* Re: [OE-core][hardknott][PATCH] bluez5: fix CVE-2021-3658
[not found] <16A0C74572815139.29772@lists.openembedded.org>
@ 2021-09-08 14:43 ` Trevor Gamblin
2021-09-09 1:14 ` Anuj Mittal
0 siblings, 1 reply; 3+ messages in thread
From: Trevor Gamblin @ 2021-09-08 14:43 UTC (permalink / raw)
To: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 5273 bytes --]
On 2021-09-01 2:45 p.m., Trevor Gamblin wrote:
> Backporting upstream fix since the uprev from 5.60 -> 5.61 does include
> some minor functionality changes.
>
> Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Ping. Just wanna make sure this is picked up.
> ---
> meta/recipes-connectivity/bluez5/bluez5.inc | 1 +
> ...ter-Fix-storing-discoverable-setting.patch | 100 ++++++++++++++++++
> 2 files changed, 101 insertions(+)
> create mode 100644 meta/recipes-connectivity/bluez5/bluez5/0001-adapter-Fix-storing-discoverable-setting.patch
>
> diff --git a/meta/recipes-connectivity/bluez5/bluez5.inc b/meta/recipes-connectivity/bluez5/bluez5.inc
> index a7b628ce1b..0d30b1a3f5 100644
> --- a/meta/recipes-connectivity/bluez5/bluez5.inc
> +++ b/meta/recipes-connectivity/bluez5/bluez5.inc
> @@ -52,6 +52,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \
> ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'file://0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch', d)} \
> file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \
> file://0001-test-gatt-Fix-hung-issue.patch \
> + file://0001-adapter-Fix-storing-discoverable-setting.patch \
> "
> S = "${WORKDIR}/bluez-${PV}"
>
> diff --git a/meta/recipes-connectivity/bluez5/bluez5/0001-adapter-Fix-storing-discoverable-setting.patch b/meta/recipes-connectivity/bluez5/bluez5/0001-adapter-Fix-storing-discoverable-setting.patch
> new file mode 100644
> index 0000000000..c2a5edd226
> --- /dev/null
> +++ b/meta/recipes-connectivity/bluez5/bluez5/0001-adapter-Fix-storing-discoverable-setting.patch
> @@ -0,0 +1,100 @@
> +From b497b5942a8beb8f89ca1c359c54ad67ec843055 Mon Sep 17 00:00:00 2001
> +From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
> +Date: Thu, 24 Jun 2021 16:32:04 -0700
> +Subject: [PATCH] adapter: Fix storing discoverable setting
> +
> +discoverable setting shall only be store when changed via Discoverable
> +property and not when discovery client set it as that be considered
> +temporary just for the lifetime of the discovery.
> +
> +Upstream-Status: Backport
> +(https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=b497b5942a8beb8f89ca1c359c54ad67ec843055)
> +
> +CVE: CVE-2021-3658
> +
> +Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
> +
> +---
> + src/adapter.c | 35 ++++++++++++++++++++++-------------
> + 1 file changed, 22 insertions(+), 13 deletions(-)
> +
> +diff --git a/src/adapter.c b/src/adapter.c
> +index 12e4ff5c0..663b778e4 100644
> +--- a/src/adapter.c
> ++++ b/src/adapter.c
> +@@ -560,7 +560,11 @@ static void settings_changed(struct btd_adapter *adapter, uint32_t settings)
> + if (changed_mask & MGMT_SETTING_DISCOVERABLE) {
> + g_dbus_emit_property_changed(dbus_conn, adapter->path,
> + ADAPTER_INTERFACE, "Discoverable");
> +- store_adapter_info(adapter);
> ++ /* Only persist discoverable setting if it was not set
> ++ * temporarily by discovery.
> ++ */
> ++ if (!adapter->discovery_discoverable)
> ++ store_adapter_info(adapter);
> + btd_adv_manager_refresh(adapter->adv_manager);
> + }
> +
> +@@ -2162,8 +2166,6 @@ static bool filters_equal(struct mgmt_cp_start_service_discovery *a,
> + static int update_discovery_filter(struct btd_adapter *adapter)
> + {
> + struct mgmt_cp_start_service_discovery *sd_cp;
> +- GSList *l;
> +-
> +
> + DBG("");
> +
> +@@ -2173,17 +2175,24 @@ static int update_discovery_filter(struct btd_adapter *adapter)
> + return -ENOMEM;
> + }
> +
> +- for (l = adapter->discovery_list; l; l = g_slist_next(l)) {
> +- struct discovery_client *client = l->data;
> ++ /* Only attempt to overwrite current discoverable setting when not
> ++ * discoverable.
> ++ */
> ++ if (!(adapter->current_settings & MGMT_OP_SET_DISCOVERABLE)) {
> ++ GSList *l;
> +
> +- if (!client->discovery_filter)
> +- continue;
> ++ for (l = adapter->discovery_list; l; l = g_slist_next(l)) {
> ++ struct discovery_client *client = l->data;
> +
> +- if (client->discovery_filter->discoverable)
> +- break;
> +- }
> ++ if (!client->discovery_filter)
> ++ continue;
> +
> +- set_discovery_discoverable(adapter, l ? true : false);
> ++ if (client->discovery_filter->discoverable) {
> ++ set_discovery_discoverable(adapter, true);
> ++ break;
> ++ }
> ++ }
> ++ }
> +
> + /*
> + * If filters are equal, then don't update scan, except for when
> +@@ -2216,8 +2225,7 @@ static int discovery_stop(struct discovery_client *client)
> + return 0;
> + }
> +
> +- if (adapter->discovery_discoverable)
> +- set_discovery_discoverable(adapter, false);
> ++ set_discovery_discoverable(adapter, false);
> +
> + /*
> + * In the idle phase of a discovery, there is no need to stop it
> +@@ -6913,6 +6921,7 @@ static void adapter_stop(struct btd_adapter *adapter)
> + g_free(adapter->current_discovery_filter);
> + adapter->current_discovery_filter = NULL;
> +
> ++ set_discovery_discoverable(adapter, false);
> + adapter->discovering = false;
> +
> + while (adapter->connections) {
> +--
> +2.33.0
> +
>
>
>
[-- Attachment #2: Type: text/html, Size: 6585 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [OE-core][hardknott][PATCH] bluez5: fix CVE-2021-3658
2021-09-08 14:43 ` [OE-core][hardknott][PATCH] bluez5: fix CVE-2021-3658 Trevor Gamblin
@ 2021-09-09 1:14 ` Anuj Mittal
0 siblings, 0 replies; 3+ messages in thread
From: Anuj Mittal @ 2021-09-09 1:14 UTC (permalink / raw)
To: openembedded-core, trevor.gamblin
On Wed, 2021-09-08 at 10:43 -0400, Trevor Gamblin wrote:
>
> On 2021-09-01 2:45 p.m., Trevor Gamblin wrote:
>
> > Backporting upstream fix since the uprev from 5.60 -> 5.61 does
> > include
> > some minor functionality changes.
> >
> > Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
> Ping. Just wanna make sure this is picked up.
Yes, this is in the queue I sent for review.
