From 27221c02f9b498413938d91c22ab6132c104166d0a8792b43d27d28e8cea4846 Mon Sep 17 00:00:00 2001 From: Michael Vetter Date: Thu, 21 Aug 2025 12:18:11 +0000 Subject: [PATCH 1/6] - bsc#1247629 (CVE-2025-21613): Update go-git to 5.13 Update vendor tarball and add cheat-CVE-2025-21613.patch OBS-URL: https://build.opensuse.org/package/show/utilities/cheat?expand=0&rev=9 --- .gitattributes | 23 ++++++ .gitignore | 1 + _service | 19 +++++ cheat-4.4.2.tar.gz | 3 + cheat-CVE-2025-21613.patch | 160 +++++++++++++++++++++++++++++++++++++ cheat.changes | 39 +++++++++ cheat.spec | 48 +++++++++++ vendor.tar.gz | 3 + 8 files changed, 296 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 _service create mode 100644 cheat-4.4.2.tar.gz create mode 100644 cheat-CVE-2025-21613.patch create mode 100644 cheat.changes create mode 100644 cheat.spec create mode 100644 vendor.tar.gz diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/_service b/_service new file mode 100644 index 0000000..45389db --- /dev/null +++ b/_service @@ -0,0 +1,19 @@ + + + https://github.com/cheat/cheat + git + .git + 4.4.2 + @PARENT_TAG@ + v(.*) + + + cheat + + + *.tar + gz + + + + diff --git a/cheat-4.4.2.tar.gz b/cheat-4.4.2.tar.gz new file mode 100644 index 0000000..7047f49 --- /dev/null +++ b/cheat-4.4.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a7e92c1c31822496fa6240d8a4665e22b900fa885fc9c7f6c12389d0b6bffdf2 +size 3165152 diff --git a/cheat-CVE-2025-21613.patch b/cheat-CVE-2025-21613.patch new file mode 100644 index 0000000..ae55640 --- /dev/null +++ b/cheat-CVE-2025-21613.patch @@ -0,0 +1,160 @@ +Index: cheat-4.4.2/go.mod +=================================================================== +--- cheat-4.4.2.orig/go.mod ++++ cheat-4.4.2/go.mod +@@ -1,12 +1,14 @@ + module github.com/cheat/cheat + +-go 1.19 ++go 1.21 ++ ++toolchain go1.24.6 + + require ( + github.com/alecthomas/chroma/v2 v2.12.0 + github.com/davecgh/go-spew v1.1.1 + github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815 +- github.com/go-git/go-git/v5 v5.11.0 ++ github.com/go-git/go-git/v5 v5.13.0 + github.com/mattn/go-isatty v0.0.20 + github.com/mitchellh/go-homedir v1.1.0 + gopkg.in/yaml.v3 v3.0.1 +@@ -15,24 +17,25 @@ require ( + require ( + dario.cat/mergo v1.0.0 // indirect + github.com/Microsoft/go-winio v0.6.1 // indirect +- github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c // indirect +- github.com/cloudflare/circl v1.3.6 // indirect +- github.com/cyphar/filepath-securejoin v0.2.4 // indirect ++ github.com/ProtonMail/go-crypto v1.1.3 // indirect ++ github.com/cloudflare/circl v1.3.7 // indirect ++ github.com/cyphar/filepath-securejoin v0.2.5 // indirect + github.com/dlclark/regexp2 v1.10.0 // indirect + github.com/emirpasic/gods v1.18.1 // indirect + github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect +- github.com/go-git/go-billy/v5 v5.5.0 // indirect ++ github.com/go-git/go-billy/v5 v5.6.0 // indirect + github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect + github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect + github.com/kevinburke/ssh_config v1.2.0 // indirect + github.com/pjbgf/sha1cd v0.3.0 // indirect +- github.com/sergi/go-diff v1.3.1 // indirect +- github.com/skeema/knownhosts v1.2.1 // indirect ++ github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect ++ github.com/skeema/knownhosts v1.3.0 // indirect + github.com/xanzy/ssh-agent v0.3.3 // indirect +- golang.org/x/crypto v0.16.0 // indirect +- golang.org/x/mod v0.14.0 // indirect +- golang.org/x/net v0.19.0 // indirect +- golang.org/x/sys v0.15.0 // indirect +- golang.org/x/tools v0.16.1 // indirect ++ golang.org/x/crypto v0.31.0 // indirect ++ golang.org/x/mod v0.17.0 // indirect ++ golang.org/x/net v0.33.0 // indirect ++ golang.org/x/sync v0.10.0 // indirect ++ golang.org/x/sys v0.28.0 // indirect ++ golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect + gopkg.in/warnings.v0 v0.1.2 // indirect + ) +Index: cheat-4.4.2/go.sum +=================================================================== +--- cheat-4.4.2.orig/go.sum ++++ cheat-4.4.2/go.sum +@@ -5,6 +5,8 @@ github.com/Microsoft/go-winio v0.6.1 h1: + github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= + github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c h1:kMFnB0vCcX7IL/m9Y5LO+KQYv+t1CQOiFe6+SV2J7bE= + github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= ++github.com/ProtonMail/go-crypto v1.1.3 h1:nRBOetoydLeUb4nHajyO2bKqMLfWQ/ZPwkXqXxPxCFk= ++github.com/ProtonMail/go-crypto v1.1.3/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= + github.com/alecthomas/assert/v2 v2.2.1 h1:XivOgYcduV98QCahG8T5XTezV5bylXe+lBxLG2K2ink= + github.com/alecthomas/chroma/v2 v2.12.0 h1:Wh8qLEgMMsN7mgyG8/qIpegky2Hvzr4By6gEF7cmWgw= + github.com/alecthomas/chroma/v2 v2.12.0/go.mod h1:4TQu7gdfuPjSh76j78ietmqh9LiurGF0EpseFXdKMBw= +@@ -15,8 +17,12 @@ github.com/bwesterb/go-ristretto v1.2.3/ + github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= + github.com/cloudflare/circl v1.3.6 