import gvfs-1.36.2-8.el8

This commit is contained in:
CentOS Sources 2020-01-21 18:23:53 -05:00 committed by Stepan Oksanichenko
parent c059225e74
commit e4b6d28064
8 changed files with 644 additions and 1 deletions

View File

@ -0,0 +1,127 @@
From 5cd76d627f4d1982b6e77a0e271ef9301732d09e Mon Sep 17 00:00:00 2001
From: Ondrej Holy <oholy@redhat.com>
Date: Thu, 23 May 2019 10:24:36 +0200
Subject: [PATCH] admin: Add query_info_on_read/write functionality
Admin backend doesn't implement query_info_on_read/write which might
potentially lead to some race conditions which aren't really wanted
especially in case of admin backend. Let's add this missing functionality.
---
daemon/gvfsbackendadmin.c | 79 +++++++++++++++++++++++++++++++++------
1 file changed, 67 insertions(+), 12 deletions(-)
diff --git a/daemon/gvfsbackendadmin.c b/daemon/gvfsbackendadmin.c
index 65a979e7..23d16f16 100644
--- a/daemon/gvfsbackendadmin.c
+++ b/daemon/gvfsbackendadmin.c
@@ -42,6 +42,8 @@
#include "gvfsjobopenforwrite.h"
#include "gvfsjobqueryattributes.h"
#include "gvfsjobqueryinfo.h"
+#include "gvfsjobqueryinforead.h"
+#include "gvfsjobqueryinfowrite.h"
#include "gvfsjobread.h"
#include "gvfsjobseekread.h"
#include "gvfsjobseekwrite.h"
@@ -155,6 +157,19 @@ complete_job (GVfsJob *job,
g_vfs_job_succeeded (job);
}
+static void
+fix_file_info (GFileInfo *info)
+{
+ /* Override read/write flags, since the above call will use access()
+ * to determine permissions, which does not honor our privileged
+ * capabilities.
+ */
+ g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_READ, TRUE);
+ g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_WRITE, TRUE);
+ g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_DELETE, TRUE);
+ g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_RENAME, TRUE);
+}
+
static void
do_query_info (GVfsBackend *backend,
GVfsJobQueryInfo *query_info_job,
@@ -180,19 +195,57 @@ do_query_info (GVfsBackend *backend,
if (error != NULL)
goto out;
- /* Override read/write flags, since the above call will use access()
- * to determine permissions, which does not honor our privileged
- * capabilities.
- */
- g_file_info_set_attribute_boolean (real_info,
- G_FILE_ATTRIBUTE_ACCESS_CAN_READ, TRUE);
- g_file_info_set_attribute_boolean (real_info,
- G_FILE_ATTRIBUTE_ACCESS_CAN_WRITE, TRUE);
- g_file_info_set_attribute_boolean (real_info,
- G_FILE_ATTRIBUTE_ACCESS_CAN_DELETE, TRUE);
- g_file_info_set_attribute_boolean (real_info,
- G_FILE_ATTRIBUTE_ACCESS_CAN_RENAME, TRUE);
+ fix_file_info (real_info);
+ g_file_info_copy_into (real_info, info);
+ g_object_unref (real_info);
+
+ out:
+ complete_job (job, error);
+}
+
+static void
+do_query_info_on_read (GVfsBackend *backend,
+ GVfsJobQueryInfoRead *query_info_job,
+ GVfsBackendHandle handle,
+ GFileInfo *info,
+ GFileAttributeMatcher *matcher)
+{
+ GVfsJob *job = G_VFS_JOB (query_info_job);
+ GFileInputStream *stream = handle;
+ GError *error = NULL;
+ GFileInfo *real_info;
+
+ real_info = g_file_input_stream_query_info (stream, query_info_job->attributes,
+ job->cancellable, &error);
+ if (error != NULL)
+ goto out;
+
+ fix_file_info (real_info);
+ g_file_info_copy_into (real_info, info);
+ g_object_unref (real_info);
+
+ out:
+ complete_job (job, error);
+}
+
+static void
+do_query_info_on_write (GVfsBackend *backend,
+ GVfsJobQueryInfoWrite *query_info_job,
+ GVfsBackendHandle handle,
+ GFileInfo *info,
+ GFileAttributeMatcher *matcher)
+{
+ GVfsJob *job = G_VFS_JOB (query_info_job);
+ GFileOutputStream *stream = handle;
+ GError *error = NULL;
+ GFileInfo *real_info;
+
+ real_info = g_file_output_stream_query_info (stream, query_info_job->attributes,
+ job->cancellable, &error);
+ if (error != NULL)
+ goto out;
+ fix_file_info (real_info);
g_file_info_copy_into (real_info, info);
g_object_unref (real_info);
@@ -868,6 +921,8 @@ g_vfs_backend_admin_class_init (GVfsBackendAdminClass * klass)
backend_class->mount = do_mount;
backend_class->open_for_read = do_open_for_read;
backend_class->query_info = do_query_info;
+ backend_class->query_info_on_read = do_query_info_on_read;
+ backend_class->query_info_on_write = do_query_info_on_write;
backend_class->read = do_read;
backend_class->create = do_create;
backend_class->append_to = do_append_to;
--
2.23.0

View File

@ -0,0 +1,80 @@
From d5dfd823c94045488aef8727c553f1e0f7666b90 Mon Sep 17 00:00:00 2001
From: Ondrej Holy <oholy@redhat.com>
Date: Fri, 24 May 2019 09:43:43 +0200
Subject: [PATCH] admin: Ensure correct ownership when moving to file:// uri
User and group is not restored properly when moving (or copying with
G_FILE_COPY_ALL_METADATA) from admin:// to file://, because it is handled
by GIO fallback code, which doesn't run with root permissions. Let's
handle this case with pull method to ensure correct ownership.
---
daemon/gvfsbackendadmin.c | 46 +++++++++++++++++++++++++++++++++++++++
1 file changed, 46 insertions(+)
diff --git a/daemon/gvfsbackendadmin.c b/daemon/gvfsbackendadmin.c
index 32b51b1a..9a7e8295 100644
--- a/daemon/gvfsbackendadmin.c
+++ b/daemon/gvfsbackendadmin.c
@@ -807,6 +807,51 @@ do_move (GVfsBackend *backend,
complete_job (job, error);
}
+static void
+do_pull (GVfsBackend *backend,
+ GVfsJobPull *pull_job,
+ const char *source,
+ const char *local_path,
+ GFileCopyFlags flags,
+ gboolean remove_source,
+ GFileProgressCallback progress_callback,
+ gpointer progress_callback_data)
+{
+ GVfsBackendAdmin *self = G_VFS_BACKEND_ADMIN (backend);
+ GVfsJob *job = G_VFS_JOB (pull_job);
+ GError *error = NULL;
+ GFile *src_file, *dst_file;
+
+ /* Pull method is necessary when user/group needs to be restored, return
+ * G_IO_ERROR_NOT_SUPPORTED in other cases to proceed with the fallback code.
+ */
+ if (!(flags & G_FILE_COPY_ALL_METADATA))
+ {
+ g_vfs_job_failed_literal (G_VFS_JOB (job), G_IO_ERROR,
+ G_IO_ERROR_NOT_SUPPORTED,
+ _("Operation not supported"));
+ return;
+ }
+
+ if (!check_permission (self, job))
+ return;
+
+ src_file = g_file_new_for_path (source);
+ dst_file = g_file_new_for_path (local_path);
+
+ if (remove_source)
+ g_file_move (src_file, dst_file, flags, job->cancellable,
+ progress_callback, progress_callback_data, &error);
+ else
+ g_file_copy (src_file, dst_file, flags, job->cancellable,
+ progress_callback, progress_callback_data, &error);
+
+ g_object_unref (src_file);
+ g_object_unref (dst_file);
+
+ complete_job (job, error);
+}
+
static void
do_query_settable_attributes (GVfsBackend *backend,
GVfsJobQueryAttributes *query_job,
@@ -927,6 +972,7 @@ g_vfs_backend_admin_class_init (GVfsBackendAdminClass * klass)
backend_class->set_attribute = do_set_attribute;
backend_class->delete = do_delete;
backend_class->move = do_move;
+ backend_class->pull = do_pull;
backend_class->query_settable_attributes = do_query_settable_attributes;
backend_class->query_writable_namespaces = do_query_writable_namespaces;
}
--
2.23.0

