Re: [OE-core] Truly scary SSL 3.0 vuln to be revealed soon:
|
Bryan Evenson
Ross,
toggle quoted message
Show quoted text
-----Original Message-----I did a few quick searches of recipe names and descriptions on the meta-openembedded and poky (which includes oe-core) layers for SSL and TLS relation. The searches I used from the poky directory were: find meta* -name "*ssl*.bb" find meta* -name "*tls*.bb" grep -nrE '(ssl|SSL|tls|TLS)' meta* | grep -vE '(DSSSL|dsssl|[Ll]ossless)' | grep '\.bb:' Then ignoring packages that expressly disable SSL, here's what I found for other packages to evaluate: python-pyopenssl socat curl libsoup packagegroup-toolset-native packagegroup-core-basic packagegroup-core-lsb ltp mailx libarchive iputils msmtp webkit-gtk packagegroup-self-hosted eglibc glib-networking x11vnc bind telepathy-idle openssh valgrind tcf-agent python-native python rpm neon nostromo cherokee apache2 ajenti net-snmp claws-mail sylpheed libimobiledevice loudmouth hostap-daemon gateone libtorrent krb5 networkmanager nodejs4 nodejs libc-client python-twisted python-m2crypto links links-x11 openldap gsoap mbuffer cryptsetup iksemel strongswan ca-certificates libetpan cyrus-sasl vsftpd accel-ppp openvpn znc azy midori oscam tvheadend Almost all the packages require openssl or gnutls, so patching openssl and gnutls may be sufficient for most of these packages. I'm still working with the dylan branch. If any new packages have been added since then I may have missed them. I'm not sure how dropbear does its encryption, so that may be one to look at also. Regards, Bryan Evenson Ross |
|
|