From eb981d784bee5602518acb193487163ec44f2b55 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Aug 06 2019 10:05:15 +0000 Subject: import udisks2-2.7.3-9.el7 --- diff --git a/SOURCES/lsm-complete-led_control-call.patch b/SOURCES/lsm-complete-led_control-call.patch new file mode 100644 index 0000000..8daf9f9 --- /dev/null +++ b/SOURCES/lsm-complete-led_control-call.patch @@ -0,0 +1,25 @@ +From df19070c930b28df271944e9d6ee5de42e16f2b4 Mon Sep 17 00:00:00 2001 +From: Tomas Bzatek +Date: Fri, 3 Aug 2018 11:40:48 +0200 +Subject: [PATCH] lsm: Properly complete incoming method calls + +Returning TRUE from a method call handler is not enough to finish +the method call and send reply back to caller. +--- + modules/lsm/lsm_local.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/modules/lsm/lsm_local.c b/modules/lsm/lsm_local.c +index a2a46442c..e3fc0162a 100644 +--- a/modules/lsm/lsm_local.c ++++ b/modules/lsm/lsm_local.c +@@ -180,6 +180,9 @@ led_control (UDisksDriveLsmLocal *ud_drv_lsm_local, + goto out; + } + ++ /* success, complete the method call in a generic way */ ++ g_dbus_method_invocation_return_value (invocation, g_variant_new ("()")); ++ + out: + g_free ((gchar *) blk_path); + if (lsm_err != NULL) diff --git a/SOURCES/lsm-relicense.patch b/SOURCES/lsm-relicense.patch new file mode 100644 index 0000000..6aecaa2 --- /dev/null +++ b/SOURCES/lsm-relicense.patch @@ -0,0 +1,62 @@ +From 248db65a09498be8e2a294cbf5af675a463ee2a0 Mon Sep 17 00:00:00 2001 +From: Tomas Bzatek +Date: Fri, 10 Aug 2018 14:00:01 +0200 +Subject: [PATCH] lsm: Relicense to GPLv2+ + +--- + modules/lsm/lsm_data.c | 7 ++++--- + modules/lsm/lsm_data.h | 7 ++++--- + 2 files changed, 8 insertions(+), 6 deletions(-) + +diff --git a/modules/lsm/lsm_data.c b/modules/lsm/lsm_data.c +index 729467509..5b33c04a5 100644 +--- a/modules/lsm/lsm_data.c ++++ b/modules/lsm/lsm_data.c +@@ -2,9 +2,9 @@ + * + * Copyright (C) 2015 Red Hat, Inc. + * +- * This program is free software: you can redistribute it and/or modify ++ * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by +- * the Free Software Foundation, either version 3 of the License, or ++ * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, +@@ -13,7 +13,8 @@ + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License +- * along with this program. If not, see . ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + * + * Author: Gris Ge + * +diff --git a/modules/lsm/lsm_data.h b/modules/lsm/lsm_data.h +index c5c3162e9..0b71d630d 100644 +--- a/modules/lsm/lsm_data.h ++++ b/modules/lsm/lsm_data.h +@@ -2,9 +2,9 @@ + * + * Copyright (C) 2015 Red Hat, Inc. + * +- * This program is free software: you can redistribute it and/or modify ++ * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by +- * the Free Software Foundation, either version 3 of the License, or ++ * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, +@@ -13,7 +13,8 @@ + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License +- * along with this program. If not, see . ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + * + * Author: Gris Ge + * diff --git a/SOURCES/lsm_local-gerror.patch b/SOURCES/lsm_local-gerror.patch new file mode 100644 index 0000000..92b3f94 --- /dev/null +++ b/SOURCES/lsm_local-gerror.patch @@ -0,0 +1,36 @@ +From 53a21faf97723b0e4d6c2ec9a32f61fecfa2f246 Mon Sep 17 00:00:00 2001 +From: Tomas Bzatek +Date: Fri, 3 Aug 2018 11:26:16 +0200 +Subject: [PATCH] lsm: Prevent overwriting already set error + +--- + modules/lsm/lsm_local.