Compare commits
1 Commits
358da0160e
...
ddfc62c419
Author | SHA1 | Date | |
---|---|---|---|
|
ddfc62c419 |
@ -1,2 +1 @@
|
||||
4d8fb1328e15df4021329d3eb6329b64777badaa bluez-5.64.tar.xz
|
||||
6c73541f2cd27543b66741d16d520970d8877940 bluez-5.72.tar.xz
|
||||
|
@ -1,125 +0,0 @@
|
||||
From 669de134aa19fbd6b7ac59575446a064bbf27565 Mon Sep 17 00:00:00 2001
|
||||
From: Bastien Nocera <hadess@hadess.net>
|
||||
Date: Wed, 14 Feb 2024 16:51:14 +0100
|
||||
Subject: [PATCH] Add missing mesh-gatt JSON files
|
||||
|
||||
---
|
||||
tools/mesh-gatt/local_node.json | 61 +++++++++++++++++++++++++++++++++
|
||||
tools/mesh-gatt/prov_db.json | 37 ++++++++++++++++++++
|
||||
2 files changed, 98 insertions(+)
|
||||
create mode 100644 tools/mesh-gatt/local_node.json
|
||||
create mode 100644 tools/mesh-gatt/prov_db.json
|
||||
|
||||
diff --git a/tools/mesh-gatt/local_node.json b/tools/mesh-gatt/local_node.json
|
||||
new file mode 100644
|
||||
index 000000000000..5ffa7ada1f65
|
||||
--- /dev/null
|
||||
+++ b/tools/mesh-gatt/local_node.json
|
||||
@@ -0,0 +1,61 @@
|
||||
+{
|
||||
+ "$schema":"file:\/\/\/BlueZ\/Mesh\/local_schema\/mesh.jsonschema",
|
||||
+ "meshName":"BT Mesh",
|
||||
+ "netKeys":[
|
||||
+ {
|
||||
+ "index": 0,
|
||||
+ "keyRefresh": 0
|
||||
+ }
|
||||
+ ],
|
||||
+ "appKeys":[
|
||||
+ {
|
||||
+ "index": 0,
|
||||
+ "boundNetKey": 0
|
||||
+ },
|
||||
+ {
|
||||
+ "index": 1,
|
||||
+ "boundNetKey": 0
|
||||
+ }
|
||||
+ ],
|
||||
+"node": {
|
||||
+ "IVindex":"00000005",
|
||||
+ "IVupdate":"0",
|
||||
+ "sequenceNumber": 0,
|
||||
+ "composition": {
|
||||
+ "cid": "0002",
|
||||
+ "pid": "0010",
|
||||
+ "vid": "0001",
|
||||
+ "crpl": "000a",
|
||||
+ "features": {
|
||||
+ "relay": false,
|
||||
+ "proxy": true,
|
||||
+ "friend": false,
|
||||
+ "lowPower": false
|
||||
+ },
|
||||
+ "elements": [
|
||||
+ {
|
||||
+ "elementIndex": 0,
|
||||
+ "location": "0001",
|
||||
+ "models": ["0000", "0001", "1001"]
|
||||
+ }
|
||||
+ ]
|
||||
+ },
|
||||
+ "configuration":{
|
||||
+ "netKeys": [0],
|
||||
+ "appKeys": [ 0, 1],
|
||||
+ "defaultTTL": 10,
|
||||
+ "elements": [
|
||||
+ {
|
||||
+ "elementIndex": 0,
|
||||
+ "unicastAddress":"0077",
|
||||
+ "models": [
|
||||
+ {
|
||||
+ "modelId": "1001",
|
||||
+ "bind": [1]
|
||||
+ }
|
||||
+ ]
|
||||
+ }
|
||||
+ ]
|
||||
+ }
|
||||
+ }
|
||||
+}
|
||||
diff --git a/tools/mesh-gatt/prov_db.json b/tools/mesh-gatt/prov_db.json
|
||||
new file mode 100644
|
||||
index 000000000000..74a03128d4d5
|
||||
--- /dev/null
|
||||
+++ b/tools/mesh-gatt/prov_db.json
|
||||
@@ -0,0 +1,37 @@
|
||||
+{
|
||||
+ "$schema":"file:\/\/\/BlueZ\/Mesh\/schema\/mesh.jsonschema",
|
||||
+ "meshName":"BT Mesh",
|
||||
+ "IVindex":5,
|
||||
+ "IVupdate":0,
|
||||
+ "netKeys":[
|
||||
+ {
|
||||
+ "index":0,
|
||||
+ "keyRefresh":0,
|
||||
+ "key":"18eed9c2a56add85049ffc3c59ad0e12"
|
||||
+ }
|
||||
+ ],
|
||||
+ "appKeys":[
|
||||
+ {
|
||||
+ "index":0,
|
||||
+ "boundNetKey":0,
|
||||
+ "key":"4f68ad85d9f48ac8589df665b6b49b8a"
|
||||
+ },
|
||||
+ {
|
||||
+ "index":1,
|
||||
+ "boundNetKey":0,
|
||||
+ "key":"2aa2a6ded5a0798ceab5787ca3ae39fc"
|
||||
+ }
|
||||
+ ],
|
||||
+ "provisioners":[
|
||||
+ {
|
||||
+ "provisionerName":"BT Mesh Provisioner",
|
||||
+ "unicastAddress":"0077",
|
||||
+ "allocatedUnicastRange":[
|
||||
+ {
|
||||
+ "lowAddress":"0100",
|
||||
+ "highAddress":"7fff"
|
||||
+ }
|
||||
+ ]
|
||||
+ }
|
||||
+ ],
|
||||
+}
|
||||
--
|
||||
2.43.0
|
||||
|
35
0001-build-Always-define-confdir-and-statedir.patch
Normal file
35
0001-build-Always-define-confdir-and-statedir.patch
Normal file
@ -0,0 +1,35 @@
|
||||
From 5744f79d84ecee3929a682166034c5bbc36c0ef5 Mon Sep 17 00:00:00 2001
|
||||
From: Bastien Nocera <hadess@hadess.net>
|
||||
Date: Wed, 20 Sep 2017 12:49:10 +0200
|
||||
Subject: [PATCH 1/4] build: Always define confdir and statedir
|
||||
|
||||
As we will need those paths to lock down on them.
|
||||
---
|
||||
Makefile.am | 6 +++---
|
||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/Makefile.am b/Makefile.am
|
||||
index 9d25a815b..ac88c12e0 100644
|
||||
--- a/Makefile.am
|
||||
+++ b/Makefile.am
|
||||
@@ -31,14 +31,14 @@ pkginclude_HEADERS =
|
||||
AM_CFLAGS = $(WARNING_CFLAGS) $(MISC_CFLAGS) $(UDEV_CFLAGS) $(ell_cflags)
|
||||
AM_LDFLAGS = $(MISC_LDFLAGS)
|
||||
|
||||
+confdir = $(sysconfdir)/bluetooth
|
||||
+statedir = $(localstatedir)/lib/bluetooth
|
||||
+
|
||||
if DATAFILES
|
||||
dbusdir = $(DBUS_CONFDIR)/dbus-1/system.d
|
||||
dbus_DATA = src/bluetooth.conf
|
||||
|
||||
-confdir = $(sysconfdir)/bluetooth
|
||||
conf_DATA =
|
||||
-
|
||||
-statedir = $(localstatedir)/lib/bluetooth
|
||||
state_DATA =
|
||||
endif
|
||||
|
||||
--
|
||||
2.21.0
|
||||
|
66
0001-client-gatt-Fix-memory-leak-issues.patch
Normal file
66
0001-client-gatt-Fix-memory-leak-issues.patch
Normal file
@ -0,0 +1,66 @@
|
||||
From b4233bca181580800b483a228ca5377efcfeb844 Mon Sep 17 00:00:00 2001
|
||||
From: Gopal Tiwari <gtiwari@redhat.com>
|
||||
Date: Tue, 31 May 2022 13:11:05 +0530
|
||||
Subject: [PATCH BlueZ 01/12] client/gatt: Fix memory leak issues
|
||||
|
||||
While performing the static tool analysis using coverity tool
|
||||
found following reports
|
||||
|
||||
Error: RESOURCE_LEAK (CWE-772):
|
||||
bluez-5.64/client/gatt.c:1531: leaked_storage: Variable "service"
|
||||
going out of scope leaks the storage it points to.
|
||||
|
||||
Error: RESOURCE_LEAK (CWE-772):
|
||||
bluez-5.64/client/gatt.c:2626: leaked_storage: Variable "chrc"
|
||||
going out of scope leaks the storage it points to.
|
||||
|
||||
Error: RESOURCE_LEAK (CWE-772):
|
||||
bluez-5.64/client/gatt.c:2906: leaked_storage: Variable "desc"
|
||||
going out of scope leaks the storage it points to.
