From 22d89e8c3ab824d07ed385dd27d6e2a94394813f Mon Sep 17 00:00:00 2001
From: rlmenge <rachelmenge@microsoft.com>
Date: Mon, 13 Feb 2023 09:07:09 -0800
Subject: [PATCH] Patch tmux for CVE-2022-47016 (#4830)

---
 SPECS/tmux/CVE-2022-47016.patch | 75 +++++++++++++++++++++++++++++++++
 SPECS/tmux/tmux.spec            |  8 +++-
 2 files changed, 81 insertions(+), 2 deletions(-)
 create mode 100644 SPECS/tmux/CVE-2022-47016.patch

diff --git a/SPECS/tmux/CVE-2022-47016.patch b/SPECS/tmux/CVE-2022-47016.patch
new file mode 100644
index 0000000000..07ba8e7041
--- /dev/null
+++ b/SPECS/tmux/CVE-2022-47016.patch
@@ -0,0 +1,75 @@
+From 49137ec9ab22ad371efdb37a9e0292aa6462113d Mon Sep 17 00:00:00 2001
+From: Rachel <rachelmenge@microsoft.com>
+Date: Fri, 10 Feb 2023 17:39:00 -0500
+Subject: [PATCH] Patch CVE-2022-47016
+
+From e86752820993a00e3d28350cbe46878ba95d9012 Mon Sep 17 00:00:00 2001
+From: nicm <nicm>
+Date: Wed, 24 Aug 2022 07:22:30 +0000
+Subject: [PATCH] Check for NULL returns from bufferevent_new.
+---
+ control.c | 4 ++++
+ file.c    | 4 ++++
+ window.c  | 2 ++
+ 3 files changed, 10 insertions(+)
+
+diff --git a/control.c b/control.c
+index 7a5b9eb..b4f22db 100644
+--- a/control.c
++++ b/control.c
+@@ -775,6 +775,8 @@ control_start(struct client *c)
+ 
+ 	cs->read_event = bufferevent_new(c->fd, control_read_callback,
+ 	    control_write_callback, control_error_callback, c);
++	if (cs->read_event == NULL)
++		fatalx("out of memory");
+ 	bufferevent_enable(cs->read_event, EV_READ);
+ 
+ 	if (c->flags & CLIENT_CONTROLCONTROL)
+@@ -782,6 +784,8 @@ control_start(struct client *c)
+ 	else {
+ 		cs->write_event = bufferevent_new(c->out_fd, NULL,
+ 		    control_write_callback, control_error_callback, c);
++		if (cs->write_event == NULL)
++			fatalx("out of memory");
+ 	}
+ 	bufferevent_setwatermark(cs->write_event, EV_WRITE, CONTROL_BUFFER_LOW,
+ 	    0);
+diff --git a/file.c b/file.c
+index 974c8a3..0716b98 100644
+--- a/file.c
++++ b/file.c
+@@ -585,6 +585,8 @@ file_write_open(struct client_files *files, struct tmuxpeer *peer,
+ 
+ 	cf->event = bufferevent_new(cf->fd, NULL, file_write_callback,
+ 	    file_write_error_callback, cf);
++	if (cf->event == NULL)
++		fatalx("out of memory");
+ 	bufferevent_enable(cf->event, EV_WRITE);
+ 	goto reply;
+ 
+@@ -744,6 +746,8 @@ file_read_open(struct client_files *files, struct tmuxpeer *peer,
+ 
+ 	cf->event = bufferevent_new(cf->fd, file_read_callback, NULL,
+ 	    file_read_error_callback, cf);
++	if (cf->event == NULL)
++		fatalx("out of memory");
+ 	bufferevent_enable(cf->event, EV_READ);
+ 	return;
+ 
+diff --git a/window.c b/window.c
+index f21a4d5..7f99e66 100644
+--- a/window.c
++++ b/window.c
+@@ -978,6 +978,8 @@ window_pane_set_event(struct window_pane *wp)
+ 
+ 	wp->event = bufferevent_new(wp->fd, window_pane_read_callback,
+ 	    NULL, window_pane_error_callback, wp);
++	if (wp->event == NULL)
++		fatalx("out of memory");
+ 	wp->ictx = input_init(wp, wp->event);
+ 
+ 	bufferevent_enable(wp->event, EV_READ|EV_WRITE);
+-- 
+2.25.1
+
diff --git a/SPECS/tmux/tmux.spec b/SPECS/tmux/tmux.spec
index b2e27bba3e..af94042e01 100644
--- a/SPECS/tmux/tmux.spec
+++ b/SPECS/tmux/tmux.spec
@@ -1,13 +1,14 @@
 Summary:        Terminal multiplexer
 Name:           tmux
 Version:        3.2a
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        ISC and BSD
 URL:            https://tmux.github.io/
 Group:          Applications/System
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
 Source0:        https://github.com/tmux/tmux/releases/download/%{version}/%{name}-%{version}.tar.gz
+Patch0:         CVE-2022-47016.patch
 Requires:       libevent ncurses
 BuildRequires:  libevent-devel ncurses-devel
 
@@ -15,7 +16,7 @@ BuildRequires:  libevent-devel ncurses-devel
 Terminal multiplexer
 
 %prep
-%setup -q
+%autosetup -p1
 
 %build
 ./configure \
@@ -37,6 +38,9 @@ make  %{?_smp_mflags} check
 %exclude /usr/src
 
 %changelog
+* Fri Feb 10 2023 Rachel Menge <rachelmenge@microsoft.com> - 3.2a-3
+- Patch CVE-2022-47016
+
 * Tue Feb 08 2022 Thomas Crain <thcrain@microsoft.com> - 3.2a-2
 - Remove unused `%%define sha1` lines