summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--gnu-system.am1
-rw-r--r--gnu/packages/linux.scm13
-rw-r--r--gnu/packages/patches/fuse-CVE-2015-3202.patch65
3 files changed, 8 insertions, 71 deletions
diff --git a/gnu-system.am b/gnu-system.am
index e1874fa6c1..78669bd0d3 100644
--- a/gnu-system.am
+++ b/gnu-system.am
@@ -467,7 +467,6 @@ dist_patch_DATA =						\
   gnu/packages/patches/flint-ldconfig.patch			\
   gnu/packages/patches/fltk-shared-lib-defines.patch		\
   gnu/packages/patches/freeimage-CVE-2015-0852.patch		\
-  gnu/packages/patches/fuse-CVE-2015-3202.patch			\
   gnu/packages/patches/gawk-shell.patch				\
   gnu/packages/patches/gcc-arm-link-spec-fix.patch		\
   gnu/packages/patches/gcc-cross-environment-variables.patch	\
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 1fc3c4e45f..fcae17b609 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -1242,15 +1242,18 @@ processes currently causing I/O.")
 (define-public fuse
   (package
     (name "fuse")
-    (version "2.9.3")
+    (version "2.9.4")
     (source (origin
               (method url-fetch)
-              (uri (string-append "mirror://sourceforge/fuse/fuse-"
-                                  version ".tar.gz"))
+              (uri (let ((version-with-underscores
+                          (string-join (string-split version #\.) "_")))
+                     (string-append
+                       "https://github.com/libfuse/libfuse/"
+                       "releases/download/" version-with-underscores
+                       "/fuse-" version ".tar.gz")))
               (sha256
                (base32
-                "071r6xjgssy8vwdn6m28qq1bqxsd2bphcd2mzhq0grf5ybm87sqb"))
-              (patches (list (search-patch "fuse-CVE-2015-3202.patch")))))
+                "1qbwp63a2bp0bchabkwiyzszi9x5krlk2pwk2is6g35gyszw1sbb"))))
     (build-system gnu-build-system)
     (inputs `(("util-linux" ,util-linux)))
     (arguments
diff --git a/gnu/packages/patches/fuse-CVE-2015-3202.patch b/gnu/packages/patches/fuse-CVE-2015-3202.patch
deleted file mode 100644
index 7c64de7683..0000000000
--- a/gnu/packages/patches/fuse-CVE-2015-3202.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-The following patch was copied from Debian.
-
-Description: Fix CVE-2015-3202
- Missing scrubbing of the environment before executing a mount or umount
- of a filesystem.
-Origin: upstream
-Author: Miklos Szeredi <miklos@szeredi.hu>
-Last-Update: 2015-05-19
-
----
- lib/mount_util.c |   23 +++++++++++++++++------
- 1 file changed, 17 insertions(+), 6 deletions(-)
-
---- a/lib/mount_util.c
-+++ b/lib/mount_util.c
-@@ -95,10 +95,12 @@ static int add_mount(const char *prognam
- 		goto out_restore;
- 	}
- 	if (res == 0) {
-+		char *env = NULL;
-+
- 		sigprocmask(SIG_SETMASK, &oldmask, NULL);
- 		setuid(geteuid());
--		execl("/bin/mount", "/bin/mount", "--no-canonicalize", "-i",
--		      "-f", "-t", type, "-o", opts, fsname, mnt, NULL);
-+		execle("/bin/mount", "/bin/mount", "--no-canonicalize", "-i",
-+		       "-f", "-t", type, "-o", opts, fsname, mnt, NULL, &env);
- 		fprintf(stderr, "%s: failed to execute /bin/mount: %s\n",
- 			progname, strerror(errno));
- 		exit(1);
-@@ -146,10 +148,17 @@ static int exec_umount(const char *progn
- 		goto out_restore;
- 	}
- 	if (res == 0) {
-+		char *env = NULL;
-+
- 		sigprocmask(SIG_SETMASK, &oldmask, NULL);
- 		setuid(geteuid());
--		execl("/bin/umount", "/bin/umount", "-i", rel_mnt,
--		      lazy ? "-l" : NULL, NULL);
-+		if (lazy) {
-+			execle("/bin/umount", "/bin/umount", "-i", rel_mnt,
-+			       "-l", NULL, &env);
-+		} else {
-+			execle("/bin/umount", "/bin/umount", "-i", rel_mnt,
-+			       NULL, &env);
-+		}
- 		fprintf(stderr, "%s: failed to execute /bin/umount: %s\n",
- 			progname, strerror(errno));
- 		exit(1);
-@@ -205,10 +214,12 @@ static int remove_mount(const char *prog
- 		goto out_restore;
- 	}
- 	if (res == 0) {
-+		char *env = NULL;
-+
- 		sigprocmask(SIG_SETMASK, &oldmask, NULL);
- 		setuid(geteuid());
--		execl("/bin/umount", "/bin/umount", "--no-canonicalize", "-i",
--		      "--fake", mnt, NULL);
-+		execle("/bin/umount", "/bin/umount", "--no-canonicalize", "-i",
-+		       "--fake", mnt, NULL, &env);
- 		fprintf(stderr, "%s: failed to execute /bin/umount: %s\n",
- 			progname, strerror(errno));
- 		exit(1);