diff --git a/0002-CVE-2021-3802.patch b/0002-CVE-2021-3802.patch new file mode 100644 index 0000000000000000000000000000000000000000..1c4d6f549cba917a8eb6d61a4e2ade6ab8df03ac --- /dev/null +++ b/0002-CVE-2021-3802.patch @@ -0,0 +1,59 @@ +From 38d90a433bda0fc0f2a409f6baa12c3958893571 Mon Sep 17 00:00:00 2001 +From: Tomas Bzatek +Date: Wed, 15 Sep 2021 14:34:49 +0200 +Subject: [PATCH] mount options: Always use errors=remount-ro for ext + filesystems + +Default mount options are focused primarily on data safety, mounting +damaged ext2/3/4 filesystem as readonly would indicate something's wrong. + +(cherry picked from commit 2d5d2b7570b0f44c14b34b5dc831f174205c10f2) +--- + data/builtin_mount_options.conf | 9 +++++++++ + src/tests/dbus-tests/test_80_filesystem.py | 6 ++++++ + 2 files changed, 15 insertions(+) + +diff --git a/data/builtin_mount_options.conf b/data/builtin_mount_options.conf +index 989258d..d76fcf2 100644 +--- a/data/builtin_mount_options.conf ++++ b/data/builtin_mount_options.conf +@@ -23,3 +23,12 @@ hfsplus_allow=uid=$UID,gid=$GID,creator,type,umask,session,part,decompose,nodeco + btrfs_allow=compress,compress-force,datacow,nodatacow,datasum,nodatasum,degraded,device,discard,nodiscard,subvol,subvolid,space_cache + + f2fs_allow=discard,nodiscard,compress_algorithm,compress_log_size,compress_extension,alloc_mode ++ ++ext2_defaults=errors=remount-ro ++ext2_allow=errors=remount-ro ++ ++ext3_defaults=errors=remount-ro ++ext3_allow=errors=remount-ro ++ ++ext4_defaults=errors=remount-ro ++ext4_allow=errors=remount-ro +diff --git a/src/tests/dbus-tests/test_80_filesystem.py b/src/tests/dbus-tests/test_80_filesystem.py +index c22855b..52feb02 100644 +--- a/src/tests/dbus-tests/test_80_filesystem.py ++++ b/src/tests/dbus-tests/test_80_filesystem.py +@@ -320,6 +320,8 @@ class UdisksFSTestCase(udiskstestcase.UdisksTestCase): + _ret, out = self.run_command('mount | grep %s' % block_fs_dev) + self.assertIn(mnt_path, out) + self.assertIn('ro', out) ++ if self._fs_name.startswith('ext'): ++ self.assertIn('errors=remount-ro', out) + + # dbus mountpoint + dbus_mounts = self.get_property(block_fs, '.Filesystem', 'MountPoints') +@@ -477,6 +479,10 @@ class UdisksFSTestCase(udiskstestcase.UdisksTestCase): + if self._fs_name == "udf": + test_custom_option(self, False, None, False, "[defaults]\ndefaults=\nallow=exec,noexec,nodev,nosuid,atime,noatime,nodiratime,ro,rw,sync,dirsync,noload,uid=ignore,uid=forget\n") + test_custom_option(self, True, "uid=notallowed", True, "[defaults]\nallow=exec,noexec,nodev,nosuid,atime,noatime,nodiratime,ro,rw,sync,dirsync,noload,uid=ignore\n") ++ if self._fs_name.startswith("ext"): ++ test_custom_option(self, False, "errors=remount-ro", True, "", match_mount_option="errors=remount-ro") ++ test_custom_option(self, True, "errors=panic", False, "") ++ test_custom_option(self, True, "errors=continue", False, "") + + # udev rules overrides + test_readonly(self, False, "", udev_rules_content = { "UDISKS_MOUNT_OPTIONS_DEFAULTS": "rw" }) +-- +2.23.0 + diff --git a/udisks2.spec b/udisks2.spec index a25816f9bdd80285d8a6bd643224cf3b0bbcef1d..35f02bec5dadc6d4969a7016391ba1ad61ca9240 100644 --- a/udisks2.spec +++ b/udisks2.spec @@ -59,17 +59,14 @@ Name: udisks2 Summary: Disk Manager Version: 2.9.0 -%if %{is_git} == 0 -Release: 2 -%else -Release: 0.%{build_date}git%{git_hash}%{?dist} -%endif +Release: 3 License: GPLv2+ Group: System Environment/Libraries URL: https://github.com/storaged-project/udisks Source0: https://github.com/storaged-project/udisks/releases/download/udisks-%{version}/udisks-%{version}.tar.bz2 Patch1: 0001-udiskslinuxmountoptions-Prevent-a-memory-leak.patch +Patch2: 0002-CVE-2021-3802.patch BuildRequires: glib2-devel >= %{glib2_version} BuildRequires: gobject-introspection-devel >= %{gobject_introspection_version} @@ -259,7 +256,7 @@ This package contains module for VDO management. %endif %prep -%setup -q -n udisks-%{version} +%autosetup -p1 -n udisks-%{version} sed -i udisks/udisks2.conf.in -e "s/encryption=luks1/encryption=%{default_luks_encryption}/" %build @@ -441,6 +438,10 @@ udevadm trigger %endif %changelog +* Tue Jan 5 2022 yanglongkang -2.9.0-3 +- rectify errors in the spec file + fix CVE-2021-3802 + * Mon Jul 27 2020 Zhiqiang Liu - 2.9.0-2 - update from 2.8.1 to 2.9.0