From 09faeba7b0ce6d7d5eb02d5fd329930b3942cc4b Mon Sep 17 00:00:00 2001
From: zhangjian <zhangjian496@huawei.com>
Date: Mon, 23 Jun 2025 01:35:52 +0000
Subject: [PATCH 1/2] fix CVE-2025-6019

---
 ...25-6019-dont-allow-suid-on-fs-resize.patch | 26 +++++++++++++++++++
 libblockdev.spec                              | 11 ++++++--
 2 files changed, 35 insertions(+), 2 deletions(-)
 create mode 100644 0009-fix-CVE-2025-6019-dont-allow-suid-on-fs-resize.patch

diff --git a/0009-fix-CVE-2025-6019-dont-allow-suid-on-fs-resize.patch b/0009-fix-CVE-2025-6019-dont-allow-suid-on-fs-resize.patch
new file mode 100644
index 0000000..6cff01d
--- /dev/null
+++ b/0009-fix-CVE-2025-6019-dont-allow-suid-on-fs-resize.patch
@@ -0,0 +1,26 @@
+From 46b54414f66e965e3c37f8f51e621f96258ae22e Mon Sep 17 00:00:00 2001
+From: Thomas Blume <Thomas.Blume@suse.com>
+Date: Fri, 16 May 2025 14:27:10 +0200
+Subject: [PATCH] Don't allow suid and dev set on fs resize
+
+Fixes: CVE-2025-6019
+---
+ src/plugins/fs/generic.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/plugins/fs/generic.c b/src/plugins/fs/generic.c
+index 69333944..4a0c7cf8 100644
+--- a/src/plugins/fs/generic.c
++++ b/src/plugins/fs/generic.c
+@@ -683,7 +683,7 @@ static gchar* fs_mount (const gchar *device, gchar *fstype, gboolean read_only,
+                              "Failed to create temporary directory for mounting '%s'.", device);
+                 return NULL;
+             }
+-            ret = bd_fs_mount (device, mountpoint, fstype, read_only ? "ro" : NULL, NULL, &l_error);
++            ret = bd_fs_mount (device, mountpoint, fstype, read_only ? "nosuid,nodev,ro" : "nosuid,nodev", NULL, &l_error);
+             if (!ret) {
+                 g_propagate_prefixed_error (error, l_error, "Failed to mount '%s': ", device);
+                 g_rmdir (mountpoint);
+-- 
+2.33.0
+
diff --git a/libblockdev.spec b/libblockdev.spec
index ae98eb2..6a64098 100644
--- a/libblockdev.spec
+++ b/libblockdev.spec
@@ -3,8 +3,8 @@
 
 Name:    libblockdev
 Version: 2.26
-Release: 4
-Summary: libblockdev is a C library supporting GObject introspection for manipulation of block devices
+Release: 5
+Summary: ibblockdev is a C library supporting GObject introspection for manipulation of block devices
 License: LGPLv2+
 URL:     https://github.com/storaged-project/libblockdev
 Source0: https://github.com/storaged-project/libblockdev/releases/download/%{version}-1/%{name}-%{version}.tar.gz
@@ -17,6 +17,7 @@ Patch5:  0005-lvm-Fix-memory-leak-bd_lvm_cache_create_cached_lv.patch
 Patch6:  0006-fs-Fix-return-values-in-bd_fs_ntfs_get_info.patch
 Patch7:  0007-fs-Fix-return-values-in-bd_fs_xfs_get_info.patch
 Patch8:  0008-dm-Fix-comparing-DM-RAID-member-devices-UUID.patch
+Patch9:  0009-fix-CVE-2025-6019-dont-allow-suid-on-fs-resize.patch  
 
 BuildRequires: make glib2-devel libyaml-devel libbytesize-devel parted-devel libuuid-devel ndctl-devel device-mapper-devel
 BuildRequires: device-mapper-devel systemd-devel nss-devel volume_key-devel >= 0.3.9-7 libblkid-devel libmount-devel
@@ -166,6 +167,12 @@ find %{buildroot} -type f -name "*.la" | xargs %{__rm}
 
 
 %changelog
+* Mon Jun 23 2025 zhangjian <zhangjian496@huawei.com> - 2.26-5
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:fix CVE-2025-6019
+
 * Tue Jan 2 2024 liyanan <liyana61@h-partners.com> - 2.26-4
 - remove require vdo
 
-- 
Gitee


From f51ffa111c7895c8eed9afa6a85cf9b2ebe144f1 Mon Sep 17 00:00:00 2001
From: mszjaas <mszjaas@qq.com>
Date: Mon, 23 Jun 2025 02:07:27 +0000
Subject: [PATCH 2/2] add copy.

Signed-off-by: mszjaas <mszjaas@qq.com>
---
 copy | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 copy

diff --git a/copy b/copy
new file mode 100644
index 0000000..255a526
--- /dev/null
+++ b/copy
@@ -0,0 +1,25 @@
+From 46b54414f66e965e3c37f8f51e621f96258ae22e Mon Sep 17 00:00:00 2001
+From: Thomas Blume <Thomas.Blume@suse.com>
+Date: Fri, 16 May 2025 14:27:10 +0200
+Subject: [PATCH] Don't allow suid and dev set on fs resize
+
+Fixes: CVE-2025-6019
+---
+ libblockdev-2.26/src/plugins/fs/generic.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libblockdev-2.26/src/plugins/fs/generic.c b/libblockdev-2.26/src/plugins/fs/generic.c
+index eb6b556..8605139 100644
+--- a/libblockdev-2.26/src/plugins/fs/generic.c
++++ b/libblockdev-2.26/src/plugins/fs/generic.c
+@@ -409,7 +409,7 @@ static gboolean xfs_resize_device (const gchar *device, guint64 new_size, const
+                              "before resizing it.", device);
+                 return FALSE;
+             }
+-            ret = bd_fs_mount (device, mountpoint, "xfs", NULL, NULL, error);
++            ret = bd_fs_mount (device, mountpoint, "xfs", "nosuid,nodev", NULL, error);
+             if (!ret) {
+                 g_prefix_error (error, "Failed to mount '%s' before resizing it: ", device);
+                 return FALSE;
+-- 
+2.33.0
-- 
Gitee