From 121ba5902a99875852da5213c2e02db1b5c8c0a4 Mon Sep 17 00:00:00 2001
From: Zhao Hang <wb-zh951434@alibaba-inc.com>
Date: Thu, 19 Dec 2024 09:56:33 +0800
Subject: [PATCH 1/2] [CVE]update to bluez-5.63-3

to #IBCAF1
update to bluez-5.63-3 for CVE-2023-45866
Project: TC2024080204
Signed-off-by: Zhao Hang <wb-zh951434@alibaba-inc.com>
---
 ...-Change-default-of-ClassicBondedOnly.patch | 54 +++++++++++++++++++
 bluez.spec                                    | 31 +++++------
 dist                                          |  2 +-
 3 files changed, 68 insertions(+), 19 deletions(-)
 create mode 100644 0001-Change-default-of-ClassicBondedOnly.patch

diff --git a/0001-Change-default-of-ClassicBondedOnly.patch b/0001-Change-default-of-ClassicBondedOnly.patch
new file mode 100644
index 0000000..37e6a73
--- /dev/null
+++ b/0001-Change-default-of-ClassicBondedOnly.patch
@@ -0,0 +1,54 @@
+From: David Marlin <dmarlin@redhat.com>
+
+Subject: input.conf: Change default of ClassicBondedOnly
+
+Resolves: RHEL-18429
+
+CVE: CVE-2023-45866
+
+commit 25a471a83e02e1effb15d5a488b3f0085eaeb675
+Author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+Date:   Tue Oct 10 13:03:12 2023 -0700
+
+    input.conf: Change default of ClassicBondedOnly
+    
+    This changes the default of ClassicBondedOnly since defaulting to false
+    is not inline with HID specification which mandates the of Security Mode
+    4:
+    
+    BLUETOOTH SPECIFICATION Page 84 of 123
+    Human Interface Device (HID) Profile:
+    
+      5.4.3.4.2 Security Modes
+      Bluetooth HID Hosts shall use Security Mode 4 when interoperating with
+      Bluetooth HID devices that are compliant to the Bluetooth Core
+      Specification v2.1+EDR[6].
+
+Signed-off-by: David Marlin <dmarlin@redhat.com>
+
+diff --git a/profiles/input/device.c b/profiles/input/device.c
+index 4a50ea9921a97751a94547c0e73177d58184a75d..4310dd192e113f9875c07117d523167655cef954 100644
+--- a/profiles/input/device.c
++++ b/profiles/input/device.c
+@@ -81,7 +81,7 @@ struct input_device {
+ 
+ static int idle_timeout = 0;
+ static bool uhid_enabled = false;
+-static bool classic_bonded_only = false;
++static bool classic_bonded_only = true;
+ 
+ void input_set_idle_timeout(int timeout)
+ {
+diff --git a/profiles/input/input.conf b/profiles/input/input.conf
+index 4c70bc561f05429442c6fe0a183584ad1536fa4b..d8645f3dd664e2d671791878462f8a0dc74e04a5 100644
+--- a/profiles/input/input.conf
++++ b/profiles/input/input.conf
+@@ -17,7 +17,7 @@
+ # platforms may want to make sure that input connections only come from bonded
+ # device connections. Several older mice have been known for not supporting
+ # pairing/encryption.
+-# Defaults to false to maximize device compatibility.
++# Defaults to true for security.
+ #ClassicBondedOnly=true
+ 
+ # LE upgrade security
diff --git a/bluez.spec b/bluez.spec
index 421ad41..a46c9d6 100644
--- a/bluez.spec
+++ b/bluez.spec
@@ -1,8 +1,7 @@
-%define anolis_release .0.1
 Name:    bluez
 Summary: Bluetooth utilities
 Version: 5.63
-Release: 1%{anolis_release}%{?dist}
+Release: 3%{?dist}
 License: GPLv2+
 URL:     http://www.bluez.org/
 
@@ -50,6 +49,8 @@ Patch25: 0001-gdbus-Emit-InterfacesAdded-of-parents-objects-first.patch
 
 #Patch32: 0001-sdpd-Fix-leaking-buffers-stored-in-cstates-cache.patch
 
+Patch40: 0001-Change-default-of-ClassicBondedOnly.patch
+
 BuildRequires: git-core
 BuildRequires: dbus-devel >= 1.6
 BuildRequires: glib2-devel
@@ -71,9 +72,6 @@ Requires(post): systemd
 Requires(preun): systemd
 Requires(postun): systemd
 
-Requires: glibc
-Provides: /usr/bin/bluemoon
-
 %description
 Utilities for use in Bluetooth applications:
 	- hcitool
@@ -94,15 +92,6 @@ Utilities for use in Bluetooth applications:
 
 The BLUETOOTH trademarks are owned by Bluetooth SIG, Inc., U.S.A.
 
