rpms/bluez
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import bluez-5.52-1.el8

Browse Source
This commit is contained in:
CentOS Sources 2020-11-03 06:50:46 -05:00
parent 97e61bca29
commit b056913ae0
11 changed files with 58 additions and 313 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.bluez.metadata
View File

@ -1 +1 @@
a59289c91ccb7fac248e916838d4e66d7936151e SOURCES/bluez-5.50.tar.xz
75e907922a62588c12d5642293403be0625b4d02 SOURCES/bluez-5.52.tar.xz

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/bluez-5.50.tar.xz
SOURCES/bluez-5.52.tar.xz

24
SOURCES/0001-build-Always-define-confdir-and-statedir.patch
View File

@ -1,35 +1,41 @@
From 5a62336f4da3a2d1a1ab38d03980d57844bce147 Mon Sep 17 00:00:00 2001
From: Gopal Tiwari <gtiwari@redhat.com>
Date: Mon, 8 Jun 2020 20:56:46 +0530
Subject: [PATCH BlueZ 1/4] build: Always define confdir and statedir
From 69d2e7bebb79f500179298c6c51fafbc217df6c8 Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Wed, 20 Sep 2017 12:49:10 +0200
Subject: [PATCH 1/4] build: Always define confdir and statedir
build: Always define confdir and statedir
As we will need those paths to lock down on them.
---
Makefile.am | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
Makefile.am | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index 555f301ca..1c38d94e5 100644
index 84c9712c9..6e77ed91e 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -30,14 +30,14 @@ include_HEADERS =
AM_CFLAGS = $(WARNING_CFLAGS) $(MISC_CFLAGS)
@@ -31,14 +31,15 @@ pkginclude_HEADERS =
AM_CFLAGS = $(WARNING_CFLAGS) $(MISC_CFLAGS) $(UDEV_CFLAGS) $(ell_cflags)
AM_LDFLAGS = $(MISC_LDFLAGS)
+confdir = $(sysconfdir)/bluetooth
+statedir = $(localstatedir)/lib/bluetooth
+
if DATAFILES
dbusdir = @DBUS_CONFDIR@/dbus-1/system.d
dbusdir = $(DBUS_CONFDIR)/dbus-1/system.d
dbus_DATA = src/bluetooth.conf
-confdir = $(sysconfdir)/bluetooth
conf_DATA =
-
-statedir = $(localstatedir)/lib/bluetooth
state_DATA =
endif
--
2.14.1
2.21.1

31
SOURCES/0001-build-Enable-BIND_NOW.patch
View File

@ -1,31 +0,0 @@
From e45c8fdcb3d7cdb654f6819c02d1bbb5b40b6116 Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Thu, 7 Nov 2013 09:23:35 +0100
Subject: [PATCH 1/4] build: Enable BIND_NOW
Partial RELRO means that the object is GNU_RELRO but not BIND_NOW. This
reduces the effectiveness of RELRO. bluez triggers this because it
enables PIE during the build, and rpmdiff takes this as an indicator
that the best possible hardening is desired.
https://bugzilla.redhat.com/show_bug.cgi?id=983161
---
acinclude.m4 | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/acinclude.m4 b/acinclude.m4
index bc39c6d73..efce2f3cb 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -50,7 +50,7 @@ AC_DEFUN([MISC_FLAGS], [
if (test "${enableval}" = "yes" &&
test "${ac_cv_prog_cc_pie}" = "yes"); then
misc_cflags="$misc_cflags -fPIC"
- misc_ldflags="$misc_ldflags -pie"
+ misc_ldflags="$misc_ldflags -pie -Wl,-z,now"
fi
])
if (test "$enable_coverage" = "yes"); then
--
2.14.1

151
SOURCES/0001-core-Add-AlwaysPairable-to-main.conf.patch
View File

@ -1,151 +0,0 @@
From 4aa826664dd5d6e784162c2393149ecb01550fb1 Mon Sep 17 00:00:00 2001
From: Gopal Tiwari <gtiwari@redhat.com>
Date: Wed, 18 Dec 2019 19:31:49 +0530
Subject: [PATCH BlueZ 1/2] core: Add AlwaysPairable to main.conf
commit 1880b299086659844889cdaf687133aca5eaf102
Author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Date: Fri Jul 27 11:14:04 2018 +0300
core: Add AlwaysPairable to main.conf
This adds a new option called AlwaysPairable to main.conf, it can be
used to enable Adapter.Pairable even in case there is no Agent
available.
Since that could be consider a security problem to allow pairing
without user's consent the option defaults to false.
---
src/adapter.c | 16 +++++++++++++++-
src/agent.h | 7 +++++++
src/device.c | 2 --
src/hcid.h | 1 +
src/main.c | 11 +++++++++++
src/main.conf | 5 +++++
6 files changed, 39 insertions(+), 3 deletions(-)
diff --git a/src/adapter.c b/src/adapter.c
index af340fd6e..720621f47 100644
--- a/src/adapter.c
+++ b/src/adapter.c
@@ -7754,6 +7754,19 @@ int adapter_set_io_capability(struct btd_adapter *adapter, uint8_t io_cap)
{
struct mgmt_cp_set_io_capability cp;
+ if (!main_opts.pairable) {
+ if (io_cap == IO_CAPABILITY_INVALID) {
+ if (adapter->current_settings & MGMT_SETTING_BONDABLE)
+ set_mode(adapter, MGMT_OP_SET_BONDABLE, 0x00);
+
+ return 0;
+ }
+
+ if (!(adapter->current_settings & MGMT_SETTING_BONDABLE))
+ set_mode(adapter, MGMT_OP_SET_BONDABLE, 0x01);
+ } else if (io_cap == IO_CAPABILITY_INVALID)
+ io_cap = IO_CAPABILITY_NOINPUTNOOUTPUT;
+
memset(&cp, 0, sizeof(cp));
cp.io_capability = io_cap;
@@ -8682,7 +8695,8 @@ static void read_info_complete(uint8_t status, uint16_t length,
set_name(adapter, btd_adapter_get_name(adapter));
- if (!(adapter->current_settings & MGMT_SETTING_BONDABLE))
+ if (main_opts.pairable &&
+ !(adapter->current_settings & MGMT_SETTING_BONDABLE))
set_mode(adapter, MGMT_OP_SET_BONDABLE, 0x01);
if (!kernel_conn_control)
diff --git a/src/agent.h b/src/agent.h
index 1e4692036..f14d14325 100644
--- a/src/agent.h
+++ b/src/agent.h
@@ -22,6 +22,13 @@
*
*/
+#define IO_CAPABILITY_DISPLAYONLY 0x00
+#define IO_CAPABILITY_DISPLAYYESNO 0x01
+#define IO_CAPABILITY_KEYBOARDONLY 0x02
+#define IO_CAPABILITY_NOINPUTNOOUTPUT 0x03
+#define IO_CAPABILITY_KEYBOARDDISPLAY 0x04
+#define IO_CAPABILITY_INVALID 0xFF
+
struct agent;
typedef void (*agent_cb) (struct agent *agent, DBusError *err,
diff --git a/src/device.c b/src/device.c
index 4f1af7012..0d7907a69 100644
--- a/src/device.c
+++ b/src/device.c
@@ -75,8 +75,6 @@
#include "attrib-server.h"
#include "eir.h"
-#define IO_CAPABILITY_NOINPUTNOOUTPUT 0x03
-
#define DISCONNECT_TIMER 2
#define DISCOVERY_TIMER 1
#define INVALID_FLAGS 0xff
diff --git a/src/hcid.h b/src/hcid.h
index 2c2b89d9c..ba250578a 100644
--- a/src/hcid.h
+++ b/src/hcid.h
@@ -38,6 +38,7 @@ typedef enum {
struct main_opts {
char *name;
uint32_t class;
+ gboolean pairable;
uint32_t pairto;
uint32_t discovto;
uint8_t privacy;
diff --git a/src/main.c b/src/main.c
index 7e6af42cd..156406343 100644
--- a/src/main.c
+++ b/src/main.c
@@ -81,6 +81,7 @@ static const char *supported_options[] = {
"Name",
"Class",
"DiscoverableTimeout",
+ "AlwaysPairable"
"PairableTimeout",
"DeviceID",
"ReverseServiceDiscovery",
@@ -287,6 +288,16 @@ static void parse_config(GKeyFile *config)
main_opts.discovto = val;
}
+ boolean = g_key_file_get_boolean(config, "General",
+ "AlwaysPairable", &err);
+ if (err) {
+ DBG("%s", err->message);
+ g_clear_error(&err);
+ } else {
+ DBG("pairable=%s", boolean ? "true" : "false");
+ main_opts.pairable = boolean;
+ }
+
val = g_key_file_get_integer(config, "General",
"PairableTimeout", &err);
if (err) {
diff --git a/src/main.conf b/src/main.conf
index cbae32ec5..0d480d183 100644
--- a/src/main.conf
+++ b/src/main.conf
@@ -13,6 +13,11 @@
# 0 = disable timer, i.e. stay discoverable forever
#DiscoverableTimeout = 0
+# Always allow pairing even if there are no agent registered
+# Possible values: true, false
+# Default: false
+#AlwaysPairable = false
+
# How long to stay in pairable mode before going back to non-discoverable
# The value is in seconds. Default is 0.
# 0 = disable timer, i.e. stay pairable forever
--
2.17.2

61
SOURCES/0002-agent-Make-the-first-agent-to-register-the-default.patch
View File

@ -1,61 +0,0 @@
From 997fd427eab3770d11f3d0c9f04629a6cefc22b4 Mon Sep 17 00:00:00 2001
From: Gopal Tiwari <gtiwari@redhat.com>
Date: Wed, 18 Dec 2019 19:33:33 +0530
Subject: [PATCH BlueZ 2/2] agent: Make the first agent to register the
default
commit 9213ff7642a33aa481e3c61989ad60f7985b9984
Author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Date: Fri Jul 27 11:01:04 2018 +0300
agent: Make the first agent to register the default
This simplifies the handling of default agent and enforce the IO
capabilities to be set whenever there is an agent available in the
system.
---
src/agent.c | 14 ++++++--------
1 file changed, 6 insertions(+), 8 deletions(-)
diff --git a/src/agent.c b/src/agent.c
index ff44d5755..183e2f190 100644
--- a/src/agent.c
+++ b/src/agent.c
@@ -50,13 +50,6 @@
#include "agent.h"
#include "shared/queue.h"
-#define IO_CAPABILITY_DISPLAYONLY 0x00
-#define IO_CAPABILITY_DISPLAYYESNO 0x01
-#define IO_CAPABILITY_KEYBOARDONLY 0x02
-#define IO_CAPABILITY_NOINPUTNOOUTPUT 0x03
-#define IO_CAPABILITY_KEYBOARDDISPLAY 0x04
-#define IO_CAPABILITY_INVALID 0xFF
-
#define REQUEST_TIMEOUT (60 * 1000) /* 60 seconds */
#define AGENT_INTERFACE "org.bluez.Agent1"
@@ -150,7 +143,7 @@ static void set_io_cap(struct btd_adapter *adapter, gpointer user_data)
if (agent)
io_cap = agent->capability;
else
- io_cap = IO_CAPABILITY_NOINPUTNOOUTPUT;
+ io_cap = IO_CAPABILITY_INVALID;
adapter_set_io_capability(adapter, io_cap);
}
@@ -294,6 +287,11 @@ static struct agent *agent_create( const char *name, const char *path,
name, agent_disconnect,
agent, NULL);
+ if (queue_isempty(default_agents))
+ add_default_agent(agent);
+ else
+ queue_push_tail(default_agents, agent);
+
return agent_ref(agent);
}
--
2.17.2

