Bug#993100: bullseye-pu: package udisks2/2.9.2-2+deb11u1

[Michael Biebl <biebl@debian.org>]

On 03.11.21 15:32, Michael Biebl wrote:
> On Fri, 27 Aug 2021 13:58:19 +0200 Michael Biebl <biebl@debian.org> wrote:
> > Package: release.debian.org
> > Severity: normal
> > Tags: bullseye
> > User: release.debian.org@packages.debian.org
> > Usertags: pu
> > X-Debbugs-Cc: pkg-utopia-maintainers@lists.alioth.debian.org
> >
> >
> > Hi,
> >
> > I'd like to make a stable upload for udisks2, fixing #992152:
> > "udisks2: please update Recommends on exfat-utils to exfatprogs for Linux
> kernel 5"
> > This issue has already been fixed in unstable/testing and the relevant
> > changes for bullseye are an upstream cherry-pick and a packaging
> > cherry-pick.
> >
> > The changes themselves are trivial. Full debdiff is attached.
>
>
> Any news here?

I've updated the debdiff to include the fix for CVE-2021-3802
https://security-tracker.debian.org/tracker/CVE-2021-3802

Regards,
Michael

diff --git a/debian/changelog b/debian/changelog
index 51c3b887..0cd4c0d7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+udisks2 (2.9.2-2+deb11u1) bullseye; urgency=medium
+
+  * Switch debian-branch to debian/bullseye
+  * Use the mkfs command to format exfat partitions
+  * Recommend exfatprogs instead of exfat-utils (Closes: #992152)
+  * mount options: Always use errors=remount-ro for ext filesystems
+    (CVE-2021-3802)
+
+ -- Michael Biebl <biebl@debian.org>  Fri, 05 Nov 2021 13:15:50 +0100
+
 udisks2 (2.9.2-2) unstable; urgency=medium
 
