From 11819c3f4a4206990a0eac7486b718a4c3a7aaff35310f4fc70d8485eb6efb83 Mon Sep 17 00:00:00 2001 From: Michal Suchanek Date: Mon, 22 Sep 2025 17:54:03 +0000 Subject: [PATCH 1/2] Accepting request 1306556 from home:mgerstner:branches:devel:tools:scm - add use-safe-tempfile.diff: this fixes bsc#1247489, an insecure predictable /tmp file usage in bash-git-prompt. OBS-URL: https://build.opensuse.org/request/show/1306556 OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/bash-git-prompt?expand=0&rev=6 --- .gitattributes | 23 +++++++ .gitignore | 1 + bash-git-prompt-2.7.1.tar.gz | 3 + bash-git-prompt.changes | 26 ++++++++ bash-git-prompt.spec | 118 +++++++++++++++++++++++++++++++++++ use-safe-tempfile.diff | 27 ++++++++ 6 files changed, 198 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 bash-git-prompt-2.7.1.tar.gz create mode 100644 bash-git-prompt.changes create mode 100644 bash-git-prompt.spec create mode 100644 use-safe-tempfile.diff diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/bash-git-prompt-2.7.1.tar.gz b/bash-git-prompt-2.7.1.tar.gz new file mode 100644 index 0000000..c80234f --- /dev/null +++ b/bash-git-prompt-2.7.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5e5fc6f5133b65760fede8050d4c3bc8edb8e78bc7ce26c16db442aa94b8a709 +size 50922 diff --git a/bash-git-prompt.changes b/bash-git-prompt.changes new file mode 100644 index 0000000..52eaa6f --- /dev/null +++ b/bash-git-prompt.changes @@ -0,0 +1,26 @@ +------------------------------------------------------------------- +Mon Sep 22 13:59:46 UTC 2025 - Matthias Gerstner + +- add use-safe-tempfile.diff: this fixes bsc#1247489, an insecure predictable + /tmp file usage in bash-git-prompt. + +------------------------------------------------------------------- +Sun May 10 08:51:18 UTC 2020 - Michal Suchanek + +- Add configuration file. + +------------------------------------------------------------------- +Mon Feb 24 16:58:27 UTC 2020 - Michal Suchanek + +- Use profile.d instead of editing /etc/bashrc. + +------------------------------------------------------------------- +Thu Feb 20 18:06:58 UTC 2020 - Michal Suchanek + +- Version 2.7.1 + +------------------------------------------------------------------- +Fri Aug 08 00:00:00 UTC 2014 - Justin Zhang + +bash-git-prompt 1.0.1-1 +- Initial version of package diff --git a/bash-git-prompt.spec b/bash-git-prompt.spec new file mode 100644 index 0000000..6384063 --- /dev/null +++ b/bash-git-prompt.spec @@ -0,0 +1,118 @@ +# +# spec file for package bash-git-prompt +# +# Copyright (c) 2025 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%if ! %{defined _fillupdir} +%define _fillupdir /var/adm/fillup-templates +%endif + +Name: bash-git-prompt +Version: 2.7.1 +Release: 0 +Summary: Informative git prompt for bash and fish +License: BSD-2-Clause +Group: Development/Tools/Version Control +URL: https://github.com/magicmonty/bash-git-prompt +Source0: https://github.com/magicmonty/%{name}/archive/%{version}/%{name}-%{version}.tar.gz +Patch0: use-safe-tempfile.diff +Requires: git-core +Requires(post): %fillup_prereq +BuildArch: noarch + +%description +A bash prompt that displays information about the current git repository. In particular the branch name, difference with remote branch, number of files staged, changed, etc. + +This package will automatically enable the git prompt for bash after +install. It will disable the prompt accordingly after uninstall. + +%prep +%setup -q +%autopatch -p1 + +%build +sed -i -e 's,#!/usr/bin/env bash,#!