Bug 30227

guillomovitch looks after 'fish', so assigning to you.

Assignee: bugsquad => guillomovitch

Fedora has issued an advisory for this today (April 4):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TRNMYS2LKB6TKOOBQQRSRQICDMWLZ4QL/

They updated to 3.4.1.

Severity: normal => major

Updated packages uploaded for Mageia 8 and Cauldron by Guillaume.

fish-3.4.1-1.mga8

from fish-3.4.1-1.mga8.src.rpm

Assignee: guillomovitch => qa-bugs
Version: Cauldron => 8
Whiteboard: MGA8TOO => (none)
Status comment: Fixed upstream in 3.4.0 => (none)
CC: (none) => guillomovitch

mga8, x64
Updated from fish version 3.1.
Opened a fish shell from the bash command line.
$ fish
Welcome to fish, the friendly interactive shell
Type `help` for instructions on how to use fish
lcl@difda ~/bin (master)> help

That opened the help page in a browser.

Syntax highlighting works.
bash commands like launchGUIs work.  Command completion works.  So does command recall.

Tried:
> bash -c "ls ../qa | wc -l"
518
> echo hello world
hello world

This failed:
> open ~/Pictures/TwoWorldsOneSun_Bouic.jpg
open: Failed to open /dev/console
: Permission denied
<In caja in Mate clicking the image displays it with eom>
> cd ~/intray
> open bookmarks.html
open: Failed to open /dev/console
: Permission denied

Note that xdg-utils is installed but I rarely set user preferences for anything so am relying on the desktop environment defaults.

open sounds like a very useful command so I am reluctant to pass this update without some reassurance from other users.

CC: (none) => tarazed25

I tried
tester8@mach5 ~> open Pictures/D078.jpg
and that returns nothing and does nothing.
The info I find says "opens with the default application", but is fish aware of the desktop in use? If I use Plasma or Xfce on the same installation, the default application can be different as far as I remember.
I could not find easily where such configuration for fish might be found.
I tried 
tester8@mach5 ~> dirh
    /home/tester8

tester8@mach5 ~> cd Pictures/
tester8@mach5 ~/Pictures> cd ../Documents/
tester8@mach5 ~/Documents> dirh
 2) /home/tester8
 1) /home/tester8/Pictures
    /home/tester8/Documents
and that looks good.
I've never done anything with xdg that I'm aware off.
Tried
$ xdg-mime default ristretto.desktop image/jpg
[tester8@mach5 ~]$ fish
Welcome to fish, the friendly interactive shell
Type help for instructions on how to use fish
tester8@mach5 ~> open Pictures/D078.jpg
But no return as before.
And indeed:
$ xdg-mime query default image/jpg
returns nothing
This seems to require more knwledge on xdg than I have......

CC: (none) => herman.viaene

Thanks Herman for following up on this.  I have to agree that this requires a little more knowledge of what goes on under the hood so I am sending it on.  It is generally functional.

Whiteboard: (none) => MGA8-64-OK

Validating.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Advisory committed to svn as ...
type: security
subject: Updated fish packages fix security vulnerability
CVE:
 - CVE-2022-20001
src:
  8:
   core:
     - fish-3.4.1-1.mga8
description: |
  Arbitrary Code Execution. (CVE-2022-20001)
references:
 - https://bugs.mageia.org/show_bug.cgi?id=30227
 - https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SRNZU5M6WR5TPTNDAIMOYXCJP2ONI4FB/
 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TRNMYS2LKB6TKOOBQQRSRQICDMWLZ4QL/

CC: (none) => davidwhodgins
Keywords: (none) => advisory

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0181.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED