From 41d68c2fd48cee3b0efcb2b49b3d3bae10c47399594031c4fe586298b726c9a2 Mon Sep 17 00:00:00 2001 From: Christophe Giboudeaux Date: Fri, 2 Oct 2020 15:15:53 +0000 Subject: [PATCH] Accepting request 839167 from home:luca_b:branches:KDE:Applications - Add upstream patches to fix security issues in kdeconnect (CVE-2020-26164, boo#1176268): * 0001-Do-not-leak-the-local-user-in-the-device-name.patch * 0002-Fix-use-after-free-in-LanLinkProvider-connectError.patch * 0003-Limit-identity-packets-to-8KiB.patch * 0004-Do-not-let-lanlink-connections-stay-open-for-long-wi.patch * 0005-Don-t-brute-force-reading-the-socket.patch * 0006-Limit-number-of-connected-sockets-from-unpaired-devi.patch * 0007-Do-not-remember-more-than-a-few-identity-packets-at-.patch * 0008-Limit-the-ports-we-try-to-connect-to-to-the-port-ran.patch * 0009-Do-not-replace-connections-for-a-given-deviceId-if-t.patch OBS-URL: https://build.opensuse.org/request/show/839167 OBS-URL: https://build.opensuse.org/package/show/KDE:Applications/kdeconnect-kde?expand=0&rev=17 --- ...ak-the-local-user-in-the-device-name.patch | 32 ++++++ ...free-in-LanLinkProvider-connectError.patch | 28 +++++ 0003-Limit-identity-packets-to-8KiB.patch | 36 +++++++ ...nk-connections-stay-open-for-long-wi.patch | 37 +++++++ ...Don-t-brute-force-reading-the-socket.patch | 102 ++++++++++++++++++ ...connected-sockets-from-unpaired-devi.patch | 42 ++++++++ ...more-than-a-few-identity-packets-at-.patch | 54 ++++++++++ ...we-try-to-connect-to-to-the-port-ran.patch | 32 ++++++ ...onnections-for-a-given-deviceId-if-t.patch | 58 ++++++++++ kdeconnect-kde.changes | 15 +++ kdeconnect-kde.spec | 20 +++- 11 files changed, 455 insertions(+), 1 deletion(-) create mode 100644 0001-Do-not-leak-the-local-user-in-the-device-name.patch create mode 100644 0002-Fix-use-after-free-in-LanLinkProvider-connectError.patch create mode 100644 0003-Limit-identity-packets-to-8KiB.patch create mode 100644 0004-Do-not-let-lanlink-connections-stay-open-for-long-wi.patch create mode 100644 0005-Don-t-brute-force-reading-the-socket.patch create mode 100644 0006-Limit-number-of-connected-sockets-from-unpaired-devi.patch create mode 100644 0007-Do-not-remember-more-than-a-few-identity-packets-at-.patch create mode 100644 0008-Limit-the-ports-we-try-to-connect-to-to-the-port-ran.patch create mode 100644 0009-Do-not-replace-connections-for-a-given-deviceId-if-t.patch diff --git a/0001-Do-not-leak-the-local-user-in-the-device-name.patch b/0001-Do-not-leak-the-local-user-in-the-device-name.patch new file mode 100644 index 0000000..ee76334 --- /dev/null +++ b/0001-Do-not-leak-the-local-user-in-the-device-name.patch @@ -0,0 +1,32 @@ +From b279c52101d3f7cc30a26086d58de0b5f1c547fa Mon Sep 17 00:00:00 2001 +From: Albert Vaca Cintora +Date: Thu, 24 Sep 2020 17:01:03 +0200 +Subject: [PATCH 1/9] Do not leak the local user in the device name. + +Thanks Matthias Gerstner for reporting this. +--- + core/kdeconnectconfig.cpp | 8 +------- + 1 file changed, 1 insertion(+), 7 deletions(-) + +diff --git a/core/kdeconnectconfig.cpp b/core/kdeconnectconfig.cpp +index 91719303..a8dbcf5c 100644 +--- a/core/kdeconnectconfig.cpp ++++ b/core/kdeconnectconfig.cpp +@@ -90,13 +90,7 @@ KdeConnectConfig::KdeConnectConfig() + + QString KdeConnectConfig::name() + { +- QString username; +- #ifdef Q_OS_WIN +- username = QString::fromLatin1(qgetenv("USERNAME")); +- #else +- username = QString::fromLatin1(qgetenv("USER")); +- #endif +- QString defaultName = username + QStringLiteral("@") + QHostInfo::localHostName(); ++ QString defaultName = QHostInfo::localHostName(); + QString name = d->m_config->value(QStringLiteral("name"), defaultName).toString(); + return name; + } +-- +2.28.0 + diff --git a/0002-Fix-use-after-free-in-LanLinkProvider-connectError.patch b/0002-Fix-use-after-free-in-LanLinkProvider-connectError.patch new file mode 100644 index 0000000..6f253d1 --- /dev/null +++ b/0002-Fix-use-after-free-in-LanLinkProvider-connectError.patch @@ -0,0 +1,28 @@ +From d35b88c1b25fe13715f9170f18674d476ca9acdc Mon Sep 17 00:00:00 2001 +From: Matthias Gerstner +Date: Thu, 24 Sep 2020 17:03:06 +0200 +Subject: [PATCH 2/9] Fix use after free in LanLinkProvider::connectError() + +If QSslSocket::connectToHost() hasn't finished running. + +Thanks Matthias Gerstner for reporting this. +--- + core/backends/lan/lanlinkprovider.cpp | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/core/backends/lan/lanlinkprovider.cpp b/core/backends/lan/lanlinkprovider.cpp +index fc005cee..235c221f 100644 +--- a/core/backends/lan/lanlinkprovider.cpp ++++ b/core/backends/lan/lanlinkprovider.cpp +@@ -252,7 +252,7 @@ void LanLinkProvider::connectError(QAbstractSocket::SocketError socketError) + //The socket we created didn't work, and we didn't manage + //to create a LanDeviceLink from it, deleting everything. + delete m_receivedIdentityPackets.take(socket).np; +- delete socket; ++ socket->deleteLater(); + } + + //We received a UDP packet and answered by connecting to them by TCP. This gets called on a successful connection. +-- +2.28.0 + diff --git a/0003-Limit-identity-packets-to-8KiB.patch b/0003-Limit-identity-packets-to-8KiB.patch new file mode 100644 index 0000000..588d995 --- /dev/null +++ b/0003-Limit-identity-packets-to-8KiB.patch @@ -0,0 +1,36 @@ +From b496e66899e5bc9547b6537a7f44ab44dd0aaf38 Mon Sep 17 00:00:00 2001 +From: Aleix Pol +Date: Wed, 16 Sep 2020 02:28:58 +0200 +Subject: [PATCH 3/9] Limit identity packets to 8KiB + +Healthy identity packages shouldn't be that big and we don't want to +allow systems around us to send us ever humongous packages that will +just leave us without any memory. + +Thanks Matthias Gerstner for reporting this. +--- + core/backends/lan/lanlinkprovider.cpp | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/core/backends/lan/lanlinkprovider.cpp b/core/backends/lan/lanlinkprovider.cpp +index 235c221f..1fd3870e 100644 +--- a/core/backends/lan/lanlinkprovider.cpp ++++ b/core/backends/lan/lanlinkprovider.cpp +@@ -381,6 +381,14 @@ void LanLinkProvider::newConnection() + void LanLinkProvider::dataReceived() + { + QSslSocket* socket = qobject_cast(sender()); ++ //the size here is arbitrary and is now at 8192 bytes. It needs to be considerably long as it includes the capabilities but there needs to be a limit ++ //Tested between my systems and I get around 2000 per identity package. ++ if (socket->bytesAvailable() > 8192) { ++ qCWarning(KDECONNECT_CORE) << "LanLinkProvider/newConnection: Suspiciously long identity package received. Closing connection." << socket->peerAddress() << socket->bytesAvailable(); ++ socket->disconnectFromHost(); ++ return; ++ } ++ + #if QT_VERSION < QT_VERSION_CHECK(5,7,0) + if (!socket->canReadLine()) + return; +-- +2.28.0 + diff --git a/0004-Do-not-let-lanlink-connections-stay-open-for-long-wi.patch b/0004-Do-not-let-lanlink-connections-stay-open-for-long-wi.patch new file mode 100644 index 0000000..c24ef11 --- /dev/null +++ b/0004-Do-not-let-lanlink-connections-stay-open-for-long-wi.patch @@ -0,0 +1,37 @@ +From 5310eae85dbdf92fba30375238a2481f2e34943e Mon Sep 17 00:00:00 2001 +From: Aleix Pol +Date: Wed, 16 Sep 2020 02:44:38 +0200 +Subject: [PATCH 4/9] Do not let lanlink connections stay open for long without + authenticating + +If there's no information received, close the socket to try again. + +Thanks Matthias Gerstner for reporting this. +--- + core/backends/lan/lanlinkprovider.cpp | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/core/backends/lan/lanlinkprovider.cpp b/core/backends/lan/lanlinkprovider.cpp +index 1fd3870e..a4942c65 100644 +--- a/core/backends/lan/lanlinkprovider.cpp ++++ b/core/backends/lan/lanlinkprovider.cpp +@@ -374,6 +374,16 @@ void LanLinkProvider::newConnection() + connect(socket, &QIODevice::readyRead, + this, &LanLinkProvider::dataReceived); + ++ QTimer* timer = new QTimer(socket); ++ timer->setSingleShot(true); ++ timer->setInterval(1000); ++ connect(socket, &QSslSocket::encrypted, ++ timer, &QObject::deleteLater); ++ connect(timer, &QTimer::timeout, socket, [socket] { ++ qCWarning(KDECONNECT_CORE) << "LanLinkProvider/newConnection: Host timed out without sending any identity." << socket->peerAddress(); ++ socket->disconnectFromHost(); ++ }); ++ timer->start(); + } + } + +-- +2.28.0 + diff --git a/0005-Don-t-brute-force-reading-the-socket.patch b/0005-Don-t-brute-force-reading-the-socket.patch new file mode 100644 index 0000000..be3ae61 --- /dev/null +++ b/0005-Don-t-brute-force-reading-the-socket.patch @@ -0,0 +1,102 @@ +From 721ba9faafb79aac73973410ee1dd3624ded97a5 Mon Sep 17 00:00:00 2001 +From: Aleix Pol +Date: Wed, 16 Sep 2020 02:27:13 +0200 +Subject: [PATCH 5/9] Don't brute-force reading the socket + +The package will arrive eventually, and dataReceived will be emitted. +Otherwise we just end up calling dataReceived to no end. + +Thanks Matthias Gerstner for reporting this. +--- + core/backends/lan/socketlinereader.cpp | 8 ------- + tests/testsocketlinereader.cpp | 31 ++++++++++++++++++++++++-- + 2 files changed, 29 insertions(+), 10 deletions(-) + +diff --git a/core/backends/lan/socketlinereader.cpp b/core/backends/lan/socketlinereader.cpp +index f67fdf3f..da77052a 100644 +--- a/core/backends/lan/socketlinereader.cpp ++++ b/core/backends/lan/socketlinereader.cpp +@@ -38,14 +38,6 @@ void SocketLineReader::dataReceived() + } + } + +- //If we still have things to read from the socket, call dataReceived again +- //We do this