From 41d82930301a7ebffcdcb4af0abda492d478daadb4384ead646ecf5bf4b003e7 Mon Sep 17 00:00:00 2001 From: Dirk Mueller Date: Wed, 20 Dec 2023 23:29:57 +0000 Subject: [PATCH] - update to 5.71: * Fix issue with not registering CSIS service. * Fix issue with registering pairing callbacks. * Fix issue with corruption during discovery filter parsing. - drop CVE-2023-45866.patch, Fix-.device_probe-failing-if-SDP-record-is-not.patch: upstream OBS-URL: https://build.opensuse.org/package/show/Base:System/bluez?expand=0&rev=358 --- CVE-2023-45866.patch | 50 --- ...e_probe-failing-if-SDP-record-is-not.patch | 310 ------------------ bluez-5.70.tar.xz | 3 - bluez-5.71.tar.xz | 3 + bluez.changes | 11 + bluez.spec | 8 +- 6 files changed, 16 insertions(+), 369 deletions(-) delete mode 100644 CVE-2023-45866.patch delete mode 100644 Fix-.device_probe-failing-if-SDP-record-is-not.patch delete mode 100644 bluez-5.70.tar.xz create mode 100644 bluez-5.71.tar.xz diff --git a/CVE-2023-45866.patch b/CVE-2023-45866.patch deleted file mode 100644 index f7ef109..0000000 --- a/CVE-2023-45866.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 25a471a83e02e1effb15d5a488b3f0085eaeb675 Mon Sep 17 00:00:00 2001 -From: Luiz Augusto von Dentz -Date: Tue, 10 Oct 2023 13:03:12 -0700 -Subject: input.conf: Change default of ClassicBondedOnly - -This changes the default of ClassicBondedOnly since defaulting to false -is not inline with HID specification which mandates the of Security Mode -4: - -BLUETOOTH SPECIFICATION Page 84 of 123 -Human Interface Device (HID) Profile: - - 5.4.3.4.2 Security Modes - Bluetooth HID Hosts shall use Security Mode 4 when interoperating with - Bluetooth HID devices that are compliant to the Bluetooth Core - Specification v2.1+EDR[6]. ---- - profiles/input/device.c | 2 +- - profiles/input/input.conf | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/profiles/input/device.c b/profiles/input/device.c -index 4a50ea9921..4310dd192e 100644 ---- a/profiles/input/device.c -+++ b/profiles/input/device.c -@@ -81,7 +81,7 @@ struct input_device { - - static int idle_timeout = 0; - static bool uhid_enabled = false; --static bool classic_bonded_only = false; -+static bool classic_bonded_only = true; - - void input_set_idle_timeout(int timeout) - { -diff --git a/profiles/input/input.conf b/profiles/input/input.conf -index 4c70bc561f..d8645f3dd6 100644 ---- a/profiles/input/input.conf -+++ b/profiles/input/input.conf -@@ -17,7 +17,7 @@ - # platforms may want to make sure that input connections only come from bonded - # device connections. Several older mice have been known for not supporting - # pairing/encryption. --# Defaults to false to maximize device compatibility. -+# Defaults to true for security. - #ClassicBondedOnly=true - - # LE upgrade security --- -cgit 1.2.3-korg - diff --git a/Fix-.device_probe-failing-if-SDP-record-is-not.patch b/Fix-.device_probe-failing-if-SDP-record-is-not.patch deleted file mode 100644 index 12bd723..0000000 --- a/Fix-.device_probe-failing-if-SDP-record-is-not.patch +++ /dev/null @@ -1,310 +0,0 @@ -From 3a9c637010f8dc1ba3e8382abe01065761d4f5bb Mon Sep 17 00:00:00 2001 -From: Luiz Augusto von Dentz -Date: Tue, 10 Oct 2023 12:38:29 -0700 -Subject: [PATCH] input: Fix .device_probe failing if SDP record is not found - -Due to changes introduced by 67a26abe53bf -("profile: Add probe_on_discover flag") profiles may get probed when -their profile UUID are discovered, rather than resolved, which means -the SDP record may not be available. - -Fixes: https://github.com/bluez/bluez/issues/614 ---- - profiles/input/device.c | 182 +++++++++++++++++++--------------------- - 1 file changed, 84 insertions(+), 98 deletions(-) - -diff --git a/profiles/input/device.c b/profiles/input/device.c -index e2ac6ea60..4a50ea992 100644 ---- a/profiles/input/device.c -+++ b/profiles/input/device.c -@@ -60,7 +60,7 @@ struct input_device { - char *path; - bdaddr_t src; - bdaddr_t dst; -- uint32_t handle; -+ const sdp_record_t *rec; - GIOChannel *ctrl_io; - GIOChannel *intr_io; - guint ctrl_watch; -@@ -754,7 +754,8 @@ static void epox_endian_quirk(unsigned char *data, int size) - } - } - --static int create_hid_dev_name(sdp_record_t *rec, struct hidp_connadd_req *req) -+static int create_hid_dev_name(const sdp_record_t *rec, -+ struct hidp_connadd_req *req) - { - char sdesc[sizeof(req->name) / 2]; - -@@ -776,7 +777,7 @@ static int create_hid_dev_name(sdp_record_t *rec, struct hidp_connadd_req *req) - - /* See HID profile specification v1.0, "7.11.6 HIDDescriptorList" for details - * on the attribute format. */ --static int extract_hid_desc_data(sdp_record_t *rec, -+static int extract_hid_desc_data(const sdp_record_t *rec, - struct hidp_connadd_req *req) - { - sdp_data_t *d; -@@ -817,36 +818,40 @@ invalid_desc: - return -EINVAL; - } - --static int extract_hid_record(sdp_record_t *rec, struct hidp_connadd_req *req) -+static int extract_hid_record(struct input_device *idev, -+ struct hidp_connadd_req *req) - { - sdp_data_t *pdlist; - uint8_t attr_val; - int err; - -- err = create_hid_dev_name(rec, req); -+ if (!idev->rec) -+ return -ENOENT; -+ -+ err = create_hid_dev_name(idev->rec, req); - if (err < 0) - DBG("No valid Service Name or Service Description found"); - -- pdlist = sdp_data_get(rec, SDP_ATTR_HID_PARSER_VERSION); -+ pdlist = sdp_data_get(idev->rec, SDP_ATTR_HID_PARSER_VERSION); - req->parser = pdlist ? pdlist->val.uint16 : 0x0100; - -- pdlist = sdp_data_get(rec, SDP_ATTR_HID_DEVICE_SUBCLASS); -+ pdlist = sdp_data_get(idev->rec, SDP_ATTR_HID_DEVICE_SUBCLASS); - req->subclass = pdlist ? pdlist->val.uint8 : 0; - -- pdlist = sdp_data_get(rec, SDP_ATTR_HID_COUNTRY_CODE); -+ pdlist = sdp_data_get(idev->rec, SDP_ATTR_HID_COUNTRY_CODE); - req->country = pdlist ? pdlist->val.uint8 : 0; - -- pdlist = sdp_data_get(rec, SDP_ATTR_HID_VIRTUAL_CABLE); -+ pdlist = sdp_data_get(idev->rec, SDP_ATTR_HID_VIRTUAL_CABLE); - attr_val = pdlist ? pdlist->val.uint8 : 0; - if (attr_val) - req->flags |= (1 << HIDP_VIRTUAL_CABLE_UNPLUG); - -- pdlist = sdp_data_get(rec, SDP_ATTR_HID_BOOT_DEVICE); -+ pdlist = sdp_data_get(idev->rec, SDP_ATTR_HID_BOOT_DEVICE); - attr_val = pdlist ? pdlist->val.uint8 : 0; - if (attr_val) - req->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE); - -- err = extract_hid_desc_data(rec, req); -+ err = extract_hid_desc_data(idev->rec, req); - if (err < 0) - return err; - -@@ -1035,11 +1040,6 @@ static gboolean encrypt_notify(GIOChannel *io, GIOCondition condition, - static int hidp_add_connection(struct input_device *idev) - { - struct hidp_connadd_req *req; -- sdp_record_t *rec; -- char src_addr[18], dst_addr[18]; -- char filename[PATH_MAX]; -- GKeyFile *key_file; -- char handle[11], *str; - GError *gerr = NULL; - int err; - -@@ -1049,33 +1049,7 @@ static int hidp_add_connection(struct input_device *idev) - req->flags = 0; - req->idle_to = idle_timeout; - -- ba2str(&idev->src, src_addr); -- ba2str(&idev->dst, dst_addr); -- -- snprintf(filename, PATH_MAX, STORAGEDIR "/%s/cache/%s", src_addr, -- dst_addr); -- sprintf(handle, "0x%8.8X", idev->handle); -- -- key_file = g_key_file_new(); -- if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) { -- error("Unable to load key file from %s: (%s)", filename, -- gerr->message); -- g_clear_error(&gerr); -- } -- str = g_key_file_get_string(key_file, "ServiceRecords", handle, NULL); -- g_key_file_free(key_file); -- -- if (!str) { -- error("Rejected connection from unknown device %s", dst_addr); -- err = -EPERM; -- goto cleanup; -- } -- -- rec = record_from_string(str); -- g_free(str); -- -- err = extract_hid_record(rec, req); -- sdp_record_free(rec); -+ err = extract_hid_record(idev, req); - if (err < 0) { - error("Could not parse HID SDP record: %s (%d)", strerror(-err), - -err); -@@ -1091,7 +1065,7 @@ static int hidp_add_connection(struct input_device *idev) - - /* Make sure the device is bonded if required */ - if (classic_bonded_only && !input_device_bonded(idev)) { -- error("Rejected connection from !bonded device %s", dst_addr); -+ error("Rejected connection from !bonded device %s", idev->path); - goto cleanup; - } - -@@ -1161,6 +1135,68 @@ static int connection_disconnect(struct input_device *idev, uint32_t flags) - return ioctl_disconnect(idev, flags); - } - -+static bool is_device_sdp_disable(const sdp_record_t *rec) -+{ -+ sdp_data_t *data; -+ -+ data = sdp_data_get(rec, SDP_ATTR_HID_SDP_DISABLE); -+ -+ return data && data->val.uint8; -+} -+ -+static enum reconnect_mode_t hid_reconnection_mode(bool reconnect_initiate, -+ bool normally_connectable) -+{ -+ if (!reconnect_initiate && !normally_connectable) -+ return RECONNECT_NONE; -+ else if (!reconnect_initiate && normally_connectable) -+ return RECONNECT_HOST; -+ else if (reconnect_initiate && !normally_connectable) -+ return RECONNECT_DEVICE; -+ else /* (reconnect_initiate && normally_connectable) */ -+ return RECONNECT_ANY; -+} -+ -+static void extract_hid_props(struct input_device *idev, -+ const sdp_record_t *rec) -+{ -+ /* Extract HID connectability */ -+ bool reconnect_initiate, normally_connectable; -+ sdp_data_t *pdlist; -+ -+ /* HIDNormallyConnectable is optional and assumed FALSE if not -+ * present. -+ */ -+ pdlist = sdp_data_get(rec, SDP_ATTR_HID_RECONNECT_INITIATE); -+ reconnect_initiate = pdlist ? pdlist->val.uint8 : TRUE; -+ -+ pdlist = sdp_data_get(rec, SDP_ATTR_HID_NORMALLY_CONNECTABLE); -+ normally_connectable = pdlist ? pdlist->val.uint8 : FALSE; -+ -+ /* Update local values */ -+ idev->reconnect_mode = -+ hid_reconnection_mode(reconnect_initiate, normally_connectable); -+} -+ -+static void input_device_update_rec(struct input_device *idev) -+{ -+ struct btd_profile *p = btd_service_get_profile(idev->service); -+ const sdp_record_t *rec; -+ -+ rec = btd_device_get_record(idev->device, p->remote_uuid); -+ if (!rec || idev->rec == rec) -+ return; -+ -+ idev->rec = rec; -+ idev->disable_sdp = is_device_sdp_disable(rec); -+ -+ /* Initialize device properties */ -+ extract_hid_props(idev, rec); -+ -+ if (idev->disable_sdp) -+ device_set_refresh_discovery(idev->device, false); -+} -+ - static int input_device_connected(struct input_device *idev) - { - int err; -@@ -1168,6 +1204,9 @@ static int input_device_connected(struct input_device *idev) - if (idev->intr_io == NULL || idev->ctrl_io == NULL) - return -ENOTCONN; - -+ /* Attempt to update SDP record if it had changed */ -+ input_device_update_rec(idev); -+ - err = hidp_add_connection(idev); - if (err < 0) - return err; -@@ -1411,74 +1450,21 @@ int input_device_disconnect(struct btd_service *service) - return 0; - } - --static bool is_device_sdp_disable(const sdp_record_t *rec) --{ -- sdp_data_t *data; -- -- data = sdp_data_get(rec, SDP_ATTR_HID_SDP_DISABLE); -- -- return data && data->val.uint8; --} -- --static enum reconnect_mode_t hid_reconnection_mode(bool reconnect_initiate, -- bool normally_connectable) --{ -- if (!reconnect_initiate && !normally_connectable) -- return RECONNECT_NONE; -- else if (!reconnect_initiate && normally_connectable) -- return RECONNECT_HOST; -- else if (reconnect_initiate && !normally_connectable) -- return RECONNECT_DEVICE; -- else /* (reconnect_initiate && normally_connectable) */ -- return RECONNECT_ANY; --} -- --static void extract_hid_props(struct input_device *idev, -- const sdp_record_t *rec) --{ -- /* Extract HID connectability */ -- bool reconnect_initiate, normally_connectable; -- sdp_data_t *pdlist; -- -- /* HIDNormallyConnectable is optional and assumed FALSE -- * if not present. */ -- pdlist = sdp_data_get(rec, SDP_ATTR_HID_RECONNECT_INITIATE); -- reconnect_initiate = pdlist ? pdlist->val.uint8 : TRUE; -- -- pdlist = sdp_data_get(rec, SDP_ATTR_HID_NORMALLY_CONNECTABLE); -- normally_connectable = pdlist ? pdlist->val.uint8 : FALSE; -- -- /* Update local values */ -- idev->reconnect_mode = -- hid_reconnection_mode(reconnect_initiate, normally_connectable); --} -- - static struct input_device *input_device_new(struct btd_service *service) - { - struct btd_device *device = btd_service_get_device(service); -- struct btd_profile *p = btd_service_get_profile(service); - const char *path = device_get_path(device); -- const sdp_record_t *rec = btd_device_get_record(device, p->remote_uuid); - struct btd_adapter *adapter = device_get_adapter(device); - struct input_device *idev; - -- if (!rec) -- return NULL; -- - idev = g_new0(struct input_device, 1); - bacpy(&idev->src, btd_adapter_get_address(adapter)); - bacpy(&idev->dst, device_get_address(device)); - idev->service = btd_service_ref(service); - idev->device = btd_device_ref(device); - idev->path = g_strdup(path); -- idev->handle = rec->handle; -- idev->disable_sdp = is_device_sdp_disable(rec); -- -- /* Initialize device properties */ -- extract_hid_props(idev, rec); - -- if (idev->disable_sdp) -- device_set_refresh_discovery(device, false); -+ input_device_update_rec(idev); - - return idev; - } --- -2.42.0 - diff --git a/bluez-5.70.tar.xz b/bluez-5.70.tar.xz deleted file mode 100644 index ccbf3c7..0000000 --- a/bluez-5.70.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:37e372e916955e144cb882f888e4be40898f10ae3b7c213ddcdd55ee9c009278 -size 2339844 diff --git a/bluez-5.71.tar.xz b/bluez-5.71.tar.xz new file mode 100644 index 0000000..725c15f --- /dev/null +++ b/bluez-5.71.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b828d418c93ced1f55b616fb5482cf01537440bfb34fbda1a564f3ece94735d8 +size 2381208 diff --git a/bluez.changes b/bluez.changes index 4e006a3..49be901 100644 --- a/bluez.changes +++ b/bluez.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Wed Dec 20 23:28:42 UTC 2023 - Dirk Müller + +- update to 5.71: + * Fix issue with not registering CSIS service. + * Fix issue with registering pairing callbacks. + * Fix issue with corruption during discovery filter parsing. + +- drop CVE-2023-45866.patch, + Fix-.device_probe-failing-if-SDP-record-is-not.patch: upstream + ------------------------------------------------------------------- Wed Dec 13 09:34:20 UTC 2023 - Dirk Müller diff --git a/bluez.spec b/bluez.spec index 1d54125..94421d4 100644 --- a/bluez.spec +++ b/bluez.spec @@ -35,12 +35,12 @@ %endif Name: bluez -Version: 5.70 +Version: 5.71 Release: 0 Summary: Bluetooth Stack for Linux License: GPL-2.0-or-later Group: Hardware/Mobile -URL: http://www.bluez.org +URL: https://www.bluez.org Source: https://www.kernel.org/pub/linux/bluetooth/bluez-%{version}.tar.xz # we still want debuginfo #KEEP NOSOURCE DEBUGINFO @@ -54,8 +54,6 @@ Patch2: bluez-sdp-unix-path.patch Patch3: bluez-cups-libexec.patch # workaround for broken tests (reported upstream but not yet fixed) Patch4: bluez-disable-broken-tests.diff -# PATCH-FIX-UPSTREAM: fix regression in pairing gamepads -- https://github.com/bluez/bluez/issues/614 -Patch5: Fix-.device_probe-failing-if-SDP-record-is-not.patch # disable tests for bypass boo#1078285 Patch12: disable_some_obex_tests.patch # get rid of python2. WARNING: this is autogenerated by 2to3 and might not work @@ -66,8 +64,6 @@ Patch14: hcidump-Add-assoc-dump-function-assoc-date-length-ch.patch Patch15: hcidump-Fix-memory-leak-with-malformed-packet.patch # bsc#1013712 CVE-2016-9798 Patch16: hcidump-Fixed-malformed-segment-frame-length.patch -# PATCH-FIX-UPSTREAM: https://git.kernel.org/pub/scm/bluetooth/bluez.git/patch/?id=25a471a83e02e1effb15d5a488b3f0085eaeb675 -Patch17: CVE-2023-45866.patch # Upstream suggests to use btmon instead of hcidump and does not want those patches # => PATCH-FIX-OPENSUSE for those two :-) # fix some memory leak with malformed packet (reported upstream but not yet fixed)