|
||||
---
|
||||
client/gatt.c | 12 +++++++++---
|
||||
1 file changed, 9 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/client/gatt.c b/client/gatt.c
|
||||
index 13872c794..4c1efaf75 100644
|
||||
--- a/client/gatt.c
|
||||
+++ b/client/gatt.c
|
||||
@@ -1527,8 +1527,10 @@ void gatt_register_service(DBusConnection *conn, GDBusProxy *proxy,
|
||||
|
||||
if (argc > 2) {
|
||||
service->handle = parse_handle(argv[2]);
|
||||
- if (!service->handle)
|
||||
+ if (!service->handle) {
|
||||
+ service_free(service);
|
||||
return bt_shell_noninteractive_quit(EXIT_FAILURE);
|
||||
+ }
|
||||
}
|
||||
|
||||
if (g_dbus_register_interface(conn, service->path,
|
||||
@@ -2622,8 +2624,10 @@ void gatt_register_chrc(DBusConnection *conn, GDBusProxy *proxy,
|
||||
|
||||
if (argc > 3) {
|
||||
chrc->handle = parse_handle(argv[3]);
|
||||
- if (!chrc->handle)
|
||||
+ if (!chrc->handle) {
|
||||
+ chrc_free(chrc);
|
||||
return bt_shell_noninteractive_quit(EXIT_FAILURE);
|
||||
+ }
|
||||
}
|
||||
|
||||
if (g_dbus_register_interface(conn, chrc->path, CHRC_INTERFACE,
|
||||
@@ -2902,8 +2906,10 @@ void gatt_register_desc(DBusConnection *conn, GDBusProxy *proxy,
|
||||
|
||||
if (argc > 3) {
|
||||
desc->handle = parse_handle(argv[3]);
|
||||
- if (!desc->handle)
|
||||
+ if (!desc->handle) {
|
||||
+ desc_free(desc);
|
||||
return bt_shell_noninteractive_quit(EXIT_FAILURE);
|
||||
+ }
|
||||
}
|
||||
|
||||
if (g_dbus_register_interface(conn, desc->path, DESC_INTERFACE,
|
||||
--
|
||||
2.26.2
|
||||
|
41
0001-gatt-Fix-double-free-and-freed-memory-dereference.patch
Normal file
41
0001-gatt-Fix-double-free-and-freed-memory-dereference.patch
Normal file
@ -0,0 +1,41 @@
|
||||
From f853012bc0142ab6056f3d9ef4abf621b1e8a756 Mon Sep 17 00:00:00 2001
|
||||
From: Gopal Tiwari <gtiwari@redhat.com>
|
||||
Date: Tue, 24 May 2022 16:45:56 +0530
|
||||
Subject: [PATCH BlueZ] gatt: Fix double free and freed memory dereference
|
||||
|
||||
commit 3627eddea13042ffc0848ae37356f30335ce2e4b
|
||||
Author: Ildar Kamaletdinov <i.kamaletdinov@omp.ru>
|
||||
Date: Fri Apr 1 15:16:47 2022 +0300
|
||||
|
||||
gatt: Fix double free and freed memory dereference
|
||||
|
||||
If device is no longer exists or not paired when notifications send it
|
||||
is possible to get double free and dereference of already freed memory.
|
||||
|
||||
To avoid this we need to recheck the state of device after sending
|
||||
notification.
|
||||
|
||||
Found by Linux Verification Center (linuxtesting.org) with the SVACE
|
||||
static analysis tool.
|
||||
---
|
||||
src/gatt-database.c | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/src/gatt-database.c b/src/gatt-database.c
|
||||
index d6c94058c..d32f616a9 100644
|
||||
--- a/src/gatt-database.c
|
||||
+++ b/src/gatt-database.c
|
||||
@@ -3877,6 +3877,10 @@ void btd_gatt_database_server_connected(struct btd_gatt_database *database,
|
||||
|
||||
send_notification_to_device(state, state->pending);
|
||||
|
||||
+ state = find_device_state(database, &bdaddr, bdaddr_type);
|
||||
+ if (!state || !state->pending)
|
||||
+ return;
|
||||
+
|
||||
free(state->pending->value);
|
||||
free(state->pending);
|
||||
state->pending = NULL;
|
||||
--
|
||||
2.26.2
|
||||
|
@ -1,29 +1,19 @@
|
||||
From 873e49357081e5c5d8d3d23759f1723db7292bf6 Mon Sep 17 00:00:00 2001
|
||||
From 90b72b787a6ae6b9b0bf8ece238e108e8607a433 Mon Sep 17 00:00:00 2001
|
||||
From: Bastien Nocera <hadess@hadess.net>
|
||||
Date: Mon, 12 Feb 2024 20:02:45 +0000
|
||||
Subject: [PATCH] obex: Use GLib helper function to manipulate paths
|
||||
Date: Sat, 9 Nov 2013 18:13:43 +0100
|
||||
Subject: [PATCH 1/2] obex: Use GLib helper function to manipulate paths
|
||||
|
||||
Instead of trying to do it by hand. This also makes sure that
|
||||
relative paths aren't used by the agent.
|
||||
|
||||
[Emil Velikov]
|
||||
Originally this patch was posted in 2013, but deferred since bluez was
|
||||
planning to move away from glib. Presently there's no obvious action
|
||||
towards that goal, so I think we can safely land this.
|
||||
|
||||
As mentioned by the author, current code allows for relative paths and
|
||||
considering that obexd service runs without meaningful sandboxing and on
|
||||
some distributions it is ran as root, we should plug the whole before
|
||||
anyone (ab)uses it.
|
||||
---
|
||||
obexd/src/manager.c | 15 +++++----------
|
||||
1 file changed, 5 insertions(+), 10 deletions(-)
|
||||
obexd/src/manager.c | 10 +++++-----
|
||||
1 file changed, 5 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/obexd/src/manager.c b/obexd/src/manager.c
|
||||
index 73fd6b9aff15..cc1de7ae2ed3 100644
|
||||
index f84384ae4..285c07c37 100644
|
||||
--- a/obexd/src/manager.c
|
||||
+++ b/obexd/src/manager.c
|
||||
@@ -644,18 +644,13 @@ static void agent_reply(DBusPendingCall *call, void *user_data)
|
||||
@@ -650,14 +650,14 @@ static void agent_reply(DBusPendingCall *call, void *user_data)
|
||||
DBUS_TYPE_STRING, &name,
|
||||
DBUS_TYPE_INVALID)) {
|
||||
/* Splits folder and name */
|
||||
@ -32,21 +22,17 @@ index 73fd6b9aff15..cc1de7ae2ed3 100644
|
||||
DBG("Agent replied with %s", name);
|
||||
- if (!slash) {
|
||||
- agent->new_name = g_strdup(name);
|
||||
+ agent->new_name = g_path_get_basename(name);
|
||||
+ if (is_relative)
|
||||
+ if (is_relative) {
|
||||
+ agent->new_name = g_path_get_basename(name);
|
||||
agent->new_folder = NULL;
|
||||
- } else {
|
||||
- if (strlen(slash) == 1)
|
||||
- agent->new_name = NULL;
|
||||
- else
|
||||
- agent->new_name = g_strdup(slash + 1);
|
||||
} else {
|
||||
- agent->new_name = g_strdup(slash + 1);
|
||||
- agent->new_folder = g_strndup(name, slash - name);
|
||||
- }
|
||||
+ else
|
||||
+ agent->new_name = g_path_get_basename(name);
|
||||
+ agent->new_folder = g_path_get_dirname(name);
|
||||
}
|
||||
}
|
||||
|
||||
dbus_message_unref(reply);
|
||||
--
|
||||
2.43.0
|
||||
2.14.1
|
||||
|
||||
|
468
0001-sdpd-Fix-leaking-buffers-stored-in-cstates-cache.patch
Normal file
468
0001-sdpd-Fix-leaking-buffers-stored-in-cstates-cache.patch
Normal file
@ -0,0 +1,468 @@
|
||||
From 4e6a2402ed4f46ea026ad0929fbc14faecf3a475 Mon Sep 17 00:00:00 2001
|
||||
From: Gopal Tiwari <gtiwari@redhat.com>
|
||||
Date: Wed, 1 Dec 2021 12:18:24 +0530
|
||||
Subject: [PATCH BlueZ] sdpd: Fix leaking buffers stored in cstates cache
|
||||
|
||||
commit e79417ed7185b150a056d4eb3a1ab528b91d2fc0
|
||||
Author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
|
||||
Date: Thu Jul 15 11:01:20 2021 -0700
|
||||
|
||||
sdpd: Fix leaking buffers stored in cstates cache
|
||||
|
||||
These buffer shall only be keep in cache for as long as they are
|
||||
needed so this would cleanup any client cstates in the following
|
||||
conditions:
|
||||
|
||||
- There is no cstate on the response
|
||||
- No continuation can be found for cstate
|
||||
- Different request opcode
|
||||
- Respond with an error
|
||||
- Client disconnect
|
||||
|
||||
Fixes: https://github.com/bluez/bluez/security/advisories/GHSA-3fqg-r8j5-f5xq
|
||||
---
|
||||
src/sdpd-request.c | 170 ++++++++++++++++++++++++++++++++-------------
|
||||
src/sdpd-server.c | 20 +++---
|
||||
src/sdpd.h | 3 +
|
||||
unit/test-sdp.c | 2 +-
|
||||
4 files changed, 135 insertions(+), 60 deletions(-)
|
||||
|
||||
diff --git a/src/sdpd-request.c b/src/sdpd-request.c
|
||||
index 033d1e5bf..c8f5a2c72 100644
|
||||
--- a/src/sdpd-request.c
|
||||
+++ b/src/sdpd-request.c
|
||||
@@ -42,48 +42,78 @@ typedef struct {
|
||||
|
||||
#define MIN(x, y) ((x) < (y)) ? (x): (y)
|
||||
|
||||
-typedef struct _sdp_cstate_list sdp_cstate_list_t;
|
||||
+typedef struct sdp_cont_info sdp_cont_info_t;
|
||||
|
||||
-struct _sdp_cstate_list {
|
||||
- sdp_cstate_list_t *next;
|
||||
+struct sdp_cont_info {
|
||||
+ int sock;
|
||||
+ uint8_t opcode;
|
||||
uint32_t timestamp;
|
||||
sdp_buf_t buf;
|
||||
};
|
||||
|
||||
-static sdp_cstate_list_t *cstates;
|
||||
+static sdp_list_t *cstates;
|
||||
|
||||
-/* FIXME: should probably remove it when it's found */
|
||||
-static sdp_buf_t *sdp_get_cached_rsp(sdp_cont_state_t *cstate)
|
||||
+static int cstate_match(const void *data, const void *user_data)
|
||||
{
|
||||
- sdp_cstate_list_t *p;
|
||||
+ const sdp_cont_info_t *cinfo = data;
|
||||
+ const sdp_cont_state_t *cstate = user_data;
|
||||
|
||||
- for (p = cstates; p; p = p->next) {
|
||||
- /* Check timestamp */
|
||||
- if (p->timestamp != cstate->timestamp)
|
||||
- continue;
|
||||
+ /* Check timestamp */
|
||||
+ return cinfo->timestamp - cstate->timestamp;
|
||||
+}
|
||||
+
|
||||
+static void sdp_cont_info_free(sdp_cont_info_t *cinfo)
|
||||
+{
|
||||
+ if (!cinfo)
|
||||
+ return;
|
||||
+
|
||||
+ cstates = sdp_list_remove(cstates, cinfo);
|
||||
+ free(cinfo->buf.data);
|
||||
+ free(cinfo);
|
||||
+}
|
||||
+
|
||||
+static sdp_cont_info_t *sdp_get_cont_info(sdp_req_t *req,
|
||||
+ sdp_cont_state_t *cstate)
|
||||
+{
|
||||
+ sdp_list_t *list;
|
||||
+
|
||||
+ list = sdp_list_find(cstates, cstate, cstate_match);
|
||||
+ if (list) {
|
||||
+ sdp_cont_info_t *cinfo = list->data;
|
||||
|
||||
- /* Check if requesting more than available */
|
||||
- if (cstate->cStateValue.maxBytesSent < p->buf.data_size)
|
||||
- return &p->buf;
|
||||
+ if (cinfo->opcode == req->opcode)
|
||||
+ return cinfo;
|
||||
+
|
||||
+ /* Cleanup continuation if the opcode doesn't match since its
|
||||
+ * response buffer shall only be valid for the original requests
|
||||
+ */
|
||||
+ sdp_cont_info_free(cinfo);
|
||||
+ return NULL;
|
||||
}
|
||||
|
||||
- return 0;
|
||||
+ /* Cleanup cstates if no continuation info could be found */
|
||||
+ sdp_cstate_cleanup(req->sock);
|
||||
+
|
||||
+ return NULL;
|
||||
}
|
||||
|
||||
-static uint32_t sdp_cstate_alloc_buf(sdp_buf_t *buf)
|
||||
+static uint32_t sdp_cstate_alloc_buf(sdp_req_t *req, sdp_buf_t *buf)
|
||||
{
|
||||
- sdp_cstate_list_t *cstate = malloc(sizeof(sdp_cstate_list_t));
|
||||
+ sdp_cont_info_t *cinfo = malloc(sizeof(sdp_cont_info_t));
|
||||
uint8_t *data = malloc(buf->data_size);
|
||||
|
||||
memcpy(data, buf->data, buf->data_size);
|
||||
- memset((char *)cstate, 0, sizeof(sdp_cstate_list_t));
|
||||
- cstate->buf.data = data;
|
||||
- cstate->buf.data_size = buf->data_size;
|
||||
- cstate->buf.buf_size = buf->data_size;
|
||||
- cstate->timestamp = sdp_get_time();
|
||||
- cstate->next = cstates;
|
||||
- cstates = cstate;
|
||||
- return cstate->timestamp;
|
||||
+ memset(cinfo, 0, sizeof(sdp_cont_info_t));
|
||||
+ cinfo->buf.data = data;
|
||||
+ cinfo->buf.data_size = buf->data_size;
|
||||
+ cinfo->buf.buf_size = buf->data_size;
|
||||
+ cinfo->timestamp = sdp_get_time();
|
||||
+ cinfo->sock = req->sock;
|
||||
+ cinfo->opcode = req->opcode;
|
||||
+
|
||||
+ cstates = sdp_list_append(cstates, cinfo);
|
||||
+
|
||||
+ return cinfo->timestamp;
|
||||
}
|
||||
|
||||
/* Additional values for checking datatype (not in spec) */
|
||||
@@ -274,14 +304,16 @@ static int sdp_set_cstate_pdu(sdp_buf_t *buf, sdp_cont_state_t *cstate)
|
||||
return length;
|
||||
}
|
||||
|
||||
-static int sdp_cstate_get(uint8_t *buffer, size_t len,
|
||||
- sdp_cont_state_t **cstate)
|
||||
+static int sdp_cstate_get(sdp_req_t *req, uint8_t *buffer, size_t len,
|
||||
+ sdp_cont_state_t **cstate, sdp_cont_info_t **cinfo)
|
||||
{
|
||||
uint8_t cStateSize = *buffer;
|
||||
|
||||
SDPDBG("Continuation State size : %d", cStateSize);
|
||||
|
||||
if (cStateSize == 0) {
|
||||
+ /* Cleanup cstates if request doesn't contain a cstate */
|
||||
+ sdp_cstate_cleanup(req->sock);
|
||||
*cstate = NULL;
|
||||
return 0;
|
||||
}
|
||||
@@ -306,6 +338,8 @@ static int sdp_cstate_get(uint8_t *buffer, size_t len,
|
||||
SDPDBG("Cstate TS : 0x%x", (*cstate)->timestamp);
|
||||
SDPDBG("Bytes sent : %d", (*cstate)->cStateValue.maxBytesSent);
|
||||
|
||||
+ *cinfo = sdp_get_cont_info(req, *cstate);
|
||||
+
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -360,6 +394,7 @@ static int service_search_req(sdp_req_t *req, sdp_buf_t *buf)
|
||||
uint16_t expected, actual, rsp_count = 0;
|
||||
uint8_t dtd;
|
||||
sdp_cont_state_t *cstate = NULL;
|
||||
+ sdp_cont_info_t *cinfo = NULL;
|
||||
uint8_t *pCacheBuffer = NULL;
|
||||
int handleSize = 0;
|
||||
uint32_t cStateId = 0;
|
||||
@@ -399,9 +434,9 @@ static int service_search_req(sdp_req_t *req, sdp_buf_t *buf)
|
||||
|
||||
/*
|
||||
* Check if continuation state exists, if yes attempt
|
||||
- * to get rsp remainder from cache, else send error
|
||||
+ * to get rsp remainder from continuation info, else send error
|
||||
*/
|
||||
- if (sdp_cstate_get(pdata, data_left, &cstate) < 0) {
|
||||
+ if (sdp_cstate_get(req, pdata, data_left, &cstate, &cinfo) < 0) {
|
||||
status = SDP_INVALID_SYNTAX;
|
||||
goto done;
|
||||
}
|
||||
@@ -451,7 +486,7 @@ static int service_search_req(sdp_req_t *req, sdp_buf_t *buf)
|
||||
|
||||
if (rsp_count > actual) {
|
||||
/* cache the rsp and generate a continuation state */
|
||||
- cStateId = sdp_cstate_alloc_buf(buf);
|
||||
+ cStateId = sdp_cstate_alloc_buf(req, buf);
|
||||
/*
|
||||
* subtract handleSize since we now send only
|
||||
* a subset of handles
|
||||
@@ -459,6 +494,7 @@ static int service_search_req(sdp_req_t *req, sdp_buf_t *buf)
|
||||
buf->data_size -= handleSize;
|
||||
} else {
|
||||
/* NULL continuation state */
|
||||
+ sdp_cont_info_free(cinfo);
|
||||
sdp_set_cstate_pdu(buf, NULL);
|
||||
}
|
||||
}
|
||||
@@ -468,13 +504,15 @@ static int service_search_req(sdp_req_t *req, sdp_buf_t *buf)
|
||||
short lastIndex = 0;
|
||||
|
||||
if (cstate) {
|
||||
- /*
|
||||
- * Get the previous sdp_cont_state_t and obtain
|
||||
- * the cached rsp
|
||||
- */
|
||||
- sdp_buf_t *pCache = sdp_get_cached_rsp(cstate);
|
||||
- if (pCache) {
|
||||
- pCacheBuffer = pCache->data;
|
||||
+ if (cinfo) {
|
||||
+ /* Check if requesting more than available */
|
||||
+ if (cstate->cStateValue.maxBytesSent >=
|
||||
+ cinfo->buf.data_size) {
|
||||
+ status = SDP_INVALID_CSTATE;
|
||||
+ goto done;
|
||||
+ }
|
||||
+
|
||||
+ pCacheBuffer = cinfo->buf.data;
|
||||
/* get the rsp_count from the cached buffer */
|
||||
rsp_count = get_be16(pCacheBuffer);
|
||||
|
||||
@@ -518,6 +556,7 @@ static int service_search_req(sdp_req_t *req, sdp_buf_t *buf)
|
||||
if (i == rsp_count) {
|
||||
/* set "null" continuationState */
|
||||
sdp_set_cstate_pdu(buf, NULL);
|
||||
+ sdp_cont_info_free(cinfo);
|
||||
} else {
|
||||
/*
|
||||
* there's more: set lastIndexSent to
|
||||
@@ -540,6 +579,7 @@ static int service_search_req(sdp_req_t *req, sdp_buf_t *buf)
|
||||
|
||||
done:
|
||||
free(cstate);
|
||||
+
|
||||
if (pattern)
|
||||
sdp_list_free(pattern, free);
|
||||
|
||||
@@ -619,15 +659,21 @@ static int extract_attrs(sdp_record_t *rec, sdp_list_t *seq, sdp_buf_t *buf)
|
||||
}
|
||||
|
||||
/* Build cstate response */
|
||||
-static int sdp_cstate_rsp(sdp_cont_state_t *cstate, sdp_buf_t *buf,
|
||||
- uint16_t max)
|
||||
+static int sdp_cstate_rsp(sdp_cont_info_t *cinfo, sdp_cont_state_t *cstate,
|
||||
+ sdp_buf_t *buf, uint16_t max)
|
||||
{
|
||||
- /* continuation State exists -> get from cache */
|
||||
- sdp_buf_t *cache = sdp_get_cached_rsp(cstate);
|
||||
+ sdp_buf_t *cache;
|
||||
uint16_t sent;
|
||||
|
||||
- if (!cache)
|
||||
+ if (!cinfo)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (cstate->cStateValue.maxBytesSent >= cinfo->buf.data_size) {
|
||||
+ sdp_cont_info_free(cinfo);
|
||||
return 0;
|
||||
+ }
|
||||
+
|
||||
+ cache = &cinfo->buf;
|
||||
|
||||
sent = MIN(max, cache->data_size - cstate->cStateValue.maxBytesSent);
|
||||
memcpy(buf->data, cache->data + cstate->cStateValue.maxBytesSent, sent);
|
||||
@@ -637,8 +683,10 @@ static int sdp_cstate_rsp(sdp_cont_state_t *cstate, sdp_buf_t *buf,
|
||||
SDPDBG("Response size : %d sending now : %d bytes sent so far : %d",
