pool/udisks2
SHA256
17
0
Fork 1
Code Issues Pull Requests Activity

Compare commits

base: pool:slfo-main
Branches Tags
pool:factory pool:slfo-1.2 pool:slfo-main
..
compare: pool:factory
Branches Tags
pool:slfo-1.2 pool:slfo-main pool:factory

6 Commits
slfo-main ... factory

Author SHA256 Message Date
Ana Guerrero
09e16364dc Accepting request 1317539 from Base:System 
OBS-URL: https://build.opensuse.org/request/show/1317539
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/udisks2?expand=0&rev=56
 2025-11-14 15:11:38 +00:00
Dominique Leuenberger
ae20548855 - Fix dbus daemon requires, it's dbus-service, not dbus-1 
OBS-URL: https://build.opensuse.org/package/show/Base:System/udisks2?expand=0&rev=115
 2025-11-13 09:16:05 +00:00
Ana Guerrero
fc28e3098a Accepting request 1303131 from Base:System 
OBS-URL: https://build.opensuse.org/request/show/1303131
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/udisks2?expand=0&rev=55
 2025-09-08 11:05:13 +00:00
Dominique Leuenberger
09c6576917 upgrade to current versions 
OBS-URL: https://build.opensuse.org/package/show/Base:System/udisks2?expand=0&rev=113
 2025-09-08 07:00:48 +00:00
Ana Guerrero
1723626bd9 Accepting request 1301946 from Base:System 
OBS-URL: https://build.opensuse.org/request/show/1301946
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/udisks2?expand=0&rev=54
 2025-09-01 15:16:56 +00:00
Thomas Blume
e6c7d59347 (CVE-2025-8067) VUL-0: missing bounds check can lead to out-of-bounds read in udisks daemon (bsc#1248502) 
OBS-URL: https://build.opensuse.org/package/show/Base:System/udisks2?expand=0&rev=111
 2025-08-29 14:00:26 +00:00
7 changed files with 833 additions and 43 deletions
Expand all files Collapse all files

