diff options
author | GoliathLabs | 2020-05-13 20:30:52 +0200 |
---|---|---|
committer | GoliathLabs | 2020-05-13 20:30:52 +0200 |
commit | 6c857cb27a2f261c031775369bd5681d3e6e44bb (patch) | |
tree | 8c1e765b5416d2a6bb4a43b258286a6ce4f7c056 | |
parent | c488010bc18e43d0e2a7c40f03219af9838e75cf (diff) | |
download | aur-murmur-snapshot-ice.tar.gz |
Updated: 1.3.1-rc1
-rw-r--r-- | .SRCINFO | 36 | ||||
-rw-r--r-- | PKGBUILD | 91 | ||||
-rw-r--r-- | a48aea18b6c7ee534cd21f7febfe253e31b33eda.patch | 42 | ||||
-rw-r--r-- | murmur.dbus.conf | 22 | ||||
-rw-r--r-- | murmur.install | 11 | ||||
-rw-r--r-- | murmur.service | 15 | ||||
-rw-r--r-- | murmur.sysusers | 3 | ||||
-rw-r--r-- | murmur.tmpfiles | 2 | ||||
-rw-r--r-- | murmur.tmpfilesd | 1 |
9 files changed, 163 insertions, 60 deletions
@@ -1,6 +1,6 @@ pkgbase = murmur-snapshot-ice - pkgdesc = The voice chat application server for Mumble (development snapshot) - pkgver = 1.3.0_rc2 + pkgdesc = The voice chat application server for Mumble (snapshot) + pkgver = 1.3.1_rc1 pkgrel = 1 epoch = 1 url = https://wiki.mumble.info/wiki/ @@ -8,10 +8,19 @@ pkgbase = murmur-snapshot-ice arch = i686 arch = x86_64 arch = armv7h + arch = aarch64 license = BSD makedepends = boost makedepends = python - depends = protobuf + makedepends = qt5-tools + depends = avahi + depends = gcc-libs + depends = glibc + depends = grpc + depends = libcap + depends = libprotobuf.so + depends = lsb-release + depends = openssl depends = qt5-base depends = zeroc-ice provides = murmur @@ -19,17 +28,22 @@ pkgbase = murmur-snapshot-ice conflicts = murmur-static conflicts = murmur-ice conflicts = murmur-snapshot-noice - options = emptydirs backup = etc/murmur.ini - source = https://dl.mumble.info/mumble-1.3.0-rc2.tar.gz - source = https://dl.mumble.info/mumble-1.3.0-rc2.tar.gz.sig - source = murmur.tmpfilesd + source = https://dl.mumble.info/mumble-1.3.1-rc1.tar.gz + source = https://dl.mumble.info/mumble-1.3.1-rc1.tar.gz.sig + source = a48aea18b6c7ee534cd21f7febfe253e31b33eda.patch + source = murmur.dbus.conf + source = murmur.service source = murmur.sysusers + source = murmur.tmpfiles validpgpkeys = 56D0B23AE00B1EE9A8BAAC0F5B8CF87BB893449B - sha256sums = 258643a73997dc192ec9cc1175a55082e432ae21e4283bef27ffa331e85a0380 - sha256sums = SKIP - sha256sums = 25bf2dbd7574459724b4621fb93c09484dc7520297fa1d0f247a19b592d8cb8e - sha256sums = ff58059e77eb73a5c9ad8eb4ad8d8d7c865f3ae1fb6cb236a729f742da95d83d + sha512sums = b05533545aaecb24f403f1876b8b1eb771d39724b1a4db65776cfbc09419b81f4c1017ec99aad7f0e4b5d16e6962d72817467e7a3dec628b4a9b66ab8de555cc + sha512sums = SKIP + sha512sums = 2f379e355227e37f2d23d984d3a59779e3b7a2206865db8c9e4c9cb4eba563ca468744d862e29892919d8d2798576d2e011c658b48ca0acdde63e8a5cc577119 + sha512sums = 97c7effdddec324e40195c36ef4927950a5de26d2ee2d268d89df6fb547207bbbe30292773316cae6f57ec9923244f205fb0edc377b798771ba7385e3c11d86a + sha512sums = 2059eeac32cc078168a2ea56fe3034df69814516303adeffb8062c7b90a88177a536e6a6742196ee90370084d4e536f825b1744f8bed2bb704159a8a8bccb606 + sha512sums = 5af28d0c2b2b072cfbd500b5f63549e88a86cf3fc15e4d2df89e787c4d2bafdecbe078a518e0d1b25d82f9873cb06838ec1c9ebed625ffb7e8c80fcd942ebf74 + sha512sums = 411784e8e0dcf6c163780ae895ae1a6bdad0bb2dd2b128911c484ac3eff073d95c5791b625493a2b8296d24bd7e6ac72d3c42180817e48b29f0c6a8fd841807c pkgname = murmur-snapshot-ice @@ -1,4 +1,5 @@ -# Maintainer: Giovanni Harting <539@idlegandalf.com> +# Maintainer: Felix Golatofski <contact@xdfr.de> +# Contributor: Giovanni Harting <539@idlegandalf.com> # Contributor: Felix Singer # Contributor: Lari Tikkanen <lartza@wippies.com> # Contributor: Sven-Hendrik Haase <sh@lutzhaase.com> @@ -6,59 +7,71 @@ # Contributor: Malte Rabenseifner <malte@zearan.de> pkgname=murmur-snapshot-ice -pkgver=1.3.0_rc2 -_dirname=1.3.0 +_pkgname=murmur +pkgver=1.3.1_rc1 +_pkgver=1.3.1 pkgrel=1 epoch=1 -pkgdesc="The voice chat application server for Mumble (development snapshot)" -arch=('i686' 'x86_64' 'armv7h') +pkgdesc="The voice chat application server for Mumble (snapshot)" +arch=('i686' 'x86_64' 'armv7h' 'aarch64') url="https://wiki.mumble.info/wiki/" license=('BSD') -depends=('protobuf' 'qt5-base' 'zeroc-ice') -makedepends=('boost' 'python') +depends=('avahi' 'gcc-libs' 'glibc' 'grpc' 'libcap' 'libprotobuf.so' +'lsb-release' 'openssl' 'qt5-base' 'zeroc-ice') +makedepends=('boost' 'python' 'qt5-tools') conflicts=('murmur' 'murmur-static' 'murmur-ice' 'murmur-snapshot-noice') provides=('murmur') backup=("etc/murmur.ini") -install=murmur.install +install="murmur.install" #source=("https://dl.mumble.info/mumble-${pkgver//_/\~}~snapshot.tar.gz"{,.sig} # git snapshots source=("https://dl.mumble.info/mumble-${pkgver//_/-}.tar.gz"{,.sig} - murmur.tmpfilesd - murmur.sysusers) -sha256sums=('258643a73997dc192ec9cc1175a55082e432ae21e4283bef27ffa331e85a0380' + a48aea18b6c7ee534cd21f7febfe253e31b33eda.patch + "murmur.dbus.conf" + "murmur.service" + "murmur.sysusers" + "murmur.tmpfiles") +sha512sums=('b05533545aaecb24f403f1876b8b1eb771d39724b1a4db65776cfbc09419b81f4c1017ec99aad7f0e4b5d16e6962d72817467e7a3dec628b4a9b66ab8de555cc' 'SKIP' - '25bf2dbd7574459724b4621fb93c09484dc7520297fa1d0f247a19b592d8cb8e' - 'ff58059e77eb73a5c9ad8eb4ad8d8d7c865f3ae1fb6cb236a729f742da95d83d') -validpgpkeys=('56D0B23AE00B1EE9A8BAAC0F5B8CF87BB893449B') -options=('emptydirs') + '2f379e355227e37f2d23d984d3a59779e3b7a2206865db8c9e4c9cb4eba563ca468744d862e29892919d8d2798576d2e011c658b48ca0acdde63e8a5cc577119' + '97c7effdddec324e40195c36ef4927950a5de26d2ee2d268d89df6fb547207bbbe30292773316cae6f57ec9923244f205fb0edc377b798771ba7385e3c11d86a' + '2059eeac32cc078168a2ea56fe3034df69814516303adeffb8062c7b90a88177a536e6a6742196ee90370084d4e536f825b1744f8bed2bb704159a8a8bccb606' + '5af28d0c2b2b072cfbd500b5f63549e88a86cf3fc15e4d2df89e787c4d2bafdecbe078a518e0d1b25d82f9873cb06838ec1c9ebed625ffb7e8c80fcd942ebf74' + '411784e8e0dcf6c163780ae895ae1a6bdad0bb2dd2b128911c484ac3eff073d95c5791b625493a2b8296d24bd7e6ac72d3c42180817e48b29f0c6a8fd841807c') +validpgpkeys=('56D0B23AE00B1EE9A8BAAC0F5B8CF87BB893449B') # Mumble Automatic Build Infrastructure 2019 <mumble-auto-build-2019@mumble.info> -build() { - cd $srcdir/mumble-${_dirname} +prepare() { + mv -v ${srcdir}/"${_pkgname}-${pkgver}" ${srcdir}/"${pkgname}-${pkgver}" + cd ${srcdir}/"${pkgname}-${pkgver}" + # setting default configuration + sed -e "1i; vi:ft=cfg" \ + -e "s|database=|database=/var/db/murmur/murmur.sqlite|" \ + -e "s|;logfile=murmur.log|logfile=|" \ + -e "s|;uname=|uname=murmur|" \ + -i scripts/murmur.ini - qmake-qt5 main.pro CONFIG+="no-client no-bonjour optimize" - make release + # See https://github.com/mumble-voip/mumble/pull/4032 + patch -Np1 -i "$srcdir"/a48aea18b6c7ee534cd21f7febfe253e31b33eda.patch } -package() { - cd $srcdir/mumble-${_dirname} +build() { + cd $srcdir/mumble-${_pkgver} - sed -e "1i# vi:ft=cfg" \ - -e "s|database=|database=/var/lib/murmur/murmur.sqlite|" \ - -e "s|;logfile=murmur.log|logfile=|" \ - -e "s|;uname=|uname=murmur|" \ - -e "s|;pidfile=|pidfile=/run/murmur/murmur.pid|" \ - -i scripts/murmur.ini + qmake-qt5 main.pro CONFIG+="no-client grpc" + make release +} - sed -e "s|<policy user=\"mumble-server\">|<policy user=\"murmur\">|" -i scripts/murmur.conf +package() { + cd $srcdir/mumble-${_pkgver} - install -dm755 ${pkgdir}/var/lib/murmur - install -Dm755 release/murmurd ${pkgdir}/usr/bin/murmurd - install -Dm644 scripts/murmur.ini ${pkgdir}/etc/murmur.ini - install -Dm644 scripts/murmur.conf ${pkgdir}/etc/dbus-1/system.d/murmur.conf - install -Dm644 README ${pkgdir}/usr/share/doc/murmur/README - install -Dm644 man/murmurd.1 ${pkgdir}/usr/share/man/man1/murmurd.1 - install -Dm644 scripts/murmur.service ${pkgdir}/usr/lib/systemd/system/murmur.service - install -Dm644 LICENSE ${pkgdir}/usr/share/licenses/${pkgname}/LICENSE - install -Dm644 src/murmur/Murmur.ice ${pkgdir}/usr/share/murmur/Murmur.ice - install -Dm644 ${srcdir}/murmur.tmpfilesd ${pkgdir}/usr/lib/tmpfiles.d/murmur.conf - install -Dm644 ${srcdir}/murmur.sysusers ${pkgdir}/usr/lib/sysusers.d/murmur.conf + # murmur has no install target: https://github.com/mumble-voip/mumble/issues/1029 + install -vDm 755 release/murmurd -t "${pkgdir}"/usr/bin + install -vDm 640 scripts/murmur.ini -t "${pkgdir}"/etc + install -vDm 644 "${srcdir}"/murmur.dbus.conf "${pkgdir}"/usr/share/dbus-1/system.d/murmur.conf + install -vDm 644 README -t "${pkgdir}/usr/share/doc/${pkgname}" + install -vDm 644 man/murmur*.1 -t "${pkgdir}/usr/share/man/man1/" + install -vDm 644 "${srcdir}"/murmur.service -t "${pkgdir}/usr/lib/systemd/system/" + install -vDm 644 LICENSE -t "${pkgdir}/usr/share/licenses/${pkgname}" + install -vDm 644 "${srcdir}"/murmur.sysusers "${pkgdir}/usr/lib/sysusers.d/${pkgname}.conf" + install -vDm 644 "${srcdir}"/murmur.tmpfiles "${pkgdir}/usr/lib/tmpfiles.d/${pkgname}.conf" + install -vDm 644 src/murmur/{Murmur.ice,MurmurRPC.proto} -t "${pkgdir}/usr/share/${pkgname}" } diff --git a/a48aea18b6c7ee534cd21f7febfe253e31b33eda.patch b/a48aea18b6c7ee534cd21f7febfe253e31b33eda.patch new file mode 100644 index 000000000000..69e6d5a0dbf5 --- /dev/null +++ b/a48aea18b6c7ee534cd21f7febfe253e31b33eda.patch @@ -0,0 +1,42 @@ +From a48aea18b6c7ee534cd21f7febfe253e31b33eda Mon Sep 17 00:00:00 2001 +From: Davide Beatrici <git@davidebeatrici.dev> +Date: Sat, 4 Apr 2020 07:48:46 +0200 +Subject: [PATCH] src/murmur/Server.cpp: implement workaround for critical + QSslSocket issue + +A severe bug was introduced in qt/qtbase@93a803a6de27d9eb57931c431b5f3d074914f693: q_SSL_shutdown() causes Qt to emit "error()" from unrelated QSslSocket(s), in addition to the correct one. + +The issue causes Server::connectionClosed() to disconnect random authenticated clients. + +The workaround consists in ignoring a specific OpenSSL error: +"Error while reading: error:140E0197:SSL routines:SSL_shutdown:shutdown while in init [20]" + +Definitely not ideal, but it fixes a critical vulnerability. Details on how to trigger it are deliberately omitted. +--- + src/murmur/Server.cpp | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/src/murmur/Server.cpp b/src/murmur/Server.cpp +index