upg bluez chrpath libnbd squid tor

bluez/CVE-2023-45866.patch

@@ -0,0 +1,47 @@
+From 25a471a83e02e1effb15d5a488b3f0085eaeb675 Mon Sep 17 00:00:00 2001
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+Date: Tue, 10 Oct 2023 13:03:12 -0700
+Subject: [PATCH] input.conf: Change default of ClassicBondedOnly
+
+This changes the default of ClassicBondedOnly since defaulting to false
+is not inline with HID specification which mandates the of Security Mode
+4:
+
+BLUETOOTH SPECIFICATION Page 84 of 123
+Human Interface Device (HID) Profile:
+
+  5.4.3.4.2 Security Modes
+  Bluetooth HID Hosts shall use Security Mode 4 when interoperating with
+  Bluetooth HID devices that are compliant to the Bluetooth Core
+  Specification v2.1+EDR[6].
+---
+ profiles/input/device.c   | 2 +-
+ profiles/input/input.conf | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/profiles/input/device.c b/profiles/input/device.c
+index 4a50ea9921..4310dd192e 100644
+--- a/profiles/input/device.c
++++ b/profiles/input/device.c
+@@ -81,7 +81,7 @@ struct input_device {
+ 
+ static int idle_timeout = 0;
+ static bool uhid_enabled = false;
+-static bool classic_bonded_only = false;
++static bool classic_bonded_only = true;
+ 
+ void input_set_idle_timeout(int timeout)
+ {
+diff --git a/profiles/input/input.conf b/profiles/input/input.conf
+index 4c70bc561f..d8645f3dd6 100644
+--- a/profiles/input/input.conf
++++ b/profiles/input/input.conf
+@@ -17,7 +17,7 @@
+ # platforms may want to make sure that input connections only come from bonded
+ # device connections. Several older mice have been known for not supporting
+ # pairing/encryption.
+-# Defaults to false to maximize device compatibility.
++# Defaults to true for security.
+ #ClassicBondedOnly=true
+ 
+ # LE upgrade security

bluez/PKGBUILD

@@ -8,14 +8,23 @@
 pkgbase=bluez
 pkgname=('bluez' 'bluez-utils' 'bluez-libs' 'bluez-cups' 'bluez-hid2hci' 'bluez-plugins')
 pkgver=5.70
-pkgrel=01
+pkgrel=02
 url="http://www.bluez.org/"
 # options=('debug')  ### uncomment this to have the debug pkgs produced 
 makedepends=('glibc' 'dbus' 'libical' 'alsa-lib' 'json-c' 'ell' 'python-docutils')
 source=(https://www.kernel.org/pub/linux/bluetooth/${pkgname}-${pkgver}.tar.{xz,sign}
-        bluetooth.modprobe)
+        bluetooth.modprobe
+        CVE-2023-45866.patch::https://github.com/bluez/bluez/commit/25a471a83e02e1effb15d5a488b3f0085eaeb675.patch) 
+ #https://gitlab.archlinux.org/archlinux/packaging/packages/bluez/-/issues/2 
+
 # see https://www.kernel.org/pub/linux/bluetooth/sha256sums.asc
 
+prepare() {
+  # Temporary patch to fix CVE-2023-45866. See https://gitlab.archlinux.org/archlinux/packaging/packages/bluez/-/issues/2
+  cd $pkgname-$pkgver
+  patch -Np1 <${srcdir}/CVE-2023-45866.patch
+}
+
 build() {
   cd $pkgname-$pkgver
   ./configure \
@@ -176,12 +185,13 @@ validpgpkeys=('E932D120BC2AEC444E558F0106CA9F5D1DCF2659') # Marcel Holtmann <mar
 
 sha256sums=(37e372e916955e144cb882f888e4be40898f10ae3b7c213ddcdd55ee9c009278  # bluez-5.70.tar.xz
 	bdc32cf98ea82cda3d7c7fdb7335e3a7202f42b490014f6cd68e03031c152152  # bluez-5.70.tar.sign
-	46c021be659c9a1c4e55afd04df0c059af1f3d98a96338236412e449bf7477b4) # bluetooth.modprobe
+	46c021be659c9a1c4e55afd04df0c059af1f3d98a96338236412e449bf7477b4  # bluetooth.modprobe
+	933de421722c7511b5de1efd07a888328d44fa7d99f753696c6d67f938eab24c) # CVE-2023-45866.patch
 
+##  6109e30ad713bbd3cf80522d555365b3d20f28f30f26a583df31566271a269de  bluez-5.70-02-x86_64.pkg.tar.lz
+##  ed5c220b63a13bf418f15f577f4dde855a7d6d20b394fdf0899ea62b31765f96  bluez-cups-5.70-02-x86_64.pkg.tar.lz
+##  fe87b63d1169165ea128c58d151e766cb2fbae42d53587efa01c832c08e2a0f2  bluez-hid2hci-5.70-02-x86_64.pkg.tar.lz
+##  5768c8b821019551db907c7feb10df026d80e2a517037175a1e3382c45019d0a  bluez-libs-5.70-02-x86_64.pkg.tar.lz
+##  27f2cfb092ff63573282cb4ba3801d97daf0c3697d2f8246f9da4239098c78f2  bluez-plugins-5.70-02-x86_64.pkg.tar.lz
+##  b3ab7d8d7c0bca8df60e51369127319488cfb53edfde5df1295c8751c51ffe88  bluez-utils-5.70-02-x86_64.pkg.tar.lz
 
-##  e2a4f54373b3689180e9f999313ba4a9dcc2632d1aaa6aeb1a8ce5f1b92d0e97  bluez-5.70-01-x86_64.pkg.tar.lz
-##  e69a2c77c9c32b1e700d96de37d6d79675b4251814e4d6c71330fc2b19e2b4b8  bluez-cups-5.70-01-x86_64.pkg.tar.lz
-##  d0b7be7eedc493217030129f19b73cae27a52ae44eb91c0af94f7827c081330e  bluez-hid2hci-5.70-01-x86_64.pkg.tar.lz
-##  ee3ba5dd83ad298ee786c4123c00be64ebc625536dc33081f9726e6c7fd4782f  bluez-libs-5.70-01-x86_64.pkg.tar.lz
-##  2c5b50a1cfbff77cc7fc284979bfe54674299798625fb1a74bb92e10761df2c0  bluez-plugins-5.70-01-x86_64.pkg.tar.lz
-##  802e18128cfcd00ec98d865202942ecaa60cadbf1bd9bfcf6b4875bc785e503c  bluez-utils-5.70-01-x86_64.pkg.tar.lz

bluez/PKGBUILD-arch

@@ -7,20 +7,28 @@
 pkgbase=bluez
 pkgname=('bluez' 'bluez-utils' 'bluez-libs' 'bluez-cups' 'bluez-hid2hci' 'bluez-plugins')
 pkgver=5.70
-pkgrel=1
+pkgrel=2
 url="http://www.bluez.org/"
 arch=('x86_64')
 license=('GPL2')
 makedepends=('dbus' 'libical' 'systemd' 'alsa-lib' 'json-c' 'ell' 'python-docutils')
 source=(https://www.kernel.org/pub/linux/bluetooth/${pkgname}-${pkgver}.tar.{xz,sign}
         bluetooth.modprobe
+        CVE-2023-45866.patch::https://github.com/bluez/bluez/commit/25a471a83e02e1effb15d5a488b3f0085eaeb675.patch #https://gitlab.archlinux.org/archlinux/packaging/packages/bluez/-/issues/2
 )
 # see https://www.kernel.org/pub/linux/bluetooth/sha256sums.asc
 sha256sums=('37e372e916955e144cb882f888e4be40898f10ae3b7c213ddcdd55ee9c009278'
             'SKIP'
-            '46c021be659c9a1c4e55afd04df0c059af1f3d98a96338236412e449bf7477b4')
+            '46c021be659c9a1c4e55afd04df0c059af1f3d98a96338236412e449bf7477b4'
+            '933de421722c7511b5de1efd07a888328d44fa7d99f753696c6d67f938eab24c')
 validpgpkeys=('E932D120BC2AEC444E558F0106CA9F5D1DCF2659') # Marcel Holtmann <marcel@holtmann.org>
 
