Re: Bug#682010: [mumble] Communication failures due to CELT codec library removal
On Tuesday, August 14, 2012 12:49:28, Ian Jackson wrote:
> Russ Allbery writes ("Re: Bug#682010: [mumble] Communication failures due to
CELT codec library removal"):
> > Ian Jackson <ijackson@chiark.greenend.org.uk> writes:
> > > We therefore recommend that:
> > >
> > > 13. The mumble maintainers, with appropriate help from other
> > >
> > > interested parties, should prepare an upload of mumble for wheezy
> > > with
> > >
> > > - embedded celt 0.7.1 enabled
> > > - no other version of celt enabled
> >
> > Why are we explicitly recommending that no other version be enabled? I
> > probably missed where that was part of the discussion.
>
> It's perhaps a rather obvious conclusion that I think everyone agrees
> on so hasn't been discussed extensively. My reasons are:
>
> Other mumble clients (the servers aren't relevant, as discussed)
> support celt 0.7.1 as a baseline so in practice that's what they'll
> end up using until opus is deployed. There may be minor improvements
> in newer versions of celt, or compatibility improvements with very old
> clients by supporting older versions of celt, but these are very
> marginal benefits.
>
> The downsides of supporting multiple versions of celt are pretty
> obvious: security bugs need backporting to n versions of celt rather
> than just one. And the user of such a client risks being exposed to
> security bugs which exist only in other celt versions which few other
> people are using and no-one is looking at.
>
> I hope someone will correct me if I'm wrong :-).
All the non-Debian versions of Mumble also ship CELT 0.11.0. There is no
2.0.0 version of CELT -- it seems Fedora and Magia for some reason rename the
CELT 0.11.0 file such that it shows up as 2.0.0 in Mumble. CELT 0.7.1 is a
hard requirement so it is sufficient to ship only it, so compatibility-wise
that's fine. There are two schools of thought on this:
a) CELT 0.11.0 is newer and might have fewer security issues, so it's
better for it to get used rather than 0.7.1
b) it's better to ship only one version of CELT to minimize security issues
overall, so shipping only 0.7.1 is better
I just finished putting a package together that does a) but haven't tested it
yet.
This is the "big test" that I was nearly finished with which incorporates
other distributions.
=============================================================================
Extra
Celt Celt
Distro version (mumble version) 0.7.1 Vers.† Opus Interop Loopback
-----------------------------------------|-----|------|----|-------|--------|
*Mint Debian 201204 (1.2.3-3) | ✓ | | | ✓ | ✓ |
*Linux Mint 13 (1.2.3-2ubuntu4) | ✓ | | | ✓ | ✓ |
*Ubuntu 12.04 (1.2.3-2ubuntu4) | ✓ | | | ✓ | ✓ |
Mageia 2 (1.2.3-2.mga2) [3]| | 2.0.0| | | [1] |
Fedora 17 (1.2.3-7.fc17.1) | ✓ | 2.0.0| | ✓ | ✓ |
openSUSE 12.1 (1.2.3-10.3.1) | ✓ |0.11.0| | ✓ | ✓ |
*Debian Sid (1.2.3-349-g315b5f5-2) | | | ✓ | | ? |
*Debian Wheezy (1.2.3-348-g317f5a0-1) [8]| ✓ | | | ✓ | ✓ |
*Debian Squeeze (1.2.2-6+squeeze1) [8]| ✓ | | | ✓ | ✓ |
Arch Linux 2012-08-04 (1.2.3-5) | ✓ |0.11.0| | ✓ | [1] |
*Ultimate 3.4 (1.2.3-2ubuntu4) | ✓ | | | ✓ | [2] |
*Lubuntu 12.04 (1.2.3-2ubuntu4) | ✓ | | | ✓ | [2] |
*Pear Linux 5 (1.2.3-2ubuntu4) | ✓ | | | ✓ | ✓ |
Sabayon Linux 9 (1.2.3-r2~0) | ✓ |0.11.0| | ✓ | [1] |
*Zorin OS 6 (1.2.3-2ubuntu4) | ✓ | | | ✓ | ✓ |
Chakra 2012.07 (1.2.3-3) | ✓ |0.11.0| | ✓ | ✓ |
*Bodhi 2.0.1 (1.2.3-2ubuntu4) | ✓ | | | ✓ | [1] |
*Snowlinux 2 "Ice" (1.2.2-6+squeeze1) | ✓ | | | ✓ | ✓ |
*Snowlinux 2 "Cream" (1.2.3-2ubuntu4) | ✓ | | | ✓ | ✓ |
Gentoo 12.1 (1.2.3-r2) [7]| ✓ |0.11.0| | [6] | [1] |
Vector Linux 7.0 (1.2.3-i586-2vl70) [5]| ✓ |0.11.0| | ✓ | ✓ |
*CrunchBang 10 (1.2.2-6+squeeze1) | ✓ | | | ✓ | ✓ |
*SolusOS Eveline 1.1 (1.2.3-3solus1) | ✓ | | | ✓ | ✓ |
*Knoppix 7.03 DVD (1.2.3-348-g317f5a0-1) | ✓ | | | ✓ | ✓ |
-----------------------------------------|-----|------|----|-------|--------|
*Debian Wheezy "348"-1.1 bundled-celt [8]| ✓ | | | ✓ | ✓ |
*Debian Wheezy "348"-1.1 celt-lib [8]| ✓ | | | ✓ | ✓ |
-----------------------------------------|-----|------|----|-------|--------|
CentOS 6.3 (not in disro)
Slacko Puppy 5.3.3 (not in distro)
*Lucid Puppy 5.2.8 (not in distro)
*PCLinuxOS 2012.02 (not in distro)
FreeBSD 9 (not in distro)
Slackware 13 (not in distro)
Fuduntu 2012.3 (not in distro)
* Distro is Debian-based
† Extra CELT version available as reported by Mumble
[1] Audio output did not work, so could not test server loopback
[2] Audio did function, but could not get audio output working in Mumble
[3] The bundled libcelt 0.7.1 in Magia 2 for Mumble has a known QA bug related
to library filename mangling, and is being worked on to restore its use.
https://bugs.mageia.org/show_bug.cgi?id=6581
[5] Mumble is only in the "testing" repository in Vector Linux
[6] Unable to fully test interoperability due to lack of working audio input.
Using the host version of Mumble to examine the connected Gentoo client
shows CELT 0.7.1 and 0.11.0 support, so the Gentoo client should be
interoperable.
[7] It took 3 full days to get a Gentoo base system and KDE4 installed using
the standard instructions, after which X wouldn't start; Mumble was tested
via ssh X forwarding without audio
[8] Both i386 and amd64 architectures tested
-- Chris
--
Chris Knadle
Chris.Knadle@coredump.us
Reply to: