diff --git a/CVE-2019-12447-1.patch b/CVE-2019-12447-1.patch deleted file mode 100644 index 709ac1b..0000000 --- a/CVE-2019-12447-1.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 0f25dea30d01d920443ab72b0c254560ec40e14c Mon Sep 17 00:00:00 2001 -From: Ondrej Holy -Date: Thu, 23 May 2019 10:29:08 +0200 -Subject: [PATCH] admin: Allow changing file owner - -CAP_CHOWN is dropped together with other privilages and thus the backend -can't change file owner. This might be probably e.g. in case of copy -operation when G_FILE_COPY_ALL_METADATA is used. Let's keep CAP_CHOWN -to fix this. ---- - daemon/gvfsbackendadmin.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/daemon/gvfsbackendadmin.c b/daemon/gvfsbackendadmin.c -index c4e4dac2..2d949ae0 100644 ---- a/daemon/gvfsbackendadmin.c -+++ b/daemon/gvfsbackendadmin.c -@@ -968,7 +968,8 @@ g_vfs_backend_admin_init (GVfsBackendAdmin *self) - - #define REQUIRED_CAPS (CAP_TO_MASK(CAP_FOWNER) | \ - CAP_TO_MASK(CAP_DAC_OVERRIDE) | \ -- CAP_TO_MASK(CAP_DAC_READ_SEARCH)) -+ CAP_TO_MASK(CAP_DAC_READ_SEARCH) | \ -+ CAP_TO_MASK(CAP_CHOWN)) - - static void - acquire_caps (uid_t uid) --- -2.21.0 - - diff --git a/CVE-2019-12447-2.patch b/CVE-2019-12447-2.patch deleted file mode 100644 index 67ecef3..0000000 --- a/CVE-2019-12447-2.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 272e6bdac33309672955e8f8bf1b8f5f1e51fa0a Mon Sep 17 00:00:00 2001 -From: Ondrej Holy -Date: Thu, 23 May 2019 10:33:30 +0200 -Subject: [PATCH] admin: Use fsuid to ensure correct file ownership - -Files created over admin backend should be owned by root, but they are -owned by the user itself. This is because the daemon drops the uid to -make dbus connection work. Use fsuid and euid to fix this issue. - -Closes: https://gitlab.gnome.org/GNOME/gvfs/issues/21 ---- - daemon/gvfsbackendadmin.c | 29 +++++++---------------------- - 1 file changed, 7 insertions(+), 22 deletions(-) - -diff --git a/daemon/gvfsbackendadmin.c b/daemon/gvfsbackendadmin.c -index 2d949ae0..71946a02 100644 ---- a/daemon/gvfsbackendadmin.c -+++ b/daemon/gvfsbackendadmin.c -@@ -977,14 +961,15 @@ acquire_caps (uid_t uid) - struct __user_cap_header_struct hdr; - struct __user_cap_data_struct data; - -- /* Tell kernel not clear capabilities when dropping root */ -- if (prctl (PR_SET_KEEPCAPS, 1, 0, 0, 0) < 0) -- g_error ("prctl(PR_SET_KEEPCAPS) failed"); -- -- /* Drop root uid, but retain the required permitted caps */ -- if (setuid (uid) < 0) -+ /* Set euid to user to make dbus work */ -+ if (seteuid (uid) < 0) - g_error ("unable to drop privs"); - -+ /* Set fsuid to still behave like root when working with files */ -+ setfsuid (0); -+ if (setfsuid (-1) != 0) -+ g_error ("setfsuid failed"); -+ - memset (&hdr, 0, sizeof(hdr)); - hdr.version = _LINUX_CAPABILITY_VERSION; - --- -2.21.0 - - diff --git a/CVE-2019-12448.patch b/CVE-2019-12448.patch deleted file mode 100644 index 9270151..0000000 --- a/CVE-2019-12448.patch +++ /dev/null @@ -1,132 +0,0 @@ -From a1c2e7ecab0d6457fa2227d92e3569c08516eac5 Mon Sep 17 00:00:00 2001 -From: Ondrej Holy -Date: Thu, 23 May 2019 10:24:36 +0200 -Subject: [PATCH] admin: Add query_info_on_read/write functionality - -Admin backend doesn't implement query_info_on_read/write which might -potentially lead to some race conditions which aren't really wanted -especially in case of admin backend. For example, in file_copy_fallback(), -g_file_query_info() is used if g_file_input_stream_query_info() is not -supported, which in theory means that the info might be obtained from -the different file then it is opened. Let's add this missing -functionality to prevent this possibility. ---- - daemon/gvfsbackendadmin.c | 79 +++++++++++++++++++++++++++++++++------ - 1 file changed, 67 insertions(+), 12 deletions(-) - -diff --git a/daemon/gvfsbackendadmin.c b/daemon/gvfsbackendadmin.c -index 0f849008..c4e4dac2 100644 ---- a/daemon/gvfsbackendadmin.c -+++ b/daemon/gvfsbackendadmin.c -@@ -42,6 +42,8 @@ - #include "gvfsjobopenforwrite.h" - #include "gvfsjobqueryattributes.h" - #include "gvfsjobqueryinfo.h" -+#include "gvfsjobqueryinforead.h" -+#include "gvfsjobqueryinfowrite.h" - #include "gvfsjobread.h" - #include "gvfsjobseekread.h" - #include "gvfsjobseekwrite.h" -@@ -155,6 +157,19 @@ complete_job (GVfsJob *job, - g_vfs_job_succeeded (job); - } - -+static void -+fix_file_info (GFileInfo *info) -+{ -+ /* Override read/write flags, since the above call will use access() -+ * to determine permissions, which does not honor our privileged -+ * capabilities. -+ */ -+ g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_READ, TRUE); -+ g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_WRITE, TRUE); -+ g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_DELETE, TRUE); -+ g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_RENAME, TRUE); -+} -+ - static void - do_query_info (GVfsBackend *backend, - GVfsJobQueryInfo *query_info_job, -@@ -180,19 +195,57 @@ do_query_info (GVfsBackend *backend, - if (error != NULL) - goto out; - -- /* Override read/write flags, since the above call will use access() -- * to determine permissions, which does not honor our privileged -- * capabilities. -- */ -- g_file_info_set_attribute_boolean (real_info, -- G_FILE_ATTRIBUTE_ACCESS_CAN_READ, TRUE); -- g_file_info_set_attribute_boolean (real_info, -- G_FILE_ATTRIBUTE_ACCESS_CAN_WRITE, TRUE); -- g_file_info_set_attribute_boolean (real_info, -- G_FILE_ATTRIBUTE_ACCESS_CAN_DELETE, TRUE); -- g_file_info_set_attribute_boolean (real_info, -- G_FILE_ATTRIBUTE_ACCESS_CAN_RENAME, TRUE); -+ fix_file_info (real_info); -+ g_file_info_copy_into (real_info, info); -+ g_object_unref (real_info); -+ -+ out: -+ complete_job (job, error); -+} -+ -+static void -+do_query_info_on_read (GVfsBackend *backend, -+ GVfsJobQueryInfoRead *query_info_job, -+ GVfsBackendHandle handle, -+ GFileInfo *info, -+ GFileAttributeMatcher *matcher) -+{ -+ GVfsJob *job = G_VFS_JOB (query_info_job); -+ GFileInputStream *stream = handle; -+ GError *error = NULL; -+ GFileInfo *real_info; -+ -+ real_info = g_file_input_stream_query_info (stream, query_info_job->attributes, -+ job->cancellable, &error); -+ if (error != NULL) -+ goto out; -+ -+ fix_file_info (real_info); -+ g_file_info_copy_into (real_info, info); -+ g_object_unref (real_info); -+ -+ out: -+ complete_job (job, error); -+} -+ -+static void -+do_query_info_on_write (GVfsBackend *backend, -+ GVfsJobQueryInfoWrite *query_info_job, -+ GVfsBackendHandle handle, -+ GFileInfo *info, -+ GFileAttributeMatcher *matcher) -+{ -+ GVfsJob *job = G_VFS_JOB (query_info_job); -+ GFileOutputStream *stream = handle; -+ GError *error = NULL; -+ GFileInfo *real_info; -+ -+ real_info = g_file_output_stream_query_info (stream, query_info_job->attributes, -+ job->cancellable, &error); -+ if (error != NULL) -+ goto out; - -+ fix_file_info (real_info); - g_file_info_copy_into (real_info, info); - g_object_unref (real_info); - -@@ -868,6 +921,8 @@ g_vfs_backend_admin_class_init (GVfsBackendAdminClass * klass) - backend_class->mount = do_mount; - backend_class->open_for_read = do_open_for_read; - backend_class->query_info = do_query_info; -+ backend_class->query_info_on_read = do_query_info_on_read; -+ backend_class->query_info_on_write = do_query_info_on_write; - backend_class->read = do_read; - backend_class->create = do_create; - backend_class->append_to = do_append_to; --- -2.21.0 - - diff --git a/CVE-2019-12449.patch b/CVE-2019-12449.patch deleted file mode 100644 index 52c7d50..0000000 --- a/CVE-2019-12449.patch +++ /dev/null @@ -1,81 +0,0 @@ -From bed1e9685c9f65f6a3ff3b39dd8547db3e7e77f6 Mon Sep 17 00:00:00 2001 -From: Ondrej Holy -Date: Fri, 24 May 2019 09:43:43 +0200 -Subject: [PATCH] admin: Ensure correct ownership when moving to file:// uri - -User and group is not restored properly when moving (or copying with -G_FILE_COPY_ALL_METADATA) from admin:// to file://, because it is handled -by GIO fallback code, which doesn't run with root permissions. Let's -handle this case with pull method to ensure correct ownership. ---- - daemon/gvfsbackendadmin.c | 46 +++++++++++++++++++++++++++++++++++++++ - 1 file changed, 46 insertions(+) - -diff --git a/daemon/gvfsbackendadmin.c b/daemon/gvfsbackendadmin.c -index 71946a02..392824cf 100644 ---- a/daemon/gvfsbackendadmin.c -+++ b/daemon/gvfsbackendadmin.c -@@ -807,6 +807,51 @@ do_move (GVfsBackend *backend, - complete_job (job, error); - } - -+static void -+do_pull (GVfsBackend *backend, -+ GVfsJobPull *pull_job, -+ const char *source, -+ const char *local_path, -+ GFileCopyFlags flags, -+ gboolean remove_source, -+ GFileProgressCallback progress_callback, -+ gpointer progress_callback_data) -+{ -+ GVfsBackendAdmin *self = G_VFS_BACKEND_ADMIN (backend); -+ GVfsJob *job = G_VFS_JOB (pull_job); -+ GError *error = NULL; -+ GFile *src_file, *dst_file; -+ -+ /* Pull method is necessary when user/group needs to be restored, return -+ * G_IO_ERROR_NOT_SUPPORTED in other cases to proceed with the fallback code. -+ */ -+ if (!(flags & G_FILE_COPY_ALL_METADATA)) -+ { -+ g_vfs_job_failed_literal (G_VFS_JOB (job), G_IO_ERROR, -+ G_IO_ERROR_NOT_SUPPORTED, -+ _("Operation not supported")); -+ return; -+ } -+ -+ if (!check_permission (self, job)) -+ return; -+ -+ src_file = g_file_new_for_path (source); -+ dst_file = g_file_new_for_path (local_path); -+ -+ if (remove_source) -+ g_file_move (src_file, dst_file, flags, job->cancellable, -+ progress_callback, progress_callback_data, &error); -+ else -+ g_file_copy (src_file, dst_file, flags, job->cancellable, -+ progress_callback, progress_callback_data, &error); -+ -+ g_object_unref (src_file); -+ g_object_unref (dst_file); -+ -+ complete_job (job, error); -+} -+ - static void - do_query_settable_attributes (GVfsBackend *backend, - GVfsJobQueryAttributes *query_job, -@@ -927,6 +972,7 @@ g_vfs_backend_admin_class_init (GVfsBackendAdminClass * klass) - backend_class->set_attribute = do_set_attribute; - backend_class->delete = do_delete; - backend_class->move = do_move; -+ backend_class->pull = do_pull; - backend_class->query_settable_attributes = do_query_settable_attributes; - backend_class->query_writable_namespaces = do_query_writable_namespaces; - } --- -2.21.0 - - diff --git a/CVE-2019-12795.patch b/CVE-2019-12795.patch deleted file mode 100644 index 3ca4b61..0000000 --- a/CVE-2019-12795.patch +++ /dev/null @@ -1,92 +0,0 @@ -From 70dbfc68a79faac49bd3423e079cb6902522082a Mon Sep 17 00:00:00 2001 -From: Simon McVittie -Date: Wed, 5 Jun 2019 13:33:38 +0100 -Subject: [PATCH] gvfsdaemon: Check that the connecting client is the same user - -Otherwise, an attacker who learns the abstract socket address from -netstat(8) or similar could connect to it and issue D-Bus method -calls. - -Signed-off-by: Simon McVittie ---- - daemon/gvfsdaemon.c | 36 +++++++++++++++++++++++++++++++++++- - 1 file changed, 35 insertions(+), 1 deletion(-) - -diff --git a/daemon/gvfsdaemon.c b/daemon/gvfsdaemon.c -index 406d4f8e..be148a7b 100644 ---- a/daemon/gvfsdaemon.c -+++ b/daemon/gvfsdaemon.c -@@ -79,6 +79,7 @@ struct _GVfsDaemon - - gint mount_counter; - -+ GDBusAuthObserver *auth_observer; - GDBusConnection *conn; - GVfsDBusDaemon *daemon_skeleton; - GVfsDBusMountable *mountable_skeleton; -@@ -171,6 +172,8 @@ g_vfs_daemon_finalize (GObject *object) - } - if (daemon->conn != NULL) - g_object_unref (daemon->conn); -+ if (daemon->auth_observer != NULL) -+ g_object_unref (daemon->auth_observer); - - g_hash_table_destroy (daemon->registered_paths); - g_hash_table_destroy (daemon->client_connections); -@@ -236,6 +239,35 @@ name_vanished_handler (GDBusConnection *connection, - daemon->lost_main_daemon = TRUE; - } - -+/* -+ * Authentication observer signal handler that authorizes connections -+ * from the same uid as this process. This matches the behaviour of a -+ * libdbus DBusServer/DBusConnection when no DBusAllowUnixUserFunction -+ * has been set, but is not the default in GDBus. -+ */ -+static gboolean -+authorize_authenticated_peer_cb (GDBusAuthObserver *observer, -+ G_GNUC_UNUSED GIOStream *stream, -+ GCredentials *credentials, -+ G_GNUC_UNUSED gpointer user_data) -+{ -+ gboolean authorized = FALSE; -+ -+ if (credentials != NULL) -+ { -+ GCredentials *own_credentials; -+ -+ own_credentials = g_credentials_new (); -+ -+ if (g_credentials_is_same_user (credentials, own_credentials, NULL)) -+ authorized = TRUE; -+ -+ g_object_unref (own_credentials); -+ } -+ -+ return authorized; -+} -+ - static void - g_vfs_daemon_init (GVfsDaemon *daemon) - { -@@ -265,6 +297,8 @@ g_vfs_daemon_init (GVfsDaemon *daemon) - - daemon->conn = g_bus_get_sync (G_BUS_TYPE_SESSION, NULL, NULL); - g_assert (daemon->conn != NULL); -+ daemon->auth_observer = g_dbus_auth_observer_new (); -+ g_signal_connect (daemon->auth_observer, "authorize-authenticated-peer", G_CALLBACK (authorize_authenticated_peer_cb), NULL); - - daemon->daemon_skeleton = gvfs_dbus_daemon_skeleton_new (); - g_signal_connect (daemon->daemon_skeleton, "handle-get-connection", G_CALLBACK (handle_get_connection), daemon); -@@ -876,7 +910,7 @@ handle_get_connection (GVfsDBusDaemon *object, - server = g_dbus_server_new_sync (address1, - G_DBUS_SERVER_FLAGS_NONE, - guid, -- NULL, /* GDBusAuthObserver */ -+ daemon->auth_observer, - NULL, /* GCancellable */ - &error); - g_free (guid); --- -2.21.0 - diff --git a/gvfs-1.38.1.tar.xz b/gvfs-1.38.1.tar.xz deleted file mode 100644 index 408f4e7..0000000 Binary files a/gvfs-1.38.1.tar.xz and /dev/null differ diff --git a/gvfs-1.40.2.tar.xz b/gvfs-1.40.2.tar.xz new file mode 100644 index 0000000..105a5c2 Binary files /dev/null and b/gvfs-1.40.2.tar.xz differ diff --git a/gvfs.spec b/gvfs.spec index ea20217..638a2b8 100644 --- a/gvfs.spec +++ b/gvfs.spec @@ -23,20 +23,13 @@ %global udisks2_version 1.97 Name: gvfs -Version: 1.38.1 -Release: 4 +Version: 1.40.2 +Release: 1 Summary: gvfs is a backends for the gio framework in GLib License: GPLv3 and LGPLv2+ and BSD and MPLv2.0 URL: https://wiki.gnome.org/Projects/gvfs -Source0: https://download.gnome.org/sources/gvfs/1.38/gvfs-%{version}.tar.xz - -#patch for cves -Patch6000: CVE-2019-12795.patch -Patch6001: CVE-2019-12447-1.patch -Patch6002: CVE-2019-12447-2.patch -Patch6003: CVE-2019-12448.patch -Patch6004: CVE-2019-12449.patch +Source0: https://download.gnome.org/sources/gvfs/1.40/gvfs-%{version}.tar.xz BuildRequires: /usr/bin/ssh BuildRequires: meson gcc pkgconfig pkgconfig(glib-2.0) >= %{glib2_version} pkgconfig(dbus-glib-1) pkgconfig(gcr-3) @@ -212,6 +205,9 @@ killall -USR1 gvfsd >&/dev/null || : %{_mandir}/man1/gvfsd-fuse.1* %changelog +* Tue Jan 7 2019 openEuler Buildteam - 1.40.2-1 +- update to 1.40.2 + * Tue Sep 26 2019 openEuler Buildteam - 1.38.1-3 - Type:cves - ID:CVE-2019-12447 CVE-2019-12448 CVE-2019-12449