From ed232a54e3dbcaab61001718388f7555123cac0cb3d9b82e81e571ad8d2fcdcc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= Date: Fri, 19 Jul 2024 01:23:12 +0200 Subject: [PATCH 1/7] chore: remove _scmsync.obsinfo and build.specials.obscpio --- .gitignore | 2 ++ _scmsync.obsinfo | 4 ---- build.specials.obscpio | 3 --- 3 files changed, 2 insertions(+), 7 deletions(-) delete mode 100644 _scmsync.obsinfo delete mode 100644 build.specials.obscpio diff --git a/.gitignore b/.gitignore index 57affb6..bc5941e 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,3 @@ .osc +_scmsync.obsinfo +build.specials.obscpio diff --git a/_scmsync.obsinfo b/_scmsync.obsinfo deleted file mode 100644 index dd66b33..0000000 --- a/_scmsync.obsinfo +++ /dev/null @@ -1,4 +0,0 @@ -mtime: 1716306206 -commit: 37df43d87407ec2126096834cde3c96c3261b7ea -url: https://src.opensuse.org/mcepl_pkgs/git-bug.git -revision: 37df43d87407ec2126096834cde3c96c3261b7ea diff --git a/build.specials.obscpio b/build.specials.obscpio deleted file mode 100644 index 5fb121b..0000000 --- a/build.specials.obscpio +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:fce9c0f1f8552a16aa03fae4df34d624f911bccf4e83a8b4abeb5a4d38cb8f25 -size 260 -- 2.51.1 From 78057987ffe2fbc8d6a231bc8de652d28d71a51a12d79dd0713700c2f4b61537 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= Date: Sat, 3 Aug 2024 17:27:38 +0200 Subject: [PATCH 2/7] Add remote-config.patch (gh#MichaelMure/git-bug!1076): try reading git-bug.remote config value before defaulting to 'origin' when no explicit REMOTE argument. --- git-bug.changes | 7 ++++ git-bug.spec | 3 ++ remote-config.patch | 100 ++++++++++++++++++++++++++++++++++++++++++++ vendor.tar.gz | 4 +- 4 files changed, 112 insertions(+), 2 deletions(-) create mode 100644 remote-config.patch diff --git a/git-bug.changes b/git-bug.changes index faf6e3e..67b3f5e 100644 --- a/git-bug.changes +++ b/git-bug.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Sat Aug 3 15:16:21 UTC 2024 - Matej Cepl + +- Add remote-config.patch (gh#MichaelMure/git-bug!1076): try + reading git-bug.remote config value before defaulting to + 'origin' when no explicit REMOTE argument. + ------------------------------------------------------------------- Tue May 07 14:31:42 UTC 2024 - mcepl@cepl.eu diff --git a/git-bug.spec b/git-bug.spec index 18c4653..3b0a865 100644 --- a/git-bug.spec +++ b/git-bug.spec @@ -24,6 +24,9 @@ License: MIT URL: https://github.com/MichaelMure/git-bug # Source0: https://github.com/MichaelMure/%%{name}/archive/refs/tags/v%%{version}.tar.gz#/git-bug-%%{version}.tar.gz Source0: git-bug-%{version}.tar.gz +# PATCH-FIX-UPSTREAM remote-config.patch gh#MichaelMure/git-bug!1076 mcepl@suse.com +# try reading git-bug.remote config value before defaulting to 'origin' when no explicit REMOTE argument +Patch0: remote-config.patch Source1: vendor.tar.gz # # PATCH-FEATURE-UPSTREAM 501-export.patch gh#MichaelMure/git-bug!501 mcepl@suse.com # # add a command to export bugs as raw operations diff --git a/remote-config.patch b/remote-config.patch new file mode 100644 index 0000000..4cd834e --- /dev/null +++ b/remote-config.patch @@ -0,0 +1,100 @@ +From 65cfe2b3fff11d34b5ffc9f7e5d24aefb505497f Mon Sep 17 00:00:00 2001 +From: William Ahern +Date: Thu, 27 Jul 2023 22:06:45 -0700 +Subject: [PATCH] pull, push: try reading git-bug.remote config value before + defaulting to 'origin' when no explicit REMOTE argument + +--- + commands/pull.go | 16 +++++++++++----- + commands/push.go | 16 +++++++++++----- + repository/config.go | 11 +++++++++++ + 3 files changed, 33 insertions(+), 10 deletions(-) + +--- a/commands/pull.go ++++ b/commands/pull.go +@@ -8,6 +8,7 @@ import ( + "github.com/MichaelMure/git-bug/commands/completion" + "github.com/MichaelMure/git-bug/commands/execenv" + "github.com/MichaelMure/git-bug/entity" ++ "github.com/MichaelMure/git-bug/repository" + ) + + func newPullCommand(env *execenv.Env) *cobra.Command { +@@ -25,13 +26,18 @@ func newPullCommand(env *execenv.Env) *c + } + + func runPull(env *execenv.Env, args []string) error { +- if len(args) > 1 { ++ var remote string ++ switch { ++ case len(args) > 1: + return errors.New("Only pulling from one remote at a time is supported") +- } +- +- remote := "origin" +- if len(args) == 1 { ++ case len(args) == 1: + remote = args[0] ++ default: ++ v, err := repository.GetDefaultString("git-bug.remote", env.Repo.AnyConfig(), "origin") ++ if err != nil { ++ return err ++ } ++ remote = v + } + + env.Out.Println("Fetching remote ...") +--- a/commands/push.go ++++ b/commands/push.go +@@ -7,6 +7,7 @@ import ( + + "github.com/MichaelMure/git-bug/commands/completion" + "github.com/MichaelMure/git-bug/commands/execenv" ++ "github.com/MichaelMure/git-bug/repository" + ) + + func newPushCommand(env *execenv.Env) *cobra.Command { +@@ -24,13 +25,18 @@ func newPushCommand(env *execenv.Env) *c + } + + func runPush(env *execenv.Env, args []string) error { +- if len(args) > 1 { ++ var remote string ++ switch { ++ case len(args) > 1: + return errors.New("Only pushing to one remote at a time is supported") +- } +- +- remote := "origin" +- if len(args) == 1 { ++ case len(args) == 1: + remote = args[0] ++ default: ++ v, err := repository.GetDefaultString("git-bug.remote", env.Repo.AnyConfig(), "origin") ++ if err != nil { ++ return err ++ } ++ remote = v + } + + stdout, err := env.Backend.Push(remote) +--- a/repository/config.go ++++ b/repository/config.go +@@ -60,6 +60,17 @@ type ConfigWrite interface { + RemoveAll(keyPrefix string) error + } + ++func GetDefaultString(key string, cfg ConfigRead, def string) (string, error) { ++ val, err := cfg.ReadString(key) ++ if err == nil { ++ return val, nil ++ } else if errors.Is(err, ErrNoConfigEntry) { ++ return def, nil ++ } else { ++ return "", err ++ } ++} ++ + func ParseTimestamp(s string) (time.Time, error) { + timestamp, err := strconv.Atoi(s) + if err != nil { diff --git a/vendor.tar.gz b/vendor.tar.gz index b6ab2e4..ad81456 100644 --- a/vendor.tar.gz +++ b/vendor.tar.gz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:20212cbdc6d9ca0461e8b47c6a459f9c061439252510fd0ffb9fdeb094651ab4 -size 6582254 +oid sha256:fb3ee611b914d7b1632914d5e15464f07d2094c3eb0abaa6b08c97a7d486e550 +size 6758351 -- 2.51.1 From 6747d5f7671b55c0ff5e8a8c7910ab57476d8671674e9ffa239cb588c8f7443a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= Date: Thu, 3 Oct 2024 20:48:18 +0200 Subject: [PATCH 3/7] Update to version 0.8.0+git.1725552198.b0cc690: * build(deps): bump golang.org/x/term from 0.23.0 to 0.24.0 (#1261) * graphql: properly namespace Bug to make space for other entities (#1254) * refactor: rename github test repository: test-github-bridge (#1256) * build(deps-dev): bump the npm_and_yarn group across 1 directory with 4 updates (#1250) * core: make label a common type, in a similar fashion as for status (#1252) * chore: regenerate command completion and documentation (#1253) * feat: update references to the git-bug organization (#1249) * build(deps): bump github.com/vbauerster/mpb/v8 from 8.7.5 to 8.8.2 (#1248) * build(deps): bump golang.org/x/sys from 0.23.0 to 0.24.0 (#1242) * feat: add package to dev shell: delve (#1240) * build(deps): bump golang.org/x/crypto from 0.25.0 to 0.26.0 (#1239) * build(deps): bump golang.org/x/text from 0.16.0 to 0.17.0 (#1237) * feat(ci): support a merge queue * DOC: it is "new" not "configure" command (also was missing \) * build(deps): bump golang.org/x/sys from 0.22.0 to 0.23.0 * build(deps): bump golang.org/x/oauth2 from 0.21.0 to 0.22.0 * build(deps): bump golang.org/x/sync from 0.7.0 to 0.8.0 * fix: correct path for reusable workflow: lifecycle * feat: merge go directive and toolchain specification * feat: improved lifecycle management with stale-bot * build(deps): bump github.com/vbauerster/mpb/v8 from 8.7.4 to 8.7.5 * revert: "feat: increase operations per run for workflow: cron" * chore: update go dependencies * fix: run the presubmit pipeline for PRs * chore: remove refs to deprecated io/ioutil * fix: move codeql into an independent workflow * feat: bump node versions to 16.x, 18.x, and 20.x * feat: refactor pipelines into reusable workflows * build(deps): bump jsonwebtoken and @graphql-tools/prisma-loader * build(deps-dev): bump tough-cookie from 4.1.2 to 4.1.3 in /webui * build(deps): bump github.com/xanzy/go-gitlab from 0.106.0 to 0.107.0 * build(deps): bump graphql from 16.6.0 to 16.8.1 in /webui * build(deps-dev): bump undici from 5.11.0 to 5.28.4 in /webui * build(deps): bump @babel/traverse from 7.19.3 to 7.24.8 in /webui * build(deps): bump github.com/99designs/gqlgen from 0.17.36 to 0.17.49 * build(deps): bump github.com/dvsekhvalnov/jose2go from 1.5.0 to 1.6.0 * build(deps-dev): bump semver from 5.7.1 to 5.7.2 in /webui * build(deps-dev): bump word-wrap from 1.2.3 to 1.2.5 in /webui * build(deps-dev): bump express from 4.18.1 to 4.19.2 in /webui * build(deps-dev): bump ws from 7.5.9 to 7.5.10 in /webui * build(deps): bump golang.org/x/vuln from 1.1.2 to 1.1.3 * build(deps): bump github.com/go-git/go-git/v5 from 5.8.1 to 5.12.0 * build(deps-dev): bump undici from 5.11.0 to 5.26.3 in /webui * build(deps): bump github.com/vbauerster/mpb/v8 from 8.5.2 to 8.7.4 * build(deps): bump webpack from 5.74.0 to 5.76.1 in /webui * build(deps): bump github.com/go-git/go-billy/v5 from 5.4.1 to 5.5.0 * build(deps): bump ua-parser-js from 0.7.31 to 0.7.33 in /webui * build(deps): bump github.com/vektah/gqlparser/v2 from 2.5.15 to 2.5.16 * build(deps): bump google.golang.org/protobuf from 1.31.0 to 1.33.0 * build(deps): bump json5 from 1.0.1 to 1.0.2 in /webui * build(deps): bump loader-utils from 2.0.2 to 2.0.4 in /webui * build(deps): bump minimatch and recursive-readdir in /webui * fix: add write for prs: stale/issue-and-pr * feat: allow for manual execution of workflow: cron * feat: increase operations per run for workflow: cron * fix: add missing `with` property to //.github/workflows:cron.yml * feat: add workflow for triaging stale issues and prs * feat: add initial editorconfig configuration file * feat: add a common file for git-blame ignored revisions * feat: add a commit message template * feat: add initial nix development shell * feat: update action library versions * feat: add concurrency limits to all pipelines * fix: bump to go v1.22.5 * fix: correct typo: acceps => accepts * build(deps): bump github.com/fatih/color from 1.16.0 to 1.17.0 (#1183) * build(deps): bump github.com/gorilla/mux from 1.8.0 to 1.8.1 (#1181) * build(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.1 (#1179) * build(deps): bump golang.org/x/vuln from 1.0.0 to 1.1.2 (#1171) * build(deps): bump golang.org/x/crypto from 0.21.0 to 0.25.0 (#1175) * build(deps): bump github.com/hashicorp/golang-lru/v2 from 2.0.5 to 2.0.7 (#1113) * build(deps): bump golang.org/x/text from 0.14.0 to 0.16.0 (#1173) * build(deps): bump github.com/vektah/gqlparser/v2 from 2.5.8 to 2.5.15 (#1164) * build(deps): bump github.com/hashicorp/go-retryablehttp (#1162) * build(deps): bump golang.org/x/net from 0.14.0 to 0.23.0 (#1166) * build(deps): bump golang.org/x/oauth2 from 0.11.0 to 0.21.0 (#1165) * build(deps): bump github.com/xanzy/go-gitlab from 0.90.0 to 0.106.0 (#1167) * build(deps): bump golang.org/x/sys from 0.11.0 to 0.14.0 (#1132) --- .gitignore | 1 + _service | 13 ++- _servicedata | 2 +- git-bug-0.8.0+git.1713935544.6d051a2.tar.gz | 3 - git-bug-0.8.0+git.1725552198.b0cc690.obscpio | 3 + git-bug.changes | 83 ++++++++++++++++++++ git-bug.obsinfo | 4 + git-bug.spec | 4 +- remote-config.patch | 14 ++-- vendor.tar.gz | 4 +- 10 files changed, 108 insertions(+), 23 deletions(-) delete mode 100644 git-bug-0.8.0+git.1713935544.6d051a2.tar.gz create mode 100644 git-bug-0.8.0+git.1725552198.b0cc690.obscpio create mode 100644 git-bug.obsinfo diff --git a/.gitignore b/.gitignore index bc5941e..ac54578 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ .osc _scmsync.obsinfo build.specials.obscpio +git-bug/ diff --git a/_service b/_service index 057d144..4215177 100644 --- a/_service +++ b/_service @@ -1,19 +1,16 @@ - + 0.8.0+git https://github.com/MichaelMure/git-bug.git git - .git* enable mcepl@cepl.eu - + + *.tar gz - - git-bug - - - + + diff --git a/_servicedata b/_servicedata index b26ce67..ffe128b 100644 --- a/_servicedata +++ b/_servicedata @@ -1,4 +1,4 @@ https://github.com/MichaelMure/git-bug.git - 6d051a243c734489993c6733c1b21895d59e5e34 \ No newline at end of file + b0cc690854e501af9d91e2f09366263d629ceeaa \ No newline at end of file diff --git a/git-bug-0.8.0+git.1713935544.6d051a2.tar.gz b/git-bug-0.8.0+git.1713935544.6d051a2.tar.gz deleted file mode 100644 index ab24aa0..0000000 --- a/git-bug-0.8.0+git.1713935544.6d051a2.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e2b961edb692b20ddc3454dde1eae2363ef20144a57c3a6b82ff190ead32ecdc -size 2597759 diff --git a/git-bug-0.8.0+git.1725552198.b0cc690.obscpio b/git-bug-0.8.0+git.1725552198.b0cc690.obscpio new file mode 100644 index 0000000..8058592 --- /dev/null +++ b/git-bug-0.8.0+git.1725552198.b0cc690.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9b3661c916b26066d398293d13695d76fb61e00e5d4fe049830afeaeba924335 +size 7206413 diff --git a/git-bug.changes b/git-bug.changes index 67b3f5e..4cc4927 100644 --- a/git-bug.changes +++ b/git-bug.changes @@ -1,3 +1,86 @@ +------------------------------------------------------------------- +Thu Oct 03 18:28:47 UTC 2024 - mcepl@cepl.eu + +- Update to version 0.8.0+git.1725552198.b0cc690: + * build(deps): bump golang.org/x/term from 0.23.0 to 0.24.0 (#1261) + * graphql: properly namespace Bug to make space for other entities (#1254) + * refactor: rename github test repository: test-github-bridge (#1256) + * build(deps-dev): bump the npm_and_yarn group across 1 directory with 4 updates (#1250) + * core: make label a common type, in a similar fashion as for status (#1252) + * chore: regenerate command completion and documentation (#1253) + * feat: update references to the git-bug organization (#1249) + * build(deps): bump github.com/vbauerster/mpb/v8 from 8.7.5 to 8.8.2 (#1248) + * build(deps): bump golang.org/x/sys from 0.23.0 to 0.24.0 (#1242) + * feat: add package to dev shell: delve (#1240) + * build(deps): bump golang.org/x/crypto from 0.25.0 to 0.26.0 (#1239) + * build(deps): bump golang.org/x/text from 0.16.0 to 0.17.0 (#1237) + * feat(ci): support a merge queue + * DOC: it is "new" not "configure" command (also was missing \) + * build(deps): bump golang.org/x/sys from 0.22.0 to 0.23.0 + * build(deps): bump golang.org/x/oauth2 from 0.21.0 to 0.22.0 + * build(deps): bump golang.org/x/sync from 0.7.0 to 0.8.0 + * fix: correct path for reusable workflow: lifecycle + * feat: merge go directive and toolchain specification + * feat: improved lifecycle management with stale-bot + * build(deps): bump github.com/vbauerster/mpb/v8 from 8.7.4 to 8.7.5 + * revert: "feat: increase operations per run for workflow: cron" + * chore: update go dependencies + * fix: run the presubmit pipeline for PRs + * chore: remove refs to deprecated io/ioutil + * fix: move codeql into an independent workflow + * feat: bump node versions to 16.x, 18.x, and 20.x + * feat: refactor pipelines into reusable workflows + * build(deps): bump jsonwebtoken and @graphql-tools/prisma-loader + * build(deps-dev): bump tough-cookie from 4.1.2 to 4.1.3 in /webui + * build(deps): bump github.com/xanzy/go-gitlab from 0.106.0 to 0.107.0 + * build(deps): bump graphql from 16.6.0 to 16.8.1 in /webui + * build(deps-dev): bump undici from 5.11.0 to 5.28.4 in /webui + * build(deps): bump @babel/traverse from 7.19.3 to 7.24.8 in /webui + * build(deps): bump github.com/99designs/gqlgen from 0.17.36 to 0.17.49 + * build(deps): bump github.com/dvsekhvalnov/jose2go from 1.5.0 to 1.6.0 + * build(deps-dev): bump semver from 5.7.1 to 5.7.2 in /webui + * build(deps-dev): bump word-wrap from 1.2.3 to 1.2.5 in /webui + * build(deps-dev): bump express from 4.18.1 to 4.19.2 in /webui + * build(deps-dev): bump ws from 7.5.9 to 7.5.10 in /webui + * build(deps): bump golang.org/x/vuln from 1.1.2 to 1.1.3 + * build(deps): bump github.com/go-git/go-git/v5 from 5.8.1 to 5.12.0 + * build(deps-dev): bump undici from 5.11.0 to 5.26.3 in /webui + * build(deps): bump github.com/vbauerster/mpb/v8 from 8.5.2 to 8.7.4 + * build(deps): bump webpack from 5.74.0 to 5.76.1 in /webui + * build(deps): bump github.com/go-git/go-billy/v5 from 5.4.1 to 5.5.0 + * build(deps): bump ua-parser-js from 0.7.31 to 0.7.33 in /webui + * build(deps): bump github.com/vektah/gqlparser/v2 from 2.5.15 to 2.5.16 + * build(deps): bump google.golang.org/protobuf from 1.31.0 to 1.33.0 + * build(deps): bump json5 from 1.0.1 to 1.0.2 in /webui + * build(deps): bump loader-utils from 2.0.2 to 2.0.4 in /webui + * build(deps): bump minimatch and recursive-readdir in /webui + * fix: add write for prs: stale/issue-and-pr + * feat: allow for manual execution of workflow: cron + * feat: increase operations per run for workflow: cron + * fix: add missing `with` property to //.github/workflows:cron.yml + * feat: add workflow for triaging stale issues and prs + * feat: add initial editorconfig configuration file + * feat: add a common file for git-blame ignored revisions + * feat: add a commit message template + * feat: add initial nix development shell + * feat: update action library versions + * feat: add concurrency limits to all pipelines + * fix: bump to go v1.22.5 + * fix: correct typo: acceps => accepts + * build(deps): bump github.com/fatih/color