From ef2bab7f59005c9e1215490d66faca6ea0fe0055 Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Mon, 10 Jan 2022 17:49:49 -0500 Subject: [PATCH 001/113] update to 2.35.0-rc0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add openssh-clients BuildRequires, for ssh-add. Upstream 350a2518c8 (ssh signing: support non ssh-* keytypes, 2021-11-19), added `ssh-add` as a requirement of t7528-signed-commit-ssh's "sign commits using literal public keys with ssh-agent" test. Replace the openssh BR added in e8896ce (update to 2.34.0, 2021-11-15) with openssh-clients. The latter requires the former. Apply Taylor Blau's patch to fix a use-after-free bug in fmt-merge-msg¹. Add `missing !LONG_IS_64BIT,EXPENSIVE` to git.skip-test-patterns. It is used in t1051-large-conversion after upstream 596b5e77c9 (clean/smudge: allow clean filters to process extremely large files, 2021-11-02). Release notes: https://github.com/git/git/raw/v2.35.0-rc0/Documentation/RelNotes/2.35.0.txt ¹ https://lore.kernel.org/git/CAHk-=whXPxWL7z3GiPkaDt+yygrRmagrYUnib7Lx=Vvrqx2ufg@mail.gmail.com/ --- ...event-use-after-free-with-signed-tag.patch | 199 ++++++++++++++++++ git.skip-test-patterns | 2 +- git.spec | 15 +- sources | 4 +- 4 files changed, 213 insertions(+), 7 deletions(-) create mode 100644 0001-fmt-merge-msg-prevent-use-after-free-with-signed-tag.patch diff --git a/0001-fmt-merge-msg-prevent-use-after-free-with-signed-tag.patch b/0001-fmt-merge-msg-prevent-use-after-free-with-signed-tag.patch new file mode 100644 index 0000000..72cd990 --- /dev/null +++ b/0001-fmt-merge-msg-prevent-use-after-free-with-signed-tag.patch @@ -0,0 +1,199 @@ +From mboxrd@z Thu Jan 1 00:00:00 1970 +Return-Path: +X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on + aws-us-west-2-korg-lkml-1.web.codeaurora.org +Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) + by smtp.lore.kernel.org (Postfix) with ESMTP id 4EF60C433EF + for ; Mon, 10 Jan 2022 21:19:15 +0000 (UTC) +Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand + id S1343852AbiAJVTN (ORCPT ); + Mon, 10 Jan 2022 16:19:13 -0500 +Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45246 "EHLO + lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org + with ESMTP id S240793AbiAJVTJ (ORCPT ); + Mon, 10 Jan 2022 16:19:09 -0500 +Received: from mail-io1-xd32.google.com (mail-io1-xd32.google.com [IPv6:2607:f8b0:4864:20::d32]) + by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D57E9C06173F + for ; Mon, 10 Jan 2022 13:19:08 -0800 (PST) +Received: by mail-io1-xd32.google.com with SMTP id h23so19409080iol.11 + for ; Mon, 10 Jan 2022 13:19:08 -0800 (PST) +DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; + d=ttaylorr-com.20210112.gappssmtp.com; s=20210112; + h=date:from:to:cc:subject:message-id:references:mime-version + :content-disposition:in-reply-to; + bh=FTrKkNrsW7oFf2weWFjBUCeY4AzPYNFulnRyLyCVrk8=; + b=z+XM3REbAP5x9W9gK6pBjzm9BHigJ0mkHwdcjCN9VQSWk7aIMxsxwVauiC4+Y15Py4 + e4kEWLSahtCS62N2410rXTW5F4IiCjrtU+iZztr+gz2IfLpV70e3CO2WaIRGNPRJm2g0 + Gl1+Y32Gk2jkmZ7w/ue8yng54F8FHEvg5joJFj19bMoWF0kd16ny2U+SjCfurbJu7Qpm + 7qMJtWStXIt8SBVaYdqvMjIylr3zDEvOolaSUBxXZYmD51XjQJXFL4DaYTvT6RIRsBZF + gcdEfTKQ3MdH7Dr8AbiaERh3vNXQ9oKb1cHL7aodKSAS6/NpSSvKMxmW+7n4yICL7hsM + b8pQ== +X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; + d=1e100.net; s=20210112; + h=x-gm-message-state:date:from:to:cc:subject:message-id:references + :mime-version:content-disposition:in-reply-to; + bh=FTrKkNrsW7oFf2weWFjBUCeY4AzPYNFulnRyLyCVrk8=; + b=YyvJy1w+MELo/HMukbimTZO7p+9odhEtnD9F2+GB68WqNtHOSqLj+FNJKrl2cWUWPM + Oec5Mop17BPiDQ5du2gbK9mEJMae9wPoqUhJijzgbcfyH8nAHG8XgBD8PYhzcdaKiwZW + 1/rhWRpyqsAmRKRnXBk+qXOydG6sbeJqYIDiHxHV/MWXzXK8L1tw0TN6x+ovUHJ8tOuu + ZStLc+f7IV9gr3soTs3R4sloQluxitDfe4RReEpc0HDcPxG0V91aiT4MxULStqcCqUbz + I1S0PJMehkw5RIZvrW8GpPjBGFao6X30hvxBN1Skq/nq1rUbbIwat343WUGUC/LogIAV + Wd5A== +X-Gm-Message-State: AOAM533g0jVnFyUCJsyN7y07jhNAhfATafqgniWHcVni8kH1UQ43T/Cd + 76bWXlo05ji/88mEupUArvoHr60/63d4qA== +X-Google-Smtp-Source: ABdhPJwh3a+flp+ajvTa6YBvQY7iqlxqOUdkFKcfZ3ahJTw9JXb3F4kXsRKSfwjHXJ9SQm7cyHyn1Q== +X-Received: by 2002:a05:6638:3009:: with SMTP id r9mr861119jak.262.1641849548063; + Mon, 10 Jan 2022 13:19:08 -0800 (PST) +Received: from localhost (104-178-186-189.lightspeed.milwwi.sbcglobal.net. [104.178.186.189]) + by smtp.gmail.com with ESMTPSA id t6sm5035566iov.39.2022.01.10.13.19.07 + (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); + Mon, 10 Jan 2022 13:19:07 -0800 (PST) +Date: Mon, 10 Jan 2022 16:19:06 -0500 +From: Taylor Blau +To: git@vger.kernel.org +Cc: Junio C Hamano , + Linus Torvalds , + Fabian Stelzer +Subject: [PATCH] fmt-merge-msg: prevent use-after-free with signed tags +Message-ID: <6e08b73d602853b3de71257117e85e32b96b5c19.1641849502.git.me@ttaylorr.com> +References: +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf-8 +Content-Disposition: inline +In-Reply-To: +Precedence: bulk +List-ID: +X-Mailing-List: git@vger.kernel.org + +When merging a signed tag, fmt_merge_msg_sigs() is responsible for +populating the body of the merge message with the names of the signed +tags, their signatures, and the validity of those signatures. + +In 02769437e1 (ssh signing: use sigc struct to pass payload, +2021-12-09), check_signature() was taught to pass the object payload via +the sigc struct instead of passing the payload buffer separately. + +In effect, 02769437e1 causes buf, and sigc.payload to point at the same +region in memory. This causes a problem for fmt_tag_signature(), which +wants to read from this location, since it is freed beforehand by +signature_check_clear() (which frees it via sigc's `payload` member). + +That makes the subsequent use in fmt_tag_signature() a use-after-free. + +As a result, merge messages did not contain the body of any signed tags. +Luckily, they tend not to contain garbage, either, since the result of +strstr()-ing the object buffer in fmt_tag_signature() is guarded: + + const char *tag_body = strstr(buf, "\n\n"); + if (tag_body) { + tag_body += 2; + strbuf_add(tagbuf, tag_body, buf + len - tag_body); + } + +Unfortunately, the tests in t6200 did not catch this at the time because +they do not search for the body of signed tags in fmt-merge-msg's +output. + +Resolve this by waiting to call signature_check_clear() until after its +contents can be safely discarded. Harden ourselves against any future +regressions in this area by making sure we can find signed tag messages +in the output of fmt-merge-msg, too. + +Reported-by: Linus Torvalds +Signed-off-by: Taylor Blau +--- + fmt-merge-msg.c | 2 +- + t/t6200-fmt-merge-msg.sh | 8 ++++++++ + 2 files changed, 9 insertions(+), 1 deletion(-) + +diff --git a/fmt-merge-msg.c b/fmt-merge-msg.c +index e5c0aff2bf..baca57d5b6 100644 +--- a/fmt-merge-msg.c ++++ b/fmt-merge-msg.c +@@ -541,7 +541,6 @@ static void fmt_merge_msg_sigs(struct strbuf *out) + else + strbuf_addstr(&sig, sigc.output); + } +- signature_check_clear(&sigc); + + if (!tag_number++) { + fmt_tag_signature(&tagbuf, &sig, buf, len); +@@ -565,6 +564,7 @@ static void fmt_merge_msg_sigs(struct strbuf *out) + } + strbuf_release(&payload); + strbuf_release(&sig); ++ signature_check_clear(&sigc); + next: + free(origbuf); + } +diff --git a/t/t6200-fmt-merge-msg.sh b/t/t6200-fmt-merge-msg.sh +index 7544245f90..5a221f8ef1 100755 +--- a/t/t6200-fmt-merge-msg.sh ++++ b/t/t6200-fmt-merge-msg.sh +@@ -126,6 +126,7 @@ test_expect_success GPG 'message for merging local tag signed by good key' ' + git fetch . signed-good-tag && + git fmt-merge-msg <.git/FETCH_HEAD >actual && + grep "^Merge tag ${apos}signed-good-tag${apos}" actual && ++ grep "^signed-tag-msg" actual && + grep "^# gpg: Signature made" actual && + grep "^# gpg: Good signature from" actual + ' +@@ -135,6 +136,7 @@ test_expect_success GPG 'message for merging local tag signed by unknown key' ' + git fetch . signed-good-tag && + GNUPGHOME=. git fmt-merge-msg <.git/FETCH_HEAD >actual && + grep "^Merge tag ${apos}signed-good-tag${apos}" actual && ++ grep "^signed-tag-msg" actual && + grep "^# gpg: Signature made" actual && + grep -E "^# gpg: Can${apos}t check signature: (public key not found|No public key)" actual + ' +@@ -145,6 +147,7 @@ test_expect_success GPGSSH 'message for merging local tag signed by good ssh key + git fetch . signed-good-ssh-tag && + git fmt-merge-msg <.git/FETCH_HEAD >actual && + grep "^Merge tag ${apos}signed-good-ssh-tag${apos}" actual && ++ grep "^signed-ssh-tag-msg" actual && + grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual && + ! grep "${GPGSSH_BAD_SIGNATURE}" actual + ' +@@ -155,6 +158,7 @@ test_expect_success GPGSSH 'message for merging local tag signed by unknown ssh + git fetch . signed-untrusted-ssh-tag && + git fmt-merge-msg <.git/FETCH_HEAD >actual && + grep "^Merge tag ${apos}signed-untrusted-ssh-tag${apos}" actual && ++ grep "^signed-ssh-tag-msg-untrusted" actual && + grep "${GPGSSH_GOOD_SIGNATURE_UNTRUSTED}" actual && + ! grep "${GPGSSH_BAD_SIGNATURE}" actual && + grep "${GPGSSH_KEY_NOT_TRUSTED}" actual +@@ -166,6 +170,7 @@ test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'message for merging local tag sign + git fetch . expired-signed && + git fmt-merge-msg <.git/FETCH_HEAD >actual && + grep "^Merge tag ${apos}expired-signed${apos}" actual && ++ grep "^expired-signed" actual && + ! grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual + ' + +@@ -175,6 +180,7 @@ test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'message for merging local tag sign + git fetch . notyetvalid-signed && + git fmt-merge-msg <.git/FETCH_HEAD >actual && + grep "^Merge tag ${apos}notyetvalid-signed${apos}" actual && ++ grep "^notyetvalid-signed" actual && + ! grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual + ' + +@@ -184,6 +190,7 @@ test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'message for merging local tag sign + git fetch . timeboxedvalid-signed && + git fmt-merge-msg <.git/FETCH_HEAD >actual && + grep "^Merge tag ${apos}timeboxedvalid-signed${apos}" actual && ++ grep "^timeboxedvalid-signed" actual && + grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual && + ! grep "${GPGSSH_BAD_SIGNATURE}" actual + ' +@@ -194,6 +201,7 @@ test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'message for merging local tag sign + git fetch . timeboxedinvalid-signed && + git fmt-merge-msg <.git/FETCH_HEAD >actual && + grep "^Merge tag ${apos}timeboxedinvalid-signed${apos}" actual && ++ grep "^timeboxedinvalid-signed" actual && + ! grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual + ' + +-- +2.34.1.455.gd6eb6fd089 + diff --git a/git.skip-test-patterns b/git.skip-test-patterns index 1f1f8b1..bd44452 100644 --- a/git.skip-test-patterns +++ b/git.skip-test-patterns @@ -4,7 +4,7 @@ GIT_SKIP_TESTS missing AUTOIDENT missing CASE_INSENSITIVE_FS missing DONTHAVEIT -missing EXPENSIVE +missing ([!]LONG_IS_64BIT,)?EXPENSIVE missing JGIT missing !?LAZY_(TRUE|FALSE) missing MINGW diff --git a/git.spec b/git.spec index 6b12273..ea1b95b 100644 --- a/git.spec +++ b/git.spec @@ -76,11 +76,11 @@ %endif # Define for release candidates -#global rcrev .rc0 +%global rcrev .rc0 Name: git -Version: 2.34.1 -Release: 1%{?rcrev}%{?dist} +Version: 2.35.0 +Release: 0.0%{?rcrev}%{?dist} Summary: Fast Version Control System License: GPLv2 URL: https://git-scm.com/ @@ -119,6 +119,10 @@ Patch3: 0003-t-lib-gpg-kill-all-gpg-components-not-just-gpg-agent.patch Patch4: 0004-t4202-match-gpgsm-output-from-GnuPG-2.3.patch Patch5: 0005-gpg-interface-match-SIG_CREATED-if-it-s-the-first-li.patch +# Fix tag message contents +# https://lore.kernel.org/git/CAHk-=whXPxWL7z3GiPkaDt+yygrRmagrYUnib7Lx=Vvrqx2ufg@mail.gmail.com/ +Patch6: https://lore.kernel.org/git/6e08b73d602853b3de71257117e85e32b96b5c19.1641849502.git.me@ttaylorr.com/raw#/0001-fmt-merge-msg-prevent-use-after-free-with-signed-tag.patch + %if %{with docs} # pod2man is needed to build Git.3pm BuildRequires: %{_bindir}/pod2man @@ -218,7 +222,7 @@ BuildRequires: jgit %endif # endif fedora (except i386 and s390x) BuildRequires: mod_dav_svn -BuildRequires: openssh +BuildRequires: openssh-clients BuildRequires: perl(App::Prove) BuildRequires: perl(CGI) BuildRequires: perl(CGI::Carp) @@ -1008,6 +1012,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Mon Jan 10 2022 Todd Zullinger - 2.35.0-0.0.rc0 +- update to 2.35.0-rc0 + * Thu Nov 25 2021 Todd Zullinger - 2.34.1-1 - update to 2.34.1 - fix gpgsm issues with gnupg-2.3 diff --git a/sources b/sources index 9c138f8..4e6eca9 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.34.1.tar.xz) = a1a8e9e6f64b1da25508fbd2f783564dcdbe181fb5ff1ebab3bdac6db6094e18acc334479a1abf22ac17ce4f733cc3e10a664db9ab234cd523735a3f027b42db -SHA512 (git-2.34.1.tar.sign) = a1111276e18da1a7b360e3ed3b8460034ea413b116482b0b66342f8873a9dd02a90f3f5bc7ad1e4b3c7f39ed55926a8155064b849e6e6bdf9478cb85b93f10b5 +SHA512 (git-2.35.0.rc0.tar.xz) = 9aa5d89d7981c73d32e9023dfc61a62e63688c3172cba4bee145b2ff4f5f7bc497435d1b4b535089c698893feabc6057a6522676e52bd3355327dfc0b6b8ba56 +SHA512 (git-2.35.0.rc0.tar.sign) = fe4e74de26c0268d36f4fecfa2a2e014e4025c16c931366d1f6f70417661aa250e4ccb8d583c1060559e554e0f5eb770901f246f729f9a55ecbd08c11c6f1119 From 9d7a08be77521c05a65cdc450bc96e41f974f193 Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Fri, 14 Jan 2022 20:04:04 -0500 Subject: [PATCH 002/113] update to 2.35.0-rc1 Release notes: https://github.com/git/git/raw/v2.35.0-rc1/Documentation/RelNotes/2.35.0.txt --- ...event-use-after-free-with-signed-tag.patch | 199 ------------------ git.spec | 11 +- sources | 4 +- 3 files changed, 7 insertions(+), 207 deletions(-) delete mode 100644 0001-fmt-merge-msg-prevent-use-after-free-with-signed-tag.patch diff --git a/0001-fmt-merge-msg-prevent-use-after-free-with-signed-tag.patch b/0001-fmt-merge-msg-prevent-use-after-free-with-signed-tag.patch deleted file mode 100644 index 72cd990..0000000 --- a/0001-fmt-merge-msg-prevent-use-after-free-with-signed-tag.patch +++ /dev/null @@ -1,199 +0,0 @@ -From mboxrd@z Thu Jan 1 00:00:00 1970 -Return-Path: -X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on - aws-us-west-2-korg-lkml-1.web.codeaurora.org -Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) - by smtp.lore.kernel.org (Postfix) with ESMTP id 4EF60C433EF - for ; Mon, 10 Jan 2022 21:19:15 +0000 (UTC) -Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand - id S1343852AbiAJVTN (ORCPT ); - Mon, 10 Jan 2022 16:19:13 -0500 -Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45246 "EHLO - lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org - with ESMTP id S240793AbiAJVTJ (ORCPT ); - Mon, 10 Jan 2022 16:19:09 -0500 -Received: from mail-io1-xd32.google.com (mail-io1-xd32.google.com [IPv6:2607:f8b0:4864:20::d32]) - by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D57E9C06173F - for ; Mon, 10 Jan 2022 13:19:08 -0800 (PST) -Received: by mail-io1-xd32.google.com with SMTP id h23so19409080iol.11 - for ; Mon, 10 Jan 2022 13:19:08 -0800 (PST) -DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; - d=ttaylorr-com.20210112.gappssmtp.com; s=20210112; - h=date:from:to:cc:subject:message-id:references:mime-version - :content-disposition:in-reply-to; - bh=FTrKkNrsW7oFf2weWFjBUCeY4AzPYNFulnRyLyCVrk8=; - b=z+XM3REbAP5x9W9gK6pBjzm9BHigJ0mkHwdcjCN9VQSWk7aIMxsxwVauiC4+Y15Py4 - e4kEWLSahtCS62N2410rXTW5F4IiCjrtU+iZztr+gz2IfLpV70e3CO2WaIRGNPRJm2g0 - Gl1+Y32Gk2jkmZ7w/ue8yng54F8FHEvg5joJFj19bMoWF0kd16ny2U+SjCfurbJu7Qpm - 7qMJtWStXIt8SBVaYdqvMjIylr3zDEvOolaSUBxXZYmD51XjQJXFL4DaYTvT6RIRsBZF - gcdEfTKQ3MdH7Dr8AbiaERh3vNXQ9oKb1cHL7aodKSAS6/NpSSvKMxmW+7n4yICL7hsM - b8pQ== -X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; - d=1e100.net; s=20210112; - h=x-gm-message-state:date:from:to:cc:subject:message-id:references - :mime-version:content-disposition:in-reply-to; - bh=FTrKkNrsW7oFf2weWFjBUCeY4AzPYNFulnRyLyCVrk8=; - b=YyvJy1w+MELo/HMukbimTZO7p+9odhEtnD9F2+GB68WqNtHOSqLj+FNJKrl2cWUWPM - Oec5Mop17BPiDQ5du2gbK9mEJMae9wPoqUhJijzgbcfyH8nAHG8XgBD8PYhzcdaKiwZW - 1/rhWRpyqsAmRKRnXBk+qXOydG6sbeJqYIDiHxHV/MWXzXK8L1tw0TN6x+ovUHJ8tOuu - ZStLc+f7IV9gr3soTs3R4sloQluxitDfe4RReEpc0HDcPxG0V91aiT4MxULStqcCqUbz - I1S0PJMehkw5RIZvrW8GpPjBGFao6X30hvxBN1Skq/nq1rUbbIwat343WUGUC/LogIAV - Wd5A== -X-Gm-Message-State: AOAM533g0jVnFyUCJsyN7y07jhNAhfATafqgniWHcVni8kH1UQ43T/Cd - 76bWXlo05ji/88mEupUArvoHr60/63d4qA== -X-Google-Smtp-Source: ABdhPJwh3a+flp+ajvTa6YBvQY7iqlxqOUdkFKcfZ3ahJTw9JXb3F4kXsRKSfwjHXJ9SQm7cyHyn1Q== -X-Received: by 2002:a05:6638:3009:: with SMTP id r9mr861119jak.262.1641849548063; - Mon, 10 Jan 2022 13:19:08 -0800 (PST) -Received: from localhost (104-178-186-189.lightspeed.milwwi.sbcglobal.net. [104.178.186.189]) - by smtp.gmail.com with ESMTPSA id t6sm5035566iov.39.2022.01.10.13.19.07 - (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); - Mon, 10 Jan 2022 13:19:07 -0800 (PST) -Date: Mon, 10 Jan 2022 16:19:06 -0500 -From: Taylor Blau -To: git@vger.kernel.org -Cc: Junio C Hamano , - Linus Torvalds , - Fabian Stelzer -Subject: [PATCH] fmt-merge-msg: prevent use-after-free with signed tags -Message-ID: <6e08b73d602853b3de71257117e85e32b96b5c19.1641849502.git.me@ttaylorr.com> -References: -MIME-Version: 1.0 -Content-Type: text/plain; charset=utf-8 -Content-Disposition: inline -In-Reply-To: -Precedence: bulk -List-ID: -X-Mailing-List: git@vger.kernel.org - -When merging a signed tag, fmt_merge_msg_sigs() is responsible for -populating the body of the merge message with the names of the signed -tags, their signatures, and the validity of those signatures. - -In 02769437e1 (ssh signing: use sigc struct to pass payload, -2021-12-09), check_signature() was taught to pass the object payload via -the sigc struct instead of passing the payload buffer separately. - -In effect, 02769437e1 causes buf, and sigc.payload to point at the same -region in memory. This causes a problem for fmt_tag_signature(), which -wants to read from this location, since it is freed beforehand by -signature_check_clear() (which frees it via sigc's `payload` member). - -That makes the subsequent use in fmt_tag_signature() a use-after-free. - -As a result, merge messages did not contain the body of any signed tags. -Luckily, they tend not to contain garbage, either, since the result of -strstr()-ing the object buffer in fmt_tag_signature() is guarded: - - const char *tag_body = strstr(buf, "\n\n"); - if (tag_body) { - tag_body += 2; - strbuf_add(tagbuf, tag_body, buf + len - tag_body); - } - -Unfortunately, the tests in t6200 did not catch this at the time because -they do not search for the body of signed tags in fmt-merge-msg's -output. - -Resolve this by waiting to call signature_check_clear() until after its -contents can be safely discarded. Harden ourselves against any future -regressions in this area by making sure we can find signed tag messages -in the output of fmt-merge-msg, too. - -Reported-by: Linus Torvalds -Signed-off-by: Taylor Blau ---- - fmt-merge-msg.c | 2 +- - t/t6200-fmt-merge-msg.sh | 8 ++++++++ - 2 files changed, 9 insertions(+), 1 deletion(-) - -diff --git a/fmt-merge-msg.c b/fmt-merge-msg.c -index e5c0aff2bf..baca57d5b6 100644 ---- a/fmt-merge-msg.c -+++ b/fmt-merge-msg.c -@@ -541,7 +541,6 @@ static void fmt_merge_msg_sigs(struct strbuf *out) - else - strbuf_addstr(&sig, sigc.output); - } -- signature_check_clear(&sigc); - - if (!tag_number++) { - fmt_tag_signature(&tagbuf, &sig, buf, len); -@@ -565,6 +564,7 @@ static void fmt_merge_msg_sigs(struct strbuf *out) - } - strbuf_release(&payload); - strbuf_release(&sig); -+ signature_check_clear(&sigc); - next: - free(origbuf); - } -diff --git a/t/t6200-fmt-merge-msg.sh b/t/t6200-fmt-merge-msg.sh -index 7544245f90..5a221f8ef1 100755 ---- a/t/t6200-fmt-merge-msg.sh -+++ b/t/t6200-fmt-merge-msg.sh -@@ -126,6 +126,7 @@ test_expect_success GPG 'message for merging local tag signed by good key' ' - git fetch . signed-good-tag && - git fmt-merge-msg <.git/FETCH_HEAD >actual && - grep "^Merge tag ${apos}signed-good-tag${apos}" actual && -+ grep "^signed-tag-msg" actual && - grep "^# gpg: Signature made" actual && - grep "^# gpg: Good signature from" actual - ' -@@ -135,6 +136,7 @@ test_expect_success GPG 'message for merging local tag signed by unknown key' ' - git fetch . signed-good-tag && - GNUPGHOME=. git fmt-merge-msg <.git/FETCH_HEAD >actual && - grep "^Merge tag ${apos}signed-good-tag${apos}" actual && -+ grep "^signed-tag-msg" actual && - grep "^# gpg: Signature made" actual && - grep -E "^# gpg: Can${apos}t check signature: (public key not found|No public key)" actual - ' -@@ -145,6 +147,7 @@ test_expect_success GPGSSH 'message for merging local tag signed by good ssh key - git fetch . signed-good-ssh-tag && - git fmt-merge-msg <.git/FETCH_HEAD >actual && - grep "^Merge tag ${apos}signed-good-ssh-tag${apos}" actual && -+ grep "^signed-ssh-tag-msg" actual && - grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual && - ! grep "${GPGSSH_BAD_SIGNATURE}" actual - ' -@@ -155,6 +158,7 @@ test_expect_success GPGSSH 'message for merging local tag signed by unknown ssh - git fetch . signed-untrusted-ssh-tag && - git fmt-merge-msg <.git/FETCH_HEAD >actual && - grep "^Merge tag ${apos}signed-untrusted-ssh-tag${apos}" actual && -+ grep "^signed-ssh-tag-msg-untrusted" actual && - grep "${GPGSSH_GOOD_SIGNATURE_UNTRUSTED}" actual && - ! grep "${GPGSSH_BAD_SIGNATURE}" actual && - grep "${GPGSSH_KEY_NOT_TRUSTED}" actual -@@ -166,6 +170,7 @@ test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'message for merging local tag sign - git fetch . expired-signed && - git fmt-merge-msg <.git/FETCH_HEAD >actual && - grep "^Merge tag ${apos}expired-signed${apos}" actual && -+ grep "^expired-signed" actual && - ! grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual - ' - -@@ -175,6 +180,7 @@ test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'message for merging local tag sign - git fetch . notyetvalid-signed && - git fmt-merge-msg <.git/FETCH_HEAD >actual && - grep "^Merge tag ${apos}notyetvalid-signed${apos}" actual && -+ grep "^notyetvalid-signed" actual && - ! grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual - ' - -@@ -184,6 +190,7 @@ test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'message for merging local tag sign - git fetch . timeboxedvalid-signed && - git fmt-merge-msg <.git/FETCH_HEAD >actual && - grep "^Merge tag ${apos}timeboxedvalid-signed${apos}" actual && -+ grep "^timeboxedvalid-signed" actual && - grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual && - ! grep "${GPGSSH_BAD_SIGNATURE}" actual - ' -@@ -194,6 +201,7 @@ test_expect_success GPGSSH,GPGSSH_VERIFYTIME 'message for merging local tag sign - git fetch . timeboxedinvalid-signed && - git fmt-merge-msg <.git/FETCH_HEAD >actual && - grep "^Merge tag ${apos}timeboxedinvalid-signed${apos}" actual && -+ grep "^timeboxedinvalid-signed" actual && - ! grep "${GPGSSH_GOOD_SIGNATURE_TRUSTED}" actual - ' - --- -2.34.1.455.gd6eb6fd089 - diff --git a/git.spec b/git.spec index ea1b95b..fb6a98d 100644 --- a/git.spec +++ b/git.spec @@ -76,11 +76,11 @@ %endif # Define for release candidates -%global rcrev .rc0 +%global rcrev .rc1 Name: git Version: 2.35.0 -Release: 0.0%{?rcrev}%{?dist} +Release: 0.1%{?rcrev}%{?dist} Summary: Fast Version Control System License: GPLv2 URL: https://git-scm.com/ @@ -119,10 +119,6 @@ Patch3: 0003-t-lib-gpg-kill-all-gpg-components-not-just-gpg-agent.patch Patch4: 0004-t4202-match-gpgsm-output-from-GnuPG-2.3.patch Patch5: 0005-gpg-interface-match-SIG_CREATED-if-it-s-the-first-li.patch -# Fix tag message contents -# https://lore.kernel.org/git/CAHk-=whXPxWL7z3GiPkaDt+yygrRmagrYUnib7Lx=Vvrqx2ufg@mail.gmail.com/ -Patch6: https://lore.kernel.org/git/6e08b73d602853b3de71257117e85e32b96b5c19.1641849502.git.me@ttaylorr.com/raw#/0001-fmt-merge-msg-prevent-use-after-free-with-signed-tag.patch - %if %{with docs} # pod2man is needed to build Git.3pm BuildRequires: %{_bindir}/pod2man @@ -1012,6 +1008,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Sat Jan 15 2022 Todd Zullinger - 2.35.0-0.1.rc1 +- update to 2.35.0-rc1 + * Mon Jan 10 2022 Todd Zullinger - 2.35.0-0.0.rc0 - update to 2.35.0-rc0 diff --git a/sources b/sources index 4e6eca9..84bfe82 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.35.0.rc0.tar.xz) = 9aa5d89d7981c73d32e9023dfc61a62e63688c3172cba4bee145b2ff4f5f7bc497435d1b4b535089c698893feabc6057a6522676e52bd3355327dfc0b6b8ba56 -SHA512 (git-2.35.0.rc0.tar.sign) = fe4e74de26c0268d36f4fecfa2a2e014e4025c16c931366d1f6f70417661aa250e4ccb8d583c1060559e554e0f5eb770901f246f729f9a55ecbd08c11c6f1119 +SHA512 (git-2.35.0.rc1.tar.xz) = fe7fdf5dfa9f3c7ac89158fd73520335cb0c10ab992258dbb88ee1a90b03f4f8bfbe490dcf704770e91245e162014deb400f3b507dd6fda4f52b01c16081b2cd +SHA512 (git-2.35.0.rc1.tar.sign) = 0644ef1e80a3ef84edbe699c1fe50df451aa335b9a0881786e5dac73079e2b94111c9cfd140eb6bee1c2342e06d6c0a27e968fbd1bc5a2ca76892d6cbaa4bc83 From a8bfca0241b9008882609f05cbcc56466bd37856 Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Wed, 19 Jan 2022 18:02:12 -0500 Subject: [PATCH 003/113] update to 2.35.0-rc2 Release notes: https://github.com/git/git/raw/v2.35.0-rc2/Documentation/RelNotes/2.35.0.txt --- git.spec | 7 +++++-- sources | 4 ++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/git.spec b/git.spec index fb6a98d..6658bce 100644 --- a/git.spec +++ b/git.spec @@ -76,11 +76,11 @@ %endif # Define for release candidates -%global rcrev .rc1 +%global rcrev .rc2 Name: git Version: 2.35.0 -Release: 0.1%{?rcrev}%{?dist} +Release: 0.2%{?rcrev}%{?dist} Summary: Fast Version Control System License: GPLv2 URL: https://git-scm.com/ @@ -1008,6 +1008,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Wed Jan 19 2022 Todd Zullinger - 2.35.0-0.2.rc2 +- update to 2.35.0-rc2 + * Sat Jan 15 2022 Todd Zullinger - 2.35.0-0.1.rc1 - update to 2.35.0-rc1 diff --git a/sources b/sources index 84bfe82..debc1e5 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.35.0.rc1.tar.xz) = fe7fdf5dfa9f3c7ac89158fd73520335cb0c10ab992258dbb88ee1a90b03f4f8bfbe490dcf704770e91245e162014deb400f3b507dd6fda4f52b01c16081b2cd -SHA512 (git-2.35.0.rc1.tar.sign) = 0644ef1e80a3ef84edbe699c1fe50df451aa335b9a0881786e5dac73079e2b94111c9cfd140eb6bee1c2342e06d6c0a27e968fbd1bc5a2ca76892d6cbaa4bc83 +SHA512 (git-2.35.0.rc2.tar.xz) = 5eb758cbf37c632f89f03eca65bf36f7f2490fbfb3d54c396d906b45a7ab96735f928abe300d7bcacdfdd33b59b1901a4c92f27f30dfe82c4fb1e8d690568dc3 +SHA512 (git-2.35.0.rc2.tar.sign) = fc9d96ea3f58f3c34f121477597e4f5b4a9c50e0d3ee42d021a276f5f1ca9a524c437a3fee8c78b6f09095ff411ab2f919444c53152e9bb44e5211437c18f415 From ce97e98127806a33bcb42d1873af5aa11b77cdaa Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Fri, 21 Jan 2022 15:07:05 -0500 Subject: [PATCH 004/113] checkout: avoid BUG() when hitting a broken repository (rhbz#2042920) The git checkout command crashes when run multiple times, if `.git/refs/remotes/origin/HEAD` is manually copied into `.git/refs/heads/$branch-name`. Strictly, this is repository corruption, but it has been silently tolerated until upstream 9081a421 (checkout: fix "branch info" memory leaks, 2021-11-16), which added some sanity checking of the data. Loosen the check via Junio's upstream commit 519947b69a (checkout: avoid BUG() when hitting a broken repository, 2022-01-21). --- ...BUG-when-hitting-a-broken-repository.patch | 74 +++++++++++++++++++ git.spec | 9 ++- 2 files changed, 82 insertions(+), 1 deletion(-) create mode 100644 0001-checkout-avoid-BUG-when-hitting-a-broken-repository.patch diff --git a/0001-checkout-avoid-BUG-when-hitting-a-broken-repository.patch b/0001-checkout-avoid-BUG-when-hitting-a-broken-repository.patch new file mode 100644 index 0000000..d04d487 --- /dev/null +++ b/0001-checkout-avoid-BUG-when-hitting-a-broken-repository.patch @@ -0,0 +1,74 @@ +From 519947b69a9ea1461d5f5afc762823835295b3b2 Mon