From f96e8ada25cf6dbd4c143a32c9f1ec3ae9926273 Mon Sep 17 00:00:00 2001
From: jinzhimin369 <jinzhimin2@huawei.com>
Date: Sat, 28 Nov 2020 16:23:11 +0800
Subject: [PATCH 1/2] fix CVE

---
 CVE-2020-27347.patch | 30 ++++++++++++++++++++++++++++++
 tmux.spec            | 11 +++++++----
 2 files changed, 37 insertions(+), 4 deletions(-)
 create mode 100644 CVE-2020-27347.patch

diff --git a/CVE-2020-27347.patch b/CVE-2020-27347.patch
new file mode 100644
index 0000000..fe335b3
--- /dev/null
+++ b/CVE-2020-27347.patch
@@ -0,0 +1,30 @@
+From a868bacb46e3c900530bed47a1c6f85b0fbe701c Mon Sep 17 00:00:00 2001
+From: nicm <nicm>
+Date: Thu, 29 Oct 2020 16:33:01 +0000
+Subject: [PATCH] Do not write after the end of the array and overwrite the
+ stack when colon-separated SGR sequences contain empty arguments. Reported by
+ Sergey Nizovtsev.
+
+---
+ input.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/input.c b/input.c
+index 42a60c92a..c280c0d97 100644
+--- a/input.c
++++ b/input.c
+@@ -1976,8 +1976,13 @@ input_csi_dispatch_sgr_colon(struct input_ctx *ictx, u_int i)
+ 				free(copy);
+ 				return;
+ 			}
+-		} else
++		} else {
+ 			n++;
++			if (n == nitems(p)) {
++				free(copy);
++				return;
++			}
++		}
+ 		log_debug("%s: %u = %d", __func__, n - 1, p[n - 1]);
+ 	}
+ 	free(copy);
diff --git a/tmux.spec b/tmux.spec
index 0c35810..58d64cc 100644
--- a/tmux.spec
+++ b/tmux.spec
@@ -1,8 +1,8 @@
 %global _hardened_build 1
 
 Name:           tmux
-Version:        3.1
-Release:        1
+Version:        2.9a
+Release:        2
 Summary:        A terminal multiplexer
 
 License:        ISC and BSD
@@ -10,6 +10,8 @@ URL:            https://tmux.github.io/
 Source0:        https://github.com/%{name}/%{name}/releases/download/%{version}/%{name}-%{version}.tar.gz
 Source1:        bash_completion_tmux.sh
 
+Patch1:        CVE-2020-27347.patch
+
 BuildRequires:  gcc libevent-devel ncurses-devel libutempter-devel
 
 %description
@@ -59,11 +61,12 @@ fi
 
 %files help
 %defattr(-,root,root)
+%doc CHANGES TODO
 %{_mandir}/man1/%{name}.1.gz
 
 %changelog
-* Sat Jun 20 2020 weiwei_150212 <tianwei12@huawei.com> - 3.1-1
-- DESC:update to release 3.1
+* Sat Nov 28 2020 wangye <wangye70@huawei.com> - 2.9a-2
+- fix CVE
 
 * Fri Oct 11 2019 openEuler Buildteam <buildteam@openeuler.org> - 2.9a-1
 - Package init
-- 
Gitee


From b70f0c7b00594c2d15b3e8313fc1954e43d234fd Mon Sep 17 00:00:00 2001
From: jinzhimin369 <jinzhimin2@huawei.com>
Date: Sat, 28 Nov 2020 16:25:03 +0800
Subject: [PATCH 2/2] fix CVE

---
 tmux.spec | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/tmux.spec b/tmux.spec
index 58d64cc..16871e6 100644
--- a/tmux.spec
+++ b/tmux.spec
@@ -1,7 +1,7 @@
 %global _hardened_build 1
 
 Name:           tmux
-Version:        2.9a
+Version:        3.1
 Release:        2
 Summary:        A terminal multiplexer
 
@@ -10,7 +10,7 @@ URL:            https://tmux.github.io/
 Source0:        https://github.com/%{name}/%{name}/releases/download/%{version}/%{name}-%{version}.tar.gz
 Source1:        bash_completion_tmux.sh
 
-Patch1:        CVE-2020-27347.patch
+Patch1:         CVE-2020-27347.patch
 
 BuildRequires:  gcc libevent-devel ncurses-devel libutempter-devel
 
@@ -61,12 +61,14 @@ fi
 
 %files help
 %defattr(-,root,root)
-%doc CHANGES TODO
 %{_mandir}/man1/%{name}.1.gz
 
 %changelog
-* Sat Nov 28 2020 wangye <wangye70@huawei.com> - 2.9a-2
-- fix CVE
+* Sat Nov 28 2020 wangye <wangye70@huawei.com> - 3.1-2
+- DESC:fix CVE
+
+* Sat Jun 20 2020 weiwei_150212 <tianwei12@huawei.com> - 3.1-1
+- DESC:update to release 3.1
 
 * Fri Oct 11 2019 openEuler Buildteam <buildteam@openeuler.org> - 2.9a-1
 - Package init
-- 
Gitee