snappy-hwe-snaps

lp:~snappy-hwe-team/snappy-hwe-snaps/+git/bluez

Git
lp:~snappy-hwe-team/snappy-hwe-snaps/...

Owned by Snappy HWE Team

Get this repository:: git clone https://git.not.enabled/~snappy-hwe-team/snappy-hwe-snaps/+git/bluez

Members of Snappy HWE Team can upload to this repository. Log in for directions.

Branches

Name	Last Modified	Last Commit
snap-22	2023-02-28 14:46:14 UTC 2023-02-28	WARNING This branch is deprecated, please look at Author: Alfonso Sanchez-Beato Author Date: 2023-02-28 14:46:14 UTC WARNING This branch is deprecated, please look at https://github.com/snapcore/bluez-snap instead.
snap-20	2022-06-20 17:12:32 UTC 2022-06-20	Open development for 5.53-8-dev Author: System Enablement CI Bot Author Date: 2022-06-20 17:12:32 UTC Open development for 5.53-8-dev
master	2022-02-10 14:07:35 UTC 2022-02-10	Open development for 5.48-5-dev Author: System Enablement CI Bot Author Date: 2022-02-10 14:07:35 UTC Open development for 5.48-5-dev
stable	2022-02-10 14:07:33 UTC 2022-02-10	Merge branch 'master' into stable Author: System Enablement CI Bot Author Date: 2022-02-10 14:07:33 UTC Merge branch 'master' into stable
bluez/5.48	2022-02-10 12:04:11 UTC 2022-02-10	Merge remote tracking branch cve-fixes Author: System Enablement CI Bot Author Date: 2022-02-10 12:04:11 UTC Merge remote tracking branch cve-fixes Merge-Proposal: https://code.launchpad.net/~alfonsosanchezbeato/snappy-hwe-snaps/+git/bluez/+merge/415368 Author: Alfonso Sanchez-Beato <alfonso.sanchez-beato@canonical.com> bluez (5.48-0ubuntu3.8) bionic-security; urgency=medium * SECURITY UPDATE: Integer overflow in gatt server protocol could lead to a heap overflow, resulting in denial of service or potential code execution. - debian/patches/CVE-2022-0204.patch: add length and offset validation in write_cb function in src/shared/gatt-server.c. - CVE-2022-0204 -- Ray Veldkamp <ray.veldkamp@canonical.com> Fri, 04 Feb 2022 10:25:37 +1100 bluez (5.48-0ubuntu3.7) bionic-security; urgency=medium * SECURITY UPDATE: heap-based buffer overflow - debian/patches/CVE-2019-8922.patch: check if there is enough space in lib/sdp.c. - CVE-2019-8922 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 08 Dec 2021 07:57:30 -0500 bluez (5.48-0ubuntu3.6) bionic-security; urgency=medium * SECURITY UPDATE: DoS via memory leak in sdp_cstate_alloc_buf - debian/patches/CVE-2021-41229-pre1.patch: fix not checking if cstate length in src/sdpd-request.c. - debian/patches/CVE-2021-41229.patch: fix leaking buffers stored in cstates cache in src/sdpd-request.c, src/sdpd-server.c, src/sdpd.h, unit/test-sdp.c. - CVE-2021-41229 * SECURITY UPDATE: use-after-free when client disconnects - debian/patches/CVE-2021-43400-pre1.patch: send device and link options with AcquireNotify in src/gatt-database.c. - debian/patches/CVE-2021-43400-pre2.patch: fix Acquire* reply handling in src/gatt-database.c. - debian/patches/CVE-2021-43400-pre3.patch: no multiple calls to AcquireWrite in src/gatt-database.c. - debian/patches/CVE-2021-43400-pre4.patch: provide MTU in ReadValue and WriteValue in src/gatt-database.c. - debian/patches/CVE-2021-43400.patch: fix not cleaning up when disconnected in src/gatt-database.c. - CVE-2021-43400 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 17 Nov 2021 10:52:30 -0500
bluez/5.47	2020-04-02 12:29:23 UTC 2020-04-02	Merge remote tracking branch bluez/5.47 Author: System Enablement CI Bot Author Date: 2020-04-02 12:29:23 UTC Merge remote tracking branch bluez/5.47 Merge-Proposal: https://code.launchpad.net/~alfonsosanchezbeato/snappy-hwe-snaps/+git/bluez/+merge/381570 Author: Alfonso Sanchez-Beato <alfonso.sanchez-beato@canonical.com> Security update taken from Ubuntu package. Patches included: bluez (5.48-0ubuntu3.4) bionic-security; urgency=medium * SECURITY UPDATE: privilege escalation via improper access control - debian/patches/CVE-2020-0556-1.patch: HOGP must only accept data from bonded devices in profiles/input/hog.c. - debian/patches/CVE-2020-0556-2.patch: HID accepts bonded device connections only in profiles/input/device.c, profiles/input/device.h, profiles/input/input.conf, profiles/input/manager.c. - debian/patches/CVE-2020-0556-3.patch: attempt to set security level if not bonded in profiles/input/hog.c. - debian/patches/CVE-2020-0556-4.patch: add LEAutoSecurity setting to input.conf in profiles/input/device.h, profiles/input/hog.c, profiles/input/input.conf, profiles/input/manager.c. - CVE-2020-0556
