Add patch to fix crashes when devices disconnect or go to sleep

OBS-URL: https://build.opensuse.org/package/show/Base:System/bluez?expand=0&rev=378
This commit is contained in:
Dirk Mueller 2024-09-24 11:30:39 +00:00 committed by Git OBS Bridge
commit bce1ec75c2
21 changed files with 6563 additions and 0 deletions

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.osc

View File

@ -0,0 +1,35 @@
From 4de2871675d3b039b5797e77cc1d6ce4070e86b2 Mon Sep 17 00:00:00 2001
From: Phil Elwell <phil@raspberrypi.org>
Date: Tue, 16 Feb 2016 16:39:09 +0000
Subject: [PATCH] bcm43xx: The UART speed must be reset after the firmware
download
---
tools/hciattach_bcm43xx.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
Index: bluez-5.71/tools/hciattach_bcm43xx.c
===================================================================
--- bluez-5.71.orig/tools/hciattach_bcm43xx.c
+++ bluez-5.71/tools/hciattach_bcm43xx.c
@@ -350,11 +350,8 @@ int bcm43xx_init(int fd, int def_speed,
return -1;
if (bcm43xx_locate_patch(FIRMWARE_DIR, chip_name, fw_path)) {
- fprintf(stderr, "Patch not found, continue anyway\n");
+ fprintf(stderr, "Patch not found for %s, continue anyway\n", chip_name);
} else {
- if (bcm43xx_set_speed(fd, ti, speed))
- return -1;
-
if (bcm43xx_load_firmware(fd, fw_path))
return -1;
@@ -364,6 +361,7 @@ int bcm43xx_init(int fd, int def_speed,
return -1;
}
+ sleep(1);
if (bcm43xx_reset(fd))
return -1;
}

View File

@ -0,0 +1,34 @@
# Upstream suggests to use btmon instead of hcidump and does not want those patches
# => PATCH-FIX-OPENSUSE for those two :-)
# fix some memory leak with malformed packet (reported upstream but not yet fixed)
From 5ca9510314d15d562e9ef5515a5483be5f28258d Mon Sep 17 00:00:00 2001
From: "Cho, Yu-Chen" <acho@suse.com>
Date: Wed, 21 Mar 2018 17:32:45 +0800
Subject: [PATCH BlueZ] tool/hcidump: Fix memory leak with malformed packet
Do not allow to read more then buffer size.
---
tools/parser/hci.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
Index: bluez-5.65/tools/parser/hci.c
===================================================================
--- bluez-5.65.orig/tools/parser/hci.c
+++ bluez-5.65/tools/parser/hci.c
@@ -976,8 +976,14 @@ static inline void pin_code_reply_dump(i
memset(pin, 0, sizeof(pin));
if (parser.flags & DUMP_NOVENDOR)
memset(pin, '*', cp->pin_len);
- else
+ else {
+ if (cp->pin_len > sizeof(pin)){
+ perror("Read failed");
+ exit(1);
+ }
+
memcpy(pin, cp->pin_code, cp->pin_len);
+ }
printf("bdaddr %s len %d pin \'%s\'\n", addr, cp->pin_len, pin);
}

View File

@ -0,0 +1,31 @@
# Upstream suggests to use btmon instead of hcidump and does not want those patches
# => PATCH-FIX-OPENSUSE for those two :-)
# fix some memory leak with malformed packet (reported upstream but not yet fixed)
From 00f50518f232c758855ac9884a841f707f41a301 Mon Sep 17 00:00:00 2001
From: "Cho, Yu-Chen" <acho@suse.com>
Date: Thu, 3 May 2018 18:52:19 +0800
Subject: [PATCH BlueZ] tool/hcidump: Fix memory leak with malformed packet
The Supported Commands is a 64 octet bit field.
Do not allow to read more then the size.
---
tools/parser/csr.c | 5 +++++
1 file changed, 5 insertions(+)
Index: bluez-5.65/tools/parser/csr.c
===================================================================
--- bluez-5.65.orig/tools/parser/csr.c
+++ bluez-5.65/tools/parser/csr.c
@@ -133,6 +133,11 @@ static inline void commands_dump(int lev
unsigned char commands[64];
unsigned int i;
+ if (frm->len > 64) {
+ perror("Read failed");
+ exit(1);
+ }
+
memcpy(commands, frm->ptr, frm->len);
p_indent(level, frm);

View File

@ -0,0 +1,121 @@
From 9a6a84a8a2b9336c2cdb943146207cb8a5a5260c Mon Sep 17 00:00:00 2001
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Date: Mon, 16 Sep 2024 16:00:31 -0400
Subject: [PATCH] shared/uhid: Fix crash after bt_uhid_unregister_all
This fixes the following crash which happens when
bt_uhid_unregister_all is called from a notification callback:
Invalid read of size 8
at 0x1D9EFF: queue_foreach (queue.c:206)
by 0x1DEE58: uhid_read_handler (uhid.c:164)
Address 0x51286d8 is 8 bytes inside a block of size 16 free'd
at 0x48478EF: free (vg_replace_malloc.c:989)
by 0x1DA08D: queue_remove_if (queue.c:292)
by 0x1DA12F: queue_remove_all (queue.c:321)
by 0x1DE592: bt_uhid_unregister_all (uhid.c:300)
Fixes: https://github.com/bluez/bluez/issues/952
---
src/shared/uhid.c | 47 ++++++++++++++++++++++++++++++++++++++++++++---
1 file changed, 44 insertions(+), 3 deletions(-)
diff --git a/src/shared/uhid.c b/src/shared/uhid.c
index ed21e1399..20bd26781 100644
--- a/src/shared/uhid.c
+++ b/src/shared/uhid.c
@@ -42,6 +42,7 @@ struct bt_uhid {
int ref_count;
struct io *io;
unsigned int notify_id;
+ bool notifying;
struct queue *notify_list;
struct queue *input;
uint8_t type;
@@ -56,6 +57,7 @@ struct uhid_notify {
uint32_t event;
bt_uhid_callback_t func;
void *user_data;
+ bool removed;
};
static void uhid_replay_free(struct uhid_replay *replay)
@@ -134,6 +136,28 @@ static int bt_uhid_record(struct bt_uhid *uhid, bool input,
return 0;
}
+static bool match_removed(const void *a, const void *b)
+{
+ const struct uhid_notify *notify = a;
+
+ return notify->removed;
+}
+
+static void uhid_notify(struct bt_uhid *uhid, struct uhid_event *ev)
+{
+ /* Add a reference to the uhid to ensure it doesn't get freed while at
+ * notify_handler.
+ */
+ bt_uhid_ref(uhid);
+
+ uhid->notifying = true;
+ queue_foreach(uhid->notify_list, notify_handler, ev);
+ uhid->notifying = false;
+ queue_remove_all(uhid->notify_list, match_removed, NULL, free);
+
+ bt_uhid_unref(uhid);
+}
+
static bool uhid_read_handler(struct io *io, void *user_data)
{
struct bt_uhid *uhid = user_data;
@@ -161,7 +185,7 @@ static bool uhid_read_handler(struct io *io, void *user_data)
break;
}
- queue_foreach(uhid->notify_list, notify_handler, &ev);
+ uhid_notify(uhid, &ev);
return true;
}
@@ -292,13 +316,30 @@ static bool match_not_id(const void *a, const void *b)
return notify->id != id;
}
+static void uhid_notify_removed(void *data, void *user_data)
+{
+ struct uhid_notify *notify = data;
+ struct bt_uhid *uhid = user_data;
+
+ /* Skip marking start_id as removed since that is not removed with
+ * unregister all.
+ */
+ if (notify->id == uhid->start_id)
+ return;
+
+ notify->removed = true;
+}
+
bool bt_uhid_unregister_all(struct bt_uhid *uhid)
{
if (!uhid)
return false;
- queue_remove_all(uhid->notify_list, match_not_id,
+ if (!uhid->notifying)
+ queue_remove_all(uhid->notify_list, match_not_id,
UINT_TO_PTR(uhid->start_id), free);
+ else
+ queue_foreach(uhid->notify_list, uhid_notify_removed, uhid);
return true;
}
@@ -588,7 +629,7 @@ int bt_uhid_replay(struct bt_uhid *uhid)
return 0;
}
- queue_foreach(uhid->notify_list, notify_handler, ev);
+ uhid_notify(uhid, ev);
return 0;
}

4
baselibs.conf Normal file
View File

@ -0,0 +1,4 @@
libbluetooth3
bluez-devel
requires -bluez-<targettype>
requires "libbluetooth3-<targettype> = <version>"

3
bluetooth.modprobe Normal file
View File

@ -0,0 +1,3 @@
# use "reset=1" as default, since it should be safe for recent devices and
# solves all kind of problems.
options btusb reset=1

View File

@ -0,0 +1,25 @@
# fix some logitech HID devices, bnc#681049, bnc#850478 --seife+obs@b1-systems.com
Apparently some Logitech devices need different rules.
https://bugzilla.novell.com/show_bug.cgi?id=681049
https://bugzilla.novell.com/show_bug.cgi?id=850478
Index: b/tools/hid2hci.rules
===================================================================
--- a/tools/hid2hci.rules
+++ b/tools/hid2hci.rules
@@ -9,11 +9,13 @@ SUBSYSTEM!="usb*", GOTO="hid2hci_end"
ATTR{bInterfaceClass}=="03", ATTR{bInterfaceSubClass}=="01", ATTR{bInterfaceProtocol}=="02", \
ATTRS{bDeviceClass}=="00", ATTRS{idVendor}=="413c", ATTRS{bmAttributes}=="e0", \
RUN+="hid2hci --method=dell --devpath=%p", ENV{HID2HCI_SWITCH}="1"
# Logitech devices
-KERNEL=="hiddev*", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c70[345abce]|c71[34bc]", \
+KERNEL=="hiddev*", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c70[5e]", \
+ RUN+="hid2hci --method=logitech-hid --devpath=%p"
+KERNEL=="hidraw*", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c70[34abc]|c71[34bc]", \
RUN+="hid2hci --method=logitech-hid --devpath=%p"
ENV{DEVTYPE}!="usb_device", GOTO="hid2hci_end"
# When a Dell device recovers from S3, the mouse child needs to be repoked

BIN
bluez-5.77.tar.xz (Stored with Git LFS) Normal file

Binary file not shown.

BIN
bluez-5.78.tar.xz (Stored with Git LFS) Normal file

Binary file not shown.

