Ubuntu
unison package

file permissions munged in unison 2.27, please update to 2.32

Bug #304453 reported by bcrowell on 2008-12-02

50

This bug affects 9 people

Affects		Status	Importance	Assigned to	Milestone
	unison (Debian)	Fix Released	Unknown	debbugs #559054
	unison (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

Hardy has unison 2.13.16, and Intrepid has 2.27.57. After upgrading, a bug occurs that has to do with file permissions. To reproduce the bug:

Create a new directory and a new .prf file that refers to that directory, with perms = 0. Create a new file in that directory. Synchronize the file with another machine. The synchronized version of the file has erroneous permissions -rw------. From discussions with the author, I think this may actually be a problem that occurs specifically because of the upgrade from this specific old version (2.13, which dates back to 2005) to this specific new version (2.27).

Upgrading to unison 2.32.1 fixes the bug.

I've checked the box saying that it's a security vulnerability, because the bug puts incorrect permissions on files. The behavior I've observed actually makes the permissions on the file *more* strict than they should be, but I don't know whether the same bug could also result in the opposite behavior, making them less strict than they should be, which would be a security vulnerability. It may depend on the umasks that are set on the two machines.

Tags:

Related branches

lp:ubuntu/maverick/unison

Kees Cook (kees) on 2009-03-25

security vulnerability:

yes → no

Revision history for this message

Gergely Imreh (imrehg) wrote on 2009-10-01:

#1

2.32 has recently been marked stable, so it should be a good candidate for update.

Also, the Unicode support has been greatly improved in the newer releases since 2.27, which would really worth updating for, since the majority of the world needs Unicode for local language support and interacting with other systems.

tags:	added: update
tags:	added: package-update removed: update

Revision history for this message

Psykotik (linux-ikiru) wrote on 2010-01-26:

#2

Would it be possible to include to next ubuntu release (lucid lynx) unison 2.32.52, which is stable, as previously noted?

Revision history for this message

Henk Koster (h-a-j-koster) wrote on 2010-03-13:

#3

FWIW, Debian testing (Squeeze) now also has the latest "32" stable release. What's more, I synchronize a bunch of personal files between Debian testing, Mac OS X and would like to add Ubuntu Lucid Lynx to that as well. It shouldn't be necessary for Ubuntu users to start downloading this package from the Debian repositories... So, get with it, please!

Revision history for this message

Henk Koster (h-a-j-koster) wrote on 2010-03-13:

#4

For those who don't know: unison 2.32 versions cannot work with 2.27 versions...

Revision history for this message

Odin Hørthe Omdal (velmont) wrote on 2010-03-16:

#5

Thank you Henk, than I won't try. But I've got a pesky Ubuntu Hardy server, Lucid Lynx desktop and Arch Linux netbook.

That's 3 different Unison versions for you! Only Arch is updated with the newest, the others are ooold.

Bug Watch Updater (bug-watch-updater) on 2010-04-01

Changed in unison (Debian):
status:	Unknown → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2010-05-08:

#6

This bug was fixed in the package unison - 2.32.52-1ubuntu1

---------------
unison (2.32.52-1ubuntu1) maverick; urgency=low

  * Merge from Debian unstable, remaining changes:
    - Change default logfile directory to .unison by prepending
      .unison to name of logfile in ubase/trace.ml. For this reason
      debian/patches/00list still include change-logfile-location
  * New upstream version fixes bugs:
    - file permissions probem, LP: #304453
    - slowliness on large files, LP: #394895
    - "Failed: Not_found" after directory rename, LP: #569647

unison (2.32.52-1) unstable; urgency=low

  * New upstream release (Closes: #559054)
  * Merge changes from unison2.27.57:
    * Move ${F:OtherUnison*} fields first due to a problem when merging
      conflicts in dpkg-gencontrol
  * Generate manpage using debian/generate-manpage.ml and output of 'unison
    -help', so manpage is always up-to-date
    (Closes: #524526, #517972, #524475)
  * Backup files changed during build (lwt/depend, ubase/depend)

unison (2.27.57-4) unstable; urgency=low

  * Merge changes from unison2.27.57:
    * Update Standards-Version to 3.8.4 (no change)
    * Stop using dh_desktop
    * Use dh_ocaml 0.9 features (auto dependencies)
  * unison binaries are custom executables, so we can remove Depends on any
    ocaml-base* packages (Closes: #540481)
  * Add bash_completion (Closes: #349782, #481070)
  * Use the full path to access icon in .desktop (Closes: #541700)
  * Patch from unison trunk to remove 'Connected ...' message even when
    -silent is set (Closes: #497729, #551199)
  * Auto generate conflicts with unisonX.Y.Z or unison (X.Y.Z) package
    (Closes: #570910)
  * Enhance templating for unison and unison-gtk common files
-- Ilya Barygin <email address hidden> Sat, 08 May 2010 13:56:17 +0000

Changed in unison (Ubuntu):
status:	New → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

Bug #456431

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

debbugs #559054
[done important] Edit

Bug watches keep track of this bug in other bug trackers.