diff --git a/Fix-crash-after-bt_uhid_unregister_all.patch b/Fix-crash-after-bt_uhid_unregister_all.patch deleted file mode 100644 index 7d4c97f..0000000 --- a/Fix-crash-after-bt_uhid_unregister_all.patch +++ /dev/null @@ -1,121 +0,0 @@ -From 9a6a84a8a2b9336c2cdb943146207cb8a5a5260c Mon Sep 17 00:00:00 2001 -From: Luiz Augusto von Dentz -Date: Mon, 16 Sep 2024 16:00:31 -0400 -Subject: [PATCH] shared/uhid: Fix crash after bt_uhid_unregister_all - -This fixes the following crash which happens when -bt_uhid_unregister_all is called from a notification callback: - -Invalid read of size 8 - at 0x1D9EFF: queue_foreach (queue.c:206) - by 0x1DEE58: uhid_read_handler (uhid.c:164) - Address 0x51286d8 is 8 bytes inside a block of size 16 free'd - at 0x48478EF: free (vg_replace_malloc.c:989) - by 0x1DA08D: queue_remove_if (queue.c:292) - by 0x1DA12F: queue_remove_all (queue.c:321) - by 0x1DE592: bt_uhid_unregister_all (uhid.c:300) - -Fixes: https://github.com/bluez/bluez/issues/952 ---- - src/shared/uhid.c | 47 ++++++++++++++++++++++++++++++++++++++++++++--- - 1 file changed, 44 insertions(+), 3 deletions(-) - -diff --git a/src/shared/uhid.c b/src/shared/uhid.c -index ed21e1399..20bd26781 100644 ---- a/src/shared/uhid.c -+++ b/src/shared/uhid.c -@@ -42,6 +42,7 @@ struct bt_uhid { - int ref_count; - struct io *io; - unsigned int notify_id; -+ bool notifying; - struct queue *notify_list; - struct queue *input; - uint8_t type; -@@ -56,6 +57,7 @@ struct uhid_notify { - uint32_t event; - bt_uhid_callback_t func; - void *user_data; -+ bool removed; - }; - - static void uhid_replay_free(struct uhid_replay *replay) -@@ -134,6 +136,28 @@ static int bt_uhid_record(struct bt_uhid *uhid, bool input, - return 0; - } - -+static bool match_removed(const void *a, const void *b) -+{ -+ const struct uhid_notify *notify = a; -+ -+ return notify->removed; -+} -+ -+static void uhid_notify(struct bt_uhid *uhid, struct uhid_event *ev) -+{ -+ /* Add a reference to the uhid to ensure it doesn't get freed while at -+ * notify_handler. -+ */ -+ bt_uhid_ref(uhid); -+ -+ uhid->notifying = true; -+ queue_foreach(uhid->notify_list, notify_handler, ev); -+ uhid->notifying = false; -+ queue_remove_all(uhid->notify_list, match_removed, NULL, free); -+ -+ bt_uhid_unref(uhid); -+} -+ - static bool uhid_read_handler(struct io *io, void *user_data) - { - struct bt_uhid *uhid = user_data; -@@ -161,7 +185,7 @@ static bool uhid_read_handler(struct io *io, void *user_data) - break; - } - -- queue_foreach(uhid->notify_list, notify_handler, &ev); -+ uhid_notify(uhid, &ev); - - return true; - } -@@ -292,13 +316,30 @@ static bool match_not_id(const void *a, const void *b) - return notify->id != id; - } - -+static void uhid_notify_removed(void *data, void *user_data) -+{ -+ struct uhid_notify *notify = data; -+ struct bt_uhid *uhid = user_data; -+ -+ /* Skip marking start_id as removed since that is not removed with -+ * unregister all. -+ */ -+ if (notify->id == uhid->start_id) -+ return; -+ -+ notify->removed = true; -+} -+ - bool bt_uhid_unregister_all(struct bt_uhid *uhid) - { - if (!uhid) - return false; - -- queue_remove_all(uhid->notify_list, match_not_id, -+ if (!uhid->notifying) -+ queue_remove_all(uhid->notify_list, match_not_id, - UINT_TO_PTR(uhid->start_id), free); -+ else -+ queue_foreach(uhid->notify_list, uhid_notify_removed, uhid); - - return true; - } -@@ -588,7 +629,7 @@ int bt_uhid_replay(struct bt_uhid *uhid) - return 0; - } - -- queue_foreach(uhid->notify_list, notify_handler, ev); -+ uhid_notify(uhid, ev); - - return 0; - } diff --git a/bluez-5.78.tar.xz b/bluez-5.78.tar.xz deleted file mode 100644 index 2e8ab89..0000000 --- a/bluez-5.78.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:830fed1915c5d375b8de0f5e6f45fcdea0dcc5ff5ffb3d31db6ed0f00d73c5e3 -size 2441672 diff --git a/bluez-5.79.tar.xz b/bluez-5.79.tar.xz new file mode 100644 index 0000000..9dd9113 --- /dev/null +++ b/bluez-5.79.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:4164a5303a9f71c70f48c03ff60be34231b568d93a9ad5e79928d34e6aa0ea8a +size 2457612 diff --git a/bluez.changes b/bluez.changes index defbdc4..236d9fd 100644 --- a/bluez.changes +++ b/bluez.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Wed Nov 6 08:16:30 UTC 2024 - Frederic Crozat + +- Update to 5.79: + * Fix issue with handling address type while pairing. + * Add support for allowing to set A2DP transport delay. + * Add support for persistent userspace HID operation. + * Add support for handling syncing to multiple BISes. +- Drop Fix-crash-after-bt_uhid_unregister_all.patch, merged + upstream. + ------------------------------------------------------------------- Wed Sep 18 08:35:40 UTC 2024 - pallas wept diff --git a/bluez.spec b/bluez.spec index 51276a8..f0be762 100644 --- a/bluez.spec +++ b/bluez.spec @@ -35,7 +35,7 @@ %endif Name: bluez -Version: 5.78 +Version: 5.79 Release: 0 Summary: Bluetooth Stack for Linux License: GPL-2.0-or-later @@ -62,8 +62,6 @@ Patch14: hcidump-Add-assoc-dump-function-assoc-date-length-ch.patch Patch15: hcidump-Fix-memory-leak-with-malformed-packet.patch # bsc#1013712 CVE-2016-9798 Patch16: hcidump-Fixed-malformed-segment-frame-length.patch -# Fix crash when devices disconnect or go to sleep. Upstream issue 952 -Patch17: Fix-crash-after-bt_uhid_unregister_all.patch # Upstream suggests to use btmon instead of hcidump and does not want those patches # => PATCH-FIX-OPENSUSE for those two :-) # fix some memory leak with malformed packet (reported upstream but not yet fixed) @@ -427,6 +425,7 @@ done %{_mandir}/man1/bluetoothctl-assistant.1%{?ext_man} %{_mandir}/man1/btmgmt.1%{?ext_man} %{_mandir}/man5/org.bluez.*.5%{?ext_man} +%{_mandir}/man7/hci.7%{?ext_man} %{_datadir}/dbus-1/system.d/bluetooth.conf # not packaged, boo#1151518 ###%%{_datadir}/dbus-1/system.d/bluetooth-mesh.conf @@ -437,6 +436,7 @@ done %if %{with mesh} %{_unitdir}/bluetooth-mesh.service %endif +%{_userunitdir}/mpris-proxy.service %{_datadir}/dbus-1/system-services/org.bluez.service # not packaged, boo#1151518 ###%%{_datadir}/dbus-1/system-services/org.bluez.mesh.service