Sep 17 00:00:00 2001 +From: Junio C Hamano +Date: Fri, 21 Jan 2022 16:58:30 -0800 +Subject: [PATCH] checkout: avoid BUG() when hitting a broken repository +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +When 9081a421 (checkout: fix "branch info" memory leaks, 2021-11-16) +cleaned up existing memory leaks, we added an unrelated sanity check +to ensure that a local branch is truly local and not a symref to +elsewhere that dies with BUG() otherwise. This was misguided in two +ways. First of all, such a tightening did not belong to a leak-fix +patch. And the condition it detected was *not* a bug in our program +but a problem in user data, where warning() or die() would have been +more appropriate. + +As the condition is not fatal (the result of computing the local +branch name in the code that is involved in the faulty check is only +used as a textual label for the commit), let's revert the code to +the original state, i.e. strip "refs/heads/" to compute the local +branch name if possible, and otherwise leave it NULL. The consumer +of the information in merge_working_tree() is prepared to see NULL +in there and act accordingly. + +cf. https://bugzilla.redhat.com/show_bug.cgi?id=2042920 + +Reported-by: Petr Šplíchal +Reported-by: Todd Zullinger +Helped-by: Ævar Arnfjörð Bjarmason +Signed-off-by: Junio C Hamano +--- + builtin/checkout.c | 3 --- + t/t2018-checkout-branch.sh | 13 +++++++++++++ + 2 files changed, 13 insertions(+), 3 deletions(-) + +diff --git a/builtin/checkout.c b/builtin/checkout.c +index 43d0275187fc8f..1fb34d537d9e91 100644 +--- a/builtin/checkout.c ++++ b/builtin/checkout.c +@@ -1094,9 +1094,6 @@ static int switch_branches(const struct checkout_opts *opts, + const char *p; + if (skip_prefix(old_branch_info.path, prefix, &p)) + old_branch_info.name = xstrdup(p); +- else +- BUG("should be able to skip past '%s' in '%s'!", +- prefix, old_branch_info.path); + } + + if (opts->new_orphan_branch && opts->orphan_from_empty_tree) { +diff --git a/t/t2018-checkout-branch.sh b/t/t2018-checkout-branch.sh +index 93be1c0eae5ead..5dda5ad4cbcb07 100755 +--- a/t/t2018-checkout-branch.sh ++++ b/t/t2018-checkout-branch.sh +@@ -85,6 +85,19 @@ test_expect_success 'setup' ' + git branch -m branch1 + ' + ++test_expect_success 'checkout a branch without refs/heads/* prefix' ' ++ git clone --no-tags . repo-odd-prefix && ++ ( ++ cd repo-odd-prefix && ++ ++ origin=$(git symbolic-ref refs/remotes/origin/HEAD) && ++ git symbolic-ref refs/heads/a-branch "$origin" && ++ ++ git checkout -f a-branch && ++ git checkout -f a-branch ++ ) ++' ++ + test_expect_success 'checkout -b to a new branch, set to HEAD' ' + test_when_finished " + git checkout branch1 && diff --git a/git.spec b/git.spec index 6658bce..7f280db 100644 --- a/git.spec +++ b/git.spec @@ -80,7 +80,7 @@ Name: git Version: 2.35.0 -Release: 0.2%{?rcrev}%{?dist} +Release: 0.2%{?rcrev}%{?dist}.1 Summary: Fast Version Control System License: GPLv2 URL: https://git-scm.com/ @@ -119,6 +119,10 @@ Patch3: 0003-t-lib-gpg-kill-all-gpg-components-not-just-gpg-agent.patch Patch4: 0004-t4202-match-gpgsm-output-from-GnuPG-2.3.patch Patch5: 0005-gpg-interface-match-SIG_CREATED-if-it-s-the-first-li.patch +# checkout: avoid BUG() when hitting a broken repository +# https://bugzilla.redhat.com/2042920 +Patch6: https://github.com/git/git/commit/519947b69a.patch#/0001-checkout-avoid-BUG-when-hitting-a-broken-repository.patch + %if %{with docs} # pod2man is needed to build Git.3pm BuildRequires: %{_bindir}/pod2man @@ -1008,6 +1012,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Thu Jan 20 2022 Todd Zullinger - 2.35.0-0.2.rc2.1 +- checkout: avoid BUG() when hitting a broken repository (rhbz#2042920) + * Wed Jan 19 2022 Todd Zullinger - 2.35.0-0.2.rc2 - update to 2.35.0-rc2 From 601fe503aabd0aeb45589b153b8c23819966dfa6 Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Thu, 20 Jan 2022 12:33:32 -0500 Subject: [PATCH 005/113] fix compilation on EL7 Git now requires C99 support and a zlib with uncompress2 by default. On EL7, gcc-4.8.5 requires a flag to enable C99 support. Compilation also fails without -fPIC on EL7, for reasons of which I am not entirely clear. (I do not like making a change I cannot justify or explain properly, but it is better than dropping EL7 support until I have time to learn the reason(s).) Update the %build_cflags macro when building on EL7 to enable C99 support and set -fPIC. Define NO_UNCOMPRESS2 to use compat/zlib-uncompress2.c. --- git.spec | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/git.spec b/git.spec index 7f280db..778e231 100644 --- a/git.spec +++ b/git.spec @@ -39,6 +39,7 @@ %else %bcond_without python2 %bcond_with python3 +%global build_cflags %{build_cflags} -fPIC -std=gnu99 %global gitweb_httpd_conf git.conf %global use_glibc_langpacks 0 %global use_perl_generators 0 @@ -80,7 +81,7 @@ Name: git Version: 2.35.0 -Release: 0.2%{?rcrev}%{?dist}.1 +Release: 0.2%{?rcrev}%{?dist}.2 Summary: Fast Version Control System License: GPLv2 URL: https://git-scm.com/ @@ -548,6 +549,9 @@ INSTALL_SYMLINKS = 1 GITWEB_PROJECTROOT = %{_localstatedir}/lib/git GNU_ROFF = 1 NO_PERL_CPAN_FALLBACKS = 1 +%if 0%{?rhel} && 0%{?rhel} < 8 +NO_UNCOMPRESS2 = 1 +%endif %if %{with python3} PYTHON_PATH = %{__python3} %else @@ -1012,6 +1016,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Fri Jan 21 2022 Todd Zullinger - 2.35.0-0.2.rc2.2 +- fix compilation on EL7 + * Thu Jan 20 2022 Todd Zullinger - 2.35.0-0.2.rc2.1 - checkout: avoid BUG() when hitting a broken repository (rhbz#2042920) From 32a3ec7045053427f28f40500aad489b420325d4 Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Sat, 22 Jan 2022 12:49:44 -0500 Subject: [PATCH 006/113] remove contrib/scalar to avoid cruft in git-core-doc The scalar command is being worked on incrementally upstream. As it matures, we may consider building and distributing it. Whether that will happen before it graduates from contrib or not is anyone's guess. For the moment, remove it to avoid cruft in git-core-doc. --- git.spec | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/git.spec b/git.spec index 778e231..75ca4f4 100644 --- a/git.spec +++ b/git.spec @@ -81,7 +81,7 @@ Name: git Version: 2.35.0 -Release: 0.2%{?rcrev}%{?dist}.2 +Release: 0.2%{?rcrev}%{?dist}.3 Summary: Fast Version Control System License: GPLv2 URL: https://git-scm.com/ @@ -675,6 +675,9 @@ install -Dpm 0755 contrib/diff-highlight/diff-highlight \ %{buildroot}%{_datadir}/git-core/contrib/diff-highlight rm -rf contrib/diff-highlight/{Makefile,diff-highlight,*.perl,t} +# Remove contrib/scalar to avoid cruft in the git-core-doc docdir +rm -rf contrib/scalar + # Clean up contrib/subtree to avoid cruft in the git-core-doc docdir rm -rf contrib/subtree/{INSTALL,Makefile,git-subtree*,t} @@ -1016,6 +1019,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Sat Jan 22 2022 Todd Zullinger - 2.35.0-0.2.rc2.3 +- remove contrib/scalar to avoid cruft in git-core-doc + * Fri Jan 21 2022 Todd Zullinger - 2.35.0-0.2.rc2.2 - fix compilation on EL7 From 4eb061b2091db583f5b6d759e78d3aa6d32a75c4 Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Mon, 24 Jan 2022 15:31:20 -0500 Subject: [PATCH 007/113] update to 2.35.0 Release notes: https://github.com/git/git/raw/v2.35.0/Documentation/RelNotes/2.35.0.txt --- ...BUG-when-hitting-a-broken-repository.patch | 74 ------------------- git.spec | 11 ++- sources | 4 +- 3 files changed, 7 insertions(+), 82 deletions(-) delete mode 100644 0001-checkout-avoid-BUG-when-hitting-a-broken-repository.patch diff --git a/0001-checkout-avoid-BUG-when-hitting-a-broken-repository.patch b/0001-checkout-avoid-BUG-when-hitting-a-broken-repository.patch deleted file mode 100644 index d04d487..0000000 --- a/0001-checkout-avoid-BUG-when-hitting-a-broken-repository.patch +++ /dev/null @@ -1,74 +0,0 @@ -From 519947b69a9ea1461d5f5afc762823835295b3b2 Mon Sep 17 00:00:00 2001 -From: Junio C Hamano -Date: Fri, 21 Jan 2022 16:58:30 -0800 -Subject: [PATCH] checkout: avoid BUG() when hitting a broken repository -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -When 9081a421 (checkout: fix "branch info" memory leaks, 2021-11-16) -cleaned up existing memory leaks, we added an unrelated sanity check -to ensure that a local branch is truly local and not a symref to -elsewhere that dies with BUG() otherwise. This was misguided in two -ways. First of all, such a tightening did not belong to a leak-fix -patch. And the condition it detected was *not* a bug in our program -but a problem in user data, where warning() or die() would have been -more appropriate. - -As the condition is not fatal (the result of computing the local -branch name in the code that is involved in the faulty check is only -used as a textual label for the commit), let's revert the code to -the original state, i.e. strip "refs/heads/" to compute the local -branch name if possible, and otherwise leave it NULL. The consumer -of the information in merge_working_tree() is prepared to see NULL -in there and act accordingly. - -cf. https://bugzilla.redhat.com/show_bug.cgi?id=2042920 - -Reported-by: Petr Šplíchal -Reported-by: Todd Zullinger -Helped-by: Ævar Arnfjörð Bjarmason -Signed-off-by: Junio C Hamano ---- - builtin/checkout.c | 3 --- - t/t2018-checkout-branch.sh | 13 +++++++++++++ - 2 files changed, 13 insertions(+), 3 deletions(-) - -diff --git a/builtin/checkout.c b/builtin/checkout.c -index 43d0275187fc8f..1fb34d537d9e91 100644 ---- a/builtin/checkout.c -+++ b/builtin/checkout.c -@@ -1094,9 +1094,6 @@ static int switch_branches(const struct checkout_opts *opts, - const char *p; - if (skip_prefix(old_branch_info.path, prefix, &p)) - old_branch_info.name = xstrdup(p); -- else -- BUG("should be able to skip past '%s' in '%s'!", -- prefix, old_branch_info.path); - } - - if (opts->new_orphan_branch && opts->orphan_from_empty_tree) { -diff --git a/t/t2018-checkout-branch.sh b/t/t2018-checkout-branch.sh -index 93be1c0eae5ead..5dda5ad4cbcb07 100755 ---- a/t/t2018-checkout-branch.sh -+++ b/t/t2018-checkout-branch.sh -@@ -85,6 +85,19 @@ test_expect_success 'setup' ' - git branch -m branch1 - ' - -+test_expect_success 'checkout a branch without refs/heads/* prefix' ' -+ git clone --no-tags . repo-odd-prefix && -+ ( -+ cd repo-odd-prefix && -+ -+ origin=$(git symbolic-ref refs/remotes/origin/HEAD) && -+ git symbolic-ref refs/heads/a-branch "$origin" && -+ -+ git checkout -f a-branch && -+ git checkout -f a-branch -+ ) -+' -+ - test_expect_success 'checkout -b to a new branch, set to HEAD' ' - test_when_finished " - git checkout branch1 && diff --git a/git.spec b/git.spec index 75ca4f4..14f4c3b 100644 --- a/git.spec +++ b/git.spec @@ -77,11 +77,11 @@ %endif # Define for release candidates -%global rcrev .rc2 +#global rcrev .rc0 Name: git Version: 2.35.0 -Release: 0.2%{?rcrev}%{?dist}.3 +Release: 1%{?rcrev}%{?dist} Summary: Fast Version Control System License: GPLv2 URL: https://git-scm.com/ @@ -120,10 +120,6 @@ Patch3: 0003-t-lib-gpg-kill-all-gpg-components-not-just-gpg-agent.patch Patch4: 0004-t4202-match-gpgsm-output-from-GnuPG-2.3.patch Patch5: 0005-gpg-interface-match-SIG_CREATED-if-it-s-the-first-li.patch -# checkout: avoid BUG() when hitting a broken repository -# https://bugzilla.redhat.com/2042920 -Patch6: https://github.com/git/git/commit/519947b69a.patch#/0001-checkout-avoid-BUG-when-hitting-a-broken-repository.patch - %if %{with docs} # pod2man is needed to build Git.3pm BuildRequires: %{_bindir}/pod2man @@ -1019,6 +1015,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Mon Jan 24 2022 Todd Zullinger - 2.35.0-1 +- update to 2.35.0 + * Sat Jan 22 2022 Todd Zullinger - 2.35.0-0.2.rc2.3 - remove contrib/scalar to avoid cruft in git-core-doc diff --git a/sources b/sources index debc1e5..21febdd 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.35.0.rc2.tar.xz) = 5eb758cbf37c632f89f03eca65bf36f7f2490fbfb3d54c396d906b45a7ab96735f928abe300d7bcacdfdd33b59b1901a4c92f27f30dfe82c4fb1e8d690568dc3 -SHA512 (git-2.35.0.rc2.tar.sign) = fc9d96ea3f58f3c34f121477597e4f5b4a9c50e0d3ee42d021a276f5f1ca9a524c437a3fee8c78b6f09095ff411ab2f919444c53152e9bb44e5211437c18f415 +SHA512 (git-2.35.0.tar.xz) = ae391e1cda7b4e7d49e09e7412cd2da8d643c71f20967fd7b600be00a13d3b126c2bc3a2deece935742084ecbbd1eb51455b10365e0d65423979241e9e7b94a9 +SHA512 (git-2.35.0.tar.sign) = 8aeb47662e51f2d64150101b2e0887c9f6bfe42b312d52cde3e9d0b2467febea7bd4e9ba2e2df2121728a574e3d02a42ef7f2220486211bde8f936e848da4510 From 1dc07e7d5daaacc47013f1a646d81f79379176b6 Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Mon, 24 Jan 2022 15:33:49 -0500 Subject: [PATCH 008/113] set path to linker script in %_package_note_file MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The package-notes feature¹ creates a linker script in %{buildsubdir}. Unfortunately, %{buildsubdir} is not set in %prep, leaving us with an incorrect path to the linker script. The build then fails with: /usr/bin/ld: cannot open linker script file /builddir/build/BUILD/.package_note-git-2.35.0-0.2.rc2.fc36.3.x86_64.ld: No such file or directory Set the path to the linker script via %_package_note_file, per suggestion by Zbigniew Jędrzejewski-Szmek². References: ¹ https://fedoraproject.org/wiki/Changes/Package_information_on_ELF_objects ² https://bugzilla.redhat.com/2044028#c10 --- git.spec | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/git.spec b/git.spec index 14f4c3b..1baa4ef 100644 --- a/git.spec +++ b/git.spec @@ -76,6 +76,9 @@ %global _hardened_build 1 %endif +# Set path to the package-notes linker script +%global _package_note_file %{_builddir}/%{name}-%{version}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld + # Define for release candidates #global rcrev .rc0 @@ -1017,6 +1020,7 @@ rmdir --ignore-fail-on-non-empty "$testdir" %changelog * Mon Jan 24 2022 Todd Zullinger - 2.35.0-1 - update to 2.35.0 +- set path to linker script in %%_package_note_file * Sat Jan 22 2022 Todd Zullinger - 2.35.0-0.2.rc2.3 - remove contrib/scalar to avoid cruft in git-core-doc From 9e214cd4d018c3be1f38bd2b4aa949a8b7f0a3a4 Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Sat, 29 Jan 2022 00:20:45 -0500 Subject: [PATCH 009/113] update to 2.35.