packages/bluez
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!3 fix CVE-2018-10910

Browse Source 
Merge pull request !3 from Vchanger/master
This commit is contained in:
openeuler-ci-bot 2020-03-18 16:59:38 +08:00 committed by Gitee
commit ff070e8637
3 changed files with 205 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
bluez.spec
View File

@ -1,7 +1,7 @@
Name: bluez Name: bluez
Summary: Bluetooth utilities Summary: Bluetooth utilities
Version: 5.50 Version: 5.50
Release: 6 Release: 7
License: GPLv2+ License: GPLv2+
URL: http://www.bluez.org/ URL: http://www.bluez.org/
Source0: http://www.kernel.org/pub/linux/bluetooth/bluez-%{version}.tar.xz Source0: http://www.kernel.org/pub/linux/bluetooth/bluez-%{version}.tar.xz
@ -18,6 +18,9 @@ Patch0005: 0002-systemd-Add-PrivateTmp-and-NoNewPrivileges-options.patch
Patch0006: 0003-systemd-Add-more-filesystem-lockdown.patch Patch0006: 0003-systemd-Add-more-filesystem-lockdown.patch
Patch0007: 0004-systemd-More-lockdown.patch Patch0007: 0004-systemd-More-lockdown.patch
Patch0008: 0001-policy-Add-logic-to-connect-a-Sink.patch Patch0008: 0001-policy-Add-logic-to-connect-a-Sink.patch
Patch0009: fix-CVE-2018-10910-1.patch
Patch0010: fix-CVE-2018-10910-2.patch
BuildRequires: dbus-devel >= 1.6 BuildRequires: dbus-devel >= 1.6
BuildRequires: git-core glib2-devel libical-devel readline-devel libell-devel BuildRequires: git-core glib2-devel libical-devel readline-devel libell-devel
BuildRequires: json-c-devel systemd-devel cups-devel libtool automake autoconf BuildRequires: json-c-devel systemd-devel cups-devel libtool automake autoconf
@ -162,6 +165,12 @@ make check
%_cups_serverbin/backend/bluetooth %_cups_serverbin/backend/bluetooth
%changelog %changelog
* Wed Mar 18 2020 chenzhen <chenzhen44@huawei.com> - 5.50-7
- Type:cves
- ID:CVE-2018-10910
- SUG:NA
- DESC:fix CVE-2018-10910
* Mon Feb 17 2020 hexiujun <hexiujun1@huawei.com> - 5.50-6 * Mon Feb 17 2020 hexiujun <hexiujun1@huawei.com> - 5.50-6
- Type:enhancement - Type:enhancement
- ID:NA - ID:NA

136
fix-CVE-2018-10910-1.patch Normal file
View File

@ -0,0 +1,136 @@
From linux-bluetooth Fri Jul 27 13:02:17 2018
From: Luiz Augusto von Dentz <luiz.dentz () gmail ! com>
Date: Fri, 27 Jul 2018 13:02:17 +0000
To: linux-bluetooth
Subject: [PATCH BlueZ 1/2] core: Add AlwaysPairable to main.conf
Message-Id: <20180727130218.16975-1-luiz.dentz () gmail ! com>
X-MARC-Message: https://marc.info/?l=linux-bluetooth&m=153269654418730
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
This adds a new option called AlwaysPairable to main.conf, it can be
used to enable Adapter.Pairable even in case there is no Agent
available.
Since that could be consider a security problem to allow pairing
without user's consent the option defaults to false.
---
src/adapter.c | 16 +++++++++++++++-
src/agent.h | 7 +++++++
src/hcid.h | 1 +
src/main.c | 11 +++++++++++
src/main.conf | 5 +++++
5 files changed, 39 insertions(+), 1 deletion(-)
diff --git a/src/adapter.c b/src/adapter.c
index af340fd..720621f 100644
--- a/src/adapter.c
+++ b/src/adapter.c
@@ -7754,6 +7754,19 @@ int adapter_set_io_capability(struct btd_adapter *adapter, uint8_t io_cap)
{
struct mgmt_cp_set_io_capability cp;
+ if (!main_opts.pairable) {
+ if (io_cap == IO_CAPABILITY_INVALID) {
+ if (adapter->current_settings & MGMT_SETTING_BONDABLE)
+ set_mode(adapter, MGMT_OP_SET_BONDABLE, 0x00);
+
+ return 0;
+ }
+
+ if (!(adapter->current_settings & MGMT_SETTING_BONDABLE))
+ set_mode(adapter, MGMT_OP_SET_BONDABLE, 0x01);
+ } else if (io_cap == IO_CAPABILITY_INVALID)
+ io_cap = IO_CAPABILITY_NOINPUTNOOUTPUT;
+
memset(&cp, 0, sizeof(cp));
cp.io_capability = io_cap;
@@ -8682,7 +8695,8 @@ static void read_info_complete(uint8_t status, uint16_t length,
set_name(adapter, btd_adapter_get_name(adapter));
- if (!(adapter->current_settings & MGMT_SETTING_BONDABLE))
+ if (main_opts.pairable &&
+ !(adapter->current_settings & MGMT_SETTING_BONDABLE))
set_mode(adapter, MGMT_OP_SET_BONDABLE, 0x01);
if (!kernel_conn_control)
diff --git a/src/agent.h b/src/agent.h
index 1e46920..088c258 100644
--- a/src/agent.h
+++ b/src/agent.h
@@ -22,6 +22,13 @@
*
*/
+#define IO_CAPABILITY_DISPLAYONLY 0x00
+#define IO_CAPABILITY_DISPLAYYESNO 0x01
+#define IO_CAPABILITY_KEYBOARDONLY 0x02
+#define IO_CAPABILITY_NOINPUTNOOUTPUT 0x03
+#define IO_CAPABILITY_KEYBOARDDISPLAY 0x04
+#define IO_CAPABILITY_INVALID 0xFF
+
struct agent;
typedef void (*agent_cb) (struct agent *agent, DBusError *err,
diff --git a/src/hcid.h b/src/hcid.h
index 2c2b89d..ba25057 100644
--- a/src/hcid.h
+++ b/src/hcid.h
@@ -38,6 +38,7 @@ typedef enum {
struct main_opts {
char *name;
uint32_t class;
+ gboolean pairable;
uint32_t pairto;
uint32_t discovto;
uint8_t privacy;
diff --git a/src/main.c b/src/main.c
index 7e6af42..e32df14 100644
--- a/src/main.c
+++ b/src/main.c
@@ -81,6 +81,7 @@ static const char *supported_options[] = {
"Name",
"Class",
"DiscoverableTimeout",
+ "AlwaysPairable",
"PairableTimeout",
"DeviceID",
"ReverseServiceDiscovery",
@@ -287,6 +288,16 @@ static void parse_config(GKeyFile *config)
main_opts.discovto = val;
}
+ boolean = g_key_file_get_boolean(config, "General",
+ "AlwaysPairable", &err);
+ if (err) {
+ DBG("%s", err->message);
+ g_clear_error(&err);
+ } else {
+ DBG("pairable=%s", boolean ? "true" : "false");
+ main_opts.pairable = boolean;
+ }
+
val = g_key_file_get_integer(config, "General",
"PairableTimeout", &err);
if (err) {
diff --git a/src/main.conf b/src/main.conf
index cbae32e..0d480d1 100644
--- a/src/main.conf
+++ b/src/main.conf
@@ -13,6 +13,11 @@
# 0 = disable timer, i.e. stay discoverable forever
#DiscoverableTimeout = 0
+# Always allow pairing even if there are no agent registered
+# Possible values: true, false
+# Default: false
+#AlwaysPairable = false
+
# How long to stay in pairable mode before going back to non-discoverable
# The value is in seconds. Default is 0.
# 0 = disable timer, i.e. stay pairable forever
--
1.8.3.1

59
fix-CVE-2018-10910-2.patch Normal file
View File

@ -0,0 +1,59 @@
From linux-bluetooth Fri Jul 27 13:02:18 2018
From: Luiz Augusto von Dentz <luiz.dentz () gmail ! com>
Date: Fri, 27 Jul 2018 13:02:18 +0000
To: linux-bluetooth
Subject: [PATCH BlueZ 2/2] agent: Make the first agent to register the default
Message-Id: <20180727130218.16975-2-luiz.dentz () gmail ! com>
X-MARC-Message: https://marc.info/?l=linux-bluetooth&m=153269654618731
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
This simplifies the handling of default agent and enforce the IO
capabilities to be set whenever there is an agent available in the
system.
---
src/agent.c | 14 ++++++--------
1 file changed, 6 insertions(+), 8 deletions(-)
diff --git a/src/agent.c b/src/agent.c
index ff44d57..183e2f1 100644
--- a/src/agent.c
+++ b/src/agent.c
@@ -50,13 +50,6 @@
#include "agent.h"
#include "shared/queue.h"
-#define IO_CAPABILITY_DISPLAYONLY 0x00
-#define IO_CAPABILITY_DISPLAYYESNO 0x01
-#define IO_CAPABILITY_KEYBOARDONLY 0x02
-#define IO_CAPABILITY_NOINPUTNOOUTPUT 0x03
-#define IO_CAPABILITY_KEYBOARDDISPLAY 0x04
-#define IO_CAPABILITY_INVALID 0xFF
-
#define REQUEST_TIMEOUT (60 * 1000) /* 60 seconds */
#define AGENT_INTERFACE "org.bluez.Agent1"
@@ -150,7 +143,7 @@ static void set_io_cap(struct btd_adapter *adapter, gpointer user_data)
if (agent)
io_cap = agent->capability;
else
- io_cap = IO_CAPABILITY_NOINPUTNOOUTPUT;
+ io_cap = IO_CAPABILITY_INVALID;
adapter_set_io_capability(adapter, io_cap);
}
@@ -294,6 +287,11 @@ static struct agent *agent_create( const char *name, const char *path,
name, agent_disconnect,
agent, NULL);
+ if (queue_isempty(default_agents))
+ add_default_agent(agent);
+ else
+ queue_push_tail(default_agents, agent);
+
return agent_ref(agent);
}
--
1.8.3.1