gentoo auto-resync : 09:12:2023 - 23:17:54

4 files changed, 333 insertions, 0 deletions

diff --git a/net-wireless/Manifest.gz b/net-wireless/Manifest.gz
index e604a26106c2..c0deeef2a74a 100644
--- a/net-wireless/Manifest.gz
+++ b/net-wireless/Manifest.gz
diff --git a/net-wireless/bluez/Manifest b/net-wireless/bluez/Manifest
index a1ff766597e4..75040cc02a5c 100644
--- a/net-wireless/bluez/Manifest
+++ b/net-wireless/bluez/Manifest
@@ -9,11 +9,13 @@ AUX bluez-5.68-bap-resume.patch 6137 BLAKE2B a5eecd7b50048a8e63da3f98a4f83a96ae4
 AUX bluez-5.68-clang-midi.patch 2980 BLAKE2B f2e8ce17c97ca151c5d551592d72db5f44ed9fdda31a6adb0cfd7f8e5e6c3ba2c8e80589a32d6ac95db4ad0ad4829c25a1f03e4957dc79d7a88160f512425d2e SHA512 8c205a9acee243fff8609157689d3f985abcc37c04870ae588a8933e17d0507791578136dc40cbd78fe7a4dd8596792e92eb7caa8e0aa33fb507575db706f421
 AUX bluez-5.68-heap-use-after-free.patch 1515 BLAKE2B 73ee23986e652827672ab026582d8718d3f04a6faeb15d5802599910f5ee7c905813829486f5fdb2e6f190cfb6980b2eca5e9c008d9d427a6fc010943af5f318 SHA512 0f78c442faeae693489c25822dfe3065d6dbe2449d42b27c3f0f56b83caadbcf66942470bc00d28ec324cc49c400799a0e1d1d90f45e734b385ca54e4c9e6dc3
 AUX bluez-5.68-monitor-decoding.patch 1333 BLAKE2B 138359842a39abe7ba7c9db674b043110f6549f2499d8e42ff3abbce9bdfe9402babedc6228a8ff413bab97c12e1c8e9251db7918bc2b741f9bf5824dcf73912 SHA512 c1cba4b278aa559b31c09c721dff28a6024af4877a520b729fbec61e1cefd2bb338fe9d2629fb64796ab2caab32a9dce53ec55eaa1754bb712050ce01abc813e
+AUX bluez-5.70-CVE-2023-45866.patch 1497 BLAKE2B 89e1ed958ecaef7829122c0f89fb5301095711af7fe6e016709840f0190a74177f9c6feb031446c58a9a81a0cc6f48f586d0a1425ae6769526e097595b64997a SHA512 ed699d94da1e8c302e8099b64b9e69d311225bc6e75926d0102d80c124937db750237d6e7f8276c4cd903eb641a9b8aba0afac3038a34a35e3afde70f9e5d109
 AUX bluez-udevadm-path-r1.patch 564 BLAKE2B 0b4dc12f55ab60d254aa3365baf35186a5913026dbfcbc3da41c113b3c423c81189b87016dabcb2c505b684cad376d10d10df9aa17558b8fd022928995931e0e SHA512 d9b0dd452258e425802cf5ad4980a77796be79e94bf6ce641927c5ab7ea1117ce6589063f3a0b96bf25e81303234279a09d58484fec49cfc6aa1db46f245f9c6
 DIST bluez-5.68.tar.xz 2319788 BLAKE2B 3beca78fadef4d66df6f237b7460f6ac4bf001d80c856b599faa2cc1232c4342c7945eace5a6667009b9d19f2368f9841e608f07bc826b30ce9112c43dd7e316 SHA512 1805fb68923a5e098777b69835d7593396f8f2bbf52e1cfe58e7447621497a700b23389c79e96b2d663c611335f6ea9df11efe8aa75a8842f6b73105f66e799c
 DIST bluez-5.69.tar.xz 2335728 BLAKE2B 3b85c6418bf5f8fea989d9435d90f704da707248034006d12863465b9acee2b549f6d2950fdde64e74a1cbded4c711c54db747a82abdaa67ec965aab1c817d85 SHA512 4d5618cd083fe375c41faff868b5d9f072aeaccdffed758f6b69fd0cb46b058431cbf63182bd4a3f4f4e7a24b092729a4125687af730cd4250b273d66107bf42
 DIST bluez-5.70.tar.xz 2339844 BLAKE2B 1ba2ddd3bfc6562a07f4e8376e0d537b555f0d36a221f051c4c10dd912c23e73aa2b0d8aa125e0fd911908e4cfa0036429e17250a26b3298bb21f65e4cc5255c SHA512 3a5f8caf7730dcdbbe0bb92154b41651a9d6619038447bf4c25e5e3e5316effcd7242a7a0456d731ce21d55b8daea5212a359acc5e5fc460499b9356b7d364cf
 EBUILD bluez-5.68.ebuild 9305 BLAKE2B ee42089549fad6bfb4f128e2a3a4e9c8f2711a4b60316c232172636fb9ca24dde9650f44c81b5f39c54d6fc9d4161e7cc5c52ca3de10058b46bc16f8a4c413f0 SHA512 a7a256acdfafbd8069ad18724e0bbd6e08415a1189998b4f40b4fde8252eaf3ddd0f90b38dd4eadb075462e7674a8429b7a51f0a2cbe2df3f49ae05c8b037f00
 EBUILD bluez-5.69.ebuild 9034 BLAKE2B ae0b37b16e86d816bcdb79aa0c22b4b2c350e23f65a90ff6417f5c8401d527595afe664b0fdb215728cc3e3c942870dda933c836dde2effd92dfe3a8ad84cbc5 SHA512 22c9eb88d64dc92848a3363054ffbda8dac4d5fba772e002f04cead323cdc7f1084f8c3eb8b146c08875b4da220eab202b8dee380a965a35d9e68c4e2b067420
+EBUILD bluez-5.70-r1.ebuild 9127 BLAKE2B 4400e1308da28262fd5112543e2ce113c4efea2431c3fa9b9ffbd1be5bf184a464578e92d121160d20eeb8d011134c66cd32f6cfffc5498dd96603cfa42dabef SHA512 2f794d27a75441bd0317b8ed866fdfba79711365e2f6b7e357fa0fe354aab7c71de723772d74c4780103caec8a7413924504bd91bdb859357ad27d462168ee91
 EBUILD bluez-5.70.ebuild 9034 BLAKE2B ae0b37b16e86d816bcdb79aa0c22b4b2c350e23f65a90ff6417f5c8401d527595afe664b0fdb215728cc3e3c942870dda933c836dde2effd92dfe3a8ad84cbc5 SHA512 22c9eb88d64dc92848a3363054ffbda8dac4d5fba772e002f04cead323cdc7f1084f8c3eb8b146c08875b4da220eab202b8dee380a965a35d9e68c4e2b067420
 MISC metadata.xml 1150 BLAKE2B 830a8e0c89fcc18af92e063ceb3632c97eed9f7424ac5214dd4c853b142d03bba6d629b86fc41ecc28a450a9b7989a21faaae1b95654cb8f16ce2ceb3a97e025 SHA512 44e4489f48634d1b1ff300ccba0f7caa74b76ac7325d38d395ee53763906743f7b622b028a01d32e963952a23da560c16b8cd6771a9001ba90845b59293a6101
diff --git a/net-wireless/bluez/bluez-5.70-r1.ebuild b/net-wireless/bluez/bluez-5.70-r1.ebuild
new file mode 100644
index 000000000000..756654822561
--- /dev/null
+++ b/net-wireless/bluez/bluez-5.70-r1.ebuild
@@ -0,0 +1,288 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+PYTHON_COMPAT=( python3_{9..12} )
+
+inherit autotools linux-info python-single-r1 systemd udev multilib-minimal #readme.gentoo-r1
+
+DESCRIPTION="Bluetooth Tools and System Daemons for Linux"
+HOMEPAGE="http://www.bluez.org https://github.com/bluez/bluez"
+SRC_URI="https://www.kernel.org/pub/linux/bluetooth/${P}.tar.xz"
+
+LICENSE="GPL-2+ LGPL-2.1+"
+SLOT="0/3"
+KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~x86"
+IUSE="btpclient cups doc debug deprecated extra-tools experimental +mesh midi +obex +readline selinux systemd test test-programs +udev"
+
+# Since this release all remaining extra-tools need readline support, but this could
+# change in the future, hence, this REQUIRED_USE constraint could be dropped
+# again in the future.
+# btpclient needs mesh, bug #790587
+REQUIRED_USE="
+	btpclient? ( mesh )
+	extra-tools? ( deprecated readline )
+	test? ( ${PYTHON_REQUIRED_USE} )
+	test-programs? ( ${PYTHON_REQUIRED_USE} )
+"
+
+TEST_DEPS="${PYTHON_DEPS}
+	$(python_gen_cond_dep '
+		>=dev-python/dbus-python-1[${PYTHON_USEDEP}]
+		dev-python/pygobject:3[${PYTHON_USEDEP}]
+	')
+"
+BDEPEND="
+	dev-python/docutils
+	virtual/pkgconfig
+	test? ( ${TEST_DEPS} )
+"
+DEPEND="
+	>=dev-libs/glib-2.28:2[${MULTILIB_USEDEP}]
+	btpclient? ( >=dev-libs/ell-0.39 )
+	cups? ( net-print/cups:= )
+	mesh? (
+		>=dev-libs/ell-0.39
+		>=dev-libs/json-c-0.13:=
+		sys-libs/readline:0=
+	)
+	midi? ( media-libs/alsa-lib )
+	obex? ( dev-libs/libical:= )
+	readline? ( sys-libs/readline:0= )
+	systemd? ( sys-apps/systemd )
+	>=sys-apps/dbus-1.6:=
+	udev? ( >=virtual/udev-172 )
+"
+RDEPEND="${DEPEND}
+	selinux? ( sec-policy/selinux-bluetooth )
+	test-programs? ( ${TEST_DEPS} )
+"
+
+RESTRICT="!test? ( test )"
+
+PATCHES=(
+	# Try both udevadm paths to cover udev/systemd vs. eudev locations (#539844)
+	# http://www.spinics.net/lists/linux-bluetooth/msg58739.html
+	# https://bugs.gentoo.org/539844
+	# https://github.com/bluez/bluez/issues/268
+	"${FILESDIR}"/${PN}-udevadm-path-r1.patch
+
+	# Fedora patches
+	# https://lore.kernel.org/linux-bluetooth/20220901110719.176944-1-hadess@hadess.net/T/#m9c08d004cd5422783ee1d93154f42303bba9169f
+	"${FILESDIR}"/${PN}-5.66-power-state-adapter-property.patch
+
+	# Backport CVE-2023-45866 fix (bug #919383)
+	"${FILESDIR}"/${PN}-5.70-CVE-2023-45866.patch
+)
+
+pkg_setup() {
+	# From http://www.linuxfromscratch.org/blfs/view/svn/general/bluez.html
+	# to prevent bugs like:
+	# https://bugzilla.kernel.org/show_bug.cgi?id=196621
+	CONFIG_CHECK="~NET ~BT ~BT_RFCOMM ~BT_RFCOMM_TTY ~BT_BNEP ~BT_BNEP_MC_FILTER
+		~BT_BNEP_PROTO_FILTER ~BT_HIDP ~CRYPTO_USER_API_HASH ~CRYPTO_USER_API_SKCIPHER
+		~UHID ~RFKILL"
+	# https://bugzilla.kernel.org/show_bug.cgi?id=196621
+	# https://bugzilla.kernel.org/show_bug.cgi?id=206815
+	if use mesh || use test; then
+		CONFIG_CHECK="${CONFIG_CHECK} ~CRYPTO_USER
+		~CRYPTO_USER_API ~CRYPTO_USER_API_AEAD ~CRYPTO_AES ~CRYPTO_CCM ~CRYPTO_AEAD ~CRYPTO_CMAC
+		~CRYPTO_MD5 ~CRYPTO_SHA1 ~KEY_DH_OPERATIONS"
+	fi
+	linux-info_pkg_setup
+
+	if use test || use test-programs; then
+		python-single-r1_pkg_setup
+	fi
+
+	if ! use udev; then
+		ewarn
+		ewarn "You are installing ${PN} with USE=-udev. This means various bluetooth"
+		ewarn "devices and adapters from Apple, Dell, Logitech etc. will not work,"
+		ewarn "and hid2hci will not be available."
+		ewarn
+	fi
+}
+
+src_prepare() {
+	default
+
+	# http://www.spinics.net/lists/linux-bluetooth/msg38490.html
+	if ! use systemd; then
+		eapply "${FILESDIR}"/0001-Allow-using-obexd-without-systemd-in-the-user-session-r2.patch
+	fi
+
+	eautoreconf
+
+	if use cups; then
+		# Only not .am to not need to run eautoreconf only because of this
+		sed -i \
+			-e "s:cupsdir = \$(libdir)/cups:cupsdir = $(cups-config --serverbin):" \
+			Makefile.{in,tools} || die
+	fi
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	local myconf=(
+		# readline is automagic when client is enabled
+		# --enable-client always needs readline, bug #504038
+		# --enable-mesh is handled in the same way
+		ac_cv_header_readline_readline_h=$(multilib_native_usex readline)
+		ac_cv_header_readline_readline_h=$(multilib_native_usex mesh)
+	)
+
+	if ! multilib_is_native_abi; then
+		myconf+=(
+			# deps not used for the library
+			{DBUS,GLIB}_{CFLAGS,LIBS}=' '
+		)
+	fi
+
+	econf \
+		--localstatedir=/var \
+		--disable-android \
+		--enable-datafiles \
+		--enable-optimization \
+		$(use_enable debug) \
+		--enable-pie \
+		--enable-threads \
+		--enable-library \
+		--enable-tools \
+		--enable-manpages \
+		--enable-monitor \
+		--with-systemdsystemunitdir="$(systemd_get_systemunitdir)" \
+		--with-systemduserunitdir="$(systemd_get_userunitdir)" \
+		$(multilib_native_use_enable btpclient) \
+		$(multilib_native_use_enable btpclient external-ell) \
+		$(multilib_native_use_enable cups) \
+		$(multilib_native_use_enable deprecated) \
+		$(multilib_native_use_enable experimental) \
+		$(multilib_native_use_enable mesh) \
+		$(multilib_native_use_enable mesh external-ell) \
+		$(multilib_native_use_enable midi) \
+		$(multilib_native_use_enable obex) \
+		$(multilib_native_use_enable readline client) \
+		$(multilib_native_use_enable systemd) \
+		$(multilib_native_use_enable test-programs test) \
+		$(multilib_native_use_enable udev) \
+		$(multilib_native_use_enable udev hid2hci) \
+		$(multilib_native_use_enable udev sixaxis)
+}
+
+multilib_src_compile() {
+	if multilib_is_native_abi; then
+		default
+	else
+		emake -f Makefile -f - libs \
+			<<<'libs: $(lib_LTLIBRARIES)'
+	fi
+}
+
+multilib_src_test() {
+	multilib_is_native_abi && default
+}
+
+multilib_src_install() {
+	if multilib_is_native_abi; then
+		emake DESTDIR="${D}" install
+
+		# Only install extra-tools when relevant USE flag is enabled
+		if use extra-tools; then
+			ewarn "Upstream doesn't support using this tools and their bugs are"
+			ewarn "likely to be ignored forever, also they can break without"
+			ewarn "previous announcement."
+			ewarn "Upstream also states all this tools are not really needed,"
+			ewarn "then, if you still need to rely on them, you must ask them"
+			ewarn "to either install that tool by default or add the needed"
+			ewarn "functionality to the existing 'official' tools."
+			ewarn "Please report this issues to:"
+			ewarn "http://www.bluez.org/development/lists/"
+
+			# Upstream doesn't install this, bug #524640
+			# http://permalink.gmane.org/gmane.linux.bluez.kernel/53115
+			# http://comments.gmane.org/gmane.linux.bluez.kernel/54564
+			dobin tools/btmgmt
+			# gatttool is only built with readline, bug #530776
+			# https://bugzilla.redhat.com/show_bug.cgi?id=1141909
+			# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720486
+			# https://bugs.archlinux.org/task/37686
+			dobin attrib/gatttool
+			# https://bugzilla.redhat.com/show_bug.cgi?id=1699680
+			dobin tools/avinfo
+		fi
+
+		# Not installed by default after being built, bug #666756
+		use btpclient && dobin tools/btpclient
+
+		# Unittests are not that useful once installed, so make them optional
+		if use test-programs; then
+			# Drop python2 only test tools
+			# https://bugzilla.kernel.org/show_bug.cgi?id=206819
+			rm "${ED}"/usr/$(get_libdir)/bluez/test/simple-player || die
+			# https://bugzilla.kernel.org/show_bug.cgi?id=206821
+			rm "${ED}"/usr/$(get_libdir)/bluez/test/test-hfp || die
+			# https://bugzilla.kernel.org/show_bug.cgi?id=206823
+			rm "${ED}"/usr/$(get_libdir)/bluez/test/test-sap-server	|| die
+
+			python_fix_shebang "${ED}"/usr/$(get_libdir)/bluez/test
+
+			for i in $(find "${ED}"/usr/$(get_libdir)/bluez/test -maxdepth 1 -type f ! -name "*.*"); do
+				dosym "${i}" /usr/bin/bluez-"${i##*/}"
+			done
+		fi
+	else
+		emake DESTDIR="${D}" \
+			install-pkgincludeHEADERS \
+			install-libLTLIBRARIES \
+			install-pkgconfigDATA
+	fi
+}
+
+multilib_src_install_all() {
+	# We need to ensure obexd can be spawned automatically by systemd
+	# when user-session is enabled:
+	# http://marc.info/?l=linux-bluetooth&m=148096094716386&w=2
+	# https://bugs.gentoo.org/show_bug.cgi?id=577842
+	# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804908
+	# https://bugs.archlinux.org/task/45816
+	# https://bugzilla.redhat.com/show_bug.cgi?id=1318441
+	# https://bugzilla.redhat.com/show_bug.cgi?id=1389347
+	if use systemd; then
+		dosym obex.service /usr/lib/systemd/user/dbus-org.bluez.obex.service
+	fi
+
+	find "${D}" -name '*.la' -type f -delete || die
+
+	keepdir /var/lib/bluetooth
+
+	# Upstream don't want people to play with them
+	# But we keep installing them due to 'historical' reasons
+	insinto /etc/bluetooth
+	local d
+	for d in input network; do
+		doins profiles/${d}/${d}.conf
+	done
+	# Setup auto enable as Fedora does for allowing to use
+	# keyboards/mouse as soon as possible
+	sed -i 's/#\[Policy\]$/\[Policy\]/; s/#AutoEnable=false/AutoEnable=true/' src/main.conf || die
+	doins src/main.conf
+
+	newinitd "${FILESDIR}"/bluetooth-init.d-r5 bluetooth
+	newconfd "${FILESDIR}"/bluetooth-conf.d bluetooth
+
+	einstalldocs
+	use doc && dodoc doc/*.txt
+}
+
+pkg_postinst() {
+	use udev && udev_reload
+	systemd_reenable bluetooth.service
+
+	has_version net-dialup/ppp || elog "To use dial up networking you must install net-dialup/ppp"
+}
+
+pkg_postrm() {
+	use udev && udev_reload
+}
diff --git a/net-wireless/bluez/files/bluez-5.70-CVE-2023-45866.patch b/net-wireless/bluez/files/bluez-5.70-CVE-2023-45866.patch
new file mode 100644
index 000000000000..6e5ac253585c
--- /dev/null
+++ b/net-wireless/bluez/files/bluez-5.70-CVE-2023-45866.patch
@@ -0,0 +1,43 @@
+https://bugs.gentoo.org/919383
+https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=25a471a83e02e1effb15d5a488b3f0085eaeb675
+
+From 25a471a83e02e1effb15d5a488b3f0085eaeb675 Mon Sep 17 00:00:00 2001
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+Date: Tue, 10 Oct 2023 13:03:12 -0700
+Subject: input.conf: Change default of ClassicBondedOnly
+
+This changes the default of ClassicBondedOnly since defaulting to false
+is not inline with HID specification which mandates the of Security Mode
+4:
+
+BLUETOOTH SPECIFICATION Page 84 of 123
+Human Interface Device (HID) Profile:
+
+  5.4.3.4.2 Security Modes
+  Bluetooth HID Hosts shall use Security Mode 4 when interoperating with
+  Bluetooth HID devices that are compliant to the Bluetooth Core
+  Specification v2.1+EDR[6].
+--- a/profiles/input/device.c
++++ b/profiles/input/device.c
+@@ -81,7 +81,7 @@ struct input_device {
+ 
+ static int idle_timeout = 0;
+ static bool uhid_enabled = false;
+-static bool classic_bonded_only = false;
++static bool classic_bonded_only = true;
+ 
+ void input_set_idle_timeout(int timeout)
+ {
+--- a/profiles/input/input.conf
++++ b/profiles/input/input.conf
+@@ -17,7 +17,7 @@
+ # platforms may want to make sure that input connections only come from bonded
+ # device connections. Several older mice have been known for not supporting
+ # pairing/encryption.
+-# Defaults to false to maximize device compatibility.
++# Defaults to true for security.
+ #ClassicBondedOnly=true
+ 
+ # LE upgrade security
+-- 
+cgit 1.2.3-korg