diff --git a/.gitignore b/.gitignore
index 9de0d23..f2d7dc9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
/fish-2.1.0.tar.gz
+/fish-2.1.1.tar.gz
diff --git a/fish-upstream-CVE-2014-2905-part2.patch b/fish-upstream-CVE-2014-2905-part2.patch
deleted file mode 100644
index b1c444f..0000000
--- a/fish-upstream-CVE-2014-2905-part2.patch
+++ /dev/null
@@ -1,185 +0,0 @@
-From b5cd21c337a8990c0c343ab2c22d3dc123a03d25 Mon Sep 17 00:00:00 2001
-Message-Id: <b5cd21c337a8990c0c343ab2c22d3dc123a03d25.1407803973.git.luto@amacapital.net>
-From: David Adam <zanchey@ucc.gu.uwa.edu.au>
-Date: Mon, 4 Aug 2014 13:26:14 +0800
-Subject: [PATCH 1/3] Further fixes to universal variable server socket
- management
-
-- Change fishd_path to std::string
-- Warn, rather than exiting with an error, if the universal variable
- server path is not available, and provide more useful advice.
-- Export the new __fishd_runtime_dir variable.
----
- common.cpp | 13 +++++++------
- common.h | 2 +-
- env.cpp | 4 ++--
- env_universal.cpp | 22 ++++++++++++++--------
- env_universal.h | 2 +-
- fish_pager.cpp | 4 ++--
- fishd.cpp | 9 +++++++--
- 7 files changed, 34 insertions(+), 22 deletions(-)
-
-diff --git a/common.cpp b/common.cpp
-index 3e5a2c8..203eda5 100644
---- a/common.cpp
-+++ b/common.cpp
-@@ -2381,10 +2381,11 @@ static int check_runtime_path(const char * path)
- }
-
- /** Return the path of an appropriate runtime data directory */
--const char* common_get_runtime_path(void)
-+std::string common_get_runtime_path()
- {
- const char *dir = getenv("XDG_RUNTIME_DIR");
- const char *uname = getenv("USER");
-+ std::string path;
-
- if (uname == NULL)
- {
-@@ -2396,19 +2397,19 @@ const char* common_get_runtime_path(void)
- {
- // /tmp/fish.user
- dir = "/tmp/fish.";
-- std::string path;
- path.reserve(strlen(dir) + strlen(uname));
- path.append(dir);
- path.append(uname);
- if (check_runtime_path(path.c_str()) != 0)
- {
-- debug(0, L"Couldn't create secure runtime path: '%s'", path.c_str());
-- exit(EXIT_FAILURE);
-+ debug(0, L"Runtime path not available. Try deleting the directory %s and restarting fish.", path.c_str());
-+ path.clear();
- }
-- return strdup(path.c_str());
- }
- else
- {
-- return dir;
-+ path.reserve(strlen(dir));
-+ path.append(dir);
- }
-+ return path;
- }
-diff --git a/common.h b/common.h
-index 4d18aca..b160245 100644
---- a/common.h
-+++ b/common.h
-@@ -814,6 +814,6 @@ extern "C" {
- }
-
- /** Return the path of an appropriate runtime data directory */
--const char* common_get_runtime_path(void);
-+std::string common_get_runtime_path();
-
- #endif
-diff --git a/env.cpp b/env.cpp
-index 0bda417..703d619 100644
---- a/env.cpp
-+++ b/env.cpp
-@@ -620,8 +620,8 @@ void env_init(const struct config_paths_t *paths /* or NULL */)
-
- const env_var_t user_dir_wstr = env_get_string(L"USER");
-
-- const char * fishd_dir = common_get_runtime_path();
-- env_set(L"__fish_runtime_dir", str2wcstring(fishd_dir).c_str(), ENV_GLOBAL);
-+ std::string fishd_dir = common_get_runtime_path();
-+ env_set(L"__fish_runtime_dir", str2wcstring(fishd_dir).c_str(), ENV_GLOBAL | ENV_EXPORT);
-
- wchar_t * user_dir = user_dir_wstr.missing()?NULL:const_cast<wchar_t*>(user_dir_wstr.c_str());
-
-diff --git a/env_universal.cpp b/env_universal.cpp
-index 1a97443..78e3130 100644
---- a/env_universal.cpp
-+++ b/env_universal.cpp
-@@ -242,23 +242,29 @@ static void reconnect()
- }
-
-
--void env_universal_init(const char * p,
-+void env_universal_init(std::string p,
- wchar_t *u,
- void (*sf)(),
- void (*cb)(fish_message_type_t type, const wchar_t *name, const wchar_t *val))
- {
-- path=p;
-+ path=p.c_str();
- user=u;
- start_fishd=sf;
- external_callback = cb;
-
-- env_universal_server.fd = get_socket();
-- env_universal_common_init(&callback);
-- env_universal_read_all();
-- s_env_univeral_inited = true;
-- if (env_universal_server.fd >= 0)
-+ if (p == "") {
-+ debug(1, L"Could not connect to universal variable server. You will not be able to share variable values between fish sessions.");
-+ }
-+ else
- {
-- env_universal_barrier();
-+ env_universal_server.fd = get_socket();
-+ env_universal_common_init(&callback);
-+ env_universal_read_all();
-+ s_env_univeral_inited = true;
-+ if (env_universal_server.fd >= 0)
-+ {
-+ env_universal_barrier();
-+ }
- }
- }
-
-diff --git a/env_universal.h b/env_universal.h
-index 9e6ab85..f14db29 100644
---- a/env_universal.h
-+++ b/env_universal.h
-@@ -17,7 +17,7 @@ extern connection_t env_universal_server;
- /**
- Initialize the envuni library
- */
--void env_universal_init(const char * p,
-+void env_universal_init(std::string p,
- wchar_t *u,
- void (*sf)(),
- void (*cb)(fish_message_type_t type, const wchar_t *name, const wchar_t *val));
-diff --git a/fish_pager.cpp b/fish_pager.cpp
-index 27bc80e..6d05774 100644
---- a/fish_pager.cpp
-+++ b/fish_pager.cpp
-@@ -1032,8 +1032,8 @@ static void init(int mangle_descriptors, int out)
- exit(1);
- }
-
--
-- env_universal_init("", 0, 0, 0);
-+ std::string dir = common_get_runtime_path();
-+ env_universal_init(dir, 0, 0, 0);
- input_common_init(&interrupt_handler);
- output_set_writer(&pager_buffered_writer);
-
-diff --git a/fishd.cpp b/fishd.cpp
-index dd43647..d725e43 100644
---- a/fishd.cpp
-+++ b/fishd.cpp
-@@ -159,10 +159,15 @@ static int quit=0;
- */
- static std::string get_socket_filename(void)
- {
-- const char *dir = common_get_runtime_path();
-+ std::string dir = common_get_runtime_path();
-+
-+ if (dir == "") {
-+ debug(0, L"Cannot access desired socket path.");
-+ exit(EXIT_FAILURE);
-+ }
-
- std::string name;
-- name.reserve(strlen(dir) + strlen(SOCK_FILENAME) + 1);
-+ name.reserve(dir.length() + strlen(SOCK_FILENAME) + 1);
- name.append(dir);
- name.push_back('/');
- name.append(SOCK_FILENAME);
---
-1.9.3
-
diff --git a/fish-upstream-CVE-2014-2905.patch b/fish-upstream-CVE-2014-2905.patch
deleted file mode 100644
index 3f26d84..0000000
--- a/fish-upstream-CVE-2014-2905.patch
+++ /dev/null
@@ -1,478 +0,0 @@
-From 4cb4fc3ef889788b9755451bc565e27bb803b8ba Mon Sep 17 00:00:00 2001
-Message-Id: <4cb4fc3ef889788b9755451bc565e27bb803b8ba.1407803923.git.luto@amacapital.net>
-From: David Adam <zanchey@ucc.gu.uwa.edu.au>
-Date: Sun, 20 Apr 2014 19:20:07 +0800
-Subject: [PATCH] Fix for CVE-2014-2905 - fishd restart required.
-
- - Use a secure path for sockets (some code used under license from
- tmux).
- - Provide the secure path in the environment as $__fish_runtime_dir.
- - Link the new path to the old path to ease migration from earlier
- versions.
-
-Closes #1359.
-
-After installing fish built from or after this commit, you MUST
-terminate all running fishd processes (`killall fishd`, `pkill fishd`
-or similar). Distributors are encouraged to do this from within their
-packaging scripts. fishd will restart automatically, and no data should
-be lost.
----
- common.cpp | 70 ++++++++++++++++++++++++++++++++++++++++++++++++
- common.h | 2 ++
- doc_src/license.hdr | 20 ++++++++++++++
- env.cpp | 7 ++---
- env_universal.cpp | 41 +++++-----------------------
- env_universal.h | 2 +-
- env_universal_common.cpp | 10 +++++--
- env_universal_common.h | 9 +++++--
- fish_pager.cpp | 2 +-
- fishd.cpp | 56 +++++++++++++++++++++++++++++++++++---
- 10 files changed, 172 insertions(+), 47 deletions(-)
-
-diff --git a/common.cpp b/common.cpp
-index 7a9f7a5..3e5a2c8 100644
---- a/common.cpp
-+++ b/common.cpp
-@@ -24,6 +24,7 @@ parts of fish.
- #include <stdio.h>
- #include <dirent.h>
- #include <sys/types.h>
-+#include <pwd.h>
-
- #ifdef HAVE_SYS_IOCTL_H
- #include <sys/ioctl.h>
-@@ -2342,3 +2343,72 @@ char **make_null_terminated_array(const std::vector<std::string> &lst)
- {
- return make_null_terminated_array_helper(lst);
- }
-+
-+/**
-+ Check, and create if necessary, a secure runtime path
-+ Derived from tmux.c in tmux (http://tmux.sourceforge.net/)
-+*/
-+static int check_runtime_path(const char * path)
-+{
-+ /*
-+ * Copyright (c) 2007 Nicholas Marriott <nicm@users.sourceforge.net>
-+ *
-+ * Permission to use, copy, modify, and distribute this software for any
-+ * purpose with or without fee is hereby granted, provided that the above
-+ * copyright notice and this permission notice appear in all copies.
-+ *
-+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-+ * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER
-+ * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
-+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-+ */
-+
-+ struct stat statpath;
-+ u_int uid = geteuid();
-+
-+ if (mkdir(path, S_IRWXU) != 0 && errno != EEXIST)
-+ return errno;
-+ if (lstat(path, &statpath) != 0)
-+ return errno;
-+ if (!S_ISDIR(statpath.st_mode)
-+ || statpath.st_uid != uid
-+ || (statpath.st_mode & (S_IRWXG|S_IRWXO)) != 0)
-+ return EACCES;
-+ return 0;
-+}
-+
-+/** Return the path of an appropriate runtime data directory */
-+const char* common_get_runtime_path(void)
-+{
-+ const char *dir = getenv("XDG_RUNTIME_DIR");
-+ const char *uname = getenv("USER");
-+
-+ if (uname == NULL)
-+ {
-+ const struct passwd *pw = getpwuid(getuid());
-+ uname = pw->pw_name;
-+ }
-+
-+ if (dir == NULL)
-+ {
-+ // /tmp/fish.user
-+ dir = "/tmp/fish.";
-+ std::string path;
-+ path.reserve(strlen(dir) + strlen(uname));
-+ path.append(dir);
-+ path.append(uname);
-+ if (check_runtime_path(path.c_str()) != 0)
-+ {
-+ debug(0, L"Couldn't create secure runtime path: '%s'", path.c_str());
-+ exit(EXIT_FAILURE);
-+ }
-+ return strdup(path.c_str());
-+ }
-+ else
-+ {
-+ return dir;
-+ }
-+}
-diff --git a/common.h b/common.h
-index 57fe7fa..4d18aca 100644
---- a/common.h
-+++ b/common.h
-@@ -813,5 +813,7 @@ extern "C" {
- __attribute__((noinline)) void debug_thread_error(void);
- }
-
-+/** Return the path of an appropriate runtime data directory */
-+const char* common_get_runtime_path(void);
-
- #endif
-diff --git a/doc_src/license.hdr b/doc_src/license.hdr
-index 64bab10..76981a9 100644
---- a/doc_src/license.hdr
-+++ b/doc_src/license.hdr
-@@ -1400,6 +1400,26 @@ POSSIBILITY OF SUCH DAMAGES.
