[Buildroot] [PATCH 1/1] package/bluez5_utils: security bump to version 5.62

* [Buildroot] [PATCH 1/1] package/bluez5_utils: security bump to version 5.62
@ 2021-11-13 16:32 Fabrice Fontaine
  2021-11-13 17:04 ` Thomas Petazzoni
  2021-11-17 22:12 ` Peter Korsgaard
  0 siblings, 2 replies; 5+ messages in thread
From: Fabrice Fontaine @ 2021-11-13 16:32 UTC (permalink / raw)
  To: buildroot; +Cc: Grzegorz Blach, Fabrice Fontaine, Marcin Bis

- Drop second patch (already in version)
- Fix CVE-2021-43400: An issue was discovered in gatt-database.c in BlueZ
  5.61. A use-after-free can occur when a client disconnects during D-Bus
  processing of a WriteValue call.

http://www.bluez.org/release-of-bluez-5-62

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 .../bluez5_utils-headers.mk                   |  2 +-
 ...-profiles-audio-media.c-rename-pause.patch | 52 -------------------
 package/bluez5_utils/bluez5_utils.hash        |  2 +-
 package/bluez5_utils/bluez5_utils.mk          |  2 +-
 4 files changed, 3 insertions(+), 55 deletions(-)
 delete mode 100644 package/bluez5_utils/0002-profiles-audio-media.c-rename-pause.patch

diff --git a/package/bluez5_utils-headers/bluez5_utils-headers.mk b/package/bluez5_utils-headers/bluez5_utils-headers.mk
index f4c7fc3cbb..e671431093 100644
--- a/package/bluez5_utils-headers/bluez5_utils-headers.mk
+++ b/package/bluez5_utils-headers/bluez5_utils-headers.mk
@@ -5,7 +5,7 @@
 ################################################################################
 
 # Keep the version and patches in sync with bluez5_utils
-BLUEZ5_UTILS_HEADERS_VERSION = 5.61
+BLUEZ5_UTILS_HEADERS_VERSION = 5.62
 BLUEZ5_UTILS_HEADERS_SOURCE = bluez-$(BLUEZ5_UTILS_VERSION).tar.xz
 BLUEZ5_UTILS_HEADERS_SITE = $(BR2_KERNEL_MIRROR)/linux/bluetooth
 BLUEZ5_UTILS_HEADERS_DL_SUBDIR = bluez5_utils
diff --git a/package/bluez5_utils/0002-profiles-audio-media.c-rename-pause.patch b/package/bluez5_utils/0002-profiles-audio-media.c-rename-pause.patch
deleted file mode 100644
index a7fabc9edd..0000000000
--- a/package/bluez5_utils/0002-profiles-audio-media.c-rename-pause.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 0bb5785a68a2799db003364770be3764af9b9034 Mon Sep 17 00:00:00 2001
-From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-Date: Sun, 12 Sep 2021 13:55:49 +0200
-Subject: [PATCH] profiles/audio/media.c: rename pause
-
-Rename pause to media_player_pause to avoid the following build failure:
-
-profiles/audio/media.c:1284:13: error: conflicting types for 'pause'
- 1284 | static bool pause(void *user_data)
-      |             ^~~~~
-In file included from /tmp/instance-0/output-1/per-package/bluez5_utils/host/s390x-buildroot-linux-gnu/sysroot/usr/include/bits/sigstksz.h:24,
-                 from /tmp/instance-0/output-1/per-package/bluez5_utils/host/s390x-buildroot-linux-gnu/sysroot/usr/include/signal.h:328,
-                 from /tmp/instance-0/output-1/per-package/bluez5_utils/host/bin/../s390x-buildroot-linux-gnu/sysroot/usr/include/glib-2.0/glib/gbacktrace.h:36,
-                 from /tmp/instance-0/output-1/per-package/bluez5_utils/host/bin/../s390x-buildroot-linux-gnu/sysroot/usr/include/glib-2.0/glib.h:34,
-                 from profiles/audio/media.c:21:
-/tmp/instance-0/output-1/per-package/bluez5_utils/host/s390x-buildroot-linux-gnu/sysroot/usr/include/unistd.h:489:12: note: previous declaration of 'pause' was here
-  489 | extern int pause (void);
-      |            ^~~~~
-
-Fixes:
- - http://autobuild.buildroot.org/results/c4fbface34be8815838fd7201621d7a8fddd32c5
-
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
----
- profiles/audio/media.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/profiles/audio/media.c b/profiles/audio/media.c
-index 267722542..f93b74e67 100644
---- a/profiles/audio/media.c
-+++ b/profiles/audio/media.c
-@@ -1281,7 +1281,7 @@ static bool stop(void *user_data)
- 	return media_player_send(mp, "Stop");
- }
- 
--static bool pause(void *user_data)
-+static bool media_player_pause(void *user_data)
- {
- 	struct media_player *mp = user_data;
- 
-@@ -1331,7 +1331,7 @@ static struct avrcp_player_cb player_cb = {
- 	.set_volume = set_volume,
- 	.play = play,
- 	.stop = stop,
--	.pause = pause,
-+	.pause = media_player_pause,
- 	.next = next,
- 	.previous = previous,
- };
--- 
-2.33.0
-
diff --git a/package/bluez5_utils/bluez5_utils.hash b/package/bluez5_utils/bluez5_utils.hash
index 3ba2482468..3ec4acac7f 100644
--- a/package/bluez5_utils/bluez5_utils.hash
+++ b/package/bluez5_utils/bluez5_utils.hash
@@ -1,5 +1,5 @@
 # From https://www.kernel.org/pub/linux/bluetooth/sha256sums.asc:
-sha256  83afd6c52179554bfeabbcb538fec2eb6be90a8ac3c40871b49d7ad8b49c423b  bluez-5.61.tar.xz
+sha256  38090a5b750e17fc08d3e52178ed8d3254c5f4bd2c48830d5c1955b88e3bc0c2  bluez-5.62.tar.xz
 # Locally computed
 sha256  b499eddebda05a8859e32b820a64577d91f1de2b52efa2a1575a2cb4000bc259  COPYING
 sha256  ec60b993835e2c6b79e6d9226345f4e614e686eb57dc13b6420c15a33a8996e5  COPYING.LIB
diff --git a/package/bluez5_utils/bluez5_utils.mk b/package/bluez5_utils/bluez5_utils.mk
index ce927b7a43..cf46d6e0d6 100644
--- a/package/bluez5_utils/bluez5_utils.mk
+++ b/package/bluez5_utils/bluez5_utils.mk
@@ -5,7 +5,7 @@
 ################################################################################
 
 # Keep the version and patches in sync with bluez5_utils-headers
-BLUEZ5_UTILS_VERSION = 5.61
+BLUEZ5_UTILS_VERSION = 5.62
 BLUEZ5_UTILS_SOURCE = bluez-$(BLUEZ5_UTILS_VERSION).tar.xz
 BLUEZ5_UTILS_SITE = $(BR2_KERNEL_MIRROR)/linux/bluetooth
 BLUEZ5_UTILS_INSTALL_STAGING = YES
-- 
2.33.0

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 5+ messages in thread