h1:/xbKIqSHbZXHwkhbrhrt2YOHIwYJlXH94E3tI/gDlUg= + github.com/cloudflare/circl v1.3.6/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= ++github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU= ++github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA= + github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg= + github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= ++github.com/cyphar/filepath-securejoin v0.2.5 h1:6iR5tXJ/e6tJZzzdMc1km3Sa7RRIVBKAK32O2s7AYfo= ++github.com/cyphar/filepath-securejoin v0.2.5/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= + github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= + github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= + github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +@@ -32,9 +38,13 @@ github.com/go-git/gcfg v1.5.1-0.20230307 + github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic= + github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+mTU= + github.com/go-git/go-billy/v5 v5.5.0/go.mod h1:hmexnoNsr2SJU1Ju67OaNz5ASJY3+sHgFRpCtpDCKow= ++github.com/go-git/go-billy/v5 v5.6.0 h1:w2hPNtoehvJIxR00Vb4xX94qHQi/ApZfX+nBE2Cjio8= ++github.com/go-git/go-billy/v5 v5.6.0/go.mod h1:sFDq7xD3fn3E0GOwUSZqHo9lrkmx8xJhA0ZrfvjBRGM= + github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4= + github.com/go-git/go-git/v5 v5.11.0 h1:XIZc1p+8YzypNr34itUfSvYJcv+eYdTnTvOZ2vD3cA4= + github.com/go-git/go-git/v5 v5.11.0/go.mod h1:6GFcX2P3NM7FPBfpePbpLd21XxsgdAt+lKqXmCUiUCY= ++github.com/go-git/go-git/v5 v5.13.0 h1:vLn5wlGIh/X78El6r3Jr+30W16Blk0CTcxTYcYPWi5E= ++github.com/go-git/go-git/v5 v5.13.0/go.mod h1:Wjo7/JyVKtQgUNdXYXIepzWfJQkUEIGvkvVkiXRR/zw= + github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= + github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= + github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +@@ -62,9 +72,13 @@ github.com/pmezard/go-difflib v1.0.0/go. + github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= + github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8= + github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I= ++github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8= ++github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4= + github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= + github.com/skeema/knownhosts v1.2.1 h1:SHWdIUa82uGZz+F+47k8SY4QhhI291cXCpopT1lK2AQ= + github.com/skeema/knownhosts v1.2.1/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo= ++github.com/skeema/knownhosts v1.3.0 h1:AM+y0rI04VksttfwjkSTNQorvGqmwATnvnAHpSgc0LY= ++github.com/skeema/knownhosts v1.3.0/go.mod h1:sPINvnADmT/qYH1kfv+ePMmOBTH6Tbl7b5LvTDjFK7M= + github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= + github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= + github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +@@ -79,10 +93,14 @@ golang.org/x/crypto v0.3.1-0.20221117191 + golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= + golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY= + golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= ++golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= ++golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= + golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= + golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= + golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= + golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= ++golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA= ++golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= + golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= + golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= + golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +@@ -92,10 +110,14 @@ golang.org/x/net v0.6.0/go.mod h1:2Tu9+a + golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= + golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c= + golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= ++golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= ++golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= + golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= + golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= + golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= + golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE= ++golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= ++golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= + golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= + golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= + golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +@@ -111,6 +133,8 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1 + golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= + golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= + golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= ++golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= ++golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= + golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= + golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= + golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= +@@ -131,6 +155,8 @@ golang.org/x/tools v0.1.12/go.mod h1:hNG + golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= + golang.org/x/tools v0.16.1 h1:TLyB3WofjdOEepBHAU20JdNC1Zbg87elYofWYAY5oZA= + golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0= ++golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg= ++golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= + golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= + gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= + gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/cheat.changes b/cheat.changes new file mode 100644 index 0000000..73893a0 --- /dev/null +++ b/cheat.changes @@ -0,0 +1,39 @@ +------------------------------------------------------------------- +Thu Aug 21 12:15:26 UTC 2025 - Michael Vetter + +- bsc#1247629 (CVE-2025-21613): + Update go-git to 5.13 + Update vendor tarball and add cheat-CVE-2025-21613.patch + +------------------------------------------------------------------- +Sat Dec 16 11:27:40 UTC 2023 - Michael Vetter + +- Update to 4.4.2: + * Bump chroma to newest version + * Remove plan9 support due to build failure + * Upgrade to yaml.v3 + +------------------------------------------------------------------- +Wed Dec 13 15:27:03 UTC 2023 - Michael Vetter + +- Update to 4.4.1: + * Update dependencies + * Make minor changes to appease revive (linter) + +------------------------------------------------------------------- +Mon Jan 16 10:58:53 UTC 2023 - Michael Vetter + +- Remove dependency on pandoc: + Upsteam ships a man page. Lets assume they update it upon each + release and take it without generating ourselves + +------------------------------------------------------------------- +Fri Jan 13 08:37:40 UTC 2023 - Michael Vetter + +- Only build manpage using pandoc when on x86_64. + Pandoc seems to not be available on all archs. + +------------------------------------------------------------------- +Tue Jan 10 07:39:38 UTC 2023 - Michael Vetter + +- Initial package of cheat 4.4.0 for openSUSE diff --git a/cheat.spec b/cheat.spec new file mode 100644 index 0000000..8e5b295 --- /dev/null +++ b/cheat.spec @@ -0,0 +1,48 @@ +# +# spec file for package cheat +# +# Copyright (c) 2025 SUSE LLC and contributors +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +Name: cheat +Version: 4.4.2 +Release: 0 +Summary: Allows you to create and view interactive cheatsheets on the command-line +License: MIT +Group: Productivity/Other +URL: https://github.com/cheat/cheat +Source: %{name}-%{version}.tar.gz +Source1: vendor.tar.gz +Patch0: cheat-CVE-2025-21613.patch +BuildRequires: golang-packaging + +%description +cheat allows you to create and view interactive cheatsheets on the command-line. It was designed to help remind *nix system administrators of options for commands that they use frequently, but not frequently enough to remember. + +%prep +%autosetup -a 1 + +%build +go build -mod=vendor -buildmode=pie -o cheat ./cmd/cheat + +%install +install -D -m0755 %{name} %{buildroot}%{_bindir}/%{name} +install -Dm644 "doc/%{name}.1" -t "%{buildroot}%{_mandir}/man1/" + +%files +%{_bindir}/%{name} +%{_mandir}/man1/cheat.1%{?ext_man} + +%changelog diff --git a/vendor.tar.gz b/vendor.tar.gz new file mode 100644 index 0000000..57e4c42 --- /dev/null +++ b/vendor.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d955c41d63b98ab471d7e4ab74f0e934592b5ad338be241f56cead4f2a8f89c6 +size 3608018 -- 2.51.1 From bda4e81f5419fd08d5606c67c373517ee3e33d197ad0ea8aeba96b236673e336 Mon Sep 17 00:00:00 2001 From: Michael Vetter Date: Thu, 21 Aug 2025 13:15:33 +0000 Subject: [PATCH 2/6] Use go-git 5.13.0 via replace in _service OBS-URL: https://build.opensuse.org/package/show/utilities/cheat?expand=0&rev=10 --- _service | 3 +- cheat-4.4.2.tar.gz | 4 +- cheat-CVE-2025-21613.patch | 160 ------------------------------------- cheat.changes | 3 +- cheat.spec | 1 - vendor.tar.gz | 4 +- 6 files changed, 7 insertions(+), 168 deletions(-) delete mode 100644 cheat-CVE-2025-21613.patch diff --git a/_service b/_service index 45389db..6c802ae 100644 --- a/_service +++ b/_service @@ -14,6 +14,7 @@ *.tar gz - + + github.com/go-git/go-git/v5=github.com/go-git/go-git/v5@v5.13.0 diff --git a/cheat-4.4.2.tar.gz b/cheat-4.4.2.tar.gz index 7047f49..88db64e 100644 --- a/cheat-4.4.2.tar.gz +++ b/cheat-4.4.2.tar.gz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:a7e92c1c31822496fa6240d8a4665e22b900fa885fc9c7f6c12389d0b6bffdf2 -size 3165152 +oid sha256:84a2e5f7167c31f5f1f56c4dced433966d312eafe6e7b0e46dadf5d5df076224 +size 3163618 diff --git a/cheat-CVE-2025-21613.patch b/cheat-CVE-2025-21613.patch deleted file mode 100644 index ae55640..0000000 --- a/cheat-CVE-2025-21613.patch +++ /dev/null @@ -1,160 +0,0 @@ -Index: cheat-4.4.2/go.mod -=================================================================== ---- cheat-4.4.2.orig/go.mod -+++ cheat-4.4.2/go.mod -@@ -1,12 +1,14 @@ - module github.com/cheat/cheat - --go 1.19 -+go 1.21 -+ -+toolchain go1.24.6 - - require ( - github.com/alecthomas/chroma/v2 v2.12.0 - github.com/davecgh/go-spew v1.1.1 - github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815 -- github.com/go-git/go-git/v5 v5.11.0 -+ github.com/go-git/go-git/v5 v5.13.0 - github.com/mattn/go-isatty v0.0.20 - github.com/mitchellh/go-homedir v1.1.0 - gopkg.in/yaml.v3 v3.0.1 -@@ -15,24 +17,25 @@ require ( - require ( - dario.cat/mergo v1.0.0 // indirect - github.com/Microsoft/go-winio v0.6.1 // indirect -- github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c // indirect -- github.com/cloudflare/circl v1.3.6 // indirect -- github.com/cyphar/filepath-securejoin v0.2.4 // indirect -+ github.com/ProtonMail/go-crypto v1.1.3 // indirect -+ github.com/cloudflare/circl v1.3.7 // indirect -+ github.com/cyphar/filepath-securejoin v0.2.5 // indirect - github.com/dlclark/regexp2 v1.10.0 // indirect - github.com/emirpasic/gods v1.18.1 // indirect - github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect -- github.com/go-git/go-billy/v5 v5.5.0 // indirect -+ github.com/go-git/go-billy/v5 v5.6.0 // indirect - github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect - github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect - github.com/kevinburke/ssh_config v1.2.0 // indirect - github.com/pjbgf/sha1cd v0.3.0 // indirect -- github.com/sergi/go-diff v1.3.1 // indirect -- github.com/skeema/knownhosts v1.2.1 // indirect -+ github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect -+ github.com/skeema/knownhosts v1.3.0 // indirect - github.com/xanzy/ssh-agent v0.3.3 // indirect -- golang.org/x/crypto v0.16.0 // indirect -- golang.org/x/mod v0.14.0 // indirect -- golang.org/x/net v0.19.0 // indirect -- golang.org/x/sys v0.15.0 // indirect -- golang.org/x/tools v0.16.1 // indirect -+ golang.org/x/crypto v0.31.0 // indirect -+ golang.org/x/mod v0.17.0 // indirect -+ golang.org/x/net v0.33.0 // indirect -+ golang.org/x/sync v0.10.0 // indirect -+ golang.org/x/sys v0.28.0 // indirect -+ golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect - gopkg.in/warnings.v0 v0.1.2 // indirect - ) -Index: cheat-4.4.2/go.sum -=================================================================== ---- cheat-4.4.2.orig/go.sum -+++ cheat-4.4.2/go.sum -@@ -5,6 +5,8 @@ github.com/Microsoft/go-winio v0.6.1 h1: - github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= - github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c h1:kMFnB0vCcX7IL/m9Y5LO+KQYv+t1CQOiFe6+SV2J7bE= - github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= -+github.com/ProtonMail/go-crypto v1.1.3 h1:nRBOetoydLeUb4nHajyO2bKqMLfWQ/ZPwkXqXxPxCFk= -+github.com/ProtonMail/go-crypto v1.1.3/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= - github.com/alecthomas/assert/v2 v2.2.1 h1:XivOgYcduV98QCahG8T5XTezV5bylXe+lBxLG2K2ink= - github.com/alecthomas/chroma/v2 v2.12.0 h1:Wh8qLEgMMsN7mgyG8/qIpegky2Hvzr4By6gEF7cmWgw= - github.com/alecthomas/chroma/v2 v2.12.0/go.mod h1:4TQu7gdfuPjSh76j78ietmqh9LiurGF0EpseFXdKMBw= -@@ -15,8 +17,12 @@ github.com/bwesterb/go-ristretto v1.2.3/ - github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= - github.com/cloudflare/circl v1.3.6 h1:/xbKIqSHbZXHwkhbrhrt2YOHIwYJlXH94E3tI/gDlUg= - github.com/cloudflare/circl v1.3.6/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= -+github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU= -+github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA= - github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg= - github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= -+github.com/cyphar/filepath-securejoin v0.2.5 h1:6iR5tXJ/e6tJZzzdMc1km3Sa7RRIVBKAK32O2s7AYfo= -+github.com/cyphar/filepath-securejoin v0.2.5/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= - github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= - github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= - github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -@@ -32,9 +38,13 @@ github.com/go-git/gcfg v1.5.1-0.20230307 - github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic= - github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+mTU= - github.com/go-git/go-billy/v5 v5.5.0/go.mod h1:hmexnoNsr2SJU1Ju67OaNz5ASJY3+sHgFRpCtpDCKow= -+github.com/go-git/go-billy/v5 v5.6.0 h1:w2hPNtoehvJIxR00Vb4xX94qHQi/ApZfX+nBE2Cjio8= -+github.com/go-git/go-billy/v5 v5.6.0/go.mod h1:sFDq7xD3fn3E0GOwUSZqHo9lrkmx8xJhA0ZrfvjBRGM= - github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4= - github.com/go-git/go-git/v5 v5.11.0 h1:XIZc1p+8YzypNr34itUfSvYJcv+eYdTnTvOZ2vD3cA4= - github.com/go-git/go-git/v5 v5.11.0/go.mod h1:6GFcX2P3NM7FPBfpePbpLd21XxsgdAt+lKqXmCUiUCY= -+github.com/go-git/go-git/v5 v5.13.0 h1:vLn5wlGIh/X78El6r3Jr+30W16Blk0CTcxTYcYPWi5E= -+github.com/go-git/go-git/v5 v5.13.0/go.mod h1:Wjo7/JyVKtQgUNdXYXIepzWfJQkUEIGvkvVkiXRR/zw= - github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= - github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= - github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= -@@ -62,9 +72,13 @@ github.com/pmezard/go-difflib v1.0.0/go. - github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= - github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8= - github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I= -+github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8= -+github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4= - github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= - github.com/skeema/knownhosts v1.2.1 h1:SHWdIUa82uGZz+F+47k8SY4QhhI291cXCpopT1lK2AQ= - github.com/skeema/knownhosts v1.2.1/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo= -+github.com/skeema/knownhosts v1.3.0 h1:AM+y0rI04VksttfwjkSTNQorvGqmwATnvnAHpSgc0LY= -+github.com/skeema/knownhosts v1.3.0/go.mod h1:sPINvnADmT/qYH1kfv+ePMmOBTH6Tbl7b5LvTDjFK7M= - github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= - github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= - github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= -@@ -79,10 +93,14 @@ golang.org/x/crypto v0.3.1-0.20221117191 - golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= - golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY= - golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= -+golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= -+golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= - golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= - golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= - golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= - golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -+golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA= -+golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= - golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= - golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= - golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -@@ -92,10 +110,14 @@ golang.org/x/net v0.6.0/go.mod h1:2Tu9+a - golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= - golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c= - golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= -+golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= -+golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= - golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= - golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= - golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= - golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE= -+golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= -+golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= - golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= - golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= - golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -@@ -111,6 +133,8 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1 - golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= - golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= - golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -+golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= -+golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= - golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= - golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= - golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= -@@ -131,6 +155,8 @@ golang.org/x/tools v0.1.12/go.mod h1:hNG - golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= - golang.org/x/tools v0.16.1 h1:TLyB3WofjdOEepBHAU20JdNC1Zbg87elYofWYAY5oZA= - golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0= -+golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg= -+golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= - golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= - gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= - gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/cheat.changes b/cheat.changes index 73893a0..7541c4b 100644 --- a/cheat.changes +++ b/cheat.changes @@ -2,8 +2,7 @@ Thu Aug 21 12:15:26 UTC 2025 - Michael Vetter - bsc#1247629 (CVE-2025-21613): - Update go-git to 5.13 - Update vendor tarball and add cheat-CVE-2025-21613.patch + Use go-git 5.13.0 via replace in _service ------------------------------------------------------------------- Sat Dec 16 11:27:40 UTC 2023 - Michael Vetter diff --git a/cheat.spec b/cheat.spec index 8e5b295..451dbc6 100644 --- a/cheat.spec +++ b/cheat.spec @@ -25,7 +25,6 @@ Group: Productivity/Other URL: https://github.com/cheat/cheat Source: %{name}-%{version}.tar.gz Source1: vendor.tar.gz -Patch0: cheat-CVE-2025-21613.patch BuildRequires: golang-packaging %description diff --git a/vendor.tar.gz b/vendor.tar.gz index 57e4c42..c0de99e 100644 --- a/vendor.tar.gz +++ b/vendor.tar.gz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:d955c41d63b98ab471d7e4ab74f0e934592b5ad338be241f56cead4f2a8f89c6 -size 3608018 +oid