tqma6-yocto-mirror/sources/meta-openembedded/meta-oe/recipes-extended/libblockdev/files/CVE-2025-6019.patch

From b2e9c16c726f62e500241617f8f3a03aa658fbe3 Mon Sep 17 00:00:00 2001
From: Thomas Blume <Thomas.Blume@suse.com>
Date: Fri, 16 May 2025 14:27:10 +0200
Subject: [PATCH] Don't allow suid and dev set on fs resize

Fixes: CVE-2025-6019

CVE: CVE-2025-6019
Upstream-Status: Backport [ https://github.com/storaged-project/libblockdev/commit/46b54414f66e965e3c37f8f51e621f96258ae22e ]

Signed-off-by: Changqing Li <changqing.li@windriver.com>
---
 src/plugins/fs/generic.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/plugins/fs/generic.c b/src/plugins/fs/generic.c
index 2b2180aa..60f7d75e 100644
--- a/src/plugins/fs/generic.c
+++ b/src/plugins/fs/generic.c
@@ -661,7 +661,7 @@ static gchar* fs_mount (const gchar *device, gchar *fstype, gboolean read_only,
                              "Failed to create temporary directory for mounting '%s'.", device);
                 return NULL;
             }
-            ret = bd_fs_mount (device, mountpoint, fstype, read_only ? "ro" : NULL, NULL, &l_error);
+            ret = bd_fs_mount (device, mountpoint, fstype, read_only ? "nosuid,nodev,ro" : "nosuid,nodev", NULL, &l_error);
             if (!ret) {
                 g_propagate_prefixed_error (error, l_error, "Failed to mount '%s': ", device);
                 g_rmdir (mountpoint);
-- 
2.34.1