Hello community, here is the log from the commit of package udisks.2635 for openSUSE:12.3:Update checked in at 2014-03-18 09:02:39 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.3:Update/udisks.2635 (Old) and /work/SRC/openSUSE:12.3:Update/.udisks.2635.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "udisks.2635" Changes: -------- New Changes file: --- /dev/null 2014-02-13 01:09:38.344032506 +0100 +++ /work/SRC/openSUSE:12.3:Update/.udisks.2635.new/udisks.changes 2014-03-18 09:02:40.000000000 +0100 @@ -0,0 +1,273 @@ +------------------------------------------------------------------- +Mon Mar 10 12:40:51 UTC 2014 - pwieczorkiew...@suse.com + +- udisks_local_code_execution_fix_CVE-2014-0004.patch: + Fix buffer overflow in mount path parsing. If users have + the possibility to create very long mount points, such as with + FUSE, they could cause udisksd to crash, or even to run arbitrary + code as root with specially crafted mount paths. + (bnc#865854, CVE-2014-0004) + +------------------------------------------------------------------- +Wed Nov 14 10:49:14 UTC 2012 - vu...@opensuse.org + +- Move udev files from /lib/udev to the udevdir defined in udev.pc. + +------------------------------------------------------------------- +Tue Jun 26 18:08:21 UTC 2012 - g...@opensuse.org + +- Added udisks-hide-lvm-raid-partitions.patch in order to hide + partitions marked as containing LVM and RAID. This is only useful + for encrypted partitions (fixes fdo#51439 and bnc#737038). + +------------------------------------------------------------------- +Tue Feb 21 13:15:02 UTC 2012 - vu...@opensuse.org + +- Update umount.udisks: fix /sbin/umount.udisks to correctly pass + arguments to /usr/sbin/umount.udisks. Fix bnc#747883, thanks to + Harald Koenig <koe...@linux.de>. + +------------------------------------------------------------------- +Wed Feb 15 11:52:05 UTC 2012 - vu...@opensuse.org + +- Move dbus xml interface files from devel subpackage to main + subpackage: those files might be needed at runtime. + +------------------------------------------------------------------- +Fri Sep 2 10:48:34 UTC 2011 - vu...@opensuse.org + +- Update to version 1.0.4: + + Mark all rts_pstor devices as card readers + + fdo#24265: Needs to create /var/run/udisks/ on demand + + Change the default for LVM2 and dm-multipath support to off + + Fix typo in configure + +------------------------------------------------------------------- +Fri Jul 1 09:48:07 CEST 2011 - vu...@opensuse.org + +- Update to version 1.0.3: + + fdo#32232, CVE-2010-4661: Arbitrary kernel module load + + Nuke the PolicyKit extension as that is now deprecated + + Add missing comma in fs whitelist + + Update comment about validating requested filesystem type + + Ignore broken directory permissions on UDF media + + Remove blkid probing of device-mapper nodes + + Add "unmount" option to DriveEject + + Fix udisks --eject-options + + Add override for system internal property + + fdo#38535: A DeviceAutoMountHint attribute should be added to + udisks + + fdo#34710: CD-ROM polling failed due to O_EXCL flag + + fdo#32917: EeePC 900 SD card reader icon looks like a usb stick + in GNOME + + Support calling device_drive_eject() and + device_filesystem_unmount() from daemon + + throw_error(): Print error to stderr when being called + internally + + Improvements for specific hardware: + - Mark Realtek PCI flash card reader as such + - Hide recovery partition on newer Lenovo machines + + Update man pages. + + Test suite improvements. + + Code cleanups. +- Drop udisks-kernel-module-load-fix.patch: fixed upstream. + +------------------------------------------------------------------- +Sun May 15 16:26:01 CEST 2011 - kay.siev...