Upgrade to 5.72

Resolves: rhbz#1938686.
2024-02-28 01:16:20 +00:00 · 2022-06-09 14:24:04 +05:30
12 changed files with 182 additions and 729 deletions
--- a/.bluez.metadata
+++ b/.bluez.metadata
@ -0,0 +1,2 @@
+4d8fb1328e15df4021329d3eb6329b64777badaa bluez-5.64.tar.xz
+6c73541f2cd27543b66741d16d520970d8877940 bluez-5.72.tar.xz
--- a/0001-Add-missing-mesh-gatt-JSON-files.patch
+++ b/0001-Add-missing-mesh-gatt-JSON-files.patch
@ -0,0 +1,125 @@
+From 669de134aa19fbd6b7ac59575446a064bbf27565 Mon Sep 17 00:00:00 2001
+From: Bastien Nocera <hadess@hadess.net>
+Date: Wed, 14 Feb 2024 16:51:14 +0100
+Subject: [PATCH] Add missing mesh-gatt JSON files
+
+---
+ tools/mesh-gatt/local_node.json | 61 +++++++++++++++++++++++++++++++++
+ tools/mesh-gatt/prov_db.json    | 37 ++++++++++++++++++++
+ 2 files changed, 98 insertions(+)
+ create mode 100644 tools/mesh-gatt/local_node.json
+ create mode 100644 tools/mesh-gatt/prov_db.json
+
+diff --git a/tools/mesh-gatt/local_node.json b/tools/mesh-gatt/local_node.json
+new file mode 100644
+index 000000000000..5ffa7ada1f65
+--- /dev/null
+++ b/tools/mesh-gatt/local_node.json
+@@ -0,0 +1,61 @@
+{
+  "$schema":"file:\/\/\/BlueZ\/Mesh\/local_schema\/mesh.jsonschema",
+  "meshName":"BT Mesh",
+  "netKeys":[
+    {
+      "index": 0,
+      "keyRefresh": 0
+    }
+  ],
+  "appKeys":[
+    {
+      "index": 0,
+      "boundNetKey": 0
+    },
+    {
+      "index": 1,
+      "boundNetKey": 0
+    }
+  ],
+"node": {
+	"IVindex":"00000005",
+	"IVupdate":"0",
+	"sequenceNumber": 0,
+    "composition": {
+        "cid": "0002",
+        "pid": "0010",
+        "vid": "0001",
+        "crpl": "000a",
+        "features": {
+            "relay": false,
+            "proxy": true,
+            "friend": false,
+            "lowPower": false
+        },
+        "elements": [
+            {
+                "elementIndex": 0,
+                "location": "0001",
+                "models": ["0000", "0001", "1001"]
+            }
+        ]
+    },
+    "configuration":{
+        "netKeys": [0],
+        "appKeys": [ 0, 1],
+        "defaultTTL": 10,
+        "elements": [
+          {
+            "elementIndex": 0,
+            "unicastAddress":"0077",
+            "models": [
+               {
+                 "modelId": "1001",
+                 "bind": [1]
+                }
+            ]
+          }
+        ]
+    }
+  }
+}
+diff --git a/tools/mesh-gatt/prov_db.json b/tools/mesh-gatt/prov_db.json
+new file mode 100644
+index 000000000000..74a03128d4d5
+--- /dev/null
+++ b/tools/mesh-gatt/prov_db.json
+@@ -0,0 +1,37 @@
+{
+  "$schema":"file:\/\/\/BlueZ\/Mesh\/schema\/mesh.jsonschema",
+  "meshName":"BT Mesh",
+  "IVindex":5,
+  "IVupdate":0,
+  "netKeys":[
+    {
+      "index":0,
+      "keyRefresh":0,
+      "key":"18eed9c2a56add85049ffc3c59ad0e12"
+    }
+  ],
+  "appKeys":[
+    {
+      "index":0,
+      "boundNetKey":0,
+      "key":"4f68ad85d9f48ac8589df665b6b49b8a"
+    },
+    {
+      "index":1,
+      "boundNetKey":0,
+      "key":"2aa2a6ded5a0798ceab5787ca3ae39fc"
+    }
+  ],
+  "provisioners":[
+    {
+      "provisionerName":"BT Mesh Provisioner",
+      "unicastAddress":"0077",
+      "allocatedUnicastRange":[
+        {
+          "lowAddress":"0100",
+          "highAddress":"7fff"
+        }
+      ]
+    }
+  ],
+}
+-- 
+2.43.0
+
--- a/0001-build-Always-define-confdir-and-statedir.patch
+++ b/0001-build-Always-define-confdir-and-statedir.patch
@ -1,35 +0,0 @@
-From 5744f79d84ecee3929a682166034c5bbc36c0ef5 Mon Sep 17 00:00:00 2001
-From: Bastien Nocera <hadess@hadess.net>
-Date: Wed, 20 Sep 2017 12:49:10 +0200
-Subject: [PATCH 1/4] build: Always define confdir and statedir
-
-As we will need those paths to lock down on them.
---
- Makefile.am | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/Makefile.am b/Makefile.am
-index 9d25a815b..ac88c12e0 100644
--- a/Makefile.am
-+++ b/Makefile.am
-@@ -31,14 +31,14 @@ pkginclude_HEADERS =
- AM_CFLAGS = $(WARNING_CFLAGS) $(MISC_CFLAGS) $(UDEV_CFLAGS) $(ell_cflags)
- AM_LDFLAGS = $(MISC_LDFLAGS)
- 
-+confdir = $(sysconfdir)/bluetooth
-+statedir = $(localstatedir)/lib/bluetooth
-+
- if DATAFILES
- dbusdir = $(DBUS_CONFDIR)/dbus-1/system.d
- dbus_DATA = src/bluetooth.conf
- 
-confdir = $(sysconfdir)/bluetooth
- conf_DATA =
-
-statedir = $(localstatedir)/lib/bluetooth
- state_DATA =
- endif
- 
-- 
-2.21.0
-
--- a/0001-obex-Use-GLib-helper-function-to-manipulate-paths.patch
+++ b/0001-obex-Use-GLib-helper-function-to-manipulate-paths.patch
@ -1,19 +1,29 @@
-From 90b72b787a6ae6b9b0bf8ece238e108e8607a433 Mon Sep 17 00:00:00 2001
+From 873e49357081e5c5d8d3d23759f1723db7292bf6 Mon Sep 17 00:00:00 2001
 From: Bastien Nocera <hadess@hadess.net>
-Date: Sat, 9 Nov 2013 18:13:43 +0100
-Subject: [PATCH 1/2] obex: Use GLib helper function to manipulate paths
+Date: Mon, 12 Feb 2024 20:02:45 +0000
+Subject: [PATCH] obex: Use GLib helper function to manipulate paths

