commit: 9e264ef7ff33d1bf2d7d696fab3fadae151a899b Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> AuthorDate: Sat Nov 28 13:50:40 2020 +0000 Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> CommitDate: Sat Nov 28 14:12:48 2020 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9e264ef7
kde-misc/kdeconnect: Drop obsolete patches Package-Manager: Portage-3.0.10, Repoman-3.0.2 Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org> ...re-SSL-errors-except-for-self-signed-cert.patch | 65 ------------- ...ot-leak-the-local-user-in-the-device-name.patch | 32 ------- ...fter-free-in-LanLinkProvider-connectError.patch | 28 ------ ...20.04.3-04-Limit-identity-packets-to-8KiB.patch | 36 -------- ...lanlink-connections-stay-open-for-long-wi.patch | 37 -------- ...3-06-Don-t-brute-force-reading-the-socket.patch | 102 --------------------- ...r-of-connected-sockets-from-unpaired-devi.patch | 42 --------- ...mber-more-than-a-few-identity-packets-at-.patch | 54 ----------- ...orts-we-try-to-connect-to-to-the-port-ran.patch | 32 ------- ...ace-connections-for-a-given-deviceId-if-t.patch | 58 ------------ 10 files changed, 486 deletions(-) diff --git a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-01-Do-not-ignore-SSL-errors-except-for-self-signed-cert.patch b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-01-Do-not-ignore-SSL-errors-except-for-self-signed-cert.patch deleted file mode 100644 index cafeb9501cd..00000000000 --- a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-01-Do-not-ignore-SSL-errors-except-for-self-signed-cert.patch +++ /dev/null @@ -1,65 +0,0 @@ -From f183b5447bad47655c21af87214579f03bf3a163 Mon Sep 17 00:00:00 2001 -From: Albert Vaca Cintora <[email protected]> -Date: Thu, 24 Sep 2020 16:59:22 +0200 -Subject: [PATCH 01/10] Do not ignore SSL errors, except for self-signed cert - errors. - -Thanks Matthias Gerstner <[email protected]> for reporting this. ---- - core/backends/lan/lanlinkprovider.cpp | 24 +++++++++++++----------- - 1 file changed, 13 insertions(+), 11 deletions(-) - -diff --git a/core/backends/lan/lanlinkprovider.cpp b/core/backends/lan/lanlinkprovider.cpp -index d9a7d8fa..fc005cee 100644 ---- a/core/backends/lan/lanlinkprovider.cpp -+++ b/core/backends/lan/lanlinkprovider.cpp -@@ -297,9 +297,7 @@ void LanLinkProvider::tcpSocketConnected() - - connect(socket, &QSslSocket::encrypted, this, &LanLinkProvider::encrypted); - -- if (isDeviceTrusted) { -- connect(socket, QOverload<const QList<QSslError> &>::of(&QSslSocket::sslErrors), this, &LanLinkProvider::sslErrors); -- } -+ connect(socket, QOverload<const QList<QSslError> &>::of(&QSslSocket::sslErrors), this, &LanLinkProvider::sslErrors); - - socket->startServerEncryption(); - -@@ -326,8 +324,6 @@ void LanLinkProvider::encrypted() - - QSslSocket* socket = qobject_cast<QSslSocket*>(sender()); - if (!socket) return; -- // TODO delete me? -- disconnect(socket, QOverload<const QList<QSslError> &>::of(&QSslSocket::sslErrors), this, &LanLinkProvider::sslErrors); - - Q_ASSERT(socket->mode() != QSslSocket::UnencryptedMode); - LanDeviceLink::ConnectionStarted connectionOrigin = (socket->mode() == QSslSocket::SslClientMode)? LanDeviceLink::Locally : LanDeviceLink::Remotely; -@@ -346,14 +342,20 @@ void LanLinkProvider::sslErrors(const QList<QSslError>& errors) - QSslSocket* socket = qobject_cast<QSslSocket*>(sender()); - if (!socket) return; - -- qCDebug(KDECONNECT_CORE) << "Failing due to " << errors; -- Device* device = Daemon::instance()->getDevice(socket->peerVerifyName()); -- if (device) { -- device->unpair(); -+ bool fatal = false; -+ for (const QSslError& error : errors) { -+ if (error.error() != QSslError::SelfSignedCertificate) { -+ qCCritical(KDECONNECT_CORE) << "Disconnecting due to fatal SSL Error: " << error; -+ fatal = true; -+ } else { -+ qCDebug(KDECONNECT_CORE) << "Ignoring self-signed cert error"; -+ } - } - -- delete m_receivedIdentityPackets.take(socket).np; -- // Socket