0a10858fd7
Merge branch 'feature/extend_h2_conon_num_to_70_v5.5' into 'release/v5.5'
...
change(ble): Updated the maximum number of concurrent connections to 70 on ESP32-H2 (v5.5)
See merge request espressif/esp-idf!43835
2025-12-30 10:31:52 +08:00
5bee13a621
Merge branch 'opt/opt_ble_log_v5.5' into 'release/v5.5'
...
feat(ble/bluedroid): Added BLE debug LOG for bluedroid (v5.5)
See merge request espressif/esp-idf!42270
2025-12-29 12:11:36 +08:00
1d7830102e
Merge branch 'feat/show_how_to_use_smp_in_blufi_example_v5.5' into 'release/v5.5'
...
feat(ble/blufi): Support setting BLE encryption for blufi (v5.5)
See merge request espressif/esp-idf!44143
2025-12-29 12:11:21 +08:00
dae755c78c
Merge branch 'bugfix/sync_security_fix_from_flouride_v5.5' into 'release/v5.5'
...
fix: synchronized several security-related fixes from Google Fluoride (v5.5)
See merge request espressif/esp-idf!44407
2025-12-26 21:32:23 +08:00
da5ff0c78c
Merge branch 'fix/add_soc_caps_for_pawr_feat_v5.5' into 'release/v5.5'
...
fix(ble): add soc caps feat for PAwR (v5.5)
See merge request espressif/esp-idf!44150
2025-12-26 14:21:25 +08:00
ec191d2851
Merge branch 'feat/add_param_indicate_create_spp_records_v5.5' into 'release/v5.5'
...
feat(bt): Add an SPP API parameter to indicate whether to create the SPP record(v5.5)
See merge request espressif/esp-idf!43583
2025-12-26 10:34:35 +08:00
e0c12adc79
Merge branch 'bugfix/a2dp_deinit_crash_v5.5' into 'release/v5.5'
...
fix(bt): fixed crash caused by deinit during A2DP connection initiation(v5.5)
See merge request espressif/esp-idf!43791
2025-12-26 10:34:08 +08:00
8c47552a4c
Merge branch 'change/bt_bluedroid_avrcp_version_v5.5' into 'release/v5.5'
...
change(bt/bluedroid): Change AVRCP version according to feature enabled (v5.5)
See merge request espressif/esp-idf!44200
2025-12-26 10:32:43 +08:00
1e9f63183b
Merge branch 'bugfix/l2c_fcr_clone_buf_v5.5' into 'release/v5.5'
...
fix(bt/bluedroid): fixed possible access to NULL in l2c_fcr_clone_buf
See merge request espressif/esp-idf!44263
2025-12-26 10:32:04 +08:00
0e194e6499
Merge branch 'bugfix/a2dp_reg_sep_v5.5' into 'release/v5.5'
...
fix(bt/bluedroid): Fix the status judgment of the A2DP source registration SEP (v5.5)
See merge request espressif/esp-idf!43881
2025-12-26 10:28:58 +08:00
66b2214a0d
fix(bt/bluedroid): cleaned the code according to the tool cppcheck
2025-12-19 16:56:25 +08:00
cf5a568dc0
fix(bt/bluedroid): fixed possible OOB read in smp_br_data_received
2025-12-19 16:52:31 +08:00
8fe4c35994
fix(bt/bluedroid): drop connection when atttempting to disable encryption
2025-12-19 16:52:31 +08:00
991486fa02
fix(bt/bluedroid): fixed an integer overflow bug in attp_build_read_multi_cmd
2025-12-19 16:52:31 +08:00
fa22e34f56
fix(bt/bluedroid): fixed an integer overflow bug in avdt_msg_asmbl
2025-12-19 16:52:31 +08:00
5872a8cccb
fix(bt/bluedroid): fixed an OOB bug in bta_av_setconfig_rej
2025-12-19 16:52:31 +08:00
f7c0f92556
fix(bt/bluedroid): fixed an OOB bug in btm_read_rssi_complete
2025-12-19 16:52:31 +08:00
514bcb41a2
fix(bt/bluedroid): fixed an OOB bug in btm_delete_stored_link_key_complete
2025-12-19 16:52:31 +08:00
04219e5fd4
fix(bt/bluedroid): fixed an OOB bug in btm_read_tx_power_complete
2025-12-19 16:52:31 +08:00
08a593d801
fix(bt/bluedroid): fixed an OOB bug in btm_create_conn_cancel_complete
2025-12-19 16:52:31 +08:00
a73e2e4d6c
fix(bt/bluedroid): fixed an OOB bug in btm_read_local_oob_complete
2025-12-19 16:52:31 +08:00
5a2b29fe82
fix(bt/bluedroid): fixed an OOB write in SDP_AddAttribute
2025-12-19 16:52:31 +08:00
3ec5f615ae
fix(bt/bluedroid): report failure when not able to connect to AVRCP
2025-12-19 16:52:31 +08:00
56756b1b5d
fix(bt/bluedroid): fixed buffer overflow in BRSF
2025-12-19 16:52:31 +08:00
11eea1b4de
fix(bt/bluedroid): added negative length check in process_service_search_rsp
2025-12-19 16:52:31 +08:00
be25062b0d
fix(bt/bluedroid): fixed OOB read in SDP server continuation length
2025-12-19 16:52:31 +08:00
4df287c536
fix(bt/bluedroid): added length check when copy AVDTP packet
2025-12-19 16:52:31 +08:00
6a497ad921
fix(bt/bluedroid): fixed OOB read in AT_SKIP_RESET
2025-12-19 16:52:31 +08:00
019516284f
fix(bt/bluedroid): fixed OOB write in bta_hf_client_handle_cind_list_item
2025-12-19 16:52:31 +08:00
158519cf8c
fix(bt/bluedroid): added boundary check when reading SDP attribute response packet
2025-12-19 16:52:31 +08:00
173747750d
fix(bt/bluedroid): fixed potential OOB read in the avrc_pars_vendor_rsp
2025-12-19 16:52:31 +08:00
4cb6ccc6f6
fix(bt/bluedroid): fixed potential OOB read in the reporting handler
...
