From 824d373a4ee993de6546940cbc569d3f8af38252 Mon Sep 17 00:00:00 2001
From: zhangjian <zhangjian496@huawei.com>
Date: Mon, 23 Jun 2025 01:50:55 +0000
Subject: [PATCH] fix CVE-2025-6019

---
 ...25-6019-dont-allow-suid-on-fs-resize.patch | 26 +++++++++++++++++++
 libblockdev.spec                              |  6 ++++-
 2 files changed, 31 insertions(+), 1 deletion(-)
 create mode 100644 0017-fix-CVE-2025-6019-dont-allow-suid-on-fs-resize.patch

diff --git a/0017-fix-CVE-2025-6019-dont-allow-suid-on-fs-resize.patch b/0017-fix-CVE-2025-6019-dont-allow-suid-on-fs-resize.patch
new file mode 100644
index 0000000..6cff01d
--- /dev/null
+++ b/0017-fix-CVE-2025-6019-dont-allow-suid-on-fs-resize.patch
@@ -0,0 +1,26 @@
+From 46b54414f66e965e3c37f8f51e621f96258ae22e Mon Sep 17 00:00:00 2001
+From: Thomas Blume <Thomas.Blume@suse.com>
+Date: Fri, 16 May 2025 14:27:10 +0200
+Subject: [PATCH] Don't allow suid and dev set on fs resize
+
+Fixes: CVE-2025-6019
+---
+ src/plugins/fs/generic.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/plugins/fs/generic.c b/src/plugins/fs/generic.c
+index 69333944..4a0c7cf8 100644
+--- a/src/plugins/fs/generic.c
++++ b/src/plugins/fs/generic.c
+@@ -683,7 +683,7 @@ static gchar* fs_mount (const gchar *device, gchar *fstype, gboolean read_only,
+                              "Failed to create temporary directory for mounting '%s'.", device);
+                 return NULL;
+             }
+-            ret = bd_fs_mount (device, mountpoint, fstype, read_only ? "ro" : NULL, NULL, &l_error);
++            ret = bd_fs_mount (device, mountpoint, fstype, read_only ? "nosuid,nodev,ro" : "nosuid,nodev", NULL, &l_error);
+             if (!ret) {
+                 g_propagate_prefixed_error (error, l_error, "Failed to mount '%s': ", device);
+                 g_rmdir (mountpoint);
+-- 
+2.33.0
+
diff --git a/libblockdev.spec b/libblockdev.spec
index 040e8fb..6ca5bda 100644
--- a/libblockdev.spec
+++ b/libblockdev.spec
@@ -3,7 +3,7 @@
 
 Name:    libblockdev
 Version: 2.24
-Release: 8
+Release: 9
 Summary: libblockdev is a C library supporting GObject introspection for manipulation of block devices
 License: LGPLv2+
 URL:     https://github.com/storaged-project/libblockdev
@@ -25,6 +25,7 @@ Patch13: 0013-lvm-dbus-Fix-memory-leak.patch
 Patch14: 0014-mdraid-Fix-memory-leak.patch
 Patch15: 0015-swap-Fix-memory-leak.patch
 Patch16: 0016-vdo-Do-not-use-g_memdup-in-bd_vdo_stats_copy.patch
+Patch17: 0017-fix-CVE-2025-6019-dont-allow-suid-on-fs-resize.patch  
 
 BuildRequires: glib2-devel libyaml-devel libbytesize-devel parted-devel libuuid-devel ndctl-devel device-mapper-devel
 BuildRequires: device-mapper-devel systemd-devel nss-devel volume_key-devel >= 0.3.9-7 libblkid-devel libmount-devel
@@ -187,6 +188,9 @@ find %{buildroot} -type f -name "*.la" | xargs %{__rm}
 
 
 %changelog
+* Mon Jun 23 2025 zhangjian <zhangjian496@huawei.com> - 2.24-9
+- fix CVE-2025-6019
+
 * Tue Sep 28 2021 Wenchao Hao <haowenchao@huawei.com> - 2.24-8
 - NOP:nothing but to make it able to sync between differnt branches
 
-- 
Gitee