rpms/bluez
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to 5.85

Browse Source 
Resolves: RHEL-142551
This commit is contained in:
Bastien Nocera 2026-01-26 10:07:20 +01:00
parent e5229e5c43
commit 32bfc4090b
9 changed files with 131 additions and 281 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
0001-build-Don-t-install-btmgmt-man-page-as-tool-isn-t.patch Normal file
View File

@ -0,0 +1,27 @@
From c9ec6137b16aaf371b311f4777a042ec1175719b Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Thu, 29 Jan 2026 13:40:52 +0100
Subject: [PATCH] build: Don't install btmgmt man page as tool isn't
The btmgmt tool isn't installed through the Makefiles, so the
man page shouldn't be installed either.
---
Makefile.tools | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Makefile.tools b/Makefile.tools
index 561b03d0b95b..f0b106fae7ef 100644
--- a/Makefile.tools
+++ b/Makefile.tools
@@ -355,7 +355,7 @@ profiles_iap_iapd_LDADD = gdbus/libgdbus-internal.la $(GLIB_LIBS) $(DBUS_LIBS)
if MANPAGES
man_MANS += tools/rctest.1 tools/l2ping.1 tools/btattach.1 tools/isotest.1 \
- tools/btmgmt.1 client/bluetoothctl.1 \
+ client/bluetoothctl.1 \
client/bluetoothctl-mgmt.1 \
client/bluetoothctl-monitor.1 client/bluetoothctl-admin.1 \
client/bluetoothctl-advertise.1 client/bluetoothctl-endpoint.1 \
--
2.52.0

12
0001-main-Simplify-parse_config_string.patch
View File

@ -1,4 +1,4 @@
From 8cc47ce7b9bd16e560b5cf13a7c0e1ac612bf59a Mon Sep 17 00:00:00 2001
From b8d6754afe8a80219add46554c40cc3c8a8368d0 Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Fri, 10 May 2024 13:47:29 +0200
Subject: [PATCH] main: Simplify parse_config_string()
@ -29,10 +29,10 @@ bluez-5.75/src/main.c:440:2: leaked_storage: Variable "tmp" going out of scope l
1 file changed, 14 insertions(+), 9 deletions(-)
diff --git a/src/main.c b/src/main.c
index 3c51a0092425..4ac442b37a85 100644
index 1c7390e6329d..217de1a3c935 100644
--- a/src/main.c
+++ b/src/main.c
@@ -430,9 +430,14 @@ static bool parse_config_string(GKeyFile *config, const char *group,
@@ -431,9 +431,14 @@ static bool parse_config_string(GKeyFile *config, const char *group,
const char *key, char **val)
{
GError *err = NULL;
@ -49,7 +49,7 @@ index 3c51a0092425..4ac442b37a85 100644
if (err) {
if (err->code != G_KEY_FILE_ERROR_KEY_NOT_FOUND)
DBG("%s", err->message);
@@ -440,12 +445,7 @@ static bool parse_config_string(GKeyFile *config, const char *group,
@@ -441,12 +446,7 @@ static bool parse_config_string(GKeyFile *config, const char *group,
return false;
}
@ -63,7 +63,7 @@ index 3c51a0092425..4ac442b37a85 100644
return true;
}
@@ -1022,7 +1022,12 @@ static void parse_secure_conns(GKeyFile *config)
@@ -1023,7 +1023,12 @@ static void parse_secure_conns(GKeyFile *config)
static void parse_general(GKeyFile *config)
{
@ -78,5 +78,5 @@ index 3c51a0092425..4ac442b37a85 100644
parse_config_u32(config, "General", "DiscoverableTimeout",
&btd_opts.discovto,
--
2.49.0
2.52.0

