rpm/fish
SHA256
1
0
Fork 0
forked from pool/fish
Code Pull Requests Activity

Accepting request 1132463 from shells

Browse Source 
- New upstream release 3.6.4
  * This release contains a complete fix for the test suite failure in fish
    3.6.2 and 3.6.3.
- New upstream release 3.6.3
  * This release contains a fix for a test suite failure in fish 3.6.2.
- New upstream release 3.6.2
  This release of fish contains a security fix for CVE-2023-49284, a minor security problem identified
  in fish 3.6.1 and previous versions (thought to affect all released versions of fish).
  fish uses certain Unicode non-characters internally for marking wildcards and expansions. It
  incorrectly allowed these markers to be read on command substitution output, rather than
  transforming them into a safe internal representation.
  For example, ``echo \UFDD2HOME`` has the same output as ``echo $HOME``.
  While this may cause unexpected behavior with direct input, this may become a minor security problem
  if the output is being fed from an external program into a command substitution where this output
  may not be expected. (bsc#1217808, CVE-2023-49284) 
- Enable tests

OBS-URL: https://build.opensuse.org/request/show/1132463
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/fish?expand=0&rev=40
This commit is contained in:
Ana Guerrero 2023-12-11 20:49:58 +00:00 committed by Git OBS Bridge
commit 069037a0c9
6 changed files with 64 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
fish-3.6.1.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:55402bb47ca6739d8aba25e41780905b5ce1bce0a5e0dd17dca908b5bc0b49b2
size 2866100

16
fish-3.6.1.tar.xz.asc
View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEnh3gZzzMAykZ0YUmwLlpspdOiI4FAmQepKUACgkQwLlpspdO
iI6eng//Qqwhjwy6nwIXM4F0Pssx9wtTyDKdQiOZUCD+r74/LTghetJ4xSyz+7TW
rs1AvNjQCCN5fRGqN1WbUL6OWiSk0mWKrzvvZEkplr9AH96o4r+5SuH5bh1k4koT
AS3dSOQAf9xGNr/SHLY3lz+i+905Yq6Aa6p7+2wN+WOg7pUwdmLsZFBOXW0uvv7m
qjp6GqZNly3f4JIWiQzNwT2xopg2zOTwyRodiv+nHjHGHmfaAgWt2vkp3dJ9p3JO
zxkU6md8qbOX2hI6o7hxICtx+r54AGtO4qLtVEGyUVwWPuBQyUtRmBxTBmcl/h+N
EjfB0QqauHf0E/oqczZh+Eq0lf63+zprAZdKd/X2Va2zDEX8B8RTYiwru55Fv/Gl
kKx8gDfDKDyINqMo/pyO3kkOJsUBaLxNHPW39stb9tXy1RnIIhZOCQzlvQ7Zx4Mo
HDiVW92A/aZpHgeGwtNCi6LYDSpwjgdrmuUUsOtdzqzBHvfQfZpNWc9KCP0Jj8qv
XWZNVWKi9c5uBK71ruSK8emwNHYHaRZxCEZa44mIvWIdgIGkwBSmLJyjO4X+DH9m
puGwbucoUNyaBalZs3kR/fwvicGMELC6l0H2XklqeJkfBF5OWWqsVBVy6dsaK6kp
Y/UKUD4y/sT2e9ImKeA6W2tWfpv2b4QZ08RHbzNRB1hJCBvG37U=
=dAZn
-----END PGP SIGNATURE-----

BIN
fish-3.6.4.tar.xz (Stored with Git LFS) Normal file
View File

Binary file not shown.

16
fish-3.6.4.tar.xz.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEnh3gZzzMAykZ0YUmwLlpspdOiI4FAmVvM/MACgkQwLlpspdO
iI5Tnw/+LaEsY3oiE3WPLgoDphzZ93T/qq7E5v4Xdna9k+stvujCykKCuVzbiQ2i
kr1ISa2nobYmMN73Fbpxc9hiISwaG47Wz3nZuIDmKRsEonzxRA8YY8NqobJ3yXH5
UtIdwzhR3nY91a4py8fBt/jjUXGK+W5RvbHSaP3i3hHQZaSQPlOZ7B3aByhtkYSt
9HIZAUBM1FshLmuaGOJFzTvmutOvlvf4z0Bt147biE+wogdhaaGTEfrlkKml3TbK
kBPIjTUAHFMPkZ+XjSPyzsCCD+zvyW9oDSuuXhYvmpGUOSAd+4Efmcp6zVNewAlV
el94tDhRxLBpm1J42hQO2ie/zMtbx8zBBZ4jqB1YdoqoR1a9ELFlTcOGEY0cPxVg
bb1cZ4K+XgLMHCVWEUWV9nNRCcaup5Uydr09CH/aQOdlt+is6M0Gl/iKZnOnx4Mr
yeq4bDnc487UbJoIw4WTsNH9muHPD1Z2qNUvtmDhbkTdFxDUkh0TpFa7de+gqKJI
DKtaN8fqsGzw7B4+xY7VlnLUePJNgZ6lrlA9XgRwuOa1quhdAt+AVAoF0MB2bSLv
EGB7FJ3ID78bbznf8EOrKM4lPCJcVv6093cuE+SSNSiQv90wjgm4a46yHnYYCjNG
nfFTtKDw0NjgXZWlxnfDk0Xj4QHqv5BTD6jbtvV97vbFWwbojpY=
=mUGV
-----END PGP SIGNATURE-----