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/modules/lsm/lsm_local.c b/modules/lsm/lsm_local.c +index 33ff198fd..a2a46442c 100644 +--- a/modules/lsm/lsm_local.c ++++ b/modules/lsm/lsm_local.c +@@ -132,6 +132,12 @@ get_blk_path (UDisksDriveLsmLocal *ud_drv_lsm_local, + + ud_blk = udisks_object_get_block (UDISKS_OBJECT (ud_lx_blk_obj)); + blk_path = udisks_block_dup_device (ud_blk); ++ if (blk_path == NULL) ++ { ++ g_dbus_method_invocation_return_error (invocation, UDISKS_ERROR, UDISKS_ERROR_FAILED, ++ "Failed to retrieve block path of specified disk drive"); ++ goto out; ++ } + + out: + g_clear_object (&ud_blk); +@@ -156,9 +162,6 @@ led_control (UDisksDriveLsmLocal *ud_drv_lsm_local, + blk_path = get_blk_path(ud_drv_lsm_local, invocation); + if (blk_path == NULL) + { +- g_dbus_method_invocation_return_error +- (invocation, UDISKS_ERROR, UDISKS_ERROR_FAILED, +- "Failed to retrieve block path of specified disk drive"); + goto out; + } + diff --git a/SOURCES/udisks-2.7.7-g_source_remove.patch b/SOURCES/udisks-2.7.7-g_source_remove.patch new file mode 100644 index 0000000..0bdf40a --- /dev/null +++ b/SOURCES/udisks-2.7.7-g_source_remove.patch @@ -0,0 +1,69 @@ +From 4e26232e5a207b3a5269a5f6d735f1a32b31a4e8 Mon Sep 17 00:00:00 2001 +From: Andrea Azzarone +Date: Fri, 30 Mar 2018 09:15:30 +0000 +Subject: [PATCH] main.c: Properly remove sigint source + +Revert d9f7b05 and properly fix the critical warning. +--- + src/main.c | 18 ++++++------------ + 1 file changed, 6 insertions(+), 12 deletions(-) + +diff --git a/src/main.c b/src/main.c +index 88f3dafac..0444e0179 100644 +--- a/src/main.c ++++ b/src/main.c +@@ -93,7 +93,7 @@ on_sigint (gpointer user_data) + { + udisks_info ("Caught SIGINT. Initiating shutdown"); + g_main_loop_quit (loop); +- return FALSE; ++ return G_SOURCE_CONTINUE; /* We will manually remove the source using g_source_remove */ + } + + int +@@ -104,12 +104,13 @@ main (int argc, + GOptionContext *opt_context; + gint ret; + guint name_owner_id; +- GSource *sigint_source = NULL; ++ guint sigint_id; + + ret = 1; + loop = NULL; + opt_context = NULL; + name_owner_id = 0; ++ sigint_id = 0; + + /* avoid gvfs (http://bugzilla.gnome.org/show_bug.cgi?id=526454) */ + if (!g_setenv ("GIO_USE_VFS", "local", TRUE)) +@@ -148,13 +149,11 @@ main (int argc, + + if (!opt_no_sigint) + { +- guint sigint_id = g_unix_signal_add_full (G_PRIORITY_DEFAULT, ++ sigint_id = g_unix_signal_add_full (G_PRIORITY_DEFAULT, + SIGINT, + on_sigint, + NULL, /* user_data */ + NULL); /* GDestroyNotify */ +- if (sigint_id) +- sigint_source = g_main_context_find_source_by_id (NULL, sigint_id); + } + + name_owner_id = g_bus_own_name (G_BUS_TYPE_SYSTEM, +@@ -175,13 +174,8 @@ main (int argc, + ret = 0; + + out: +- if (sigint_source) +- { +- if(! g_source_is_destroyed(sigint_source)) +- { +- g_source_destroy (sigint_source); +- } +- } ++ if (sigint_id > 0) ++ g_source_remove (sigint_id); + if (the_daemon != NULL) + g_object_unref (the_daemon); + if (name_owner_id != 0) diff --git a/SOURCES/udisks-2.8.1-string-format-vulnerability_CVE-2018-17336.patch b/SOURCES/udisks-2.8.1-string-format-vulnerability_CVE-2018-17336.patch new file mode 100644 index 0000000..b70ba17 --- /dev/null +++ b/SOURCES/udisks-2.8.1-string-format-vulnerability_CVE-2018-17336.patch @@ -0,0 +1,32 @@ +From e369a9b4b08e9373c814c05328b366c938284eb5 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Kai=20L=C3=BCke?