574
0001-move-config-files-to-usr-etc.patch Normal file
View File

@@ -0,0 +1,574 @@
From 80ec4f57cc92654518d830a2d2db79934eb812f9 Mon Sep 17 00:00:00 2001
From: Thomas Blume <Thomas.Blume@suse.com>
Date: Thu, 4 Sep 2025 12:32:53 +0200
Subject: [PATCH] move config files to /usr/etc
---
configure.ac | 33 +++++
doc/man/Makefile.am | 12 +-
doc/man/udisks2.conf.5.xml.in.in | 10 ++
doc/man/udisks2_lsm.conf.5.xml.in.in | 6 +
modules/lsm/Makefile.am | 9 +-
modules/lsm/lsm_data.c | 30 +++-
src/Makefile.am | 18 ++-
src/udisksconfigmanager.c | 207 +++++++++++++++++++++++----
udisks/Makefile.am | 4 +
udisks/modules.conf.d/Makefile.am | 5 +-
10 files changed, 292 insertions(+), 42 deletions(-)
diff --git a/configure.ac b/configure.ac
index 3aeb3669..51ef2a02 100644
--- a/configure.ac
+++ b/configure.ac
@@ -247,6 +247,37 @@ if test "x$with_tmpfilesdir" != "xno"; then
AC_SUBST([tmpfilesdir], [$with_tmpfilesdir])
fi
+# libeconf
+AC_ARG_WITH([econf],
+ AS_HELP_STRING([--without-econf], [do not use libeconf]),
+ [], [with_econf=check]
+)
+
+have_econf=no
+AS_IF([test "x$with_econf" != xno], [
+ PKG_CHECK_MODULES([ECONF], [libeconf], [have_econf=yes], [have_econf=no])
+ AS_CASE([$with_econf:$have_econf],
+ [yes:no],
+ [AC_MSG_ERROR([libeconf expected but libeconf not found])],
+ [*:yes],
+ AC_DEFINE([HAVE_LIBECONF], [1], [Define if libeconf is available])
+ )
+])
+AM_CONDITIONAL([HAVE_ECONF], [test "x$have_econf" = xyes])
+
+AC_ARG_WITH([vendordir],
+ AS_HELP_STRING([--with-vendordir=DIR], [Directory for distribution provided configuration files (libeconf is needed for it)]),
+ [], []
+)
+AC_SUBST([vendordir], [$with_vendordir])
+AM_CONDITIONAL([USE_VENDORDIR], [test "x$with_vendordir" != x])
+AS_IF([test "x$with_vendordir" != x], [
+ AC_DEFINE([USE_VENDORDIR], [1], [Define to 1 to use vendordir])
+ AS_IF([test "x$with_econf" == xno], [
+ AC_MSG_ERROR([libeconf is needed for using vendordir])
+ ])
+])
+
# kernel modules
AC_ARG_WITH([modloaddir],
[AS_HELP_STRING([--with-modloaddir=DIR], [Directory for configuring kernel modules to load at boot])],
@@ -676,6 +707,7 @@ echo "
sbindir: ${sbindir}
datadir: ${datadir}
sysconfdir: ${sysconfdir}
+ vendordir: ${with_vendordir}
localstatedir: ${localstatedir}
docdir: ${docdir}
introspection: ${found_introspection}
@@ -687,6 +719,7 @@ echo "
using libelogind: ${have_libelogind}
use /media for mounting: ${fhs_media}
acl support: ${have_acl}
+ libeconf support: ${have_econf}
compiler: ${CC}
cflags: ${CFLAGS}
diff --git a/doc/man/Makefile.am b/doc/man/Makefile.am
index 32593cea..be934a5c 100644
--- a/doc/man/Makefile.am
+++ b/doc/man/Makefile.am
@@ -22,6 +22,12 @@ man_MANS += udisks2_lsm.conf.5
endif # HAVE_LSM
endif # ENABLE_MAN
+if USE_VENDORDIR
+VENDORDIR_COND = with_vendordir
+else
+VENDORDIR_COND = without_vendordir
+endif
+
udisksctl.1 : udisksctl.xml
$(XSLTPROC) -path "$(builddir)/.." -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $<
@@ -40,7 +46,8 @@ udisks2.conf.5.xml: udisks2.conf.5.xml.in
$(SED) "s|\$${prefix}|${prefix}|" $< > $@
udisks2.conf.5 : udisks2.conf.5.xml
- $(XSLTPROC) -path "$(builddir)/.." -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $<
+ $(XSLTPROC) --stringparam profile.condition "$(VENDORDIR_COND)" -path "$(builddir)/.." \
+ -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $<
if HAVE_LSM
# Hack: Autotools expand @sysconfdir@ as %{prefix}/etc; that's why we sed this
@@ -49,7 +56,8 @@ udisks2_lsm.conf.5.xml: udisks2_lsm.conf.5.xml.in
$(SED) "s|\$${prefix}|${prefix}|" $< > $@
udisks2_lsm.conf.5 : udisks2_lsm.conf.5.xml
- $(XSLTPROC) -path "$(builddir)/.." -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $<
+ $(XSLTPROC) --stringparam profile.condition "$(VENDORDIR_COND)" -path "$(builddir)/.." \
+ -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $<
endif # HAVE_LSM
EXTRA_DIST = \
diff --git a/doc/man/udisks2.conf.5.xml.in.in b/doc/man/udisks2.conf.5.xml.in.in
index be364a8b..caae2f62 100644
--- a/doc/man/udisks2.conf.5.xml.in.in
+++ b/doc/man/udisks2.conf.5.xml.in.in
@@ -37,6 +37,16 @@
the configuration file placed at
<emphasis>@sysconfdir@/udisks2/udisks2.conf</emphasis>.
</para>
+
+ <para condition="with_vendordir">
+ If this file does not exist, the definitions are taken from the files
+ <emphasis>@vendordir@/udisks2/udisks2.conf</emphasis>,
+ <emphasis>@vendordir@/udisks2/udisks2.d/*</emphasis> and
+ <emphasis>@sysconfdir@/udisks2/udisks2.d/*</emphasis> in that order.
+ If <emphasis>@sysconfdir@/udisks2/udisks2.d/@filename@</emphasis> exists, then
+ <emphasis>@vendordir@/udisks2/udisks2.d/@filename@</emphasis> will not be used.
+ </para>
+
</refsect1>
<refsect1>
diff --git a/doc/man/udisks2_lsm.conf.5.xml.in.in b/doc/man/udisks2_lsm.conf.5.xml.in.in
index 8115b9e8..efbdf67a 100644
--- a/doc/man/udisks2_lsm.conf.5.xml.in.in
+++ b/doc/man/udisks2_lsm.conf.5.xml.in.in
@@ -35,6 +35,12 @@
Some storage systems require extra configuration in
<emphasis>@sysconfdir@/udisks2/modules.conf.d/udisks2_lsm.conf</emphasis>.
</para>
+
+ <para condition="with_vendordir">
+ If this file does not exist, the definitions are taken from the files
+ <emphasis>@vendordir@/udisks2/modules.conf.d/udisks2_lsm.conf</emphasis>.
+ </para>
+
</refsect1>
<refsect1>
diff --git a/modules/lsm/Makefile.am b/modules/lsm/Makefile.am
index b9866028..fc27a1ba 100644
--- a/modules/lsm/Makefile.am
+++ b/modules/lsm/Makefile.am
@@ -20,8 +20,13 @@ AM_CPPFLAGS = \
$(GIO_CFLAGS) \
$(GUDEV_CFLAGS) \
$(BLOCKDEV_CFLAGS) \
- $(WARN_CFLAGS) \
- $(NULL)
+ $(WARN_CFLAGS)
+if USE_VENDORDIR
+CPPFLAGS += \
+ -D_PATH_VENDORDIR=\"${vendordir}\"
+endif
+
+CPPFLAGS += $(NULL)
if ENABLE_DAEMON
diff --git a/modules/lsm/lsm_data.c b/modules/lsm/lsm_data.c
index 55165408..b3319dbb 100644
--- a/modules/lsm/lsm_data.c
+++ b/modules/lsm/lsm_data.c
@@ -33,6 +33,7 @@
#include <libconfig.h>
#include <string.h>
#include <stdint.h>
+#include <sys/stat.h>
#define _STD_LSM_SIM_URI "sim://"
#define _STD_LSM_HPSA_URI "hpsa://"
@@ -177,8 +178,21 @@ _lsm_raid_type_to_str (lsm_volume_raid_type raid_type)
}
}
+#ifdef USE_VENDORDIR
static char *
-_lsm_get_conf_path (UDisksDaemon *daemon)
+_lsm_get_vendor_conf_path (void)
+{
+ /* This should give us '<vendordir>/modules.conf.d/udisks2_lsm.conf' */
+ return g_build_filename (_PATH_VENDORDIR,
+ PROJECT_SYSCONF_DIR,
+ _STD_LSM_CONF_PATH,
+ _STD_LSM_CONF_FILE,
+ NULL);
+}
+#endif
+
+static char *
+_lsm_get_sys_conf_path (UDisksDaemon *daemon)
{
UDisksConfigManager *config_manager;
@@ -211,6 +225,9 @@ _load_module_conf (UDisksDaemon *daemon, GError **error)
char *conf_path;
int i;
gboolean ret = TRUE;
+#ifdef USE_VENDORDIR
+ struct stat st;
+#endif
udisks_debug ("LSM: loading config file");
@@ -221,7 +238,16 @@ _load_module_conf (UDisksDaemon *daemon, GError **error)
}
/* Get the abs config file path. */
- conf_path = _lsm_get_conf_path (daemon);
+ conf_path = _lsm_get_sys_conf_path (daemon);
+
+#ifdef USE_VENDORDIR
+ if (stat(conf_path, &st) != 0)
+ {
+ /* Trying if there is a vendor defined configuration file */
+ g_free (conf_path);
+ conf_path = _lsm_get_vendor_conf_path();
+ }
+#endif
config_init (&cfg);
if (config_read_file (&cfg, conf_path) != CONFIG_TRUE)
diff --git a/src/Makefile.am b/src/Makefile.am
index 63b2250c..9f7aed82 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -27,8 +27,13 @@ AM_CPPFLAGS = \
$(GIO_CFLAGS) \
$(GMODULE_CFLAGS) \
$(BLOCKDEV_CFLAGS) \
- $(WARN_CFLAGS) \
- $(NULL)
+ $(WARN_CFLAGS)
+if USE_VENDORDIR
+CPPFLAGS += \
+ -D_PATH_VENDORDIR=\"${vendordir}\"
+endif
+
+CPPFLAGS += $(NULL)
# ------------------------------------------------------------------------------
@@ -146,8 +151,13 @@ libudisks_daemon_la_LIBADD = \
$(LIBELOGIND_LIBS) \
$(PART_LDFLAGS) \
$(SWAP_LIBS) \
- $(top_builddir)/udisks/libudisks2.la \
- $(NULL)
+ $(top_builddir)/udisks/libudisks2.la
+
+if HAVE_ECONF
+libudisks_daemon_la_LIBADD += -leconf
+endif
+
+libudisks_daemon_la_LIBADD += $(NULL)
# ------------------------------------------------------------------------------
diff --git a/src/udisksconfigmanager.c b/src/udisksconfigmanager.c
index ae612335..77562484 100644
--- a/src/udisksconfigmanager.c
+++ b/src/udisksconfigmanager.c
@@ -22,6 +22,10 @@
#include <string.h>
#include <ctype.h>
+#include <stdio.h>
+#if defined (HAVE_LIBECONF) && defined (USE_VENDORDIR)
+#include <libeconf.h>
+#endif
#include "udiskslogging.h"
#include "udisksdaemontypes.h"
@@ -91,6 +95,43 @@ udisks_config_manager_get_property (GObject *object,
}
}
+static void
+set_module_list (GList **out_modules, gchar **modules)
+{
+ gchar **modules_tmp = modules;
+
+ for (gchar * module_i = *modules_tmp; module_i; module_i = *++modules_tmp)
+ {
+ g_strstrip (module_i);
+ if (! udisks_module_validate_name (module_i) && !g_str_equal (module_i, MODULES_ALL_ARG))
+ {
+ g_warning ("Invalid module name '%s' specified in the config file.",
+ module_i);
+ continue;
+ }
+ *out_modules = g_list_append (*out_modules, g_strdup (module_i));
+ }
+}
+
+static void
+set_load_preference (UDisksModuleLoadPreference *out_load_preference, const gchar *load_preference)
+{
+ /* Check the key value */
+ if (g_ascii_strcasecmp (load_preference, "ondemand") == 0)
+ {
+ *out_load_preference = UDISKS_MODULE_LOAD_ONDEMAND;
+ }
+ else if (g_ascii_strcasecmp (load_preference, "onstartup") == 0)
+ {
+ *out_load_preference = UDISKS_MODULE_LOAD_ONSTARTUP;
+ }
+ else
+ {
+ udisks_warning ("Unknown value used for 'modules_load_preference': %s; defaulting to 'ondemand'",
+ load_preference);
+ }
+}
+
static const gchar *
get_encryption_config (const gchar *encryption)
{
@@ -138,20 +179,148 @@ udisks_config_manager_set_property (GObject *object,
}
}
+#if defined (HAVE_LIBECONF) && defined (USE_VENDORDIR)
+
static void
parse_config_file (UDisksConfigManager *manager,
UDisksModuleLoadPreference *out_load_preference,
const gchar **out_encryption,
GList **out_modules)
{
- GKeyFile *config_file;
+ gchar *conf_dir;
gchar *conf_filename;
gchar *load_preference;
gchar *encryption;
- gchar *module_i;
gchar **modules;
- gchar **modules_tmp;
GError *l_error = NULL;
+ econf_err econf_ret = ECONF_SUCCESS;
+ econf_file *key_file = NULL;
+ gchar *val;
+
+ /* Get modules and means of loading */
+ conf_dir = g_build_path (G_DIR_SEPARATOR_S,
+ PACKAGE_SYSCONF_DIR,
+ PROJECT_SYSCONF_DIR,
+ NULL);
+
+ if (manager->uninstalled || !g_str_equal(conf_dir,manager->config_dir))
+ {
+ /* Taking this file only and not parsing e.g. vendor files */
+ conf_filename = g_build_filename (G_DIR_SEPARATOR_S,
+ manager->config_dir,
+ PACKAGE_NAME_UDISKS2 ".conf",
+ NULL);
+ udisks_debug ("Loading configuration file: %s", conf_filename);
