert($fname) if($cert); | ||
23 | link_hash_crl($fname) if($crl); | ||
24 | @@ -102,6 +105,9 @@ | ||
25 | my $fname = $_[0]; | ||
26 | $fname =~ s/'/'\\''/g; | ||
27 | my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in '$fname'`; | ||
28 | + if(!$hash || !fprint) { | ||
29 | + ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in '$fname' -inform der`; | ||
30 | + } | ||
31 | chomp $hash; | ||
32 | chomp $fprint; | ||
33 | $fprint =~ s/^.*=//; | ||