= +Date: Tue, 18 Sep 2018 13:12:14 +0200 +Subject: [PATCH] Fix string format vulnerability + +If the message in g_log_structured itself +contained format sequences like %d or %n they +were applied again, leading to leaked stack contents +and possibly memory corruption. It can be triggered +e.g. by a volume label containing format sequences. + +Print the message argument itself into a "%s" string +to avoid intepreting format sequences. + +https://github.com/storaged-project/udisks/issues/578 +--- + src/udiskslogging.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/udiskslogging.c b/src/udiskslogging.c +index ab49fcbf4..47a3af23a 100644 +--- a/src/udiskslogging.c ++++ b/src/udiskslogging.c +@@ -60,7 +60,7 @@ udisks_log (UDisksLogLevel level, + + #if GLIB_CHECK_VERSION(2, 50, 0) + g_log_structured ("udisks", (GLogLevelFlags) level, +- "MESSAGE", message, "THREAD_ID", "%d", (gint) syscall (SYS_gettid), ++ "MESSAGE", "%s", message, "THREAD_ID", "%d", (gint) syscall (SYS_gettid), + "CODE_FUNC", function, "CODE_FILE", location); + #else + g_log ("udisks", level, "[%d]: %s [%s, %s()]", (gint) syscall (SYS_gettid), message, location, function); diff --git a/SOURCES/udisks-2.8.2-THREAD_ID-logging.patch b/SOURCES/udisks-2.8.2-THREAD_ID-logging.patch new file mode 100644 index 0000000..125c04a --- /dev/null +++ b/SOURCES/udisks-2.8.2-THREAD_ID-logging.patch @@ -0,0 +1,39 @@ +From 61e3d7a38e7b0efc0d19a0340da2624a1f720b3c Mon Sep 17 00:00:00 2001 +From: Tomas Bzatek +Date: Thu, 1 Nov 2018 13:44:34 +0100 +Subject: [PATCH] udiskslogging: Fix THREAD_ID field logging + +The call to g_log_structured() was not conforming the rules stated in the +documentation: "The MESSAGE-format pair has to be the last of the key-value +pairs, and MESSAGE is the only field for which printf()-style formatting +is supported." +--- + src/udiskslogging.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/src/udiskslogging.c b/src/udiskslogging.c +index 47a3af23a..0cb8d959d 100644 +--- a/src/udiskslogging.c ++++ b/src/udiskslogging.c +@@ -53,15 +53,19 @@ udisks_log (UDisksLogLevel level, + { + va_list var_args; + gchar *message; ++ gchar *thread_id; + + va_start (var_args, format); + message = g_strdup_vprintf (format, var_args); + va_end (var_args); + + #if GLIB_CHECK_VERSION(2, 50, 0) ++ thread_id = g_strdup_printf ("%d", (gint) syscall (SYS_gettid)); + g_log_structured ("udisks", (GLogLevelFlags) level, +- "MESSAGE", "%s", message, "THREAD_ID", "%d", (gint) syscall (SYS_gettid), +- "CODE_FUNC", function, "CODE_FILE", location); ++ "THREAD_ID", thread_id, ++ "CODE_FUNC", function, "CODE_FILE", location, ++ "MESSAGE", "%s", message); ++ g_free (thread_id); + #else + g_log ("udisks", level, "[%d]: %s [%s, %s()]", (gint) syscall (SYS_gettid), message, location, function); + #endif diff --git a/SOURCES/udisks-2.8.2-udisksctl-manpage-update.patch b/SOURCES/udisks-2.8.2-udisksctl-manpage-update.patch new file mode 100644 index 0000000..c496b83 --- /dev/null +++ b/SOURCES/udisks-2.8.2-udisksctl-manpage-update.patch @@ -0,0 +1,243 @@ +From ae41997ebc01621c40e74a7fd29cd93b8f7fc790 Mon Sep 17 00:00:00 2001 +From: Vojtech Trefny +Date: Mon, 10 Dec 2018 10:43:44 +0100 +Subject: [PATCH] man: Describe command options in the udisksctl