|
||||
cache->data_size, sent, cstate->cStateValue.maxBytesSent);
|
||||
|
||||
- if (cstate->cStateValue.maxBytesSent == cache->data_size)
|
||||
+ if (cstate->cStateValue.maxBytesSent == cache->data_size) {
|
||||
+ sdp_cont_info_free(cinfo);
|
||||
return sdp_set_cstate_pdu(buf, NULL);
|
||||
+ }
|
||||
|
||||
return sdp_set_cstate_pdu(buf, cstate);
|
||||
}
|
||||
@@ -652,6 +700,7 @@ static int sdp_cstate_rsp(sdp_cont_state_t *cstate, sdp_buf_t *buf,
|
||||
static int service_attr_req(sdp_req_t *req, sdp_buf_t *buf)
|
||||
{
|
||||
sdp_cont_state_t *cstate = NULL;
|
||||
+ sdp_cont_info_t *cinfo = NULL;
|
||||
short cstate_size = 0;
|
||||
sdp_list_t *seq = NULL;
|
||||
uint8_t dtd = 0;
|
||||
@@ -708,7 +757,7 @@ static int service_attr_req(sdp_req_t *req, sdp_buf_t *buf)
|
||||
* if continuation state exists, attempt
|
||||
* to get rsp remainder from cache, else send error
|
||||
*/
|
||||
- if (sdp_cstate_get(pdata, data_left, &cstate) < 0) {
|
||||
+ if (sdp_cstate_get(req, pdata, data_left, &cstate, &cinfo) < 0) {
|
||||
status = SDP_INVALID_SYNTAX;
|
||||
goto done;
|
||||
}
|
||||
@@ -737,7 +786,7 @@ static int service_attr_req(sdp_req_t *req, sdp_buf_t *buf)
|
||||
buf->buf_size -= sizeof(uint16_t);
|
||||
|
||||
if (cstate) {
|
||||
- cstate_size = sdp_cstate_rsp(cstate, buf, max_rsp_size);
|
||||
+ cstate_size = sdp_cstate_rsp(cinfo, cstate, buf, max_rsp_size);
|
||||
if (!cstate_size) {
|
||||
status = SDP_INVALID_CSTATE;
|
||||
error("NULL cache buffer and non-NULL continuation state");
|
||||
@@ -749,7 +798,7 @@ static int service_attr_req(sdp_req_t *req, sdp_buf_t *buf)
|
||||
sdp_cont_state_t newState;
|
||||
|
||||
memset((char *)&newState, 0, sizeof(sdp_cont_state_t));
|
||||
- newState.timestamp = sdp_cstate_alloc_buf(buf);
|
||||
+ newState.timestamp = sdp_cstate_alloc_buf(req, buf);
|
||||
/*
|
||||
* Reset the buffer size to the maximum expected and
|
||||
* set the sdp_cont_state_t
|
||||
@@ -793,6 +842,7 @@ static int service_search_attr_req(sdp_req_t *req, sdp_buf_t *buf)
|
||||
int scanned, rsp_count = 0;
|
||||
sdp_list_t *pattern = NULL, *seq = NULL, *svcList;
|
||||
sdp_cont_state_t *cstate = NULL;
|
||||
+ sdp_cont_info_t *cinfo = NULL;
|
||||
short cstate_size = 0;
|
||||
uint8_t dtd = 0;
|
||||
sdp_buf_t tmpbuf;
|
||||
@@ -852,7 +902,7 @@ static int service_search_attr_req(sdp_req_t *req, sdp_buf_t *buf)
|
||||
* if continuation state exists attempt
|
||||
* to get rsp remainder from cache, else send error
|
||||
*/
|
||||
- if (sdp_cstate_get(pdata, data_left, &cstate) < 0) {
|
||||
+ if (sdp_cstate_get(req, pdata, data_left, &cstate, &cinfo) < 0) {
|
||||
status = SDP_INVALID_SYNTAX;
|
||||
goto done;
|
||||
}
|
||||
@@ -906,7 +956,7 @@ static int service_search_attr_req(sdp_req_t *req, sdp_buf_t *buf)
|
||||
sdp_cont_state_t newState;
|
||||
|
||||
memset((char *)&newState, 0, sizeof(sdp_cont_state_t));
|
||||
- newState.timestamp = sdp_cstate_alloc_buf(buf);
|
||||
+ newState.timestamp = sdp_cstate_alloc_buf(req, buf);
|
||||
/*
|
||||
* Reset the buffer size to the maximum expected and
|
||||
* set the sdp_cont_state_t
|
||||
@@ -917,7 +967,7 @@ static int service_search_attr_req(sdp_req_t *req, sdp_buf_t *buf)
|
||||
} else
|
||||
cstate_size = sdp_set_cstate_pdu(buf, NULL);
|
||||
} else {
|
||||
- cstate_size = sdp_cstate_rsp(cstate, buf, max);
|
||||
+ cstate_size = sdp_cstate_rsp(cinfo, cstate, buf, max);
|
||||
if (!cstate_size) {
|
||||
status = SDP_INVALID_CSTATE;
|
||||
SDPDBG("Non-null continuation state, but null cache buffer");
|
||||
@@ -974,6 +1024,9 @@ static void process_request(sdp_req_t *req)
|
||||
status = SDP_INVALID_PDU_SIZE;
|
||||
goto send_rsp;
|
||||
}
|
||||
+
|
||||
+ req->opcode = reqhdr->pdu_id;
|
||||
+
|
||||
switch (reqhdr->pdu_id) {
|
||||
case SDP_SVC_SEARCH_REQ:
|
||||
SDPDBG("Got a svc srch req");
|
||||
@@ -1020,6 +1073,8 @@ static void process_request(sdp_req_t *req)
|
||||
|
||||
send_rsp:
|
||||
if (status) {
|
||||
+ /* Cleanup cstates on error */
|
||||
+ sdp_cstate_cleanup(req->sock);
|
||||
rsphdr->pdu_id = SDP_ERROR_RSP;
|
||||
put_be16(status, rsp.data);
|
||||
rsp.data_size = sizeof(uint16_t);
|
||||
@@ -1108,3 +1163,20 @@ void handle_request(int sk, uint8_t *data, int len)
|
||||
|
||||
process_request(&req);
|
||||
}
|
||||
+
|
||||
+void sdp_cstate_cleanup(int sock)
|
||||
+{
|
||||
+ sdp_list_t *list;
|
||||
+
|
||||
+ /* Remove any cinfo for the client */
|
||||
+ for (list = cstates; list;) {
|
||||
+ sdp_cont_info_t *cinfo = list->data;
|
||||
+
|
||||
+ list = list->next;
|
||||
+
|
||||
+ if (cinfo->sock != sock)
|
||||
+ continue;
|
||||
+
|
||||
+ sdp_cont_info_free(cinfo);
|
||||
+ }
|
||||
+}
|
||||
diff --git a/src/sdpd-server.c b/src/sdpd-server.c
|
||||
index dfd8b1f00..66ee7ba14 100644
|
||||
--- a/src/sdpd-server.c
|
||||
+++ b/src/sdpd-server.c
|
||||
@@ -146,16 +146,12 @@ static gboolean io_session_event(GIOChannel *chan, GIOCondition cond, gpointer d
|
||||
|
||||
sk = g_io_channel_unix_get_fd(chan);
|
||||
|
||||
- if (cond & (G_IO_HUP | G_IO_ERR)) {
|
||||
- sdp_svcdb_collect_all(sk);
|
||||
- return FALSE;
|
||||
- }
|
||||
+ if (cond & (G_IO_HUP | G_IO_ERR))
|
||||
+ goto cleanup;
|
||||
|
||||
len = recv(sk, &hdr, sizeof(sdp_pdu_hdr_t), MSG_PEEK);
|
||||
- if (len < 0 || (unsigned int) len < sizeof(sdp_pdu_hdr_t)) {
|
||||
- sdp_svcdb_collect_all(sk);
|
||||
- return FALSE;
|
||||
- }
|
||||
+ if (len < 0 || (unsigned int) len < sizeof(sdp_pdu_hdr_t))
|
||||
+ goto cleanup;
|
||||
|
||||
size = sizeof(sdp_pdu_hdr_t) + ntohs(hdr.plen);
|
||||
buf = malloc(size);
|
||||
@@ -168,14 +164,18 @@ static gboolean io_session_event(GIOChannel *chan, GIOCondition cond, gpointer d
|
||||
* inside handle_request() in order to produce ErrorResponse.
|
||||
*/
|
||||
if (len <= 0) {
|
||||
- sdp_svcdb_collect_all(sk);
|
||||
free(buf);
|
||||
- return FALSE;
|
||||
+ goto cleanup;
|
||||
}
|
||||
|
||||
handle_request(sk, buf, len);
|
||||
|
||||
return TRUE;
|
||||
+
|
||||
+cleanup:
|
||||
+ sdp_svcdb_collect_all(sk);
|
||||
+ sdp_cstate_cleanup(sk);
|
||||
+ return FALSE;
|
||||
}
|
||||
|
||||
static gboolean io_accept_event(GIOChannel *chan, GIOCondition cond, gpointer data)
|
||||
diff --git a/src/sdpd.h b/src/sdpd.h
|
||||
index 257411f03..4316aff67 100644
|
||||
--- a/src/sdpd.h
|
||||
+++ b/src/sdpd.h
|
||||
@@ -27,8 +27,11 @@ typedef struct request {
|
||||
int flags;
|
||||
uint8_t *buf;
|
||||
int len;
|
||||
+ uint8_t opcode;
|
||||
} sdp_req_t;
|
||||
|
||||
+void sdp_cstate_cleanup(int sock);
|
||||
+
|
||||
void handle_internal_request(int sk, int mtu, void *data, int len);
|
||||
void handle_request(int sk, uint8_t *data, int len);
|
||||
|
||||
diff --git a/unit/test-sdp.c b/unit/test-sdp.c
|
||||
index d3a885f19..8f95fcb71 100644
|
||||
--- a/unit/test-sdp.c
|
||||
+++ b/unit/test-sdp.c
|
||||
@@ -235,7 +235,7 @@ static gboolean client_handler(GIOChannel *channel, GIOCondition cond,
|
||||
tester_monitor('>', 0x0000, 0x0001, buf, len);
|
||||
|
||||
g_assert(len > 0);
|
||||
- g_assert((size_t) len == rsp_pdu->raw_size + rsp_pdu->cont_len);
|
||||
+ g_assert_cmpuint(len, ==, rsp_pdu->raw_size + rsp_pdu->cont_len);
|
||||
|
||||
g_assert(memcmp(buf, rsp_pdu->raw_data, rsp_pdu->raw_size) == 0);
|
||||
|
||||
--
|
||||
2.26.2
|
||||
|
43
0002-mesh-appkey-Fix-memory-leaks.patch
Normal file
43
0002-mesh-appkey-Fix-memory-leaks.patch
Normal file
@ -0,0 +1,43 @@
|
||||
From 5eb96b3ec8545047a74d7204664267c7aa749070 Mon Sep 17 00:00:00 2001
|
||||
From: Gopal Tiwari <gtiwari@redhat.com>
|
||||
Date: Tue, 31 May 2022 13:11:06 +0530
|
||||
Subject: [PATCH BlueZ 02/12] mesh/appkey: Fix memory leaks
|
||||
|
||||
While performing the static analysis using the coverity tool found
|
||||
following memory leak reports
|
||||
|
||||
bluez-5.64/mesh/appkey.c:143: leaked_storage: Variable "key" going
|
||||
out of scope leaks the storage it points to.
