packages/gvfs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Package init

Browse Source
This commit is contained in:
overweight 2019-09-30 10:52:34 -04:00
commit d620b2c766
7 changed files with 602 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
CVE-2019-12447-1.patch Normal file
View File

@ -0,0 +1,31 @@
From 0f25dea30d01d920443ab72b0c254560ec40e14c Mon Sep 17 00:00:00 2001
From: Ondrej Holy <oholy@redhat.com>
Date: Thu, 23 May 2019 10:29:08 +0200
Subject: [PATCH] admin: Allow changing file owner
CAP_CHOWN is dropped together with other privilages and thus the backend
can't change file owner. This might be probably e.g. in case of copy
operation when G_FILE_COPY_ALL_METADATA is used. Let's keep CAP_CHOWN
to fix this.
---
daemon/gvfsbackendadmin.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/daemon/gvfsbackendadmin.c b/daemon/gvfsbackendadmin.c
index c4e4dac2..2d949ae0 100644
--- a/daemon/gvfsbackendadmin.c
+++ b/daemon/gvfsbackendadmin.c
@@ -968,7 +968,8 @@ g_vfs_backend_admin_init (GVfsBackendAdmin *self)
#define REQUIRED_CAPS (CAP_TO_MASK(CAP_FOWNER) | \
CAP_TO_MASK(CAP_DAC_OVERRIDE) | \
- CAP_TO_MASK(CAP_DAC_READ_SEARCH))
+ CAP_TO_MASK(CAP_DAC_READ_SEARCH) | \
+ CAP_TO_MASK(CAP_CHOWN))
static void
acquire_caps (uid_t uid)
--
2.21.0

44
CVE-2019-12447-2.patch Normal file
View File

@ -0,0 +1,44 @@
From 272e6bdac33309672955e8f8bf1b8f5f1e51fa0a Mon Sep 17 00:00:00 2001
From: Ondrej Holy <oholy@redhat.com>
Date: Thu, 23 May 2019 10:33:30 +0200
Subject: [PATCH] admin: Use fsuid to ensure correct file ownership
Files created over admin backend should be owned by root, but they are
owned by the user itself. This is because the daemon drops the uid to
make dbus connection work. Use fsuid and euid to fix this issue.
Closes: https://gitlab.gnome.org/GNOME/gvfs/issues/21
---
daemon/gvfsbackendadmin.c | 29 +++++++----------------------
1 file changed, 7 insertions(+), 22 deletions(-)
diff --git a/daemon/gvfsbackendadmin.c b/daemon/gvfsbackendadmin.c
index 2d949ae0..71946a02 100644
--- a/daemon/gvfsbackendadmin.c
+++ b/daemon/gvfsbackendadmin.c
@@ -977,14 +961,15 @@ acquire_caps (uid_t uid)
struct __user_cap_header_struct hdr;
struct __user_cap_data_struct data;
- /* Tell kernel not clear capabilities when dropping root */
- if (prctl (PR_SET_KEEPCAPS, 1, 0, 0, 0) < 0)
- g_error ("prctl(PR_SET_KEEPCAPS) failed");
-
- /* Drop root uid, but retain the required permitted caps */
- if (setuid (uid) < 0)
+ /* Set euid to user to make dbus work */
+ if (seteuid (uid) < 0)
g_error ("unable to drop privs");
+ /* Set fsuid to still behave like root when working with files */
+ setfsuid (0);
+ if (setfsuid (-1) != 0)
+ g_error ("setfsuid failed");
+
memset (&hdr, 0, sizeof(hdr));
hdr.version = _LINUX_CAPABILITY_VERSION;
--
2.21.0

