diff --git a/.bluez.metadata b/.bluez.metadata
index 2dce898..b8a0111 100644
--- a/.bluez.metadata
+++ b/.bluez.metadata
@@ -1 +1 @@
-a59289c91ccb7fac248e916838d4e66d7936151e SOURCES/bluez-5.50.tar.xz
+75e907922a62588c12d5642293403be0625b4d02 SOURCES/bluez-5.52.tar.xz
diff --git a/.gitignore b/.gitignore
index 50d3db5..3348dc8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/bluez-5.50.tar.xz
+SOURCES/bluez-5.52.tar.xz
diff --git a/SOURCES/0001-HOGP-must-only-accept-data-from-bonded-devices.patch b/SOURCES/0001-HOGP-must-only-accept-data-from-bonded-devices.patch
new file mode 100644
index 0000000..a59b807
--- /dev/null
+++ b/SOURCES/0001-HOGP-must-only-accept-data-from-bonded-devices.patch
@@ -0,0 +1,37 @@
+From 89fb68570e72a854f10d50bec99112d294597483 Mon Sep 17 00:00:00 2001
+From: Gopal Tiwari <gtiwari@redhat.com>
+Date: Fri, 24 Apr 2020 16:06:37 +0530
+Subject: [PATCH BlueZ 1/2] HOGP must only accept data from bonded devices.
+
+commit 8cdbd3b09f29da29374e2f83369df24228da0ad1
+Author: Alain Michaud <alainm@chromium.org>
+Date: Tue Mar 10 02:35:16 2020 +0000
+
+ HOGP must only accept data from bonded devices.
+
+ HOGP 1.0 Section 6.1 establishes that the HOGP must require bonding.
+
+ Reference:
+ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.htm
+---
+ profiles/input/hog.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/profiles/input/hog.c b/profiles/input/hog.c
+index 23c9c1529..f8a82bc20 100644
+--- a/profiles/input/hog.c
++++ b/profiles/input/hog.c
+@@ -186,6 +186,10 @@ static int hog_accept(struct btd_service *service)
+ return -EINVAL;
+ }
+
++ /* HOGP 1.0 Section 6.1 requires bonding */
++ if (!device_is_bonded(device, btd_device_get_bdaddr_type(device)))
++ return -ECONNREFUSED;
++
+ /* TODO: Replace GAttrib with bt_gatt_client */
+ bt_hog_attach(dev->hog, attrib);
+
+--
+2.21.1
+
diff --git a/SOURCES/0001-build-Always-define-confdir-and-statedir.patch b/SOURCES/0001-build-Always-define-confdir-and-statedir.patch
index 6e0c8ca..affb28a 100644
--- a/SOURCES/0001-build-Always-define-confdir-and-statedir.patch
+++ b/SOURCES/0001-build-Always-define-confdir-and-statedir.patch
@@ -1,35 +1,41 @@
+From 5a62336f4da3a2d1a1ab38d03980d57844bce147 Mon Sep 17 00:00:00 2001
+From: Gopal Tiwari <gtiwari@redhat.com>
+Date: Mon, 8 Jun 2020 20:56:46 +0530
+Subject: [PATCH BlueZ 1/4] build: Always define confdir and statedir
+
From 69d2e7bebb79f500179298c6c51fafbc217df6c8 Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Wed, 20 Sep 2017 12:49:10 +0200
-Subject: [PATCH 1/4] build: Always define confdir and statedir
+
+build: Always define confdir and statedir
As we will need those paths to lock down on them.
