Accepting request 1132463 from shells

- New upstream release 3.6.4
  * This release contains a complete fix for the test suite failure in fish
    3.6.2 and 3.6.3.
- New upstream release 3.6.3
  * This release contains a fix for a test suite failure in fish 3.6.2.
- New upstream release 3.6.2
  This release of fish contains a security fix for CVE-2023-49284, a minor security problem identified
  in fish 3.6.1 and previous versions (thought to affect all released versions of fish).
  fish uses certain Unicode non-characters internally for marking wildcards and expansions. It
  incorrectly allowed these markers to be read on command substitution output, rather than
  transforming them into a safe internal representation.
  For example, ``echo \UFDD2HOME`` has the same output as ``echo $HOME``.
  While this may cause unexpected behavior with direct input, this may become a minor security problem
  if the output is being fed from an external program into a command substitution where this output
  may not be expected. (bsc#1217808, CVE-2023-49284) 
- Enable tests

OBS-URL: https://build.opensuse.org/request/show/1132463
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/fish?expand=0&rev=40

fish-3.6.1.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:55402bb47ca6739d8aba25e41780905b5ce1bce0a5e0dd17dca908b5bc0b49b2
-size 2866100

fish-3.6.1.tar.xz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEnh3gZzzMAykZ0YUmwLlpspdOiI4FAmQepKUACgkQwLlpspdO
-iI6eng//Qqwhjwy6nwIXM4F0Pssx9wtTyDKdQiOZUCD+r74/LTghetJ4xSyz+7TW
-rs1AvNjQCCN5fRGqN1WbUL6OWiSk0mWKrzvvZEkplr9AH96o4r+5SuH5bh1k4koT
-AS3dSOQAf9xGNr/SHLY3lz+i+905Yq6Aa6p7+2wN+WOg7pUwdmLsZFBOXW0uvv7m
-qjp6GqZNly3f4JIWiQzNwT2xopg2zOTwyRodiv+nHjHGHmfaAgWt2vkp3dJ9p3JO
-zxkU6md8qbOX2hI6o7hxICtx+r54AGtO4qLtVEGyUVwWPuBQyUtRmBxTBmcl/h+N
-EjfB0QqauHf0E/oqczZh+Eq0lf63+zprAZdKd/X2Va2zDEX8B8RTYiwru55Fv/Gl
-kKx8gDfDKDyINqMo/pyO3kkOJsUBaLxNHPW39stb9tXy1RnIIhZOCQzlvQ7Zx4Mo
-HDiVW92A/aZpHgeGwtNCi6LYDSpwjgdrmuUUsOtdzqzBHvfQfZpNWc9KCP0Jj8qv
-XWZNVWKi9c5uBK71ruSK8emwNHYHaRZxCEZa44mIvWIdgIGkwBSmLJyjO4X+DH9m
-puGwbucoUNyaBalZs3kR/fwvicGMELC6l0H2XklqeJkfBF5OWWqsVBVy6dsaK6kp
-Y/UKUD4y/sT2e9ImKeA6W2tWfpv2b4QZ08RHbzNRB1hJCBvG37U=
-=dAZn
------END PGP SIGNATURE-----

fish-3.6.4.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEnh3gZzzMAykZ0YUmwLlpspdOiI4FAmVvM/MACgkQwLlpspdO
+iI5Tnw/+LaEsY3oiE3WPLgoDphzZ93T/qq7E5v4Xdna9k+stvujCykKCuVzbiQ2i
+kr1ISa2nobYmMN73Fbpxc9hiISwaG47Wz3nZuIDmKRsEonzxRA8YY8NqobJ3yXH5
+UtIdwzhR3nY91a4py8fBt/jjUXGK+W5RvbHSaP3i3hHQZaSQPlOZ7B3aByhtkYSt
+9HIZAUBM1FshLmuaGOJFzTvmutOvlvf4z0Bt147biE+wogdhaaGTEfrlkKml3TbK
+kBPIjTUAHFMPkZ+XjSPyzsCCD+zvyW9oDSuuXhYvmpGUOSAd+4Efmcp6zVNewAlV
+el94tDhRxLBpm1J42hQO2ie/zMtbx8zBBZ4jqB1YdoqoR1a9ELFlTcOGEY0cPxVg
+bb1cZ4K+XgLMHCVWEUWV9nNRCcaup5Uydr09CH/aQOdlt+is6M0Gl/iKZnOnx4Mr
+yeq4bDnc487UbJoIw4WTsNH9muHPD1Z2qNUvtmDhbkTdFxDUkh0TpFa7de+gqKJI
+DKtaN8fqsGzw7B4+xY7VlnLUePJNgZ6lrlA9XgRwuOa1quhdAt+AVAoF0MB2bSLv
+EGB7FJ3ID78bbznf8EOrKM4lPCJcVv6093cuE+SSNSiQv90wjgm4a46yHnYYCjNG
+nfFTtKDw0NjgXZWlxnfDk0Xj4QHqv5BTD6jbtvV97vbFWwbojpY=
+=mUGV
+-----END PGP SIGNATURE-----

