From 8bea89d3a905b5f52222708501109f217c73c39e Mon Sep 17 00:00:00 2001 From: Zhang Peng Date: Wed, 25 Mar 2026 18:26:19 +0800 Subject: [PATCH] gvfs: upgrade 1.58.2 -> 1.60.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Major changes in 1.60.0 ======================= * CVE-2026-28296: ftp: Reject paths with CR/LF in g_vfs_ftp_file_new_from_ftp (Ondrej Holy) * monitor: Do not load monitors when GIO_USE_VFS=local (Ondrej Holy) Major changes in 1.59.90 ======================== * client: Fix use-after-free when creating async proxy failed (Ondrej Holy) * udisks2: Emit changed signals from update_all() (Ondrej Holy) * daemon: Fix race on subscribers list when on thread (Ondrej Holy) * ftp: Validate fe_size when parsing symlink target (Ondrej Holy) * ftp: Check localtime() return value before use (Ondrej Holy) * CVE-2026-28295: ftp: Use control connection address for PASV data (Ondrej Holy) * CVE-2026-28296: ftp: Reject paths containing CR/LF characters (Ondrej Holy) * gphoto2: Use g_try_realloc() instead of g_realloc() (Ondrej Holy) * cdda: Reject path traversal in mount URI host (Ondrej Holy) * client: Fail when URI has invalid UTF-8 chars (Ondrej Holy) * udisks2: Fix memory corruption with duplicate mount paths (Alessandro Astone) * build: Update GOA dependency to > 3.57.0 (Jan-Michael Brummer) * Some other fixes (correctmost, Ondrej Holy) Major changes in 1.59.1 ======================= * mtp: replace Android extension checks with capability checks (Raul Tambre) * cdda: Fix duration of last track for some media (Bastien Nocera) * dav: Add X-OC-Mtime header on push to preserve last modified time (Lawrence Murray) * udisks2: Use hash tables in the volume monitor to improve performance (Milan Crha) * onedrive: Check for identity instead of presentation identity (Jan-Michael Brummer) * build: Disable google option and mark as deprecated (Jeremy BĂ­cha, Ondrej Holy) * Fix various memory leaks (Milan Crha) * Some other fixes (wangrong, Jan-Michael Brummer, Simon Poirier) * Translation updates (GNOME Translation Project contributors) Major changes in 1.58.4 ======================= * Re-release of 1.58.3 due to incorrect release tag; no code changes. Major changes in 1.58.3 ======================= * CVE-2026-28296: ftp: Reject paths with CR/LF in g_vfs_ftp_file_new_from_ftp (Ondrej Holy) * monitor: Do not load monitors when GIO_USE_VFS=local (Ondrej Holy) Signed-off-by: Zhang Peng Signed-off-by: Khem Raj --- .../recipes-gnome/gvfs/{gvfs_1.58.2.bb => gvfs_1.60.0.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-gnome/recipes-gnome/gvfs/{gvfs_1.58.2.bb => gvfs_1.60.0.bb} (97%) diff --git a/meta-gnome/recipes-gnome/gvfs/gvfs_1.58.2.bb b/meta-gnome/recipes-gnome/gvfs/gvfs_1.60.0.bb similarity index 97% rename from meta-gnome/recipes-gnome/gvfs/gvfs_1.58.2.bb rename to meta-gnome/recipes-gnome/gvfs/gvfs_1.60.0.bb index e3b90950d6..434002e440 100644 --- a/meta-gnome/recipes-gnome/gvfs/gvfs_1.58.2.bb +++ b/meta-gnome/recipes-gnome/gvfs/gvfs_1.60.0.bb @@ -18,7 +18,7 @@ DEPENDS += "\ RDEPENDS:${PN} += "gsettings-desktop-schemas" SRC_URI = "https://download.gnome.org/sources/${BPN}/${@gnome_verdir("${PV}")}/${BPN}-${PV}.tar.xz;name=archive" -SRC_URI[archive.sha256sum] = "ad9d5bf0b45caf232520df0adee51eb650200b0370680f80a350ead9d1d61ddf" +SRC_URI[archive.sha256sum] = "648273f069e92c7e3c013b92148e82c901f08044e2b3b14c6cfbd52269f6b646" ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}"