Accepting request 750269 from GNOME:Next

New stable release OBS-URL: https://build.opensuse.org/request/show/750269 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/gvfs?expand=0&rev=337
2019-11-26 09:26:32 +00:00 · 2019-11-26 09:26:32 +00:00 · c93b1438ec
commit c93b1438ec
parent 853406a954
4 changed files with 48 additions and 5 deletions
--- a/gvfs-1.42.1.tar.xz
+++ b/gvfs-1.42.1.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9d06071b4a1d83671f76d0e3c32b66631671669d330fe21702f60a8611c37730
-size 1204916
--- a/gvfs-1.42.2.tar.xz
+++ b/gvfs-1.42.2.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b57af97573bd295aa50037eed29c6ba7a36188230c515e007c3018855a5cf949
+size 1204972
--- a/gvfs.changes
+++ b/gvfs.changes
@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Fri Nov 22 10:57:07 UTC 2019 - Bjørn Lie <bjorn.lie@gmail.com>
+
+- Update to version 1.42.2:
+  + gdbus: Add workaround for deadlocks when cancelling jobs.
+
+-------------------------------------------------------------------
+Tue Nov 19 08:05:54 UTC 2019 - QK ZHU <qkzhu@suse.com>
+
+- Drop fixed upstream patches by version 1.40.2:
+  + gvfs-CVE-2019-12447.patch.
+  + gvfs-CVE-2019-12448.patch.
+  + gvfs-CVE-2019-12449.patch.
+  + gvfs-CVE-2019-12795.patch.
+
 -------------------------------------------------------------------
 Mon Oct 21 07:45:59 UTC 2019 - QK ZHU <qkzhu@suse.com>

@ -95,6 +110,34 @@ Wed Jul 17 10:07:09 UTC 2019 - Bjørn Lie <bjorn.lie@gmail.com>
  + afp: Fix afp backend crash when no username supplied.
  + Updated translations.

+-------------------------------------------------------------------
+Fri Jun 21 06:32:04 UTC 2019 - Qiang Zheng <qzheng@suse.com>
+
+- Add gvfs-CVE-2019-12795.patch: Backport from upstream commit
+  70dbfc68 to check that the connecting client is the same user
+  (boo#1137930, CVE-2019-12795).
+
+-------------------------------------------------------------------
+Fri Jun 21 06:13:59 UTC 2019 - Qiang Zheng <qzheng@suse.com>
+
+- Add gvfs-CVE-2019-12447.patch: Backport from upstream commit
+  3895e09d and daf1163a to fix a mishandles file ownership issue
+  (boo#1136986, CVE-2019-12447).
+
+-------------------------------------------------------------------
+Tue Jun 18 09:07:16 UTC 2019 - Qiang Zheng <qzheng@suse.com>
+
+- Add gvfs-CVE-2019-12448.patch: Backport from upstream commit
+  5cd76d62 to add query_info_on_read/write functionality
+  (boo#1136981, CVE-2019-12448).
+
+-------------------------------------------------------------------
+Tue Jun 18 08:18:18 UTC 2019 - Qiang Zheng <qzheng@suse.com>
+
+- Add gvfs-CVE-2019-12449.patch: Backport from upstream commit
+  d5dfd823 to ensure correct ownership when moving to file:// uri
+  (boo#1136992, CVE-2019-12449).
+
 -------------------------------------------------------------------
 Fri May 17 09:26:43 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org>

--- a/gvfs.spec
+++ b/gvfs.spec
@ -1,7 +1,7 @@
 #
 # spec file for package gvfs
 #
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -18,7 +18,7 @@

 %bcond_without  cdda
 Name:           gvfs
-Version:        1.42.1
+Version:        1.42.2
 Release:        0
 Summary:        Virtual File System functionality for GLib
 License:        LGPL-2.0-or-later AND GPL-3.0-only