-
- <P>
-
-+<h2>License for code derived from tmux</h2>
-+
-+Fish contains code derived from
-+<a href="http://tmux.sourceforge.net">tmux</a>, made available under an ISC
-+license.
-+<p>
-+Copyright (c) 2007 Nicholas Marriott <nicm@users.sourceforge.net>
-+<p>
-+Permission to use, copy, modify, and distribute this software for any
-+purpose with or without fee is hereby granted, provided that the above
-+copyright notice and this permission notice appear in all copies.
-+<p>
-+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-+WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER
-+IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
-+OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-+
- */
-
- \htmlonly </div> \endhtmlonly
-diff --git a/env.cpp b/env.cpp
-index 13f87b6..0bda417 100644
---- a/env.cpp
-+++ b/env.cpp
-@@ -57,7 +57,7 @@
- #include "complete.h"
-
- /** Command used to start fishd */
--#define FISHD_CMD L"fishd ^ /tmp/fishd.log.%s"
-+#define FISHD_CMD L"fishd ^ $__fish_runtime_dir/fishd.log.%s"
-
- // Version for easier debugging
- //#define FISHD_CMD L"fishd"
-@@ -618,10 +618,11 @@ void env_init(const struct config_paths_t *paths /* or NULL */)
- env_set(L"version", version.c_str(), ENV_GLOBAL);
- env_set(L"FISH_VERSION", version.c_str(), ENV_GLOBAL);
-
-- const env_var_t fishd_dir_wstr = env_get_string(L"FISHD_SOCKET_DIR");
- const env_var_t user_dir_wstr = env_get_string(L"USER");
-
-- wchar_t * fishd_dir = fishd_dir_wstr.missing()?NULL:const_cast<wchar_t*>(fishd_dir_wstr.c_str());
-+ const char * fishd_dir = common_get_runtime_path();
-+ env_set(L"__fish_runtime_dir", str2wcstring(fishd_dir).c_str(), ENV_GLOBAL);
-+
- wchar_t * user_dir = user_dir_wstr.missing()?NULL:const_cast<wchar_t*>(user_dir_wstr.c_str());
-
- env_universal_init(fishd_dir , user_dir ,
-diff --git a/env_universal.cpp b/env_universal.cpp
-index c7d060a..1a97443 100644
---- a/env_universal.cpp
-+++ b/env_universal.cpp
-@@ -61,7 +61,7 @@ static int get_socket_count = 0;
- #define DEFAULT_RETRY_COUNT 15
- #define DEFAULT_RETRY_DELAY 0.2
-
--static wchar_t * path;
-+static const char * path;
- static wchar_t *user;
- static void (*start_fishd)();
- static void (*external_callback)(fish_message_type_t type, const wchar_t *name, const wchar_t *val);
-@@ -82,48 +82,19 @@ static int try_get_socket_once(void)
- {
- int s;
-
-- wchar_t *wdir;
-- wchar_t *wuname;
-- char *dir = 0;
--
-- wdir = path;
-- wuname = user;
--
- if ((s = socket(AF_UNIX, SOCK_STREAM, 0)) == -1)
- {
- wperror(L"socket");
- return -1;
- }
-
-- if (wdir)
-- dir = wcs2str(wdir);
-- else
-- dir = strdup("/tmp");
--
-- std::string uname;
-- if (wuname)
-- {
-- uname = wcs2string(wuname);
-- }
-- else
-- {
-- struct passwd *pw = getpwuid(getuid());
-- if (pw && pw->pw_name)
-- {
-- uname = pw->pw_name;
-- }
-- }
--
- std::string name;
-- name.reserve(strlen(dir) + uname.size() + strlen(SOCK_FILENAME) + 2);
-- name.append(dir);
-- name.append("/");
-+ name.reserve(strlen(path) + strlen(SOCK_FILENAME) + 1);
-+ name.append(path);
-+ name.push_back('/');
- name.append(SOCK_FILENAME);
-- name.append(uname);
--
-- free(dir);
-
-- debug(3, L"Connect to socket %s at fd %2", name.c_str(), s);
-+ debug(3, L"Connect to socket %s at fd %d", name.c_str(), s);
-
- struct sockaddr_un local = {};
- local.sun_family = AF_UNIX;
-@@ -271,7 +242,7 @@ static void reconnect()
- }
-
-
--void env_universal_init(wchar_t * p,
-+void env_universal_init(const char * p,
- wchar_t *u,
- void (*sf)(),
- void (*cb)(fish_message_type_t type, const wchar_t *name, const wchar_t *val))
-diff --git a/env_universal.h b/env_universal.h
-index 4f38fe7..9e6ab85 100644
---- a/env_universal.h
-+++ b/env_universal.h
-@@ -17,7 +17,7 @@ extern connection_t env_universal_server;
- /**
- Initialize the envuni library
- */
--void env_universal_init(wchar_t * p,
-+void env_universal_init(const char * p,
- wchar_t *u,
- void (*sf)(),
- void (*cb)(fish_message_type_t type, const wchar_t *name, const wchar_t *val));
-diff --git a/env_universal_common.cpp b/env_universal_common.cpp
-index f600e70..2b12cf1 100644
---- a/env_universal_common.cpp
-+++ b/env_universal_common.cpp
-@@ -27,7 +27,6 @@
- #include <locale.h>
- #include <dirent.h>
- #include <signal.h>
--#include <sys/stat.h>
- #include <map>
-
- #ifdef HAVE_SYS_SELECT_H
-@@ -87,6 +86,13 @@
- #define ENV_UNIVERSAL_EOF 0x102
-
- /**
-+ Maximum length of socket filename
-+*/
-+#ifndef UNIX_PATH_MAX
-+#define UNIX_PATH_MAX 100
-+#endif
-+
-+/**
- A variable entry. Stores the value of a variable and whether it
- should be exported. Obviously, it needs to be allocated large
- enough to fit the value string.
