Import from CS git

This commit is contained in:
eabdullin 2024-10-04 11:31:35 +00:00
parent e34e5805ba
commit d815917a36
18 changed files with 181 additions and 541 deletions

View File

@ -1 +1 @@
4d8fb1328e15df4021329d3eb6329b64777badaa SOURCES/bluez-5.64.tar.xz
6c73541f2cd27543b66741d16d520970d8877940 SOURCES/bluez-5.72.tar.xz

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/bluez-5.64.tar.xz
SOURCES/bluez-5.72.tar.xz

View File

@ -0,0 +1,125 @@
From 669de134aa19fbd6b7ac59575446a064bbf27565 Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Wed, 14 Feb 2024 16:51:14 +0100
Subject: [PATCH] Add missing mesh-gatt JSON files
---
tools/mesh-gatt/local_node.json | 61 +++++++++++++++++++++++++++++++++
tools/mesh-gatt/prov_db.json | 37 ++++++++++++++++++++
2 files changed, 98 insertions(+)
create mode 100644 tools/mesh-gatt/local_node.json
create mode 100644 tools/mesh-gatt/prov_db.json
diff --git a/tools/mesh-gatt/local_node.json b/tools/mesh-gatt/local_node.json
new file mode 100644
index 000000000000..5ffa7ada1f65
--- /dev/null
+++ b/tools/mesh-gatt/local_node.json
@@ -0,0 +1,61 @@
+{
+ "$schema":"file:\/\/\/BlueZ\/Mesh\/local_schema\/mesh.jsonschema",
+ "meshName":"BT Mesh",
+ "netKeys":[
+ {
+ "index": 0,
+ "keyRefresh": 0
+ }
+ ],
+ "appKeys":[
+ {
+ "index": 0,
+ "boundNetKey": 0
+ },
+ {
+ "index": 1,
+ "boundNetKey": 0
+ }
+ ],
+"node": {
+ "IVindex":"00000005",
+ "IVupdate":"0",
+ "sequenceNumber": 0,
+ "composition": {
+ "cid": "0002",
+ "pid": "0010",
+ "vid": "0001",
+ "crpl": "000a",
+ "features": {
+ "relay": false,
+ "proxy": true,
+ "friend": false,
+ "lowPower": false
+ },
+ "elements": [
+ {
+ "elementIndex": 0,
+ "location": "0001",
+ "models": ["0000", "0001", "1001"]
+ }
+ ]
+ },
+ "configuration":{
+ "netKeys": [0],
+ "appKeys": [ 0, 1],
+ "defaultTTL": 10,
+ "elements": [
+ {
+ "elementIndex": 0,
+ "unicastAddress":"0077",
+ "models": [
+ {
+ "modelId": "1001",
+ "bind": [1]
+ }
+ ]
+ }
+ ]
+ }
+ }
+}
diff --git a/tools/mesh-gatt/prov_db.json b/tools/mesh-gatt/prov_db.json
new file mode 100644
index 000000000000..74a03128d4d5
--- /dev/null
+++ b/tools/mesh-gatt/prov_db.json
@@ -0,0 +1,37 @@
+{
+ "$schema":"file:\/\/\/BlueZ\/Mesh\/schema\/mesh.jsonschema",
+ "meshName":"BT Mesh",
+ "IVindex":5,
+ "IVupdate":0,
+ "netKeys":[
+ {
+ "index":0,
+ "keyRefresh":0,
+ "key":"18eed9c2a56add85049ffc3c59ad0e12"
+ }
+ ],
+ "appKeys":[
+ {
+ "index":0,
+ "boundNetKey":0,
+ "key":"4f68ad85d9f48ac8589df665b6b49b8a"
+ },
+ {
+ "index":1,
+ "boundNetKey":0,
+ "key":"2aa2a6ded5a0798ceab5787ca3ae39fc"
+ }
+ ],
+ "provisioners":[
+ {
+ "provisionerName":"BT Mesh Provisioner",
+ "unicastAddress":"0077",
+ "allocatedUnicastRange":[
+ {
+ "lowAddress":"0100",
+ "highAddress":"7fff"
+ }
+ ]
+ }
+ ],
+}
--
2.43.0

View File

@ -1,66 +0,0 @@
From b4233bca181580800b483a228ca5377efcfeb844 Mon Sep 17 00:00:00 2001
From: Gopal Tiwari <gtiwari@redhat.com>
Date: Tue, 31 May 2022 13:11:05 +0530
Subject: [PATCH BlueZ 01/12] client/gatt: Fix memory leak issues
While performing the static tool analysis using coverity tool
found following reports
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/client/gatt.c:1531: leaked_storage: Variable "service"
going out of scope leaks the storage it points to.
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/client/gatt.c:2626: leaked_storage: Variable "chrc"
going out of scope leaks the storage it points to.
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/client/gatt.c:2906: leaked_storage: Variable "desc"
going out of scope leaks the storage it points to.
---
client/gatt.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/client/gatt.c b/client/gatt.c
index 13872c794..4c1efaf75 100644
--- a/client/gatt.c
+++ b/client/gatt.c
@@ -1527,8 +1527,10 @@ void gatt_register_service(DBusConnection *conn, GDBusProxy *proxy,
if (argc > 2) {
service->handle = parse_handle(argv[2]);
- if (!service->handle)
+ if (!service->handle) {
+ service_free(service);
return bt_shell_noninteractive_quit(EXIT_FAILURE);
+ }
}
if (g_dbus_register_interface(conn, service->path,
@@ -2622,8 +2624,10 @@ void gatt_register_chrc(DBusConnection *conn, GDBusProxy *proxy,
if (argc > 3) {
chrc->handle = parse_handle(argv[3]);
- if (!chrc->handle)
+ if (!chrc->handle) {
+ chrc_free(chrc);
return bt_shell_noninteractive_quit(EXIT_FAILURE);
+ }
}
if (g_dbus_register_interface(conn, chrc->path, CHRC_INTERFACE,
@@ -2902,8 +2906,10 @@ void gatt_register_desc(DBusConnection *conn, GDBusProxy *proxy,
if (argc > 3) {
desc->handle = parse_handle(argv[3]);
- if (!desc->handle)
+ if (!desc->handle) {
+ desc_free(desc);
return bt_shell_noninteractive_quit(EXIT_FAILURE);
+ }
}
if (g_dbus_register_interface(conn, desc->path, DESC_INTERFACE,
--
2.26.2

View File

@ -1,41 +0,0 @@
From f853012bc0142ab6056f3d9ef4abf621b1e8a756 Mon Sep 17 00:00:00 2001
From: Gopal Tiwari <gtiwari@redhat.com>
Date: Tue, 24 May 2022 16:45:56 +0530
Subject: [PATCH BlueZ] gatt: Fix double free and freed memory dereference
commit 3627eddea13042ffc0848ae37356f30335ce2e4b
Author: Ildar Kamaletdinov <i.kamaletdinov@omp.ru>
Date: Fri Apr 1 15:16:47 2022 +0300
gatt: Fix double free and freed memory dereference
If device is no longer exists or not paired when notifications send it
is possible to get double free and dereference of already freed memory.
To avoid this we need to recheck the state of device after sending
notification.
Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.
---
src/gatt-database.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/gatt-database.c b/src/gatt-database.c
index d6c94058c..d32f616a9 100644
--- a/src/gatt-database.c
+++ b/src/gatt-database.c
@@ -3877,6 +3877,10 @@ void btd_gatt_database_server_connected(struct btd_gatt_database *database,
send_notification_to_device(state, state->pending);
+ state = find_device_state(database, &bdaddr, bdaddr_type);
+ if (!state || !state->pending)
+ return;
+
free(state->pending->value);
free(state->pending);
state->pending = NULL;
--
2.26.2

View File

@ -1,19 +1,29 @@
From 90b72b787a6ae6b9b0bf8ece238e108e8607a433 Mon Sep 17 00:00:00 2001
From 873e49357081e5c5d8d3d23759f1723db7292bf6 Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Sat, 9 Nov 2013 18:13:43 +0100
Subject: [PATCH 1/2] obex: Use GLib helper function to manipulate paths
Date: Mon, 12 Feb 2024 20:02:45 +0000
Subject: [PATCH] obex: Use GLib helper function to manipulate paths
Instead of trying to do it by hand. This also makes sure that
relative paths aren't used by the agent.
[Emil Velikov]
Originally this patch was posted in 2013, but deferred since bluez was
planning to move away from glib. Presently there's no obvious action
towards that goal, so I think we can safely land this.
As mentioned by the author, current code allows for relative paths and
considering that obexd service runs without meaningful sandboxing and on
some distributions it is ran as root, we should plug the whole before
anyone (ab)uses it.
---
obexd/src/manager.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
obexd/src/manager.c | 15 +++++----------
1 file changed, 5 insertions(+), 10 deletions(-)
diff --git a/obexd/src/manager.c b/obexd/src/manager.c
index f84384ae4..285c07c37 100644
index 73fd6b9aff15..cc1de7ae2ed3 100644
--- a/obexd/src/manager.c
+++ b/obexd/src/manager.c
@@ -650,14 +650,14 @@ static void agent_reply(DBusPendingCall *call, void *user_data)
@@ -644,18 +644,13 @@ static void agent_reply(DBusPendingCall *call, void *user_data)
DBUS_TYPE_STRING, &name,
DBUS_TYPE_INVALID)) {
/* Splits folder and name */
@ -22,17 +32,21 @@ index f84384ae4..285c07c37 100644
DBG("Agent replied with %s", name);
- if (!slash) {
- agent->new_name = g_strdup(name);
+ if (is_relative) {
+ agent->new_name = g_path_get_basename(name);
+ agent->new_name = g_path_get_basename(name);
+ if (is_relative)
agent->new_folder = NULL;
} else {
- agent->new_name = g_strdup(slash + 1);
- } else {
- if (strlen(slash) == 1)
- agent->new_name = NULL;
- else
- agent->new_name = g_strdup(slash + 1);
- agent->new_folder = g_strndup(name, slash - name);
+ agent->new_name = g_path_get_basename(name);
- }
+ else
+ agent->new_folder = g_path_get_dirname(name);
}
}
dbus_message_unref(reply);
--
2.14.1
2.43.0

View File

@ -1,43 +0,0 @@
From 5eb96b3ec8545047a74d7204664267c7aa749070 Mon Sep 17 00:00:00 2001
From: Gopal Tiwari <gtiwari@redhat.com>
Date: Tue, 31 May 2022 13:11:06 +0530
Subject: [PATCH BlueZ 02/12] mesh/appkey: Fix memory leaks
While performing the static analysis using the coverity tool found
following memory leak reports
bluez-5.64/mesh/appkey.c:143: leaked_storage: Variable "key" going
out of scope leaks the storage it points to.
Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/mesh/appkey.c:146: leaked_storage: Variable "key" going
out of scope leaks the storage it points to.
---
mesh/appkey.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/mesh/appkey.c b/mesh/appkey.c
index 5088a1812..52fed8c31 100644
--- a/mesh/appkey.c
+++ b/mesh/appkey.c
@@ -139,11 +139,15 @@ bool appkey_key_init(struct mesh_net *net, uint16_t net_idx, uint16_t app_idx,
key->net_idx = net_idx;
key->app_idx = app_idx;
- if (key_value && !set_key(key, app_idx, key_value, false))
+ if (key_value && !set_key(key, app_idx, key_value, false)) {
+ appkey_key_free(key);
return false;
+ }
- if (new_key_value && !set_key(key, app_idx, new_key_value, true))
+ if (new_key_value && !set_key(key, app_idx, new_key_value, true)) {
+ appkey_key_free(key);
return false;
+ }
l_queue_push_tail(app_keys, key);
--
2.26.2

View File

@ -1,38 +0,0 @@
From 6f02010ce0043ec2e17eb15f2a1dd42f6c64e223 Mon Sep 17 00:00:00 2001
From: Gopal Tiwari <gtiwari@redhat.com>
Date: Tue, 31 May 2022 13:11:07 +0530
Subject: [PATCH BlueZ 03/12] monitor: Fix memory leaks
While performing static tool analysis using coverity
found following reports for resouse leak
bluez-5.64/monitor/jlink.c:111: leaked_storage: Variable "so"
going out of scope leaks the storage it points to.
bluez-5.64/monitor/jlink.c:113: leaked_storage: Variable "so"
going out of scope leaks the storage it points to.
---
monitor/jlink.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/monitor/jlink.c b/monitor/jlink.c
index 9aaa4ebd8..f1d8ce660 100644
--- a/monitor/jlink.c
+++ b/monitor/jlink.c
@@ -107,9 +107,12 @@ int jlink_init(void)
!jlink.tif_select || !jlink.setspeed ||
!jlink.connect || !jlink.getsn ||
!jlink.emu_getproductname ||
- !jlink.rtterminal_control || !jlink.rtterminal_read)
+ !jlink.rtterminal_control || !jlink.rtterminal_read) {
+ dlclose(so);
return -EIO;
+ }
+ dlclose(so);
return 0;
}
--
2.26.2

View File

@ -1,43 +0,0 @@
From fc57aa92a4f32f7c0f38198e6d26b529b537a047 Mon Sep 17 00:00:00 2001
From: Gopal Tiwari <gtiwari@redhat.com>
Date: Tue, 31 May 2022 13:11:08 +0530
Subject: [PATCH BlueZ 04/12] sixaxis: Fix memory leaks
While performing static tool analysis using coverity
found following reports for resouse leak
bluez-5.64/plugins/sixaxis.c:425: alloc_arg:
"get_pairing_type_for_device" allocates memory that is
stored into "sysfs_path".
bluez-5.64/plugins/sixaxis.c:428: leaked_storage: Variable "sysfs_path"
going out of scope leaks the storage it points to.
---
plugins/sixaxis.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/plugins/sixaxis.c b/plugins/sixaxis.c
index ddecbcccb..10cf15948 100644
--- a/plugins/sixaxis.c
+++ b/plugins/sixaxis.c
@@ -424,10 +424,15 @@ static void device_added(struct udev_device *udevice)
cp = get_pairing_type_for_device(udevice, &bus, &sysfs_path);
if (!cp || (cp->type != CABLE_PAIRING_SIXAXIS &&
- cp->type != CABLE_PAIRING_DS4))
+ cp->type != CABLE_PAIRING_DS4)) {
+ g_free(sysfs_path);
return;
- if (bus != BUS_USB)
+ }
+
+ if (bus != BUS_USB) {
+ g_free(sysfs_path);
return;
+ }
info("sixaxis: compatible device connected: %s (%04X:%04X %s)",
cp->name, cp->vid, cp->pid, sysfs_path);
--
2.26.2

View File

@ -1,29 +0,0 @@
From f4743109f381a4d53b476c5b77c7c68a6aa40b59 Mon Sep 17 00:00:00 2001
From: Gopal Tiwari <gtiwari@redhat.com>
Date: Tue, 31 May 2022 13:11:09 +0530
Subject: [PATCH BlueZ 05/12] cltest: Fix leaked_handle
While performing static tool analysis using coverity found
following reports for resouse leak
bluez-5.64/tools/cltest.c:75: leaked_handle: Handle variable "fd"
going out of scope leaks the handle.
---
tools/cltest.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/cltest.c b/tools/cltest.c
index 2766fcd23..250c93cc7 100644
--- a/tools/cltest.c
+++ b/tools/cltest.c
@@ -72,6 +72,7 @@ static bool send_message(const bdaddr_t *src, const bdaddr_t *dst,
return false;
}
+ close(fd);
return true;
}
--
2.26.2