+ if ((econf_ret = econf_readFile (&key_file, conf_filename, "=", "#")))
+ {
+ udisks_warning ("Error cannot read file %s: %s", conf_filename, econf_errString(econf_ret));
+ }
+ g_free (conf_filename);
+ }
+ else
+ {
+ /* Parsing vendor, run and syscconf dir */
+ udisks_debug ("Loading configuration files (%s.conf)", PACKAGE_NAME_UDISKS2);
+
+ if (econf_ret == ECONF_SUCCESS)
+ {
+ econf_ret = econf_readConfig(&key_file,
+ PROJECT_SYSCONF_DIR,
+ _PATH_VENDORDIR,
+ PACKAGE_NAME_UDISKS2,
+ ".conf",
+ "=",
+ "#");
+ }
+ else
+ {
+ udisks_warning ("Error cannot read file %s.conf: %s",
+ PACKAGE_NAME_UDISKS2, econf_errString(econf_ret));
+ }
+ }
+
+ if (econf_ret != ECONF_SUCCESS)
+ return;
+
+ if (out_modules != NULL)
+ {
+ /* Read the list of modules to load. */
+ econf_ret = econf_getStringValue (key_file, MODULES_GROUP_NAME, MODULES_KEY, &val);
+ if (econf_ret != ECONF_SUCCESS)
+ {
+ if (econf_ret != ECONF_NOKEY) {
+ udisks_warning ("Error cannot read value %s/%s: %s",
+ MODULES_GROUP_NAME, MODULES_KEY, econf_errString(econf_ret));
+ }
+ }
+ else
+ {
+ modules = g_strsplit (val, ",", -1);
+ if (modules)
+ {
+ set_module_list (out_modules, modules);
+ g_strfreev (modules);
+ }
+ g_free(val);
+ }
+ }
+
+ if (out_load_preference != NULL)
+ {
+ /* Read the load preference configuration option. */
+ econf_ret = econf_getStringValue (key_file, MODULES_GROUP_NAME, MODULES_LOAD_PREFERENCE_KEY,
+ &load_preference);
+ if (econf_ret != ECONF_SUCCESS) {
+ if (econf_ret != ECONF_NOKEY)
+ udisks_warning ("Error cannot read value%s/%s: %s",
+ MODULES_GROUP_NAME, MODULES_LOAD_PREFERENCE_KEY, econf_errString(econf_ret));
+ }
+ else
+ {
+ if (load_preference)
+ {
+ set_load_preference (out_load_preference, load_preference);
+ g_free (load_preference);
+ }
+ }
+ }
+
+ if (out_encryption != NULL)
+ {
+ /* Read the encryption option. */
+ econf_ret = econf_getStringValue (key_file, DEFAULTS_GROUP_NAME, DEFAULTS_ENCRYPTION_KEY,
+ &encryption);
+ if (econf_ret != ECONF_SUCCESS) {
+ if (econf_ret != ECONF_NOKEY)
+ udisks_warning ("Error cannot read value %s/%s: %s",
+ DEFAULTS_GROUP_NAME, DEFAULTS_ENCRYPTION_KEY, econf_errString(econf_ret));
+ }
+ else
+ {
+ if (encryption)
+ {
+ *out_encryption = get_encryption_config (encryption);
+ g_free (encryption);
+ }
+ }
+ }
+
+ econf_free (key_file);
+}
+
+#else /* using vendordir and libeconf */
+
+static void
+parse_config_file (UDisksConfigManager *manager,
+ UDisksModuleLoadPreference *out_load_preference,
+ const gchar **out_encryption,
+ GList **out_modules)
+{
+ GKeyFile *config_file;
+ gchar *conf_filename;
+ gchar *load_preference;
+ gchar *encryption;
+ gchar **modules;
/* Get modules and means of loading */
conf_filename = g_build_filename (G_DIR_SEPARATOR_S,
@@ -172,18 +341,7 @@ parse_config_file (UDisksConfigManager *manager,
/* Read the list of modules to load. */
if (modules)
{
- modules_tmp = modules;
- for (module_i = *modules_tmp; module_i; module_i = *++modules_tmp)
- {
- g_strstrip (module_i);
- if (! udisks_module_validate_name (module_i) && !g_str_equal (module_i, MODULES_ALL_ARG))
- {
- g_warning ("Invalid module name '%s' specified in the %s config file.",
- module_i, conf_filename);
- continue;
- }
- *out_modules = g_list_append (*out_modules, g_strdup (module_i));
- }
+ set_module_list (out_modules, modules);
g_strfreev (modules);
}
}
@@ -194,28 +352,14 @@ parse_config_file (UDisksConfigManager *manager,
load_preference = g_key_file_get_string (config_file, MODULES_GROUP_NAME, MODULES_LOAD_PREFERENCE_KEY, NULL);
if (load_preference)
{
- /* Check the key value */
- if (g_ascii_strcasecmp (load_preference, "ondemand") == 0)
- {
- *out_load_preference = UDISKS_MODULE_LOAD_ONDEMAND;
- }
- else if (g_ascii_strcasecmp (load_preference, "onstartup") == 0)
- {
- *out_load_preference = UDISKS_MODULE_LOAD_ONSTARTUP;
- }
- else
- {
- udisks_warning ("Unknown value used for 'modules_load_preference': %s; defaulting to 'ondemand'",
- load_preference);
- }
-
+ set_load_preference (out_load_preference, load_preference);
g_free (load_preference);
}
}
if (out_encryption != NULL)
{
- /* Read the load preference configuration option. */
+ /* Read the encryption option. */
encryption = g_key_file_get_string (config_file, DEFAULTS_GROUP_NAME, DEFAULTS_ENCRYPTION_KEY, NULL);
if (encryption)
{
@@ -241,6 +385,7 @@ parse_config_file (UDisksConfigManager *manager,
g_key_file_free (config_file);
g_free (conf_filename);
}
+#endif
static void
udisks_config_manager_constructed (GObject *object)
diff --git a/udisks/Makefile.am b/udisks/Makefile.am
index 59365008..f9c846da 100644
--- a/udisks/Makefile.am
+++ b/udisks/Makefile.am
@@ -5,7 +5,11 @@ SUBDIRS = modules.conf.d
NULL =
if ENABLE_DAEMON
+if USE_VENDORDIR
+moduleconfdir = $(vendordir)/udisks2/
+else
moduleconfdir = $(sysconfdir)/udisks2/
+endif
moduleconf_DATA = udisks2.conf mount_options.conf
endif
diff --git a/udisks/modules.conf.d/Makefile.am b/udisks/modules.conf.d/Makefile.am
index b3abb6c6..70cb0fe8 100644
--- a/udisks/modules.conf.d/Makefile.am
+++ b/udisks/modules.conf.d/Makefile.am
@@ -1,6 +1,9 @@
## Process this file with automake to produce Makefile.in
-
+if USE_VENDORDIR
+moduleconfdir = $(vendordir)/udisks2/modules.conf.d
+else
moduleconfdir = $(sysconfdir)/udisks2/modules.conf.d
+endif
if ENABLE_DAEMON
--
2.51.0

25
0001-udiskslinuxmanager-Add-lower-bounds-check-to-fd_inde.patch
View File

@@ -1,25 +0,0 @@
From 62edfa5bebb64611df7b945c94dda8826ed9e7af Mon Sep 17 00:00:00 2001
From: Thomas Blume <Thomas.Blume@suse.com>
Date: Fri, 22 Aug 2025 15:34:25 +0200
Subject: [PATCH] udiskslinuxmanager: Add lower bounds check to fd_index
---
src/udiskslinuxmanager.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/udiskslinuxmanager.c b/src/udiskslinuxmanager.c
index d15eba6..e2df3ba 100644
--- a/src/udiskslinuxmanager.c
+++ b/src/udiskslinuxmanager.c
@@ -339,7 +339,7 @@ handle_loop_setup (UDisksManager *object,
goto out;
fd_num = g_variant_get_handle (fd_index);
- if (fd_list == NULL || fd_num >= g_unix_fd_list_get_length (fd_list))
+ if (fd_list == NULL || fd_num < 0 || fd_num >= g_unix_fd_list_get_length (fd_list))
{
g_dbus_method_invocation_return_error (invocation,
UDISKS_ERROR,
--
2.50.0

5
_service Normal file
View File

@@ -0,0 +1,5 @@
<services>
<service name="download_files" mode="localonly">
<param name="enforceupstream">yes</param>
</service>
</services>

BIN
udisks-2.10.1.tar.bz2 LFS
View File

Binary file not shown.

3
udisks-2.10.91.tar.bz2 Normal file
View File

@@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:2247ef8860a2846339240387ac1da5a7ed3432410d607fd9254a7dbe00335b1b
size 1822848