24
0001-shared-shell-Free-memory-allocated-by-wordexp.patch
View File

@ -1,4 +1,4 @@
From 48c0a18b1f4367935588c3c1a26280f52eed5502 Mon Sep 17 00:00:00 2001
From 1b8a2d85a42a8e08e0c3c0c6ad8ed01c65a71524 Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Tue, 2 Jul 2024 15:27:12 +0200
Subject: [PATCH] shared/shell: Free memory allocated by wordexp()
@ -61,10 +61,10 @@ bluez-5.76/src/shared/shell.c:1423:4: leaked_storage: Variable "w" going out of
1 file changed, 20 insertions(+), 6 deletions(-)
diff --git a/src/shared/shell.c b/src/shared/shell.c
index 6b4f7a7ef503..cac19d6307c6 100644
index ea285c72631d..b4add90322b5 100644
--- a/src/shared/shell.c
+++ b/src/shared/shell.c
@@ -503,13 +503,23 @@ static void shell_print_menu_zsh_complete(void)
@@ -504,13 +504,23 @@ static void shell_print_menu_zsh_complete(void)
}
}
@ -89,7 +89,7 @@ index 6b4f7a7ef503..cac19d6307c6 100644
free(str);
return -EINVAL;
}
@@ -531,6 +541,7 @@ static int cmd_exec(const struct bt_shell_menu_entry *entry,
@@ -532,6 +542,7 @@ static int cmd_exec(const struct bt_shell_menu_entry *entry,
char *man, *opt;
int flags = WRDE_NOCMD;
bool optargs = false;
@ -97,7 +97,7 @@ index 6b4f7a7ef503..cac19d6307c6 100644
if (argc == 2 && (!memcmp(argv[1], "help", 4) ||
!memcmp(argv[1], "--help", 6))) {
@@ -588,8 +599,10 @@ static int cmd_exec(const struct bt_shell_menu_entry *entry,
@@ -589,8 +600,10 @@ static int cmd_exec(const struct bt_shell_menu_entry *entry,
goto fail;
}
@ -109,7 +109,7 @@ index 6b4f7a7ef503..cac19d6307c6 100644
optional:
if (parse_args(opt, &w, "[]", flags) < 0) {
@@ -602,6 +615,7 @@ optional:
@@ -603,6 +616,7 @@ optional:
free(opt);
/* Check if there are too many arguments */
@ -117,7 +117,7 @@ index 6b4f7a7ef503..cac19d6307c6 100644
if (!optargs && ((unsigned int) argc - 1 > w.we_wordc && !w.we_offs)) {
print_text(COLOR_HIGHLIGHT, "Too many arguments: %d > %zu",
argc - 1, w.we_wordc);
@@ -1096,7 +1110,7 @@ static char **args_completion(const struct bt_shell_menu_entry *entry, int argc,
@@ -1102,7 +1116,7 @@ static char **args_completion(const struct bt_shell_menu_entry *entry, int argc,
args.we_offs = 0;
wordfree(&args);
@ -126,7 +126,7 @@ index 6b4f7a7ef503..cac19d6307c6 100644
goto done;
rl_completion_display_matches_hook = NULL;
@@ -1168,7 +1182,7 @@ static char **shell_completion(const char *text, int start, int end)
@@ -1174,7 +1188,7 @@ static char **shell_completion(const char *text, int start, int end)
if (start > 0) {
wordexp_t w;
@ -134,8 +134,8 @@ index 6b4f7a7ef503..cac19d6307c6 100644
+ if (_wordexp(rl_line_buffer, &w, WRDE_NOCMD))
return NULL;
matches = menu_completion(default_menu, text, w.we_wordc,
@@ -1481,7 +1495,7 @@ int bt_shell_exec(const char *input)
matches = menu_completion(default_menu.entries, text,
@@ -1497,7 +1511,7 @@ int bt_shell_exec(const char *input)
if (data.monitor)
bt_log_printf(0xffff, data.name, LOG_INFO, "%s", input);
@ -144,7 +144,7 @@ index 6b4f7a7ef503..cac19d6307c6 100644
switch (err) {
case WRDE_BADCHAR:
return -EBADMSG;
@@ -1491,7 +1505,7 @@ int bt_shell_exec(const char *input)
@@ -1507,7 +1521,7 @@ int bt_shell_exec(const char *input)
case WRDE_NOSPACE:
return -ENOMEM;
case WRDE_CMDSUB:
@ -154,5 +154,5 @@ index 6b4f7a7ef503..cac19d6307c6 100644
break;
};
--
2.49.0
2.52.0

