import bluez-5.50-3.el8

2020-04-28 05:33:27 -04:00 · 2020-04-28 05:33:27 -04:00 · eb98a28499
commit eb98a28499
parent e0630b7f32
3 changed files with 224 additions and 1 deletions
--- a/SOURCES/0001-core-Add-AlwaysPairable-to-main.conf.patch
+++ b/SOURCES/0001-core-Add-AlwaysPairable-to-main.conf.patch
@ -0,0 +1,151 @@
+From 4aa826664dd5d6e784162c2393149ecb01550fb1 Mon Sep 17 00:00:00 2001
+From: Gopal Tiwari <gtiwari@redhat.com>
+Date: Wed, 18 Dec 2019 19:31:49 +0530
+Subject: [PATCH BlueZ 1/2] core: Add AlwaysPairable to main.conf
+
+commit 1880b299086659844889cdaf687133aca5eaf102
+Author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+Date:   Fri Jul 27 11:14:04 2018 +0300
+
+    core: Add AlwaysPairable to main.conf
+
+    This adds a new option called AlwaysPairable to main.conf, it can be
+    used to enable Adapter.Pairable even in case there is no Agent
+    available.
+
+    Since that could be consider a security problem to allow pairing
+    without user's consent the option defaults to false.
+---
+ src/adapter.c | 16 +++++++++++++++-
+ src/agent.h   |  7 +++++++
+ src/device.c  |  2 --
+ src/hcid.h    |  1 +
+ src/main.c    | 11 +++++++++++
+ src/main.conf |  5 +++++
+ 6 files changed, 39 insertions(+), 3 deletions(-)
+
+diff --git a/src/adapter.c b/src/adapter.c
+index af340fd6e..720621f47 100644
+--- a/src/adapter.c
+++ b/src/adapter.c
+@@ -7754,6 +7754,19 @@ int adapter_set_io_capability(struct btd_adapter *adapter, uint8_t io_cap)
+ {
+ 	struct mgmt_cp_set_io_capability cp;
+ 
+	if (!main_opts.pairable) {
+		if (io_cap == IO_CAPABILITY_INVALID) {
+			if (adapter->current_settings & MGMT_SETTING_BONDABLE)
+				set_mode(adapter, MGMT_OP_SET_BONDABLE, 0x00);
+
+			return 0;
+		}
+
+		if (!(adapter->current_settings & MGMT_SETTING_BONDABLE))
+			set_mode(adapter, MGMT_OP_SET_BONDABLE, 0x01);
+	} else if (io_cap == IO_CAPABILITY_INVALID)
+		io_cap = IO_CAPABILITY_NOINPUTNOOUTPUT;
+
+ 	memset(&cp, 0, sizeof(cp));
+ 	cp.io_capability = io_cap;
+ 
+@@ -8682,7 +8695,8 @@ static void read_info_complete(uint8_t status, uint16_t length,
+ 
+ 	set_name(adapter, btd_adapter_get_name(adapter));
+ 
+-	if (!(adapter->current_settings & MGMT_SETTING_BONDABLE))
+	if (main_opts.pairable &&
+			!(adapter->current_settings & MGMT_SETTING_BONDABLE))
+ 		set_mode(adapter, MGMT_OP_SET_BONDABLE, 0x01);
+ 
+ 	if (!kernel_conn_control)
+diff --git a/src/agent.h b/src/agent.h
+index 1e4692036..f14d14325 100644
+--- a/src/agent.h
+++ b/src/agent.h
+@@ -22,6 +22,13 @@
+  *
+  */
+ 
+#define IO_CAPABILITY_DISPLAYONLY	0x00
+#define IO_CAPABILITY_DISPLAYYESNO	0x01
+#define IO_CAPABILITY_KEYBOARDONLY	0x02
+#define IO_CAPABILITY_NOINPUTNOOUTPUT	0x03
+#define IO_CAPABILITY_KEYBOARDDISPLAY	0x04
+#define IO_CAPABILITY_INVALID		0xFF
+
+ struct agent;
+ 
+ typedef void (*agent_cb) (struct agent *agent, DBusError *err,
+diff --git a/src/device.c b/src/device.c
+index 4f1af7012..0d7907a69 100644
+--- a/src/device.c
+++ b/src/device.c
+@@ -75,8 +75,6 @@
+ #include "attrib-server.h"
+ #include "eir.h"
+ 
+-#define IO_CAPABILITY_NOINPUTNOOUTPUT	0x03
+-
+ #define DISCONNECT_TIMER	2
+ #define DISCOVERY_TIMER		1
+ #define INVALID_FLAGS		0xff
+diff --git a/src/hcid.h b/src/hcid.h
+index 2c2b89d9c..ba250578a 100644
+--- a/src/hcid.h
+++ b/src/hcid.h
+@@ -38,6 +38,7 @@ typedef enum {
+ struct main_opts {
+ 	char		*name;
+ 	uint32_t	class;
+	gboolean	pairable;
+ 	uint32_t	pairto;
+ 	uint32_t	discovto;
+ 	uint8_t		privacy;
+diff --git a/src/main.c b/src/main.c
+index 7e6af42cd..156406343 100644
+--- a/src/main.c
+++ b/src/main.c
+@@ -81,6 +81,7 @@ static const char *supported_options[] = {
+ 	"Name",
+ 	"Class",
+ 	"DiscoverableTimeout",
+	"AlwaysPairable"
+ 	"PairableTimeout",
+ 	"DeviceID",
+ 	"ReverseServiceDiscovery",
+@@ -287,6 +288,16 @@ static void parse_config(GKeyFile *config)
+ 		main_opts.discovto = val;
+ 	}
+ 
