diff --git a/.bluez.metadata b/.bluez.metadata
index ef5e331..11bca33 100644
--- a/.bluez.metadata
+++ b/.bluez.metadata
@@ -1 +1 @@
-a862b9ddc039f34f7135bbee3c3e80040e82e046 SOURCES/bluez-5.56.tar.xz
+c5137186e7cc60652eed44cff0067ef749e49eff SOURCES/bluez-5.63.tar.xz
diff --git a/.gitignore b/.gitignore
index f035c34..0ba7c30 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/bluez-5.56.tar.xz
+SOURCES/bluez-5.63.tar.xz
diff --git a/SOURCES/0001-adapter-Don-t-refresh-adv_manager-for-non-LE-devices.patch b/SOURCES/0001-adapter-Don-t-refresh-adv_manager-for-non-LE-devices.patch
deleted file mode 100644
index 46842c8..0000000
--- a/SOURCES/0001-adapter-Don-t-refresh-adv_manager-for-non-LE-devices.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From 2c3bba7b38be03834162e34069156f1fd49f0528 Mon Sep 17 00:00:00 2001
-From: "antoine.belvire@laposte.net" <antoine.belvire@laposte.net>
-Date: Tue, 27 Mar 2018 20:30:26 +0200
-Subject: [PATCH] adapter: Don't refresh adv_manager for non-LE devices
-
-btd_adv_manager_refresh is called upon MGMT_SETTING_DISCOVERABLE setting change
-but as only LE adapters have an adv_manager, this leads to segmentation fault
-for non-LE devices:
-
-0 btd_adv_manager_refresh (manager=0x0) at src/advertising.c:1176
-1 0x0000556fe45fcb02 in settings_changed (settings=<optimized out>,
- adapter=0x556fe53f7c70) at src/adapter.c:543
-2 new_settings_callback (index=<optimized out>, length=<optimized out>,
- param=<optimized out>, user_data=0x556fe53f7c70) at src/adapter.c:573
-3 0x0000556fe462c278 in request_complete (mgmt=mgmt@entry=0x556fe53f20c0,
- status=<optimized out>, opcode=opcode@entry=7, index=index@entry=0,
- length=length@entry=4, param=0x556fe53eb5f9) at src/shared/mgmt.c:261
-4 0x0000556fe462cd9d in can_read_data (io=<optimized out>,
- user_data=0x556fe53f20c0) at src/shared/mgmt.c:353
-5 0x0000556fe46396e3 in watch_callback (channel=<optimized out>,
- cond=<optimized out>, user_data=<optimized out>)
- at src/shared/io-glib.c:170
-6 0x00007fe351c980e5 in g_main_context_dispatch ()
- from /usr/lib64/libglib-2.0.so.0
-7 0x00007fe351c984b0 in ?? () from /usr/lib64/libglib-2.0.so.0
-8 0x00007fe351c987c2 in g_main_loop_run () from /usr/lib64/libglib-2.0.so.0
-9 0x0000556fe45abc75 in main (argc=<optimized out>, argv=<optimized out>)
- at src/main.c:770
-
-This commit prevents the call to btd_adv_manager_refresh for non-LE devices.
----
- src/adapter.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/adapter.c b/src/adapter.c
-index 6b9222bcf..daccfdc19 100644
---- a/src/adapter.c
-+++ b/src/adapter.c
-@@ -540,7 +540,8 @@ static void settings_changed(struct btd_adapter *adapter, uint32_t settings)
- g_dbus_emit_property_changed(dbus_conn, adapter->path,
- ADAPTER_INTERFACE, "Discoverable");
- store_adapter_info(adapter);
-- btd_adv_manager_refresh(adapter->adv_manager);
-+ if (adapter->supported_settings & MGMT_SETTING_LE)
-+ btd_adv_manager_refresh(adapter->adv_manager);
- }
-
- if (changed_mask & MGMT_SETTING_BONDABLE) {
---
-2.17.0
-
diff --git a/SOURCES/0001-build-Always-define-confdir-and-statedir.patch b/SOURCES/0001-build-Always-define-confdir-and-statedir.patch
index affb28a..b1e56a5 100644
--- a/SOURCES/0001-build-Always-define-confdir-and-statedir.patch
+++ b/SOURCES/0001-build-Always-define-confdir-and-statedir.patch
@@ -1,25 +1,19 @@
-From 5a62336f4da3a2d1a1ab38d03980d57844bce147 Mon Sep 17 00:00:00 2001
-From: Gopal Tiwari <gtiwari@redhat.com>
-Date: Mon, 8 Jun 2020 20:56:46 +0530
-Subject: [PATCH BlueZ 1/4] build: Always define confdir and statedir
-
-From 69d2e7bebb79f500179298c6c51fafbc217df6c8 Mon Sep 17 00:00:00 2001
+From 5744f79d84ecee3929a682166034c5bbc36c0ef5 Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Wed, 20 Sep 2017 12:49:10 +0200
-
-build: Always define confdir and statedir
+Subject: [PATCH 1/4] build: Always define confdir and statedir
As we will need those paths to lock down on them.
---
- Makefile.am | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
+ Makefile.am | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/Makefile.am b/Makefile.am
-index 84c9712c9..6e77ed91e 100644
+index 9d25a815b..ac88c12e0 100644
--- a/Makefile.am
+++ b/Makefile.am
-@@ -31,14 +31,15 @@ pkginclude_HEADERS =
- AM_CFLAGS = $(WARNING_CFLAGS) $(MISC_CFLAGS) $(UDEV_CFLAGS) $(ell_cflags)
+@@ -28,14 +28,14 @@
+ $(LIBEDATASERVER_CFLAGS) $(ell_cflags)
AM_LDFLAGS = $(MISC_LDFLAGS)
+confdir = $(sysconfdir)/bluetooth
@@ -31,11 +25,11 @@ index 84c9712c9..6e77ed91e 100644
-confdir = $(sysconfdir)/bluetooth
conf_DATA =
-
+-
-statedir = $(localstatedir)/lib/bluetooth
state_DATA =
endif
--
-2.21.1
+2.21.0
diff --git a/SOURCES/0001-gdbus-Emit-InterfacesAdded-of-parents-objects-first.patch b/SOURCES/0001-gdbus-Emit-InterfacesAdded-of-parents-objects-first.patch
new file mode 100644
index 0000000..c846268
--- /dev/null
+++ b/SOURCES/0001-gdbus-Emit-InterfacesAdded-of-parents-objects-first.patch
@@ -0,0 +1,36 @@
+From 4c3eedcb96bd4795dd5c25c688005fc12f364aeb Mon Sep 17 00:00:00 2001
+From: Gopal Tiwari <gtiwari@redhat.com>
+Date: Wed, 20 Apr 2022 12:19:05 +0530
+Subject: [PATCH BlueZ] gdbus: Emit InterfacesAdded of parents objects first
+
+This makes InterfacesAdded respect the object hierarchy in case its
+parent has pending interfaces to be added.
+
+Fixes: #272
+Fixes: #284
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1534857
+Fixes: https://bugs.archlinux.org/task/57464
+---
+ gdbus/object.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/gdbus/object.c b/gdbus/object.c
+index 50a8b4ff1..f7c8c2be5 100644
+--- a/gdbus/object.c
++++ b/gdbus/object.c
+@@ -551,6 +551,12 @@ static void emit_interfaces_added(struct generic_data *data)
+ if (root == NULL || data == root)
+ return;
+
++ /* Emit InterfacesAdded on the parent first so it appears first on the
++ * bus as child objects may point to it.
++ */
++ if (data->parent && data->parent->added)
++ emit_interfaces_added(data->parent);
++
+ signal = dbus_message_new_signal(root->path,
+ DBUS_INTERFACE_OBJECT_MANAGER,
+ "InterfacesAdded");
+--
+2.26.2
+
diff --git a/SOURCES/0001-sdpd-Fix-leaking-buffers-stored-in-cstates-cache.patch b/SOURCES/0001-sdpd-Fix-leaking-buffers-stored-in-cstates-cache.patch
deleted file mode 100644
index 11ce041..0000000
--- a/SOURCES/0001-sdpd-Fix-leaking-buffers-stored-in-cstates-cache.patch
+++ /dev/null
@@ -1,468 +0,0 @@
-From 4e6a2402ed4f46ea026ad0929fbc14faecf3a475 Mon Sep 17 00:00:00 2001
-From: Gopal Tiwari <gtiwari@redhat.com>
-Date: Wed, 1 Dec 2021 12:18:24 +0530
-Subject: [PATCH BlueZ] sdpd: Fix leaking buffers stored in cstates cache
-
-commit e79417ed7185b150a056d4eb3a1ab528b91d2fc0
-Author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
-Date: Thu Jul 15 11:01:20 2021 -0700
-
- sdpd: Fix leaking buffers stored in cstates cache
-
- These buffer shall only be keep in cache for as long as they are
- needed so this would cleanup any client cstates in the following
- conditions:
-
- - There is no cstate on the response
- - No continuation can be found for cstate
- - Different request opcode
- - Respond with an error
- - Client disconnect
-
- Fixes: https://github.com/bluez/bluez/security/advisories/GHSA-3fqg-r8j5-f5xq
----
- src/sdpd-request.c | 170 ++++++++++++++++++++++++++++++++-------------
- src/sdpd-server.c | 20 +++---
- src/sdpd.h | 3 +
- unit/test-sdp.c | 2 +-
- 4 files changed, 135 insertions(+), 60 deletions(-)
-
-diff --git a/src/sdpd-request.c b/src/sdpd-request.c
-index 033d1e5bf..c8f5a2c72 100644
---- a/src/sdpd-request.c
-+++ b/src/sdpd-request.c
-@@ -42,48 +42,78 @@ typedef struct {
-
- #define MIN(x, y) ((x) < (y)) ? (x): (y)
-
--typedef struct _sdp_cstate_list sdp_cstate_list_t;
-+typedef struct sdp_cont_info sdp_cont_info_t;
-
--struct _sdp_cstate_list {
-- sdp_cstate_list_t *next;
-+struct sdp_cont_info {
-+ int sock;
