- Add CVE-2024-24577.patch

* CVE-2024-24577: arbitrary code execution due to heap corruption
    in git_index_add (boo#1219660)

OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/git?expand=0&rev=650
This commit is contained in:
Dirk Mueller 2024-07-19 09:14:49 +00:00 committed by Git OBS Bridge
commit 5792d0456b
22 changed files with 6364 additions and 0 deletions

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.osc

20
CVE-2024-24577.patch Normal file
View File

@ -0,0 +1,20 @@
Index: b/read-cache.c
===================================================================
--- a/read-cache.c
+++ b/read-cache.c
@@ -1158,10 +1158,13 @@ static int has_dir_name(struct index_sta
size_t len;
for (;;) {
- if (*--slash == '/')
- break;
+ slash--;
+
if (slash <= ce->name)
return retval;
+
+ if (*slash == '/')
+ break;
}
len = slash - name;

15
apache2-gitweb.conf Normal file
View File

@ -0,0 +1,15 @@
Alias /git "/usr/share/gitweb/"
<Directory "/usr/share/gitweb">
Options ExecCGI
AllowOverride None
AddHandler cgi-script .cgi
DirectoryIndex gitweb.cgi
<IfModule mod_access_compat.c>
Order allow,deny
Allow from all
</IfModule>
<IfModule !mod_access_compat.c>
Require all granted
</IfModule>
</Directory>

View File

@ -0,0 +1,25 @@
---
contrib/completion/git-completion.bash | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
Index: git-2.43.1/contrib/completion/git-completion.bash
===================================================================
--- git-2.43.1.orig/contrib/completion/git-completion.bash
+++ git-2.43.1/contrib/completion/git-completion.bash
@@ -67,10 +67,12 @@
# case insensitively, even on systems with case sensitive file systems
# (e.g., completing tag name "FOO" on "git checkout f<TAB>").
-case "$COMP_WORDBREAKS" in
-*:*) : great ;;
-*) COMP_WORDBREAKS="$COMP_WORDBREAKS:"
-esac
+# SUSE-specific: We trust the system is consistent and do not let individual
+# scripts play ping-pong with the global $COMP_WORDBREAKS value.
+#case "$COMP_WORDBREAKS" in
+#*:*) : great ;;
+#*) COMP_WORDBREAKS="$COMP_WORDBREAKS:"
+#esac
# Discovers the path to the git repository taking any '--git-dir=<path>' and
# '-C <path>' options into account and stores it in the $__git_repo_path

BIN
git-2.45.2.tar.sign Normal file

Binary file not shown.

3
git-2.45.2.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:51bfe87eb1c02fed1484051875365eeab229831d30d0cec5d89a14f9e40e9adb
size 7487680

17
git-asciidoc.patch Normal file
View File

@ -0,0 +1,17 @@
---
Documentation/asciidoc.conf | 2 ++
1 file changed, 2 insertions(+)
Index: git-2.11.0/Documentation/asciidoc.conf
===================================================================
--- git-2.11.0.orig/Documentation/asciidoc.conf
+++ git-2.11.0/Documentation/asciidoc.conf
@@ -21,6 +21,8 @@ tilde=&#126;
apostrophe=&#39;
backtick=&#96;
litdd=&#45;&#45;
+# drops the "last-updated" footer, with asciidoc-8.6.9+
+footer-style=none
ifdef::backend-docbook[]
[linkgit-inlinemacro]

2
git-daemon.conf Normal file
View File

@ -0,0 +1,2 @@
# Type Name ID GECOS [HOME]
u git-daemon - "git daemon" /var/lib/empty -

26
git-daemon.service Normal file
View File

@ -0,0 +1,26 @@
[Unit]
Description=Git Daemon
[Service]
# added automatically, for details please see
# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
ProtectSystem=full
PrivateDevices=true
ProtectHostname=true
ProtectClock=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectKernelLogs=true
ProtectControlGroups=true
RestrictRealtime=true
# end of automatic additions
EnvironmentFile=-/etc/sysconfig/git-daemon
ExecStart=/bin/bash -c 'exec git daemon --reuseaddr --base-path=$${GIT_DAEMON_BASE_PATH:-/srv/git/} --user=$${GIT_DAEMON_USER:-git-daemon} --group=$${GIT_DAEMON_GROUP:-git-daemon} $GIT_DAEMON_ARGS'
Restart=always
RestartSec=500ms
SyslogIdentifier=git-daemon
[Install]
WantedBy=multi-user.target

11
git-gui.desktop Normal file
View File

@ -0,0 +1,11 @@
[Desktop Entry]
Name=Git Gui
GenericName=Version Control GUI
Comment=Git GUI
Exec=git gui
Icon=git-gui
StartupNotify=false
Terminal=false
Type=Application
Categories=Development;RevisionControl;
X-KDE-SubstituteUID=false

BIN
git-gui.png (Stored with Git LFS) Normal file

Binary file not shown.

View File

@ -0,0 +1,42 @@
From: Jakub Narebski <jnareb@...il.com>
Subject: [PATCH] gitweb: Enable $prevent_xss by default
This fixes issue CVE-2011-2186 originally reported in
https://launchpad.net/bugs/777804
Reported-by: dave b <db.pub.mail@...il.com>
Signed-off-by: Jakub Narebski <jnareb@...il.com>
---
git-instaweb.sh | 4 ++++
gitweb/README | 5 +++--
gitweb/gitweb.perl | 2 +-
3 files changed, 8 insertions(+), 3 deletions(-)
Index: git-2.43.1/git-instaweb.sh
===================================================================
--- git-2.43.1.orig/git-instaweb.sh
+++ git-2.43.1/git-instaweb.sh
@@ -721,6 +721,10 @@ our \$projectroot = "$(dirname "$fqgitdi
our \$git_temp = "$fqgitdir/gitweb/tmp";
our \$projects_list = \$projectroot;
+# we can trust our own repository, so disable XSS prevention
+# to enable some extra features
+our \$prevent_xss = 0;
+
\$feature{'remote_heads'}{'default'} = [1];
EOF
}
Index: git-2.43.1/gitweb/gitweb.perl
===================================================================
--- git-2.43.1.orig/gitweb/gitweb.perl
+++ git-2.43.1/gitweb/gitweb.perl
@@ -194,7 +194,7 @@ our @diff_opts = ('-M'); # taken from gi
# Disables features that would allow repository owners to inject script into
# the gitweb domain.
-our $prevent_xss = 0;
+our $prevent_xss = 1;
# Path to the highlight executable to use (must be the one from
# http://andre-simon.de/zip/download.php due to assumptions about parameters and output).

