Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Andreas Sturmlechner <asturm@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: kde-misc/kdeconnect/, kde-misc/kdeconnect/files/
Date: Sun, 04 Oct 2020 16:07:23
Message-Id: 1601826847.bb81637747a3a0d3cc36bd19f73250d32dfc8b6c.asturm@gentoo
1 commit: bb81637747a3a0d3cc36bd19f73250d32dfc8b6c
2 Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
3 AuthorDate: Sun Oct 4 08:35:47 2020 +0000
4 Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
5 CommitDate: Sun Oct 4 15:54:07 2020 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bb816377
7
8 kde-misc/kdeconnect: Fix CVE-2020-26164
9
10 See also: https://kde.org/info/security/advisory-20201002-1.txt
11
12 Bug: https://bugs.gentoo.org/746401
13 Package-Manager: Portage-3.0.8, Repoman-3.0.1
14 Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org>
15
16 ...re-SSL-errors-except-for-self-signed-cert.patch | 65 +++++++++++++
17 ...ot-leak-the-local-user-in-the-device-name.patch | 32 +++++++
18 ...fter-free-in-LanLinkProvider-connectError.patch | 28 ++++++
19 ...20.04.3-04-Limit-identity-packets-to-8KiB.patch | 36 ++++++++
20 ...lanlink-connections-stay-open-for-long-wi.patch | 37 ++++++++
21 ...3-06-Don-t-brute-force-reading-the-socket.patch | 102 +++++++++++++++++++++
22 ...r-of-connected-sockets-from-unpaired-devi.patch | 42 +++++++++
23 ...mber-more-than-a-few-identity-packets-at-.patch | 54 +++++++++++
24 ...orts-we-try-to-connect-to-to-the-port-ran.patch | 32 +++++++
25 ...ace-connections-for-a-given-deviceId-if-t.patch | 58 ++++++++++++
26 kde-misc/kdeconnect/kdeconnect-20.04.3-r1.ebuild | 98 ++++++++++++++++++++
27 kde-misc/kdeconnect/kdeconnect-20.08.1-r1.ebuild | 99 ++++++++++++++++++++
28 12 files changed, 683 insertions(+)
29
30 diff --git a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-01-Do-not-ignore-SSL-errors-except-for-self-signed-cert.patch b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-01-Do-not-ignore-SSL-errors-except-for-self-signed-cert.patch
31 new file mode 100644
32 index 00000000000..cafeb9501cd
33 --- /dev/null
34 +++ b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-01-Do-not-ignore-SSL-errors-except-for-self-signed-cert.patch
35 @@ -0,0 +1,65 @@
36 +From f183b5447bad47655c21af87214579f03bf3a163 Mon Sep 17 00:00:00 2001
37 +From: Albert Vaca Cintora <albertvaka@×××××.com>
38 +Date: Thu, 24 Sep 2020 16:59:22 +0200
39 +Subject: [PATCH 01/10] Do not ignore SSL errors, except for self-signed cert
40 + errors.
41 +
42 +Thanks Matthias Gerstner <mgerstner@××××.de> for reporting this.
43 +---
44 + core/backends/lan/lanlinkprovider.cpp | 24 +++++++++++++-----------
45 + 1 file changed, 13 insertions(+), 11 deletions(-)
46 +
47 +diff --git a/core/backends/lan/lanlinkprovider.cpp b/core/backends/lan/lanlinkprovider.cpp
48 +index d9a7d8fa..fc005cee 100644
49 +--- a/core/backends/lan/lanlinkprovider.cpp
50 ++++ b/core/backends/lan/lanlinkprovider.cpp
51 +@@ -297,9 +297,7 @@ void LanLinkProvider::tcpSocketConnected()
52 +
53 + connect(socket, &QSslSocket::encrypted, this, &LanLinkProvider::encrypted);
54 +
55 +- if (isDeviceTrusted) {
56 +- connect(socket, QOverload<const QList<QSslError> &>::of(&QSslSocket::sslErrors), this, &LanLinkProvider::sslErrors);
57 +- }
58 ++ connect(socket, QOverload<const QList<QSslError> &>::of(&QSslSocket::sslErrors), this, &LanLinkProvider::sslErrors);
59 +
60 + socket->startServerEncryption();
61 +
62 +@@ -326,8 +324,6 @@ void LanLinkProvider::encrypted()
63 +
64 + QSslSocket* socket = qobject_cast<QSslSocket*>(sender());
65 + if (!socket) return;
66 +- // TODO delete me?
67 +- disconnect(socket, QOverload<const QList<QSslError> &>::of(&QSslSocket::sslErrors), this, &LanLinkProvider::sslErrors);
68 +
69 + Q_ASSERT(socket->mode() != QSslSocket::UnencryptedMode);
70 + LanDeviceLink::ConnectionStarted connectionOrigin = (socket->mode() == QSslSocket::SslClientMode)? LanDeviceLink::Locally : LanDeviceLink::Remotely;
71 +@@ -346,14 +342,20 @@ void LanLinkProvider::sslErrors(const QList<QSslError>& errors)
72 + QSslSocket* socket = qobject_cast<QSslSocket*>(sender());
73 + if (!socket) return;
74 +
75 +- qCDebug(KDECONNECT_CORE) << "Failing due to " << errors;
76 +- Device* device = Daemon::instance()->getDevice(socket->peerVerifyName());
77 +- if (device) {
78 +- device->unpair();
79 ++ bool fatal = false;
80 ++ for (const QSslError& error : errors) {
81 ++ if (error.error() != QSslError::SelfSignedCertificate) {
82 ++ qCCritical(KDECONNECT_CORE) << "Disconnecting due to fatal SSL Error: " << error;
83 ++ fatal = true;
84 ++ } else {
85 ++ qCDebug(KDECONNECT_CORE) << "Ignoring self-signed cert error";
86 ++ }
87 + }
88 +
89 +- delete m_receivedIdentityPackets.take(socket).np;
90 +- // Socket disconnects itself on ssl error and will be deleted by deleteLater slot, no need to delete manually
91 ++ if (fatal) {
92 ++ socket->disconnectFromHost();
93 ++ delete m_receivedIdentityPackets.take(socket).np;
94 ++ }
95 + }
96 +
97 + //I'm the new device and this is the answer to my UDP identity packet (no data received yet). They are connecting to us through TCP, and they should send an identity.
98 +--
99 +2.28.0
100 +
101
102 diff --git a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-02-Do-not-leak-the-local-user-in-the-device-name.patch b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-02-Do-not-leak-the-local-user-in-the-device-name.patch
103 new file mode 100644
104 index 00000000000..b374d001036
105 --- /dev/null
106 +++ b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-02-Do-not-leak-the-local-user-in-the-device-name.patch
107 @@ -0,0 +1,32 @@
108 +From b279c52101d3f7cc30a26086d58de0b5f1c547fa Mon Sep 17 00:00:00 2001
109 +From: Albert Vaca Cintora <albertvaka@×××××.com>
110 +Date: Thu, 24 Sep 2020 17:01:03 +0200
111 +Subject: [PATCH 02/10] Do not leak the local user in the device name.
112 +
113 +Thanks Matthias Gerstner <mgerstner@××××.de> for reporting this.
114 +---
115 + core/kdeconnectconfig.cpp | 8 +-------
116 + 1 file changed, 1 insertion(+), 7 deletions(-)
117 +
118 +diff --git a/core/kdeconnectconfig.cpp b/core/kdeconnectconfig.cpp
119 +index 91719303..a8dbcf5c 100644
120 +--- a/core/kdeconnectconfig.cpp
121 ++++ b/core/kdeconnectconfig.cpp
122 +@@ -90,13 +90,7 @@ KdeConnectConfig::KdeConnectConfig()
123 +
124 + QString KdeConnectConfig::name()
125 + {
126 +- QString username;
127 +- #ifdef Q_OS_WIN
128 +- username = QString::fromLatin1(qgetenv("USERNAME"));
129 +- #else
130 +- username = QString::fromLatin1(qgetenv("USER"));
131 +- #endif
132 +- QString defaultName = username + QStringLiteral("@") + QHostInfo::localHostName();
133 ++ QString defaultName = QHostInfo::localHostName();
134 + QString name = d->m_config->value(QStringLiteral("name"), defaultName).toString();
135 + return name;
136 + }
137 +--
138 +2.28.0
139 +
140
141 diff --git a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-03-Fix-use-after-free-in-LanLinkProvider-connectError.patch b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-03-Fix-use-after-free-in-LanLinkProvider-connectError.patch
142 new file mode 100644
143 index 00000000000..52fb9057b93
144 --- /dev/null
145 +++ b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-03-Fix-use-after-free-in-LanLinkProvider-connectError.patch
146 @@ -0,0 +1,28 @@
147 +From d35b88c1b25fe13715f9170f18674d476ca9acdc Mon Sep 17 00:00:00 2001
148 +From: Matthias Gerstner <mgerstner@××××.de>
149 +Date: Thu, 24 Sep 2020 17:03:06 +0200
150 +Subject: [PATCH 03/10] Fix use after free in LanLinkProvider::connectError()
151 +
152 +If QSslSocket::connectToHost() hasn't finished running.
153 +
154 +Thanks Matthias Gerstner <mgerstner@××××.de> for reporting this.
155 +---
156 + core/backends/lan/lanlinkprovider.cpp | 2 +-
157 + 1 file changed, 1 insertion(+), 1 deletion(-)
158 +
159 +diff --git a/core/backends/lan/lanlinkprovider.cpp b/core/backends/lan/lanlinkprovider.cpp
160 +index fc005cee..235c221f 100644
161 +--- a/core/backends/lan/lanlinkprovider.cpp
162 ++++ b/core/backends/lan/lanlinkprovider.cpp
163 +@@ -252,7 +252,7 @@ void LanLinkProvider::connectError(QAbstractSocket::SocketError socketError)
164 + //The socket we created didn't work, and we didn't manage
165 + //to create a LanDeviceLink from it, deleting everything.
166 + delete m_receivedIdentityPackets.take(socket).np;
167 +- delete socket;
168 ++ socket->deleteLater();
169 + }
170 +
171 + //We received a UDP packet and answered by connecting to them by TCP. This gets called on a successful connection.
172 +--
173 +2.28.0
174 +
175
176 diff --git a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-04-Limit-identity-packets-to-8KiB.patch b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-04-Limit-identity-packets-to-8KiB.patch
177 new file mode 100644
178 index 00000000000..e083f5896de
179 --- /dev/null
180 +++ b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-04-Limit-identity-packets-to-8KiB.patch
181 @@ -0,0 +1,36 @@
182 +From b496e66899e5bc9547b6537a7f44ab44dd0aaf38 Mon Sep 17 00:00:00 2001
183 +From: Aleix Pol <aleixpol@×××.org>
184 +Date: Wed, 16 Sep 2020 02:28:58 +0200
185 +Subject: [PATCH 04/10] Limit identity packets to 8KiB
186 +
187 +Healthy identity packages shouldn't be that big and we don't want to
188 +allow systems around us to send us ever humongous packages that will
189 +just leave us without any memory.
190 +
191 +Thanks Matthias Gerstner <mgerstner@××××.de> for reporting this.
192 +---
193 + core/backends/lan/lanlinkprovider.cpp | 8 ++++++++
194 + 1 file changed, 8 insertions(+)
195 +
196 +diff --git a/core/backends/lan/lanlinkprovider.cpp b/core/backends/lan/lanlinkprovider.cpp
197 +index 235c221f..1fd3870e 100644
198 +--- a/core/backends/lan/lanlinkprovider.cpp
199 ++++ b/core/backends/lan/lanlinkprovider.cpp
200 +@@ -381,6 +381,14 @@ void LanLinkProvider::newConnection()
201 + void LanLinkProvider::dataReceived()
202 + {
203 + QSslSocket* socket = qobject_cast<QSslSocket*>(sender());
204 ++ //the size here is arbitrary and is now at 8192 bytes. It needs to be considerably long as it includes the capabilities but there needs to be a limit
205 ++ //Tested between my systems and I get around 2000 per identity package.
206 ++ if (socket->bytesAvailable() > 8192) {
207 ++ qCWarning(KDECONNECT_CORE) << "LanLinkProvider/newConnection: Suspiciously long identity package received. Closing connection." << socket->peerAddress() << socket->bytesAvailable();
208 ++ socket->disconnectFromHost();
209 ++ return;
210 ++ }
211 ++
212 + #if QT_VERSION < QT_VERSION_CHECK(5,7,0)
213 + if (!socket->canReadLine())
214 + return;
215 +--
216 +2.28.0
217 +
218
219 diff --git a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-05-Do-not-let-lanlink-connections-stay-open-for-long-wi.patch b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-05-Do-not-let-lanlink-connections-stay-open-for-long-wi.patch
220 new file mode 100644
221 index 00000000000..1465ce48b98
222 --- /dev/null
223 +++ b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-05-Do-not-let-lanlink-connections-stay-open-for-long-wi.patch
224 @@ -0,0 +1,37 @@
225 +From 5310eae85dbdf92fba30375238a2481f2e34943e Mon Sep 17 00:00:00 2001
226 +From: Aleix Pol <aleixpol@×××.org>
227 +Date: Wed, 16 Sep 2020 02:44:38 +0200
228 +Subject: [PATCH 05/10] Do not let lanlink connections stay open for long
229 + without authenticating
230 +
231 +If there's no information received, close the socket to try again.
232 +
233 +Thanks Matthias Gerstner <mgerstner@××××.de> for reporting this.
234 +---
235 + core/backends/lan/lanlinkprovider.cpp | 10 ++++++++++
236 + 1 file changed, 10 insertions(+)
237 +
238 +diff --git a/core/backends/lan/lanlinkprovider.cpp b/core/backends/lan/lanlinkprovider.cpp
239 +index 1fd3870e..a4942c65 100644
240 +--- a/core/backends/lan/lanlinkprovider.cpp
241 ++++ b/core/backends/lan/lanlinkprovider.cpp
242 +@@ -374,6 +374,16 @@ void LanLinkProvider::newConnection()
243 + connect(socket, &QIODevice::readyRead,
244 + this, &LanLinkProvider::dataReceived);
245 +
246 ++ QTimer* timer = new QTimer(socket);
247 ++ timer->setSingleShot(true);
248 ++ timer->setInterval(1000);
249 ++ connect(socket, &QSslSocket::encrypted,
250 ++ timer, &QObject::deleteLater);
251 ++ connect(timer, &QTimer::timeout, socket, [socket] {
252 ++ qCWarning(KDECONNECT_CORE) << "LanLinkProvider/newConnection: Host timed out without sending any identity." << socket->peerAddress();
253 ++ socket->disconnectFromHost();
254 ++ });
255 ++ timer->start();
256 + }
257 + }
258 +
259 +--
260 +2.28.0
261 +
262
263 diff --git a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-06-Don-t-brute-force-reading-the-socket.patch b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-06-Don-t-brute-force-reading-the-socket.patch
264 new file mode 100644
265 index 00000000000..7bb674a8e8f
266 --- /dev/null
267 +++ b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-06-Don-t-brute-force-reading-the-socket.patch
268 @@ -0,0 +1,102 @@
269 +From 721ba9faafb79aac73973410ee1dd3624ded97a5 Mon Sep 17 00:00:00 2001
270 +From: Aleix Pol <aleixpol@×××.org>
271 +Date: Wed, 16 Sep 2020 02:27:13 +0200
272 +Subject: [PATCH 06/10] Don't brute-force reading the socket
273 +
274 +The package will arrive eventually, and dataReceived will be emitted.
275 +Otherwise we just end up calling dataReceived to no end.
276 +
277 +Thanks Matthias Gerstner <mgerstner@××××.de> for reporting this.
278 +---
279 + core/backends/lan/socketlinereader.cpp | 8 -------
280 + tests/testsocketlinereader.cpp | 31 ++++++++++++++++++++++++--
281 + 2 files changed, 29 insertions(+), 10 deletions(-)
282 +
283 +diff --git a/core/backends/lan/socketlinereader.cpp b/core/backends/lan/socketlinereader.cpp
284 +index f67fdf3f..da77052a 100644
285 +--- a/core/backends/lan/socketlinereader.cpp
286 ++++ b/core/backends/lan/socketlinereader.cpp
287 +@@ -38,14 +38,6 @@ void SocketLineReader::dataReceived()
288 + }
289 + }
290 +
291 +- //If we still have things to read from the socket, call dataReceived again
292 +- //We do this manually because we do not trust readyRead to be emitted again
293 +- //So we call this method again just in case.
