Accepting request 741493 from home:seife:testing

add 0001-mesh-Fix-segmentation-fault-on-Join-call.patch (boo#1152672) OBS-URL: https://build.opensuse.org/request/show/741493 OBS-URL: https://build.opensuse.org/package/show/Base:System/bluez?expand=0&rev=277
2019-10-21 12:23:56 +00:00 · 2019-10-21 12:23:56 +00:00 · 46c6c426d4
commit 46c6c426d4
parent 33cfefb17b
13 changed files with 279 additions and 19 deletions
--- a/0001-mesh-Fix-segmentation-fault-on-Join-call.patch
+++ b/0001-mesh-Fix-segmentation-fault-on-Join-call.patch
@ -0,0 +1,54 @@
 From d6a0539d1ddf9f115e889d2bdd27f038408eaf31 Mon Sep 17 00:00:00 2001
 From: Inga Stotland <istotlan@ingas-xps13.amr.corp.intel.com>
 Date: Tue, 1 Oct 2019 11:51:08 -0700
 Subject: [PATCH] mesh: Fix segmentation fault on Join() call
 This fixes the following segfault:
 node_init_cb (node=0x0, agent=0x0) at mesh/mesh.c:359
        reply = dbus_error(join_pending->msg, MESH_ERROR_FAILED,
        user_data=0x5555555be170) at mesh/node.c:1760
        dbus=<optimized out>) at ell/dbus.c:216
        user_data=0x5555555a6e00) at ell/dbus.c:279
        user_data=0x5555555a7ef0) at ell/io.c:126
        at ell/main.c:642
        at mesh/main.c:205
 The fault was caused by the premature deletion of preserved state.
 This moves setup of disconnect watch for the application calling the Join()
 method into the node_init_cb(), after a temporary node has been
 successfully created.
 ---
 mesh/mesh.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)
 diff --git a/mesh/mesh.c b/mesh/mesh.c
 index b660a7ef2..9b2b2073b 100644
 --- a/mesh/mesh.c
 +++ b/mesh/mesh.c
@@ -377,6 +377,11 @@ static void node_init_cb(struct mesh_node *node, struct mesh_agent *agent)
 	l_dbus_send(dbus_get_bus(), reply);
 	join_pending->msg = NULL;
 +	/* Setup disconnect watch */
 +	join_pending->disc_watch = l_dbus_add_disconnect_watch(dbus_get_bus(),
 +						join_pending->sender,
 +						prov_disc_cb, NULL, NULL);
 +
 	return;
 fail:
@@ -423,8 +428,6 @@ static struct l_dbus_message *join_network_call(struct l_dbus *dbus,
 	sender = l_dbus_message_get_sender(msg);
 	join_pending->sender = l_strdup(sender);
 -	join_pending->disc_watch = l_dbus_add_disconnect_watch(dbus, sender,
 -						prov_disc_cb, NULL, NULL);
 	join_pending->msg = l_dbus_message_ref(msg);
 	join_pending->app_path = app_path;
 -- 
 2.23.0
--- a/CVE-2016-9800-tool-hcidump-Fix-memory-leak-with-malformed-packet.patch
+++ b/CVE-2016-9800-tool-hcidump-Fix-memory-leak-with-malformed-packet.patch
@ -0,0 +1,37 @@
 # Upstream suggests to use btmon instead of hcidump and does not want those patches
 # => PATCH-FIX-OPENSUSE for those two :-)
 # fix some memory leak with malformed packet (reported upstream but not yet fixed)
 From 5ca9510314d15d562e9ef5515a5483be5f28258d Mon Sep 17 00:00:00 2001
 From: "Cho, Yu-Chen" <acho@suse.com>
 Date: Wed, 21 Mar 2018 17:32:45 +0800
 Subject: [PATCH BlueZ] tool/hcidump: Fix memory leak with malformed packet
 Do not allow to read more then buffer size.
 ---
 tools/parser/hci.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)
 diff --git a/tools/parser/hci.c b/tools/parser/hci.c
 index 8c7bd2581..adfd9ab1d 100644
 --- a/tools/parser/hci.c
 +++ b/tools/parser/hci.c
@@ -988,8 +988,14 @@ static inline void pin_code_reply_dump(int level, struct frame *frm)
 	memset(pin, 0, sizeof(pin));
 	if (parser.flags & DUMP_NOVENDOR)
 		memset(pin, '*', cp->pin_len);
 -	else
 +	else {
 +                 if (cp->pin_len > sizeof(pin)){
 +                        perror("Read failed");
 +                        exit(1);
 +                }
 +
 		memcpy(pin, cp->pin_code, cp->pin_len);
 +	}
 	printf("bdaddr %s len %d pin \'%s\'\n", addr, cp->pin_len, pin);
 }
 -- 
 2.16.2
--- a/CVE-2016-9804-tool-hcidump-Fix-memory-leak-with-malformed-packet.patch
+++ b/CVE-2016-9804-tool-hcidump-Fix-memory-leak-with-malformed-packet.patch
@ -0,0 +1,34 @@
 # Upstream suggests to use btmon instead of hcidump and does not want those patches
 # => PATCH-FIX-OPENSUSE for those two :-)
 # fix some memory leak with malformed packet (reported upstream but not yet fixed)
 From 00f50518f232c758855ac9884a841f707f41a301 Mon Sep 17 00:00:00 2001
 From: "Cho, Yu-Chen" <acho@suse.com>
 Date: Thu, 3 May 2018 18:52:19 +0800
 Subject: [PATCH BlueZ] tool/hcidump: Fix memory leak with malformed packet
 The Supported Commands is a 64 octet bit field.
 Do not allow to read more then the size.
 ---
 tools/parser/csr.c | 5 +++++
 1 file changed, 5 insertions(+)
 diff --git a/tools/parser/csr.c b/tools/parser/csr.c
 index a0a4eb5fe..2d3db878a 100644
 --- a/tools/parser/csr.c
 +++ b/tools/parser/csr.c
@@ -145,6 +145,11 @@ static inline void commands_dump(int level, char *str, struct frame *frm)
 	unsigned char commands[64];
 	unsigned int i;
 +	if (frm->len > 64) {
 +		perror("Read failed");
 +		exit(1);
 +	}
 +
 	memcpy(commands, frm->ptr, frm->len);
 	p_indent(level, frm);
 -- 
 2.16.3
--- a/README.md
+++ b/README.md
@ -0,0 +1,8 @@
 # Build the openSUSE bluez package
   * copy the `_service` into your new OBS project directory
   * `osc service disabledrun`
   * `osc build`
 That's it.
--- a/RPi-Move-the-43xx-firmware-into-lib-firmware.patch
+++ b/RPi-Move-the-43xx-firmware-into-lib-firmware.patch
@ -0,0 +1,25 @@
 From 72a2a6a6fd0e623c4048d105b34d221bde87eb74 Mon Sep 17 00:00:00 2001
 From: Phil Elwell <phil@raspberrypi.org>
 Date: Tue, 23 Feb 2016 17:52:29 +0000
 Subject: [PATCH] Move the 43xx firmware into /lib/firmware
 ---
 tools/hciattach_bcm43xx.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/tools/hciattach_bcm43xx.c b/tools/hciattach_bcm43xx.c
 index f3231ec..21450ac 100644
 --- a/tools/hciattach_bcm43xx.c
 +++ b/tools/hciattach_bcm43xx.c
@@ -43,7 +43,7 @@
 #include "hciattach.h"
 #ifndef FIRMWARE_DIR
 -#define FIRMWARE_DIR "/etc/firmware"
 +#define FIRMWARE_DIR "/lib/firmware"
 #endif
 #define FW_EXT ".hcd"
 -- 
 2.9.3
--- a/10
+++ b/10
@ -1,15 +1,9 @@
 <services>
-  <service name="tar_scm" mode="disabled">
+  <service name="obs_scm" mode="disabled">
    <param name="url">https://github.com/seifes-opensuse-packages/bluez.git</param>
    <param name="scm">git</param>
-    <param name="extract">dist/*</param>
+    <param name="extract">*.*</param>
    <param name="exclude">dist</param>
    <param name="filename">bluez-patches</param>
    <param name="version">_none_</param>
  </service>
  <service mode="disabled" name="recompress">
    <param name="file">*.tar</param>
    <param name="compression">xz</param>
  </service>
  <service mode="disabled" name="download_files"/>
 </services>
--- a/bluez-5.11-logitech-hid2hci.patch
+++ b/bluez-5.11-logitech-hid2hci.patch
@ -0,0 +1,25 @@
 # fix some logitech HID devices, bnc#681049, bnc#850478 --seife+obs@b1-systems.com
 Apparently some Logitech devices need different rules.
 https://bugzilla.novell.com/show_bug.cgi?id=681049
 https://bugzilla.novell.com/show_bug.cgi?id=850478
 Index: b/tools/hid2hci.rules
 ===================================================================
 --- a/tools/hid2hci.rules
 +++ b/tools/hid2hci.rules
@@ -9,11 +9,13 @@ SUBSYSTEM!="usb*", GOTO="hid2hci_end"
 ATTR{bInterfaceClass}=="03", ATTR{bInterfaceSubClass}=="01", ATTR{bInterfaceProtocol}=="02", \
   ATTRS{bDeviceClass}=="00", ATTRS{idVendor}=="413c", ATTRS{bmAttributes}=="e0", \
   RUN+="hid2hci --method=dell --devpath=%p", ENV{HID2HCI_SWITCH}="1"
 # Logitech devices
 -KERNEL=="hiddev*", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c70[345abce]|c71[34bc]", \
 +KERNEL=="hiddev*", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c70[5e]", \
 +  RUN+="hid2hci --method=logitech-hid --devpath=%p"
 +KERNEL=="hidraw*", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c70[34abc]|c71[34bc]", \
   RUN+="hid2hci --method=logitech-hid --devpath=%p"
 ENV{DEVTYPE}!="usb_device", GOTO="hid2hci_end"
 # When a Dell device recovers from S3, the mouse child needs to be repoked
--- a/bluez-cups-libexec.patch
+++ b/bluez-cups-libexec.patch
@ -0,0 +1,26 @@
 Index: b/Makefile.in
 ===================================================================
 --- a/Makefile.in
 +++ b/Makefile.in
@@ -3439,7 +3439,7 @@ unit_tests = $(am__append_54) unit/test-
 @DEPRECATED_TRUE@@READLINE_TRUE@attrib_gatttool_LDADD = lib/libbluetooth-internal.la \
 @DEPRECATED_TRUE@@READLINE_TRUE@			src/libshared-glib.la $(GLIB_LIBS) -lreadline
 -@CUPS_TRUE@cupsdir = $(libdir)/cups/backend
 +@CUPS_TRUE@cupsdir = $(libexecdir)/cups/backend
 @CUPS_TRUE@profiles_cups_bluetooth_SOURCES = profiles/cups/main.c \
 @CUPS_TRUE@					profiles/cups/cups.h \
 @CUPS_TRUE@					profiles/cups/sdp.c \
 Index: b/Makefile.tools
 ===================================================================
 --- a/Makefile.tools
 +++ b/Makefile.tools
@@ -441,7 +441,7 @@ endif
 endif
 if CUPS
 -cupsdir = $(libdir)/cups/backend
 +cupsdir = $(libexecdir)/cups/backend
 cups_PROGRAMS = profiles/cups/bluetooth
--- a/bluez-disable-broken-tests.diff
+++ b/bluez-disable-broken-tests.diff
@ -0,0 +1,24 @@
 Index: b/Makefile.am
 ===================================================================
 --- a/Makefile.am
 +++ b/Makefile.am
@@ -474,7 +474,8 @@ unit_test_lib_SOURCES = unit/test-lib.c
 unit_test_lib_LDADD = src/libshared-glib.la \
 				lib/libbluetooth-internal.la $(GLIB_LIBS)
 -unit_tests += unit/test-gatt
 +# hangs forever in OBS where AF_ALG is not supported.
 +#unit_tests += unit/test-gatt
 unit_test_gatt_SOURCES = unit/test-gatt.c
 unit_test_gatt_LDADD = src/libshared-glib.la \
@@ -504,7 +505,8 @@ unit_test_gattrib_LDADD = lib/libbluetoo
 			$(GLIB_LIBS) $(DBUS_LIBS) -ldl -lrt
 if MIDI
 -unit_tests += unit/test-midi
 +# fails on i386??? or just random?
 +#unit_tests += unit/test-midi
 unit_test_midi_CPPFLAGS = $(AM_CPPFLAGS) $(ALSA_CFLAGS) -DMIDI_TEST
 unit_test_midi_SOURCES = unit/test-midi.c \
 			profiles/midi/libmidi.h \
--- a/bluez-patches.tar.xz
+++ b/bluez-patches.tar.xz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:ab8dc3a4bc77b1dadc8e29e033c9b8590bbe1720ba9e5f1cff3b91b09746c078
 size 2924
--- a/bluez-sdp-unix-path.patch
+++ b/bluez-sdp-unix-path.patch
@ -0,0 +1,11 @@
 --- bluez-5.8.orig/lib/sdp.h
 +++ bluez-5.8/lib/sdp.h
@@ -34,7 +34,7 @@ extern "C" {
 #include <stdint.h>
 #include <bluetooth/bluetooth.h>
 -#define SDP_UNIX_PATH "/var/run/sdp"
 +#define SDP_UNIX_PATH "/run/sdp"
 #define SDP_RESPONSE_TIMEOUT	20
 #define SDP_REQ_BUFFER_SIZE	2048
 #define SDP_RSP_BUFFER_SIZE	65535
--- a/bluez.changes
+++ b/bluez.changes
@ -1,3 +1,9 @@
 -------------------------------------------------------------------
 Mon Oct  7 14:56:28 UTC 2019 - Stefan Seyfried <seife+obs@b1-systems.com>
 - add 0001-mesh-Fix-segmentation-fault-on-Join-call.patch
  (boo#1152672)
 -------------------------------------------------------------------
 Sun Oct  6 13:24:51 UTC 2019 - Stefan Seyfried <seife+obs@b1-systems.com>
@ -53,9 +59,8 @@ Fri Sep 20 19:32:43 UTC 2019 - Stefan Seyfried <seife+obs@b1-systems.com>
  * bluez-5.50-a2dp-backports.patch
  * bluez-5.50-gcc9.patch
  * disable_some_obex_tests.patch
- refreshed bluez-cups-libexec.patch
+  * bluez-5.45-disable-broken-tests.diff
- rebased bluez-5.45-disable-broken-tests.diff to bluez-5.51-
+- add bluez-disable-broken-tests.diff
  disable-broken-tests.diff
 - add temporary rpmlintrc until security team approves
 -------------------------------------------------------------------
--- a/bluez.spec
+++ b/bluez.spec
@ -28,9 +28,24 @@ License:        GPL-2.0-or-later
 Group:          Hardware/Mobile
 Url:            http://www.bluez.org
 Source:         http://www.kernel.org/pub/linux/bluetooth/bluez-%{version}.tar.xz
 Source1:        bluez-patches.tar.xz
 Source5:        baselibs.conf
 Source7:        bluetooth.modprobe
 # fix some logitech HID devices, bnc#681049, bnc#850478 --seife+obs@b1-systems.com
 Patch1:         bluez-5.11-logitech-hid2hci.patch
 Patch2:         bluez-sdp-unix-path.patch
 # PATCH-FIX-UPSTREAM: find the cups dir in libexec not in libdir
 Patch3:         bluez-cups-libexec.patch
 # workaround for broken tests (reported upstream but not yet fixed)
 Patch4:         bluez-disable-broken-tests.diff
 # boo#1152672, upstream fix
 Patch5:         0001-mesh-Fix-segmentation-fault-on-Join-call.patch
 # Move 43xx firmware path for RPi3 bluetooth support bsc#1140688
 Patch10:        RPi-Move-the-43xx-firmware-into-lib-firmware.patch
 # Upstream suggests to use btmon instead of hcidump and does not want those patches
 # => PATCH-FIX-OPENSUSE for those two :-)
 # fix some memory leak with malformed packet (reported upstream but not yet fixed)
 Patch101:       CVE-2016-9800-tool-hcidump-Fix-memory-leak-with-malformed-packet.patch
 Patch102:       CVE-2016-9804-tool-hcidump-Fix-memory-leak-with-malformed-packet.patch
 BuildRequires:  automake
 BuildRequires:  flex
@ -133,10 +148,15 @@ desktop specific applets like blueman or GNOME or KDE applets).
 {  systemctl status -n0 bluetooth.service > /dev/null && systemctl restart bluetooth.service ; } ||:
 %prep
-%setup -q -a 1
+%setup -q
-for i in $(cat bluez-patches/series); do
+%patch1 -p1
-  patch -p1 -i bluez-patches/$i --fuzz=%{_default_patch_fuzz} %{_default_patch_flags} || exit 1
+%patch2 -p1
-done
+%patch3 -p1
 %patch4 -p1
 %patch5 -p1
 %patch10 -p1
 %patch101 -p1
 %patch102 -p1
 mkdir dbus-apis
 cp -a doc/*.txt dbus-apis/
 # FIXME: Change the dbus service to be a real service, not systemd launched