From c007ea11a45936daaeaa17b4ea94755cdee27058 Mon Sep 17 00:00:00 2001 From: Bastien Nocera Date: Dec 10 2013 00:18:04 +0000 Subject: Add missing patches --- diff --git a/0001-obex-Use-GLib-helper-function-to-manipulate-paths.patch b/0001-obex-Use-GLib-helper-function-to-manipulate-paths.patch new file mode 100644 index 0000000..004a389 --- /dev/null +++ b/0001-obex-Use-GLib-helper-function-to-manipulate-paths.patch @@ -0,0 +1,38 @@ +From f7861d27fbcbc519f57d8496aa9486f487908821 Mon Sep 17 00:00:00 2001 +From: Bastien Nocera +Date: Sat, 9 Nov 2013 18:13:43 +0100 +Subject: [PATCH 1/5] obex: Use GLib helper function to manipulate paths + +Instead of trying to do it by hand. This also makes sure that +relative paths aren't used by the agent. +--- + obexd/src/manager.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/obexd/src/manager.c b/obexd/src/manager.c +index cec8a39..f18896e 100644 +--- a/obexd/src/manager.c ++++ b/obexd/src/manager.c +@@ -651,14 +651,14 @@ static void agent_reply(DBusPendingCall *call, void *user_data) + DBUS_TYPE_STRING, &name, + DBUS_TYPE_INVALID)) { + /* Splits folder and name */ +- const char *slash = strrchr(name, '/'); ++ gboolean is_relative = !g_path_is_absolute(name); + DBG("Agent replied with %s", name); +- if (!slash) { +- agent->new_name = g_strdup(name); ++ if (is_relative) { ++ agent->new_name = g_path_get_basename(name); + agent->new_folder = NULL; + } else { +- agent->new_name = g_strdup(slash + 1); +- agent->new_folder = g_strndup(name, slash - name); ++ agent->new_name = g_path_get_basename(name); ++ agent->new_folder = g_path_get_dirname(name); + } + } + +-- +1.8.4.2 + diff --git a/0002-autopair-Don-t-handle-the-iCade.patch b/0002-autopair-Don-t-handle-the-iCade.patch new file mode 100644 index 0000000..68751ae --- /dev/null +++ b/0002-autopair-Don-t-handle-the-iCade.patch @@ -0,0 +1,47 @@ +From c16ae7041c7511d8d1ed8441f696716fa6a9117e Mon Sep 17 00:00:00 2001 +From: Bastien Nocera +Date: Tue, 19 Nov 2013 14:11:39 +0100 +Subject: [PATCH 2/5] autopair: Don't handle the iCade + +We can't easily enter digits other than 1 through 4 (inclusive) +so leave it up to the agent to figure out a good passcode +for the iCade. + +Note that we can not use the VID/PID of the device, as it is not +yet known at that point. +--- + plugins/autopair.c | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +diff --git a/plugins/autopair.c b/plugins/autopair.c +index 8c98c12..5d2f6f7 100644 +--- a/plugins/autopair.c ++++ b/plugins/autopair.c +@@ -57,13 +57,23 @@ static ssize_t autopair_pincb(struct btd_adapter *adapter, + { + char addr[18]; + char pinstr[7]; ++ char name[25]; + uint32_t class; + + ba2str(device_get_address(device), addr); + + class = btd_device_get_class(device); + +- DBG("device %s 0x%x", addr, class); ++ device_get_name(device, name, sizeof(name)); ++ name[sizeof(name) - 1] = 0; ++ ++ DBG("device %s (%s) 0x%x", addr, name, class); ++ ++ g_message ("vendor 0x%X product: 0x%X", btd_device_get_vendor (device), btd_device_get_product (device)); ++ ++ /* The iCade shouldn't use random PINs like normal keyboards */ ++ if (name != NULL && strstr(name, "iCade") != NULL) ++ return 0; + + /* This is a class-based pincode guesser. Ignore devices with an + * unknown class. +-- +1.8.4.2 + diff --git a/0003-input-Fix-crash-when-SDP-record-isn-t-available.patch b/0003-input-Fix-crash-when-SDP-record-isn-t-available.patch new file mode 100644 index 0000000..070a1e4 --- /dev/null +++ b/0003-input-Fix-crash-when-SDP-record-isn-t-available.patch @@ -0,0 +1,29 @@ +From e7e82c7619b56fc1153481417c0a83b25d46030d Mon Sep 17 00:00:00 2001 +From: Bastien Nocera +Date: Sat, 7 Dec 2013 15:51:47 +0100 +Subject: [PATCH 3/5] input: Fix crash when SDP record isn't available + +On startup, if the SDP cache has been removed but the pairing +information is still present, we'd crash trying to access inside a +NULL record struct. +--- + profiles/input/device.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/profiles/input/device.c b/profiles/input/device.c +index 521aca8..62f6dbb 100644 +--- a/profiles/input/device.c ++++ b/profiles/input/device.c +@@ -811,6 +811,9 @@ static struct input_device *input_device_new(struct btd_service *service) + struct input_device *idev; + char name[HCI_MAX_NAME_LENGTH + 1]; + ++ if (!rec) ++ return NULL; ++ + idev = g_new0(struct input_device, 1); + bacpy(&idev->src, btd_adapter_get_address(adapter)); + bacpy(&idev->dst, device_get_address(device)); +-- +1.8.4.2 + diff --git a/0004-agent-Assert-possible-infinite-loop.patch b/0004-agent-Assert-possible-infinite-loop.patch new file mode 100644 index 0000000..2746e0c --- /dev/null +++ b/0004-agent-Assert-possible-infinite-loop.patch @@ -0,0 +1,25 @@ +From 67e5477687a2753d3f7b300bcfdc74464d8ad41f Mon Sep 17 00:00:00 2001 +From: Bastien Nocera +Date: Mon, 9 Dec 2013 18:04:56 +0100 +Subject: [PATCH 4/5] agent: Assert possible infinite loop + +--- + src/agent.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/agent.c b/src/agent.c +index bcba969..b292881 100644 +--- a/src/agent.c ++++ b/src/agent.c +@@ -203,6 +203,8 @@ void agent_unref(struct agent *agent) + if (agent->ref > 0) + return; + ++ g_assert (agent->ref == 0); ++ + if (agent->request) { + DBusError err; + agent_pincode_cb pincode_cb; +-- +1.8.4.2 + diff --git a/0005-core-Fix-crash-due-to-agent-callback-freeing-the-age.patch b/0005-core-Fix-crash-due-to-agent-callback-freeing-the-age.patch new file mode 100644 index 0000000..4c86cce --- /dev/null +++ b/0005-core-Fix-crash-due-to-agent-callback-freeing-the-age.patch @@ -0,0 +1,56 @@ +From 28419bdc2fd093bcbc68b629b9c7b8c295260c57 Mon Sep 17 00:00:00 2001 +From: Szymon Janc +Date: Mon, 9 Dec 2013 20:20:55 +0100 +Subject: [PATCH 5/5] core: Fix crash due to agent callback freeing the agent + +Similar fix was provided for simple_agent_reply in a2f5d438 but missed +pincode_reply case. + +Fix following: + +src/agent.c:agent_disconnect() Agent :1.48 disconnected +src/agent.c:set_default_agent() Default agent cleared +src/agent.c:agent_destroy() agent :1.48 +src/agent.c:agent_unref() 0x4701c68: ref=1 +Agent /org/bluez/agent replied with an error: + org.freedesktop.DBus.Error.NoReply, Message did not receive a reply + (timeout by message bus) +src/adapter.c:btd_adapter_pincode_reply() hci0 addr 6C:0E:0D:DB:D1:16 + pinlen 0 +src/agent.c:agent_unref() 0x4701c68: ref=0 +src/adapter.c:btd_adapter_pincode_reply() hci0 addr 6C:0E:0D:DB:D1:16 + pinlen 0 +src/agent.c:agent_unref() 0x4701c68: ref=-1 +src/adapter.c:btd_adapter_pincode_reply() hci0 addr 6C:0E:0D:DB:D1:16 + pinlen 0 +src/agent.c:agent_unref() 0x4701c68: ref=-2 +... +--- + src/agent.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/agent.c b/src/agent.c +index b292881..2ec3183 100644 +--- a/src/agent.c ++++ b/src/agent.c +@@ -428,6 +428,9 @@ static void pincode_reply(DBusPendingCall *call, void *user_data) + * is only called after a reply has been received */ + message = dbus_pending_call_steal_reply(call); + ++ /* Protect from the callback freeing the agent */ ++ agent_ref(agent); ++ + dbus_error_init(&err); + if (dbus_set_error_from_message(&err, message)) { + error("Agent %s replied with an error: %s, %s", +@@ -467,6 +470,7 @@ done: + dbus_pending_call_cancel(req->call); + agent->request = NULL; + agent_request_free(req, TRUE); ++ agent_unref(agent); + } + + static int pincode_request_new(struct agent_request *req, const char *device_path, +-- +1.8.4.2 +