Accepting request 306419 from devel:tools:scm

1 OBS-URL: https://build.opensuse.org/request/show/306419 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cgit?expand=0&rev=21
2015-05-15 05:43:17 +00:00 · 2015-05-15 05:43:17 +00:00 · 27785cfd39
commit 27785cfd39
parent 1153469759 ed042c7bcd
13 changed files with 228 additions and 254 deletions
--- a/cgit-0.11.2.tar.xz
+++ b/cgit-0.11.2.tar.xz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:2e126e770693d7296c7eb5eb83b809410aef29870bfe8f54da072a3f4d813e3b
 size 93556
--- a/cgit-0.9.1.tar.xz
+++ b/cgit-0.9.1.tar.xz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:e2d7de92cfcd5d61a7dacee2f603784843903081675f3c74e4845df9185930a0
 size 66472
--- a/cgit-CVE-2013-2117-disallow-directory-traversal.patch
+++ b/cgit-CVE-2013-2117-disallow-directory-traversal.patch
@ -1,58 +0,0 @@
 From babf94e04e74123eb658a823213c062663cdadd6 Mon Sep 17 00:00:00 2001
 From: Jason A. Donenfeld <Jason@zx2c4.com>
 Date: Sat, 25 May 2013 17:47:15 +0000
 Subject: ui-summary: Disallow directory traversal
 Using the url= query string, it was possible request arbitrary files
 from the filesystem if the readme for a given page was set to a
 filesystem file. The following request would return my /etc/passwd file:
 http://git.zx2c4.com/?url=/somerepo/about/../../../../etc/passwd
 http://data.zx2c4.com/cgit-directory-traversal.png
 This fix uses realpath(3) to canonicalize all paths, and then compares
 the base components.
 This fix introduces a subtle timing attack, whereby a client can check
 whether or not strstr is called using timing measurements in order
 to determine if a given file exists on the filesystem.
 This fix also does not account for filesystem race conditions (TOCTOU)
 in resolving symlinks.
 Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 ---
 ---
 ui-summary.c |   13 +++++++++++++
 1 file changed, 13 insertions(+)
 --- a/ui-summary.c
 +++ b/ui-summary.c
@@ -96,6 +96,7 @@ void cgit_print_repo_readme(char *path)
 	 * to the directory containing the configured readme.
 	 */
 	if (path) {
 +		char *resolved_base, *resolved_full;
 		slash = strrchr(ctx.repo->readme, '/');
 		if (!slash) {
 			if (!colon)
@@ -104,7 +105,19 @@ void cgit_print_repo_readme(char *path)
 		}
 		tmp = xmalloc(slash - ctx.repo->readme + 1 + strlen(path) + 1);
 		strncpy(tmp, ctx.repo->readme, slash - ctx.repo->readme + 1);
 +		if (!ref)
 +			resolved_base = realpath(tmp, NULL);
 		strcpy(tmp + (slash - ctx.repo->readme + 1), path);
 +		if (!ref) {
 +			resolved_full = realpath(tmp, NULL);
 +			if (!resolved_base || !resolved_full ||
 +			    strstr(resolved_full, resolved_base) != resolved_full) {
 +				free(tmp);
 +				return;
 +			}
 +			free(resolved_base);
 +			free(resolved_full);
 +		}
 	} else
 		tmp = ctx.repo->readme;
--- a/cgit-fix-more-read_tree_recursive-invocations.diff
+++ b/cgit-fix-more-read_tree_recursive-invocations.diff
@ -1,54 +0,0 @@
 --- ui-blob.c
 +++ ui-blob.c
@@ -37,11 +37,14 @@ int cgit_print_file(char *path, const char *head)
 		return -1;
 	type = sha1_object_info(sha1, &size);
 	if(type == OBJ_COMMIT && path) {
 +		struct pathspec pathspec;
 		commit = lookup_commit_reference(sha1);
 		match_path = path;
 		matched_sha1 = sha1;
 		found_path = 0;
 -		read_tree_recursive(commit->tree, "", 0, 0, paths, walk_tree, NULL);
 +		init_pathspec(&pathspec, paths);
 +		read_tree_recursive(commit->tree, "", 0, 0, &pathspec, walk_tree, NULL);
 +		free_pathspec(&pathspec);
 		if (!found_path)
 			return -1;
 		type = sha1_object_info(sha1, &size);
@@ -80,10 +83,13 @@ void cgit_print_blob(const char *hex, char *path, const char *head)
 	type = sha1_object_info(sha1, &size);
 	if((!hex) && type == OBJ_COMMIT && path) {
 +		struct pathspec pathspec;
 		commit = lookup_commit_reference(sha1);
 		match_path = path;
 		matched_sha1 = sha1;
 -		read_tree_recursive(commit->tree, "", 0, 0, paths, walk_tree, NULL);
 +		init_pathspec(&pathspec, paths);
 +		read_tree_recursive(commit->tree, "", 0, 0, &pathspec, walk_tree, NULL);
 +		free_pathspec(&pathspec);
 		type = sha1_object_info(sha1,&size);
 	}
 --- ui-plain.c
 +++ ui-plain.c
@@ -145,6 +145,7 @@ void cgit_print_plain(struct cgit_context *ctx)
