Bug 247379
| Summary: | audio/mumble and audio/murmur: update to 1.3.1 (Fixed: Potential exploit in the OCB2 encryption (#4227)) | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Vladimir Druzenko <vvd> | ||||||
| Component: | Individual Port(s) | Assignee: | Mark Felder <feld> | ||||||
| Status: | Closed FIXED | ||||||||
| Severity: | Affects Some People | Flags: | bugzilla:
maintainer-feedback?
(feld) vvd: maintainer-feedback? |
||||||
| Priority: | --- | ||||||||
| Version: | Latest | ||||||||
| Hardware: | Any | ||||||||
| OS: | Any | ||||||||
| URL: | https://www.mumble.info/blog/mumble-1.3.1-release-announcement/ | ||||||||
| Attachments: |
|
||||||||
Created attachment 215735 [details]
audio/murmur update to 1.3.1 (Fixed: Potential exploit in the OCB2 encryption (#4227))
A commit references this bug: Author: feld Date: Thu Jun 18 15:36:21 UTC 2020 New revision: 539549 URL: https://svnweb.freebsd.org/changeset/ports/539549 Log: audio/mumble: Update to 1.3.1 Security Fixed: Potential exploit in the OCB2 encryption (#4227) ICE Fixed: Added missing UserKDFIterations field to UserInfo => Prevents getRegistration() from failing with enumerator out of range error (#3835) GRPC Fixed: Segmentation fault during murmur shutdown (#3938) Client Fixed: Crash when using multiple monitors (#3756) FIxed: Don?t send empty message from clipboard via shortcut, if clipboard is empty (#3864) Fixed: Talking indicator being able to freeze to indicate talking when self-muted (#4006) Fixed: High CPU usage for update-check if update server not available (#4019) Fixed: DBus getCurrentUrl returning empty string when not in root-channel (#4029) Fixed: Small parts of whispering leaking out to normal talk (#4051) Fixed: Last audio frame of normal talking sent to last whisper target instead when using VoiceActivation (#4050) Fixed: LAN-icon not found in ConnectDialog (#4058) Improved: Set maximal vertical size for User Volume Adjustment dialog (#3801) Improved: Don?t send empty data to PulseAudio (#3316) Improved: Use the SRV resolved port for UDP connections (#3820) Improved: Manual Plugin UI (#3919) Improved: Don?t start Jack server by default (#3990) Improved: Overlay doesn?t hook into all other processes by default (#4041) Improved: Wait longer before disconnecting from a server due to unanswered Ping-messages (#4123) PR: 247379 MFH: 2020Q2 Changes: head/audio/mumble/Makefile head/audio/mumble/distinfo Commit, murmur, too, plz. A commit references this bug: Author: feld Date: Mon Jun 22 15:55:24 UTC 2020 New revision: 539816 URL: https://svnweb.freebsd.org/changeset/ports/539816 Log: audio/murmur: Update to 1.3.1 Changes in this Version Security Fixed: Potential exploit in the OCB2 encryption (#4227) ICE Fixed: Added missing UserKDFIterations field to UserInfo => Prevents getRegistration() from failing with enumerator out of range error (#3835) GRPC Fixed: Segmentation fault during murmur shutdown (#3938) Server Fixed: Possibility to circumvent max user-count in channel (#3880) Fixed: Rate-limit implementation susceptible to time-underflow (#4004) Fixed: OpenSSL error 140E0197 with Qt >= 5.12.2 (#4032) Fixed: VersionCheck for SQL for when to use the WAL feature (#4163) Fixed: Wrong database encoding that could lead to server-crash (#4220) Fixed: DB crash due to primary key violation (now performs ?UPSERT? to avoid this) (#4105) Improved: The fields in the Version ProtoBuf message are now size-restricted in order to avoid attacks that can render another client unresponsive (#4101) PR: 247379 Changes: head/audio/murmur/Makefile head/audio/murmur/distinfo |
Created attachment 215734 [details] audio/mumble update to 1.3.1 (Fixed: Potential exploit in the OCB2 encryption (#4227)) Tested on 12.1 amd64 - real usage, not just build. Changes in this Version Security Fixed: Potential exploit in the OCB2 encryption (#4227) ICE Fixed: Added missing UserKDFIterations field to UserInfo => Prevents getRegistration() from failing with enumerator out of range error (#3835) GRPC Fixed: Segmentation fault during murmur shutdown (#3938) Client Fixed: Crash when using multiple monitors (#3756) FIxed: Don’t send empty message from clipboard via shortcut, if clipboard is empty (#3864) Fixed: Talking indicator being able to freeze to indicate talking when self-muted (#4006) Fixed: High CPU usage for update-check if update server not available (#4019) Fixed: DBus getCurrentUrl returning empty string when not in root-channel (#4029) Fixed: Small parts of whispering leaking out to normal talk (#4051) Fixed: Last audio frame of normal talking sent to last whisper target instead when using VoiceActivation (#4050) Fixed: LAN-icon not found in ConnectDialog (#4058) Improved: Set maximal vertical size for User Volume Adjustment dialog (#3801) Improved: Don’t send empty data to PulseAudio (#3316) Improved: Use the SRV resolved port for UDP connections (#3820) Improved: Manual Plugin UI (#3919) Improved: Don’t start Jack server by default (#3990) Improved: Overlay doesn’t hook into all other processes by default (#4041) Improved: Wait longer before disconnecting from a server due to unanswered Ping-messages (#4123) Server Fixed: Possibility to circumvent max user-count in channel (#3880) Fixed: Rate-limit implementation susceptible to time-underflow (#4004) Fixed: OpenSSL error 140E0197 with Qt >= 5.12.2 (#4032) Fixed: VersionCheck for SQL for when to use the WAL feature (#4163) Fixed: Wrong database encoding that could lead to server-crash (#4220) Fixed: DB crash due to primary key violation (now performs “UPSERT” to avoid this) (#4105) Improved: The fields in the Version ProtoBuf message are now size-restricted in order to avoid attacks that can render another client unresponsive (#4101)