summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
authorMarc Ferland <ferlandm@amotus.ca>2017-09-19 09:16:39 -0400
committerRichard Purdie <richard.purdie@linuxfoundation.org>2017-11-05 22:33:20 +0000
commit92f4250ebce9404bc9a353e8683c7084c0936402 (patch)
tree22c3f49be0d59a32bd86efb600f65d1605cb41e0 /meta
parent9c136695f9507dd54e2741e310fc157c04a28270 (diff)
downloadpoky-92f4250ebce9404bc9a353e8683c7084c0936402.tar.gz
bluez5: Upgrade 5.46 -> 5.47
This release includes: - SDP fix for CVE-2017-1000250. - New bluetooth mesh profile. - Various fixes to GATT, A2DP and BR/EDR vs LE bearer handling. This commit also drops the following two patches which are included in 5.47: - 0001-hciattach-bcm43xx-fix-the-delay-timer-for-firmware-d.patch - cve-2017-1000250.patch (From OE-Core rev: cf25d927b2deadc11688b9dab2c366eaa57c54e6) Signed-off-by: Marc Ferland <ferlandm@amotus.ca> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-connectivity/bluez5/bluez5.inc3
-rw-r--r--meta/recipes-connectivity/bluez5/bluez5/0001-hciattach-bcm43xx-fix-the-delay-timer-for-firmware-d.patch36
-rw-r--r--meta/recipes-connectivity/bluez5/bluez5/cve-2017-1000250.patch34
-rw-r--r--meta/recipes-connectivity/bluez5/bluez5_5.47.bb (renamed from meta/recipes-connectivity/bluez5/bluez5_5.46.bb)4
4 files changed, 3 insertions, 74 deletions
diff --git a/meta/recipes-connectivity/bluez5/bluez5.inc b/meta/recipes-connectivity/bluez5/bluez5.inc
index 1807aa7c96..e78f174c5c 100644
--- a/meta/recipes-connectivity/bluez5/bluez5.inc
+++ b/meta/recipes-connectivity/bluez5/bluez5.inc
@@ -41,6 +41,7 @@ PACKAGECONFIG[sixaxis] = "--enable-sixaxis,--disable-sixaxis"
41PACKAGECONFIG[tools] = "--enable-tools,--disable-tools" 41PACKAGECONFIG[tools] = "--enable-tools,--disable-tools"
42PACKAGECONFIG[threads] = "--enable-threads,--disable-threads" 42PACKAGECONFIG[threads] = "--enable-threads,--disable-threads"
43PACKAGECONFIG[deprecated] = "--enable-deprecated,--disable-deprecated" 43PACKAGECONFIG[deprecated] = "--enable-deprecated,--disable-deprecated"
44PACKAGECONFIG[mesh] = "--enable-mesh,--disable-mesh, json-c"
44 45
45SRC_URI = "\ 46SRC_URI = "\
46 ${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \ 47 ${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \
@@ -49,8 +50,6 @@ SRC_URI = "\
49 file://run-ptest \ 50 file://run-ptest \
50 ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'file://0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch', d)} \ 51 ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'file://0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch', d)} \
51 file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \ 52 file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \
52 file://0001-hciattach-bcm43xx-fix-the-delay-timer-for-firmware-d.patch \
53 file://cve-2017-1000250.patch \
54" 53"
55S = "${WORKDIR}/bluez-${PV}" 54S = "${WORKDIR}/bluez-${PV}"
56 55
diff --git a/meta/recipes-connectivity/bluez5/bluez5/0001-hciattach-bcm43xx-fix-the-delay-timer-for-firmware-d.patch b/meta/recipes-connectivity/bluez5/bluez5/0001-hciattach-bcm43xx-fix-the-delay-timer-for-firmware-d.patch
deleted file mode 100644
index 46794381f7..0000000000
--- a/meta/recipes-connectivity/bluez5/bluez5/0001-hciattach-bcm43xx-fix-the-delay-timer-for-firmware-d.patch
+++ /dev/null
@@ -1,36 +0,0 @@
1From 3b341fb421ef61db7782bf1314ec693828467de9 Mon Sep 17 00:00:00 2001
2From: Andy Duan <fugang.duan@nxp.com>
3Date: Wed, 23 Nov 2016 17:12:12 +0800
4Subject: [PATCH] hciattach: bcm43xx: fix the delay timer for firmware download
5
6From the log in .bcm43xx_load_firmware():
7 /* Wait 50ms to let the firmware placed in download mode */
8 nanosleep(&tm_mode, NULL);
9
10But timespec tm_mode is real is 50us. Correct the delayed timer count.
11
12Upstream-Status: Accepted [https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=76255f732d68aef2b90d36d9c7be51a9e1739ce7]
13
14Signed-off-by: Fugang Duan <fugang.duan@nxp.com>
15---
16 tools/hciattach_bcm43xx.c | 4 ++--
17 1 file changed, 2 insertions(+), 2 deletions(-)
18
19diff --git a/tools/hciattach_bcm43xx.c b/tools/hciattach_bcm43xx.c
20index 81f38cb..ac1b3c1 100644
21--- a/tools/hciattach_bcm43xx.c
22+++ b/tools/hciattach_bcm43xx.c
23@@ -228,8 +228,8 @@ static int bcm43xx_set_speed(int fd, struct termios *ti, uint32_t speed)
24 static int bcm43xx_load_firmware(int fd, const char *fw)
25 {
26 unsigned char cmd[] = { HCI_COMMAND_PKT, 0x2e, 0xfc, 0x00 };
27- struct timespec tm_mode = { 0, 50000 };
28- struct timespec tm_ready = { 0, 2000000 };
29+ struct timespec tm_mode = { 0, 50000000 };
30+ struct timespec tm_ready = { 0, 200000000 };
31 unsigned char resp[CC_MIN_SIZE];
32 unsigned char tx_buf[1024];
33 int len, fd_fw, n;
34--
351.9.1
36
diff --git a/meta/recipes-connectivity/bluez5/bluez5/cve-2017-1000250.patch b/meta/recipes-connectivity/bluez5/bluez5/cve-2017-1000250.patch
deleted file mode 100644
index 9fac961bcf..0000000000
--- a/meta/recipes-connectivity/bluez5/bluez5/cve-2017-1000250.patch
+++ /dev/null
@@ -1,34 +0,0 @@
1All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an
2information disclosure vulnerability which allows remote attackers to obtain
3sensitive information from the bluetoothd process memory. This vulnerability
4lies in the processing of SDP search attribute requests.
5
6CVE: CVE-2017-1000250
7Upstream-Status: Backport
8Signed-off-by: Ross Burton <ross.burton@intel.com>
9
10From 9e009647b14e810e06626dde7f1bb9ea3c375d09 Mon Sep 17 00:00:00 2001
11From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
12Date: Wed, 13 Sep 2017 10:01:40 +0300
13Subject: sdp: Fix Out-of-bounds heap read in service_search_attr_req function
14
15Check if there is enough data to continue otherwise return an error.
16---
17 src/sdpd-request.c | 2 +-
18 1 file changed, 1 insertion(+), 1 deletion(-)
19
20diff --git a/src/sdpd-request.c b/src/sdpd-request.c
21index 1eefdce..318d044 100644
22--- a/src/sdpd-request.c
23+++ b/src/sdpd-request.c
24@@ -917,7 +917,7 @@ static int service_search_attr_req(sdp_req_t *req, sdp_buf_t *buf)
25 } else {
26 /* continuation State exists -> get from cache */
27 sdp_buf_t *pCache = sdp_get_cached_rsp(cstate);
28- if (pCache) {
29+ if (pCache && cstate->cStateValue.maxBytesSent < pCache->data_size) {
30 uint16_t sent = MIN(max, pCache->data_size - cstate->cStateValue.maxBytesSent);
31 pResponse = pCache->data;
32 memcpy(buf->data, pResponse + cstate->cStateValue.maxBytesSent, sent);
33--
34cgit v1.1
diff --git a/meta/recipes-connectivity/bluez5/bluez5_5.46.bb b/meta/recipes-connectivity/bluez5/bluez5_5.47.bb
index e1f85879ce..49666f226c 100644
--- a/meta/recipes-connectivity/bluez5/bluez5_5.46.bb
+++ b/meta/recipes-connectivity/bluez5/bluez5_5.47.bb
@@ -2,8 +2,8 @@ require bluez5.inc
2 2
3REQUIRED_DISTRO_FEATURES = "bluez5" 3REQUIRED_DISTRO_FEATURES = "bluez5"
4 4
5SRC_URI[md5sum] = "913f35d6fa4ca5772c53adb936bf1947" 5SRC_URI[md5sum] = "783e15f65e70cdb8f721c659e140dd56"
6SRC_URI[sha256sum] = "ddab3d3837c1afb8ae228a94ba17709a4650bd4db24211b6771ab735c8908e28" 6SRC_URI[sha256sum] = "cf75bf7cd5d564f21cc4a2bd01d5c39ce425397335fd47d9bbe43af0a58342c8"
7 7
8# noinst programs in Makefile.tools that are conditional on READLINE 8# noinst programs in Makefile.tools that are conditional on READLINE
9# support 9# support