Accepting request 1222453 from Base:System

OBS-URL: https://build.opensuse.org/request/show/1222453
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/bluez?expand=0&rev=209

Fix-crash-after-bt_uhid_unregister_all.patch

@@ -1,121 +0,0 @@
-From 9a6a84a8a2b9336c2cdb943146207cb8a5a5260c Mon Sep 17 00:00:00 2001
-From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
-Date: Mon, 16 Sep 2024 16:00:31 -0400
-Subject: [PATCH] shared/uhid: Fix crash after bt_uhid_unregister_all
-
-This fixes the following crash which happens when
-bt_uhid_unregister_all is called from a notification callback:
-
-Invalid read of size 8
-   at 0x1D9EFF: queue_foreach (queue.c:206)
-   by 0x1DEE58: uhid_read_handler (uhid.c:164)
- Address 0x51286d8 is 8 bytes inside a block of size 16 free'd
-   at 0x48478EF: free (vg_replace_malloc.c:989)
-   by 0x1DA08D: queue_remove_if (queue.c:292)
-   by 0x1DA12F: queue_remove_all (queue.c:321)
-   by 0x1DE592: bt_uhid_unregister_all (uhid.c:300)
-
-Fixes: https://github.com/bluez/bluez/issues/952
----
- src/shared/uhid.c | 47 ++++++++++++++++++++++++++++++++++++++++++++---
- 1 file changed, 44 insertions(+), 3 deletions(-)
-
-diff --git a/src/shared/uhid.c b/src/shared/uhid.c
-index ed21e1399..20bd26781 100644
---- a/src/shared/uhid.c
-+++ b/src/shared/uhid.c
-@@ -42,6 +42,7 @@ struct bt_uhid {
- 	int ref_count;
- 	struct io *io;
- 	unsigned int notify_id;
-+	bool notifying;
- 	struct queue *notify_list;
- 	struct queue *input;
- 	uint8_t type;
-@@ -56,6 +57,7 @@ struct uhid_notify {
- 	uint32_t event;
- 	bt_uhid_callback_t func;
- 	void *user_data;
-+	bool removed;
- };
- 
- static void uhid_replay_free(struct uhid_replay *replay)
-@@ -134,6 +136,28 @@ static int bt_uhid_record(struct bt_uhid *uhid, bool input,
- 	return 0;
- }
- 
-+static bool match_removed(const void *a, const void *b)
-+{
-+	const struct uhid_notify *notify = a;
-+
-+	return notify->removed;
-+}
-+
-+static void uhid_notify(struct bt_uhid *uhid, struct uhid_event *ev)
-+{
-+	/* Add a reference to the uhid to ensure it doesn't get freed while at
-+	 * notify_handler.
-+	 */
-+	bt_uhid_ref(uhid);
-+
-+	uhid->notifying = true;
-+	queue_foreach(uhid->notify_list, notify_handler, ev);
-+	uhid->notifying = false;
-+	queue_remove_all(uhid->notify_list, match_removed, NULL, free);
-+
-+	bt_uhid_unref(uhid);
-+}
-+
- static bool uhid_read_handler(struct io *io, void *user_data)
- {
- 	struct bt_uhid *uhid = user_data;
-@@ -161,7 +185,7 @@ static bool uhid_read_handler(struct io *io, void *user_data)
- 		break;
- 	}
- 
--	queue_foreach(uhid->notify_list, notify_handler, &ev);
-+	uhid_notify(uhid, &ev);
- 
- 	return true;
- }
-@@ -292,13 +316,30 @@ static bool match_not_id(const void *a, const void *b)
- 	return notify->id != id;
- }
- 
-+static void uhid_notify_removed(void *data, void *user_data)
-+{
-+	struct uhid_notify *notify = data;
-+	struct bt_uhid *uhid = user_data;
-+
-+	/* Skip marking start_id as removed since that is not removed with
-+	 * unregister all.
-+	 */
-+	if (notify->id == uhid->start_id)
-+		return;
-+
-+	notify->removed = true;
-+}
-+
- bool bt_uhid_unregister_all(struct bt_uhid *uhid)
- {
- 	if (!uhid)
- 		return false;
- 
--	queue_remove_all(uhid->notify_list, match_not_id,
-+	if (!uhid->notifying)
-+		queue_remove_all(uhid->notify_list, match_not_id,
- 				UINT_TO_PTR(uhid->start_id), free);
-+	else
-+		queue_foreach(uhid->notify_list, uhid_notify_removed, uhid);
- 
- 	return true;
- }
-@@ -588,7 +629,7 @@ int bt_uhid_replay(struct bt_uhid *uhid)
- 		return 0;
- 	}
- 
--	queue_foreach(uhid->notify_list, notify_handler, ev);
-+	uhid_notify(uhid, ev);
- 
- 	return 0;
- }

bluez-5.79.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4164a5303a9f71c70f48c03ff60be34231b568d93a9ad5e79928d34e6aa0ea8a
+size 2457612

bluez.changes

@@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Wed Nov  6 08:16:30 UTC 2024 - Frederic Crozat <fcrozat@suse.com>
+
+- Update to 5.79:
+  * Fix issue with handling address type while pairing.
+  * Add support for allowing to set A2DP transport delay.
+  * Add support for persistent userspace HID operation.
+  * Add support for handling syncing to multiple BISes.
+- Drop Fix-crash-after-bt_uhid_unregister_all.patch, merged
+  upstream.
+
 -------------------------------------------------------------------
 Wed Sep 18 08:35:40 UTC 2024 - pallas wept <pallaswept@proton.me>
 

bluez.spec

@@ -35,7 +35,7 @@
 %endif
 
 Name:           bluez
-Version:        5.78
+Version:        5.79
 Release:        0
 Summary:        Bluetooth Stack for Linux
 License:        GPL-2.0-or-later
@@ -62,8 +62,6 @@ Patch14:        hcidump-Add-assoc-dump-function-assoc-date-length-ch.patch
 Patch15:        hcidump-Fix-memory-leak-with-malformed-packet.patch
 # bsc#1013712 CVE-2016-9798
 Patch16:        hcidump-Fixed-malformed-segment-frame-length.patch
-# Fix crash when devices disconnect or go to sleep. Upstream issue 952
-Patch17:        Fix-crash-after-bt_uhid_unregister_all.patch
 # Upstream suggests to use btmon instead of hcidump and does not want those patches
 # => PATCH-FIX-OPENSUSE for those two :-)
 # fix some memory leak with malformed packet (reported upstream but not yet fixed)
@@ -427,6 +425,7 @@ done
 %{_mandir}/man1/bluetoothctl-assistant.1%{?ext_man}
 %{_mandir}/man1/btmgmt.1%{?ext_man}
 %{_mandir}/man5/org.bluez.*.5%{?ext_man}
+%{_mandir}/man7/hci.7%{?ext_man}
 %{_datadir}/dbus-1/system.d/bluetooth.conf
 # not packaged, boo#1151518
 ###%%{_datadir}/dbus-1/system.d/bluetooth-mesh.conf
@@ -437,6 +436,7 @@ done
 %if %{with mesh}
 %{_unitdir}/bluetooth-mesh.service
 %endif
+%{_userunitdir}/mpris-proxy.service
 %{_datadir}/dbus-1/system-services/org.bluez.service
 # not packaged, boo#1151518
 ###%%{_datadir}/dbus-1/system-services/org.bluez.mesh.service