SRU bluetooth fixes and CVEs to focal and groovy

Bug #1925971 reported by William Wilson
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux-firmware-raspi2 (Ubuntu)
Undecided
William Wilson
Focal
Undecided
William Wilson
Groovy
Undecided
William Wilson

Bug Description

[Impact]

Without these patches, Bluetooth is inoperable on the CM4 and Pi 400

[Test Case]

* Boot the Ubuntu Desktop for Pi image on a CM4.
* Start the Settings application and switch to the Bluetooth tab
* Verify that Bluetooth is not enabled and attempting to activate it fails
* Repeat the above steps for the Pi 400

[Regression Potential]

There are some diversions and other firmware updates that could potentially cause issues. These have been tested on lots of different pi hardware and no issues have been discovered. There is also an included Spectra CVE fix which is very low risk.

[Original Description]
Hirsute has some patches that address CVEs and enable bluetooth/wifi on the CM4 and 400. They need to be SRU'd to focal and groovy.

CVE References

Revision history for this message
William Wilson (jawn-smith) wrote :

I've uploaded packages to https://launchpad.net/~jawn-smith/+archive/ubuntu/raspackages for both focal and groovy. They include changes to binary files so a normal debdiff wouldn't have worked.

description: updated
Revision history for this message
Robie Basak (racb) wrote : Please test proposed package

Hello William, or anyone else affected,

Accepted linux-firmware-raspi2 into groovy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/linux-firmware-raspi2/4-0ubuntu0~20.10.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-groovy to verification-done-groovy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-groovy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in linux-firmware-raspi2 (Ubuntu Groovy):
status: New → Fix Committed
Changed in linux-firmware-raspi2 (Ubuntu Focal):
status: New → Fix Committed
Revision history for this message
Robie Basak (racb) wrote :

Hello William, or anyone else affected,

Accepted linux-firmware-raspi2 into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/linux-firmware-raspi2/4-0ubuntu0~20.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Revision history for this message
William Wilson (jawn-smith) wrote :
Download full text (6.3 KiB)

The verification passed for focal.

********* On Pi 400 **********
ubuntu@ubuntu:~$ apt-cache policy bluez pi-bluetooth linux-firmware-raspi2
bluez:
  Installed: 5.53-0ubuntu3
  Candidate: 5.53-0ubuntu3.1
  Version table:
     5.53-0ubuntu3.1 500
        500 http://ports.ubuntu.com/ubuntu-ports focal-proposed/main arm64 Packages
 *** 5.53-0ubuntu3 500
        500 http://ports.ubuntu.com/ubuntu-ports focal/main arm64 Packages
        100 /var/lib/dpkg/status
pi-bluetooth:
  Installed: 0.1.10ubuntu6
  Candidate: 0.1.15ubuntu0~20.04.1
  Version table:
     0.1.15ubuntu0~20.04.1 500
        500 http://ports.ubuntu.com/ubuntu-ports focal-proposed/multiverse arm64 Packages
 *** 0.1.10ubuntu6 500
        500 http://ports.ubuntu.com/ubuntu-ports focal/multiverse arm64 Packages
        100 /var/lib/dpkg/status
linux-firmware-raspi2:
  Installed: 3-0ubuntu2~20.04.1
  Candidate: 4-0ubuntu0~20.04.1
  Version table:
     4-0ubuntu0~20.04.1 500
        500 http://ports.ubuntu.com/ubuntu-ports focal-proposed/multiverse arm64 Packages
 *** 3-0ubuntu2~20.04.1 500
        500 http://ports.ubuntu.com/ubuntu-ports focal-updates/multiverse arm64 Packages
        100 /var/lib/dpkg/status
     1.20200212-0ubuntu1 500
        500 http://ports.ubuntu.com/ubuntu-ports focal/multiverse arm64 Packages
ubuntu@ubuntu:~$ bluetoothctl devices
No default controller available

ubuntu@ubuntu:~$ apt-cache policy bluez pi-bluetooth linux-firmware-raspi2
bluez:
  Installed: 5.53-0ubuntu3.1
  Candidate: 5.53-0ubuntu3.1
  Version table:
 *** 5.53-0ubuntu3.1 500
        500 http://ports.ubuntu.com/ubuntu-ports focal-proposed/main arm64 Packages
        100 /var/lib/dpkg/status
     5.53-0ubuntu3 500
        500 http://ports.ubuntu.com/ubuntu-ports focal/main arm64 Packages
pi-bluetooth:
  Installed: 0.1.15ubuntu0~20.04.1
  Candidate: 0.1.15ubuntu0~20.04.1
  Version table:
 *** 0.1.15ubuntu0~20.04.1 500
        500 http://ports.ubuntu.com/ubuntu-ports focal-proposed/multiverse arm64 Packages
        100 /var/lib/dpkg/status
     0.1.10ubuntu6 500
        500 http://ports.ubuntu.com/ubuntu-ports focal/multiverse arm64 Packages
linux-firmware-raspi2:
  Installed: 4-0ubuntu0~20.04.1
  Candidate: 4-0ubuntu0~20.04.1
  Version table:
 *** 4-0ubuntu0~20.04.1 500
        500 http://ports.ubuntu.com/ubuntu-ports focal-proposed/multiverse arm64 Packages
        100 /var/lib/dpkg/status
     3-0ubuntu2~20.04.1 500
        500 http://ports.ubuntu.com/ubuntu-ports focal-updates/multiverse arm64 Packages
     1.20200212-0ubuntu1 500
        500 http://ports.ubuntu.com/ubuntu-ports focal/multiverse arm64 Packages
ubuntu@ubuntu:~$ bluetoothctl
Agent registered
[CHG] Controller DC:A6:32:F6:84:4E Pairable: yes
[bluetooth]# scan on
Discovery started
[CHG] Controller DC:A6:32:F6:84:4E Discovering: yes
[NEW] Device 28:11:A5:D5:AC:98 28-11-A5-D5-AC-98
[NEW] Device 68:27:37:05:F4:ED [TV] Samsung 6 Series (55)
[NEW] Device 5B:1B:6F:46:F3:00 5B-1B-6F-46-F3-00
[NEW] Device 28:11:A5:D5:CB:47 LE-reserved_M
[NEW] Device 42:25:C8:1B:5F:D2 42-25-C8-1B-5F-D2
[NEW] Device 64:FF:0A:21:B1:70 64-FF-0A-21-B1-70
[CHG] Device 28:11:A5:D5:AC:98 RSSI: -62
[CHG] Device 28:11:A5:D5:AC:98 TxPower: 8
[CHG] Device 28:11:A5:D5:AC...

Read more...

Changed in linux-firmware-raspi2 (Ubuntu):
assignee: nobody → William Wilson (jawn-smith)
Changed in linux-firmware-raspi2 (Ubuntu Focal):
assignee: nobody → William Wilson (jawn-smith)
Changed in linux-firmware-raspi2 (Ubuntu Groovy):
assignee: nobody → William Wilson (jawn-smith)
tags: added: verification-done-focal verification-needed verification-needed-groovy
Revision history for this message
William Wilson (jawn-smith) wrote :
Download full text (4.7 KiB)

The verification passed for Groovy.

******* On Pi 400 **********

ubuntu@ubuntu:~$ apt-cache policy pi-bluetooth linux-firmware-raspi2
pi-bluetooth:
  Installed: 0.1.15ubuntu1
  Candidate: 0.1.15ubuntu1.1~20.10.1
  Version table:
     0.1.15ubuntu1.1~20.10.1 500
        500 http://ports.ubuntu.com/ubuntu-ports groovy-proposed/restricted arm64 Packages
 *** 0.1.15ubuntu1 500
        500 http://ports.ubuntu.com/ubuntu-ports groovy/restricted arm64 Packages
        100 /var/lib/dpkg/status
linux-firmware-raspi2:
  Installed: 3-0ubuntu2~20.10.1
  Candidate: 4-0ubuntu0~20.10.1
  Version table:
     4-0ubuntu0~20.10.1 500
        500 http://ports.ubuntu.com/ubuntu-ports groovy-proposed/restricted arm64 Packages
 *** 3-0ubuntu2~20.10.1 500
        500 http://ports.ubuntu.com/ubuntu-ports groovy-updates/restricted arm64 Packages
        100 /var/lib/dpkg/status
     2-0ubuntu2 500
        500 http://ports.ubuntu.com/ubuntu-ports groovy/restricted arm64 Packages
ubuntu@ubuntu:~$ bluetoothctl
Agent registered
[bluetooth]# list
[bluetooth]# devices
No default controller available
[bluetooth]#

ubuntu@ubuntu:~$ apt-cache policy pi-bluetooth linux-firmware-raspi2
pi-bluetooth:
  Installed: 0.1.15ubuntu1.1~20.10.1
  Candidate: 0.1.15ubuntu1.1~20.10.1
  Version table:
 *** 0.1.15ubuntu1.1~20.10.1 500
        500 http://ports.ubuntu.com/ubuntu-ports groovy-proposed/restricted arm64 Packages
        100 /var/lib/dpkg/status
     0.1.15ubuntu1 500
        500 http://ports.ubuntu.com/ubuntu-ports groovy/restricted arm64 Packages
linux-firmware-raspi2:
  Installed: 4-0ubuntu0~20.10.1
  Candidate: 4-0ubuntu0~20.10.1
  Version table:
 *** 4-0ubuntu0~20.10.1 500
        500 http://ports.ubuntu.com/ubuntu-ports groovy-proposed/restricted arm64 Packages
        100 /var/lib/dpkg/status
     3-0ubuntu2~20.10.1 500
        500 http://ports.ubuntu.com/ubuntu-ports groovy-updates/restricted arm64 Packages
     2-0ubuntu2 500
        500 http://ports.ubuntu.com/ubuntu-ports groovy/restricted arm64 Packages
ubuntu@ubuntu:~$ bluetoothctl
Agent registered
[CHG] Controller DC:A6:32:F6:84:4E Pairable: yes
[bluetooth]# devices
[bluetooth]# list
Controller DC:A6:32:F6:84:4E ubuntu [default]
[bluetooth]# scan on
Discovery started
[CHG] Controller DC:A6:32:F6:84:4E Discovering: yes
[NEW] Device 28:11:A5:D5:CB:47 LE-reserved_M
[NEW] Device 28:11:A5:D5:AC:98 LE-Lemonade
[NEW] Device E2:70:8C:88:51:C0 E2-70-8C-88-51-C0
[bluetooth]#

********* On CM4 **********
ubuntu@ubuntu:~$ apt-cache policy pi-bluetooth linux-firmware-raspi2
pi-bluetooth:
  Installed: 0.1.15ubuntu1
  Candidate: 0.1.15ubuntu1.1~20.10.1
  Version table:
     0.1.15ubuntu1.1~20.10.1 500
        500 http://ports.ubuntu.com/ubuntu-ports groovy-proposed/restricted arm64 Packages
 *** 0.1.15ubuntu1 500
        500 http://ports.ubuntu.com/ubuntu-ports groovy/restricted arm64 Packages
        100 /var/lib/dpkg/status
linux-firmware-raspi2:
  Installed: 3-0ubuntu2~20.10.1
  Candidate: 4-0ubuntu0~20.10.1
  Version table:
     4-0ubuntu0~20.10.1 500
        500 http://ports.ubuntu.com/ubuntu-ports groovy-proposed/restricted arm64 Packages
 *** 3-0ubuntu2~20.10.1 500
        500 http://ports.ubuntu.com/ubuntu-ports groovy-up...

Read more...

tags: added: verification-done verification-done-groovy
removed: verification-needed verification-needed-groovy
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-firmware-raspi2 - 4-0ubuntu0~20.10.1

---------------
linux-firmware-raspi2 (4-0ubuntu0~20.10.1) groovy; urgency=medium

  * Pull in latest from hirsute (LP: #1925971)
    - Add aliases and diversions for brcmfmac43455 configuration on the
      Raspberry Pi Compute Module 4, and 400 (LP: #1912905)

    - Added diversions for all wifi firmware blobs (LP: #1918013)
    - New upstream boot firmware release, 1.20210303
    - New upstream bluetooth firmware release, 1.2-4+rpt8

      [ Phil Elwell ]
      - Second Spectra fix for CYW43455 (CVE-2020-10370)
        - Original firmware name: BCM4345C0_003.001.025.0174.0342.hcd

    - New upstream wifi firmware release, 1:20190114-1+rpt11

      [ Serge Schneider ]
      - Update CYW43455 firmware
        - brcm/brcmfmac43455-sdio.bin 7.45.229
        - See: https://github.com/raspberrypi/linux/issues/3849

 -- William 'jawn-smith' Wilson <email address hidden> Fri, 23 Apr 2021 16:05:55 -0500

Changed in linux-firmware-raspi2 (Ubuntu Groovy):
status: Fix Committed → Fix Released
Revision history for this message
Brian Murray (brian-murray) wrote : Update Released

The verification of the Stable Release Update for linux-firmware-raspi2 has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-firmware-raspi2 - 4-0ubuntu0~20.04.1

---------------
linux-firmware-raspi2 (4-0ubuntu0~20.04.1) focal; urgency=medium

  * Backport to focal (LP: #1925971)
    - Add aliases and diversions for brcmfmac43455 configuration on the
      Raspberry Pi Compute Module 4, and 400 (LP: #1912905)

    - Added diversions for all wifi firmware blobs (LP: #1918013)
    - New upstream boot firmware release, 1.20210303
    - New upstream bluetooth firmware release, 1.2-4+rpt8

      [ Phil Elwell ]
      - Second Spectra fix for CYW43455 (CVE-2020-10370)
        - Original firmware name: BCM4345C0_003.001.025.0174.0342.hcd

    - New upstream wifi firmware release, 1:20190114-1+rpt11

      [ Serge Schneider ]
      - Update CYW43455 firmware
        - brcm/brcmfmac43455-sdio.bin 7.45.229
        - See: https://github.com/raspberrypi/linux/issues/3849

 -- William 'jawn-smith' Wilson <email address hidden> Fri, 23 Apr 2021 16:05:55 -0500

Changed in linux-firmware-raspi2 (Ubuntu Focal):
status: Fix Committed → Fix Released
Changed in linux-firmware-raspi2 (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.