rpms/udisks2
7
0
Fork 1
Code Issues Pull Requests Releases Activity

import OL udisks2-2.10.90-6.0.1.el10_1.1

Browse Source
This commit is contained in:
AlmaLinux RelEng Bot 2026-03-04 05:20:57 -05:00
parent 47b9f2f660
commit 2f3820e366
10 changed files with 144 additions and 114 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.fmf/version
View File

@ -1 +0,0 @@
1

24
.gitignore vendored
View File

@ -1,23 +1 @@
/udisks-2.6.4.tar.bz2
/udisks-2.6.5.tar.bz2
/udisks-2.7.0.tar.bz2
/udisks-2.7.1.tar.bz2
/udisks-2.7.2.tar.bz2
/udisks-2.7.3.tar.bz2
/udisks-2.7.4.tar.bz2
/udisks-2.7.5.tar.bz2
/udisks-2.7.6.tar.bz2
/udisks-2.7.7.tar.bz2
/udisks-2.8.0.tar.bz2
/udisks-2.8.1.tar.bz2
/udisks-2.8.2.tar.bz2
/udisks-2.8.4.tar.bz2
/udisks-2.9.0.tar.bz2
/udisks-2.9.1.tar.bz2
/udisks-2.9.2.tar.bz2
/udisks-2.9.3.tar.bz2
/udisks-2.9.4.tar.bz2
/udisks-2.10.0.tar.bz2
/udisks-2.10.1.tar.bz2
/udisks-2.10.90.gitdb54112e.tar.bz2
/udisks-2.10.90.tar.bz2
udisks-2.10.90.tar.bz2

1
ci.fmf
View File

@ -1 +0,0 @@
resultsdb-testcase: separate

6
gating.yaml
View File

@ -1,6 +0,0 @@
--- !Policy
product_versions:
- rhel-10
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: osci.brew-build./plans/udisks2.functional}

2
plans/env.yaml
View File

@ -1,2 +0,0 @@
---
xversion: '2.10.90'

75
plans/udisks2.fmf
View File

@ -1,75 +0,0 @@
summary: udisks2 gating tests
environment-file:
- plans/env.yaml
prepare:
how: install
package:
- rpm-build
- dbus-daemon
- python3-blivet
- python3-bytesize
- python3-systemd
- targetcli
- smartmontools
- xfsprogs
- dosfstools
- e2fsprogs
- cryptsetup
- python3-six
- sqlite
- libstoragemgmt
- python3-libstoragemgmt
- udisks2-iscsi
- udisks2-lsm
- udisks2-lvm2
- nvme-cli
- nvmetcli
- vdo
discover:
how: shell
url: https://gitlab.com/redhat/centos-stream/rpms/udisks2.git
ref: c10s
dist-git-source: true
dist-git-install-builddeps: true
tests:
- name: regression tests
test: |
set -x
if [ -z "$PKG_VER" ]; then
PKG_VER=`rpmspec -q --srpm --qf "%{version}" udisks2.spec`
fi
if [ -z "$PKG_VER" ]; then
echo "Error: Unable to extract package version"
exit 1
fi
pushd "$TMT_SOURCE_DIR/udisks-$PKG_VER"
find -path './src/tests/*.py' -or -path './src/tests/integration-test' | while read i; do sed -e 's/time\\.sleep(/time.sleep(5*/' -i "$i"; done
echo "UDISKS_MODULES_ENABLED = { 'lvm2', 'iscsi', 'lsm' }" > src/tests/dbus-tests/config_h.py
echo "PACKAGE_SYSCONF_DIR = '/etc/'" >> src/tests/dbus-tests/config_h.py
sed -i src/tests/dbus-tests/udiskstestcase.py -e "s!flight_record.log!$TMT_TEST_DATA/flight_record.log!"
sed -i src/tests/dbus-tests/run_tests.py -e "s!journaldump.log!$TMT_TEST_DATA/journaldump.log!"
# prepare system services
systemctl restart libstoragemgmt.service
systemctl restart iscsi-init.service
systemctl restart udisks2.service
udisksctl dump &> "$TMT_TEST_DATA/pre-udisksctl_dump.log"
# d-bus test
targetcli clearconfig confirm=True
python3 src/tests/dbus-tests/run_tests.py --system
targetcli clearconfig confirm=True
# integration test
pushd src/tests
python3 ./integration-test --log-file="$TMT_TEST_DATA/integration-tests.log" 2>&1
popd
execute:
- how: tmt
adjust:
enabled: false
when: distro == fedora
because: They don't have access to internal repos.

1
udisks-2.10.91-manager_loopsetup_fd_bounds.patch
View File

@ -27,4 +27,3 @@ index 4e633284..887771ee 100644
--
2.43.0

54
udisks-2.11.1-polkit_HeaderBackup.patch Normal file
View File

@ -0,0 +1,54 @@
From d7936871bf234b939548cd060d42a6a275b23e38 Mon Sep 17 00:00:00 2001
From: Tomas Bzatek <tbzatek@redhat.com>
Date: Fri, 13 Feb 2026 17:07:53 +0100
Subject: [PATCH] udiskslinuxencrypted: Add missing polkit check for
HeaderBackup()
The handle_header_backup() method call handler was missing a polkit
authorization check, allowing unprivileged local users to freely invoke
this D-Bus method.
CVE-ID: CVE-2026-26104
Reported-by: Asim Viladi Oglu Manizada <manizada@pm.me>
---
src/udiskslinuxencrypted.c | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/src/udiskslinuxencrypted.c b/src/udiskslinuxencrypted.c
index 7d9176d3..dd7664cc 100644
--- a/src/udiskslinuxencrypted.c
+++ b/src/udiskslinuxencrypted.c
@@ -1371,6 +1371,7 @@ handle_header_backup (UDisksEncrypted *encrypted,
UDisksBlock *block;
UDisksDaemon *daemon;
UDisksState *state = NULL;
+ const gchar *action_id;
uid_t caller_uid;
GError *error = NULL;
UDisksBaseJob *job = NULL;
@@ -1407,6 +1408,24 @@ handle_header_backup (UDisksEncrypted *encrypted,
goto out;
}
+ action_id = "org.freedesktop.udisks2.open-device";
+ if (udisks_block_get_hint_system (block))
+ action_id = "org.freedesktop.udisks2.open-device-system";
+
+ if (!udisks_daemon_util_check_authorization_sync (daemon,
+ object,
+ action_id,
+ options,
+ /* Translators: Shown in authentication dialog when backing up
+ * a LUKS header of a device.
+ *
+ * Do not translate $(device.name), it's a placeholder and will
+ * be replaced by the name of the drive/device in question
+ */
+ N_("Authentication is required to back up the encrypted header of $(device.name)"),
+ invocation))
+ goto out;
+
job = udisks_daemon_launch_simple_job (daemon,
UDISKS_OBJECT (object),
"encrypted-header-backup",

63
udisks-2.11.1-polkit_RestoreEncryptedHeader.patch Normal file
View File

@ -0,0 +1,63 @@
From ffb4f69e801be65a523f19746113d409bb45ab4e Mon Sep 17 00:00:00 2001
From: Tomas Bzatek <tbzatek@redhat.com>
Date: Fri, 13 Feb 2026 16:11:54 +0100
Subject: [PATCH] udiskslinuxblock: Add missing polkit check for
RestoreEncryptedHeader()
The handle_restore_encrypted_header() method call handler was missing
a polkit authorization check, allowing unprivileged local users to freely
invoke this D-Bus method.
CVE-ID: CVE-2026-26103
Reported-by: Asim Viladi Oglu Manizada <manizada@pm.me>
---
src/udiskslinuxblock.c | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
diff --git a/src/udiskslinuxblock.c b/src/udiskslinuxblock.c
index 174efe2a..55703f92 100644
--- a/src/udiskslinuxblock.c
+++ b/src/udiskslinuxblock.c
@@ -4244,6 +4244,7 @@ handle_restore_encrypted_header (UDisksBlock *encrypted,
UDisksBlock *block;
UDisksDaemon *daemon;
UDisksState *state = NULL;
+ const gchar *action_id;
uid_t caller_uid;
GError *error = NULL;
UDisksBaseJob *job = NULL;
@@ -4268,6 +4269,33 @@ handle_restore_encrypted_header (UDisksBlock *encrypted,
goto out;
}
+ action_id = "org.freedesktop.udisks2.modify-device";
+ if (!udisks_daemon_util_setup_by_user (daemon, object, caller_uid))
+ {
+ if (udisks_block_get_hint_system (block))
+ {
+ action_id = "org.freedesktop.udisks2.modify-device-system";
+ }
+ else if (!udisks_daemon_util_on_user_seat (daemon, object, caller_uid))
+ {
+ action_id = "org.freedesktop.udisks2.modify-device-other-seat";
+ }
+ }
+
+ if (!udisks_daemon_util_check_authorization_sync (daemon,
+ object,
+ action_id,
+ options,
+ /* Translators: Shown in authentication dialog when restoring
+ * a LUKS header on a device.
+ *
+ * Do not translate $(device.name), it's a placeholder and will
+ * be replaced by the name of the drive/device in question
+ */
+ N_("Authentication is required to restore the encrypted header on $(device.name)"),
+ invocation))
+ goto out;
+
job = udisks_daemon_launch_simple_job (daemon,
UDISKS_OBJECT (object),
"block-restore-encrypted-header",

