Skip to content
Permalink
Tag: 1.2.7
Commits on Jun 14, 2014
  1. Update changelog

    mkrautz committed Jun 14, 2014
Commits on Jun 12, 2014
Commits on Jun 11, 2014
Commits on Jun 10, 2014
Commits on Jun 5, 2014
  1. Bump version to 1.2.7

    mkrautz committed Jun 5, 2014
Commits on May 13, 2014
  1. Update changelog

    mkrautz committed May 13, 2014
  2. Bump version to 1.2.6

    mkrautz committed May 13, 2014
  3. mumble: fix Mumble-SA-2014-006.

    mkrautz committed May 13, 2014
    Usernames and channel names were not properly HTML-escaped
    when used in Qt widgets that are rich-text enabled.
    
    This commit fixes that, but also touches various other
    similar cases where an escaped version is appropriate.
    
    This commit is based on the following commits from the
    master branch (Mumble 1.3.0):
    
      b7d9387
      1caaec7
      a0ebded
      c52dedc
      1f6ddaf
      73a1a98
      d58990c
      b6e17ca
      9837c4d
      17fa695
      d9ff1e9
    
    Special thanks to Tim Cooper for various of the above
    patches.
  4. mumble: fix Mumble-SA-2014-005.

    mkrautz committed May 13, 2014
    Qt's SVG image plugin is not safe to use with potentially
    unsafe SVGs, such as those downloaded over the network.
    
    More specifically, it is possible to trigger local file
    access via Qt's SVG renderer using SVG features such as XML
    stylesheets (XSL) and SVG image tags, and potentially other
    features. This allows an attacker to have Qt read arbitrary
    files into the memory space of the Mumble process.
    
    This makes it easy to perform a Denial of Service attack
    against a Mumble client. A client DoS can be accomplished
    by serving it an SVG file that refers to a filesystem path
    that is un-ending or is known to block under certain
    circumstances.
    
    Having arbitrary files read into the Mumble process could
    potentially also be abused by an attacker to gain access
    to the content of the files, if combined with an (as of
    yet unknown) vulnerability that allows the attacker to
    read Mumble's memory.
    
    To fix the issue, this change removes SVG as a supported
    image format for all externally received images. This
    includes things such as text messages, user comments,
    channel comments and user textures/avatars. It also removes
    the ability to transmit SVGs using any of the aforementioned
    channels.
    
    This is accomplished by introducing a new class called
    RichTextImage. The RichTextImage class is used, via its
    isValidImage() method, to validate images before they are used
    in a rich text context in Mumble. In its current form, the
    isValidImage() method simply checks whether the image's format
    is part of the set of image formats that are deemed safe
    (PNG, JPG, GIF).
    
    The LogDocument class, which is the QTextDocument that backs
    the Mumble log view, undergoes the following changes:
    
     - LogDocument now restricts images loaded via QNetworkRequest
       and QNetworkReply to those that pass the
       RichTextImage::isValidImage() check.
     - Resources that use the data:// scheme are now loaded via
       QNetworkRequest and QNetworkReply, just like http:// and
       https:// URLs. This allows all resources to make use of
       LogDocument's new image format restrictions.
     - The functionality of the ValidDocument class, a subclass
       of LogDocument that was used to validate HTML snippets,
       is now part of LogDocument itself. The original
       ValidDocument class has been removed.
    
    The RichTextEditor class is used to author text messages
    and user comments. The RichTextEditor is changed to use
    a LogDocument instead of a regular QTextDocument as its
    backing document. This allows the RichTextEditor to benefit
    from LogDocument's new image filtering functionality.
    
    The static method Log::validHtml is used to validate
    HTML before using it in various contexts such as the Mumble
    log view and tooltips. This method is modified to use the
    LogDocument class instead of the ValidDocument class.
    A call to documentLayout() on the LogDocument is also
    added to the method. This ensures that image loading
    (and thus validation) is performed.
    
    The MainWindow::openImageFile() method is re-worked to
    sniff and validate a selected image using
    RichTextImage::isValidImage to ensure that only valid
    rich text images can be selected, regardless of file
    extension.
    
    The Overlay::verifyTexture() method is used to verify and
    set a ClientUser's texture and texture format, either by
    reading it from the local cache, or by reqesting a new
    texture from the server. This method is changed to only
    verify and set textures that pass the
    RichTextImage::isValidImage() check.
    
    The ServerHandler::setUserTexture() method (also known as
    ServerHandler::setTexture() in some 1.2.x versions of Mumble)
    is changed to only allow settings textures that pass the
    RichTextImage::isValidImage() check.
    
