lp://staging/ubuntu/lucid-updates/fuse

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

45. By Marc Deslauriers on 2011-02-11

* SECURITY UPDATE: arbitrary unprivileged unmount
  - debian/patches/CVE-2011-0541.dpatch: don't follow symlinks when
    unmounting in case of a failed mtab update in util/fusermount.c.
  - debian/patches/CVE-2011-0542.dpatch: chdir to / before performing
    mount/umount in util/fusermount.c.
  - debian/patches/CVE-2011-0543.dpatch: remove legacy util-linux
    support so symlinks don't get followed upon fallback in
    lib/mount_util.c, util/fusermount.c.
  - CVE-2011-0541
  - CVE-2011-0542
  - CVE-2011-0543

44. By Barry Warsaw on 2011-01-24

debian/fuse-utils.postinst:
Respect local modifications to /etc/fuse.conf by not changing the
ownership or mode of /etc/fuse.conf in the postinst file unless we're
also adding the fuse group for the first time. (LP: #697792)

43. By Marc Deslauriers on 2010-12-09

* SECURITY UPDATE: arbitrary unprivileged unmount (LP: #670622)
  - debian/patches/CVE-2010-3879.dpatch: backported numerous fuse fixes
    from git tree to fix security issues.
    - Use "--no-canonicalize' option of mount(8)
    - Fix race if two "fusermount -u" instances are run in parallel
    - Make sure the path to be unmounted doesn't refer to a symlink
    - Use umount --fake to update /etc/mtab
  - debian/patches/200-fix_mount_symlink_handling: removed, changes are
    in the new patch.
  - debian/control: make libfuse2 depend on version of mount that
    contains backported --fake support.
  - This package does not contain the changes from the 2.8.1-1.1ubuntu2.1
    fuse package in -proposed.
  - CVE-2010-3879

42. By Colin Watson on 2010-11-09

Use 'mount --no-canonicalize' to avoid deadlocks if audit is enabled in
the kernel; also fix race if two 'fusermount -u' processes are run in
parallel (fixes by Miklos Szeredi, backported from upstream;
LP: #634554).

41. By Kees Cook on 2010-01-25

* SECURITY UPDATE: local attacker can trick fuse into unmounting a
  filesystem from the wrong location.
  - debian/patches/200-fix_mount_symlink_handling: upstream
    fixes.
  - CVE-2009-3297

40. By Michael Bienia on 2010-01-13

* Merge with Debian testing (lp: #506958). Remaining changes:
  - debian/control: Add Breaks to ensure right version of udev is used.
  - Use udev rules instead of init script:
    + Add debian/45-fuse.rules: Put /dev/fuse into group fuse.
    + debian/fuse-utils.postinst: Try to load the fuse module only if it's
      still a module, remove it from /etc/modules/ anyway.
    + debian/rules, debian/fuse-utils.install: Don't install the init
      script; install the udev rule.
  - initramfs support, for booting from ntfs-3g in wubi:
    + debian/fuse-utils.initramfs-hook: Copy /sbin/mount.fuse and the fuse
      kernel module into the initramfs. Use manual_add_modules not
      force_load; fuse will be loaded automatically if necessary (it's a
      built-in in Ubuntu anyway)
    + debian/rules: Install above file into fuse-utils.
    + debian/fuse-utils.postinst: Call update-initramfs.
    + (Forwarded to Debian #505691)
  - Create libfuse2-udeb and fuse-utils-udeb. (Forwarded to Debian #505697)
  - debian/fuse-utils.install: Install ulockmgr_server.
  - debian/{rules,libfuse2.install,fuse-utils.lintian}: Move fusermount and
    ulockmgr_server to /bin and associated libraries to /lib. This allows
    mounting ntfs filesystems in /etc/fstab. (Debian #452412)
  - debian/{rules,fuse-utils.postinst}: Install fusermount with 4755
    permissions (remaining change from "Dynamic foreground user access").
  - debian/fuse-utils.postinst:
    + Don't fail if udev is running and /dev/fuse does not exist.
      (Forwarded to Debian #505685)
  - debian/fuse-utils.preinst:
    + Remove the module configuration file on upgrade if unmodified.
    + Remove old rules file if unchanged

39. By Scott James Remnant (Canonical) on 2009-12-18

* debian/fuse-utils.initramfs-hook:
  - use manual_add_modules not force_load; fuse will be loaded automatically
    if necessary (it's a built-in in Ubuntu anyway)

38. By Michael Vogt on 2009-10-28

* debian/fuse-utils.postinst:
  - do not fail if udev can not be reloaded (LP: #444979)

37. By Scott James Remnant (Canonical) on 2009-03-05

* debian/fuse-utils.modprobe: Drop, we'll build this module into the kernel
  and do this with the other kernel filesystems
* debian/fuse-utils.preinst: Remove on upgrade if unmodified
* debian/rules: Update
* debian/fuse-utils.install: Update
* debian/fuse-utils-udeb.install: Update
* debian/fuse-utils.postinst: Only try to load if it's still a module,
  remove from /etc/modules anyway

36. By Oliver Grawert on 2009-01-14

drop makedev from dependencies, we never used it anyway