Sync from SUSE:SLFO:1.1 libblockdev revision 9867144d47c874176c054151d56d2657

0001-dont-allow-suid-and-dev-set-on-fs-resize.patch

@@ -0,0 +1,25 @@
+From ccbec82681fa5ff7381f62faa74fc5e8ad92549b Mon Sep 17 00:00:00 2001
+From: Thomas Blume <Thomas.Blume@suse.com>
+Date: Thu, 12 Jun 2025 13:17:51 +0200
+Subject: [PATCH] dont allow suid and dev set on fs resize
+
+---
+ src/plugins/fs/generic.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/plugins/fs/generic.c b/src/plugins/fs/generic.c
+index 442f38d..b0df1de 100644
+--- a/src/plugins/fs/generic.c
++++ b/src/plugins/fs/generic.c
+@@ -379,7 +379,7 @@ static gboolean xfs_resize_device (const gchar *device, guint64 new_size, const
+                              "before resizing it.", device);
+                 return FALSE;
+             }
+-            ret = bd_fs_mount (device, mountpoint, "xfs", NULL, NULL, error);
++            ret = bd_fs_mount (device, mountpoint, "xfs", "nosuid,nodev", NULL, error);
+             if (!ret) {
+                 g_prefix_error (error, "Failed to mount '%s' before resizing it: ", device);
+                 return FALSE;
+-- 
+2.49.0
+

libblockdev-fix-libkmod-include.patch

@@ -0,0 +1,14 @@
+Index: src/plugins/kbd.c
+--- a/src/plugins/kbd.c
++++ b/src/plugins/kbd.c
+@@ -17,07 +17,07 @@
+  * Author: Vratislav Podzimek <vpodzime@redhat.com>
+  */
+ 
+-#include <libkmod.h>
++#include <kmod/libkmod.h>
+ #include <string.h>
+ #include <syslog.h>
+ #include <glob.h>
+
+--

libblockdev.changes

@@ -1,132 +1,9 @@
 -------------------------------------------------------------------
-Fri Feb 14 12:17:27 UTC 2025 - Thomas Blume <thomas.blume@suse.com>
+Thu Jun 12 11:35:20 UTC 2025 - Thomas Blume <thomas.blume@suse.com>
 
