diff options
Diffstat (limited to 'kde-misc/kdeconnect')
13 files changed, 503 insertions, 93 deletions
diff --git a/kde-misc/kdeconnect/Manifest b/kde-misc/kdeconnect/Manifest index cf1b9d57f7e6..6e629f37133e 100644 --- a/kde-misc/kdeconnect/Manifest +++ b/kde-misc/kdeconnect/Manifest @@ -1,5 +1,13 @@ -DIST kdeconnect-kde-20.04.3.tar.xz 431092 BLAKE2B 8da7439f6d3ef17c1a80b6a47411200e5bb2e622c9072b386cb2aaf6730fde80a6c6d8564aaaad42ad97f471259e651ccc9e78d5067619e7f150b61aecec645b SHA512 148526e1c216725fa92b96682ea2a78f4bbb94d56066bc545fee875b321eda2b41f75f840366d1a69e74ea3e40832ac70dce912226427df019fed4387c68ec43 -DIST kdeconnect-kde-20.08.1.tar.xz 407996 BLAKE2B c0f9975146aa459caefe34a8adb315390669d27739ac82d5b0b06a9f7721cac32aece91c54aea961210f4f66ac061550b1e71927b35f65bab56a7fb1fcf5b16b SHA512 c6322b1a77323a814f9a501d871f03c70530f9ba63dcede4228005f528da577078c1fc56760ee4181e0cc90ffa97ced59451c6d2546e3c9424afa21ff2d76f8c -EBUILD kdeconnect-20.04.3.ebuild 2263 BLAKE2B 6eaba05230ff5b09361b54ddb6944d8c9e9f673804bc8fe9eb6317372718c29b6538130ac42208bcc13aebd7d496576f724074fc0f2bd2363384e76683f2d7b4 SHA512 8ea2e0d5fcaef53abb88643ea356bb1dbe7d7e17db868ae3051b5d4c5f44c1eb29d13b493dd2075dd3399de97b150683d73b5cbe3186da6f6b894572d668d15c -EBUILD kdeconnect-20.08.1.ebuild 2294 BLAKE2B 37700d854800c2f1416edfd9d8a23820072f2ab46e83099cbe63bd7aef874b50160610c87e63b9787a5f272d1230617cc59bd62d7706c8bb093e0da27ae0d444 SHA512 6199096c2e72d9a4e043ece94e325e19afd68da06b74e459ff21289670adb4b5c9273a75d1ce6bc8da03c72733b0d635af659a89be58664dbc2b47f690bd2999 +AUX kdeconnect-20.04.3-01-Do-not-ignore-SSL-errors-except-for-self-signed-cert.patch 2893 BLAKE2B 2e0fcf55ccef118b95d3ec93dbdbe11a41922998b796b5114258c7f245aee5758fcd7cf6e8f5be58e0576f204c906ea9929e81ff5546cd5d9f95ffea83575275 SHA512 9625217ce5a654104170ced8cf87efe14d553f281b9bd3850b2a3071b04d4e6f3e09cc8f4841388fb557931c80475b6f1c11863af1da7b526556fe3ab3c6259d +AUX kdeconnect-20.04.3-02-Do-not-leak-the-local-user-in-the-device-name.patch 1096 BLAKE2B 21a4b7b4ea36617fa3f2fb566446e56c4276c77b4cc07ccc0e097555ae23c560fd9709034ef9153d680ab2d58f848143657d1575d80db1a4803302d494a9850c SHA512 c1f901f11f33fdbdca968e52ec3a79b59eb8f4757ffba2b23883161fe41a45e8f6cddd821e1a910d80605b92a0b9953cde8fe60261f39f0fb28d2afd4d611210 +AUX kdeconnect-20.04.3-03-Fix-use-after-free-in-LanLinkProvider-connectError.patch 1121 BLAKE2B 902cbb2db6d5baf340e2f49531d75fb4ca6d368e1efcc4da5dfc8a17fb825b390af74ee4574b134d216db67cc0a0fcfcbbc02a63c58f74656020dc6f3068288c SHA512 282053314df245cf9fd00315b59448a7d7a1a1c73f8badeb98daafc7d56e17b6755128183a516e5d1c93deae83c7c756b1ca9e485f6a1c474a556d68c5a64942 +AUX kdeconnect-20.04.3-04-Limit-identity-packets-to-8KiB.patch 1537 BLAKE2B cc0642738e4a262572b63f417511cf5296488e83b5b82189a6d268a360603d51970ac8cfade5c28cf00294c5675bb8f1b375aaba51b12024790723b0d6ecd771 SHA512 6db188aeb96ce93d92ad0f11fe8809a0fb32363a84612824efe21228547c45f6b38e3dae834ba8f55a14e4cba1df004915dcf26108cca211ee5a008f17562e41 +AUX kdeconnect-20.04.3-05-Do-not-let-lanlink-connections-stay-open-for-long-wi.patch 1372 BLAKE2B d806766634088fbc26963223132c8c2b12cb690520e69c98470b87b5d9f94c896d243e19561fdbff1a92164cc071570cc5ff7ad0127693e6738b854a99b03f49 SHA512 c19cd4aff831b5918d6bbc5e23d5cbd845dfd9bfbd6515e3f7c9ba65e590bae1a643d9e784b1a9bbeed74b04b0d4aead7415a4bf7c1842918bce08560c06687c +AUX kdeconnect-20.04.3-06-Don-t-brute-force-reading-the-socket.patch 3199 BLAKE2B 0bc6f9a430e90801a4930975a460cbdc7ead387c6ba24ab62147c47e7ba49986effed1a5da9f8125fed5e33403eafe12c1068127d3ec340a14ae4e45778f873a SHA512 8cf8ffe0df864a82976c51e95c9806109e3c66d792ce31016515ac1132674cf97be71d70ea9efb29892ec1624fab6fcac553e1e64c7950a3b0bbdb7d8e79bbea +AUX kdeconnect-20.04.3-07-Limit-number-of-connected-sockets-from-unpaired-devi.patch 1836 BLAKE2B 9886ba5833626546308d6f1b4fa4bbc7455628d1737a7126f8be40d652275249b2949028e93177ab994bfed102ff835c7f8882b2e9d85f186efd3232efeae90f SHA512 6feb3f96f8f6bb70d383ae66134b2773ea7b4b5275ce16b92974365b4d3bf29d5fe7db6fdd6c60d777a2cf3feac5dc7e989e562e5cd62a6d50c98d2b030f1c32 +AUX kdeconnect-20.04.3-08-Do-not-remember-more-than-a-few-identity-packets-at-.patch 2107 BLAKE2B 902059f4b1d40f3d221e024ec0fb86e8664f918ed3cb1236b9b3d98173ed3a7387301965ee0f2925ea304d77a268f2b2c29c89463b1b5e2aed52f7871a324c3a SHA512 54d0686e6af67a3c075bcb844b4f80941a9eb69f180c996f17c3ab57437b03a91b33b3d91966a06159ced16fc4b7a07711e100d698f73a0f855c3195af83471c +AUX kdeconnect-20.04.3-09-Limit-the-ports-we-try-to-connect-to-to-the-port-ran.patch 1197 BLAKE2B 4cf50f0d883b194c92f16961df4d7158e19644c8f6756afa27bbfe8438da0ae44fe96d29184060c242ffc0870536d35b9871f4dbde042a2fe176abb8cf0a2180 SHA512 ff3b227bd15612201a0510a5ea0f330372e712b05b170b34d671b68e7ac3d1f561a65fcc1ea55d239bc64065186b70a17530061ddfadf6ce4f0a13a9a8d100e9 +AUX kdeconnect-20.04.3-10-Do-not-replace-connections-for-a-given-deviceId-if-t.patch 2261 BLAKE2B 531b3a81f9ed7c50794191140bd510f0ee5968c4deb67056f0f37649f19caa96fc0a2cfd9bd29086b6c9c59cd591d41a2db52627c5006deef41dd74f86b36ed6 SHA512 20e856aba62f5528b6772d8693c435ef7070065377d5dbee9e695a11f6d782082fdcc8b5d40804137a93db4f12f16a41a2b8af4212179cd1a0f43e1f30e71453 +DIST kdeconnect-kde-20.08.3.tar.xz 420232 BLAKE2B 2044c121ea769f915fd7026201ec038961720df379096d4a93917b76ac0baccf0a3e8e864bd9da8536b4efc930ba05d1c1d209352c68ed3917fbe8a1747086e6 SHA512 89b5af789b6db58a7f2ae3436f0a212d72b7ba2511fc62cb8cd90d4291939e70bd3922256f17a6a01d2e6952f0c03912c2793728c8c18fedba608ef02bd9c9c3 +EBUILD kdeconnect-20.08.3.ebuild 2262 BLAKE2B 03b72bc5aaca68e4670793927c11ce195549f702e045c7aeab088dd9462ee6099b80ac30f15bfa9ed1246a756ef90c7c532ffff22cad673a20455e6dc9f5470e SHA512 b025519dcb7beb30bce5f398f42d08aa849d26cd065c50c1e6625f8c53edf09c5575f8349cbba2d079d0db95058e6f53151a2777f3add09a1d4be9de0a3d6c1d MISC metadata.xml 577 BLAKE2B 4a7b31db0d4e48ab09de42119a36b7733603d2b3f85f7cbf36b61713f2f87488f4fe1223d2dc2ef7460b41525eb59fe5e43196df54f8f454241e56518ad73855 SHA512 faf6e262a0f0d020bbaf4372c8f5c308de1fae0cee4f37cdf9509b585ead0706ba06109f27e691cbd0ebceadb7c352b0d335dc29e87baee13ac3dda5eca11a5c diff --git a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-01-Do-not-ignore-SSL-errors-except-for-self-signed-cert.patch b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-01-Do-not-ignore-SSL-errors-except-for-self-signed-cert.patch new file mode 100644 index 000000000000..cafeb9501cd8 --- /dev/null +++ b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-01-Do-not-ignore-SSL-errors-except-for-self-signed-cert.patch @@ -0,0 +1,65 @@ +From f183b5447bad47655c21af87214579f03bf3a163 Mon Sep 17 00:00:00 2001 +From: Albert Vaca Cintora <albertvaka@gmail.com> +Date: Thu, 24 Sep 2020 16:59:22 +0200 +Subject: [PATCH 01/10] Do not ignore SSL errors, except for self-signed cert + errors. + +Thanks Matthias Gerstner <mgerstner@suse.de> for reporting this. +--- + core/backends/lan/lanlinkprovider.cpp | 24 +++++++++++++----------- + 1 file changed, 13 insertions(+), 11 deletions(-) + +diff --git a/core/backends/lan/lanlinkprovider.cpp b/core/backends/lan/lanlinkprovider.cpp +index d9a7d8fa..fc005cee 100644 +--- a/core/backends/lan/lanlinkprovider.cpp ++++ b/core/backends/lan/lanlinkprovider.cpp +@@ -297,9 +297,7 @@ void LanLinkProvider::tcpSocketConnected() + + connect(socket, &QSslSocket::encrypted, this, &LanLinkProvider::encrypted); + +- if (isDeviceTrusted) { +- connect(socket, QOverload<const QList<QSslError> &>::of(&QSslSocket::sslErrors), this, &LanLinkProvider::sslErrors); +- } ++ connect(socket, QOverload<const QList<QSslError> &>::of(&QSslSocket::sslErrors), this, &LanLinkProvider::sslErrors); + + socket->startServerEncryption(); + +@@ -326,8 +324,6 @@ void LanLinkProvider::encrypted() + + QSslSocket* socket = qobject_cast<QSslSocket*>(sender()); + if (!socket) return; +- // TODO delete me? +- disconnect(socket, QOverload<const QList<QSslError> &>::of(&QSslSocket::sslErrors), this, &LanLinkProvider::sslErrors); + + Q_ASSERT(socket->mode() != QSslSocket::UnencryptedMode); + LanDeviceLink::ConnectionStarted connectionOrigin = (socket->mode() == QSslSocket::SslClientMode)? LanDeviceLink::Locally : LanDeviceLink::Remotely; +@@ -346,14 +342,20 @@ void LanLinkProvider::sslErrors(const QList<QSslError>& errors) + QSslSocket* socket = qobject_cast<QSslSocket*>(sender()); + if (!socket) return; + +- qCDebug(KDECONNECT_CORE) << "Failing due to " << errors; +- Device* device = Daemon::instance()->getDevice(socket->peerVerifyName()); +- if (device) { +- device->unpair(); ++ bool fatal = false; ++ for (const QSslError& error : errors) { ++ if (error.error() != QSslError::SelfSignedCertificate) { ++ qCCritical(KDECONNECT_CORE) << "Disconnecting due to fatal SSL Error: " << error; ++ fatal = true; ++ } else { ++ qCDebug(KDECONNECT_CORE) << "Ignoring self-signed cert error"; ++ } + } + +- delete m_receivedIdentityPackets.take(socket).np; +- // Socket disconnects itself on ssl error and will be deleted by deleteLater slot, no need to delete manually ++ if (fatal) { ++ socket->disconnectFromHost(); ++ delete m_receivedIdentityPackets.take(socket).np; ++ } + } + + //I'm the new device and this is the answer to my UDP identity packet (no data received yet). They are connecting to us through TCP, and they should send an identity. +-- +2.28.0 + diff --git a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-02-Do-not-leak-the-local-user-in-the-device-name.patch b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-02-Do-not-leak-the-local-user-in-the-device-name.patch new file mode 100644 index 000000000000..b374d001036c --- /dev/null +++ b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-02-Do-not-leak-the-local-user-in-the-device-name.patch @@ -0,0 +1,32 @@ +From b279c52101d3f7cc30a26086d58de0b5f1c547fa Mon Sep 17 00:00:00 2001 +From: Albert Vaca Cintora <albertvaka@gmail.com> +Date: Thu, 24 Sep 2020 17:01:03 +0200 +Subject: [PATCH 02/10] Do not leak the local user in the device name. + +Thanks Matthias Gerstner <mgerstner@suse.de> for reporting this. +--- + core/kdeconnectconfig.cpp | 8 +------- + 1 file changed, 1 insertion(+), 7 deletions(-) + +diff --git a/core/kdeconnectconfig.cpp b/core/kdeconnectconfig.cpp +index 91719303..a8dbcf5c 100644 +--- a/core/kdeconnectconfig.cpp ++++ b/core/kdeconnectconfig.cpp +@@ -90,13 +90,7 @@ KdeConnectConfig::KdeConnectConfig() + + QString KdeConnectConfig::name() + { +- QString username; +- #ifdef Q_OS_WIN +- username = QString::fromLatin1(qgetenv("USERNAME")); +- #else +- username = QString::fromLatin1(qgetenv("USER")); +- #endif +- QString defaultName = username + QStringLiteral("@") + QHostInfo::localHostName(); ++ QString defaultName = QHostInfo::localHostName(); + QString name = d->m_config->value(QStringLiteral("name"), defaultName).toString(); + return name; + } +-- +2.28.0 + diff --git a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-03-Fix-use-after-free-in-LanLinkProvider-connectError.patch b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-03-Fix-use-after-free-in-LanLinkProvider-connectError.patch new file mode 100644 index 000000000000..52fb9057b930 --- /dev/null +++ b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-03-Fix-use-after-free-in-LanLinkProvider-connectError.patch @@ -0,0 +1,28 @@ +From d35b88c1b25fe13715f9170f18674d476ca9acdc Mon Sep 17 00:00:00 2001 +From: Matthias Gerstner <mgerstner@suse.de> +Date: Thu, 24 Sep 2020 17:03:06 +0200 +Subject: [PATCH 03/10] Fix use after free in LanLinkProvider::connectError() + +If QSslSocket::connectToHost() hasn't finished running. + +Thanks Matthias Gerstner <mgerstner@suse.de> for reporting this. +--- + core/backends/lan/lanlinkprovider.cpp | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/core/backends/lan/lanlinkprovider.cpp b/core/backends/lan/lanlinkprovider.cpp +index fc005cee..235c221f 100644 +--- a/core/backends/lan/lanlinkprovider.cpp ++++ b/core/backends/lan/lanlinkprovider.cpp +@@ -252,7 +252,7 @@ void LanLinkProvider::connectError(QAbstractSocket::SocketError socketError) + //The socket we created