From b3730a8132c04689e72a6f4a41897fc8b931a270cbe23ffddae0b1f1c9c364c6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= <tchvatal@suse.com>
Date: Sun, 7 Feb 2016 09:52:09 +0000
Subject: [PATCH 1/3] - Apply patch for bnc#958928 CVE-2015-8547:   *
 CVE-2015-8547.patch

OBS-URL: https://build.opensuse.org/package/show/KDE:Extra/quassel?expand=0&rev=39
---
 CVE-2015-8547.patch | 22 ++++++++++++++++++++++
 quassel.changes     |  6 ++++++
 quassel.spec        |  5 ++++-
 3 files changed, 32 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2015-8547.patch

diff --git a/CVE-2015-8547.patch b/CVE-2015-8547.patch
new file mode 100644
index 0000000..a32dcfb
--- /dev/null
+++ b/CVE-2015-8547.patch
@@ -0,0 +1,22 @@
+From 476aaa050f26d6a31494631d172724409e4c569b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Konstantin=20Bl=C3=A4si?= <kblaesi@gmail.com>
+Date: Wed, 21 Oct 2015 03:26:02 +0200
+Subject: [PATCH] Fixes a crash of the core when executing "/op *" in a query.
+
+---
+ src/core/coreuserinputhandler.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/core/coreuserinputhandler.cpp b/src/core/coreuserinputhandler.cpp
+index 7887a92..73aac48 100644
+--- a/src/core/coreuserinputhandler.cpp
++++ b/src/core/coreuserinputhandler.cpp
+@@ -228,7 +228,7 @@ void CoreUserInputHandler::doMode(const BufferInfo &bufferInfo, const QChar& add
+     if (!isNumber || maxModes == 0) maxModes = 1;
+ 
+     QStringList nickList;
+-    if (nicks == "*") { // All users in channel
++    if (nicks == "*" && bufferInfo.type() == BufferInfo::ChannelBuffer) { // All users in channel
+         const QList<IrcUser*> users = network()->ircChannel(bufferInfo.bufferName())->ircUsers();
+         foreach(IrcUser *user, users) {
+             if ((addOrRemove == '+' && !network()->ircChannel(bufferInfo.bufferName())->userModes(user).contains(mode))
diff --git a/quassel.changes b/quassel.changes
index 19e018b..d583362 100644
--- a/quassel.changes
+++ b/quassel.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon Dec 14 12:14:48 UTC 2015 - tchvatal@suse.com
+
+- Apply patch for bnc#958928 CVE-2015-8547:
+  * CVE-2015-8547.patch
+
 -------------------------------------------------------------------
 Sun Nov 15 12:16:24 UTC 2015 - vbabka@suse.com
 
diff --git a/quassel.spec b/quassel.spec
index 93b0290..335e8c7 100644
--- a/quassel.spec
+++ b/quassel.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package quassel
 #
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -35,6 +35,8 @@ Patch0:         quassel-set-required-libs-and-flags.patch
 Patch1:         Fix-build-with-Qt-5.5.patch
 # PATCH-FIX-UPSTREAM Fix-rejoining-parted-channels.patch
 Patch2:         Fix-rejoining-parted-channels.patch
+# PATCH-FIX-UPSTREAM: fix CVE-2015-8547
+Patch3:         CVE-2015-8547.patch
 BuildRequires:  cmake >= 2.8.10
 BuildRequires:  extra-cmake-modules
 BuildRequires:  fdupes
@@ -163,6 +165,7 @@ This contains common parts shared by %{name} and %{name}-client
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1
 
 %build
 FAKE_BUILDDATE=$(LC_ALL=C date -r %{_sourcedir}/%{name}.changes '+%%b %%e %%Y')

From adeffae8d6cd1247baeb75243c73045b39cfb405815217e84ae64ebd2c9263dc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= <tchvatal@suse.com>
Date: Sun, 7 Feb 2016 13:10:03 +0000
Subject: [PATCH 2/3] - Allow building kde and non-kde based quassel version -
 Move quasselclient desktop to base so both variants don't have to   rename
 the file - Introduce quasselclient-qt5 subpackage - Use update-alternatives
 to switch between kde/qt5 versions

OBS-URL: https://build.opensuse.org/package/show/KDE:Extra/quassel?expand=0&rev=40
---
 quassel.changes |  9 ++++++++
 quassel.spec    | 59 +++++++++++++++++++++++++++++++++++++++++++++++--
 2 files changed, 66 insertions(+), 2 deletions(-)

diff --git a/quassel.changes b/quassel.changes
index d583362..3aec7e5 100644
--- a/quassel.changes
+++ b/quassel.changes
@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Sun Feb  7 10:04:26 UTC 2016 - tchvatal@suse.com
+
+- Allow building kde and non-kde based quassel version
+- Move quasselclient desktop to base so both variants don't have to
+  rename the file
+- Introduce quasselclient-qt5 subpackage
+- Use update-alternatives to switch between kde/qt5 versions
+
 -------------------------------------------------------------------
 Mon Dec 14 12:14:48 UTC 2015 - tchvatal@suse.com
 
diff --git a/quassel.spec b/quassel.spec
index 335e8c7..bfbdf14 100644
--- a/quassel.spec
+++ b/quassel.spec
@@ -120,7 +120,25 @@ Linux®, Windows®, and MacOS X® as well as Qtopia-based cell phones and PDAs),
 making communication with your peers not only convenient, but also ubiquitous
 available.
 
