On Thu, Jul 24, 2014 at 5:44 PM, Mark Evans <mark.a.ev...@gmail.com> wrote: > question on the openssl recipes and openssl versions... Point me to the > correct distro if this is the incorrect spot to ask this... > > We're currently on Danny, 1.3.2. In there, the openssl version is 1.0.0j. > The openssl project is currently promoting 1.0.1h. Due to the multiple CVEs > being released, we're wanting to move to the latest. But, looking at the > poky releases, it seems that, after "Danny", Poky reverted back to 1.0.0e > and added patches as CVEs are released. For example, here's the patches in > "Daisy" (1.6.1): > > openssl-1.0.1e-cve-2014-0195.patch > openssl-1.0.1e-cve-2014-0198.patch > openssl-1.0.1e-cve-2014-0221.patch > openssl-1.0.1e-cve-2014-0224.patch > openssl-1.0.1e-cve-2014-3470.patch > openssl-CVE-2010-5298.patch > > Am I reading that correct? If I move to the recipes there, will that close > current issues on openssl? Or, is there a recipe available to use 1.0.1h? >
oe-core/master is having 1.0.1h, you can backport that into your own layer and tool your project to use it. > Thanks for any info. > Mark Evans > > -- > _______________________________________________ > yocto mailing list > yocto@yoctoproject.org > https://lists.yoctoproject.org/listinfo/yocto > -- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto