import bluez-5.52-1.el8
This commit is contained in:
parent
97e61bca29
commit
b056913ae0
@ -1 +1 @@
|
|||||||
a59289c91ccb7fac248e916838d4e66d7936151e SOURCES/bluez-5.50.tar.xz
|
75e907922a62588c12d5642293403be0625b4d02 SOURCES/bluez-5.52.tar.xz
|
||||||
|
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
|||||||
SOURCES/bluez-5.50.tar.xz
|
SOURCES/bluez-5.52.tar.xz
|
||||||
|
@ -1,35 +1,41 @@
|
|||||||
|
From 5a62336f4da3a2d1a1ab38d03980d57844bce147 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Gopal Tiwari <gtiwari@redhat.com>
|
||||||
|
Date: Mon, 8 Jun 2020 20:56:46 +0530
|
||||||
|
Subject: [PATCH BlueZ 1/4] build: Always define confdir and statedir
|
||||||
|
|
||||||
From 69d2e7bebb79f500179298c6c51fafbc217df6c8 Mon Sep 17 00:00:00 2001
|
From 69d2e7bebb79f500179298c6c51fafbc217df6c8 Mon Sep 17 00:00:00 2001
|
||||||
From: Bastien Nocera <hadess@hadess.net>
|
From: Bastien Nocera <hadess@hadess.net>
|
||||||
Date: Wed, 20 Sep 2017 12:49:10 +0200
|
Date: Wed, 20 Sep 2017 12:49:10 +0200
|
||||||
Subject: [PATCH 1/4] build: Always define confdir and statedir
|
|
||||||
|
build: Always define confdir and statedir
|
||||||
|
|
||||||
As we will need those paths to lock down on them.
|
As we will need those paths to lock down on them.
|
||||||
---
|
---
|
||||||
Makefile.am | 6 +++---
|
Makefile.am | 5 +++--
|
||||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
1 file changed, 3 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
diff --git a/Makefile.am b/Makefile.am
|
diff --git a/Makefile.am b/Makefile.am
|
||||||
index 555f301ca..1c38d94e5 100644
|
index 84c9712c9..6e77ed91e 100644
|
||||||
--- a/Makefile.am
|
--- a/Makefile.am
|
||||||
+++ b/Makefile.am
|
+++ b/Makefile.am
|
||||||
@@ -30,14 +30,14 @@ include_HEADERS =
|
@@ -31,14 +31,15 @@ pkginclude_HEADERS =
|
||||||
AM_CFLAGS = $(WARNING_CFLAGS) $(MISC_CFLAGS)
|
AM_CFLAGS = $(WARNING_CFLAGS) $(MISC_CFLAGS) $(UDEV_CFLAGS) $(ell_cflags)
|
||||||
AM_LDFLAGS = $(MISC_LDFLAGS)
|
AM_LDFLAGS = $(MISC_LDFLAGS)
|
||||||
|
|
||||||
+confdir = $(sysconfdir)/bluetooth
|
+confdir = $(sysconfdir)/bluetooth
|
||||||
+statedir = $(localstatedir)/lib/bluetooth
|
+statedir = $(localstatedir)/lib/bluetooth
|
||||||
+
|
+
|
||||||
if DATAFILES
|
if DATAFILES
|
||||||
dbusdir = @DBUS_CONFDIR@/dbus-1/system.d
|
dbusdir = $(DBUS_CONFDIR)/dbus-1/system.d
|
||||||
dbus_DATA = src/bluetooth.conf
|
dbus_DATA = src/bluetooth.conf
|
||||||
|
|
||||||
-confdir = $(sysconfdir)/bluetooth
|
-confdir = $(sysconfdir)/bluetooth
|
||||||
conf_DATA =
|
conf_DATA =
|
||||||
-
|
|
||||||
-statedir = $(localstatedir)/lib/bluetooth
|
-statedir = $(localstatedir)/lib/bluetooth
|
||||||
state_DATA =
|
state_DATA =
|
||||||
endif
|
endif
|
||||||
|
|
||||||
--
|
--
|
||||||
2.14.1
|
2.21.1
|
||||||
|
|
||||||
|
@ -1,31 +0,0 @@
|
|||||||
From e45c8fdcb3d7cdb654f6819c02d1bbb5b40b6116 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Florian Weimer <fweimer@redhat.com>
|
|
||||||
Date: Thu, 7 Nov 2013 09:23:35 +0100
|
|
||||||
Subject: [PATCH 1/4] build: Enable BIND_NOW
|
|
||||||
|
|
||||||
Partial RELRO means that the object is GNU_RELRO but not BIND_NOW. This
|
|
||||||
reduces the effectiveness of RELRO. bluez triggers this because it
|
|
||||||
enables PIE during the build, and rpmdiff takes this as an indicator
|
|
||||||
that the best possible hardening is desired.
|
|
||||||
|
|
||||||
https://bugzilla.redhat.com/show_bug.cgi?id=983161
|
|
||||||
---
|
|
||||||
acinclude.m4 | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/acinclude.m4 b/acinclude.m4
|
|
||||||
index bc39c6d73..efce2f3cb 100644
|
|
||||||
--- a/acinclude.m4
|
|
||||||
+++ b/acinclude.m4
|
|
||||||
@@ -50,7 +50,7 @@ AC_DEFUN([MISC_FLAGS], [
|
|
||||||
if (test "${enableval}" = "yes" &&
|
|
||||||
test "${ac_cv_prog_cc_pie}" = "yes"); then
|
|
||||||
misc_cflags="$misc_cflags -fPIC"
|
|
||||||
- misc_ldflags="$misc_ldflags -pie"
|
|
||||||
+ misc_ldflags="$misc_ldflags -pie -Wl,-z,now"
|
|
||||||
fi
|
|
||||||
])
|
|
||||||
if (test "$enable_coverage" = "yes"); then
|
|
||||||
--
|
|
||||||
2.14.1
|
|
||||||
|
|
@ -1,151 +0,0 @@
|
|||||||
From 4aa826664dd5d6e784162c2393149ecb01550fb1 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Gopal Tiwari <gtiwari@redhat.com>
|
|
||||||
Date: Wed, 18 Dec 2019 19:31:49 +0530
|
|
||||||
Subject: [PATCH BlueZ 1/2] core: Add AlwaysPairable to main.conf
|
|
||||||
|
|
||||||
commit 1880b299086659844889cdaf687133aca5eaf102
|
|
||||||
Author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
|
|
||||||
Date: Fri Jul 27 11:14:04 2018 +0300
|
|
||||||
|
|
||||||
core: Add AlwaysPairable to main.conf
|
|
||||||
|
|
||||||
This adds a new option called AlwaysPairable to main.conf, it can be
|
|
||||||
used to enable Adapter.Pairable even in case there is no Agent
|
|
||||||
available.
|
|
||||||
|
|
||||||
Since that could be consider a security problem to allow pairing
|
|
||||||
without user's consent the option defaults to false.
|
|
||||||
---
|
|
||||||
src/adapter.c | 16 +++++++++++++++-
|
|
||||||
src/agent.h | 7 +++++++
|
|
||||||
src/device.c | 2 --
|
|
||||||
src/hcid.h | 1 +
|
|
||||||
src/main.c | 11 +++++++++++
|
|
||||||
src/main.conf | 5 +++++
|
|
||||||
6 files changed, 39 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/adapter.c b/src/adapter.c
|
|
||||||
index af340fd6e..720621f47 100644
|
|
||||||
--- a/src/adapter.c
|
|
||||||
+++ b/src/adapter.c
|
|
||||||
@@ -7754,6 +7754,19 @@ int adapter_set_io_capability(struct btd_adapter *adapter, uint8_t io_cap)
|
|
||||||
{
|
|
||||||
struct mgmt_cp_set_io_capability cp;
|
|
||||||
|
|
||||||
+ if (!main_opts.pairable) {
|
|
||||||
+ if (io_cap == IO_CAPABILITY_INVALID) {
|
|
||||||
+ if (adapter->current_settings & MGMT_SETTING_BONDABLE)
|
|
||||||
+ set_mode(adapter, MGMT_OP_SET_BONDABLE, 0x00);
|
|
||||||
+
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (!(adapter->current_settings & MGMT_SETTING_BONDABLE))
|
|
||||||
+ set_mode(adapter, MGMT_OP_SET_BONDABLE, 0x01);
|
|
||||||
+ } else if (io_cap == IO_CAPABILITY_INVALID)
|
|
||||||
+ io_cap = IO_CAPABILITY_NOINPUTNOOUTPUT;
|
|
||||||
+
|
|
||||||
memset(&cp, 0, sizeof(cp));
|
|
||||||
cp.io_capability = io_cap;
|
|
||||||
|
|
||||||
@@ -8682,7 +8695,8 @@ static void read_info_complete(uint8_t status, uint16_t length,
|
|
||||||
|
|
||||||
set_name(adapter, btd_adapter_get_name(adapter));
|
|
||||||
|
|
||||||
- if (!(adapter->current_settings & MGMT_SETTING_BONDABLE))
|
|
||||||
+ if (main_opts.pairable &&
|
|
||||||
+ !(adapter->current_settings & MGMT_SETTING_BONDABLE))
|
|
||||||
set_mode(adapter, MGMT_OP_SET_BONDABLE, 0x01);
|
|
||||||
|
|
||||||
if (!kernel_conn_control)
|
|
||||||
diff --git a/src/agent.h b/src/agent.h
|
|
||||||
index 1e4692036..f14d14325 100644
|
|
||||||
--- a/src/agent.h
|
|
||||||
+++ b/src/agent.h
|
|
||||||
@@ -22,6 +22,13 @@
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
+#define IO_CAPABILITY_DISPLAYONLY 0x00
|
|
||||||
+#define IO_CAPABILITY_DISPLAYYESNO 0x01
|
|
||||||
+#define IO_CAPABILITY_KEYBOARDONLY 0x02
|
|
||||||
+#define IO_CAPABILITY_NOINPUTNOOUTPUT 0x03
|
|
||||||
+#define IO_CAPABILITY_KEYBOARDDISPLAY 0x04
|
|
||||||
+#define IO_CAPABILITY_INVALID 0xFF
|
|
||||||
+
|
|
||||||
struct agent;
|
|
||||||
|
|
||||||
typedef void (*agent_cb) (struct agent *agent, DBusError *err,
|
|
||||||
diff --git a/src/device.c b/src/device.c
|
|
||||||
index 4f1af7012..0d7907a69 100644
|
|
||||||
--- a/src/device.c
|
|
||||||
+++ b/src/device.c
|
|
||||||
@@ -75,8 +75,6 @@
|
|
||||||
#include "attrib-server.h"
|
|
||||||
#include "eir.h"
|
|
||||||
|
|
||||||
-#define IO_CAPABILITY_NOINPUTNOOUTPUT 0x03
|
|
||||||
-
|
|
||||||
#define DISCONNECT_TIMER 2
|
|
||||||
#define DISCOVERY_TIMER 1
|
|
||||||
#define INVALID_FLAGS 0xff
|
|
||||||
diff --git a/src/hcid.h b/src/hcid.h
|
|
||||||
index 2c2b89d9c..ba250578a 100644
|
|
||||||
--- a/src/hcid.h
|
|
||||||
+++ b/src/hcid.h
|
|
||||||
@@ -38,6 +38,7 @@ typedef enum {
|
|
||||||
struct main_opts {
|
|
||||||
char *name;
|
|
||||||
uint32_t class;
|
|
||||||
+ gboolean pairable;
|
|
||||||
uint32_t pairto;
|
|
||||||
uint32_t discovto;
|
|
||||||
uint8_t privacy;
|
|
||||||
diff --git a/src/main.c b/src/main.c
|
|
||||||
index 7e6af42cd..156406343 100644
|
|
||||||
--- a/src/main.c
|
|
||||||
+++ b/src/main.c
|
|
||||||
@@ -81,6 +81,7 @@ static const char *supported_options[] = {
|
|
||||||
"Name",
|
|
||||||
"Class",
|
|
||||||
"DiscoverableTimeout",
|
|
||||||
+ "AlwaysPairable"
|
|
||||||
"PairableTimeout",
|
|
||||||
"DeviceID",
|
|
||||||
"ReverseServiceDiscovery",
|
|
||||||
@@ -287,6 +288,16 @@ static void parse_config(GKeyFile *config)
|
|
||||||
main_opts.discovto = val;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ boolean = g_key_file_get_boolean(config, "General",
|
|
||||||
+ "AlwaysPairable", &err);
|
|
||||||
+ if (err) {
|
|
||||||
+ DBG("%s", err->message);
|
|
||||||
+ g_clear_error(&err);
|
|
||||||
+ } else {
|
|
||||||
+ DBG("pairable=%s", boolean ? "true" : "false");
|
|
||||||
+ main_opts.pairable = boolean;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
val = g_key_file_get_integer(config, "General",
|
|
||||||
"PairableTimeout", &err);
|
|
||||||
if (err) {
|
|
||||||
diff --git a/src/main.conf b/src/main.conf
|
|
||||||
index cbae32ec5..0d480d183 100644
|
|
||||||
--- a/src/main.conf
|
|
||||||
+++ b/src/main.conf
|
|
||||||
@@ -13,6 +13,11 @@
|
|
||||||
# 0 = disable timer, i.e. stay discoverable forever
|
|
||||||
#DiscoverableTimeout = 0
|
|
||||||
|
|
||||||
+# Always allow pairing even if there are no agent registered
|
|
||||||
+# Possible values: true, false
|
|
||||||
+# Default: false
|
|
||||||
+#AlwaysPairable = false
|
|
||||||
+
|
|
||||||
# How long to stay in pairable mode before going back to non-discoverable
|
|
||||||
# The value is in seconds. Default is 0.
|
|
||||||
# 0 = disable timer, i.e. stay pairable forever
|
|
||||||
--
|
|
||||||
2.17.2
|
|
||||||
|
|
@ -1,61 +0,0 @@
|
|||||||
From 997fd427eab3770d11f3d0c9f04629a6cefc22b4 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Gopal Tiwari <gtiwari@redhat.com>
|
|
||||||
Date: Wed, 18 Dec 2019 19:33:33 +0530
|
|
||||||
Subject: [PATCH BlueZ 2/2] agent: Make the first agent to register the
|
|
||||||
default
|
|
||||||
|
|
||||||
commit 9213ff7642a33aa481e3c61989ad60f7985b9984
|
|
||||||
Author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
|
|
||||||
Date: Fri Jul 27 11:01:04 2018 +0300
|
|
||||||
|
|
||||||
agent: Make the first agent to register the default
|
|
||||||
|
|
||||||
This simplifies the handling of default agent and enforce the IO
|
|
||||||
capabilities to be set whenever there is an agent available in the
|
|
||||||
system.
|
|
||||||
---
|
|
||||||
src/agent.c | 14 ++++++--------
|
|
||||||
1 file changed, 6 insertions(+), 8 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/agent.c b/src/agent.c
|
|
||||||
index ff44d5755..183e2f190 100644
|
|
||||||
--- a/src/agent.c
|
|
||||||
+++ b/src/agent.c
|
|
||||||
@@ -50,13 +50,6 @@
|
|
||||||
#include "agent.h"
|
|
||||||
#include "shared/queue.h"
|
|
||||||
|
|
||||||
-#define IO_CAPABILITY_DISPLAYONLY 0x00
|
|
||||||
-#define IO_CAPABILITY_DISPLAYYESNO 0x01
|
|
||||||
-#define IO_CAPABILITY_KEYBOARDONLY 0x02
|
|
||||||
-#define IO_CAPABILITY_NOINPUTNOOUTPUT 0x03
|
|
||||||
-#define IO_CAPABILITY_KEYBOARDDISPLAY 0x04
|
|
||||||
-#define IO_CAPABILITY_INVALID 0xFF
|
|
||||||
-
|
|
||||||
#define REQUEST_TIMEOUT (60 * 1000) /* 60 seconds */
|
|
||||||
#define AGENT_INTERFACE "org.bluez.Agent1"
|
|
||||||
|
|
||||||
@@ -150,7 +143,7 @@ static void set_io_cap(struct btd_adapter *adapter, gpointer user_data)
|
|
||||||
if (agent)
|
|
||||||
io_cap = agent->capability;
|
|
||||||
else
|
|
||||||
- io_cap = IO_CAPABILITY_NOINPUTNOOUTPUT;
|
|
||||||
+ io_cap = IO_CAPABILITY_INVALID;
|
|
||||||
|
|
||||||
adapter_set_io_capability(adapter, io_cap);
|
|
||||||
}
|
|
||||||
@@ -294,6 +287,11 @@ static struct agent *agent_create( const char *name, const char *path,
|
|
||||||
name, agent_disconnect,
|
|
||||||
agent, NULL);
|
|
||||||
|
|
||||||
+ if (queue_isempty(default_agents))
|
|
||||||
+ add_default_agent(agent);
|
|
||||||
+ else
|
|
||||||
+ queue_push_tail(default_agents, agent);
|
|
||||||
+
|
|
||||||
return agent_ref(agent);
|
|
||||||
}
|
|
||||||
|
|
||||||
--
|
|
||||||
2.17.2
|
|
||||||
|
|
@ -1,7 +1,13 @@
|
|||||||
|
From 98826d0717fe831265256f996c9e90d15262bef1 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Gopal Tiwari <gtiwari@redhat.com>
|
||||||
|
Date: Mon, 8 Jun 2020 19:54:24 +0530
|
||||||
|
Subject: [PATCH BlueZ 2/4] systemd: Add PrivateTmp and NoNewPrivileges options
|
||||||
|
|
||||||
From 4570164f0c90603bd07eb9e7c07e17bbafb5b5da Mon Sep 17 00:00:00 2001
|
From 4570164f0c90603bd07eb9e7c07e17bbafb5b5da Mon Sep 17 00:00:00 2001
|
||||||
From: Craig Andrews <candrews@integralblue.com>
|
From: Craig Andrews <candrews@integralblue.com>
|
||||||
Date: Wed, 13 Sep 2017 15:23:09 +0200
|
Date: Wed, 13 Sep 2017 15:23:09 +0200
|
||||||
Subject: [PATCH 2/4] systemd: Add PrivateTmp and NoNewPrivileges options
|
|
||||||
|
systemd: Add PrivateTmp and NoNewPrivileges options
|
||||||
|
|
||||||
PrivateTmp makes bluetoothd's /tmp and /var/tmp be inside a different
|
PrivateTmp makes bluetoothd's /tmp and /var/tmp be inside a different
|
||||||
namespace. This is useful to secure access to temporary files of the
|
namespace. This is useful to secure access to temporary files of the
|
||||||
@ -15,7 +21,7 @@ possible privilege escalations.
|
|||||||
1 file changed, 6 insertions(+)
|
1 file changed, 6 insertions(+)
|
||||||
|
|
||||||
diff --git a/src/bluetooth.service.in b/src/bluetooth.service.in
|
diff --git a/src/bluetooth.service.in b/src/bluetooth.service.in
|
||||||
index f799f65f0..a6f3030f9 100644
|
index f9faaa452..7c2f60bb4 100644
|
||||||
--- a/src/bluetooth.service.in
|
--- a/src/bluetooth.service.in
|
||||||
+++ b/src/bluetooth.service.in
|
+++ b/src/bluetooth.service.in
|
||||||
@@ -12,8 +12,14 @@ NotifyAccess=main
|
@@ -12,8 +12,14 @@ NotifyAccess=main
|
||||||
@ -34,5 +40,5 @@ index f799f65f0..a6f3030f9 100644
|
|||||||
[Install]
|
[Install]
|
||||||
WantedBy=bluetooth.target
|
WantedBy=bluetooth.target
|
||||||
--
|
--
|
||||||
2.14.1
|
2.21.1
|
||||||
|
|
||||||
|
@ -1,7 +1,13 @@
|
|||||||
|
From 1da4185a89fba1c14032ab87757e5fb798d76bc0 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Gopal Tiwari <gtiwari@redhat.com>
|
||||||
|
Date: Mon, 8 Jun 2020 19:55:39 +0530
|
||||||
|
Subject: [PATCH BlueZ 3/4] systemd: Add more filesystem lockdown
|
||||||
|
|
||||||
From 73a9c0902e7c97adf96e735407a75033152c04a9 Mon Sep 17 00:00:00 2001
|
From 73a9c0902e7c97adf96e735407a75033152c04a9 Mon Sep 17 00:00:00 2001
|
||||||
From: Bastien Nocera <hadess@hadess.net>
|
From: Bastien Nocera <hadess@hadess.net>
|
||||||
Date: Wed, 13 Sep 2017 15:37:11 +0200
|
Date: Wed, 13 Sep 2017 15:37:11 +0200
|
||||||
Subject: [PATCH 3/4] systemd: Add more filesystem lockdown
|
|
||||||
|
systemd: Add more filesystem lockdown
|
||||||
|
|
||||||
We can only access the configuration file as read-only and read-write
|
We can only access the configuration file as read-only and read-write
|
||||||
to the Bluetooth cache directory and sub-directories.
