* Mon Feb 25 2019 Tomas Bzatek <tbzatek@redhat.com> - 2.7.6-3

- Fix crash on g_source_destroy() (#1680255)

0001-Fix-string-format-vulnerability.patch

@@ -0,0 +1,35 @@
+From 0ffc76e7fa0cb668d3d2daed13f233f3e6e5c624 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Kai=20L=C3=BCke?= <kailueke@riseup.net>
+Date: Tue, 18 Sep 2018 13:12:14 +0200
+Subject: [PATCH] Fix string format vulnerability
+
+If the message in g_log_structured itself
+contained format sequences like %d or %n they
+were applied again, leading to leaked stack contents
+and possibly memory corruption. It can be triggered
+e.g. by a volume label containing format sequences.
+
+Print the message argument itself into a "%s" string
+to avoid intepreting format sequences.
+
+https://github.com/storaged-project/udisks/issues/578
+---
+ src/udiskslogging.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/udiskslogging.c b/src/udiskslogging.c
+index ab49fcbf..47a3af23 100644
+--- a/src/udiskslogging.c
++++ b/src/udiskslogging.c
+@@ -60,7 +60,7 @@ udisks_log (UDisksLogLevel     level,
+ 
+ #if GLIB_CHECK_VERSION(2, 50, 0)
+   g_log_structured ("udisks", (GLogLevelFlags) level,
+-                    "MESSAGE", message, "THREAD_ID", "%d", (gint) syscall (SYS_gettid),
++                    "MESSAGE", "%s", message, "THREAD_ID", "%d", (gint) syscall (SYS_gettid),
+                     "CODE_FUNC", function, "CODE_FILE", location);
+ #else
+   g_log ("udisks", level, "[%d]: %s [%s, %s()]", (gint) syscall (SYS_gettid), message, location, function);
+-- 
+2.17.1
+

udisks-2.8.0-sigint_source.patch

@@ -0,0 +1,69 @@
+From 4e26232e5a207b3a5269a5f6d735f1a32b31a4e8 Mon Sep 17 00:00:00 2001
+From: Andrea Azzarone <azzaronea@gmail.com>
+Date: Fri, 30 Mar 2018 09:15:30 +0000
+Subject: [PATCH] main.c: Properly remove sigint source
+
+Revert d9f7b05 and properly fix the critical warning.
+---
+ src/main.c | 18 ++++++------------
+ 1 file changed, 6 insertions(+), 12 deletions(-)
+
+diff --git a/src/main.c b/src/main.c
+index 88f3dafac..0444e0179 100644
+--- a/src/main.c
++++ b/src/main.c
+@@ -93,7 +93,7 @@ on_sigint (gpointer user_data)
+ {
+   udisks_info ("Caught SIGINT. Initiating shutdown");
+   g_main_loop_quit (loop);
+-  return FALSE;
++  return G_SOURCE_CONTINUE; /* We will manually remove the source using g_source_remove */
+ }
+ 
+ int
+@@ -104,12 +104,13 @@ main (int    argc,
+   GOptionContext *opt_context;
+   gint ret;
+   guint name_owner_id;
+-  GSource *sigint_source = NULL;
++  guint sigint_id;
+ 
+   ret = 1;
+   loop = NULL;
+   opt_context = NULL;
+   name_owner_id = 0;
++  sigint_id = 0;
+ 
+   /* avoid gvfs (http://bugzilla.gnome.org/show_bug.cgi?id=526454) */
+   if (!g_setenv ("GIO_USE_VFS", "local", TRUE))
+@@ -148,13 +149,11 @@ main (int    argc,
+ 
+   if (!opt_no_sigint)
+     {
+-      guint sigint_id = g_unix_signal_add_full (G_PRIORITY_DEFAULT,
++      sigint_id = g_unix_signal_add_full (G_PRIORITY_DEFAULT,
+                                           SIGINT,
+                                           on_sigint,
+                                           NULL,  /* user_data */
+                                           NULL); /* GDestroyNotify */
+-      if (sigint_id)
+-        sigint_source = g_main_context_find_source_by_id (NULL, sigint_id);
+     }
+ 
+   name_owner_id = g_bus_own_name (G_BUS_TYPE_SYSTEM,
+@@ -175,13 +174,8 @@ main (int    argc,
+   ret = 0;
+ 
+  out:
+-  if (sigint_source)
+-    {
+-      if(! g_source_is_destroyed(sigint_source))
+-        {
+-          g_source_destroy (sigint_source);
+-        }
+-    }
++  if (sigint_id > 0)
++    g_source_remove (sigint_id);
+   if (the_daemon != NULL)
+     g_object_unref (the_daemon);
+   if (name_owner_id != 0)

udisks2.spec

@@ -15,11 +15,13 @@
 Name:    udisks2
 Summary: Disk Manager
 Version: 2.7.6
-Release: 1%{?dist}
+Release: 3%{?dist}
 License: GPLv2+
 Group:   System Environment/Libraries
 URL:     https://github.com/storaged-project/udisks
 Source0: https://github.com/storaged-project/udisks/releases/download/udisks-%{version}/udisks-%{version}.tar.bz2
+Patch0:  0001-Fix-string-format-vulnerability.patch
+Patch1:  udisks-2.8.0-sigint_source.patch
 
 BuildRequires: glib2-devel >= %{glib2_version}
 BuildRequires: gobject-introspection-devel >= %{gobject_introspection_version}
@@ -203,6 +205,8 @@ This package contains module for ZRAM configuration.
 
 %prep
 %setup -q -n udisks-%{version}
+%patch0 -p1
+%patch1 -p1
 
 %build
 autoreconf -ivf
@@ -348,6 +352,12 @@ udevadm trigger
 %endif
 
 %changelog
+* Mon Feb 25 2019 Tomas Bzatek <tbzatek@redhat.com> - 2.7.6-3
+- Fix crash on g_source_destroy() (#1680255)
+
+* Wed Sep 26 2018 Vojtech Trefny <vtrefny@redhat.com> - 2.7.6-2
+- Fix string format vulnerability
+
 * Thu Feb 08 2018 Vojtech Trefny <vtrefny@redhat.com> - 2.7.6-1
 - Version 2.7.6