[yocto] OpenSSL 1.0.0m
Mark Evans
mark.a.evans at gmail.com
Thu Jul 24 18:46:11 PDT 2014
Thanks for the nfo. I'll go there and take a look.
--MarkE
On 7/24/2014 7:51 PM, Khem Raj wrote:
> On Thu, Jul 24, 2014 at 5:44 PM, Mark Evans <mark.a.evans at gmail.com> wrote:
>> question on the openssl recipes and openssl versions... Point me to the
>> correct distro if this is the incorrect spot to ask this...
>>
>> We're currently on Danny, 1.3.2. In there, the openssl version is 1.0.0j.
>> The openssl project is currently promoting 1.0.1h. Due to the multiple CVEs
>> being released, we're wanting to move to the latest. But, looking at the
>> poky releases, it seems that, after "Danny", Poky reverted back to 1.0.0e
>> and added patches as CVEs are released. For example, here's the patches in
>> "Daisy" (1.6.1):
>>
>> openssl-1.0.1e-cve-2014-0195.patch
>> openssl-1.0.1e-cve-2014-0198.patch
>> openssl-1.0.1e-cve-2014-0221.patch
>> openssl-1.0.1e-cve-2014-0224.patch
>> openssl-1.0.1e-cve-2014-3470.patch
>> openssl-CVE-2010-5298.patch
>>
>> Am I reading that correct? If I move to the recipes there, will that close
>> current issues on openssl? Or, is there a recipe available to use 1.0.1h?
>>
> oe-core/master is having 1.0.1h, you can backport that into your own
> layer and tool your project
> to use it.
>
>
>> Thanks for any info.
>> Mark Evans
>>
>> --
>> _______________________________________________
>> yocto mailing list
>> yocto at yoctoproject.org
>> https://lists.yoctoproject.org/listinfo/yocto
>>
More information about the yocto
mailing list