bluez5: upgrade 5.53 -> 5.54

CVE-2020-0556-1.patch CVE-2020-0556-2.patch removed since they are included in 5.54 (From OE-Core rev: 5552caed72169d397ce0bdf436216ec320a29751) Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Wang Mingyu <wangmy@cn.fujitsu.com> 2020-03-19 00:41:42 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-03-21 22:39:01 +0000
commit: 1eac51ae304fcb840a510a461dff4cdd9bc7b27a (patch)
tree: e0d1d5d85dd327e559f97129768b030f37b0f416
parent: 37ebf92a900bab7ee1c870658bf826cb33dcf8a8 (diff)
download: poky-1eac51ae304fcb840a510a461dff4cdd9bc7b27a.tar.gz
4 files changed, 2 insertions, 182 deletions
diff --git a/meta/recipes-connectivity/bluez5/bluez5.inc b/meta/recipes-connectivity/bluez5/bluez5.inc
index 708fa1ccec..150d909d73 100644
--- a/meta/recipes-connectivity/bluez5/bluez5.inc
+++ b/meta/recipes-connectivity/bluez5/bluez5.inc
@@ -52,8 +52,6 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \
           ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'file://0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch', d)} \
           file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \
           file://0001-test-gatt-Fix-hung-issue.patch \
-           file://CVE-2020-0556-1.patch \
-           file://CVE-2020-0556-2.patch \
           "
 S = "${WORKDIR}/bluez-${PV}"
diff --git a/meta/recipes-connectivity/bluez5/bluez5/CVE-2020-0556-1.patch b/meta/recipes-connectivity/bluez5/bluez5/CVE-2020-0556-1.patch
deleted file mode 100644
index a6bf31e14b..0000000000
--- a/meta/recipes-connectivity/bluez5/bluez5/CVE-2020-0556-1.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 8cdbd3b09f29da29374e2f83369df24228da0ad1 Mon Sep 17 00:00:00 2001
-From: Alain Michaud <alainm@chromium.org>
-Date: Tue, 10 Mar 2020 02:35:16 +0000
-Subject: [PATCH 1/2] HOGP must only accept data from bonded devices.
-HOGP 1.0 Section 6.1 establishes that the HOGP must require bonding.
-Reference:
-https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.htm
-Upstream-Status: Backport [https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8cdbd3b09f29da29374e2f83369df24228da0ad1]
-Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
-CVE: CVE-2020-0556
---
- profiles/input/hog.c | 4 ++++
- 1 file changed, 4 insertions(+)
-diff --git a/profiles/input/hog.c b/profiles/input/hog.c
-index 83c017dcb..dfac68921 100644
--- a/profiles/input/hog.c
-+++ b/profiles/input/hog.c
-@@ -186,6 +186,10 @@ static int hog_accept(struct btd_service *service)
-                        return -EINVAL;
-        }
- 
-+       /* HOGP 1.0 Section 6.1 requires bonding */
-+       if (!device_is_bonded(device, btd_device_get_bdaddr_type(device)))
-+               return -ECONNREFUSED;
-+
-        /* TODO: Replace GAttrib with bt_gatt_client */
-        bt_hog_attach(dev->hog, attrib);
- 
-- 
-2.24.1
diff --git a/meta/recipes-connectivity/bluez5/bluez5/CVE-2020-0556-2.patch b/meta/recipes-connectivity/bluez5/bluez5/CVE-2020-0556-2.patch
deleted file mode 100644
index 8acb2f15ec..0000000000
--- a/meta/recipes-connectivity/bluez5/bluez5/CVE-2020-0556-2.patch
+++ /dev/null
@@ -1,143 +0,0 @@
-From 3cccdbab2324086588df4ccf5f892fb3ce1f1787 Mon Sep 17 00:00:00 2001
-From: Alain Michaud <alainm@chromium.org>
-Date: Tue, 10 Mar 2020 02:35:18 +0000
-Subject: [PATCH 2/2] HID accepts bonded device connections only.
-This change adds a configuration for platforms to choose a more secure
-posture for the HID profile.  While some older mice are known to not
-support pairing or encryption, some platform may choose a more secure
-posture by requiring the device to be bonded  and require the
-connection to be encrypted when bonding is required.