---
- Makefile.am | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
+ Makefile.am | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/Makefile.am b/Makefile.am
-index 555f301ca..1c38d94e5 100644
+index 84c9712c9..6e77ed91e 100644
--- a/Makefile.am
+++ b/Makefile.am
-@@ -30,14 +30,14 @@ include_HEADERS =
- AM_CFLAGS = $(WARNING_CFLAGS) $(MISC_CFLAGS)
+@@ -31,14 +31,15 @@ pkginclude_HEADERS =
+ AM_CFLAGS = $(WARNING_CFLAGS) $(MISC_CFLAGS) $(UDEV_CFLAGS) $(ell_cflags)
AM_LDFLAGS = $(MISC_LDFLAGS)
+confdir = $(sysconfdir)/bluetooth
+statedir = $(localstatedir)/lib/bluetooth
+
if DATAFILES
- dbusdir = @DBUS_CONFDIR@/dbus-1/system.d
+ dbusdir = $(DBUS_CONFDIR)/dbus-1/system.d
dbus_DATA = src/bluetooth.conf
-confdir = $(sysconfdir)/bluetooth
conf_DATA =
--
+
-statedir = $(localstatedir)/lib/bluetooth
state_DATA =
endif
--
-2.14.1
+2.21.1
diff --git a/SOURCES/0001-build-Enable-BIND_NOW.patch b/SOURCES/0001-build-Enable-BIND_NOW.patch
deleted file mode 100644
index b7c7e57..0000000
--- a/SOURCES/0001-build-Enable-BIND_NOW.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From e45c8fdcb3d7cdb654f6819c02d1bbb5b40b6116 Mon Sep 17 00:00:00 2001
-From: Florian Weimer <fweimer@redhat.com>
-Date: Thu, 7 Nov 2013 09:23:35 +0100
-Subject: [PATCH 1/4] build: Enable BIND_NOW
-
-Partial RELRO means that the object is GNU_RELRO but not BIND_NOW. This
-reduces the effectiveness of RELRO. bluez triggers this because it
-enables PIE during the build, and rpmdiff takes this as an indicator
-that the best possible hardening is desired.
-
-https://bugzilla.redhat.com/show_bug.cgi?id=983161
----
- acinclude.m4 | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/acinclude.m4 b/acinclude.m4
-index bc39c6d73..efce2f3cb 100644
---- a/acinclude.m4
-+++ b/acinclude.m4
-@@ -50,7 +50,7 @@ AC_DEFUN([MISC_FLAGS], [
- if (test "${enableval}" = "yes" &&
- test "${ac_cv_prog_cc_pie}" = "yes"); then
- misc_cflags="$misc_cflags -fPIC"
-- misc_ldflags="$misc_ldflags -pie"
-+ misc_ldflags="$misc_ldflags -pie -Wl,-z,now"
- fi
- ])
- if (test "$enable_coverage" = "yes"); then
---
-2.14.1
-
diff --git a/SOURCES/0002-HID-accepts-bonded-device-connections-only.patch b/SOURCES/0002-HID-accepts-bonded-device-connections-only.patch
new file mode 100644
index 0000000..76b8a9b
--- /dev/null
+++ b/SOURCES/0002-HID-accepts-bonded-device-connections-only.patch
@@ -0,0 +1,144 @@
+From b84b23845ec9730b783f4e6efcee70c8b2f09f29 Mon Sep 17 00:00:00 2001
+From: Gopal Tiwari <gtiwari@redhat.com>
+Date: Fri, 24 Apr 2020 16:27:58 +0530
+Subject: [PATCH BlueZ 2/2] HID accepts bonded device connections only.
+
+commit 3cccdbab2324086588df4ccf5f892fb3ce1f1787
+Author: Alain Michaud <alainm@chromium.org>
+Date: Tue Mar 10 02:35:18 2020 +0000
+
+ HID accepts bonded device connections only.
+
+ This change adds a configuration for platforms to choose a more secure
+ posture for the HID profile. While some older mice are known to not
+ support pairing or encryption, some platform may choose a more secure
+ posture by requiring the device to be bonded and require the
+ connection to be encrypted when bonding is required.