didn't work, and we didn't manage + //to create a LanDeviceLink from it, deleting everything. + delete m_receivedIdentityPackets.take(socket).np; +- delete socket; ++ socket->deleteLater(); + } + + //We received a UDP packet and answered by connecting to them by TCP. This gets called on a successful connection. +-- +2.28.0 + diff --git a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-04-Limit-identity-packets-to-8KiB.patch b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-04-Limit-identity-packets-to-8KiB.patch new file mode 100644 index 000000000000..e083f5896def --- /dev/null +++ b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-04-Limit-identity-packets-to-8KiB.patch @@ -0,0 +1,36 @@ +From b496e66899e5bc9547b6537a7f44ab44dd0aaf38 Mon Sep 17 00:00:00 2001 +From: Aleix Pol <aleixpol@kde.org> +Date: Wed, 16 Sep 2020 02:28:58 +0200 +Subject: [PATCH 04/10] Limit identity packets to 8KiB + +Healthy identity packages shouldn't be that big and we don't want to +allow systems around us to send us ever humongous packages that will +just leave us without any memory. + +Thanks Matthias Gerstner <mgerstner@suse.de> for reporting this. +--- + core/backends/lan/lanlinkprovider.cpp | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/core/backends/lan/lanlinkprovider.cpp b/core/backends/lan/lanlinkprovider.cpp +index 235c221f..1fd3870e 100644 +--- a/core/backends/lan/lanlinkprovider.cpp ++++ b/core/backends/lan/lanlinkprovider.cpp +@@ -381,6 +381,14 @@ void LanLinkProvider::newConnection() + void LanLinkProvider::dataReceived() + { + QSslSocket* socket = qobject_cast<QSslSocket*>(sender()); ++ //the size here is arbitrary and is now at 8192 bytes. It needs to be considerably long as it includes the capabilities but there needs to be a limit ++ //Tested between my systems and I get around 2000 per identity package. ++ if (socket->bytesAvailable() > 8192) { ++ qCWarning(KDECONNECT_CORE) << "LanLinkProvider/newConnection: Suspiciously long identity package received. Closing connection." << socket->peerAddress() << socket->bytesAvailable(); ++ socket->disconnectFromHost(); ++ return; ++ } ++ + #if QT_VERSION < QT_VERSION_CHECK(5,7,0) + if (!socket->canReadLine()) + return; +-- +2.28.0 + diff --git a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-05-Do-not-let-lanlink-connections-stay-open-for-long-wi.patch b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-05-Do-not-let-lanlink-connections-stay-open-for-long-wi.patch new file mode 100644 index 000000000000..1465ce48b989 --- /dev/null +++ b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-05-Do-not-let-lanlink-connections-stay-open-for-long-wi.patch @@ -0,0 +1,37 @@ +From 5310eae85dbdf92fba30375238a2481f2e34943e Mon Sep 17 00:00:00 2001 +From: Aleix Pol <aleixpol@kde.org> +Date: Wed, 16 Sep 2020 02:44:38 +0200 +Subject: [PATCH 05/10] Do not let lanlink connections stay open for long + without authenticating + +If there's no information received, close the socket to try again. + +Thanks Matthias Gerstner <mgerstner@suse.de> for reporting this. +--- + core/backends/lan/lanlinkprovider.cpp | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/core/backends/lan/lanlinkprovider.cpp b/core/backends/lan/lanlinkprovider.cpp +index 1fd3870e..a4942c65 100644 +--- a/core/backends/lan/lanlinkprovider.cpp ++++ b/core/backends/lan/lanlinkprovider.cpp +@@ -374,6 +374,16 @@ void LanLinkProvider::newConnection() + connect(socket, &QIODevice::readyRead, + this, &LanLinkProvider::dataReceived); + ++ QTimer* timer = new QTimer(socket); ++ timer->setSingleShot(true); ++ timer->setInterval(1000); ++ connect(socket, &QSslSocket::encrypted, ++ timer, &QObject::deleteLater); ++ connect(timer, &QTimer::timeout, socket, [socket] { ++ qCWarning(KDECONNECT_CORE) << "LanLinkProvider/newConnection: Host timed out without sending any identity." << socket->peerAddress(); ++ socket->disconnectFromHost(); ++ }); ++ timer->start(); + } + } + +-- +2.28.0 + diff --git