 	unsigned char sha1[20];
 	struct commit *commit;
 	const char *paths[] = {ctx->qry.path, NULL};
 +	struct pathspec pathspec;
 	if (!rev)
 		rev = ctx->qry.head;
@@ -165,7 +166,9 @@ void cgit_print_plain(struct cgit_context *ctx)
 	}
 	else
 		match_baselen = basedir_len(paths[0]);
 -	read_tree_recursive(commit->tree, "", 0, 0, paths, walk_tree, NULL);
 +	init_pathspec(&pathspec, paths);
 +	read_tree_recursive(commit->tree, "", 0, 0, &pathspec, walk_tree, NULL);
 +	free_pathspec(&pathspec);
 	if (!match)
 		html_status(404, "Not found", 0);
 	else if (match == 2)
--- a/cgit-fix-print-tree.diff
+++ b/cgit-fix-print-tree.diff
@ -1,20 +0,0 @@
 --- ui-tree.c	2011-11-17 18:00:20.036822908 +0100
 +++ ui-tree.c	2011-11-17 18:01:22.396236999 +0100
@@ -262,6 +262,7 @@
 	unsigned char sha1[20];
 	struct commit *commit;
 	const char *paths[] = {path, NULL};
 +	struct pathspec pathspec;
 	if (!rev)
 		rev = ctx.qry.head;
@@ -283,6 +284,8 @@
 	}
 	match_path = path;
 -	read_tree_recursive(commit->tree, "", 0, 0, paths, walk_tree, NULL);
 +	init_pathspec(&pathspec, paths);
 +	read_tree_recursive(commit->tree, "", 0, 0, &pathspec, walk_tree, NULL);
 +	free_pathspec(&pathspec);
 	ls_tail();
 }
--- a/cgit-git-1.7.6_build_fix.patch
+++ b/cgit-git-1.7.6_build_fix.patch
@ -1,71 +0,0 @@
 ---
 shared.c   |   11 ++++++-----
 ui-stats.c |    2 +-
 2 files changed, 7 insertions(+), 6 deletions(-)
 Index: cgit-0.9.0.2/shared.c
 ===================================================================
 --- cgit-0.9.0.2.orig/shared.c	2011-07-21 16:24:10.000000000 +0200
 +++ cgit-0.9.0.2/shared.c	2011-08-04 01:20:42.695017536 +0200
@@ -303,7 +303,7 @@ void cgit_diff_tree(const unsigned char
 		    filepair_fn fn, const char *prefix, int ignorews)
 {
 	struct diff_options opt;
 -	int prefixlen;
 +	struct pathspec_item pitem;
 	diff_setup(&opt);
 	opt.output_format = DIFF_FORMAT_CALLBACK;
@@ -315,10 +315,11 @@ void cgit_diff_tree(const unsigned char
 	opt.format_callback = cgit_diff_tree_cb;
 	opt.format_callback_data = fn;
 	if (prefix) {
 -		opt.nr_paths = 1;
 -		opt.paths = &prefix;
 -		prefixlen = strlen(prefix);
 -		opt.pathlens = &prefixlen;
 +		opt.pathspec.nr = 1;
 +		opt.pathspec.raw = &prefix;
 +		pitem.match = prefix;
 +		pitem.len = strlen(prefix);
 +		opt.pathspec.items = &pitem;
 	}
 	diff_setup_done(&opt);
 Index: cgit-0.9.0.2/ui-stats.c
 ===================================================================
 --- cgit-0.9.0.2.orig/ui-stats.c	2011-07-21 16:24:10.000000000 +0200
 +++ cgit-0.9.0.2/ui-stats.c	2011-08-04 01:20:42.695017536 +0200
@@ -239,7 +239,7 @@ struct string_list collect_stats(struct
 	init_revisions(&rev, NULL);
 	rev.abbrev = DEFAULT_ABBREV;
 	rev.commit_format = CMIT_FMT_DEFAULT;
 -	rev.no_merges = 1;
 +	rev.max_parents = 1;
 	rev.verbose_header = 1;
 	rev.show_root_diff = 0;
 	setup_revisions(argc, argv, &rev, NULL);
 Index: cgit-0.9.0.2/ui-tree.c
 ===================================================================
 --- cgit-0.9.0.2.orig/ui-tree.c	2011-07-21 16:24:10.000000000 +0200
 +++ cgit-0.9.0.2/ui-tree.c	2011-08-04 01:20:58.632061214 +0200
@@ -206,6 +206,8 @@ static void ls_tail()
 static void ls_tree(const unsigned char *sha1, char *path)
 {
 +	const char *paths[] = { path, NULL };
 +	struct pathspec pathspec;
 	struct tree *tree;
 	tree = parse_tree_indirect(sha1);
@@ -216,7 +218,9 @@ static void ls_tree(const unsigned char
 	}
 	ls_head();
 -	read_tree_recursive(tree, "", 0, 1, NULL, ls_item, NULL);
 +	init_pathspec(&pathspec, paths);
 +	read_tree_recursive(tree, "", 0, 1, &pathspec, ls_item, NULL);
 +	free_pathspec(&pathspec);
 	ls_tail();
 }
--- a/cgit-optflags.diff
+++ b/cgit-optflags.diff
@ -1,14 +1,16 @@
 ---
- Makefile |    1 +
+ cgit.mk |    1 +
 1 file changed, 1 insertion(+)
--- a/Makefile
+Index: cgit-0.11.2/cgit.mk
-+++ b/Makefile
+===================================================================
-@@ -134,6 +134,7 @@
+--- cgit-0.11.2.orig/cgit.mk
 +++ cgit-0.11.2/cgit.mk
@@ -17,6 +17,7 @@ $(CGIT_PREFIX)VERSION: force-version
- 
+ # CGIT_CFLAGS is a separate variable so that we can track it separately
- CFLAGS += -g -Wall -Igit
+ # and avoid rebuilding all of Git when these variables change.
-+CFLAGS += $(RPM_OPT_FLAGS)
+CGIT_CFLAGS += $(RPM_OPT_FLAGS)
- CFLAGS += -DSHA1_HEADER='$(SHA1_HEADER)'
+ CGIT_CFLAGS += -DCGIT_CONFIG='"$(CGIT_CONFIG)"'
- CFLAGS += -DCGIT_VERSION='"$(CGIT_VERSION)"'
+ CGIT_CFLAGS += -DCGIT_SCRIPT_NAME='"$(CGIT_SCRIPT_NAME)"'
- CFLAGS += -DCGIT_CONFIG='"$(CGIT_CONFIG)"'
+ CGIT_CFLAGS += -DCGIT_CACHE_ROOT='"$(CACHE_ROOT)"'
--- a/cgit.changes
+++ b/cgit.changes
@ -1,3 +1,30 @@
 -------------------------------------------------------------------
 Mon May  4 08:56:39 UTC 2015 - jengelh@inai.de
 - Update to new upstream release 0.11.2
 * addition of a Lua scripting engine
 * fine-grained authentication support through the new Lua
  scripting system
 * support for the "rawdiff" command was added
 * sendfile() is now used when available (Linux systems) instead
  of a loop of read() and write(). This should significantly
  increase performance for high volume sites which make heavy use
  of the caching feature, as it saves copies to and from
  user-space.
 * Caching granularity is now improved with the introduction of
  the cache-snapshot-ttl option, which allows configuration of
  the ttl for tarball and zip snapshots of repositories.
 * When filtering in the index, make the sorting links point to
  the same filtered page of results
 * Take into account leading slashes when comptuing links
 - Avoid double %setup (messes with quilt). Simplify filelist.
  %doc for man is implicit.
 - Drop cgit-git-1.7.6_build_fix.patch,
  cgit-fix-print-tree.diff,
  cgit-fix-more-read_tree_recursive-invocations.diff,
  cgit-CVE-2013-2117-disallow-directory-traversal.patch
 - Add signature for the git core tarball.
 -------------------------------------------------------------------
 Mon Nov 24 13:10:34 UTC 2014 - guillaume@opensuse.org
--- a/cgit.keyring
+++ b/cgit.keyring
@ -0,0 +1,152 @@
 pub   4096R/713660A7 2011-10-01
 uid       [ unknown] Junio C Hamano <gitster@pobox.com>
 uid       [ unknown] Junio C Hamano <jch@google.com>
 uid       [ unknown] Junio C Hamano <junio@pobox.com>
 sub   4096R/833262C4 2011-10-01
 sub   4096R/96AFE6CB 2011-10-03 [expires: 2015-09-21]
 sub   4096R/B3F7CAC9 2014-09-20 [expires: 2017-09-19]
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 Version: GnuPG v2
 mQINBE6GdewBEADE3szNmKeUAUad22z1tWkLjLzyDcJpF7IzEnLs8bD1y0I6iqH0
 169ru5iXKn29wc+YAuxWorb4P5a2i2B/vs32hJy/rXE7dpvsAqlHLSGSDUJXiFzM
 Bb9SfJO0EY2r+vqzeQgSUmhp/b4dAXVnMATFM37V83H/mq8REl5Wwb2rxP3pcv6W
 F6i51+tPEWIUgo1N74QkR4wdLcPztDO9v7ZIaFKl+2GEGkx6Z+YjECTqQuyushjq
 41K3UVmv+AmLhJYKA78HY5KqCkXrz8rCgoi+Ih+ZT2sgjx637yT84Dr/QDh7BkIB
 blmpRQ+yoJlVDWI5/bI8rcdrPz+NmxaJ7dKEBg0qTclbwquacpwG1DCCD8NgQrwL
 WVLGVdsT2qwek+KkmOs+iNBXY1TgKPAeuv0ZDKKYrCwYpN1K90oXk431g79bKsH5
 8Tybg5uW+e2i+H5gnDeyl481HOt8aHOPu9qIB/zIek6lDH69q3nGcf7k3prxDf3I
 qYy6CPcpjTfpN4i/7gxQDNI+AIgbs21EE5Kg1TPUe0XgfdJMtIF+D6wTjbrLtDnn
 09Iwz0SfIZR52IrZHxUlFXZFjk10RXYATtdMqEFgYgjYvYXxL9EEr7T5Dgso+qaE
 wV0rrg0VDKrf/afrjGOeffumlhBhJnBnns1T+p65Vz5hyQl7SFKLw+Ix7wARAQAB
 tB9KdW5pbyBDIEhhbWFubyA8amNoQGdvb2dsZS5jb20+iQI4BBMBAgAiBQJOhnjV
 AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAg0E5acTZgp4SyD/9slQ1I
 kYqz+VXPnmHCQFhurYcHD8t1iGBqiXxI+gpA1Y3L1QL+aj0fplW4KuEPbJ7xlYdL
 A4J+M9kgkwt3Jufw+lM1pQM9tSB627rAbxUyczj4AFjZ9v8GpqyZ3XPDe8NknI/V
 4Xlhsr+e3AHJPr355XacMkFGc3Rtw1quFVgrECttdzUD6xtrhwYYVAYAnKr65943
 UtMLsVXkJLfjq8c1NZOCov9SwSb0N9IkEhSyihd/92Z2NH4d+B1QTIyWagL3GNN8
 LXXEHK+x+oA/nbhGbFg7bqhxUW4d2JaxKPy4U3nfdtSmMbiy16eUfMbbMyvB0jtL
 f6UFrxF5bJnYkiG18DcLSaX7Hsby8IVzZQZHYvkx5+7pK2SBsdek3bu3punP3dWL
 JoMw+Vmm5Bk0Yl7pxzvsYQWhPV7+tpgglUSFQuIeXFrwjVXP8Q+Ph9nO0vKIaeTc
 n1ISuq2XaoqhkLH+Zw1I/ruRtk2DJbZsg5BBGfA26BkZWJXlO6h33emPwkJ0Fanl
 zRtMTqZ/4RiTXv5G1L/lypX1iq6fF2V+WTh2JmEKyY+2l0/19XRANfaDiYULoBvJ
 EdCcIXLbaRTqjem+70ZGvAiCaGO52YvUhBo+XCgjucjcqhxiF3wc24kzj1Zycrwb
 Da7VjftZAApN01CJ38mXGpZXiWZU4hjJx41wCbQgSnVuaW8gQyBIYW1hbm8gPGp1
 bmlvQHBvYm94LmNvbT6JAjgEEwECACIFAk6GeL4CGwMGCwkIBwMCBhUIAgkKCwQW
 AgMBAh4BAheAAAoJECDQTlpxNmCn6GMQAJ0V0jmyQ7Lvi5FBBgNTdY8qfVbLFxEU
 VAsKf2x9QxhsOcL2heQRVkp10JKv4/VQLfDwr6Pv98FQchXlBmFiySAbVihUVC+V
 J3FhyKBtI14RXT6Nkwd18PXDvWXy2fKeiK9GPDWkufac0h/giz0T1xP7CHxDErQA
 TMmYbkinyyM+xd1Nir6DUYcHJQIK2Dg2VPChkI0XXCQETLDbrC9fDwWg1vP36PQZ
 +nw/cIRt+2xkq8HHUzB7kOnXHqPt1kb/Ry8hZwPnfV7g/V0MogoMLtz233pqwugu
 LXP7zY3jTwAZZ9VTpuCTsdVWXJDlznMNurYi1yurCNuUvq/O/9JC8WBtdVUuvFZG
 jRZWfP24W57iq/qz8CV6dThq5r4WygE83tMC3DaarNJ4f9dQUA4KpL7j2EMXkgoX
 cEy1mieUCypdNiZj96hV8Q7apSLk2V4jtvLkJfzX053glqRJI35SX8OkSazZGYZH
 X6QfZlvznnrCF5x/xBzhbfr2Geo4rxL0BQsp2DQodqUCB23QzsPhWWffYtkATaD5
 vovGeQ9Acd1u72jH3DO8tVMH85jMO4f+oc0h3lnkPS4F33QqlnErRo/IRm6jCsI/
 NgMZUYdh0EY5Iiq/e8e+u8gdo0akkwHlNvR4KrYrK/1K4h+i+UBIbJDZpqT/iH+y
 hJRQ3CAan8KStCJKdW5pbyBDIEhhbWFubyA8Z2l0c3RlckBwb2JveC5jb20+iQI7
 BBMBAgAlAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUCToZ45QIZAQAKCRAg
 0E5acTZgp1TFEACr+QRpfDmbGnUY1Rqy50Ap1eG0061vAapCMLmU+4kxqIRKm5/0
 0YGmb7VxRCLDpKNa0hkH+ftA4QmnPU4j4UEsh/vAa2BGCXRjB9RixTokvQf9iOXU
 GiHYv1kn+p3lxg66bLnKV3dWScjV2IueDP4ypLEZHlWD9I/Unmrg2mJEAcz4gSAf
