Version in base suite: 2.28-2

Base version: libblockdev_2.28-2
Target version: libblockdev_2.28-2+deb12u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/libb/libblockdev/libblockdev_2.28-2.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/libb/libblockdev/libblockdev_2.28-2+deb12u1.dsc

 changelog                                              |    7 +++++
 patches/dont-allow-suid-and-dev-set-on-fs-resize.patch |   23 +++++++++++++++++
 patches/series                                         |    1 
 3 files changed, 31 insertions(+)

diff -Nru libblockdev-2.28/debian/changelog libblockdev-2.28/debian/changelog
--- libblockdev-2.28/debian/changelog	2022-10-12 20:22:59.000000000 +0000
+++ libblockdev-2.28/debian/changelog	2025-06-09 14:07:59.000000000 +0000
@@ -1,3 +1,10 @@
+libblockdev (2.28-2+deb12u1) bookworm-security; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * dont allow suid and dev set on fs resize (CVE-2025-6019)
+
+ -- Salvatore Bonaccorso <carnil@debian.org>  Mon, 09 Jun 2025 16:07:59 +0200
+
 libblockdev (2.28-2) unstable; urgency=medium
 
   * Team upload
diff -Nru libblockdev-2.28/debian/patches/dont-allow-suid-and-dev-set-on-fs-resize.patch libblockdev-2.28/debian/patches/dont-allow-suid-and-dev-set-on-fs-resize.patch
--- libblockdev-2.28/debian/patches/dont-allow-suid-and-dev-set-on-fs-resize.patch	1970-01-01 00:00:00.000000000 +0000
+++ libblockdev-2.28/debian/patches/dont-allow-suid-and-dev-set-on-fs-resize.patch	2025-06-09 14:07:59.000000000 +0000
@@ -0,0 +1,23 @@
+From 8e072f794744bd17c57cceabb3884d3f0f6a1602 Mon Sep 17 00:00:00 2001
+From: Thomas Blume <Thomas.Blume@suse.com>
+Date: Fri, 16 May 2025 14:27:10 +0200
+Subject: [PATCH] dont allow suid and dev set on fs resize
+
+[Salvatore Bonaccorso: Backport to 2.28, which does not contain 2b55f566d422
+("fs: Add support for NILFS2 filesystem") from 3.0 which generalized the
+bd_fs_mount() call in preparation for other filesystems.]
+---
+ src/plugins/fs/generic.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/src/plugins/fs/generic.c
++++ b/src/plugins/fs/generic.c
+@@ -409,7 +409,7 @@ static gboolean xfs_resize_device (const
+                              "before resizing it.", device);
+                 return FALSE;
+             }
+-            ret = bd_fs_mount (device, mountpoint, "xfs", NULL, NULL, error);
++            ret = bd_fs_mount (device, mountpoint, "xfs", "nosuid,nodev", NULL, error);
+             if (!ret) {
+                 g_prefix_error (error, "Failed to mount '%s' before resizing it: ", device);
+                 return FALSE;
diff -Nru libblockdev-2.28/debian/patches/series libblockdev-2.28/debian/patches/series
--- libblockdev-2.28/debian/patches/series	1970-01-01 00:00:00.000000000 +0000
+++ libblockdev-2.28/debian/patches/series	2025-06-09 14:07:59.000000000 +0000
@@ -0,0 +1 @@
+dont-allow-suid-and-dev-set-on-fs-resize.patch