--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: [email protected]
Control: affects -1 + src:gvfs
User: [email protected]
Usertags: pu
[ Reason ]
I'm updating the gvfs package with security fixes backported from
upstream that has been deemed not-DSA-worthy by the security team.
They are thus submitted as proposed updates.
[ Impact ]
The impact are 2 security issues:
* FTP Bounce attack - malicious PASV replies can probe open ports on
client network.
* Improper CR/LF sanitation - can lead to injection of arbitrary FTP
commands.
[ Tests ]
Test results are available in debusine:
https://debusine.debian.net/debian/developers/work-request/540205/
[ Risks ]
I don't see any immediate risks, as the fixes are from upstream
and are already in unstable/testing, etc.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
Cherry-pick upstream commits:
https://gitlab.gnome.org/GNOME/gvfs/-/commit/30b89fc61ef620dfa81492f68a21ee1fdb7021f3
https://gitlab.gnome.org/GNOME/gvfs/-/commit/447ee8a32fe56529bf92c0a733f6d35e724c2689
- the last one needed some manual conflict resolution to apply to
bookworm version of gvfs.
[ Other info ]
Me handling this SPU is acked by smcv of the Debian Gnome Team.
I've already filed a similar bug report for SPU.
I will likely go ahead and upload semi-immediately (unless I hear different)
as previously discussed in
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128227#29
See also https://security-tracker.debian.org/tracker/source-package/gvfs
diff -Nru gvfs-1.50.3/debian/changelog gvfs-1.50.3/debian/changelog
--- gvfs-1.50.3/debian/changelog 2023-01-09 18:10:14.000000000 +0100
+++ gvfs-1.50.3/debian/changelog 2026-03-29 04:15:46.000000000 +0200
@@ -1,3 +1,14 @@
+gvfs (1.50.3-1+deb12u1) bookworm; urgency=high
+
+ * Non-maintainer upload by the LTS Security Team.
+ * CVE-2026-28295 ftp: Use control connection address for PASV data
+ (Closes: #1129285)
+ * CVE-2026-28296 ftp: Reject paths containing CR/LF characters
+ (Closes: #1129286)
+ * debian/gbp.conf: Set debian branch to debian/bookworm
+
+ -- Andreas Henriksson <[email protected]> Sun, 29 Mar 2026 04:15:46 +0200
+
gvfs (1.50.3-1) unstable; urgency=medium
[ Jeremy Bicha ]
diff -Nru gvfs-1.50.3/debian/gbp.conf gvfs-1.50.3/debian/gbp.conf
--- gvfs-1.50.3/debian/gbp.conf 2023-01-09 18:10:14.000000000 +0100
+++ gvfs-1.50.3/debian/gbp.conf 2026-03-29 04:14:32.000000000 +0200
@@ -1,6 +1,6 @@
[DEFAULT]
pristine-tar = True
-debian-branch = debian/master
+debian-branch = debian/bookworm
upstream-branch = upstream/latest
upstream-vcs-tag = %(version)s
diff -Nru
gvfs-1.50.3/debian/patches/ftp-Reject-paths-containing-CR-LF-characters.patch
gvfs-1.50.3/debian/patches/ftp-Reject-paths-containing-CR-LF-characters.patch
---
gvfs-1.50.3/debian/patches/ftp-Reject-paths-containing-CR-LF-characters.patch
1970-01-01 01:00:00.000000000 +0100
+++
gvfs-1.50.3/debian/patches/ftp-Reject-paths-containing-CR-LF-characters.patch
2026-03-29 04:12:10.000000000 +0200
@@ -0,0 +1,334 @@
+From: Ondrej Holy <[email protected]>
+Date: Thu, 19 Feb 2026 11:24:09 +0100
+Subject: ftp: Reject paths containing CR/LF characters
+
+Currently, an FTP backend doesn't verify paths. Path with CR/LF can
+inject extra commands to the server. Let's validate the paths and fail
+with "Filename contains invalid characters." if that happens.
+
+Co-Authored-By: Cursor <[email protected]>
+
+Fixes: https://gitlab.gnome.org/GNOME/gvfs/-/issues/833
+Part-of: <https://gitlab.gnome.org/GNOME/gvfs/-/merge_requests/298>
+(cherry picked from commit 447ee8a32fe56529bf92c0a733f6d35e724c2689)
+---
+ daemon/gvfsbackendftp.c | 126 +++++++++++++++++++++++++++++++++++++++++-------
+ daemon/gvfsftpfile.c | 22 ++++++---
+ daemon/gvfsftpfile.h | 3 +-
+ 3 files changed, 126 insertions(+), 25 deletions(-)
+
+diff --git a/daemon/gvfsbackendftp.c b/daemon/gvfsbackendftp.c
+index 17f893e..ffe5488 100644
+--- a/daemon/gvfsbackendftp.c
++++ b/daemon/gvfsbackendftp.c
+@@ -866,9 +866,14 @@ do_open_for_read (GVfsBackend *backend,
+
error_550_permission_or_not_found,
+ NULL };
+
+- g_vfs_ftp_task_setup_data_connection (&task);
+- file = g_vfs_ftp_file_new_from_gvfs (ftp, filename);
++ file = g_vfs_ftp_file_new_from_gvfs (ftp, filename, &task.error);
++ if (file == NULL)
++ {
++ g_vfs_ftp_task_done (&task);
++ return;
++ }
+
++ g_vfs_ftp_task_setup_data_connection (&task);
+ g_vfs_ftp_task_send_and_check (&task,
+ G_VFS_FTP_PASS_100 | G_VFS_FTP_FAIL_200,
+ open_read_handlers,
+@@ -987,7 +992,13 @@ do_create (GVfsBackend *backend,
+ GFileInfo *info;
+ GVfsFtpFile *file;
+
+- file = g_vfs_ftp_file_new_from_gvfs (ftp, filename);
++ file = g_vfs_ftp_file_new_from_gvfs (ftp, filename, &task.error);
++ if (file == NULL)
++ {
++ g_vfs_ftp_task_done (&task);
++ return;
++ }
++
+ info = g_vfs_ftp_dir_cache_lookup_file (ftp->dir_cache, &task, file, FALSE);
+ if (info)
+ {
+@@ -1017,7 +1028,13 @@ do_append (GVfsBackend *backend,
+ GVfsFtpTask task = G_VFS_FTP_TASK_INIT (ftp, G_VFS_JOB (job));
+ GVfsFtpFile *file;
+
+- file = g_vfs_ftp_file_new_from_gvfs (ftp, filename);
++ file = g_vfs_ftp_file_new_from_gvfs (ftp, filename, &task.error);
++ if (file == NULL)
++ {
++ g_vfs_ftp_task_done (&task);
++ return;
++ }
++
+ do_start_write (&task, flags, "APPE %s", g_vfs_ftp_file_get_ftp_path
(file));
+ g_vfs_ftp_dir_cache_purge_file (ftp->dir_cache, file);
+ g_vfs_ftp_file_free (file);
+@@ -1039,14 +1056,25 @@ do_replace (GVfsBackend *backend,
+ static const GVfsFtpErrorFunc rnfr_handlers[] = {
error_550_permission_or_not_found,
+ NULL };
+
+- file = g_vfs_ftp_file_new_from_gvfs (ftp, filename);
++ file = g_vfs_ftp_file_new_from_gvfs (ftp, filename, &task.error);
++ if (file == NULL)
++ {
++ g_vfs_ftp_task_done (&task);
++ return;
++ }
+
+ if (make_backup)
+ {
+ GFileInfo *info;
+ char *backup_path = g_strconcat (filename, "~", NULL);
+- backupfile = g_vfs_ftp_file_new_from_gvfs (ftp, backup_path);
++ backupfile = g_vfs_ftp_file_new_from_gvfs (ftp, backup_path,
&task.error);
+ g_free (backup_path);
++ if (backupfile == NULL)
++ {
