summarylogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.SRCINFO36
-rw-r--r--PKGBUILD91
-rw-r--r--a48aea18b6c7ee534cd21f7febfe253e31b33eda.patch42
-rw-r--r--murmur.dbus.conf22
-rw-r--r--murmur.install11
-rw-r--r--murmur.service15
-rw-r--r--murmur.sysusers3
-rw-r--r--murmur.tmpfiles2
-rw-r--r--murmur.tmpfilesd1
9 files changed, 163 insertions, 60 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 87fdafcd2f14..6fc0c537c16f 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,6 +1,6 @@
pkgbase = murmur-snapshot-ice
- pkgdesc = The voice chat application server for Mumble (development snapshot)
- pkgver = 1.3.0_rc2
+ pkgdesc = The voice chat application server for Mumble (snapshot)
+ pkgver = 1.3.1_rc1
pkgrel = 1
epoch = 1
url = https://wiki.mumble.info/wiki/
@@ -8,10 +8,19 @@ pkgbase = murmur-snapshot-ice
arch = i686
arch = x86_64
arch = armv7h
+ arch = aarch64
license = BSD
makedepends = boost
makedepends = python
- depends = protobuf
+ makedepends = qt5-tools
+ depends = avahi
+ depends = gcc-libs
+ depends = glibc
+ depends = grpc
+ depends = libcap
+ depends = libprotobuf.so
+ depends = lsb-release
+ depends = openssl
depends = qt5-base
depends = zeroc-ice
provides = murmur
@@ -19,17 +28,22 @@ pkgbase = murmur-snapshot-ice
conflicts = murmur-static
conflicts = murmur-ice
conflicts = murmur-snapshot-noice
- options = emptydirs
backup = etc/murmur.ini
- source = https://dl.mumble.info/mumble-1.3.0-rc2.tar.gz
- source = https://dl.mumble.info/mumble-1.3.0-rc2.tar.gz.sig
- source = murmur.tmpfilesd
+ source = https://dl.mumble.info/mumble-1.3.1-rc1.tar.gz
+ source = https://dl.mumble.info/mumble-1.3.1-rc1.tar.gz.sig
+ source = a48aea18b6c7ee534cd21f7febfe253e31b33eda.patch
+ source = murmur.dbus.conf
+ source = murmur.service
source = murmur.sysusers
+ source = murmur.tmpfiles
validpgpkeys = 56D0B23AE00B1EE9A8BAAC0F5B8CF87BB893449B
- sha256sums = 258643a73997dc192ec9cc1175a55082e432ae21e4283bef27ffa331e85a0380
- sha256sums = SKIP
- sha256sums = 25bf2dbd7574459724b4621fb93c09484dc7520297fa1d0f247a19b592d8cb8e
- sha256sums = ff58059e77eb73a5c9ad8eb4ad8d8d7c865f3ae1fb6cb236a729f742da95d83d
+ sha512sums = b05533545aaecb24f403f1876b8b1eb771d39724b1a4db65776cfbc09419b81f4c1017ec99aad7f0e4b5d16e6962d72817467e7a3dec628b4a9b66ab8de555cc
+ sha512sums = SKIP
+ sha512sums = 2f379e355227e37f2d23d984d3a59779e3b7a2206865db8c9e4c9cb4eba563ca468744d862e29892919d8d2798576d2e011c658b48ca0acdde63e8a5cc577119
+ sha512sums = 97c7effdddec324e40195c36ef4927950a5de26d2ee2d268d89df6fb547207bbbe30292773316cae6f57ec9923244f205fb0edc377b798771ba7385e3c11d86a
+ sha512sums = 2059eeac32cc078168a2ea56fe3034df69814516303adeffb8062c7b90a88177a536e6a6742196ee90370084d4e536f825b1744f8bed2bb704159a8a8bccb606
+ sha512sums = 5af28d0c2b2b072cfbd500b5f63549e88a86cf3fc15e4d2df89e787c4d2bafdecbe078a518e0d1b25d82f9873cb06838ec1c9ebed625ffb7e8c80fcd942ebf74
+ sha512sums = 411784e8e0dcf6c163780ae895ae1a6bdad0bb2dd2b128911c484ac3eff073d95c5791b625493a2b8296d24bd7e6ac72d3c42180817e48b29f0c6a8fd841807c
pkgname = murmur-snapshot-ice
diff --git a/PKGBUILD b/PKGBUILD
index 7b01fcfd79fa..ce041fb10f5e 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,4 +1,5 @@
