Friday, February 20, 2026

update audio/umurmur 0.2.20 -> 0.3.1 + pledge & unveil

diff --git a/audio/umurmur/Makefile b/audio/umurmur/Makefile
index d8b1e575938..287ebcf8a8d 100644
--- a/audio/umurmur/Makefile
+++ b/audio/umurmur/Makefile
@@ -2,16 +2,18 @@ COMMENT = minimalistic Mumble server

GH_ACCOUNT = umurmur
GH_PROJECT = umurmur
-GH_TAGNAME = 0.2.20
-REVISION = 1
+GH_TAGNAME = v0.3.1

CATEGORIES = audio

HOMEPAGE = https://umurmur.net/

+MAINTAINER = Christoph Liebender <christoph@liebender.dev>
+
# BSD
PERMIT_PACKAGE = Yes

+# uses pledge() and unveil()
WANTLIB = c config crypto protobuf-c>=1.0 ssl

MODULES = devel/cmake
diff --git a/audio/umurmur/distinfo b/audio/umurmur/distinfo
index e47fe344fb0..ead2483e3ae 100644
--- a/audio/umurmur/distinfo
+++ b/audio/umurmur/distinfo
@@ -1,2 +1,2 @@
-SHA256 (umurmur-0.2.20.tar.gz) = t7KXjDGXrvCmUx8c8O4a67MqVa2L2kMGTOOpRO28rIM=
-SIZE (umurmur-0.2.20.tar.gz) = 93152
+SHA256 (umurmur-0.3.1.tar.gz) = gyfdCyxb0YejjQmCleiWprhdaYySaCBbyyf2JE92CnM=
+SIZE (umurmur-0.3.1.tar.gz) = 94742
diff --git a/audio/umurmur/patches/patch-CMakeLists_txt b/audio/umurmur/patches/patch-CMakeLists_txt
index 280e1f0b956..df1a0b7b634 100644
--- a/audio/umurmur/patches/patch-CMakeLists_txt
+++ b/audio/umurmur/patches/patch-CMakeLists_txt
@@ -10,11 +10,11 @@ Index: CMakeLists.txt
set(CMAKE_RUNTIME_OUTPUT_DIRECTORY "${UMURMUR_BINARY_DIR}")

if(NOT CMAKE_BUILD_TYPE)
-@@ -27,7 +27,7 @@ add_subdirectory(src)
+@@ -31,7 +31,7 @@ add_subdirectory(src)