-+ uint8_t opcode;
- uint32_t timestamp;
- sdp_buf_t buf;
- };
-
--static sdp_cstate_list_t *cstates;
-+static sdp_list_t *cstates;
-
--/* FIXME: should probably remove it when it's found */
--static sdp_buf_t *sdp_get_cached_rsp(sdp_cont_state_t *cstate)
-+static int cstate_match(const void *data, const void *user_data)
- {
-- sdp_cstate_list_t *p;
-+ const sdp_cont_info_t *cinfo = data;
-+ const sdp_cont_state_t *cstate = user_data;
-
-- for (p = cstates; p; p = p->next) {
-- /* Check timestamp */
-- if (p->timestamp != cstate->timestamp)
-- continue;
-+ /* Check timestamp */
-+ return cinfo->timestamp - cstate->timestamp;
-+}
-+
-+static void sdp_cont_info_free(sdp_cont_info_t *cinfo)
-+{
-+ if (!cinfo)
-+ return;
-+
-+ cstates = sdp_list_remove(cstates, cinfo);
-+ free(cinfo->buf.data);
-+ free(cinfo);
-+}
-+
-+static sdp_cont_info_t *sdp_get_cont_info(sdp_req_t *req,
-+ sdp_cont_state_t *cstate)
-+{
-+ sdp_list_t *list;
-+
-+ list = sdp_list_find(cstates, cstate, cstate_match);
-+ if (list) {
-+ sdp_cont_info_t *cinfo = list->data;
-
-- /* Check if requesting more than available */
-- if (cstate->cStateValue.maxBytesSent < p->buf.data_size)
-- return &p->buf;
-+ if (cinfo->opcode == req->opcode)
-+ return cinfo;
-+
-+ /* Cleanup continuation if the opcode doesn't match since its
-+ * response buffer shall only be valid for the original requests
-+ */
-+ sdp_cont_info_free(cinfo);
-+ return NULL;
- }
-
-- return 0;
-+ /* Cleanup cstates if no continuation info could be found */
-+ sdp_cstate_cleanup(req->sock);
-+
-+ return NULL;
- }
-
--static uint32_t sdp_cstate_alloc_buf(sdp_buf_t *buf)
-+static uint32_t sdp_cstate_alloc_buf(sdp_req_t *req, sdp_buf_t *buf)
- {
-- sdp_cstate_list_t *cstate = malloc(sizeof(sdp_cstate_list_t));
-+ sdp_cont_info_t *cinfo = malloc(sizeof(sdp_cont_info_t));
- uint8_t *data = malloc(buf->data_size);
-
- memcpy(data, buf->data, buf->data_size);
-- memset((char *)cstate, 0, sizeof(sdp_cstate_list_t));
-- cstate->buf.data = data;
-- cstate->buf.data_size = buf->data_size;
-- cstate->buf.buf_size = buf->data_size;
-- cstate->timestamp = sdp_get_time();
-- cstate->next = cstates;
-- cstates = cstate;
-- return cstate->timestamp;
-+ memset(cinfo, 0, sizeof(sdp_cont_info_t));
-+ cinfo->buf.data = data;
-+ cinfo->buf.data_size = buf->data_size;
-+ cinfo->buf.buf_size = buf->data_size;
-+ cinfo->timestamp = sdp_get_time();
-+ cinfo->sock = req->sock;
-+ cinfo->opcode = req->opcode;
-+
-+ cstates = sdp_list_append(cstates, cinfo);
-+
-+ return cinfo->timestamp;
- }
-
- /* Additional values for checking datatype (not in spec) */
-@@ -274,14 +304,16 @@ static int sdp_set_cstate_pdu(sdp_buf_t *buf, sdp_cont_state_t *cstate)
- return length;
- }
-
--static int sdp_cstate_get(uint8_t *buffer, size_t len,
-- sdp_cont_state_t **cstate)
-+static int sdp_cstate_get(sdp_req_t *req, uint8_t *buffer, size_t len,
-+ sdp_cont_state_t **cstate, sdp_cont_info_t **cinfo)
- {
- uint8_t cStateSize = *buffer;
-
- SDPDBG("Continuation State size : %d", cStateSize);
-
- if (cStateSize == 0) {
-+ /* Cleanup cstates if request doesn't contain a cstate */
-+ sdp_cstate_cleanup(req->sock);
- *cstate = NULL;
- return 0;
- }
-@@ -306,6 +338,8 @@ static int sdp_cstate_get(uint8_t *buffer, size_t len,
- SDPDBG("Cstate TS : 0x%x", (*cstate)->timestamp);
- SDPDBG("Bytes sent : %d", (*cstate)->cStateValue.maxBytesSent);
-
-+ *cinfo = sdp_get_cont_info(req, *cstate);
-+
- return 0;
- }
-
-@@ -360,6 +394,7 @@ static int service_search_req(sdp_req_t *req, sdp_buf_t *buf)
- uint16_t expected, actual, rsp_count = 0;
- uint8_t dtd;
- sdp_cont_state_t *cstate = NULL;
-+ sdp_cont_info_t *cinfo = NULL;
- uint8_t *pCacheBuffer = NULL;
- int handleSize = 0;
- uint32_t cStateId = 0;
-@@ -399,9 +434,9 @@ static int service_search_req(sdp_req_t *req, sdp_buf_t *buf)
-
- /*
- * Check if continuation state exists, if yes attempt
-- * to get rsp remainder from cache, else send error
