From c9206dd81538e75fc73d810679ea4e1af401294c04b76841810bcb9c2928e8e1 Mon Sep 17 00:00:00 2001
From: Dominique Leuenberger <dimstar@opensuse.org>
Date: Wed, 22 Nov 2017 11:03:03 +0000
Subject: [PATCH] - Disable caps(cap_net_bind_service=+ep) from gvfsd-nfs: this
 is   not acceptable from a security PoV, see boo#1065864#c6).

OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/gvfs?expand=0&rev=292
---
 gvfs.changes | 6 ++++++
 gvfs.spec    | 5 +++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/gvfs.changes b/gvfs.changes
index 04d78d2..426d9c6 100644
--- a/gvfs.changes
+++ b/gvfs.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Nov 22 11:01:59 UTC 2017 - dimstar@opensuse.org
+
+- Disable caps(cap_net_bind_service=+ep) from gvfsd-nfs: this is
+  not acceptable from a security PoV, see boo#1065864#c6).
+
 -------------------------------------------------------------------
 Mon Nov 20 19:41:56 UTC 2017 - mgorse@suse.com
 
diff --git a/gvfs.spec b/gvfs.spec
index 33505af..d84a298 100644
--- a/gvfs.spec
+++ b/gvfs.spec
@@ -328,8 +328,9 @@ find %{buildroot}%{_libdir} -type f -name '*.la' -delete -print
 %{_libexecdir}/%{name}/gvfsd-network
 %{_datadir}/%{name}/mounts/network.mount
 %if 0%{?is_opensuse}
-# allow priv ports for mounting nfs . Otherwise the nfs-service requires insecure
-%caps(cap_net_bind_service=+ep) %{_libexecdir}/%{name}/gvfsd-nfs
+# allow priv ports for mounting nfs . Otherwise the nfs-service requires insecure, not approved by sec, see boo#1065864
+# %caps(cap_net_bind_service=+ep) %{_libexecdir}/%{name}/gvfsd-nfs
+%{_libexecdir}/%{name}/gvfsd-nfs
 %{_datadir}/%{name}/mounts/nfs.mount
 %endif
 %if !0%{?is_opensuse}