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Per the upstream release notes¹: Git 2.35 shipped with a regression that broke use of "rebase" and "stash" in a secondary worktree. This maintenance release ought to fix it. ¹ https://github.com/git/git/raw/v2.35.1/Documentation/RelNotes/2.35.1.txt --- git.spec | 5 ++++- sources | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/git.spec b/git.spec index 1baa4ef..b8ea26b 100644 --- a/git.spec +++ b/git.spec @@ -83,7 +83,7 @@ #global rcrev .rc0 Name: git -Version: 2.35.0 +Version: 2.35.1 Release: 1%{?rcrev}%{?dist} Summary: Fast Version Control System License: GPLv2 @@ -1018,6 +1018,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Sat Jan 29 2022 Todd Zullinger - 2.35.1-1 +- update to 2.35.1 + * Mon Jan 24 2022 Todd Zullinger - 2.35.0-1 - update to 2.35.0 - set path to linker script in %%_package_note_file diff --git a/sources b/sources index 21febdd..4095968 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.35.0.tar.xz) = ae391e1cda7b4e7d49e09e7412cd2da8d643c71f20967fd7b600be00a13d3b126c2bc3a2deece935742084ecbbd1eb51455b10365e0d65423979241e9e7b94a9 -SHA512 (git-2.35.0.tar.sign) = 8aeb47662e51f2d64150101b2e0887c9f6bfe42b312d52cde3e9d0b2467febea7bd4e9ba2e2df2121728a574e3d02a42ef7f2220486211bde8f936e848da4510 +SHA512 (git-2.35.1.tar.xz) = 926c6813ef61931e1a1c43dfd7b15e20dc5878c1752876bd08f039249c9ed09f20f096b2f01947de9c9522c942e9fa8c1363d7d31a488bbe3f93c0cff31fcbcb +SHA512 (git-2.35.1.tar.sign) = 27adbb0628a18ae13ce76c2812c2f2a8a9da002105ca1f550a864ae769a27efa697ab7cbd8582e69be99d8731fe2f53895321c3a71990ffbcfe1e7f2064fd9b7 From 0b5afcebda0b34f5fb5860355c6ceef770f3feb1 Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Mon, 4 Apr 2022 23:43:05 -0400 Subject: [PATCH 010/113] update to 2.36.0-rc0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The %_package_note_file definition added in 1dc07e7 (set path to linker script in %_package_note_file, 2022-01-24) does not support release candidates. Fix it. Add 'fsmonitor--daemon is not supported on this platform' and 'missing !REFFILES' to git.skip-test-patterns to match new test prerequisites which are not relevant for our builds. Adjust number of t5541 "push 2000 tags over http" test. It was shifted from 35 to 36 by upstream c36c62859a (tests: use "test_hook" for misc "mkdir -p" and "chmod" cases, 2022-03-17). Replace `%__make test` with `%__make -C t all` to avoid re-compiling in %check. This is an issue I have yet to fully diagnose. I suspect that it is related to the nice work Ævar Arnfjörð Bjarmason has done upstream to improve the efficiency and correctness of the build process. Work around it for the moment. Release notes: https://github.com/git/git/raw/v2.36.0-rc0/Documentation/RelNotes/2.36.0.txt --- ...-litdd-in-credential-cache-fsmonitor.patch | 102 ++++++++++++++++++ ...ith-colons-when-parsing-gpgsm-output.patch | 47 -------- ...-gpg-components-after-updating-trust.patch | 31 ------ ...ll-gpg-components-not-just-gpg-agent.patch | 40 ------- ...02-match-gpgsm-output-from-GnuPG-2.3.patch | 33 ------ ...tch-SIG_CREATED-if-it-s-the-first-li.patch | 48 --------- git.skip-test-patterns | 2 + git.spec | 29 +++-- sources | 4 +- 9 files changed, 120 insertions(+), 216 deletions(-) create mode 100644 0001-doc-replace-with-litdd-in-credential-cache-fsmonitor.patch delete mode 100644 0001-t-lib-gpg-use-with-colons-when-parsing-gpgsm-output.patch delete mode 100644 0002-t-lib-gpg-reload-gpg-components-after-updating-trust.patch delete mode 100644 0003-t-lib-gpg-kill-all-gpg-components-not-just-gpg-agent.patch delete mode 100644 0004-t4202-match-gpgsm-output-from-GnuPG-2.3.patch delete mode 100644 0005-gpg-interface-match-SIG_CREATED-if-it-s-the-first-li.patch diff --git a/0001-doc-replace-with-litdd-in-credential-cache-fsmonitor.patch b/0001-doc-replace-with-litdd-in-credential-cache-fsmonitor.patch new file mode 100644 index 0000000..6982207 --- /dev/null +++ b/0001-doc-replace-with-litdd-in-credential-cache-fsmonitor.patch @@ -0,0 +1,102 @@ +From f3ea4bed2acb129db66c4c9a22dae71576d58066 Mon Sep 17 00:00:00 2001 +From: Todd Zullinger +Date: Wed, 6 Apr 2022 14:41:22 -0400 +Subject: [PATCH] doc: replace "--" with {litdd} in credential-cache/fsmonitor + +Asciidoc renders `--` as em-dash. This is not appropriate for command +names. It also breaks linkgit links to these commands. + +Fix git-credential-cache--daemon and git-fsmonitor--daemon. The latter +was added 3248486920 (fsmonitor: document builtin fsmonitor, 2022-03-25) +and included several links. A check for broken links in the HTML docs +turned this up. + +Manually inspecting the other Documentation/git-*--*.txt files turned up +the issue in git-credential-cache--daemon. + +While here, quote `git credential-cache--daemon` in the synopsis to +match the vast majority of our other documentation. + +Signed-off-by: Todd Zullinger +Signed-off-by: Junio C Hamano +--- + Documentation/config/core.txt | 2 +- + Documentation/git-credential-cache--daemon.txt | 6 +++--- + Documentation/git-fsmonitor--daemon.txt | 12 ++++++------ + Documentation/git-update-index.txt | 2 +- + 4 files changed, 11 insertions(+), 11 deletions(-) + +diff --git a/Documentation/config/core.txt b/Documentation/config/core.txt +index 889522956e45bb..e67392cc838499 100644 +--- a/Documentation/config/core.txt ++++ b/Documentation/config/core.txt +@@ -63,7 +63,7 @@ core.protectNTFS:: + + core.fsmonitor:: + If set to true, enable the built-in file system monitor +- daemon for this working directory (linkgit:git-fsmonitor--daemon[1]). ++ daemon for this working directory (linkgit:git-fsmonitor{litdd}daemon[1]). + + + Like hook-based file system monitors, the built-in file system monitor + can speed up Git commands that need to refresh the Git index +diff --git a/Documentation/git-credential-cache--daemon.txt b/Documentation/git-credential-cache--daemon.txt +index 7051c6bdf8f542..01e1c214dd82e1 100644 +--- a/Documentation/git-credential-cache--daemon.txt ++++ b/Documentation/git-credential-cache--daemon.txt +@@ -1,5 +1,5 @@ +-git-credential-cache--daemon(1) +-=============================== ++git-credential-cache{litdd}daemon(1) ++==================================== + + NAME + ---- +@@ -8,7 +8,7 @@ git-credential-cache--daemon - Temporarily store user credentials in memory + SYNOPSIS + -------- + [verse] +-git credential-cache--daemon [--debug] ++'git credential-cache{litdd}daemon' [--debug] + + DESCRIPTION + ----------- +diff --git a/Documentation/git-fsmonitor--daemon.txt b/Documentation/git-fsmonitor--daemon.txt +index 0fedf5a4565f79..cc142fb8612c72 100644 +--- a/Documentation/git-fsmonitor--daemon.txt ++++ b/Documentation/git-fsmonitor--daemon.txt +@@ -1,5 +1,5 @@ +-git-fsmonitor--daemon(1) +-======================== ++git-fsmonitor{litdd}daemon(1) ++============================= + + NAME + ---- +@@ -8,10 +8,10 @@ git-fsmonitor--daemon - A Built-in File System Monitor + SYNOPSIS + -------- + [verse] +-'git fsmonitor--daemon' start +-'git fsmonitor--daemon' run +-'git fsmonitor--daemon' stop +-'git fsmonitor--daemon' status ++'git fsmonitor{litdd}daemon' start ++'git fsmonitor{litdd}daemon' run ++'git fsmonitor{litdd}daemon' stop ++'git fsmonitor{litdd}daemon' status + + DESCRIPTION + ----------- +diff --git a/Documentation/git-update-index.txt b/Documentation/git-update-index.txt +index 64315e2e8c2d3f..5ea2f2c60e45a3 100644 +--- a/Documentation/git-update-index.txt ++++ b/Documentation/git-update-index.txt +@@ -528,7 +528,7 @@ This feature is intended to speed up git operations for repos that have + large working directories. + + It enables git to work together with a file system monitor (see +-linkgit:git-fsmonitor--daemon[1] ++linkgit:git-fsmonitor{litdd}daemon[1] + and the + "fsmonitor-watchman" section of linkgit:githooks[5]) that can + inform it as to what files have been modified. This enables git to avoid diff --git a/0001-t-lib-gpg-use-with-colons-when-parsing-gpgsm-output.patch b/0001-t-lib-gpg-use-with-colons-when-parsing-gpgsm-output.patch deleted file mode 100644 index 5c003a5..0000000 --- a/0001-t-lib-gpg-use-with-colons-when-parsing-gpgsm-output.patch +++ /dev/null @@ -1,47 +0,0 @@ -From e155951262e6dea419db8b9010342b08b487f96a Mon Sep 17 00:00:00 2001 -From: Todd Zullinger -Date: Thu, 25 Nov 2021 05:05:08 -0500 -Subject: [PATCH] t/lib-gpg: use --with-colons when parsing gpgsm output -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The output of `gpgsm -K` changed in gnupg-2.3¹, breaking the parsing -used by the GPGSM prereq. - -Use the `--with-colons` options for stable, machine-parseable output. -This allows the grep/cut/tr pipeline (and the subsequent echo which -appends ' S relax') to be replaced with a single call to awk to create -the ${GNUPGHOME}/trustlist.txt file. - -¹ https://dev.gnupg.org/rGe7d70923901e is the change in 2.3, while - https://dev.gnupg.org/rG9c57de75cf36 is the similar change in 2.2. - - The latter says: Here in 2.2 we keep the string "fingerprint:" and no - not change it to "sha1 fpr" as we did in master (2.3). (sic) - -Signed-off-by: Todd Zullinger ---- - t/lib-gpg.sh | 8 +++----- - 1 file changed, 3 insertions(+), 5 deletions(-) - -diff --git a/t/lib-gpg.sh b/t/lib-gpg.sh -index a3f285f515..cbbf74e725 100644 ---- a/t/lib-gpg.sh -+++ b/t/lib-gpg.sh -@@ -72,12 +72,10 @@ test_lazy_prereq GPGSM ' - --passphrase-fd 0 --pinentry-mode loopback \ - --import "$TEST_DIRECTORY"/lib-gpg/gpgsm_cert.p12 && - -- gpgsm --homedir "${GNUPGHOME}" -K | -- grep fingerprint: | -- cut -d" " -f4 | -- tr -d "\\n" >"${GNUPGHOME}/trustlist.txt" && -+ gpgsm --homedir "${GNUPGHOME}" -K --with-colons | -+ awk -F ":" "/^fpr:/ {printf \"%s S relax\\n\", \$10}" \ -+ >"${GNUPGHOME}/trustlist.txt" && - -- echo " S relax" >>"${GNUPGHOME}/trustlist.txt" && - echo hello | gpgsm --homedir "${GNUPGHOME}" >/dev/null \ - -u committer@example.com -o /dev/null --sign - - ' diff --git a/0002-t-lib-gpg-reload-gpg-components-after-updating-trust.patch b/0002-t-lib-gpg-reload-gpg-components-after-updating-trust.patch deleted file mode 100644 index 2c27b74..0000000 --- a/0002-t-lib-gpg-reload-gpg-components-after-updating-trust.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 93299b9b221da01d4055528f7c760d04ee83b82b Mon Sep 17 00:00:00 2001 -From: Todd Zullinger -Date: Thu, 25 Nov 2021 08:07:32 -0500 -Subject: [PATCH] t/lib-gpg: reload gpg components after updating trustlist - -With gpgsm from gnupg-2.3, the changes to the trustlist.txt do not -appear to be picked up without refreshing the gpg-agent. Use the 'all' -keyword to reload all of the gpg components. The scdaemon is started as -a child of gpg-agent, for example. - -We used to have a --kill at this spot, but I removed it in 2e285e7803 -(t/lib-gpg: drop redundant killing of gpg-agent, 2019-02-07). It seems -like it might be necessary (again) for 2.3. - -Signed-off-by: Todd Zullinger ---- - t/lib-gpg.sh | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/t/lib-gpg.sh b/t/lib-gpg.sh -index cbbf74e725..d675698a2d 100644 ---- a/t/lib-gpg.sh -+++ b/t/lib-gpg.sh -@@ -75,6 +75,7 @@ test_lazy_prereq GPGSM ' - gpgsm --homedir "${GNUPGHOME}" -K --with-colons | - awk -F ":" "/^fpr:/ {printf \"%s S relax\\n\", \$10}" \ - >"${GNUPGHOME}/trustlist.txt" && -+ (gpgconf --reload all || : ) && - - echo hello | gpgsm --homedir "${GNUPGHOME}" >/dev/null \ - -u committer@example.com -o /dev/null --sign - diff --git a/0003-t-lib-gpg-kill-all-gpg-components-not-just-gpg-agent.patch b/0003-t-lib-gpg-kill-all-gpg-components-not-just-gpg-agent.patch deleted file mode 100644 index 2905564..0000000 --- a/0003-t-lib-gpg-kill-all-gpg-components-not-just-gpg-agent.patch +++ /dev/null @@ -1,40 +0,0 @@ -From da340dd76714474126f73f6b53087da0ffd4e8d8 Mon Sep 17 00:00:00 2001 -From: Todd Zullinger -Date: Fri, 26 Nov 2021 21:11:54 -0500 -Subject: [PATCH] t/lib-gpg: kill all gpg components, not just gpg-agent - -The gpg-agent is one of several processes that newer releases of GnuPG -start automatically. Issue a kill to each of them to ensure they do not -affect separate tests. (Yes, the separate GNUPGHOME should do that -already. If we find that is case, we could drop the --kill entirely.) - -In terms of compatibility, the 'all' keyword was added to the --kill & ---reload options in GnuPG 2.1.18. Debian and RHEL are often used as -indicators of how a change might affect older systems we often try to -support. - - - Debian Strech (old old stable), which has limited security support - until June 2022, has GnuPG 2.1.18 (or 2.2.x in backports). - - - CentOS/RHEL 7, which is supported until June 2024, has GnuPG - 2.0.22, which lacks the --kill option, so the change won't have - any impact. - -Signed-off-by: Todd Zullinger ---- - t/lib-gpg.sh | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/t/lib-gpg.sh b/t/lib-gpg.sh -index d675698a2d..2bb309a8c1 100644 ---- a/t/lib-gpg.sh -+++ b/t/lib-gpg.sh -@@ -40,7 +40,7 @@ test_lazy_prereq GPG ' - # > lib-gpg/ownertrust - mkdir "$GNUPGHOME" && - chmod 0700 "$GNUPGHOME" && -- (gpgconf --kill gpg-agent || : ) && -+ (gpgconf --kill all || : ) && - gpg --homedir "${GNUPGHOME}" --import \ - "$TEST_DIRECTORY"/lib-gpg/keyring.gpg && - gpg --homedir "${GNUPGHOME}" --import-ownertrust \ diff --git a/0004-t4202-match-gpgsm-output-from-GnuPG-2.3.patch b/0004-t4202-match-gpgsm-output-from-GnuPG-2.3.patch deleted file mode 100644 index 005ace7..0000000 --- a/0004-t4202-match-gpgsm-output-from-GnuPG-2.3.patch +++ /dev/null @@ -1,33 +0,0 @@ -From d1efcac68414b80cc0fd7b7e3b4781f313d98697 Mon Sep 17 00:00:00 2001 -From: Todd Zullinger -Date: Sat, 27 Nov 2021 05:31:13 -0500 -Subject: [PATCH] t4202: match gpgsm output from GnuPG 2.3 -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -In GnuPG 2.3, the output from gpgsm when a certificate is not found -differs from that of earlier versions. This appears to be a bug¹, but -there are several releases in use now which have this output. Extend -the grep pattern to catch it rather than failing the test. - -¹ https://lists.gnupg.org/pipermail/gnupg-devel/2021-November/034991.html - -Signed-off-by: Todd Zullinger ---- - t/t4202-log.sh | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/t/t4202-log.sh b/t/t4202-log.sh -index 7884e3d46b..c69f9ac469 100755 ---- a/t/t4202-log.sh -+++ b/t/t4202-log.sh -@@ -1851,7 +1851,7 @@ test_expect_success GPGSM 'log --graph --show-signature for merged tag x509 miss - git merge --no-ff -m msg signed_tag_x509_nokey && - GNUPGHOME=. git log --graph --show-signature -n1 plain-x509-nokey >actual && - grep "^|\\\ merged tag" actual && -- grep "^| | gpgsm: certificate not found" actual -+ grep -Ei "^| | gpgsm:( failed to find the)? certificate:? not found" actual - ' - - test_expect_success GPGSM 'log --graph --show-signature for merged tag x509 bad signature' ' diff --git a/0005-gpg-interface-match-SIG_CREATED-if-it-s-the-first-li.patch b/0005-gpg-interface-match-SIG_CREATED-if-it-s-the-first-li.patch deleted file mode 100644 index 458af9d..0000000 --- a/0005-gpg-interface-match-SIG_CREATED-if-it-s-the-first-li.patch +++ /dev/null @@ -1,48 +0,0 @@ -From edb5eafc9945b2d400c2d777a9750cee06ab500f Mon Sep 17 00:00:00 2001 -From: Todd Zullinger -Date: Sat, 27 Nov 2021 02:55:47 -0500 -Subject: [PATCH] gpg-interface: match SIG_CREATED if it's the first line - -In `sign_buffer_gpg`, "\n[GNUPG:] SIG_CREATED " in the gpg status output -is used to signal a successful signature. This fails if "SIG_CREATED" -is the first line in the gpg output, as is the case with `gpgsm` in -GnuPG 2.3. - -In earlier versions of GnuPG, there was a debug line in the `gpgsm` -output which allowed the check in `sign_buffer_gpg` to work. This debug -line was removed from GnuPG in a6d2f3133 (sm: Replace some debug message -by log_error or log_info, 2020-04-21). - -The result is the `gpgsm --status-fd` output for a signing operation -starts with "[GNUPG:] SIG_CREATED" and we mistakenly report "gpg failed -to sign the data" to the user. The `gpg` command has other `[GNUPG:]` -output for signing operations, so it is not affected by this issue. -It's best not to rely on something as subtle and out of our control as -the order if the gnupg status messages. - -This likely went unnoticed because the GPGSM test prereq was failing for -a different reason with GnuPG 2.3. No tests failed, they were simply -skipped due to the missing GPGSM prereq. - -Signed-off-by: Todd Zullinger ---- - gpg-interface.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/gpg-interface.c b/gpg-interface.c -index 3e7255a2a9..d179dfb3ab 100644 ---- a/gpg-interface.c -+++ b/gpg-interface.c -@@ -859,6 +859,12 @@ static int sign_buffer_gpg(struct strbuf *buffer, struct strbuf *signature, - - bottom = signature->len; - -+ /* -+ * Ensure gpg_status begins with a newline or we'll fail to match if -+ * the SIG_CREATED line is at the start of the gpg output. -+ */ -+ strbuf_addch(&gpg_status, '\n'); -+ - /* - * When the username signingkey is bad, program could be terminated - * because gpg exits without reading and then write gets SIGPIPE. diff --git a/git.skip-test-patterns b/git.skip-test-patterns index bd44452..234d37a 100644 --- a/git.skip-test-patterns +++ b/git.skip-test-patterns @@ -1,5 +1,6 @@ expensive 2GB clone test; enable with GIT_TEST_CLONE_2GB=true filesystem does not corrupt utf-8 +fsmonitor--daemon is not supported on this platform GIT_SKIP_TESTS missing AUTOIDENT missing CASE_INSENSITIVE_FS @@ -11,6 +12,7 @@ missing MINGW missing NATIVE_CRLF missing !PCRE missing !PTHREADS +missing !REFFILES missing RFC1991 missing RUNTIME_PREFIX missing SYMLINKS_WINDOWS diff --git a/git.spec b/git.spec index b8ea26b..e105b6c 100644 --- a/git.spec +++ b/git.spec @@ -76,15 +76,15 @@ %global _hardened_build 1 %endif -# Set path to the package-notes linker script -%global _package_note_file %{_builddir}/%{name}-%{version}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld - # Define for release candidates -#global rcrev .rc0 +%global rcrev .rc0 + +# Set path to the package-notes linker script +%global _package_note_file %{_builddir}/%{name}-%{version}%{?rcrev}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git -Version: 2.35.1 -Release: 1%{?rcrev}%{?dist} +Version: 2.36.0 +Release: 0.0%{?rcrev}%{?dist} Summary: Fast Version Control System License: GPLv2 URL: https://git-scm.com/ @@ -116,12 +116,8 @@ Source99: print-failed-test-output # https://bugzilla.redhat.com/490602 Patch0: git-cvsimport-Ignore-cvsps-2.2b1-Branches-output.patch -# Fix a few tests and issues with gnupg-2.3 -Patch1: 0001-t-lib-gpg-use-with-colons-when-parsing-gpgsm-output.patch -Patch2: 0002-t-lib-gpg-reload-gpg-components-after-updating-trust.patch -Patch3: 0003-t-lib-gpg-kill-all-gpg-components-not-just-gpg-agent.patch -Patch4: 0004-t4202-match-gpgsm-output-from-GnuPG-2.3.patch -Patch5: 0005-gpg-interface-match-SIG_CREATED-if-it-s-the-first-li.patch +# https://lore.kernel.org/git/20220406184122.4126898-1-tmz@pobox.com/ +Patch1: https://github.com/git/git/commit/f3ea4bed2.patch#/0001-doc-replace-with-litdd-in-credential-cache-fsmonitor.patch %if %{with docs} # pod2man is needed to build Git.3pm @@ -826,9 +822,9 @@ GIT_SKIP_TESTS="" # # The following 2 tests use run_with_limited_cmdline, which calls ulimit -s 128 # to limit the maximum stack size. -# t5541.35 'push 2000 tags over http' +# t5541.36 'push 2000 tags over http' # t5551.25 'clone the 2,000 tag repo to check OS command line overflow' -GIT_SKIP_TESTS="$GIT_SKIP_TESTS t5541.35 t5551.25" +GIT_SKIP_TESTS="$GIT_SKIP_TESTS t5541.36 t5551.25" %endif # endif aarch64 %%{arm} %%{power64} @@ -866,7 +862,7 @@ sed -i "s@\(GIT_TEST_OPTS='.*\)'@\1 --root=$testdir'@" GIT-BUILD-OPTIONS touch -r ts GIT-BUILD-OPTIONS # Run the tests -%__make test || ./print-failed-test-output +%__make -C t all || ./print-failed-test-output # Run contrib/credential/netrc tests mkdir -p contrib/credential @@ -1018,6 +1014,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Tue Apr 05 2022 Todd Zullinger - 2.36.0-0.0.rc0 +- update to 2.36.0-rc0 + * Sat Jan 29 2022 Todd Zullinger - 2.35.1-1 - update to 2.35.1 diff --git a/sources b/sources index 4095968..567d1db 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.35.1.tar.xz) = 926c6813ef61931e1a1c43dfd7b15e20dc5878c1752876bd08f039249c9ed09f20f096b2f01947de9c9522c942e9fa8c1363d7d31a488bbe3f93c0cff31fcbcb -SHA512 (git-2.35.1.tar.sign) = 27adbb0628a18ae13ce76c2812c2f2a8a9da002105ca1f550a864ae769a27efa697ab7cbd8582e69be99d8731fe2f53895321c3a71990ffbcfe1e7f2064fd9b7 +SHA512 (git-2.36.0.rc0.tar.xz) = 7417784582f17e9579fbae984a175af814ff6bd9b28b48d0405b8c4342566a4e138df0f544ee7fbccf25419a50c3848fb9d0830feb9848a2f41cae2c969989c4 +SHA512 (git-2.36.0.rc0.tar.sign) = f1c8217687c993a32a3b8b38cde242440e6c3de4093dffd68bd9d483f103d20701856254e9bc92c2945c75405dd2c67e4c66076c05b469bbf4b21b7752888358 From 25830241e697031e1debac8298151b00a013e835 Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Fri, 8 Apr 2022 13:42:17 -0400 Subject: [PATCH 011/113] use httpd-core for tests on Fedora >= 37 The httpd package was slimmed down per rhbz#2070517. Use the new httpd-core package for the test suite requirements on F37+. While here, adjust a nearby '# endif' comment to match reality. --- git.spec | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/git.spec b/git.spec index e105b6c..287ef90 100644 --- a/git.spec +++ b/git.spec @@ -189,7 +189,7 @@ BuildRequires: acl # Needed by t5540-http-push-webdav.sh BuildRequires: apr-util-bdb %endif -# endif fedora >= 27 +# endif fedora or rhel >= 8 BuildRequires: bash %if %{with cvs} BuildRequires: cvs @@ -212,7 +212,12 @@ BuildRequires: gnupg2-smime BuildRequires: highlight %endif # endif fedora or el7+ (ppc64le/x86_64) +%if 0%{?fedora} >= 37 +BuildRequires: httpd-core +%else BuildRequires: httpd +%endif +# endif fedora >= 37 %if 0%{?fedora} && ! ( 0%{?fedora} >= 35 || "%{_arch}" == "i386" || "%{_arch}" == "s390x" ) BuildRequires: jgit %endif @@ -1016,6 +1021,7 @@ rmdir --ignore-fail-on-non-empty "$testdir" %changelog * Tue Apr 05 2022 Todd Zullinger - 2.36.0-0.0.rc0 - update to 2.36.0-rc0 +- use httpd-core for tests on Fedora >= 37 * Sat Jan 29 2022 Todd Zullinger - 2.35.1-1 - update to 2.35.1 From d1736385d567d30b7931bc1e8a26112ad05a3aec Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Mon, 4 Apr 2022 23:43:05 -0400 Subject: [PATCH 012/113] update to 2.36.0-rc1 Release notes: https://github.com/git/git/raw/v2.36.0-rc1/Documentation/RelNotes/2.36.0.txt --- ...-litdd-in-credential-cache-fsmonitor.patch | 102 ------------------ git.spec | 10 +- sources | 4 +- 3 files changed, 7 insertions(+), 109 deletions(-) delete mode 100644 0001-doc-replace-with-litdd-in-credential-cache-fsmonitor.patch diff --git a/0001-doc-replace-with-litdd-in-credential-cache-fsmonitor.patch b/0001-doc-replace-with-litdd-in-credential-cache-fsmonitor.patch deleted file mode 100644 index 6982207..0000000 --- a/0001-doc-replace-with-litdd-in-credential-cache-fsmonitor.patch +++ /dev/null @@ -1,102 +0,0 @@ -From f3ea4bed2acb129db66c4c9a22dae71576d58066 Mon Sep 17 00:00:00 2001 -From: Todd Zullinger -Date: Wed, 6 Apr 2022 14:41:22 -0400 -Subject: [PATCH] doc: replace "--" with {litdd} in credential-cache/fsmonitor - -Asciidoc renders `--` as em-dash. This is not appropriate for command -names. It also breaks linkgit links to these commands. - -Fix git-credential-cache--daemon and git-fsmonitor--daemon. The latter -was added 3248486920 (fsmonitor: document builtin fsmonitor, 2022-03-25) -and included several links. A check for broken links in the HTML docs -turned this up. - -Manually inspecting the other Documentation/git-*--*.txt files turned up -the issue in git-credential-cache--daemon. - -While here, quote `git credential-cache--daemon` in the synopsis to -match the vast majority of our other documentation. - -Signed-off-by: Todd Zullinger -Signed-off-by: Junio C Hamano ---- - Documentation/config/core.txt | 2 +- - Documentation/git-credential-cache--daemon.txt | 6 +++--- - Documentation/git-fsmonitor--daemon.txt | 12 ++++++------ - Documentation/git-update-index.txt | 2 +- - 4 files changed, 11 insertions(+), 11 deletions(-) - -diff --git a/Documentation/config/core.txt b/Documentation/config/core.txt -index 889522956e45bb..e67392cc838499 100644 ---- a/Documentation/config/core.txt -+++ b/Documentation/config/core.txt -@@ -63,7 +63,7 @@ core.protectNTFS:: - - core.fsmonitor:: - If set to true, enable the built-in file system monitor -- daemon for this working directory (linkgit:git-fsmonitor--daemon[1]). -+ daemon for this working directory (linkgit:git-fsmonitor{litdd}daemon[1]). - + - Like hook-based file system monitors, the built-in file system monitor - can speed up Git commands that need to refresh the Git index -diff --git a/Documentation/git-credential-cache--daemon.txt b/Documentation/git-credential-cache--daemon.txt -index 7051c6bdf8f542..01e1c214dd82e1 100644 ---- a/Documentation/git-credential-cache--daemon.txt -+++ b/Documentation/git-credential-cache--daemon.txt -@@ -1,5 +1,5 @@ --git-credential-cache--daemon(1) --=============================== -+git-credential-cache{litdd}daemon(1) -+==================================== - - NAME - ---- -@@ -8,7 +8,7 @@ git-credential-cache--daemon - Temporarily store user credentials in memory - SYNOPSIS - -------- - [verse] --git credential-cache--daemon [--debug] -+'git credential-cache{litdd}daemon' [--debug] - - DESCRIPTION - ----------- -diff --git a/Documentation/git-fsmonitor--daemon.txt b/Documentation/git-fsmonitor--daemon.txt -index 0fedf5a4565f79..cc142fb8612c72 100644 ---- a/Documentation/git-fsmonitor--daemon.txt -+++ b/Documentation/git-fsmonitor--daemon.txt -@@ -1,5 +1,5 @@ --git-fsmonitor--daemon(1) --======================== -+git-fsmonitor{litdd}daemon(1) -+============================= - - NAME - ---- -@@ -8,10 +8,10 @@ git-fsmonitor--daemon - A Built-in File System Monitor - SYNOPSIS - -------- - [verse] --'git fsmonitor--daemon' start --'git fsmonitor--daemon' run --'git fsmonitor--daemon' stop --'git fsmonitor--daemon' status -+'git fsmonitor{litdd}daemon' start -+'git fsmonitor{litdd}daemon' run -+'git fsmonitor{litdd}daemon' stop -+'git fsmonitor{litdd}daemon' status - - DESCRIPTION - ----------- -diff --git a/Documentation/git-update-index.txt b/Documentation/git-update-index.txt -index 64315e2e8c2d3f..5ea2f2c60e45a3 100644 ---- a/Documentation/git-update-index.txt -+++ b/Documentation/git-update-index.txt -@@ -528,7 +528,7 @@ This feature is intended to speed up git operations for repos that have - large working directories. - - It enables git to work together with a file system monitor (see --linkgit:git-fsmonitor--daemon[1] -+linkgit:git-fsmonitor{litdd}daemon[1] - and the - "fsmonitor-watchman" section of linkgit:githooks[5]) that can - inform it as to what files have been modified. This enables git to avoid diff --git a/git.spec b/git.spec index 287ef90..08dc543 100644 --- a/git.spec +++ b/git.spec @@ -77,14 +77,14 @@ %endif # Define for release candidates -%global rcrev .rc0 +%global rcrev .rc1 # Set path to the package-notes linker script %global _package_note_file %{_builddir}/%{name}-%{version}%{?rcrev}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git Version: 2.36.0 -Release: 0.0%{?rcrev}%{?dist} +Release: 0.1%{?rcrev}%{?dist} Summary: Fast Version Control System License: GPLv2 URL: https://git-scm.com/ @@ -116,9 +116,6 @@ Source99: print-failed-test-output # https://bugzilla.redhat.com/490602 Patch0: git-cvsimport-Ignore-cvsps-2.2b1-Branches-output.patch -# https://lore.kernel.org/git/20220406184122.4126898-1-tmz@pobox.com/ -Patch1: https://github.com/git/git/commit/f3ea4bed2.patch#/0001-doc-replace-with-litdd-in-credential-cache-fsmonitor.patch - %if %{with docs} # pod2man is needed to build Git.3pm BuildRequires: %{_bindir}/pod2man @@ -1019,6 +1016,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Fri Apr 08 2022 Todd Zullinger - 2.36.0-0.1.rc1 +- update to 2.36.0-rc1 + * Tue Apr 05 2022 Todd Zullinger - 2.36.0-0.0.rc0 - update to 2.36.0-rc0 - use httpd-core for tests on Fedora >= 37 diff --git a/sources b/sources index 567d1db..0d98a58 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.36.0.rc0.tar.xz) = 7417784582f17e9579fbae984a175af814ff6bd9b28b48d0405b8c4342566a4e138df0f544ee7fbccf25419a50c3848fb9d0830feb9848a2f41cae2c969989c4 -SHA512 (git-2.36.0.rc0.tar.sign) = f1c8217687c993a32a3b8b38cde242440e6c3de4093dffd68bd9d483f103d20701856254e9bc92c2945c75405dd2c67e4c66076c05b469bbf4b21b7752888358 +SHA512 (git-2.36.0.rc1.tar.xz) = 48c17b4071128bc8d5e79545cbf835cd8bcca5d204fcd7e81a7207254ae3ff47a52edc2cbd132f27c575860cd53e354e6b5f277753b91d51ffd7e6313ee5e6f2 +SHA512 (git-2.36.0.rc1.tar.sign) = c7de5cd63425cf4ae4f6e38805461296de737b637f0d0008ac6e6d260c3623d5c576cb97d04673aee21cd8bb1294c5e618c9a5f8ad3ffd2a43a936ada05d8ebd From 4787e39b4029c1a9e195c61404dce160091e6652 Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Tue, 12 Apr 2022 21:02:44 -0400 Subject: [PATCH 013/113] update to 2.36.0-rc2 (CVE-2022-24765) Regarding CVE-2022-24765, the release announcement says: On multi-user machines, Git users might find themselves unexpectedly in a Git worktree, e.g. when another user created a repository in `C:\.git`, in a mounted network drive or in a scratch space. Merely having a Git-aware prompt that runs `git status` (or `git diff`) and navigating to a directory which is supposedly not a Git worktree, or opening such a directory in an editor or IDE such as VS Code or Atom, will potentially run commands defined by that other user. The new `safe.directory` setting may be used in either the system or global configuration to list directories which git should consider safe even if they are owned by someone other than the current user. Release notes: https://github.com/git/git/raw/v2.36.0-rc2/Documentation/RelNotes/2.36.0.txt --- git.spec | 7 +++++-- sources | 4 ++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/git.spec b/git.spec index 08dc543..39cd06c 100644 --- a/git.spec +++ b/git.spec @@ -77,14 +77,14 @@ %endif # Define for release candidates -%global rcrev .rc1 +%global rcrev .rc2 # Set path to the package-notes linker script %global _package_note_file %{_builddir}/%{name}-%{version}%{?rcrev}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git Version: 2.36.0 -Release: 0.1%{?rcrev}%{?dist} +Release: 0.2%{?rcrev}%{?dist} Summary: Fast Version Control System License: GPLv2 URL: https://git-scm.com/ @@ -1016,6 +1016,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Wed Apr 13 2022 Todd Zullinger - 2.36.0-0.2.rc2 +- update to 2.36.0-rc2 (CVE-2022-24765) + * Fri Apr 08 2022 Todd Zullinger - 2.36.0-0.1.rc1 - update to 2.36.0-rc1 diff --git a/sources b/sources index 0d98a58..134454c 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.36.0.rc1.tar.xz) = 48c17b4071128bc8d5e79545cbf835cd8bcca5d204fcd7e81a7207254ae3ff47a52edc2cbd132f27c575860cd53e354e6b5f277753b91d51ffd7e6313ee5e6f2 -SHA512 (git-2.36.0.rc1.tar.sign) = c7de5cd63425cf4ae4f6e38805461296de737b637f0d0008ac6e6d260c3623d5c576cb97d04673aee21cd8bb1294c5e618c9a5f8ad3ffd2a43a936ada05d8ebd +SHA512 (git-2.36.0.rc2.tar.xz) = dfdd49fc7d25c6e2c4291afd5e9c234f4180226d9219cb6e70328dfdeb585a982a2f3b375ede578570825fff9f68ea126b3342512644906dc4333f9f953fe4a3 +SHA512 (git-2.36.0.rc2.tar.sign) = 8b7abfabd47f2be269717e6eb832bcdecf502efc11caa8533a3851e7fbd21e41644322d0784e73efc4dfd5bf4bc1b1094f8dedbd72758e7522b12d045507618c From f0106d7c9a6f80916f456831a4e985b08605d7fc Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Tue, 12 Apr 2022 22:50:19 -0400 Subject: [PATCH 014/113] disable failing tests on s390x on EL8 These tests fail on s390x, but only with EL8. They succeed on Fedora and EL9. This suggests the issue is not with git. Skip them to avoid blocking the Fedora releases which we care most about while still allowing builds in COPR and elsewhere for all Fedora/EPEL releases. --- git.spec | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/git.spec b/git.spec index 39cd06c..16a265a 100644 --- a/git.spec +++ b/git.spec @@ -841,6 +841,26 @@ GIT_SKIP_TESTS="$GIT_SKIP_TESTS t9115" %endif # endif %%{power64} +%ifarch s390x && 0%{?rhel} == 8 +# Skip tests which fail on s390x on rhel-8 +# +# The following tests fail on s390x & el8. The cause should be investigated. +# However, it's a lower priority since the same tests work consistently on +# s390x with Fedora and RHEL-9. The failures seem to originate in t5300. +# +# t5300.10 'unpack without delta' +# t5300.12 'unpack with REF_DELTA' +# t5300.14 'unpack with OFS_DELTA' +# t5303.5 'create corruption in data of first object' +# t5303.7 '... and loose copy of second object allows for partial recovery' +# t5303.11 'create corruption in data of first delta' +# t6300.35 'basic atom: head objectsize:disk' +# t6300.91 'basic atom: tag objectsize:disk' +# t6300.92 'basic atom: tag *objectsize:disk' +GIT_SKIP_TESTS="$GIT_SKIP_TESTS t5300.{10,12,14} t5303.{5,7,11} t6300.{35,91,92}" +%endif +# endif s390x && rhel == 8 + export GIT_SKIP_TESTS # Set LANG so various UTF-8 tests are run @@ -1018,6 +1038,7 @@ rmdir --ignore-fail-on-non-empty "$testdir" %changelog * Wed Apr 13 2022 Todd Zullinger - 2.36.0-0.2.rc2 - update to 2.36.0-rc2 (CVE-2022-24765) +- disable failing tests on s390x on EL8 * Fri Apr 08 2022 Todd Zullinger - 2.36.0-0.1.rc1 - update to 2.36.0-rc1 From 59a5ed4cff3a6d1b398ca56cd04542b60b97a87a Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Wed, 13 Apr 2022 21:35:36 -0400 Subject: [PATCH 015/113] usability improvements on top of CVE-2022-24765 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Per the release announcement¹, these patches... address usability issues in the recent releases 'v2.35.2', 'v2.34.2', 'v2.33.2', 'v2.32.1', 'v2.31.2', and 'v2.30.3', where each "safe" directory has to be listed on the safe.directory configuration variables. A broader escape hatch has been added so that the value '*' can be used to declare "my colleagues and their repositories I may ever visit are all trustworthy". ¹ https://lore.kernel.org/git/xmqq1qy04iqa.fsf@gitster.g/ --- 0001-t0033-add-tests-for-safe.directory.patch | 72 +++++++++++++++ ...safe.directory-key-not-being-checked.patch | 48 ++++++++++ ...opt-out-of-check-with-safe.directory.patch | 88 +++++++++++++++++++ git.spec | 10 ++- 4 files changed, 217 insertions(+), 1 deletion(-) create mode 100644 0001-t0033-add-tests-for-safe.directory.patch create mode 100644 0002-setup-fix-safe.directory-key-not-being-checked.patch create mode 100644 0003-setup-opt-out-of-check-with-safe.directory.patch diff --git a/0001-t0033-add-tests-for-safe.directory.patch b/0001-t0033-add-tests-for-safe.directory.patch new file mode 100644 index 0000000..6774b37 --- /dev/null +++ b/0001-t0033-add-tests-for-safe.directory.patch @@ -0,0 +1,72 @@ +From e47363e5a8bdf5144059d664c45c0975243ef05b Mon Sep 17 00:00:00 2001 +From: Derrick Stolee +Date: Wed, 13 Apr 2022 15:32:29 +0000 +Subject: [PATCH 1/3] t0033: add tests for safe.directory + +It is difficult to change the ownership on a directory in our test +suite, so insert a new GIT_TEST_ASSUME_DIFFERENT_OWNER environment +variable to trick Git into thinking we are in a differently-owned +directory. This allows us to test that the config is parsed correctly. + +Signed-off-by: Derrick Stolee +Signed-off-by: Junio C Hamano +--- + setup.c | 3 ++- + t/t0033-safe-directory.sh | 34 ++++++++++++++++++++++++++++++++++ + 2 files changed, 36 insertions(+), 1 deletion(-) + create mode 100755 t/t0033-safe-directory.sh + +diff --git a/setup.c b/setup.c +index 95d5b00940..3c6ed17af9 100644 +--- a/setup.c ++++ b/setup.c +@@ -1053,7 +1053,8 @@ static int ensure_valid_ownership(const char *path) + { + struct safe_directory_data data = { .path = path }; + +- if (is_path_owned_by_current_user(path)) ++ if (!git_env_bool("GIT_TEST_ASSUME_DIFFERENT_OWNER", 0) && ++ is_path_owned_by_current_user(path)) + return 1; + + read_very_early_config(safe_directory_cb, &data); +diff --git a/t/t0033-safe-directory.sh b/t/t0033-safe-directory.sh +new file mode 100755 +index 0000000000..9380ff3d01 +--- /dev/null ++++ b/t/t0033-safe-directory.sh +@@ -0,0 +1,34 @@ ++#!/bin/sh ++ ++test_description='verify safe.directory checks' ++ ++. ./test-lib.sh ++ ++GIT_TEST_ASSUME_DIFFERENT_OWNER=1 ++export GIT_TEST_ASSUME_DIFFERENT_OWNER ++ ++expect_rejected_dir () { ++ test_must_fail git status 2>err && ++ grep "safe.directory" err ++} ++ ++test_expect_success 'safe.directory is not set' ' ++ expect_rejected_dir ++' ++ ++test_expect_success 'safe.directory does not match' ' ++ git config --global safe.directory bogus && ++ expect_rejected_dir ++' ++ ++test_expect_success 'safe.directory matches' ' ++ git config --global --add safe.directory "$(pwd)" && ++ git status ++' ++ ++test_expect_success 'safe.directory matches, but is reset' ' ++ git config --global --add safe.directory "" && ++ expect_rejected_dir ++' ++ ++test_done diff --git a/0002-setup-fix-safe.directory-key-not-being-checked.patch b/0002-setup-fix-safe.directory-key-not-being-checked.patch new file mode 100644 index 0000000..d53a5f2 --- /dev/null +++ b/0002-setup-fix-safe.directory-key-not-being-checked.patch @@ -0,0 +1,48 @@ +From bb50ec3cc300eeff3aba7a2bea145aabdb477d31 Mon Sep 17 00:00:00 2001 +From: Matheus Valadares +Date: Wed, 13 Apr 2022 15:32:30 +0000 +Subject: [PATCH 2/3] setup: fix safe.directory key not being checked + +It seems that nothing is ever checking to make sure the safe directories +in the configs actually have the key safe.directory, so some unrelated +config that has a value with a certain directory would also make it a +safe directory. + +Signed-off-by: Matheus Valadares +Signed-off-by: Derrick Stolee +Signed-off-by: Junio C Hamano +--- + setup.c | 3 +++ + t/t0033-safe-directory.sh | 5 +++++ + 2 files changed, 8 insertions(+) + +diff --git a/setup.c b/setup.c +index 3c6ed17af9..4b9f073617 100644 +--- a/setup.c ++++ b/setup.c +@@ -1034,6 +1034,9 @@ static int safe_directory_cb(const char *key, const char *value, void *d) + { + struct safe_directory_data *data = d; + ++ if (strcmp(key, "safe.directory")) ++ return 0; ++ + if (!value || !*value) + data->is_safe = 0; + else { +diff --git a/t/t0033-safe-directory.sh b/t/t0033-safe-directory.sh +index 9380ff3d01..6f33c0dfef 100755 +--- a/t/t0033-safe-directory.sh ++++ b/t/t0033-safe-directory.sh +@@ -21,6 +21,11 @@ test_expect_success 'safe.directory does not match' ' + expect_rejected_dir + ' + ++test_expect_success 'path exist as different key' ' ++ git config --global foo.bar "$(pwd)" && ++ expect_rejected_dir ++' ++ + test_expect_success 'safe.directory matches' ' + git config --global --add safe.directory "$(pwd)" && + git status diff --git a/0003-setup-opt-out-of-check-with-safe.directory.patch b/0003-setup-opt-out-of-check-with-safe.directory.patch new file mode 100644 index 0000000..b734d9e --- /dev/null +++ b/0003-setup-opt-out-of-check-with-safe.directory.patch @@ -0,0 +1,88 @@ +From 0f85c4a30b072a26d74af8bbf63cc8f6a5dfc1b8 Mon Sep 17 00:00:00 2001 +From: Derrick Stolee +Date: Wed, 13 Apr 2022 15:32:31 +0000 +Subject: [PATCH 3/3] setup: opt-out of check with safe.directory=* + +With the addition of the safe.directory in 8959555ce +(setup_git_directory(): add an owner check for the top-level directory, +2022-03-02) released in v2.35.2, we are receiving feedback from a +variety of users about the feature. + +Some users have a very large list of shared repositories and find it +cumbersome to add this config for every one of them. + +In a more difficult case, certain workflows involve running Git commands +within containers. The container boundary prevents any global or system +config from communicating `safe.directory` values from the host into the +container. Further, the container almost always runs as a different user +than the owner of the directory in the host. + +To simplify the reactions necessary for these users, extend the +definition of the safe.directory config value to include a possible '*' +value. This value implies that all directories are safe, providing a +single setting to opt-out of this protection. + +Note that an empty assignment of safe.directory clears all previous +values, and this is already the case with the "if (!value || !*value)" +condition. + +Signed-off-by: Derrick Stolee +Signed-off-by: Junio C Hamano +--- + Documentation/config/safe.txt | 7 +++++++ + setup.c | 6 ++++-- + t/t0033-safe-directory.sh | 10 ++++++++++ + 3 files changed, 21 insertions(+), 2 deletions(-) + +diff --git a/Documentation/config/safe.txt b/Documentation/config/safe.txt +index 63597b2df8..6d764fe0cc 100644 +--- a/Documentation/config/safe.txt ++++ b/Documentation/config/safe.txt +@@ -19,3 +19,10 @@ line option `-c safe.directory=`. + The value of this setting is interpolated, i.e. `~/` expands to a + path relative to the home directory and `%(prefix)/` expands to a + path relative to Git's (runtime) prefix. +++ ++To completely opt-out of this security check, set `safe.directory` to the ++string `*`. This will allow all repositories to be treated as if their ++directory was listed in the `safe.directory` list. If `safe.directory=*` ++is set in system config and you want to re-enable this protection, then ++initialize your list with an empty value before listing the repositories ++that you deem safe. +diff --git a/setup.c b/setup.c +index 4b9f073617..aad9ace0af 100644 +--- a/setup.c ++++ b/setup.c +@@ -1037,9 +1037,11 @@ static int safe_directory_cb(const char *key, const char *value, void *d) + if (strcmp(key, "safe.directory")) + return 0; + +- if (!value || !