Patch CVE-2023-45866 in bluez (#7097)

2023-12-22 10:23:48 +05:30 · 2023-12-22 10:23:48 +05:30 · 6462d9989a
parent 7e792c13f9
commit 6462d9989a
2 changed files with 55 additions and 1 deletions
--- a/SPECS/bluez/CVE-2023-45866.patch
+++ b/SPECS/bluez/CVE-2023-45866.patch
@ -0,0 +1,50 @@
+From 61522c4a6b3ccf667bd89925477ae866715f110e Mon Sep 17 00:00:00 2001
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+Date: Tue, 10 Oct 2023 13:03:12 -0700
+Subject: [PATCH] input.conf: Change default of ClassicBondedOnly
+
+This changes the default of ClassicBondedOnly since defaulting to false
+is not inline with HID specification which mandates the of Security Mode
+4:
+
+BLUETOOTH SPECIFICATION Page 84 of 123
+Human Interface Device (HID) Profile:
+
+  5.4.3.4.2 Security Modes
+  Bluetooth HID Hosts shall use Security Mode 4 when interoperating with
+  Bluetooth HID devices that are compliant to the Bluetooth Core
+  Specification v2.1+EDR[6].
+---
+ profiles/input/device.c   | 2 +-
+ profiles/input/input.conf | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/profiles/input/device.c b/profiles/input/device.c
+index 0138992..156f9f1 100644
+--- a/profiles/input/device.c
+++ b/profiles/input/device.c
+@@ -81,7 +81,7 @@ struct input_device {
+ 
+ static int idle_timeout = 0;
+ static bool uhid_enabled = false;
+-static bool classic_bonded_only = false;
+static bool classic_bonded_only = true;
+ 
+ void input_set_idle_timeout(int timeout)
+ {
+diff --git a/profiles/input/input.conf b/profiles/input/input.conf
+index 4c70bc5..d8645f3 100644
+--- a/profiles/input/input.conf
+++ b/profiles/input/input.conf
+@@ -17,7 +17,7 @@
+ # platforms may want to make sure that input connections only come from bonded
+ # device connections. Several older mice have been known for not supporting
+ # pairing/encryption.
+-# Defaults to false to maximize device compatibility.
+# Defaults to true for security.
+ #ClassicBondedOnly=true
+ 
+ # LE upgrade security
+-- 
+2.38.1
+
--- a/SPECS/bluez/bluez.spec
+++ b/SPECS/bluez/bluez.spec
@ -1,7 +1,7 @@
 Summary:        Bluetooth utilities
 Name:           bluez
 Version:        5.63
-Release:        4%{?dist}
+Release:        5%{?dist}
 License:        GPLv2+ AND LGPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@ -24,6 +24,7 @@ Patch6:         0002-Use-g_memdup2-everywhere.patch
 Patch7:         0001-hog-Fix-read-order-of-attributes-rediffed.patch
 Patch8:         0002-hog-Add-input-queue-while-uhid-device-has-not-been-c-rediffed.patch
 Patch9:         CVE-2022-3563.patch
+Patch10:        CVE-2023-45866.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 # For printing
@ -272,6 +273,9 @@ install emulator/btvirt %{buildroot}/%{_libexecdir}/bluetooth/
 %{_userunitdir}/obex.service

 %changelog
+* Thu Dec 21 2023 Suresh Thelkar <sthelkar@microsoft.com> - 5.63-5
+- Add patch for CVE-2023-45866
+
 * Mon Oct 02 2023 Minghe Ren <mingheren@microsoft.com> - 5.63-4
 - Add patch for CVE-2022-3563