From 775d5687d4711a08685da1a2077624516e6a8680 Mon Sep 17 00:00:00 2001 From: Romain Forlot Date: Fri, 2 Dec 2016 16:13:31 +0000 Subject: Fix: CVE-2016-1238 recent perl doesn't include cwd Upstream YP introduced http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?h=jethro&id=c3f5e64b583e0f8c62952f4c2a93c41310987bdf Thus this adds a follow-up fix for openssl. Change-Id: Ifb55c3022596a6105662618f4cd08bd0165f5a6b Signed-off-by: Romain Forlot --- meta-agl/recipes-connectivity/openssl/openssl_1.0.2h.bbappend | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 meta-agl/recipes-connectivity/openssl/openssl_1.0.2h.bbappend diff --git a/meta-agl/recipes-connectivity/openssl/openssl_1.0.2h.bbappend b/meta-agl/recipes-connectivity/openssl/openssl_1.0.2h.bbappend new file mode 100644 index 000000000..31c5c2040 --- /dev/null +++ b/meta-agl/recipes-connectivity/openssl/openssl_1.0.2h.bbappend @@ -0,0 +1,7 @@ +# As fixed in debian package perl (5.22.2-3) [SECURITY] CVE-2016-1238 +# We have to tell perl to include cwd in @INC using PERL_USE_UNSAFE_INC +# Fixed in morty release. See commit : http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=ffdc23ab5311b651e27c9bda16da5ddd482249fa + +do_configure_prepend() { +${@'export PERL_USE_UNSAFE_INC=1' if (d.getVar("DISTRO_CODENAME", True) == "chinook") else ''} +} -- cgit 1.2.3-korg