201
udisks2.changes
View File

@@ -1,20 +1,179 @@
-------------------------------------------------------------------
Mon Dec 22 16:48:02 UTC 2025 - Thomas Blume <thomas.blume@suse.com>
- (CVE-2025-8067) VUL-0: missing bounds check can lead to out-of-bounds
read in udisks daemon (bsc#1248502)
+ add 0001-udiskslinuxmanager-Add-lower-bounds-check-to-fd_inde.patch
-------------------------------------------------------------------
Tue Nov 18 08:22:44 UTC 2025 - Thomas Blume <thomas.blume@suse.com>
Thu Nov 13 08:22:41 UTC 2025 - Thorsten Kukuk <kukuk@suse.com>
- Fix dbus daemon requires, it's dbus-service, not dbus-1
-------------------------------------------------------------------
Fri Feb 14 13:24:13 UTC 2025 - Thomas Blume <thomas.blume@suse.com>
Thu Sep 4 11:15:39 UTC 2025 - Thomas Blume <thomas.blume@suse.com>
- update to version 2.10.91
- dropped merged upstream patches:
0001-udiskslinuxmanager-Add-lower-bounds-check-to-fd_inde.patch
- ported patch to upstream code:
usr_etc.patch -> 0001-move-config-files-to-usr-etc.patch
- Add gzipped log files to .gitignore
- Add option to specify metadata version when creating MD RAID
- Add support for specifying extra PBKDF options for LUKS format
- Add support for specifying label when creating LUKS devices
- Allow using key files with BITLK devices
- Change several log levels from NOTICE to INFO
- Core: Add support for LUKS header backup.
- Do not overwrite CPPFLAGS
- Do not use label for DM name when unlocking BitLocker devices
- Fix docstring for udisks_spawned_job_start
- Fix using label as DM name when unlocking encrypted devices
- Include error message when loading config file fails
- Remove beakerlib tests
- Update Brazilian Portuguese translation
- Update French translation
- Update Georgian translation
- Update German translation
- Update Hindi translation
- Update Indonesian translation
- Update Polish translation
- Update Russian translation
- Update Slovenian translation
- Update Swedish translation
- Use label for DM device name when unlocking encrypted devices
- Use udisks_info() for (un)mount messages
- build: Fix 'make shortlog'
- build: use -export-dynamic instead of -export_dynamic
- ci: Add a simple tmt test and run it via packit
- ci: Bump actions/checkout from v3 to v4
- ci: Fix running Cockpit reverse dependency tests
- ci: Install 'python3-libdnf5' for TMT test plans
- ci: Packit: Enable failure notifications for cockpit tests
- ci: Remove amazon-ec2-utils if installed
- ci: Remove priority from Testing farm repositories
- ci: Remove the custom GH action for RPM builds
- client: document NULL return for udisks_client_get_partition_table
- core: Add Encrypted.Convert method
- daemon: Add a logging function for libblockdev
- daemon: Align to the no_inhibit job argument change
- doc: Fix a typo
- doc: add missing closing bracket
- doc: fix docstring for udisks_client_get_partition_table_subtype_for_display
- doc: fix docstring for udisks_threaded_job_start
- doc: fix typos
- doc: remove duplicate dot
- docs(mdraid): update link to kernel docs
- helpers: fixed memleak and misprint check for creating second BDCrypto context
- infra: Add dependabot to automatically update GH actions
- infra: bump actions/checkout from 4 to 5
- infra: bump actions/upload-artifact from 3 to 4
- integration-test: Adapt to the new libmount context error messages
- integration-test: Fix change label test with exfatprogs 1.2.5
- lvm2: Add a sync udev trigger after removing PV signatures
- lvm2: Align to the no_inhibit job argument change
- lvm2: Refactor udisks_daemon_util_lvm2_wipe_block()
- lvm2: Try opening for unused device detection harder
- lvm: Also look at symlinks for segment PVs
- lvm: Change the known keys for GetStatistics for VDO volumes
- lvm: Manually remove removed PVs from the LVM devices file
- lvm: Use pvremove when removing PVs after deleting a VG
- man: Document ID_ATA_SMART_ACCESS
- mdraid: Expose "consistency_policy" sysfs value
- misc: Add CentOS to the install-test-dependencies playbook
- misc: Add cryptsetup to test dependencies
- misc: Add parted to test dependencies
- misc: Add python3-packaging to test dependencies
- misc: Add vdo to the test dependencies
- misc: Do not use "with_items" when installing packages
- misc: Force DNF to enable C10S Copr instead of EPEL
- misc: Separate Ansible tasks into a different file
- modules/btrfs: add GetDefaultSubvolumeID
- modules/btrfs: add SetDefaultSubvolumeID
- modules/btrfs: fix copy paste typo in auth message
- mount options: Add 'map' and 'check' ISO9660 options
- mount options: Add some more f2fs options to the allow list
- mount options: Allow 'commit' option for ext3/ext4
- objectinfo: adjust translator comment
- spec: Use SPDX license tags for subpackages
- tests: Adapt to clang differences when causing a segfault
- tests: Add Manager.LoopSetup() invalid fd test case
- tests: Add NVMe persistent discovery controller tests
- tests: Add a more robust test case for LVM devices file
- tests: Add locked LUKS teardown test
- tests: Add property name to failed asserts in test_40_drive
- tests: Allow adding optional message to failed assert calls
- tests: Avoid creating intermediary loop devices for nvme target devices
- tests: Backport safe_dbus.py from blivet
- tests: Check for dm-vdo kernel module instead of kvdo
- tests: Compress the flight_recorder.log when running tests
- tests: Enable Exfat UUID tests on Fedora
- tests: Enable LVM VDO tests on CentOS/RHEL 10
- tests: Fix expected error message with util-linux 2.41