View File

@ -0,0 +1,87 @@
From d7d362995aa0cb8905c8d5c2a2a4c305d2ffff80 Mon Sep 17 00:00:00 2001
From: Ondrej Holy <oholy@redhat.com>
Date: Thu, 23 May 2019 10:33:30 +0200
Subject: [PATCH] admin: Use fsuid to ensure correct file ownership
Files created over admin backend should be owned by root, but they are
owned by the user itself. This is because the daemon drops the uid to
make dbus connection work. Use fsuid and euid to fix this issue.
Closes: https://gitlab.gnome.org/GNOME/gvfs/issues/21
---
daemon/gvfsbackendadmin.c | 29 +++++++----------------------
1 file changed, 7 insertions(+), 22 deletions(-)
diff --git a/daemon/gvfsbackendadmin.c b/daemon/gvfsbackendadmin.c
index a74d09cf..32b51b1a 100644
--- a/daemon/gvfsbackendadmin.c
+++ b/daemon/gvfsbackendadmin.c
@@ -157,19 +157,6 @@ complete_job (GVfsJob *job,
g_vfs_job_succeeded (job);
}
-static void
-fix_file_info (GFileInfo *info)
-{
- /* Override read/write flags, since the above call will use access()
- * to determine permissions, which does not honor our privileged
- * capabilities.
- */
- g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_READ, TRUE);
- g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_WRITE, TRUE);
- g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_DELETE, TRUE);
- g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_RENAME, TRUE);
-}
-
static void
do_query_info (GVfsBackend *backend,
GVfsJobQueryInfo *query_info_job,
@@ -195,7 +182,6 @@ do_query_info (GVfsBackend *backend,
if (error != NULL)
goto out;
- fix_file_info (real_info);
g_file_info_copy_into (real_info, info);
g_object_unref (real_info);
@@ -220,7 +206,6 @@ do_query_info_on_read (GVfsBackend *backend,
if (error != NULL)
goto out;
- fix_file_info (real_info);
g_file_info_copy_into (real_info, info);
g_object_unref (real_info);
@@ -245,7 +230,6 @@ do_query_info_on_write (GVfsBackend *backend,
if (error != NULL)
goto out;
- fix_file_info (real_info);
g_file_info_copy_into (real_info, info);
g_object_unref (real_info);
@@ -977,14 +961,15 @@ acquire_caps (uid_t uid)
struct __user_cap_header_struct hdr;
struct __user_cap_data_struct data;
- /* Tell kernel not clear capabilities when dropping root */
- if (prctl (PR_SET_KEEPCAPS, 1, 0, 0, 0) < 0)
- g_error ("prctl(PR_SET_KEEPCAPS) failed");
-
- /* Drop root uid, but retain the required permitted caps */
- if (setuid (uid) < 0)
+ /* Set euid to user to make dbus work */
+ if (seteuid (uid) < 0)
g_error ("unable to drop privs");
+ /* Set fsuid to still behave like root when working with files */
+ setfsuid (0);
+ if (setfsuid (-1) != 0)
+ g_error ("setfsuid failed");
+
memset (&hdr, 0, sizeof(hdr));
hdr.version = _LINUX_CAPABILITY_VERSION;
--
2.23.0

