question on the openssl recipes and openssl versions... Point me to the correct distro if this is the incorrect spot to ask this...

We're currently on Danny, 1.3.2. In there, the openssl version is 1.0.0j. The openssl project is currently promoting 1.0.1h. Due to the multiple CVEs being released, we're wanting to move to the latest. But, looking at the poky releases, it seems that, after "Danny", Poky reverted back to 1.0.0e and added patches as CVEs are released. For example, here's the patches in "Daisy" (1.6.1):

   openssl-1.0.1e-cve-2014-0195.patch
   openssl-1.0.1e-cve-2014-0198.patch
   openssl-1.0.1e-cve-2014-0221.patch
   openssl-1.0.1e-cve-2014-0224.patch
   openssl-1.0.1e-cve-2014-3470.patch
   openssl-CVE-2010-5298.patch

Am I reading that correct? If I move to the recipes there, will that close current issues on openssl? Or, is there a recipe available to use 1.0.1h?

Thanks for any info.
Mark Evans
-- 
_______________________________________________
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Reply via email to