commit d620b2c766835fb117e144d0a6e38ae45115a92d Author: overweight <5324761+overweight@user.noreply.gitee.com> Date: Mon Sep 30 10:52:34 2019 -0400 Package init diff --git a/CVE-2019-12447-1.patch b/CVE-2019-12447-1.patch new file mode 100644 index 0000000..709ac1b --- /dev/null +++ b/CVE-2019-12447-1.patch @@ -0,0 +1,31 @@ +From 0f25dea30d01d920443ab72b0c254560ec40e14c Mon Sep 17 00:00:00 2001 +From: Ondrej Holy +Date: Thu, 23 May 2019 10:29:08 +0200 +Subject: [PATCH] admin: Allow changing file owner + +CAP_CHOWN is dropped together with other privilages and thus the backend +can't change file owner. This might be probably e.g. in case of copy +operation when G_FILE_COPY_ALL_METADATA is used. Let's keep CAP_CHOWN +to fix this. +--- + daemon/gvfsbackendadmin.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/daemon/gvfsbackendadmin.c b/daemon/gvfsbackendadmin.c +index c4e4dac2..2d949ae0 100644 +--- a/daemon/gvfsbackendadmin.c ++++ b/daemon/gvfsbackendadmin.c +@@ -968,7 +968,8 @@ g_vfs_backend_admin_init (GVfsBackendAdmin *self) + + #define REQUIRED_CAPS (CAP_TO_MASK(CAP_FOWNER) | \ + CAP_TO_MASK(CAP_DAC_OVERRIDE) | \ +- CAP_TO_MASK(CAP_DAC_READ_SEARCH)) ++ CAP_TO_MASK(CAP_DAC_READ_SEARCH) | \ ++ CAP_TO_MASK(CAP_CHOWN)) + + static void + acquire_caps (uid_t uid) +-- +2.21.0 + + diff --git a/CVE-2019-12447-2.patch b/CVE-2019-12447-2.patch new file mode 100644 index 0000000..67ecef3 --- /dev/null +++ b/CVE-2019-12447-2.patch @@ -0,0 +1,44 @@ +From 272e6bdac33309672955e8f8bf1b8f5f1e51fa0a Mon Sep 17 00:00:00 2001 +From: Ondrej Holy +Date: Thu, 23 May 2019 10:33:30 +0200 +Subject: [PATCH] admin: Use fsuid to ensure correct file ownership + +Files created over admin backend should be owned by root, but they are +owned by the user itself. This is because the daemon drops the uid to +make dbus connection work. Use fsuid and euid to fix this issue. + +Closes: https://gitlab.gnome.org/GNOME/gvfs/issues/21 +--- + daemon/gvfsbackendadmin.c | 29 +++++++---------------------- + 1 file changed, 7 insertions(+), 22 deletions(-) + +diff --git a/daemon/gvfsbackendadmin.c b/daemon/gvfsbackendadmin.c +index 2d949ae0..71946a02 100644 +--- a/daemon/gvfsbackendadmin.c ++++ b/daemon/gvfsbackendadmin.c +@@ -977,14 +961,15 @@ acquire_caps (uid_t uid) + struct __user_cap_header_struct hdr; + struct __user_cap_data_struct data; + +- /* Tell kernel not clear capabilities when dropping root */ +- if (prctl (PR_SET_KEEPCAPS, 1, 0, 0, 0) < 0) +- g_error ("prctl(PR_SET_KEEPCAPS) failed"); +- +- /* Drop root uid, but retain the required permitted caps */ +- if (setuid (uid) < 0) ++ /* Set euid to user to make dbus work */ ++ if (seteuid (uid) < 0) + g_error ("unable to drop privs"); + ++ /* Set fsuid to still behave like root when working with files */ ++ setfsuid (0); ++ if (setfsuid (-1) != 0) ++ g_error ("setfsuid failed"); ++ + memset (&hdr, 0, sizeof(hdr)); + hdr.version = _LINUX_CAPABILITY_VERSION; + +-- +2.21.0 + + diff --git a/CVE-2019-12448.patch b/CVE-2019-12448.patch new file mode 100644 index 0000000..9270151 --- /dev/null +++ b/CVE-2019-12448.patch @@ -0,0 +1,132 @@ +From