mirror of
https://github.com/godotengine/buildroot.git
synced 2026-01-06 18:09:44 +03:00
7a114a0aa6
Fix CVE-2020-14342: It was found that cifs-utils' mount.cifs was
invoking a shell when requesting the Samba password, which could be used
to inject arbitrary commands. An attacker able to invoke mount.cifs with
special permission, such as via sudo rules, could use this flaw to
escalate their privileges.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ce0e86b293)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
34 lines
1023 B
Makefile
34 lines
1023 B
Makefile
################################################################################
|
|
#
|
|
# cifs-utils
|
|
#
|
|
################################################################################
|
|
|
|
CIFS_UTILS_VERSION = 6.11
|
|
CIFS_UTILS_SOURCE = cifs-utils-$(CIFS_UTILS_VERSION).tar.bz2
|
|
CIFS_UTILS_SITE = http://ftp.samba.org/pub/linux-cifs/cifs-utils
|
|
CIFS_UTILS_LICENSE = GPL-3.0+
|
|
CIFS_UTILS_LICENSE_FILES = COPYING
|
|
# Missing install-sh in release tarball and patching Makefile.am
|
|
CIFS_UTILS_AUTORECONF = YES
|
|
CIFS_UTILS_DEPENDENCIES = host-pkgconf
|
|
|
|
# Let's disable PIE unconditionally. We want PIE to be enabled only by
|
|
# the global BR2_RELRO_FULL option.
|
|
CIFS_UTILS_CONF_OPTS = --disable-pie --disable-man
|
|
|
|
# uses C11 code in smbinfo.c and mtab.c
|
|
CIFS_UTILS_CONF_ENV += CFLAGS="$(TARGET_CFLAGS) -std=gnu11"
|
|
|
|
ifeq ($(BR2_PACKAGE_KEYUTILS),y)
|
|
CIFS_UTILS_DEPENDENCIES += keyutils
|
|
endif
|
|
|
|
define CIFS_UTILS_NO_WERROR
|
|
$(SED) 's/-Werror//' $(@D)/Makefile.in
|
|
endef
|
|
|
|
CIFS_UTILS_POST_PATCH_HOOKS += CIFS_UTILS_NO_WERROR
|
|
|
|
$(eval $(autotools-package))
|