mirror of
git://slackware.nl/current.git
synced 2024-12-31 10:28:29 +01:00
9f08fbd623
patches/packages/bluez-5.71-x86_64-2_slack15.0.txz: Rebuilt.
Fix a regression in bluez-5.71:
[PATCH] adapter: Fix link key address type for old kernels.
Thanks to marav.
patches/packages/libssh-0.10.6-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Command injection using proxycommand.
Potential downgrade attack using strict kex.
Missing checks for return values of MD functions.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-6004
https://www.cve.org/CVERecord?id=CVE-2023-48795
https://www.cve.org/CVERecord?id=CVE-2023-6918
(* Security fix *)
patches/packages/mozilla-firefox-115.6.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.6.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2023-54/
https://www.cve.org/CVERecord?id=CVE-2023-6856
https://www.cve.org/CVERecord?id=CVE-2023-6865
https://www.cve.org/CVERecord?id=CVE-2023-6857
https://www.cve.org/CVERecord?id=CVE-2023-6858
https://www.cve.org/CVERecord?id=CVE-2023-6859
https://www.cve.org/CVERecord?id=CVE-2023-6860
https://www.cve.org/CVERecord?id=CVE-2023-6867
https://www.cve.org/CVERecord?id=CVE-2023-6861
https://www.cve.org/CVERecord?id=CVE-2023-6862
https://www.cve.org/CVERecord?id=CVE-2023-6863
https://www.cve.org/CVERecord?id=CVE-2023-6864
(* Security fix *)
patches/packages/mozilla-thunderbird-115.6.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.thunderbird.net/en-US/thunderbird/115.6.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/
https://www.cve.org/CVERecord?id=CVE-2023-50762
https://www.cve.org/CVERecord?id=CVE-2023-50761
https://www.cve.org/CVERecord?id=CVE-2023-6856
https://www.cve.org/CVERecord?id=CVE-2023-6857
https://www.cve.org/CVERecord?id=CVE-2023-6858
https://www.cve.org/CVERecord?id=CVE-2023-6859
https://www.cve.org/CVERecord?id=CVE-2023-6860
https://www.cve.org/CVERecord?id=CVE-2023-6861
https://www.cve.org/CVERecord?id=CVE-2023-6862
https://www.cve.org/CVERecord?id=CVE-2023-6863
https://www.cve.org/CVERecord?id=CVE-2023-6864
(* Security fix *)
35 lines
1.3 KiB
Diff
35 lines
1.3 KiB
Diff
From 1528118a8f84b4b178729c1f9fc3f6d858c04f9f Mon Sep 17 00:00:00 2001
|
|
From: Xiao Yao <xiaoyao@rock-chips.com>
|
|
Date: Sun, 17 Dec 2023 21:50:12 +0800
|
|
Subject: [PATCH] adapter: Fix link key address type for old kernels
|
|
|
|
Fixes: https://github.com/bluez/bluez/issues/686
|
|
|
|
Signed-off-by: Xiao Yao <xiaoyao@rock-chips.com>
|
|
---
|
|
src/adapter.c | 12 +++++++++++-
|
|
1 file changed, 11 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/src/adapter.c b/src/adapter.c
|
|
index ee70b00d2..b4628a411 100644
|
|
--- a/src/adapter.c
|
|
+++ b/src/adapter.c
|
|
@@ -4347,7 +4347,17 @@ static void load_link_keys(struct btd_adapter *adapter, GSList *keys,
|
|
struct link_key_info *info = l->data;
|
|
|
|
bacpy(&key->addr.bdaddr, &info->bdaddr);
|
|
- key->addr.type = info->bdaddr_type;
|
|
+
|
|
+ /*
|
|
+ * According to the Bluetooth specification, the address
|
|
+ * type of the link key is not fixed. However, the
|
|
+ * load_link_keys function in the old kernel code requires
|
|
+ * that the address type must be BREDR. Since the address
|
|
+ * type is not actually used by the link key, to maintain
|
|
+ * compatibility with older kernel versions, the addr.type
|
|
+ * of the link key is set to BDADDR_BREDR.
|
|
+ */
|
|
+ key->addr.type = BDADDR_BREDR;
|
|
key->type = info->type;
|
|
memcpy(key->val, info->key, 16);
|
|
key->pin_len = info->pin_len;
|