174
5.83-fixes.patch
View File

@ -1,174 +0,0 @@
From dd718c202276165244ea4c26f99d233c8b6f4cd1 Mon Sep 17 00:00:00 2001
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Date: Thu, 3 Jul 2025 13:30:22 -0400
Subject: [PATCH 1/2] shared/shell: Fix not calling pre_run for main menu
When calling bt_shell_run the main menu pre_run was not being called
which cause tools with just one menu to not work as intended.
Fixes: https://github.com/bluez/bluez/issues/1319
---
src/shared/shell.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/shared/shell.c b/src/shared/shell.c
index f7d237c19203..2fc02a98eda9 100644
--- a/src/shared/shell.c
+++ b/src/shared/shell.c
@@ -1464,6 +1464,9 @@ int bt_shell_run(void)
int status;
const struct queue_entry *submenu;
+ if (data.menu && data.menu->pre_run)
+ data.menu->pre_run(data.menu);
+
for (submenu = queue_get_entries(data.submenus); submenu;
submenu = submenu->next) {
struct bt_shell_menu *menu = submenu->data;
--
2.50.1
From 13f7ed2e5242ac4e98710f3e97c00bf51e35c2e9 Mon Sep 17 00:00:00 2001
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Date: Mon, 7 Jul 2025 09:39:43 -0400
Subject: [PATCH 2/2] shared/shell: Fix not running pre_run on
MODE_NON_INTERACTIVE
If a command is given to be run in non-interactive mode the code would
not attempt to execute .pre_run first since some (sub)menus requires that
in order to properly initialize things.
Fixes: https://github.com/bluez/bluez/issues/1394
Fixes: https://github.com/bluez/bluez/issues/1317
---
src/shared/shell.c | 33 +++++++++++++++++++++++----------
1 file changed, 23 insertions(+), 10 deletions(-)
diff --git a/src/shared/shell.c b/src/shared/shell.c
index 2fc02a98eda9..bdfbf2af6f21 100644
--- a/src/shared/shell.c
+++ b/src/shared/shell.c
@@ -423,7 +423,8 @@ static void cmd_script(int argc, char *argv[])
return bt_shell_noninteractive_quit(EXIT_SUCCESS);
}
-static const struct bt_shell_menu_entry default_menu[] = {
+static const struct bt_shell_menu default_menu = {
+ .entries = {
{ "back", NULL, cmd_back, "Return to main menu", NULL,
NULL, cmd_back_exists },
{ "menu", "<name>", cmd_menu, "Select submenu",
@@ -437,7 +438,7 @@ static const struct bt_shell_menu_entry default_menu[] = {
{ "export", NULL, cmd_export,
"Print environment variables" },
{ "script", "<filename>", cmd_script, "Run script" },
- { }
+ {} },
};
static void shell_print_help(void)
@@ -480,7 +481,7 @@ static void shell_print_menu(void)
print_menu(entry->cmd, entry->arg ? : "", entry->desc ? : "");
}
- for (entry = default_menu; entry->cmd; entry++) {
+ for (entry = default_menu.entries; entry->cmd; entry++) {
if (entry->exists && !entry->exists(data.menu))
continue;
@@ -495,7 +496,7 @@ static void shell_print_menu_zsh_complete(void)
for (entry = data.menu->entries; entry->cmd; entry++)
printf("%s:%s\n", entry->cmd, entry->desc ? : "");
- for (entry = default_menu; entry->cmd; entry++) {
+ for (entry = default_menu.entries; entry->cmd; entry++) {
if (entry->exists && !entry->exists(data.menu))
continue;
@@ -642,9 +643,11 @@ fail:
return -EINVAL;
}
-static int menu_exec(const struct bt_shell_menu_entry *entry,
+static int menu_exec(const struct bt_shell_menu *menu,
int argc, char *argv[])
{
+ const struct bt_shell_menu_entry *entry = menu->entries;
+
for (; entry->cmd; entry++) {
if (strcmp(argv[0], entry->cmd))
continue;
@@ -657,6 +660,9 @@ static int menu_exec(const struct bt_shell_menu_entry *entry,
if (data.menu == data.main && !strcmp(entry->cmd, "back"))
continue;
+ if (data.mode == MODE_NON_INTERACTIVE && menu->pre_run)
+ menu->pre_run(menu);
+
return cmd_exec(entry, argc, argv);
}
@@ -688,7 +694,7 @@ static int submenu_exec(int argc, char *argv[])
memmove(argv[0], argv[0] + len + 1, tlen - len - 1);
memset(argv[0] + tlen - len - 1, 0, len + 1);
- return menu_exec(submenu->entries, argc, argv);
+ return menu_exec(submenu, argc, argv);
}
static int shell_exec(int argc, char *argv[])
@@ -701,9 +707,9 @@ static int shell_exec(int argc, char *argv[])
if (!argsisutf8(argc, argv))
return -EINVAL;
- err = menu_exec(default_menu, argc, argv);
+ err = menu_exec(&default_menu, argc, argv);
if (err == -ENOENT) {
- err = menu_exec(data.menu->entries, argc, argv);
+ err = menu_exec(data.menu, argc, argv);
if (err == -ENOENT) {
err = submenu_exec(argc, argv);
if (err == -ENOENT) {
@@ -995,7 +1001,7 @@ static char *cmd_generator(const char *text, int state)
}
if (default_menu_enabled) {
- cmd = find_cmd(text, default_menu, &index);
+ cmd = find_cmd(text, default_menu.entries, &index);
if (cmd) {
return cmd;
} else {
@@ -1186,7 +1192,7 @@ static char **shell_completion(const char *text, int start, int end)
if (_wordexp(rl_line_buffer, &w, WRDE_NOCMD))
return NULL;
- matches = menu_completion(default_menu, text, w.we_wordc,
+ matches = menu_completion(default_menu.entries, text, w.we_wordc,
w.we_wordv[0]);
if (!matches) {
matches = menu_completion(data.menu->entries, text,
@@ -1464,6 +1470,12 @@ int bt_shell_run(void)
int status;
const struct queue_entry *submenu;
+ /* Check if on non-interactive mode skip pre-run since that is on-demand
+ * by shell_exec() only for the menu in use.
+ */
+ if (data.mode == MODE_NON_INTERACTIVE)
+ goto done;
+
if (data.menu && data.menu->pre_run)
data.menu->pre_run(data.menu);
@@ -1475,6 +1487,7 @@ int bt_shell_run(void)
menu->pre_run(menu);
}
+done:
status = mainloop_run_with_signal(signal_callback, NULL);
bt_shell_cleanup();
--
2.50.1

