MFH: r404119

irc/quassel: Import patch to resolve DoS CVE Approved by: ports-secteam (with hat) Security: CVE-2015-8547
freebsd · Dec 21, 2015 · 9804854 · 9804854
1 parent 2143ab9
commit 9804854
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 0 deletions.
diff --git a/irc/quassel/Makefile b/irc/quassel/Makefile
@@ -3,6 +3,7 @@
 
 PORTNAME=	quassel
 PORTVERSION=	0.11.1
+PORTREVISION=	1
 CATEGORIES=	irc
 MASTER_SITES=	http://www.quassel-irc.org/pub/
 

diff --git a/irc/quassel/files/patch-src_core_coreuserinputhandler.cpp b/irc/quassel/files/patch-src_core_coreuserinputhandler.cpp
@@ -0,0 +1,12 @@
+Fix CVE-2015-8547
+--- src/core/coreuserinputhandler.cpp.orig	2015-04-23 20:47:17 UTC
++++ src/core/coreuserinputhandler.cpp
+@@ -228,7 +228,7 @@ void CoreUserInputHandler::doMode(const 
+     if (!isNumber || maxModes == 0) maxModes = 1;
+
+     QStringList nickList;
+-    if (nicks == "*") { // All users in channel
++    if (nicks == "*" && bufferInfo.type() == BufferInfo::ChannelBuffer) { // All users in channel
+         const QList<IrcUser*> users = network()->ircChannel(bufferInfo.bufferName())->ircUsers();
+         foreach(IrcUser *user, users) {
+             if ((addOrRemove == '+' && !network()->ircChannel(bufferInfo.bufferName())->userModes(user).contains(mode))