 BHWLOf/+JYAq6j6erIxPS5ZtIz/twQf6MCoXXAXuM6tgUhdptJqG82WzSZMuWOfz
 mS6DSTuqK05h9gpwdj5nz4jdh4u5sp+LKOqFw94JIRcE+wj5cljOOlX3Fqi84ADC
 8b/OzC3V9KGarNnBzWdnkIoNxbNBNF6wD1dgn1peueufaP9q5CO9ljKNSOGUClwv
 tJFrpZZL5PheNNFFkPSZpkmStcB6s8RHsyz5zuqxQUOWuvLVUDRW58yZR0WC1Xc/
 yi+cEFSUiKI5OqPNwC1v0xh7a/MObJQxTQCEKHLyVYlnohsf2RxzxaOOjgWmY2O+
 yH5G5ymfBie/Uw7zcSsJ89ovLAEG/10tkJVqIfza5Wexj3VAZbI+i7vx2gtlLqM2
 3gGykqcv7VWmFD5lFWGC4Sw8M7Jikm8vn99dxZnsBKjMqksjENUX1JeUZI+FHg2C
 NSVBX0J8yLnmd8eJBkYXkU79J3GVex/WTzbFnSkPmw16MtAu/E9EKNbAILkCDQRO
 hnXsARAA8ZueozuaZ1UR9dwbBt/KNag/ZiaaV4X9Jm+nQTkT9W92CTWpJ0LcVT10
 pVzQGDUrWLPW1sJ/ka2JjhH8tDFnpKjgaoBwxH+dJLWWs4RXfPXbefCAPliBaOwR
 ZNVyK+FEnUhEHi+z2+KEoOQGJ/AtzpU+0958VgYfWhG2rRH4lDBSopC1VS3WxC+x
 QcxJMqR30ArJQ5avoIAAFQc6qzCAZ/4nbaPO1Kxdsf6ndj9jyZfaVH++OKS/cs1/
 nDW0JXdGH+oEFvf69FFFvwglOKqTw78nMhiMd2Oz1fzIwJa3uKib+JIaEhWrAAIw
 188lCGIcO8jJmgBP5RDlTezOq3mA74WgwnFnxJ/LIx9N/1mvdr1ce26DMeUQBIfG
 BNimRxGZADg5VuKZwysmh9/JY/KWtHYe+0VwA+l9VzxsIs6Zo36wQTxr1DRrHSKS
 WmOChGmdPr924b31NA1geHZiQd2j8QughbVQNEARnG8Neo1HgPti1CYFjLPOp6R2
 j8w/fSeEPkpsPZmT38k+TucspmFzsCKedGlI5BgkHB7be44rDZFOdmxQ9iXECa/K
 OuySHKhTXYTwJ8QvgTdEA7Qsl0/sMQtVL4fRP/69yTxEA0RHxFG95ft0mq89Sgpt
 y1IcdVxPNmenPerR6KVH4josG7cb/vFMqV09p7Sn6a89VHTG+Y8AEQEAAYkCHwQY
 AQIACQUCToZ17AIbDAAKCRAg0E5acTZgpxSmD/4+nZhEFmZYlhPJXvUM4dVqk2x3
 eXpWhibltChkPoPaJFgZIfrC5T8cU5Nn9G+/T3Oytzj8u/PTnCLK2xw94w6e00vS
 FaV+5FWZ757bOaFd13CuavOFwxEKmulCJX4mZGSQsyF/DZEgG79FJpiiiykvgDSB
 CGQSga1saWMLxtsAaFj5KTb+ZnRLkfYd6WdWgkmUV8rDJVl6OXDGLmVIWm6zqkzT
 +XnxJvIgURB8zUqLbIjoR7ruziD5r2SU1IzK0dcGTAsPmLjTtpE97fmRU8Qsdmnk
 c6pyOeS2BUFQaYErGqf7HqkWX4+4+0gW9m0mwroTXnWwMG95A1knyRsvyDerz3bH
 NzXbGBSvl/HJ8qQruKWQytiFPgpFa6v7pEfEzXa6QGHxGF2y6tFxTk9LOIyHI393
 QLZRlt+oQNACj8NQS93MhBn79rKu+YJMNf4yGDFxnPFEScuQH4BCyKztXSIzLJur
 xRS3h6QKGxD/O1BKaiMibcBCH1nXFeWB2JpRZBndtS58aX9nQQIeXXODCaWJhWRk
 nEg7U3GAgxFyAk4HnVTreFgmleZsKT3khM69kzlZundZ1JRgSQlekDzBHcsdN4UZ
 MGkzLYdA/0mAr1K45RkNVQuFrk73kgYUx+4g64xkqFzSbj9jqvo2/4gH2cbnrY6S
 hQ+kwjEdAXLP3BGbl7kCDQROiUo5ARAA8l5PToapmK0IHBpY5ohie53ZczLV5ojW
 KZXNsmVYNuSBBKpwC6VH2X859dVd59HigAYsS1TbDCUNGC1bM0thJ9Y92fa1WnlE
 qyYQZDmJ4rt283DT2Gmrkng6XPjvr8PZeHKtvw7uLywfdm4x0WrGrH34g17BL82u
 /7k0JUOgJoPulIkO9Mls35UJSY/Zwk1EdkM4hHKmqJFIiW/DlPYh0Tj5x9Sukk0A
 TH/R/QdtpjvwJJZyph6gMhbiYB+G+nR/WZy9vB+bFwPPaa0EudADoIZ9LkQzU/55
 KqNnKH9dPqPVWEOBZVZvPqiRiyRuffMIJ0t9mtvc/jruS1qiTZdJoy2vl6K4Uqc+
 huvlHeCCYR0lGCeDB+Ixuz9xd2ZdUxMgwgcNiQOCW70YWtxf0LF2seSJdLItHDBO
 u/f3cqKwNGUvcC3d/9qVb0wPSI1mq18S02MGcvDySsjGtX7o4kujUqE2ZNCW6ORL
