pool/bluez
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- update to 5.71:

Browse Source 
* Fix issue with not registering CSIS service.
  * Fix issue with registering pairing callbacks.
  * Fix issue with corruption during discovery filter parsing.
- drop CVE-2023-45866.patch,
  Fix-.device_probe-failing-if-SDP-record-is-not.patch: upstream

OBS-URL: https://build.opensuse.org/package/show/Base:System/bluez?expand=0&rev=358
This commit is contained in:
Dirk Mueller 2023-12-20 23:29:57 +00:00 committed by Git OBS Bridge
parent 49519ab15a
commit 41d8293030
6 changed files with 16 additions and 369 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
CVE-2023-45866.patch
View File

@ -1,50 +0,0 @@
From 25a471a83e02e1effb15d5a488b3f0085eaeb675 Mon Sep 17 00:00:00 2001
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Date: Tue, 10 Oct 2023 13:03:12 -0700
Subject: input.conf: Change default of ClassicBondedOnly
This changes the default of ClassicBondedOnly since defaulting to false
is not inline with HID specification which mandates the of Security Mode
4:
BLUETOOTH SPECIFICATION Page 84 of 123
Human Interface Device (HID) Profile:
5.4.3.4.2 Security Modes
Bluetooth HID Hosts shall use Security Mode 4 when interoperating with
Bluetooth HID devices that are compliant to the Bluetooth Core
Specification v2.1+EDR[6].
---
profiles/input/device.c | 2 +-
profiles/input/input.conf | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/profiles/input/device.c b/profiles/input/device.c
index 4a50ea9921..4310dd192e 100644
--- a/profiles/input/device.c
+++ b/profiles/input/device.c
@@ -81,7 +81,7 @@ struct input_device {
static int idle_timeout = 0;
static bool uhid_enabled = false;
-static bool classic_bonded_only = false;
+static bool classic_bonded_only = true;
void input_set_idle_timeout(int timeout)
{
diff --git a/profiles/input/input.conf b/profiles/input/input.conf
index 4c70bc561f..d8645f3dd6 100644
--- a/profiles/input/input.conf
+++ b/profiles/input/input.conf
@@ -17,7 +17,7 @@
# platforms may want to make sure that input connections only come from bonded
# device connections. Several older mice have been known for not supporting
# pairing/encryption.
-# Defaults to false to maximize device compatibility.
+# Defaults to true for security.
#ClassicBondedOnly=true
# LE upgrade security
--
cgit 1.2.3-korg