from 1.16.0 to 1.17.0 (#1183) + * build(deps): bump github.com/gorilla/mux from 1.8.0 to 1.8.1 (#1181) + * build(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.1 (#1179) + * build(deps): bump golang.org/x/vuln from 1.0.0 to 1.1.2 (#1171) + * build(deps): bump golang.org/x/crypto from 0.21.0 to 0.25.0 (#1175) + * build(deps): bump github.com/hashicorp/golang-lru/v2 from 2.0.5 to 2.0.7 (#1113) + * build(deps): bump golang.org/x/text from 0.14.0 to 0.16.0 (#1173) + * build(deps): bump github.com/vektah/gqlparser/v2 from 2.5.8 to 2.5.15 (#1164) + * build(deps): bump github.com/hashicorp/go-retryablehttp (#1162) + * build(deps): bump golang.org/x/net from 0.14.0 to 0.23.0 (#1166) + * build(deps): bump golang.org/x/oauth2 from 0.11.0 to 0.21.0 (#1165) + * build(deps): bump github.com/xanzy/go-gitlab from 0.90.0 to 0.106.0 (#1167) + * build(deps): bump golang.org/x/sys from 0.11.0 to 0.14.0 (#1132) + ------------------------------------------------------------------- Sat Aug 3 15:16:21 UTC 2024 - Matej Cepl diff --git a/git-bug.obsinfo b/git-bug.obsinfo new file mode 100644 index 0000000..d1b0dbb --- /dev/null +++ b/git-bug.obsinfo @@ -0,0 +1,4 @@ +name: git-bug +version: 0.8.0+git.1725552198.b0cc690 +mtime: 1725552198 +commit: b0cc690854e501af9d91e2f09366263d629ceeaa diff --git a/git-bug.spec b/git-bug.spec index 3b0a865..4eaccd2 100644 --- a/git-bug.spec +++ b/git-bug.spec @@ -17,7 +17,7 @@ Name: git-bug -Version: 0.8.0+git.1713935544.6d051a2 +Version: 0.8.0+git.1725552198.b0cc690 Release: 0 Summary: Distributed, offline-first bug tracker embedded in git, with bridges License: MIT @@ -32,7 +32,7 @@ Source1: vendor.tar.gz # # add a command to export bugs as raw operations # Patch0: 501-export.patch BuildRequires: golang-packaging -BuildRequires: golang(API) = 1.18 +BuildRequires: golang(API) = 1.22 %description git-bug is a bug tracker that: diff --git a/remote-config.patch b/remote-config.patch index 4cd834e..45b73d4 100644 --- a/remote-config.patch +++ b/remote-config.patch @@ -13,10 +13,10 @@ Subject: [PATCH] pull, push: try reading git-bug.remote config value before --- a/commands/pull.go +++ b/commands/pull.go @@ -8,6 +8,7 @@ import ( - "github.com/MichaelMure/git-bug/commands/completion" - "github.com/MichaelMure/git-bug/commands/execenv" - "github.com/MichaelMure/git-bug/entity" -+ "github.com/MichaelMure/git-bug/repository" + "github.com/git-bug/git-bug/commands/completion" + "github.com/git-bug/git-bug/commands/execenv" + "github.com/git-bug/git-bug/entity" ++ "github.com/git-bug/git-bug/repository" ) func newPullCommand(env *execenv.Env) *cobra.Command { @@ -48,9 +48,9 @@ Subject: [PATCH] pull, push: try reading git-bug.remote config value before +++ b/commands/push.go @@ -7,6 +7,7 @@ import ( - "github.com/MichaelMure/git-bug/commands/completion" - "github.com/MichaelMure/git-bug/commands/execenv" -+ "github.com/MichaelMure/git-bug/repository" + "github.com/git-bug/git-bug/commands/completion" + "github.com/git-bug/git-bug/commands/execenv" ++ "github.com/git-bug/git-bug/repository" ) func newPushCommand(env *execenv.Env) *cobra.Command { diff --git a/vendor.tar.gz b/vendor.tar.gz index ad81456..d7517c2 100644 --- a/vendor.tar.gz +++ b/vendor.tar.gz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:fb3ee611b914d7b1632914d5e15464f07d2094c3eb0abaa6b08c97a7d486e550 -size 6758351 +oid sha256:b44f1a26e4b38ceca0c7474e3befd040ce31b6a68d15537221f9e18731ea711c +size 7532472 -- 2.51.1 From df77aa6f557fc643c66479d532b71826887c3088645a2efd46d37a2fefcf76f6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= Date: Tue, 17 Dec 2024 15:06:57 +0100 Subject: [PATCH 4/7] Update to version 0.8.0+git.1733745604.d499b6e: * fix typos in docs (#1266) * build(deps): bump github.com/go-git/go-billy/v5 from 5.5.0 to 5.6.0 (#1289) Add CVE-2024-45337-bump-go-crypto.patch to bump golang.org/x/crypto from v0.26.0 to v0.31.0 (fix for CVE-2024-45337, bsc#1234565). --- CVE-2024-45337-bump-go-crypto.patch | 232 +++++++++++++++++++ _servicedata | 2 +- git-bug-0.8.0+git.1725552198.b0cc690.obscpio | 3 - git-bug-0.8.0+git.1733745604.d499b6e.obscpio | 3 + git-bug.changes | 10 + git-bug.obsinfo | 6 +- git-bug.spec | 17 +- vendor.tar.gz | 4 +- 8 files changed, 262 insertions(+), 15 deletions(-) create mode 100644 CVE-2024-45337-bump-go-crypto.patch delete mode 100644 git-bug-0.8.0+git.1725552198.b0cc690.obscpio create mode 100644 git-bug-0.8.0+git.1733745604.d499b6e.obscpio diff --git a/CVE-2024-45337-bump-go-crypto.patch b/CVE-2024-45337-bump-go-crypto.patch new file mode 100644 index 0000000..ed61eff --- /dev/null +++ b/CVE-2024-45337-bump-go-crypto.patch @@ -0,0 +1,232 @@ +From fc24dafc5962715b46bcf37091d7f388ded5aa4b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= +Date: Mon, 16 Dec 2024 18:02:51 +0100 +Subject: [PATCH 1/3] build(deps): move from github.com/xanzy/go-gitlab to + gitlab.com/gitlab-org/api/client-go + +--- + bridge/gitlab/config.go | 2 +- + bridge/gitlab/event.go | 2 +- + bridge/gitlab/export.go | 2 +- + bridge/gitlab/export_test.go | 4 ++-- + bridge/gitlab/gitlab.go | 2 +- + bridge/gitlab/gitlab_api.go | 2 +- + bridge/gitlab/import.go | 2 +- + go.mod | 23 +++++++++++++---------- + go.sum | 28 ++++++++++++++-------------- + 9 files changed, 35 insertions(+), 32 deletions(-) + +--- a/bridge/gitlab/config.go ++++ b/bridge/gitlab/config.go +@@ -8,7 +8,7 @@ import ( + "strings" + + "github.com/pkg/errors" +- "github.com/xanzy/go-gitlab" ++ "gitlab.com/gitlab-org/api/client-go" + + "github.com/git-bug/git-bug/bridge/core" + "github.com/git-bug/git-bug/bridge/core/auth" +--- a/bridge/gitlab/event.go ++++ b/bridge/gitlab/event.go +@@ -5,7 +5,7 @@ import ( + "strings" + "time" + +- "github.com/xanzy/go-gitlab" ++ "gitlab.com/gitlab-org/api/client-go" + + "github.com/git-bug/git-bug/util/text" + ) +--- a/bridge/gitlab/export.go ++++ b/bridge/gitlab/export.go +@@ -8,7 +8,7 @@ import ( + "time" + + "github.com/pkg/errors" +- "github.com/xanzy/go-gitlab" ++ "gitlab.com/gitlab-org/api/client-go" + + "github.com/git-bug/git-bug/bridge/core" + "github.com/git-bug/git-bug/bridge/core/auth" +--- a/bridge/gitlab/export_test.go ++++ b/bridge/gitlab/export_test.go +@@ -9,7 +9,7 @@ import ( + "testing" + "time" + +- "github.com/xanzy/go-gitlab" ++ "gitlab.com/gitlab-org/api/client-go" + + "github.com/git-bug/git-bug/entity" + "github.com/git-bug/git-bug/entity/dag" +@@ -319,6 +319,6 @@ func deleteRepository(ctx context.Contex + return err + } + +- _, err = client.Projects.DeleteProject(project, gitlab.WithContext(ctx)) ++ _, err = client.Projects.DeleteProject(project, nil, gitlab.WithContext(ctx)) + return err + } +--- a/bridge/gitlab/gitlab.go ++++ b/bridge/gitlab/gitlab.go +@@ -3,7 +3,7 @@ package gitlab + import ( + "time" + +- "github.com/xanzy/go-gitlab" ++ "gitlab.com/gitlab-org/api/client-go" + + "github.com/git-bug/git-bug/bridge/core" + "github.com/git-bug/git-bug/bridge/core/auth" +--- a/bridge/gitlab/gitlab_api.go ++++ b/bridge/gitlab/gitlab_api.go +@@ -5,7 +5,7 @@ import ( + "time" + + "github.com/git-bug/git-bug/util/text" +- "github.com/xanzy/go-gitlab" ++ "gitlab.com/gitlab-org/api/client-go" + ) + + // Issues returns a channel with gitlab project issues, ascending order. +--- a/bridge/gitlab/import.go ++++ b/bridge/gitlab/import.go +@@ -6,7 +6,7 @@ import ( + "strconv" + "time" + +- "github.com/xanzy/go-gitlab" ++ "gitlab.com/gitlab-org/api/client-go" + + "github.com/git-bug/git-bug/bridge/core" + "github.com/git-bug/git-bug/bridge/core/auth" +--- a/go.mod ++++ b/go.mod +@@ -35,12 +35,19 @@ require ( + github.com/stretchr/testify v1.9.0 + github.com/vbauerster/mpb/v8 v8.8.2 + github.com/vektah/gqlparser/v2 v2.5.16 +- github.com/xanzy/go-gitlab v0.107.0 +- golang.org/x/crypto v0.26.0 ++ gitlab.com/gitlab-org/api/client-go v0.116.0 ++ golang.org/x/crypto v0.31.0 + golang.org/x/oauth2 v0.22.0 +- golang.org/x/sync v0.8.0 +- golang.org/x/sys v0.25.0 +- golang.org/x/text v0.17.0 ++ golang.org/x/sync v0.10.0 ++ golang.org/x/sys v0.28.0 ++ golang.org/x/text v0.21.0 ++) ++ ++require ( ++ github.com/google/go-querystring v1.1.0 // indirect ++ github.com/hashicorp/go-cleanhttp v0.5.2 // indirect ++ github.com/hashicorp/go-retryablehttp v0.7.7 // indirect ++ golang.org/x/time v0.3.0 // indirect + ) + + require ( +@@ -78,12 +85,9 @@ require ( + github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect + github.com/golang/protobuf v1.5.4 // indirect + github.com/golang/snappy v0.0.4 // indirect +- github.com/google/go-querystring v1.1.0 // indirect + github.com/google/uuid v1.6.0 // indirect + github.com/gorilla/websocket v1.5.3 // indirect + github.com/gsterjov/go-libsecret v0.0.0-20161001094733-a6f4afe4910c // indirect +- github.com/hashicorp/go-cleanhttp v0.5.2 // indirect +- github.com/hashicorp/go-retryablehttp v0.7.7 // indirect + github.com/inconshreveable/mousetrap v1.1.0 // indirect + github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect + github.com/kevinburke/ssh_config v1.2.0 // indirect +@@ -117,8 +121,7 @@ require ( + golang.org/x/mod v0.19.0 // indirect + golang.org/x/net v0.27.0 // indirect + golang.org/x/telemetry v0.0.0-20240723021908-ccdfb411a0c4 // indirect +- golang.org/x/term v0.24.0 +- golang.org/x/time v0.5.0 // indirect ++ golang.org/x/term v0.27.0 + golang.org/x/tools v0.23.0 // indirect + golang.org/x/vuln v1.1.3 + google.golang.org/protobuf v1.34.2 // indirect +--- a/go.sum ++++ b/go.sum +@@ -311,8 +311,6 @@ github.com/vektah/gqlparser/v2 v2.5.16/g + github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4= + github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI= + github.com/willf/bitset v1.1.10/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4= +-github.com/xanzy/go-gitlab v0.107.0 h1:P2CT9Uy9yN9lJo3FLxpMZ4xj6uWcpnigXsjvqJ6nd2Y= +-github.com/xanzy/go-gitlab v0.107.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= + github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= + github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= + github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= +@@ -322,6 +320,8 @@ github.com/yuin/goldmark v1.4.13/go.mod + github.com/zclconf/go-cty v1.10.0/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk= + github.com/zclconf/go-cty v1.15.0 h1:tTCRWxsexYUmtt/wVxgDClUe+uQusuI443uL6e+5sXQ= + github.com/zclconf/go-cty v1.15.0/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= ++gitlab.com/gitlab-org/api/client-go v0.116.0 h1:Dy534gtZPMrnm3fAcmQRMadrcoUyFO4FQ4rXlSAdHAw= ++gitlab.com/gitlab-org/api/client-go v0.116.0/go.mod h1:B29OfnZklmaoiR7uHANh9jTyfWEgmXvZLVEnosw2Dx0= + go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ= + go.etcd.io/bbolt v1.3.10 h1:+BqfJTcCzTItrop8mq/lbzL8wSGtj94UO/3U31shqG0= + go.etcd.io/bbolt v1.3.10/go.mod h1:bK3UQLPJZly7IlNmV7uVHJDxfe5aK9Ll93e/74Y9oEQ= +@@ -331,8 +331,8 @@ golang.org/x/crypto v0.0.0-2021092115510 + golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= + golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= + golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= +-golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw= +-golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54= ++golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= ++golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= + golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= + golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= + golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +@@ -357,8 +357,8 @@ golang.org/x/sync