diff --git a/backport-CVE-2021-0129.patch b/backport-CVE-2021-0129.patch new file mode 100644 index 0000000000000000000000000000000000000000..f17cb93cdddbdf247786fdd29beae9b83982f5ac --- /dev/null +++ b/backport-CVE-2021-0129.patch @@ -0,0 +1,80 @@ +From e15a27eee8d48871089d621ab43a21f2c855df1e Mon Sep 17 00:00:00 2001 +From: xingxing +Date: Tue, 1 Mar 2022 16:08:57 +0800 +Subject: [PATCH] CVE-2021-0129.patch + +--- + src/shared/att-types.h | 8 ++++++++ + src/shared/gatt-server.c | 16 ++++------------ + 2 files changed, 12 insertions(+), 12 deletions(-) + +diff --git a/src/shared/att-types.h b/src/shared/att-types.h +index 99b1089..f468a98 100644 +--- a/src/shared/att-types.h ++++ b/src/shared/att-types.h +@@ -142,6 +142,14 @@ struct bt_att_pdu_error_rsp { + #define BT_ATT_PERM_WRITE_SECURE 0x0200 + #define BT_ATT_PERM_SECURE (BT_ATT_PERM_READ_SECURE | \ + BT_ATT_PERM_WRITE_SECURE) ++#define BT_ATT_PERM_READ_MASK (BT_ATT_PERM_READ | \ ++ BT_ATT_PERM_READ_AUTHEN | \ ++ BT_ATT_PERM_READ_ENCRYPT | \ ++ BT_ATT_PERM_READ_SECURE) ++#define BT_ATT_PERM_WRITE_MASK (BT_ATT_PERM_WRITE | \ ++ BT_ATT_PERM_WRITE_AUTHEN | \ ++ BT_ATT_PERM_WRITE_ENCRYPT | \ ++ BT_ATT_PERM_WRITE_SECURE) + + /* GATT Characteristic Properties Bitfield values */ + #define BT_GATT_CHRC_PROP_BROADCAST 0x01 +diff --git a/src/shared/gatt-server.c b/src/shared/gatt-server.c +index 7e5d652..a79a786 100644 +--- a/src/shared/gatt-server.c ++++ b/src/shared/gatt-server.c +@@ -473,9 +473,7 @@ static void process_read_by_type(struct async_read_op *op) + return; + } + +- ecode = check_permissions(server, attr, BT_ATT_PERM_READ | +- BT_ATT_PERM_READ_AUTHEN | +- BT_ATT_PERM_READ_ENCRYPT); ++ ecode = check_permissions(server, attr, BT_ATT_PERM_READ_MASK); + if (ecode) + goto error; + +@@ -848,9 +846,7 @@ static void write_cb(struct bt_att_chan *chan, uint8_t opcode, const void *pdu, + (opcode == BT_ATT_OP_WRITE_REQ) ? "Req" : "Cmd", + handle); + +- ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE | +- BT_ATT_PERM_WRITE_AUTHEN | +- BT_ATT_PERM_WRITE_ENCRYPT); ++ ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE_MASK); + if (ecode) + goto error; + +@@ -961,9 +957,7 @@ static void handle_read_req(struct bt_att_chan *chan, + opcode == BT_ATT_OP_READ_BLOB_REQ ? "Blob " : "", + handle); + +- ecode = check_permissions(server, attr, BT_ATT_PERM_READ | +- BT_ATT_PERM_READ_AUTHEN | +- BT_ATT_PERM_READ_ENCRYPT); ++ ecode = check_permissions(server, attr, BT_ATT_PERM_READ_MASK); + if (ecode) + goto error; + +@@ -1360,9 +1354,7 @@ static void prep_write_cb(struct bt_att_chan *chan, uint8_t opcode, + util_debug(server->debug_callback, server->debug_data, + "Prep Write Req - handle: 0x%04x", handle); + +- ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE | +- BT_ATT_PERM_WRITE_AUTHEN | +- BT_ATT_PERM_WRITE_ENCRYPT); ++ ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE_MASK); + if (ecode) + goto error; + +-- +2.27.0 + diff --git a/bluez.spec b/bluez.spec index 1fdc2ebf143dc43e4fda1b2ed4aec38200609847..f9b6a23c005ec31b58e63f126acbddaf74f2c557 100644 --- a/bluez.spec +++ b/bluez.spec @@ -1,7 +1,7 @@ Name: bluez Summary: Bluetooth utilities Version: 5.54 -Release: 11 +Release: 12 License: GPLv2+ URL: http://www.bluez.org/ Source0: http://www.kernel.org/pub/linux/bluetooth/bluez-%{version}.tar.xz @@ -25,6 +25,7 @@ Patch6000: backport-CVE-2020-27153.patch Patch6001: backport-0001-CVE-2021-3658.patch Patch6002: backport-0002-CVE-2021-3658.patch Patch6003: backport-CVE-2021-43400.patch +Patch6004: backport-CVE-2021-0129.patch BuildRequires: dbus-devel >= 1.6 libell-devel >= 0.28 autoconf BuildRequires: glib2-devel libical-devel readline-devel @@ -181,6 +182,12 @@ make check %{_mandir}/man8/* %changelog +* Tue Mar 1 2022 xingxing - 5.54-12 +- Type:CVE +- CVE:CVE-2021-0129 +- SUG:NA +- DESC:fix CVE-2021-0129 + * Fri Feb 11 2022 xingxing - 5.54-11 - Type:CVE - CVE:CVE-2021-43400