11
git-prompt Normal file
View File

@ -0,0 +1,11 @@
# In git versions < 1.7.12, this shell library was part of the
# git completion script.
#
# Some users rely on the __git_ps1 function becoming available
# when bash-completion is loaded. Continue to load this library
# at bash-completion startup for now, to ease the transition to a
# world order where the prompt function is requested separately.
#
if [[ -e /usr/share/bash-completion/completions/git-prompt.sh ]]; then
. /usr/share/bash-completion/completions/git-prompt.sh
fi

View File

@ -0,0 +1,57 @@
---
contrib/completion/git-completion.tcsh | 17 +++++++----------
contrib/completion/git.csh | 4 ++++
contrib/completion/git.tcsh | 4 ++++
3 files changed, 15 insertions(+), 10 deletions(-)
Index: git-2.11.0/contrib/completion/git-completion.tcsh
===================================================================
--- git-2.11.0.orig/contrib/completion/git-completion.tcsh
+++ git-2.11.0/contrib/completion/git-completion.tcsh
@@ -32,14 +32,14 @@ if ( ${__git_tcsh_completion_version[1]}
endif
unset __git_tcsh_completion_version
-set __git_tcsh_completion_original_script = ${HOME}/.git-completion.bash
-set __git_tcsh_completion_script = ${HOME}/.git-completion.tcsh.bash
+set __git_tcsh_completion_original_script = /usr/share/bash-completion/completions/git
+set __git_tcsh_completion_script = $RPM_BUILD_ROOT/usr/share/tcsh/git.complete
-# Check that the user put the script in the right place
-if ( ! -e ${__git_tcsh_completion_original_script} ) then
- echo "git-completion.tcsh: Cannot find: ${__git_tcsh_completion_original_script}. Git completion will not work."
- exit
-endif
+# # Check that the user put the script in the right place
+# if ( ! -e ${__git_tcsh_completion_original_script} ) then
+# echo "git-completion.tcsh: Cannot find: ${__git_tcsh_completion_original_script}. Git completion will not work."
+# exit
+# endif
cat << EOF >! ${__git_tcsh_completion_script}
#!bash
@@ -121,6 +121,3 @@ EOF
# Don't need this variable anymore, so don't pollute the users environment
unset __git_tcsh_completion_original_script
-
-complete git 'p,*,`bash ${__git_tcsh_completion_script} git "${COMMAND_LINE}"`,'
-complete gitk 'p,*,`bash ${__git_tcsh_completion_script} gitk "${COMMAND_LINE}"`,'
Index: git-2.11.0/contrib/completion/git.csh
===================================================================
--- /dev/null
+++ git-2.11.0/contrib/completion/git.csh
@@ -0,0 +1,4 @@
+if (${?prompt}) then
+complete git 'p,*,`bash /usr/share/tcsh/git.complete git "${COMMAND_LINE}"`,'
+complete gitk 'p,*,`bash /usr/share/tcsh/git.complete gitk "${COMMAND_LINE}"`,'
+endif
Index: git-2.11.0/contrib/completion/git.tcsh
===================================================================
--- /dev/null
+++ git-2.11.0/contrib/completion/git.tcsh
@@ -0,0 +1,4 @@
+if (${?prompt}) then
+complete git 'p,*,`bash /usr/share/tcsh/git.complete git "${COMMAND_LINE}"`,'
+complete gitk 'p,*,`bash /usr/share/tcsh/git.complete gitk "${COMMAND_LINE}"`,'
+endif

