udisks2: Fix for CVE-2021-3802

Add patch to fix CVE-2021-3802 Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2026-04-02 02:49:12 +00:00 · 2022-01-28 15:54:11 +05:30 · 2022-01-28 15:54:11 +05:30 · 4e7d34df0f
commit 4e7d34df0f
parent 2a10c182ae
2 changed files with 64 additions and 0 deletions
--- a/meta-oe/recipes-support/udisks/udisks2/CVE-2021-3802.patch
+++ b/meta-oe/recipes-support/udisks/udisks2/CVE-2021-3802.patch
@ -0,0 +1,63 @@
+From 2517b8feb13919c382e53ab5f9b63c5b5ee5b063 Mon Sep 17 00:00:00 2001
+From: Emilio Pozuelo Monfort <pochu@debian.org>
+Date: Fri, 5 Nov 2021 09:29:13 +0100
+Subject: [PATCH] udisks2 security update
+
+mount options: Always use errors=remount-ro for ext filesystems
+
+Stefan Walter found that udisks2, a service to access and manipulate
+storage devices, could cause denial of service via system crash if a
+corrupted or specially crafted ext2/3/4 device or image was mounted,
+which could happen automatically on certain environments.
+
+For Debian 9 stretch, this problem has been fixed in version
+2.1.8-1+deb9u1.
+
+Default mount options are focused primarily on data safety, mounting
+damaged ext2/3/4 filesystem as readonly would indicate something's wrong.
+
+Upstream-Status: Backport [http://security.debian.org/debian-security/pool/updates/main/u/udisks2/udisks2_2.1.8-1+deb9u1.debian.tar.xz]
+CVE: CVE-2021-3802
+
+Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com>
+
+---
+ src/udiskslinuxfilesystem.c | 18 ++++++++++++++++++
+ 1 file changed, 18 insertions(+)
+
+diff --git a/src/udiskslinuxfilesystem.c b/src/udiskslinuxfilesystem.c
+index a5a3898c..eac8cab3 100644
+--- a/src/udiskslinuxfilesystem.c
+++ b/src/udiskslinuxfilesystem.c
+@@ -421,6 +421,21 @@ static const gchar *hfsplus_allow[] = { "creator", "type", "umask", "session", "
+ static const gchar *hfsplus_allow_uid_self[] = { "uid", NULL };
+ static const gchar *hfsplus_allow_gid_self[] = { "gid", NULL };
+ 
+/* ---------------------- ext2 -------------------- */
+
+static const gchar *ext2_defaults[] = { "errors=remount-ro", NULL };
+static const gchar *ext2_allow[] = { "errors=remount-ro", NULL };
+
+/* ---------------------- ext3 -------------------- */
+
+static const gchar *ext3_defaults[] = { "errors=remount-ro", NULL };
+static const gchar *ext3_allow[] = { "errors=remount-ro", NULL };
+
+/* ---------------------- ext4 -------------------- */
+
+static const gchar *ext4_defaults[] = { "errors=remount-ro", NULL };
+static const gchar *ext4_allow[] = { "errors=remount-ro", NULL };
+
+ /* ------------------------------------------------ */
+ /* TODO: support context= */
+ 
+@@ -434,6 +449,9 @@ static const FSMountOptions fs_mount_options[] =
+     { "udf", udf_defaults, udf_allow, udf_allow_uid_self, udf_allow_gid_self },
+     { "exfat", exfat_defaults, exfat_allow, exfat_allow_uid_self, exfat_allow_gid_self },
+     { "hfsplus", hfsplus_defaults, hfsplus_allow, hfsplus_allow_uid_self, hfsplus_allow_gid_self },
+    { "ext2", ext2_defaults, ext2_allow, NULL, NULL },
+    { "ext3", ext3_defaults, ext3_allow, NULL, NULL },
+    { "ext4", ext4_defaults, ext4_allow, NULL, NULL },
+   };
+ 
+ /* ------------------------------------------------ */
--- a/meta-oe/recipes-support/udisks/udisks2_git.bb
+++ b/meta-oe/recipes-support/udisks/udisks2_git.bb
@ -18,6 +18,7 @@ RDEPENDS_${PN} = "acl"

 SRC_URI = " \
    git://github.com/storaged-project/udisks.git;branch=master;protocol=https \
+    file://CVE-2021-3802.patch \
 "
 PV = "2.8.4+git${SRCREV}"
 SRCREV = "db5f487345da2eaa87976450ea51c2c465d9b82e"