Robin Candau pushed to branch main at Arch Linux / Packaging / Packages / bluez
Commits: 47e9592b by Robin Candau at 2023-12-09T13:23:55+01:00 upgpkg: 5.70-2: Fix CVE-2023-45866 Closes https://gitlab.archlinux.org/archlinux/packaging/packages/bluez/-/issues/2 - - - - - 2 changed files: - .SRCINFO - PKGBUILD Changes: ===================================== .SRCINFO ===================================== @@ -1,6 +1,6 @@ pkgbase = bluez pkgver = 5.70 - pkgrel = 1 + pkgrel = 2 url = http://www.bluez.org/ arch = x86_64 license = GPL2 @@ -14,10 +14,12 @@ pkgbase = bluez source = https://www.kernel.org/pub/linux/bluetooth/bluez-5.70.tar.xz source = https://www.kernel.org/pub/linux/bluetooth/bluez-5.70.tar.sign source = bluetooth.modprobe + source = CVE-2023-45866.patch::https://github.com/bluez/bluez/commit/25a471a83e02e1effb15d5a488b3f0085eaeb675.patch validpgpkeys = E932D120BC2AEC444E558F0106CA9F5D1DCF2659 sha256sums = 37e372e916955e144cb882f888e4be40898f10ae3b7c213ddcdd55ee9c009278 sha256sums = SKIP sha256sums = 46c021be659c9a1c4e55afd04df0c059af1f3d98a96338236412e449bf7477b4 + sha256sums = 933de421722c7511b5de1efd07a888328d44fa7d99f753696c6d67f938eab24c pkgname = bluez pkgdesc = Daemons for the bluetooth protocol stack ===================================== PKGBUILD ===================================== @@ -7,20 +7,28 @@ pkgbase=bluez pkgname=('bluez' 'bluez-utils' 'bluez-libs' 'bluez-cups' 'bluez-hid2hci' 'bluez-plugins') pkgver=5.70 -pkgrel=1 +pkgrel=2 url="http://www.bluez.org/"; arch=('x86_64') license=('GPL2') makedepends=('dbus' 'libical' 'systemd' 'alsa-lib' 'json-c' 'ell' 'python-docutils') source=(https://www.kernel.org/pub/linux/bluetooth/${pkgname}-${pkgver}.tar.{xz,sign} bluetooth.modprobe + CVE-2023-45866.patch::https://github.com/bluez/bluez/commit/25a471a83e02e1effb15d5a488b3f0085eaeb675.patch #https://gitlab.archlinux.org/archlinux/packaging/packages/bluez/-/issues/2 ) # see https://www.kernel.org/pub/linux/bluetooth/sha256sums.asc sha256sums=('37e372e916955e144cb882f888e4be40898f10ae3b7c213ddcdd55ee9c009278' 'SKIP' - '46c021be659c9a1c4e55afd04df0c059af1f3d98a96338236412e449bf7477b4') + '46c021be659c9a1c4e55afd04df0c059af1f3d98a96338236412e449bf7477b4' + '933de421722c7511b5de1efd07a888328d44fa7d99f753696c6d67f938eab24c') validpgpkeys=('E932D120BC2AEC444E558F0106CA9F5D1DCF2659') # Marcel Holtmann <[email protected]> +prepare() { + # Temporary patch to fix CVE-2023-45866. See https://gitlab.archlinux.org/archlinux/packaging/packages/bluez/-/issues/2 + cd "${pkgname}"-${pkgver} + patch -Np1 <${srcdir}/CVE-2023-45866.patch +} + build() { cd "${pkgname}"-${pkgver} ./configure \ View it on GitLab: https://gitlab.archlinux.org/archlinux/packaging/packages/bluez/-/commit/47e9592b1b322c54bdb094238f52fa20513c624b -- View it on GitLab: https://gitlab.archlinux.org/archlinux/packaging/packages/bluez/-/commit/47e9592b1b322c54bdb094238f52fa20513c624b You're receiving this email because of your account on gitlab.archlinux.org.
