Debian Package Tracker

general

source: bluez (main)
version: 5.50-1.2
maintainer: Debian Bluetooth Maintainers (DMD)
uploaders: Nobuhiro Iwamatsu [DMD]
arch: all
std-ver: 4.1.3
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 5.23-2+deb8u1
o-o-sec: 5.43-2+deb9u2~deb8u1
oldstable: 5.43-2+deb9u2
old-sec: 5.43-2+deb9u2
stable: 5.50-1.2~deb10u1
stable-sec: 5.50-1.2~deb10u1
testing: 5.50-1.2
unstable: 5.50-1.2
exp: 5.52-1

versioned links

5.23-2+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.43-2+deb9u2~deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.43-2+deb9u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.50-1.2~deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.50-1.2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.52-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

bluetooth (35 bugs: 0, 34, 1, 0)
bluez (107 bugs: 1, 92, 14, 0)
bluez-cups (1 bugs: 0, 1, 0, 0)
bluez-hcidump (1 bugs: 0, 1, 0, 0)
bluez-obexd (1 bugs: 0, 1, 0, 0)
bluez-test-scripts (1 bugs: 0, 1, 0, 0)
bluez-test-tools
libbluetooth-dev
libbluetooth3 (1 bugs: 0, 0, 1, 0)

action needed

A new upstream version is available: 5.54 high

A new upstream version 5.54 is available, you should consider packaging it.

Created: 2020-06-29 Last update: 2020-08-13 01:36

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2018-10910: A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable.

Please fix it.

Created: 2016-12-05 Last update: 2020-08-07 06:08

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2018-10910: A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable.

Please fix it.

Created: 2019-07-07 Last update: 2020-08-07 06:08

6 bugs tagged patch in the BTS normal

The BTS contains patches fixing 6 bugs, consider including or untagging them.

Created: 2020-06-28 Last update: 2020-08-13 03:00

Multiarch hinter reports 2 issue(s) normal

There are issues with the multiarch metadata for this package.

bluetooth could be marked Multi-Arch: foreign
bluez-test-scripts could be marked Multi-Arch: foreign

Created: 2016-09-14 Last update: 2020-08-13 01:39

34 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 12095c0f11c39603b2fd0342bce3f78c51c6ca10
Author: Nobuhiro Iwamatsu <iwamatsu@debian.org>
Date:   Thu Nov 21 16:16:05 2019 +0900

    Add bluez-source package
    
    Signed-off-by: Nobuhiro Iwamatsu <iwamatsu@debian.org>

commit c1c7c8db0e9c357e58503969f07b9af735c9a5a1
Author: Nobuhiro Iwamatsu <iwamatsu@debian.org>
Date:   Thu Nov 21 16:12:10 2019 +0900

    Add target for build source code
    
    Signed-off-by: Nobuhiro Iwamatsu <iwamatsu@debian.org>

commit f040f9f81bd943acc49644e6f76cacc4712127ca
Author: Nobuhiro Iwamatsu <iwamatsu@debian.org>
Date:   Wed Nov 13 16:42:38 2019 +0900

    Fix build without indep
    
    Signed-off-by: Nobuhiro Iwamatsu <iwamatsu@debian.org>

commit 8227060d1931ed8b5e7e2c920cee87a968e245f3
Author: Nobuhiro Iwamatsu <iwamatsu@debian.org>
Date:   Wed Nov 13 13:26:32 2019 +0900

    Update to 5.52
    
    Signed-off-by: Nobuhiro Iwamatsu <iwamatsu@debian.org>

commit 34f365d664029aacf08e53001a4bbbc84b44790b
Merge: 00b0d8207 e002fd436
Author: Nobuhiro Iwamatsu <iwamatsu@debian.org>
Date:   Wed Nov 13 13:25:55 2019 +0900

    Merge tag '5.52'
    
    Release 5.52

commit e002fd43636090ac246f80f5de6195055384dfed
Author: Marcel Holtmann <marcel@holtmann.org>
Date:   Thu Oct 31 07:58:44 2019 +0100

    Release 5.52

commit 6952359292e8524df046510d35ccaa8d843ceb77
Author: Marcel Holtmann <marcel@holtmann.org>
Date:   Thu Oct 31 07:58:01 2019 +0100

    gitignore: Ignore test-mesh-crypto executable

commit 2d50e3938e2d191e50bfc216f5abdd9ac42dfe58
Author: Marcel Holtmann <marcel@holtmann.org>
Date:   Thu Oct 31 07:35:28 2019 +0100

    build: Require at least version 0.26 when building with external ELL

commit 927cc54f5825ba391a96d58014f754b01555db1a
Author: Marcel Holtmann <marcel@holtmann.org>
Date:   Thu Oct 31 07:34:15 2019 +0100

    tools: Adjust for changed l_dbus_object_manager_enable parameters

commit ba617285b8c34bb7b6ef0864686ed626efd206fd
Author: Marcel Holtmann <marcel@holtmann.org>
Date:   Thu Oct 31 07:33:48 2019 +0100

    mesh: Adjust for changed l_dbus_object_manager_enable parameters

commit bf6f4a28bb8f829620dd77051737f7a4719cc972
Author: Inga Stotland <inga.stotland@intel.com>
Date:   Sun Oct 20 14:29:49 2019 -0700

    mesh: Fix reading/writing key indices
    
    This fixes inconsistency when reading/writing NetKey and AppKey
    indices to/from JSON config storage:
            - when writing, convert an integer to hex string
            - when reading, convert hex string to uint16 integer

commit 2d249af381a664fd5a139ee4de6bfdf2f7c2e8cf
Author: Jory Pratt <anarchy@gentoo.org>
Date:   Mon Sep 30 18:35:56 2019 -0500

    Include limits.h for PATH_MAX

commit b9cfdb61d716c078a86f07a27e7426d4fb891492
Author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Date:   Fri Oct 18 13:51:54 2019 +0300

    a2dp: Remove experimental flag for remote MediaEndpoint
    
    This makes the MediaEndpoint and stable API for remote endpoints which
    aligns with RegisterApplication API which is already stable.

commit 4881c2659b34dce4e59e856f1162eca510294da3
Author: Inga Stotland <inga.stotland@intel.com>
Date:   Thu Oct 17 14:55:00 2019 -0700

    mesh: Implement AddAppKey and AddNetKey methods
    
    This adds implementation for the following methods on
    org.bluez.mesh.Node1 interface:
    void AddNetKey(object element_path, uint16 destination,
                    uint16 subnet_index, uint16 net_index, boolean update)
    void AddAppKey(object element_path, uint16 destination,
                    uint16 app_index, uint16 net_index, boolean update)

commit 12f29e685c99c90622b2cd4c6af4b3708a0df730
Author: Inga Stotland <inga.stotland@intel.com>
Date:   Mon Oct 14 14:47:58 2019 -0700

    mesh: Add provisioner confirmation
    
    This adds codes to send a confirmationfrom provisioner's side
    after receiving a callback from a provisioning agent.

commit 8812296c864ad96ba0c9f238b21ca1e59f0f3e2a
Author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Date:   Wed Oct 16 11:57:23 2019 +0300

    unit: Make mesh tests conditional
    
    Mesh code can be disabled with use of --disable-mesh.

commit 9a6ffbbb88d8fb80f6e086e3da264b3505dfc904
Author: Brian Gix <brian.gix@intel.com>
Date:   Thu Oct 10 15:58:52 2019 -0700

    mesh: Secure Beacon - IV_Index/Key Refresh re-write
    
    This is a major rewrite of Secure Network Beacon (SNB) handling
    that includes:
    
    * Seperating Key Refresh from IV_Index handling
    
      This is a clearer handling of the two features. Although both features
      are represented in SNB's, they run independantly.
    
    * Creating a Seperate IV_Index initialization and updating state
      distinct from the current values sent and received in SNBs.
    
      If a restart occured during an IV Update procedure (96 hours long)
      the IVU bit got lost, and Sequence number resetting was not done
      correctly.
    
    * Assuring that all Nodes handled by daemon receive each incoming
      beacon. SNB handling previously stopped after the first node
      successfuly handled it, although the SNB may be valid for many local
      nodes.

commit 4f5a1df1c4ddfbfea9fd46b43ca4ad3f67fd3858
Author: Andrzej Kaczmarek <andrzej.kaczmarek@codecoup.pl>
Date:   Tue Feb 20 15:52:49 2018 +0100

    monitor: Add support for reading over J-Link RTT
    
    This patch adds support for reading data over J-Link RTT. It can be
    used as replacement for TTY when reading from embedded devices since
    it's much faster and does block a UART. Data format is the same as
    for TTY. At the moment monitor over RTT is only supported by Apache
    Mynewt project.
    
