lp:ubuntu/karmic-security/fuse
- Get this branch:
- bzr branch lp:ubuntu/karmic-security/fuse
Branch merges
Related source package recipes
Branch information
Recent revisions
- 40. By Marc Deslauriers
-
* SECURITY UPDATE: arbitrary unprivileged unmount
- debian/patches/ CVE-2011- 0541.dpatch: don't follow symlinks when
unmounting in case of a failed mtab update in util/fusermount.c.
- debian/patches/ CVE-2011- 0542.dpatch: chdir to / before performing
mount/umount in util/fusermount.c.
- debian/patches/ CVE-2011- 0543.dpatch: remove legacy util-linux
support so symlinks don't get followed upon fallback in
lib/mount_util. c, util/fusermount.c.
- CVE-2011-0541
- CVE-2011-0542
- CVE-2011-0543 - 39. By Marc Deslauriers
-
* SECURITY UPDATE: arbitrary unprivileged unmount (LP: #670622)
- debian/patches/ CVE-2010- 3879.dpatch: backported numerous fuse fixes
from git tree to fix security issues.
- Block SIGCHLD when executing mount and umount
- Use "--no-canonicalize' option of mount(8)
- Fix race if two "fusermount -u" instances are run in parallel
- Make sure the path to be unmounted doesn't refer to a symlink
- Use umount --fake to update /etc/mtab
- debian/patches/ 200-fix_ mount_symlink_ handling: removed, changes are
in the new patch.
- debian/control: make libfuse2 depend on version of mount that
contains backported --fake support.
- CVE-2010-3879 - 38. By Kees Cook
-
* SECURITY UPDATE: local attacker can trick fuse into unmounting a
filesystem from the wrong location.
- debian/patches/ 200-fix_ mount_symlink_ handling: backported upstream
fixes.
- CVE-2009-3297 - 37. By Scott James Remnant (Canonical)
-
* debian/
fuse-utils. modprobe: Drop, we'll build this module into the kernel
and do this with the other kernel filesystems
* debian/fuse-utils. preinst: Remove on upgrade if unmodified
* debian/rules: Update
* debian/fuse-utils. install: Update
* debian/fuse-utils- udeb.install: Update
* debian/fuse-utils. postinst: Only try to load if it's still a module,
remove from /etc/modules anyway - 35. By Scott James Remnant (Canonical)
-
* debian/rules: Install udev rules into /lib/udev/rules.d
* debian/fuse-utils. install: Update path
* debian/fuse-utils. preinst: Remove old rules file if unchanged.
* debian/control: Add Breaks to ensure right version of udev is used. - 34. By Martin Pitt
-
* Merge with Debian unstable. Remaining Ubuntu changes:
- Use udev rules instead of init script:
+ Add debian/45-fuse. rules: Put /dev/fuse into group fuse.
+ Add debian/fuse-utils. modprobe: Mount/Umount fusectl fs on module
loading/unloading.
+ debian/fuse-utils. postinst: Load fuse module and add it to
/etc/modules, so that it is loaded at boot time.
+ debian/rules, debian/fuse-utils. install: Don't install the init
script; install the udev rule and the module configuration file instead.
+ (Not forwarded to Debian; lots of effort for a questionably small boot
speed improvement, and will be obsolete with proper upstart scripts.)
- debian/fuse-utils. install: Install ulockmgr_server.
- debian/fuse-utils. postinst: Don't fail if udev is running and /dev/fuse
does not exist. (Forwarded to Debian #505685)
- debian/{rules, libfuse2. install, fuse-utils. lintian} : Move fusermount and
ulockmgr_server to /bin and associated libraries to /lib. This allows
mounting ntfs filesystems in /etc/fstab. (Debian #452412)
- Create libfuse2-udeb and fuse-utils-udeb. (Forwarded to Debian #505697)
- initramfs support, for booting from ntfs-3g in wubi:
+ debian/fuse-utils. initramfs- hook: Copy /sbin/mount.fuse and the fuse
kernel module into the initramfs.
+ debian/rules: Install above file into fuse-utils.
+ debian/fuse-utils. postinst: Call update-initramfs.
+ (Forwarded to Debian #505691)
- Dynamic foreground user access: (Ubuntu specific until Debian uses
ACL-enabled hal)
+ debian/fuse-utils. postinst: Keep /bin/fusermount as world executable.
It already bails out correctly if the user does not have access to
/dev/fuse; no reason to control access to it in two different places,
and the permissions of the binary can't be changed in a flexible way.
+ Add debian/10-fuse- permissions. fdi: Enable hal's dynamic ACL
management for /dev/fuse, so that local foreground consoles will have
access to it.
+ debian/fuse-utils. install: Install FDI. - 33. By Martin Pitt
-
* debian/
fuse-utils. postinst: Install /bin/fusermount as world executable.
it already bails out correctly if the user does not have access to
/dev/fuse; no reason to control access to it in two different places (and
the permissions of the binary can't be changed in a flexible way).
* Add debian/10-fuse- permissions. fdi: Enable hal's dynamic ACL management
for /dev/fuse, so that local foreground consoles will have access to it.
Install it in debian/fuse-utils. install.
* Drop debian/fuse-utils- needs-users- added-to- fuse-group. update- notifier and
its installation in the postinst, it's not really relevant any more.
* See intrepid-device- permissions spec for details. - 32. By Oliver Grawert
-
* Merge from debian unstable, remaining changes:
- Don't install the init script; install the udev rule and the module
configuration file instead.
- debian/45-fuse. rules: set /dev/fuse group to fuse.
- debian/fuse-utils. modprobe: module configuration file that mounts the
control filesystem when fuse is loaded and unmounts it when fuse is
unloaded, along with checking that the control FS is mounting before
unmounting it.
- debian/fuse-utils. install: add the udev rule, the module configuration
file, and ulockmgr_server.
- Load fuse on install, and set it so it gets loaded on reboot.
- Move fusermount and ulockmgr_server to /bin and associated libraries
to /lib.
- Create libfuse2-udeb and fuse-utils-udeb.
- Copy /sbin/mount.fuse and the fuse kernel module into the initramfs. - 31. By Oliver Grawert
-
* add update-notifier message about required fuse group membership
* use /bin/sh in fuse-utils.postinst instead of /bin/bash
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/lucid/fuse
