kumquat-buildroot/package/libfuse/libfuse.mk
Peter Korsgaard 9c2bbc3fc9 libfuse: security bump to version 2.9.8
Fixes CVE-2018-10906 - In fuse before versions 2.9.8 and 3.x before 3.2.5,
fusermount is vulnerable to a restriction bypass when SELinux is active.
This allows non-root users to mount a FUSE file system with the
'allow_other' mount option regardless of whether 'user_allow_other' is set
in the fuse configuration.  An attacker may use this flaw to mount a FUSE
file system, accessible by other users, and trick them into accessing files
on that file system, possibly causing Denial of Service or other unspecified
effects.

And additionally:

- libfuse no longer segfaults when fuse_interrupted() is called outside the
  event loop.

- The fusermount binary has been hardened in several ways to reduce
  potential attack surface.  Most importantly, mountpoints and mount options
  must now match a hard-coded whitelist.  It is expected that this whitelist
  covers all regular use-cases.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-08-17 16:54:07 +02:00

25 lines
792 B
Makefile

################################################################################
#
# libfuse
#
################################################################################
LIBFUSE_VERSION = 2.9.8
LIBFUSE_SOURCE = fuse-$(LIBFUSE_VERSION).tar.gz
LIBFUSE_SITE = https://github.com/libfuse/libfuse/releases/download/fuse-$(LIBFUSE_VERSION)
LIBFUSE_LICENSE = GPL-2.0, LGPL-2.1
LIBFUSE_LICENSE_FILES = COPYING COPYING.LIB
LIBFUSE_INSTALL_STAGING = YES
LIBFUSE_DEPENDENCIES = $(if $(BR2_PACKAGE_LIBICONV),libiconv)
LIBFUSE_CONF_OPTS = \
--disable-example \
--enable-lib \
--enable-util
define LIBFUSE_INSTALL_TARGET_CMDS
cp -dpf $(STAGING_DIR)/usr/bin/fusermount $(TARGET_DIR)/usr/bin/
cp -dpf $(STAGING_DIR)/usr/lib/libfuse.so* $(TARGET_DIR)/usr/lib/
endef
$(eval $(autotools-package))