Package: mumble / 1.2.3-349-g315b5f5-2.2+deb7u2
Metadata
Package | Version | Patches format |
---|---|---|
mumble | 1.2.3-349-g315b5f5-2.2+deb7u2 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
02 reject with ip in log.diff | (download) |
src/murmur/Messages.cpp |
4 3 + 1 - 0 ! |
--- |
05 lsb description.diff | (download) |
scripts/murmur.init |
1 1 + 0 - 0 ! |
--- |
07 use embedded celt baseline | (download) |
main.pro |
3 2 + 1 - 0 ! |
--- |
10 use celt guard | (download) |
src/mumble/Audio.cpp |
6 6 + 0 - 0 ! |
--- |
15 fix noise in opus mode | (download) |
src/mumble/AudioOutputSpeech.cpp |
6 2 + 4 - 0 ! |
--- |
20 add opus threshold option | (download) |
scripts/murmur.ini |
4 4 + 0 - 0 ! |
--- |
25 add codec warnings | (download) |
src/murmur/Messages.cpp |
7 7 + 0 - 0 ! |
--- |
30 opengl | (download) |
overlay_gl/overlay_gl.pro |
2 1 + 1 - 0 ! |
libmumble needs to be linked against libgl |
Mumble SA 2014 001.patch | (download) |
src/mumble/AudioOutputSpeech.cpp |
7 7 + 0 - 0 ! |
fix denial-of-service vulnerability CVE-2014-0044: A malformed Opus voice packet sent to a Mumble client could trigger a NULL pointer dereference or an out-of-bounds array access, leading to a crash (Denial of Service). |
Mumble SA 2014 002.patch | (download) |
src/mumble/AudioOutputSpeech.cpp |
8 8 + 0 - 0 ! |
fix heap-based buffer overflow vulnerability CVE-2014-0045: A malformed Opus voice packet sent to a Mumble client could trigger a heap-based buffer overflow. This causes a client crash (Denial of Service) and can potentially be used to execute arbitrary code. |
Mumble SA 2014 005.patch | (download) |
src/mumble/Log.cpp |
153 106 + 47 - 0 ! |
--- |
Mumble SA 2014 006.patch | (download) |
src/mumble/ALSAAudio.cpp |
4 2 + 2 - 0 ! |
--- |
35 fix UDP socket initialization.diff | (download) |
src/murmur/Server.cpp |
9 6 + 3 - 0 ! |
if the source address of outgoing packets is not detected correctly, users connected to a mumble server cannot hear anyone speak until first activating and speaking through their mic. |
37 fix connect dialog hang dee463ef.diff | (download) |
src/bonjour/BonjourServiceResolver.cpp |
2 1 + 1 - 0 ! |
fix avahi libdns_sd deadlock in bounjour code bonjour: use Qt::AutoConnection for BonjourServiceResolver's QSocketNotifier slot. Using a QueuedConnection for the slot had the unpleasant side effect that the QSocketNotifier could have its activated() slot invoked even though no data was waiting to be read. In our case, this could cause a deadlock inside Avahi's libdns_sd compatibility library. I've settled on using Qt::AutoConnection to be consitent with the rest of the code base. The Bonjour code should always be invoked from the main thread, so in this case Qt::AutoConnection will always mean Qt::DirectConnection. Why does this happen? Qt seems to process events before invoking queued slot invocations. If the Qt event loop finds that the file descriptor that our QSocketNotifier is providing notification for is ready for reading, it queues up an invocation of the activated() slot for the next event loop iteration (because we use a QueuedConnection). As mentioned above, because Qt seems to poll() FDs before invoking queued-up slots, the end result is that an invocation of the activated() slot for a given QSocketNotifier's file descriptor can be queued up in the very same event loop iteration that a read() is performed for the exact same file descriptor. After performing the read(), the queued-up activated() slot invocation is no longer valid, and can wreak havoc, which in our case causes a deadlock in the Avahi libdns_sd code. The flow below describes the event loop iterations in more detail: 1st event loop iteration |