All of lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH 1/1] package/bluez5_utils: security bump to version 5.62
@ 2021-11-13 16:32 Fabrice Fontaine
  2021-11-13 17:04 ` Thomas Petazzoni
  2021-11-17 22:12 ` Peter Korsgaard
  0 siblings, 2 replies; 5+ messages in thread
From: Fabrice Fontaine @ 2021-11-13 16:32 UTC (permalink / raw)
  To: buildroot; +Cc: Grzegorz Blach, Fabrice Fontaine, Marcin Bis

- Drop second patch (already in version)
- Fix CVE-2021-43400: An issue was discovered in gatt-database.c in BlueZ
  5.61. A use-after-free can occur when a client disconnects during D-Bus
  processing of a WriteValue call.

http://www.bluez.org/release-of-bluez-5-62

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 .../bluez5_utils-headers.mk                   |  2 +-
 ...-profiles-audio-media.c-rename-pause.patch | 52 -------------------
 package/bluez5_utils/bluez5_utils.hash        |  2 +-
 package/bluez5_utils/bluez5_utils.mk          |  2 +-
 4 files changed, 3 insertions(+), 55 deletions(-)
 delete mode 100644 package/bluez5_utils/0002-profiles-audio-media.c-rename-pause.patch

diff --git a/package/bluez5_utils-headers/bluez5_utils-headers.mk b/package/bluez5_utils-headers/bluez5_utils-headers.mk
index f4c7fc3cbb..e671431093 100644
--- a/package/bluez5_utils-headers/bluez5_utils-headers.mk
+++ b/package/bluez5_utils-headers/bluez5_utils-headers.mk
@@ -5,7 +5,7 @@
 ################################################################################
 
 # Keep the version and patches in sync with bluez5_utils
-BLUEZ5_UTILS_HEADERS_VERSION = 5.61
+BLUEZ5_UTILS_HEADERS_VERSION = 5.62
 BLUEZ5_UTILS_HEADERS_SOURCE = bluez-$(BLUEZ5_UTILS_VERSION).tar.xz
 BLUEZ5_UTILS_HEADERS_SITE = $(BR2_KERNEL_MIRROR)/linux/bluetooth
 BLUEZ5_UTILS_HEADERS_DL_SUBDIR = bluez5_utils
diff --git a/package/bluez5_utils/0002-profiles-audio-media.c-rename-pause.patch b/package/bluez5_utils/0002-profiles-audio-media.c-rename-pause.patch
deleted file mode 100644
index a7fabc9edd..0000000000
--- a/package/bluez5_utils/0002-profiles-audio-media.c-rename-pause.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 0bb5785a68a2799db003364770be3764af9b9034 Mon Sep 17 00:00:00 2001
-From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-Date: Sun, 12 Sep 2021 13:55:49 +0200
-Subject: [PATCH] profiles/audio/media.c: rename pause
-
-Rename pause to media_player_pause to avoid the following build failure:
-
-profiles/audio/media.c:1284:13: error: conflicting types for 'pause'
- 1284 | static bool pause(void *user_data)
-      |             ^~~~~
-In file included from /tmp/instance-0/output-1/per-package/bluez5_utils/host/s390x-buildroot-linux-gnu/sysroot/usr/include/bits/sigstksz.h:24,
-                 from /tmp/instance-0/output-1/per-package/bluez5_utils/host/s390x-buildroot-linux-gnu/sysroot/usr/include/signal.h:328,
-                 from /tmp/instance-0/output-1/per-package/bluez5_utils/host/bin/../s390x-buildroot-linux-gnu/sysroot/usr/include/glib-2.0/glib/gbacktrace.h:36,
-                 from /tmp/instance-0/output-1/per-package/bluez5_utils/host/bin/../s390x-buildroot-linux-gnu/sysroot/usr/include/glib-2.0/glib.h:34,
-                 from profiles/audio/media.c:21:
-/tmp/instance-0/output-1/per-package/bluez5_utils/host/s390x-buildroot-linux-gnu/sysroot/usr/include/unistd.h:489:12: note: previous declaration of 'pause' was here
-  489 | extern int pause (void);
-      |            ^~~~~
-
-Fixes:
- - http://autobuild.buildroot.org/results/c4fbface34be8815838fd7201621d7a8fddd32c5
-
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
----
- profiles/audio/media.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/profiles/audio/media.c b/profiles/audio/media.c
-index 267722542..f93b74e67 100644
---- a/profiles/audio/media.c
-+++ b/profiles/audio/media.c
-@@ -1281,7 +1281,7 @@ static bool stop(void *user_data)
- 	return media_player_send(mp, "Stop");
- }
- 
--static bool pause(void *user_data)
-+static bool media_player_pause(void *user_data)
- {
- 	struct media_player *mp = user_data;
- 
-@@ -1331,7 +1331,7 @@ static struct avrcp_player_cb player_cb = {
- 	.set_volume = set_volume,
- 	.play = play,
- 	.stop = stop,
--	.pause = pause,
-+	.pause = media_player_pause,
- 	.next = next,
- 	.previous = previous,
- };
--- 
-2.33.0
-
diff --git a/package/bluez5_utils/bluez5_utils.hash b/package/bluez5_utils/bluez5_utils.hash
index 3ba2482468..3ec4acac7f 100644
--- a/package/bluez5_utils/bluez5_utils.hash
+++ b/package/bluez5_utils/bluez5_utils.hash
@@ -1,5 +1,5 @@
 # From https://www.kernel.org/pub/linux/bluetooth/sha256sums.asc:
-sha256  83afd6c52179554bfeabbcb538fec2eb6be90a8ac3c40871b49d7ad8b49c423b  bluez-5.61.tar.xz
+sha256  38090a5b750e17fc08d3e52178ed8d3254c5f4bd2c48830d5c1955b88e3bc0c2  bluez-5.62.tar.xz
 # Locally computed
 sha256  b499eddebda05a8859e32b820a64577d91f1de2b52efa2a1575a2cb4000bc259  COPYING
 sha256  ec60b993835e2c6b79e6d9226345f4e614e686eb57dc13b6420c15a33a8996e5  COPYING.LIB
diff --git a/package/bluez5_utils/bluez5_utils.mk b/package/bluez5_utils/bluez5_utils.mk
index ce927b7a43..cf46d6e0d6 100644
--- a/package/bluez5_utils/bluez5_utils.mk
+++ b/package/bluez5_utils/bluez5_utils.mk
@@ -5,7 +5,7 @@
 ################################################################################
 
 # Keep the version and patches in sync with bluez5_utils-headers
-BLUEZ5_UTILS_VERSION = 5.61
+BLUEZ5_UTILS_VERSION = 5.62
 BLUEZ5_UTILS_SOURCE = bluez-$(BLUEZ5_UTILS_VERSION).tar.xz
 BLUEZ5_UTILS_SITE = $(BR2_KERNEL_MIRROR)/linux/bluetooth
 BLUEZ5_UTILS_INSTALL_STAGING = YES
-- 
2.33.0

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/bluez5_utils: security bump to version 5.62
  2021-11-13 16:32 [Buildroot] [PATCH 1/1] package/bluez5_utils: security bump to version 5.62 Fabrice Fontaine
@ 2021-11-13 17:04 ` Thomas Petazzoni
  2021-11-17 22:12 ` Peter Korsgaard
  1 sibling, 0 replies; 5+ messages in thread
From: Thomas Petazzoni @ 2021-11-13 17:04 UTC (permalink / raw)
  To: Fabrice Fontaine; +Cc: Grzegorz Blach, Marcin Bis, buildroot

On Sat, 13 Nov 2021 17:32:41 +0100
Fabrice Fontaine <fontaine.fabrice@gmail.com> wrote:

> - Drop second patch (already in version)
> - Fix CVE-2021-43400: An issue was discovered in gatt-database.c in BlueZ
>   5.61. A use-after-free can occur when a client disconnects during D-Bus
>   processing of a WriteValue call.
> 
> http://www.bluez.org/release-of-bluez-5-62
> 
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
>  .../bluez5_utils-headers.mk                   |  2 +-
>  ...-profiles-audio-media.c-rename-pause.patch | 52 -------------------
>  package/bluez5_utils/bluez5_utils.hash        |  2 +-
>  package/bluez5_utils/bluez5_utils.mk          |  2 +-
>  4 files changed, 3 insertions(+), 55 deletions(-)
>  delete mode 100644 package/bluez5_utils/0002-profiles-audio-media.c-rename-pause.patch

Applied to master, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/bluez5_utils: security bump to version 5.62
  2021-11-13 16:32 [Buildroot] [PATCH 1/1] package/bluez5_utils: security bump to version 5.62 Fabrice Fontaine
  2021-11-13 17:04 ` Thomas Petazzoni
@ 2021-11-17 22:12 ` Peter Korsgaard
  2021-11-18 21:16   ` Fabrice Fontaine
  1 sibling, 1 reply; 5+ messages in thread
From: Peter Korsgaard @ 2021-11-17 22:12 UTC (permalink / raw)
  To: Fabrice Fontaine; +Cc: Grzegorz Blach, Marcin Bis, buildroot

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > - Drop second patch (already in version)
 > - Fix CVE-2021-43400: An issue was discovered in gatt-database.c in BlueZ
 >   5.61. A use-after-free can occur when a client disconnects during D-Bus
 >   processing of a WriteValue call.

 > http://www.bluez.org/release-of-bluez-5-62

This states "It recommends using the ELL version 0.44.". Do you know
how important this is? 2021.08.x has 0.41 and 2021.02.x has 0.35. Does
it need to be bumped as well?

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/bluez5_utils: security bump to version 5.62
  2021-11-17 22:12 ` Peter Korsgaard
@ 2021-11-18 21:16   ` Fabrice Fontaine
  2021-12-13 21:16     ` Peter Korsgaard
  0 siblings, 1 reply; 5+ messages in thread
From: Fabrice Fontaine @ 2021-11-18 21:16 UTC (permalink / raw)
  To: Peter Korsgaard; +Cc: Grzegorz Blach, Marcin Bis, Buildroot Mailing List

Le mer. 17 nov. 2021 à 23:12, Peter Korsgaard <peter@korsgaard.com> a écrit :
>
> >>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
>
>  > - Drop second patch (already in version)
>  > - Fix CVE-2021-43400: An issue was discovered in gatt-database.c in BlueZ
>  >   5.61. A use-after-free can occur when a client disconnects during D-Bus
>  >   processing of a WriteValue call.
>
>  > http://www.bluez.org/release-of-bluez-5-62
>
> This states "It recommends using the ELL version 0.44.". Do you know
> how important this is? 2021.08.x has 0.41 and 2021.02.x has 0.35. Does
> it need to be bumped as well?
Nope, I don't know.
>
> --
> Bye, Peter Korsgaard
Best Regards,

Fabrice
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/bluez5_utils: security bump to version 5.62
  2021-11-18 21:16   ` Fabrice Fontaine
@ 2021-12-13 21:16     ` Peter Korsgaard
  0 siblings, 0 replies; 5+ messages in thread
From: Peter Korsgaard @ 2021-12-13 21:16 UTC (permalink / raw)
  To: Fabrice Fontaine; +Cc: Grzegorz Blach, Marcin Bis, Buildroot Mailing List

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > Le mer. 17 nov. 2021 à 23:12, Peter Korsgaard <peter@korsgaard.com> a écrit :
 >> 
 >> >>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
 >> 
 >> > - Drop second patch (already in version)
 >> > - Fix CVE-2021-43400: An issue was discovered in gatt-database.c in BlueZ
 >> >   5.61. A use-after-free can occur when a client disconnects during D-Bus
 >> >   processing of a WriteValue call.
 >> 
 >> > http://www.bluez.org/release-of-bluez-5-62
 >> 
 >> This states "It recommends using the ELL version 0.44.". Do you know
 >> how important this is? 2021.08.x has 0.41 and 2021.02.x has 0.35. Does
 >> it need to be bumped as well?
 > Nope, I don't know.

Ok.

Committed to 2021.02.x and 2021.08.x, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-12-13 21:19 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-13 16:32 [Buildroot] [PATCH 1/1] package/bluez5_utils: security bump to version 5.62 Fabrice Fontaine
2021-11-13 17:04 ` Thomas Petazzoni
2021-11-17 22:12 ` Peter Korsgaard
2021-11-18 21:16   ` Fabrice Fontaine
2021-12-13 21:16     ` Peter Korsgaard

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.