/bin/bash,' $(find . -name \*.sh) + +%install +install -dm 755 %{buildroot}%{_datadir}/%{name} +install -pm 755 *.sh %{buildroot}%{_datadir}/%{name} +#install -pm 755 *.py %{buildroot}%{_datadir}/%{name} +install -pm 755 *.fish %{buildroot}%{_datadir}/%{name} +install -pm 644 README.md %{buildroot}%{_datadir}/%{name} +install -dm 755 %{buildroot}%{_datadir}/%{name}/themes +install -pm 644 themes/*.bgptheme %{buildroot}%{_datadir}/%{name}/themes +install -pm 644 themes/*.bgptemplate %{buildroot}%{_datadir}/%{name}/themes + +# enable bash-git-prompt +mkdir -p %{buildroot}%{_sysconfdir}/profile.d +mkdir -p %{buildroot}%{_fillupdir} +cat << EOF >> %{buildroot}%{_fillupdir}/sysconfig.%{name} +GIT_PROMPT_SYSTEMWIDE_ENABLE=1 + +GIT_PROMPT_ONLY_IN_REPO=1 + +# GIT_PROMPT_FETCH_REMOTE_STATUS=0 # uncomment to avoid fetching remote status +# GIT_PROMPT_IGNORE_SUBMODULES=1 # uncomment to avoid searching for changed files in submodules + +# GIT_PROMPT_SHOW_UPSTREAM=1 # uncomment to show upstream tracking branch +# GIT_PROMPT_SHOW_UNTRACKED_FILES=all # can be no, normal or all; determines counting of untracked files + # Set to `no` or `normal` to speed things up if you have lots of + # untracked files in your repository. This can be the case for + # build systems that put their build artifacts in the subdirectory + # structure of the git repository. + +# GIT_PROMPT_SHOW_CHANGED_FILES_COUNT=0 # uncomment to avoid printing the number of changed files + +# GIT_PROMPT_STATUS_COMMAND=gitstatus_pre-1.7.10.sh # uncomment to support Git older than 1.7.10 + +# GIT_PROMPT_START=... # uncomment for custom prompt start sequence +# GIT_PROMPT_END=... # uncomment for custom prompt end sequence + +# Color curtomization +GIT_PROMPT_THEME=Default +# GIT_PROMPT_THEME=Custom # use custom theme specified in file GIT_PROMPT_THEME_FILE (default ~/.git-prompt-colors.sh) +# GIT_PROMPT_THEME_FILE=~/.git-prompt-colors.sh +# GIT_PROMPT_THEME=Solarized # use theme optimized for solarized color scheme +EOF + +cat << EOF >> %{buildroot}%{_sysconfdir}/profile.d/%{name}.sh +if [ -n "\${BASH_VERSION-}" ] && [ -f %{_datadir}/%{name}/gitprompt.sh ]; then + # Set config variables first + [ -f %{_sysconfdir}/sysconfig/%{name} ] && source %{_sysconfdir}/sysconfig/%{name} + + [ "\${GIT_PROMPT_SYSTEMWIDE_ENABLE}" = 1 ] && source %{_datadir}/%{name}/gitprompt.sh +fi +EOF + +%pre + +%post +%fillup_only + +%preun + +%postun + +%files +%{_datadir}/%{name} +%{_sysconfdir}/profile.d/%{name}.sh +%{_fillupdir}/sysconfig.%{name} + +%doc README.md + +%license LICENSE.txt + +%changelog diff --git a/use-safe-tempfile.diff b/use-safe-tempfile.diff new file mode 100644 index 0000000..ed7e38c --- /dev/null +++ b/use-safe-tempfile.diff @@ -0,0 +1,27 @@ +Index: bash-git-prompt-2.7.1/gitprompt.sh +=================================================================== +--- bash-git-prompt-2.7.1.orig/gitprompt.sh ++++ bash-git-prompt-2.7.1/gitprompt.sh +@@ -466,8 +466,11 @@ function createPrivateIndex { + else + __GIT_INDEX_FILE="$GIT_INDEX_FILE" + fi +- __GIT_INDEX_PRIVATE="/tmp/git-index-private$$" ++ __GIT_INDEX_PRIVATE=`mktemp "/tmp/git-index-private-$$.XXXX"` + command cp "$__GIT_INDEX_FILE" "$__GIT_INDEX_PRIVATE" 2>/dev/null ++ if [ $? -ne 0 ]; then ++ return ++ fi + echo "$__GIT_INDEX_PRIVATE" + } + +@@ -500,6 +503,9 @@ function updatePrompt() { + local GIT_INDEX_PRIVATE="$(createPrivateIndex)" + #important to define GIT_INDEX_FILE as local: This way it only affects this function (and below) - even with the export afterwards + local GIT_INDEX_FILE ++ if [ -z "$GIT_INDEX_PRIVATE" ]; then ++ return ++ fi + export GIT_INDEX_FILE="$GIT_INDEX_PRIVATE" + + local -a git_status_fields -- 2.51.1 From f7b16a1cabefdf8ccbb625b7e1e361c6de879405017ca57f61ff7e1a24ff45a6 Mon Sep 17 00:00:00 2001 From: Michal Suchanek Date: Wed, 26 Nov 2025 10:20:47 +0000 Subject: [PATCH 2/2] - add use-safe-tempfile.diff: this fixes bsc#1247489 CVE-2025-61659, an insecure predictable /tmp file usage in bash-git-prompt. OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/bash-git-prompt?expand=0&rev=8 --- .gitattributes | 23 +++++++ .gitignore | 1 + bash-git-prompt-2.7.1.tar.gz | 3 + bash-git-prompt.changes | 26 ++++++++ bash-git-prompt.spec | 118 +++++++++++++++++++++++++++++++++++ use-safe-tempfile.diff | 27 ++++++++ 6 files changed, 198 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 bash-git-prompt-2.7.1.tar.gz create mode 100644 bash-git-prompt.changes create mode 100644 bash-git-prompt.spec create mode 100644 use-safe-tempfile.diff diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/bash-git-prompt-2.7.1.tar.gz b/bash-git-prompt-2.7.1.tar.gz new file mode 100644 index 0000000..c80234f --- /dev/null +++ b/bash-git-prompt-2.7.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5e5fc6f5133b65760fede8050d4c3bc8edb8e78bc7ce26c16db442aa94b8a709 +size 50922 diff --git a/bash-git-prompt.changes b/bash-git-prompt.changes new file mode 100644 index 0000000..ea7e165 --- /dev/null +++ b/bash-git-prompt.changes @@ -0,0 +1,26 @@ +------------------------------------------------------------------- +Mon Sep 22 13:59:46 UTC 2025 - Matthias Gerstner + +- add use-safe-tempfile.diff: this fixes bsc#1247489 CVE-2025-61659, an + insecure predictable /tmp file usage in bash-git-prompt. + +------------------------------------------------------------------- +Sun May 10 08:51:18 UTC 2020 - Michal Suchanek + +- Add configuration file. + +------------------------------------------------------------------- +Mon Feb 24 16:58:27 UTC 2020 - Michal Suchanek + +- Use profile.d instead of editing /etc/bashrc. + +------------------------------------------------------------------- +Thu Feb 20 18:06:58 UTC 2020 - Michal Suchanek + +- Version 2.7.1 + +------------------------------------------------------------------- +Fri Aug 08 00:00:00 UTC 2014 - Justin Zhang + +bash-git-prompt 1.0.1-1 +- Initial version of package diff --git a/bash-git-prompt.spec b/bash-git-prompt.spec new file mode 100644 index 0000000..7634838 --- /dev/null +++ b/bash-git-prompt.spec @@ -0,0 +1,118 @@ +# +# spec file for package bash-git-prompt +# +# Copyright (c) 2025 SUSE LLC and contributors +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%if ! %{defined _fillupdir} +%define _fillupdir /var/adm/fillup-templates +%endif + +Name: bash-git-prompt +Version: 2.7.1 +Release: 0 +Summary: Informative git prompt for bash and fish +License: BSD-2-Clause +Group: Development/Tools/Version Control +URL: https://github.com/magicmonty/bash-git-prompt +Source0: https://github.com/magicmonty/%{name}/archive/%{version}/%{name}-%{version}.tar.gz +Patch0: use-safe-tempfile.diff +Requires: git-core +Requires(post): %fillup_prereq +BuildArch: noarch + +%description +A bash prompt that displays information about the current git repository. In particular the branch name, difference with remote branch, number of files staged, changed, etc. + +This package will automatically enable the git prompt for bash after +install. It will disable the prompt accordingly after uninstall. + +%prep +%setup -q +%autopatch -p1 + +%build +sed -i -e 's,#!/usr/bin/env bash,#!