1 |
commit: bb81637747a3a0d3cc36bd19f73250d32dfc8b6c |
2 |
Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sun Oct 4 08:35:47 2020 +0000 |
4 |
Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Oct 4 15:54:07 2020 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bb816377 |
7 |
|
8 |
kde-misc/kdeconnect: Fix CVE-2020-26164 |
9 |
|
10 |
See also: https://kde.org/info/security/advisory-20201002-1.txt |
11 |
|
12 |
Bug: https://bugs.gentoo.org/746401 |
13 |
Package-Manager: Portage-3.0.8, Repoman-3.0.1 |
14 |
Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org> |
15 |
|
16 |
...re-SSL-errors-except-for-self-signed-cert.patch | 65 +++++++++++++ |
17 |
...ot-leak-the-local-user-in-the-device-name.patch | 32 +++++++ |
18 |
...fter-free-in-LanLinkProvider-connectError.patch | 28 ++++++ |
19 |
...20.04.3-04-Limit-identity-packets-to-8KiB.patch | 36 ++++++++ |
20 |
...lanlink-connections-stay-open-for-long-wi.patch | 37 ++++++++ |
21 |
...3-06-Don-t-brute-force-reading-the-socket.patch | 102 +++++++++++++++++++++ |
22 |
...r-of-connected-sockets-from-unpaired-devi.patch | 42 +++++++++ |
23 |
...mber-more-than-a-few-identity-packets-at-.patch | 54 +++++++++++ |
24 |
...orts-we-try-to-connect-to-to-the-port-ran.patch | 32 +++++++ |
25 |
...ace-connections-for-a-given-deviceId-if-t.patch | 58 ++++++++++++ |
26 |
kde-misc/kdeconnect/kdeconnect-20.04.3-r1.ebuild | 98 ++++++++++++++++++++ |
27 |
kde-misc/kdeconnect/kdeconnect-20.08.1-r1.ebuild | 99 ++++++++++++++++++++ |
28 |
12 files changed, 683 insertions(+) |
29 |
|
30 |
diff --git a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-01-Do-not-ignore-SSL-errors-except-for-self-signed-cert.patch b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-01-Do-not-ignore-SSL-errors-except-for-self-signed-cert.patch |
31 |
new file mode 100644 |
32 |
index 00000000000..cafeb9501cd |
33 |
--- /dev/null |
34 |
+++ b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-01-Do-not-ignore-SSL-errors-except-for-self-signed-cert.patch |
35 |
@@ -0,0 +1,65 @@ |
36 |
+From f183b5447bad47655c21af87214579f03bf3a163 Mon Sep 17 00:00:00 2001 |
37 |
+From: Albert Vaca Cintora <albertvaka@×××××.com> |
38 |
+Date: Thu, 24 Sep 2020 16:59:22 +0200 |
39 |
+Subject: [PATCH 01/10] Do not ignore SSL errors, except for self-signed cert |
40 |
+ errors. |
41 |
+ |
42 |
+Thanks Matthias Gerstner <mgerstner@××××.de> for reporting this. |
43 |
+--- |
44 |
+ core/backends/lan/lanlinkprovider.cpp | 24 +++++++++++++----------- |
45 |
+ 1 file changed, 13 insertions(+), 11 deletions(-) |
46 |
+ |
47 |
+diff --git a/core/backends/lan/lanlinkprovider.cpp b/core/backends/lan/lanlinkprovider.cpp |
48 |
+index d9a7d8fa..fc005cee 100644 |
49 |
+--- a/core/backends/lan/lanlinkprovider.cpp |
50 |
++++ b/core/backends/lan/lanlinkprovider.cpp |
51 |
+@@ -297,9 +297,7 @@ void LanLinkProvider::tcpSocketConnected() |
52 |
+ |
53 |
+ connect(socket, &QSslSocket::encrypted, this, &LanLinkProvider::encrypted); |
54 |
+ |
55 |
+- if (isDeviceTrusted) { |
56 |
+- connect(socket, QOverload<const QList<QSslError> &>::of(&QSslSocket::sslErrors), this, &LanLinkProvider::sslErrors); |
57 |
+- } |
58 |
++ connect(socket, QOverload<const QList<QSslError> &>::of(&QSslSocket::sslErrors), this, &LanLinkProvider::sslErrors); |
59 |
+ |
60 |
+ socket->startServerEncryption(); |
61 |
+ |
62 |
+@@ -326,8 +324,6 @@ void LanLinkProvider::encrypted() |
63 |
+ |
64 |
+ QSslSocket* socket = qobject_cast<QSslSocket*>(sender()); |
65 |
+ if (!socket) return; |
66 |
+- // TODO delete me? |
67 |
+- disconnect(socket, QOverload<const QList<QSslError> &>::of(&QSslSocket::sslErrors), this, &LanLinkProvider::sslErrors); |
68 |
+ |
69 |
+ Q_ASSERT(socket->mode() != QSslSocket::UnencryptedMode); |
70 |
+ LanDeviceLink::ConnectionStarted connectionOrigin = (socket->mode() == QSslSocket::SslClientMode)? LanDeviceLink::Locally : LanDeviceLink::Remotely; |
71 |
+@@ -346,14 +342,20 @@ void LanLinkProvider::sslErrors(const QList<QSslError>& errors) |
72 |
+ QSslSocket* socket = qobject_cast<QSslSocket*>(sender()); |
73 |
+ if (!socket) return; |
74 |
+ |
75 |
+- qCDebug(KDECONNECT_CORE) << "Failing due to " << errors; |
76 |
+- Device* device = Daemon::instance()->getDevice(socket->peerVerifyName()); |
77 |
+- if (device) { |
78 |
+- device->unpair(); |
79 |
++ bool fatal = false; |
80 |
++ for (const QSslError& error : errors) { |
81 |
++ if (error.error() != QSslError::SelfSignedCertificate) { |
82 |
++ qCCritical(KDECONNECT_CORE) << "Disconnecting due to fatal SSL Error: " << error; |
83 |
++ fatal = true; |
84 |
++ } else { |
85 |
++ qCDebug(KDECONNECT_CORE) << "Ignoring self-signed cert error"; |
86 |
++ } |
87 |
+ } |
88 |
+ |
89 |
+- delete m_receivedIdentityPackets.take(socket).np; |
90 |
+- // Socket disconnects itself on ssl error and will be deleted by deleteLater slot, no need to delete manually |
91 |
++ if (fatal) { |
92 |
++ socket->disconnectFromHost(); |
93 |
++ delete m_receivedIdentityPackets.take(socket).np; |
94 |
++ } |
95 |
+ } |
96 |
+ |
97 |
+ //I'm the new device and this is the answer to my UDP identity packet (no data received yet). They are connecting to us through TCP, and they should send an identity. |
98 |
+-- |
99 |
+2.28.0 |
100 |
+ |
101 |
|
102 |
diff --git a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-02-Do-not-leak-the-local-user-in-the-device-name.patch b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-02-Do-not-leak-the-local-user-in-the-device-name.patch |
103 |
new file mode 100644 |
104 |
index 00000000000..b374d001036 |
105 |
--- /dev/null |
106 |
+++ b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-02-Do-not-leak-the-local-user-in-the-device-name.patch |
107 |
@@ -0,0 +1,32 @@ |
108 |
+From b279c52101d3f7cc30a26086d58de0b5f1c547fa Mon Sep 17 00:00:00 2001 |
109 |
+From: Albert Vaca Cintora <albertvaka@×××××.com> |
110 |
+Date: Thu, 24 Sep 2020 17:01:03 +0200 |
111 |
+Subject: [PATCH 02/10] Do not leak the local user in the device name. |
112 |
+ |
113 |
+Thanks Matthias Gerstner <mgerstner@××××.de> for reporting this. |
114 |
+--- |
115 |
+ core/kdeconnectconfig.cpp | 8 +------- |
116 |
+ 1 file changed, 1 insertion(+), 7 deletions(-) |
117 |
+ |
118 |
+diff --git a/core/kdeconnectconfig.cpp b/core/kdeconnectconfig.cpp |
119 |
+index 91719303..a8dbcf5c 100644 |
120 |
+--- a/core/kdeconnectconfig.cpp |
121 |
++++ b/core/kdeconnectconfig.cpp |
122 |
+@@ -90,13 +90,7 @@ KdeConnectConfig::KdeConnectConfig() |
123 |
+ |
124 |
+ QString KdeConnectConfig::name() |
125 |
+ { |
126 |
+- QString username; |
127 |
+- #ifdef Q_OS_WIN |
128 |
+- username = QString::fromLatin1(qgetenv("USERNAME")); |
129 |
+- #else |
130 |
+- username = QString::fromLatin1(qgetenv("USER")); |
131 |
+- #endif |
132 |
+- QString defaultName = username + QStringLiteral("@") + QHostInfo::localHostName(); |
133 |
++ QString defaultName = QHostInfo::localHostName(); |
134 |
+ QString name = d->m_config->value(QStringLiteral("name"), defaultName).toString(); |
135 |
+ return name; |
136 |
+ } |
137 |
+-- |
138 |
+2.28.0 |
139 |
+ |
140 |
|
141 |
diff --git a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-03-Fix-use-after-free-in-LanLinkProvider-connectError.patch b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-03-Fix-use-after-free-in-LanLinkProvider-connectError.patch |
142 |
new file mode 100644 |
143 |
index 00000000000..52fb9057b93 |
144 |
--- /dev/null |
145 |
+++ b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-03-Fix-use-after-free-in-LanLinkProvider-connectError.patch |
146 |
@@ -0,0 +1,28 @@ |
147 |
+From d35b88c1b25fe13715f9170f18674d476ca9acdc Mon Sep 17 00:00:00 2001 |
148 |
+From: Matthias Gerstner <mgerstner@××××.de> |
149 |
+Date: Thu, 24 Sep 2020 17:03:06 +0200 |
150 |
+Subject: [PATCH 03/10] Fix use after free in LanLinkProvider::connectError() |
151 |
+ |
152 |
+If QSslSocket::connectToHost() hasn't finished running. |
153 |
+ |
154 |
+Thanks Matthias Gerstner <mgerstner@××××.de> for reporting this. |
155 |
+--- |
156 |
+ core/backends/lan/lanlinkprovider.cpp | 2 +- |
157 |
+ 1 file changed, 1 insertion(+), 1 deletion(-) |
158 |
+ |
159 |
+diff --git a/core/backends/lan/lanlinkprovider.cpp b/core/backends/lan/lanlinkprovider.cpp |
160 |
+index fc005cee..235c221f 100644 |
161 |
+--- a/core/backends/lan/lanlinkprovider.cpp |
162 |
++++ b/core/backends/lan/lanlinkprovider.cpp |
163 |
+@@ -252,7 +252,7 @@ void LanLinkProvider::connectError(QAbstractSocket::SocketError socketError) |
164 |
+ //The socket we created didn't work, and we didn't manage |
165 |
+ //to create a LanDeviceLink from it, deleting everything. |
166 |
+ delete m_receivedIdentityPackets.take(socket).np; |
167 |
+- delete socket; |
168 |
++ socket->deleteLater(); |
169 |
+ } |
170 |
+ |
171 |
+ //We received a UDP packet and answered by connecting to them by TCP. This gets called on a successful connection. |
172 |
+-- |
173 |
+2.28.0 |
174 |
+ |
175 |
|
176 |
diff --git a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-04-Limit-identity-packets-to-8KiB.patch b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-04-Limit-identity-packets-to-8KiB.patch |
177 |
new file mode 100644 |
178 |
index 00000000000..e083f5896de |
179 |
--- /dev/null |
180 |
+++ b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-04-Limit-identity-packets-to-8KiB.patch |
181 |
@@ -0,0 +1,36 @@ |
182 |
+From b496e66899e5bc9547b6537a7f44ab44dd0aaf38 Mon Sep 17 00:00:00 2001 |
183 |
+From: Aleix Pol <aleixpol@×××.org> |
184 |
+Date: Wed, 16 Sep 2020 02:28:58 +0200 |
185 |
+Subject: [PATCH 04/10] Limit identity packets to 8KiB |
186 |
+ |
187 |
+Healthy identity packages shouldn't be that big and we don't want to |
188 |
+allow systems around us to send us ever humongous packages that will |
189 |
+just leave us without any memory. |
190 |
+ |
191 |
+Thanks Matthias Gerstner <mgerstner@××××.de> for reporting this. |
192 |
+--- |
193 |
+ core/backends/lan/lanlinkprovider.cpp | 8 ++++++++ |
194 |
+ 1 file changed, 8 insertions(+) |
195 |
+ |
196 |
+diff --git a/core/backends/lan/lanlinkprovider.cpp b/core/backends/lan/lanlinkprovider.cpp |
197 |
+index 235c221f..1fd3870e 100644 |
198 |
+--- a/core/backends/lan/lanlinkprovider.cpp |
199 |
++++ b/core/backends/lan/lanlinkprovider.cpp |
200 |
+@@ -381,6 +381,14 @@ void LanLinkProvider::newConnection() |
201 |
+ void LanLinkProvider::dataReceived() |
202 |
+ { |
203 |
+ QSslSocket* socket = qobject_cast<QSslSocket*>(sender()); |
204 |
++ //the size here is arbitrary and is now at 8192 bytes. It needs to be considerably long as it includes the capabilities but there needs to be a limit |
205 |
++ //Tested between my systems and I get around 2000 per identity package. |
206 |
++ if (socket->bytesAvailable() > 8192) { |
207 |
++ qCWarning(KDECONNECT_CORE) << "LanLinkProvider/newConnection: Suspiciously long identity package received. Closing connection." << socket->peerAddress() << socket->bytesAvailable(); |
208 |
++ socket->disconnectFromHost(); |
209 |
++ return; |
210 |
++ } |
211 |
++ |
212 |
+ #if QT_VERSION < QT_VERSION_CHECK(5,7,0) |
213 |
+ if (!socket->canReadLine()) |
214 |
+ return; |
215 |
+-- |
216 |
+2.28.0 |
217 |
+ |
218 |
|
219 |
diff --git a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-05-Do-not-let-lanlink-connections-stay-open-for-long-wi.patch b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-05-Do-not-let-lanlink-connections-stay-open-for-long-wi.patch |
220 |
new file mode 100644 |
221 |
index 00000000000..1465ce48b98 |
222 |
--- /dev/null |
223 |
+++ b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-05-Do-not-let-lanlink-connections-stay-open-for-long-wi.patch |
224 |
@@ -0,0 +1,37 @@ |
225 |
+From 5310eae85dbdf92fba30375238a2481f2e34943e Mon Sep 17 00:00:00 2001 |
226 |
+From: Aleix Pol <aleixpol@×××.org> |
227 |
+Date: Wed, 16 Sep 2020 02:44:38 +0200 |
228 |
+Subject: [PATCH 05/10] Do not let lanlink connections stay open for long |
229 |
+ without authenticating |
230 |
+ |
231 |
+If there's no information received, close the socket to try again. |
232 |
+ |
233 |
+Thanks Matthias Gerstner <mgerstner@××××.de> for reporting this. |
234 |
+--- |
235 |
+ core/backends/lan/lanlinkprovider.cpp | 10 ++++++++++ |
236 |
+ 1 file changed, 10 insertions(+) |
237 |
+ |
238 |
+diff --git a/core/backends/lan/lanlinkprovider.cpp b/core/backends/lan/lanlinkprovider.cpp |
239 |
+index 1fd3870e..a4942c65 100644 |
240 |
+--- a/core/backends/lan/lanlinkprovider.cpp |
241 |
++++ b/core/backends/lan/lanlinkprovider.cpp |
242 |
+@@ -374,6 +374,16 @@ void LanLinkProvider::newConnection() |
243 |
+ connect(socket, &QIODevice::readyRead, |
244 |
+ this, &LanLinkProvider::dataReceived); |
245 |
+ |
246 |
++ QTimer* timer = new QTimer(socket); |
247 |
++ timer->setSingleShot(true); |
248 |
++ timer->setInterval(1000); |
249 |
++ connect(socket, &QSslSocket::encrypted, |
250 |
++ timer, &QObject::deleteLater); |
251 |
++ connect(timer, &QTimer::timeout, socket, [socket] { |
252 |
++ qCWarning(KDECONNECT_CORE) << "LanLinkProvider/newConnection: Host timed out without sending any identity." << socket->peerAddress(); |
253 |
++ socket->disconnectFromHost(); |
254 |
++ }); |
255 |
++ timer->start(); |
256 |
+ } |
257 |
+ } |
258 |
+ |
259 |
+-- |
260 |
+2.28.0 |
261 |
+ |
262 |
|
263 |
diff --git a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-06-Don-t-brute-force-reading-the-socket.patch b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-06-Don-t-brute-force-reading-the-socket.patch |
264 |
new file mode 100644 |
265 |
index 00000000000..7bb674a8e8f |
266 |
--- /dev/null |
267 |
+++ b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-06-Don-t-brute-force-reading-the-socket.patch |
268 |
@@ -0,0 +1,102 @@ |
269 |
+From 721ba9faafb79aac73973410ee1dd3624ded97a5 Mon Sep 17 00:00:00 2001 |
270 |
+From: Aleix Pol <aleixpol@×××.org> |
271 |
