diff --git a/tmux-1.0-02_fix_wrong_location.diff b/tmux-1.0-02_fix_wrong_location.diff
new file mode 100644
index 0000000..ac458a3
--- /dev/null
+++ b/tmux-1.0-02_fix_wrong_location.diff
@@ -0,0 +1,59 @@
+# correct directory /usr/local
+--- a/GNUmakefile
++++ b/GNUmakefile
+@@ -8,7 +8,7 @@
+
+ CC?= gcc
+ CFLAGS+= -DBUILD="\"$(VERSION)\""
+-LDFLAGS+= -L/usr/local/lib
++LDFLAGS+= -L/usr/lib
+ LIBS+=
+
+ ifdef FDEBUG
+@@ -30,7 +30,7 @@
+ endif
+ endif
+
+-PREFIX?= /usr/local
++PREFIX?= /usr/
+ INSTALLDIR= install -d
+ INSTALLBIN= install -g bin -o root -m 555
+ INSTALLMAN= install -g bin -o root -m 444
+@@ -59,7 +59,7 @@
+ install: all
+ $(INSTALLDIR) $(DESTDIR)$(PREFIX)/bin
+ $(INSTALLBIN) tmux $(DESTDIR)$(PREFIX)/bin/tmux
+- $(INSTALLDIR) $(DESTDIR)$(PREFIX)/man/man1
+- $(INSTALLMAN) tmux.1 $(DESTDIR)$(PREFIX)/man/man1/tmux.1
++ $(INSTALLDIR) $(DESTDIR)$(PREFIX)share/man/man1
++ $(INSTALLMAN) tmux.1 $(DESTDIR)$(PREFIX)share/man/man1/tmux.1
+
+ -include .depend
+--- a/Makefile
++++ b/Makefile
+@@ -9,7 +9,7 @@
+
+ CC?= cc
+ CFLAGS+= -DBUILD="\"$(VERSION)\""
+-LDFLAGS+= -L/usr/local/lib
++LDFLAGS+= -L/usr/lib
+ LIBS+=
+
+ .ifdef FDEBUG
+@@ -32,7 +32,7 @@
+ .endif
+ .endif
+
+-PREFIX?= /usr/local
++PREFIX?= /usr
+ INSTALLDIR= install -d
+ INSTALLBIN= install -g bin -o root -m 555
+ INSTALLMAN= install -g bin -o root -m 444
+@@ -64,5 +64,5 @@
+ install: all
+ ${INSTALLDIR} ${DESTDIR}${PREFIX}/bin
+ ${INSTALLBIN} tmux ${DESTDIR}${PREFIX}/bin/
+- ${INSTALLDIR} ${DESTDIR}${PREFIX}/man/man1
+- ${INSTALLMAN} tmux.1 ${DESTDIR}${PREFIX}/man/man1/
++ ${INSTALLDIR} ${DESTDIR}${PREFIX}/share/man/man1
++ ${INSTALLMAN} tmux.1 ${DESTDIR}${PREFIX}/share/man/man1/
diff --git a/tmux-1.0-03_proper_socket_handling.diff b/tmux-1.0-03_proper_socket_handling.diff
new file mode 100644
index 0000000..e380b7a
--- /dev/null
+++ b/tmux-1.0-03_proper_socket_handling.diff
@@ -0,0 +1,45 @@
+# setting /usr/bin/tmux with sgid and proper location of socket
+--- a/GNUmakefile
++++ b/GNUmakefile
+@@ -32,7 +32,7 @@
+
+ PREFIX?= /usr/
+ INSTALLDIR= install -d
+-INSTALLBIN= install -g bin -o root -m 555
++INSTALLBIN= install -g utmp -o root -m 2755
+ INSTALLMAN= install -g bin -o root -m 444
+
+ SRCS= $(shell echo *.c|sed 's|osdep-[a-z0-9]*.c||g')
+--- a/Makefile
++++ b/Makefile
+@@ -34,7 +34,7 @@
+
+ PREFIX?= /usr
+ INSTALLDIR= install -d
+-INSTALLBIN= install -g bin -o root -m 555
++INSTALLBIN= install -g utmp -o root -m 2755
+ INSTALLMAN= install -g bin -o root -m 444
+
+ SRCS!= echo *.c|sed 's|osdep-[a-z0-9]*.c||g'
+--- a/compat.h
++++ b/compat.h
+@@ -25,7 +25,7 @@
+
+ #ifndef HAVE_PATHS_H
+ #define _PATH_BSHELL "/bin/sh"
+-#define _PATH_TMP "/tmp/"
++#define _PATH_VARRUN "/var/run/"
+ #define _PATH_DEVNULL "/dev/null"
+ #define _PATH_TTY "/dev/tty"
