From 90c1d5c2c0b15a877ad7b260895a7815bdd4d03c Mon Sep 17 00:00:00 2001
From: Patrick J Volkerding <volkerdi@slackware.com>
Date: Tue, 19 Dec 2023 21:24:05 +0000
Subject: Tue Dec 19 21:24:05 UTC 2023

a/sysvinit-scripts-15.1-noarch-9.txz:  Rebuilt.
  rc.cpufreq: also default to "performance" for amd-pstate-epp.
  Thanks to pghvlaans.
l/LibRaw-0.21.2-x86_64-1.txz:  Upgraded.
l/gtk+3-3.24.39-x86_64-1.txz:  Upgraded.
l/libssh-0.10.6-x86_64-1.txz:  Upgraded.
  This update fixes security issues:
  Command injection using proxycommand.
  Potential downgrade attack using strict kex.
  Missing checks for return values of MD functions.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-6004
    https://www.cve.org/CVERecord?id=CVE-2023-48795
    https://www.cve.org/CVERecord?id=CVE-2023-6918
  (* Security fix *)
l/mozilla-nss-3.96.1-x86_64-1.txz:  Upgraded.
n/bluez-5.71-x86_64-2.txz:  Rebuilt.
  Fix a regression in bluez-5.71:
  [PATCH] adapter: Fix link key address type for old kernels.
  Thanks to marav.
xap/mozilla-firefox-115.6.0esr-x86_64-1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/115.6.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2023-54/
    https://www.cve.org/CVERecord?id=CVE-2023-6856
    https://www.cve.org/CVERecord?id=CVE-2023-6865
    https://www.cve.org/CVERecord?id=CVE-2023-6857
    https://www.cve.org/CVERecord?id=CVE-2023-6858
    https://www.cve.org/CVERecord?id=CVE-2023-6859
    https://www.cve.org/CVERecord?id=CVE-2023-6860
    https://www.cve.org/CVERecord?id=CVE-2023-6867
    https://www.cve.org/CVERecord?id=CVE-2023-6861
    https://www.cve.org/CVERecord?id=CVE-2023-6862
    https://www.cve.org/CVERecord?id=CVE-2023-6863
    https://www.cve.org/CVERecord?id=CVE-2023-6864
  (* Security fix *)
xap/mozilla-thunderbird-115.6.0-x86_64-1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.thunderbird.net/en-US/thunderbird/115.6.0/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/
    https://www.cve.org/CVERecord?id=CVE-2023-50762
    https://www.cve.org/CVERecord?id=CVE-2023-50761
    https://www.cve.org/CVERecord?id=CVE-2023-6856
    https://www.cve.org/CVERecord?id=CVE-2023-6857
    https://www.cve.org/CVERecord?id=CVE-2023-6858
    https://www.cve.org/CVERecord?id=CVE-2023-6859
    https://www.cve.org/CVERecord?id=CVE-2023-6860
    https://www.cve.org/CVERecord?id=CVE-2023-6861
    https://www.cve.org/CVERecord?id=CVE-2023-6862
    https://www.cve.org/CVERecord?id=CVE-2023-6863
    https://www.cve.org/CVERecord?id=CVE-2023-6864
  (* Security fix *)
---
 .../1528118a8f84b4b178729c1f9fc3f6d858c04f9f.patch | 35 ++++++++++++++++++++++
 source/n/bluez/bluez.SlackBuild                    |  5 +++-
 2 files changed, 39 insertions(+), 1 deletion(-)
 create mode 100644 source/n/bluez/1528118a8f84b4b178729c1f9fc3f6d858c04f9f.patch

(limited to 'source/n')

diff --git a/source/n/bluez/1528118a8f84b4b178729c1f9fc3f6d858c04f9f.patch b/source/n/bluez/1528118a8f84b4b178729c1f9fc3f6d858c04f9f.patch
new file mode 100644
index 000000000..c09a54daf
--- /dev/null
+++ b/source/n/bluez/1528118a8f84b4b178729c1f9fc3f6d858c04f9f.patch
@@ -0,0 +1,35 @@
+From 1528118a8f84b4b178729c1f9fc3f6d858c04f9f Mon Sep 17 00:00:00 2001
+From: Xiao Yao <xiaoyao@rock-chips.com>
+Date: Sun, 17 Dec 2023 21:50:12 +0800
+Subject: [PATCH] adapter: Fix link key address type for old kernels
+
+Fixes: https://github.com/bluez/bluez/issues/686
+
+Signed-off-by: Xiao Yao <xiaoyao@rock-chips.com>
+---
+ src/adapter.c | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/src/adapter.c b/src/adapter.c
+index ee70b00d2..b4628a411 100644
+--- a/src/adapter.c
++++ b/src/adapter.c
+@@ -4347,7 +4347,17 @@ static void load_link_keys(struct btd_adapter *adapter, GSList *keys,
+ 		struct link_key_info *info = l->data;
+ 
+ 		bacpy(&key->addr.bdaddr, &info->bdaddr);
+-		key->addr.type = info->bdaddr_type;
++
++		/*
++		 * According to the Bluetooth specification, the address
++		 * type of the link key is not fixed. However, the
++		 * load_link_keys function in the old kernel code requires
++		 * that the address type must be BREDR. Since the address
++		 * type is not actually used by the link key, to maintain
++		 * compatibility with older kernel versions, the addr.type
++		 * of the link key is set to BDADDR_BREDR.
++		 */
++		key->addr.type = BDADDR_BREDR;
+ 		key->type = info->type;
+ 		memcpy(key->val, info->key, 16);
+ 		key->pin_len = info->pin_len;
diff --git a/source/n/bluez/bluez.SlackBuild b/source/n/bluez/bluez.SlackBuild
index de035ce03..a58c6902d 100755
--- a/source/n/bluez/bluez.SlackBuild
+++ b/source/n/bluez/bluez.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
 
 PKGNAM=bluez
 VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
 
 NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
 
@@ -78,6 +78,9 @@ find . \
 
 zcat $CWD/bluez-5.51-obexd_without_systemd-1.patch.gz | patch -p1 --verbose || exit 1
 
+# Fix regression in 5.71:
+cat $CWD/1528118a8f84b4b178729c1f9fc3f6d858c04f9f.patch | patch -p1 --verbose || exit 1
+
 sed -i -e 's|-lreadline|\0 -lncursesw|g' Makefile.{in,tools}
 
 autoreconf -vif
-- 
cgit v1.2.3