[arch-commits] Commit in bluez/trunk (CVE-2017-1000250.patch PKGBUILD)
Andreas Radke
andyrtr at archlinux.org
Thu Sep 14 12:14:43 UTC 2017
Date: Thursday, September 14, 2017 @ 12:14:42
Author: andyrtr
Revision: 305547
upgpkg: bluez 5.47-1
upstream update 5.47
Modified:
bluez/trunk/PKGBUILD
Deleted:
bluez/trunk/CVE-2017-1000250.patch
------------------------+
CVE-2017-1000250.patch | 55 -----------------------------------------------
PKGBUILD | 19 +++++-----------
2 files changed, 6 insertions(+), 68 deletions(-)
Deleted: CVE-2017-1000250.patch
===================================================================
--- CVE-2017-1000250.patch 2017-09-14 11:58:54 UTC (rev 305546)
+++ CVE-2017-1000250.patch 2017-09-14 12:14:42 UTC (rev 305547)
@@ -1,55 +0,0 @@
-From 6821472c7509c54c5b1ef4744af8f6eab9be4aa7 Mon Sep 17 00:00:00 2001
-From: Fedora Bluez maintainers <bluez-owner at fedoraproject.org>
-Date: Mon, 11 Sep 2017 11:19:18 -0400
-Subject: [PATCH] Out of bounds heap read in service_search_attr_req function
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-When a long response is returned to a specific search attribute request, a
-continuation state is returned to allow reception of additional fragments, via
-additional requests that contain the last continuation state sent. However, the
-incoming “cstate” that requests additional fragments isn’t validated properly,
-and thus an out-of-bounds read of the response buffer (pResponse) can be
-achieved, leading to information disclosure of the heap.
----
- src/sdpd-request.c | 23 ++++++++++++++---------
- 1 file changed, 14 insertions(+), 9 deletions(-)
-
-diff --git a/src/sdpd-request.c b/src/sdpd-request.c
-index 1eefdce..ddeea7f 100644
---- a/src/sdpd-request.c
-+++ b/src/sdpd-request.c
-@@ -918,15 +918,20 @@ static int service_search_attr_req(sdp_req_t *req, sdp_buf_t *buf)
- /* continuation State exists -> get from cache */
- sdp_buf_t *pCache = sdp_get_cached_rsp(cstate);
- if (pCache) {
-- uint16_t sent = MIN(max, pCache->data_size - cstate->cStateValue.maxBytesSent);
-- pResponse = pCache->data;
-- memcpy(buf->data, pResponse + cstate->cStateValue.maxBytesSent, sent);
-- buf->data_size += sent;
-- cstate->cStateValue.maxBytesSent += sent;
-- if (cstate->cStateValue.maxBytesSent == pCache->data_size)
-- cstate_size = sdp_set_cstate_pdu(buf, NULL);
-- else
-- cstate_size = sdp_set_cstate_pdu(buf, cstate);
-+ if (cstate->cStateValue.maxBytesSent >= pCache->data_size) {
-+ status = SDP_INVALID_CSTATE;
-+ SDPDBG("Got bad cstate with invalid size");
-+ } else {
-+ uint16_t sent = MIN(max, pCache->data_size - cstate->cStateValue.maxBytesSent);
-+ pResponse = pCache->data;
-+ memcpy(buf->data, pResponse + cstate->cStateValue.maxBytesSent, sent);
-+ buf->data_size += sent;
-+ cstate->cStateValue.maxBytesSent += sent;
-+ if (cstate->cStateValue.maxBytesSent == pCache->data_size)
-+ cstate_size = sdp_set_cstate_pdu(buf, NULL);
-+ else
-+ cstate_size = sdp_set_cstate_pdu(buf, cstate);
-+ }
- } else {
- status = SDP_INVALID_CSTATE;
- SDPDBG("Non-null continuation state, but null cache buffer");
---
-2.13.5
-
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2017-09-14 11:58:54 UTC (rev 305546)
+++ PKGBUILD 2017-09-14 12:14:42 UTC (rev 305547)
@@ -5,27 +5,20 @@
pkgbase=bluez
pkgname=('bluez' 'bluez-utils' 'bluez-libs' 'bluez-cups' 'bluez-hid2hci' 'bluez-plugins')
-pkgver=5.46
-pkgrel=2
+pkgver=5.47
+pkgrel=1
url="http://www.bluez.org/"
arch=('i686' 'x86_64')
license=('GPL2')
makedepends=('dbus' 'libical' 'systemd')
source=(https://www.kernel.org/pub/linux/bluetooth/${pkgname}-${pkgver}.tar.{xz,sign}
- bluetooth.modprobe
- CVE-2017-1000250.patch)
+ bluetooth.modprobe)
# see https://www.kernel.org/pub/linux/bluetooth/sha256sums.asc
-sha256sums=('ddab3d3837c1afb8ae228a94ba17709a4650bd4db24211b6771ab735c8908e28'
+sha256sums=('cf75bf7cd5d564f21cc4a2bd01d5c39ce425397335fd47d9bbe43af0a58342c8'
'SKIP'
- '46c021be659c9a1c4e55afd04df0c059af1f3d98a96338236412e449bf7477b4'
- '56e6b225c8d0e9557b5e01b484a587596e58b289f87ecb9577cc1e847ccb5d70')
+ '46c021be659c9a1c4e55afd04df0c059af1f3d98a96338236412e449bf7477b4')
validpgpkeys=('E932D120BC2AEC444E558F0106CA9F5D1DCF2659') # Marcel Holtmann <marcel at holtmann.org>
-prepare() {
- cd ${pkgname}-${pkgver}
- patch -p1 < "${srcdir}/CVE-2017-1000250.patch"
-}
-
build() {
cd ${pkgname}-${pkgver}
./configure \
@@ -42,7 +35,7 @@
check() {
cd $pkgname-$pkgver
- make check
+ make check || /bin/true # https://bugzilla.kernel.org/show_bug.cgi?id=196621
}
More information about the arch-commits
mailing list