diff --git a/0001-build-Don-t-install-btmgmt-man-page-as-tool-isn-t.patch b/0001-build-Don-t-install-btmgmt-man-page-as-tool-isn-t.patch new file mode 100644 index 0000000..f5f700a --- /dev/null +++ b/0001-build-Don-t-install-btmgmt-man-page-as-tool-isn-t.patch @@ -0,0 +1,27 @@ +From c9ec6137b16aaf371b311f4777a042ec1175719b Mon Sep 17 00:00:00 2001 +From: Bastien Nocera +Date: Thu, 29 Jan 2026 13:40:52 +0100 +Subject: [PATCH] build: Don't install btmgmt man page as tool isn't + +The btmgmt tool isn't installed through the Makefiles, so the +man page shouldn't be installed either. +--- + Makefile.tools | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile.tools b/Makefile.tools +index 561b03d0b95b..f0b106fae7ef 100644 +--- a/Makefile.tools ++++ b/Makefile.tools +@@ -355,7 +355,7 @@ profiles_iap_iapd_LDADD = gdbus/libgdbus-internal.la $(GLIB_LIBS) $(DBUS_LIBS) + + if MANPAGES + man_MANS += tools/rctest.1 tools/l2ping.1 tools/btattach.1 tools/isotest.1 \ +- tools/btmgmt.1 client/bluetoothctl.1 \ ++ client/bluetoothctl.1 \ + client/bluetoothctl-mgmt.1 \ + client/bluetoothctl-monitor.1 client/bluetoothctl-admin.1 \ + client/bluetoothctl-advertise.1 client/bluetoothctl-endpoint.1 \ +-- +2.52.0 + diff --git a/0001-main-Simplify-parse_config_string.patch b/0001-main-Simplify-parse_config_string.patch index 1b38c37..162e46e 100644 --- a/0001-main-Simplify-parse_config_string.patch +++ b/0001-main-Simplify-parse_config_string.patch @@ -1,4 +1,4 @@ -From 8cc47ce7b9bd16e560b5cf13a7c0e1ac612bf59a Mon Sep 17 00:00:00 2001 +From b8d6754afe8a80219add46554c40cc3c8a8368d0 Mon Sep 17 00:00:00 2001 From: Bastien Nocera Date: Fri, 10 May 2024 13:47:29 +0200 Subject: [PATCH] main: Simplify parse_config_string() @@ -29,10 +29,10 @@ bluez-5.75/src/main.c:440:2: leaked_storage: Variable "tmp" going out of scope l 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/src/main.c b/src/main.c -index 3c51a0092425..4ac442b37a85 100644 +index 1c7390e6329d..217de1a3c935 100644 --- a/src/main.c +++ b/src/main.c -@@ -430,9 +430,14 @@ static bool parse_config_string(GKeyFile *config, const char *group, +@@ -431,9 +431,14 @@ static bool parse_config_string(GKeyFile *config, const char *group, const char *key, char **val) { GError *err = NULL; @@ -49,7 +49,7 @@ index 3c51a0092425..4ac442b37a85 100644 if (err) { if (err->code != G_KEY_FILE_ERROR_KEY_NOT_FOUND) DBG("%s", err->message); -@@ -440,12 +445,7 @@ static bool parse_config_string(GKeyFile *config, const char *group, +@@ -441,12 +446,7 @@ static bool parse_config_string(GKeyFile *config, const char *group, return false; } @@ -63,7 +63,7 @@ index 3c51a0092425..4ac442b37a85 100644 return true; } -@@ -1022,7 +1022,12 @@ static void parse_secure_conns(GKeyFile *config) +@@ -1023,7 +1023,12 @@ static void parse_secure_conns(GKeyFile *config) static void parse_general(GKeyFile *config) { @@ -78,5 +78,5 @@ index 3c51a0092425..4ac442b37a85 100644 parse_config_u32(config, "General", "DiscoverableTimeout", &btd_opts.discovto, -- -2.49.0 +2.52.0 diff --git a/0001-shared-shell-Free-memory-allocated-by-wordexp.patch b/0001-shared-shell-Free-memory-allocated-by-wordexp.patch index 5989e9c..0aa7e2f 100644 --- a/0001-shared-shell-Free-memory-allocated-by-wordexp.patch +++ b/0001-shared-shell-Free-memory-allocated-by-wordexp.patch @@ -1,4 +1,4 @@ -From 48c0a18b1f4367935588c3c1a26280f52eed5502 Mon Sep 17 00:00:00 2001 +From 1b8a2d85a42a8e08e0c3c0c6ad8ed01c65a71524 Mon Sep 17 00:00:00 2001 From: Bastien Nocera Date: Tue, 2 Jul 2024 15:27:12 +0200 Subject: [PATCH] shared/shell: Free memory allocated by wordexp() @@ -61,10 +61,10 @@ bluez-5.76/src/shared/shell.c:1423:4: leaked_storage: Variable "w" going out of 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/src/shared/shell.c b/src/shared/shell.c -index 6b4f7a7ef503..cac19d6307c6 100644 +index ea285c72631d..b4add90322b5 100644 --- a/src/shared/shell.c +++ b/src/shared/shell.c -@@ -503,13 +503,23 @@ static void shell_print_menu_zsh_complete(void) +@@ -504,13 +504,23 @@ static void shell_print_menu_zsh_complete(void) } } @@ -89,7 +89,7 @@ index 6b4f7a7ef503..cac19d6307c6 100644 free(str); return -EINVAL; } -@@ -531,6 +541,7 @@ static int cmd_exec(const struct bt_shell_menu_entry *entry, +@@ -532,6 +542,7 @@ static int cmd_exec(const struct bt_shell_menu_entry *entry, char *man, *opt; int flags = WRDE_NOCMD; bool optargs = false; @@ -97,7 +97,7 @@ index 6b4f7a7ef503..cac19d6307c6 100644 if (argc == 2 && (!memcmp(argv[1], "help", 4) || !memcmp(argv[1], "--help", 6))) { -@@ -588,8 +599,10 @@ static int cmd_exec(const struct bt_shell_menu_entry *entry, +@@ -589,8 +600,10 @@ static int cmd_exec(const struct bt_shell_menu_entry *entry, goto fail; } @@ -109,7 +109,7 @@ index 6b4f7a7ef503..cac19d6307c6 100644 optional: if (parse_args(opt, &w, "[]", flags) < 0) { -@@ -602,6 +615,7 @@ optional: +@@ -603,6 +616,7 @@ optional: free(opt); /* Check if there are too many arguments */ @@ -117,7 +117,7 @@ index 6b4f7a7ef503..cac19d6307c6 100644 if (!optargs && ((unsigned int) argc - 1 > w.we_wordc && !w.we_offs)) { print_text(COLOR_HIGHLIGHT, "Too many arguments: %d > %zu", argc - 1, w.we_wordc); -@@ -1096,7 +1110,7 @@ static char **args_completion(const struct bt_shell_menu_entry *entry, int argc, +@@ -1102,7 +1116,7 @@ static char **args_completion(const struct bt_shell_menu_entry *entry, int argc, args.we_offs = 0; wordfree(&args); @@ -126,7 +126,7 @@ index 6b4f7a7ef503..cac19d6307c6 100644 goto done; rl_completion_display_matches_hook = NULL; -@@ -1168,7 +1182,7 @@ static char **shell_completion(const char *text, int start, int end) +@@ -1174,7 +1188,7 @@ static char **shell_completion(const char *text, int start, int end) if (start > 0) { wordexp_t w; @@ -134,8 +134,8 @@ index 6b4f7a7ef503..cac19d6307c6 100644 + if (_wordexp(rl_line_buffer, &w, WRDE_NOCMD)) return NULL; - matches = menu_completion(default_menu, text, w.we_wordc, -@@ -1481,7 +1495,7 @@ int bt_shell_exec(const char *input) + matches = menu_completion(default_menu.entries, text, +@@ -1497,7 +1511,7 @@ int bt_shell_exec(const char *input) if (data.monitor) bt_log_printf(0xffff, data.name, LOG_INFO, "%s", input); @@ -144,7 +144,7 @@ index 6b4f7a7ef503..cac19d6307c6 100644 switch (err) { case WRDE_BADCHAR: return -EBADMSG; -@@ -1491,7 +1505,7 @@ int bt_shell_exec(const char *input) +@@ -1507,7 +1521,7 @@ int bt_shell_exec(const char *input) case WRDE_NOSPACE: return -ENOMEM; case WRDE_CMDSUB: @@ -154,5 +154,5 @@ index 6b4f7a7ef503..cac19d6307c6 100644 break; }; -- -2.49.0 +2.52.0 diff --git a/5.83-fixes.patch b/5.83-fixes.patch deleted file mode 100644 index a5edd3c..0000000 --- a/5.83-fixes.patch +++ /dev/null @@ -1,174 +0,0 @@ -From dd718c202276165244ea4c26f99d233c8b6f4cd1 Mon Sep 17 00:00:00 2001 -From: Luiz Augusto von Dentz -Date: Thu, 3 Jul 2025 13:30:22 -0400 -Subject: [PATCH 1/2] shared/shell: Fix not calling pre_run for main menu - -When calling bt_shell_run the main menu pre_run was not being called -which cause tools with just one menu to not work as intended. - -Fixes: https://github.com/bluez/bluez/issues/1319 ---- - src/shared/shell.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/src/shared/shell.c b/src/shared/shell.c -index f7d237c19203..2fc02a98eda9 100644 ---- a/src/shared/shell.c -+++ b/src/shared/shell.c -@@ -1464,6 +1464,9 @@ int bt_shell_run(void) - int status; - const struct queue_entry *submenu; - -+ if (data.menu && data.menu->pre_run) -+ data.menu->pre_run(data.menu); -+ - for (submenu = queue_get_entries(data.submenus); submenu; - submenu = submenu->next) { - struct bt_shell_menu *menu = submenu->data; --- -2.50.1 - - -From 13f7ed2e5242ac4e98710f3e97c00bf51e35c2e9 Mon Sep 17 00:00:00 2001 -From: Luiz Augusto von Dentz -Date: Mon, 7 Jul 2025 09:39:43 -0400 -Subject: [PATCH 2/2] shared/shell: Fix not running pre_run on - MODE_NON_INTERACTIVE - -If a command is given to be run in non-interactive mode the code would -not attempt to execute .pre_run first since some (sub)menus requires that -in order to properly initialize things. - -Fixes: https://github.com/bluez/bluez/issues/1394 -Fixes: https://github.com/bluez/bluez/issues/1317 ---- - src/shared/shell.c | 33 +++++++++++++++++++++++---------- - 1 file changed, 23 insertions(+), 10 