diff options
author | V3n3RiX <venerix@koprulu.sector> | 2023-12-09 23:17:55 +0000 |
---|---|---|
committer | V3n3RiX <venerix@koprulu.sector> | 2023-12-09 23:17:55 +0000 |
commit | 8fc08491f26431ec46b36d6ebef9551f3773b96f (patch) | |
tree | d1b5bd96d856b4ddb71d02628504d39fae5c168e /net-wireless/bluez | |
parent | fd1ea0a53f74daa4fd860ac35a20ba1817fd20fa (diff) |
gentoo auto-resync : 09:12:2023 - 23:17:54
Diffstat (limited to 'net-wireless/bluez')
-rw-r--r-- | net-wireless/bluez/Manifest | 2 | ||||
-rw-r--r-- | net-wireless/bluez/bluez-5.70-r1.ebuild | 288 | ||||
-rw-r--r-- | net-wireless/bluez/files/bluez-5.70-CVE-2023-45866.patch | 43 |
3 files changed, 333 insertions, 0 deletions
diff --git a/net-wireless/bluez/Manifest b/net-wireless/bluez/Manifest index a1ff766597e4..75040cc02a5c 100644 --- a/net-wireless/bluez/Manifest +++ b/net-wireless/bluez/Manifest @@ -9,11 +9,13 @@ AUX bluez-5.68-bap-resume.patch 6137 BLAKE2B a5eecd7b50048a8e63da3f98a4f83a96ae4 AUX bluez-5.68-clang-midi.patch 2980 BLAKE2B f2e8ce17c97ca151c5d551592d72db5f44ed9fdda31a6adb0cfd7f8e5e6c3ba2c8e80589a32d6ac95db4ad0ad4829c25a1f03e4957dc79d7a88160f512425d2e SHA512 8c205a9acee243fff8609157689d3f985abcc37c04870ae588a8933e17d0507791578136dc40cbd78fe7a4dd8596792e92eb7caa8e0aa33fb507575db706f421 AUX bluez-5.68-heap-use-after-free.patch 1515 BLAKE2B 73ee23986e652827672ab026582d8718d3f04a6faeb15d5802599910f5ee7c905813829486f5fdb2e6f190cfb6980b2eca5e9c008d9d427a6fc010943af5f318 SHA512 0f78c442faeae693489c25822dfe3065d6dbe2449d42b27c3f0f56b83caadbcf66942470bc00d28ec324cc49c400799a0e1d1d90f45e734b385ca54e4c9e6dc3 AUX bluez-5.68-monitor-decoding.patch 1333 BLAKE2B 138359842a39abe7ba7c9db674b043110f6549f2499d8e42ff3abbce9bdfe9402babedc6228a8ff413bab97c12e1c8e9251db7918bc2b741f9bf5824dcf73912 SHA512 c1cba4b278aa559b31c09c721dff28a6024af4877a520b729fbec61e1cefd2bb338fe9d2629fb64796ab2caab32a9dce53ec55eaa1754bb712050ce01abc813e +AUX bluez-5.70-CVE-2023-45866.patch 1497 BLAKE2B 89e1ed958ecaef7829122c0f89fb5301095711af7fe6e016709840f0190a74177f9c6feb031446c58a9a81a0cc6f48f586d0a1425ae6769526e097595b64997a SHA512 ed699d94da1e8c302e8099b64b9e69d311225bc6e75926d0102d80c124937db750237d6e7f8276c4cd903eb641a9b8aba0afac3038a34a35e3afde70f9e5d109 AUX bluez-udevadm-path-r1.patch 564 BLAKE2B 0b4dc12f55ab60d254aa3365baf35186a5913026dbfcbc3da41c113b3c423c81189b87016dabcb2c505b684cad376d10d10df9aa17558b8fd022928995931e0e SHA512 d9b0dd452258e425802cf5ad4980a77796be79e94bf6ce641927c5ab7ea1117ce6589063f3a0b96bf25e81303234279a09d58484fec49cfc6aa1db46f245f9c6 DIST bluez-5.68.tar.xz 2319788 BLAKE2B 3beca78fadef4d66df6f237b7460f6ac4bf001d80c856b599faa2cc1232c4342c7945eace5a6667009b9d19f2368f9841e608f07bc826b30ce9112c43dd7e316 SHA512 1805fb68923a5e098777b69835d7593396f8f2bbf52e1cfe58e7447621497a700b23389c79e96b2d663c611335f6ea9df11efe8aa75a8842f6b73105f66e799c DIST bluez-5.69.tar.xz 2335728 BLAKE2B 3b85c6418bf5f8fea989d9435d90f704da707248034006d12863465b9acee2b549f6d2950fdde64e74a1cbded4c711c54db747a82abdaa67ec965aab1c817d85 SHA512 4d5618cd083fe375c41faff868b5d9f072aeaccdffed758f6b69fd0cb46b058431cbf63182bd4a3f4f4e7a24b092729a4125687af730cd4250b273d66107bf42 DIST bluez-5.70.tar.xz 2339844 BLAKE2B 1ba2ddd3bfc6562a07f4e8376e0d537b555f0d36a221f051c4c10dd912c23e73aa2b0d8aa125e0fd911908e4cfa0036429e17250a26b3298bb21f65e4cc5255c SHA512 3a5f8caf7730dcdbbe0bb92154b41651a9d6619038447bf4c25e5e3e5316effcd7242a7a0456d731ce21d55b8daea5212a359acc5e5fc460499b9356b7d364cf EBUILD bluez-5.68.ebuild 9305 BLAKE2B ee42089549fad6bfb4f128e2a3a4e9c8f2711a4b60316c232172636fb9ca24dde9650f44c81b5f39c54d6fc9d4161e7cc5c52ca3de10058b46bc16f8a4c413f0 SHA512 a7a256acdfafbd8069ad18724e0bbd6e08415a1189998b4f40b4fde8252eaf3ddd0f90b38dd4eadb075462e7674a8429b7a51f0a2cbe2df3f49ae05c8b037f00 EBUILD bluez-5.69.ebuild 9034 BLAKE2B ae0b37b16e86d816bcdb79aa0c22b4b2c350e23f65a90ff6417f5c8401d527595afe664b0fdb215728cc3e3c942870dda933c836dde2effd92dfe3a8ad84cbc5 SHA512 22c9eb88d64dc92848a3363054ffbda8dac4d5fba772e002f04cead323cdc7f1084f8c3eb8b146c08875b4da220eab202b8dee380a965a35d9e68c4e2b067420 +EBUILD bluez-5.70-r1.ebuild 9127 BLAKE2B 4400e1308da28262fd5112543e2ce113c4efea2431c3fa9b9ffbd1be5bf184a464578e92d121160d20eeb8d011134c66cd32f6cfffc5498dd96603cfa42dabef SHA512 2f794d27a75441bd0317b8ed866fdfba79711365e2f6b7e357fa0fe354aab7c71de723772d74c4780103caec8a7413924504bd91bdb859357ad27d462168ee91 EBUILD bluez-5.70.ebuild 9034 BLAKE2B ae0b37b16e86d816bcdb79aa0c22b4b2c350e23f65a90ff6417f5c8401d527595afe664b0fdb215728cc3e3c942870dda933c836dde2effd92dfe3a8ad84cbc5 SHA512 22c9eb88d64dc92848a3363054ffbda8dac4d5fba772e002f04cead323cdc7f1084f8c3eb8b146c08875b4da220eab202b8dee380a965a35d9e68c4e2b067420 MISC metadata.xml 1150 BLAKE2B 830a8e0c89fcc18af92e063ceb3632c97eed9f7424ac5214dd4c853b142d03bba6d629b86fc41ecc28a450a9b7989a21faaae1b95654cb8f16ce2ceb3a97e025 SHA512 44e4489f48634d1b1ff300ccba0f7caa74b76ac7325d38d395ee53763906743f7b622b028a01d32e963952a23da560c16b8cd6771a9001ba90845b59293a6101 diff --git a/net-wireless/bluez/bluez-5.70-r1.ebuild b/net-wireless/bluez/bluez-5.70-r1.ebuild new file mode 100644 index 000000000000..756654822561 --- /dev/null +++ b/net-wireless/bluez/bluez-5.70-r1.ebuild @@ -0,0 +1,288 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 +PYTHON_COMPAT=( python3_{9..12} ) + +inherit autotools linux-info python-single-r1 systemd udev multilib-minimal #readme.gentoo-r1 + +DESCRIPTION="Bluetooth Tools and System Daemons for Linux" +HOMEPAGE="http://www.bluez.org https://github.com/bluez/bluez" +SRC_URI="https://www.kernel.org/pub/linux/bluetooth/${P}.tar.xz" + +LICENSE="GPL-2+ LGPL-2.1+" +SLOT="0/3" +KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~x86" +IUSE="btpclient cups doc debug deprecated extra-tools experimental +mesh midi +obex +readline selinux systemd test test-programs +udev" + +# Since this release all remaining extra-tools need readline support, but this could +# change in the future, hence, this REQUIRED_USE constraint could be dropped +# again in the future. +# btpclient needs mesh, bug #790587 +REQUIRED_USE=" + btpclient? ( mesh ) + extra-tools? ( deprecated readline ) + test? ( ${PYTHON_REQUIRED_USE} ) + test-programs? ( ${PYTHON_REQUIRED_USE} ) +" + +TEST_DEPS="${PYTHON_DEPS} + $(python_gen_cond_dep ' + >=dev-python/dbus-python-1[${PYTHON_USEDEP}] + dev-python/pygobject:3[${PYTHON_USEDEP}] + ') +" +BDEPEND=" + dev-python/docutils + virtual/pkgconfig + test? ( ${TEST_DEPS} ) +" +DEPEND=" + >=dev-libs/glib-2.28:2[${MULTILIB_USEDEP}] + btpclient? ( >=dev-libs/ell-0.39 ) + cups? ( net-print/cups:= ) + mesh? ( + >=dev-libs/ell-0.39 + >=dev-libs/json-c-0.13:= + sys-libs/readline:0= + ) + midi? ( media-libs/alsa-lib ) + obex? ( dev-libs/libical:= ) + readline? ( sys-libs/readline:0= ) + systemd? ( sys-apps/systemd ) + >=sys-apps/dbus-1.6:= + udev? ( >=virtual/udev-172 ) +" +RDEPEND="${DEPEND} + selinux? ( sec-policy/selinux-bluetooth ) + test-programs? ( ${TEST_DEPS} ) +" + +RESTRICT="!test? ( test )" + +PATCHES=( + # Try both udevadm paths to cover udev/systemd vs. eudev locations (#539844) + # http://www.spinics.net/lists/linux-bluetooth/msg58739.html + # https://bugs.gentoo.org/539844 + # https://github.com/bluez/bluez/issues/268 + "${FILESDIR}"/${PN}-udevadm-path-r1.patch + + # Fedora patches + # https://lore.kernel.org/linux-bluetooth/20220901110719.176944-1-hadess@hadess.net/T/#m9c08d004cd5422783ee1d93154f42303bba9169f + "${FILESDIR}"/${PN}-5.66-power-state-adapter-property.patch + + # Backport CVE-2023-45866 fix (bug #919383) + "${FILESDIR}"/${PN}-5.70-CVE-2023-45866.patch +) + +pkg_setup() { + # From http://www.linuxfromscratch.org/blfs/view/svn/general/bluez.html + # to prevent bugs like: + # https://bugzilla.kernel.org/show_bug.cgi?id=196621 + CONFIG_CHECK="~NET ~BT ~BT_RFCOMM ~BT_RFCOMM_TTY ~BT_BNEP ~BT_BNEP_MC_FILTER + ~BT_BNEP_PROTO_FILTER ~BT_HIDP ~CRYPTO_USER_API_HASH ~CRYPTO_USER_API_SKCIPHER + ~UHID ~RFKILL" + # https://bugzilla.kernel.org/show_bug.cgi?id=196621 + # https://bugzilla.kernel.org/show_bug.cgi?id=206815 + if use mesh || use test; then + CONFIG_CHECK="${CONFIG_CHECK} ~CRYPTO_USER + ~CRYPTO_USER_API ~CRYPTO_USER_API_AEAD ~CRYPTO_AES ~CRYPTO_CCM ~CRYPTO_AEAD ~CRYPTO_CMAC + ~CRYPTO_MD5 ~CRYPTO_SHA1 ~KEY_DH_OPERATIONS" + fi + linux-info_pkg_setup + + if use test || use test-programs; then + python-single-r1_pkg_setup + fi + + if ! use udev; then + ewarn + ewarn "You are installing ${PN} with USE=-udev. This means various bluetooth" + ewarn "devices and adapters from Apple, Dell, Logitech etc. will not work," + ewarn "and hid2hci will not be available." + ewarn + fi +} + +src_prepare() { + default + + # http://www.spinics.net/lists/linux-bluetooth/msg38490.html + if ! use systemd; then + eapply "${FILESDIR}"/0001-Allow-using-obexd-without-systemd-in-the-user-session-r2.patch + fi + + eautoreconf + + if use cups; then + # Only not .am to not need to run eautoreconf only because of this + sed -i \ + -e "s:cupsdir = \$(libdir)/cups:cupsdir = $(cups-config --serverbin):" \ + Makefile.{in,tools} || die + fi + + multilib_copy_sources +} + +multilib_src_configure() { + local myconf=( + # readline is automagic when client is enabled + # --enable-client always needs readline, bug #504038 + # --enable-mesh is handled in the same way + ac_cv_header_readline_readline_h=$(multilib_native_usex readline) + ac_cv_header_readline_readline_h=$(multilib_native_usex mesh) + ) + + if ! multilib_is_native_abi; then + myconf+=( + # deps not used for the library + {DBUS,GLIB}_{CFLAGS,LIBS}=' ' + ) + fi + + econf \ + --localstatedir=/var \ + --disable-android \ + --enable-datafiles \ + --enable-optimization \ + $(use_enable debug) \ + --enable-pie \ + --enable-threads \ + --enable-library \ + --enable-tools \ + --enable-manpages \ + --enable-monitor \ + --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" \ + --with-systemduserunitdir="$(systemd_get_userunitdir)" \ + $(multilib_native_use_enable btpclient) \ + $(multilib_native_use_enable btpclient external-ell) \ + $(multilib_native_use_enable cups) \ + $(multilib_native_use_enable deprecated) \ + $(multilib_native_use_enable experimental) \ + $(multilib_native_use_enable mesh) \ + $(multilib_native_use_enable mesh external-ell) \ + $(multilib_native_use_enable midi) \ + $(multilib_native_use_enable obex) \ + $(multilib_native_use_enable readline client) \ + $(multilib_native_use_enable systemd) \ + $(multilib_native_use_enable test-programs test) \ + $(multilib_native_use_enable udev) \ + $(multilib_native_use_enable udev hid2hci) \ + $(multilib_native_use_enable udev sixaxis) +} + +multilib_src_compile() { + if multilib_is_native_abi; then + default + else + emake -f Makefile -f - libs \ + <<<'libs: $(lib_LTLIBRARIES)' + fi +} + +multilib_src_test() { + multilib_is_native_abi && default +} + +multilib_src_install() { + if multilib_is_native_abi; then + emake DESTDIR="${D}" install + + # Only install extra-tools when relevant USE flag is enabled + if use extra-tools; then + ewarn "Upstream doesn't support using this tools and their bugs are" + ewarn "likely to be ignored forever, also they can break without" + ewarn "previous announcement." + ewarn "Upstream also states all this tools are not really needed," + ewarn "then, if you still need to rely on them, you must ask them" + ewarn "to either install that tool by default or add the needed" + ewarn "functionality to the existing 'official' tools." + ewarn "Please report this issues to:" + ewarn "http://www.bluez.org/development/lists/" + + # Upstream doesn't install this, bug #524640 + # http://permalink.gmane.org/gmane.linux.bluez.kernel/53115 + # http://comments.gmane.org/gmane.linux.bluez.kernel/54564 + dobin tools/btmgmt + # gatttool is only built with readline, bug #530776 + # https://bugzilla.redhat.com/show_bug.cgi?id=1141909 + # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720486 + # https://bugs.archlinux.org/task/37686 + dobin attrib/gatttool + # https://bugzilla.redhat.com/show_bug.cgi?id=1699680 + dobin tools/avinfo + fi + + # Not installed by default after being built, bug #666756 + use btpclient && dobin tools/btpclient + + # Unittests are not that useful once installed, so make them optional + if use test-programs; then + # Drop python2 only test tools + # https://bugzilla.kernel.org/show_bug.cgi?id=206819 + rm "${ED}"/usr/$(get_libdir)/bluez/test/simple-player || die + # https://bugzilla.kernel.org/show_bug.cgi?id=206821 + rm "${ED}"/usr/$(get_libdir)/bluez/test/test-hfp || die + # https://bugzilla.kernel.org/show_bug.cgi?id=206823 + rm "${ED}"/usr/$(get_libdir)/bluez/test/test-sap-server || die + + python_fix_shebang "${ED}"/usr/$(get_libdir)/bluez/test + + for i in $(find "${ED}"/usr/$(get_libdir)/bluez/test -maxdepth 1 -type f ! -name "*.*"); do + dosym "${i}" /usr/bin/bluez-"${i##*/}" + done + fi + else + emake DESTDIR="${D}" \ + install-pkgincludeHEADERS \ + install-libLTLIBRARIES \ + install-pkgconfigDATA + fi +} + +multilib_src_install_all() { + # We need to ensure obexd can be spawned automatically by systemd + # when user-session is enabled: + # http://marc.info/?l=linux-bluetooth&m=148096094716386&w=2 + # https://bugs.gentoo.org/show_bug.cgi?id=577842 + # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804908 + # https://bugs.archlinux.org/task/45816 + # https://bugzilla.redhat.com/show_bug.cgi?id=1318441 + # https://bugzilla.redhat.com/show_bug.cgi?id=1389347 + if use systemd; then + dosym obex.service /usr/lib/systemd/user/dbus-org.bluez.obex.service + fi + + find "${D}" -name '*.la' -type f -delete || die + + keepdir /var/lib/bluetooth + + # Upstream don't want people to play with them + # But we keep installing them due to 'historical' reasons + insinto /etc/bluetooth + local d + for d in input network; do + doins profiles/${d}/${d}.conf + done + # Setup auto enable as Fedora does for allowing to use + # keyboards/mouse as soon as possible + sed -i 's/#\[Policy\]$/\[Policy\]/; s/#AutoEnable=false/AutoEnable=true/' src/main.conf || die + doins src/main.conf + + newinitd "${FILESDIR}"/bluetooth-init.d-r5 bluetooth + newconfd "${FILESDIR}"/bluetooth-conf.d bluetooth + + einstalldocs + use doc && dodoc doc/*.txt +} + +pkg_postinst() { + use udev && udev_reload + systemd_reenable bluetooth.service + + has_version net-dialup/ppp || elog "To use dial up networking you must install net-dialup/ppp" +} + +pkg_postrm() { + use udev && udev_reload +} diff --git a/net-wireless/bluez/files/bluez-5.70-CVE-2023-45866.patch b/net-wireless/bluez/files/bluez-5.70-CVE-2023-45866.patch new file mode 100644 index 000000000000..6e5ac253585c --- /dev/null +++ b/net-wireless/bluez/files/bluez-5.70-CVE-2023-45866.patch @@ -0,0 +1,43 @@ +https://bugs.gentoo.org/919383 +https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=25a471a83e02e1effb15d5a488b3f0085eaeb675 + +From 25a471a83e02e1effb15d5a488b3f0085eaeb675 Mon Sep 17 00:00:00 2001 +From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> +Date: Tue, 10 Oct 2023 13:03:12 -0700 +Subject: input.conf: Change default of ClassicBondedOnly + +This changes the default of ClassicBondedOnly since defaulting to false +is not inline with HID specification which mandates the of Security Mode +4: + +BLUETOOTH SPECIFICATION Page 84 of 123 +Human Interface Device (HID) Profile: + + 5.4.3.4.2 Security Modes + Bluetooth HID Hosts shall use Security Mode 4 when interoperating with + Bluetooth HID devices that are compliant to the Bluetooth Core + Specification v2.1+EDR[6]. +--- a/profiles/input/device.c ++++ b/profiles/input/device.c +@@ -81,7 +81,7 @@ struct input_device { + + static int idle_timeout = 0; + static bool uhid_enabled = false; +-static bool classic_bonded_only = false; ++static bool classic_bonded_only = true; + + void input_set_idle_timeout(int timeout) + { +--- a/profiles/input/input.conf ++++ b/profiles/input/input.conf +@@ -17,7 +17,7 @@ + # platforms may want to make sure that input connections only come from bonded + # device connections. Several older mice have been known for not supporting + # pairing/encryption. +-# Defaults to false to maximize device compatibility. ++# Defaults to true for security. + #ClassicBondedOnly=true + + # LE upgrade security +-- +cgit 1.2.3-korg |