import bluez-5.56-1.el8

2021-06-03 04:11:03 +00:00 · 2021-06-03 04:11:03 +00:00 · 6efeb47d5c
commit 6efeb47d5c
parent eebf73c120
6 changed files with 132 additions and 217 deletions
--- a/.bluez.metadata
+++ b/.bluez.metadata
@ -1 +1 @@
-75e907922a62588c12d5642293403be0625b4d02 SOURCES/bluez-5.52.tar.xz
+a862b9ddc039f34f7135bbee3c3e80040e82e046 SOURCES/bluez-5.56.tar.xz
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/bluez-5.52.tar.xz
+SOURCES/bluez-5.56.tar.xz
--- a/SOURCES/0001-input-hog-Attempt-to-set-security-level-if-not-bonde.patch
+++ b/SOURCES/0001-input-hog-Attempt-to-set-security-level-if-not-bonde.patch
@ -1,55 +0,0 @@
 From 1e083c2cd7c0284cf9dd389359a27aa6d354538c Mon Sep 17 00:00:00 2001
 From: Gopal Tiwari <gtiwari@redhat.com>
 Date: Wed, 26 May 2021 11:31:04 +0530
 Subject: [PATCH BlueZ 1/2] input: hog: Attempt to set security level if not
 bonded
 commit 35d8d895cd0b724e58129374beb0bb4a2edf9519
 Author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
 Date:   Tue Mar 10 09:59:07 2020 -0700
    input: hog: Attempt to set security level if not bonded
    This attempts to set the security if the device is not bonded, the
    kernel will block any communication on the ATT socket while bumping
    the security and if that fails the device will be disconnected which
    is better than having the device dangling around without being able to
    communicate with it until it is properly bonded.
 ---
 profiles/input/hog.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)
 diff --git a/profiles/input/hog.c b/profiles/input/hog.c
 index dfac68921..f0226ebbd 100644
 --- a/profiles/input/hog.c
 +++ b/profiles/input/hog.c
@@ -49,6 +49,8 @@
 #include "src/shared/util.h"
 #include "src/shared/uhid.h"
 #include "src/shared/queue.h"
 +#include "src/shared/att.h"
 +#include "src/shared/gatt-client.h"
 #include "src/plugin.h"
 #include "suspend.h"
@@ -187,8 +189,15 @@ static int hog_accept(struct btd_service *service)
 	}
 	/* HOGP 1.0 Section 6.1 requires bonding */
 -	if (!device_is_bonded(device, btd_device_get_bdaddr_type(device)))
 -		return -ECONNREFUSED;
 +	if (!device_is_bonded(device, btd_device_get_bdaddr_type(device))) {
 +		struct bt_gatt_client *client;
 +
 +		client = btd_device_get_gatt_client(device);
 +		if (!bt_gatt_client_set_security(client,
 +						BT_ATT_SECURITY_MEDIUM)) {
 +			return -ECONNREFUSED;
 +		}
 +	}
 	/* TODO: Replace GAttrib with bt_gatt_client */
 	bt_hog_attach(dev->hog, attrib);
 -- 
 2.26.2
--- a/SOURCES/0001-shared-att-Fix-possible-crash-on-disconnect.patch
+++ b/SOURCES/0001-shared-att-Fix-possible-crash-on-disconnect.patch
@ -1,150 +0,0 @@
 From b61877eb3e05b9b9dff36b4eccc46c539634cf15 Mon Sep 17 00:00:00 2001
 From: Gopal Tiwari <gtiwari@redhat.com>
 Date: Thu, 22 Oct 2020 11:23:00 +0530
 Subject: [PATCH BlueZ]     shared/att: Fix possible crash on disconnect
 commit 1cd644db8c23a2f530ddb93cebed7dacc5f5721a
 Author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
 Date:   Wed Jul 15 18:25:37 2020 -0700
    shared/att: Fix possible crash on disconnect
    If there are pending request while disconnecting they would be notified
    but clients may endup being freed in the proccess which will then be
    calling bt_att_cancel to cancal its requests causing the following
    trace:
    Invalid read of size 4
       at 0x1D894C: enable_ccc_callback (gatt-client.c:1627)
       by 0x1D247B: disc_att_send_op (att.c:417)
       by 0x1CCC17: queue_remove_all (queue.c:354)
       by 0x1D47B7: disconnect_cb (att.c:635)
       by 0x1E0707: watch_callback (io-glib.c:170)
       by 0x48E963B: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.6400.4)
       by 0x48E9AC7: ??? (in /usr/lib/libglib-2.0.so.0.6400.4)
       by 0x48E9ECF: g_main_loop_run (in /usr/lib/libglib-2.0.so.0.6400.4)
       by 0x1E0E97: mainloop_run (mainloop-glib.c:79)
       by 0x1E13B3: mainloop_run_with_signal (mainloop-notify.c:201)
       by 0x12BC3B: main (main.c:770)
     Address 0x7d40a28 is 24 bytes inside a block of size 32 free'd
       at 0x484A2E0: free (vg_replace_malloc.c:540)
       by 0x1CCC17: queue_remove_all (queue.c:354)
       by 0x1CCC83: queue_destroy (queue.c:73)
       by 0x1D7DD7: bt_gatt_client_free (gatt-client.c:2209)
       by 0x16497B: batt_free (battery.c:77)
       by 0x16497B: batt_remove (battery.c:286)
       by 0x1A0013: service_remove (service.c:176)
     by 0x1A9B7B: device_remove_gatt_service (device.c:3691)
       by 0x1A9B7B: gatt_service_removed (device.c:3805)
       by 0x1CC90B: queue_foreach (queue.c:220)
       by 0x1DE27B: notify_service_changed.isra.0.part.0 (gatt-db.c:369)
       by 0x1DE387: notify_service_changed (gatt-db.c:361)
       by 0x1DE387: gatt_db_service_destroy (gatt-db.c:385)
       by 0x1DE3EF: gatt_db_remove_service (gatt-db.c:519)
       by 0x1D674F: discovery_op_complete (gatt-client.c:388)
       by 0x1D6877: discover_primary_cb (gatt-client.c:1260)
       by 0x1E220B: discovery_op_complete (gatt-helpers.c:628)
       by 0x1E249B: read_by_grp_type_cb (gatt-helpers.c:730)
       by 0x1D247B: disc_att_send_op (att.c:417)
       by 0x1CCC17: queue_remove_all (queue.c:354)
       by 0x1D47B7: disconnect_cb (att.c:635)
 ---
 src/shared/att.c | 46 ++++++++++++++++++++++++++++++++++++++++------
 1 file changed, 40 insertions(+), 6 deletions(-)
 diff --git a/src/shared/att.c b/src/shared/att.c
 index 0ea6d55bd..b0fdb8e9f 100644
 --- a/src/shared/att.c
 +++ b/src/shared/att.c
@@ -62,6 +62,7 @@ struct bt_att {
 	struct queue *ind_queue;	/* Queued ATT protocol indications */
 	struct att_send_op *pending_ind;
 	struct queue *write_queue;	/* Queue of PDUs ready to send */
 +	bool in_disc;			/* Cleanup queues on disconnect_cb */
 	bool writer_active;
 	struct queue *notify_list;	/* List of registered callbacks */
@@ -211,8 +212,10 @@ static void destroy_att_send_op(void *data)
 	free(op);
 }
 -static void cancel_att_send_op(struct att_send_op *op)
 +static void cancel_att_send_op(void *data)
 {
 +	struct att_send_op *op = data;
 +
 	if (op->destroy)
 		op->destroy(op->user_data);
@@ -572,11 +575,6 @@ static bool disconnect_cb(struct io *io, void *user_data)
 	att->io = NULL;
 	att->fd = -1;
 -	/* Notify request callbacks */
 -	queue_remove_all(att->req_queue, NULL, NULL, disc_att_send_op);
 -	queue_remove_all(att->ind_queue, NULL, NULL, disc_att_send_op);
 -	queue_remove_all(att->write_queue, NULL, NULL, disc_att_send_op);
 -
 	if (att->pending_req) {
 		disc_att_send_op(att->pending_req);
 		att->pending_req = NULL;
@@ -589,6 +587,15 @@ static bool disconnect_cb(struct io *io, void *user_data)
 	bt_att_ref(att);
 +	att->in_disc = true;
 +
 +	/* Notify request callbacks */
 +	queue_remove_all(att->req_queue, NULL, NULL, disc_att_send_op);
 +	queue_remove_all(att->ind_queue, NULL, NULL, disc_att_send_op);
 +	queue_remove_all(att->write_queue, NULL, NULL, disc_att_send_op);
 +
 +	att->in_disc = false;
 +
 	queue_foreach(att->disconn_list, disconn_handler, INT_TO_PTR(err));
 	bt_att_unregister_all(att);
@@ -1306,6 +1313,30 @@ static bool match_op_id(const void *a, const void *b)
 	return op->id == id;
 }
 +static bool bt_att_disc_cancel(struct bt_att *att, unsigned int id)
 +{
 +	struct att_send_op *op;
 +
 +	op = queue_find(att->req_queue, match_op_id, UINT_TO_PTR(id));
 +	if (op)
 +		goto done;
 +
 +	op = queue_find(att->ind_queue, match_op_id, UINT_TO_PTR(id));
 +	if (op)
 +		goto done;
 +
 +	op = queue_find(att->write_queue, match_op_id, UINT_TO_PTR(id));
 +
 +done:
 +	if (!op)
 +		return false;
 +
 +	/* Just cancel since disconnect_cb will be cleaning up */
 +	cancel_att_send_op(op);
 +
 +	return true;
 +}
 +
 bool bt_att_cancel(struct bt_att *att, unsigned int id)
 {
 	struct att_send_op *op;
@@ -1325,6 +1356,9 @@ bool bt_att_cancel(struct bt_att *att, unsigned int id)
 		return true;
 	}
 +	if (att->in_disc)
 +		return bt_att_disc_cancel(att, id);
 +
 	op = queue_remove_if(att->req_queue, match_op_id, UINT_TO_PTR(id));
 	if (op)
 		goto done;
 -- 
 2.21.1
--- a/SOURCES/0001-shared-gatt-server-Fix-not-properly-checking-for-sec.patch
+++ b/SOURCES/0001-shared-gatt-server-Fix-not-properly-checking-for-sec.patch
@ -0,0 +1,115 @@
 From d22177efb6f17ed281013cdfa4976d218718d5b6 Mon Sep 17 00:00:00 2001
 From: Gopal Tiwari <gtiwari@redhat.com>
 Date: Mon, 31 May 2021 12:29:01 +0530
 Subject: [PATCH BlueZ] shared/gatt-server: Fix not properly checking for
 secure flags
 commit ef7316b34cf3a568694bdb0e4e83af17804dff9e (HEAD)
 Author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
 Date:   Tue Mar 2 11:38:33 2021 -0800
 shared/gatt-server: Fix not properly checking for secure flags
 When passing the mask to check_permissions all valid permissions for
 the operation must be set including BT_ATT_PERM_SECURE flags.
 (cherry picked from commit 00da0fb4972cf59e1c075f313da81ea549cb8738)
 Signed-off-by: Gopal Tiwari <gtiwari@redhat.com>
 ---
 src/shared/att-types.h   |  8 ++++++++
 src/shared/gatt-server.c | 25 +++++++------------------
 2 files changed, 15 insertions(+), 18 deletions(-)
 diff --git a/src/shared/att-types.h b/src/shared/att-types.h
 index 7108b4e94..3adc05d9e 100644
 --- a/src/shared/att-types.h
 +++ b/src/shared/att-types.h
@@ -129,6 +129,14 @@ struct bt_att_pdu_error_rsp {
 #define BT_ATT_PERM_WRITE_SECURE	0x0200
 #define BT_ATT_PERM_SECURE		(BT_ATT_PERM_READ_SECURE | \
 					BT_ATT_PERM_WRITE_SECURE)
 +#define BT_ATT_PERM_READ_MASK		(BT_ATT_PERM_READ | \
 +					BT_ATT_PERM_READ_AUTHEN | \
 +					BT_ATT_PERM_READ_ENCRYPT | \
 +					BT_ATT_PERM_READ_SECURE)
 +#define BT_ATT_PERM_WRITE_MASK		(BT_ATT_PERM_WRITE | \
 +					BT_ATT_PERM_WRITE_AUTHEN | \
 +					BT_ATT_PERM_WRITE_ENCRYPT | \
 +					BT_ATT_PERM_WRITE_SECURE)
 /* GATT Characteristic Properties Bitfield values */
 #define BT_GATT_CHRC_PROP_BROADCAST			0x01
 diff --git a/src/shared/gatt-server.c b/src/shared/gatt-server.c
 index b5f7de7dc..970c35f94 100644
 --- a/src/shared/gatt-server.c
 +++ b/src/shared/gatt-server.c
@@ -444,9 +444,7 @@ static void process_read_by_type(struct async_read_op *op)
 		return;
 	}
 -	ecode = check_permissions(server, attr, BT_ATT_PERM_READ |
 -						BT_ATT_PERM_READ_AUTHEN |
 -						BT_ATT_PERM_READ_ENCRYPT);
 +	ecode = check_permissions(server, attr, BT_ATT_PERM_READ_MASK);
 	if (ecode)
 		goto error;
@@ -811,9 +809,7 @@ static void write_cb(struct bt_att_chan *chan, uint8_t opcode, const void *pdu,
 				(opcode == BT_ATT_OP_WRITE_REQ) ? "Req" : "Cmd",
 				handle);
 -	ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE |
 -						BT_ATT_PERM_WRITE_AUTHEN |
 -						BT_ATT_PERM_WRITE_ENCRYPT);
 +	ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE_MASK);
 	if (ecode)
 		goto error;
@@ -913,9 +909,7 @@ static void handle_read_req(struct bt_att_chan *chan,
 			opcode == BT_ATT_OP_READ_BLOB_REQ ? "Blob " : "",
 			handle);
 -	ecode = check_permissions(server, attr, BT_ATT_PERM_READ |
 -						BT_ATT_PERM_READ_AUTHEN |
 -						BT_ATT_PERM_READ_ENCRYPT);
 +	ecode = check_permissions(server, attr, BT_ATT_PERM_READ_MASK);
 	if (ecode)
 		goto error;
@@ -1051,9 +1045,8 @@ static void read_multiple_complete_cb(struct gatt_db_attribute *attr, int err,
 		goto error;
 	}
 -	ecode = check_permissions(data->server, next_attr, BT_ATT_PERM_READ |
 -						BT_ATT_PERM_READ_AUTHEN |
 -						BT_ATT_PERM_READ_ENCRYPT);
 +	ecode = check_permissions(data->server, next_attr,
 +						BT_ATT_PERM_READ_MASK);
 	if (ecode)
 		goto error;
@@ -1129,9 +1122,7 @@ static void read_multiple_cb(struct bt_att_chan *chan, uint8_t opcode,
 		goto error;
 	}
 -	ecode = check_permissions(data->server, attr, BT_ATT_PERM_READ |
 -						BT_ATT_PERM_READ_AUTHEN |
 -						BT_ATT_PERM_READ_ENCRYPT);
 +	ecode = check_permissions(data->server, attr, BT_ATT_PERM_READ_MASK);
 	if (ecode)
 		goto error;
@@ -1308,9 +1299,7 @@ static void prep_write_cb(struct bt_att_chan *chan, uint8_t opcode,
 	util_debug(server->debug_callback, server->debug_data,
 				"Prep Write Req - handle: 0x%04x", handle);
 -	ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE |
 -						BT_ATT_PERM_WRITE_AUTHEN |
 -						BT_ATT_PERM_WRITE_ENCRYPT);
 +	ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE_MASK);
 	if (ecode)
 		goto error;
 -- 
 2.26.2
--- a/SPECS/bluez.spec
+++ b/SPECS/bluez.spec
@ -1,7 +1,7 @@
 Name:    bluez
 Summary: Bluetooth utilities
-Version: 5.52
+Version: 5.56
-Release: 5%{?dist}
+Release: 1%{?dist}
 License: GPLv2+
 URL:     http://www.bluez.org/
@ -36,12 +36,15 @@ Patch24: 0001-adapter-Don-t-refresh-adv_manager-for-non-LE-devices.patch
 #Patch25: 0001-core-Add-AlwaysPairable-to-main.conf.patch 
 #Patch26: 0002-agent-Make-the-first-agent-to-register-the-default.patch 
-Patch27: 0001-HOGP-must-only-accept-data-from-bonded-devices.patch
+#Patch27: 0001-HOGP-must-only-accept-data-from-bonded-devices.patch
-Patch28: 0002-HID-accepts-bonded-device-connections-only.patch
+#Patch28: 0002-HID-accepts-bonded-device-connections-only.patch
-Patch29: 0001-shared-att-Fix-possible-crash-on-disconnect.patch
+#Patch29: 0001-shared-att-Fix-possible-crash-on-disconnect.patch
 #https://bugzilla.redhat.com/show_bug.cgi?id=1961511
-Patch30: 0001-input-hog-Attempt-to-set-security-level-if-not-bonde.patch
+#Patch30: 0001-input-hog-Attempt-to-set-security-level-if-not-bonde.patch
 # fixing https://bugzilla.redhat.com/show_bug.cgi?id=1965057
 Patch31: 0001-shared-gatt-server-Fix-not-properly-checking-for-sec.patch
 BuildRequires: git-core
 BuildRequires: dbus-devel >= 1.6
@ -72,7 +75,6 @@ Utilities for use in Bluetooth applications:
 	- l2ping
 	- rfcomm
 	- sdptool
 	- bccmd
 	- bluetoothctl
 	- btmon
 	- hcidump
@ -144,7 +146,7 @@ Object Exchange daemon for sharing files, contacts etc over bluetooth
 libtoolize -f
 autoreconf -f -i
 %configure --enable-tools --enable-library --enable-deprecated \
-           --enable-sixaxis --enable-cups --enable-nfc \
+           --enable-sixaxis --enable-cups --enable-nfc --enable-hid2hci \
           --with-systemdsystemunitdir=%{_unitdir} \
           --with-systemduserunitdir=%{_userunitdir}
@ -218,7 +220,6 @@ make check
 %{_bindir}/l2ping
 %{_bindir}/rfcomm
 %{_bindir}/sdptool
 %{_bindir}/bccmd
 %{_bindir}/bluetoothctl
 %{_bindir}/bluemoon
 %{_bindir}/btmon
@ -236,7 +237,6 @@ make check
 %{_mandir}/man1/hcitool.1.gz
 %{_mandir}/man1/rfcomm.1.gz
 %{_mandir}/man1/sdptool.1.gz
 %{_mandir}/man1/bccmd.1.*
 %{_mandir}/man1/hciattach.1.*
 %{_mandir}/man1/hciconfig.1.*
 %{_mandir}/man1/hcidump.1.*
@ -279,6 +279,11 @@ make check
 %changelog
 * Wed Jun 2 2021 Gopal Tiwari <gtiwari@redhat.com> - 5.56-1
 + bluez-5.56-1
 - Fixing (#1965057)
 - Removing bccmd, enabling hid2hci as upstream removed the support in bluez-5.56 
 * Wed May 26 2021 Gopal Tiwari <gtiwari@redhat.com> - 5.52-5
 + bluez-5.52-5
 - Fixing (#1961511)
`@ -1 +1 @@`
	`75e907922a62588c12d5642293403be0625b4d02 SOURCES/bluez-5.52.tar.xz`	`a862b9ddc039f34f7135bbee3c3e80040e82e046 SOURCES/bluez-5.56.tar.xz`
`@ -1 +1 @@`
	`SOURCES/bluez-5.52.tar.xz`	`SOURCES/bluez-5.56.tar.xz`