View File

@ -1,47 +0,0 @@
From 4ae130455b173650f564d92f7908a7ca4f7b1ee6 Mon Sep 17 00:00:00 2001
From: Gopal Tiwari <gtiwari@redhat.com>
Date: Tue, 31 May 2022 13:11:10 +0530
Subject: [PATCH BlueZ 06/12] create-image: Fix leaked_handle
While performing static tool analysis using coverity found following
reports for resouse leak
bluez-5.64/tools/create-image.c:124: leaked_storage: Variable "map"
going out of scope leaks the storage it points to.
---
tools/create-image.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/tools/create-image.c b/tools/create-image.c
index aba940da7..90cd87315 100644
--- a/tools/create-image.c
+++ b/tools/create-image.c
@@ -97,12 +97,13 @@ static void write_block(FILE *fp, const char *pathname, unsigned int ino,
map = mmap(NULL, st.st_size, PROT_READ, MAP_SHARED, fd, 0);
if (!map || map == MAP_FAILED) {
- close(fd);
- fd = -1;
map = NULL;
st.st_size = 0;
}
+ close(fd);
+ fd = -1;
+
done:
fprintf(fp, HDR_FMT, HDR_MAGIC, ino, mode, 0, 0, 1, 0,
(uintmax_t) st.st_size, 0, 0, 0, 0, namelen + 1, 0, name);
@@ -117,9 +118,7 @@ done:
pad = 3 - ((st.st_size + 3) % 4);
for (i = 0; i < pad; i++)
fputc(0, fp);
-
munmap(map, st.st_size);
- close(fd);
}
}
--
2.26.2

View File

@ -1,29 +0,0 @@
From 4334be027ae1ad50193025c90e77a76b64464b53 Mon Sep 17 00:00:00 2001
From: Gopal Tiwari <gtiwari@redhat.com>
Date: Tue, 31 May 2022 13:11:11 +0530
Subject: [PATCH BlueZ 07/12] l2cap-tester: Fix leaked_handle
While performing static tool analysis using coverity found following
reports for resouse leak
bluez-5.64/tools/l2cap-tester.c:1712: leaked_handle: Handle variable
"new_sk" going out of scope leaks the handle.
---
tools/l2cap-tester.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/l2cap-tester.c b/tools/l2cap-tester.c
index d78b1e29c..3f0464013 100644
--- a/tools/l2cap-tester.c
+++ b/tools/l2cap-tester.c
@@ -1709,6 +1709,7 @@ static gboolean l2cap_listen_cb(GIOChannel *io, GIOCondition cond,
if (!check_mtu(data, new_sk)) {
tester_test_failed();
+ close(new_sk);
return FALSE;
}
--
2.26.2

View File

@ -1,33 +0,0 @@
From 35cbfd9660949fca23418bfa32fd51d81ed91208 Mon Sep 17 00:00:00 2001
From: Gopal Tiwari <gtiwari@redhat.com>
Date: Tue, 31 May 2022 13:11:12 +0530
Subject: [PATCH BlueZ 08/12] mesh/mesh-db: Fix resource leaks
While performing static tool analysis using coverity found following
reports for resouse leak
bluez-5.64/tools/mesh/mesh-db.c:2388: leaked_handle: Handle variable
"fd" going out of scope leaks the handle.
bluez-5.64/tools/mesh/mesh-db.c:2388: leaked_storage: Variable "str"
going out of scope leaks the storage it points to.
---
tools/mesh/mesh-db.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/tools/mesh/mesh-db.c b/tools/mesh/mesh-db.c
index fa11837df..896ff722c 100644
--- a/tools/mesh/mesh-db.c
+++ b/tools/mesh/mesh-db.c
@@ -2384,6 +2384,8 @@ bool mesh_db_load(const char *fname)
sz = read(fd, str, st.st_size);
if (sz != st.st_size) {
+ close(fd);
+ l_free(str);
l_error("Failed to read configuration file %s", fname);
return false;
}
--
2.26.2