12
SOURCES/0002-systemd-Add-PrivateTmp-and-NoNewPrivileges-options.patch
View File

@ -1,7 +1,13 @@
From 98826d0717fe831265256f996c9e90d15262bef1 Mon Sep 17 00:00:00 2001
From: Gopal Tiwari <gtiwari@redhat.com>
Date: Mon, 8 Jun 2020 19:54:24 +0530
Subject: [PATCH BlueZ 2/4] systemd: Add PrivateTmp and NoNewPrivileges options
From 4570164f0c90603bd07eb9e7c07e17bbafb5b5da Mon Sep 17 00:00:00 2001
From: Craig Andrews <candrews@integralblue.com>
Date: Wed, 13 Sep 2017 15:23:09 +0200
Subject: [PATCH 2/4] systemd: Add PrivateTmp and NoNewPrivileges options
systemd: Add PrivateTmp and NoNewPrivileges options
PrivateTmp makes bluetoothd's /tmp and /var/tmp be inside a different
namespace. This is useful to secure access to temporary files of the
@ -15,7 +21,7 @@ possible privilege escalations.
1 file changed, 6 insertions(+)
diff --git a/src/bluetooth.service.in b/src/bluetooth.service.in
index f799f65f0..a6f3030f9 100644
index f9faaa452..7c2f60bb4 100644
--- a/src/bluetooth.service.in
+++ b/src/bluetooth.service.in
@@ -12,8 +12,14 @@ NotifyAccess=main
@ -34,5 +40,5 @@ index f799f65f0..a6f3030f9 100644
[Install]
WantedBy=bluetooth.target
--
2.14.1
2.21.1

18
SOURCES/0003-systemd-Add-more-filesystem-lockdown.patch
View File

@ -1,7 +1,13 @@
From 1da4185a89fba1c14032ab87757e5fb798d76bc0 Mon Sep 17 00:00:00 2001
From: Gopal Tiwari <gtiwari@redhat.com>
Date: Mon, 8 Jun 2020 19:55:39 +0530
Subject: [PATCH BlueZ 3/4] systemd: Add more filesystem lockdown
From 73a9c0902e7c97adf96e735407a75033152c04a9 Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Wed, 13 Sep 2017 15:37:11 +0200
Subject: [PATCH 3/4] systemd: Add more filesystem lockdown
systemd: Add more filesystem lockdown
We can only access the configuration file as read-only and read-write
to the Bluetooth cache directory and sub-directories.
@ -11,20 +17,20 @@ to the Bluetooth cache directory and sub-directories.
2 files changed, 6 insertions(+)
diff --git a/Makefile.am b/Makefile.am
index 1c38d94e5..13ccf9079 100644
index cdd2fd8fb..0af1a8c45 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -478,6 +478,8 @@ MAINTAINERCLEANFILES = Makefile.in \
@@ -580,6 +580,8 @@ MAINTAINERCLEANFILES = Makefile.in \
SED_PROCESS = $(AM_V_GEN)$(MKDIR_P) $(dir $@) && \
$(SED) -e 's,@libexecdir\@,$(libexecdir),g' \
$(SED) -e 's,@pkglibexecdir\@,$(pkglibexecdir),g' \
+ -e 's,@statedir\@,$(statedir),g' \
+ -e 's,@confdir\@,$(confdir),g' \
< $< > $@
%.service: %.service.in Makefile
diff --git a/src/bluetooth.service.in b/src/bluetooth.service.in
index a6f3030f9..7e55b5043 100644
index 7c2f60bb4..4daedef2a 100644
--- a/src/bluetooth.service.in
+++ b/src/bluetooth.service.in
@@ -17,6 +17,10 @@ LimitNPROC=1
@ -39,5 +45,5 @@ index a6f3030f9..7e55b5043 100644
# Privilege escalation
NoNewPrivileges=true
--
2.14.1
2.21.1

41
SOURCES/0003-tools-csr_usb-Fix-compilation-failure.patch
View File

@ -1,41 +0,0 @@
From 07a12a6685ea57be18f39e349dbc42e4af3744ed Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Tue, 5 Sep 2017 10:32:15 +0200
Subject: [PATCH 3/4] tools/csr_usb: Fix compilation failure
GCC's "format-nonliteral" security check is enabled as an error in
recent versions of Fedora. Given the reduced scope of use, mark the
error as ignorable through pragma.
tools/csr_usb.c: In function 'read_value':
tools/csr_usb.c:82:2: error: format not a string literal, argument types not checked [-Werror=format-nonliteral]
n = fscanf(file, format, &value);
^
---
tools/csr_usb.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/tools/csr_usb.c b/tools/csr_usb.c
index a1d7324f7..33e9968a2 100644
--- a/tools/csr_usb.c
+++ b/tools/csr_usb.c
@@ -67,6 +67,8 @@ struct usbfs_bulktransfer {
#define USBFS_IOCTL_CLAIMINTF _IOR('U', 15, unsigned int)
#define USBFS_IOCTL_RELEASEINTF _IOR('U', 16, unsigned int)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wformat-nonliteral"
static int read_value(const char *name, const char *attr, const char *format)
{
char path[PATH_MAX];
@@ -88,6 +90,7 @@ static int read_value(const char *name, const char *attr, const char *format)
fclose(file);
return value;
}
+#pragma GCC diagnostic pop
static char *check_device(const char *name)
{
--
2.14.1

12
SOURCES/0004-systemd-More-lockdown.patch
View File

@ -1,7 +1,13 @@
From 9a7872f04cb748e8de743d9136ecd91539d13cb7 Mon Sep 17 00:00:00 2001
From: Gopal Tiwari <gtiwari@redhat.com>
Date: Mon, 8 Jun 2020 19:56:42 +0530
Subject: [PATCH BlueZ 4/4] systemd: More lockdown
From 171d812218883281fed57b57fafd5c18eac441ac Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Wed, 13 Sep 2017 15:38:26 +0200
Subject: [PATCH 4/4] systemd: More lockdown
systemd: More lockdown
bluetoothd does not need to execute mapped memory, or real-time
access, so block those.
@ -10,7 +16,7 @@ access, so block those.
1 file changed, 6 insertions(+)
diff --git a/src/bluetooth.service.in b/src/bluetooth.service.in
index 7e55b5043..e8267b338 100644
index 4daedef2a..f18801866 100644
--- a/src/bluetooth.service.in
+++ b/src/bluetooth.service.in
@@ -22,9 +22,15 @@ ProtectControlGroups=true
@ -30,5 +36,5 @@ index 7e55b5043..e8267b338 100644
WantedBy=bluetooth.target
Alias=dbus-org.bluez.service
--
2.14.1
2.21.1

17
SPECS/bluez.spec
View File

@ -1,7 +1,7 @@
Name: bluez
Summary: Bluetooth utilities
Version: 5.50
Release: 4%{?dist}
Version: 5.52
Release: 1%{?dist}
License: GPLv2+
URL: http://www.bluez.org/
@ -15,8 +15,8 @@ Source3: btattach-bcm@.service
Source4: btattach-bcm-service.sh
# https://github.com/hadess/bluez/commits/build-fixes-5.46
Patch1: 0001-build-Enable-BIND_NOW.patch
Patch2: 0003-tools-csr_usb-Fix-compilation-failure.patch
#Patch1: 0001-build-Enable-BIND_NOW.patch
#Patch2: 0003-tools-csr_usb-Fix-compilation-failure.patch
# https://github.com/hadess/bluez/commits/obex-5.46
Patch3: 0001-obex-Use-GLib-helper-function-to-manipulate-paths.patch
@ -33,8 +33,8 @@ Patch23: 0004-systemd-More-lockdown.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1567622
Patch24: 0001-adapter-Don-t-refresh-adv_manager-for-non-LE-devices.patch
Patch25: 0001-core-Add-AlwaysPairable-to-main.conf.patch
Patch26: 0002-agent-Make-the-first-agent-to-register-the-default.patch
#Patch25: 0001-core-Add-AlwaysPairable-to-main.conf.patch
#Patch26: 0002-agent-Make-the-first-agent-to-register-the-default.patch
Patch27: 0001-HOGP-must-only-accept-data-from-bonded-devices.patch
Patch28: 0002-HID-accepts-bonded-device-connections-only.patch
@ -226,6 +226,7 @@ make check
%{_bindir}/mpris-proxy
%{_bindir}/gatttool
%{_bindir}/rctest
%{_datadir}/zsh/site-functions/_bluetoothctl
%{_mandir}/man1/btattach.1.gz
%{_mandir}/man1/ciptool.1.gz
%{_mandir}/man1/hcitool.1.gz
@ -247,6 +248,7 @@ make check
%{_unitdir}/btattach-bcm@.service
%{_udevrulesdir}/69-btattach-bcm.rules
%files libs
%{!?_licensedir:%global license %%doc}
%license COPYING
@ -272,6 +274,9 @@ make check
%{_userunitdir}/obex.service
%changelog
* Tue Jun 9 2020 Gopal Tiwari <gtiwari@redhat.com> - 5.52-1
+ bluez-5.52-1
- Fixing (#1830397)
* Fri Apr 24 2020 Gopal Tiwari <gtiwari@redhat.com> - 5.50-4
+ bluez-5.50-4