From 107b0faf652287386b2e7d198ee39b2c74c064dd Mon Sep 17 00:00:00 2001
From: lwg <liweiganga@uniontech.com>
Date: Wed, 6 Dec 2023 09:48:51 +0800
Subject: [PATCH] fix CVE-2023-49284

(cherry picked from commit 270e64a65b3a088d1a0701e5affd383334492b0a)
---
 backport-CVE-2023-49284.patch | 52 +++++++++++++++++++++++++++++++++++
 fish.spec                     |  9 ++++--
 2 files changed, 59 insertions(+), 2 deletions(-)
 create mode 100644 backport-CVE-2023-49284.patch

diff --git a/backport-CVE-2023-49284.patch b/backport-CVE-2023-49284.patch
new file mode 100644
index 0000000..8f42c47
--- /dev/null
+++ b/backport-CVE-2023-49284.patch
@@ -0,0 +1,52 @@
+From 09986f5563e31e2c900a606438f1d60d008f3a14 Mon Sep 17 00:00:00 2001
+From: Fabian Boehm <FHomborg@gmail.com>
+Date: Sat, 2 Dec 2023 11:06:07 +0100
+Subject: [PATCH] Encode all ENCODE_DIRECT codepoints with encode_direct
+
+---
+ src/common.cpp          |  7 ++++---
+ tests/checks/basic.fish | 11 ++++++++++-
+ 2 files changed, 14 insertions(+), 4 deletions(-)
+
+diff --git a/src/common.cpp b/src/common.cpp
+index c419bc1..bda5fe6 100644
+--- a/src/common.cpp
++++ b/src/common.cpp
+@@ -355,9 +355,7 @@ static wcstring str2wcs_internal(const char *in, const size_t in_len) {
+         } else {
+             ret = std::mbrtowc(&wc, &in[in_pos], in_len - in_pos, &state);
+             // Determine whether to encode this character with our crazy scheme.
+-            if (wc >= ENCODE_DIRECT_BASE && wc < ENCODE_DIRECT_BASE + 256) {
+-                use_encode_direct = true;
+-            } else if (wc == INTERNAL_SEPARATOR) {
++            if (fish_reserved_codepoint(wc)) {
+                 use_encode_direct = true;
+             } else if (ret == static_cast<size_t>(-2)) {
+                 // Incomplete sequence.
+@@ -1317,6 +1315,9 @@ maybe_t<size_t> read_unquoted_escape(const wchar_t *input, wcstring *result, boo
+     }
+ 
+     if (!errored && result_char_or_none.has_value()) {
++        if (fish_reserved_codepoint(*result_char_or_none)) {
++            return none();
++        }
+         result->push_back(*result_char_or_none);
+     }
+     if (errored) return none();
+diff --git a/tests/checks/basic.fish b/tests/checks/basic.fish
+index c9a2d58..83bee8f 100644
+--- a/tests/checks/basic.fish
++++ b/tests/checks/basic.fish
+@@ -500,3 +500,12 @@ echo banana
+ # This used to be a parse error - #7685.
+ echo (echo hello\\)
+ # CHECK: hello\
++
++$fish -c 'echo \ufdd2"fart"'
++# CHECKRR: fish: Invalid token '\ufdd2"fart"'
++# CHECKRR: echo \ufdd2"fart"
++# CHECHRR: ^~~~~~~~~~~^
++
++echo (sh -c 'printf $\'\ufdd2foo\'') | string escape
++# CHECK: \Xef\Xbf\X92foo
++
diff --git a/fish.spec b/fish.spec
index c2df5f7..2770cdb 100644
--- a/fish.spec
+++ b/fish.spec
@@ -1,12 +1,14 @@
 Name:           fish
 Version:        3.3.1
-Release:        2
+Release:        3
 Summary:        Friendly interactive shell
 License:        GPLv2 and BSD and ISC and LGPLv2+ and MIT
 URL:            https://fishshell.com
 Source0:        https://github.com/fish-shell/fish-shell/releases/download/%{version}/%{name}-%{version}.tar.xz
 # https://github.com/fish-shell/fish-shell/commit/37625053d424c1ab88de2b0c50c7fe71e1468e2c
 Patch0:         CVE-2022-20001.patch
+# https://github.com/fish-shell/fish-shell/commit/09986f5563e31e2c900a606438f1d60d008f3a14
+Patch1:         backport-CVE-2023-49284.patch
 
 BuildRequires:  cmake >= 3.2
 BuildRequires:  ninja-build
@@ -99,8 +101,11 @@ fi
 %{_datadir}/pixmaps/fish.png
 
 %changelog
+* Wed Dec 06 2023 lwg <relpeace@yeah.net> - 3.3.1-3
+- fix CVE-2023-49284
+
 * Mon May 16 2022 yaoxin <yaoxin30@h-partners.com> - 3.3.1-2
 - Fix CVE-2022-20001
 
-* Mon July 12 2021 wulei <wulei80@huawei.com> - 3.3.1-1
+* Mon Jul 12 2021 wulei <wulei80@huawei.com> - 3.3.1-1
 - Package init