diff --git a/sources b/sources index e69de29..0053d49 100644 --- a/sources +++ b/sources @@ -0,0 +1 @@ +faf2fc52ac3ae63d899f6fece2c112cd tmux-1.1.tar.gz diff --git a/tmux-1.0-02_fix_wrong_location.diff b/tmux-1.0-02_fix_wrong_location.diff new file mode 100644 index 0000000..4d72c24 --- /dev/null +++ b/tmux-1.0-02_fix_wrong_location.diff @@ -0,0 +1,62 @@ +diff --git a/GNUmakefile b/GNUmakefile +index f8f1911..5e7b6f3 100644 +--- a/GNUmakefile ++++ b/GNUmakefile +@@ -23,7 +23,7 @@ VERSION= 1.1 + + CC?= cc + CFLAGS+= -DBUILD="\"$(VERSION)\"" +-LDFLAGS+= -L/usr/local/lib ++LDFLAGS+= -L/usr/lib + LIBS+= + + # Sun CC +@@ -51,7 +51,7 @@ CFLAGS+= -Wno-pointer-sign + endif + endif + +-PREFIX?= /usr/local ++PREFIX?= /usr + INSTALLDIR= install -d + INSTALLBIN= install -g bin -o root -m 555 + INSTALLMAN= install -g bin -o root -m 444 +@@ -80,7 +80,7 @@ clean-all: clean clean-depend + install: all + $(INSTALLDIR) $(DESTDIR)$(PREFIX)/bin + $(INSTALLBIN) tmux $(DESTDIR)$(PREFIX)/bin/tmux +- $(INSTALLDIR) $(DESTDIR)$(PREFIX)/man/man1 +- $(INSTALLMAN) tmux.1 $(DESTDIR)$(PREFIX)/man/man1/tmux.1 ++ $(INSTALLDIR) $(DESTDIR)$(PREFIX)/share/man/man1 ++ $(INSTALLMAN) tmux.1 $(DESTDIR)$(PREFIX)/share/man/man1/tmux.1 + + -include .depend +diff --git a/Makefile b/Makefile +index f713677..c5b1ece 100644 +--- a/Makefile ++++ b/Makefile +@@ -24,7 +24,7 @@ VERSION= 1.1 + + CC?= cc + CFLAGS+= -DBUILD="\"$(VERSION)\"" +-LDFLAGS+= -L/usr/local/lib ++LDFLAGS+= -L/usr/lib + LIBS+= + + .ifdef FDEBUG +@@ -47,7 +47,7 @@ CFLAGS+= -Wno-pointer-sign + .endif + .endif + +-PREFIX?= /usr/local ++PREFIX?= /usr + INSTALLDIR= install -d + INSTALLBIN= install -g bin -o root -m 555 + INSTALLMAN= install -g bin -o root -m 444 +@@ -79,5 +79,5 @@ clean-all: clean clean-depend + install: all + ${INSTALLDIR} ${DESTDIR}${PREFIX}/bin + ${INSTALLBIN} tmux ${DESTDIR}${PREFIX}/bin/ +- ${INSTALLDIR} ${DESTDIR}${PREFIX}/man/man1 +- ${INSTALLMAN} tmux.1 ${DESTDIR}${PREFIX}/man/man1/ ++ ${INSTALLDIR} ${DESTDIR}${PREFIX}/share/man/man1 ++ ${INSTALLMAN} tmux.1 ${DESTDIR}${PREFIX}/share/man/man1/ diff --git a/tmux-1.0-03_proper_socket_handling.diff b/tmux-1.0-03_proper_socket_handling.diff new file mode 100644 index 0000000..ff07806 --- /dev/null +++ b/tmux-1.0-03_proper_socket_handling.diff @@ -0,0 +1,51 @@ +diff --git a/GNUmakefile b/GNUmakefile +index 5e7b6f3..c11120e 100644 +--- a/GNUmakefile ++++ b/GNUmakefile +@@ -53,7 +53,7 @@ endif + + PREFIX?= /usr + INSTALLDIR= install -d +-INSTALLBIN= install -g bin -o root -m 555 ++INSTALLBIN= install -g tmux -o root -m 2755 + INSTALLMAN= install -g bin -o root -m 444 + + SRCS= $(shell echo *.c|sed 's|osdep-[a-z0-9]*.c||g') +diff --git a/Makefile b/Makefile +index c5b1ece..9cb822a 100644 +--- a/Makefile ++++ b/Makefile +@@ -49,7 +49,7 @@ CFLAGS+= -Wno-pointer-sign + + PREFIX?= /usr + INSTALLDIR= install -d +-INSTALLBIN= install -g bin -o root -m 555 ++INSTALLBIN= install -g tmux -o root -m 2755 + INSTALLMAN= install -g bin -o root -m 444 + + SRCS!