From 646c7586b99f59f00b88673f6ed8b4b7cdfc18fa5b21087e252a572b0616911b Mon Sep 17 00:00:00 2001
From: Dominique Leuenberger <dimstar@opensuse.org>
Date: Thu, 18 Jul 2019 10:28:51 +0000
Subject: [PATCH] Accepting request 716023 from GNOME:Next

New stable release

OBS-URL: https://build.opensuse.org/request/show/716023
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/gvfs?expand=0&rev=329
---
 gvfs-1.40.1.tar.xz |  3 ---
 gvfs-1.40.2.tar.xz |  3 +++
 gvfs.changes       | 20 ++++++++++++++++++++
 gvfs.spec          |  2 +-
 4 files changed, 24 insertions(+), 4 deletions(-)
 delete mode 100644 gvfs-1.40.1.tar.xz
 create mode 100644 gvfs-1.40.2.tar.xz

diff --git a/gvfs-1.40.1.tar.xz b/gvfs-1.40.1.tar.xz
deleted file mode 100644
index 9208924..0000000
--- a/gvfs-1.40.1.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:927af496efee4767f1ba12694190f9c93bc512a44854e88dbb6f5792abfad6b1
-size 1205296
diff --git a/gvfs-1.40.2.tar.xz b/gvfs-1.40.2.tar.xz
new file mode 100644
index 0000000..d39e6c9
--- /dev/null
+++ b/gvfs-1.40.2.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:bdefe8fec6a1097f0c126fa2a4533667c98a86e237ac640518000e16b363971e
+size 1204824
diff --git a/gvfs.changes b/gvfs.changes
index a795b0d..3778f6d 100644
--- a/gvfs.changes
+++ b/gvfs.changes
@@ -1,3 +1,23 @@
+-------------------------------------------------------------------
+Wed Jul 17 10:07:09 UTC 2019 - Bjørn Lie <bjorn.lie@gmail.com>
+
+- Update to version 1.40.2:
+  + daemon:
+    - Only accept EXTERNAL authentication (CVE-2019-12795).
+    - Check that the connecting client is the same user
+      (CVE-2019-12795).
+  + admin:
+    - Ensure correct ownership when moving to file:// uri
+      (CVE-2019-12449).
+    - Use fsuid to ensure correct file ownership (CVE-2019-12447).
+    - Allow changing file owner (CVE-2019-12447).
+    - Add query_info_on_read/write functionality (CVE-2019-12448).
+  + afc: Remove assumptions about length of device UUID to support
+    new devices.
+  + gmountsource: Fix deadlocks in synchronous API.
+  + afp: Fix afp backend crash when no username supplied.
+  + Updated translations.
+
 -------------------------------------------------------------------
 Fri May 17 09:26:43 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org>
 
diff --git a/gvfs.spec b/gvfs.spec
index be0f32f..fd3ec0c 100644
--- a/gvfs.spec
+++ b/gvfs.spec
@@ -18,7 +18,7 @@
 
 %bcond_without  cdda
 Name:           gvfs
-Version:        1.40.1
+Version:        1.40.2
 Release:        0
 Summary:        Virtual File System functionality for GLib
 License:        LGPL-2.0-or-later AND GPL-3.0-only