Tue Dec 19 21:24:05 UTC 202320231219212405

a/sysvinit-scripts-15.1-noarch-9.txz: Rebuilt. rc.cpufreq: also default to "performance" for amd-pstate-epp. Thanks to pghvlaans. l/LibRaw-0.21.2-x86_64-1.txz: Upgraded. l/gtk+3-3.24.39-x86_64-1.txz: Upgraded. l/libssh-0.10.6-x86_64-1.txz: Upgraded. This update fixes security issues: Command injection using proxycommand. Potential downgrade attack using strict kex. Missing checks for return values of MD functions. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-6004 https://www.cve.org/CVERecord?id=CVE-2023-48795 https://www.cve.org/CVERecord?id=CVE-2023-6918 (* Security fix *) l/mozilla-nss-3.96.1-x86_64-1.txz: Upgraded. n/bluez-5.71-x86_64-2.txz: Rebuilt. Fix a regression in bluez-5.71: [PATCH] adapter: Fix link key address type for old kernels. Thanks to marav. xap/mozilla-firefox-115.6.0esr-x86_64-1.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/115.6.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2023-54/ https://www.cve.org/CVERecord?id=CVE-2023-6856 https://www.cve.org/CVERecord?id=CVE-2023-6865 https://www.cve.org/CVERecord?id=CVE-2023-6857 https://www.cve.org/CVERecord?id=CVE-2023-6858 https://www.cve.org/CVERecord?id=CVE-2023-6859 https://www.cve.org/CVERecord?id=CVE-2023-6860 https://www.cve.org/CVERecord?id=CVE-2023-6867 https://www.cve.org/CVERecord?id=CVE-2023-6861 https://www.cve.org/CVERecord?id=CVE-2023-6862 https://www.cve.org/CVERecord?id=CVE-2023-6863 https://www.cve.org/CVERecord?id=CVE-2023-6864 (* Security fix *) xap/mozilla-thunderbird-115.6.0-x86_64-1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.thunderbird.net/en-US/thunderbird/115.6.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/ https://www.cve.org/CVERecord?id=CVE-2023-50762 https://www.cve.org/CVERecord?id=CVE-2023-50761 https://www.cve.org/CVERecord?id=CVE-2023-6856 https://www.cve.org/CVERecord?id=CVE-2023-6857 https://www.cve.org/CVERecord?id=CVE-2023-6858 https://www.cve.org/CVERecord?id=CVE-2023-6859 https://www.cve.org/CVERecord?id=CVE-2023-6860 https://www.cve.org/CVERecord?id=CVE-2023-6861 https://www.cve.org/CVERecord?id=CVE-2023-6862 https://www.cve.org/CVERecord?id=CVE-2023-6863 https://www.cve.org/CVERecord?id=CVE-2023-6864 (* Security fix *)
author: Patrick J Volkerding <volkerdi@slackware.com> 2023-12-19 21:24:05 +0000
committer: Eric Hameleers <alien@slackware.com> 2023-12-19 23:05:28 +0100
commit: 90c1d5c2c0b15a877ad7b260895a7815bdd4d03c (patch)
tree: e83aca23a86ea9853c0f3621b7a8a363071ea235 /source/n
parent: 1e5164fb6d699f5f0feea33ff1ad0d0468ec6f62 (diff)
download: current-90c1d5c2c0b15a877ad7b260895a7815bdd4d03c.tar.gz
current-90c1d5c2c0b15a877ad7b260895a7815bdd4d03c.tar.xz
2 files changed, 39 insertions, 1 deletions
diff --git a/source/n/bluez/1528118a8f84b4b178729c1f9fc3f6d858c04f9f.patch b/source/n/bluez/1528118a8f84b4b178729c1f9fc3f6d858c04f9f.patch
new file mode 100644
index 000000000..c09a54daf
--- /dev/null
+++ b/source/n/bluez/1528118a8f84b4b178729c1f9fc3f6d858c04f9f.patch
@@ -0,0 +1,35 @@
+From 1528118a8f84b4b178729c1f9fc3f6d858c04f9f Mon Sep 17 00:00:00 2001
+From: Xiao Yao <xiaoyao@rock-chips.com>
+Date: Sun, 17 Dec 2023 21:50:12 +0800
+Subject: [PATCH] adapter: Fix link key address type for old kernels
+
+Fixes: https://github.com/bluez/bluez/issues/686
+
+Signed-off-by: Xiao Yao <xiaoyao@rock-chips.com>
+---
+ src/adapter.c | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/src/adapter.c b/src/adapter.c
+index ee70b00d2..b4628a411 100644
+--- a/src/adapter.c
++++ b/src/adapter.c
+@@ -4347,7 +4347,17 @@ static void load_link_keys(struct btd_adapter *adapter, GSList *keys,
+ 		struct link_key_info *info = l->data;
+ 
+ 		bacpy(&key->addr.bdaddr, &info->bdaddr);
+-		key->addr.type = info->bdaddr_type;
++
++		/*
++		 * According to the Bluetooth specification, the address
++		 * type of the link key is not fixed. However, the
++		 * load_link_keys function in the old kernel code requires
++		 * that the address type must be BREDR. Since the address
++		 * type is not actually used by the link key, to maintain
++		 * compatibility with older kernel versions, the addr.type
++		 * of the link key is set to BDADDR_BREDR.
++		 */
++		key->addr.type = BDADDR_BREDR;
+ 		key->type = info->type;
+ 		memcpy(key->val, info->key, 16);
+ 		key->pin_len = info->pin_len;
diff --git a/source/n/bluez/bluez.SlackBuild b/source/n/bluez/bluez.SlackBuild
index de035ce03..a58c6902d 100755
--- a/source/n/bluez/bluez.SlackBuild
+++ b/source/n/bluez/bluez.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
 
 PKGNAM=bluez
 VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
 
 NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
 
@@ -78,6 +78,9 @@ find . \
 
 zcat $CWD/bluez-5.51-obexd_without_systemd-1.patch.gz | patch -p1 --verbose || exit 1
 
+# Fix regression in 5.71:
+cat $CWD/1528118a8f84b4b178729c1f9fc3f6d858c04f9f.patch | patch -p1 --verbose || exit 1
+
 sed -i -e 's|-lreadline|\0 -lncursesw|g' Makefile.{in,tools}
 
 autoreconf -vif
author	Patrick J Volkerding <volkerdi@slackware.com>	2023-12-19 21:24:05 +0000
committer	Eric Hameleers <alien@slackware.com>	2023-12-19 23:05:28 +0100
commit	90c1d5c2c0b15a877ad7b260895a7815bdd4d03c (patch)
tree	e83aca23a86ea9853c0f3621b7a8a363071ea235 /source/n
parent	1e5164fb6d699f5f0feea33ff1ad0d0468ec6f62 (diff)
download	current-90c1d5c2c0b15a877ad7b260895a7815bdd4d03c.tar.gz current-90c1d5c2c0b15a877ad7b260895a7815bdd4d03c.tar.xz