From 4372aa3db17043692e5e0460cde3b113bf0eaaa8 Mon Sep 17 00:00:00 2001 From: Tom Callaway Date: Fri, 22 May 2015 16:19:45 -0400 Subject: [PATCH 1/3] 2.9.4 --- .gitignore | 1 + fuse.spec | 8 ++++++-- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index c02e380..bde5bc4 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,4 @@ fuse-2.8.4.tar.gz /fuse-2.9.1.tar.gz /fuse-2.9.2.tar.gz /fuse-2.9.3.tar.gz +/fuse-2.9.4.tar.gz diff --git a/fuse.spec b/fuse.spec index 459d0e3..3404341 100644 --- a/fuse.spec +++ b/fuse.spec @@ -1,6 +1,6 @@ Name: fuse -Version: 2.9.3 -Release: 4%{?dist} +Version: 2.9.4 +Release: 1%{?dist} Summary: File System in Userspace (FUSE) utilities Group: System Environment/Base @@ -103,6 +103,10 @@ rm -f %{buildroot}%{_sysconfdir}/udev/rules.d/99-fuse.rules %{_includedir}/fuse %changelog +* Fri May 22 2015 Tom Callaway 2.9.4-1 +- update to 2.9.4 +- fixes CVE-2015-3202 + * Sat Aug 16 2014 Fedora Release Engineering - 2.9.3-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild diff --git a/sources b/sources index e4b0a78..8b22462 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -33cae22ca50311446400daf8a6255c6a fuse-2.9.3.tar.gz +ecb712b5ffc6dffd54f4a405c9b372d8 fuse-2.9.4.tar.gz From 5bf8a910e20d9f7c40df4670ae89de6268204432 Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Wed, 17 Jun 2015 06:49:38 +0000 Subject: [PATCH 2/3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild --- fuse.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/fuse.spec b/fuse.spec index 3404341..25c9552 100644 --- a/fuse.spec +++ b/fuse.spec @@ -1,6 +1,6 @@ Name: fuse Version: 2.9.4 -Release: 1%{?dist} +Release: 2%{?dist} Summary: File System in Userspace (FUSE) utilities Group: System Environment/Base @@ -103,6 +103,9 @@ rm -f %{buildroot}%{_sysconfdir}/udev/rules.d/99-fuse.rules %{_includedir}/fuse %changelog +* Wed Jun 17 2015 Fedora Release Engineering - 2.9.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + * Fri May 22 2015 Tom Callaway 2.9.4-1 - update to 2.9.4 - fixes CVE-2015-3202 From a37b7ae5c1cd8943d6f7e255b63a79e053464759 Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Thu, 8 Oct 2015 15:40:30 -0700 Subject: [PATCH 3/3] backport patch allowing setting SELinux context on FUSE mounts --- ...s-security-context-options-to-kernel.patch | 33 +++++++++++++++++++ fuse.spec | 16 ++++++--- 2 files changed, 45 insertions(+), 4 deletions(-) create mode 100644 0001-libfuse-pass-security-context-options-to-kernel.patch diff --git a/0001-libfuse-pass-security-context-options-to-kernel.patch b/0001-libfuse-pass-security-context-options-to-kernel.patch new file mode 100644 index 0000000..e3d3141 --- /dev/null +++ b/0001-libfuse-pass-security-context-options-to-kernel.patch @@ -0,0 +1,33 @@ +From c52cafc81ced83fbd5cc7edf4ef5f7cb57b82729 Mon Sep 17 00:00:00 2001 +From: Dalvik Khertel +Date: Thu, 9 Aug 2012 12:48:20 +0000 +Subject: [PATCH] libfuse: pass security context options to kernel + +Mount can be used with an "-o context=" option in order to specify a +mountpoint-wide SELinux security context different from the default context +provided by the active SELinux policy. + +This is useful in order to enable users to mount multiple sshfs targets under +distinct contexts, which is my main motivation for getting this patch mainlined. +--- + lib/mount.c | 4 ++++ + 1 files changed, 4 insertions(+) + +diff --git a/lib/mount.c b/lib/mount.c +index 6182a17..01f64da 100644 +--- a/lib/mount.c ++++ b/lib/mount.c +@@ -97,6 +97,10 @@ static const struct fuse_opt fuse_mount_opts[] = { + FUSE_OPT_KEY("large_read", KEY_KERN_OPT), + FUSE_OPT_KEY("blksize=", KEY_KERN_OPT), + FUSE_OPT_KEY("default_permissions", KEY_KERN_OPT), ++ FUSE_OPT_KEY("context=", KEY_KERN_OPT), ++ FUSE_OPT_KEY("fscontext=", KEY_KERN_OPT), ++ FUSE_OPT_KEY("defcontext=", KEY_KERN_OPT), ++ FUSE_OPT_KEY("rootcontext=", KEY_KERN_OPT), + FUSE_OPT_KEY("max_read=", KEY_KERN_OPT), + FUSE_OPT_KEY("max_read=", FUSE_OPT_KEY_KEEP), + FUSE_OPT_KEY("user=", KEY_MTAB_OPT), +-- +2.5.0 + diff --git a/fuse.spec b/fuse.spec index 25c9552..624c28c 100644 --- a/fuse.spec +++ b/fuse.spec @@ -1,17 +1,21 @@ Name: fuse Version: 2.9.4 -Release: 2%{?dist} +Release: 3%{?dist} Summary: File System in Userspace (FUSE) utilities Group: System Environment/Base License: GPL+ URL: http://fuse.sf.net Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz -Source1: %{name}.conf +Source1: %{name}.conf -Patch1: fuse-0001-More-parentheses.patch +Patch1: fuse-0001-More-parentheses.patch # https://bugzilla.redhat.com/show_bug.cgi?id=970768 -Patch2: fuse-2.9.2-namespace-conflict-fix.patch +Patch2: fuse-2.9.2-namespace-conflict-fix.patch +# Allow setting SELinux context on fuse mounts: backport from master +# c52cafc81ced83fbd5cc7edf4ef5f7cb57b82729 , with ChangeLog changes +# dropped as they conflict +Patch3: 0001-libfuse-pass-security-context-options-to-kernel.patch Requires: which Conflicts: filesystem < 3 BuildRequires: libselinux-devel @@ -52,6 +56,7 @@ pgk-config) to develop FUSE based applications/filesystems. sed -i 's|mknod|echo Disabled: mknod |g' util/Makefile.in %patch1 -p1 -b .add_parentheses %patch2 -p1 -b .conflictfix +%patch3 -p1 -b .context %build # Can't pass --disable-static here, or else the utils don't build @@ -103,6 +108,9 @@ rm -f %{buildroot}%{_sysconfdir}/udev/rules.d/99-fuse.rules %{_includedir}/fuse %changelog +* Thu Oct 08 2015 Adam Williamson - 2.9.4-3 +- backport patch allowing setting SELinux context on FUSE mounts + * Wed Jun 17 2015 Fedora Release Engineering - 2.9.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild