From d72b3a1d5f30a2f55eaf97941131ae45debcdf3fda9a54456f686a286562374e Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Thu, 8 Jan 2009 17:10:09 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/git?expand=0&rev=23 --- asciidoc.diff | 8 ++-- git-1.6.0.2.tar.bz2 | 3 -- git-1.6.1.tar.bz2 | 3 ++ git-install-git-shell.diff | 11 ----- git-nohardlink.diff | 14 +++++++ git.changes | 23 +++++++++++ git.spec | 78 +++++++++++++++++++++++++++--------- usr.share.git-web.gitweb.cgi | 21 ++++++++++ 8 files changed, 122 insertions(+), 39 deletions(-) delete mode 100644 git-1.6.0.2.tar.bz2 create mode 100644 git-1.6.1.tar.bz2 delete mode 100644 git-install-git-shell.diff create mode 100644 git-nohardlink.diff create mode 100644 usr.share.git-web.gitweb.cgi diff --git a/asciidoc.diff b/asciidoc.diff index dd30ea1..c4997d6 100644 --- a/asciidoc.diff +++ b/asciidoc.diff @@ -1,8 +1,6 @@ -diff --git a/Documentation/asciidoc.conf b/Documentation/asciidoc.conf -index 40d43b7..9fe70b2 100644 --- a/Documentation/asciidoc.conf +++ b/Documentation/asciidoc.conf -@@ -24,7 +24,7 @@ ifdef::backend-docbook[] +@@ -24,7 +24,7 @@ endif::backend-docbook[] ifdef::backend-docbook[] @@ -11,12 +9,12 @@ index 40d43b7..9fe70b2 100644 # "unbreak" docbook-xsl v1.68 for manpages. v1.69 works with or without this. # v1.72 breaks with this because it replaces dots not in roff requests. [listingblock] -@@ -39,7 +39,7 @@ ifdef::doctype-manpage[] +@@ -39,7 +39,7 @@ endif::doctype-manpage[] {title#} -endif::docbook-xsl-172[] +endif::docbook-xsl-168[] - endif::backend-docbook[] + ifdef::docbook-xsl-172[] ifdef::doctype-manpage[] diff --git a/git-1.6.0.2.tar.bz2 b/git-1.6.0.2.tar.bz2 deleted file mode 100644 index dcdda99..0000000 --- a/git-1.6.0.2.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a332fbcb1c9cf8b1dc224135d5b14e99da4720fc8b082e595b4f20eaf640dad8 -size 1865485 diff --git a/git-1.6.1.tar.bz2 b/git-1.6.1.tar.bz2 new file mode 100644 index 0000000..9ece578 --- /dev/null +++ b/git-1.6.1.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:09d64bd88f6f432ddcb0f051a3ead2579f895a7f0dece702bc933ba21a434fe4 +size 1971286 diff --git a/git-install-git-shell.diff b/git-install-git-shell.diff deleted file mode 100644 index 36c5024..0000000 --- a/git-install-git-shell.diff +++ /dev/null @@ -1,11 +0,0 @@ ---- Makefile-dist 2008-11-19 08:53:05.000000000 +0100 -+++ Makefile 2008-11-19 08:53:50.000000000 +0100 -@@ -1355,7 +1355,7 @@ - $(INSTALL) -d -m 755 '$(DESTDIR_SQ)$(bindir_SQ)' - $(INSTALL) -d -m 755 '$(DESTDIR_SQ)$(gitexec_instdir_SQ)' - $(INSTALL) $(ALL_PROGRAMS) '$(DESTDIR_SQ)$(gitexec_instdir_SQ)' -- $(INSTALL) git$X git-upload-pack$X git-receive-pack$X git-upload-archive$X '$(DESTDIR_SQ)$(bindir_SQ)' -+ $(INSTALL) git$X git-upload-pack$X git-receive-pack$X git-upload-archive$X git-shell$X git-cvsserver '$(DESTDIR_SQ)$(bindir_SQ)' - $(MAKE) -C templates DESTDIR='$(DESTDIR_SQ)' install - $(MAKE) -C perl prefix='$(prefix_SQ)' DESTDIR='$(DESTDIR_SQ)' install - ifndef NO_TCLTK diff --git a/git-nohardlink.diff b/git-nohardlink.diff new file mode 100644 index 0000000..e6bdfe1 --- /dev/null +++ b/git-nohardlink.diff @@ -0,0 +1,14 @@ +don't use hardlinks as our .spec calls fdupes which converts the +hardlinks to symlinks again in an unpredicatable way +Index: git-1.6.0.2/Makefile +=================================================================== +--- git-1.6.0.2.orig/Makefile ++++ git-1.6.0.2/Makefile +@@ -1371,7 +1371,6 @@ endif + ln git-add$X "$$execdir/git-add$X" 2>/dev/null || \ + cp git-add$X "$$execdir/git-add$X"; } && \ + { $(foreach p,$(filter-out git-add$X,$(BUILT_INS)), $(RM) "$$execdir/$p" && \ +- ln "$$execdir/git-add$X" "$$execdir/$p" 2>/dev/null || \ + ln -s "git-add$X" "$$execdir/$p" 2>/dev/null || \ + cp "$$execdir/git-add$X" "$$execdir/$p" || exit;) } && \ + ./check_bindir "z$$bindir" "z$$execdir" "$$bindir/git-add$X" diff --git a/git.changes b/git.changes index 36e7721..be85c01 100644 --- a/git.changes +++ b/git.changes @@ -1,3 +1,26 @@ +------------------------------------------------------------------- +Thu Jan 8 15:55:42 CET 2009 - tiwai@suse.de + +- updated to 1.6.1: + * handle properly the exit code when pager is used + * various git-gui updates including translations + * gitweb updates + * many other improvements / fixes. See release notes + http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.6.1.txt + +------------------------------------------------------------------- +Fri Dec 19 14:04:40 CET 2008 - lnussel@suse.de + +- add apparmor profile for git-web +- don't use %jobs for generating docu +- change gitexecdir to /usr/lib instead of %_libdir + +------------------------------------------------------------------- +Wed Dec 17 09:35:17 CET 2008 - tiwai@suse.de + +- Fix VUL-0 Possible gitweb vulnerability: calling "git diff" + [bnc#459664] + ------------------------------------------------------------------- Wed Nov 19 08:54:41 CET 2008 - tiwai@suse.de diff --git a/git.spec b/git.spec index 430bbd2..13b663f 100644 --- a/git.spec +++ b/git.spec @@ -1,7 +1,7 @@ # -# spec file for package git (Version 1.6.0.2) +# spec file for package git (Version 1.6.1) # -# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,6 +16,7 @@ # +%define gitexecdir %{_exec_prefix}/lib/git Name: git %if 0%{?suse_version} < 1030 @@ -35,8 +36,8 @@ BuildRequires: libopenssl-devel %endif BuildRequires: sgml-skel BuildRequires: xmlto -Version: 1.6.0.2 -Release: 6 +Version: 1.6.1 +Release: 1 Summary: Fast, scalable, distributed revision control system License: GPL v2 or later Group: Development/Tools/Version Control @@ -46,8 +47,9 @@ Source1: apache2-gitweb.conf Source2: sysconfig.git-daemon Source3: git-daemon.init Source4: git.xinetd +Source5: usr.share.git-web.gitweb.cgi Patch: asciidoc.diff -Patch1: git-install-git-shell.diff +Patch3: git-nohardlink.