install(
FILES "umurmur.conf.example"
-- DESTINATION "${CMAKE_INSTALL_FULL_SYSCONFDIR}/"
+- DESTINATION "${CMAKE_INSTALL_FULL_SYSCONFDIR}/umurmur"
+ DESTINATION "share/examples/umurmur"
PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ
RENAME "umurmur.conf"
diff --git a/audio/umurmur/patches/patch-cmake_Modules_FindLibconfig_cmake b/audio/umurmur/patches/patch-cmake_Modules_FindLibconfig_cmake
deleted file mode 100644
index a251ad7c6da..00000000000
--- a/audio/umurmur/patches/patch-cmake_Modules_FindLibconfig_cmake
+++ /dev/null
@@ -1,16 +0,0 @@
---- cmake/Modules/FindLibconfig.cmake.orig Fri Aug 8 08:37:03 2014
-+++ cmake/Modules/FindLibconfig.cmake Thu Sep 4 13:27:02 2014
-@@ -1,10 +1,6 @@
- include(FindPackageHandleStandardArgs)
-
--find_path(LIBCONFIG_INCLUDE_DIR NAMES "libconfig.h" PATHS /usr/pkg /usr/local /usr PATH_SUFFIXES "include")
--find_path(LIBCONFIG_LIB_DIR NAMES "libconfig.so" "libconfig.dylib" PATHS /usr/pkg /usr/local /usr PATH_SUFFIXES "lib" "lib/${CMAKE_LIBRARY_ARCHITECTURE}")
-+find_path(LIBCONFIG_INCLUDE_DIR NAMES "libconfig.h")
-+find_library(LIBCONFIG_LIBRARIES NAMES "config")
-
--if(LIBCONFIG_INCLUDE_DIR AND LIBCONFIG_LIB_DIR)
-- set(LIBCONFIG_LIBRARIES config)
--endif(LIBCONFIG_INCLUDE_DIR AND LIBCONFIG_LIB_DIR)
--
--find_package_handle_standard_args(Libconfig DEFAULT LIBCONFIG_INCLUDE_DIR LIBCONFIG_LIBRARIES LIBCONFIG_LIB_DIR)
-+find_package_handle_standard_args(Libconfig REQUIRED_VARS LIBCONFIG_INCLUDE_DIR LIBCONFIG_LIBRARIES)
diff --git a/audio/umurmur/patches/patch-cmake_Modules_FindProtobufC_cmake b/audio/umurmur/patches/patch-cmake_Modules_FindProtobufC_cmake
deleted file mode 100644
index af7ffb138e0..00000000000
--- a/audio/umurmur/patches/patch-cmake_Modules_FindProtobufC_cmake
+++ /dev/null
@@ -1,16 +0,0 @@
---- cmake/Modules/FindProtobufC.cmake.orig Fri Aug 8 08:37:03 2014
-+++ cmake/Modules/FindProtobufC.cmake Thu Sep 4 13:27:27 2014
-@@ -1,10 +1,6 @@
- include(FindPackageHandleStandardArgs)
-
--find_path(PROTOBUFC_INCLUDE_DIR NAMES "protobuf-c.h" PATHS /usr/pkg /usr/local /usr PATH_SUFFIXES "include/google/protobuf-c")
--find_path(PROTOBUFC_LIB_DIR NAMES "libprotobuf-c.so" "libprotobuf-c.dylib" PATHS /usr/pkg /usr/local /usr PATH_SUFFIXES "lib" "lib/${CMAKE_LIBRARY_ARCHITECTURE}")
-+find_path(PROTOBUFC_INCLUDE_DIR NAMES "protobuf-c.h" PATH_SUFFIXES "protobuf-c")
-+find_library(PROTOBUFC_LIBRARIES NAMES "protobuf-c")
-
--if(PROTOBUFC_INCLUDE_DIR AND PROTOBUFC_LIB_DIR)
-- set(PROTOBUFC_LIBRARIES protobuf-c)
--endif(PROTOBUFC_INCLUDE_DIR AND PROTOBUFC_LIB_DIR)
--
--find_package_handle_standard_args(ProtobufC REQUIRED_VARS PROTOBUFC_INCLUDE_DIR PROTOBUFC_LIBRARIES PROTOBUFC_LIB_DIR)
-+find_package_handle_standard_args(ProtobufC REQUIRED_VARS PROTOBUFC_INCLUDE_DIR PROTOBUFC_LIBRARIES)
diff --git a/audio/umurmur/patches/patch-src_CMakeLists_txt b/audio/umurmur/patches/patch-src_CMakeLists_txt
deleted file mode 100644
index 90c7f439190..00000000000
--- a/audio/umurmur/patches/patch-src_CMakeLists_txt
+++ /dev/null
@@ -1,9 +0,0 @@
-Index: src/CMakeLists.txt
---- src/CMakeLists.txt.orig
-+++ src/CMakeLists.txt
-@@ -48,4 +48,4 @@ target_link_libraries(${PROJECT_NAME}
- ${LIBRT}
- ${CRYPTO_LIBRARIES})
-
--install(TARGETS ${PROJECT_NAME} RUNTIME DESTINATION "bin")
-+install(TARGETS ${PROJECT_NAME} RUNTIME DESTINATION "sbin")
diff --git a/audio/umurmur/patches/patch-src_config_h_in b/audio/umurmur/patches/patch-src_config_h_in
index ed5ecaea2b1..ee8a9acd8f3 100644
--- a/audio/umurmur/patches/patch-src_config_h_in
+++ b/audio/umurmur/patches/patch-src_config_h_in
@@ -5,7 +5,7 @@ Index: src/config.h.in