294 +- if (m_socket->bytesAvailable() > 0) {
295 +- QMetaObject::invokeMethod(this, "dataReceived", Qt::QueuedConnection);
296 +- return;
297 +- }
298 +-
299 + //If we have any packets, tell it to the world.
300 + if (!m_packets.isEmpty()) {
301 + Q_EMIT readyRead();
302 +diff --git a/tests/testsocketlinereader.cpp b/tests/testsocketlinereader.cpp
303 +index 75584556..b6425b03 100644
304 +--- a/tests/testsocketlinereader.cpp
305 ++++ b/tests/testsocketlinereader.cpp
306 +@@ -25,16 +25,19 @@
307 + #include <QProcess>
308 + #include <QEventLoop>
309 + #include <QTimer>
310 ++#include <QSignalSpy>
311 +
312 + class TestSocketLineReader : public QObject
313 + {
314 + Q_OBJECT
315 + public Q_SLOTS:
316 +- void initTestCase();
317 ++ void init();
318 ++ void cleanup() { delete m_server; }
319 + void newPacket();
320 +
321 + private Q_SLOTS:
322 + void socketLineReader();
323 ++ void badData();
324 +
325 + private:
326 + QTimer m_timer;
327 +@@ -45,8 +48,9 @@ private:
328 + SocketLineReader* m_reader;
329 + };
330 +
331 +-void TestSocketLineReader::initTestCase()
332 ++void TestSocketLineReader::init()
333 + {
334 ++ m_packets.clear();
335 + m_server = new Server(this);
336 +
337 + QVERIFY2(m_server->listen(QHostAddress::LocalHost, 8694), "Failed to create local tcp server");
338 +@@ -97,6 +101,29 @@ void TestSocketLineReader::socketLineReader()
339 + }
340 + }
341 +
342 ++void TestSocketLineReader::badData()
343 ++{
344 ++ const QList<QByteArray> dataToSend = { "data1\n", "data" }; //does not end in a \n
345 ++ for (const QByteArray& line : qAsConst(dataToSend)) {
346 ++ m_conn->write(line);
347 ++ }
348 ++ m_conn->flush();
349 ++
350 ++ QSignalSpy spy(m_server, &QTcpServer::newConnection);
351 ++ QVERIFY(m_server->hasPendingConnections() || spy.wait(1000));
352 ++ QSslSocket* sock = m_server->nextPendingConnection();
353 ++
354 ++ QVERIFY2(sock != nullptr, "Could not open a connection to the client");
355 ++
356 ++ m_reader = new SocketLineReader(sock, this);
357 ++ connect(m_reader, &SocketLineReader::readyRead, this, &TestSocketLineReader::newPacket);
358 ++ m_timer.start();
359 ++ m_loop.exec();
360 ++
361 ++ QCOMPARE(m_packets.count(), 1);
362 ++ QCOMPARE(m_packets[0], dataToSend[0]);
363 ++}
364 ++
365 + void TestSocketLineReader::newPacket()
366 + {
367 + if (!m_reader->bytesAvailable()) {
368 +--
369 +2.28.0
370 +
371
372 diff --git a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-07-Limit-number-of-connected-sockets-from-unpaired-devi.patch b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-07-Limit-number-of-connected-sockets-from-unpaired-devi.patch
373 new file mode 100644
374 index 00000000000..6a6bdb01cb9
375 --- /dev/null
376 +++ b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-07-Limit-number-of-connected-sockets-from-unpaired-devi.patch
377 @@ -0,0 +1,42 @@
378 +From ae58b9dec49c809b85b5404cee17946116f8a706 Mon Sep 17 00:00:00 2001
379 +From: Albert Vaca Cintora <albertvaka@×××××.com>
380 +Date: Thu, 24 Sep 2020 17:13:34 +0200
381 +Subject: [PATCH 07/10] Limit number of connected sockets from unpaired devices
382 +
383 +Thanks Matthias Gerstner <mgerstner@××××.de> for reporting this.
