aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Nikolaus Rath <Nikolaus@rath.org>2018-07-24 07:45:33 +0100
committerGravatar Nikolaus Rath <Nikolaus@rath.org>2018-07-24 07:45:33 +0100
commit932f4190e2b65419cef9960e27a7f94fcab9c816 (patch)
treedc7cda040693677e45e9836803d4e49c909591ca
parent237147e6e09bec52145e9a25a46aff36ac4459da (diff)
Released 3.2.5
-rw-r--r--AUTHORS4
-rw-r--r--ChangeLog.rst9
-rw-r--r--meson.build2
3 files changed, 12 insertions, 3 deletions
diff --git a/AUTHORS b/AUTHORS
index 5497251..dc8ea4d 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -17,6 +17,7 @@ CUSE has been written by Tejun Heo <teheo@suse.de>. Furthermore, the
following people have contributed patches (autogenerated list):
admorgan <admorgan@morgancomputers.net>
+Alexander <aleksandr.rvachev@eltex-co.ru>
Alex Richman <alex@richman.io>
amosonn <amosonn@gmail.com>
Anatol Pomozov <anatol.pomozov@gmail.com>
@@ -54,6 +55,7 @@ Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
Ikey Doherty <michael.i.doherty@intel.com>
itsdeepak <deepak.sn@samsung.com>
Jan Blumschein <jan@jan-blumschein.de>
+Jann Horn <jannh@google.com>
Jay Hankins <jay-hankins@users.noreply.github.com>
Joachim Schiele <joachim.schiele@daimler.com>
Joachim Schiele <js@lastlog.de>
@@ -84,6 +86,8 @@ Reuben Hawkins <reubenhwk@gmail.com>
Richard W.M. Jones <rjones@redhat.com>
Riku Voipio <riku.voipio@linaro.org>
Roland Bauerschmidt <rb@debian.org>
+Rostislav <rostislav@users.noreply.github.com>
+Rostislav Skudnov <rostislav@tuxera.com>
Sam Stuewe <halosghost@archlinux.info>
Sangwoo Moon <swmoon00@gmail.com>
Sebastian Pipping <sebastian@pipping.org>
diff --git a/ChangeLog.rst b/ChangeLog.rst
index 10ab5ad..f5d24ca 100644
--- a/ChangeLog.rst
+++ b/ChangeLog.rst
@@ -1,6 +1,11 @@
-Unreleased Changes
-==================
+libfuse 3.2.5 (2018-07-24)
+==========================
+* SECURITY UPDATE: In previous versions of libfuse it was possible to
+ for unprivileged users to specify the `allow_other` option even when
+ this was forbidden in `/etc/fuse.conf`. The vulnerability is
+ present only on systems where SELinux is active (including in
+ permissive mode).
* The fusermount binary has been hardened in several ways to reduce
potential attack surface. Most importantly, mountpoints and mount
options must now match a hard-coded whitelist. It is expected that
diff --git a/meson.build b/meson.build
index 71fe59a..0f9ef18 100644
--- a/meson.build
+++ b/meson.build
@@ -1,4 +1,4 @@
-project('libfuse3', 'c', version: '3.2.4',
+project('libfuse3', 'c', version: '3.2.5',
meson_version: '>= 0.38',
default_options: [ 'buildtype=debugoptimized' ])