[ELDK] ELDK 5.4 and 'GHOST' glibc bug

[Wolfgang Denk]

Dear Albrecht,

In message <1422902202.3495.0 at deneb.(none)> you wrote:
> 
> I use ELDK v. 5.4 for a PowerPC (MPC5200B) target.  Due to [1], upgrading
> to 5.5.x is not an option for me.

Yeah, that's a sad story, expecially as Yocto is targeting a fix only
for the 1.8M3 milestone (see [1])

[1] https://bugzilla.yoctoproject.org/show_bug.cgi?id=6872

> It appears, though, that the glibc coming with 5.4 is vulnerable by
> CVE-2015-0235 (glibc 'GHOST' gethostbyname buffer overflow; [2]).

This is my understanding, too.

> Before downloading 5.6 - does it have both the gcc/PowerPC glitch *and* the
> GHOST bug fixed?  Or will you provide an update for 5.4?

5.6 includes basically the same compiler as 5.5.x; especially the
aforementioned bug is still unfixed.

We did not come to a final decision yet how to handle this.  It wuld
be possible to switch to GCC 4.8.4 for some ELDK v5.6.1 release or
such, but I hesitate as I'd much rather have a community accepted and
tested fix included.

Eventually we might even skip v5.7 and rather focus efforts on a quick
v5.8 which then would (hopefully) a reliable version of GCC again.

Best regards,

Wolfgang Denk

-- 
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de
Little known fact about Middle Earth:   The Hobbits had a very sophi-
sticated computer network!   It was a Tolkien Ring...