From 6487946b5efcaccdadb5d8dffdab2713ca68e7ab Mon Sep 17 00:00:00 2001
From: zhouwenpei <zhouwenpei050@chinasoftinc.com>
Date: Fri, 8 Dec 2023 07:50:45 +0000
Subject: [PATCH] fix CVE-2023-45866

(cherry picked from commit 7e277c3b1db78bbb0bad42491466883343e8c0d9)
---
 backport-CVE-2023-45866.patch | 47 +++++++++++++++++++++++++++++++++++
 bluez.spec                    |  6 ++++-
 2 files changed, 52 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2023-45866.patch

diff --git a/backport-CVE-2023-45866.patch b/backport-CVE-2023-45866.patch
new file mode 100644
index 0000000..818decb
--- /dev/null
+++ b/backport-CVE-2023-45866.patch
@@ -0,0 +1,47 @@
+From 25a471a83e02e1effb15d5a488b3f0085eaeb675 Mon Sep 17 00:00:00 2001
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+Date: Tue, 10 Oct 2023 13:03:12 -0700
+Subject: input.conf: Change default of ClassicBondedOnly
+
+This changes the default of ClassicBondedOnly since defaulting to false
+is not inline with HID specification which mandates the of Security Mode
+4:
+
+BLUETOOTH SPECIFICATION Page 84 of 123
+Human Interface Device (HID) Profile:
+
+  5.4.3.4.2 Security Modes
+  Bluetooth HID Hosts shall use Security Mode 4 when interoperating with
+  Bluetooth HID devices that are compliant to the Bluetooth Core
+  Specification v2.1+EDR[6].
+---
+ profiles/input/device.c   | 2 +-
+ profiles/input/input.conf | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/profiles/input/device.c b/profiles/input/device.c
+index d89da2d..e6f9e84 100644
+--- a/profiles/input/device.c
++++ b/profiles/input/device.c
+@@ -92,7 +92,7 @@ struct input_device {
+
+ static int idle_timeout = 0;
+ static bool uhid_enabled = false;
+-static bool classic_bonded_only = false;
++static bool classic_bonded_only = true;
+
+ void input_set_idle_timeout(int timeout)
+ {
+diff --git a/profiles/input/input.conf b/profiles/input/input.conf
+index 166aff4..d0b6449 100644
+--- a/profiles/input/input.conf
++++ b/profiles/input/input.conf
+@@ -17,5 +17,5 @@
+ # platforms may want to make sure that input connections only come from bonded
+ # device connections. Several older mice have been known for not supporting
+ # pairing/encryption.
+-# Defaults to false to maximize device compatibility.
++# Defaults to true for security.
+ #ClassicBondedOnly=true
+--
+2.33.0
diff --git a/bluez.spec b/bluez.spec
index 6f34438..003f7da 100644
--- a/bluez.spec
+++ b/bluez.spec
@@ -1,7 +1,7 @@
 Name:             bluez
 Summary:          Bluetooth utilities
 Version:          5.54
-Release:          17
+Release:          18
 License:          GPLv2+
 URL:              http://www.bluez.org/
 Source0:          http://www.kernel.org/pub/linux/bluetooth/bluez-%{version}.tar.xz
@@ -38,6 +38,7 @@ Patch6012:	  backport-0002-CVE-2022-39177.patch
 Patch6013:	  bluez-5.54-sw.patch
 %endif
 Patch6014:        backport-CVE-2023-27349.patch
+Patch6015:        backport-CVE-2023-45866.patch
 
 BuildRequires:    dbus-devel >= 1.6 libell-devel >= 0.28 autoconf
 BuildRequires:    glib2-devel libical-devel readline-devel 
@@ -194,6 +195,9 @@ make check
 %{_mandir}/man8/*
 
 %changelog
+* Fri Dec 08 2023 zhouwenpei <zhouwenpei1@h-partners.com> - 5.54-18
+- fix CVE-2023-45866
+
 * Tue Apr 18 2023 zhouwenpei <zhouwenpei1@h-partners.com> - 5.54-17
 - DESC:fix CVE-2023-27349
 
-- 
Gitee