[svn] r9812 - in /trunk/rpms/tmux: tmux-1.0-02_fix_wrong_location.diff tmux-1.0-03_proper_socket_handling.diff tmux-1.0-04_dropping_unnecessary_privileges.diff tmux-1.2-writehard.patch tmux.spec

David Hrbac hrbac.conf at seznam.cz
Mon Apr 11 09:48:56 CEST 2011


Author: david
Date: Mon Apr 11 08:48:56 2011
New Revision: 9812

URL: http://svn.rpmforge.net/viewvc/rpmforge?rev=9812&view=rev
Log:
tmux-1.4-2, patches, CVE-2011-1496

Added:
    trunk/rpms/tmux/tmux-1.0-02_fix_wrong_location.diff
    trunk/rpms/tmux/tmux-1.0-03_proper_socket_handling.diff
    trunk/rpms/tmux/tmux-1.0-04_dropping_unnecessary_privileges.diff
    trunk/rpms/tmux/tmux-1.2-writehard.patch
Modified:
    trunk/rpms/tmux/tmux.spec

Added: trunk/rpms/tmux/tmux-1.0-02_fix_wrong_location.diff
URL: http://svn.rpmforge.net/viewvc/rpmforge/trunk/rpms/tmux/tmux-1.0-02_fix_wrong_location.diff?rev=9812&view=markup
==============================================================================
--- trunk/rpms/tmux/tmux-1.0-02_fix_wrong_location.diff (added)
+++ trunk/rpms/tmux/tmux-1.0-02_fix_wrong_location.diff Mon Apr 11 08:48:56 2011
@@ -1,0 +1,59 @@
+# correct directory /usr/local 
+--- a/GNUmakefile
++++ b/GNUmakefile
+@@ -23,7 +23,7 @@
+ 
+ CC?= cc
+ CFLAGS+= -DBUILD="\"$(VERSION)\""
+-LDFLAGS+= -L/usr/local/lib
++LDFLAGS+= -L/usr/lib
+ LIBS+=
+ 
+ # Sun CC 
+@@ -51,7 +51,7 @@
+ endif
+ endif
+ 
+-PREFIX?= /usr/local
++PREFIX?= /usr/
+ INSTALL?= install
+ INSTALLDIR= $(INSTALL) -d
+ INSTALLBIN= $(INSTALL) -m 555
+@@ -81,7 +81,7 @@
+ install:	all
+ 		$(INSTALLDIR) $(DESTDIR)$(PREFIX)/bin
+ 		$(INSTALLBIN) tmux $(DESTDIR)$(PREFIX)/bin/tmux
+-		$(INSTALLDIR) $(DESTDIR)$(PREFIX)/man/man1
+-		$(INSTALLMAN) tmux.1 $(DESTDIR)$(PREFIX)/man/man1/tmux.1
++		$(INSTALLDIR) $(DESTDIR)$(PREFIX)share/man/man1
++		$(INSTALLMAN) tmux.1 $(DESTDIR)$(PREFIX)share/man/man1/tmux.1
+ 
+ -include .depend
+--- a/Makefile
++++ b/Makefile
+@@ -24,7 +24,7 @@
+ 
+ CC?= cc
+ CFLAGS+= -DBUILD="\"$(VERSION)\""
+-LDFLAGS+= -L/usr/local/lib
++LDFLAGS+= -L/usr/lib
+ LIBS+=
+ 
+ .ifdef FDEBUG
+@@ -47,7 +47,7 @@
+ .endif
+ .endif
+ 
+-PREFIX?= /usr/local
++PREFIX?= /usr/
+ INSTALL?= install
+ INSTALLDIR= ${INSTALL} -d
+ INSTALLBIN= ${INSTALL} -m 555
+@@ -80,5 +80,5 @@
+ install:	all
+ 		${INSTALLDIR} ${DESTDIR}${PREFIX}/bin
+ 		${INSTALLBIN} tmux ${DESTDIR}${PREFIX}/bin/
+-		${INSTALLDIR} ${DESTDIR}${PREFIX}/man/man1
+-		${INSTALLMAN} tmux.1 ${DESTDIR}${PREFIX}/man/man1/
++		${INSTALLDIR} ${DESTDIR}${PREFIX}/share/man/man1
++		${INSTALLMAN} tmux.1 ${DESTDIR}${PREFIX}/share/man/man1/

