Date: Monday, February 6, 2023 @ 18:57:53
Author: blakkheim
Revision: 1394759
upgpkg: tmux 3.3_a-3: apply CVE-2022-47016 fix
Added:
tmux/trunk/CVE-2022-47016.patch
Modified:
tmux/trunk/PKGBUILD
----------------------+
CVE-2022-47016.patch | 58 +++++++++++++++++++++++++++++++++++++++++++++++++
PKGBUILD | 20 +++++++++++-----
2 files changed, 72 insertions(+), 6 deletions(-)
Added: CVE-2022-47016.patch
===================================================================
--- CVE-2022-47016.patch (rev 0)
+++ CVE-2022-47016.patch 2023-02-06 18:57:53 UTC (rev 1394759)
@@ -0,0 +1,58 @@
+Index: tmux-3.3a/control.c
+===================================================================
+--- tmux-3.3a.orig/control.c
++++ tmux-3.3a/control.c
+@@ -775,6 +775,9 @@ control_start(struct client *c)
+
+ cs->read_event = bufferevent_new(c->fd, control_read_callback,
+ control_write_callback, control_error_callback, c);
++ if (cs->read_event == NULL)
++ fatalx("out of memory");
++
+ bufferevent_enable(cs->read_event, EV_READ);
+
+ if (c->flags & CLIENT_CONTROLCONTROL)
+@@ -782,6 +785,8 @@ control_start(struct client *c)
+ else {
+ cs->write_event = bufferevent_new(c->out_fd, NULL,
+ control_write_callback, control_error_callback, c);
++ if (cs->write_event == NULL)
++ fatalx("out of memory");
+ }
+ bufferevent_setwatermark(cs->write_event, EV_WRITE, CONTROL_BUFFER_LOW,
+ 0);
+Index: tmux-3.3a/file.c
+===================================================================
+--- tmux-3.3a.orig/file.c
++++ tmux-3.3a/file.c
+@@ -585,6 +585,8 @@ file_write_open(struct client_files *fil
+
+ cf->event = bufferevent_new(cf->fd, NULL, file_write_callback,
+ file_write_error_callback, cf);
++ if (cf->event == NULL)
++ fatalx("out of memory");
+ bufferevent_enable(cf->event, EV_WRITE);
+ goto reply;
+
+@@ -744,6 +746,8 @@ file_read_open(struct client_files *file
+
+ cf->event = bufferevent_new(cf->fd, file_read_callback, NULL,
+ file_read_error_callback, cf);
++ if (cf->event == NULL)
++ fatalx("out of memory");
+ bufferevent_enable(cf->event, EV_READ);
+ return;
+
+Index: tmux-3.3a/window.c
+===================================================================
+--- tmux-3.3a.orig/window.c
++++ tmux-3.3a/window.c
+@@ -1042,6 +1042,8 @@ window_pane_set_event(struct window_pane
+
+ wp->event = bufferevent_new(wp->fd, window_pane_read_callback,
+ NULL, window_pane_error_callback, wp);
++ if (wp->event == NULL)
++ fatalx("out of memory");
+ wp->ictx = input_init(wp, wp->event, &wp->palette);
+
+ bufferevent_enable(wp->event, EV_READ|EV_WRITE);
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2023-02-06 18:34:43 UTC (rev 1394758)
+++ PKGBUILD 2023-02-06 18:57:53 UTC (rev 1394759)
@@ -1,19 +1,27 @@
# Maintainer: Christian Hesse <[email protected]>
+# Maintainer: T.J. Townsend <[email protected]>
pkgname=tmux
pkgver=3.3_a
-pkgrel=2
-pkgdesc='A terminal multiplexer'
+pkgrel=3
+pkgdesc='Terminal multiplexer'
url='https://github.com/tmux/tmux/wiki'
arch=('x86_64')
license=('BSD')
depends=('ncurses' 'libevent' 'libutempter' 'systemd-libs')
makedepends=('systemd')
-source=("https://github.com/tmux/tmux/releases/download/${pkgver/_/}/tmux-${pkgver/_/}.tar.gz";)
-sha256sums=('e4fd347843bd0772c4f48d6dde625b0b109b7a380ff15db21e97c11a4dcdf93f')
+source=("https://github.com/tmux/tmux/releases/download/${pkgver/_/}/tmux-${pkgver/_/}.tar.gz";
+ "CVE-2022-47016.patch")
+sha256sums=('e4fd347843bd0772c4f48d6dde625b0b109b7a380ff15db21e97c11a4dcdf93f'
+ '58fb690833e086b71b52555aa8eced695ace0a0bc51b8bccfda441e35a47ca93')
+prepare() {
+ cd "$pkgname-${pkgver/_/}"
+ patch -Np1 -i ../CVE-2022-47016.patch
+}
+
build() {
- cd "$srcdir/$pkgname-${pkgver/_/}"
+ cd "$pkgname-${pkgver/_/}"
./configure \
--prefix=/usr \
@@ -23,7 +31,7 @@
}
package() {
- cd "$srcdir/$pkgname-${pkgver/_/}"
+ cd "$pkgname-${pkgver/_/}"
make install DESTDIR="$pkgdir"
install -D -m0644 COPYING "$pkgdir/usr/share/licenses/tmux/LICENSE"
