[arch-commits] Commit in murmur/repos (8 files)

David Runge dvzrv at archlinux.org
Wed May 20 21:36:55 UTC 2020 

    Date: Wednesday, May 20, 2020 @ 21:36:55
  Author: dvzrv
Revision: 631003

archrelease: copy trunk to community-staging-x86_64

Added:
  murmur/repos/community-staging-x86_64/
  murmur/repos/community-staging-x86_64/PKGBUILD
    (from rev 631002, murmur/trunk/PKGBUILD)
  murmur/repos/community-staging-x86_64/a48aea18b6c7ee534cd21f7febfe253e31b33eda.patch
    (from rev 631002, murmur/trunk/a48aea18b6c7ee534cd21f7febfe253e31b33eda.patch)
  murmur/repos/community-staging-x86_64/murmur.dbus.conf
    (from rev 631002, murmur/trunk/murmur.dbus.conf)
  murmur/repos/community-staging-x86_64/murmur.install
    (from rev 631002, murmur/trunk/murmur.install)
  murmur/repos/community-staging-x86_64/murmur.service
    (from rev 631002, murmur/trunk/murmur.service)
  murmur/repos/community-staging-x86_64/murmur.sysusers
    (from rev 631002, murmur/trunk/murmur.sysusers)
  murmur/repos/community-staging-x86_64/murmur.tmpfiles
    (from rev 631002, murmur/trunk/murmur.tmpfiles)

------------------------------------------------+
 PKGBUILD                                       |   70 +++++++++++++++++++++++
 a48aea18b6c7ee534cd21f7febfe253e31b33eda.patch |   42 +++++++++++++
 murmur.dbus.conf                               |   22 +++++++
 murmur.install                                 |    6 +
 murmur.service                                 |   15 ++++
 murmur.sysusers                                |    1 
 murmur.tmpfiles                                |    2 
 7 files changed, 158 insertions(+)