-@@ -417,7 +423,7 @@ void env_universal_common_init(void (*cb)(fish_message_type_t type, const wchar_
- }
-
- /**
-- Read one byte of date form the specified connection
-+ Read one byte of date from the specified connection
- */
- static int read_byte(connection_t *src)
- {
-diff --git a/env_universal_common.h b/env_universal_common.h
-index 0a13a41..deddfb3 100644
---- a/env_universal_common.h
-+++ b/env_universal_common.h
-@@ -33,9 +33,9 @@
-
-
- /**
-- The filename to use for univeral variables. The username is appended
-+ The filename to use for univeral variables.
- */
--#define SOCK_FILENAME "fishd.socket."
-+#define SOCK_FILENAME "fishd.socket"
-
- /**
- The different types of commands that can be sent between client/server
-@@ -134,6 +134,11 @@ void try_send_all(connection_t *c);
- message_t *create_message(fish_message_type_t type, const wchar_t *key, const wchar_t *val);
-
- /**
-+ Constructs the fish socket filename
-+*/
-+std::string env_universal_common_get_socket_filename(void);
-+
-+/**
- Init the library
- */
- void env_universal_common_init(void (*cb)(fish_message_type_t type, const wchar_t *key, const wchar_t *val));
-diff --git a/fish_pager.cpp b/fish_pager.cpp
-index 9cde933..27bc80e 100644
---- a/fish_pager.cpp
-+++ b/fish_pager.cpp
-@@ -1033,7 +1033,7 @@ static void init(int mangle_descriptors, int out)
- }
-
-
-- env_universal_init(0, 0, 0, 0);
-+ env_universal_init("", 0, 0, 0);
- input_common_init(&interrupt_handler);
- output_set_writer(&pager_buffered_writer);
-
-diff --git a/fishd.cpp b/fishd.cpp
-index edb79c2..dd43647 100644
---- a/fishd.cpp
-+++ b/fishd.cpp
-@@ -159,6 +159,27 @@ static int quit=0;
- */
- static std::string get_socket_filename(void)
- {
-+ const char *dir = common_get_runtime_path();
-+
-+ std::string name;
-+ name.reserve(strlen(dir) + strlen(SOCK_FILENAME) + 1);
-+ name.append(dir);
-+ name.push_back('/');
-+ name.append(SOCK_FILENAME);
-+
-+ if (name.size() >= UNIX_PATH_MAX)
-+ {
-+ debug(1, L"Filename too long: '%s'", name.c_str());
-+ exit(EXIT_FAILURE);
-+ }
-+ return name;
-+}
-+
-+/**
-+ Constructs the legacy socket filename
-+*/
-+static std::string get_old_socket_filename(void)
-+{
- const char *dir = getenv("FISHD_SOCKET_DIR");
- char *uname = getenv("USER");
-
-@@ -174,10 +195,9 @@ static std::string get_socket_filename(void)
- }
-
- std::string name;
-- name.reserve(strlen(dir)+ strlen(uname)+ strlen(SOCK_FILENAME) + 1);
-+ name.reserve(strlen(dir)+ strlen(uname)+ strlen("fishd.socket.") + 1);
- name.append(dir);
-- name.push_back('/');
-- name.append(SOCK_FILENAME);
-+ name.append("/fishd.socket.");
- name.append(uname);
-
- if (name.size() >= UNIX_PATH_MAX)
-@@ -541,6 +561,7 @@ repeat:
- int exitcode = EXIT_FAILURE;
- struct sockaddr_un local;
- const std::string sock_name = get_socket_filename();
-+ const std::string old_sock_name = get_old_socket_filename();
-
- /*
- Start critical section protected by lock
-@@ -598,6 +619,19 @@ repeat:
- doexit = 1;
- }
-
-+ // Attempt to hardlink the old socket name so that old versions of fish keep working on upgrade
-+ // Not critical if it fails
-+ if (unlink(old_sock_name.c_str()) != 0 && errno != ENOENT)
-+ {
-+ debug(0, L"Could not create legacy socket path");
-+ wperror(L"unlink");
-+ }
-+ else if (link(sock_name.c_str(), old_sock_name.c_str()) != 0)
-+ {
-+ debug(0, L"Could not create legacy socket path");
-+ wperror(L"link");
-+ }
-+
- unlock:
- (void)unlink(lockfile.c_str());
- debug(4, L"Released lockfile: %s", lockfile.c_str());
-@@ -873,6 +907,18 @@ static void init()
- }
-
- /**
-+ Clean up behind ourselves
-+*/
-+static void cleanup()
-+{
-+ if (unlink(get_old_socket_filename().c_str()) != 0)
-+ {
-+ debug(0, L"Could not remove legacy socket path");
-+ wperror(L"unlink");
-+ }
-+}
-+
-+/**
- Main function for fishd
- */
- int main(int argc, char ** argv)
-@@ -973,6 +1019,7 @@ int main(int argc, char ** argv)
- if (quit)
- {
- save();
-+ cleanup();
- exit(0);
- }
-
-@@ -982,6 +1029,7 @@ int main(int argc, char ** argv)
- if (errno != EINTR)
- {
- wperror(L"select");
-+ cleanup();
- exit(1);
- }
- }
-@@ -994,6 +1042,7 @@ int main(int argc, char ** argv)
- &t)) == -1)
- {
- wperror(L"accept");
-+ cleanup();
- exit(1);
- }
- else
-@@ -1070,6 +1119,7 @@ int main(int argc, char ** argv)
- {
- debug(0, L"No more clients. Quitting");
- save();
-+ cleanup();
- break;
- }
-
---
-1.9.3
-
diff --git a/fish-upstream-CVE-2014-2906.patch b/fish-upstream-CVE-2014-2906.patch
deleted file mode 100644
index ae99537..0000000
--- a/fish-upstream-CVE-2014-2906.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-From c0989dce2d882c94eb3183e7b94402ba53534abb Mon Sep 17 00:00:00 2001
-Message-Id: <c0989dce2d882c94eb3183e7b94402ba53534abb.1398703637.git.luto@amacapital.net>
-In-Reply-To: <3c5d5b344ee945b99e4bb16a44af6f293601813d.1398703637.git.luto@amacapital.net>
-References: <3c5d5b344ee945b99e4bb16a44af6f293601813d.1398703637.git.luto@amacapital.net>
-From: David Adam <zanchey@ucc.gu.uwa.edu.au>
-Date: Sun, 20 Apr 2014 23:51:20 +0800
-Subject: [PATCH 4/4] use mktemp(1) to generate temporary file names
-
-Fix for CVE-2014-2906.