+ #define _PATH_DEV "/dev/"
+--- a/tmux.c
++++ b/tmux.c
+@@ -239,7 +239,7 @@
+ u_int uid;
+
+ uid = getuid();
+- xsnprintf(base, MAXPATHLEN, "%s/tmux-%d", _PATH_TMP, uid);
++ xsnprintf(base, MAXPATHLEN, "%s/%s/%s-%d", _PATH_VARRUN, __progname, __progname, uid);
+
+ if (mkdir(base, S_IRWXU) != 0 && errno != EEXIST)
+ return (NULL);
diff --git a/tmux-1.0-04_dropping_unnecessary_privileges.diff b/tmux-1.0-04_dropping_unnecessary_privileges.diff
new file mode 100644
index 0000000..cc34c96
--- /dev/null
+++ b/tmux-1.0-04_dropping_unnecessary_privileges.diff
@@ -0,0 +1,26 @@
+# using setresgid() for safely dropping utmp group membership.
+--- a/tmux.c
++++ b/tmux.c
+@@ -236,9 +236,11 @@
+ {
+ char base[MAXPATHLEN], *path;
+ struct stat sb;
+- u_int uid;
++ u_int uid,gid;
+
+ uid = getuid();
++ gid = getgid();
++
+ xsnprintf(base, MAXPATHLEN, "%s/%s/%s-%d", _PATH_VARRUN, __progname, __progname, uid);
+
+ if (mkdir(base, S_IRWXU) != 0 && errno != EEXIST)
+@@ -254,6 +256,9 @@
+ errno = EACCES;
+ return (NULL);
+ }
++ /* drop unnecessary privileges */
++ if (setresgid(gid, gid, gid) != 0)
++ return (NULL);
+
+ xasprintf(&path, "%s/%s", base, label);
+ return (path);
diff --git a/tmux-1.0-06_hardening_write_return.diff b/tmux-1.0-06_hardening_write_return.diff
new file mode 100644
index 0000000..bbd753c
--- /dev/null
+++ b/tmux-1.0-06_hardening_write_return.diff
@@ -0,0 +1,56 @@
+# Harden write and chdir because of ignored return value
+--- a/tty.c
++++ b/tty.c
+@@ -336,7 +336,8 @@
+ void
+ tty_raw(struct tty *tty, const char *s)
+ {
+- write(tty->fd, s, strlen(s));
++ if (write(tty->fd, s, strlen(s)) == -1)
++ fatal("write failed");
+ }
+
+ void
+@@ -369,7 +370,8 @@
+ buffer_write(tty->out, s, strlen(s));
+
+ if (tty->log_fd != -1)
+- write(tty->log_fd, s, strlen(s));
++ if (write(tty->log_fd, s, strlen(s)) == -1)
++ fatal("write failed");
+ }
+
+ void
+@@ -394,7 +396,8 @@
+ }
+
+ if (tty->log_fd != -1)
+- write(tty->log_fd, &ch, 1);
++ if (write(tty->log_fd, &ch, 1) == -1)
++ fatal("write failed");
+ }
+
+ void
+@@ -407,7 +410,8 @@
+ break;
+ buffer_write8(tty->out, gu->data[i]);
+ if (tty->log_fd != -1)
+- write(tty->log_fd, &gu->data[i], 1);
++ if (write(tty->log_fd, &gu->data[i], 1) == -1)
++ fatal("write failed");
+ }
+
+ width = utf8_width(gu->data);
+--- a/window.c
++++ b/window.c
+@@ -490,7 +490,9 @@
+ return (-1);
+ case 0:
+ if (chdir(wp->cwd) != 0)
+- chdir("/");
++ if (chdir("/") <0 )
++ fatal("chdir failed");
++
+
+ if (tcgetattr(STDIN_FILENO, &tio2) != 0)
+ fatal("tcgetattr failed");
diff --git a/tmux-1.0-fixmanpagedir.patch b/tmux-1.0-fixmanpagedir.patch
deleted file mode 100644
index 48fc68d..0000000
--- a/tmux-1.0-fixmanpagedir.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-diff --git a/GNUmakefile b/GNUmakefile