384 +---
385 + core/backends/lan/lanlinkprovider.cpp | 11 +++++++++++
386 + 1 file changed, 11 insertions(+)
387 +
388 +diff --git a/core/backends/lan/lanlinkprovider.cpp b/core/backends/lan/lanlinkprovider.cpp
389 +index a4942c65..770e7866 100644
390 +--- a/core/backends/lan/lanlinkprovider.cpp
391 ++++ b/core/backends/lan/lanlinkprovider.cpp
392 +@@ -46,6 +46,8 @@
393 +
394 + #define MIN_VERSION_WITH_SSL_SUPPORT 6
395 +
396 ++static const int MAX_UNPAIRED_CONNECTIONS = 42;
397 ++
398 + LanLinkProvider::LanLinkProvider(
399 + bool testMode,
400 + quint16 udpBroadcastPort,
401 +@@ -555,6 +557,15 @@ void LanLinkProvider::addLink(const QString& deviceId, QSslSocket* socket, Netwo
402 + deviceLink->reset(socket, connectionOrigin);
403 + } else {
404 + deviceLink = new LanDeviceLink(deviceId, this, socket, connectionOrigin);
405 ++ // Socket disconnection will now be handled by LanDeviceLink
406 ++ disconnect(socket, &QAbstractSocket::disconnected, socket, &QObject::deleteLater);
407 ++ bool isDeviceTrusted = KdeConnectConfig::instance().trustedDevices().contains(deviceId);
408 ++ if (!isDeviceTrusted && m_links.size() > MAX_UNPAIRED_CONNECTIONS) {
409 ++ qCWarning(KDECONNECT_CORE) << "Too many unpaired devices to remember them all. Ignoring " << deviceId;
410 ++ socket->disconnectFromHost();
411 ++ socket->deleteLater();
412 ++ return;
413 ++ }
414 + connect(deviceLink, &QObject::destroyed, this, &LanLinkProvider::deviceLinkDestroyed);
415 + m_links[deviceId] = deviceLink;
416 + if (m_pairingHandlers.contains(deviceId)) {
417 +--
418 +2.28.0
419 +
420
421 diff --git a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-08-Do-not-remember-more-than-a-few-identity-packets-at-.patch b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-08-Do-not-remember-more-than-a-few-identity-packets-at-.patch
422 new file mode 100644
423 index 00000000000..36d612e9cbc
424 --- /dev/null
425 +++ b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-08-Do-not-remember-more-than-a-few-identity-packets-at-.patch
426 @@ -0,0 +1,54 @@
427 +From 66c768aa9e7fba30b119c8b801efd49ed1270b0a Mon Sep 17 00:00:00 2001
428 +From: Albert Vaca Cintora <albertvaka@×××××.com>
429 +Date: Thu, 24 Sep 2020 17:16:02 +0200
430 +Subject: [PATCH 08/10] Do not remember more than a few identity packets at a
431 + time
432 +
433 +To prevent the kdeconnect process from using too much memory.
434 +
435 +Thanks Matthias Gerstner <mgerstner@××××.de> for reporting this.
436 +---
437 + core/backends/lan/lanlinkprovider.cpp | 13 +++++++++++++
438 + 1 file changed, 13 insertions(+)
439 +
440 +diff --git a/core/backends/lan/lanlinkprovider.cpp b/core/backends/lan/lanlinkprovider.cpp
441 +index 770e7866..6afb8552 100644
442 +--- a/core/backends/lan/lanlinkprovider.cpp
443 ++++ b/core/backends/lan/lanlinkprovider.cpp
444 +@@ -47,6 +47,7 @@
445 + #define MIN_VERSION_WITH_SSL_SUPPORT 6
446 +
447 + static const int MAX_UNPAIRED_CONNECTIONS = 42;
448 ++static const int MAX_REMEMBERED_IDENTITY_PACKETS = 42;
449 +
450 + LanLinkProvider::LanLinkProvider(
451 + bool testMode,
452 +@@ -225,6 +226,12 @@ void LanLinkProvider::udpBroadcastReceived()
453 +
454 + //qCDebug(KDECONNECT_CORE) << "Received Udp identity packet from" << sender << " asking for a tcp connection on port " << tcpPort;
455 +
456 ++ if (m_receivedIdentityPackets.size() > MAX_REMEMBERED_IDENTITY_PACKETS) {
457 ++ qCWarning(KDECONNECT_CORE) << "Too many remembered identities, ignoring" << receivedPacket->get<QString>(QStringLiteral("deviceId")) << "received via UDP";
458 ++ delete receivedPacket;
459 ++ continue;
460 ++ }
461 ++
462 + QSslSocket* socket = new QSslSocket(this);
463 + socket->setProxy(QNetworkProxy::NoProxy);
464 + m_receivedIdentityPackets[socket].np = receivedPacket;
465 +@@ -435,6 +442,12 @@ void LanLinkProvider::dataReceived()
466 + return;
467 + }
468 +
469 ++ if (m_receivedIdentityPackets.size() > MAX_REMEMBERED_IDENTITY_PACKETS) {
470 ++ qCWarning(KDECONNECT_CORE) << "Too many remembered identities, ignoring" << np->get<QString>(QStringLiteral("deviceId")) << "received via TCP";
471 ++ delete np;
472 ++ return;
473 ++ }
474 ++
475 + // Needed in "encrypted" if ssl is used, similar to "tcpSocketConnected"
476 + m_receivedIdentityPackets[socket].np = np;
477 +
478 +--
479 +2.28.0
480 +
481
482 diff --git a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-09-Limit-the-ports-we-try-to-connect-to-to-the-port-ran.patch b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-09-Limit-the-ports-we-try-to-connect-to-to-the-port-ran.patch
483 new file mode 100644
484 index 00000000000..c108144632c
485 --- /dev/null
486 +++ b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-09-Limit-the-ports-we-try-to-connect-to-to-the-port-ran.patch
487 @@ -0,0 +1,32 @@
488 +From 85b691e40f525e22ca5cc4ebe79c361d71d7dc05 Mon Sep 17 00:00:00 2001
489 +From: Albert Vaca Cintora <albertvaka@×××××.com>
490 +Date: Thu, 24 Sep 2020 17:18:06 +0200
491 +Subject: [PATCH 09/10] Limit the ports we try to connect to to the port range
492 + of KDE Connect
493 +
494 +So we can't trigger connections to other services.
495 +
496 +Thanks Matthias Gerstner <mgerstner@××××.de> for reporting this.
497 +---
498 + core/backends/lan/lanlinkprovider.cpp | 5 +++++
499 + 1 file changed, 5 insertions(+)
500 +
501 +diff --git a/core/backends/lan/lanlinkprovider.cpp b/core/backends/lan/lanlinkprovider.cpp
502 +index 6afb8552..f3d6801d 100644
503 +--- a/core/backends/lan/lanlinkprovider.cpp
504 ++++ b/core/backends/lan/lanlinkprovider.cpp
505 +@@ -223,6 +223,11 @@ void LanLinkProvider::udpBroadcastReceived()
506 + }
507 +
508 + int tcpPort = receivedPacket->get<int>(QStringLiteral("tcpPort"));
509 ++ if (tcpPort < MIN_TCP_PORT || tcpPort > MAX_TCP_PORT) {
510 ++ qCDebug(KDECONNECT_CORE) << "TCP port outside of kdeconnect's range";
511 ++ delete receivedPacket;
512 ++ continue;
513 ++ }
514 +
515 + //qCDebug(KDECONNECT_CORE) << "Received Udp identity packet from" << sender << " asking for a tcp connection on port " << tcpPort;
516 +
517 +--
518 +2.28.0
519 +
520
521 diff --git a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-10-Do-not-replace-connections-for-a-given-deviceId-if-t.patch b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-10-Do-not-replace-connections-for-a-given-deviceId-if-t.patch
522 new file mode 100644
523 index 00000000000..d10f0193dac
524 --- /dev/null
525 +++ b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-10-Do-not-replace-connections-for-a-given-deviceId-if-t.patch
526 @@ -0,0 +1,58 @@
527 +From 48180b46552d40729a36b7431e97bbe2b5379306 Mon Sep 17 00:00:00 2001
528 +From: Albert Vaca Cintora <albertvaka@×××××.com>
529 +Date: Thu, 24 Sep 2020 18:46:57 +0200
530 +Subject: [PATCH 10/10] Do not replace connections for a given deviceId if the
531 + certs have changed
532 +
533 +Thanks Matthias Gerstner <mgerstner@××××.de> for reporting this.
534 +---
535 + core/backends/lan/landevicelink.cpp | 5 +++++
536 + core/backends/lan/landevicelink.h | 1 +
537 + core/backends/lan/lanlinkprovider.cpp | 6 ++++++
538 + 3 files changed, 12 insertions(+)
539 +
540 +diff --git a/core/backends/lan/landevicelink.cpp b/core/backends/lan/landevicelink.cpp
541 +index 8a65fb92..41af6f0e 100644
542 +--- a/core/backends/lan/landevicelink.cpp
543 ++++ b/core/backends/lan/landevicelink.cpp
544 +@@ -192,3 +192,8 @@ bool LanDeviceLink::linkShouldBeKeptAlive() {
545 + //return (mConnectionSource == ConnectionStarted::Remotely || pairStatus() == Paired);
546 +
547 + }
548 ++
549 ++QSslCertificate LanDeviceLink::certificate() const
550 ++{
551 ++ return m_socketLineReader->peerCertificate();
552 ++}
553 +diff --git a/core/backends/lan/landevicelink.h b/core/backends/lan/landevicelink.h
554 +index 28f63db2..485c58b5 100644
555 +--- a/core/backends/lan/landevicelink.h
556 ++++ b/core/backends/lan/landevicelink.h
557 +@@ -56,6 +56,7 @@ public:
558 + bool linkShouldBeKeptAlive() override;
559 +
560 + QHostAddress hostAddress() const;
561 ++ QSslCertificate certificate() const;
562 +
563 + private Q_SLOTS:
564 + void dataReceived();
565 +diff --git a/core/backends/lan/lanlinkprovider.cpp b/core/backends/lan/lanlinkprovider.cpp
566 +index f3d6801d..372cdc8f 100644
567 +--- a/core/backends/lan/lanlinkprovider.cpp
568 ++++ b/core/backends/lan/lanlinkprovider.cpp
569 +@@ -345,6 +345,12 @@ void LanLinkProvider::encrypted()
570 + NetworkPacket* receivedPacket = m_receivedIdentityPackets[socket].np;
571 + const QString& deviceId = receivedPacket->get<QString>(QStringLiteral("deviceId"));
572 +
573 ++ if (m_links.contains(deviceId) && m_links[deviceId]->certificate() != socket->peerCertificate()) {
574 ++ socket->disconnectFromHost();
575 ++ qCWarning(KDECONNECT_CORE) << "Got connection for the same deviceId but certificates don't match. Ignoring " << deviceId;
576 ++ return;
577 ++ }
578 ++
579 + addLink(deviceId, socket, receivedPacket, connectionOrigin);
580 +
581 + // Copied from tcpSocketConnected slot, now delete received packet
582 +--
583 +2.28.0
584 +
585