-
-Closes a race condition in funced which would allow execution of
-arbitrary code; closes a race condition in psub which would allow
-alternation of the data stream.
-
-Note that `psub -f` does not work (#1040); a fix should be committed
-separately for ease of maintenance.
----
- share/functions/funced.fish | 6 +-----
- share/functions/psub.fish | 11 +++--------
- 2 files changed, 4 insertions(+), 13 deletions(-)
-
-diff --git a/share/functions/funced.fish b/share/functions/funced.fish
-index 3c2de06..ca2e277 100644
---- a/share/functions/funced.fish
-+++ b/share/functions/funced.fish
-@@ -81,11 +81,7 @@ function funced --description 'Edit function definition'
- return 0
- end
-
-- set -q TMPDIR; or set -l TMPDIR /tmp
-- set -l tmpname (printf "$TMPDIR/fish_funced_%d_%d.fish" %self (random))
-- while test -f $tmpname
-- set tmpname (printf "$TMPDIR/fish_funced_%d_%d.fish" %self (random))
-- end
-+ set tmpname (mktemp -t fish_funced.XXXXXXXXXX)
-
- if functions -q -- $funcname
- functions -- $funcname > $tmpname
-diff --git a/share/functions/psub.fish b/share/functions/psub.fish
-index 42e34c7..7877aa4 100644
---- a/share/functions/psub.fish
-+++ b/share/functions/psub.fish
-@@ -45,21 +45,16 @@ function psub --description "Read from stdin into a file and output the filename
- return
- end
-
-- # Find unique file name for writing output to
-- while true
-- set filename /tmp/.psub.(echo %self).(random);
-- if not test -e $filename
-- break;
-- end
-- end
--
- if test use_fifo = 1
- # Write output to pipe. This needs to be done in the background so
- # that the command substitution exits without needing to wait for
- # all the commands to exit
-+ set dir (mktemp -d /tmp/.psub.XXXXXXXXXX); or return
-+ set filename $dir/psub.fifo
- mkfifo $filename
- cat >$filename &
- else
-+ set filename (mktemp /tmp/.psub.XXXXXXXXXX)
- cat >$filename
- end
-
---
-1.9.0
-
diff --git a/fish-upstream-CVE-2014-2914-part2.patch b/fish-upstream-CVE-2014-2914-part2.patch
deleted file mode 100644
index 3dae9ab..0000000
--- a/fish-upstream-CVE-2014-2914-part2.patch
+++ /dev/null
@@ -1,239 +0,0 @@
-commit 397249a8d5a939d044da8ecfbb1654d48ce5a153
-Author: David Adam <zanchey@ucc.gu.uwa.edu.au>
-Date: Mon Aug 4 13:34:26 2014 +0800
-
- Authenticate connections to web_config service
-
- - Require all requests to use a session path.
- - Use a redirect file to avoid exposing the URL on the command line, as
- it contains the session path.
-
- Fix for CVE-2014-2914.
- Closes #1438.
-
-diff --git a/share/tools/web_config/index.html b/share/tools/web_config/index.html
-index 22cd470..90df114 100644
---- a/share/tools/web_config/index.html
-+++ b/share/tools/web_config/index.html
-@@ -556,7 +556,7 @@ function switch_tab(new_tab) {
- if (new_tab == 'tab_colors') {
- /* Keep track of whether this is the first element */
- var first = true
-- run_get_request('/colors/', function(key_and_values){
-+ run_get_request('colors/', function(key_and_values){
- /* Result is name, description, value */
- var key = key_and_values[0]
- var description = key_and_values[1]
-@@ -577,7 +577,7 @@ function switch_tab(new_tab) {
- sample_prompts.length = 0
- /* Color the first one blue */
- var first = true;
-- run_get_request('/sample_prompts/', function(sample_prompt){
-+ run_get_request('sample_prompts/', function(sample_prompt){
- var name = sample_prompt['name']
- sample_prompts[name] = sample_prompt
- var color = first ? '66F' : 'AAA'
-@@ -594,7 +594,7 @@ function switch_tab(new_tab) {
- } else if (new_tab == 'tab_functions') {
- /* Keep track of whether this is the first element */
- var first = true
-- run_get_request('/functions/', function(contents){
-+ run_get_request('functions/', function(contents){
- var elem = create_master_element(contents, false/* description */, 'AAAAAA', '11pt', select_function_master_element)
- if (first) {
- /* It's the first element, so select it, so something gets selected */
-@@ -606,7 +606,7 @@ function switch_tab(new_tab) {
- $('#master_detail_table').show()
- wants_data_table = false
- } else if (new_tab == 'tab_variables') {
-- run_get_request_with_bulk_handler('/variables/', function(json_contents){
-+ run_get_request_with_bulk_handler('variables/', function(json_contents){
- var rows = new Array()
- for (var i = 0; i < json_contents.length; i++) {
- var contents = json_contents[i]
-@@ -622,7 +622,7 @@ function switch_tab(new_tab) {
- } else if (new_tab == 'tab_history') {
- // Clear the history map
- history_element_map.length = 0
-- run_get_request_with_bulk_handler('/history/', function(json_contents){
-+ run_get_request_with_bulk_handler('history/', function(json_contents){
- start = new Date().getTime()
- var rows = new Array()
- for (var i = 0; i < json_contents.length; i++) {
-@@ -757,7 +757,7 @@ function select_color_master_element(elem) {
- function select_function_master_element(elem) {
- select_master_element(elem)
-
-- run_post_request('/get_function/', {
-+ run_post_request('get_function/', {
- what: current_master_element_name()
- }, function(contents){
- /* Replace leading tabs and groups of four spaces at the beginning of a line with two spaces. */
-@@ -773,7 +773,7 @@ function select_sample_prompt_master_element(elem) {