 JUC6zEYu3TRNWrXeS3uAP21xUrEPkuTiJL7SCS12FYJt5agx5NIUKI7bkIUbLbiu
 hC4z47MFajW9Y5jUQk86dk7bjGqVrXYIu92Dhxc2CND2fWaMpYRhwvHR6KQU1yYH
 YkGVlMHiozM5D+4dCRRVI8x3p/+ypFBZmZr7yTpv/qD0N8HHl2NAYvGRQdzjyFQO
 XERwaXuzjCkAEQEAAYkERAQYAQIADwIbAgUCVB9jPgUJB3dMaAIpwV0gBBkBAgAG
 BQJOiUo5AAoJELC16IaWr+bLpKUQAMsAmipqNBx++8jZKqK5pyrUQa8/I7cevHv/
 6avwMgq4ISlIfdYixmI4t/xNakHu6ezXu1gJ97hWbNts6zSiAxsbTDAkEwtDXuAQ
 LzIdTc8M8wQgsoq7NXHC4+YCpKBZCn06OVOTVjc52DzPLom9bmOb3UaiCdryeySc
 pDXXFuaHeNk7VrDsR9s06eEkTZl/ED2kW3zsT3ZSrG6dHiDupJPi8eoBL1gLRHWu
 cUndT8Miu0nxmnU5vvEcOVHj9ZEbbikD5u7EQQdHKFw1R6RYv5zFh81cb/zSoSwJ
 MyGxjleqy/IoVYVxqhIIg+UPkHW2jbIi7R6OZ4gc6W5870qKQWHDn7a4XDzQ2NEW
 F2G/+SWVInfyQVisFfs0RBJ24LbGA28BRA5wlSBslwKMcmrP0t29eIs2raoCDcYm
 LsaQ2PsNTuUcsIzk3Sz1FpS+WIR9Vv4MG3choi+LIdL/38zctLykecz7dYSAhAPW
 LwiO5N2++DunogweXzCET5Da+rm2VntE+seHi9hI0hUVyBJm5pwIfd6XaVha1x/k
 n9SyoQWc6I4FLEFP68wdkfeEu1cdGfrc4A2fHyXuO2VBH8yXHMshr3v0ALCy4E1k
 cET9zEmtawuMLlrQwzJP3a8PQqZnhXkRZ9KAyAaP5tpgb/lDQMUnYo0RM7z0YsET
 pmv0WsFXCRAg0E5acTZgp74sD/4rBEPyAk7cmWtyR0XDZpQETY0Sw7Nr4aErdTdQ
 7AlntHMcn+MWRJpa57S/ea2Fl6SWZ4X09VV/H11lWnYzw0IkSRDsDATxMin+qpy6
 c7IwxZ9RQ1UT9PhmVBz7rbrsl3Hnjv+WG9PcMCdlFOMZL4VC2TQEr0hBSXWhV6mD
 I0rdwuUu+oq84s1cke5g/e5TjoGupTxkaNO/yfDJMf+3dqwGmJDKl23dfKg+XbFh
 3Y/G321/C5GgvqtjaCoqzCuTDByEbVXBde7mFB5xQg8ejDgFfuocw57whdNcS3Ml
 GPO/P06nB940QELjwp5O34mMcVn0qnyhgaioueVW5qzucEa+UfzbkYhinlYdbylj
 wquJlqIScLPNL0xtzOWo1oWHLl7jVklRuRHXFp6Asqan/MovLlYTcBO4OwOJ/rIJ
 BOHkMeLu/vlEIeqC6J5vuD+bP4XUpHamxOU8U6RVVDIH4cckhEU3zWDTwaD/RTG8
 TatJzGmjNOOR04imbqFApU7NOUQ488WNqH11aeZoDOoXWKEvWfE7Cg/fTP0JZH3H
 aW9LWljWrt68FCyuLtvGVeNyjHw4NZq89bbqnhKBAX1LS3pl/+nfD8Wx4sldo8Rh
 lOQgUQu+ZJ5sAueLrnd1AmWEEXvZDFyZqXsrun4cjvZXDmyFFhuaGVis1QzTIumY
 pUumvLkCDQRUHbogARAAmJzYPpBprZD5rZEP++T/JS7JYzJPSCMFxppxSCy6RwTP
 7Tfu8Bg8Tgy2P6T2dkH5qez2S6+TpOUJ7b/4PmArVWk7uQmo7dkzrMh/gGA6ra44
 xyLfHdpFZaKu/TjbAlKIxbWxQ9Z3+VvUpFkIJ7R2EWGNTGgpDXd6FKe+E0LoM5PE
 OlAQ2pgJ9a+J35ukDV7LSLaslrAoEIYsVkIuFs0HOIgP/N7fqlCft9rJo5Oifqxl
 G2xB/M0wEl5nA1mAbj4I6N2BI1ft/6jWq853GJ3iX0F8BUoL3EfaFLgUN8nViXe7
 H4iJrgJ0HUXxAvyRW9IkfbCd/eT8OVkHzBLK6dLi/1IoOdpkqxciH2p8YayT+I/g
 sgnCadU2hSDWoOf2MB19xs6IpMF1LpG/oSsV8SvVbvBLtoAJShWh7dseUnNw9Xfp
 69kMjJCE4Quv3d/l1I4DiDFpAiuXYJLs+q7OtHEUK/GARn+CYJP165JP0owYwZXE
 8/ZawtOsAUQrGvtF8QgB5TO4FadB7zJ/oSsfZ8u3T6mqoYPFl7gS9J/MgF1w0oAw
 Ip+eZkW4iqtmzbjGhCb8CjRVOhDRxkp4E8Pz7egdHW3gdUgVcSTxmxppO+AS/JuV
 euym+zAz9OTi0mbFMjS0AqX0oGLFANeLlRhxP7xOoWj/fw8DC3cifwsUo0CTJPsA
