lp:ubuntu/hardy-security/fuse
- Get this branch:
- bzr branch lp:ubuntu/hardy-security/fuse
Branch merges
Branch information
Recent revisions
- 34. By Marc Deslauriers
-
* SECURITY UPDATE: arbitrary unprivileged unmount
- debian/patches/ CVE-2011- 0541.dpatch: don't follow symlinks when
unmounting in case of a failed mtab update in util/fusermount.c.
- debian/patches/ CVE-2011- 0542.dpatch: chdir to / before performing
mount/umount in util/fusermount.c.
- debian/patches/ CVE-2011- 0543.dpatch: remove legacy util-linux
support so symlinks don't get followed upon fallback in
lib/mount_util. c, util/fusermount.c.
- CVE-2011-0541
- CVE-2011-0542
- CVE-2011-0543 - 33. By Marc Deslauriers
-
* SECURITY UPDATE: arbitrary unprivileged unmount (LP: #670622)
- debian/patches/ CVE-2010- 3879.dpatch: backported numerous fuse fixes
from git tree to fix security issues.
- Block SIGCHLD when executing mount and umount
- Use "--no-canonicalize' option of mount(8)
- Fix race if two "fusermount -u" instances are run in parallel
- Make sure the path to be unmounted doesn't refer to a symlink
- Use umount --fake to update /etc/mtab
- debian/patches/ 200-fix_ mount_symlink_ handling: removed, changes are
in the new patch.
- debian/control: make libfuse2 depend on version of mount that
contains backported --fake support.
- CVE-2010-3879 - 32. By Kees Cook
-
* SECURITY UPDATE: local attacker can trick fuse into unmounting a
filesystem from the wrong location.
- debian/patches/ 200-fix_ mount_symlink_ handling: backported upstream
fixes.
- CVE-2009-3297 - 31. By Oliver Grawert
-
* add update-notifier message about required fuse group membership
* use /bin/sh in fuse-utils.postinst instead of /bin/bash - 30. By Colin Watson
-
* Resynchronise with Debian. Remaining changes:
- Don't install the init script; install the udev rule and the module
configuration file instead.
- debian/45-fuse. rules: set /dev/fuse group to fuse.
- debian/fuse-utils. modprobe: module configuration file that mounts the
control filesystem when fuse is loaded and unmounts it when fuse is
unloaded, along with checking that the control FS is mounting before
unmounting it.
- debian/fuse-utils. install: add the udev rule, the module configuration
file, and ulockmgr_server.
- Load fuse on install, and set it so it gets loaded on reboot.
- Move fusermount and ulockmgr_server to /bin and associated libraries
to /lib.
- Create libfuse2-udeb and fuse-utils-udeb.
- Copy /sbin/mount.fuse and the fuse kernel module into the initramfs. - 29. By Colin Watson
-
* Resynchronise with Debian. Remaining changes:
- Don't install the init script; install the udev rule and the module
configuration file instead.
- debian/45-fuse. rules: set /dev/fuse group to fuse.
- debian/fuse-utils. modprobe: module configuration file that mounts the
control filesystem when fuse is loaded and unmounts it when fuse is
unloaded, along with checking that the control FS is mounting before
unmounting it.
- debian/fuse-utils. install: add the udev rule, the module configuration
file, and ulockmgr_server.
- Load fuse on install, and set it so it gets loaded on reboot.
- Move fusermount and ulockmgr_server to /bin and associated libraries
to /lib.
- Create libfuse2-udeb and fuse-utils-udeb.
- Copy /sbin/mount.fuse and the fuse kernel module into the initramfs. - 28. By Colin Watson
-
* Resynchronise with Debian. Remaining changes:
- Don't install the init script; install the udev rule and the module
configuration file instead.
- debian/45-fuse. rules: set /dev/fuse group to fuse.
- debian/fuse-utils. modprobe: module configuration file that mounts the
control filesystem when fuse is loaded and unmounts it when fuse is
unloaded, along with checking that the control FS is mounting before
unmounting it.
- debian/fuse-utils. install: add the udev rule, the module configuration
file, and ulockmgr_server.
- Load fuse on install, and set it so it gets loaded on reboot.
- Move fusermount and ulockmgr_server to /bin and associated libraries
to /lib.
- Create libfuse2-udeb and fuse-utils-udeb.
- Copy /sbin/mount.fuse and the fuse kernel module into the initramfs.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)