- up to 1.0.0e (fixes CVE-2011-3207, CVE-2011-3210, EC timming attacs)

[packages/openssl.git] / openssl-c_rehash.sh

diff --git a/openssl-c_rehash.sh b/openssl-c_rehash.sh
index 1069eea0faf24f34dab341a9ebe6b7997553692d..75a774945cf75a4a35f96cc548199e8c1270a68f 100644 (file)
--- a/openssl-c_rehash.sh
+++ b/openssl-c_rehash.sh
@@ -106,7 +106,7 @@ link_hash()
     do
        if [ ${FINGERPRINT} = $( fingerprint ${LINKFILE} ${2} ) ]
        then
-           printf "WARNING: Skipping duplicate file ${1}\n" >&2
+           echo "WARNING: Skipping duplicate file ${1}" >&2
            return 1
        fi      
 
@@ -114,7 +114,7 @@ link_hash()
        LINKFILE=${HASH}.${TAG}${SUFFIX}
     done
 
-    printf "${1} => ${LINKFILE}\n"
+    echo "${1} => ${LINKFILE}"
 
     # assume any system with a POSIX shell will either support symlinks or
     # do something to handle this gracefully
@@ -127,18 +127,12 @@ link_hash()
 # hash_dir create hash links in a given directory
 hash_dir()
 {
-    printf "Doing ${1}\n"
+    echo "Doing ${1}"
 
     cd ${1}
 
-    for FILE in *
+    ls -1 * 2>/dev/null | while read FILE
     do
-       # no files in directory at all, no point in continuing
-       if ! [ -f ${FILE} ]
-       then
-           return 1
-       fi
-
         if echo ${FILE} | grep -q -E '^[[:xdigit:]]{8}\.r?[[:digit:]]+$' \
                && [ -h "${FILE}" ]
         then
@@ -146,14 +140,8 @@ hash_dir()
         fi
     done
 
-    for FILE in *.pem
+    ls -1 *.pem 2>/dev/null | while read FILE
     do
-       # no pem files so FILE gets set to the unexpanded *.pem
-       if ! [ -f ${FILE} ]
-       then
-           break
-       fi
-
        check_file ${FILE}
         local FILE_TYPE=${?}
        local TYPE_STR=''
@@ -165,7 +153,7 @@ hash_dir()
         then
             TYPE_STR='crl'
         else
-            printf "WARNING: ${FILE} does not contain a certificate or CRL: skipping\n" >&2
+            echo "WARNING: ${FILE} does not contain a certificate or CRL: skipping" >&2
            continue
         fi
 
@@ -177,11 +165,11 @@ hash_dir()
 # choose the name of an ssl application
 if [ -n "${OPENSSL}" ]
 then
-    SSL_CMD=${OPENSSL}
+    SSL_CMD=$(which ${OPENSSL} 2>/dev/null)
 else
-    SSL_CMD=openssl
+    SSL_CMD=/usr/bin/openssl
     OPENSSL=${SSL_CMD}
-    export ${OPENSSL}
+    export OPENSSL
 fi
 
 # fix paths
@@ -189,30 +177,34 @@ PATH=${PATH}:${DIR}/bin
 export PATH
 
 # confirm existance/executability of ssl command
-if ! [ -x $( which ${SSL_CMD} ) ]
+if ! [ -x ${SSL_CMD} ]
 then
-    printf "${0}: rehashing skipped ('openssl' program not available)\n" >&2
+    echo "${0}: rehashing skipped ('openssl' program not available)" >&2
     exit 0
 fi
 
 # determine which directories to process
-# XXX: can't handle directories with spaces in names
-# XXX: ...use \n as dir separator and manipulate IFS?
+old_IFS=$IFS
 if [ ${#} -gt 0 ]
 then
+    IFS=':'
     DIRLIST=${*}
 elif [ -n "${SSL_CERT_DIR}" ]
 then
-    DIRLIST=$( echo ${SSL_CERT_DIR} | tr ':' ' ' )
+    DIRLIST=$SSL_CERT_DIR
 else
     DIRLIST=${DIR}/certs
 fi
 
+IFS=':'
+
 # process directories
 for CERT_DIR in ${DIRLIST}
 do
     if [ -d ${CERT_DIR} -a -w ${CERT_DIR} ]
     then
+        IFS=$old_IFS
         hash_dir ${CERT_DIR}
+        IFS=':'
     fi
 done