- tests: Fix expected rotation rate for SCSI debug drives in tests
- tests: Fix running tests on systems without /etc/fstab
- tests: Fix running tests on systems without fstab and crypttab
- tests: Fix targetcli_config.json
- tests: Force Python to use 'fork' method to start child processes
- tests: Make sure /etc/iscsi/initiatorname.iscsi exists for tests
- tests: Move creation of the test devices after arguments parsing
- tests: Remove unused helper functions
- tests: Remove usage of python-six
- tests: Rework nvme revision check
- tests: Skip ExFAT UUID tests with recent exfatprogs
- tests: Skip exFAT UUID tests also on Fedora 39
- tests: Skip vdo tests on RHEL/CentOS 10
- tests: Stop trying to fully fill the VG in LVM tests
- tests: Use seek_realtime when saving journal data
- tests: Use sfdisk instead of parted to create partitions in tests
- tests: Various small Python fixes
- udisksata: Fix sense code format check
- udisksbasejob: Keep the original data when adding object path
- udisksdaemon: Add 'no_inhibit' argument for job creation functions
- udiskslinuxblock: Fix leaking string
- udiskslinuxblock: Survive a missing /etc/fstab
- udiskslinuxblockobject: Try issuing BLKRRPART ioctl harder
- udiskslinuxdevice: Fix dm-multipath ATA drives handling
- udiskslinuxdevice: Ignore ID_ATA on USB devices
- udiskslinuxdevice: Lower the severity of ATA IDENTIFY command errors
- udiskslinuxdrive: Mark external NVMe removable
- udiskslinuxdriveata: Port to libblockdev SMART plugin
- udiskslinuxdriveata: Prefer udev ID_ATA_* attributes
- udiskslinuxdriveata: Respect ID_ATA_SMART_ACCESS=none
- udiskslinuxdriveata: Trigger uevent after enabling/disabling SMART
- udiskslinuxdriveobject: Avoid refreshing NVMe health data on non-I/O controllers
- udiskslinuxdriveobject: Only refresh health information on live NVMe controllers
- udiskslinuxfilesystem: Add squashfs to well_known_filesystems
- udiskslinuxfilesystemhelpers: Add 'noexec' to the default take-ownership mount options
- udiskslinuxfilesystemhelpers: Mount private mounts with 'nodev,nosuid'
- udiskslinuxloop: Fix GError use-after-free
- udiskslinuxmanager: Add lower bounds check to fd_index
(bsc#1248502)
- udiskslinuxmanager:use dbus interface after free
- udiskslinuxmdraid: Add 'no-inhibit-lock' RequestSyncAction() option
- udiskslinuxmdraid: Avoid putting inhibit lock for externally started operations
- udiskslinuxmdraid: Refactor error reporting
- udiskslinuxnvmecontroller: Check for controller type on fetching health info
- udiskslinuxprovider: Move udev monitor in a separate thread
- udiskslinuxprovider: Properly finalize GTaskThreadFunc
- udisksstate: Always allocate store buffer for empty variants
- update Docbook DTD version to latest stable 4.5
-------------------------------------------------------------------
Fri Aug 29 13:17:17 UTC 2025 - Thomas Blume <Thomas.Blume@suse.com>
- (CVE-2025-8067) VUL-0: missing bounds check can lead to out-of-bounds
read in udisks daemon (bsc#1248502)
+ add 0001-udiskslinuxmanager-Add-lower-bounds-check-to-fd_inde.patch
-------------------------------------------------------------------
Mon Jun 16 08:14:25 UTC 2025 - Stefan Schubert <schubi@suse.com>
- Moved /etc/udisks2/modules.conf.d/udisks2_lsm.conf and
/etc/udisks2/udisks2.conf do /usr/etc. (patch usr_etc.patch)
-------------------------------------------------------------------
Wed Jan 22 15:28:36 UTC 2025 - Dominique Leuenberger <dimstar@opensuse.org>
- Drop rcFOO symlinks for CODE16 (PED-266).
-------------------------------------------------------------------
Wed May 22 13:17:26 UTC 2024 - Thomas Blume <Thomas.Blume@suse.com>
- update to version 2.10.1
- Update Ukrainian translation
- tests: Wipe used devices for LVM2 RAID tests
@@ -43,11 +202,35 @@ Fri Feb 14 13:24:13 UTC 2025 - Thomas Blume <thomas.blume@suse.com>
- build: Check for gobject-introspection m4 macro presence
- tests: start the polkitd mock with the corresponding user if it exists
- Drop merged upstream patches:
0001-doc-Clarify-the-Filesystem.Size-property-presence.patch
0001-udiskslinuxfilesystem-Force-native-tools-for-mounted.patch
0001-udiskslinuxfilesystem-Refactor-internal-whitelists.patch
0001-tests-Mark-UDF-fstab-filesystem-tests-as-unstable.patch
0001-tests-Add-offline-and-online-filesystem-grow-tests.patch
-------------------------------------------------------------------
Wed Oct 11 15:37:37 UTC 2023 - Thomas Blume <thomas.blume@suse.com>
- fix mount failure on ntfs formatted usb disks (bsc#1216055)
* add:
0001-doc-Clarify-the-Filesystem.Size-property-presence.patch
0001-tests-Mark-UDF-fstab-filesystem-tests-as-unstable.patch
0001-udiskslinuxfilesystem-Refactor-internal-whitelists.patch
0001-tests-Add-offline-and-online-filesystem-grow-tests.patch
0001-udiskslinuxfilesystem-Force-native-tools-for-mounted.patch
-------------------------------------------------------------------
Tue Aug 29 20:28:56 UTC 2023 - Luciano Santos <luc14n0@opensuse.org>
- Add Obsoletes tags for libudisks2-0_bcache and libudisks2-0_zram
modules, dropped on latest version bump, so they get removed from
end users' systems upon system upgrade.
- Drop unnecessary/discouraged %{?systemd_requires} from spec file.
-------------------------------------------------------------------
Wed Aug 16 23:33:19 UTC 2023 - Luciano Santos <luc14n0@opensuse.org>
- Update to version 2.10.0:
+ This release brings large number of internal changes, while
keeping the promise of API stability. This development cycle

