Ubuntu
bluez package

Change log for bluez package in Ubuntu

175 of 231 results FirstPreviousLast
Published in oracular-release
Deleted in oracular-proposed (Reason: Moved to oracular) 
bluez (5.73-1ubuntu2) oracular; urgency=medium

  * Don't try to build ebook phonebook support on i386
Superseded in oracular-proposed 
bluez (5.73-1ubuntu1) oracular; urgency=medium

  * Sync with Debian. Remaining changes:
    - Add apport hook
    - Use ebook phonebook plugin
    - Add patches:
      + 0002-hostname-handle-chassis-type-handset.patch
      + lp1759836.patch
      + raspi-bcm43xx-load-firmware.patch
      + raspi-bcm43xx-3wire.patch
      + raspi-cypress-305-bdaddr.patch
      + ubuntu_error_restart.patch
  * Dropped changes:
    - Conffile removals: these haven't been needed since Ubuntu 20.04 LTS
    - Breaks/Replaces not needed after Ubuntu 24.04 LTS
    - Disable bluetooth service by default in init script
      + Ubuntu uses systemd instead
  * Fix enabling ebook phonebook plugin

Available diffs

Superseded in oracular-release
Published in noble-release
Deleted in noble-proposed (Reason: Moved to noble) 
bluez (5.72-0ubuntu5) noble; urgency=medium

  * No-change rebuild against libasound2t64

 -- Steve Langasek <email address hidden>  Sun, 07 Apr 2024 07:10:25 +0000

Available diffs

Superseded in noble-release
Deleted in noble-proposed (Reason: Moved to noble) 
bluez (5.72-0ubuntu4) noble; urgency=medium

  * No-change rebuild for CVE-2024-3094

 -- Steve Langasek <email address hidden>  Sun, 31 Mar 2024 07:28:49 +0000

Available diffs

Superseded in noble-release
Deleted in noble-proposed (Reason: Moved to noble) 
bluez (5.72-0ubuntu3) noble; urgency=medium

  * No-change rebuild against libglib2.0-0t64

 -- Steve Langasek <email address hidden>  Mon, 11 Mar 2024 22:04:41 +0000
Superseded in noble-proposed 
bluez (5.72-0ubuntu2) noble; urgency=medium

  * No-change rebuild against libglib2.0-0t64

 -- Steve Langasek <email address hidden>  Fri, 08 Mar 2024 03:56:51 +0000

Available diffs

Deleted in noble-updates (Reason: superseded by release)
Superseded in noble-release
Deleted in noble-proposed (Reason: Moved to noble) 
bluez (5.72-0ubuntu1) noble; urgency=medium

  * New upstream release 5.72 (LP: #2049352):
    - Fix issue with BAP and handling stream IO linking.
    - Fix issue with BAP and setup of multiple streams per endpoint.
    - Fix issue with AVDTP and potential incorrect transaction label.
    - Fix issue with A2DP and handling crash on suspend.
    - Fix issue with GATT database and an invalid pointer.
    - Add support for AICS service.
  * Add bluetoothctl.1 man page to bluez package.

 -- Daniel van Vugt <email address hidden>  Tue, 16 Jan 2024 15:15:23 +0800

Available diffs

Superseded in noble-release
Deleted in noble-proposed (Reason: Moved to noble) 
bluez (5.71-1ubuntu3) noble; urgency=medium

  * Merge from Debian unstable. Remaining changes:
  * Add Ubuntu patches
    - lp1759836.patch
    - 0002-hostname-handle-chassis-type-handset.patch
    - ubuntu_error_restart.patch
    - raspi-bcm43xx-load-firmware.patch
    - raspi-bcm43xx-3wire.patch
    - raspi-cypress-305-bdaddr.patch
  * Tweak Debian patches
    - work-around-Logitech-diNovo-Edge-keyboard-firmware-i.patch
      Update patch (Closes: #1060393)
    - Change-shebang-from-usr-bin-python-to-usr-bin-python.patch
      Update patch to cope with different tarball
  * Add testsuite (Closes: #1060395)
  * Enable usb and phonebook-ebook support
  * Break/Replace old bluez-tests, due to binary renaming
  * rm conffiles in postrm and preinst
  * Install source_bluez.py
  * Disable bluetooth service by default in init script

 -- Gianfranco Costamagna <email address hidden>  Fri, 12 Jan 2024 18:16:54 +0100

Available diffs

Superseded in noble-release
Deleted in noble-proposed (Reason: Moved to noble) 
bluez (5.71-1ubuntu2) noble; urgency=medium

  * Do not install several files for bluez-test-tools, our tarballs are
    different.

 -- Simon Quigley <email address hidden>  Wed, 10 Jan 2024 20:36:41 -0600
Superseded in noble-proposed 
bluez (5.71-1ubuntu1) noble; urgency=medium

  [ Gianfranco Costamagna ]
  * Merge from sid (LP: #2047780)

  [ Simon Quigley ]
  * Remove libell-dev and check from build dependencies (and the corresponding
    build flags.) These are not in Main.

Available diffs

Superseded in noble-release
Deleted in noble-proposed (Reason: Moved to noble) 
bluez (5.71-0ubuntu3) noble; urgency=medium

  * Denylist libebook1.2-dev on i386.

 -- Simon Quigley <email address hidden>  Sat, 06 Jan 2024 14:25:13 -0600
Superseded in noble-proposed 
bluez (5.71-0ubuntu2) noble; urgency=medium

  [ Gianfranco Costamagna ]
  * Update debhelper compat to 13 (LP: #2047780).

  [ Simon Quigley ]
  * Update the init system overrides in debian/rules for the move to debhelper
    13.

 -- Simon Quigley <email address hidden>  Sat, 06 Jan 2024 14:01:12 -0600

Available diffs

Superseded in noble-proposed 
bluez (5.71-0ubuntu1) noble; urgency=medium

  * New upstream release 5.71 (LP: #2047780):
    - Fix issue with not registering CSIS service.
    - Fix issue with registering pairing callbacks.
    - Fix issue with corruption during discovery filter parsing.
  * Drop upstreamed patches:
    - 303925b28110469ad002ac19ce0eb9c84d6aceb2.patch
    - CVE-2023-45866.patch

 -- Daniel van Vugt <email address hidden>  Wed, 03 Jan 2024 17:32:31 +0800

Available diffs

Superseded in noble-release
Deleted in noble-proposed (Reason: Moved to noble) 
bluez (5.70-0ubuntu3) noble; urgency=medium

  * SECURITY UPDATE: make conf compliant to HID specification
    - debian/patches/CVE-2023-45866.patch: input.conf: Change default of
      ClassicBondedOnly
    - CVE-2023-45866

 -- Nishit Majithia <email address hidden>  Wed, 29 Nov 2023 14:31:59 +0530

Available diffs

Published in focal-updates
Published in focal-security 
bluez (5.53-0ubuntu3.7) focal-security; urgency=medium

  * SECURITY UPDATE: make conf compliant to HID specification
    - debian/patches/CVE-2023-45866.patch: input.conf: Change default of
      ClassicBondedOnly
    - CVE-2023-45866

 -- Nishit Majithia <email address hidden>  Wed, 29 Nov 2023 14:41:45 +0530
Published in jammy-updates
Published in jammy-security 
bluez (5.64-0ubuntu1.1) jammy-security; urgency=medium

  * SECURITY UPDATE: make conf compliant to HID specification
    - debian/patches/CVE-2023-45866.patch: input.conf: Change default of
      ClassicBondedOnly
    - CVE-2023-45866

 -- Nishit Majithia <email address hidden>  Wed, 29 Nov 2023 17:01:28 +0530
Published in lunar-updates
Published in lunar-security 
bluez (5.66-0ubuntu1.1) lunar-security; urgency=medium

  * SECURITY UPDATE: make conf compliant to HID specification
    - debian/patches/CVE-2023-45866.patch: input.conf: Change default of
      ClassicBondedOnly
    - CVE-2023-45866

 -- Nishit Majithia <email address hidden>  Wed, 29 Nov 2023 14:40:55 +0530
Published in mantic-updates
Published in mantic-security 
bluez (5.68-0ubuntu1.1) mantic-security; urgency=medium

  * SECURITY UPDATE: make conf compliant to HID specification
    - debian/patches/CVE-2023-45866.patch: input.conf: Change default of
      ClassicBondedOnly
    - CVE-2023-45866

 -- Nishit Majithia <email address hidden>  Wed, 29 Nov 2023 14:40:41 +0530
Superseded in noble-release
Deleted in noble-proposed (Reason: Moved to noble) 
bluez (5.70-0ubuntu2) noble; urgency=medium

  * Fix btmgmt --index option (thanks to Juerg Haefliger) (LP: #2041496)

 -- Dimitri John Ledkov <email address hidden>  Tue, 21 Nov 2023 11:08:37 +0000

Available diffs

Superseded in noble-release
Deleted in noble-proposed (Reason: Moved to noble) 
bluez (5.70-0ubuntu1) noble; urgency=medium

  * debian/bluez-meshd.maintscript, debian/bluez.maintscript:
    - remove the deprecated confiles on upgrade

  [ Daniel van Vugt ]
  * New upstream release 5.70 (LP: #2036149):
    - Fix issue with not sending GATT confirmations.
    - Fix issue with not handling initiator properly.
    - Fix issue with not checking PBAP counter length.
    - Add support for MICP profile and MICS service.
  * Includes release 5.69:
    - Fix issue with BAP enabling state correctly when resuming.
    - Fix issue with detaching source ASEs only after Stop Ready.
    - Fix issue with handling VCP audio location and descriptor.
    - Fix issue with generating IRK for adapter with privacy enabled.
    - Add support for BAP broadcast sink.
  * bluez.install, bluez-meshd.install: Moved system.d conf files from
    /etc/dbus-1/system.d/ to /usr/share/dbus-1/system.d/

 -- Sebastien Bacher <email address hidden>  Thu, 26 Oct 2023 21:30:27 +0200

Available diffs

Superseded in noble-release
Published in mantic-release
Deleted in mantic-proposed (Reason: Moved to mantic) 
bluez (5.68-0ubuntu1) mantic; urgency=medium

  * Move FIRMWARE_DIR change out of raspi-bcm43xx-load-firmware.patch and
    into its own patch: use-lib-firmware.patch
  * New upstream release 5.68 (LP: #2025599):
    - Fix issue with A2DP and handling of Transport.Acquire.
  * Includes short-lived upstream release 5.67:
    - Fix issue with BAP and initiating QoS and Enable procedures.
    - Fix issue with BAP and detaching streams when PAC is removed.
    - Fix issue with BAP and reading all instances of PAC.
    - Fix issue with BAP and not being able to reconfigure.
    - Fix issue with BAP and transport configuration changes.
    - Fix issue with BAP and handling unexpected disconnect.
    - Fix issue with GATT and not removing pending services.
    - Fix issue with GATT and client ready handling.
    - Fix issue with handling fallback to transient hostname.
    - Add support for SecureConnections configuration option.
    - Add support for Mesh Remove Provisioning.
    - Add support for Mesh Private Beacons.
  * Dropped patches:
    - obex-Use-GLib-helper-function-to-manipulate-paths.patch rather
      than resolving the conflicts it has with upstream now. It was proposed
      in 2013 and raised again in 2017 where it was rejected by upstream.
  * Refreshed patches:
    - 0002-hostname-handle-chassis-type-handset.patch

 -- Daniel van Vugt <email address hidden>  Thu, 06 Jul 2023 12:09:23 +0200

Available diffs

Superseded in mantic-release
Published in lunar-release
Deleted in lunar-proposed (Reason: Moved to lunar) 
bluez (5.66-0ubuntu1) lunar; urgency=medium

  * New upstream release 5.66 (LP: #1997201):
    - Fix issue with A2DP and transport connection collisions.
    - Fix issue with allowing application specific error codes.
    - Fix issue with not setting initiator flag correctly.
    - Fix issue with HoG Report MAP size handling.
    - Add initial support for Basic Audio Profile.
    - Add initial support for Volume Control Profile.
  * Refreshed patches:
    - raspi-bcm43xx-load-firmware.patch

 -- Daniel van Vugt <email address hidden>  Wed, 30 Nov 2022 16:31:09 +0800

Available diffs

Superseded in lunar-release
Obsolete in kinetic-release
Deleted in kinetic-proposed (Reason: Moved to kinetic) 
bluez (5.65-0ubuntu1) kinetic; urgency=medium

  * New upstream release 5.65 (LP: #1982739):
    - Fix issue with A2DP cache invalidation handling.
    - Fix issue with A2DP and not initialized SEP codec.
    - Fix issue with A2DP and multiple SetConfiguration to same SEP
    - Fix issue with AVRCP and not properly initialized volume.
    - Fix issue with SDP records when operating in LE only mode.
    - Fix issue with HoG and not reading report map of instances.
    - Fix issue with GATT server crashing while disconnecting.
    - Fix issue with not removing connected devices.
    - Fix issue with enabling wake support without RPA Resolution.
    - Fix issue with pairing failed due to the error of Already Paired.
    - Add support for CONFIGURATION_DIRECTORY environment variable.
    - Add support for STATE_DIRECTORY environment variable.
    - Add support for "Bonded" property with Device API.
    - Add experimental support for ISO socket.

 -- Daniel van Vugt <email address hidden>  Mon, 25 Jul 2022 17:34:08 +0800

Available diffs

Superseded in focal-updates
Superseded in focal-security 
bluez (5.53-0ubuntu3.6) focal-security; urgency=medium

  * SECURITY UPDATE: various security improvements (LP: #1977968)
    - debian/patches/avdtp-security.patch: check if capabilities are valid
      before attempting to copy them in profiles/audio/avdtp.c.
    - debian/patches/avdtp-security-2.patch: fix size comparison and
      variable misassignment in profiles/audio/avdtp.c.
    - debian/patches/avrcp-security.patch: make sure the number of bytes in
      the params_len matches the remaining bytes received so the code don't
      end up accessing invalid memory in profiles/audio/avrcp.c.
    - No CVE numbers

 -- Marc Deslauriers <email address hidden>  Wed, 08 Jun 2022 07:09:00 -0400
Published in bionic-updates
Published in bionic-security 
bluez (5.48-0ubuntu3.9) bionic-security; urgency=medium

  * SECURITY UPDATE: various security improvements (LP: #1977968)
    - debian/patches/avdtp-security.patch: check if capabilities are valid
      before attempting to copy them in profiles/audio/avdtp.c.
    - debian/patches/avdtp-security-2.patch: fix size comparison and
      variable misassignment in profiles/audio/avdtp.c.
    - debian/patches/avrcp-security.patch: make sure the number of bytes in
      the params_len matches the remaining bytes received so the code don't
      end up accessing invalid memory in profiles/audio/avrcp.c.
    - No CVE numbers

 -- Marc Deslauriers <email address hidden>  Wed, 08 Jun 2022 07:19:20 -0400
Superseded in kinetic-release
Deleted in kinetic-proposed (Reason: Moved to kinetic) 
bluez (5.64-0ubuntu2) kinetic; urgency=medium

  * No change rebuild to pickup a new version of LTO.

 -- Brian Murray <email address hidden>  Fri, 13 May 2022 12:36:19 -0700

Available diffs

Superseded in kinetic-release
Published in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy) 
bluez (5.64-0ubuntu1) jammy; urgency=medium

  * New upstream release 5.64 (LP: #1965740):
    - Fix issue with handling A2DP discover procedure.
    - Fix issue with media endpoint replies and SetConfiguration.
    - Fix issue with HoG queuing events before report map is read.
    - Fix issue with HoG and read order of GATT attributes.
    - Fix issue with HoG and not using UHID_CREATE2 interface.
    - Fix issue with failed scanning for 5 minutes after reboot.
  * Drop upstreamed patches:
    - hog-Fix-read-order-of-attributes.patch
    - media-Fix-crash-when-endpoint-replies-with-an-error-to-Se.patch
    - gdbus-Emit-InterfacesAdded-of-parents-objects-first.patch
  * Refreshed patches:
    - ubuntu_error_restart.patch

 -- Daniel van Vugt <email address hidden>  Thu, 24 Mar 2022 14:30:38 +0800

Available diffs

Superseded in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy) 
bluez (5.63-0ubuntu2) jammy; urgency=medium

  * Cherry-pick 3 patches to fix some crash & reconnect issues
    (LP: #1962542)

 -- Jeremy Bicha <email address hidden>  Wed, 02 Mar 2022 10:26:23 +0100

Available diffs

Superseded in bionic-updates
Superseded in bionic-security 
bluez (5.48-0ubuntu3.8) bionic-security; urgency=medium

  * SECURITY UPDATE: Integer overflow in gatt server protocol could lead to
    a heap overflow, resulting in denial of service or potential code
    execution.
    - debian/patches/CVE-2022-0204.patch: add length and offset validation in
      write_cb function in src/shared/gatt-server.c.
    - CVE-2022-0204

 -- Ray Veldkamp <email address hidden>  Fri, 04 Feb 2022 10:25:37 +1100
Superseded in focal-updates
Superseded in focal-security 
bluez (5.53-0ubuntu3.5) focal-security; urgency=medium

  * SECURITY UPDATE: Integer overflow in gatt server protocol could lead to
    a heap overflow, resulting in denial of service or potential code
    execution.
    - debian/patches/CVE-2022-0204.patch: add length and offset validation in
      write_cb function in src/shared/gatt-server.c.
    - CVE-2022-0204

 -- Ray Veldkamp <email address hidden>  Thu, 03 Feb 2022 22:27:07 +1100
Obsolete in impish-updates
Obsolete in impish-security 
bluez (5.60-0ubuntu2.2) impish-security; urgency=medium

  * SECURITY UPDATE: Integer overflow in gatt server protocol could lead to
    a heap overflow, resulting in denial of service or potential code
    execution.
    - debian/patches/CVE-2022-0204.patch: add length and offset validation in
      write_cb function in src/shared/gatt-server.c.
    - CVE-2022-0204

 -- Ray Veldkamp <email address hidden>  Tue, 01 Feb 2022 11:49:45 +1100
Superseded in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy) 
bluez (5.63-0ubuntu1) jammy; urgency=medium

  * New upstream release 5.63 (LP: #1957160):
    - Fix issue with storing IRK causing invalid read access.
    - Fix issue with disconnecting due to GattCharacteristic1.MTU.
    - Add support for Device{Found,Lost} of advertising monitoring.
  * Drop upstreamed patches:
    - 0001-obexd-plugins-import-PBAP-ebook-support-from-upstrea.patch
    - 0001-obexd-plugins-port-ebook-support-to-the-latest-EDS.patch
    - CVE-2021-41229.patch
  * Refreshed patches:
    - allow-using-obexd-without-systemd-in-the-user-sessio.patch

