!11 Fix CVE-2022-20001 and fix test failure

From: @starlet-dx 
Reviewed-by: @small_leek 
Signed-off-by: @small_leek

CVE-2022-20001.patch

@@ -0,0 +1,71 @@
+From 37625053d424c1ab88de2b0c50c7fe71e1468e2c Mon Sep 17 00:00:00 2001
+From: ridiculousfish <rf@fishshell.com>
+Date: Sun, 26 Dec 2021 17:25:20 -0800
+Subject: [PATCH] fish_git_prompt: be careful about git config
+
+fish_git_prompt may run certain git commands which may invoke certain
+external programs as specified `.git/config`. Prevent this by suppressing
+certain git config options.
+---
+ share/functions/fish_git_prompt.fish |  8 ++++----
+ tests/checks/git.fish                | 15 +++++++++++++++
+ 2 files changed, 19 insertions(+), 4 deletions(-)
+
+diff --git a/share/functions/fish_git_prompt.fish b/share/functions/fish_git_prompt.fish
+index 6457e114b60..9920430b9ab 100644
+--- a/share/functions/fish_git_prompt.fish
++++ b/share/functions/fish_git_prompt.fish
+@@ -345,18 +345,18 @@ function __fish_git_prompt_staged --description "fish_git_prompt helper, tells w
+     # The "diff" functions all return > 0 if there _is_ a diff,
+     # but we want to return 0 if there are staged changes.
+     # So we invert the status.
+-    not command git diff-index --cached --quiet HEAD -- 2>/dev/null
++    not command git -c core.fsmonitor= diff-index --cached --quiet HEAD -- 2>/dev/null
+     and echo 1
+ end
+ 
+ function __fish_git_prompt_untracked --description "fish_git_prompt helper, tells whether or not the current repository has untracked files"
+-    command git ls-files --others --exclude-standard --directory --no-empty-directory --error-unmatch -- :/ >/dev/null 2>&1
++    command git -c core.fsmonitor= ls-files --others --exclude-standard --directory --no-empty-directory --error-unmatch -- :/ >/dev/null 2>&1
+     and echo 1
+ end
+ 
+ function __fish_git_prompt_dirty --description "fish_git_prompt helper, tells whether or not the current branch has tracked, modified files"
+     # Like staged, invert the status because we want 0 to mean there are dirty files.
+-    not command git diff --no-ext-diff --quiet --exit-code 2>/dev/null
++    not command git -c core.fsmonitor= diff --no-ext-diff --quiet --exit-code 2>/dev/null
+     and echo 1
+ end
+ 
+@@ -372,7 +372,7 @@ function __fish_git_prompt_informative_status
+     # It's quite a bit faster and unlikely anyone cares about the number of files if it's *all* of the files
+     # in that directory.
+     # The v2 format is better, but we don't actually care in this case.
+-    set -l stats (string sub -l 2 (git status --porcelain -z -unormal | string split0))
++    set -l stats (string sub -l 2 (git -c core.fsmonitor= status --porcelain -z -unormal | string split0))
+     set -l invalidstate (string match -r '^UU' $stats | count)
+     set -l stagedstate (string match -r '^[ACDMR].' $stats | count)
+     set -l dirtystate (string match -r '^.[ACDMR]' $stats | count)
+diff --git a/tests/checks/git.fish b/tests/checks/git.fish
+index 6f1cafd8c25..a96bc8baccd 100644
+--- a/tests/checks/git.fish
++++ b/tests/checks/git.fish
+@@ -80,3 +80,18 @@ set -g __fish_git_prompt_status_order untrackedfiles
+ fish_git_prompt
+ echo
+ #CHECK: (newbranch %)
++
++# Turn on everything and verify we correctly ignore sus config files.
++set -g __fish_git_prompt_status_order stagedstate invalidstate dirtystate untrackedfiles stashstate
++set -g __fish_git_prompt_showdirtystate 1
++set -g __fish_git_prompt_show_informative_status 1
++set -g __fish_git_prompt_showuntrackedfiles 1
++rm -Rf .git *
++git init >/dev/null 2>&1
++echo -n > ran.txt
++git config core.fsmonitor 'echo fsmonitor >> ran.txt; false'
++git config core.sshCommand 'echo sshCommand >> ran.txt; false'
++git config diff.external 'echo diff >> ran.txt; false'
++touch untracked_file
++fish_git_prompt > /dev/null
++cat ran.txt # should output nothing

fish.spec

@@ -1,10 +1,14 @@
 Name:           fish
 Version:        3.3.1
-Release:        1
+Release:        2
 Summary:        Friendly interactive shell
 License:        GPLv2 and BSD and ISC and LGPLv2+ and MIT
 URL:            https://fishshell.com
 Source0:        https://github.com/fish-shell/fish-shell/releases/download/%{version}/%{name}-%{version}.tar.xz
+# https://github.com/fish-shell/fish-shell/commit/ec8844d834cc9fe626e9fc326c6f5410341d532a
+Patch01:        fix-test-failure.patch
+# https://github.com/fish-shell/fish-shell/commit/37625053d424c1ab88de2b0c50c7fe71e1468e2c
+Patch02:        CVE-2022-20001.patch
 
 BuildRequires:  cmake >= 3.2
 BuildRequires:  ninja-build
@@ -97,5 +101,9 @@ fi
 %{_datadir}/pixmaps/fish.png
 
 %changelog
+* Mon May 16 2022 yaoxin <yaoxin30@h-partners.com> - 3.3.1-2
+- Fix CVE-2022-20001
+- Fix test failure
+
 * Mon July 12 2021 wulei <wulei80@huawei.com> - 3.3.1-1
 - Package init

fix-test-failure.patch

@@ -0,0 +1,25 @@
+From bfe373299fc9a13f3fb05d6bc68c63e79d62dfa0 Mon Sep 17 00:00:00 2001
+From: Fabian Homborg <FHomborg@gmail.com>
+Date: Thu, 14 Oct 2021 18:18:51 +0200
+Subject: [PATCH] Drop tests with resetting match start inside lookaround
+
+---
+ src/fish_tests.cpp | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/src/fish_tests.cpp b/src/fish_tests.cpp
+index 2b46986..f1f4865 100644
+--- a/src/fish_tests.cpp
++++ b/src/fish_tests.cpp
+@@ -5723,8 +5723,6 @@ static void test_string() {
+         {{L"string", L"match", L"-r", L"-a", L"a*", L"b", 0}, STATUS_CMD_OK, L"\n\n"},
+         {{L"string", L"match", L"-r", L"foo\\Kbar", L"foobar", 0}, STATUS_CMD_OK, L"bar\n"},
+         {{L"string", L"match", L"-r", L"(foo)\\Kbar", L"foobar", 0}, STATUS_CMD_OK, L"bar\nfoo\n"},
+-        {{L"string", L"match", L"-r", L"(?=ab\\K)", L"ab", 0}, STATUS_CMD_OK, L"\n"},
+-        {{L"string", L"match", L"-r", L"(?=ab\\K)..(?=cd\\K)", L"abcd", 0}, STATUS_CMD_OK, L"\n"},
+ 
+         {{L"string", L"replace", 0}, STATUS_INVALID_ARGS, L""},
+         {{L"string", L"replace", L"", 0}, STATUS_INVALID_ARGS, L""},
+-- 
+2.23.0
+