|
to the Bluetooth cache directory and sub-directories.
|
||||||
@ -11,20 +17,20 @@ to the Bluetooth cache directory and sub-directories.
|
|||||||
2 files changed, 6 insertions(+)
|
2 files changed, 6 insertions(+)
|
||||||
|
|
||||||
diff --git a/Makefile.am b/Makefile.am
|
diff --git a/Makefile.am b/Makefile.am
|
||||||
index 1c38d94e5..13ccf9079 100644
|
index cdd2fd8fb..0af1a8c45 100644
|
||||||
--- a/Makefile.am
|
--- a/Makefile.am
|
||||||
+++ b/Makefile.am
|
+++ b/Makefile.am
|
||||||
@@ -478,6 +478,8 @@ MAINTAINERCLEANFILES = Makefile.in \
|
@@ -580,6 +580,8 @@ MAINTAINERCLEANFILES = Makefile.in \
|
||||||
|
|
||||||
SED_PROCESS = $(AM_V_GEN)$(MKDIR_P) $(dir $@) && \
|
SED_PROCESS = $(AM_V_GEN)$(MKDIR_P) $(dir $@) && \
|
||||||
$(SED) -e 's,@libexecdir\@,$(libexecdir),g' \
|
$(SED) -e 's,@pkglibexecdir\@,$(pkglibexecdir),g' \
|
||||||
+ -e 's,@statedir\@,$(statedir),g' \
|
+ -e 's,@statedir\@,$(statedir),g' \
|
||||||
+ -e 's,@confdir\@,$(confdir),g' \
|
+ -e 's,@confdir\@,$(confdir),g' \
|
||||||
< $< > $@
|
< $< > $@
|
||||||
|
|
||||||
%.service: %.service.in Makefile
|
%.service: %.service.in Makefile
|
||||||
diff --git a/src/bluetooth.service.in b/src/bluetooth.service.in
|
diff --git a/src/bluetooth.service.in b/src/bluetooth.service.in
|
||||||
index a6f3030f9..7e55b5043 100644
|
index 7c2f60bb4..4daedef2a 100644
|
||||||
--- a/src/bluetooth.service.in
|
--- a/src/bluetooth.service.in
|
||||||
+++ b/src/bluetooth.service.in
|
+++ b/src/bluetooth.service.in
|
||||||
@@ -17,6 +17,10 @@ LimitNPROC=1
|
@@ -17,6 +17,10 @@ LimitNPROC=1
|
||||||
@ -39,5 +45,5 @@ index a6f3030f9..7e55b5043 100644
|
|||||||
# Privilege escalation
|
# Privilege escalation
|
||||||
NoNewPrivileges=true
|
NoNewPrivileges=true
|
||||||
--
|
--
|
||||||
2.14.1
|
2.21.1
|
||||||
|
|
||||||
|
@ -1,41 +0,0 @@
|
|||||||
From 07a12a6685ea57be18f39e349dbc42e4af3744ed Mon Sep 17 00:00:00 2001
|
|
||||||
From: Bastien Nocera <hadess@hadess.net>
|
|
||||||
Date: Tue, 5 Sep 2017 10:32:15 +0200
|
|
||||||
Subject: [PATCH 3/4] tools/csr_usb: Fix compilation failure
|
|
||||||
|
|
||||||
GCC's "format-nonliteral" security check is enabled as an error in
|
|
||||||
recent versions of Fedora. Given the reduced scope of use, mark the
|
|
||||||
error as ignorable through pragma.