deletions(-) - -diff --git a/src/shared/shell.c b/src/shared/shell.c -index 2fc02a98eda9..bdfbf2af6f21 100644 ---- a/src/shared/shell.c -+++ b/src/shared/shell.c -@@ -423,7 +423,8 @@ static void cmd_script(int argc, char *argv[]) - return bt_shell_noninteractive_quit(EXIT_SUCCESS); - } - --static const struct bt_shell_menu_entry default_menu[] = { -+static const struct bt_shell_menu default_menu = { -+ .entries = { - { "back", NULL, cmd_back, "Return to main menu", NULL, - NULL, cmd_back_exists }, - { "menu", "", cmd_menu, "Select submenu", -@@ -437,7 +438,7 @@ static const struct bt_shell_menu_entry default_menu[] = { - { "export", NULL, cmd_export, - "Print environment variables" }, - { "script", "", cmd_script, "Run script" }, -- { } -+ {} }, - }; - - static void shell_print_help(void) -@@ -480,7 +481,7 @@ static void shell_print_menu(void) - print_menu(entry->cmd, entry->arg ? : "", entry->desc ? : ""); - } - -- for (entry = default_menu; entry->cmd; entry++) { -+ for (entry = default_menu.entries; entry->cmd; entry++) { - if (entry->exists && !entry->exists(data.menu)) - continue; - -@@ -495,7 +496,7 @@ static void shell_print_menu_zsh_complete(void) - for (entry = data.menu->entries; entry->cmd; entry++) - printf("%s:%s\n", entry->cmd, entry->desc ? : ""); - -- for (entry = default_menu; entry->cmd; entry++) { -+ for (entry = default_menu.entries; entry->cmd; entry++) { - if (entry->exists && !entry->exists(data.menu)) - continue; - -@@ -642,9 +643,11 @@ fail: - return -EINVAL; - } - --static int menu_exec(const struct bt_shell_menu_entry *entry, -+static int menu_exec(const struct bt_shell_menu *menu, - int argc, char *argv[]) - { -+ const struct bt_shell_menu_entry *entry = menu->entries; -+ - for (; entry->cmd; entry++) { - if (strcmp(argv[0], entry->cmd)) - continue; -@@ -657,6 +660,9 @@ static int menu_exec(const struct bt_shell_menu_entry *entry, - if (data.menu == data.main && !strcmp(entry->cmd, "back")) - continue; - -+ if (data.mode == MODE_NON_INTERACTIVE && menu->pre_run) -+ menu->pre_run(menu); -+ - return cmd_exec(entry, argc, argv); - } - -@@ -688,7 +694,7 @@ static int submenu_exec(int argc, char *argv[]) - memmove(argv[0], argv[0] + len + 1, tlen - len - 1); - memset(argv[0] + tlen - len - 1, 0, len + 1); - -- return menu_exec(submenu->entries, argc, argv); -+ return menu_exec(submenu, argc, argv); - } - - static int shell_exec(int argc, char *argv[]) -@@ -701,9 +707,9 @@ static int shell_exec(int argc, char *argv[]) - if (!argsisutf8(argc, argv)) - return -EINVAL; - -- err = menu_exec(default_menu, argc, argv); -+ err = menu_exec(&default_menu, argc, argv); - if (err == -ENOENT) { -- err = menu_exec(data.menu->entries, argc, argv); -+ err = menu_exec(data.menu, argc, argv); - if (err == -ENOENT) { - err = submenu_exec(argc, argv); - if (err == -ENOENT) { -@@ -995,7 +1001,7 @@ static char *cmd_generator(const char *text, int state) - } - - if (default_menu_enabled) { -- cmd = find_cmd(text, default_menu, &index); -+ cmd = find_cmd(text, default_menu.entries, &index); - if (cmd) { - return cmd; - } else { -@@ -1186,7 +1192,7 @@ static char **shell_completion(const char *text, int start, int end) - if (_wordexp(rl_line_buffer, &w, WRDE_NOCMD)) - return NULL; - -- matches = menu_completion(default_menu, text, w.we_wordc, -+ matches = menu_completion(default_menu.entries, text, w.we_wordc, - w.we_wordv[0]); - if (!matches) { - matches = menu_completion(data.menu->entries, text, -@@ -1464,6 +1470,12 @@ int bt_shell_run(void) - int status; - const struct queue_entry *submenu; - -+ /* Check if on non-interactive mode skip pre-run since that is on-demand -+ * by shell_exec() only for the menu in use. -+ */ -+ if (data.mode == MODE_NON_INTERACTIVE) -+ goto done; -+ - if (data.menu && data.menu->pre_run) - data.menu->pre_run(data.menu); - -@@ -1475,6 +1487,7 @@ int bt_shell_run(void) - menu->pre_run(menu); - } - -+done: - status = mainloop_run_with_signal(signal_callback, NULL); - - bt_shell_cleanup(); --- -2.50.1 - diff --git a/bluez.spec b/bluez.spec index 00b2a98..cef6ac8 100644 --- a/bluez.spec +++ b/bluez.spec @@ -5,8 +5,8 @@ %endif Name: bluez -Version: 5.83 -Release: 2%{?dist} +Version: 5.85 +Release: 1%{?dist} Summary: Bluetooth utilities License: GPL-2.0-or-later URL: http://www.bluez.org/ @@ -21,7 +21,8 @@ Patch2: 0001-shared-shell-Free-memory-allocated-by-wordexp.patch Patch3: static-analysis-issues-6.patch # Coverity downstream patches Patch4: coverity-workarounds.patch -Patch5: 5.83-fixes.patch +# https://patchwork.kernel.org/project/bluetooth/patch/20260129125948.2724071-2-hadess@hadess.net/ +Patch5: 0001-build-Don-t-install-btmgmt-man-page-as-tool-isn-t.patch BuildRequires: dbus-devel >= 1.6 BuildRequires: glib2-devel @@ -175,11 +176,6 @@ install -m0755 attrib/gatttool $RPM_BUILD_ROOT%{_bindir} # Red Hat Bugzilla bug #1699680 install -m0755 tools/avinfo $RPM_BUILD_ROOT%{_bindir} -# btmgmt is not installed by "make install", but it is useful for debugging -# some issues and to set the MAC address on HCIs which don't have their -# MAC address configured -install -m0755 tools/btmgmt $RPM_BUILD_ROOT%{_bindir} - # Remove libtool archive find $RPM_BUILD_ROOT -name '*.la' -delete @@ -248,13 +244,11 @@ install emulator/btvirt ${RPM_BUILD_ROOT}/%{_libexecdir}/bluetooth/ %{_bindir}/bluemoon %{_bindir}/bluetoothctl %{_bindir}/btattach -%{_bindir}/btmgmt %{_bindir}/btmon %{_bindir}/hex2hcd %{_bindir}/mpris-proxy %{_mandir}/man1/bluetoothctl.1.* %{_mandir}/man1/bluetoothctl-*.1.* -%{_mandir}/man1/btmgmt.1.* %{_mandir}/man1/btattach.1.* %{_mandir}/man1/btmon.1.* %{_mandir}/man8/bluetoothd.8.* @@ -306,6 +300,7 @@ install emulator/btvirt ${RPM_BUILD_ROOT}/%{_libexecdir}/bluetooth/ %{_mandir}/man1/rctest.1.* %{_mandir}/man5/org.bluez.*.5.* %{_mandir}/man7/hci.7.* +%{_mandir}/man7/iso.7.* %{_mandir}/man7/l2cap.7.* %{_mandir}/man7/mgmt.7.* %{_mandir}/man7/sco.7.* @@ -343,6 +338,10 @@ install emulator/btvirt ${RPM_BUILD_ROOT}/%{_libexecdir}/bluetooth/ %{_userunitdir}/obex.service %changelog +* Mon Jan 26 2026 Bastien Nocera - 5.85-1 +- Update to 5.85 + Resolves: RHEL-142551 + * Mon Aug 18 2025 Bastien Nocera - 5.83-2 - Fix problem with menu handling Resolves: RHEL-103965 diff --git a/coverity-workarounds.patch b/coverity-workarounds.patch index fab7470..9898df8 100644 --- a/coverity-workarounds.patch +++ b/coverity-workarounds.patch @@ -1,4 +1,4 @@ -From 10631ec6213213085de4da0f274b8f608e29053f Mon Sep 17 00:00:00 2001 +From 25fe0919b7c20f68e15a90a0b012283d9a9a291a Mon Sep 17 00:00:00 2001 From: Bastien Nocera Date: Mon, 5 Aug 2024 12:17:29 +0200 Subject: [PATCH 1/8] monitor: Work-around overflow_sink Case #01164573 @@ -10,10 +10,10 @@ and exit the function if it is. 1 file changed, 1 insertion(+) diff --git a/monitor/control.c b/monitor/control.c -index 62857b4b84de..40e8a3a90c05 100644 +index e43caa113181..e72d9f118388 100644 --- a/monitor/control.c +++ b/monitor/control.c -@@ -1102,6 +1102,7 @@ static void client_callback(int fd, uint32_t events, void *user_data) +@@ -1158,6 +1158,7 @@ static void client_callback(int fd, uint32_t events, void *user_data) UINT16_MAX - data->offset > len) return; @@ -22,10 +22,10 @@ index 62857b4b84de..40e8a3a90c05 100644 while (data->offset >= MGMT_HDR_SIZE) { -- -2.49.0 +2.52.0 -From 9dc3bf02dec24eaf4577e7f0a44618c6a3e83a44 Mon Sep 17 00:00:00 2001 +From b28e1455326f7c8abfe1138050fa3877aafd9548 Mon Sep 17 00:00:00 2001 From: Bastien Nocera Date: Tue, 30 Jul 2024 15:45:18 +0200 Subject: [PATCH 2/8] mesh/net: Work-around memory overallocation warning @@ -47,10 +47,10 @@ bluez-5.77/mesh/net.c:3316:2: overrun-buffer-arg: Overrunning array "payload->bu 1 file changed, 1 insertion(+) diff --git a/mesh/net.c b/mesh/net.c -index 2483e23c4229..466a12833117 100644 +index d779437179d9..cd84ac76492a 100644 --- a/mesh/net.c +++ b/mesh/net.c -@@ -3307,6 +3307,7 @@ bool mesh_net_app_send(struct mesh_net *net, bool frnd_cred, uint16_t src, +@@ -3286,6 +3286,7 @@ bool mesh_net_app_send(struct mesh_net *net, bool frnd_cred, uint16_t src, /* Setup OTA Network send */ payload = mesh_sar_new(msg_len); @@ -59,10 +59,10 @@ index 2483e23c4229..466a12833117 100644 payload->len = msg_len; payload->src = src; -- -2.49.0 +2.52.0 -From a42b6e001d6c96f7bca276f022925b3cfe10af83 Mon Sep 17 00:00:00 2001 +From 009de66b7f075579ad9f7ee8311de58993d214ba Mon Sep 17 00:00:00 2001 From: Bastien Nocera Date: Wed, 17 Jul 2024 12:51:56 +0200 Subject: [PATCH 3/8] shared/shell: Work-around SAT-45980 with wordexp() @@ -82,10 +82,10 @@ bluez-5.77/src/shared/shell.c:558:3: leaked_storage: Variable "w" going out of s 1 file changed, 1 insertion(+) diff --git a/src/shared/shell.c b/src/shared/shell.c -index cac19d6307c6..773d80e14b8f 100644 +index ea285c72631d..72423f8f7e67 100644 --- a/src/shared/shell.c +++ b/src/shared/shell.c -@@ -609,6 +609,7 @@ optional: +@@ -597,6 +597,7 @@ optional: print_text(COLOR_HIGHLIGHT, "Unable to parse optional command arguments: %s", opt); free(opt); @@ -94,10 +94,10 @@ index cac19d6307c6..773d80e14b8f 100644 } -- -2.49.0 +2.52.0 -From c36f13f3b34d434fc275a1bab18c1064959e3bf0 Mon Sep 17 00:00:00 2001 +From f26dcbdc7e0a4f3c07cdb3ecf4e18d48b5978642 Mon Sep 17 00:00:00 2001 From: Bastien Nocera Date: Wed, 17 Jul 2024 11:28:17 +0200 Subject: [PATCH 4/8] sdp: Work-around #01163325 with single-linked list @@ -147,14 +147,14 @@ bluez-5.77/src/sdp-client.c:197:3: overwrite_var: Overwriting "recs" in "recs = 198| } while (scanned < (ssize_t) size && bytesleft > 0); 199| --- - lib/sdp.c | 2 ++ - src/sdp-client.c | 1 + + lib/bluetooth/sdp.c | 2 ++ + src/sdp-client.c | 1 + 2 files changed, 3 insertions(+) -diff --git a/lib/sdp.c b/lib/sdp.c -index 8a15ad803db1..99efbc19c299 100644 ---- a/lib/sdp.c -+++ b/lib/sdp.c +diff --git a/lib/bluetooth/sdp.c b/lib/bluetooth/sdp.c +index ce34bb7d3f1d..780ac46febc8 100644 +--- a/lib/bluetooth/sdp.c ++++ b/lib/bluetooth/sdp.c @@ -1893,9 +1893,11 @@ static int sdp_get_proto_descs(uint16_t attr_id, const sdp_record_t *rec, sdp_list_free(pds, NULL); goto failed; @@ -168,7 +168,7 @@ index 8a15ad803db1..99efbc19c299 100644 } diff --git a/src/sdp-client.c b/src/sdp-client.c -index 71d3d9e95044..2f043cb7f010 100644 +index 4f35cf1b7a8f..c1d99dcc23a8 100644 --- a/src/sdp-client.c +++ b/src/sdp-client.c @@ -194,6 +194,7 @@ static void search_completed_cb(uint8_t type, uint16_t status, @@ -180,10 +180,10 @@ index 71d3d9e95044..2f043cb7f010 100644 } while (scanned < (ssize_t) size && bytesleft > 0); -- -2.49.0 +2.52.0 -From 4fa100763db20e02af1956e970df8b29beb02907 Mon Sep 17 00:00:00 2001 +From 0e4e3849c3c0563585ff6029ef8ecce8235a06d7 Mon Sep 17 00:00:00 2001 From: Bastien Nocera Date: Thu, 18 Jul 2024 15:05:07 +0200 Subject: [PATCH 5/8] mesh: Quiet imprecise "overrun-buffer-val" #01163326 @@ -233,7 +233,7 @@ bluez-5.77/mesh/net.c:2053:3: overrun-buffer-val: Overrunning array "sar_in->buf 2 files changed, 5 insertions(+) diff --git a/mesh/friend.c b/mesh/friend.c -index 6aacf6338f24..3265412f9af5 100644 +index 1c60705e046c..dc406d3da610 100644 --- a/mesh/friend.c +++ b/mesh/friend.c @@ -325,6 +325,7 @@ static void clear_retry(struct l_timeout *timeout, void *user_data) @@ -245,10 +245,10 @@ index 6aacf6338f24..3265412f9af5 100644 mesh_net_get_iv_index(neg->net), DEFAULT_TTL, 0, 0, neg->old_friend, diff --git a/mesh/net.c b/mesh/net.c -index 466a12833117..fd5c3fb63100 100644 +index cd84ac76492a..783b983b0d98 100644 --- a/mesh/net.c +++ b/mesh/net.c -@@ -274,6 +274,7 @@ static void send_hb_publication(void *data) +@@ -257,6 +257,7 @@ static void send_hb_publication(void *data) l_put_be16(net->features, msg + n); n += 2; @@ -256,7 +256,7 @@ index 466a12833117..fd5c3fb63100 100644 mesh_net_transport_send(net, 0, 0, mesh_net_get_iv_index(net), pub->ttl, 0, 0, pub->dst, msg, n); } -@@ -1461,6 +1462,7 @@ static void send_frnd_ack(struct mesh_net *net, uint16_t src, uint16_t dst, +@@ -1444,6 +1445,7 @@ static void send_frnd_ack(struct mesh_net *net, uint16_t src, uint16_t dst, friend_ack_rxed(net, mesh_net_get_iv_index(net), mesh_net_next_seq_num(net), 0, dst, msg); } else { @@ -264,7 +264,7 @@ index 466a12833117..fd5c3fb63100 100644 mesh_net_transport_send(net, 0, 0, mesh_net_get_iv_index(net), DEFAULT_TTL, 0, 0, dst, msg, sizeof(msg)); -@@ -1496,6 +1498,7 @@ static void send_net_ack(struct mesh_net *net, struct mesh_sar *sar, +@@ -1479,6 +1481,7 @@ static void send_net_ack(struct mesh_net *net, struct mesh_sar *sar, return; } @@ -272,7 +272,7 @@ index 466a12833117..fd5c3fb63100 100644 mesh_net_transport_send(net, 0, sar->net_idx, mesh_net_get_iv_index(net), DEFAULT_TTL, 0, src, dst, msg, -@@ -2051,6 +2054,7 @@ static bool seg_rxed(struct mesh_net *net, bool frnd, uint32_t iv_index, +@@ -2034,6 +2037,7 @@ static bool seg_rxed(struct mesh_net *net, bool frnd, uint32_t iv_index, /* Got it all */ send_net_ack(net, sar_in, expected); @@ -281,10 +281,10 @@ index 466a12833117..fd5c3fb63100 100644 sar_in->remote, dst, key_aid, true, szmic, sar_in->seqZero, sar_in->buf, sar_in->len); -- -2.49.0 +2.52.0 -From d81b03e2e7da40ee8024f2a5bee6e873f0bf7607 Mon Sep 17 00:00:00 2001 +From 390125524200bf3750e716f154288d4c2810c8c4 Mon Sep 17 00:00:00 2001 From: Bastien Nocera Date: Thu, 18 Jul 2024 15:37:58 +0200 Subject: [PATCH 6/8] mesh: Quiet imprecise "overrun-buffer-val" #01163327 @@ -327,10 +327,10 @@ bluez-5.77/mesh/net.c:3284:2: overrun-call: Overrunning callee's array of size 1 1 file changed, 3 insertions(+) diff --git a/mesh/net.c b/mesh/net.c -index fd5c3fb63100..dff4b02e459a 100644 +index 783b983b0d98..e344031ac7a7 100644 --- a/mesh/net.c +++ b/mesh/net.c -@@ -1777,6 +1777,7 @@ static bool msg_rxed(struct mesh_net *net, bool frnd, uint32_t iv_index, +@@ -1760,6 +1760,7 @@ static bool msg_rxed(struct mesh_net *net, bool frnd, uint32_t iv_index, hdr |= SEG_MAX(true, size) << SEGN_HDR_SHIFT; } @@ -338,7 +338,7 @@ index fd5c3fb63100..dff4b02e459a 100644 if (friend_packet_queue(net, iv_index, false, frnd_ttl, seq, src, dst, hdr, data, size)) -@@ -2055,6 +2056,7 @@ static bool seg_rxed(struct mesh_net *net, bool frnd, uint32_t iv_index, +@@ -2038,6 +2039,7 @@ static bool seg_rxed(struct mesh_net *net, bool frnd, uint32_t iv_index, send_net_ack(net, sar_in, expected); /* coverity[overrun-buffer-val] : FALSE */ @@ -346,7 +346,7 @@ index fd5c3fb63100..dff4b02e459a 100644 msg_rxed(net, frnd, iv_index, ttl, seq, net_idx, sar_in->remote, dst, key_aid, true, szmic, sar_in->seqZero, sar_in->buf, sar_in->len); -@@ -3290,6 +3292,7 @@ bool mesh_net_app_send(struct mesh_net *net, bool frnd_cred, uint16_t src, +@@ -3269,6 +3271,7 @@ bool mesh_net_app_send(struct mesh_net *net, bool frnd_cred, uint16_t src, segmented |= !!(seg_max); /* First enqueue to any Friends and internal models */ @@ -355,10 +355,10 @@ index fd5c3fb63100..dff4b02e459a 100644 key_aid, segmented, szmic, seq & SEQ_ZERO_MASK, msg, msg_len); -- -2.49.0 +2.52.0 -From cadfe79f64ab0ad1cc7682196c4746b270bd0e81 Mon Sep 17 00:00:00 2001 +From 516eb5fada822b0d12cd5ae195b07b459245f3aa Mon Sep 17 00:00:00 2001 From: Bastien Nocera Date: Fri, 19 Jul 2024 15:06:24 +0200 Subject: [PATCH 7/8] shared/gatt-db: Work-around overrun-buffer-arg case @@ -416,7 +416,7 @@ bluez-5.77/src/shared/gatt-db.c:1006:3: overrun-buffer-arg: Overrunning array "v 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/shared/gatt-db.c b/src/shared/gatt-db.c -index c990dcd057eb..9de76c76bc33 100644 +index a2bc41a82fbe..dcff5a1d9838 100644 --- a/src/shared/gatt-db.c +++ b/src/shared/gatt-db.c @@ -622,6 +622,7 @@ static struct gatt_db_service *gatt_db_service_create(const bt_uuid_t *uuid, @@ -427,7 +427,7 @@ index c990dcd057eb..9de76c76bc33 100644 service->attributes[0] = new_attribute(service, handle, type, value, len); if (!service->attributes[0]) { -@@ -986,6 +987,7 @@ service_insert_characteristic(struct gatt_db_service *service, +@@ -987,6 +988,7 @@ service_insert_characteristic(struct gatt_db_service *service, len += sizeof(uint16_t); len += uuid_to_le(uuid, &value[3]); @@ -435,9 +435,9 @@ index c990dcd057eb..9de76c76bc33 100644 service->attributes[i] = new_attribute(service, handle, &characteristic_uuid, value, len); -@@ -1017,8 +1019,11 @@ service_insert_characteristic(struct gatt_db_service *service, - if (!(*chrc) || !