9c2bbc3fc9
Fixes CVE-2018-10906 - In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects. And additionally: - libfuse no longer segfaults when fuse_interrupted() is called outside the event loop. - The fusermount binary has been hardened in several ways to reduce potential attack surface. Most importantly, mountpoints and mount options must now match a hard-coded whitelist. It is expected that this whitelist covers all regular use-cases. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
25 lines
792 B
Makefile
25 lines
792 B
Makefile
################################################################################
|
|
#
|
|
# libfuse
|
|
#
|
|
################################################################################
|
|
|
|
LIBFUSE_VERSION = 2.9.8
|
|
LIBFUSE_SOURCE = fuse-$(LIBFUSE_VERSION).tar.gz
|
|
LIBFUSE_SITE = https://github.com/libfuse/libfuse/releases/download/fuse-$(LIBFUSE_VERSION)
|
|
LIBFUSE_LICENSE = GPL-2.0, LGPL-2.1
|
|
LIBFUSE_LICENSE_FILES = COPYING COPYING.LIB
|
|
LIBFUSE_INSTALL_STAGING = YES
|
|
LIBFUSE_DEPENDENCIES = $(if $(BR2_PACKAGE_LIBICONV),libiconv)
|
|
LIBFUSE_CONF_OPTS = \
|
|
--disable-example \
|
|
--enable-lib \
|
|
--enable-util
|
|
|
|
define LIBFUSE_INSTALL_TARGET_CMDS
|
|
cp -dpf $(STAGING_DIR)/usr/bin/fusermount $(TARGET_DIR)/usr/bin/
|
|
cp -dpf $(STAGING_DIR)/usr/lib/libfuse.so* $(TARGET_DIR)/usr/lib/
|
|
endef
|
|
|
|
$(eval $(autotools-package))
|