Projects
Mega:23.09
bluez
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 3
View file
_service:tar_scm:bluez.spec
Changed
@@ -1,7 +1,7 @@ Name: bluez Summary: Bluetooth utilities Version: 5.54 -Release: 17 +Release: 19 License: GPLv2+ URL: http://www.bluez.org/ Source0: http://www.kernel.org/pub/linux/bluetooth/bluez-%{version}.tar.xz @@ -38,6 +38,8 @@ Patch6013: bluez-5.54-sw.patch %endif Patch6014: backport-CVE-2023-27349.patch +Patch6015: backport-CVE-2023-45866.patch +Patch6016: backport-CVE-2023-50229-CVE-2023-50230.patch BuildRequires: dbus-devel >= 1.6 libell-devel >= 0.28 autoconf BuildRequires: glib2-devel libical-devel readline-devel @@ -194,6 +196,12 @@ %{_mandir}/man8/* %changelog +* Fri Dec 22 2023 zhouwenpei <zhouwenpei1@h-partners.com> - 5.54-19 +- fix CVE-2023-50229,CVE-2023-50230 + +* Fri Dec 08 2023 zhouwenpei <zhouwenpei1@h-partners.com> - 5.54-18 +- fix CVE-2023-45866 + * Tue Apr 18 2023 zhouwenpei <zhouwenpei1@h-partners.com> - 5.54-17 - DESC:fix CVE-2023-27349
View file
_service:tar_scm:backport-CVE-2023-45866.patch
Added
@@ -0,0 +1,47 @@ +From 25a471a83e02e1effb15d5a488b3f0085eaeb675 Mon Sep 17 00:00:00 2001 +From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> +Date: Tue, 10 Oct 2023 13:03:12 -0700 +Subject: input.conf: Change default of ClassicBondedOnly + +This changes the default of ClassicBondedOnly since defaulting to false +is not inline with HID specification which mandates the of Security Mode +4: + +BLUETOOTH SPECIFICATION Page 84 of 123 +Human Interface Device (HID) Profile: + + 5.4.3.4.2 Security Modes + Bluetooth HID Hosts shall use Security Mode 4 when interoperating with + Bluetooth HID devices that are compliant to the Bluetooth Core + Specification v2.1+EDR6. +--- + profiles/input/device.c | 2 +- + profiles/input/input.conf | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/profiles/input/device.c b/profiles/input/device.c +index d89da2d..e6f9e84 100644 +--- a/profiles/input/device.c ++++ b/profiles/input/device.c +@@ -92,7 +92,7 @@ struct input_device { + + static int idle_timeout = 0; + static bool uhid_enabled = false; +-static bool classic_bonded_only = false; ++static bool classic_bonded_only = true; + + void input_set_idle_timeout(int timeout) + { +diff --git a/profiles/input/input.conf b/profiles/input/input.conf +index 166aff4..d0b6449 100644 +--- a/profiles/input/input.conf ++++ b/profiles/input/input.conf +@@ -17,5 +17,5 @@ + # platforms may want to make sure that input connections only come from bonded + # device connections. Several older mice have been known for not supporting + # pairing/encryption. +-# Defaults to false to maximize device compatibility. ++# Defaults to true for security. + #ClassicBondedOnly=true +-- +2.33.0
View file
_service:tar_scm:backport-CVE-2023-50229-CVE-2023-50230.patch
Added
@@ -0,0 +1,63 @@ +From 5ab5352531a9cc7058cce569607f3a6831464443 Mon Sep 17 00:00:00 2001 +From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> +Date: Tue, 19 Sep 2023 12:14:01 -0700 +Subject: PATCH pbap: Fix not checking Primary/Secundary Counter length + +Primary/Secundary Counters are supposed to be 16 bytes values, if the +server has implemented them incorrectly it may lead to the following +crash: + +================================================================= +==31860==ERROR: AddressSanitizer: heap-buffer-overflow on address +0x607000001878 at pc 0x7f95a1575638 bp 0x7fff58c6bb80 sp 0x7fff58c6b328 + + READ of size 48 at 0x607000001878 thread T0 + #0 0x7f95a1575637 in MemcmpInterceptorCommon(void*, int (*)(void const*, void const*, unsigned long), void const*, void const*, unsigned long) ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:860 + #1 0x7f95a1575ba6 in __interceptor_memcmp ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:892 + #2 0x7f95a1575ba6 in __interceptor_memcmp ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:887 + #3 0x564df69c77a0 in read_version obexd/client/pbap.c:288 + #4 0x564df69c77a0 in read_return_apparam obexd/client/pbap.c:352 + #5 0x564df69c77a0 in phonebook_size_callback obexd/client/pbap.c:374 + #6 0x564df69bea3c in session_terminate_transfer obexd/client/session.c:921 + #7 0x564df69d56b0 in get_xfer_progress_first obexd/client/transfer.c:729 + #8 0x564df698b9ee in handle_response gobex/gobex.c:1140 + #9 0x564df698cdea in incoming_data gobex/gobex.c:1385 + #10 0x7f95a12fdc43 in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x55c43) + #11 0x7f95a13526c7 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0xaa6c7) + #12 0x7f95a12fd2b2 in g_main_loop_run (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x552b2) + #13 0x564df6977d41 in main obexd/src/main.c:307 + #14 0x7f95a10a7d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 + #15 0x7f95a10a7e3f in __libc_start_main_impl ../csu/libc-start.c:392 + #16 0x564df6978704 in _start (/usr/local/libexec/bluetooth/obexd+0x8b704) + 0x607000001878 is located 0 bytes to the right of 72-byte region 0x607000001830,0x607000001878) + + allocated by thread T0 here: + #0 0x7f95a1595a37 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154 + #1 0x564df69c8b6a in pbap_probe obexd/client/pbap.c:1259 +--- + obexd/client/pbap.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/obexd/client/pbap.c b/obexd/client/pbap.c +index 1ed8c68ecc..2d2aa95089 100644 +--- a/obexd/client/pbap.c ++++ b/obexd/client/pbap.c +@@ -285,7 +285,7 @@ static void read_version(struct pbap_data *pbap, GObexApparam *apparam) + data = value; + } + +- if (memcmp(pbap->primary, data, len)) { ++ if (len == sizeof(pbap->primary) && memcmp(pbap->primary, data, len)) { + memcpy(pbap->primary, data, len); + g_dbus_emit_property_changed(conn, + obc_session_get_path(pbap->session), +@@ -299,7 +299,8 @@ static void read_version(struct pbap_data *pbap, GObexApparam *apparam) + data = value; + } + +- if (memcmp(pbap->secondary, data, len)) { ++ if (len == sizeof(pbap->secondary) && ++ memcmp(pbap->secondary, data, len)) { + memcpy(pbap->secondary, data, len); + g_dbus_emit_property_changed(conn, + obc_session_get_path(pbap->session),
View file
_service
Changed
@@ -2,7 +2,7 @@ <service name="tar_scm"> <param name="url">git@gitee.com:src-openeuler/bluez.git</param> <param name="scm">git</param> - <param name="revision">openEuler-23.09</param> + <param name="revision">master</param> <param name="exclude">*</param> <param name="extract">*</param> </service>
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2