-# Maintainer: Giovanni Harting <539@idlegandalf.com>
+# Maintainer: Felix Golatofski <contact@xdfr.de>
+# Contributor: Giovanni Harting <539@idlegandalf.com>
# Contributor: Felix Singer
# Contributor: Lari Tikkanen <lartza@wippies.com>
# Contributor: Sven-Hendrik Haase <sh@lutzhaase.com>
@@ -6,59 +7,71 @@
# Contributor: Malte Rabenseifner <malte@zearan.de>
pkgname=murmur-snapshot-ice
-pkgver=1.3.0_rc2
-_dirname=1.3.0
+_pkgname=murmur
+pkgver=1.3.1_rc1
+_pkgver=1.3.1
pkgrel=1
epoch=1
-pkgdesc="The voice chat application server for Mumble (development snapshot)"
-arch=('i686' 'x86_64' 'armv7h')
+pkgdesc="The voice chat application server for Mumble (snapshot)"
+arch=('i686' 'x86_64' 'armv7h' 'aarch64')
url="https://wiki.mumble.info/wiki/"
license=('BSD')
-depends=('protobuf' 'qt5-base' 'zeroc-ice')
-makedepends=('boost' 'python')
+depends=('avahi' 'gcc-libs' 'glibc' 'grpc' 'libcap' 'libprotobuf.so'
+'lsb-release' 'openssl' 'qt5-base' 'zeroc-ice')
+makedepends=('boost' 'python' 'qt5-tools')
conflicts=('murmur' 'murmur-static' 'murmur-ice' 'murmur-snapshot-noice')
provides=('murmur')
backup=("etc/murmur.ini")
-install=murmur.install
+install="murmur.install"
#source=("https://dl.mumble.info/mumble-${pkgver//_/\~}~snapshot.tar.gz"{,.sig} # git snapshots
source=("https://dl.mumble.info/mumble-${pkgver//_/-}.tar.gz"{,.sig}
- murmur.tmpfilesd
- murmur.sysusers)
-sha256sums=('258643a73997dc192ec9cc1175a55082e432ae21e4283bef27ffa331e85a0380'
+ a48aea18b6c7ee534cd21f7febfe253e31b33eda.patch
+ "murmur.dbus.conf"
+ "murmur.service"
+ "murmur.sysusers"
+ "murmur.tmpfiles")
+sha512sums=('b05533545aaecb24f403f1876b8b1eb771d39724b1a4db65776cfbc09419b81f4c1017ec99aad7f0e4b5d16e6962d72817467e7a3dec628b4a9b66ab8de555cc'
'SKIP'
- '25bf2dbd7574459724b4621fb93c09484dc7520297fa1d0f247a19b592d8cb8e'
- 'ff58059e77eb73a5c9ad8eb4ad8d8d7c865f3ae1fb6cb236a729f742da95d83d')
-validpgpkeys=('56D0B23AE00B1EE9A8BAAC0F5B8CF87BB893449B')
-options=('emptydirs')
+ '2f379e355227e37f2d23d984d3a59779e3b7a2206865db8c9e4c9cb4eba563ca468744d862e29892919d8d2798576d2e011c658b48ca0acdde63e8a5cc577119'
+ '97c7effdddec324e40195c36ef4927950a5de26d2ee2d268d89df6fb547207bbbe30292773316cae6f57ec9923244f205fb0edc377b798771ba7385e3c11d86a'
+ '2059eeac32cc078168a2ea56fe3034df69814516303adeffb8062c7b90a88177a536e6a6742196ee90370084d4e536f825b1744f8bed2bb704159a8a8bccb606'
+ '5af28d0c2b2b072cfbd500b5f63549e88a86cf3fc15e4d2df89e787c4d2bafdecbe078a518e0d1b25d82f9873cb06838ec1c9ebed625ffb7e8c80fcd942ebf74'
+ '411784e8e0dcf6c163780ae895ae1a6bdad0bb2dd2b128911c484ac3eff073d95c5791b625493a2b8296d24bd7e6ac72d3c42180817e48b29f0c6a8fd841807c')
+validpgpkeys=('56D0B23AE00B1EE9A8BAAC0F5B8CF87BB893449B') # Mumble Automatic Build Infrastructure 2019 <mumble-auto-build-2019@mumble.info>
-build() {
- cd $srcdir/mumble-${_dirname}
+prepare() {
+ mv -v ${srcdir}/"${_pkgname}-${pkgver}" ${srcdir}/"${pkgname}-${pkgver}"
+ cd ${srcdir}/"${pkgname}-${pkgver}"
+ # setting default configuration
+ sed -e "1i; vi:ft=cfg" \
+ -e "s|database=|database=/var/db/murmur/murmur.sqlite|" \
+ -e "s|;logfile=murmur.log|logfile=|" \