 -- Daniel van Vugt <email address hidden>  Wed, 12 Jan 2022 18:28:06 +0800

Available diffs

Superseded in bionic-updates
Superseded in bionic-security 
bluez (5.48-0ubuntu3.7) bionic-security; urgency=medium

  * SECURITY UPDATE: heap-based buffer overflow
    - debian/patches/CVE-2019-8922.patch: check if there is enough space in
      lib/sdp.c.
    - CVE-2019-8922

 -- Marc Deslauriers <email address hidden>  Wed, 08 Dec 2021 07:57:30 -0500
Superseded in focal-updates
Superseded in focal-security 
bluez (5.53-0ubuntu3.4) focal-security; urgency=medium

  * SECURITY UPDATE: incorrect discoverable status
    - debian/patches/CVE-2021-3658.patch: fix storing discoverable setting
      in src/adapter.c.
    - CVE-2021-3658
  * SECURITY UPDATE: DoS via memory leak in sdp_cstate_alloc_buf
    - debian/patches/CVE-2021-41229.patch: fix leaking buffers stored in
      cstates cache in src/sdpd-request.c, src/sdpd-server.c, src/sdpd.h,
      unit/test-sdp.c.
    - CVE-2021-41229
  * SECURITY UPDATE: use-after-free when client disconnects
    - debian/patches/CVE-2021-43400-pre1.patch: fix Acquire* reply handling
      in src/gatt-database.c.
    - debian/patches/CVE-2021-43400-pre2.patch: no multiple calls to
      AcquireWrite in src/gatt-database.c.
    - debian/patches/CVE-2021-43400.patch: fix not cleaning up when
      disconnected in src/gatt-database.c.
    - CVE-2021-43400

 -- Marc Deslauriers <email address hidden>  Wed, 17 Nov 2021 10:19:15 -0500
Superseded in impish-updates
Superseded in impish-security 
bluez (5.60-0ubuntu2.1) impish-security; urgency=medium

  * SECURITY UPDATE: incorrect discoverable status
    - debian/patches/CVE-2021-3658.patch: fix storing discoverable setting
      in src/adapter.c.
    - CVE-2021-3658
  * SECURITY UPDATE: DoS via memory leak in sdp_cstate_alloc_buf
    - debian/patches/CVE-2021-41229.patch: fix leaking buffers stored in
      cstates cache in src/sdpd-request.c, src/sdpd-server.c, src/sdpd.h,
      unit/test-sdp.c.
    - CVE-2021-41229
  * SECURITY UPDATE: use-after-free when client disconnects
    - debian/patches/CVE-2021-43400.patch: fix not cleaning up when
      disconnected in src/gatt-database.c.
    - CVE-2021-43400

 -- Marc Deslauriers <email address hidden>  Wed, 17 Nov 2021 10:08:28 -0500
Obsolete in hirsute-updates
Obsolete in hirsute-security 
bluez (5.56-0ubuntu4.3) hirsute-security; urgency=medium

  * SECURITY UPDATE: incorrect discoverable status
    - debian/patches/CVE-2021-3658.patch: fix storing discoverable setting
      in src/adapter.c.
    - CVE-2021-3658
  * SECURITY UPDATE: DoS via memory leak in sdp_cstate_alloc_buf
    - debian/patches/CVE-2021-41229.patch: fix leaking buffers stored in
      cstates cache in src/sdpd-request.c, src/sdpd-server.c, src/sdpd.h,
      unit/test-sdp.c.
    - CVE-2021-41229
  * SECURITY UPDATE: use-after-free when client disconnects
    - debian/patches/CVE-2021-43400-pre2.patch: no multiple calls to
      AcquireWrite in src/gatt-database.c.
    - debian/patches/CVE-2021-43400.patch: fix not cleaning up when
      disconnected in src/gatt-database.c.
    - CVE-2021-43400

 -- Marc Deslauriers <email address hidden>  Wed, 17 Nov 2021 10:12:50 -0500
Superseded in bionic-updates
Superseded in bionic-security 
bluez (5.48-0ubuntu3.6) bionic-security; urgency=medium

  * SECURITY UPDATE: DoS via memory leak in sdp_cstate_alloc_buf
    - debian/patches/CVE-2021-41229-pre1.patch: fix not checking if cstate
      length in src/sdpd-request.c.
    - debian/patches/CVE-2021-41229.patch: fix leaking buffers stored in
      cstates cache in src/sdpd-request.c, src/sdpd-server.c, src/sdpd.h,
      unit/test-sdp.c.
    - CVE-2021-41229
  * SECURITY UPDATE: use-after-free when client disconnects
    - debian/patches/CVE-2021-43400-pre1.patch: send device and link
      options with AcquireNotify in src/gatt-database.c.
    - debian/patches/CVE-2021-43400-pre2.patch: fix Acquire* reply handling
      in src/gatt-database.c.
    - debian/patches/CVE-2021-43400-pre3.patch: no multiple calls to
      AcquireWrite in src/gatt-database.c.
    - debian/patches/CVE-2021-43400-pre4.patch: provide MTU in ReadValue
      and WriteValue in src/gatt-database.c.
    - debian/patches/CVE-2021-43400.patch: fix not cleaning up when
      disconnected in src/gatt-database.c.
    - CVE-2021-43400

 -- Marc Deslauriers <email address hidden>  Wed, 17 Nov 2021 10:52:30 -0500
Superseded in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy) 
bluez (5.62-0ubuntu2) jammy; urgency=medium

  * SECURITY UPDATE: DoS via memory leak in sdp_cstate_alloc_buf
    - debian/patches/CVE-2021-41229.patch: fix leaking buffers stored in
      cstates cache in src/sdpd-request.c, src/sdpd-server.c, src/sdpd.h,
      unit/test-sdp.c.
    - CVE-2021-41229

 -- Marc Deslauriers <email address hidden>  Wed, 17 Nov 2021 10:06:07 -0500

Available diffs

Superseded in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy) 
bluez (5.62-0ubuntu1) jammy; urgency=medium

