[arch-commits] Commit in bluez/repos/extra-i686 (5 files)
Levente Polyak
anthraxx at archlinux.org
Tue Sep 12 21:14:20 UTC 2017
Date: Tuesday, September 12, 2017 @ 21:14:20
Author: anthraxx
Revision: 305389
archrelease: copy trunk to extra-i686
Added:
bluez/repos/extra-i686/CVE-2017-1000250.patch
(from rev 305388, bluez/trunk/CVE-2017-1000250.patch)
bluez/repos/extra-i686/PKGBUILD
(from rev 305388, bluez/trunk/PKGBUILD)
bluez/repos/extra-i686/bluetooth.modprobe
(from rev 305388, bluez/trunk/bluetooth.modprobe)
Deleted:
bluez/repos/extra-i686/PKGBUILD
bluez/repos/extra-i686/bluetooth.modprobe
------------------------+
CVE-2017-1000250.patch | 55 ++++++++
PKGBUILD | 289 ++++++++++++++++++++++++-----------------------
bluetooth.modprobe | 6
3 files changed, 206 insertions(+), 144 deletions(-)
Copied: bluez/repos/extra-i686/CVE-2017-1000250.patch (from rev 305388, bluez/trunk/CVE-2017-1000250.patch)
===================================================================
--- CVE-2017-1000250.patch (rev 0)
+++ CVE-2017-1000250.patch 2017-09-12 21:14:20 UTC (rev 305389)
@@ -0,0 +1,55 @@
+From 6821472c7509c54c5b1ef4744af8f6eab9be4aa7 Mon Sep 17 00:00:00 2001
+From: Fedora Bluez maintainers <bluez-owner at fedoraproject.org>
+Date: Mon, 11 Sep 2017 11:19:18 -0400
+Subject: [PATCH] Out of bounds heap read in service_search_attr_req function
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+When a long response is returned to a specific search attribute request, a
+continuation state is returned to allow reception of additional fragments, via
+additional requests that contain the last continuation state sent. However, the
+incoming “cstate” that requests additional fragments isn’t validated properly,
+and thus an out-of-bounds read of the response buffer (pResponse) can be
+achieved, leading to information disclosure of the heap.
+---
+ src/sdpd-request.c | 23 ++++++++++++++---------
+ 1 file changed, 14 insertions(+), 9 deletions(-)
+
+diff --git a/src/sdpd-request.c b/src/sdpd-request.c
+index 1eefdce..ddeea7f 100644
+--- a/src/sdpd-request.c
++++ b/src/sdpd-request.c
+@@ -918,15 +918,20 @@ static int service_search_attr_req(sdp_req_t *req, sdp_buf_t *buf)
+ /* continuation State exists -> get from cache */
+ sdp_buf_t *pCache = sdp_get_cached_rsp(cstate);
+ if (pCache) {
+- uint16_t sent = MIN(max, pCache->data_size - cstate->cStateValue.maxBytesSent);
+- pResponse = pCache->data;
+- memcpy(buf->data, pResponse + cstate->cStateValue.maxBytesSent, sent);
+- buf->data_size += sent;
+- cstate->cStateValue.maxBytesSent += sent;
+- if (cstate->cStateValue.maxBytesSent == pCache->data_size)
+- cstate_size = sdp_set_cstate_pdu(buf, NULL);
+- else
+- cstate_size = sdp_set_cstate_pdu(buf, cstate);
++ if (cstate->cStateValue.maxBytesSent >= pCache->data_size) {
++ status = SDP_INVALID_CSTATE;
++ SDPDBG("Got bad cstate with invalid size");
++ } else {
++ uint16_t sent = MIN(max, pCache->data_size - cstate->cStateValue.maxBytesSent);
++ pResponse = pCache->data;
++ memcpy(buf->data, pResponse + cstate->cStateValue.maxBytesSent, sent);
++ buf->data_size += sent;
++ cstate->cStateValue.maxBytesSent += sent;
++ if (cstate->cStateValue.maxBytesSent == pCache->data_size)
++ cstate_size = sdp_set_cstate_pdu(buf, NULL);
++ else
++ cstate_size = sdp_set_cstate_pdu(buf, cstate);