32
fish.changes
View File

@ -1,3 +1,35 @@
-------------------------------------------------------------------
Wed Dec 6 12:42:56 UTC 2023 - Dan Čermák <dcermak@suse.com>
- New upstream release 3.6.4
* This release contains a complete fix for the test suite failure in fish
3.6.2 and 3.6.3.
- New upstream release 3.6.3
* This release contains a fix for a test suite failure in fish 3.6.2.
- New upstream release 3.6.2
This release of fish contains a security fix for CVE-2023-49284, a minor security problem identified
in fish 3.6.1 and previous versions (thought to affect all released versions of fish).
fish uses certain Unicode non-characters internally for marking wildcards and expansions. It
incorrectly allowed these markers to be read on command substitution output, rather than
transforming them into a safe internal representation.
For example, ``echo \UFDD2HOME`` has the same output as ``echo $HOME``.
While this may cause unexpected behavior with direct input, this may become a minor security problem
if the output is being fed from an external program into a command substitution where this output
may not be expected. (bsc#1217808, CVE-2023-49284)
-------------------------------------------------------------------
Tue Dec 5 08:08:21 UTC 2023 - Dan Čermák <dcermak@suse.com>
- Enable tests
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Oct 17 08:40:39 UTC 2023 - Matej Cepl <mcepl@cepl.eu> Tue Oct 17 08:40:39 UTC 2023 - Matej Cepl <mcepl@cepl.eu>

18
fish.spec
View File

@ -17,10 +17,11 @@
Name: fish Name: fish
Version: 3.6.1 Version: 3.6.4
Release: 0 Release: 0
Summary: The "friendly interactive shell" Summary: The "friendly interactive shell"
License: GPL-2.0-only # see bundled doc_src/license.rst
License: GPL-2.0-only AND BSD-3-Clause AND ISC AND LGPL-2.0-or-later AND MIT AND PSF-2.0
Group: System/Shells Group: System/Shells
URL: https://fishshell.com/ URL: https://fishshell.com/
Source: https://github.com/fish-shell/fish-shell/releases/download/%{version}/fish-%{version}.tar.xz Source: https://github.com/fish-shell/fish-shell/releases/download/%{version}/fish-%{version}.tar.xz
@ -35,6 +36,8 @@ BuildRequires: ncurses-devel
BuildRequires: pcre2-devel >= 10.21 BuildRequires: pcre2-devel >= 10.21
BuildRequires: pkgconfig BuildRequires: pkgconfig
BuildRequires: update-desktop-files BuildRequires: update-desktop-files
# for tests
BuildRequires: procps
Requires: awk Requires: awk
Requires: bc Requires: bc
Requires: man Requires: man
@ -75,17 +78,22 @@ rm %{buildroot}/%{_datadir}/doc/fish/.buildinfo
%suse_update_desktop_file -G "Command-line interpreter" fish TerminalEmulator %suse_update_desktop_file -G "Command-line interpreter" fish TerminalEmulator
%check
pushd build
%make_build test
popd
%post %post
# Add fish to the list of allowed shells in /etc/shells # Add fish to the list of allowed shells in /etc/shells
if ! grep -q '^%{_bindir}/%{name}$' %{_sysconfdir}/shells; then if ! grep -q '^%{_bindir}/%{name}$' %{_sysconfdir}/shells; then
echo %{_bindir}/%{name} >>%{_sysconfdir}/shells echo %{_bindir}/%{name} >>%{_sysconfdir}/shells
fi fi
%postun %postun
# Remove fish from the list of allowed shells in /etc/shells # Remove fish from the list of allowed shells in /etc/shells
if [ "$1" = 0 ]; then if [ "$1" = 0 ]; then
grep -v '^%{_bindir}/%{name}$' %{_sysconfdir}/shells >%{_sysconfdir}/%{name}.tmp grep -v '^%{_bindir}/%{name}$' %{_sysconfdir}/shells >%{_sysconfdir}/%{name}.tmp
mv %{_sysconfdir}/%{name}.tmp %{_sysconfdir}/shells mv %{_sysconfdir}/%{name}.tmp %{_sysconfdir}/shells
fi fi
%files -f %{name}.lang %files -f %{name}.lang