Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
base: d3be52c83bf0
Choose a base ref
...
head repository: NixOS/nixpkgs
compare: ede8a2f1ac80
Choose a head ref
  • 7 commits
  • 3 files changed
  • 2 contributors

Commits on Oct 25, 2018

  1. fuse3: 3.2.1 -> 3.2.2 

    Stop using bin/mount.fuse from fuse3 for fuse2 (mount.fuse from fuse3
isn't guaranteed to remain backwards compatible).

(cherry picked from commit c00b5bf)
    @primeos
    primeos committed Oct 25, 2018
    Copy the full SHA
    c178111 View commit details
    Browse the repository at this point in the history

  2. fuse3: install fuse.conf without execute bit 

    (cherry picked from commit 085eab7)
    @7c6f434c @primeos
    7c6f434c authored and primeos committed Oct 25, 2018
    Copy the full SHA
    f486260 View commit details
    Browse the repository at this point in the history

  3. fuse3: 3.2.2 -> 3.2.3 

    (cherry picked from commit d3e3e13)
    @primeos
    primeos committed Oct 25, 2018
    Copy the full SHA
    ea1b61c View commit details
    Browse the repository at this point in the history

  4. fuse3: 3.2.3 -> 3.2.4 

    (cherry picked from commit fa6941f)
    @primeos
    primeos committed Oct 25, 2018
    Copy the full SHA
    289390b View commit details
    Browse the repository at this point in the history

  5. fuse3: 3.2.4 -> 3.2.5 (security, CVE-2018-10906) 

    Upstream changelog:
- SECURITY UPDATE: In previous versions of libfuse it was possible to
  for unprivileged users to specify the allow_other option even when
  this was forbidden in /etc/fuse.conf. The vulnerability is present
  only on systems where SELinux is active (including in permissive
  mode).
- The fusermount binary has been hardened in several ways to reduce
  potential attack surface. Most importantly, mountpoints and mount
  options must now match a hard-coded whitelist. It is expected that
  this whitelist covers all regular use-cases.
- Added a test of seekdir to test_syscalls.
- Fixed readdir bug when non-zero offsets are given to filler and the
  filesystem client, after reading a whole directory, re-reads it from a
  non-zero offset e. g. by calling seekdir followed by readdir.

(cherry picked from commit 46cd782)
    @primeos
    primeos committed Oct 25, 2018
    Copy the full SHA
    0e58950 View commit details
    Browse the repository at this point in the history

  6. fuse: 2.9.7 -> 2.9.8 (security, CVE-2018-10906) 

    Upstream changelog:
- SECURITY UPDATE: In previous versions of libfuse it was possible to
  for unprivileged users to specify the allow_other option even when
  this was forbidden in /etc/fuse.conf. The vulnerability is present
  only on systems where SELinux is active (including in permissive
  mode).
- libfuse no longer segfaults when fuse_interrupted() is called outside
  the event loop.
- The fusermount binary has been hardened in several ways to reduce
  potential attack surface. Most importantly, mountpoints and mount
  options must now match a hard-coded whitelist. It is expected that
  this whitelist covers all regular use-cases.
- Fixed rename deadlock on FreeBSD.

(cherry picked from commit ec1082c)
    @primeos
    primeos committed Oct 25, 2018
    Copy the full SHA
    228acdc View commit details
    Browse the repository at this point in the history

  7. Merge pull request #48757 from primeos/security-backports-for-18.03 

    [18.03] Security backport for fuse (CVE-2018-10906)
    @primeos
    primeos committed Oct 25, 2018
    Copy the full SHA
    ede8a2f View commit details
    Browse the repository at this point in the history