* [bluez/bluez] 4ed84c: mesh: Remove unused but set variable
@ 2026-05-12 20:54 fdanis-oss
0 siblings, 0 replies; only message in thread
From: fdanis-oss @ 2026-05-12 20:54 UTC (permalink / raw)
To: linux-bluetooth
Branch: refs/heads/master
Home: https://github.com/bluez/bluez
Commit: 4ed84c4132f42c6e61934ce7f6bc29433c3e000f
https://github.com/bluez/bluez/commit/4ed84c4132f42c6e61934ce7f6bc29433c3e000f
Author: Bastien Nocera <hadess@hadess.net>
Date: 2026-05-12 (Tue, 12 May 2026)
Changed paths:
M mesh/net.c
Log Message:
-----------
mesh: Remove unused but set variable
We played around with the bits, but didn't do anything with it.
mesh/net.c: In function ‘ack_received’:
mesh/net.c:1569:18: error: variable ‘ack_copy’ set but not used [-Werror=unused-but-set-variable=]
1569 | uint32_t ack_copy = ack_flag;
| ^~~~~~~~
Commit: a225faba50d1224b1191c84198fefa4f7053bb6c
https://github.com/bluez/bluez/commit/a225faba50d1224b1191c84198fefa4f7053bb6c
Author: Bastien Nocera <hadess@hadess.net>
Date: 2026-05-12 (Tue, 12 May 2026)
Changed paths:
M tools/mesh/mesh-db.c
Log Message:
-----------
mesh: Fix str{r,}chr usage
Fix the code manipulating "const char *" return values from
json_object_to_json_string_ext() to modify it for printing, we're
not allowed to do that.
tools/mesh/mesh-db.c: In function ‘mesh_db_finish_export’:
tools/mesh/mesh-db.c:2598:13: error: assignment discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers]
2598 | pos = strrchr(hdr, '}');
| ^
tools/mesh/mesh-db.c:2604:13: error: assignment discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers]
2604 | pos = strrchr(hdr, '"');
| ^
tools/mesh/mesh-db.c:2613:13: error: assignment discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers]
2613 | pos = strchr(str, '{');
| ^
Commit: 28c9f959bb3be8e311b34a6c08bd95045dabd7bf
https://github.com/bluez/bluez/commit/28c9f959bb3be8e311b34a6c08bd95045dabd7bf
Author: Bastien Nocera <hadess@hadess.net>
Date: 2026-05-12 (Tue, 12 May 2026)
Changed paths:
M mesh/util.c
Log Message:
-----------
mesh: Fix const qualifier dropping when using strchr()
strchr() with a const string returns a const string, we don't change
that string or "next", so make both const and get rid of the warning.
mesh/util.c: In function ‘create_dir’:
mesh/util.c:108:14: error: assignment discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers]
108 | prev = strchr(dir_name, '/');
| ^
Commit: 31625e481b081efb2d654d401eca2abf1274d0ed
https://github.com/bluez/bluez/commit/31625e481b081efb2d654d401eca2abf1274d0ed
Author: Pauli Virtanen <pav@iki.fi>
Date: 2026-05-12 (Tue, 12 May 2026)
Changed paths:
M src/adapter.c
Log Message:
-----------
adapter: add BCAA UUID also when seen device is not discoverable
BAP v1.0.2 Sec 6.4 specifies Broadcast discovery uses observation
procedure (Core Vol 3 Part C Sec 9.1.2) which makes no reference to
device discoverability state.
However, if remote device does:
1. Send Advertising Data for some other UUID with General Discoverable
2. Send Advertising Data for BCAA UUID with no flags
then adapter.c:btd_adapter_device_found() creates device in step 1. but
in step 2. it ignores the BCAA UUID since the device exists but is not
discoverable; the monitoring=true special case applies only for
first-seen devices. Consequently bap plugin fails to pick up the BCAA
stream.
This sequence was observed to be produced by BlueZ + btvirt.
Fix by monitoring also previously existing but currently non-connectable
devices with BCAA UUID.
Link: https://gitlab.freedesktop.org/pipewire/pipewire/-/merge_requests/2812#note_3467783
Log:
--------------------------
@ MGMT Event: Device Found (0x0012) plen 17
LE Address: 00:AA:01:00:00:42 (Intel Corporation)
RSSI: invalid (0x7f)
Flags: 0x00000000
Data length: 3
Data[3]:
02 01 06 ...
Flags: 0x06
LE General Discoverable Mode
BR/EDR Not Supported
...
@ MGMT Event: Device Found (0x0012) plen 39
LE Address: 00:AA:01:00:00:42 (Intel Corporation)
RSSI: invalid (0x7f)
Flags: 0x00000004
Not Connectable
Data length: 25
Data[25]:
06 16 52 18 56 db 55 03 03 4e 18 0d 16 4e 18 00 ..R.V.U..N...N..
ff 0f 0f 00 04 03 01 01 00 .........
Service Data: Broadcast Audio Announcement (0x1852)
Broadcast ID: 5626710 (0x55db56)
16-bit Service UUIDs (complete): 1 entry
Audio Stream Control (0x184e)
Service Data: Audio Stream Control (0x184e)
Data[10]:
00 ff 0f 0f 00 04 03 01 01 00
--------------------------
Commit: ee4a4775bc4f8348e2a860dc44bcdd7570279908
https://github.com/bluez/bluez/commit/ee4a4775bc4f8348e2a860dc44bcdd7570279908
Author: Frédéric Danis <frederic.danis@collabora.com>
Date: 2026-05-12 (Tue, 12 May 2026)
Changed paths:
M obexd/client/pbap.c
Log Message:
-----------
pbap: Fix not checking Database Identifier length
Database Identifier is supposed to be 16 bytes values.
A paired Bluetooth device acting as a PBAP server can overflow the
heap in obexd by up to 239 bytes into adjacent allocations by returning
a DATABASEID_TAG application parameter with an oversized length.
With both length and content fully attacker-controlled, this enables
standard glibc heap exploitation primitives (tcache/fastbin poisoning)
leading to remote code execution in the obexd process.
Compare: https://github.com/bluez/bluez/compare/6ba04fad369f...ee4a4775bc4f
To unsubscribe from these emails, change your notification settings at https://github.com/bluez/bluez/settings/notifications
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2026-05-12 20:54 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-12 20:54 [bluez/bluez] 4ed84c: mesh: Remove unused but set variable fdanis-oss
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox