[Bug 1458397] Re: Merge fuse 2.9.3-16 (main) from Debian unstable (main)
Launchpad Bug Tracker
1458397 at bugs.launchpad.net
Fri May 29 11:20:29 UTC 2015
This bug was fixed in the package fuse - 2.9.3-16ubuntu1
---------------
fuse (2.9.3-16ubuntu1) wily; urgency=low
* Merge from Debian unstable. (LP: #1458397) Remaining changes:
- debian/fuse-udeb.install:
+ Install ulockmgr_server.
- debian/fuse.udev:
+ Don't install the udev rules; we require the fuse module to be
built-in, and mountall/systemd handle mounting /sys/fs/fuse/connections.
* Drop following change, no longer applicable:
- debian/fuse.postinst:
+ Only change the ownership or mode of /etc/fuse.conf
on initial installation.
- Drop the Ubuntu specific way of making fusermount suid root. Using
dpkg-statoverride for this works perfectly well and allows admins to
un-setuid it. [Martin Pitt]
fuse (2.9.3-16) unstable; urgency=high
* Sync with Ubuntu.
* Update Standards-Version to 3.9.6 .
[ Marc Deslauriers <marc.deslauriers at ubuntu.com> ]
* SECURITY UPDATE: privilege escalation via insecure environment
- debian/patches/CVE-2015-3202.patch: use execle to run external
helpers in lib/mount_util.c, util/mount_util.c.
- CVE-2015-3202 (closes: #786439).
fuse (2.9.3-15) unstable; urgency=low
* Use correct long option for udevadm in postinst (closes: #756582).
fuse (2.9.3-14) unstable; urgency=low
* New maintainer (closes: #756548).
* Add watch file.
fuse (2.9.3-13) unstable; urgency=low
* I don't care anymore, not worth it.. orphaning.
fuse (2.9.3-12) unstable; urgency=low
* Cherry-picking patch from upstream for arm64 (Closes: #752081).
fuse (2.9.3-11) unstable; urgency=low
* Improving fuse.postinst to handle device creation a bit better
(Closes: #743360).
fuse (2.9.3-10) unstable; urgency=low
* Conditionally only trigger udevadm only when /dev/fuse has already
been available (Closes: #745295).
fuse (2.9.3-9) unstable; urgency=low
* Loading fuse module in postinst to cover some edge cases where udev
reloading would fail (Closes: #743360).
fuse (2.9.3-8) unstable; urgency=low
* Building with dh --parallel.
fuse (2.9.3-7) experimental; urgency=low
* Adding patch from Fabrice Bauzac <fbauzac at amadeus.com> to use dlsym()
instead of relying on ld.so constructor functions to load modules
(Closes: #737143).
* Updating year in copyright for 2014.
fuse (2.9.3-6) experimental; urgency=low
* Adding explicit permissions to udev rule for device nodes.
fuse (2.9.3-5) experimental; urgency=low
* Updating to standards version 3.9.5.
* Building with dh-autoreconf (Closes: #732285).
* Dropping fuse group (Closes: #733312).
fuse (2.9.3-4) experimental; urgency=low
* Updating vcs fields.
fuse (2.9.3-3) experimental; urgency=low
* Simplyfing libfuse2 symbols by marking linux-only symbols as linux-
only rather than to ship two different sets for linux and kfreebsd,
thanks to Pino Toscano <pino at debian.org> (Closes: #717197).
fuse (2.9.3-2) experimental; urgency=low
* Adding vcs fields.
* Wrapping control fields.
* Adding lintian overrides.
fuse (2.9.3-1) experimental; urgency=low
* Merging upstream version 2.9.3.
* Updating year in copyright file.
fuse (2.9.2-9) experimental; urgency=low
* Updating kfreebsd symbols files again.
fuse (2.9.2-8) experimental; urgency=low
* Correcting fuse-dbg package description.
* Harmonizing dpkg-statoverride calls in postinst.
* Excluding package on hurd by explicitly listing linux-any and
kfreebsd-any, it doesn't build on hurd anyway.
* Adding kfreebsd specific symbols file for libfuse2.
fuse (2.9.2-7) experimental; urgency=low
* Creating an udev event rather than reloading udev (Closes: #679930).
* Only creating /dev/fuse with MAKEDEV if it doesn't already exist.
* Clarify manpage that fusermount is used for unmounting only these days
(Closes: #651556).
fuse (2.9.2-6) experimental; urgency=low
* Adding initial symbols file for libfuse, thanks to Pino Toscano
<pino at debian.org> (Closes: #559473).
fuse (2.9.2-5) experimental; urgency=low
* Including header files in examples (Closes: #626522).
* Prefixing patches with four digits in filenames.
* Trimming diff headers in patches.
-- Artur Rona <ari-tczew at ubuntu.com> Sun, 24 May 2015 22:59:58 +0200
** Changed in: fuse (Ubuntu)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-3202
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1458397
Title:
Merge fuse 2.9.3-16 (main) from Debian unstable (main)
Status in fuse package in Ubuntu:
Fix Released
Bug description:
Changes made in /debian/patches/* have been incorporated in Debian:
01-initscript.patch -> 0001-initscript.patch
03-examples.patch -> 0003-examples.patch
04-fix-arm64-int-sizes.patch -> 0006-arm64.patch
CVE-2015-3202.patch -> CVE-2015-3202.patch
04-fix-not-found.patch: dropped, no longer needed since 2.9.2-4ubuntu1
dh-autoreconf has been included in Debian, as well.
I'm not convinced only of changes made in debian/fuse.postinst. I
didn't modify it cause Debian doesn't handle /etc/fuse.conf anymore
since 2.9.2-8.
fuse (2.9.3-16) unstable; urgency=high
* Sync with Ubuntu.
* Update Standards-Version to 3.9.6 .
[ Marc Deslauriers <marc.deslauriers at ubuntu.com> ]
* SECURITY UPDATE: privilege escalation via insecure environment
- debian/patches/CVE-2015-3202.patch: use execle to run external
helpers in lib/mount_util.c, util/mount_util.c.
- CVE-2015-3202 (closes: #786439).
-- Laszlo Boszormenyi (GCS) <gcs at debian.org> Thu, 21 May 2015
17:22:33 +0000
fuse (2.9.3-15) unstable; urgency=low
* Use correct long option for udevadm in postinst (closes: #756582).
-- Laszlo Boszormenyi (GCS) <gcs at debian.org> Thu, 31 Jul 2014
20:07:21 +0000
fuse (2.9.3-14) unstable; urgency=low
* New maintainer (closes: #756548).
* Add watch file.
-- Laszlo Boszormenyi (GCS) <gcs at debian.org> Wed, 30 Jul 2014
20:33:25 +0000
fuse (2.9.3-13) unstable; urgency=low
* I don't care anymore, not worth it.. orphaning.
-- Daniel Baumann <daniel at laptop.127011.net> Fri, 25 Jul 2014
16:33:54 +0200
fuse (2.9.3-12) unstable; urgency=low
* Cherry-picking patch from upstream for arm64 (Closes: #752081).
-- Daniel Baumann <mail at daniel-baumann.ch> Fri, 20 Jun 2014 08:27:34
+0200
fuse (2.9.3-11) unstable; urgency=low
* Improving fuse.postinst to handle device creation a bit better
(Closes: #743360).
-- Daniel Baumann <mail at daniel-baumann.ch> Sat, 14 Jun 2014 21:25:15
+0200
fuse (2.9.3-10) unstable; urgency=low
* Conditionally only trigger udevadm only when /dev/fuse has already
been available (Closes: #745295).
-- Daniel Baumann <mail at daniel-baumann.ch> Sat, 03 May 2014 12:16:17
+0200
fuse (2.9.3-9) unstable; urgency=low
* Loading fuse module in postinst to cover some edge cases where udev
reloading would fail (Closes: #743360).
-- Daniel Baumann <mail at daniel-baumann.ch> Sat, 05 Apr 2014 11:32:44
+0200
fuse (2.9.3-8) unstable; urgency=low
* Building with dh --parallel.
