Debian Patches

Status for bluez/5.55-3.1+deb11u2

Patch Description Author Forwarded Bugs Origin Last update
change_path_of_hogsuspend.patch Move path of hogsuspend to /run.
diff --git a/profiles/input/suspend-dummy.c b/profiles/input/suspend-dummy.c
index 542ae25..580213e 100644		 Nobuhiro Iwamatsu <iwamatsu@debian.org> not-needed debian vendor
org.bluez.obex.service.in.patch not-needed debian 2017-03-17
gatt-Fix-potential-buffer-out-of-bound.patch gatt: Fix potential buffer out-of-bound
When client features is read check if the offset is within the cli_feat
bounds.		 Luiz Augusto von Dentz <luiz.von.dentz@intel.com> yes debian upstream https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit?id=3a40bef49305f8327635b81ac8be52a3ca063d5a 2021-01-04
Fix-typo.patch [PATCH] Fix typo
This commit fixes following typo:

Refrence -> Reference
Unkown -> Unknown
disappered -> disappeared
WRITTING -> WRITING
fragement -> fragment
specifiy -> specify
errror -> error
retreive -> retrieve
Successfuly -> Successfully
avaiable -> available
bandwith -> bandwidth/
futher -> further
occured/ -> occurred
immediatelly -> immediately
Seach -> Search
Lenght -> Length
miliseconds -> milliseconds
missmatch -> mismatch		 Nobuhiro Iwamatsu <iwamatsu@debian.org> no 2018-03-20
shared-gatt-client-Fix-segfault-after-PIN-entry.patch [PATCH] shared/gatt-client: Fix segfault after PIN entry (Closes: #884663)
This fixes the problem of referring to NULL when ext_prop_read_cb() callback
function is called with the value variable of read_cb not initialized.		 Nobuhiro Iwamatsu <iwamatsu@debian.org> no 2018-05-23
main.conf-Add-more-details-Closes-904212.patch [PATCH] main.conf: Add more datails (Closes: #904212) Nobuhiro Iwamatsu <iwamatsu@nigauri.org> no 2018-07-29
headers-use-releative-symlinks.patch Use relative symlinks when linking to headers.
Using the absolute build path only works during the build; the
symlinks are included in the tarball, which results in broken symlinks
in the tarball included in the bluez-source package.

===================================================================		 vagrant@reproducible-builds.org no 2020-09-24
main-Don-t-warn-for-unset-config-option.patch main: Don't warn for unset config option
Unset options shall not be printed if debug is not enabled.		 Luiz Augusto von Dentz <luiz.von.dentz@intel.com> yes debian upstream https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=02e46e9df6b0d897e6ba67dc3ea18e5e9c510e44 2020-11-09
shared-gatt-server-Fix-not-properly-checking-for-sec.patch shared/gatt-server: Fix not properly checking for secure flags
When passing the mask to check_permissions all valid permissions for
the operation must be set including BT_ATT_PERM_SECURE flags.		 Luiz Augusto von Dentz <luiz.von.dentz@intel.com> no debian https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit?id=00da0fb4972cf59e1c075f313da81ea549cb8738 2021-03-02
work-around-Logitech-diNovo-Edge-keyboard-firmware-i.patch [PATCH] work around Logitech diNovo Edge keyboard firmware issue
https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/269851		 Tommy <mesilliac@gmail.com> no 2013-01-10
allow-using-obexd-without-systemd-in-the-user-sessio.patch [PATCH] Allow using obexd without systemd in the user session
Not all sessions run systemd --user (actually, the majority
doesn't), so the dbus daemon must be able to spawn obexd
directly, and to do so it needs the full path of the daemon.		 Giovanni Campagna <gcampagna-cNUdlRotFMnNLxjTenLetw@public.gmane.org> no 2013-10-12
obex-Use-GLib-helper-function-to-manipulate-paths.patch [PATCH 1/5] obex: Use GLib helper function to manipulate paths
Instead of trying to do it by hand. This also makes sure that
relative paths aren't used by the agent.		 Bastien Nocera <hadess@hadess.net> no 2013-11-09
agent-Assert-possible-infinite-loop.patch [PATCH 4/5] agent: Assert possible infinite loop Bastien Nocera <hadess@hadess.net> no 2013-12-09
bluetooth.conf.patch Add permission to bluetooth control for user into bluetooth
diff --git a/src/bluetooth.conf b/src/bluetooth.conf
index 8a1e25801..d6e1c7a03 100644		 Nobuhiro Iwamatsu <iwamatsu@debian.org> not-needed vendor
main.conf.patch diff --git a/src/main.conf b/src/main.conf
index a6492761b..a6da84f85 100644		 no
input.conf-Change-default-of-ClassicBondedOnly.patch input.conf: Change default of ClassicBondedOnly
This changes the default of ClassicBondedOnly since defaulting to false
is not inline with HID specification which mandates the of Security Mode
4:

