- add use-safe-tempfile.diff: this fixes bsc#1247489 CVE-2025-61659, an

insecure predictable /tmp file usage in bash-git-prompt.

OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/bash-git-prompt?expand=0&rev=8

.gitattributes

@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text

.gitignore

@@ -0,0 +1 @@
+.osc

bash-git-prompt-2.7.1.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5e5fc6f5133b65760fede8050d4c3bc8edb8e78bc7ce26c16db442aa94b8a709
+size 50922

bash-git-prompt.changes

@@ -0,0 +1,26 @@
+-------------------------------------------------------------------
+Mon Sep 22 13:59:46 UTC 2025 - Matthias Gerstner <matthias.gerstner@suse.com>
+
+- add use-safe-tempfile.diff: this fixes bsc#1247489 CVE-2025-61659, an
+  insecure predictable /tmp file usage in bash-git-prompt.
+
+-------------------------------------------------------------------
+Sun May 10 08:51:18 UTC 2020 - Michal Suchanek <msuchanek@suse.com>
+
+- Add configuration file.
+
+-------------------------------------------------------------------
+Mon Feb 24 16:58:27 UTC 2020 - Michal Suchanek <msuchanek@suse.de>
+
+- Use profile.d instead of editing /etc/bashrc.
+
+-------------------------------------------------------------------
+Thu Feb 20 18:06:58 UTC 2020 - Michal Suchanek <msuchanek@suse.de>
+
+- Version 2.7.1
+
+-------------------------------------------------------------------
+Fri Aug 08 00:00:00 UTC 2014 - Justin Zhang <schnell18@gmail.com>
+
+bash-git-prompt 1.0.1-1
+- Initial version of package