 Instead of trying to do it by hand. This also makes sure that
 relative paths aren't used by the agent.
+
+[Emil Velikov]
+Originally this patch was posted in 2013, but deferred since bluez was
+planning to move away from glib. Presently there's no obvious action
+towards that goal, so I think we can safely land this.
+
+As mentioned by the author, current code allows for relative paths and
+considering that obexd service runs without meaningful sandboxing and on
+some distributions it is ran as root, we should plug the whole before
+anyone (ab)uses it.
 ---
- obexd/src/manager.c | 10 +++++-----
- 1 file changed, 5 insertions(+), 5 deletions(-)
+ obexd/src/manager.c | 15 +++++----------
+ 1 file changed, 5 insertions(+), 10 deletions(-)

 diff --git a/obexd/src/manager.c b/obexd/src/manager.c
-index f84384ae4..285c07c37 100644
+index 73fd6b9aff15..cc1de7ae2ed3 100644
 --- a/obexd/src/manager.c
 +++ b/obexd/src/manager.c
-@@ -650,14 +650,14 @@ static void agent_reply(DBusPendingCall *call, void *user_data)
+@@ -644,18 +644,13 @@ static void agent_reply(DBusPendingCall *call, void *user_data)
 				DBUS_TYPE_STRING, &name,
 				DBUS_TYPE_INVALID)) {
 		/* Splits folder and name */
@ -22,17 +32,21 @@ index f84384ae4..285c07c37 100644
 		DBG("Agent replied with %s", name);
 -		if (!slash) {
 -			agent->new_name = g_strdup(name);
-+		if (is_relative) {
-+			agent->new_name = g_path_get_basename(name);
+		agent->new_name = g_path_get_basename(name);
+		if (is_relative)
 			agent->new_folder = NULL;
- 		} else {
-			agent->new_name = g_strdup(slash + 1);
+-		} else {
+-			if (strlen(slash) == 1)
+-				agent->new_name = NULL;
+-			else
+-				agent->new_name = g_strdup(slash + 1);
 -			agent->new_folder = g_strndup(name, slash - name);
-+			agent->new_name = g_path_get_basename(name);
+-		}
+		else
 +			agent->new_folder = g_path_get_dirname(name);
- 		}
 	}
 