132
CVE-2019-12448.patch Normal file
View File

@ -0,0 +1,132 @@
From a1c2e7ecab0d6457fa2227d92e3569c08516eac5 Mon Sep 17 00:00:00 2001
From: Ondrej Holy <oholy@redhat.com>
Date: Thu, 23 May 2019 10:24:36 +0200
Subject: [PATCH] admin: Add query_info_on_read/write functionality
Admin backend doesn't implement query_info_on_read/write which might
potentially lead to some race conditions which aren't really wanted
especially in case of admin backend. For example, in file_copy_fallback(),
g_file_query_info() is used if g_file_input_stream_query_info() is not
supported, which in theory means that the info might be obtained from
the different file then it is opened. Let's add this missing
functionality to prevent this possibility.
---
daemon/gvfsbackendadmin.c | 79 +++++++++++++++++++++++++++++++++------
1 file changed, 67 insertions(+), 12 deletions(-)
diff --git a/daemon/gvfsbackendadmin.c b/daemon/gvfsbackendadmin.c
index 0f849008..c4e4dac2 100644
--- a/daemon/gvfsbackendadmin.c
+++ b/daemon/gvfsbackendadmin.c
@@ -42,6 +42,8 @@
#include "gvfsjobopenforwrite.h"
#include "gvfsjobqueryattributes.h"
#include "gvfsjobqueryinfo.h"
+#include "gvfsjobqueryinforead.h"
+#include "gvfsjobqueryinfowrite.h"
#include "gvfsjobread.h"
#include "gvfsjobseekread.h"
#include "gvfsjobseekwrite.h"
@@ -155,6 +157,19 @@ complete_job (GVfsJob *job,
g_vfs_job_succeeded (job);
}
+static void
+fix_file_info (GFileInfo *info)
+{
+ /* Override read/write flags, since the above call will use access()
+ * to determine permissions, which does not honor our privileged
+ * capabilities.
+ */
+ g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_READ, TRUE);
+ g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_WRITE, TRUE);
+ g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_DELETE, TRUE);
+ g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_RENAME, TRUE);
+}
+
static void
do_query_info (GVfsBackend *backend,
GVfsJobQueryInfo *query_info_job,
@@ -180,19 +195,57 @@ do_query_info (GVfsBackend *backend,
if (error != NULL)
goto out;
- /* Override read/write flags, since the above call will use access()
- * to determine permissions, which does not honor our privileged
- * capabilities.
- */
- g_file_info_set_attribute_boolean (real_info,
- G_FILE_ATTRIBUTE_ACCESS_CAN_READ, TRUE);
- g_file_info_set_attribute_boolean (real_info,
- G_FILE_ATTRIBUTE_ACCESS_CAN_WRITE, TRUE);
- g_file_info_set_attribute_boolean (real_info,
- G_FILE_ATTRIBUTE_ACCESS_CAN_DELETE, TRUE);
- g_file_info_set_attribute_boolean (real_info,
- G_FILE_ATTRIBUTE_ACCESS_CAN_RENAME, TRUE);
+ fix_file_info (real_info);
+ g_file_info_copy_into (real_info, info);
+ g_object_unref (real_info);
+
+ out:
+ complete_job (job, error);
+}
+
+static void
+do_query_info_on_read (GVfsBackend *backend,
+ GVfsJobQueryInfoRead *query_info_job,
+ GVfsBackendHandle handle,
+ GFileInfo *info,
+ GFileAttributeMatcher *matcher)
+{
+ GVfsJob *job = G_VFS_JOB (query_info_job);
+ GFileInputStream *stream = handle;
+ GError *error = NULL;
+ GFileInfo *real_info;
+
+ real_info = g_file_input_stream_query_info (stream, query_info_job->attributes,
+ job->cancellable, &error);
+ if (error != NULL)
+ goto out;
+
+ fix_file_info (real_info);
+ g_file_info_copy_into (real_info, info);
+ g_object_unref (real_info);
+
+ out:
+ complete_job (job, error);
+}
+
+static void
+do_query_info_on_write (GVfsBackend *backend,
+ GVfsJobQueryInfoWrite *query_info_job,
+ GVfsBackendHandle handle,
+ GFileInfo *info,
+ GFileAttributeMatcher *matcher)
+{
+ GVfsJob *job = G_VFS_JOB (query_info_job);
+ GFileOutputStream *stream = handle;
+ GError *error = NULL;
+ GFileInfo *real_info;
+
+ real_info = g_file_output_stream_query_info (stream, query_info_job->attributes,
+ job->cancellable, &error);
+ if (error != NULL)
+ goto out;
+ fix_file_info (real_info);
g_file_info_copy_into (real_info, info);
g_object_unref (real_info);
@@ -868,6 +921,8 @@ g_vfs_backend_admin_class_init (GVfsBackendAdminClass * klass)
backend_class->mount = do_mount;
backend_class->open_for_read = do_open_for_read;
backend_class->query_info = do_query_info;
+ backend_class->query_info_on_read = do_query_info_on_read;
+ backend_class->query_info_on_write = do_query_info_on_write;
backend_class->read = do_read;
backend_class->create = do_create;
backend_class->append_to = do_append_to;
--
2.21.0