a1c2e7ecab0d6457fa2227d92e3569c08516eac5 Mon Sep 17 00:00:00 2001 +From: Ondrej Holy +Date: Thu, 23 May 2019 10:24:36 +0200 +Subject: [PATCH] admin: Add query_info_on_read/write functionality + +Admin backend doesn't implement query_info_on_read/write which might +potentially lead to some race conditions which aren't really wanted +especially in case of admin backend. For example, in file_copy_fallback(), +g_file_query_info() is used if g_file_input_stream_query_info() is not +supported, which in theory means that the info might be obtained from +the different file then it is opened. Let's add this missing +functionality to prevent this possibility. +--- + daemon/gvfsbackendadmin.c | 79 +++++++++++++++++++++++++++++++++------ + 1 file changed, 67 insertions(+), 12 deletions(-) + +diff --git a/daemon/gvfsbackendadmin.c b/daemon/gvfsbackendadmin.c +index 0f849008..c4e4dac2 100644 +--- a/daemon/gvfsbackendadmin.c ++++ b/daemon/gvfsbackendadmin.c +@@ -42,6 +42,8 @@ + #include "gvfsjobopenforwrite.h" + #include "gvfsjobqueryattributes.h" + #include "gvfsjobqueryinfo.h" ++#include "gvfsjobqueryinforead.h" ++#include "gvfsjobqueryinfowrite.h" + #include "gvfsjobread.h" + #include "gvfsjobseekread.h" + #include "gvfsjobseekwrite.h" +@@ -155,6 +157,19 @@ complete_job (GVfsJob *job, + g_vfs_job_succeeded (job); + } + ++static void ++fix_file_info (GFileInfo *info) ++{ ++ /* Override read/write flags, since the above call will use access() ++ * to determine permissions, which does not honor our privileged ++ * capabilities. ++ */ ++ g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_READ, TRUE); ++ g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_WRITE, TRUE); ++ g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_DELETE, TRUE); ++ g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_RENAME, TRUE); ++} ++ + static void + do_query_info (GVfsBackend *backend, + GVfsJobQueryInfo *query_info_job, +@@ -180,19 +195,57 @@ do_query_info (GVfsBackend *backend, + if (error != NULL) + goto out; + +- /* Override read/write flags, since the above call will use access() +- * to determine permissions, which does not honor our privileged +- * capabilities. +- */ +- g_file_info_set_attribute_boolean (real_info, +- G_FILE_ATTRIBUTE_ACCESS_CAN_READ, TRUE); +- g_file_info_set_attribute_boolean (real_info, +- G_FILE_ATTRIBUTE_ACCESS_CAN_WRITE, TRUE); +- g_file_info_set_attribute_boolean (real_info, +- G_FILE_ATTRIBUTE_ACCESS_CAN_DELETE, TRUE); +- g_file_info_set_attribute_boolean (real_info, +- G_FILE_ATTRIBUTE_ACCESS_CAN_RENAME, TRUE); ++ fix_file_info (real_info); ++ g_file_info_copy_into (real_info, info); ++ g_object_unref (real_info); ++ ++ out: ++ complete_job (job, error); ++} ++ ++static void ++do_query_info_on_read (GVfsBackend *backend, ++ GVfsJobQueryInfoRead *query_info_job, ++ GVfsBackendHandle handle, ++ GFileInfo *info, ++ GFileAttributeMatcher *matcher) ++{ ++ GVfsJob *job = G_VFS_JOB (query_info_job); ++ GFileInputStream *stream = handle; ++ GError *error = NULL; ++ GFileInfo *real_info; ++ ++ real_info = g_file_input_stream_query_info (stream, query_info_job->attributes, ++ job->cancellable, &error); ++ if (error != NULL) ++ goto out; ++ ++ fix_file_info (real_info); ++ g_file_info_copy_into (real_info, info); ++ g_object_unref (real_info); ++ ++ out: ++ complete_job (job, error); ++} ++ ++static void ++do_query_info_on_write (GVfsBackend *backend, ++ GVfsJobQueryInfoWrite *query_info_job, ++ GVfsBackendHandle handle, ++ GFileInfo *info, ++ GFileAttributeMatcher *matcher) ++{ ++ GVfsJob *job = G_VFS_JOB (query_info_job); ++ GFileOutputStream *stream = handle; ++ GError *error = NULL; ++ GFileInfo *real_info; ++ ++ real_info = g_file_output_stream_query_info (stream, query_info_job->attributes, ++ job->cancellable, &error); ++ if (error != NULL) ++ goto out; + ++ fix_file_info (real_info); + g_file_info_copy_into (real_info, info); + g_object_unref (real_info); + +@@ -868,6 +921,8 @@ g_vfs_backend_admin_class_init (GVfsBackendAdminClass * klass) + backend_class->mount = do_mount; + backend_class->open_for_read = do_open_for_read; + backend_class->query_info = do_query_info; ++ backend_class->query_info_on_read = do_query_info_on_read; ++ backend_class->query_info_on_write = do_query_info_on_write; + backend_class->read = do_read; + backend_class->create = do_create; + backend_class->append_to = do_append_to; +-- +2.21.0 + + diff --git a/CVE-2019-12449.patch b/CVE-2019-12449.patch new file mode 100644 index 0000000..52c7d50 --- /dev/null +++ b/CVE-2019-12449.patch @@ -0,0 +1,81 @@ +From bed1e9685c9f65f6a3ff3b39dd8547db3e7e77f6 Mon Sep 17 00:00:00 2001 +From: Ondrej Holy +Date: Fri, 24 May 2019 09:43:43 +0200 +Subject: [PATCH] admin: Ensure correct ownership when moving to file:// uri + +User and group is not restored properly when moving (or copying with +G_FILE_COPY_ALL_METADATA) from admin:// to file://, because it is handled +by GIO fallback code, which doesn't run with root permissions. Let's +handle this case with pull method to ensure correct ownership. +--- + daemon/gvfsbackendadmin.c | 46 +++++++++++++++++++++++++++++++++++++++ + 1 file changed, 46 insertions(+) + +diff --git a/daemon/gvfsbackendadmin.c b/daemon/gvfsbackendadmin.c +index 71946a02..392824cf 100644 +--- a/daemon/gvfsbackendadmin.c ++++ b/daemon/gvfsbackendadmin.c +@@ -807,6 +807,51 @@ do_move (GVfsBackend *backend, + complete_job (job, error); + } + ++static void ++do_pull (GVfsBackend *backend, ++ GVfsJobPull *pull_job, ++ const char *source, ++ const char *local_path, ++ GFileCopyFlags flags, ++ gboolean remove_source, ++ GFileProgressCallback progress_callback, ++ gpointer progress_callback_data) ++{ ++ GVfsBackendAdmin *self = G_VFS_BACKEND_ADMIN (backend); ++ GVfsJob *job = G_VFS_JOB (pull_job); ++ GError *error = NULL; ++ GFile *src_file, *dst_file; ++ ++ /* Pull method is necessary when user/group needs to be restored, return ++ * G_IO_ERROR_NOT_SUPPORTED in other cases to proceed with the fallback code. ++ */ ++ if (!