++ }
+ } else {
+ status = SDP_INVALID_CSTATE;
+ SDPDBG("Non-null continuation state, but null cache buffer");
+--
+2.13.5
+
Deleted: PKGBUILD
===================================================================
--- PKGBUILD 2017-09-12 21:14:05 UTC (rev 305388)
+++ PKGBUILD 2017-09-12 21:14:20 UTC (rev 305389)
@@ -1,141 +0,0 @@
-# $Id$
-# Maintainer: Tom Gundersen <teg at jklm.no>
-# Contributor: Andrea Scarpino <andrea at archlinux.org>
-# Contributor: Geoffroy Carrier <geoffroy at archlinux.org>
-
-pkgbase=bluez
-pkgname=('bluez' 'bluez-utils' 'bluez-libs' 'bluez-cups' 'bluez-hid2hci' 'bluez-plugins')
-pkgver=5.46
-pkgrel=1
-url="http://www.bluez.org/"
-arch=('i686' 'x86_64')
-license=('GPL2')
-makedepends=('dbus' 'libical' 'systemd')
-source=(https://www.kernel.org/pub/linux/bluetooth/${pkgname}-${pkgver}.tar.{xz,sign}
- bluetooth.modprobe)
-# see https://www.kernel.org/pub/linux/bluetooth/sha256sums.asc
-sha256sums=('ddab3d3837c1afb8ae228a94ba17709a4650bd4db24211b6771ab735c8908e28'
- 'SKIP'
- '46c021be659c9a1c4e55afd04df0c059af1f3d98a96338236412e449bf7477b4')
-validpgpkeys=('E932D120BC2AEC444E558F0106CA9F5D1DCF2659') # Marcel Holtmann <marcel at holtmann.org>
-
-build() {
- cd ${pkgname}-${pkgver}
- ./configure \
- --prefix=/usr \
- --mandir=/usr/share/man \
- --sysconfdir=/etc \
- --localstatedir=/var \
- --libexecdir=/usr/lib \
- --enable-sixaxis \
- --enable-experimental \
- --enable-library # this is deprecated
- make
-}
-
-check() {
- cd $pkgname-$pkgver
- make check
-}
-
-
-package_bluez() {
- pkgdesc="Daemons for the bluetooth protocol stack"
- depends=('libical' 'dbus' 'glib2')
- backup=('etc/dbus-1/system.d/bluetooth.conf'
- 'etc/bluetooth/main.conf')
- conflicts=('obexd-client' 'obexd-server')
-
- cd ${pkgbase}-${pkgver}
- make DESTDIR=${pkgdir} \
- install-libexecPROGRAMS \
- install-dbussessionbusDATA \
- install-systemdsystemunitDATA \
- install-systemduserunitDATA \
- install-dbussystembusDATA \
- install-dbusDATA \
- install-man8
-
- # ship upstream main config file
- install -dm755 ${pkgdir}/etc/bluetooth
- install -Dm644 ${srcdir}/${pkgbase}-${pkgver}/src/main.conf ${pkgdir}/etc/bluetooth/main.conf
-
- # add basic documention
- install -dm755 ${pkgdir}/usr/share/doc/${pkgbase}/dbus-apis
- cp -a doc/*.txt ${pkgdir}/usr/share/doc/${pkgbase}/dbus-apis/
- # fix module loading errors
- install -dm755 ${pkgdir}/usr/lib/modprobe.d
- install -Dm644 ${srcdir}/bluetooth.modprobe ${pkgdir}/usr/lib/modprobe.d/bluetooth-usb.conf
-
- # fix obex file transfer - https://bugs.archlinux.org/task/45816
- ln -fs /usr/lib/systemd/user/obex.service ${pkgdir}/usr/lib/systemd/user/dbus-org.bluez.obex.service
-}
-
-package_bluez-utils() {
- pkgdesc="Development and debugging utilities for the bluetooth protocol stack"
- depends=('dbus' 'systemd' 'glib2')
- conflicts=('bluez-hcidump')
- provides=('bluez-hcidump')
- replaces=('bluez-hcidump' 'bluez<=4.101')
-
- cd ${pkgbase}-${pkgver}
- make DESTDIR=${pkgdir} \
- install-binPROGRAMS \
- install-man1
-
- # add missing tools FS#41132, FS#41687, FS#42716
- for files in `find tools/ -type f -perm -755`; do
- filename=$(basename $files)
- install -Dm755 ${srcdir}/${pkgbase}-${pkgver}/tools/$filename ${pkgdir}/usr/bin/$filename
- done
-
