From b0ddcee30f793522f5c0b10288e6efe66bfe7d3c Mon Sep 17 00:00:00 2001
From: starlet-dx <15929766099@163.com>
Date: Mon, 16 May 2022 09:36:38 +0800
Subject: [PATCH] Fix CVE-2022-20001

(cherry picked from commit 47a90ea8a0190f7e3b9cb52a9c4cdcd516ebc560)
---
 CVE-2022-20001.patch | 71 ++++++++++++++++++++++++++++++++++++++++++++
 fish.spec            |  7 ++++-
 2 files changed, 77 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2022-20001.patch

diff --git a/CVE-2022-20001.patch b/CVE-2022-20001.patch
new file mode 100644
index 0000000..e37be97
--- /dev/null
+++ b/CVE-2022-20001.patch
@@ -0,0 +1,71 @@
+From 37625053d424c1ab88de2b0c50c7fe71e1468e2c Mon Sep 17 00:00:00 2001
+From: ridiculousfish <rf@fishshell.com>
+Date: Sun, 26 Dec 2021 17:25:20 -0800
+Subject: [PATCH] fish_git_prompt: be careful about git config
+
+fish_git_prompt may run certain git commands which may invoke certain
+external programs as specified `.git/config`. Prevent this by suppressing
+certain git config options.
+---
+ share/functions/fish_git_prompt.fish |  8 ++++----
+ tests/checks/git.fish                | 15 +++++++++++++++
+ 2 files changed, 19 insertions(+), 4 deletions(-)
+
+diff --git a/share/functions/fish_git_prompt.fish b/share/functions/fish_git_prompt.fish
+index 6457e114b60..9920430b9ab 100644
+--- a/share/functions/fish_git_prompt.fish
++++ b/share/functions/fish_git_prompt.fish
+@@ -345,18 +345,18 @@ function __fish_git_prompt_staged --description "fish_git_prompt helper, tells w
+     # The "diff" functions all return > 0 if there _is_ a diff,
+     # but we want to return 0 if there are staged changes.
+     # So we invert the status.
+-    not command git diff-index --cached --quiet HEAD -- 2>/dev/null
++    not command git -c core.fsmonitor= diff-index --cached --quiet HEAD -- 2>/dev/null
+     and echo 1
+ end
+ 
+ function __fish_git_prompt_untracked --description "fish_git_prompt helper, tells whether or not the current repository has untracked files"
+-    command git ls-files --others --exclude-standard --directory --no-empty-directory --error-unmatch -- :/ >/dev/null 2>&1
++    command git -c core.fsmonitor= ls-files --others --exclude-standard --directory --no-empty-directory --error-unmatch -- :/ >/dev/null 2>&1
+     and echo 1
+ end
+ 
+ function __fish_git_prompt_dirty --description "fish_git_prompt helper, tells whether or not the current branch has tracked, modified files"
+     # Like staged, invert the status because we want 0 to mean there are dirty files.
+-    not command git diff --no-ext-diff --quiet --exit-code 2>/dev/null
++    not command git -c core.fsmonitor= diff --no-ext-diff --quiet --exit-code 2>/dev/null
+     and echo 1
+ end
+ 
+@@ -372,7 +372,7 @@ function __fish_git_prompt_informative_status
+     # It's quite a bit faster and unlikely anyone cares about the number of files if it's *all* of the files
+     # in that directory.
+     # The v2 format is better, but we don't actually care in this case.
+-    set -l stats (string sub -l 2 (git status --porcelain -z -unormal | string split0))
++    set -l stats (string sub -l 2 (git -c core.fsmonitor= status --porcelain -z -unormal | string split0))
+     set -l invalidstate (string match -r '^UU' $stats | count)
+     set -l stagedstate (string match -r '^[ACDMR].' $stats | count)
+     set -l dirtystate (string match -r '^.[ACDMR]' $stats | count)
+diff --git a/tests/checks/git.fish b/tests/checks/git.fish
+index 6f1cafd8c25..a96bc8baccd 100644
+--- a/tests/checks/git.fish
++++ b/tests/checks/git.fish
+@@ -80,3 +80,18 @@ set -g __fish_git_prompt_status_order untrackedfiles
+ fish_git_prompt
+ echo
+ #CHECK: (newbranch %)
++
++# Turn on everything and verify we correctly ignore sus config files.
++set -g __fish_git_prompt_status_order stagedstate invalidstate dirtystate untrackedfiles stashstate
++set -g __fish_git_prompt_showdirtystate 1
++set -g __fish_git_prompt_show_informative_status 1
++set -g __fish_git_prompt_showuntrackedfiles 1
++rm -Rf .git *
++git init >/dev/null 2>&1
++echo -n > ran.txt
++git config core.fsmonitor 'echo fsmonitor >> ran.txt; false'
++git config core.sshCommand 'echo sshCommand >> ran.txt; false'
++git config diff.external 'echo diff >> ran.txt; false'
++touch untracked_file
++fish_git_prompt > /dev/null
++cat ran.txt # should output nothing
diff --git a/fish.spec b/fish.spec
index 5939a57..c2df5f7 100644
--- a/fish.spec
+++ b/fish.spec
@@ -1,10 +1,12 @@
 Name:           fish
 Version:        3.3.1
-Release:        1
+Release:        2
 Summary:        Friendly interactive shell
 License:        GPLv2 and BSD and ISC and LGPLv2+ and MIT
 URL:            https://fishshell.com
 Source0:        https://github.com/fish-shell/fish-shell/releases/download/%{version}/%{name}-%{version}.tar.xz
+# https://github.com/fish-shell/fish-shell/commit/37625053d424c1ab88de2b0c50c7fe71e1468e2c
+Patch0:         CVE-2022-20001.patch
 
 BuildRequires:  cmake >= 3.2
 BuildRequires:  ninja-build
@@ -97,5 +99,8 @@ fi
 %{_datadir}/pixmaps/fish.png
 
 %changelog
+* Mon May 16 2022 yaoxin <yaoxin30@h-partners.com> - 3.3.1-2
+- Fix CVE-2022-20001
+
 * Mon July 12 2021 wulei <wulei80@huawei.com> - 3.3.1-1
 - Package init
-- 
Gitee