-
bluez (5.56-0ubuntu4.3) hirsute-security; urgency=medium
* SECURITY UPDATE: incorrect discoverable status
- debian/patches/CVE-2021-3658.patch: fix storing discoverable setting
in src/adapter.c.
- CVE-2021-3658
* SECURITY UPDATE: DoS via memory leak in sdp_cstate_alloc_buf
- debian/patches/CVE-2021-41229.patch: fix leaking buffers stored in
cstates cache in src/sdpd-request.c, src/sdpd-server.c, src/sdpd.h,
unit/test-sdp.c.
- CVE-2021-41229
* SECURITY UPDATE: use-after-free when client disconnects
- debian/patches/CVE-2021-43400-pre2.patch: no multiple calls to
AcquireWrite in src/gatt-database.c.
- debian/patches/CVE-2021-43400.patch: fix not cleaning up when
disconnected in src/gatt-database.c.
- CVE-2021-43400
-- Marc Deslauriers <email address hidden> Wed, 17 Nov 2021 10:12:50 -0500
-
bluez (5.56-0ubuntu4.2) hirsute; urgency=medium
* debian/patches/0001-fix-reading-from-rfkill-socket.patch:
- fix reading from rfkill socket (lp: #1933221)
-- Andy Chi <email address hidden> Tue, 22 Jun 2021 08:07:12 +0000
-
bluez (5.56-0ubuntu4.1) hirsute-security; urgency=medium
* SECURITY UPDATE: secure pairing passkey brute force
- debian/patches/CVE-2020-26558.patch: fix not properly checking for
secure flags in src/shared/att-types.h, src/shared/gatt-server.c.
- CVE-2020-26558
-- Marc Deslauriers <email address hidden> Wed, 09 Jun 2021 10:59:03 -0400
-
bluez (5.56-0ubuntu4) hirsute; urgency=medium
* Add hog-lib-Fix-crash-when-receiving-UHID_GET_REPORT.patch to fix crashes
when connecting Bluetooth keyboards (LP: #1924217)
-- Daniel van Vugt <email address hidden> Thu, 15 Apr 2021 14:47:04 +0800
-
bluez (5.56-0ubuntu3) hirsute; urgency=medium
* Mark symbols as option, not seen when building with lto.
-- Matthias Klose <email address hidden> Mon, 22 Mar 2021 19:59:17 +0100
-
bluez (5.56-0ubuntu2) hirsute; urgency=medium
* Drop build-dependency on obsolete dh-systemd.
-- Steve Langasek <email address hidden> Tue, 02 Mar 2021 14:39:18 -0800
-
bluez (5.56-0ubuntu1) hirsute; urgency=medium
* New upstream release 5.56 (LP: #1916570)
- Fix issue with setting AVDTP disconnect timer.
- Fix issue with AVDTP not sending GetCapabilities.
- Fix issue with AVDTP connecting using streaming mode.
- Fix issue with handling A2DP and remote SEP disappearing.
- Fix issue with handling session of A2DP channels.
- Fix issue with GATT and handling device removal.
- Fix issue with GATT not accepting multiple requests.
- Fix issue with HID report value callback registration.
- Add support for new advertising management command.
- Add support for battery D-Bus interface.
* Refreshed patches:
- 0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch
- 0001-obex-Use-GLib-helper-function-to-manipulate-paths.patch
- 0002-hostname-handle-chassis-type-handset.patch
- bluetooth.conf.patch
- change_path_of_hogsuspend.patch
- raspi-bcm43xx-3wire.patch
- raspi-bcm43xx-load-firmware.patch
- raspi-cypress-305-bdaddr.patch
* Removed packaging of deprecated files bccmd*
* debian/libbluetooth3.symbols: Added new function bt_malloc0
* Dropped patch migrate_scripts_python3.patch because nobody was maintaining
or using it, and it caused conflicts. If you want to run tests using
python3 then please propose it upstream. Otherwise we do still package
bluez-tests, and if you really need to run them then use your own python2.
-- Daniel van Vugt <email address hidden> Tue, 23 Feb 2021 17:58:00 +0800
-
bluez (5.55-0ubuntu5) hirsute; urgency=medium
* Correctly include the updated patches now
-- Sebastien Bacher <email address hidden> Thu, 04 Feb 2021 13:37:23 +0100
-
bluez (5.55-0ubuntu3.2) hirsute; urgency=medium
* Add the refined Raspi patches currently awaiting review upstream
(LP: #1903048)
-- Dave Jones <email address hidden> Tue, 26 Jan 2021 15:24:25 +0000
-
bluez (5.55-0ubuntu3.1) hirsute; urgency=medium
* Restore the Raspi patches to avoid any potential delay in the SRU,
we will block the update in proposed instead which should be enough as
a reminder that things need to be sorted out in the current serie.
-- Sebastien Bacher <email address hidden> Fri, 13 Nov 2020 15:08:07 +0100
-
bluez (5.55-0ubuntu3) hirsute; urgency=medium
* Revert the previous upload until the changes are properly reviewed and
upstreamed, see the bug report for some more detailled discussions
(reopen bug 1903048)
-- Sebastien Bacher <email address hidden> Thu, 12 Nov 2020 11:59:23 +0100
-
bluez (5.55-0ubuntu2) hirsute; urgency=medium
* Added patches from the Raspberry Pi Foundation
- d/p/raspi-bcm43xx-load-firmware.patch
- d/p/raspi-bcm43xx-3wire.patch
- d/p/raspi-cypress-305-bdaddr.patch
* These patches fix Bluetooth operation on the Pi 400 (LP: #1903048)
-- Dave Jones <email address hidden> Thu, 05 Nov 2020 13:39:07 +0000
-
bluez (5.55-0ubuntu1) groovy; urgency=medium
* New upstream release 5.55 (LP: #1895640)
- Fix issue with handling security level for HoG.
- Fix issue with handling HIDSDPDisable attribute.
- Fix issue with handling HID virtual cable unplug.
- Fix issue with handling HID channel disconnect order.
- Fix issue with handling AVDTP delay reporting states.
- Fix issue with handling AVRCP notification events.
- Fix issue with handling AVRCP list player attributes.
- Fix issue with handling AVRCP category 1 player settings.
- Fix issue with handling AVRCP media player passthrough bitmask.
- Fix issue with handling HFP 1.7 default features.
- Fix issue with handling GATT disconnecting handling.
- Fix issue with handling GATT database hash.
- Fix issue with handling service changed characteristic.
- Fix issue with handling read of multiple characteristic values.
- Fix issue with handling Just-Works auto-accept pairing.
- Fix issue with handling authentication of bonded devices.
- Fix issue with handling L2CAP streaming mode for AVDTP.
- Fix issue with handling SysEx parser for MIDI support.
- Fix issue with handling configured scan parameter values.
- Fix issue with handling temporary devices removal.
- Fix issue with handling advertising flags.
-- Daniel van Vugt <email address hidden> Tue, 15 Sep 2020 17:17:32 +0800