cac75e4fea..055ad96d95 100644 +--- a/src/murmur/Server.cpp ++++ b/src/murmur/Server.cpp +@@ -1422,6 +1422,19 @@ void Server::sslError(const QList<QSslError> &errors) { + } + + void Server::connectionClosed(QAbstractSocket::SocketError err, const QString &reason) { ++ if (reason.contains(QLatin1String("140E0197"))) { ++ // A severe bug was introduced in qt/qtbase@93a803a6de27d9eb57931c431b5f3d074914f693. ++ // q_SSL_shutdown() causes Qt to emit "error()" from unrelated QSslSocket(s), in addition to the correct one. ++ // The issue causes this function to disconnect random authenticated clients. ++ // ++ // The workaround consists in ignoring a specific OpenSSL error: ++ // "Error while reading: error:140E0197:SSL routines:SSL_shutdown:shutdown while in init [20]" ++ // ++ // Definitely not ideal, but it fixes a critical vulnerability. ++ qWarning("Ignored OpenSSL error 140E0197 for %p", sender()); ++ return; ++ } ++ + Connection *c = qobject_cast<Connection *>(sender()); + if (! c) + return; diff --git a/murmur.dbus.conf b/murmur.dbus.conf new file mode 100644 index 000000000000..cf937d7b1224 --- /dev/null +++ b/murmur.dbus.conf @@ -0,0 +1,22 @@ +<!-- vi: set ft=xml: --> +<!-- + As described in http://mumble.sourceforge.net/DBus, + but with different username +--> +<!DOCTYPE busconfig PUBLIC + "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" + "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> +<busconfig> + + <policy user="murmur"> + <allow own="net.sourceforge.mumble.murmur"/> + </policy> + <policy user="root"> + <allow own="net.sourceforge.mumble.murmur"/> + </policy> + + <policy context="default"> + <allow send_destination="net.sourceforge.mumble.murmur"/> + <allow receive_sender="net.sourceforge.mumble.murmur"/> + </policy> +</busconfig> diff --git a/murmur.install b/murmur.install index fcc2a80d8744..b9e1eb1f5055 100644 --- a/murmur.install +++ b/murmur.install @@ -1,9 +1,6 @@ post_install() { - post_upgrade + echo "You might have to reload dbus before launching murmur:" + echo " systemctl reload dbus" + echo "Don't forget to set the superuser password:" + echo " murmurd -ini /etc/murmur.ini -supw <your-password>" } - -post_upgrade() { - # Fix permissions on necessary directories - chown murmur.murmur /var/lib/murmur /run/murmur -} - diff --git a/murmur.service b/murmur.service new file mode 100644 index 000000000000..71814aad1e7b --- /dev/null +++ b/murmur.service @@ -0,0 +1,15 @@ +[Unit] +Description=Mumble Daemon +After=network.target + +[Service] +Type=simple +ExecStart=/usr/bin/murmurd -ini /etc/murmur.ini -fg +Restart=always +PrivateDevices=true +PrivateTmp=true +ProtectSystem=full +ProtectHome=true + +[Install] +WantedBy=multi-user.target diff --git a/murmur.sysusers b/murmur.sysusers index d372879bcf31..9e9558da9b30 100644 --- a/murmur.sysusers +++ b/murmur.sysusers @@ -1,2 +1 @@ -u murmur - "Murmur voice server" /var/lib/murmur - +u murmur 122 "Murmur User" /var/db/murmur diff --git a/murmur.tmpfiles b/murmur.tmpfiles new file mode 100644 index 000000000000..cf1c4dc8a69b --- /dev/null +++ b/murmur.tmpfiles @@ -0,0 +1,2 @@ +z /etc/murmur.ini 0640 root murmur +d /var/db/murmur 0750 murmur murmur - diff --git a/murmur.tmpfilesd b/murmur.tmpfilesd deleted file mode 100644 index 5a789b2fb0c7..000000000000 --- a/murmur.tmpfilesd +++ /dev/null @@ -1 +0,0 @@ -d /run/murmur 0755 murmur murmur - |