From 47cb36d1c897ac72718ce67f0acdf118da894228 Mon Sep 17 00:00:00 2001
From: Qing He <qing.he@intel.com>
Date: Fri, 15 Apr 2011 16:11:08 +0800
Subject: openssl: upgrade to version 0.9.8r

[YOCTO #979]

from 0.9.8p
fixes CVE-2010-4180, CVE-2010-4252, CVE-2010-0014

(From OE-Core rev: e28e11930a22a4e89075e7e026e58c081f984ddf)

Signed-off-by: Qing He <qing.he@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 .../openssl/openssl-0.9.8r/debian/rehash-crt.patch | 33 ++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 meta/recipes-connectivity/openssl/openssl-0.9.8r/debian/rehash-crt.patch

(limited to 'meta/recipes-connectivity/openssl/openssl-0.9.8r/debian/rehash-crt.patch')

diff --git a/meta/recipes-connectivity/openssl/openssl-0.9.8r/debian/rehash-crt.patch b/meta/recipes-connectivity/openssl/openssl-0.9.8r/debian/rehash-crt.patch
new file mode 100644
index 0000000000..a8ff28c6f3
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl-0.9.8r/debian/rehash-crt.patch
@@ -0,0 +1,33 @@
+Index: openssl-0.9.8k/tools/c_rehash.in
+===================================================================
+--- openssl-0.9.8k.orig/tools/c_rehash.in	2002-10-11 22:31:27.000000000 +0200
++++ openssl-0.9.8k/tools/c_rehash.in	2009-07-19 11:36:26.000000000 +0200
+@@ -59,12 +59,15 @@
+ 		}
+ 	}
+ 	closedir DIR;
+-	FILE: foreach $fname (grep {/\.pem$/} @flist) {
++	FILE: foreach $fname (grep {/\.pem$|\.crt$/} @flist) {
+ 		# Check to see if certificates and/or CRLs present.
+ 		my ($cert, $crl) = check_file($fname);
+ 		if(!$cert && !$crl) {
+-			print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n";
+-			next;
++			($cert, $crl) = check_file("$openssl x509 -in \"$fname\" -inform der  -outform pem | ");
++			if(!$cert && !$crl) {
++				print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n";
++				next;
++			}
+ 		}
+ 		link_hash_cert($fname) if($cert);
+ 		link_hash_crl($fname) if($crl);
+@@ -102,6 +105,9 @@
+ 		my $fname = $_[0];
+ 		$fname =~ s/'/'\\''/g;
+ 		my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in '$fname'`;
++		if(!$hash || !fprint) {
++			($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in '$fname' -inform der`;
++		}
+ 		chomp $hash;
+ 		chomp $fprint;
+ 		$fprint =~ s/^.*=//;
-- 
cgit v1.2.3-54-g00ecf