Copied: murmur/repos/community-staging-x86_64/PKGBUILD (from rev 631002, murmur/trunk/PKGBUILD)
===================================================================
--- community-staging-x86_64/PKGBUILD	                        (rev 0)
+++ community-staging-x86_64/PKGBUILD	2020-05-20 21:36:55 UTC (rev 631003)
@@ -0,0 +1,70 @@
+# Maintainer: Sven-Hendrik Haase <svenstaro at gmail.com>
+# Contributor: David Runge <dvzrv at archlinux.org>
+# Contributor: Otto Allmendinger <otto.allmendinger at googlemail.com>
+# Contributor: Malte Rabenseifner <malte at zearan.de>
+
+_name=mumble
+pkgname=murmur
+pkgver=1.3.0
+pkgrel=8
+pkgdesc="The voice chat application server for Mumble"
+arch=('x86_64')
+url="https://wiki.mumble.info/wiki/Main_Page"
+license=('BSD')
+depends=('gcc-libs' 'glibc' 'grpc' 'lsb-release' 'openssl' 'qt5-base'
+'zeroc-ice')
+makedepends=('avahi' 'boost' 'libcap' 'protobuf' 'python' 'qt5-tools')
+backup=("etc/murmur.ini")
+install="murmur.install"
+source=("https://github.com/mumble-voip/${_name}/releases/download/${pkgver}/${_name}-${pkgver}.tar.gz"{,.sig}
+        a48aea18b6c7ee534cd21f7febfe253e31b33eda.patch
+        "murmur.dbus.conf"
+        "murmur.service"
+        "murmur.sysusers"
+        "murmur.tmpfiles")
+sha512sums=('2a629fc97f3c7c587c9a3b40fc96cf15d668acada37282ec1c4a5b169ad37717d60af94d12c7bce45f2816c265f76a99ebad40a006adcf8ca38a117e7c0a4122'
+            'SKIP'
+            '2f379e355227e37f2d23d984d3a59779e3b7a2206865db8c9e4c9cb4eba563ca468744d862e29892919d8d2798576d2e011c658b48ca0acdde63e8a5cc577119'
+            '97c7effdddec324e40195c36ef4927950a5de26d2ee2d268d89df6fb547207bbbe30292773316cae6f57ec9923244f205fb0edc377b798771ba7385e3c11d86a'
+            '2059eeac32cc078168a2ea56fe3034df69814516303adeffb8062c7b90a88177a536e6a6742196ee90370084d4e536f825b1744f8bed2bb704159a8a8bccb606'
+            '5af28d0c2b2b072cfbd500b5f63549e88a86cf3fc15e4d2df89e787c4d2bafdecbe078a518e0d1b25d82f9873cb06838ec1c9ebed625ffb7e8c80fcd942ebf74'
+            '411784e8e0dcf6c163780ae895ae1a6bdad0bb2dd2b128911c484ac3eff073d95c5791b625493a2b8296d24bd7e6ac72d3c42180817e48b29f0c6a8fd841807c')
+validpgpkeys=('56D0B23AE00B1EE9A8BAAC0F5B8CF87BB893449B') # Mumble Automatic Build Infrastructure 2019 <mumble-auto-build-2019 at mumble.info>
+
+prepare() {
+  mv -v "${_name}-${pkgver}" "${pkgname}-${pkgver}"
+  cd "${pkgname}-${pkgver}"
+  # setting default configuration
+  sed -e "1i; vi:ft=cfg" \
+      -e "s|database=|database=/var/db/murmur/murmur.sqlite|" \
+      -e "s|;logfile=murmur.log|logfile=|" \
+      -e "s|;uname=|uname=murmur|" \
+      -i scripts/murmur.ini
+
+  # See https://github.com/mumble-voip/mumble/pull/4032
+  patch -Np1 -i "$srcdir"/a48aea18b6c7ee534cd21f7febfe253e31b33eda.patch
+}
+
+build() {
+  cd "${pkgname}-${pkgver}"
+
+  qmake-qt5 main.pro CONFIG+="no-client grpc"
+  make release
+}
+
+package() {
+  depends+=('libcap.so' 'libdns_sd.so' 'libprotobuf.so')
+  cd "${pkgname}-${pkgver}"
+  # murmur has no install target: https://github.com/mumble-voip/mumble/issues/1029
+  install -vDm 755 release/murmurd -t "${pkgdir}"/usr/bin
+  install -vDm 640 scripts/murmur.ini -t "${pkgdir}"/etc
+  install -vDm 644 "${srcdir}"/murmur.dbus.conf "${pkgdir}"/usr/share/dbus-1/system.d/murmur.conf
+  install -vDm 644 README -t "${pkgdir}/usr/share/doc/${pkgname}"
+  install -vDm 644 man/murmur*.1 -t "${pkgdir}/usr/share/man/man1/"
+  install -vDm 644 "${srcdir}"/murmur.service -t "${pkgdir}/usr/lib/systemd/system/"
+  install -vDm 644 LICENSE -t "${pkgdir}/usr/share/licenses/${pkgname}"
+  install -vDm 644 "${srcdir}"/murmur.sysusers "${pkgdir}/usr/lib/sysusers.d/${pkgname}.conf"
+  install -vDm 644 "${srcdir}"/murmur.tmpfiles "${pkgdir}/usr/lib/tmpfiles.d/${pkgname}.conf"
+  install -vDm 644 src/murmur/{Murmur.ice,MurmurRPC.proto} -t "${pkgdir}/usr/share/${pkgname}"
+}
+# vim: sw=2:ts=2 et:

Copied: murmur/repos/community-staging-x86_64/a48aea18b6c7ee534cd21f7febfe253e31b33eda.patch (from rev 631002, murmur/trunk/a48aea18b6c7ee534cd21f7febfe253e31b33eda.patch)
===================================================================
--- community-staging-x86_64/a48aea18b6c7ee534cd21f7febfe253e31b33eda.patch	                        (rev 0)
+++ community-staging-x86_64/a48aea18b6c7ee534cd21f7febfe253e31b33eda.patch	2020-05-20 21:36:55 UTC (rev 631003)
@@ -0,0 +1,42 @@
+From a48aea18b6c7ee534cd21f7febfe253e31b33eda Mon Sep 17 00:00:00 2001
+From: Davide Beatrici <git at davidebeatrici.dev>
+Date: Sat, 4 Apr 2020 07:48:46 +0200
+Subject: [PATCH] src/murmur/Server.cpp: implement workaround for critical
+ QSslSocket issue
+
+A severe bug was introduced in qt/qtbase at 93a803a6de27d9eb57931c431b5f3d074914f693: q_SSL_shutdown() causes Qt to emit "error()" from unrelated QSslSocket(s), in addition to the correct one.
+
+The issue causes Server::connectionClosed() to disconnect random authenticated clients.
+
+The workaround consists in ignoring a specific OpenSSL error:
+"Error while reading: error:140E0197:SSL routines:SSL_shutdown:shutdown while in init [20]"
+
+Definitely not ideal, but it fixes a critical vulnerability. Details on how to trigger it are deliberately omitted.
+---
+ src/murmur/Server.cpp | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/src/murmur/Server.cpp b/src/murmur/Server.cpp
+index cac75e4fea..055ad96d95 100644
+--- a/src/murmur/Server.cpp
++++ b/src/murmur/Server.cpp
+@@ -1422,6 +1422,19 @@ void Server::sslError(const QList<QSslError> &errors) {
+ }
+ 
+ void Server::connectionClosed(QAbstractSocket::SocketError err, const QString &reason) {
++	if (reason.contains(QLatin1String("140E0197"))) {
++		// A severe bug was introduced in qt/qtbase at 93a803a6de27d9eb57931c431b5f3d074914f693.
++		// q_SSL_shutdown() causes Qt to emit "error()" from unrelated QSslSocket(s), in addition to the correct one.
++		// The issue causes this function to disconnect random authenticated clients.
++		//
++		// The workaround consists in ignoring a specific OpenSSL error:
++		// "Error while reading: error:140E0197:SSL routines:SSL_shutdown:shutdown while in init [20]"
++		//
++		// Definitely not ideal, but it fixes a critical vulnerability.
++		qWarning("Ignored OpenSSL error 140E0197 for %p", sender());
++		return;
++	}
++
+ 	Connection *c = qobject_cast<Connection *>(sender());
+ 	if (! c)
+ 		return;