19
bluez.spec
View File

@ -5,8 +5,8 @@
%endif
Name: bluez
Version: 5.83
Release: 2%{?dist}
Version: 5.85
Release: 1%{?dist}
Summary: Bluetooth utilities
License: GPL-2.0-or-later
URL: http://www.bluez.org/
@ -21,7 +21,8 @@ Patch2: 0001-shared-shell-Free-memory-allocated-by-wordexp.patch
Patch3: static-analysis-issues-6.patch
# Coverity downstream patches
Patch4: coverity-workarounds.patch
Patch5: 5.83-fixes.patch
# https://patchwork.kernel.org/project/bluetooth/patch/20260129125948.2724071-2-hadess@hadess.net/
Patch5: 0001-build-Don-t-install-btmgmt-man-page-as-tool-isn-t.patch
BuildRequires: dbus-devel >= 1.6
BuildRequires: glib2-devel
@ -175,11 +176,6 @@ install -m0755 attrib/gatttool $RPM_BUILD_ROOT%{_bindir}
# Red Hat Bugzilla bug #1699680
install -m0755 tools/avinfo $RPM_BUILD_ROOT%{_bindir}
# btmgmt is not installed by "make install", but it is useful for debugging
# some issues and to set the MAC address on HCIs which don't have their
# MAC address configured
install -m0755 tools/btmgmt $RPM_BUILD_ROOT%{_bindir}
# Remove libtool archive
find $RPM_BUILD_ROOT -name '*.la' -delete
@ -248,13 +244,11 @@ install emulator/btvirt ${RPM_BUILD_ROOT}/%{_libexecdir}/bluetooth/
%{_bindir}/bluemoon
%{_bindir}/bluetoothctl
%{_bindir}/btattach
%{_bindir}/btmgmt
%{_bindir}/btmon
%{_bindir}/hex2hcd
%{_bindir}/mpris-proxy
%{_mandir}/man1/bluetoothctl.1.*
%{_mandir}/man1/bluetoothctl-*.1.*
%{_mandir}/man1/btmgmt.1.*
%{_mandir}/man1/btattach.1.*
%{_mandir}/man1/btmon.1.*
%{_mandir}/man8/bluetoothd.8.*
@ -306,6 +300,7 @@ install emulator/btvirt ${RPM_BUILD_ROOT}/%{_libexecdir}/bluetooth/
%{_mandir}/man1/rctest.1.*
%{_mandir}/man5/org.bluez.*.5.*
%{_mandir}/man7/hci.7.*
%{_mandir}/man7/iso.7.*
%{_mandir}/man7/l2cap.7.*
%{_mandir}/man7/mgmt.7.*
%{_mandir}/man7/sco.7.*
@ -343,6 +338,10 @@ install emulator/btvirt ${RPM_BUILD_ROOT}/%{_libexecdir}/bluetooth/
%{_userunitdir}/obex.service
%changelog
* Mon Jan 26 2026 Bastien Nocera <bnocera@redhat.com> - 5.85-1
- Update to 5.85
Resolves: RHEL-142551
* Mon Aug 18 2025 Bastien Nocera <bnocera@redhat.com> - 5.83-2
- Fix problem with menu handling
Resolves: RHEL-103965

86
coverity-workarounds.patch
View File

@ -1,4 +1,4 @@
From 10631ec6213213085de4da0f274b8f608e29053f Mon Sep 17 00:00:00 2001
From 25fe0919b7c20f68e15a90a0b012283d9a9a291a Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Mon, 5 Aug 2024 12:17:29 +0200
Subject: [PATCH 1/8] monitor: Work-around overflow_sink Case #01164573
@ -10,10 +10,10 @@ and exit the function if it is.
1 file changed, 1 insertion(+)
diff --git a/monitor/control.c b/monitor/control.c
index 62857b4b84de..40e8a3a90c05 100644
index e43caa113181..e72d9f118388 100644
--- a/monitor/control.c
+++ b/monitor/control.c
@@ -1102,6 +1102,7 @@ static void client_callback(int fd, uint32_t events, void *user_data)
@@ -1158,6 +1158,7 @@ static void client_callback(int fd, uint32_t events, void *user_data)
UINT16_MAX - data->offset > len)
return;
@ -22,10 +22,10 @@ index 62857b4b84de..40e8a3a90c05 100644
while (data->offset >= MGMT_HDR_SIZE) {
--
2.49.0
2.52.0
From 9dc3bf02dec24eaf4577e7f0a44618c6a3e83a44 Mon Sep 17 00:00:00 2001
From b28e1455326f7c8abfe1138050fa3877aafd9548 Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Tue, 30 Jul 2024 15:45:18 +0200
Subject: [PATCH 2/8] mesh/net: Work-around memory overallocation warning
@ -47,10 +47,10 @@ bluez-5.77/mesh/net.c:3316:2: overrun-buffer-arg: Overrunning array "payload->bu
1 file changed, 1 insertion(+)
diff --git a/mesh/net.c b/mesh/net.c
index 2483e23c4229..466a12833117 100644
index d779437179d9..cd84ac76492a 100644
--- a/mesh/net.c
+++ b/mesh/net.c
@@ -3307,6 +3307,7 @@ bool mesh_net_app_send(struct mesh_net *net, bool frnd_cred, uint16_t src,
@@ -3286,6 +3286,7 @@ bool mesh_net_app_send(struct mesh_net *net, bool frnd_cred, uint16_t src,
/* Setup OTA Network send */
payload = mesh_sar_new(msg_len);
@ -59,10 +59,10 @@ index 2483e23c4229..466a12833117 100644
payload->len = msg_len;
payload->src = src;
--
2.49.0
2.52.0
From a42b6e001d6c96f7bca276f022925b3cfe10af83 Mon Sep 17 00:00:00 2001
From 009de66b7f075579ad9f7ee8311de58993d214ba Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Wed, 17 Jul 2024 12:51:56 +0200
Subject: [PATCH 3/8] shared/shell: Work-around SAT-45980 with wordexp()
@ -82,10 +82,10 @@ bluez-5.77/src/shared/shell.c:558:3: leaked_storage: Variable "w" going out of s
1 file changed, 1 insertion(+)
diff --git a/src/shared/shell.c b/src/shared/shell.c
index cac19d6307c6..773d80e14b8f 100644
index ea285c72631d..72423f8f7e67 100644
--- a/src/shared/shell.c
+++ b/src/shared/shell.c
@@ -609,6 +609,7 @@ optional:
@@ -597,6 +597,7 @@ optional:
print_text(COLOR_HIGHLIGHT,
"Unable to parse optional command arguments: %s", opt);
free(opt);
@ -94,10 +94,10 @@ index cac19d6307c6..773d80e14b8f 100644
}
--
2.49.0
2.52.0
From c36f13f3b34d434fc275a1bab18c1064959e3bf0 Mon Sep 17 00:00:00 2001
From f26dcbdc7e0a4f3c07cdb3ecf4e18d48b5978642 Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Wed, 17 Jul 2024 11:28:17 +0200
Subject: [PATCH 4/8] sdp: Work-around #01163325 with single-linked list
@ -147,14 +147,14 @@ bluez-5.77/src/sdp-client.c:197:3: overwrite_var: Overwriting "recs" in "recs =
198| } while (scanned < (ssize_t) size && bytesleft > 0);
199|
---
lib/sdp.c | 2 ++
src/sdp-client.c | 1 +
lib/bluetooth/sdp.c | 2 ++
src/sdp-client.c | 1 +
2 files changed, 3 insertions(+)
diff --git a/lib/sdp.c b/lib/sdp.c
index 8a15ad803db1..99efbc19c299 100644
--- a/lib/sdp.c
+++ b/lib/sdp.c
diff --git a/lib/bluetooth/sdp.c b/lib/bluetooth/sdp.c
index ce34bb7d3f1d..780ac46febc8 100644
--- a/lib/bluetooth/sdp.c
+++ b/lib/bluetooth/sdp.c
@@ -1893,9 +1893,11 @@ static int sdp_get_proto_descs(uint16_t attr_id, const sdp_record_t *rec,
sdp_list_free(pds, NULL);
goto failed;
@ -168,7 +168,7 @@ index 8a15ad803db1..99efbc19c299 100644
}
diff --git a/src/sdp-client.c b/src/sdp-client.c
index 71d3d9e95044..2f043cb7f010 100644
index 4f35cf1b7a8f..c1d99dcc23a8 100644
--- a/src/sdp-client.c
+++ b/src/sdp-client.c
@@ -194,6 +194,7 @@ static void search_completed_cb(uint8_t type, uint16_t status,
@ -180,10 +180,10 @@ index 71d3d9e95044..2f043cb7f010 100644
} while (scanned < (ssize_t) size && bytesleft > 0);
--
2.49.0
2.52.0
From 4fa100763db20e02af1956e970df8b29beb02907 Mon Sep 17 00:00:00 2001
From 0e4e3849c3c0563585ff6029ef8ecce8235a06d7 Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Thu, 18 Jul 2024 15:05:07 +0200
Subject: [PATCH 5/8] mesh: Quiet imprecise "overrun-buffer-val" #01163326
@ -233,7 +233,7 @@ bluez-5.77/mesh/net.c:2053:3: overrun-buffer-val: Overrunning array "sar_in->buf
2 files changed, 5 insertions(+)
diff --git a/mesh/friend.c b/mesh/friend.c
index 6aacf6338f24..3265412f9af5 100644
index 1c60705e046c..dc406d3da610 100644
--- a/mesh/friend.c
+++ b/mesh/friend.c
@@ -325,6 +325,7 @@ static void clear_retry(struct l_timeout *timeout, void *user_data)
@ -245,10 +245,10 @@ index 6aacf6338f24..3265412f9af5 100644
mesh_net_get_iv_index(neg->net), DEFAULT_TTL,
0, 0, neg->old_friend,
diff --git a/mesh/net.c b/mesh/net.c
index 466a12833117..fd5c3fb63100 100644
index cd84ac76492a..783b983b0d98 100644
--- a/mesh/net.c
+++ b/mesh/net.c
@@ -274,6 +274,7 @@ static void send_hb_publication(void *data)
@@ -257,6 +257,7 @@ static void send_hb_publication(void *data)
l_put_be16(net->features, msg + n);
n += 2;
@ -256,7 +256,7 @@ index 466a12833117..fd5c3fb63100 100644