master-backup-4.49	2020-04-01 09:07:37 UTC 2020-04-01	Open development for 5.49-2-dev Author: System Enablement CI Bot Author Date: 2020-04-01 09:07:37 UTC Open development for 5.49-2-dev
bluez/5.49	2020-03-31 11:44:38 UTC 2020-03-31	Merge remote tracking branch cve-2020-0556 Author: System Enablement CI Bot Author Date: 2020-03-31 11:44:38 UTC Merge remote tracking branch cve-2020-0556 Merge-Proposal: https://code.launchpad.net/~alfonsosanchezbeato/snappy-hwe-snaps/+git/bluez/+merge/381428 Author: Alfonso Sanchez-Beato <alfonso.sanchez-beato@canonical.com> Security update taken from Ubuntu package. Patches included: bluez (5.48-0ubuntu3.4) bionic-security; urgency=medium * SECURITY UPDATE: privilege escalation via improper access control - debian/patches/CVE-2020-0556-1.patch: HOGP must only accept data from bonded devices in profiles/input/hog.c. - debian/patches/CVE-2020-0556-2.patch: HID accepts bonded device connections only in profiles/input/device.c, profiles/input/device.h, profiles/input/input.conf, profiles/input/manager.c. - debian/patches/CVE-2020-0556-3.patch: attempt to set security level if not bonded in profiles/input/hog.c. - debian/patches/CVE-2020-0556-4.patch: add LEAutoSecurity setting to input.conf in profiles/input/device.h, profiles/input/hog.c, profiles/input/input.conf, profiles/input/manager.c. - CVE-2020-0556
bluez/5.50	2018-06-01 08:36:21 UTC 2018-06-01	Release 5.50 Author: Marcel Holtmann Author Date: 2018-06-01 08:36:21 UTC Release 5.50
15.04/stable	2017-09-15 12:46:17 UTC 2017-09-15	Update version to 5.34-3 Author: Konrad Zapałowicz Author Date: 2017-09-15 12:46:17 UTC Update version to 5.34-3
15.04/master	2017-09-15 12:24:15 UTC 2017-09-15	Merge remote tracking branch feature/15.04/blueborne-and-fixing-build Author: System Enablement CI Bot Author Date: 2017-09-15 12:24:15 UTC Merge remote tracking branch feature/15.04/blueborne-and-fixing-build Merge-Proposal: https://code.launchpad.net/~kzapalowicz/snappy-hwe-snaps/+git/bluez/+merge/330824 Author: Konrad Zapałowicz <konrad.zapalowicz@canonical.com> Update repository urls to point to snappy-hwe-team, also bump version for an upcoming release and update changelog
bluez-5.34	2017-09-15 11:44:15 UTC 2017-09-15	Merge remote tracking branch feature/fix-blueborne-5.34 Author: System Enablement CI Bot Author Date: 2017-09-15 11:44:15 UTC Merge remote tracking branch feature/fix-blueborne-5.34 Merge-Proposal: https://code.launchpad.net/~kzapalowicz/snappy-hwe-snaps/+git/bluez/+merge/330825 Author: Konrad Zapałowicz <konrad.zapalowicz@canonical.com> Fix Blueborne CVE-2017-1000250
bluez/5.44	2017-09-13 14:57:30 UTC 2017-09-13	Merge remote tracking branch fix/cve-blueborne Author: System Enablement CI Bot Author Date: 2017-09-13 14:57:30 UTC Merge remote tracking branch fix/cve-blueborne Merge-Proposal: https://code.launchpad.net/~kzapalowicz/snappy-hwe-snaps/+git/bluez/+merge/330677 Author: Konrad Zapałowicz <konrad.zapalowicz@canonical.com> Fix CVE-2017-1000250 More details: https://www.armis.com/blueborne/, patch based on https://launchpadlibrarian.net/336654263/bluez_5.37-0ubuntu5_5.37-0ubuntu5.1.diff.gz
bluez/5.37	2017-04-04 14:25:03 UTC 2017-04-04	[SNAPPY] Fix hciattach on RPi3 Author: Konrad Zapałowicz Author Date: 2017-04-04 14:22:33 UTC [SNAPPY] Fix hciattach on RPi3 This patch fixes the hciattach on Raspberry Pi 3 by applying the following changes: * don't set UART speed before loading firmware (thanks to https://github.com/MilhouseVH) * change FIRMWARE_DIR to /lib/formware These changes originated from LP: #1674509

This repository contains Public information

Everyone can see this information.

Subscribers

Snappy HWE Team