5.47
This commit is contained in:
Peter Robinson
parent
268965a3ff
commit
cd998e6330
@ -1,29 +0,0 @@
|
||||
From 7cdfddada0609d0df5cfe3fe3a2fba6355e53d26 Mon Sep 17 00:00:00 2001
|
||||
From: Nicolas Werner <nicolas.werner@gmx.net>
|
||||
Date: Tue, 8 Aug 2017 00:48:33 +0200
|
||||
Subject: [PATCH] plugins/sixaxis: Use the same device name as the kernel
|
||||
|
||||
Some games check the device name to recognize a playstation controller.
|
||||
This changes the device name, when using a PS3 controller over
|
||||
bluetooth, to match the device name, that is advertised when using the
|
||||
controller via USB.
|
||||
---
|
||||
plugins/sixaxis.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/plugins/sixaxis.c b/plugins/sixaxis.c
|
||||
index fcc93bc60..7e3c950b4 100644
|
||||
--- a/plugins/sixaxis.c
|
||||
+++ b/plugins/sixaxis.c
|
||||
@@ -56,7 +56,7 @@ static const struct {
|
||||
uint16_t version;
|
||||
} devices[] = {
|
||||
{
|
||||
- .name = "PLAYSTATION(R)3 Controller",
|
||||
+ .name = "Sony PLAYSTATION(R)3 Controller",
|
||||
.source = 0x0002,
|
||||
.vid = 0x054c,
|
||||
.pid = 0x0268,
|
||||
--
|
||||
2.14.1
|
||||
|
||||
@ -1,55 +0,0 @@
|
||||
From 6821472c7509c54c5b1ef4744af8f6eab9be4aa7 Mon Sep 17 00:00:00 2001
|
||||
From: Fedora Bluez maintainers <bluez-owner@fedoraproject.org>
|
||||
Date: Mon, 11 Sep 2017 11:19:18 -0400
|
||||
Subject: [PATCH] Out of bounds heap read in service_search_attr_req function
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
When a long response is returned to a specific search attribute request, a
|
||||
continuation state is returned to allow reception of additional fragments, via
|
||||
additional requests that contain the last continuation state sent. However, the
|
||||
incoming “cstate” that requests additional fragments isn’t validated properly,
|
||||
and thus an out-of-bounds read of the response buffer (pResponse) can be
|
||||
achieved, leading to information disclosure of the heap.
|
||||
---
|
||||
src/sdpd-request.c | 23 ++++++++++++++---------
|
||||
1 file changed, 14 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/src/sdpd-request.c b/src/sdpd-request.c
|
||||
index 1eefdce..ddeea7f 100644
|
||||
--- a/src/sdpd-request.c
|
||||
+++ b/src/sdpd-request.c
|
||||
@@ -918,15 +918,20 @@ static int service_search_attr_req(sdp_req_t *req, sdp_buf_t *buf)
|
||||
/* continuation State exists -> get from cache */
|
||||
sdp_buf_t *pCache = sdp_get_cached_rsp(cstate);
|
||||
if (pCache) {
|
||||
- uint16_t sent = MIN(max, pCache->data_size - cstate->cStateValue.maxBytesSent);
|
||||
- pResponse = pCache->data;
|
||||
- memcpy(buf->data, pResponse + cstate->cStateValue.maxBytesSent, sent);
|
||||
- buf->data_size += sent;
|
||||
- cstate->cStateValue.maxBytesSent += sent;
|
||||
- if (cstate->cStateValue.maxBytesSent == pCache->data_size)
|
||||
- cstate_size = sdp_set_cstate_pdu(buf, NULL);
|
||||
- else
|
||||
- cstate_size = sdp_set_cstate_pdu(buf, cstate);
|
||||
+ if (cstate->cStateValue.maxBytesSent >= pCache->data_size) {
|
||||
+ status = SDP_INVALID_CSTATE;
|
||||
+ SDPDBG("Got bad cstate with invalid size");
|
||||
+ } else {
|
||||
+ uint16_t sent = MIN(max, pCache->data_size - cstate->cStateValue.maxBytesSent);
|
||||
+ pResponse = pCache->data;
|
||||
+ memcpy(buf->data, pResponse + cstate->cStateValue.maxBytesSent, sent);
|
||||
+ buf->data_size += sent;
|
||||
+ cstate->cStateValue.maxBytesSent += sent;