+ 	dbus_message_unref(reply);
 -- 
-2.14.1
+2.43.0

--- a/0001-sdpd-Fix-leaking-buffers-stored-in-cstates-cache.patch
+++ b/0001-sdpd-Fix-leaking-buffers-stored-in-cstates-cache.patch
@ -1,468 +0,0 @@
-From 4e6a2402ed4f46ea026ad0929fbc14faecf3a475 Mon Sep 17 00:00:00 2001
-From: Gopal Tiwari <gtiwari@redhat.com>
-Date: Wed, 1 Dec 2021 12:18:24 +0530
-Subject: [PATCH BlueZ] sdpd: Fix leaking buffers stored in cstates cache
-
-commit e79417ed7185b150a056d4eb3a1ab528b91d2fc0
-Author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
-Date:   Thu Jul 15 11:01:20 2021 -0700
-
-    sdpd: Fix leaking buffers stored in cstates cache
-
-    These buffer shall only be keep in cache for as long as they are
-    needed so this would cleanup any client cstates in the following
-    conditions:
-
-     - There is no cstate on the response
-     - No continuation can be found for cstate
-     - Different request opcode
-     - Respond with an error
-     - Client disconnect
-
-    Fixes: https://github.com/bluez/bluez/security/advisories/GHSA-3fqg-r8j5-f5xq
---
- src/sdpd-request.c | 170 ++++++++++++++++++++++++++++++++-------------
- src/sdpd-server.c  |  20 +++---
- src/sdpd.h         |   3 +
- unit/test-sdp.c    |   2 +-
- 4 files changed, 135 insertions(+), 60 deletions(-)
-
-diff --git a/src/sdpd-request.c b/src/sdpd-request.c
-index 033d1e5bf..c8f5a2c72 100644
--- a/src/sdpd-request.c
-+++ b/src/sdpd-request.c
-@@ -42,48 +42,78 @@ typedef struct {
- 
- #define MIN(x, y) ((x) < (y)) ? (x): (y)
- 
-typedef struct _sdp_cstate_list sdp_cstate_list_t;
-+typedef struct sdp_cont_info sdp_cont_info_t;
- 
-struct _sdp_cstate_list {
-	sdp_cstate_list_t *next;
-+struct sdp_cont_info {
-+	int sock;
-+	uint8_t opcode;
- 	uint32_t timestamp;
- 	sdp_buf_t buf;
- };
- 
-static sdp_cstate_list_t *cstates;
-+static sdp_list_t *cstates;
- 
-/* FIXME: should probably remove it when it's found */
-static sdp_buf_t *sdp_get_cached_rsp(sdp_cont_state_t *cstate)
-+static int cstate_match(const void *data, const void *user_data)
- {
-	sdp_cstate_list_t *p;
-+	const sdp_cont_info_t *cinfo = data;
-+	const sdp_cont_state_t *cstate = user_data;
- 
-	for (p = cstates; p; p = p->next) {
-		/* Check timestamp */
-		if (p->timestamp != cstate->timestamp)
-			continue;
-+	/* Check timestamp */
-+	return cinfo->timestamp - cstate->timestamp;
-+}
-+
-+static void sdp_cont_info_free(sdp_cont_info_t *cinfo)
-+{
-+	if (!cinfo)
-+		return;
-+
-+	cstates = sdp_list_remove(cstates, cinfo);
-+	free(cinfo->buf.data);
-+	free(cinfo);
-+}
-+
-+static sdp_cont_info_t *sdp_get_cont_info(sdp_req_t *req,
-+						sdp_cont_state_t *cstate)
-+{
-+	sdp_list_t *list;
-+
-+	list = sdp_list_find(cstates, cstate, cstate_match);
-+	if (list) {
-+		sdp_cont_info_t *cinfo = list->data;
- 
-		/* Check if requesting more than available */
-		if (cstate->cStateValue.maxBytesSent < p->buf.data_size)
-			return &p->buf;
-+		if (cinfo->opcode == req->opcode)
-+			return cinfo;
-+
-+		/* Cleanup continuation if the opcode doesn't match since its
-+		 * response buffer shall only be valid for the original requests
-+		 */
-+		sdp_cont_info_free(cinfo);
-+		return NULL;
- 	}
- 
-	return 0;
-+	/* Cleanup cstates if no continuation info could be found */
-+	sdp_cstate_cleanup(req->sock);
-+
-+	return NULL;
- }
- 
-static uint32_t sdp_cstate_alloc_buf(sdp_buf_t *buf)
-+static uint32_t sdp_cstate_alloc_buf(sdp_req_t *req, sdp_buf_t *buf)
- {
-	sdp_cstate_list_t *cstate = malloc(sizeof(sdp_cstate_list_t));
-+	sdp_cont_info_t *cinfo = malloc(sizeof(sdp_cont_info_t));
- 	uint8_t *data = malloc(buf->data_size);
- 
- 	memcpy(data, buf->data, buf->data_size);
-	memset((char *)cstate, 0, sizeof(sdp_cstate_list_t));
-	cstate->buf.data = data;
-	cstate->buf.data_size = buf->data_size;
-	cstate->buf.buf_size = buf->data_size;
-	cstate->timestamp = sdp_get_time();
-	cstate->next = cstates;
-	cstates = cstate;
-	return cstate->timestamp;
-+	memset(cinfo, 0, sizeof(sdp_cont_info_t));
-+	cinfo->buf.data = data;
-+	cinfo->buf.data_size = buf->data_size;
-+	cinfo->buf.buf_size = buf->data_size;
-+	cinfo->timestamp = sdp_get_time();
-+	cinfo->sock = req->sock;
-+	cinfo->opcode = req->opcode;
-+
-+	cstates = sdp_list_append(cstates, cinfo);
-+
-+	return cinfo->timestamp;
- }
- 
- /* Additional values for checking datatype (not in spec) */
-@@ -274,14 +304,16 @@ static int sdp_set_cstate_pdu(sdp_buf_t *buf, sdp_cont_state_t *cstate)
- 	return length;
- }
- 
-static int sdp_cstate_get(uint8_t *buffer, size_t len,
-						sdp_cont_state_t **cstate)
-+static int sdp_cstate_get(sdp_req_t *req, uint8_t *buffer, size_t len,
-+			sdp_cont_state_t **cstate, sdp_cont_info_t **cinfo)
- {
- 	uint8_t cStateSize = *buffer;
- 
- 	SDPDBG("Continuation State size : %d", cStateSize);
- 
- 	if (cStateSize == 0) {
-+		/* Cleanup cstates if request doesn't contain a cstate */
-+		sdp_cstate_cleanup(req->sock);
- 		*cstate = NULL;
- 		return 0;
- 	}
-@@ -306,6 +338,8 @@ static int sdp_cstate_get(uint8_t *buffer, size_t len,
- 	SDPDBG("Cstate TS : 0x%x", (*cstate)->timestamp);
- 	SDPDBG("Bytes sent : %d", (*cstate)->cStateValue.maxBytesSent);
- 
-+	*cinfo = sdp_get_cont_info(req, *cstate);
-+
- 	return 0;
- }
- 
-@@ -360,6 +394,7 @@ static int service_search_req(sdp_req_t *req, sdp_buf_t *buf)
- 	uint16_t expected, actual, rsp_count = 0;
- 	uint8_t dtd;
- 	sdp_cont_state_t *cstate = NULL;
-+	sdp_cont_info_t *cinfo = NULL;
- 	uint8_t *pCacheBuffer = NULL;
- 	int handleSize = 0;
- 	uint32_t cStateId = 0;
