pool/gvfs
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1248339 from GNOME:Factory

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/1248339
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gvfs?expand=0&rev=199
This commit is contained in:
Dominique Leuenberger 2025-02-27 13:50:14 +00:00 committed by Git OBS Bridge
commit db16607e3f
3 changed files with 23 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
README.SUSE Normal file
View File

@ -0,0 +1,14 @@
Security of gvfs
================
gvfs allows to operate on files with root privileges from within
unprivileged graphical applications. This is for example used in the Nautilus
file manager via the `admin://` protocol.
There exist some inherent dangers to the design of gvfs that can weaken
your system's security. Please refer to this blog post [1] from the SUSE
security team for technical details. The post also contains recommendations
for users of gvfs [2].
[1]: https://security.opensuse.org/2025/02/21/kio-admin-admittance.html
[2]: https://security.opensuse.org/2025/02/21/kio-admin-admittance.html#7-recommendations-for-users-of-kio-admin-or-gvfs

5
gvfs.changes
View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Mon Feb 24 14:23:44 UTC 2025 - Matthias Gerstner <matthias.gerstner@suse.com>
- add README.SUSE about security concerns in gvfs (bsc#1205607)
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Dec 11 20:48:16 UTC 2024 - Bjørn Lie <bjorn.lie@gmail.com> Wed Dec 11 20:48:16 UTC 2024 - Bjørn Lie <bjorn.lie@gmail.com>

6
gvfs.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package gvfs # spec file for package gvfs
# #
# Copyright (c) 2024 SUSE LLC # Copyright (c) 2025 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -26,6 +26,7 @@ License: GPL-3.0-only AND LGPL-2.0-or-later
Group: Development/Libraries/C and C++ Group: Development/Libraries/C and C++
URL: https://wiki.gnome.org/Projects/gvfs URL: https://wiki.gnome.org/Projects/gvfs
Source0: %{name}-%{version}.tar.zst Source0: %{name}-%{version}.tar.zst
Source1: README.SUSE
Source99: baselibs.conf Source99: baselibs.conf
### NOTE: Please, keep SLE-only patches at bottom (starting on 1000). ### NOTE: Please, keep SLE-only patches at bottom (starting on 1000).
@ -183,6 +184,7 @@ gvfs plugins.
%patch -P 1000 -p1 %patch -P 1000 -p1
%patch -P 1001 -p1 %patch -P 1001 -p1
%endif %endif
cp %{SOURCE1} .
%build %build
%meson \ %meson \
@ -223,7 +225,7 @@ mv daemon/trashlib/COPYING daemon/trashlib/COPYING.trashlib
%files %files
%license COPYING daemon/trashlib/COPYING.trashlib %license COPYING daemon/trashlib/COPYING.trashlib
%doc NEWS README.md %doc NEWS README.md README.SUSE
%doc CONTRIBUTING.md NEWS.pre-1-2 %doc CONTRIBUTING.md NEWS.pre-1-2
%doc daemon/org.gtk.vfs.file-operations.rules.in %doc daemon/org.gtk.vfs.file-operations.rules.in
%dir %{_datadir}/%{name} %dir %{_datadir}/%{name}