-+ * to get rsp remainder from continuation info, else send error
- */
-- if (sdp_cstate_get(pdata, data_left, &cstate) < 0) {
-+ if (sdp_cstate_get(req, pdata, data_left, &cstate, &cinfo) < 0) {
- status = SDP_INVALID_SYNTAX;
- goto done;
- }
-@@ -451,7 +486,7 @@ static int service_search_req(sdp_req_t *req, sdp_buf_t *buf)
-
- if (rsp_count > actual) {
- /* cache the rsp and generate a continuation state */
-- cStateId = sdp_cstate_alloc_buf(buf);
-+ cStateId = sdp_cstate_alloc_buf(req, buf);
- /*
- * subtract handleSize since we now send only
- * a subset of handles
-@@ -459,6 +494,7 @@ static int service_search_req(sdp_req_t *req, sdp_buf_t *buf)
- buf->data_size -= handleSize;
- } else {
- /* NULL continuation state */
-+ sdp_cont_info_free(cinfo);
- sdp_set_cstate_pdu(buf, NULL);
- }
- }
-@@ -468,13 +504,15 @@ static int service_search_req(sdp_req_t *req, sdp_buf_t *buf)
- short lastIndex = 0;
-
- if (cstate) {
-- /*
-- * Get the previous sdp_cont_state_t and obtain
-- * the cached rsp
-- */
-- sdp_buf_t *pCache = sdp_get_cached_rsp(cstate);
-- if (pCache) {
-- pCacheBuffer = pCache->data;
-+ if (cinfo) {
-+ /* Check if requesting more than available */
-+ if (cstate->cStateValue.maxBytesSent >=
-+ cinfo->buf.data_size) {
-+ status = SDP_INVALID_CSTATE;
-+ goto done;
-+ }
-+
-+ pCacheBuffer = cinfo->buf.data;
- /* get the rsp_count from the cached buffer */
- rsp_count = get_be16(pCacheBuffer);
-
-@@ -518,6 +556,7 @@ static int service_search_req(sdp_req_t *req, sdp_buf_t *buf)
- if (i == rsp_count) {
- /* set "null" continuationState */
- sdp_set_cstate_pdu(buf, NULL);
-+ sdp_cont_info_free(cinfo);
- } else {
- /*
- * there's more: set lastIndexSent to
-@@ -540,6 +579,7 @@ static int service_search_req(sdp_req_t *req, sdp_buf_t *buf)
-
- done:
- free(cstate);
-+
- if (pattern)
- sdp_list_free(pattern, free);
-
-@@ -619,15 +659,21 @@ static int extract_attrs(sdp_record_t *rec, sdp_list_t *seq, sdp_buf_t *buf)
- }
-
- /* Build cstate response */
--static int sdp_cstate_rsp(sdp_cont_state_t *cstate, sdp_buf_t *buf,
-- uint16_t max)
-+static int sdp_cstate_rsp(sdp_cont_info_t *cinfo, sdp_cont_state_t *cstate,
-+ sdp_buf_t *buf, uint16_t max)
- {
-- /* continuation State exists -> get from cache */
-- sdp_buf_t *cache = sdp_get_cached_rsp(cstate);
-+ sdp_buf_t *cache;
- uint16_t sent;
-
-- if (!cache)
-+ if (!cinfo)
-+ return 0;
-+
-+ if (cstate->cStateValue.maxBytesSent >= cinfo->buf.data_size) {
-+ sdp_cont_info_free(cinfo);
- return 0;
-+ }
-+
-+ cache = &cinfo->buf;
-
- sent = MIN(max, cache->data_size - cstate->cStateValue.maxBytesSent);
- memcpy(buf->data, cache->data + cstate->cStateValue.maxBytesSent, sent);
-@@ -637,8 +683,10 @@ static int sdp_cstate_rsp(sdp_cont_state_t *cstate, sdp_buf_t *buf,
- SDPDBG("Response size : %d sending now : %d bytes sent so far : %d",
- cache->data_size, sent, cstate->cStateValue.maxBytesSent);
-
-- if (cstate->cStateValue.maxBytesSent == cache->data_size)
-+ if (cstate->cStateValue.maxBytesSent == cache->data_size) {
-+ sdp_cont_info_free(cinfo);
- return sdp_set_cstate_pdu(buf, NULL);
-+ }
-
- return sdp_set_cstate_pdu(buf, cstate);
- }
-@@ -652,6 +700,7 @@ static int sdp_cstate_rsp(sdp_cont_state_t *cstate, sdp_buf_t *buf,
- static int service_attr_req(sdp_req_t *req, sdp_buf_t *buf)
- {
- sdp_cont_state_t *cstate = NULL;
-+ sdp_cont_info_t *cinfo = NULL;
- short cstate_size = 0;
- sdp_list_t *seq = NULL;
- uint8_t dtd = 0;
-@@ -708,7 +757,7 @@ static int service_attr_req(sdp_req_t *req, sdp_buf_t *buf)
- * if continuation state exists, attempt
- * to get rsp remainder from cache, else send error
- */
-- if (sdp_cstate_get(pdata, data_left, &cstate) < 0) {
-+ if (sdp_cstate_get(req, pdata, data_left, &cstate, &cinfo) < 0) {
- status = SDP_INVALID_SYNTAX;
- goto done;
- }
-@@ -737,7 +786,7 @@ static int service_attr_req(sdp_req_t *req, sdp_buf_t *buf)
- buf->buf_size -= sizeof(uint16_t);
-
- if (cstate) {
-- cstate_size = sdp_cstate_rsp(cstate, buf, max_rsp_size);
-+ cstate_size = sdp_cstate_rsp(cinfo, cstate, buf, max_rsp_size);
- if (!cstate_size) {
- status = SDP_INVALID_CSTATE;
- error("NULL cache buffer and non-NULL continuation state");
-@@ -749,7 +798,7 @@ static int service_attr_req(sdp_req_t *req, sdp_buf_t *buf)
- sdp_cont_state_t newState;
-
- memset((char *)&newState, 0, sizeof(sdp_cont_state_t));
-- newState.timestamp = sdp_cstate_alloc_buf(buf);
-+ newState.timestamp = sdp_cstate_alloc_buf(req, buf);
- /*
- * Reset the buffer size to the maximum expected and
- * set the sdp_cont_state_t
-@@ -793,6 +842,7 @@ static int service_search_attr_req(sdp_req_t *req, sdp_buf_t *buf)
- int scanned, rsp_count = 0;
- sdp_list_t *pattern = NULL, *seq = NULL, *svcList;
- sdp_cont_state_t *cstate = NULL;
-+ sdp_cont_info_t *cinfo = NULL;
- short cstate_size = 0;
- uint8_t dtd = 0;
- sdp_buf_t tmpbuf;
-@@ -852,7 +902,7 @@ static int service_search_attr_req(sdp_req_t *req, sdp_buf_t *buf)
- * if continuation state exists attempt
- * to get rsp remainder from cache, else send error
- */
-- if (sdp_cstate_get(pdata, data_left, &cstate) < 0) {
-+ if (sdp_cstate_get(req, pdata, data_left, &cstate, &cinfo) < 0) {
- status = SDP_INVALID_SYNTAX;
- goto done;
- }
-@@ -906,7 +956,7 @@ static int service_search_attr_req(sdp_req_t *req, sdp_buf_t *buf)
- sdp_cont_state_t newState;
-
- memset((char *)&newState, 0, sizeof(sdp_cont_state_t));
-- newState.timestamp = sdp_cstate_alloc_buf(buf);
-+ newState.timestamp = sdp_cstate_alloc_buf(req, buf);
- /*
- * Reset the buffer size to the maximum expected and
- * set the sdp_cont_state_t
-@@ -917,7 +967,7 @@ static int service_search_attr_req(sdp_req_t *req, sdp_buf_t *buf)
- } else
- cstate_size = sdp_set_cstate_pdu(buf, NULL);
- } else {
-- cstate_size = sdp_cstate_rsp(cstate, buf, max);
-+ cstate_size = sdp_cstate_rsp(cinfo, cstate, buf, max);
- if (!cstate_size) {
- status = SDP_INVALID_CSTATE;
- SDPDBG("Non-null continuation state, but null cache buffer");
-@@ -974,6 +1024,9 @@ static void process_request(sdp_req_t *req)
- status = SDP_INVALID_PDU_SIZE;
- goto send_rsp;
- }
-+
-+ req->opcode = reqhdr->pdu_id;
-+
- switch (reqhdr->pdu_id) {
- case SDP_SVC_SEARCH_REQ:
- SDPDBG("Got a svc srch req");
-@@ -1020,6 +1073,8 @@ static void process_request(sdp_req_t *req)
-
- send_rsp:
- if (status) {
-+ /* Cleanup cstates on error */
-+ sdp_cstate_cleanup(req->sock);
- rsphdr->pdu_id = SDP_ERROR_RSP;
- put_be16(status, rsp.data);
- rsp.data_size = sizeof(uint16_t);
-@@ -1108,3 +1163,20 @@ void handle_request(int sk, uint8_t *data, int len)
-
- process_request(&req);
- }
-+
-+void sdp_cstate_cleanup(int sock)
-+{
-+ sdp_list_t *list;
-+
-+ /* Remove any cinfo for the client */
-+ for (list = cstates; list;) {
-+ sdp_cont_info_t *cinfo = list->data;
-+
-+ list = list->next;
-+
-+ if (cinfo->sock != sock)
-+ continue;
-+
-+ sdp_cont_info_free(cinfo);
-+ }
-+}
-diff --git a/src/sdpd-server.c b/src/sdpd-server.c
-index dfd8b1f00..66ee7ba14 100644
---- a/src/sdpd-server.c
-+++ b/src/sdpd-server.c
-@@ -146,16 +146,12 @@ static gboolean io_session_event(GIOChannel *chan, GIOCondition cond, gpointer d
-
- sk = g_io_channel_unix_get_fd(chan);
-
-- if (cond & (G_IO_HUP | G_IO_ERR)) {
-- sdp_svcdb_collect_all(sk);
-- return FALSE;
-- }
-+ if (cond & (G_IO_HUP | G_IO_ERR))
-+ goto cleanup;
-
- len = recv(sk, &hdr, sizeof(sdp_pdu_hdr_t), MSG_PEEK);
-- if (len < 0 || (unsigned int) len < sizeof(sdp_pdu_hdr_t)) {
-- sdp_svcdb_collect_all(sk);
-- return FALSE;
-- }
-+ if (len < 0 || (unsigned int) len < sizeof(sdp_pdu_hdr_t))
-+ goto cleanup;
-
- size = sizeof(sdp_pdu_hdr_t) + ntohs(hdr.plen);
- buf = malloc(size);
-@@ -168,14 +164,18 @@ static gboolean io_session_event(GIOChannel *chan, GIOCondition cond, gpointer d
- * inside handle_request() in order to produce ErrorResponse.
- */
- if (len <= 0) {
-- sdp_svcdb_collect_all(sk);
- free(buf);
-- return FALSE;
-+ goto cleanup;
- }
-
- handle_request(sk, buf, len);
-
- return TRUE;
-+
-+cleanup:
-+ sdp_svcdb_collect_all(sk);
-+ sdp_cstate_cleanup(sk);
-+ return FALSE;
- }
-
- static gboolean io_accept_event(GIOChannel *chan, GIOCondition cond, gpointer data)
-diff --git a/src/sdpd.h b/src/sdpd.h
-index 257411f03..4316aff67 100644
---- a/src/sdpd.h
-+++ b/src/sdpd.h
-@@ -27,8 +27,11 @@ typedef struct request {
- int flags;
- uint8_t *buf;
- int len;
-+ uint8_t opcode;
- } sdp_req_t;
-
-+void sdp_cstate_cleanup(int sock);
-+
- void handle_internal_request(int sk, int mtu, void *data, int len);
- void handle_request(int sk, uint8_t *data, int len);
-
-diff --git a/unit/test-sdp.c b/unit/test-sdp.c
-index d3a885f19..8f95fcb71 100644
---- a/unit/test-sdp.c
-+++ b/unit/test-sdp.c
-@@ -235,7 +235,7 @@ static gboolean client_handler(GIOChannel *channel, GIOCondition cond,
- tester_monitor('>', 0x0000, 0x0001, buf, len);
-
- g_assert(len > 0);
-- g_assert((size_t) len == rsp_pdu->raw_size + rsp_pdu->cont_len);
-+ g_assert_cmpuint(len, ==, rsp_pdu->raw_size + rsp_pdu->cont_len);
-
- g_assert(memcmp(buf, rsp_pdu->raw_data, rsp_pdu->raw_size) == 0);
-
---
-2.26.2
-
diff --git a/SOURCES/0001-shared-gatt-server-Fix-not-properly-checking-for-sec.patch b/SOURCES/0001-shared-gatt-server-Fix-not-properly-checking-for-sec.patch
deleted file mode 100644
index a8f61c4..0000000
--- a/SOURCES/0001-shared-gatt-server-Fix-not-properly-checking-for-sec.patch
+++ /dev/null
@@ -1,115 +0,0 @@
-From d22177efb6f17ed281013cdfa4976d218718d5b6 Mon Sep 17 00:00:00 2001
-From: Gopal Tiwari <gtiwari@redhat.com>
-Date: Mon, 31 May 2021 12:29:01 +0530
-Subject: [PATCH BlueZ] shared/gatt-server: Fix not properly checking for
- secure flags
-
-commit ef7316b34cf3a568694bdb0e4e83af17804dff9e (HEAD)
-Author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
-Date: Tue Mar 2 11:38:33 2021 -0800
-
-shared/gatt-server: Fix not properly checking for secure flags
-
-When passing the mask to check_permissions all valid permissions for
-the operation must be set including BT_ATT_PERM_SECURE flags.
-
-(cherry picked from commit 00da0fb4972cf59e1c075f313da81ea549cb8738)
-Signed-off-by: Gopal Tiwari <gtiwari@redhat.com>
----
- src/shared/att-types.h | 8 ++++++++
- src/shared/gatt-server.c | 25 +++++++------------------
- 2 files changed, 15 insertions(+), 18 deletions(-)
-
-diff --git a/src/shared/att-types.h b/src/shared/att-types.h
-index 7108b4e94..3adc05d9e 100644
---- a/src/shared/att-types.h
-+++ b/src/shared/att-types.h
-@@ -129,6 +129,14 @@ struct bt_att_pdu_error_rsp {
- #define BT_ATT_PERM_WRITE_SECURE 0x0200
- #define BT_ATT_PERM_SECURE (BT_ATT_PERM_READ_SECURE | \
- BT_ATT_PERM_WRITE_SECURE)
-+#define BT_ATT_PERM_READ_MASK (BT_ATT_PERM_READ | \
-+ BT_ATT_PERM_READ_AUTHEN | \
-+ BT_ATT_PERM_READ_ENCRYPT | \
-+ BT_ATT_PERM_READ_SECURE)
-+#define BT_ATT_PERM_WRITE_MASK (BT_ATT_PERM_WRITE | \
-+ BT_ATT_PERM_WRITE_AUTHEN | \
-+ BT_ATT_PERM_WRITE_ENCRYPT | \
-+ BT_ATT_PERM_WRITE_SECURE)
-
- /* GATT Characteristic Properties Bitfield values */
- #define BT_GATT_CHRC_PROP_BROADCAST 0x01
-diff --git a/src/shared/gatt-server.c b/src/shared/gatt-server.c
-index b5f7de7dc..970c35f94 100644
---- a/src/shared/gatt-server.c
-+++ b/src/shared/gatt-server.c
-@@ -444,9 +444,7 @@ static void process_read_by_type(struct async_read_op *op)
- return;
- }
-
-- ecode = check_permissions(server, attr, BT_ATT_PERM_READ |
-- BT_ATT_PERM_READ_AUTHEN |
-- BT_ATT_PERM_READ_ENCRYPT);
-+ ecode = check_permissions(server, attr, BT_ATT_PERM_READ_MASK);
- if (ecode)
- goto error;
-
-@@ -811,9 +809,7 @@ static void write_cb(struct bt_att_chan *chan, uint8_t opcode, const void *pdu,
- (opcode == BT_ATT_OP_WRITE_REQ) ? "Req" : "Cmd",
- handle);
-
-- ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE |
-- BT_ATT_PERM_WRITE_AUTHEN |
-- BT_ATT_PERM_WRITE_ENCRYPT);
-+ ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE_MASK);
- if (ecode)
- goto error;
-
-@@ -913,9 +909,7 @@ static void handle_read_req(struct bt_att_chan *chan,
- opcode == BT_ATT_OP_READ_BLOB_REQ ? "Blob " : "",
- handle);
-
-- ecode = check_permissions(server, attr, BT_ATT_PERM_READ |
-- BT_ATT_PERM_READ_AUTHEN |
-- BT_ATT_PERM_READ_ENCRYPT);
-+ ecode = check_permissions(server, attr, BT_ATT_PERM_READ_MASK);
- if (ecode)
- goto error;
-
-@@ -1051,9 +1045,8 @@ static void read_multiple_complete_cb(struct gatt_db_attribute *attr, int err,
- goto error;
- }
-
-- ecode = check_permissions(data->server, next_attr, BT_ATT_PERM_READ |
-- BT_ATT_PERM_READ_AUTHEN |
-- BT_ATT_PERM_READ_ENCRYPT);
-+ ecode = check_permissions(data->server, next_attr,
-+ BT_ATT_PERM_READ_MASK);
- if (ecode)
- goto error;
-
-@@ -1129,9 +1122,7 @@ static void read_multiple_cb(struct bt_att_chan *chan, uint8_t opcode,
- goto error;
- }
-
-- ecode = check_permissions(data->server, attr, BT_ATT_PERM_READ |
-- BT_ATT_PERM_READ_AUTHEN |
-- BT_ATT_PERM_READ_ENCRYPT);
-+ ecode = check_permissions(data->server, attr, BT_ATT_PERM_READ_MASK);
- if (ecode)
- goto error;
-
-@@ -1308,9 +1299,7 @@ static void prep_write_cb(struct bt_att_chan *chan, uint8_t opcode,
- util_debug(server->debug_callback, server->debug_data,
- "Prep Write Req - handle: 0x%04x", handle);
-
-- ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE |
-- BT_ATT_PERM_WRITE_AUTHEN |
-- BT_ATT_PERM_WRITE_ENCRYPT);
-+ ecode = check_permissions(server, attr, BT_ATT_PERM_WRITE_MASK);
- if (ecode)
- goto error;
-
---
-2.26.2
-
diff --git a/SOURCES/0003-systemd-Add-more-filesystem-lockdown.patch b/SOURCES/0003-systemd-Add-more-filesystem-lockdown.patch
index 139fb62..37a91e4 100644
--- a/SOURCES/0003-systemd-Add-more-filesystem-lockdown.patch
+++ b/SOURCES/0003-systemd-Add-more-filesystem-lockdown.patch
@@ -1,34 +1,29 @@
-From 1da4185a89fba1c14032ab87757e5fb798d76bc0 Mon Sep 17 00:00:00 2001
-From: Gopal Tiwari <gtiwari@redhat.com>
-Date: Mon, 8 Jun 2020 19:55:39 +0530
-Subject: [PATCH BlueZ 3/4] systemd: Add more filesystem lockdown
-
-From 73a9c0902e7c97adf96e735407a75033152c04a9 Mon Sep 17 00:00:00 2001
+From 13a348670fef0047555395ce6977e86e0005f8bd Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Wed, 13 Sep 2017 15:37:11 +0200
-
-systemd: Add more filesystem lockdown
+Subject: [PATCH 3/4] systemd: Add more filesystem lockdown
We can only access the configuration file as read-only and read-write
to the Bluetooth cache directory and sub-directories.