-index 5528a9f..96e7088 100644
---- a/GNUmakefile
-+++ b/GNUmakefile
-@@ -31,6 +31,7 @@ endif
- endif
-
- PREFIX?= /usr/local
-+MANDIR?= ${PREFIX}/man
- INSTALLDIR= install -d
- INSTALLBIN= install -g bin -o root -m 555
- INSTALLMAN= install -g bin -o root -m 444
-@@ -59,7 +60,7 @@ clean-all: clean clean-depend
- install: all
- $(INSTALLDIR) $(DESTDIR)$(PREFIX)/bin
- $(INSTALLBIN) tmux $(DESTDIR)$(PREFIX)/bin/tmux
-- $(INSTALLDIR) $(DESTDIR)$(PREFIX)/man/man1
-- $(INSTALLMAN) tmux.1 $(DESTDIR)$(PREFIX)/man/man1/tmux.1
-+ $(INSTALLDIR) $(DESTDIR)$(MANDIR)/man1
-+ $(INSTALLMAN) tmux.1 $(DESTDIR)$(MANDIR)/man1/tmux.1
-
- -include .depend
diff --git a/tmux.spec b/tmux.spec
index 441c9b0..d240c68 100644
--- a/tmux.spec
+++ b/tmux.spec
@@ -1,6 +1,6 @@
Name: tmux
Version: 1.0
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: A terminal multiplexer
Group: Applications/System
@@ -8,10 +8,15 @@ Group: Applications/System
# 3 clause BSD licensed.
License: ISC and BSD
URL: http://sourceforge.net/projects/tmux
+Requires(pre): /usr/sbin/groupadd
+Requires(preun): /usr/sbin/groupdel
Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
# This first patch creates MANDIR in the GNUmakefile. This has been sent
# upstream via email but upstream replied and said would not change.
-Patch0: tmux-1.0-fixmanpagedir.patch
+Patch0: tmux-1.0-02_fix_wrong_location.diff
+Patch1: tmux-1.0-03_proper_socket_handling.diff
+Patch2: tmux-1.0-04_dropping_unnecessary_privileges.diff
+Patch3: tmux-1.0-06_hardening_write_return.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: ncurses-devel
@@ -24,7 +29,10 @@ as GNU Screen.
%prep
%setup -q
-%patch0 -p1 -b .fixmanpagedir
+%patch0 -p1 -b .location
+%patch1 -p1 -b .sockethandling
+%patch2 -p1 -b .dropprivs
+%patch3 -p1 -b .writehard
%build
%configure
@@ -32,18 +40,32 @@ make %{?_smp_mflags} LDFLAGS="%{optflags}"
%install
rm -rf %{buildroot}
-make install PREFIX=%{_prefix} MANDIR=%{_mandir} DESTDIR=%{buildroot} INSTALLBIN="install -p -m 755" INSTALLMAN="install -p -m 644"
+make install DESTDIR=%{buildroot} INSTALLBIN="install -p -m 755" INSTALLMAN="install -p -m 644"
+
+# Create the socket dir
+mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/run/%{name}
%clean
rm -rf %{buildroot}
+%pre
+%{_sbindir}/groupadd -r tmux &>/dev/null || :
+
+%postun
+%{_sbindir}/groupdel tmux || :
+
%files
%defattr(-,root,root,-)
%doc CHANGES FAQ NOTES TODO examples/
-%{_bindir}/tmux
-%{_mandir}/man1/tmux.1.gz
+%attr(2755,root,tmux) %{_bindir}/tmux
+%{_mandir}/man1/tmux.1.*
+%attr(775,root,tmux) %{_localstatedir}/run/tmux
%changelog
+* Sun Nov 01 2009 Sven Lankes <sven@lank.es> 1.0-2
+- Add debian patches
+- Add tmux group for improved socket handling
+
* Sat Oct 24 2009 Sven Lankes <sven@lank.es> 1.0-1
- New upstream release