|
|
||||||
|
|
||||||
tools/csr_usb.c: In function 'read_value':
|
|
||||||
tools/csr_usb.c:82:2: error: format not a string literal, argument types not checked [-Werror=format-nonliteral]
|
|
||||||
n = fscanf(file, format, &value);
|
|
||||||
^
|
|
||||||
---
|
|
||||||
tools/csr_usb.c | 3 +++
|
|
||||||
1 file changed, 3 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/tools/csr_usb.c b/tools/csr_usb.c
|
|
||||||
index a1d7324f7..33e9968a2 100644
|
|
||||||
--- a/tools/csr_usb.c
|
|
||||||
+++ b/tools/csr_usb.c
|
|
||||||
@@ -67,6 +67,8 @@ struct usbfs_bulktransfer {
|
|
||||||
#define USBFS_IOCTL_CLAIMINTF _IOR('U', 15, unsigned int)
|
|
||||||
#define USBFS_IOCTL_RELEASEINTF _IOR('U', 16, unsigned int)
|
|
||||||
|
|
||||||
+#pragma GCC diagnostic push
|
|
||||||
+#pragma GCC diagnostic ignored "-Wformat-nonliteral"
|
|
||||||
static int read_value(const char *name, const char *attr, const char *format)
|
|
||||||
{
|
|
||||||
char path[PATH_MAX];
|
|
||||||
@@ -88,6 +90,7 @@ static int read_value(const char *name, const char *attr, const char *format)
|
|
||||||
fclose(file);
|
|
||||||
return value;
|
|
||||||
}
|
|
||||||
+#pragma GCC diagnostic pop
|
|
||||||
|
|
||||||
static char *check_device(const char *name)
|
|
||||||
{
|
|
||||||
--
|
|
||||||
2.14.1
|
|
||||||
|
|
@ -1,7 +1,13 @@
|
|||||||
|
From 9a7872f04cb748e8de743d9136ecd91539d13cb7 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Gopal Tiwari <gtiwari@redhat.com>
|
||||||
|
Date: Mon, 8 Jun 2020 19:56:42 +0530
|
||||||
|
Subject: [PATCH BlueZ 4/4] systemd: More lockdown
|
||||||
|
|
||||||
From 171d812218883281fed57b57fafd5c18eac441ac Mon Sep 17 00:00:00 2001
|
From 171d812218883281fed57b57fafd5c18eac441ac Mon Sep 17 00:00:00 2001
|
||||||
From: Bastien Nocera <hadess@hadess.net>
|
From: Bastien Nocera <hadess@hadess.net>
|
||||||
Date: Wed, 13 Sep 2017 15:38:26 +0200
|
Date: Wed, 13 Sep 2017 15:38:26 +0200
|
||||||
Subject: [PATCH 4/4] systemd: More lockdown
|
|
||||||
|
systemd: More lockdown
|
||||||
|
|
||||||
bluetoothd does not need to execute mapped memory, or real-time
|
bluetoothd does not need to execute mapped memory, or real-time
|
||||||
access, so block those.
|
access, so block those.
|
||||||
@ -10,7 +16,7 @@ access, so block those.
|
|||||||
1 file changed, 6 insertions(+)
|
1 file changed, 6 insertions(+)
|
||||||
|
|
||||||
diff --git a/src/bluetooth.service.in b/src/bluetooth.service.in
|
diff --git a/src/bluetooth.service.in b/src/bluetooth.service.in
|
||||||
index 7e55b5043..e8267b338 100644
|
index 4daedef2a..f18801866 100644
|
||||||
--- a/src/bluetooth.service.in
|
--- a/src/bluetooth.service.in
|
||||||
+++ b/src/bluetooth.service.in
|
+++ b/src/bluetooth.service.in
|
||||||
@@ -22,9 +22,15 @@ ProtectControlGroups=true
|
@@ -22,9 +22,15 @@ ProtectControlGroups=true
|
||||||
@ -30,5 +36,5 @@ index 7e55b5043..e8267b338 100644
|
|||||||
WantedBy=bluetooth.target
|
WantedBy=bluetooth.target
|
||||||
Alias=dbus-org.bluez.service
|
Alias=dbus-org.bluez.service
|
||||||
--
|
--
|
||||||
2.14.1
|
2.21.1
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
Name: bluez
|
Name: bluez
|
||||||
Summary: Bluetooth utilities
|
Summary: Bluetooth utilities
|
||||||
Version: 5.50
|
Version: 5.52
