From c0c6b446a67143fc3a6c67a4900d55b1b38fa4b9 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Tue, 16 May 2023 06:04:08 +0000
Subject: [PATCH] import udisks2-2.9.0-13.el8

---
 ...2.10.0-block_format_ata_secure_erase.patch | 60 +++++++++++++++++++
 SOURCES/udisks-2.10.0-iscsi-auth-info.patch   | 29 +++++++++
 ...-2.10.0-iscsi_test_05_restart_iscsid.patch | 42 +++++++++++++
 SPECS/udisks2.spec                            | 23 ++++++-
 4 files changed, 153 insertions(+), 1 deletion(-)
 create mode 100644 SOURCES/udisks-2.10.0-block_format_ata_secure_erase.patch
 create mode 100644 SOURCES/udisks-2.10.0-iscsi-auth-info.patch
 create mode 100644 SOURCES/udisks-2.10.0-iscsi_test_05_restart_iscsid.patch

diff --git a/SOURCES/udisks-2.10.0-block_format_ata_secure_erase.patch b/SOURCES/udisks-2.10.0-block_format_ata_secure_erase.patch
new file mode 100644
index 0000000..3ad878d
--- /dev/null
+++ b/SOURCES/udisks-2.10.0-block_format_ata_secure_erase.patch
@@ -0,0 +1,60 @@
+From eb917d346bc8592924c5f6566b01841176c53c8c Mon Sep 17 00:00:00 2001
+From: Tomas Bzatek <tbzatek@redhat.com>
+Date: Mon, 22 Aug 2022 16:27:11 +0200
+Subject: [PATCH] udiskslinuxblock: Only permit ATA Secure Erase during
+ Format() on a whole block device
+
+ATA Secure Erase requested as an option to the Format() method call used
+to perform the actual erase on a whole drive object it looked up. When
+Format() was called on a partition, this led to data loss on a whole drive.
+This commit adds a safeguard to check that the Format() is requested
+on a whole block device.
+
+Severity of this issue was slightly lowered by a failure to submit
+the ATA Secure erase command in case some filesystem was mounted
+at that point.
+---
+ src/udiskslinuxblock.c | 16 ++++++++++++++++
+ 1 file changed, 16 insertions(+)
+
+diff --git a/src/udiskslinuxblock.c b/src/udiskslinuxblock.c
+index d1da94edf..db0ed2bf6 100644
+--- a/src/udiskslinuxblock.c
++++ b/src/udiskslinuxblock.c
+@@ -2354,6 +2354,7 @@ erase_ata_device (UDisksBlock   *block,
+ {
+   gboolean ret = FALSE;
+   UDisksObject *drive_object = NULL;
++  UDisksLinuxBlockObject *block_object = NULL;
+   UDisksDriveAta *ata = NULL;
+ 
+   drive_object = udisks_daemon_find_object (daemon, udisks_block_get_drive (block));
+@@ -2369,6 +2370,20 @@ erase_ata_device (UDisksBlock   *block,
+       goto out;
+     }
+ 
++  /* Reverse check to ensure we're erasing whole block device and not a partition */
++  block_object = udisks_linux_drive_object_get_block (UDISKS_LINUX_DRIVE_OBJECT (drive_object), FALSE /* get_hw */);
++  if (block_object == NULL)
++    {
++      g_set_error (error, UDISKS_ERROR, UDISKS_ERROR_FAILED, "Couldn't find a block device for the drive to erase");
++      goto out;
++    }
++  if (g_strcmp0 (g_dbus_object_get_object_path (G_DBUS_OBJECT (object)),
++                 g_dbus_object_get_object_path (G_DBUS_OBJECT (block_object))) != 0)
++    {
++      g_set_error (error, UDISKS_ERROR, UDISKS_ERROR_FAILED, "ATA secure erase needs to be performed on a whole block device");
++      goto out;
++    }
++
+   /* sleep a tiny bit here to avoid the secure erase code racing with
+    * programs spawned by udev
+    */
+@@ -2382,6 +2397,7 @@ erase_ata_device (UDisksBlock   *block,
+  out:
+   g_clear_object (&ata);
+   g_clear_object (&drive_object);
++  g_clear_object (&block_object);
+   return ret;
+ }
+ 
diff --git a/SOURCES/udisks-2.10.0-iscsi-auth-info.patch b/SOURCES/udisks-2.10.0-iscsi-auth-info.patch
new file mode 100644
index 0000000..633386e
--- /dev/null
+++ b/SOURCES/udisks-2.10.0-iscsi-auth-info.patch
@@ -0,0 +1,29 @@
+From 9a6e6b700b19539465ab6b241f04b94d4b3769c4 Mon Sep 17 00:00:00 2001
+From: Tomas Bzatek <tbzatek@redhat.com>
+Date: Mon, 10 Oct 2022 13:55:29 +0200
+Subject: [PATCH] iscsi: Always set auth info
+
+In case of reusing a context auth info needs to be
+always set to override previous data.
+---
+ modules/iscsi/udisksiscsiutil.c | 7 ++-----
+ 1 file changed, 2 insertions(+), 5 deletions(-)
+
+diff --git a/modules/iscsi/udisksiscsiutil.c b/modules/iscsi/udisksiscsiutil.c
+index 8fdae889c7..78890106f0 100644
+--- a/modules/iscsi/udisksiscsiutil.c
++++ b/modules/iscsi/udisksiscsiutil.c