Added: trunk/rpms/tmux/tmux-1.0-03_proper_socket_handling.diff
URL: http://svn.rpmforge.net/viewvc/rpmforge/trunk/rpms/tmux/tmux-1.0-03_proper_socket_handling.diff?rev=9812&view=markup
==============================================================================
--- trunk/rpms/tmux/tmux-1.0-03_proper_socket_handling.diff (added)
+++ trunk/rpms/tmux/tmux-1.0-03_proper_socket_handling.diff Mon Apr 11 08:48:56 2011
@@ -1,0 +1,75 @@
+# setting /usr/bin/tmux with sgid and proper location of socket
+---
+# GNUmakefile |    2 +-
+# Makefile    |    2 +-
+# compat.h    |    2 +-
+# tmux.1      |    6 +++---
+# tmux.c      |    2 +-
+# 5 files changed, 7 insertions(+), 7 deletions(-)
+#
+--- a/GNUmakefile
++++ b/GNUmakefile
+@@ -54,7 +54,7 @@
+ PREFIX?= /usr/
+ INSTALL?= install
+ INSTALLDIR= $(INSTALL) -d
+-INSTALLBIN= $(INSTALL) -m 555
++INSTALLBIN= $(INSTALL) -g tmux -o root -m 2755
+ INSTALLMAN= $(INSTALL) -m 444
+ 
+ SRCS= $(shell echo *.c|LC_ALL=C sed 's|osdep-[a-z0-9]*.c||g')
+--- a/Makefile
++++ b/Makefile
+@@ -50,7 +50,7 @@
+ PREFIX?= /usr/
+ INSTALL?= install
+ INSTALLDIR= ${INSTALL} -d
+-INSTALLBIN= ${INSTALL} -m 555
++INSTALLBIN= $(INSTALL) -g tmux -o root -m 2755
+ INSTALLMAN= ${INSTALL} -m 444
+ 
+ SRCS!= echo *.c|LC_ALL=C sed 's|osdep-[a-z0-9]*.c||g'
+--- a/compat.h
++++ b/compat.h
+@@ -25,7 +25,7 @@
+ 
+ #ifndef HAVE_PATHS_H
+ #define	_PATH_BSHELL	"/bin/sh"
+-#define	_PATH_TMP	"/tmp/"
++#define _PATH_VARRUN    "/var/run/"
+ #define _PATH_DEVNULL	"/dev/null"
+ #define _PATH_TTY	"/dev/tty"
+ #define _PATH_DEV	"/dev/"
+--- a/tmux.c
++++ b/tmux.c
+@@ -188,7 +188,7 @@
+ 	u_int		uid;
+ 
+ 	uid = getuid();
+-	xsnprintf(base, MAXPATHLEN, "%s/tmux-%d", _PATH_TMP, uid);
++	xsnprintf(base, MAXPATHLEN, "%s/%s/%s-%d", _PATH_VARRUN, __progname, __progname, uid);
+ 
+ 	if (mkdir(base, S_IRWXU) != 0 && errno != EEXIST)
+ 		return (NULL);
+--- a/tmux.1
++++ b/tmux.1
+@@ -89,8 +89,8 @@
+ and all sessions are managed by a single
+ .Em server .
+ The server and each client are separate processes which communicate through a
+-socket in
+-.Pa /tmp .
++socket in a directory under
++.Pa /var/run/tmux .
+ .Pp
+ The options are as follows:
+ .Bl -tag -width "XXXXXXXXXXXX"
+@@ -134,7 +134,7 @@
+ .It Fl L Ar socket-name
+ .Nm
+ stores the server socket in a directory under
+-.Pa /tmp ;
++.Pa /var/run/tmux ;
+ the default socket is named
+ .Em default .
+ This option allows a different socket name to be specified, allowing several

