Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
base: 7110d87d51cd
Choose a base ref
...
head repository: NixOS/nixpkgs
compare: ec1082c58fec
Choose a head ref
  • 2 commits
  • 1 file changed
  • 1 contributor

Commits on Jul 25, 2018

  1. fuse3: 3.2.4 -> 3.2.5 (security, CVE-2018-10906) 

    Upstream changelog:
- SECURITY UPDATE: In previous versions of libfuse it was possible to
  for unprivileged users to specify the allow_other option even when
  this was forbidden in /etc/fuse.conf. The vulnerability is present
  only on systems where SELinux is active (including in permissive
  mode).
- The fusermount binary has been hardened in several ways to reduce
  potential attack surface. Most importantly, mountpoints and mount
  options must now match a hard-coded whitelist. It is expected that
  this whitelist covers all regular use-cases.
- Added a test of seekdir to test_syscalls.
- Fixed readdir bug when non-zero offsets are given to filler and the
  filesystem client, after reading a whole directory, re-reads it from a
  non-zero offset e. g. by calling seekdir followed by readdir.
    @primeos
    primeos committed Jul 25, 2018
    Configuration menu
    Copy the full SHA
    46cd782 View commit details
    Browse the repository at this point in the history

  2. fuse: 2.9.7 -> 2.9.8 (security, CVE-2018-10906) 

    Upstream changelog:
- SECURITY UPDATE: In previous versions of libfuse it was possible to
  for unprivileged users to specify the allow_other option even when
  this was forbidden in /etc/fuse.conf. The vulnerability is present
  only on systems where SELinux is active (including in permissive
  mode).
- libfuse no longer segfaults when fuse_interrupted() is called outside
  the event loop.
- The fusermount binary has been hardened in several ways to reduce
  potential attack surface. Most importantly, mountpoints and mount
  options must now match a hard-coded whitelist. It is expected that
  this whitelist covers all regular use-cases.
- Fixed rename deadlock on FreeBSD.
    @primeos
    primeos committed Jul 25, 2018
    Configuration menu
    Copy the full SHA
    ec1082c View commit details
    Browse the repository at this point in the history