View File

@ -0,0 +1,99 @@
From 396216f71abf6907efd1383ca0d1a597918cd83d Mon Sep 17 00:00:00 2001
From: Ondrej Holy <oholy@redhat.com>
Date: Thu, 11 Oct 2018 17:47:59 +0200
Subject: [PATCH] daemon: Prevent spawning new daemons if outgoing operation
exists
A new daemon is always spawned if MountLocation method (or LookupMount for
automounted) is called and the respective mount isn't registered yet. This
is not usually an issue, because the redundant daemons are consequently
terminated. However, this is a problem if mount operations hang for some reason.
This may happen e.g. with trash backend due to stale NFS mounts. Consequently,
new and new daemons are spawned which may lead to system failures due to lack
of system resources. See the following downstream bug report:
https://bugzilla.redhat.com/show_bug.cgi?id=1632960
Let's fix that behavior simply by preventing spawning of new daemons if
respective outgoing mount operations exist.
https://gitlab.gnome.org/GNOME/gvfs/merge_requests/19
---
daemon/mount.c | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
diff --git a/daemon/mount.c b/daemon/mount.c
index e242666d..33cae597 100644
--- a/daemon/mount.c
+++ b/daemon/mount.c
@@ -73,6 +73,7 @@ typedef void (*MountCallback) (VfsMountable *mountable,
static GList *mountables = NULL;
static GList *mounts = NULL;
+static GList *ongoing = NULL;
static gboolean fuse_available;
@@ -253,6 +254,7 @@ typedef struct {
char *obj_path;
gboolean spawned;
GVfsDBusSpawner *spawner;
+ GList *pending; /* MountData */
} MountData;
static void spawn_mount (MountData *data);
@@ -264,6 +266,7 @@ mount_data_free (MountData *data)
g_mount_spec_unref (data->mount_spec);
g_free (data->obj_path);
g_clear_object (&data->spawner);
+ g_list_free_full (data->pending, (GDestroyNotify) mount_data_free);
g_free (data);
}
@@ -271,7 +274,17 @@ mount_data_free (MountData *data)
static void
mount_finish (MountData *data, GError *error)
{
+ GList *l;
+
+ ongoing = g_list_remove (ongoing, data);
+
data->callback (data->mountable, error, data->user_data);
+ for (l = data->pending; l != NULL; l = l->next)
+ {
+ MountData *pending_data = l->data;
+ pending_data->callback (pending_data->mountable, error, pending_data->user_data);
+ }
+
mount_data_free (data);
}
@@ -493,6 +506,7 @@ mountable_mount (VfsMountable *mountable,
gpointer user_data)
{
MountData *data;
+ GList *l;
data = g_new0 (MountData, 1);
data->automount = automount;
@@ -502,6 +516,18 @@ mountable_mount (VfsMountable *mountable,
data->callback = callback;
data->user_data = user_data;
+ for (l = ongoing; l != NULL; l = l->next)
+ {
+ MountData *ongoing_data = l->data;
+ if (g_mount_spec_equal (ongoing_data->mount_spec, mount_spec))
+ {
+ ongoing_data->pending = g_list_append (ongoing_data->pending, data);
+ return;
+ }
+ }
+
+ ongoing = g_list_append (ongoing, data);
+
if (mountable->dbus_name == NULL)
spawn_mount (data);
else
--
2.20.1

