daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x
before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server
socket without configuring an authorization rule. A local attacker could
connect to this server socket and issue D-Bus method calls. (Note that
the server socket only accepts a single connection, so the attacker
would have to discover the server and connect to the socket before its
owner does.)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2.
daemon/gvfsbackendadmin.c mishandles a file's user and group ownership
during move (and copy with G_FILE_COPY_ALL_METADATA) operations from
admin:// to file:// URIs, because root privileges are unavailable.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2.
daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is
not used.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2.
daemon/gvfsbackendadmin.c has race conditions because the admin backend
doesn't implement query_info_on_read/write.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
An incorrect permission check in the admin backend in gvfs before
version 1.39.4 was found that allows reading and modify arbitrary files
by privileged users without asking for password when no authentication
agent is running. This vulnerability can be exploited by malicious
programs running under privileges of users belonging to the wheel group
to further escalate its privileges by modifying system files without
user's knowledge. Successful exploitation requires uncommon system
configuration.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Use pkg-config to retrieve static dependencies of libarchive in gvfs.mk
instead of patching configure.ac as upstream switched to meson
Fixes:
- http://autobuild.buildroot.org/results/486187bb7b8800f44a8c173af518b84e68e53584
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Enable keyring if libsecret is available
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Enable gphoto2 if libgphoto2 and libgudev are available
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Enable cdda if libcdio-paranoia and libgudev are available
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Enable admin backend if libcap and polkit are available
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump to version 1.31.4 which is the first version including the fix for
glibc 2.28 issue with major/minor:
3424bef7ef
Do not bump to latest version of gvfs as:
- this is a major rework: autotools has been dropped in favor of meson
- it requires libglib in version 2.57.1 and we have currently 2.56.1
Also:
- add hash for license file
- Remove --disable-bash-completion, no more option since 1.31.1:
2f28fa49cf
- Remove --disable-hal, dropped since 1.31.1:
ec9c45d7c7
Fixes:
- http://autobuild.buildroot.net/results/07fa7b0ad9ae0fa9c2e59d54e4d4c76ae4f26166
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
gconf support has been dropped since 1.7.0:
e22dbb2aea
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since things are no longer installed in $(HOST_DIR)/usr, the callers
should also not refer to it.
This is a mechanical change with
git grep -l '$(HOST_DIR)/usr/bin' | xargs sed -i 's%$(HOST_DIR)/usr/bin%$(HOST_DIR)/bin%g'
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The check-package script when ran gave warnings on only using
one space before backslashes on all of these makefiles.
This patch cleans up all warnings related to the one space before
backslashes rule in the make files in the package directory.
Signed-off-by: Adam Duskett <aduskett@codeblue.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
We want to use SPDX identifier for license string as much as possible.
SPDX short identifier for LGPLv2/LGPLv2+ is LGPL-2.0/LGPL-2.0+.
This change is done using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/LGPLv2(\+)?/LGPL-2.0\1/g'
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Lots of changes, add support for libnfs, udev, libbluray, cleanup afp
support, gtk3, and systemd.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS,
make the same change for FOO_CONF_OPT.
Sed command used:
find * -type f | xargs sed -i 's#_CONF_OPT\>#&S#g'
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Since <PKG>_VARIABLE_MINOR variable in some packages is used only once,
so it is unusable. This patch removes it.
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
gvfs can make optional use of libgcrypt so it needs to depend on
it if it is selected. It's also necessary to set the
ac_cv_path_LIBGCRYPT_CONFIG variable to a known value in order
to prevent the AM_PATH_LIBGCRYPT macro from searching the host
paths for the libgcrypt-config script.
Fixes the following build problem when libgcrypt is installed on the
host system but the package is not selected in buildroot:
gvfsbackendafpbrowse.c:31:20: fatal error: gcrypt.h: No such file or directory
Signed-off-by: Markos Chandras <markos.chandras@imgtec.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Following the libglib2 bump, gvfs must be updated. We don't bump to
the latest 1.17.1, because it requires libglib2 2.37, and we have only
libglib2 2.36.x at this point.
Fixes:
http://autobuild.buildroot.net/results/d02/d026f3e697d60a3730f89acab18515eb568c4d0e/build-end.log
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Thanks to the pkgparentdir and pkgname functions, we can rewrite the
AUTOTARGETS macro in a way that avoids the need for each package to
repeat its name and the directory in which it is present.
[Peter: pkgdir->pkgparentdir]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Hal is deprecated upstream, our package has not seen any significant
work since it was added in 2007, nothing depends on it and it's blocking
a long-overdue udev update.
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Install gvfs into staging and compile the installed schemas for
use on the target.
Signed-off-by: Sven Neumann <s.neumann@raumfeld.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Drop the dbus-glib dependency as gvfs uses dbus directly.
Also change dependency on the XML parser for dbus to be more
in sync with the dbus package.
[Peter: drop expat|libxml2 deps as shared-mime-type already selects libxml2]
Signed-off-by: Sven Neumann <s.neumann@raumfeld.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Now that we have libtool-2.2.x patch support, we can get rid of a bunch
of _LIBTOOL_PATH = NO, fixing (potential) cross link issues.
Notice: php not changed, as it uses a very old 1.5 version for the
embedded sqlite, where our buildroot-libtool-v1.5.patch doesn't apply.
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