65
udisks2.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package udisks2
#
# Copyright (c) 2025 SUSE LLC
# Copyright (c) 2025 SUSE LLC and contributors
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,10 +17,10 @@
%define soversion 0
%define libblockdev_version 3.0
%define libblockdev_version 3.3.1
Name: udisks2
Version: 2.10.1
Version: 2.10.91
Release: 0
Summary: Disk Manager
License: GPL-2.0-or-later AND LGPL-2.0-or-later
@@ -34,8 +34,11 @@ Source0: %{url}/releases/download/udisks-%{version}/udisks-%{version}.tar
# an exception will be silently removed with the next version update.
Patch0: harden_udisks2.service.patch
Patch1: 0001-udiskslinuxmanager-Add-lower-bounds-check-to-fd_inde.patch
Patch1: 0001-move-config-files-to-usr-etc.patch
%if 0%{?suse_version} > 1500
BuildRequires: autoconf
BuildRequires: automake
%endif
BuildRequires: chrpath
BuildRequires: docbook-xsl-stylesheets
BuildRequires: gobject-introspection-devel >= 0.6.2
@@ -46,6 +49,7 @@ BuildRequires: libblockdev-loop-devel >= %{libblockdev_version}
BuildRequires: libblockdev-mdraid-devel >= %{libblockdev_version}
BuildRequires: libblockdev-nvme-devel >= %{libblockdev_version}
BuildRequires: libblockdev-part-devel >= %{libblockdev_version}
BuildRequires: libblockdev-smart-devel >= %{libblockdev_version}
BuildRequires: libblockdev-swap-devel >= %{libblockdev_version}
BuildRequires: lvm2-devel
BuildRequires: pkgconfig
@@ -87,6 +91,7 @@ Requires: libblockdev-loop >= %{libblockdev_version}
Requires: libblockdev-mdraid >= %{libblockdev_version}
Requires: libblockdev-nvme >= %{libblockdev_version}
Requires: libblockdev-part >= %{libblockdev_version}
Requires: libblockdev-smart >= %{libblockdev_version}
Requires: libblockdev-swap >= %{libblockdev_version}
# Needed to pull in the udev daemon
Requires: udev >= 208
@@ -207,6 +212,10 @@ Zsh command line completion support for the udisksctl command.
%autosetup -p1 -n udisks-%{version}
%build
%if 0%{?suse_version} > 1500
autoreconf -f
automake
%endif
%configure \
--disable-static \
--disable-gtk-doc \
@@ -214,7 +223,11 @@ Zsh command line completion support for the udisksctl command.
--enable-btrfs \
--enable-lsm \
--enable-lvm2 \
%if 0%{?suse_version} > 1500
--with-vendordir=%{_distconfdir} \
%endif
%{nil}
%make_build
%install
@@ -233,14 +246,43 @@ ln -sf %{_sbindir}/service %{buildroot}/%{_sbindir}/rc%{name}
# Move example config file to docs
mkdir -p %{buildroot}%{_docdir}/%{name}
%if 0%{?suse_version} > 1500
mv -v %{buildroot}%{_distconfdir}/udisks2/mount_options.conf.example \
%{buildroot}%{_docdir}/%{name}/mount_options.conf.example
%else
mv -v %{buildroot}%{_sysconfdir}/udisks2/mount_options.conf.example \
%{buildroot}%{_docdir}/%{name}/mount_options.conf.example
%{buildroot}%{_docdir}/%{name}/mount_options.conf.example
%endif
%post -n libudisks2-%{soversion} -p /sbin/ldconfig
%postun -n libudisks2-%{soversion} -p /sbin/ldconfig
%pre -n %{name}
%service_add_pre udisks2.service
%if 0%{?suse_version} > 1500
# Prepare for migration to /usr/etc; save any old .rpmsave
for i in udisks2/udisks2.conf; do
test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||:
done
%posttrans
# Migration to /usr/etc, restore just created .rpmsave
for i in udisks2/udisks2.conf; do
test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||:
done
%pre -n libudisks2-%{soversion}_lsm
# Prepare for migration to /usr/etc; save any old .rpmsave
for i in udisks2/modules.conf.d/udisks2_lsm.conf; do
test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||:
done
%posttrans -n libudisks2-%{soversion}_lsm
# Migration to /usr/etc, restore just created .rpmsave
for i in udisks2/modules.conf.d/udisks2_lsm.conf; do
test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||:
done
%endif
%post -n %{name}
%{?udev_rules_update:%udev_rules_update}
@@ -257,9 +299,15 @@ mv -v %{buildroot}%{_sysconfdir}/udisks2/mount_options.conf.example \
%doc AUTHORS NEWS
%{_bindir}/udisksctl
%{_datadir}/dbus-1/system.d/org.freedesktop.UDisks2.conf
%if 0%{?suse_version} > 1500
%dir %{_distconfdir}/udisks2
%dir %{_distconfdir}/udisks2/modules.conf.d
%config %{_distconfdir}/udisks2/udisks2.conf
%else
%dir %{_sysconfdir}/udisks2
%dir %{_sysconfdir}/udisks2/modules.conf.d
%config %{_sysconfdir}/udisks2/udisks2.conf
%endif
%doc %{_docdir}/%{name}/mount_options.conf.example
%{_tmpfilesdir}/udisks2.conf
%ghost %{_rundir}/media
@@ -312,8 +360,13 @@ mv -v %{buildroot}%{_sysconfdir}/udisks2/mount_options.conf.example \
%{_datadir}/polkit-1/actions/org.freedesktop.UDisks2.btrfs.policy
%files -n libudisks2-%{soversion}_lsm
%if 0%{?suse_version} > 1500
%dir %{_distconfdir}/udisks2/modules.conf.d
%attr(0600,root,root) %config %{_distconfdir}/udisks2/modules.conf.d/udisks2_lsm.conf
%else
%dir %{_sysconfdir}/udisks2/modules.conf.d
%attr(0600,root,root) %config %{_sysconfdir}/udisks2/modules.conf.d/udisks2_lsm.conf
%endif
%dir %{_libdir}/udisks2
%dir %{_libdir}/udisks2/modules
%{_libdir}/udisks2/modules/libudisks2_lsm.so