Added security fix for CVE-2021-34825
This commit is contained in:
parent
0f54b9715e
commit
83d9f52120
|
@ -9,6 +9,7 @@ URL: http://quassel-irc.org/
|
|||
Source0: http://quassel-irc.org/pub/quassel-%{version}.tar.bz2
|
||||
|
||||
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
|
||||
Patch0: quassel_0.12.5_CVE-2021-34825.patch
|
||||
|
||||
Buildrequires: cmake
|
||||
BuildRequires: desktop-file-utils
|
||||
|
|
|
@ -0,0 +1,18 @@
|
|||
diff --git a/src/core/sslserver.cpp b/src/core/sslserver.cpp
|
||||
index 9c3c7edc..1c1f05cd 100644
|
||||
--- a/src/core/sslserver.cpp
|
||||
+++ b/src/core/sslserver.cpp
|
||||
@@ -49,6 +49,13 @@ SslServer::SslServer(QObject* parent)
|
||||
|
||||
// Initialize the certificates for first-time usage
|
||||
if (!loadCerts()) {
|
||||
+ // If the core is unable to load a certificate, and "--require-ssl" is specified,
|
||||
+ // do not proceed, throw an exception and quit. This prevents the core from falling
|
||||
+ // back to a plaintext-only core when they should be expecting SSL/TLS only.
|
||||
+ if (Quassel::isOptionSet("require-ssl")) {
|
||||
+ throw ExitException{EXIT_FAILURE, tr("--require-ssl is set, but no SSL certificate is available. Exiting.\n"
|
||||
+ "Please see https://quassel-irc.org/faq/cert to learn how to enable SSL support.")};
|
||||
+ }
|
||||
if (!sslWarningShown) {
|
||||
qWarning() << "SslServer: Unable to set certificate file\n"
|
||||
<< " Quassel Core will still work, but cannot provide SSL for client connections.\n"
|
Loading…
Reference in New Issue