@novell.com + +- add missing comma, to properly whitelist ntfs (bnc#691077) + +------------------------------------------------------------------- +Tue Apr 26 20:18:38 CEST 2011 - kay.siev...@novell.com + +- Fix: Arbitrary LKMs from /lib/modules can be loaded + CVE-2010-4661 (bnc#653900) + +------------------------------------------------------------------- +Mon Dec 20 10:16:51 CET 2010 - vu...@opensuse.org + +- Update to version 1.0.2: + + Add nilfs2 file system support + + fdo#26258: initial btrfs support + + Update to latest LVM2 API + + Add udisks --eject option + + Don't probe non-data discs for partition tables + + Fix long hangs on probing nonexistant floppy drives + + Fix hang on setting invalid VFAT labels + + Fix mkfs.ext* arguments + + Fix creating NTFS on raw devices + + Also export UDISKS_DM_TARGET_PARAMS for 'multipath' target + + Fix a bug of unquoted/unescaped label string + + Escape backslash for label string + + Escape NTFS labels properly + + fdo#28075: Do not have all files executable on vfat + + fdo#28075: Do not have files executable on NTFS + + partutil: Explicitly use PART_TYPE_UNKNOWN + + Fix building with Linux 2.6.37 + + fdo#30332: udisks does not tear down LUKS devices when the + slave is forcibly removed + + Avoid using entities in introspection XML + + Various code fixes. + + Improve testsuite. + +------------------------------------------------------------------- +Sun Oct 31 12:37:02 UTC 2010 - jeng...@medozas.de + +- Use %_smp_mflags + +------------------------------------------------------------------- +Thu Jul 15 14:37:54 CEST 2010 - vu...@opensuse.org + +- Update umount.udisks script to reference /usr/sbin/umount.udisks + instead of /usr/sbin/umount.devkit. Fix bnc#618955. + +------------------------------------------------------------------- +Fri Apr 9 18:22:16 CEST 2010 - kay.siev...@novell.com + +- Update to version 1.0.1 + fix bug that publicly exports dm key information + fdo#27494, CVE-2010-1149 + +------------------------------------------------------------------- +Thu Apr 1 11:33:52 CEST 2010 - kay.siev...@novell.com + +- install /var/lib/udisks -- needed for mtab mount tracking + to be able to umount and cleanup /media directories + +------------------------------------------------------------------- +Tue Mar 2 21:41:55 UTC 2010 - dims...@opensuse.org + +- Provide / Obsolete DeviceKit-disks-devel. + +------------------------------------------------------------------- +Thu Feb 25 17:25:11 CET 2010 - meiss...@suse.de + +- removed rpmlintrc, moved pkgconfig file to -devel + +------------------------------------------------------------------- +Wed Feb 24 22:11:12 CET 2010 - dims...@opensuse.org + +- Rename package to udisks +- Update to git snapshot 7d998831 from 2010-02-24 + +------------------------------------------------------------------- +Fri Nov 13 12:54:41 CET 2009 - vu...@opensuse.org + +- Update to version 009: + + Various device-mapper and cryptsetup fixes + + Pass -T to cryptsetup to handle incorrect passphrases + + When updating holders/slaves, defer the updates to an idle + handler + + Work around blkid incorrectly detecting FAT on extended + partitions + + Use 'udevadm settle' instead of 15-second timeout + + Allow creating a partition table with same scheme as existing + one + + Pass -F to mkfs.ext[234] to allow creating a filesystem on the + whole disk + + Use unregister facility in dbus-glib 0.82 and misc life-cycle + fixes + + Add new LinuxMdComponentPosition property + + Also ignore a device if DM_UDEV_DISABLE_OTHER_RULES_FLAG is set + + Use BLKPG_DEL_PARTITION when deleting partitions instead of + libparted + + Use BLKPG_ADD_PARTITION when adding a partition + + Don't use hyphens in param names + + fdo#24673 - Support creating swap fs with labels + + fdo#24778 - throw_error() segfaults for daemon-internally + called methods + + fdo#24757 - Bashism in luks helper breaks password changing + + fdo#24757 - Simplify helper-change-luks-password + + fdo#24679 - Support creating minix file systems + + fdo#24718 - Proper handling of missing mkfs.*/fsck.* +- Changes from version 008: + + Actually inhibit the daemon when Inhibit() is called + + fdo#24054 - Devickit-disks doesn't support changing ntfs label + + fdo#24343 - Unintended side-effect when calling DriveDetach() + + fdo#24264 - Crash on removing NULL value from hash in + device_remove() + + fdo#24052 - CDROM eject button is locked while CDROM is mounted + + fdo#24129 - Please mount vfat disks with shortname=mixed + + fdo#24351 - Firewire hard drive is considered system-internal + + fdo#24468 - part-id crashes if drive device node does not exist + + fdo#24499 - media players have USB drive icon + + fdo#24053 - MMC cards aren't automounted. + +------------------------------------------------------------------- +Thu Oct 1 23:53:34 CEST 2009 - vu...@opensuse.org ++++ 76 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.3:Update/.udisks.2635.new/udisks.changes New: ---- udisks-1.0.4.tar.gz udisks-hide-lvm-raid-partitions.patch udisks.changes udisks.spec udisks_local_code_execution_fix_CVE-2014-0004.patch umount.udisks ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ udisks.spec ++++++ # # spec file for package udisks # # Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %define _udevdir %(pkg-config --variable=udevdir udev) Name: udisks Version: 1.0.4 Release: 0 Summary: Disk Management Service License: GPL-2.0+ Group: System/Daemons Url: http://cgit.freedesktop.org/udisks/ Source: http://hal.freedesktop.org/releases/%{name}-%{version}.tar.gz # Need this one until bnc#504064 has been resolved -- mbo...@suse.de Source2: umount.udisks # PATCH-FIX-UPSTREAM udisks-hide-lvm-raid-partitions.patch fdo#51439 bnc#737038 g...@opensuse.org -- Hide partitions marked as containing LVM and RAID. This is only useful for encrypted partitions. Patch0: udisks-hide-lvm-raid-partitions.patch # PATCH-FIX-UPSTREAM udisks_local_code_execution_fix_CVE-2014-0004.patch bnc#865854 CVE-2014-0004 pwieczorkiew...@suse.de -- Fix buffer overflow in mount path parsing Patch1: udisks_local_code_execution_fix_CVE-2014-0004.patch Obsoletes: DeviceKit-disks <= 009 Provides: DeviceKit-disks = 009 # avahi BuildRequires is solely for directory ownerships. BuildRequires: avahi BuildRequires: dbus-1-glib-devel #BuildRequires: device-mapper-devel BuildRequires: gtk-doc BuildRequires: intltool BuildRequires: libatasmart-devel BuildRequires: libgudev-1_0-devel BuildRequires: parted-devel BuildRequires: polkit-devel BuildRequires: sg3_utils-devel #BuildRequires: sqlite3-devel # udev BuildRequires is solely for directory ownerships. BuildRequires: udev #BuildRequires: zlib-devel BuildRoot: %{_tmppath}/%{name}-%{version}-build # Upstream First - Policy: # Never add any patches to this package without the upstream commit id # in the patch. Any patches added here without a very good reason to make # an exception will be silently removed with the next version update. %description udisks provides a daemon, D-Bus API and command line tools for managing disks and storage devices. %package devel Summary: Disk Management Service - Development Files Group: Development/Libraries/Other Requires: %{name} = %{version} Requires: glib2-devel Provides: DeviceKit-disks-devel = 009 Obsoletes: DeviceKit-disks-devel <= 009 %description devel udisks provides a daemon, D-Bus API and command line tools for managing disks and storage devices. %prep %setup -q %patch0 -p1 %patch1 -p1 %build export V=1 %configure \ --enable-gtk-doc \ --disable-static \ --libexecdir=%{_prefix}/lib/udisks make %{?