6facb6fa10
Fix CVE-2022-40284: A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device. https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-v4w8-jv3w-7prm https://github.com/tuxera/ntfs-3g/releases/tag/2022.10.3 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
37 lines
1.0 KiB
Makefile
37 lines
1.0 KiB
Makefile
################################################################################
|
|
#
|
|
# ntfs-3g
|
|
#
|
|
################################################################################
|
|
|
|
NTFS_3G_VERSION = 2022.10.3
|
|
NTFS_3G_SOURCE = ntfs-3g_ntfsprogs-$(NTFS_3G_VERSION).tgz
|
|
NTFS_3G_SITE = http://tuxera.com/opensource
|
|
NTFS_3G_CONF_OPTS = --disable-ldconfig
|
|
NTFS_3G_INSTALL_STAGING = YES
|
|
NTFS_3G_DEPENDENCIES = host-pkgconf
|
|
NTFS_3G_LICENSE = GPL-2.0+, LGPL-2.0+
|
|
NTFS_3G_LICENSE_FILES = COPYING COPYING.LIB
|
|
NTFS_3G_CPE_ID_VENDOR = tuxera
|
|
|
|
ifeq ($(BR2_PACKAGE_LIBFUSE),y)
|
|
NTFS_3G_CONF_OPTS += --with-fuse=external
|
|
NTFS_3G_DEPENDENCIES += libfuse
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_UTIL_LINUX_LIBUUID),y)
|
|
NTFS_3G_DEPENDENCIES += util-linux
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_NTFS_3G_ENCRYPTED),y)
|
|
NTFS_3G_CONF_ENV += LIBGCRYPT_CONFIG=$(STAGING_DIR)/usr/bin/libgcrypt-config
|
|
NTFS_3G_CONF_OPTS += --enable-crypto
|
|
NTFS_3G_DEPENDENCIES += gnutls libgcrypt
|
|
endif
|
|
|
|
ifneq ($(BR2_PACKAGE_NTFS_3G_NTFSPROGS),y)
|
|
NTFS_3G_CONF_OPTS += --disable-ntfsprogs
|
|
endif
|
|
|
|
$(eval $(autotools-package))
|