aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--gnu-system.am1
-rw-r--r--gnu/packages/linux.scm13
-rw-r--r--gnu/packages/patches/fuse-CVE-2015-3202.patch65
3 files changed, 8 insertions, 71 deletions
diff --git a/gnu-system.am b/gnu-system.am
index e1874fa6c1..78669bd0d3 100644
--- a/gnu-system.am
+++ b/gnu-system.am
@@ -467,7 +467,6 @@ dist_patch_DATA = \
gnu/packages/patches/flint-ldconfig.patch \
gnu/packages/patches/fltk-shared-lib-defines.patch \
gnu/packages/patches/freeimage-CVE-2015-0852.patch \
- gnu/packages/patches/fuse-CVE-2015-3202.patch \
gnu/packages/patches/gawk-shell.patch \
gnu/packages/patches/gcc-arm-link-spec-fix.patch \
gnu/packages/patches/gcc-cross-environment-variables.patch \
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 1fc3c4e45f..fcae17b609 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -1242,15 +1242,18 @@ processes currently causing I/O.")
(define-public fuse
(package
(name "fuse")
- (version "2.9.3")
+ (version "2.9.4")
(source (origin
(method url-fetch)
- (uri (string-append "mirror://sourceforge/fuse/fuse-"
- version ".tar.gz"))
+ (uri (let ((version-with-underscores
+ (string-join (string-split version #\.) "_")))
+ (string-append
+ "https://github.com/libfuse/libfuse/"
+ "releases/download/" version-with-underscores
+ "/fuse-" version ".tar.gz")))
(sha256
(base32
- "071r6xjgssy8vwdn6m28qq1bqxsd2bphcd2mzhq0grf5ybm87sqb"))
- (patches (list (search-patch "fuse-CVE-2015-3202.patch")))))
+ "1qbwp63a2bp0bchabkwiyzszi9x5krlk2pwk2is6g35gyszw1sbb"))))
(build-system gnu-build-system)
(inputs `(("util-linux" ,util-linux)))
(arguments
diff --git a/gnu/packages/patches/fuse-CVE-2015-3202.patch b/gnu/packages/patches/fuse-CVE-2015-3202.patch
deleted file mode 100644
index 7c64de7683..0000000000
--- a/gnu/packages/patches/fuse-CVE-2015-3202.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-The following patch was copied from Debian.
-
-Description: Fix CVE-2015-3202
- Missing scrubbing of the environment before executing a mount or umount
- of a filesystem.
-Origin: upstream
-Author: Miklos Szeredi <miklos@szeredi.hu>
-Last-Update: 2015-05-19
-
----
- lib/mount_util.c | 23 +++++++++++++++++------
- 1 file changed, 17 insertions(+), 6 deletions(-)
-
---- a/lib/mount_util.c
-+++ b/lib/mount_util.c
-@@ -95,10 +95,12 @@ static int add_mount(const char *prognam
- goto out_restore;
- }
- if (res == 0) {
-+ char *env = NULL;
-+
- sigprocmask(SIG_SETMASK, &oldmask, NULL);
- setuid(geteuid());
-- execl("/bin/mount", "/bin/mount", "--no-canonicalize", "-i",
-- "-f", "-t", type, "-o", opts, fsname, mnt, NULL);
-+ execle("/bin/mount", "/bin/mount", "--no-canonicalize", "-i",
-+ "-f", "-t", type, "-o", opts, fsname, mnt, NULL, &env);
- fprintf(stderr, "%s: failed to execute /bin/mount: %s\n",
- progname, strerror(errno));
- exit(1);
-@@ -146,10 +148,17 @@ static int exec_umount(const char *progn
- goto out_restore;
- }
- if (res == 0) {
-+ char *env = NULL;
-+
- sigprocmask(SIG_SETMASK, &oldmask, NULL);
- setuid(geteuid());
-- execl("/bin/umount", "/bin/umount", "-i", rel_mnt,
-- lazy ? "-l" : NULL, NULL);
-+ if (lazy) {
-+ execle("/bin/umount", "/bin/umount", "-i", rel_mnt,
-+ "-l", NULL, &env);
-+ } else {
-+ execle("/bin/umount", "/bin/umount", "-i", rel_mnt,
-+ NULL, &env);
-+ }
- fprintf(stderr, "%s: failed to execute /bin/umount: %s\n",
- progname, strerror(errno));
- exit(1);
-@@ -205,10 +214,12 @@ static int remove_mount(const char *prog
- goto out_restore;
- }
- if (res == 0) {
-+ char *env = NULL;
-+
- sigprocmask(SIG_SETMASK, &oldmask, NULL);
- setuid(geteuid());
-- execl("/bin/umount", "/bin/umount", "--no-canonicalize", "-i",
-- "--fake", mnt, NULL);
-+ execle("/bin/umount", "/bin/umount", "--no-canonicalize", "-i",
-+ "--fake", mnt, NULL, &env);
- fprintf(stderr, "%s: failed to execute /bin/umount: %s\n",
- progname, strerror(errno));
- exit(1);