disconnects itself on ssl error and will be deleted by deleteLater slot, no need to delete manually -+ if (fatal) { -+ socket->disconnectFromHost(); -+ delete m_receivedIdentityPackets.take(socket).np; -+ } - } - - //I'm the new device and this is the answer to my UDP identity packet (no data received yet). They are connecting to us through TCP, and they should send an identity. --- -2.28.0 - diff --git a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-02-Do-not-leak-the-local-user-in-the-device-name.patch b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-02-Do-not-leak-the-local-user-in-the-device-name.patch deleted file mode 100644 index b374d001036..00000000000 --- a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-02-Do-not-leak-the-local-user-in-the-device-name.patch +++ /dev/null @@ -1,32 +0,0 @@ -From b279c52101d3f7cc30a26086d58de0b5f1c547fa Mon Sep 17 00:00:00 2001 -From: Albert Vaca Cintora <[email protected]> -Date: Thu, 24 Sep 2020 17:01:03 +0200 -Subject: [PATCH 02/10] Do not leak the local user in the device name. - -Thanks Matthias Gerstner <[email protected]> for reporting this. ---- - core/kdeconnectconfig.cpp | 8 +------- - 1 file changed, 1 insertion(+), 7 deletions(-) - -diff --git a/core/kdeconnectconfig.cpp b/core/kdeconnectconfig.cpp -index 91719303..a8dbcf5c 100644 ---- a/core/kdeconnectconfig.cpp -+++ b/core/kdeconnectconfig.cpp -@@ -90,13 +90,7 @@ KdeConnectConfig::KdeConnectConfig() - - QString KdeConnectConfig::name() - { -- QString username; -- #ifdef Q_OS_WIN -- username = QString::fromLatin1(qgetenv("USERNAME")); -- #else -- username = QString::fromLatin1(qgetenv("USER")); -- #endif -- QString defaultName = username + QStringLiteral("@") + QHostInfo::localHostName(); -+ QString defaultName = QHostInfo::localHostName(); - QString name = d->m_config->value(QStringLiteral("name"), defaultName).toString(); - return name; - } --- -2.28.0 - diff --git a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-03-Fix-use-after-free-in-LanLinkProvider-connectError.patch b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-03-Fix-use-after-free-in-LanLinkProvider-connectError.patch deleted file mode 100644 index 52fb9057b93..00000000000 --- a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-03-Fix-use-after-free-in-LanLinkProvider-connectError.patch +++ /dev/null @@ -1,28 +0,0 @@ -From d35b88c1b25fe13715f9170f18674d476ca9acdc Mon Sep 17 00:00:00 2001 -From: Matthias Gerstner <[email protected]> -Date: Thu, 24 Sep 2020 17:03:06 +0200 -Subject: [PATCH 03/10] Fix use after free in LanLinkProvider::connectError() - -If QSslSocket::connectToHost() hasn't finished running. - -Thanks Matthias Gerstner <[email protected]> for reporting this. ---- - core/backends/lan/lanlinkprovider.cpp | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/core/backends/lan/lanlinkprovider.cpp b/core/backends/lan/lanlinkprovider.cpp -index fc005cee..235c221f 100644 ---- a/core/backends/lan/lanlinkprovider.cpp -+++ b/core/backends/lan/lanlinkprovider.cpp -@@ -252,7 +252,7 @@ void LanLinkProvider::connectError(QAbstractSocket::SocketError socketError) - //The socket we created didn't work, and we didn't manage - //to create a LanDeviceLink from it, deleting everything. - delete m_receivedIdentityPackets.take(socket).np; -- delete socket; -+ socket->deleteLater(); - } - - //We received a UDP packet and answered by connecting to them by TCP. This gets called on a successful connection. --- -2.28.0 - diff --git a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-04-Limit-identity-packets-to-8KiB.patch b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-04-Limit-identity-packets-to-8KiB.patch deleted file mode 100644 index e083f5896de..00000000000 --- a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-04-Limit-identity-packets-to-8KiB.patch +++ /dev/null @@ -1,36 +0,0 @@ -From b496e66899e5bc9547b6537a7f44ab44dd0aaf38 Mon Sep 17 00:00:00 2001 -From: Aleix Pol <[email protected]> -Date: Wed, 16 Sep 2020 02:28:58 +0200 -Subject: [PATCH 04/10] Limit identity packets to 8KiB - -Healthy identity packages shouldn't be that big and we don't want to -allow systems around us to send us ever humongous packages that will -just leave us without any memory. - -Thanks Matthias Gerstner <[email protected]> for reporting this. ---- - core/backends/lan/lanlinkprovider.cpp | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/core/backends/lan/lanlinkprovider.cpp b/core/backends/lan/lanlinkprovider.cpp -index 235c221f..1fd3870e 100644 ---- a/core/backends/lan/lanlinkprovider.cpp -+++ b/core/backends/lan/lanlinkprovider.cpp -@@ -381,6 +381,14 @@ void LanLinkProvider::newConnection() - void LanLinkProvider::dataReceived() - { - QSslSocket* socket = qobject_cast<QSslSocket*>(sender()); -+ //the size here is arbitrary and is now at 8192 bytes. It needs to be considerably long as it includes the capabilities but there needs to be a limit -+ //Tested between my systems and I get around 2000 per identity package. -+ if (socket->bytesAvailable() > 8192) { -+ qCWarning(KDECONNECT_CORE) << "LanLinkProvider/newConnection: Suspiciously long identity package received. Closing connection." << socket->peerAddress() << socket->bytesAvailable(); -+ socket->disconnectFromHost(); -+ return; -+ } -+ - #if QT_VERSION < QT_VERSION_CHECK(5,7,0) - if (!socket->canReadLine()) - return; --- -2.28.0 - diff --git a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-05-Do-not-let-lanlink-connections-stay-open-for-long-wi.patch b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-05-Do-not-let-lanlink-connections-stay-open-for-long-wi.patch deleted file mode 100644 index 1465ce48b98..00000000000 --- a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-05-Do-not-let-lanlink-connections-stay-open-for-long-wi.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 5310eae85dbdf92fba30375238a2481f2e34943e Mon Sep 17 00:00:00 2001 -From: Aleix Pol <[email protected]> -Date: Wed, 16 Sep 2020 02:44:38 +0200 -Subject: [PATCH 05/10] Do not let lanlink connections stay open for long - without authenticating - -If there's no information received, close the socket to try again. - -Thanks Matthias Gerstner <[email protected]> for reporting this. ---- - core/backends/lan/lanlinkprovider.cpp | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/core/backends/lan/lanlinkprovider.cpp b/core/backends/lan/lanlinkprovider.cpp -index 1fd3870e..a4942c65 100644 ---- a/core/backends/lan/lanlinkprovider.cpp -+++ b/core/backends/lan/lanlinkprovider.cpp -@@ -374,6 +374,16 @@ void LanLinkProvider::newConnection() - connect(socket, &QIODevice::readyRead, - this, &LanLinkProvider::dataReceived); - -+ QTimer* timer = new QTimer(socket); -+ timer->setSingleShot(true); -+ timer->setInterval(1000); -+ connect(socket, &QSslSocket::encrypted, -+ timer, &QObject::deleteLater); -+ connect(timer, &QTimer::timeout, socket, [socket] { -+ qCWarning(KDECONNECT_CORE) << "LanLinkProvider/newConnection: Host timed out without sending any identity." << socket->peerAddress(); -+ socket->disconnectFromHost(); -+ }); -+ timer->start(); - } - } - --- -2.28.0 - diff --git a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-06-Don-t-brute-force-reading-the-socket.patch b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-06-Don-t-brute-force-reading-the-socket.patch deleted file mode 100644 index 7bb674a8e8f..00000000000 --- a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-06-Don-t-brute-force-reading-the-socket.patch +++ /dev/null @@ -1,102 +0,0 @@ -From 721ba9faafb79aac73973410ee1dd3624ded97a5 Mon Sep 17 00:00:00 2001 -From: Aleix Pol <[email protected]> -Date: Wed, 16 Sep 2020 02:27:13 +0200 -Subject: [PATCH 06/10] Don't brute-force reading the socket - -The package will arrive eventually, and dataReceived will be emitted. -Otherwise we just end up calling