From e1287c86b2a6fa4b1af13235cc8d475b9fbf0bbb9d7c88b6d4e8315a520a5555 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Sun, 5 Aug 2018 16:32:34 +0000
Subject: [PATCH 1/2] - Update to new upstream release 1.2.1 [boo#1103799]

OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/cgit?expand=0&rev=32
---
 cgit-1.1.tar.xz     |   3 ---
 cgit-1.2.1.tar.xz   |   3 +++
 cgit.changes        |  10 ++++++++++
 cgit.spec           |  14 ++++++--------
 git-2.11.1.tar.sign | Bin 543 -> 0 bytes
 git-2.11.1.tar.xz   |   3 ---
 git-2.18.0.tar.sign | Bin 0 -> 566 bytes
 git-2.18.0.tar.xz   |   3 +++
 8 files changed, 22 insertions(+), 14 deletions(-)
 delete mode 100644 cgit-1.1.tar.xz
 create mode 100644 cgit-1.2.1.tar.xz
 delete mode 100644 git-2.11.1.tar.sign
 delete mode 100644 git-2.11.1.tar.xz
 create mode 100644 git-2.18.0.tar.sign
 create mode 100644 git-2.18.0.tar.xz

diff --git a/cgit-1.1.tar.xz b/cgit-1.1.tar.xz
deleted file mode 100644
index ec94151..0000000
--- a/cgit-1.1.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:0889af29be15fc981481caa09579f982b9740fe9fd2860ab87dff286f4635890
-size 86268
diff --git a/cgit-1.2.1.tar.xz b/cgit-1.2.1.tar.xz
new file mode 100644
index 0000000..b89e98e
--- /dev/null
+++ b/cgit-1.2.1.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3c547c146340fb16d4134326e7524bfb28ffa681284f1e3914bde1c27a9182bf
+size 89648
diff --git a/cgit.changes b/cgit.changes
index c7dd6ee..c1eaa19 100644
--- a/cgit.changes
+++ b/cgit.changes
@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Sun Aug  5 16:24:56 UTC 2018 - jengelh@inai.de
+
+- Update to new upstream release 1.2.1
+  * fixes CVE-2018-14912 directory traversal vulnerability
+    [boo#1103799]
+  * syntax-highlighting: replace invalid unicode with '?'
+  * ui-repolist: properly sort by age
+  * ui-patch: fix crash when using path limit
+
 -------------------------------------------------------------------
 Sat Feb 11 17:56:42 UTC 2017 - jengelh@inai.de
 
diff --git a/cgit.spec b/cgit.spec
index 383589a..42bd5f8 100644
--- a/cgit.spec
+++ b/cgit.spec
@@ -16,9 +16,9 @@
 #
 
 
-%define git_version	2.11.1
+%define git_version	2.18.0
 Name:           cgit
-Version:        1.1
+Version:        1.2.1
 Release:        0
 Summary:        A web frontend for git repositories
 License:        GPL-2.0
@@ -31,7 +31,7 @@ Source3:        https://www.kernel.org/pub/software/scm/git/git-%git_version.tar
 Source4:        %name.keyring
 Source9:        cgitrc
 Patch0:         cgit-optflags.diff
-Patch1:					cgit-built-with-git-v2.11.0.patch
+Patch1:         cgit-built-with-git-v2.11.0.patch
 # Requirements for cgitrc man page generation
 BuildRequires:  asciidoc
 # Requirements for cgit
@@ -42,8 +42,8 @@ BuildRequires:  xz
 BuildRoot:      %_tmppath/%name-%version-build
 
 %description
-This is an attempt to create a fast web interface for the Git SCM, using a
-builtin cache to decrease server I/O pressure.
+A web interface for the Git SCM, using a built-in cache to decrease server
+I/O pressure.
 
 %prep
 %setup -qa2
@@ -56,12 +56,10 @@ ln -s git-%git_version git
 make V=1 prefix="%_prefix" %{?_smp_mflags}
 
 %install
-make install install-man DESTDIR=%buildroot prefix="%_prefix" \
+%make_install install-man prefix="%_prefix" \
 	CGIT_SCRIPT_PATH="/srv/www/htdocs/cgit"
-
 mkdir -p "%buildroot/srv/www/cgi-bin/cgit/"
 mv %buildroot/srv/www/{htdocs,cgi-bin}/cgit/cgit.cgi
-
 mkdir -p "%buildroot/%_sysconfdir"
 cp %SOURCE9 "%buildroot/%_sysconfdir/cgitrc"
 
diff --git a/git-2.11.1.tar.sign b/git-2.11.1.tar.sign
deleted file mode 100644
index 1229d0216c96ed662834a608a955fa45b260500438e57154adfe636b96a2ad93..0000000000000000000000000000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 543
zcmV+)0^t3L0vrSY0RjL91p-);s{jBB2@tTg=!TZB=F2Ta5CGHhK_!~6J(kF6Oy&LZ
z(nn8&UoQ!J_h{B@+sk7%ykjLZcs1x*oQ7#aN(oPFJAT)EM9M*vnTkH8SW@Zz_Kaq2
z9T>D+v-cnD^fc=(DR~Sj^b^v1jcwe5oU|iUsn@5=P{uQ+x?CsvIs8XLwZ~<P7_=|J
zE%tSK-8hb~@@mF6&jm+UpW$s|b)$g7?xsD=0F^-~Y@=06(WrLE8~dJ@zRQ*Hu<zY3
z4<uMn5FFG<We2zoMejezBjYNoz}b)}Pt0cu%Z#fi9{|_0&7~;sbzA!`-q%4@Ky^{w
zP)>=kzY;}&A!^{JES(3INSgsa^{<2&vw6mM&;%EK^f$ZDdmpC1)s2v7HxRgxjf2Jf
zJq5~)kz6^inNL*eS`u;!<*1@p{RFfH+8Btw(#+EBl4dba<YQp)M~L_D7wn~89w<xs
zpu9P*3=7E4tLU6%7`#XXod(ULrJ0{1Cq@m$l2TrG(N&4SX=J9GK*}ghVrA7m)m;QM
z9&PS-8Ji!|J(pDP60AZ9?>o<8UP#}$s1fAkXrinSYCrwj*Ow6G|0>n(NH_u^#&APa
z?1hFQQ}!LOt$Zs(=ksY*gYF8l^%)Zii2<~9Z_Z+{H@)^y5w61bRl=C5Tnira<R5`F
hl$I7NVwZ>8yv`!byezlzczM4IlBbajaDE1KPR-aM2tNP-

diff --git a/git-2.11.1.tar.xz b/git-2.11.1.tar.xz
deleted file mode 100644
index 6607692..0000000
--- a/git-2.11.1.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:c0a779cae325d48a1d5ba08b6ee1febcc31d0657a6da01fd1dec1c6e10976415
-size 4208132
diff --git a/git-2.18.0.tar.sign b/git-2.18.0.tar.sign
new file mode 100644
index 0000000000000000000000000000000000000000000000000000000000000000..d51b1f91f83392026846f779cd947d3ac0af4afec2a49cef4c09fc0820dabaca
GIT binary patch
literal 566
zcmV-60?GY}0y6{v0SEvc79j-T@HVmj=OQ1+c<k@6wdjVHujb1I0$VHI!~hBj5U{oA
zhL*49%e<iv`vu-liUwP>#RXG;yl^AWE?-{9)^aTAxa`z6MJ!_WoVuVQq^oBhA^%c3
zRy%(z*mLe?&BK90=1-o)I8bdPTw9ImQSV~!8?l9a2+i6uYGq!hcB?7lg*XvXQ_f)3
z`@{>oz4J{lmV<;P2yn&V?P5dSmd>dbG*~`6R+gt3?UtASL!Aur*vGxu_iPGY2nSSI
zFy<8fCC&G1FLZlsPbpwC-*8XlFd=46T*&O4`Z}DeMiugc9GOL>v)s{eET+y~J@vmR
zUtQ1Xztvp)w*3%ZM;f@Azj)uJ&<_R`kt~IK?RGe#HZN5UZ+X`Fd5=lzQiMDSW#N)3
z^mIcijF_(AMJ%%13aC5A0r|%+%N6O;SwR|rYiR;VW->o^VNTtR?>+{J@g&>*)ChPQ
zn4@`LWUy10Y&nCjn<_LS-{1rFIk+{)^kagGKbny*?Uw~nC7S;eEM><OpdhRmp<2M3
zgSV`-VY!u8HK?*u0F(n?CgEa{hfb<s<}pH<3(erqS=FXQEfsNqm|}m?M-kMnua_JW
zN3s43ikr0vW_gmYpwrC%cHG{$ARz~Ybgh;hl`7jo$BNOQV6b!v`uRKRrsr$c#K>0I
z4=pp_Jxyi~fCLn2@gjN+o=UHm%TF4)s9=4>#TI8&Am4I#PZRzP2BG6y@)?S*!fM<4
E!2l5zwg3PC

literal 0
HcmV?d00001

diff --git a/git-2.18.0.tar.xz b/git-2.18.0.tar.xz
new file mode 100644
index 0000000..cac1dc7
--- /dev/null
+++ b/git-2.18.0.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:8b40be383a603147ae29337136c00d1c634bdfdc169a30924a024596a7e30e92
+size 5102264

From ba716b33f6313b2c59e965f0107556e1798acc899c585f4ad77687471e277965 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Sun, 5 Aug 2018 16:56:33 +0000
Subject: [PATCH 2/2] - Remove cgit-built-with-git-v2.11.0.patch (merged
 upstream)

OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/cgit?expand=0&rev=33
---
 cgit-built-with-git-v2.11.0.patch | 27 ---------------------------
 cgit.changes                      |  1 +
 cgit.spec                         |  8 ++++----
 3 files changed, 5 insertions(+), 31 deletions(-)
 delete mode 100644 cgit-built-with-git-v2.11.0.patch

diff --git a/cgit-built-with-git-v2.11.0.patch b/cgit-built-with-git-v2.11.0.patch
deleted file mode 100644
index 01a2309..0000000
--- a/cgit-built-with-git-v2.11.0.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 91153fd02e62f2eaca8e6c140baa4f2abf39c40e Mon Sep 17 00:00:00 2001
-From: Christian Hesse <mail@eworm.de>
-Date: Wed, 30 Nov 2016 10:43:08 +0100
-Subject: git: update to v2.11.0
-
-Update to git version v2.11.0. Function write_archive()
-dropped argument (int setup_prefix).
----
-
- ui-snapshot.c | 2 +-
- 3 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/ui-snapshot.c b/ui-snapshot.c
-index 08c6e80..9b8cddd 100644
---- a/ui-snapshot.c
-+++ b/ui-snapshot.c
-@@ -37,7 +37,7 @@ static int write_archive_type(const char *format, const char *hex, const char *p
- 	/* argv_array guarantees a trailing NULL entry. */
- 	memcpy(nargv, argv.argv, sizeof(char *) * (argv.argc + 1));
-
--	result = write_archive(argv.argc, nargv, NULL, 1, NULL, 0);
-+	result = write_archive(argv.argc, nargv, NULL, NULL, 0);
- 	argv_array_clear(&argv);
- 	free(nargv);
- 	return result;
---
-cgit v1.1-3-g9641
diff --git a/cgit.changes b/cgit.changes
index c1eaa19..817f17b 100644
--- a/cgit.changes
+++ b/cgit.changes
@@ -7,6 +7,7 @@ Sun Aug  5 16:24:56 UTC 2018 - jengelh@inai.de
   * syntax-highlighting: replace invalid unicode with '?'
   * ui-repolist: properly sort by age
   * ui-patch: fix crash when using path limit
+- Remove cgit-built-with-git-v2.11.0.patch (merged upstream)
 
 -------------------------------------------------------------------
 Sat Feb 11 17:56:42 UTC 2017 - jengelh@inai.de
diff --git a/cgit.spec b/cgit.spec
index 42bd5f8..f01ac7a 100644
--- a/cgit.spec
+++ b/cgit.spec
@@ -30,8 +30,7 @@ Source2:        https://www.kernel.org/pub/software/scm/git/git-%git_version.tar
 Source3:        https://www.kernel.org/pub/software/scm/git/git-%git_version.tar.sign
 Source4:        %name.keyring
 Source9:        cgitrc
-Patch0:         cgit-optflags.diff
-Patch1:         cgit-built-with-git-v2.11.0.patch
+Patch1:         cgit-optflags.diff
 # Requirements for cgitrc man page generation
 BuildRequires:  asciidoc
 # Requirements for cgit
@@ -47,12 +46,13 @@ I/O pressure.
 
 %prep
 %setup -qa2
-%patch0 -p1
-%patch1 -p1
+%patch -P 1 -p1
 rm -rf git
 ln -s git-%git_version git
 
 %build
+perl -i -pe 's{^#!/usr/bin/env }{#!/usr/bin/}g' filters/email-gravatar.py \
+	filters/html-converters/md2html filters/syntax-highlighting.py
 make V=1 prefix="%_prefix" %{?_smp_mflags}
 
 %install