[Buildroot] [patch] openssl-0.9.7l (security)

Brad House brad at mainstreetsoftworks.com
Sat Aug 11 13:22:43 UTC 2007


Any word on getting this committed?
Thanks.
-Brad

Brad House wrote:
> 0.9.7e has a few advisories against it.
> Here's a patch to bring it up to a more 'secure' version,
> should maintain binary compatibility as well.
> 
> I've also switched the option 'no-threads' to 'threads'.  It
> doesn't actually add any link dependencies to openssl,
> it simply enables some callbacks where a programmer can
> 'register' thread-safe callbacks for mutexes, etc.  If the
> programmer doesn't implement them, the library behaves the
> same as a no-threads build, so there is no impact here.
> Programs which use threads and OpenSSL _will_ crash randomly
> if openssl is not compiled with thread support.
> 
> Please apply the attached patch, and also remove the
> openssl-0.9.7e-no-fips.patch
> 
> -Brad
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> buildroot mailing list
> buildroot at uclibc.org
> http://busybox.net/mailman/listinfo/buildroot



More information about the buildroot mailing list