man page + +Added short description for the "device" options (--object-path +and --block-device) and for options for specific commands. + +Resolves: rhbz#1568269 +--- + doc/man/udisksctl.xml.in | 157 +++++++++++++++++++++++++++++++++++++-- + 1 file changed, 149 insertions(+), 8 deletions(-) + +diff --git a/doc/man/udisksctl.xml.in b/doc/man/udisksctl.xml.in +index 41a1410d3..3ecbafe99 100644 +--- a/doc/man/udisksctl.xml.in ++++ b/doc/man/udisksctl.xml.in +@@ -34,6 +34,7 @@ + + --object-path OBJECT + --block-device DEVICE ++ --drive DRIVE + + + +@@ -168,8 +169,9 @@ + + + Shows detailed information about +- OBJECT or +- DEVICE. ++ OBJECT, ++ DEVICE or ++ DRIVE. + + + +@@ -179,21 +181,40 @@ + + + Mounts a device. The device will be mounted in a +- subdirectory in the /media hierarchy ++ subdirectory in the /run/media hierarchy + - upon successful completion, the mount point will be + printed to standard output. + +- ++ ++ ++ ++ ++ ++ ++ ++ Filesystem type to use. If not specified, autodetected filesystem ++ type will be used. ++ ++ ++ ++ ++ ++ ++ ++ ++ + The device will be mounted with a safe set of default + options. You can influence the options passed to the + mount8 +- command with . Note that only ++ command using this option. Note that only + safe options are allowed - requests with inherently unsafe + options such as suid or + dev that would allow the caller to + gain additional privileges, are rejected. +- +- ++ ++ ++ ++ + + + +@@ -206,6 +227,18 @@ + references exists. + + ++ ++ ++ ++ ++ ++ ++ Lazy unmount. Detach the filesystem from the file hierarchy ++ now, and clean up all references to this filesystem as soon ++ as it is not busy anymore. ++ ++ ++ + + + +@@ -218,6 +251,15 @@ + printed to standard output. + + ++ ++ ++ ++ ++ ++ Read passphrase from the given file. ++ ++ ++ + + + +@@ -237,6 +279,48 @@ + Sets up a loop device backed by FILE. + + ++ ++ ++ ++ ++ ++ ++ File to set up a loop device for. ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ Set up a read-only loop device. ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ The data start is moved OFFSET bytes ++ into the specified file. ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ The data end is set to no more than SIZE ++ bytes after the data start. ++ ++ ++ + + + +@@ -285,6 +369,16 @@ + a disk is failing. + + ++ ++ ++ ++ ++ ++ ++ File with the libatasmart blob. ++ ++ ++ + + + +@@ -311,10 +405,57 @@ + + + ++ ++ DEVICE SPECIFICATION ++ ++ For commands that require a device as an argument following options ++ can be used to specify it. ++ ++ ++ ++ ++ ++ ++ ++ ++ Specify a device by its device file path. For example ++ /dev/sda. ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ Specify a device by the UDisks internal object path without the ++ /org/freedesktop/UDisks2 prefix. For example ++ block_devices/sda ++ for the /dev/sda disk. ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ Specify a drive by name, for example VirtIO_Disk. ++ This can be currently used only together with the ++ command. ++ ++ ++ ++ ++ ++ ++ + + COMMON OPTIONS + +- The option can be used ++ The option can be used + to request that no interaction (such as the user being + presented with an authentication dialog) must occur when + checking with diff --git a/SPECS/udisks2.spec b/SPECS/udisks2.spec index de77c20..d398430 100644 --- a/SPECS/udisks2.spec +++ b/SPECS/udisks2.spec @@ -14,7 +14,7 @@ Name: udisks2 Summary: Disk Manager Version: 2.7.3 -Release: 8%{?dist} +Release: 9%{?dist} License: GPLv2+ Group: System Environment/Libraries URL: https://github.com/storaged-project/udisks @@ -30,6 +30,21 @@ Patch6: tests_distro_check_1508385.patch Patch7: tests_dont_skip_1511974.patch Patch8: tests_add_targetcli_config_1511986.patch Patch9: udisks-2.7.4-bd_dep_check.