pool/cheat
SHA256
17
0
Fork 3
Code Issues Pull Requests Activity

Compare commits

merge into: pool:leap-16.1
Branches Tags
pool:factory pool:leap-16.0 pool:leap-16.1
...
pull from: pool:factory
Branches Tags
pool:factory pool:leap-16.0 pool:leap-16.1

8 Commits
leap-16.1 ... factory

Author SHA256 Message Date
Ana Guerrero
e8f7ed9227 Accepting request 1320299 from utilities 
OBS-URL: https://build.opensuse.org/request/show/1320299
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cheat?expand=0&rev=5
 2025-11-27 14:21:33 +00:00
Michael Vetter
5081763a68 For some reason changelog was forgotten 
OBS-URL: https://build.opensuse.org/package/show/utilities/cheat?expand=0&rev=15
 2025-11-27 08:37:59 +00:00
Michael Vetter
7087e87f5d - Security: 
* Replace golang.org/x/crypto=golang.org/x/crypto@v0.45.0
    Fixes CVE-2025-47913 (bsc#1253593),
          CVE-2025-58181 (bsc#1253922),
          CVE-2025-47914 (bsc#1254051)

OBS-URL: https://build.opensuse.org/package/show/utilities/cheat?expand=0&rev=14
 2025-11-26 17:55:12 +00:00
Ana Guerrero
fe1c7181bd Accepting request 1300995 from utilities 
OBS-URL: https://build.opensuse.org/request/show/1300995
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cheat?expand=0&rev=4
 2025-08-25 18:37:06 +00:00
Michael Vetter
b284749fa5 - Packaging improvements: 
* Drop Requires: golang-packaging. The recommended Go toolchain
    dependency expression is BuildRequires: golang(API) >= 1.x or
    optionally the metapackage BuildRequires: go
  * Use BuildRequires: golang(API) >= 1.19 matching go.mod
  * Build PIE with pattern that may become recommended procedure:
    %%ifnarch ppc64 GOFLAGS="-buildmode=pie" %%endif go build
    A go toolchain buildmode default config would be preferable
    but none exist at this time.
  * Drop mod=vendor, go1.14+ will detect vendor dir and auto-enable
  * Remove go build -o output binary location and name. Default
    binary has the same name as package of func main() and is
    placed in the top level of the build directory.
  * Add basic %check to execute binary --help

OBS-URL: https://build.opensuse.org/package/show/utilities/cheat?expand=0&rev=12
 2025-08-22 15:22:53 +00:00
Michael Vetter
3d9846b1c6 - Packaging improvements: 
* Service go_modules replace dependencies with CVEs
  * Replace github.com/cloudflare/circl=github.com/cloudflare/circl@v1.6.1
    Fix GO-2025-3754 GHSA-2x5j-vhc8-9cwm
  * Replace golang.org/x/net=golang.org/x/net@v0.36.0
    Fixes GO-2025-3503 CVE-2025-22870
  * Replace golang.org/x/crypto=golang.org/x/crypto@v0.35.0
    Fixes GO-2023-2402 CVE-2023-48795 GHSA-45x7-px36-x8w8
    Fixes GO-2025-3487 CVE-2025-22869
  * Replace github.com/go-git/go-git/v5=github.com/go-git/go-git/v5@v5.13.0
    Fixes GO-2025-3367 CVE-2025-21614 GHSA-r9px-m959-cxf4
    Fixes GO-2025-3368 CVE-2025-21613 GHSA-v725-9546-7q7m
  * Service tar_scm set mode manual from disabled
  * Service tar_scm create archive from git so we can exclude
    vendor directory upstream committed to git. Committed vendor
    directory contents have build issues even after go mod tidy.
  * Service tar_scm exclude dir vendor
  * Service set_version set mode manual from disabled
  * Service set_version remove param basename not needed

OBS-URL: https://build.opensuse.org/package/show/utilities/cheat?expand=0&rev=11
 2025-08-22 06:39:43 +00:00
Michael Vetter
bda4e81f54 Use go-git 5.13.0 via replace in _service 
OBS-URL: https://build.opensuse.org/package/show/utilities/cheat?expand=0&rev=10
 2025-08-21 13:15:33 +00:00
Michael Vetter
27221c02f9 - bsc#1247629 (CVE-2025-21613): 
Update go-git to 5.13
  Update vendor tarball and add cheat-CVE-2025-21613.patch

OBS-URL: https://build.opensuse.org/package/show/utilities/cheat?expand=0&rev=9
 2025-08-21 12:18:11 +00:00
5 changed files with 84 additions and 13 deletions
Expand all files Collapse all files

15
_service
View File

@@ -1,19 +1,24 @@
<services>
<service name="tar_scm" mode="disabled">
<service name="tar_scm" mode="manual">
<param name="url">https://github.com/cheat/cheat</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
<param name="exclude">vendor</param>
<param name="revision">4.4.2</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">v(.*)</param>
</service>
<service name="set_version" mode="disabled">
<param name="basename">cheat</param>
<service name="set_version" mode="manual">
</service>
<service name="recompress" mode="disabled">
<service name="recompress" mode="manual">
<param name="file">*.tar</param>
<param name="compression">gz</param>
</service>
<service name="go_modules" mode="disabled">
<service name="go_modules" mode="manual">
<param name="replace">github.com/cloudflare/circl=github.com/cloudflare/circl@v1.6.1</param>
<param name="replace">golang.org/x/net=golang.org/x/net@v0.47.0</param>
<param name="replace">golang.org/x/crypto=golang.org/x/crypto@v0.45.0</param>
<param name="replace">golang.org/x/sys=golang.org/x/sys@v0.38.0</param>
<param name="replace">github.com/go-git/go-git/v5=github.com/go-git/go-git/v5@v5.13.0</param>
</service>
</services>

4
cheat-4.4.2.tar.gz
View File

@@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:a7e92c1c31822496fa6240d8a4665e22b900fa885fc9c7f6c12389d0b6bffdf2
size 3165152
oid sha256:06cc200505033eb825ec918adfb728c80b780990bf6b7c2eec5813764a8077a3
size 44318

60
cheat.changes
View File

@@ -1,3 +1,63 @@
-------------------------------------------------------------------
Thu Nov 27 08:11:59 UTC 2025 - Witek Bedyk <witold.bedyk@suse.com>
- Security:
* CVE-2025-47913: Fix client process termination (bsc#1253593)
* CVE-2025-58181: Fix potential unbounded memory consumption
(bsc#1253922)
* CVE-2025-47914: Fix panic due to an out of bounds read
(bsc#1254051)
* Replace golang.org/x/crypto=golang.org/x/crypto@v0.45.0
* Replace golang.org/x/net=golang.org/x/net@v0.47.0
* Replace golang.org/x/sys=golang.org/x/sys@v0.38.0
-------------------------------------------------------------------
Fri Aug 22 13:12:32 UTC 2025 - Jeff Kowalczyk <jkowalczyk@suse.com>
- Packaging improvements:
* Drop Requires: golang-packaging. The recommended Go toolchain
dependency expression is BuildRequires: golang(API) >= 1.x or
optionally the metapackage BuildRequires: go
* Use BuildRequires: golang(API) >= 1.19 matching go.mod
* Build PIE with pattern that may become recommended procedure:
%%ifnarch ppc64 GOFLAGS="-buildmode=pie" %%endif go build
A go toolchain buildmode default config would be preferable
but none exist at this time.
* Drop mod=vendor, go1.14+ will detect vendor dir and auto-enable
* Remove go build -o output binary location and name. Default
binary has the same name as package of func main() and is
placed in the top level of the build directory.
* Add basic %check to execute binary --help
-------------------------------------------------------------------
Thu Aug 21 21:47:19 UTC 2025 - Jeff Kowalczyk <jkowalczyk@suse.com>
- Packaging improvements:
* Service go_modules replace dependencies with CVEs
* Replace github.com/cloudflare/circl=github.com/cloudflare/circl@v1.6.1
Fix GO-2025-3754 GHSA-2x5j-vhc8-9cwm
* Replace golang.org/x/net=golang.org/x/net@v0.36.0
Fixes GO-2025-3503 CVE-2025-22870
* Replace golang.org/x/crypto=golang.org/x/crypto@v0.35.0
Fixes GO-2023-2402 CVE-2023-48795 GHSA-45x7-px36-x8w8
Fixes GO-2025-3487 CVE-2025-22869
* Replace github.com/go-git/go-git/v5=github.com/go-git/go-git/v5@v5.13.0
Fixes GO-2025-3367 CVE-2025-21614 GHSA-r9px-m959-cxf4
Fixes GO-2025-3368 CVE-2025-21613 GHSA-v725-9546-7q7m
* Service tar_scm set mode manual from disabled
* Service tar_scm create archive from git so we can exclude
vendor directory upstream committed to git. Committed vendor
directory contents have build issues even after go mod tidy.
* Service tar_scm exclude dir vendor
* Service set_version set mode manual from disabled
* Service set_version remove param basename not needed
-------------------------------------------------------------------
Thu Aug 21 12:15:26 UTC 2025 - Michael Vetter <mvetter@suse.com>
- bsc#1247629 (CVE-2025-21613):
* Use go-git 5.13.0 via replace in _service
-------------------------------------------------------------------
Sat Dec 16 11:27:40 UTC 2023 - Michael Vetter <mvetter@suse.com>

14
cheat.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package cheat
#
# Copyright (c) 2023 SUSE LLC
# Copyright (c) 2025 SUSE LLC and contributors
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -25,16 +25,22 @@ Group: Productivity/Other
URL: https://github.com/cheat/cheat
Source: %{name}-%{version}.tar.gz
Source1: vendor.tar.gz
BuildRequires: golang-packaging
BuildRequires: golang(API) >= 1.24
%description
cheat allows you to create and view interactive cheatsheets on the command-line. It was designed to help remind *nix system administrators of options for commands that they use frequently, but not frequently enough to remember.
%prep
%setup -q -a 1
%autosetup -a 1
%build
go build -mod=vendor -buildmode=pie -o cheat ./cmd/cheat
%ifnarch ppc64
export GOFLAGS="-buildmode=pie"
%endif
go build ./cmd/%{name}
%check
./%{name} --help
%install
install -D -m0755 %{name} %{buildroot}%{_bindir}/%{name}

4
vendor.tar.gz
View File

@@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:d402260db778eef389d8e5d3519e4cbfc2c4a2b547fa19d2b96c48b734fb9552
size 3024687
oid sha256:d2c5c7a1af2a99b98074fe0e1b77dc312713b341f11e40b91dd9b8be102def8a
size 3296585