Thanks to Luigino Camastra and Pavel Kohout from Aisle Research as
co-reporters for discovering and reporting this issue.
2025-12-19 16:52:31 +08:00
f15fe75f24
fix(bt/bluedroid): fixed a potential overflow about the media payload offset
...
This variable is uint16_t, and is possible to overflow when the length
of headder extension is larger. Here we compare with the data length to
prevent any exceptions.
2025-12-19 16:52:31 +08:00
15e0c748e5
fix(bt/bluedroid): fixed p_data null dereference in l2c_csm_open
2025-12-19 16:52:31 +08:00
70f82a5607
fix(bt/bluedroid): fixed Use-After-Free in btm_sec_[dis]connected
2025-12-19 16:52:31 +08:00
5b7c17cfc7
fix(bt/bluedroid): reject device with same address in legacy paring
2025-12-19 16:52:31 +08:00
0fc2109ec7
fix(bt/bluedroid): ignore AVCT commands that are too long
2025-12-19 16:52:31 +08:00
9095d1cd25
fix(bt/bluedroid): use osi_calloc to zero reserved fields in AVRCP
2025-12-19 16:52:31 +08:00
0f1c203e12
fix(bt/bluedroid): make sure SDP only start discovery once
2025-12-19 16:52:31 +08:00
1ba8aaaff8
fix(bt/bluedroid): check event ID if of register notification from remote to avoid OOB write
2025-12-19 16:52:31 +08:00
33af3a0aa6
fix(bt/blurdoird): check Classic key before cross-key derivation
2025-12-19 16:52:31 +08:00
e7e0be698a
fix(bt/blurdoird): enable bitpool snity checks
2025-12-19 16:52:31 +08:00
8789584388
Merge branch 'bugfix/bug_ble_max_device_record_v5.5' into 'release/v5.5'
...
fix(ble/bluedroid): Fixed BLE incorrect device record count issue (v5.5)
See merge request espressif/esp-idf!43597
2025-12-18 14:29:52 +08:00
a63ae743b1
Merge branch 'bugfix/fix_reconnect_failed_with_extend_adv_v5.5' into 'release/v5.5'
...
fix(ble/bluedroid): Fixed the issue that extend advertising might not restart if the connection fails (v5.5)
See merge request espressif/esp-idf!44251
2025-12-18 14:26:44 +08:00
5cf7ec68bc
Merge branch 'bugfix/fix_ble_security_issue_2025_v5.5' into 'release/v5.5'
...
Fix potential CVE-2024-0039 out-of-bounds write in attp_build_value_cmd (v5.5)
See merge request espressif/esp-idf!43807
2025-12-18 14:25:15 +08:00
51493f9445
Merge branch 'bugfix/fix_reattempt_sync_estab_v5.5' into 'release/v5.5'
...
fix(nimble): Add change to cancel sync in case of reattempt (v5.5)
See merge request espressif/esp-idf!43949
2025-12-18 14:21:18 +08:00
c4cc87501b
fix(ble/bledroid): fix codespell issues in bluedroid code
2025-12-17 17:10:58 +08:00
b70e8ae903
fix(bt/bluedroid): fixed possible access to NULL in l2c_fcr_clone_buf
2025-12-16 11:38:55 +08:00
5452adbcb9
fix(ble/bluedroid): Fixed reconnection failed with extend adv
...
(cherry picked from commit ec4052c1c7125ab1bc4223bc507e6e778d37728c)
Co-authored-by: zhiweijian <zhiweijian@espressif.com >
2025-12-15 21:23:25 +08:00
d569b7df6b
change(bt/bluedroid): Change AVRCP version according to feature enabled
...
- Version will be set to 1.6 if Cover Art feature enabled
- Otherwise, version will be set to 1.5
2025-12-12 20:11:15 +08:00
Jiang Jiang Jian