   * udisksclient: Make get_block_for_drive deterministic.
diff --git a/debian/gbp.conf b/debian/gbp.conf
index 05e704d0..a64b3aab 100644
--- a/debian/gbp.conf
+++ b/debian/gbp.conf
@@ -1,5 +1,5 @@
 [DEFAULT]
 pristine-tar = True
 patch-numbers = False
-debian-branch = debian/master
+debian-branch = debian/bullseye
 upstream-branch = upstream/latest
diff --git a/debian/patches/Use-the-mkfs-command-to-format-exfat-partitions.patch b/debian/patches/Use-the-mkfs-command-to-format-exfat-partitions.patch
new file mode 100644
index 00000000..8ae84c05
--- /dev/null
+++ b/debian/patches/Use-the-mkfs-command-to-format-exfat-partitions.patch
@@ -0,0 +1,26 @@
+From: Sebastien Bacher <seb128@ubuntu.com>
+Date: Wed, 21 Apr 2021 13:48:36 +0200
+Subject: Use the mkfs command to format exfat partitions
+
+The currently used mkexfatfs is only available in exfat-utils and not in
+the new exfatprogs.
+
+https://github.com/storaged-project/udisks/issues/882
+(cherry picked from commit 1c13dc64213554f979b24788b40398fee7a5039f)
+---
+ src/udiskslinuxfsinfo.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/udiskslinuxfsinfo.c b/src/udiskslinuxfsinfo.c
+index 15af26c..8f08242 100644
+--- a/src/udiskslinuxfsinfo.c
++++ b/src/udiskslinuxfsinfo.c
+@@ -121,7 +121,7 @@ const FSInfo _fs_info[] =
+       NULL,
+       FALSE, /* supports_online_label_rename */
+       FALSE, /* supports_owners */
+-      "mkexfatfs -n $LABEL $DEVICE",
++      "mkfs.exfat -n $LABEL $DEVICE",
+       NULL,
+       NULL, /* option_no_discard */
+     },
diff --git a/debian/patches/mount-options-Always-use-errors-remount-ro-for-ext-filesy.patch b/debian/patches/mount-options-Always-use-errors-remount-ro-for-ext-filesy.patch
new file mode 100644
index 00000000..627b5668
--- /dev/null
+++ b/debian/patches/mount-options-Always-use-errors-remount-ro-for-ext-filesy.patch
@@ -0,0 +1,55 @@
+From: Tomas Bzatek <tbzatek@redhat.com>
+Date: Wed, 15 Sep 2021 14:34:49 +0200
+Subject: mount options: Always use errors=remount-ro for ext filesystems
+
+Default mount options are focused primarily on data safety, mounting
+damaged ext2/3/4 filesystem as readonly would indicate something's wrong.
+
+(cherry picked from commit 2d5d2b7570b0f44c14b34b5dc831f174205c10f2)
+(cherry picked from commit 38d90a433bda0fc0f2a409f6baa12c3958893571)
+---
+ data/builtin_mount_options.conf            | 9 +++++++++
+ src/tests/dbus-tests/test_80_filesystem.py | 6 ++++++
+ 2 files changed, 15 insertions(+)
+
+diff --git a/data/builtin_mount_options.conf b/data/builtin_mount_options.conf
+index 6e50927..962c469 100644
+--- a/data/builtin_mount_options.conf
++++ b/data/builtin_mount_options.conf
+@@ -27,3 +27,12 @@ f2fs_allow=discard,nodiscard,compress_algorithm,compress_log_size,compress_exten
+ xfs_allow=discard,nodiscard,inode32,largeio,wsync
+ 
+ reiserfs_allow=hashed_relocation,no_unhashed_relocation,noborder,notail
++
++ext2_defaults=errors=remount-ro
++ext2_allow=errors=remount-ro
++
++ext3_defaults=errors=remount-ro
++ext3_allow=errors=remount-ro
++
++ext4_defaults=errors=remount-ro
++ext4_allow=errors=remount-ro
+diff --git a/src/tests/dbus-tests/test_80_filesystem.py b/src/tests/dbus-tests/test_80_filesystem.py
+index c8bb9f0..c16d32c 100644
+--- a/src/tests/dbus-tests/test_80_filesystem.py
++++ b/src/tests/dbus-tests/test_80_filesystem.py
+@@ -315,6 +315,8 @@ class UdisksFSTestCase(udiskstestcase.UdisksTestCase):
+         _ret, out = self.run_command('mount | grep %s' % block_fs_dev)
+         self.assertIn(mnt_path, out)
+         self.assertIn('ro', out)
++        if self._fs_name.startswith('ext'):
++            self.assertIn('errors=remount-ro', out)
+ 
+         # dbus mountpoint
+         dbus_mounts = self.get_property(block_fs, '.Filesystem', 'MountPoints')
+@@ -472,6 +474,10 @@ class UdisksFSTestCase(udiskstestcase.UdisksTestCase):
+         if self._fs_name == "udf":
+             test_custom_option(self, False, None, False, "[defaults]\ndefaults=\nallow=exec,noexec,nodev,nosuid,atime,noatime,nodiratime,ro,rw,sync,dirsync,noload,uid=ignore,uid=forget\n")
+             test_custom_option(self, True, "uid=notallowed", True, "[defaults]\nallow=exec,noexec,nodev,nosuid,atime,noatime,nodiratime,ro,rw,sync,dirsync,noload,uid=ignore\n")
++        if self._fs_name.startswith("ext"):
++            test_custom_option(self, False, "errors=remount-ro", True, "", match_mount_option="errors=remount-ro")
++            test_custom_option(self, True, "errors=panic", False, "")
++            test_custom_option(self, True, "errors=continue", False, "")
+ 
+         # udev rules overrides
+         test_readonly(self, False, "", udev_rules_content = { "UDISKS_MOUNT_OPTIONS_DEFAULTS": "rw" })
diff --git a/debian/patches/series b/debian/patches/series
index b5f3547a..33af84d6 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,3 @@
 udisksclient-Make-get_block_for_drive-deterministic.patch
+Use-the-mkfs-command-to-format-exfat-partitions.patch
+mount-options-Always-use-errors-remount-ro-for-ext-filesy.patch
diff --git a/debian/rules b/debian/rules
index a649602a..7f936111 100755
--- a/debian/rules
+++ b/debian/rules
@@ -42,11 +42,11 @@ override_dh_install:
 override_dh_missing:
 	dh_missing --fail-missing
 
-# Ubuntu is hesitant about exfat-utils in default install
+# Ubuntu is hesitant about exfatprogs in default install
 # https://launchpad.net/bugs/1649537
 override_dh_gencontrol:
 ifneq ($(shell dpkg-vendor --query vendor),Ubuntu)
-	dh_gencontrol -- -Vexfat:Recommends='exfat-utils'
+	dh_gencontrol -- -Vexfat:Recommends='exfatprogs'
 else
-	dh_gencontrol -- -Vexfat:Suggests='exfat-utils'
+	dh_gencontrol -- -Vexfat:Suggests='exfatprogs'
 endif

Attachment: OpenPGP_signature
Description: OpenPGP digital signature