310
Fix-.device_probe-failing-if-SDP-record-is-not.patch
View File

@ -1,310 +0,0 @@
From 3a9c637010f8dc1ba3e8382abe01065761d4f5bb Mon Sep 17 00:00:00 2001
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Date: Tue, 10 Oct 2023 12:38:29 -0700
Subject: [PATCH] input: Fix .device_probe failing if SDP record is not found
Due to changes introduced by 67a26abe53bf
("profile: Add probe_on_discover flag") profiles may get probed when
their profile UUID are discovered, rather than resolved, which means
the SDP record may not be available.
Fixes: https://github.com/bluez/bluez/issues/614
---
profiles/input/device.c | 182 +++++++++++++++++++---------------------
1 file changed, 84 insertions(+), 98 deletions(-)
diff --git a/profiles/input/device.c b/profiles/input/device.c
index e2ac6ea60..4a50ea992 100644
--- a/profiles/input/device.c
+++ b/profiles/input/device.c
@@ -60,7 +60,7 @@ struct input_device {
char *path;
bdaddr_t src;
bdaddr_t dst;
- uint32_t handle;
+ const sdp_record_t *rec;
GIOChannel *ctrl_io;
GIOChannel *intr_io;
guint ctrl_watch;
@@ -754,7 +754,8 @@ static void epox_endian_quirk(unsigned char *data, int size)
}
}
-static int create_hid_dev_name(sdp_record_t *rec, struct hidp_connadd_req *req)
+static int create_hid_dev_name(const sdp_record_t *rec,
+ struct hidp_connadd_req *req)
{
char sdesc[sizeof(req->name) / 2];
@@ -776,7 +777,7 @@ static int create_hid_dev_name(sdp_record_t *rec, struct hidp_connadd_req *req)
/* See HID profile specification v1.0, "7.11.6 HIDDescriptorList" for details
* on the attribute format. */
-static int extract_hid_desc_data(sdp_record_t *rec,
+static int extract_hid_desc_data(const sdp_record_t *rec,
struct hidp_connadd_req *req)
{
sdp_data_t *d;
@@ -817,36 +818,40 @@ invalid_desc:
return -EINVAL;
}
-static int extract_hid_record(sdp_record_t *rec, struct hidp_connadd_req *req)
+static int extract_hid_record(struct input_device *idev,
+ struct hidp_connadd_req *req)
{
sdp_data_t *pdlist;
uint8_t attr_val;
int err;
- err = create_hid_dev_name(rec, req);
+ if (!idev->rec)
+ return -ENOENT;
+
+ err = create_hid_dev_name(idev->rec, req);
if (err < 0)
DBG("No valid Service Name or Service Description found");
- pdlist = sdp_data_get(rec, SDP_ATTR_HID_PARSER_VERSION);
+ pdlist = sdp_data_get(idev->rec, SDP_ATTR_HID_PARSER_VERSION);
req->parser = pdlist ? pdlist->val.uint16 : 0x0100;
- pdlist = sdp_data_get(rec, SDP_ATTR_HID_DEVICE_SUBCLASS);
+ pdlist = sdp_data_get(idev->rec, SDP_ATTR_HID_DEVICE_SUBCLASS);
req->subclass = pdlist ? pdlist->val.uint8 : 0;
- pdlist = sdp_data_get(rec, SDP_ATTR_HID_COUNTRY_CODE);
+ pdlist = sdp_data_get(idev->rec, SDP_ATTR_HID_COUNTRY_CODE);
req->country = pdlist ? pdlist->val.uint8 : 0;
- pdlist = sdp_data_get(rec, SDP_ATTR_HID_VIRTUAL_CABLE);
+ pdlist = sdp_data_get(idev->rec, SDP_ATTR_HID_VIRTUAL_CABLE);
attr_val = pdlist ? pdlist->val.uint8 : 0;
if (attr_val)
req->flags |= (1 << HIDP_VIRTUAL_CABLE_UNPLUG);
- pdlist = sdp_data_get(rec, SDP_ATTR_HID_BOOT_DEVICE);
+ pdlist = sdp_data_get(idev->rec, SDP_ATTR_HID_BOOT_DEVICE);
attr_val = pdlist ? pdlist->val.uint8 : 0;
if (attr_val)
req->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE);
- err = extract_hid_desc_data(rec, req);
+ err = extract_hid_desc_data(idev->rec, req);
if (err < 0)
return err;
@@ -1035,11 +1040,6 @@ static gboolean encrypt_notify(GIOChannel *io, GIOCondition condition,
static int hidp_add_connection(struct input_device *idev)
{
struct hidp_connadd_req *req;
- sdp_record_t *rec;
- char src_addr[18], dst_addr[18];
- char filename[PATH_MAX];
- GKeyFile *key_file;
- char handle[11], *str;
GError *gerr = NULL;
int err;
@@ -1049,33 +1049,7 @@ static int hidp_add_connection(struct input_device *idev)
req->flags = 0;
req->idle_to = idle_timeout;
- ba2str(&idev->src, src_addr);
- ba2str(&idev->dst, dst_addr);
-
- snprintf(filename, PATH_MAX, STORAGEDIR "/%s/cache/%s", src_addr,
- dst_addr);
- sprintf(handle, "0x%8.8X", idev->handle);
-
- key_file = g_key_file_new();
- if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
- error("Unable to load key file from %s: (%s)", filename,
- gerr->message);
- g_clear_error(&gerr);
- }
- str = g_key_file_get_string(key_file, "ServiceRecords", handle, NULL);
- g_key_file_free(key_file);
-
- if (!str) {
- error("Rejected connection from unknown device %s", dst_addr);
- err = -EPERM;
- goto cleanup;
- }
-
- rec = record_from_string(str);
- g_free(str);
-
- err = extract_hid_record(rec, req);
- sdp_record_free(rec);
+ err = extract_hid_record(idev, req);
if (err < 0) {
error("Could not parse HID SDP record: %s (%d)", strerror(-err),
-err);
@@ -1091,7 +1065,7 @@ static int hidp_add_connection(struct input_device *idev)
/* Make sure the device is bonded if required */
if (classic_bonded_only && !input_device_bonded(idev)) {