-- update to 3.1.1:
-  * Use glib2 G_GNUC_UNUSED in place of UNUSED locally defined
-  * Port to G_GNUC_INTERNAL for controlling symbols visibility
-  * Fix some more occurrences of missing port to G_GNUC_UNUSED
-  * dm_logging: Annotate redirect_dm_log() printf format
-  * tests: Add NVMe persistent discovery controller tests
-  * tests: Add NVMe controller type checks
-  * Makefile: Fix bumpver to work with micro versions
-  * tests: Manually remove removed PVs from LVM devices file
-  * tests: Ignore LVM devices file for non-LVM tests
-  * tests: Fix removing custom LVM devices file
-  * nvme: Add bd_nvme_is_tech_avail to the API file
-  * lvm-dbus: Fix passing size for pvresize over DBus
-
-- Update to 3.1.0:
-  * Add BDPluginSpec constructor and use it in plugin_specs_from_names
-  * overrides: Remove unused 'sys' import
-  * swap: Add support for checking label and UUID format
-  * fs: Add a function to check label format for F2FS
-  * fs: Add a generic function to check for fs info availability
-  * fs: Fix allowed UUID for generic mkfs with VFAT
-  * fs: Add support for getting filesystem min size for NTFS and Ext
-  * Mark NVDIMM plugin as deprecated since 3.1
-  * part: Fix potential double free when getting parttype
-  * Fix missing progress initialization in bd_crypto_luks_add_key
-  * lvm-dbus: Fix leaking error
-  * lvm-dbus: Avoid using already-freed memory
-  * utils: Add expected printf string annotation
-  * fs: Report reason for open() and ioctl() failures
-
-- Add %{_libdir}/libbd_s390.so for s390x because missing file identitied
-
-- Update to 3.0.4:
-  * plugins: use g_autofree for free'ing g_char's
-  * plugins: btrfs: use g_autofree where possible for g_free
-  * fs: correct btrfs set label description
-  * nvme: Rework memory allocation for device ioctls
-  * spec: Obsolete vdo plugin packages
-  * spec: Move obsoleted devel subpackages to libblockdev-devel
-  * ci: Bump actions/checkout from v3 to v4
-  * part: Do not open disk read-write for read only operations
-  * fs: Disable progress for ntfsresize
-  * packit: Add configuration for downstream builds
-  * logging: Default to DEBUG log level if compiled with --enable-debug
-  * Use log function when calling a plugin function that is not loaded
-  * lvm-dbus: Replace g_critical calls with bd_utils_log_format
-  * tests: Fail early when recompilation fails in library_test
-
-- Update to version 3.0.3:
-  * Always use "--fs ignore" with lvresize
-  * nvme:
-    - Use interim buffer for nvme_get_log_sanitize()
-    - Generate HostID when missing
-  * tests:
-    - Specificy required versions when importing GLib and BlockDev
-      introspection
-    - Minor NVMe HostNQN fixes
-    - Replace deprecated unittest assert calls
-  * fs:
-    - Fix leaking directories with temporary mounts
-    - Fix memory leak
-  * crypto: Correctly convert passphrases from Python to C
-
-- Update to version 3.0.2:
-  * Use ntfsinfo instead of ntfscluster for faster
-    bd_fs_ntfs_get_info.
-  * Restrict list of exported symbols via -export-symbols-regex.
-  * lib: Silence the missing DEFAULT_CONF_DIR_PATH.
-  * loop: Report BD_LOOP_ERROR_DEVICE on empty loop devices.
-  * fs: Fix unused error in extract_e2fsck_progress.
-  * fs: Use read-only mount where possible for generic FS
-    functions.
-  * fs: Document that generic functions can mount filesystems.
-  * fs: Avoid excess logging in extract_e2fsck_progress.
-- Restructure all sub-packages in the spec file to enhance
-  maintainability.
-
-- Update to 3.0.1:
-  * New bugfix release of the libblockdev library with multiple
-    fixes.
-  * loop: Define LOOP_SET_BLOCK_SIZE is not defined. And remove
-    bd_loop_get_autoclear definition.
-  * crypto: Remove stray struct redefinition.
-  * fs: Simplify struct BDFSInfo. And add missing copy and free
-    functions to the header file.
-  * vdo_stats: Remove unused libparted include.
-  * lvm: Make _vglock_start_stop static. Fix declaration for
-    bd_lvm_vdolvpoolname. And add bd_lvm_segdata_copy/free to the
-    header file.
-  * Make the conf.d directory versioned.
-- Changes from version 3.0.0:
-  * New major release of the libblockdev library. This release
-    contains a large API overhaul.
-  * VDO a KBD plugins were removed.
-  * New NVMe plugin was added.
-  * Runtime dependencies are no longer checked during plugin
-    initialization.
-  * Part plugin was rewritten to use libfdisk instead of libparted
-  * Crypto plugin API went through an extensive rewrite.
-  * Support for new technologies was added to the crypto plugin:
-    FileVault2 encryption, DM Integrity, LUKS2 tokens.
-  * Filesystem plugin adds support for btrfs, F2FS, NILFS2, exFAT
-    and UDF.
-  * Support for new filesystem operations was added to the plugin:
-    setting label and UUID, generic mkfs function and API for
-    getting feature support for filesystems.
-  * dmraid support was removed from the DM plugin.
-  * Python 2 support was dropped.
-- Drop no longer needed libblockdev-fix-libkmod-include.patch
-- Drop no longer supported sub-packages with their dependencies,
-  and their configure options, following upstream changes: python2
-  (python-devel), bcache, dmraid (dmraid-devel BuildRequires) and
-  kbd.
-- Add (gcc >= 11 or gcc11) boolean BuildRequires to ensure the
-  package is buildable on Leap 15.5, where the gcc meta-package is
-  of version 7.
-- Bump the SO version to 3 for the shared library and GI bindings
-  sub-packages.
-- Add ext2fs, fdisk, and libkeyutils pkgconfig() BuildRequires.
-  The first is a new dependency for the FS plugin. The second, for
-  the PART plugin. And the latter, for the CRYPTO plugin (before,
-  the explicit_bzero() function would be searched for).
-- Add libnvme-devel >= 1.3 BuildRequires, and pass --with-nvme to
-  configure, needed for the NVMe plugin (new upstream addition).
-- Pass --with-tools to configure, ensuring we keep building the
-  libblockdev tools.
+- suppress privilege escalation during xfs fs resize (CVE-2025-6019)
+ (bsc#1243285)
+  add 0001-dont-allow-suid-and-dev-set-on-fs-resize.patch
 
 -------------------------------------------------------------------
 Fri Oct  7 12:08:15 UTC 2022 - Dirk Müller <dmueller@suse.com>