-Reference:
-https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html
-Upstream-Status: Backport [https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=3cccdbab2324086588df4ccf5f892fb3ce1f1787]
-Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
-CVE: CVE-2020-0556
---
- profiles/input/device.c   | 23 ++++++++++++++++++++++-
- profiles/input/device.h   |  1 +
- profiles/input/input.conf |  8 ++++++++
- profiles/input/manager.c  | 13 ++++++++++++-
- 4 files changed, 43 insertions(+), 2 deletions(-)
-diff --git a/profiles/input/device.c b/profiles/input/device.c
-index 2cb3811c8..d89da2d7c 100644
--- a/profiles/input/device.c
-+++ b/profiles/input/device.c
-@@ -92,6 +92,7 @@ struct input_device {
- 
- static int idle_timeout = 0;
- static bool uhid_enabled = false;
-+static bool classic_bonded_only = false;
- 
- void input_set_idle_timeout(int timeout)
- {
-@@ -103,6 +104,11 @@ void input_enable_userspace_hid(bool state)
-        uhid_enabled = state;
- }
- 
-+void input_set_classic_bonded_only(bool state)
-+{
-+       classic_bonded_only = state;
-+}
-+
- static void input_device_enter_reconnect_mode(struct input_device *idev);
- static int connection_disconnect(struct input_device *idev, uint32_t flags);
- 
-@@ -970,8 +976,18 @@ static int hidp_add_connection(struct input_device *idev)
-        if (device_name_known(idev->device))
-                device_get_name(idev->device, req->name, sizeof(req->name));
- 
-+       /* Make sure the device is bonded if required */
-+       if (classic_bonded_only && !device_is_bonded(idev->device,
-+                               btd_device_get_bdaddr_type(idev->device))) {
-+               error("Rejected connection from !bonded device %s", dst_addr);
-+               goto cleanup;
-+       }
-+
-        /* Encryption is mandatory for keyboards */
-       if (req->subclass & 0x40) {
-+       /* Some platforms may choose to require encryption for all devices */
-+       /* Note that this only matters for pre 2.1 devices as otherwise the */
-+       /* device is encrypted by default by the lower layers */
-+       if (classic_bonded_only || req->subclass & 0x40) {
-                if (!bt_io_set(idev->intr_io, &gerr,
-                                        BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_MEDIUM,
-                                        BT_IO_OPT_INVALID)) {
-@@ -1203,6 +1219,11 @@ static void input_device_enter_reconnect_mode(struct input_device *idev)
-        DBG("path=%s reconnect_mode=%s", idev->path,
-                                reconnect_mode_to_string(idev->reconnect_mode));
- 
-+       /* Make sure the device is bonded if required */
-+       if (classic_bonded_only && !device_is_bonded(idev->device,
-+                               btd_device_get_bdaddr_type(idev->device)))
-+               return;
-+
-        /* Only attempt an auto-reconnect when the device is required to
-         * accept reconnections from the host.
-         */
-diff --git a/profiles/input/device.h b/profiles/input/device.h
-index 51a9aee18..3044db673 100644
--- a/profiles/input/device.h
-+++ b/profiles/input/device.h
-@@ -29,6 +29,7 @@ struct input_conn;
- 
- void input_set_idle_timeout(int timeout);
- void input_enable_userspace_hid(bool state);
-+void input_set_classic_bonded_only(bool state);
- 
- int input_device_register(struct btd_service *service);
- void input_device_unregister(struct btd_service *service);
-diff --git a/profiles/input/input.conf b/profiles/input/input.conf
-index 3e1d65aae..166aff4a4 100644
--- a/profiles/input/input.conf
-+++ b/profiles/input/input.conf
-@@ -11,3 +11,11 @@
- # Enable HID protocol handling in userspace input profile
- # Defaults to false (HIDP handled in HIDP kernel module)
- #UserspaceHID=true
-+
-+# Limit HID connections to bonded devices
-+# The HID Profile does not specify that devices must be bonded, however some
-+# platforms may want to make sure that input connections only come from bonded
-+# device connections. Several older mice have been known for not supporting
-+# pairing/encryption.
-+# Defaults to false to maximize device compatibility.