+	boolean = g_key_file_get_boolean(config, "General",
+						"AlwaysPairable", &err);
+	if (err) {
+		DBG("%s", err->message);
+		g_clear_error(&err);
+	} else {
+		DBG("pairable=%s", boolean ? "true" : "false");
+		main_opts.pairable = boolean;
+	}
+
+ 	val = g_key_file_get_integer(config, "General",
+ 						"PairableTimeout", &err);
+ 	if (err) {
+diff --git a/src/main.conf b/src/main.conf
+index cbae32ec5..0d480d183 100644
+--- a/src/main.conf
+++ b/src/main.conf
+@@ -13,6 +13,11 @@
+ # 0 = disable timer, i.e. stay discoverable forever
+ #DiscoverableTimeout = 0
+ 
+# Always allow pairing even if there are no agent registered
+# Possible values: true, false
+# Default: false
+#AlwaysPairable = false
+
+ # How long to stay in pairable mode before going back to non-discoverable
+ # The value is in seconds. Default is 0.
+ # 0 = disable timer, i.e. stay pairable forever
+-- 
+2.17.2
+
--- a/SOURCES/0002-agent-Make-the-first-agent-to-register-the-default.patch
+++ b/SOURCES/0002-agent-Make-the-first-agent-to-register-the-default.patch
@ -0,0 +1,61 @@
+From 997fd427eab3770d11f3d0c9f04629a6cefc22b4 Mon Sep 17 00:00:00 2001
+From: Gopal Tiwari <gtiwari@redhat.com>
+Date: Wed, 18 Dec 2019 19:33:33 +0530
+Subject: [PATCH BlueZ 2/2]     agent: Make the first agent to register the
+ default
+
+commit 9213ff7642a33aa481e3c61989ad60f7985b9984
+Author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+Date:   Fri Jul 27 11:01:04 2018 +0300
+
+    agent: Make the first agent to register the default
+
+    This simplifies the handling of default agent and enforce the IO
+    capabilities to be set whenever there is an agent available in the
+    system.
+---
+ src/agent.c | 14 ++++++--------
+ 1 file changed, 6 insertions(+), 8 deletions(-)
+
+diff --git a/src/agent.c b/src/agent.c
+index ff44d5755..183e2f190 100644
+--- a/src/agent.c
+++ b/src/agent.c
+@@ -50,13 +50,6 @@
+ #include "agent.h"
+ #include "shared/queue.h"
+ 
+-#define IO_CAPABILITY_DISPLAYONLY	0x00
+-#define IO_CAPABILITY_DISPLAYYESNO	0x01
+-#define IO_CAPABILITY_KEYBOARDONLY	0x02
+-#define IO_CAPABILITY_NOINPUTNOOUTPUT	0x03
+-#define IO_CAPABILITY_KEYBOARDDISPLAY	0x04
+-#define IO_CAPABILITY_INVALID		0xFF
+-
+ #define REQUEST_TIMEOUT (60 * 1000)		/* 60 seconds */
+ #define AGENT_INTERFACE "org.bluez.Agent1"
+ 
+@@ -150,7 +143,7 @@ static void set_io_cap(struct btd_adapter *adapter, gpointer user_data)
+ 	if (agent)
+ 		io_cap = agent->capability;
+ 	else
+-		io_cap = IO_CAPABILITY_NOINPUTNOOUTPUT;
+		io_cap = IO_CAPABILITY_INVALID;
+ 
+ 	adapter_set_io_capability(adapter, io_cap);
+ }
+@@ -294,6 +287,11 @@ static struct agent *agent_create( const char *name, const char *path,
+ 							name, agent_disconnect,
+ 							agent, NULL);
+ 
+	if (queue_isempty(default_agents))
+		add_default_agent(agent);
+	else
+		queue_push_tail(default_agents, agent);
+
+ 	return agent_ref(agent);
+ }
+ 
+-- 
+2.17.2
+
--- a/SPECS/bluez.spec
+++ b/SPECS/bluez.spec
@ -1,7 +1,7 @@
 Name:    bluez
 Summary: Bluetooth utilities
 Version: 5.50
-Release: 1%{?dist}
+Release: 3%{?dist}
 License: GPLv2+
 URL:     http://www.bluez.org/

@ -33,6 +33,9 @@ Patch23: 0004-systemd-More-lockdown.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1567622
 Patch24: 0001-adapter-Don-t-refresh-adv_manager-for-non-LE-devices.patch

+Patch25: 0001-core-Add-AlwaysPairable-to-main.conf.patch 
+Patch26: 0002-agent-Make-the-first-agent-to-register-the-default.patch 
+
 BuildRequires: git-core
 BuildRequires: dbus-devel >= 1.6
 BuildRequires: glib2-devel
@ -267,6 +270,14 @@ make check

 %changelog

+* Mon Jan 13 2020 Gopal Tiwari <gtiwari@redhat.com> - 5.50-3
+ bluez-5.50-3
+- Bump the version 
+
+* Mon Jan 13 2020 Gopal Tiwari <gtiwari@redhat.com> - 5.50-2
+ bluez-5.50-2
+- Fixing CVE-2018-10910 (#1606373)
+
 * Fri Sep 7 2018 Gopal Tiwari <gtiwari@redhat.com> - 5.50-1
 + bluez-5.50-1
 - Update to 5.50 (#1504689)