Hello community, here is the log from the commit of package mumble for openSUSE:Factory checked in at 2014-02-11 11:30:05 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mumble (Old) and /work/SRC/openSUSE:Factory/.mumble.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mumble" Changes: -------- --- /work/SRC/openSUSE:Factory/mumble/mumble.changes 2014-01-23 15:49:49.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.mumble.new/mumble.changes 2014-02-11 11:30:06.000000000 +0100 @@ -1,0 +2,6 @@ +Thu Feb 6 13:30:52 UTC 2014 - lnus...@suse.de + +- new version 1.2.5 fixes security issues (CVE-2014-0044, CVE-2014-0045, + bnc#862527) + +------------------------------------------------------------------- Old: ---- mumble-1.2.4.tar.gz mumble-1.2.4.tar.gz.sig New: ---- mumble-1.2.5.tar.gz mumble-1.2.5.tar.gz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mumble.spec ++++++ --- /var/tmp/diff_new_pack.xrgmKO/_old 2014-02-11 11:30:07.000000000 +0100 +++ /var/tmp/diff_new_pack.xrgmKO/_new 2014-02-11 11:30:07.000000000 +0100 @@ -102,7 +102,7 @@ %if %{with pulseaudio} BuildRequires: pulseaudio-devel %endif -Version: 1.2.4%{?snapshot:_%snapshot} +Version: 1.2.5%{?snapshot:_%snapshot} Release: 0 %if 0%{!?snapshot:1} Source: http://downloads.sourceforge.net/project/mumble/Mumble/%{version}/mumble-%{version}.tar.gz ++++++ mumble-1.2.4.tar.gz -> mumble-1.2.5.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mumble-1.2.4/CHANGES new/mumble-1.2.5/CHANGES --- old/mumble-1.2.4/CHANGES 2013-06-01 23:16:29.000000000 +0200 +++ new/mumble-1.2.5/CHANGES 2014-02-01 00:01:49.000000000 +0100 @@ -1,3 +1,13 @@ +2014-01-31 + Mikkel Krautz <mik...@krautz.dk> + 269e93e mumble: fix Mumble-SA-2014-002 (CVE-2014-0045). + 7e31c32 mumble: fix Mumble-SA-2014-001 (CVE-2014-0044). + f5ebe9d Bump version to 1.2.5 + +2013-06-01 + Stefan Hacker <d...@users.sourceforge.net> + 5ff038e Update changelog + 2013-05-31 Mikkel Krautz <mik...@krautz.dk> aab9cdc Server::sendMessage: encode the source IP of outgoing UDP diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mumble-1.2.4/g15helper/g15helper.plist new/mumble-1.2.5/g15helper/g15helper.plist --- old/mumble-1.2.4/g15helper/g15helper.plist 2013-06-01 23:16:30.000000000 +0200 +++ new/mumble-1.2.5/g15helper/g15helper.plist 2014-02-01 00:01:49.000000000 +0100 @@ -13,7 +13,7 @@ <key>CFBundleSignature</key> <string>G15H</string> <key>CFBundleVersion</key> - <string>1.2.4</string> + <string>1.2.5</string> <key>NSHumanReadableCopyright</key> <string>Copyright (c) 2009 Mikkel Krautz <mik...