(flags & G_FILE_COPY_ALL_METADATA)) ++ { ++ g_vfs_job_failed_literal (G_VFS_JOB (job), G_IO_ERROR, ++ G_IO_ERROR_NOT_SUPPORTED, ++ _("Operation not supported")); ++ return; ++ } ++ ++ if (!check_permission (self, job)) ++ return; ++ ++ src_file = g_file_new_for_path (source); ++ dst_file = g_file_new_for_path (local_path); ++ ++ if (remove_source) ++ g_file_move (src_file, dst_file, flags, job->cancellable, ++ progress_callback, progress_callback_data, &error); ++ else ++ g_file_copy (src_file, dst_file, flags, job->cancellable, ++ progress_callback, progress_callback_data, &error); ++ ++ g_object_unref (src_file); ++ g_object_unref (dst_file); ++ ++ complete_job (job, error); ++} ++ + static void + do_query_settable_attributes (GVfsBackend *backend, + GVfsJobQueryAttributes *query_job, +@@ -927,6 +972,7 @@ g_vfs_backend_admin_class_init (GVfsBackendAdminClass * klass) + backend_class->set_attribute = do_set_attribute; + backend_class->delete = do_delete; + backend_class->move = do_move; ++ backend_class->pull = do_pull; + backend_class->query_settable_attributes = do_query_settable_attributes; + backend_class->query_writable_namespaces = do_query_writable_namespaces; + } +-- +2.21.0 + + diff --git a/CVE-2019-12795.patch b/CVE-2019-12795.patch new file mode 100644 index 0000000..3ca4b61 --- /dev/null +++ b/CVE-2019-12795.patch @@ -0,0 +1,92 @@ +From 70dbfc68a79faac49bd3423e079cb6902522082a Mon Sep 17 00:00:00 2001 +From: Simon McVittie +Date: Wed, 5 Jun 2019 13:33:38 +0100 +Subject: [PATCH] gvfsdaemon: Check that the connecting client is the same user + +Otherwise, an attacker who learns the abstract socket address from +netstat(8) or similar could connect to it and issue D-Bus method +calls. + +Signed-off-by: Simon McVittie +--- + daemon/gvfsdaemon.c | 36 +++++++++++++++++++++++++++++++++++- + 1 file changed, 35 insertions(+), 1 deletion(-) + +diff --git a/daemon/gvfsdaemon.c b/daemon/gvfsdaemon.c +index 406d4f8e..be148a7b 100644 +--- a/daemon/gvfsdaemon.c ++++ b/daemon/gvfsdaemon.c +@@ -79,6 +79,7 @@ struct _GVfsDaemon + + gint mount_counter; + ++ GDBusAuthObserver *auth_observer; + GDBusConnection *conn; + GVfsDBusDaemon *daemon_skeleton; + GVfsDBusMountable *mountable_skeleton; +@@ -171,6 +172,8 @@ g_vfs_daemon_finalize (GObject *object) + } + if (daemon->conn != NULL) + g_object_unref (daemon->conn); ++ if (daemon->auth_observer != NULL) ++ g_object_unref (daemon->auth_observer); + + g_hash_table_destroy (daemon->registered_paths); + g_hash_table_destroy (daemon->client_connections); +@@ -236,6 +239,35 @@ name_vanished_handler (GDBusConnection *connection, + daemon->lost_main_daemon = TRUE; + } + ++/* ++ * Authentication observer signal handler that authorizes connections ++ * from the same uid as this process. This matches the behaviour of a ++ * libdbus DBusServer/DBusConnection when no DBusAllowUnixUserFunction ++ * has been set, but is not the default in GDBus. ++ */ ++static gboolean ++authorize_authenticated_peer_cb (GDBusAuthObserver *observer, ++ G_GNUC_UNUSED GIOStream *stream, ++ GCredentials *credentials, ++ G_GNUC_UNUSED gpointer user_data) ++{ ++ gboolean authorized = FALSE; ++ ++ if (credentials != NULL) ++ { ++ GCredentials *own_credentials; ++ ++ own_credentials = g_credentials_new (); ++ ++ if (g_credentials_is_same_user (credentials, own_credentials, NULL)) ++ authorized = TRUE; ++ ++ g_object_unref (own_credentials); ++ } ++ ++ return authorized; ++} ++ + static void + g_vfs_daemon_init (GVfsDaemon *daemon) + { +@@ -265,6 +297,8 @@ g_vfs_daemon_init (GVfsDaemon *daemon) + + daemon->conn = g_bus_get_sync (G_BUS_TYPE_SESSION, NULL, NULL); + g_assert (daemon->conn != NULL); ++ daemon->auth_observer = g_dbus_auth_observer_new (); ++ g_signal_connect (daemon->auth_observer, "authorize-authenticated-peer", G_CALLBACK (authorize_authenticated_peer_cb), NULL); + + daemon->daemon_skeleton = gvfs_dbus_daemon_skeleton_new (); + g_signal_connect (daemon->daemon_skeleton, "handle-get-connection", G_CALLBACK (handle_get_connection), daemon); +@@ -876,7 +910,7 @@ handle_get_connection (GVfsDBusDaemon *object, + server = g_dbus_server_new_sync (address1, + G_DBUS_SERVER_FLAGS_NONE, + guid, +- NULL, /* GDBusAuthObserver */ ++ daemon->auth_observer, + NULL, /* GCancellable */ + &error); + g_free (guid); +-- +2.21.0 + diff --git a/gvfs-1.38.1.tar.xz b/gvfs-1.38.1.tar.xz new file mode 100644 index 0000000..408f4e7 Binary files /dev/null and b/gvfs-1.38.1.tar.xz differ diff --git a/gvfs.spec b/gvfs.spec new file mode 100644 index 0000000..8e4a82d --- /dev/null +++ b/gvfs.spec @@ -0,0 +1,222 @@ +#spec file for gvfs +%define _unpackaged_files_terminate_build 0 +%global avahi_version 0.6 +%global fuse_version 2.8.0 +%global gettext_version 0.19.4 +%global glib2_version 2.57.2 +%global goa_version 3.17.1 +%global gudev_version 147 +%global libarchive_version 3.0.22 +%global libcdio_paranoia_version 0.78.2 +%global libgcrypt_version 1.2.2 +%global libgdata_version 0.17.9 +%global libgphoto2_version 2.5.0 +%global libimobiledevice_version 1.2 +%global libmtp_version 1.1.12 +%global libnfs_version 1.9.8 +%global libplist_version 0.15 +%global libsmbclient_version 3.4.0 +%global libsoup_version 2.42.0 +%global libusb_version 1.0.21 +%global systemd_version 206 +%global talloc_version 1.3.0 +%global udisks2_version 1.97 + +Name: gvfs +Version: 1.38.1 +Release: 3 +Summary: gvfs is a backends for the gio framework in GLib +License: GPLv3 and LGPLv2+ and BSD and MPLv2.0 +URL: https://wiki.gnome.org/Projects/gvfs + +Source0: https://download.gnome.org/sources/gvfs/1.38/gvfs-%{version}.tar.xz + +#patch for cves +Patch6000: CVE-2019-12795.patch +Patch6001: CVE-2019-12447-1.patch +Patch6002: CVE-2019-12447-2.patch +Patch6003: CVE-2019-12448.patch +Patch6004: CVE-2019-12449.patch + + +BuildRequires: meson gcc pkgconfig pkgconfig(glib-2.0) >= %{glib2_version} pkgconfig(dbus-glib-1) pkgconfig(gcr-3) +BuildRequires: openssl-devel +BuildRequires: pkgconfig(libcdio_paranoia) >= %{libcdio_paranoia_version} pkgconfig(gudev-1.0) >= %{gudev_version} +BuildRequires: pkgconfig(libsoup-2.4) >= %{libsoup_version} pkgconfig(avahi-client) >= %{avahi_version} +BuildRequires: pkgconfig(avahi-glib) >= %{avahi_version} pkgconfig(libsecret-1) +BuildRequires: gettext-devel >= %{gettext_version} pkgconfig(udisks2) >= %{udisks2_version} pkgconfig(libbluray) +BuildRequires: systemd-devel >= %{systemd_version} pkgconfig(libxslt) docbook-style-xsl