Accepted gvfs 1.42.1-1 (source) into unstable

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 07 Oct 2019 15:40:15 +0100
Source: gvfs
Architecture: source
Version: 1.42.1-1
Distribution: unstable
Urgency: high
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
Changed-By: Simon McVittie <smcv@debian.org>
Closes: 921816 927221 929755 930376 940026
Changes:
 gvfs (1.42.1-1) unstable; urgency=medium
 .
   * Team upload
   * Merge changelog entries from unstable
   * New upstream release
     - dav: Fix mounting when 403 is returned for the parent folder
     - Revert "sftp: Always use port 22 if not specified"
       to fix use of a configured port number in ~/.ssh/config
     - Translation updates: da, de, nl
   * Upload to unstable, now that the required gsettings-desktop-schemas
     is available in testing
 .
 gvfs (1.42.0+really1.38.1-1) unstable; urgency=medium
 .
   * Team upload
   * Re-release 1.38.1-5 to unstable to overwrite premature upload of
     1.42.x. Versions 1.42.x depend on a gsettings-desktop-schemas version
     from experimental that cannot go to unstable until the mutter and
     evolution-data-server transitions for GNOME 3.34 are ready.
     (Closes: #940026)
     - d/gbp.conf: Set packaging branch to debian/unstable
 .
 gvfs (1.38.1-5) unstable; urgency=high
 .
   * Team upload
   * d/p/gvfsdaemon-Check-that-the-connecting-client-is-the-same-u.patch:
     Add missing authentication, preventing a local attacker from connecting
     to an abstract socket address learned from netstat(8) and issuing
     arbitrary D-Bus method calls
   * d/p/gvfsdaemon-Only-accept-EXTERNAL-authentication.patch:
     Harden private D-Bus connection by rejecting the more complicated
     DBUS_COOKIE_SHA1 authentication mechanism and only accepting EXTERNAL.
 .
 gvfs (1.38.1-4) unstable; urgency=high
 .
   * Team upload
   * Update from upstream gnome-3-30 branch to fix the admin backend
     (Closes: #929755)
     - Implement query_info_on_read/write to fix some race conditions
       (CVE-2019-12448)
     - Ensure that created files get the correct ownership (CVE-2019-12247)
     - Ensure that copied files get the correct ownership (CVE-2019-12449)
   * Remove obsolete version number from fuse dependency.
     gvfs needs fuse (>= 2.8.4), but that version is older than oldstable,
     so we can safely simplify to "Depends: fuse".
     The versioned dependency is not satisfied by fuse3's unversioned
     "Provides: fuse", but the unversioned dependency is. (Closes: #927221)
 .
 gvfs (1.38.1-3) unstable; urgency=high
 .
   * Team upload
   * d/p/admin-Prevent-access-if-any-authentication-agent-isn-t-av.patch:
     Add patch from upstream to prevent members of the sudo group from
     bypassing the intended password check for privileged access to files
     via the admin: backend if no polkit authentication agents are
     available (CVE-2019-3827, Closes: #921816)
   * d/p/*: Update to upstream gnome-3-30 branch, commit 1.38.1-9-gd4dab113
     - admin: Fix CVE-2019-3827 (see above)
     - autorun: Don't crash if an autorun file is not valid UTF-8
     - mtp: Don't busy-loop retrying reading an event after failure
     - udisks2: Reinstate support for deprecated comment=x-gvfs-show fstab
       option syntax (but please use x-gvfs-show instead)
     - tests: Use the right SMB port if running in the sandbox
     - Update translations: eu, sk, sr
   * d/gbp.conf: Configure for debian/buster and upstream/1.38.x branches
   * d/control: Use debian/buster branch in Vcs-Git
 .
 gvfs (1.42.0+really1.42.0-1) experimental; urgency=medium
 .
   * Team upload
   * Re-upload 1.42.x to experimental, with a higher version number than
     the revert to 1.38.x in unstable. It isn't ready for unstable just yet.
