diff options
author | Saul Wold <sgw@linux.intel.com> | 2015-03-04 09:46:48 -0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2015-03-10 10:47:46 +0000 |
commit | f5e4349011bd00aa47d142022dcdd1d1706a9655 (patch) | |
tree | 31b2c535de004b08968cfdb57ce085ca3b70eb83 /meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch | |
parent | 7c504b44ef593f97f5311d0d27f667e85a2eddbb (diff) | |
download | poky-f5e4349011bd00aa47d142022dcdd1d1706a9655.tar.gz |
openssl: Upgrade to 1.0.2
Rebased numerous patches
removed aarch64 initial work since it's part of upstream now
Imported a few additional patches from Debian to support the version-script
and blacklist additional bad certificates.
(From OE-Core rev: 10b689033551c37d6cafa284d82bdccd43f6113e)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch')
-rw-r--r-- | meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch | 58 |
1 files changed, 44 insertions, 14 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch b/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch index ac1b19b943..3943e2c2e7 100644 --- a/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch +++ b/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch | |||
@@ -1,38 +1,58 @@ | |||
1 | Upstream-Status: Backport [debian] | ||
2 | |||
3 | From 83f318d68bbdab1ca898c94576a838cc97df4700 Mon Sep 17 00:00:00 2001 | 1 | From 83f318d68bbdab1ca898c94576a838cc97df4700 Mon Sep 17 00:00:00 2001 |
4 | From: Ludwig Nussel <ludwig.nussel@suse.de> | 2 | From: Ludwig Nussel <ludwig.nussel@suse.de> |
5 | Date: Wed, 21 Apr 2010 15:52:10 +0200 | 3 | Date: Wed, 21 Apr 2010 15:52:10 +0200 |
6 | Subject: [PATCH] also create old hash for compatibility | 4 | Subject: [PATCH] also create old hash for compatibility |
7 | 5 | ||
6 | Upstream-Status: Backport [debian] | ||
7 | |||
8 | --- | 8 | --- |
9 | tools/c_rehash.in | 8 +++++++- | 9 | tools/c_rehash.in | 8 +++++++- |
10 | 1 files changed, 7 insertions(+), 1 deletions(-) | 10 | 1 files changed, 7 insertions(+), 1 deletions(-) |
11 | 11 | ||
12 | Index: openssl-1.0.0d/tools/c_rehash.in | 12 | Index: openssl-1.0.2~beta3/tools/c_rehash.in |
13 | =================================================================== | 13 | =================================================================== |
14 | --- openssl-1.0.0d.orig/tools/c_rehash.in 2011-04-13 20:41:28.000000000 +0000 | 14 | --- openssl-1.0.2~beta3.orig/tools/c_rehash.in |
15 | +++ openssl-1.0.0d/tools/c_rehash.in 2011-04-13 20:41:28.000000000 +0000 | 15 | +++ openssl-1.0.2~beta3/tools/c_rehash.in |
16 | @@ -86,6 +86,7 @@ | 16 | @@ -8,8 +8,6 @@ my $prefix; |
17 | } | 17 | |
18 | my $openssl = $ENV{OPENSSL} || "openssl"; | ||
19 | my $pwd; | ||
20 | -my $x509hash = "-subject_hash"; | ||
21 | -my $crlhash = "-hash"; | ||
22 | my $verbose = 0; | ||
23 | my $symlink_exists=eval {symlink("",""); 1}; | ||
24 | my $removelinks = 1; | ||
25 | @@ -18,10 +16,7 @@ my $removelinks = 1; | ||
26 | while ( $ARGV[0] =~ '-.*' ) { | ||
27 | my $flag = shift @ARGV; | ||
28 | last if ( $flag eq '--'); | ||
29 | - if ( $flag =~ /-old/) { | ||
30 | - $x509hash = "-subject_hash_old"; | ||
31 | - $crlhash = "-hash_old"; | ||
32 | - } elsif ( $flag =~ /-h/) { | ||
33 | + if ( $flag =~ /-h/) { | ||
34 | help(); | ||
35 | } elsif ( $flag eq '-n' ) { | ||
36 | $removelinks = 0; | ||
37 | @@ -113,7 +108,9 @@ sub hash_dir { | ||
38 | next; | ||
18 | } | 39 | } |
19 | link_hash_cert($fname) if($cert); | 40 | link_hash_cert($fname) if($cert); |
20 | + link_hash_cert_old($fname) if($cert); | 41 | + link_hash_cert_old($fname) if($cert); |
21 | link_hash_crl($fname) if($crl); | 42 | link_hash_crl($fname) if($crl); |
43 | + link_hash_crl_old($fname) if($crl); | ||
22 | } | 44 | } |
23 | } | 45 | } |
24 | @@ -119,8 +120,9 @@ | 46 | |
47 | @@ -146,6 +143,7 @@ sub check_file { | ||
25 | 48 | ||
26 | sub link_hash_cert { | 49 | sub link_hash_cert { |
27 | my $fname = $_[0]; | 50 | my $fname = $_[0]; |
28 | + my $hashopt = $_[1] || '-subject_hash'; | 51 | + my $x509hash = $_[1] || '-subject_hash'; |
29 | $fname =~ s/'/'\\''/g; | 52 | $fname =~ s/'/'\\''/g; |
30 | - my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in "$fname"`; | 53 | my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`; |
31 | + my ($hash, $fprint) = `"$openssl" x509 $hashopt -fingerprint -noout -in "$fname"`; | ||
32 | chomp $hash; | 54 | chomp $hash; |
33 | chomp $fprint; | 55 | @@ -177,10 +175,20 @@ sub link_hash_cert { |
34 | $fprint =~ s/^.*=//; | ||
35 | @@ -150,6 +152,10 @@ | ||
36 | $hashlist{$hash} = $fprint; | 56 | $hashlist{$hash} = $fprint; |
37 | } | 57 | } |
38 | 58 | ||
@@ -40,6 +60,16 @@ Index: openssl-1.0.0d/tools/c_rehash.in | |||
40 | + link_hash_cert($_[0], '-subject_hash_old'); | 60 | + link_hash_cert($_[0], '-subject_hash_old'); |
41 | +} | 61 | +} |
42 | + | 62 | + |
63 | +sub link_hash_crl_old { | ||
64 | + link_hash_crl($_[0], '-hash_old'); | ||
65 | +} | ||
66 | + | ||
67 | + | ||
43 | # Same as above except for a CRL. CRL links are of the form <hash>.r<n> | 68 | # Same as above except for a CRL. CRL links are of the form <hash>.r<n> |
44 | 69 | ||
45 | sub link_hash_crl { | 70 | sub link_hash_crl { |
71 | my $fname = $_[0]; | ||
72 | + my $crlhash = $_[1] || "-hash"; | ||
73 | $fname =~ s/'/'\\''/g; | ||
74 | my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`; | ||
75 | chomp $hash; | ||