From cd998e6330b4bd22bcf733d8894dac405a2be817 Mon Sep 17 00:00:00 2001 From: Peter Robinson Date: Thu, 14 Sep 2017 14:48:27 +0100 Subject: [PATCH] 5.47 --- ...Use-the-same-device-name-as-the-kern.patch | 29 ---------- ...ap-read-in-service_search_attr_req-f.patch | 55 ------------------- bluez.spec | 17 ++++-- sources | 2 +- 4 files changed, 12 insertions(+), 91 deletions(-) delete mode 100644 0001-plugins-sixaxis-Use-the-same-device-name-as-the-kern.patch delete mode 100644 0010-Out-of-bounds-heap-read-in-service_search_attr_req-f.patch diff --git a/0001-plugins-sixaxis-Use-the-same-device-name-as-the-kern.patch b/0001-plugins-sixaxis-Use-the-same-device-name-as-the-kern.patch deleted file mode 100644 index 38298dc..0000000 --- a/0001-plugins-sixaxis-Use-the-same-device-name-as-the-kern.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 7cdfddada0609d0df5cfe3fe3a2fba6355e53d26 Mon Sep 17 00:00:00 2001 -From: Nicolas Werner -Date: Tue, 8 Aug 2017 00:48:33 +0200 -Subject: [PATCH] plugins/sixaxis: Use the same device name as the kernel - -Some games check the device name to recognize a playstation controller. -This changes the device name, when using a PS3 controller over -bluetooth, to match the device name, that is advertised when using the -controller via USB. ---- - plugins/sixaxis.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/plugins/sixaxis.c b/plugins/sixaxis.c -index fcc93bc60..7e3c950b4 100644 ---- a/plugins/sixaxis.c -+++ b/plugins/sixaxis.c -@@ -56,7 +56,7 @@ static const struct { - uint16_t version; - } devices[] = { - { -- .name = "PLAYSTATION(R)3 Controller", -+ .name = "Sony PLAYSTATION(R)3 Controller", - .source = 0x0002, - .vid = 0x054c, - .pid = 0x0268, --- -2.14.1 - diff --git a/0010-Out-of-bounds-heap-read-in-service_search_attr_req-f.patch b/0010-Out-of-bounds-heap-read-in-service_search_attr_req-f.patch deleted file mode 100644 index cb71522..0000000 --- a/0010-Out-of-bounds-heap-read-in-service_search_attr_req-f.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 6821472c7509c54c5b1ef4744af8f6eab9be4aa7 Mon Sep 17 00:00:00 2001 -From: Fedora Bluez maintainers -Date: Mon, 11 Sep 2017 11:19:18 -0400 -Subject: [PATCH] Out of bounds heap read in service_search_attr_req function -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -When a long response is returned to a specific search attribute request, a -continuation state is returned to allow reception of additional fragments, via -additional requests that contain the last continuation state sent. However, the -incoming “cstate” that requests additional fragments isn’t validated properly, -and thus an out-of-bounds read of the response buffer (pResponse) can be -achieved, leading to information disclosure of the heap. ---- - src/sdpd-request.c | 23 ++++++++++++++--------- - 1 file changed, 14 insertions(+), 9 deletions(-) - -diff --git a/src/sdpd-request.c b/src/sdpd-request.c -index 1eefdce..ddeea7f 100644 ---- a/src/sdpd-request.c -+++ b/src/sdpd-request.c -@@ -918,15 +918,20 @@ static int service_search_attr_req(sdp_req_t *req, sdp_buf_t *buf) - /* continuation State exists -> get from cache */ - sdp_buf_t *pCache = sdp_get_cached_rsp(cstate); - if (pCache) { -- uint16_t sent = MIN(max, pCache->data_size - cstate->cStateValue.maxBytesSent); -- pResponse = pCache->data; -- memcpy(buf->data, pResponse + cstate->cStateValue.maxBytesSent, sent); -- buf->data_size += sent; -- cstate->cStateValue.maxBytesSent += sent; -- if (cstate->cStateValue.maxBytesSent == pCache->data_size) -- cstate_size = sdp_set_cstate_pdu(buf, NULL); -- else -- cstate_size = sdp_set_cstate_pdu(buf, cstate); -+ if (cstate->cStateValue.maxBytesSent >= pCache->data_size) { -+ status = SDP_INVALID_CSTATE; -+ SDPDBG("Got bad cstate with invalid size"); -+ } else { -+ uint16_t sent = MIN(max, pCache->data_size - cstate->cStateValue.maxBytesSent); -+ pResponse = pCache->data; -+ memcpy(buf->data, pResponse + cstate->cStateValue.maxBytesSent, sent); -+ buf->data_size += sent; -+ cstate->cStateValue.maxBytesSent += sent; -+ if (cstate->cStateValue.maxBytesSent == pCache->data_size) -+ cstate_size = sdp_set_cstate_pdu(buf, NULL); -+ else -+ cstate_size = sdp_set_cstate_pdu(buf, cstate); -+ } - } else { - status = SDP_INVALID_CSTATE; - SDPDBG("Non-null continuation state, but null cache buffer"); --- -2.13.5 - diff --git a/bluez.spec b/bluez.spec index 5cb233b..2fe55c5 100644 --- a/bluez.spec +++ b/bluez.spec @@ -1,7 +1,7 @@ Name: bluez Summary: Bluetooth utilities -Version: 5.46 -Release: 6%{?dist} +Version: 5.47 +Release: 1%{?dist} License: GPLv2+ URL: http://www.bluez.org/ @@ -27,7 +27,6 @@ Patch4: 0001-obex-Use-GLib-helper-function-to-manipulate-paths.patch Patch5: 0001-autopair-Don-t-handle-the-iCade.patch # 5.47 patch: -Patch100: 0001-plugins-sixaxis-Use-the-same-device-name-as-the-kern.patch # https://github.com/hadess/bluez/commits/ds4-cable-pairing Patch101: 0001-plugins-sixaxis-Remove-LEDs-handling.patch Patch102: 0002-adapter-Add-btd_request_authorization_cable_configur.patch @@ -39,13 +38,13 @@ Patch107: 0007-plugins-sixaxis-Rename-sixaxis-specific-functions.patch Patch108: 0008-plugins-sixaxis-Add-support-for-DualShock-4-PS4-cabl.patch Patch109: 0009-plugins-sixaxis-Cancel-cable-pairing-if-unplugged.patch -Patch110: 0010-Out-of-bounds-heap-read-in-service_search_attr_req-f.patch - BuildRequires: git-core BuildRequires: dbus-devel >= 1.6 BuildRequires: glib2-devel BuildRequires: libical-devel BuildRequires: readline-devel +# For bluetooth mesh +BuildRequires: json-c-devel # For cable pairing BuildRequires: systemd-devel # For printing @@ -136,7 +135,7 @@ Object Exchange daemon for sharing files, contacts etc over bluetooth %build %configure --enable-tools --enable-library --enable-deprecated \ - --enable-sixaxis --enable-cups --enable-nfc \ + --enable-sixaxis --enable-cups --enable-nfc --enable-mesh \ --with-systemdsystemunitdir=%{_unitdir} \ --with-systemduserunitdir=%{_userunitdir} @@ -218,6 +217,7 @@ install -D -p -m0755 %{SOURCE4} ${RPM_BUILD_ROOT}/%{_libexecdir}/bluetooth/ %{_bindir}/hcidump %{_bindir}/l2test %{_bindir}/hex2hcd +%{_bindir}/meshctl %{_bindir}/mpris-proxy %{_bindir}/gatttool %{_bindir}/rctest @@ -267,6 +267,11 @@ install -D -p -m0755 %{SOURCE4} ${RPM_BUILD_ROOT}/%{_libexecdir}/bluetooth/ %{_userunitdir}/obex.service %changelog +* Thu Sep 14 2017 Peter Robinson 5.47-1 +- New upstream 5.47 bugfix release +- Initial support for Bluetooth LE mesh +- Blueooth 5 fixes and improvements + * Mon Sep 11 2017 Don Zickus - 5.46-6 - sdpd heap fixes Resolves: rhbz#1490911 diff --git a/sources b/sources index cef88f6..040b2e0 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (bluez-5.46.tar.xz) = 57eb236d5d1607ffbd5e4c939ffcb1047e2240e05ac642d037eee0feb1425f2d95d8a75b30dee50448c7189183468620c69ed330d17217d13c05f98b80e73671 +SHA512 (bluez-5.47.tar.xz) = 86fa1baae1593d4824038db8418358b0be624c81fc23ee8f96ec08979d309a2377be3924ab53cc0fcb712aec8e696360e9a9f4de4c12cc31b14de5cf495a11a6