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1672664 +# Package udisks2-lsm +Patch10: lsm-relicense.patch +Patch11: lsm_local-gerror.patch +Patch12: lsm-complete-led_control-call.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1643350 +# udisksd core dump +Patch13: udisks-2.7.7-g_source_remove.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1637427 +# CVE-2018-17336 Format string vulnerability in udisks_log in udiskslogging.c +Patch14: udisks-2.8.1-string-format-vulnerability_CVE-2018-17336.patch +Patch15: udisks-2.8.2-THREAD_ID-logging.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1568269 +# man page improvement for udisksctl +Patch16: udisks-2.8.2-udisksctl-manpage-update.patch BuildRequires: glib2-devel >= %{glib2_version} BuildRequires: gobject-introspection-devel >= %{gobject_introspection_version} @@ -132,6 +147,20 @@ Obsoletes: storaged-lvm2 %description -n %{name}-lvm2 This package contains module for LVM2 configuration. +%package -n %{name}-lsm +Summary: Module for LSM +Group: System Environment/Libraries +Requires: %{name}%{?_isa} = %{version}-%{release} +License: LGPLv2+ +Requires: libstoragemgmt +BuildRequires: libstoragemgmt-devel +BuildRequires: libconfig-devel +Provides: storaged-lsm = %{version}-%{release} +Obsoletes: storaged-lsm + +%description -n %{name}-lsm +This package contains module for LSM configuration. + %package -n lib%{name}-devel Summary: Development files for lib%{name} Group: Development/Libraries @@ -155,6 +184,13 @@ dynamic library, which provides access to the udisksd daemon. %patch7 -p1 %patch8 -p1 %patch9 -p1 +%patch10 -p1 +%patch11 -p1 +%patch12 -p1 +%patch13 -p1 +%patch14 -p1 +%patch15 -p1 +%patch16 -p1 %build autoreconf -ivf @@ -166,6 +202,7 @@ export LDFLAGS='-pie -Wl,-z,now -Wl,-z,relro' --sysconfdir=/etc \ --enable-iscsi \ --enable-lvm2 \ + --enable-lsm \ %if %{with_gtk_doc} --enable-gtk-doc %else @@ -248,6 +285,13 @@ udevadm trigger %{_libdir}/udisks2/modules/libudisks2_lvm2.so %{_datadir}/polkit-1/actions/org.freedesktop.UDisks2.lvm2.policy +%files -n %{name}-lsm +%dir %{_sysconfdir}/udisks2/modules.conf.d +%{_libdir}/udisks2/modules/libudisks2_lsm.so +%{_mandir}/man5/udisks2_lsm.conf.* +%{_datadir}/polkit-1/actions/org.freedesktop.UDisks2.lsm.policy +%attr(0600,root,root) %{_sysconfdir}/udisks2/modules.conf.d/udisks2_lsm.conf + %files -n %{name}-iscsi %{_libdir}/udisks2/modules/libudisks2_iscsi.so %{_datadir}/polkit-1/actions/org.freedesktop.UDisks2.iscsi.policy @@ -266,6 +310,12 @@ udevadm trigger # Note: please don't forget the %{?dist} in the changelog. Thanks %changelog +* Thu Feb 28 2019 Tomas Bzatek - 2.7.3-9 +- Build udisks2-lsm subpackage (#1672664) +- Fix sigint source removal on daemon exit (#1643350) +- CVE-2018-17336: Fix format string vulnerability in udisks_log (#1637427) +- Describe command options in the udisksctl man page (#1568269) + * Tue Jul 10 2018 Tomas Bzatek - 2.7.3-8 - Fix too strict libblockdev runtime dependency checks Resolves: rhbz#1598430