Import from CS git

.bluez.metadata

@@ -1 +1 @@
-a862b9ddc039f34f7135bbee3c3e80040e82e046 SOURCES/bluez-5.56.tar.xz
+c5137186e7cc60652eed44cff0067ef749e49eff SOURCES/bluez-5.63.tar.xz

.gitignore

@@ -1 +1 @@
-SOURCES/bluez-5.56.tar.xz
+SOURCES/bluez-5.63.tar.xz

SOURCES/0001-Change-default-of-ClassicBondedOnly.patch

@@ -0,0 +1,54 @@
+From: David Marlin <dmarlin@redhat.com>
+
+Subject: input.conf: Change default of ClassicBondedOnly
+
+Resolves: RHEL-18429
+
+CVE: CVE-2023-45866
+
+commit 25a471a83e02e1effb15d5a488b3f0085eaeb675
+Author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+Date:   Tue Oct 10 13:03:12 2023 -0700
+
+    input.conf: Change default of ClassicBondedOnly
+    
+    This changes the default of ClassicBondedOnly since defaulting to false
+    is not inline with HID specification which mandates the of Security Mode
+    4:
+    
+    BLUETOOTH SPECIFICATION Page 84 of 123
+    Human Interface Device (HID) Profile:
+    
+      5.4.3.4.2 Security Modes
+      Bluetooth HID Hosts shall use Security Mode 4 when interoperating with
+      Bluetooth HID devices that are compliant to the Bluetooth Core
+      Specification v2.1+EDR[6].
+
+Signed-off-by: David Marlin <dmarlin@redhat.com>
+
+diff --git a/profiles/input/device.c b/profiles/input/device.c
+index 4a50ea9921a97751a94547c0e73177d58184a75d..4310dd192e113f9875c07117d523167655cef954 100644
+--- a/profiles/input/device.c
++++ b/profiles/input/device.c
+@@ -81,7 +81,7 @@ struct input_device {
+ 
+ static int idle_timeout = 0;
+ static bool uhid_enabled = false;
+-static bool classic_bonded_only = false;
++static bool classic_bonded_only = true;
+ 
+ void input_set_idle_timeout(int timeout)
+ {
+diff --git a/profiles/input/input.conf b/profiles/input/input.conf
+index 4c70bc561f05429442c6fe0a183584ad1536fa4b..d8645f3dd664e2d671791878462f8a0dc74e04a5 100644
+--- a/profiles/input/input.conf
++++ b/profiles/input/input.conf
+@@ -17,7 +17,7 @@
+ # platforms may want to make sure that input connections only come from bonded
+ # device connections. Several older mice have been known for not supporting
+ # pairing/encryption.
+-# Defaults to false to maximize device compatibility.
++# Defaults to true for security.
+ #ClassicBondedOnly=true
+ 
+ # LE upgrade security

SOURCES/0001-adapter-Don-t-refresh-adv_manager-for-non-LE-devices.patch

@@ -1,51 +0,0 @@
-From 2c3bba7b38be03834162e34069156f1fd49f0528 Mon Sep 17 00:00:00 2001
-From: "antoine.belvire@laposte.net" <antoine.belvire@laposte.net>
-Date: Tue, 27 Mar 2018 20:30:26 +0200
-Subject: [PATCH] adapter: Don't refresh adv_manager for non-LE devices
-
-btd_adv_manager_refresh is called upon MGMT_SETTING_DISCOVERABLE setting change
-but as only LE adapters have an adv_manager, this leads to segmentation fault
-for non-LE devices:
-
-0  btd_adv_manager_refresh (manager=0x0) at src/advertising.c:1176
-1  0x0000556fe45fcb02 in settings_changed (settings=<optimized out>,
-    adapter=0x556fe53f7c70) at src/adapter.c:543
-2  new_settings_callback (index=<optimized out>, length=<optimized out>,
-    param=<optimized out>, user_data=0x556fe53f7c70) at src/adapter.c:573
-3  0x0000556fe462c278 in request_complete (mgmt=mgmt@entry=0x556fe53f20c0,
-    status=<optimized out>, opcode=opcode@entry=7, index=index@entry=0,
-    length=length@entry=4, param=0x556fe53eb5f9) at src/shared/mgmt.c:261
-4  0x0000556fe462cd9d in can_read_data (io=<optimized out>,
-    user_data=0x556fe53f20c0) at src/shared/mgmt.c:353
-5  0x0000556fe46396e3 in watch_callback (channel=<optimized out>,
-    cond=<optimized out>, user_data=<optimized out>)
-    at src/shared/io-glib.c:170
-6  0x00007fe351c980e5 in g_main_context_dispatch ()
-   from /usr/lib64/libglib-2.0.so.0
-7  0x00007fe351c984b0 in ?? () from /usr/lib64/libglib-2.0.so.0
-8  0x00007fe351c987c2 in g_main_loop_run () from /usr/lib64/libglib-2.0.so.0
-9  0x0000556fe45abc75 in main (argc=<optimized out>, argv=<optimized out>)
-    at src/main.c:770
-
-This commit prevents the call to btd_adv_manager_refresh for non-LE devices.
----
- src/adapter.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/adapter.c b/src/adapter.c
-index 6b9222bcf..daccfdc19 100644
---- a/src/adapter.c
-+++ b/src/adapter.c
-@@ -540,7 +540,8 @@ static void settings_changed(struct btd_adapter *adapter, uint32_t settings)
- 		g_dbus_emit_property_changed(dbus_conn, adapter->path,
- 					ADAPTER_INTERFACE, "Discoverable");
- 		store_adapter_info(adapter);
--		btd_adv_manager_refresh(adapter->adv_manager);
-+		if (adapter->supported_settings & MGMT_SETTING_LE)
-+			btd_adv_manager_refresh(adapter->adv_manager);
- 	}
- 
- 	if (changed_mask & MGMT_SETTING_BONDABLE) {
--- 
-2.17.0
-

SOURCES/0001-avrcp-Fix-crash-while-handling-unsupported-events.patch

@@ -0,0 +1,54 @@
+From: David Marlin <dmarlin@redhat.com>
+
+Subject: avrcp: Fix crash while handling unsupported events
+
+Resolves: RHEL-35371
+Resolves: RHEL-35492
+
+Fixes CVE-2023-27349
+Fixes CVE-2023-51589
+
+commit f54299a850676d92c3dafd83e9174fcfe420ccc9
+Author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+Date:   Wed Mar 22 11:34:24 2023 -0700
+
+    avrcp: Fix crash while handling unsupported events
+    
+    The following crash can be observed if the remote peer send and
+    unsupported event:
+    
+    ERROR: AddressSanitizer: heap-use-after-free on address 0x60b000148f11
+     at pc 0x559644552088 bp 0x7ffe28b3c7b0 sp 0x7ffe28b3c7a0
+     WRITE of size 1 at 0x60b000148f11 thread T0
+         #0 0x559644552087 in avrcp_handle_event profiles/audio/avrcp.c:3907
+         #1 0x559644536c22 in control_response profiles/audio/avctp.c:939
+         #2 0x5596445379ab in session_cb profiles/audio/avctp.c:1108
+         #3 0x7fbcb3e51c43 in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x55c43)
+         #4 0x7fbcb3ea66c7  (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0xaa6c7)
+         #5 0x7fbcb3e512b2 in g_main_loop_run (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x552b2)
+         #6 0x559644754ab6 in mainloop_run src/shared/mainloop-glib.c:66
+         #7 0x559644755606 in mainloop_run_with_signal src/shared/mainloop-notify.c:188
+         #8 0x5596445bb963 in main src/main.c:1289
+         #9 0x7fbcb3bafd8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
+         #10 0x7fbcb3bafe3f in __libc_start_main_impl ../csu/libc-start.c:392
+         #11 0x5596444e8224 in _start (/usr/local/libexec/bluetooth/bluetoothd+0xf0224)
+
+Signed-off-by: David Marlin <dmarlin@redhat.com>
+
+diff --git a/profiles/audio/avrcp.c b/profiles/audio/avrcp.c
+index 80f34c7a77a17ddad89abe62e8a7a028c6fecf3c..dda9a303fb711ca009258ba671dc47b7fdd15f94 100644
+--- a/profiles/audio/avrcp.c
++++ b/profiles/audio/avrcp.c
+@@ -3901,6 +3901,12 @@ static gboolean avrcp_handle_event(struct avctp *conn, uint8_t code,
+ 	case AVRCP_EVENT_UIDS_CHANGED:
+ 		avrcp_uids_changed(session, pdu);
+ 		break;
++	default:
++		if (event > AVRCP_EVENT_LAST) {
++			warn("Unsupported event: %u", event);
++			return FALSE;
++		}
++		break;
+ 	}
+ 
+ 	session->registered_events |= (1 << event);

SOURCES/0001-build-Always-define-confdir-and-statedir.patch

@@ -1,25 +1,19 @@
-From 5a62336f4da3a2d1a1ab38d03980d57844bce147 Mon Sep 17 00:00:00 2001
-From: Gopal Tiwari <gtiwari@redhat.com>
-Date: Mon, 8 Jun 2020 20:56:46 +0530
-Subject: [PATCH BlueZ 1/4] build: Always define confdir and statedir
-
-From 69d2e7bebb79f500179298c6c51fafbc217df6c8 Mon Sep 17 00:00:00 2001
+From 5744f79d84ecee3929a682166034c5bbc36c0ef5 Mon Sep 17 00:00:00 2001
 From: Bastien Nocera <hadess@hadess.net>
 Date: Wed, 20 Sep 2017 12:49:10 +0200
-
-build: Always define confdir and statedir
+Subject: [PATCH 1/4] build: Always define confdir and statedir
 
 As we will need those paths to lock down on them.
 ---
- Makefile.am | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
+ Makefile.am | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
 
 diff --git a/Makefile.am b/Makefile.am
-index 84c9712c9..6e77ed91e 100644
+index 9d25a815b..ac88c12e0 100644
 --- a/Makefile.am
 +++ b/Makefile.am
-@@ -31,14 +31,15 @@ pkginclude_HEADERS =
- AM_CFLAGS = $(WARNING_CFLAGS) $(MISC_CFLAGS) $(UDEV_CFLAGS) $(ell_cflags)
+@@ -28,14 +28,14 @@
+ 				$(LIBEDATASERVER_CFLAGS) $(ell_cflags)
  AM_LDFLAGS = $(MISC_LDFLAGS)
  
 +confdir = $(sysconfdir)/bluetooth
@@ -31,11 +25,11 @@ index 84c9712c9..6e77ed91e 100644
  
 -confdir = $(sysconfdir)/bluetooth
  conf_DATA =
- 
+-
 -statedir = $(localstatedir)/lib/bluetooth
  state_DATA =
  endif
  
 -- 
-2.21.1
+2.21.0
 

SOURCES/0001-gdbus-Emit-InterfacesAdded-of-parents-objects-first.patch

@@ -0,0 +1,36 @@
+From 4c3eedcb96bd4795dd5c25c688005fc12f364aeb Mon Sep 17 00:00:00 2001
+From: Gopal Tiwari <gtiwari@redhat.com>
+Date: Wed, 20 Apr 2022 12:19:05 +0530
+Subject: [PATCH BlueZ] gdbus: Emit InterfacesAdded of parents objects first
+
+This makes InterfacesAdded respect the object hierarchy in case its
+parent has pending interfaces to be added.
+
+Fixes: #272
+Fixes: #284
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1534857
+Fixes: https://bugs.archlinux.org/task/57464
+---
+ gdbus/object.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/gdbus/object.c b/gdbus/object.c
+index 50a8b4ff1..f7c8c2be5 100644
+--- a/gdbus/object.c
++++ b/gdbus/object.c
+@@ -551,6 +551,12 @@ static void emit_interfaces_added(struct generic_data *data)
+ 	if (root == NULL || data == root)
+ 		return;
+ 
++	/* Emit InterfacesAdded on the parent first so it appears first on the
++	 * bus as child objects may point to it.
++	 */
++	if (data->parent && data->parent->added)
++		emit_interfaces_added(data->parent);
++
+ 	signal = dbus_message_new_signal(root->path,
+ 					DBUS_INTERFACE_OBJECT_MANAGER,
+ 					"InterfacesAdded");
+-- 
+2.26.2
+

SOURCES/0001-pbap-Fix-not-checking-Primary_Secundary-Counter-lengt.patch

@@ -0,0 +1,73 @@
+From: David Marlin <dmarlin@redhat.com>
+
+Subject: pbap: Fix not checking Primary/Secundary Counter length
+
+Resolves: RHEL-35501
+Resolves: RHEL-35504
+
+CVE: CVE-2023-50230
+CVE: CVE-2023-50229
+
+commit 5ab5352531a9cc7058cce569607f3a6831464443
+Author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+Date:   Tue Sep 19 12:14:01 2023 -0700
+
+    pbap: Fix not checking Primary/Secundary Counter length
+    
+    Primary/Secundary Counters are supposed to be 16 bytes values, if the
+    server has implemented them incorrectly it may lead to the following
+    crash:
+    
+    =================================================================
+    ==31860==ERROR: AddressSanitizer: heap-buffer-overflow on address
+    0x607000001878 at pc 0x7f95a1575638 bp 0x7fff58c6bb80 sp 0x7fff58c6b328
+    
+     READ of size 48 at 0x607000001878 thread T0
+         #0 0x7f95a1575637 in MemcmpInterceptorCommon(void*, int (*)(void const*, void const*, unsigned long), void const*, void const*, unsigned long) ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:860
+         #1 0x7f95a1575ba6 in __interceptor_memcmp ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:892
+         #2 0x7f95a1575ba6 in __interceptor_memcmp ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:887
+         #3 0x564df69c77a0 in read_version obexd/client/pbap.c:288
+         #4 0x564df69c77a0 in read_return_apparam obexd/client/pbap.c:352
+         #5 0x564df69c77a0 in phonebook_size_callback obexd/client/pbap.c:374
+         #6 0x564df69bea3c in session_terminate_transfer obexd/client/session.c:921
+         #7 0x564df69d56b0 in get_xfer_progress_first obexd/client/transfer.c:729
+         #8 0x564df698b9ee in handle_response gobex/gobex.c:1140
+         #9 0x564df698cdea in incoming_data gobex/gobex.c:1385
+         #10 0x7f95a12fdc43 in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x55c43)
+         #11 0x7f95a13526c7  (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0xaa6c7)
+         #12 0x7f95a12fd2b2 in g_main_loop_run (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x552b2)
+         #13 0x564df6977d41 in main obexd/src/main.c:307
+         #14 0x7f95a10a7d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
+         #15 0x7f95a10a7e3f in __libc_start_main_impl ../csu/libc-start.c:392
+         #16 0x564df6978704 in _start (/usr/local/libexec/bluetooth/obexd+0x8b704)
+     0x607000001878 is located 0 bytes to the right of 72-byte region [0x607000001830,0x607000001878)
+    
+     allocated by thread T0 here:
+         #0 0x7f95a1595a37 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154
+         #1 0x564df69c8b6a in pbap_probe obexd/client/pbap.c:1259
+
+Signed-off-by: David Marlin <dmarlin@redhat.com>
+
+diff --git a/obexd/client/pbap.c b/obexd/client/pbap.c
+index 1ed8c68eccd00097a8539aaa9ede9feed9b6d060..2d2aa950898c38984d544e7708610d4c2af43b59 100644
+--- a/obexd/client/pbap.c
++++ b/obexd/client/pbap.c
+@@ -285,7 +285,7 @@ static void read_version(struct pbap_data *pbap, GObexApparam *apparam)
+ 		data = value;
+ 	}
+ 
+-	if (memcmp(pbap->primary, data, len)) {
++	if (len == sizeof(pbap->primary) && memcmp(pbap->primary, data, len)) {
+ 		memcpy(pbap->primary, data, len);
+ 		g_dbus_emit_property_changed(conn,
+ 					obc_session_get_path(pbap->session),
+@@ -299,7 +299,8 @@ static void read_version(struct pbap_data *pbap, GObexApparam *apparam)
+ 		data = value;
+ 	}
+ 
+-	if (memcmp(pbap->secondary, data, len)) {
++	if (len == sizeof(pbap->secondary) &&
++			memcmp(pbap->secondary, data, len)) {
+ 		memcpy(pbap->secondary, data, len);
+ 		g_dbus_emit_property_changed(conn,
+ 					obc_session_get_path(pbap->session),

