Last commit made on 2015-04-23
Get this branch:
git clone -b 0.11 https://git.launchpad.net/~mamarley/quassel/+git/trunk

Branch merges

Branch information


Recent commits

274063c... by Manuel Nickschas

Bump version for release

ea3c19c... by Michael Marley

Execute initDbSession() on DB reconnects

Previously, the initDbSession() function would only be run on the
initial connect. Since the initDbSession() code in PostgreSQL is
used to fix the CVE-2013-4422 SQL Injection bug, this means that
Quassel was still vulnerable to that CVE if the PostgreSQL server
is restarted or the connection is lost at any point while Quassel
is running.

This bug also causes the Qt5 psql timezone fix to stop working
after a reconnect.

The fix is to disable Qt's automatic reconnecting, check the
connection status ourselves, and reconnect if necessary, executing
the initDbSession() function afterward.

528493c... by Michael Marley

Set the PostgreSQL session timezone to 'UTC'

With Qt5, the PostgreSQL driver will transparently convert times
to the database's timezone before inserting. Because the default
is 'localtime', this causes the local time to be stored in the DB
instead of the UTC time. This in turn causes the time displayed
in the client to be wrong by the same offset as that timezone's
offset. To fix the issue, just make sure the PostgreSQL is in the
'UTC' timezone, so the passed UTC time will not be converted.

5824da2... by Michael Marley

Improve the message-splitting algorithm for PRIVMSG and CTCP

This introduces a new message splitting algorithm based on
QTextBoundaryFinder. It works by first starting with the entire
message to be sent, encoding it, and checking to see if it is over
the maximum message length. If it is, it uses QTBF to find the
word boundary most immediately preceding the maximum length. If no
suitable boundary can be found, it falls back to searching for
grapheme boundaries. It repeats this process until the entire
message has been sent.

Unlike what it replaces, the new splitting code is not recursive
and cannot cause stack overflows. Additionally, if it is unable
to split a string, it will give up gracefully and not crash the
core or cause a thread to run away.

This patch fixes two bugs. The first is garbage characters caused
by accidentally splitting the string in the middle of a multibyte
character. Since the new code splits at a character level instead
of a byte level, this will no longer be an issue. The second is
the core crash caused by sending an overlength CTCP query ("/me")
containing only multibyte characters. This bug was caused by the
old CTCP splitter using the byte index from lastParamOverrun() as
a character index for a QString.

1d69ec1... by Marcus Eggenberger <email address hidden>

Shipping Mac OS X packages with SQL plugins

For core and mono builds, required SQL plugins are now automatically
included in the bundle. Since the core uses a flat package, it
requires a special qt.conf. Here, the Prefix is set to ../ as the
default Prefix on Mac OS points to the Contents direcotry of the
bundle, which does not exist in the flat package.

2a7d627... by Hannah von Reth

make quassel compile with qca enabled on qt5

6b2d80b... by Manuel Nickschas

Check for invalid input in encrypted buffers

The ECB Blowfish decryption function assumed that encrypted input would
always come in blocks of 12 characters, as specified. However, buggy
clients or annoying people may not adhere to that assumption, causing
the core to crash while trying to process the invalid base64 input.

With this commit we make sure that we're not overstepping the bounds of
the input string while decoding it; instead we bail out early and display
the original input. Fixes #1314.

Thanks to Tucos for finding that one!

accc6de... by Manuel Nickschas

Post-release version bump

5199111... by Manuel Nickschas

Bump version for release

c65e576... by Manuel Nickschas

Update ChangeLog