[Buildroot] [PATCH] powerpc-utils: security bump to 1.2.24

Thomas Petazzoni thomas.petazzoni at free-electrons.com
Fri Mar 20 13:04:28 UTC 2015


Dear Baruch Siach,

On Fri, 20 Mar 2015 07:55:47 +0200, Baruch Siach wrote:
> Fixes CVE-2014-4040: A local attacker could obtain sensitive information from
> the generated archive such as plain text passwords.
> 
> Yes, version 1.2.24 seems to be newer than 1.4, which is equivalent to 1.2.20.
> 
> Also, switch from git clone to tarball download , and add a .hash file.
> 
> The configure script seems to misdetect stack smashing protection support in
> the toolchain. gcc accepts -fstack_protector_all, but the linker complains:
> "ld: cannot find -lssp".
> 
> Cc: Jeremy Kerr <jk at ozlabs.org>
> Signed-off-by: Baruch Siach <baruch at tkos.co.il>

Applied, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com


More information about the buildroot mailing list