From f224ac2029970424e49fb5ae8611bc82cf22e87a Mon Sep 17 00:00:00 2001
From: zhuhongbo <zhuhongbo@uniontech.com>
Date: Tue, 19 Aug 2025 15:41:58 +0800
Subject: [PATCH] fix cve CVE-2025-6019

---
 0003-fix-cve-CVE-2025-6019.patch | 25 +++++++++++++++++++++++++
 libblockdev.spec                 |  7 ++++++-
 2 files changed, 31 insertions(+), 1 deletion(-)
 create mode 100644 0003-fix-cve-CVE-2025-6019.patch

diff --git a/0003-fix-cve-CVE-2025-6019.patch b/0003-fix-cve-CVE-2025-6019.patch
new file mode 100644
index 0000000..6b31190
--- /dev/null
+++ b/0003-fix-cve-CVE-2025-6019.patch
@@ -0,0 +1,25 @@
+From b5dc33e4160856dd12e268c5f79f4b07d492d70e Mon Sep 17 00:00:00 2001
+From: zhuhongbo <zhuhongbo@uniontech.com>
+Date: Tue, 19 Aug 2025 15:36:36 +0800
+Subject: [PATCH] fix cve CVE-2025-6019
+
+---
+ src/plugins/fs/generic.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/plugins/fs/generic.c b/src/plugins/fs/generic.c
+index 2ad2fb8..06ad568 100644
+--- a/src/plugins/fs/generic.c
++++ b/src/plugins/fs/generic.c
+@@ -379,7 +379,7 @@ static gboolean xfs_resize_device (const gchar *device, guint64 new_size, const
+                              "before resizing it.", device);
+                 return FALSE;
+             }
+-            ret = bd_fs_mount (device, mountpoint, "xfs", NULL, NULL, error);
++            ret = bd_fs_mount (device, mountpoint, "xfs", "nosuid,nodev", NULL, error);
+             if (!ret) {
+                 g_prefix_error (error, "Failed to mount '%s' before resizing it: ", device);
+                 return FALSE;
+-- 
+2.39.3
+
diff --git a/libblockdev.spec b/libblockdev.spec
index bfbd683..93c606e 100644
--- a/libblockdev.spec
+++ b/libblockdev.spec
@@ -114,7 +114,7 @@
 
 Name:        libblockdev
 Version:     2.18
-Release:     5%{?dist}
+Release:     6%{?dist}
 Summary:     A library for low-level manipulation with block devices
 License:     LGPLv2+
 URL:         https://github.com/storaged-project/libblockdev
@@ -122,6 +122,7 @@ Source0:     https://github.com/storaged-project/libblockdev/releases/download/%
 Patch0:      0001-Do-not-try-to-use-keyring-on-systems-without-keyring-support.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1710507
 Patch1:      0002-memory-leaks.patch
+Patch2:      0003-fix-cve-CVE-2025-6019.patch
 
 BuildRequires: glib2-devel
 %if %{with_gi}
@@ -650,6 +651,7 @@ A meta-package that pulls all the libblockdev plugins as dependencies.
 %setup -q -n %{name}-%{version}
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1
 
 %build
 %configure %{?configure_opts}
@@ -965,6 +967,9 @@ find %{buildroot} -type f -name "*.la" | xargs %{__rm}
 %files plugins-all
 
 %changelog
+* Mon Aug 18 2025 zhuhongbo <zhuhongbo@uniontech.com> - 2.18-6
+- fix: fix cve CVE-2025-6019
+
 * Fri Aug 16 2019 Tomas Bzatek <tbzatek@redhat.com> - 2.18-5
 - Memory leak fixes
   Resolves: rhbz#1710507
-- 
Gitee