diff --git a/backport-CVE-2023-49284.patch b/backport-CVE-2023-49284.patch deleted file mode 100644 index 68be117..0000000 --- a/backport-CVE-2023-49284.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 09986f5563e31e2c900a606438f1d60d008f3a14 Mon Sep 17 00:00:00 2001 -From: Fabian Boehm -Date: Sat, 2 Dec 2023 11:06:07 +0100 -Subject: [PATCH] Encode all ENCODE_DIRECT codepoints with encode_direct - ---- - src/common.cpp | 7 ++++--- - tests/checks/basic.fish | 8 ++++++++ - 2 files changed, 12 insertions(+), 3 deletions(-) - -diff --git a/src/common.cpp b/src/common.cpp -index a1cc7c63c62..370ecacd5f0 100644 ---- a/src/common.cpp -+++ b/src/common.cpp -@@ -335,9 +335,7 @@ static wcstring str2wcs_internal(const char *in, const size_t in_len) { - } else { - ret = std::mbrtowc(&wc, &in[in_pos], in_len - in_pos, &state); - // Determine whether to encode this character with our crazy scheme. -- if (wc >= ENCODE_DIRECT_BASE && wc < ENCODE_DIRECT_BASE + 256) { -- use_encode_direct = true; -- } else if (wc == INTERNAL_SEPARATOR) { -+ if (fish_reserved_codepoint(wc)) { - use_encode_direct = true; - } else if (ret == static_cast(-2)) { - // Incomplete sequence. -@@ -1313,6 +1311,9 @@ maybe_t read_unquoted_escape(const wchar_t *input, wcstring *result, boo - } - - if (result_char_or_none.has_value()) { -+ if (fish_reserved_codepoint(*result_char_or_none)) { -+ return none(); -+ } - result->push_back(*result_char_or_none); - } - -diff --git a/tests/checks/basic.fish b/tests/checks/basic.fish -index 60a4e18a21f..314b78cc0fb 100644 ---- a/tests/checks/basic.fish -+++ b/tests/checks/basic.fish -@@ -587,6 +587,14 @@ $fish -c 'echo \x' - # CHECKERR: echo \x - # CHECKERR: ^^ - -+$fish -c 'echo \ufdd2"fart"' -+# CHECKERR: fish: Invalid token '\ufdd2"fart"' -+# CHECKERR: echo \ufdd2"fart" -+# CHECKERR: ^~~~~~~~~~~^ -+ -+echo (sh -c 'printf $\'\ufdd2foo\'') | string escape -+# CHECK: \Xef\Xb7\X92foo -+ - printf '%s\n' "#!/bin/sh" 'echo $0' > $tmpdir/argv0.sh - chmod +x $tmpdir/argv0.sh - cd $tmpdir diff --git a/fish-3.6.1.tar.xz b/fish-3.6.1.tar.xz deleted file mode 100644 index c71ad5b..0000000 Binary files a/fish-3.6.1.tar.xz and /dev/null differ diff --git a/fish-3.6.4.tar.xz b/fish-3.6.4.tar.xz new file mode 100644 index 0000000..42e4234 Binary files /dev/null and b/fish-3.6.4.tar.xz differ diff --git a/fish.spec b/fish.spec index d0bebac..796b4c5 100644 --- a/fish.spec +++ b/fish.spec @@ -1,12 +1,10 @@ Name: fish -Version: 3.6.1 -Release: 2 +Version: 3.6.4 +Release: 1 Summary: Friendly interactive shell License: GPLv2 and BSD and ISC and LGPLv2+ and MIT URL: https://fishshell.com Source0: https://github.com/fish-shell/fish-shell/releases/download/%{version}/%{name}-%{version}.tar.xz -# https://github.com/fish-shell/fish-shell/commit/09986f5563e31e2c900a606438f1d60d008f3a14 -Patch0: backport-CVE-2023-49284.patch BuildRequires: cmake >= 3.5 BuildRequires: ninja-build @@ -99,7 +97,10 @@ fi %{_datadir}/pixmaps/fish.png %changelog -* Wed Dec 06 2023 lwg - 3.6.1-2 +* Fri Dec 29 2023 Paul Thomas - 3.6.4-1 +- update to version 3.6.4 + +* Wed Dec 06 2023 Paul Thomas - 3.6.1-2 - fix CVE-2023-49284 * Fri Aug 25 2023 yaoxin - 3.6.1-1