From 55632b1e141682b5a30537f794cac7d0a0b9d748 Mon Sep 17 00:00:00 2001
From: Tomas Bzatek <tbzatek@redhat.com>
Date: Thu, 27 Mar 2014 14:51:46 +0100
Subject: [PATCH] Update to 2.1.3

---
 .gitignore                       |  1 +
 sources                          |  2 +-
 udisks-2.x.x-CVE-2014-0004.patch | 96 --------------------------------
 udisks2.spec                     | 10 ++--
 4 files changed, 7 insertions(+), 102 deletions(-)
 delete mode 100644 udisks-2.x.x-CVE-2014-0004.patch

diff --git a/.gitignore b/.gitignore
index d9182ac..2669ef1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -15,3 +15,4 @@
 /udisks-2.1.0.tar.bz2
 /udisks-2.1.1.tar.bz2
 /udisks-2.1.2.tar.bz2
+/udisks-2.1.3.tar.bz2
diff --git a/sources b/sources
index d61ec8d..56dded2 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-bc5c4dc209f517e15b655302b028e3e6  udisks-2.1.2.tar.bz2
+f2c793f839058371d1e93a654199438d  udisks-2.1.3.tar.bz2
diff --git a/udisks-2.x.x-CVE-2014-0004.patch b/udisks-2.x.x-CVE-2014-0004.patch
deleted file mode 100644
index 5794dfd..0000000
--- a/udisks-2.x.x-CVE-2014-0004.patch
+++ /dev/null
@@ -1,96 +0,0 @@
-From 4cd35a8db2c6a0b94218a89cb183f50e8550de0e Mon Sep 17 00:00:00 2001
-From: David Zeuthen <zeuthen@gmail.com>
-Date: Wed, 12 Feb 2014 20:01:41 -0800
-Subject: [PATCH] CVE-2014-0004: Stack-based buffer overflow when handling long
- path names
-
-Fix this by being more careful when parsing strings.
-
-Acknowledgements: This issue was discovered by Florian Weimer of the
-Red Hat Product Security Team.
-
-Signed-off-by: David Zeuthen <zeuthen@gmail.com>
----
- src/udisksmountmonitor.c | 21 +++++++++++++--------
- 1 file changed, 13 insertions(+), 8 deletions(-)
-
-diff --git a/src/udisksmountmonitor.c b/src/udisksmountmonitor.c
-index 8af1028..77cf94c 100644
---- a/src/udisksmountmonitor.c
-+++ b/src/udisksmountmonitor.c
-@@ -416,8 +416,8 @@ udisks_mount_monitor_get_mountinfo (UDisksMountMonitor  *monitor,
-       guint mount_id;
-       guint parent_id;
-       guint major, minor;
--      gchar encoded_root[PATH_MAX];
--      gchar encoded_mount_point[PATH_MAX];
-+      gchar encoded_root[4096];
-+      gchar encoded_mount_point[4096];
-       gchar *mount_point;
-       dev_t dev;
- 
-@@ -425,7 +425,7 @@ udisks_mount_monitor_get_mountinfo (UDisksMountMonitor  *monitor,
-         continue;
- 
-       if (sscanf (lines[n],
--                  "%d %d %d:%d %s %s",
-+                  "%d %d %d:%d %4095s %4095s",
-                   &mount_id,
-                   &parent_id,
-                   &major,
-@@ -436,6 +436,8 @@ udisks_mount_monitor_get_mountinfo (UDisksMountMonitor  *monitor,
-           udisks_warning ("Error parsing line '%s'", lines[n]);
-           continue;
-         }
-+      encoded_root[sizeof encoded_root - 1] = '\0';
-+      encoded_mount_point[sizeof encoded_mount_point - 1] = '\0';
- 
-       /* Temporary work-around for btrfs, see
-        *
-@@ -450,15 +452,17 @@ udisks_mount_monitor_get_mountinfo (UDisksMountMonitor  *monitor,
-           sep = strstr (lines[n], " - ");
-           if (sep != NULL)
-             {
--              gchar fstype[PATH_MAX];
--              gchar mount_source[PATH_MAX];
-+              gchar fstype[4096];
-+              gchar mount_source[4096];
-               struct stat statbuf;
- 
--              if (sscanf (sep + 3, "%s %s", fstype, mount_source) != 2)
-+              if (sscanf (sep + 3, "%4095s %4095s", fstype, mount_source) != 2)
-                 {
-                   udisks_warning ("Error parsing things past - for '%s'", lines[n]);
-                   continue;
-                 }
-+              fstype[sizeof fstype - 1] = '\0';
-+              mount_source[sizeof mount_source - 1] = '\0';
- 
-               if (g_strcmp0 (fstype, "btrfs") != 0)
-                 continue;
-@@ -546,7 +550,7 @@ udisks_mount_monitor_get_swaps (UDisksMountMonitor  *monitor,
-   lines = g_strsplit (contents, "\n", 0);
-   for (n = 0; lines[n] != NULL; n++)
-     {
--      gchar filename[PATH_MAX];
-+      gchar filename[4096];
-       struct stat statbuf;
-       dev_t dev;
- 
-@@ -557,11 +561,12 @@ udisks_mount_monitor_get_swaps (UDisksMountMonitor  *monitor,
-       if (strlen (lines[n]) == 0)
-         continue;
- 
--      if (sscanf (lines[n], "%s", filename) != 1)
-+      if (sscanf (lines[n], "%4095s", filename) != 1)
-         {
-           udisks_warning ("Error parsing line '%s'", lines[n]);
-           continue;
-         }
-+      filename[sizeof filename - 1] = '\0';
- 
-       if (stat (filename, &statbuf) != 0)
-         {
--- 
-1.8.5.3
-
diff --git a/udisks2.spec b/udisks2.spec
index 4b6470c..4365698 100644
--- a/udisks2.spec
+++ b/udisks2.spec
@@ -7,14 +7,12 @@
 
 Summary: Disk Manager
 Name: udisks2
-Version: 2.1.2
-Release: 2%{?dist}
+Version: 2.1.3
+Release: 1%{?dist}
 License: GPLv2+
 Group: System Environment/Libraries
 URL: http://www.freedesktop.org/wiki/Software/udisks
 Source0: http://udisks.freedesktop.org/releases/udisks-%{version}.tar.bz2
-# https://bugzilla.redhat.com/show_bug.cgi?id=1074459
-Patch1: udisks-2.x.x-CVE-2014-0004.patch
 
 BuildRequires: glib2-devel >= %{glib2_version}
 BuildRequires: gobject-introspection-devel >= %{gobject_introspection_version}
@@ -93,7 +91,6 @@ daemon. This package is for the udisks 2.x series.
 
 %prep
 %setup -q -n udisks-%{version}
-%patch1 -p1
 
 %build
 # we can't use _hardened_build here, see
@@ -157,6 +154,9 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.a
 
 # Note: please don't forget the %{?dist} in the changelog. Thanks
 %changelog
+* Thu Mar 27 2014 Tomas Bzatek <tbzatek@redhat.com> - 2.1.3-1%{?dist}
+- Update to 2.1.3
+
 * Mon Mar 10 2014 Jan Safranek <jsafrane@redhat.com>- 2.1.2-2%{?dist}
 - Fix CVE-2014-0004: stack-based buffer overflow when handling long path names
   (#1074459)