81
CVE-2019-12449.patch Normal file
View File

@ -0,0 +1,81 @@
From bed1e9685c9f65f6a3ff3b39dd8547db3e7e77f6 Mon Sep 17 00:00:00 2001
From: Ondrej Holy <oholy@redhat.com>
Date: Fri, 24 May 2019 09:43:43 +0200
Subject: [PATCH] admin: Ensure correct ownership when moving to file:// uri
User and group is not restored properly when moving (or copying with
G_FILE_COPY_ALL_METADATA) from admin:// to file://, because it is handled
by GIO fallback code, which doesn't run with root permissions. Let's
handle this case with pull method to ensure correct ownership.
---
daemon/gvfsbackendadmin.c | 46 +++++++++++++++++++++++++++++++++++++++
1 file changed, 46 insertions(+)
diff --git a/daemon/gvfsbackendadmin.c b/daemon/gvfsbackendadmin.c
index 71946a02..392824cf 100644
--- a/daemon/gvfsbackendadmin.c
+++ b/daemon/gvfsbackendadmin.c
@@ -807,6 +807,51 @@ do_move (GVfsBackend *backend,
complete_job (job, error);
}
+static void
+do_pull (GVfsBackend *backend,
+ GVfsJobPull *pull_job,
+ const char *source,
+ const char *local_path,
+ GFileCopyFlags flags,
+ gboolean remove_source,
+ GFileProgressCallback progress_callback,
+ gpointer progress_callback_data)
+{
+ GVfsBackendAdmin *self = G_VFS_BACKEND_ADMIN (backend);
+ GVfsJob *job = G_VFS_JOB (pull_job);
+ GError *error = NULL;
+ GFile *src_file, *dst_file;
+
+ /* Pull method is necessary when user/group needs to be restored, return
+ * G_IO_ERROR_NOT_SUPPORTED in other cases to proceed with the fallback code.
+ */
+ if (!(flags & G_FILE_COPY_ALL_METADATA))
+ {
+ g_vfs_job_failed_literal (G_VFS_JOB (job), G_IO_ERROR,
+ G_IO_ERROR_NOT_SUPPORTED,
+ _("Operation not supported"));
+ return;
+ }
+
+ if (!check_permission (self, job))
+ return;
+
+ src_file = g_file_new_for_path (source);
+ dst_file = g_file_new_for_path (local_path);
+
+ if (remove_source)
+ g_file_move (src_file, dst_file, flags, job->cancellable,
+ progress_callback, progress_callback_data, &error);
+ else
+ g_file_copy (src_file, dst_file, flags, job->cancellable,
+ progress_callback, progress_callback_data, &error);
+
+ g_object_unref (src_file);
+ g_object_unref (dst_file);
+
+ complete_job (job, error);
+}
+
static void
do_query_settable_attributes (GVfsBackend *backend,
GVfsJobQueryAttributes *query_job,
@@ -927,6 +972,7 @@ g_vfs_backend_admin_class_init (GVfsBackendAdminClass * klass)
backend_class->set_attribute = do_set_attribute;
backend_class->delete = do_delete;
backend_class->move = do_move;
+ backend_class->pull = do_pull;
backend_class->query_settable_attributes = do_query_settable_attributes;
backend_class->query_writable_namespaces = do_query_writable_namespaces;
}
--
2.21.0