dataReceived to no end. - -Thanks Matthias Gerstner <[email protected]> for reporting this. ---- - core/backends/lan/socketlinereader.cpp | 8 ------- - tests/testsocketlinereader.cpp | 31 ++++++++++++++++++++++++-- - 2 files changed, 29 insertions(+), 10 deletions(-) - -diff --git a/core/backends/lan/socketlinereader.cpp b/core/backends/lan/socketlinereader.cpp -index f67fdf3f..da77052a 100644 ---- a/core/backends/lan/socketlinereader.cpp -+++ b/core/backends/lan/socketlinereader.cpp -@@ -38,14 +38,6 @@ void SocketLineReader::dataReceived() - } - } - -- //If we still have things to read from the socket, call dataReceived again -- //We do this manually because we do not trust readyRead to be emitted again -- //So we call this method again just in case. -- if (m_socket->bytesAvailable() > 0) { -- QMetaObject::invokeMethod(this, "dataReceived", Qt::QueuedConnection); -- return; -- } -- - //If we have any packets, tell it to the world. - if (!m_packets.isEmpty()) { - Q_EMIT readyRead(); -diff --git a/tests/testsocketlinereader.cpp b/tests/testsocketlinereader.cpp -index 75584556..b6425b03 100644 ---- a/tests/testsocketlinereader.cpp -+++ b/tests/testsocketlinereader.cpp -@@ -25,16 +25,19 @@ - #include <QProcess> - #include <QEventLoop> - #include <QTimer> -+#include <QSignalSpy> - - class TestSocketLineReader : public QObject - { - Q_OBJECT - public Q_SLOTS: -- void initTestCase(); -+ void init(); -+ void cleanup() { delete m_server; } - void newPacket(); - - private Q_SLOTS: - void socketLineReader(); -+ void badData(); - - private: - QTimer m_timer; -@@ -45,8 +48,9 @@ private: - SocketLineReader* m_reader; - }; - --void TestSocketLineReader::initTestCase() -+void TestSocketLineReader::init() - { -+ m_packets.clear(); - m_server = new Server(this); - - QVERIFY2(m_server->listen(QHostAddress::LocalHost, 8694), "Failed to create local tcp server"); -@@ -97,6 +101,29 @@ void TestSocketLineReader::socketLineReader() - } - } - -+void TestSocketLineReader::badData() -+{ -+ const QList<QByteArray> dataToSend = { "data1\n", "data" }; //does not end in a \n -+ for (const QByteArray& line : qAsConst(dataToSend)) { -+ m_conn->write(line); -+ } -+ m_conn->flush(); -+ -+ QSignalSpy spy(m_server, &QTcpServer::newConnection); -+ QVERIFY(m_server->hasPendingConnections() || spy.wait(1000)); -+ QSslSocket* sock = m_server->nextPendingConnection(); -+ -+ QVERIFY2(sock != nullptr, "Could not open a connection to the client"); -+ -+ m_reader = new SocketLineReader(sock, this); -+ connect(m_reader, &SocketLineReader::readyRead, this, &TestSocketLineReader::newPacket); -+ m_timer.start(); -+ m_loop.exec(); -+ -+ QCOMPARE(m_packets.count(), 1); -+ QCOMPARE(m_packets[0], dataToSend[0]); -+} -+ - void TestSocketLineReader::newPacket() - { - if (!m_reader->bytesAvailable()) { --- -2.28.0 - diff --git a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-07-Limit-number-of-connected-sockets-from-unpaired-devi.patch b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-07-Limit-number-of-connected-sockets-from-unpaired-devi.patch deleted file mode 100644 index 6a6bdb01cb9..00000000000 --- a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-07-Limit-number-of-connected-sockets-from-unpaired-devi.patch +++ /dev/null @@ -1,42 +0,0 @@ -From ae58b9dec49c809b85b5404cee17946116f8a706 Mon Sep 17 00:00:00 2001 -From: Albert Vaca Cintora <[email protected]> -Date: Thu, 24 Sep 2020 17:13:34 +0200 -Subject: [PATCH 07/10] Limit number of connected sockets from unpaired devices - -Thanks Matthias Gerstner <[email protected]> for reporting this. ---- - core/backends/lan/lanlinkprovider.cpp | 11 +++++++++++ - 1 file changed, 11 insertions(+) - -diff --git a/core/backends/lan/lanlinkprovider.cpp b/core/backends/lan/lanlinkprovider.cpp -index a4942c65..770e7866 100644 ---- a/core/backends/lan/lanlinkprovider.cpp -+++ b/core/backends/lan/lanlinkprovider.cpp -@@ -46,6 +46,8 @@ - - #define MIN_VERSION_WITH_SSL_SUPPORT 