View File

@ -0,0 +1,22 @@
Index: bluez-5.71/Makefile.am
===================================================================
--- bluez-5.71.orig/Makefile.am
+++ bluez-5.71/Makefile.am
@@ -679,7 +679,7 @@ unit_test_bass_SOURCES = unit/test-bass.
unit_test_bass_LDADD = src/libshared-glib.la \
lib/libbluetooth-internal.la $(GLIB_LIBS)
-unit_tests += unit/test-vcp
+# unit_tests += unit/test-vcp
unit_test_vcp_SOURCES = unit/test-vcp.c $(btio_sources)
unit_test_vcp_LDADD = src/libshared-glib.la \
@@ -696,7 +696,7 @@ unit_test_midi_LDADD = src/libshared-gli
endif
if MESH
-unit_tests += unit/test-mesh-crypto
+#unit_tests += unit/test-mesh-crypto
unit_test_mesh_crypto_CPPFLAGS = $(ell_cflags)
unit_test_mesh_crypto_SOURCES = unit/test-mesh-crypto.c \
mesh/crypto.h ell/internal ell/ell.h

View File

@ -0,0 +1,22 @@
Subject: avoid cups-devel buildrequires
Author: Stefan Seyfried <seife+obs@b1-sytems.com>
Date: 2024-08-15
The only thing required from cups-devel during build is the cups_serverbin
variable. Unfortunately, pulling in cups-devel creates a huge dependency
loop.
To avoid this, just hardcode the cups_serverbin value for now.
Index: b/configure.ac
===================================================================
--- a/configure.ac
+++ b/configure.ac
@@ -252,7 +252,7 @@ AC_ARG_ENABLE(cups, AS_HELP_STRING([--di
AM_CONDITIONAL(CUPS, test "${enable_cups}" != "no")
if (test "${enable_cups}" != "no"); then
AC_MSG_CHECKING([cups directory])
- cups_serverbin=`$PKG_CONFIG cups --variable=cups_serverbin`
+ cups_serverbin="/usr/lib/cups"
AC_MSG_RESULT([${cups_serverbin}])
fi
AM_CONDITIONAL(CUPS_SERVERBIN, test "${cups_serverbin}" != "")

13
bluez-sdp-unix-path.patch Normal file
View File

@ -0,0 +1,13 @@
Index: bluez-5.65/lib/sdp.h
===================================================================
--- bluez-5.65.orig/lib/sdp.h
+++ bluez-5.65/lib/sdp.h
@@ -21,7 +21,7 @@ extern "C" {
#include <stdint.h>
#include <bluetooth/bluetooth.h>
-#define SDP_UNIX_PATH "/var/run/sdp"
+#define SDP_UNIX_PATH "/run/sdp"
#define SDP_RESPONSE_TIMEOUT 20
#define SDP_REQ_BUFFER_SIZE 2048
#define SDP_RSP_BUFFER_SIZE 65535