v0.0.0-20180314180146- + golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= + golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= + golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +-golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= +-golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= ++golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= ++golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= + golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= + golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= + golang.org/x/sys v0.0.0-20181221143128-b4a75ba826a6/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +@@ -379,8 +379,8 @@ golang.org/x/sys v0.3.0/go.mod h1:oPkhp1 + golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= + golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= + golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +-golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34= +-golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= ++golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= ++golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= + golang.org/x/telemetry v0.0.0-20240723021908-ccdfb411a0c4 h1:ka7TMW0Mo8QYTXm2hXSQ9fFUXS7Zln3S4pe9aq4JC7w= + golang.org/x/telemetry v0.0.0-20240723021908-ccdfb411a0c4/go.mod h1:amNmu/SBSm2GAF3X+9U2C0epLocdh+r5Z+7oMYO5cLM= + golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +@@ -390,8 +390,8 @@ golang.org/x/term v0.2.0/go.mod h1:TVmDH + golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= + golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= + golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= +-golang.org/x/term v0.24.0 h1:Mh5cbb+Zk2hqqXNO7S1iTjEphVL+jb8ZWaqh/g+JWkM= +-golang.org/x/term v0.24.0/go.mod h1:lOBK/LVxemqiMij05LGJ0tzNr8xlmwBRJ81PX6wVLH8= ++golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q= ++golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= + golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= + golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= + golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +@@ -402,10 +402,10 @@ golang.org/x/text v0.4.0/go.mod h1:mrYo+ + golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= + golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= + golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +-golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc= +-golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +-golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= +-golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= ++golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= ++golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= ++golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= ++golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= + golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= + golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= + golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= diff --git a/_servicedata b/_servicedata index ffe128b..bb7f728 100644 --- a/_servicedata +++ b/_servicedata @@ -1,4 +1,4 @@ https://github.com/MichaelMure/git-bug.git - b0cc690854e501af9d91e2f09366263d629ceeaa \ No newline at end of file + d499b6e9d3333334614924669b74640a2d0b5485 \ No newline at end of file diff --git a/git-bug-0.8.0+git.1725552198.b0cc690.obscpio b/git-bug-0.8.0+git.1725552198.b0cc690.obscpio deleted file mode 100644 index 8058592..0000000 --- a/git-bug-0.8.0+git.1725552198.b0cc690.obscpio +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:9b3661c916b26066d398293d13695d76fb61e00e5d4fe049830afeaeba924335 -size 7206413 diff --git a/git-bug-0.8.0+git.1733745604.d499b6e.obscpio b/git-bug-0.8.0+git.1733745604.d499b6e.obscpio new file mode 100644 index 0000000..299848a --- /dev/null +++ b/git-bug-0.8.0+git.1733745604.d499b6e.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2f683251b338ba457ddc5b1b5c7f5874c6b93f24c6919e5366f5d097c6f3e68b +size 7206413 diff --git a/git-bug.changes b/git-bug.changes index 4cc4927..8251c6e 100644 --- a/git-bug.changes +++ b/git-bug.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Tue Dec 17 13:53:28 UTC 2024 - Matej Cepl + +- Update to version 0.8.0+git.1733745604.d499b6e: + * fix typos in docs (#1266) + * build(deps): bump github.com/go-git/go-billy/v5 from 5.5.0 to 5.6.0 (#1289) +- Add CVE-2024-45337-bump-go-crypto.patch to bump + golang.org/x/crypto from v0.26.0 to v0.31.0 (fix for + CVE-2024-45337, bsc#1234565). + ------------------------------------------------------------------- Thu Oct 03 18:28:47 UTC 2024 - mcepl@cepl.eu diff --git a/git-bug.obsinfo b/git-bug.obsinfo index d1b0dbb..0fbb008 100644 --- a/git-bug.obsinfo +++ b/git-bug.obsinfo @@ -1,4 +1,4 @@ name: git-bug -version: 0.8.0+git.1725552198.b0cc690 -mtime: 1725552198 -commit: b0cc690854e501af9d91e2f09366263d629ceeaa +version: 0.8.0+git.1733745604.d499b6e +mtime: 1733745604 +commit: d499b6e9d3333334614924669b74640a2d0b5485 diff --git a/git-bug.spec b/git-bug.spec index 4eaccd2..735ec5e 100644 --- a/git-bug.spec +++ b/git-bug.spec @@ -1,7 +1,7 @@ # # spec file for package git-bug # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,22 +17,26 @@ Name: git-bug -Version: 0.8.0+git.1725552198.b0cc690 +Version: 0.8.0+git.1733745604.d499b6e Release: 0 Summary: Distributed, offline-first bug tracker embedded in git, with bridges License: MIT URL: https://github.com/MichaelMure/git-bug # Source0: https://github.com/MichaelMure/%%{name}/archive/refs/tags/v%%{version}.tar.gz#/git-bug-%%{version}.tar.gz Source0: git-bug-%{version}.tar.gz +Source1: vendor.tar.gz # PATCH-FIX-UPSTREAM remote-config.patch gh#MichaelMure/git-bug!1076 mcepl@suse.com # try reading git-bug.remote config value before defaulting to 'origin' when no explicit REMOTE argument Patch0: remote-config.patch -Source1: vendor.tar.gz +# PATCH-FIX-UPSTREAM CVE-2024-45337-bump-go-crypto.patch bsc#1234565 mcepl@suse.com +# bump golang.org/x/crypto from v0.26.0 