diff --git a/.bluez.metadata b/.bluez.metadata index 2dce898..b8a0111 100644 --- a/.bluez.metadata +++ b/.bluez.metadata @@ -1 +1 @@ -a59289c91ccb7fac248e916838d4e66d7936151e SOURCES/bluez-5.50.tar.xz +75e907922a62588c12d5642293403be0625b4d02 SOURCES/bluez-5.52.tar.xz diff --git a/.gitignore b/.gitignore index 50d3db5..3348dc8 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/bluez-5.50.tar.xz +SOURCES/bluez-5.52.tar.xz diff --git a/SOURCES/0001-HOGP-must-only-accept-data-from-bonded-devices.patch b/SOURCES/0001-HOGP-must-only-accept-data-from-bonded-devices.patch new file mode 100644 index 0000000..a59b807 --- /dev/null +++ b/SOURCES/0001-HOGP-must-only-accept-data-from-bonded-devices.patch @@ -0,0 +1,37 @@ +From 89fb68570e72a854f10d50bec99112d294597483 Mon Sep 17 00:00:00 2001 +From: Gopal Tiwari +Date: Fri, 24 Apr 2020 16:06:37 +0530 +Subject: [PATCH BlueZ 1/2] HOGP must only accept data from bonded devices. + +commit 8cdbd3b09f29da29374e2f83369df24228da0ad1 +Author: Alain Michaud +Date: Tue Mar 10 02:35:16 2020 +0000 + + HOGP must only accept data from bonded devices. + + HOGP 1.0 Section 6.1 establishes that the HOGP must require bonding. + + Reference: + https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.htm +--- + profiles/input/hog.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/profiles/input/hog.c b/profiles/input/hog.c +index 23c9c1529..f8a82bc20 100644 +--- a/profiles/input/hog.c ++++ b/profiles/input/hog.c +@@ -186,6 +186,10 @@ static int hog_accept(struct btd_service *service) + return -EINVAL; + } + ++ /* HOGP 1.0 Section 6.1 requires bonding */ ++ if (!device_is_bonded(device, btd_device_get_bdaddr_type(device))) ++ return -ECONNREFUSED; ++ + /* TODO: Replace GAttrib with bt_gatt_client */ + bt_hog_attach(dev->hog, attrib); + +-- +2.21.1 + diff --git a/SOURCES/0001-build-Always-define-confdir-and-statedir.patch b/SOURCES/0001-build-Always-define-confdir-and-statedir.patch index 6e0c8ca..affb28a 100644 --- a/SOURCES/0001-build-Always-define-confdir-and-statedir.patch +++ b/SOURCES/0001-build-Always-define-confdir-and-statedir.patch @@ -1,35 +1,41 @@ +From 5a62336f4da3a2d1a1ab38d03980d57844bce147 Mon Sep 17 00:00:00 2001 +From: Gopal Tiwari +Date: Mon, 8 Jun 2020 20:56:46 +0530 +Subject: [PATCH BlueZ 1/4] build: Always define confdir and statedir + From 69d2e7bebb79f500179298c6c51fafbc217df6c8 Mon Sep 17 00:00:00 2001 From: Bastien Nocera Date: Wed, 20 Sep 2017 12:49:10 +0200 -Subject: [PATCH 1/4] build: Always define confdir and statedir + +build: Always define confdir and statedir As we will need those paths to lock down on them. --- - Makefile.am | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) + Makefile.am | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Makefile.am b/Makefile.am -index 555f301ca..1c38d94e5 100644 +index 84c9712c9..6e77ed91e 100644 --- a/Makefile.am +++ b/Makefile.am -@@ -30,14 +30,14 @@ include_HEADERS = - AM_CFLAGS = $(WARNING_CFLAGS) $(MISC_CFLAGS) +@@ -31,14 +31,15 @@ pkginclude_HEADERS = + AM_CFLAGS = $(WARNING_CFLAGS) $(MISC_CFLAGS) $(UDEV_CFLAGS) $(ell_cflags) AM_LDFLAGS = $(MISC_LDFLAGS) +confdir = $(sysconfdir)/bluetooth +statedir = $(localstatedir)/lib/bluetooth + if DATAFILES - dbusdir = @DBUS_CONFDIR@/dbus-1/system.d + dbusdir = $(DBUS_CONFDIR)/dbus-1/system.d dbus_DATA = src/bluetooth.conf -confdir = $(sysconfdir)/bluetooth conf_DATA = -- + -statedir = $(localstatedir)/lib/bluetooth state_DATA = endif -- -2.14.1 +2.21.1 diff --git a/SOURCES/0001-build-Enable-BIND_NOW.patch b/SOURCES/0001-build-Enable-BIND_NOW.patch deleted file mode 100644 index b7c7e57..0000000 --- a/SOURCES/0001-build-Enable-BIND_NOW.patch +++ /dev/null @@ -1,31 +0,0 @@ -From e45c8fdcb3d7cdb654f6819c02d1bbb5b40b6116 Mon Sep 17 00:00:00 2001 -From: Florian Weimer -Date: Thu, 7 Nov 2013 09:23:35 +0100 -Subject: [PATCH 1/4] build: Enable BIND_NOW - -Partial RELRO means that the object is GNU_RELRO but not BIND_NOW. This -reduces the effectiveness of RELRO. bluez triggers this because it -enables PIE during the build, and rpmdiff takes this as an indicator -that the best possible hardening is desired. - -https://bugzilla.redhat.com/show_bug.cgi?id=983161 ---- - acinclude.m4 | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/acinclude.m4 b/acinclude.m4 -index bc39c6d73..efce2f3cb 100644 ---- a/acinclude.m4 -+++ b/acinclude.m4 -@@ -50,7 +50,7 @@ AC_DEFUN([MISC_FLAGS], [ - if (test "${enableval}" = "yes" && - test "${ac_cv_prog_cc_pie}" = "yes"); then - misc_cflags="$misc_cflags -fPIC" -- misc_ldflags="$misc_ldflags -pie" -+ misc_ldflags="$misc_ldflags -pie -Wl,-z,now" - fi - ]) - if (test "$enable_coverage" = "yes"); then --- -2.14.1 - diff --git a/SOURCES/0002-HID-accepts-bonded-device-connections-only.patch b/SOURCES/0002-HID-accepts-bonded-device-connections-only.patch new file mode 100644 index 0000000..76b8a9b --- /dev/null +++ b/SOURCES/0002-HID-accepts-bonded-device-connections-only.patch @@ -0,0 +1,144 @@ +From b84b23845ec9730b783f4e6efcee70c8b2f09f29 Mon Sep 17 00:00:00 2001 +From: Gopal Tiwari +Date: Fri, 24 Apr 2020 16:27:58 +0530 +Subject: [PATCH BlueZ 2/2] HID accepts bonded device connections only. + +commit 3cccdbab2324086588df4ccf5f892fb3ce1f1787 +Author: Alain Michaud +Date: Tue Mar 10 02:35:18 2020 +0000 + + HID accepts bonded device connections only. + + This change adds a configuration for platforms to choose a more secure + posture for the HID profile. While some older mice are known to not + support pairing or encryption, some platform may choose a more secure + posture by requiring the device to be bonded and require the + connection to be encrypted when bonding is required. + + Reference: + https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html +--- + profiles/input/device.c | 23 ++++++++++++++++++++++- + profiles/input/device.h | 1 + + profiles/input/input.conf | 8 ++++++++ + profiles/input/manager.c | 13 ++++++++++++- + 4 files changed, 43 insertions(+), 2 deletions(-) + +diff --git a/profiles/input/device.c b/profiles/input/device.c +index 84614784d..3abd2f592 100644 +--- a/profiles/input/device.c ++++ b/profiles/input/device.c +@@ -91,6 +91,7 @@ struct input_device { + + static int idle_timeout = 0; + static bool uhid_enabled = false; ++static bool classic_bonded_only = false; + + void input_set_idle_timeout(int timeout) + { +@@ -102,6 +103,11 @@ void input_enable_userspace_hid(bool state) + uhid_enabled = state; + } + ++void input_set_classic_bonded_only(bool state) ++{ ++ classic_bonded_only = state; ++} ++ + static void input_device_enter_reconnect_mode(struct input_device *idev); + static int connection_disconnect(struct input_device *idev, uint32_t flags); + +@@ -969,8 +975,18 @@ static int hidp_add_connection(struct input_device *idev) + if (device_name_known(idev->device)) + device_get_name(idev->device, req->name, sizeof(req->name)); + ++ /* Make sure the device is bonded if required */ ++ if (classic_bonded_only && !device_is_bonded(idev->device, ++ btd_device_get_bdaddr_type(idev->device))) { ++ error("Rejected connection from !bonded device %s", dst_addr); ++ goto cleanup; ++ } ++ + /* Encryption is mandatory for keyboards */ +- if (req->subclass & 0x40) { ++ /* Some platforms may choose to require encryption for all devices */ ++ /* Note that this only matters for pre 2.1 devices as otherwise the */ ++ /* device is encrypted by default by the lower layers */ ++ if (classic_bonded_only || req->subclass & 0x40) { + if (!bt_io_set(idev->intr_io, &gerr, + BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_MEDIUM, + BT_IO_OPT_INVALID)) { +@@ -1202,6 +1218,11 @@ static void input_device_enter_reconnect_mode(struct input_device *idev) + DBG("path=%s reconnect_mode=%s", idev->path, + reconnect_mode_to_string(idev->reconnect_mode)); + ++ /* Make sure the device is bonded if required */ ++ if (classic_bonded_only && !device_is_bonded(idev->device, ++ btd_device_get_bdaddr_type(idev->device))) ++ return; ++ + /* Only attempt an auto-reconnect when the device is required to + * accept reconnections from the host. + */ +diff --git a/profiles/input/device.h b/profiles/input/device.h +index 51a9aee18..3044db673 100644 +--- a/profiles/input/device.h ++++ b/profiles/input/device.h +@@ -29,6 +29,7 @@ struct input_conn; + + void input_set_idle_timeout(int timeout); + void input_enable_userspace_hid(bool state); ++void input_set_classic_bonded_only(bool state); + + int input_device_register(struct btd_service *service); + void input_device_unregister(struct btd_service *service); +diff --git a/profiles/input/input.conf b/profiles/input/input.conf +index 3e1d65aae..166aff4a4 100644 +--- a/profiles/input/input.conf ++++ b/profiles/input/input.conf +@@ -11,3 +11,11 @@ + # Enable HID protocol handling in userspace input profile + # Defaults to false (HIDP handled in HIDP kernel module) + #UserspaceHID=true ++ ++# Limit HID connections to bonded devices ++# The HID Profile does not specify that devices must be bonded, however some ++# platforms may want to make sure that input connections only come from bonded ++# device connections. Several older mice have been known for not supporting ++# pairing/encryption. ++# Defaults