WIP

* deps(crypto): bump golang.org/x/crypto from v0.26.0 to v0.31.0 (fix for CVE-2024-45337) (#1312)
- Remove upstreamed CVE-2024-45337-bump-go-crypto.patch
  (apparently upstream still didn’t see the other one).
- Add CVE-2025-22869-bump-go-crypto-ssh.patch to update
  golang.org/x/crypto/ssh to v0.35.0 (bsc#1239494,
  CVE-2025-22869).

.gitignore

@@ -1,4 +1,6 @@
 .osc
 _scmsync.obsinfo
 build.specials.obscpio
-git-bug/
+.assets/
+_buildconfig-*
+_buildinfo-*.xml

.gitmodules

@@ -0,0 +1,4 @@
+[submodule "upstream"]
+	path = git-bug
+	url = https://github.com/openSUSE-Python/git-bug.git
+	branch = devel

CVE-2024-45337-bump-go-crypto.patch

@@ -1,232 +0,0 @@
-From fc24dafc5962715b46bcf37091d7f388ded5aa4b Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= <mcepl@cepl.eu>
-Date: Mon, 16 Dec 2024 18:02:51 +0100
-Subject: [PATCH 1/3] build(deps): move from github.com/xanzy/go-gitlab to
- gitlab.com/gitlab-org/api/client-go
-
----
- bridge/gitlab/config.go      |    2 +-
- bridge/gitlab/event.go       |    2 +-
- bridge/gitlab/export.go      |    2 +-
- bridge/gitlab/export_test.go |    4 ++--
- bridge/gitlab/gitlab.go      |    2 +-
- bridge/gitlab/gitlab_api.go  |    2 +-
- bridge/gitlab/import.go      |    2 +-
- go.mod                       |   23 +++++++++++++----------
- go.sum                       |   28 ++++++++++++++--------------
- 9 files changed, 35 insertions(+), 32 deletions(-)
-
---- a/bridge/gitlab/config.go
-+++ b/bridge/gitlab/config.go
-@@ -8,7 +8,7 @@ import (
- 	"strings"
- 
- 	"github.com/pkg/errors"
--	"github.com/xanzy/go-gitlab"
-+	"gitlab.com/gitlab-org/api/client-go"
- 
- 	"github.com/git-bug/git-bug/bridge/core"
- 	"github.com/git-bug/git-bug/bridge/core/auth"
---- a/bridge/gitlab/event.go
-+++ b/bridge/gitlab/event.go
-@@ -5,7 +5,7 @@ import (
- 	"strings"
- 	"time"
- 
--	"github.com/xanzy/go-gitlab"
-+	"gitlab.com/gitlab-org/api/client-go"
- 
- 	"github.com/git-bug/git-bug/util/text"
- )
---- a/bridge/gitlab/export.go
-+++ b/bridge/gitlab/export.go
-@@ -8,7 +8,7 @@ import (
- 	"time"
- 
- 	"github.com/pkg/errors"
--	"github.com/xanzy/go-gitlab"
-+	"gitlab.com/gitlab-org/api/client-go"
- 
- 	"github.com/git-bug/git-bug/bridge/core"
- 	"github.com/git-bug/git-bug/bridge/core/auth"
---- a/bridge/gitlab/export_test.go
-+++ b/bridge/gitlab/export_test.go
-@@ -9,7 +9,7 @@ import (
- 	"testing"
- 	"time"
- 
--	"github.com/xanzy/go-gitlab"
-+	"gitlab.com/gitlab-org/api/client-go"
- 
- 	"github.com/git-bug/git-bug/entity"
- 	"github.com/git-bug/git-bug/entity/dag"
-@@ -319,6 +319,6 @@ func deleteRepository(ctx context.Contex
- 		return err
- 	}
- 
--	_, err = client.Projects.DeleteProject(project, gitlab.WithContext(ctx))
-+	_, err = client.Projects.DeleteProject(project, nil, gitlab.WithContext(ctx))
- 	return err
- }
---- a/bridge/gitlab/gitlab.go
-+++ b/bridge/gitlab/gitlab.go
-@@ -3,7 +3,7 @@ package gitlab
- import (
- 	"time"
- 
--	"github.com/xanzy/go-gitlab"
-+	"gitlab.com/gitlab-org/api/client-go"
- 
- 	"github.com/git-bug/git-bug/bridge/core"
- 	"github.com/git-bug/git-bug/bridge/core/auth"
---- a/bridge/gitlab/gitlab_api.go
-+++ b/bridge/gitlab/gitlab_api.go
-@@ -5,7 +5,7 @@ import (
- 	"time"
- 
- 	"github.com/git-bug/git-bug/util/text"
--	"github.com/xanzy/go-gitlab"
-+	"gitlab.com/gitlab-org/api/client-go"
- )
- 
- // Issues returns a channel with gitlab project issues, ascending order.
---- a/bridge/gitlab/import.go
-+++ b/bridge/gitlab/import.go
-@@ -6,7 +6,7 @@ import (
- 	"strconv"
- 	"time"
- 
--	"github.com/xanzy/go-gitlab"
-+	"gitlab.com/gitlab-org/api/client-go"