+Date: Wed, 16 Sep 2020 02:27:13 +0200 |
272 |
+Subject: [PATCH 06/10] Don't brute-force reading the socket |
273 |
+ |
274 |
+The package will arrive eventually, and dataReceived will be emitted. |
275 |
+Otherwise we just end up calling dataReceived to no end. |
276 |
+ |
277 |
+Thanks Matthias Gerstner <mgerstner@××××.de> for reporting this. |
278 |
+--- |
279 |
+ core/backends/lan/socketlinereader.cpp | 8 ------- |
280 |
+ tests/testsocketlinereader.cpp | 31 ++++++++++++++++++++++++-- |
281 |
+ 2 files changed, 29 insertions(+), 10 deletions(-) |
282 |
+ |
283 |
+diff --git a/core/backends/lan/socketlinereader.cpp b/core/backends/lan/socketlinereader.cpp |
284 |
+index f67fdf3f..da77052a 100644 |
285 |
+--- a/core/backends/lan/socketlinereader.cpp |
286 |
++++ b/core/backends/lan/socketlinereader.cpp |
287 |
+@@ -38,14 +38,6 @@ void SocketLineReader::dataReceived() |
288 |
+ } |
289 |
+ } |
290 |
+ |
291 |
+- //If we still have things to read from the socket, call dataReceived again |
292 |
+- //We do this manually because we do not trust readyRead to be emitted again |
293 |
+- //So we call this method again just in case. |
294 |
+- if (m_socket->bytesAvailable() > 0) { |
295 |
+- QMetaObject::invokeMethod(this, "dataReceived", Qt::QueuedConnection); |
296 |
+- return; |
297 |
+- } |
298 |
+- |
299 |
+ //If we have any packets, tell it to the world. |
300 |
+ if (!m_packets.isEmpty()) { |
301 |
+ Q_EMIT readyRead(); |
302 |
+diff --git a/tests/testsocketlinereader.cpp b/tests/testsocketlinereader.cpp |
303 |
+index 75584556..b6425b03 100644 |
304 |
+--- a/tests/testsocketlinereader.cpp |
305 |
++++ b/tests/testsocketlinereader.cpp |
306 |
+@@ -25,16 +25,19 @@ |
307 |
+ #include <QProcess> |
308 |
+ #include <QEventLoop> |
309 |
+ #include <QTimer> |
310 |
++#include <QSignalSpy> |
311 |
+ |
312 |
+ class TestSocketLineReader : public QObject |
313 |
+ { |
314 |
+ Q_OBJECT |
315 |
+ public Q_SLOTS: |
316 |
+- void initTestCase(); |
317 |
++ void init(); |
318 |
++ void cleanup() { delete m_server; } |
319 |
+ void newPacket(); |
320 |
+ |
321 |
+ private Q_SLOTS: |
322 |
+ void socketLineReader(); |
323 |
++ void badData(); |
324 |
+ |
325 |
+ private: |
326 |
+ QTimer m_timer; |
327 |
+@@ -45,8 +48,9 @@ private: |
328 |
+ SocketLineReader* m_reader; |
329 |
+ }; |
330 |
+ |
331 |
+-void TestSocketLineReader::initTestCase() |
332 |
++void TestSocketLineReader::init() |
333 |
+ { |
334 |
++ m_packets.clear(); |
335 |
+ m_server = new Server(this); |
336 |
+ |
337 |
+ QVERIFY2(m_server->listen(QHostAddress::LocalHost, 8694), "Failed to create local tcp server"); |
338 |
+@@ -97,6 +101,29 @@ void TestSocketLineReader::socketLineReader() |
339 |
+ } |
340 |
+ } |
341 |
+ |
342 |
++void TestSocketLineReader::badData() |
343 |
++{ |
344 |
++ const QList<QByteArray> dataToSend = { "data1\n", "data" }; //does not end in a \n |
345 |
++ for (const QByteArray& line : qAsConst(dataToSend)) { |
346 |
++ m_conn->write(line); |
347 |
++ } |
348 |
++ m_conn->flush(); |
349 |
++ |
350 |
++ QSignalSpy spy(m_server, &QTcpServer::newConnection); |
351 |
++ QVERIFY(m_server->hasPendingConnections() || spy.wait(1000)); |
352 |
++ QSslSocket* sock = m_server->nextPendingConnection(); |
353 |
++ |
354 |
++ QVERIFY2(sock != nullptr, "Could not open a connection to the client"); |
355 |
++ |
356 |
++ m_reader = new SocketLineReader(sock, this); |
357 |
++ connect(m_reader, &SocketLineReader::readyRead, this, &TestSocketLineReader::newPacket); |
358 |
++ m_timer.start(); |
359 |
++ m_loop.exec(); |
360 |
++ |
361 |
++ QCOMPARE(m_packets.count(), 1); |
362 |
++ QCOMPARE(m_packets[0], dataToSend[0]); |
363 |
++} |
364 |
++ |
365 |
+ void TestSocketLineReader::newPacket() |
366 |
+ { |
367 |
+ if (!m_reader->bytesAvailable()) { |
368 |
+-- |
369 |
+2.28.0 |
370 |
+ |
371 |
|
372 |
diff --git a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-07-Limit-number-of-connected-sockets-from-unpaired-devi.patch b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-07-Limit-number-of-connected-sockets-from-unpaired-devi.patch |
373 |
new file mode 100644 |
374 |
index 00000000000..6a6bdb01cb9 |
375 |
--- /dev/null |
376 |
+++ b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-07-Limit-number-of-connected-sockets-from-unpaired-devi.patch |
377 |
@@ -0,0 +1,42 @@ |
378 |
+From ae58b9dec49c809b85b5404cee17946116f8a706 Mon Sep 17 00:00:00 2001 |
379 |
+From: Albert Vaca Cintora <albertvaka@×××××.com> |
380 |
+Date: Thu, 24 Sep 2020 17:13:34 +0200 |
381 |
+Subject: [PATCH 07/10] Limit number of connected sockets from unpaired devices |
382 |
+ |
383 |