/bin/bash,' $(find . -name \*.sh) + +%install +install -dm 755 %{buildroot}%{_datadir}/%{name} +install -pm 755 *.sh %{buildroot}%{_datadir}/%{name} +#install -pm 755 *.py %{buildroot}%{_datadir}/%{name} +install -pm 755 *.fish %{buildroot}%{_datadir}/%{name} +install -pm 644 README.md %{buildroot}%{_datadir}/%{name} +install -dm 755 %{buildroot}%{_datadir}/%{name}/themes +install -pm 644 themes/*.bgptheme %{buildroot}%{_datadir}/%{name}/themes +install -pm 644 themes/*.bgptemplate %{buildroot}%{_datadir}/%{name}/themes + +# enable bash-git-prompt +mkdir -p %{buildroot}%{_sysconfdir}/profile.d +mkdir -p %{buildroot}%{_fillupdir} +cat << EOF >> %{buildroot}%{_fillupdir}/sysconfig.%{name} +GIT_PROMPT_SYSTEMWIDE_ENABLE=1 + +GIT_PROMPT_ONLY_IN_REPO=1 + +# GIT_PROMPT_FETCH_REMOTE_STATUS=0 # uncomment to avoid fetching remote status +# GIT_PROMPT_IGNORE_SUBMODULES=1 # uncomment to avoid searching for changed files in submodules + +# GIT_PROMPT_SHOW_UPSTREAM=1 # uncomment to show upstream tracking branch +# GIT_PROMPT_SHOW_UNTRACKED_FILES=all # can be no, normal or all; determines counting of untracked files + # Set to `no` or `normal` to speed things up if you have lots of + # untracked files in your repository. This can be the case for + # build systems that put their build artifacts in the subdirectory + # structure of the git repository. + +# GIT_PROMPT_SHOW_CHANGED_FILES_COUNT=0 # uncomment to avoid printing the number of changed files + +# GIT_PROMPT_STATUS_COMMAND=gitstatus_pre-1.7.10.sh # uncomment to support Git older than 1.7.10 + +# GIT_PROMPT_START=... # uncomment for custom prompt start sequence +# GIT_PROMPT_END=... # uncomment for custom prompt end sequence + +# Color curtomization +GIT_PROMPT_THEME=Default +# GIT_PROMPT_THEME=Custom # use custom theme specified in file GIT_PROMPT_THEME_FILE (default ~/.git-prompt-colors.sh) +# GIT_PROMPT_THEME_FILE=~/.git-prompt-colors.sh +# GIT_PROMPT_THEME=Solarized # use theme optimized for solarized color scheme +EOF + +cat << EOF >> %{buildroot}%{_sysconfdir}/profile.d/%{name}.sh +if [ -n "\${BASH_VERSION-}" ] && [ -f %{_datadir}/%{name}/gitprompt.sh ]; then + # Set config variables first + [ -f %{_sysconfdir}/sysconfig/%{name} ] && source %{_sysconfdir}/sysconfig/%{name} + + [ "\${GIT_PROMPT_SYSTEMWIDE_ENABLE}" = 1 ] && source %{_datadir}/%{name}/gitprompt.sh +fi +EOF + +%pre + +%post +%fillup_only + +%preun + +%postun + +%files +%{_datadir}/%{name} +%{_sysconfdir}/profile.d/%{name}.sh +%{_fillupdir}/sysconfig.%{name} + +%doc README.md + +%license LICENSE.txt + +%changelog diff --git a/use-safe-tempfile.diff b/use-safe-tempfile.diff new file mode 100644 index 0000000..ed7e38c --- /dev/null +++ b/use-safe-tempfile.diff @@ -0,0 +1,27 @@ +Index: bash-git-prompt-2.7.1/gitprompt.sh +=================================================================== +--- bash-git-prompt-2.7.1.orig/gitprompt.sh ++++ bash-git-prompt-2.7.1/gitprompt.sh +@@ -466,8 +466,11 @@ function createPrivateIndex { + else + __GIT_INDEX_FILE="$GIT_INDEX_FILE" + fi +- __GIT_INDEX_PRIVATE="/tmp/git-index-private$$" ++ __GIT_INDEX_PRIVATE=`mktemp "/tmp/git-index-private-$$.XXXX"` + command cp "$__GIT_INDEX_FILE" "$__GIT_INDEX_PRIVATE" 2>/dev/null ++ if [ $? -ne 0 ]; then ++ return ++ fi + echo "$__GIT_INDEX_PRIVATE" + } + +@@ -500,6 +503,9 @@ function updatePrompt() { + local GIT_INDEX_PRIVATE="$(createPrivateIndex)" + #important to define GIT_INDEX_FILE as local: This way it only affects this function (and below) - even with the export afterwards + local GIT_INDEX_FILE ++ if [ -z "$GIT_INDEX_PRIVATE" ]; then ++ return ++ fi + export GIT_INDEX_FILE="$GIT_INDEX_PRIVATE" + + local -a git_status_fields -- 2.51.1