View File

@ -1,29 +0,0 @@
From 39b638526d9a45d54d2d6e3f175fd7eb057ef8f0 Mon Sep 17 00:00:00 2001
From: Gopal Tiwari <gtiwari@redhat.com>
Date: Tue, 31 May 2022 13:11:13 +0530
Subject: [PATCH BlueZ 09/12] obex-client: Fix leaked_handle
While performing static tool analysis using coverity found following
reports for resouse leak
bluez-5.64/tools/obex-client-tool.c:315: leaked_handle: Handle variable
"sk" going out of scope leaks the handle.
---
tools/obex-client-tool.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/obex-client-tool.c b/tools/obex-client-tool.c
index ab9332896..cb0e41247 100644
--- a/tools/obex-client-tool.c
+++ b/tools/obex-client-tool.c
@@ -312,6 +312,7 @@ static GIOChannel *unix_connect(GObexTransportType transport)
if (connect(sk, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
err = errno;
g_printerr("connect: %s (%d)\n", strerror(err), err);
+ close(sk);
return NULL;
}
--
2.26.2

View File

@ -1,34 +0,0 @@
From 06d3c7429ad6bdf6eef1bcedee327e74a33c40bf Mon Sep 17 00:00:00 2001
From: Gopal Tiwari <gtiwari@redhat.com>
Date: Tue, 31 May 2022 13:11:15 +0530
Subject: [PATCH BlueZ 10/12] pbap: Fix memory leak
Reported by coverity tool as follows:
bluez-5.64/obexd/client/pbap.c:929: leaked_storage: Variable "apparam"
going out of scope leaks the storage it points to.
---
obexd/client/pbap.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/obexd/client/pbap.c b/obexd/client/pbap.c
index 1a2bacc9f..1ed8c68ec 100644
--- a/obexd/client/pbap.c
+++ b/obexd/client/pbap.c
@@ -925,10 +925,11 @@ static DBusMessage *pbap_search(DBusConnection *connection,
return g_dbus_create_error(message,
ERROR_INTERFACE ".InvalidArguments", NULL);
- if (dbus_message_iter_get_arg_type(&args) != DBUS_TYPE_STRING)
+ if (dbus_message_iter_get_arg_type(&args) != DBUS_TYPE_STRING) {
+ g_obex_apparam_free(apparam);
return g_dbus_create_error(message,
ERROR_INTERFACE ".InvalidArguments", NULL);
-
+ }
dbus_message_iter_get_basic(&args, &value);
dbus_message_iter_next(&args);
--
2.26.2

View File

@ -1,30 +0,0 @@
From 56bda20ce9e3e5c4684b37cffd4527264c2b4c1e Mon Sep 17 00:00:00 2001
From: Gopal Tiwari <gtiwari@redhat.com>
Date: Tue, 31 May 2022 13:11:16 +0530
Subject: [PATCH BlueZ 11/12] meshctl: Fix possible use_after_free
Reported by coverity tool as follows :
bluez-5.64/tools/meshctl.c:1968: freed_arg: "g_free" frees "mesh_dir".
bluez-5.64/tools/meshctl.c:2018: double_free: Calling "g_free" frees
pointer "mesh_dir" which has already been freed.
---
tools/meshctl.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/tools/meshctl.c b/tools/meshctl.c
index 18e20c40d..38ffd35f3 100644
--- a/tools/meshctl.c
+++ b/tools/meshctl.c
@@ -2015,7 +2015,6 @@ int main(int argc, char *argv[])
fail:
bt_shell_cleanup();
- g_free(mesh_dir);
return EXIT_FAILURE;
}
--
2.26.2

View File

@ -1,34 +0,0 @@
From 5cdaeaefc350ea3c42719284b88406579d032fb6 Mon Sep 17 00:00:00 2001
From: Gopal Tiwari <gtiwari@redhat.com>
Date: Tue, 31 May 2022 13:11:17 +0530
Subject: [PATCH BlueZ 12/12] mesh-gatt: Fix use_after_free
Following scenario happens when prov is false and we have double free as
mentioned in the below
bluez-5.64/tools/mesh-gatt/prov-db.c:847: freed_arg: "g_free" frees
"in_str".
bluez-5.64/tools/mesh-gatt/prov-db.c:867: double_free: Calling "g_free"
frees pointer "in_str" which has already been freed.
---
tools/mesh-gatt/prov-db.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/tools/mesh-gatt/prov-db.c b/tools/mesh-gatt/prov-db.c
index 2fb08f799..a5b6997e0 100644
--- a/tools/mesh-gatt/prov-db.c
+++ b/tools/mesh-gatt/prov-db.c
@@ -859,7 +859,8 @@ bool prov_db_local_set_iv_index(uint32_t iv_index, bool update, bool prov)
set_local_iv_index(jmain, iv_index, update);
prov_file_write(jmain, false);
- }
+ } else
+ return true;
res = true;
done:
--
2.26.2