2996
bluez.changes Normal file

File diff suppressed because it is too large Load Diff

2476
bluez.changes.sle Normal file

File diff suppressed because it is too large Load Diff

505
bluez.spec Normal file
View File

@ -0,0 +1,505 @@
#
# spec file for package bluez
#
# Copyright (c) 2024 SUSE LLC
# Copyright (c) 2010-2020 B1 Systems GmbH, Vohburg, Germany
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150200
%bcond_without mesh
%else
%bcond_with mesh
%endif
%bcond_without bluez_deprecated
%if 0%{?suse_version} < 1550 && 0%{?sle_version} <= 150300
# systemd-rpm-macros is wrong in 15.3 and below
%global _modprobedir /lib/modprobe.d
%endif
%global modprobe_d_files 50-bluetooth.conf
%if %{undefined _firmwaredir}
%define _firmwaredir /lib/firmware
%endif
Name: bluez
Version: 5.78
Release: 0
Summary: Bluetooth Stack for Linux
License: GPL-2.0-or-later
Group: Hardware/Mobile
URL: https://www.bluez.org
Source: https://www.kernel.org/pub/linux/bluetooth/bluez-%{version}.tar.xz
# we still want debuginfo
#KEEP NOSOURCE DEBUGINFO
Source5: baselibs.conf
Source7: bluetooth.modprobe
Source9: bluez.changes.sle
# fix some logitech HID devices, bnc#681049, bnc#850478 --seife+obs@b1-systems.com
Patch1: bluez-5.11-logitech-hid2hci.patch
Patch2: bluez-sdp-unix-path.patch
# avoid cups-devel buildrequires --seife+obs@b1-systems.com
Patch3: bluez-no-cups-devel-buildreq.patch
# workaround for broken tests (reported upstream but not yet fixed)
Patch4: bluez-disable-broken-tests.diff
# disable tests for bypass boo#1078285
Patch12: disable_some_obex_tests.patch
# bsc#1013708 CVE-2016-9797
Patch14: hcidump-Add-assoc-dump-function-assoc-date-length-ch.patch
# bsc#1015171 CVE-2016-9917
Patch15: hcidump-Fix-memory-leak-with-malformed-packet.patch
# bsc#1013712 CVE-2016-9798
Patch16: hcidump-Fixed-malformed-segment-frame-length.patch
# Fix crash when devices disconnect or go to sleep. Upstream issue 952
Patch17: Fix-crash-after-bt_uhid_unregister_all.patch
# Upstream suggests to use btmon instead of hcidump and does not want those patches
# => PATCH-FIX-OPENSUSE for those two :-)
# fix some memory leak with malformed packet (reported upstream but not yet fixed)
Patch101: CVE-2016-9800-tool-hcidump-Fix-memory-leak-with-malformed-packet.patch
Patch102: CVE-2016-9804-tool-hcidump-Fix-memory-leak-with-malformed-packet.patch
# Move 43xx firmware path for RPi3 bluetooth support bsc#1140688 bsc#995059 bsc#1094902
Patch201: 0001-rpi3-bcm43xx-The-UART-speed-must-be-reset-after-the-firmw.patch
# mesh-cfgtest only compiles with gcc8 or newer, Leap 15 has gcc7.5.0 as default
%if 0%{?suse_version} < 1550
BuildRequires: gcc8
%endif
BuildRequires: automake
BuildRequires: flex
BuildRequires: libtool
BuildRequires: pkgconfig
BuildRequires: readline-devel
BuildRequires: systemd-rpm-macros
BuildRequires: pkgconfig(alsa)
BuildRequires: pkgconfig(check)
## we use bluez-no-cups-devel-buildreq.patch instead to avoid a build loop
# BuildRequires: pkgconfig(cups)
BuildRequires: pkgconfig(dbus-1) >= 1.6
BuildRequires: pkgconfig(glib-2.0) >= 2.28
BuildRequires: pkgconfig(libcap-ng)
BuildRequires: pkgconfig(libical)
BuildRequires: pkgconfig(libudev)
BuildRequires: pkgconfig(sndfile)
BuildRequires: pkgconfig(udev)
# for rst2man
BuildRequires: python3-docutils
BuildRequires: python3-Pygments
# libgio-2_0-0 has a runtime dependency on shared-mime-info, which is not
# required for building here, but causes a build loop
#!BuildIgnore: shared-mime-info
Requires(post): systemd
Recommends: sbc
Provides: bluez-utils = 3.36
Obsoletes: bluez-utils < 3.36
Provides: bluez-audio = 3.36
Obsoletes: bluez-audio < 3.36
Obsoletes: bluez-hcidump < 5.0
Provides: bluez-hcidump = %{version}
Obsoletes: obexd-client < 5.0
Provides: obexd-client = %{version}
%{?systemd_requires}
%if 0%{?suse_version} >= 1550
BuildRequires: pkgconfig(ell) >= 0.39
%endif
%if %{with mesh}
# json-c is needed for --enable-mesh
BuildRequires: pkgconfig(json-c)
%endif
%description
BlueZ provides support for the core Bluetooth layers and protocols.
%package devel
Summary: Files needed for BlueZ development
License: GPL-2.0-or-later
Group: Development/Languages/C and C++
Requires: libbluetooth3 = %{version}
%description devel
Files needed to develop applications for the BlueZ Bluetooth protocol
stack.
%package -n libbluetooth3
Summary: Bluetooth Libraries
License: GPL-2.0-or-later
Group: System/Libraries
Provides: bluez-libs = 3.36
Obsoletes: bluez-libs < 3.36
%description -n libbluetooth3
BlueZ provides support for the core Bluetooth layers and protocols.
It is uses a modular implementation. It has many interesting features:
* Multithreaded data processing
* Support for multiple Bluetooth devices
* Real hardware abstraction
* Standard socket interface to all layers
* Device and service level security support
%package cups
Summary: CUPS Driver for Bluetooth Printers
License: GPL-2.0-or-later
Group: Hardware/Printing
Requires: %{name}
Requires: cups
Supplements: (%{name} and cups)
%description cups
Contains the files required by CUPS for printing to Bluetooth-connected
printers.
%package test
Summary: Tools for testing of various Bluetooth-functions
License: GPL-2.0-or-later AND MIT
Group: Development/Tools/Debuggers
Requires: python3-dbus-python
Requires: python3-gobject
%description test
Contains a few tools for testing various bluetooth functions. The
BLUETOOTH trademarks are owned by Bluetooth SIG, Inc., U.S.A.
%package auto-enable-devices
Summary: Configuration that automatically enables all bluetooth devices
License: GPL-2.0-or-later
Group: Hardware/Mobile
BuildArch: noarch
Requires(post): systemd
%description auto-enable-devices
Contains configuration that automatically enables all bluetooth devices
that are connected to the system if no other tool is handling them (e.g.
desktop specific applets like blueman or GNOME or KDE applets).
%post auto-enable-devices
{ systemctl status -n0 bluetooth.service > /dev/null && systemctl restart bluetooth.service ; } ||:
%postun auto-enable-devices
{ systemctl status -n0 bluetooth.service > /dev/null && systemctl restart bluetooth.service ; } ||:
%if %{with bluez_deprecated}
%package deprecated
Summary: Bluez tools that upstream considers obsolete
License: GPL-2.0-or-later
Group: Hardware/Mobile
%description deprecated
This package contains tools from the bluez package that are only built
if the "--enable-deprecated" switch is used. These are considered obsolete
by the upstream developers and might contain serious issues, even security
bugs. Use at your own risk.
Note that this package will go away before end of 2020, change your code
to use the modern tools instead.
%endif
%package obexd
Summary: Object Exchange daemon for sharing binary objects
License: GPL-2.0-or-later
Group: Hardware/Mobile
Requires: bluez = %{version}
Supplements: bluedevil5
Supplements: blueman
Supplements: gnome-bluetooth
%description obexd
This is an object exchange daemon for binary objects transferring between
devices. obexd is necessary to install for sharing files, contacts
etc. through bluetooth.
%package zsh-completion
Summary: Zsh completion for bluez
Group: System/Management
Requires: %{name}
Requires: zsh
Supplements: (%{name} and zsh)
BuildArch: noarch
%description zsh-completion
This package contain the zsh completion command for the Bluetooth Stack for Linux.
%prep
%autosetup -p1
mkdir dbus-apis
cp -a doc/*.txt dbus-apis/
# for auto-enable subpackage
sed -i '/^#AutoEnable=false/aAutoEnable=true' src/main.conf
# Fix shebangs in test files
%{?python3_fix_shebang_path:%python3_fix_shebang_path test/*}
%build
%if 0%{?suse_version} < 1550
echo 0%{?suse_version}
export CC=gcc-8
%endif
# header file has "#ifndef FIRMWARE_DIR...#define FIRMWARE_DIR /etc/firmare"
# instead of patching, just supply FIRMWARE_DIR on compiler's command line
export CPPFLAGS="$CPPFLAGS -DFIRMWARE_DIR='\"%{_firmwaredir}\"'"
# because of patch4...
autoreconf -fi
# --enable-experimental is needed or btattach does not build (bug?)
%configure \
--disable-silent-rules \
--enable-pie \
--enable-library \
--enable-tools \
--enable-cups \
--enable-hid2hci \
--enable-admin \
%if %{with mesh}
--enable-mesh \
%endif
--enable-midi \
--enable-test \
--enable-experimental \
%if %{with bluez_deprecated}
--enable-deprecated \
%endif
--enable-datafiles \
--enable-sixaxis \
--with-dbusconfdir=%{_datadir} \
%if 0%{?suse_version} >= 1550
--enable-external-ell \
%endif
--with-systemdsystemunitdir=%{_unitdir} \
--with-systemduserunitdir=%{_userunitdir}
%make_build all
%install
%make_install
find %{buildroot} -type f -name "*.la" -delete -print
install --mode=0644 -D %{SOURCE7} %{buildroot}/%{_modprobedir}/50-bluetooth.conf
# no idea why this is suddenly necessary...
install --mode 0755 -d %{buildroot}%{_localstatedir}/lib/bluetooth
## same as in fedora...
# "make install" fails to install gatttool, used with Bluetooth Low Energy
# boo#970628
%if %{with bluez_deprecated}
install -m0755 attrib/gatttool %{buildroot}%{_bindir}
%endif
## install btgatt-client for -test package, see
## https://www.spinics.net/lists/linux-bluetooth/msg63258.html
install -m0755 tools/btgatt-client %{buildroot}%{_bindir}
# btmgmt can be useful
install -m0755 tools/btmgmt %{buildroot}%{_bindir}
# avinfo can be useful for debugging
install -m0755 tools/avinfo %{buildroot}%{_bindir}
# for auto-enable subpackage
find . -name main.conf
install --mode 0644 -D src/main.conf %{buildroot}/%{_sysconfdir}/bluetooth/main.conf
# rpmlint warnings...
cd %{buildroot}%{_libdir}/bluez/test
chmod 0644 *.py *.xml *.dtd
mkdir -p %{buildroot}%{_defaultdocdir}/%{name}
cp %{SOURCE9} %{buildroot}%{_defaultdocdir}/%{name}
%if %{with mesh}
# boo#1151518
mv %{buildroot}%{_datadir}/dbus-1/system.d/bluetooth-mesh.conf %{buildroot}%{_defaultdocdir}/%{name}
mv %{buildroot}%{_datadir}/dbus-1/system-services/org.bluez.mesh.service %{buildroot}%{_defaultdocdir}/%{name}
cat > %{buildroot}%{_defaultdocdir}/%{name}/README-mesh.SUSE << EOF
The bluetooth-mesh dbus system config has been disabled due to security
concerns. See https://bugzilla.opensuse.org/show_bug.cgi?id=1151518 for
details.
If you want to use this feature anyway, copy
bluetooth-mesh.conf to %{_sysconfdir}/dbus-1/systemd.d/ and