(*chrc)->value) +@@ -1021,8 +1023,11 @@ service_insert_characteristic(struct gatt_db_service *service, return NULL; + } - if (memcmp((*chrc)->value, value, len)) + /* coverity[overrun-buffer-arg] : FALSE */ @@ -449,10 +449,10 @@ index c990dcd057eb..9de76c76bc33 100644 set_attribute_data(service->attributes[i], read_func, write_func, permissions, user_data); -- -2.49.0 +2.52.0 -From 88ce195aa191ab97f9a6b86d0234011658b68b5e Mon Sep 17 00:00:00 2001 +From 01c3ab5c8eb65bc038a4c3c955ff3b5e27861512 Mon Sep 17 00:00:00 2001 From: Bastien Nocera Date: Tue, 30 Jul 2024 15:27:49 +0200 Subject: [PATCH 8/8] shared/btsnoop: Work-around underflow case #01163329 @@ -477,5 +477,5 @@ index bb0bccf0dd01..12f960ec353d 100644 *index = 0; -- -2.49.0 +2.52.0 diff --git a/sources b/sources index 21d3102..bb6b4f2 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (bluez-5.83.tar.xz) = d2ab04e5d2458249964305c991c5d0c1678d24927019e5b6e10d2f8e1350e3f7d7c783fd3770874dc621a699171b68de6678bead1dcb6e6e73c9863248f26aaa +SHA512 (bluez-5.85.tar.xz) = 5bee1734dc0e67e99a655b894b0a191d43a3ca9d7834186dcbf82a0f1e51c510723a9877e0b1a0bf53296c22acc8eae8260a04d8d288d94c37310b4ac6bc0a69 diff --git a/static-analysis-issues-6.patch b/static-analysis-issues-6.patch index 1b840c0..5fa139c 100644 --- a/static-analysis-issues-6.patch +++ b/static-analysis-issues-6.patch @@ -1,4 +1,4 @@ -From 36acca0e4f94bb926b16c2fe4536d416cdbf43e6 Mon Sep 17 00:00:00 2001 +From 43dd31b8c04ea53e90b90b00bffb75ab5e13f83b Mon Sep 17 00:00:00 2001 From: Bastien Nocera Date: Wed, 17 Jul 2024 12:37:16 +0200 Subject: [PATCH 1/8] sdp: Ensure size doesn't overflow @@ -13,13 +13,13 @@ bluez-5.77/lib/sdp.c:1686:3: overflow_sink: "size - sent", which might have unde 1687| if (n < 0) 1688| return -1; --- - lib/sdp.c | 6 +++--- + lib/bluetooth/sdp.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) -diff --git a/lib/sdp.c b/lib/sdp.c -index 411a95b8a7d3..8a15ad803db1 100644 ---- a/lib/sdp.c -+++ b/lib/sdp.c +diff --git a/lib/bluetooth/sdp.c b/lib/bluetooth/sdp.c +index 7210ce0b4ec3..ce34bb7d3f1d 100644 +--- a/lib/bluetooth/sdp.c ++++ b/lib/bluetooth/sdp.c @@ -1678,13 +1678,13 @@ sdp_data_t *sdp_data_get(const sdp_record_t *rec, uint16_t attrId) return NULL; } @@ -38,10 +38,10 @@ index 411a95b8a7d3..8a15ad803db1 100644 sent += n; } -- -2.49.0 +2.52.0 -From 70c6433630f168d46af905f3721663f8db475558 Mon Sep 17 00:00:00 2001 +From 5f4dcc1d9d4178abe16ea96099de5e0cde33da54 Mon Sep 17 00:00:00 2001 From: Bastien Nocera Date: Thu, 18 Jul 2024 15:43:35 +0200 Subject: [PATCH 2/8] tools/isotest: Ensure ret doesn't overflow @@ -60,7 +60,7 @@ bluez-5.77/tools/isotest.c:779:3: overflow_sink: "count - ret", which might have 1 file changed, 2 insertions(+) diff --git a/tools/isotest.c b/tools/isotest.c -index 2cac0e49cc39..0805faa66e47 100644 +index e3d2d63ce1ff..b803dbf14dac 100644 --- a/tools/isotest.c +++ b/tools/isotest.c @@ -779,6 +779,8 @@ static int read_stream(int fd, ssize_t count) @@ -73,10 +73,10 @@ index 2cac0e49cc39..0805faa66e47 100644 ret += len; usleep(1000); -- -2.49.0 +2.52.0 -From ce244bd2d24e95017df2e1dea6c3e90a662d05da Mon Sep 17 00:00:00 2001 +From 9089d3c9c92d19ffcbe3e6f679a7894600ab46af Mon Sep 17 00:00:00 2001 From: Bastien Nocera Date: Thu, 18 Jul 2024 15:45:47 +0200 Subject: [PATCH 3/8] health: mcap: Ensure sent doesn't overflow @@ -95,7 +95,7 @@ bluez-5.77/profiles/health/mcap.c:391:3: overflow_sink: "size - sent", which mig 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/profiles/health/mcap.c b/profiles/health/mcap.c -index 2e4214a6984f..b3bf403e74d2 100644 +index b7e51d15cdb5..f43cb919aaba 100644 --- a/profiles/health/mcap.c +++ b/profiles/health/mcap.c @@ -389,7 +389,7 @@ int mcap_send_data(int sock, const void *buf, uint32_t size) @@ -108,10 +108,10 @@ index 2e4214a6984f..b3bf403e74d2 100644 sent += n; } -- -2.49.0 +2.52.0 -From cac8152c9e741c7d7c939bd755c55295338b0a7e Mon Sep 17 00:00:00 2001 +From 45271ed3fd87d238836181b3534ddf3777f535e9 Mon Sep 17 00:00:00 2001 From: Bastien Nocera Date: Fri, 19 Jul 2024 11:26:45 +0200 Subject: [PATCH 4/8] shared/tester: Add early failure check @@ -133,10 +133,10 @@ bluez-5.77/src/shared/tester.c:948:2: overrun-buffer-arg: Calling "tester_monito 1 file changed, 2 insertions(+) diff --git a/src/shared/tester.c b/src/shared/tester.c -index 371ccacedc66..1086a80363db 100644 +index 1f59322bcfdd..08915addbb90 100644 --- a/src/shared/tester.c +++ b/src/shared/tester.c -@@ -945,6 +945,8 @@ static bool test_io_send(struct io *io, void *user_data) +@@ -947,6 +947,8 @@ static bool test_io_send(struct io *io, void *user_data) len = io_send(io, iov, 1); @@ -146,10 +146,10 @@ index 371ccacedc66..1086a80363db 100644 g_assert_cmpint(len, ==, iov->iov_len); -- -2.49.0 +2.52.0 -From 916115b8a4aeab9d10a2984a6593d93dcf5a30c2 Mon Sep 17 00:00:00 2001 +From c3b5c920493919cc35a8328ca01f9fb3e41e80fd Mon Sep 17 00:00:00 2001 From: Bastien Nocera Date: Mon, 29 Jul 2024 13:53:41 +0200 Subject: [PATCH 5/8] mesh: Fix possible integer overflow @@ -170,10 +170,10 @@ X 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/mesh/net.c b/mesh/net.c -index cc862dade5ae..2483e23c4229 100644 +index b29e24f5d4a9..d779437179d9 100644 --- a/mesh/net.c +++ b/mesh/net.c -@@ -3150,13 +3150,22 @@ static bool send_seg(struct mesh_net *net, uint8_t cnt, uint16_t interval, +@@ -3127,13 +3127,22 @@ static bool send_seg(struct mesh_net *net, uint8_t cnt, uint16_t interval, uint32_t seq_num; if (msg->segmented) { @@ -199,10 +199,10 @@ index cc862dade5ae..2483e23c4229 100644 /* Send on same seq_num used for Access Layer */ seq_num = msg->seqAuth; -- -2.49.0 +2.52.0 -From 51a597594dadb8150348d3a9ecb403db0cc75316 Mon Sep 17 00:00:00 2001 +From dbe1f7b367c4482e23915d4fb430f9ec36e3fb63 Mon Sep 17 00:00:00 2001 From: Bastien Nocera Date: Fri, 19 Jul 2024 14:27:54 +0200 Subject: [PATCH 6/8] shared/gatt-db: Fix possible buffer overrun @@ -229,7 +229,7 @@ bluez-5.77/src/shared/gatt-db.c:614:2: overrun-buffer-arg: Overrunning array "va 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/shared/gatt-db.c b/src/shared/gatt-db.c -index 8951079beef1..c990dcd057eb 100644 +index d0e149d6f21c..a2bc41a82fbe 100644 --- a/src/shared/gatt-db.c +++ b/src/shared/gatt-db.c @@ -566,9 +566,14 @@ static int uuid_to_le(const bt_uuid_t *uuid, uint8_t *dst) @@ -251,10 +251,10 @@ index 8951079beef1..c990dcd057eb 100644 static bool le_to_uuid(const uint8_t *src, size_t len, bt_uuid_t *uuid) -- -2.49.0 +2.52.0 -From 4b38628a0602417a79e50a0d9219e3b8917082de Mon Sep 17 00:00:00 2001 +From 0c74b1f84ef804d2ffb8d915aa7d921749728f9d Mon Sep 17 00:00:00 2001 From: Bastien Nocera Date: Fri, 19 Jul 2024 11:29:15 +0200 Subject: [PATCH 7/8] shared/btsnoop: Avoid underflowing toread variable @@ -297,10 +297,10 @@ index bc5f7fcbe84c..bb0bccf0dd01 100644 if (len < 0) { btsnoop->aborted = true; -- -2.49.0 +2.52.0 -From bf3eaaef06637a1597e86e03f10c0eb8b3b0139e Mon Sep 17 00:00:00 2001 +From 9d94c382ba2fd32f21273f58724426bb0f3e8f20 Mon Sep 17 00:00:00 2001 From: Bastien Nocera Date: Fri, 19 Jul 2024 15:14:26 +0200 Subject: [PATCH 8/8] monitor: Check for possible integer underflow @@ -321,7 +321,7 @@ bluez-5.77/monitor/control.c:1118:4: overflow_sink: "data->offset", which might 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/monitor/control.c b/monitor/control.c -index 009cf15209f0..62857b4b84de 100644 +index 83347d5dbc3e..e43caa113181 100644 --- a/monitor/control.c +++ b/monitor/control.c @@ -18,6 +18,7 @@ @@ -332,7 +332,7 @@ index 009cf15209f0..62857b4b84de 100644 #include #include #include -@@ -1091,9 +1092,14 @@ static void client_callback(int fd, uint32_t events, void *user_data) +@@ -1147,9 +1148,14 @@ static void client_callback(int fd, uint32_t events, void *user_data) return; } @@ -349,5 +349,5 @@ index 009cf15209f0..62857b4b84de 100644 data->offset += len; -- -2.49.0 +2.52.0 diff --git a/tests/run_tests.sh b/tests/run_tests.sh index d0d79e7..f921e2b 100755 --- a/tests/run_tests.sh +++ b/tests/run_tests.sh @@ -9,15 +9,13 @@ set -ex bluemoon --help # Is bluetoothctl present and doesn't fail if called -# FIXME: https://issues.redhat.com/browse/RHEL-56073 -# bluetoothctl --help +bluetoothctl --timeout 2 --help # Is btattach present and doesn't fail if called btattach --version -# Is btmgmt present and doesn't fail if called -# FIXME: https://issues.redhat.com/browse/RHEL-56073 -# btmgmt --help +# Is bluetoothctl mgmt's menu is present and doesn't fail if called +bluetoothctl --timeout 2 --help | grep mgmt # Is btmon present and doesn't fail if called btmon --help