From 3f7d56a493c5f32e3ce556b5597ff3fb949fc47f Mon Sep 17 00:00:00 2001 From: jinzhimin369 Date: Sat, 28 Nov 2020 14:48:33 +0800 Subject: [PATCH] fix CVE --- CVE-2020-27347.patch | 30 ++++++++++++++++++++++++++++++ tmux.spec | 7 ++++++- 2 files changed, 36 insertions(+), 1 deletion(-) create mode 100644 CVE-2020-27347.patch diff --git a/CVE-2020-27347.patch b/CVE-2020-27347.patch new file mode 100644 index 0000000..fe335b3 --- /dev/null +++ b/CVE-2020-27347.patch @@ -0,0 +1,30 @@ +From a868bacb46e3c900530bed47a1c6f85b0fbe701c Mon Sep 17 00:00:00 2001 +From: nicm +Date: Thu, 29 Oct 2020 16:33:01 +0000 +Subject: [PATCH] Do not write after the end of the array and overwrite the + stack when colon-separated SGR sequences contain empty arguments. Reported by + Sergey Nizovtsev. + +--- + input.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/input.c b/input.c +index 42a60c92a..c280c0d97 100644 +--- a/input.c ++++ b/input.c +@@ -1976,8 +1976,13 @@ input_csi_dispatch_sgr_colon(struct input_ctx *ictx, u_int i) + free(copy); + return; + } +- } else ++ } else { + n++; ++ if (n == nitems(p)) { ++ free(copy); ++ return; ++ } ++ } + log_debug("%s: %u = %d", __func__, n - 1, p[n - 1]); + } + free(copy); diff --git a/tmux.spec b/tmux.spec index aaa2b23..58d64cc 100644 --- a/tmux.spec +++ b/tmux.spec @@ -2,7 +2,7 @@ Name: tmux Version: 2.9a -Release: 1 +Release: 2 Summary: A terminal multiplexer License: ISC and BSD @@ -10,6 +10,8 @@ URL: https://tmux.github.io/ Source0: https://github.com/%{name}/%{name}/releases/download/%{version}/%{name}-%{version}.tar.gz Source1: bash_completion_tmux.sh +Patch1: CVE-2020-27347.patch + BuildRequires: gcc libevent-devel ncurses-devel libutempter-devel %description @@ -63,5 +65,8 @@ fi %{_mandir}/man1/%{name}.1.gz %changelog +* Sat Nov 28 2020 wangye - 2.9a-2 +- fix CVE + * Fri Oct 11 2019 openEuler Buildteam - 2.9a-1 - Package init -- Gitee