Skip to content

Commit

Permalink
[AUTO-CHERRYPICK] Patched CVE-2023-45866 in bluez. (CP: #7097) - br…
Browse files Browse the repository at this point in the history
…anch 3.0-dev (#10912)

Co-authored-by: Pawel Winogrodzki <[email protected]>
  • Loading branch information
CBL-Mariner-Bot and PawelWMS authored Nov 1, 2024
1 parent 5a49210 commit 75d1fc3
Show file tree
Hide file tree
Showing 2 changed files with 55 additions and 1 deletion.
50 changes: 50 additions & 0 deletions SPECS/bluez/CVE-2023-45866.patch
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
From 61522c4a6b3ccf667bd89925477ae866715f110e Mon Sep 17 00:00:00 2001
From: Luiz Augusto von Dentz <[email protected]>
Date: Tue, 10 Oct 2023 13:03:12 -0700
Subject: [PATCH] input.conf: Change default of ClassicBondedOnly

This changes the default of ClassicBondedOnly since defaulting to false
is not inline with HID specification which mandates the of Security Mode
4:

BLUETOOTH SPECIFICATION Page 84 of 123
Human Interface Device (HID) Profile:

5.4.3.4.2 Security Modes
Bluetooth HID Hosts shall use Security Mode 4 when interoperating with
Bluetooth HID devices that are compliant to the Bluetooth Core
Specification v2.1+EDR[6].
---
profiles/input/device.c | 2 +-
profiles/input/input.conf | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/profiles/input/device.c b/profiles/input/device.c
index 0138992..156f9f1 100644
--- a/profiles/input/device.c
+++ b/profiles/input/device.c
@@ -81,7 +81,7 @@ struct input_device {

static int idle_timeout = 0;
static bool uhid_enabled = false;
-static bool classic_bonded_only = false;
+static bool classic_bonded_only = true;

void input_set_idle_timeout(int timeout)
{
diff --git a/profiles/input/input.conf b/profiles/input/input.conf
index 4c70bc5..d8645f3 100644
--- a/profiles/input/input.conf
+++ b/profiles/input/input.conf
@@ -17,7 +17,7 @@
# platforms may want to make sure that input connections only come from bonded
# device connections. Several older mice have been known for not supporting
# pairing/encryption.
-# Defaults to false to maximize device compatibility.
+# Defaults to true for security.
#ClassicBondedOnly=true

# LE upgrade security
--
2.38.1

6 changes: 5 additions & 1 deletion SPECS/bluez/bluez.spec
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
Summary: Bluetooth utilities
Name: bluez
Version: 5.63
Release: 5%{?dist}
Release: 6%{?dist}
License: GPLv2+ AND LGPLv2+
Vendor: Microsoft Corporation
Distribution: Azure Linux
Expand All @@ -25,6 +25,7 @@ Patch7: 0001-hog-Fix-read-order-of-attributes-rediffed.patch
Patch8: 0002-hog-Add-input-queue-while-uhid-device-has-not-been-c-rediffed.patch
Patch9: CVE-2022-3563.patch
Patch10: CVE-2023-50229-CVE-2023-50230.patch
Patch11: CVE-2023-45866.patch
BuildRequires: autoconf
BuildRequires: automake
# For printing
Expand Down Expand Up @@ -273,6 +274,9 @@ install emulator/btvirt %{buildroot}/%{_libexecdir}/bluetooth/
%{_userunitdir}/obex.service

%changelog
* Wed Oct 30 2024 Pawel Winogrodzki <[email protected]> - 5.63-6
- Patched CVE-2023-45866.

* Fri Jun 21 2024 Neha Agarwal <[email protected]> - 5.63-5
- Patch CVE-2023-50229 and CVE-2023-50230

Expand Down

0 comments on commit 75d1fc3

Please sign in to comment.