https://lists.openembedded.org/g/openembedded-core/message/155731
Thanks,
Anuj
>
> > ---
> > meta/recipes-connectivity/bluez5/bluez5.inc | 1 +
> > ...ter-Fix-storing-discoverable-setting.patch | 100
> > ++++++++++++++++++
> > 2 files changed, 101 insertions(+)
> > create mode 100644 meta/recipes-connectivity/bluez5/bluez5/0001-
> > adapter-Fix-storing-discoverable-setting.patch
> >
> > diff --git a/meta/recipes-connectivity/bluez5/bluez5.inc
> > b/meta/recipes-connectivity/bluez5/bluez5.inc
> > index a7b628ce1b..0d30b1a3f5 100644
> > --- a/meta/recipes-connectivity/bluez5/bluez5.inc
> > +++ b/meta/recipes-connectivity/bluez5/bluez5.inc
> > @@ -52,6 +52,7 @@ SRC_URI =
> > "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \
> > ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '',
> > 'file://0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch'
> > , d)} \
> >
> > file://0001-tests-add-a-target-for-building-tests-without-runnin.patch
> > \
> > file://0001-test-gatt-Fix-hung-issue.patch \
> > +
> > file://0001-adapter-Fix-storing-discoverable-setting.patch \
> > "
> > S = "${WORKDIR}/bluez-${PV}"
> >
> > diff --git a/meta/recipes-connectivity/bluez5/bluez5/0001-adapter-
> > Fix-storing-discoverable-setting.patch b/meta/recipes-
> > connectivity/bluez5/bluez5/0001-adapter-Fix-storing-discoverable-
> > setting.patch
> > new file mode 100644
> > index 0000000000..c2a5edd226
> > --- /dev/null
> > +++ b/meta/recipes-connectivity/bluez5/bluez5/0001-adapter-Fix-
> > storing-discoverable-setting.patch
> > @@ -0,0 +1,100 @@
> > +From b497b5942a8beb8f89ca1c359c54ad67ec843055 Mon Sep 17 00:00:00
> > 2001
> > +From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
> > +Date: Thu, 24 Jun 2021 16:32:04 -0700
> > +Subject: [PATCH] adapter: Fix storing discoverable setting
> > +
> > +discoverable setting shall only be store when changed via
> > Discoverable
> > +property and not when discovery client set it as that be considered
> > +temporary just for the lifetime of the discovery.
> > +
> > +Upstream-Status: Backport
> > +(
> > https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=b497b5942a8beb8f89ca1c359c54ad67ec843055
> > )
> > +
> > +CVE: CVE-2021-3658
> > +
> > +Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
> > +
> > +---
> > + src/adapter.c | 35 ++++++++++++++++++++++-------------
> > + 1 file changed, 22 insertions(+), 13 deletions(-)
> > +
> > +diff --git a/src/adapter.c b/src/adapter.c
> > +index 12e4ff5c0..663b778e4 100644
> > +--- a/src/adapter.c
> > ++++ b/src/adapter.c
> > +@@ -560,7 +560,11 @@ static void settings_changed(struct btd_adapter
> > *adapter, uint32_t settings)
> > + if (changed_mask & MGMT_SETTING_DISCOVERABLE) {
> > + g_dbus_emit_property_changed(dbus_conn, adapter-
> > >path,
> > + ADAPTER_INTERFACE,
> > "Discoverable");
> > +- store_adapter_info(adapter);
> > ++ /* Only persist discoverable setting if it was not
> > set
> > ++ * temporarily by discovery.
> > ++ */
> > ++ if (!adapter->discovery_discoverable)
> > ++ store_adapter_info(adapter);
> > + btd_adv_manager_refresh(adapter->adv_manager);
> > + }
> > +
> > +@@ -2162,8 +2166,6 @@ static bool filters_equal(struct
> > mgmt_cp_start_service_discovery *a,
> > + static int update_discovery_filter(struct btd_adapter *adapter)
> > + {
> > + struct mgmt_cp_start_service_discovery *sd_cp;
> > +- GSList *l;
> > +-
> > +
> > + DBG("");
> > +
> > +@@ -2173,17 +2175,24 @@ static int update_discovery_filter(struct
> > btd_adapter *adapter)
> > + return -ENOMEM;
> > + }
> > +
> > +- for (l = adapter->discovery_list; l; l = g_slist_next(l)) {
> > +- struct discovery_client *client = l->data;
> > ++ /* Only attempt to overwrite current discoverable setting
> > when not
> > ++ * discoverable.
> > ++ */
> > ++ if (!(adapter->current_settings & MGMT_OP_SET_DISCOVERABLE))
> > {
> > ++ GSList *l;
> > +
> > +- if (!client->discovery_filter)
> > +- continue;
> > ++ for (l = adapter->discovery_list; l; l =
> > g_slist_next(l)) {
> > ++ struct discovery_client *client = l->data;
> > +
> > +- if (client->discovery_filter->discoverable)
> > +- break;
> > +- }
> > ++ if (!client->discovery_filter)
> > ++ continue;
> > +
> > +- set_discovery_discoverable(adapter, l ? true : false);
> > ++ if (client->discovery_filter->discoverable)
> > {
> > ++ set_discovery_discoverable(adapter,
> > true);
> > ++ break;
> > ++ }
> > ++ }
> > ++ }
> > +
> > + /*
> > + * If filters are equal, then don't update scan, except for
> > when
> > +@@ -2216,8 +2225,7 @@ static int discovery_stop(struct
> > discovery_client *client)
> > + return 0;
> > + }
> > +
> > +- if (adapter->discovery_discoverable)
> > +- set_discovery_discoverable(adapter, false);
> > ++ set_discovery_discoverable(adapter, false);
> > +
> > + /*
> > + * In the idle phase of a discovery, there is no need to
> > stop it
> > +@@ -6913,6 +6921,7 @@ static void adapter_stop(struct btd_adapter
> > *adapter)
> > + g_free(adapter->current_discovery_filter);
> > + adapter->current_discovery_filter = NULL;
> > +
> > ++ set_discovery_discoverable(adapter, false);
> > + adapter->discovering = false;
> > +
> > + while (adapter->connections) {
> > +--
> > +2.33.0
> > +
> >
> >
> >
> >
>
>
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* [OE-core][hardknott][PATCH] bluez5: fix CVE-2021-3658
@ 2021-09-01 18:45 Trevor Gamblin
0 siblings, 0 replies; 3+ messages in thread
From: Trevor Gamblin @ 2021-09-01 18:45 UTC (permalink / raw)
To: openembedded-core
Backporting upstream fix since the uprev from 5.60 -> 5.61 does include
some minor functionality changes.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
---
meta/recipes-connectivity/bluez5/bluez5.inc | 1 +
...ter-Fix-storing-discoverable-setting.patch | 100 ++++++++++++++++++
2 files changed, 101 insertions(+)
create mode 100644 meta/recipes-connectivity/bluez5/bluez5/0001-adapter-Fix-storing-discoverable-setting.patch
diff --git a/meta/recipes-connectivity/bluez5/bluez5.inc b/meta/recipes-connectivity/bluez5/bluez5.inc
index a7b628ce1b..0d30b1a3f5 100644
--- a/meta/recipes-connectivity/bluez5/bluez5.inc
+++ b/meta/recipes-connectivity/bluez5/bluez5.inc
@@ -52,6 +52,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \
${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'file://0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch', d)} \
file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \
file://0001-test-gatt-Fix-hung-issue.patch \
+ file://0001-adapter-Fix-storing-discoverable-setting.patch \
"
S = "${WORKDIR}/bluez-${PV}"
diff --git a/meta/recipes-connectivity/bluez5/bluez5/0001-adapter-Fix-storing-discoverable-setting.patch b/meta/recipes-connectivity/bluez5/bluez5/0001-adapter-Fix-storing-discoverable-setting.patch
new file mode 100644
index 0000000000..c2a5edd226
--- /dev/null
+++ b/meta/recipes-connectivity/bluez5/bluez5/0001-adapter-Fix-storing-discoverable-setting.patch
@@ -0,0 +1,100 @@
+From b497b5942a8beb8f89ca1c359c54ad67ec843055 Mon Sep 17 00:00:00 2001
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+Date: Thu, 24 Jun 2021 16:32:04 -0700
+Subject: [PATCH] adapter: Fix storing discoverable setting
+
+discoverable setting shall only be store when changed via Discoverable
+property and not when discovery client set it as that be considered
+temporary just for the lifetime of the discovery.
+
+Upstream-Status: Backport
+(https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=b497b5942a8beb8f89ca1c359c54ad67ec843055)
+
+CVE: CVE-2021-3658
+
+Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
+
+---
+ src/adapter.c | 35 ++++++++++++++++++++++-------------
+ 1 file changed, 22 insertions(+), 13 deletions(-)
+
+diff --git a/src/adapter.c b/src/adapter.c
+index 12e4ff5c0..663b778e4 100644
+--- a/src/adapter.c
++++ b/src/adapter.c
+@@ -560,7 +560,11 @@ static void settings_changed(struct btd_adapter *adapter, uint32_t settings)
+ if (changed_mask & MGMT_SETTING_DISCOVERABLE) {
+ g_dbus_emit_property_changed(dbus_conn, adapter->path,
+ ADAPTER_INTERFACE, "Discoverable");
+- store_adapter_info(adapter);
++ /* Only persist discoverable setting if it was not set
++ * temporarily by discovery.
++ */
++ if (!adapter->discovery_discoverable)
++ store_adapter_info(adapter);
+ btd_adv_manager_refresh(adapter->adv_manager);
+ }
+
+@@ -2162,8 +2166,6 @@ static bool filters_equal(struct mgmt_cp_start_service_discovery *a,
+ static int update_discovery_filter(struct btd_adapter *adapter)
+ {
+ struct mgmt_cp_start_service_discovery *sd_cp;
+- GSList *l;
+-
+
+ DBG("");
+
+@@ -2173,17 +2175,24 @@ static int update_discovery_filter(struct btd_adapter *adapter)
+ return -ENOMEM;
+ }
+
+- for (l = adapter->discovery_list; l; l = g_slist_next(l)) {
+- struct discovery_client *client = l->data;
++ /* Only attempt to overwrite current discoverable setting when not
++ * discoverable.
++ */
++ if (!(adapter->current_settings & MGMT_OP_SET_DISCOVERABLE)) {
++ GSList *l;
+
+- if (!client->discovery_filter)
+- continue;
++ for (l = adapter->discovery_list; l; l = g_slist_next(l)) {
++ struct discovery_client *client = l->data;
+
+- if (client->discovery_filter->discoverable)
+- break;
+- }
++ if (!client->discovery_filter)
++ continue;
+
+- set_discovery_discoverable(adapter, l ? true : false);
++ if (client->discovery_filter->discoverable) {
++ set_discovery_discoverable(adapter, true);
++ break;
++ }
++ }
++ }
+
+ /*
+ * If filters are equal, then don't update scan, except for when
+@@ -2216,8 +2225,7 @@ static int discovery_stop(struct discovery_client *client)
+ return 0;
+ }
+
+- if (adapter->discovery_discoverable)
+- set_discovery_discoverable(adapter, false);
++ set_discovery_discoverable(adapter, false);
+
+ /*
+ * In the idle phase of a discovery, there is no need to stop it
+@@ -6913,6 +6921,7 @@ static void adapter_stop(struct btd_adapter *adapter)
+ g_free(adapter->current_discovery_filter);
+ adapter->current_discovery_filter = NULL;
+
++ set_discovery_discoverable(adapter, false);
+ adapter->discovering = false;
+
+ while (adapter->connections) {
+--
+2.33.0
+
--
2.31.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-09-09 1:14 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <16A0C74572815139.29772@lists.openembedded.org>
2021-09-08 14:43 ` [OE-core][hardknott][PATCH] bluez5: fix CVE-2021-3658 Trevor Gamblin
2021-09-09 1:14 ` Anuj Mittal
2021-09-01 18:45 Trevor Gamblin
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.