org.bluez.mesh.service to %{_sysconfdir}/dbus-1/system-services/,
then reboot.
EOF
touch -r %{SOURCE0} %{buildroot}%{_defaultdocdir}/%{name}/README-mesh.SUSE
%endif
%check
%if ! 0%{?qemu_user_space_build}
##make %%{?_smp_mflags} check
# deliberately not running parallel, as the test suite has spurious failures otherwise
%make_build check V=0
%endif
%pre
%service_add_pre bluetooth.service bluetooth-mesh.service
# Avoid restoring outdated stuff in posttrans
for _f in %{?modprobe_d_files}; do
[ ! -f "/etc/modprobe.d/${_f}.rpmsave" ] || \
mv -f "/etc/modprobe.d/${_f}.rpmsave" "/etc/modprobe.d/${_f}.rpmsave.old" || :
done
%post
%{?udev_rules_update:%udev_rules_update}
# todo: check if this is still obeyed / needed with systemd
%{fillup_only -n bluetooth}
# We need the bluez systemd service enabled at any time. It won't start up
# on its own, as it is triggered by udev in the end (bnc#796671)
%{_bindir}/systemctl enable bluetooth.service 2>&1 || :
%{_bindir}/systemctl daemon-reload >/dev/null 2>&1 || :
%preun
%service_del_preun bluetooth.service bluetooth-mesh.service
%postun
%service_del_postun bluetooth.service bluetooth-mesh.service
%posttrans
# Migration of modprobe.conf files to _modprobedir
for _f in %{?modprobe_d_files}; do
[ ! -f "/etc/modprobe.d/${_f}.rpmsave" ] || \
mv -fv "/etc/modprobe.d/${_f}.rpmsave" "/etc/modprobe.d/${_f}" || :
done
%post -n libbluetooth3 -p /sbin/ldconfig
%postun -n libbluetooth3 -p /sbin/ldconfig
%pre obexd
%systemd_user_pre obex.service
%post obexd
%systemd_user_post obex.service
%preun obexd
%systemd_user_preun obex.service
%postun obexd
%systemd_user_postun obex.service
%files
%doc AUTHORS ChangeLog README dbus-apis src/main.conf
%if %{with mesh}
%doc %{_defaultdocdir}/%{name}/*
%endif
%license COPYING
%{_bindir}/bluemoon
%{_bindir}/btattach
%{_bindir}/btmgmt
%{_bindir}/l2ping
%{_bindir}/hex2hcd
%{_bindir}/isotest
%{_bindir}/mpris-proxy
%dir %{_libexecdir}/bluetooth
%{_libexecdir}/bluetooth/bluetoothd
%if %{with mesh}
%{_libexecdir}/bluetooth/bluetooth-meshd
%{_bindir}/mesh-cfgtest
%{_mandir}/man8/bluetooth-meshd.8%{?ext_man}
%endif
%{_bindir}/bluetoothctl
%{_bindir}/btmon
%if %{with mesh}
%{_bindir}/meshctl
%{_bindir}/mesh-cfgclient
%endif
%{_prefix}/lib/udev/
%{_mandir}/man1/btattach.1%{?ext_man}
%{_mandir}/man1/btmon.1%{?ext_man}
%{_mandir}/man1/isotest.1%{?ext_man}
%{_mandir}/man8/bluetoothd.8%{?ext_man}
%{_mandir}/man1/hid2hci.1%{?ext_man}
%{_mandir}/man1/l2ping.1%{?ext_man}
%{_mandir}/man1/rctest.1%{?ext_man}
%{_mandir}/man1/bluetoothctl.1%{?ext_man}
%{_mandir}/man1/bluetoothctl-mgmt.1%{?ext_man}
%{_mandir}/man1/bluetoothctl-monitor.1%{?ext_man}
%{_mandir}/man1/bluetoothctl-admin.1%{?ext_man}
%{_mandir}/man1/bluetoothctl-advertise.1%{?ext_man}
%{_mandir}/man1/bluetoothctl-endpoint.1%{?ext_man}
%{_mandir}/man1/bluetoothctl-gatt.1%{?ext_man}
%{_mandir}/man1/bluetoothctl-player.1%{?ext_man}
%{_mandir}/man1/bluetoothctl-scan.1%{?ext_man}
%{_mandir}/man1/bluetoothctl-transport.1%{?ext_man}
%{_mandir}/man1/bluetoothctl-assistant.1%{?ext_man}
%{_mandir}/man1/btmgmt.1%{?ext_man}
%{_mandir}/man5/org.bluez.*.5%{?ext_man}
%{_datadir}/dbus-1/system.d/bluetooth.conf
# not packaged, boo#1151518
###%%{_datadir}/dbus-1/system.d/bluetooth-mesh.conf
%dir %{_localstatedir}/lib/bluetooth
%dir %{_modprobedir}
%{_modprobedir}/50-bluetooth.conf
%{_unitdir}/bluetooth.service
%if %{with mesh}
%{_unitdir}/bluetooth-mesh.service
%endif
%{_datadir}/dbus-1/system-services/org.bluez.service
# not packaged, boo#1151518
###%%{_datadir}/dbus-1/system-services/org.bluez.mesh.service
%config(noreplace) %{_sysconfdir}/bluetooth/input.conf
%config(noreplace) %{_sysconfdir}/bluetooth/mesh-main.conf
%config(noreplace) %{_sysconfdir}/bluetooth/network.conf
%files obexd
%{_libexecdir}/bluetooth/obexd
%{_datadir}/dbus-1/services/org.bluez.obex.service
%{_userunitdir}/obex.service
%{_userunitdir}/dbus-org.bluez.obex.service
%if %{with bluez_deprecated}
%files deprecated
%{_bindir}/gatttool
%{_bindir}/hcitool
%{_bindir}/rfcomm
%{_bindir}/sdptool
%{_bindir}/ciptool
%{_bindir}/hciattach
%{_bindir}/hciconfig
%{_bindir}/hcidump
%{_mandir}/man1/hcidump.1%{?ext_man}
%{_mandir}/man1/hciattach.1%{?ext_man}
%{_mandir}/man1/hciconfig.1%{?ext_man}
%{_mandir}/man1/hcitool.1%{?ext_man}
%{_mandir}/man1/sdptool.1%{?ext_man}
%{_mandir}/man1/ciptool.1%{?ext_man}
%{_mandir}/man1/rfcomm.1%{?ext_man}
%{_mandir}/man7/rfcomm.7%{?ext_man}
%endif
%files devel
%{_includedir}/bluetooth
%{_libdir}/libbluetooth.so
%{_libdir}/pkgconfig/bluez.pc
%files -n libbluetooth3
%{_libdir}/libbluetooth.so.*
%doc AUTHORS ChangeLog README
%license COPYING
%files cups
%dir %{_prefix}/lib/cups
%dir %{_prefix}/lib/cups/backend
%{_prefix}/lib/cups/backend/bluetooth
%files test
%{_bindir}/avinfo
#{_bindir}/hciemu
%{_bindir}/l2test
%{_bindir}/rctest
%{_bindir}/btgatt-client
%dir %{_libdir}/bluez
%{_libdir}/bluez/test
%{_mandir}/man7/l2cap.7%{?ext_man}
%files auto-enable-devices
%dir %{_sysconfdir}/bluetooth
%config(noreplace) %{_sysconfdir}/bluetooth/main.conf
%files zsh-completion
%{_datadir}/zsh/site-functions/_bluetoothctl
%changelog

