* Fri Mar 26 2021 Tomas Bzatek <tbzatek@redhat.com> - 2.9.2-2

- Fix FAT mkfs with dosfstools >= 4.2
- udiskslinuxdriveata: Use GTask to apply configuration in a thread
- Limit allowed module names
- 80-udisks2.rules: Ignore Apple boot partition from livecd-tools

ignore-apple-boot-part.patch

@@ -0,0 +1,25 @@
+From b9863c11601e199420a375e13505e2b795de77c5 Mon Sep 17 00:00:00 2001
+From: Frederick Grose <4335897+FGrose@users.noreply.github.com>
+Date: Tue, 9 Feb 2021 19:02:01 -0500
+Subject: [PATCH] 80-udisks2.rules: Ignore Apple boot partition from
+ livecd-tools
+
+https://github.com/livecd-tools/livecd-tools/pull/176 creates a new boot
+partition with livecd-iso-to-disk from Fedora Live .iso files that UDISKS
+should ignore.
+---
+ data/80-udisks2.rules | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/data/80-udisks2.rules b/data/80-udisks2.rules
+index fb50f48a0..d6fa072fd 100644
+--- a/data/80-udisks2.rules
++++ b/data/80-udisks2.rules
+@@ -122,6 +122,7 @@ ENV{ID_PART_ENTRY_SCHEME}=="mac", ENV{ID_PART_ENTRY_TYPE}=="Apple_Bootstrap", EN
+ 
+ # Apple Boot partitions
+ ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_TYPE}=="426f6f74-0000-11aa-aa11-00306543ecac", ENV{UDISKS_IGNORE}="1"
++ENV{ID_FS_LABEL}=="ANACONDA", ENV{ID_PART_ENTRY_TYPE}=="48465300-0000-11aa-aa11-00306543ecac|0xaf", ENV{UDISKS_IGNORE}="1"
+ 
+ # special DOS partition types (EFI, hidden, etc.) and RAID/LVM
+ # see http://www.win.tue.nl/~aeb/partitions/partition_types-1.html

udisks-2.10.0-ata_conf_apply_GTask.patch

@@ -0,0 +1,60 @@
+commit 6ff556afabd490feb6c4b29f9e91e81d64e2c0ed
+Author: Tomas Bzatek <tbzatek@redhat.com>
+Date:   Tue Mar 23 12:56:40 2021 +0100
+
+    udiskslinuxdriveata: Use GTask to apply configuration in a thread
+    
+    Should fix a leaking GThread without a need to join or track it anyhow.
+
+diff --git a/src/udiskslinuxdriveata.c b/src/udiskslinuxdriveata.c
+index 5ebdcd76..2de138cd 100644
+--- a/src/udiskslinuxdriveata.c
++++ b/src/udiskslinuxdriveata.c
+@@ -1625,10 +1625,13 @@ apply_conf_data_free (ApplyConfData *data)
+   g_free (data);
+ }
+ 
+-static gpointer
+-apply_configuration_thread_func (gpointer user_data)
++static void
++apply_configuration_thread_func (GTask        *task,
++                                 gpointer      source_object,
++                                 gpointer      task_data,
++                                 GCancellable *cancellable)
+ {
+-  ApplyConfData *data = user_data;
++  ApplyConfData *data = task_data;
+   UDisksDaemon *daemon;
+   const gchar *device_file = NULL;
+   gint fd = -1;
+@@ -1799,8 +1802,6 @@ apply_configuration_thread_func (gpointer user_data)
+  out:
+   if (fd != -1)
+     close (fd);
+-  apply_conf_data_free (data);
+-  return NULL;
+ }
+ 
+ /**
+@@ -1819,6 +1820,7 @@ udisks_linux_drive_ata_apply_configuration (UDisksLinuxDriveAta *drive,
+ {
+   gboolean has_conf = FALSE;
+   ApplyConfData *data = NULL;
++  GTask *task;
+ 
+   data = g_new0 (ApplyConfData, 1);
+   data->ata_pm_standby = -1;
+@@ -1862,9 +1864,10 @@ udisks_linux_drive_ata_apply_configuration (UDisksLinuxDriveAta *drive,
+   /* this can easily take a long time and thus block (the drive may be in standby mode
+    * and needs to spin up) - so run it in a thread
+    */
+-  g_thread_new ("apply-conf-thread",
+-                apply_configuration_thread_func,
+-                data);
++  task = g_task_new (data->object, NULL, NULL, NULL);
++  g_task_set_task_data (task, data, (GDestroyNotify) apply_conf_data_free);
++  g_task_run_in_thread (task, apply_configuration_thread_func);
++  g_object_unref (task);
+ 
+   data = NULL; /* don't free data below */
+ 