5230
git.changes Normal file

File diff suppressed because it is too large Load Diff

152
git.keyring Normal file
View File

@ -0,0 +1,152 @@
pub 4096R/713660A7 2011-10-01
uid [ unknown] Junio C Hamano <gitster@pobox.com>
uid [ unknown] Junio C Hamano <jch@google.com>
uid [ unknown] Junio C Hamano <junio@pobox.com>
sub 4096R/833262C4 2011-10-01
sub 4096R/96AFE6CB 2011-10-03 [expires: 2015-09-21]
sub 4096R/B3F7CAC9 2014-09-20 [expires: 2017-09-19]
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2
mQINBE6GdewBEADE3szNmKeUAUad22z1tWkLjLzyDcJpF7IzEnLs8bD1y0I6iqH0
169ru5iXKn29wc+YAuxWorb4P5a2i2B/vs32hJy/rXE7dpvsAqlHLSGSDUJXiFzM
Bb9SfJO0EY2r+vqzeQgSUmhp/b4dAXVnMATFM37V83H/mq8REl5Wwb2rxP3pcv6W
F6i51+tPEWIUgo1N74QkR4wdLcPztDO9v7ZIaFKl+2GEGkx6Z+YjECTqQuyushjq
41K3UVmv+AmLhJYKA78HY5KqCkXrz8rCgoi+Ih+ZT2sgjx637yT84Dr/QDh7BkIB
blmpRQ+yoJlVDWI5/bI8rcdrPz+NmxaJ7dKEBg0qTclbwquacpwG1DCCD8NgQrwL
WVLGVdsT2qwek+KkmOs+iNBXY1TgKPAeuv0ZDKKYrCwYpN1K90oXk431g79bKsH5
8Tybg5uW+e2i+H5gnDeyl481HOt8aHOPu9qIB/zIek6lDH69q3nGcf7k3prxDf3I
qYy6CPcpjTfpN4i/7gxQDNI+AIgbs21EE5Kg1TPUe0XgfdJMtIF+D6wTjbrLtDnn
09Iwz0SfIZR52IrZHxUlFXZFjk10RXYATtdMqEFgYgjYvYXxL9EEr7T5Dgso+qaE
wV0rrg0VDKrf/afrjGOeffumlhBhJnBnns1T+p65Vz5hyQl7SFKLw+Ix7wARAQAB
tB9KdW5pbyBDIEhhbWFubyA8amNoQGdvb2dsZS5jb20+iQI4BBMBAgAiBQJOhnjV
AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAg0E5acTZgp4SyD/9slQ1I
kYqz+VXPnmHCQFhurYcHD8t1iGBqiXxI+gpA1Y3L1QL+aj0fplW4KuEPbJ7xlYdL
A4J+M9kgkwt3Jufw+lM1pQM9tSB627rAbxUyczj4AFjZ9v8GpqyZ3XPDe8NknI/V
4Xlhsr+e3AHJPr355XacMkFGc3Rtw1quFVgrECttdzUD6xtrhwYYVAYAnKr65943
UtMLsVXkJLfjq8c1NZOCov9SwSb0N9IkEhSyihd/92Z2NH4d+B1QTIyWagL3GNN8
LXXEHK+x+oA/nbhGbFg7bqhxUW4d2JaxKPy4U3nfdtSmMbiy16eUfMbbMyvB0jtL
f6UFrxF5bJnYkiG18DcLSaX7Hsby8IVzZQZHYvkx5+7pK2SBsdek3bu3punP3dWL
JoMw+Vmm5Bk0Yl7pxzvsYQWhPV7+tpgglUSFQuIeXFrwjVXP8Q+Ph9nO0vKIaeTc
n1ISuq2XaoqhkLH+Zw1I/ruRtk2DJbZsg5BBGfA26BkZWJXlO6h33emPwkJ0Fanl
zRtMTqZ/4RiTXv5G1L/lypX1iq6fF2V+WTh2JmEKyY+2l0/19XRANfaDiYULoBvJ
EdCcIXLbaRTqjem+70ZGvAiCaGO52YvUhBo+XCgjucjcqhxiF3wc24kzj1Zycrwb
Da7VjftZAApN01CJ38mXGpZXiWZU4hjJx41wCbQgSnVuaW8gQyBIYW1hbm8gPGp1
bmlvQHBvYm94LmNvbT6JAjgEEwECACIFAk6GeL4CGwMGCwkIBwMCBhUIAgkKCwQW
AgMBAh4BAheAAAoJECDQTlpxNmCn6GMQAJ0V0jmyQ7Lvi5FBBgNTdY8qfVbLFxEU
VAsKf2x9QxhsOcL2heQRVkp10JKv4/VQLfDwr6Pv98FQchXlBmFiySAbVihUVC+V
J3FhyKBtI14RXT6Nkwd18PXDvWXy2fKeiK9GPDWkufac0h/giz0T1xP7CHxDErQA
TMmYbkinyyM+xd1Nir6DUYcHJQIK2Dg2VPChkI0XXCQETLDbrC9fDwWg1vP36PQZ
+nw/cIRt+2xkq8HHUzB7kOnXHqPt1kb/Ry8hZwPnfV7g/V0MogoMLtz233pqwugu
LXP7zY3jTwAZZ9VTpuCTsdVWXJDlznMNurYi1yurCNuUvq/O/9JC8WBtdVUuvFZG
jRZWfP24W57iq/qz8CV6dThq5r4WygE83tMC3DaarNJ4f9dQUA4KpL7j2EMXkgoX
cEy1mieUCypdNiZj96hV8Q7apSLk2V4jtvLkJfzX053glqRJI35SX8OkSazZGYZH
X6QfZlvznnrCF5x/xBzhbfr2Geo4rxL0BQsp2DQodqUCB23QzsPhWWffYtkATaD5
vovGeQ9Acd1u72jH3DO8tVMH85jMO4f+oc0h3lnkPS4F33QqlnErRo/IRm6jCsI/
NgMZUYdh0EY5Iiq/e8e+u8gdo0akkwHlNvR4KrYrK/1K4h+i+UBIbJDZpqT/iH+y
hJRQ3CAan8KStCJKdW5pbyBDIEhhbWFubyA8Z2l0c3RlckBwb2JveC5jb20+iQI7
BBMBAgAlAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUCToZ45QIZAQAKCRAg
0E5acTZgp1TFEACr+QRpfDmbGnUY1Rqy50Ap1eG0061vAapCMLmU+4kxqIRKm5/0
0YGmb7VxRCLDpKNa0hkH+ftA4QmnPU4j4UEsh/vAa2BGCXRjB9RixTokvQf9iOXU
GiHYv1kn+p3lxg66bLnKV3dWScjV2IueDP4ypLEZHlWD9I/Unmrg2mJEAcz4gSAf
BHWLOf/+JYAq6j6erIxPS5ZtIz/twQf6MCoXXAXuM6tgUhdptJqG82WzSZMuWOfz
mS6DSTuqK05h9gpwdj5nz4jdh4u5sp+LKOqFw94JIRcE+wj5cljOOlX3Fqi84ADC
8b/OzC3V9KGarNnBzWdnkIoNxbNBNF6wD1dgn1peueufaP9q5CO9ljKNSOGUClwv
tJFrpZZL5PheNNFFkPSZpkmStcB6s8RHsyz5zuqxQUOWuvLVUDRW58yZR0WC1Xc/
yi+cEFSUiKI5OqPNwC1v0xh7a/MObJQxTQCEKHLyVYlnohsf2RxzxaOOjgWmY2O+
yH5G5ymfBie/Uw7zcSsJ89ovLAEG/10tkJVqIfza5Wexj3VAZbI+i7vx2gtlLqM2
3gGykqcv7VWmFD5lFWGC4Sw8M7Jikm8vn99dxZnsBKjMqksjENUX1JeUZI+FHg2C
NSVBX0J8yLnmd8eJBkYXkU79J3GVex/WTzbFnSkPmw16MtAu/E9EKNbAILkCDQRO
hnXsARAA8ZueozuaZ1UR9dwbBt/KNag/ZiaaV4X9Jm+nQTkT9W92CTWpJ0LcVT10
pVzQGDUrWLPW1sJ/ka2JjhH8tDFnpKjgaoBwxH+dJLWWs4RXfPXbefCAPliBaOwR
ZNVyK+FEnUhEHi+z2+KEoOQGJ/AtzpU+0958VgYfWhG2rRH4lDBSopC1VS3WxC+x
QcxJMqR30ArJQ5avoIAAFQc6qzCAZ/4nbaPO1Kxdsf6ndj9jyZfaVH++OKS/cs1/
nDW0JXdGH+oEFvf69FFFvwglOKqTw78nMhiMd2Oz1fzIwJa3uKib+JIaEhWrAAIw
188lCGIcO8jJmgBP5RDlTezOq3mA74WgwnFnxJ/LIx9N/1mvdr1ce26DMeUQBIfG
BNimRxGZADg5VuKZwysmh9/JY/KWtHYe+0VwA+l9VzxsIs6Zo36wQTxr1DRrHSKS
WmOChGmdPr924b31NA1geHZiQd2j8QughbVQNEARnG8Neo1HgPti1CYFjLPOp6R2
j8w/fSeEPkpsPZmT38k+TucspmFzsCKedGlI5BgkHB7be44rDZFOdmxQ9iXECa/K
OuySHKhTXYTwJ8QvgTdEA7Qsl0/sMQtVL4fRP/69yTxEA0RHxFG95ft0mq89Sgpt
y1IcdVxPNmenPerR6KVH4josG7cb/vFMqV09p7Sn6a89VHTG+Y8AEQEAAYkCHwQY
AQIACQUCToZ17AIbDAAKCRAg0E5acTZgpxSmD/4+nZhEFmZYlhPJXvUM4dVqk2x3
eXpWhibltChkPoPaJFgZIfrC5T8cU5Nn9G+/T3Oytzj8u/PTnCLK2xw94w6e00vS
FaV+5FWZ757bOaFd13CuavOFwxEKmulCJX4mZGSQsyF/DZEgG79FJpiiiykvgDSB
CGQSga1saWMLxtsAaFj5KTb+ZnRLkfYd6WdWgkmUV8rDJVl6OXDGLmVIWm6zqkzT
+XnxJvIgURB8zUqLbIjoR7ruziD5r2SU1IzK0dcGTAsPmLjTtpE97fmRU8Qsdmnk
c6pyOeS2BUFQaYErGqf7HqkWX4+4+0gW9m0mwroTXnWwMG95A1knyRsvyDerz3bH
NzXbGBSvl/HJ8qQruKWQytiFPgpFa6v7pEfEzXa6QGHxGF2y6tFxTk9LOIyHI393
QLZRlt+oQNACj8NQS93MhBn79rKu+YJMNf4yGDFxnPFEScuQH4BCyKztXSIzLJur
xRS3h6QKGxD/O1BKaiMibcBCH1nXFeWB2JpRZBndtS58aX9nQQIeXXODCaWJhWRk
nEg7U3GAgxFyAk4HnVTreFgmleZsKT3khM69kzlZundZ1JRgSQlekDzBHcsdN4UZ
MGkzLYdA/0mAr1K45RkNVQuFrk73kgYUx+4g64xkqFzSbj9jqvo2/4gH2cbnrY6S
hQ+kwjEdAXLP3BGbl7kCDQROiUo5ARAA8l5PToapmK0IHBpY5ohie53ZczLV5ojW
KZXNsmVYNuSBBKpwC6VH2X859dVd59HigAYsS1TbDCUNGC1bM0thJ9Y92fa1WnlE
qyYQZDmJ4rt283DT2Gmrkng6XPjvr8PZeHKtvw7uLywfdm4x0WrGrH34g17BL82u
/7k0JUOgJoPulIkO9Mls35UJSY/Zwk1EdkM4hHKmqJFIiW/DlPYh0Tj5x9Sukk0A
TH/R/QdtpjvwJJZyph6gMhbiYB+G+nR/WZy9vB+bFwPPaa0EudADoIZ9LkQzU/55
KqNnKH9dPqPVWEOBZVZvPqiRiyRuffMIJ0t9mtvc/jruS1qiTZdJoy2vl6K4Uqc+
huvlHeCCYR0lGCeDB+Ixuz9xd2ZdUxMgwgcNiQOCW70YWtxf0LF2seSJdLItHDBO
u/f3cqKwNGUvcC3d/9qVb0wPSI1mq18S02MGcvDySsjGtX7o4kujUqE2ZNCW6ORL
JUC6zEYu3TRNWrXeS3uAP21xUrEPkuTiJL7SCS12FYJt5agx5NIUKI7bkIUbLbiu
hC4z47MFajW9Y5jUQk86dk7bjGqVrXYIu92Dhxc2CND2fWaMpYRhwvHR6KQU1yYH
YkGVlMHiozM5D+4dCRRVI8x3p/+ypFBZmZr7yTpv/qD0N8HHl2NAYvGRQdzjyFQO
XERwaXuzjCkAEQEAAYkERAQYAQIADwIbAgUCVB9jPgUJB3dMaAIpwV0gBBkBAgAG
BQJOiUo5AAoJELC16IaWr+bLpKUQAMsAmipqNBx++8jZKqK5pyrUQa8/I7cevHv/
6avwMgq4ISlIfdYixmI4t/xNakHu6ezXu1gJ97hWbNts6zSiAxsbTDAkEwtDXuAQ
LzIdTc8M8wQgsoq7NXHC4+YCpKBZCn06OVOTVjc52DzPLom9bmOb3UaiCdryeySc
pDXXFuaHeNk7VrDsR9s06eEkTZl/ED2kW3zsT3ZSrG6dHiDupJPi8eoBL1gLRHWu
cUndT8Miu0nxmnU5vvEcOVHj9ZEbbikD5u7EQQdHKFw1R6RYv5zFh81cb/zSoSwJ
MyGxjleqy/IoVYVxqhIIg+UPkHW2jbIi7R6OZ4gc6W5870qKQWHDn7a4XDzQ2NEW
F2G/+SWVInfyQVisFfs0RBJ24LbGA28BRA5wlSBslwKMcmrP0t29eIs2raoCDcYm
