Initialize for fuse

.fuse.metadata

@@ -0,0 +1 @@
+665d45d95d3ed9b3e4a214a9fafd78b6e640b0800c93ed1401a8410cebd96743 fuse-2.9.7.tar.gz

.gitignore

@@ -0,0 +1 @@
+fuse-2.9.7.tar.gz

aarch64-build-fix.patch

@@ -0,0 +1,16 @@
+--- include/fuse_kernel.h
++++ include/fuse_kernel.h
+@@ -85,12 +85,7 @@
+ #ifndef _LINUX_FUSE_H
+ #define _LINUX_FUSE_H
+ 
+-#include <sys/types.h>
+-#define __u64 uint64_t
+-#define __s64 int64_t
+-#define __u32 uint32_t
+-#define __s32 int32_t
+-#define __u16 uint16_t
++#include <linux/types.h>
+ 
+ /*
+  * Version negotiation:

baselibs.conf

@@ -0,0 +1 @@
+libfuse2

fuse-2.9.7.tar.gz.asc

@@ -0,0 +1,20 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQKgBAABCgCKBQJXaEo6XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
+ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFRDMxNzkxQjJDNUMxNjEzQUYzODhCOEFE
+MTEzRkNBQzNDNEU1OTlGIxpodHRwOi8vd3d3LnJhdGgub3JnL2dwZ3BvbGljeS5o
+dG1sAAoJENET/Kw8TlmfCfUP/36GmAhqrDt5SIQruYUETuJMlZ7G5CVUYWlTXpy3
+sqoeGiYePDonlx1fHqutuTxj/btqSphbn5d+4Uj8AsobiKsNGmMxdmdQH3QO7g61
+Qe5Wzk2d89Ge3GzkyjEVK5EkbptKWmhEgcX4OQgNzJ34O49cAu6IA8sCcAR3HgBw
+sbtfh33G+d94QaqQHj1FDQJV4KmyYUAG7RLMiDv+O9F16ZG7kQS8a1BQwPlrvxKs
+vMzTbULium/quP7SwlYIOSdpcnx6TULLbwafbmXCt6zze7zbGAhGmW03Lzu5g3uj
+exazwzKbZiHgadAXCSoWGOJXYnZ8N7W+69q72emAHl2LO3nEyttkSVa3/6LAJrYw
+VQqEnBhCLi12bo7wTBzijjMilXRdxU0s47qmNGQnnQdFSoj99ilgDVKZCCQlHTtY
+dSLVAR9fKyMlqNUPEsl1ZoFe/Zjjl1ZGAu4JUFUXMIurpRXO/EqTddvLpemXl8rP
+8kVAAwp0rPFRT2DHDg0OMqvwmDPvWbiOIVgtCiTMffuILWx+sJkj4sTa+uce49gM
+/XlGlrxKVgk7KOTaSsKXva5BZv+8zf4BhuZrtmGEWaPqr/8soCh6CRyJg3sfkvW/
+v6R9Q4VxG/IPSpdL2fQGmVIPxQW5QwOytTJvZHApmJ+Ve8R2JlXbpkLRnfAtN10f
+iAHy
+=sqI5
+-----END PGP SIGNATURE-----

fuse-install-fix.diff

@@ -0,0 +1,32 @@
+--- fuse-2.9.2.orig/util/Makefile.am	2012-07-19 07:33:49.000000000 -0500
++++ fuse-2.9.2/util/Makefile.am	2013-03-04 09:23:23.000000000 -0600
+@@ -20,14 +20,6 @@
+ ulockmgr_server_CPPFLAGS = -D_FILE_OFFSET_BITS=64 -D_REENTRANT 
+ ulockmgr_server_LDFLAGS = -pthread
+ 
+-install-exec-hook:
+-	-chmod u+s $(DESTDIR)$(bindir)/fusermount
+-	@if test ! -e $(DESTDIR)/dev/fuse; then \
+-		$(MKDIR_P) $(DESTDIR)/dev; \
+-		echo "mknod $(DESTDIR)/dev/fuse -m 0666 c 10 229 || true"; \
+-		mknod $(DESTDIR)/dev/fuse -m 0666 c 10 229 || true; \
+-	fi
+-
+ EXTRA_DIST = udev.rules init_script
+ 
+ MOUNT_FUSE_PATH = @MOUNT_FUSE_PATH@
+@@ -39,14 +31,8 @@
+ 	$(INSTALL_PROGRAM) $(builddir)/mount.fuse $(DESTDIR)$(MOUNT_FUSE_PATH)/mount.fuse
+ 	$(MKDIR_P) $(DESTDIR)$(INIT_D_PATH)
+ 	$(INSTALL_SCRIPT) $(srcdir)/init_script $(DESTDIR)$(INIT_D_PATH)/fuse
+-	@if test -x /usr/sbin/update-rc.d; then \
+-		echo "/usr/sbin/update-rc.d fuse start 34 S . start 41 0 6 . || true"; \
+-		/usr/sbin/update-rc.d fuse start 34 S . start 41 0 6 . || true; \
+-	fi
+ 
+ install-data-local:
+-	$(MKDIR_P) $(DESTDIR)$(UDEV_RULES_PATH)
+-	$(INSTALL_DATA) $(srcdir)/udev.rules $(DESTDIR)$(UDEV_RULES_PATH)/99-fuse.rules
+ 
+ uninstall-local:
+ 	rm -f $(DESTDIR)$(MOUNT_FUSE_PATH)/mount.fuse