586 diff --git a/kde-misc/kdeconnect/kdeconnect-20.04.3-r1.ebuild b/kde-misc/kdeconnect/kdeconnect-20.04.3-r1.ebuild
587 new file mode 100644
588 index 00000000000..1729d66f2f8
589 --- /dev/null
590 +++ b/kde-misc/kdeconnect/kdeconnect-20.04.3-r1.ebuild
591 @@ -0,0 +1,98 @@
592 +# Copyright 1999-2020 Gentoo Authors
593 +# Distributed under the terms of the GNU General Public License v2
594 +
595 +EAPI=7
596 +
597 +ECM_HANDBOOK="optional"
598 +ECM_TEST="true"
599 +KDE_ORG_NAME="${PN}-kde"
600 +KDE_RELEASE_SERVICE="true"
601 +KDE_SELINUX_MODULE="${PN}"
602 +KFMIN=5.70.0
603 +QTMIN=5.14.2
604 +inherit ecm kde.org
605 +
606 +DESCRIPTION="Adds communication between KDE Plasma and your smartphone"
607 +HOMEPAGE="https://kdeconnect.kde.org/
608 +https://kde.org/applications/en/kdeconnect.kcm"
609 +
610 +LICENSE="GPL-2+"
611 +SLOT="5"
612 +KEYWORDS="~amd64 ~arm64 ~x86"
613 +IUSE="bluetooth pulseaudio wayland X"
614 +
615 +DEPEND="
616 + >=app-crypt/qca-2.3.0:2[ssl]
617 + >=dev-qt/qtdbus-${QTMIN}:5
618 + >=dev-qt/qtdeclarative-${QTMIN}:5
619 + >=dev-qt/qtgui-${QTMIN}:5
620 + >=dev-qt/qtmultimedia-${QTMIN}:5
621 + >=dev-qt/qtnetwork-${QTMIN}:5
622 + >=dev-qt/qtwidgets-${QTMIN}:5
623 + >=kde-frameworks/kcmutils-${KFMIN}:5
624 + >=kde-frameworks/kconfig-${KFMIN}:5
625 + >=kde-frameworks/kconfigwidgets-${KFMIN}:5
626 + >=kde-frameworks/kcoreaddons-${KFMIN}:5
627 + >=kde-frameworks/kdbusaddons-${KFMIN}:5
628 + >=kde-frameworks/ki18n-${KFMIN}:5
629 + >=kde-frameworks/kiconthemes-${KFMIN}:5
630 + >=kde-frameworks/kio-${KFMIN}:5
631 + >=kde-frameworks/kirigami-${KFMIN}:5
632 + >=kde-frameworks/knotifications-${KFMIN}:5
633 + >=kde-frameworks/kpeople-${KFMIN}:5
634 + >=kde-frameworks/kservice-${KFMIN}:5
635 + >=kde-frameworks/kwidgetsaddons-${KFMIN}:5
636 + >=kde-frameworks/plasma-${KFMIN}:5
637 + bluetooth? ( >=dev-qt/qtbluetooth-${QTMIN}:5 )
638 + X? (
639 + >=dev-qt/qtx11extras-${QTMIN}:5
640 + x11-libs/libfakekey
641 + x11-libs/libX11
642 + x11-libs/libXtst
643 + )
644 + pulseaudio? ( media-libs/pulseaudio-qt )
645 + wayland? ( >=kde-frameworks/kwayland-${KFMIN}:5 )
646 +"
647 +RDEPEND="${DEPEND}
648 + dev-libs/kpeoplevcard
649 + >=dev-qt/qtgraphicaleffects-${QTMIN}:5
650 + >=dev-qt/qtquickcontrols2-${QTMIN}:5
651 + >=kde-frameworks/kdeclarative-${KFMIN}:5
652 + net-fs/sshfs
653 +"
654 +
655 +RESTRICT+=" test"
656 +
657 +PATCHES=(
658 + # CVE-2020-26164, bug 746401
659 + "${FILESDIR}"/${P}-01-Do-not-ignore-SSL-errors-except-for-self-signed-cert.patch
660 + "${FILESDIR}"/${P}-02-Do-not-leak-the-local-user-in-the-device-name.patch
661 + "${FILESDIR}"/${P}-03-Fix-use-after-free-in-LanLinkProvider-connectError.patch
662 + "${FILESDIR}"/${P}-04-Limit-identity-packets-to-8KiB.patch
663 + "${FILESDIR}"/${P}-05-Do-not-let-lanlink-connections-stay-open-for-long-wi.patch
664 + "${FILESDIR}"/${P}-06-Don-t-brute-force-reading-the-socket.patch
665 + "${FILESDIR}"/${P}-07-Limit-number-of-connected-sockets-from-unpaired-devi.patch
666 + "${FILESDIR}"/${P}-08-Do-not-remember-more-than-a-few-identity-packets-at-.patch
667 + "${FILESDIR}"/${P}-09-Limit-the-ports-we-try-to-connect-to-to-the-port-ran.patch
668 + "${FILESDIR}"/${P}-10-Do-not-replace-connections-for-a-given-deviceId-if-t.patch
669 +)
670 +
671 +src_configure() {
672 + local mycmakeargs=(
673 + -DBLUETOOTH_ENABLED=$(usex bluetooth)
674 + $(cmake_use_find_package pulseaudio KF5PulseAudioQt)
675 + $(cmake_use_find_package wayland KF5Wayland)
676 + $(cmake_use_find_package X LibFakeKey)
677 + )
678 +
679 + ecm_src_configure
680 +}
681 +
682 +pkg_postinst(){
683 + ecm_pkg_postinst
684 +
685 + elog "The Android .apk file is available via"
686 + elog "https://play.google.com/store/apps/details?id=org.kde.kdeconnect_tp"
687 + elog "or via"
688 + elog "https://f-droid.org/repository/browse/?fdid=org.kde.kdeconnect_tp"
689 +}
690
691 diff --git a/kde-misc/kdeconnect/kdeconnect-20.08.1-r1.ebuild b/kde-misc/kdeconnect/kdeconnect-20.08.1-r1.ebuild