- # libbluetooth.so* are part of libLTLIBRARIES and binPROGRAMS targets
- #make DESTDIR=${pkgdir} uninstall-libLTLIBRARIES
- #rmdir ${pkgdir}/usr/lib
- rm -rf ${pkgdir}/usr/lib
-
- # move the hid2hci man page out
- mv ${pkgdir}/usr/share/man/man1/hid2hci.1 ${srcdir}/
-}
-
-package_bluez-libs() {
- pkgdesc="Deprecated libraries for the bluetooth protocol stack"
- depends=('glibc')
- license=('LGPL2.1')
-
- cd ${pkgbase}-${pkgver}
- make DESTDIR=${pkgdir} \
- install-includeHEADERS \
- install-libLTLIBRARIES \
- install-pkgconfigDATA
-}
-
-package_bluez-cups() {
- pkgdesc="CUPS printer backend for Bluetooth printers"
- depends=('cups')
-
- cd ${pkgbase}-${pkgver}
- make DESTDIR=${pkgdir} install-cupsPROGRAMS
-}
-
-package_bluez-hid2hci() {
- pkgdesc="Put HID proxying bluetooth HCI's into HCI mode"
- depends=('systemd')
-
- cd ${pkgbase}-${pkgver}
- make DESTDIR=${pkgdir} \
- install-udevPROGRAMS \
- install-rulesDATA
-
- install -dm755 ${pkgdir}/usr/share/man/man1
- mv ${srcdir}/hid2hci.1 ${pkgdir}/usr/share/man/man1/hid2hci.1
-}
-
-package_bluez-plugins() {
- pkgdesc="bluez plugins (PS3 Sixaxis controller)"
- depends=('systemd')
-
- cd ${pkgbase}-${pkgver}
- make DESTDIR=${pkgdir} \
- install-pluginLTLIBRARIES
-}
Copied: bluez/repos/extra-i686/PKGBUILD (from rev 305388, bluez/trunk/PKGBUILD)
===================================================================
--- PKGBUILD (rev 0)
+++ PKGBUILD 2017-09-12 21:14:20 UTC (rev 305389)
@@ -0,0 +1,148 @@
+# $Id$
+# Maintainer: Tom Gundersen <teg at jklm.no>
+# Contributor: Andrea Scarpino <andrea at archlinux.org>
+# Contributor: Geoffroy Carrier <geoffroy at archlinux.org>
+
+pkgbase=bluez
+pkgname=('bluez' 'bluez-utils' 'bluez-libs' 'bluez-cups' 'bluez-hid2hci' 'bluez-plugins')
+pkgver=5.46
+pkgrel=2
+url="http://www.bluez.org/"
+arch=('i686' 'x86_64')
+license=('GPL2')
+makedepends=('dbus' 'libical' 'systemd')
+source=(https://www.kernel.org/pub/linux/bluetooth/${pkgname}-${pkgver}.tar.{xz,sign}
+ bluetooth.modprobe
+ CVE-2017-1000250.patch)
+# see https://www.kernel.org/pub/linux/bluetooth/sha256sums.asc
+sha256sums=('ddab3d3837c1afb8ae228a94ba17709a4650bd4db24211b6771ab735c8908e28'
+ 'SKIP'
+ '46c021be659c9a1c4e55afd04df0c059af1f3d98a96338236412e449bf7477b4'
+ '56e6b225c8d0e9557b5e01b484a587596e58b289f87ecb9577cc1e847ccb5d70')
+validpgpkeys=('E932D120BC2AEC444E558F0106CA9F5D1DCF2659') # Marcel Holtmann <marcel at holtmann.org>
+
+prepare() {
+ cd ${pkgname}-${pkgver}
+ patch -p1 < "${srcdir}/CVE-2017-1000250.patch"
+}
+
+build() {
+ cd ${pkgname}-${pkgver}
+ ./configure \
+ --prefix=/usr \
+ --mandir=/usr/share/man \
+ --sysconfdir=/etc \
+ --localstatedir=/var \
+ --libexecdir=/usr/lib \
+ --enable-sixaxis \
+ --enable-experimental \
+ --enable-library # this is deprecated
+ make
+}
+
+check() {
+ cd $pkgname-$pkgver
+ make check
+}
+
+
+package_bluez() {
+ pkgdesc="Daemons for the bluetooth protocol stack"
+ depends=('libical' 'dbus' 'glib2')
+ backup=('etc/dbus-1/system.d/bluetooth.conf'
+ 'etc/bluetooth/main.conf')
+ conflicts=('obexd-client' 'obexd-server')
+
+ cd ${pkgbase}-${pkgver}
+ make DESTDIR=${pkgdir} \
+ install-libexecPROGRAMS \
+ install-dbussessionbusDATA \
+ install-systemdsystemunitDATA \
+ install-systemduserunitDATA \
+ install-dbussystembusDATA \
+ install-dbusDATA \
+ install-man8
+
+ # ship upstream main config file
+ install -dm755 ${pkgdir}/etc/bluetooth
+ install -Dm644 ${srcdir}/${pkgbase}-${pkgver}/src/main.conf ${pkgdir}/etc/bluetooth/main.conf
+
+ # add basic documention
+ install -dm755 ${pkgdir}/usr/share/doc/${pkgbase}/dbus-apis
+ cp -a doc/*.txt ${pkgdir}/usr/share/doc/${pkgbase}/dbus-apis/
+ # fix module loading errors
+ install -dm755 ${pkgdir}/usr/lib/modprobe.d
+ install -Dm644 ${srcdir}/bluetooth.modprobe ${pkgdir}/usr/lib/modprobe.d/bluetooth-usb.conf
+
+ # fix obex file transfer - https://bugs.archlinux.org/task/45816
+ ln -fs /usr/lib/systemd/user/obex.service ${pkgdir}/usr/lib/systemd/user/dbus-org.bluez.obex.service
+}
+
+package_bluez-utils() {
+ pkgdesc="Development and debugging utilities for the bluetooth protocol stack"
+ depends=('dbus' 'systemd' 'glib2')
+ conflicts=('bluez-hcidump')
+ provides=('bluez-hcidump')
+ replaces=('bluez-hcidump' 'bluez<=4.101')
+
+ cd ${pkgbase}-${pkgver}
+ make DESTDIR=${pkgdir} \
+ install-binPROGRAMS \
+ install-man1
+
+ # add missing tools FS#41132, FS#41687, FS#42716
+ for files in `find tools/ -type f -perm -755`; do
+ filename=$(basename $files)
+ install -Dm755 ${srcdir}/${pkgbase}-${pkgver}/tools/$filename ${pkgdir}/usr/bin/$filename
+ done
+
+ # libbluetooth.so* are part of libLTLIBRARIES and binPROGRAMS targets
+ #make DESTDIR=${pkgdir} uninstall-libLTLIBRARIES
+ #rmdir ${pkgdir}/usr/lib
+ rm -rf ${pkgdir}/usr/lib
+
+ # move the hid2hci man page out
+ mv ${pkgdir}/usr/share/man/man1/hid2hci.1 ${srcdir}/
+}
+
+package_bluez-libs() {
+ pkgdesc="Deprecated libraries for the bluetooth protocol stack"
+ depends=('glibc')
+ license=('LGPL2.1')
+
+ cd ${pkgbase}-${pkgver}
+ make DESTDIR=${pkgdir} \
+ install-includeHEADERS \
+ install-libLTLIBRARIES \
+ install-pkgconfigDATA
+}
+
+package_bluez-cups() {
+ pkgdesc="CUPS printer backend for Bluetooth printers"
+ depends=('cups')
+
+ cd ${pkgbase}-${pkgver}
+ make DESTDIR=${pkgdir} install-cupsPROGRAMS
+}
+
+package_bluez-hid2hci() {
+ pkgdesc="Put HID proxying bluetooth HCI's into HCI mode"
+ depends=('systemd')
+
+ cd ${pkgbase}-${pkgver}
+ make DESTDIR=${pkgdir} \
+ install-udevPROGRAMS \
+ install-rulesDATA
+
+ install -dm755 ${pkgdir}/usr/share/man/man1
+ mv ${srcdir}/hid2hci.1 ${pkgdir}/usr/share/man/man1/hid2hci.1
+}
+
+package_bluez-plugins() {
+ pkgdesc="bluez plugins (PS3 Sixaxis controller)"
+ depends=('systemd')
+
+ cd ${pkgbase}-${pkgver}
+ make DESTDIR=${pkgdir} \
+ install-pluginLTLIBRARIES
+}
Deleted: bluetooth.modprobe
===================================================================
--- bluetooth.modprobe 2017-09-12 21:14:05 UTC (rev 305388)
+++ bluetooth.modprobe 2017-09-12 21:14:20 UTC (rev 305389)
@@ -1,3 +0,0 @@
-# use "reset=1" as default, since it should be safe for recent devices and
-# solves all kind of problems.
-options btusb reset=1
Copied: bluez/repos/extra-i686/bluetooth.modprobe (from rev 305388, bluez/trunk/bluetooth.modprobe)
===================================================================
--- bluetooth.modprobe (rev 0)
+++ bluetooth.modprobe 2017-09-12 21:14:20 UTC (rev 305389)
@@ -0,0 +1,3 @@
+# use "reset=1" as default, since it should be safe for recent devices and
+# solves all kind of problems.
+options btusb reset=1
More information about the arch-commits
mailing list