udisks-2.10.0-dosfstools_4.2-reread_part.patch

@@ -0,0 +1,24 @@
+commit d58ebcc32b583371dd73ab7f4c7be5191674ca62
+Author: Tomas Bzatek <tbzatek@redhat.com>
+Date:   Wed Mar 17 18:52:22 2021 +0100
+
+    udiskslinuxblock: Re-read partition table after creating FAT filesystem
+    
+    Might not be needed after reverting mkfs.vfat behaviour back
+    to the legacy way, added just as a precautionary measure.
+
+diff --git a/src/udiskslinuxblock.c b/src/udiskslinuxblock.c
+index 901426ad..69161b61 100644
+--- a/src/udiskslinuxblock.c
++++ b/src/udiskslinuxblock.c
+@@ -2913,7 +2913,9 @@ static inline gboolean
+ need_partprobe_after_mkfs (const gchar *fs_type)
+ {
+   /* udftools makes fake MBR since the 2.0 release */
+-  return (g_strcmp0 (fs_type, "udf") == 0);
++  /* dosfstools makes fake MBR since the 4.2 release */
++  return (g_strcmp0 (fs_type, "udf") == 0 ||
++          g_strcmp0 (fs_type, "vfat") == 0);
+ }
+ 
+ void

udisks-2.10.0-dosfstools_4.2.patch

@@ -0,0 +1,75 @@
+commit ef1979d8cbfb8ad976de0af21a70f8c0f98fbbe9
+Author: Tomas Bzatek <tbzatek@redhat.com>
+Date:   Wed Mar 17 18:50:19 2021 +0100
+
+    udiskslinuxfsinfo: Add dosfstools >= 4.2 quirks
+    
+    Reverting back the legacy behaviour with no protective (fake) MBR
+    created while making new FAT filesystem on an unpartitioned block device.
+    
+    Added a label clear functionality as well.
+
+diff --git a/src/udiskslinuxfsinfo.c b/src/udiskslinuxfsinfo.c
+index 15af26c8..f18b9b80 100644
+--- a/src/udiskslinuxfsinfo.c
++++ b/src/udiskslinuxfsinfo.c
+@@ -21,6 +21,8 @@
+ #include <string.h>
+ #include <glib.h>
+ 
++#include <blockdev/exec.h>
++
+ #include "config.h"
+ #include "udiskslinuxfsinfo.h"
+ #include "udisksconfigmanager.h"
+@@ -236,6 +238,19 @@ const FSInfo _fs_info[] =
+     },
+   };
+ 
++/* workaround for dosfstools >= 4.2 */
++static const FSInfo vfat_dosfstools_42 =
++    {
++      FS_VFAT,
++      "fatlabel $DEVICE $LABEL",
++      "fatlabel --reset $DEVICE",
++      FALSE, /* supports_online_label_rename */
++      FALSE, /* supports_owners */
++      "mkfs.vfat -I -n $LABEL --mbr=n $DEVICE",
++      NULL,
++      NULL, /* option_no_discard */
++    };
++
+ /**
+  * get_fs_info:
+  *
+@@ -248,6 +263,7 @@ const FSInfo _fs_info[] =
+ const FSInfo *
+ get_fs_info (const gchar *fstype)
+ {
++  const FSInfo *info = NULL;
+   guint n;
+ 
+   g_return_val_if_fail (fstype != NULL, NULL);
+@@ -255,10 +271,20 @@ get_fs_info (const gchar *fstype)
+   for (n = 0; n < sizeof(_fs_info)/sizeof(FSInfo); n++)
+     {
+       if (strcmp (_fs_info[n].fstype, fstype) == 0)
+-        return &_fs_info[n];
++        {
++          info = &_fs_info[n];
++          break;
++        }
++    }
++
++  /* dosfstools >= 4.2 workaround */
++  if (g_str_equal (fstype, FS_VFAT) &&
++      bd_utils_check_util_version ("mkfs.vfat", "4.2", "--help", "mkfs.fat\\s+([\\d\\.]+).+", NULL))
++    {
++      info = &vfat_dosfstools_42;
+     }
+ 
+-  return NULL;
++  return info;
+ }
+ 
+ /**

