import bluez-5.56-6.el9

2021-11-03 21:52:40 -04:00 · 2021-11-03 21:52:40 -04:00 · c2137f1ab9
commit c2137f1ab9
11 changed files with 1571 additions and 0 deletions
--- a/.bluez.metadata
+++ b/.bluez.metadata
@ -0,0 +1 @@
+a862b9ddc039f34f7135bbee3c3e80040e82e046 SOURCES/bluez-5.56.tar.xz
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+SOURCES/bluez-5.56.tar.xz
--- a/SOURCES/0001-build-Always-define-confdir-and-statedir.patch
+++ b/SOURCES/0001-build-Always-define-confdir-and-statedir.patch
@ -0,0 +1,35 @@
+From 5744f79d84ecee3929a682166034c5bbc36c0ef5 Mon Sep 17 00:00:00 2001
+From: Bastien Nocera <hadess@hadess.net>
+Date: Wed, 20 Sep 2017 12:49:10 +0200
+Subject: [PATCH 1/4] build: Always define confdir and statedir
+
+As we will need those paths to lock down on them.
+---
+ Makefile.am | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index 9d25a815b..ac88c12e0 100644
+--- a/Makefile.am
+++ b/Makefile.am
+@@ -31,14 +31,14 @@ pkginclude_HEADERS =
+ AM_CFLAGS = $(WARNING_CFLAGS) $(MISC_CFLAGS) $(UDEV_CFLAGS) $(ell_cflags)
+ AM_LDFLAGS = $(MISC_LDFLAGS)
+ 
+confdir = $(sysconfdir)/bluetooth
+statedir = $(localstatedir)/lib/bluetooth
+
+ if DATAFILES
+ dbusdir = $(DBUS_CONFDIR)/dbus-1/system.d
+ dbus_DATA = src/bluetooth.conf
+ 
+-confdir = $(sysconfdir)/bluetooth
+ conf_DATA =
+-
+-statedir = $(localstatedir)/lib/bluetooth
+ state_DATA =
+ endif
+ 
+-- 
+2.21.0
+
--- a/SOURCES/0001-obex-Use-GLib-helper-function-to-manipulate-paths.patch
+++ b/SOURCES/0001-obex-Use-GLib-helper-function-to-manipulate-paths.patch
@ -0,0 +1,38 @@
+From 90b72b787a6ae6b9b0bf8ece238e108e8607a433 Mon Sep 17 00:00:00 2001
+From: Bastien Nocera <hadess@hadess.net>
+Date: Sat, 9 Nov 2013 18:13:43 +0100
+Subject: [PATCH 1/2] obex: Use GLib helper function to manipulate paths
+
+Instead of trying to do it by hand. This also makes sure that
+relative paths aren't used by the agent.
+---
+ obexd/src/manager.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/obexd/src/manager.c b/obexd/src/manager.c
+index f84384ae4..285c07c37 100644
+--- a/obexd/src/manager.c
+++ b/obexd/src/manager.c
+@@ -650,14 +650,14 @@ static void agent_reply(DBusPendingCall *call, void *user_data)
+ 				DBUS_TYPE_STRING, &name,
+ 				DBUS_TYPE_INVALID)) {
+ 		/* Splits folder and name */
+-		const char *slash = strrchr(name, '/');
+		gboolean is_relative = !g_path_is_absolute(name);
+ 		DBG("Agent replied with %s", name);
+-		if (!slash) {
+-			agent->new_name = g_strdup(name);
+		if (is_relative) {
+			agent->new_name = g_path_get_basename(name);
+ 			agent->new_folder = NULL;
+ 		} else {
+-			agent->new_name = g_strdup(slash + 1);
+-			agent->new_folder = g_strndup(name, slash - name);
+			agent->new_name = g_path_get_basename(name);
+			agent->new_folder = g_path_get_dirname(name);
+ 		}
+ 	}
+ 
+-- 
+2.14.1
+
--- a/SOURCES/0002-systemd-Add-PrivateTmp-and-NoNewPrivileges-options.patch
+++ b/SOURCES/0002-systemd-Add-PrivateTmp-and-NoNewPrivileges-options.patch
@ -0,0 +1,38 @@
+From 36a44fc05feebe1aab16c33a1121f952986b2801 Mon Sep 17 00:00:00 2001
+From: Craig Andrews <candrews@integralblue.com>
+Date: Wed, 13 Sep 2017 15:23:09 +0200
+Subject: [PATCH 2/4] systemd: Add PrivateTmp and NoNewPrivileges options
+
+PrivateTmp makes bluetoothd's /tmp and /var/tmp be inside a different
+namespace. This is useful to secure access to temporary files of the
+process.
+
+NoNewPrivileges ensures that service process and all its children
+can never gain new privileges through execve(), lowering the risk of
+possible privilege escalations.
