Added security fix for CVE-2015-8547
This commit is contained in:
parent
fac88491dc
commit
ce4480e364
12
quassel.spec
12
quassel.spec
|
@ -1,7 +1,7 @@
|
||||||
Name: quassel
|
Name: quassel
|
||||||
Summary: A modern distributed IRC system
|
Summary: A modern distributed IRC system
|
||||||
Version: 0.12.2
|
Version: 0.12.2
|
||||||
Release: 5%{?dist}
|
Release: 6%{?dist}
|
||||||
|
|
||||||
License: GPLv2 or GPLv3
|
License: GPLv2 or GPLv3
|
||||||
Group: Applications/Internet
|
Group: Applications/Internet
|
||||||
|
@ -23,9 +23,8 @@ Provides: %{name}-gui = %{version}-%{release}
|
||||||
|
|
||||||
Requires: %{name}-common = %{version}-%{release}
|
Requires: %{name}-common = %{version}-%{release}
|
||||||
|
|
||||||
# BZ1205130 - CTCP query Denial of Service
|
# Backported fix for CVE-2015-8547
|
||||||
## Upstream patch git commit id b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8
|
Patch0: quassel_0.11.1_CVE-2015-8547.diff
|
||||||
#Patch0: quassel-0.11.0-CTCP-query-crash.patch
|
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Quassel IRC is a modern, distributed IRC client,
|
Quassel IRC is a modern, distributed IRC client,
|
||||||
|
@ -67,7 +66,7 @@ Quassel client
|
||||||
%prep
|
%prep
|
||||||
%setup -q -n %{name}-%{version}
|
%setup -q -n %{name}-%{version}
|
||||||
|
|
||||||
#%patch0 -p1
|
%patch0 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
mkdir build
|
mkdir build
|
||||||
|
@ -125,6 +124,9 @@ gtk-update-icon-cache %{_kde4_iconsdir}/hicolor &> /dev/null || :
|
||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Dec 15 2015 Christian Dersch <lupinix@mailbox.org> - 0.12.2-6
|
||||||
|
- Added security fix for CVE-2015-8547
|
||||||
|
|
||||||
* Thu Sep 24 2015 Adam Miller <maxamillion@fedoraproject.org> - 0.12.2-5
|
* Thu Sep 24 2015 Adam Miller <maxamillion@fedoraproject.org> - 0.12.2-5
|
||||||
- Bump spec release because I typo'd and now it's in koji forever
|
- Bump spec release because I typo'd and now it's in koji forever
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,12 @@
|
||||||
|
diff -Naur quassel-0.11.1/src/core/coreuserinputhandler.cpp quassel-0.11.1.patched/src/core/coreuserinputhandler.cpp
|
||||||
|
--- quassel-0.11.1/src/core/coreuserinputhandler.cpp 2015-04-23 23:00:06.000000000 +0200
|
||||||
|
+++ quassel-0.11.1.patched/src/core/coreuserinputhandler.cpp 2015-12-15 20:21:56.170741238 +0100
|
||||||
|
@@ -232,7 +232,7 @@
|
||||||
|
if (!isNumber || maxModes == 0) maxModes = 1;
|
||||||
|
|
||||||
|
QStringList nickList;
|
||||||
|
- if (nicks == "*") { // All users in channel
|
||||||
|
+ if (nicks == "*" && bufferInfo.type() == BufferInfo::ChannelBuffer) { // All users in channel
|
||||||
|
const QList<IrcUser*> users = network()->ircChannel(bufferInfo.bufferName())->ircUsers();
|
||||||
|
foreach(IrcUser *user, users) {
|
||||||
|
if ((addOrRemove == '+' && !network()->ircChannel(bufferInfo.bufferName())->userModes(user).contains(mode))
|
Loading…
Reference in New Issue