fuse.changes

@@ -0,0 +1,276 @@
+* Tue Sep 11 2018 rgoldwyn@suse.com
+- user_allow_other restriction may be bypassed (bsc#1101797, CVE-2018-10906)
+  - fusermount-prevent-silent-truncation-of-mount-options.patch
+  - fusermount-dont-feed-escaped-commans-into-mount-options.patch
+  - fusermount-bail-out-on-transient-config-read-failure.patch
+  - fusermount-refuse-unknown-options.patch
+  - fusermount-whitelist-known-good-filesystems-for-mountpoints.patch
+* Mon Oct 16 2017 admorgan@morgancomputers.net
+- Fix download link in fuse.spec
+* Fri Oct  6 2017 admorgan@morgancomputers.net
+- fuse 2.9.7
+  * Shared-object version has now been bumped correctly.
+  * Added SELinux support.
+  * Fixed race-condition when session is terminated right after
+    starting a FUSE file system.
+* Mon Jul 31 2017 fcrozat@suse.com
+- Ensure trusted group is available on Tumbleweed.
+* Fri Jan 22 2016 astieger@suse.com
+- fuse 2.9.5:
+  * fix warning in mount.c:receive_fd().
+  * fix possible memory leak.
+  * new upstream project and source URL
+  * add new maintainer keyring and verify source signature
+* Fri May 22 2015 mszeredi@suse.cz
+- Update to version 2.9.4
+  - fix exec environment for mount and umount (bsc#931452,
+    CVE-2015-3202)
+  - properly restore the default signal handler
+  - fix directory file handle passed to	ioctl() method.
+  - fix for uids/gids larger than 2147483647
+  - initialize stat buffer passed to ->getattr() and ->fgetattr()
+* Wed Dec 10 2014 bwiedemann@suse.com
+- include commented default fuse.conf (bnc#908292)
+* Wed Jul 24 2013 mszeredi@suse.cz
+- Update to version 2.9.3
+  - Bug fixes
+- Remove fuse-gnu_source.patch (fixed upstream)
+* Sun Jun 16 2013 dmueller@suse.com
+- add aarch64-build-fix.patch
+* Wed Mar 27 2013 mmeister@suse.com
+- Added url as source.
+  Please see http://en.opensuse.org/SourceUrls
+* Tue Mar 26 2013 dmueller@suse.com
+- fix build for SLE_11
+* Fri Mar  8 2013 idonmez@suse.com
+- Use autoreconf directly instead of makeconf.sh
+* Mon Mar  4 2013 archie@dellroad.org
+- Update to version 2.9.2
+  - Add support for fallocate() (kernel >= 3.5)
+  - Bug fixes
+- Remove fix-pthread-in-fuse.pc.patch; now included in upstream
+- Don't patch generated files such as configure and Makefile.in;
+  instead, regenerate them using makeconf.sh from SVN repository
+* Sat Feb  2 2013 coolo@suse.com
+- update license to new format
+* Mon Jul  2 2012 coolo@suse.com
+- avoid autoreconf to avoid breaking on updates of auto* tools
+* Sat May 26 2012 jengelh@inai.de
+- Remove redundant tags/sections from specfile
+- Parallel build with %%_smp_mflags
+- Trim list of FUSE fses from description (it's literally endless)
+  and text inappropraite for subpackages
+* Wed May 16 2012 mszeredi@suse.cz
+- Fix -pthread in fuse.pc [bnc#761117]
+* Thu Apr 26 2012 rschweikert@suse.com
+- place binaries in /usr tree (UsrMerge project)
+* Sun Apr 22 2012 puzel@suse.com
+- update to 2.9.0
+  - Add "zero copy" support for kernel 2.6.35 or newer
+  - Make maximum background requests tunable on kernel 2.6.32 or
+    newer
+  - Require --no-canonicalize in (u)mount (util-linux version 2.18
+    or newer) to fix security problems with fusermount
+  - Use dynamically sized hash tables in high level library
+  - Memory use of filesystem daemon can shrink more easily
+  - Add "auto_unmount" option
+  - Add "remember" option
+  - Add man pages for fusermount, mount.fuse and ulockmgr_server
+  - API changes:
+  - Introduce "store" and "retrieve" for accessing kernel
+    buffers on kernel 2.6.36 or newer
+  - Introduce abstract buffer for zero copy operations
+  - Allow path calculation to be omitted on certain operations
+  - Allow batching forget requests
+  - Add "flock" method
+  - Add support for ioctl on directories
+  - Add delete notification
+- drop fuse-pc-remove-libdir-from-Libs.diff (upstream)
+* Wed Jan 25 2012 mszeredi@suse.cz
+- use %%set_permissions instead of %%run_permissions in specfile
+* Wed Jan 25 2012 mszeredi@suse.cz
+- compile /bin/fusermount as a position independent executable
+  [bnc#743155]
+* Wed Jan 25 2012 mszeredi@suse.cz
+- update to 2.8.7
+  * fix ambiguous symbol version for fuse_chan_new
+  * prevent calling ulockmgr_server with illegal arguments
+  * fix hang in wait_on_path()
+* Thu Nov  3 2011 mszeredi@suse.cz
+- handle case of failure to allocate request [bnc#723616]
+* Sat Oct  1 2011 coolo@suse.com
+- add libtool as buildrequire to make the spec file more reliable
+* Mon Sep 26 2011 mhrusecky@suse.cz
+- enabling libulockmgr
+* Mon Aug 29 2011 crrodriguez@opensuse.org
+- Must define _GNU_SOURCE to get clone()  system call.
+* Mon Mar 21 2011 coolo@novell.com
+- licenses package is about to die
+* Thu Feb 17 2011 mszeredi@suse.cz
+- In case of failure to add to /etc/mtab don't umount. [bnc#668820]
+  [CVE-2011-0541]
+* Tue Nov 16 2010 mszeredi@suse.cz
+- Fix symlink attack for mount and umount [bnc#651598]
+* Wed Oct 27 2010 mszeredi@suse.cz
+- Remove /etc/init.d/boot.fuse [bnc#648843]
+* Tue Sep 28 2010 mszeredi@suse.cz
+- update to 2.8.5
+  * fix option escaping for fusermount [bnc#641480]
+* Wed Apr 28 2010 mszeredi@suse.cz
+- keep examples and internal docs in devel package (from jnweiger)
+* Mon Apr 26 2010 mszeredi@suse.cz
+- update to 2.8.4
+  * fix checking for symlinks in umount from /tmp
+  * fix umounting if /tmp is a symlink
+* Tue Feb  2 2010 mszeredi@suse.cz
+- update to 2.8.3
+  * fix unmounting with util-linux version >= 2.17
+* Wed Jan 27 2010 mszeredi@suse.cz
+- update to 2.8.2
+  * fix unmount race (CVE-2009-3297)
+  * fix deadlock with "audit" subsystem on mount (also requires
+    util-linux-ng version >=2.17)
+* Wed Jan  6 2010 jengelh@medozas.de
+- package baselibs.conf
+* Wed Dec 16 2009 kruber@zib.de
+- update to 2.8.1:
+  * fix missing versioned symbol fuse_get_context@FUSE_2.2
+* Sun Sep  6 2009 pascal.bleser@opensuse.org
+- update to 2.8.0:
+  * more scalable directory tree locking
+  * atomic open(O_TRUNC) support
+  * support big write requests on kernels 2.6.26 and newer
+  * out-of-tree fuse module removed
+  * better NFS exporting support
+  * new ioctl and poll requests
+  * new CUSE (Character Device in Userspace) interface
+  * allow umask processing in userspace
+  * added cache invalidation notifications
+  * bugfixes and small improvements
+* Thu Jul 30 2009 aj@suse.de
+- Fix exclude usage.
+* Tue Apr 21 2009 crrodriguez@suse.de
+- remove static libraries and "la" files
+- spec file cleanup
+- update to version 2.7.4
+  * Fix missing pthread_mutex_destroy in error path of
+  fuse_lib_opendir().  Patch by Szabolcs Szakacsits
+* Fri Apr  3 2009 coolo@suse.de
+- adding baselibs.conf to build -xxbit
+* Mon Dec  1 2008 ro@suse.de
+- check for /.buildenv before stop_on_removal
+* Mon Dec 17 2007 mszeredi@suse.de
+- Update to version 2.7.2
+  * Fix a symbol versioning mistake
+  * Fix a deadlock on termination, if umount is synchronous
+  * Fix umounting if /etc/mtab is a symlink
+* Fri Nov 23 2007 mszeredi@suse.de
+- Update to version 2.7.1
+  * Add missing context initialization in fuse_fs_chmod()
+  * Fix a fuse_req leak in do_forget()
+  * Work around hotplug issue
+  * Reset args->argc in fuse_opt_free_args()
+* Sun Sep  2 2007 aj@suse.de
+- Fix building.
+- Rename rpmlintrc to fuse.rpmlintrc and add it as source.
+* Fri Aug 31 2007 mszeredi@suse.de
+- fix location of COPYING files (#306681)
+* Fri Aug 10 2007 bk@suse.de
+- branch off libfuse2 to avoid having to start fuse on boot (#285101)
+- Add "Supplements: filesystem(fuse)" in case someone looks for fuse
+- libulockmgr and ulockmgr_server are separate from fuse (#285101)
+* Fri Jul 13 2007 mszeredi@suse.de
+- conditionally add udev rule if building with 10.2 or earlier
+* Thu Jul  5 2007 bk@suse.de
+- update to new major release 2.7.0:
+  * Support for stacking filesystem modules
+  * New module for converting filename character sets
+  * "setuid=USER" allows to do "su - USER" for the filesystem
+  * fs subtype has been added to libfuse and the mount commands
+  * Several problems have been addressed, e.g. mount.fuse is rewritten
+  the multithreaded loop uses a semaphore instead of signals,
+  improved locking and O_APPEND is fixed in direct IO mode
+* Tue Jul  3 2007 bk@suse.de
+- move libs and programs to /lib and /bin, recommended for ntfs-3g
+* Mon Jun 18 2007 dmueller@suse.de
+- fix boot.fuse to start after boot.localfs
+* Fri May  4 2007 mszeredi@suse.de
+- fix build error
+* Wed May  2 2007 mszeredi@suse.de
+- updated to version 2.6.5
+  * mount.fuse script fixes
+  * fix exiting on umount for filesystems which block SIGHUP
+- udev rule for fuse device is now in udev package
+- don't remove fuse module in the init-script
+- use 'fusectl' as the filesystem source
+* Fri Feb  9 2007 ro@suse.de
+- change fillup_and_insserv to insserv_force_if_yast in post-script
+  (there is no sysconfig file involved here)
+* Wed Feb  7 2007 mszeredi@suse.cz
+- added init script which loads the fuse module and mounts the control
+  filesystem (#223663)
+* Mon Feb  5 2007 mszeredi@suse.cz
+- updated to version 2.6.3:
+  * fix regression causing an abort during heavy filesystem use
+  * update author's email
+* Tue Jan 30 2007 tiwai@suse.de
+- updated to version 2.6.2:
+  * fix 64bit compile problems
+  * fix fuse_teardown problem
+  * fix unaligned access in file descriptor in libfuse
+  * fix detection of fuseblk
+  * fix use after free in fuse_flush
+  * fix compatible API for opts == NULL
+* Thu Jan 18 2007 tiwai@suse.de
+- fix compat API (#233870)
+* Tue Dec 19 2006 tiwai@suse.de
+- updated to version 2.6.1:
+  * improved fusermout help texts
+  * fix automake problems
+* Sun Oct 22 2006 cthiel@suse.de
+- update to version 2.6.0
+  * Improved read characteristics (asynchronous reads)
+  * Support for aborting filesystem connection
+  * POSIX file locking support
+  * Request interruption support
+  * Building module for Linux kernels earlier than 2.6.9 not supported
+  * Allow block device based filesystems to support swap files
+  * Several bugs fixed, including a rare system hang on SMP
+* Mon Aug 21 2006 cthiel@suse.de
+- fix requirements of -devel package, to require fuse by version (#200496)
+* Tue Aug  8 2006 tiwai@suse.de
+- fixed a syntax error in udev rules.
+* Mon Jul  3 2006 cthiel@suse.de
+- fix build
+* Mon May 15 2006 tiwai@suse.de
+- updated to version 2.5.3.
+  * Add missing rwlock initialization
+  * Fix negative entry handling.
+  * Fix race between RELEASE and UNLINK, which might leave
+    .fuse_hidden* files around
+  * libfuse: fix use-after-free bug in interruptred reply_entry().
+* Fri Feb  3 2006 cthiel@suse.de
+- update to version 2.5.2
+  * lib: if "fsname=" option was given, pass it to fusermount
+  * fuse_opt: fix memory leak in handling "--" option
+  * fuse_opt.h: fix incompatibility with C++ compilers by renaming
+    'template' structure member to 'templ'
+  * fuse.h: fix compatibility bugs.
+* Wed Jan 25 2006 mls@suse.de
+- converted neededforbuild to BuildRequires
+* Sat Jan 14 2006 cthiel@suse.de
+- update to version 2.5.0
+* Wed Nov 23 2005 cthiel@suse.de
+- update to version 2.4.2
+- changed permission of /usr/bin/fusermount to 4755
+* Fri Oct 28 2005 cthiel@suse.de
+- readded -fno-strict-aliasing
+* Fri Oct 28 2005 cthiel@suse.de
+- update to version 2.4.1
+* Fri Sep 30 2005 tiwai@suse.de
+- fixed CFLAGS to pass RPM_OPT_FLAGS.
+- added -fno-strict-aliasing.
+* Wed Jun  8 2005 tiwai@suse.de
+- updated to version 2.3.0.
+* Tue Feb  3 2004 adrian@suse.de
+- initial package of version 1.1-pre2