|
||||
|
||||
Error: RESOURCE_LEAK (CWE-772):
|
||||
bluez-5.64/mesh/appkey.c:146: leaked_storage: Variable "key" going
|
||||
out of scope leaks the storage it points to.
|
||||
---
|
||||
mesh/appkey.c | 8 ++++++--
|
||||
1 file changed, 6 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/mesh/appkey.c b/mesh/appkey.c
|
||||
index 5088a1812..52fed8c31 100644
|
||||
--- a/mesh/appkey.c
|
||||
+++ b/mesh/appkey.c
|
||||
@@ -139,11 +139,15 @@ bool appkey_key_init(struct mesh_net *net, uint16_t net_idx, uint16_t app_idx,
|
||||
key->net_idx = net_idx;
|
||||
key->app_idx = app_idx;
|
||||
|
||||
- if (key_value && !set_key(key, app_idx, key_value, false))
|
||||
+ if (key_value && !set_key(key, app_idx, key_value, false)) {
|
||||
+ appkey_key_free(key);
|
||||
return false;
|
||||
+ }
|
||||
|
||||
- if (new_key_value && !set_key(key, app_idx, new_key_value, true))
|
||||
+ if (new_key_value && !set_key(key, app_idx, new_key_value, true)) {
|
||||
+ appkey_key_free(key);
|
||||
return false;
|
||||
+ }
|
||||
|
||||
l_queue_push_tail(app_keys, key);
|
||||
|
||||
--
|
||||
2.26.2
|
||||
|
@ -0,0 +1,38 @@
|
||||
From 36a44fc05feebe1aab16c33a1121f952986b2801 Mon Sep 17 00:00:00 2001
|
||||
From: Craig Andrews <candrews@integralblue.com>
|
||||
Date: Wed, 13 Sep 2017 15:23:09 +0200
|
||||
Subject: [PATCH 2/4] systemd: Add PrivateTmp and NoNewPrivileges options
|
||||
|
||||
PrivateTmp makes bluetoothd's /tmp and /var/tmp be inside a different
|
||||
namespace. This is useful to secure access to temporary files of the
|
||||
process.
|
||||
|
||||
NoNewPrivileges ensures that service process and all its children
|
||||
can never gain new privileges through execve(), lowering the risk of
|
||||
possible privilege escalations.
|
||||
---
|
||||
src/bluetooth.service.in | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/src/bluetooth.service.in b/src/bluetooth.service.in
|
||||
index f9faaa452..7c2f60bb4 100644
|
||||
--- a/src/bluetooth.service.in
|
||||
+++ b/src/bluetooth.service.in
|
||||
@@ -12,8 +12,14 @@ NotifyAccess=main
|
||||
#Restart=on-failure
|
||||
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
|
||||
LimitNPROC=1
|
||||
+
|
||||
+# Filesystem lockdown
|
||||
ProtectHome=true
|
||||
ProtectSystem=full
|
||||
+PrivateTmp=true
|
||||
+
|
||||
+# Privilege escalation
|
||||
+NoNewPrivileges=true
|
||||
|
||||
[Install]
|
||||
WantedBy=bluetooth.target
|
||||
--
|
||||
2.21.0
|
||||
|
38
0003-monitor-Fix-memory-leaks.patch
Normal file
38
0003-monitor-Fix-memory-leaks.patch
Normal file
@ -0,0 +1,38 @@
|
||||
From 6f02010ce0043ec2e17eb15f2a1dd42f6c64e223 Mon Sep 17 00:00:00 2001
|
||||
From: Gopal Tiwari <gtiwari@redhat.com>
|
||||
Date: Tue, 31 May 2022 13:11:07 +0530
|
||||
Subject: [PATCH BlueZ 03/12] monitor: Fix memory leaks
|
||||
|
||||
While performing static tool analysis using coverity
|
||||
found following reports for resouse leak
|
||||
|
||||
bluez-5.64/monitor/jlink.c:111: leaked_storage: Variable "so"
|
||||
going out of scope leaks the storage it points to.
|
||||
|
||||
bluez-5.64/monitor/jlink.c:113: leaked_storage: Variable "so"
|
||||
going out of scope leaks the storage it points to.
|
||||
---
|
||||
monitor/jlink.c | 5 ++++-
|
||||
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/monitor/jlink.c b/monitor/jlink.c
|
||||
index 9aaa4ebd8..f1d8ce660 100644
|
||||
--- a/monitor/jlink.c
|
||||
+++ b/monitor/jlink.c
|
||||
@@ -107,9 +107,12 @@ int jlink_init(void)
|
||||
!jlink.tif_select || !jlink.setspeed ||
|
||||
!jlink.connect || !jlink.getsn ||
|
||||
!jlink.emu_getproductname ||
|
||||
- !jlink.rtterminal_control || !jlink.rtterminal_read)
|
||||
+ !jlink.rtterminal_control || !jlink.rtterminal_read) {
|
||||
+ dlclose(so);
|
||||
return -EIO;
|
||||
+ }
|
||||
|
||||
+ dlclose(so);
|
||||
return 0;
|
||||
}
|
||||
|
||||
--
|
||||
2.26.2
|
||||
|
44
0003-systemd-Add-more-filesystem-lockdown.patch
Normal file
44
0003-systemd-Add-more-filesystem-lockdown.patch
Normal file
@ -0,0 +1,44 @@
|
||||
From 13a348670fef0047555395ce6977e86e0005f8bd Mon Sep 17 00:00:00 2001
|
||||
From: Bastien Nocera <hadess@hadess.net>
|
||||
Date: Wed, 13 Sep 2017 15:37:11 +0200
|
||||
Subject: [PATCH 3/4] systemd: Add more filesystem lockdown
|
||||
|
||||
We can only access the configuration file as read-only and read-write
|
||||
to the Bluetooth cache directory and sub-directories.
|
||||
---
|
||||
Makefile.am | 3 +++
|
||||
src/bluetooth.service.in | 4 ++++
|
||||
2 files changed, 7 insertions(+)
|
||||
|
||||
diff --git a/Makefile.am b/Makefile.am
|
||||
index ac88c12e0..0a6d09847 100644
|
||||
--- a/Makefile.am
|
||||
+++ b/Makefile.am
|
||||
@@ -562,6 +562,9 @@ MAINTAINERCLEANFILES = Makefile.in \
|
||||
|
||||
SED_PROCESS = $(AM_V_GEN)$(MKDIR_P) $(dir $@) && \
|
||||
$(SED) -e 's,@pkglibexecdir\@,$(pkglibexecdir),g' \
|
||||
+ -e 's,@libexecdir\@,$(libexecdir),g' \
|
||||
+ -e 's,@statedir\@,$(statedir),g' \
|
||||
+ -e 's,@confdir\@,$(confdir),g' \
|
||||
< $< > $@
|
||||
|
||||
%.service: %.service.in Makefile
|
||||
diff --git a/src/bluetooth.service.in b/src/bluetooth.service.in
|
||||
index 7c2f60bb4..4daedef2a 100644
|
||||
--- a/src/bluetooth.service.in
|
||||
+++ b/src/bluetooth.service.in
|
||||
@@ -17,6 +17,10 @@ LimitNPROC=1
|
||||
ProtectHome=true
|
||||
ProtectSystem=full
|
||||
PrivateTmp=true
|
||||
+ProtectKernelTunables=true
|
||||
+ProtectControlGroups=true
|
||||
+ReadWritePaths=@statedir@
|
||||
+ReadOnlyPaths=@confdir@
|
||||
|
||||
# Privilege escalation
|
||||
NoNewPrivileges=true
|
||||
--
|
||||
2.21.0
|
||||
|
43
0004-sixaxis-Fix-memory-leaks.patch
Normal file
43
0004-sixaxis-Fix-memory-leaks.patch
Normal file
@ -0,0 +1,43 @@
|
||||
From fc57aa92a4f32f7c0f38198e6d26b529b537a047 Mon Sep 17 00:00:00 2001
|
||||
From: Gopal Tiwari <gtiwari@redhat.com>
|
||||
Date: Tue, 31 May 2022 13:11:08 +0530
|
||||
Subject: [PATCH BlueZ 04/12] sixaxis: Fix memory leaks
|
||||
|
||||
While performing static tool analysis using coverity
|
||||
found following reports for resouse leak
|
||||
|
||||
bluez-5.64/plugins/sixaxis.c:425: alloc_arg:
|
||||
"get_pairing_type_for_device" allocates memory that is
|
||||
stored into "sysfs_path".
|
||||
|
||||
bluez-5.64/plugins/sixaxis.c:428: leaked_storage: Variable "sysfs_path"
|
||||
going out of scope leaks the storage it points to.