mesh_net_transport_send(net, 0, 0, mesh_net_get_iv_index(net),
pub->ttl, 0, 0, pub->dst, msg, n);
}
@@ -1461,6 +1462,7 @@ static void send_frnd_ack(struct mesh_net *net, uint16_t src, uint16_t dst,
@@ -1444,6 +1445,7 @@ static void send_frnd_ack(struct mesh_net *net, uint16_t src, uint16_t dst,
friend_ack_rxed(net, mesh_net_get_iv_index(net),
mesh_net_next_seq_num(net), 0, dst, msg);
} else {
@ -264,7 +264,7 @@ index 466a12833117..fd5c3fb63100 100644
mesh_net_transport_send(net, 0, 0,
mesh_net_get_iv_index(net), DEFAULT_TTL,
0, 0, dst, msg, sizeof(msg));
@@ -1496,6 +1498,7 @@ static void send_net_ack(struct mesh_net *net, struct mesh_sar *sar,
@@ -1479,6 +1481,7 @@ static void send_net_ack(struct mesh_net *net, struct mesh_sar *sar,
return;
}
@ -272,7 +272,7 @@ index 466a12833117..fd5c3fb63100 100644
mesh_net_transport_send(net, 0, sar->net_idx,
mesh_net_get_iv_index(net), DEFAULT_TTL,
0, src, dst, msg,
@@ -2051,6 +2054,7 @@ static bool seg_rxed(struct mesh_net *net, bool frnd, uint32_t iv_index,
@@ -2034,6 +2037,7 @@ static bool seg_rxed(struct mesh_net *net, bool frnd, uint32_t iv_index,
/* Got it all */
send_net_ack(net, sar_in, expected);
@ -281,10 +281,10 @@ index 466a12833117..fd5c3fb63100 100644
sar_in->remote, dst, key_aid, true, szmic,
sar_in->seqZero, sar_in->buf, sar_in->len);
--
2.49.0
2.52.0
From d81b03e2e7da40ee8024f2a5bee6e873f0bf7607 Mon Sep 17 00:00:00 2001
From 390125524200bf3750e716f154288d4c2810c8c4 Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Thu, 18 Jul 2024 15:37:58 +0200
Subject: [PATCH 6/8] mesh: Quiet imprecise "overrun-buffer-val" #01163327
@ -327,10 +327,10 @@ bluez-5.77/mesh/net.c:3284:2: overrun-call: Overrunning callee's array of size 1
1 file changed, 3 insertions(+)
diff --git a/mesh/net.c b/mesh/net.c
index fd5c3fb63100..dff4b02e459a 100644
index 783b983b0d98..e344031ac7a7 100644
--- a/mesh/net.c
+++ b/mesh/net.c
@@ -1777,6 +1777,7 @@ static bool msg_rxed(struct mesh_net *net, bool frnd, uint32_t iv_index,
@@ -1760,6 +1760,7 @@ static bool msg_rxed(struct mesh_net *net, bool frnd, uint32_t iv_index,
hdr |= SEG_MAX(true, size) << SEGN_HDR_SHIFT;
}
@ -338,7 +338,7 @@ index fd5c3fb63100..dff4b02e459a 100644
if (friend_packet_queue(net, iv_index, false, frnd_ttl,
seq, src, dst,
hdr, data, size))
@@ -2055,6 +2056,7 @@ static bool seg_rxed(struct mesh_net *net, bool frnd, uint32_t iv_index,
@@ -2038,6 +2039,7 @@ static bool seg_rxed(struct mesh_net *net, bool frnd, uint32_t iv_index,
send_net_ack(net, sar_in, expected);
/* coverity[overrun-buffer-val] : FALSE */
@ -346,7 +346,7 @@ index fd5c3fb63100..dff4b02e459a 100644
msg_rxed(net, frnd, iv_index, ttl, seq, net_idx,
sar_in->remote, dst, key_aid, true, szmic,
sar_in->seqZero, sar_in->buf, sar_in->len);
@@ -3290,6 +3292,7 @@ bool mesh_net_app_send(struct mesh_net *net, bool frnd_cred, uint16_t src,
@@ -3269,6 +3271,7 @@ bool mesh_net_app_send(struct mesh_net *net, bool frnd_cred, uint16_t src,
segmented |= !!(seg_max);
/* First enqueue to any Friends and internal models */
@ -355,10 +355,10 @@ index fd5c3fb63100..dff4b02e459a 100644
key_aid, segmented, szmic, seq & SEQ_ZERO_MASK,
msg, msg_len);
--
2.49.0
2.52.0
From cadfe79f64ab0ad1cc7682196c4746b270bd0e81 Mon Sep 17 00:00:00 2001
From 516eb5fada822b0d12cd5ae195b07b459245f3aa Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Fri, 19 Jul 2024 15:06:24 +0200
Subject: [PATCH 7/8] shared/gatt-db: Work-around overrun-buffer-arg case
@ -416,7 +416,7 @@ bluez-5.77/src/shared/gatt-db.c:1006:3: overrun-buffer-arg: Overrunning array "v
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/shared/gatt-db.c b/src/shared/gatt-db.c
index c990dcd057eb..9de76c76bc33 100644
index a2bc41a82fbe..dcff5a1d9838 100644
--- a/src/shared/gatt-db.c
+++ b/src/shared/gatt-db.c
@@ -622,6 +622,7 @@ static struct gatt_db_service *gatt_db_service_create(const bt_uuid_t *uuid,
@ -427,7 +427,7 @@ index c990dcd057eb..9de76c76bc33 100644
service->attributes[0] = new_attribute(service, handle, type, value,
len);
if (!service->attributes[0]) {
@@ -986,6 +987,7 @@ service_insert_characteristic(struct gatt_db_service *service,
@@ -987,6 +988,7 @@ service_insert_characteristic(struct gatt_db_service *service,
len += sizeof(uint16_t);
len += uuid_to_le(uuid, &value[3]);
@ -435,9 +435,9 @@ index c990dcd057eb..9de76c76bc33 100644
service->attributes[i] = new_attribute(service, handle,
&characteristic_uuid,
value, len);
@@ -1017,8 +1019,11 @@ service_insert_characteristic(struct gatt_db_service *service,
if (!(*chrc) || !(*chrc)->value)
@@ -1021,8 +1023,11 @@ service_insert_characteristic(struct gatt_db_service *service,
return NULL;
}
- if (memcmp((*chrc)->value, value, len))
+ /* coverity[overrun-buffer-arg] : FALSE */
@ -449,10 +449,10 @@ index c990dcd057eb..9de76c76bc33 100644
set_attribute_data(service->attributes[i], read_func, write_func,
permissions, user_data);
--
2.49.0
2.52.0
From 88ce195aa191ab97f9a6b86d0234011658b68b5e Mon Sep 17 00:00:00 2001
From 01c3ab5c8eb65bc038a4c3c955ff3b5e27861512 Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Tue, 30 Jul 2024 15:27:49 +0200
Subject: [PATCH 8/8] shared/btsnoop: Work-around underflow case #01163329
@ -477,5 +477,5 @@ index bb0bccf0dd01..12f960ec353d 100644
*index = 0;
--
2.49.0
2.52.0