SOURCES/0001-shared-gatt-server-Fix-not-properly-checking-for-sec.patch

@@ -1,115 +0,0 @@
-From d22177efb6f17ed281013cdfa4976d218718d5b6 Mon Sep 17 00:00:00 2001
-From: Gopal Tiwari <gtiwari@redhat.com>
-Date: Mon, 31 May 2021 12:29:01 +0530
-Subject: [PATCH BlueZ] shared/gatt-server: Fix not properly checking for
- secure flags
-
-commit ef7316b34cf3a568694bdb0e4e83af17804dff9e (HEAD)
-Author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
-Date:   Tue Mar 2 11:38:33 2021 -0800
-
-shared/gatt-server: Fix not properly checking for secure flags
-
-When passing the mask to check_permissions all valid permissions for
-the operation must be set including BT_ATT_PERM_SECURE flags.
-
-(cherry picked from commit 00da0fb4972cf59e1c075f313da81ea549cb8738)
-Signed-off-by: Gopal Tiwari <gtiwari@redhat.com>
----
- src/shared/att-types.h   |  8 ++++++++
- src/shared/gatt-server.c | 25 +++++++------------------
- 2 files changed, 15 insertions(+), 18 deletions(-)
-
-diff --git a/src/shared/att-types.h b/src/shared/att-types.h
-index 7108b4e94..3adc05d9e 100644
---- a/src/shared/att-types.h
-+++ b/src/shared/att-types.h
-@@ -129,6 +129,14 @@ struct bt_att_pdu_error_rsp {
- #define BT_ATT_PERM_WRITE_SECURE	0x0200
- #define BT_ATT_PERM_SECURE		(BT_ATT_PERM_READ_SECURE | \
- 					BT_ATT_PERM_WRITE_SECURE)
-+#define BT_ATT_PERM_READ_MASK		(BT_ATT_PERM_READ | \
-+					BT_ATT_PERM_READ_AUTHEN | \
-+					BT_ATT_PERM_READ_ENCRYPT | \
-+					BT_ATT_PERM_READ_SECURE)
-+#define BT_ATT_PERM_WRITE_MASK		(BT_ATT_PERM_WRITE | \
-+					BT_ATT_PERM_WRITE_AUTHEN | \
-+					BT_ATT_PERM_WRITE_ENCRYPT | \
-+					BT_ATT_PERM_WRITE_SECURE)
- 
- /* GATT Characteristic Properties Bitfield values */
- #define BT_GATT_CHRC_PROP_BROADCAST			0x01
-diff --git a/src/shared/gatt-server.c b/src/shared/gatt-server.c
-index b5f7de7dc..970c35f94 100644
---- a/src/shared/gatt-server.c
-+++ b/src/shared/gatt-server.c
-@@ -444,9 +444,7 @@ static void process_read_by_type(struct async_read_op *op)
- 		return;
- 	}
- 
--	ecode = check_permissions(server, attr, BT_ATT_PERM_READ |
--						BT_ATT_PERM_READ_AUTHEN |
--						BT_ATT_PERM_READ_ENCRYPT);
-+	ecode = check_permissions(server, attr, BT_ATT_PERM_READ_MASK);
- 	if (ecode)
- 		goto error;
- 
-@@ -811,9 +809,7 @@ static void write_cb(struct bt_att_chan *chan, uint8_t opcode, const void *pdu,
- 				(opcode == BT_ATT_OP_WRITE_REQ) ? "Req" : "Cmd",
- 				handle);
- 
--	ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE |
--						BT_ATT_PERM_WRITE_AUTHEN |
--						BT_ATT_PERM_WRITE_ENCRYPT);
-+	ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE_MASK);
- 	if (ecode)
- 		goto error;
- 
-@@ -913,9 +909,7 @@ static void handle_read_req(struct bt_att_chan *chan,
- 			opcode == BT_ATT_OP_READ_BLOB_REQ ? "Blob " : "",
- 			handle);
- 
--	ecode = check_permissions(server, attr, BT_ATT_PERM_READ |
--						BT_ATT_PERM_READ_AUTHEN |
--						BT_ATT_PERM_READ_ENCRYPT);
-+	ecode = check_permissions(server, attr, BT_ATT_PERM_READ_MASK);
- 	if (ecode)
- 		goto error;
- 
-@@ -1051,9 +1045,8 @@ static void read_multiple_complete_cb(struct gatt_db_attribute *attr, int err,
- 		goto error;
- 	}
- 
--	ecode = check_permissions(data->server, next_attr, BT_ATT_PERM_READ |
--						BT_ATT_PERM_READ_AUTHEN |
--						BT_ATT_PERM_READ_ENCRYPT);
-+	ecode = check_permissions(data->server, next_attr,
-+						BT_ATT_PERM_READ_MASK);
- 	if (ecode)
- 		goto error;
- 
-@@ -1129,9 +1122,7 @@ static void read_multiple_cb(struct bt_att_chan *chan, uint8_t opcode,
- 		goto error;
- 	}
- 
--	ecode = check_permissions(data->server, attr, BT_ATT_PERM_READ |
--						BT_ATT_PERM_READ_AUTHEN |
--						BT_ATT_PERM_READ_ENCRYPT);
-+	ecode = check_permissions(data->server, attr, BT_ATT_PERM_READ_MASK);
- 	if (ecode)
- 		goto error;
- 
-@@ -1308,9 +1299,7 @@ static void prep_write_cb(struct bt_att_chan *chan, uint8_t opcode,
- 	util_debug(server->debug_callback, server->debug_data,
- 				"Prep Write Req - handle: 0x%04x", handle);
- 
--	ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE |
--						BT_ATT_PERM_WRITE_AUTHEN |
--						BT_ATT_PERM_WRITE_ENCRYPT);
-+	ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE_MASK);
- 	if (ecode)
- 		goto error;
- 
--- 
-2.26.2
-

SOURCES/0003-systemd-Add-more-filesystem-lockdown.patch

@@ -1,34 +1,29 @@
-From 1da4185a89fba1c14032ab87757e5fb798d76bc0 Mon Sep 17 00:00:00 2001
-From: Gopal Tiwari <gtiwari@redhat.com>
-Date: Mon, 8 Jun 2020 19:55:39 +0530
-Subject: [PATCH BlueZ 3/4] systemd: Add more filesystem lockdown
-
-From 73a9c0902e7c97adf96e735407a75033152c04a9 Mon Sep 17 00:00:00 2001
+From 13a348670fef0047555395ce6977e86e0005f8bd Mon Sep 17 00:00:00 2001
 From: Bastien Nocera <hadess@hadess.net>
 Date: Wed, 13 Sep 2017 15:37:11 +0200
-
-systemd: Add more filesystem lockdown
+Subject: [PATCH 3/4] systemd: Add more filesystem lockdown
 
 We can only access the configuration file as read-only and read-write
 to the Bluetooth cache directory and sub-directories.
 ---
- Makefile.am              | 2 ++
+ Makefile.am              | 3 +++
  src/bluetooth.service.in | 4 ++++
- 2 files changed, 6 insertions(+)
+ 2 files changed, 7 insertions(+)
 
 diff --git a/Makefile.am b/Makefile.am
-index cdd2fd8fb..0af1a8c45 100644
+index ac88c12e0..0a6d09847 100644
 --- a/Makefile.am
 +++ b/Makefile.am
-@@ -580,6 +580,8 @@ MAINTAINERCLEANFILES = Makefile.in \
+@@ -617,6 +617,9 @@
  
  SED_PROCESS = $(AM_V_GEN)$(MKDIR_P) $(dir $@) && \
  		$(SED) -e 's,@pkglibexecdir\@,$(pkglibexecdir),g' \
++		       -e 's,@libexecdir\@,$(libexecdir),g' \
 +		       -e 's,@statedir\@,$(statedir),g' \
 +		       -e 's,@confdir\@,$(confdir),g' \
  		< $< > $@
  
- %.service: %.service.in Makefile
+ if RUN_RST2MAN
 diff --git a/src/bluetooth.service.in b/src/bluetooth.service.in
 index 7c2f60bb4..4daedef2a 100644
 --- a/src/bluetooth.service.in
@@ -45,5 +40,5 @@ index 7c2f60bb4..4daedef2a 100644
  # Privilege escalation
  NoNewPrivileges=true
 -- 
-2.21.1
+2.21.0
 

SPECS/bluez.spec

@@ -1,7 +1,7 @@
 Name:    bluez
 Summary: Bluetooth utilities
-Version: 5.56
-Release: 2%{?dist}
+Version: 5.63
+Release: 5%{?dist}
 License: GPLv2+
 URL:     http://www.bluez.org/
 
@@ -29,9 +29,10 @@ Patch20: 0001-build-Always-define-confdir-and-statedir.patch
 Patch21: 0002-systemd-Add-PrivateTmp-and-NoNewPrivileges-options.patch
 Patch22: 0003-systemd-Add-more-filesystem-lockdown.patch
 Patch23: 0004-systemd-More-lockdown.patch
+Patch25: 0001-gdbus-Emit-InterfacesAdded-of-parents-objects-first.patch 
 
 # https://bugzilla.redhat.com/show_bug.cgi?id=1567622
-Patch24: 0001-adapter-Don-t-refresh-adv_manager-for-non-LE-devices.patch
+#Patch24: 0001-adapter-Don-t-refresh-adv_manager-for-non-LE-devices.patch
 
 #Patch25: 0001-core-Add-AlwaysPairable-to-main.conf.patch 
 #Patch26: 0002-agent-Make-the-first-agent-to-register-the-default.patch 
@@ -44,7 +45,14 @@ Patch24: 0001-adapter-Don-t-refresh-adv_manager-for-non-LE-devices.patch
 #Patch30: 0001-input-hog-Attempt-to-set-security-level-if-not-bonde.patch
 
 # fixing https://bugzilla.redhat.com/show_bug.cgi?id=1965057
-Patch31: 0001-shared-gatt-server-Fix-not-properly-checking-for-sec.patch
+#Patch31: 0001-shared-gatt-server-Fix-not-properly-checking-for-sec.patch
+
+#Patch32: 0001-sdpd-Fix-leaking-buffers-stored-in-cstates-cache.patch
+
+Patch40: 0001-Change-default-of-ClassicBondedOnly.patch
+
+Patch50: 0001-pbap-Fix-not-checking-Primary_Secundary-Counter-lengt.patch
+Patch51: 0001-avrcp-Fix-crash-while-handling-unsupported-events.patch
 
 BuildRequires: git-core
 BuildRequires: dbus-devel >= 1.6
@@ -59,6 +67,7 @@ BuildRequires: systemd-devel
 BuildRequires: cups-devel
 # For autoreconf
 BuildRequires: libtool automake autoconf
+BuildRequires: python3-docutils
 
 Requires: dbus >= 1.6
 
@@ -233,6 +242,7 @@ make check
 %{_bindir}/rctest
 %{_datadir}/zsh/site-functions/_bluetoothctl
 %{_mandir}/man1/btattach.1.gz
+%{_mandir}/man1/btmon.1.*
 %{_mandir}/man1/ciptool.1.gz
 %{_mandir}/man1/hcitool.1.gz
 %{_mandir}/man1/rfcomm.1.gz
@@ -278,6 +288,38 @@ make check
 %{_userunitdir}/obex.service
 
 %changelog
+* Mon Dec 09 2024 David Marlin <dmarlin@redhat.com> - 5.63-5
++ bluez-5.63-5
+- Resolves: RHEL-35371
+- Fixing CVE-2023-27349
+- Resolves: RHEL-35492
+- Fixing CVE-2023-51589
+
+* Mon Aug 05 2024 David Marlin <dmarlin@redhat.com> - 5.63-4
++ bluez-5.63-4
+- Resolves: RHEL-35501
+- Fixing CVE-2023-50230
+- Resolves: RHEL-35504
+- Fixing CVE-2023-50229
+
+* Thu Jun 06 2024 David Marlin <dmarlin@redhat.com> - 5.63-3
++ bluez-5.63-3
+- Add back the tests for OSCI.
+
+* Wed May 29 2024 David Marlin <dmarlin@redhat.com> - 5.63-2
++ bluez-5.63-2
+- Change default of ClassicBondedOnly to true to align with HID specification.
+- Resolves: RHEL-18429
+- Fixing CVE-2021-41229
+
+* Tue May 17 2022 Gopal Tiwari <gtiwari@redhat.com> - 5.63-1
++ bluez-5.63-1
+- Fixing (#)
+
+* Mon Dec 13 2021 Gopal Tiwari <gtiwari@redhat.com> - 5.56-3
++ bluez-5.56-3
+- Fixing (#2027434)
+- Fixing CVE-2021-41229
 
 * Mon Jun 7 2021 Gopal Tiwari <gtiwari@redhat.com> - 5.56-2
 + bluez-5.56-2