[Buildroot] [PATCH] powerpc-utils: security bump to 1.2.24
Thomas Petazzoni
thomas.petazzoni at free-electrons.com
Fri Mar 20 13:04:28 UTC 2015
Dear Baruch Siach,
On Fri, 20 Mar 2015 07:55:47 +0200, Baruch Siach wrote:
> Fixes CVE-2014-4040: A local attacker could obtain sensitive information from
> the generated archive such as plain text passwords.
>
> Yes, version 1.2.24 seems to be newer than 1.4, which is equivalent to 1.2.20.
>
> Also, switch from git clone to tarball download , and add a .hash file.
>
> The configure script seems to misdetect stack smashing protection support in
> the toolchain. gcc accepts -fstack_protector_all, but the linker complains:
> "ld: cannot find -lssp".
>
> Cc: Jeremy Kerr <jk at ozlabs.org>
> Signed-off-by: Baruch Siach <baruch at tkos.co.il>
Applied, thanks.
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
More information about the buildroot
mailing list