31
udisks2.spec
View File

@ -14,16 +14,26 @@
%define git_hash %(git log -1 --pretty=format:"%h" || true)
%define build_date %(date '+%Y%m%d')
%define ol_btrfs_arches x86_64 aarch64
# btrfs is not available on RHEL
%if 0%{?rhel}
%define with_btrfs 0
%endif
# enable btrfs support for OL supported arches
%if 0%{?oraclelinux}
%ifarch %{ol_btrfs_arches}
%define with_btrfs 1
%else
%define with_btrfs 0
%endif
%endif
Name: udisks2
Summary: Disk Manager
Version: 2.10.90
Release: 5%{?dist}.1
Release: 6.0.1%{?dist}.1
License: GPL-2.0-or-later
URL: https://github.com/storaged-project/udisks
Source0: https://github.com/storaged-project/udisks/releases/download/udisks-%{version}/udisks-%{version}.tar.bz2
@ -32,8 +42,12 @@ Source0: https://github.com/storaged-project/udisks/releases/download/udisks-%{v
Patch0: udisks-2.11.0-lvm2-unused_device_detection-try_harder.patch
# https://issues.redhat.com/browse/RHEL-74012
Patch1: udisks-2.11.0-mdraid-inhibit-locks.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2388623
Patch2: udisks-2.10.91-manager_loopsetup_fd_bounds.patch
# https://issues.redhat.com/browse/RHEL-109406
Patch2: udisks-2.10.91-manager_loopsetup_fd_bounds.patch
# https://issues.redhat.com/browse/RHEL-148565
Patch3: udisks-2.11.1-polkit_RestoreEncryptedHeader.patch
# https://issues.redhat.com/browse/RHEL-148588
Patch4: udisks-2.11.1-polkit_HeaderBackup.patch
BuildRequires: make
BuildRequires: glib2-devel >= %{glib2_version}
@ -341,8 +355,15 @@ fi
%endif
%changelog
* Tue Sep 02 2025 Darren Archibald <darren.archibald@oracle.com> - 2.10.90-5.1
- udisks: Out-of-bounds read in UDisks Daemon (CVE-2025-8067)
* Sun Mar 01 2026 EL Errata <el-errata_ww@oracle.com> - 2.10.90-6.0.1.el10_1.1
- Enable btrfs support for OL supported arches [Orabug: 37464632]
* Fri Feb 13 2026 Tomas Bzatek <tbzatek@redhat.com> - 2.10.90-6.1
- Add missing polkit check for RestoreEncryptedHeader() (CVE-2026-26103) (RHEL-148565)
- Add missing polkit check for HeaderBackup() (CVE-2026-26104) (RHEL-148588)
* Tue Sep 02 2025 Tomas Bzatek <tbzatek@redhat.com> - 2.10.90-6
- udiskslinuxmanager: Add lower bounds check to fd_index (CVE-2025-8067) (RHEL-109406)
* Fri Jan 24 2025 Tomas Bzatek <tbzatek@redhat.com> - 2.10.90-5
- mdraid: Avoid acquiring system inhibit lock for external array operations (RHEL-74012)