+---
+ src/bluetooth.service.in | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/bluetooth.service.in b/src/bluetooth.service.in
+index f9faaa452..7c2f60bb4 100644
+--- a/src/bluetooth.service.in
+++ b/src/bluetooth.service.in
+@@ -12,8 +12,14 @@ NotifyAccess=main
+ #Restart=on-failure
+ CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
+ LimitNPROC=1
+
+# Filesystem lockdown
+ ProtectHome=true
+ ProtectSystem=full
+PrivateTmp=true
+
+# Privilege escalation
+NoNewPrivileges=true
+ 
+ [Install]
+ WantedBy=bluetooth.target
+-- 
+2.21.0
+
--- a/SOURCES/0003-systemd-Add-more-filesystem-lockdown.patch
+++ b/SOURCES/0003-systemd-Add-more-filesystem-lockdown.patch
@ -0,0 +1,44 @@
+From 13a348670fef0047555395ce6977e86e0005f8bd Mon Sep 17 00:00:00 2001
+From: Bastien Nocera <hadess@hadess.net>
+Date: Wed, 13 Sep 2017 15:37:11 +0200
+Subject: [PATCH 3/4] systemd: Add more filesystem lockdown
+
+We can only access the configuration file as read-only and read-write
+to the Bluetooth cache directory and sub-directories.
+---
+ Makefile.am              | 3 +++
+ src/bluetooth.service.in | 4 ++++
+ 2 files changed, 7 insertions(+)
+
+diff --git a/Makefile.am b/Makefile.am
+index ac88c12e0..0a6d09847 100644
+--- a/Makefile.am
+++ b/Makefile.am
+@@ -562,6 +562,9 @@ MAINTAINERCLEANFILES = Makefile.in \
+ 
+ SED_PROCESS = $(AM_V_GEN)$(MKDIR_P) $(dir $@) && \
+ 		$(SED) -e 's,@pkglibexecdir\@,$(pkglibexecdir),g' \
+		       -e 's,@libexecdir\@,$(libexecdir),g' \
+		       -e 's,@statedir\@,$(statedir),g' \
+		       -e 's,@confdir\@,$(confdir),g' \
+ 		< $< > $@
+ 
+ %.service: %.service.in Makefile
+diff --git a/src/bluetooth.service.in b/src/bluetooth.service.in
+index 7c2f60bb4..4daedef2a 100644
+--- a/src/bluetooth.service.in
+++ b/src/bluetooth.service.in
+@@ -17,6 +17,10 @@ LimitNPROC=1
+ ProtectHome=true
+ ProtectSystem=full
+ PrivateTmp=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
+ReadWritePaths=@statedir@
+ReadOnlyPaths=@confdir@
+ 
+ # Privilege escalation
+ NoNewPrivileges=true
+-- 
+2.21.0
+
--- a/SOURCES/0004-systemd-More-lockdown.patch
+++ b/SOURCES/0004-systemd-More-lockdown.patch
@ -0,0 +1,34 @@
+From a6963e0402695d7b6a89c1b1c75c40dbd8fcde52 Mon Sep 17 00:00:00 2001
+From: Bastien Nocera <hadess@hadess.net>
+Date: Wed, 13 Sep 2017 15:38:26 +0200
+Subject: [PATCH 4/4] systemd: More lockdown
+
+bluetoothd does not need to execute mapped memory, or real-time
+access, so block those.
+---
+ src/bluetooth.service.in | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/bluetooth.service.in b/src/bluetooth.service.in
+index 4daedef2a..f18801866 100644
+--- a/src/bluetooth.service.in
+++ b/src/bluetooth.service.in
+@@ -22,9 +22,15 @@ ProtectControlGroups=true
+ ReadWritePaths=@statedir@
+ ReadOnlyPaths=@confdir@
+ 
+# Execute Mappings
+MemoryDenyWriteExecute=true
+
+ # Privilege escalation
+ NoNewPrivileges=true
+ 
+# Real-time
+RestrictRealtime=true
+
+ [Install]
+ WantedBy=bluetooth.target
+ Alias=dbus-org.bluez.service
+-- 
+2.21.0
+
--- a/SOURCES/0005-media-rename-local-function-conflicting-with-pause-2.patch
+++ b/SOURCES/0005-media-rename-local-function-conflicting-with-pause-2.patch
@ -0,0 +1,42 @@
+From 124dee151746b4a8a2e8a7194af78f2c82f75d79 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 3 Mar 2021 08:57:36 +0100
+Subject: [PATCH] media: rename local function conflicting with pause(2)
+
+profiles/audio/media.c:1284:13: error: conflicting types for 'pause'; have '_Bool(void *)'
+ 1284 | static bool pause(void *user_data)
+      |             ^~~~~
+In file included from /usr/include/bits/sigstksz.h:24,
+                 from /usr/include/signal.h:315,
+                 from /usr/include/glib-2.0/glib/gbacktrace.h:36,
+                 from /usr/include/glib-2.0/glib.h:34,
+                 from profiles/audio/media.c:21:
+/usr/include/unistd.h:478:12: note: previous declaration of 'pause' with type 'int(void)'
+  478 | extern int pause (void);
+      |            ^~~~~
+---
+ profiles/audio/media.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/profiles/audio/media.c b/profiles/audio/media.c
+index c84bbe22dc..3d8c4b69c3 100644
+--- a/profiles/audio/media.c
+++ b/profiles/audio/media.c
+@@ -1281,7 +1281,7 @@ static bool stop(void *user_data)
+ 	return media_player_send(mp, "Stop");
+ }
+ 
+-static bool pause(void *user_data)
+static bool pause_play(void *user_data)
+ {
+ 	struct media_player *mp = user_data;
+ 
+@@ -1331,7 +1331,7 @@ static struct avrcp_player_cb player_cb = {
+ 	.set_volume = set_volume,
+ 	.play = play,
+ 	.stop = stop,
+-	.pause = pause,
+	.pause = pause_play,
+ 	.next = next,
+ 	.previous = previous,
+ };
--- a/SOURCES/bluez-avdtp-fix-removing-all-seps-when-loading-from-cache.patch
+++ b/SOURCES/bluez-avdtp-fix-removing-all-seps-when-loading-from-cache.patch
@ -0,0 +1,41 @@
+From 28ddec8d6b829e002fa268c07b71e4c564ba9e16 Mon Sep 17 00:00:00 2001
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+Date: Thu, 11 Mar 2021 07:36:07 -0800
+Subject: [PATCH] avdtp: Fix removing all remote SEPs when loading from cache
+
+If avdtp_discover is called after cache has been loaded it end up
+removing all remote SEPs as they have not been discovered yet.
