| 5453bb52 |
shared/hfp: Add Call hangup support |
Frédéric Danis |
3 months ago |
2 files, +28, -0 |
| aaabb8d7 |
unit/test-hfp: Add Answer Incoming Call tests for HF
This add the following tests:
- HFP/HF/ICA/BV-04-C
Verify the incoming call is answered from HF, no in-band ring.
- HFP/HF/ICA/BV-06-C
Verify the incoming call is answered from AG, no in-band ring. |
Frédéric Danis |
3 months ago |
1 file, +90, -1 |
| df19a947 |
shared/hfp: Add Call answer support
This also manage the +CIEV:<call>,… event to create, remove or update
calls. |
Frédéric Danis |
3 months ago |
2 files, +83, -0 |
| e7c77f80 |
btdev: Fix advertisement state
The LE Advertisement state shall be updated whenever an advertisement
is disabled since if all advertisments sets are disabled it shall be
reflected in le_adv_enable. |
Luiz Augusto von Dentz |
3 months ago |
1 file, +15, -0 |
| a6d35e91 |
btdev: Fix handling of BT_HCI_CMD_LE_SET_RESOLV_ENABLE
Checking for le_adv_enable alone is not valid considering the comments
itself states that peridic advertising shall be allowed. |
Luiz Augusto von Dentz |
3 months ago |
1 file, +1, -1 |
| 04a89669 |
doc: iso: add BT_PKT_SEQNUM documentation |
Pauli Virtanen |
3 months ago |
1 file, +70, -6 |
| 6b0a0877 |
media: fix pac_config_cb() error code return
Fixes: a887b1a1b91f ("audio: Add support for specific error codes for A2DP configuration") |
Pauli Virtanen |
3 months ago |
1 file, +1, -1 |
| da5daf53 |
Release 5.84 |
Marcel Holtmann |
3 months ago |
2 files, +9, -1 |
| 61d3e447 |
transport: Fix build with A2DP support disabled
$ ./bootstrap-configure --disable-a2dp && make
[...]
profiles/audio/transport.c: In function ‘media_transport_update_delay’:
profiles/audio/transport.c:2653:33: error: implicit declaration of function ‘a2dp_avdtp_get’ [-Wimplicit-function-declaration]
2653 | a2dp->session = a2dp_avdtp_get(transport->device);
| ^~~~~~~~~~~~~~
profiles/audio/transport.c:2653:31: error: assignment to ‘struct avdtp *’ from ‘int’ makes pointer from integer without a cast [-Wint-conversion]
2653 | a2dp->session = a2dp_avdtp_get(transport->device);
| ^
Reported-by: Arun Raghavan <arun@accosted.net>
Fixes: 0bb66d3d1abd ("transport: fix A2DP Delay values missing from DBus") |
Bastien Nocera |
3 months ago |
1 file, +2, -0 |
| 72b02df3 |
profiles/audio/a2dp: Clear suspend timer on A2DP stream free
When an A2DP stream is created in start_ind, a timer is set, suspending
the AVDTP stream if there have been no users within 5 seconds. However,
if the AVDTP stream transitions to the IDLE state before the timer
fires, the A2DP stream is freed without the timer being cleared. This
meant that when the timer fired, it tried to suspend a stream with a
pointer that was previously freed and so segfaulted.
This commit fixes that by ensuring that suspend_timer is cleared before
freeing the A2DP stream.
This was causing random segfaults when connecting my Sony WH-1000XM5
headphones. |
Alex Studer |
3 months ago |
1 file, +5, -0 |
| c6dcf6b7 |
transport: Fix build with VCP support disabled
$ $ ./bootstrap-configure --enable-a2dp --enable-avrcp --enable-experimental --enable-asha --disable-vcp && make
[...]
