I'm working with the pyro release, and noticed that it's still using 
openssl 1.0.2k. The latest version in the 1.0.2 series is 1.0.2n, which is 
already available on master. Is there a reason that the newer version 
hasn't made it back to pyro (or rocko, which is on 1.0.2m)? I know new 
package versions are not normally backported, but looking at the change 
log, I only see one change mentioned that is not a CVE fix (the 1.0.2l 
release):

https://urldefense.proofpoint.com/v2/url?u=https-3A__git.openssl.org_-3Fp-3Dopenssl.git-3Ba-3Dblob-3Bf-3DCHANGES-3Bh-3Df2fc31a25c54b12fc7db40c03d39f9a68b9ec0e5-3Bhb-3De5bba24cd8bb3e5127a578b85c6edf013a38ea6d&d=DwIBAg&c=zVFQZQ67ypsA9mYKSCqWmQHiVkCCaN-Gb60_N6TVnLk&r=ak_pMnzuMKndrbvJGok-seoFenjTGhP3oPNUzKUOwzHhGpNMwSJsaHunyXDlBGjO&m=3JjPoO2FeIBSz3wggiqKGtYceKB5t__oSe8p6yDsQfM&s=oeCHfmZkkXVFW1aoMZsolXeFvKI9RTUtbdGBj61kheQ&e=

I can send patches to bring 1.0.2n to rocko and pyro if they will be 
accepted.

Thanks,
Robert
-- 
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Reply via email to