From e1480e079b1290925481510a62d57d9f0e19d575 Mon Sep 17 00:00:00 2001
From: Funda Wang <fundawang@yeah.net>
Date: Sat, 21 Jun 2025 00:24:11 +0800
Subject: [PATCH] fix CVE-2025-6019

---
 0009-CVE-2025-6019.patch | 23 +++++++++++++++++++++++
 libblockdev.spec         |  6 +++++-
 2 files changed, 28 insertions(+), 1 deletion(-)
 create mode 100644 0009-CVE-2025-6019.patch

diff --git a/0009-CVE-2025-6019.patch b/0009-CVE-2025-6019.patch
new file mode 100644
index 0000000..d59612f
--- /dev/null
+++ b/0009-CVE-2025-6019.patch
@@ -0,0 +1,23 @@
+From f6ae95ad8652857fdcb2f5a3bda602fb14c48bbd Mon Sep 17 00:00:00 2001
+From: Thomas Blume <Thomas.Blume@suse.com>
+Date: Fri, 16 May 2025 14:27:10 +0200
+Subject: [PATCH] Don't allow suid and dev set on fs resize
+
+Fixes: CVE-2025-6019
+---
+ src/plugins/fs/generic.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/plugins/fs/generic.c b/src/plugins/fs/generic.c
+index 89d8714a9..f68d7ca12 100644
+--- a/src/plugins/fs/generic.c
++++ b/src/plugins/fs/generic.c
+@@ -410,7 +410,7 @@ static gboolean xfs_resize_device (const gchar *device, guint64 new_size, const
+                              "before resizing it.", device);
+                 return FALSE;
+             }
+-            ret = bd_fs_mount (device, mountpoint, "xfs", NULL, NULL, error);
++            ret = bd_fs_mount (device, mountpoint, "xfs", "nosuid,nodev", NULL, error);
+             if (!ret) {
+                 g_prefix_error (error, "Failed to mount '%s' before resizing it: ", device);
+                 return FALSE;
diff --git a/libblockdev.spec b/libblockdev.spec
index ae98eb2..712782b 100644
--- a/libblockdev.spec
+++ b/libblockdev.spec
@@ -3,7 +3,7 @@
 
 Name:    libblockdev
 Version: 2.26
-Release: 4
+Release: 5
 Summary: libblockdev is a C library supporting GObject introspection for manipulation of block devices
 License: LGPLv2+
 URL:     https://github.com/storaged-project/libblockdev
@@ -17,6 +17,7 @@ Patch5:  0005-lvm-Fix-memory-leak-bd_lvm_cache_create_cached_lv.patch
 Patch6:  0006-fs-Fix-return-values-in-bd_fs_ntfs_get_info.patch
 Patch7:  0007-fs-Fix-return-values-in-bd_fs_xfs_get_info.patch
 Patch8:  0008-dm-Fix-comparing-DM-RAID-member-devices-UUID.patch
+Patch9:  0009-CVE-2025-6019.patch
 
 BuildRequires: make glib2-devel libyaml-devel libbytesize-devel parted-devel libuuid-devel ndctl-devel device-mapper-devel
 BuildRequires: device-mapper-devel systemd-devel nss-devel volume_key-devel >= 0.3.9-7 libblkid-devel libmount-devel
@@ -166,6 +167,9 @@ find %{buildroot} -type f -name "*.la" | xargs %{__rm}
 
 
 %changelog
+* Fri Jun 20 2025 Funda Wang <fundawang@yeah.net> - 2.26-5
+- fix CVE-2025-6019
+
 * Tue Jan 2 2024 liyanan <liyana61@h-partners.com> - 2.26-4
 - remove require vdo
 
-- 
Gitee