+ -e "s|;uname=|uname=murmur|" \
+ -i scripts/murmur.ini
- qmake-qt5 main.pro CONFIG+="no-client no-bonjour optimize"
- make release
+ # See https://github.com/mumble-voip/mumble/pull/4032
+ patch -Np1 -i "$srcdir"/a48aea18b6c7ee534cd21f7febfe253e31b33eda.patch
}
-package() {
- cd $srcdir/mumble-${_dirname}
+build() {
+ cd $srcdir/mumble-${_pkgver}
- sed -e "1i# vi:ft=cfg" \
- -e "s|database=|database=/var/lib/murmur/murmur.sqlite|" \
- -e "s|;logfile=murmur.log|logfile=|" \
- -e "s|;uname=|uname=murmur|" \
- -e "s|;pidfile=|pidfile=/run/murmur/murmur.pid|" \
- -i scripts/murmur.ini
+ qmake-qt5 main.pro CONFIG+="no-client grpc"
+ make release
+}
- sed -e "s|<policy user=\"mumble-server\">|<policy user=\"murmur\">|" -i scripts/murmur.conf
+package() {
+ cd $srcdir/mumble-${_pkgver}
- install -dm755 ${pkgdir}/var/lib/murmur
- install -Dm755 release/murmurd ${pkgdir}/usr/bin/murmurd
- install -Dm644 scripts/murmur.ini ${pkgdir}/etc/murmur.ini
- install -Dm644 scripts/murmur.conf ${pkgdir}/etc/dbus-1/system.d/murmur.conf
- install -Dm644 README ${pkgdir}/usr/share/doc/murmur/README
- install -Dm644 man/murmurd.1 ${pkgdir}/usr/share/man/man1/murmurd.1
- install -Dm644 scripts/murmur.service ${pkgdir}/usr/lib/systemd/system/murmur.service
- install -Dm644 LICENSE ${pkgdir}/usr/share/licenses/${pkgname}/LICENSE
- install -Dm644 src/murmur/Murmur.ice ${pkgdir}/usr/share/murmur/Murmur.ice
- install -Dm644 ${srcdir}/murmur.tmpfilesd ${pkgdir}/usr/lib/tmpfiles.d/murmur.conf
- install -Dm644 ${srcdir}/murmur.sysusers ${pkgdir}/usr/lib/sysusers.d/murmur.conf
+ # murmur has no install target: https://github.com/mumble-voip/mumble/issues/1029
+ install -vDm 755 release/murmurd -t "${pkgdir}"/usr/bin
+ install -vDm 640 scripts/murmur.ini -t "${pkgdir}"/etc
+ install -vDm 644 "${srcdir}"/murmur.dbus.conf "${pkgdir}"/usr/share/dbus-1/system.d/murmur.conf
+ install -vDm 644 README -t "${pkgdir}/usr/share/doc/${pkgname}"
+ install -vDm 644 man/murmur*.1 -t "${pkgdir}/usr/share/man/man1/"
+ install -vDm 644 "${srcdir}"/murmur.service -t "${pkgdir}/usr/lib/systemd/system/"
+ install -vDm 644 LICENSE -t "${pkgdir}/usr/share/licenses/${pkgname}"
+ install -vDm 644 "${srcdir}"/murmur.sysusers "${pkgdir}/usr/lib/sysusers.d/${pkgname}.conf"
+ install -vDm 644 "${srcdir}"/murmur.tmpfiles "${pkgdir}/usr/lib/tmpfiles.d/${pkgname}.conf"
+ install -vDm 644 src/murmur/{Murmur.ice,MurmurRPC.proto} -t "${pkgdir}/usr/share/${pkgname}"
}
diff --git a/a48aea18b6c7ee534cd21f7febfe253e31b33eda.patch b/a48aea18b6c7ee534cd21f7febfe253e31b33eda.patch
new file mode 100644
index 000000000000..69e6d5a0dbf5
--- /dev/null
+++ b/a48aea18b6c7ee534cd21f7febfe253e31b33eda.patch
@@ -0,0 +1,42 @@
+From a48aea18b6c7ee534cd21f7febfe253e31b33eda Mon Sep 17 00:00:00 2001
+From: Davide Beatrici <git@davidebeatrici.dev>
+Date: Sat, 4 Apr 2020 07:48:46 +0200
+Subject: [PATCH] src/murmur/Server.cpp: implement workaround for critical
+ QSslSocket issue
+
+A severe bug was introduced in qt/qtbase@93a803a6de27d9eb57931c431b5f3d074914f693: q_SSL_shutdown() causes Qt to emit "error()" from unrelated QSslSocket(s), in addition to the correct one.