- select_master_element(elem)
- var name = current_master_element_name()
- sample_prompt = sample_prompts[name]
-- run_post_request('/get_sample_prompt/', {
-+ run_post_request('get_sample_prompt/', {
- what: sample_prompt['function']
- }, function(keys_and_values){
- var prompt_func = keys_and_values['function']
-@@ -788,7 +788,7 @@ function select_sample_prompt_master_element(elem) {
- function select_current_prompt_master_element(elem) {
- $('.prompt_save_button').hide()
- select_master_element(elem)
-- run_get_request_with_bulk_handler('/current_prompt/', function(keys_and_values){
-+ run_get_request_with_bulk_handler('current_prompt/', function(keys_and_values){
- var prompt_func = keys_and_values['function']
- var prompt_demo = keys_and_values['demo']
- var prompt_font_size = keys_and_values['font_size']
-@@ -801,7 +801,7 @@ function select_current_prompt_master_element(elem) {
- function save_current_prompt() {
- var name = current_master_element_name()
- var sample_prompt = sample_prompts[name]
-- run_post_request('/set_prompt/', {
-+ run_post_request('set_prompt/', {
- what: sample_prompt['function']
- }, function(contents){
- if (contents == "OK") {
-@@ -817,7 +817,7 @@ function post_style_to_server() {
- if (! style)
- return
-
-- run_post_request('/set_color/', {
-+ run_post_request('set_color/', {
- what: current_master_element_name(),
- color: style.color,
- background_color: style.background_color,
-@@ -1221,7 +1221,7 @@ function escape_HTML(foo) {
- function tell_fish_to_delete_element(idx) {
- var row_elem = $('#data_table_row_' + idx)
- var txt = history_element_map[idx]
-- run_post_request('/delete_history_item/', {
-+ run_post_request('delete_history_item/', {
- what: txt
- }, function(contents){
- if (contents == "OK") {
-diff --git a/share/tools/web_config/webconfig.py b/share/tools/web_config/webconfig.py
-index 1b9250b..2a103eb 100755
---- a/share/tools/web_config/webconfig.py
-+++ b/share/tools/web_config/webconfig.py
-@@ -17,7 +17,7 @@ else:
- from urllib.parse import parse_qs
- import webbrowser
- import subprocess
--import re, socket, os, sys, cgi, select, time, glob
-+import re, socket, os, sys, cgi, select, time, glob, random, string
- try:
- import json
- except ImportError:
-@@ -485,9 +485,16 @@ class FishConfigHTTPRequestHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
- else: font_size = '18pt'
- return font_size
-
--
- def do_GET(self):
- p = self.path
-+
-+ authpath = '/' + authkey
-+ if p.startswith(authpath):
-+ p = p[len(authpath):]
-+ else:
-+ return self.send_error(403)
-+ self.path = p
-+
- if p == '/colors/':
- output = self.do_get_colors()
- elif p == '/functions/':
-@@ -519,6 +526,14 @@ class FishConfigHTTPRequestHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
-
- def do_POST(self):
- p = self.path
-+
-+ authpath = '/' + authkey
-+ if p.startswith(authpath):
-+ p = p[len(authpath):]
-+ else:
-+ return self.send_error(403)
-+ self.path = p
-+
- if IS_PY2:
- ctype, pdict = cgi.parse_header(self.headers.getheader('content-type'))
- else: # Python 3
-@@ -582,7 +597,19 @@ class FishConfigHTTPRequestHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
- def log_request(self, code='-', size='-'):
- """ Disable request logging """
- pass
--
-+
-+redirect_template_html = """
-+<!DOCTYPE html>
-+<html>
-+ <head>
-+ <meta http-equiv="refresh" content="0;URL='%s'" />
-+ </head>
-+ <body>
-+ <p><a href="%s">Start the Fish Web config</a></p>
-+ </body>
-+</html>
-+"""
-+
- # find fish
- fish_bin_dir = os.environ.get('__fish_bin_dir')
- fish_bin_path = None
-@@ -618,6 +645,9 @@ initial_wd = os.getcwd()
- where = os.path.dirname(sys.argv[0])
- os.chdir(where)
-
-+# Generate a 16-byte random key as a hexadecimal string
-+authkey = hex(random.getrandbits(16*4))[2:]
-+
- # Try to find a suitable port
- PORT = 8000
- while PORT <= 9000:
-@@ -647,9 +677,36 @@ if len(sys.argv) > 1:
- initial_tab = '#' + tab
- break
-
--url = 'http://localhost:%d/%s' % (PORT, initial_tab)
--print("Web config started at '%s'. Hit enter to stop." % url)
--webbrowser.open(url)
-+url = 'http://localhost:%d/%s/%s' % (PORT, authkey, initial_tab)
-+
-+# Create temporary file to hold redirect to real server
-+# This prevents exposing the URL containing the authentication key on the command line
-+# (see CVE-2014-2914 or https://github.com/fish-shell/fish-shell/issues/1438)
-+if 'XDG_CACHE_HOME' in os.environ:
-+ dirname = os.path.expanduser(os.path.expandvars('$XDG_CACHE_HOME/fish/'))
-+else:
-+ dirname = os.path.expanduser('~/.cache/fish/')
-+
-+os.umask(0o0077)
-+try:
-+ os.makedirs(dirname, 0o0700)
-+except OSError as e:
-+ if e.errno == 17:
-+ pass
-+ else:
-+ raise e
-+
-+randtoken = ''.join(random.choice(string.ascii_uppercase + string.digits) for _ in range(6))
-+filename = dirname + 'web_config-%s.html' % randtoken
-+
-+f = open(filename, 'w')
-+f.write(redirect_template_html % (url, url))
-+f.close()
-+
-+# Open temporary file as URL
-+fileurl = 'file://' + filename
-+print("Web config started at '%s'. Hit enter to stop." % fileurl)
-+webbrowser.open(fileurl)
-
- # Select on stdin and httpd
- stdin_no = sys.stdin.fileno()
-@@ -666,3 +723,5 @@ try:
- except KeyboardInterrupt:
- print("\nShutting down.")