-%package doc
-Summary: Documents for %{name}
-BuildArch: noarch
-Requires: %{name} = %{version}-%{release}
-
-
-%description  doc
-Doc pages for %{name}.
-
 %package libs
 Summary: Libraries for use in Bluetooth applications
 
@@ -228,6 +217,7 @@ make check
 %files
 %{!?_licensedir:%global license %%doc}
 %license COPYING
+%doc AUTHORS ChangeLog
 %config %{_sysconfdir}/dbus-1/system.d/bluetooth.conf
 %config %{_sysconfdir}/bluetooth/main.conf
 %{_bindir}/btattach
@@ -269,8 +259,6 @@ make check
 %{_unitdir}/btattach-bcm@.service
 %{_udevrulesdir}/69-btattach-bcm.rules
 
-%files doc
-%doc AUTHORS ChangeLog
 
 %files libs
 %{!?_licensedir:%global license %%doc}
@@ -297,8 +285,15 @@ make check
 %{_userunitdir}/obex.service
 
 %changelog
-* Thu Dec 29 2022 Liwei Ge <liwei.glw@alibaba-inc.com> - 5.63-1.0.1
-- Add doc sub package
+* Thu Jun 06 2024 David Marlin <dmarlin@redhat.com> - 5.63-3
++ bluez-5.63-3
+- Add back the tests for OSCI.
+
+* Wed May 29 2024 David Marlin <dmarlin@redhat.com> - 5.63-2
++ bluez-5.63-2
+- Change default of ClassicBondedOnly to true to align with HID specification.
+- Resolves: RHEL-18429
+- Fixing CVE-2021-41229
 
 * Tue May 17 2022 Gopal Tiwari <gtiwari@redhat.com> - 5.63-1
 + bluez-5.63-1
diff --git a/dist b/dist
index 9c0e36e..1fe92cf 100644
--- a/dist
+++ b/dist
@@ -1 +1 @@
-an8
+an8_10
-- 
Gitee


From d617a83531d87fe150328e46fe9bac424de6c60b Mon Sep 17 00:00:00 2001
From: mgb01105731 <mgb01105731@alibaba-inc.com>
Date: Sat, 16 Jul 2022 10:22:06 +0800
Subject: [PATCH 2/2] Add doc sub package

---
 bluez.spec | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/bluez.spec b/bluez.spec
index a46c9d6..050de9c 100644
--- a/bluez.spec
+++ b/bluez.spec
@@ -1,7 +1,8 @@
+%define anolis_release .0.1
 Name:    bluez
 Summary: Bluetooth utilities
 Version: 5.63
-Release: 3%{?dist}
+Release: 3%{anolis_release}%{?dist}
 License: GPLv2+
 URL:     http://www.bluez.org/
 
@@ -72,6 +73,9 @@ Requires(post): systemd
 Requires(preun): systemd
 Requires(postun): systemd
 
+Requires: glibc
+Provides: /usr/bin/bluemoon
+
 %description
 Utilities for use in Bluetooth applications:
 	- hcitool
@@ -92,6 +96,15 @@ Utilities for use in Bluetooth applications:
 
 The BLUETOOTH trademarks are owned by Bluetooth SIG, Inc., U.S.A.
 
+%package doc
+Summary: Documents for %{name}
+BuildArch: noarch
+Requires: %{name} = %{version}-%{release}
+
+
+%description  doc
+Doc pages for %{name}.
+
 %package libs
 Summary: Libraries for use in Bluetooth applications
 
@@ -217,7 +230,6 @@ make check
 %files
 %{!?_licensedir:%global license %%doc}
 %license COPYING
-%doc AUTHORS ChangeLog
 %config %{_sysconfdir}/dbus-1/system.d/bluetooth.conf
 %config %{_sysconfdir}/bluetooth/main.conf
 %{_bindir}/btattach
@@ -259,6 +271,8 @@ make check
 %{_unitdir}/btattach-bcm@.service
 %{_udevrulesdir}/69-btattach-bcm.rules
 
+%files doc
+%doc AUTHORS ChangeLog
 
 %files libs
 %{!?_licensedir:%global license %%doc}
@@ -285,6 +299,9 @@ make check
 %{_userunitdir}/obex.service
 
 %changelog
+* Thu Dec 19 2024 Liwei Ge <liwei.glw@alibaba-inc.com> - 5.63-3.0.1
+- Add doc sub package
+
 * Thu Jun 06 2024 David Marlin <dmarlin@redhat.com> - 5.63-3
 + bluez-5.63-3
 - Add back the tests for OSCI.
-- 
Gitee