From 4a642bdfc3c82c47998d54443471d3afb7bfdd76 Mon Sep 17 00:00:00 2001 From: xingxing Date: Wed, 23 Feb 2022 20:22:45 +0800 Subject: [PATCH 1/2] Print help info for individual commands --- backport-Print-help-info-for-individual-commands.patch | 0 bluez.spec | 6 +++++- 2 files changed, 5 insertions(+), 1 deletion(-) create mode 100644 backport-Print-help-info-for-individual-commands.patch diff --git a/backport-Print-help-info-for-individual-commands.patch b/backport-Print-help-info-for-individual-commands.patch new file mode 100644 index 0000000..e69de29 diff --git a/bluez.spec b/bluez.spec index 1fdc2eb..cc429ff 100644 --- a/bluez.spec +++ b/bluez.spec @@ -1,7 +1,7 @@ Name: bluez Summary: Bluetooth utilities Version: 5.54 -Release: 11 +Release: 12 License: GPLv2+ URL: http://www.bluez.org/ Source0: http://www.kernel.org/pub/linux/bluetooth/bluez-%{version}.tar.xz @@ -25,6 +25,7 @@ Patch6000: backport-CVE-2020-27153.patch Patch6001: backport-0001-CVE-2021-3658.patch Patch6002: backport-0002-CVE-2021-3658.patch Patch6003: backport-CVE-2021-43400.patch +Patch6004: backport-Print-help-info-for-individual-commands.patch BuildRequires: dbus-devel >= 1.6 libell-devel >= 0.28 autoconf BuildRequires: glib2-devel libical-devel readline-devel @@ -181,6 +182,9 @@ make check %{_mandir}/man8/* %changelog +* Fri Feb 11 2022 xingxing - 5.54-12 +- bugfix Print help info for individual commands + * Fri Feb 11 2022 xingxing - 5.54-11 - Type:CVE - CVE:CVE-2021-43400 -- Gitee From 0fecc06193e8be669e2787c19ea14a1bc845aa3d Mon Sep 17 00:00:00 2001 From: xinyingchao Date: Tue, 1 Mar 2022 17:55:58 +0800 Subject: [PATCH 2/2] fix CVE-2021-0129 --- backport-CVE-2021-0129.patch | 80 ++++++++++++++++++++++++++++++++++++ bluez.spec | 7 ++-- 2 files changed, 84 insertions(+), 3 deletions(-) create mode 100644 backport-CVE-2021-0129.patch diff --git a/backport-CVE-2021-0129.patch b/backport-CVE-2021-0129.patch new file mode 100644 index 0000000..f17cb93 --- /dev/null +++ b/backport-CVE-2021-0129.patch @@ -0,0 +1,80 @@ +From e15a27eee8d48871089d621ab43a21f2c855df1e Mon Sep 17 00:00:00 2001 +From: xingxing +Date: Tue, 1 Mar 2022 16:08:57 +0800 +Subject: [PATCH] CVE-2021-0129.patch + +--- + src/shared/att-types.h | 8 ++++++++ + src/shared/gatt-server.c | 16 ++++------------ + 2 files changed, 12 insertions(+), 12 deletions(-) + +diff --git a/src/shared/att-types.h b/src/shared/att-types.h +index 99b1089..f468a98 100644 +--- a/src/shared/att-types.h ++++ b/src/shared/att-types.h +@@ -142,6 +142,14 @@ struct bt_att_pdu_error_rsp { + #define BT_ATT_PERM_WRITE_SECURE 0x0200 + #define BT_ATT_PERM_SECURE (BT_ATT_PERM_READ_SECURE | \ + BT_ATT_PERM_WRITE_SECURE) ++#define BT_ATT_PERM_READ_MASK (BT_ATT_PERM_READ | \ ++ BT_ATT_PERM_READ_AUTHEN | \ ++ BT_ATT_PERM_READ_ENCRYPT | \ ++ BT_ATT_PERM_READ_SECURE) ++#define BT_ATT_PERM_WRITE_MASK (BT_ATT_PERM_WRITE | \ ++ BT_ATT_PERM_WRITE_AUTHEN | \ ++ BT_ATT_PERM_WRITE_ENCRYPT | \ ++ BT_ATT_PERM_WRITE_SECURE) + + /* GATT Characteristic Properties Bitfield values */ + #define BT_GATT_CHRC_PROP_BROADCAST 0x01 +diff --git a/src/shared/gatt-server.c b/src/shared/gatt-server.c +index 7e5d652..a79a786 100644 +--- a/src/shared/gatt-server.c ++++ b/src/shared/gatt-server.c +@@ -473,9 +473,7 @@ static void process_read_by_type(struct async_read_op *op) + return; + } + +- ecode = check_permissions(server, attr, BT_ATT_PERM_READ | +- BT_ATT_PERM_READ_AUTHEN | +- BT_ATT_PERM_READ_ENCRYPT); ++ ecode = check_permissions(server, attr, BT_ATT_PERM_READ_MASK); + if (ecode) + goto error; + +@@ -848,9 +846,7 @@ static void write_cb(struct bt_att_chan *chan, uint8_t opcode, const void *pdu, + (opcode == BT_ATT_OP_WRITE_REQ) ? "Req" : "Cmd", + handle); + +- ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE | +- BT_ATT_PERM_WRITE_AUTHEN | +- BT_ATT_PERM_WRITE_ENCRYPT); ++ ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE_MASK); + if (ecode) + goto error; + +@@ -961,9 +957,7 @@ static void handle_read_req(struct bt_att_chan *chan, + opcode == BT_ATT_OP_READ_BLOB_REQ ? "Blob " : "", + handle); + +- ecode = check_permissions(server, attr, BT_ATT_PERM_READ | +- BT_ATT_PERM_READ_AUTHEN | +- BT_ATT_PERM_READ_ENCRYPT); ++ ecode = check_permissions(server, attr, BT_ATT_PERM_READ_MASK); + if (ecode) + goto error; + +@@ -1360,9 +1354,7 @@ static void prep_write_cb(struct bt_att_chan *chan, uint8_t opcode, + util_debug(server->debug_callback, server->debug_data, + "Prep Write Req - handle: 0x%04x", handle); + +- ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE | +- BT_ATT_PERM_WRITE_AUTHEN | +- BT_ATT_PERM_WRITE_ENCRYPT); ++ ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE_MASK); + if (ecode) + goto error; + +-- +2.27.0 + diff --git a/bluez.spec b/bluez.spec index cc429ff..af5ec8c 100644 --- a/bluez.spec +++ b/bluez.spec @@ -25,7 +25,8 @@ Patch6000: backport-CVE-2020-27153.patch Patch6001: backport-0001-CVE-2021-3658.patch Patch6002: backport-0002-CVE-2021-3658.patch Patch6003: backport-CVE-2021-43400.patch -Patch6004: backport-Print-help-info-for-individual-commands.patch +Patch6003: backport-Print-help-info-for-individual-commands.patch +Patch6004: backport-CVE-2021-0129.patch BuildRequires: dbus-devel >= 1.6 libell-devel >= 0.28 autoconf BuildRequires: glib2-devel libical-devel readline-devel @@ -182,8 +183,8 @@ make check %{_mandir}/man8/* %changelog -* Fri Feb 11 2022 xingxing - 5.54-12 -- bugfix Print help info for individual commands +* Tue Mar 1 2022 xingxing - 5.54-12 +- fix:CVE-2021-0129 * Fri Feb 11 2022 xingxing - 5.54-11 - Type:CVE -- Gitee