* OpenSSL 1.1.1k: Rationale for deprecated_crypto_flags in hardknott-next
@ 2021-10-19 10:55 Florian Miedniak
2021-10-19 11:11 ` [OE-core] " Alexander Kanavin
0 siblings, 1 reply; 2+ messages in thread
From: Florian Miedniak @ 2021-10-19 10:55 UTC (permalink / raw)
To: openembedded-core; +Cc: Mikko Rapeli
[-- Attachment #1.1: Type: text/plain, Size: 2536 bytes --]
Hi,
is there a rationale, why Configure is called with a bunch of deprecated_crypto_flags in hardknott-next <https://git.openembedded.org/openembedded-core/commit/meta/recipes-connectivity/openssl/openssl_1.1.1k.bb?h=hardknott-next&id=557d956743ecf5e1d002ae0b2135b1307736b7c8> while this is not done e.g. in dunfell<https://git.openembedded.org/openembedded-core/commit/meta/recipes-connectivity/openssl/openssl_1.1.1k.bb?h=dunfell&id=0826a41940da14631043e2a496854dbb5da9a15f> ? Just had a look at openSSL release notes and the CVEs as referenced by commit messages, but found no rationale there, too.
We stumbled upon this, since it deactivates SCRYPT algorithm.
Best regards,
-Florian
[cid:image001.png@01D7C4E8.9F7FD250]
-
Florian Miedniak
ABB AG
Eppelheimer Str. 82
69123 Heidelberg, Germany
Phone: +4962217011254
Mobile:
abb.com<http://www.abb.com>
ABB AG
Sitz/Head Office: Mannheim
Registergericht/Registry Court: Mannheim
Handelsregisternummer/Commercial Register No.: HRB 4664
Vorstand/Managing Board: Markus Ochsner (Vorsitzender/Chairman), Alexander Zumkeller
Vorsitzender des Aufsichtsrats/ Chairman of Supervisory Board: Klaus Eble
Diese E-mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet.
Bitte beachten Sie auch unsere Datenschutzerklärung für Geschäftspartner, die Sie über unsere Webseite<https://new.abb.com/privacy-policy/de/datenschutz> oder direkt unter diesem Link<https://new.abb.com/docs/librariesprovider30/default-document-library/datenschutzerklärung-geschäftspartner-abb-ag_de832794ecc1f463c09537ff0000433538.pdf> finden.
This E-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this E-mail in error) please notify the sender immediately and destroy this E-mail. Any unauthorized copying, disclosure or distribution of the material in this E-mail is strictly forbidden.
Please also take note of our data protection notice for business partners, which you can find on our web page<https://new.abb.com/privacy-policy/de/datenschutz> or directly under the following link<https://new.abb.com/docs/librariesprovider30/default-document-library/data-protection-notice-business-partners-abb-ag_de762794ecc1f463c09537ff0000433538.pdf>.
[-- Attachment #1.2: Type: text/html, Size: 8838 bytes --]
[-- Attachment #2: image001.png --]
[-- Type: image/png, Size: 2694 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [OE-core] OpenSSL 1.1.1k: Rationale for deprecated_crypto_flags in hardknott-next
2021-10-19 10:55 OpenSSL 1.1.1k: Rationale for deprecated_crypto_flags in hardknott-next Florian Miedniak
@ 2021-10-19 11:11 ` Alexander Kanavin
0 siblings, 0 replies; 2+ messages in thread
From: Alexander Kanavin @ 2021-10-19 11:11 UTC (permalink / raw)
To: Florian Miedniak; +Cc: openembedded-core, Mikko Rapeli
[-- Attachment #1: Type: text/plain, Size: 1047 bytes --]
On Tue, 19 Oct 2021 at 12:55, Florian Miedniak <florian.miedniak@de.abb.com>
wrote:
> is there a rationale, why Configure is called with a bunch of
> deprecated_crypto_flags in hardknott-next
> <https://git.openembedded.org/openembedded-core/commit/meta/recipes-connectivity/openssl/openssl_1.1.1k.bb?h=hardknott-next&id=557d956743ecf5e1d002ae0b2135b1307736b7c8>while
> this is *not* done e.g. in dunfell
> <https://git.openembedded.org/openembedded-core/commit/meta/recipes-connectivity/openssl/openssl_1.1.1k.bb?h=dunfell&id=0826a41940da14631043e2a496854dbb5da9a15f> ?
> Just had a look at openSSL release notes and the CVEs as referenced by
> commit messages, but found no rationale there, too.
> We stumbled upon this, since it deactivates SCRYPT algorithm.
>
This was done after dunfell was released, and was not backported to it.
Current master (which has 3.0.0) has again dropped the idea, as it only
resulted in mass reenabling of the supposedly deprecated stuff. I think we
should simply trust upstream to make the right choices.
Alex
[-- Attachment #2: Type: text/html, Size: 3047 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-10-19 11:11 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-19 10:55 OpenSSL 1.1.1k: Rationale for deprecated_crypto_flags in hardknott-next Florian Miedniak
2021-10-19 11:11 ` [OE-core] " Alexander Kanavin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).