8ddc643e97
fix(ble/bluedroid): Fixed bluedrodi CI build error
2026-03-31 11:56:39 +08:00
82c4f85e5f
fix(ble/bluedroid): Fixed build error due to rebase conflict
2026-03-30 16:41:54 +08:00
0598eaba64
disable some parameters check in CTE APIs
2026-03-30 16:40:54 +08:00
6bafc36b10
fix(ble/bluedroid): Change BLE mesh adapter to use BTA APIs
2026-03-30 16:40:54 +08:00
6326d4629b
fix(ble/bluedroid): optimize bluedroid host and fix GAP, memory, status and BTM API issues
...
- return HCI_ERR_MEMORY_FULL on cmd buffer alloc failure
- remove legacy adv/scan semaphores and mutex
- Use the same legacy gap callback instead of each independent legacy gap event callback
2026-03-30 16:40:54 +08:00
317da12550
fix(ble/bluedroid): Null/range checks, crypto cleanup and API consistency
...
- smp_api.h/smp_int.h: SMP_OPCODE_ARRAY_SIZE and SecureConnectionOobDataReply
declaration alignment
- p_256_ecc_pp/p_256_multprecision: bounds and overflow fixes in ECC/multiprecision
- smp_act: init le_key; p_dev_rec null check in smp_key_distribution;
smp_compute_dhkey failure notify in smp_both_have_public_keys
- smp_api: early state/cb_evt check in SMP_SecureConnectionOobDataReply
- smp_cmac: input/length validation in cmac_aes_k_calculate and
aes_cipher_msg_auth_code
- smp_keys: smp_gen_p2_4_confirm return and smp_calculate_comfirm_cont;
smp_process_private_key/smp_compute_dhkey cleanup and peer_pub_be clear
- smp_l2c: fix callback param types with L2CAP
- smp_main: event/state bounds in smp_sm_event; smp_get_event_name default string
- smp_utils: cmd_code<SMP_OPCODE_ARRAY_SIZE and smp_cmd_build_act check;
smp_mask_enc_key/smp_command_has_invalid_parameters bounds
(cherry picked from commit 50747e4f63zhiweijian@espressif.com >
2026-03-30 16:40:54 +08:00
4b4c493a45
fix(ble/bluedroid): Align config, controller indent and init error paths
...
- bt_target: remove/align obsolete macros with Kconfig
- device/controller: fix start_up() Secure Connections indent,
get_ble_resolving_list_max_size return type
- controller.h: align type/interface declarations with implementation
- bte_init: remove unused/redundant code
- bte_main: return -1 on osi_init failure, null check in bte_main_hci_send
(cherry picked from commit b83647f5eazhiweijian@espressif.com >
2026-03-30 16:40:54 +08:00
e3410cbcae
fix(ble/bluedroid): BLE credit, reject when p_rcb NULL, timeout and leak fixes
...
- l2c_int: align struct/constant types with l2c_ble/l2c_main
- l2c_api: null/state checks in L2CA_SendFixedChnlData
- l2c_ble: reject when p_rcb==NULL, add L2CAP_CMD_BLE_FLOW_CTRL_CREDIT;
l2cble_init_direct_conn int64_t timeout and link_timeout==0 fix
- l2c_link: null/state checks and cleanup in hci_disc_comp/timeout/send_to_lower
- l2c_main: free p_msg on FCR non-Basic and COC branches; fix LE credit handling;
process_l2cap_cmd bounds
- l2c_utils: credit/queue cleanup and null checks in l2cu_disconnect_chnl
(cherry picked from commit 16d523e9bfzhiweijian@espressif.com >
2026-03-30 16:40:53 +08:00
a3755ca1a6
fix(ble/bluedroid): Fix double-free, exec write, bounds and HCI param checks
...
- gap_ble: add length/attribute checks in gap_proc_write_req
- gatt_cl: set p_cmd->p_cmd=NULL before memset to avoid double-free;
pending_cl_req %= GATT_CL_MAX_LCB
- gatt_sr: fix exec write zeroed_attrs and offset/len bounds, OOM cleanup
- gatt_sr_hash: null checks for p_attr->p_next, p_data+=2, len==0 in
gatts_calculate_datebase_hash, gatts_show_local_database
- gatt_utils: explicit return NULL, indent, idx<GATT_MAX_APPS checks,
len>GATT_MAX_ATTR_LEN, gatt_cleanup_upon_disc dealloc branch
- hciblecmds: length/handle validation in BLE ext adv/BIG sync HCI commands
(cherry picked from commit 1d31286f1azhiweijian@espressif.com >
2026-03-30 16:40:53 +08:00
91411aefab
fix(ble/bluedroid): Event length checks and timer/alarm error handling
...
- btu_hcif: validate p_msg->len and hci_evt_len in process_event; pass evt_len to
sub-handlers; fix cs_subevt num_steps_reported==0 malloc; bounds in
command_complete and role_change_evt
- btu_task: handle osi_alarm_new/hash_map_set failure in btu_start_timer,
btu_start_quick_timer, btu_start_timer_oneshot
(cherry picked from commit 537661fb2ezhiweijian@espressif.com >
2026-03-30 16:40:53 +08:00
ab9eb85cf1
fix(ble/bluedroid): BLE GAP/ACL/ISO/SCO null checks, evt_len and resource handling
...
- btm_acl: malloc/list_append failure handling, remove/memset order in btm_acl_removed
- btm_ble: remove incorrect sec_flags in SMP_OOB/NC/SC_OOB fall-through
- btm_ble_5_gap: btm_ble_hci_status_to_str unreachable return,
BTM_BleSetExtendedAdvParams/BleStartExtAdv leak and bounds
- btm_ble_addr: fix indent in btm_find_dev_by_identity_addr
- btm_ble_gap: null check p_service_data, pass evt_len to btm_ble_process_adv_pkt,
bounds in process_adv_pkt
- btm_ble_iso: align param types with declaration
- btm_ble_privacy: handle BTM_BLE_IRK_LIST_INVALID_INDEX in update_resolving_list,
comment fixes
- btm_devctl: fix btm_vsc_complete param order/type
- btm_sco: add evt_len to btm_sco_process_num_completed_pkts for bounds check
- btm_ble_int.h/btm_int.h: add evt_len to process_adv_pkt and
process_num_completed_pkts declarations
(cherry picked from commit 65b2cb2728zhiweijian@espressif.com >
2026-03-30 16:40:53 +08:00
2ca40e3c64
fix(ble/bluedroid): Add length/pointer checks and fix error paths
...
- hci_hal_h4: validate packet length and pointers in hci_packet_complete,
hdl_rx_adv_rpt, callbacks
- hci_layer: align hci_start_up error path and return; validate packet len in
filter_incoming_event
- hci_packet_factory: ensure BT_HDR length/offset initialized in make_command_no_params
- packet_fragmenter: validate length before fragment_and_dispatch
(cherry picked from commit 778dd2ab5ezhiweijian@espressif.com >
2026-03-30 16:40:53 +08:00
eca3b54164
fix(ble/bluedroid): Fix init failure handling, storage/config and GATT leaks
...
- btc_main: handle bte_main_boot_entry failure with cleanup and future_ready(FUTURE_FAIL)
- btc_ble_storage: fix key/length validation in _btc_storage_get_ble_bonding_key
- btc_config: align return/error contract with callers
- btc_dm: use safe BTA_SERVICE_ID_TO_SERVICE_MASK, fix sec_cb_handler type
- btc_gatt_util: fix btc_to_bta_response/set_read_value length and bounds
- btc_gatts: future_free on early return, max_nb_attr uint16_t, fail cleanup,
handle bounds
- btc_ble_cte/btc_iso_ble: fix callback type/param consistency with BTA
(cherry picked from commit 6f5d9e3440zhiweijian@espressif.com >
2026-03-30 16:40:53 +08:00
296d7e11f5
fix(ble/bluedroid): Add null/range checks and fix resource handling in BTA layer
...
- bta_dm_int: fix BTA_SERVICE_ID_TO_SERVICE_MASK undefined behavior (1<<id when id>=32)
- bta_gattc_main: add event bounds check before state table lookup
- bta_gattc_utils: null checks for remote_bda/p_rcb, fix list_free in clcb_dealloc,
bta_to_btif_uuid fixes
- bta_gatts_act: fix formatting/indent in send_service_change_indication
- bta_gatts_api: validate attr_val/len, add error logs on alloc failure
- bta_sys_main: null/range checks in sm_execute, alarm/hash_map error handling in
bta_alarm_cb
(cherry picked from commit f4cec2ac4ezhiweijian@espressif.com >
2026-03-30 16:40:53 +08:00
a9ad2436ad
fix(ble/bluedroid): fix bugs in BLE 5.0 bluedroid examples
...
- Fix callback function usage and parameter errors
- Fix spelling: BROCASTER to BROADCASTER in examples
- Update examples to match API changes
(cherry picked from commit 8f4dd7824ezhiweijian@espressif.com >
2026-03-30 16:40:53 +08:00
3f2c006fe8
fix(ble/bluedroid): fix ISO HCI layer and update Kconfig
...
- Fix ISO HCI functions and remove unused code
- Fix spelling: BROCASTER to BROADCASTER in Kconfig and headers
- Update common config headers for consistency
(cherry picked from commit 611eef480azhiweijian@espressif.com >
2026-03-30 16:40:53 +08:00
2ff19ee57d
fix(ble/bluedroid): fix L2CAP, SMP and HCI command issues
...
- Fix active_count check in l2cu_ble_plcb_active_count
- Restore previous state if connection command fails
- Fix HCI cmd buffer size off-by-one errors
- Fix connect handle length errors
- Fix channel sounding event status handling
- Fix SMP param_len check in smp_rand_back
- Fix spelling: BROCASTER to BROADCASTER in definitions
(cherry picked from commit e118d053b3zhiweijian@espressif.com >
2026-03-30 16:40:53 +08:00
d0831229cd
fix(ble/bluedroid): fix GAP, advertising and security issues in BTM layer
...
- Fix adv state restore and reset if start/stop failed
- Fix periodic adv v2 event without PAWR feature enabled
- Fix periodic adv sync establish skip handling
- Fix resolving list max_size validation
- Fix RPA addr_type update after host-side resolution
- Fix pairing_state reset if p_dev_rec alloc failed
- Fix ISO cis_cnt limit and ext adv parameter check
- Try to delete smp keys even if not in device list
(cherry picked from commit e0ccc644a8zhiweijian@espressif.com >
2026-03-30 16:40:53 +08:00
bb27a77f5c
fix(ble/bluedroid): fix GATT protocol and database operation issues
...
- Fix GATTC read by type length error and rsp pdu format check
- Fix p_cur_handle update in gatts_db_read_attr_value_by_type
- Fix len calculation error in calculate_database_info_size
- Replace gatt_find_the_connected_bda with p_tcb_list iteration
- Send cmd reject if cid is invalid
- Fix param_len check in smp_rand_back
- Remove duplicate uuid compare functions
(cherry picked from commit 6242e0244czhiweijian@espressif.com >
2026-03-30 16:40:53 +08:00
ad44ae469d
fix(ble/bluedroid): fix parameter handling and deep copy in BTC layer
...
- Fix CS and CTE callback deep copy errors in btc_gap_ble
- Fix incorrect parameter check in btc_gattc_prepare_write_char_descr
- Fix conn_handle length error and malloc failure handling
- Fix memcpy error and reset params if malloc failed
- Fix spelling: BROCASTER to BROADCASTER
- Delete unused ISO functions in btc_iso_ble
(cherry picked from commit 1fea299dc9zhiweijian@espressif.com >
2026-03-30 16:40:53 +08:00
43e5f8154c
fix(ble/bluedroid): fix state management and security issues in BTA DM layer
...
- Fix out-of-bounds read and peer_device cleanup in bta_dm_acl_change
- Fix adv state restore and BTM status usage in bta_dm_ble_advstop
- Fix remove security device failed due to invalid transport
- Rename tBTA_DM_API_BLE_OBSERVE to tBTA_DM_API_BLE_ADVACTION
- Remove unused btm_sec_find_bonded_dev()
(cherry picked from commit c7931bedf5zhiweijian@espressif.com >
2026-03-30 16:40:53 +08:00
5300d69692
fix(ble/bluedroid): fix memory safety and state issues in BTA GATT layer
...
- Fix use-after-free and double-free in bta_gattc_update_include_service
- Fix heap buffer overflow in GATT database operations
- Fix GATTC cache load attr length check and NVS handle leak
- Fix parameter validation in bta_gattc_uuid_compare
- Ensure all CLCBs are cleaned up on deregister
- Remove unused bta_gattc_open_error
- Unify GATT db count/fill by declaration handle range
- Fix return status in gatts_set_attribute_value
(cherry picked from commit d4f3517da4zhiweijian@espressif.com >
2026-03-30 16:40:53 +08:00
8756fe09d7
fix(ble/bluedroid): fix parameter validation and cleanup in ISO and CTE APIs
...
- Add parameter validation in esp_ble_iso_api and esp_ble_cte_api
- Delete unused ISO functions and incorrect parameter checks
- Add host status check in esp_ble_iso_get_callback()
- Fix CTE parameter handling when enable value is 0
(cherry picked from commit 562cd2eae5zhiweijian@espressif.com >
2026-03-30 16:40:53 +08:00
23dbc25a6d
fix(ble/bluedroid): fix parameter validation and initialization in BLE APIs
...
- Add parameter validation in esp_gap_ble_api, esp_gattc_api, esp_gatts_api
- Initialize API args to prevent undefined behavior
- Add host status checks in API functions
- Fix memory leak if bluedroid init failed
(cherry picked from commit d439a3fccezhiweijian@espressif.com >
2026-03-30 16:40:53 +08:00
52e10dee97
Merge branch 'fix/usb_security_backport_v5.3' into 'release/v5.3'
...
fix(usb): USB security fixes from esp-usb (backport v5.3)
See merge request espressif/esp-idf!47102
2026-03-30 10:22:00 +08:00
0734bef862
fix(usb): USB security fixes from esp-usb
...
Combination of the following commits:
- https://github.com/espressif/esp-usb/commit/c546816048e449f11c57ca9a1e0541e592d04c07
- https://github.com/espressif/esp-usb/commit/749af3b938aeb95e1c5b4926f2e28eb2fe65f381
- https://github.com/espressif/esp-usb/commit/234ed4e9d404590011ef61826220f403fc52bb54
- https://github.com/espressif/esp-usb/commit/8f7fe7308d39ec69d3d8822691d74f43e71da331
2026-03-27 13:54:41 +01:00
23457fae46
Merge branch 'docs/fix_check_readme_links_v5.3' into 'release/v5.3'
...
docs(examples): fix broken README links found by check_readme_links CI (v5.3)
See merge request espressif/esp-idf!47063
2026-03-27 14:17:46 +08:00
dd59ffbc7c
Merge branch 'fix/set_config_modification_v5.3' into 'release/v5.3'
...
Add some changes in get_config api(v5.3)
See merge request espressif/esp-idf!46736
2026-03-27 14:12:54 +08:00
754a350673
docs(examples): fix remaining README links on release/v5.3
...
release/v5.3 still has additional README issues after the master backport.
Update the remaining example links and simple_sniffer README wording so
the branch passes its documentation checks again.
Made-with: Cursor
2026-03-27 13:58:17 +08:00
56c6f86c42
docs(examples): fix broken README links found by check_readme_links CI
...
The hw-reference/modules-and-boards page was removed from esp-idf docs
and moved to esp-dev-kits. The ESP32-S2-Saola-1 user guide similarly
moved. The configure-builtin-jtag link used the now-obsolete chip-less
stable URL format.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com >
Made-with: Cursor
2026-03-27 12:01:38 +08:00
bdfcc155aa
Merge branch 'bugfix/update_wifi_cmd_version_v5.3' into 'release/v5.3'
...
fix(example): update wifi-cmd version in iperf v5.3
See merge request espressif/esp-idf!47011
2026-03-26 17:59:26 +08:00
c4d1d30f73
Merge branch 'bugfix/pm-673_v5.3' into 'release/v5.3'
...
backport v5.3: fix analog i2c master race cause by phy retention link
See merge request espressif/esp-idf!46449
2026-03-26 17:55:53 +08:00
50bc6b69c6
fix(wifi) : Add some changes in get_config api
2026-03-26 11:34:56 +05:30
d4baaae123
Merge branch 'feat/split_154_hal_components_v5.3' into 'release/v5.3'
...
feat(ieee802154): separated the 802.15.4 HAL codes from the HAL component (v5.3)
See merge request espressif/esp-idf!44969
2026-03-26 04:03:08 +00:00
ce20ada5b8
Merge branch 'bugfix/fix_call_spp_start_discovert_twice_crash_v5.3' into 'release/v5.3'
...
fix(bt): fix crash when calling esp_spp_start_discovery twice in succession(v5.3)
See merge request espressif/esp-idf!46667
2026-03-26 10:54:47 +08:00
1508c66e2b
fix(example): update wifi-cmd version in iperf
2026-03-26 10:53:41 +08:00
69141e6dca
Merge branch 'fix/fix_ext_coex_154_stage_switch_v5.3' into 'release/v5.3'
...
fix(coex): fix ieee802.15.4 external coex tx/rx stage handling (v5.3)
See merge request espressif/esp-idf!46682
2026-03-25 21:03:43 +08:00
f5ea93abcc
Merge branch 'bugfix/fix_ble_controller_emi_assert_v5.3' into 'release/v5.3'
...
fix(ble): Fixed BLE assert in "emi.c" when low memory (5.3)
See merge request espressif/esp-idf!46912
2026-03-25 21:02:52 +08:00
95e3b6d315
Merge branch 'bugfix/sae_pwe_method_log_v5.3' into 'release/v5.3'
...
fix(esp_wifi): Add a log to print sae_pwe method used by station for wpa3 connection
See merge request espressif/esp-idf!46602
2026-03-25 20:56:58 +08:00
605a0e40ce
fix(esp_hw_support): fix invalid phy link pointer during sleep modem state deinit
2026-03-25 20:56:35 +08:00
f9b779466c
fix(esp_hw_support): fix analog i2c master race cause by phy retention link
2026-03-25 20:56:35 +08:00
313f64330b
fix(esp_hw_support): fix the issue of regdma wait node to immediately return to done caused by regdma wait mode comparator
2026-03-25 20:56:35 +08:00
3894013b66
Merge branch 'ci/update_github_permission_v5.3' into 'release/v5.3'
...
ci(github): update workflow permission (v5.3)
See merge request espressif/esp-idf!46931
2026-03-25 20:55:06 +08:00
0a4bf287a8
Merge branch 'ci/fix_mqtt_sll_test_v5.x_v5.3' into 'release/v5.3'
...
ci(mqtt): use QoS=1 for control messages in SSL test (v5.3)
See merge request espressif/esp-idf!46511
2026-03-25 20:53:30 +08:00
f161f4f580
Merge branch 'fix/use_apb_max_state_for_ble_events_v5.3' into 'release/v5.3'
...
fix(ble): use apb max state for bt and enable should skip (v5.3)
See merge request espressif/esp-idf!46331
2026-03-25 20:51:59 +08:00
14cb9663f2
Merge branch 'fix/ble_hci_log_direction_v5.3' into 'release/v5.3'
...
feat(ble_log): encode HCI direction in ble_log pipeline (v5.3)
See merge request espressif/esp-idf!46300
2026-03-25 20:51:47 +08:00
a50db17cc2
Merge branch 'feat/ble_bluedroid_log_full_compression_enable_v5.3' into 'release/v5.3'
...
feat(ble_mesh): enable log full compression function for bluedroid host (v5.3)
See merge request espressif/esp-idf!46153
2026-03-25 20:51:36 +08:00
fd475ddc8f
Merge branch 'fix/ble_mesh_nimble_connection_failed_v5.3' into 'release/v5.3'
...
fix(ble_mesh):fixed nimble connection failed (v5.3)
See merge request espressif/esp-idf!46115
2026-03-25 20:51:26 +08:00
a50218006c
Merge branch 'update/spiffs_sync_upstream_5.3' into 'release/v5.3'
...
change(spiffs): upgrade spiffs module to 0.2-265-gad902ca version (v5.3)
See merge request espressif/esp-idf!45973
2026-03-25 20:50:56 +08:00
2e746ec86f
feat(ieee802154): separated the 802.15.4 HAL codes from the HAL component
2026-03-25 20:10:10 +08:00
zhiweijian
luoxu
morris
Tomas Rezucha
Marius Vikhammer
Jiang Jiang Jian
tarun.kumar
Shu Chen
ding huan
Li Shuai
zwx