View File

@ -0,0 +1,92 @@
From e3808a1b4042761055b1d975333a8243d67b8bfe Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Wed, 5 Jun 2019 13:33:38 +0100
Subject: [PATCH] gvfsdaemon: Check that the connecting client is the same user
Otherwise, an attacker who learns the abstract socket address from
netstat(8) or similar could connect to it and issue D-Bus method
calls.
Signed-off-by: Simon McVittie <smcv@collabora.com>
---
daemon/gvfsdaemon.c | 36 +++++++++++++++++++++++++++++++++++-
1 file changed, 35 insertions(+), 1 deletion(-)
diff --git a/daemon/gvfsdaemon.c b/daemon/gvfsdaemon.c
index 406d4f8e..be148a7b 100644
--- a/daemon/gvfsdaemon.c
+++ b/daemon/gvfsdaemon.c
@@ -79,6 +79,7 @@ struct _GVfsDaemon
gint mount_counter;
+ GDBusAuthObserver *auth_observer;
GDBusConnection *conn;
GVfsDBusDaemon *daemon_skeleton;
GVfsDBusMountable *mountable_skeleton;
@@ -171,6 +172,8 @@ g_vfs_daemon_finalize (GObject *object)
}
if (daemon->conn != NULL)
g_object_unref (daemon->conn);
+ if (daemon->auth_observer != NULL)
+ g_object_unref (daemon->auth_observer);
g_hash_table_destroy (daemon->registered_paths);
g_hash_table_destroy (daemon->client_connections);
@@ -236,6 +239,35 @@ name_vanished_handler (GDBusConnection *connection,
daemon->lost_main_daemon = TRUE;
}
+/*
+ * Authentication observer signal handler that authorizes connections
+ * from the same uid as this process. This matches the behaviour of a
+ * libdbus DBusServer/DBusConnection when no DBusAllowUnixUserFunction
+ * has been set, but is not the default in GDBus.
+ */
+static gboolean
+authorize_authenticated_peer_cb (GDBusAuthObserver *observer,
+ G_GNUC_UNUSED GIOStream *stream,
+ GCredentials *credentials,
+ G_GNUC_UNUSED gpointer user_data)
+{
+ gboolean authorized = FALSE;
+
+ if (credentials != NULL)
+ {
+ GCredentials *own_credentials;
+
+ own_credentials = g_credentials_new ();
+
+ if (g_credentials_is_same_user (credentials, own_credentials, NULL))
+ authorized = TRUE;
+
+ g_object_unref (own_credentials);
+ }
+
+ return authorized;
+}
+
static void
g_vfs_daemon_init (GVfsDaemon *daemon)
{
@@ -265,6 +297,8 @@ g_vfs_daemon_init (GVfsDaemon *daemon)
daemon->conn = g_bus_get_sync (G_BUS_TYPE_SESSION, NULL, NULL);
g_assert (daemon->conn != NULL);
+ daemon->auth_observer = g_dbus_auth_observer_new ();
+ g_signal_connect (daemon->auth_observer, "authorize-authenticated-peer", G_CALLBACK (authorize_authenticated_peer_cb), NULL);
daemon->daemon_skeleton = gvfs_dbus_daemon_skeleton_new ();
g_signal_connect (daemon->daemon_skeleton, "handle-get-connection", G_CALLBACK (handle_get_connection), daemon);
@@ -876,7 +910,7 @@ handle_get_connection (GVfsDBusDaemon *object,
server = g_dbus_server_new_sync (address1,
G_DBUS_SERVER_FLAGS_NONE,
guid,
- NULL, /* GDBusAuthObserver */
+ daemon->auth_observer,
NULL, /* GCancellable */
&error);
g_free (guid);
--
2.21.0

