diff options
Diffstat (limited to 'meta/recipes-connectivity/bluez5/bluez5/CVE-2023-45866.patch')
| -rw-r--r-- | meta/recipes-connectivity/bluez5/bluez5/CVE-2023-45866.patch | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/bluez5/bluez5/CVE-2023-45866.patch b/meta/recipes-connectivity/bluez5/bluez5/CVE-2023-45866.patch new file mode 100644 index 0000000000..43670ab2b3 --- /dev/null +++ b/meta/recipes-connectivity/bluez5/bluez5/CVE-2023-45866.patch | |||
| @@ -0,0 +1,54 @@ | |||
| 1 | From 25a471a83e02e1effb15d5a488b3f0085eaeb675 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> | ||
| 3 | Date: Tue, 10 Oct 2023 13:03:12 -0700 | ||
| 4 | Subject: input.conf: Change default of ClassicBondedOnly | ||
| 5 | |||
| 6 | This changes the default of ClassicBondedOnly since defaulting to false | ||
| 7 | is not inline with HID specification which mandates the of Security Mode | ||
| 8 | 4: | ||
| 9 | |||
| 10 | BLUETOOTH SPECIFICATION Page 84 of 123 | ||
| 11 | Human Interface Device (HID) Profile: | ||
| 12 | |||
| 13 | 5.4.3.4.2 Security Modes | ||
| 14 | Bluetooth HID Hosts shall use Security Mode 4 when interoperating with | ||
| 15 | Bluetooth HID devices that are compliant to the Bluetooth Core | ||
| 16 | Specification v2.1+EDR[6]. | ||
| 17 | |||
| 18 | Upstream-Status: Backport [https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=25a471a83e02e1effb15d5a488b3f0085eaeb675] | ||
| 19 | CVE: CVE-2023-45866 | ||
| 20 | Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> | ||
| 21 | --- | ||
| 22 | profiles/input/device.c | 2 +- | ||
| 23 | profiles/input/input.conf | 2 +- | ||
| 24 | 2 files changed, 2 insertions(+), 2 deletions(-) | ||
| 25 | |||
| 26 | diff --git a/profiles/input/device.c b/profiles/input/device.c | ||
| 27 | index 375314e..0236488 100644 | ||
| 28 | --- a/profiles/input/device.c | ||
| 29 | +++ b/profiles/input/device.c | ||
| 30 | @@ -93,7 +93,7 @@ struct input_device { | ||
| 31 | |||
| 32 | static int idle_timeout = 0; | ||
| 33 | static bool uhid_enabled = false; | ||
| 34 | -static bool classic_bonded_only = false; | ||
| 35 | +static bool classic_bonded_only = true; | ||
| 36 | |||
| 37 | void input_set_idle_timeout(int timeout) | ||
| 38 | { | ||
| 39 | diff --git a/profiles/input/input.conf b/profiles/input/input.conf | ||
| 40 | index 4c70bc5..d8645f3 100644 | ||
| 41 | --- a/profiles/input/input.conf | ||
| 42 | +++ b/profiles/input/input.conf | ||
| 43 | @@ -17,7 +17,7 @@ | ||
| 44 | # platforms may want to make sure that input connections only come from bonded | ||
| 45 | # device connections. Several older mice have been known for not supporting | ||
| 46 | # pairing/encryption. | ||
| 47 | -# Defaults to false to maximize device compatibility. | ||
| 48 | +# Defaults to true for security. | ||
| 49 | #ClassicBondedOnly=true | ||
| 50 | |||
| 51 | # LE upgrade security | ||
| 52 | -- | ||
| 53 | 2.25.1 | ||
| 54 | |||