diff --git a/.cvsignore b/.cvsignore deleted file mode 100644 index 1725bcd..0000000 --- a/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -git-1.5.3.4.tar.gz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..924d482 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +git-1.5.4.3.tar.gz diff --git a/0001-hotfix-1.5.456.X.txt b/0001-hotfix-1.5.456.X.txt new file mode 100644 index 0000000..074fdc5 --- /dev/null +++ b/0001-hotfix-1.5.456.X.txt @@ -0,0 +1,70 @@ +>From dfff4b7aa42de7e7d58caeebe2c6128449f09b76 Mon Sep 17 00:00:00 2001 +From: Junio C Hamano +Date: Tue, 16 Dec 2008 19:42:02 -0800 +Subject: [PATCH] gitweb: do not run "git diff" that is Porcelain + +Jakub says that legacy-style URI to view two blob differences are never +generated since 1.4.3. This codepath runs "git diff" Porcelain from the +gitweb, which is a no-no. It can trigger diff.external command that is +specified in the configuration file of the repository being viewed. + +This patch applies to v1.5.4 and later. + +Signed-off-by: Junio C Hamano +--- + gitweb/gitweb.perl | 38 ++------------------------------------ + 1 files changed, 2 insertions(+), 36 deletions(-) + +diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl +index b582332..86a6ced 100755 +--- a/gitweb/gitweb.perl ++++ b/gitweb/gitweb.perl +@@ -4809,43 +4809,9 @@ sub git_blobdiff { + or die_error(undef, "Open git-diff-tree failed"); + } + +- # old/legacy style URI +- if (!%diffinfo && # if new style URI failed +- defined $hash && defined $hash_parent) { +- # fake git-diff-tree raw output +- $diffinfo{'from_mode'} = $diffinfo{'to_mode'} = "blob"; +- $diffinfo{'from_id'} = $hash_parent; +- $diffinfo{'to_id'} = $hash; +- if (defined $file_name) { +- if (defined $file_parent) { +- $diffinfo{'status'} = '2'; +- $diffinfo{'from_file'} = $file_parent; +- $diffinfo{'to_file'} = $file_name; +- } else { # assume not renamed +- $diffinfo{'status'} = '1'; +- $diffinfo{'from_file'} = $file_name; +- $diffinfo{'to_file'} = $file_name; +- } +- } else { # no filename given +- $diffinfo{'status'} = '2'; +- $diffinfo{'from_file'} = $hash_parent; +- $diffinfo{'to_file'} = $hash; +- } +- +- # non-textual hash id's can be cached +- if ($hash =~ m/^[0-9a-fA-F]{40}$/ && +- $hash_parent =~ m/^[0-9a-fA-F]{40}$/) { +- $expires = '+1d'; +- } +- +- # open patch output +- open $fd, "-|", git_cmd(), "diff", @diff_opts, +- '-p', ($format eq 'html' ? "--full-index" : ()), +- $hash_parent, $hash, "--" +- or die_error(undef, "Open git-diff failed"); +- } else { ++ # old/legacy style URI -- not generated anymore since 1.4.3. ++ if (!%diffinfo) { + die_error('404 Not Found', "Missing one of the blob diff parameters") +- unless %diffinfo; + } + + # header +-- +1.6.1.rc3.19.g66a9 + diff --git a/Makefile b/Makefile deleted file mode 100644 index 6c8a637..0000000 --- a/Makefile +++ /dev/null @@ -1,21 +0,0 @@ -# Makefile for source rpm: git -# $Id$ -NAME := git -SPECFILE = $(firstword $(wildcard *.spec)) - -define find-makefile-common -for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done -endef - -MAKEFILE_COMMON := $(shell $(find-makefile-common)) - -ifeq ($(MAKEFILE_COMMON),) -# attept a checkout -define checkout-makefile-common -test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2 -endef - -MAKEFILE_COMMON := $(shell $(checkout-makefile-common)) -endif - -include $(MAKEFILE_COMMON) diff --git a/git.spec b/git.spec index 140adb1..77f10f3 100644 --- a/git.spec +++ b/git.spec @@ -1,7 +1,7 @@ # Pass --without docs to rpmbuild if you don't want the documentation Name: git -Version: 1.5.3.4 -Release: 1%{?dist} +Version: 1.5.4.3 +Release: 3%{?dist} Summary: Git core and tools License: GPLv2 Group: Development/Tools @@ -11,9 +11,20 @@ Source1: git-init.el Source2: git.xinetd Source3: git.conf.httpd Patch0: git-1.5-gitweb-home-link.patch -BuildRequires: zlib-devel >= 1.2, openssl-devel, curl-devel, expat-devel, emacs %{!?_without_docs:, xmlto, asciidoc > 6.0.3} +Patch1: 0001-hotfix-1.5.456.X.txt +BuildRequires: zlib-devel >= 1.2, openssl-devel, curl-devel, expat-devel, emacs, gettext %{!?_without_docs:, xmlto, asciidoc > 6.0.3} BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -Requires: git-core, git-svn, git-cvs, git-arch, git-email, gitk, git-gui, perl-Git, emacs-git + +Requires: git-core = %{version}-%{release} +Requires: git-svn = %{version}-%{release} +Requires: git-cvs = %{version}-%{release} +Requires: git-arch = %{version}-%{release} +Requires: git-email = %{version}-%{release} +Requires: gitk = %{version}-%{release} +Requires: git-gui = %{version}-%{release} +Requires: perl-Git = %{version}-%{release} +Requires: emacs-git = %{version}-%{release} + %description Git is a fast, scalable, distributed revision control system with an @@ -25,7 +36,7 @@ This is a dummy package which brings in all subpackages. %package core Summary: Core git tools Group: Development/Tools -Requires: zlib >= 1.2, rsync, curl, less, openssh-clients, expat +Requires: zlib >= 1.2, rsync, curl, less, openssh-clients, expat, perl(Error) %description core Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations @@ -52,7 +63,7 @@ Simple web interface to track changes in git repositories %package svn Summary: Git tools for importing Subversion repositories Group: Development/Tools -Requires: git-core = %{version}-%{release}, subversion +Requires: git-core = %{version}-%{release}, subversion, perl(Term::ReadKey) %description svn Git tools for importing Subversion repositories. @@ -73,7 +84,7 @@ Git tools for importing Arch repositories. %package email Summary: Git tools for sending email Group: Development/Tools -Requires: git-core = %{version}-%{release} +Requires: git-core = %{version}-%{release}, perl-Git = %{version}-%{release} %description email Git tools for sending email. @@ -94,7 +105,7 @@ Git revision tree visualiser. %package -n perl-Git Summary: Perl interface to Git Group: Development/Libraries -Requires: git-core = %{version}-%{release} +Requires: git-core = %{version}-%{release}, perl(Error) Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) BuildRequires: perl(Error), perl(ExtUtils::MakeMaker) @@ -112,6 +123,7 @@ Requires: git-core = %{version}-%{release}, emacs-common %prep %setup -q %patch0 -p1 +%patch1 -p1 %build make %{_smp_mflags} CFLAGS="$RPM_OPT_FLAGS" \ @@ -203,6 +215,7 @@ rm -rf $RPM_BUILD_ROOT %defattr(-,root,root) %doc Documentation/*gitk*.txt %{_bindir}/*gitk* +%{_datadir}/gitk %{!?_without_docs: %{_mandir}/man1/*gitk*.1*} %{!?_without_docs: %doc Documentation/*gitk*.html } @@ -228,11 +241,46 @@ rm -rf $RPM_BUILD_ROOT %files -n gitweb %defattr(-,root,root) /var/www/git/ -%{_sysconfdir}/httpd/conf.d/git.conf +%config(noreplace)%{_sysconfdir}/httpd/conf.d/git.conf %{!?_without_docs: %doc Documentation/*.html Documentation/howto} %{!?_without_docs: %doc Documentation/technical} %changelog +* Sat Dec 20 2008 Todd Zullinger 1.5.4.3-3 +- Fix local privilege escalation bug in gitweb + (http://article.gmane.org/gmane.comp.version-control.git/103624) + +* Sun Feb 26 2008 Bernardo Innocenti 1.5.4.3-2 +- Do not silently overwrite /etc/httpd/conf.d/git.conf + +* Sun Feb 24 2008 James Bowes 1.5.4.3-1 +- git-1.5.4.3 + +* Sun Feb 10 2008 James Bowes 1.5.4.1-1 +- git-1.5.4.1 + +* Mon Feb 04 2008 James Bowes 1.5.4-2 +- Own datadir/gitk + +* Mon Feb 04 2008 James Bowes 1.5.4-1 +- git-1.5.4 + +* Tue Jan 08 2008 James Bowes 1.5.3.8-1 +- git-1.5.3.8 + +* Fri Dec 21 2007 James Bowes 1.5.3.7-1 +- git-1.5.3.7 +- Have git metapackage require explicit versions (bug 247214) + +* Tue Nov 27 2007 Josh Boyer 1.5.3.6-1 +- git-1.5.3.6 +- git-core requires perl(Error) (bug 367861) +- git-svn requires perl(Term:ReadKey) (bug 261361) +- git-email requires perl-Git (bug 333061) + +* Wed Oct 24 2007 Lubomir Kundrak 1.5.3.4-2 +- git-Perl requires Error package + * Tue Oct 09 2007 James Bowes 1.5.3.4-1 - git-1.5.3.4 diff --git a/sources b/sources index 3012073..45cae7f 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -863235e36f5e4922c7f7a8459e0f8910 git-1.5.3.4.tar.gz +6311a711eb780b1fbae29e0fd28836bd git-1.5.4.3.tar.gz