+Thanks Matthias Gerstner <mgerstner@××××.de> for reporting this. |
384 |
+--- |
385 |
+ core/backends/lan/lanlinkprovider.cpp | 11 +++++++++++ |
386 |
+ 1 file changed, 11 insertions(+) |
387 |
+ |
388 |
+diff --git a/core/backends/lan/lanlinkprovider.cpp b/core/backends/lan/lanlinkprovider.cpp |
389 |
+index a4942c65..770e7866 100644 |
390 |
+--- a/core/backends/lan/lanlinkprovider.cpp |
391 |
++++ b/core/backends/lan/lanlinkprovider.cpp |
392 |
+@@ -46,6 +46,8 @@ |
393 |
+ |
394 |
+ #define MIN_VERSION_WITH_SSL_SUPPORT 6 |
395 |
+ |
396 |
++static const int MAX_UNPAIRED_CONNECTIONS = 42; |
397 |
++ |
398 |
+ LanLinkProvider::LanLinkProvider( |
399 |
+ bool testMode, |
400 |
+ quint16 udpBroadcastPort, |
401 |
+@@ -555,6 +557,15 @@ void LanLinkProvider::addLink(const QString& deviceId, QSslSocket* socket, Netwo |
402 |
+ deviceLink->reset(socket, connectionOrigin); |
403 |
+ } else { |
404 |
+ deviceLink = new LanDeviceLink(deviceId, this, socket, connectionOrigin); |
405 |
++ // Socket disconnection will now be handled by LanDeviceLink |
406 |
++ disconnect(socket, &QAbstractSocket::disconnected, socket, &QObject::deleteLater); |
407 |
++ bool isDeviceTrusted = KdeConnectConfig::instance().trustedDevices().contains(deviceId); |
408 |
++ if (!isDeviceTrusted && m_links.size() > MAX_UNPAIRED_CONNECTIONS) { |
409 |
++ qCWarning(KDECONNECT_CORE) << "Too many unpaired devices to remember them all. Ignoring " << deviceId; |
410 |
++ socket->disconnectFromHost(); |
411 |
++ socket->deleteLater(); |
412 |
++ return; |
413 |
++ } |
414 |
+ connect(deviceLink, &QObject::destroyed, this, &LanLinkProvider::deviceLinkDestroyed); |
415 |
+ m_links[deviceId] = deviceLink; |
416 |
+ if (m_pairingHandlers.contains(deviceId)) { |
417 |
+-- |
418 |
+2.28.0 |
419 |
+ |
420 |
|
421 |
diff --git a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-08-Do-not-remember-more-than-a-few-identity-packets-at-.patch b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-08-Do-not-remember-more-than-a-few-identity-packets-at-.patch |
422 |
new file mode 100644 |
423 |
index 00000000000..36d612e9cbc |
424 |
--- /dev/null |
425 |
+++ b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-08-Do-not-remember-more-than-a-few-identity-packets-at-.patch |
426 |
@@ -0,0 +1,54 @@ |
427 |
+From 66c768aa9e7fba30b119c8b801efd49ed1270b0a Mon Sep 17 00:00:00 2001 |
428 |
+From: Albert Vaca Cintora <albertvaka@×××××.com> |
429 |
+Date: Thu, 24 Sep 2020 17:16:02 +0200 |
430 |
+Subject: [PATCH 08/10] Do not remember more than a few identity packets at a |
431 |
+ time |
432 |
+ |
433 |
+To prevent the kdeconnect process from using too much memory. |
434 |
+ |
435 |
+Thanks Matthias Gerstner <mgerstner@××××.de> for reporting this. |
436 |
+--- |
437 |
+ core/backends/lan/lanlinkprovider.cpp | 13 +++++++++++++ |
438 |
+ 1 file changed, 13 insertions(+) |
439 |
+ |
440 |
+diff --git a/core/backends/lan/lanlinkprovider.cpp b/core/backends/lan/lanlinkprovider.cpp |
441 |
+index 770e7866..6afb8552 100644 |
442 |
+--- a/core/backends/lan/lanlinkprovider.cpp |
443 |
++++ b/core/backends/lan/lanlinkprovider.cpp |
444 |
+@@ -47,6 +47,7 @@ |
445 |
+ #define MIN_VERSION_WITH_SSL_SUPPORT 6 |
446 |
+ |
447 |
+ static const int MAX_UNPAIRED_CONNECTIONS = 42; |
448 |
++static const int MAX_REMEMBERED_IDENTITY_PACKETS = 42; |
449 |
+ |
450 |
+ LanLinkProvider::LanLinkProvider( |
451 |
+ bool testMode, |
452 |
+@@ -225,6 +226,12 @@ void LanLinkProvider::udpBroadcastReceived() |
453 |
+ |
454 |
+ //qCDebug(KDECONNECT_CORE) << "Received Udp identity packet from" << sender << " asking for a tcp connection on port " << tcpPort; |
455 |
+ |
456 |
++ if (m_receivedIdentityPackets.size() > MAX_REMEMBERED_IDENTITY_PACKETS) { |
457 |
++ qCWarning(KDECONNECT_CORE) << "Too many remembered identities, ignoring" << receivedPacket->get<QString>(QStringLiteral("deviceId")) << "received via UDP"; |
458 |
++ delete receivedPacket; |
459 |
++ continue; |
460 |
++ } |
461 |
++ |
462 |
+ QSslSocket* socket = new QSslSocket(this); |
463 |
+ socket->setProxy(QNetworkProxy::NoProxy); |
464 |
+ m_receivedIdentityPackets[socket].np = receivedPacket; |
465 |
+@@ -435,6 +442,12 @@ void LanLinkProvider::dataReceived() |
466 |
+ return; |
467 |
+ } |
468 |
+ |
469 |
++ if (m_receivedIdentityPackets.size() > MAX_REMEMBERED_IDENTITY_PACKETS) { |
470 |
++ qCWarning(KDECONNECT_CORE) << "Too many remembered identities, ignoring" << np->get<QString>(QStringLiteral("deviceId")) << "received via TCP"; |
471 |
++ delete np; |
472 |
++ return; |
473 |
++ } |
474 |
++ |
475 |
+ // Needed in "encrypted" if ssl is used, similar to "tcpSocketConnected" |