+
+Fixes: https://github.com/bluez/bluez/issues/102
+---
+ profiles/audio/avdtp.c | 16 ++++++++++++----
+ 1 file changed, 12 insertions(+), 4 deletions(-)
+
+diff --git a/profiles/audio/avdtp.c b/profiles/audio/avdtp.c
+index 088ca58b3..1d5871c62 100644
+--- a/profiles/audio/avdtp.c
+++ b/profiles/audio/avdtp.c
+@@ -3381,10 +3381,18 @@ int avdtp_discover(struct avdtp *session, avdtp_discover_cb_t cb,
+ 	session->discover = g_new0(struct discover_callback, 1);
+ 
+ 	if (session->seps) {
+-		session->discover->cb = cb;
+-		session->discover->user_data = user_data;
+-		session->discover->id = g_idle_add(process_discover, session);
+-		return 0;
+		struct avdtp_remote_sep *sep = session->seps->data;
+
+		/* Check that SEP have been discovered as it may be loaded from
+		 * cache.
+		 */
+		if (sep->discovered) {
+			session->discover->cb = cb;
+			session->discover->user_data = user_data;
+			session->discover->id = g_idle_add(process_discover,
+								session);
+			return 0;
+		}
+ 	}
+ 
+ 	err = send_request(session, FALSE, NULL, AVDTP_DISCOVER, NULL, 0);
+
--- a/SOURCES/bluez.gitignore
+++ b/SOURCES/bluez.gitignore
@ -0,0 +1,100 @@
+*.o
+*.a
+*.lo
+*.la
+*.so
+.deps
+.libs
+.dirstamp
+Makefile
+Makefile.in
+aclocal.m4
+config.guess
+config.h
+config.h.in
+config.log
+config.status
+config.sub
+configure
+depcomp
+compile
+install-sh
+libtool
+ltmain.sh
+missing
+stamp-h1
+autom4te.cache
+
+ylwrap
+lexer.c
+parser.h
+parser.c
+
+bluez.pc
+lib/bluetooth
+src/builtin.h
+src/bluetoothd
+audio/telephony.c
+sap/sap.c
+scripts/bluetooth.rules
+scripts/97-bluetooth.rules
+scripts/97-bluetooth-hid2hci.rules
+
+sbc/sbcdec
+sbc/sbcenc
+sbc/sbcinfo
+sbc/sbctester
+
+attrib/gatttool
+tools/avctrl
+tools/avinfo
+tools/bccmd
+tools/ciptool
+tools/dfubabel
+tools/dfutool
+tools/hciattach
+tools/hciconfig
+tools/hcieventmask
+tools/hcisecfilter
+tools/hcitool
+tools/hid2hci
+tools/rfcomm
+tools/l2ping
+tools/ppporc
+tools/sdptool
+cups/bluetooth
+test/agent
+test/bdaddr
+test/hciemu
+test/attest
+test/hstest
+test/avtest
+test/l2test
+test/rctest
+test/scotest
+test/gaptest
+test/sdptest
+test/lmptest
+test/ipctest
+test/btiotest
+test/test-textfile
+test/uuidtest
+test/mpris-player
+compat/dund
+compat/hidd
+compat/pand
+unit/test-eir
+mgmt/btmgmt
+monitor/btmon
+emulator/btvirt
+
+doc/*.bak
+doc/*.stamp
+doc/bluez.*
+doc/bluez-*.txt
+doc/*.sgml
+doc/version.xml
+doc/xml
+doc/html
+src/bluetoothd.8
+src/bluetooth.service
--- a/SPECS/bluez.spec
+++ b/SPECS/bluez.spec
				`@ -0,0 +1 @@`
				`a862b9ddc039f34f7135bbee3c3e80040e82e046 SOURCES/bluez-5.56.tar.xz`