92
CVE-2019-12795.patch Normal file
View File

@ -0,0 +1,92 @@
From 70dbfc68a79faac49bd3423e079cb6902522082a Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Wed, 5 Jun 2019 13:33:38 +0100
Subject: [PATCH] gvfsdaemon: Check that the connecting client is the same user
Otherwise, an attacker who learns the abstract socket address from
netstat(8) or similar could connect to it and issue D-Bus method
calls.
Signed-off-by: Simon McVittie <smcv@collabora.com>
---
daemon/gvfsdaemon.c | 36 +++++++++++++++++++++++++++++++++++-
1 file changed, 35 insertions(+), 1 deletion(-)
diff --git a/daemon/gvfsdaemon.c b/daemon/gvfsdaemon.c
index 406d4f8e..be148a7b 100644
--- a/daemon/gvfsdaemon.c
+++ b/daemon/gvfsdaemon.c
@@ -79,6 +79,7 @@ struct _GVfsDaemon
gint mount_counter;
+ GDBusAuthObserver *auth_observer;
GDBusConnection *conn;
GVfsDBusDaemon *daemon_skeleton;
GVfsDBusMountable *mountable_skeleton;
@@ -171,6 +172,8 @@ g_vfs_daemon_finalize (GObject *object)
}
if (daemon->conn != NULL)
g_object_unref (daemon->conn);
+ if (daemon->auth_observer != NULL)
+ g_object_unref (daemon->auth_observer);
g_hash_table_destroy (daemon->registered_paths);
g_hash_table_destroy (daemon->client_connections);
@@ -236,6 +239,35 @@ name_vanished_handler (GDBusConnection *connection,
daemon->lost_main_daemon = TRUE;
}
+/*
+ * Authentication observer signal handler that authorizes connections
+ * from the same uid as this process. This matches the behaviour of a
+ * libdbus DBusServer/DBusConnection when no DBusAllowUnixUserFunction
+ * has been set, but is not the default in GDBus.
+ */
+static gboolean
+authorize_authenticated_peer_cb (GDBusAuthObserver *observer,
+ G_GNUC_UNUSED GIOStream *stream,
+ GCredentials *credentials,
+ G_GNUC_UNUSED gpointer user_data)
+{
+ gboolean authorized = FALSE;
+
+ if (credentials != NULL)
+ {
+ GCredentials *own_credentials;
+
+ own_credentials = g_credentials_new ();
+
+ if (g_credentials_is_same_user (credentials, own_credentials, NULL))
+ authorized = TRUE;
+
+ g_object_unref (own_credentials);
+ }
+
+ return authorized;
+}
+
static void
g_vfs_daemon_init (GVfsDaemon *daemon)
{
@@ -265,6 +297,8 @@ g_vfs_daemon_init (GVfsDaemon *daemon)
daemon->conn = g_bus_get_sync (G_BUS_TYPE_SESSION, NULL, NULL);
g_assert (daemon->conn != NULL);
+ daemon->auth_observer = g_dbus_auth_observer_new ();
+ g_signal_connect (daemon->auth_observer, "authorize-authenticated-peer", G_CALLBACK (authorize_authenticated_peer_cb), NULL);
daemon->daemon_skeleton = gvfs_dbus_daemon_skeleton_new ();
g_signal_connect (daemon->daemon_skeleton, "handle-get-connection", G_CALLBACK (handle_get_connection), daemon);
@@ -876,7 +910,7 @@ handle_get_connection (GVfsDBusDaemon *object,
server = g_dbus_server_new_sync (address1,
G_DBUS_SERVER_FLAGS_NONE,
guid,
- NULL, /* GDBusAuthObserver */
+ daemon->auth_observer,
NULL, /* GCancellable */
&error);
g_free (guid);
--
2.21.0

BIN
gvfs-1.38.1.tar.xz Normal file
View File

Binary file not shown.

222
gvfs.spec Normal file
View File

@ -0,0 +1,222 @@
#spec file for gvfs
%define _unpackaged_files_terminate_build 0
%global avahi_version 0.6
%global fuse_version 2.8.0
%global gettext_version 0.19.4
%global glib2_version 2.57.2
%global goa_version 3.17.1
%global gudev_version 147
%global libarchive_version 3.0.22
%global libcdio_paranoia_version 0.78.2
%global libgcrypt_version 1.2.2
%global libgdata_version 0.17.9
%global libgphoto2_version 2.5.0
%global libimobiledevice_version 1.2
%global libmtp_version 1.1.12
%global libnfs_version 1.9.8
%global libplist_version 0.15
%global libsmbclient_version 3.4.0
%global libsoup_version 2.42.0
%global libusb_version 1.0.21
%global systemd_version 206
%global talloc_version 1.3.0
%global udisks2_version 1.97
Name: gvfs
Version: 1.38.1
Release: 3
Summary: gvfs is a backends for the gio framework in GLib
License: GPLv3 and LGPLv2+ and BSD and MPLv2.0
URL: https://wiki.gnome.org/Projects/gvfs
Source0: https://download.gnome.org/sources/gvfs/1.38/gvfs-%{version}.tar.xz
#patch for cves
Patch6000: CVE-2019-12795.patch
Patch6001: CVE-2019-12447-1.patch
Patch6002: CVE-2019-12447-2.patch
Patch6003: CVE-2019-12448.patch
Patch6004: CVE-2019-12449.patch
BuildRequires: meson gcc pkgconfig pkgconfig(glib-2.0) >= %{glib2_version} pkgconfig(dbus-glib-1) pkgconfig(gcr-3)
BuildRequires: openssl-devel
BuildRequires: pkgconfig(libcdio_paranoia) >= %{libcdio_paranoia_version} pkgconfig(gudev-1.0) >= %{gudev_version}
BuildRequires: pkgconfig(libsoup-2.4) >= %{libsoup_version} pkgconfig(avahi-client) >= %{avahi_version}
BuildRequires: pkgconfig(avahi-glib) >= %{avahi_version} pkgconfig(libsecret-1)
BuildRequires: gettext-devel >= %{gettext_version} pkgconfig(udisks2) >= %{udisks2_version} pkgconfig(libbluray)
BuildRequires: systemd-devel >= %{systemd_version} pkgconfig(libxslt) docbook-style-xsl pkgconfig(polkit-gobject-1) pkgconfig(libcap)
BuildRequires: pkgconfig(goa-1.0) >= %{goa_version}
BuildRequires: pkgconfig(libgdata) >= %{libgdata_version}
BuildRequires: libsmbclient-devel >= %{libsmbclient_version}
BuildRequires: pkgconfig(talloc) >= %{talloc_version}
BuildRequires: pkgconfig(libarchive) >= %{libarchive_version}
BuildRequires: pkgconfig(libgphoto2) >= %{libgphoto2_version}
BuildRequires: libusb-devel >= %{libusb_version} libexif-devel
BuildRequires: pkgconfig(fuse) >= %{fuse_version}
BuildRequires: pkgconfig(libimobiledevice-1.0) >= %{libimobiledevice_version}
BuildRequires: pkgconfig(libplist) >= %{libplist_version}
BuildRequires: libgcrypt-devel >= %{libgcrypt_version}
BuildRequires: pkgconfig(libmtp) >= %{libmtp_version}
BuildRequires: pkgconfig(libnfs) >= %{libnfs_version}
Requires: glib2%{?_isa} >= %{glib2_version} udisks2 >= %{udisks2_version}
Requires: fuse >= %{fuse_version}
Requires: libgdata%{?_isa} >= %{libgdata_version}
Requires: %{name}-client%{?_isa} = %{version}-%{release}
Requires(post): desktop-file-utils >= 0.22-6
Requires(postun): desktop-file-utils >= 0.22-6
Provides: %{name}-fuse %{name}-smb %{name}-archive %{name}-gphoto2 %{name}-afc %{name}-afp %{name}-mtp %{name}-nfs %{name}-goa %{name}-tests
Obsoletes: %{name}-fuse %{name}-smb %{name}-archive %{name}-gphoto2 %{name}-afc %{name}-afp %{name}-mtp %{name}-nfs %{name}-goa %{name}-tests
Obsoletes: gnome-mount <= 0.8 gnome-mount-nautilus-properties <= 0.8
Obsoletes: gvfs-obexftp < 1.17.91-2
Obsoletes: %{name} < 1.9.4-1
%description
GVfs is a userspace virtual filesystem implementation for GIO (a library available in GLib).
It comes with a set of backends, including trash support, SFTP, SMB, HTTP, DAV, and many others.
GVfs also contains modules for GIO that implement volume monitors and persistent metadata storage.
%package client
Summary: Client modules of backends for the gio framework in GLib
Conflicts: %{name} < 1.25.2-2
%description client
This package containers the client modules of backend implementations for the gio framework in GLib.
%package devel
Summary: Development files for gvfs
