Accepting request 683927 from home:iznogood:branches:GNOME:Factory

New stable rel, yay - I get to rebase in GN

OBS-URL: https://build.opensuse.org/request/show/683927
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/gvfs?expand=0&rev=321

gvfs-1.38.1.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ed136a842c996d25c835da405c4775c77106b46470e75bdc242bdd59ec0d61a0
-size 1203224

gvfs-1.38.2.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:903f08c27c36841adb3e1855e3ad8e64c3c837580d892e4e4ba7018ccbae865b
+size 1202808

gvfs-CVE-2019-3827.patch

@@ -1,134 +0,0 @@
-From d8d0c8c40049cfd824b2b90d0cd47914052b9811 Mon Sep 17 00:00:00 2001
-From: Ondrej Holy <oholy@redhat.com>
-Date: Wed, 2 Jan 2019 17:13:27 +0100
-Subject: admin: Prevent access if any authentication agent isn't available
-
-The backend currently allows to access and modify files without prompting
-for password if any polkit authentication agent isn't available. This seems
-isn't usually problem, because polkit agents are integral parts of
-graphical environments / linux distributions. The agents can't be simply
-disabled without root permissions and are automatically respawned. However,
-this might be a problem in some non-standard cases.
-
-This affects only users which belong to wheel group (i.e. those who are
-already allowed to use sudo). It doesn't allow privilege escalation for
-users, who don't belong to that group.
-
-Let's return permission denied error also when the subject can't be
-authorized by any polkit agent to prevent this behavior.
-
-Closes: https://gitlab.gnome.org/GNOME/gvfs/issues/355
----
- daemon/gvfsbackendadmin.c | 3 +--
- 1 file changed, 1 insertion(+), 2 deletions(-)
-
-diff --git a/daemon/gvfsbackendadmin.c b/daemon/gvfsbackendadmin.c
-index ec0f2392..0f849008 100644
---- a/daemon/gvfsbackendadmin.c
-+++ b/daemon/gvfsbackendadmin.c
-@@ -130,8 +130,7 @@ check_permission (GVfsBackendAdmin *self,
-       return FALSE;
-     }
- 
--  is_authorized = polkit_authorization_result_get_is_authorized (result) ||
--    polkit_authorization_result_get_is_challenge (result);
-+  is_authorized = polkit_authorization_result_get_is_authorized (result);
- 
-   g_object_unref (result);
- 
--- 
-2.16.4
-
-
-From 04325119859b9eb41c9db97f1c315f3c9ab3d95b Mon Sep 17 00:00:00 2001
-From: Ondrej Holy <oholy@redhat.com>
-Date: Fri, 4 Jan 2019 12:58:27 +0100
-Subject: admin: Add comment to .rules file
-
-Add comment to polkit org.gtk.vfs.file-operations.rules file explaining
-the rule which allows starting gvfsd-admin without password for users
-belonging to wheel group.
----
- daemon/org.gtk.vfs.file-operations.rules | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/daemon/org.gtk.vfs.file-operations.rules b/daemon/org.gtk.vfs.file-operations.rules
-index fb8d54ae..6e528e93 100644
---- a/daemon/org.gtk.vfs.file-operations.rules
-+++ b/daemon/org.gtk.vfs.file-operations.rules
-@@ -1,3 +1,8 @@
-+// Allows users belonging to wheel group to start gvfsd-admin without
-+// authorization. This prevents redundant password prompt when starting
-+// gvfsd-admin. The gvfsd-admin causes another password prompts to be shown
-+// for each client process using the different action id and for the subject
-+// based on the client process.
- polkit.addRule(function(action, subject) {
-         if ((action.id == "org.gtk.vfs.file-operations-helper") &&
-             subject.local &&
--- 
-2.16.4
-
-
-From cadb8377a849dfb3a815d05b50a75049095a8d2f Mon Sep 17 00:00:00 2001
-From: Ondrej Holy <oholy@redhat.com>
-Date: Mon, 14 Jan 2019 14:02:23 +0100
-Subject: admin: Add comments to .policy file
-
-Add comments to polkit org.gtk.vfs.file-operations.policy file explaining
-the purpose of the different actions.
----
- daemon/org.gtk.vfs.file-operations.policy.in.in | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/daemon/org.gtk.vfs.file-operations.policy.in.in b/daemon/org.gtk.vfs.file-operations.policy.in.in
-index f48a923b..02a7b2ce 100644
---- a/daemon/org.gtk.vfs.file-operations.policy.in.in
-+++ b/daemon/org.gtk.vfs.file-operations.policy.in.in
-@@ -8,6 +8,7 @@
-   <vendor>GVfs</vendor>
-   <vendor_url>http://git.gnome.org/browse/gvfs</vendor_url>
- 
-+  <!-- This action is used when starting gvfsd-admin. -->
-   <action id="org.gtk.vfs.file-operations-helper">
-     <description>Perform file operations</description>
-     <message>Authentication is required to perform file operations</message>
-@@ -19,6 +20,7 @@
-     <annotate key="org.freedesktop.policykit.exec.path">@libexecdir@/gvfsd-admin</annotate>
-   </action>
- 
-+  <!-- This action is used to authorize gvfsd-admin operations. -->
-   <action id="org.gtk.vfs.file-operations">
-     <description>Perform file operations</description>
-     <message>Authentication is required to perform file operations</message>
--- 
-2.16.4
-
-
-From a0e015cbd76715fbee407557c676a038f164c605 Mon Sep 17 00:00:00 2001
-From: Ondrej Holy <oholy@redhat.com>
-Date: Mon, 14 Jan 2019 14:04:58 +0100
-Subject: admin: Update message in .policy
-
-Update message for org.gtk.vfs.file-operations-helper action in
-polkit org.gtk.vfs.file-operations.rules file to be obvious that it is
-used when starting gvfsd-admin.
----
- daemon/org.gtk.vfs.file-operations.policy.in.in | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/daemon/org.gtk.vfs.file-operations.policy.in.in b/daemon/org.gtk.vfs.file-operations.policy.in.in
-index 02a7b2ce..7acfbfd5 100644
---- a/daemon/org.gtk.vfs.file-operations.policy.in.in
-+++ b/daemon/org.gtk.vfs.file-operations.policy.in.in
-@@ -11,7 +11,7 @@
-   <!-- This action is used when starting gvfsd-admin. -->
-   <action id="org.gtk.vfs.file-operations-helper">
-     <description>Perform file operations</description>
--    <message>Authentication is required to perform file operations</message>
-+    <message>Authentication is required to run gvfsd-admin daemon</message>
-     <defaults>
-       <allow_any>no</allow_any>
-       <allow_inactive>no</allow_inactive>
--- 
-2.16.4
-