LsaQ2PsNTuUcsIzk3Sz1FpS+WIR9Vv4MG3choi+LIdL/38zctLykecz7dYSAhAPW
LwiO5N2++DunogweXzCET5Da+rm2VntE+seHi9hI0hUVyBJm5pwIfd6XaVha1x/k
n9SyoQWc6I4FLEFP68wdkfeEu1cdGfrc4A2fHyXuO2VBH8yXHMshr3v0ALCy4E1k
cET9zEmtawuMLlrQwzJP3a8PQqZnhXkRZ9KAyAaP5tpgb/lDQMUnYo0RM7z0YsET
pmv0WsFXCRAg0E5acTZgp74sD/4rBEPyAk7cmWtyR0XDZpQETY0Sw7Nr4aErdTdQ
7AlntHMcn+MWRJpa57S/ea2Fl6SWZ4X09VV/H11lWnYzw0IkSRDsDATxMin+qpy6
c7IwxZ9RQ1UT9PhmVBz7rbrsl3Hnjv+WG9PcMCdlFOMZL4VC2TQEr0hBSXWhV6mD
I0rdwuUu+oq84s1cke5g/e5TjoGupTxkaNO/yfDJMf+3dqwGmJDKl23dfKg+XbFh
3Y/G321/C5GgvqtjaCoqzCuTDByEbVXBde7mFB5xQg8ejDgFfuocw57whdNcS3Ml
GPO/P06nB940QELjwp5O34mMcVn0qnyhgaioueVW5qzucEa+UfzbkYhinlYdbylj
wquJlqIScLPNL0xtzOWo1oWHLl7jVklRuRHXFp6Asqan/MovLlYTcBO4OwOJ/rIJ
BOHkMeLu/vlEIeqC6J5vuD+bP4XUpHamxOU8U6RVVDIH4cckhEU3zWDTwaD/RTG8
TatJzGmjNOOR04imbqFApU7NOUQ488WNqH11aeZoDOoXWKEvWfE7Cg/fTP0JZH3H
aW9LWljWrt68FCyuLtvGVeNyjHw4NZq89bbqnhKBAX1LS3pl/+nfD8Wx4sldo8Rh
lOQgUQu+ZJ5sAueLrnd1AmWEEXvZDFyZqXsrun4cjvZXDmyFFhuaGVis1QzTIumY
pUumvLkCDQRUHbogARAAmJzYPpBprZD5rZEP++T/JS7JYzJPSCMFxppxSCy6RwTP
7Tfu8Bg8Tgy2P6T2dkH5qez2S6+TpOUJ7b/4PmArVWk7uQmo7dkzrMh/gGA6ra44
xyLfHdpFZaKu/TjbAlKIxbWxQ9Z3+VvUpFkIJ7R2EWGNTGgpDXd6FKe+E0LoM5PE
OlAQ2pgJ9a+J35ukDV7LSLaslrAoEIYsVkIuFs0HOIgP/N7fqlCft9rJo5Oifqxl
G2xB/M0wEl5nA1mAbj4I6N2BI1ft/6jWq853GJ3iX0F8BUoL3EfaFLgUN8nViXe7
H4iJrgJ0HUXxAvyRW9IkfbCd/eT8OVkHzBLK6dLi/1IoOdpkqxciH2p8YayT+I/g
sgnCadU2hSDWoOf2MB19xs6IpMF1LpG/oSsV8SvVbvBLtoAJShWh7dseUnNw9Xfp
69kMjJCE4Quv3d/l1I4DiDFpAiuXYJLs+q7OtHEUK/GARn+CYJP165JP0owYwZXE
8/ZawtOsAUQrGvtF8QgB5TO4FadB7zJ/oSsfZ8u3T6mqoYPFl7gS9J/MgF1w0oAw
Ip+eZkW4iqtmzbjGhCb8CjRVOhDRxkp4E8Pz7egdHW3gdUgVcSTxmxppO+AS/JuV
euym+zAz9OTi0mbFMjS0AqX0oGLFANeLlRhxP7xOoWj/fw8DC3cifwsUo0CTJPsA
EQEAAYkERAQYAQIADwUCVB26IAIbAgUJBaOagAIpCRAg0E5acTZgp8FdIAQZAQIA
BgUCVB26IAAKCRB1lO7Hs/fKyah/D/wJ3v4WdqGo7KgW0kmWfFVWZLKwtb+16gcy
6nIm7F7VUcODv+qRLA/4UUg72yabVCXnMBi/eEHtkVZWlB/+tzg643DiRvXTCZiw
oS5c6fTze55e/Z87qY7okf40aTR+qWuMgligI/LeXunr1Pu2jlJLMcUVh5QLxLZ8
bDqpDgQM9zcdFmKQ/ofUnK7y6gYyUl2KYJDYi0alzjTm+73/S0Mc7z08Yp/s+dtK
PbU9imKCnNRkPTQpcwlYHWJv0YPQ0TdOkid6HJC7CmZEPH845D+qojAjYBPogNIj
/RaByaT3kN32zu8+jaZJSCnBM0l2lSh/qO7sQBZhqPX5pJDjjj7d/ATY7XxJCnK/
2cZVSuVhMXPIFIAQG4ZYFUaQssjQKLN7BXJUo7+ec1AMkTiwDUocPza8h+fitcpO
sWWJWWvZvkSObbuPKGn7BgoTzEehO2Rz0QsNjgOa5SXxmc0zX7sbB1XiMxSe7gBZ
BOnYjhPVcidO3tWuM/jXGfZAL9ISq6Zf47ebXA7Y+6Bx3oquMgtSN10gbdoJvjqE
BJNN65wadvBP8+SrL+nWRGhsfmu8jupXdJe8h8ysXCboVkpXHuSu+lDjeL9WLqpw
c/XkaOy7B6PfwIRaYYHnsKs8ogvDuTRJPV4khizyt+A6aiQ1PQqxSKWGY+lzxbmB
kPhp5v1N5xrnD/9vdJggIMR16G7JVxSKMLw7pE45eXRR9x9HDlLAAYAY8w5spMDH
gJwrUvepDq8L12ttigGD+7GVb+3CgaLbI4Z3Mhrs55J0TWbLxvc0nuJYlxk1sF+U
B73fL4z9G5nI6rV+BWyM7BvrepKyyeXlluTstOsawI/3YQn2KH0ERqb7t1i0a+HI
3EBzpFTORQ7G6zycU6liAnWpWLlvTEefdBfsh8VssQAZFP5SRPDUiVORIT/YGDzH
OfuIaeCD9pPJ4guMS5DZUmwrAYbY9s1Yt/gFsddKH1pDh6jFdF0aYMDv66pyA2aO
7DmxdrNN05Mq3duly18AeWC8puQVzi5wTi5668RhMJFEK5YqixbE1sXgV/YXMmZ+
JqDgWd177m1Cg5UnBUoBMXNVC69ZAP4TSq+hXZlrNhDNUmY2W4IsIg22ZSc/zPQW
1FogQD0WWGmt4nH2TiPT22yO6XpKSWgP4trGG7ArSsx8DfYHBOzwyyLJQv5lyB62
RWqsZW4azM9IhxHOpr03zM6UmfFJ3Db8URNIHYfXCZteBGyWIilZ9+S59F2jc9M0
Ard75N4RY/1/TVEDTgazvBNgD9oHQAmdXlglicn4jiR/zdsiUvxzXYfAwJ2wn93b
H36Mo/R9JLZoiNx9YlED1s/emsTzoSw8JiIA5V4aLnc8FdwY8Wa9cvZAAw==
=f2jS
-----END PGP PUBLIC KEY BLOCK-----