+
+ Reference:
+ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html
+---
+ profiles/input/device.c | 23 ++++++++++++++++++++++-
+ profiles/input/device.h | 1 +
+ profiles/input/input.conf | 8 ++++++++
+ profiles/input/manager.c | 13 ++++++++++++-
+ 4 files changed, 43 insertions(+), 2 deletions(-)
+
+diff --git a/profiles/input/device.c b/profiles/input/device.c
+index 84614784d..3abd2f592 100644
+--- a/profiles/input/device.c
++++ b/profiles/input/device.c
+@@ -91,6 +91,7 @@ struct input_device {
+
+ static int idle_timeout = 0;
+ static bool uhid_enabled = false;
++static bool classic_bonded_only = false;
+
+ void input_set_idle_timeout(int timeout)
+ {
+@@ -102,6 +103,11 @@ void input_enable_userspace_hid(bool state)
+ uhid_enabled = state;
+ }
+
++void input_set_classic_bonded_only(bool state)
++{
++ classic_bonded_only = state;
++}
++
+ static void input_device_enter_reconnect_mode(struct input_device *idev);
+ static int connection_disconnect(struct input_device *idev, uint32_t flags);
+
+@@ -969,8 +975,18 @@ static int hidp_add_connection(struct input_device *idev)
+ if (device_name_known(idev->device))
+ device_get_name(idev->device, req->name, sizeof(req->name));
+
++ /* Make sure the device is bonded if required */
++ if (classic_bonded_only && !device_is_bonded(idev->device,
++ btd_device_get_bdaddr_type(idev->device))) {
++ error("Rejected connection from !bonded device %s", dst_addr);
++ goto cleanup;
++ }
++
+ /* Encryption is mandatory for keyboards */
+- if (req->subclass & 0x40) {
++ /* Some platforms may choose to require encryption for all devices */
++ /* Note that this only matters for pre 2.1 devices as otherwise the */
++ /* device is encrypted by default by the lower layers */
++ if (classic_bonded_only || req->subclass & 0x40) {
+ if (!bt_io_set(idev->intr_io, &gerr,
+ BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_MEDIUM,
+ BT_IO_OPT_INVALID)) {
+@@ -1202,6 +1218,11 @@ static void input_device_enter_reconnect_mode(struct input_device *idev)
+ DBG("path=%s reconnect_mode=%s", idev->path,
+ reconnect_mode_to_string(idev->reconnect_mode));
+
++ /* Make sure the device is bonded if required */
++ if (classic_bonded_only && !device_is_bonded(idev->device,
++ btd_device_get_bdaddr_type(idev->device)))
++ return;
++
+ /* Only attempt an auto-reconnect when the device is required to
+ * accept reconnections from the host.
+ */
+diff --git a/profiles/input/device.h b/profiles/input/device.h
+index 51a9aee18..3044db673 100644
+--- a/profiles/input/device.h
++++ b/profiles/input/device.h
+@@ -29,6 +29,7 @@ struct input_conn;
+
+ void input_set_idle_timeout(int timeout);
+ void input_enable_userspace_hid(bool state);
++void input_set_classic_bonded_only(bool state);
+
+ int input_device_register(struct btd_service *service);
+ void input_device_unregister(struct btd_service *service);
+diff --git a/profiles/input/input.conf b/profiles/input/input.conf
+index 3e1d65aae..166aff4a4 100644
+--- a/profiles/input/input.conf
++++ b/profiles/input/input.conf
+@@ -11,3 +11,11 @@
+ # Enable HID protocol handling in userspace input profile
+ # Defaults to false (HIDP handled in HIDP kernel module)
+ #UserspaceHID=true
++
++# Limit HID connections to bonded devices
++# The HID Profile does not specify that devices must be bonded, however some
++# platforms may want to make sure that input connections only come from bonded
++# device connections. Several older mice have been known for not supporting
++# pairing/encryption.
++# Defaults to false to maximize device compatibility.
++#ClassicBondedOnly=true
+diff --git a/profiles/input/manager.c b/profiles/input/manager.c
+index 1d31b0652..5cd27b839 100644
+--- a/profiles/input/manager.c
++++ b/profiles/input/manager.c
+@@ -96,7 +96,7 @@ static int input_init(void)
+ config = load_config_file(CONFIGDIR "/input.conf");
+ if (config) {
+ int idle_timeout;
+- gboolean uhid_enabled;
++ gboolean uhid_enabled, classic_bonded_only;
+
+ idle_timeout = g_key_file_get_integer(config, "General",
+ "IdleTimeout", &err);
+@@ -114,6 +114,17 @@ static int input_init(void)
+ input_enable_userspace_hid(uhid_enabled);
+ } else
+ g_clear_error(&err);
++
++ classic_bonded_only = g_key_file_get_boolean(config, "General",
++ "ClassicBondedOnly", &err);
++
++ if (!err) {
++ DBG("input.conf: ClassicBondedOnly=%s",
++ classic_bonded_only ? "true" : "false");
++ input_set_classic_bonded_only(classic_bonded_only);
++ } else
++ g_clear_error(&err);
++
+ }
+
+ btd_profile_register(&input_profile);
+--
+2.21.1
+
diff --git a/SOURCES/0002-systemd-Add-PrivateTmp-and-NoNewPrivileges-options.patch b/SOURCES/0002-systemd-Add-PrivateTmp-and-NoNewPrivileges-options.patch
index cd9f69e..dce19e1 100644
--- a/SOURCES/0002-systemd-Add-PrivateTmp-and-NoNewPrivileges-options.patch
+++ b/SOURCES/0002-systemd-Add-PrivateTmp-and-NoNewPrivileges-options.patch
@@ -1,7 +1,13 @@
+From 98826d0717fe831265256f996c9e90d15262bef1 Mon Sep 17 00:00:00 2001
+From: Gopal Tiwari <gtiwari@redhat.com>
+Date: Mon, 8 Jun 2020 19:54:24 +0530
+Subject: [PATCH BlueZ 2/4] systemd: Add PrivateTmp and NoNewPrivileges options
+
From 4570164f0c90603bd07eb9e7c07e17bbafb5b5da Mon Sep 17 00:00:00 2001
From: Craig Andrews <candrews@integralblue.com>
Date: Wed, 13 Sep 2017 15:23:09 +0200
-Subject: [PATCH 2/4] systemd: Add PrivateTmp and NoNewPrivileges options
+
+systemd: Add PrivateTmp and NoNewPrivileges options
PrivateTmp makes bluetoothd's /tmp and /var/tmp be inside a different
namespace. This is useful to secure access to temporary files of the
@@ -15,7 +21,7 @@ possible privilege escalations.
1 file changed, 6 insertions(+)
diff --git a/src/bluetooth.service.in b/src/bluetooth.service.in
-index f799f65f0..a6f3030f9 100644
+index f9faaa452..7c2f60bb4 100644
--- a/src/bluetooth.service.in
+++ b/src/bluetooth.service.in
@@ -12,8 +12,14 @@ NotifyAccess=main
@@ -34,5 +40,5 @@ index f799f65f0..a6f3030f9 100644
[Install]
WantedBy=bluetooth.target
--
-2.14.1
+2.21.1
diff --git a/SOURCES/0003-systemd-Add-more-filesystem-lockdown.patch b/SOURCES/0003-systemd-Add-more-filesystem-lockdown.patch
index 6d14e2e..139fb62 100644
--- a/SOURCES/0003-systemd-Add-more-filesystem-lockdown.patch
+++ b/SOURCES/0003-systemd-Add-more-filesystem-lockdown.patch
@@ -1,7 +1,13 @@
+From 1da4185a89fba1c14032ab87757e5fb798d76bc0 Mon Sep 17 00:00:00 2001
+From: Gopal Tiwari <gtiwari@redhat.com>
+Date: Mon, 8 Jun 2020 19:55:39 +0530
+Subject: [PATCH BlueZ 3/4] systemd: Add more filesystem lockdown
+
From 73a9c0902e7c97adf96e735407a75033152c04a9 Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Wed, 13 Sep 2017 15:37:11 +0200
-Subject: [PATCH 3/4] systemd: Add more filesystem lockdown
+
+systemd: Add more filesystem lockdown
We can only access the configuration file as read-only and read-write
to the Bluetooth cache directory and sub-directories.
@@ -11,20 +17,20 @@ to the Bluetooth cache directory and sub-directories.
2 files changed, 6 insertions(+)
diff --git a/Makefile.am b/Makefile.am
-index 1c38d94e5..13ccf9079 100644
+index cdd2fd8fb..0af1a8c45 100644
--- a/Makefile.am
+++ b/Makefile.am
-@@ -478,6 +478,8 @@ MAINTAINERCLEANFILES = Makefile.in \
+@@ -580,6 +580,8 @@ MAINTAINERCLEANFILES = Makefile.in \
SED_PROCESS = $(AM_V_GEN)$(MKDIR_P) $(dir $@) && \
- $(SED) -e 's,@libexecdir\@,$(libexecdir),g' \
+ $(SED) -e 's,@pkglibexecdir\@,$(pkglibexecdir),g' \
+ -e 's,@statedir\@,$(statedir),g' \
+ -e 's,@confdir\@,$(confdir),g' \
< $< > $@
%.service: %.service.in Makefile
diff --git a/src/bluetooth.service.in b/src/bluetooth.service.in
-index a6f3030f9..7e55b5043 100644
+index 7c2f60bb4..4daedef2a 100644
--- a/src/bluetooth.service.in
+++ b/src/bluetooth.service.in
@@ -17,6 +17,10 @@ LimitNPROC=1
@@ -39,5 +45,5 @@ index a6f3030f9..7e55b5043 100644
# Privilege escalation
NoNewPrivileges=true
--
-2.14.1
+2.21.1
diff --git a/SOURCES/0003-tools-csr_usb-Fix-compilation-failure.patch b/SOURCES/0003-tools-csr_usb-Fix-compilation-failure.patch
deleted file mode 100644
index 1113fe7..0000000
--- a/SOURCES/0003-tools-csr_usb-Fix-compilation-failure.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 07a12a6685ea57be18f39e349dbc42e4af3744ed Mon Sep 17 00:00:00 2001
-From: Bastien Nocera <hadess@hadess.net>
-Date: Tue, 5 Sep 2017 10:32:15 +0200
-Subject: [PATCH 3/4] tools/csr_usb: Fix compilation failure
-
-GCC's "format-nonliteral" security check is enabled as an error in
-recent versions of Fedora. Given the reduced scope of use, mark the
-error as ignorable through pragma.
-
-tools/csr_usb.c: In function 'read_value':
-tools/csr_usb.c:82:2: error: format not a string literal, argument types not checked [-Werror=format-nonliteral]
- n = fscanf(file, format, &value);
- ^
----
- tools/csr_usb.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/tools/csr_usb.c b/tools/csr_usb.c
-index a1d7324f7..33e9968a2 100644
---- a/tools/csr_usb.c
-+++ b/tools/csr_usb.c
-@@ -67,6 +67,8 @@ struct usbfs_bulktransfer {
- #define USBFS_IOCTL_CLAIMINTF _IOR('U', 15, unsigned int)
- #define USBFS_IOCTL_RELEASEINTF _IOR('U', 16, unsigned int)
-
-+#pragma GCC diagnostic push
-+#pragma GCC diagnostic ignored "-Wformat-nonliteral"
- static int read_value(const char *name, const char *attr, const char *format)
- {
- char path[PATH_MAX];
-@@ -88,6 +90,7 @@ static int read_value(const char *name, const char *attr, const char *format)
- fclose(file);
- return value;
- }
-+#pragma GCC diagnostic pop
-
- static char *check_device(const char *name)
- {
---
-2.14.1
-
diff --git a/SOURCES/0004-systemd-More-lockdown.patch b/SOURCES/0004-systemd-More-lockdown.patch
index 3ad3e14..ea1ac67 100644
--- a/SOURCES/0004-systemd-More-lockdown.patch
+++ b/SOURCES/0004-systemd-More-lockdown.patch
@@ -1,7 +1,13 @@
+From 9a7872f04cb748e8de743d9136ecd91539d13cb7 Mon Sep 17 00:00:00 2001
+From: Gopal Tiwari <gtiwari@redhat.com>
+Date: Mon, 8 Jun 2020 19:56:42 +0530
+Subject: [PATCH BlueZ 4/4] systemd: More lockdown
+
From 171d812218883281fed57b57fafd5c18eac441ac Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Wed, 13 Sep 2017 15:38:26 +0200
-Subject: [PATCH 4/4] systemd: More lockdown
+
+systemd: More lockdown
bluetoothd does not need to execute mapped memory, or real-time
access, so block those.