sha256:56b4050e466c3d031e42cd24c6e63b59e3dd24dd309f9f4825e99ea86a8abbcd +size 3214283 -- 2.51.1 From 3d9846b1c61865acf8e13a4dc5f2b034a3c03d45c94bb641d5e6706dcb58f48b Mon Sep 17 00:00:00 2001 From: Michael Vetter Date: Fri, 22 Aug 2025 06:39:43 +0000 Subject: [PATCH 3/6] - Packaging improvements: * Service go_modules replace dependencies with CVEs * Replace github.com/cloudflare/circl=github.com/cloudflare/circl@v1.6.1 Fix GO-2025-3754 GHSA-2x5j-vhc8-9cwm * Replace golang.org/x/net=golang.org/x/net@v0.36.0 Fixes GO-2025-3503 CVE-2025-22870 * Replace golang.org/x/crypto=golang.org/x/crypto@v0.35.0 Fixes GO-2023-2402 CVE-2023-48795 GHSA-45x7-px36-x8w8 Fixes GO-2025-3487 CVE-2025-22869 * Replace github.com/go-git/go-git/v5=github.com/go-git/go-git/v5@v5.13.0 Fixes GO-2025-3367 CVE-2025-21614 GHSA-r9px-m959-cxf4 Fixes GO-2025-3368 CVE-2025-21613 GHSA-v725-9546-7q7m * Service tar_scm set mode manual from disabled * Service tar_scm create archive from git so we can exclude vendor directory upstream committed to git. Committed vendor directory contents have build issues even after go mod tidy. * Service tar_scm exclude dir vendor * Service set_version set mode manual from disabled * Service set_version remove param basename not needed OBS-URL: https://build.opensuse.org/package/show/utilities/cheat?expand=0&rev=11 --- _service | 11 +++++++---- cheat-4.4.2.tar.gz | 4 ++-- cheat.changes | 25 ++++++++++++++++++++++++- vendor.tar.gz | 4 ++-- 4 files changed, 35 insertions(+), 9 deletions(-) diff --git a/_service b/_service index 6c802ae..7f42f0a 100644 --- a/_service +++ b/_service @@ -1,20 +1,23 @@ - + https://github.com/cheat/cheat git .git + vendor 4.4.2 @PARENT_TAG@ v(.*) - - cheat + - + *.tar gz + github.com/cloudflare/circl=github.com/cloudflare/circl@v1.6.1 + golang.org/x/net=golang.org/x/net@v0.36.0 + golang.org/x/crypto=golang.org/x/crypto@v0.35.0 github.com/go-git/go-git/v5=github.com/go-git/go-git/v5@v5.13.0 diff --git a/cheat-4.4.2.tar.gz b/cheat-4.4.2.tar.gz index 88db64e..1a1ce28 100644 --- a/cheat-4.4.2.tar.gz +++ b/cheat-4.4.2.tar.gz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:84a2e5f7167c31f5f1f56c4dced433966d312eafe6e7b0e46dadf5d5df076224 -size 3163618 +oid sha256:06cc200505033eb825ec918adfb728c80b780990bf6b7c2eec5813764a8077a3 +size 44318 diff --git a/cheat.changes b/cheat.changes index 7541c4b..adfb341 100644 --- a/cheat.changes +++ b/cheat.changes @@ -1,8 +1,31 @@ +------------------------------------------------------------------- +Thu Aug 21 21:47:19 UTC 2025 - Jeff Kowalczyk + +- Packaging improvements: + * Service go_modules replace dependencies with CVEs + * Replace github.com/cloudflare/circl=github.com/cloudflare/circl@v1.6.1 + Fix GO-2025-3754 GHSA-2x5j-vhc8-9cwm + * Replace golang.org/x/net=golang.org/x/net@v0.36.0 + Fixes GO-2025-3503 CVE-2025-22870 + * Replace golang.org/x/crypto=golang.org/x/crypto@v0.35.0 + Fixes GO-2023-2402 CVE-2023-48795 GHSA-45x7-px36-x8w8 + Fixes GO-2025-3487 CVE-2025-22869 + * Replace github.com/go-git/go-git/v5=github.com/go-git/go-git/v5@v5.13.0 + Fixes GO-2025-3367 CVE-2025-21614 GHSA-r9px-m959-cxf4 + Fixes GO-2025-3368 CVE-2025-21613 GHSA-v725-9546-7q7m + * Service tar_scm set mode manual from disabled + * Service tar_scm create archive from git so we can exclude + vendor directory upstream committed to git. Committed vendor + directory contents have build issues even after go mod tidy. + * Service tar_scm exclude dir vendor + * Service set_version set mode manual from disabled + * Service set_version remove param basename not needed + ------------------------------------------------------------------- Thu Aug 21 12:15:26 UTC 2025 - Michael Vetter - bsc#1247629 (CVE-2025-21613): - Use go-git 5.13.0 via replace in _service + * Use go-git 5.13.0 via replace in _service ------------------------------------------------------------------- Sat Dec 16 11:27:40 UTC 2023 - Michael Vetter diff --git a/vendor.tar.gz b/vendor.tar.gz index c0de99e..bc16265 100644 --- a/vendor.tar.gz +++ b/vendor.tar.gz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:56b4050e466c3d031e42cd24c6e63b59e3dd24dd309f9f4825e99ea86a8abbcd -size 3214283 +oid sha256:e1df9aeb0b6e896a1492704a9247a871500b5891517942ca8333eca05842a1c6 +size 3223254 -- 2.51.1 From b284749fa5d755191914466b2106293e22cf8c44875896cd0ab2b7154d3313ca Mon Sep 17 00:00:00 2001 From: Michael Vetter Date: Fri, 22 Aug 2025 15:22:53 +0000 Subject: [PATCH 4/6] - Packaging improvements: * Drop Requires: golang-packaging. The recommended Go toolchain dependency expression is BuildRequires: golang(API) >= 1.x or optionally the metapackage BuildRequires: go * Use BuildRequires: golang(API) >= 1.19 matching go.mod * Build PIE with pattern that may become recommended procedure: %%ifnarch ppc64 GOFLAGS="-buildmode=pie" %%endif go build A go toolchain buildmode default config would be preferable but none exist at this time. * Drop mod=vendor, go1.14+ will detect vendor dir and auto-enable * Remove go build -o output binary location and name. Default binary has the same