Date: Friday, May 29, 2020 @ 18:30:18 Author: lfleischer Revision: 637249
db-move: moved murmur from [community-staging] to [community-testing] (x86_64) Added: murmur/repos/community-testing-x86_64/ murmur/repos/community-testing-x86_64/PKGBUILD (from rev 637248, murmur/repos/community-staging-x86_64/PKGBUILD) murmur/repos/community-testing-x86_64/a48aea18b6c7ee534cd21f7febfe253e31b33eda.patch (from rev 637248, murmur/repos/community-staging-x86_64/a48aea18b6c7ee534cd21f7febfe253e31b33eda.patch) murmur/repos/community-testing-x86_64/murmur.dbus.conf (from rev 637248, murmur/repos/community-staging-x86_64/murmur.dbus.conf) murmur/repos/community-testing-x86_64/murmur.install (from rev 637248, murmur/repos/community-staging-x86_64/murmur.install) murmur/repos/community-testing-x86_64/murmur.service (from rev 637248, murmur/repos/community-staging-x86_64/murmur.service) murmur/repos/community-testing-x86_64/murmur.sysusers (from rev 637248, murmur/repos/community-staging-x86_64/murmur.sysusers) murmur/repos/community-testing-x86_64/murmur.tmpfiles (from rev 637248, murmur/repos/community-staging-x86_64/murmur.tmpfiles) Deleted: murmur/repos/community-staging-x86_64/ ------------------------------------------------+ PKGBUILD | 70 +++++++++++++++++++++++ a48aea18b6c7ee534cd21f7febfe253e31b33eda.patch | 42 +++++++++++++ murmur.dbus.conf | 22 +++++++ murmur.install | 6 + murmur.service | 15 ++++ murmur.sysusers | 1 murmur.tmpfiles | 2 7 files changed, 158 insertions(+) Copied: murmur/repos/community-testing-x86_64/PKGBUILD (from rev 637248, murmur/repos/community-staging-x86_64/PKGBUILD) =================================================================== --- community-testing-x86_64/PKGBUILD (rev 0) +++ community-testing-x86_64/PKGBUILD 2020-05-29 18:30:18 UTC (rev 637249) @@ -0,0 +1,70 @@ +# Maintainer: Sven-Hendrik Haase <svenst...@gmail.com> +# Contributor: David Runge <dv...@archlinux.org> +# Contributor: Otto Allmendinger <otto.allmendin...@googlemail.com> +# Contributor: Malte Rabenseifner <ma...@zearan.de> + +_name=mumble +pkgname=murmur +pkgver=1.3.0 +pkgrel=8 +pkgdesc="The voice chat application server for Mumble" +arch=('x86_64') +url="https://wiki.mumble.info/wiki/Main_Page" +license=('BSD') +depends=('gcc-libs' 'glibc' 'grpc' 'lsb-release' 'openssl' 'qt5-base' +'zeroc-ice') +makedepends=('avahi' 'boost' 'libcap' 'protobuf' 'python' 'qt5-tools') +backup=("etc/murmur.ini") +install="murmur.install" +source=("https://github.com/mumble-voip/${_name}/releases/download/${pkgver}/${_name}-${pkgver}.tar.gz"{,.sig} + a48aea18b6c7ee534cd21f7febfe253e31b33eda.patch + "murmur.dbus.conf" + "murmur.service" + "murmur.sysusers" + "murmur.tmpfiles") +sha512sums=('2a629fc97f3c7c587c9a3b40fc96cf15d668acada37282ec1c4a5b169ad37717d60af94d12c7bce45f2816c265f76a99ebad40a006adcf8ca38a117e7c0a4122' + 'SKIP' + '2f379e355227e37f2d23d984d3a59779e3b7a2206865db8c9e4c9cb4eba563ca468744d862e29892919d8d2798576d2e011c658b48ca0acdde63e8a5cc577119' + '97c7effdddec324e40195c36ef4927950a5de26d2ee2d268d89df6fb547207bbbe30292773316cae6f57ec9923244f205fb0edc377b798771ba7385e3c11d86a' + '2059eeac32cc078168a2ea56fe3034df69814516303adeffb8062c7b90a88177a536e6a6742196ee90370084d4e536f825b1744f8bed2bb704159a8a8bccb606' + '5af28d0c2b2b072cfbd500b5f63549e88a86cf3fc15e4d2df89e787c4d2bafdecbe078a518e0d1b25d82f9873cb06838ec1c9ebed625ffb7e8c80fcd942ebf74' + '411784e8e0dcf6c163780ae895ae1a6bdad0bb2dd2b128911c484ac3eff073d95c5791b625493a2b8296d24bd7e6ac72d3c42180817e48b29f0c6a8fd841807c') +validpgpkeys=('56D0B23AE00B1EE9A8BAAC0F5B8CF87BB893449B') # Mumble Automatic Build Infrastructure 2019 <mumble-auto-build-2...