6 - -+static const int MAX_UNPAIRED_CONNECTIONS = 42; -+ - LanLinkProvider::LanLinkProvider( - bool testMode, - quint16 udpBroadcastPort, -@@ -555,6 +557,15 @@ void LanLinkProvider::addLink(const QString& deviceId, QSslSocket* socket, Netwo - deviceLink->reset(socket, connectionOrigin); - } else { - deviceLink = new LanDeviceLink(deviceId, this, socket, connectionOrigin); -+ // Socket disconnection will now be handled by LanDeviceLink -+ disconnect(socket, &QAbstractSocket::disconnected, socket, &QObject::deleteLater); -+ bool isDeviceTrusted = KdeConnectConfig::instance().trustedDevices().contains(deviceId); -+ if (!isDeviceTrusted && m_links.size() > MAX_UNPAIRED_CONNECTIONS) { -+ qCWarning(KDECONNECT_CORE) << "Too many unpaired devices to remember them all. Ignoring " << deviceId; -+ socket->disconnectFromHost(); -+ socket->deleteLater(); -+ return; -+ } - connect(deviceLink, &QObject::destroyed, this, &LanLinkProvider::deviceLinkDestroyed); - m_links[deviceId] = deviceLink; - if (m_pairingHandlers.contains(deviceId)) { --- -2.28.0 - diff --git a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-08-Do-not-remember-more-than-a-few-identity-packets-at-.patch b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-08-Do-not-remember-more-than-a-few-identity-packets-at-.patch deleted file mode 100644 index 36d612e9cbc..00000000000 --- a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-08-Do-not-remember-more-than-a-few-identity-packets-at-.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 66c768aa9e7fba30b119c8b801efd49ed1270b0a Mon Sep 17 00:00:00 2001 -From: Albert Vaca Cintora <[email protected]> -Date: Thu, 24 Sep 2020 17:16:02 +0200 -Subject: [PATCH 08/10] Do not remember more than a few identity packets at a - time - -To prevent the kdeconnect process from using too much memory. - -Thanks Matthias Gerstner <[email protected]> for reporting this. ---- - core/backends/lan/lanlinkprovider.cpp | 13 +++++++++++++ - 1 file changed, 13 insertions(+) - -diff --git a/core/backends/lan/lanlinkprovider.cpp b/core/backends/lan/lanlinkprovider.cpp -index 770e7866..6afb8552 100644 ---- a/core/backends/lan/lanlinkprovider.cpp -+++ b/core/backends/lan/lanlinkprovider.cpp -@@ -47,6 +47,7 @@ - #define MIN_VERSION_WITH_SSL_SUPPORT 6 - - static const int MAX_UNPAIRED_CONNECTIONS = 42; -+static const int MAX_REMEMBERED_IDENTITY_PACKETS = 42; - - LanLinkProvider::LanLinkProvider( - bool testMode, -@@ -225,6 +226,12 @@ void LanLinkProvider::udpBroadcastReceived() - - //qCDebug(KDECONNECT_CORE) << "Received Udp identity packet from" << sender << " asking for a tcp connection on port " << tcpPort; - -+ if (m_receivedIdentityPackets.size() > MAX_REMEMBERED_IDENTITY_PACKETS) { -+ qCWarning(KDECONNECT_CORE) << "Too many remembered identities, ignoring" << receivedPacket->get<QString>(QStringLiteral("deviceId")) << "received via UDP"; -+ delete receivedPacket; -+ continue; -+ } -+ - QSslSocket* socket = new QSslSocket(this); - socket->setProxy(QNetworkProxy::NoProxy); - m_receivedIdentityPackets[socket].np = receivedPacket; -@@ -435,6 +442,12 @@ void LanLinkProvider::dataReceived() - return; - } - -+ if (m_receivedIdentityPackets.size() > MAX_REMEMBERED_IDENTITY_PACKETS) { -+ qCWarning(KDECONNECT_CORE) << "Too many remembered identities, ignoring" << np->get<QString>(QStringLiteral("deviceId")) << "received via TCP"; -+ delete np; -+ return; -+ } -+ - // Needed in "encrypted" if ssl is used, similar to "tcpSocketConnected" - m_receivedIdentityPackets[socket].np = np; - --- -2.28.0 - diff --git a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-09-Limit-the-ports-we-try-to-connect-to-to-the-port-ran.patch b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-09-Limit-the-ports-we-try-to-connect-to-to-the-port-ran.patch deleted file mode 100644 index c108144632c..00000000000 --- a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-09-Limit-the-ports-we-try-to-connect-to-to-the-port-ran.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 85b691e40f525e22ca5cc4ebe79c361d71d7dc05 Mon Sep 17 00:00:00 2001 -From: Albert Vaca Cintora <[email protected]> -Date: Thu, 24 Sep 2020 17:18:06 +0200 -Subject: [PATCH 09/10] Limit the ports we try to connect to to the port range - of KDE Connect - -So we can't trigger connections to other services. - -Thanks Matthias Gerstner <[email protected]> for reporting this. ---- - core/backends/lan/lanlinkprovider.cpp | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/core/backends/lan/lanlinkprovider.cpp b/core/backends/lan/lanlinkprovider.cpp -index 6afb8552..f3d6801d 100644 ---- a/core/backends/lan/lanlinkprovider.cpp -+++ b/core/backends/lan/lanlinkprovider.cpp -@@ -223,6 +223,11 @@ void LanLinkProvider::udpBroadcastReceived() - } - - int tcpPort = receivedPacket->get<int>(QStringLiteral("tcpPort")); -+ if (tcpPort < MIN_TCP_PORT || tcpPort > MAX_TCP_PORT) { -+ qCDebug(KDECONNECT_CORE) << "TCP port outside of kdeconnect's range"; -+ delete receivedPacket; -+ continue; -+ } - - //qCDebug(KDECONNECT_CORE) << "Received Udp identity packet from" << sender << " asking for a tcp connection on port " << tcpPort; - --- -2.28.0 - diff --git a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-10-Do-not-replace-connections-for-a-given-deviceId-if-t.patch b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-10-Do-not-replace-connections-for-a-given-deviceId-if-t.patch deleted file mode 100644 index d10f0193dac..00000000000 --- a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-10-Do-not-replace-connections-for-a-given-deviceId-if-t.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 48180b46552d40729a36b7431e97bbe2b5379306 Mon Sep 17 00:00:00 2001 -From: Albert Vaca Cintora <[email protected]> -Date: Thu, 24 Sep 2020 18:46:57 +0200 -Subject: [PATCH 10/10] Do not replace connections for a given deviceId if the - certs have changed - -Thanks Matthias Gerstner <[email protected]> for reporting this. ---- - core/backends/lan/landevicelink.cpp | 5 +++++ - core/backends/lan/landevicelink.h | 1 + - core/backends/lan/lanlinkprovider.cpp | 6 ++++++ - 3 files changed, 12 insertions(+) - -diff --git a/core/backends/lan/landevicelink.cpp b/core/backends/lan/landevicelink.cpp -index 8a65fb92..41af6f0e 100644 ---- a/core/backends/lan/landevicelink.cpp -+++ b/core/backends/lan/landevicelink.cpp -@@ -192,3 +192,8 @@ bool LanDeviceLink::linkShouldBeKeptAlive() { - //return (mConnectionSource == ConnectionStarted::Remotely || pairStatus() == Paired); - - } -+ -+QSslCertificate LanDeviceLink::certificate() const -+{ -+ return m_socketLineReader->peerCertificate(); -+} -diff --git a/core/backends/lan/landevicelink.h b/core/backends/lan/landevicelink.h -index 28f63db2..485c58b5 100644 ---- a/core/backends/lan/landevicelink.h -+++ b/core/backends/lan/landevicelink.h -@@ -56,6 +56,7 @@ public: - bool linkShouldBeKeptAlive() override; - - QHostAddress hostAddress() const; -+ QSslCertificate certificate() const; - - private Q_SLOTS: - void dataReceived(); -diff --git a/core/backends/lan/lanlinkprovider.cpp b/core/backends/lan/lanlinkprovider.cpp -index f3d6801d..372cdc8f 100644 ---- a/core/backends/lan/lanlinkprovider.cpp -+++ b/core/backends/lan/lanlinkprovider.cpp -@@ -345,6 +345,12 @@ void LanLinkProvider::encrypted() - NetworkPacket* receivedPacket = m_receivedIdentityPackets[socket].np; - const QString& deviceId = receivedPacket->get<QString>(QStringLiteral("deviceId")); - -+ if (m_links.contains(deviceId) && m_links[deviceId]->certificate() != socket->peerCertificate()) { -+ socket->disconnectFromHost(); -+ qCWarning(KDECONNECT_CORE) << "Got connection for the same deviceId but certificates don't match. Ignoring " << deviceId; -+ return; -+ } -+ - addLink(deviceId, socket, receivedPacket, connectionOrigin); - - // Copied from tcpSocketConnected slot, now delete received packet --- -2.28.0 -
