Hello community, here is the log from the commit of package gvfs for openSUSE:Factory checked in at 2019-11-29 15:56:45 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gvfs (Old) and /work/SRC/openSUSE:Factory/.gvfs.new.26869 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gvfs" Fri Nov 29 15:56:45 2019 rev:162 rq:750933 version:1.42.2 Changes: -------- --- /work/SRC/openSUSE:Factory/gvfs/gvfs.changes 2019-10-30 14:38:45.549603934 +0100 +++ /work/SRC/openSUSE:Factory/.gvfs.new.26869/gvfs.changes 2019-11-29 15:57:38.652946652 +0100 @@ -1,0 +2,15 @@ +Fri Nov 22 10:57:07 UTC 2019 - Bjørn Lie <[email protected]> + +- Update to version 1.42.2: + + gdbus: Add workaround for deadlocks when cancelling jobs. + +------------------------------------------------------------------- +Tue Nov 19 08:05:54 UTC 2019 - QK ZHU <[email protected]> + +- Drop fixed upstream patches by version 1.40.2: + + gvfs-CVE-2019-12447.patch. + + gvfs-CVE-2019-12448.patch. + + gvfs-CVE-2019-12449.patch. + + gvfs-CVE-2019-12795.patch. + +------------------------------------------------------------------- @@ -96,0 +112,28 @@ + +------------------------------------------------------------------- +Fri Jun 21 06:32:04 UTC 2019 - Qiang Zheng <[email protected]> + +- Add gvfs-CVE-2019-12795.patch: Backport from upstream commit + 70dbfc68 to check that the connecting client is the same user + (boo#1137930, CVE-2019-12795). + +------------------------------------------------------------------- +Fri Jun 21 06:13:59 UTC 2019 - Qiang Zheng <[email protected]> + +- Add gvfs-CVE-2019-12447.patch: Backport from upstream commit + 3895e09d and daf1163a to fix a mishandles file ownership issue + (boo#1136986, CVE-2019-12447). + +------------------------------------------------------------------- +Tue Jun 18 09:07:16 UTC 2019 - Qiang Zheng <[email protected]> + +- Add gvfs-CVE-2019-12448.patch: Backport from upstream commit + 5cd76d62 to add query_info_on_read/write functionality + (boo#1136981, CVE-2019-12448). + +------------------------------------------------------------------- +Tue Jun 18 08:18:18 UTC 2019 - Qiang Zheng <[email protected]> + +- Add gvfs-CVE-2019-12449.patch: Backport from upstream commit + d5dfd823 to ensure correct ownership when moving to file:// uri + (boo#1136992, CVE-2019-12449). Old: ---- gvfs-1.42.1.tar.xz New: ---- gvfs-1.42.2.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gvfs.spec ++++++ --- /var/tmp/diff_new_pack.jlCv1J/_old 2019-11-29 15:57:41.360945098 +0100 +++ /var/tmp/diff_new_pack.jlCv1J/_new 2019-11-29 15:57:41.360945098 +0100 @@ -1,7 +1,7 @@ # # spec file for package gvfs # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ %bcond_without cdda Name: gvfs -Version: 1.42.1 +Version: 1.42.2 Release: 0 Summary: Virtual File System functionality for GLib License: LGPL-2.0-or-later AND GPL-3.0-only ++++++ gvfs-1.42.1.tar.xz -> gvfs-1.42.2.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gvfs-1.42.1/NEWS new/gvfs-1.42.2/NEWS --- old/gvfs-1.42.1/NEWS 2019-10-07 08:58:11.000000000 +0200 +++ new/gvfs-1.42.2/NEWS 2019-11-22 10:18:05.000000000 +0100 @@ -1,3 +1,7 @@ +Major changes in 1.42.2 +======================= +* gdbus: Add workaround for deadlocks when cancelling jobs + Major changes in 1.42.1 ======================= * dav: Fix mounting when 403 is returned for the parent folder diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gvfs-1.42.1/client/gvfsdaemondbus.c new/gvfs-1.42.2/client/gvfsdaemondbus.c --- old/gvfs-1.42.1/client/gvfsdaemondbus.c 2019-10-07 08:58:11.000000000 +0200 +++ new/gvfs-1.42.2/client/gvfsdaemondbus.c 2019-11-22 10:18:05.000000000 +0100 @@ -365,10 +365,8 @@ g_object_unref (proxy); } -/* Might be called on another thread */ -static void -async_call_cancelled_cb (GCancellable *cancellable, - gpointer _data) +static gboolean +async_call_cancelled_cb_on_idle (gpointer _data) { AsyncCallCancelData *data = _data; @@ -380,6 +378,29 @@ NULL, cancelled_got_proxy, GUINT_TO_POINTER (data->serial)); /* not passing "data" in as long it may not exist anymore between async calls */ + + return FALSE; +} + +/* Might be called on another thread */ +static void +async_call_cancelled_cb (GCancellable *cancellable, + gpointer _data) +{ + AsyncCallCancelData *data = _data; + AsyncCallCancelData *idle_data; + + idle_data = g_new0 (AsyncCallCancelData, 1); + idle_data->connection = g_object_ref (data->connection); + idle_data->serial = data->serial; + + /* Call on idle to not block g_cancellable_disconnect() as it causes deadlocks + * in gdbus codes, see: https://gitlab.gnome.org/GNOME/glib/issues/1023. + */ + g_idle_add_full (G_PRIORITY_DEFAULT_IDLE, + async_call_cancelled_cb_on_idle, + idle_data, + async_call_cancel_data_free); } gulong diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gvfs-1.42.1/meson.build new/gvfs-1.42.2/meson.build --- old/gvfs-1.42.1/meson.build 2019-10-07 08:58:11.000000000 +0200 +++ new/gvfs-1.42.2/meson.build 2019-11-22 10:18:05.000000000 +0100 @@ -1,6 +1,6 @@ project( 'gvfs', 'c', - version: '1.42.1', + version: '1.42.2', license: 'LGPL2+', default_options: 'buildtype=debugoptimized', meson_version: '>= 0.50.0',
