[yocto] meta-fsl-ppc uses Openssl 1.0.1g in master
Sona Sarmadi
sona.sarmadi at enea.com
Tue Dec 16 05:58:03 PST 2014
Hi guys,
Is there any specific reason why openssl 1.0.1g is used by default? Yocto is using 1.0.1j in master to address some security issues (SSLv3 protocol vulnerability). If there is a strong reason to stay on 1.0.1g, I suggest we apply sslv3 patches otherwise we just remove this line.
https://git.yoctoproject.org/cgit/cgit.cgi/meta-fsl-ppc/tree/conf/machine/include/qoriq-default-versions.inc
PREFERRED_VERSION_openssl = "1.0.1g"
Cheers
Sona
Sona Sarmadi
Software Engineer/Security Responsible for Enea Linux
Enea
Jan Stenbecks torg 17,
Box 1033, SE-164 21 Kista, Sweden
Direct: +46 8 5071 4475
Mobile: +46 70 971 4475
sona.sarmadi at enea.com<mailto:sona.sarmadi at enea.com>
www.enea.com<http://www.enea.com/>
[cid:image002.jpg at 01CFDC00.44AA35B0]
This message, including attachments, is CONFIDENTIAL. It may also be privileged or otherwise protected by law. If you received this email by mistake please let us know by reply and then delete it from your system; you should not copy it or disclose its contents to anyone.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20141216/4c49cf28/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Picture (Device Independent Bitmap) 1.jpg
Type: image/jpeg
Size: 2021 bytes
Desc: Picture (Device Independent Bitmap) 1.jpg
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20141216/4c49cf28/attachment.jpg>
More information about the yocto
mailing list