= echo *.c|sed 's|osdep-[a-z0-9]*.c||g' +diff --git a/compat.h b/compat.h +index 68fde0a..d63e7d3 100644 +--- a/compat.h ++++ b/compat.h +@@ -26,6 +26,7 @@ typedef uint64_t u_int64_t; + #ifndef HAVE_PATHS_H + #define _PATH_BSHELL "/bin/sh" + #define _PATH_TMP "/tmp/" ++#define _PATH_VARRUN "/var/run/" + #define _PATH_DEVNULL "/dev/null" + #define _PATH_TTY "/dev/tty" + #define _PATH_DEV "/dev/" +diff --git a/tmux.c b/tmux.c +index b590ec1..8c07180 100644 +--- a/tmux.c ++++ b/tmux.c +@@ -264,7 +264,7 @@ makesockpath(const char *label) + u_int uid; + + uid = getuid(); +- xsnprintf(base, MAXPATHLEN, "%s/tmux-%d", _PATH_TMP, uid); ++ xsnprintf(base, MAXPATHLEN, "%s/%s/%s-%d", _PATH_VARRUN, __progname, __progname, uid); + + if (mkdir(base, S_IRWXU) != 0 && errno != EEXIST) + return (NULL); diff --git a/tmux-1.0-04_dropping_unnecessary_privileges.diff b/tmux-1.0-04_dropping_unnecessary_privileges.diff new file mode 100644 index 0000000..cc34c96 --- /dev/null +++ b/tmux-1.0-04_dropping_unnecessary_privileges.diff @@ -0,0 +1,26 @@ +# using setresgid() for safely dropping utmp group membership. +--- a/tmux.c ++++ b/tmux.c +@@ -236,9 +236,11 @@ + { + char base[MAXPATHLEN], *path; + struct stat sb; +- u_int uid; ++ u_int uid,gid; + + uid = getuid(); ++ gid = getgid(); ++ + xsnprintf(base, MAXPATHLEN, "%s/%s/%s-%d", _PATH_VARRUN, __progname, __progname, uid); + + if (mkdir(base, S_IRWXU) != 0 && errno != EEXIST) +@@ -254,6 +256,9 @@ + errno = EACCES; + return (NULL); + } ++ /* drop unnecessary privileges */ ++ if (setresgid(gid, gid, gid) != 0) ++ return (NULL); + + xasprintf(&path, "%s/%s", base, label); + return (path); diff --git a/tmux-1.0-06_hardening_write_return.diff b/tmux-1.0-06_hardening_write_return.diff new file mode 100644 index 0000000..74de4e6 --- /dev/null +++ b/tmux-1.0-06_hardening_write_return.diff @@ -0,0 +1,61 @@ +diff --git a/tty.c b/tty.c +index 9d30ed9..2535bf3 100644 +--- a/tty.c ++++ b/tty.c +@@ -283,7 +283,8 @@ tty_free(struct tty *tty) + void + tty_raw(struct tty *tty, const char *s) + { +- write(tty->fd, s, strlen(s)); ++ if (write(tty->fd, s, strlen(s)) == -1) ++ fatal("write failed"); + } + + void +@@ -316,7 +317,9 @@ tty_puts(struct tty *tty, const char *s) + buffer_write(tty->out, s, strlen(s)); + + if (tty->log_fd != -1) +- write(tty->log_fd, s, strlen(s)); ++ if (write(tty->log_fd, s, strlen(s)) == -1) ++ fatal("write failed"); ++ + } + + void +@@ -342,7 +345,8 @@ tty_putc(struct tty *tty, u_char ch) + } + + if (tty->log_fd != -1) +- write(tty->log_fd, &ch, 1); ++ if (write(tty->log_fd, &ch, 1) == -1) ++ fatal("write failed"); + } + + void +@@ -355,7 +359,9 @@ tty_pututf8(struct tty *tty, const struct grid_utf8 *gu) + break; + buffer_write8(tty->out, gu->data[i]); + if (tty->log_fd != -1) +- write(tty->log_fd, &gu->data[i], 1); ++ if (write(tty->log_fd, &gu->data[i], 1) == -1) ++ fatal("write failed"); ++ + } + + tty->cx += gu->width; +diff --git a/window.c b/window.c +index f4be17d..318d2e9 100644 +--- a/window.c ++++ b/window.c +@@ -516,7 +516,9 @@ window_pane_spawn(struct window_pane *wp, const char *cmd, const char *shell, + return (-1); + case 0: + if (chdir(wp->cwd) != 0) +- chdir("/"); ++ if (chdir("/") <0) ++ fatal("chdir failed"); ++ + + if (tcgetattr(STDIN_FILENO, &tio2) != 0) + fatal("tcgetattr failed"); diff --git a/tmux.spec b/tmux.spec new file