@krautz.dk></string> </dict> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mumble-1.2.4/g15helper/g15helper.rc new/mumble-1.2.5/g15helper/g15helper.rc --- old/mumble-1.2.4/g15helper/g15helper.rc 2013-06-01 23:16:30.000000000 +0200 +++ new/mumble-1.2.5/g15helper/g15helper.rc 2014-02-01 00:01:49.000000000 +0100 @@ -15,8 +15,8 @@ #endif VS_VERSION_INFO VERSIONINFO - FILEVERSION 1,2,4,0 - PRODUCTVERSION 1,2,4,0 + FILEVERSION 1,2,5,0 + PRODUCTVERSION 1,2,5,0 FILEFLAGSMASK VS_FFI_FILEFLAGSMASK FILEFLAGS (VER_DEBUG|VER_RELEASE) FILEOS VOS_NT_WINDOWS32 @@ -29,8 +29,8 @@ BEGIN VALUE "CompanyName", "Mikkel Krautz" VALUE "FileDescription", "Mumble G15 LCD Helper" - VALUE "FileVersion", "1.2.4" - VALUE "ProductVersion", "1.2.4" + VALUE "FileVersion", "1.2.5" + VALUE "ProductVersion", "1.2.5" VALUE "LegalCopyright", "Copyright (C) 2008-2011, Mikkel Krautz <mik...@krautz.dk>" VALUE "OriginalFilename", "mumble-g15-helper.exe" VALUE "ProductName", "Mumble G15 LCD Helper" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mumble-1.2.4/macx/common.pri new/mumble-1.2.5/macx/common.pri --- old/mumble-1.2.4/macx/common.pri 2013-06-01 23:16:30.000000000 +0200 +++ new/mumble-1.2.5/macx/common.pri 2014-02-01 00:01:49.000000000 +0100 @@ -1,6 +1,6 @@ # Common OSX overlay settings. -VERSION = 1.2.4 +VERSION = 1.2.5 DEFINES *= VERSION=\\\"$$VERSION\\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mumble-1.2.4/macx/osax/osax.plist new/mumble-1.2.5/macx/osax/osax.plist --- old/mumble-1.2.4/macx/osax/osax.plist 2013-06-01 23:16:30.000000000 +0200 +++ new/mumble-1.2.5/macx/osax/osax.plist 2014-02-01 00:01:49.000000000 +0100 @@ -13,7 +13,7 @@ <key>CFBundlePackageType</key> <string>osax</string> <key>CFbundleVersion</key> - <string>1.2.4</string> + <string>1.2.5</string> <key>CFBundleSignature</key> <string>MUOL</string> <key>CSResourcesFileMapped</key> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mumble-1.2.4/overlay/overlay.pro new/mumble-1.2.5/overlay/overlay.pro --- old/mumble-1.2.4/overlay/overlay.pro 2013-06-01 23:16:31.000000000 +0200 +++ new/mumble-1.2.5/overlay/overlay.pro 2014-02-01 00:01:49.000000000 +0100 @@ -1,6 +1,6 @@ include (../compiler.pri) -VERSION = 1.2.4 +VERSION = 1.2.5 TARGET_EXT = .dll TEMPLATE = lib CONFIG -= qt diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mumble-1.2.4/overlay_gl/overlay_gl.pro new/mumble-1.2.5/overlay_gl/overlay_gl.pro --- old/mumble-1.2.4/overlay_gl/overlay_gl.pro 2013-06-01 23:16:31.000000000 +0200 +++ new/mumble-1.2.5/overlay_gl/overlay_gl.pro 2014-02-01 00:01:49.000000000 +0100 @@ -5,7 +5,7 @@ CONFIG -= qt CONFIG *= debug_and_release TARGET = mumble$(TARGET_ADD) -VERSION = 1.2.4 +VERSION = 1.2.5 SOURCES = overlay.c LIBS *= -lrt -ldl QMAKE_CFLAGS *= -fvisibility=hidden $(CFLAGS_ADD) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mumble-1.2.4/src/Version.h new/mumble-1.2.5/src/Version.h --- old/mumble-1.2.4/src/Version.h 2013-06-01 23:16:31.000000000 +0200 +++ new/mumble-1.2.5/src/Version.h 2014-02-01 00:01:49.000000000 +0100 @@ -36,7 +36,7 @@ #define MUMTEXT(X) MUMXTEXT(X) #ifndef MUMBLE_VERSION -#define MUMBLE_VERSION 1.2.4 +#define MUMBLE_VERSION 1.2.5 #endif #ifndef MUMBLE_VERSION #define MUMBLE_RELEASE "Compiled " __DATE__ " " __TIME__ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mumble-1.2.4/src/mumble/AudioOutputSpeech.cpp new/mumble-1.2.5/src/mumble/AudioOutputSpeech.cpp --- old/mumble-1.2.4/src/mumble/AudioOutputSpeech.cpp 2013-06-01 23:16:31.000000000 +0200 +++ new/mumble-1.2.5/src/mumble/AudioOutputSpeech.cpp 2014-02-01 00:01:49.000000000 +0100 @@ -148,8 +148,15 @@ int size; pds >> size; size &= 0x1fff; + if (size == 0) { + return; + } const QByteArray &qba = pds.dataBlock(size); + if (size != qba.size() || !pds.isValid()) { + return; + } + const unsigned char *packet = reinterpret_cast<const unsigned char*>(qba.constData()); #ifdef USE_OPUS @@ -335,6 +342,10 @@ pOut, iAudioBufferSize, 0); + if (decodedSamples < 0) { + decodedSamples = iFrameSize; + memset(pOut, 0, iFrameSize * sizeof(float)); + } #endif } else { if (qba.isEmpty()) { @@ -384,6 +395,10 @@ } else if (umtType == MessageHandler::UDPVoiceOpus) { #ifdef USE_OPUS decodedSamples = opus_decode_float(opusState, NULL, 0, pOut, iFrameSize, 0); + if (decodedSamples < 0) { + decodedSamples = iFrameSize; + memset(pOut, 0, iFrameSize * sizeof(float)); + } #endif } else { speex_decode(dsSpeex, NULL, pOut); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mumble-1.2.4/src/mumble/mumble.plist new/mumble-1.2.5/src/mumble/mumble.plist --- old/mumble-1.2.4/src/mumble/mumble.plist 2013-06-01 23:16:32.000000000 +0200 +++ new/mumble-1.2.5/src/mumble/mumble.plist 2014-02-01 00:01:49.000000000 +0100 @@ -26,7 +26,7 @@ </dict> </array> <key>CFBundleVersion</key> - <string>1.2.4</string> + <string>1.2.5</string> <key>NSHumanReadableCopyright</key> <string>Copyright (c) 2005-2010 Thorvald Natvig <sli...@users.sourceforge.net></string> </dict> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mumble-1.2.4/src/mumble/mumble.rc new/mumble-1.2.5/src/mumble/mumble.rc --- old/mumble-1.2.4/src/mumble/mumble.rc 2013-06-01 23:16:32.000000000 +0200 +++ new/mumble-1.2.5/src/mumble/mumble.rc 2014-02-01 00:01:49.000000000 +0100 @@ -15,8 +15,8 @@ #endif VS_VERSION_INFO VERSIONINFO - FILEVERSION 1,2,4,0 - PRODUCTVERSION 1,2,4,0 + FILEVERSION 1,2,5,0 + PRODUCTVERSION 1,2,5,0 FILEFLAGSMASK VS_FFI_FILEFLAGSMASK FILEFLAGS (VER_DEBUG|VER_RELEASE) FILEOS VOS_NT_WINDOWS32 @@ -29,8 +29,8 @@ BEGIN VALUE "CompanyName", "Thorvald Natvig" VALUE "FileDescription", "Mumble - Low-latency VoIP client" - VALUE "FileVersion", "1.2.4" - VALUE "ProductVersion", "1.2.4" + VALUE "FileVersion", "1.2.5" + VALUE "ProductVersion", "1.2.5" VALUE "LegalCopyright", "Copyright (C) 2005-2011, Thorvald Natvig <thorv...