sources/meta-openembedded/meta-oe/recipes-support/udisks/udisks2/CVE-2025-6019.patch

From d0d04a381036b79df91616552706d515639bb762 Mon Sep 17 00:00:00 2001
From: Tomas Bzatek <tbzatek@redhat.com>
Date: Wed, 4 Jun 2025 15:26:46 +0200
Subject: [PATCH] udiskslinuxfilesystemhelpers: Mount private mounts with
 'nodev,nosuid'

The private mount done in take_filesystem_ownership() should always
default to 'nodev,nosuid' for security and 'errors=remount-ro' for
selected filesystem types to handle an corrupted filesystem. This is
consistent with mount options calculation for regular mounts.

CVE: CVE-2025-6019
Upstream-Status: Backport [ https://github.com/storaged-project/udisks/commit/5e7277debea926370e587408517560afe87d28c9 ]

Signed-off-by: Changqing Li <changqing.li@windriver.com>
---
 src/udiskslinuxfilesystemhelpers.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/udiskslinuxfilesystemhelpers.c b/src/udiskslinuxfilesystemhelpers.c
index 7c5fc037..9eb7742c 100644
--- a/src/udiskslinuxfilesystemhelpers.c
+++ b/src/udiskslinuxfilesystemhelpers.c
@@ -123,6 +123,7 @@ take_filesystem_ownership (const gchar  *device,
 
 {
   gchar *mountpoint = NULL;
+  const gchar *mount_opts;
   GError *local_error = NULL;
   gboolean unmount = FALSE;
   gboolean success = TRUE;
@@ -151,8 +152,15 @@ take_filesystem_ownership (const gchar  *device,
               goto out;
             }
 
+          mount_opts = "nodev,nosuid";
+          if (g_strcmp0 (fstype, "ext2") == 0 ||
+              g_strcmp0 (fstype, "ext3") == 0 ||
+              g_strcmp0 (fstype, "ext4") == 0 ||
+              g_strcmp0 (fstype, "jfs") == 0)
+            mount_opts = "nodev,nosuid,errors=remount-ro";
+
           /* TODO: mount to a private mount namespace */
-          if (!bd_fs_mount (device, mountpoint, fstype, NULL, NULL, &local_error))
+          if (!bd_fs_mount (device, mountpoint, fstype, mount_opts, NULL, &local_error))
             {
               g_set_error (error, UDISKS_ERROR, UDISKS_ERROR_FAILED,
                            "Cannot mount %s at %s: %s",
-- 
2.34.1
Complete Yocto mirror with license table for TQMa6UL (2038-compliance) - 264 license table entries with exact download URLs (224/264 resolved) - Complete sources/ directory with all BitBake recipes - Build configuration: tqma6ul-multi-mba6ulx, spaetzle (musl) - Full traceability for Softwarefreigabeantrag - GCC 13.4.0, Linux 6.6.102, U-Boot 2023.04, musl 1.2.4 - License distribution: GPL-2.0 (24), MIT (23), GPL-2.0+ (18), BSD-3 (16) 2026-03-01 20:58:18 +00:00			`From d0d04a381036b79df91616552706d515639bb762 Mon Sep 17 00:00:00 2001`
			`From: Tomas Bzatek <tbzatek@redhat.com>`
			`Date: Wed, 4 Jun 2025 15:26:46 +0200`
			`Subject: [PATCH] udiskslinuxfilesystemhelpers: Mount private mounts with`
			`'nodev,nosuid'`

			`The private mount done in take_filesystem_ownership() should always`
			`default to 'nodev,nosuid' for security and 'errors=remount-ro' for`
			`selected filesystem types to handle an corrupted filesystem. This is`
			`consistent with mount options calculation for regular mounts.`

			`CVE: CVE-2025-6019`
			`Upstream-Status: Backport [ https://github.com/storaged-project/udisks/commit/5e7277debea926370e587408517560afe87d28c9 ]`

			`Signed-off-by: Changqing Li <changqing.li@windriver.com>`
			`---`
			`src/udiskslinuxfilesystemhelpers.c \| 10 +++++++++-`
			`1 file changed, 9 insertions(+), 1 deletion(-)`

			`diff --git a/src/udiskslinuxfilesystemhelpers.c b/src/udiskslinuxfilesystemhelpers.c`
			`index 7c5fc037..9eb7742c 100644`
			`--- a/src/udiskslinuxfilesystemhelpers.c`
			`+++ b/src/udiskslinuxfilesystemhelpers.c`
			`@@ -123,6 +123,7 @@ take_filesystem_ownership (const gchar *device,`

			`{`
			`gchar *mountpoint = NULL;`
			`+ const gchar *mount_opts;`
			`GError *local_error = NULL;`
			`gboolean unmount = FALSE;`
			`gboolean success = TRUE;`
			`@@ -151,8 +152,15 @@ take_filesystem_ownership (const gchar *device,`
			`goto out;`
			`}`

			`+ mount_opts = "nodev,nosuid";`
			`+ if (g_strcmp0 (fstype, "ext2") == 0 \|\|`
			`+ g_strcmp0 (fstype, "ext3") == 0 \|\|`
			`+ g_strcmp0 (fstype, "ext4") == 0 \|\|`
			`+ g_strcmp0 (fstype, "jfs") == 0)`
			`+ mount_opts = "nodev,nosuid,errors=remount-ro";`
			`+`
			`/* TODO: mount to a private mount namespace */`
			`- if (!bd_fs_mount (device, mountpoint, fstype, NULL, NULL, &local_error))`
			`+ if (!bd_fs_mount (device, mountpoint, fstype, mount_opts, NULL, &local_error))`
			`{`
			`g_set_error (error, UDISKS_ERROR, UDISKS_ERROR_FAILED,`
			`"Cannot mount %s at %s: %s",`
			`--`
			`2.34.1`