Bug 247379 - audio/mumble and audio/murmur: update to 1.3.1 (Fixed: Potential exploit in the OCB2 encryption (#4227))
Summary: audio/mumble and audio/murmur: update to 1.3.1 (Fixed: Potential exploit in t...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Mark Felder
URL: https://www.mumble.info/blog/mumble-1...
Keywords:
Depends on:
Blocks:
 
Reported: 2020-06-18 11:50 UTC by VVD
Modified: 2020-06-22 15:56 UTC (History)
0 users

See Also:
bugzilla: maintainer-feedback? (feld)
vvd: maintainer-feedback?


Attachments
audio/mumble update to 1.3.1 (Fixed: Potential exploit in the OCB2 encryption (#4227)) (3.17 KB, patch)
2020-06-18 11:50 UTC, VVD
vvd: maintainer-approval?
Details | Diff
audio/murmur update to 1.3.1 (Fixed: Potential exploit in the OCB2 encryption (#4227)) (871 bytes, patch)
2020-06-18 11:50 UTC, VVD
vvd: maintainer-approval?
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description VVD 2020-06-18 11:50:20 UTC
Created attachment 215734 [details]
audio/mumble update to 1.3.1 (Fixed: Potential exploit in the OCB2 encryption (#4227))

Tested on 12.1 amd64 - real usage, not just build.

Changes in this Version
Security
    Fixed: Potential exploit in the OCB2 encryption (#4227)

ICE
    Fixed: Added missing UserKDFIterations field to UserInfo => Prevents getRegistration() from failing with enumerator out of range error (#3835)

GRPC
    Fixed: Segmentation fault during murmur shutdown (#3938)

Client
    Fixed: Crash when using multiple monitors (#3756)
    FIxed: Don’t send empty message from clipboard via shortcut, if clipboard is empty (#3864)
    Fixed: Talking indicator being able to freeze to indicate talking when self-muted (#4006)
    Fixed: High CPU usage for update-check if update server not available (#4019)
    Fixed: DBus getCurrentUrl returning empty string when not in root-channel (#4029)
    Fixed: Small parts of whispering leaking out to normal talk (#4051)
    Fixed: Last audio frame of normal talking sent to last whisper target instead when using VoiceActivation (#4050)
    Fixed: LAN-icon not found in ConnectDialog (#4058)
    Improved: Set maximal vertical size for User Volume Adjustment dialog (#3801)
    Improved: Don’t send empty data to PulseAudio (#3316)
    Improved: Use the SRV resolved port for UDP connections (#3820)
    Improved: Manual Plugin UI (#3919)
    Improved: Don’t start Jack server by default (#3990)
    Improved: Overlay doesn’t hook into all other processes by default (#4041)
    Improved: Wait longer before disconnecting from a server due to unanswered Ping-messages (#4123)

Server
    Fixed: Possibility to circumvent max user-count in channel (#3880)
    Fixed: Rate-limit implementation susceptible to time-underflow (#4004)
    Fixed: OpenSSL error 140E0197 with Qt >= 5.12.2 (#4032)
    Fixed: VersionCheck for SQL for when to use the WAL feature (#4163)
    Fixed: Wrong database encoding that could lead to server-crash (#4220)
    Fixed: DB crash due to primary key violation (now performs “UPSERT” to avoid this) (#4105)
    Improved: The fields in the Version ProtoBuf message are now size-restricted in order to avoid attacks that can render another client unresponsive (#4101)
Comment 1 VVD 2020-06-18 11:50:57 UTC
Created attachment 215735 [details]
audio/murmur update to 1.3.1 (Fixed: Potential exploit in the OCB2 encryption (#4227))
Comment 2 commit-hook freebsd_committer 2020-06-18 15:36:48 UTC
A commit references this bug:

Author: feld
Date: Thu Jun 18 15:36:21 UTC 2020
New revision: 539549
URL: https://svnweb.freebsd.org/changeset/ports/539549

Log:
  audio/mumble: Update to 1.3.1

  Security
      Fixed: Potential exploit in the OCB2 encryption (#4227)

  ICE
      Fixed: Added missing UserKDFIterations field to UserInfo => Prevents getRegistration() from failing with enumerator out of range error (#3835)

  GRPC
      Fixed: Segmentation fault during murmur shutdown (#3938)

  Client
      Fixed: Crash when using multiple monitors (#3756)
      FIxed: Don?t send empty message from clipboard via shortcut, if clipboard is empty (#3864)
      Fixed: Talking indicator being able to freeze to indicate talking when self-muted (#4006)
      Fixed: High CPU usage for update-check if update server not available (#4019)
      Fixed: DBus getCurrentUrl returning empty string when not in root-channel (#4029)
      Fixed: Small parts of whispering leaking out to normal talk (#4051)
      Fixed: Last audio frame of normal talking sent to last whisper target instead when using VoiceActivation (#4050)
      Fixed: LAN-icon not found in ConnectDialog (#4058)
      Improved: Set maximal vertical size for User Volume Adjustment dialog (#3801)
      Improved: Don?t send empty data to PulseAudio (#3316)
      Improved: Use the SRV resolved port for UDP connections (#3820)
      Improved: Manual Plugin UI (#3919)
      Improved: Don?t start Jack server by default (#3990)
      Improved: Overlay doesn?t hook into all other processes by default (#4041)
      Improved: Wait longer before disconnecting from a server due to unanswered Ping-messages (#4123)

  PR:		247379
  MFH:		2020Q2

Changes:
  head/audio/mumble/Makefile
  head/audio/mumble/distinfo
Comment 3 VVD 2020-06-20 18:16:48 UTC
Commit, murmur, too, plz.
Comment 4 commit-hook freebsd_committer 2020-06-22 15:56:23 UTC
A commit references this bug:

Author: feld
Date: Mon Jun 22 15:55:24 UTC 2020
New revision: 539816
URL: https://svnweb.freebsd.org/changeset/ports/539816

Log:
  audio/murmur: Update to 1.3.1

  Changes in this Version
  Security
      Fixed: Potential exploit in the OCB2 encryption (#4227)

  ICE
      Fixed: Added missing UserKDFIterations field to UserInfo => Prevents getRegistration() from failing with enumerator out of range error (#3835)

  GRPC
      Fixed: Segmentation fault during murmur shutdown (#3938)

  Server
      Fixed: Possibility to circumvent max user-count in channel (#3880)
      Fixed: Rate-limit implementation susceptible to time-underflow (#4004)
      Fixed: OpenSSL error 140E0197 with Qt >= 5.12.2 (#4032)
      Fixed: VersionCheck for SQL for when to use the WAL feature (#4163)
      Fixed: Wrong database encoding that could lead to server-crash (#4220)
      Fixed: DB crash due to primary key violation (now performs ?UPSERT? to avoid this) (#4105)
      Improved: The fields in the Version ProtoBuf message are now size-restricted in order to avoid attacks that can render another client unresponsive (#4101)

  PR:		247379

Changes:
  head/audio/murmur/Makefile
  head/audio/murmur/distinfo