Thanks for the nfo. I'll go there and take a look.
--MarkE
On 7/24/2014 7:51 PM, Khem Raj wrote:
On Thu, Jul 24, 2014 at 5:44 PM, Mark Evans <mark.a.ev...@gmail.com> wrote:
question on the openssl recipes and openssl versions... Point me to the
correct distro if this is the incorrect spot to ask this...
We're currently on Danny, 1.3.2. In there, the openssl version is 1.0.0j.
The openssl project is currently promoting 1.0.1h. Due to the multiple CVEs
being released, we're wanting to move to the latest. But, looking at the
poky releases, it seems that, after "Danny", Poky reverted back to 1.0.0e
and added patches as CVEs are released. For example, here's the patches in
"Daisy" (1.6.1):
openssl-1.0.1e-cve-2014-0195.patch
openssl-1.0.1e-cve-2014-0198.patch
openssl-1.0.1e-cve-2014-0221.patch
openssl-1.0.1e-cve-2014-0224.patch
openssl-1.0.1e-cve-2014-3470.patch
openssl-CVE-2010-5298.patch
Am I reading that correct? If I move to the recipes there, will that close
current issues on openssl? Or, is there a recipe available to use 1.0.1h?
oe-core/master is having 1.0.1h, you can backport that into your own
layer and tool your project
to use it.
Thanks for any info.
Mark Evans
--
_______________________________________________
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
--
_______________________________________________
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
