From 6efeb47d5c4a1c05c6c75be1168247a60872a57d Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Thu, 3 Jun 2021 04:11:03 +0000
Subject: [PATCH] import bluez-5.56-1.el8

---
 .bluez.metadata                               |   2 +-
 .gitignore                                    |   2 +-
 ...t-to-set-security-level-if-not-bonde.patch |  55 -------
 ...att-Fix-possible-crash-on-disconnect.patch | 150 ------------------
 ...er-Fix-not-properly-checking-for-sec.patch | 115 ++++++++++++++
 SPECS/bluez.spec                              |  25 +--
 6 files changed, 132 insertions(+), 217 deletions(-)
 delete mode 100644 SOURCES/0001-input-hog-Attempt-to-set-security-level-if-not-bonde.patch
 delete mode 100644 SOURCES/0001-shared-att-Fix-possible-crash-on-disconnect.patch
 create mode 100644 SOURCES/0001-shared-gatt-server-Fix-not-properly-checking-for-sec.patch

diff --git a/.bluez.metadata b/.bluez.metadata
index b8a0111..ef5e331 100644
--- a/.bluez.metadata
+++ b/.bluez.metadata
@@ -1 +1 @@
-75e907922a62588c12d5642293403be0625b4d02 SOURCES/bluez-5.52.tar.xz
+a862b9ddc039f34f7135bbee3c3e80040e82e046 SOURCES/bluez-5.56.tar.xz
diff --git a/.gitignore b/.gitignore
index 3348dc8..f035c34 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/bluez-5.52.tar.xz
+SOURCES/bluez-5.56.tar.xz
diff --git a/SOURCES/0001-input-hog-Attempt-to-set-security-level-if-not-bonde.patch b/SOURCES/0001-input-hog-Attempt-to-set-security-level-if-not-bonde.patch
deleted file mode 100644
index 491ce5a..0000000
--- a/SOURCES/0001-input-hog-Attempt-to-set-security-level-if-not-bonde.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 1e083c2cd7c0284cf9dd389359a27aa6d354538c Mon Sep 17 00:00:00 2001
-From: Gopal Tiwari <gtiwari@redhat.com>
-Date: Wed, 26 May 2021 11:31:04 +0530
-Subject: [PATCH BlueZ 1/2] input: hog: Attempt to set security level if not
- bonded
-
-commit 35d8d895cd0b724e58129374beb0bb4a2edf9519
-Author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
-Date:   Tue Mar 10 09:59:07 2020 -0700
-
-    input: hog: Attempt to set security level if not bonded
-
-    This attempts to set the security if the device is not bonded, the
-    kernel will block any communication on the ATT socket while bumping
-    the security and if that fails the device will be disconnected which
-    is better than having the device dangling around without being able to
-    communicate with it until it is properly bonded.
----
- profiles/input/hog.c | 13 +++++++++++--
- 1 file changed, 11 insertions(+), 2 deletions(-)
-
-diff --git a/profiles/input/hog.c b/profiles/input/hog.c
-index dfac68921..f0226ebbd 100644
---- a/profiles/input/hog.c
-+++ b/profiles/input/hog.c
-@@ -49,6 +49,8 @@
- #include "src/shared/util.h"
- #include "src/shared/uhid.h"
- #include "src/shared/queue.h"
-+#include "src/shared/att.h"
-+#include "src/shared/gatt-client.h"
- #include "src/plugin.h"
- 
- #include "suspend.h"
-@@ -187,8 +189,15 @@ static int hog_accept(struct btd_service *service)
- 	}
- 
- 	/* HOGP 1.0 Section 6.1 requires bonding */
--	if (!device_is_bonded(device, btd_device_get_bdaddr_type(device)))
--		return -ECONNREFUSED;
-+	if (!device_is_bonded(device, btd_device_get_bdaddr_type(device))) {
-+		struct bt_gatt_client *client;
-+
-+		client = btd_device_get_gatt_client(device);
-+		if (!bt_gatt_client_set_security(client,
-+						BT_ATT_SECURITY_MEDIUM)) {
-+			return -ECONNREFUSED;
-+		}
-+	}
- 
- 	/* TODO: Replace GAttrib with bt_gatt_client */
- 	bt_hog_attach(dev->hog, attrib);
--- 
-2.26.2
-
diff --git a/SOURCES/0001-shared-att-Fix-possible-crash-on-disconnect.patch b/SOURCES/0001-shared-att-Fix-possible-crash-on-disconnect.patch
deleted file mode 100644
index 45c0a0e..0000000
--- a/SOURCES/0001-shared-att-Fix-possible-crash-on-disconnect.patch
+++ /dev/null
@@ -1,150 +0,0 @@
-From b61877eb3e05b9b9dff36b4eccc46c539634cf15 Mon Sep 17 00:00:00 2001
-From: Gopal Tiwari <gtiwari@redhat.com>
-Date: Thu, 22 Oct 2020 11:23:00 +0530
-Subject: [PATCH BlueZ]     shared/att: Fix possible crash on disconnect
-
-commit 1cd644db8c23a2f530ddb93cebed7dacc5f5721a
-Author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
-Date:   Wed Jul 15 18:25:37 2020 -0700
-
-    shared/att: Fix possible crash on disconnect
-
-    If there are pending request while disconnecting they would be notified
-    but clients may endup being freed in the proccess which will then be
-    calling bt_att_cancel to cancal its requests causing the following
-    trace:
-
-    Invalid read of size 4
-       at 0x1D894C: enable_ccc_callback (gatt-client.c:1627)
-       by 0x1D247B: disc_att_send_op (att.c:417)
-       by 0x1CCC17: queue_remove_all (queue.c:354)
-       by 0x1D47B7: disconnect_cb (att.c:635)
-       by 0x1E0707: watch_callback (io-glib.c:170)
-       by 0x48E963B: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.6400.4)
-       by 0x48E9AC7: ??? (in /usr/lib/libglib-2.0.so.0.6400.4)
-       by 0x48E9ECF: g_main_loop_run (in /usr/lib/libglib-2.0.so.0.6400.4)
-       by 0x1E0E97: mainloop_run (mainloop-glib.c:79)
-       by 0x1E13B3: mainloop_run_with_signal (mainloop-notify.c:201)
-       by 0x12BC3B: main (main.c:770)
-     Address 0x7d40a28 is 24 bytes inside a block of size 32 free'd
-       at 0x484A2E0: free (vg_replace_malloc.c:540)
-       by 0x1CCC17: queue_remove_all (queue.c:354)
-       by 0x1CCC83: queue_destroy (queue.c:73)
-       by 0x1D7DD7: bt_gatt_client_free (gatt-client.c:2209)
-       by 0x16497B: batt_free (battery.c:77)
-       by 0x16497B: batt_remove (battery.c:286)
-       by 0x1A0013: service_remove (service.c:176)
-     by 0x1A9B7B: device_remove_gatt_service (device.c:3691)
-       by 0x1A9B7B: gatt_service_removed (device.c:3805)
-       by 0x1CC90B: queue_foreach (queue.c:220)
-       by 0x1DE27B: notify_service_changed.isra.0.part.0 (gatt-db.c:369)
-       by 0x1DE387: notify_service_changed (gatt-db.c:361)
-       by 0x1DE387: gatt_db_service_destroy (gatt-db.c:385)
-       by 0x1DE3EF: gatt_db_remove_service (gatt-db.c:519)
-       by 0x1D674F: discovery_op_complete (gatt-client.c:388)
-       by 0x1D6877: discover_primary_cb (gatt-client.c:1260)
-       by 0x1E220B: discovery_op_complete (gatt-helpers.c:628)
-       by 0x1E249B: read_by_grp_type_cb (gatt-helpers.c:730)
-       by 0x1D247B: disc_att_send_op (att.c:417)
-       by 0x1CCC17: queue_remove_all (queue.c:354)
-       by 0x1D47B7: disconnect_cb (att.c:635)
----
- src/shared/att.c | 46 ++++++++++++++++++++++++++++++++++++++++------
- 1 file changed, 40 insertions(+), 6 deletions(-)
-
-diff --git a/src/shared/att.c b/src/shared/att.c
-index 0ea6d55bd..b0fdb8e9f 100644
---- a/src/shared/att.c
-+++ b/src/shared/att.c
-@@ -62,6 +62,7 @@ struct bt_att {
- 	struct queue *ind_queue;	/* Queued ATT protocol indications */
- 	struct att_send_op *pending_ind;
- 	struct queue *write_queue;	/* Queue of PDUs ready to send */
-+	bool in_disc;			/* Cleanup queues on disconnect_cb */
- 	bool writer_active;
- 
- 	struct queue *notify_list;	/* List of registered callbacks */
-@@ -211,8 +212,10 @@ static void destroy_att_send_op(void *data)
- 	free(op);
- }
- 
--static void cancel_att_send_op(struct att_send_op *op)
-+static void cancel_att_send_op(void *data)
- {
-+	struct att_send_op *op = data;
-+
- 	if (op->destroy)
- 		op->destroy(op->user_data);
- 
-@@ -572,11 +575,6 @@ static bool disconnect_cb(struct io *io, void *user_data)
- 	att->io = NULL;
- 	att->fd = -1;
- 
--	/* Notify request callbacks */
--	queue_remove_all(att->req_queue, NULL, NULL, disc_att_send_op);
--	queue_remove_all(att->ind_queue, NULL, NULL, disc_att_send_op);
--	queue_remove_all(att->write_queue, NULL, NULL, disc_att_send_op);
--
- 	if (att->pending_req) {
- 		disc_att_send_op(att->pending_req);
- 		att->pending_req = NULL;
-@@ -589,6 +587,15 @@ static bool disconnect_cb(struct io *io, void *user_data)
- 
- 	bt_att_ref(att);
- 
-+	att->in_disc = true;
-+
-+	/* Notify request callbacks */
-+	queue_remove_all(att->req_queue, NULL, NULL, disc_att_send_op);
-+	queue_remove_all(att->ind_queue, NULL, NULL, disc_att_send_op);
-+	queue_remove_all(att->write_queue, NULL, NULL, disc_att_send_op);
-+
-+	att->in_disc = false;
-+
- 	queue_foreach(att->disconn_list, disconn_handler, INT_TO_PTR(err));
- 
- 	bt_att_unregister_all(att);
-@@ -1306,6 +1313,30 @@ static bool match_op_id(const void *a, const void *b)
- 	return op->id == id;
- }
- 
-+static bool bt_att_disc_cancel(struct bt_att *att, unsigned int id)
-+{
-+	struct att_send_op *op;
-+
-+	op = queue_find(att->req_queue, match_op_id, UINT_TO_PTR(id));
-+	if (op)
-+		goto done;
-+
-+	op = queue_find(att->ind_queue, match_op_id, UINT_TO_PTR(id));
-+	if (op)
-+		goto done;
-+
-+	op = queue_find(att->write_queue, match_op_id, UINT_TO_PTR(id));
-+
-+done:
-+	if (!op)
-+		return false;
-+
-+	/* Just cancel since disconnect_cb will be cleaning up */
-+	cancel_att_send_op(op);
-+
-+	return true;
-+}
-+
- bool bt_att_cancel(struct bt_att *att, unsigned int id)
- {
- 	struct att_send_op *op;
-@@ -1325,6 +1356,9 @@ bool bt_att_cancel(struct bt_att *att, unsigned int id)
- 		return true;
- 	}
- 
-+	if (att->in_disc)
-+		return bt_att_disc_cancel(att, id);
-+
- 	op = queue_remove_if(att->req_queue, match_op_id, UINT_TO_PTR(id));
- 	if (op)
- 		goto done;
--- 
-2.21.1
-
diff --git a/SOURCES/0001-shared-gatt-server-Fix-not-properly-checking-for-sec.patch b/SOURCES/0001-shared-gatt-server-Fix-not-properly-checking-for-sec.patch
new file mode 100644
index 0000000..a8f61c4
--- /dev/null
+++ b/SOURCES/0001-shared-gatt-server-Fix-not-properly-checking-for-sec.patch
@@ -0,0 +1,115 @@
+From d22177efb6f17ed281013cdfa4976d218718d5b6 Mon Sep 17 00:00:00 2001
+From: Gopal Tiwari <gtiwari@redhat.com>
+Date: Mon, 31 May 2021 12:29:01 +0530
+Subject: [PATCH BlueZ] shared/gatt-server: Fix not properly checking for
+ secure flags
+
+commit ef7316b34cf3a568694bdb0e4e83af17804dff9e (HEAD)
+Author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+Date:   Tue Mar 2 11:38:33 2021 -0800
+
+shared/gatt-server: Fix not properly checking for secure flags
+
+When passing the mask to check_permissions all valid permissions for
+the operation must be set including BT_ATT_PERM_SECURE flags.
+
+(cherry picked from commit 00da0fb4972cf59e1c075f313da81ea549cb8738)
+Signed-off-by: Gopal Tiwari <gtiwari@redhat.com>
+---
+ src/shared/att-types.h   |  8 ++++++++
+ src/shared/gatt-server.c | 25 +++++++------------------
+ 2 files changed, 15 insertions(+), 18 deletions(-)
+
+diff --git a/src/shared/att-types.h b/src/shared/att-types.h
