pool/quassel
SHA256
6
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

- Apply patch for bnc#958928 CVE-2015-8547:

Browse Source 
* CVE-2015-8547.patch

OBS-URL: https://build.opensuse.org/package/show/KDE:Extra/quassel?expand=0&rev=39
This commit is contained in:
Tomáš Chvátal 2016-02-07 09:52:09 +00:00 committed by Git OBS Bridge
parent 45881f9633
commit b3730a8132
3 changed files with 32 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
CVE-2015-8547.patch Normal file
View File

@ -0,0 +1,22 @@
From 476aaa050f26d6a31494631d172724409e4c569b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Konstantin=20Bl=C3=A4si?= <kblaesi@gmail.com>
Date: Wed, 21 Oct 2015 03:26:02 +0200
Subject: [PATCH] Fixes a crash of the core when executing "/op *" in a query.
---
src/core/coreuserinputhandler.cpp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/coreuserinputhandler.cpp b/src/core/coreuserinputhandler.cpp
index 7887a92..73aac48 100644
--- a/src/core/coreuserinputhandler.cpp
+++ b/src/core/coreuserinputhandler.cpp
@@ -228,7 +228,7 @@ void CoreUserInputHandler::doMode(const BufferInfo &bufferInfo, const QChar& add
if (!isNumber || maxModes == 0) maxModes = 1;
QStringList nickList;
- if (nicks == "*") { // All users in channel
+ if (nicks == "*" && bufferInfo.type() == BufferInfo::ChannelBuffer) { // All users in channel
const QList<IrcUser*> users = network()->ircChannel(bufferInfo.bufferName())->ircUsers();
foreach(IrcUser *user, users) {
if ((addOrRemove == '+' && !network()->ircChannel(bufferInfo.bufferName())->userModes(user).contains(mode))

6
quassel.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Mon Dec 14 12:14:48 UTC 2015 - tchvatal@suse.com
- Apply patch for bnc#958928 CVE-2015-8547:
* CVE-2015-8547.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Sun Nov 15 12:16:24 UTC 2015 - vbabka@suse.com Sun Nov 15 12:16:24 UTC 2015 - vbabka@suse.com

5
quassel.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package quassel # spec file for package quassel
# #
# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -35,6 +35,8 @@ Patch0: quassel-set-required-libs-and-flags.patch
Patch1: Fix-build-with-Qt-5.5.patch Patch1: Fix-build-with-Qt-5.5.patch
# PATCH-FIX-UPSTREAM Fix-rejoining-parted-channels.patch # PATCH-FIX-UPSTREAM Fix-rejoining-parted-channels.patch
Patch2: Fix-rejoining-parted-channels.patch Patch2: Fix-rejoining-parted-channels.patch
# PATCH-FIX-UPSTREAM: fix CVE-2015-8547
Patch3: CVE-2015-8547.patch
BuildRequires: cmake >= 2.8.10 BuildRequires: cmake >= 2.8.10
BuildRequires: extra-cmake-modules BuildRequires: extra-cmake-modules
BuildRequires: fdupes BuildRequires: fdupes
@ -163,6 +165,7 @@ This contains common parts shared by %{name} and %{name}-client
%patch0 -p1 %patch0 -p1
%patch1 -p1 %patch1 -p1
%patch2 -p1 %patch2 -p1
%patch3 -p1
%build %build
FAKE_BUILDDATE=$(LC_ALL=C date -r %{_sourcedir}/%{name}.changes '+%%b %%e %%Y') FAKE_BUILDDATE=$(LC_ALL=C date -r %{_sourcedir}/%{name}.changes '+%%b %%e %%Y')