udisks-2.10.0-module-names.patch

@@ -0,0 +1,136 @@
+commit e062c17e3829f3c04c25b5f6fc17ccc4491befa8
+Author: Tomas Bzatek <tbzatek@redhat.com>
+Date:   Tue Mar 23 16:48:08 2021 +0100
+
+    modules: Limit module name to alphanumeric characters and -_ separators
+    
+    A hardening feature as long as the module name is directly involved
+    in filename creation.
+
+diff --git a/doc/udisks2-sections.txt.daemon.sections.in b/doc/udisks2-sections.txt.daemon.sections.in
+index 16eaf74e..204ca897 100644
+--- a/doc/udisks2-sections.txt.daemon.sections.in
++++ b/doc/udisks2-sections.txt.daemon.sections.in
+@@ -312,6 +312,7 @@ udisks_daemon_util_get_free_mdraid_device
+ udisks_ata_identify_get_word
+ udisks_daemon_util_trigger_uevent
+ udisks_daemon_util_trigger_uevent_sync
++udisks_module_validate_name
+ </SECTION>
+ 
+ <SECTION>
+diff --git a/src/udisksconfigmanager.c b/src/udisksconfigmanager.c
+index 9558e276..5868e864 100644
+--- a/src/udisksconfigmanager.c
++++ b/src/udisksconfigmanager.c
+@@ -26,6 +26,7 @@
+ #include "udiskslogging.h"
+ #include "udisksdaemontypes.h"
+ #include "udisksconfigmanager.h"
++#include "udisksdaemonutil.h"
+ 
+ struct _UDisksConfigManager {
+   GObject parent_instance;
+@@ -60,6 +61,8 @@ enum
+ #define DEFAULTS_GROUP_NAME "defaults"
+ #define DEFAULTS_ENCRYPTION_KEY "encryption"
+ 
++#define MODULES_ALL_ARG "*"
++
+ static void
+ udisks_config_manager_get_property (GObject    *object,
+                                     guint       property_id,
+@@ -170,7 +173,16 @@ parse_config_file (UDisksConfigManager         *manager,
+             {
+               modules_tmp = modules;
+               for (module_i = *modules_tmp; module_i; module_i = *++modules_tmp)
+-                *out_modules = g_list_append (*out_modules, g_strdup (g_strstrip (module_i)));
++                {
++                  g_strstrip (module_i);
++                  if (! udisks_module_validate_name (module_i) && !g_str_equal (module_i, MODULES_ALL_ARG))
++                    {
++                      g_warning ("Invalid module name '%s' specified in the %s config file.",
++                                 module_i, conf_filename);
++                      continue;
++                    }
++                  *out_modules = g_list_append (*out_modules, g_strdup (module_i));
++                }
+               g_strfreev (modules);
+             }
+         }
+@@ -397,7 +409,7 @@ udisks_config_manager_get_modules_all (UDisksConfigManager *manager)
+ 
+   parse_config_file (manager, NULL, NULL, &modules);
+ 
+-  ret = !modules || (g_strcmp0 (modules->data, "*") == 0 && g_list_length (modules) == 1);
++  ret = !modules || (g_strcmp0 (modules->data, MODULES_ALL_ARG) == 0 && g_list_length (modules) == 1);
+ 
+   g_list_free_full (modules, (GDestroyNotify) g_free);
+ 
+diff --git a/src/udisksdaemonutil.c b/src/udisksdaemonutil.c
+index 60134765..1695b524 100644
+--- a/src/udisksdaemonutil.c
++++ b/src/udisksdaemonutil.c
+@@ -1880,3 +1880,29 @@ udisks_daemon_util_trigger_uevent_sync (UDisksDaemon *daemon,
+ }
+ 
+ /* ---------------------------------------------------------------------------------------------------- */
++
++/**
++ * udisks_module_validate_name:
++ * @module_name: A udisks2 module name.
++ *
++ * Checks the string for a valid udisks2 module name. Only alphanumeric characters
++ * along with the '-' and '_' separators are permitted.
++ *
++ * Returns: %TRUE if the string is a valid udisks2 module name, %FALSE otherwise.
++ */
++gboolean
++udisks_module_validate_name (const gchar *module_name)
++{
++  int i;
++
++  for (i = 0; module_name[i] != '\0'; i++)
++    /* going ASCII, will disqualify any UTF-* string */
++    if (! g_ascii_isalnum (module_name[i]) &&
++        module_name[i] != '-' &&
++        module_name[i] != '_')
++      return FALSE;
++
++  return TRUE;
++}
++
++/* ---------------------------------------------------------------------------------------------------- */
+diff --git a/src/udisksdaemonutil.h b/src/udisksdaemonutil.h
+index 2d7ac981..df584de4 100644
+--- a/src/udisksdaemonutil.h
++++ b/src/udisksdaemonutil.h
+@@ -129,6 +129,8 @@ gchar *udisks_daemon_util_get_free_mdraid_device (void);
+ 
+ guint16 udisks_ata_identify_get_word (const guchar *identify_data, guint word_number);
+ 
++gboolean udisks_module_validate_name (const gchar *module_name);
++
+ /* Utility macro for policy verification. */
+ #define UDISKS_DAEMON_CHECK_AUTHORIZATION(daemon,                   \
+                                           object,                   \
+diff --git a/src/udiskslinuxmanager.c b/src/udiskslinuxmanager.c
+index 8af65d97..26d8a5d7 100644
+--- a/src/udiskslinuxmanager.c
++++ b/src/udiskslinuxmanager.c
+@@ -956,6 +956,15 @@ handle_enable_module (UDisksManager         *object,
+   UDisksLinuxManager *manager = UDISKS_LINUX_MANAGER (object);
+   EnableModulesData *data;
+ 
++  if (! udisks_module_validate_name (arg_name))
++    {
++      g_dbus_method_invocation_return_error (invocation,
++                                             G_IO_ERROR, G_IO_ERROR_INVALID_ARGUMENT,
++                                             "Requested module name '%s' is not a valid udisks2 module name.",
++                                             arg_name);
++      return TRUE;
++    }
++
+   if (! arg_enable)
+     {
+       /* TODO: implement proper module unloading */

udisks2.spec

@@ -48,10 +48,16 @@
 Name:    udisks2
 Summary: Disk Manager
 Version: 2.9.2
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPLv2+
 URL:     https://github.com/storaged-project/udisks
 Source0: https://github.com/storaged-project/udisks/releases/download/udisks-%{version}/udisks-%{version}.tar.bz2
+Patch0:  udisks-2.10.0-dosfstools_4.2.patch
+Patch1:  udisks-2.10.0-dosfstools_4.2-reread_part.patch
+Patch2:  udisks-2.10.0-module-names.patch
+Patch3:  udisks-2.10.0-ata_conf_apply_GTask.patch
+# https://github.com/storaged-project/udisks/pull/847
+Patch4:  ignore-apple-boot-part.patch
 
 BuildRequires: make
 BuildRequires: glib2-devel >= %{glib2_version}
@@ -240,8 +246,9 @@ This package contains module for ZRAM configuration.
 %endif
 
 %prep
-%setup -q -n udisks-%{version}
+%autosetup -p1 -n udisks-%{version}
 sed -i udisks/udisks2.conf.in -e "s/encryption=luks1/encryption=%{default_luks_encryption}/"
+rm -f src/tests/dbus-tests/config_h.py
 
 %build
 autoreconf -ivf
@@ -426,6 +433,12 @@ fi
 %endif
 
 %changelog
+* Fri Mar 26 2021 Tomas Bzatek <tbzatek@redhat.com> - 2.9.2-3
+- Fix FAT mkfs with dosfstools >= 4.2
+- udiskslinuxdriveata: Use GTask to apply configuration in a thread
+- Limit allowed module names
+- 80-udisks2.rules: Ignore Apple boot partition from livecd-tools
+
 * Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.9.2-2
 - Rebuilt for updated systemd-rpm-macros
   See https://pagure.io/fesco/issue/2583.