diff --git a/CVE-2023-45866.patch b/CVE-2023-45866.patch new file mode 100644 index 0000000..f7ef109 --- /dev/null +++ b/CVE-2023-45866.patch @@ -0,0 +1,50 @@ +From 25a471a83e02e1effb15d5a488b3f0085eaeb675 Mon Sep 17 00:00:00 2001 +From: Luiz Augusto von Dentz +Date: Tue, 10 Oct 2023 13:03:12 -0700 +Subject: input.conf: Change default of ClassicBondedOnly + +This changes the default of ClassicBondedOnly since defaulting to false +is not inline with HID specification which mandates the of Security Mode +4: + +BLUETOOTH SPECIFICATION Page 84 of 123 +Human Interface Device (HID) Profile: + + 5.4.3.4.2 Security Modes + Bluetooth HID Hosts shall use Security Mode 4 when interoperating with + Bluetooth HID devices that are compliant to the Bluetooth Core + Specification v2.1+EDR[6]. +--- + profiles/input/device.c | 2 +- + profiles/input/input.conf | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/profiles/input/device.c b/profiles/input/device.c +index 4a50ea9921..4310dd192e 100644 +--- a/profiles/input/device.c ++++ b/profiles/input/device.c +@@ -81,7 +81,7 @@ struct input_device { + + static int idle_timeout = 0; + static bool uhid_enabled = false; +-static bool classic_bonded_only = false; ++static bool classic_bonded_only = true; + + void input_set_idle_timeout(int timeout) + { +diff --git a/profiles/input/input.conf b/profiles/input/input.conf +index 4c70bc561f..d8645f3dd6 100644 +--- a/profiles/input/input.conf ++++ b/profiles/input/input.conf +@@ -17,7 +17,7 @@ + # platforms may want to make sure that input connections only come from bonded + # device connections. Several older mice have been known for not supporting + # pairing/encryption. +-# Defaults to false to maximize device compatibility. ++# Defaults to true for security. + #ClassicBondedOnly=true + + # LE upgrade security +-- +cgit 1.2.3-korg + diff --git a/bluez.changes b/bluez.changes index 4a32bec..4e006a3 100644 --- a/bluez.changes +++ b/bluez.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Dec 13 09:34:20 UTC 2023 - Dirk Müller + +- add CVE-2023-45866.patch (CVE-2023-45866, bsc#1217877) + ------------------------------------------------------------------- Mon Nov 6 21:20:03 UTC 2023 - Dirk Müller diff --git a/bluez.spec b/bluez.spec index 0eb47b5..1d54125 100644 --- a/bluez.spec +++ b/bluez.spec @@ -66,6 +66,8 @@ Patch14: hcidump-Add-assoc-dump-function-assoc-date-length-ch.patch Patch15: hcidump-Fix-memory-leak-with-malformed-packet.patch # bsc#1013712 CVE-2016-9798 Patch16: hcidump-Fixed-malformed-segment-frame-length.patch +# PATCH-FIX-UPSTREAM: https://git.kernel.org/pub/scm/bluetooth/bluez.git/patch/?id=25a471a83e02e1effb15d5a488b3f0085eaeb675 +Patch17: CVE-2023-45866.patch # Upstream suggests to use btmon instead of hcidump and does not want those patches # => PATCH-FIX-OPENSUSE for those two :-) # fix some memory leak with malformed packet (reported upstream but not yet fixed)