pkgconfig(polkit-gobject-1) pkgconfig(libcap) +BuildRequires: pkgconfig(goa-1.0) >= %{goa_version} +BuildRequires: pkgconfig(libgdata) >= %{libgdata_version} +BuildRequires: libsmbclient-devel >= %{libsmbclient_version} +BuildRequires: pkgconfig(talloc) >= %{talloc_version} +BuildRequires: pkgconfig(libarchive) >= %{libarchive_version} +BuildRequires: pkgconfig(libgphoto2) >= %{libgphoto2_version} +BuildRequires: libusb-devel >= %{libusb_version} libexif-devel +BuildRequires: pkgconfig(fuse) >= %{fuse_version} +BuildRequires: pkgconfig(libimobiledevice-1.0) >= %{libimobiledevice_version} +BuildRequires: pkgconfig(libplist) >= %{libplist_version} +BuildRequires: libgcrypt-devel >= %{libgcrypt_version} +BuildRequires: pkgconfig(libmtp) >= %{libmtp_version} +BuildRequires: pkgconfig(libnfs) >= %{libnfs_version} + +Requires: glib2%{?_isa} >= %{glib2_version} udisks2 >= %{udisks2_version} +Requires: fuse >= %{fuse_version} +Requires: libgdata%{?_isa} >= %{libgdata_version} +Requires: %{name}-client%{?_isa} = %{version}-%{release} +Requires(post): desktop-file-utils >= 0.22-6 +Requires(postun): desktop-file-utils >= 0.22-6 + +Provides: %{name}-fuse %{name}-smb %{name}-archive %{name}-gphoto2 %{name}-afc %{name}-afp %{name}-mtp %{name}-nfs %{name}-goa %{name}-tests +Obsoletes: %{name}-fuse %{name}-smb %{name}-archive %{name}-gphoto2 %{name}-afc %{name}-afp %{name}-mtp %{name}-nfs %{name}-goa %{name}-tests +Obsoletes: gnome-mount <= 0.8 gnome-mount-nautilus-properties <= 0.8 +Obsoletes: gvfs-obexftp < 1.17.91-2 +Obsoletes: %{name} < 1.9.4-1 + + +%description +GVfs is a userspace virtual filesystem implementation for GIO (a library available in GLib). +It comes with a set of backends, including trash support, SFTP, SMB, HTTP, DAV, and many others. +GVfs also contains modules for GIO that implement volume monitors and persistent metadata storage. + + +%package client +Summary: Client modules of backends for the gio framework in GLib +Conflicts: %{name} < 1.25.2-2 + +%description client +This package containers the client modules of backend implementations for the gio framework in GLib. + + +%package devel +Summary: Development files for gvfs +Requires: %{name}-client%{?_isa} = %{version}-%{release} +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description devel +This package containers the headers and other files which are required for develop applications with gvfs. + + +%package help +Summary: Documentation for gvfs + +%description help +This package contains help documentation for gvfs + +%prep +%autosetup -n %{name}-%{version} -p1 + +%build +%meson -Dinstalled_tests=true -Dman=true %{nil} +%meson_build + +%install +%meson_install +# trashlib is GPLv3, include the license +cp -p daemon/trashlib/COPYING COPYING.GPL3 + +%find_lang gvfs + +%post +# Reload .mount files: +killall -USR1 gvfsd >&/dev/null || : + +%files +%dir %{_datadir}/gvfs +%dir %{_datadir}/gvfs/mounts +%dir %{_datadir}/gvfs/remote-volume-monitors +%{_datadir}/dbus-1/services/org.gtk.vfs.Daemon.service +%{_datadir}/dbus-1/services/org.gtk.vfs.GoaVolumeMonitor.service +%{_datadir}/dbus-1/services/org.gtk.vfs.Metadata.service +%{_datadir}/dbus-1/services/org.gtk.vfs.UDisks2VolumeMonitor.service +%{_datadir}/gvfs/mounts/admin.mount +%{_datadir}/gvfs/mounts/archive.mount +%{_datadir}/gvfs/mounts/afp.mount +%{_datadir}/gvfs/mounts/afp-browse.mount +%{_datadir}/gvfs/mounts/burn.mount +%{_datadir}/gvfs/mounts/cdda.mount +%{_datadir}/gvfs/mounts/computer.mount +%{_datadir}/gvfs/mounts/dav.mount +%{_datadir}/gvfs/mounts/dav+sd.mount +%{_datadir}/gvfs/mounts/dns-sd.mount +%{_datadir}/gvfs/mounts/ftp.mount +%{_datadir}/gvfs/mounts/ftpis.mount +%{_datadir}/gvfs/mounts/ftps.mount +%{_datadir}/gvfs/mounts/google.mount +%{_datadir}/gvfs/mounts/http.mount +%{_datadir}/gvfs/mounts/localtest.mount +%{_datadir}/gvfs/mounts/network.mount +%{_datadir}/gvfs/mounts/recent.mount +%{_datadir}/gvfs/mounts/smb-browse.mount +%{_datadir}/gvfs/mounts/sftp.mount +%{_datadir}/gvfs/mounts/smb.mount +%{_datadir}/gvfs/mounts/trash.mount +%{_datadir}/gvfs/remote-volume-monitors/goa.monitor +%{_datadir}/gvfs/remote-volume-monitors/udisks2.monitor +%{_datadir}/GConf/gsettings/*.convert +%{_datadir}/glib-2.0/schemas/*.xml +%{_datadir}/polkit-1/actions/org.gtk.vfs.file-operations.policy +%{_datadir}/polkit-1/rules.d/org.gtk.vfs.file-operations.rules +%{_libdir}/gvfs/libgvfsdaemon.so +%{_libexecdir}/gvfs-goa-volume-monitor +%{_libexecdir}/gvfs-udisks2-volume-monitor +%{_libexecdir}/gvfsd +%{_libexecdir}/gvfsd-admin +%{_libexecdir}/gvfsd-afp +%{_libexecdir}/gvfsd-afp-browse +%{_libexecdir}/gvfsd-archive +%{_libexecdir}/gvfsd-burn +%{_libexecdir}/gvfsd-cdda +%{_libexecdir}/gvfsd-computer +%{_libexecdir}/gvfsd-dnssd +%{_libexecdir}/gvfsd-dav +%{_libexecdir}/gvfsd-ftp +%{_libexecdir}/gvfsd-fuse +%{_libexecdir}/gvfsd-google +%{_libexecdir}/gvfsd-http +%{_libexecdir}/gvfsd-localtest +%{_libexecdir}/gvfsd-metadata +%{_libexecdir}/gvfsd-network +%{_libexecdir}/gvfsd-recent +%{_libexecdir}/gvfsd-sftp +%{_libexecdir}/gvfsd-smb +%{_libexecdir}/gvfsd-smb-browse +%{_libexecdir}/gvfsd-trash +%{_userunitdir}/gvfs-daemon.service +%{_userunitdir}/gvfs-metadata.service +%{_userunitdir}/gvfs-udisks2-volume-monitor.service +%{_userunitdir}/gvfs-goa-volume-monitor.service +%{_tmpfilesdir}/gvfsd-fuse-tmpfiles.conf + +%files client -f gvfs.lang +%license COPYING COPYING.GPL3 +%doc NEWS README.md +%dir %{_libdir}/gvfs +%{_libdir}/gvfs/libgvfscommon.so +%{_libdir}/gio/modules/libgioremote-volume-monitor.so +%{_libdir}/gio/modules/libgvfsdbus.so + +%files devel +%dir %{_includedir}/gvfs-client +%dir %{_includedir}/gvfs-client/gvfs +%{_includedir}/gvfs-client/gvfs/gvfsurimapper.h +%{_includedir}/gvfs-client/gvfs/gvfsuriutils.h +%dir %{_libexecdir}/installed-tests +%{_libexecdir}/installed-tests/gvfs +%{_datadir}/installed-tests + +%files help +%{_mandir}/man1/gvfsd.1* +%{_mandir}/man1/gvfsd-metadata.1* +%{_mandir}/man7/gvfs.7* +%{_mandir}/man1/gvfsd-fuse.1* + +%changelog +*Tue Sep 26 2019 openEuler Buildteam - 1.38.1-3 +- Type:cves +- ID:CVE-2019-12447 CVE-2019-12448 CVE-2019-12449 +- SUG:restart +- DESC:fix CVE-2019-12447 CVE-2019-12448 CVE-2019-12449 + +* Tue Sep 26 2019 openEuler Buildteam - 1.38.1-2 +- Package init