476 |
+ m_receivedIdentityPackets[socket].np = np; |
477 |
+ |
478 |
+-- |
479 |
+2.28.0 |
480 |
+ |
481 |
|
482 |
diff --git a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-09-Limit-the-ports-we-try-to-connect-to-to-the-port-ran.patch b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-09-Limit-the-ports-we-try-to-connect-to-to-the-port-ran.patch |
483 |
new file mode 100644 |
484 |
index 00000000000..c108144632c |
485 |
--- /dev/null |
486 |
+++ b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-09-Limit-the-ports-we-try-to-connect-to-to-the-port-ran.patch |
487 |
@@ -0,0 +1,32 @@ |
488 |
+From 85b691e40f525e22ca5cc4ebe79c361d71d7dc05 Mon Sep 17 00:00:00 2001 |
489 |
+From: Albert Vaca Cintora <albertvaka@×××××.com> |
490 |
+Date: Thu, 24 Sep 2020 17:18:06 +0200 |
491 |
+Subject: [PATCH 09/10] Limit the ports we try to connect to to the port range |
492 |
+ of KDE Connect |
493 |
+ |
494 |
+So we can't trigger connections to other services. |
495 |
+ |
496 |
+Thanks Matthias Gerstner <mgerstner@××××.de> for reporting this. |
497 |
+--- |
498 |
+ core/backends/lan/lanlinkprovider.cpp | 5 +++++ |
499 |
+ 1 file changed, 5 insertions(+) |
500 |
+ |
501 |
+diff --git a/core/backends/lan/lanlinkprovider.cpp b/core/backends/lan/lanlinkprovider.cpp |
502 |
+index 6afb8552..f3d6801d 100644 |
503 |
+--- a/core/backends/lan/lanlinkprovider.cpp |
504 |
++++ b/core/backends/lan/lanlinkprovider.cpp |
505 |
+@@ -223,6 +223,11 @@ void LanLinkProvider::udpBroadcastReceived() |
506 |
+ } |
507 |
+ |
508 |
+ int tcpPort = receivedPacket->get<int>(QStringLiteral("tcpPort")); |
509 |
++ if (tcpPort < MIN_TCP_PORT || tcpPort > MAX_TCP_PORT) { |
510 |
++ qCDebug(KDECONNECT_CORE) << "TCP port outside of kdeconnect's range"; |
511 |
++ delete receivedPacket; |
512 |
++ continue; |
513 |
++ } |
514 |
+ |
515 |
+ //qCDebug(KDECONNECT_CORE) << "Received Udp identity packet from" << sender << " asking for a tcp connection on port " << tcpPort; |
516 |
+ |
517 |
+-- |
518 |
+2.28.0 |
519 |
+ |
520 |
|
521 |
diff --git a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-10-Do-not-replace-connections-for-a-given-deviceId-if-t.patch b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-10-Do-not-replace-connections-for-a-given-deviceId-if-t.patch |
522 |
new file mode 100644 |
523 |
index 00000000000..d10f0193dac |
524 |
--- /dev/null |
525 |
+++ b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-10-Do-not-replace-connections-for-a-given-deviceId-if-t.patch |
526 |
@@ -0,0 +1,58 @@ |
527 |
+From 48180b46552d40729a36b7431e97bbe2b5379306 Mon Sep 17 00:00:00 2001 |
528 |
+From: Albert Vaca Cintora <albertvaka@×××××.com> |
529 |
+Date: Thu, 24 Sep 2020 18:46:57 +0200 |
530 |
+Subject: [PATCH 10/10] Do not replace connections for a given deviceId if the |
531 |
+ certs have changed |
532 |
+ |
533 |
+Thanks Matthias Gerstner <mgerstner@××××.de> for reporting this. |
534 |
+--- |
535 |
+ core/backends/lan/landevicelink.cpp | 5 +++++ |
536 |
+ core/backends/lan/landevicelink.h | 1 + |
537 |
+ core/backends/lan/lanlinkprovider.cpp | 6 ++++++ |
538 |
+ 3 files changed, 12 insertions(+) |
539 |
+ |
540 |
+diff --git a/core/backends/lan/landevicelink.cpp b/core/backends/lan/landevicelink.cpp |
541 |
+index 8a65fb92..41af6f0e 100644 |
542 |
+--- a/core/backends/lan/landevicelink.cpp |
543 |
++++ b/core/backends/lan/landevicelink.cpp |
544 |
+@@ -192,3 +192,8 @@ bool LanDeviceLink::linkShouldBeKeptAlive() { |
545 |
+ //return (mConnectionSource == ConnectionStarted::Remotely || pairStatus() == Paired); |
546 |
+ |
547 |
+ } |
548 |
++ |
549 |
++QSslCertificate LanDeviceLink::certificate() const |
550 |
++{ |
551 |
++ return m_socketLineReader->peerCertificate(); |
552 |
++} |
553 |
+diff --git a/core/backends/lan/landevicelink.h b/core/backends/lan/landevicelink.h |
554 |
+index 28f63db2..485c58b5 100644 |
555 |
+--- a/core/backends/lan/landevicelink.h |
556 |
++++ b/core/backends/lan/landevicelink.h |
557 |
+@@ -56,6 +56,7 @@ public: |
558 |
+ bool linkShouldBeKeptAlive() override; |
559 |
+ |
560 |
+ QHostAddress hostAddress() const; |
561 |
++ QSslCertificate certificate() const; |
562 |
+ |
563 |
+ private Q_SLOTS: |
564 |
+ void dataReceived(); |
565 |
+diff --git a/core/backends/lan/lanlinkprovider.cpp b/core/backends/lan/lanlinkprovider.cpp |
566 |
+index f3d6801d..372cdc8f 100644 |
567 |
+--- a/core/backends/lan/lanlinkprovider.cpp |
568 |
++++ b/core/backends/lan/lanlinkprovider.cpp |
569 |
+@@ -345,6 +345,12 @@ void LanLinkProvider::encrypted() |
570 |
+ NetworkPacket* receivedPacket = m_receivedIdentityPackets[socket].np; |
571 |
+ const QString& deviceId = receivedPacket->get<QString>(QStringLiteral("deviceId")); |
572 |
+ |
573 |
++ if (m_links.contains(deviceId) && m_links[deviceId]->certificate() != socket->peerCertificate()) { |
574 |
++ socket->disconnectFromHost(); |
575 |
++ qCWarning(KDECONNECT_CORE) << "Got connection for the same deviceId but certificates don't match. Ignoring " << deviceId; |
576 |
++ return; |
577 |
++ } |
578 |
++ |
579 |
+ addLink(deviceId, socket, receivedPacket, connectionOrigin); |
580 |
+ |
581 |
+ // Copied from tcpSocketConnected slot, now delete received packet |
582 |
+-- |
583 |
+2.28.0 |
584 |
+ |
585 |
|
586 |
diff --git a/kde-misc/kdeconnect/kdeconnect-20.04.3-r1.ebuild b/kde-misc/kdeconnect/kdeconnect-20.04.3-r1.ebuild |
587 |
new file mode 100644 |
588 |
index 00000000000..1729d66f2f8 |
589 |
--- /dev/null |
590 |
+++ b/kde-misc/kdeconnect/kdeconnect-20.04.3-r1.ebuild |
591 |
@@ -0,0 +1,98 @@ |
592 |
+# Copyright 1999-2020 Gentoo Authors |
593 |
+# Distributed under the terms of the GNU General Public License v2 |
594 |
+ |
595 |
+EAPI=7 |
596 |
+ |
597 |
+ECM_HANDBOOK="optional" |
598 |
+ECM_TEST="true" |
599 |
+KDE_ORG_NAME="${PN}-kde" |
600 |
+KDE_RELEASE_SERVICE="true" |
601 |
+KDE_SELINUX_MODULE="${PN}" |
602 |
+KFMIN=5.70.0 |
603 |
+QTMIN=5.14.2 |
604 |
+inherit ecm kde.org |
605 |
+ |
606 |
+DESCRIPTION="Adds communication between KDE Plasma and your smartphone" |
607 |
+HOMEPAGE="https://kdeconnect.kde.org/ |
608 |
+https://kde.org/applications/en/kdeconnect.kcm" |
609 |
+ |
610 |
+LICENSE="GPL-2+" |
611 |
+SLOT="5" |
612 |
+KEYWORDS="~amd64 ~arm64 ~x86" |
613 |
+IUSE="bluetooth pulseaudio wayland X" |
614 |
+ |
615 |
+DEPEND=" |
616 |
+ >=app-crypt/qca-2.3.0:2[ssl] |
617 |
+ >=dev-qt/qtdbus-${QTMIN}:5 |
618 |
+ >=dev-qt/qtdeclarative-${QTMIN}:5 |
619 |
+ >=dev-qt/qtgui-${QTMIN}:5 |
620 |
+ >=dev-qt/qtmultimedia-${QTMIN}:5 |
621 |
+ >=dev-qt/qtnetwork-${QTMIN}:5 |
622 |
+ >=dev-qt/qtwidgets-${QTMIN}:5 |
623 |
+ >=kde-frameworks/kcmutils-${KFMIN}:5 |
624 |
+ >=kde-frameworks/kconfig-${KFMIN}:5 |
625 |
+ >=kde-frameworks/kconfigwidgets-${KFMIN}:5 |
626 |
+ >=kde-frameworks/kcoreaddons-${KFMIN}:5 |
627 |
+ >=kde-frameworks/kdbusaddons-${KFMIN}:5 |
628 |
+ >=kde-frameworks/ki18n-${KFMIN}:5 |
629 |
+ >=kde-frameworks/kiconthemes-${KFMIN}:5 |
630 |
+ >=kde-frameworks/kio-${KFMIN}:5 |
631 |
+ >=kde-frameworks/kirigami-${KFMIN}:5 |
632 |
+ >=kde-frameworks/knotifications-${KFMIN}:5 |
633 |
+ >=kde-frameworks/kpeople-${KFMIN}:5 |
634 |
+ >=kde-frameworks/kservice-${KFMIN}:5 |
635 |
+ >=kde-frameworks/kwidgetsaddons-${KFMIN}:5 |
636 |
+ >=kde-frameworks/plasma-${KFMIN}:5 |
637 |
+ bluetooth? ( >=dev-qt/qtbluetooth-${QTMIN}:5 ) |
638 |
+ X? ( |
639 |
+ >=dev-qt/qtx11extras-${QTMIN}:5 |
640 |
+ x11-libs/libfakekey |
641 |
+ x11-libs/libX11 |
642 |
+ x11-libs/libXtst |
643 |
+ ) |
644 |
+ pulseaudio? ( media-libs/pulseaudio-qt ) |
645 |
+ wayland? ( >=kde-frameworks/kwayland-${KFMIN}:5 ) |
646 |
+" |
647 |
+RDEPEND="${DEPEND} |
648 |
+ dev-libs/kpeoplevcard |
649 |
+ >=dev-qt/qtgraphicaleffects-${QTMIN}:5 |
650 |
+ >=dev-qt/qtquickcontrols2-${QTMIN}:5 |
651 |
+ >=kde-frameworks/kdeclarative-${KFMIN}:5 |
652 |
+ net-fs/sshfs |
653 |
+" |
654 |
+ |
655 |
+RESTRICT+=" test" |
656 |
+ |
657 |
+PATCHES=( |
658 |
+ # CVE-2020-26164, bug 746401 |
659 |
+ "${FILESDIR}"/${P}-01-Do-not-ignore-SSL-errors-except-for-self-signed-cert.patch |
660 |
+ "${FILESDIR}"/${P}-02-Do-not-leak-the-local-user-in-the-device-name.patch |
661 |
+ "${FILESDIR}"/${P}-03-Fix-use-after-free-in-LanLinkProvider-connectError.patch |
662 |
+ "${FILESDIR}"/${P}-04-Limit-identity-packets-to-8KiB.patch |
663 |
+ "${FILESDIR}"/${P}-05-Do-not-let-lanlink-connections-stay-open-for-long-wi.patch |
664 |
+ "${FILESDIR}"/${P}-06-Don-t-brute-force-reading-the-socket.patch |
665 |
+ "${FILESDIR}"/${P}-07-Limit-number-of-connected-sockets-from-unpaired-devi.patch |
666 |
+ "${FILESDIR}"/${P}-08-Do-not-remember-more-than-a-few-identity-packets-at-.patch |
667 |
+ "${FILESDIR}"/${P}-09-Limit-the-ports-we-try-to-connect-to-to-the-port-ran.patch |
668 |
+ "${FILESDIR}"/${P}-10-Do-not-replace-connections-for-a-given-deviceId-if-t.patch |
669 |
+) |
670 |
+ |
671 |
+src_configure() { |
672 |
+ local mycmakeargs=( |
673 |
+ -DBLUETOOTH_ENABLED=$(usex bluetooth) |
674 |
+ $(cmake_use_find_package pulseaudio KF5PulseAudioQt) |
675 |
+ $(cmake_use_find_package wayland KF5Wayland) |
676 |
+ $(cmake_use_find_package X LibFakeKey) |
677 |
+ ) |
678 |
+ |
679 |
+ ecm_src_configure |
680 |
+} |
681 |
+ |
682 |
+pkg_postinst(){ |
683 |
+ ecm_pkg_postinst |
684 |
+ |
685 |
+ elog "The Android .apk file is available via" |
686 |
+ elog "https://play.google.com/store/apps/details?id=org.kde.kdeconnect_tp" |
687 |
+ elog "or via" |
688 |
+ elog "https://f-droid.org/repository/browse/?fdid=org.kde.kdeconnect_tp" |
689 |
+} |
690 |
|
691 |
diff --git a/kde-misc/kdeconnect/kdeconnect-20.08.1-r1.ebuild b/kde-misc/kdeconnect/kdeconnect-20.08.1-r1.ebuild |
692 |
new file mode 100644 |
693 |
index 00000000000..a43c4f2bd59 |
694 |
--- /dev/null |
695 |
+++ b/kde-misc/kdeconnect/kdeconnect-20.08.1-r1.ebuild |
696 |
@@ -0,0 +1,99 @@ |
697 |
+# Copyright 1999-2020 Gentoo Authors |
698 |
+# Distributed under the terms of the GNU General Public License v2 |
699 |
+ |
700 |
+EAPI=7 |
701 |
+ |
702 |
+ECM_HANDBOOK="optional" |
703 |
+ECM_TEST="true" |
704 |
+KDE_ORG_NAME="${PN}-kde" |
705 |
+KDE_RELEASE_SERVICE="true" |
706 |
+KDE_SELINUX_MODULE="${PN}" |
707 |
+KFMIN=5.72.0 |
708 |
+QTMIN=5.14.2 |
709 |
+inherit ecm kde.org |
710 |
+ |
711 |
+DESCRIPTION="Adds communication between KDE Plasma and your smartphone" |
712 |
+HOMEPAGE="https://kdeconnect.kde.org/ |
713 |
+https://kde.org/applications/en/kdeconnect.kcm" |
714 |
+ |
715 |
+LICENSE="GPL-2+" |
716 |
+SLOT="5" |
717 |
+KEYWORDS="~amd64 ~arm64 ~x86" |
718 |
+IUSE="bluetooth pulseaudio wayland X" |
719 |
+ |
720 |
+DEPEND=" |
721 |
+ >=app-crypt/qca-2.3.0:2[ssl] |
722 |
+ >=dev-qt/qtdbus-${QTMIN}:5 |
723 |
+ >=dev-qt/qtdeclarative-${QTMIN}:5 |
724 |
+ >=dev-qt/qtgui-${QTMIN}:5 |
725 |
+ >=dev-qt/qtmultimedia-${QTMIN}:5 |
726 |
+ >=dev-qt/qtnetwork-${QTMIN}:5 |
727 |
+ >=dev-qt/qtwidgets-${QTMIN}:5 |
728 |
+ >=kde-frameworks/kcmutils-${KFMIN}:5 |
729 |
+ >=kde-frameworks/kconfig-${KFMIN}:5 |
730 |
+ >=kde-frameworks/kconfigwidgets-${KFMIN}:5 |
731 |
+ >=kde-frameworks/kcoreaddons-${KFMIN}:5 |
732 |
+ >=kde-frameworks/kdbusaddons-${KFMIN}:5 |
733 |
+ >=kde-frameworks/ki18n-${KFMIN}:5 |
734 |
+ >=kde-frameworks/kiconthemes-${KFMIN}:5 |
735 |
+ >=kde-frameworks/kio-${KFMIN}:5 |
736 |
+ >=kde-frameworks/kirigami-${KFMIN}:5 |
737 |
+ >=kde-frameworks/knotifications-${KFMIN}:5 |
738 |
+ >=kde-frameworks/kpeople-${KFMIN}:5 |
739 |
+ >=kde-frameworks/kservice-${KFMIN}:5 |
740 |
+ >=kde-frameworks/kwidgetsaddons-${KFMIN}:5 |
741 |
+ >=kde-frameworks/plasma-${KFMIN}:5 |
742 |
+ >=kde-frameworks/solid-${KFMIN}:5 |
743 |
+ bluetooth? ( >=dev-qt/qtbluetooth-${QTMIN}:5 ) |
744 |
+ X? ( |
745 |
+ >=dev-qt/qtx11extras-${QTMIN}:5 |
746 |
+ x11-libs/libfakekey |
747 |
+ x11-libs/libX11 |
748 |
+ x11-libs/libXtst |
749 |
+ ) |
750 |
+ pulseaudio? ( media-libs/pulseaudio-qt ) |
751 |
+ wayland? ( >=kde-frameworks/kwayland-${KFMIN}:5 ) |
752 |
+" |
753 |
+RDEPEND="${DEPEND} |
754 |
+ dev-libs/kpeoplevcard |
755 |
+ >=dev-qt/qtgraphicaleffects-${QTMIN}:5 |
756 |
+ >=dev-qt/qtquickcontrols2-${QTMIN}:5 |
757 |
+ >=kde-frameworks/kdeclarative-${KFMIN}:5 |
758 |
+ net-fs/sshfs |
759 |
+" |
760 |
+ |
761 |
+RESTRICT+=" test" |
762 |
+ |
763 |
+PATCHES=( |
764 |
+ # CVE-2020-26164, bug 746401 |
765 |
+ "${FILESDIR}"/${PN}-20.04.3-01-Do-not-ignore-SSL-errors-except-for-self-signed-cert.patch |
766 |
+ "${FILESDIR}"/${PN}-20.04.3-02-Do-not-leak-the-local-user-in-the-device-name.patch |
767 |
+ "${FILESDIR}"/${PN}-20.04.3-03-Fix-use-after-free-in-LanLinkProvider-connectError.patch |
768 |
+ "${FILESDIR}"/${PN}-20.04.3-04-Limit-identity-packets-to-8KiB.patch |
769 |
+ "${FILESDIR}"/${PN}-20.04.3-05-Do-not-let-lanlink-connections-stay-open-for-long-wi.patch |
770 |
+ "${FILESDIR}"/${PN}-20.04.3-06-Don-t-brute-force-reading-the-socket.patch |
771 |
+ "${FILESDIR}"/${PN}-20.04.3-07-Limit-number-of-connected-sockets-from-unpaired-devi.patch |
772 |
+ "${FILESDIR}"/${PN}-20.04.3-08-Do-not-remember-more-than-a-few-identity-packets-at-.patch |
773 |
+ "${FILESDIR}"/${PN}-20.04.3-09-Limit-the-ports-we-try-to-connect-to-to-the-port-ran.patch |
774 |
+ "${FILESDIR}"/${PN}-20.04.3-10-Do-not-replace-connections-for-a-given-deviceId-if-t.patch |
775 |
+) |
776 |
+ |
777 |
+src_configure() { |
778 |
+ local mycmakeargs=( |
779 |
+ -DBLUETOOTH_ENABLED=$(usex bluetooth) |
780 |
+ $(cmake_use_find_package pulseaudio KF5PulseAudioQt) |
781 |
+ $(cmake_use_find_package wayland KF5Wayland) |
782 |
+ $(cmake_use_find_package X LibFakeKey) |
783 |
+ ) |
784 |
+ |
785 |
+ ecm_src_configure |
786 |
+} |
787 |
+ |
788 |
+pkg_postinst(){ |
789 |
+ ecm_pkg_postinst |
790 |
+ |
791 |
+ elog "The Android .apk file is available via" |
792 |
+ elog "https://play.google.com/store/apps/details?id=org.kde.kdeconnect_tp" |
793 |
+ elog "or via" |
794 |
+ elog "https://f-droid.org/repository/browse/?fdid=org.kde.kdeconnect_tp" |
795 |
+} |