 EQEAAYkERAQYAQIADwUCVB26IAIbAgUJBaOagAIpCRAg0E5acTZgp8FdIAQZAQIA
 BgUCVB26IAAKCRB1lO7Hs/fKyah/D/wJ3v4WdqGo7KgW0kmWfFVWZLKwtb+16gcy
 6nIm7F7VUcODv+qRLA/4UUg72yabVCXnMBi/eEHtkVZWlB/+tzg643DiRvXTCZiw
 oS5c6fTze55e/Z87qY7okf40aTR+qWuMgligI/LeXunr1Pu2jlJLMcUVh5QLxLZ8
 bDqpDgQM9zcdFmKQ/ofUnK7y6gYyUl2KYJDYi0alzjTm+73/S0Mc7z08Yp/s+dtK
 PbU9imKCnNRkPTQpcwlYHWJv0YPQ0TdOkid6HJC7CmZEPH845D+qojAjYBPogNIj
 /RaByaT3kN32zu8+jaZJSCnBM0l2lSh/qO7sQBZhqPX5pJDjjj7d/ATY7XxJCnK/
 2cZVSuVhMXPIFIAQG4ZYFUaQssjQKLN7BXJUo7+ec1AMkTiwDUocPza8h+fitcpO
 sWWJWWvZvkSObbuPKGn7BgoTzEehO2Rz0QsNjgOa5SXxmc0zX7sbB1XiMxSe7gBZ
 BOnYjhPVcidO3tWuM/jXGfZAL9ISq6Zf47ebXA7Y+6Bx3oquMgtSN10gbdoJvjqE
 BJNN65wadvBP8+SrL+nWRGhsfmu8jupXdJe8h8ysXCboVkpXHuSu+lDjeL9WLqpw
 c/XkaOy7B6PfwIRaYYHnsKs8ogvDuTRJPV4khizyt+A6aiQ1PQqxSKWGY+lzxbmB
 kPhp5v1N5xrnD/9vdJggIMR16G7JVxSKMLw7pE45eXRR9x9HDlLAAYAY8w5spMDH
 gJwrUvepDq8L12ttigGD+7GVb+3CgaLbI4Z3Mhrs55J0TWbLxvc0nuJYlxk1sF+U
 B73fL4z9G5nI6rV+BWyM7BvrepKyyeXlluTstOsawI/3YQn2KH0ERqb7t1i0a+HI
 3EBzpFTORQ7G6zycU6liAnWpWLlvTEefdBfsh8VssQAZFP5SRPDUiVORIT/YGDzH
 OfuIaeCD9pPJ4guMS5DZUmwrAYbY9s1Yt/gFsddKH1pDh6jFdF0aYMDv66pyA2aO
 7DmxdrNN05Mq3duly18AeWC8puQVzi5wTi5668RhMJFEK5YqixbE1sXgV/YXMmZ+
 JqDgWd177m1Cg5UnBUoBMXNVC69ZAP4TSq+hXZlrNhDNUmY2W4IsIg22ZSc/zPQW
 1FogQD0WWGmt4nH2TiPT22yO6XpKSWgP4trGG7ArSsx8DfYHBOzwyyLJQv5lyB62
 RWqsZW4azM9IhxHOpr03zM6UmfFJ3Db8URNIHYfXCZteBGyWIilZ9+S59F2jc9M0
 Ard75N4RY/1/TVEDTgazvBNgD9oHQAmdXlglicn4jiR/zdsiUvxzXYfAwJ2wn93b
 H36Mo/R9JLZoiNx9YlED1s/emsTzoSw8JiIA5V4aLnc8FdwY8Wa9cvZAAw==
 =f2jS
 -----END PGP PUBLIC KEY BLOCK-----
--- a/cgit.spec
+++ b/cgit.spec
@ -16,71 +16,67 @@
 #
-%define git_version	1.7.6.4
+%define git_version	2.4.0
 Name:           cgit
-Version:        0.9.1
+Version:        0.11.2
 Release:        0
 Summary:        A web frontend for git repositories
 Url:            http://git.zx2c4.com/cgit/
 License:        GPL-2.0
-Group:          Development/Libraries/C and C++
+Group:          Development/Tools/Version Control
-Source0:        %{name}-%{version}.tar.xz
+
-Source1:        git-%{git_version}.tar.gz
+#Git-Clone:	git://git.zx2c4.com/cgit
-Source2:        cgitrc
+Source:         http://git.zx2c4.com/cgit/snapshot/%name-%version.tar.xz
-Patch:          cgit-optflags.diff
+Source2:        https://www.kernel.org/pub/software/scm/git/git-%git_version.tar.xz
-Patch1:         cgit-git-1.7.6_build_fix.patch
+Source3:        https://www.kernel.org/pub/software/scm/git/git-%git_version.tar.sign
-Patch3:         cgit-fix-print-tree.diff