- 
- 	"github.com/git-bug/git-bug/bridge/core"
- 	"github.com/git-bug/git-bug/bridge/core/auth"
---- a/go.mod
-+++ b/go.mod
-@@ -35,12 +35,19 @@ require (
- 	github.com/stretchr/testify v1.9.0
- 	github.com/vbauerster/mpb/v8 v8.8.2
- 	github.com/vektah/gqlparser/v2 v2.5.16
--	github.com/xanzy/go-gitlab v0.107.0
--	golang.org/x/crypto v0.26.0
-+	gitlab.com/gitlab-org/api/client-go v0.116.0
-+	golang.org/x/crypto v0.31.0
- 	golang.org/x/oauth2 v0.22.0
--	golang.org/x/sync v0.8.0
--	golang.org/x/sys v0.25.0
--	golang.org/x/text v0.17.0
-+	golang.org/x/sync v0.10.0
-+	golang.org/x/sys v0.28.0
-+	golang.org/x/text v0.21.0
-+)
-+
-+require (
-+	github.com/google/go-querystring v1.1.0 // indirect
-+	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-+	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
-+	golang.org/x/time v0.3.0 // indirect
- )
- 
- require (
-@@ -78,12 +85,9 @@ require (
- 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
- 	github.com/golang/protobuf v1.5.4 // indirect
- 	github.com/golang/snappy v0.0.4 // indirect
--	github.com/google/go-querystring v1.1.0 // indirect
- 	github.com/google/uuid v1.6.0 // indirect
- 	github.com/gorilla/websocket v1.5.3 // indirect
- 	github.com/gsterjov/go-libsecret v0.0.0-20161001094733-a6f4afe4910c // indirect
--	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
--	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
- 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
- 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
- 	github.com/kevinburke/ssh_config v1.2.0 // indirect
-@@ -117,8 +121,7 @@ require (
- 	golang.org/x/mod v0.19.0 // indirect
- 	golang.org/x/net v0.27.0 // indirect
- 	golang.org/x/telemetry v0.0.0-20240723021908-ccdfb411a0c4 // indirect
--	golang.org/x/term v0.24.0
--	golang.org/x/time v0.5.0 // indirect
-+	golang.org/x/term v0.27.0
- 	golang.org/x/tools v0.23.0 // indirect
- 	golang.org/x/vuln v1.1.3
- 	google.golang.org/protobuf v1.34.2 // indirect
---- a/go.sum
-+++ b/go.sum
-@@ -311,8 +311,6 @@ github.com/vektah/gqlparser/v2 v2.5.16/g
- github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4=
- github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI=
- github.com/willf/bitset v1.1.10/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4=
--github.com/xanzy/go-gitlab v0.107.0 h1:P2CT9Uy9yN9lJo3FLxpMZ4xj6uWcpnigXsjvqJ6nd2Y=
--github.com/xanzy/go-gitlab v0.107.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY=
- github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
- github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
- github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
-@@ -322,6 +320,8 @@ github.com/yuin/goldmark v1.4.13/go.mod
- github.com/zclconf/go-cty v1.10.0/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk=
- github.com/zclconf/go-cty v1.15.0 h1:tTCRWxsexYUmtt/wVxgDClUe+uQusuI443uL6e+5sXQ=
- github.com/zclconf/go-cty v1.15.0/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE=
-+gitlab.com/gitlab-org/api/client-go v0.116.0 h1:Dy534gtZPMrnm3fAcmQRMadrcoUyFO4FQ4rXlSAdHAw=
-+gitlab.com/gitlab-org/api/client-go v0.116.0/go.mod h1:B29OfnZklmaoiR7uHANh9jTyfWEgmXvZLVEnosw2Dx0=
- go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
- go.etcd.io/bbolt v1.3.10 h1:+BqfJTcCzTItrop8mq/lbzL8wSGtj94UO/3U31shqG0=
- go.etcd.io/bbolt v1.3.10/go.mod h1:bK3UQLPJZly7IlNmV7uVHJDxfe5aK9Ll93e/74Y9oEQ=
-@@ -331,8 +331,8 @@ golang.org/x/crypto v0.0.0-2021092115510
- golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
- golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
- golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
--golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw=
--golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54=
-+golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
-+golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
- golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8=
- golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY=
- golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-@@ -357,8 +357,8 @@ golang.org/x/sync v0.0.0-20180314180146-
- golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
- golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
- golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
--golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ=
--golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-+golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
-+golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
- golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
- golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
- golang.org/x/sys v0.0.0-20181221143128-b4a75ba826a6/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-@@ -379,8 +379,8 @@ golang.org/x/sys v0.3.0/go.mod h1:oPkhp1
- golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
- golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
- golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
--golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34=
--golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-+golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
-+golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
- golang.org/x/telemetry v0.0.0-20240723021908-ccdfb411a0c4 h1:ka7TMW0Mo8QYTXm2hXSQ9fFUXS7Zln3S4pe9aq4JC7w=
- golang.org/x/telemetry v0.0.0-20240723021908-ccdfb411a0c4/go.mod h1:amNmu/SBSm2GAF3X+9U2C0epLocdh+r5Z+7oMYO5cLM=
- golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-@@ -390,8 +390,8 @@ golang.org/x/term v0.2.0/go.mod h1:TVmDH
- golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
- golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
- golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
--golang.org/x/term v0.24.0 h1:Mh5cbb+Zk2hqqXNO7S1iTjEphVL+jb8ZWaqh/g+JWkM=
--golang.org/x/term v0.24.0/go.mod h1:lOBK/LVxemqiMij05LGJ0tzNr8xlmwBRJ81PX6wVLH8=
-+golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q=
-+golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
- golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
- golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
- golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-@@ -402,10 +402,10 @@ golang.org/x/text v0.4.0/go.mod h1:mrYo+
- golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
- golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
- golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
--golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc=
--golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
--golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
--golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
-+golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
-+golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
-+golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
-+golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
- golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
- golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
- golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=