-
-+# Clean up temporary file
-+os.remove(filename)
diff --git a/fish-upstream-CVE-2014-2914.patch b/fish-upstream-CVE-2014-2914.patch
deleted file mode 100644
index 248bb38..0000000
--- a/fish-upstream-CVE-2014-2914.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From 10642a34f17ae45bd93be3ae6021ee920d3da0c2 Mon Sep 17 00:00:00 2001
-Message-Id: <10642a34f17ae45bd93be3ae6021ee920d3da0c2.1398707555.git.luto@amacapital.net>
-In-Reply-To: <3c5d5b344ee945b99e4bb16a44af6f293601813d.1398707555.git.luto@amacapital.net>
-References: <3c5d5b344ee945b99e4bb16a44af6f293601813d.1398707555.git.luto@amacapital.net>
-From: Anders Bergh <anders1@gmail.com>
-Date: Tue, 4 Mar 2014 09:59:26 +0100
-Subject: [PATCH 2/4] fish_config: Listen on both IPv6 and IPv4.
-
-A subclass of TCPServer was created to deny any non-local connections and to
-listen using an IPv6 socket.
----
- share/tools/web_config/webconfig.py | 12 +++++++++++-
- 1 file changed, 11 insertions(+), 1 deletion(-)
-
-diff --git a/share/tools/web_config/webconfig.py b/share/tools/web_config/webconfig.py
-index f735a02..1b9250b 100755
---- a/share/tools/web_config/webconfig.py
-+++ b/share/tools/web_config/webconfig.py
-@@ -250,6 +250,16 @@ class FishVar:
- if self.exported: flags.append('exported')
- return [self.name, self.value, ', '.join(flags)]
-
-+class FishConfigTCPServer(SocketServer.TCPServer):
-+ """TCPServer that only accepts connections from localhost (IPv4/IPv6)."""
-+ WHITELIST = set(['::1', '::ffff:127.0.0.1', '127.0.0.1'])
-+
-+ address_family = socket.AF_INET6
-+
-+ def verify_request(self, request, client_address):
-+ return client_address[0] in FishConfigTCPServer.WHITELIST
-+
-+
- class FishConfigHTTPRequestHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
-
- def write_to_wfile(self, txt):
-@@ -613,7 +623,7 @@ PORT = 8000
- while PORT <= 9000:
- try:
- Handler = FishConfigHTTPRequestHandler
-- httpd = SocketServer.TCPServer(("", PORT), Handler)
-+ httpd = FishConfigTCPServer(("::", PORT), Handler)
- # Success
- break
- except socket.error:
---
-1.9.0
-
diff --git a/fish-webconfig-CVE-2014-2914-followup-1.patch b/fish-webconfig-CVE-2014-2914-followup-1.patch
deleted file mode 100644
index 9fab859..0000000
--- a/fish-webconfig-CVE-2014-2914-followup-1.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-commit 78e2b7cc0897de3eb2a8cdc0f5efe49a34402f9d
-Author: Andy Lutomirski <luto@amacapital.net>
-Date: Mon Aug 11 17:50:56 2014 -0700
-
- webconfig: Use a constant-time token comparison
-
- This prevents a linear-time attack to recover the auth token.
-
-diff --git a/share/tools/web_config/webconfig.py b/share/tools/web_config/webconfig.py
-index 2a103eb..452f771 100755
---- a/share/tools/web_config/webconfig.py
-+++ b/share/tools/web_config/webconfig.py
-@@ -471,6 +471,14 @@ class FishConfigHTTPRequestHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
- # Ignore unreadable files, etc
- pass
- return result
-+
-+ def secure_startswith(self, haystack, needle):
-+ if len(haystack) < len(needle):
-+ return False
-+ bits = 0
-+ for x,y in zip(haystack, needle):
-+ bits |= ord(x) ^ ord(y)
-+ return bits == 0
-
- def font_size_for_ansi_prompt(self, prompt_demo_ansi):
- width = ansi_prompt_line_width(prompt_demo_ansi)
-@@ -489,7 +497,7 @@ class FishConfigHTTPRequestHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
- p = self.path
-
- authpath = '/' + authkey
-- if p.startswith(authpath):
-+ if self.secure_startswith(p, authpath):
- p = p[len(authpath):]
- else:
- return self.send_error(403)
-@@ -528,7 +536,7 @@ class FishConfigHTTPRequestHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
- p = self.path
-
- authpath = '/' + authkey
-- if p.startswith(authpath):
-+ if self.secure_startswith(p, authpath):
- p = p[len(authpath):]
- else:
- return self.send_error(403)
diff --git a/fish-webconfig-CVE-2014-2914-followup-2.patch b/fish-webconfig-CVE-2014-2914-followup-2.patch
deleted file mode 100644
index a2b3c27..0000000
--- a/fish-webconfig-CVE-2014-2914-followup-2.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-commit 236a0ce46819ce4b93f73ba112e3bfb0726bade7
-Author: Andy Lutomirski <luto@amacapital.net>
-Date: Mon Aug 11 17:51:27 2014 -0700
-
- webconfig: Use 16 byte tokens, as advertized
-
-diff --git a/share/tools/web_config/webconfig.py b/share/tools/web_config/webconfig.py
-index e129c76..2ceb67e 100755
---- a/share/tools/web_config/webconfig.py
-+++ b/share/tools/web_config/webconfig.py
-@@ -654,7 +654,7 @@ where = os.path.dirname(sys.argv[0])
- os.chdir(where)
-
- # Generate a 16-byte random key as a hexadecimal string
--authkey = hex(random.getrandbits(16*4))[2:]
-+authkey = hex(random.getrandbits(16*8))[2:]
-
- # Try to find a suitable port
- PORT = 8000
diff --git a/fish-webconfig-CVE-2014-2914-followup-3.patch b/fish-webconfig-CVE-2014-2914-followup-3.patch
deleted file mode 100644
index 300f54b..0000000
--- a/fish-webconfig-CVE-2014-2914-followup-3.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-commit f5d81d3beac2542d675af15bf7f71762c456f30d
-Author: Andy Lutomirski <luto@amacapital.net>
-Date: Mon Aug 11 17:52:27 2014 -0700
-
- webconfig: Get the auth token from os.urandom
-
- random.getrandbits shouldn't be used for security.