#cmakedefine USE_SHAREDMEMORY_API

--#define DEFAULT_CONFIG "${CMAKE_INSTALL_FULL_SYSCONFDIR}/umurmur.conf"
+-#define DEFAULT_CONFIG "${CMAKE_INSTALL_FULL_SYSCONFDIR}/umurmur/umurmur.conf"
+#define DEFAULT_CONFIG "${SYSCONFDIR}/umurmur/umurmur.conf"

#endif // CONFIG_H
diff --git a/audio/umurmur/patches/patch-src_main_c b/audio/umurmur/patches/patch-src_main_c
index c39bc326120..125aa40d63c 100644
--- a/audio/umurmur/patches/patch-src_main_c
+++ b/audio/umurmur/patches/patch-src_main_c
@@ -1,28 +1,67 @@
-initgroups(3) invalidates the data returned by getgrnam(3) producing
-bogus logs.
-
-Backport of <https://github.com/umurmur/umurmur/pull/183>
-
Index: src/main.c
--- src/main.c.orig
+++ src/main.c
-@@ -149,6 +149,9 @@ static void switch_user(void)
- Log_fatal("Unknown group '%s'", groupname);
+@@ -313,7 +313,7 @@ int main(int argc, char **argv)
+ break;
+ }
+ }
+-
++
+ if (testconfig) {
+ if (!Conf_ok(conffile))
+ exit(1);
+@@ -321,6 +321,8 @@ int main(int argc, char **argv)
+ exit(0);
+ }

- gid = grp->gr_gid;
++ pledge("stdio rpath wpath cpath inet id proc unveil", "");
+
-+ /* initgroups() will invalidate this data */
-+ grp = NULL;
- }
+ /* Initialize the config subsystem early;
+ * switch_user() will need to read some config variables as well as logging.
+ */
+@@ -336,6 +338,28 @@ int main(int argc, char **argv)
+ }
+ else Log_init(true);

- if (initgroups(pwd->pw_name, gid))
-@@ -160,8 +163,7 @@ static void switch_user(void)
- if (setuid(pwd->pw_uid))
- Log_fatal("setuid() failed: %s", strerror(errno));
++ {
++ const char *p;
++
++ if ((p = getStrConf(CERTIFICATE)) != NULL)
++ unveil(p, file_exists(p) ? "r" : "rwc");
++ if ((p = getStrConf(KEY)) != NULL)
++ unveil(p, file_exists(p) ? "r" : "rwc");
++ if ((p = getStrConf(CAPATH)) != NULL)
++ unveil(p, "r");
++ if ((p = getStrConf(LOGFILE)) != NULL)
++ unveil(p, file_exists(p) ? "w" : "wc");
++ if ((p = getStrConf(BANFILE)) != NULL)
++ unveil(p, file_exists(p) ? "rw" : "rwc");
++ if (pidfile)
++ unveil(pidfile, "rwc");
++
++ unveil("/etc/pwd.db", "r");
++ unveil("/etc/group", "r");
++ }
++
++ pledge("stdio rpath wpath cpath inet id", "");
++
+ #ifdef POSIX_PRIORITY_SCHEDULING
+ /* Set the scheduling policy, has to be called after daemonizing
+ * but before we drop privileges */
+@@ -377,12 +401,16 @@ int main(int argc, char **argv)
+ /* SSL and scheduling is setup, we can drop privileges now */
+ switch_user();
+
++ pledge("stdio rpath wpath cpath inet", "");
++
+ if(!nodaemon) {
+ /* Reopen log file. If user switch results in access denied, we catch
+ * it early.
+ */
+ Log_reset();
+ }
++
++ pledge(getStrConf(BANFILE) ? "stdio wpath cpath inet" : "stdio inet", "");

