diff options
| -rw-r--r-- | meta/recipes-connectivity/bluez5/bluez5.inc | 1 | ||||
| -rw-r--r-- | meta/recipes-connectivity/bluez5/bluez5/CVE-2023-45866.patch | 56 |
2 files changed, 57 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/bluez5/bluez5.inc b/meta/recipes-connectivity/bluez5/bluez5.inc index a23e4e58a6..0bb157e202 100644 --- a/meta/recipes-connectivity/bluez5/bluez5.inc +++ b/meta/recipes-connectivity/bluez5/bluez5.inc | |||
| @@ -56,6 +56,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \ | |||
| 56 | file://0001-test-gatt-Fix-hung-issue.patch \ | 56 | file://0001-test-gatt-Fix-hung-issue.patch \ |
| 57 | file://0004-src-shared-util.c-include-linux-limits.h.patch \ | 57 | file://0004-src-shared-util.c-include-linux-limits.h.patch \ |
| 58 | file://0002-input-Fix-.device_probe-failing-if-SDP-record-is-not.patch \ | 58 | file://0002-input-Fix-.device_probe-failing-if-SDP-record-is-not.patch \ |
| 59 | file://CVE-2023-45866.patch \ | ||
| 59 | " | 60 | " |
| 60 | S = "${WORKDIR}/bluez-${PV}" | 61 | S = "${WORKDIR}/bluez-${PV}" |
| 61 | 62 | ||
diff --git a/meta/recipes-connectivity/bluez5/bluez5/CVE-2023-45866.patch b/meta/recipes-connectivity/bluez5/bluez5/CVE-2023-45866.patch new file mode 100644 index 0000000000..5bb31d866a --- /dev/null +++ b/meta/recipes-connectivity/bluez5/bluez5/CVE-2023-45866.patch | |||
| @@ -0,0 +1,56 @@ | |||
| 1 | From 25a471a83e02e1effb15d5a488b3f0085eaeb675 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> | ||
| 3 | Date: Tue, 10 Oct 2023 13:03:12 -0700 | ||
| 4 | Subject: [PATCH] input.conf: Change default of ClassicBondedOnly | ||
| 5 | |||
| 6 | This changes the default of ClassicBondedOnly since defaulting to false | ||
| 7 | is not inline with HID specification which mandates the of Security Mode | ||
| 8 | 4: | ||
| 9 | |||
| 10 | BLUETOOTH SPECIFICATION Page 84 of 123 | ||
| 11 | Human Interface Device (HID) Profile: | ||
| 12 | |||
| 13 | 5.4.3.4.2 Security Modes | ||
| 14 | Bluetooth HID Hosts shall use Security Mode 4 when interoperating with | ||
| 15 | Bluetooth HID devices that are compliant to the Bluetooth Core | ||
| 16 | Specification v2.1+EDR[6]. | ||
| 17 | |||
| 18 | Upstream-Status: Backport | ||
| 19 | [https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675] | ||
| 20 | |||
| 21 | CVE: CVE-2023-45866 | ||
| 22 | |||
| 23 | Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> | ||
| 24 | --- | ||
| 25 | profiles/input/device.c | 2 +- | ||
| 26 | profiles/input/input.conf | 2 +- | ||
| 27 | 2 files changed, 2 insertions(+), 2 deletions(-) | ||
| 28 | |||
| 29 | diff --git a/profiles/input/device.c b/profiles/input/device.c | ||
| 30 | index 4a50ea9..4310dd1 100644 | ||
| 31 | --- a/profiles/input/device.c | ||
| 32 | +++ b/profiles/input/device.c | ||
| 33 | @@ -81,7 +81,7 @@ struct input_device { | ||
| 34 | |||
| 35 | static int idle_timeout = 0; | ||
| 36 | static bool uhid_enabled = false; | ||
| 37 | -static bool classic_bonded_only = false; | ||
| 38 | +static bool classic_bonded_only = true; | ||
| 39 | |||
| 40 | void input_set_idle_timeout(int timeout) | ||
| 41 | { | ||
| 42 | diff --git a/profiles/input/input.conf b/profiles/input/input.conf | ||
| 43 | index 4c70bc5..d8645f3 100644 | ||
| 44 | --- a/profiles/input/input.conf | ||
| 45 | +++ b/profiles/input/input.conf | ||
| 46 | @@ -17,7 +17,7 @@ | ||
| 47 | # platforms may want to make sure that input connections only come from bonded | ||
| 48 | # device connections. Several older mice have been known for not supporting | ||
| 49 | # pairing/encryption. | ||
| 50 | -# Defaults to false to maximize device compatibility. | ||
| 51 | +# Defaults to true for security. | ||
| 52 | #ClassicBondedOnly=true | ||
| 53 | |||
| 54 | # LE upgrade security | ||
| 55 | -- | ||
| 56 | 2.40.0 | ||