a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-06-Don-t-brute-force-reading-the-socket.patch b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-06-Don-t-brute-force-reading-the-socket.patch new file mode 100644 index 000000000000..7bb674a8e8f2 --- /dev/null +++ b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-06-Don-t-brute-force-reading-the-socket.patch @@ -0,0 +1,102 @@ +From 721ba9faafb79aac73973410ee1dd3624ded97a5 Mon Sep 17 00:00:00 2001 +From: Aleix Pol <aleixpol@kde.org> +Date: Wed, 16 Sep 2020 02:27:13 +0200 +Subject: [PATCH 06/10] Don't brute-force reading the socket + +The package will arrive eventually, and dataReceived will be emitted. +Otherwise we just end up calling dataReceived to no end. + +Thanks Matthias Gerstner <mgerstner@suse.de> for reporting this. +--- + core/backends/lan/socketlinereader.cpp | 8 ------- + tests/testsocketlinereader.cpp | 31 ++++++++++++++++++++++++-- + 2 files changed, 29 insertions(+), 10 deletions(-) + +diff --git a/core/backends/lan/socketlinereader.cpp b/core/backends/lan/socketlinereader.cpp +index f67fdf3f..da77052a 100644 +--- a/core/backends/lan/socketlinereader.cpp ++++ b/core/backends/lan/socketlinereader.cpp +@@ -38,14 +38,6 @@ void SocketLineReader::dataReceived() + } + } + +- //If we still have things to read from the socket, call dataReceived again +- //We do this manually because we do not trust readyRead to be emitted again +- //So we call this method again just in case. +- if (m_socket->bytesAvailable() > 0) { +- QMetaObject::invokeMethod(this, "dataReceived", Qt::QueuedConnection); +- return; +- } +- + //If we have any packets, tell it to the world. + if (!m_packets.isEmpty()) { + Q_EMIT readyRead(); +diff --git a/tests/testsocketlinereader.cpp b/tests/testsocketlinereader.cpp +index 75584556..b6425b03 100644 +--- a/tests/testsocketlinereader.cpp ++++ b/tests/testsocketlinereader.cpp +@@ -25,16 +25,19 @@ + #include <QProcess> + #include <QEventLoop> + #include <QTimer> ++#include <QSignalSpy> + + class TestSocketLineReader : public QObject + { + Q_OBJECT + public Q_SLOTS: +- void initTestCase(); ++ void init(); ++ void cleanup() { delete m_server; } + void newPacket(); + + private Q_SLOTS: + void socketLineReader(); ++ void badData(); + + private: + QTimer m_timer; +@@ -45,8 +48,9 @@ private: + SocketLineReader* m_reader; + }; + +-void TestSocketLineReader::initTestCase() ++void TestSocketLineReader::init() + { ++ m_packets.clear(); + m_server = new Server(this); + + QVERIFY2(m_server->listen(QHostAddress::LocalHost, 8694), "Failed to create local tcp server"); +@@ -97,6 +101,29 @@ void TestSocketLineReader::socketLineReader() + } + } + ++void TestSocketLineReader::badData() ++{ ++ const QList<QByteArray> dataToSend = { "data1\n", "data" }; //does not end in a \n ++ for (const QByteArray& line : qAsConst(dataToSend)) { ++ m_conn->write(line); ++ } ++ m_conn->flush(); ++ ++ QSignalSpy spy(m_server, &QTcpServer::newConnection); ++ QVERIFY(m_server->hasPendingConnections() || spy.wait(1000)); ++ QSslSocket* sock = m_server->nextPendingConnection(); ++ ++ QVERIFY2(sock != nullptr, "Could not open a connection to the client"); ++ ++ m_reader = new SocketLineReader(sock, this); ++ connect(m_reader, &SocketLineReader::readyRead, this, &TestSocketLineReader::newPacket); ++ m_timer.start(); ++ m_loop.exec(); ++ ++ QCOMPARE(m_packets.count(), 1); ++ QCOMPARE(m_packets[0], dataToSend[0]); ++} ++ + void TestSocketLineReader::newPacket() + { + if (!m_reader->bytesAvailable()) { +-- +2.28.0 + diff --git a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-07-Limit-number-of-connected-sockets-from-unpaired-devi.patch b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-07-Limit-number-of-connected-sockets-from-unpaired-devi.patch new file mode 100644 index 000000000000..6a6bdb01cb96 --- /dev/null +++ b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-07-Limit-number-of-connected-sockets-from-unpaired-devi.patch @@ -0,0 +1,42 @@ +From ae58b9dec49c809b85b5404cee17946116f8a706 Mon Sep 17 00:00:00 2001 +From: Albert Vaca Cintora <albertvaka@gmail.com> +Date: Thu, 24 Sep 2020 17:13:34 +0200 +Subject: [PATCH 07/10] Limit number of connected sockets from unpaired devices + +Thanks Matthias Gerstner <mgerstner@suse.de> for reporting this. +--- + core/backends/lan/lanlinkprovider.cpp | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/core/backends/lan/lanlinkprovider.cpp b/core/backends/lan/lanlinkprovider.cpp +index a4942c65..770e7866 100644 +--- a/core/backends/lan/lanlinkprovider.cpp ++++ b/core/backends/lan/lanlinkprovider.cpp +@@ -46,6 +46,8 @@ + + #define MIN_VERSION_WITH_SSL_SUPPORT 6 + ++static const int MAX_UNPAIRED_CONNECTIONS = 42; ++ + LanLinkProvider::LanLinkProvider( + bool testMode, + quint16 udpBroadcastPort, +@@ -555,6 +557,15 @@ void LanLinkProvider::addLink(const QString& deviceId, QSslSocket* socket, Netwo + deviceLink->reset(socket, connectionOrigin); + } else { + deviceLink = new LanDeviceLink(deviceId, this, socket, connectionOrigin); ++ // Socket disconnection will now be handled by LanDeviceLink ++ disconnect(socket, &QAbstractSocket::disconnected, socket, &QObject::deleteLater); ++ bool isDeviceTrusted = KdeConnectConfig::instance().trustedDevices().contains(deviceId); ++ if (!isDeviceTrusted && m_links.size() > MAX_UNPAIRED_CONNECTIONS) { ++ qCWarning(KDECONNECT_CORE) << "Too many unpaired devices to remember them all. Ignoring " << deviceId; ++ socket->disconnectFromHost(); ++ socket->deleteLater(); ++ return; ++ } + connect(deviceLink, &QObject::destroyed, this, &LanLinkProvider::deviceLinkDestroyed); + m_links[deviceId] = deviceLink; + if (m_pairingHandlers.contains(deviceId)) { +-- +2.28.0 + diff --git a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-08-Do-not-remember-more-than-a-few-identity-packets-at-.patch b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-08-Do-not-remember-more-than-a-few-identity-packets-at-.patch new file mode 100644 index 000000000000..36d612e9cbc1 --- /dev/null +++ b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-08-Do-not-remember-more-than-a-few-identity-packets-at-.patch @@ -0,0 +1,54 @@ +From 66c768aa9e7fba30b119c8b801efd49ed1270b0a Mon Sep 17 00:00:00 2001 +From: Albert Vaca Cintora <albertvaka@gmail.com> +Date: Thu, 24 Sep 2020 17:16:02 +0200 +Subject: [PATCH 08/10] Do not remember more than a few identity packets at a + time + +To prevent the kdeconnect process from using too much memory. + +Thanks Matthias Gerstner <mgerstner@suse.de> for reporting this. +--- + core/backends/lan/lanlinkprovider.cpp | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/core/backends/lan/lanlinkprovider.cpp b/core/backends/lan/lanlinkprovider.cpp +index 770e7866..6afb8552 100644 +--- a/core/backends/lan/lanlinkprovider.cpp ++++ b/core/backends/lan/lanlinkprovider.cpp +@@ -47,6 +47,7 @@ + #define MIN_VERSION_WITH_SSL_SUPPORT 6 + + static const int MAX_UNPAIRED_CONNECTIONS = 42; ++static const int MAX_REMEMBERED_IDENTITY_PACKETS = 42; + + LanLinkProvider::LanLinkProvider( + bool testMode, +@@ -225,6 +226,12 @@ void LanLinkProvider::udpBroadcastReceived() + + //qCDebug(KDECONNECT_CORE) << "Received Udp identity packet from" << sender << " asking for a tcp connection on port " << tcpPort; + ++ if (m_receivedIdentityPackets.size() > MAX_REMEMBERED_IDENTITY_PACKETS) { ++ qCWarning(KDECONNECT_CORE) << "Too many remembered identities, ignoring" << receivedPacket->get<QString>(QStringLiteral("deviceId")) << "received via UDP"; ++ delete receivedPacket; ++ continue; ++ } ++ + QSslSocket* socket = new QSslSocket(this); + socket->setProxy(QNetworkProxy::NoProxy); + m_receivedIdentityPackets[socket].np = receivedPacket; +@@ -435,6 +442,12 @@ void LanLinkProvider::dataReceived() + return; + } + ++ if (m_receivedIdentityPackets.size() > MAX_REMEMBERED_IDENTITY_PACKETS) { ++ qCWarning(KDECONNECT_CORE) << "Too many remembered identities, ignoring" << np->get<QString>(QStringLiteral("deviceId")) << "received via TCP"; ++ delete np; ++ return; ++ } ++ + // Needed in "encrypted" if ssl is used, similar to "tcpSocketConnected" + m_receivedIdentityPackets[socket].np = np; + +-- +2.28.0 + diff --git a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-09-Limit-the-ports-we-try-to-connect-to-to-the-port-ran.patch b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-09-Limit-the-ports-we-try-to-connect-to-to-the-port-ran.patch new file mode 100644 index 000000000000..c108144632ca --- /dev/null +++ b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-09-Limit-the-ports-we-try-to-connect-to-to-the-port-ran.patch @@ -0,0 +1,32 @@ +From 85b691e40f525e22ca5cc4ebe79c361d71d7dc05 Mon Sep 17 00:00:00 2001 +From: Albert Vaca Cintora <albertvaka@gmail.com> +Date: Thu, 24 Sep 2020 17:18:06 +0200 +Subject: [PATCH 09/10] Limit the ports we try to connect to to the port range + of KDE Connect + +So we can't trigger connections to other services. + +Thanks Matthias Gerstner <mgerstner@suse.de> for reporting this. +--- + core/backends/lan/lanlinkprovider.cpp | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/core/backends/lan/lanlinkprovider.cpp b/core/backends/lan/lanlinkprovider.cpp +index 6afb8552..f3d6801d 100644 +--- a/core/backends/lan/lanlinkprovider.cpp ++++ b/core/backends/lan/lanlinkprovider.cpp +@@ -223,6 +223,11 @@ void LanLinkProvider::udpBroadcastReceived() + } + + int tcpPort = receivedPacket->get<int>(QStringLiteral("tcpPort")); ++ if (tcpPort < MIN_TCP_PORT || tcpPort > MAX_TCP_PORT) { ++ qCDebug(KDECONNECT_CORE) << "TCP port outside of kdeconnect's range"; ++ delete receivedPacket; ++ continue; ++ } + + //qCDebug(KDECONNECT_CORE) << "Received Udp identity packet from" << sender << " asking for a tcp connection on port " << tcpPort; + +-- +2.28.0 + diff --git a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-10-Do-not-replace-connections-for-a-given-deviceId-if-t.patch b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-10-Do-not-replace-connections-for-a-given-deviceId-if-t.patch new file mode 100644 index 000000000000..d10f0193dacc --- /dev/null +++ b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-10-Do-not-replace-connections-for-a-given-deviceId-if-t.patch @@ -0,0 +1,58 @@ +From 48180b46552d40729a36b7431e97bbe2b5379306 Mon Sep 17 00:00:00 2001 +From: Albert Vaca Cintora <albertvaka@gmail.com> +Date: Thu, 24 Sep 2020 18:46:57 +0200 +Subject: [PATCH 10/10] Do not replace connections for a given deviceId if the + certs have changed + +Thanks Matthias Gerstner <mgerstner@suse.de> for reporting this. +--- + core/backends/lan/landevicelink.cpp | 5 +++++ + core/backends/lan/landevicelink.h | 1 + + core/backends/lan/lanlinkprovider.cpp | 6 ++++++ + 3 files changed, 12 insertions(+) + +diff --git a/core/backends/lan/landevicelink.cpp b/core/backends/lan/landevicelink.cpp +index 8a65fb92..41af6f0e 100644 +--- a/core/backends/lan/landevicelink.cpp ++++ b/core/backends/lan/landevicelink.cpp +@@ -192,3 +192,8 @@ bool LanDeviceLink::linkShouldBeKeptAlive() { + //return (mConnectionSource == ConnectionStarted::Remotely || pairStatus() == Paired); + + } ++ ++QSslCertificate LanDeviceLink::certificate() const ++{ ++ return m_socketLineReader->peerCertificate(); ++} +diff --git a/core/backends/lan/landevicelink.h b/core/backends/lan/landevicelink.h +index 28f63db2..485c58b5 100644 +--- a/core/backends/lan/landevicelink.h ++++ b/core/backends/lan/landevicelink.h +@@ -56,6 +56,7 @@ public: + bool linkShouldBeKeptAlive() override; + + QHostAddress hostAddress() const; ++ QSslCertificate certificate() const; + + private Q_SLOTS: + void dataReceived(); +diff --git a/core/backends/lan/lanlinkprovider.cpp b/core/backends/lan/lanlinkprovider.cpp +index f3d6801d..372cdc8f 100644 +--- a/core/backends/lan/lanlinkprovider.cpp ++++ b/core/backends/lan/lanlinkprovider.cpp +@@ -345,6 +345,12 @@ void LanLinkProvider::encrypted() + NetworkPacket* receivedPacket = m_receivedIdentityPackets[socket].np; + const QString& deviceId = receivedPacket->get<QString>(QStringLiteral("deviceId")); + ++ if (m_links.contains(deviceId) && m_links[deviceId]->certificate() != socket->peerCertificate()) { ++ socket->disconnectFromHost(); ++ qCWarning(KDECONNECT_CORE) << "Got connection for the same deviceId but certificates don't match. Ignoring " << deviceId; ++ return; ++ } ++ + addLink(deviceId, socket, receivedPacket, connectionOrigin); + + // Copied from tcpSocketConnected slot, now delete received packet +-- +2.28.0 + diff --git a/kde-misc/kdeconnect/kdeconnect-20.04.3.ebuild b/kde-misc/kdeconnect/kdeconnect-20.04.3.ebuild deleted file mode 100644 index f6ae548b6c75..000000000000 --- a/kde-misc/kdeconnect/kdeconnect-20.04.3.ebuild +++ /dev/null @@ -1,84 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -ECM_HANDBOOK="optional" -ECM_TEST="true" -KDE_ORG_NAME="${PN}-kde" -KDE_RELEASE_SERVICE="true" -KDE_SELINUX_MODULE="${PN}" -KFMIN=5.70.0 -QTMIN=5.14.2 -inherit ecm kde.org - -DESCRIPTION="Adds communication between KDE Plasma and your smartphone" -HOMEPAGE="https://kdeconnect.kde.org/ -https://kde.org/applications/internet/org.kde.kdeconnect.kcm" - -LICENSE="GPL-2+" -SLOT="5" -KEYWORDS="amd64 arm64 x86" -IUSE="bluetooth pulseaudio wayland X" - -DEPEND=" - >=app-crypt/qca-2.1.0:2[qt5(+),ssl] - >=dev-qt/qtdbus-${QTMIN}:5 - >=dev-qt/qtdeclarative-${QTMIN}:5 - >=dev-qt/qtgui-${QTMIN}:5 - >=dev-qt/qtmultimedia-${QTMIN}:5 - >=dev-qt/qtnetwork-${QTMIN}:5 - >=dev-qt/qtwidgets-${QTMIN}:5 - >=kde-frameworks/kcmutils-${KFMIN}:5 - >=kde-frameworks/kconfig-${KFMIN}:5 - >=kde-frameworks/kconfigwidgets-${KFMIN}:5 - >=kde-frameworks/kcoreaddons-${KFMIN}:5 - >=kde-frameworks/kdbusaddons-${KFMIN}:5 - >=kde-frameworks/ki18n-${KFMIN}:5 - >=kde-frameworks/kiconthemes-${KFMIN}:5 - >=kde-frameworks/kio-${KFMIN}:5 - >=kde-frameworks/kirigami-${KFMIN}:5 - >=kde-frameworks/knotifications-${KFMIN}:5 - >=kde-frameworks/kpeople-${KFMIN}:5 - >=kde-frameworks/kservice-${KFMIN}:5 - >=kde-frameworks/kwidgetsaddons-${KFMIN}:5 - >=kde-frameworks/plasma-${KFMIN}:5 - bluetooth? ( >=dev-qt/qtbluetooth-${QTMIN}:5 ) - X? ( - >=dev-qt/qtx11extras-${QTMIN}:5 - x11-libs/libfakekey - x11-libs/libX11 - x11-libs/libXtst - ) - pulseaudio? ( media-libs/pulseaudio-qt ) - wayland? ( >=kde-frameworks/kwayland-${KFMIN}:5 ) -" -RDEPEND="${DEPEND} - dev-libs/kpeoplevcard - >=dev-qt/qtgraphicaleffects-${QTMIN}:5 - >=dev-qt/qtquickcontrols2-${QTMIN}:5 - >=kde-frameworks/kdeclarative-${KFMIN}:5 - net-fs/sshfs -" - -RESTRICT+=" test" - -src_configure() { - local mycmakeargs=( - -DBLUETOOTH_ENABLED=$(usex bluetooth) - $(cmake_use_find_package pulseaudio KF5PulseAudioQt) - $(cmake_use_find_package wayland KF5Wayland) - $(cmake_use_find_package X LibFakeKey) - ) - - ecm_src_configure -} - -pkg_postinst(){ - ecm_pkg_postinst - - elog "The Android .apk file is available via" - elog "https://play.google.com/store/apps/details?id=org.kde.kdeconnect_tp" - elog "or via" - elog "https://f-droid.org/repository/browse/?fdid=org.kde.kdeconnect_tp" -} diff --git a/kde-misc/kdeconnect/kdeconnect-20.08.1.ebuild b/kde-misc/kdeconnect/kdeconnect-20.08.3.ebuild index be85ee3bf6af..f2e7774d075d 100644 --- a/kde-misc/kdeconnect/kdeconnect-20.08.1.ebuild +++ b/kde-misc/kdeconnect/kdeconnect-20.08.3.ebuild @@ -8,17 +8,17 @@ ECM_TEST="true" KDE_ORG_NAME="${PN}-kde" KDE_RELEASE_SERVICE="true" KDE_SELINUX_MODULE="${PN}" -KFMIN=5.72.0 -QTMIN=5.14.2 +KFMIN=5.74.0 +QTMIN=5.15.1 inherit ecm kde.org DESCRIPTION="Adds communication between KDE Plasma and your smartphone" HOMEPAGE="https://kdeconnect.kde.org/ -https://kde.org/applications/internet/org.kde.kdeconnect.kcm" +https://apps.kde.org/en/kdeconnect.kcm" LICENSE="GPL-2+" SLOT="5" -KEYWORDS="~amd64 ~arm64 ~x86" +KEYWORDS="amd64 arm64 ~ppc64 x86" IUSE="bluetooth pulseaudio wayland X" DEPEND=" @@ -81,5 +81,5 @@ pkg_postinst(){ elog "The Android .apk file is available via" elog "https://play.google.com/store/apps/details?id=org.kde.kdeconnect_tp" elog "or via" - elog "https://f-droid.org/repository/browse/?fdid=org.kde.kdeconnect_tp" + elog "https://f-droid.org/packages/org.kde.kdeconnect_tp/" } |