+@@ -171,11 +171,8 @@ iscsi_perform_login_action (UDisksLinuxModuleISCSI     *module,
+   /* Get a libiscsi context. */
+   ctx = udisks_linux_module_iscsi_get_libiscsi_context (module);
+ 
+-  if (action == ACTION_LOGIN &&
+-      auth_info && auth_info->method == libiscsi_auth_chap)
+-    {
+-      libiscsi_node_set_auth (ctx, node, auth_info);
+-    }
++  if (action == ACTION_LOGIN && auth_info)
++    libiscsi_node_set_auth (ctx, node, auth_info);
+ 
+   /* Login or Logout */
+   err = action == ACTION_LOGIN ?
diff --git a/SOURCES/udisks-2.10.0-iscsi_test_05_restart_iscsid.patch b/SOURCES/udisks-2.10.0-iscsi_test_05_restart_iscsid.patch
new file mode 100644
index 0000000..eeb5e19
--- /dev/null
+++ b/SOURCES/udisks-2.10.0-iscsi_test_05_restart_iscsid.patch
@@ -0,0 +1,42 @@
+From fbe970add68e6d9d998fb7f78377368c403e200d Mon Sep 17 00:00:00 2001
+From: Tomas Bzatek <tbzatek@redhat.com>
+Date: Mon, 31 Oct 2022 15:15:31 +0100
+Subject: [PATCH] tests: Restart iscsid on every InitiatorName change
+
+The test LIO target config expects a specific initiator name as set
+by the ACLs. However the iscsid daemon only seems to be reading
+the InitiatorName string on startup and in case the service is running
+with a different name, the auth tests will fail.
+
+As a workaround, restart the iscsid service after each change.
+A proper way through libiscsi or libopeniscsiusr would be nice -> TODO.
+---
+ src/tests/dbus-tests/test_30_iscsi.py | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/src/tests/dbus-tests/test_30_iscsi.py b/src/tests/dbus-tests/test_30_iscsi.py
+index f2594d992..09e975f30 100644
+--- a/src/tests/dbus-tests/test_30_iscsi.py
++++ b/src/tests/dbus-tests/test_30_iscsi.py
+@@ -48,9 +48,21 @@ def _force_lougout(self, target):
+     def _set_initiator_name(self):
+         manager = self.get_object('/Manager')
+ 
++        # make backup of INITIATOR_FILE and restore it at the end
++        try:
++            initiatorname_backup = self.read_file(INITIATOR_FILE)
++            self.addCleanup(self.write_file, INITIATOR_FILE, initiatorname_backup)
++        except FileNotFoundError as e:
++            # no existing file, simply remove it once finished
++            self.addCleanup(self.remove_file, INITIATOR_FILE, True)
++
+         manager.SetInitiatorName(self.initiator, self.no_options,
+                                  dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
+ 
++        # running iscsid needs to be restarted to reflect the change
++        self.run_command('systemctl try-reload-or-restart iscsid.service')
++        # ignore the return code in case of non-systemd distros
++
+         init = manager.GetInitiatorName(self.no_options,
+                                         dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
+         self.assertEqual(init, self.initiator)
diff --git a/SPECS/udisks2.spec b/SPECS/udisks2.spec
index acae95f..de9e0ef 100644
--- a/SPECS/udisks2.spec
+++ b/SPECS/udisks2.spec
@@ -56,7 +56,7 @@
 Name:    udisks2
 Summary: Disk Manager
 Version: 2.9.0
-Release: 9%{?dist}
+Release: 13%{?dist}
 License: GPLv2+
 Group:   System Environment/Libraries
 URL:     https://github.com/storaged-project/udisks
@@ -65,6 +65,10 @@ Patch0:  udisks-2.9.1-teardown-needle-match.patch
 Patch1:  udisks-2.9.1-lvm_vdo-test_resize_physical-size.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1855785
 Patch2:  udisks-2.9.1-drive_ata_tests.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=2120697
+Patch3:  udisks-2.10.0-block_format_ata_secure_erase.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=2135773
+Patch4:  udisks-2.10.0-iscsi-auth-info.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1845973
 Patch10: udisks-2.9.1-daemon-Always-flush-interface-property-changes.patch
 Patch11: udisks-2.9.1-lvm2-Always-flush-interface-property-changes.patch
@@ -86,6 +90,8 @@ Patch24: udisks-2.10.0-udiskslinuxencrypted_GError.patch
 Patch25: udisks-2.10.0-udiskslinuxpartition_GError.patch
 Patch26: udisks-2.10.0-udiskslinuxpartitiontable_GError.patch
 Patch27: udisks-2.10.0-udiskslinuxfilesystem_GError.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=1966460
+Patch28: udisks-2.10.0-iscsi_test_05_restart_iscsid.patch
 