-@@ -399,9 +434,9 @@ static int service_search_req(sdp_req_t *req, sdp_buf_t *buf)
- 
- 	/*
- 	 * Check if continuation state exists, if yes attempt
-	 * to get rsp remainder from cache, else send error
-+	 * to get rsp remainder from continuation info, else send error
- 	 */
-	if (sdp_cstate_get(pdata, data_left, &cstate) < 0) {
-+	if (sdp_cstate_get(req, pdata, data_left, &cstate, &cinfo) < 0) {
- 		status = SDP_INVALID_SYNTAX;
- 		goto done;
- 	}
-@@ -451,7 +486,7 @@ static int service_search_req(sdp_req_t *req, sdp_buf_t *buf)
- 
- 		if (rsp_count > actual) {
- 			/* cache the rsp and generate a continuation state */
-			cStateId = sdp_cstate_alloc_buf(buf);
-+			cStateId = sdp_cstate_alloc_buf(req, buf);
- 			/*
- 			 * subtract handleSize since we now send only
- 			 * a subset of handles
-@@ -459,6 +494,7 @@ static int service_search_req(sdp_req_t *req, sdp_buf_t *buf)
- 			buf->data_size -= handleSize;
- 		} else {
- 			/* NULL continuation state */
-+			sdp_cont_info_free(cinfo);
- 			sdp_set_cstate_pdu(buf, NULL);
- 		}
- 	}
-@@ -468,13 +504,15 @@ static int service_search_req(sdp_req_t *req, sdp_buf_t *buf)
- 		short lastIndex = 0;
- 
- 		if (cstate) {
-			/*
-			 * Get the previous sdp_cont_state_t and obtain
-			 * the cached rsp
-			 */
-			sdp_buf_t *pCache = sdp_get_cached_rsp(cstate);
-			if (pCache) {
-				pCacheBuffer = pCache->data;
-+			if (cinfo) {
-+				/* Check if requesting more than available */
-+				if (cstate->cStateValue.maxBytesSent >=
-+						cinfo->buf.data_size) {
-+					status = SDP_INVALID_CSTATE;
-+					goto done;
-+				}
-+
-+				pCacheBuffer = cinfo->buf.data;
- 				/* get the rsp_count from the cached buffer */
- 				rsp_count = get_be16(pCacheBuffer);
- 
-@@ -518,6 +556,7 @@ static int service_search_req(sdp_req_t *req, sdp_buf_t *buf)
- 		if (i == rsp_count) {
- 			/* set "null" continuationState */
- 			sdp_set_cstate_pdu(buf, NULL);
-+			sdp_cont_info_free(cinfo);
- 		} else {
- 			/*
- 			 * there's more: set lastIndexSent to
-@@ -540,6 +579,7 @@ static int service_search_req(sdp_req_t *req, sdp_buf_t *buf)
- 
- done:
- 	free(cstate);
-+
- 	if (pattern)
- 		sdp_list_free(pattern, free);
- 
-@@ -619,15 +659,21 @@ static int extract_attrs(sdp_record_t *rec, sdp_list_t *seq, sdp_buf_t *buf)
- }
- 
- /* Build cstate response */
-static int sdp_cstate_rsp(sdp_cont_state_t *cstate, sdp_buf_t *buf,
-							uint16_t max)
-+static int sdp_cstate_rsp(sdp_cont_info_t *cinfo, sdp_cont_state_t *cstate,
-+					sdp_buf_t *buf, uint16_t max)
- {
-	/* continuation State exists -> get from cache */
-	sdp_buf_t *cache = sdp_get_cached_rsp(cstate);
-+	sdp_buf_t *cache;
- 	uint16_t sent;
- 
-	if (!cache)
-+	if (!cinfo)
-+		return 0;
-+
-+	if (cstate->cStateValue.maxBytesSent >= cinfo->buf.data_size) {
-+		sdp_cont_info_free(cinfo);
- 		return 0;
-+	}
-+
-+	cache = &cinfo->buf;
- 
- 	sent = MIN(max, cache->data_size - cstate->cStateValue.maxBytesSent);
- 	memcpy(buf->data, cache->data + cstate->cStateValue.maxBytesSent, sent);
-@@ -637,8 +683,10 @@ static int sdp_cstate_rsp(sdp_cont_state_t *cstate, sdp_buf_t *buf,
- 	SDPDBG("Response size : %d sending now : %d bytes sent so far : %d",
- 		cache->data_size, sent, cstate->cStateValue.maxBytesSent);
- 
-	if (cstate->cStateValue.maxBytesSent == cache->data_size)
-+	if (cstate->cStateValue.maxBytesSent == cache->data_size) {
-+		sdp_cont_info_free(cinfo);
- 		return sdp_set_cstate_pdu(buf, NULL);
-+	}
- 
- 	return sdp_set_cstate_pdu(buf, cstate);
- }
-@@ -652,6 +700,7 @@ static int sdp_cstate_rsp(sdp_cont_state_t *cstate, sdp_buf_t *buf,
- static int service_attr_req(sdp_req_t *req, sdp_buf_t *buf)
- {
- 	sdp_cont_state_t *cstate = NULL;
-+	sdp_cont_info_t *cinfo = NULL;
- 	short cstate_size = 0;
- 	sdp_list_t *seq = NULL;
- 	uint8_t dtd = 0;
-@@ -708,7 +757,7 @@ static int service_attr_req(sdp_req_t *req, sdp_buf_t *buf)
- 	 * if continuation state exists, attempt
- 	 * to get rsp remainder from cache, else send error
- 	 */
-	if (sdp_cstate_get(pdata, data_left, &cstate) < 0) {
-+	if (sdp_cstate_get(req, pdata, data_left, &cstate, &cinfo) < 0) {
- 		status = SDP_INVALID_SYNTAX;
- 		goto done;
- 	}
-@@ -737,7 +786,7 @@ static int service_attr_req(sdp_req_t *req, sdp_buf_t *buf)
- 	buf->buf_size -= sizeof(uint16_t);
- 
- 	if (cstate) {
-		cstate_size = sdp_cstate_rsp(cstate, buf, max_rsp_size);
-+		cstate_size = sdp_cstate_rsp(cinfo, cstate, buf, max_rsp_size);
- 		if (!cstate_size) {
- 			status = SDP_INVALID_CSTATE;
- 			error("NULL cache buffer and non-NULL continuation state");
-@@ -749,7 +798,7 @@ static int service_attr_req(sdp_req_t *req, sdp_buf_t *buf)
- 			sdp_cont_state_t newState;
- 
- 			memset((char *)&newState, 0, sizeof(sdp_cont_state_t));
-			newState.timestamp = sdp_cstate_alloc_buf(buf);
-+			newState.timestamp = sdp_cstate_alloc_buf(req, buf);
- 			/*
- 			 * Reset the buffer size to the maximum expected and
- 			 * set the sdp_cont_state_t
-@@ -793,6 +842,7 @@ static int service_search_attr_req(sdp_req_t *req, sdp_buf_t *buf)
- 	int scanned, rsp_count = 0;
- 	sdp_list_t *pattern = NULL, *seq = NULL, *svcList;
- 	sdp_cont_state_t *cstate = NULL;
-+	sdp_cont_info_t *cinfo = NULL;
- 	short cstate_size = 0;
- 	uint8_t dtd = 0;
- 	sdp_buf_t tmpbuf;
-@@ -852,7 +902,7 @@ static int service_search_attr_req(sdp_req_t *req, sdp_buf_t *buf)
- 	 * if continuation state exists attempt
- 	 * to get rsp remainder from cache, else send error
- 	 */
-	if (sdp_cstate_get(pdata, data_left, &cstate) < 0) {
-+	if (sdp_cstate_get(req, pdata, data_left, &cstate, &cinfo) < 0) {
