| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
https://github.com/libfuse/libfuse/blob/fuse-3.16.2/ChangeLog.rst#libfuse-3162-2023-10-10
https://github.com/libfuse/libfuse/compare/fuse-3.16.1...fuse-3.16.2
|
|
https://github.com/libfuse/libfuse/blob/fuse-3.16.1/ChangeLog.rst#libfuse-3161-2023-08-08
One change can be expected to break some setups:
- Unsupported mount options are no longer silently accepted [1]
For example, sshfs built against the present libfuse 3.11.0,
`$ sshfs 127.0.0.1:/home/test/testdir /home/test/sshfs_mnt -o atime`
terminates successfully (with the mount point established), while when
built against 3.16.1, it outputs the error message `fuse: unknown
option(s): `-o atime'` and terminates with exit status 1.
|
|
|
|
checkInputs used to be added to nativeBuildInputs. Now we have
nativeCheckInputs to do that instead. Doing this treewide change allows
to keep hashes identical to before the introduction of
nativeCheckInputs.
|
|
|
|
|
|
error: attribute 'homepage' missing
at ~/src/nixpkgs/pkgs/os-specific/linux/fuse/common.nix:91:21:
90|
91| meta = with lib; {
| ^
92| description = "Library that allows filesystems to be implemented in user space";
|
|
`closefrom` is now a part of `glibc-2.34`[1]:
> * The function closefrom has been added. It closes all file descriptors
> greater than or equal to a given integer. This function is a GNU extension,
> although it is also present in other systems.
Failing Hydra build: https://hydra.nixos.org/build/152456339
[1] https://sourceware.org/pipermail/libc-alpha/2021-August/129718.html
|
|
|
|
|
|
This is automatic for Meson builds.
|
|
fuse: fix mount.fuse -o setuid=...
|
|
when mounting a fuse fs by fstab on can write:
/nix/store/sdlflj/bin/somefuseexe#argument /mountpoint fuse setuid=someuser
mount is run by root, and setuid is a way to tell mount.fuse to run
somefuseexe as someuser instead. Under the hood, mount.fuse uses su.
The problem is that mount is run by systemd in a seemingly very empty
environment not containing /run/current-system/sw/bin nor
/run/wrappers/bin in $PATH, so mount fails with "su command not found".
We now patch the command to run su with an absolute path.
man mount.fuse3 indicates that this option is reserved to root (or with
enough capabilities) so not using
/run/wrappers/bin/su is thus correct. It has the very small advantage of
possibly working on non nixos.
|
|
|
|
|
|
|
|
Part of: https://github.com/NixOS/nixpkgs/issues/108938
meta = with stdenv.lib;
is a widely used pattern. We want to slowly remove
the `stdenv.lib` indirection and encourage people
to use `lib` directly. Thus let’s start with the meta
field.
This used a rewriting script to mostly automatically
replace all occurances of this pattern, and add the
`lib` argument to the package header if it doesn’t
exist yet.
The script in its current form is available at
https://cs.tvl.fyi/depot@2f807d7f141068d2d60676a89213eaa5353ca6e0/-/blob/users/Profpatsch/nixpkgs-rewriter/default.nix
|
|
|
|
|
|
|
|
Note: Version 3.9.3 and 3.9.4 are equivalent:
"This was an "accidental" release, it is equivalent to 3.9.3."
|
|
|
|
|
|
Changelog: https://github.com/libfuse/libfuse/blob/fuse-3.9.0/ChangeLog.rst
|
|
|
|
|
|
|
|
|
|
Do not set FUSERMOUNT_DIR since we already set it though
NIX_CFLAGS_COMPILE.
Setting it twice results in a lot of warnings like this one:
<command-line>:0:0: warning: "FUSERMOUNT_DIR" redefined
which makes the build look potentially broken.
This doesn't affect the result but fuse3 will now build without any
warnings and building fuse yields less warnings.
|
|
|
|
|
|
We don’t want the config file to be read only and in the Nix store.
|
|
|
|
|
|
|
|
|
|
|
|
Security fixes for a few packages are included.
|
|
|
|
|
|
Upstream changelog:
- SECURITY UPDATE: In previous versions of libfuse it was possible to
for unprivileged users to specify the allow_other option even when
this was forbidden in /etc/fuse.conf. The vulnerability is present
only on systems where SELinux is active (including in permissive
mode).
- libfuse no longer segfaults when fuse_interrupted() is called outside
the event loop.
- The fusermount binary has been hardened in several ways to reduce
potential attack surface. Most importantly, mountpoints and mount
options must now match a hard-coded whitelist. It is expected that
this whitelist covers all regular use-cases.
- Fixed rename deadlock on FreeBSD.
|
|
Upstream changelog:
- SECURITY UPDATE: In previous versions of libfuse it was possible to
for unprivileged users to specify the allow_other option even when
this was forbidden in /etc/fuse.conf. The vulnerability is present
only on systems where SELinux is active (including in permissive
mode).
- The fusermount binary has been hardened in several ways to reduce
potential attack surface. Most importantly, mountpoints and mount
options must now match a hard-coded whitelist. It is expected that
this whitelist covers all regular use-cases.
- Added a test of seekdir to test_syscalls.
- Fixed readdir bug when non-zero offsets are given to filler and the
filesystem client, after reading a whole directory, re-reads it from a
non-zero offset e. g. by calling seekdir followed by readdir.
|
|
|
|
|
|
|
|
|
|
Stop using bin/mount.fuse from fuse3 for fuse2 (mount.fuse from fuse3
isn't guaranteed to remain backwards compatible).
|
|
|
|
|
|
|