++ g_vfs_ftp_file_free (file);
++ g_vfs_ftp_task_done (&task);
++ return;
++ }
+
+ info = g_vfs_ftp_dir_cache_lookup_file (ftp->dir_cache, &task, file,
FALSE);
+
+@@ -1116,7 +1144,7 @@ do_close_write (GVfsBackend *backend,
+
+ stream = g_vfs_ftp_connection_get_data_stream (conn);
+ filename = g_object_get_data (G_OBJECT (stream),
"g-vfs-backend-ftp-filename");
+- file = g_vfs_ftp_file_new_from_gvfs (ftp, filename);
++ file = g_vfs_ftp_file_new_from_gvfs (ftp, filename, NULL);
+
+ g_vfs_ftp_task_give_connection (&task, handle);
+ g_vfs_ftp_task_close_data_connection (&task);
+@@ -1168,8 +1196,14 @@ do_query_info (GVfsBackend *backend,
+ GVfsFtpTask task = G_VFS_FTP_TASK_INIT (ftp, G_VFS_JOB (job));
+ GVfsFtpFile *file;
+ GFileInfo *real;
+-
+- file = g_vfs_ftp_file_new_from_gvfs (ftp, filename);
++
++ file = g_vfs_ftp_file_new_from_gvfs (ftp, filename, &task.error);
++ if (file == NULL)
++ {
++ g_vfs_ftp_task_done (&task);
++ return;
++ }
++
+ real = g_vfs_ftp_dir_cache_lookup_file (ftp->dir_cache,
+ &task,
+ file,
+@@ -1237,7 +1271,12 @@ do_set_attribute (GVfsBackend *backend,
+ GVfsFtpTask task = G_VFS_FTP_TASK_INIT (ftp, G_VFS_JOB (job));
+ GVfsFtpFile *file;
+
+- file = g_vfs_ftp_file_new_from_gvfs (ftp, filename);
++ file = g_vfs_ftp_file_new_from_gvfs (ftp, filename, &task.error);
++ if (file == NULL)
++ {
++ g_vfs_ftp_task_done (&task);
++ return;
++ }
+
+ if (strcmp (attribute, G_FILE_ATTRIBUTE_UNIX_MODE) == 0)
+ {
+@@ -1293,7 +1332,13 @@ do_enumerate (GVfsBackend *backend,
+ GVfsFtpFile *dir;
+ GList *list, *walk;
+
+- dir = g_vfs_ftp_file_new_from_gvfs (ftp, dirname);
++ dir = g_vfs_ftp_file_new_from_gvfs (ftp, dirname, &task.error);
++ if (dir == NULL)
++ {
++ g_vfs_ftp_task_done (&task);
++ return;
++ }
++
+ list = g_vfs_ftp_dir_cache_lookup_dir (ftp->dir_cache,
+ &task,
+ dir,
+@@ -1335,9 +1380,23 @@ do_set_display_name (GVfsBackend *backend,
+ GVfsFtpTask task = G_VFS_FTP_TASK_INIT (ftp, G_VFS_JOB (job));
+ GVfsFtpFile *original, *dir, *now;
+
+- original = g_vfs_ftp_file_new_from_gvfs (ftp, filename);
++ original = g_vfs_ftp_file_new_from_gvfs (ftp, filename, &task.error);
++ if (original == NULL)
++ {
++ g_vfs_ftp_task_done (&task);
++ return;
++ }
++
+ dir = g_vfs_ftp_file_new_parent (original);
+ now = g_vfs_ftp_file_new_child (dir, display_name, &task.error);
++ if (now == NULL)
++ {
++ g_vfs_ftp_file_free (original);
++ g_vfs_ftp_file_free (dir);
++ g_vfs_ftp_task_done (&task);
++ return;
++ }
++
+ g_vfs_ftp_task_send (&task,
+ G_VFS_FTP_PASS_300 | G_VFS_FTP_FAIL_200,
+ "RNFR %s", g_vfs_ftp_file_get_ftp_path (original));
+@@ -1367,7 +1426,13 @@ do_delete (GVfsBackend *backend,
+
+ /* We try file deletion first. If that fails, we try directory deletion.
