From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:38939) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ds9rb-0005Vc-9S for guix-patches@gnu.org; Wed, 13 Sep 2017 11:46:08 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ds9rX-0007bx-Ao for guix-patches@gnu.org; Wed, 13 Sep 2017 11:46:07 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:58079) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1ds9rW-0007bg-TX for guix-patches@gnu.org; Wed, 13 Sep 2017 11:46:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1ds9rW-0000SB-M8 for guix-patches@gnu.org; Wed, 13 Sep 2017 11:46:02 -0400 Subject: [bug#28447] [PATCH] gnu: bluez: Fix CVE-2017-1000250. Resent-Message-ID: Received: from eggs.gnu.org ([2001:4830:134:3::10]:38731) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ds9qZ-0005EZ-VM for guix-patches@gnu.org; Wed, 13 Sep 2017 11:45:08 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ds9qW-0006oQ-1V for guix-patches@gnu.org; Wed, 13 Sep 2017 11:45:03 -0400 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:45843) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1ds9qV-0006n6-TS for guix-patches@gnu.org; Wed, 13 Sep 2017 11:44:59 -0400 From: Marius Bakke Date: Wed, 13 Sep 2017 17:44:25 +0200 Message-Id: <20170913154425.3647-1-mbakke@fastmail.com> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: 28447@debbugs.gnu.org * gnu/packages/linux.scm (%bluez-CVE-2017-1000250.patch): New variable. (bluez)[replacement]: New field. (bluez/fixed): New variable. --- gnu/packages/linux.scm | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index bfa736c1c..9dc68a2b3 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -3009,10 +3009,24 @@ applications.") Bluetooth audio output devices like headphones or loudspeakers.") (license license:gpl2+))) +;; Fix remote information disclosure in bluetoothd. +;; https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000250 +;; https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000250.html +(define %bluez-CVE-2017-1000250.patch + (origin + (method url-fetch) + (uri "https://git.kernel.org/pub/scm/bluetooth/bluez.git/patch/?id=\ +9e009647b14e810e06626dde7f1bb9ea3c375d09") + (file-name "bluez-CVE-2017-1000250.patch") + (sha256 + (base32 + "0p6gblj775sv0xx4pvdll39j6spg8ihhshid5z6lgrjh0rmxi3sk")))) + (define-public bluez (package (name "bluez") (version "5.45") + (replacement bluez/fixed) (source (origin (method url-fetch) (uri (string-append @@ -3074,6 +3088,13 @@ Bluetooth audio output devices like headphones or loudspeakers.") is flexible, efficient and uses a modular implementation.") (license license:gpl2+))) +(define bluez/fixed + (package + (inherit bluez) + (source (origin + (inherit (package-source bluez)) + (patches (list %bluez-CVE-2017-1000250.patch)))))) + (define-public fuse-exfat (package (name "fuse-exfat") -- 2.14.1