- error("Rejected connection from !bonded device %s", dst_addr);
+ error("Rejected connection from !bonded device %s", idev->path);
goto cleanup;
}
@@ -1161,6 +1135,68 @@ static int connection_disconnect(struct input_device *idev, uint32_t flags)
return ioctl_disconnect(idev, flags);
}
+static bool is_device_sdp_disable(const sdp_record_t *rec)
+{
+ sdp_data_t *data;
+
+ data = sdp_data_get(rec, SDP_ATTR_HID_SDP_DISABLE);
+
+ return data && data->val.uint8;
+}
+
+static enum reconnect_mode_t hid_reconnection_mode(bool reconnect_initiate,
+ bool normally_connectable)
+{
+ if (!reconnect_initiate && !normally_connectable)
+ return RECONNECT_NONE;
+ else if (!reconnect_initiate && normally_connectable)
+ return RECONNECT_HOST;
+ else if (reconnect_initiate && !normally_connectable)
+ return RECONNECT_DEVICE;
+ else /* (reconnect_initiate && normally_connectable) */
+ return RECONNECT_ANY;
+}
+
+static void extract_hid_props(struct input_device *idev,
+ const sdp_record_t *rec)
+{
+ /* Extract HID connectability */
+ bool reconnect_initiate, normally_connectable;
+ sdp_data_t *pdlist;
+
+ /* HIDNormallyConnectable is optional and assumed FALSE if not
+ * present.
+ */
+ pdlist = sdp_data_get(rec, SDP_ATTR_HID_RECONNECT_INITIATE);
+ reconnect_initiate = pdlist ? pdlist->val.uint8 : TRUE;
+
+ pdlist = sdp_data_get(rec, SDP_ATTR_HID_NORMALLY_CONNECTABLE);
+ normally_connectable = pdlist ? pdlist->val.uint8 : FALSE;
+
+ /* Update local values */
+ idev->reconnect_mode =
+ hid_reconnection_mode(reconnect_initiate, normally_connectable);
+}
+
+static void input_device_update_rec(struct input_device *idev)
+{
+ struct btd_profile *p = btd_service_get_profile(idev->service);
+ const sdp_record_t *rec;
+
+ rec = btd_device_get_record(idev->device, p->remote_uuid);
+ if (!rec || idev->rec == rec)
+ return;
+
+ idev->rec = rec;
+ idev->disable_sdp = is_device_sdp_disable(rec);
+
+ /* Initialize device properties */
+ extract_hid_props(idev, rec);
+
+ if (idev->disable_sdp)
+ device_set_refresh_discovery(idev->device, false);
+}
+
static int input_device_connected(struct input_device *idev)
{
int err;
@@ -1168,6 +1204,9 @@ static int input_device_connected(struct input_device *idev)
if (idev->intr_io == NULL || idev->ctrl_io == NULL)
return -ENOTCONN;
+ /* Attempt to update SDP record if it had changed */
+ input_device_update_rec(idev);
+
err = hidp_add_connection(idev);
if (err < 0)
return err;
@@ -1411,74 +1450,21 @@ int input_device_disconnect(struct btd_service *service)
return 0;
}
-static bool is_device_sdp_disable(const sdp_record_t *rec)
-{
- sdp_data_t *data;
-
- data = sdp_data_get(rec, SDP_ATTR_HID_SDP_DISABLE);
-
- return data && data->val.uint8;
-}
-
-static enum reconnect_mode_t hid_reconnection_mode(bool reconnect_initiate,
- bool normally_connectable)
-{
- if (!reconnect_initiate && !normally_connectable)
- return RECONNECT_NONE;
- else if (!reconnect_initiate && normally_connectable)
- return RECONNECT_HOST;
- else if (reconnect_initiate && !normally_connectable)
- return RECONNECT_DEVICE;
- else /* (reconnect_initiate && normally_connectable) */
- return RECONNECT_ANY;
-}
-
-static void extract_hid_props(struct input_device *idev,
- const sdp_record_t *rec)
-{
- /* Extract HID connectability */
- bool reconnect_initiate, normally_connectable;
- sdp_data_t *pdlist;
-
- /* HIDNormallyConnectable is optional and assumed FALSE
- * if not present. */
- pdlist = sdp_data_get(rec, SDP_ATTR_HID_RECONNECT_INITIATE);
- reconnect_initiate = pdlist ? pdlist->val.uint8 : TRUE;
-
- pdlist = sdp_data_get(rec, SDP_ATTR_HID_NORMALLY_CONNECTABLE);
- normally_connectable = pdlist ? pdlist->val.uint8 : FALSE;
-
- /* Update local values */
- idev->reconnect_mode =
- hid_reconnection_mode(reconnect_initiate, normally_connectable);
-}
-
static struct input_device *input_device_new(struct btd_service *service)
{
struct btd_device *device = btd_service_get_device(service);
- struct btd_profile *p = btd_service_get_profile(service);
const char *path = device_get_path(device);
- const sdp_record_t *rec = btd_device_get_record(device, p->remote_uuid);
struct btd_adapter *adapter = device_get_adapter(device);
struct input_device *idev;
- if (!rec)
- return NULL;
-
idev = g_new0(struct input_device, 1);
bacpy(&idev->src, btd_adapter_get_address(adapter));
bacpy(&idev->dst, device_get_address(device));
idev->service = btd_service_ref(service);
idev->device = btd_device_ref(device);
idev->path = g_strdup(path);
- idev->handle = rec->handle;
- idev->disable_sdp = is_device_sdp_disable(rec);
-
- /* Initialize device properties */
- extract_hid_props(idev, rec);
- if (idev->disable_sdp)
- device_set_refresh_discovery(device, false);
+ input_device_update_rec(idev);
return idev;
}
--
2.42.0

