Compare commits
No commits in common. "c8s" and "c8" have entirely different histories.
1
.bluez.metadata
Normal file
1
.bluez.metadata
Normal file
@ -0,0 +1 @@
|
||||
c5137186e7cc60652eed44cff0067ef749e49eff SOURCES/bluez-5.63.tar.xz
|
||||
1
.gitignore
vendored
1
.gitignore
vendored
@ -1,2 +1 @@
|
||||
SOURCES/bluez-5.63.tar.xz
|
||||
/bluez-5.63.tar.xz
|
||||
|
||||
@ -1,54 +0,0 @@
|
||||
From: David Marlin <dmarlin@redhat.com>
|
||||
|
||||
Subject: input.conf: Change default of ClassicBondedOnly
|
||||
|
||||
Resolves: RHEL-18429
|
||||
|
||||
CVE: CVE-2023-45866
|
||||
|
||||
commit 25a471a83e02e1effb15d5a488b3f0085eaeb675
|
||||
Author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
|
||||
Date: Tue Oct 10 13:03:12 2023 -0700
|
||||
|
||||
input.conf: Change default of ClassicBondedOnly
|
||||
|
||||
This changes the default of ClassicBondedOnly since defaulting to false
|
||||
is not inline with HID specification which mandates the of Security Mode
|
||||
4:
|
||||
|
||||
BLUETOOTH SPECIFICATION Page 84 of 123
|
||||
Human Interface Device (HID) Profile:
|
||||
|
||||
5.4.3.4.2 Security Modes
|
||||
Bluetooth HID Hosts shall use Security Mode 4 when interoperating with
|
||||
Bluetooth HID devices that are compliant to the Bluetooth Core
|
||||
Specification v2.1+EDR[6].
|
||||
|
||||
Signed-off-by: David Marlin <dmarlin@redhat.com>
|
||||
|
||||
diff --git a/profiles/input/device.c b/profiles/input/device.c
|
||||
index 4a50ea9921a97751a94547c0e73177d58184a75d..4310dd192e113f9875c07117d523167655cef954 100644
|
||||
--- a/profiles/input/device.c
|
||||
+++ b/profiles/input/device.c
|
||||
@@ -81,7 +81,7 @@ struct input_device {
|
||||
|
||||
static int idle_timeout = 0;
|
||||
static bool uhid_enabled = false;
|
||||
-static bool classic_bonded_only = false;
|
||||
+static bool classic_bonded_only = true;
|
||||
|
||||
void input_set_idle_timeout(int timeout)
|
||||
{
|
||||
diff --git a/profiles/input/input.conf b/profiles/input/input.conf
|
||||
index 4c70bc561f05429442c6fe0a183584ad1536fa4b..d8645f3dd664e2d671791878462f8a0dc74e04a5 100644
|
||||
--- a/profiles/input/input.conf
|
||||
+++ b/profiles/input/input.conf
|
||||
@@ -17,7 +17,7 @@
|
||||
# platforms may want to make sure that input connections only come from bonded
|
||||
# device connections. Several older mice have been known for not supporting
|
||||
# pairing/encryption.
|
||||
-# Defaults to false to maximize device compatibility.
|
||||
+# Defaults to true for security.
