* [Buildroot] [PATCH 1/1] package/sshfs: security bump version to 3.7.6
@ 2026-05-31 13:43 Bernd Kuhls
2026-05-31 17:10 ` Thomas Petazzoni via buildroot
0 siblings, 1 reply; 2+ messages in thread
From: Bernd Kuhls @ 2026-05-31 13:43 UTC (permalink / raw)
To: buildroot
https://github.com/libfuse/sshfs/blob/sshfs-3.7.6/ChangeLog.rst
Fixes CVE-2026-47187 & CVE-2026-48711.
Switched to sha256 tarball hash provided by upstream.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
---
Gitlab pipelines passed:
https://gitlab.com/bkuhls/buildroot/-/commits/07cc0d4bd91ba47ee9e28949fc01a52a13d195ea
with the exception of an unrelated build error of the openssh package
with the bootlin-powerpc64le-power8-glibc defconfig.
package/sshfs/sshfs.hash | 5 +++--
package/sshfs/sshfs.mk | 2 +-
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/package/sshfs/sshfs.hash b/package/sshfs/sshfs.hash
index 9372e471c2..57698aeace 100644
--- a/package/sshfs/sshfs.hash
+++ b/package/sshfs/sshfs.hash
@@ -1,3 +1,4 @@
-# Locally calculated after checking pgp signature
-sha256 5218ce7bdd2ce0a34137a0d7798e0f6d09f0e6d21b1e98ee730a18b0699c2e99 sshfs-3.7.3.tar.xz
+# From https://github.com/libfuse/sshfs/releases/tag/sshfs-3.7.6
+sha256 6a1bcb31450a077e9cb1b7ff158c71de34db697c3c0da6cb362502131e495893 sshfs-3.7.6.tar.xz
+# Locally calculated
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
diff --git a/package/sshfs/sshfs.mk b/package/sshfs/sshfs.mk
index 61f11af55f..8557b98353 100644
--- a/package/sshfs/sshfs.mk
+++ b/package/sshfs/sshfs.mk
@@ -4,7 +4,7 @@
#
################################################################################
-SSHFS_VERSION = 3.7.3
+SSHFS_VERSION = 3.7.6
SSHFS_SOURCE = sshfs-$(SSHFS_VERSION).tar.xz
SSHFS_SITE = https://github.com/libfuse/sshfs/releases/download/sshfs-$(SSHFS_VERSION)
SSHFS_LICENSE = GPL-2.0
--
2.47.3
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/sshfs: security bump version to 3.7.6
2026-05-31 13:43 [Buildroot] [PATCH 1/1] package/sshfs: security bump version to 3.7.6 Bernd Kuhls
@ 2026-05-31 17:10 ` Thomas Petazzoni via buildroot
0 siblings, 0 replies; 2+ messages in thread
From: Thomas Petazzoni via buildroot @ 2026-05-31 17:10 UTC (permalink / raw)
To: Bernd Kuhls; +Cc: buildroot
On Sun, May 31, 2026 at 03:43:42PM +0200, Bernd Kuhls wrote:
> https://github.com/libfuse/sshfs/blob/sshfs-3.7.6/ChangeLog.rst
>
> Fixes CVE-2026-47187 & CVE-2026-48711.
>
> Switched to sha256 tarball hash provided by upstream.
>
> Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Applied to master, thanks!
Thomas
--
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-05-31 17:11 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-31 13:43 [Buildroot] [PATCH 1/1] package/sshfs: security bump version to 3.7.6 Bernd Kuhls
2026-05-31 17:10 ` Thomas Petazzoni via buildroot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox