wok rev 25628
Patch bluez CVE-2023-45866
author | Stanislas Leduc <shann@slitaz.org> |
---|---|
date | Sun Dec 17 20:37:36 2023 +0000 (4 months ago) |
parents | ea688ca719bb |
children | 4ae824d5869c |
files | bluez/receipt bluez/stuff/CVE-2023-45866.patch |
line diff
1.1 --- a/bluez/receipt Mon Nov 13 15:54:00 2023 +0100 1.2 +++ b/bluez/receipt Sun Dec 17 20:37:36 2023 +0000 1.3 @@ -43,6 +43,8 @@ 1.4 # --enable-usb \ 1.5 # --enable-wiimote \ 1.6 1.7 + # Patch for CVE-2023-45866 1.8 + patch -p1 < $stuff/CVE-2023-45866.patch 1.9 1.10 ./configure \ 1.11 --prefix=/usr \
2.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 2.2 +++ b/bluez/stuff/CVE-2023-45866.patch Sun Dec 17 20:37:36 2023 +0000 2.3 @@ -0,0 +1,52 @@ 2.4 +From 25a471a83e02e1effb15d5a488b3f0085eaeb675 Mon Sep 17 00:00:00 2001 2.5 +From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> 2.6 +Date: Tue, 10 Oct 2023 13:03:12 -0700 2.7 +Subject: input.conf: Change default of ClassicBondedOnly 2.8 + 2.9 +This changes the default of ClassicBondedOnly since defaulting to false 2.10 +is not inline with HID specification which mandates the of Security Mode 2.11 +4: 2.12 + 2.13 +BLUETOOTH SPECIFICATION Page 84 of 123 2.14 +Human Interface Device (HID) Profile: 2.15 + 2.16 + 5.4.3.4.2 Security Modes 2.17 + Bluetooth HID Hosts shall use Security Mode 4 when interoperating with 2.18 + Bluetooth HID devices that are compliant to the Bluetooth Core 2.19 + Specification v2.1+EDR[6]. 2.20 +--- 2.21 + profiles/input/device.c | 2 +- 2.22 + profiles/input/input.conf | 2 +- 2.23 + 2 files changed, 2 insertions(+), 2 deletions(-) 2.24 + 2.25 +(limited to 'profiles/input') 2.26 + 2.27 +diff --git a/profiles/input/device.c b/profiles/input/device.c 2.28 +index 4a50ea9921..4310dd192e 100644 2.29 +--- a/profiles/input/device.c 2.30 ++++ b/profiles/input/device.c 2.31 +@@ -81,7 +81,7 @@ struct input_device { 2.32 + 2.33 + static int idle_timeout = 0; 2.34 + static bool uhid_enabled = false; 2.35 +-static bool classic_bonded_only = false; 2.36 ++static bool classic_bonded_only = true; 2.37 + 2.38 + void input_set_idle_timeout(int timeout) 2.39 + { 2.40 +diff --git a/profiles/input/input.conf b/profiles/input/input.conf 2.41 +index 4c70bc561f..d8645f3dd6 100644 2.42 +--- a/profiles/input/input.conf 2.43 ++++ b/profiles/input/input.conf 2.44 +@@ -17,7 +17,7 @@ 2.45 + # platforms may want to make sure that input connections only come from bonded 2.46 + # device connections. Several older mice have been known for not supporting 2.47 + # pairing/encryption. 2.48 +-# Defaults to false to maximize device compatibility. 2.49 ++# Defaults to true for security. 2.50 + #ClassicBondedOnly=true 2.51 + 2.52 + # LE upgrade security 2.53 +-- 2.54 +cgit 1.2.3-korg 2.55 +