/usr/bin/ld: profiles/audio/bluetoothd-transport.o: in function `transport_bap_set_volume':
profiles/audio/transport.c:2275:(.text.transport_bap_set_volume+0x11): undefined reference to `bt_audio_vcp_set_volume'
/usr/bin/ld: profiles/audio/bluetoothd-transport.o: in function `transport_bap_get_volume':
profiles/audio/transport.c:2266:(.text.transport_bap_get_volume+0x9): undefined reference to `bt_audio_vcp_get_volume'
Reported-by: Arun Raghavan <arun@accosted.net>
Fixes: af8266af13c8 ("audio: connect VCP profile client to MediaTransport") |
Bastien Nocera |
3 months ago |
2 files, +11, -0 |
| 430b8b1b |
unit/test-hfp: Add Call Line Identification test for HF
This add the following test:
- HFP/HF/CLI/BV-01-C
Verify that the HF receives the caller ID. |
Frédéric Danis |
3 months ago |
1 file, +46, -0 |
| 889139e0 |
shared/hfp: Add Call Line Identification support
Send AT+CLIP=1 at the end of the SLC creation to enable CLIP event.
Register +CLIP handler to call the update_call_line_id callback on event.
During incoming call notifications, i.e. after +CIEV:<callsetup>,1
event which creates a new call object, the reception of +CLIP event
will update the line_id and type of the call object. |
Frédéric Danis |
3 months ago |
3 files, +257, -4 |
| fb32f3a2 |
unit/test-hfp: Add Operator name test for HF
This add the following test:
- HFP/HF/PSI/BV-04-C
Verify that the HF can query the currently selected operator name.
Improve MINIMAL_SLC_SESSION macro to be able to set the service, call,
callsetup and callheld indicators at connection time. |
Frédéric Danis |
3 months ago |
1 file, +34, -9 |
| b8d3e4c5 |
shared/hfp: Add Operator name support
Send AT+COPS=3,0 at the end of the SLC creation to set the format of
the operator selection to long alphanumeric, then query the currently
selected operator name from the AG.
Register +COPS handler to call the update_operator callback on event. |
Frédéric Danis |
3 months ago |
3 files, +89, -3 |
| 4d7d25b7 |
avdtp: wait for L2CAP Disconnect Rsp before CLOSING->IDLE
Delay CLOSING->IDLE until remote acknowledges L2CAP channel closure.
It is not explicitly stated in AVDTP v1.3 Sec. 6.13, but some devices
refuse commands sent immediately after L2CAP Disconnect Req, so wait
until Rsp.
Fails:
> ACL Data RX: Handle 6 flags 0x02 dlen 6
Channel: 64 len 2 [PSM 25 mode Basic (0x00)] {chan 0}
AVDTP: Close (0x08) Response Accept (0x02) type 0x00 label 0 nosp 0
< ACL Data TX: Handle 6 flags 0x00 dlen 12
L2CAP: Disconnection Request (0x06) ident 16 len 4
Destination CID: 65
Source CID: 65
< ACL Data TX: Handle 6 flags 0x00 dlen 22
Channel: 64 len 18 [PSM 25 mode Basic (0x00)] {chan 0}
AVDTP: Set Configuration (0x03) Command (0x00) type 0x00 label 1 nosp 0
ACP SEID: 7
INT SEID: 1
Service Category: Media Transport (0x01)
Service Category: Media Codec (0x07)
Media Type: Audio (0x00)
Media Codec: MPEG-2,4 AAC (0x02)
Object Type: MPEG-4 AAC LC (0x40)
Frequency: 44100 (0x100)
Channels: 2 (0x04)
Bitrate: 220000bps
VBR: No
Service Category: Delay Reporting (0x08)
> ACL Data RX: Handle 6 flags 0x02 dlen 12
L2CAP: Disconnection Response (0x07) ident 16 len 4
Destination CID: 65
Source CID: 65
> ACL Data RX: Handle 6 flags 0x02 dlen 8