2
sources
View File

@ -1 +1 @@
SHA512 (bluez-5.83.tar.xz) = d2ab04e5d2458249964305c991c5d0c1678d24927019e5b6e10d2f8e1350e3f7d7c783fd3770874dc621a699171b68de6678bead1dcb6e6e73c9863248f26aaa
SHA512 (bluez-5.85.tar.xz) = 5bee1734dc0e67e99a655b894b0a191d43a3ca9d7834186dcbf82a0f1e51c510723a9877e0b1a0bf53296c22acc8eae8260a04d8d288d94c37310b4ac6bc0a69

60
static-analysis-issues-6.patch
View File

@ -1,4 +1,4 @@
From 36acca0e4f94bb926b16c2fe4536d416cdbf43e6 Mon Sep 17 00:00:00 2001
From 43dd31b8c04ea53e90b90b00bffb75ab5e13f83b Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Wed, 17 Jul 2024 12:37:16 +0200
Subject: [PATCH 1/8] sdp: Ensure size doesn't overflow
@ -13,13 +13,13 @@ bluez-5.77/lib/sdp.c:1686:3: overflow_sink: "size - sent", which might have unde
1687| if (n < 0)
1688| return -1;
---
lib/sdp.c | 6 +++---
lib/bluetooth/sdp.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lib/sdp.c b/lib/sdp.c
index 411a95b8a7d3..8a15ad803db1 100644
--- a/lib/sdp.c
+++ b/lib/sdp.c
diff --git a/lib/bluetooth/sdp.c b/lib/bluetooth/sdp.c
index 7210ce0b4ec3..ce34bb7d3f1d 100644
--- a/lib/bluetooth/sdp.c
+++ b/lib/bluetooth/sdp.c
@@ -1678,13 +1678,13 @@ sdp_data_t *sdp_data_get(const sdp_record_t *rec, uint16_t attrId)
return NULL;
}
@ -38,10 +38,10 @@ index 411a95b8a7d3..8a15ad803db1 100644
sent += n;
}
--
2.49.0
2.52.0
From 70c6433630f168d46af905f3721663f8db475558 Mon Sep 17 00:00:00 2001
From 5f4dcc1d9d4178abe16ea96099de5e0cde33da54 Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Thu, 18 Jul 2024 15:43:35 +0200
Subject: [PATCH 2/8] tools/isotest: Ensure ret doesn't overflow
@ -60,7 +60,7 @@ bluez-5.77/tools/isotest.c:779:3: overflow_sink: "count - ret", which might have
1 file changed, 2 insertions(+)
diff --git a/tools/isotest.c b/tools/isotest.c
index 2cac0e49cc39..0805faa66e47 100644
index e3d2d63ce1ff..b803dbf14dac 100644
--- a/tools/isotest.c
+++ b/tools/isotest.c
@@ -779,6 +779,8 @@ static int read_stream(int fd, ssize_t count)
@ -73,10 +73,10 @@ index 2cac0e49cc39..0805faa66e47 100644
ret += len;
usleep(1000);
--
2.49.0
2.52.0
From ce244bd2d24e95017df2e1dea6c3e90a662d05da Mon Sep 17 00:00:00 2001
From 9089d3c9c92d19ffcbe3e6f679a7894600ab46af Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Thu, 18 Jul 2024 15:45:47 +0200
Subject: [PATCH 3/8] health: mcap: Ensure sent doesn't overflow
@ -95,7 +95,7 @@ bluez-5.77/profiles/health/mcap.c:391:3: overflow_sink: "size - sent", which mig
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/profiles/health/mcap.c b/profiles/health/mcap.c
index 2e4214a6984f..b3bf403e74d2 100644
index b7e51d15cdb5..f43cb919aaba 100644
--- a/profiles/health/mcap.c
+++ b/profiles/health/mcap.c
@@ -389,7 +389,7 @@ int mcap_send_data(int sock, const void *buf, uint32_t size)
@ -108,10 +108,10 @@ index 2e4214a6984f..b3bf403e74d2 100644
sent += n;
}
--
2.49.0
2.52.0
From cac8152c9e741c7d7c939bd755c55295338b0a7e Mon Sep 17 00:00:00 2001
From 45271ed3fd87d238836181b3534ddf3777f535e9 Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Fri, 19 Jul 2024 11:26:45 +0200
Subject: [PATCH 4/8] shared/tester: Add early failure check
@ -133,10 +133,10 @@ bluez-5.77/src/shared/tester.c:948:2: overrun-buffer-arg: Calling "tester_monito
1 file changed, 2 insertions(+)
diff --git a/src/shared/tester.c b/src/shared/tester.c
index 371ccacedc66..1086a80363db 100644
index 1f59322bcfdd..08915addbb90 100644
--- a/src/shared/tester.c
+++ b/src/shared/tester.c
@@ -945,6 +945,8 @@ static bool test_io_send(struct io *io, void *user_data)
@@ -947,6 +947,8 @@ static bool test_io_send(struct io *io, void *user_data)
len = io_send(io, iov, 1);
@ -146,10 +146,10 @@ index 371ccacedc66..1086a80363db 100644
g_assert_cmpint(len, ==, iov->iov_len);