@natvig.com>" VALUE "OriginalFilename", "mumble.exe" VALUE "ProductName", "Mumble" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mumble-1.2.4/src/mumble.pri new/mumble-1.2.5/src/mumble.pri --- old/mumble-1.2.4/src/mumble.pri 2013-06-01 23:16:31.000000000 +0200 +++ new/mumble-1.2.5/src/mumble.pri 2014-02-01 00:01:49.000000000 +0100 @@ -1,6 +1,6 @@ include(../compiler.pri) -VERSION = 1.2.4 +VERSION = 1.2.5 DIST = mumble.pri Message.h PacketDataStream.h CryptState.h Timer.h Version.h OSInfo.h SSL.h Mumble.proto CONFIG += qt thread debug_and_release warn_on DEFINES *= MUMBLE_VERSION_STRING=$$VERSION diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mumble-1.2.4/src/murmur/murmur.plist new/mumble-1.2.5/src/murmur/murmur.plist --- old/mumble-1.2.4/src/murmur/murmur.plist 2013-06-01 23:16:32.000000000 +0200 +++ new/mumble-1.2.5/src/murmur/murmur.plist 2014-02-01 00:01:49.000000000 +0100 @@ -13,7 +13,7 @@ <key>CFBundleSignature</key> <string>MMUR</string> <key>CFBundleVersion</key> - <string>1.2.4</string> + <string>1.2.5</string> <key>NSHumanReadableCopyright</key> <string>Copyright (c) 2005-2010 Thorvald Natvig <sli...@users.sourceforge.net></string> </dict> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mumble-1.2.4/src/murmur/murmur.rc new/mumble-1.2.5/src/murmur/murmur.rc --- old/mumble-1.2.4/src/murmur/murmur.rc 2013-06-01 23:16:32.000000000 +0200 +++ new/mumble-1.2.5/src/murmur/murmur.rc 2014-02-01 00:01:49.000000000 +0100 @@ -15,8 +15,8 @@ #endif VS_VERSION_INFO VERSIONINFO - FILEVERSION 1,2,4,0 - PRODUCTVERSION 1,2,4,0 + FILEVERSION 1,2,5,0 + PRODUCTVERSION 1,2,5,0 FILEFLAGSMASK VS_FFI_FILEFLAGSMASK FILEFLAGS (VER_DEBUG|VER_RELEASE) FILEOS VOS_NT_WINDOWS32 @@ -29,8 +29,8 @@ BEGIN VALUE "CompanyName", "Thorvald Natvig" VALUE "FileDescription", "Murmur - Low-latency VoIP server" - VALUE "FileVersion", "1.2.4" - VALUE "ProductVersion", "1.2.4" + VALUE "FileVersion", "1.2.5" + VALUE "ProductVersion", "1.2.5" VALUE "LegalCopyright", "Copyright (C) 2005-2011, Thorvald Natvig <thorv...@natvig.com>" VALUE "OriginalFilename", "murmur.exe" VALUE "ProductName", "Mumble" ++++++ mumble.keyring ++++++ --- /var/tmp/diff_new_pack.xrgmKO/_old 2014-02-11 11:30:08.000000000 +0100 +++ /var/tmp/diff_new_pack.xrgmKO/_new 2014-02-11 11:30:08.000000000 +0100 @@ -54,3 +54,60 @@ rnrf =6bYp -----END PGP PUBLIC KEY BLOCK----- +pub 4096R/5FEF3A9A 2014-01-04 [verfällt: 2015-01-01] +uid Mumble Automatic Build Infrastructure 2014 <mumble-auto-build-2...@mumbleapp.com> +sub 4096R/04DA1296 2014-01-04 [verfällt: 2015-01-01] + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2.0.22 (GNU/Linux) + +mQINBFLICloBEAC17u37yBz5L/uyyfp5FQQq+Sx7PIm1zhoeFeuc8w7I6mY2C5Lq +6pVc6xsWvLpaNlGAXWvRRYp0UHT2zgJWnA1g43L29kN5CUBviPOLvjvwpc5guOwX +dBp+N9lWX7UVnDz8HGAUhiKZeC9Yza/v44jAObLKwWwRHOcmUTaCrR9p9YLT0Mqh +jlWPZvlsDzc+w0BMr4IzjIhSOoH+QDbbMdJU20ZmnYGz7vwpeVnQn9bJ3bLezog6 +pdRVidQnR9x4w3nELTElIVqmJ/aHHby2q/7pBb6FN91g9ljW2cavEw61BIgaou7C +kg7Qqz0d9s32nO6UA3X69vHVF3eIq0BPII0ttHoX+jqRJABX9cSf91QT1Q70+sMy +plmA05fRh2rsouZRIJ6q/b2soHWyqFZul/mKb7f67UsT8jvb2WnZuGFemaON+rl1 +qUfMarXX321FuDKFgHW0OBKEIxMppje7B7pk7ugbhAV3R7um/0M4oGX7QnqJEJ+3 +e3W6TSyhMTW1sr7kRzsqSlXrOZvCHbHsHirRh1V0FJCNvxygDGaJNRQ9I5iVrMDL +cd5pXvqbdrJFKY17OqoSFGDcdnn7MdxN01RvZrDWJvAYJY8o3PChcmCHZuRWE3A5 +BXAjdHJOW/9gr5u6uA0eU150aPLVNGItACNNrJrijVYJCSI+8VDDojEKpQARAQAB +tFFNdW1ibGUgQXV0b21hdGljIEJ1aWxkIEluZnJhc3RydWN0dXJlIDIwMTQgPG11 +bWJsZS1hdXRvLWJ1aWxkLTIwMTRAbXVtYmxlYXBwLmNvbT6JAj0EEwEKACcFAlLI +CloCGwMFCQHdPwAFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQrdARBF/vOppY +tw/+JvzwJvTz1f6kaa84N0QhUuYgHt2jhQTWNH5fBgtFZE4HkgKHL+Z+nHyaY0cr +xBRgqxtuscTiwy09yjegmnNBnXtou/3hF7w7oVd7LPO8g1MFVCkWxFIZsHdqwUhT +T9Qdxv/xGug3S8dDJOTFzeiupC9dRYI7PcaZrbDLWh2XcAB2cf8gRZ49UVVmBSWS +N9cD5B+WqRVfevtXnf+JB3NStFNfmCfCf+jgjswcdz0UZCUgF8j2gdHHfCGgPlnA +Khv0q/DPltQpm9vpQn+DPTsBKCJKkSI2w/lbYDNPT87W0yvOO4j4J8eauApR27tl +dvpVWtWUjHCrA3oT8CCcHDj+pS02bnMPlhN1GpxVHqhzXAZGc7T8lGE7i2YkqaQN +uIJ7jUOipHVUSEmNa+sYyARJFXBotT07JKJZlRM23cJ+3anUM1It28TI+gimH9j0 +Mj8drw+jIgtBHUIgFYZ1ZXBuwZ58Rxwccvqos3UgILgPH5FRLsR9DT/DXkkXjGSl +VuyCFuMBPwGoCXFEUgHUKHTzf4ugMJkZGBZOs7jve5d10kGIe8Z6Iv8e7ywOnnVP +mqKfh04gD8GE/+WQna35cymi0mGtROMZm2/kP727OIuakrGnNEHbM/QnNw8VT5yl +7l+73Qu0MtCZgVaTIUyHGmoYxFi3YOnus/etVGSphPOVeKG5Ag0EUsgKWgEQAOM1 +Sixki5/hKprC+QL1o0xe7Jezh2o7ZZgvBvQgwYrQ+yIZVMgviEZmzFzH0JZSZcRL +wDNyLcQi4uZG4KLpHlT2mdLKttjk7I/1YUIBX30cY0UZWIQ/1S++fjq4a/mWVb7G +vROYvjkg+4KVDGmteEY9QctA3577YPN6qWaqJ0RSP/weCvV03+f5y100Zk1rDfBa +i+78zkLStyZhoWiYqkfjVUiIRVH/bxTKXDKPdqCIhOMgGoaOL+xiUNKtwS0D/N+4 +eN61Y2q1NITDX7xeZEbMa1Ocz+RjkliiotoJmoeLritmSsjZFbv+BnT/0rdPYsao +9hvZcRCMKgRS7zudkCSp7NycF5qaQukhHIp2l7Ai+kAvOE1gHLVx+h5dTsAIl+yv +xuHPWdriNeTbuxO9qIX/xzMCpEbgu/k0o1BmU098ZuA19xDwByUmILu0IlRNNoRD +AXINWIdCDxcM1Xc9Nj7Nv6XCmt1Y7mQSrYkX32vFUtkzOovhQ0g7+s6znymu2cKs +70Xy3tOZmbf7WsgANxyrgZy5KJeSGFC6fie3WFHnMkd5XU9WTzZQNAvek/cLiSgo +g62MstXxrrdSLdY0O2oT/mTeN6tBpxHzBriK5GAJcXY4TCGWt6cNO6eCTOmMURRy +QoGVQ+X+Oc5avT/15sGIqq1Ljw8J81w1EeTDsOohABEBAAGJAiUEGAEKAA8FAlLI +CloCGwwFCQHdPwAACgkQrdARBF/vOppLJBAAsrJXnv8tCwmSVpkj+Y4uE1GiWKx/ +KLs0iGXU7gXcwHCADIbXeNQPFP7dzHM+6+xZ8t8hVL3k8Ud8TC1Lu1YsQ+XCSCSf +IJLyNgWTMKlhz4pngCKN7KLCOEgmCYBFQaPYlfbIH2oyMwkDLq89nyBlYuLC0dHN +ibnGu1STKFjtBUB6W07AYR5/sPfmryhbOZ68OXOpGcXFO6FEh6rThIgU11I2I/D5 +JDTFQx/Ow/kcHNjRj0z7P8yztxir8+igGNAjEwz/cutukNDJgDcbaEOY58MhVeES +re1pR1ohTyqgzJLHh5Is3EegIdIUgVgA4kpKnz4ktLZw6RYDW/H16Bv/03cQwqGm +Icv1D/cCFbaEi7LeLzaGlkFbol6Ae4zDYuiFIwCmMxrN6nhajXE3ozAt0idWuiDK +H2Dg3EcOjL4dfp/b4xySHOE6fVc8IPWGwx5Dlt7yRp0jugFKXHpbW3d9sdTktCir +atI52jQvCYxmMDFnnYyDplEvjI1wm40P1xfroRleNMqE1Y8ihKQHzFsmfr4df2vQ +gvpd2jsPveVKhjq72X5h3fE/a85HGdf2On2w6JXc4lwCYZv4WVRiwmvYVrUr4yUS +q5ykTqc/6JHe4+4st/himP8PEhj8yvTsBUMXPN6bBucSlly+0A55E3Zel3jDf4xC +cmrX2JaO1Vxpmng= +=Xrmg +-----END PGP PUBLIC KEY BLOCK----- -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org