585
git.spec Normal file
View File

@ -0,0 +1,585 @@
#
# spec file for package git
#
# Copyright (c) 2024 SUSE LLC
# Copyright (c) 2024 Andreas Stieger <Andreas.Stieger@gmx.de>
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define rb_build_ruby_abis %{rb_default_ruby_abi}
%define rb_build_versions %{rb_default_ruby}
%define gitexecdir %{_libexecdir}/git
%if 0%{?suse_version} < 1500
%define _fwdefdir %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services
%define SuSEfirewall2 1
%endif
#Compat macro for new _fillupdir macro introduced in Nov 2017
%if ! %{defined _fillupdir}
%define _fillupdir %{_localstatedir}/adm/fillup-templates
%endif
# Compat stub for python3_fix_shebang_path
%{?!python3_fix_shebang_path:%define python3_fix_shebang_path(+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-=) \\\
myargs="%{**}" \
for f in ${myargs}; do \
[ -f "$f" ] && sed -i -e "1s@#\\!.*python.*@#\\!$(realpath %__python3)@" $f \
done
}
%bcond_without git_libsecret
%bcond_without docs
%if 0%{?suse_version} >= 1500 && %{with docs}
%bcond_without asciidoctor
%else
%bcond_with asciidoctor
%endif
Name: git
Version: 2.45.2
Release: 0
Summary: Fast, scalable, distributed revision control system
License: GPL-2.0-only
Group: Development/Tools/Version Control
URL: https://git-scm.com/
Source0: https://www.kernel.org/pub/software/scm/git/%{name}-%{version}.tar.xz
Source1: apache2-gitweb.conf
Source2: sysconfig.git-daemon
Source3: git-daemon.service
Source5: usr.share.git-web.gitweb.cgi
Source6: susefirewall-git-daemon
Source7: https://www.kernel.org/pub/software/scm/git/%{name}-%{version}.tar.sign
Source8: %{name}.keyring
Source9: %{name}-gui.desktop
Source10: %{name}-gui.png
Source11: git-daemon.conf
Source12: git-prompt
Patch3: completion-wordbreaks.diff
# CVE-2011-2186, bnc#698456
Patch4: git-prevent_xss-default.diff
# cook up tcsh completion to be installable (bnc#853183)
Patch6: git-tcsh-completion-fixes.diff
Patch8: git-asciidoc.patch
Patch10: setup-don-t-fail-if-commondir-reference-is-deleted.patch
# PATCH-FIX-OPENSUSE CVE-2024-24577.patch boo#1219660 antonio.teixeira@suse.com
Patch11: CVE-2024-24577.patch
BuildRequires: fdupes
BuildRequires: gpg2
BuildRequires: libcurl-devel
BuildRequires: libexpat-devel
BuildRequires: libopenssl-devel
BuildRequires: pcre2-devel
BuildRequires: perl-Error
BuildRequires: perl-MailTools
BuildRequires: pkgconfig
# for the %%python3_fix_shebang_path macro
BuildRequires: python-rpm-macros
BuildRequires: python3-base
BuildRequires: systemd-rpm-macros
BuildRequires: tcsh
BuildRequires: update-desktop-files
BuildRequires: xz
BuildRequires: pkgconfig(zlib)
Requires: git-core = %{version}
Requires: perl-Git = %{version}
Recommends: git-email
Suggests: git-daemon
Suggests: git-gui
Suggests: git-web
Suggests: gitk
%if 0%{?suse_version} >= 1500
BuildRequires: openssh-clients
BuildRequires: sysuser-tools
%endif
%if %{with docs}
BuildRequires: sgml-skel
BuildRequires: xmlto
%if %{with asciidoctor}
BuildRequires: %{rubygem asciidoctor}
BuildRequires: docbook5-xsl-stylesheets
%else
BuildRequires: asciidoc
%endif
%endif
%if %{with git_libsecret}
BuildRequires: libsecret-devel
%endif
%if 0%{?suse_version} > 1320
BuildRequires: libsha1detectcoll-devel
%endif
%description
Git is a fast, scalable, distributed revision control system with an
unusually rich command set that provides both high-level operations and
full access to internals.
This package itself only provides the README of git but with the
packages it requires, it brings you a complete Git environment
including GTK and email interfaces and tools for importing source code
repositories from other revision control systems such as subversion,
CVS, and GNU arch.
%package core
Summary: Core git tools
Group: Development/Tools/Version Control
Requires: less
Obsoletes: git-remote-helpers < %{version}
%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150300
Recommends: openssh-clients
%else
Recommends: openssh
%endif
%description core
Git is a fast, scalable, distributed revision control system with an
unusually rich command set that provides both high-level operations and
full access to internals.
These are the core tools with minimal dependencies.
%package -n perl-Git
Summary: perl Bindings for Git
Group: Development/Libraries/Perl
Requires: perl-Error
Provides: git-core:%{perl_vendorlib}/Git
%{perl_requires}
%description -n perl-Git
Git is a fast, scalable, distributed revision control system with an
unusually rich command set that provides both high-level operations and
full access to internals.
This package provides the Perl interface to the Git version control system.
%package doc
Summary: Documentation for the Git version control system
Group: Documentation/HTML
BuildArch: noarch
%description doc
Git is a fast, scalable, distributed revision control system with an
unusually rich command set that provides both high-level operations and
full access to internals.
This subpackage contains Git's documentation in text/plain and
text/html formats. (The manpages are in the main package.)
%package svn
Summary: Git tools for importing Subversion repositories
Group: Development/Tools/Version Control
Requires: git-core = %{version}
Requires: perl-Git = %{version}
Requires: perl-Term-ReadKey
Requires: subversion
Requires: subversion-perl
Supplements: (%{name} and subversion)
%description svn
Tools for importing Subversion repositories to the Git version control
system.
%package cvs
Summary: Git tools for importing CVS repositories
Group: Development/Tools/Version Control
Requires: cvs
Requires: cvsps
Requires: git-core = %{version}
Requires: perl-DBD-SQLite
Requires: perl-Git = %{version}
Supplements: (%{name} and cvs)
%description cvs
Tools for importing CVS repositories to the Git version control system.
%if %{with git_libsecret}
%package credential-libsecret
Summary: Git credential backend using libsecret to access keyring
Group: Development/Tools/Version Control
Requires: git-core = %{version}
Obsoletes: git-credential-gnome-keyring < %{version}
%description credential-libsecret
A Git credential backend which uses libsecret API to acces keyrings such as
kwallet or GNOME keyring.
%endif
%package arch
Summary: Git tools for importing Arch repositories
Group: Development/Tools/Version Control
Requires: git-core = %{version}
# Requires: tla
%description arch
Tools for importing GNU Arch repositories to the GIT version control
system.
%package p4
Summary: Git tools for importing Perforce repositories
Group: Development/Tools/Version Control
Requires: git-core = %{version}
%description p4
Tools for importing Perforce repositories to the GIT version control
system.
%package email
Summary: Git tools for sending email
Group: Development/Tools/Version Control
Requires: git-core = %{version}
# For sending mails over secure SMTP:
Requires: perl-Authen-SASL
Requires: perl-Git = %{version}
Requires: perl-MailTools
Requires: perl-Net-SMTP-SSL
%description email
Email interface for the GIT version control system.
%package daemon
Summary: Simple Server for Git Repositories
Group: Development/Tools/Version Control
Requires: bash
Requires: git-core = %{version}
Requires(pre): %fillup_prereq
%if 0%{?suse_version} >= 1500
%{?sysusers_requires}
%{?systemd_requires}
%else
Requires(pre): %{_sbindir}/useradd
Requires(pre): shadow
%endif
%description daemon
A really simple TCP git daemon. In the default configuration it allows
read only access to repositories in /srv/git/ that contain the
'git-daemon-export-ok' file.
%package -n gitk
Summary: Git revision tree visualiser
Group: Development/Tools/Version Control
Requires: git-core = %{version}
Requires: tk >= 8.4
%if 0%{?suse_version} == 1315
Supplements: (git-core and tk)
%else
Supplements: (git-core and tk)
%endif
%description -n gitk
Grapical tool for visualization of revision trees of projects
maintained in the Git version control system. It name gitk indicates
that it's written using the Tk Widget set.
A simple Tk based graphical interface for common Git operations is
found in the package git-gui.
%package gui
Summary: Grapical tool for common git operations
Group: Development/Tools/Version Control
Requires: git-core = %{version}
Requires: tk >= 8.4
%if 0%{?suse_version} == 1315
Supplements: (git-core and tk)
%else
Supplements: (git-core and tk)
%endif
%description gui
A Tcl/Tk based graphical user interface to Git. git-gui focuses on
allowing users to make changes to their repository by making new
commits, amending existing ones, creating branches, performing local
merges, and fetching/pushing to remote repositories.
Unlike gitk, git-gui focuses on commit generation and single file
annotation, and does not show project history. It does however supply
menu actions to start a gitk session from within git-gui.
