← Back to branch summary

~andersk/ubuntu/oneiric/openssl/spurious-reboot

« back to all changes in this revision

Viewing changes to tools/c_rehash.in

  • Committer: Package Import Robot
  • Author(s): Steve Beattie
  • Date: 2011-09-14 22:06:03 UTC
  • mfrom: (11.1.23 sid)
  • Revision ID: package-import@ubuntu.com-20110914220603-tsuxw8z3kt4lx9oc
Tags: 1.0.0e-2ubuntu1
https://launchpad.net/bugs/850608
https://launchpad.net/bugs/244250
* Resynchronise with Debian, fixes CVE-2011-1945, CVE-2011-3207 and
  CVE-2011-3210 (LP: #850608). Remaining changes:
  - debian/libssl1.0.0.postinst:
    + Display a system restart required notification bubble on libssl1.0.0
      upgrade.
    + Use a different priority for libssl1.0.0/restart-services depending
      on whether a desktop, or server dist-upgrade is being performed.
  - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create
    libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package
    in Debian).
  - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files,
    rules}: Move runtime libraries to /lib, for the benefit of
    wpasupplicant.
  - debian/patches/aesni.patch: Backport Intel AES-NI support, now from
    http://rt.openssl.org/Ticket/Display.html?id=2065 rather than the
    0.9.8 variant.
  - debian/patches/Bsymbolic-functions.patch: Link using
    -Bsymbolic-functions.
  - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under
    .pc.
  - debian/rules:
    + Don't run 'make test' when cross-building.
    + Use host compiler when cross-building.  Patch from Neil Williams.
    + Don't build for processors no longer supported: i486, i586 (on
      i386), v8 (on sparc).
    + Fix Makefile to properly clean up libs/ dirs in clean target.
    + Replace duplicate files in the doc directory with symlinks.
* debian/libssl1.0.0.postinst: only display restart notification on
  servers (LP: #244250)

Show diffs side-by-side

added added

removed removed

Lines of Context:
tools/c_rehash.in
122
122
                my $fname = $_[0];
123
123
                my $hashopt = $_[1] || '-subject_hash';
124
124
                $fname =~ s/'/'\\''/g;
125
 
                my ($hash, $fprint) = `"$openssl" x509 $hashopt -fingerprint -noout -in "$fname"`;
126
 
                chomp $hash;
127
 
                chomp $fprint;
128
 
                $fprint =~ s/^.*=//;
129
 
                $fprint =~ tr/://d;
130
 
                my $suffix = 0;
131
 
                # Search for an unused hash filename
132
 
                while(exists $hashlist{"$hash.$suffix"}) {
133
 
                        # Hash matches: if fingerprint matches its a duplicate cert
134
 
                        if($hashlist{"$hash.$suffix"} eq $fprint) {
135
 
                                print STDERR "WARNING: Skipping duplicate certificate $fname\n";
136
 
                                return;
137
 
                        }
138
 
                        $suffix++;
139
 
                }
140
 
                $hash .= ".$suffix";
141
 
                print "$fname => $hash\n";
142
 
                $symlink_exists=eval {symlink("",""); 1};
143
 
                if ($symlink_exists) {
144
 
                        symlink $fname, $hash;
145
 
                } else {
146
 
                        open IN,"<$fname" or die "can't open $fname for read";
147
 
                        open OUT,">$hash" or die "can't open $hash for write";
148
 
                        print OUT <IN>; # does the job for small text files
149
 
                        close OUT;
150
 
                        close IN;
151
 
                }
152
 
                $hashlist{$hash} = $fprint;
 
125
                open my $in_fh, '<', $fname or die "can't open $fname for read";
 
126
                my $cert = eval {local $/ = undef; <$in_fh>};
 
127
                close $in_fh;
 
128
                OUTERLOOP:
 
129
                while ($cert =~ /^(-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----)$/gms)
 
130
                {
 
131
                   my $part = $1;
 
132
                   my $tfile = `tempfile`;
 
133
                   chomp $tfile;
 
134
                   open my $tfile_fh, '>', $tfile or die "can't open $tfile for write";
 
135
                   print {$tfile_fh} "$part\n";
 
136
                   close $tfile_fh;
 
137
 
 
138
                   my ($hash, $fprint) = `"$openssl" x509 $hashopt -fingerprint -noout -in "$tfile"`;
 
139
                   chomp $hash;
 
140
                   chomp $fprint;
 
141
                   $fprint =~ s/^.*=//;
 
142
                   $fprint =~ tr/://d;
 
143
                   my $suffix = 0;
 
144
                   # Search for an unused hash filename
 
145
                   while(exists $hashlist{"$hash.$suffix"}) {
 
146
                           # Hash matches: if fingerprint matches its a duplicate cert
 
147
                           if($hashlist{"$hash.$suffix"} eq $fprint) {
 
148
                                   print STDERR "WARNING: Skipping duplicate certificate $fname\n";
 
149
                                   unlink $tfile;
 
150
                                   next OUTERLOOP;
 
151
                           }
 
152
                           $suffix++;
 
153
                   }
 
154
                   $hash .= ".$suffix";
 
155
                   print "$fname => $hash\n";
 
156
                   $symlink_exists=eval {symlink("",""); 1};
 
157
                   if ($symlink_exists) {
 
158
                           symlink $fname, $hash;
 
159
                   } else {
 
160
                           open IN,"<$tfile" or die "can't open $tfile for read";
 
161
                           open OUT,">$hash" or die "can't open $hash for write";
 
162
                           print OUT <IN>;      # does the job for small text files
 
163
                           close OUT;
 
164
                           close IN;
 
165
                   }
 
166
                   $hashlist{$hash} = $fprint;
 
167
                   unlink $tfile;
 
168
                } ## end while ($cert =~ /^(-----BEGIN ...
153
169
}
154
170
 
155
171
sub link_hash_cert_old {