* [Buildroot] [git commit branch/2022.02.x] package/exfat: security bump to version 1.4.0
@ 2023-03-15 13:03 Peter Korsgaard
0 siblings, 0 replies; only message in thread
From: Peter Korsgaard @ 2023-03-15 13:03 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=f0e9d63690dd7623dc13bc7700b22a370d86748d
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2022.02.x
- Fix CVE-2022-29973: relan exFAT 1.3.0 allows local users to obtain
sensitive information (data from deleted files in the filesystem) in
certain situations involving offsets beyond ValidDataLength.
- libfuse3 is supported since
https://github.com/relan/exfat/commit/7cbc1544a4f68d8b4d33b187a053fc554405c56e
https://github.com/relan/exfat/releases/tag/v1.4.0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0c29b4281d5a1c55739c62438f8d7676d7a16823)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/exfat/Config.in | 2 +-
package/exfat/exfat.hash | 2 +-
package/exfat/exfat.mk | 6 ++++--
3 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/package/exfat/Config.in b/package/exfat/Config.in
index c0b4eabe11..c0ed2570d9 100644
--- a/package/exfat/Config.in
+++ b/package/exfat/Config.in
@@ -4,7 +4,7 @@ config BR2_PACKAGE_EXFAT
depends on BR2_USE_MMU # libfuse
depends on BR2_USE_WCHAR
depends on !BR2_STATIC_LIBS # libfuse
- select BR2_PACKAGE_LIBFUSE
+ select BR2_PACKAGE_LIBFUSE3 if !BR2_PACKAGE_LIBFUSE
help
A full-featured exFAT file system implementation for GNU/Linux
and other Unix-like systems as a FUSE module.
diff --git a/package/exfat/exfat.hash b/package/exfat/exfat.hash
index b40fc7f0e5..c6082a403a 100644
--- a/package/exfat/exfat.hash
+++ b/package/exfat/exfat.hash
@@ -1,3 +1,3 @@
# Locally calculated
-sha256 07652136064da5e4d32df5555f88c138ffa4835a23b88a5bae2015f21006e0d3 fuse-exfat-1.3.0.tar.gz
+sha256 a1cfedc55e0e7a12c184605aa0f0bf44b24a3fb272449b20b2c8bbe6edb3001e fuse-exfat-1.4.0.tar.gz
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
diff --git a/package/exfat/exfat.mk b/package/exfat/exfat.mk
index c0ef77a113..a8efe5b0ba 100644
--- a/package/exfat/exfat.mk
+++ b/package/exfat/exfat.mk
@@ -4,10 +4,12 @@
#
################################################################################
-EXFAT_VERSION = 1.3.0
+EXFAT_VERSION = 1.4.0
EXFAT_SITE = https://github.com/relan/exfat/releases/download/v$(EXFAT_VERSION)
EXFAT_SOURCE = fuse-exfat-$(EXFAT_VERSION).tar.gz
-EXFAT_DEPENDENCIES = libfuse host-pkgconf
+EXFAT_DEPENDENCIES = \
+ $(if $(BR2_PACKAGE_LIBFUSE3),libfuse3,libfuse) \
+ host-pkgconf
EXFAT_LICENSE = GPL-2.0+
EXFAT_LICENSE_FILES = COPYING
EXFAT_CPE_ID_VENDOR = exfat_project
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2023-03-15 13:09 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-03-15 13:03 [Buildroot] [git commit branch/2022.02.x] package/exfat: security bump to version 1.4.0 Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.