The protobuf code creates lots of spurious warnings
throughout our compile which we can do nothing about.
This patch changes the way we integrate the generated
code in our build to work around this.
We now run protoc and generated code compilation as a seperate
mumble_proto target producing a static lib. This lib is then
linked by mumble and murmur.
The folder of this module is added to the include paths so
Mumble.pb.h is available. On Unix platforms a -isystem entry
is added for the directory.
The advantages of this approach is that we can disable warnings
for the compilation of this target like we do for 3rd party modules.
Additionally we no longer generate and compile the protobuf files
twice.
The ConfigDialog::apply function also re-initializes
the audio input by stopping it at is beginning and
restarting it at the end. The modal restart query dialog
blocked this audio restart leaving the user with no
audio until the dialog was dismissed. This patch moves
the query until after the audio restart to resolve this.
With this patch ConfigWidgets can set the new requireRestartToApply
variable to true to cause the ConfigDialog to ask the user wheter
he wants to restart to apply the settings immediatly. If the
user agrees we exit the event loop with the special
MUMBLE_EXIT_CODE_RESTART causing a relaunch of the client and
safe application of the new settings.
For some option changes a client restart is required
to fully apply the changes. This patch enabled Mumble
to restart itself. This is accomplished by adding a
special MUMBLE_EXIT_CODE_RESTART exit code that is
cought right before the application terminates. Mumble
then uses available session information to launch
another instance of itself right before it exits. As
this happens after the vast majority of cleanup multiple
client restrictions and other resource contention issues
do not come into play.
Launching another client deviates from the usually
recommended way of not exiting the process but simply
doing a re-initialization of the application after the
cleanup. With Mumble this is tricky as we have some
objects for which we do not control the lifetime after
we initialized them once and others might be managed
sloppily as the design never expected to have to
re-initialize. We should strive to clean up these
weaknesses in resource management but for now the
approach taken here works around them.
We have had reports that a lot of users out of habit add
http:// or https:// schemas to server addresses when adding
a new server. This patch changes the ConnectDialogEdit to
drop schema and path components from server addresses if
present. This happens automatically when accepting the
dialog.
Applies the Qt 4 workaround in 3283ac2fdd
also to Qt versions before 5.3 as those have the same API restrictions
on the QSslChiper constructor. Unfortunately the Qt documentation
doesn't have the usual note about it having been added later which
made this slip through. This should fix our builds on trusty.
This patch fixes dual-stack UDP on Windows as well as for unsual
Linux configurations by ensuring the UDP sockets we create
inherit their IPV6_V6ONLY sockopt from their corresponding
TCP socket. Previously on systems where IPV6_V6ONLY was enabled
by default (e.g. Windows) we would incorrectly create an
IPv6 only socket even though our TCP socket and the system
are dual-stacked.
The dual-stack detection moved from Meta.h to Server.h into the
SslServer class where it is a better fit. Also modified the function
to instead of querying the value of IPV6_V6ONLY on a test socket
it now tries to actively disable it. While previously dual stack
support was only detected if it was the default configuration for
that system, it should now be detected in all cases. The function
also now performs the same check on Windows socket where the default
actually is to have IPV6_V6ONLY enabled.
If no host string is given murmur should listen for Ipv4 as
well as IPv6 address on all devices. Due to a semantics change
for requesting dual-stacked sockets between Qt 4 and Qt 5 we
accidentally requested an IPv6 only socket for dual-stacked
systems in Qt 5. This patch remedies that.
Fixes#1668
This commit bakes the MUMBLE_VERSION string into mumble.exe.
This version string is used to determine where to load mumble_app.dll
from, and what to consider the root directory for other binaries.
In pseudo code, if the path
${MUMBLE_EXE_DIRECTORY}\Versions\${MUMBLE_VERSION}
exists, the mumble.exe binary will use that as the root for loading
mumble_app.dll, and all further binaries.
If mumble.exe finds the aforementioned directory, it sets the
MUMBLE_VERSION_ROOT environment variable to signal which directory
to use as the "application root" directory for loading further
binaries.
This commit adds the 'sslCiphers' option to Murmur.
The 'sslCiphers' option is used to configure the list of advertised
TLS cipher suites. The option lives on Meta, so it is a server-wide
configuration, and cannot be configured on a per-virtual-server basis.
The 'sslCiphers' option uses the OpenSSL's cipher list format to
describe the cipher suite selection. For more information on this
format, see:
https://www.openssl.org/docs/apps/ciahers.html#CIPHER-LIST-FORMAT
This commit adds a new method to MumbleSSL that returns Mumble's
preferred cipher suites represented in the OpenSSL cipher list format.
This commit does not hook up the function to anything. It merely
implements it.
Previously, Mumble relied on OpenSSL's default cipher suites. However,
that decision has increasingly turned out to be unwise. Often, new TLS
vulnerabilities require server admins and users to be able to change the
cipher suites advertised by their software to help mitigate the damage.
This was not previously possible in Mumble.
The other thing that prompted this change is the Logjam TLS vulnerablity
(https://weakdh.org/, CVE-2015-4000). Mumble is not vulnerable to Logjam,
because Mumble has never allowed export grade DH groups. However, one of
the other key takeaways from the Logjam paper, "Imperfect Forward Secrecy:
How Diffie-Hellman Fails in Practice", is that the Internet community
should move towards DH groups bigger than 1024 bits, and preferably use
unique groups on a per-server basis. Unfortunately, neither of these two
solutions are possible with API that Qt provides for TLS.
To remedy this, we instead drop support for non-Elliptic Curve DH
in the default cipher configuration. We don't have any legacy clients
to support that can only use DH, so this is fine.