    Reading data is done by polling RTT every 1 msec since there is no
    blocking API to read something from RTT buffer.
    
    To enable reading from RTT, J-Link configuration needs to be passed via
    command line (all parameters except <device> can be skipped to use
    default value):
      -J <device>,<serialno=0>,<interface=swd>,<speed=1000>
      -J nrf52,683649029
    
    In some cases J-Link cannot locate RTT buffer in RAM. In such case
    RAM area and buffer name should be provided via command line:
      -R <address=0x0>,<area=0x1000>,<buffer=monitor>
      -R 0x20000000,0x10000

commit 7ce36e236c1bdb1941242b00e1d5c7812749a2de
Author: Andrzej Kaczmarek <andrzej.kaczmarek@codecoup.pl>
Date:   Tue Feb 20 15:55:52 2018 +0100

    monitor: Add interface for J-Link library
    
    This adds simple interface to libjlinkarm.so which will be used to read
    data from RTT buffer. It was mostly made by trial and error since there
    is no public documentation for this library so it may lack something,
    but seems to work fine with few Cortex-M devices I tried.

commit 068bc4b0b42459457a2556963274b95a22acdedd
Author: Andrzej Kaczmarek <andrzej.kaczmarek@codecoup.pl>
Date:   Tue Feb 20 15:52:10 2018 +0100

    monitor: Extract TTY data processing to separate function

commit 52faac4648500dd45c06b6aa41f1be426c43a125
Author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Date:   Fri Oct 11 15:40:04 2019 +0300

    audio: Fix cancelling disconnect timeout
    
    If AVDTP session has been connected but no stream has been setup calls
    to service->connect would return -EBUSY to avoid stream setup collision
    but it also takes a reference to the session cancelling the disconnect
    timeout and disabling the stream_setup logic that would attempt to
    estabilish a stream.

commit a7cb2d44000b2ec33df1da88c3feef006b20d711
Author: Brian Gix <brian.gix@intel.com>
Date:   Fri Oct 11 10:31:29 2019 -0700

    unit: Fix valgrind errors in test-mesh-crypto
    
    Two HEAP errors, and one error caused by missing checksum data.

commit 117c41242c01e057295aed80ed973c6dc7e35fe2
Author: Ross Burton <ross.burton@intel.com>
Date:   Tue Oct 8 11:01:56 2019 +0100

    Makefile.am: add missing mkdir in rules generation
    
    In parallel out-of-tree builds it's possible that tools/*.rules are
    generated before the target directory has been implicitly created. Solve this by
    creating the directory before writing into it.

commit 32e1f52469e197f40fc1124b938b6e2ccac35870
Author: Ross Burton <ross.burton@intel.com>
Date:   Tue Oct 8 10:58:32 2019 +0100

    Makefile.obexd: add missing mkdir in builtin.h generation
    
    In parallel out-of-tree builds it's possible that obexd/src/builtin.h is
    generated before the target directory has been implicitly created. Solve this by
    creating the directory before writing into it.

commit 06cf0fd1c7c7e396ad5c74fba961611434cf2870
Author: Brian Gix <brian.gix@intel.com>
Date:   Thu Oct 3 13:44:05 2019 -0700

    unit: Add Mesh Crypto tests from Mesh Profile Spec
    
    This unit test will be grown over time to include tests formed from the
    sample data in the Bluetooth Mesh Profile specification (Currently at
    version v1.0.1).
    
    Currently it includes test cases for the following sets of sample data:
    Sections 8.1.1-6
    Sections 8.2.1-6
    Sections 8.3.1-11
    Section 8.4.3
    Section 8.6.2

commit d6a0539d1ddf9f115e889d2bdd27f038408eaf31
Author: Inga Stotland <istotlan@ingas-xps13.amr.corp.intel.com>
Date:   Tue Oct 1 11:51:08 2019 -0700

    mesh: Fix segmentation fault on Join() call
    
    This fixes the following segfault:
    
    node_init_cb (node=0x0, agent=0x0) at mesh/mesh.c:359
            reply = dbus_error(join_pending->msg, MESH_ERROR_FAILED,
    
            user_data=0x5555555be170) at mesh/node.c:1760
            dbus=<optimized out>) at ell/dbus.c:216
            user_data=0x5555555a6e00) at ell/dbus.c:279
            user_data=0x5555555a7ef0) at ell/io.c:126
            at ell/main.c:642
            at mesh/main.c:205
    
    The fault was caused by the premature deletion of preserved state.
    
    This moves setup of disconnect watch for the application calling the Join()
    method into the node_init_cb(), after a temporary node has been
    successfully created.

commit 37bbe30c92a729a4f819fde349443ce07a23cf93
Author: Michał Lowas-Rzechonek <michal.lowas-rzechonek@silvair.com>
Date:   Thu Oct 3 13:07:47 2019 -0700

    mesh: Align appkey_packet_decrypt with dev and virt variants.
    
    Move appkey_packet_decrypt to mesh/model, rename it to
    app_packet_decrypt, make it private and change arguments to be aligned
    with other decryption functions.
    
    Also, simplify the implementation using an inline loop, removing the
    need of mod_decrypt struct.

commit 45beec16bd26c246eb1378344be7e4a23abd5937
Author: Michał Lowas-Rzechonek <michal.lowas-rzechonek@silvair.com>
Date:   Thu Oct 3 13:07:46 2019 -0700

    mesh: Normalize Access Key AID and Index naming in models
    
    After 8f0839a1c46300ceb1b129d17a3bff446ff79d08, mesh/crypto uses _aid
    suffix for keys' AID property, so let's change the wording in mesh/model
    as well.

commit 79fd24af14e0ef21e721214e7f71e70722aac03e
Author: Michał Lowas-Rzechonek <michal.lowas-rzechonek@silvair.com>
Date:   Thu Oct 3 13:07:45 2019 -0700

    mesh: Remove unused defines

commit c75605726e7281b68cc4dee4e895d3386ba7708f
Author: Brian Gix <brian.gix@intel.com>
Date:   Thu Sep 26 11:14:44 2019 -0700

    mesh: Fix Key Ring permissions for local nodes
    
    We do *not* automatically create populated key rings for imported or
    joined nodes, but we also do not *forbid* any node from adding a key
    in it's possesion to the local key ring.
    
    There are two (known) use cases for Import()
    
    1. Node previously existed on a different physical piece of hardware,
    and is being migrated to this daemon.
    
    2. Node was newly provisioned Out-Of-Band, and this is the net result
    of the provisioning.
    
    In *neither* case is it a given that the Node should be able to
    provision another node (the effect of adding the Net Key to the key
    ring). In neither case is it a given that the Node should be able to
    modify it's own Config Server states (the effect of adding it's
    Device Key to the key ring).

commit 0cdcff2f90f0a2425527adafdb14cdf6cd033a99
Author: Brian Gix <brian.gix@intel.com>
Date:   Thu Sep 26 11:14:43 2019 -0700

    mesh: Explicit Remote/Local Device key usage
    
    When sending or receiving Device Key (privileged) mesh messages, the
    remote vs local device key must be specified. This allows Apps to
    specify Key Ring stored device keys, and sanity checks that the correct
    key exists before allowing the transmission. Loopback messages to local
    servers *must* use keys from the Key Ring to indicate privilege has been
    granted.

commit c8cd5b04ccd865deeb90b70ea649c0b6cc0385e6
Author: Brian Gix <brian.gix@intel.com>
Date:   Thu Sep 26 11:14:42 2019 -0700

    mesh: Add remote boolean to DevKey transactions
    
    DevKey operations require authorization on the part of the applications
    making the requests. Messages to state changing Servers should use
    device keys from the remote (destination) to demonstrate authorization.

commit 550dc90dfca02370973e99b8e903576fa7e9d818
Author: Inga Stotland <inga.stotland@intel.com>
Date:   Tue Oct 1 09:27:28 2019 -0700

    mesh: Make mesh-config API more consistent
    
    This changes the prototypes for mesh_config_model_binding_add() and
    mesh_config_model_binding_del() to take the element's address as input
    parameter instead of the element's index. The change aligns the API
    with other functions that handle storage of model states.

commit f82256202f73ab111e8586d75db1e0412f2120d6
Author: Inga Stotland <inga.stotland@intel.com>
Date:   Sun Aug 11 00:00:45 2019 -0700

    shared/mainloop: Add ell-based mainloop implementation
    
    This adds implementation of wrapper mainloop functions to interact with
    ell main APIs, enabling support for the applications that link with ell
    library and use mainloop functionality.

Created: 2019-11-21 Last update: 2020-08-11 09:05

lintian reports 30 warnings normal

Lintian reports 30 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2020-07-29 Last update: 2020-07-29 12:30

1 ignored security issue in stretch low

There is 1 open security issue in stretch.

1 issue skipped by the security teams:

CVE-2018-10910: A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable.

Please fix it.

Created: 2016-12-05 Last update: 2020-08-07 06:08

1 ignored security issue in buster low

There is 1 open security issue in buster.

1 issue skipped by the security teams:

CVE-2018-10910: A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable.

Please fix it.

Created: 2017-06-18 Last update: 2020-08-07 06:08

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.0 instead of 4.1.3).

Created: 2018-04-11 Last update: 2020-03-21 06:42

news

[rss feed]

[2020-06-09] Accepted bluez 5.43-2+deb9u2~deb8u1 (source amd64 all) into oldoldstable (Roberto C. Sanchez)
[2020-03-30] Accepted bluez 5.43-2+deb9u2 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2020-03-28] Accepted bluez 5.50-1.2~deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2020-03-26] Accepted bluez 5.50-1.2~deb10u1 (source) into stable->embargoed, stable (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2020-03-26] Accepted bluez 5.43-2+deb9u2 (source) into oldstable->embargoed, oldstable (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2020-03-23] bluez 5.50-1.2 MIGRATED to testing (Debian testing watch)
[2020-03-20] Accepted bluez 5.50-1.2 (source) into unstable (Salvatore Bonaccorso)
[2020-03-19] Accepted bluez 5.50-1.1 (source) into unstable (Salvatore Bonaccorso)
[2019-11-28] Accepted bluez 5.52-1 (source all amd64) into experimental, experimental (Nobuhiro Iwamatsu)
[2019-11-13] Accepted bluez 5.51-1 (source) into experimental (Nobuhiro Iwamatsu)
[2018-08-03] bluez 5.50-1 MIGRATED to testing (Debian testing watch)
[2018-07-29] Accepted bluez 5.50-1 (source all amd64) into unstable (Nobuhiro Iwamatsu)
[2018-05-28] bluez 5.49-4 MIGRATED to testing (Debian testing watch)
[2018-05-28] bluez 5.49-4 MIGRATED to testing (Debian testing watch)
[2018-05-23] Accepted bluez 5.49-4 (source all amd64) into unstable (Nobuhiro Iwamatsu)
[2018-05-23] Accepted bluez 5.49-2 (source) into unstable (Nobuhiro Iwamatsu)
[2018-04-16] bluez 5.49-1 MIGRATED to testing (Debian testing watch)
[2018-04-10] Accepted bluez 5.49-1 (source all amd64) into unstable (Nobuhiro Iwamatsu)
[2017-10-01] bluez 5.47-1 MIGRATED to testing (Debian testing watch)
[2017-09-26] Accepted bluez 5.47-1 (source all amd64) into unstable (Nobuhiro Iwamatsu)
[2017-09-23] Accepted bluez 5.23-2+deb8u1 (all source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Salvatore Bonaccorso)
[2017-09-23] Accepted bluez 5.43-2+deb9u1 (source) into proposed-updates->stable-new, proposed-updates (Salvatore Bonaccorso)
[2017-09-21] Accepted bluez 4.99-2+deb7u1 (source all amd64) into oldoldstable (Lucas Kanashiro)
[2017-09-19] bluez 5.46-1 MIGRATED to testing (Debian testing watch)
[2017-09-13] Accepted bluez 5.46-1 (source all amd64) into unstable (Nobuhiro Iwamatsu)
[2017-07-08] bluez 5.45-1 MIGRATED to testing (Debian testing watch)
[2017-07-03] Accepted bluez 5.45-1 (source all amd64) into unstable (Nobuhiro Iwamatsu)
[2017-03-25] bluez 5.43-2 MIGRATED to testing (Debian testing watch)
[2017-03-19] Accepted bluez 5.43-2 (source all amd64) into unstable (Nobuhiro Iwamatsu)
[2016-11-06] bluez 5.43-1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 183 191
RC: 1
I&N: 156 163
M&W: 25 26
F&P: 1
patch: 6

links

homepage
lintian (0, 30)
buildd: logs, exp, clang, reproducibility
popcon
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 5.54-0ubuntu1
112 bugs