fuse.conf

@@ -0,0 +1,18 @@
+# The file /etc/fuse.conf allows for the following parameters:
+#
+# user_allow_other - Using the allow_other mount option works fine as root, in
+# order to have it work as user you need user_allow_other in /etc/fuse.conf as 
+# well. (This option allows users to use the allow_other option.) You need 
+# allow_other if you want users other than the owner to access a mounted fuse. 
+# This option must appear on a line by itself. There is no value, just the 
+# presence of the option.
+
+#user_allow_other
+
+
+# mount_max = n - this option sets the maximum number of mounts.
+# Currently (2014) it must be typed exactly as shown
+# (with a single space before and after the equals sign).
+
+#mount_max = 1000
+

fuse.keyring

@@ -0,0 +1,77 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: SKS 1.1.5+
+Comment: Hostname: keys2.kfwebs.net
+
+mQINBFMiefoBEADYa1ZUqR/3YDqaf2UGpd9kNfKAY3TAR+xTcTYBKWTkJEy4cX2bccSEOf7E
+f1w0va+WgBwDUAllf+x21UFOWnPnqwb8LJxyg8dN3CRNWf9Z2vRXNOkvnAd0hYnA6xsbSLDQ
+V0wpJOTH1zyZejMMWLpZh5SKRxaJAtpsfZ32qppzJhn4jJb0v2fC+wJVkUy4mLe6yaHCrrHw
+lwldyzlwPBNwFfk31mVFYO+COSTGq+RXU2kCdujfw648IBYltdWI3D1vTilJd0gt2EDmOqQi
+zfFJLlBTdLieJdrXzL4WWuzvJpC1YadkmqMqnVkpcDxbxw0bK7G0faLigwWkshggaSns0vnp
+D05jQyMJUYdLwB9lh6u0B9APcCxmPLhgHDdgdlZ+1JHMdfY0gIMSIAP2zkQu4iaTv5Tuc5a0
+3dXE7G6GwZ+A5YsrovQCot2FY653A0swmAsaCy3A2OcVFXXgmZGLYh/06XA/+WhMSLVIaQ6e
+YTFgG9k8iopU6zw5p2vav1rOuirymLe3b/VNZhk6nOpewwLp+5c2Ylmj6zEHegFQ9pbmlFF/
+kubk9wGuS941G0/iLPyf3ePPhQ6hMY9L+7moW+Zlbqqg2XXa9S8C2rMwELDegpawYJyMIt25
+xAb94BGMkU/SxclzZ62ktGkYrA0ekiHkB6zzt8uhHrGDxWEucQARAQABtCFOaWtvbGF1cyBS
+YXRoIDxOaWtvbGF1c0ByYXRoLm9yZz6IagQQEQoAKgUCUyJ7rCMaaHR0cDovL3d3dy5yYXRo
+Lm9yZy9ncGdwb2xpY3kuaHRtbAAKCRCprbf4rk5CXNS7AJ9/Fdr8AzeAPKRoGN/ilFSb64kV
+ggCeNE3F2CrZisHyjAlJ2sW/5iRS1MeJAUAEEAEKACoFAlMie5IjGmh0dHA6Ly93d3cucmF0
+aC5vcmcvZ3BncG9saWN5Lmh0bWwACgkQttywLM0aUrlgiQf/fskwiyKtKS2ikqsiw6rqo9RP
+3A6AGJ3LQivpekV3elKxeu22L99yjkCEKHtggMmVd+Q9z9Pmvmx1d4EcVRtj7N86CcrQnPFb
+vUaiZ22gCDS61BCbnItzeo3nkOhbJtCU2AXHwBCx2c1uGNzR5qJoymXo92FIp7JxKJ3hHZDW
+E2XnX41bNwzZtycfZuk5VB29MIiEIIGbR/Y8rq7KwWQdyQ8y5i6Jnq5hPqRVpvMagcA9ycOI
+Nkf6FqK0RHOjpxXgTHPjQudrlrhbbSOW5AQdsVGo+kJU/S+eYjPO1QLOAcVX1xDHmBIYUwY3
+wxIVUXUwiGScNuKHATAwm8SFZuzTqIkCHAQQAQgABgUCVNw4rgAKCRAekxDZrc5gZUqFD/44
+Ze4ow4ehRZ9P359WNwRKkOMmG/tMCq5boe6Sx+eon3dO8zlR6WZfRdlqbYWD4lUAN1H1zKbX
+/EmBcHiT01d4MAk3E3JqsmVKnhoEAj1D9/UryQlsLPuGgtbocoCxo2yg3dgTsbUiuOhYeRtp
++zqdck55Y9awU1xi5MLHOryNyAtWqncxMSDF6e4R17+RNUZqDykJQhjTAm2V+OQiWZ3ro15T
+0rYpy+2de5zCgZKKE3rZyaLYNjOaF3jRGvZfTRFyhsIyHxksoDfICUHayeTpHeLR6oczai14
+Eg6HG9TDDfNNEKOWNU6m1O9kSJ8Q+Ow+khVchSF6UY0gPl6o7SFukoybhm9A6WpRnGhgACUd
+X84jzMNydrf7yp9AqUWohmOth2GSc+owDoQCjuIFEjLJr0Ic+YFP0WD8ZMIrXhtG+muv0mE4
+qqo0JJgC9rdZk9vt6SSzuA6Wg/Hb7lbkcNOwGysb2xnL5Czjqpl0LPfXGngYgQVLQ9Gf3x/E
+v4BIgnmzTxfCkTjRw2omL4mtCQJsajGLmwPNjX0SBKw57h8L6olljgrzzKZf6hV2EGsTvfp9
+l1WJlLGD24WVUNnC0y4XlRO/zym1mCq8aLcnr+63BIsZZPvUToun7PvgIyxjtf3Y9FLKlh7I
+xzZzcWZT+GJg0eLd2JMUrSE07jSn8Ot7N4kCHAQQAQgABgUCVN/l8gAKCRAWf9Q0wEOjE1iV
+EADAQPNGvhvvVMONiYZ3hIfv2Te7yOIWduPtvzykXovK+pzwwFdGs0BqreVMo7dnONecj53s
+vvRwHU1XD/oMDDYVXfy5mfmM4ffIID77tA37bVblMApkwFWm573oaTFJhHH6VkI9Kb1/ST4w
+l9T8QdJrMkrdkr/2ypl6AHOFuI1A+VuAAKooZ34outAdzZgFBZEobBgHcZEwatarNLP+bl6b
+1U8rYFUeKra9pFEcIIOEfa+OVumtPyh6bue2CBrhgCh1EhiF9sD8PxxGzx9ZH2wsgUfXwKVm
+oE/bDsuWP7HJkpRFWRHeDgqohVCwUXqFaqwq4up6dWm0Js/wbZp87kzFaMjzTp98Nr3akNRO
+636MXxNip6JHNNxGuI5TAbXGXG3Foh5b57bOfS3zc/g4328/6ehA+DDct+aBlrhEfSYGdZ3S
+s28IRcsxY9Xpx1ouKXY3g51pJYzTTrLCQ28YVV3ImvzA6Pi6vaSrIoCtHfNqONloGo3QF/1z
+leAGFGz0AmVCckTDk/QvxYG842LjMjtkXhsZpLUUmEE11ore6ZaFqDcWba/Ob81/Cp9yibp8
+WNyO2kj5vs6peStTp0mPoPbWmX+43QAYcoIeVcePgizDpk84+esn2XX/NbK0vE+eNXZF2oxU
+sOBjoWbezD1X7+Ymz40Ry5H5OuaCwkkR0Id37IkCYQQTAQoASwUCUyJ5+iMaaHR0cDovL3d3
+dy5yYXRoLm9yZy9ncGdwb2xpY3kuaHRtbAIbAwUJEswDAAULCQgHAwUVCgkICwUWAgMBAAIe
+AQIXgAAKCRDRE/ysPE5Zn+l4EADTvsHUBaIqTjakIkYy8P2mvgJ/YqeDi2bcdXFMdFxNkhTi
+L/YlEoMelaUQoFUo0yKn6bMhYTtsCXohqKIb5hup1wDDjfhShxyWm9zPFrI/8O66tydnEgjr
+0X45WWU6ull2YuWzabRCg/2NRSxnbYLglSnoAJCmjs1iVb35nOxj1xv3QJHsr6jETxGkLKoL
+4eolcphRr0RycNr1gZT3xXtgLBNoePEpwS9RHHphHTbzXxQfQmIIHoI/FIwSSBYgzTPiRVsR
+5nrCPhfhzvhGIiFwPimDfcrkMfnl9ge0QPLxD5tkect20MzIXgZu8t11URJEElS6tRikndfD
+Cx/m8NkHTKkxg16ANeZxpJSi+zFTLMljqVHrA0bwwVI+VR2IcL/oPjQXIwj3HHj4q42YpE6q
+B9vlFQeIM+W9ZIOqisOsCNpaijKs4BQkANREFwfaQBPcfTNoQV4oQO8OEJzhFTM2QUPFMZkg
+8mD/FAIU03d3kfWZMqrMQUj4SdOrhEcsheX3coUji6b7brZIp2EF47CE8yCtPYs5U+sEaQFe
+5ue/yh1k8MFrzhk+BDmelOaZBiyHAMeJzqx5pd2SisM5qrO2eo5aTPE7/lsEjzBlIy4dRfu1
+GYMU4VP3DzSHRZPXwa0TahZJY5orlfyyoip844p68djEBvO3sZOBQr7QRjAaIbkCDQRTInn6
+ARAAwL+oAUxGacCUctUxjdInq+HK/9EYV1KDOgsUV6JQfMF8nTJNXEYg8xsi7BXGtBf0JL0n
+4TyVnVGBS2vaR3c4+xCvTTxEyOcgqyVeKp1Hh61wQYbnlbhANrT2dKItG/dwgZHVeDfW1ARr
+gsBFF7L97OuHruipK8n9ibPruPS4szGMrBS6Fvdt1bPX258D1Y5Z2MrvQkjAOlynIKrgxMC1
+BiFNUH6ktukXmKgbpiPG8ZuZBk+60e2IkvXB5gp5dcNvJ0hd1xWpuMJeThUdwwQqA79Kf7LS
+tmltqlbphGzbAMQy7DJBJpHMm55HwG6AUMDuDh9H1cLs891a5wyPgGzHFMlMUy3hJMI/LZO4
+L/oxRidFcRrPsIaXWP8Ot85no3+QguQNRiuNNDTLZv8L+ExNBDHfVbg9gdqZr0gfZQHBQIE2
+7XHfOvc7z7PMd2BtsGM/kKh3UTAZfgiZSgZSOZAOBRqb6dG2nTqxi+tTN0lhStQl9TpN39Nq
+Ma9NJPjzzRU2dLdTRVX/S9R2hAWLG97sPUxBRSfCbEBeZsj8QwLhkkoypzaX39Hzq3jwm9ek
+UAlJwNXwyEgLD+K2DctTyF6yeUfuKjXOu+YC86EvXvPcmu7+aVPLdHv3Flyao6b7xapZx5c0
+1FoK0bqPEHK4AopfyZ4kQyk/lxyMAbtdHFeYk30AEQEAAYkCSQQYAQoAMwUCUyJ5+iMaaHR0
+cDovL3d3dy5yYXRoLm9yZy9ncGdwb2xpY3kuaHRtbAIbDAUJEswDAAAKCRDRE/ysPE5ZnwbX
+D/920l474IxY/HKcHNFwat42IMWHIAI61+CrL2ZKN7Ou13qBdMRMc9zUYrD4EifXen5WotTg
+wEKKmCIDnCKcVxRpiGEocOXXW1dvUTEJA+2xJRfkEgv9jsO2Q9ftTtC1SD08/h3tiA5aF103
+ZkYnZdCCbz3WcgW01aOs1l/IxVtdT8+ZgtJUT43zOJWN5p6J8Egnb8vAD87UPNnVmyDfpW2t
+GThfIrepWdve0hx1W1FrUsCVT5/suZvFMpAQaX4Tv50Sk3+g/77bwhe/OWJZyIJMsHCNlcJW
++QM3r28+mcNc5WiX1r2TdjGZBN3gWv23Vj8hhhS7w4jVWe/7pB/v67J2mZozVeUgfWR66HfX
+mCS+W1OrIELKyZFDNgxxnct9vx6/wCHqX0RRqdTe7FJw0WKFvDUhuKU7B/CVSXooF39wgBx7
+iD7FVTtstPrzYte/VbPZz5nyHQppSFUHW6bFJG0NdqpfvQts7RDoWJwS4RPqXUTkCKOSQjVu
+K+nl24M/awFwxdS0zDrHwd5zOsxhufqL4xRsrS5p5QfeUrcNOIYSEF75DLFxRfMHUP/icJcJ
+s8LuTAFMtZqL7kbWok7wdRYmO8mez/FvNTRSo85TlUzR3Fc4xZndBJ3P9vDkvWpKPfuXpiBf
+CuX9TFYSVolnnl2col5xay+f7P0XVpxLkO+fCw==
+=gOOn
+-----END PGP PUBLIC KEY BLOCK-----