name as package of func main() and is placed in the top level of the build directory. * Add basic %check to execute binary --help OBS-URL: https://build.opensuse.org/package/show/utilities/cheat?expand=0&rev=12 --- cheat.changes | 18 ++++++++++++++++++ cheat.spec | 10 ++++++++-- 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/cheat.changes b/cheat.changes index adfb341..9bf9c61 100644 --- a/cheat.changes +++ b/cheat.changes @@ -1,3 +1,21 @@ +------------------------------------------------------------------- +Fri Aug 22 13:12:32 UTC 2025 - Jeff Kowalczyk + +- Packaging improvements: + * Drop Requires: golang-packaging. The recommended Go toolchain + dependency expression is BuildRequires: golang(API) >= 1.x or + optionally the metapackage BuildRequires: go + * Use BuildRequires: golang(API) >= 1.19 matching go.mod + * Build PIE with pattern that may become recommended procedure: + %%ifnarch ppc64 GOFLAGS="-buildmode=pie" %%endif go build + A go toolchain buildmode default config would be preferable + but none exist at this time. + * Drop mod=vendor, go1.14+ will detect vendor dir and auto-enable + * Remove go build -o output binary location and name. Default + binary has the same name as package of func main() and is + placed in the top level of the build directory. + * Add basic %check to execute binary --help + ------------------------------------------------------------------- Thu Aug 21 21:47:19 UTC 2025 - Jeff Kowalczyk diff --git a/cheat.spec b/cheat.spec index 451dbc6..8004504 100644 --- a/cheat.spec +++ b/cheat.spec @@ -25,7 +25,7 @@ Group: Productivity/Other URL: https://github.com/cheat/cheat Source: %{name}-%{version}.tar.gz Source1: vendor.tar.gz -BuildRequires: golang-packaging +BuildRequires: golang(API) >= 1.19 %description cheat allows you to create and view interactive cheatsheets on the command-line. It was designed to help remind *nix system administrators of options for commands that they use frequently, but not frequently enough to remember. @@ -34,7 +34,13 @@ cheat allows you to create and view interactive cheatsheets on the command-line. %autosetup -a 1 %build -go build -mod=vendor -buildmode=pie -o cheat ./cmd/cheat +%ifnarch ppc64 +export GOFLAGS="-buildmode=pie" +%endif +go build ./cmd/%{name} + +%check +./%{name} --help %install install -D -m0755 %{name} %{buildroot}%{_bindir}/%{name} -- 2.51.1 From 7087e87f5d5fd31d5c747be0e35395fb13d2eec7e1629d19b31f495b7ef33d84 Mon Sep 17 00:00:00 2001 From: Michael Vetter Date: Wed, 26 Nov 2025 17:55:12 +0000 Subject: [PATCH 5/6] - Security: * Replace golang.org/x/crypto=golang.org/x/crypto@v0.45.0 Fixes CVE-2025-47913 (bsc#1253593), CVE-2025-58181 (bsc#1253922), CVE-2025-47914 (bsc#1254051) OBS-URL: https://build.opensuse.org/package/show/utilities/cheat?expand=0&rev=14 --- .gitattributes | 23 ++++++++++++++ .gitignore | 1 + _service | 24 ++++++++++++++ cheat-4.4.2.tar.gz | 3 ++ cheat.changes | 79 ++++++++++++++++++++++++++++++++++++++++++++++ cheat.spec | 53 +++++++++++++++++++++++++++++++ vendor.tar.gz | 3 ++ 7 files changed, 186 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 _service create mode 100644 cheat-4.4.2.tar.gz create mode 100644 cheat.changes create mode 100644 cheat.spec create mode 100644 vendor.tar.gz diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/_service b/_service new file mode 100644 index 0000000..8a90918 --- /dev/null +++ b/_service @@ -0,0 +1,24 @@ + + + https://github.com/cheat/cheat + git + .git + vendor + 4.4.2 + @PARENT_TAG@ + v(.*) + + + + + *.tar + gz + + + github.com/cloudflare/circl=github.com/cloudflare/circl@v1.6.1 + golang.org/x/net=golang.org/x/net@v0.47.0 + golang.org/x/crypto=golang.org/x/crypto@v0.45.0 + golang.org/x/sys=golang.org/x/sys@v0.38.0 + github.com/go-git/go-git/v5=github.com/go-git/go-git/v5@v5.13.0 + + diff --git a/cheat-4.4.2.tar.gz b/cheat-4.4.2.tar.gz new file mode 100644 index 0000000..1a1ce28 --- /dev/null +++ b/cheat-4.4.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:06cc200505033eb825ec918adfb728c80b780990bf6b7c2eec5813764a8077a3 +size 44318 diff --git a/cheat.changes b/cheat.changes new file mode 100644 index 0000000..9bf9c61 --- /dev/null +++ b/cheat.changes @@ -0,0 +1,79 @@ +------------------------------------------------------------------- +Fri Aug 22 13:12:32 UTC 2025 - Jeff Kowalczyk + +- Packaging improvements: + * Drop Requires: golang-packaging. The recommended Go toolchain + dependency expression is BuildRequires: golang(API) >= 1.x or + optionally the metapackage BuildRequires: go + * Use BuildRequires: golang(API) >= 1.19 matching go.mod + * Build PIE with pattern that may become recommended procedure: + %%ifnarch ppc64 GOFLAGS="-buildmode=pie" %%endif go build + A go toolchain buildmode default config would be preferable + but none exist at this time. + * Drop mod=vendor, go1.14+ will detect vendor dir and auto-enable + * Remove go build -o output binary location and name. Default + binary has the same name as package of func main() and is + placed in the top level