!19 fix CVE-2022-47016

From: @zhouwenpei 
Reviewed-by: @t_feng 
Signed-off-by: @t_feng

backport-CVE-2022-47016.patch

@@ -0,0 +1,70 @@
+From e86752820993a00e3d28350cbe46878ba95d9012 Mon Sep 17 00:00:00 2001
+From: nicm <nicm>
+Date: Wed, 24 Aug 2022 07:22:30 +0000
+Subject: [PATCH] Check for NULL returns from bufferevent_new.
+
+---
+ control.c | 4 ++++
+ file.c    | 4 ++++
+ window.c  | 2 ++
+ 3 files changed, 10 insertions(+)
+
+diff --git a/control.c b/control.c
+index 73286e0..6183a00 100644
+--- a/control.c
++++ b/control.c
+@@ -775,6 +775,8 @@ control_start(struct client *c)
+ 
+ 	cs->read_event = bufferevent_new(c->fd, control_read_callback,
+ 	    control_write_callback, control_error_callback, c);
++	if (cs->read_event == NULL)
++		fatalx("out of memory");
+ 	bufferevent_enable(cs->read_event, EV_READ);
+ 
+ 	if (c->flags & CLIENT_CONTROLCONTROL)
+@@ -782,6 +784,8 @@ control_start(struct client *c)
+ 	else {
+ 		cs->write_event = bufferevent_new(c->out_fd, NULL,
+ 		    control_write_callback, control_error_callback, c);
++		if (cs->write_event == NULL)
++			fatalx("out of memory");
+ 	}
+ 	bufferevent_setwatermark(cs->write_event, EV_WRITE, CONTROL_BUFFER_LOW,
+ 	    0);
+diff --git a/file.c b/file.c
+index b2f155f..04a907b 100644
+--- a/file.c
++++ b/file.c
+@@ -585,6 +585,8 @@ file_write_open(struct client_files *files, struct tmuxpeer *peer,
+ 
+ 	cf->event = bufferevent_new(cf->fd, NULL, file_write_callback,
+ 	    file_write_error_callback, cf);
++	if (cf->event == NULL)
++		fatalx("out of memory");
+ 	bufferevent_enable(cf->event, EV_WRITE);
+ 	goto reply;
+ 
+@@ -744,6 +746,8 @@ file_read_open(struct client_files *files, struct tmuxpeer *peer,
+ 
+ 	cf->event = bufferevent_new(cf->fd, file_read_callback, NULL,
+ 	    file_read_error_callback, cf);
++	if (cf->event == NULL)
++		fatalx("out of memory");
+ 	bufferevent_enable(cf->event, EV_READ);
+ 	return;
+ 
+diff --git a/window.c b/window.c
+index c0cd9bd..294a1f0 100644
+--- a/window.c
++++ b/window.c
+@@ -1042,6 +1042,8 @@ window_pane_set_event(struct window_pane *wp)
+ 
+ 	wp->event = bufferevent_new(wp->fd, window_pane_read_callback,
+ 	    NULL, window_pane_error_callback, wp);
++	if (wp->event == NULL)
++		fatalx("out of memory");
+ 	wp->ictx = input_init(wp, wp->event, &wp->palette);
+ 
+ 	bufferevent_enable(wp->event, EV_READ|EV_WRITE);
+-- 
+2.33.0

tmux.spec

@@ -2,7 +2,7 @@
 
 Name:           tmux
 Version:        3.3a
-Release:        1
+Release:        2
 Summary:        A terminal multiplexer
 
 License:        ISC and BSD
@@ -10,6 +10,7 @@ URL:            https://tmux.github.io/
 Source0:        https://github.com/%{name}/%{name}/releases/download/%{version}/%{name}-%{version}.tar.gz
 Source1:        bash_completion_tmux.sh
 
+Patch6000:	backport-CVE-2022-47016.patch
 
 BuildRequires:  gcc libevent-devel ncurses-devel libutempter-devel
 
@@ -63,6 +64,9 @@ fi
 %{_mandir}/man1/%{name}.1.gz
 
 %changelog
+* Sat Feb 04 2023 zhouwenpei <zhouwenpei1@h-partners.com> - 3.3a-2
+- fix CVE-2022-47016
+
 * Wed Jul 13 2022 zhaomengmeng <zhaomengmeng@kylinos.cn> - 3.3a-1
 - DESC:upgrade to 3.3a