From 1b8fd108c7369ab143777051f90e80adaf71ce75 Mon Sep 17 00:00:00 2001 From: Peter Robinson Date: Mon, 21 Mar 2022 21:31:23 +0000 Subject: [PATCH] 5.64 --- ...d-Always-define-confdir-and-statedir.patch | 35 - ...ix-read-order-of-attributes-rediffed.patch | 542 ---------- 0002-Use-g_memdup2-everywhere.patch | 997 ------------------ ...-uhid-device-has-not-been-c-rediffed.patch | 90 -- ...ivateTmp-and-NoNewPrivileges-options.patch | 38 - ...systemd-Add-more-filesystem-lockdown.patch | 44 - bluez.spec | 20 +- sources | 2 +- 8 files changed, 6 insertions(+), 1762 deletions(-) delete mode 100644 0001-build-Always-define-confdir-and-statedir.patch delete mode 100644 0001-hog-Fix-read-order-of-attributes-rediffed.patch delete mode 100644 0002-Use-g_memdup2-everywhere.patch delete mode 100644 0002-hog-Add-input-queue-while-uhid-device-has-not-been-c-rediffed.patch delete mode 100644 0002-systemd-Add-PrivateTmp-and-NoNewPrivileges-options.patch delete mode 100644 0003-systemd-Add-more-filesystem-lockdown.patch diff --git a/0001-build-Always-define-confdir-and-statedir.patch b/0001-build-Always-define-confdir-and-statedir.patch deleted file mode 100644 index b1e56a5..0000000 --- a/0001-build-Always-define-confdir-and-statedir.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 5744f79d84ecee3929a682166034c5bbc36c0ef5 Mon Sep 17 00:00:00 2001 -From: Bastien Nocera -Date: Wed, 20 Sep 2017 12:49:10 +0200 -Subject: [PATCH 1/4] build: Always define confdir and statedir - -As we will need those paths to lock down on them. ---- - Makefile.am | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/Makefile.am b/Makefile.am -index 9d25a815b..ac88c12e0 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -28,14 +28,14 @@ - $(LIBEDATASERVER_CFLAGS) $(ell_cflags) - AM_LDFLAGS = $(MISC_LDFLAGS) - -+confdir = $(sysconfdir)/bluetooth -+statedir = $(localstatedir)/lib/bluetooth -+ - if DATAFILES - dbusdir = $(DBUS_CONFDIR)/dbus-1/system.d - dbus_DATA = src/bluetooth.conf - --confdir = $(sysconfdir)/bluetooth - conf_DATA = -- --statedir = $(localstatedir)/lib/bluetooth - state_DATA = - endif - --- -2.21.0 - diff --git a/0001-hog-Fix-read-order-of-attributes-rediffed.patch b/0001-hog-Fix-read-order-of-attributes-rediffed.patch deleted file mode 100644 index cd6dc44..0000000 --- a/0001-hog-Fix-read-order-of-attributes-rediffed.patch +++ /dev/null @@ -1,542 +0,0 @@ -From 7fe38a17f6bee713fde587487fc224b0ae390e8f Mon Sep 17 00:00:00 2001 -From: Luiz Augusto von Dentz -Date: Mon, 10 Jan 2022 17:35:15 -0800 -Subject: [PATCH 1/2] hog: Fix read order of attributes - -The Report Map must be read after all other attributes otherwise the -Kernel driver may start using UHID_SET_REPORT which requires the -report->id to be known in order to resolve the attribute to send to. - -Fixes: https://github.com/bluez/bluez/issues/220 ---- - profiles/input/hog-lib.c | 191 ++++++++++++++++++++++++--------------- - 1 file changed, 119 insertions(+), 72 deletions(-) - -diff --git a/profiles/input/hog-lib.c b/profiles/input/hog-lib.c -index d37caa1f1..beb19af70 100644 ---- a/profiles/input/hog-lib.c -+++ b/profiles/input/hog-lib.c -@@ -90,6 +90,7 @@ struct bt_hog { - uint16_t getrep_id; - unsigned int setrep_att; - uint16_t setrep_id; -+ unsigned int report_map_id; - struct bt_scpp *scpp; - struct bt_dis *dis; - struct queue *bas; -@@ -146,13 +147,34 @@ static bool set_and_store_gatt_req(struct bt_hog *hog, - return queue_push_head(hog->gatt_op, req); - } - --static void destroy_gatt_req(struct gatt_request *req) -+static void destroy_gatt_req(void *data) - { -- queue_remove(req->hog->gatt_op, req); -+ struct gatt_request *req = data; -+ - bt_hog_unref(req->hog); - free(req); - } - -+static void read_report_map(struct bt_hog *hog); -+ -+static void remove_gatt_req(struct gatt_request *req, uint8_t status) -+{ -+ struct bt_hog *hog = req->hog; -+ -+ queue_remove(hog->gatt_op, req); -+ -+ if (!status && queue_isempty(hog->gatt_op)) { -+ /* Report Map must be read last since that can result -+ * in uhid being created and the driver may start to -+ * use UHID_SET_REPORT which requires the report->id to -+ * be known what attribute to send to. -+ */ -+ read_report_map(hog); -+ } -+ -+ destroy_gatt_req(req); -+} -+ - static void write_char(struct bt_hog *hog, GAttrib *attrib, uint16_t handle, - const uint8_t *value, size_t vlen, - GAttribResultFunc func, -@@ -178,27 +200,31 @@ static void write_char(struct bt_hog *hog, GAttrib *attrib, uint16_t handle, - } - } - --static void read_char(struct bt_hog *hog, GAttrib *attrib, uint16_t handle, -- GAttribResultFunc func, gpointer user_data) -+static unsigned int read_char(struct bt_hog *hog, GAttrib *attrib, -+ uint16_t handle, GAttribResultFunc func, -+ gpointer user_data) - { - struct gatt_request *req; - unsigned int id; - - req = create_request(hog, user_data); - if (!req) -- return; -+ return 0; - - id = gatt_read_char(attrib, handle, func, req); - if (!id) { - error("hog: Could not read char"); -- return; -+ return 0; - } - - if (!set_and_store_gatt_req(hog, req, id)) { - error("hog: Failed to queue read char req"); - g_attrib_cancel(attrib, id); - free(req); -+ return 0; - } -+ -+ return id; - } - - static void discover_desc(struct bt_hog *hog, GAttrib *attrib, -@@ -343,16 +369,14 @@ static void report_ccc_written_cb(guint8 status, const guint8 *pdu, - struct report *report = req->user_data; - struct bt_hog *hog = report->hog; - -- destroy_gatt_req(req); -- - if (status != 0) { - error("Write report characteristic descriptor failed: %s", - att_ecode2str(status)); -- return; -+ goto remove; - } - - if (report->notifyid) -- return; -+ goto remove; - - report->notifyid = g_attrib_register(hog->attrib, - ATT_OP_HANDLE_NOTIFY, -@@ -360,6 +384,9 @@ static void report_ccc_written_cb(guint8 status, const guint8 *pdu, - report_value_cb, report, NULL); - - DBG("Report characteristic descriptor written: notifications enabled"); -+ -+remove: -+ remove_gatt_req(req, status); - } - - static void write_ccc(struct bt_hog *hog, GAttrib *attrib, uint16_t handle, -@@ -379,14 +406,15 @@ static void ccc_read_cb(guint8 status, const guint8 *pdu, guint16 len, - struct gatt_request *req = user_data; - struct report *report = req->user_data; - -- destroy_gatt_req(req); -- - if (status != 0) { - error("Error reading CCC value: %s", att_ecode2str(status)); -- return; -+ goto remove; - } - - write_ccc(report->hog, report->hog->attrib, report->ccc_handle, report); -+ -+remove: -+ remove_gatt_req(req, status); - } - - static const char *type_to_string(uint8_t type) -@@ -409,17 +437,15 @@ static void report_reference_cb(guint8 status, const guint8 *pdu, - struct gatt_request *req = user_data; - struct report *report = req->user_data; - -- destroy_gatt_req(req); -- - if (status != 0) { - error("Read Report Reference descriptor failed: %s", - att_ecode2str(status)); -- return; -+ goto remove; - } - - if (plen != 3) { - error("Malformed ATT read response"); -- return; -+ goto remove; - } - - report->id = pdu[1]; -@@ -432,6 +458,9 @@ static void report_reference_cb(guint8 status, const guint8 *pdu, - if (report->type == HOG_REPORT_TYPE_INPUT) - read_char(report->hog, report->hog->attrib, report->ccc_handle, - ccc_read_cb, report); -+ -+remove: -+ remove_gatt_req(req, status); - } - - static void external_report_reference_cb(guint8 status, const guint8 *pdu, -@@ -442,12 +471,10 @@ static void discover_external_cb(uint8_t status, GSList *descs, void *user_data) - struct gatt_request *req = user_data; - struct bt_hog *hog = req->user_data; - -- destroy_gatt_req(req); -- - if (status != 0) { - error("Discover external descriptors failed: %s", - att_ecode2str(status)); -- return; -+ goto remove; - } - - for ( ; descs; descs = descs->next) { -@@ -457,6 +484,9 @@ static void discover_external_cb(uint8_t status, GSList *descs, void *user_data) - external_report_reference_cb, - hog); - } -+ -+remove: -+ remove_gatt_req(req, status); - } - - static void discover_external(struct bt_hog *hog, GAttrib *attrib, -@@ -480,12 +510,10 @@ static void discover_report_cb(uint8_t status, GSList *descs, void *user_data) - struct report *report = req->user_data; - struct bt_hog *hog = report->hog; - -- destroy_gatt_req(req); -- - if (status != 0) { - error("Discover report descriptors failed: %s", - att_ecode2str(status)); -- return; -+ goto remove; - } - - for ( ; descs; descs = descs->next) { -@@ -501,6 +529,9 @@ static void discover_report_cb(uint8_t status, GSList *descs, void *user_data) - break; - } - } -+ -+remove: -+ remove_gatt_req(req, status); - } - - static void discover_report(struct bt_hog *hog, GAttrib *attrib, -@@ -519,11 +550,9 @@ static void report_read_cb(guint8 status, const guint8 *pdu, guint16 len, - struct gatt_request *req = user_data; - struct report *report = req->user_data; - -- destroy_gatt_req(req); -- - if (status != 0) { - error("Error reading Report value: %s", att_ecode2str(status)); -- return; -+ goto remove; - } - - if (report->value) -@@ -531,6 +560,9 @@ static void report_read_cb(guint8 status, const guint8 *pdu, guint16 len, - - report->value = g_memdup2(pdu, len); - report->len = len; -+ -+remove: -+ remove_gatt_req(req, status); - } - - static int report_chrc_cmp(const void *data, const void *user_data) -@@ -572,12 +604,11 @@ static void external_service_char_cb(uint8_t status, GSList *chars, - struct report *report; - GSList *l; - -- destroy_gatt_req(req); -- - if (status != 0) { - const char *str = att_ecode2str(status); -+ - DBG("Discover external service characteristic failed: %s", str); -- return; -+ goto remove; - } - - for (l = chars; l; l = g_slist_next(l)) { -@@ -595,6 +626,9 @@ static void external_service_char_cb(uint8_t status, GSList *chars, - end = (next ? next->handle - 1 : primary->range.end); - discover_report(hog, hog->attrib, start, end, report); - } -+ -+remove: -+ remove_gatt_req(req, status); - } - - static void external_report_reference_cb(guint8 status, const guint8 *pdu, -@@ -605,17 +639,15 @@ static void external_report_reference_cb(guint8 status, const guint8 *pdu, - uint16_t uuid16; - bt_uuid_t uuid; - -- destroy_gatt_req(req); -- - if (status != 0) { - error("Read External Report Reference descriptor failed: %s", - att_ecode2str(status)); -- return; -+ goto remove; - } - - if (plen != 3) { - error("Malformed ATT read response"); -- return; -+ goto remove; - } - - uuid16 = get_le16(&pdu[1]); -@@ -624,11 +656,14 @@ static void external_report_reference_cb(guint8 status, const guint8 *pdu, - - /* Do not discover if is not a Report */ - if (uuid16 != HOG_REPORT_UUID) -- return; -+ goto remove; - - bt_uuid16_create(&uuid, uuid16); - discover_char(hog, hog->attrib, 0x0001, 0xffff, &uuid, - external_service_char_cb, hog); -+ -+remove: -+ remove_gatt_req(req, status); - } - - static int report_cmp(gconstpointer a, gconstpointer b) -@@ -687,12 +722,10 @@ static void output_written_cb(guint8 status, const guint8 *pdu, - { - struct gatt_request *req = user_data; - -- destroy_gatt_req(req); -- -- if (status != 0) { -+ if (status != 0) - error("Write output report failed: %s", att_ecode2str(status)); -- return; -- } -+ -+ remove_gatt_req(req, status); - } - - static void forward_report(struct uhid_event *ev, void *user_data) -@@ -1056,7 +1089,7 @@ static void report_map_read_cb(guint8 status, const guint8 *pdu, guint16 plen, - uint8_t value[HOG_REPORT_MAP_MAX_SIZE]; - ssize_t vlen; - -- destroy_gatt_req(req); -+ remove_gatt_req(req, status); - - DBG("HoG inspecting report map"); - -@@ -1081,6 +1114,19 @@ static void report_map_read_cb(guint8 status, const guint8 *pdu, guint16 plen, - } - } - -+static void read_report_map(struct bt_hog *hog) -+{ -+ uint16_t handle; -+ -+ if (!hog->report_map_attr || hog->uhid_created || hog->report_map_id) -+ return; -+ -+ handle = gatt_db_attribute_get_handle(hog->report_map_attr); -+ -+ hog->report_map_id = read_char(hog, hog->attrib, handle, -+ report_map_read_cb, hog); -+} -+ - static void info_read_cb(guint8 status, const guint8 *pdu, guint16 plen, - gpointer user_data) - { -@@ -1089,18 +1135,16 @@ static void info_read_cb(guint8 status, const guint8 *pdu, guint16 plen, - uint8_t value[HID_INFO_SIZE]; - ssize_t vlen; - -- destroy_gatt_req(req); -- - if (status != 0) { - error("HID Information read failed: %s", - att_ecode2str(status)); -- return; -+ goto remove; - } - - vlen = dec_read_resp(pdu, plen, value, sizeof(value)); - if (vlen != 4) { - error("ATT protocol error"); -- return; -+ goto remove; - } - - hog->bcdhid = get_le16(&value[0]); -@@ -1109,6 +1153,9 @@ static void info_read_cb(guint8 status, const guint8 *pdu, guint16 plen, - - DBG("bcdHID: 0x%04X bCountryCode: 0x%02X Flags: 0x%02X", - hog->bcdhid, hog->bcountrycode, hog->flags); -+ -+remove: -+ remove_gatt_req(req, status); - } - - static void proto_mode_read_cb(guint8 status, const guint8 *pdu, guint16 plen, -@@ -1119,18 +1166,16 @@ static void proto_mode_read_cb(guint8 status, const guint8 *pdu, guint16 plen, - uint8_t value; - ssize_t vlen; - -- destroy_gatt_req(req); -- - if (status != 0) { - error("Protocol Mode characteristic read failed: %s", - att_ecode2str(status)); -- return; -+ goto remove; - } - - vlen = dec_read_resp(pdu, plen, &value, sizeof(value)); - if (vlen < 0) { - error("ATT protocol error"); -- return; -+ goto remove; - } - - if (value == HOG_PROTO_MODE_BOOT) { -@@ -1142,6 +1187,9 @@ static void proto_mode_read_cb(guint8 status, const guint8 *pdu, guint16 plen, - sizeof(nval), NULL, NULL); - } else if (value == HOG_PROTO_MODE_REPORT) - DBG("HoG is operating in Report Protocol Mode"); -+ -+remove: -+ remove_gatt_req(req, status); - } - - static void char_discovered_cb(uint8_t status, GSList *chars, void *user_data) -@@ -1155,14 +1203,12 @@ static void char_discovered_cb(uint8_t status, GSList *chars, void *user_data) - GSList *l; - uint16_t info_handle = 0, proto_mode_handle = 0; - -- destroy_gatt_req(req); -- - DBG("HoG inspecting characteristics"); - - if (status != 0) { -- const char *str = att_ecode2str(status); -- DBG("Discover all characteristics failed: %s", str); -- return; -+ DBG("Discover all characteristics failed: %s", -+ att_ecode2str(status)); -+ goto remove; - } - - bt_uuid16_create(&report_uuid, HOG_REPORT_UUID); -@@ -1211,6 +1257,9 @@ static void char_discovered_cb(uint8_t status, GSList *chars, void *user_data) - - if (info_handle) - read_char(hog, hog->attrib, info_handle, info_read_cb, hog); -+ -+remove: -+ remove_gatt_req(req, status); - } - - static void report_free(void *data) -@@ -1221,10 +1270,12 @@ static void report_free(void *data) - g_free(report); - } - --static void cancel_gatt_req(struct gatt_request *req) -+static bool cancel_gatt_req(const void *data, const void *user_data) - { -- if (g_attrib_cancel(req->hog->attrib, req->id)) -- destroy_gatt_req(req); -+ struct gatt_request *req = (void *) data; -+ const struct bt_hog *hog = user_data; -+ -+ return g_attrib_cancel(hog->attrib, req->id); - } - - static void hog_free(void *data) -@@ -1386,13 +1437,9 @@ static void foreach_hog_chrc(struct gatt_db_attribute *attr, void *user_data) - * UHID to optimize reconnection. - */ - uhid_create(hog, report_map.value, report_map.length); -- } else { -- read_char(hog, hog->attrib, value_handle, -- report_map_read_cb, hog); - } - - gatt_db_service_foreach_desc(attr, foreach_hog_external, hog); -- return; - } - - bt_uuid16_create(&info_uuid, HOG_INFO_UUID); -@@ -1552,12 +1599,9 @@ static void find_included_cb(uint8_t status, GSList *services, void *user_data) - - DBG(""); - -- destroy_gatt_req(req); -- - if (status) { -- const char *str = att_ecode2str(status); -- DBG("Find included failed: %s", str); -- return; -+ DBG("Find included failed: %s", att_ecode2str(status)); -+ goto remove; - } - - for (l = services; l; l = l->next) { -@@ -1566,6 +1610,9 @@ static void find_included_cb(uint8_t status, GSList *services, void *user_data) - DBG("included: handle %x, uuid %s", - include->handle, include->uuid); - } -+ -+remove: -+ remove_gatt_req(req, status); - } - - static void hog_attach_scpp(struct bt_hog *hog, struct gatt_primary *primary) -@@ -1640,17 +1687,14 @@ static void primary_cb(uint8_t status, GSList *services, void *user_data) - - DBG(""); - -- destroy_gatt_req(req); -- - if (status) { -- const char *str = att_ecode2str(status); -- DBG("Discover primary failed: %s", str); -- return; -+ DBG("Discover primary failed: %s", att_ecode2str(status)); -+ goto remove; - } - - if (!services) { - DBG("No primary service found"); -- return; -+ goto remove; - } - - for (l = services; l; l = l->next) { -@@ -1674,6 +1718,9 @@ static void primary_cb(uint8_t status, GSList *services, void *user_data) - if (strcmp(primary->uuid, HOG_UUID) == 0) - hog_attach_hog(hog, primary); - } -+ -+remove: -+ remove_gatt_req(req, status); - } - - bool bt_hog_attach(struct bt_hog *hog, void *gatt) -@@ -1790,7 +1837,7 @@ void bt_hog_detach(struct bt_hog *hog) - if (hog->dis) - bt_dis_detach(hog->dis); - -- queue_foreach(hog->gatt_op, (void *) cancel_gatt_req, NULL); -+ queue_remove_all(hog->gatt_op, cancel_gatt_req, hog, destroy_gatt_req); - g_attrib_unref(hog->attrib); - hog->attrib = NULL; - uhid_destroy(hog); --- -2.34.1 - diff --git a/0002-Use-g_memdup2-everywhere.patch b/0002-Use-g_memdup2-everywhere.patch deleted file mode 100644 index 20cbe6d..0000000 --- a/0002-Use-g_memdup2-everywhere.patch +++ /dev/null @@ -1,997 +0,0 @@ -From 393a58bbe5174123ee9d52c03a75b08219642024 Mon Sep 17 00:00:00 2001 -From: Benjamin Berg -Date: Mon, 3 May 2021 15:06:36 +0200 -Subject: [PATCH] Use g_memdup2 everywhere - ---- - android/a2dp.c | 8 ++--- - android/avctp.c | 4 +-- - android/avrcp-lib.c | 2 +- - android/gatt.c | 4 +-- - android/hidhost.c | 2 +- - android/tester-main.c | 70 +++++++++++++++++++------------------- - attrib/gatt.c | 6 ++-- - client/gatt.c | 2 +- - gobex/gobex-header.c | 4 +-- - gobex/gobex-packet.c | 2 +- - obexd/src/obex.c | 2 +- - plugins/neard.c | 6 ++-- - plugins/policy.c | 4 +-- - profiles/audio/avctp.c | 4 +-- - profiles/audio/avrcp.c | 6 ++-- - profiles/battery/bas.c | 2 +- - profiles/battery/battery.c | 2 +- - profiles/deviceinfo/dis.c | 2 +- - profiles/input/hog-lib.c | 6 ++-- - profiles/scanparam/scpp.c | 2 +- - src/attrib-server.c | 2 +- - src/eir.c | 4 +-- - tools/gatt-service.c | 6 ++-- - tools/mesh-gatt/gatt.c | 2 +- - unit/test-avctp.c | 4 +-- - unit/test-avdtp.c | 6 ++-- - unit/test-avrcp.c | 10 +++--- - unit/test-gatt.c | 4 +-- - unit/test-hfp.c | 10 +++--- - unit/test-hog.c | 4 +-- - unit/test-sdp.c | 8 ++--- - unit/test-uhid.c | 2 +- - 32 files changed, 101 insertions(+), 101 deletions(-) - -diff --git a/android/a2dp.c b/android/a2dp.c -index e24f793..1d9538a 100644 ---- a/android/a2dp.c -+++ b/android/a2dp.c -@@ -428,7 +428,7 @@ static struct a2dp_preset *sbc_select_range(void *caps, uint8_t caps_len, - - p = g_new0(struct a2dp_preset, 1); - p->len = conf_len; -- p->data = g_memdup(conf, p->len); -+ p->data = g_memdup2(conf, p->len); - - return p; - } -@@ -448,7 +448,7 @@ static struct a2dp_preset *aac_select_range(void *caps, uint8_t caps_len, - - p = g_new0(struct a2dp_preset, 1); - p->len = conf_len; -- p->data = g_memdup(conf, p->len); -+ p->data = g_memdup2(conf, p->len); - - return p; - } -@@ -1036,7 +1036,7 @@ static gboolean sep_setconf_ind(struct avdtp *session, - - preset = g_new0(struct a2dp_preset, 1); - preset->len = cap->length - sizeof(*codec); -- preset->data = g_memdup(codec->data, preset->len); -+ preset->data = g_memdup2(codec->data, preset->len); - - if (check_config(endpoint, preset) < 0) { - preset_free(preset); -@@ -1365,7 +1365,7 @@ static GSList *parse_presets(const struct audio_preset *p, uint8_t count, - - preset = g_new0(struct a2dp_preset, 1); - preset->len = p->len; -- preset->data = g_memdup(p->data, preset->len); -+ preset->data = g_memdup2(p->data, preset->len); - l = g_slist_append(l, preset); - - len -= preset->len; -diff --git a/android/avctp.c b/android/avctp.c -index c2ea5f4..d1b8fe3 100644 ---- a/android/avctp.c -+++ b/android/avctp.c -@@ -1179,7 +1179,7 @@ static int avctp_send_req(struct avctp *session, uint8_t code, uint8_t subunit, - - for (i = 0; i < iov_cnt; i++) { - pdu[i].iov_len = iov[i].iov_len; -- pdu[i].iov_base = g_memdup(iov[i].iov_base, iov[i].iov_len); -+ pdu[i].iov_base = g_memdup2(iov[i].iov_base, iov[i].iov_len); - } - - req = g_new0(struct avctp_control_req, 1); -@@ -1220,7 +1220,7 @@ int avctp_send_browsing_req(struct avctp *session, - - for (i = 0; i < iov_cnt; i++) { - pdu[i].iov_len = iov[i].iov_len; -- pdu[i].iov_base = g_memdup(iov[i].iov_base, iov[i].iov_len); -+ pdu[i].iov_base = g_memdup2(iov[i].iov_base, iov[i].iov_len); - } - - req = g_new0(struct avctp_browsing_req, 1); -diff --git a/android/avrcp-lib.c b/android/avrcp-lib.c -index 2007d09..ededdcf 100644 ---- a/android/avrcp-lib.c -+++ b/android/avrcp-lib.c -@@ -2620,7 +2620,7 @@ static char *parse_folder_list(uint8_t *params, uint16_t params_len, - return NULL; - } - -- folders[count] = g_memdup(¶ms[i], len); -+ folders[count] = g_memdup2(¶ms[i], len); - i += len; - } - -diff --git a/android/gatt.c b/android/gatt.c -index a8a0c48..6e8c431 100644 ---- a/android/gatt.c -+++ b/android/gatt.c -@@ -1338,7 +1338,7 @@ static void discover_primary_cb(uint8_t status, GSList *services, - } - - bt_uuid_to_uuid128(&uuid, &u128); -- new_uuid = g_memdup(&u128.value.u128, sizeof(u128.value.u128)); -+ new_uuid = g_memdup2(&u128.value.u128, sizeof(u128.value.u128)); - - uuids = g_slist_prepend(uuids, new_uuid); - } -@@ -6633,7 +6633,7 @@ static uint8_t write_prep_request(const uint8_t *cmd, uint16_t cmd_len, - - queue_push_tail(dev->pending_requests, data); - -- data->value = g_memdup(value, vlen); -+ data->value = g_memdup2(value, vlen); - data->length = vlen; - - if (!gatt_db_attribute_write(attrib, offset, value, vlen, cmd[0], -diff --git a/android/hidhost.c b/android/hidhost.c -index 016382e..6f0ec85 100644 ---- a/android/hidhost.c -+++ b/android/hidhost.c -@@ -689,7 +689,7 @@ static void hid_sdp_search_cb(sdp_list_t *recs, int err, gpointer data) - goto fail; - - dev->rd_size = data->unitSize; -- dev->rd_data = g_memdup(data->val.str, data->unitSize); -+ dev->rd_data = g_memdup2(data->val.str, data->unitSize); - } - } - -diff --git a/android/tester-main.c b/android/tester-main.c -index 2bfa770..c09bc0a 100644 ---- a/android/tester-main.c -+++ b/android/tester-main.c -@@ -1253,7 +1253,7 @@ static bt_property_t *copy_properties(int num_properties, - for (i = 0; i < num_properties; i++) { - props[i].type = properties[i].type; - props[i].len = properties[i].len; -- props[i].val = g_memdup(properties[i].val, properties[i].len); -+ props[i].val = g_memdup2(properties[i].val, properties[i].len); - } - - return props; -@@ -1268,7 +1268,7 @@ static