Requires: %{name}-client%{?_isa} = %{version}-%{release}
Requires: %{name}%{?_isa} = %{version}-%{release}
%description devel
This package containers the headers and other files which are required for develop applications with gvfs.
%package help
Summary: Documentation for gvfs
%description help
This package contains help documentation for gvfs
%prep
%autosetup -n %{name}-%{version} -p1
%build
%meson -Dinstalled_tests=true -Dman=true %{nil}
%meson_build
%install
%meson_install
# trashlib is GPLv3, include the license
cp -p daemon/trashlib/COPYING COPYING.GPL3
%find_lang gvfs
%post
# Reload .mount files:
killall -USR1 gvfsd >&/dev/null || :
%files
%dir %{_datadir}/gvfs
%dir %{_datadir}/gvfs/mounts
%dir %{_datadir}/gvfs/remote-volume-monitors
%{_datadir}/dbus-1/services/org.gtk.vfs.Daemon.service
%{_datadir}/dbus-1/services/org.gtk.vfs.GoaVolumeMonitor.service
%{_datadir}/dbus-1/services/org.gtk.vfs.Metadata.service
%{_datadir}/dbus-1/services/org.gtk.vfs.UDisks2VolumeMonitor.service
%{_datadir}/gvfs/mounts/admin.mount
%{_datadir}/gvfs/mounts/archive.mount
%{_datadir}/gvfs/mounts/afp.mount
%{_datadir}/gvfs/mounts/afp-browse.mount
%{_datadir}/gvfs/mounts/burn.mount
%{_datadir}/gvfs/mounts/cdda.mount
%{_datadir}/gvfs/mounts/computer.mount
%{_datadir}/gvfs/mounts/dav.mount
%{_datadir}/gvfs/mounts/dav+sd.mount
%{_datadir}/gvfs/mounts/dns-sd.mount
%{_datadir}/gvfs/mounts/ftp.mount
%{_datadir}/gvfs/mounts/ftpis.mount
%{_datadir}/gvfs/mounts/ftps.mount
%{_datadir}/gvfs/mounts/google.mount
%{_datadir}/gvfs/mounts/http.mount
%{_datadir}/gvfs/mounts/localtest.mount
%{_datadir}/gvfs/mounts/network.mount
%{_datadir}/gvfs/mounts/recent.mount
%{_datadir}/gvfs/mounts/smb-browse.mount
%{_datadir}/gvfs/mounts/sftp.mount
%{_datadir}/gvfs/mounts/smb.mount
%{_datadir}/gvfs/mounts/trash.mount
%{_datadir}/gvfs/remote-volume-monitors/goa.monitor
%{_datadir}/gvfs/remote-volume-monitors/udisks2.monitor
%{_datadir}/GConf/gsettings/*.convert
%{_datadir}/glib-2.0/schemas/*.xml
%{_datadir}/polkit-1/actions/org.gtk.vfs.file-operations.policy
%{_datadir}/polkit-1/rules.d/org.gtk.vfs.file-operations.rules
%{_libdir}/gvfs/libgvfsdaemon.so
%{_libexecdir}/gvfs-goa-volume-monitor
%{_libexecdir}/gvfs-udisks2-volume-monitor
%{_libexecdir}/gvfsd
%{_libexecdir}/gvfsd-admin
%{_libexecdir}/gvfsd-afp
%{_libexecdir}/gvfsd-afp-browse
%{_libexecdir}/gvfsd-archive
%{_libexecdir}/gvfsd-burn
%{_libexecdir}/gvfsd-cdda
%{_libexecdir}/gvfsd-computer
%{_libexecdir}/gvfsd-dnssd
%{_libexecdir}/gvfsd-dav
%{_libexecdir}/gvfsd-ftp
%{_libexecdir}/gvfsd-fuse
%{_libexecdir}/gvfsd-google
%{_libexecdir}/gvfsd-http
%{_libexecdir}/gvfsd-localtest
%{_libexecdir}/gvfsd-metadata
%{_libexecdir}/gvfsd-network
%{_libexecdir}/gvfsd-recent
%{_libexecdir}/gvfsd-sftp
%{_libexecdir}/gvfsd-smb
%{_libexecdir}/gvfsd-smb-browse
%{_libexecdir}/gvfsd-trash
%{_userunitdir}/gvfs-daemon.service
%{_userunitdir}/gvfs-metadata.service
%{_userunitdir}/gvfs-udisks2-volume-monitor.service
%{_userunitdir}/gvfs-goa-volume-monitor.service
%{_tmpfilesdir}/gvfsd-fuse-tmpfiles.conf
%files client -f gvfs.lang
%license COPYING COPYING.GPL3
%doc NEWS README.md
%dir %{_libdir}/gvfs
%{_libdir}/gvfs/libgvfscommon.so
%{_libdir}/gio/modules/libgioremote-volume-monitor.so
%{_libdir}/gio/modules/libgvfsdbus.so
%files devel
%dir %{_includedir}/gvfs-client
%dir %{_includedir}/gvfs-client/gvfs
%{_includedir}/gvfs-client/gvfs/gvfsurimapper.h
%{_includedir}/gvfs-client/gvfs/gvfsuriutils.h
%dir %{_libexecdir}/installed-tests
%{_libexecdir}/installed-tests/gvfs
%{_datadir}/installed-tests
%files help
%{_mandir}/man1/gvfsd.1*
%{_mandir}/man1/gvfsd-metadata.1*
%{_mandir}/man7/gvfs.7*
%{_mandir}/man1/gvfsd-fuse.1*
%changelog
*Tue Sep 26 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.38.1-3
- Type:cves
- ID:CVE-2019-12447 CVE-2019-12448 CVE-2019-12449
- SUG:restart
- DESC:fix CVE-2019-12447 CVE-2019-12448 CVE-2019-12449
* Tue Sep 26 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.38.1-2
- Package init