diff options
| author | Nikolaus Rath <Nikolaus@rath.org> | 2018-07-24 07:45:33 +0100 |
|---|---|---|
| committer | Nikolaus Rath <Nikolaus@rath.org> | 2018-07-24 07:45:33 +0100 |
| commit | 932f4190e2b65419cef9960e27a7f94fcab9c816 (patch) | |
| tree | dc7cda040693677e45e9836803d4e49c909591ca | |
| parent | 237147e6e09bec52145e9a25a46aff36ac4459da (diff) | |
| download | fuse-3.2.5.tar.gz | |
Released 3.2.5fuse-3.2.5
| -rw-r--r-- | AUTHORS | 4 | ||||
| -rw-r--r-- | ChangeLog.rst | 9 | ||||
| -rw-r--r-- | meson.build | 2 |
3 files changed, 12 insertions, 3 deletions
@@ -17,6 +17,7 @@ CUSE has been written by Tejun Heo <teheo@suse.de>. Furthermore, the following people have contributed patches (autogenerated list): admorgan <admorgan@morgancomputers.net> +Alexander <aleksandr.rvachev@eltex-co.ru> Alex Richman <alex@richman.io> amosonn <amosonn@gmail.com> Anatol Pomozov <anatol.pomozov@gmail.com> @@ -54,6 +55,7 @@ Hendrik Brueckner <brueckner@linux.vnet.ibm.com> Ikey Doherty <michael.i.doherty@intel.com> itsdeepak <deepak.sn@samsung.com> Jan Blumschein <jan@jan-blumschein.de> +Jann Horn <jannh@google.com> Jay Hankins <jay-hankins@users.noreply.github.com> Joachim Schiele <joachim.schiele@daimler.com> Joachim Schiele <js@lastlog.de> @@ -84,6 +86,8 @@ Reuben Hawkins <reubenhwk@gmail.com> Richard W.M. Jones <rjones@redhat.com> Riku Voipio <riku.voipio@linaro.org> Roland Bauerschmidt <rb@debian.org> +Rostislav <rostislav@users.noreply.github.com> +Rostislav Skudnov <rostislav@tuxera.com> Sam Stuewe <halosghost@archlinux.info> Sangwoo Moon <swmoon00@gmail.com> Sebastian Pipping <sebastian@pipping.org> diff --git a/ChangeLog.rst b/ChangeLog.rst index 10ab5ad..f5d24ca 100644 --- a/ChangeLog.rst +++ b/ChangeLog.rst @@ -1,6 +1,11 @@ -Unreleased Changes -================== +libfuse 3.2.5 (2018-07-24) +========================== +* SECURITY UPDATE: In previous versions of libfuse it was possible to + for unprivileged users to specify the `allow_other` option even when + this was forbidden in `/etc/fuse.conf`. The vulnerability is + present only on systems where SELinux is active (including in + permissive mode). * The fusermount binary has been hardened in several ways to reduce potential attack surface. Most importantly, mountpoints and mount options must now match a hard-coded whitelist. It is expected that diff --git a/meson.build b/meson.build index 71fe59a..0f9ef18 100644 --- a/meson.build +++ b/meson.build @@ -1,4 +1,4 @@ -project('libfuse3', 'c', version: '3.2.4', +project('libfuse3', 'c', version: '3.2.5', meson_version: '>= 0.38', default_options: [ 'buildtype=debugoptimized' ]) |