_smp_mflags} %install %makeinstall find %{buildroot}%{_libdir} -name '*.la' -delete -print >/dev/null 2>&1 || : # Not allowed to install into /sbin so move it to /usr/sbin (see bnc#504064) mkdir -p %{buildroot}%{_sbindir} mv %{buildroot}/sbin/umount.udisks %{buildroot}%{_sbindir} cp %{S:2} %{buildroot}/sbin/ # udev files are not necessarily in /lib/udev anymore if test "%{_udevdir}" != "/lib/udev"; then mkdir -p %{buildroot}%{_udevdir} mv %{buildroot}/lib/udev/* %{buildroot}%{_udevdir} fi %find_lang %{name} %clean rm -rf %{buildroot} %post -p /sbin/ldconfig %postun -p /sbin/ldconfig %files -f %{name}.lang %defattr(-,root,root,-) %doc AUTHORS COPYING NEWS README %{_udevdir}/udisks-* %{_udevdir}/rules.d/80-udisks.rules %{_bindir}/udisks %{_bindir}/udisks-tcp-bridge %{_prefix}/lib/udisks %attr(0755,root,root) /sbin/umount.udisks %{_sbindir}/umount.udisks %{_datadir}/polkit-1/actions/org.freedesktop.udisks.policy %{_datadir}/dbus-1/interfaces/org.freedesktop.UDisks.xml %{_datadir}/dbus-1/interfaces/org.freedesktop.UDisks.Adapter.xml %{_datadir}/dbus-1/interfaces/org.freedesktop.UDisks.Device.xml %{_datadir}/dbus-1/interfaces/org.freedesktop.UDisks.Expander.xml %{_datadir}/dbus-1/interfaces/org.freedesktop.UDisks.Port.xml %{_datadir}/dbus-1/system-services/org.freedesktop.UDisks.service %{_sysconfdir}/avahi/services/udisks.service %{_sysconfdir}/dbus-1/system.d/org.freedesktop.UDisks.conf %attr(0644,root,root) %{_sysconfdir}/profile.d/udisks-bash-completion.sh %doc %{_mandir}/man1/udisks-tcp-bridge.1%{?ext_man} %doc %{_mandir}/man1/udisks.1%{?ext_man} %doc %{_mandir}/man7/udisks.7%{?ext_man} %doc %{_mandir}/man8/udisks-daemon.8%{?ext_man} %attr(0770,root,root) %dir %{_localstatedir}/lib/udisks %files devel %defattr(-,root,root,-) %{_datadir}/pkgconfig/udisks.pc %doc %{_datadir}/gtk-doc/html/udisks/ %changelog ++++++ udisks-hide-lvm-raid-partitions.patch ++++++ >From 82cbbadc7ce2c7f12fa49a769fc96565bf40a350 Mon Sep 17 00:00:00 2001 From: David Zeuthen <zeut...@gmail.com> Date: Tue, 26 Jun 2012 17:57:41 +0000 Subject: Bug 51439 – udisks should hide lvm PVs Hide partitions marked as containing LVM and RAID. This is only useful for encrypted partitions. https://bugs.freedesktop.org/show_bug.cgi?id=51439 Signed-off-by: David Zeuthen <zeut...@gmail.com> --- diff --git a/data/80-udisks.rules b/data/80-udisks.rules index 6ac526c..d1c8c5d 100644 --- a/data/80-udisks.rules +++ b/data/80-udisks.rules @@ -180,20 +180,24 @@ ENV{ID_VENDOR}=="*IOMEGA*", ENV{ID_MODEL}=="*ZIP*", ENV{ID_DRIVE_FLOPPY_ZIP}="1" # Partitions which desktops should not display # +# (note that RAID/LVM members are not normally shown in an user +# interface so setting UDISKS__PRESENTATION_HIDE at first does not +# seem to achieve anything. However it helps for RAID/LVM members that +# are encrypted using LUKS. See bug #51439.) # Apple Bootstrap partitions ENV{UDISKS_PARTITION_SCHEME}=="apm", ENV{UDISKS_PARTITION_TYPE}=="Apple_Bootstrap", ENV{UDISKS_PRESENTATION_HIDE}="1" -# special MBR partition types (EFI, hidden, etc.) +# special MBR partition types (EFI, hidden, etc.) and RAID/LVM # see http://www.win.tue.nl/~aeb/partitions/partition_types-1.html ENV{UDISKS_PARTITION_SCHEME}=="mbr", \ - ENV{UDISKS_PARTITION_TYPE}=="0x00|0x11|0x12|0x14|0x16|0x17|0x1b|0x1c|0x1e|0x27|0x3d|0x84|0x8d|0x90|0x91|0x92|0x93|0x97|0x98|0x9a|0x9b|0xbb|0xc2|0xc3|0xdd|0xef", \ + ENV{UDISKS_PARTITION_TYPE}=="0x00|0x11|0x12|0x14|0x16|0x17|0x1b|0x1c|0x1e|0x27|0x3d|0x84|0x8d|0x8e|0x90|0x91|0x92|0x93|0x97|0x98|0x9a|0x9b|0xbb|0xc2|0xc3|0xdd|0xef|0xfd", \ ENV{UDISKS_PRESENTATION_HIDE}="1" # special GUID-identified partition types # see http://en.wikipedia.org/wiki/GUID_Partition_Table#Partition_type_GUIDs ENV{UDISKS_PARTITION_SCHEME}=="gpt", \ - ENV{UDISKS_PARTITION_TYPE}=="C12A7328-F81F-11D2-BA4B-00A0C93EC93B|21686148-6449-6E6F-744E-656564454649", \ + ENV{UDISKS_PARTITION_TYPE}=="C12A7328-F81F-11D2-BA4B-00A0C93EC93B|21686148-6449-6E6F-744E-656564454649|A19D880F-05FC-4D3B-A006-743F0F84911E|E6D6D379-F507-44C2-A23C-238F2A3DF928", \ ENV{UDISKS_PRESENTATION_HIDE}="1" # APM recovery/tool partitions which are useless on Linux -- cgit v0.9.0.2-2-gbebe ++++++ udisks_local_code_execution_fix_CVE-2014-0004.patch ++++++ commit ebf61ed8471a45cf8bce7231de00cb1bbc140708 Author: Martin Pitt <martin.p...@ubuntu.com> Date: Wed Mar 5 14:07:44 2014 +0100 Fix buffer overflow in mount path parsing In the mount monitor we parse mount points from /proc/self/mountinfo. Ensure that we don't overflow the buffers on platforms where mount paths could be longer than PATH_MAX (unknown if that can actually happen), as at least the mount paths for hotpluggable devices are somewhat user-controlled. Thanks to Florian Weimer for discovering this bug, and to David Zeuthen for his initial patch! CVE-2014-0004 Index: udisks-1.0.4/src/mount-monitor.c =================================================================== --- udisks-1.0.4.orig/src/mount-monitor.c 2011-08-25 20:27:33.000000000 +0200 +++ udisks-1.0.4/src/mount-monitor.c 2014-03-10 13:38:18.309406561 +0100 @@ -39,6 +39,11 @@ #include "mount.h" #include "private.h" +/* build a %Ns format string macro with N == PATH_MAX */ +#define xstr(s) str(s) +#define str(s) #s +#define PATH_MAX_FMT "%" xstr(PATH_MAX) "s" + /*--------------------------------------------------------------------------------------------------------------*/ enum @@ -320,8 +325,8 @@ mount_monitor_ensure (MountMonitor *moni guint mount_id; guint parent_id; guint major, minor; - gchar encoded_root[PATH_MAX]; - gchar encoded_mount_point[PATH_MAX]; + gchar encoded_root[PATH_MAX + 1]; + gchar encoded_mount_point[PATH_MAX + 1]; gchar *mount_point; dev_t dev; @@ -329,7 +334,7 @@ mount_monitor_ensure (MountMonitor *moni continue; if (sscanf (lines[n], - "%d %d %d:%d %s %s", + "%d %d %d:%d " PATH_MAX_FMT " " PATH_MAX_FMT, &mount_id, &parent_id, &major, @@ -340,6 +345,8 @@ mount_monitor_ensure (MountMonitor *moni g_warning ("Error parsing line '%s'", lines[n]); continue; } + encoded_root[sizeof encoded_root - 1] = '\0'; + encoded_mount_point[sizeof encoded_mount_point - 1] = '\0'; /* ignore mounts where only a subtree of a filesystem is mounted */ if (g_strcmp0 (encoded_root, "/") != 0) @@ -358,15 +365,17 @@ mount_monitor_ensure (MountMonitor *moni sep = strstr (lines[n], " - "); if (sep != NULL) { - gchar fstype[PATH_MAX]; - gchar mount_source[PATH_MAX]; + gchar fstype[PATH_MAX + 1]; + gchar mount_source[PATH_MAX + 1]; struct stat statbuf; - if (sscanf (sep + 3, "%s %s", fstype, mount_source) != 2) + if (sscanf (sep + 3, PATH_MAX_FMT " " PATH_MAX_FMT, fstype, mount_source) != 2) { g_warning ("Error parsing things past - for '%s'", lines[n]); continue; } + fstype[sizeof fstype - 1] = '\0'; + mount_source[sizeof mount_source - 1] = '\0'; if (g_strcmp0 (fstype, "btrfs") != 0) continue; ++++++ umount.udisks ++++++ #!/bin/sh if test -x /usr/sbin/umount.udisks; then exec /usr/sbin/umount.udisks "$@" else echo "/usr/sbin/umount.udisks not found." exit 1 fi -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org