Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>


> - Update from version 1.1.1n to 1.1.1o
> - Update of rootfile not required
> - This patch is to go into CU168 as this update is for fixing a moderate severity CVE
> - Changelog
>     1.1.1o [3 May 2022]
> 	    (CVE-2022-1292)
> 	    Fixed a bug in the c_rehash script which was not properly sanitising shell
> 	    metacharacters to prevent command injection.  This script is distributed by
> 	    some operating systems in a manner where it is automatically executed.  On
> 	    such operating systems, an attacker could execute arbitrary commands with the
> 	    privileges of the script.
> 	    Use of the c_rehash script is considered obsolete and should be replaced
> 	    by the OpenSSL rehash command line tool.
> 
> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
> ---
>   lfs/openssl | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/lfs/openssl b/lfs/openssl
> index 2aa0aeb86..a1328fcd0 100644
> --- a/lfs/openssl
> +++ b/lfs/openssl
> @@ -24,7 +24,7 @@
>   
>   include Config
>   
> -VER        = 1.1.1n
> +VER        = 1.1.1o
>   
>   THISAPP    = openssl-$(VER)
>   DL_FILE    = $(THISAPP).tar.gz
> @@ -74,7 +74,7 @@ objects = $(DL_FILE)
>   
>   $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>   
> -$(DL_FILE)_BLAKE2 = af530258d9f7ca4f1bd1c6c344eb385e766e465c9341dd08797676165f67bbb82d3fd549ed7559dc12fb8c9c4db5e04fa6ec7ab729ec1467f5e8bce469ff5398
> +$(DL_FILE)_BLAKE2 = 5bd355fd17adf43ba4e3bf1a8036ceb724edd4f4ab80dc25aecc3d2647372e9db2bc12e2b89791fc4b6f7fd95a7b68e00490d09ca6518d25ab990ee27798e641
>   
>   install : $(TARGET)
>