Added security fix for CVE-2015-8547
This commit is contained in:
parent
5c2a0ad2bb
commit
123f714259
|
@ -1,12 +1,15 @@
|
|||
Name: quassel
|
||||
Summary: A modern distributed IRC system
|
||||
Version: 0.11.1
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
|
||||
License: GPLv2 or GPLv3
|
||||
Group: Applications/Internet
|
||||
URL: http://quassel-irc.org/
|
||||
Source0: http://quassel-irc.org/pub/quassel-%{version}.tar.bz2
|
||||
|
||||
# Backported fix for CVE-2015-8547
|
||||
Patch0: quassel_0.11.1_CVE-2015-8547.diff
|
||||
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
|
||||
|
||||
Buildrequires: cmake
|
||||
|
@ -60,6 +63,7 @@ Quassel client
|
|||
|
||||
%prep
|
||||
%setup -q -n %{name}-%{version}
|
||||
%patch0 -p1
|
||||
|
||||
%build
|
||||
mkdir build
|
||||
|
@ -117,6 +121,9 @@ gtk-update-icon-cache %{_kde4_iconsdir}/hicolor &> /dev/null || :
|
|||
|
||||
|
||||
%changelog
|
||||
* Tue Dec 15 2015 Christian Dersch <lupinix@mailbox.org> - 0.11.1-2
|
||||
- Added security fix for CVE-2015-8547
|
||||
|
||||
* Sat Nov 07 2015 Christian Dersch <lupinix@fedoraproject.org> - 0.11.1-1
|
||||
- upgraded to 0.11.1
|
||||
- new upstream release obsoletes quassel-0.11.0-CTCP-query-crash.patch
|
||||
|
|
|
@ -0,0 +1,12 @@
|
|||
diff -Naur quassel-0.11.1/src/core/coreuserinputhandler.cpp quassel-0.11.1.patched/src/core/coreuserinputhandler.cpp
|
||||
--- quassel-0.11.1/src/core/coreuserinputhandler.cpp 2015-04-23 23:00:06.000000000 +0200
|
||||
+++ quassel-0.11.1.patched/src/core/coreuserinputhandler.cpp 2015-12-15 20:21:56.170741238 +0100
|
||||
@@ -232,7 +232,7 @@
|
||||
if (!isNumber || maxModes == 0) maxModes = 1;
|
||||
|
||||
QStringList nickList;
|
||||
- if (nicks == "*") { // All users in channel
|
||||
+ if (nicks == "*" && bufferInfo.type() == BufferInfo::ChannelBuffer) { // All users in channel
|
||||
const QList<IrcUser*> users = network()->ircChannel(bufferInfo.bufferName())->ircUsers();
|
||||
foreach(IrcUser *user, users) {
|
||||
if ((addOrRemove == '+' && !network()->ircChannel(bufferInfo.bufferName())->userModes(user).contains(mode))
|
Loading…
Reference in New Issue