Commit Graph

41 Commits

Author SHA1 Message Date
worldofpeace
fae9e165bb gvfs: fix CVE-2019-12795
This is a version of #63481 for master.

Vulnerability Description:
daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before
1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without
configuring an authorization rule. A local attacker could connect to this server
socket and issue D-Bus method calls. Note that the server socket only accepts
a single connection, so the attacker would have to discover the server and connect
to the socket before its owner does.

#63301
2019-06-18 19:48:47 -04:00
worldofpeace
02ea0d3959 gvfs: fix CVE-2019-1244{7.8.9}
This is a version of #63481 for master.

CVE-2019-12447:
daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is
not used.

CVE-2019-12448:
daemon/gvfsbackendadmin.c has race conditions because the admin backend
doesn't implement query_info_on_read/write.

CVE-2019-12449:
daemon/gvfsbackendadmin.c mishandles a file's user and group ownership
during move (and copy with G_FILE_COPY_ALL_METADATA) operations
from admin:// to file:// URIs, because root privileges are unavailable.

Upstream MR: https://gitlab.gnome.org/GNOME/gvfs/merge_requests/48
2019-06-18 19:48:47 -04:00
Tor Hedin Brønner
c3d46bb9eb gnome3.gvfs: 1.40.0 -> 1.40.1
https://download.gnome.org/sources/gvfs/1.40/gvfs-1.40.1.news
2019-04-14 19:26:18 +02:00
Tor Hedin Brønner
f6e018a3ed
gvfs: 1.38.1 -> 1.40.0
`codegen.py` no longer exists
2019-04-05 11:40:02 +02:00
Frederik Rietdijk
070290bda7 Merge master into staging-next 2018-12-31 12:00:36 +01:00
Jan Tojnar
a90974ab45
gnome3.gvfs: Add TLS support
GLib Gio’s GFile uses gvfs daemon for opening files over HTTP protocol.
To support HTTPS, we need to include glib-networking.

Closes: https://github.com/NixOS/nixpkgs/issues/52963
2018-12-28 17:40:28 +01:00
worldofpeace
c1599d29d9 gcr: rename from gnome3.gcr 2018-12-25 20:14:28 -05:00
Jan Tojnar
1852c62c67
gvfs: 1.36.2 → 1.38.1 2018-11-30 21:34:27 +01:00
Jan Tojnar
5cc18c4781
gnome3: remove versionBranch attribute
Standard library now contains stdenv.lib.versions.majorMinor,
which does the same.
2018-10-05 02:17:19 +02:00
Jan Tojnar
69a17c7a19
Revert "treewide: remove placeholder usage"
This reverts commit 82f6267023.
2018-08-30 18:18:29 +02:00
Frederik Rietdijk
099c13da1b Merge staging-next into master (#44009)
* substitute(): --subst-var was silently coercing to "" if the variable does not exist.

* libffi: simplify using `checkInputs`

* pythonPackges.hypothesis, pythonPackages.pytest: simpify dependency cycle fix

* utillinux: 2.32 -> 2.32.1

https://lkml.org/lkml/2018/7/16/532

* busybox: 1.29.0 -> 1.29.1

* bind: 9.12.1-P2 -> 9.12.2

https://ftp.isc.org/isc/bind9/9.12.2/RELEASE-NOTES-bind-9.12.2.html

* curl: 7.60.0 -> 7.61.0

* gvfs: make tests run, but disable

* ilmbase: disable tests on i686. Spooky!

* mdds: fix tests

* git: disable checks as tests are run in installcheck

* ruby: disable tests

* libcommuni: disable checks as tests are run in installcheck

* librdf: make tests run, but disable

* neon, neon_0_29: make tests run, but disable

* pciutils: 3.6.0 -> 3.6.1

Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/pciutils/versions.

* mesa: more include fixes

mostly from void-linux (thanks!)

* npth: 1.5 -> 1.6

minor bump

* boost167: Add lockfree next_prior patch

* stdenv: cleanup darwin bootstrapping

Also gets rid of the full python and some of it's dependencies in the
stdenv build closure.

* Revert "pciutils: use standardized equivalent for canonicalize_file_name"

This reverts commit f8db20fb3a.
Patching should no longer be needed with 3.6.1.

* binutils-wrapper: Try to avoid adding unnecessary -L flags

(cherry picked from commit f3758258b8895508475caf83e92bfb236a27ceb9)
Signed-off-by: Domen Kožar <domen@dev.si>

* libffi: don't check on darwin

libffi usages in stdenv broken darwin. We need to disable doCheck for that case.

* "rm $out/share/icons/hicolor/icon-theme.cache" -> hicolor-icon-theme setup-hook

* python.pkgs.pytest: setupHook to prevent creation of .pytest-cache folder, fixes #40273

When `py.test` was run with a folder as argument, it would not only
search for tests in that folder, but also create a .pytest-cache folder.
Not only is this state we don't want, but it was also causing
collisions.

* parity-ui: fix after merge

* python.pkgs.pytest-flake8: disable test, fix build

* Revert "meson: 0.46.1 -> 0.47.0"

With meson 0.47.0 (or 0.47.1, or git)
things are very wrong re:rpath handling
resulting in at best missing libs but
even corrupt binaries :(.

When we run patchelf it masks the problem
by removing obviously busted paths.
Which is probably why this wasn't noticed immediately.

Unfortunately the binary already
has a long series of paths scribbled
in a space intended for a much smaller string;
in my testing it was something like
lengths were 67 with 300+ written to it.

I think we've reported the relevant issues upstream,
but unfortunately it appears our patches
are what introduces the overwrite/corruption
(by no longer being correct in what they assume)

This doesn't look so bad to fix but it's
not something I can spend more time on
at the moment.

--

Interestingly the overwritten string data
(because it is scribbled past the bounds)
remains in the binary and is why we're suddenly
seeing unexpected references in various builds
-- notably this is is the reason we're
seeing the "extra-utils" breakage
that entirely crippled NixOS on master
(and probably on staging before?).

Fixes #43650.

This reverts commit 305ac4dade.

(cherry picked from commit 273d68eff8f7b6cd4ebed3718e5078a0f43cb55d)
Signed-off-by: Domen Kožar <domen@dev.si>
2018-07-24 15:04:48 +01:00
volth
52f53c69ce pkgs/*: remove unreferenced function arguments 2018-07-21 02:48:04 +00:00
Jan Tojnar
fd0d1f35a5
gvfs: 1.36.1 → 1.36.2 2018-05-08 03:31:57 +02:00
Jan Tojnar
72b27f2519
gnome3: 3.28.0 → 3.28.1 2018-04-14 13:35:45 +02:00
Tor Hedin Brønner
ebda67e15f gvfs: fix non-deterministic build failure 2018-04-03 15:29:24 +02:00
Jan Tojnar
82f6267023
treewide: remove placeholder usage
see 2abac54c03
2018-03-27 20:14:44 +02:00
Tor Hedin Brønner
d9253589a7
gnome3.gvfs: fix build
Also fix xfce.gvfs
2018-03-22 07:46:56 +01:00
Tor Hedin Brønner
174a82141c
gvfs: fix build 2018-03-22 07:46:50 +01:00
Jan Tojnar
0973618e4e
gnome3: automated update 2018-03-22 07:46:42 +01:00
Jan Tojnar
a5147c5220
gnome3: automated update 2018-03-08 02:05:58 +01:00
Jan Tojnar
81cbb53075
gnome3: automated update 2018-03-05 06:06:08 +01:00
Jan Tojnar
1dacd66a77
gvfs: add updateScript 2018-03-04 20:05:52 +01:00
Jan Tojnar
a31d98f312
tree-wide: autorename gnome packages to use dashes 2018-02-25 17:41:16 +01:00
Jan Tojnar
c8b58a47fc
gvfs: Rely on XML_CATALOG_FILES variable 2017-11-26 03:10:52 +01:00
Jan Tojnar
00269f660c
gvfs: 1.30.1 → 1.34.1
Bash completions were removed upstream because gvfs is deprecated
in favour of glib’s gio .

https://bugzilla.gnome.org/show_bug.cgi?id=769378
2017-11-05 17:02:26 +01:00
John Ericson
d33360c388 gvfs: Recategorize dependendencies 2017-09-21 15:49:55 -04:00
Jan Tojnar
c9d419a22b gnome: Further fixes for Using the 'memory' GSettings backend issue 2017-08-05 12:21:00 +02:00
Vladimír Čunát
56a49e6cda gvfs: fix build after update in 0809aeb47f 2016-10-13 19:32:45 +02:00
Alexander Ried
0809aeb47f
gvfs: 1.22.4 -> 1.30.1
use libgnome-keyring from gnome package set

From #19081.
2016-10-11 18:48:19 +02:00
Kirill Boltaev
bccd75094f treewide: explicitly specify gtk and related package versions 2016-09-12 18:26:06 +03:00
Vladimír Čunát
783c40eb68 dbus: split into multiple outputs and fix referrers 2015-10-13 20:19:01 +02:00
Eelco Dolstra
4b422b9dea More libgudev dependencies 2015-09-11 12:22:27 +02:00
Luca Bruno
db3b86560f GNOME 3.16.1, closes #7357 2015-04-25 12:02:33 +02:00
Nikolay Amiantov
947240d1ea gvfs: add mtp support 2014-11-03 15:18:57 +03:00
Aristid Breitkreuz
42aa2e25ec gvfs: lightWeight -> !gnomeSupport 2014-10-25 16:17:39 +02:00
Nikolay Amiantov
ca3690d426 gvfs: support samba in lightweight version 2014-10-25 16:08:50 +02:00
Luca Bruno
35ccaa2e52 Fix gsettings schemas usage for several packages due to #1901
Also add icons to epiphany
2014-04-06 11:02:21 +02:00
ambrop7@gmail.com
090ee41e6b gvfs: Fix build with lightWeight=false (close #2068)
Needed for SMB backend.
2014-03-29 21:51:16 +01:00
Vladimír Čunát
4aa1dff1d6 gvfs: major update 1.14.2 -> 1.18.3, unify to one
There were several files defining gvfs, now use one common.
Also delete long-unused forgotten xfce file.
2013-11-17 20:20:13 +01:00
Sergey Mironov
b4fdd210a6 gvfs: allow gvfs-network to access it's gconf schemas
gvfs-network fails to start until it stores some setting in Gconf (memory
backend is used by default). Unfortunately, it needs schemas for to work
correctly. By default, glib searches for schemas in /usr/share/glib-2.0/schemas
OR under GSETTINGS_SCHEMA_DIR. This patch sets this variable to let gvfs
find it's precious.
2013-04-05 15:34:20 +04:00
Vladimír Čunát
94c741c7ad gvfs: add globally, lightWeight by default
HeavyWeight will be fixed after gnome3 from x-updates.
2013-04-04 12:02:53 +04:00