[gentoo-commits] repo/gentoo:master commit in: net-irc/quassel/, net-irc/quassel/files/

["Johannes Huber" <johu@gentoo.org>]

commit:     482f523317639f94b7ef195d2d105699e5966d48
Author:     Johannes Huber <johu <AT> gentoo <DOT> org>
AuthorDate: Sat Jan  9 15:57:53 2016 +0000
Commit:     Johannes Huber <johu <AT> gentoo <DOT> org>
CommitDate: Sat Jan  9 15:58:10 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=482f5233

net-irc/quassel: Revision bump for CVE-2015-8547

Add upstream patch to fix CVE-2015-8547.

Gentoo-Bug: 568150

Package-Manager: portage-2.2.26

 .../files/quassel-0.12.2-CVE-2015-8547.patch       | 22 ++++++++++++++++++++++
 ...l-0.12.2-r2.ebuild => quassel-0.12.2-r3.ebuild} |  7 +++++--
 net-irc/quassel/quassel-0.12.2.ebuild              |  2 +-
 3 files changed, 28 insertions(+), 3 deletions(-)

diff --git a/net-irc/quassel/files/quassel-0.12.2-CVE-2015-8547.patch b/net-irc/quassel/files/quassel-0.12.2-CVE-2015-8547.patch
new file mode 100644
index 0000000..cf838c7
--- /dev/null
+++ b/net-irc/quassel/files/quassel-0.12.2-CVE-2015-8547.patch
@@ -0,0 +1,22 @@
+From 476aaa050f26d6a31494631d172724409e4c569b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Konstantin=20Bl=C3=A4si?= <kblaesi@gmail.com>
+Date: Wed, 21 Oct 2015 03:26:02 +0200
+Subject: [PATCH] Fixes a crash of the core when executing "/op *" in a query.
+
+---
+ src/core/coreuserinputhandler.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/core/coreuserinputhandler.cpp b/src/core/coreuserinputhandler.cpp
+index 7887a92..73aac48 100644
+--- a/src/core/coreuserinputhandler.cpp
++++ b/src/core/coreuserinputhandler.cpp
+@@ -228,7 +228,7 @@ void CoreUserInputHandler::doMode(const BufferInfo &bufferInfo, const QChar& add
+     if (!isNumber || maxModes == 0) maxModes = 1;
+ 
+     QStringList nickList;
+-    if (nicks == "*") { // All users in channel
++    if (nicks == "*" && bufferInfo.type() == BufferInfo::ChannelBuffer) { // All users in channel
+         const QList<IrcUser*> users = network()->ircChannel(bufferInfo.bufferName())->ircUsers();
+         foreach(IrcUser *user, users) {
+             if ((addOrRemove == '+' && !network()->ircChannel(bufferInfo.bufferName())->userModes(user).contains(mode))

diff --git a/net-irc/quassel/quassel-0.12.2-r2.ebuild b/net-irc/quassel/quassel-0.12.2-r3.ebuild
similarity index 97%
rename from net-irc/quassel/quassel-0.12.2-r2.ebuild
rename to net-irc/quassel/quassel-0.12.2-r3.ebuild
index 11f6a4f..967f8d0 100644
--- a/net-irc/quassel/quassel-0.12.2-r2.ebuild
+++ b/net-irc/quassel/quassel-0.12.2-r3.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2015 Gentoo Foundation
+# Copyright 1999-2016 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 # $Id$
 
@@ -97,7 +97,10 @@ DEPEND="${RDEPEND}
 
 DOCS=( AUTHORS ChangeLog README )
 
-PATCHES=( "${FILESDIR}/${P}-qt55.patch" )
+PATCHES=(
+	"${FILESDIR}/${P}-qt55.patch"
+	"${FILESDIR}/${P}-CVE-2015-8547.patch"
+)
 
 REQUIRED_USE="
 	|| ( X server monolithic )

diff --git a/net-irc/quassel/quassel-0.12.2.ebuild b/net-irc/quassel/quassel-0.12.2.ebuild
index 470d038..42d536b 100644
--- a/net-irc/quassel/quassel-0.12.2.ebuild
+++ b/net-irc/quassel/quassel-0.12.2.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2015 Gentoo Foundation
+# Copyright 1999-2016 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 # $Id$