Added: trunk/rpms/tmux/tmux-1.0-04_dropping_unnecessary_privileges.diff
URL: http://svn.rpmforge.net/viewvc/rpmforge/trunk/rpms/tmux/tmux-1.0-04_dropping_unnecessary_privileges.diff?rev=9812&view=markup
==============================================================================
--- trunk/rpms/tmux/tmux-1.0-04_dropping_unnecessary_privileges.diff (added)
+++ trunk/rpms/tmux/tmux-1.0-04_dropping_unnecessary_privileges.diff Mon Apr 11 08:48:56 2011
@@ -1,0 +1,26 @@
+# using setresgid() for safely dropping utmp group membership which were needed
+# for makesocketpath() to create the user directory under /var/run/tmux which is
+# only writeable for processes that have setgid utmp.
+--- a/tmux.c
++++ b/tmux.c
+@@ -235,6 +235,7 @@
+ 	struct keylist	*keylist;
+ 	char		*s, *path, *label, *home, **var;
+ 	int	 	 opt, flags, quiet, keys;
++	u_int		gid;
+ 
+ #if defined(DEBUG) && defined(__OpenBSD__)
+ 	malloc_options = (char *) "AFGJPX";
+@@ -483,6 +484,12 @@
+ 			}
+ 		}
+ 	}
++	gid = getgid();
++	/* drop unnecessary privileges which were needed for makesocketpath() 
++	 * to create the user directory under /var/run/tmux which is only 
++	 * writeable for processes that have setgid utmp. */
++ 	if (setresgid(gid, gid, gid) != 0)
++ 		return (NULL);
+ 	if (label != NULL)
+ 		xfree(label);
+ 	if (realpath(path, socket_path) == NULL)

Added: trunk/rpms/tmux/tmux-1.2-writehard.patch
URL: http://svn.rpmforge.net/viewvc/rpmforge/trunk/rpms/tmux/tmux-1.2-writehard.patch?rev=9812&view=markup
==============================================================================
--- trunk/rpms/tmux/tmux-1.2-writehard.patch (added)
+++ trunk/rpms/tmux/tmux-1.2-writehard.patch Mon Apr 11 08:48:56 2011
@@ -1,0 +1,57 @@
+diff -up tmux-1.2/tty.c.writehard tmux-1.2/tty.c
+--- tmux-1.2/tty.c.writehard	2010-03-08 15:53:49.000000000 +0100
++++ tmux-1.2/tty.c	2010-03-28 12:01:49.335023195 +0200
+@@ -300,7 +300,8 @@ tty_free(struct tty *tty)
+ void
+ tty_raw(struct tty *tty, const char *s)
+ {
+-	write(tty->fd, s, strlen(s));
++	if (write(tty->fd, s, strlen(s)) == -1)
++		fatal("write failed");
+ }
+ 
+ void
+@@ -333,7 +334,8 @@ tty_puts(struct tty *tty, const char *s)
+ 	bufferevent_write(tty->event, s, strlen(s));
+ 
+ 	if (tty->log_fd != -1)
+-		write(tty->log_fd, s, strlen(s));
++		if(write(tty->log_fd, s, strlen(s)) == -1)
++			fatal("write failed");
+ }
+ 
+ void
+@@ -359,7 +361,8 @@ tty_putc(struct tty *tty, u_char ch)
+ 	}
+ 
+ 	if (tty->log_fd != -1)
+-		write(tty->log_fd, &ch, 1);
++		if (write(tty->log_fd, &ch, 1) == -1)
++			fatal("write failed");
+ }
+ 
+ void
+@@ -370,7 +373,8 @@ tty_pututf8(struct tty *tty, const struc
+ 	size = grid_utf8_size(gu);
+ 	bufferevent_write(tty->event, gu->data, size);
+ 	if (tty->log_fd != -1)
+-		write(tty->log_fd, gu->data, size);
++		if(write(tty->log_fd, gu->data, size) == -1)
++			fatal("write failed");
+ 	tty->cx += gu->width;
+ }
+ 
+diff -up tmux-1.2/window.c.writehard tmux-1.2/window.c
+--- tmux-1.2/window.c.writehard	2010-02-08 19:10:07.000000000 +0100
++++ tmux-1.2/window.c	2010-03-28 12:03:07.316900726 +0200
+@@ -518,7 +518,9 @@ window_pane_spawn(struct window_pane *wp
+ 		return (-1);
+ 	case 0:
+ 		if (chdir(wp->cwd) != 0)
+-			chdir("/");
++			if (chdir("/") <0)
++				fatal("chdir failed");
++
+ 
+ 		if (tcgetattr(STDIN_FILENO, &tio2) != 0)
+ 			fatal("tcgetattr failed");

Modified: trunk/rpms/tmux/tmux.spec
URL: http://svn.rpmforge.net/viewvc/rpmforge/trunk/rpms/tmux/tmux.spec?rev=9812&r1=9811&r2=9812&view=diff
==============================================================================
--- trunk/rpms/tmux/tmux.spec (original)
+++ trunk/rpms/tmux/tmux.spec Mon Apr 11 08:48:56 2011
@@ -4,13 +4,27 @@
 Summary: Terminal multiplexer program
 Name: tmux
 Version: 1.4
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: BSD
 Group: Applications/System
 URL: http://tmux.sourceforge.net/
 
 Source: http://downloads.sourceforge.net/tmux/tmux-%{version}.tar.gz
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
+
+# This first patch creates MANDIR in the GNUmakefile.  This has been sent
+# upstream via email but upstream replied and said would not change.
+Patch0:         tmux-1.0-02_fix_wrong_location.diff
+Patch1:         tmux-1.0-03_proper_socket_handling.diff
+# 2010-03-28: Submitted upstream:
+# https://sourceforge.net/tracker/?func=detail&aid=2977950&group_id=200378&atid=973264
+Patch2:         tmux-1.0-04_dropping_unnecessary_privileges.diff
+# 2010-03-28: Submitted upstream:
+# https://sourceforge.net/tracker/?func=detail&aid=2977945&group_id=200378&atid=973264
+Patch3:         tmux-1.2-writehard.patch
+
+BuildRequires:  ncurses-devel
+BuildRequires:  libevent-devel
 
 %description
 tmux is a "terminal multiplexer". It allows a number of terminals (or windows)
@@ -19,6 +33,10 @@
 
 %prep
 %setup -q
+%patch0 -p1 -b .location
+%patch1 -p1 -b .sockethandling
+%patch2 -p1 -b .dropprivs
+%patch3 -p1 -b .writehard
 
 %build
 %configure
@@ -27,19 +45,32 @@
 %install
 %{__rm} -rf %{buildroot}
 #%{__make} install DESTDIR="%{buildroot}"
-%{__install} -Dp -m0755 tmux %{buildroot}%{_bindir}/tmux
-%{__install} -Dp -m0644 tmux.1 %{buildroot}%{_mandir}/man1/tmux.1
+#%{__install} -Dp -m0755 tmux %{buildroot}%{_bindir}/tmux
+#%{__install} -Dp -m0644 tmux.1 %{buildroot}%{_mandir}/man1/tmux.1
+make install DESTDIR=%{buildroot} INSTALLBIN="install -p -m 755" INSTALLMAN="install -p -m 644"
+
+# Create the socket dir
+mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/run/%{name}
 
 %clean
 %{__rm} -rf %{buildroot}
 
+%pre
+getent group tmux >/dev/null || groupadd -r tmux
+
 %files
-%defattr(-, root, root, 0755)
-%doc NOTES TODO
-%doc %{_mandir}/man1/tmux.1*
-%{_bindir}/tmux
+%defattr(-,root,root,-)
+%doc CHANGES FAQ NOTES TODO examples/
+%attr(2755,root,tmux) %{_bindir}/tmux
+%{_mandir}/man1/tmux.1.*
+%attr(775,root,tmux) %{_localstatedir}/run/tmux
 
 %changelog
+* Mon Apr 11 2011 David Hrbáč <david at hrbac.cz> - 1.4-2
+- CVE-2011-1496 fix
+- imported Fedora patches
+- added examples
+
 * Mon Apr 11 2011 David Hrbáč <david at hrbac.cz> - 1.4-1
 - new upstream release
 




More information about the commits mailing list