Commit 0a12a5a1 authored by Baruch Siach's avatar Baruch Siach Committed by Thomas Petazzoni
Browse files

powerpc-utils: security bump to 1.2.24 



Fixes CVE-2014-4040: A local attacker could obtain sensitive information from
the generated archive such as plain text passwords.

Yes, version 1.2.24 seems to be newer than 1.4, which is equivalent to 1.2.20.

Also, switch from git clone to tarball download , and add a .hash file.

The configure script seems to misdetect stack smashing protection support in
the toolchain. gcc accepts -fstack_protector_all, but the linker complains:
"ld: cannot find -lssp".

Cc: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: default avatarBaruch Siach <baruch@tkos.co.il>
Signed-off-by: default avatarThomas Petazzoni <thomas.petazzoni@free-electrons.com>
parent 6259a985

package/powerpc-utils/powerpc-utils.hash

0 → 100644
+3 −0
Original line number Diff line number Diff line 
# From http://sourceforge.net/projects/powerpc-utils/files/powerpc-utils/

sha1	975c668e8eaedd5222a7870e82ce295d06dfe649	powerpc-utils-1.2.24.tar.gz

md5	f492a72f2d4522eba5d9b329c84b3ed3	powerpc-utils-1.2.24.tar.gz

package/powerpc-utils/powerpc-utils.mk

+4 −3
Original line number Diff line number Diff line
@@ -4,13 +4,14 @@ 
#

################################################################################



POWERPC_UTILS_VERSION = v1.4

POWERPC_UTILS_SITE = git://git.code.sf.net/p/powerpc-utils/powerpc-utils

POWERPC_UTILS_AUTORECONF = YES

POWERPC_UTILS_VERSION = 1.2.24

POWERPC_UTILS_SITE = http://downloads.sourceforge.net/project/powerpc-utils/powerpc-utils

POWERPC_UTILS_DEPENDENCIES = zlib

POWERPC_UTILS_LICENSE = Common Public License Version 1.0

POWERPC_UTILS_LICENSE_FILES = COPYRIGHT



POWERPC_UTILS_CONF_OPTS = --without-librtas

POWERPC_UTILS_CONF_ENV = \

	ax_cv_check_cflags___fstack_protector_all=$(if $(BR2_TOOLCHAIN_HAS_SSP),yes,no)



$(eval $(autotools-package))