+index 7108b4e94..3adc05d9e 100644
+--- a/src/shared/att-types.h
++++ b/src/shared/att-types.h
+@@ -129,6 +129,14 @@ struct bt_att_pdu_error_rsp {
+ #define BT_ATT_PERM_WRITE_SECURE	0x0200
+ #define BT_ATT_PERM_SECURE		(BT_ATT_PERM_READ_SECURE | \
+ 					BT_ATT_PERM_WRITE_SECURE)
++#define BT_ATT_PERM_READ_MASK		(BT_ATT_PERM_READ | \
++					BT_ATT_PERM_READ_AUTHEN | \
++					BT_ATT_PERM_READ_ENCRYPT | \
++					BT_ATT_PERM_READ_SECURE)
++#define BT_ATT_PERM_WRITE_MASK		(BT_ATT_PERM_WRITE | \
++					BT_ATT_PERM_WRITE_AUTHEN | \
++					BT_ATT_PERM_WRITE_ENCRYPT | \
++					BT_ATT_PERM_WRITE_SECURE)
+ 
+ /* GATT Characteristic Properties Bitfield values */
+ #define BT_GATT_CHRC_PROP_BROADCAST			0x01
+diff --git a/src/shared/gatt-server.c b/src/shared/gatt-server.c
+index b5f7de7dc..970c35f94 100644
+--- a/src/shared/gatt-server.c
++++ b/src/shared/gatt-server.c
+@@ -444,9 +444,7 @@ static void process_read_by_type(struct async_read_op *op)
+ 		return;
+ 	}
+ 
+-	ecode = check_permissions(server, attr, BT_ATT_PERM_READ |
+-						BT_ATT_PERM_READ_AUTHEN |
+-						BT_ATT_PERM_READ_ENCRYPT);
++	ecode = check_permissions(server, attr, BT_ATT_PERM_READ_MASK);
+ 	if (ecode)
+ 		goto error;
+ 
+@@ -811,9 +809,7 @@ static void write_cb(struct bt_att_chan *chan, uint8_t opcode, const void *pdu,
+ 				(opcode == BT_ATT_OP_WRITE_REQ) ? "Req" : "Cmd",
+ 				handle);
+ 
+-	ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE |
+-						BT_ATT_PERM_WRITE_AUTHEN |
+-						BT_ATT_PERM_WRITE_ENCRYPT);
++	ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE_MASK);
+ 	if (ecode)
+ 		goto error;
+ 
+@@ -913,9 +909,7 @@ static void handle_read_req(struct bt_att_chan *chan,
+ 			opcode == BT_ATT_OP_READ_BLOB_REQ ? "Blob " : "",
+ 			handle);
+ 
+-	ecode = check_permissions(server, attr, BT_ATT_PERM_READ |
+-						BT_ATT_PERM_READ_AUTHEN |
+-						BT_ATT_PERM_READ_ENCRYPT);
++	ecode = check_permissions(server, attr, BT_ATT_PERM_READ_MASK);
+ 	if (ecode)
+ 		goto error;
+ 
+@@ -1051,9 +1045,8 @@ static void read_multiple_complete_cb(struct gatt_db_attribute *attr, int err,
+ 		goto error;
+ 	}
+ 
+-	ecode = check_permissions(data->server, next_attr, BT_ATT_PERM_READ |
+-						BT_ATT_PERM_READ_AUTHEN |
+-						BT_ATT_PERM_READ_ENCRYPT);
++	ecode = check_permissions(data->server, next_attr,
++						BT_ATT_PERM_READ_MASK);
+ 	if (ecode)
+ 		goto error;
+ 
+@@ -1129,9 +1122,7 @@ static void read_multiple_cb(struct bt_att_chan *chan, uint8_t opcode,
+ 		goto error;
+ 	}
+ 
+-	ecode = check_permissions(data->server, attr, BT_ATT_PERM_READ |
+-						BT_ATT_PERM_READ_AUTHEN |
+-						BT_ATT_PERM_READ_ENCRYPT);
++	ecode = check_permissions(data->server, attr, BT_ATT_PERM_READ_MASK);
+ 	if (ecode)
+ 		goto error;
+ 
+@@ -1308,9 +1299,7 @@ static void prep_write_cb(struct bt_att_chan *chan, uint8_t opcode,
+ 	util_debug(server->debug_callback, server->debug_data,
+ 				"Prep Write Req - handle: 0x%04x", handle);
+ 
+-	ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE |
+-						BT_ATT_PERM_WRITE_AUTHEN |
+-						BT_ATT_PERM_WRITE_ENCRYPT);
++	ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE_MASK);
+ 	if (ecode)
+ 		goto error;
+ 
+-- 
+2.26.2
+
diff --git a/SPECS/bluez.spec b/SPECS/bluez.spec
index ebff103..48ca401 100644
--- a/SPECS/bluez.spec
+++ b/SPECS/bluez.spec
@@ -1,7 +1,7 @@
 Name:    bluez
 Summary: Bluetooth utilities
-Version: 5.52
-Release: 5%{?dist}
+Version: 5.56
+Release: 1%{?dist}
 License: GPLv2+
 URL:     http://www.bluez.org/
 