+
+The issue causes Server::connectionClosed() to disconnect random authenticated clients.
+
+The workaround consists in ignoring a specific OpenSSL error:
+"Error while reading: error:140E0197:SSL routines:SSL_shutdown:shutdown while in init [20]"
+
+Definitely not ideal, but it fixes a critical vulnerability. Details on how to trigger it are deliberately omitted.
+---
+ src/murmur/Server.cpp | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/src/murmur/Server.cpp b/src/murmur/Server.cpp
+index cac75e4fea..055ad96d95 100644
+--- a/src/murmur/Server.cpp
++++ b/src/murmur/Server.cpp
+@@ -1422,6 +1422,19 @@ void Server::sslError(const QList<QSslError> &errors) {
+ }
+
+ void Server::connectionClosed(QAbstractSocket::SocketError err, const QString &reason) {
++ if (reason.contains(QLatin1String("140E0197"))) {
++ // A severe bug was introduced in qt/qtbase@93a803a6de27d9eb57931c431b5f3d074914f693.
++ // q_SSL_shutdown() causes Qt to emit "error()" from unrelated QSslSocket(s), in addition to the correct one.
++ // The issue causes this function to disconnect random authenticated clients.
++ //
++ // The workaround consists in ignoring a specific OpenSSL error:
++ // "Error while reading: error:140E0197:SSL routines:SSL_shutdown:shutdown while in init [20]"
++ //
++ // Definitely not ideal, but it fixes a critical vulnerability.
++ qWarning("Ignored OpenSSL error 140E0197 for %p", sender());
++ return;
++ }
++
+ Connection *c = qobject_cast<Connection *>(sender());
+ if (! c)
+ return;
diff --git a/murmur.dbus.conf b/murmur.dbus.conf
new file mode 100644
index 000000000000..cf937d7b1224
--- /dev/null
+++ b/murmur.dbus.conf
@@ -0,0 +1,22 @@
+<!-- vi: set ft=xml: -->
+<!--
+ As described in http://mumble.sourceforge.net/DBus,
+ but with different username
+-->
+<!DOCTYPE busconfig PUBLIC
+ "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+
+ <policy user="murmur">
+ <allow own="net.sourceforge.mumble.murmur"/>
+ </policy>
+ <policy user="root">
+ <allow own="net.sourceforge.mumble.murmur"/>
+ </policy>
+
+ <policy context="default">
+ <allow send_destination="net.sourceforge.mumble.murmur"/>
+ <allow receive_sender="net.sourceforge.mumble.murmur"/>
+ </policy>
+</busconfig>
diff --git a/murmur.install b/murmur.install
index fcc2a80d8744..b9e1eb1f5055 100644
--- a/murmur.install
+++ b/murmur.install
@@ -1,9 +1,6 @@
post_install() {
- post_upgrade
+ echo "You might have to reload dbus before launching murmur:"
+ echo " systemctl reload dbus"
+ echo "Don't forget to set the superuser password:"
+ echo " murmurd -ini /etc/murmur.ini -supw <your-password>"
}
-
-post_upgrade() {
- # Fix permissions on necessary directories
- chown murmur.murmur /var/lib/murmur /run/murmur
-}
-
diff --git a/murmur.service b/murmur.service
new file mode 100644
index 000000000000..71814aad1e7b
--- /dev/null
+++ b/murmur.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=Mumble Daemon
+After=network.target
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/murmurd -ini /etc/murmur.ini -fg
+Restart=always
+PrivateDevices=true
+PrivateTmp=true
+ProtectSystem=full
+ProtectHome=true
+
+[Install]
+WantedBy=multi-user.target
diff --git a/murmur.sysusers b/murmur.sysusers
index d372879bcf31..9e9558da9b30 100644
--- a/murmur.sysusers
+++ b/murmur.sysusers
@@ -1,2 +1 @@
-u murmur - "Murmur voice server" /var/lib/murmur
-
+u murmur 122 "Murmur User" /var/db/murmur
diff --git a/murmur.tmpfiles b/murmur.tmpfiles
new file mode 100644
index 000000000000..cf1c4dc8a69b
--- /dev/null
+++ b/murmur.tmpfiles
@@ -0,0 +1,2 @@
+z /etc/murmur.ini 0640 root murmur
+d /var/db/murmur 0750 murmur murmur -
diff --git a/murmur.tmpfilesd b/murmur.tmpfilesd
deleted file mode 100644
index 5a789b2fb0c7..000000000000
--- a/murmur.tmpfilesd
+++ /dev/null
@@ -1 +0,0 @@
-d /run/murmur 0755 murmur murmur -