rpms/bluez
5
0
Fork 0
Code Issues Pull Requests Releases Activity

5.47

Browse Source
This commit is contained in:
Peter Robinson 2017-09-14 14:48:27 +01:00
parent 268965a3ff
commit cd998e6330
4 changed files with 12 additions and 91 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
0001-plugins-sixaxis-Use-the-same-device-name-as-the-kern.patch
View File

@ -1,29 +0,0 @@
From 7cdfddada0609d0df5cfe3fe3a2fba6355e53d26 Mon Sep 17 00:00:00 2001
From: Nicolas Werner <nicolas.werner@gmx.net>
Date: Tue, 8 Aug 2017 00:48:33 +0200
Subject: [PATCH] plugins/sixaxis: Use the same device name as the kernel
Some games check the device name to recognize a playstation controller.
This changes the device name, when using a PS3 controller over
bluetooth, to match the device name, that is advertised when using the
controller via USB.
---
plugins/sixaxis.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/plugins/sixaxis.c b/plugins/sixaxis.c
index fcc93bc60..7e3c950b4 100644
--- a/plugins/sixaxis.c
+++ b/plugins/sixaxis.c
@@ -56,7 +56,7 @@ static const struct {
uint16_t version;
} devices[] = {
{
- .name = "PLAYSTATION(R)3 Controller",
+ .name = "Sony PLAYSTATION(R)3 Controller",
.source = 0x0002,
.vid = 0x054c,
.pid = 0x0268,
--
2.14.1

55
0010-Out-of-bounds-heap-read-in-service_search_attr_req-f.patch
View File

@ -1,55 +0,0 @@
From 6821472c7509c54c5b1ef4744af8f6eab9be4aa7 Mon Sep 17 00:00:00 2001
From: Fedora Bluez maintainers <bluez-owner@fedoraproject.org>
Date: Mon, 11 Sep 2017 11:19:18 -0400
Subject: [PATCH] Out of bounds heap read in service_search_attr_req function
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
When a long response is returned to a specific search attribute request, a
continuation state is returned to allow reception of additional fragments, via
additional requests that contain the last continuation state sent. However, the
incoming “cstate” that requests additional fragments isnt validated properly,
and thus an out-of-bounds read of the response buffer (pResponse) can be
achieved, leading to information disclosure of the heap.
---
src/sdpd-request.c | 23 ++++++++++++++---------
1 file changed, 14 insertions(+), 9 deletions(-)
diff --git a/src/sdpd-request.c b/src/sdpd-request.c
index 1eefdce..ddeea7f 100644
--- a/src/sdpd-request.c
+++ b/src/sdpd-request.c
@@ -918,15 +918,20 @@ static int service_search_attr_req(sdp_req_t *req, sdp_buf_t *buf)
/* continuation State exists -> get from cache */
sdp_buf_t *pCache = sdp_get_cached_rsp(cstate);
if (pCache) {
- uint16_t sent = MIN(max, pCache->data_size - cstate->cStateValue.maxBytesSent);
- pResponse = pCache->data;
- memcpy(buf->data, pResponse + cstate->cStateValue.maxBytesSent, sent);
- buf->data_size += sent;
- cstate->cStateValue.maxBytesSent += sent;
- if (cstate->cStateValue.maxBytesSent == pCache->data_size)
- cstate_size = sdp_set_cstate_pdu(buf, NULL);
- else
- cstate_size = sdp_set_cstate_pdu(buf, cstate);
+ if (cstate->cStateValue.maxBytesSent >= pCache->data_size) {
+ status = SDP_INVALID_CSTATE;
+ SDPDBG("Got bad cstate with invalid size");
+ } else {
+ uint16_t sent = MIN(max, pCache->data_size - cstate->cStateValue.maxBytesSent);
+ pResponse = pCache->data;
+ memcpy(buf->data, pResponse + cstate->cStateValue.maxBytesSent, sent);
+ buf->data_size += sent;
+ cstate->cStateValue.maxBytesSent += sent;
+ if (cstate->cStateValue.maxBytesSent == pCache->data_size)
+ cstate_size = sdp_set_cstate_pdu(buf, NULL);
+ else
+ cstate_size = sdp_set_cstate_pdu(buf, cstate);
+ }
} else {
status = SDP_INVALID_CSTATE;
SDPDBG("Non-null continuation state, but null cache buffer");
--
2.13.5

17
bluez.spec
View File

@ -1,7 +1,7 @@
Name: bluez Name: bluez
Summary: Bluetooth utilities Summary: Bluetooth utilities
Version: 5.46 Version: 5.47
Release: 6%{?dist} Release: 1%{?dist}
License: GPLv2+ License: GPLv2+
URL: http://www.bluez.org/ URL: http://www.bluez.org/
@ -27,7 +27,6 @@ Patch4: 0001-obex-Use-GLib-helper-function-to-manipulate-paths.patch
Patch5: 0001-autopair-Don-t-handle-the-iCade.patch Patch5: 0001-autopair-Don-t-handle-the-iCade.patch
# 5.47 patch: # 5.47 patch:
Patch100: 0001-plugins-sixaxis-Use-the-same-device-name-as-the-kern.patch
# https://github.com/hadess/bluez/commits/ds4-cable-pairing # https://github.com/hadess/bluez/commits/ds4-cable-pairing
Patch101: 0001-plugins-sixaxis-Remove-LEDs-handling.patch Patch101: 0001-plugins-sixaxis-Remove-LEDs-handling.patch
Patch102: 0002-adapter-Add-btd_request_authorization_cable_configur.patch Patch102: 0002-adapter-Add-btd_request_authorization_cable_configur.patch
@ -39,13 +38,13 @@ Patch107: 0007-plugins-sixaxis-Rename-sixaxis-specific-functions.patch
Patch108: 0008-plugins-sixaxis-Add-support-for-DualShock-4-PS4-cabl.patch Patch108: 0008-plugins-sixaxis-Add-support-for-DualShock-4-PS4-cabl.patch
Patch109: 0009-plugins-sixaxis-Cancel-cable-pairing-if-unplugged.patch Patch109: 0009-plugins-sixaxis-Cancel-cable-pairing-if-unplugged.patch
Patch110: 0010-Out-of-bounds-heap-read-in-service_search_attr_req-f.patch
BuildRequires: git-core BuildRequires: git-core
BuildRequires: dbus-devel >= 1.6 BuildRequires: dbus-devel >= 1.6
BuildRequires: glib2-devel BuildRequires: glib2-devel
BuildRequires: libical-devel BuildRequires: libical-devel
BuildRequires: readline-devel BuildRequires: readline-devel
# For bluetooth mesh
BuildRequires: json-c-devel
# For cable pairing # For cable pairing
BuildRequires: systemd-devel BuildRequires: systemd-devel
# For printing # For printing
@ -136,7 +135,7 @@ Object Exchange daemon for sharing files, contacts etc over bluetooth
%build %build
%configure --enable-tools --enable-library --enable-deprecated \ %configure --enable-tools --enable-library --enable-deprecated \
--enable-sixaxis --enable-cups --enable-nfc \ --enable-sixaxis --enable-cups --enable-nfc --enable-mesh \
--with-systemdsystemunitdir=%{_unitdir} \ --with-systemdsystemunitdir=%{_unitdir} \
--with-systemduserunitdir=%{_userunitdir} --with-systemduserunitdir=%{_userunitdir}
@ -218,6 +217,7 @@ install -D -p -m0755 %{SOURCE4} ${RPM_BUILD_ROOT}/%{_libexecdir}/bluetooth/
%{_bindir}/hcidump %{_bindir}/hcidump
%{_bindir}/l2test %{_bindir}/l2test
%{_bindir}/hex2hcd %{_bindir}/hex2hcd
%{_bindir}/meshctl
%{_bindir}/mpris-proxy %{_bindir}/mpris-proxy
%{_bindir}/gatttool %{_bindir}/gatttool
%{_bindir}/rctest %{_bindir}/rctest
@ -267,6 +267,11 @@ install -D -p -m0755 %{SOURCE4} ${RPM_BUILD_ROOT}/%{_libexecdir}/bluetooth/
%{_userunitdir}/obex.service %{_userunitdir}/obex.service
%changelog %changelog
* Thu Sep 14 2017 Peter Robinson <pbrobinson@fedoraproject.org> 5.47-1
- New upstream 5.47 bugfix release
- Initial support for Bluetooth LE mesh
- Blueooth 5 fixes and improvements
* Mon Sep 11 2017 Don Zickus <dzickus@redhat.com> - 5.46-6 * Mon Sep 11 2017 Don Zickus <dzickus@redhat.com> - 5.46-6
- sdpd heap fixes - sdpd heap fixes
Resolves: rhbz#1490911 Resolves: rhbz#1490911

2
sources
View File

@ -1 +1 @@
SHA512 (bluez-5.46.tar.xz) = 57eb236d5d1607ffbd5e4c939ffcb1047e2240e05ac642d037eee0feb1425f2d95d8a75b30dee50448c7189183468620c69ed330d17217d13c05f98b80e73671 SHA512 (bluez-5.47.tar.xz) = 86fa1baae1593d4824038db8418358b0be624c81fc23ee8f96ec08979d309a2377be3924ab53cc0fcb712aec8e696360e9a9f4de4c12cc31b14de5cf495a11a6