manually because we do not trust readyRead to be emitted again +- //So we call this method again just in case. +- if (m_socket->bytesAvailable() > 0) { +- QMetaObject::invokeMethod(this, "dataReceived", Qt::QueuedConnection); +- return; +- } +- + //If we have any packets, tell it to the world. + if (!m_packets.isEmpty()) { + Q_EMIT readyRead(); +diff --git a/tests/testsocketlinereader.cpp b/tests/testsocketlinereader.cpp +index 75584556..b6425b03 100644 +--- a/tests/testsocketlinereader.cpp ++++ b/tests/testsocketlinereader.cpp +@@ -25,16 +25,19 @@ + #include + #include + #include ++#include + + class TestSocketLineReader : public QObject + { + Q_OBJECT + public Q_SLOTS: +- void initTestCase(); ++ void init(); ++ void cleanup() { delete m_server; } + void newPacket(); + + private Q_SLOTS: + void socketLineReader(); ++ void badData(); + + private: + QTimer m_timer; +@@ -45,8 +48,9 @@ private: + SocketLineReader* m_reader; + }; + +-void TestSocketLineReader::initTestCase() ++void TestSocketLineReader::init() + { ++ m_packets.clear(); + m_server = new Server(this); + + QVERIFY2(m_server->listen(QHostAddress::LocalHost, 8694), "Failed to create local tcp server"); +@@ -97,6 +101,29 @@ void TestSocketLineReader::socketLineReader() + } + } + ++void TestSocketLineReader::badData() ++{ ++ const QList dataToSend = { "data1\n", "data" }; //does not end in a \n ++ for (const QByteArray& line : qAsConst(dataToSend)) { ++ m_conn->write(line); ++ } ++ m_conn->flush(); ++ ++ QSignalSpy spy(m_server, &QTcpServer::newConnection); ++ QVERIFY(m_server->hasPendingConnections() || spy.wait(1000)); ++ QSslSocket* sock = m_server->nextPendingConnection(); ++ ++ QVERIFY2(sock != nullptr, "Could not open a connection to the client"); ++ ++ m_reader = new SocketLineReader(sock, this); ++ connect(m_reader, &SocketLineReader::readyRead, this, &TestSocketLineReader::newPacket); ++ m_timer.start(); ++ m_loop.exec(); ++ ++ QCOMPARE(m_packets.count(), 1); ++ QCOMPARE(m_packets[0], dataToSend[0]); ++} ++ + void TestSocketLineReader::newPacket() + { + if (!m_reader->bytesAvailable()) { +-- +2.28.0 + diff --git a/0006-Limit-number-of-connected-sockets-from-unpaired-devi.patch b/0006-Limit-number-of-connected-sockets-from-unpaired-devi.patch new file mode 100644 index 0000000..719dac6 --- /dev/null +++ b/0006-Limit-number-of-connected-sockets-from-unpaired-devi.patch @@ -0,0 +1,42 @@ +From ae58b9dec49c809b85b5404cee17946116f8a706 Mon Sep 17 00:00:00 2001 +From: Albert Vaca Cintora +Date: Thu, 24 Sep 2020 17:13:34 +0200 +Subject: [PATCH 6/9] Limit number of connected sockets from unpaired devices + +Thanks Matthias Gerstner for reporting this. +--- + core/backends/lan/lanlinkprovider.cpp | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/core/backends/lan/lanlinkprovider.cpp b/core/backends/lan/lanlinkprovider.cpp +index a4942c65..770e7866 100644 +--- a/core/backends/lan/lanlinkprovider.cpp ++++ b/core/backends/lan/lanlinkprovider.cpp +@@ -46,6 +46,8 @@ + + #define MIN_VERSION_WITH_SSL_SUPPORT 6 + ++static const int MAX_UNPAIRED_CONNECTIONS = 42; ++ + LanLinkProvider::LanLinkProvider( + bool testMode, + quint16 