|
||||
---
|
||||
plugins/sixaxis.c | 9 +++++++--
|
||||
1 file changed, 7 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/plugins/sixaxis.c b/plugins/sixaxis.c
|
||||
index ddecbcccb..10cf15948 100644
|
||||
--- a/plugins/sixaxis.c
|
||||
+++ b/plugins/sixaxis.c
|
||||
@@ -424,10 +424,15 @@ static void device_added(struct udev_device *udevice)
|
||||
|
||||
cp = get_pairing_type_for_device(udevice, &bus, &sysfs_path);
|
||||
if (!cp || (cp->type != CABLE_PAIRING_SIXAXIS &&
|
||||
- cp->type != CABLE_PAIRING_DS4))
|
||||
+ cp->type != CABLE_PAIRING_DS4)) {
|
||||
+ g_free(sysfs_path);
|
||||
return;
|
||||
- if (bus != BUS_USB)
|
||||
+ }
|
||||
+
|
||||
+ if (bus != BUS_USB) {
|
||||
+ g_free(sysfs_path);
|
||||
return;
|
||||
+ }
|
||||
|
||||
info("sixaxis: compatible device connected: %s (%04X:%04X %s)",
|
||||
cp->name, cp->vid, cp->pid, sysfs_path);
|
||||
--
|
||||
2.26.2
|
||||
|
34
0004-systemd-More-lockdown.patch
Normal file
34
0004-systemd-More-lockdown.patch
Normal file
@ -0,0 +1,34 @@
|
||||
From a6963e0402695d7b6a89c1b1c75c40dbd8fcde52 Mon Sep 17 00:00:00 2001
|
||||
From: Bastien Nocera <hadess@hadess.net>
|
||||
Date: Wed, 13 Sep 2017 15:38:26 +0200
|
||||
Subject: [PATCH 4/4] systemd: More lockdown
|
||||
|
||||
bluetoothd does not need to execute mapped memory, or real-time
|
||||
access, so block those.
|
||||
---
|
||||
src/bluetooth.service.in | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/src/bluetooth.service.in b/src/bluetooth.service.in
|
||||
index 4daedef2a..f18801866 100644
|
||||
--- a/src/bluetooth.service.in
|
||||
+++ b/src/bluetooth.service.in
|
||||
@@ -22,9 +22,15 @@ ProtectControlGroups=true
|
||||
ReadWritePaths=@statedir@
|
||||
ReadOnlyPaths=@confdir@
|
||||
|
||||
+# Execute Mappings
|
||||
+MemoryDenyWriteExecute=true
|
||||
+
|
||||
# Privilege escalation
|
||||
NoNewPrivileges=true
|
||||
|
||||
+# Real-time
|
||||
+RestrictRealtime=true
|
||||
+
|
||||
[Install]
|
||||
WantedBy=bluetooth.target
|
||||
Alias=dbus-org.bluez.service
|
||||
--
|
||||
2.21.0
|
||||
|
29
0005-cltest-Fix-leaked_handle.patch
Normal file
29
0005-cltest-Fix-leaked_handle.patch
Normal file
@ -0,0 +1,29 @@
|
||||
From f4743109f381a4d53b476c5b77c7c68a6aa40b59 Mon Sep 17 00:00:00 2001
|
||||
From: Gopal Tiwari <gtiwari@redhat.com>
|
||||
Date: Tue, 31 May 2022 13:11:09 +0530
|
||||
Subject: [PATCH BlueZ 05/12] cltest: Fix leaked_handle
|
||||
|
||||
While performing static tool analysis using coverity found
|
||||
following reports for resouse leak
|
||||
|
||||
bluez-5.64/tools/cltest.c:75: leaked_handle: Handle variable "fd"
|
||||
going out of scope leaks the handle.
|
||||
---
|
||||
tools/cltest.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/tools/cltest.c b/tools/cltest.c
|
||||
index 2766fcd23..250c93cc7 100644
|
||||
--- a/tools/cltest.c
|
||||
+++ b/tools/cltest.c
|
||||
@@ -72,6 +72,7 @@ static bool send_message(const bdaddr_t *src, const bdaddr_t *dst,
|
||||
return false;
|
||||
}
|
||||
|
||||
+ close(fd);
|
||||
return true;
|
||||
}
|
||||
|
||||
--
|
||||
2.26.2
|
||||
|
@ -0,0 +1,42 @@
|
||||
From 124dee151746b4a8a2e8a7194af78f2c82f75d79 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Wed, 3 Mar 2021 08:57:36 +0100
|
||||
Subject: [PATCH] media: rename local function conflicting with pause(2)
|
||||
|
||||
profiles/audio/media.c:1284:13: error: conflicting types for 'pause'; have '_Bool(void *)'
|
||||
1284 | static bool pause(void *user_data)
|
||||
| ^~~~~
|
||||
In file included from /usr/include/bits/sigstksz.h:24,
|
||||
from /usr/include/signal.h:315,
|
||||
from /usr/include/glib-2.0/glib/gbacktrace.h:36,
|
||||
from /usr/include/glib-2.0/glib.h:34,
|
||||
from profiles/audio/media.c:21:
|
||||
/usr/include/unistd.h:478:12: note: previous declaration of 'pause' with type 'int(void)'
|
||||
478 | extern int pause (void);
|
||||
| ^~~~~
|
||||
---
|
||||
profiles/audio/media.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/profiles/audio/media.c b/profiles/audio/media.c
|
||||
index c84bbe22dc..3d8c4b69c3 100644
|
||||
--- a/profiles/audio/media.c
|
||||
+++ b/profiles/audio/media.c
|
||||
@@ -1281,7 +1281,7 @@ static bool stop(void *user_data)
|
||||
return media_player_send(mp, "Stop");
|
||||
}
|
||||
|
||||
-static bool pause(void *user_data)
|
||||
+static bool pause_play(void *user_data)
|
||||
{
|
||||
struct media_player *mp = user_data;
|
||||
|
||||
@@ -1331,7 +1331,7 @@ static struct avrcp_player_cb player_cb = {
|
||||
.set_volume = set_volume,
|
||||
.play = play,
|
||||
.stop = stop,
|
||||
- .pause = pause,
|
||||
+ .pause = pause_play,
|
||||
.next = next,
|
||||
.previous = previous,
|
||||
};
|
47
0006-create-image-Fix-leaked_handle.patch
Normal file
47
0006-create-image-Fix-leaked_handle.patch
Normal file
@ -0,0 +1,47 @@
|
||||
From 4ae130455b173650f564d92f7908a7ca4f7b1ee6 Mon Sep 17 00:00:00 2001
|
||||
From: Gopal Tiwari <gtiwari@redhat.com>
|
||||
Date: Tue, 31 May 2022 13:11:10 +0530
|
||||
Subject: [PATCH BlueZ 06/12] create-image: Fix leaked_handle
|
||||
|
||||
While performing static tool analysis using coverity found following
|
||||
reports for resouse leak
|
||||
|
||||
bluez-5.64/tools/create-image.c:124: leaked_storage: Variable "map"
|
||||
going out of scope leaks the storage it points to.
|
||||
---
|
||||
tools/create-image.c | 7 +++----
|
||||
1 file changed, 3 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/tools/create-image.c b/tools/create-image.c
|
||||
index aba940da7..90cd87315 100644
|
||||
--- a/tools/create-image.c
|
||||
+++ b/tools/create-image.c
|
||||
@@ -97,12 +97,13 @@ static void write_block(FILE *fp, const char *pathname, unsigned int ino,
|
||||
|
||||
map = mmap(NULL, st.st_size, PROT_READ, MAP_SHARED, fd, 0);
|
||||
if (!map || map == MAP_FAILED) {
|
||||
- close(fd);
|
||||
- fd = -1;
|
||||
map = NULL;
|
||||
st.st_size = 0;
|
||||
}
|
||||
|
||||
+ close(fd);
|
||||
+ fd = -1;
|
||||
+
|
||||
done:
|
||||
fprintf(fp, HDR_FMT, HDR_MAGIC, ino, mode, 0, 0, 1, 0,
|
||||
(uintmax_t) st.st_size, 0, 0, 0, 0, namelen + 1, 0, name);
|
||||
@@ -117,9 +118,7 @@ done:
|
||||
pad = 3 - ((st.st_size + 3) % 4);
|
||||
for (i = 0; i < pad; i++)
|
||||
fputc(0, fp);
|
||||
-
|
||||
munmap(map, st.st_size);
|
||||
- close(fd);
|
||||
}
|
||||
}
|
||||
|
||||
--
|
||||
2.26.2
|
||||
|
29
0007-l2cap-tester-Fix-leaked_handle.patch
Normal file
29
0007-l2cap-tester-Fix-leaked_handle.patch
Normal file
@ -0,0 +1,29 @@
|
||||
From 4334be027ae1ad50193025c90e77a76b64464b53 Mon Sep 17 00:00:00 2001
|
||||
From: Gopal Tiwari <gtiwari@redhat.com>
|
||||
Date: Tue, 31 May 2022 13:11:11 +0530
|
||||
Subject: [PATCH BlueZ 07/12] l2cap-tester: Fix leaked_handle
|
||||
|
||||
While performing static tool analysis using coverity found following
|
||||
reports for resouse leak
|
||||
|
||||
bluez-5.64/tools/l2cap-tester.c:1712: leaked_handle: Handle variable
|
||||
"new_sk" going out of scope leaks the handle.
|
||||
---
|
||||
tools/l2cap-tester.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/tools/l2cap-tester.c b/tools/l2cap-tester.c
|
||||
index d78b1e29c..3f0464013 100644
|
||||
--- a/tools/l2cap-tester.c
|
||||
+++ b/tools/l2cap-tester.c
|
||||
@@ -1709,6 +1709,7 @@ static gboolean l2cap_listen_cb(GIOChannel *io, GIOCondition cond,
|
||||
|
||||
if (!check_mtu(data, new_sk)) {
|
||||
tester_test_failed();
|
||||
+ close(new_sk);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
--
|
||||
2.26.2
|
||||
|
33
0008-mesh-mesh-db-Fix-resource-leaks.patch
Normal file
33
0008-mesh-mesh-db-Fix-resource-leaks.patch
Normal file
@ -0,0 +1,33 @@
|
||||
From 35cbfd9660949fca23418bfa32fd51d81ed91208 Mon Sep 17 00:00:00 2001
|
||||
From: Gopal Tiwari <gtiwari@redhat.com>
|
||||
Date: Tue, 31 May 2022 13:11:12 +0530
|
||||
Subject: [PATCH BlueZ 08/12] mesh/mesh-db: Fix resource leaks
|
||||
|
||||
While performing static tool analysis using coverity found following
|
||||
reports for resouse leak
|
||||
|
||||
bluez-5.64/tools/mesh/mesh-db.c:2388: leaked_handle: Handle variable
|
||||
"fd" going out of scope leaks the handle.
|
||||
|
||||
bluez-5.64/tools/mesh/mesh-db.c:2388: leaked_storage: Variable "str"
|
||||
going out of scope leaks the storage it points to.
|
||||
---
|
||||
tools/mesh/mesh-db.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/tools/mesh/mesh-db.c b/tools/mesh/mesh-db.c
|
||||
index fa11837df..896ff722c 100644
|
||||
--- a/tools/mesh/mesh-db.c
|
||||
+++ b/tools/mesh/mesh-db.c
|
||||
@@ -2384,6 +2384,8 @@ bool mesh_db_load(const char *fname)
|
||||
|
||||
sz = read(fd, str, st.st_size);
|
||||
if (sz != st.st_size) {
|
||||
+ close(fd);
|
||||
+ l_free(str);
|
||||
l_error("Failed to read configuration file %s", fname);
|
||||
return false;
|
||||
}
|
||||
--
|
||||
2.26.2
|
||||
|
29
0009-obex-client-Fix-leaked_handle.patch
Normal file
29
0009-obex-client-Fix-leaked_handle.patch
Normal file
@ -0,0 +1,29 @@
|
||||
From 39b638526d9a45d54d2d6e3f175fd7eb057ef8f0 Mon Sep 17 00:00:00 2001
|
||||
From: Gopal Tiwari <gtiwari@redhat.com>
|
||||
Date: Tue, 31 May 2022 13:11:13 +0530
|
||||
Subject: [PATCH BlueZ 09/12] obex-client: Fix leaked_handle
|
||||
|
||||
While performing static tool analysis using coverity found following
|
||||
reports for resouse leak
|
||||
|
||||
bluez-5.64/tools/obex-client-tool.c:315: leaked_handle: Handle variable
|
||||
"sk" going out of scope leaks the handle.
|
||||
---
|
||||
tools/obex-client-tool.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/tools/obex-client-tool.c b/tools/obex-client-tool.c
|
||||
index ab9332896..cb0e41247 100644
|
||||
--- a/tools/obex-client-tool.c
|
||||
+++ b/tools/obex-client-tool.c
|
||||
@@ -312,6 +312,7 @@ static GIOChannel *unix_connect(GObexTransportType transport)
|
||||
if (connect(sk, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
|
||||
err = errno;
|
||||
g_printerr("connect: %s (%d)\n", strerror(err), err);
|
||||
+ close(sk);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
--
|
||||
2.26.2
|
||||
|
34
0010-pbap-Fix-memory-leak.patch
Normal file
34
0010-pbap-Fix-memory-leak.patch
Normal file
@ -0,0 +1,34 @@
|
||||
From 06d3c7429ad6bdf6eef1bcedee327e74a33c40bf Mon Sep 17 00:00:00 2001
|
||||
From: Gopal Tiwari <gtiwari@redhat.com>
|
||||
Date: Tue, 31 May 2022 13:11:15 +0530
|
||||
Subject: [PATCH BlueZ 10/12] pbap: Fix memory leak
|
||||
|
||||
Reported by coverity tool as follows:
|
||||
|
||||
bluez-5.64/obexd/client/pbap.c:929: leaked_storage: Variable "apparam"
|
||||
going out of scope leaks the storage it points to.
|
||||
---
|
||||
obexd/client/pbap.c | 5 +++--
|
||||
1 file changed, 3 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/obexd/client/pbap.c b/obexd/client/pbap.c
|
||||
index 1a2bacc9f..1ed8c68ec 100644
|
||||
--- a/obexd/client/pbap.c
|
||||
+++ b/obexd/client/pbap.c
|
||||
@@ -925,10 +925,11 @@ static DBusMessage *pbap_search(DBusConnection *connection,
|
||||
return g_dbus_create_error(message,
|
||||
ERROR_INTERFACE ".InvalidArguments", NULL);
|
||||
|
||||
- if (dbus_message_iter_get_arg_type(&args) != DBUS_TYPE_STRING)
|
||||
+ if (dbus_message_iter_get_arg_type(&args) != DBUS_TYPE_STRING) {
|
||||
+ g_obex_apparam_free(apparam);
|
||||
return g_dbus_create_error(message,
|
||||
ERROR_INTERFACE ".InvalidArguments", NULL);
|
||||
-
|
||||
+ }
|
||||
dbus_message_iter_get_basic(&args, &value);
|
||||
dbus_message_iter_next(&args);
|
||||
|
||||
--
|
||||
2.26.2
|
||||
|
30
0011-meshctl-Fix-possible-use_after_free.patch
Normal file
30
0011-meshctl-Fix-possible-use_after_free.patch
Normal file
@ -0,0 +1,30 @@
|
||||
From 56bda20ce9e3e5c4684b37cffd4527264c2b4c1e Mon Sep 17 00:00:00 2001
|
||||
From: Gopal Tiwari <gtiwari@redhat.com>
|
||||
Date: Tue, 31 May 2022 13:11:16 +0530
|
||||
Subject: [PATCH BlueZ 11/12] meshctl: Fix possible use_after_free
|
||||
|
||||
Reported by coverity tool as follows :
|
||||
|
||||
bluez-5.64/tools/meshctl.c:1968: freed_arg: "g_free" frees "mesh_dir".
|
||||
|
||||
bluez-5.64/tools/meshctl.c:2018: double_free: Calling "g_free" frees
|
||||
pointer "mesh_dir" which has already been freed.
|
||||
---
|
||||
tools/meshctl.c | 1 -
|
||||
1 file changed, 1 deletion(-)
|
||||
|
||||
diff --git a/tools/meshctl.c b/tools/meshctl.c
|
||||
index 18e20c40d..38ffd35f3 100644
|
||||
--- a/tools/meshctl.c
|
||||
+++ b/tools/meshctl.c
|
||||
@@ -2015,7 +2015,6 @@ int main(int argc, char *argv[])
|
||||
|
||||
fail:
|
||||
bt_shell_cleanup();
|
||||
- g_free(mesh_dir);
|
||||
|
||||
return EXIT_FAILURE;
|
||||
}
|
||||
--
|
||||
2.26.2
|
||||
|
34
0012-mesh-gatt-Fix-use_after_free.patch
Normal file
34
0012-mesh-gatt-Fix-use_after_free.patch
Normal file
@ -0,0 +1,34 @@
|
||||
From 5cdaeaefc350ea3c42719284b88406579d032fb6 Mon Sep 17 00:00:00 2001
|
||||
From: Gopal Tiwari <gtiwari@redhat.com>
|
||||
Date: Tue, 31 May 2022 13:11:17 +0530
|
||||
Subject: [PATCH BlueZ 12/12] mesh-gatt: Fix use_after_free
|
||||
|
||||
Following scenario happens when prov is false and we have double free as
|
||||
mentioned in the below
|
||||
|
||||
bluez-5.64/tools/mesh-gatt/prov-db.c:847: freed_arg: "g_free" frees
|
||||
"in_str".
|
||||
|
||||
bluez-5.64/tools/mesh-gatt/prov-db.c:867: double_free: Calling "g_free"
|
||||
frees pointer "in_str" which has already been freed.
|
||||
---
|
||||
tools/mesh-gatt/prov-db.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/tools/mesh-gatt/prov-db.c b/tools/mesh-gatt/prov-db.c
|
||||
index 2fb08f799..a5b6997e0 100644
|
||||
--- a/tools/mesh-gatt/prov-db.c
|
||||
+++ b/tools/mesh-gatt/prov-db.c
|
||||
@@ -859,7 +859,8 @@ bool prov_db_local_set_iv_index(uint32_t iv_index, bool update, bool prov)
|
||||
|
||||
set_local_iv_index(jmain, iv_index, update);
|
||||
prov_file_write(jmain, false);
|
||||
- }
|
||||
+ } else
|
||||
+ return true;
|
||||
|
||||
res = true;
|
||||
done:
|
||||
--
|
||||
2.26.2
|
||||
|
@ -0,0 +1,41 @@
|
||||
From 28ddec8d6b829e002fa268c07b71e4c564ba9e16 Mon Sep 17 00:00:00 2001
|
||||
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
|
||||
Date: Thu, 11 Mar 2021 07:36:07 -0800
|
||||
Subject: [PATCH] avdtp: Fix removing all remote SEPs when loading from cache
|
||||
|
||||
If avdtp_discover is called after cache has been loaded it end up
|
||||
removing all remote SEPs as they have not been discovered yet.
|
||||
|
||||
Fixes: https://github.com/bluez/bluez/issues/102
|
||||
---
|
||||
profiles/audio/avdtp.c | 16 ++++++++++++----
|
||||
1 file changed, 12 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/profiles/audio/avdtp.c b/profiles/audio/avdtp.c
|
||||
index 088ca58b3..1d5871c62 100644
|
||||
--- a/profiles/audio/avdtp.c
|
||||
+++ b/profiles/audio/avdtp.c
|
||||
@@ -3381,10 +3381,18 @@ int avdtp_discover(struct avdtp *session, avdtp_discover_cb_t cb,
|
||||
session->discover = g_new0(struct discover_callback, 1);
|
||||
|
||||
if (session->seps) {
|
||||
- session->discover->cb = cb;
|
||||
- session->discover->user_data = user_data;
|
||||
- session->discover->id = g_idle_add(process_discover, session);
|
||||
- return 0;
|
||||
+ struct avdtp_remote_sep *sep = session->seps->data;
|
||||
+
|
||||
+ /* Check that SEP have been discovered as it may be loaded from
|
||||
+ * cache.
