[oe] [OE-core] BlueZ old releases have new checksums
denis at denix.org
Wed Jan 4 23:02:45 CET 2012
On Wed, Jan 04, 2012 at 12:53:25PM -0800, Khem Raj wrote:
> On Wed, Jan 4, 2012 at 12:14 PM, Chris Larson <clarson at kergoth.com> wrote:
> > On Wed, Jan 4, 2012 at 11:14 AM, Denys Dmytriyenko <denis at denix.org> wrote:
> >> The main archive of BlueZ/obexd/hcidump releases on kernel.org finally
> >> re-appeared after missing for long time since kernel.org compromise.
> >> Unfortunately, all previous tarballs have new checksums, breaking builds for
> >> anyone w/o previous copy cached. Old copies were also extensively mirrored,
> >> so you never know which one you fetch next time...
> > Heh, checksums changing after a security compromise, that's worrisome
> > :) should diff their contents to see what's going on, or whether its
> > just a gzip timestamp change or something.
> exactly. Make sure the tars are sane
Well, according to BlueZ maintainer, he gave the correct tarballs to
kernel.org people, but for some reason they untarred and re-packed them.
There's only 4 bytes difference, presumably timestamp...
More information about the Openembedded-devel