The OpenSSL cipher list in MumbleSSL::defaultOpenSSLCipherString()
evaluates to the following set of cipher suites, in order of preference:
ECDHE-RSA-AES256-GCM-SHA384 (TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)
ECDHE-ECDSA-AES256-GCM-SHA384 (TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384)
ECDHE-RSA-AES128-GCM-SHA256 (TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256)
ECDHE-ECDSA-AES128-GCM-SHA256 (TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
AES256-SHA (TLS_RSA_WITH_AES_256_CBC_SHA)
AES128-SHA (TLS_RSA_WITH_AES_128_CBC_SHA)
The CBC-mode cipher suites are included for backwards compatibility with
older 1.2.x Mumble clients and other implementations that only use
TLSv1.0.
This commit implements MumbleSSL::ciphersFromOpenSSLCipherString(),
which reads a string in OpenSSL's cipher list format and returns a list
of QSslCiphers for use with QSsl.
This function will be used for implementing user-configurable cipher
suites in Mumble and Murmur.
This commit also changes our precompiled headers slightly by rearranging
the OpenSSL includes. This is done because the ssl.h header on Windows
requires winsock2.h (and perhaps others). By moving the includes, we
ensure that winsock2.h is included.
Right now, we do not get PDB files for our overlay DLLs because
the overlay DLL PDB files share their name with the overlay helper
PDB files.
To avoid this madness, we rename the overlay helpers as follows:
mumble_ol.exe -> mumble_ol_helper.exe
mumble_ol_x64.exe -> mumble_ol_helper_x64.exe
We do not plan on using ICC to build mumble now or in the
foreseeable future. Hence this patch drops it.
It also removes some backwards compatibility code that
worked around bad C compatibility with VC10 mostly
related to math header usage.
Since ConnectDialog::accept calls are refused if no item is selected,
and the server last connected to is selected in ConnectDialog::timeTick
(after initialisation), it doesn't make sense for the Connect button
to be enabled before a server is selected.
If the XDG_RUNTIME_DIR environment variable is present the overlay
pipe and RPC socket will be created at..
$XDG_RUNTIME_DIR/MumbleSocket
$XDG_RUNTIME_DIR/MumbleOverlayPipe
Since we plan to drop Qt 4 support for building the client
soon'ish add an explicit 'qt4-legacy-compat' flag that has
to be set to still build the client with qt 4. If the flag
is not set we error out of the build to ensure the maintainer
has to actively aknowledge using a legacy version. Even
when the flag is set we still show a warning as a reminder.
Before this commit, Mumble indiscriminately attenuates applications.
A simple example: it would attenuate applications that were set to output
to HDMI -- something that wasn't always desirable. My HDMI wouldn't need
to be attenuated because I am able to physically distinguish between sound
coming from either my HDMI or my laptop and "tune in" accordingly.
A more advanced use case is my PulseAudio streaming setup. I create two
additional sinks: "stream" and "stream_spkr." The "stream" sink is used
when I want to send audio from an application to my stream but not to
my speakers/headset (i.e., background music or something). In this case,
before this commit Mumble would attenuate my program playing the
background music. If I am running Mumble off-stream (which I often am),
this leads the background music volume fluctuating for seemingly no reason.
The second sink, "stream_spkr" routes both to "stream" and my
speakers/headset via two module-loopbacks. In this way, anything I attach
to stream_spkr can be heard both by my viewers and myself.
The option to include attenuation on loopback modules is for advanced
configurations. Loopback modules are used to route audio, usually between
a sink monitor and a sink. Sometimes it might be beneficial to attenuate a
loopback module that goes into Mumble's sink. Sometimes, however it's
inconvenient such as in the case where a user moves an application to
another sink that uses a loopback to Mumble's sink in order to specifically
have Mumble ignore attenuation on that application. But, if the loopback
that carries the non-Mumble sink's audio back to Mumble's sink is attenuated
then there would still be indirect attenuation of that application. In my
configuration, an example is the loopback from stream_spkr.monitor to the
physical speakers.
Only PulseAusio is supported in this patch, but this functionality could
potentially be extended to other audio systems.
Murmur now uses Mumble's appcompat.manifest so it
can query and report its host operating system
correctly on Windows 10. Previously it reported
as Windows 8 on that platform.
The connect dialog has the capability to pre-fill itself from
mumble:// style URLs in the users clipboard. If those are not
given a custom ?title= argument the name was defaulted to the
host name which caused them to be considered custom by the
edit dialog. This patch resolves this issue.
Fixing the connect dialog after the Qt 5 transition wasn't
done correctly. The QUrlQuery class for parsing the url was
instantiated before the url itself was extracted from the
mime data and hence was always empty. This probably slipped
by as the query data is only used for setting the name of
the server item from the '?title=' part of the url.
This patch improves the usability of the connect dialog by
moving the server label to the bottom of the dialog and making
it track the hostname. This way the user gets a sensible default
while also being able to manually edit it afterwards.
Once the user edits the label it is seen as custom and will no
longer track the server address until the label field is
manually cleared by the user.
The speex library has been split into a codec part
(speex) and a dsp part (speex-dsp). As we still need
the codec for compatibility with 3rd party clients
only sending speex but still want the updates that
went into the dsp and codec since then this patch
modifies our build to enable that. To achieve that
we combined the two libraries back together. Doing
it this way might brittle but is only a temporary
solution until we can actually drop the codec part.
Setting Mumble's priority class higher than the games
is a bad behavior which can cause inconsistency for
input timing in games such as Team Fortress 2.