     (Closes: #940026)
 .
 gvfs (1.42.0-1) unstable; urgency=medium
 .
   * New upstream release
 .
 gvfs (1.41.91-1) experimental; urgency=medium
 .
   [ Simon McVittie ]
   * Add bug number and CVE ID to previous changelog entry
 .
   [ Iain Lane ]
   * debian/watch: Find unstable versions
   * New upstream release
     + admin: Add query_info_on_read/write functionality (CVE-2019-12448)
     + admin: Allow changing file owner (CVE-2019-12447)
     + admin: Ensure correct ownership when moving to file:// uri
       (CVE-2019-12449)
     + admin: Prevent core dumps when daemon is manually started
     + admin: Use fsuid to ensure correct file ownership (CVE-2019-12447)
     + afc: Remove assumptions about length of device UUID to support new
       devices
     + afp: Fix afp backend crash when no username supplied
     + build: Add dependency on gsettings-desktop-schemas
     + build: Bump required meson version to 0.50.0
     + build: Define gvfs_rpath for libgvfsdaemon.so
     + build: Several meson improvements
     + daemon: Check that the connecting client is the same user
       (CVE-2019-12795)
     + daemon: Only accept EXTERNAL authentication (CVE-2019-12795)
     + daemon/udisks2: Handle lockdown option to disable writing
     + daemon: Unify some translatable strings
     + fuse: Adapt gvfsd-fuse to use fuse 3.x
     + fuse: Define RENAME_* macros when they are not defined
     + fuse: Remove max_write limit
     + gmountsource: Fix deadlocks in synchronous API
     + google: Check ownership in is_owner() without additional HTTP request
     + google: Disable deletion of non-empty directories
     + google: Do not enumerate volatile entries if title matches id
     + google: Fix crashes when deleting if the file isn't found
     + google: Fix issue with stale entries remaining after rename operation
     + google: Support deleting shared Google Drive files
     + proxy: Don't leak a GVfsDBusDaemon
     + udisks2: Change display name for crypto_unknown devices
   * debian/patches: Drop backported patches. We're further ahead now.
 .
 gvfs (1.40.1-3) experimental; urgency=medium
 .
   * Team upload
   * d/p/gvfsdaemon-Check-that-the-connecting-client-is-the-same-u.patch:
     Add missing authentication, preventing a local attacker from connecting
     to an abstract socket address learned from netstat(8) and issuing
     arbitrary D-Bus method calls
     (Closes: #930376, CVE-2019-12795)
   * d/p/gvfsdaemon-Only-accept-EXTERNAL-authentication.patch:
     Harden private D-Bus connection by rejecting the more complicated
     DBUS_COOKIE_SHA1 authentication mechanism and only accepting EXTERNAL
 .
 gvfs (1.40.1-2) experimental; urgency=medium
 .
   * Team upload
   * Update from upstream gnome-3-32 branch, commit 1.40.1-9-gec939a01,
     to fix the admin backend
     (Closes: #929755)
     - Implement query_info_on_read/write to fix some race conditions
       (CVE-2019-12448)
     - Ensure that created files get the correct ownership (CVE-2019-12247)
     - Ensure that copied files get the correct ownership (CVE-2019-12449)
     - Fix deadlocks in synchronous API
     - Various fixes for afc backend
     - Update translation: zh_CN
   * Remove obsolete version number from fuse dependency.
     gvfs needs fuse (>= 2.8.4), but that version is older than oldstable,
     so we can safely simplify to "Depends: fuse".
     The versioned dependency is not satisfied by fuse3's unversioned
     "Provides: fuse", but the unversioned dependency is. (Closes: #927221)
 .
 gvfs (1.40.1-1) experimental; urgency=medium
 .
   * New upstream release
 .
 gvfs (1.40.0-1) experimental; urgency=medium
 .
