From fb65c5d555a534c3ef98b414d3cce1673c2de7ec09a005f8718ebf92aab17b08 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= Date: Tue, 17 Dec 2024 15:06:57 +0100 Subject: [PATCH] Update to version 0.8.0+git.1733745604.d499b6e: * fix typos in docs (#1266) * build(deps): bump github.com/go-git/go-billy/v5 from 5.5.0 to 5.6.0 (#1289) Add CVE-2024-45337-bump-go-crypto.patch to bump golang.org/x/crypto from v0.26.0 to v0.31.0 (fix for CVE-2024-45337, bsc#1234565). --- CVE-2024-45337-bump-go-crypto.patch | 232 +++++++++++++++++++ _servicedata | 2 +- git-bug-0.8.0+git.1725552198.b0cc690.obscpio | 3 - git-bug-0.8.0+git.1733745604.d499b6e.obscpio | 3 + git-bug.changes | 10 + git-bug.obsinfo | 6 +- git-bug.spec | 17 +- vendor.tar.gz | 4 +- 8 files changed, 262 insertions(+), 15 deletions(-) create mode 100644 CVE-2024-45337-bump-go-crypto.patch delete mode 100644 git-bug-0.8.0+git.1725552198.b0cc690.obscpio create mode 100644 git-bug-0.8.0+git.1733745604.d499b6e.obscpio diff --git a/CVE-2024-45337-bump-go-crypto.patch b/CVE-2024-45337-bump-go-crypto.patch new file mode 100644 index 0000000..ed61eff --- /dev/null +++ b/CVE-2024-45337-bump-go-crypto.patch @@ -0,0 +1,232 @@ +From fc24dafc5962715b46bcf37091d7f388ded5aa4b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= +Date: Mon, 16 Dec 2024 18:02:51 +0100 +Subject: [PATCH 1/3] build(deps): move from github.com/xanzy/go-gitlab to + gitlab.com/gitlab-org/api/client-go + +--- + bridge/gitlab/config.go | 2 +- + bridge/gitlab/event.go | 2 +- + bridge/gitlab/export.go | 2 +- + bridge/gitlab/export_test.go | 4 ++-- + bridge/gitlab/gitlab.go | 2 +- + bridge/gitlab/gitlab_api.go | 2 +- + bridge/gitlab/import.go | 2 +- + go.mod | 23 +++++++++++++---------- + go.sum | 28 ++++++++++++++-------------- + 9 files changed, 35 insertions(+), 32 deletions(-) + +--- a/bridge/gitlab/config.go ++++ b/bridge/gitlab/config.go +@@ -8,7 +8,7 @@ import ( + "strings" + + "github.com/pkg/errors" +- "github.com/xanzy/go-gitlab" ++ "gitlab.com/gitlab-org/api/client-go" + + "github.com/git-bug/git-bug/bridge/core" + "github.com/git-bug/git-bug/bridge/core/auth" +--- a/bridge/gitlab/event.go ++++ b/bridge/gitlab/event.go +@@ -5,7 +5,7 @@ import ( + "strings" + "time" + +- "github.com/xanzy/go-gitlab" ++ "gitlab.com/gitlab-org/api/client-go" + + "github.com/git-bug/git-bug/util/text" + ) +--- a/bridge/gitlab/export.go ++++ b/bridge/gitlab/export.go +@@ -8,7 +8,7 @@ import ( + "time" + + "github.com/pkg/errors" +- "github.com/xanzy/go-gitlab" ++ "gitlab.com/gitlab-org/api/client-go" + + "github.com/git-bug/git-bug/bridge/core" + "github.com/git-bug/git-bug/bridge/core/auth" +--- a/bridge/gitlab/export_test.go ++++ b/bridge/gitlab/export_test.go +@@ -9,7 +9,7 @@ import ( + "testing" + "time" + +- "github.com/xanzy/go-gitlab" ++ "gitlab.com/gitlab-org/api/client-go" + + "github.com/git-bug/git-bug/entity" + "github.com/git-bug/git-bug/entity/dag" +@@ -319,6 +319,6 @@ func deleteRepository(ctx context.Contex + return err + } + +- _, err = client.Projects.DeleteProject(project, gitlab.WithContext(ctx)) ++ _, err = client.Projects.DeleteProject(project, nil, gitlab.WithContext(ctx)) + return err + } +--- a/bridge/gitlab/gitlab.go ++++ b/bridge/gitlab/gitlab.go +@@ -3,7 +3,7 @@ package gitlab + import ( + "time" + +- "github.com/xanzy/go-gitlab" ++ "gitlab.com/gitlab-org/api/client-go" + + "github.com/git-bug/git-bug/bridge/core" + "github.com/git-bug/git-bug/bridge/core/auth" +--- a/bridge/gitlab/gitlab_api.go ++++ b/bridge/gitlab/gitlab_api.go +@@ -5,7 +5,7 @@ import ( + "time" + + "github.com/git-bug/git-bug/util/text" +- "github.com/xanzy/go-gitlab" ++ "gitlab.com/gitlab-org/api/client-go" + ) + + // Issues returns a channel with gitlab project issues, ascending order. +--- a/bridge/gitlab/import.go ++++ b/bridge/gitlab/import.go +@@ -6,7 +6,7 @@ import ( + "strconv" + "time" + +- "github.com/xanzy/go-gitlab" ++ "gitlab.com/gitlab-org/api/client-go" + + "github.com/git-bug/git-bug/bridge/core" + "github.com/git-bug/git-bug/bridge/core/auth" +--- a/go.mod ++++ b/go.mod +@@ -35,12 +35,19 @@ require ( + github.com/stretchr/testify v1.9.0 + github.com/vbauerster/mpb/v8 v8.8.2 + github.com/vektah/gqlparser/v2 v2.5.16 +- github.com/xanzy/go-gitlab v0.107.0 +- golang.org/x/crypto v0.26.0 ++ gitlab.com/gitlab-org/api/client-go v0.116.0 ++ golang.org/x/crypto v0.31.0 + golang.org/x/oauth2 v0.22.0 +- golang.org/x/sync v0.8.0 +- golang.org/x/sys v0.25.0 +- golang.org/x/text v0.17.0 ++ golang.org/x/sync v0.10.0 ++ golang.org/x/sys v0.28.0 ++ golang.org/x/text v0.21.0 ++) ++ ++require ( ++ github.com/google/go-querystring v1.1.0 // indirect ++ github.com/hashicorp/go-cleanhttp v0.5.2 // indirect ++ github.com/hashicorp/go-retryablehttp v0.7.7 // indirect ++ golang.org/x/time v0.3.0 // indirect + ) + + require ( +@@ -78,12 +85,9 @@ require ( + github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect + github.com/golang/protobuf v1.5.4 // indirect + github.com/golang/snappy v0.0.4 // indirect +- github.com/google/go-querystring v1.1.0 // indirect + github.com/google/uuid v1.6.0 // indirect + github.com/gorilla/websocket v1.5.3 // indirect + github.com/gsterjov/go-libsecret v0.0.0-20161001094733-a6f4afe4910c // indirect +- github.com/hashicorp/go-cleanhttp v0.5.2 // indirect +- github.com/hashicorp/go-retryablehttp v0.7.7 // indirect + github.com/inconshreveable/mousetrap v1.1.0 // indirect + github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect + github.com/kevinburke/ssh_config v1.2.0 // indirect +@@ -117,8 +121,7 @@ require ( + golang.org/x/mod v0.19.0 // indirect + golang.org/x/net v0.27.0 // indirect + golang.org/x/telemetry v0.0.0-20240723021908-ccdfb411a0c4 // indirect +- golang.org/x/term v0.24.0 +- golang.org/x/time v0.5.0 // indirect ++ golang.org/x/term v0.27.0 + golang.org/x/tools v0.23.0 // indirect + golang.org/x/vuln v1.1.3 + google.golang.org/protobuf v1.34.2 // indirect +--- a/go.sum ++++ b/go.sum +@@ -311,8 +311,6 @@ github.com/vektah/gqlparser/v2 v2.5.16/g + github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4= + github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI= + github.com/willf/bitset v1.1.10/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4= +-github.com/xanzy/go-gitlab v0.107.0 h1:P2CT9Uy9yN9lJo3FLxpMZ4xj6uWcpnigXsjvqJ6nd2Y= +-github.com/xanzy/go-gitlab v0.107.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= + github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= + github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= + github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= +@@ -322,6 +320,8 @@ github.com/yuin/goldmark v1.4.13/go.mod + github.com/zclconf/go-cty v1.10.0/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk= + github.com/zclconf/go-cty v1.15.0 h1:tTCRWxsexYUmtt/wVxgDClUe+uQusuI443uL6e+5sXQ= + github.com/zclconf/go-cty v1.15.0/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= ++gitlab.com/gitlab-org/api/client-go v0.116.0 h1:Dy534gtZPMrnm3fAcmQRMadrcoUyFO4FQ4rXlSAdHAw= ++gitlab.com/gitlab-org/api/client-go v0.116.0/go.mod h1:B29OfnZklmaoiR7uHANh9jTyfWEgmXvZLVEnosw2Dx0= + go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ= + go.etcd.io/bbolt v1.3.10 h1:+BqfJTcCzTItrop8mq/lbzL8wSGtj94UO/3U31shqG0= + go.etcd.io/bbolt v1.3.10/go.mod h1:bK3UQLPJZly7IlNmV7uVHJDxfe5aK9Ll93e/74Y9oEQ= +@@ -331,8 +331,8 @@ golang.org/x/crypto v0.0.0-2021092115510 + golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= + golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= + golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= +-golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw= +-golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54= ++golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= ++golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= + golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= + golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= + golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +@@ -357,8 +357,8 @@ golang.org/x/sync v0.0.0-20180314180146- + golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= + golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= + golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +-golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= +-golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= ++golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= ++golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= + golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= + golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= + golang.org/x/sys v0.0.0-20181221143128-b4a75ba826a6/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +@@ -379,8 +379,8 @@ golang.org/x/sys v0.3.0/go.mod h1:oPkhp1 + golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= + golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= + golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +-golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34= +-golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= ++golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= ++golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= + golang.org/x/telemetry v0.0.0-20240723021908-ccdfb411a0c4 h1:ka7TMW0Mo8QYTXm2hXSQ9fFUXS7Zln3S4pe9aq4JC7w= + golang.org/x/telemetry v0.0.0-20240723021908-ccdfb411a0c4/go.mod h1:amNmu/SBSm2GAF3X+9U2C0epLocdh+r5Z+7oMYO5cLM= + golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +@@ -390,8 +390,8 @@ golang.org/x/term v0.2.0/go.mod h1:TVmDH + golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= + golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= + golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= +-golang.org/x/term v0.24.0 h1:Mh5cbb+Zk2hqqXNO7S1iTjEphVL+jb8ZWaqh/g+JWkM= +-golang.org/x/term v0.24.0/go.mod h1:lOBK/LVxemqiMij05LGJ0tzNr8xlmwBRJ81PX6wVLH8= ++golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q= ++golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= + golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= + golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= + golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +@@ -402,10 +402,10 @@ golang.org/x/text v0.4.0/go.mod h1:mrYo+ + golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= + golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= + golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +-golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc= +-golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +-golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= +-golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= ++golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= ++golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= ++golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= ++golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= + golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= + golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= + golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= diff --git a/_servicedata b/_servicedata index ffe128b..bb7f728 100644 --- a/_servicedata +++ b/_servicedata @@ -1,4 +1,4 @@ https://github.com/MichaelMure/git-bug.git - b0cc690854e501af9d91e2f09366263d629ceeaa \ No newline at end of file + d499b6e9d3333334614924669b74640a2d0b5485 \ No newline at end of file diff --git a/git-bug-0.8.0+git.1725552198.b0cc690.obscpio b/git-bug-0.8.0+git.1725552198.b0cc690.obscpio deleted file mode 100644 index 8058592..0000000 --- a/git-bug-0.8.0+git.1725552198.b0cc690.obscpio +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:9b3661c916b26066d398293d13695d76fb61e00e5d4fe049830afeaeba924335 -size 7206413 diff --git a/git-bug-0.8.0+git.1733745604.d499b6e.obscpio b/git-bug-0.8.0+git.1733745604.d499b6e.obscpio new file mode 100644 index 0000000..299848a --- /dev/null +++ b/git-bug-0.8.0+git.1733745604.d499b6e.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2f683251b338ba457ddc5b1b5c7f5874c6b93f24c6919e5366f5d097c6f3e68b +size 7206413 diff --git a/git-bug.changes b/git-bug.changes index 4cc4927..8251c6e 100644 --- a/git-bug.changes +++ b/git-bug.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Tue Dec 17 13:53:28 UTC 2024 - Matej Cepl + +- Update to version 0.8.0+git.1733745604.d499b6e: + * fix typos in docs (#1266) + * build(deps): bump github.com/go-git/go-billy/v5 from 5.5.0 to 5.6.0 (#1289) +- Add CVE-2024-45337-bump-go-crypto.patch to bump + golang.org/x/crypto from v0.26.0 to v0.31.0 (fix for + CVE-2024-45337, bsc#1234565). + ------------------------------------------------------------------- Thu Oct 03 18:28:47 UTC 2024 - mcepl@cepl.eu diff --git a/git-bug.obsinfo b/git-bug.obsinfo index d1b0dbb..0fbb008 100644 --- a/git-bug.obsinfo +++ b/git-bug.obsinfo @@ -1,4 +1,4 @@ name: git-bug -version: 0.8.0+git.1725552198.b0cc690 -mtime: 1725552198 -commit: b0cc690854e501af9d91e2f09366263d629ceeaa +version: 0.8.0+git.1733745604.d499b6e +mtime: 1733745604 +commit: d499b6e9d3333334614924669b74640a2d0b5485 diff --git a/git-bug.spec b/git-bug.spec index 4eaccd2..735ec5e 100644 --- a/git-bug.spec +++ b/git-bug.spec @@ -1,7 +1,7 @@ # # spec file for package git-bug # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,22 +17,26 @@ Name: git-bug -Version: 0.8.0+git.1725552198.b0cc690 +Version: 0.8.0+git.1733745604.d499b6e Release: 0 Summary: Distributed, offline-first bug tracker embedded in git, with bridges License: MIT URL: https://github.com/MichaelMure/git-bug # Source0: https://github.com/MichaelMure/%%{name}/archive/refs/tags/v%%{version}.tar.gz#/git-bug-%%{version}.tar.gz Source0: git-bug-%{version}.tar.gz +Source1: vendor.tar.gz # PATCH-FIX-UPSTREAM remote-config.patch gh#MichaelMure/git-bug!1076 mcepl@suse.com # try reading git-bug.remote config value before defaulting to 'origin' when no explicit REMOTE argument Patch0: remote-config.patch -Source1: vendor.tar.gz +# PATCH-FIX-UPSTREAM CVE-2024-45337-bump-go-crypto.patch bsc#1234565 mcepl@suse.com +# bump golang.org/x/crypto from v0.26.0 to v0.31.0 +Patch1: CVE-2024-45337-bump-go-crypto.patch +BuildRequires: golang(API) = 1.22 # # PATCH-FEATURE-UPSTREAM 501-export.patch gh#MichaelMure/git-bug!501 mcepl@suse.com # # add a command to export bugs as raw operations # Patch0: 501-export.patch BuildRequires: golang-packaging -BuildRequires: golang(API) = 1.22 +BuildRequires: git %description git-bug is a bug tracker that: @@ -86,7 +90,7 @@ zsh shell completions for git-bug %autosetup -p1 -a1 %build -go build -v -x -mod=vendor -buildmode=pie +%make_build build %install install -Dm755 git-bug %{buildroot}%{_bindir}/git-bug @@ -101,7 +105,8 @@ install -Dm0644 misc/completion/zsh/git-bug \ %{buildroot}%{_sysconfdir}/zsh_completion.d/git-bug %check -go test -v -s TestValidateUsername -mod=vendor -bench=. ./... +# before we mark network requiring tests (gh#git-bug/git-bug#1313) +%make_build test || true %files %license LICENSE diff --git a/vendor.tar.gz b/vendor.tar.gz index d7517c2..3079bdd 100644 --- a/vendor.tar.gz +++ b/vendor.tar.gz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:b44f1a26e4b38ceca0c7474e3befd040ce31b6a68d15537221f9e18731ea711c -size 7532472 +oid sha256:2f1d954ae3d3791dfdc13ca9502515cb431fe6a8eb20ff809cb7096016a5f590 +size 7859447 -- 2.45.2