[SRU][J][PATCH 1/1] UBUNTU: [Config] Disable BlueZ highspeed support

[Juerg Haefliger]

From: Stefan Bader <stefan.bader at canonical.com>

The Intel BlueZ project recommends in [1] to disable highspeed support
as part of the fixes for the security issues. This does the required
changes.

[1] https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html

CVE-2020-24490
CVE-2020-12351
CVE-2020-12352
Signed-off-by: Stefan Bader <stefan.bader at canonical.com>
Acked-by: Colin Ian King <colin.king at canonical.com>
Acked-by: Andrea Righi <andrea.righi at canonical.com>
[ klebers: context adjustments. ]
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza at canonical.com>
(backported from commit 72e7fe132f85f03c1dadf42f84cdf80ca753cd8d bionic:linux)
[juergh: Converted to annotations.]
Signed-off-by: Juerg Haefliger <juerg.haefliger at canonical.com>
---
 debian.master/config/annotations | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/debian.master/config/annotations b/debian.master/config/annotations
index f9c9eb59132a..454ee38c013e 100644
--- a/debian.master/config/annotations
+++ b/debian.master/config/annotations
@@ -75,6 +75,9 @@ CONFIG_BLK_DEV_THROTTLING                       note<'CGROUP disk consumption co
 CONFIG_BPF_UNPRIV_DEFAULT_OFF                   policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 's390x': 'y'}>
 CONFIG_BPF_UNPRIV_DEFAULT_OFF                   note<'security reason'>
 
+CONFIG_BT_HS                                    policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n'}>
+CONFIG_BT_HS                                    note<'https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html'>
+
 CONFIG_CHR_DEV_SG                               policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 's390x': 'y'}>
 CONFIG_CHR_DEV_SG                               note<'not autoloadable'>
 
@@ -2264,7 +2267,6 @@ CONFIG_BT_HCIUART_RTL                           policy<{'amd64': 'y', 'arm64': '
 CONFIG_BT_HCIUART_SERDEV                        policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y'}>
 CONFIG_BT_HCIVHCI                               policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm'}>
 CONFIG_BT_HIDP                                  policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm'}>
-CONFIG_BT_HS                                    policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y'}>
 CONFIG_BT_INTEL                                 policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm'}>
 CONFIG_BT_LE                                    policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y'}>
 CONFIG_BT_LEDS                                  policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y'}>
-- 
2.43.0