- 		status = SDP_INVALID_SYNTAX;
- 		goto done;
- 	}
-@@ -906,7 +956,7 @@ static int service_search_attr_req(sdp_req_t *req, sdp_buf_t *buf)
- 			sdp_cont_state_t newState;
- 
- 			memset((char *)&newState, 0, sizeof(sdp_cont_state_t));
-			newState.timestamp = sdp_cstate_alloc_buf(buf);
-+			newState.timestamp = sdp_cstate_alloc_buf(req, buf);
- 			/*
- 			 * Reset the buffer size to the maximum expected and
- 			 * set the sdp_cont_state_t
-@@ -917,7 +967,7 @@ static int service_search_attr_req(sdp_req_t *req, sdp_buf_t *buf)
- 		} else
- 			cstate_size = sdp_set_cstate_pdu(buf, NULL);
- 	} else {
-		cstate_size = sdp_cstate_rsp(cstate, buf, max);
-+		cstate_size = sdp_cstate_rsp(cinfo, cstate, buf, max);
- 		if (!cstate_size) {
- 			status = SDP_INVALID_CSTATE;
- 			SDPDBG("Non-null continuation state, but null cache buffer");
-@@ -974,6 +1024,9 @@ static void process_request(sdp_req_t *req)
- 		status = SDP_INVALID_PDU_SIZE;
- 		goto send_rsp;
- 	}
-+
-+	req->opcode = reqhdr->pdu_id;
-+
- 	switch (reqhdr->pdu_id) {
- 	case SDP_SVC_SEARCH_REQ:
- 		SDPDBG("Got a svc srch req");
-@@ -1020,6 +1073,8 @@ static void process_request(sdp_req_t *req)
- 
- send_rsp:
- 	if (status) {
-+		/* Cleanup cstates on error */
-+		sdp_cstate_cleanup(req->sock);
- 		rsphdr->pdu_id = SDP_ERROR_RSP;
- 		put_be16(status, rsp.data);
- 		rsp.data_size = sizeof(uint16_t);
-@@ -1108,3 +1163,20 @@ void handle_request(int sk, uint8_t *data, int len)
- 
- 	process_request(&req);
- }
-+
-+void sdp_cstate_cleanup(int sock)
-+{
-+	sdp_list_t *list;
-+
-+	/* Remove any cinfo for the client */
-+	for (list = cstates; list;) {
-+		sdp_cont_info_t *cinfo = list->data;
-+
-+		list = list->next;
-+
-+		if (cinfo->sock != sock)
-+			continue;
-+
-+		sdp_cont_info_free(cinfo);
-+	}
-+}
-diff --git a/src/sdpd-server.c b/src/sdpd-server.c
-index dfd8b1f00..66ee7ba14 100644
--- a/src/sdpd-server.c
-+++ b/src/sdpd-server.c
-@@ -146,16 +146,12 @@ static gboolean io_session_event(GIOChannel *chan, GIOCondition cond, gpointer d
- 
- 	sk = g_io_channel_unix_get_fd(chan);
- 
-	if (cond & (G_IO_HUP | G_IO_ERR)) {
-		sdp_svcdb_collect_all(sk);
-		return FALSE;
-	}
-+	if (cond & (G_IO_HUP | G_IO_ERR))
-+		goto cleanup;
- 
- 	len = recv(sk, &hdr, sizeof(sdp_pdu_hdr_t), MSG_PEEK);
-	if (len < 0 || (unsigned int) len < sizeof(sdp_pdu_hdr_t)) {
-		sdp_svcdb_collect_all(sk);
-		return FALSE;
-	}
-+	if (len < 0 || (unsigned int) len < sizeof(sdp_pdu_hdr_t))
-+		goto cleanup;
- 
- 	size = sizeof(sdp_pdu_hdr_t) + ntohs(hdr.plen);
- 	buf = malloc(size);
-@@ -168,14 +164,18 @@ static gboolean io_session_event(GIOChannel *chan, GIOCondition cond, gpointer d
- 	 * inside handle_request() in order to produce ErrorResponse.
- 	 */
- 	if (len <= 0) {
-		sdp_svcdb_collect_all(sk);
- 		free(buf);
-		return FALSE;
-+		goto cleanup;
- 	}
- 
- 	handle_request(sk, buf, len);
- 
- 	return TRUE;
-+
-+cleanup:
-+	sdp_svcdb_collect_all(sk);
-+	sdp_cstate_cleanup(sk);
-+	return FALSE;
- }
- 
- static gboolean io_accept_event(GIOChannel *chan, GIOCondition cond, gpointer data)
-diff --git a/src/sdpd.h b/src/sdpd.h
-index 257411f03..4316aff67 100644
--- a/src/sdpd.h
-+++ b/src/sdpd.h
-@@ -27,8 +27,11 @@ typedef struct request {
- 	int      flags;
- 	uint8_t  *buf;
- 	int      len;
-+	uint8_t  opcode;
- } sdp_req_t;
- 
-+void sdp_cstate_cleanup(int sock);
-+
- void handle_internal_request(int sk, int mtu, void *data, int len);
- void handle_request(int sk, uint8_t *data, int len);
- 
-diff --git a/unit/test-sdp.c b/unit/test-sdp.c
-index d3a885f19..8f95fcb71 100644
--- a/unit/test-sdp.c
-+++ b/unit/test-sdp.c
-@@ -235,7 +235,7 @@ static gboolean client_handler(GIOChannel *channel, GIOCondition cond,
- 	tester_monitor('>', 0x0000, 0x0001, buf, len);
- 
- 	g_assert(len > 0);
-	g_assert((size_t) len == rsp_pdu->raw_size + rsp_pdu->cont_len);
-+	g_assert_cmpuint(len, ==, rsp_pdu->raw_size + rsp_pdu->cont_len);
- 
- 	g_assert(memcmp(buf, rsp_pdu->raw_data,	rsp_pdu->raw_size) == 0);
- 
-- 
-2.26.2
-
--- a/0002-systemd-Add-PrivateTmp-and-NoNewPrivileges-options.patch
+++ b/0002-systemd-Add-PrivateTmp-and-NoNewPrivileges-options.patch
@ -1,38 +0,0 @@
-From 36a44fc05feebe1aab16c33a1121f952986b2801 Mon Sep 17 00:00:00 2001
-From: Craig Andrews <candrews@integralblue.com>
-Date: Wed, 13 Sep 2017 15:23:09 +0200
-Subject: [PATCH 2/4] systemd: Add PrivateTmp and NoNewPrivileges options
-
-PrivateTmp makes bluetoothd's /tmp and /var/tmp be inside a different
-namespace. This is useful to secure access to temporary files of the
-process.
-
-NoNewPrivileges ensures that service process and all its children
-can never gain new privileges through execve(), lowering the risk of
-possible privilege escalations.
---
- src/bluetooth.service.in | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/src/bluetooth.service.in b/src/bluetooth.service.in
-index f9faaa452..7c2f60bb4 100644
--- a/src/bluetooth.service.in
-+++ b/src/bluetooth.service.in
-@@ -12,8 +12,14 @@ NotifyAccess=main
- #Restart=on-failure
- CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
- LimitNPROC=1
-+
-+# Filesystem lockdown
- ProtectHome=true
- ProtectSystem=full
-+PrivateTmp=true
-+
-+# Privilege escalation
-+NoNewPrivileges=true
- 
- [Install]
- WantedBy=bluetooth.target
-- 
-2.21.0
-
--- a/0003-systemd-Add-more-filesystem-lockdown.patch
+++ b/0003-systemd-Add-more-filesystem-lockdown.patch
@ -1,44 +0,0 @@
-From 13a348670fef0047555395ce6977e86e0005f8bd Mon Sep 17 00:00:00 2001
-From: Bastien Nocera <hadess@hadess.net>
-Date: Wed, 13 Sep 2017 15:37:11 +0200
-Subject: [PATCH 3/4] systemd: Add more filesystem lockdown
-
-We can only access the configuration file as read-only and read-write
-to the Bluetooth cache directory and sub-directories.
---
- Makefile.am              | 3 +++
- src/bluetooth.service.in | 4 ++++
- 2 files changed, 7 insertions(+)
-
-diff --git a/Makefile.am b/Makefile.am
-index ac88c12e0..0a6d09847 100644
--- a/Makefile.am
-+++ b/Makefile.am
-@@ -562,6 +562,9 @@ MAINTAINERCLEANFILES = Makefile.in \
- 
- SED_PROCESS = $(AM_V_GEN)$(MKDIR_P) $(dir $@) && \
- 		$(SED) -e 's,@pkglibexecdir\@,$(pkglibexecdir),g' \
-+		       -e 's,@libexecdir\@,$(libexecdir),g' \
-+		       -e 's,@statedir\@,$(statedir),g' \
-+		       -e 's,@confdir\@,$(confdir),g' \
- 		< $< > $@
- 
- %.service: %.service.in Makefile
-diff --git a/src/bluetooth.service.in b/src/bluetooth.service.in
-index 7c2f60bb4..4daedef2a 100644
--- a/src/bluetooth.service.in
-+++ b/src/bluetooth.service.in
-@@ -17,6 +17,10 @@ LimitNPROC=1
- ProtectHome=true
- ProtectSystem=full
- PrivateTmp=true
-+ProtectKernelTunables=true
-+ProtectControlGroups=true
-+ReadWritePaths=@statedir@
-+ReadOnlyPaths=@confdir@
- 
- # Privilege escalation
- NoNewPrivileges=true
-- 
-2.21.0
-
--- a/0004-systemd-More-lockdown.patch
+++ b/0004-systemd-More-lockdown.patch
@ -1,34 +0,0 @@
-From a6963e0402695d7b6a89c1b1c75c40dbd8fcde52 Mon Sep 17 00:00:00 2001
-From: Bastien Nocera <hadess@hadess.net>
-Date: Wed, 13 Sep 2017 15:38:26 +0200
-Subject: [PATCH 4/4] systemd: More lockdown
-
-bluetoothd does not need to execute mapped memory, or real-time
-access, so block those.
---
- src/bluetooth.service.in | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/src/bluetooth.service.in b/src/bluetooth.service.in
-index 4daedef2a..f18801866 100644
--- a/src/bluetooth.service.in
-+++ b/src/bluetooth.service.in
-@@ -22,9 +22,15 @@ ProtectControlGroups=true
- ReadWritePaths=@statedir@
- ReadOnlyPaths=@confdir@
- 
-+# Execute Mappings
-+MemoryDenyWriteExecute=true
-+
- # Privilege escalation
- NoNewPrivileges=true
- 
-+# Real-time
-+RestrictRealtime=true
-+
- [Install]
- WantedBy=bluetooth.target
- Alias=dbus-org.bluez.service
-- 
-2.21.0
-
--- a/0005-media-rename-local-function-conflicting-with-pause-2.patch
+++ b/0005-media-rename-local-function-conflicting-with-pause-2.patch
@ -1,42 +0,0 @@
-From 124dee151746b4a8a2e8a7194af78f2c82f75d79 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Wed, 3 Mar 2021 08:57:36 +0100
-Subject: [PATCH] media: rename local function conflicting with pause(2)
-
-profiles/audio/media.c:1284:13: error: conflicting types for 'pause'; have '_Bool(void *)'
- 1284 | static bool pause(void *user_data)
-      |             ^~~~~
-In file included from /usr/include/bits/sigstksz.h:24,
-                 from /usr/include/signal.h:315,
-                 from /usr/include/glib-2.0/glib/gbacktrace.h:36,
-                 from /usr/include/glib-2.0/glib.h:34,
-                 from profiles/audio/media.c:21:
-/usr/include/unistd.h:478:12: note: previous declaration of 'pause' with type 'int(void)'
-  478 | extern int pause (void);
-      |            ^~~~~
---
- profiles/audio/media.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/profiles/audio/media.c b/profiles/audio/media.c
-index c84bbe22dc..3d8c4b69c3 100644
--- a/profiles/audio/media.c
-+++ b/profiles/audio/media.c
-@@ -1281,7 +1281,7 @@ static bool stop(void *user_data)
- 	return media_player_send(mp, "Stop");
- }
- 
-static bool pause(void *user_data)
-+static bool pause_play(void *user_data)
- {
- 	struct media_player *mp = user_data;
- 
-@@ -1331,7 +1331,7 @@ static struct avrcp_player_cb player_cb = {
- 	.set_volume = set_volume,
- 	.play = play,
- 	.stop = stop,
-	.pause = pause,
-+	.pause = pause_play,
- 	.next = next,
- 	.previous = previous,
- };
--- a/bluez-avdtp-fix-removing-all-seps-when-loading-from-cache.patch
+++ b/bluez-avdtp-fix-removing-all-seps-when-loading-from-cache.patch
@ -1,41 +0,0 @@
-From 28ddec8d6b829e002fa268c07b71e4c564ba9e16 Mon Sep 17 00:00:00 2001
-From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
-Date: Thu, 11 Mar 2021 07:36:07 -0800
-Subject: [PATCH] avdtp: Fix removing all remote SEPs when loading from cache
-
-If avdtp_discover is called after cache has been loaded it end up
-removing all remote SEPs as they have not been discovered yet.
-
-Fixes: https://github.com/bluez/bluez/issues/102
---
- profiles/audio/avdtp.c | 16 ++++++++++++----
- 1 file changed, 12 insertions(+), 4 deletions(-)
-
-diff --git a/profiles/audio/avdtp.c b/profiles/audio/avdtp.c
-index 088ca58b3..1d5871c62 100644
--- a/profiles/audio/avdtp.c
-+++ b/profiles/audio/avdtp.c
-@@ -3381,10 +3381,18 @@ int avdtp_discover(struct avdtp *session, avdtp_discover_cb_t cb,
- 	session->discover = g_new0(struct discover_callback, 1);
- 
- 	if (session->seps) {
-		session->discover->cb = cb;
-		session->discover->user_data = user_data;
-		session->discover->id = g_idle_add(process_discover, session);
-		return 0;
-+		struct avdtp_remote_sep *sep = session->seps->data;
-+
-+		/* Check that SEP have been discovered as it may be loaded from
-+		 * cache.
-+		 */
-+		if (sep->discovered) {
-+			session->discover->cb = cb;
-+			session->discover->user_data = user_data;
-+			session->discover->id = g_idle_add(process_discover,
-+								session);
-+			return 0;
-+		}
- 	}
- 
- 	err = send_request(session, FALSE, NULL, AVDTP_DISCOVER, NULL, 0);
-
--- a/bluez.spec
+++ b/bluez.spec
@ -5,7 +5,7 @@
 %endif

