[Bug 247379] audio/mumble and audio/murmur: update to 1.3.1 (Fixed: Potential exploit in the OCB2 encryption (#4227))

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Thu Jun 18 11:50:21 UTC 2020 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=247379

            Bug ID: 247379
           Summary: audio/mumble and audio/murmur: update to 1.3.1 (Fixed:
                    Potential exploit in the OCB2 encryption (#4227))
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
               URL: https://www.mumble.info/blog/mumble-1.3.1-release-anno
                    uncement/
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: feld at FreeBSD.org
          Reporter: vvd at unislabs.com
             Flags: maintainer-feedback?(feld at FreeBSD.org)
          Assignee: feld at FreeBSD.org
 Attachment #215734 maintainer-approval?
             Flags:
             Flags: maintainer-feedback?

Created attachment 215734
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=215734&action=edit
Update to 1.3.1 (Fixed: Potential exploit in the OCB2 encryption (#4227))

Tested on 12.1 amd64 - real usage, not just build.

Changes in this Version
Security
    Fixed: Potential exploit in the OCB2 encryption (#4227)

ICE
    Fixed: Added missing UserKDFIterations field to UserInfo => Prevents
getRegistration() from failing with enumerator out of range error (#3835)

GRPC
    Fixed: Segmentation fault during murmur shutdown (#3938)

Client
    Fixed: Crash when using multiple monitors (#3756)
    FIxed: Don’t send empty message from clipboard via shortcut, if clipboard
is empty (#3864)
    Fixed: Talking indicator being able to freeze to indicate talking when
self-muted (#4006)
    Fixed: High CPU usage for update-check if update server not available
(#4019)
    Fixed: DBus getCurrentUrl returning empty string when not in root-channel
(#4029)
    Fixed: Small parts of whispering leaking out to normal talk (#4051)
    Fixed: Last audio frame of normal talking sent to last whisper target
instead when using VoiceActivation (#4050)
    Fixed: LAN-icon not found in ConnectDialog (#4058)
    Improved: Set maximal vertical size for User Volume Adjustment dialog
(#3801)
    Improved: Don’t send empty data to PulseAudio (#3316)
    Improved: Use the SRV resolved port for UDP connections (#3820)
    Improved: Manual Plugin UI (#3919)
    Improved: Don’t start Jack server by default (#3990)
    Improved: Overlay doesn’t hook into all other processes by default (#4041)
    Improved: Wait longer before disconnecting from a server due to unanswered
Ping-messages (#4123)

Server
    Fixed: Possibility to circumvent max user-count in channel (#3880)
    Fixed: Rate-limit implementation susceptible to time-underflow (#4004)
    Fixed: OpenSSL error 140E0197 with Qt >= 5.12.2 (#4032)
    Fixed: VersionCheck for SQL for when to use the WAL feature (#4163)
    Fixed: Wrong database encoding that could lead to server-crash (#4220)
    Fixed: DB crash due to primary key violation (now performs “UPSERT” to
avoid this) (#4105)
    Improved: The fields in the Version ProtoBuf message are now
size-restricted in order to avoid attacks that can render another client
unresponsive (#4101)

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-ports-bugs mailing list