fish.changes

@@ -1,3 +1,35 @@
+-------------------------------------------------------------------
+Wed Dec  6 12:42:56 UTC 2023 - Dan Čermák <dcermak@suse.com>
+
+- New upstream release 3.6.4
+
+  * This release contains a complete fix for the test suite failure in fish
+    3.6.2 and 3.6.3.
+
+- New upstream release 3.6.3
+
+  * This release contains a fix for a test suite failure in fish 3.6.2.
+
+- New upstream release 3.6.2
+
+  This release of fish contains a security fix for CVE-2023-49284, a minor security problem identified
+  in fish 3.6.1 and previous versions (thought to affect all released versions of fish).
+
+  fish uses certain Unicode non-characters internally for marking wildcards and expansions. It
+  incorrectly allowed these markers to be read on command substitution output, rather than
+  transforming them into a safe internal representation.
+
+  For example, ``echo \UFDD2HOME`` has the same output as ``echo $HOME``.
+
+  While this may cause unexpected behavior with direct input, this may become a minor security problem
+  if the output is being fed from an external program into a command substitution where this output
+  may not be expected. (bsc#1217808, CVE-2023-49284) 
+
+-------------------------------------------------------------------
+Tue Dec  5 08:08:21 UTC 2023 - Dan Čermák <dcermak@suse.com>
+
+- Enable tests
+
 -------------------------------------------------------------------
 Tue Oct 17 08:40:39 UTC 2023 - Matej Cepl <mcepl@cepl.eu>
 

fish.spec

@@ -17,10 +17,11 @@
 
 
 Name:           fish
-Version:        3.6.1
+Version:        3.6.4
 Release:        0
 Summary:        The "friendly interactive shell"
-License:        GPL-2.0-only
+# see bundled doc_src/license.rst
+License:        GPL-2.0-only AND BSD-3-Clause AND ISC AND LGPL-2.0-or-later AND MIT AND PSF-2.0
 Group:          System/Shells
 URL:            https://fishshell.com/
 Source:         https://github.com/fish-shell/fish-shell/releases/download/%{version}/fish-%{version}.tar.xz
@@ -35,6 +36,8 @@ BuildRequires:  ncurses-devel
 BuildRequires:  pcre2-devel >= 10.21
 BuildRequires:  pkgconfig
 BuildRequires:  update-desktop-files
+# for tests
+BuildRequires:  procps
 Requires:       awk
 Requires:       bc
 Requires:       man
@@ -75,17 +78,22 @@ rm %{buildroot}/%{_datadir}/doc/fish/.buildinfo
 
 %suse_update_desktop_file -G "Command-line interpreter" fish TerminalEmulator
 
+%check
+pushd build
+%make_build test
+popd
+
 %post
 # Add fish to the list of allowed shells in /etc/shells
 if ! grep -q '^%{_bindir}/%{name}$' %{_sysconfdir}/shells; then
-	echo %{_bindir}/%{name} >>%{_sysconfdir}/shells
+        echo %{_bindir}/%{name} >>%{_sysconfdir}/shells
 fi
 
 %postun
 # Remove fish from the list of allowed shells in /etc/shells
 if [ "$1" = 0 ]; then
-	grep -v '^%{_bindir}/%{name}$' %{_sysconfdir}/shells >%{_sysconfdir}/%{name}.tmp
-	mv %{_sysconfdir}/%{name}.tmp %{_sysconfdir}/shells
+        grep -v '^%{_bindir}/%{name}$' %{_sysconfdir}/shells >%{_sysconfdir}/%{name}.tmp
+        mv %{_sysconfdir}/%{name}.tmp %{_sysconfdir}/shells
 fi
 
 %files -f %{name}.lang