diff --git a/CVE-2016-9800-tool-hcidump-Fix-memory-leak-with-malformed-packet.patch b/CVE-2016-9800-tool-hcidump-Fix-memory-leak-with-malformed-packet.patch deleted file mode 100644 index bea5617..0000000 --- a/CVE-2016-9800-tool-hcidump-Fix-memory-leak-with-malformed-packet.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 5ca9510314d15d562e9ef5515a5483be5f28258d Mon Sep 17 00:00:00 2001 -From: "Cho, Yu-Chen" -Date: Wed, 21 Mar 2018 17:32:45 +0800 -Subject: [PATCH BlueZ] tool/hcidump: Fix memory leak with malformed packet - -Do not allow to read more then buffer size. ---- - tools/parser/hci.c | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/tools/parser/hci.c b/tools/parser/hci.c -index 8c7bd2581..adfd9ab1d 100644 ---- a/tools/parser/hci.c -+++ b/tools/parser/hci.c -@@ -988,8 +988,14 @@ static inline void pin_code_reply_dump(int level, struct frame *frm) - memset(pin, 0, sizeof(pin)); - if (parser.flags & DUMP_NOVENDOR) - memset(pin, '*', cp->pin_len); -- else -+ else { -+ if (cp->pin_len > sizeof(pin)){ -+ perror("Read failed"); -+ exit(1); -+ } -+ - memcpy(pin, cp->pin_code, cp->pin_len); -+ } - printf("bdaddr %s len %d pin \'%s\'\n", addr, cp->pin_len, pin); - } - --- -2.16.2 - diff --git a/CVE-2016-9804-tool-hcidump-Fix-memory-leak-with-malformed-packet.patch b/CVE-2016-9804-tool-hcidump-Fix-memory-leak-with-malformed-packet.patch deleted file mode 100644 index dd9d79d..0000000 --- a/CVE-2016-9804-tool-hcidump-Fix-memory-leak-with-malformed-packet.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 00f50518f232c758855ac9884a841f707f41a301 Mon Sep 17 00:00:00 2001 -From: "Cho, Yu-Chen" -Date: Thu, 3 May 2018 18:52:19 +0800 -Subject: [PATCH BlueZ] tool/hcidump: Fix memory leak with malformed packet - -The Supported Commands is a 64 octet bit field. -Do not allow to read more then the size. ---- - tools/parser/csr.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/tools/parser/csr.c b/tools/parser/csr.c -index a0a4eb5fe..2d3db878a 100644 ---- a/tools/parser/csr.c -+++ b/tools/parser/csr.c -@@ -145,6 +145,11 @@ static inline void commands_dump(int level, char *str, struct frame *frm) - unsigned char commands[64]; - unsigned int i; - -+ if (frm->len > 64) { -+ perror("Read failed"); -+ exit(1); -+ } -+ - memcpy(commands, frm->ptr, frm->len); - - p_indent(level, frm); --- -2.16.3 - diff --git a/RPi-Move-the-43xx-firmware-into-lib-firmware.patch b/RPi-Move-the-43xx-firmware-into-lib-firmware.patch deleted file mode 100644 index 984daf2..0000000 --- a/RPi-Move-the-43xx-firmware-into-lib-firmware.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 72a2a6a6fd0e623c4048d105b34d221bde87eb74 Mon Sep 17 00:00:00 2001 -From: Phil Elwell -Date: Tue, 23 Feb 2016 17:52:29 +0000 -Subject: [PATCH] Move the 43xx firmware into /lib/firmware - ---- - tools/hciattach_bcm43xx.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tools/hciattach_bcm43xx.c b/tools/hciattach_bcm43xx.c -index f3231ec..21450ac 100644 ---- a/tools/hciattach_bcm43xx.c -+++ b/tools/hciattach_bcm43xx.c -@@ -43,7 +43,7 @@ - #include "hciattach.h" - - #ifndef FIRMWARE_DIR --#define FIRMWARE_DIR "/etc/firmware" -+#define FIRMWARE_DIR "/lib/firmware" - #endif - - #define FW_EXT ".hcd" --- -2.9.3 - diff --git a/_service b/_service new file mode 100644 index 0000000..9efed54 --- /dev/null +++ b/_service @@ -0,0 +1,12 @@ + + + https://github.com/seife/bluez-patches.git + _none_ + git + + + + *.tar + xz + + diff --git a/bluez-5.11-logitech-hid2hci.patch b/bluez-5.11-logitech-hid2hci.patch deleted file mode 100644 index 5527897..0000000 --- a/bluez-5.11-logitech-hid2hci.patch +++ /dev/null @@ -1,23 +0,0 @@ -Apparently some Logitech devices need different rules. -https://bugzilla.novell.com/show_bug.cgi?id=681049 -https://bugzilla.novell.com/show_bug.cgi?id=850478 - -Index: b/tools/hid2hci.rules -=================================================================== ---- a/tools/hid2hci.rules -+++ b/tools/hid2hci.rules -@@ -9,11 +9,13 @@ SUBSYSTEM!