Copied: murmur/repos/community-staging-x86_64/murmur.dbus.conf (from rev 631002, murmur/trunk/murmur.dbus.conf)
===================================================================
--- community-staging-x86_64/murmur.dbus.conf	                        (rev 0)
+++ community-staging-x86_64/murmur.dbus.conf	2020-05-20 21:36:55 UTC (rev 631003)
@@ -0,0 +1,22 @@
+<!-- vi: set ft=xml: -->
+<!-- 
+    As described in http://mumble.sourceforge.net/DBus, 
+    but with different username
+-->
+<!DOCTYPE busconfig PUBLIC
+ "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+
+  <policy user="murmur">
+    <allow own="net.sourceforge.mumble.murmur"/>
+  </policy>
+  <policy user="root">
+    <allow own="net.sourceforge.mumble.murmur"/>
+  </policy>
+
+  <policy context="default">
+    <allow send_destination="net.sourceforge.mumble.murmur"/>
+    <allow receive_sender="net.sourceforge.mumble.murmur"/>
+  </policy>
+</busconfig>

Copied: murmur/repos/community-staging-x86_64/murmur.install (from rev 631002, murmur/trunk/murmur.install)
===================================================================
--- community-staging-x86_64/murmur.install	                        (rev 0)
+++ community-staging-x86_64/murmur.install	2020-05-20 21:36:55 UTC (rev 631003)
@@ -0,0 +1,6 @@
+post_install() {
+    echo "You might have to reload dbus before launching murmur:"
+    echo "    systemctl reload dbus"
+    echo "Don't forget to set the superuser password:"
+    echo "    murmurd -ini /etc/murmur.ini -supw <your-password>"
+}

Copied: murmur/repos/community-staging-x86_64/murmur.service (from rev 631002, murmur/trunk/murmur.service)
===================================================================
--- community-staging-x86_64/murmur.service	                        (rev 0)
+++ community-staging-x86_64/murmur.service	2020-05-20 21:36:55 UTC (rev 631003)
@@ -0,0 +1,15 @@
+[Unit]
+Description=Mumble Daemon
+After=network.target
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/murmurd -ini /etc/murmur.ini -fg
+Restart=always
+PrivateDevices=true
+PrivateTmp=true
+ProtectSystem=full
+ProtectHome=true
+
+[Install]
+WantedBy=multi-user.target

Copied: murmur/repos/community-staging-x86_64/murmur.sysusers (from rev 631002, murmur/trunk/murmur.sysusers)
===================================================================
--- community-staging-x86_64/murmur.sysusers	                        (rev 0)
+++ community-staging-x86_64/murmur.sysusers	2020-05-20 21:36:55 UTC (rev 631003)
@@ -0,0 +1 @@
+u murmur 122 "Murmur User" /var/db/murmur

Copied: murmur/repos/community-staging-x86_64/murmur.tmpfiles (from rev 631002, murmur/trunk/murmur.tmpfiles)
===================================================================
--- community-staging-x86_64/murmur.tmpfiles	                        (rev 0)
+++ community-staging-x86_64/murmur.tmpfiles	2020-05-20 21:36:55 UTC (rev 631003)
@@ -0,0 +1,2 @@
+z /etc/murmur.ini 0640 root murmur
+d /var/db/murmur 0750 murmur murmur -

More information about the arch-commits mailing list