summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRomain Forlot <romain.forlot@iot.bzh>2016-12-02 16:13:31 +0000
committerJan-Simon Moeller <jsmoeller@linuxfoundation.org>2016-12-02 20:11:22 +0000
commit775d5687d4711a08685da1a2077624516e6a8680 (patch)
treebc9c8fa1117a4b5ff44065ebb640be6eddbaefd8
parent7c55d83400572f4aa13d55b9b0c662964951cf83 (diff)
Fix: CVE-2016-1238 recent perl doesn't include cwdblowfish_2.0.5blowfish_2.0.42.0.52.0.4blowfish
Upstream YP introduced http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?h=jethro&id=c3f5e64b583e0f8c62952f4c2a93c41310987bdf Thus this adds a follow-up fix for openssl. Change-Id: Ifb55c3022596a6105662618f4cd08bd0165f5a6b Signed-off-by: Romain Forlot <romain.forlot@iot.bzh>
-rw-r--r--meta-agl/recipes-connectivity/openssl/openssl_1.0.2h.bbappend7
1 files changed, 7 insertions, 0 deletions
diff --git a/meta-agl/recipes-connectivity/openssl/openssl_1.0.2h.bbappend b/meta-agl/recipes-connectivity/openssl/openssl_1.0.2h.bbappend
new file mode 100644
index 0000000..31c5c20
--- /dev/null
+++ b/meta-agl/recipes-connectivity/openssl/openssl_1.0.2h.bbappend
@@ -0,0 +1,7 @@
+# As fixed in debian package perl (5.22.2-3) [SECURITY] CVE-2016-1238
+# We have to tell perl to include cwd in @INC using PERL_USE_UNSAFE_INC
+# Fixed in morty release. See commit : http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=ffdc23ab5311b651e27c9bda16da5ddd482249fa
+
+do_configure_prepend() {
+${@'export PERL_USE_UNSAFE_INC=1' if (d.getVar("DISTRO_CODENAME", True) == "chinook") else ''}
+}