From 09fcc28cd0e7671ee92241d40a0a77f586c9fd82 Mon Sep 17 00:00:00 2001 From: Saravanan Date: Tue, 30 Sep 2025 14:51:41 +0530 Subject: [PATCH] udisks2: upgrade 2.10.1 -> 2.10.2 This patch addresses below CVE's: CVE-2025-6019 CVE-2025-8067 Changelog: https://github.com/storaged-project/udisks/releases Signed-off-by: Saravanan Signed-off-by: Khem Raj --- .../udisks/udisks2/CVE-2025-6019.patch | 51 ------------------- .../{udisks2_2.10.1.bb => udisks2_2.10.2.bb} | 3 +- 2 files changed, 1 insertion(+), 53 deletions(-) delete mode 100644 meta-oe/recipes-support/udisks/udisks2/CVE-2025-6019.patch rename meta-oe/recipes-support/udisks/{udisks2_2.10.1.bb => udisks2_2.10.2.bb} (95%) diff --git a/meta-oe/recipes-support/udisks/udisks2/CVE-2025-6019.patch b/meta-oe/recipes-support/udisks/udisks2/CVE-2025-6019.patch deleted file mode 100644 index 2e94c8497f..0000000000 --- a/meta-oe/recipes-support/udisks/udisks2/CVE-2025-6019.patch +++ /dev/null @@ -1,51 +0,0 @@ -From d0d04a381036b79df91616552706d515639bb762 Mon Sep 17 00:00:00 2001 -From: Tomas Bzatek -Date: Wed, 4 Jun 2025 15:26:46 +0200 -Subject: [PATCH] udiskslinuxfilesystemhelpers: Mount private mounts with - 'nodev,nosuid' - -The private mount done in take_filesystem_ownership() should always -default to 'nodev,nosuid' for security and 'errors=remount-ro' for -selected filesystem types to handle an corrupted filesystem. This is -consistent with mount options calculation for regular mounts. - -CVE: CVE-2025-6019 -Upstream-Status: Backport [ https://github.com/storaged-project/udisks/commit/5e7277debea926370e587408517560afe87d28c9 ] - -Signed-off-by: Changqing Li ---- - src/udiskslinuxfilesystemhelpers.c | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -diff --git a/src/udiskslinuxfilesystemhelpers.c b/src/udiskslinuxfilesystemhelpers.c -index 7c5fc037..9eb7742c 100644 ---- a/src/udiskslinuxfilesystemhelpers.c -+++ b/src/udiskslinuxfilesystemhelpers.c -@@ -123,6 +123,7 @@ take_filesystem_ownership (const gchar *device, - - { - gchar *mountpoint = NULL; -+ const gchar *mount_opts; - GError *local_error = NULL; - gboolean unmount = FALSE; - gboolean success = TRUE; -@@ -151,8 +152,15 @@ take_filesystem_ownership (const gchar *device, - goto out; - } - -+ mount_opts = "nodev,nosuid"; -+ if (g_strcmp0 (fstype, "ext2") == 0 || -+ g_strcmp0 (fstype, "ext3") == 0 || -+ g_strcmp0 (fstype, "ext4") == 0 || -+ g_strcmp0 (fstype, "jfs") == 0) -+ mount_opts = "nodev,nosuid,errors=remount-ro"; -+ - /* TODO: mount to a private mount namespace */ -- if (!bd_fs_mount (device, mountpoint, fstype, NULL, NULL, &local_error)) -+ if (!bd_fs_mount (device, mountpoint, fstype, mount_opts, NULL, &local_error)) - { - g_set_error (error, UDISKS_ERROR, UDISKS_ERROR_FAILED, - "Cannot mount %s at %s: %s", --- -2.34.1 - diff --git a/meta-oe/recipes-support/udisks/udisks2_2.10.1.bb b/meta-oe/recipes-support/udisks/udisks2_2.10.2.bb similarity index 95% rename from meta-oe/recipes-support/udisks/udisks2_2.10.1.bb rename to meta-oe/recipes-support/udisks/udisks2_2.10.2.bb index cc0c19ec8e..081b315b9b 100644 --- a/meta-oe/recipes-support/udisks/udisks2_2.10.1.bb +++ b/meta-oe/recipes-support/udisks/udisks2_2.10.2.bb @@ -20,9 +20,8 @@ RDEPENDS:${PN} = "acl" SRC_URI = " \ git://github.com/storaged-project/udisks.git;branch=2.10.x-branch;protocol=https \ file://0001-Makefile.am-Dont-include-buildpath.patch \ - file://CVE-2025-6019.patch \ " -SRCREV = "18c9faf089e306ad6f3f51f5cb887a6b9aa08350" +SRCREV = "bc623acf9e7488dc105e4b00069d57e303e2616b" CVE_PRODUCT = "udisks"