mode 100644 index 0000000..a44858a --- /dev/null +++ b/tmux.spec @@ -0,0 +1,98 @@ +Name: tmux +Version: 1.1 +Release: 1%{?dist} +Summary: A terminal multiplexer + +Group: Applications/System +# Most of the source is ISC licensed; some of the files in compat/ are 2 and +# 3 clause BSD licensed. +License: ISC and BSD +URL: http://sourceforge.net/projects/tmux +Requires(pre): shadow-utils +Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz +# This first patch creates MANDIR in the GNUmakefile. This has been sent +# upstream via email but upstream replied and said would not change. +Patch0: tmux-1.0-02_fix_wrong_location.diff +Patch1: tmux-1.0-03_proper_socket_handling.diff +Patch2: tmux-1.0-04_dropping_unnecessary_privileges.diff +Patch3: tmux-1.0-06_hardening_write_return.diff +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) + +BuildRequires: ncurses-devel + +%description +tmux is a "terminal multiplexer." It enables a number of terminals (or +windows) to be accessed and controlled from a single terminal. tmux is +intended to be a simple, modern, BSD-licensed alternative to programs such +as GNU Screen. + +%prep +%setup -q +%patch0 -p1 -b .location +%patch1 -p1 -b .sockethandling +%patch2 -p1 -b .dropprivs +%patch3 -p1 -b .writehard + +%build +%configure +make %{?_smp_mflags} LDFLAGS="%{optflags}" + +%install +rm -rf %{buildroot} +make install DESTDIR=%{buildroot} INSTALLBIN="install -p -m 755" INSTALLMAN="install -p -m 644" + +# Create the socket dir +mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/run/%{name} + +%clean +rm -rf %{buildroot} + +%pre +getent group tmux >/dev/null || groupadd -r tmux + +%files +%defattr(-,root,root,-) +%doc CHANGES FAQ NOTES TODO examples/ +%attr(2755,root,tmux) %{_bindir}/tmux +%{_mandir}/man1/tmux.1.* +%attr(775,root,tmux) %{_localstatedir}/run/tmux + +%changelog +* Mon Nov 09 2009 Sven Lankes 1.1-1 +- New upstream release + +* Sun Nov 01 2009 Sven Lankes 1.0-2 +- Add debian patches +- Add tmux group for improved socket handling + +* Sat Oct 24 2009 Sven Lankes 1.0-1 +- New upstream release + +* Mon Jul 13 2009 Chess Griffin 0.9-1 +- Update to version 0.9. +- Remove sed invocation as this was adopted upstream. +- Remove optflags patch since upstream source now uses ./configure and + detects the flags when passed to make. + +* Tue Jun 23 2009 Chess Griffin 0.8-5 +- Note that souce is mostly ISC licensed with some 2 and 3 clause BSD in + compat/. +- Remove fixiquote.patch and instead use a sed invocation in setup. + +* Mon Jun 22 2009 Chess Griffin 0.8-4 +- Add optimization flags by patching GNUmakefile and passing LDFLAGS + to make command. +- Use consistent macro format. +- Change examples/* to examples/ and add TODO to docs. + +* Sun Jun 21 2009 Chess Griffin 0.8-3 +- Remove fixperms.patch and instead pass them at make install stage. + +* Sat Jun 20 2009 Chess Griffin 0.8-2 +- Fix Source0 URL to point to correct upstream source. +- Modify fixperms.patch to set 644 permissions on the tmux.1.gz man page. +- Remove wildcards from 'files' section and replace with specific paths and + filenames. + +* Mon Jun 15 2009 Chess Griffin 0.8-1 +- Initial RPM release.