View File

@ -5,7 +5,7 @@
%endif
Name: bluez
Version: 5.64
Version: 5.72
Release: 2%{?dist}
Summary: Bluetooth utilities
License: GPLv2+
@ -16,26 +16,8 @@ Source1: bluez.gitignore
# https://github.com/hadess/bluez/commits/obex-5.46
Patch1: 0001-obex-Use-GLib-helper-function-to-manipulate-paths.patch
# https://github.com/hadess/bluez/commits/systemd-hardening
#Patch10: 0001-build-Always-define-confdir-and-statedir.patch
#Patch11: 0002-systemd-Add-PrivateTmp-and-NoNewPrivileges-options.patch
#Patch12: 0003-systemd-Add-more-filesystem-lockdown.patch
#Patch13: 0004-systemd-More-lockdown.patch
#Patch14: 0005-media-rename-local-function-conflicting-with-pause-2.patch
#Patch15: bluez-avdtp-fix-removing-all-seps-when-loading-from-cache.patch
Patch2: 0001-client-gatt-Fix-memory-leak-issues.patch
Patch3: 0002-mesh-appkey-Fix-memory-leaks.patch
Patch4: 0003-monitor-Fix-memory-leaks.patch
Patch5: 0004-sixaxis-Fix-memory-leaks.patch
Patch6: 0005-cltest-Fix-leaked_handle.patch
Patch7: 0006-create-image-Fix-leaked_handle.patch
Patch8: 0007-l2cap-tester-Fix-leaked_handle.patch
Patch9: 0008-mesh-mesh-db-Fix-resource-leaks.patch
Patch10: 0009-obex-client-Fix-leaked_handle.patch
Patch11: 0010-pbap-Fix-memory-leak.patch
Patch12: 0011-meshctl-Fix-possible-use_after_free.patch
Patch13: 0012-mesh-gatt-Fix-use_after_free.patch
Patch14: 0001-gatt-Fix-double-free-and-freed-memory-dereference.patch
# https://patchwork.kernel.org/project/bluetooth/patch/20240214155019.325715-1-hadess@hadess.net/
Patch2: 0001-Add-missing-mesh-gatt-JSON-files.patch
BuildRequires: dbus-devel >= 1.6
BuildRequires: glib2-devel
@ -53,6 +35,7 @@ BuildRequires: cups-devel
BuildRequires: libtool automake autoconf
# For man pages
BuildRequires: python3-docutils
BuildRequires: python3-pygments
Requires: dbus >= 1.6
Requires(post): systemd
@ -162,9 +145,7 @@ Object Exchange daemon for sharing files, contacts etc over bluetooth
%build
autoreconf -vif
%configure --enable-tools --enable-library --disable-optimization \
%if %{with deprecated}
--enable-deprecated \
%endif
--enable-sixaxis --enable-cups --enable-nfc --enable-mesh \
--enable-hid2hci --enable-testing \
--with-systemdsystemunitdir=%{_unitdir} \
@ -179,6 +160,10 @@ autoreconf -vif
# "make install" fails to install gatttool, necessary for Bluetooth Low Energy
# Red Hat Bugzilla bug #1141909, Debian bug #720486
install -m0755 attrib/gatttool $RPM_BUILD_ROOT%{_bindir}
%else
for i in ciptool gatttool hciattach hciconfig hcidump hcitool rfcomm sdptool ; do \
rm -f $RPM_BUILD_ROOT%{_bindir}/$i $RPM_BUILD_ROOT%{_mandir}/man1/$i*.1* ; \
done
%endif