fuse.rpmlintrc

@@ -0,0 +1,15 @@
+# This line is mandatory to access the configuration functions
+from Config import *
+
+# rpmlint message:
+# Your package contains a /etc/init.d scrip")
+# a start dependency that is not behind $remote_fs, while it apparently
+# needs $remote_fs dependency due to files being packaged under /usr.
+#
+# /usr/bin/fusermount is only needed when normal users want to mount,
+# otherwise everything else is outside of /usr, so it can be localfs:
+#
+addFilter("fuse non-remote_fs-dependency")
+
+# Everything moved away, so it got small but the docs are not huge:
+addFilter("fuse package-with-huge-docs")

fuse.spec

@@ -0,0 +1,262 @@
+#
+# spec file for package fuse
+#
+# Copyright (c) 2022-2023 ZhuningOS
+#
+
+
+Name:           fuse
+Version:        2.9.7
+Release:        3.3.1
+Summary:        User space File System
+License:        GPL-2.0+ and LGPL-2.1+
+Group:          System/Filesystems
+Url:            https://github.com/libfuse/libfuse
+Source:         https://github.com/libfuse/libfuse/releases/download/fuse-%{version}/fuse-%{version}.tar.gz
+Source2:        fuse.rpmlintrc
+Source3:        baselibs.conf
+Source4:        fuse.conf
+Source5:        https://github.com/libfuse/libfuse/releases/download/fuse-%{version}/fuse-%{version}.tar.gz.asc
+Source6:        fuse.keyring
+Patch0:         fuse-install-fix.diff
+Patch3:         fusermount-compile-as-pie.patch
+Patch4:         aarch64-build-fix.patch
+Patch5:	        fusermount-prevent-silent-truncation-of-mount-options.patch
+Patch6:	        fusermount-dont-feed-escaped-commans-into-mount-options.patch
+Patch7:	        fusermount-bail-out-on-transient-config-read-failure.patch
+Patch8:	        fusermount-refuse-unknown-options.patch
+Patch9:	        fusermount-whitelist-known-good-filesystems-for-mountpoints.patch
+BuildRequires:  autoconf
+BuildRequires:  automake
+BuildRequires:  libtool
+BuildRequires:  pkgconfig
+# FIXME: use proper Requires(pre/post/preun/...)
+PreReq:         permissions
+BuildRoot:      %{_tmppath}/%{name}-%{version}-build
+%if 0%{?suse_version} > 1320
+Requires(pre):  group(trusted)
+%endif
+%if 0%{?suse_version} > 1130
+Requires:       util-linux >= 2.18
+%else
+Requires:       util-linux(fake+no-canonicalize)
+%endif
+%if 0%{?suse_version} >= 1000
+Supplements:    filesystem(fuse)
+%endif
+
+%description
+With FUSE, a user space program can export a file system through the
+kernel-default (Linux kernel).
+
+User space file systems which are implemented using FUSE are provided
+by the following packages:
+
+- curlftpfs (mount FTP servers),
+
+- encfs (layered file encryption),
+
+- fuseiso (mount iso, img, bin, mdf and nrg CD-ROM images),
+
+- fusepod (mount iPods),
+
+- fusesmb (mount a fully browseable network neighborhood),
+
+- gphotofs (mount gphoto-supported cameras),
+
+- ntfs-3g (mount NTFS volumes read-write),
+
+- obexfs (mount of bluetooth devices),
+
+- sshfs (mount over ssh),
+
+- wdfs (mount of WebDAV shares)
+
+This package contains the mount binaries for fuse (might not be needed
+by some FUSE filesystems like ntfs-3g) and the documentation for FUSE.
+
+After installing fuse-devel, administrators can compile and install
+other user space file systems which can be found at
+http://fuse.sourceforge.net/wiki
+
+%package -n libulockmgr1
+Summary:        Library of FUSE, the User space File System for GNU/Linux and BSD
+Group:          System/Filesystems
+
+%description -n libulockmgr1
+With FUSE, a user space program can export a file system through the
+kernel-default (Linux kernel).
+
+%package -n libfuse2
+Summary:        Library of FUSE, the User space File System for GNU/Linux and BSD
+Group:          System/Filesystems
+
+%description -n libfuse2
+With FUSE, a user space program can export a file system through the
+kernel-default (Linux kernel).
+
+A FUSE file system which only needs libfuse2 is ntfs-3g, other FUSE
+file systems might need the fuse package in addition to have fusermount
+and /sbin/mount.fuse.
+
+After installing fuse-devel, administrators can compile and install
+other user space file systems which can be found at
+http://fuse.sourceforge.net/wiki
+
+%package doc
+Summary:        Document package for FUSE (userspace filesystem)
+Group:          Development/Languages/C and C++
+
+%description doc
+This package contains the documentation for FUSE (userspace filesystem).
+
+%package devel
+Summary:        Development package for FUSE (userspace filesystem) modules
+Group:          Development/Languages/C and C++
+Requires:       fuse = %{version}
+Requires:       fuse-doc = %{version}
+Requires:       glibc-devel
+Requires:       libfuse2 = %{version}
+Requires:       libulockmgr1 = %{version}
+
+%description devel
+This package contains all include files, libraries and configuration
+files needed to develop programs that use the fuse (FUSE) library to
+implement kernel-default (Linux) file systems in user space.
+
+With fuse-devel, administrators can compile and install other user
+space file systems which can be found at
+http://fuse.sourceforge.net/wiki
+
+%package devel-static
+Summary:        Development package for FUSE (userspace filesystem) modules
+Group:          Development/Languages/C and C++
+Requires:       fuse-devel = %{version}
+Provides:       fuse-devel:%{_libdir}/libfuse.a
+
+%description devel-static
+This package contains all include files, libraries and configuration
+files needed to develop programs that use the fuse (FUSE) library to
+implement kernel-default (Linux) file systems in user space.
+
+With fuse-devel, administrators can compile and install other user
+space file systems which can be found at
+http://fuse.sourceforge.net/wiki
+
+%prep
+%setup -q
+%patch0 -p1
+%patch3 -p1
+%patch4
+%patch5 -p1
+%patch6 -p1
+%patch7 -p1
+%patch8 -p1
+%patch9 -p1
+
+%build
+export CFLAGS="%{optflags} -g -fno-strict-aliasing"
+export MOUNT_FUSE_PATH=%{_sbindir}
+autoreconf -fi
+%configure --with-pic \
+    --with-pkgconfigdir=%{_libdir}/pkgconfig \
+    --enable-lib \
+    --enable-util \
+    --enable-example
+make %{?_smp_mflags}
+
+%install
+make DESTDIR=%{buildroot} install %{?_smp_mflags}
+rm -rf %{buildroot}/%{_sysconfdir}/init.d
+install -m644 -D %{SOURCE4} %{buildroot}/%{_sysconfdir}/fuse.conf
+# Needed for OpenSUSE buildservice
+%if 0%{?suse_version} <= 1020
+install -m644 -D util/udev.rules %{buildroot}/%{_sysconfdir}/udev/rules.d/99-fuse.rules
+%endif
+find %{buildroot} -type f -name "*.la" -delete -print
+# not needed for fuse, might reappar in separate package:
+rm -f %{buildroot}/%{_libdir}/libulockmgr.a
+#UsrMerge
+mkdir %{buildroot}/sbin
+mkdir %{buildroot}/%{_lib}
+ln -s -v %{_sbindir}/mount.fuse %{buildroot}/sbin
+pushd %{buildroot}/%{_libdir}
+for libname in $(ls *.so.*);do
+ln -s -v /%{_libdir}/$libname %{buildroot}/%{_lib}
+done
+popd
+#EndUsrMerge
+
+(cd example && make clean)
+rm -rf example/.deps example/Makefile.am example/Makefile.in
+rm -rf doc/Makefile.am doc/Makefile.in doc/Makefile
+
+%post
+%if 0%{?suse_version} >= 1140
+%set_permissions %{_bindir}/fusermount
+%else
+%run_permissions
+%endif
+
+%verifyscript
+%verify_permissions -e %{_bindir}/fusermount
+
+%post -n libfuse2 -p /sbin/ldconfig
+
+%postun -n libfuse2 -p /sbin/ldconfig
+
+%post -n libulockmgr1 -p /sbin/ldconfig
+
+%postun -n libulockmgr1 -p /sbin/ldconfig
+
+%files
+%defattr(-,root,root)
+%doc AUTHORS ChangeLog NEWS README* COPYING*
+%if 0%{?suse_version} <= 1020
+%dir %{_sysconfdir}/udev
+%dir %{_sysconfdir}/udev/rules.d
+%{_sysconfdir}/udev/rules.d/99-fuse.rules
+%endif
+%verify(not mode) %attr(4750,root,trusted) %{_bindir}/fusermount
+#UsrMerge
+/sbin/mount.fuse
+#EndUsrMerge
+%{_sbindir}/mount.fuse
+%config %{_sysconfdir}/fuse.conf
+%{_bindir}/ulockmgr_server
+%{_mandir}/man1/fusermount.1.*
+%{_mandir}/man1/ulockmgr_server.1.*
+%{_mandir}/man8/mount.fuse.8.*
+
+%files -n libfuse2
+%defattr(-,root,root)
+#UsrMerge
+/%{_lib}/libfuse.so.2*
+#EndUsrMerge
+%{_libdir}/libfuse.so.2*
+
+%files -n libulockmgr1
+%defattr(-,root,root)
+#UsrMerge
+/%{_lib}/libulockmgr.so.*
+#EndUsrMerge
+%{_libdir}/libulockmgr.so.*
+
+%files doc
+%defattr(-,root,root)
+%doc example doc
+
+%files devel
+%defattr(-,root,root)
+%{_libdir}/libfuse.so
+%{_libdir}/libulockmgr.so
+%{_includedir}/fuse.h
+%{_includedir}/fuse
+%{_libdir}/pkgconfig/*.pc
+%{_includedir}/ulockmgr.h
+
+%files devel-static
+%defattr(-,root,root)
+%{_libdir}/libfuse.a
+
+%changelog

fusermount-bail-out-on-transient-config-read-failure.patch

@@ -0,0 +1,42 @@
+From cc315f5aa7fae04e16dda419859b2995992977cd Mon Sep 17 00:00:00 2001
+From: Jann Horn <jannh@google.com>
+Date: Fri, 13 Jul 2018 15:50:50 -0700
+Subject: [PATCH] fusermount: bail out on transient config read failure
+
+If an attacker wishes to use the default configuration instead of the
+system's actual configuration, they can attempt to trigger a failure in
+read_conf(). This only permits increasing mount_max if it is lower than the
+default, so it's not particularly interesting. Still, this should probably
+be prevented robustly; bail out if funny stuff happens when we're trying to
+read the config.
+
+Note that the classic attack trick of opening so many files that the
+system-wide limit is reached won't work here - because fusermount only
+drops the fsuid, not the euid, the process is running with euid=0 and
+CAP_SYS_ADMIN, so it bypasses the number-of-globally-open-files check in
+get_empty_filp() (unless you're inside a user namespace).
+
+diff --git a/util/fusermount.c b/util/fusermount.c
+index 143bd4a..4e0f51a 100644
+--- a/util/fusermount.c
++++ b/util/fusermount.c
+@@ -565,10 +565,19 @@ static void read_conf(void)
+ 			fprintf(stderr, "%s: reading %s: missing newline at end of file\n", progname, FUSE_CONF);
+ 
+ 		}
++		if (ferror(fp)) {
++			fprintf(stderr, "%s: reading %s: read failed\n", progname, FUSE_CONF);
++			exit(1);
++		}
+ 		fclose(fp);
+ 	} else if (errno != ENOENT) {
++		bool fatal = (errno != EACCES && errno != ELOOP &&
++			      errno != ENAMETOOLONG && errno != ENOTDIR &&
++			      errno != EOVERFLOW);
+ 		fprintf(stderr, "%s: failed to open %s: %s\n",
+ 			progname, FUSE_CONF, strerror(errno));
++		if (fatal)
++			exit(1);
+ 	}
+ }
+ 

fusermount-compile-as-pie.patch

@@ -0,0 +1,13 @@
+Index: fuse-2.9.0/util/Makefile.am
+===================================================================
+--- fuse-2.9.0.orig/util/Makefile.am	2012-07-02 09:27:27.057828998 +0200
++++ fuse-2.9.0/util/Makefile.am	2012-07-02 09:28:25.920068349 +0200
+@@ -10,6 +10,8 @@ noinst_PROGRAMS = mount.fuse
+ # copying it over.
+ fusermount_SOURCES = fusermount.c mount_util.c
+ fusermount_CPPFLAGS = -I$(top_srcdir)/lib
++fusermount_CFLAGS =  -fPIE $(AM_CFLAGS)
++fusermount_LDFLAGS = -pie $(AM_LDFLAGS)
+ BUILT_SOURCES = mount_util.c
+ mount_util.c: $(top_srcdir)/lib/mount_util.c
+ 	@cp $(top_srcdir)/lib/mount_util.c .