-This is the quassel client only
+This is the quassel KDE client only
+
+%package client-qt5
+Summary:        Modern, cross-platform, distributed IRC client
+Group:          Productivity/Networking/IRC
+Requires:       %{name}-base = %{version}
+Provides:       %{name}_ui = %{version}
+
+%description client-qt5
+Quassel IRC is a modern, cross-platform, distributed IRC client, meaning that
+one (or multiple) client(s) can attach to and detach from a central core --
+much like the popular combination of screen and a text-based IRC client such
+as WeeChat, but graphical. In addition to this uniqe feature, we aim to bring
+a pleasurable, comfortable chatting experience to all major platforms (including
+Linux®, Windows®, and MacOS X® as well as Qtopia-based cell phones and PDAs),
+making communication with your peers not only convenient, but also ubiquitous
+available.
+
+This is the quassel Qt5 client only
 
 %package core
 Summary:        Modern, cross-platform, distributed IRC client
@@ -175,9 +193,21 @@ sed -i "s/__TIME__/\"$FAKE_BUILDTIME\"/" src/common/main.cpp src/common/quassel.
 
 %cmake_kf5 -d build -- -DUSE_QT5=ON -DWITH_WEBKIT=ON -DWITH_KDE=ON
 make %{?_smp_mflags}
+cd ..
+%cmake_kf5 -d build-qt5 -- -DUSE_QT5=ON -DWITH_WEBKIT=ON -DWITH_KDE=OFF
+make %{?_smp_mflags}
 
 %install
 %kf5_makeinstall -C build
+
+# Allow client qt5/kde co-install
+mv %{buildroot}%{_bindir}/quasselclient %{buildroot}%{_bindir}/quasselclient-kde
+install build-qt5/quasselclient %{buildroot}%{_bindir}/quasselclient-qt5
+# Alternatives
+mkdir -p %{buildroot}%{_sysconfdir}/alternatives
+touch %{buildroot}%{_sysconfdir}/alternatives/quasselclient
+ln -sf %{_sysconfdir}/alternatives/quasselclient %{buildroot}%{_bindir}/quasselclient
+
 %fdupes %{buildroot}
 install -d -m 755 %{buildroot}%{_localstatedir}/lib/%{name}core
 install -d -m 755 %{buildroot}%{_sbindir}
@@ -212,6 +242,22 @@ install -D -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.
 %postun base
 %icon_theme_cache_postun
 
+%post client
+update-alternatives --install %{_bindir}/quasselclient quasselclient %{_bindir}/quasselclient-kde 20
+
+%postun client
+if [ $1 -eq 0 ] ; then
+    update-alternatives --remove quasselclient %{_bindir}/quasselclient-kde
+fi
+
+%post client-qt5
+update-alternatives --install %{_bindir}/quasselclient quasselclient %{_bindir}/quasselclient-kde 10
+
+%postun client-qt5
+if [ $1 -eq 0 ] ; then
+    update-alternatives --remove quasselclient %{_bindir}/quasselclient-qt5
+fi
+
 %files mono
 %defattr(-,root,root)
 %doc AUTHORS ChangeLog README
@@ -221,7 +267,15 @@ install -D -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.
 %files client
 %defattr(-,root,root)
 %doc AUTHORS ChangeLog README
-%{_datadir}/applications/%{name}client.desktop
+%{_bindir}/%{name}client-kde
+%ghost %{_sysconfdir}/alternatives/quasselclient
+%{_bindir}/%{name}client
+
+%files client-qt5
+%defattr(-,root,root)
+%doc AUTHORS ChangeLog README
+%{_bindir}/%{name}client-qt5
+%ghost %{_sysconfdir}/alternatives/quasselclient
 %{_bindir}/%{name}client
 
 %files core
@@ -238,6 +292,7 @@ install -D -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.
 
 %files base
 %defattr(-,root,root)
+%{_datadir}/applications/%{name}client.desktop
 %{_datadir}/pixmaps/%{name}.png
 %dir %{_datadir}/%{name}
 %{_datadir}/%{name}

From b0f3bc913031f371776e518b40f5dcbf184735f18db5b9ea49d95f86aee021e9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= <tchvatal@suse.com>
Date: Sun, 7 Feb 2016 14:16:44 +0000
Subject: [PATCH 3/3] OBS-URL:
 https://build.opensuse.org/package/show/KDE:Extra/quassel?expand=0&rev=41

---
 quassel.spec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/quassel.spec b/quassel.spec
index bfbdf14..48f7494 100644
--- a/quassel.spec
+++ b/quassel.spec
@@ -251,7 +251,7 @@ if [ $1 -eq 0 ] ; then
 fi
 
 %post client-qt5
-update-alternatives --install %{_bindir}/quasselclient quasselclient %{_bindir}/quasselclient-kde 10
+update-alternatives --install %{_bindir}/quasselclient quasselclient %{_bindir}/quasselclient-qt5 10
 
 %postun client-qt5
 if [ $1 -eq 0 ] ; then