|
||||
#ClassicBondedOnly=true
|
||||
|
||||
# LE upgrade security
|
||||
@ -1,73 +0,0 @@
|
||||
From: David Marlin <dmarlin@redhat.com>
|
||||
|
||||
Subject: pbap: Fix not checking Primary/Secundary Counter length
|
||||
|
||||
Resolves: RHEL-35501
|
||||
Resolves: RHEL-35504
|
||||
|
||||
CVE: CVE-2023-50230
|
||||
CVE: CVE-2023-50229
|
||||
|
||||
commit 5ab5352531a9cc7058cce569607f3a6831464443
|
||||
Author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
|
||||
Date: Tue Sep 19 12:14:01 2023 -0700
|
||||
|
||||
pbap: Fix not checking Primary/Secundary Counter length
|
||||
|
||||
Primary/Secundary Counters are supposed to be 16 bytes values, if the
|
||||
server has implemented them incorrectly it may lead to the following
|
||||
crash:
|
||||
|
||||
=================================================================
|
||||
==31860==ERROR: AddressSanitizer: heap-buffer-overflow on address
|
||||
0x607000001878 at pc 0x7f95a1575638 bp 0x7fff58c6bb80 sp 0x7fff58c6b328
|
||||
|
||||
READ of size 48 at 0x607000001878 thread T0
|
||||
#0 0x7f95a1575637 in MemcmpInterceptorCommon(void*, int (*)(void const*, void const*, unsigned long), void const*, void const*, unsigned long) ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:860
|
||||
#1 0x7f95a1575ba6 in __interceptor_memcmp ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:892
|
||||
#2 0x7f95a1575ba6 in __interceptor_memcmp ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:887
|
||||
#3 0x564df69c77a0 in read_version obexd/client/pbap.c:288
|
||||
#4 0x564df69c77a0 in read_return_apparam obexd/client/pbap.c:352
|
||||
#5 0x564df69c77a0 in phonebook_size_callback obexd/client/pbap.c:374
|
||||
#6 0x564df69bea3c in session_terminate_transfer obexd/client/session.c:921
|
||||
#7 0x564df69d56b0 in get_xfer_progress_first obexd/client/transfer.c:729
|
||||
#8 0x564df698b9ee in handle_response gobex/gobex.c:1140
|
||||
#9 0x564df698cdea in incoming_data gobex/gobex.c:1385
|
||||
#10 0x7f95a12fdc43 in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x55c43)
|
||||
#11 0x7f95a13526c7 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0xaa6c7)
|
||||
#12 0x7f95a12fd2b2 in g_main_loop_run (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x552b2)
|
||||
#13 0x564df6977d41 in main obexd/src/main.c:307
|
||||
#14 0x7f95a10a7d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
|
||||
#15 0x7f95a10a7e3f in __libc_start_main_impl ../csu/libc-start.c:392
|
||||
#16 0x564df6978704 in _start (/usr/local/libexec/bluetooth/obexd+0x8b704)
|
||||
0x607000001878 is located 0 bytes to the right of 72-byte region [0x607000001830,0x607000001878)
|
||||
|
||||
allocated by thread T0 here:
|
||||
#0 0x7f95a1595a37 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154
|
||||
#1 0x564df69c8b6a in pbap_probe obexd/client/pbap.c:1259
|
||||
|
||||
Signed-off-by: David Marlin <dmarlin@redhat.com>
|
||||
|
||||
diff --git a/obexd/client/pbap.c b/obexd/client/pbap.c
|
||||
index 1ed8c68eccd00097a8539aaa9ede9feed9b6d060..2d2aa950898c38984d544e7708610d4c2af43b59 100644
|
||||
--- a/obexd/client/pbap.c
|
||||
+++ b/obexd/client/pbap.c
|
||||
@@ -285,7 +285,7 @@ static void read_version(struct pbap_data *pbap, GObexApparam *apparam)
|
||||
data = value;
|
||||
}
|
||||
|
||||
- if (memcmp(pbap->primary, data, len)) {
|
||||
+ if (len == sizeof(pbap->primary) && memcmp(pbap->primary, data, len)) {
|
||||
memcpy(pbap->primary, data, len);
|
||||
g_dbus_emit_property_changed(conn,
|
||||
obc_session_get_path(pbap->session),
|
||||
@@ -299,7 +299,8 @@ static void read_version(struct pbap_data *pbap, GObexApparam *apparam)
|