-- Daniel Baumann <mail at daniel-baumann.ch> Mon, 31 Mar 2014 19:50:34
+0200
fuse (2.9.3-7) experimental; urgency=low
* Adding patch from Fabrice Bauzac <fbauzac at amadeus.com> to use dlsym()
instead of relying on ld.so constructor functions to load modules
(Closes: #737143).
* Updating year in copyright for 2014.
-- Daniel Baumann <mail at daniel-baumann.ch> Sat, 01 Feb 2014 05:54:44
+0100
fuse (2.9.3-6) experimental; urgency=low
* Adding explicit permissions to udev rule for device nodes.
-- Daniel Baumann <mail at daniel-baumann.ch> Sat, 28 Dec 2013 20:49:22
+0100
fuse (2.9.3-5) experimental; urgency=low
* Updating to standards version 3.9.5.
* Building with dh-autoreconf (Closes: #732285).
* Dropping fuse group (Closes: #733312).
-- Daniel Baumann <mail at daniel-baumann.ch> Sat, 28 Dec 2013 15:16:28
+0100
fuse (2.9.3-4) experimental; urgency=low
* Updating vcs fields.
-- Daniel Baumann <mail at daniel-baumann.ch> Thu, 17 Oct 2013 10:05:12
+0200
fuse (2.9.3-3) experimental; urgency=low
* Simplyfing libfuse2 symbols by marking linux-only symbols as linux-
only rather than to ship two different sets for linux and kfreebsd,
thanks to Pino Toscano <pino at debian.org> (Closes: #717197).
-- Daniel Baumann <mail at daniel-baumann.ch> Wed, 17 Jul 2013 22:35:26
+0200
fuse (2.9.3-2) experimental; urgency=low
* Adding vcs fields.
* Wrapping control fields.
* Adding lintian overrides.
-- Daniel Baumann <mail at daniel-baumann.ch> Wed, 17 Jul 2013 13:10:22
+0200
fuse (2.9.3-1) experimental; urgency=low
* Merging upstream version 2.9.3.
* Updating year in copyright file.
-- Daniel Baumann <mail at daniel-baumann.ch> Tue, 02 Jul 2013 17:53:03
+0200
fuse (2.9.2-9) experimental; urgency=low
* Updating kfreebsd symbols files again.
-- Daniel Baumann <mail at daniel-baumann.ch> Tue, 11 Jun 2013 17:44:22
+0200
fuse (2.9.2-8) experimental; urgency=low
* Correcting fuse-dbg package description.
* Harmonizing dpkg-statoverride calls in postinst.
* Excluding package on hurd by explicitly listing linux-any and
kfreebsd-any, it doesn't build on hurd anyway.
* Adding kfreebsd specific symbols file for libfuse2.
-- Daniel Baumann <mail at daniel-baumann.ch> Thu, 06 Jun 2013 08:02:49
+0200
fuse (2.9.2-7) experimental; urgency=low
* Creating an udev event rather than reloading udev (Closes: #679930).
* Only creating /dev/fuse with MAKEDEV if it doesn't already exist.
* Clarify manpage that fusermount is used for unmounting only these days
(Closes: #651556).
-- Daniel Baumann <mail at daniel-baumann.ch> Tue, 04 Jun 2013 22:27:29
+0200
fuse (2.9.2-6) experimental; urgency=low
* Adding initial symbols file for libfuse, thanks to Pino Toscano
<pino at debian.org> (Closes: #559473).
-- Daniel Baumann <mail at daniel-baumann.ch> Tue, 04 Jun 2013 18:56:30
+0200
fuse (2.9.2-5) experimental; urgency=low
* Including header files in examples (Closes: #626522).
* Prefixing patches with four digits in filenames.
* Trimming diff headers in patches.
-- Daniel Baumann <mail at daniel-baumann.ch> Thu, 23 May 2013 14:50:28
+0200
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/fuse/+bug/1458397/+subscriptions
More information about the Ubuntu-sponsors
mailing list