Update ibus-HEAD.patch to improve security

2009-04-14 09:06:25 +00:00 · 2009-04-14 09:06:25 +00:00 · d78a8088ee
commit d78a8088ee
parent 8047f4949c
2 changed files with 26 additions and 3 deletions
--- a/ibus-HEAD.patch
+++ b/ibus-HEAD.patch
@ -0,0 +1,19 @@
+diff --git a/bus/server.c b/bus/server.c
+index 7245bd3..425dd86 100644
+--- a/bus/server.c
+++ b/bus/server.c
+@@ -90,10 +90,13 @@ bus_server_listen (BusServer *server)
+     gboolean retval;
+ 
+     path = g_strdup_printf("/tmp/ibus-%s", ibus_get_user_name ());
+-    mkdir (path, 0775);
+    mkdir (path, 0700);
+    chmod (path, 0700);
+
+     address = ibus_get_address ();
+ 
+     retval = ibus_server_listen (IBUS_SERVER (server), address);
+    chmod (ibus_get_socket_path (), 0600);
+ 
+     if (!retval) {
+         g_printerr ("Can not listen on %s! Please try remove directory %s and run again.", address, path);
--- a/ibus.spec
+++ b/ibus.spec
@ -8,7 +8,7 @@

 Name:       ibus
 Version:    1.1.0.20090413
-Release:    1%{?dist}
+Release:    2%{?dist}
 Summary:    Intelligent Input Bus for Linux OS
 License:    LGPLv2+
 Group:      System Environment/Libraries
@ -105,8 +105,7 @@ docs for ibus.

 %prep
 %setup -q
-# rm -rf docs/reference/ibus/ibus-sections.txt
-# %patch0 -p1
+%patch0 -p1
 # ./autogen.sh --help

 %build
@ -218,6 +217,11 @@ fi
 %{_libdir}/pkgconfig/*

 %changelog
+* Tue Apr 14 2009 Huang Peng <shawn.p.huang@gmail.com> - 1.1.0.20090413-2
+- Update ibus-HEAD.patch.
+- Change the mode of /tmp/ibus-$USER to 0700 to improve security
+- Change the mode of /tmp/ibus-$USER/socket-address to 0600 to improve security
+
 * Mon Apr 13 2009 Huang Peng <shawn.p.huang@gmail.com> - 1.1.0.20090413-1
 - Update to ibus-1.1.0.20090413.
 - Fix crash when restart the ibus-daemon