  * New upstream release 5.62 (LP: #1941708):
    - Fix issue with handling truncation when loading LTKs.
    - Fix issue with accepting Exchange MTU on EATT bearer.
    - Fix issue with clearing DeviceLost timers on power down.
    - Fix issue with AVCTP browsing channel and missing ERTM.
    - Fix issue with AVDTP and local SEID pool for each adapter.
    - Add support for BR/EDR and LE connection failure reasons.
  * Drop patch git_glibc234_buildfix.patch as it is included in 5.62.
  * New upstream release 5.61:
    - Fix issue with A2DP while waiting for command response.
    - Fix issue with A2DP when SetConfiguration fails.
    - Fix issue with device removal handling.
    - Fix issue with storing discoverable setting.
    - Add support for Central Address Resolution characteristic.
    - Add support for admin policy plugin.
  * Merges from Debian 5.61-1:
    - Change debian/watch to use HTTPS.
    - Add to debian/README.Debian
    - Replace 0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch
      with allow-using-obexd-without-systemd-in-the-user-sessio.patch which
      also fixes LP: #1945887.
    - Rename 0001-obex-Use-GLib-helper-function-to-manipulate-paths.patch
      to obex-Use-GLib-helper-function-to-manipulate-paths.patch
    - Rename 0001-work-around-Logitech-diNovo-Edge-keyboard-firmware-i.patch
      to work-around-Logitech-diNovo-Edge-keyboard-firmware-i.patch although
      Ubuntu still carries an additional fix that's not in the Debian branch.

 -- Daniel van Vugt <email address hidden>  Fri, 15 Oct 2021 15:18:43 +0800

Available diffs

Superseded in jammy-release
Obsolete in impish-release
Deleted in impish-proposed (Reason: Moved to impish) 
bluez (5.60-0ubuntu2) impish; urgency=medium

  * debian/patches/git_glibc234_buildfix.patch:
    - Fix build with glibc >= 2.34

 -- Sebastien Bacher <email address hidden>  Mon, 20 Sep 2021 13:48:13 +0200

Available diffs

Superseded in impish-release
Deleted in impish-proposed (Reason: Moved to impish) 
bluez (5.60-0ubuntu1) impish; urgency=medium

  * New upstream release 5.60 (LP: #1935794):
    - Fix issue with reading from RFKILL device node.
    - Fix issue with AVDTP and parsing capabilities.
    - Fix issue with UnregisterApplication handling.
    - Fix issue with RegisterProfile if UUID already exists.
    - Fix issue with GATT client attribute read with offset.
    - Fix issue with non-discoverable device and advertising monitor.
  * Drop upstreamed patch: Fix-reading-from-rfkill-socket.patch

 -- Daniel van Vugt <email address hidden>  Mon, 12 Jul 2021 16:36:13 +0800

Available diffs

Superseded in impish-release
Deleted in impish-proposed (Reason: Moved to impish) 
bluez (5.59-0ubuntu1) impish; urgency=medium

  * New upstream release 5.59 (LP: #1933078):
    - Fix issue with string to UUID-32 conversion.
    - Fix issue with connect request if SDP search failed.
    - Fix issue with accepting invalid AVDTP capabilities.
    - Fix issue with unregister handling of AVRCP player.
  * Add new build-dep 'python3-docutils' required for rst2man.
  * Add new package 'bluez-meshd' and --enable-mesh (LP: #1929833).
    - Requires new build-dep 'libjson-c-dev'.
  * Cleanups from upstream debian:
    - Remove empty packages 'libbluetooth3-dbg' and 'bluez-dbg'.
    - Lots of benign formatting changes in debian/control to shrink the diff.
  * Add binaries 'b1ee', 'btvirt', 'hfp' to 'bluez-tests' (LP: #1932022).
  * Add binary 'avinfo' to 'bluez' (LP: #1907886).
  * Add patch Fix-reading-from-rfkill-socket.patch to resolve Bluetooth
    on/off toggle issues with newer kernel versions (LP: #1926062).

 -- Daniel van Vugt <email address hidden>  Mon, 21 Jun 2021 17:02:38 +0800

Available diffs

Superseded in hirsute-updates
Deleted in hirsute-proposed (Reason: moved to -updates) 
bluez (5.56-0ubuntu4.2) hirsute; urgency=medium

  * debian/patches/0001-fix-reading-from-rfkill-socket.patch:
    - fix reading from rfkill socket (lp: #1933221)

 -- Andy Chi <email address hidden>  Tue, 22 Jun 2021 08:07:12 +0000
Superseded in focal-updates
Deleted in focal-proposed (Reason: moved to -updates) 
bluez (5.53-0ubuntu3.3) focal; urgency=medium

  * debian/patches/0001-fix-reading-from-rfkill-socket.patch:
    - fix reading from rfkill socket (lp: #1933221)

 -- Andy Chi <email address hidden>  Tue, 22 Jun 2021 14:27:12 +0800
Superseded in hirsute-updates
Superseded in hirsute-security 
bluez (5.56-0ubuntu4.1) hirsute-security; urgency=medium

  * SECURITY UPDATE: secure pairing passkey brute force
    - debian/patches/CVE-2020-26558.patch: fix not properly checking for
      secure flags in src/shared/att-types.h, src/shared/gatt-server.c.
    - CVE-2020-26558

 -- Marc Deslauriers <email address hidden>  Wed, 09 Jun 2021 10:59:03 -0400
Superseded in bionic-updates
Superseded in bionic-security 
bluez (5.48-0ubuntu3.5) bionic-security; urgency=medium

  * SECURITY UPDATE: secure pairing passkey brute force
    - debian/patches/CVE-2020-26558.patch: fix not properly checking for
      secure flags in src/shared/att-types.h, src/shared/gatt-server.c.
    - CVE-2020-26558
  * SECURITY UPDATE: DoS or code execution via double-free
    - debian/patches/CVE-2020-27153.patch: fix possible crash on disconnect
      in src/shared/att.c.
    - CVE-2020-27153

 -- Marc Deslauriers <email address hidden>  Wed, 09 Jun 2021 11:12:47 -0400
Superseded in focal-updates
Superseded in focal-security 
bluez (5.53-0ubuntu3.2) focal-security; urgency=medium

  * SECURITY UPDATE: secure pairing passkey brute force
    - debian/patches/CVE-2020-26558.patch: fix not properly checking for
      secure flags in src/shared/att-types.h, src/shared/gatt-server.c.
    - CVE-2020-26558
  * SECURITY UPDATE: DoS or code execution via double-free
    - debian/patches/CVE-2020-27153.patch: fix possible crash on disconnect
      in src/shared/att.c.
    - CVE-2020-27153
  * SECURITY UPDATE: info disclosure via out of bounds read
    - debian/patches/CVE-2021-3588.patch: when client features is read
      check if the offset is within the cli_feat bounds in
      src/gatt-database.c.
    - CVE-2021-3588

 -- Marc Deslauriers <email address hidden>  Wed, 09 Jun 2021 11:06:38 -0400
Obsolete in groovy-updates
Obsolete in groovy-security 
bluez (5.55-0ubuntu1.2) groovy-security; urgency=medium

  * SECURITY UPDATE: secure pairing passkey brute force
    - debian/patches/CVE-2020-26558.patch: fix not properly checking for
      secure flags in src/shared/att-types.h, src/shared/gatt-server.c.
    - CVE-2020-26558
  * SECURITY UPDATE: info disclosure via out of bounds read
    - debian/patches/CVE-2021-3588.patch: when client features is read
      check if the offset is within the cli_feat bounds in
      src/gatt-database.c.
    - CVE-2021-3588

 -- Marc Deslauriers <email address hidden>  Wed, 09 Jun 2021 11:01:25 -0400
Superseded in impish-release
Deleted in impish-proposed (Reason: Moved to impish) 
bluez (5.58-0ubuntu1) impish; urgency=medium

  * New upstream release 5.58 (LP: #1923564):
    - Fix issue with usage of deprecated GLib functions.
  * New upstream release 5.57:
    - Fix issue with handling GATT notification PDU parsing.
    - Fix issue with registering DIS without a valid source.
    - Fix issue with removing remote SEPs when loading from cache.
  * Drop hog-lib-Fix-crash-when-receiving-UHID_GET_REPORT.patch because
    it is upstreamed in version 5.57.
  * Drop a couple of nonexistent symbols (in sixaxis.so) from
    libbluetooth3.symbols to quieten lintian.

 -- Daniel van Vugt <email address hidden>  Tue, 04 May 2021 15:23:46 +0800

Available diffs

Superseded in impish-release
Obsolete in hirsute-release
Deleted in hirsute-proposed (Reason: Moved to hirsute) 
bluez (5.56-0ubuntu4) hirsute; urgency=medium

  * Add hog-lib-Fix-crash-when-receiving-UHID_GET_REPORT.patch to fix crashes
    when connecting Bluetooth keyboards (LP: #1924217)

 -- Daniel van Vugt <email address hidden>  Thu, 15 Apr 2021 14:47:04 +0800

Available diffs

Superseded in hirsute-release
Deleted in hirsute-proposed (Reason: Moved to hirsute) 
bluez (5.56-0ubuntu3) hirsute; urgency=medium

  * Mark symbols as option, not seen when building with lto.

 -- Matthias Klose <email address hidden>  Mon, 22 Mar 2021 19:59:17 +0100

Available diffs

Superseded in focal-updates
Deleted in focal-proposed (Reason: moved to -updates) 
bluez (5.53-0ubuntu3.1) focal; urgency=medium

  * Add support for the pi 400 (LP: #1903048)

 -- William 'jawn-smith' Wilson <email address hidden>  Mon, 15 Mar 2021 19:25:22 +0000

Available diffs

Superseded in hirsute-release
Deleted in hirsute-proposed (Reason: moved to Release) 
bluez (5.56-0ubuntu2) hirsute; urgency=medium

  * Drop build-dependency on obsolete dh-systemd.

 -- Steve Langasek <email address hidden>  Tue, 02 Mar 2021 14:39:18 -0800

Available diffs

Superseded in hirsute-release
Deleted in hirsute-proposed (Reason: moved to Release) 
bluez (5.56-0ubuntu1) hirsute; urgency=medium

  * New upstream release 5.56 (LP: #1916570)
    - Fix issue with setting AVDTP disconnect timer.
    - Fix issue with AVDTP not sending GetCapabilities.
    - Fix issue with AVDTP connecting using streaming mode.
    - Fix issue with handling A2DP and remote SEP disappearing.
    - Fix issue with handling session of A2DP channels.
    - Fix issue with GATT and handling device removal.
    - Fix issue with GATT not accepting multiple requests.
    - Fix issue with HID report value callback registration.
    - Add support for new advertising management command.
    - Add support for battery D-Bus interface.
  * Refreshed patches:
    - 0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch
    - 0001-obex-Use-GLib-helper-function-to-manipulate-paths.patch
    - 0002-hostname-handle-chassis-type-handset.patch
    - bluetooth.conf.patch
    - change_path_of_hogsuspend.patch
    - raspi-bcm43xx-3wire.patch
    - raspi-bcm43xx-load-firmware.patch
    - raspi-cypress-305-bdaddr.patch
  * Removed packaging of deprecated files bccmd*
  * debian/libbluetooth3.symbols: Added new function bt_malloc0
  * Dropped patch migrate_scripts_python3.patch because nobody was maintaining
    or using it, and it caused conflicts. If you want to run tests using
    python3 then please propose it upstream. Otherwise we do still package
    bluez-tests, and if you really need to run them then use your own python2.

 -- Daniel van Vugt <email address hidden>  Tue, 23 Feb 2021 17:58:00 +0800
Superseded in hirsute-proposed 
bluez (5.55-0ubuntu5) hirsute; urgency=medium

  * Correctly include the updated patches now

 -- Sebastien Bacher <email address hidden>  Thu, 04 Feb 2021 13:37:23 +0100

Available diffs

Superseded in hirsute-proposed 
bluez (5.55-0ubuntu3.2) hirsute; urgency=medium

  * Add the refined Raspi patches currently awaiting review upstream
    (LP: #1903048)

 -- Dave Jones <email address hidden>  Tue, 26 Jan 2021 15:24:25 +0000

Available diffs

Superseded in hirsute-proposed 
bluez (5.55-0ubuntu3.1) hirsute; urgency=medium

  * Restore the Raspi patches to avoid any potential delay in the SRU,
    we will block the update in proposed instead which should be enough as
    a reminder that things need to be sorted out in the current serie.

 -- Sebastien Bacher <email address hidden>  Fri, 13 Nov 2020 15:08:07 +0100

Available diffs

Superseded in hirsute-release
Deleted in hirsute-proposed (Reason: moved to Release) 
bluez (5.55-0ubuntu3) hirsute; urgency=medium

  * Revert the previous upload until the changes are properly reviewed and
    upstreamed, see the bug report for some more detailled discussions
    (reopen bug 1903048)

 -- Sebastien Bacher <email address hidden>  Thu, 12 Nov 2020 11:59:23 +0100

Available diffs

Superseded in groovy-updates
Deleted in groovy-proposed (Reason: moved to -updates) 
bluez (5.55-0ubuntu1.1) groovy; urgency=medium

  * Added patches from the Raspberry Pi Foundation
    - d/p/raspi-bcm43xx-load-firmware.patch
    - d/p/raspi-bcm43xx-3wire.patch
    - d/p/raspi-cypress-305-bdaddr.patch
  * These patches fix Bluetooth operation on the Pi 400 (LP: #1903048)

 -- Dave Jones <email address hidden>  Thu, 05 Nov 2020 13:39:07 +0000

Available diffs

Superseded in hirsute-release
Deleted in hirsute-proposed (Reason: moved to Release) 
bluez (5.55-0ubuntu2) hirsute; urgency=medium

  * Added patches from the Raspberry Pi Foundation
    - d/p/raspi-bcm43xx-load-firmware.patch
    - d/p/raspi-bcm43xx-3wire.patch
    - d/p/raspi-cypress-305-bdaddr.patch
  * These patches fix Bluetooth operation on the Pi 400 (LP: #1903048)

 -- Dave Jones <email address hidden>  Thu, 05 Nov 2020 13:39:07 +0000

Available diffs

Superseded in hirsute-release
Obsolete in groovy-release
Deleted in groovy-proposed (Reason: moved to Release) 
bluez (5.55-0ubuntu1) groovy; urgency=medium

  * New upstream release 5.55 (LP: #1895640)
    - Fix issue with handling security level for HoG.
    - Fix issue with handling HIDSDPDisable attribute.
    - Fix issue with handling HID virtual cable unplug.
    - Fix issue with handling HID channel disconnect order.
    - Fix issue with handling AVDTP delay reporting states.
    - Fix issue with handling AVRCP notification events.
    - Fix issue with handling AVRCP list player attributes.
    - Fix issue with handling AVRCP category 1 player settings.
    - Fix issue with handling AVRCP media player passthrough bitmask.
    - Fix issue with handling HFP 1.7 default features.
    - Fix issue with handling GATT disconnecting handling.
    - Fix issue with handling GATT database hash.
    - Fix issue with handling service changed characteristic.
    - Fix issue with handling read of multiple characteristic values.
    - Fix issue with handling Just-Works auto-accept pairing.
    - Fix issue with handling authentication of bonded devices.
    - Fix issue with handling L2CAP streaming mode for AVDTP.
    - Fix issue with handling SysEx parser for MIDI support.
    - Fix issue with handling configured scan parameter values.
    - Fix issue with handling temporary devices removal.
    - Fix issue with handling advertising flags.

 -- Daniel van Vugt <email address hidden>  Tue, 15 Sep 2020 17:17:32 +0800

Available diffs

Superseded in groovy-release
Deleted in groovy-proposed (Reason: moved to Release) 
bluez (5.54-0ubuntu1) groovy; urgency=medium

  * New upstream release 5.54 (LP: #1877536)
    - Fix issue with HOGP to accept data only from bonded devices.
    - Fix issue with A2DP sessions being connected at the same time.
    - Fix issue with class UUID matches before connecting profile.
    - Add support for handling MTU auto-tuning option for AVDTP.
    - Add support for new policy for Just-Works repairing.
    - Add support for Enhanced ATT bearer (EATT).
  * Dropped CVE-2020-0556-[1-4].patch as release 5.54 onward is not affected.
  * Dropped (already unused) CVE-2017-1000250.patch as release 5.47 onward
    is not affected.

 -- Daniel van Vugt <email address hidden>  Fri, 08 May 2020 16:28:03 +0800

Available diffs

Superseded in groovy-release
Published in focal-release
Deleted in focal-proposed (Reason: moved to Release) 
bluez (5.53-0ubuntu3) focal; urgency=medium

  * debian/patches/ubuntu_error_restart.patch:
    - restart the service on errors

 -- Sebastien Bacher <email address hidden>  Fri, 03 Apr 2020 08:47:01 +0200

Available diffs

Published in xenial-updates
Published in xenial-security 
bluez (5.37-0ubuntu5.3) xenial-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in parse_line function
    - debian/patches/CVE-2016-7837.patch: make sure we don't write past the
      end of the array in tools/csr.c.
    - CVE-2016-7837
  * SECURITY UPDATE: privilege escalation via improper access control
    - debian/patches/CVE-2020-0556-pre1.patch: use .accept and .disconnect
      instead of attio in profiles/input/hog.c, src/device.c, src/device.h.
    - debian/patches/CVE-2020-0556-1.patch: HOGP must only accept data from
      bonded devices in profiles/input/hog.c.
    - debian/patches/CVE-2020-0556-2.patch: HID accepts bonded device
      connections only in profiles/input/device.c, profiles/input/device.h,
      profiles/input/input.conf, profiles/input/manager.c.
    - debian/patches/CVE-2020-0556-3.patch: attempt to set security level
      if not bonded in profiles/input/hog.c.
    - debian/patches/CVE-2020-0556-4.patch: add LEAutoSecurity setting to
      input.conf in profiles/input/device.h, profiles/input/hog.c,
      profiles/input/input.conf, profiles/input/manager.c.
    - CVE-2020-0556

 -- Marc Deslauriers <email address hidden>  Mon, 23 Mar 2020 08:39:08 -0400
Superseded in bionic-updates
Superseded in bionic-security 
bluez (5.48-0ubuntu3.4) bionic-security; urgency=medium

  * SECURITY UPDATE: privilege escalation via improper access control
    - debian/patches/CVE-2020-0556-1.patch: HOGP must only accept data from
      bonded devices in profiles/input/hog.c.
    - debian/patches/CVE-2020-0556-2.patch: HID accepts bonded device
      connections only in profiles/input/device.c, profiles/input/device.h,
      profiles/input/input.conf, profiles/input/manager.c.
    - debian/patches/CVE-2020-0556-3.patch: attempt to set security level
      if not bonded in profiles/input/hog.c.
    - debian/patches/CVE-2020-0556-4.patch: add LEAutoSecurity setting to
      input.conf in profiles/input/device.h, profiles/input/hog.c,
      profiles/input/input.conf, profiles/input/manager.c.
    - CVE-2020-0556

 -- Marc Deslauriers <email address hidden>  Mon, 23 Mar 2020 08:26:28 -0400
Obsolete in eoan-updates
Obsolete in eoan-security 
bluez (5.50-0ubuntu5.1) eoan-security; urgency=medium

  * SECURITY UPDATE: privilege escalation via improper access control
    - debian/patches/CVE-2020-0556-1.patch: HOGP must only accept data from
      bonded devices in profiles/input/hog.c.
    - debian/patches/CVE-2020-0556-2.patch: HID accepts bonded device
      connections only in profiles/input/device.c, profiles/input/device.h,
      profiles/input/input.conf, profiles/input/manager.c.
    - debian/patches/CVE-2020-0556-3.patch: attempt to set security level
      if not bonded in profiles/input/hog.c.
    - debian/patches/CVE-2020-0556-4.patch: add LEAutoSecurity setting to
      input.conf in profiles/input/device.h, profiles/input/hog.c,
      profiles/input/input.conf, profiles/input/manager.c.
    - CVE-2020-0556

 -- Marc Deslauriers <email address hidden>  Mon, 23 Mar 2020 08:25:48 -0400
Superseded in focal-release
Deleted in focal-proposed (Reason: moved to Release) 
bluez (5.53-0ubuntu2) focal; urgency=medium

  * SECURITY UPDATE: privilege escalation via improper access control
    - debian/patches/CVE-2020-0556-1.patch: HOGP must only accept data from
      bonded devices in profiles/input/hog.c.
    - debian/patches/CVE-2020-0556-2.patch: HID accepts bonded device
      connections only in profiles/input/device.c, profiles/input/device.h,
      profiles/input/input.conf, profiles/input/manager.c.
    - debian/patches/CVE-2020-0556-3.patch: attempt to set security level
      if not bonded in profiles/input/hog.c.
    - debian/patches/CVE-2020-0556-4.patch: add LEAutoSecurity setting to
      input.conf in profiles/input/device.h, profiles/input/hog.c,
      profiles/input/input.conf, profiles/input/manager.c.
    - CVE-2020-0556

 -- Marc Deslauriers <email address hidden>  Mon, 23 Mar 2020 07:50:02 -0400

Available diffs

Superseded in focal-release
Deleted in focal-proposed (Reason: moved to Release) 
bluez (5.53-0ubuntu1) focal; urgency=medium

  * New upstream release 5.53 (LP: #1864824)
    - Fix issue with handling unregistration for advertisment.
    - Fix issue with A2DP and handling recovering process.
    - Fix issue with udpating input device information.
    - Add support for loading blocked keys.

 -- Daniel van Vugt <email address hidden>  Wed, 26 Feb 2020 17:57:54 +0800

Available diffs

Superseded in bionic-updates
Deleted in bionic-proposed (Reason: moved to -updates) 
bluez (5.48-0ubuntu3.3) bionic; urgency=medium

  * Add lp1845046-policy-Add-logic-to-connect-a-Sink.patch to properly expose
    A2DP high quality audio support on some headphones (LP: #1845046).

 -- Daniel van Vugt <email address hidden>  Mon, 06 Jan 2020 16:30:36 +0800
Superseded in eoan-updates
Deleted in eoan-proposed (Reason: moved to -updates) 
bluez (5.50-0ubuntu5) eoan; urgency=medium

  * Add lp1845046-policy-Add-logic-to-connect-a-Sink.patch to properly expose
    A2DP high quality audio support on some headphones (LP: #1845046).

 -- Daniel van Vugt <email address hidden>  Mon, 06 Jan 2020 14:17:42 +0800

Available diffs

Superseded in focal-release
Deleted in focal-proposed (Reason: moved to Release) 
bluez (5.52-0ubuntu2) focal; urgency=medium

  * Don't build bluez-cups on i386.

 -- Steve Langasek <email address hidden>  Fri, 20 Dec 2019 00:01:27 -0600

Available diffs

Superseded in focal-release
Deleted in focal-proposed (Reason: moved to Release) 
bluez (5.52-0ubuntu1) focal; urgency=medium

  * New upstream release 5.52 (LP: #1854689):
    - Fix issue with AVDTP session disconnect timeout handling.
    - Mark media endpoint APIs as stable interfaces.

 -- Daniel van Vugt <email address hidden>  Thu, 12 Dec 2019 09:42:09 +0100

Available diffs

Superseded in focal-release
Deleted in focal-proposed (Reason: moved to Release) 
bluez (5.51-0ubuntu2) focal; urgency=medium

  * Make autopkgtests cross-test-friendly.

 -- Steve Langasek <email address hidden>  Sat, 07 Dec 2019 13:49:35 -0800

Available diffs

Superseded in focal-release
Deleted in focal-proposed (Reason: moved to Release) 
bluez (5.51-0ubuntu1) focal; urgency=medium

  * New upstream release 5.51 (LP: #1849641):
    - Many fixes
    - Improved Bluetooth Mesh support
    - Support for the GATT Database Hash feature
  * Refreshed patches and fixed conflicts:
    - bluetooth.conf.patch
    - 0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch
  * Drop upstreamed patches:
    - tools-Fix-build-after-y2038-changes-in-glibc.patch

 -- Daniel van Vugt <email address hidden>  Thu, 24 Oct 2019 17:15:15 +0800

Available diffs

Superseded in bionic-updates
Deleted in bionic-proposed (Reason: moved to -updates) 
bluez (5.48-0ubuntu3.2) bionic; urgency=medium

  * d/p/lp1759836.patch: avoid endless udev events from new bind uevents
    (LP: #1759836)

 -- Dan Streetman <email address hidden>  Tue, 10 Sep 2019 17:25:22 -0400
175 of 231 results FirstPreviousLast