%package web
Summary: Git Web Interface
Group: Development/Tools/Version Control
Requires: git-core = %{version}
Requires: perl-CGI
Requires: perl-Git = %{version}
%if 0%{?suse_version} == 1315
Supplements: (git-core and apache2)
%else
Supplements: (git-core and apache2)
%endif
%description web
CGI script that allows browsing git repositories via web interface.
The apache2 configuration contained in this package installs a virtual
directory /git/ that calls the cgi script.
%prep
%autosetup -p1
%build
# update shebang to use python3
sed -e '1{s,.*,#!%{_bindir}/python3,}' git-p4.py
cat > .make <<'EOF'
#!/bin/bash
%make_build CFLAGS="%{optflags}" \
GITWEB_CONFIG="%{_sysconfdir}/gitweb.conf" \
GITWEB_PROJECTROOT="/srv/git" \
WITH_OWN_SUBPROCESS_PY=YesPlease \
DESTDIR=%{buildroot} \
NO_CROSS_DIRECTORY_HARDLINKS=1 \
NO_INSTALL_HARDLINKS=1 \
%if 0%{?suse_version} > 1320
DC_SHA1_EXTERNAL=YesPlease \
%endif
%if %{with asciidoctor}
USE_ASCIIDOCTOR=YesPlease \
%endif
PYTHON_PATH=%{_bindir}/python3 \
USE_LIBPCRE2=YesPlease \
NO_PERL_CPAN_FALLBACKS=1 \
V=1 \
prefix=%{_prefix} mandir=%{_mandir} \
gitexecdir=%{gitexecdir} \
htmldir=%{_docdir}/git \
perllibdir=%{perl_vendorlib} \
"$@"
EOF
#
chmod 755 .make
./.make all %{?_smp_mflags}
%if %{with docs}
./.make doc %{?_smp_mflags}
%endif
%if %{with git_libsecret}
./.make -C contrib/credential/libsecret
%endif
./.make -C contrib/subtree/
%if 0%{?suse_version} >= 1500
%sysusers_generate_pre %{SOURCE11} git-daemon git-daemon.conf
%endif
%install
./.make install %{!?_without_docs: install-doc}
### git-web
cp gitweb/INSTALL INSTALL.gitweb
cp gitweb/README README.gitweb
install -d %{buildroot}%{_datadir}/git-web
install -d %{buildroot}%{_sysconfdir}/apache2/conf.d
install -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/apache2/conf.d/gitweb.conf
### git-daemon
install -d -m 755 %{buildroot}%{_unitdir}
install -m 644 %{SOURCE3} %{buildroot}/%{_unitdir}/git-daemon.service
install -d -m 755 %{buildroot}%{_sbindir}
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rcgit-daemon
install -d -m 755 %{buildroot}%{_fillupdir}
install -m 644 %{SOURCE2} %{buildroot}%{_fillupdir}/sysconfig.git-daemon
install -d -m 755 %{buildroot}/srv/git
%if 0%{?SuSEfirewall2}
mkdir -p %{buildroot}/%{_fwdefdir}
install -m 644 %{SOURCE6} %{buildroot}/%{_fwdefdir}/git-daemon
%endif
###
./.make -C contrib/subtree install
%{!?_without_docs: ./.make -C contrib/subtree install-doc}
(find %{buildroot}%{_bindir} -type f -o -type l | grep -vE "archimport|p4|svn|cvs|email|gitk|git-daemon|gui|web" | sed -e s@^%{buildroot}@@) > bin-man-doc-files
(find %{buildroot}%{gitexecdir} ! -type d | grep -vE "archimport|p4|svn|cvs|email|gitk|git-daemon|gui|web" | sed -e s@^%{buildroot}@@) >> bin-man-doc-files
(find %{buildroot}%{_mandir} -type f | grep -vE "archimport|p4|svn|git-cvs|email|gitk|git-daemon|gui|web" | sed -e s@^%{buildroot}@@ -e 's/$/*/' ) >> bin-man-doc-files
# Don't pick up dependencies from sample files
find %{buildroot}/%{_datadir}/git-core/templates -type f -name "*.sample" -exec chmod a-x "{}" "+"
%perl_process_packlist
%if %{with docs}
find %{buildroot}/%{_mandir} -type f -exec chmod 644 "{}" "+"
%endif
install -m 644 -D contrib/completion/git-completion.bash %{buildroot}%{_datadir}/bash-completion/completions/git
install -m 644 -D contrib/completion/git-prompt.sh %{buildroot}%{_datadir}/bash-completion/completions/git-prompt.sh
mkdir -p %{buildroot}/%{_sysconfdir}/bash_completion.d/
install -m 644 %{SOURCE12} %{buildroot}/%{_sysconfdir}/bash_completion.d/git-prompt
# contrib/credential
%if %{with git_libsecret}
install -m 755 -D contrib/credential/libsecret/git-credential-libsecret %{buildroot}/%{gitexecdir}/git-credential-libsecret
%endif
# contrib/workdir
install -m 755 -D contrib/workdir/git-new-workdir %{buildroot}/%{_bindir}
# process tcsh completion
(cd contrib/completion
mkdir -p %{buildroot}%{_datadir}/tcsh
tcsh ./git-completion.tcsh
install -m 644 -D git.csh %{buildroot}%{_sysconfdir}/profile.d/git.csh
)
# zsh completion
install -m 644 -D contrib/completion/git-completion.zsh %{buildroot}%{_datadir}/zsh/site-functions/_git
#
# apparmor profile for git-web
#
install -d -m 755 %{buildroot}%{_sysconfdir}/apparmor.d
install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/apparmor.d
#
# create predictable symlinks to make apparmor profile work
for i in git git-upload-archive git-receive-pack; do
rm %{buildroot}%{_bindir}/$i
ln -s %{gitexecdir}/git %{buildroot}%{_bindir}/$i
done
if ! test -f %{buildroot}%{gitexecdir}/git-add; then
echo "git-add is not a regular file, apparmor profile won't work!" >&2
exit 1
fi
mkdir -p "%{buildroot}/%{_docdir}/git" "%{buildroot}/%{_docdir}/git/howto" "%{buildroot}/%{_docdir}/git/technical"
cp -a README.md Documentation/*.txt "%{buildroot}/%{_docdir}/git/"
cp -a Documentation/howto/*.txt "%{buildroot}/%{_docdir}/git/howto/"
cp -a Documentation/technical/*.txt "%{buildroot}/%{_docdir}/git/technical/"
%{!?_without_docs: cp -a Documentation/*.html "%{buildroot}/%{_docdir}/git/"}
%{!?_without_docs: cp -a Documentation/howto/*.html "%{buildroot}/%{_docdir}/git/howto/"}
%{!?_without_docs: cp -a Documentation/technical/*.html "%{buildroot}/%{_docdir}/git/technical/"}
install -d -m 755 %{buildroot}%{_datadir}/applications
install -m 644 %{SOURCE9} %{buildroot}%{_datadir}/applications
install -d -m 755 %{buildroot}%{_datadir}/pixmaps
install -m 644 %{SOURCE10} %{buildroot}%{_datadir}/pixmaps
%suse_update_desktop_file %{buildroot}%{_datadir}/applications/%{name}-gui.desktop
%if 0%{?suse_version} >= 1500
mkdir -p %{buildroot}%{_sysusersdir}
install -m 0644 %{SOURCE11} %{buildroot}%{_sysusersdir}/
%endif
%find_lang %{name}
cat %{name}.lang >>bin-man-doc-files
%if %{defined python3_fix_shebang_path}
# fix shebang for git-p4 (and possibly others)
%python3_fix_shebang_path %{buildroot}%{gitexecdir}/*
%endif
# use symlinks instead of hardlinks in sub-commands
%fdupes -s %{buildroot}
%check
# https://public-inbox.org/git/f1a5f758-d81f-5985-9b5d-2f0dbfaac071@opensuse.org/
%ifnarch s390x
./.make %{?_smp_mflags} test
%endif
%if 0%{?suse_version} >= 1500
%pre daemon -f git-daemon.pre
%else
%pre daemon
if ! %{_bindir}/getent passwd git-daemon >/dev/null; then
%{_sbindir}/useradd -r -d %{_localstatedir}/lib/empty -s /bin/false -c "git daemon" -g nogroup git-daemon
fi
%endif
%service_add_pre git-daemon.service
%post daemon
%{fillup_only -n git-daemon}
%service_add_post git-daemon.service
%preun daemon
%service_del_preun git-daemon.service
%postun daemon
%service_del_postun git-daemon.service
%files
%dir %{_docdir}/%{name}
%{_docdir}/%{name}/README.md
%files doc
%{_docdir}/%{name}/
%exclude %{_docdir}/%{name}/README.md
%files svn
%{gitexecdir}/*svn*
%{!?_without_docs: %{_mandir}/man1/*svn*.1*}
%files cvs
%{_bindir}/git-cvs*
%{gitexecdir}/*cvs*
%{!?_without_docs: %{_mandir}/man1/*cvs*.1*}
%if %{with git_libsecret}
%files credential-libsecret
%{gitexecdir}/git-credential-libsecret
%endif
%files arch
%{gitexecdir}/git-archimport
%{!?_without_docs: %{_mandir}/man1/git-archimport.1*}
%files p4
%{gitexecdir}/git-p4
%{gitexecdir}/mergetools/p4merge
%{!?_without_docs: %{_mandir}/man1/git-p4.1*}
%files email
%{gitexecdir}/*email*
%{!?_without_docs: %{_mandir}/man1/*email*.1*}
%files daemon
%{gitexecdir}/git-daemon
%{_unitdir}/git-daemon.service
%{_sbindir}/rcgit-daemon
%dir /srv/git
%{_fillupdir}/sysconfig.git-daemon
%{!?_without_docs: %{_mandir}/man1/git-daemon.1*}
%if 0%{?SuSEfirewall2}
%config %{_fwdefdir}/*
%endif
%if 0%{?suse_version} >= 1500
%{_sysusersdir}/git-daemon.conf
%endif
%files -n gitk
%{_bindir}/gitk
%{_datadir}/gitk
%{!?_without_docs: %{_mandir}/man1/*gitk*.1*}
%files gui
%{gitexecdir}/git-gui*
%{_datadir}/git-gui
%{!?_without_docs: %{_mandir}/man1/*gui*.1*}
%{_datadir}/applications/%{name}-gui.desktop
%{_datadir}/pixmaps/%{name}-gui.png
%files web
%doc README.gitweb INSTALL.gitweb
%dir %{_sysconfdir}/apache2
%dir %{_sysconfdir}/apache2/conf.d/
%config(noreplace) %{_sysconfdir}/apache2/conf.d/gitweb.conf
%{_datadir}/gitweb
%dir %{_sysconfdir}/apparmor.d
%config(noreplace) %{_sysconfdir}/apparmor.d/usr.share.git-web.gitweb.cgi
%{gitexecdir}//git-instaweb
%{gitexecdir}//git-web--browse
%{_mandir}/man1/*web*1%{?ext_man}
%{_mandir}/man5/*web*5%{?ext_man}
%files core -f bin-man-doc-files
%license COPYING
%{_datadir}/git-core/
%dir %{gitexecdir}
%dir %{gitexecdir}/mergetools
%{gitexecdir}/mergetools/guiffy
%{_bindir}/git-new-workdir
%{_datadir}/bash-completion/completions/*
%{_sysconfdir}/bash_completion.d/git-prompt
%{_datadir}/tcsh
%{_datadir}/zsh/site-functions/_git
%{_sysconfdir}/profile.d/*.csh
%files -n perl-Git
%license COPYING
%attr(-,root,root) %{perl_vendorlib}/Git
%attr(-,root,root) %{perl_vendorlib}/Git.pm
%changelog