View File

@ -0,0 +1,89 @@
diff --git a/configure.ac b/configure.ac
index 3b5836ff..daeee728 100644
--- a/configure.ac
+++ b/configure.ac
@@ -546,6 +546,11 @@ if test "x$enable_samba" != "xno"; then
if test "x$msg_samba" = "xyes"; then
PKG_CHECK_MODULES([SAMBA], [smbclient])
AC_DEFINE([HAVE_SAMBA], 1, [Define to 1 if you have the samba libraries])
+
+ AC_CHECK_LIB(smbclient, smbc_setOptionProtocols,
+ AC_DEFINE(HAVE_SMBC_SETOPTIONPROTOCOLS, 1, [Define to 1 if smbc_setOptionProtocols() is available]),
+ []
+ )
fi
fi
diff --git a/daemon/gvfsbackendsmbbrowse.c b/daemon/gvfsbackendsmbbrowse.c
index f08d2988..3b11883e 100644
--- a/daemon/gvfsbackendsmbbrowse.c
+++ b/daemon/gvfsbackendsmbbrowse.c
@@ -45,6 +45,7 @@
#include "gvfskeyring.h"
#include "gmounttracker.h"
#include "gvfsbackendsmbprivate.h"
+#include "gvfsutils.h"
#include <libsmbclient.h>
@@ -847,6 +848,47 @@ do_mount (GVfsBackend *backend,
else
op_backend->server = g_strdup (op_backend->mounted_server);
+#ifdef HAVE_SMBC_SETOPTIONPROTOCOLS
+ /* Force NT1 protocol version if server can't be resolved (i.e. is not
+ * hostname, nor IP address). This is needed for workgroup support, because
+ * "client max protocol" has been changed from NT1 to SMB3 in recent samba
+ * versions.
+ */
+
+ if (op_backend->server != NULL)
+ {
+ GResolver *resolver;
+ GList *addresses;
+ GError *error = NULL;
+ gchar *server;
+
+ resolver = g_resolver_get_default ();
+
+ /* IPv6 server includes brackets in GMountSpec, GResolver doesn't */
+ if (gvfs_is_ipv6 (op_backend->server))
+ server = g_strndup (op_backend->server + 1, strlen (op_backend->server) - 2);
+ else
+ server = g_strdup (op_backend->server);
+
+ addresses = g_resolver_lookup_by_name (resolver, server, NULL, &error);
+ if (addresses == NULL)
+ {
+ if (error != NULL)
+ {
+ g_debug ("%s\n", error->message);
+ g_error_free (error);
+ }
+
+ g_debug ("Forcing NT1 protocol version\n");
+ smbc_setOptionProtocols (smb_context, "NT1", "NT1");
+ }
+
+ g_resolver_free_addresses (addresses);
+ g_object_unref (resolver);
+ g_free (server);
+ }
+#endif
+
icon = NULL;
symbolic_icon = NULL;
if (op_backend->server == NULL)
diff --git a/meson.build b/meson.build
index 34600188..3a876172 100644
--- a/meson.build
+++ b/meson.build
@@ -416,6 +416,8 @@ config_h.set10('HAVE_LIBUSB', enable_libusb)
enable_samba = get_option('smb')
if enable_samba
smbclient_dep = dependency('smbclient')
+
+ config_h.set('HAVE_SMBC_SETOPTIONPROTOCOLS', cc.has_function('smbc_setOptionProtocols', dependencies: smbclient_dep))
endif
# *** Check for libarchive ***

View File

@ -0,0 +1,29 @@
From 38831e4ea149a0b4731d123c63d8b493d30ad0be Mon Sep 17 00:00:00 2001
From: Ondrej Holy <oholy@redhat.com>
Date: Sat, 26 May 2018 08:16:02 +0200
Subject: [PATCH] udisks2: Fix crashes caused by missing source tag
GAsyncReadyCallback is never called from g_drive_stop, because
source_tag is not set, but checked. This obviously causes issues
for client applications. Add missing source_tag.
Closes: https://gitlab.gnome.org/GNOME/gvfs/issues/1
---
monitor/udisks2/gvfsudisks2drive.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/monitor/udisks2/gvfsudisks2drive.c b/monitor/udisks2/gvfsudisks2drive.c
index 52e9b75e..87656688 100644
--- a/monitor/udisks2/gvfsudisks2drive.c
+++ b/monitor/udisks2/gvfsudisks2drive.c
@@ -915,6 +915,7 @@ gvfs_udisks2_drive_stop (GDrive *_drive,
GTask *task;
task = g_task_new (drive, cancellable, callback, user_data);
+ g_task_set_source_tag (task, gvfs_udisks2_drive_stop);
/* This information is needed in GVfsDdisks2Volume when apps have
* open files on the device ... we need to know if the button should
--
2.23.0

View File

@ -25,7 +25,7 @@
Name: gvfs Name: gvfs
Version: 1.36.2 Version: 1.36.2
Release: 4%{?dist} Release: 8%{?dist}
Summary: Backends for the gio framework in GLib Summary: Backends for the gio framework in GLib
License: GPLv3 and LGPLv2+ and BSD and MPLv2.0 License: GPLv3 and LGPLv2+ and BSD and MPLv2.0
@ -39,6 +39,27 @@ Patch0: admin-Prevent-access-if-any-authentication-agent-isn.patch
Patch1: udisks2-Handle-lockdown-option-to-disable-writing.patch Patch1: udisks2-Handle-lockdown-option-to-disable-writing.patch
Patch2: daemon-Handle-lockdown-option-to-disable-writing.patch Patch2: daemon-Handle-lockdown-option-to-disable-writing.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1729885
Patch3: gvfsdaemon-Check-that-the-connecting-client-is-the-s.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1739117
Patch4: daemon-Prevent-spawning-new-daemons-if-outgoing-oper.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1739116
Patch5: smbbrowse-Force-NT1-protocol-version-for-workgroup-s.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1754506
Patch6: admin-Add-query_info_on_read-write-functionality.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1752926
Patch7: admin-Use-fsuid-to-ensure-correct-file-ownership.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1753972
Patch8: admin-Ensure-correct-ownership-when-moving-to-file-u.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1759075
Patch9: udisks2-Fix-crashes-caused-by-missing-source-tag.patch
BuildRequires: pkgconfig BuildRequires: pkgconfig
BuildRequires: pkgconfig(glib-2.0) >= %{glib2_version} BuildRequires: pkgconfig(glib-2.0) >= %{glib2_version}
BuildRequires: pkgconfig(dbus-glib-1) BuildRequires: pkgconfig(dbus-glib-1)
@ -52,7 +73,9 @@ BuildRequires: pkgconfig(avahi-glib) >= %{avahi_version}
BuildRequires: pkgconfig(libsecret-1) BuildRequires: pkgconfig(libsecret-1)
BuildRequires: gettext-devel >= %{gettext_version} BuildRequires: gettext-devel >= %{gettext_version}
BuildRequires: pkgconfig(udisks2) >= %{udisks2_version} BuildRequires: pkgconfig(udisks2) >= %{udisks2_version}
%if ! 0%{?rhel}
BuildRequires: pkgconfig(libbluray) BuildRequires: pkgconfig(libbluray)
%endif
BuildRequires: systemd-devel >= %{systemd_version} BuildRequires: systemd-devel >= %{systemd_version}
BuildRequires: pkgconfig(libxslt) BuildRequires: pkgconfig(libxslt)
BuildRequires: docbook-style-xsl BuildRequires: docbook-style-xsl
@ -233,6 +256,7 @@ autoreconf -fi
--enable-installed-tests \ --enable-installed-tests \
%if 0%{?rhel} %if 0%{?rhel}
--disable-nfs \ --disable-nfs \
--disable-bluray \
%endif %endif
%{nil} %{nil}
make %{?_smp_mflags} V=1 make %{?_smp_mflags} V=1
@ -414,6 +438,22 @@ killall -USR1 gvfsd >&/dev/null || :
%{_datadir}/installed-tests %{_datadir}/installed-tests
%changelog %changelog
* Tue Oct 8 2019 Ondrej Holy <oholy@redhat.com> - 1.36.2-8
- Fix udisks2 volume monitor crashes when stopping drive (rhbz#1759075)
* Thu Sep 19 2019 Ondrej Holy <oholy@redhat.com> - 1.36.2-7
- Remove libbluray support (#1747972)
- CVE-2019-12448: Add query_info_on_read/write functionality (rhbz#1754506)
- CVE-2019-12447: Use fsuid to ensure correct file ownership (rhbz#1752926)
- CVE-2019-12449: Ensure correct ownership when moving to file:// uri (rhbz#1753972)
* Fri Aug 09 2019 Ondrej Holy <oholy@redhat.com> - 1.36.2-6
- Prevent spawning new daemons if outgoing operation exists (#1739117)
- Force NT1 protocol version for workgroup support (#1739116)
* Thu Aug 08 2019 Ondrej Holy <oholy@redhat.com> - 1.36.2-5
- CVE-2019-12795 Check that the connecting client is the same user (#1729885)
* Thu May 16 2019 Ondrej Holy <oholy@redhat.com> - 1.36.2-4 * Thu May 16 2019 Ondrej Holy <oholy@redhat.com> - 1.36.2-4
- Handle lockdown option to disable writing (#1662193) - Handle lockdown option to disable writing (#1662193)