From 023da29ceff21b289f047ca453ff188734c70598 Mon Sep 17 00:00:00 2001
From: changtao <changtao@kylinos.cn>
Date: Wed, 9 Oct 2024 03:57:26 +0800
Subject: [PATCH] fix CVE-2024-8805

---
 backport-fix-CVE-2024-8805.patch | 44 ++++++++++++++++++++++++++++++++
 bluez.spec                       |  6 ++++-
 2 files changed, 49 insertions(+), 1 deletion(-)
 create mode 100644 backport-fix-CVE-2024-8805.patch

diff --git a/backport-fix-CVE-2024-8805.patch b/backport-fix-CVE-2024-8805.patch
new file mode 100644
index 0000000..7346795
--- /dev/null
+++ b/backport-fix-CVE-2024-8805.patch
@@ -0,0 +1,44 @@
+From: 41f943630d9a03c40e95057b2ac3d96470b9c71e Mon Sep 17 00:00:00 2001
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+Date: Wed, 9 Oct 2024 03:52:50 +0800
+Subject: [PATCH] fix CVE-2024-8805
+
+
+---
+ client/main.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/client/main.c b/client/main.c
+index 422da55..5f02408 100644
+--- a/client/main.c
++++ b/client/main.c
+@@ -1054,6 +1054,7 @@ static void cmd_pairable(int argc, char *argv[])
+ 
+ static void cmd_discoverable(int argc, char *argv[])
+ {
++	DBusMessageIter iter;
+ 	dbus_bool_t discoverable;
+ 	char *str;
+ 
+@@ -1063,6 +1064,18 @@ static void cmd_discoverable(int argc, char *argv[])
+ 	if (check_default_ctrl() == FALSE)
+ 		return bt_shell_noninteractive_quit(EXIT_FAILURE);
+ 
++	if (discoverable && g_dbus_proxy_get_property(default_ctrl->proxy,
++					"DiscoverableTimeout", &iter)) {
++		uint32_t value;
++
++		dbus_message_iter_get_basic(&iter, &value);
++
++		if (!value)
++			bt_shell_printf("Warning: setting discoverable while "
++					"discoverable-timeout not set(0) is not"
++					" recommended\n");
++	}
++
+ 	str = g_strdup_printf("discoverable %s",
+ 				discoverable == TRUE ? "on" : "off");
+ 
+-- 
+2.43.0
+
diff --git a/bluez.spec b/bluez.spec
index b01fb50..1ad11a8 100644
--- a/bluez.spec
+++ b/bluez.spec
@@ -1,7 +1,7 @@
 Name:             bluez
 Summary:          Bluetooth utilities
 Version:          5.54
-Release:          20
+Release:          21
 License:          GPLv2+
 URL:              http://www.bluez.org/
 Source0:          http://www.kernel.org/pub/linux/bluetooth/bluez-%{version}.tar.xz
@@ -41,6 +41,7 @@ Patch6014:        backport-CVE-2023-27349.patch
 Patch6015:        backport-CVE-2023-45866.patch
 Patch6016:        backport-CVE-2023-50229-CVE-2023-50230.patch
 Patch6017:        Fix-crash-after-pair-command.patch
+Patch6018:        backport-fix-CVE-2024-8805.patch
 
 BuildRequires:    dbus-devel >= 1.6 libell-devel >= 0.28 autoconf
 BuildRequires:    glib2-devel libical-devel readline-devel 
@@ -197,6 +198,9 @@ make check
 %{_mandir}/man8/*
 
 %changelog
+* Thu Oct 10 2024 changtao <changtao@kylinos.cn> - 5.54-21
+- fix CVE-2024-8805
+
 * Tue Jun 4 2024 xuchenchen <xuchenchen@kylinos.cn> - 5.54-20
 - mgmt: Fix crash after pair command
 
-- 
Gitee