||||
data = value;
|
||||
}
|
||||
|
||||
- if (memcmp(pbap->secondary, data, len)) {
|
||||
+ if (len == sizeof(pbap->secondary) &&
|
||||
+ memcmp(pbap->secondary, data, len)) {
|
||||
memcpy(pbap->secondary, data, len);
|
||||
g_dbus_emit_property_changed(conn,
|
||||
obc_session_get_path(pbap->session),
|
||||
@ -1,7 +1,7 @@
|
||||
Name: bluez
|
||||
Summary: Bluetooth utilities
|
||||
Version: 5.63
|
||||
Release: 4%{?dist}
|
||||
Release: 1%{?dist}
|
||||
License: GPLv2+
|
||||
URL: http://www.bluez.org/
|
||||
|
||||
@ -49,10 +49,6 @@ Patch25: 0001-gdbus-Emit-InterfacesAdded-of-parents-objects-first.patch
|
||||
|
||||
#Patch32: 0001-sdpd-Fix-leaking-buffers-stored-in-cstates-cache.patch
|
||||
|
||||
Patch40: 0001-Change-default-of-ClassicBondedOnly.patch
|
||||
|
||||
Patch50: 0001-pbap-Fix-not-checking-Primary_Secundary-Counter-lengt.patch
|
||||
|
||||
BuildRequires: git-core
|
||||
BuildRequires: dbus-devel >= 1.6
|
||||
BuildRequires: glib2-devel
|
||||
@ -287,23 +283,6 @@ make check
|
||||
%{_userunitdir}/obex.service
|
||||
|
||||
%changelog
|
||||
* Mon Aug 05 2024 David Marlin <dmarlin@redhat.com> - 5.63-4
|
||||
+ bluez-5.63-4
|
||||
- Resolves: RHEL-35501
|
||||
- Fixing CVE-2023-50230
|
||||
- Resolves: RHEL-35504
|
||||
- Fixing CVE-2023-50229
|
||||
|
||||
* Thu Jun 06 2024 David Marlin <dmarlin@redhat.com> - 5.63-3
|
||||
+ bluez-5.63-3
|
||||
- Add back the tests for OSCI.
|
||||
|
||||
* Wed May 29 2024 David Marlin <dmarlin@redhat.com> - 5.63-2
|
||||
+ bluez-5.63-2
|
||||
- Change default of ClassicBondedOnly to true to align with HID specification.
|
||||
- Resolves: RHEL-18429
|
||||
- Fixing CVE-2021-41229
|
||||
|
||||
* Tue May 17 2022 Gopal Tiwari <gtiwari@redhat.com> - 5.63-1
|
||||
+ bluez-5.63-1
|
||||
- Fixing (#)
|
||||
@ -1,6 +0,0 @@
|
||||
--- !Policy
|
||||
product_versions:
|
||||
- rhel-8
|
||||
decision_context: osci_compose_gate
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
|
||||
1
sources
1
sources
@ -1 +0,0 @@
|
||||
SHA512 (bluez-5.63.tar.xz) = 1b8ce7b1bd9611873c27a762a60df580edeefe5424e8733a2067b9afb1a47915f9319849bc1eeee148f5b1f33977b7975e05867e8dbdf73d33cd68e6b99ca75b
|
||||
@ -1,35 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -ex
|
||||
|
||||
# This test is designed such that a Bluetooth controller is not required but we
|
||||
# can at least check to make sure the commands are installed correctly
|
||||
|
||||
# Is bccmd present and doesn't fail if called
|
||||
#bccmd --help
|
||||
|
||||
# Is btattach present and doesn't fail if called
|
||||
btattach --version
|
||||
|
||||
# Is ciptool present and doesn't fail if called
|
||||
ciptool --help
|
||||
|
||||
# hciattach test
|
||||
any_str=$(hciattach -l | grep -E "^any")
|
||||
if [ "$any_str" != "any 0x0000,0x0000" ]
|
||||
then
|
||||
echo "Unable to find the 'any' hciattach configuration"
|
||||
exit 99
|
||||
fi
|
||||
|
||||
# Is hciconfig present and doesn't fail if called
|
||||
hciconfig --help
|
||||
|
||||
# Is hcitool present and doesn't fail if called
|
||||
hcitool --help
|
||||
|
||||
# Is rfcomm present and doesn't fail if called
|
||||
rfcomm --help
|
||||
|
||||
# Is sdptool present and doesn't fail if called
|
||||
sdptool --help
|
||||
@ -1,9 +0,0 @@
|
||||
- hosts: localhost
|
||||
roles:
|
||||
- role: standard-test-basic
|
||||
tags:
|
||||
- classic
|
||||
tests:
|
||||
- simple:
|
||||
dir: . # switch to subfolder. This parameter is REQUIRED, use `dir: .` for current folder
|
||||
run: ./run_tests.sh # this is your test command, its exit code is the outcome of the test
|
||||
Loading…
Reference in New Issue
Block a user