_service

@@ -1,16 +1,3 @@
 <services>
-    <service name="obs_scm" mode="manual">
-        <param name="versionprefix">0.8.0+git</param>
-        <param name="url">https://github.com/MichaelMure/git-bug.git</param>
-        <param name="scm">git</param>
-        <param name="changesgenerate">enable</param>
-        <param name="changesauthor">mcepl@cepl.eu</param>
-    </service>
-    <service name="tar" mode="buildtime"/>
-    <service name="recompress" mode="buildtime">
-        <param name="file">*.tar</param>
-        <param name="compression">gz</param>
-    </service>
-    <service name="set_version" mode="manual"/>
     <service name="go_modules" mode="manual"/>
 </services>

_servicedata

@@ -1,4 +1,6 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/MichaelMure/git-bug.git</param>
-              <param name="changesrevision">d499b6e9d3333334614924669b74640a2d0b5485</param></service></servicedata>
+              <param name="changesrevision">d499b6e9d3333334614924669b74640a2d0b5485</param></service><service name="tar_scm">
+                <param name="url">https://github.com/git-bug/git-bug.git</param>
+              <param name="changesrevision">0ab94c9b7ac53ca9ab56febcf5cc3f26959e8b8a</param></service></servicedata>

git-bug.changes

@@ -1,3 +1,28 @@
+-------------------------------------------------------------------
+Tue Mar 25 15:29:50 UTC 2025 - mcepl@cepl.eu
+
+- Update to version 0.8.0+git.1742269202.0ab94c9:
+  * deps(crypto): bump golang.org/x/crypto from v0.26.0 to v0.31.0 (fix for CVE-2024-45337) (#1312)
+- Remove upstreamed CVE-2024-45337-bump-go-crypto.patch
+  (apparently upstream still didn’t see the other one).
+
+-------------------------------------------------------------------
+Thu Mar 13 17:02:33 UTC 2025 - mcepl@cepl.eu
+
+- Add CVE-2025-22869-bump-go-crypto-ssh.patch to update
+  golang.org/x/crypto/ssh to v0.35.0 (bsc#1239494,
+  CVE-2025-22869).
+
+-------------------------------------------------------------------
+Wed Jan 22 16:32:25 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
+
+- Add missing Requires to completion subpackages.
+
+-------------------------------------------------------------------
+Wed Jan  8 09:00:10 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
+
+- Update vendorization.
+
 -------------------------------------------------------------------
 Tue Dec 17 13:53:28 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
 

git-bug.obsinfo

@@ -1,4 +0,0 @@
-name: git-bug
-version: 0.8.0+git.1733745604.d499b6e
-mtime: 1733745604
-commit: d499b6e9d3333334614924669b74640a2d0b5485

git-bug.spec

@@ -17,21 +17,15 @@
 
 
 Name:           git-bug
-Version:        0.8.0+git.1733745604.d499b6e
+Version:        0.8.1+git.1746484874.96c7a111
 Release:        0
 Summary:        Distributed, offline-first bug tracker embedded in git, with bridges
 License:        MIT
 URL:            https://github.com/MichaelMure/git-bug
-# Source0:        https://github.com/MichaelMure/%%{name}/archive/refs/tags/v%%{version}.tar.gz#/git-bug-%%{version}.tar.gz
-Source0:        git-bug-%{version}.tar.gz
+#!CreateArchive: git-bug
+Source0:        %{name}-%{version}.tar.xz
 Source1:        vendor.tar.gz
-# PATCH-FIX-UPSTREAM remote-config.patch gh#MichaelMure/git-bug!1076 mcepl@suse.com
-# try reading git-bug.remote config value before defaulting to 'origin' when no explicit REMOTE argument
-Patch0:         remote-config.patch
-# PATCH-FIX-UPSTREAM CVE-2024-45337-bump-go-crypto.patch bsc#1234565 mcepl@suse.com
-# bump golang.org/x/crypto from v0.26.0 to v0.31.0
-Patch1:         CVE-2024-45337-bump-go-crypto.patch
-BuildRequires:  golang(API) = 1.22
+BuildRequires:  golang(API) = 1.23
 # # PATCH-FEATURE-UPSTREAM 501-export.patch gh#MichaelMure/git-bug!501 mcepl@suse.com
 # # add a command to export bugs as raw operations
 # Patch0:         501-export.patch
@@ -62,6 +56,7 @@ git-bug is a bug tracker that:
 %package bash-completion
 Summary:        Bash completion for git-bug
 Requires:       bash-completion
+Requires:       %{name} = %{version}
 Supplements:    (git-bug and bash-completion)
 BuildArch:      noarch
 
@@ -71,6 +66,7 @@ Bash shell completions for git-bug
 %package fish-completion
 Summary:        Fish completion for git-bug
 Requires:       fish
+Requires:       %{name} = %{version}
 Supplements:    (git-bug and fish)
 BuildArch:      noarch
 
@@ -80,6 +76,8 @@ Fish shell completions for git-bug
 %package zsh-completion
 Summary:        ZSH completion for git-bug
 Group:          Productivity/File utilities
+Requires:       zsh
+Requires:       %{name} = %{version}
 Supplements:    (git-bug and zsh)
 BuildArch:      noarch
 
@@ -87,7 +85,7 @@ BuildArch:      noarch
 zsh shell completions for git-bug
 
 %prep
-%autosetup -p1 -a1
+%setup -q -a1
 
 %build
 %make_build build

remote-config.patch

@@ -1,100 +0,0 @@
-From 65cfe2b3fff11d34b5ffc9f7e5d24aefb505497f Mon Sep 17 00:00:00 2001
-From: William Ahern <william@25thandClement.com>
-Date: Thu, 27 Jul 2023 22:06:45 -0700
-Subject: [PATCH] pull, push: try reading git-bug.remote config value before
- defaulting to 'origin' when no explicit REMOTE argument
-
----
- commands/pull.go     |   16 +++++++++++-----
- commands/push.go     |   16 +++++++++++-----
- repository/config.go |   11 +++++++++++
- 3 files changed, 33 insertions(+), 10 deletions(-)
-
---- a/commands/pull.go
-+++ b/commands/pull.go
-@@ -8,6 +8,7 @@ import (
- 	"github.com/git-bug/git-bug/commands/completion"
- 	"github.com/git-bug/git-bug/commands/execenv"
- 	"github.com/git-bug/git-bug/entity"
-+	"github.com/git-bug/git-bug/repository"
- )
- 
- func newPullCommand(env *execenv.Env) *cobra.Command {
-@@ -25,13 +26,18 @@ func newPullCommand(env *execenv.Env) *c
- }
- 
- func runPull(env *execenv.Env, args []string) error {
--	if len(args) > 1 {
-+	var remote string
-+	switch {
-+	case len(args) > 1:
- 		return errors.New("Only pulling from one remote at a time is supported")
--	}
--
--	remote := "origin"
--	if len(args) == 1 {
-+	case len(args) == 1:
- 		remote = args[0]
-+	default:
-+		v, err := repository.GetDefaultString("git-bug.remote", env.Repo.AnyConfig(), "origin")
-+		if err != nil {
-+			return err
-+		}
-+		remote = v
- 	}
- 
- 	env.Out.Println("Fetching remote ...")
---- a/commands/push.go
-+++ b/commands/push.go
-@@ -7,6 +7,7 @@ import (
- 
- 	"github.com/git-bug/git-bug/commands/completion"
- 	"github.com/git-bug/git-bug/commands/execenv"
-+	"github.com/git-bug/git-bug/repository"
- )
- 
- func newPushCommand(env *execenv.Env) *cobra.Command {
-@@ -24,13 +25,18 @@ func newPushCommand(env *execenv.Env) *c
- }
- 
- func runPush(env *execenv.Env, args []string) error {
--	if len(args) > 1 {
-+	var remote string
-+	switch {
-+	case len(args) > 1:
- 		return errors.New("Only pushing to one remote at a time is supported")
--	}
--
--	remote := "origin"
--	if len(args) == 1 {
-+	case len(args) == 1:
- 		remote = args[0]
-+	default:
-+		v, err := repository.GetDefaultString("git-bug.remote", env.Repo.AnyConfig(), "origin")
-+		if err != nil {
-+			return err
-+		}
-+		remote = v
- 	}
- 
- 	stdout, err := env.Backend.Push(remote)
---- a/repository/config.go
-+++ b/repository/config.go
-@@ -60,6 +60,17 @@ type ConfigWrite interface {
- 	RemoveAll(keyPrefix string) error
- }
- 
-+func GetDefaultString(key string, cfg ConfigRead, def string) (string, error) {
-+	val, err := cfg.ReadString(key)
-+	if err == nil {
-+		return val, nil
-+	} else if errors.Is(err, ErrNoConfigEntry) {
-+		return def, nil
-+	} else {
-+		return "", err
-+	}
-+}
-+
- func ParseTimestamp(s string) (time.Time, error) {
- 	timestamp, err := strconv.Atoi(s)
- 	if err != nil {