Hello community, here is the log from the commit of package mumble for openSUSE:Factory checked in at Mon Feb 21 18:27:54 CET 2011.
-------- --- mumble/mumble.changes 2011-01-27 09:36:39.000000000 +0100 +++ mumble/mumble.changes 2011-02-21 15:46:08.000000000 +0100 @@ -1,0 +2,15 @@ +Mon Feb 21 13:19:50 UTC 2011 - [email protected] + +- avoid duplicate libcelt libs + +------------------------------------------------------------------- +Mon Feb 21 10:07:20 UTC 2011 - [email protected] + +- new version 1.2.3 + - Improved Voice Activity Detection + - Customizable Overlay with FPS counter + - Recording + - Priority speaker + - Updated CELT Codec to version 0.11.0 + +------------------------------------------------------------------- @@ -93 +108 @@ -Tue Feb 24 14:22:24 CET 2009 - [email protected] +Tue Feb 24 14:22:24 CET 2009 - [email protected] calling whatdependson for head-i586 Old: ---- 0003-fix-long-username-query.patch 0004-fix-username-validation.patch celt-0.10.0.tar.gz celt-0.7.0.tar.gz celt-0.9.0.tar.gz mumble-1.2.1-wizardpageorder.diff mumble-1.2.2.tar.gz mumble-1.2.2.tar.gz.sig mumble-unstable-1.2.2.tar.bz2 New: ---- 0001-fix-user-switching.diff mumble-1.2.3.tar.gz mumble-1.2.3.tar.gz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mumble.spec ++++++ --- /var/tmp/diff_new_pack.EzIBsk/_old 2011-02-21 18:24:09.000000000 +0100 +++ /var/tmp/diff_new_pack.EzIBsk/_new 2011-02-21 18:24:09.000000000 +0100 @@ -36,6 +36,10 @@ %bcond_without mumble11x %bcond_without bonjour +# mumble must be able to talk to other clients which may use +# differnt versions of celt. Since each celt release is +# incompatible to each other mumble bundles some specific +# versions. %bcond_with system_celt %bcond_without system_speex @@ -82,21 +86,17 @@ %if %{with pulseaudio} BuildRequires: pulseaudio-devel %endif -Version: 1.2.2%{?snapshot:_%snapshot} +Version: 1.2.3%{?snapshot:_%snapshot} Release: 1 License: BSD3c Group: Productivity/Multimedia/Sound/Utilities -%if 0%{?snapshot:1} -Source: mumble-unstable-%{version}.tar.bz2 -%else +%if 0%{!?snapshot:1} Source: http://downloads.sourceforge.net/project/mumble/Mumble/%{version}/mumble-%{version}.tar.gz Source1: http://downloads.sourceforge.net/project/mumble/Mumble/%{version}/mumble-%{version}.tar.gz.sig %endif Source2: mumble-server.init -Patch0: mumble-1.2.1-wizardpageorder.diff -Patch1: 0003-fix-long-username-query.patch -Patch2: 0004-fix-username-validation.patch -Patch3: 0001-fix-build-error-with-capability.h.diff +Patch0: 0001-fix-build-error-with-capability.h.diff +Patch1: 0001-fix-user-switching.diff Patch50: mumble-1.2.2-buildcompare.diff # hack, no clue about glx so no idea to fix this properly Patch99: mumble-1.1.4-sle10glx.diff @@ -132,12 +132,8 @@ Conflicts: mumble < %version Provides: mumble = %version # -%if !%{with system_celt} -Source50: http://downloads.xiph.org/releases/celt/celt-0.7.0.tar.gz -Source51: http://downloads.xiph.org/releases/celt/celt-0.9.0.tar.gz -Source52: http://downloads.xiph.org/releases/celt/celt-0.10.0.tar.gz -%endif %endif +# %description Low-latency, high-quality voice communication for gamers. Includes game @@ -166,22 +162,16 @@ %setup -q %patch0 -p1 %patch1 -p1 -%patch2 -p1 -%patch3 -p1 # %patch50 -p1 %if 0%{?suse_version} && 0%{?suse_version} < 1020 %patch99 -p1 %endif -%if %{with system_celt} -# XXX celt 0.6 vs celt 0.7 -#sed -i -e 's/celt_int32/celt_int32_t/g' src/mumble/Audio.* -#sed -i -e 's/celt_int16/celt_int16_t/g' src/mumble/Audio.* -%else +%if !%{with system_celt} %if 0%{?snapshot:1} tar -xzf %SOURCE50 -sed -i -e 's/celt-0.6.1-build//;s/celt-0.6.2-build//' main.pro -for v in 0.7.0 0.9.0 0.10.0; do +tar -xzf %SOURCE51 +for v in 0.7.0 0.11.0; do rmdir celt-$v-src mv celt-$v celt-$v-src done @@ -223,8 +213,8 @@ # temporary hack, remove! sed -i -e '/QMAKE_CFLAGS/s/-Woverloaded-virtual -Wold-style-cast//' compiler.pri qmake \ - QMAKE_CFLAGS_RELEASE="%{optflags} -Wall" \ - QMAKE_CXXFLAGS_RELEASE="%{optflags} -Wall" \ + QMAKE_CFLAGS_RELEASE="%{optflags} -Wall -fno-strict-aliasing" \ + QMAKE_CXXFLAGS_RELEASE="%{optflags} -Wall -fno-strict-aliasing" \ DEFINES*=NO_UPDATE_CHECK \ DEFINES*=MUMBLE_VERSION=%version \ DEFINES*=PLUGIN_PATH=%{_libdir}/mumble \ @@ -288,9 +278,6 @@ install -D -m 0755 release/mumble %{buildroot}%{_bindir}/mumble install -d -m 0755 "%{buildroot}%{_libdir}/mumble/plugins" install -m 0755 release/plugins/*.so "%{buildroot}%{_libdir}/mumble/plugins" -%if !%{with system_celt} -cp -a release/libcelt0.so.* "%{buildroot}%{_libdir}/mumble" -%endif install -m 755 scripts/mumble-overlay "%{buildroot}%{_bindir}/mumble-overlay" install -d -m 0755 "%{buildroot}%{_mandir}/man1" install -m 0644 man/*.1 "%{buildroot}%{_mandir}/man1" @@ -305,6 +292,11 @@ install -d -m0755 "%{buildroot}%{_libdir}/mumble" install -m0755 release/libmumble.so.*.*.* "%{buildroot}%{_libdir}/mumble" /sbin/ldconfig -n "%{buildroot}%{_libdir}/mumble" +# do this after ldconfig as we don't need the links +%if !%{with system_celt} +install -m 644 release/libcelt0.so.0.*.* "%{buildroot}%{_libdir}/mumble" +%endif + # %if %{with mumble11x} install -D -m 0755 release/mumble11x %{buildroot}%{_bindir}/mumble11x @@ -425,5 +417,4 @@ %endif %config /etc/tmpfiles.d/mumble-server.conf %endif - %changelog ++++++ 0001-fix-build-error-with-capability.h.diff ++++++ --- /var/tmp/diff_new_pack.EzIBsk/_old 2011-02-21 18:24:09.000000000 +0100 +++ /var/tmp/diff_new_pack.EzIBsk/_new 2011-02-21 18:24:09.000000000 +0100 @@ -1,7 +1,7 @@ -From 18b8b6d42c9e8ed2964a312a8134adb482585e03 Mon Sep 17 00:00:00 2001 +From 72d7a63286539dee07d962c8f2abf2867efa7d6a Mon Sep 17 00:00:00 2001 From: Ludwig Nussel <[email protected]> Date: Thu, 23 Dec 2010 14:03:56 +0100 -Subject: [PATCH] fix build error with capability.h +Subject: [PATCH 1/2] fix build error with capability.h --- src/murmur/murmur_pch.h | 1 + ++++++ 0001-fix-user-switching.diff ++++++ >From 41006c79225199fb6faaed3bc0228a35e9e51514 Mon Sep 17 00:00:00 2001 From: Ludwig Nussel <[email protected]> Date: Fri, 24 Dec 2010 18:20:34 +0100 Subject: [PATCH 2/2] fix user switching - don't keep saved uid 0. That's bad as an attacker that manages to execute code could switch back to uid 0 - set $HOME as Qt doesn't look at passwd information - initialize supplementary groups - use "mumble-server" as fallback if no user is specified --- src/murmur/Meta.cpp | 19 +++++++++++++------ src/murmur/Meta.h | 4 ++++ src/murmur/UnixMurmur.cpp | 12 ++++++++++-- src/murmur/main.cpp | 4 +++- src/murmur/murmur_pch.h | 1 + 5 files changed, 31 insertions(+), 9 deletions(-) diff --git a/src/murmur/Meta.cpp b/src/murmur/Meta.cpp index 05cd03e..5efc52a 100644 --- a/src/murmur/Meta.cpp +++ b/src/murmur/Meta.cpp @@ -264,15 +264,22 @@ void MetaParams::read(QString fname) { iBanTime = qsSettings->value("autobanTime", iBanTime).toInt(); #ifdef Q_OS_UNIX - const QString uname = qsSettings->value("uname").toString(); - if (! uname.isEmpty() && (geteuid() == 0)) { - struct passwd *pw = getpwnam(qPrintable(uname)); + qsName = qsSettings->value("uname").toString(); + if (geteuid() == 0) { + // TODO: remove this silent fallback to enforce running as non-root + bool requested = true; + if (qsName.isEmpty()) { + // default server user name + qsName = "mumble-server"; + requested = false; + } + struct passwd *pw = getpwnam(qPrintable(qsName)); if (pw) { uiUid = pw->pw_uid; uiGid = pw->pw_gid; - } - if (uiUid == 0) { - qFatal("Cannot find username %s", qPrintable(uname)); + qsHome = pw->pw_dir; + } else if (requested) { + qFatal("Cannot find username %s", qPrintable(qsName)); } endpwent(); } diff --git a/src/murmur/Meta.h b/src/murmur/Meta.h index 7924640..1ec2d2b 100644 --- a/src/murmur/Meta.h +++ b/src/murmur/Meta.h @@ -96,7 +96,11 @@ struct MetaParams { QMap<QString, QString> qmConfig; +#ifdef Q_OS_UNIX unsigned int uiUid, uiGid; + QString qsHome; + QString qsName; +#endif QSettings *qsSettings; diff --git a/src/murmur/UnixMurmur.cpp b/src/murmur/UnixMurmur.cpp index eeeb67c..773701c 100644 --- a/src/murmur/UnixMurmur.cpp +++ b/src/murmur/UnixMurmur.cpp @@ -231,14 +231,22 @@ void UnixMurmur::setuid() { } else qFatal("Couldn't switch uid/gid."); #else - if (setregid(Meta::mp.uiGid, Meta::mp.uiGid) != 0) + if (::initgroups(qPrintable(Meta::mp.qsName), Meta::mp.uiGid) != 0) + qCritical("Can't initialize supplementary groups"); + if (::setgid(Meta::mp.uiGid) != 0) qCritical("Failed to switch to gid %d", Meta::mp.uiGid); - if (setresuid(Meta::mp.uiUid, Meta::mp.uiUid, 0) != 0) { + if (::setuid(Meta::mp.uiUid) != 0) { qFatal("Failed to become uid %d", Meta::mp.uiUid); } else { qCritical("Successfully switched to uid %d", Meta::mp.uiUid); initialcap(); } + if (!Meta::mp.qsHome.isEmpty()) { + // QDir::homePath is broken. It only looks at $HOME + // instead of getpwuid() so we have to set our home + // ourselves + ::setenv("HOME", qPrintable(Meta::mp.qsHome), 1); + } #endif } else if (bRoot) { qCritical("WARNING: You are running murmurd as root, without setting a uname in the ini file. This might be a security risk."); diff --git a/src/murmur/main.cpp b/src/murmur/main.cpp index 7a11250..5a4810d 100644 --- a/src/murmur/main.cpp +++ b/src/murmur/main.cpp @@ -272,11 +272,13 @@ int main(int argc, char **argv) { Meta::mp.read(inifile); - MumbleSSL::addSystemCA(); #ifdef Q_OS_UNIX unixhandler.setuid(); #endif + + MumbleSSL::addSystemCA(); + ServerDB db; meta = new Meta(); diff --git a/src/murmur/murmur_pch.h b/src/murmur/murmur_pch.h index 27c38a1..c36d5ae 100644 --- a/src/murmur/murmur_pch.h +++ b/src/murmur/murmur_pch.h @@ -61,6 +61,7 @@ extern "C" { #include <sys/prctl.h> #endif #include <pwd.h> +#include <grp.h> #ifdef __FreeBSD__ #include <netinet/in_systm.h> #endif -- 1.7.1 ++++++ mumble-1.2.2.tar.gz -> mumble-1.2.3.tar.gz ++++++ ++++ 143352 lines of diff (skipped) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
