Debian Patches
Status for fish/3.6.0-3.1+deb12u1
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 0001-reader-make-Escape-during-history-search-restore-com.patch | reader: make Escape during history search restore commandline again Commit 3b30d92b6 (Commit transient edit when closing pager, 2022-08-31) inadvertently introduced two regressions to history search: 1. It made Escape keeps the selected history entry, instead of restoring the commandline before history search. 2. It made history search commands add undo entries. Fix both of this issues. |
Johannes Altmanninger <aclopte@gmail.com> | no | 2023-01-17 | ||
| 0002-reader-Remove-assert-in-history-search.patch | reader: Remove assert in history search This isn't a great use of `assert` because it turns a benign "oh I need to search again" bug into a crash. Fixes #9628 (cherry picked from commit 7c91d009c112ff8c68cb459b2807231bedf1fbaa) |
Fabian Boehm <FHomborg@gmail.com> | no | 2023-03-02 | ||
| 0003-workaround-for-Midnight-Commander.patch | Add workaround for Midnight Commander's issue with prompt extraction When we draw the prompt, we move the cursor to the actual position *we* think it is by issuing a carriage return (via `move(0,0)`), and then going forward until we hit the spot. This helps when the terminal and fish disagree on the width of the prompt, because we are now definitely in the correct place, so we can only overwrite a bit of the prompt (if it renders longer than we expected) or leave space after the prompt. Both of these are benign in comparison to staircase effects we would otherwise get. Unfortunately, midnight commander ("mc") tries to extract the last line of the prompt, and does so in a way that is overly naive - it resets everything to 0 when it sees a `\r`, and doesn't account for cursor movement. In effect it's playing a terminal, but not committing to the bit. Since this has been an open request in mc for quite a while, we hack around it, by checking the $MC_SID environment variable. If we see it, we skip the clearing. We end up most likely doing relative movement from where we think we are, and in most cases it should be *fine*. |
Fabian Boehm <FHomborg@gmail.com> | no | debian | upstream, https://github.com/fish-shell/fish-shell/pull/9540 | 2023-02-04 |
| CVE-2023-49284.patch | fixes CVE-2023-49284 The CVE report can be found at https://github.com/fish-shell/fish-shell/security/advisories/GHSA-2j9r-pm96-wp4f The corresponding fix can be found at https://github.com/fish-shell/fish-shell/commit/09986f5563e31e2c900a606438f1d60d008f3a14 This patch is rebased from the upstream fix. . fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command substitution output, rather than transforming them into a safe internal representation. . While this may cause unexpected behavior with direct input (for example, echo \UFDD2HOME has the same output as echo $HOME), this may become a minor security problem if the output is being fed from an external program into a command substitution where this output may not be expected. diff --git a/src/common.cpp b/src/common.cpp index baee97a..0e76bf1 100644 |
no |
Showing 1 to 4 of 4 entries
All known versions for source package 'fish'
- 4.0.1-1 (trixie, sid)
- 3.6.0-3.1+deb12u1 (bookworm)
- 3.6.0-2~bpo11+1 (bullseye-backports)
- 3.1.2-3+deb11u1 (bullseye, bullseye-security)