rpms/tmux/devel tmux-1.0-02_fix_wrong_location.diff, NONE, 1.1 tmux-1.0-03_proper_socket_handling.diff, NONE, 1.1 tmux-1.0-04_dropping_unnecessary_privileges.diff, NONE, 1.1 tmux-1.0-06_hardening_write_return.diff, NONE, 1.1 tmux.spec, 1.1, 1.2 tmux-1.0-fixmanpagedir.patch, 1.1, NONE
Sven Lankes
slankes at fedoraproject.org
Sun Nov 1 18:46:34 UTC 2009
Author: slankes
Update of /cvs/pkgs/rpms/tmux/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv19858
Modified Files:
tmux.spec
Added Files:
tmux-1.0-02_fix_wrong_location.diff
tmux-1.0-03_proper_socket_handling.diff
tmux-1.0-04_dropping_unnecessary_privileges.diff
tmux-1.0-06_hardening_write_return.diff
Removed Files:
tmux-1.0-fixmanpagedir.patch
Log Message:
* Sun Nov 01 2009 Sven Lankes <sven at lank.es> 1.0-2
- Add debian patches
- Add tmux group for improved socket handling
tmux-1.0-02_fix_wrong_location.diff:
GNUmakefile | 8 ++++----
Makefile | 8 ++++----
2 files changed, 8 insertions(+), 8 deletions(-)
--- NEW FILE tmux-1.0-02_fix_wrong_location.diff ---
# correct directory /usr/local
--- a/GNUmakefile
+++ b/GNUmakefile
@@ -8,7 +8,7 @@
CC?= gcc
CFLAGS+= -DBUILD="\"$(VERSION)\""
-LDFLAGS+= -L/usr/local/lib
+LDFLAGS+= -L/usr/lib
LIBS+=
ifdef FDEBUG
@@ -30,7 +30,7 @@
endif
endif
-PREFIX?= /usr/local
+PREFIX?= /usr/
INSTALLDIR= install -d
INSTALLBIN= install -g bin -o root -m 555
INSTALLMAN= install -g bin -o root -m 444
@@ -59,7 +59,7 @@
install: all
$(INSTALLDIR) $(DESTDIR)$(PREFIX)/bin
$(INSTALLBIN) tmux $(DESTDIR)$(PREFIX)/bin/tmux
- $(INSTALLDIR) $(DESTDIR)$(PREFIX)/man/man1
- $(INSTALLMAN) tmux.1 $(DESTDIR)$(PREFIX)/man/man1/tmux.1
+ $(INSTALLDIR) $(DESTDIR)$(PREFIX)share/man/man1
+ $(INSTALLMAN) tmux.1 $(DESTDIR)$(PREFIX)share/man/man1/tmux.1
-include .depend
--- a/Makefile
+++ b/Makefile
@@ -9,7 +9,7 @@
CC?= cc
CFLAGS+= -DBUILD="\"$(VERSION)\""
-LDFLAGS+= -L/usr/local/lib
+LDFLAGS+= -L/usr/lib
LIBS+=
.ifdef FDEBUG
@@ -32,7 +32,7 @@
.endif
.endif
-PREFIX?= /usr/local
+PREFIX?= /usr
INSTALLDIR= install -d
INSTALLBIN= install -g bin -o root -m 555
INSTALLMAN= install -g bin -o root -m 444
@@ -64,5 +64,5 @@
install: all
${INSTALLDIR} ${DESTDIR}${PREFIX}/bin
${INSTALLBIN} tmux ${DESTDIR}${PREFIX}/bin/
- ${INSTALLDIR} ${DESTDIR}${PREFIX}/man/man1
- ${INSTALLMAN} tmux.1 ${DESTDIR}${PREFIX}/man/man1/
+ ${INSTALLDIR} ${DESTDIR}${PREFIX}/share/man/man1
+ ${INSTALLMAN} tmux.1 ${DESTDIR}${PREFIX}/share/man/man1/
tmux-1.0-03_proper_socket_handling.diff:
GNUmakefile | 2 +-
Makefile | 2 +-
compat.h | 2 +-
tmux.c | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
--- NEW FILE tmux-1.0-03_proper_socket_handling.diff ---
# setting /usr/bin/tmux with sgid and proper location of socket
--- a/GNUmakefile
+++ b/GNUmakefile