---
- Makefile.am | 2 ++
+ Makefile.am | 3 +++
src/bluetooth.service.in | 4 ++++
- 2 files changed, 6 insertions(+)
+ 2 files changed, 7 insertions(+)
diff --git a/Makefile.am b/Makefile.am
-index cdd2fd8fb..0af1a8c45 100644
+index ac88c12e0..0a6d09847 100644
--- a/Makefile.am
+++ b/Makefile.am
-@@ -580,6 +580,8 @@ MAINTAINERCLEANFILES = Makefile.in \
+@@ -617,6 +617,9 @@
SED_PROCESS = $(AM_V_GEN)$(MKDIR_P) $(dir $@) && \
$(SED) -e 's,@pkglibexecdir\@,$(pkglibexecdir),g' \
++ -e 's,@libexecdir\@,$(libexecdir),g' \
+ -e 's,@statedir\@,$(statedir),g' \
+ -e 's,@confdir\@,$(confdir),g' \
< $< > $@
- %.service: %.service.in Makefile
+ if RUN_RST2MAN
diff --git a/src/bluetooth.service.in b/src/bluetooth.service.in
index 7c2f60bb4..4daedef2a 100644
--- a/src/bluetooth.service.in
@@ -45,5 +40,5 @@ index 7c2f60bb4..4daedef2a 100644
# Privilege escalation
NoNewPrivileges=true
--
-2.21.1
+2.21.0
diff --git a/SPECS/bluez.spec b/SPECS/bluez.spec
index 49a9776..62cb5b9 100644
--- a/SPECS/bluez.spec
+++ b/SPECS/bluez.spec
@@ -1,7 +1,7 @@
Name: bluez
Summary: Bluetooth utilities
-Version: 5.56
-Release: 3%{?dist}
+Version: 5.63
+Release: 1%{?dist}
License: GPLv2+
URL: http://www.bluez.org/
@@ -29,9 +29,10 @@ Patch20: 0001-build-Always-define-confdir-and-statedir.patch
Patch21: 0002-systemd-Add-PrivateTmp-and-NoNewPrivileges-options.patch
Patch22: 0003-systemd-Add-more-filesystem-lockdown.patch
Patch23: 0004-systemd-More-lockdown.patch
+Patch25: 0001-gdbus-Emit-InterfacesAdded-of-parents-objects-first.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1567622
-Patch24: 0001-adapter-Don-t-refresh-adv_manager-for-non-LE-devices.patch
+#Patch24: 0001-adapter-Don-t-refresh-adv_manager-for-non-LE-devices.patch
#Patch25: 0001-core-Add-AlwaysPairable-to-main.conf.patch
#Patch26: 0002-agent-Make-the-first-agent-to-register-the-default.patch
@@ -44,9 +45,9 @@ Patch24: 0001-adapter-Don-t-refresh-adv_manager-for-non-LE-devices.patch
#Patch30: 0001-input-hog-Attempt-to-set-security-level-if-not-bonde.patch
# fixing https://bugzilla.redhat.com/show_bug.cgi?id=1965057
-Patch31: 0001-shared-gatt-server-Fix-not-properly-checking-for-sec.patch
+#Patch31: 0001-shared-gatt-server-Fix-not-properly-checking-for-sec.patch
-Patch32: 0001-sdpd-Fix-leaking-buffers-stored-in-cstates-cache.patch
+#Patch32: 0001-sdpd-Fix-leaking-buffers-stored-in-cstates-cache.patch
BuildRequires: git-core
BuildRequires: dbus-devel >= 1.6
@@ -61,6 +62,7 @@ BuildRequires: systemd-devel
BuildRequires: cups-devel
# For autoreconf
BuildRequires: libtool automake autoconf
+BuildRequires: python3-docutils
Requires: dbus >= 1.6
@@ -235,6 +237,7 @@ make check
%{_bindir}/rctest
%{_datadir}/zsh/site-functions/_bluetoothctl
%{_mandir}/man1/btattach.1.gz
+%{_mandir}/man1/btmon.1.*
%{_mandir}/man1/ciptool.1.gz
%{_mandir}/man1/hcitool.1.gz
%{_mandir}/man1/rfcomm.1.gz
@@ -280,8 +283,11 @@ make check
%{_userunitdir}/obex.service
%changelog
+* Tue May 17 2022 Gopal Tiwari <gtiwari@redhat.com> - 5.63-1
++ bluez-5.63-1
+- Fixing (#)
-* Wed Dec 13 2021 Gopal Tiwari <gtiwari@redhat.com> - 5.56-3
+* Mon Dec 13 2021 Gopal Tiwari <gtiwari@redhat.com> - 5.56-3
+ bluez-5.56-3
- Fixing (#2027434)
- Fixing CVE-2021-41229