Add crasher fixes (rhbz #1027365)
This commit is contained in:
parent
1b5c16bc39
commit
2a3b1dd3d1
38
0001-obex-Use-GLib-helper-function-to-manipulate-paths.patch
Normal file
38
0001-obex-Use-GLib-helper-function-to-manipulate-paths.patch
Normal file
@ -0,0 +1,38 @@
|
||||
From f7861d27fbcbc519f57d8496aa9486f487908821 Mon Sep 17 00:00:00 2001
|
||||
From: Bastien Nocera <hadess@hadess.net>
|
||||
Date: Sat, 9 Nov 2013 18:13:43 +0100
|
||||
Subject: [PATCH 1/5] obex: Use GLib helper function to manipulate paths
|
||||
|
||||
Instead of trying to do it by hand. This also makes sure that
|
||||
relative paths aren't used by the agent.
|
||||
---
|
||||
obexd/src/manager.c | 10 +++++-----
|
||||
1 file changed, 5 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/obexd/src/manager.c b/obexd/src/manager.c
|
||||
index cec8a39..f18896e 100644
|
||||
--- a/obexd/src/manager.c
|
||||
+++ b/obexd/src/manager.c
|
||||
@@ -651,14 +651,14 @@ static void agent_reply(DBusPendingCall *call, void *user_data)
|
||||
DBUS_TYPE_STRING, &name,
|
||||
DBUS_TYPE_INVALID)) {
|
||||
/* Splits folder and name */
|
||||
- const char *slash = strrchr(name, '/');
|
||||
+ gboolean is_relative = !g_path_is_absolute(name);
|
||||
DBG("Agent replied with %s", name);
|
||||
- if (!slash) {
|
||||
- agent->new_name = g_strdup(name);
|
||||
+ if (is_relative) {
|
||||
+ agent->new_name = g_path_get_basename(name);
|
||||
agent->new_folder = NULL;
|
||||
} else {
|
||||
- agent->new_name = g_strdup(slash + 1);
|
||||
- agent->new_folder = g_strndup(name, slash - name);
|
||||
+ agent->new_name = g_path_get_basename(name);
|
||||
+ agent->new_folder = g_path_get_dirname(name);
|
||||
}
|
||||
}
|
||||
|
||||
--
|
||||
1.8.4.2
|
||||
|
47
0002-autopair-Don-t-handle-the-iCade.patch
Normal file
47
0002-autopair-Don-t-handle-the-iCade.patch
Normal file
@ -0,0 +1,47 @@
|
||||
From c16ae7041c7511d8d1ed8441f696716fa6a9117e Mon Sep 17 00:00:00 2001
|
||||
From: Bastien Nocera <hadess@hadess.net>
|
||||
Date: Tue, 19 Nov 2013 14:11:39 +0100
|
||||
Subject: [PATCH 2/5] autopair: Don't handle the iCade
|
||||
|
||||
We can't easily enter digits other than 1 through 4 (inclusive)
|
||||
so leave it up to the agent to figure out a good passcode
|
||||
for the iCade.
|
||||
|
||||
Note that we can not use the VID/PID of the device, as it is not
|
||||
yet known at that point.
|
||||
---
|
||||
plugins/autopair.c | 12 +++++++++++-
|
||||
1 file changed, 11 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/plugins/autopair.c b/plugins/autopair.c
|
||||
index 8c98c12..5d2f6f7 100644
|
||||
--- a/plugins/autopair.c
|
||||
+++ b/plugins/autopair.c
|
||||
@@ -57,13 +57,23 @@ static ssize_t autopair_pincb(struct btd_adapter *adapter,
|
||||
{
|
||||
char addr[18];
|
||||
char pinstr[7];
|
||||
+ char name[25];
|
||||
uint32_t class;
|
||||
|
||||
ba2str(device_get_address(device), addr);
|
||||
|
||||
class = btd_device_get_class(device);
|
||||
|
||||
- DBG("device %s 0x%x", addr, class);
|
||||
+ device_get_name(device, name, sizeof(name));
|
||||
+ name[sizeof(name) - 1] = 0;
|
||||
+
|
||||
+ DBG("device %s (%s) 0x%x", addr, name, class);
|
||||
+
|
||||
+ g_message ("vendor 0x%X product: 0x%X", btd_device_get_vendor (device), btd_device_get_product (device));
|
||||
+
|
||||
+ /* The iCade shouldn't use random PINs like normal keyboards */
|
||||
+ if (name != NULL && strstr(name, "iCade") != NULL)
|
||||
+ return 0;
|
||||
|
||||
/* This is a class-based pincode guesser. Ignore devices with an
|
||||
* unknown class.