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build Requires: git-core = %{version} Recommends: git-svn git-cvs git-arch git-email gitk git-gui git-web @@ -243,23 +245,28 @@ Authors: %prep %setup -q %patch -p1 -%patch1 +%patch3 -p1 %build +cat > .make <<'EOF' +#!/bin/bash make %{_smp_mflags} CFLAGS="$RPM_OPT_FLAGS" \ GITWEB_CONFIG="/etc/gitweb.conf" \ GITWEB_PROJECTROOT="/srv/git" \ WITH_OWN_SUBPROCESS_PY=YesPlease NO_EXPAT=1 \ + DESTDIR=$RPM_BUILD_ROOT \ V=1 \ prefix=%{_prefix} mandir=%{_mandir} \ - gitexecdir=%{_libdir}/git \ - all %{!?_without_docs: doc} %{?jobs:-j %jobs} + gitexecdir=%{gitexecdir} \ + "$@" +EOF +# +chmod 755 .make +./.make all %{?jobs:-j %jobs} +%{!?_without_docs: ./.make doc} %install -make %{_smp_mflags} CFLAGS="$RPM_OPT_FLAGS" DESTDIR=$RPM_BUILD_ROOT WITH_OWN_SUBPROCESS_PY=YesPlease NO_EXPAT=1 \ - prefix=%{_prefix} mandir=%{_mandir} \ - gitexecdir=%{_libdir}/git \ - install %{!?_without_docs: install-doc} +./.make install %{!?_without_docs: install-doc} ### git-web cp gitweb/INSTALL INSTALL.gitweb cp gitweb/README README.gitweb @@ -282,7 +289,7 @@ install -d -m 755 $RPM_BUILD_ROOT/etc/xinetd.d install -m 644 %{S:4} $RPM_BUILD_ROOT/etc/xinetd.d/git ### (find $RPM_BUILD_ROOT%{_bindir} -type f | grep -vE "archimport|svn|cvs|email|gitk|daemon|gui" | sed -e s@^$RPM_BUILD_ROOT@@) > bin-man-doc-files -(find $RPM_BUILD_ROOT%{_libdir}/git -type f | grep -vE "archimport|svn|cvs|email|gitk|daemon|gui" | sed -e s@^$RPM_BUILD_ROOT@@) >> bin-man-doc-files +(find $RPM_BUILD_ROOT%{gitexecdir} -mindepth 1 | grep -vE "archimport|svn|cvs|email|gitk|daemon|gui" | sed -e s@^$RPM_BUILD_ROOT@@) >> bin-man-doc-files (find $RPM_BUILD_ROOT%{_mandir} $RPM_BUILD_ROOT/Documentation -type f | grep -vE "archimport|svn|git-cvs|email|gitk|daemon|gui" | sed -e s@^$RPM_BUILD_ROOT@@ -e 's/$/*/' ) >> bin-man-doc-files ( pushd perl perl Makefile.PL @@ -292,7 +299,22 @@ rm -rf ${RPM_BUILD_ROOT}/usr/lib/perl5/site_perl %perl_process_packlist find $RPM_BUILD_ROOT/%_mandir -type f -print0 | xargs -0 chmod 644 install -m 644 -D contrib/completion/git-completion.bash $RPM_BUILD_ROOT/etc/bash_completion.d/git.sh +# +# apparmor profile for git-web +# +install -d -m 755 $RPM_BUILD_ROOT/etc/apparmor.d +install -m 644 %{SOURCE5} $RPM_BUILD_ROOT/etc/apparmor.d +# %if %{dist_has_fdupes} +# create predictable symlinks to make apparmor profile work +for i in git git-upload-archive; do + rm $RPM_BUILD_ROOT%{_bindir}/$i + ln -s %{gitexecdir}/git-add $RPM_BUILD_ROOT%{_bindir}/$i +done +if ! test -f $RPM_BUILD_ROOT%{gitexecdir}/git-add; then + echo "git-add is not a regular file, apparmor profile won't work!" >&2 + exit 1 +fi # use symlinks instead of hardlinks in sub-commands %fdupes -s $RPM_BUILD_ROOT %endif @@ -320,7 +342,7 @@ fi %files svn %defattr(-,root,root) -%{_libdir}/git/*svn* +%{gitexecdir}/*svn* %doc Documentation/*svn*.txt %{!?