-
-diff --git a/share/tools/web_config/webconfig.py b/share/tools/web_config/webconfig.py
-index 2ceb67e..f36f63f 100755
---- a/share/tools/web_config/webconfig.py
-+++ b/share/tools/web_config/webconfig.py
-@@ -654,7 +654,7 @@ where = os.path.dirname(sys.argv[0])
- os.chdir(where)
-
- # Generate a 16-byte random key as a hexadecimal string
--authkey = hex(random.getrandbits(16*8))[2:]
-+authkey = hex(os.urandom(16))[2:]
-
- # Try to find a suitable port
- PORT = 8000
diff --git a/fish-webconfig-CVE-2014-2914-followup-4.patch b/fish-webconfig-CVE-2014-2914-followup-4.patch
deleted file mode 100644
index c0a2603..0000000
--- a/fish-webconfig-CVE-2014-2914-followup-4.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-commit a7f1e81e6ac23fe4b6fd86023681e2975703078d
-Author: Andy Lutomirski <luto@amacapital.net>
-Date: Mon Aug 11 18:18:21 2014 -0700
-
- webconfig: Convert authkey to hex correctly
-
-diff --git a/share/tools/web_config/webconfig.py b/share/tools/web_config/webconfig.py
-index 5c7d2b9..43d2ced 100755
---- a/share/tools/web_config/webconfig.py
-+++ b/share/tools/web_config/webconfig.py
-@@ -17,7 +17,7 @@ else:
- from urllib.parse import parse_qs
- import webbrowser
- import subprocess
--import re, socket, os, sys, cgi, select, time, glob, random, string
-+import re, socket, os, sys, cgi, select, time, glob, random, string, binascii
- try:
- import json
- except ImportError:
-@@ -654,7 +654,7 @@ where = os.path.dirname(sys.argv[0])
- os.chdir(where)
-
- # Generate a 16-byte random key as a hexadecimal string
--authkey = hex(os.urandom(16))[2:]
-+authkey = binascii.b2a_hex(os.urandom(16))
-
- # Try to find a suitable port
- PORT = 8000
diff --git a/fish.spec b/fish.spec
index 38a9662..0bcaf39 100644
--- a/fish.spec
+++ b/fish.spec
@@ -1,6 +1,6 @@
Name: fish
-Version: 2.1.0
-Release: 12%{?dist}
+Version: 2.1.1
+Release: 1%{?dist}
Summary: A friendly interactive shell
Group: System Environment/Shells
@@ -10,21 +10,9 @@ Source0: http://fishshell.com/files/%{version}/fish-%{version}.ta
Patch0: fish-remove-usr-local.patch
Patch1: fish-add-link-cxxflags.patch
Patch2: fish-use-usrbinpython.patch
-Patch3: fish-upstream-CVE-2014-2914.patch
-Patch4: fish-upstream-CVE-2014-2914-part2.patch
-Patch5: fish-upstream-CVE-2014-2905.patch
-Patch6: fish-upstream-CVE-2014-2905-part2.patch
-Patch7: fish-upstream-CVE-2014-2906.patch
-Patch8: fish-webconfig-CVE-2014-2914-followup-1.patch
-Patch9: fish-webconfig-CVE-2014-2914-followup-2.patch
-Patch10: fish-webconfig-CVE-2014-2914-followup-3.patch
-Patch11: fish-webconfig-CVE-2014-2914-followup-4.patch
BuildRequires: ncurses-devel gettext groff doxygen
-# Temporary -- remove once CVE-2014-2905 is fixed in a release
-BuildRequires: autoconf
-
%description
fish is a fully-equipped command line shell (like bash or zsh) that is
smart and user-friendly. fish supports powerful features like syntax
@@ -37,15 +25,6 @@ nothing to learn or configure.
%patch0 -p1
%patch1 -p1
%patch2 -p1
-%patch3 -p1
-%patch4 -p1
-%patch5 -p1
-%patch6 -p1
-%patch7 -p1
-%patch8 -p1
-%patch9 -p1
-%patch10 -p1
-%patch11 -p1
# This is unused. If we fiddle with Python versions, its presence will
# be confusing.
@@ -98,6 +77,9 @@ fi
%changelog
+* Mon Sep 29 2014 Andy Lutomirski <luto@mit.edu> - 2.1.1-1
+- Update to 2.1.1
+
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.0-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
diff --git a/sources b/sources
index ea4ee7f..005ef3d 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-3a29aebde522b8f52d9975d7423db99e fish-2.1.0.tar.gz
+0251e6e5f25d1f326e071425ea1dee22 fish-2.1.1.tar.gz