gvfs.changes

@@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Mon Mar 11 15:19:51 UTC 2019 - Bjørn Lie <bjorn.lie@gmail.com>
+
+- Update to version 1.38.2:
+  + mtp: Don't retry reading an event after failure.
+  + admin: Prevent access if any authentication agent isn't
+    available (CVE-2019-3827).
+  + udisks2: Restore support of comment=x-gvfs-* option.
+  + common: Prevent crashes on invalid autorun file.
+  + Several smaller bugfixes.
+  + Updated translations.
+- Drop gvfs-CVE-2019-3827.patch: Fixed upstream.
+
 -------------------------------------------------------------------
 Thu Feb 14 10:18:27 UTC 2019 - qkzhu@suse.com
 

gvfs.spec

@@ -12,13 +12,13 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
 
 %bcond_without  cdda
 Name:           gvfs
-Version:        1.38.1
+Version:        1.38.2
 Release:        0
 Summary:        Virtual File System functionality for GLib
 License:        LGPL-2.0-or-later AND GPL-3.0-only
@@ -27,8 +27,6 @@ URL:            https://wiki.gnome.org/Projects/gvfs
 Source0:        https://download.gnome.org/sources/gvfs/1.38/%{name}-%{version}.tar.xz
 Source99:       baselibs.conf
 
-# PATCH-FIX-UPSTREAM gvfs-CVE-2019-3827.patch glgo#GNOME/gvfs#355 bsc#1125084 CVE-2019-3827 qkzhu@suse.com -- Prevent access if any authentication agent isn't available
-Patch1:         gvfs-CVE-2019-3827.patch
 ### NOTE: Please, keep SLE-only patches at bottom (starting on 1000).
 # PATCH-FEATURE-SLE gvfs-nds.patch ksamrat@novell.com -- Provides NDS browsing for nautilus
 Patch1000:      gvfs-nds.patch
@@ -161,7 +159,6 @@ gvfs plugins.
 %prep
 %setup -q
 translation-update-upstream po %{name}
-%patch1 -p1
 %if !0%{?is_opensuse}
 %patch1000 -p1
 %patch1001 -p1