|
||||
+ if (cstate->cStateValue.maxBytesSent == pCache->data_size)
|
||||
+ cstate_size = sdp_set_cstate_pdu(buf, NULL);
|
||||
+ else
|
||||
+ cstate_size = sdp_set_cstate_pdu(buf, cstate);
|
||||
+ }
|
||||
} else {
|
||||
status = SDP_INVALID_CSTATE;
|
||||
SDPDBG("Non-null continuation state, but null cache buffer");
|
||||
--
|
||||
2.13.5
|
||||
|
||||
17
bluez.spec
17
bluez.spec
@ -1,7 +1,7 @@
|
||||
Name: bluez
|
||||
Summary: Bluetooth utilities
|
||||
Version: 5.46
|
||||
Release: 6%{?dist}
|
||||
Version: 5.47
|
||||
Release: 1%{?dist}
|
||||
License: GPLv2+
|
||||
URL: http://www.bluez.org/
|
||||
|
||||
@ -27,7 +27,6 @@ Patch4: 0001-obex-Use-GLib-helper-function-to-manipulate-paths.patch
|
||||
Patch5: 0001-autopair-Don-t-handle-the-iCade.patch
|
||||
|
||||
# 5.47 patch:
|
||||
Patch100: 0001-plugins-sixaxis-Use-the-same-device-name-as-the-kern.patch
|
||||
# https://github.com/hadess/bluez/commits/ds4-cable-pairing
|
||||
Patch101: 0001-plugins-sixaxis-Remove-LEDs-handling.patch
|
||||
Patch102: 0002-adapter-Add-btd_request_authorization_cable_configur.patch
|
||||
@ -39,13 +38,13 @@ Patch107: 0007-plugins-sixaxis-Rename-sixaxis-specific-functions.patch
|
||||
Patch108: 0008-plugins-sixaxis-Add-support-for-DualShock-4-PS4-cabl.patch
|
||||
Patch109: 0009-plugins-sixaxis-Cancel-cable-pairing-if-unplugged.patch
|
||||
|
||||
Patch110: 0010-Out-of-bounds-heap-read-in-service_search_attr_req-f.patch
|
||||
|
||||
BuildRequires: git-core
|
||||
BuildRequires: dbus-devel >= 1.6
|
||||
BuildRequires: glib2-devel
|
||||
BuildRequires: libical-devel
|
||||
BuildRequires: readline-devel
|
||||
# For bluetooth mesh
|
||||
BuildRequires: json-c-devel
|
||||
# For cable pairing
|
||||
BuildRequires: systemd-devel
|
||||
# For printing
|
||||
@ -136,7 +135,7 @@ Object Exchange daemon for sharing files, contacts etc over bluetooth
|
||||
|
||||
%build
|
||||
%configure --enable-tools --enable-library --enable-deprecated \
|
||||
--enable-sixaxis --enable-cups --enable-nfc \
|
||||
--enable-sixaxis --enable-cups --enable-nfc --enable-mesh \
|
||||
--with-systemdsystemunitdir=%{_unitdir} \
|
||||
--with-systemduserunitdir=%{_userunitdir}
|
||||
|
||||
@ -218,6 +217,7 @@ install -D -p -m0755 %{SOURCE4} ${RPM_BUILD_ROOT}/%{_libexecdir}/bluetooth/
|
||||
%{_bindir}/hcidump
|
||||
%{_bindir}/l2test
|
||||
%{_bindir}/hex2hcd
|
||||
%{_bindir}/meshctl
|
||||
%{_bindir}/mpris-proxy
|
||||
%{_bindir}/gatttool
|
||||
%{_bindir}/rctest
|
||||
@ -267,6 +267,11 @@ install -D -p -m0755 %{SOURCE4} ${RPM_BUILD_ROOT}/%{_libexecdir}/bluetooth/
|
||||
%{_userunitdir}/obex.service
|
||||
|
||||
%changelog
|
||||
* Thu Sep 14 2017 Peter Robinson <pbrobinson@fedoraproject.org> 5.47-1
|
||||
- New upstream 5.47 bugfix release
|
||||
- Initial support for Bluetooth LE mesh
|
||||
- Blueooth 5 fixes and improvements
|
||||
|
||||
* Mon Sep 11 2017 Don Zickus <dzickus@redhat.com> - 5.46-6
|
||||
- sdpd heap fixes
|
||||
Resolves: rhbz#1490911
|
||||
|
||||
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (bluez-5.46.tar.xz) = 57eb236d5d1607ffbd5e4c939ffcb1047e2240e05ac642d037eee0feb1425f2d95d8a75b30dee50448c7189183468620c69ed330d17217d13c05f98b80e73671
|
||||
SHA512 (bluez-5.47.tar.xz) = 86fa1baae1593d4824038db8418358b0be624c81fc23ee8f96ec08979d309a2377be3924ab53cc0fcb712aec8e696360e9a9f4de4c12cc31b14de5cf495a11a6
|
||||
|
||||
Loading…
Reference in New Issue
Block a user