 BuildRequires: glib2-devel >= %{glib2_version}
 BuildRequires: gobject-introspection-devel >= %{gobject_introspection_version}
@@ -293,6 +299,8 @@ This package contains module for VDO management.
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1
+%patch4 -p1
 %patch10 -p1
 %patch11 -p1
 %patch12 -p1
@@ -309,6 +317,7 @@ This package contains module for VDO management.
 %patch25 -p1
 %patch26 -p1
 %patch27 -p1
+%patch28 -p1
 sed -i udisks/udisks2.conf.in -e "s/encryption=luks1/encryption=%{default_luks_encryption}/"
 
 %build
@@ -501,6 +510,18 @@ fi
 %endif
 
 %changelog
+* Tue Nov 01 2022 Tomas Bzatek <tbzatek@redhat.com> - 2.9.0-13
+- Fix iscsi test auth failures (#1966460)
+
+* Wed Oct 19 2022 Tomas Bzatek <tbzatek@redhat.com> - 2.9.0-12
+- Fix iscsi authentication info override (#2135773)
+
+* Fri Sep 16 2022 Tomas Bzatek <tbzatek@redhat.com> - 2.9.0-11
+- Fix the patch list
+
+* Fri Sep 16 2022 Tomas Bzatek <tbzatek@redhat.com> - 2.9.0-10
+- Restrict ATA Secure Erase Format() options (#2120697)
+
 * Tue Feb 01 2022 Tomas Bzatek <tbzatek@redhat.com> - 2.9.0-9
 - Fix LVM-VDO statistics tests (#2023880,#2025483)
 - Fix GError ownership (#1999149)