|
||||
+ */
|
||||
+ if (sep->discovered) {
|
||||
+ session->discover->cb = cb;
|
||||
+ session->discover->user_data = user_data;
|
||||
+ session->discover->id = g_idle_add(process_discover,
|
||||
+ session);
|
||||
+ return 0;
|
||||
+ }
|
||||
}
|
||||
|
||||
err = send_request(session, FALSE, NULL, AVDTP_DISCOVER, NULL, 0);
|
||||
|
51
bluez.spec
51
bluez.spec
@ -5,8 +5,8 @@
|
||||
%endif
|
||||
|
||||
Name: bluez
|
||||
Version: 5.72
|
||||
Release: 1%{?dist}
|
||||
Version: 5.64
|
||||
Release: 2%{?dist}
|
||||
Summary: Bluetooth utilities
|
||||
License: GPLv2+
|
||||
URL: http://www.bluez.org/
|
||||
@ -16,8 +16,26 @@ Source1: bluez.gitignore
|
||||
|
||||
# https://github.com/hadess/bluez/commits/obex-5.46
|
||||
Patch1: 0001-obex-Use-GLib-helper-function-to-manipulate-paths.patch
|
||||
# https://patchwork.kernel.org/project/bluetooth/patch/20240214155019.325715-1-hadess@hadess.net/
|
||||
Patch2: 0001-Add-missing-mesh-gatt-JSON-files.patch
|
||||
# https://github.com/hadess/bluez/commits/systemd-hardening
|
||||
#Patch10: 0001-build-Always-define-confdir-and-statedir.patch
|
||||
#Patch11: 0002-systemd-Add-PrivateTmp-and-NoNewPrivileges-options.patch
|
||||
#Patch12: 0003-systemd-Add-more-filesystem-lockdown.patch
|
||||
#Patch13: 0004-systemd-More-lockdown.patch
|
||||
#Patch14: 0005-media-rename-local-function-conflicting-with-pause-2.patch
|
||||
#Patch15: bluez-avdtp-fix-removing-all-seps-when-loading-from-cache.patch
|
||||
Patch2: 0001-client-gatt-Fix-memory-leak-issues.patch
|
||||
Patch3: 0002-mesh-appkey-Fix-memory-leaks.patch
|
||||
Patch4: 0003-monitor-Fix-memory-leaks.patch
|
||||
Patch5: 0004-sixaxis-Fix-memory-leaks.patch
|
||||
Patch6: 0005-cltest-Fix-leaked_handle.patch
|
||||
Patch7: 0006-create-image-Fix-leaked_handle.patch
|
||||
Patch8: 0007-l2cap-tester-Fix-leaked_handle.patch
|
||||
Patch9: 0008-mesh-mesh-db-Fix-resource-leaks.patch
|
||||
Patch10: 0009-obex-client-Fix-leaked_handle.patch
|
||||
Patch11: 0010-pbap-Fix-memory-leak.patch
|
||||
Patch12: 0011-meshctl-Fix-possible-use_after_free.patch
|
||||
Patch13: 0012-mesh-gatt-Fix-use_after_free.patch
|
||||
Patch14: 0001-gatt-Fix-double-free-and-freed-memory-dereference.patch
|
||||
|
||||
BuildRequires: dbus-devel >= 1.6
|
||||
BuildRequires: glib2-devel
|
||||
@ -35,7 +53,6 @@ BuildRequires: cups-devel
|
||||
BuildRequires: libtool automake autoconf
|
||||
# For man pages
|
||||
BuildRequires: python3-docutils
|
||||
BuildRequires: python3-pygments
|
||||
|
||||
Requires: dbus >= 1.6
|
||||
Requires(post): systemd
|
||||
@ -145,7 +162,9 @@ Object Exchange daemon for sharing files, contacts etc over bluetooth
|
||||
%build
|
||||
autoreconf -vif
|
||||
%configure --enable-tools --enable-library --disable-optimization \
|
||||
%if %{with deprecated}
|
||||
--enable-deprecated \
|
||||
%endif
|
||||
--enable-sixaxis --enable-cups --enable-nfc --enable-mesh \
|
||||
--enable-hid2hci --enable-testing \
|
||||
--with-systemdsystemunitdir=%{_unitdir} \
|
||||
@ -160,10 +179,6 @@ autoreconf -vif
|
||||
# "make install" fails to install gatttool, necessary for Bluetooth Low Energy
|
||||
# Red Hat Bugzilla bug #1141909, Debian bug #720486
|
||||
install -m0755 attrib/gatttool $RPM_BUILD_ROOT%{_bindir}
|
||||
%else
|
||||
for i in ciptool gatttool hciattach hciconfig hcidump hcitool rfcomm sdptool ; do \
|
||||
rm -f $RPM_BUILD_ROOT%{_bindir}/$i $RPM_BUILD_ROOT%{_mandir}/man1/$i*.1* ; \
|
||||
done
|
||||
%endif
|
||||
|
||||
# "make install" fails to install avinfo
|
||||
@ -234,6 +249,7 @@ install emulator/btvirt ${RPM_BUILD_ROOT}/%{_libexecdir}/bluetooth/
|
||||
%doc AUTHORS ChangeLog
|
||||
%dir %{_sysconfdir}/bluetooth
|
||||
%config %{_sysconfdir}/bluetooth/main.conf
|
||||
%config %{_sysconfdir}/dbus-1/system.d/bluetooth.conf
|
||||
%{_bindir}/avinfo
|
||||
%{_bindir}/bluemoon
|
||||
%{_bindir}/bluetoothctl
|
||||
@ -245,10 +261,7 @@ install emulator/btvirt ${RPM_BUILD_ROOT}/%{_libexecdir}/bluetooth/
|
||||
%{_bindir}/l2test
|
||||
%{_bindir}/mpris-proxy
|
||||
%{_bindir}/rctest
|
||||
%{_mandir}/man1/bluetoothctl.1.*
|
||||
%{_mandir}/man1/bluetoothctl-*.1.*
|
||||
%{_mandir}/man1/btattach.1.*
|
||||
%{_mandir}/man1/btmgmt.1.*
|
||||
%{_mandir}/man1/btmon.1.*
|
||||
%{_mandir}/man1/l2ping.1.*
|
||||
%{_mandir}/man1/rctest.1.*
|
||||
@ -258,7 +271,6 @@ install emulator/btvirt ${RPM_BUILD_ROOT}/%{_libexecdir}/bluetooth/
|
||||
%{_libdir}/bluetooth/
|
||||
%{_localstatedir}/lib/bluetooth
|
||||
%{_datadir}/dbus-1/system-services/org.bluez.service
|
||||
%{_datadir}/dbus-1/system.d/bluetooth.conf
|
||||
%{_unitdir}/bluetooth.service
|
||||
%{_datadir}/zsh/site-functions/_bluetoothctl
|
||||
|
||||
@ -288,14 +300,8 @@ install emulator/btvirt ${RPM_BUILD_ROOT}/%{_libexecdir}/bluetooth/
|
||||
|
||||
%files libs-devel
|
||||
%doc doc/*txt
|
||||
%{_bindir}/isotest
|
||||
%{_bindir}/l2test
|
||||
%{_bindir}/rctest
|
||||
%{_libdir}/libbluetooth.so
|
||||
%{_includedir}/bluetooth
|
||||
%{_mandir}/man1/isotest.1.*
|
||||
%{_mandir}/man1/rctest.1.*
|
||||
%{_mandir}/man5/org.bluez.*.5.*
|
||||
%{_libdir}/pkgconfig/bluez.pc
|
||||
%dir %{_libexecdir}/bluetooth
|
||||
%{_libexecdir}/bluetooth/btvirt
|
||||
@ -311,11 +317,11 @@ install emulator/btvirt ${RPM_BUILD_ROOT}/%{_libexecdir}/bluetooth/
|
||||
%files mesh
|
||||
%doc tools/mesh-gatt/*.json
|
||||
%config %{_sysconfdir}/bluetooth/mesh-main.conf
|
||||
%config %{_sysconfdir}/dbus-1/system.d/bluetooth-mesh.conf
|
||||
%{_bindir}/meshctl
|
||||
%{_bindir}/mesh-cfgclient
|
||||
%{_bindir}/mesh-cfgtest
|
||||
%{_datadir}/dbus-1/system-services/org.bluez.mesh.service
|
||||
%{_datadir}/dbus-1/system.d/bluetooth-mesh.conf
|
||||
%{_libexecdir}/bluetooth/bluetooth-meshd
|
||||
%{_unitdir}/bluetooth-mesh.service
|
||||
%{_localstatedir}/lib/bluetooth/mesh
|
||||
@ -327,16 +333,13 @@ install emulator/btvirt ${RPM_BUILD_ROOT}/%{_libexecdir}/bluetooth/
|
||||
%{_userunitdir}/obex.service
|
||||
|
||||
%changelog
|
||||
* Thu Feb 15 2024 Bastien Nocera <bnocera@redhat.com> - 5.72-1
|
||||
- Update to 5.72
|
||||
|
||||
* Thu Jun 9 2022 Gopal Tiwari <gtiwari@redhat.com> - 5.64-2
|
||||
- Coverity fixes for bluez.
|
||||
|
||||
* Thu May 5 2022 Gopal Tiwari <gtiwari@redhat.com> - 5.64-1
|
||||
- Update to 5.64
|
||||
|
||||
* Thu Dec 16 2021 Gopal Tiwari <gtiwari@redhat.com> - 5.56-8
|
||||
* Fri Dec 16 2021 Gopal Tiwari <gtiwari@redhat.com> - 5.56-8
|
||||
- Fixing Gating and version
|
||||
Related: rhbz#2027435
|
||||
|
||||
|
1
sources
1
sources
@ -1,2 +1 @@
|
||||
SHA512 (bluez-5.64.tar.xz) = f11f9974b29c5c6fce3890d7e42425c1cb02e42c1b8f49c5cc4b249234e67b64317d0e5e82721e2fbf1b53269c8569a9c869d59ce42b5e927f6622f0753e53cd
|
||||
SHA512 (bluez-5.72.tar.xz) = 1c6560f60ac0654d7c25ed8ab2f0f3a3a9ca8688ee28e1c476ffc7ae38737e739d27bbb88789c86b03fc600a8a68496d90a7b395ec393dd2bbf69be62357991a
|
||||
|
Loading…
Reference in New Issue
Block a user