fusermount-dont-feed-escaped-commans-into-mount-options.patch

@@ -0,0 +1,41 @@
+From 28bdae3d113ef479c1660a581ef720cdc33bf466 Mon Sep 17 00:00:00 2001
+From: Jann Horn <jannh@google.com>
+Date: Fri, 13 Jul 2018 15:15:36 -0700
+Subject: [PATCH] fusermount: don't feed "escaped commas" into mount options
+
+The old code permits the following behavior:
+
+$ _FUSE_COMMFD=10000 priv_strace -etrace=mount -s200 fusermount -o 'foobar=\,allow_other' mount
+mount("/dev/fuse", ".", "fuse", MS_NOSUID|MS_NODEV, "foobar=\\,allow_other,fd=3,rootmode=40000,user_id=1000,group_id=1000") = -1 EINVAL (Invalid argument)
+
+However, backslashes do not have any special meaning for the kernel here.
+
+As it happens, you can't abuse this because there is no FUSE mount option
+that takes a string value that can contain backslashes; but this is very
+brittle. Don't interpret "escape characters" in places where they don't
+work.
+
+diff --git a/util/fusermount.c b/util/fusermount.c
+index 0e1d34d..143bd4a 100644
+--- a/util/fusermount.c
++++ b/util/fusermount.c
+@@ -29,6 +29,7 @@
+ #include <sys/socket.h>
+ #include <sys/utsname.h>
+ #include <sched.h>
++#include <stdbool.h>
+ 
+ #define FUSE_COMMFD_ENV		"_FUSE_COMMFD"
+ 
+@@ -754,8 +755,10 @@ static int do_mount(const char *mnt, char **typep, mode_t rootmode,
+ 		unsigned len;
+ 		const char *fsname_str = "fsname=";
+ 		const char *subtype_str = "subtype=";
++		bool escape_ok = begins_with(s, fsname_str) ||
++				 begins_with(s, subtype_str);
+ 		for (len = 0; s[len]; len++) {
+-			if (s[len] == '\\' && s[len + 1])
++			if (escape_ok && s[len] == '\\' && s[len + 1])
+ 				len++;
+ 			else if (s[len] == ',')
+ 				break;

fusermount-prevent-silent-truncation-of-mount-options.patch

@@ -0,0 +1,96 @@
+From 34c62ee90c69b07998629f6b5a06ab0120be681c Mon Sep 17 00:00:00 2001
+From: Jann Horn <jannh@google.com>
+Date: Fri, 13 Jul 2018 14:51:17 -0700
+Subject: [PATCH] fusermount: prevent silent truncation of mount options
+
+Currently, in the kernel, copy_mount_options() copies in one page of
+userspace memory (or less if some of that memory area is not mapped).
+do_mount() then writes a null byte to the last byte of the copied page.
+This means that mount option strings longer than PAGE_SIZE-1 bytes get
+truncated silently.
+
+Therefore, this can happen:
+
+user@d9-ut:~$ _FUSE_COMMFD=10000 fusermount -o "$(perl -e 'print ","x4000')" mount
+sending file descriptor: Bad file descriptor
+user@d9-ut:~$ grep /mount /proc/mounts
+/dev/fuse /home/user/mount fuse rw,nosuid,nodev,relatime,user_id=1000,group_id=1000 0 0
+user@d9-ut:~$ fusermount -u mount
+user@d9-ut:~$ _FUSE_COMMFD=10000 fusermount -o "$(perl -e 'print ","x4050')" mount
+sending file descriptor: Bad file descriptor
+user@d9-ut:~$ grep /mount /proc/mounts
+/dev/fuse /home/user/mount fuse rw,nosuid,nodev,relatime,user_id=1000,group_id=100 0 0
+user@d9-ut:~$ fusermount -u mount
+user@d9-ut:~$ _FUSE_COMMFD=10000 fusermount -o "$(perl -e 'print ","x4051')" mount
+sending file descriptor: Bad file descriptor
+user@d9-ut:~$ grep /mount /proc/mounts
+/dev/fuse /home/user/mount fuse rw,nosuid,nodev,relatime,user_id=1000,group_id=10 0 0
+user@d9-ut:~$ fusermount -u mount
+user@d9-ut:~$ _FUSE_COMMFD=10000 fusermount -o "$(perl -e 'print ","x4052')" mount
+sending file descriptor: Bad file descriptor
+user@d9-ut:~$ grep /mount /proc/mounts
+/dev/fuse /home/user/mount fuse rw,nosuid,nodev,relatime,user_id=1000,group_id=1 0 0
+user@d9-ut:~$ fusermount -u mount
+
+I'm not aware of any context in which this is actually exploitable - you'd
+still need the UIDs to fit, and you can't do it if the three GIDs of the
+process don't match (in the case of a typical setgid binary), but it does
+look like something that should be fixed.
+
+I also plan to try to get this fixed on the kernel side.
+
+---
+ util/fusermount.c |   23 ++++++++++++++++++++---
+ 1 file changed, 20 insertions(+), 3 deletions(-)
+
+--- a/util/fusermount.c
++++ b/util/fusermount.c
+@@ -712,6 +712,23 @@ static int get_string_opt(const char *s,
+ 	return 1;
+ }
+ 
++/* The kernel silently truncates the "data" argument to PAGE_SIZE-1 characters.
++ * This can be dangerous if it e.g. truncates the option "group_id=1000" to
++ * "group_id=1".
++ * This wrapper detects this case and bails out with an error.
++ */
++static int mount_notrunc(const char *source, const char *target,
++			 const char *filesystemtype, unsigned long mountflags,
++			 const char *data) {
++	if (strlen(data) > sysconf(_SC_PAGESIZE) - 1) {
++		fprintf(stderr, "%s: mount options too long\n", progname);
++		errno = EINVAL;
++		return -1;
++	}
++	return mount(source, target, filesystemtype, mountflags, data);
++}
++
++
+ static int do_mount(const char *mnt, char **typep, mode_t rootmode,
+ 		    int fd, const char *opts, const char *dev, char **sourcep,
+ 		    char **mnt_optsp, off_t rootsize)
+@@ -836,7 +853,7 @@ static int do_mount(const char *mnt, cha
+ 	else
+ 		strcpy(source, subtype ? subtype : dev);
+ 
+-	res = mount(source, mnt, type, flags, optbuf);
++	res = mount_notrunc(source, mnt, type, flags, optbuf);
+ 	if (res == -1 && errno == ENODEV && subtype) {
+ 		/* Probably missing subtype support */
+ 		strcpy(type, blkdev ? "fuseblk" : "fuse");
+@@ -847,13 +864,13 @@ static int do_mount(const char *mnt, cha
+ 			strcpy(source, type);
+ 		}
+ 
+-		res = mount(source, mnt, type, flags, optbuf);
++		res = mount_notrunc(source, mnt, type, flags, optbuf);
+ 	}
+ 	if (res == -1 && errno == EINVAL) {
+ 		/* It could be an old version not supporting group_id */
+ 		sprintf(d, "fd=%i,rootmode=%o,user_id=%u",
+ 			fd, rootmode, getuid());
+-		res = mount(source, mnt, type, flags, optbuf);
++		res = mount_notrunc(source, mnt, type, flags, optbuf);
+ 	}
+ 	if (res == -1) {
+ 		int errno_save = errno;