@@ -10,7 +16,7 @@ access, so block those.
1 file changed, 6 insertions(+)
diff --git a/src/bluetooth.service.in b/src/bluetooth.service.in
-index 7e55b5043..e8267b338 100644
+index 4daedef2a..f18801866 100644
--- a/src/bluetooth.service.in
+++ b/src/bluetooth.service.in
@@ -22,9 +22,15 @@ ProtectControlGroups=true
@@ -30,5 +36,5 @@ index 7e55b5043..e8267b338 100644
WantedBy=bluetooth.target
Alias=dbus-org.bluez.service
--
-2.14.1
+2.21.1
diff --git a/SPECS/bluez.spec b/SPECS/bluez.spec
index f39ccc2..8a11617 100644
--- a/SPECS/bluez.spec
+++ b/SPECS/bluez.spec
@@ -1,6 +1,6 @@
Name: bluez
Summary: Bluetooth utilities
-Version: 5.50
+Version: 5.52
Release: 1%{?dist}
License: GPLv2+
URL: http://www.bluez.org/
@@ -15,8 +15,8 @@ Source3: btattach-bcm@.service
Source4: btattach-bcm-service.sh
# https://github.com/hadess/bluez/commits/build-fixes-5.46
-Patch1: 0001-build-Enable-BIND_NOW.patch
-Patch2: 0003-tools-csr_usb-Fix-compilation-failure.patch
+#Patch1: 0001-build-Enable-BIND_NOW.patch
+#Patch2: 0003-tools-csr_usb-Fix-compilation-failure.patch
# https://github.com/hadess/bluez/commits/obex-5.46
Patch3: 0001-obex-Use-GLib-helper-function-to-manipulate-paths.patch
@@ -33,6 +33,12 @@ Patch23: 0004-systemd-More-lockdown.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1567622
Patch24: 0001-adapter-Don-t-refresh-adv_manager-for-non-LE-devices.patch
+#Patch25: 0001-core-Add-AlwaysPairable-to-main.conf.patch
+#Patch26: 0002-agent-Make-the-first-agent-to-register-the-default.patch
+
+Patch27: 0001-HOGP-must-only-accept-data-from-bonded-devices.patch
+Patch28: 0002-HID-accepts-bonded-device-connections-only.patch
+
BuildRequires: git-core
BuildRequires: dbus-devel >= 1.6
BuildRequires: glib2-devel
@@ -220,6 +226,7 @@ make check
%{_bindir}/mpris-proxy
%{_bindir}/gatttool
%{_bindir}/rctest
+%{_datadir}/zsh/site-functions/_bluetoothctl
%{_mandir}/man1/btattach.1.gz
%{_mandir}/man1/ciptool.1.gz
%{_mandir}/man1/hcitool.1.gz
@@ -241,6 +248,7 @@ make check
%{_unitdir}/btattach-bcm@.service
%{_udevrulesdir}/69-btattach-bcm.rules
+
%files libs
%{!?_licensedir:%global license %%doc}
%license COPYING
@@ -266,6 +274,21 @@ make check
%{_userunitdir}/obex.service
%changelog
+* Tue Jun 9 2020 Gopal Tiwari <gtiwari@redhat.com> - 5.52-1
++ bluez-5.52-1
+- Fixing (#1830397)
+
+* Fri Apr 24 2020 Gopal Tiwari <gtiwari@redhat.com> - 5.50-4
++ bluez-5.50-4
+- Fixing CVE-2020-0556
+
+* Mon Jan 13 2020 Gopal Tiwari <gtiwari@redhat.com> - 5.50-3
++ bluez-5.50-3
+- Bump the version
+
+* Mon Jan 13 2020 Gopal Tiwari <gtiwari@redhat.com> - 5.50-2
++ bluez-5.50-2
+- Fixing CVE-2018-10910 (#1606373)
* Fri Sep 7 2018 Gopal Tiwari <gtiwari@redhat.com> - 5.50-1
+ bluez-5.50-1