-+#ClassicBondedOnly=true
-diff --git a/profiles/input/manager.c b/profiles/input/manager.c
-index 1d31b0652..5cd27b839 100644
--- a/profiles/input/manager.c
-+++ b/profiles/input/manager.c
-@@ -96,7 +96,7 @@ static int input_init(void)
-        config = load_config_file(CONFIGDIR "/input.conf");
-        if (config) {
-                int idle_timeout;
-               gboolean uhid_enabled;
-+               gboolean uhid_enabled, classic_bonded_only;
- 
-                idle_timeout = g_key_file_get_integer(config, "General",
-                                                        "IdleTimeout", &err);
-@@ -114,6 +114,17 @@ static int input_init(void)
-                        input_enable_userspace_hid(uhid_enabled);
-                } else
-                        g_clear_error(&err);
-+
-+               classic_bonded_only = g_key_file_get_boolean(config, "General",
-+                                               "ClassicBondedOnly", &err);
-+
-+               if (!err) {
-+                       DBG("input.conf: ClassicBondedOnly=%s",
-+                                       classic_bonded_only ? "true" : "false");
-+                       input_set_classic_bonded_only(classic_bonded_only);
-+               } else
-+                       g_clear_error(&err);
-+
-        }
- 
-        btd_profile_register(&input_profile);
-- 
-2.24.1
diff --git a/meta/recipes-connectivity/bluez5/bluez5_5.53.bb b/meta/recipes-connectivity/bluez5/bluez5_5.54.bb
index 055e76bcf1..260eee1402 100644
--- a/meta/recipes-connectivity/bluez5/bluez5_5.53.bb
+++ b/meta/recipes-connectivity/bluez5/bluez5_5.54.bb
@@ -1,7 +1,7 @@
 require bluez5.inc
-SRC_URI[md5sum] = "85b14abb138948f50b1650aa866cb019"
+SRC_URI[md5sum] = "e637feb2dbb7582bbbff1708367a847c"
-SRC_URI[sha256sum] = "38aa2da8302fefad53116bb281a11968732a42eeb19c5fb3668342f39b7938bc"
+SRC_URI[sha256sum] = "68cdab9e63e8832b130d5979dc8c96fdb087b31278f342874d992af3e56656dc"
 # noinst programs in Makefile.tools that are conditional on READLINE
 # support
author	Wang Mingyu <wangmy@cn.fujitsu.com>	2020-03-19 00:41:42 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2020-03-21 22:39:01 +0000
commit	1eac51ae304fcb840a510a461dff4cdd9bc7b27a (patch)
tree	e0d1d5d85dd327e559f97129768b030f37b0f416
parent	37ebf92a900bab7ee1c870658bf826cb33dcf8a8 (diff)
download	poky-1eac51ae304fcb840a510a461dff4cdd9bc7b27a.tar.gz

diff --git a/meta/recipes-connectivity/bluez5/bluez5.inc b/meta/recipes-connectivity/bluez5/bluez5.inc index 708fa1ccec..150d909d73 100644 --- a/meta/recipes-connectivity/bluez5/bluez5.inc +++ b/meta/recipes-connectivity/bluez5/bluez5.inc
@@ -52,8 +52,6 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \
52	${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'file://0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch', d)} \	52	${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'file://0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch', d)} \
53	file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \	53	file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \
54	file://0001-test-gatt-Fix-hung-issue.patch \	54	file://0001-test-gatt-Fix-hung-issue.patch \
55	file://CVE-2020-0556-1.patch \
56	file://CVE-2020-0556-2.patch \
57	"	55	"
58	S = "${WORKDIR}/bluez-${PV}"	56	S = "${WORKDIR}/bluez-${PV}"
59		57


diff --git a/meta/recipes-connectivity/bluez5/bluez5/CVE-2020-0556-1.patch b/meta/recipes-connectivity/bluez5/bluez5/CVE-2020-0556-1.patch deleted file mode 100644 index a6bf31e14b..0000000000 --- a/meta/recipes-connectivity/bluez5/bluez5/CVE-2020-0556-1.patch +++ /dev/null
@@ -1,35 +0,0 @@
1	From 8cdbd3b09f29da29374e2f83369df24228da0ad1 Mon Sep 17 00:00:00 2001
2	From: Alain Michaud <alainm@chromium.org>
3	Date: Tue, 10 Mar 2020 02:35:16 +0000
4	Subject: [PATCH 1/2] HOGP must only accept data from bonded devices.
5
6	HOGP 1.0 Section 6.1 establishes that the HOGP must require bonding.
7
8	Reference:
9	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.htm
10
11	Upstream-Status: Backport [https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8cdbd3b09f29da29374e2f83369df24228da0ad1]
12	Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
13	CVE: CVE-2020-0556
14	---
15	profiles/input/hog.c \| 4 ++++
16	1 file changed, 4 insertions(+)
17
18	diff --git a/profiles/input/hog.c b/profiles/input/hog.c
19	index 83c017dcb..dfac68921 100644
20	--- a/profiles/input/hog.c
21	+++ b/profiles/input/hog.c
22	@@ -186,6 +186,10 @@ static int hog_accept(struct btd_service *service)
23	return -EINVAL;
24	}
25
26	+ /* HOGP 1.0 Section 6.1 requires bonding */
27	+ if (!device_is_bonded(device, btd_device_get_bdaddr_type(device)))
28	+ return -ECONNREFUSED;
29	+
30	/* TODO: Replace GAttrib with bt_gatt_client */
31	bt_hog_attach(dev->hog, attrib);
32
33	--
34	2.24.1
35


diff --git a/meta/recipes-connectivity/bluez5/bluez5/CVE-2020-0556-2.patch b/meta/recipes-connectivity/bluez5/bluez5/CVE-2020-0556-2.patch deleted file mode 100644 index 8acb2f15ec..0000000000 --- a/meta/recipes-connectivity/bluez5/bluez5/CVE-2020-0556-2.patch +++ /dev/null
@@ -1,143 +0,0 @@
1	From 3cccdbab2324086588df4ccf5f892fb3ce1f1787 Mon Sep 17 00:00:00 2001
2	From: Alain Michaud <alainm@chromium.org>
3	Date: Tue, 10 Mar 2020 02:35:18 +0000
4	Subject: [PATCH 2/2] HID accepts bonded device connections only.
5
6	This change adds a configuration for platforms to choose a more secure
7	posture for the HID profile. While some older mice are known to not
8	support pairing or encryption, some platform may choose a more secure
9	posture by requiring the device to be bonded and require the
10	connection to be encrypted when bonding is required.
11
12	Reference:
13	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html
14
15	Upstream-Status: Backport [https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=3cccdbab2324086588df4ccf5f892fb3ce1f1787]
16	Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
17	CVE: CVE-2020-0556
18
19	---
20	profiles/input/device.c \| 23 ++++++++++++++++++++++-
21	profiles/input/device.h \| 1 +
22	profiles/input/input.conf \| 8 ++++++++
23	profiles/input/manager.c \| 13 ++++++++++++-
24	4 files changed, 43 insertions(+), 2 deletions(-)
25
26	diff --git a/profiles/input/device.c b/profiles/input/device.c
27	index 2cb3811c8..d89da2d7c 100644
28	--- a/profiles/input/device.c
29	+++ b/profiles/input/device.c
30	@@ -92,6 +92,7 @@ struct input_device {
31
32	static int idle_timeout = 0;
33	static bool uhid_enabled = false;
34	+static bool classic_bonded_only = false;
35
36	void input_set_idle_timeout(int timeout)
37	{
38	@@ -103,6 +104,11 @@ void input_enable_userspace_hid(bool state)
39	uhid_enabled = state;
40	}
41
42	+void input_set_classic_bonded_only(bool state)
43	+{
44	+ classic_bonded_only = state;
45	+}
46	+
47	static void input_device_enter_reconnect_mode(struct input_device *idev);
48	static int connection_disconnect(struct input_device *idev, uint32_t flags);
49
50	@@ -970,8 +976,18 @@ static int hidp_add_connection(struct input_device *idev)
51	if (device_name_known(idev->device))
52	device_get_name(idev->device, req->name, sizeof(req->name));
53
54	+ /* Make sure the device is bonded if required */
55	+ if (classic_bonded_only && !device_is_bonded(idev->device,
56	+ btd_device_get_bdaddr_type(idev->device))) {
57	+ error("Rejected connection from !bonded device %s", dst_addr);
58	+ goto cleanup;
59	+ }
60	+
61	/* Encryption is mandatory for keyboards */
62	- if (req->subclass & 0x40) {
63	+ /* Some platforms may choose to require encryption for all devices */
64	+ /* Note that this only matters for pre 2.1 devices as otherwise the */
65	+ /* device is encrypted by default by the lower layers */
66	+ if (classic_bonded_only \|\| req->subclass & 0x40) {
67	if (!bt_io_set(idev->intr_io, &gerr,
68	BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_MEDIUM,
69	BT_IO_OPT_INVALID)) {
70	@@ -1203,6 +1219,11 @@ static void input_device_enter_reconnect_mode(struct input_device *idev)
71	DBG("path=%s reconnect_mode=%s", idev->path,
72	reconnect_mode_to_string(idev->reconnect_mode));
73
74	+ /* Make sure the device is bonded if required */
75	+ if (classic_bonded_only && !device_is_bonded(idev->device,
76	+ btd_device_get_bdaddr_type(idev->device)))
77	+ return;
78	+
79	/* Only attempt an auto-reconnect when the device is required to
80	* accept reconnections from the host.
81	*/
82	diff --git a/profiles/input/device.h b/profiles/input/device.h
83	index 51a9aee18..3044db673 100644
84	--- a/profiles/input/device.h
85	+++ b/profiles/input/device.h
86	@@ -29,6 +29,7 @@ struct input_conn;
87
88	void input_set_idle_timeout(int timeout);
89	void input_enable_userspace_hid(bool state);
90	+void input_set_classic_bonded_only(bool state);
91
92	int input_device_register(struct btd_service *service);
93	void input_device_unregister(struct btd_service *service);
94	diff --git a/profiles/input/input.conf b/profiles/input/input.conf
95	index 3e1d65aae..166aff4a4 100644
96	--- a/profiles/input/input.conf
97	+++ b/profiles/input/input.conf
98	@@ -11,3 +11,11 @@
99	# Enable HID protocol handling in userspace input profile
100	# Defaults to false (HIDP handled in HIDP kernel module)
101	#UserspaceHID=true
102	+
103	+# Limit HID connections to bonded devices
104	+# The HID Profile does not specify that devices must be bonded, however some
105	+# platforms may want to make sure that input connections only come from bonded
106	+# device connections. Several older mice have been known for not supporting
107	+# pairing/encryption.
108	+# Defaults to false to maximize device compatibility.
109	+#ClassicBondedOnly=true
110	diff --git a/profiles/input/manager.c b/profiles/input/manager.c
111	index 1d31b0652..5cd27b839 100644
112	--- a/profiles/input/manager.c
113	+++ b/profiles/input/manager.c
114	@@ -96,7 +96,7 @@ static int input_init(void)
115	config = load_config_file(CONFIGDIR "/input.conf");
116	if (config) {
117	int idle_timeout;
118	- gboolean uhid_enabled;
119	+ gboolean uhid_enabled, classic_bonded_only;
120
121	idle_timeout = g_key_file_get_integer(config, "General",
122	"IdleTimeout", &err);
123	@@ -114,6 +114,17 @@ static int input_init(void)
124	input_enable_userspace_hid(uhid_enabled);
125	} else
126	g_clear_error(&err);
127	+
128	+ classic_bonded_only = g_key_file_get_boolean(config, "General",
129	+ "ClassicBondedOnly", &err);
130	+
131	+ if (!err) {
132	+ DBG("input.conf: ClassicBondedOnly=%s",
133	+ classic_bonded_only ? "true" : "false");
134	+ input_set_classic_bonded_only(classic_bonded_only);
135	+ } else
136	+ g_clear_error(&err);
137	+
138	}
139
140	btd_profile_register(&input_profile);
141	--
142	2.24.1
143


diff --git a/meta/recipes-connectivity/bluez5/bluez5_5.53.bb b/meta/recipes-connectivity/bluez5/bluez5_5.54.bb index 055e76bcf1..260eee1402 100644 --- a/meta/recipes-connectivity/bluez5/bluez5_5.53.bb +++ b/meta/recipes-connectivity/bluez5/bluez5_5.54.bb
@@ -1,7 +1,7 @@
1	require bluez5.inc	1	require bluez5.inc
2		2
3	SRC_URI[md5sum] = "85b14abb138948f50b1650aa866cb019"	3	SRC_URI[md5sum] = "e637feb2dbb7582bbbff1708367a847c"
4	SRC_URI[sha256sum] = "38aa2da8302fefad53116bb281a11968732a42eeb19c5fb3668342f39b7938bc"	4	SRC_URI[sha256sum] = "68cdab9e63e8832b130d5979dc8c96fdb087b31278f342874d992af3e56656dc"
5		5
6	# noinst programs in Makefile.tools that are conditional on READLINE	6	# noinst programs in Makefile.tools that are conditional on READLINE
7	# support	7	# support