From 580ca581cbeb01b88bdf51867d20d1dab179dca1 Mon Sep 17 00:00:00 2001 From: Sven Lankes Date: Nov 01 2009 18:46:32 +0000 Subject: - Add debian patches - Add tmux group for improved socket handling --- diff --git a/tmux-1.0-02_fix_wrong_location.diff b/tmux-1.0-02_fix_wrong_location.diff new file mode 100644 index 0000000..ac458a3 --- /dev/null +++ b/tmux-1.0-02_fix_wrong_location.diff @@ -0,0 +1,59 @@ +# correct directory /usr/local +--- a/GNUmakefile ++++ b/GNUmakefile +@@ -8,7 +8,7 @@ + + CC?= gcc + CFLAGS+= -DBUILD="\"$(VERSION)\"" +-LDFLAGS+= -L/usr/local/lib ++LDFLAGS+= -L/usr/lib + LIBS+= + + ifdef FDEBUG +@@ -30,7 +30,7 @@ + endif + endif + +-PREFIX?= /usr/local ++PREFIX?= /usr/ + INSTALLDIR= install -d + INSTALLBIN= install -g bin -o root -m 555 + INSTALLMAN= install -g bin -o root -m 444 +@@ -59,7 +59,7 @@ + install: all + $(INSTALLDIR) $(DESTDIR)$(PREFIX)/bin + $(INSTALLBIN) tmux $(DESTDIR)$(PREFIX)/bin/tmux +- $(INSTALLDIR) $(DESTDIR)$(PREFIX)/man/man1 +- $(INSTALLMAN) tmux.1 $(DESTDIR)$(PREFIX)/man/man1/tmux.1 ++ $(INSTALLDIR) $(DESTDIR)$(PREFIX)share/man/man1 ++ $(INSTALLMAN) tmux.1 $(DESTDIR)$(PREFIX)share/man/man1/tmux.1 + + -include .depend +--- a/Makefile ++++ b/Makefile +@@ -9,7 +9,7 @@ + + CC?= cc + CFLAGS+= -DBUILD="\"$(VERSION)\"" +-LDFLAGS+= -L/usr/local/lib ++LDFLAGS+= -L/usr/lib + LIBS+= + + .ifdef FDEBUG +@@ -32,7 +32,7 @@ + .endif + .endif + +-PREFIX?= /usr/local ++PREFIX?= /usr + INSTALLDIR= install -d + INSTALLBIN= install -g bin -o root -m 555 + INSTALLMAN= install -g bin -o root -m 444 +@@ -64,5 +64,5 @@ + install: all + ${INSTALLDIR} ${DESTDIR}${PREFIX}/bin + ${INSTALLBIN} tmux ${DESTDIR}${PREFIX}/bin/ +- ${INSTALLDIR} ${DESTDIR}${PREFIX}/man/man1 +- ${INSTALLMAN} tmux.1 ${DESTDIR}${PREFIX}/man/man1/ ++ ${INSTALLDIR} ${DESTDIR}${PREFIX}/share/man/man1 ++ ${INSTALLMAN} tmux.1 ${DESTDIR}${PREFIX}/share/man/man1/ diff --git a/tmux-1.0-03_proper_socket_handling.diff b/tmux-1.0-03_proper_socket_handling.diff new file mode 100644 index 0000000..e380b7a --- /dev/null +++ b/tmux-1.0-03_proper_socket_handling.diff @@ -0,0 +1,45 @@ +# setting /usr/bin/tmux with sgid and proper location of socket +--- a/GNUmakefile ++++ b/GNUmakefile +@@ -32,7 +32,7 @@ + + PREFIX?= /usr/ + INSTALLDIR= install -d +-INSTALLBIN= install -g bin -o root -m 555 ++INSTALLBIN= install -g utmp -o root -m 2755 + INSTALLMAN= install -g bin -o root -m 444 + + SRCS= $(shell echo *.c|sed 's|osdep-[a-z0-9]*.c||g') +--- a/Makefile ++++ b/Makefile +@@ -34,7 +34,7 @@ + + PREFIX?= /usr + INSTALLDIR= install -d +-INSTALLBIN= install -g bin -o root -m 555 ++INSTALLBIN= install -g utmp -o root -m 2755 + INSTALLMAN= install -g bin -o root -m 444 + + SRCS!