Hello community, here is the log from the commit of package gvfs for openSUSE:Factory checked in at 2017-11-30 16:31:34 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gvfs (Old) and /work/SRC/openSUSE:Factory/.gvfs.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gvfs" Thu Nov 30 16:31:34 2017 rev:142 rq:544372 version:1.34.1 Changes: -------- --- /work/SRC/openSUSE:Factory/gvfs/gvfs.changes 2017-11-21 15:27:40.119437984 +0100 +++ /work/SRC/openSUSE:Factory/.gvfs.new/gvfs.changes 2017-11-30 16:31:35.470784570 +0100 @@ -1,0 +2,12 @@ +Wed Nov 22 11:01:59 UTC 2017 - [email protected] + +- Disable caps(cap_net_bind_service=+ep) from gvfsd-nfs: this is + not acceptable from a security PoV, see boo#1065864#c6). + +------------------------------------------------------------------- +Mon Nov 20 19:41:56 UTC 2017 - [email protected] + +- Add gvfs-mtp-handle-read-past-eof.patch: fix hang when + transferring on some Android devices (boo#1069030 bgo#784477). + +------------------------------------------------------------------- New: ---- gvfs-mtp-handle-read-past-eof.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gvfs.spec ++++++ --- /var/tmp/diff_new_pack.xjL93Y/_old 2017-11-30 16:31:36.202757941 +0100 +++ /var/tmp/diff_new_pack.xjL93Y/_new 2017-11-30 16:31:36.206757796 +0100 @@ -29,6 +29,8 @@ Source99: baselibs.conf # PATCH-FIX-UPSTREAM gvfs-fix-mtp-volume-removal.patch bgo#789491 [email protected] -- Fix various mtp issues with volume management Patch0: gvfs-fix-mtp-volume-removal.patch +# PATCH-FIX-UPSTREAM gvfs-mtp-handle-read-past-eof.patch boo#1069030 bgo#784477 [email protected] -- fix hang when transferring on some Android devices. +Patch1: gvfs-mtp-handle-read-past-eof.patch # PATCH-FEATURE-SLE gvfs-nvvfs.patch [email protected] -- Provides gvfs backend for novell nautilus plugin Patch5: gvfs-nvvfs.patch # PATCH-FEATURE-SLE gvfs-nds.patch [email protected] -- Provides NDS browsing for nautilus @@ -170,6 +172,7 @@ %prep %setup -q %patch0 -p1 +%patch1 -p1 %if !0%{?is_opensuse} translation-update-upstream %patch5 -p1 @@ -325,8 +328,9 @@ %{_libexecdir}/%{name}/gvfsd-network %{_datadir}/%{name}/mounts/network.mount %if 0%{?is_opensuse} -# allow priv ports for mounting nfs . Otherwise the nfs-service requires insecure -%caps(cap_net_bind_service=+ep) %{_libexecdir}/%{name}/gvfsd-nfs +# allow priv ports for mounting nfs . Otherwise the nfs-service requires insecure, not approved by sec, see boo#1065864 +# %caps(cap_net_bind_service=+ep) %{_libexecdir}/%{name}/gvfsd-nfs +%{_libexecdir}/%{name}/gvfsd-nfs %{_datadir}/%{name}/mounts/nfs.mount %endif %if !0%{?is_opensuse} ++++++ gvfs-mtp-handle-read-past-eof.patch ++++++ >From 091ac25d59d0dc0f5fed17510b0593bcd86e9fc9 Mon Sep 17 00:00:00 2001 From: Philip Langdale <[email protected]> Date: Fri, 10 Nov 2017 07:59:42 -0800 Subject: mtp: Handle read-past-EOF in GetPartialObject(64) ourselves Up until very recently, the Android MTP driver did not do bounds checking on reads past EOF, leading to undefined behaviour, which includes hanging the transfer on some devices. According to Google engineers, this is fixed in the kernels used by the Pixel and Pixel 2 (and this has been verified in testing), but that basically means that every other Android device in existence has this bug, and is unlikely to ever be fixed. So, we need to enforce POSIX semantics ourselves and truncate reads past EOF. libmtp has implemented a check, but we should validate as well so that we have working behaviour without requiring a libmtp update. https://bugzilla.gnome.org/show_bug.cgi?id=784477 --- daemon/gvfsbackendmtp.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/daemon/gvfsbackendmtp.c b/daemon/gvfsbackendmtp.c index 2a418a2a..a606ec2c 100644 --- a/daemon/gvfsbackendmtp.c +++ b/daemon/gvfsbackendmtp.c @@ -2444,6 +2444,21 @@ do_read (GVfsBackend *backend, goto exit; } + /* + * Almost all android devices have a bug where they do not enforce + * POSIX semantics for read past EOF, leading to undefined + * behaviour including device-side hangs. We'd better handle it + * here. + */ + if (offset >= handle->size) { + g_debug ("(II) skipping read with offset past EOF\n"); + actual = 0; + goto finished; + } else if (offset + bytes_requested > handle->size) { + g_debug ("(II) reducing bytes_requested to avoid reading past EOF\n"); + bytes_requested = handle->size - offset; + } + unsigned char *temp; int ret = LIBMTP_GetPartialObject (G_VFS_BACKEND_MTP (backend)->device, id, offset, bytes_requested, &temp, &actual); @@ -2464,6 +2479,7 @@ do_read (GVfsBackend *backend, memcpy (buffer, bytes->data + offset, actual); } + finished: handle->offset = offset + actual; g_vfs_job_read_set_size (job, actual); g_vfs_job_succeeded (G_VFS_JOB (job)); -- 2.15.0
