Hi Agustin, actually doj has created a PR some time ago, see https://github.com/vgough/encfs/pull/664 . Maybe you can post your concerns there and not just in our bug db?
TBH I am hopping to switch to the Rust reimplementation when it's finished (@Valient: I hope that this rust branch is more than just a toy project... could you confirm? Do you need help, assistance?). Maybe all that all this security issues talk would become obsolete as well. And the responsibility for fuse handling would be moved to the fuse_mt crate. Best regards, Eduard. * Agustin Martin [Mon, Dec 08 2025, 11:29:45PM]: > On Sun, Nov 16, 2025 at 11:33:26PM +0100, Agustin Martin wrote: > > On Mon, Oct 07, 2024 at 12:20:01PM +0200, [email protected] wrote: > > > Package: encfs > > > Version: 1.9.5-2 > > > Severity: normal > > > > > > Dear Maintainer, > > ... > > > Please migrate your package to the fuse3 library, which is actively > > > maintained. It would be great if we could remove fuse 2.x in the > > > forky development cycle. > ... > > Hi, Chris and Eduard, > > > > While the first part is trivial the second one is not that trivial. > > > > I have noticed that this was reported upstream back in 2018, so I am tagging > > this bug report as forwarded. > > > > Unfortunately, upstream has declared encfs as unmaintained. Dirk Jagdmann > > (doj) suggested fuse3 related commits and opened a pull request for this > > > > https://github.com/vgough/encfs/pull/664 > > > > He has a repo at > > > > https://github.com/doj/encfs.git > > > > which he maintains as an encfs fork, do not know if personal or for general > > use. According to its README.md it is intended to support fuse3 library and > > OpenSSL 3. > > Hi, > > I have been testing some of the commits there and, while at a first glance > things seemed to work, further inspection shows some weird things that makes > me discourage its use. Together with the reported encfs security issues seems > more clear that unless something changes encfs will go away with fuse2. > > I am showing some of the problems I noticed. > > $ mkdir -p .crypto/ target/ > $ encfs `pwd`/.crypto `pwd`/target > $ touch target/00-HI-ENCRYPTED > > ## --- Using official Debian 1.9.5-3 encfs Debian package --- > $ ls -la target/ > total 8 > drwxrwsr-x 2 myuser myuser 4096 dic 3 17:43 . > drwxrwsr-x 4 myuser myuser 4096 dic 3 18:19 .. > -rw-rw-r-- 1 myuser myuser 0 dic 3 17:42 00-HI-ENCRYPTED > > ## --- Using new encfs 1.9.5-3~1 with fuse3 patches. Creation --- > $ ls -al target/ > total 8 > drwxrwsr-x 2 myuser myuser 4096 dic 3 18:28 . > drwxrwsr-x 4 myuser myuser 4096 dic 3 18:28 .. > ---------- 3651136296 root saned 0 dic 1 4458884 00-HI-ENCRYPTED > > ## --- Using new encfs 1.9.5-3~1 with fuse3 patches. Further mount --- > $ ls -al target/ > total 69999410541872 > drwxrwsr-x 2 myuser myuser 4096 dic 3 18:28 . > drwxrwsr-x 4 myuser myuser 4096 dic 3 18:29 .. > ---------- 67103528 root root 93983110258336 oct 13 4438351 > 00-HI-ENCRYPTED > > This last changes slightly from mount to mount. > > Using -f option with relative paths results in > > $ encfs -f ./.crypto ./target > > d????????? ? ? ? ? ? target > > be shown by ls -la in top dir. Using it with absolute paths results in > something > similar as above. > > Regards, > > -- > Agustin -- <Ganneff> a <azeem> b <Sahneschnitter> c <Sahneschnitter> :) <Ganneff> d <azeem> f <azeem> ups <Sahneschnitter> azeem sie sind raus :)
