import bluez-5.56-1.el8

This commit is contained in:
CentOS Sources 2021-06-03 04:11:03 +00:00
parent eebf73c120
commit 6efeb47d5c
6 changed files with 132 additions and 217 deletions

View File

@ -1 +1 @@
75e907922a62588c12d5642293403be0625b4d02 SOURCES/bluez-5.52.tar.xz a862b9ddc039f34f7135bbee3c3e80040e82e046 SOURCES/bluez-5.56.tar.xz

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/bluez-5.52.tar.xz SOURCES/bluez-5.56.tar.xz

View File

@ -1,55 +0,0 @@
From 1e083c2cd7c0284cf9dd389359a27aa6d354538c Mon Sep 17 00:00:00 2001
From: Gopal Tiwari <gtiwari@redhat.com>
Date: Wed, 26 May 2021 11:31:04 +0530
Subject: [PATCH BlueZ 1/2] input: hog: Attempt to set security level if not
bonded
commit 35d8d895cd0b724e58129374beb0bb4a2edf9519
Author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Date: Tue Mar 10 09:59:07 2020 -0700
input: hog: Attempt to set security level if not bonded
This attempts to set the security if the device is not bonded, the
kernel will block any communication on the ATT socket while bumping
the security and if that fails the device will be disconnected which
is better than having the device dangling around without being able to
communicate with it until it is properly bonded.
---
profiles/input/hog.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/profiles/input/hog.c b/profiles/input/hog.c
index dfac68921..f0226ebbd 100644
--- a/profiles/input/hog.c
+++ b/profiles/input/hog.c
@@ -49,6 +49,8 @@
#include "src/shared/util.h"
#include "src/shared/uhid.h"
#include "src/shared/queue.h"
+#include "src/shared/att.h"
+#include "src/shared/gatt-client.h"
#include "src/plugin.h"
#include "suspend.h"
@@ -187,8 +189,15 @@ static int hog_accept(struct btd_service *service)
}
/* HOGP 1.0 Section 6.1 requires bonding */
- if (!device_is_bonded(device, btd_device_get_bdaddr_type(device)))
- return -ECONNREFUSED;
+ if (!device_is_bonded(device, btd_device_get_bdaddr_type(device))) {
+ struct bt_gatt_client *client;
+
+ client = btd_device_get_gatt_client(device);
+ if (!bt_gatt_client_set_security(client,
+ BT_ATT_SECURITY_MEDIUM)) {
+ return -ECONNREFUSED;
+ }
+ }
/* TODO: Replace GAttrib with bt_gatt_client */
bt_hog_attach(dev->hog, attrib);
--
2.26.2

View File

@ -1,150 +0,0 @@
From b61877eb3e05b9b9dff36b4eccc46c539634cf15 Mon Sep 17 00:00:00 2001
From: Gopal Tiwari <gtiwari@redhat.com>
Date: Thu, 22 Oct 2020 11:23:00 +0530
Subject: [PATCH BlueZ] shared/att: Fix possible crash on disconnect
commit 1cd644db8c23a2f530ddb93cebed7dacc5f5721a
Author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Date: Wed Jul 15 18:25:37 2020 -0700
shared/att: Fix possible crash on disconnect
If there are pending request while disconnecting they would be notified
but clients may endup being freed in the proccess which will then be
calling bt_att_cancel to cancal its requests causing the following
trace:
Invalid read of size 4
at 0x1D894C: enable_ccc_callback (gatt-client.c:1627)
by 0x1D247B: disc_att_send_op (att.c:417)
by 0x1CCC17: queue_remove_all (queue.c:354)
by 0x1D47B7: disconnect_cb (att.c:635)
by 0x1E0707: watch_callback (io-glib.c:170)
by 0x48E963B: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.6400.4)
by 0x48E9AC7: ??? (in /usr/lib/libglib-2.0.so.0.6400.4)
by 0x48E9ECF: g_main_loop_run (in /usr/lib/libglib-2.0.so.0.6400.4)
by 0x1E0E97: mainloop_run (mainloop-glib.c:79)
by 0x1E13B3: mainloop_run_with_signal (mainloop-notify.c:201)
by 0x12BC3B: main (main.c:770)
Address 0x7d40a28 is 24 bytes inside a block of size 32 free'd
at 0x484A2E0: free (vg_replace_malloc.c:540)
by 0x1CCC17: queue_remove_all (queue.c:354)
by 0x1CCC83: queue_destroy (queue.c:73)
by 0x1D7DD7: bt_gatt_client_free (gatt-client.c:2209)
by 0x16497B: batt_free (battery.c:77)
by 0x16497B: batt_remove (battery.c:286)
by 0x1A0013: service_remove (service.c:176)
by 0x1A9B7B: device_remove_gatt_service (device.c:3691)
by 0x1A9B7B: gatt_service_removed (device.c:3805)
by 0x1CC90B: queue_foreach (queue.c:220)
by 0x1DE27B: notify_service_changed.isra.0.part.0 (gatt-db.c:369)
by 0x1DE387: notify_service_changed (gatt-db.c:361)
by 0x1DE387: gatt_db_service_destroy (gatt-db.c:385)
by 0x1DE3EF: gatt_db_remove_service (gatt-db.c:519)
by 0x1D674F: discovery_op_complete (gatt-client.c:388)
by 0x1D6877: discover_primary_cb (gatt-client.c:1260)
by 0x1E220B: discovery_op_complete (gatt-helpers.c:628)
by 0x1E249B: read_by_grp_type_cb (gatt-helpers.c:730)
by 0x1D247B: disc_att_send_op (att.c:417)
by 0x1CCC17: queue_remove_all (queue.c:354)
by 0x1D47B7: disconnect_cb (att.c:635)
---
src/shared/att.c | 46 ++++++++++++++++++++++++++++++++++++++++------
1 file changed, 40 insertions(+), 6 deletions(-)
diff --git a/src/shared/att.c b/src/shared/att.c
index 0ea6d55bd..b0fdb8e9f 100644
--- a/src/shared/att.c
+++ b/src/shared/att.c
@@ -62,6 +62,7 @@ struct bt_att {
struct queue *ind_queue; /* Queued ATT protocol indications */
struct att_send_op *pending_ind;
struct queue *write_queue; /* Queue of PDUs ready to send */
+ bool in_disc; /* Cleanup queues on disconnect_cb */
bool writer_active;
struct queue *notify_list; /* List of registered callbacks */
@@ -211,8 +212,10 @@ static void destroy_att_send_op(void *data)
free(op);
}
-static void cancel_att_send_op(struct att_send_op *op)
+static void cancel_att_send_op(void *data)
{
+ struct att_send_op *op = data;
+
if (op->destroy)
op->destroy(op->user_data);
@@ -572,11 +575,6 @@ static bool disconnect_cb(struct io *io, void *user_data)
att->io = NULL;
att->fd = -1;
- /* Notify request callbacks */
- queue_remove_all(att->req_queue, NULL, NULL, disc_att_send_op);
- queue_remove_all(att->ind_queue, NULL, NULL, disc_att_send_op);
- queue_remove_all(att->write_queue, NULL, NULL, disc_att_send_op);
-
if (att->pending_req) {
disc_att_send_op(att->pending_req);
att->pending_req = NULL;
@@ -589,6 +587,15 @@ static bool disconnect_cb(struct io *io, void *user_data)
bt_att_ref(att);
+ att->in_disc = true;
+
+ /* Notify request callbacks */
+ queue_remove_all(att->req_queue, NULL, NULL, disc_att_send_op);
+ queue_remove_all(att->ind_queue, NULL, NULL, disc_att_send_op);
+ queue_remove_all(att->write_queue, NULL, NULL, disc_att_send_op);
+
+ att->in_disc = false;
+
queue_foreach(att->disconn_list, disconn_handler, INT_TO_PTR(err));
bt_att_unregister_all(att);
@@ -1306,6 +1313,30 @@ static bool match_op_id(const void *a, const void *b)
return op->id == id;
}
+static bool bt_att_disc_cancel(struct bt_att *att, unsigned int id)
+{
+ struct att_send_op *op;
+
+ op = queue_find(att->req_queue, match_op_id, UINT_TO_PTR(id));
+ if (op)
+ goto done;
+
+ op = queue_find(att->ind_queue, match_op_id, UINT_TO_PTR(id));
+ if (op)
+ goto done;
+
+ op = queue_find(att->write_queue, match_op_id, UINT_TO_PTR(id));
+
+done:
+ if (!op)
+ return false;
+
+ /* Just cancel since disconnect_cb will be cleaning up */
+ cancel_att_send_op(op);
+
+ return true;
+}
+
bool bt_att_cancel(struct bt_att *att, unsigned int id)
{
struct att_send_op *op;
@@ -1325,6 +1356,9 @@ bool bt_att_cancel(struct bt_att *att, unsigned int id)
return true;
}
+ if (att->in_disc)
+ return bt_att_disc_cancel(att, id);
+
op = queue_remove_if(att->req_queue, match_op_id, UINT_TO_PTR(id));
if (op)
goto done;
--
2.21.1

View File

@ -0,0 +1,115 @@
From d22177efb6f17ed281013cdfa4976d218718d5b6 Mon Sep 17 00:00:00 2001
From: Gopal Tiwari <gtiwari@redhat.com>
Date: Mon, 31 May 2021 12:29:01 +0530
Subject: [PATCH BlueZ] shared/gatt-server: Fix not properly checking for
secure flags
commit ef7316b34cf3a568694bdb0e4e83af17804dff9e (HEAD)
Author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Date: Tue Mar 2 11:38:33 2021 -0800
shared/gatt-server: Fix not properly checking for secure flags
When passing the mask to check_permissions all valid permissions for
the operation must be set including BT_ATT_PERM_SECURE flags.
(cherry picked from commit 00da0fb4972cf59e1c075f313da81ea549cb8738)
Signed-off-by: Gopal Tiwari <gtiwari@redhat.com>
---
src/shared/att-types.h | 8 ++++++++
src/shared/gatt-server.c | 25 +++++++------------------
2 files changed, 15 insertions(+), 18 deletions(-)
diff --git a/src/shared/att-types.h b/src/shared/att-types.h
index 7108b4e94..3adc05d9e 100644
--- a/src/shared/att-types.h
+++ b/src/shared/att-types.h
@@ -129,6 +129,14 @@ struct bt_att_pdu_error_rsp {
#define BT_ATT_PERM_WRITE_SECURE 0x0200
#define BT_ATT_PERM_SECURE (BT_ATT_PERM_READ_SECURE | \
BT_ATT_PERM_WRITE_SECURE)
+#define BT_ATT_PERM_READ_MASK (BT_ATT_PERM_READ | \
+ BT_ATT_PERM_READ_AUTHEN | \
+ BT_ATT_PERM_READ_ENCRYPT | \
+ BT_ATT_PERM_READ_SECURE)
+#define BT_ATT_PERM_WRITE_MASK (BT_ATT_PERM_WRITE | \
+ BT_ATT_PERM_WRITE_AUTHEN | \
+ BT_ATT_PERM_WRITE_ENCRYPT | \
+ BT_ATT_PERM_WRITE_SECURE)
/* GATT Characteristic Properties Bitfield values */
#define BT_GATT_CHRC_PROP_BROADCAST 0x01
diff --git a/src/shared/gatt-server.c b/src/shared/gatt-server.c
index b5f7de7dc..970c35f94 100644
--- a/src/shared/gatt-server.c
+++ b/src/shared/gatt-server.c
@@ -444,9 +444,7 @@ static void process_read_by_type(struct async_read_op *op)
return;
}
- ecode = check_permissions(server, attr, BT_ATT_PERM_READ |
- BT_ATT_PERM_READ_AUTHEN |
- BT_ATT_PERM_READ_ENCRYPT);
+ ecode = check_permissions(server, attr, BT_ATT_PERM_READ_MASK);
if (ecode)
goto error;
@@ -811,9 +809,7 @@ static void write_cb(struct bt_att_chan *chan, uint8_t opcode, const void *pdu,
(opcode == BT_ATT_OP_WRITE_REQ) ? "Req" : "Cmd",
handle);
- ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE |
- BT_ATT_PERM_WRITE_AUTHEN |
- BT_ATT_PERM_WRITE_ENCRYPT);
+ ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE_MASK);
if (ecode)
goto error;
@@ -913,9 +909,7 @@ static void handle_read_req(struct bt_att_chan *chan,
opcode == BT_ATT_OP_READ_BLOB_REQ ? "Blob " : "",
handle);
- ecode = check_permissions(server, attr, BT_ATT_PERM_READ |
- BT_ATT_PERM_READ_AUTHEN |
- BT_ATT_PERM_READ_ENCRYPT);
+ ecode = check_permissions(server, attr, BT_ATT_PERM_READ_MASK);
if (ecode)
goto error;
@@ -1051,9 +1045,8 @@ static void read_multiple_complete_cb(struct gatt_db_attribute *attr, int err,
goto error;
}
- ecode = check_permissions(data->server, next_attr, BT_ATT_PERM_READ |
- BT_ATT_PERM_READ_AUTHEN |
- BT_ATT_PERM_READ_ENCRYPT);
+ ecode = check_permissions(data->server, next_attr,
+ BT_ATT_PERM_READ_MASK);
if (ecode)
goto error;
@@ -1129,9 +1122,7 @@ static void read_multiple_cb(struct bt_att_chan *chan, uint8_t opcode,
goto error;
}
- ecode = check_permissions(data->server, attr, BT_ATT_PERM_READ |
- BT_ATT_PERM_READ_AUTHEN |
- BT_ATT_PERM_READ_ENCRYPT);
+ ecode = check_permissions(data->server, attr, BT_ATT_PERM_READ_MASK);
if (ecode)
goto error;
@@ -1308,9 +1299,7 @@ static void prep_write_cb(struct bt_att_chan *chan, uint8_t opcode,
util_debug(server->debug_callback, server->debug_data,
"Prep Write Req - handle: 0x%04x", handle);
- ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE |
- BT_ATT_PERM_WRITE_AUTHEN |
- BT_ATT_PERM_WRITE_ENCRYPT);
+ ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE_MASK);
if (ecode)
goto error;
--
2.26.2