bt_property_t *repack_properties(int num_properties, - for (i = 0; i < num_properties; i++) { - props[i].type = properties[i]->type; - props[i].len = properties[i]->len; -- props[i].val = g_memdup(properties[i]->val, properties[i]->len); -+ props[i].val = g_memdup2(properties[i]->val, properties[i]->len); - } - - return props; -@@ -1281,7 +1281,7 @@ static bt_property_t *create_property(bt_property_type_t type, void *val, - - prop->type = type; - prop->len = len; -- prop->val = g_memdup(val, len); -+ prop->val = g_memdup2(val, len); - - return prop; - } -@@ -1615,7 +1615,7 @@ static void gattc_search_result_cb(int conn_id, btgatt_srvc_id_t *srvc_id) - - step->callback = CB_GATTC_SEARCH_RESULT; - step->callback_result.conn_id = conn_id; -- step->callback_result.service = g_memdup(srvc_id, sizeof(*srvc_id)); -+ step->callback_result.service = g_memdup2(srvc_id, sizeof(*srvc_id)); - - schedule_callback_verification(step); - } -@@ -1639,8 +1639,8 @@ static void gattc_get_characteristic_cb(int conn_id, int status, - step->callback = CB_GATTC_GET_CHARACTERISTIC; - step->callback_result.status = status; - step->callback_result.conn_id = conn_id; -- step->callback_result.service = g_memdup(srvc_id, sizeof(*srvc_id)); -- step->callback_result.characteristic = g_memdup(char_id, -+ step->callback_result.service = g_memdup2(srvc_id, sizeof(*srvc_id)); -+ step->callback_result.characteristic = g_memdup2(char_id, - sizeof(*char_id)); - step->callback_result.char_prop = char_prop; - -@@ -1656,10 +1656,10 @@ static void gattc_get_descriptor_cb(int conn_id, int status, - step->callback = CB_GATTC_GET_DESCRIPTOR; - step->callback_result.status = status; - step->callback_result.conn_id = conn_id; -- step->callback_result.service = g_memdup(srvc_id, sizeof(*srvc_id)); -- step->callback_result.characteristic = g_memdup(char_id, -+ step->callback_result.service = g_memdup2(srvc_id, sizeof(*srvc_id)); -+ step->callback_result.characteristic = g_memdup2(char_id, - sizeof(*char_id)); -- step->callback_result.descriptor = g_memdup(descr_id, -+ step->callback_result.descriptor = g_memdup2(descr_id, - sizeof(*descr_id)); - - schedule_callback_verification(step); -@@ -1673,8 +1673,8 @@ static void gattc_get_included_service_cb(int conn_id, int status, - step->callback = CB_GATTC_GET_INCLUDED_SERVICE; - step->callback_result.status = status; - step->callback_result.conn_id = conn_id; -- step->callback_result.service = g_memdup(srvc_id, sizeof(*srvc_id)); -- step->callback_result.included = g_memdup(incl_srvc_id, -+ step->callback_result.service = g_memdup2(srvc_id, sizeof(*srvc_id)); -+ step->callback_result.included = g_memdup2(incl_srvc_id, - sizeof(*srvc_id)); - - schedule_callback_verification(step); -@@ -1688,7 +1688,7 @@ static void gattc_read_characteristic_cb(int conn_id, int status, - step->callback = CB_GATTC_READ_CHARACTERISTIC; - step->callback_result.status = status; - step->callback_result.conn_id = conn_id; -- step->callback_result.read_params = g_memdup(p_data, sizeof(*p_data)); -+ step->callback_result.read_params = g_memdup2(p_data, sizeof(*p_data)); - - schedule_callback_verification(step); - } -@@ -1701,7 +1701,7 @@ static void gattc_read_descriptor_cb(int conn_id, int status, - step->callback = CB_GATTC_READ_DESCRIPTOR; - step->callback_result.status = status; - step->callback_result.conn_id = conn_id; -- step->callback_result.read_params = g_memdup(p_data, sizeof(*p_data)); -+ step->callback_result.read_params = g_memdup2(p_data, sizeof(*p_data)); - - schedule_callback_verification(step); - } -@@ -1714,7 +1714,7 @@ static void gattc_write_characteristic_cb(int conn_id, int status, - step->callback = CB_GATTC_WRITE_CHARACTERISTIC; - step->callback_result.status = status; - step->callback_result.conn_id = conn_id; -- step->callback_result.write_params = g_memdup(p_data, sizeof(*p_data)); -+ step->callback_result.write_params = g_memdup2(p_data, sizeof(*p_data)); - - schedule_callback_verification(step); - } -@@ -1727,7 +1727,7 @@ static void gattc_write_descriptor_cb(int conn_id, int status, - step->callback = CB_GATTC_WRITE_DESCRIPTOR; - step->callback_result.status = status; - step->callback_result.conn_id = conn_id; -- step->callback_result.write_params = g_memdup(p_data, sizeof(*p_data)); -+ step->callback_result.write_params = g_memdup2(p_data, sizeof(*p_data)); - - schedule_callback_verification(step); - } -@@ -1742,8 +1742,8 @@ static void gattc_register_for_notification_cb(int conn_id, int registered, - step->callback = CB_GATTC_REGISTER_FOR_NOTIFICATION; - step->callback_result.status = status; - step->callback_result.conn_id = conn_id; -- step->callback_result.service = g_memdup(srvc_id, sizeof(*srvc_id)); -- step->callback_result.characteristic = g_memdup(char_id, -+ step->callback_result.service = g_memdup2(srvc_id, sizeof(*srvc_id)); -+ step->callback_result.characteristic = g_memdup2(char_id, - sizeof(*char_id)); - step->callback_result.notification_registered = registered; - -@@ -1756,7 +1756,7 @@ static void gattc_notif_cb(int conn_id, btgatt_notify_params_t *p_data) - - step->callback = CB_GATTC_NOTIFY; - step->callback_result.conn_id = conn_id; -- step->callback_result.notify_params = g_memdup(p_data, sizeof(*p_data)); -+ step->callback_result.notify_params = g_memdup2(p_data, sizeof(*p_data)); - - schedule_callback_verification(step); - } -@@ -1827,8 +1827,8 @@ static void gatts_service_added_cb(int status, int server_if, - - step->callback_result.status = status; - step->callback_result.gatt_app_id = server_if; -- step->callback_result.service = g_memdup(srvc_id, sizeof(*srvc_id)); -- step->callback_result.srvc_handle = g_memdup(&srvc_handle, -+ step->callback_result.service = g_memdup2(srvc_id, sizeof(*srvc_id)); -+ step->callback_result.srvc_handle = g_memdup2(&srvc_handle, - sizeof(srvc_handle)); - - schedule_callback_verification(step); -@@ -1844,9 +1844,9 @@ static void gatts_included_service_added_cb(int status, int server_if, - - step->callback_result.status = status; - step->callback_result.gatt_app_id = server_if; -- step->callback_result.srvc_handle = g_memdup(&srvc_handle, -+ step->callback_result.srvc_handle = g_memdup2(&srvc_handle, - sizeof(srvc_handle)); -- step->callback_result.inc_srvc_handle = g_memdup(&inc_srvc_handle, -+ step->callback_result.inc_srvc_handle = g_memdup2(&inc_srvc_handle, - sizeof(inc_srvc_handle)); - - schedule_callback_verification(step); -@@ -1863,10 +1863,10 @@ static void gatts_characteristic_added_cb(int status, int server_if, - - step->callback_result.status = status; - step->callback_result.gatt_app_id = server_if; -- step->callback_result.srvc_handle = g_memdup(&srvc_handle, -+ step->callback_result.srvc_handle = g_memdup2(&srvc_handle, - sizeof(srvc_handle)); -- step->callback_result.uuid = g_memdup(uuid, sizeof(*uuid)); -- step->callback_result.char_handle = g_memdup(&char_handle, -+ step->callback_result.uuid = g_memdup2(uuid, sizeof(*uuid)); -+ step->callback_result.char_handle = g_memdup2(&char_handle, - sizeof(char_handle)); - - schedule_callback_verification(step); -@@ -1883,10 +1883,10 @@ static void gatts_descriptor_added_cb(int status, int server_if, - - step->callback_result.status = status; - step->callback_result.gatt_app_id = server_if; -- step->callback_result.srvc_handle = g_memdup(&srvc_handle, -+ step->callback_result.srvc_handle = g_memdup2(&srvc_handle, - sizeof(srvc_handle)); -- step->callback_result.uuid = g_memdup(uuid, sizeof(*uuid)); -- step->callback_result.desc_handle = g_memdup(&desc_handle, -+ step->callback_result.uuid = g_memdup2(uuid, sizeof(*uuid)); -+ step->callback_result.desc_handle = g_memdup2(&desc_handle, - sizeof(desc_handle)); - - schedule_callback_verification(step); -@@ -1900,7 +1900,7 @@ static void gatts_service_started_cb(int status, int server_if, int srvc_handle) - - step->callback_result.status = status; - step->callback_result.gatt_app_id = server_if; -- step->callback_result.srvc_handle = g_memdup(&srvc_handle, -+ step->callback_result.srvc_handle = g_memdup2(&srvc_handle, - sizeof(srvc_handle)); - - schedule_callback_verification(step); -@@ -1914,7 +1914,7 @@ static void gatts_service_stopped_cb(int status, int server_if, int srvc_handle) - - step->callback_result.status = status; - step->callback_result.gatt_app_id = server_if; -- step->callback_result.srvc_handle = g_memdup(&srvc_handle, -+ step->callback_result.srvc_handle = g_memdup2(&srvc_handle, - sizeof(srvc_handle)); - - schedule_callback_verification(step); -@@ -1928,7 +1928,7 @@ static void gatts_service_deleted_cb(int status, int server_if, int srvc_handle) - - step->callback_result.status = status; - step->callback_result.gatt_app_id = server_if; -- step->callback_result.srvc_handle = g_memdup(&srvc_handle, -+ step->callback_result.srvc_handle = g_memdup2(&srvc_handle, - sizeof(srvc_handle)); - - schedule_callback_verification(step); -@@ -1945,7 +1945,7 @@ static void gatts_request_read_cb(int conn_id, int trans_id, bt_bdaddr_t *bda, - - step->callback_result.conn_id = conn_id; - step->callback_result.trans_id = trans_id; -- step->callback_result.attr_handle = g_memdup(&attr_handle, -+ step->callback_result.attr_handle = g_memdup2(&attr_handle, - sizeof(attr_handle)); - step->callback_result.offset = offset; - step->callback_result.is_long = is_long; -@@ -1974,13 +1974,13 @@ static void gatts_request_write_cb(int conn_id, int trans_id, bt_bdaddr_t *bda, - - step->callback_result.conn_id = conn_id; - step->callback_result.trans_id = trans_id; -- step->callback_result.attr_handle = g_memdup(&attr_handle, -+ step->callback_result.attr_handle = g_memdup2(&attr_handle, - sizeof(attr_handle)); - step->callback_result.offset = offset; - step->callback_result.length = length; - step->callback_result.need_rsp = need_rsp; - step->callback_result.is_prep = is_prep; -- step->callback_result.value = g_memdup(&value, length); -+ step->callback_result.value = g_memdup2(&value, length); - - /* Utilize property verification mechanism for bdaddr */ - props[0] = create_property(BT_PROPERTY_BDADDR, bda, sizeof(*bda)); -@@ -2169,7 +2169,7 @@ static btmce_mas_instance_t *copy_mas_instances(int num_instances, - inst[i].id = instances[i].id; - inst[i].scn = instances[i].scn; - inst[i].msg_types = instances[i].msg_types; -- inst[i].p_name = g_memdup(instances[i].p_name, -+ inst[i].p_name = g_memdup2(instances[i].p_name, - strlen(instances[i].p_name)); - } - -diff --git a/attrib/gatt.c b/attrib/gatt.c -index 46b2ca3..1f30764 100644 ---- a/attrib/gatt.c -+++ b/attrib/gatt.c -@@ -696,7 +696,7 @@ guint gatt_discover_char(GAttrib *attrib, uint16_t start, uint16_t end, - dc->user_data = user_data; - dc->end = end; - dc->start = start; -- dc->uuid = g_memdup(uuid, sizeof(bt_uuid_t)); -+ dc->uuid = g_memdup2(uuid, sizeof(bt_uuid_t)); - - dc->id = g_attrib_send(attrib, 0, buf, plen, char_discovered_cb, - discover_char_ref(dc), discover_char_unref); -@@ -964,7 +964,7 @@ guint gatt_write_char(GAttrib *attrib, uint16_t handle, const uint8_t *value, - long_write->func = func; - long_write->user_data = user_data; - long_write->handle = handle; -- long_write->value = g_memdup(value, vlen); -+ long_write->value = g_memdup2(value, vlen); - long_write->vlen = vlen; - - return prepare_write(long_write); -@@ -1130,7 +1130,7 @@ guint gatt_discover_desc(GAttrib *attrib, uint16_t start, uint16_t end, - dd->user_data = user_data; - dd->start = start; - dd->end = end; -- dd->uuid = g_memdup(uuid, sizeof(bt_uuid_t)); -+ dd->uuid = g_memdup2(uuid, sizeof(bt_uuid_t)); - - dd->id = g_attrib_send(attrib, 0, buf, plen, desc_discovered_cb, - discover_desc_ref(dd), discover_desc_unref); -diff --git a/client/gatt.c b/client/gatt.c -index 21fd38e..d302183 100644 ---- a/client/gatt.c -+++ b/client/gatt.c -@@ -790,7 +790,7 @@ static uint8_t *str2bytearray(char *arg, size_t *val_len) - - *val_len = i; - -- return g_memdup(value, i); -+ return g_memdup2(value, i); - } - - void gatt_write_attribute(GDBusProxy *proxy, int argc, char *argv[]) -diff --git a/gobex/gobex-header.c b/gobex/gobex-header.c -index 011d33d..c56be2f 100644 ---- a/gobex/gobex-header.c -+++ b/gobex/gobex-header.c -@@ -222,7 +222,7 @@ GObexHeader *g_obex_header_decode(const void *data, gsize len, - - switch (data_policy) { - case G_OBEX_DATA_COPY: -- header->v.data = g_memdup(ptr, header->vlen); -+ header->v.data = g_memdup2(ptr, header->vlen); - break; - case G_OBEX_DATA_REF: - header->extdata = TRUE; -@@ -410,7 +410,7 @@ GObexHeader *g_obex_header_new_bytes(guint8 id, const void *data, gsize len) - header->id = id; - header->vlen = len; - header->hlen = len + 3; -- header->v.data = g_memdup(data, len); -+ header->v.data = g_memdup2(data, len); - - return header; - } -diff --git a/gobex/gobex-packet.c b/gobex/gobex-packet.c -index 11937a5..18da6ea 100644 ---- a/gobex/gobex-packet.c -+++ b/gobex/gobex-packet.c -@@ -201,7 +201,7 @@ gboolean g_obex_packet_set_data(GObexPacket *pkt, const void *data, gsize len, - - switch (data_policy) { - case G_OBEX_DATA_COPY: -- pkt->data.buf = g_memdup(data, len); -+ pkt->data.buf = g_memdup2(data, len); - break; - case G_OBEX_DATA_REF: - pkt->data.buf_ref = data; -diff --git a/obexd/src/obex.c b/obexd/src/obex.c -index 9f992ec..151d956 100644 ---- a/obexd/src/obex.c -+++ b/obexd/src/obex.c -@@ -594,7 +594,7 @@ static void parse_apparam(struct obex_session *os, GObexPacket *req) - if (!g_obex_header_get_bytes(hdr, &apparam, &len)) - return; - -- os->apparam = g_memdup(apparam, len); -+ os->apparam = g_memdup2(apparam, len); - os->apparam_len = len; - DBG("APPARAM"); - } -diff --git a/plugins/neard.c b/plugins/neard.c -index e07b511..a806bb7 100644 ---- a/plugins/neard.c -+++ b/plugins/neard.c -@@ -407,10 +407,10 @@ static int process_nokia_long (void *data, size_t size, uint8_t marker, - remote->name = g_strndup((char *)n->name, n->name_len); - - if (marker == 0x01) { -- remote->pin = g_memdup(n->authentication, 4); -+ remote->pin = g_memdup2(n->authentication, 4); - remote->pin_len = 4; - } else if (marker == 0x02) { -- remote->pin = g_memdup(n->authentication, 16); -+ remote->pin = g_memdup2(n->authentication, 16); - remote->pin_len = 16; - } - -@@ -439,7 +439,7 @@ static int process_nokia_short (void *data, size_t size, - if (n->name_len > 0) - remote->name = g_strndup((char *)n->name, n->name_len); - -- remote->pin = g_memdup(n->authentication, 4); -+ remote->pin = g_memdup2(n->authentication, 4); - remote->pin_len = 4; - - return 0; -diff --git a/plugins/policy.c b/plugins/policy.c -index bf93df0..79943fc 100644 ---- a/plugins/policy.c -+++ b/plugins/policy.c -@@ -855,7 +855,7 @@ static int policy_init(void) - reconnect_attempts = default_attempts; - reconnect_intervals_len = sizeof(default_intervals) / - sizeof(*reconnect_intervals); -- reconnect_intervals = g_memdup(default_intervals, -+ reconnect_intervals = g_memdup2(default_intervals, - sizeof(default_intervals)); - goto done; - } -@@ -886,7 +886,7 @@ static int policy_init(void) - g_clear_error(&gerr); - reconnect_intervals_len = sizeof(default_intervals) / - sizeof(*reconnect_intervals); -- reconnect_intervals = g_memdup(default_intervals, -+ reconnect_intervals = g_memdup2(default_intervals, - sizeof(default_intervals)); - } - -diff --git a/profiles/audio/avctp.c b/profiles/audio/avctp.c -index 50de336..2733a76 100644 ---- a/profiles/audio/avctp.c -+++ b/profiles/audio/avctp.c -@@ -1731,7 +1731,7 @@ static int avctp_send_req(struct avctp *session, uint8_t code, - req->subunit = subunit; - req->op = opcode; - req->func = func; -- req->operands = g_memdup(operands, operand_count); -+ req->operands = g_memdup2(operands, operand_count); - req->operand_count = operand_count; - req->user_data = user_data; - -@@ -1769,7 +1769,7 @@ int avctp_send_browsing_req(struct avctp *session, - - req = g_new0(struct avctp_browsing_req, 1); - req->func = func; -- req->operands = g_memdup(operands, operand_count); -+ req->operands = g_memdup2(operands, operand_count); - req->operand_count = operand_count; - req->user_data = user_data; - -diff --git a/profiles/audio/avrcp.c b/profiles/audio/avrcp.c -index 05dd791..e23228d 100644 ---- a/profiles/audio/avrcp.c -+++ b/profiles/audio/avrcp.c -@@ -1297,7 +1297,7 @@ static uint8_t avrcp_handle_get_current_player_value(struct avrcp *session, - * Save a copy of requested settings because we can override them - * while responding - */ -- settings = g_memdup(&pdu->params[1], pdu->params[0]); -+ settings = g_memdup2(&pdu->params[1], pdu->params[0]); - len = 0; - - /* -@@ -2786,7 +2786,7 @@ static gboolean avrcp_set_browsed_player_rsp(struct avctp *conn, - break; - } - -- folders[count] = g_memdup(&pdu->params[i], len); -+ folders[count] = g_memdup2(&pdu->params[i], len); - i += len; - } - -@@ -2873,7 +2873,7 @@ static void avrcp_player_parse_features(struct avrcp_player *player, - { - struct media_player *mp = player->user_data; - -- player->features = g_memdup(features, 16); -+ player->features = g_memdup2(features, 16); - - if (features[7] & 0x08) { - media_player_set_browsable(mp, true); -diff --git a/profiles/battery/bas.c b/profiles/battery/bas.c -index 3c6173b..b223fbe 100644 ---- a/profiles/battery/bas.c -+++ b/profiles/battery/bas.c -@@ -75,7 +75,7 @@ struct bt_bas *bt_bas_new(void *primary) - bas->gatt_op = queue_new(); - - if (primary) -- bas->primary = g_memdup(primary, sizeof(*bas->primary)); -+ bas->primary = g_memdup2(primary, sizeof(*bas->primary)); - - return bt_bas_ref(bas); - } -diff --git a/profiles/battery/battery.c b/profiles/battery/battery.c -index 176d127..3b5aa5c 100644 ---- a/profiles/battery/battery.c -+++ b/profiles/battery/battery.c -@@ -159,7 +159,7 @@ static void read_initial_battery_level_cb(bool success, - if (!length) - return; - -- batt->initial_value = g_memdup(value, length); -+ batt->initial_value = g_memdup2(value, length); - - /* request notify */ - batt->batt_level_cb_id = -diff --git a/profiles/deviceinfo/dis.c b/profiles/deviceinfo/dis.c -index 87fa633..79d98c3 100644 ---- a/profiles/deviceinfo/dis.c -+++ b/profiles/deviceinfo/dis.c -@@ -143,7 +143,7 @@ struct bt_dis *bt_dis_new_primary(void *primary) - dis->gatt_op = queue_new(); - - if (primary) -- dis->primary = g_memdup(primary, sizeof(*dis->primary)); -+ dis->primary = g_memdup2(primary, sizeof(*dis->primary)); - - return bt_dis_ref(dis); - } -diff --git a/profiles/input/hog-lib.c b/profiles/input/hog-lib.c -index e5e3d3e..3652bdf 100644 ---- a/profiles/input/hog-lib.c -+++ b/profiles/input/hog-lib.c -@@ -514,7 +514,7 @@ static void report_read_cb(guint8 status, const guint8 *pdu, guint16 len, - if (report->value) - g_free(report->value); - -- report->value = g_memdup(pdu, len); -+ report->value = g_memdup2(pdu, len); - report->len = len; - } - -@@ -1595,7 +1595,7 @@ static void hog_attach_hog(struct bt_hog *hog, struct gatt_primary *primary) - struct bt_hog *instance; - - if (!hog->primary) { -- hog->primary = g_memdup(primary, sizeof(*primary)); -+ hog->primary = g_memdup2(primary, sizeof(*primary)); - discover_char(hog, hog->attrib, primary->range.start, - primary->range.end, NULL, - char_discovered_cb, hog); -@@ -1609,7 +1609,7 @@ static void hog_attach_hog(struct bt_hog *hog, struct gatt_primary *primary) - if (!instance) - return; - -- instance->primary = g_memdup(primary, sizeof(*primary)); -+ instance->primary = g_memdup2(primary, sizeof(*primary)); - find_included(instance, hog->attrib, primary->range.start, - primary->range.end, find_included_cb, instance); - -diff --git a/profiles/scanparam/scpp.c b/profiles/scanparam/scpp.c -index da38a6a..1134360 100644 ---- a/profiles/scanparam/scpp.c -+++ b/profiles/scanparam/scpp.c -@@ -110,7 +110,7 @@ struct bt_scpp *bt_scpp_new(void *primary) - scan->gatt_op = queue_new(); - - if (primary) -- scan->primary = g_memdup(primary, sizeof(*scan->primary)); -+ scan->primary = g_memdup2(primary, sizeof(*scan->primary)); - - return bt_scpp_ref(scan); - } -diff --git a/src/attrib-server.c b/src/attrib-server.c -index 5a178f9..ce412c3 100644 ---- a/src/attrib-server.c -+++ b/src/attrib-server.c -@@ -339,7 +339,7 @@ static struct attribute *attrib_db_add_new(struct gatt_server *server, - - a = g_new0(struct attribute, 1); - a->len = len; -- a->data = g_memdup(value, len); -+ a->data = g_memdup2(value, len); - a->handle = handle; - a->uuid = *uuid; - a->read_req = read_req; -diff --git a/src/eir.c b/src/eir.c -index 0f5d14f..ceeb5f7 100644 ---- a/src/eir.c -+++ b/src/eir.c -@@ -323,13 +323,13 @@ void eir_parse(struct eir_data *eir, const uint8_t *eir_data, uint8_t eir_len) - case EIR_SSP_HASH: - if (data_len < 16) - break; -- eir->hash = g_memdup(data, 16); -+ eir->hash = g_memdup2(data, 16); - break; - - case EIR_SSP_RANDOMIZER: - if (data_len < 16) - break; -- eir->randomizer = g_memdup(data, 16); -+ eir->randomizer = g_memdup2(data, 16); - break; - - case EIR_DEVICE_ID: -diff --git a/tools/gatt-service.c b/tools/gatt-service.c -index 631c4f2..1e272a5 100644 ---- a/tools/gatt-service.c -+++ b/tools/gatt-service.c -@@ -127,7 +127,7 @@ static gboolean desc_get_value(const GDBusPropertyTable *property, - static void desc_write(struct descriptor *desc, const uint8_t *value, int len) - { - g_free(desc->value); -- desc->value = g_memdup(value, len); -+ desc->value = g_memdup2(value, len); - desc->vlen = len; - - g_dbus_emit_property_changed(connection, desc->path, -@@ -265,7 +265,7 @@ static gboolean chr_get_props(const GDBusPropertyTable *property, - static void chr_write(struct characteristic *chr, const uint8_t *value, int len) - { - g_free(chr->value); -- chr->value = g_memdup(value, len); -+ chr->value = g_memdup2(value, len); - chr->vlen = len; - - g_dbus_emit_property_changed(connection, chr->path, GATT_CHR_IFACE, -@@ -592,7 +592,7 @@ static gboolean register_characteristic(const char *chr_uuid, - - chr = g_new0(struct characteristic, 1); - chr->uuid = g_strdup(chr_uuid); -- chr->value = g_memdup(value, vlen); -+ chr->value = g_memdup2(value, vlen); - chr->vlen = vlen; - chr->props = props; - chr->service = g_strdup(service_path); -diff --git a/tools/mesh-gatt/gatt.c b/tools/mesh-gatt/gatt.c -index b99234f..d7685f0 100644 ---- a/tools/mesh-gatt/gatt.c -+++ b/tools/mesh-gatt/gatt.c -@@ -338,7 +338,7 @@ bool mesh_gatt_write(GDBusProxy *proxy, uint8_t *buf, uint16_t len, - /* TODO: should keep in queue in case we need to cancel write? */ - - data->gatt_len = len; -- data->gatt_data = g_memdup(buf, len); -+ data->gatt_data = g_memdup2(buf, len); - data->gatt_data[0] &= GATT_TYPE_MASK; - data->iov.iov_base = data->gatt_data; - data->iov.iov_len = len; -diff --git a/unit/test-avctp.c b/unit/test-avctp.c -index fa7db59..0bd138e 100644 ---- a/unit/test-avctp.c -+++ b/unit/test-avctp.c -@@ -53,7 +53,7 @@ struct context { - #define raw_pdu(args...) \ - { \ - .valid = true, \ -- .data = g_memdup(data(args), sizeof(data(args))), \ -+ .data = g_memdup2(data(args), sizeof(data(args))), \ - .size = sizeof(data(args)), \ - } - -@@ -64,7 +64,7 @@ struct context { - }; \ - static struct test_data data; \ - data.test_name = g_strdup(name); \ -- data.pdu_list = g_memdup(pdus, sizeof(pdus)); \ -+ data.pdu_list = g_memdup2(pdus, sizeof(pdus)); \ - tester_add(name, &data, NULL, function, NULL); \ - } while (0) - -diff --git a/unit/test-avdtp.c b/unit/test-avdtp.c -index f5340d6..d6fdd3d 100644 ---- a/unit/test-avdtp.c -+++ b/unit/test-avdtp.c -@@ -48,7 +48,7 @@ struct test_data { - #define raw_pdu(args...) \ - { \ - .valid = true, \ -- .data = g_memdup(data(args), sizeof(data(args))), \ -+ .data = g_memdup2(data(args), sizeof(data(args))), \ - .size = sizeof(data(args)), \ - } - -@@ -56,7 +56,7 @@ struct test_data { - { \ - .valid = true, \ - .fragmented = true, \ -- .data = g_memdup(data(args), sizeof(data(args))), \ -+ .data = g_memdup2(data(args), sizeof(data(args))), \ - .size = sizeof(data(args)), \ - } - -@@ -67,7 +67,7 @@ struct test_data { - }; \ - static struct test_data data; \ - data.test_name = g_strdup(name); \ -- data.pdu_list = g_memdup(pdus, sizeof(pdus)); \ -+ data.pdu_list = g_memdup2(pdus, sizeof(pdus)); \ - tester_add(name, &data, NULL, function, NULL); \ - } while (0) - -diff --git a/unit/test-avrcp.c b/unit/test-avrcp.c -index 34a7037..0c860e3 100644 ---- a/unit/test-avrcp.c -+++ b/unit/test-avrcp.c -@@ -61,7 +61,7 @@ struct context { - #define raw_pdu(args...) \ - { \ - .valid = true, \ -- .data = g_memdup(data(args), sizeof(data(args))), \ -+ .data = g_memdup2(data(args), sizeof(data(args))), \ - .size = sizeof(data(args)), \ - } - -@@ -69,7 +69,7 @@ struct context { - { \ - .valid = true, \ - .browse = true, \ -- .data = g_memdup(data(args), sizeof(data(args))), \ -+ .data = g_memdup2(data(args), sizeof(data(args))), \ - .size = sizeof(data(args)), \ - } - -@@ -77,7 +77,7 @@ struct context { - { \ - .valid = true, \ - .fragmented = true, \ -- .data = g_memdup(data(args), sizeof(data(args))), \ -+ .data = g_memdup2(data(args), sizeof(data(args))), \ - .size = sizeof(data(args)), \ - } - -@@ -85,7 +85,7 @@ struct context { - { \ - .valid = true, \ - .continuing = true, \ -- .data = g_memdup(data(args), sizeof(data(args))), \ -+ .data = g_memdup2(data(args), sizeof(data(args))), \ - .size = sizeof(data(args)), \ - } - -@@ -96,7 +96,7 @@ struct context { - }; \ - static struct test_data data; \ - data.test_name = g_strdup(name); \ -- data.pdu_list = g_memdup(pdus, sizeof(pdus)); \ -+ data.pdu_list = g_memdup2(pdus, sizeof(pdus)); \ - tester_add(name, &data, NULL, function, NULL); \ - } while (0) - -diff --git a/unit/test-gatt.c b/unit/test-gatt.c -index 4aa87d0..ab16818 100644 ---- a/unit/test-gatt.c -+++ b/unit/test-gatt.c -@@ -73,7 +73,7 @@ struct context { - #define raw_pdu(args...) \ - { \ - .valid = true, \ -- .data = g_memdup(data(args), sizeof(data(args))), \ -+ .data = g_memdup2(data(args), sizeof(data(args))), \ - .size = sizeof(data(args)), \ - } - -@@ -94,7 +94,7 @@ struct context { - data.uuid = bt_uuid; \ - data.step = test_step; \ - data.source_db = db; \ -- data.pdu_list = g_memdup(pdus, sizeof(pdus)); \ -+ data.pdu_list = g_memdup2(pdus, sizeof(pdus)); \ - tester_add(name, &data, NULL, function, NULL); \ - } while (0) - -diff --git a/unit/test-hfp.c b/unit/test-hfp.c -index f504724..6afc145 100644 ---- a/unit/test-hfp.c -+++ b/unit/test-hfp.c -@@ -50,7 +50,7 @@ struct test_data { - #define raw_pdu(args...) \ - { \ - .valid = true, \ -- .data = g_memdup(data(args), sizeof(data(args))), \ -+ .data = g_memdup2(data(args), sizeof(data(args))), \ - .size = sizeof(data(args)), \ - } - -@@ -62,7 +62,7 @@ struct test_data { - #define type_pdu(cmd_type, args...) \ - { \ - .valid = true, \ -- .data = g_memdup(data(args), sizeof(data(args))), \ -+ .data = g_memdup2(data(args), sizeof(data(args))), \ - .size = sizeof(data(args)), \ - .type = cmd_type, \ - } -@@ -70,7 +70,7 @@ struct test_data { - #define frg_pdu(args...) \ - { \ - .valid = true, \ -- .data = g_memdup(data(args), sizeof(data(args))), \ -+ .data = g_memdup2(data(args), sizeof(data(args))), \ - .size = sizeof(data(args)), \ - .fragmented = true, \ - } -@@ -82,7 +82,7 @@ struct test_data { - }; \ - static struct test_data data; \ - data.test_name = g_strdup(name); \ -- data.pdu_list = g_memdup(pdus, sizeof(pdus)); \ -+ data.pdu_list = g_memdup2(pdus, sizeof(pdus)); \ - data.result_func = result_function; \ - tester_add(name, &data, NULL, function, NULL); \ - data.test_handler = test_handler; \ -@@ -96,7 +96,7 @@ struct test_data { - }; \ - static struct test_data data; \ - data.test_name = g_strdup(name); \ -- data.pdu_list = g_memdup(pdus, sizeof(pdus)); \ -+ data.pdu_list = g_memdup2(pdus, sizeof(pdus)); \ - data.hf_result_func = result_func; \ - data.response_func = response_function; \ - tester_add(name, &data, NULL, function, NULL); \ -diff --git a/unit/test-hog.c b/unit/test-hog.c -index e6d4aff..edf0633 100644 ---- a/unit/test-hog.c -+++ b/unit/test-hog.c -@@ -59,7 +59,7 @@ struct context { - #define raw_pdu(args...) \ - { \ - .valid = true, \ -- .data = g_memdup(data(args), sizeof(data(args))), \ -+ .data = g_memdup2(data(args), sizeof(data(args))), \ - .size = sizeof(data(args)), \ - } - -@@ -75,7 +75,7 @@ struct context { - }; \ - static struct test_data data; \ - data.test_name = g_strdup(name); \ -- data.pdu_list = g_memdup(pdus, sizeof(pdus)); \ -+ data.pdu_list = g_memdup2(pdus, sizeof(pdus)); \ - tester_add(name, &data, NULL, function, NULL); \ - } while (0) - -diff --git a/unit/test-sdp.c b/unit/test-sdp.c -index d3a885f..3a003ff 100644 ---- a/unit/test-sdp.c -+++ b/unit/test-sdp.c -@@ -47,14 +47,14 @@ struct test_data { - #define raw_pdu(args...) \ - { \ - .valid = true, \ -- .raw_data = g_memdup(raw_data(args), sizeof(raw_data(args))), \ -+ .raw_data = g_memdup2(raw_data(args), sizeof(raw_data(args))), \ - .raw_size = sizeof(raw_data(args)), \ - } - - #define raw_pdu_cont(cont, args...) \ - { \ - .valid = true, \ -- .raw_data = g_memdup(raw_data(args), sizeof(raw_data(args))), \ -+ .raw_data = g_memdup2(raw_data(args), sizeof(raw_data(args))), \ - .raw_size = sizeof(raw_data(args)), \ - .cont_len = cont, \ - } -@@ -66,7 +66,7 @@ struct test_data { - }; \ - static struct test_data data; \ - data.mtu = _mtu; \ -- data.pdu_list = g_memdup(pdus, sizeof(pdus)); \ -+ data.pdu_list = g_memdup2(pdus, sizeof(pdus)); \ - tester_add(name, &data, NULL, test_sdp, NULL); \ - } while (0) - -@@ -92,7 +92,7 @@ struct test_data_de { - #define define_test_de_attr(name, input, exp) \ - do { \ - static struct test_data_de data; \ -- data.input_data = g_memdup(input, sizeof(input)); \ -+ data.input_data = g_memdup2(input, sizeof(input)); \ - data.input_size = sizeof(input); \ - data.expected = exp; \ - tester_add("/sdp/DE/ATTR/" name, &data, NULL, \ -diff --git a/unit/test-uhid.c b/unit/test-uhid.c -index 001d39a..bfe8369 100644 ---- a/unit/test-uhid.c -+++ b/unit/test-uhid.c -@@ -61,7 +61,7 @@ struct context { - }; \ - static struct test_data data; \ - data.test_name = g_strdup(name); \ -- data.pdu_list = g_memdup(pdus, sizeof(pdus)); \ -+ data.pdu_list = g_memdup2(pdus, sizeof(pdus)); \ - tester_add(name, &data, NULL, function, NULL); \ - } while (0) - --- -2.31.1 - diff --git a/0002-hog-Add-input-queue-while-uhid-device-has-not-been-c-rediffed.patch b/0002-hog-Add-input-queue-while-uhid-device-has-not-been-c-rediffed.patch deleted file mode 100644 index f397757..0000000 --- a/0002-hog-Add-input-queue-while-uhid-device-has-not-been-c-rediffed.patch +++ /dev/null @@ -1,90 +0,0 @@ -From 33d13bbc5703185ab3f15e4429df324987f3f225 Mon Sep 17 00:00:00 2001 -From: Luiz Augusto von Dentz -Date: Wed, 12 Jan 2022 14:07:36 -0800 -Subject: [PATCH 2/2] hog: Add input queue while uhid device has not been - created - -Since report map is only read after all reports it is possible to start -receiving notifications before uhid has been created, so this adds a -queue to store the events while the report map is pending and once uhid -has been created dequeue the events. ---- - profiles/input/hog-lib.c | 32 +++++++++++++++++++++++++++++--- - 1 file changed, 29 insertions(+), 3 deletions(-) - -diff --git a/profiles/input/hog-lib.c b/profiles/input/hog-lib.c -index beb19af70..0b375feb8 100644 ---- a/profiles/input/hog-lib.c -+++ b/profiles/input/hog-lib.c -@@ -98,6 +98,7 @@ struct bt_hog { - struct queue *gatt_op; - struct gatt_db *gatt_db; - struct gatt_db_attribute *report_map_attr; -+ struct queue *input; - }; - - struct report_map { -@@ -355,11 +356,18 @@ static void report_value_cb(const guint8 *pdu, guint16 len, gpointer user_data) - ev.u.input.size = len; - } - -- err = bt_uhid_send(hog->uhid, &ev); -- if (err < 0) { -- error("bt_uhid_send: %s (%d)", strerror(-err), -err); -+ /* If uhid had not been created yet queue up the input */ -+ if (!hog->uhid_created) { -+ if (!hog->input) -+ hog->input = queue_new(); -+ -+ queue_push_tail(hog->input, g_memdup(&ev, sizeof(ev))); - return; - } -+ -+ err = bt_uhid_send(hog->uhid, &ev); -+ if (err < 0) -+ error("bt_uhid_send: %s (%d)", strerror(-err), -err); - } - - static void report_ccc_written_cb(guint8 status, const guint8 *pdu, -@@ -993,6 +1001,21 @@ static char *item2string(char *str, uint8_t *buf, uint8_t len) - return str; - } - -+static bool input_dequeue(const void *data, const void *match_data) -+{ -+ const struct uhid_event *ev = data; -+ const struct bt_hog *hog = match_data; -+ int err; -+ -+ err = bt_uhid_send(hog->uhid, ev); -+ if (err < 0) { -+ error("bt_uhid_send: %s (%d)", strerror(-err), -err); -+ return false; -+ } -+ -+ return true; -+} -+ - static void uhid_create(struct bt_hog *hog, uint8_t *report_map, - ssize_t report_map_len) - { -@@ -1072,6 +1095,8 @@ static void uhid_create(struct bt_hog *hog, uint8_t *report_map, - hog->uhid_created = true; - - DBG("HoG created uHID device"); -+ -+ queue_remove_all(hog->input, input_dequeue, hog, free); - } - - static void db_report_map_write_value_cb(struct gatt_db_attribute *attr, -@@ -1284,6 +1309,7 @@ static void hog_free(void *data) - - bt_hog_detach(hog); - -+ queue_destroy(hog->input, free); - queue_destroy(hog->bas, (void *) bt_bas_unref); - g_slist_free_full(hog->instances, hog_free); - --- -2.34.1 - diff --git a/0002-systemd-Add-PrivateTmp-and-NoNewPrivileges-options.patch b/0002-systemd-Add-PrivateTmp-and-NoNewPrivileges-options.patch deleted file mode 100644 index d6dff2a..0000000 --- a/0002-systemd-Add-PrivateTmp-and-NoNewPrivileges-options.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 36a44fc05feebe1aab16c33a1121f952986b2801 Mon Sep 17 00:00:00 2001 -From: Craig Andrews -Date: Wed, 13 Sep 2017 15:23:09 +0200 -Subject: [PATCH 2/4] systemd: Add PrivateTmp and NoNewPrivileges options - -PrivateTmp makes bluetoothd's /tmp and /var/tmp be inside a different -namespace. This is useful to secure access to temporary files of the -process. - -NoNewPrivileges ensures that service process and all its children -can never gain new privileges through execve(), lowering the risk of -possible privilege escalations. ---- - src/bluetooth.service.in | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/src/bluetooth.service.in b/src/bluetooth.service.in -index f9faaa452..7c2f60bb4 100644 ---- a/src/bluetooth.service.in -+++ b/src/bluetooth.service.in -@@ -12,8 +12,14 @@ NotifyAccess=main - #Restart=on-failure - CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE - LimitNPROC=1 -+ -+# Filesystem lockdown - ProtectHome=true - ProtectSystem=full -+PrivateTmp=true -+ -+# Privilege escalation -+NoNewPrivileges=true - - [Install] - WantedBy=bluetooth.target --- -2.21.0 - diff --git a/0003-systemd-Add-more-filesystem-lockdown.patch b/0003-systemd-Add-more-filesystem-lockdown.patch deleted file mode 100644 index 37a91e4..0000000 --- a/0003-systemd-Add-more-filesystem-lockdown.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 13a348670fef0047555395ce6977e86e0005f8bd Mon Sep 17 00:00:00 2001 -From: Bastien Nocera -Date: Wed, 13 Sep 2017 15:37:11 +0200 -Subject: [PATCH 3/4] systemd: Add more filesystem lockdown - -We can only access the configuration file as read-only and read-write -to the Bluetooth cache directory and sub-directories. ---- - Makefile.am | 3 +++ - src/bluetooth.service.in | 4 ++++ - 2 files changed, 7 insertions(+) - -diff --git a/Makefile.am b/Makefile.am -index ac88c12e0..0a6d09847 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -617,6 +617,9 @@ - - SED_PROCESS = $(AM_V_GEN)$(MKDIR_P) $(dir $@) && \ - $(SED) -e 's,@pkglibexecdir\@,$(pkglibexecdir),g' \ -+ -e 's,@libexecdir\@,$(libexecdir),g' \ -+ -e 's,@statedir\@,$(statedir),g' \ -+ -e 's,@confdir\@,$(confdir),g' \ - < $< > $@ - - if RUN_RST2MAN -diff --git a/src/bluetooth.service.in b/src/bluetooth.service.in -index 7c2f60bb4..4daedef2a 100644 ---- a/src/bluetooth.service.in -+++ b/src/bluetooth.service.in -@@ -17,6 +17,10 @@ LimitNPROC=1 - ProtectHome=true - ProtectSystem=full - PrivateTmp=true -+ProtectKernelTunables=true -+ProtectControlGroups=true -+ReadWritePaths=@statedir@ -+ReadOnlyPaths=@confdir@ - - # Privilege escalation - NoNewPrivileges=true --- -2.21.0 - diff --git a/bluez.spec b/bluez.spec index 8efb8a3..945243d 100644 --- a/bluez.spec +++ b/bluez.spec @@ -5,8 +5,8 @@ %endif Name: bluez -Version: 5.63 -Release: 3%{?dist} +Version: 5.64 +Release: 1%{?dist} Summary: Bluetooth utilities License: GPLv2+ URL: http://www.bluez.org/ @@ -16,19 +16,6 @@ Source1: bluez.gitignore # https://github.com/hadess/bluez/commits/obex-5.46 Patch1: 0001-obex-Use-GLib-helper-function-to-manipulate-paths.patch -# https://github.com/hadess/bluez/commits/systemd-hardening -Patch2: 0001-build-Always-define-confdir-and-statedir.patch -Patch3: 0002-systemd-Add-PrivateTmp-and-NoNewPrivileges-options.patch -Patch4: 0003-systemd-Add-more-filesystem-lockdown.patch -Patch5: 0004-systemd-More-lockdown.patch -# Fix FTBFS with newer glib versions -Patch6: 0002-Use-g_memdup2-everywhere.patch -# Fix initialization problems with Logitech MX Master mice -# https://bugzilla.redhat.com/show_bug.cgi?id=2019970 -# https://github.com/bluez/bluez/issues/220 -# Both patches have one rediff necessary to apply to 5.63 -Patch7: 0001-hog-Fix-read-order-of-attributes-rediffed.patch -Patch8: 0002-hog-Add-input-queue-while-uhid-device-has-not-been-c-rediffed.patch BuildRequires: dbus-devel >= 1.6 BuildRequires: glib2-devel @@ -326,6 +313,9 @@ install emulator/btvirt ${RPM_BUILD_ROOT}/%{_libexecdir}/bluetooth/ %{_userunitdir}/obex.service %changelog +* Mon Mar 21 2022 Peter Robinson - 5.64-1 +- Update to 5.64 + * Wed Jan 19 2022 Fedora Release Engineering - 5.63-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild diff --git a/sources b/sources index 6b72653..c02b215 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (bluez-5.63.tar.xz) = 1b8ce7b1bd9611873c27a762a60df580edeefe5424e8733a2067b9afb1a47915f9319849bc1eeee148f5b1f33977b7975e05867e8dbdf73d33cd68e6b99ca75b +SHA512 (bluez-5.64.tar.xz) = f11f9974b29c5c6fce3890d7e42425c1cb02e42c1b8f49c5cc4b249234e67b64317d0e5e82721e2fbf1b53269c8569a9c869d59ce42b5e927f6622f0753e53cd