BLUETOOTH SPECIFICATION Page 84 of 123
Human Interface Device (HID) Profile:

5.4.3.4.2 Security Modes
Bluetooth HID Hosts shall use Security Mode 4 when interoperating with
Bluetooth HID devices that are compliant to the Bluetooth Core
Specification v2.1+EDR[6].		 Luiz Augusto von Dentz <luiz.von.dentz@intel.com> no debian https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=25a471a83e02e1effb15d5a488b3f0085eaeb675 2023-10-10
0001-adapter-Fix-storing-discoverable-setting.patch adapter: Fix storing discoverable setting
discoverable setting shall only be store when changed via Discoverable
property and not when discovery client set it as that be considered
temporary just for the lifetime of the discovery.		 Luiz Augusto von Dentz <luiz.von.dentz@intel.com> no 2021-06-24
0002-sdpd-Fix-leaking-buffers-stored-in-cstates-cache.patch sdpd: Fix leaking buffers stored in cstates cache
These buffer shall only be keep in cache for as long as they are
needed so this would cleanup any client cstates in the following
conditions:

- There is no cstate on the response
- No continuation can be found for cstate
- Different request opcode
- Respond with an error
- Client disconnect		 Luiz Augusto von Dentz <luiz.von.dentz@intel.com> no 2021-07-15
0003-gatt-database-No-multiple-calls-to-AcquireWrite.patch gatt-database: No multiple calls to AcquireWrite
This checks if an outstanding call to AcquireWrite is already in
progress. If so, the write request is placed into the queue, but
AcquireWrite is not called again. When a response to AcquireWrite is
received, acquire_write_reply sends all queued writes over the acquired
socket.

Making multiple simultaneous calls to AcquireWrite makes no sense,
as this would open multiple socket pairs and only the last returned
socket would be used for further writes.		 Sebastian Urban <surban@surban.net> no 2021-06-12
0004-gatt-Fix-not-cleaning-up-when-disconnected.patch gatt: Fix not cleaning up when disconnected
There is a current use after free possible on a gatt server if a client
disconnects while a WriteValue call is being processed with dbus.

This patch includes the addition of a pending disconnect callback to handle
cleanup better if a disconnect occurs during a write, an acquire write
or read operation using bt_att_register_disconnect with the cb.		 Bernie Conrad <bernie@allthenticate.net> no 2021-09-28
0005-shared-gatt-server-Fix-heap-overflow-when-appending-.patch shared/gatt-server: Fix heap overflow when appending prepare writes
The code shall check if the prepare writes would append more the
allowed maximum attribute length.

Fixes https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q		 Luiz Augusto von Dentz <luiz.von.dentz@intel.com> no 2021-06-08
0006-avrcp-Fix-not-checking-if-params_len-match-number-of.patch avrcp: Fix not checking if params_len match number of received bytes
This makes sure the number of bytes in the params_len matches the
remaining bytes received so the code don't end up accessing invalid
memory.		 Luiz Augusto von Dentz <luiz.von.dentz@intel.com> no 2021-04-29
0007-avdtp-Fix-accepting-invalid-malformed-capabilities.patch avdtp: Fix accepting invalid/malformed capabilities
Check if capabilities are valid before attempting to copy them.		 Luiz Augusto von Dentz <luiz.von.dentz@intel.com> no 2021-04-29
0008-avdtp-Fix-parsing-capabilities.patch avdtp: Fix parsing capabilities
This patch fixes size comparison and variable misassignment.		 Archie Pusaka <apusaka@chromium.org> no 2021-06-17
0009-audio-avrcp-Use-host-network-order-as-appropriate-fo.patch audio/avrcp: Use host/network order as appropriate for pdu->params_len

When comparing against or writing to pdu->params_len to enforce matching
length with total packet length, take into account that pdu->params_len
is in network order (big endian) while packet size (operand_count) is in
host order (usually little endian).

This silently breaks a number of AVRCP commands that perform a quick
length check based on params_len and bail if it doesn't match exactly.		 Marijn Suijten <marijn.suijten@somainline.org> no 2021-08-08
0010-avrcp-Fix-crash-while-handling-unsupported-events.patch avrcp: Fix crash while handling unsupported events
The following crash can be observed if the remote peer send and
unsupported event:

at pc 0x559644552088 bp 0x7ffe28b3c7b0 sp 0x7ffe28b3c7a0
WRITE of size 1 at 0x60b000148f11 thread T0
#0 0x559644552087 in avrcp_handle_event profiles/audio/avrcp.c:3907
#1 0x559644536c22 in control_response profiles/audio/avctp.c:939
#2 0x5596445379ab in session_cb profiles/audio/avctp.c:1108
#3 0x7fbcb3e51c43 in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x55c43)
#4 0x7fbcb3ea66c7 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0xaa6c7)
#5 0x7fbcb3e512b2 in g_main_loop_run (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x552b2)
#6 0x559644754ab6 in mainloop_run src/shared/mainloop-glib.c:66
#7 0x559644755606 in mainloop_run_with_signal src/shared/mainloop-notify.c:188
#8 0x5596445bb963 in main src/main.c:1289
#9 0x7fbcb3bafd8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#10 0x7fbcb3bafe3f in __libc_start_main_impl ../csu/libc-start.c:392
#11 0x5596444e8224 in _start (/usr/local/libexec/bluetooth/bluetoothd+0xf0224)		 Luiz Augusto von Dentz <luiz.von.dentz@intel.com> no 2023-03-22
0011-pbap-Fix-not-checking-Primary-Secundary-Counter-leng.patch pbap: Fix not checking Primary/Secundary Counter length
Primary/Secundary Counters are supposed to be 16 bytes values, if the
server has implemented them incorrectly it may lead to the following
crash:

=================================================================
==31860==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x607000001878 at pc 0x7f95a1575638 bp 0x7fff58c6bb80 sp 0x7fff58c6b328

READ of size 48 at 0x607000001878 thread T0
#0 0x7f95a1575637 in MemcmpInterceptorCommon(void*, int (*)(void const*, void const*, unsigned long), void const*, void const*, unsigned long) ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:860
#1 0x7f95a1575ba6 in __interceptor_memcmp ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:892
#2 0x7f95a1575ba6 in __interceptor_memcmp ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:887
#3 0x564df69c77a0 in read_version obexd/client/pbap.c:288
#4 0x564df69c77a0 in read_return_apparam obexd/client/pbap.c:352
#5 0x564df69c77a0 in phonebook_size_callback obexd/client/pbap.c:374
#6 0x564df69bea3c in session_terminate_transfer obexd/client/session.c:921
#7 0x564df69d56b0 in get_xfer_progress_first obexd/client/transfer.c:729
#8 0x564df698b9ee in handle_response gobex/gobex.c:1140
#9 0x564df698cdea in incoming_data gobex/gobex.c:1385
#10 0x7f95a12fdc43 in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x55c43)
#11 0x7f95a13526c7 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0xaa6c7)
#12 0x7f95a12fd2b2 in g_main_loop_run (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x552b2)
#13 0x564df6977d41 in main obexd/src/main.c:307
#14 0x7f95a10a7d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#15 0x7f95a10a7e3f in __libc_start_main_impl ../csu/libc-start.c:392
#16 0x564df6978704 in _start (/usr/local/libexec/bluetooth/obexd+0x8b704)
0x607000001878 is located 0 bytes to the right of 72-byte region [0x607000001830,0x607000001878)

allocated by thread T0 here:
#0 0x7f95a1595a37 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154
#1 0x564df69c8b6a in pbap_probe obexd/client/pbap.c:1259		 Luiz Augusto von Dentz <luiz.von.dentz@intel.com> no 2023-09-19

All known versions for source package 'bluez'

Links