View File

@ -0,0 +1,67 @@
From 37df7fd81c3dee990bd7723f18c94713a0d842b6 Mon Sep 17 00:00:00 2001
From: Michal Suchanek <msuchanek@suse.de>
Date: Fri, 15 Feb 2019 18:46:20 +0100
Subject: [PATCH] setup: don't fail if commondir reference is deleted.
Apparently it can happen that stat() claims there is a commondir file but when
trying to open the file it is missing.
Another even rarer issue is that the file might be zero size because another
process initializing a worktree opened the file but has not written is content
yet.
When any of this happnes git aborts failing to perform perfectly valid
command because unrelated worktree is not yet fully initialized.
Rather than testing if the file exists before reading it handle ENOENT
and ENOTDIR.
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
---
v2:
- do not test file existence first, just read it and handle ENOENT.
- handle zero size file correctly
v3:
- handle ENOTDIR as well
- add more details to commit message
---
setup.c | 16 +++++++++++-----
1 file changed, 11 insertions(+), 5 deletions(-)
Index: git-2.43.1/setup.c
===================================================================
--- git-2.43.1.orig/setup.c
+++ git-2.43.1/setup.c
@@ -316,12 +316,20 @@ int get_common_dir_noenv(struct strbuf *
{
struct strbuf data = STRBUF_INIT;
struct strbuf path = STRBUF_INIT;
- int ret = 0;
+ int ret;
strbuf_addf(&path, "%s/commondir", gitdir);
- if (file_exists(path.buf)) {
- if (strbuf_read_file(&data, path.buf, 0) <= 0)
+ ret = strbuf_read_file(&data, path.buf, 0);
+ if (ret <= 0) {
+ /*
+ * if file is missing or zero size (just being written)
+ * assume default, bail otherwise
+ */
+ if (ret && errno != ENOENT && errno != ENOTDIR)
die_errno(_("failed to read %s"), path.buf);
+ strbuf_addstr(sb, gitdir);
+ ret = 0;
+ } else {
while (data.len && (data.buf[data.len - 1] == '\n' ||
data.buf[data.len - 1] == '\r'))
data.len--;
@@ -332,8 +340,6 @@ int get_common_dir_noenv(struct strbuf *
strbuf_addbuf(&path, &data);
strbuf_add_real_path(sb, path.buf);
ret = 1;
- } else {
- strbuf_addstr(sb, gitdir);
}
strbuf_release(&data);

4
susefirewall-git-daemon Normal file
View File

@ -0,0 +1,4 @@
## Name: git-daemon
## Description: Open ports for git-daemon
TCP="git"

34
sysconfig.git-daemon Normal file
View File

@ -0,0 +1,34 @@
## Path: Network/git-daemon
## Description: git daemon configuration
## ServiceRestart: git-daemon
## Type: string
## Default:
#
# base path for exported directories
#
# defaults to "/srv/git" if not set
#
GIT_DAEMON_BASE_PATH=""
## Type: string
## Default:
#
# additional arguments for git-daemon. See manual page
GIT_DAEMON_ARGS=""
## Type: string
## Default:
#
# defaults to "git-daemon" if not set
#
# User to run git-daemon as.
GIT_DAEMON_USER=""
## Type: string
## Default:
#
# defaults to "git-daemon" if not set
#
# Group to run git-daemon as.
GIT_DAEMON_GROUP=""

View File

@ -0,0 +1,36 @@
#include <tunables/global>
profile gitweb.cgi /usr/share/gitweb/gitweb.cgi {
#include <abstractions/base>
#include <abstractions/bash>
#include <abstractions/nameservice>
#include <abstractions/perl>
#include <abstractions/private-files-strict>
/etc/gitconfig r,
/{usr/,}bin/bash rix,
/{usr/,}bin/tar rix,
/usr/bin/gzip rix,
/usr/bin/bzip2 rix,
/usr/bin/zip rix,
/dev/tty rw,
/etc/gitweb.conf r,
/etc/gitweb-common.conf r,
/etc/mime.types r,
/proc/loadavg r,
/proc/meminfo r,
/proc/sys/kernel/ngroups_max r,
/srv/git/ r,
/srv/git/** r,
/usr/bin/perl ix,
/usr/libexec/git/git rix,
/usr/bin/git-receive-pack rix,
/usr/share/gitweb/* r,
/usr/share/gitweb/static/* r,
owner /**/ r,
owner /**/.git/** r,
owner @{HOME}/.gitconfig r,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.share.git-web.gitweb.cgi>
}