View File

@ -0,0 +1,28 @@
From: Michel Normand <normand@linux.vnet.ibm.com>
Subject: disable some obex tests
Date: Tue, 30 Jan 2018 17:01:45 +0100
disable some obex tests as transient failures
reported by bug
https://bugzilla.suse.com/show_bug.cgi?id=1078285
Signed-off-by: Michel Normand <normand@linux.vnet.ibm.com>
---
Makefile.am | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
Index: bluez-5.71/Makefile.am
===================================================================
--- bluez-5.71.orig/Makefile.am
+++ bluez-5.71/Makefile.am
@@ -602,8 +602,8 @@ unit_test_gdbus_client_LDADD = gdbus/lib
src/libshared-glib.la $(GLIB_LIBS) $(DBUS_LIBS)
if OBEX
-unit_tests += unit/test-gobex-header unit/test-gobex-packet unit/test-gobex \
- unit/test-gobex-transfer unit/test-gobex-apparam
+unit_tests += unit/test-gobex-header unit/test-gobex-packet \
+ unit/test-gobex-apparam
unit_test_gobex_SOURCES = $(gobex_sources) unit/util.c unit/util.h \
unit/test-gobex.c

View File

@ -0,0 +1,159 @@
From 08a69d36726b6345df6e64892cadd5ab5d5ca2a6 Mon Sep 17 00:00:00 2001
From: "Cho, Yu-Chen" <acho@suse.com>
Date: Tue, 19 Mar 2019 15:54:09 +0800
Subject: [PATCH BlueZ] hcidump: Add assoc dump function assoc date length check
amp_assoc_dump() didn't check the length of amp assoc struct.
If there is wrong length size of assoc date, amp_assoc_dump() and
amp_dump_chanlist() will read over the size(heap-buffer-overflow).
use t_len to save the length avoid use the wrong size of date.
---
tools/parser/amp.c | 35 +++++++++++++++++++++++++++--------
tools/parser/hci.c | 4 ++--
tools/parser/l2cap.c | 6 ++++--
tools/parser/parser.h | 2 +-
4 files changed, 34 insertions(+), 13 deletions(-)
Index: bluez-5.65/tools/parser/amp.c
===================================================================
--- bluez-5.65.orig/tools/parser/amp.c
+++ bluez-5.65/tools/parser/amp.c
@@ -15,7 +15,8 @@
#include "parser.h"
#include "lib/amp.h"
-static void amp_dump_chanlist(int level, struct amp_tlv *tlv, char *prefix)
+static void amp_dump_chanlist(int level, struct amp_tlv *tlv,
+ uint16_t t_len, char *prefix)
{
struct amp_chan_list *chan_list = (void *) tlv->val;
struct amp_country_triplet *triplet;
@@ -25,6 +26,12 @@ static void amp_dump_chanlist(int level,
printf("%s (number of triplets %d)\n", prefix, num);
+ if (btohs(tlv->len) > t_len) {
+ p_indent(level+1, 0);
+ printf("Wrong number of triplets\n");
+ num = (t_len - sizeof(*chan_list)) / sizeof(*triplet);
+ }
+
p_indent(level+2, 0);
printf("Country code: %c%c%c\n", chan_list->country_code[0],
@@ -55,7 +62,7 @@ static void amp_dump_chanlist(int level,
}
}
-void amp_assoc_dump(int level, uint8_t *assoc, uint16_t len)
+void amp_assoc_dump(int level, uint8_t *assoc, uint16_t len, uint16_t t_len)
{
struct amp_tlv *tlv = (void *) assoc;
@@ -63,6 +70,14 @@ void amp_assoc_dump(int level, uint8_t *
printf("Assoc data [len %d]:\n", len);
while (len > sizeof(*tlv)) {
+ if (btohs(tlv->len) > (t_len - sizeof(struct amp_tlv))) {
+ p_indent(level+1, 0);
+ printf("Assoc data get error size\n");
+ t_len -= sizeof(struct amp_tlv);
+ } else {
+ t_len -= sizeof(struct amp_tlv) + btohs(tlv->len);
+ }
+
uint16_t tlvlen = btohs(tlv->len);
struct amp_pal_ver *ver;
@@ -78,11 +93,13 @@ void amp_assoc_dump(int level, uint8_t *
break;
case A2MP_PREF_CHANLIST_TYPE:
- amp_dump_chanlist(level, tlv, "Preferred Chan List");
+ amp_dump_chanlist(level, tlv,
+ t_len, "Preferred Chan List");
break;
case A2MP_CONNECTED_CHAN:
- amp_dump_chanlist(level, tlv, "Connected Chan List");
+ amp_dump_chanlist(level, tlv,
+ t_len, "Connected Chan List");
break;
case A2MP_PAL_CAP_TYPE:
@@ -106,9 +123,11 @@ void amp_assoc_dump(int level, uint8_t *
printf("Unrecognized type %d\n", tlv->type);
break;
}
-
- len -= tlvlen + sizeof(*tlv);
- assoc += tlvlen + sizeof(*tlv);
- tlv = (struct amp_tlv *) assoc;
+ if (btohs(tlv->len) <= t_len) {
+ len -= tlvlen + sizeof(*tlv);
+ assoc += tlvlen + sizeof(*tlv);
+ tlv = (struct amp_tlv *) assoc;
+ } else
+ len = 0;
}
}
Index: bluez-5.65/tools/parser/hci.c
===================================================================
--- bluez-5.65.orig/tools/parser/hci.c
+++ bluez-5.65/tools/parser/hci.c
@@ -1667,7 +1667,7 @@ static inline void write_remote_amp_asso
printf("handle 0x%2.2x len_so_far %d remaining_len %d\n", cp->handle,
cp->length_so_far, cp->remaining_length);
- amp_assoc_dump(level + 1, cp->fragment, frm->len - 5);
+ amp_assoc_dump(level + 1, cp->fragment, frm->len - 5, frm->len - 5);
}
static inline void command_dump(int level, struct frame *frm)
@@ -2650,7 +2650,7 @@ static inline void read_local_amp_assoc_
p_indent(level, frm);
printf("Error: %s\n", status2str(rp->status));
} else {
- amp_assoc_dump(level + 1, rp->fragment, len);
+ amp_assoc_dump(level + 1, rp->fragment, len, frm->len - 4);
}
}
Index: bluez-5.65/tools/parser/l2cap.c
===================================================================
--- bluez-5.65.orig/tools/parser/l2cap.c
+++ bluez-5.65/tools/parser/l2cap.c
@@ -1159,7 +1159,8 @@ static inline void a2mp_assoc_rsp(int le
printf("Get AMP Assoc rsp: id %d status (%d) %s\n",
h->id, h->status, a2mpstatus2str(h->status));
- amp_assoc_dump(level + 1, h->assoc_data, len - sizeof(*h));
+ amp_assoc_dump(level + 1, h->assoc_data,
+ len - sizeof(*h), frm->len - sizeof(*h));
}
static inline void a2mp_create_req(int level, struct frame *frm, uint16_t len)
@@ -1168,7 +1169,8 @@ static inline void a2mp_create_req(int l
printf("Create Physical Link req: local id %d remote id %d\n",
h->local_id, h->remote_id);
- amp_assoc_dump(level + 1, h->assoc_data, len - sizeof(*h));
+ amp_assoc_dump(level + 1, h->assoc_data,
+ len - sizeof(*h), frm->len - sizeof(*h));
}
static inline void a2mp_create_rsp(int level, struct frame *frm)
Index: bluez-5.65/tools/parser/parser.h
===================================================================
--- bluez-5.65.orig/tools/parser/parser.h
+++ bluez-5.65/tools/parser/parser.h
@@ -236,7 +236,7 @@ void ericsson_dump(int level, struct fra
void csr_dump(int level, struct frame *frm);
void bpa_dump(int level, struct frame *frm);
-void amp_assoc_dump(int level, uint8_t *assoc, uint16_t len);
+void amp_assoc_dump(int level, uint8_t *assoc, uint16_t len, uint16_t t_len);
static inline void parse(struct frame *frm)
{