+ * The file-first-then-directory order has been decided by coin-toss. */
+- file = g_vfs_ftp_file_new_from_gvfs (ftp, filename);
++ file = g_vfs_ftp_file_new_from_gvfs (ftp, filename, &task.error);
++ if (file == NULL)
++ {
++ g_vfs_ftp_task_done (&task);
++ return;
++ }
++
+ response = g_vfs_ftp_task_send (&task,
+ G_VFS_FTP_PASS_500,
+ "DELE %s", g_vfs_ftp_file_get_ftp_path
(file));
+@@ -1415,7 +1480,13 @@ do_make_directory (GVfsBackend *backend,
+ GVfsFtpFile *file;
+ static const GVfsFtpErrorFunc make_directory_handlers[] = {
error_550_exists, error_550_parent_not_found, NULL };
+
+- file = g_vfs_ftp_file_new_from_gvfs (ftp, filename);
++ file = g_vfs_ftp_file_new_from_gvfs (ftp, filename, &task.error);
++ if (file == NULL)
++ {
++ g_vfs_ftp_task_done (&task);
++ return;
++ }
++
+ g_vfs_ftp_task_send_and_check (&task,
+ 0,
+ make_directory_handlers,
+@@ -1446,6 +1517,21 @@ do_move (GVfsBackend *backend,
+ static const GVfsFtpErrorFunc rnfr_handlers[] = {
error_550_permission_or_not_found,
+ NULL };
+
++ srcfile = g_vfs_ftp_file_new_from_gvfs (ftp, source, &task.error);
++ if (srcfile == NULL)
++ {
++ g_vfs_ftp_task_done (&task);
++ return;
++ }
++
++ destfile = g_vfs_ftp_file_new_from_gvfs (ftp, destination, &task.error);
++ if (destfile == NULL)
++ {
++ g_vfs_ftp_file_free (srcfile);
++ g_vfs_ftp_task_done (&task);
++ return;
++ }
++
+ /* FIXME: what about G_FILE_COPY_NOFOLLOW_SYMLINKS and
G_FILE_COPY_ALL_METADATA? */
+
+ if (flags & G_FILE_COPY_BACKUP)
+@@ -1473,8 +1559,6 @@ do_move (GVfsBackend *backend,
+ return;
+ }
+
+- srcfile = g_vfs_ftp_file_new_from_gvfs (ftp, source);
+- destfile = g_vfs_ftp_file_new_from_gvfs (ftp, destination);
+ if (g_vfs_ftp_task_try_cd (&task, destfile))
+ {
+ char *basename = g_path_get_basename (source);
+@@ -1611,8 +1695,14 @@ do_pull (GVfsBackend * backend,
+ GInputStream *input;
+ GOutputStream *output;
+ goffset total_size = 0;
+-
+- src = g_vfs_ftp_file_new_from_gvfs (ftp, source);
++
++ src = g_vfs_ftp_file_new_from_gvfs (ftp, source, &task.error);
++ if (src == NULL)
++ {
++ g_vfs_ftp_task_done (&task);
++ return;
++ }
++
+ dest = g_file_new_for_path (local_path);
+
+ if (remove_source && (flags & G_FILE_COPY_NO_FALLBACK_FOR_MOVE))
+diff --git a/daemon/gvfsftpfile.c b/daemon/gvfsftpfile.c
+index 17ec718..77361e1 100644
+--- a/daemon/gvfsftpfile.c
++++ b/daemon/gvfsftpfile.c
+@@ -68,19 +68,29 @@ g_vfs_ftp_file_compute_gvfs_path (const char *ftp_path)
+ * g_vfs_ftp_file_new_from_gvfs:
+ * @ftp: the ftp backend this file is to be used on
+ * @gvfs_path: gvfs path to create the file from
++ * @error: location to take an eventual error or %NULL
+ *
+- * Constructs a new #GVfsFtpFile representing the given gvfs path.
++ * Constructs a new #GVfsFtpFile representing the given gvfs path. If the
++ * display name is invalid, @error is set and %NULL is returned.
+ *
+- * Returns: a new file
++ * Returns: a new file or %NULL on error
+ **/
+ GVfsFtpFile *
+-g_vfs_ftp_file_new_from_gvfs (GVfsBackendFtp *ftp, const char *gvfs_path)
++g_vfs_ftp_file_new_from_gvfs (GVfsBackendFtp *ftp, const char *gvfs_path,
GError **error)
+ {
+ GVfsFtpFile *file;
+
+ g_return_val_if_fail (G_VFS_IS_BACKEND_FTP (ftp), NULL);
+ g_return_val_if_fail (gvfs_path != NULL, NULL);
+
++ if (strpbrk (gvfs_path, "\r\n") != NULL)
++ {
++ g_set_error_literal (error,
++ G_IO_ERROR, G_IO_ERROR_INVALID_FILENAME,
++ _("Filename contains invalid characters."));
++ return NULL;
++ }
++
+ file = g_slice_new (GVfsFtpFile);
+ file->backend = g_object_ref (ftp);
+ file->gvfs_path = g_strdup (gvfs_path);
+@@ -136,7 +146,7 @@ g_vfs_ftp_file_new_parent (const GVfsFtpFile *file)
+ return g_vfs_ftp_file_copy (file);
+
+ dirname = g_path_get_dirname (file->gvfs_path);
+- dir = g_vfs_ftp_file_new_from_gvfs (file->backend, dirname);
++ dir = g_vfs_ftp_file_new_from_gvfs (file->backend, dirname, NULL);
+ g_free (dirname);
+
+ return dir;
+@@ -163,7 +173,7 @@ g_vfs_ftp_file_new_child (const GVfsFtpFile *parent, const
char *display_name, G
+ g_return_val_if_fail (parent != NULL, NULL);
+ g_return_val_if_fail (display_name != NULL, NULL);
+
+- if (strpbrk (display_name, "/\r\n"))
++ if (strchr (display_name, '/') != NULL)
+ {
+ g_set_error_literal (error,
+ G_IO_ERROR, G_IO_ERROR_INVALID_FILENAME,
+@@ -172,7 +182,7 @@ g_vfs_ftp_file_new_child (const GVfsFtpFile *parent, const
char *display_name, G
+ }
+
+ new_path = g_strconcat (parent->gvfs_path, parent->gvfs_path[1] == 0 ? "" :
"/", display_name, NULL);
+- child = g_vfs_ftp_file_new_from_gvfs (parent->backend, new_path);
++ child = g_vfs_ftp_file_new_from_gvfs (parent->backend, new_path, error);
+ g_free (new_path);
+ return child;
+ }
+diff --git a/daemon/gvfsftpfile.h b/daemon/gvfsftpfile.h
+index 52f216e..186f2e9 100644
+--- a/daemon/gvfsftpfile.h
++++ b/daemon/gvfsftpfile.h
+@@ -31,7 +31,8 @@ G_BEGIN_DECLS
+ typedef struct _GVfsFtpFile GVfsFtpFile;
+
+ GVfsFtpFile * g_vfs_ftp_file_new_from_gvfs (GVfsBackendFtp *
ftp,
+- const char *
gvfs_path);
++ const char *
gvfs_path,
++ GError **
error);
+ GVfsFtpFile * g_vfs_ftp_file_new_from_ftp (GVfsBackendFtp *
ftp,
+ const char *
ftp_path);
+ GVfsFtpFile * g_vfs_ftp_file_new_parent (const GVfsFtpFile *
file);
diff -Nru
gvfs-1.50.3/debian/patches/ftp-Use-control-connection-address-for-PASV-data.patch
gvfs-1.50.3/debian/patches/ftp-Use-control-connection-address-for-PASV-data.patch
---
gvfs-1.50.3/debian/patches/ftp-Use-control-connection-address-for-PASV-data.patch
1970-01-01 01:00:00.000000000 +0100
+++
gvfs-1.50.3/debian/patches/ftp-Use-control-connection-address-for-PASV-data.patch
2026-03-29 04:12:10.000000000 +0200
@@ -0,0 +1,152 @@
+From: Ondrej Holy <[email protected]>
+Date: Thu, 19 Feb 2026 15:45:53 +0100
+Subject: ftp: Use control connection address for PASV data
+
+Currently, `PASV` uses the IP from the server reply when creating data
+connection. This may allow FTP bounce attacks. Let's always use only the
+port from the PASV reply and connect to the control connection address.