View File

@ -1,7 +1,7 @@
Name: bluez Name: bluez
Summary: Bluetooth utilities Summary: Bluetooth utilities
Version: 5.52 Version: 5.56
Release: 5%{?dist} Release: 1%{?dist}
License: GPLv2+ License: GPLv2+
URL: http://www.bluez.org/ URL: http://www.bluez.org/
@ -36,12 +36,15 @@ Patch24: 0001-adapter-Don-t-refresh-adv_manager-for-non-LE-devices.patch
#Patch25: 0001-core-Add-AlwaysPairable-to-main.conf.patch #Patch25: 0001-core-Add-AlwaysPairable-to-main.conf.patch
#Patch26: 0002-agent-Make-the-first-agent-to-register-the-default.patch #Patch26: 0002-agent-Make-the-first-agent-to-register-the-default.patch
Patch27: 0001-HOGP-must-only-accept-data-from-bonded-devices.patch #Patch27: 0001-HOGP-must-only-accept-data-from-bonded-devices.patch
Patch28: 0002-HID-accepts-bonded-device-connections-only.patch #Patch28: 0002-HID-accepts-bonded-device-connections-only.patch
Patch29: 0001-shared-att-Fix-possible-crash-on-disconnect.patch #Patch29: 0001-shared-att-Fix-possible-crash-on-disconnect.patch
#https://bugzilla.redhat.com/show_bug.cgi?id=1961511 #https://bugzilla.redhat.com/show_bug.cgi?id=1961511
Patch30: 0001-input-hog-Attempt-to-set-security-level-if-not-bonde.patch #Patch30: 0001-input-hog-Attempt-to-set-security-level-if-not-bonde.patch
# fixing https://bugzilla.redhat.com/show_bug.cgi?id=1965057
Patch31: 0001-shared-gatt-server-Fix-not-properly-checking-for-sec.patch
BuildRequires: git-core BuildRequires: git-core
BuildRequires: dbus-devel >= 1.6 BuildRequires: dbus-devel >= 1.6
@ -72,7 +75,6 @@ Utilities for use in Bluetooth applications:
- l2ping - l2ping
- rfcomm - rfcomm
- sdptool - sdptool
- bccmd
- bluetoothctl - bluetoothctl
- btmon - btmon
- hcidump - hcidump
@ -144,7 +146,7 @@ Object Exchange daemon for sharing files, contacts etc over bluetooth
libtoolize -f libtoolize -f
autoreconf -f -i autoreconf -f -i
%configure --enable-tools --enable-library --enable-deprecated \ %configure --enable-tools --enable-library --enable-deprecated \
--enable-sixaxis --enable-cups --enable-nfc \ --enable-sixaxis --enable-cups --enable-nfc --enable-hid2hci \
--with-systemdsystemunitdir=%{_unitdir} \ --with-systemdsystemunitdir=%{_unitdir} \
--with-systemduserunitdir=%{_userunitdir} --with-systemduserunitdir=%{_userunitdir}
@ -218,7 +220,6 @@ make check
%{_bindir}/l2ping %{_bindir}/l2ping
%{_bindir}/rfcomm %{_bindir}/rfcomm
%{_bindir}/sdptool %{_bindir}/sdptool
%{_bindir}/bccmd
%{_bindir}/bluetoothctl %{_bindir}/bluetoothctl
%{_bindir}/bluemoon %{_bindir}/bluemoon
%{_bindir}/btmon %{_bindir}/btmon
@ -236,7 +237,6 @@ make check
%{_mandir}/man1/hcitool.1.gz %{_mandir}/man1/hcitool.1.gz
%{_mandir}/man1/rfcomm.1.gz %{_mandir}/man1/rfcomm.1.gz
%{_mandir}/man1/sdptool.1.gz %{_mandir}/man1/sdptool.1.gz
%{_mandir}/man1/bccmd.1.*
%{_mandir}/man1/hciattach.1.* %{_mandir}/man1/hciattach.1.*
%{_mandir}/man1/hciconfig.1.* %{_mandir}/man1/hciconfig.1.*
%{_mandir}/man1/hcidump.1.* %{_mandir}/man1/hcidump.1.*
@ -279,6 +279,11 @@ make check
%changelog %changelog
* Wed Jun 2 2021 Gopal Tiwari <gtiwari@redhat.com> - 5.56-1
+ bluez-5.56-1
- Fixing (#1965057)
- Removing bccmd, enabling hid2hci as upstream removed the support in bluez-5.56
* Wed May 26 2021 Gopal Tiwari <gtiwari@redhat.com> - 5.52-5 * Wed May 26 2021 Gopal Tiwari <gtiwari@redhat.com> - 5.52-5
+ bluez-5.52-5 + bluez-5.52-5
- Fixing (#1961511) - Fixing (#1961511)