-
Notifications
You must be signed in to change notification settings - Fork 549
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
5 changed files
with
891 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
From 61522c4a6b3ccf667bd89925477ae866715f110e Mon Sep 17 00:00:00 2001 | ||
From: Luiz Augusto von Dentz <[email protected]> | ||
Date: Tue, 10 Oct 2023 13:03:12 -0700 | ||
Subject: [PATCH] input.conf: Change default of ClassicBondedOnly | ||
|
||
This changes the default of ClassicBondedOnly since defaulting to false | ||
is not inline with HID specification which mandates the of Security Mode | ||
4: | ||
|
||
BLUETOOTH SPECIFICATION Page 84 of 123 | ||
Human Interface Device (HID) Profile: | ||
|
||
5.4.3.4.2 Security Modes | ||
Bluetooth HID Hosts shall use Security Mode 4 when interoperating with | ||
Bluetooth HID devices that are compliant to the Bluetooth Core | ||
Specification v2.1+EDR[6]. | ||
--- | ||
profiles/input/device.c | 2 +- | ||
profiles/input/input.conf | 2 +- | ||
2 files changed, 2 insertions(+), 2 deletions(-) | ||
|
||
diff --git a/profiles/input/device.c b/profiles/input/device.c | ||
index 0138992..156f9f1 100644 | ||
--- a/profiles/input/device.c | ||
+++ b/profiles/input/device.c | ||
@@ -81,7 +81,7 @@ struct input_device { | ||
|
||
static int idle_timeout = 0; | ||
static bool uhid_enabled = false; | ||
-static bool classic_bonded_only = false; | ||
+static bool classic_bonded_only = true; | ||
|
||
void input_set_idle_timeout(int timeout) | ||
{ | ||
diff --git a/profiles/input/input.conf b/profiles/input/input.conf | ||
index 4c70bc5..d8645f3 100644 | ||
--- a/profiles/input/input.conf | ||
+++ b/profiles/input/input.conf | ||
@@ -17,7 +17,7 @@ | ||
# platforms may want to make sure that input connections only come from bonded | ||
# device connections. Several older mice have been known for not supporting | ||
# pairing/encryption. | ||
-# Defaults to false to maximize device compatibility. | ||
+# Defaults to true for security. | ||
#ClassicBondedOnly=true | ||
|
||
# LE upgrade security | ||
-- | ||
2.38.1 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,7 @@ | ||
Summary: Bluetooth utilities | ||
Name: bluez | ||
Version: 5.63 | ||
Release: 5%{?dist} | ||
Release: 6%{?dist} | ||
License: GPLv2+ AND LGPLv2+ | ||
Vendor: Microsoft Corporation | ||
Distribution: Azure Linux | ||
|
@@ -25,6 +25,7 @@ Patch7: 0001-hog-Fix-read-order-of-attributes-rediffed.patch | |
Patch8: 0002-hog-Add-input-queue-while-uhid-device-has-not-been-c-rediffed.patch | ||
Patch9: CVE-2022-3563.patch | ||
Patch10: CVE-2023-50229-CVE-2023-50230.patch | ||
Patch11: CVE-2023-45866.patch | ||
BuildRequires: autoconf | ||
BuildRequires: automake | ||
# For printing | ||
|
@@ -273,6 +274,9 @@ install emulator/btvirt %{buildroot}/%{_libexecdir}/bluetooth/ | |
%{_userunitdir}/obex.service | ||
|
||
%changelog | ||
* Wed Oct 30 2024 Pawel Winogrodzki <[email protected]> - 5.63-6 | ||
- Patched CVE-2023-45866. | ||
|
||
* Fri Jun 21 2024 Neha Agarwal <[email protected]> - 5.63-5 | ||
- Patch CVE-2023-50229 and CVE-2023-50230 | ||
|
||
|
Oops, something went wrong.