HID gamepad not working when paired with blueman on bluez 5.68-0ubuntu1.1
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
blueman (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Hello,
I updated from 5.68-0ubuntu1 to 5.68-0ubuntu1.1 and my bluetooth gamepad (8bitdo Pro 2) stopped working. It no longer was detected by various emulator software or by jstest-gtk. It stopped showing up in /dev/input/ as well.
Here are the logs that I get on connection with the broken (new) version:
Dec 10 13:12:23 laptop bluetoothd[6317]: src/profile.
Dec 10 13:12:43 laptop bluetoothd[6317]: profiles/
Dec 10 13:12:45 laptop bluetoothd[6317]: profiles/
Here are the logs that I get on connection with the old (working) version:
Dec 10 13:37:17 laptop bluetoothd[7736]: src/profile.
Dec 10 13:38:30 laptop bluetoothd[7736]: profiles/
I think that the indicator of issues (or at least a red herring) is the "Rejected connection from !bonded device" line in the broken output. I've redacted my MAC address obviously.
I think that two packages are involved with this and I am not quite sure where exactly the bug lives. I think that both the "bluez" and "bluez-obexd" packages are involved. If I mix the versions between these two, I get various different behaviors:
bluez-obexd 1.1 and bluez 1.1 = broken behavior
bluez-obexd 1 and bluez 1.1 = broken behavior
bluez-obexd 1 and bluez 1 = working behavior
bluez-obexd 1.1 and bluez 1 = unable to connect bluetooth device
CVE References
description: | updated |
summary: |
- [Regression] HID gamepad stopped working when paired with blueman on - bluez 5.68-0ubuntu1.1 + HID gamepad not working when paired with blueman on bluez + 5.68-0ubuntu1.1 |
tags: | added: regression-security |
Until this bug is fixed, other users can get the previous function back by running
sudo apt install bluez-obexd= 5.68-0ubuntu1 bluez=5.68-0ubuntu1
sudo apt-mark hold bluez bluez-obexd
I think that this undoes a security update (https:/ /launchpad. net/ubuntu/ +source/ bluez/5. 68-0ubuntu1. 1) for this CVE (https:/ /nvd.nist. gov/vuln/ detail/ CVE-2023- 45866), but if you care more about your controller working than you do the possibility of someone injecting keystrokes while your computer is in "discoverable" mode then it seems like a fair trade-off.