@mumble.info> + +prepare() { + mv -v "${_name}-${pkgver}" "${pkgname}-${pkgver}" + cd "${pkgname}-${pkgver}" + # setting default configuration + sed -e "1i; vi:ft=cfg" \ + -e "s|database=|database=/var/db/murmur/murmur.sqlite|" \ + -e "s|;logfile=murmur.log|logfile=|" \ + -e "s|;uname=|uname=murmur|" \ + -i scripts/murmur.ini + + # See https://github.com/mumble-voip/mumble/pull/4032 + patch -Np1 -i "$srcdir"/a48aea18b6c7ee534cd21f7febfe253e31b33eda.patch +} + +build() { + cd "${pkgname}-${pkgver}" + + qmake-qt5 main.pro CONFIG+="no-client grpc" + make release +} + +package() { + depends+=('libcap.so' 'libdns_sd.so' 'libprotobuf.so') + cd "${pkgname}-${pkgver}" + # murmur has no install target: https://github.com/mumble-voip/mumble/issues/1029 + install -vDm 755 release/murmurd -t "${pkgdir}"/usr/bin + install -vDm 640 scripts/murmur.ini -t "${pkgdir}"/etc + install -vDm 644 "${srcdir}"/murmur.dbus.conf "${pkgdir}"/usr/share/dbus-1/system.d/murmur.conf + install -vDm 644 README -t "${pkgdir}/usr/share/doc/${pkgname}" + install -vDm 644 man/murmur*.1 -t "${pkgdir}/usr/share/man/man1/" + install -vDm 644 "${srcdir}"/murmur.service -t "${pkgdir}/usr/lib/systemd/system/" + install -vDm 644 LICENSE -t "${pkgdir}/usr/share/licenses/${pkgname}" + install -vDm 644 "${srcdir}"/murmur.sysusers "${pkgdir}/usr/lib/sysusers.d/${pkgname}.conf" + install -vDm 644 "${srcdir}"/murmur.tmpfiles "${pkgdir}/usr/lib/tmpfiles.d/${pkgname}.conf" + install -vDm 644 src/murmur/{Murmur.ice,MurmurRPC.proto} -t "${pkgdir}/usr/share/${pkgname}" +} +# vim: sw=2:ts=2 et: Copied: murmur/repos/community-testing-x86_64/a48aea18b6c7ee534cd21f7febfe253e31b33eda.patch (from rev 637248, murmur/repos/community-staging-x86_64/a48aea18b6c7ee534cd21f7febfe253e31b33eda.patch) =================================================================== --- community-testing-x86_64/a48aea18b6c7ee534cd21f7febfe253e31b33eda.patch (rev 0) +++ community-testing-x86_64/a48aea18b6c7ee534cd21f7febfe253e31b33eda.patch 2020-05-29 18:30:18 UTC (rev 637249) @@ -0,0 +1,42 @@ +From a48aea18b6c7ee534cd21f7febfe253e31b33eda Mon Sep 17 00:00:00 2001 +From: Davide Beatrici <g...@davidebeatrici.dev> +Date: Sat, 4 Apr 2020 07:48:46 +0200 +Subject: [PATCH] src/murmur/Server.cpp: implement workaround for critical + QSslSocket issue + +A severe bug was introduced in qt/qtbase@93a803a6de27d9eb57931c431b5f3d074914f693: q_SSL_shutdown() causes Qt to emit "error()" from unrelated QSslSocket(s), in addition to the correct one. + +The issue causes Server::connectionClosed() to disconnect random authenticated clients. + +The workaround consists in ignoring a specific OpenSSL error: +"Error while reading: error:140E0197:SSL routines:SSL_shutdown:shutdown while in init [20]" + +Definitely not ideal, but it fixes a critical vulnerability. Details on how to trigger it are deliberately omitted. +--- + src/murmur/Server.cpp | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/src/murmur/Server.cpp b/src/murmur/Server.cpp +index cac75e4fea..055ad96d95 100644 +--- a/src/murmur/Server.cpp ++++ b/src/murmur/Server.cpp +@@ -1422,6 +1422,19 @@ void Server::sslError(const QList<QSslError> &errors) { + } + + void Server::connectionClosed(QAbstractSocket::SocketError err, const QString &reason) { ++ if (reason.contains(QLatin1String("140E0197"))) { ++ // A severe bug was introduced in qt/qtbase@93a803a6de27d9eb57931c431b5f3d074914f693. ++ // q_SSL_shutdown() causes Qt to emit "error()" from