692 new file mode 100644
693 index 00000000000..a43c4f2bd59
694 --- /dev/null
695 +++ b/kde-misc/kdeconnect/kdeconnect-20.08.1-r1.ebuild
696 @@ -0,0 +1,99 @@
697 +# Copyright 1999-2020 Gentoo Authors
698 +# Distributed under the terms of the GNU General Public License v2
699 +
700 +EAPI=7
701 +
702 +ECM_HANDBOOK="optional"
703 +ECM_TEST="true"
704 +KDE_ORG_NAME="${PN}-kde"
705 +KDE_RELEASE_SERVICE="true"
706 +KDE_SELINUX_MODULE="${PN}"
707 +KFMIN=5.72.0
708 +QTMIN=5.14.2
709 +inherit ecm kde.org
710 +
711 +DESCRIPTION="Adds communication between KDE Plasma and your smartphone"
712 +HOMEPAGE="https://kdeconnect.kde.org/
713 +https://kde.org/applications/en/kdeconnect.kcm"
714 +
715 +LICENSE="GPL-2+"
716 +SLOT="5"
717 +KEYWORDS="~amd64 ~arm64 ~x86"
718 +IUSE="bluetooth pulseaudio wayland X"
719 +
720 +DEPEND="
721 + >=app-crypt/qca-2.3.0:2[ssl]
722 + >=dev-qt/qtdbus-${QTMIN}:5
723 + >=dev-qt/qtdeclarative-${QTMIN}:5
724 + >=dev-qt/qtgui-${QTMIN}:5
725 + >=dev-qt/qtmultimedia-${QTMIN}:5
726 + >=dev-qt/qtnetwork-${QTMIN}:5
727 + >=dev-qt/qtwidgets-${QTMIN}:5
728 + >=kde-frameworks/kcmutils-${KFMIN}:5
729 + >=kde-frameworks/kconfig-${KFMIN}:5
730 + >=kde-frameworks/kconfigwidgets-${KFMIN}:5
731 + >=kde-frameworks/kcoreaddons-${KFMIN}:5
732 + >=kde-frameworks/kdbusaddons-${KFMIN}:5
733 + >=kde-frameworks/ki18n-${KFMIN}:5
734 + >=kde-frameworks/kiconthemes-${KFMIN}:5
735 + >=kde-frameworks/kio-${KFMIN}:5
736 + >=kde-frameworks/kirigami-${KFMIN}:5
737 + >=kde-frameworks/knotifications-${KFMIN}:5
738 + >=kde-frameworks/kpeople-${KFMIN}:5
739 + >=kde-frameworks/kservice-${KFMIN}:5
740 + >=kde-frameworks/kwidgetsaddons-${KFMIN}:5
741 + >=kde-frameworks/plasma-${KFMIN}:5
742 + >=kde-frameworks/solid-${KFMIN}:5
743 + bluetooth? ( >=dev-qt/qtbluetooth-${QTMIN}:5 )
744 + X? (
745 + >=dev-qt/qtx11extras-${QTMIN}:5
746 + x11-libs/libfakekey
747 + x11-libs/libX11
748 + x11-libs/libXtst
749 + )
750 + pulseaudio? ( media-libs/pulseaudio-qt )
751 + wayland? ( >=kde-frameworks/kwayland-${KFMIN}:5 )
752 +"
753 +RDEPEND="${DEPEND}
754 + dev-libs/kpeoplevcard
755 + >=dev-qt/qtgraphicaleffects-${QTMIN}:5
756 + >=dev-qt/qtquickcontrols2-${QTMIN}:5
757 + >=kde-frameworks/kdeclarative-${KFMIN}:5
758 + net-fs/sshfs
759 +"
760 +
761 +RESTRICT+=" test"
762 +
763 +PATCHES=(
764 + # CVE-2020-26164, bug 746401
765 + "${FILESDIR}"/${PN}-20.04.3-01-Do-not-ignore-SSL-errors-except-for-self-signed-cert.patch
766 + "${FILESDIR}"/${PN}-20.04.3-02-Do-not-leak-the-local-user-in-the-device-name.patch
767 + "${FILESDIR}"/${PN}-20.04.3-03-Fix-use-after-free-in-LanLinkProvider-connectError.patch
768 + "${FILESDIR}"/${PN}-20.04.3-04-Limit-identity-packets-to-8KiB.patch
769 + "${FILESDIR}"/${PN}-20.04.3-05-Do-not-let-lanlink-connections-stay-open-for-long-wi.patch
770 + "${FILESDIR}"/${PN}-20.04.3-06-Don-t-brute-force-reading-the-socket.patch
771 + "${FILESDIR}"/${PN}-20.04.3-07-Limit-number-of-connected-sockets-from-unpaired-devi.patch
772 + "${FILESDIR}"/${PN}-20.04.3-08-Do-not-remember-more-than-a-few-identity-packets-at-.patch
773 + "${FILESDIR}"/${PN}-20.04.3-09-Limit-the-ports-we-try-to-connect-to-to-the-port-ran.patch
774 + "${FILESDIR}"/${PN}-20.04.3-10-Do-not-replace-connections-for-a-given-deviceId-if-t.patch
775 +)
776 +
777 +src_configure() {
778 + local mycmakeargs=(
779 + -DBLUETOOTH_ENABLED=$(usex bluetooth)
780 + $(cmake_use_find_package pulseaudio KF5PulseAudioQt)
781 + $(cmake_use_find_package wayland KF5Wayland)
782 + $(cmake_use_find_package X LibFakeKey)
783 + )
784 +
785 + ecm_src_configure
786 +}
787 +
788 +pkg_postinst(){
789 + ecm_pkg_postinst
790 +
791 + elog "The Android .apk file is available via"
792 + elog "https://play.google.com/store/apps/details?id=org.kde.kdeconnect_tp"
793 + elog "or via"
794 + elog "https://f-droid.org/repository/browse/?fdid=org.kde.kdeconnect_tp"
795 +}
Report Message
Find on MARC Find on Google Groups