On Tue, Dec 20, 2022 at 04:04:15PM +0800, Naveen Saini wrote:
> Recent commits have CVE-2022-2741 fixed.
> 
> Also backported CVE-2022-2993 fix.
> 
> Signed-off-by: Naveen Saini <[email protected]>


For master:
I ran this series (batched with the other patches destined for the
master branch) through CI and it passes (with the known qemu a9 poll
issue).  See:
https://gitlab.com/jonmason00/meta-zephyr/-/pipelines/747733921

For langdale:
I ran this series (batched with the other patches destined for the
langdale branch) through CI and it passes.  See:
https://gitlab.com/jonmason00/meta-zephyr/-/pipelines/747805268

Tested-by: Jon Mason <[email protected]>

> ---
>  ...ix-SMP-local-keys-check-when-startin.patch | 51 +++++++++++++++++++
>  .../zephyr-kernel/zephyr-kernel-src-3.1.0.inc |  3 +-
>  2 files changed, 53 insertions(+), 1 deletion(-)
>  create mode 100644 
> meta-zephyr-core/recipes-kernel/zephyr-kernel/files/0001-3.1-Bluetooth-host-Fix-SMP-local-keys-check-when-startin.patch
> 
> diff --git 
> a/meta-zephyr-core/recipes-kernel/zephyr-kernel/files/0001-3.1-Bluetooth-host-Fix-SMP-local-keys-check-when-startin.patch
>  
> b/meta-zephyr-core/recipes-kernel/zephyr-kernel/files/0001-3.1-Bluetooth-host-Fix-SMP-local-keys-check-when-startin.patch
> new file mode 100644
> index 0000000..68650c3
> --- /dev/null
> +++ 
> b/meta-zephyr-core/recipes-kernel/zephyr-kernel/files/0001-3.1-Bluetooth-host-Fix-SMP-local-keys-check-when-startin.patch
> @@ -0,0 +1,51 @@
> +From 74d26b70f080a5dc60c6a1aa2bfec38043ee30d4 Mon Sep 17 00:00:00 2001
> +From: Joakim Andersson <[email protected]>
> +Date: Fri, 5 Aug 2022 10:50:47 +0200
> +Subject: [PATCH] Bluetooth: host: Fix SMP local keys check when starting
> + encryption
> +
> +Fix SMP check of existing local keys when attempting to start security
> +with required security mode 1 level 4. The logic for checking the
> +conditions was wrong, leading to a situation where encryption would be
> +attempted to be started by the central instead of initiating a new
> +pairing procedure. This would fail when the connection was encrypted and
> +the connection would be disconnected.
> +
> +Upstream-Status: Backport 
> [https://github.com/zephyrproject-rtos/zephyr/commit/83d5402fe830973f943bde085d80f0d3643e811a]
> +https://github.com/zephyrproject-rtos/zephyr/pull/52947/files
> +CVE: CVE-2022-2993
> +
> +Signed-off-by: Joakim Andersson <[email protected]>
> +Signed-off-by: Naveen Saini <[email protected]>
> +---
> + subsys/bluetooth/host/smp.c | 10 +++++-----
> + 1 file changed, 5 insertions(+), 5 deletions(-)
> +
> +diff --git a/subsys/bluetooth/host/smp.c b/subsys/bluetooth/host/smp.c
> +index 02a847f97d..555f09fefd 100644
> +--- a/subsys/bluetooth/host/smp.c
> ++++ b/subsys/bluetooth/host/smp.c
> +@@ -357,15 +357,15 @@ static bool smp_keys_check(struct bt_conn *conn)
> +             return false;
> +     }
> + 
> +-    if (conn->required_sec_level > BT_SECURITY_L2 &&
> ++    if (conn->required_sec_level >= BT_SECURITY_L3 &&
> +         !(conn->le.keys->flags & BT_KEYS_AUTHENTICATED)) {
> +             return false;
> +     }
> + 
> +-    if (conn->required_sec_level > BT_SECURITY_L3 &&
> +-        !(conn->le.keys->flags & BT_KEYS_AUTHENTICATED) &&
> +-        !(conn->le.keys->keys & BT_KEYS_LTK_P256) &&
> +-        !(conn->le.keys->enc_size == BT_SMP_MAX_ENC_KEY_SIZE)) {
> ++    if (conn->required_sec_level >= BT_SECURITY_L4 &&
> ++        !((conn->le.keys->flags & BT_KEYS_AUTHENTICATED) &&
> ++          (conn->le.keys->keys & BT_KEYS_LTK_P256) &&
> ++          (conn->le.keys->enc_size == BT_SMP_MAX_ENC_KEY_SIZE))) {
> +             return false;
> +     }
> + 
> +-- 
> +2.25.1
> +
> diff --git 
> a/meta-zephyr-core/recipes-kernel/zephyr-kernel/zephyr-kernel-src-3.1.0.inc 
> b/meta-zephyr-core/recipes-kernel/zephyr-kernel/zephyr-kernel-src-3.1.0.inc
> index 68016e4..b3feb6a 100644
> --- 
> a/meta-zephyr-core/recipes-kernel/zephyr-kernel/zephyr-kernel-src-3.1.0.inc
> +++ 
> b/meta-zephyr-core/recipes-kernel/zephyr-kernel/zephyr-kernel-src-3.1.0.inc
> @@ -2,7 +2,7 @@
>  
>  SRCREV_FORMAT = "default"
>  
> -SRCREV_default = "2ddd73feafd3316af2c547c34d6969bea637d5c6"
> +SRCREV_default = "a7d946331f4f9361d1531984524dd8f151ae20b0"
>  SRCREV_canopennode = "53d3415c14d60f8f4bfca54bfbc5d5a667d7e724"
>  SRCREV_chre = "0edfe2c2ec656afb910cfab8ed59a5ffd59b87c8"
>  SRCREV_civetweb = "094aeb41bb93e9199d24d665ee43e9e05d6d7b1c"
> @@ -109,6 +109,7 @@ SRC_URI_ZSCILIB ?= 
> "git://github.com/zephyrproject-rtos/zscilib;protocol=https"
>  SRC_URI_PATCHES ?= "\
>      file://0001-3.1-cmake-add-yocto-toolchain.patch;patchdir=zephyr \
>      
> file://0001-3.1-x86-fix-efi-binary-generation-issue-in-cross-compila.patch;patchdir=zephyr
>  \
> +    
> file://0001-3.1-Bluetooth-host-Fix-SMP-local-keys-check-when-startin.patch;patchdir=zephyr
>  \
>  "
>  
>  SRC_URI = "\
> -- 
> 2.25.1
> 
> 
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#58992): https://lists.yoctoproject.org/g/yocto/message/58992
Mute This Topic: https://lists.yoctoproject.org/mt/95782023/21656
Group Owner: [email protected]
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to