diff options
Diffstat (limited to 'meta/recipes-connectivity/bluez5/bluez5/CVE-2023-45866.patch')
-rw-r--r-- | meta/recipes-connectivity/bluez5/bluez5/CVE-2023-45866.patch | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/bluez5/bluez5/CVE-2023-45866.patch b/meta/recipes-connectivity/bluez5/bluez5/CVE-2023-45866.patch new file mode 100644 index 0000000000..43670ab2b3 --- /dev/null +++ b/meta/recipes-connectivity/bluez5/bluez5/CVE-2023-45866.patch | |||
@@ -0,0 +1,54 @@ | |||
1 | From 25a471a83e02e1effb15d5a488b3f0085eaeb675 Mon Sep 17 00:00:00 2001 | ||
2 | From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> | ||
3 | Date: Tue, 10 Oct 2023 13:03:12 -0700 | ||
4 | Subject: input.conf: Change default of ClassicBondedOnly | ||
5 | |||
6 | This changes the default of ClassicBondedOnly since defaulting to false | ||
7 | is not inline with HID specification which mandates the of Security Mode | ||
8 | 4: | ||
9 | |||
10 | BLUETOOTH SPECIFICATION Page 84 of 123 | ||
11 | Human Interface Device (HID) Profile: | ||
12 | |||
13 | 5.4.3.4.2 Security Modes | ||
14 | Bluetooth HID Hosts shall use Security Mode 4 when interoperating with | ||
15 | Bluetooth HID devices that are compliant to the Bluetooth Core | ||
16 | Specification v2.1+EDR[6]. | ||
17 | |||
18 | Upstream-Status: Backport [https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=25a471a83e02e1effb15d5a488b3f0085eaeb675] | ||
19 | CVE: CVE-2023-45866 | ||
20 | Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> | ||
21 | --- | ||
22 | profiles/input/device.c | 2 +- | ||
23 | profiles/input/input.conf | 2 +- | ||
24 | 2 files changed, 2 insertions(+), 2 deletions(-) | ||
25 | |||
26 | diff --git a/profiles/input/device.c b/profiles/input/device.c | ||
27 | index 375314e..0236488 100644 | ||
28 | --- a/profiles/input/device.c | ||
29 | +++ b/profiles/input/device.c | ||
30 | @@ -93,7 +93,7 @@ struct input_device { | ||
31 | |||
32 | static int idle_timeout = 0; | ||
33 | static bool uhid_enabled = false; | ||
34 | -static bool classic_bonded_only = false; | ||
35 | +static bool classic_bonded_only = true; | ||
36 | |||
37 | void input_set_idle_timeout(int timeout) | ||
38 | { | ||
39 | diff --git a/profiles/input/input.conf b/profiles/input/input.conf | ||
40 | index 4c70bc5..d8645f3 100644 | ||
41 | --- a/profiles/input/input.conf | ||
42 | +++ b/profiles/input/input.conf | ||
43 | @@ -17,7 +17,7 @@ | ||
44 | # platforms may want to make sure that input connections only come from bonded | ||
45 | # device connections. Several older mice have been known for not supporting | ||
46 | # pairing/encryption. | ||
47 | -# Defaults to false to maximize device compatibility. | ||
48 | +# Defaults to true for security. | ||
49 | #ClassicBondedOnly=true | ||
50 | |||
51 | # LE upgrade security | ||
52 | -- | ||
53 | 2.25.1 | ||
54 | |||