+
+Co-Authored-By: Cursor <[email protected]>
+
+Fixes: https://gitlab.gnome.org/GNOME/gvfs/-/issues/832
+Part-of: <https://gitlab.gnome.org/GNOME/gvfs/-/merge_requests/298>
+(cherry picked from commit 30b89fc61ef620dfa81492f68a21ee1fdb7021f3)
+---
+ daemon/gvfsbackendftp.c | 5 ++--
+ daemon/gvfsbackendftp.h | 1 -
+ daemon/gvfsftptask.c | 66 ++++++++++---------------------------------------
+ 3 files changed, 15 insertions(+), 57 deletions(-)
+
+diff --git a/daemon/gvfsbackendftp.c b/daemon/gvfsbackendftp.c
+index 8f69e44..17f893e 100644
+--- a/daemon/gvfsbackendftp.c
++++ b/daemon/gvfsbackendftp.c
+@@ -63,9 +63,8 @@
+ * GVfsFtpMethod:
+ * @G_VFS_FTP_METHOD_UNKNOWN: method has not yet been determined
+ * @G_VFS_FTP_METHOD_EPSV: use EPSV command
+- * @G_VFS_FTP_METHOD_PASV: use PASV command
+- * @G_VFS_FTP_METHOD_PASV_ADDR: use PASV command, but ignore the returned
+- * address and only use it's port
++ * @G_VFS_FTP_METHOD_PASV: use PASV command, but ignore the returned address
++ * and only use it's port (bounce attack prevention)
+ * @G_VFS_FTP_METHOD_EPRT: use the EPRT command
+ * @G_VFS_FTP_METHOD_PORT: use the PORT command
+ *
+diff --git a/daemon/gvfsbackendftp.h b/daemon/gvfsbackendftp.h
+index e4c03cf..3e84937 100644
+--- a/daemon/gvfsbackendftp.h
++++ b/daemon/gvfsbackendftp.h
+@@ -61,7 +61,6 @@ typedef enum {
+ G_VFS_FTP_METHOD_ANY = 0,
+ G_VFS_FTP_METHOD_EPSV,
+ G_VFS_FTP_METHOD_PASV,
+- G_VFS_FTP_METHOD_PASV_ADDR,
+ G_VFS_FTP_METHOD_EPRT,
+ G_VFS_FTP_METHOD_PORT
+ } GVfsFtpMethod;
+diff --git a/daemon/gvfsftptask.c b/daemon/gvfsftptask.c
+index e44f806..0bef8b5 100644
+--- a/daemon/gvfsftptask.c
++++ b/daemon/gvfsftptask.c
+@@ -850,7 +850,7 @@ fail:
+ static GVfsFtpMethod
+ g_vfs_ftp_task_setup_data_connection_pasv (GVfsFtpTask *task, GVfsFtpMethod
method)
+ {
+- guint ip1, ip2, ip3, ip4, port1, port2;
++ guint port1, port2;
+ char **reply;
+ const char *s;
+ GSocketAddress *addr;
+@@ -866,10 +866,8 @@ g_vfs_ftp_task_setup_data_connection_pasv (GVfsFtpTask
*task, GVfsFtpMethod meth
+ */
+ for (s = reply[0]; *s; s++)
+ {
+- if (sscanf (s, "%u,%u,%u,%u,%u,%u",
+- &ip1, &ip2, &ip3, &ip4,
+- &port1, &port2) == 6)
+- break;
++ if (sscanf (s, "%*u,%*u,%*u,%*u,%u,%u", &port1, &port2) == 2)
++ break;
+ }
+ if (*s == 0)
+ {
+@@ -880,52 +878,16 @@ g_vfs_ftp_task_setup_data_connection_pasv (GVfsFtpTask
*task, GVfsFtpMethod meth
+ }
+ g_strfreev (reply);
+
+- if (method == G_VFS_FTP_METHOD_PASV || method == G_VFS_FTP_METHOD_ANY)
+- {
+- guint8 ip[4];
+- GInetAddress *inet_addr;
+-
+- ip[0] = ip1;
+- ip[1] = ip2;
+- ip[2] = ip3;
+- ip[3] = ip4;
+- inet_addr = g_inet_address_new_from_bytes (ip, G_SOCKET_FAMILY_IPV4);
+- addr = g_inet_socket_address_new (inet_addr, port1 << 8 | port2);
+- g_object_unref (inet_addr);
+-
+- success = g_vfs_ftp_connection_open_data_connection (task->conn,
+- addr,
+- task->cancellable,
+- &task->error);
+- g_object_unref (addr);
+- if (success)
+- return G_VFS_FTP_METHOD_PASV;
+- if (g_vfs_ftp_task_is_in_error (task) && method != G_VFS_FTP_METHOD_ANY)
+- return G_VFS_FTP_METHOD_ANY;
+-
+- g_vfs_ftp_task_clear_error (task);
+- }
+-
+- if (method == G_VFS_FTP_METHOD_PASV_ADDR || method == G_VFS_FTP_METHOD_ANY)
+- {
+- /* Workaround code:
+- * Various ftp servers aren't setup correctly when behind a NAT. They
report
+- * their own IP address (like 10.0.0.4) and not the address in front of
the
+- * NAT. But this is likely the same address that we connected to with
our
+- * command connetion. So if the address given by PASV fails, we fall
back
+- * to the address of the command stream.