 Name:    bluez
-Version: 5.64
+Version: 5.72
 Release: 1%{?dist}
 Summary: Bluetooth utilities
 License: GPLv2+
@ -16,13 +16,8 @@ Source1: bluez.gitignore

 # https://github.com/hadess/bluez/commits/obex-5.46
 Patch1: 0001-obex-Use-GLib-helper-function-to-manipulate-paths.patch
-# https://github.com/hadess/bluez/commits/systemd-hardening
-#Patch10: 0001-build-Always-define-confdir-and-statedir.patch
-#Patch11: 0002-systemd-Add-PrivateTmp-and-NoNewPrivileges-options.patch
-#Patch12: 0003-systemd-Add-more-filesystem-lockdown.patch
-#Patch13: 0004-systemd-More-lockdown.patch
-#Patch14: 0005-media-rename-local-function-conflicting-with-pause-2.patch
-#Patch15: bluez-avdtp-fix-removing-all-seps-when-loading-from-cache.patch
+# https://patchwork.kernel.org/project/bluetooth/patch/20240214155019.325715-1-hadess@hadess.net/
+Patch2: 0001-Add-missing-mesh-gatt-JSON-files.patch

 BuildRequires: dbus-devel >= 1.6
 BuildRequires: glib2-devel
@ -40,6 +35,7 @@ BuildRequires: cups-devel
 BuildRequires: libtool automake autoconf
 # For man pages
 BuildRequires: python3-docutils
+BuildRequires: python3-pygments