fusermount-refuse-unknown-options.patch

@@ -0,0 +1,37 @@
+From 5018a0c016495155ee598b7e0167b43d5d902414 Mon Sep 17 00:00:00 2001
+From: Jann Horn <jannh@google.com>
+Date: Sat, 14 Jul 2018 03:47:50 -0700
+Subject: [PATCH] fusermount: refuse unknown options
+
+Blacklists are notoriously fragile; especially if the kernel wishes to add
+some security-critical mount option at a later date, all existing systems
+with older versions of fusermount installed will suddenly have a security
+problem.
+Additionally, if the kernel's option parsing became a tiny bit laxer, the
+blacklist could probably be bypassed.
+
+Whitelist known-harmless flags instead, even if it's slightly more
+inconvenient.
+
+diff --git a/util/fusermount.c b/util/fusermount.c
+index 4e0f51a..2792407 100644
+--- a/util/fusermount.c
++++ b/util/fusermount.c
+@@ -819,10 +819,16 @@ static int do_mount(const char *mnt, char **typep, mode_t rootmode,
+ 						flags |= flag;
+ 					else
+ 						flags  &= ~flag;
+-				} else {
++				} else if (opt_eq(s, len, "default_permissions") ||
++					   opt_eq(s, len, "allow_other") ||
++					   begins_with(s, "max_read=") ||
++					   begins_with(s, "blksize=")) {
+ 					memcpy(d, s, len);
+ 					d += len;
+ 					*d++ = ',';
++				} else {
++					fprintf(stderr, "%s: unknown option '%.*s'\n", progname, len, s);
++					exit(1);
+ 				}
+ 			}
+ 		}

fusermount-whitelist-known-good-filesystems-for-mountpoints.patch

@@ -0,0 +1,114 @@
+From 795ad5d77434f3502e63a70c8a3fda94fa347e3d Mon Sep 17 00:00:00 2001
+From: Jann Horn <jannh@google.com>
+Date: Sat, 14 Jul 2018 13:37:41 +0200
+Subject: [PATCH] fusermount: whitelist known-good filesystems for mountpoints
+
+Before:
+
+$ _FUSE_COMMFD=1 priv_strace -s8000 -e trace=mount util/fusermount3 /proc/self/fd
+mount("/dev/fuse", ".", "fuse", MS_NOSUID|MS_NODEV, "fd=3,rootmode=40000,user_id=379777,group_id=5001") = 0
+sending file descriptor: Socket operation on non-socket
++++ exited with 1 +++
+
+After:
+
+$ _FUSE_COMMFD=1 priv_strace -s8000 -e trace=mount util/fusermount3 /proc/self/fd
+util/fusermount3: mounting over filesystem type 0x009fa0 is forbidden
++++ exited with 1 +++
+
+This patch could potentially have security
+impact on some systems that are configured with allow_other;
+see https://launchpad.net/bugs/1530566 for an example of how a similar
+issue in the ecryptfs mount helper was exploitable. However, the FUSE
+mount helper performs slightly different security checks, so that exact
+attack doesn't work with fusermount; I don't know of any specific attack
+you could perform using this, apart from faking the SELinux context of your
+process when someone's looking at a process listing. Potential targets for
+overwrite are (looking on a system with a 4.9 kernel):
+
+writable only for the current process:
+/proc/self/{fd,map_files}
+(Yes, "ls -l" claims that you don't have write access, but that's not true;
+"find -writable" will show you what access you really have.)
+
+writable also for other owned processes:
+/proc/$pid/{sched,autogroup,comm,mem,clear_refs,attr/*,oom_adj,
+oom_score_adj,loginuid,coredump_filter,uid_map,gid_map,projid_map,
+setgroups,timerslack_ns}
+
+diff --git a/util/fusermount.c b/util/fusermount.c
+index 2792407..c63c50e 100644
+--- a/util/fusermount.c
++++ b/util/fusermount.c
+@@ -30,6 +30,7 @@
+ #include <sys/utsname.h>
+ #include <sched.h>
+ #include <stdbool.h>
++#include <sys/vfs.h>
+ 
+ #define FUSE_COMMFD_ENV		"_FUSE_COMMFD"
+ 
+@@ -915,6 +916,8 @@ static int check_perm(const char **mntp, struct stat *stbuf, int *mountpoint_fd)
+ 	int res;
+ 	const char *mnt = *mntp;
+ 	const char *origmnt = mnt;
++	struct statfs fs_buf;
++	size_t i;
+ 
+ 	res = lstat(mnt, stbuf);
+ 	if (res == -1) {
+@@ -987,8 +990,53 @@ static int check_perm(const char **mntp, struct stat *stbuf, int *mountpoint_fd)
+ 		return -1;
+ 	}
+ 
++	/* Do not permit mounting over anything in procfs - it has a couple
++	 * places to which we have "write access" without being supposed to be
++	 * able to just put anything we want there.
++	 * Luckily, without allow_other, we can't get other users to actually
++	 * use any fake information we try to put there anyway.
++	 * Use a whitelist to be safe. */
++	if (statfs(*mntp, &fs_buf)) {
++		fprintf(stderr, "%s: failed to access mountpoint %s: %s\n",
++			progname, mnt, strerror(errno));
++		return -1;
++	}
+ 
+-	return 0;
++	/* Use the same list of permitted filesystems for the mount target as
++	 * the ecryptfs mount helper
++	 * (https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/view/head:/src/utils/mount.ecryptfs_private.c#L225). */
++	typeof(fs_buf.f_type) f_type_whitelist[] = {
++		0x61756673 /* AUFS_SUPER_MAGIC */,
++		0x9123683E /* BTRFS_SUPER_MAGIC */,
++		0x00C36400 /* CEPH_SUPER_MAGIC */,
++		0xFF534D42 /* CIFS_MAGIC_NUMBER */,
++		0x0000F15F /* ECRYPTFS_SUPER_MAGIC */,
++		0x0000EF53 /* EXT[234]_SUPER_MAGIC */,
++		0xF2F52010 /* F2FS_SUPER_MAGIC */,
++		0x65735546 /* FUSE_SUPER_MAGIC */,
++		0x01161970 /* GFS2_MAGIC */,
++		0x3153464A /* JFS_SUPER_MAGIC */,
++		0x000072B6 /* JFFS2_SUPER_MAGIC */,
++		0x0000564C /* NCP_SUPER_MAGIC */,
++		0x00006969 /* NFS_SUPER_MAGIC */,
++		0x00003434 /* NILFS_SUPER_MAGIC */,
++		0x5346544E /* NTFS_SB_MAGIC */,
++		0x794C7630 /* OVERLAYFS_SUPER_MAGIC */,
++		0x52654973 /* REISERFS_SUPER_MAGIC */,
++		0x73717368 /* SQUASHFS_MAGIC */,
++		0x01021994 /* TMPFS_MAGIC */,
++		0x24051905 /* UBIFS_SUPER_MAGIC */,
++		0x58465342 /* XFS_SB_MAGIC */,
++		0x2FC12FC1 /* ZFS_SUPER_MAGIC */,
++	};
++	for (i = 0; i < sizeof(f_type_whitelist)/sizeof(f_type_whitelist[0]); i++) {
++		if (f_type_whitelist[i] == fs_buf.f_type)
++			return 0;
++	}
++
++	fprintf(stderr, "%s: mounting over filesystem type %#010lx is forbidden\n",
++		progname, (unsigned long)fs_buf.f_type);
++	return -1;
+ }
+ 
+ static int try_open(const char *dev, char **devp, int silent)