# "make install" fails to install avinfo
@ -249,7 +234,6 @@ install emulator/btvirt ${RPM_BUILD_ROOT}/%{_libexecdir}/bluetooth/
%doc AUTHORS ChangeLog
%dir %{_sysconfdir}/bluetooth
%config %{_sysconfdir}/bluetooth/main.conf
%config %{_sysconfdir}/dbus-1/system.d/bluetooth.conf
%{_bindir}/avinfo
%{_bindir}/bluemoon
%{_bindir}/bluetoothctl
@ -258,19 +242,20 @@ install emulator/btvirt ${RPM_BUILD_ROOT}/%{_libexecdir}/bluetooth/
%{_bindir}/btmon
%{_bindir}/hex2hcd
%{_bindir}/l2ping
%{_bindir}/l2test
%{_bindir}/mpris-proxy
%{_bindir}/rctest
%{_mandir}/man1/bluetoothctl.1.*
%{_mandir}/man1/bluetoothctl-*.1.*
%{_mandir}/man1/btattach.1.*
%{_mandir}/man1/btmgmt.1.*
%{_mandir}/man1/btmon.1.*
%{_mandir}/man1/l2ping.1.*
%{_mandir}/man1/rctest.1.*
%{_mandir}/man8/bluetoothd.8.*
%dir %{_libexecdir}/bluetooth
%{_libexecdir}/bluetooth/bluetoothd
%{_libdir}/bluetooth/
%{_localstatedir}/lib/bluetooth
%{_datadir}/dbus-1/system-services/org.bluez.service
%{_datadir}/dbus-1/system.d/bluetooth.conf
%{_unitdir}/bluetooth.service
%{_datadir}/zsh/site-functions/_bluetoothctl
@ -300,8 +285,14 @@ install emulator/btvirt ${RPM_BUILD_ROOT}/%{_libexecdir}/bluetooth/
%files libs-devel
%doc doc/*txt
%{_bindir}/isotest
%{_bindir}/l2test
%{_bindir}/rctest
%{_libdir}/libbluetooth.so
%{_includedir}/bluetooth
%{_mandir}/man1/isotest.1.*
%{_mandir}/man1/rctest.1.*
%{_mandir}/man5/org.bluez.*.5.*
%{_libdir}/pkgconfig/bluez.pc
%dir %{_libexecdir}/bluetooth
%{_libexecdir}/bluetooth/btvirt
@ -317,11 +308,11 @@ install emulator/btvirt ${RPM_BUILD_ROOT}/%{_libexecdir}/bluetooth/
%files mesh
%doc tools/mesh-gatt/*.json
%config %{_sysconfdir}/bluetooth/mesh-main.conf
%config %{_sysconfdir}/dbus-1/system.d/bluetooth-mesh.conf
%{_bindir}/meshctl
%{_bindir}/mesh-cfgclient
%{_bindir}/mesh-cfgtest
%{_datadir}/dbus-1/system-services/org.bluez.mesh.service
%{_datadir}/dbus-1/system.d/bluetooth-mesh.conf
%{_libexecdir}/bluetooth/bluetooth-meshd
%{_unitdir}/bluetooth-mesh.service
%{_localstatedir}/lib/bluetooth/mesh
@ -333,13 +324,19 @@ install emulator/btvirt ${RPM_BUILD_ROOT}/%{_libexecdir}/bluetooth/
%{_userunitdir}/obex.service
%changelog
* Mon Jul 15 2024 David Marlin <dmarlin@redhat.com> - 5.72-2
- Bump release to rebuild for RHEL-9.5
* Thu Feb 15 2024 Bastien Nocera <bnocera@redhat.com> - 5.72-1
- Update to 5.72
* Thu Jun 9 2022 Gopal Tiwari <gtiwari@redhat.com> - 5.64-2
- Coverity fixes for bluez.
* Thu May 5 2022 Gopal Tiwari <gtiwari@redhat.com> - 5.64-1
- Update to 5.64
* Fri Dec 16 2021 Gopal Tiwari <gtiwari@redhat.com> - 5.56-8
* Thu Dec 16 2021 Gopal Tiwari <gtiwari@redhat.com> - 5.56-8
- Fixing Gating and version
Related: rhbz#2027435