On 02/12/2018 01:08 PM, robert_jos...@selinc.com wrote:
> I'm working with the pyro release, and noticed that it's still using 
> openssl 1.0.2k. The latest version in the 1.0.2 series is 1.0.2n, which is 
> already available on master. Is there a reason that the newer version 
> hasn't made it back to pyro (or rocko, which is on 1.0.2m)? 
openssl 1.1 was added and the openssl files got restructured making
simple cherry-picking not an option for older releases.

1.0.2n hit master 7 days ago, sorry for the delay.

1.0.2n is now in stable/rocko-next and will migrate to rocko when

> I know new 
> package versions are not normally backported, but looking at the change 
> log, I only see one change mentioned that is not a CVE fix (the 1.0.2l 
> release):
> https://urldefense.proofpoint.com/v2/url?u=https-3A__git.openssl.org_-3Fp-3Dopenssl.git-3Ba-3Dblob-3Bf-3DCHANGES-3Bh-3Df2fc31a25c54b12fc7db40c03d39f9a68b9ec0e5-3Bhb-3De5bba24cd8bb3e5127a578b85c6edf013a38ea6d&d=DwIBAg&c=zVFQZQ67ypsA9mYKSCqWmQHiVkCCaN-Gb60_N6TVnLk&r=ak_pMnzuMKndrbvJGok-seoFenjTGhP3oPNUzKUOwzHhGpNMwSJsaHunyXDlBGjO&m=3JjPoO2FeIBSz3wggiqKGtYceKB5t__oSe8p6yDsQfM&s=oeCHfmZkkXVFW1aoMZsolXeFvKI9RTUtbdGBj61kheQ&e=
> I can send patches to bring 1.0.2n to rocko and pyro if they will be 
> accepted.
patches welcome

- Armin
> Thanks,
> Robert

Openembedded-core mailing list

Reply via email to