Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package gvfs for openSUSE:Factory checked in at 2025-02-27 14:50:14 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gvfs (Old) and /work/SRC/openSUSE:Factory/.gvfs.new.25152 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gvfs" Thu Feb 27 14:50:14 2025 rev:199 rq:1248339 version:1.56.1 Changes: -------- --- /work/SRC/openSUSE:Factory/gvfs/gvfs.changes 2024-12-13 22:33:01.092760973 +0100 +++ /work/SRC/openSUSE:Factory/.gvfs.new.25152/gvfs.changes 2025-02-27 14:52:46.949104674 +0100 @@ -1,0 +2,5 @@ +Mon Feb 24 14:23:44 UTC 2025 - Matthias Gerstner <matthias.gerst...@suse.com> + +- add README.SUSE about security concerns in gvfs (bsc#1205607) + +------------------------------------------------------------------- New: ---- README.SUSE ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gvfs.spec ++++++ --- /var/tmp/diff_new_pack.vHthEa/_old 2025-02-27 14:52:47.669134717 +0100 +++ /var/tmp/diff_new_pack.vHthEa/_new 2025-02-27 14:52:47.669134717 +0100 @@ -1,7 +1,7 @@ # # spec file for package gvfs # -# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2025 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,6 +26,7 @@ Group: Development/Libraries/C and C++ URL: https://wiki.gnome.org/Projects/gvfs Source0: %{name}-%{version}.tar.zst +Source1: README.SUSE Source99: baselibs.conf ### NOTE: Please, keep SLE-only patches at bottom (starting on 1000). @@ -183,6 +184,7 @@ %patch -P 1000 -p1 %patch -P 1001 -p1 %endif +cp %{SOURCE1} . %build %meson \ @@ -223,7 +225,7 @@ %files %license COPYING daemon/trashlib/COPYING.trashlib -%doc NEWS README.md +%doc NEWS README.md README.SUSE %doc CONTRIBUTING.md NEWS.pre-1-2 %doc daemon/org.gtk.vfs.file-operations.rules.in %dir %{_datadir}/%{name} ++++++ README.SUSE ++++++ Security of gvfs ================ gvfs allows to operate on files with root privileges from within unprivileged graphical applications. This is for example used in the Nautilus file manager via the `admin://` protocol. There exist some inherent dangers to the design of gvfs that can weaken your system's security. Please refer to this blog post [1] from the SUSE security team for technical details. The post also contains recommendations for users of gvfs [2]. [1]: https://security.opensuse.org/2025/02/21/kio-admin-admittance.html [2]: https://security.opensuse.org/2025/02/21/kio-admin-admittance.html#7-recommendations-for-users-of-kio-admin-or-gvfs
