Accepting request 750269 from GNOME:Next

New stable release

OBS-URL: https://build.opensuse.org/request/show/750269
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/gvfs?expand=0&rev=337

gvfs-1.42.1.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9d06071b4a1d83671f76d0e3c32b66631671669d330fe21702f60a8611c37730
-size 1204916

gvfs-1.42.2.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b57af97573bd295aa50037eed29c6ba7a36188230c515e007c3018855a5cf949
+size 1204972

gvfs.changes

@@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Fri Nov 22 10:57:07 UTC 2019 - Bjørn Lie <bjorn.lie@gmail.com>
+
+- Update to version 1.42.2:
+  + gdbus: Add workaround for deadlocks when cancelling jobs.
+
+-------------------------------------------------------------------
+Tue Nov 19 08:05:54 UTC 2019 - QK ZHU <qkzhu@suse.com>
+
+- Drop fixed upstream patches by version 1.40.2:
+  + gvfs-CVE-2019-12447.patch.
+  + gvfs-CVE-2019-12448.patch.
+  + gvfs-CVE-2019-12449.patch.
+  + gvfs-CVE-2019-12795.patch.
+
 -------------------------------------------------------------------
 Mon Oct 21 07:45:59 UTC 2019 - QK ZHU <qkzhu@suse.com>
 
@@ -95,6 +110,34 @@ Wed Jul 17 10:07:09 UTC 2019 - Bjørn Lie <bjorn.lie@gmail.com>
   + afp: Fix afp backend crash when no username supplied.
   + Updated translations.
 
+-------------------------------------------------------------------
+Fri Jun 21 06:32:04 UTC 2019 - Qiang Zheng <qzheng@suse.com>
+
+- Add gvfs-CVE-2019-12795.patch: Backport from upstream commit
+  70dbfc68 to check that the connecting client is the same user
+  (boo#1137930, CVE-2019-12795).
+
+-------------------------------------------------------------------
+Fri Jun 21 06:13:59 UTC 2019 - Qiang Zheng <qzheng@suse.com>
+
+- Add gvfs-CVE-2019-12447.patch: Backport from upstream commit
+  3895e09d and daf1163a to fix a mishandles file ownership issue
+  (boo#1136986, CVE-2019-12447).
+
+-------------------------------------------------------------------
+Tue Jun 18 09:07:16 UTC 2019 - Qiang Zheng <qzheng@suse.com>
+
+- Add gvfs-CVE-2019-12448.patch: Backport from upstream commit
+  5cd76d62 to add query_info_on_read/write functionality
+  (boo#1136981, CVE-2019-12448).
+
+-------------------------------------------------------------------
+Tue Jun 18 08:18:18 UTC 2019 - Qiang Zheng <qzheng@suse.com>
+
+- Add gvfs-CVE-2019-12449.patch: Backport from upstream commit
+  d5dfd823 to ensure correct ownership when moving to file:// uri
+  (boo#1136992, CVE-2019-12449).
+
 -------------------------------------------------------------------
 Fri May 17 09:26:43 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org>
 

gvfs.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package gvfs
 #
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
 
 %bcond_without  cdda
 Name:           gvfs
-Version:        1.42.1
+Version:        1.42.2
 Release:        0
 Summary:        Virtual File System functionality for GLib
 License:        LGPL-2.0-or-later AND GPL-3.0-only