+Source4:        %name.keyring
-Patch4:         cgit-fix-more-read_tree_recursive-invocations.diff
+Source9:        cgitrc
-Patch5:         cgit-CVE-2013-2117-disallow-directory-traversal.patch
+Patch0:         cgit-optflags.diff
 # Requirements for cgit
-BuildRequires:  gnu-crypto libopenssl-devel libzip-devel
+BuildRequires:  gnu-crypto
 BuildRequires:  libopenssl-devel
 BuildRequires:  libzip-devel
 # Requirements for cgitrc man page generation
-BuildRequires:  asciidoc libxslt xz
+BuildRequires:  asciidoc
 BuildRequires:  libxslt
 BuildRequires:  xz
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %description
-This is an attempt to create a fast web interface for the git scm, using a
+This is an attempt to create a fast web interface for the Git SCM, using a
-builtin cache to decrease server io-pressure.
+builtin cache to decrease server I/O pressue.
 Authors:
 --------
    Lars Hjemli (hjemli@gmail.com)
 %prep
-%setup -q
+%setup -qa2
-%setup -q -T -D -a 1
+%patch0 -p1
 %patch -p1
 %patch1 -p1
 %patch3
 %patch4
 %patch5 -p1
 rm -rf git
-mv git-%{git_version} git
+ln -s git-%git_version git
 %build
-make V=1 %{?_smp_mflags}
+make V=1 prefix="%_prefix" %{?_smp_mflags}
 %install
-make install DESTDIR="%{buildroot}" CGIT_SCRIPT_PATH=/srv/www/htdocs/cgit
+make install install-man DESTDIR="%buildroot" prefix="%_prefix" \
-make install-man DESTDIR="%{buildroot}"
+	CGIT_SCRIPT_PATH="/srv/www/htdocs/cgit"
-mkdir -p "%{buildroot}"/srv/www/cgi-bin/cgit/
+mkdir -p "%buildroot/srv/www/cgi-bin/cgit/"
 mv "%{buildroot}"/srv/www/{htdocs,cgi-bin}/cgit/cgit.cgi
 mkdir -p "%{buildroot}"/etc
-cp %{SOURCE2} "%{buildroot}"/etc/cgitrc
+cp %{SOURCE9} "%{buildroot}"/etc/cgitrc
 %files
 %defattr(-,root,root)
 %doc README COPYING
-%doc %{_mandir}/man5/cgitrc.5.gz
+%_mandir/man5/cgitrc.5.gz
-%dir /srv/www/htdocs/cgit
+/srv/www/cgi-bin/cgit/
-%dir /srv/www/cgi-bin/cgit
+/srv/www/htdocs/cgit/
-/srv/www/cgi-bin/cgit/cgit.cgi
+/usr/lib/cgit/
 /srv/www/htdocs/cgit/cgit.css
 /srv/www/htdocs/cgit/cgit.png
 /usr/lib/cgit
 %config(noreplace) /etc/cgitrc
 %changelog
--- a/git-1.7.6.4.tar.gz
+++ b/git-1.7.6.4.tar.gz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:c95bb6fdfa8276a6cbc1c3150e56ce3dc2fc29a4bcecd9c246ab9df5d9638ec6
 size 3399093
--- a/git-2.4.0.tar.sign
+++ b/git-2.4.0.tar.sign
--- a/git-2.4.0.tar.xz
+++ b/git-2.4.0.tar.xz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:b33438dd94659958a74850aacae4a2b3a626baec36d7f29c266130b08045bb24
 size 3681516