of the build directory. + * Add basic %check to execute binary --help + +------------------------------------------------------------------- +Thu Aug 21 21:47:19 UTC 2025 - Jeff Kowalczyk + +- Packaging improvements: + * Service go_modules replace dependencies with CVEs + * Replace github.com/cloudflare/circl=github.com/cloudflare/circl@v1.6.1 + Fix GO-2025-3754 GHSA-2x5j-vhc8-9cwm + * Replace golang.org/x/net=golang.org/x/net@v0.36.0 + Fixes GO-2025-3503 CVE-2025-22870 + * Replace golang.org/x/crypto=golang.org/x/crypto@v0.35.0 + Fixes GO-2023-2402 CVE-2023-48795 GHSA-45x7-px36-x8w8 + Fixes GO-2025-3487 CVE-2025-22869 + * Replace github.com/go-git/go-git/v5=github.com/go-git/go-git/v5@v5.13.0 + Fixes GO-2025-3367 CVE-2025-21614 GHSA-r9px-m959-cxf4 + Fixes GO-2025-3368 CVE-2025-21613 GHSA-v725-9546-7q7m + * Service tar_scm set mode manual from disabled + * Service tar_scm create archive from git so we can exclude + vendor directory upstream committed to git. Committed vendor + directory contents have build issues even after go mod tidy. + * Service tar_scm exclude dir vendor + * Service set_version set mode manual from disabled + * Service set_version remove param basename not needed + +------------------------------------------------------------------- +Thu Aug 21 12:15:26 UTC 2025 - Michael Vetter + +- bsc#1247629 (CVE-2025-21613): + * Use go-git 5.13.0 via replace in _service + +------------------------------------------------------------------- +Sat Dec 16 11:27:40 UTC 2023 - Michael Vetter + +- Update to 4.4.2: + * Bump chroma to newest version + * Remove plan9 support due to build failure + * Upgrade to yaml.v3 + +------------------------------------------------------------------- +Wed Dec 13 15:27:03 UTC 2023 - Michael Vetter + +- Update to 4.4.1: + * Update dependencies + * Make minor changes to appease revive (linter) + +------------------------------------------------------------------- +Mon Jan 16 10:58:53 UTC 2023 - Michael Vetter + +- Remove dependency on pandoc: + Upsteam ships a man page. Lets assume they update it upon each + release and take it without generating ourselves + +------------------------------------------------------------------- +Fri Jan 13 08:37:40 UTC 2023 - Michael Vetter + +- Only build manpage using pandoc when on x86_64. + Pandoc seems to not be available on all archs. + +------------------------------------------------------------------- +Tue Jan 10 07:39:38 UTC 2023 - Michael Vetter + +- Initial package of cheat 4.4.0 for openSUSE diff --git a/cheat.spec b/cheat.spec new file mode 100644 index 0000000..5a829f3 --- /dev/null +++ b/cheat.spec @@ -0,0 +1,53 @@ +# +# spec file for package cheat +# +# Copyright (c) 2025 SUSE LLC and contributors +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +Name: cheat +Version: 4.4.2 +Release: 0 +Summary: Allows you to create and view interactive cheatsheets on the command-line +License: MIT +Group: Productivity/Other +URL: https://github.com/cheat/cheat +Source: %{name}-%{version}.tar.gz +Source1: vendor.tar.gz +BuildRequires: golang(API) >= 1.24 + +%description +cheat allows you to create and view interactive cheatsheets on the command-line. It was designed to help remind *nix system administrators of options for commands that they use frequently, but not frequently enough to remember. + +%prep +%autosetup -a 1 + +%build +%ifnarch ppc64 +export GOFLAGS="-buildmode=pie" +%endif +go build ./cmd/%{name} + +%check +./%{name} --help + +%install +install -D -m0755 %{name} %{buildroot}%{_bindir}/%{name} +install -Dm644 "doc/%{name}.1" -t "%{buildroot}%{_mandir}/man1/" + +%files +%{_bindir}/%{name} +%{_mandir}/man1/cheat.1%{?ext_man} + +%changelog diff --git a/vendor.tar.gz b/vendor.tar.gz new file mode 100644 index 0000000..effc29c --- /dev/null +++ b/vendor.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d2c5c7a1af2a99b98074fe0e1b77dc312713b341f11e40b91dd9b8be102def8a +size 3296585 -- 2.51.1 From 5081763a68c9beee6ed7ada0844875a744b97ddc0c2dd102751ac185c7de38f0 Mon Sep 17 00:00:00 2001 From: Michael Vetter Date: Thu, 27 Nov 2025 08:37:59 +0000 Subject: [PATCH 6/6] For some reason changelog was forgotten OBS-URL: https://build.opensuse.org/package/show/utilities/cheat?expand=0&rev=15 --- cheat.changes | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/cheat.changes b/cheat.changes index 9bf9c61..c693ad4 100644 --- a/cheat.changes +++ b/cheat.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Thu Nov 27 08:11:59 UTC 2025 - Witek Bedyk + +- Security: + * CVE-2025-47913: Fix client process termination (bsc#1253593) + * CVE-2025-58181: Fix potential unbounded memory consumption + (bsc#1253922) + * CVE-2025-47914: Fix panic due to an out of bounds read + (bsc#1254051) + * Replace golang.org/x/crypto=golang.org/x/crypto@v0.45.0 + * Replace golang.org/x/net=golang.org/x/net@v0.47.0 + * Replace golang.org/x/sys=golang.org/x/sys@v0.38.0 + ------------------------------------------------------------------- Fri Aug 22 13:12:32 UTC 2025 - Jeff Kowalczyk -- 2.51.1