bash-git-prompt.spec

@@ -0,0 +1,118 @@
+#
+# spec file for package bash-git-prompt
+#
+# Copyright (c) 2025 SUSE LLC and contributors
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+%if ! %{defined _fillupdir}
+%define _fillupdir /var/adm/fillup-templates
+%endif
+
+Name:           bash-git-prompt
+Version:        2.7.1
+Release:        0
+Summary:        Informative git prompt for bash and fish
+License:        BSD-2-Clause
+Group:          Development/Tools/Version Control
+URL:            https://github.com/magicmonty/bash-git-prompt
+Source0:        https://github.com/magicmonty/%{name}/archive/%{version}/%{name}-%{version}.tar.gz
+Patch0:         use-safe-tempfile.diff
+Requires:       git-core
+Requires(post): %fillup_prereq
+BuildArch:      noarch
+
+%description
+A bash prompt that displays information about the current git repository. In particular the branch name, difference with remote branch, number of files staged, changed, etc.
+
+This package will automatically enable the git prompt for bash after
+install. It will disable the prompt accordingly after uninstall.
+
+%prep
+%setup -q
+%autopatch -p1
+
+%build
+sed -i -e 's,#!/usr/bin/env bash,#!/bin/bash,' $(find . -name \*.sh)
+
+%install
+install -dm 755 %{buildroot}%{_datadir}/%{name}
+install -pm 755 *.sh %{buildroot}%{_datadir}/%{name}
+#install -pm 755 *.py %{buildroot}%{_datadir}/%{name}
+install -pm 755 *.fish %{buildroot}%{_datadir}/%{name}
+install -pm 644 README.md %{buildroot}%{_datadir}/%{name}
+install -dm 755 %{buildroot}%{_datadir}/%{name}/themes
+install -pm 644 themes/*.bgptheme %{buildroot}%{_datadir}/%{name}/themes
+install -pm 644 themes/*.bgptemplate %{buildroot}%{_datadir}/%{name}/themes
+
+# enable bash-git-prompt
+mkdir -p %{buildroot}%{_sysconfdir}/profile.d
+mkdir -p %{buildroot}%{_fillupdir}
+cat << EOF >> %{buildroot}%{_fillupdir}/sysconfig.%{name}
+GIT_PROMPT_SYSTEMWIDE_ENABLE=1
+
+GIT_PROMPT_ONLY_IN_REPO=1
+
+# GIT_PROMPT_FETCH_REMOTE_STATUS=0      # uncomment to avoid fetching remote status
+# GIT_PROMPT_IGNORE_SUBMODULES=1        # uncomment to avoid searching for changed files in submodules
+
+# GIT_PROMPT_SHOW_UPSTREAM=1            # uncomment to show upstream tracking branch
+# GIT_PROMPT_SHOW_UNTRACKED_FILES=all   # can be no, normal or all; determines counting of untracked files
+                                        # Set to `no` or `normal` to speed things up if you have lots of
+                                        # untracked files in your repository. This can be the case for
+                                        # build systems that put their build artifacts in the subdirectory
+                                        # structure of the git repository.
+
+# GIT_PROMPT_SHOW_CHANGED_FILES_COUNT=0 # uncomment to avoid printing the number of changed files
+
+# GIT_PROMPT_STATUS_COMMAND=gitstatus_pre-1.7.10.sh # uncomment to support Git older than 1.7.10
+
+# GIT_PROMPT_START=...                  # uncomment for custom prompt start sequence
+# GIT_PROMPT_END=...                    # uncomment for custom prompt end sequence
+
+# Color curtomization
+GIT_PROMPT_THEME=Default
+# GIT_PROMPT_THEME=Custom               # use custom theme specified in file GIT_PROMPT_THEME_FILE (default ~/.git-prompt-colors.sh)
+# GIT_PROMPT_THEME_FILE=~/.git-prompt-colors.sh
+# GIT_PROMPT_THEME=Solarized            # use theme optimized for solarized color scheme
+EOF
+
+cat << EOF >> %{buildroot}%{_sysconfdir}/profile.d/%{name}.sh
+if [ -n "\${BASH_VERSION-}" ] && [ -f %{_datadir}/%{name}/gitprompt.sh ]; then
+    # Set config variables first
+    [ -f %{_sysconfdir}/sysconfig/%{name} ] && source %{_sysconfdir}/sysconfig/%{name}
+
+    [ "\${GIT_PROMPT_SYSTEMWIDE_ENABLE}" = 1 ] && source %{_datadir}/%{name}/gitprompt.sh
+fi
+EOF
+
+%pre
+
+%post
+%fillup_only
+
+%preun
+
+%postun
+
+%files
+%{_datadir}/%{name}
+%{_sysconfdir}/profile.d/%{name}.sh
+%{_fillupdir}/sysconfig.%{name}
+
+%doc README.md
+
+%license LICENSE.txt
+
+%changelog

use-safe-tempfile.diff

@@ -0,0 +1,27 @@
+Index: bash-git-prompt-2.7.1/gitprompt.sh
+===================================================================
+--- bash-git-prompt-2.7.1.orig/gitprompt.sh
++++ bash-git-prompt-2.7.1/gitprompt.sh
+@@ -466,8 +466,11 @@ function createPrivateIndex {
+   else
+     __GIT_INDEX_FILE="$GIT_INDEX_FILE"
+   fi
+-  __GIT_INDEX_PRIVATE="/tmp/git-index-private$$"
++  __GIT_INDEX_PRIVATE=`mktemp "/tmp/git-index-private-$$.XXXX"`
+   command cp "$__GIT_INDEX_FILE" "$__GIT_INDEX_PRIVATE" 2>/dev/null
++  if [ $? -ne 0 ]; then
++    return
++  fi
+   echo "$__GIT_INDEX_PRIVATE"
+ }
+ 
+@@ -500,6 +503,9 @@ function updatePrompt() {
+   local GIT_INDEX_PRIVATE="$(createPrivateIndex)"
+   #important to define GIT_INDEX_FILE as local: This way it only affects this function (and below) - even with the export afterwards
+   local GIT_INDEX_FILE
++  if [ -z "$GIT_INDEX_PRIVATE" ]; then
++    return
++  fi
+   export GIT_INDEX_FILE="$GIT_INDEX_PRIVATE"
+ 
+   local -a git_status_fields