Channel: 64 len 4 [PSM 25 mode Basic (0x00)] {chan 0}
AVDTP: Set Configuration (0x03) Response Reject (0x03) type 0x00 label 1 nosp 0
Service Category: Reserved (0x29)
Error code: UNSUPPORTED_CONFIGURATION (0x29)
Works:
> ACL Data RX: Handle 4 flags 0x02 dlen 6
Channel: 64 len 2 [PSM 25 mode Basic (0x00)] {chan 0}
AVDTP: Close (0x08) Response Accept (0x02) type 0x00 label 12 nosp 0
< ACL Data TX: Handle 4 flags 0x00 dlen 12
L2CAP: Disconnection Request (0x06) ident 16 len 4
Destination CID: 65
Source CID: 65
> ACL Data RX: Handle 4 flags 0x02 dlen 12
L2CAP: Disconnection Response (0x07) ident 16 len 4
Destination CID: 65
Source CID: 65
< ACL Data TX: Handle 4 flags 0x00 dlen 22
Channel: 64 len 18 [PSM 25 mode Basic (0x00)] {chan 0}
AVDTP: Set Configuration (0x03) Command (0x00) type 0x00 label 13 nosp 0
ACP SEID: 9
INT SEID: 2
Service Category: Media Transport (0x01)
Service Category: Media Codec (0x07)
Media Type: Audio (0x00)
Media Codec: MPEG-2,4 AAC (0x02)
Object Type: MPEG-4 AAC LC (0x40)
Frequency: 44100 (0x100)
Channels: 2 (0x04)
Bitrate: 220000bps
VBR: No
Service Category: Delay Reporting (0x08)
> ACL Data RX: Handle 4 flags 0x02 dlen 6
Channel: 64 len 2 [PSM 25 mode Basic (0x00)] {chan 0}
AVDTP: Set Configuration (0x03) Response Accept (0x02) type 0x00 label 13 nosp 0
Fixes: https://github.com/bluez/bluez/issues/1471
Fixes: aa118e965b ("a2dp: Don't wait to reconfigure") |
Pauli Virtanen |
3 months ago |
1 file, +10, -1 |
| 9c9d6ca2 |
audio: Fix typos in A2DP error messages |
Per Waagø |
3 months ago |
3 files, +12, -12 |
| befdacd2 |
doc: Document error codes for A2DP MediaEndpoints |
Per Waagø |
4 months ago |
1 file, +37, -0 |
| a887b1a1 |
audio: Add support for specific error codes for A2DP configuration
The A2DP specification defines error codes that shall be used if
the codec capabilities contain improper settings. This change allows
clients to trigger the sending of these specific error codes by
returning the corresponding error messages from
MediaEndpoint1.SetConfiguration.
This update is fully backwards compatible: clients passing other error
messages will continue to receive the default error code as before. On
older BlueZ versions, these new errors will also result in the default
error code, enabling clients to implement support for the new errors
without breaking compatibility.
This change enables passing A2DP/SNK/AVP/* and A2DP/SRC/AVP/*
qualification tests. |
Per Waagø |
4 months ago |
4 files, +128, -17 |
| 441f95a9 |
unit/test-hfp: Fix MINIMAL_SLC_SESSION
Fix missing commas in +CIND reply. |
Frédéric Danis |
4 months ago |
1 file, +4, -4 |
| 2efd925d |
client/assistant: Use strnlen() instead of strlen()
Using strlen() can lead to undefined behavior. |
Roman Smirnov |
4 months ago |
1 file, +1, -1 |
| 393e81a7 |
main.conf: Add FilterDiscoverable option
This adds FilterDiscoverable option which can be use to control if
devices in non-discoverable mode shall be filtered or not, the default
is true to adhere to core spec:
9.2. Discovery modes and procedures
All devices shall be in either non-discoverable mode or one of the
discoverable modes. A device in the discoverable mode shall be in
either the general discoverable mode or the limited discoverable mode.
A device in the non-discoverable mode is not discoverable. Devices
operating in either the general discoverable mode or the limited
discoverable mode can be found by the discovering device. |
Luiz Augusto von Dentz |
4 months ago |
4 files, +17, -1 |
| f9a98ff2 |
unit/test-hfp: Play PDUs up to the last one for HF tests
This will allows to create PDU set for TS tests which may end with
events not triggering actions, e.g. when receiving +CIEV:<callsetup>,0
where call status has already been updated by +CIEV:<call>,1
Free context->data only after completing hfp_*_unref calls. |
Frédéric Danis |
4 months ago |
1 file, +9, -18 |
| bef16e9c |
shared/hfp: Fix typos |
Frédéric Danis |
4 months ago |
2 files, +8, -8 |
| c779eb81 |
unit/test-hfp: Re-order TS tests in alphabetical order
This will simplify when looking for a test. |
Frédéric Danis |
4 months ago |
1 file, +21, -21 |
| 5d4efe96 |
client: Fix transport.acquire not doing anything
If transport.acquire is called for a transport that does not use a local
endpoint it won't call Transport.Acquire as the bluetoothd does not
allow controlling transports of other processes, but it doesn't print
anything either leaving the user blind to what is happening.
Fixes: https://github.com/bluez/bluez/issues/1532 |
Luiz Augusto von Dentz |
4 months ago |
1 file, +8, -1 |
| ba920d3e |
lib: Fix out-of-bounds write when concatenating commands
This commit fixes the hci_commandstostr() command by writing new line
character in place of trailing space when wrapping long lines. Previous
approach was to append new line character to existing string, which
caused buffer overflow when there was more than 9 lines in the output
string.
Also, the last trailing space is removed in order to return
trailing-spaces-free string to the caller. |
Arkadiusz Bokowy |
4 months ago |
2 files, +21, -9 |
| 99abc8a9 |
obexd: client: Fix connect RX MTU
OBEX download from iPhone is currently slow due to small packet size
used to transfer data which doesn't follow the MTU negotiated during
L2CAP connection, i.e. 672 bytes instead of 32767:
< ACL Data TX: Handle 11 flags 0x00 dlen 12
L2CAP: Connection Request (0x02) ident 18 len 4
PSM: 4103 (0x1007)
Source CID: 72
> ACL Data RX: Handle 11 flags 0x02 dlen 16
L2CAP: Connection Response (0x03) ident 18 len 8
Destination CID: 14608
Source CID: 72
Result: Connection successful (0x0000)
Status: No further information available (0x0000)
< ACL Data TX: Handle 11 flags 0x00 dlen 27
L2CAP: Configure Request (0x04) ident 20 len 19
Destination CID: 14608
Flags: 0x0000
Option: Maximum Transmission Unit (0x01) [mandatory]
MTU: 32767
Option: Retransmission and Flow Control (0x04) [mandatory]
Mode: Enhanced Retransmission (0x03)
TX window size: 63
Max transmit: 3
Retransmission timeout: 2000
Monitor timeout: 12000
Maximum PDU size: 1009
> ACL Data RX: Handle 11 flags 0x02 dlen 26
L2CAP: Configure Request (0x04) ident 72 len 18
Destination CID: 72
Flags: 0x0000
Option: Retransmission and Flow Control (0x04) [mandatory]
Mode: Enhanced Retransmission (0x03)
TX window size: 32
Max transmit: 255
Retransmission timeout: 0
Monitor timeout: 0
Maximum PDU size: 65527
Option: Frame Check Sequence (0x05) [mandatory]
FCS: 16-bit FCS (0x01)
< ACL Data TX: Handle 11 flags 0x00 dlen 29
L2CAP: Configure Response (0x05) ident 72 len 21
Source CID: 14608
Flags: 0x0000
Result: Success (0x0000)
Option: Maximum Transmission Unit (0x01) [mandatory]
MTU: 672
Option: Retransmission and Flow Control (0x04) [mandatory]
Mode: Enhanced Retransmission (0x03)
TX window size: 32
Max transmit: 255
Retransmission timeout: 2000
Monitor timeout: 12000
Maximum PDU size: 1009
> ACL Data RX: Handle 11 flags 0x02 dlen 32
L2CAP: Configure Response (0x05) ident 20 len 24
Source CID: 72
Flags: 0x0000
Result: Success (0x0000)
Option: Maximum Transmission Unit (0x01) [mandatory]
MTU: 32767
Option: Retransmission and Flow Control (0x04) [mandatory]
Mode: Enhanced Retransmission (0x03)
TX window size: 63
Max transmit: 3
Retransmission timeout: 2000
Monitor timeout: 12000
Maximum PDU size: 1009
Option: Frame Check Sequence (0x05) [mandatory]
FCS: 16-bit FCS (0x01)
...
< ACL Data TX: Handle 11 flags 0x00 dlen 34
Channel: 14608 len 30 ctrl 0x0000 [PSM 4103 mode Enhanced Retransmission (0x03)] {chan 8}
I-frame: Unsegmented TxSeq 0 ReqSeq 0
00 00 80 00 1a 10 00 02 a0 46 00 13 71 63 dd 54 .........F..qc.T
4a 7e 11 e2 b4 7c 00 50 c2 49 00 48 b4 55 J~...|.P.I.H.U
...
> ACL Data RX: Handle 11 flags 0x02 dlen 680
Channel: 72 len 676 ctrl 0x0202 [PSM 4103 mode Enhanced Retransmission (0x03)] {chan 8}
I-frame: Unsegmented TxSeq 1 ReqSeq 2
< ACL Data TX: Handle 11 flags 0x00 dlen 13
Channel: 14608 len 9 ctrl 0x0204 [PSM 4103 mode Enhanced Retransmission (0x03)] {chan 8}
I-frame: Unsegmented TxSeq 2 ReqSeq 2
> ACL Data RX: Handle 11 flags 0x02 dlen 680
Channel: 72 len 676 ctrl 0x0304 [PSM 4103 mode Enhanced Retransmission (0x03)] {chan 8}
I-frame: Unsegmented TxSeq 2 ReqSeq 3
The OBEX CONNECT request uses the negotiated output MTU (672, 0x02a0)
as the maximum OBEX packet length the client is able to receive
instead of the negotiated input MTU (32767).
This commit swap rx_mtu and tx_mtu as g_obex_new() is defined as:
GObex *g_obex_new(GIOChannel *io, GObexTransportType transport_type,
gssize rx_mtu, gssize tx_mtu); |
Frédéric Danis |
4 months ago |
1 file, +1, -1 |
| fa2ebfd5 |
device: fix auto connect with private addresses
When an app is registered and a device gets paired,
device_set_auto_connect() can be called before the address is resolved.
Do not ignore the request but rather record the auto connect request so
that it can be enabled in device_update_addr. |
Andreas Kemnade |
4 months ago |
1 file, +4, -1 |
| ca209e3f |
avrcp: Fix not ending loop during item listing
When a remote applications return item with UUID set to 0, which is
against the specs (see 6.10.3 UIDs in AVRCP_v1.6.2.pdf), bluetoothd may
try to retrieve the same item in no ending loop.
bluetoothd[2]: profiles/audio/player.c:media_folder_create_item() WDR2 Rheinland type audio uid 0
bluetoothd[2]: profiles/audio/player.c:media_folder_create_item() /org/bluez/hci0/dev_58_66_6D_84_ED_21/player0/NowPlaying/item0
bluetoothd[2]: profiles/audio/player.c:media_player_set_metadata() Title: WDR 2 Rheinland
bluetoothd[2]: profiles/audio/avrcp.c:avrcp_list_items_rsp() start 0 end 9 items 1 total 10
bluetoothd[2]: profiles/audio/player.c:media_folder_create_item() WDR 2 Rheinland type audio uid 0
bluetoothd[2]: profiles/audio/player.c:media_folder_create_item() D-Bus failed to register org.bluez.MediaItem1 on /org/bluez/hci0/dev_58_66_6D_84_ED_21/player0/NowPlaying/item0 path
bluetoothd[2]: profiles/audio/avrcp.c:avrcp_list_items_rsp() start 0 end 9 items 0 total 10
bluetoothd[2]: profiles/audio/player.c:media_folder_create_item() WDR 2 Rheinland type audio uid 0
bluetoothd[2]: profiles/audio/player.c:media_folder_create_item() D-Bus failed to register org.bluez.MediaItem1 on /org/bluez/hci0/dev_58_66_6D_84_ED_21/player0/NowPlaying/item0 path
bluetoothd[2]: profiles/audio/avrcp.c:avrcp_list_items_rsp() start 0 end 9 items 0 total 10 |
Frédéric Danis |
4 months ago |
1 file, +5, -2 |
| f911b6df |
lib: Add missing includes in bluetooth/hci_lib.h
Compilation fails when using bluetooth/hci_lib.h without other includes.
/usr/include/bluetooth/hci_lib.h:21:9: error: unknown type name ‘uint16_t’
21 | uint16_t ogf;
| ^~~~~~~~
...
/usr/include/bluetooth/hci_lib.h:182:27: error: ‘HCI_VENDOR_PKT’ undeclared
182 | hci_set_bit((t == HCI_VENDOR_PKT) ? 0 : (t & HCI_FLT_TYPE_BITS), &f->type_mask);
| ^~~~~~~~~~~~~~ |
Arkadiusz Bokowy |
4 months ago |
1 file, +6, -0 |
| 61c49dfa |
lib: Add missing includes in bluetooth/hci.h
Compilation fails when using bluetooth/hci.h without other includes.
/usr/include/bluetooth/hci.h:310:9: error: unknown type name ‘uint8_t’
310 | uint8_t lap[3];
| ^~~~~~~
...
/usr/include/bluetooth/hci.h:383:9: error: unknown type name ‘bdaddr_t’; did you mean ‘daddr_t’?
383 | bdaddr_t bdaddr;
| ^~~~~~~~ |
Arkadiusz Bokowy |
4 months ago |
1 file, +3, -0 |
| 3acfa2d5 |
sixaxis: Initiate pairing for all cable pairing devices
Fix the cable pairing not being triggered on DualShock 4 controllers.
Note that this still requires an authorisation when connecting through
Bluetooth the first time as we're not exchanging linkkeys. Sixaxis/PS3
controllers aren't paired, so don't have that problem. |
Bastien Nocera |
4 months ago |
1 file, +3, -3 |
| dbf96bb2 |
sixaxis: Fix official DualShock 4 controllers not being handled
The devices changed names, and those do not match the expected name in
our list. Ignore the "Vendor" portion of the device name before matching
it.
This is most likely the result of official DS4 controllers now being
handled by the hid-playstation driver rather than the
community-supported hid-sony.
This fixes DS4 controllers not initiating cable pairing when turned on. |
Bastien Nocera |
4 months ago |
1 file, +1, -1 |
| 4784f58f |
input: Fix incorrect destructors being used
g_key_file_get_string() expects its value to be freed with g_free(), not
free().
Fixes:
profiles/input/manager.c:118:2: leaked_storage:
Variable "uhid_enabled" going out of scope leaks the storage it points to.
profiles/input/hog.c:267:1: leaked_storage:
Variable "uhid_enabled" going out of scope leaks the storage it points to. |
Bastien Nocera |
4 months ago |
2 files, +2, -2 |
| bb14a8b1 |
tools/tester: Fix fd leaks
tools/tester.h:314:3: leaked_handle:
Handle variable "sk" going out of scope leaks the handle.
tools/l2cap-tester.c:1957:4: leaked_handle:
Handle variable "sk" going out of scope leaks the handle. |
Bastien Nocera |
4 months ago |
2 files, +2, -0 |
| c773fd53 |
profiles/audio: Fix uninitialized params.subgroup_data warning
profiles/audio/bass.c:923:2: uninit_use_in_call:
Using uninitialized value "params".
Field "params.subgroup_data" is uninitialized when calling "util_iov_append". |
Bastien Nocera |
4 months ago |
1 file, +1, -1 |
| 4167e89d |
monitor: Print message if the frame information cannot be found
While processing Number of Packeted Completed event the code attempts to
print the frame information of each frame being acked but if no frame
was sent it didn't print anything, so this changes it to print
:#(frame not found) |
Luiz Augusto von Dentz |
4 months ago |
1 file, +3, -1 |
| 90a49056 |
monitor: Add support for -K/--kernel
This adds support for -K/--kernel that open /proc/kmsg and attempts
to print messages starting with 'Kernel:':
> monitor/btmon -K
= Note: Kernel: BNEP (Ethernet Emulation) ver 1.3
= Note: Kernel: BNEP filters: protocol multicast
= Note: Kernel: BNEP socket layer initialized
= Note: Kernel: MGMT ver 1.23
= Note: Kernel: RFCOMM TTY layer initialized
= Note: Kernel: RFCOMM socket layer initialized
= Note: Kernel: RFCOMM ver 1.11 |
Luiz Augusto von Dentz |
4 months ago |
4 files, +68, -1 |
| 5f38ea15 |
adapter: Fix setting index in MGMT_OP_SET_EXP_FEATURE with debug_uuid
Experimental debug feature requires use of MGMT_INDEX_NONE since it is
not an adapter specific feature. |
Luiz Augusto von Dentz |
4 months ago |
1 file, +1, -1 |
| ed2da1a3 |
unit/test-hfp: Add indicators tests for HF
This adds the following tests:
- /HFP/HF/TRS/BV-01-C
Verify that the HF accepts the registration status indication.
- /HFP/HF/PSI/BV-01-C
Verify that the HF successfully receives the signal strength status of
the AG.
- /HFP/HF/PSI/BV-02-C
Verify that the HF successfully receives the roaming status of the AG.
- /HFP/HF/PSI/BV-03-C
Verify that the HF successfully receives the battery level status of
the AG. |
Frédéric Danis |
4 months ago |
1 file, +105, -26 |
| bcd94e3e |
shared/hfp: Add +CIEV event support
Register +CIEV handler on SLC completion to call the update_indicator
call back on unsolicited events. |
Frédéric Danis |
4 months ago |
1 file, +20, -0 |
| fb9b5c04 |
unit/test-hfp: Add SLC connection test
This adds minimal packet exchange to test the SLC establishment. |
Frédéric Danis |
4 months ago |
1 file, +117, -0 |
| 56b483c7 |
shared/hfp: Add HF SLC connection function
This implements the minimal SLC connection exchange, i.e. AT+BRSF,
AT+CIND=?, AT+CIND? and AT+CMER=3,0,0,1 requested to complete the
Service Level Connection Establishment. |
Frédéric Danis |
4 months ago |
2 files, +577, -0 |
| 00eea357 |
Fix heap-buffer-overflow in sdp_xml.c:compute_seq_size
https://issues.oss-fuzz.com/issues/42516062
https://oss-fuzz.com/testcase-detail/5896441415729152
This can be triggered by using an input of
`<sequence><foo/><text/></sequence>` against the harness in
https://github.com/google/oss-fuzz/blob/master/projects/bluez/fuzz_xml.c
The root cause of the heap-buffer-overflow was incorrect stack
management in the SDP XML parser (element_end function) that led to type
confusion.
When an XML element failed to parse (e.g., an unrecognized tag like
<foo/>), its corresponding entry was left on the parser stack because
the we returned early if data was NULL.
With the input <sequence><foo/><text/></sequence>, <foo/> failed parsing
and remained on the stack with a NULL data. Then <text/> was parsed and
also remained on the stack because it's only popped if
ctx_data->stack_head->next->data != NULL.
When </sequence> was encountered, the parser then mistakenly used the
data from <text/> (which was now at the top of the stack) as the
sequence data. This led to a type confusion: the TEXT data's string
pointer (val.str) was interpreted as a sequence pointer (val.dataseq).
This pointer pointed to a 1-byte allocation (for the empty string). The
code then tried to dereference this pointer as an sdp_data_t struct to
calculate the sequence size, leading to the out-of-bounds read.
To fix this, in element_end, ensure that the stack is popped even if the
element's data failed to parse. This prevents the stack
desynchronization. |
Oliver Chang |
4 months ago |
1 file, +8, -1 |
| 0bb66d3d |
transport: fix A2DP Delay values missing from DBus
With headsets, a2dp_transport::session == NULL usually until stream
resumes. During this time, delay_reporting_exists() incorrectly returns
FALSE, because streams corresponding to NULL session cannot be found.
As no further "Delay" property updates will usually arrive, the property
remains missing even though delay reports have been received.
Fix by setting a2dp->session when processing a delay report, if missing.
Log (bluetoothctl):
[NEW] Transport /org/bluez/hci1/dev_XX_XX_XX_XX_XX_XX/sep2/fd1
[CHG] Transport /org/bluez/hci1/dev_XX_XX_XX_XX_XX_XX/sep2/fd1 Delay is nil |
Pauli Virtanen |
4 months ago |
1 file, +3, -0 |
| ce82168f |
monitor: Print unacked frame when releasing them
This attempts to print the frame number of frames considered unacked
(missing NOCP):
> HCI Event: Disconnect Complete (0x05) plen 4
Status: Success (0x00)
Handle: 2304 Address: XX:XX:XX:XX:XX:XX
Reason: Connection Terminated By Local Host (0x16)
[0]#102132 unacked
[1]#102137 unacked
[2]#102139 unacked
[3]#102141 unacked
[4]#102143 unacked
[5]#102145 unacked
[6]#102147 unacked
[7]#102150 unacked |
Luiz Augusto von Dentz |
4 months ago |
1 file, +14, -1 |
| c8a82f19 |
mgmt-tester: Fix tests failing due to missing LL Privacy
LL Privacy setting now depends on LE to be enabled first which was
causing the following tests to fail, so this removes LL Privacy from
the expected settings:
Add Ext Advertising - Success 22 (LE -> off, Remove)
Set Device ID - Power off and Power on
Set Device ID - SSP off and Power on |
Luiz Augusto von Dentz |
5 months ago |
1 file, +6, -9 |
| 9cdbad59 |
audio: Remove media_player.volume
With the previous commit, the media_player.volume field is now
completely unused. As this was never the right place to store the
initial volume to begin with, remove this field entirely as well as its
associated supporting methods to prevent confusion. |
Myrrh Periwinkle |
5 months ago |
3 files, +0, -24 |
| 5db6d2fe |
audio: Don't initialize media transport volume from media player
Media player objects may be shared between devices. As a result,
a device without support for hardware volume that is connected after one
that does may end up being erroneously considered hardware
volume-capable.
fa7828bdd ("transport: Fix not being able to initialize volume properly")
introduced btd_device_{get,set}_volume that is used as an alternative in
case no media player objects are present. Therefore, we can remove
media_player_get_device_volume and instead use btd_device_get_volume to
determine the initial volume. |
Myrrh Periwinkle |
5 months ago |
3 files, +2, -34 |