@@ -32,7 +32,7 @@
PREFIX?= /usr/
INSTALLDIR= install -d
-INSTALLBIN= install -g bin -o root -m 555
+INSTALLBIN= install -g utmp -o root -m 2755
INSTALLMAN= install -g bin -o root -m 444
SRCS= $(shell echo *.c|sed 's|osdep-[a-z0-9]*.c||g')
--- a/Makefile
+++ b/Makefile
@@ -34,7 +34,7 @@
PREFIX?= /usr
INSTALLDIR= install -d
-INSTALLBIN= install -g bin -o root -m 555
+INSTALLBIN= install -g utmp -o root -m 2755
INSTALLMAN= install -g bin -o root -m 444
SRCS!= echo *.c|sed 's|osdep-[a-z0-9]*.c||g'
--- a/compat.h
+++ b/compat.h
@@ -25,7 +25,7 @@
#ifndef HAVE_PATHS_H
#define _PATH_BSHELL "/bin/sh"
-#define _PATH_TMP "/tmp/"
+#define _PATH_VARRUN "/var/run/"
#define _PATH_DEVNULL "/dev/null"
#define _PATH_TTY "/dev/tty"
#define _PATH_DEV "/dev/"
--- a/tmux.c
+++ b/tmux.c
@@ -239,7 +239,7 @@
u_int uid;
uid = getuid();
- xsnprintf(base, MAXPATHLEN, "%s/tmux-%d", _PATH_TMP, uid);
+ xsnprintf(base, MAXPATHLEN, "%s/%s/%s-%d", _PATH_VARRUN, __progname, __progname, uid);
if (mkdir(base, S_IRWXU) != 0 && errno != EEXIST)
return (NULL);
tmux-1.0-04_dropping_unnecessary_privileges.diff:
tmux.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--- NEW FILE tmux-1.0-04_dropping_unnecessary_privileges.diff ---
# using setresgid() for safely dropping utmp group membership.
--- a/tmux.c
+++ b/tmux.c
@@ -236,9 +236,11 @@
{
char base[MAXPATHLEN], *path;
struct stat sb;
- u_int uid;
+ u_int uid,gid;
uid = getuid();
+ gid = getgid();
+
xsnprintf(base, MAXPATHLEN, "%s/%s/%s-%d", _PATH_VARRUN, __progname, __progname, uid);
if (mkdir(base, S_IRWXU) != 0 && errno != EEXIST)
@@ -254,6 +256,9 @@
errno = EACCES;
return (NULL);
}
+ /* drop unnecessary privileges */
+ if (setresgid(gid, gid, gid) != 0)
+ return (NULL);
xasprintf(&path, "%s/%s", base, label);
return (path);
tmux-1.0-06_hardening_write_return.diff:
tty.c | 12 ++++++++----
window.c | 4 +++-
2 files changed, 11 insertions(+), 5 deletions(-)
--- NEW FILE tmux-1.0-06_hardening_write_return.diff ---
# Harden write and chdir because of ignored return value
--- a/tty.c
+++ b/tty.c
@@ -336,7 +336,8 @@
void
tty_raw(struct tty *tty, const char *s)
{
- write(tty->fd, s, strlen(s));
+ if (write(tty->fd, s, strlen(s)) == -1)
+ fatal("write failed");
}
void
@@ -369,7 +370,8 @@
buffer_write(tty->out, s, strlen(s));
if (tty->log_fd != -1)
- write(tty->log_fd, s, strlen(s));
+ if (write(tty->log_fd, s, strlen(s)) == -1)
+ fatal("write failed");
}
void
@@ -394,7 +396,8 @@
}
if (tty->log_fd != -1)
- write(tty->log_fd, &ch, 1);
+ if (write(tty->log_fd, &ch, 1) == -1)
+ fatal("write failed");
}
void
@@ -407,7 +410,8 @@
break;
buffer_write8(tty->out, gu->data[i]);
if (tty->log_fd != -1)
- write(tty->log_fd, &gu->data[i], 1);
+ if (write(tty->log_fd, &gu->data[i], 1) == -1)
+ fatal("write failed");
}
width = utf8_width(gu->data);
--- a/window.c
+++ b/window.c
@@ -490,7 +490,9 @@
return (-1);
case 0:
if (chdir(wp->cwd) != 0)
- chdir("/");
+ if (chdir("/") <0 )
+ fatal("chdir failed");
+
if (tcgetattr(STDIN_FILENO, &tio2) != 0)
fatal("tcgetattr failed");
Index: tmux.spec
===================================================================
RCS file: /cvs/pkgs/rpms/tmux/devel/tmux.spec,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- tmux.spec 1 Nov 2009 17:36:46 -0000 1.1
+++ tmux.spec 1 Nov 2009 18:46:32 -0000 1.2
@@ -1,6 +1,6 @@
Name: tmux
Version: 1.0
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: A terminal multiplexer
Group: Applications/System
@@ -8,10 +8,15 @@ Group: Applications/System
# 3 clause BSD licensed.
License: ISC and BSD
URL: http://sourceforge.net/projects/tmux
+Requires(pre): /usr/sbin/groupadd
+Requires(preun): /usr/sbin/groupdel
Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
# This first patch creates MANDIR in the GNUmakefile. This has been sent
# upstream via email but upstream replied and said would not change.
-Patch0: tmux-1.0-fixmanpagedir.patch
+Patch0: tmux-1.0-02_fix_wrong_location.diff
+Patch1: tmux-1.0-03_proper_socket_handling.diff
+Patch2: tmux-1.0-04_dropping_unnecessary_privileges.diff
+Patch3: tmux-1.0-06_hardening_write_return.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: ncurses-devel
@@ -24,7 +29,10 @@ as GNU Screen.
%prep
%setup -q
-%patch0 -p1 -b .fixmanpagedir
+%patch0 -p1 -b .location
+%patch1 -p1 -b .sockethandling
+%patch2 -p1 -b .dropprivs
+%patch3 -p1 -b .writehard
%build
%configure
@@ -32,18 +40,32 @@ make %{?_smp_mflags} LDFLAGS="%{optflags
%install
rm -rf %{buildroot}
-make install PREFIX=%{_prefix} MANDIR=%{_mandir} DESTDIR=%{buildroot} INSTALLBIN="install -p -m 755" INSTALLMAN="install -p -m 644"
+make install DESTDIR=%{buildroot} INSTALLBIN="install -p -m 755" INSTALLMAN="install -p -m 644"
+
+# Create the socket dir
+mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/run/%{name}
%clean
rm -rf %{buildroot}
+%pre
+%{_sbindir}/groupadd -r tmux &>/dev/null || :
+
+%postun
+%{_sbindir}/groupdel tmux || :
+
%files
%defattr(-,root,root,-)
%doc CHANGES FAQ NOTES TODO examples/
-%{_bindir}/tmux
-%{_mandir}/man1/tmux.1.gz
+%attr(2755,root,tmux) %{_bindir}/tmux
+%{_mandir}/man1/tmux.1.*
+%attr(775,root,tmux) %{_localstatedir}/run/tmux
%changelog
+* Sun Nov 01 2009 Sven Lankes <sven at lank.es> 1.0-2
+- Add debian patches
+- Add tmux group for improved socket handling
+
* Sat Oct 24 2009 Sven Lankes <sven at lank.es> 1.0-1
- New upstream release
--- tmux-1.0-fixmanpagedir.patch DELETED ---
More information about the fedora-extras-commits
mailing list