@@ -36,12 +36,15 @@ Patch24: 0001-adapter-Don-t-refresh-adv_manager-for-non-LE-devices.patch
 #Patch25: 0001-core-Add-AlwaysPairable-to-main.conf.patch 
 #Patch26: 0002-agent-Make-the-first-agent-to-register-the-default.patch 
 
-Patch27: 0001-HOGP-must-only-accept-data-from-bonded-devices.patch
-Patch28: 0002-HID-accepts-bonded-device-connections-only.patch
-Patch29: 0001-shared-att-Fix-possible-crash-on-disconnect.patch
+#Patch27: 0001-HOGP-must-only-accept-data-from-bonded-devices.patch
+#Patch28: 0002-HID-accepts-bonded-device-connections-only.patch
+#Patch29: 0001-shared-att-Fix-possible-crash-on-disconnect.patch
 
 #https://bugzilla.redhat.com/show_bug.cgi?id=1961511
-Patch30: 0001-input-hog-Attempt-to-set-security-level-if-not-bonde.patch
+#Patch30: 0001-input-hog-Attempt-to-set-security-level-if-not-bonde.patch
+
+# fixing https://bugzilla.redhat.com/show_bug.cgi?id=1965057
+Patch31: 0001-shared-gatt-server-Fix-not-properly-checking-for-sec.patch
 
 BuildRequires: git-core
 BuildRequires: dbus-devel >= 1.6
@@ -72,7 +75,6 @@ Utilities for use in Bluetooth applications:
 	- l2ping
 	- rfcomm
 	- sdptool
-	- bccmd
 	- bluetoothctl
 	- btmon
 	- hcidump
@@ -144,7 +146,7 @@ Object Exchange daemon for sharing files, contacts etc over bluetooth
 libtoolize -f
 autoreconf -f -i
 %configure --enable-tools --enable-library --enable-deprecated \
-           --enable-sixaxis --enable-cups --enable-nfc \
+           --enable-sixaxis --enable-cups --enable-nfc --enable-hid2hci \
            --with-systemdsystemunitdir=%{_unitdir} \
            --with-systemduserunitdir=%{_userunitdir}
 
@@ -218,7 +220,6 @@ make check
 %{_bindir}/l2ping
 %{_bindir}/rfcomm
 %{_bindir}/sdptool
-%{_bindir}/bccmd
 %{_bindir}/bluetoothctl
 %{_bindir}/bluemoon
 %{_bindir}/btmon
@@ -236,7 +237,6 @@ make check
 %{_mandir}/man1/hcitool.1.gz
 %{_mandir}/man1/rfcomm.1.gz
 %{_mandir}/man1/sdptool.1.gz
-%{_mandir}/man1/bccmd.1.*
 %{_mandir}/man1/hciattach.1.*
 %{_mandir}/man1/hciconfig.1.*
 %{_mandir}/man1/hcidump.1.*
@@ -279,6 +279,11 @@ make check
 
 %changelog
 
+* Wed Jun 2 2021 Gopal Tiwari <gtiwari@redhat.com> - 5.56-1
++ bluez-5.56-1
+- Fixing (#1965057)
+- Removing bccmd, enabling hid2hci as upstream removed the support in bluez-5.56 
+
 * Wed May 26 2021 Gopal Tiwari <gtiwari@redhat.com> - 5.52-5
 + bluez-5.52-5
 - Fixing (#1961511)