Changelog
gvfs (1.41.91-1) experimental; urgency=medium
[ Simon McVittie ]
* Add bug number and CVE ID to previous changelog entry
[ Iain Lane ]
* debian/watch: Find unstable versions
* New upstream release
+ admin: Add query_info_on_read/write functionality (CVE-2019-12448)
+ admin: Allow changing file owner (CVE-2019-12447)
+ admin: Ensure correct ownership when moving to file:// uri
(CVE-2019-12449)
+ admin: Prevent core dumps when daemon is manually started
+ admin: Use fsuid to ensure correct file ownership (CVE-2019-12447)
+ afc: Remove assumptions about length of device UUID to support new
devices
+ afp: Fix afp backend crash when no username supplied
+ build: Add dependency on gsettings-desktop-schemas
+ build: Bump required meson version to 0.50.0
+ build: Define gvfs_rpath for libgvfsdaemon.so
+ build: Several meson improvements
+ daemon: Check that the connecting client is the same user
(CVE-2019-12795)
+ daemon: Only accept EXTERNAL authentication (CVE-2019-12795)
+ daemon/udisks2: Handle lockdown option to disable writing
+ daemon: Unify some translatable strings
+ fuse: Adapt gvfsd-fuse to use fuse 3.x
+ fuse: Define RENAME_* macros when they are not defined
+ fuse: Remove max_write limit
+ gmountsource: Fix deadlocks in synchronous API
+ google: Check ownership in is_owner() without additional HTTP request
+ google: Disable deletion of non-empty directories
+ google: Do not enumerate volatile entries if title matches id
+ google: Fix crashes when deleting if the file isn't found
+ google: Fix issue with stale entries remaining after rename operation
+ google: Support deleting shared Google Drive files
+ proxy: Don't leak a GVfsDBusDaemon
+ udisks2: Change display name for crypto_unknown devices
* debian/patches: Drop backported patches. We're further ahead now.
-- Iain Lane <email address hidden> Wed, 21 Aug 2019 12:05:56 +0100