From a3338edcfa5f477cb3d14f44508c0ebc070e7bbb Mon Sep 17 00:00:00 2001
From: phuzion <398094+phuzion@users.noreply.github.com>
Date: Thu, 17 Jun 2021 16:43:21 -0400
Subject: [PATCH] Added security fix for CVE-2021-34825

---
 quassel.spec                        |  6 +++++-
 quassel_0.13.1_CVE-2021-34825.patch | 18 ++++++++++++++++++
 2 files changed, 23 insertions(+), 1 deletion(-)
 create mode 100644 quassel_0.13.1_CVE-2021-34825.patch

diff --git a/quassel.spec b/quassel.spec
index 6b41a5b..cebc222 100755
--- a/quassel.spec
+++ b/quassel.spec
@@ -4,7 +4,7 @@
 Name:    quassel
 Summary: A modern distributed IRC system
 Version: 0.13.1
-Release: 7%{?dist}
+Release: 8%{?dist}
 
 License: GPLv2 or GPLv3
 URL:     http://quassel-irc.org/
@@ -14,6 +14,7 @@ Source0: http://quassel-irc.org/pub/quassel-%{version}.tar.bz2
 #https://github.com/freebsd/freebsd-ports/blob/b6c49e02ef34b163293e453c7245093cb7668a40/irc/quassel/files/patch-src_common_types.h
 Patch0: https://raw.githubusercontent.com/freebsd/freebsd-ports/b6c49e02ef34b163293e453c7245093cb7668a40/irc/quassel/files/patch-src_common_types.h
 Patch1: %{name}-gcc11.patch
+Patch2: quassel_0.13.1_CVE-2021-34825.patch
 
 BuildRequires: cmake
 BuildRequires: dbusmenu-qt5-devel
@@ -174,6 +175,9 @@ exit 0
 
 
 %changelog
+* Thu Jun 17 2021 Chris Egeland <chris@chrisegeland.com> - 0.13.1-8
+- Added security fix for CVE-2021-34825
+
 * Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 0.13.1-7
 - Rebuilt for updated systemd-rpm-macros
   See https://pagure.io/fesco/issue/2583.
diff --git a/quassel_0.13.1_CVE-2021-34825.patch b/quassel_0.13.1_CVE-2021-34825.patch
new file mode 100644
index 0000000..cd42299
--- /dev/null
+++ b/quassel_0.13.1_CVE-2021-34825.patch
@@ -0,0 +1,18 @@
+diff --git a/src/core/sslserver.cpp b/src/core/sslserver.cpp
+index 9c3c7edc..1c1f05cd 100644
+--- a/src/core/sslserver.cpp
++++ b/src/core/sslserver.cpp
+@@ -49,6 +49,13 @@ SslServer::SslServer(QObject* parent)
+ 
+     // Initialize the certificates for first-time usage
+     if (!loadCerts()) {
++        // If the core is unable to load a certificate, and "--require-ssl" is specified,
++        // do not proceed, throw an exception and quit. This prevents the core from falling
++        // back to a plaintext-only core when they should be expecting SSL/TLS only.
++        if (Quassel::isOptionSet("require-ssl")) {
++            throw ExitException{EXIT_FAILURE, tr("--require-ssl is set, but no SSL certificate is available. Exiting.\n"
++                                                 "Please see https://quassel-irc.org/faq/cert to learn how to enable SSL support.")};
++        }
+         if (!sslWarningShown) {
+             qWarning() << "SslServer: Unable to set certificate file\n"
+                        << "          Quassel Core will still work, but cannot provide SSL for client connections.\n"