    Thanks to Tim Cooper for reporting this issue, proposing an
    initial patch and reviewing the final patch. This commit has
    also been reviewed and iterated upon by Stefan Hacker.
Commits on Jan 31, 2014
  1. Update changelog

    mkrautz committed Jan 31, 2014
  2. Bump version to 1.2.5

    mkrautz committed Jan 31, 2014
Commits on Jun 1, 2013
  1. Update changelog

    hacst committed Jun 1, 2013
  2. Server::sendMessage: encode the source IP of outgoing UDP packets to …

    mkrautz committed May 31, 2013
    …match the UDP socket's address family.
    
    Murmur uses the saiTcpLocalAddress field of ServerUser to determine
    the correct source address of outgoing UDP packets. On some systems,
    such as multi-homed setups, this is important for correct datagram
    delivery.
    
    The saiTcpLocalAddress field is initialized when the client first
    connects. Its value is extracted from QHostAddress, and then
    converted to a sockaddr struct via our own HostAddress class's
    toSockAddr method.
    
    HostAddress::toSockAddr is implemented such that any IPv4 address
    (including IPv4-mapped IPv6 addresses) will always cause a sockaddr
    struct belonging to the AF_INET (IPv4) family to be output. Pure IPv6
    addresses will be output as an AF_INET6 sockaddr.
    
    The code that this change touches assumed that it could use the
    value of saiTcpLocalAddress directly as the source address in UDP
    packets.
    
    This is not always the case. On most systems, Murmur will listen on
    [::]:64738 by default, and as such, the address of the server's UDP
    socket will be in the AF_INET6 family. Attempting to send packets
    with a source address in the AF_INET family using that socket will
    cause sendmsg() to return EINVAL on some systems, if not all.
    
    The new code for the sendmsg() code path converts the ServerUser's
    saiTcpLocalAddress back into a HostAddress, which, internally, is
    fully IPv6. If the input address is IPv4, HostAddress will convert
    it to an IPv4-mapped IPv6 address.
    
    When the client's UDP socket is of the AF_INET6 family, we can now
    trust that the HostAddress, 'tcpha', is either a real IPv6 address,
    or an IPv4-mapped IPv6 address. This allows us to use the 'tcpha'
    address regardless of the address family of the saiTcpLocalAddress.
    We can simply memcpy it in place.
    
    When the UDP socket is of the AF_INET family, we can only set the
    source address if the saiTcpLocalAddress is also AF_INET, or if
    it is of the AF_INET6 family and its address is an IPv4-mapped IPv6
    address. When a pure IPv6 address is encountered in that path, it is
    simply dropped.
Commits on May 11, 2013
  1. Minor fix in pl translation

    Zuko authored and hacst committed Feb 20, 2013
Commits on Mar 28, 2013
Commits on Mar 27, 2013
  1. Ensure that the MAX macro is always defined.

    gagern authored and mkrautz committed Mar 18, 2013
    On some systems, none of the (directly or indirectly) included headers does
    provide that macro. First reported in https://bugs.gentoo.org/460524
Commits on Mar 19, 2013
Commits on Feb 2, 2013
Commits on Jan 27, 2013
  1. ConfigDialogDelegate: return fully standalone NSImage in QIcon_to_Aut…

    mkrautz committed Jan 27, 2013
    …oreleasedNSImage.
    
    QPixmap::toMacCGImageRef seemingly returns an NSImage that is still backed
    by the QPixmap. With semantics like that, our usage doesn't make much sense.
    
    For now, use the private QtGui symbol qt_mac_create_nsimage() to create
    a fully standalone NSImage.
Commits on Jan 20, 2013
  1. BF3 PA plugin update: fixed one value

    bogie authored and hacst committed Jan 19, 2013
  2. Fix mumble_ol.dll not being versioned under windows.

    hacst committed Jan 16, 2013
    * Low impact fix for RC. Directly set VERSION in overlay.pro
    * Currently the version is set multiple times
      in different .pro/pri files. This should be refactored to come from
      a single .pri file (similar to /macx/common.pri) used in all locations.
    * Should probably use an RC file to be able to set more information
  3. mklic.pl run to update in-client license display

    hacst committed Jan 15, 2013
    * Nonfunctional change
Commits on Jan 15, 2013
  1. Update changelog and LICENSE file.

    hacst committed Jan 15, 2013
    * Nonfunctional commit
Commits on Jan 14, 2013
  1. Default disable hide in tray also for Windows 8

    hacst committed Jan 14, 2013
    * Can't use os_win.cpp versioning code as global settings singleton
      is initialized before os_init() routine populates variables.
    * For now went with the option with least code impact. This should
      be revisited after release.
Commits on Jan 13, 2013
  1. Introduce concept of NULL plugin to retract plugins.

    hacst committed Jan 11, 2013
    * NULL plugins have a shortname of L"Retracted" which excludes them
      from being listed as a plugin in Mumble >= 1.2.4
    * NULL plugins are valid plugins that always return false on trylock
      so Mumble <= 1.2.3 gets behavior close to what recent Mumble has.
    * NULL css, dods, tf2 and hl2dm plugins as they have been replaced by link support in the source engine.
Older
You can’t perform that action at this time.