From 2077ebe5b9f89de9508d3a4eb211f0fee998f644 Mon Sep 17 00:00:00 2001
From: mgb01105731 <mgb01105731@alibaba-inc.com>
Date: Fri, 20 Jun 2025 02:33:48 -0400
Subject: [PATCH] add patch to fix CVE-2025-6019

---
 1001-fix-CVE-2025-6019.patch | 25 +++++++++++++++++++++++++
 libblockdev.spec             |  7 ++++++-
 2 files changed, 31 insertions(+), 1 deletion(-)
 create mode 100644 1001-fix-CVE-2025-6019.patch

diff --git a/1001-fix-CVE-2025-6019.patch b/1001-fix-CVE-2025-6019.patch
new file mode 100644
index 0000000..fa9cf0e
--- /dev/null
+++ b/1001-fix-CVE-2025-6019.patch
@@ -0,0 +1,25 @@
+From 6b91aa5c44199a657767b174c6a8054e256746bd Mon Sep 17 00:00:00 2001
+From: mgb01105731 <mgb01105731@alibaba-inc.com>
+Date: Fri, 20 Jun 2025 02:31:22 -0400
+Subject: [PATCH 1/1] fix CVE-2025-6019
+
+---
+ src/plugins/fs/generic.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/plugins/fs/generic.c b/src/plugins/fs/generic.c
+index 2b2180a..60f7d75 100644
+--- a/src/plugins/fs/generic.c
++++ b/src/plugins/fs/generic.c
+@@ -661,7 +661,7 @@ static gchar* fs_mount (const gchar *device, gchar *fstype, gboolean read_only,
+                              "Failed to create temporary directory for mounting '%s'.", device);
+                 return NULL;
+             }
+-            ret = bd_fs_mount (device, mountpoint, fstype, read_only ? "ro" : NULL, NULL, &l_error);
++            ret = bd_fs_mount (device, mountpoint, fstype, read_only ? "nosuid,nodev,ro" : "nosuid,nodev", NULL, &l_error);
+             if (!ret) {
+                 g_propagate_prefixed_error (error, l_error, "Failed to mount '%s': ", device);
+                 g_rmdir (mountpoint);
+-- 
+2.41.0
+
diff --git a/libblockdev.spec b/libblockdev.spec
index 7546187..6adf6e0 100644
--- a/libblockdev.spec
+++ b/libblockdev.spec
@@ -1,4 +1,4 @@
-%define anolis_release 1
+%define anolis_release 2
 
 
 %define with_python3 1
@@ -92,6 +92,8 @@ License:     LGPL-2.1-or-later
 URL:         https://github.com/storaged-project/libblockdev
 Source0:     https://github.com/storaged-project/libblockdev/releases/download/%{version}/%{name}-%{version}.tar.gz
 Patch0:      0001-nvme_Avoid_element-type_g-i_annotations.patch
+# https://github.com/storaged-project/libblockdev/commit/46b54414f66e965e3c37f8f51e621f96258ae22e
+Patch1:      1001-fix-CVE-2025-6019.patch
 
 BuildRequires: make
 BuildRequires: glib2-devel
@@ -931,6 +933,9 @@ find %{buildroot} -type f -name "*.la" | xargs %{__rm}
 %doc README.md
 
 %changelog
+* Fri Jun 20 2025 mgb01105731 <mgb01105731@alibaba-inc.com> - 3.2.0-2
+- Add patch to fix CVE-2025-6019
+
 * Fri Feb 28 2025 Xiaoping Liu <lxp01404969@alibaba-inc.com> - 3.2.0-1
 - update to 3.2.0 from 2.28
 - Migrated to SPDX license
-- 
Gitee