udpBroadcastPort, +@@ -555,6 +557,15 @@ void LanLinkProvider::addLink(const QString& deviceId, QSslSocket* socket, Netwo + deviceLink->reset(socket, connectionOrigin); + } else { + deviceLink = new LanDeviceLink(deviceId, this, socket, connectionOrigin); ++ // Socket disconnection will now be handled by LanDeviceLink ++ disconnect(socket, &QAbstractSocket::disconnected, socket, &QObject::deleteLater); ++ bool isDeviceTrusted = KdeConnectConfig::instance().trustedDevices().contains(deviceId); ++ if (!isDeviceTrusted && m_links.size() > MAX_UNPAIRED_CONNECTIONS) { ++ qCWarning(KDECONNECT_CORE) << "Too many unpaired devices to remember them all. Ignoring " << deviceId; ++ socket->disconnectFromHost(); ++ socket->deleteLater(); ++ return; ++ } + connect(deviceLink, &QObject::destroyed, this, &LanLinkProvider::deviceLinkDestroyed); + m_links[deviceId] = deviceLink; + if (m_pairingHandlers.contains(deviceId)) { +-- +2.28.0 + diff --git a/0007-Do-not-remember-more-than-a-few-identity-packets-at-.patch b/0007-Do-not-remember-more-than-a-few-identity-packets-at-.patch new file mode 100644 index 0000000..fc39209 --- /dev/null +++ b/0007-Do-not-remember-more-than-a-few-identity-packets-at-.patch @@ -0,0 +1,54 @@ +From 66c768aa9e7fba30b119c8b801efd49ed1270b0a Mon Sep 17 00:00:00 2001 +From: Albert Vaca Cintora +Date: Thu, 24 Sep 2020 17:16:02 +0200 +Subject: [PATCH 7/9] Do not remember more than a few identity packets at a + time + +To prevent the kdeconnect process from using too much memory. + +Thanks Matthias Gerstner for reporting this. +--- + core/backends/lan/lanlinkprovider.cpp | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/core/backends/lan/lanlinkprovider.cpp b/core/backends/lan/lanlinkprovider.cpp +index 770e7866..6afb8552 100644 +--- a/core/backends/lan/lanlinkprovider.cpp ++++ b/core/backends/lan/lanlinkprovider.cpp +@@ -47,6 +47,7 @@ + #define MIN_VERSION_WITH_SSL_SUPPORT 6 + + static const int MAX_UNPAIRED_CONNECTIONS = 42; ++static const int MAX_REMEMBERED_IDENTITY_PACKETS = 42; + + LanLinkProvider::LanLinkProvider( + bool testMode, +@@ -225,6 +226,12 @@ void LanLinkProvider::udpBroadcastReceived() + + //qCDebug(KDECONNECT_CORE) << "Received Udp identity packet from" << sender << " asking for a tcp connection on port " << tcpPort; + ++ if (m_receivedIdentityPackets.size() > MAX_REMEMBERED_IDENTITY_PACKETS) { ++ qCWarning(KDECONNECT_CORE) << "Too many remembered identities, ignoring" << receivedPacket->get(QStringLiteral("deviceId")) << "received via UDP"; ++ delete receivedPacket; ++ continue; ++ } ++ + QSslSocket* socket = new QSslSocket(this); + socket->setProxy(QNetworkProxy::NoProxy); + m_receivedIdentityPackets[socket].np = receivedPacket; +@@ -435,6 +442,12 @@ void LanLinkProvider::dataReceived() + return; + } + ++ if (m_receivedIdentityPackets.size() > MAX_REMEMBERED_IDENTITY_PACKETS) { ++ qCWarning(KDECONNECT_CORE) << "Too many remembered identities, ignoring" << np->get(QStringLiteral("deviceId")) << "received via TCP"; ++ delete np; ++ return; ++ } ++ + // Needed in "encrypted" if ssl is used, similar to "tcpSocketConnected" + m_receivedIdentityPackets[socket].np = np; + +-- +2.28.0 + diff --git a/0008-Limit-the-ports-we-try-to-connect-to-to-the-port-ran.patch b/0008-Limit-the-ports-we-try-to-connect-to-to-the-port-ran.patch new file mode 100644 index 0000000..f612e03 --- /dev/null +++ b/0008-Limit-the-ports-we-try-to-connect-to-to-the-port-ran.patch @@ -0,0 +1,32 @@ +From 85b691e40f525e22ca5cc4ebe79c361d71d7dc05 Mon Sep 17 00:00:00 2001 +From: Albert Vaca Cintora +Date: Thu, 24 Sep 2020 17:18:06 +0200 +Subject: [PATCH 8/9] Limit the ports we try to connect to to the port range of + KDE Connect + +So we can't trigger connections to other services. + +Thanks Matthias Gerstner for reporting this. +--- + core/backends/lan/lanlinkprovider.cpp | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/core/backends/lan/lanlinkprovider.cpp b/core/backends/lan/lanlinkprovider.cpp +index 6afb8552..f3d6801d 100644 +--- a/core/backends/lan/lanlinkprovider.cpp ++++ b/core/backends/lan/lanlinkprovider.cpp +@@ -223,6 +223,11 @@ void LanLinkProvider::udpBroadcastReceived() + } + + int tcpPort = receivedPacket->get(QStringLiteral("tcpPort")); ++ if (tcpPort < MIN_TCP_PORT || tcpPort > MAX_TCP_PORT) { ++ qCDebug(KDECONNECT_CORE) << "TCP port outside of kdeconnect's range"; ++ delete receivedPacket; ++ continue; ++ } + + //qCDebug(KDECONNECT_CORE) << "Received Udp identity packet from" << sender << " asking for a tcp connection on port " << tcpPort; + +-- +2.28.0 + diff --git a/0009-Do-not-replace-connections-for-a-given-deviceId-if-t.patch b/0009-Do-not-replace-connections-for-a-given-deviceId-if-t.patch new file mode 100644 index 0000000..34b8033 --- /dev/null +++ b/0009-Do-not-replace-connections-for-a-given-deviceId-if-t.patch @@ -0,0 +1,58 @@ +From 48180b46552d40729a36b7431e97bbe2b5379306 Mon Sep 17 00:00:00 2001 +From: Albert Vaca Cintora +Date: Thu, 24 Sep 2020 18:46:57 +0200 +Subject: [PATCH 9/9] Do not replace connections for a given deviceId if the + certs have changed + +Thanks Matthias Gerstner for reporting this. +--- + core/backends/lan/landevicelink.cpp | 5 +++++ + core/backends/lan/landevicelink.h | 1 + + core/backends/lan/lanlinkprovider.cpp | 6 ++++++ + 3 files changed, 12 insertions(+) + +diff --git a/core/backends/lan/landevicelink.cpp b/core/backends/lan/landevicelink.cpp +index 8a65fb92..41af6f0e 100644 +--- a/core/backends/lan/landevicelink.cpp ++++ b/core/backends/lan/landevicelink.cpp +@@ -192,3 +192,8 @@ bool LanDeviceLink::linkShouldBeKeptAlive() { + //return (mConnectionSource == ConnectionStarted::Remotely || pairStatus() == Paired); + + } ++ ++QSslCertificate LanDeviceLink::certificate() const ++{ ++ return m_socketLineReader->peerCertificate(); ++} +diff --git a/core/backends/lan/landevicelink.h b/core/backends/lan/landevicelink.h +index 28f63db2..485c58b5 100644 +--- a/core/backends/lan/landevicelink.h ++++ b/core/backends/lan/landevicelink.h +@@ -56,6 +56,7 @@ public: + bool linkShouldBeKeptAlive() override; + + QHostAddress hostAddress() const; ++ QSslCertificate certificate() const; + + private Q_SLOTS: + void dataReceived(); +diff --git a/core/backends/lan/lanlinkprovider.cpp b/core/backends/lan/lanlinkprovider.cpp +index f3d6801d..372cdc8f 100644 +--- a/core/backends/lan/lanlinkprovider.cpp ++++ b/core/backends/lan/lanlinkprovider.cpp +@@ -345,6 +345,12 @@ void LanLinkProvider::encrypted() + NetworkPacket* receivedPacket = m_receivedIdentityPackets[socket].np; + const QString& deviceId = receivedPacket->get(QStringLiteral("deviceId")); + ++ if (m_links.contains(deviceId) && m_links[deviceId]->certificate() != socket->peerCertificate()) { ++ socket->disconnectFromHost(); ++ qCWarning(KDECONNECT_CORE) << "Got connection for the same deviceId but certificates don't match. Ignoring " << deviceId; ++ return; ++ } ++ + addLink(deviceId, socket, receivedPacket, connectionOrigin); + + // Copied from tcpSocketConnected slot, now delete received packet +-- +2.28.0 + diff --git a/kdeconnect-kde.changes b/kdeconnect-kde.changes index 0af03dd..3a0edc9 100644 --- a/kdeconnect-kde.changes +++ b/kdeconnect-kde.changes @@ -1,3 +1,18 @@ +------------------------------------------------------------------- +Fri Oct 2 13:43:04 UTC 2020 - Luca Beltrame + +- Add upstream patches to fix security issues in kdeconnect + (CVE-2020-26164, boo#1176268): + * 0001-Do-not-leak-the-local-user-in-the-device-name.patch + * 0002-Fix-use-after-free-in-LanLinkProvider-connectError.patch + * 0003-Limit-identity-packets-to-8KiB.patch + * 0004-Do-not-let-lanlink-connections-stay-open-for-long-wi.patch + * 0005-Don-t-brute-force-reading-the-socket.patch + * 0006-Limit-number-of-connected-sockets-from-unpaired-devi.patch + * 0007-Do-not-remember-more-than-a-few-identity-packets-at-.patch + * 0008-Limit-the-ports-we-try-to-connect-to-to-the-port-ran.patch + * 0009-Do-not-replace-connections-for-a-given-deviceId-if-t.patch + ------------------------------------------------------------------- Tue Sep 1 20:49:36 UTC 2020 - Luca Beltrame diff --git a/kdeconnect-kde.spec b/kdeconnect-kde.spec index 430af40..6ace58a 100644 --- a/kdeconnect-kde.spec +++ b/kdeconnect-kde.spec @@ -32,6 +32,24 @@ Source1: https://download.kde.org/stable/release-service/%{version}/src/% %endif Source100: kdeconnect-kde.SuSEfirewall Source101: kdeconnect-kde-firewalld.xml +# PATCH-FIX-UPSTREAM +Patch1: 0001-Do-not-leak-the-local-user-in-the-device-name.patch +# PATCH-FIX-UPSTREAM +Patch2: 0002-Fix-use-after-free-in-LanLinkProvider-connectError.patch +# PATCH-FIX-UPSTREAM +Patch3: 0003-Limit-identity-packets-to-8KiB.patch +# PATCH-FIX-UPSTREAM +Patch4: 0004-Do-not-let-lanlink-connections-stay-open-for-long-wi.patch +# PATCH-FIX-UPSTREAM +Patch5: 0005-Don-t-brute-force-reading-the-socket.patch +# PATCH-FIX-UPSTREAM +Patch6: 0006-Limit-number-of-connected-sockets-from-unpaired-devi.patch +# PATCH-FIX-UPSTREAM +Patch7: 0007-Do-not-remember-more-than-a-few-identity-packets-at-.patch +# PATCH-FIX-UPSTREAM +Patch8: 0008-Limit-the-ports-we-try-to-connect-to-to-the-port-ran.patch +# PATCH-FIX-UPSTREAM +Patch9: 0009-Do-not-replace-connections-for-a-given-deviceId-if-t.patch BuildRequires: cmake >= 3.0 BuildRequires: extra-cmake-modules BuildRequires: kf5-filesystem @@ -91,7 +109,7 @@ ZSH command line completion support for %{name}. %lang_package %prep -%setup -q +%autosetup -p1 %build %cmake_kf5 -d build