_without_docs: %{_mandir}/man1/*svn*.1*} %{!?_without_docs: %doc Documentation/*svn*.html } @@ -329,28 +351,28 @@ fi %defattr(-,root,root) %doc Documentation/*git-cvs*.txt %{_bindir}/git-cvs* -%{_libdir}/git/*cvs* +%{gitexecdir}/*cvs* %{!?_without_docs: %{_mandir}/man1/*cvs*.1*} %{!?_without_docs: %doc Documentation/*git-cvs*.html } %files arch %defattr(-,root,root) %doc Documentation/git-archimport.txt -%{_libdir}/git/git-archimport +%{gitexecdir}/git-archimport %{!?_without_docs: %{_mandir}/man1/git-archimport.1*} %{!?_without_docs: %doc Documentation/git-archimport.html } %files email %defattr(-,root,root) %doc Documentation/*email*.txt -%{_libdir}/git/*email* +%{gitexecdir}/*email* %{!?_without_docs: %{_mandir}/man1/*email*.1*} %{!?_without_docs: %doc Documentation/*email*.html } %files daemon %defattr(-,root,root) %doc Documentation/*daemon*.txt -%{_libdir}/git/*daemon* +%{gitexecdir}/*daemon* /etc/init.d/git-daemon %{_sbindir}/rcgit-daemon %dir /srv/git @@ -370,7 +392,7 @@ fi %files gui %defattr(-,root,root) %doc Documentation/*gui*.txt -%{_libdir}/git/git-gui +%{gitexecdir}/git-gui* /usr/share/git-gui %{!?_without_docs: %{_mandir}/man1/*gui*.1*} %{!?_without_docs: %doc Documentation/*gui*.html } @@ -382,11 +404,13 @@ fi %dir /etc/apache2/conf.d %config(noreplace) /etc/apache2/conf.d/gitweb.conf /usr/share/git-web +/etc/apparmor.d %files core -f bin-man-doc-files %defattr(-,root,root) +%{_bindir}/git %{_datadir}/git-core/ -%dir %{_libdir}/git +%dir %{gitexecdir} %doc README COPYING Documentation/*.txt %{!?_without_docs: %doc Documentation/*.html } /var/adm/perl-modules/%{name} @@ -396,6 +420,20 @@ fi /etc/bash_completion.d/git.sh %changelog +* Thu Jan 08 2009 tiwai@suse.de +- updated to 1.6.1: + * handle properly the exit code when pager is used + * various git-gui updates including translations + * gitweb updates + * many other improvements / fixes. See release notes + http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.6.1.txt +* Fri Dec 19 2008 lnussel@suse.de +- add apparmor profile for git-web +- don't use %%jobs for generating docu +- change gitexecdir to /usr/lib instead of %%_libdir +* Wed Dec 17 2008 tiwai@suse.de +- Fix VUL-0 Possible gitweb vulnerability: calling "git diff" + [bnc#459664] * Wed Nov 19 2008 tiwai@suse.de - install git-shell and git-cvsserver as in the upstream (bnc#446049) diff --git a/usr.share.git-web.gitweb.cgi b/usr.share.git-web.gitweb.cgi new file mode 100644 index 0000000..b538786 --- /dev/null +++ b/usr.share.git-web.gitweb.cgi @@ -0,0 +1,21 @@ +# Last Modified: Fri Dec 19 11:03:49 2008 +#include + +/usr/share/git-web/gitweb.cgi { + #include + #include + #include + #include + + /bin/bash rix, + /dev/tty rw, + /etc/gitweb.conf r, + /etc/mime.types r, + /proc/meminfo r, + /proc/sys/kernel/ngroups_max r, + /srv/git/ r, + /srv/git/** r, + /usr/bin/perl ix, + /usr/lib/git/git-add rix, + /usr/share/git-web/* r, +}