+prepare() {
+  # Temporary patch to fix CVE-2023-45866. See https://gitlab.archlinux.org/archlinux/packaging/packages/bluez/-/issues/2
+  cd "${pkgname}"-${pkgver}
+  patch -Np1 <${srcdir}/CVE-2023-45866.patch
+}
+
 build() {
   cd "${pkgname}"-${pkgver}
   ./configure \

chrpath/PKGBUILD

@@ -6,30 +6,27 @@
 #-----------------------------------------| DESCRIPTION |---------------------------------------
 
 pkgname=chrpath
-pkgver=0.16
-pkgrel=04
+pkgver=0.17
+pkgrel=01
 pkgdesc="Change or delete the rpath or runpath in ELF files"
-url="https://directory.fsf.org/project/chrpath/"
-depends=('glibc')
-source=("https://deb.debian.org/debian/pool/main/c/chrpath/chrpath_$pkgver.orig.tar.gz")
+url="https://codeberg.org/pere/chrpath"
+depends=(glibc)
+makedepends=(git)
+source=("git+https://codeberg.org/pere/chrpath.git#tag=release-$pkgver")
 
 prepare() {
-  cd "${srcdir}"/$pkgname-$pkgver
-#  rm -f config.guess
-#  aclocal
-#  libtoolize
-#  automake --add-missing
-#  autoconf
+  cd "${srcdir}"/$pkgname
+  sh bootstrap
 }
 
 build() {
-  cd "${srcdir}"/$pkgname-$pkgver
+  cd "${srcdir}"/$pkgname
   ./configure --prefix=/usr --mandir=/usr/share/man
   make
 }
 
 package() {
-  cd "${srcdir}"/$pkgname-$pkgver
+  cd "${srcdir}"/$pkgname
   make DESTDIR="${pkgdir}" docdir=/usr/share/doc/chrpath install
 }
 
@@ -39,6 +36,7 @@ arch=(x86_64)
 
 license=('GPL2')
 
-sha256sums=(bb0d4c54bac2990e1bdf8132f2c9477ae752859d523e141e72b3b11a12c26e7b) # chrpath_0.16.orig.tar.gz
+sha256sums=(SKIP) # chrpath
+
+##  5337a8a50dd0a6672fdcad8dad8d5a719392f41f16ec278abcc32c887c3513b6  chrpath-0.17-01-x86_64.pkg.tar.lz
 
-##  6b96f323fde9ddbec8e4a7c01faa9604f3fb50ccb83f332a2546f9894c089d81  chrpath-0.16-04-x86_64.pkg.tar.lz

chrpath/PKGBUILD-arch

@@ -2,33 +2,29 @@
 # Contributor: Gerardo Exequiel Pozzi <vmlinuz386@yahoo.com.ar>
 
 pkgname=chrpath
-pkgver=0.16
-pkgrel=4
+pkgver=0.17
+pkgrel=1
 pkgdesc="Change or delete the rpath or runpath in ELF files"
 arch=('x86_64')
-url="https://directory.fsf.org/project/chrpath/"
+url="https://codeberg.org/pere/chrpath"
 license=('GPL2')
 depends=('glibc')
-source=("https://deb.debian.org/debian/pool/main/c/chrpath/chrpath_$pkgver.orig.tar.gz")
-md5sums=('2bf8d1d1ee345fc8a7915576f5649982')
-sha256sums=('bb0d4c54bac2990e1bdf8132f2c9477ae752859d523e141e72b3b11a12c26e7b')
+makedepends=('git')
+source=("git+https://codeberg.org/pere/chrpath.git#tag=release-$pkgver")
+sha256sums=('SKIP')
 
 prepare() {
-  cd "${srcdir}"/$pkgname-$pkgver
-#  rm -f config.guess
-#  aclocal
-#  libtoolize
-#  automake --add-missing
-#  autoconf
+  cd "${srcdir}"/$pkgname
+  sh bootstrap
 }
 
 build() {
-  cd "${srcdir}"/$pkgname-$pkgver
+  cd "${srcdir}"/$pkgname
   ./configure --prefix=/usr --mandir=/usr/share/man
   make
 }
 
 package() {
-  cd "${srcdir}"/$pkgname-$pkgver
+  cd "${srcdir}"/$pkgname
   make DESTDIR="${pkgdir}" docdir=/usr/share/doc/chrpath install
 }

chrpath/clean

@@ -1 +1,2 @@
-rm -rf {src,pkg,chrpa*.tar.gz}
+rm -rf {src,pkg,chrpath}
+

chrpath/deps

@@ -1,2 +1,5 @@
-  
-  
+git
+
+
+automake
+autoconf

libnbd/PKGBUILD

@@ -7,7 +7,7 @@
 
 pkgname=libnbd
 pkgver=1.18.1
-pkgrel=02
+pkgrel=03
 pkgdesc="NBD (network block devices) client library in userspace"
 url="https://gitlab.com/nbdkit/libnbd"
 depends=('glibc' 'gnutls' 'libxml2')
@@ -48,5 +48,5 @@ validpgpkeys=('F7774FB1AD074A7E8C8767EA91738F73E1B768A0')
 sha256sums=(50d1d1a610f0d727119e9d0a0a5cc7952b8b231b3931ce2072307e105fec99b6  # libnbd-1.18.1.tar.gz
 	fc250987092411d621f95cc857272e3ca197bb56d7336b840a34098ebb0e3e2c) # libnbd-1.18.1.tar.gz.sig
 
-##  0352f2a957a6a95aff7dba91eb0c565d330ba7411573d324d81c3e0029127b2c  libnbd-1.18.1-02-x86_64.pkg.tar.lz
+##  0c69d5adaf9539e03647f308da1a42d7f6b9da29c99c114a55ae824c6c0aab0d  libnbd-1.18.1-03-x86_64.pkg.tar.lz
 

libnbd/PKGBUILD-arch

@@ -2,7 +2,7 @@
 # Contributor: Thomas Weißschuh <thomas t-8ch de>
 pkgname=libnbd
 pkgver=1.18.1
-pkgrel=2
+pkgrel=3
 pkgdesc="NBD client library in userspace"
 arch=('x86_64')
 url="https://gitlab.com/nbdkit/libnbd"

squid/PKGBUILD

@@ -7,7 +7,7 @@
 
 pkgname=squid
 pkgver=6.6
-pkgrel=00
+pkgrel=01
 pkgdesc='Full-featured Web proxy cache server w/o systemd & ipv6'
 url='http://www.squid-cache.org'
 depends=('openssl' 'pam' 'perl' 'libltdl' 'libcap' 'nettle' 'gnutls' 'libnsl' 'libxml2'
@@ -117,5 +117,5 @@ sha256sums=(55bd7f9f4898153161ea1228998acb551bf840832b9e5b90fc8ecd2942420318  #
 	c903eb86e6968b9d3bd0a9ad3335e8ce76a718b6217251e9dd7e66d5cf1ac94a  # squid.sysusers
 	495f54e51f6ec1e4dce87090d76718aea1eb37559c4439d876dd39598163062a) # squid.tmpfiles
 
-##  896a52cd266506a70de89bc5b12cb04d5bba9f7bb99a9c7652ed53e6a5bca04b  squid-6.6-00-x86_64.pkg.tar.lz
+##  0353433beaf721944bc047b4673d9d6f87af2b06ba7ea1ab74941e1ab08cb3f3  squid-6.6-01-x86_64.pkg.tar.lz
 

squid/PKGBUILD-arch

@@ -4,8 +4,8 @@
 # Contributor: Kevin Piche <kevin@archlinux.org>
 
 pkgname=squid
-pkgver=6.4
-pkgrel=3
+pkgver=6.6
+pkgrel=1
 pkgdesc='Full-featured Web proxy cache server'
 arch=('x86_64')
 url='http://www.squid-cache.org'
@@ -32,7 +32,7 @@ source=("http://www.squid-cache.org/Versions/v6/$pkgname-$pkgver.tar.xz"{,.asc}
         'squid.sysusers'
         'squid-rotate.service'
         'squid-rotate.timer')
-sha256sums=('5ebbced99b3df21bfcf4d1ec39455dff775a5ff6b9215d9f0339958771a88589'
+sha256sums=('55bd7f9f4898153161ea1228998acb551bf840832b9e5b90fc8ecd2942420318'
             'SKIP'
             '01f92f6d4dcc1d52f992064bdb007dc44aac91c51556a607a3992964f9f12fb9'
             '3e1992502ce51497e5ccee50e1a19fdd81f1f7226ed14b73c6207b5389af3b88'

squid/deps

@@ -2,3 +2,4 @@ libnsl
 libxml2
 tdb
 
+

tor/PKGBUILD

@@ -6,7 +6,7 @@
 #-----------------------------------------| DESCRIPTION |---------------------------------------
 
 pkgname=tor
-pkgver=0.4.8.9
+pkgver=0.4.8.10
 pkgrel=01
 pkgdesc='An anonymizing overlay network. w/o zstd and systemd'
 #url='https://www.torproject.org/dist'
@@ -80,11 +80,11 @@ validpgpkeys=(2133BC600AB133E1D826D173FE43009C4607B1FB  # Nick Mathewson
               F65CE37F04BA5B360AE6EE17C218525819F78451  # Roger Dingledine
               1C1BC007A9F607AA8152C040BEA7B180B1491921) # Alexander Færøy <ahf@0x90.dk>
 
-sha256sums=(59bb7d8890f6131b4ce5344f3dcea5deb2182b7f4f10ff0cb4e4d81f11b2cf65  # tor-0.4.8.9.tar.gz
-	69e9964769a70b8c0cc16f7b58f97bb10c2b9ac9604b6278e43b066b58ae9b81  # tor-0.4.8.9.tar.gz.sha256sum
-	8e93a61eb5ce5b63e3980d9668bc87d6587f94ac6f49eaebbb3cc141f5ce840e  # tor-0.4.8.9.tar.gz.sha256sum.asc
+sha256sums=(e628b4fab70edb4727715b23cf2931375a9f7685ac08f2c59ea498a178463a86  # tor-0.4.8.10.tar.gz
+	68eb49abb3f8aba6d417699cb333bf6cc944e8276cbf9b237402e23ff298bc83  # tor-0.4.8.10.tar.gz.sha256sum
+	1bb5c5f3ba83c326093cebf5ed43a52537c421cb36674af8f7ca06a7f55b3318  # tor-0.4.8.10.tar.gz.sha256sum.asc
 	06c00318d84ead3f939b267c7ae9e4cc1cd90c534d0b57ddd2595fee9065ee7f  # tor.tmpfiles
 	231405d1fbbcc68168248f93edd19ae14b60f66bb4d1c8e46ead1d4cd8e0ae7c) #  tor.sysusers
 
+##  217ad8d986a14582adc0ef7385255e5b4736fed6be0283712ce828b73e98943c  tor-0.4.8.10-01-x86_64.pkg.tar.lz
 
-##  4cc8dde06954efa6b57049adc0ae714e9c470dd8483b4cb2b5d52d2a54169ec5  tor-0.4.8.9-01-x86_64.pkg.tar.lz

tor/PKGBUILD-arch

@@ -6,7 +6,7 @@
 # Contributor: Sid Karunaratne
 
 pkgname=tor
-pkgver=0.4.8.8
+pkgver=0.4.8.10
 pkgrel=1
 pkgdesc='Anonymizing overlay network.'
 arch=('x86_64')
@@ -32,8 +32,15 @@ source=("https://dist.torproject.org/${pkgname}-${pkgver}.tar.gz"{,.sha256sum{,.
         'tor.sysusers'
         'tor.tmpfiles'
         'tor.service')
-b2sums=('24dda7589d8c1318d008d69d1a2ecb65a0c80ee05cfca9f9a420784ff99b35645450c8330a23919f24068b7218e267a773292d5d7031f6a2c402fe2354a9a3f3'
-        '697788e84f977ceaef05aca7bbf1385e6d40b80f1ec2c3ae024bffc87f507c34be5f3f5f62271c10b1e9aa8ed5fe64daa108e93d2bfa3f67f69e0409e41ab1a0'
+sha256sums=('e628b4fab70edb4727715b23cf2931375a9f7685ac08f2c59ea498a178463a86'
+            '68eb49abb3f8aba6d417699cb333bf6cc944e8276cbf9b237402e23ff298bc83'
+            'SKIP'
+            'c5c082fd1cda30c95c40043d5be96926fa81e5388a97534373bf0ce100191ade'
+            '04eec05b4e61efccc58c5da657363f0c1059d7f122cb15c32331a201af2d7f94'
+            '07bedb17660a3673b31b0005b6505065c90b32f2c6b28b969241da675560f926'
+            '6354475c4ee4de0c1204ccc6ae20dea8e812f83f3134ee2d665592a2cfe327e5')
+b2sums=('ef470664d85e019f6cac2366e934d5dc31b8ae92f121a2b4c8c95f8267abce5ce4413d30a24affa40a069d587212364ae5a7c3cd114488e50a535f01c54c6e77'
+        '1410a5e7e486c7c33b6b217a53d250bc3e1d76c87e74ad29f6c6a67cbdacb3627521cc8936f7e8e8d72c3333078cede222d13c825b8d66df7c1d50721043f89e'
         'SKIP'
         '98baf96cdac36072086f48bf4701cede6cf31eee207f4a1a4cfc81b483ba53b991082aaf4ed638e50dfd67fb006bbd915af97943ab658df29dfa51ea4aa77dd2'
         '9053da53926f2120ac57b6c1442238f5bbd89bf9270347c4e00b721b39939bebc6adfcf814a9d7289dfd14d085d91c193529305336db93190da5b7f586a031df'