View File

@ -0,0 +1,33 @@
From 98bee47cca1b8a6b17bb0178f951fe7902abc2f0 Mon Sep 17 00:00:00 2001
From: "Cho, Yu-Chen" <acho@suse.com>
Date: Wed, 24 Apr 2019 16:10:56 +0800
Subject: [PATCH BlueZ] tool/hcidump: Fix memory leak with malformed packet
Do not allow to read more than allocated data buffer size.
Because of the buffer is malloc(HCI_MAX_FRAME_SIZE),
so there is heap buffer overflow if read the size more than
HCI_MAX_FRAME_SIZE and fd size is larger than HCI_MAX_FRAME_SIZE.
---
tools/hcidump.c | 9 +++++++++
1 file changed, 9 insertions(+)
Index: bluez-5.60/tools/hcidump.c
===================================================================
--- bluez-5.60.orig/tools/hcidump.c
+++ bluez-5.60/tools/hcidump.c
@@ -92,6 +92,15 @@ struct pktlog_hdr {
static inline int read_n(int fd, char *buf, int len)
{
int t = 0, w;
+ off_t fsize, currentpos, startpos;
+
+ currentpos = lseek(fd, 0, SEEK_CUR);
+ fsize = lseek(fd, 0, SEEK_END);
+ lseek(fd, currentpos, SEEK_SET);
+ fsize -= currentpos;
+
+ if (fsize > HCI_MAX_FRAME_SIZE && len > HCI_MAX_FRAME_SIZE)
+ return -1;
while (len > 0) {
if ((w = read(fd, buf, len)) < 0) {

View File

@ -0,0 +1,26 @@
From da04ba5e6b3f151c1644a17ac0fa2317ebc81edd Mon Sep 17 00:00:00 2001
From: "Cho, Yu-Chen" <acho@suse.com>
Date: Tue, 15 Oct 2019 15:45:43 +0800
Subject: [PATCH] hcidump: Fixed malformed segment frame length
Ensure the L2CAP SDUs whose length field match the actual frame length.
---
tools/parser/l2cap.c | 5 +++++
1 file changed, 5 insertions(+)
Index: bluez-5.60/tools/parser/l2cap.c
===================================================================
--- bluez-5.60.orig/tools/parser/l2cap.c
+++ bluez-5.60/tools/parser/l2cap.c
@@ -759,6 +759,11 @@ static inline void conf_rsp(int level, l
scid, btohs(h->flags), result, clen);
if (clen > 0) {
+ if (clen != (btohs(frm->len) - L2CAP_CONF_RSP_SIZE)) {
+ fprintf(stderr, "Not match the actual frame length\n");
+ clen = btohs(frm->len) - L2CAP_CONF_RSP_SIZE;
+ }
+
if (result) {
p_indent(level + 1, frm);
printf("%s\n", confresult2str(result));