|
||||||
Release: 4%{?dist}
|
Release: 1%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
URL: http://www.bluez.org/
|
URL: http://www.bluez.org/
|
||||||
|
|
||||||
@ -15,8 +15,8 @@ Source3: btattach-bcm@.service
|
|||||||
Source4: btattach-bcm-service.sh
|
Source4: btattach-bcm-service.sh
|
||||||
|
|
||||||
# https://github.com/hadess/bluez/commits/build-fixes-5.46
|
# https://github.com/hadess/bluez/commits/build-fixes-5.46
|
||||||
Patch1: 0001-build-Enable-BIND_NOW.patch
|
#Patch1: 0001-build-Enable-BIND_NOW.patch
|
||||||
Patch2: 0003-tools-csr_usb-Fix-compilation-failure.patch
|
#Patch2: 0003-tools-csr_usb-Fix-compilation-failure.patch
|
||||||
|
|
||||||
# https://github.com/hadess/bluez/commits/obex-5.46
|
# https://github.com/hadess/bluez/commits/obex-5.46
|
||||||
Patch3: 0001-obex-Use-GLib-helper-function-to-manipulate-paths.patch
|
Patch3: 0001-obex-Use-GLib-helper-function-to-manipulate-paths.patch
|
||||||
@ -33,8 +33,8 @@ Patch23: 0004-systemd-More-lockdown.patch
|
|||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1567622
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1567622
|
||||||
Patch24: 0001-adapter-Don-t-refresh-adv_manager-for-non-LE-devices.patch
|
Patch24: 0001-adapter-Don-t-refresh-adv_manager-for-non-LE-devices.patch
|
||||||
|
|
||||||
Patch25: 0001-core-Add-AlwaysPairable-to-main.conf.patch
|
#Patch25: 0001-core-Add-AlwaysPairable-to-main.conf.patch
|
||||||
Patch26: 0002-agent-Make-the-first-agent-to-register-the-default.patch
|
#Patch26: 0002-agent-Make-the-first-agent-to-register-the-default.patch
|
||||||
|
|
||||||
Patch27: 0001-HOGP-must-only-accept-data-from-bonded-devices.patch
|
Patch27: 0001-HOGP-must-only-accept-data-from-bonded-devices.patch
|
||||||
Patch28: 0002-HID-accepts-bonded-device-connections-only.patch
|
Patch28: 0002-HID-accepts-bonded-device-connections-only.patch
|
||||||
@ -226,6 +226,7 @@ make check
|
|||||||
%{_bindir}/mpris-proxy
|
%{_bindir}/mpris-proxy
|
||||||
%{_bindir}/gatttool
|
%{_bindir}/gatttool
|
||||||
%{_bindir}/rctest
|
%{_bindir}/rctest
|
||||||
|
%{_datadir}/zsh/site-functions/_bluetoothctl
|
||||||
%{_mandir}/man1/btattach.1.gz
|
%{_mandir}/man1/btattach.1.gz
|
||||||
%{_mandir}/man1/ciptool.1.gz
|
%{_mandir}/man1/ciptool.1.gz
|
||||||
%{_mandir}/man1/hcitool.1.gz
|
%{_mandir}/man1/hcitool.1.gz
|
||||||
@ -247,6 +248,7 @@ make check
|
|||||||
%{_unitdir}/btattach-bcm@.service
|
%{_unitdir}/btattach-bcm@.service
|
||||||
%{_udevrulesdir}/69-btattach-bcm.rules
|
%{_udevrulesdir}/69-btattach-bcm.rules
|
||||||
|
|
||||||
|
|
||||||
%files libs
|
%files libs
|
||||||
%{!?_licensedir:%global license %%doc}
|
%{!?_licensedir:%global license %%doc}
|
||||||
%license COPYING
|
%license COPYING
|
||||||
@ -272,6 +274,9 @@ make check
|
|||||||
%{_userunitdir}/obex.service
|
%{_userunitdir}/obex.service
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Jun 9 2020 Gopal Tiwari <gtiwari@redhat.com> - 5.52-1
|
||||||
|
+ bluez-5.52-1
|
||||||
|
- Fixing (#1830397)
|
||||||
|
|
||||||
* Fri Apr 24 2020 Gopal Tiwari <gtiwari@redhat.com> - 5.50-4
|
* Fri Apr 24 2020 Gopal Tiwari <gtiwari@redhat.com> - 5.50-4
|
||||||
+ bluez-5.50-4
|
+ bluez-5.50-4
|
||||||
|
Loading…
Reference in New Issue
Block a user