--
2.49.0
2.52.0
From 916115b8a4aeab9d10a2984a6593d93dcf5a30c2 Mon Sep 17 00:00:00 2001
From c3b5c920493919cc35a8328ca01f9fb3e41e80fd Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Mon, 29 Jul 2024 13:53:41 +0200
Subject: [PATCH 5/8] mesh: Fix possible integer overflow
@ -170,10 +170,10 @@ X
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/mesh/net.c b/mesh/net.c
index cc862dade5ae..2483e23c4229 100644
index b29e24f5d4a9..d779437179d9 100644
--- a/mesh/net.c
+++ b/mesh/net.c
@@ -3150,13 +3150,22 @@ static bool send_seg(struct mesh_net *net, uint8_t cnt, uint16_t interval,
@@ -3127,13 +3127,22 @@ static bool send_seg(struct mesh_net *net, uint8_t cnt, uint16_t interval,
uint32_t seq_num;
if (msg->segmented) {
@ -199,10 +199,10 @@ index cc862dade5ae..2483e23c4229 100644
/* Send on same seq_num used for Access Layer */
seq_num = msg->seqAuth;
--
2.49.0
2.52.0
From 51a597594dadb8150348d3a9ecb403db0cc75316 Mon Sep 17 00:00:00 2001
From dbe1f7b367c4482e23915d4fb430f9ec36e3fb63 Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Fri, 19 Jul 2024 14:27:54 +0200
Subject: [PATCH 6/8] shared/gatt-db: Fix possible buffer overrun
@ -229,7 +229,7 @@ bluez-5.77/src/shared/gatt-db.c:614:2: overrun-buffer-arg: Overrunning array "va
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/src/shared/gatt-db.c b/src/shared/gatt-db.c
index 8951079beef1..c990dcd057eb 100644
index d0e149d6f21c..a2bc41a82fbe 100644
--- a/src/shared/gatt-db.c
+++ b/src/shared/gatt-db.c
@@ -566,9 +566,14 @@ static int uuid_to_le(const bt_uuid_t *uuid, uint8_t *dst)
@ -251,10 +251,10 @@ index 8951079beef1..c990dcd057eb 100644
static bool le_to_uuid(const uint8_t *src, size_t len, bt_uuid_t *uuid)
--
2.49.0
2.52.0
From 4b38628a0602417a79e50a0d9219e3b8917082de Mon Sep 17 00:00:00 2001
From 0c74b1f84ef804d2ffb8d915aa7d921749728f9d Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Fri, 19 Jul 2024 11:29:15 +0200
Subject: [PATCH 7/8] shared/btsnoop: Avoid underflowing toread variable
@ -297,10 +297,10 @@ index bc5f7fcbe84c..bb0bccf0dd01 100644
if (len < 0) {
btsnoop->aborted = true;
--
2.49.0
2.52.0
From bf3eaaef06637a1597e86e03f10c0eb8b3b0139e Mon Sep 17 00:00:00 2001
From 9d94c382ba2fd32f21273f58724426bb0f3e8f20 Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Fri, 19 Jul 2024 15:14:26 +0200
Subject: [PATCH 8/8] monitor: Check for possible integer underflow
@ -321,7 +321,7 @@ bluez-5.77/monitor/control.c:1118:4: overflow_sink: "data->offset", which might
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/monitor/control.c b/monitor/control.c
index 009cf15209f0..62857b4b84de 100644
index 83347d5dbc3e..e43caa113181 100644
--- a/monitor/control.c
+++ b/monitor/control.c
@@ -18,6 +18,7 @@
@ -332,7 +332,7 @@ index 009cf15209f0..62857b4b84de 100644
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
@@ -1091,9 +1092,14 @@ static void client_callback(int fd, uint32_t events, void *user_data)
@@ -1147,9 +1148,14 @@ static void client_callback(int fd, uint32_t events, void *user_data)
return;
}
@ -349,5 +349,5 @@ index 009cf15209f0..62857b4b84de 100644
data->offset += len;
--
2.49.0
2.52.0

8
tests/run_tests.sh
View File

@ -9,15 +9,13 @@ set -ex
bluemoon --help
# Is bluetoothctl present and doesn't fail if called
# FIXME: https://issues.redhat.com/browse/RHEL-56073
# bluetoothctl --help
bluetoothctl --timeout 2 --help
# Is btattach present and doesn't fail if called
btattach --version
# Is btmgmt present and doesn't fail if called
# FIXME: https://issues.redhat.com/browse/RHEL-56073
# btmgmt --help
# Is bluetoothctl mgmt's menu is present and doesn't fail if called
bluetoothctl --timeout 2 --help | grep mgmt
# Is btmon present and doesn't fail if called
btmon --help