Commit adedec52eaf55254a2aa53d9bf5676749fdb3cdf - openssl

Import 1.1.1n Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Sebastian Andrzej Siewior 2 years ago

2 changed file(s) with 16 addition(s) and 9 deletion(s). Raw diff Collapse all Expand all

-0

debian/changelog less more

	0	openssl (1.1.1o-1) UNRELEASED; urgency=medium
	1
	2	* New upstream version.
	3	- CVE-2022-1292 (The c_rehash script allows command injection).
	4
	5	-- Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Thu, 05 May 2022 07:32:45 +0200
	6
0	7	openssl (1.1.1n-1) unstable; urgency=medium
1	8
2	9	* New upstream version.

-9

debian/patches/c_rehash-compat.patch less more

6	6	1 file changed, 14 insertions(+), 6 deletions(-)
7	7
8	8	diff --git a/tools/c_rehash.in b/tools/c_rehash.in
9		index fa7c6c9fef91..a7e538a72d7d 100644
	9	index cfd18f5da110..77c3109ef784 100644
10	10	--- a/tools/c_rehash.in
11	11	+++ b/tools/c_rehash.in
12	12	@@ -17,8 +17,6 @@ my $prefix = {- quotify1($config{prefix}) -};

40	40	}
41	41	}
42	42
43		@@ -161,6 +158,7 @@ sub check_file {
	43	@@ -178,6 +175,7 @@ sub compute_hash {
44	44
45	45	sub link_hash_cert {
46	46	my $fname = $_[0];
47	47	+ my $x509hash = $_[1] \|\| '-subject_hash';
48		$fname =~ s/\"/\\\"/g;
49		my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
50		chomp $hash;
51		@@ -198,10 +196,20 @@ sub link_hash_cert {
	48	my ($hash, $fprint) = compute_hash($openssl, "x509", $x509hash,
	49	"-fingerprint", "-noout",
	50	"-in", $fname);
	51	@@ -217,10 +215,20 @@ sub link_hash_cert {
52	52	$hashlist{$hash} = $fprint;
53	53	}
54	54

66	66	sub link_hash_crl {
67	67	my $fname = $_[0];
68	68	+ my $crlhash = $_[1] \|\| "-hash";
69		$fname =~ s/'/'\\''/g;
70		my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`;
71		chomp $hash;
	69	my ($hash, $fprint) = compute_hash($openssl, "crl", $crlhash,
	70	"-fingerprint", "-noout",
	71	"-in", $fname);