diff options
-rw-r--r-- | gnu-system.am | 1 | ||||
-rw-r--r-- | gnu/packages/linux.scm | 13 | ||||
-rw-r--r-- | gnu/packages/patches/fuse-CVE-2015-3202.patch | 65 |
3 files changed, 8 insertions, 71 deletions
diff --git a/gnu-system.am b/gnu-system.am index e1874fa6c1..78669bd0d3 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -467,7 +467,6 @@ dist_patch_DATA = \ gnu/packages/patches/flint-ldconfig.patch \ gnu/packages/patches/fltk-shared-lib-defines.patch \ gnu/packages/patches/freeimage-CVE-2015-0852.patch \ - gnu/packages/patches/fuse-CVE-2015-3202.patch \ gnu/packages/patches/gawk-shell.patch \ gnu/packages/patches/gcc-arm-link-spec-fix.patch \ gnu/packages/patches/gcc-cross-environment-variables.patch \ diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 1fc3c4e45f..fcae17b609 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -1242,15 +1242,18 @@ processes currently causing I/O.") (define-public fuse (package (name "fuse") - (version "2.9.3") + (version "2.9.4") (source (origin (method url-fetch) - (uri (string-append "mirror://sourceforge/fuse/fuse-" - version ".tar.gz")) + (uri (let ((version-with-underscores + (string-join (string-split version #\.) "_"))) + (string-append + "https://github.com/libfuse/libfuse/" + "releases/download/" version-with-underscores + "/fuse-" version ".tar.gz"))) (sha256 (base32 - "071r6xjgssy8vwdn6m28qq1bqxsd2bphcd2mzhq0grf5ybm87sqb")) - (patches (list (search-patch "fuse-CVE-2015-3202.patch"))))) + "1qbwp63a2bp0bchabkwiyzszi9x5krlk2pwk2is6g35gyszw1sbb")))) (build-system gnu-build-system) (inputs `(("util-linux" ,util-linux))) (arguments diff --git a/gnu/packages/patches/fuse-CVE-2015-3202.patch b/gnu/packages/patches/fuse-CVE-2015-3202.patch deleted file mode 100644 index 7c64de7683..0000000000 --- a/gnu/packages/patches/fuse-CVE-2015-3202.patch +++ /dev/null @@ -1,65 +0,0 @@ -The following patch was copied from Debian. - -Description: Fix CVE-2015-3202 - Missing scrubbing of the environment before executing a mount or umount - of a filesystem. -Origin: upstream -Author: Miklos Szeredi <miklos@szeredi.hu> -Last-Update: 2015-05-19 - ---- - lib/mount_util.c | 23 +++++++++++++++++------ - 1 file changed, 17 insertions(+), 6 deletions(-) - ---- a/lib/mount_util.c -+++ b/lib/mount_util.c -@@ -95,10 +95,12 @@ static int add_mount(const char *prognam - goto out_restore; - } - if (res == 0) { -+ char *env = NULL; -+ - sigprocmask(SIG_SETMASK, &oldmask, NULL); - setuid(geteuid()); -- execl("/bin/mount", "/bin/mount", "--no-canonicalize", "-i", -- "-f", "-t", type, "-o", opts, fsname, mnt, NULL); -+ execle("/bin/mount", "/bin/mount", "--no-canonicalize", "-i", -+ "-f", "-t", type, "-o", opts, fsname, mnt, NULL, &env); - fprintf(stderr, "%s: failed to execute /bin/mount: %s\n", - progname, strerror(errno)); - exit(1); -@@ -146,10 +148,17 @@ static int exec_umount(const char *progn - goto out_restore; - } - if (res == 0) { -+ char *env = NULL; -+ - sigprocmask(SIG_SETMASK, &oldmask, NULL); - setuid(geteuid()); -- execl("/bin/umount", "/bin/umount", "-i", rel_mnt, -- lazy ? "-l" : NULL, NULL); -+ if (lazy) { -+ execle("/bin/umount", "/bin/umount", "-i", rel_mnt, -+ "-l", NULL, &env); -+ } else { -+ execle("/bin/umount", "/bin/umount", "-i", rel_mnt, -+ NULL, &env); -+ } - fprintf(stderr, "%s: failed to execute /bin/umount: %s\n", - progname, strerror(errno)); - exit(1); -@@ -205,10 +214,12 @@ static int remove_mount(const char *prog - goto out_restore; - } - if (res == 0) { -+ char *env = NULL; -+ - sigprocmask(SIG_SETMASK, &oldmask, NULL); - setuid(geteuid()); -- execl("/bin/umount", "/bin/umount", "--no-canonicalize", "-i", -- "--fake", mnt, NULL); -+ execle("/bin/umount", "/bin/umount", "--no-canonicalize", "-i", -+ "--fake", mnt, NULL, &env); - fprintf(stderr, "%s: failed to execute /bin/umount: %s\n", - progname, strerror(errno)); - exit(1); |