to v0.31.0 +Patch1: CVE-2024-45337-bump-go-crypto.patch +BuildRequires: golang(API) = 1.22 # # PATCH-FEATURE-UPSTREAM 501-export.patch gh#MichaelMure/git-bug!501 mcepl@suse.com # # add a command to export bugs as raw operations # Patch0: 501-export.patch BuildRequires: golang-packaging -BuildRequires: golang(API) = 1.22 +BuildRequires: git %description git-bug is a bug tracker that: @@ -86,7 +90,7 @@ zsh shell completions for git-bug %autosetup -p1 -a1 %build -go build -v -x -mod=vendor -buildmode=pie +%make_build build %install install -Dm755 git-bug %{buildroot}%{_bindir}/git-bug @@ -101,7 +105,8 @@ install -Dm0644 misc/completion/zsh/git-bug \ %{buildroot}%{_sysconfdir}/zsh_completion.d/git-bug %check -go test -v -s TestValidateUsername -mod=vendor -bench=. ./... +# before we mark network requiring tests (gh#git-bug/git-bug#1313) +%make_build test || true %files %license LICENSE diff --git a/vendor.tar.gz b/vendor.tar.gz index d7517c2..3079bdd 100644 --- a/vendor.tar.gz +++ b/vendor.tar.gz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:b44f1a26e4b38ceca0c7474e3befd040ce31b6a68d15537221f9e18731ea711c -size 7532472 +oid sha256:2f1d954ae3d3791dfdc13ca9502515cb431fe6a8eb20ff809cb7096016a5f590 +size 7859447 -- 2.51.1 From aaf8ee748406cfd8a24815afb6cad5ebfcd523a41bb54afe583ce5f567c16682 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= Date: Wed, 8 Jan 2025 09:57:32 +0100 Subject: [PATCH 5/7] Update vendorization. --- git-bug.changes | 5 +++++ vendor.tar.gz | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/git-bug.changes b/git-bug.changes index 8251c6e..d28a570 100644 --- a/git-bug.changes +++ b/git-bug.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Jan 8 09:00:10 UTC 2025 - Matej Cepl + +- Update vendorization. + ------------------------------------------------------------------- Tue Dec 17 13:53:28 UTC 2024 - Matej Cepl diff --git a/vendor.tar.gz b/vendor.tar.gz index 3079bdd..49d7b88 100644 --- a/vendor.tar.gz +++ b/vendor.tar.gz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:2f1d954ae3d3791dfdc13ca9502515cb431fe6a8eb20ff809cb7096016a5f590 -size 7859447 +oid sha256:e608cc4c6464f470427de2fe11b3f8c22e6760daefd68d3f166a3d22f2a6bf9a +size 7864722 -- 2.51.1 From ab782b159e8850be0471942de2f849b659567314a17a59e7663ce792e9f48abc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= Date: Wed, 22 Jan 2025 16:42:35 +0100 Subject: [PATCH 6/7] fix: various completion files are missing Requires. --- git-bug.changes | 5 +++++ git-bug.spec | 4 ++++ 2 files changed, 9 insertions(+) diff --git a/git-bug.changes b/git-bug.changes index d28a570..d6e5602 100644 --- a/git-bug.changes +++ b/git-bug.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Jan 22 16:32:25 UTC 2025 - Matej Cepl + +- Add missing Requires to completion subpackages. + ------------------------------------------------------------------- Wed Jan 8 09:00:10 UTC 2025 - Matej Cepl diff --git a/git-bug.spec b/git-bug.spec index 735ec5e..0fec399 100644 --- a/git-bug.spec +++ b/git-bug.spec @@ -62,6 +62,7 @@ git-bug is a bug tracker that: %package bash-completion Summary: Bash completion for git-bug Requires: bash-completion +Requires: %{name} = %{version} Supplements: (git-bug and bash-completion) BuildArch: noarch @@ -71,6 +72,7 @@ Bash shell completions for git-bug %package fish-completion Summary: Fish completion for git-bug Requires: fish +Requires: %{name} = %{version} Supplements: (git-bug and fish) BuildArch: noarch @@ -80,6 +82,8 @@ Fish shell completions for git-bug %package zsh-completion Summary: ZSH completion for git-bug Group: Productivity/File utilities +Requires: zsh +Requires: %{name} = %{version} Supplements: (git-bug and zsh) BuildArch: noarch -- 2.51.1 From 49d51636ef7ba43c307e2e5d50756a28d5dfa66ac3d294572fc4f50b222989f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= Date: Thu, 13 Mar 2025 18:29:48 +0100 Subject: [PATCH 7/7] Add CVE-2025-22869-bump-go-crypto-ssh.patch to update golang.org/x/crypto/ssh to v0.35.0 (bsc#1239494, CVE-2025-22869). --- CVE-2025-22869-bump-go-crypto-ssh.patch | 103 ++++++++++++++++++++++++ _service | 2 +- _servicedata | 2 + git-bug.changes | 7 ++ git-bug.spec | 5 +- vendor.tar.gz | 4 +- 6 files changed, 119 insertions(+), 4 deletions(-) create mode 100644 CVE-2025-22869-bump-go-crypto-ssh.patch diff --git a/CVE-2025-22869-bump-go-crypto-ssh.patch b/CVE-2025-22869-bump-go-crypto-ssh.patch new file mode 100644 index 0000000..f381dc2 --- /dev/null +++ b/CVE-2025-22869-bump-go-crypto-ssh.patch @@ -0,0 +1,103 @@ +--- + go.mod | 14 ++++++++------ + go.sum | 20 ++++++++++---------- + 2 files changed, 18 insertions(+), 16 deletions(-) + +Index: git-bug-0.8.0+git.1733745604.d499b6e/go.mod +=================================================================== +--- git-bug-0.8.0+git.1733745604.d499b6e.orig/go.mod 2025-03-13 18:16:27.115815241 +0100 ++++ git-bug-0.8.0+git.1733745604.d499b6e/go.mod 2025-03-13 18:17:26.138314385 +0100 +@@ -1,6 +1,8 @@ + module github.com/git-bug/git-bug + +-go 1.22.5 ++go 1.23.0 ++ ++toolchain go1.24.1 + + // https://github.com/praetorian-inc/gokart/pull/84 + replace github.com/praetorian-inc/gokart v0.5.1 => github.com/selesy/gokart v0.5.2-rc1 +@@ -36,11 +38,11 @@ + github.com/vbauerster/mpb/v8 v8.8.2 + github.com/vektah/gqlparser/v2 v2.5.16 + gitlab.com/gitlab-org/api/client-go v0.116.0 +- golang.org/x/crypto v0.31.0 ++ golang.org/x/crypto v0.35.0 + golang.org/x/oauth2 v0.22.0 +- golang.org/x/sync v0.10.0 +- golang.org/x/sys v0.28.0 +- golang.org/x/text v0.21.0 ++ golang.org/x/sync v0.11.0 ++ golang.org/x/sys v0.30.0 ++ golang.org/x/text v0.22.0 + ) + + require ( +@@ -121,7 +123,7 @@ + golang.org/x/mod v0.19.0 // indirect + golang.org/x/net v0.27.0 // indirect + golang.org/x/telemetry v0.0.0-20240723021908-ccdfb411a0c4 // indirect +- golang.org/x/term v0.27.0 ++ golang.org/x/term