to false to maximize device compatibility. ++#ClassicBondedOnly=true +diff --git a/profiles/input/manager.c b/profiles/input/manager.c +index 1d31b0652..5cd27b839 100644 +--- a/profiles/input/manager.c ++++ b/profiles/input/manager.c +@@ -96,7 +96,7 @@ static int input_init(void) + config = load_config_file(CONFIGDIR "/input.conf"); + if (config) { + int idle_timeout; +- gboolean uhid_enabled; ++ gboolean uhid_enabled, classic_bonded_only; + + idle_timeout = g_key_file_get_integer(config, "General", + "IdleTimeout", &err); +@@ -114,6 +114,17 @@ static int input_init(void) + input_enable_userspace_hid(uhid_enabled); + } else + g_clear_error(&err); ++ ++ classic_bonded_only = g_key_file_get_boolean(config, "General", ++ "ClassicBondedOnly", &err); ++ ++ if (!err) { ++ DBG("input.conf: ClassicBondedOnly=%s", ++ classic_bonded_only ? "true" : "false"); ++ input_set_classic_bonded_only(classic_bonded_only); ++ } else ++ g_clear_error(&err); ++ + } + + btd_profile_register(&input_profile); +-- +2.21.1 + diff --git a/SOURCES/0002-systemd-Add-PrivateTmp-and-NoNewPrivileges-options.patch b/SOURCES/0002-systemd-Add-PrivateTmp-and-NoNewPrivileges-options.patch index cd9f69e..dce19e1 100644 --- a/SOURCES/0002-systemd-Add-PrivateTmp-and-NoNewPrivileges-options.patch +++ b/SOURCES/0002-systemd-Add-PrivateTmp-and-NoNewPrivileges-options.patch @@ -1,7 +1,13 @@ +From 98826d0717fe831265256f996c9e90d15262bef1 Mon Sep 17 00:00:00 2001 +From: Gopal Tiwari +Date: Mon, 8 Jun 2020 19:54:24 +0530 +Subject: [PATCH BlueZ 2/4] systemd: Add PrivateTmp and NoNewPrivileges options + From 4570164f0c90603bd07eb9e7c07e17bbafb5b5da Mon Sep 17 00:00:00 2001 From: Craig Andrews Date: Wed, 13 Sep 2017 15:23:09 +0200 -Subject: [PATCH 2/4] systemd: Add PrivateTmp and NoNewPrivileges options + +systemd: Add PrivateTmp and NoNewPrivileges options PrivateTmp makes bluetoothd's /tmp and /var/tmp be inside a different namespace. This is useful to secure access to temporary files of the @@ -15,7 +21,7 @@ possible privilege escalations. 1 file changed, 6 insertions(+) diff --git a/src/bluetooth.service.in b/src/bluetooth.service.in -index f799f65f0..a6f3030f9 100644 +index f9faaa452..7c2f60bb4 100644 --- a/src/bluetooth.service.in +++ b/src/bluetooth.service.in @@ -12,8 +12,14 @@ NotifyAccess=main @@ -34,5 +40,5 @@ index f799f65f0..a6f3030f9 100644 [Install] WantedBy=bluetooth.target -- -2.14.1 +2.21.1 diff --git a/SOURCES/0003-systemd-Add-more-filesystem-lockdown.patch b/SOURCES/0003-systemd-Add-more-filesystem-lockdown.patch index 6d14e2e..139fb62 100644 --- a/SOURCES/0003-systemd-Add-more-filesystem-lockdown.patch +++ b/SOURCES/0003-systemd-Add-more-filesystem-lockdown.patch @@ -1,7 +1,13 @@ +From 1da4185a89fba1c14032ab87757e5fb798d76bc0 Mon Sep 17 00:00:00 2001 +From: Gopal Tiwari +Date: Mon, 8 Jun 2020 19:55:39 +0530 +Subject: [PATCH BlueZ 3/4] systemd: Add more filesystem lockdown + From 73a9c0902e7c97adf96e735407a75033152c04a9 Mon Sep 17 00:00:00 2001 From: Bastien Nocera Date: Wed, 13 Sep 2017 15:37:11 +0200 -Subject: [PATCH 3/4] systemd: Add more filesystem lockdown + +systemd: Add more filesystem lockdown We can only access the configuration file as read-only and read-write to the Bluetooth cache directory and sub-directories. @@ -11,20 +17,20 @@ to the Bluetooth cache directory and sub-directories. 2 files changed, 6 insertions(+) diff --git a/Makefile.am b/Makefile.am -index 1c38d94e5..13ccf9079 100644 +index cdd2fd8fb..0af1a8c45 100644 --- a/Makefile.am +++ b/Makefile.am -@@ -478,6 +478,8 @@ MAINTAINERCLEANFILES = Makefile.in \ +@@ -580,6 +580,8 @@ MAINTAINERCLEANFILES = Makefile.in \ SED_PROCESS = $(AM_V_GEN)$(MKDIR_P) $(dir $@) && \ - $(SED) -e 's,@libexecdir\@,$(libexecdir),g' \ + $(SED) -e 's,@pkglibexecdir\@,$(pkglibexecdir),g' \ + -e 's,@statedir\@,$(statedir),g' \ + -e 's,@confdir\@,$(confdir),g' \ < $< > $@ %.service: %.service.in Makefile diff --git a/src/bluetooth.service.in b/src/bluetooth.service.in -index a6f3030f9..7e55b5043 100644 +index 7c2f60bb4..4daedef2a 100644 --- a/src/bluetooth.service.in +++ b/src/bluetooth.service.in @@ -17,6 +17,10 @@ LimitNPROC=1 @@ -39,5 +45,5 @@ index a6f3030f9..7e55b5043 100644 # Privilege escalation NoNewPrivileges=true -- -2.14.1 +2.21.1 diff --git a/SOURCES/0003-tools-csr_usb-Fix-compilation-failure.patch b/SOURCES/0003-tools-csr_usb-Fix-compilation-failure.patch deleted file mode 100644 index 1113fe7..0000000 --- a/SOURCES/0003-tools-csr_usb-Fix-compilation-failure.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 07a12a6685ea57be18f39e349dbc42e4af3744ed Mon Sep 17 00:00:00 2001 -From: Bastien Nocera -Date: Tue, 5 Sep 2017 10:32:15 +0200 -Subject: [PATCH 3/4] tools/csr_usb: Fix compilation failure - -GCC's "format-nonliteral" security check is enabled as an error in -recent versions of Fedora. Given the reduced scope of use, mark the -error as ignorable through pragma. - -tools/csr_usb.c: In function 'read_value': -tools/csr_usb.c:82:2: error: format not a string literal, argument types not checked [-Werror=format-nonliteral] - n = fscanf(file, format, &value); - ^ ---- - tools/csr_usb.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/tools/csr_usb.c b/tools/csr_usb.c -index a1d7324f7..33e9968a2 100644 ---- a/tools/csr_usb.c -+++ b/tools/csr_usb.c -@@ -67,6 +67,8 @@ struct usbfs_bulktransfer { - #define USBFS_IOCTL_CLAIMINTF _IOR('U', 15, unsigned int) - #define USBFS_IOCTL_RELEASEINTF _IOR('U', 16, unsigned int) - -+#pragma GCC diagnostic push -+#pragma GCC diagnostic ignored "-Wformat-nonliteral" - static int read_value(const char *name, const char *attr, const char *format) - { - char path[PATH_MAX]; -@@ -88,6 +90,7 @@ static int read_value(const char *name, const char *attr, const char *format) - fclose(file); - return value; - } -+#pragma GCC diagnostic pop - - static char *check_device(const char *name) - { --- -2.14.1 - diff --git a/SOURCES/0004-systemd-More-lockdown.patch b/SOURCES/0004-systemd-More-lockdown.patch index 3ad3e14..ea1ac67 100644 --- a/SOURCES/0004-systemd-More-lockdown.patch +++ b/SOURCES/0004-systemd-More-lockdown.patch @@ -1,7 +1,13 @@ +From 9a7872f04cb748e8de743d9136ecd91539d13cb7 Mon Sep 17 00:00:00 2001 +From: Gopal Tiwari +Date: Mon, 8 Jun 2020 19:56:42 +0530 +Subject: [PATCH BlueZ 4/4] systemd: More lockdown + From 171d812218883281fed57b57fafd5c18eac441ac Mon Sep 17 00:00:00 2001 From: Bastien Nocera Date: Wed, 13 Sep 2017 15:38:26 +0200 -Subject: [PATCH 4/4] systemd: More lockdown + +systemd: More lockdown bluetoothd does not need to execute mapped memory, or real-time access, so block those. @@ -10,7 +16,7 @@ access, so block those. 1 file changed, 6 insertions(+) diff --git a/src/bluetooth.service.in b/src/bluetooth.service.in -index 7e55b5043..e8267b338 100644 +index 4daedef2a..f18801866 100644 --- a/src/bluetooth.service.in +++ b/src/bluetooth.service.in @@ -22,9 +22,15 @@ ProtectControlGroups=true @@ -30,5 +36,5 @@ index 7e55b5043..e8267b338 100644 WantedBy=bluetooth.target Alias=dbus-org.bluez.service -- -2.14.1 +2.21.1 diff --git a/SPECS/bluez.spec b/SPECS/bluez.spec index f39ccc2..8a11617 100644 --- a/SPECS/bluez.spec +++ b/SPECS/bluez.spec @@ -1,6 +1,6 @@ Name: bluez Summary: Bluetooth utilities -Version: 5.50 +Version: 5.52 Release: 1%{?dist} License: GPLv2+ URL: http://www.bluez.org/ @@ -15,8 +15,8 @@ Source3: btattach-bcm@.service Source4: btattach-bcm-service.sh # https://github.com/hadess/bluez/commits/build-fixes-5.46 -Patch1: 0001-build-Enable-BIND_NOW.patch -Patch2: 0003-tools-csr_usb-Fix-compilation-failure.patch +#Patch1: 0001-build-Enable-BIND_NOW.patch +#Patch2: 0003-tools-csr_usb-Fix-compilation-failure.patch # https://github.com/hadess/bluez/commits/obex-5.46 Patch3: 0001-obex-Use-GLib-helper-function-to-manipulate-paths.patch @@ -33,6 +33,12 @@ Patch23: 0004-systemd-More-lockdown.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1567622 Patch24: 0001-adapter-Don-t-refresh-adv_manager-for-non-LE-devices.patch +#Patch25: 0001-core-Add-AlwaysPairable-to-main.conf.patch +#Patch26: 0002-agent-Make-the-first-agent-to-register-the-default.patch + +Patch27: 0001-HOGP-must-only-accept-data-from-bonded-devices.patch +Patch28: 0002-HID-accepts-bonded-device-connections-only.patch + BuildRequires: git-core BuildRequires: dbus-devel >= 1.6 BuildRequires: glib2-devel @@ -220,6 +226,7 @@ make check %{_bindir}/mpris-proxy %{_bindir}/gatttool %{_bindir}/rctest +%{_datadir}/zsh/site-functions/_bluetoothctl %{_mandir}/man1/btattach.1.gz %{_mandir}/man1/ciptool.1.gz %{_mandir}/man1/hcitool.1.gz @@ -241,6 +248,7 @@ make check %{_unitdir}/btattach-bcm@.service %{_udevrulesdir}/69-btattach-bcm.rules + %files libs %{!?_licensedir:%global license %%doc} %license COPYING @@ -266,6 +274,21 @@ make check %{_userunitdir}/obex.service %changelog +* Tue Jun 9 2020 Gopal Tiwari - 5.52-1 ++ bluez-5.52-1 +- Fixing (#1830397) + +* Fri Apr 24 2020 Gopal Tiwari - 5.50-4 ++ bluez-5.50-4 +- Fixing CVE-2020-0556 + +* Mon Jan 13 2020 Gopal Tiwari - 5.50-3 ++ bluez-5.50-3 +- Bump the version + +* Mon Jan 13 2020 Gopal Tiwari - 5.50-2 ++ bluez-5.50-2 +- Fixing CVE-2018-10910 (#1606373) * Fri Sep 7 2018 Gopal Tiwari - 5.50-1 + bluez-5.50-1