diff --git a/cgit-0.11.2.tar.xz b/cgit-0.11.2.tar.xz new file mode 100644 index 0000000..a58437d --- /dev/null +++ b/cgit-0.11.2.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2e126e770693d7296c7eb5eb83b809410aef29870bfe8f54da072a3f4d813e3b +size 93556 diff --git a/cgit-0.9.1.tar.xz b/cgit-0.9.1.tar.xz deleted file mode 100644 index 3a2150b..0000000 --- a/cgit-0.9.1.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e2d7de92cfcd5d61a7dacee2f603784843903081675f3c74e4845df9185930a0 -size 66472 diff --git a/cgit-CVE-2013-2117-disallow-directory-traversal.patch b/cgit-CVE-2013-2117-disallow-directory-traversal.patch deleted file mode 100644 index d26bc6e..0000000 --- a/cgit-CVE-2013-2117-disallow-directory-traversal.patch +++ /dev/null @@ -1,58 +0,0 @@ -From babf94e04e74123eb658a823213c062663cdadd6 Mon Sep 17 00:00:00 2001 -From: Jason A. Donenfeld -Date: Sat, 25 May 2013 17:47:15 +0000 -Subject: ui-summary: Disallow directory traversal - -Using the url= query string, it was possible request arbitrary files -from the filesystem if the readme for a given page was set to a -filesystem file. The following request would return my /etc/passwd file: - -http://git.zx2c4.com/?url=/somerepo/about/../../../../etc/passwd -http://data.zx2c4.com/cgit-directory-traversal.png - -This fix uses realpath(3) to canonicalize all paths, and then compares -the base components. - -This fix introduces a subtle timing attack, whereby a client can check -whether or not strstr is called using timing measurements in order -to determine if a given file exists on the filesystem. - -This fix also does not account for filesystem race conditions (TOCTOU) -in resolving symlinks. - -Signed-off-by: Jason A. Donenfeld ---- ---- - ui-summary.c | 13 +++++++++++++ - 1 file changed, 13 insertions(+) - ---- a/ui-summary.c -+++ b/ui-summary.c -@@ -96,6 +96,7 @@ void cgit_print_repo_readme(char *path) - * to the directory containing the configured readme. - */ - if (path) { -+ char *resolved_base, *resolved_full; - slash = strrchr(ctx.repo->readme, '/'); - if (!slash) { - if (!colon) -@@ -104,7 +105,19 @@ void cgit_print_repo_readme(char *path) - } - tmp = xmalloc(slash - ctx.repo->readme + 1 + strlen(path) + 1); - strncpy(tmp, ctx.repo->readme, slash - ctx.repo->readme + 1); -+ if (!ref) -+ resolved_base = realpath(tmp, NULL); - strcpy(tmp + (slash - ctx.repo->readme + 1), path); -+ if (!ref) { -+ resolved_full = realpath(tmp, NULL); -+ if (!resolved_base || !resolved_full || -+ strstr(resolved_full, resolved_base) != resolved_full) { -+ free(tmp); -+ return; -+ } -+ free(resolved_base); -+ free(resolved_full); -+ } - } else - tmp = ctx.repo->readme; - diff --git a/cgit-fix-more-read_tree_recursive-invocations.diff b/cgit-fix-more-read_tree_recursive-invocations.diff deleted file mode 100644 index 60d42b5..0000000 --- a/cgit-fix-more-read_tree_recursive-invocations.diff +++ /dev/null @@ -1,54 +0,0 @@ ---- ui-blob.c -+++ ui-blob.c -@@ -37,11 +37,14 @@ int cgit_print_file(char *path, const char *head) - return -1; - type = sha1_object_info(sha1, &size); - if(type == OBJ_COMMIT && path) { -+ struct pathspec pathspec; - commit = lookup_commit_reference(sha1); - match_path = path; - matched_sha1 = sha1; - found_path = 0; -- read_tree_recursive(commit->tree, "", 0, 0, paths, walk_tree, NULL); -+ init_pathspec(&pathspec, paths); -+ read_tree_recursive(commit->tree, "", 0, 0, &pathspec, walk_tree, NULL); -+ free_pathspec(&pathspec); - if (!found_path) - return -1; - type = sha1_object_info(sha1, &size); -@@ -80,10 +83,13 @@ void cgit_print_blob(const char *hex, char *path, const char *head) - type = sha1_object_info(sha1, &size); - - if((!hex) && type == OBJ_COMMIT && path) { -+ struct pathspec pathspec; - commit = lookup_commit_reference(sha1); - match_path = path; - matched_sha1 = sha1; -- read_tree_recursive(commit->tree, "", 0, 0, paths, walk_tree, NULL); -+ init_pathspec(&pathspec, paths); -+ read_tree_recursive(commit->tree, "", 0, 0, &pathspec, walk_tree, NULL); -+ free_pathspec(&pathspec); - type = sha1_object_info(sha1,&size); - } - ---- ui-plain.c -+++ ui-plain.c -@@ -145,6 +145,7 @@ void cgit_print_plain(struct cgit_context *ctx) - unsigned char sha1[20]; - struct commit *commit; - const char *paths[] = {ctx->qry.path, NULL}; -+ struct pathspec pathspec; - - if (!rev) - rev = ctx->qry.head; -@@ -165,7 +166,9 @@ void cgit_print_plain(struct cgit_context *ctx) - } - else - match_baselen = basedir_len(paths[0]); -- read_tree_recursive(commit->tree, "", 0, 0, paths, walk_tree, NULL); -+ init_pathspec(&pathspec, paths); -+ read_tree_recursive(commit->tree, "", 0, 0, &pathspec, walk_tree, NULL); -+ free_pathspec(&pathspec); - if (!match) - html_status(404, "Not found", 0); - else if (match == 2) diff --git a/cgit-fix-print-tree.diff b/cgit-fix-print-tree.diff deleted file mode 100644 index fa40e80..0000000 --- a/cgit-fix-print-tree.diff +++ /dev/null @@ -1,20 +0,0 @@ ---- ui-tree.c 2011-11-17 18:00:20.036822908 +0100 -+++ ui-tree.c 2011-11-17 18:01:22.396236999 +0100 -@@ -262,6 +262,7 @@ - unsigned char sha1[20]; - struct commit *commit; - const char *paths[] = {path, NULL}; -+ struct pathspec pathspec; - - if (!rev) - rev = ctx.qry.head; -@@ -283,6 +284,8 @@ - } - - match_path = path; -- read_tree_recursive(commit->tree, "", 0, 0, paths, walk_tree, NULL); -+ init_pathspec(&pathspec, paths); -+ read_tree_recursive(commit->tree, "", 0, 0, &pathspec, walk_tree, NULL); -+ free_pathspec(&pathspec); - ls_tail(); - } diff --git a/cgit-git-1.7.6_build_fix.patch b/cgit-git-1.7.6_build_fix.patch deleted file mode 100644 index 3ef0655..0000000 --- a/cgit-git-1.7.6_build_fix.patch +++ /dev/null @@ -1,71 +0,0 @@ ---- - shared.c | 11 ++++++----- - ui-stats.c | 2 +- - 2 files changed, 7 insertions(+), 6 deletions(-) - -Index: cgit-0.9.0.2/shared.c -=================================================================== ---- cgit-0.9.0.2.orig/shared.c 2011-07-21 16:24:10.000000000 +0200 -+++ cgit-0.9.0.2/shared.c 2011-08-04 01:20:42.695017536 +0200 -@@ -303,7 +303,7 @@ void cgit_diff_tree(const unsigned char - filepair_fn fn, const char *prefix, int ignorews) - { - struct diff_options opt; -- int prefixlen; -+ struct pathspec_item pitem; - - diff_setup(&opt); - opt.output_format = DIFF_FORMAT_CALLBACK; -@@ -315,10 +315,11 @@ void cgit_diff_tree(const unsigned char - opt.format_callback = cgit_diff_tree_cb; - opt.format_callback_data = fn; - if (prefix) { -- opt.nr_paths = 1; -- opt.paths = &prefix; -- prefixlen = strlen(prefix); -- opt.pathlens = &prefixlen; -+ opt.pathspec.nr = 1; -+ opt.pathspec.raw = &prefix; -+ pitem.match = prefix; -+ pitem.len = strlen(prefix); -+ opt.pathspec.items = &pitem; - } - diff_setup_done(&opt); - -Index: cgit-0.9.0.2/ui-stats.c -=================================================================== ---- cgit-0.9.0.2.orig/ui-stats.c 2011-07-21 16:24:10.000000000 +0200 -+++ cgit-0.9.0.2/ui-stats.c 2011-08-04 01:20:42.695017536 +0200 -@@ -239,7 +239,7 @@ struct string_list collect_stats(struct - init_revisions(&rev, NULL); - rev.abbrev = DEFAULT_ABBREV; - rev.commit_format = CMIT_FMT_DEFAULT; -- rev.no_merges = 1; -+ rev.max_parents = 1; - rev.verbose_header = 1; - rev.show_root_diff = 0; - setup_revisions(argc, argv, &rev, NULL); -Index: cgit-0.9.0.2/ui-tree.c -=================================================================== ---- cgit-0.9.0.2.orig/ui-tree.c 2011-07-21 16:24:10.000000000 +0200 -+++ cgit-0.9.0.2/ui-tree.c 2011-08-04 01:20:58.632061214 +0200 -@@ -206,6 +206,8 @@ static void ls_tail() - - static void ls_tree(const unsigned char *sha1, char *path) - { -+ const char *paths[] = { path, NULL }; -+ struct pathspec pathspec; - struct tree *tree; - - tree = parse_tree_indirect(sha1); -@@ -216,7 +218,9 @@ static void ls_tree(const unsigned char - } - - ls_head(); -- read_tree_recursive(tree, "", 0, 1, NULL, ls_item, NULL); -+ init_pathspec(&pathspec, paths); -+ read_tree_recursive(tree, "", 0, 1, &pathspec, ls_item, NULL); -+ free_pathspec(&pathspec); - ls_tail(); - } - diff --git a/cgit-optflags.diff b/cgit-optflags.diff index 17bc793..cad578b 100644 --- a/cgit-optflags.diff +++ b/cgit-optflags.diff @@ -1,14 +1,16 @@ --- - Makefile | 1 + + cgit.mk | 1 + 1 file changed, 1 insertion(+) ---- a/Makefile -+++ b/Makefile -@@ -134,6 +134,7 @@ +Index: cgit-0.11.2/cgit.mk +=================================================================== +--- cgit-0.11.2.orig/cgit.mk ++++ cgit-0.11.2/cgit.mk +@@ -17,6 +17,7 @@ $(CGIT_PREFIX)VERSION: force-version - - CFLAGS += -g -Wall -Igit -+CFLAGS += $(RPM_OPT_FLAGS) - CFLAGS += -DSHA1_HEADER='$(SHA1_HEADER)' - CFLAGS += -DCGIT_VERSION='"$(CGIT_VERSION)"' - CFLAGS += -DCGIT_CONFIG='"$(CGIT_CONFIG)"' + # CGIT_CFLAGS is a separate variable so that we can track it separately + # and avoid rebuilding all of Git when these variables change. ++CGIT_CFLAGS += $(RPM_OPT_FLAGS) + CGIT_CFLAGS += -DCGIT_CONFIG='"$(CGIT_CONFIG)"' + CGIT_CFLAGS += -DCGIT_SCRIPT_NAME='"$(CGIT_SCRIPT_NAME)"' + CGIT_CFLAGS += -DCGIT_CACHE_ROOT='"$(CACHE_ROOT)"' diff --git a/cgit.changes b/cgit.changes index b5e3927..1250ea0 100644 --- a/cgit.changes +++ b/cgit.changes @@ -1,3 +1,30 @@ +------------------------------------------------------------------- +Mon May 4 08:56:39 UTC 2015 - jengelh@inai.de + +- Update to new upstream release 0.11.2 +* addition of a Lua scripting engine +* fine-grained authentication support through the new Lua + scripting system +* support for the "rawdiff" command was added +* sendfile() is now used when available (Linux systems) instead + of a loop of read() and write(). This should significantly + increase performance for high volume sites which make heavy use + of the caching feature, as it saves copies to and from + user-space. +* Caching granularity is now improved with the introduction of + the cache-snapshot-ttl option, which allows configuration of + the ttl for tarball and zip snapshots of repositories. +* When filtering in the index, make the sorting links point to + the same filtered page of results +* Take into account leading slashes when comptuing links +- Avoid double %setup (messes with quilt). Simplify filelist. + %doc for man is implicit. +- Drop cgit-git-1.7.6_build_fix.patch, + cgit-fix-print-tree.diff, + cgit-fix-more-read_tree_recursive-invocations.diff, + cgit-CVE-2013-2117-disallow-directory-traversal.patch +- Add signature for the git core tarball. + ------------------------------------------------------------------- Mon Nov 24 13:10:34 UTC 2014 - guillaume@opensuse.org diff --git a/cgit.keyring b/cgit.keyring new file mode 100644 index 0000000..e2e9556 --- /dev/null +++ b/cgit.keyring @@ -0,0 +1,152 @@ +pub 4096R/713660A7 2011-10-01 +uid [ unknown] Junio C Hamano +uid [ unknown] Junio C Hamano +uid [ unknown] Junio C Hamano +sub 4096R/833262C4 2011-10-01 +sub 4096R/96AFE6CB 2011-10-03 [expires: 2015-09-21] +sub 4096R/B3F7CAC9 2014-09-20 [expires: 2017-09-19] + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2 + +mQINBE6GdewBEADE3szNmKeUAUad22z1tWkLjLzyDcJpF7IzEnLs8bD1y0I6iqH0 +169ru5iXKn29wc+YAuxWorb4P5a2i2B/vs32hJy/rXE7dpvsAqlHLSGSDUJXiFzM +Bb9SfJO0EY2r+vqzeQgSUmhp/b4dAXVnMATFM37V83H/mq8REl5Wwb2rxP3pcv6W +F6i51+tPEWIUgo1N74QkR4wdLcPztDO9v7ZIaFKl+2GEGkx6Z+YjECTqQuyushjq +41K3UVmv+AmLhJYKA78HY5KqCkXrz8rCgoi+Ih+ZT2sgjx637yT84Dr/QDh7BkIB +blmpRQ+yoJlVDWI5/bI8rcdrPz+NmxaJ7dKEBg0qTclbwquacpwG1DCCD8NgQrwL +WVLGVdsT2qwek+KkmOs+iNBXY1TgKPAeuv0ZDKKYrCwYpN1K90oXk431g79bKsH5 +8Tybg5uW+e2i+H5gnDeyl481HOt8aHOPu9qIB/zIek6lDH69q3nGcf7k3prxDf3I +qYy6CPcpjTfpN4i/7gxQDNI+AIgbs21EE5Kg1TPUe0XgfdJMtIF+D6wTjbrLtDnn +09Iwz0SfIZR52IrZHxUlFXZFjk10RXYATtdMqEFgYgjYvYXxL9EEr7T5Dgso+qaE +wV0rrg0VDKrf/afrjGOeffumlhBhJnBnns1T+p65Vz5hyQl7SFKLw+Ix7wARAQAB +tB9KdW5pbyBDIEhhbWFubyA8amNoQGdvb2dsZS5jb20+iQI4BBMBAgAiBQJOhnjV +AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAg0E5acTZgp4SyD/9slQ1I +kYqz+VXPnmHCQFhurYcHD8t1iGBqiXxI+gpA1Y3L1QL+aj0fplW4KuEPbJ7xlYdL +A4J+M9kgkwt3Jufw+lM1pQM9tSB627rAbxUyczj4AFjZ9v8GpqyZ3XPDe8NknI/V +4Xlhsr+e3AHJPr355XacMkFGc3Rtw1quFVgrECttdzUD6xtrhwYYVAYAnKr65943 +UtMLsVXkJLfjq8c1NZOCov9SwSb0N9IkEhSyihd/92Z2NH4d+B1QTIyWagL3GNN8 +LXXEHK+x+oA/nbhGbFg7bqhxUW4d2JaxKPy4U3nfdtSmMbiy16eUfMbbMyvB0jtL +f6UFrxF5bJnYkiG18DcLSaX7Hsby8IVzZQZHYvkx5+7pK2SBsdek3bu3punP3dWL +JoMw+Vmm5Bk0Yl7pxzvsYQWhPV7+tpgglUSFQuIeXFrwjVXP8Q+Ph9nO0vKIaeTc +n1ISuq2XaoqhkLH+Zw1I/ruRtk2DJbZsg5BBGfA26BkZWJXlO6h33emPwkJ0Fanl +zRtMTqZ/4RiTXv5G1L/lypX1iq6fF2V+WTh2JmEKyY+2l0/19XRANfaDiYULoBvJ +EdCcIXLbaRTqjem+70ZGvAiCaGO52YvUhBo+XCgjucjcqhxiF3wc24kzj1Zycrwb +Da7VjftZAApN01CJ38mXGpZXiWZU4hjJx41wCbQgSnVuaW8gQyBIYW1hbm8gPGp1 +bmlvQHBvYm94LmNvbT6JAjgEEwECACIFAk6GeL4CGwMGCwkIBwMCBhUIAgkKCwQW +AgMBAh4BAheAAAoJECDQTlpxNmCn6GMQAJ0V0jmyQ7Lvi5FBBgNTdY8qfVbLFxEU +VAsKf2x9QxhsOcL2heQRVkp10JKv4/VQLfDwr6Pv98FQchXlBmFiySAbVihUVC+V +J3FhyKBtI14RXT6Nkwd18PXDvWXy2fKeiK9GPDWkufac0h/giz0T1xP7CHxDErQA +TMmYbkinyyM+xd1Nir6DUYcHJQIK2Dg2VPChkI0XXCQETLDbrC9fDwWg1vP36PQZ ++nw/cIRt+2xkq8HHUzB7kOnXHqPt1kb/Ry8hZwPnfV7g/V0MogoMLtz233pqwugu +LXP7zY3jTwAZZ9VTpuCTsdVWXJDlznMNurYi1yurCNuUvq/O/9JC8WBtdVUuvFZG +jRZWfP24W57iq/qz8CV6dThq5r4WygE83tMC3DaarNJ4f9dQUA4KpL7j2EMXkgoX +cEy1mieUCypdNiZj96hV8Q7apSLk2V4jtvLkJfzX053glqRJI35SX8OkSazZGYZH +X6QfZlvznnrCF5x/xBzhbfr2Geo4rxL0BQsp2DQodqUCB23QzsPhWWffYtkATaD5 +vovGeQ9Acd1u72jH3DO8tVMH85jMO4f+oc0h3lnkPS4F33QqlnErRo/IRm6jCsI/ +NgMZUYdh0EY5Iiq/e8e+u8gdo0akkwHlNvR4KrYrK/1K4h+i+UBIbJDZpqT/iH+y +hJRQ3CAan8KStCJKdW5pbyBDIEhhbWFubyA8Z2l0c3RlckBwb2JveC5jb20+iQI7 +BBMBAgAlAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUCToZ45QIZAQAKCRAg +0E5acTZgp1TFEACr+QRpfDmbGnUY1Rqy50Ap1eG0061vAapCMLmU+4kxqIRKm5/0 +0YGmb7VxRCLDpKNa0hkH+ftA4QmnPU4j4UEsh/vAa2BGCXRjB9RixTokvQf9iOXU +GiHYv1kn+p3lxg66bLnKV3dWScjV2IueDP4ypLEZHlWD9I/Unmrg2mJEAcz4gSAf +BHWLOf/+JYAq6j6erIxPS5ZtIz/twQf6MCoXXAXuM6tgUhdptJqG82WzSZMuWOfz +mS6DSTuqK05h9gpwdj5nz4jdh4u5sp+LKOqFw94JIRcE+wj5cljOOlX3Fqi84ADC +8b/OzC3V9KGarNnBzWdnkIoNxbNBNF6wD1dgn1peueufaP9q5CO9ljKNSOGUClwv +tJFrpZZL5PheNNFFkPSZpkmStcB6s8RHsyz5zuqxQUOWuvLVUDRW58yZR0WC1Xc/ +yi+cEFSUiKI5OqPNwC1v0xh7a/MObJQxTQCEKHLyVYlnohsf2RxzxaOOjgWmY2O+ +yH5G5ymfBie/Uw7zcSsJ89ovLAEG/10tkJVqIfza5Wexj3VAZbI+i7vx2gtlLqM2 +3gGykqcv7VWmFD5lFWGC4Sw8M7Jikm8vn99dxZnsBKjMqksjENUX1JeUZI+FHg2C +NSVBX0J8yLnmd8eJBkYXkU79J3GVex/WTzbFnSkPmw16MtAu/E9EKNbAILkCDQRO +hnXsARAA8ZueozuaZ1UR9dwbBt/KNag/ZiaaV4X9Jm+nQTkT9W92CTWpJ0LcVT10 +pVzQGDUrWLPW1sJ/ka2JjhH8tDFnpKjgaoBwxH+dJLWWs4RXfPXbefCAPliBaOwR +ZNVyK+FEnUhEHi+z2+KEoOQGJ/AtzpU+0958VgYfWhG2rRH4lDBSopC1VS3WxC+x +QcxJMqR30ArJQ5avoIAAFQc6qzCAZ/4nbaPO1Kxdsf6ndj9jyZfaVH++OKS/cs1/ +nDW0JXdGH+oEFvf69FFFvwglOKqTw78nMhiMd2Oz1fzIwJa3uKib+JIaEhWrAAIw +188lCGIcO8jJmgBP5RDlTezOq3mA74WgwnFnxJ/LIx9N/1mvdr1ce26DMeUQBIfG +BNimRxGZADg5VuKZwysmh9/JY/KWtHYe+0VwA+l9VzxsIs6Zo36wQTxr1DRrHSKS +WmOChGmdPr924b31NA1geHZiQd2j8QughbVQNEARnG8Neo1HgPti1CYFjLPOp6R2 +j8w/fSeEPkpsPZmT38k+TucspmFzsCKedGlI5BgkHB7be44rDZFOdmxQ9iXECa/K +OuySHKhTXYTwJ8QvgTdEA7Qsl0/sMQtVL4fRP/69yTxEA0RHxFG95ft0mq89Sgpt +y1IcdVxPNmenPerR6KVH4josG7cb/vFMqV09p7Sn6a89VHTG+Y8AEQEAAYkCHwQY +AQIACQUCToZ17AIbDAAKCRAg0E5acTZgpxSmD/4+nZhEFmZYlhPJXvUM4dVqk2x3 +eXpWhibltChkPoPaJFgZIfrC5T8cU5Nn9G+/T3Oytzj8u/PTnCLK2xw94w6e00vS +FaV+5FWZ757bOaFd13CuavOFwxEKmulCJX4mZGSQsyF/DZEgG79FJpiiiykvgDSB +CGQSga1saWMLxtsAaFj5KTb+ZnRLkfYd6WdWgkmUV8rDJVl6OXDGLmVIWm6zqkzT ++XnxJvIgURB8zUqLbIjoR7ruziD5r2SU1IzK0dcGTAsPmLjTtpE97fmRU8Qsdmnk +c6pyOeS2BUFQaYErGqf7HqkWX4+4+0gW9m0mwroTXnWwMG95A1knyRsvyDerz3bH +NzXbGBSvl/HJ8qQruKWQytiFPgpFa6v7pEfEzXa6QGHxGF2y6tFxTk9LOIyHI393 +QLZRlt+oQNACj8NQS93MhBn79rKu+YJMNf4yGDFxnPFEScuQH4BCyKztXSIzLJur +xRS3h6QKGxD/O1BKaiMibcBCH1nXFeWB2JpRZBndtS58aX9nQQIeXXODCaWJhWRk +nEg7U3GAgxFyAk4HnVTreFgmleZsKT3khM69kzlZundZ1JRgSQlekDzBHcsdN4UZ +MGkzLYdA/0mAr1K45RkNVQuFrk73kgYUx+4g64xkqFzSbj9jqvo2/4gH2cbnrY6S +hQ+kwjEdAXLP3BGbl7kCDQROiUo5ARAA8l5PToapmK0IHBpY5ohie53ZczLV5ojW +KZXNsmVYNuSBBKpwC6VH2X859dVd59HigAYsS1TbDCUNGC1bM0thJ9Y92fa1WnlE +qyYQZDmJ4rt283DT2Gmrkng6XPjvr8PZeHKtvw7uLywfdm4x0WrGrH34g17BL82u +/7k0JUOgJoPulIkO9Mls35UJSY/Zwk1EdkM4hHKmqJFIiW/DlPYh0Tj5x9Sukk0A +TH/R/QdtpjvwJJZyph6gMhbiYB+G+nR/WZy9vB+bFwPPaa0EudADoIZ9LkQzU/55 +KqNnKH9dPqPVWEOBZVZvPqiRiyRuffMIJ0t9mtvc/jruS1qiTZdJoy2vl6K4Uqc+ +huvlHeCCYR0lGCeDB+Ixuz9xd2ZdUxMgwgcNiQOCW70YWtxf0LF2seSJdLItHDBO +u/f3cqKwNGUvcC3d/9qVb0wPSI1mq18S02MGcvDySsjGtX7o4kujUqE2ZNCW6ORL +JUC6zEYu3TRNWrXeS3uAP21xUrEPkuTiJL7SCS12FYJt5agx5NIUKI7bkIUbLbiu +hC4z47MFajW9Y5jUQk86dk7bjGqVrXYIu92Dhxc2CND2fWaMpYRhwvHR6KQU1yYH +YkGVlMHiozM5D+4dCRRVI8x3p/+ypFBZmZr7yTpv/qD0N8HHl2NAYvGRQdzjyFQO +XERwaXuzjCkAEQEAAYkERAQYAQIADwIbAgUCVB9jPgUJB3dMaAIpwV0gBBkBAgAG +BQJOiUo5AAoJELC16IaWr+bLpKUQAMsAmipqNBx++8jZKqK5pyrUQa8/I7cevHv/ +6avwMgq4ISlIfdYixmI4t/xNakHu6ezXu1gJ97hWbNts6zSiAxsbTDAkEwtDXuAQ +LzIdTc8M8wQgsoq7NXHC4+YCpKBZCn06OVOTVjc52DzPLom9bmOb3UaiCdryeySc +pDXXFuaHeNk7VrDsR9s06eEkTZl/ED2kW3zsT3ZSrG6dHiDupJPi8eoBL1gLRHWu +cUndT8Miu0nxmnU5vvEcOVHj9ZEbbikD5u7EQQdHKFw1R6RYv5zFh81cb/zSoSwJ +MyGxjleqy/IoVYVxqhIIg+UPkHW2jbIi7R6OZ4gc6W5870qKQWHDn7a4XDzQ2NEW +F2G/+SWVInfyQVisFfs0RBJ24LbGA28BRA5wlSBslwKMcmrP0t29eIs2raoCDcYm +LsaQ2PsNTuUcsIzk3Sz1FpS+WIR9Vv4MG3choi+LIdL/38zctLykecz7dYSAhAPW +LwiO5N2++DunogweXzCET5Da+rm2VntE+seHi9hI0hUVyBJm5pwIfd6XaVha1x/k +n9SyoQWc6I4FLEFP68wdkfeEu1cdGfrc4A2fHyXuO2VBH8yXHMshr3v0ALCy4E1k +cET9zEmtawuMLlrQwzJP3a8PQqZnhXkRZ9KAyAaP5tpgb/lDQMUnYo0RM7z0YsET +pmv0WsFXCRAg0E5acTZgp74sD/4rBEPyAk7cmWtyR0XDZpQETY0Sw7Nr4aErdTdQ +7AlntHMcn+MWRJpa57S/ea2Fl6SWZ4X09VV/H11lWnYzw0IkSRDsDATxMin+qpy6 +c7IwxZ9RQ1UT9PhmVBz7rbrsl3Hnjv+WG9PcMCdlFOMZL4VC2TQEr0hBSXWhV6mD +I0rdwuUu+oq84s1cke5g/e5TjoGupTxkaNO/yfDJMf+3dqwGmJDKl23dfKg+XbFh +3Y/G321/C5GgvqtjaCoqzCuTDByEbVXBde7mFB5xQg8ejDgFfuocw57whdNcS3Ml +GPO/P06nB940QELjwp5O34mMcVn0qnyhgaioueVW5qzucEa+UfzbkYhinlYdbylj +wquJlqIScLPNL0xtzOWo1oWHLl7jVklRuRHXFp6Asqan/MovLlYTcBO4OwOJ/rIJ +BOHkMeLu/vlEIeqC6J5vuD+bP4XUpHamxOU8U6RVVDIH4cckhEU3zWDTwaD/RTG8 +TatJzGmjNOOR04imbqFApU7NOUQ488WNqH11aeZoDOoXWKEvWfE7Cg/fTP0JZH3H +aW9LWljWrt68FCyuLtvGVeNyjHw4NZq89bbqnhKBAX1LS3pl/+nfD8Wx4sldo8Rh +lOQgUQu+ZJ5sAueLrnd1AmWEEXvZDFyZqXsrun4cjvZXDmyFFhuaGVis1QzTIumY +pUumvLkCDQRUHbogARAAmJzYPpBprZD5rZEP++T/JS7JYzJPSCMFxppxSCy6RwTP +7Tfu8Bg8Tgy2P6T2dkH5qez2S6+TpOUJ7b/4PmArVWk7uQmo7dkzrMh/gGA6ra44 +xyLfHdpFZaKu/TjbAlKIxbWxQ9Z3+VvUpFkIJ7R2EWGNTGgpDXd6FKe+E0LoM5PE +OlAQ2pgJ9a+J35ukDV7LSLaslrAoEIYsVkIuFs0HOIgP/N7fqlCft9rJo5Oifqxl +G2xB/M0wEl5nA1mAbj4I6N2BI1ft/6jWq853GJ3iX0F8BUoL3EfaFLgUN8nViXe7 +H4iJrgJ0HUXxAvyRW9IkfbCd/eT8OVkHzBLK6dLi/1IoOdpkqxciH2p8YayT+I/g +sgnCadU2hSDWoOf2MB19xs6IpMF1LpG/oSsV8SvVbvBLtoAJShWh7dseUnNw9Xfp +69kMjJCE4Quv3d/l1I4DiDFpAiuXYJLs+q7OtHEUK/GARn+CYJP165JP0owYwZXE +8/ZawtOsAUQrGvtF8QgB5TO4FadB7zJ/oSsfZ8u3T6mqoYPFl7gS9J/MgF1w0oAw +Ip+eZkW4iqtmzbjGhCb8CjRVOhDRxkp4E8Pz7egdHW3gdUgVcSTxmxppO+AS/JuV +euym+zAz9OTi0mbFMjS0AqX0oGLFANeLlRhxP7xOoWj/fw8DC3cifwsUo0CTJPsA +EQEAAYkERAQYAQIADwUCVB26IAIbAgUJBaOagAIpCRAg0E5acTZgp8FdIAQZAQIA +BgUCVB26IAAKCRB1lO7Hs/fKyah/D/wJ3v4WdqGo7KgW0kmWfFVWZLKwtb+16gcy +6nIm7F7VUcODv+qRLA/4UUg72yabVCXnMBi/eEHtkVZWlB/+tzg643DiRvXTCZiw +oS5c6fTze55e/Z87qY7okf40aTR+qWuMgligI/LeXunr1Pu2jlJLMcUVh5QLxLZ8 +bDqpDgQM9zcdFmKQ/ofUnK7y6gYyUl2KYJDYi0alzjTm+73/S0Mc7z08Yp/s+dtK +PbU9imKCnNRkPTQpcwlYHWJv0YPQ0TdOkid6HJC7CmZEPH845D+qojAjYBPogNIj +/RaByaT3kN32zu8+jaZJSCnBM0l2lSh/qO7sQBZhqPX5pJDjjj7d/ATY7XxJCnK/ +2cZVSuVhMXPIFIAQG4ZYFUaQssjQKLN7BXJUo7+ec1AMkTiwDUocPza8h+fitcpO +sWWJWWvZvkSObbuPKGn7BgoTzEehO2Rz0QsNjgOa5SXxmc0zX7sbB1XiMxSe7gBZ +BOnYjhPVcidO3tWuM/jXGfZAL9ISq6Zf47ebXA7Y+6Bx3oquMgtSN10gbdoJvjqE +BJNN65wadvBP8+SrL+nWRGhsfmu8jupXdJe8h8ysXCboVkpXHuSu+lDjeL9WLqpw +c/XkaOy7B6PfwIRaYYHnsKs8ogvDuTRJPV4khizyt+A6aiQ1PQqxSKWGY+lzxbmB +kPhp5v1N5xrnD/9vdJggIMR16G7JVxSKMLw7pE45eXRR9x9HDlLAAYAY8w5spMDH +gJwrUvepDq8L12ttigGD+7GVb+3CgaLbI4Z3Mhrs55J0TWbLxvc0nuJYlxk1sF+U +B73fL4z9G5nI6rV+BWyM7BvrepKyyeXlluTstOsawI/3YQn2KH0ERqb7t1i0a+HI +3EBzpFTORQ7G6zycU6liAnWpWLlvTEefdBfsh8VssQAZFP5SRPDUiVORIT/YGDzH +OfuIaeCD9pPJ4guMS5DZUmwrAYbY9s1Yt/gFsddKH1pDh6jFdF0aYMDv66pyA2aO +7DmxdrNN05Mq3duly18AeWC8puQVzi5wTi5668RhMJFEK5YqixbE1sXgV/YXMmZ+ +JqDgWd177m1Cg5UnBUoBMXNVC69ZAP4TSq+hXZlrNhDNUmY2W4IsIg22ZSc/zPQW +1FogQD0WWGmt4nH2TiPT22yO6XpKSWgP4trGG7ArSsx8DfYHBOzwyyLJQv5lyB62 +RWqsZW4azM9IhxHOpr03zM6UmfFJ3Db8URNIHYfXCZteBGyWIilZ9+S59F2jc9M0 +Ard75N4RY/1/TVEDTgazvBNgD9oHQAmdXlglicn4jiR/zdsiUvxzXYfAwJ2wn93b +H36Mo/R9JLZoiNx9YlED1s/emsTzoSw8JiIA5V4aLnc8FdwY8Wa9cvZAAw== +=f2jS +-----END PGP PUBLIC KEY BLOCK----- diff --git a/cgit.spec b/cgit.spec index e9dd0f7..abad6fc 100644 --- a/cgit.spec +++ b/cgit.spec @@ -16,71 +16,67 @@ # -%define git_version 1.7.6.4 +%define git_version 2.4.0 Name: cgit -Version: 0.9.1 +Version: 0.11.2 Release: 0 Summary: A web frontend for git repositories Url: http://git.zx2c4.com/cgit/ License: GPL-2.0 -Group: Development/Libraries/C and C++ -Source0: %{name}-%{version}.tar.xz -Source1: git-%{git_version}.tar.gz -Source2: cgitrc -Patch: cgit-optflags.diff -Patch1: cgit-git-1.7.6_build_fix.patch -Patch3: cgit-fix-print-tree.diff -Patch4: cgit-fix-more-read_tree_recursive-invocations.diff -Patch5: cgit-CVE-2013-2117-disallow-directory-traversal.patch +Group: Development/Tools/Version Control + +#Git-Clone: git://git.zx2c4.com/cgit +Source: http://git.zx2c4.com/cgit/snapshot/%name-%version.tar.xz +Source2: https://www.kernel.org/pub/software/scm/git/git-%git_version.tar.xz +Source3: https://www.kernel.org/pub/software/scm/git/git-%git_version.tar.sign +Source4: %name.keyring +Source9: cgitrc +Patch0: cgit-optflags.diff # Requirements for cgit -BuildRequires: gnu-crypto libopenssl-devel libzip-devel +BuildRequires: gnu-crypto +BuildRequires: libopenssl-devel +BuildRequires: libzip-devel # Requirements for cgitrc man page generation -BuildRequires: asciidoc libxslt xz +BuildRequires: asciidoc +BuildRequires: libxslt +BuildRequires: xz BuildRoot: %{_tmppath}/%{name}-%{version}-build %description -This is an attempt to create a fast web interface for the git scm, using a -builtin cache to decrease server io-pressure. +This is an attempt to create a fast web interface for the Git SCM, using a +builtin cache to decrease server I/O pressue. Authors: -------- Lars Hjemli (hjemli@gmail.com) %prep -%setup -q -%setup -q -T -D -a 1 -%patch -p1 -%patch1 -p1 -%patch3 -%patch4 -%patch5 -p1 +%setup -qa2 +%patch0 -p1 rm -rf git -mv git-%{git_version} git +ln -s git-%git_version git %build -make V=1 %{?_smp_mflags} +make V=1 prefix="%_prefix" %{?_smp_mflags} %install -make install DESTDIR="%{buildroot}" CGIT_SCRIPT_PATH=/srv/www/htdocs/cgit -make install-man DESTDIR="%{buildroot}" +make install install-man DESTDIR="%buildroot" prefix="%_prefix" \ + CGIT_SCRIPT_PATH="/srv/www/htdocs/cgit" -mkdir -p "%{buildroot}"/srv/www/cgi-bin/cgit/ +mkdir -p "%buildroot/srv/www/cgi-bin/cgit/" mv "%{buildroot}"/srv/www/{htdocs,cgi-bin}/cgit/cgit.cgi mkdir -p "%{buildroot}"/etc -cp %{SOURCE2} "%{buildroot}"/etc/cgitrc +cp %{SOURCE9} "%{buildroot}"/etc/cgitrc %files %defattr(-,root,root) %doc README COPYING -%doc %{_mandir}/man5/cgitrc.5.gz -%dir /srv/www/htdocs/cgit -%dir /srv/www/cgi-bin/cgit -/srv/www/cgi-bin/cgit/cgit.cgi -/srv/www/htdocs/cgit/cgit.css -/srv/www/htdocs/cgit/cgit.png -/usr/lib/cgit +%_mandir/man5/cgitrc.5.gz +/srv/www/cgi-bin/cgit/ +/srv/www/htdocs/cgit/ +/usr/lib/cgit/ %config(noreplace) /etc/cgitrc %changelog diff --git a/git-1.7.6.4.tar.gz b/git-1.7.6.4.tar.gz deleted file mode 100644 index 4406297..0000000 --- a/git-1.7.6.4.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c95bb6fdfa8276a6cbc1c3150e56ce3dc2fc29a4bcecd9c246ab9df5d9638ec6 -size 3399093 diff --git a/git-2.4.0.tar.sign b/git-2.4.0.tar.sign new file mode 100644 index 0000000..9512502 Binary files /dev/null and b/git-2.4.0.tar.sign differ diff --git a/git-2.4.0.tar.xz b/git-2.4.0.tar.xz new file mode 100644 index 0000000..7c9d24f --- /dev/null +++ b/git-2.4.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b33438dd94659958a74850aacae4a2b3a626baec36d7f29c266130b08045bb24 +size 3681516