Execute initDbSession() on DB reconnects
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
quassel (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Trusty |
Fix Released
|
Undecided
|
Steve Beattie | ||
Utopic |
Fix Released
|
Undecided
|
Steve Beattie | ||
Vivid |
Fix Released
|
Undecided
|
Unassigned | ||
Wily |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Bug fixed in 0.12.2 is an old CVE that re-occurred:
Previously, the initDbSession() function would only be run on the
initial connect. Since the initDbSession() code in PostgreSQL is
used to fix the CVE-2013-4422 SQL Injection bug, this means that
Quassel was still vulnerable to that CVE if the PostgreSQL server
is restarted or the connection is lost at any point while Quassel
is running.
This bug also causes the Qt5 psql timezone fix to stop working
after a reconnect.
The fix is to disable Qt's automatic reconnecting, check the
connection status ourselves, and reconnect if necessary, executing
the initDbSession() function afterward.
https:/
TEST CASE:
15:22 < mamarley> Yeah, restart PostgreSQL and do something that will cause backlog messages to be recorded. Then, restart the quasselclient and make sure those backlog messages have the correct timestamp.
description: | updated |
Changed in quassel (Ubuntu Trusty): | |
status: | New → In Progress |
Changed in quassel (Ubuntu Utopic): | |
status: | New → In Progress |
Changed in quassel (Ubuntu Trusty): | |
assignee: | nobody → Steve Beattie (sbeattie) |
Changed in quassel (Ubuntu Utopic): | |
assignee: | nobody → Steve Beattie (sbeattie) |
It also Remove warning on startup due to a change in Kdelibs4ConfigM igrator by moving the code to the right place