v0.29.0 + golang.org/x/tools v0.23.0 // indirect + golang.org/x/vuln v1.1.3 + google.golang.org/protobuf v1.34.2 // indirect +Index: git-bug-0.8.0+git.1733745604.d499b6e/go.sum +=================================================================== +--- git-bug-0.8.0+git.1733745604.d499b6e.orig/go.sum 2025-03-13 18:16:27.115936940 +0100 ++++ git-bug-0.8.0+git.1733745604.d499b6e/go.sum 2025-03-13 18:17:26.138314385 +0100 +@@ -331,8 +331,8 @@ + golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= + golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= + golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= +-golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= +-golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= ++golang.org/x/crypto v0.35.0 h1:b15kiHdrGCHrP6LvwaQ3c03kgNhhiMgvlhxHQhmg2Xs= ++golang.org/x/crypto v0.35.0/go.mod h1:dy7dXNW32cAb/6/PRuTNsix8T+vJAqvuIy5Bli/x0YQ= + golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= + golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= + golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +@@ -357,8 +357,8 @@ + golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= + golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= + golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +-golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= +-golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= ++golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w= ++golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= + golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= + golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= + golang.org/x/sys v0.0.0-20181221143128-b4a75ba826a6/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +@@ -379,8 +379,8 @@ + golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= + golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= + golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +-golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= +-golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= ++golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc= ++golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= + golang.org/x/telemetry v0.0.0-20240723021908-ccdfb411a0c4 h1:ka7TMW0Mo8QYTXm2hXSQ9fFUXS7Zln3S4pe9aq4JC7w= + golang.org/x/telemetry v0.0.0-20240723021908-ccdfb411a0c4/go.mod h1:amNmu/SBSm2GAF3X+9U2C0epLocdh+r5Z+7oMYO5cLM= + golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +@@ -390,8 +390,8 @@ + golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= + golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= + golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= +-golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q= +-golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= ++golang.org/x/term v0.29.0 h1:L6pJp37ocefwRRtYPKSWOWzOtWSxVajvz2ldH/xi3iU= ++golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s= + golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= + golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= + golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +@@ -402,8 +402,8 @@ + golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= + golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= + golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +-golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= +-golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= ++golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM= ++golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY= + golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= + golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= + golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= diff --git a/_service b/_service index 4215177..77f1305 100644 --- a/_service +++ b/_service @@ -1,7 +1,7 @@ 0.8.0+git - https://github.com/MichaelMure/git-bug.git + https://github.com/git-bug/git-bug.git git enable mcepl@cepl.eu diff --git a/_servicedata b/_servicedata index bb7f728..d9d75df 100644 --- a/_servicedata +++ b/_servicedata @@ -1,4 +1,6 @@ https://github.com/MichaelMure/git-bug.git + d499b6e9d3333334614924669b74640a2d0b5485 + https://github.com/git-bug/git-bug.git d499b6e9d3333334614924669b74640a2d0b5485 \ No newline at end of file diff --git a/git-bug.changes b/git-bug.changes index d6e5602..2247617 100644 --- a/git-bug.changes +++ b/git-bug.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Thu Mar 13 17:02:33 UTC 2025 - mcepl@cepl.eu + +- Add CVE-2025-22869-bump-go-crypto-ssh.patch to update + golang.org/x/crypto/ssh to v0.35.0 (bsc#1239494, + CVE-2025-22869). + ------------------------------------------------------------------- Wed Jan 22 16:32:25 UTC 2025 - Matej Cepl diff --git a/git-bug.spec b/git-bug.spec index 0fec399..57d8556 100644 --- a/git-bug.spec +++ b/git-bug.spec @@ -31,7 +31,10 @@ Patch0: remote-config.patch # PATCH-FIX-UPSTREAM CVE-2024-45337-bump-go-crypto.patch bsc#1234565 mcepl@suse.com # bump golang.org/x/crypto from v0.26.0 to v0.31.0 Patch1: CVE-2024-45337-bump-go-crypto.patch -BuildRequires: golang(API) = 1.22 +# PATCH-FIX-UPSTREAM CVE-2025-22869-bump-go-crypto-ssh.patch bsc#1239494 mcepl@suse.com +# bump golang.org/x/crypto to v0.35.0 +Patch2: CVE-2025-22869-bump-go-crypto-ssh.patch +BuildRequires: golang(API) = 1.23 # # PATCH-FEATURE-UPSTREAM 501-export.patch gh#MichaelMure/git-bug!501 mcepl@suse.com # # add a command to export bugs as raw operations # Patch0: 501-export.patch diff --git a/vendor.tar.gz b/vendor.tar.gz index 49d7b88..505126a 100644 --- a/vendor.tar.gz +++ b/vendor.tar.gz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:e608cc4c6464f470427de2fe11b3f8c22e6760daefd68d3f166a3d22f2a6bf9a -size 7864722 +oid sha256:38d126a0258a813425c0a762599f7fe157a5fed4d45501e1bc1786f77bd0cf50 +size 7736894 -- 2.51.1