-- if (!grp)
-- grp = getgrgid(gid);
-+ grp = getgrgid(gid);
- if (!grp)
- Log_fatal("getgrgid() failed: %s", strerror(errno));
+ Server_run();

diff --git a/audio/umurmur/patches/patch-src_ssl_h b/audio/umurmur/patches/patch-src_ssl_h
new file mode 100644
index 00000000000..4eb3de01d0c
--- /dev/null
+++ b/audio/umurmur/patches/patch-src_ssl_h
@@ -0,0 +1,12 @@
+Index: src/ssl.h
+--- src/ssl.h.orig
++++ src/ssl.h
+@@ -101,6 +101,8 @@ typedef gnutls_session_t SSL_handle_t;
+
+ typedef SSL SSL_handle_t;
+
++bool_t file_exists(const char *);
++
+ #endif
+
+ void SSLi_init(void);
diff --git a/audio/umurmur/patches/patch-src_ssli_openssl_c b/audio/umurmur/patches/patch-src_ssli_openssl_c
new file mode 100644
index 00000000000..f42abbf4ff7
--- /dev/null
+++ b/audio/umurmur/patches/patch-src_ssli_openssl_c
@@ -0,0 +1,12 @@
+Index: src/ssli_openssl.c
+--- src/ssli_openssl.c.orig
++++ src/ssli_openssl.c
+@@ -206,7 +206,7 @@ err_out:
+ return NULL;
+ }
+
+-static bool_t file_exists(const char *filename)
++bool_t file_exists(const char *filename)
+ {
+ return (access(filename, F_OK) == 0);
+ }
diff --git a/audio/umurmur/patches/patch-src_version_h b/audio/umurmur/patches/patch-src_version_h
new file mode 100644
index 00000000000..212b289008b
--- /dev/null
+++ b/audio/umurmur/patches/patch-src_version_h
@@ -0,0 +1,12 @@
+Index: src/version.h
+--- src/version.h.orig
++++ src/version.h
+@@ -1,7 +1,7 @@
+ #ifndef VERSION_H_989876
+ #define VERSION_H_989876
+
+-#define UMURMUR_VERSION "0.3.0"
++#define UMURMUR_VERSION "0.3.1-OpenBSD"
+ #define UMURMUR_CODENAME "Loopy"
+
+ #endif
diff --git a/audio/umurmur/patches/patch-umurmur_conf_example b/audio/umurmur/patches/patch-umurmur_conf_example
index 7fcbcd0c4eb..e54b959e686 100644
--- a/audio/umurmur/patches/patch-umurmur_conf_example
+++ b/audio/umurmur/patches/patch-umurmur_conf_example
@@ -14,7 +14,7 @@ Index: umurmur.conf.example
@@ -18,9 +18,9 @@ max_users = 10;

# username and groupname for privilege dropping.
- # Will attempt to switch user if set.
+ # Will attempt to switch user if set.
-# username = "";
+username = "_umurmur";
# If groupname not set the user's default login group will be used
diff --git a/audio/umurmur/pkg/umurmurd.rc b/audio/umurmur/pkg/umurmurd.rc
index 5e36e9b7d30..f77bc746dfa 100644
--- a/audio/umurmur/pkg/umurmurd.rc
+++ b/audio/umurmur/pkg/umurmurd.rc
@@ -4,6 +4,10 @@ daemon="${TRUEPREFIX}/sbin/umurmurd"

. /etc/rc.d/rc.subr

+rc_configtest() {
+ rc_exec "${daemon} -t ${daemon_flags}"
+}
+
rc_reload=NO

rc_cmd $1
Hello ports@,

I was pleasantly surprised to see that there was an umurmur port for
OpenBSD - albeit being out of date - so I opt for picking it up.

This diff bumps umurmur to 0.3.1 which integrates some of the previously
applied patches regarding strlcpy/snprintf and whatnot.

Still, it is a long-running network deamon, in C, so for peace of mind,
I think it is worth it for it to be calling pledge and unveil. I tried
to be smart about it and am thankful for any review or tests.

It works on my machine :)

ok?

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)