diffstat of debian/ for quassel_0.10.0-2 quassel_0.10.0-2.2b1

 changelog                   |   24 ++++++++++++++++++++
 patches/CVE-2014-8483.patch |   52 ++++++++++++++++++++++++++++++++++++++++++++
 patches/series              |    2 -
 3 files changed, 77 insertions(+), 1 deletion(-)

--- quassel-0.10.0/debian/changelog	2014-07-04 15:15:24.000000000 +0000
+++ quassel-0.10.0/debian/changelog	2014-11-12 23:09:02.000000000 +0000
@@ -1,3 +1,27 @@
+quassel (1:0.10.0-2.2b1) staging; urgency=high
+
+  * No-change rebuild for Tanglu because of security issue CVE-2014-8483
+
+ -- Thomas Funk <t.funk@web.de>  Thu, 13 Nov 2014 00:08:48 +0100
+
+quassel (1:0.10.0-2.2) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Increment Debian revision and epoch to re-upload 0.10.0-2.1 to
+    unstable containing the fix for #766962 / CVE-2014-8483:
+    out-of-bounds read in ECB Blowfish decryption.
+
+ -- Salvatore Bonaccorso <carnil@debian.org>  Sat, 08 Nov 2014 14:14:56 +0100
+
+quassel (0.10.0-2.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Add CVE-2014-8483.patch patch.
+    CVE-2014-8483: out-of-bounds read in ECB Blowfish decryption.
+    (Closes: #766962)
+
+ -- Salvatore Bonaccorso <carnil@debian.org>  Sun, 02 Nov 2014 19:10:58 +0100
+
 quassel (0.10.0-2) unstable; urgency=low
 
   * Fixing security issue where quassel core certificate is 
--- quassel-0.10.0/debian/patches/CVE-2014-8483.patch	1970-01-01 00:00:00.000000000 +0000
+++ quassel-0.10.0/debian/patches/CVE-2014-8483.patch	2014-10-28 16:03:58.000000000 +0000
@@ -0,0 +1,52 @@
+From 8b5ecd226f9208af3074b33d3b7cf5e14f55b138 Mon Sep 17 00:00:00 2001
+From: Manuel Nickschas <sputnick@quassel-irc.org>
+Date: Tue, 21 Oct 2014 21:20:07 +0200
+Subject: [PATCH] Check for invalid input in encrypted buffers
+
+The ECB Blowfish decryption function assumed that encrypted input would
+always come in blocks of 12 characters, as specified. However, buggy
+clients or annoying people may not adhere to that assumption, causing
+the core to crash while trying to process the invalid base64 input.
+
+With this commit we make sure that we're not overstepping the bounds of
+the input string while decoding it; instead we bail out early and display
+the original input. Fixes #1314.
+
+Thanks to Tucos for finding that one!
+---
+ src/core/cipher.cpp |   11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/src/core/cipher.cpp b/src/core/cipher.cpp
+index 7cc75d0..7d1fe46 100644
+--- a/src/core/cipher.cpp
++++ b/src/core/cipher.cpp
+@@ -364,6 +364,10 @@ QByteArray Cipher::blowfishECB(QByteArray cipherText, bool direction)
+     }
+     else
+     {
++        // ECB Blowfish encodes in blocks of 12 chars, so anything else is malformed input
++        if ((temp.length() % 12) != 0)
++            return cipherText;
++
+         temp = b64ToByte(temp);
+         while ((temp.length() % 8) != 0) temp.append('\0');
+     }
+@@ -376,8 +380,13 @@ QByteArray Cipher::blowfishECB(QByteArray cipherText, bool direction)
+     if (!cipher.ok())
+         return cipherText;
+ 
+-    if (direction)
++    if (direction) {
++        // Sanity check
++        if ((temp2.length() % 8) != 0)
++            return cipherText;
++
+         temp2 = byteToB64(temp2);
++    }
+ 
+     return temp2;
+ }
+-- 
+1.7.10.4
+
--- quassel-0.10.0/debian/patches/series	2012-04-24 22:18:37.000000000 +0000
+++ quassel-0.10.0/debian/patches/series	2014-10-28 16:16:01.000000000 +0000
@@ -1,2 +1,2 @@
 01_default_network_channel.patch
-
+CVE-2014-8483.patch