BIN
bluez-5.70.tar.xz (Stored with Git LFS)
View File

Binary file not shown.

3
bluez-5.71.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b828d418c93ced1f55b616fb5482cf01537440bfb34fbda1a564f3ece94735d8
size 2381208

11
bluez.changes
View File

@ -1,3 +1,14 @@
-------------------------------------------------------------------
Wed Dec 20 23:28:42 UTC 2023 - Dirk Müller <dmueller@suse.com>
- update to 5.71:
* Fix issue with not registering CSIS service.
* Fix issue with registering pairing callbacks.
* Fix issue with corruption during discovery filter parsing.
- drop CVE-2023-45866.patch,
Fix-.device_probe-failing-if-SDP-record-is-not.patch: upstream
-------------------------------------------------------------------
Wed Dec 13 09:34:20 UTC 2023 - Dirk Müller <dmueller@suse.com>

8
bluez.spec
View File

@ -35,12 +35,12 @@
%endif
Name: bluez
Version: 5.70
Version: 5.71
Release: 0
Summary: Bluetooth Stack for Linux
License: GPL-2.0-or-later
Group: Hardware/Mobile
URL: http://www.bluez.org
URL: https://www.bluez.org
Source: https://www.kernel.org/pub/linux/bluetooth/bluez-%{version}.tar.xz
# we still want debuginfo
#KEEP NOSOURCE DEBUGINFO
@ -54,8 +54,6 @@ Patch2: bluez-sdp-unix-path.patch
Patch3: bluez-cups-libexec.patch
# workaround for broken tests (reported upstream but not yet fixed)
Patch4: bluez-disable-broken-tests.diff
# PATCH-FIX-UPSTREAM: fix regression in pairing gamepads -- https://github.com/bluez/bluez/issues/614
Patch5: Fix-.device_probe-failing-if-SDP-record-is-not.patch
# disable tests for bypass boo#1078285
Patch12: disable_some_obex_tests.patch
# get rid of python2. WARNING: this is autogenerated by 2to3 and might not work
@ -66,8 +64,6 @@ Patch14: hcidump-Add-assoc-dump-function-assoc-date-length-ch.patch
Patch15: hcidump-Fix-memory-leak-with-malformed-packet.patch
# bsc#1013712 CVE-2016-9798
Patch16: hcidump-Fixed-malformed-segment-frame-length.patch
# PATCH-FIX-UPSTREAM: https://git.kernel.org/pub/scm/bluetooth/bluez.git/patch/?id=25a471a83e02e1effb15d5a488b3f0085eaeb675
Patch17: CVE-2023-45866.patch
# Upstream suggests to use btmon instead of hcidump and does not want those patches
# => PATCH-FIX-OPENSUSE for those two :-)
# fix some memory leak with malformed packet (reported upstream but not yet fixed)