= echo *.c|sed 's|osdep-[a-z0-9]*.c||g' +--- a/compat.h ++++ b/compat.h +@@ -25,7 +25,7 @@ + + #ifndef HAVE_PATHS_H + #define _PATH_BSHELL "/bin/sh" +-#define _PATH_TMP "/tmp/" ++#define _PATH_VARRUN "/var/run/" + #define _PATH_DEVNULL "/dev/null" + #define _PATH_TTY "/dev/tty" + #define _PATH_DEV "/dev/" +--- a/tmux.c ++++ b/tmux.c +@@ -239,7 +239,7 @@ + u_int uid; + + uid = getuid(); +- xsnprintf(base, MAXPATHLEN, "%s/tmux-%d", _PATH_TMP, uid); ++ xsnprintf(base, MAXPATHLEN, "%s/%s/%s-%d", _PATH_VARRUN, __progname, __progname, uid); + + if (mkdir(base, S_IRWXU) != 0 && errno != EEXIST) + return (NULL); diff --git a/tmux-1.0-04_dropping_unnecessary_privileges.diff b/tmux-1.0-04_dropping_unnecessary_privileges.diff new file mode 100644 index 0000000..cc34c96 --- /dev/null +++ b/tmux-1.0-04_dropping_unnecessary_privileges.diff @@ -0,0 +1,26 @@ +# using setresgid() for safely dropping utmp group membership. +--- a/tmux.c ++++ b/tmux.c +@@ -236,9 +236,11 @@ + { + char base[MAXPATHLEN], *path; + struct stat sb; +- u_int uid; ++ u_int uid,gid; + + uid = getuid(); ++ gid = getgid(); ++ + xsnprintf(base, MAXPATHLEN, "%s/%s/%s-%d", _PATH_VARRUN, __progname, __progname, uid); + + if (mkdir(base, S_IRWXU) != 0 && errno != EEXIST) +@@ -254,6 +256,9 @@ + errno = EACCES; + return (NULL); + } ++ /* drop unnecessary privileges */ ++ if (setresgid(gid, gid, gid) != 0) ++ return (NULL); + + xasprintf(&path, "%s/%s", base, label); + return (path); diff --git a/tmux-1.0-06_hardening_write_return.diff b/tmux-1.0-06_hardening_write_return.diff new file mode 100644 index 0000000..bbd753c --- /dev/null +++ b/tmux-1.0-06_hardening_write_return.diff @@ -0,0 +1,56 @@ +# Harden write and chdir because of ignored return value +--- a/tty.c ++++ b/tty.c +@@ -336,7 +336,8 @@ + void + tty_raw(struct tty *tty, const char *s) + { +- write(tty->fd, s, strlen(s)); ++ if (write(tty->fd, s, strlen(s)) == -1) ++ fatal("write failed"); + } + + void +@@ -369,7 +370,8 @@ + buffer_write(tty->out, s, strlen(s)); + + if (tty->log_fd != -1) +- write(tty->log_fd, s, strlen(s)); ++ if (write(tty->log_fd, s, strlen(s)) == -1) ++ fatal("write failed"); + } + + void +@@ -394,7 +396,8 @@ + } + + if (tty->log_fd != -1) +- write(tty->log_fd, &ch, 1); ++ if (write(tty->log_fd, &ch, 1) == -1) ++ fatal("write failed"); + } + + void +@@ -407,7 +410,8 @@ + break; + buffer_write8(tty->out, gu->data[i]); + if (tty->log_fd != -1) +- write(tty->log_fd, &gu->data[i], 1); ++ if (write(tty->log_fd, &gu->data[i], 1) == -1) ++ fatal("write failed"); + } + + width = utf8_width(gu->data); +--- a/window.c ++++ b/window.c +@@ -490,7 +490,9 @@ + return (-1); + case 0: + if (chdir(wp->cwd) != 0) +- chdir("/"); ++ if (chdir("/") <0 ) ++ fatal("chdir failed"); ++ + + if (tcgetattr(STDIN_FILENO, &tio2) != 0) + fatal("tcgetattr failed"); diff --git a/tmux-1.0-fixmanpagedir.patch b/tmux-1.0-fixmanpagedir.patch deleted file mode 100644 index 48fc68d..0000000 --- a/tmux-1.0-fixmanpagedir.patch +++ /dev/null @@ -1,22 +0,0 @@ -diff --git a/GNUmakefile b/GNUmakefile -index 5528a9f..96e7088 100644 ---- a/GNUmakefile -+++ b/GNUmakefile -@@ -31,6 +31,7 @@ endif - endif - - PREFIX?= /usr/local -+MANDIR?= ${PREFIX}/man - INSTALLDIR= install -d - INSTALLBIN= install -g bin -o root -m 555 - INSTALLMAN= install -g bin -o root -m 444 -@@ -59,7 +60,7 @@ clean-all: clean clean-depend - install: all - $(INSTALLDIR) $(DESTDIR)$(PREFIX)/bin - $(INSTALLBIN) tmux $(DESTDIR)$(PREFIX)/bin/tmux -- $(INSTALLDIR) $(DESTDIR)$(PREFIX)/man/man1 -- $(INSTALLMAN) tmux.1 $(DESTDIR)$(PREFIX)/man/man1/tmux.1 -+ $(INSTALLDIR) $(DESTDIR)$(MANDIR)/man1 -+ $(INSTALLMAN) tmux.1 $(DESTDIR)$(MANDIR)/man1/tmux.1 - - -include .depend diff --git a/tmux.spec b/tmux.spec index 441c9b0..d240c68 100644 --- a/tmux.spec +++ b/tmux.spec @@ -1,6 +1,6 @@ Name: tmux Version: 1.0 -Release: 1%{?dist} +Release: 2%{?dist} Summary: A terminal multiplexer Group: Applications/System @@ -8,10 +8,15 @@ Group: Applications/System # 3 clause BSD licensed. License: ISC and BSD URL: http://sourceforge.net/projects/tmux +Requires(pre): /usr/sbin/groupadd +Requires(preun): /usr/sbin/groupdel Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz # This first patch creates MANDIR in the GNUmakefile. This has been sent # upstream via email but upstream replied and said would not change. -Patch0: tmux-1.0-fixmanpagedir.patch +Patch0: tmux-1.0-02_fix_wrong_location.diff +Patch1: tmux-1.0-03_proper_socket_handling.diff +Patch2: tmux-1.0-04_dropping_unnecessary_privileges.diff +Patch3: tmux-1.0-06_hardening_write_return.diff BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: ncurses-devel @@ -24,7 +29,10 @@ as GNU Screen. %prep %setup -q -%patch0 -p1 -b .fixmanpagedir +%patch0 -p1 -b .location +%patch1 -p1 -b .sockethandling +%patch2 -p1 -b .dropprivs +%patch3 -p1 -b .writehard %build %configure @@ -32,18 +40,32 @@ make %{?_smp_mflags} LDFLAGS="%{optflags}" %install rm -rf %{buildroot} -make install PREFIX=%{_prefix} MANDIR=%{_mandir} DESTDIR=%{buildroot} INSTALLBIN="install -p -m 755" INSTALLMAN="install -p -m 644" +make install DESTDIR=%{buildroot} INSTALLBIN="install -p -m 755" INSTALLMAN="install -p -m 644" + +# Create the socket dir +mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/run/%{name} %clean rm -rf %{buildroot} +%pre +%{_sbindir}/groupadd -r tmux &>/dev/null || : + +%postun +%{_sbindir}/groupdel tmux || : + %files %defattr(-,root,root,-) %doc CHANGES FAQ NOTES TODO examples/ -%{_bindir}/tmux -%{_mandir}/man1/tmux.1.gz +%attr(2755,root,tmux) %{_bindir}/tmux +%{_mandir}/man1/tmux.1.* +%attr(775,root,tmux) %{_localstatedir}/run/tmux %changelog +* Sun Nov 01 2009 Sven Lankes 1.0-2 +- Add debian patches +- Add tmux group for improved socket handling + * Sat Oct 24 2009 Sven Lankes 1.0-1 - New upstream release