   * New upstream release
   * Drop test-Remove-trailing-newline-from-the-IP-string.patch: Applied
 .
 gvfs (1.39.91-1) experimental; urgency=medium
 .
   * New upstream development release
   * Add test-Remove-trailing-newline-from-the-IP-string.patch:
     - Proposed patch to fix autopkgtest with glibc 2.29
 .
 gvfs (1.39.90-1) experimental; urgency=medium
 .
   * New upstream development release
   * Bump minimum meson to 0.49.0
Checksums-Sha1:
 c7f93e04f5be2794ac9a14b2cc190e2990a15904 3396 gvfs_1.42.1-1.dsc
 7741122e301544a7a50fe057dcb421a60b0778f5 1204916 gvfs_1.42.1.orig.tar.xz
 9388a90539c522b759c6101937ccfb585a36fa96 24508 gvfs_1.42.1-1.debian.tar.xz
 f9a492075035d302151f479eb487617fa353cdf0 19187 gvfs_1.42.1-1_source.buildinfo
Checksums-Sha256:
 6683cea560e042a5ca29a518f6e390a79950c6d6cc65c3e2a0a31f2159c8555b 3396 gvfs_1.42.1-1.dsc
 9d06071b4a1d83671f76d0e3c32b66631671669d330fe21702f60a8611c37730 1204916 gvfs_1.42.1.orig.tar.xz
 cc39d4466805abb4c8fd91fcc85b19d308ead56e64c81c7e772ee64f1b21c227 24508 gvfs_1.42.1-1.debian.tar.xz
 d795f278d23cce5b189a70d27de20422bd46d1e1499595842f4ff50f57ff3edf 19187 gvfs_1.42.1-1_source.buildinfo
Files:
 ba478b7038a6b4df058837378fb25121 3396 gnome optional gvfs_1.42.1-1.dsc
 93592535508322548d44fa036b635a0a 1204916 gnome optional gvfs_1.42.1.orig.tar.xz
 43fc9e8356c1bc33d06c4bd58e55624b 24508 gnome optional gvfs_1.42.1-1.debian.tar.xz
 86f64d39f1bbdc3566ce99475bcc1eee 19187 gnome optional gvfs_1.42.1-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAl2bVI4ACgkQ4FrhR4+B
TE+Yng//a8G5BPV2msyisPs9nAWKNXxpfQm5OtzHm33Sm4giMJl1cMDKowI5pVeL
ZvjY/EPO89fThzS/5+nmVnFnkSv+GH5L/pdR3zN1b1plOOmtaelmpu809CO+zkT+
486Etfw3dON0RKBz0+ix6ls9wDrSehALcur9qolFFa7V2QRZCdPAj3cEtBOmK3Sa
cBRn/ULWO4KEqTJ3+ENWZIpdoSpX+ypqVc8HYKHEZDLXgvX/H9+m6TarbNl1A1Gf
KkhT+82Fth4SwuZd1cx0Hj1TbdFMCphXShTWUAM8tPNYTOr0fdcbfhZvYh2O99Ll
TcigQbWiWWtL9er75XOacj+D4OGyK5YbeJLeQzFPYNkSHWyB/7umQ6n7T4sBY+Qq
JkBsCF1MX2bhm41bL6QYeLoLpz9DoFmpwYZJr/3GQBg2msh4/HKRz0fxJCa6Bc9p
O0WCD1qVXEpcyRy5kgOMP7AmfXIlEKEAlcwfs8lFR7HVw0DO0HKfzx6Lhf2luEXE
mzTwcbyhDnbM+MRDLtfnlagFgHStgLBc4Vfnl/YPDvVepvx0DGWJCYvFUa6J9+Rm
o21KhFrG7rFdpDIqwbsUcwsJuA5u994xF6ccz5a/fDHgXYzstLmXEk/Cs/slXJjP
e3yuSWbM+EKqIFuAile7iEqkRtrwn0XHuhbfyj+db85FqMRdxl4=
=gQYP
-----END PGP SIGNATURE-----