 Requires: dbus >= 1.6
 Requires(post): systemd
@ -149,9 +145,7 @@ Object Exchange daemon for sharing files, contacts etc over bluetooth
 %build
 autoreconf -vif
 %configure --enable-tools --enable-library --disable-optimization \
-%if %{with deprecated}
           --enable-deprecated \
-%endif
           --enable-sixaxis --enable-cups --enable-nfc --enable-mesh \
           --enable-hid2hci --enable-testing \
           --with-systemdsystemunitdir=%{_unitdir} \
@ -166,6 +160,10 @@ autoreconf -vif
 # "make install" fails to install gatttool, necessary for Bluetooth Low Energy
 # Red Hat Bugzilla bug #1141909, Debian bug #720486
 install -m0755 attrib/gatttool $RPM_BUILD_ROOT%{_bindir}
+%else
+for i in ciptool gatttool hciattach hciconfig hcidump hcitool rfcomm sdptool ; do \
+	rm -f $RPM_BUILD_ROOT%{_bindir}/$i $RPM_BUILD_ROOT%{_mandir}/man1/$i*.1* ; \
+done
 %endif

 # "make install" fails to install avinfo
@ -236,7 +234,6 @@ install emulator/btvirt ${RPM_BUILD_ROOT}/%{_libexecdir}/bluetooth/
 %doc AUTHORS ChangeLog
 %dir %{_sysconfdir}/bluetooth
 %config %{_sysconfdir}/bluetooth/main.conf
-%config %{_sysconfdir}/dbus-1/system.d/bluetooth.conf
 %{_bindir}/avinfo
 %{_bindir}/bluemoon
 %{_bindir}/bluetoothctl
@ -248,7 +245,10 @@ install emulator/btvirt ${RPM_BUILD_ROOT}/%{_libexecdir}/bluetooth/
 %{_bindir}/l2test
 %{_bindir}/mpris-proxy
 %{_bindir}/rctest
+%{_mandir}/man1/bluetoothctl.1.*
+%{_mandir}/man1/bluetoothctl-*.1.*
 %{_mandir}/man1/btattach.1.*
+%{_mandir}/man1/btmgmt.1.*
 %{_mandir}/man1/btmon.1.*
 %{_mandir}/man1/l2ping.1.*
 %{_mandir}/man1/rctest.1.*
@ -258,6 +258,7 @@ install emulator/btvirt ${RPM_BUILD_ROOT}/%{_libexecdir}/bluetooth/
 %{_libdir}/bluetooth/
 %{_localstatedir}/lib/bluetooth
 %{_datadir}/dbus-1/system-services/org.bluez.service
+%{_datadir}/dbus-1/system.d/bluetooth.conf
 %{_unitdir}/bluetooth.service
 %{_datadir}/zsh/site-functions/_bluetoothctl

@ -287,8 +288,14 @@ install emulator/btvirt ${RPM_BUILD_ROOT}/%{_libexecdir}/bluetooth/

 %files libs-devel
 %doc doc/*txt
+%{_bindir}/isotest
+%{_bindir}/l2test
+%{_bindir}/rctest
 %{_libdir}/libbluetooth.so
 %{_includedir}/bluetooth
+%{_mandir}/man1/isotest.1.*
+%{_mandir}/man1/rctest.1.*
+%{_mandir}/man5/org.bluez.*.5.*
 %{_libdir}/pkgconfig/bluez.pc
 %dir %{_libexecdir}/bluetooth
 %{_libexecdir}/bluetooth/btvirt
@ -304,11 +311,11 @@ install emulator/btvirt ${RPM_BUILD_ROOT}/%{_libexecdir}/bluetooth/
 %files mesh
 %doc tools/mesh-gatt/*.json
 %config %{_sysconfdir}/bluetooth/mesh-main.conf
-%config %{_sysconfdir}/dbus-1/system.d/bluetooth-mesh.conf
 %{_bindir}/meshctl
 %{_bindir}/mesh-cfgclient
 %{_bindir}/mesh-cfgtest
 %{_datadir}/dbus-1/system-services/org.bluez.mesh.service
+%{_datadir}/dbus-1/system.d/bluetooth-mesh.conf
 %{_libexecdir}/bluetooth/bluetooth-meshd
 %{_unitdir}/bluetooth-mesh.service
 %{_localstatedir}/lib/bluetooth/mesh
@ -320,10 +327,16 @@ install emulator/btvirt ${RPM_BUILD_ROOT}/%{_libexecdir}/bluetooth/
 %{_userunitdir}/obex.service

 %changelog
+* Thu Feb 15 2024 Bastien Nocera <bnocera@redhat.com> - 5.72-1
+- Update to 5.72
+
+* Thu Jun 9 2022 Gopal Tiwari <gtiwari@redhat.com> - 5.64-2
+- Coverity fixes for bluez.
+
 * Thu May 5 2022 Gopal Tiwari <gtiwari@redhat.com> - 5.64-1
 - Update to 5.64

-* Fri Dec 16 2021 Gopal Tiwari <gtiwari@redhat.com> - 5.56-8
+* Thu Dec 16 2021 Gopal Tiwari <gtiwari@redhat.com> - 5.56-8
 - Fixing Gating and version
  Related: rhbz#2027435

--- a/1
+++ b/1
@ -1 +1,2 @@
 SHA512 (bluez-5.64.tar.xz) = f11f9974b29c5c6fce3890d7e42425c1cb02e42c1b8f49c5cc4b249234e67b64317d0e5e82721e2fbf1b53269c8569a9c869d59ce42b5e927f6622f0753e53cd
+SHA512 (bluez-5.72.tar.xz) = 1c6560f60ac0654d7c25ed8ab2f0f3a3a9ca8688ee28e1c476ffc7ae38737e739d27bbb88789c86b03fc600a8a68496d90a7b395ec393dd2bbf69be62357991a
Author	SHA1	Message	Date
David Marlin	358da0160e	Upgrade to 5.72	2024-02-28 01:16:20 +00:00
Gopal Tiwari	43f9b44f02	Resolves: rhbz#1938686.	2022-06-09 14:24:04 +05:30