="usb*", GOTO="hid2hci_end" - ATTR{bInterfaceClass}=="03", ATTR{bInterfaceSubClass}=="01", ATTR{bInterfaceProtocol}=="02", \ - ATTRS{bDeviceClass}=="00", ATTRS{idVendor}=="413c", ATTRS{bmAttributes}=="e0", \ - RUN+="hid2hci --method=dell --devpath=%p", ENV{HID2HCI_SWITCH}="1" - - # Logitech devices --KERNEL=="hiddev*", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c70[345abce]|c71[34bc]", \ -+KERNEL=="hiddev*", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c70[5e]", \ -+ RUN+="hid2hci --method=logitech-hid --devpath=%p" -+KERNEL=="hidraw*", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c70[34abc]|c71[34bc]", \ - RUN+="hid2hci --method=logitech-hid --devpath=%p" - - ENV{DEVTYPE}!="usb_device", GOTO="hid2hci_end" - - # When a Dell device recovers from S3, the mouse child needs to be repoked diff --git a/bluez-5.51-disable-broken-tests.diff b/bluez-5.51-disable-broken-tests.diff deleted file mode 100644 index b84059d..0000000 --- a/bluez-5.51-disable-broken-tests.diff +++ /dev/null @@ -1,24 +0,0 @@ -Index: b/Makefile.am -=================================================================== ---- a/Makefile.am -+++ b/Makefile.am -@@ -474,7 +474,8 @@ unit_test_lib_SOURCES = unit/test-lib.c - unit_test_lib_LDADD = src/libshared-glib.la \ - lib/libbluetooth-internal.la $(GLIB_LIBS) - --unit_tests += unit/test-gatt -+# hangs forever in OBS where AF_ALG is not supported. -+#unit_tests += unit/test-gatt - - unit_test_gatt_SOURCES = unit/test-gatt.c - unit_test_gatt_LDADD = src/libshared-glib.la \ -@@ -504,7 +505,8 @@ unit_test_gattrib_LDADD = lib/libbluetoo - $(GLIB_LIBS) $(DBUS_LIBS) -ldl -lrt - - if MIDI --unit_tests += unit/test-midi -+# fails on i386??? or just random? -+#unit_tests += unit/test-midi - unit_test_midi_CPPFLAGS = $(AM_CPPFLAGS) $(ALSA_CFLAGS) -DMIDI_TEST - unit_test_midi_SOURCES = unit/test-midi.c \ - profiles/midi/libmidi.h \ diff --git a/bluez-cups-libexec.patch b/bluez-cups-libexec.patch deleted file mode 100644 index 686fe83..0000000 --- a/bluez-cups-libexec.patch +++ /dev/null @@ -1,26 +0,0 @@ -Index: b/Makefile.in -=================================================================== ---- a/Makefile.in -+++ b/Makefile.in -@@ -3439,7 +3439,7 @@ unit_tests = $(am__append_54) unit/test- - @DEPRECATED_TRUE@@READLINE_TRUE@attrib_gatttool_LDADD = lib/libbluetooth-internal.la \ - @DEPRECATED_TRUE@@READLINE_TRUE@ src/libshared-glib.la $(GLIB_LIBS) -lreadline - --@CUPS_TRUE@cupsdir = $(libdir)/cups/backend -+@CUPS_TRUE@cupsdir = $(libexecdir)/cups/backend - @CUPS_TRUE@profiles_cups_bluetooth_SOURCES = profiles/cups/main.c \ - @CUPS_TRUE@ profiles/cups/cups.h \ - @CUPS_TRUE@ profiles/cups/sdp.c \ -Index: b/Makefile.tools -=================================================================== ---- a/Makefile.tools -+++ b/Makefile.tools -@@ -441,7 +441,7 @@ endif - endif - - if CUPS --cupsdir = $(libdir)/cups/backend -+cupsdir = $(libexecdir)/cups/backend - - cups_PROGRAMS = profiles/cups/bluetooth - diff --git a/bluez-patches-.tar.xz b/bluez-patches-.tar.xz new file mode 100644 index 0000000..1a7a2ef --- /dev/null +++ b/bluez-patches-.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:fb239b904b0f9bdb69339219b03f83dd00cfe4bc653aba3e56f48755b67feaff +size 2756 diff --git a/bluez-sdp-unix-path.patch b/bluez-sdp-unix-path.patch deleted file mode 100644 index 821e6bf..0000000 --- a/bluez-sdp-unix-path.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- bluez-5.8.orig/lib/sdp.h -+++ bluez-5.8/lib/sdp.h -@@ -34,7 +34,7 @@ extern "C" { - #include - #include - --#define SDP_UNIX_PATH "/var/run/sdp" -+#define SDP_UNIX_PATH "/run/sdp" - #define SDP_RESPONSE_TIMEOUT 20 - #define SDP_REQ_BUFFER_SIZE 2048 - #define SDP_RSP_BUFFER_SIZE 65535 diff --git a/bluez.changes b/bluez.changes index 99ea89b..a4fa0f6 100644 --- a/bluez.changes +++ b/bluez.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Fri Oct 4 09:35:44 UTC 2019 - Stefan Seyfried + +- consolidate patches bluez-sdp-unix-path.patch, + bluez-cups-libexec.patch, bluez-5.51-disable-broken-tests.diff, + RPi-Move-the-43xx-firmware-into-lib-firmware.patch, + CVE-2016-9800-tool-hcidump-Fix-memory-leak-with-malformed-packet.patch, + CVE-2016-9804-tool-hcidump-Fix-memory-leak-with-malformed-packet.patch, + bluez-5.11-logitech-hid2hci.patch into bluez-patches-.tar.xz to + clean up the spec file and make it more maintainable +- move patches to github for easier maintainability +- add _service for patch tarball generation + ------------------------------------------------------------------- Wed Oct 2 08:33:56 UTC 2019 - Stefan Seyfried diff --git a/bluez.spec b/bluez.spec index 5967525..de03e9d 100644 --- a/bluez.spec +++ b/bluez.spec @@ -2,7 +2,7 @@ # spec file for package bluez # # Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. -# Copyright (c) 2010-2017 B1 Systems GmbH, Vohburg, Germany +# Copyright (c) 2010-2019 B1 Systems GmbH, Vohburg, Germany # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -25,22 +25,11 @@ License: GPL-2.0-or-later Group: Hardware/Mobile Url: http://www.bluez.org Source: http://www.kernel.org/pub/linux/bluetooth/bluez-%{version}.tar.xz +# maintained at https://github.com/seife/bluez-patches.git +# stupid obs_scm (or me?) appends the "-" after the name, even if version is disabled. +Source1: bluez-patches-.tar.xz Source5: baselibs.conf Source7: bluetooth.modprobe -# fix some logitech HID devices, bnc#681049, bnc#850478 --seife+obs@b1-systems.com -Patch1: bluez-5.11-logitech-hid2hci.patch -Patch2: bluez-sdp-unix-path.patch -# PATCH-FIX-UPSTREAM: find the cups dir in libexec not in libdir -Patch3: bluez-cups-libexec.patch -# workaround for broken tests (reported upstream but not yet fixed) -Patch4: bluez-5.51-disable-broken-tests.diff -# Move 43xx firmware path for RPi3 bluetooth support bsc#1140688 -Patch10: RPi-Move-the-43xx-firmware-into-lib-firmware.patch -# Upstream suggests to use btmon instead of hcidump and does not want those patches -# => PATCH-FIX-OPENSUSE for those two :-) -# fix some memory leak with malformed packet (reported upstream but not yet fixed) -Patch101: CVE-2016-9800-tool-hcidump-Fix-memory-leak-with-malformed-packet.patch -Patch102: CVE-2016-9804-tool-hcidump-Fix-memory-leak-with-malformed-packet.patch BuildRequires: automake BuildRequires: flex @@ -143,14 +132,10 @@ desktop specific applets like blueman or GNOME or KDE applets). { systemctl status -n0 bluetooth.service > /dev/null && systemctl restart bluetooth.service ; } ||: %prep -%setup -q -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch10 -p1 -%patch101 -p1 -%patch102 -p1 +%setup -q -a 1 +for i in $(cat bluez-patches-/series); do + patch -p1 -i bluez-patches-/$i --fuzz=%{_default_patch_fuzz} %{_default_patch_flags} || exit 1 +done mkdir dbus-apis cp -a doc/*.txt dbus-apis/ # FIXME: Change the dbus service to be a real service, not systemd launched