Ubuntu
fuse package

lp:ubuntu/lucid-security/fuse

  1. Lucid (10.04)
  2. lucid-security
Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/lucid-security/fuse
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

43. By Marc Deslauriers

* SECURITY UPDATE: arbitrary unprivileged unmount
  - debian/patches/CVE-2011-0541.dpatch: don't follow symlinks when
    unmounting in case of a failed mtab update in util/fusermount.c.
  - debian/patches/CVE-2011-0542.dpatch: chdir to / before performing
    mount/umount in util/fusermount.c.
  - debian/patches/CVE-2011-0543.dpatch: remove legacy util-linux
    support so symlinks don't get followed upon fallback in
    lib/mount_util.c, util/fusermount.c.
  - CVE-2011-0541
  - CVE-2011-0542
  - CVE-2011-0543

42. By Marc Deslauriers

* SECURITY UPDATE: arbitrary unprivileged unmount (LP: #670622)
  - debian/patches/CVE-2010-3879.dpatch: backported numerous fuse fixes
    from git tree to fix security issues.
    - Use "--no-canonicalize' option of mount(8)
    - Fix race if two "fusermount -u" instances are run in parallel
    - Make sure the path to be unmounted doesn't refer to a symlink
    - Use umount --fake to update /etc/mtab
  - debian/patches/200-fix_mount_symlink_handling: removed, changes are
    in the new patch.
  - debian/control: make libfuse2 depend on version of mount that
    contains backported --fake support.
  - This package does not contain the changes from the 2.8.1-1.1ubuntu2.1
    fuse package in -proposed.
  - CVE-2010-3879

41. By Kees Cook

* SECURITY UPDATE: local attacker can trick fuse into unmounting a
  filesystem from the wrong location.
  - debian/patches/200-fix_mount_symlink_handling: upstream
    fixes.
  - CVE-2009-3297

40. By Michael Bienia

* Merge with Debian testing (lp: #506958). Remaining changes:
  - debian/control: Add Breaks to ensure right version of udev is used.
  - Use udev rules instead of init script:
    + Add debian/45-fuse.rules: Put /dev/fuse into group fuse.
    + debian/fuse-utils.postinst: Try to load the fuse module only if it's
      still a module, remove it from /etc/modules/ anyway.
    + debian/rules, debian/fuse-utils.install: Don't install the init
      script; install the udev rule.
  - initramfs support, for booting from ntfs-3g in wubi:
    + debian/fuse-utils.initramfs-hook: Copy /sbin/mount.fuse and the fuse
      kernel module into the initramfs. Use manual_add_modules not
      force_load; fuse will be loaded automatically if necessary (it's a
      built-in in Ubuntu anyway)
    + debian/rules: Install above file into fuse-utils.
    + debian/fuse-utils.postinst: Call update-initramfs.
    + (Forwarded to Debian #505691)
  - Create libfuse2-udeb and fuse-utils-udeb. (Forwarded to Debian #505697)
  - debian/fuse-utils.install: Install ulockmgr_server.
  - debian/{rules,libfuse2.install,fuse-utils.lintian}: Move fusermount and
    ulockmgr_server to /bin and associated libraries to /lib. This allows
    mounting ntfs filesystems in /etc/fstab. (Debian #452412)
  - debian/{rules,fuse-utils.postinst}: Install fusermount with 4755
    permissions (remaining change from "Dynamic foreground user access").
  - debian/fuse-utils.postinst:
    + Don't fail if udev is running and /dev/fuse does not exist.
      (Forwarded to Debian #505685)
  - debian/fuse-utils.preinst:
    + Remove the module configuration file on upgrade if unmodified.
    + Remove old rules file if unchanged

39. By Scott James Remnant (Canonical)

* debian/fuse-utils.initramfs-hook:
  - use manual_add_modules not force_load; fuse will be loaded automatically
    if necessary (it's a built-in in Ubuntu anyway)

38. By Michael Vogt

* debian/fuse-utils.postinst:
  - do not fail if udev can not be reloaded (LP: #444979)

37. By Scott James Remnant (Canonical)

* debian/fuse-utils.modprobe: Drop, we'll build this module into the kernel
  and do this with the other kernel filesystems
* debian/fuse-utils.preinst: Remove on upgrade if unmodified
* debian/rules: Update
* debian/fuse-utils.install: Update
* debian/fuse-utils-udeb.install: Update
* debian/fuse-utils.postinst: Only try to load if it's still a module,
  remove from /etc/modules anyway

36. By Oliver Grawert

drop makedev from dependencies, we never used it anyway

35. By Scott James Remnant (Canonical)

* debian/rules: Install udev rules into /lib/udev/rules.d
* debian/fuse-utils.install: Update path
* debian/fuse-utils.preinst: Remove old rules file if unchanged.
* debian/control: Add Breaks to ensure right version of udev is used.

34. By Martin Pitt

* Merge with Debian unstable. Remaining Ubuntu changes:
  - Use udev rules instead of init script:
    + Add debian/45-fuse.rules: Put /dev/fuse into group fuse.
    + Add debian/fuse-utils.modprobe: Mount/Umount fusectl fs on module
      loading/unloading.
    + debian/fuse-utils.postinst: Load fuse module and add it to
      /etc/modules, so that it is loaded at boot time.
    + debian/rules, debian/fuse-utils.install: Don't install the init
      script; install the udev rule and the module configuration file instead.
    + (Not forwarded to Debian; lots of effort for a questionably small boot
      speed improvement, and will be obsolete with proper upstart scripts.)
  - debian/fuse-utils.install: Install ulockmgr_server.
  - debian/fuse-utils.postinst: Don't fail if udev is running and /dev/fuse
    does not exist. (Forwarded to Debian #505685)
  - debian/{rules,libfuse2.install,fuse-utils.lintian}: Move fusermount and
    ulockmgr_server to /bin and associated libraries to /lib. This allows
    mounting ntfs filesystems in /etc/fstab. (Debian #452412)
  - Create libfuse2-udeb and fuse-utils-udeb. (Forwarded to Debian #505697)
  - initramfs support, for booting from ntfs-3g in wubi:
    + debian/fuse-utils.initramfs-hook: Copy /sbin/mount.fuse and the fuse
      kernel module into the initramfs.
    + debian/rules: Install above file into fuse-utils.
    + debian/fuse-utils.postinst: Call update-initramfs.
    + (Forwarded to Debian #505691)
  - Dynamic foreground user access: (Ubuntu specific until Debian uses
    ACL-enabled hal)
    + debian/fuse-utils.postinst: Keep /bin/fusermount as world executable.
      It already bails out correctly if the user does not have access to
      /dev/fuse; no reason to control access to it in two different places,
      and the permissions of the binary can't be changed in a flexible way.
    + Add debian/10-fuse-permissions.fdi: Enable hal's dynamic ACL
      management for /dev/fuse, so that local foreground consoles will have
      access to it.
    + debian/fuse-utils.install: Install FDI.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/natty/fuse
This branch contains Public information 
Everyone can see this information.

Subscribers