~alfonsosanchezbeato/snappy-hwe-snaps/+git/bluez:update-to-5.48

Branch merges

Propose for merging

Merged into ~snappy-hwe-team/snappy-hwe-snaps/+git/bluez:master at revision d550d3d0b28a7611a7734d56e2023f3b4a986511

System Enablement Bot: Approve (continuous-integration) on 2020-07-03

Diff: 20 lines (+2/-2)

1 file modified

snapcraft.yaml (+2/-2)

api

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

ea3c94d... by Alfonso Sanchez-Beato on 2020-05-21

Update to 5.48 upstream

939849a... by System Enablement CI Bot <email address hidden> on 2020-04-02

Open development for 5.47-5-dev

e7d69b4... by System Enablement CI Bot <email address hidden> on 2020-04-02

Bump version to 5.47-4

08ed737... by System Enablement CI Bot <email address hidden> on 2020-04-02

Update manifests to 5.47-4

f788e75... by System Enablement CI Bot <email address hidden> on 2020-04-02

Update ChangeLog for 5.47-4

094bfe8... by Alfonso Sanchez-Beato on 2020-04-02

Revert "snap: enable bluez 5.49"

We go back to version 5.47, as apparently 5.49 had some breaking changes
for some of the supported devices.
This reverts commit 5105efcc3b0b0449472cb6852f0f6952a4316bf8.

ccd5a02... by System Enablement CI Bot <email address hidden> on 2020-03-31

Merge remote tracking branch cve-fix

Merge-Proposal: https://code.launchpad.net/~alfonsosanchezbeato/snappy-hwe-snaps/+git/bluez/+merge/381570

Author: Alfonso Sanchez-Beato <email address hidden>

Security update to bluez/5.47 branch
Security update taken from Ubuntu package (https://usn.ubuntu.com/4311-1/).
Patches included:

bluez (5.48-0ubuntu3.4) bionic-security; urgency=medium

  * SECURITY UPDATE: privilege escalation via improper access control
    - debian/patches/CVE-2020-0556-1.patch: HOGP must only accept data from
      bonded devices in profiles/input/hog.c.
    - debian/patches/CVE-2020-0556-2.patch: HID accepts bonded device
      connections only in profiles/input/device.c, profiles/input/device.h,
      profiles/input/input.conf, profiles/input/manager.c.
    - debian/patches/CVE-2020-0556-3.patch: attempt to set security level
      if not bonded in profiles/input/hog.c.
    - debian/patches/CVE-2020-0556-4.patch: add LEAutoSecurity setting to
      input.conf in profiles/input/device.h, profiles/input/hog.c,
      profiles/input/input.conf, profiles/input/manager.c.
    - CVE-2020-0556

aef8c36... by Alfonso Sanchez-Beato on 2020-03-31

Security update to bluez/5.47 branch

Security update taken from Ubuntu
package (https://usn.ubuntu.com/4311-1/).
Patches included:

bluez (5.48-0ubuntu3.4) bionic-security; urgency=medium

  * SECURITY UPDATE: privilege escalation via improper access control
    - debian/patches/CVE-2020-0556-1.patch: HOGP must only accept data from
      bonded devices in profiles/input/hog.c.
    - debian/patches/CVE-2020-0556-2.patch: HID accepts bonded device
      connections only in profiles/input/device.c, profiles/input/device.h,
      profiles/input/input.conf, profiles/input/manager.c.
    - debian/patches/CVE-2020-0556-3.patch: attempt to set security level
      if not bonded in profiles/input/hog.c.
    - debian/patches/CVE-2020-0556-4.patch: add LEAutoSecurity setting to
      input.conf in profiles/input/device.h, profiles/input/hog.c,
      profiles/input/input.conf, profiles/input/manager.c.
    - CVE-2020-0556

a294fc8... by System Enablement CI Bot <email address hidden> on 2019-09-10

Merge remote tracking branch add-changelog

Merge-Proposal: https://code.launchpad.net/~alfonsosanchezbeato/snappy-hwe-snaps/+git/bluez/+merge/372528

Author: Alfonso Sanchez-Beato <email address hidden>

snap: copy changelog to package

a65da63... by Alfonso Sanchez-Beato on 2019-09-10

Adapt to latest snapcraft