+- */
+- addr = g_vfs_ftp_task_create_remote_address (task, port1 << 8 | port2);
+- if (addr == NULL)
+- return G_VFS_FTP_METHOD_ANY;
+- success = g_vfs_ftp_connection_open_data_connection (task->conn,
+- addr,
+- task->cancellable,
+- &task->error);
+- g_object_unref (addr);
+- if (success)
+- return G_VFS_FTP_METHOD_PASV_ADDR;
+- }
++ addr = g_vfs_ftp_task_create_remote_address (task, port1 << 8 | port2);
++ if (addr == NULL)
++ return G_VFS_FTP_METHOD_ANY;
++ success = g_vfs_ftp_connection_open_data_connection (task->conn,
++ addr,
++ task->cancellable,
++ &task->error);
++ g_object_unref (addr);
++ if (success)
++ return G_VFS_FTP_METHOD_PASV;
+
+ return G_VFS_FTP_METHOD_ANY;
+ }
+@@ -1121,7 +1083,6 @@ g_vfs_ftp_task_setup_data_connection (GVfsFtpTask *task)
+ [G_VFS_FTP_METHOD_ANY] = g_vfs_ftp_task_setup_data_connection_any,
+ [G_VFS_FTP_METHOD_EPSV] = g_vfs_ftp_task_setup_data_connection_epsv,
+ [G_VFS_FTP_METHOD_PASV] = g_vfs_ftp_task_setup_data_connection_pasv,
+- [G_VFS_FTP_METHOD_PASV_ADDR] = g_vfs_ftp_task_setup_data_connection_pasv,
+ [G_VFS_FTP_METHOD_EPRT] = g_vfs_ftp_task_setup_data_connection_eprt,
+ [G_VFS_FTP_METHOD_PORT] = g_vfs_ftp_task_setup_data_connection_port
+ };
+@@ -1152,7 +1113,6 @@ g_vfs_ftp_task_setup_data_connection (GVfsFtpTask *task)
+ [G_VFS_FTP_METHOD_ANY] = "any",
+ [G_VFS_FTP_METHOD_EPSV] = "EPSV",
+ [G_VFS_FTP_METHOD_PASV] = "PASV",
+- [G_VFS_FTP_METHOD_PASV_ADDR] = "PASV with workaround",
+ [G_VFS_FTP_METHOD_EPRT] = "EPRT",
+ [G_VFS_FTP_METHOD_PORT] = "PORT"
+ };
diff -Nru gvfs-1.50.3/debian/patches/series gvfs-1.50.3/debian/patches/series
--- gvfs-1.50.3/debian/patches/series 2023-01-09 18:10:14.000000000 +0100
+++ gvfs-1.50.3/debian/patches/series 2026-03-29 04:13:28.000000000 +0200
@@ -5,3 +5,5 @@
0008-Skip-the-umockdev-test.patch
0009-gvfs-test-Increase-timeout-to-10s.patch
Remove-version-from-polkit-gobject-dependency.patch
+ftp-Use-control-connection-address-for-PASV-data.patch
+ftp-Reject-paths-containing-CR-LF-characters.patch
--- End Message ---
