I'm working with the pyro release, and noticed that it's still using openssl 1.0.2k. The latest version in the 1.0.2 series is 1.0.2n, which is already available on master. Is there a reason that the newer version hasn't made it back to pyro (or rocko, which is on 1.0.2m)? I know new package versions are not normally backported, but looking at the change log, I only see one change mentioned that is not a CVE fix (the 1.0.2l release):
https://urldefense.proofpoint.com/v2/url?u=https-3A__git.openssl.org_-3Fp-3Dopenssl.git-3Ba-3Dblob-3Bf-3DCHANGES-3Bh-3Df2fc31a25c54b12fc7db40c03d39f9a68b9ec0e5-3Bhb-3De5bba24cd8bb3e5127a578b85c6edf013a38ea6d&d=DwIBAg&c=zVFQZQ67ypsA9mYKSCqWmQHiVkCCaN-Gb60_N6TVnLk&r=ak_pMnzuMKndrbvJGok-seoFenjTGhP3oPNUzKUOwzHhGpNMwSJsaHunyXDlBGjO&m=3JjPoO2FeIBSz3wggiqKGtYceKB5t__oSe8p6yDsQfM&s=oeCHfmZkkXVFW1aoMZsolXeFvKI9RTUtbdGBj61kheQ&e= I can send patches to bring 1.0.2n to rocko and pyro if they will be accepted. Thanks, Robert -- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