|
||||
--
|
||||
1.8.4.2
|
||||
|
29
0003-input-Fix-crash-when-SDP-record-isn-t-available.patch
Normal file
29
0003-input-Fix-crash-when-SDP-record-isn-t-available.patch
Normal file
@ -0,0 +1,29 @@
|
||||
From 1da26fd3ce47728f423e290e3928257ead9baf76 Mon Sep 17 00:00:00 2001
|
||||
From: Bastien Nocera <hadess@hadess.net>
|
||||
Date: Sat, 7 Dec 2013 15:51:47 +0100
|
||||
Subject: [PATCH] input: Fix crash when SDP record isn't available
|
||||
|
||||
On startup, if the SDP cache has been removed but the pairing
|
||||
information is still present, we'd crash trying to access inside a
|
||||
NULL record struct.
|
||||
---
|
||||
profiles/input/device.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/profiles/input/device.c b/profiles/input/device.c
|
||||
index 6523161..8a28b0d 100644
|
||||
--- a/profiles/input/device.c
|
||||
+++ b/profiles/input/device.c
|
||||
@@ -811,6 +811,9 @@ static struct input_device *input_device_new(struct btd_service *service)
|
||||
struct input_device *idev;
|
||||
char name[HCI_MAX_NAME_LENGTH + 1];
|
||||
|
||||
+ if (!rec)
|
||||
+ return NULL;
|
||||
+
|
||||
idev = g_new0(struct input_device, 1);
|
||||
bacpy(&idev->src, adapter_get_address(adapter));
|
||||
bacpy(&idev->dst, device_get_address(device));
|
||||
--
|
||||
1.8.4.2
|
||||
|
25
0004-agent-Assert-possible-infinite-loop.patch
Normal file
25
0004-agent-Assert-possible-infinite-loop.patch
Normal file
@ -0,0 +1,25 @@
|
||||
From 67e5477687a2753d3f7b300bcfdc74464d8ad41f Mon Sep 17 00:00:00 2001
|
||||
From: Bastien Nocera <hadess@hadess.net>
|
||||
Date: Mon, 9 Dec 2013 18:04:56 +0100
|
||||
Subject: [PATCH 4/5] agent: Assert possible infinite loop
|
||||
|
||||
---
|
||||
src/agent.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/src/agent.c b/src/agent.c
|
||||
index bcba969..b292881 100644
|
||||
--- a/src/agent.c
|
||||
+++ b/src/agent.c
|
||||
@@ -203,6 +203,8 @@ void agent_unref(struct agent *agent)
|
||||
if (agent->ref > 0)
|
||||
return;
|
||||
|
||||
+ g_assert (agent->ref == 0);
|
||||
+
|
||||
if (agent->request) {
|
||||
DBusError err;
|
||||
agent_pincode_cb pincode_cb;
|
||||
--
|
||||
1.8.4.2
|
||||
|
@ -0,0 +1,56 @@
|
||||
From 28419bdc2fd093bcbc68b629b9c7b8c295260c57 Mon Sep 17 00:00:00 2001
|
||||
From: Szymon Janc <szymon.janc@gmail.com>
|
||||
Date: Mon, 9 Dec 2013 20:20:55 +0100
|
||||
Subject: [PATCH 5/5] core: Fix crash due to agent callback freeing the agent
|
||||
|
||||
Similar fix was provided for simple_agent_reply in a2f5d438 but missed
|
||||
pincode_reply case.
|
||||
|
||||
Fix following:
|
||||
|
||||
src/agent.c:agent_disconnect() Agent :1.48 disconnected
|
||||
src/agent.c:set_default_agent() Default agent cleared
|
||||
src/agent.c:agent_destroy() agent :1.48
|
||||
src/agent.c:agent_unref() 0x4701c68: ref=1
|
||||
Agent /org/bluez/agent replied with an error:
|
||||
org.freedesktop.DBus.Error.NoReply, Message did not receive a reply
|
||||
(timeout by message bus)
|
||||
src/adapter.c:btd_adapter_pincode_reply() hci0 addr 6C:0E:0D:DB:D1:16
|
||||
pinlen 0
|
||||
src/agent.c:agent_unref() 0x4701c68: ref=0
|
||||
src/adapter.c:btd_adapter_pincode_reply() hci0 addr 6C:0E:0D:DB:D1:16
|
||||
pinlen 0
|
||||
src/agent.c:agent_unref() 0x4701c68: ref=-1
|
||||
src/adapter.c:btd_adapter_pincode_reply() hci0 addr 6C:0E:0D:DB:D1:16
|
||||
pinlen 0
|
||||
src/agent.c:agent_unref() 0x4701c68: ref=-2
|
||||
...
|
||||
---
|
||||
src/agent.c | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/src/agent.c b/src/agent.c
|
||||
index b292881..2ec3183 100644
|
||||
--- a/src/agent.c
|
||||
+++ b/src/agent.c
|
||||
@@ -428,6 +428,9 @@ static void pincode_reply(DBusPendingCall *call, void *user_data)
|
||||
* is only called after a reply has been received */
|
||||
message = dbus_pending_call_steal_reply(call);
|
||||
|
||||
+ /* Protect from the callback freeing the agent */
|
||||
+ agent_ref(agent);
|
||||
+
|
||||
dbus_error_init(&err);
|
||||
if (dbus_set_error_from_message(&err, message)) {
|
||||
error("Agent %s replied with an error: %s, %s",
|
||||
@@ -467,6 +470,7 @@ done:
|
||||
dbus_pending_call_cancel(req->call);
|
||||
agent->request = NULL;
|
||||
agent_request_free(req, TRUE);
|
||||
+ agent_unref(agent);
|
||||
}
|
||||
|
||||
static int pincode_request_new(struct agent_request *req, const char *device_path,
|
||||
--
|
||||
1.8.4.2
|
||||
|
10
bluez.spec
10
bluez.spec
@ -3,7 +3,7 @@
|
||||
Summary: Bluetooth utilities
|
||||
Name: bluez
|
||||
Version: 5.11
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
License: GPLv2+
|
||||
Group: Applications/System
|
||||
URL: http://www.bluez.org/
|
||||
@ -17,6 +17,11 @@ Patch1: playstation-peripheral-pugin-v5.x.patch
|
||||
Patch2: 0001-work-around-Logitech-diNovo-Edge-keyboard-firmware-i.patch
|
||||
# Non-upstream
|
||||
Patch3: 0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch
|
||||
Patch4: 0001-obex-Use-GLib-helper-function-to-manipulate-paths.patch
|
||||
Patch5: 0002-autopair-Don-t-handle-the-iCade.patch
|
||||
Patch6: 0003-input-Fix-crash-when-SDP-record-isn-t-available.patch
|
||||
Patch7: 0004-agent-Assert-possible-infinite-loop.patch
|
||||
Patch8: 0005-core-Fix-crash-due-to-agent-callback-freeing-the-age.patch
|
||||
|
||||
BuildRequires: git
|
||||
BuildRequires: dbus-devel >= 0.90
|
||||
@ -228,6 +233,9 @@ mkdir -p $RPM_BUILD_ROOT/%{_libdir}/bluetooth/
|
||||
/lib/udev/rules.d/97-hid2hci.rules
|
||||
|
||||
%changelog
|
||||
* Tue Dec 10 2013 Bastien Nocera <bnocera@redhat.com> 5.11-2
|
||||
- Add crasher fixes (rhbz #1027365)
|
||||
|
||||
* Mon Nov 18 2013 Bastien Nocera <bnocera@redhat.com> 5.11-1
|
||||
- Update to 5.11
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user