Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package tmux for openSUSE:Factory checked in
at 2023-01-28 20:00:02
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/tmux (Old)
and /work/SRC/openSUSE:Factory/.tmux.new.32243 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tmux"
Sat Jan 28 20:00:02 2023 rev:56 rq:1061478 version:3.3a
Changes:
--------
--- /work/SRC/openSUSE:Factory/tmux/tmux.changes 2022-08-01
21:28:07.377264684 +0200
+++ /work/SRC/openSUSE:Factory/.tmux.new.32243/tmux.changes 2023-01-28
20:09:55.722626549 +0100
@@ -1,0 +2,8 @@
+Mon Jan 23 16:17:36 UTC 2023 - pgaj...@suse.com
+
+- security update
+- added patches
+ fix CVE-2022-47016 [bsc#1207393], Null pointer dereference in window.c
+ + tmux-CVE-2022-47016.patch
+
+-------------------------------------------------------------------
New:
----
tmux-CVE-2022-47016.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ tmux.spec ++++++
--- /var/tmp/diff_new_pack.Jdgbfd/_old 2023-01-28 20:09:56.178629051 +0100
+++ /var/tmp/diff_new_pack.Jdgbfd/_new 2023-01-28 20:09:56.182629072 +0100
@@ -27,6 +27,8 @@
Source1: bash_completion_tmux.sh
# PATCH-FIX-OPENSUSE crrodrig...@opensuse.org -- Use /run/tmux instead of /tmp
as the default socket path, this add some robustness against accidental
deletion via systemd-tmpfiles-clean, tmpwatch, or similar
Patch0: tmux-socket-path.patch
+# CVE-2022-47016 [bsc#1207393], Null pointer dereference in window.c
+Patch1: tmux-CVE-2022-47016.patch
BuildRequires: pkgconfig
BuildRequires: utempter-devel
BuildRequires: pkgconfig(libutf8proc)
@@ -54,6 +56,7 @@
%prep
%setup -q
%patch0 -p1
+%patch1 -p1
%build
export CFLAGS="%{optflags} -fno-strict-aliasing"
++++++ tmux-CVE-2022-47016.patch ++++++
Index: tmux-3.3a/control.c
===================================================================
--- tmux-3.3a.orig/control.c
+++ tmux-3.3a/control.c
@@ -775,6 +775,9 @@ control_start(struct client *c)
cs->read_event = bufferevent_new(c->fd, control_read_callback,
control_write_callback, control_error_callback, c);
+ if (cs->read_event == NULL)
+ fatalx("out of memory");
+
bufferevent_enable(cs->read_event, EV_READ);
if (c->flags & CLIENT_CONTROLCONTROL)
@@ -782,6 +785,8 @@ control_start(struct client *c)
else {
cs->write_event = bufferevent_new(c->out_fd, NULL,
control_write_callback, control_error_callback, c);
+ if (cs->write_event == NULL)
+ fatalx("out of memory");
}
bufferevent_setwatermark(cs->write_event, EV_WRITE, CONTROL_BUFFER_LOW,
0);
Index: tmux-3.3a/file.c
===================================================================
--- tmux-3.3a.orig/file.c
+++ tmux-3.3a/file.c
@@ -585,6 +585,8 @@ file_write_open(struct client_files *fil
cf->event = bufferevent_new(cf->fd, NULL, file_write_callback,
file_write_error_callback, cf);
+ if (cf->event == NULL)
+ fatalx("out of memory");
bufferevent_enable(cf->event, EV_WRITE);
goto reply;
@@ -744,6 +746,8 @@ file_read_open(struct client_files *file
cf->event = bufferevent_new(cf->fd, file_read_callback, NULL,
file_read_error_callback, cf);
+ if (cf->event == NULL)
+ fatalx("out of memory");
bufferevent_enable(cf->event, EV_READ);
return;
Index: tmux-3.3a/window.c
===================================================================
--- tmux-3.3a.orig/window.c
+++ tmux-3.3a/window.c
@@ -1042,6 +1042,8 @@ window_pane_set_event(struct window_pane
wp->event = bufferevent_new(wp->fd, window_pane_read_callback,
NULL, window_pane_error_callback, wp);
+ if (wp->event == NULL)
+ fatalx("out of memory");
wp->ictx = input_init(wp, wp->event, &wp->palette);
bufferevent_enable(wp->event, EV_READ|EV_WRITE);