unrelated QSslSocket(s), in addition to the correct one. ++ // The issue causes this function to disconnect random authenticated clients. ++ // ++ // The workaround consists in ignoring a specific OpenSSL error: ++ // "Error while reading: error:140E0197:SSL routines:SSL_shutdown:shutdown while in init [20]" ++ // ++ // Definitely not ideal, but it fixes a critical vulnerability. ++ qWarning("Ignored OpenSSL error 140E0197 for %p", sender()); ++ return; ++ } ++ + Connection *c = qobject_cast<Connection *>(sender()); + if (! c) + return; Copied: murmur/repos/community-testing-x86_64/murmur.dbus.conf (from rev 637248, murmur/repos/community-staging-x86_64/murmur.dbus.conf) =================================================================== --- community-testing-x86_64/murmur.dbus.conf (rev 0) +++ community-testing-x86_64/murmur.dbus.conf 2020-05-29 18:30:18 UTC (rev 637249) @@ -0,0 +1,22 @@ +<!-- vi: set ft=xml: --> +<!-- + As described in http://mumble.sourceforge.net/DBus, + but with different username +--> +<!DOCTYPE busconfig PUBLIC + "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" + "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> +<busconfig> + + <policy user="murmur"> + <allow own="net.sourceforge.mumble.murmur"/> + </policy> + <policy user="root"> + <allow own="net.sourceforge.mumble.murmur"/> + </policy> + + <policy context="default"> + <allow send_destination="net.sourceforge.mumble.murmur"/> + <allow receive_sender="net.sourceforge.mumble.murmur"/> + </policy> +</busconfig> Copied: murmur/repos/community-testing-x86_64/murmur.install (from rev 637248, murmur/repos/community-staging-x86_64/murmur.install) =================================================================== --- community-testing-x86_64/murmur.install (rev 0) +++ community-testing-x86_64/murmur.install 2020-05-29 18:30:18 UTC (rev 637249) @@ -0,0 +1,6 @@ +post_install() { + echo "You might have to reload dbus before launching murmur:" + echo " systemctl reload dbus" + echo "Don't forget to set the superuser password:" + echo " murmurd -ini /etc/murmur.ini -supw <your-password>" +} Copied: murmur/repos/community-testing-x86_64/murmur.service (from rev 637248, murmur/repos/community-staging-x86_64/murmur.service) =================================================================== --- community-testing-x86_64/murmur.service (rev 0) +++ community-testing-x86_64/murmur.service 2020-05-29 18:30:18 UTC (rev 637249) @@ -0,0 +1,15 @@ +[Unit] +Description=Mumble Daemon +After=network.target + +[Service] +Type=simple +ExecStart=/usr/bin/murmurd -ini /etc/murmur.ini -fg +Restart=always +PrivateDevices=true +PrivateTmp=true +ProtectSystem=full +ProtectHome=true + +[Install] +WantedBy=multi-user.target Copied: murmur/repos/community-testing-x86_64/murmur.sysusers (from rev 637248, murmur/repos/community-staging-x86_64/murmur.sysusers) =================================================================== --- community-testing-x86_64/murmur.sysusers (rev 0) +++ community-testing-x86_64/murmur.sysusers 2020-05-29 18:30:18 UTC (rev 637249) @@ -0,0 +1 @@ +u murmur 122 "Murmur User" /var/db/murmur Copied: murmur/repos/community-testing-x86_64/murmur.tmpfiles (from rev 637248, murmur/repos/community-staging-x86_64/murmur.tmpfiles) =================================================================== --- community-testing-x86_64/murmur.tmpfiles (rev 0) +++ community-testing-x86_64/murmur.tmpfiles 2020-05-29 18:30:18 UTC (rev 637249) @@ -0,0 +1,2 @@ +z /etc/murmur.ini 0640 root murmur +d /var/db/murmur 0750 murmur murmur -