*value) ++ if (!value || !*value) { + data->is_safe = 0; +- else { ++ } else if (!strcmp(value, "*")) { ++ data->is_safe = 1; ++ } else { + const char *interpolated = NULL; + + if (!git_config_pathname(&interpolated, key, value) && +diff --git a/t/t0033-safe-directory.sh b/t/t0033-safe-directory.sh +index 6f33c0dfef..239d93f4d2 100755 +--- a/t/t0033-safe-directory.sh ++++ b/t/t0033-safe-directory.sh +@@ -36,4 +36,14 @@ test_expect_success 'safe.directory matches, but is reset' ' + expect_rejected_dir + ' + ++test_expect_success 'safe.directory=*' ' ++ git config --global --add safe.directory "*" && ++ git status ++' ++ ++test_expect_success 'safe.directory=*, but is reset' ' ++ git config --global --add safe.directory "" && ++ expect_rejected_dir ++' ++ + test_done diff --git a/git.spec b/git.spec index 16a265a..4060513 100644 --- a/git.spec +++ b/git.spec @@ -84,7 +84,7 @@ Name: git Version: 2.36.0 -Release: 0.2%{?rcrev}%{?dist} +Release: 0.3%{?rcrev}%{?dist} Summary: Fast Version Control System License: GPLv2 URL: https://git-scm.com/ @@ -116,6 +116,11 @@ Source99: print-failed-test-output # https://bugzilla.redhat.com/490602 Patch0: git-cvsimport-Ignore-cvsps-2.2b1-Branches-output.patch +# Usability improvements on top of CVE-2022-24765 +Patch1: 0001-t0033-add-tests-for-safe.directory.patch +Patch2: 0002-setup-fix-safe.directory-key-not-being-checked.patch +Patch3: 0003-setup-opt-out-of-check-with-safe.directory.patch + %if %{with docs} # pod2man is needed to build Git.3pm BuildRequires: %{_bindir}/pod2man @@ -1036,6 +1041,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Thu Apr 14 2022 Todd Zullinger - 2.36.0-0.3.rc2 +- usability improvements on top of CVE-2022-24765 + * Wed Apr 13 2022 Todd Zullinger - 2.36.0-0.2.rc2 - update to 2.36.0-rc2 (CVE-2022-24765) - disable failing tests on s390x on EL8 From dbec023603a5a5ced85a0192a02bc88f39ac820c Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Mon, 18 Apr 2022 14:11:02 -0400 Subject: [PATCH 016/113] update to 2.36.0 Release notes: https://github.com/git/git/raw/v2.36.0/Documentation/RelNotes/2.36.0.txt --- 0001-t0033-add-tests-for-safe.directory.patch | 72 --------------- ...safe.directory-key-not-being-checked.patch | 48 ---------- ...opt-out-of-check-with-safe.directory.patch | 88 ------------------- git.spec | 12 ++- sources | 4 +- 5 files changed, 7 insertions(+), 217 deletions(-) delete mode 100644 0001-t0033-add-tests-for-safe.directory.patch delete mode 100644 0002-setup-fix-safe.directory-key-not-being-checked.patch delete mode 100644 0003-setup-opt-out-of-check-with-safe.directory.patch diff --git a/0001-t0033-add-tests-for-safe.directory.patch b/0001-t0033-add-tests-for-safe.directory.patch deleted file mode 100644 index 6774b37..0000000 --- a/0001-t0033-add-tests-for-safe.directory.patch +++ /dev/null @@ -1,72 +0,0 @@ -From e47363e5a8bdf5144059d664c45c0975243ef05b Mon Sep 17 00:00:00 2001 -From: Derrick Stolee -Date: Wed, 13 Apr 2022 15:32:29 +0000 -Subject: [PATCH 1/3] t0033: add tests for safe.directory - -It is difficult to change the ownership on a directory in our test -suite, so insert a new GIT_TEST_ASSUME_DIFFERENT_OWNER environment -variable to trick Git into thinking we are in a differently-owned -directory. This allows us to test that the config is parsed correctly. - -Signed-off-by: Derrick Stolee -Signed-off-by: Junio C Hamano ---- - setup.c | 3 ++- - t/t0033-safe-directory.sh | 34 ++++++++++++++++++++++++++++++++++ - 2 files changed, 36 insertions(+), 1 deletion(-) - create mode 100755 t/t0033-safe-directory.sh - -diff --git a/setup.c b/setup.c -index 95d5b00940..3c6ed17af9 100644 ---- a/setup.c -+++ b/setup.c -@@ -1053,7 +1053,8 @@ static int ensure_valid_ownership(const char *path) - { - struct safe_directory_data data = { .path = path }; - -- if (is_path_owned_by_current_user(path)) -+ if (!git_env_bool("GIT_TEST_ASSUME_DIFFERENT_OWNER", 0) && -+ is_path_owned_by_current_user(path)) - return 1; - - read_very_early_config(safe_directory_cb, &data); -diff --git a/t/t0033-safe-directory.sh b/t/t0033-safe-directory.sh -new file mode 100755 -index 0000000000..9380ff3d01 ---- /dev/null -+++ b/t/t0033-safe-directory.sh -@@ -0,0 +1,34 @@ -+#!/bin/sh -+ -+test_description='verify safe.directory checks' -+ -+. ./test-lib.sh -+ -+GIT_TEST_ASSUME_DIFFERENT_OWNER=1 -+export GIT_TEST_ASSUME_DIFFERENT_OWNER -+ -+expect_rejected_dir () { -+ test_must_fail git status 2>err && -+ grep "safe.directory" err -+} -+ -+test_expect_success 'safe.directory is not set' ' -+ expect_rejected_dir -+' -+ -+test_expect_success 'safe.directory does not match' ' -+ git config --global safe.directory bogus && -+ expect_rejected_dir -+' -+ -+test_expect_success 'safe.directory matches' ' -+ git config --global --add safe.directory "$(pwd)" && -+ git status -+' -+ -+test_expect_success 'safe.directory matches, but is reset' ' -+ git config --global --add safe.directory "" && -+ expect_rejected_dir -+' -+ -+test_done diff --git a/0002-setup-fix-safe.directory-key-not-being-checked.patch b/0002-setup-fix-safe.directory-key-not-being-checked.patch deleted file mode 100644 index d53a5f2..0000000 --- a/0002-setup-fix-safe.directory-key-not-being-checked.patch +++ /dev/null @@ -1,48 +0,0 @@ -From bb50ec3cc300eeff3aba7a2bea145aabdb477d31 Mon Sep 17 00:00:00 2001 -From: Matheus Valadares -Date: Wed, 13 Apr 2022 15:32:30 +0000 -Subject: [PATCH 2/3] setup: fix safe.directory key not being checked - -It seems that nothing is ever checking to make sure the safe directories -in the configs actually have the key safe.directory, so some unrelated -config that has a value with a certain directory would also make it a -safe directory. - -Signed-off-by: Matheus Valadares -Signed-off-by: Derrick Stolee -Signed-off-by: Junio C Hamano ---- - setup.c | 3 +++ - t/t0033-safe-directory.sh | 5 +++++ - 2 files changed, 8 insertions(+) - -diff --git a/setup.c b/setup.c -index 3c6ed17af9..4b9f073617 100644 ---- a/setup.c -+++ b/setup.c -@@ -1034,6 +1034,9 @@ static int safe_directory_cb(const char *key, const char *value, void *d) - { - struct safe_directory_data *data = d; - -+ if (strcmp(key, "safe.directory")) -+ return 0; -+ - if (!value || !*value) - data->is_safe = 0; - else { -diff --git a/t/t0033-safe-directory.sh b/t/t0033-safe-directory.sh -index 9380ff3d01..6f33c0dfef 100755 ---- a/t/t0033-safe-directory.sh -+++ b/t/t0033-safe-directory.sh -@@ -21,6 +21,11 @@ test_expect_success 'safe.directory does not match' ' - expect_rejected_dir - ' - -+test_expect_success 'path exist as different key' ' -+ git config --global foo.bar "$(pwd)" && -+ expect_rejected_dir -+' -+ - test_expect_success 'safe.directory matches' ' - git config --global --add safe.directory "$(pwd)" && - git status diff --git a/0003-setup-opt-out-of-check-with-safe.directory.patch b/0003-setup-opt-out-of-check-with-safe.directory.patch deleted file mode 100644 index b734d9e..0000000 --- a/0003-setup-opt-out-of-check-with-safe.directory.patch +++ /dev/null @@ -1,88 +0,0 @@ -From 0f85c4a30b072a26d74af8bbf63cc8f6a5dfc1b8 Mon Sep 17 00:00:00 2001 -From: Derrick Stolee -Date: Wed, 13 Apr 2022 15:32:31 +0000 -Subject: [PATCH 3/3] setup: opt-out of check with safe.directory=* - -With the addition of the safe.directory in 8959555ce -(setup_git_directory(): add an owner check for the top-level directory, -2022-03-02) released in v2.35.2, we are receiving feedback from a -variety of users about the feature. - -Some users have a very large list of shared repositories and find it -cumbersome to add this config for every one of them. - -In a more difficult case, certain workflows involve running Git commands -within containers. The container boundary prevents any global or system -config from communicating `safe.directory` values from the host into the -container. Further, the container almost always runs as a different user -than the owner of the directory in the host. - -To simplify the reactions necessary for these users, extend the -definition of the safe.directory config value to include a possible '*' -value. This value implies that all directories are safe, providing a -single setting to opt-out of this protection. - -Note that an empty assignment of safe.directory clears all previous -values, and this is already the case with the "if (!value || !*value)" -condition. - -Signed-off-by: Derrick Stolee -Signed-off-by: Junio C Hamano ---- - Documentation/config/safe.txt | 7 +++++++ - setup.c | 6 ++++-- - t/t0033-safe-directory.sh | 10 ++++++++++ - 3 files changed, 21 insertions(+), 2 deletions(-) - -diff --git a/Documentation/config/safe.txt b/Documentation/config/safe.txt -index 63597b2df8..6d764fe0cc 100644 ---- a/Documentation/config/safe.txt -+++ b/Documentation/config/safe.txt -@@ -19,3 +19,10 @@ line option `-c safe.directory=`. - The value of this setting is interpolated, i.e. `~/` expands to a - path relative to the home directory and `%(prefix)/` expands to a - path relative to Git's (runtime) prefix. -++ -+To completely opt-out of this security check, set `safe.directory` to the -+string `*`. This will allow all repositories to be treated as if their -+directory was listed in the `safe.directory` list. If `safe.directory=*` -+is set in system config and you want to re-enable this protection, then -+initialize your list with an empty value before listing the repositories -+that you deem safe. -diff --git a/setup.c b/setup.c -index 4b9f073617..aad9ace0af 100644 ---- a/setup.c -+++ b/setup.c -@@ -1037,9 +1037,11 @@ static int safe_directory_cb(const char *key, const char *value, void *d) - if (strcmp(key, "safe.directory")) - return 0; - -- if (!value || !*value) -+ if (!value || !*value) { - data->is_safe = 0; -- else { -+ } else if (!strcmp(value, "*")) { -+ data->is_safe = 1; -+ } else { - const char *interpolated = NULL; - - if (!git_config_pathname(&interpolated, key, value) && -diff --git a/t/t0033-safe-directory.sh b/t/t0033-safe-directory.sh -index 6f33c0dfef..239d93f4d2 100755 ---- a/t/t0033-safe-directory.sh -+++ b/t/t0033-safe-directory.sh -@@ -36,4 +36,14 @@ test_expect_success 'safe.directory matches, but is reset' ' - expect_rejected_dir - ' - -+test_expect_success 'safe.directory=*' ' -+ git config --global --add safe.directory "*" && -+ git status -+' -+ -+test_expect_success 'safe.directory=*, but is reset' ' -+ git config --global --add safe.directory "" && -+ expect_rejected_dir -+' -+ - test_done diff --git a/git.spec b/git.spec index 4060513..250761b 100644 --- a/git.spec +++ b/git.spec @@ -77,14 +77,14 @@ %endif # Define for release candidates -%global rcrev .rc2 +#global rcrev .rc0 # Set path to the package-notes linker script %global _package_note_file %{_builddir}/%{name}-%{version}%{?rcrev}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git Version: 2.36.0 -Release: 0.3%{?rcrev}%{?dist} +Release: 1%{?rcrev}%{?dist} Summary: Fast Version Control System License: GPLv2 URL: https://git-scm.com/ @@ -116,11 +116,6 @@ Source99: print-failed-test-output # https://bugzilla.redhat.com/490602 Patch0: git-cvsimport-Ignore-cvsps-2.2b1-Branches-output.patch -# Usability improvements on top of CVE-2022-24765 -Patch1: 0001-t0033-add-tests-for-safe.directory.patch -Patch2: 0002-setup-fix-safe.directory-key-not-being-checked.patch -Patch3: 0003-setup-opt-out-of-check-with-safe.directory.patch - %if %{with docs} # pod2man is needed to build Git.3pm BuildRequires: %{_bindir}/pod2man @@ -1041,6 +1036,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Mon Apr 18 2022 Todd Zullinger - 2.36.0-1 +- update to 2.36.0 + * Thu Apr 14 2022 Todd Zullinger - 2.36.0-0.3.rc2 - usability improvements on top of CVE-2022-24765 diff --git a/sources b/sources index 134454c..07711e7 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.36.0.rc2.tar.xz) = dfdd49fc7d25c6e2c4291afd5e9c234f4180226d9219cb6e70328dfdeb585a982a2f3b375ede578570825fff9f68ea126b3342512644906dc4333f9f953fe4a3 -SHA512 (git-2.36.0.rc2.tar.sign) = 8b7abfabd47f2be269717e6eb832bcdecf502efc11caa8533a3851e7fbd21e41644322d0784e73efc4dfd5bf4bc1b1094f8dedbd72758e7522b12d045507618c +SHA512 (git-2.36.0.tar.xz) = dce0d7dbe684af070271830a01bf1b9cc289182f5106f6e3303b1b3a0d5dc74bebf6ac0174373db05a28f5acc62acb095bc9385dabeeecc1d6e8567dce29b766 +SHA512 (git-2.36.0.tar.sign) = 51343a6443a95db4e896687987876d5259fe8e52fc14bbaa87314f7e3be3e36655d087c6453ca8208face5b28db10b503e5e52487cfa3f3664d2b4a761561815 From b76548f9c23d21ad96a1c319f0b2f28363b83bf0 Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Mon, 18 Apr 2022 14:11:02 -0400 Subject: [PATCH 017/113] update to 2.36.1 Release notes: https://github.com/git/git/raw/v2.36.1/Documentation/RelNotes/2.36.1.txt --- git.spec | 5 ++++- sources | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/git.spec b/git.spec index 250761b..347ebd0 100644 --- a/git.spec +++ b/git.spec @@ -83,7 +83,7 @@ %global _package_note_file %{_builddir}/%{name}-%{version}%{?rcrev}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git -Version: 2.36.0 +Version: 2.36.1 Release: 1%{?rcrev}%{?dist} Summary: Fast Version Control System License: GPLv2 @@ -1036,6 +1036,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Fri May 06 2022 Todd Zullinger - 2.36.1-1 +- update to 2.36.1 + * Mon Apr 18 2022 Todd Zullinger - 2.36.0-1 - update to 2.36.0 diff --git a/sources b/sources index 07711e7..2a46fa9 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.36.0.tar.xz) = dce0d7dbe684af070271830a01bf1b9cc289182f5106f6e3303b1b3a0d5dc74bebf6ac0174373db05a28f5acc62acb095bc9385dabeeecc1d6e8567dce29b766 -SHA512 (git-2.36.0.tar.sign) = 51343a6443a95db4e896687987876d5259fe8e52fc14bbaa87314f7e3be3e36655d087c6453ca8208face5b28db10b503e5e52487cfa3f3664d2b4a761561815 +SHA512 (git-2.36.1.tar.xz) = 459432bd0c1d5a87c828a6fbf6d3473f14bf6b95783b3f27ea4f3af1ba9fd0e712a96a41276a16c6ebeb7ac3583a5f445eedd0a9e19fe160c2c8e309ec58818e +SHA512 (git-2.36.1.tar.sign) = 60e8ca4b1219020c79405cffb1612dc027fd67a5af1780d937795a6f12f9231a8bfdfb2f53aee2f61c1acfb01f0d8fc626fbf3467bb7c435aebf4fcbd441b08b From 09bd4bb5d8b7a78570107d6bcdda99d6377bfea6 Mon Sep 17 00:00:00 2001 From: Jitka Plesnikova Date: Wed, 1 Jun 2022 08:18:21 +0200 Subject: [PATCH 018/113] Perl 5.36 rebuild --- git.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/git.spec b/git.spec index 347ebd0..b5a5e85 100644 --- a/git.spec +++ b/git.spec @@ -84,7 +84,7 @@ Name: git Version: 2.36.1 -Release: 1%{?rcrev}%{?dist} +Release: 1%{?rcrev}%{?dist}.1 Summary: Fast Version Control System License: GPLv2 URL: https://git-scm.com/ @@ -1036,6 +1036,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Wed Jun 01 2022 Jitka Plesnikova - 2.36.1-1.1 +- Perl 5.36 rebuild + * Fri May 06 2022 Todd Zullinger - 2.36.1-1 - update to 2.36.1 From a35db90ce1c19abf5ada66e8a315c93e7f1709d8 Mon Sep 17 00:00:00 2001 From: Jitka Plesnikova Date: Fri, 3 Jun 2022 13:30:49 +0200 Subject: [PATCH 019/113] Perl 5.36 re-rebuild of bootstrapped packages --- git.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/git.spec b/git.spec index b5a5e85..d0f0503 100644 --- a/git.spec +++ b/git.spec @@ -84,7 +84,7 @@ Name: git Version: 2.36.1 -Release: 1%{?rcrev}%{?dist}.1 +Release: 1%{?rcrev}%{?dist}.2 Summary: Fast Version Control System License: GPLv2 URL: https://git-scm.com/ @@ -1036,6 +1036,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Fri Jun 03 2022 Jitka Plesnikova - 2.36.1-1.2 +- Perl 5.36 re-rebuild of bootstrapped packages + * Wed Jun 01 2022 Jitka Plesnikova - 2.36.1-1.1 - Perl 5.36 rebuild From 81908fa387158fd68ea07e8e08d6ac718e19b1fc Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Tue, 14 Jun 2022 01:18:56 -0400 Subject: [PATCH 020/113] update to 2.37.0-rc0 Release notes: https://github.com/git/git/raw/v2.37.0-rc0/Documentation/RelNotes/2.37.0.txt --- git.spec | 9 ++++++--- sources | 4 ++-- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/git.spec b/git.spec index d0f0503..0555712 100644 --- a/git.spec +++ b/git.spec @@ -77,14 +77,14 @@ %endif # Define for release candidates -#global rcrev .rc0 +%global rcrev .rc0 # Set path to the package-notes linker script %global _package_note_file %{_builddir}/%{name}-%{version}%{?rcrev}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git -Version: 2.36.1 -Release: 1%{?rcrev}%{?dist}.2 +Version: 2.37.0 +Release: 0.0%{?rcrev}%{?dist} Summary: Fast Version Control System License: GPLv2 URL: https://git-scm.com/ @@ -1036,6 +1036,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Tue Jun 14 2022 Todd Zullinger - 2.37.0-0.0.rc0 +- update to 2.37.0-rc0 + * Fri Jun 03 2022 Jitka Plesnikova - 2.36.1-1.2 - Perl 5.36 re-rebuild of bootstrapped packages diff --git a/sources b/sources index 2a46fa9..a0e2d2e 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.36.1.tar.xz) = 459432bd0c1d5a87c828a6fbf6d3473f14bf6b95783b3f27ea4f3af1ba9fd0e712a96a41276a16c6ebeb7ac3583a5f445eedd0a9e19fe160c2c8e309ec58818e -SHA512 (git-2.36.1.tar.sign) = 60e8ca4b1219020c79405cffb1612dc027fd67a5af1780d937795a6f12f9231a8bfdfb2f53aee2f61c1acfb01f0d8fc626fbf3467bb7c435aebf4fcbd441b08b +SHA512 (git-2.37.0.rc0.tar.xz) = bcb69bc211ea4a439260dca6b61afeb0ea1f61ad892f169d990454038ad83e28eccbf9d1da6d9f4deb56b1016d8cca6a431374e8f3401c33a6ca99f403391790 +SHA512 (git-2.37.0.rc0.tar.sign) = 6d3443504b012d580209afee938c99f4ae6ee34257a17e7f58adf640f42c54140f6873f4a15ca36ffa06d5d9740ecbab6fa39c8331f5e9bbfdbd522e30f24c0e From 70428fb2e85e754ccad0b3fc051c40c9aad77656 Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Mon, 13 Jun 2022 23:49:48 -0400 Subject: [PATCH 021/113] fix GIT_SKIP_TESTS for EL8 s390x The GIT_SKIP_TESTS variable does not support brace expansion. It was my mistake thinking that it did. List the tests to skip properly. If we had a longer list and *really* wanted to use brace expansion, we could do something like this: GIT_SKIP_TESTS="$GIT_SKIP_TESTS $(echo t5300.{10,12,14} t5303.{5,7,11} t6300.{35,91,92})" In this case, that's more characters _and_ more complexity, so it makes no sense to use it. (Even if it were shorter, it doesn't necessarily justify the extra complexity.) Expand the list of tests to skip to cover those which fail due to the earlier skipped tests. Additionally, GIT_SKIP_TESTS is (unintentionally) set on systems other than EL8. Fix the conditional to only skip these tests on s390x on EL8. --- git.spec | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/git.spec b/git.spec index 0555712..41f02f3 100644 --- a/git.spec +++ b/git.spec @@ -841,7 +841,7 @@ GIT_SKIP_TESTS="$GIT_SKIP_TESTS t9115" %endif # endif %%{power64} -%ifarch s390x && 0%{?rhel} == 8 +%if 0%{?rhel} == 8 && "%{_arch}" == "s390x" # Skip tests which fail on s390x on rhel-8 # # The following tests fail on s390x & el8. The cause should be investigated. @@ -850,16 +850,26 @@ GIT_SKIP_TESTS="$GIT_SKIP_TESTS t9115" # # t5300.10 'unpack without delta' # t5300.12 'unpack with REF_DELTA' +# t5300.13 'unpack with REF_DELTA' # t5300.14 'unpack with OFS_DELTA' +# t5300.18 'compare delta flavors' +# t5300.20 'use packed deltified (REF_DELTA) objects' +# t5300.23 'verify pack' +# t5300.24 'verify pack -v' +# t5300.25 'verify-pack catches mismatched .idx and .pack files' +# t5300.29 'verify-pack catches a corrupted sum of the index file itself' +# t5300.30 'build pack index for an existing pack' +# t5300.45 'make sure index-pack detects the SHA1 collision' +# t5300.46 'make sure index-pack detects the SHA1 collision (large blobs)' # t5303.5 'create corruption in data of first object' # t5303.7 '... and loose copy of second object allows for partial recovery' # t5303.11 'create corruption in data of first delta' # t6300.35 'basic atom: head objectsize:disk' # t6300.91 'basic atom: tag objectsize:disk' # t6300.92 'basic atom: tag *objectsize:disk' -GIT_SKIP_TESTS="$GIT_SKIP_TESTS t5300.{10,12,14} t5303.{5,7,11} t6300.{35,91,92}" +GIT_SKIP_TESTS="$GIT_SKIP_TESTS t5300.1[02348] t5300.2[03459] t5300.30 t5300.4[56] t5303.[57] t5303.11 t6300.35 t6300.9[12]" %endif -# endif s390x && rhel == 8 +# endif rhel == 8 && arch == s390x export GIT_SKIP_TESTS @@ -1038,6 +1048,7 @@ rmdir --ignore-fail-on-non-empty "$testdir" %changelog * Tue Jun 14 2022 Todd Zullinger - 2.37.0-0.0.rc0 - update to 2.37.0-rc0 +- fix GIT_SKIP_TESTS for EL8 s390x * Fri Jun 03 2022 Jitka Plesnikova - 2.36.1-1.2 - Perl 5.36 re-rebuild of bootstrapped packages From 33956465a148eec72f465deb3c32e143e41496ea Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Mon, 13 Jun 2022 23:45:30 -0400 Subject: [PATCH 022/113] remove --with/--without emacs build conditional The emacs bcond support was added cdea01a (drop emacs-git stub for fedora >= 34 (#1882360), 2020-10-10). Now that Fedora 34 is EOL, we no longer need the conditional. --- git.spec | 40 +--------------------------------------- 1 file changed, 1 insertion(+), 39 deletions(-) diff --git a/git.spec b/git.spec index 41f02f3..65ba831 100644 --- a/git.spec +++ b/git.spec @@ -6,13 +6,6 @@ %global gitexecdir %{_libexecdir}/git-core -# Settings for Fedora >= 34 -%if 0%{?fedora} >= 34 -%bcond_with emacs -%else -%bcond_without emacs -%endif - # Settings for Fedora %if 0%{?fedora} # linkchecker is not available on EL @@ -137,10 +130,6 @@ BuildRequires: linkchecker BuildRequires: coreutils BuildRequires: desktop-file-utils BuildRequires: diffutils -%if %{with emacs} -BuildRequires: emacs-common -%endif -# endif emacs-common %if 0%{?rhel} && 0%{?rhel} < 9 # Require epel-rpm-macros for the %%gpgverify macro on EL-7/EL-8, and # %%build_cflags & %%build_ldflags on EL-7. @@ -267,17 +256,6 @@ Requires: perl(Term::ReadKey) # endif ! defined perl_bootstrap Requires: perl-Git = %{version}-%{release} -%if %{with emacs} && %{defined _emacs_version} -Requires: emacs-filesystem >= %{_emacs_version} -%endif -# endif with emacs && defined _emacs_version - -# Obsolete emacs-git if it's disabled -%if %{without emacs} -Obsoletes: emacs-git < %{?epoch:%{epoch}:}%{version}-%{release} -%endif -# endif without emacs - # Obsolete git-cvs if it's disabled %if %{without cvs} Obsoletes: git-cvs < %{?epoch:%{epoch}:}%{version}-%{release} @@ -636,19 +614,6 @@ sed -i -e '1s@#!\( */usr/bin/env python\|%{__python2}\)$@#!%{__python3}@' \ %make_install -C contrib/contacts -%if %{with emacs} -%global elispdir %{_emacs_sitelispdir}/git -pushd contrib/emacs >/dev/null -for el in *.el ; do - # Note: No byte-compiling is done. These .el files are one-line stubs - # which only serve to point users to better alternatives. - install -Dpm 644 $el %{buildroot}%{elispdir}/$el - rm -f $el # clean up to avoid cruft in git-core-doc -done -popd >/dev/null -%endif -# endif with emacs - %if %{with libsecret} install -pm 755 contrib/credential/libsecret/git-credential-libsecret \ %{buildroot}%{gitexecdir} @@ -915,10 +880,6 @@ rmdir --ignore-fail-on-non-empty "$testdir" %systemd_postun_with_restart git.socket %files -f bin-man-doc-git-files -%if %{with emacs} -%{elispdir} -%endif -# endif with emacs %{_datadir}/git-core/contrib/diff-highlight %{_datadir}/git-core/contrib/hooks/update-paranoid %{_datadir}/git-core/contrib/hooks/setgitperms.perl @@ -1049,6 +1010,7 @@ rmdir --ignore-fail-on-non-empty "$testdir" * Tue Jun 14 2022 Todd Zullinger - 2.37.0-0.0.rc0 - update to 2.37.0-rc0 - fix GIT_SKIP_TESTS for EL8 s390x +- remove --with/--without emacs build conditional * Fri Jun 03 2022 Jitka Plesnikova - 2.36.1-1.2 - Perl 5.36 re-rebuild of bootstrapped packages From 7d205ab48d41596df2a37bd4742ecad8fc4b3e6c Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Fri, 17 Jun 2022 22:55:42 -0400 Subject: [PATCH 023/113] update to 2.37.0-rc1 Add 'missing FSMONITOR_DAEMON' and 'You must set env var GIT_TEST_ALLOW_SUDO=YES in order to run this test' to git.skip-test-patterns to cover new test prerequisites. Release notes: https://github.com/git/git/raw/v2.37.0-rc1/Documentation/RelNotes/2.37.0.txt --- git.skip-test-patterns | 2 ++ git.spec | 7 +++++-- sources | 4 ++-- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/git.skip-test-patterns b/git.skip-test-patterns index 234d37a..1a1139f 100644 --- a/git.skip-test-patterns +++ b/git.skip-test-patterns @@ -6,6 +6,7 @@ missing AUTOIDENT missing CASE_INSENSITIVE_FS missing DONTHAVEIT missing ([!]LONG_IS_64BIT,)?EXPENSIVE +missing FSMONITOR_DAEMON missing JGIT missing !?LAZY_(TRUE|FALSE) missing MINGW @@ -26,3 +27,4 @@ skipping svn-info test skipping Windows-(only path|specific) tests Test requiring writable / skipped used to test external credential helpers +You must set env var GIT_TEST_ALLOW_SUDO=YES in order to run this test diff --git a/git.spec b/git.spec index 65ba831..d58e164 100644 --- a/git.spec +++ b/git.spec @@ -70,14 +70,14 @@ %endif # Define for release candidates -%global rcrev .rc0 +%global rcrev .rc1 # Set path to the package-notes linker script %global _package_note_file %{_builddir}/%{name}-%{version}%{?rcrev}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git Version: 2.37.0 -Release: 0.0%{?rcrev}%{?dist} +Release: 0.1%{?rcrev}%{?dist} Summary: Fast Version Control System License: GPLv2 URL: https://git-scm.com/ @@ -1007,6 +1007,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Fri Jun 17 2022 Todd Zullinger - 2.37.0-0.1.rc1 +- update to 2.37.0-rc1 + * Tue Jun 14 2022 Todd Zullinger - 2.37.0-0.0.rc0 - update to 2.37.0-rc0 - fix GIT_SKIP_TESTS for EL8 s390x diff --git a/sources b/sources index a0e2d2e..aed88fa 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.37.0.rc0.tar.xz) = bcb69bc211ea4a439260dca6b61afeb0ea1f61ad892f169d990454038ad83e28eccbf9d1da6d9f4deb56b1016d8cca6a431374e8f3401c33a6ca99f403391790 -SHA512 (git-2.37.0.rc0.tar.sign) = 6d3443504b012d580209afee938c99f4ae6ee34257a17e7f58adf640f42c54140f6873f4a15ca36ffa06d5d9740ecbab6fa39c8331f5e9bbfdbd522e30f24c0e +SHA512 (git-2.37.0.rc1.tar.xz) = 4a2ddb7d4be9bcfcdcc181693d09bd4b34db0b44d22c3df6bcbb82f99950dfa2a19aebe0d877386be1c731cc307c891e85fe48c50c7988299ee92ed3aad95d11 +SHA512 (git-2.37.0.rc1.tar.sign) = 0b622b99e0f2a56784e50c395661cc305e6a30b8bb8b5bf41d202929fe140ae3b32d8502089f316d8662d2c704060122c7b35debc2d7413c66a662a144ce2469 From 8b14c0b19ff01e4193995083fd72a5252cced4df Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Wed, 22 Jun 2022 15:51:09 -0400 Subject: [PATCH 024/113] update to 2.37.0-rc2 Release notes: https://github.com/git/git/raw/v2.37.0-rc2/Documentation/RelNotes/2.37.0.txt --- git.spec | 7 +++++-- sources | 4 ++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/git.spec b/git.spec index d58e164..6552e98 100644 --- a/git.spec +++ b/git.spec @@ -70,14 +70,14 @@ %endif # Define for release candidates -%global rcrev .rc1 +%global rcrev .rc2 # Set path to the package-notes linker script %global _package_note_file %{_builddir}/%{name}-%{version}%{?rcrev}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git Version: 2.37.0 -Release: 0.1%{?rcrev}%{?dist} +Release: 0.2%{?rcrev}%{?dist} Summary: Fast Version Control System License: GPLv2 URL: https://git-scm.com/ @@ -1007,6 +1007,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Wed Jun 22 2022 Todd Zullinger - 2.37.0-0.2.rc2 +- update to 2.37.0-rc2 + * Fri Jun 17 2022 Todd Zullinger - 2.37.0-0.1.rc1 - update to 2.37.0-rc1 diff --git a/sources b/sources index aed88fa..1f84e38 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.37.0.rc1.tar.xz) = 4a2ddb7d4be9bcfcdcc181693d09bd4b34db0b44d22c3df6bcbb82f99950dfa2a19aebe0d877386be1c731cc307c891e85fe48c50c7988299ee92ed3aad95d11 -SHA512 (git-2.37.0.rc1.tar.sign) = 0b622b99e0f2a56784e50c395661cc305e6a30b8bb8b5bf41d202929fe140ae3b32d8502089f316d8662d2c704060122c7b35debc2d7413c66a662a144ce2469 +SHA512 (git-2.37.0.rc2.tar.xz) = 1b81180f2ed4566a74bc37d47fa9790eb70048c43b5204a9eda03d6fe6dd8c273ccb464d2490877b6ada901845edc9ec7cc1a6d73c064be5d426ff9b9e64e1e5 +SHA512 (git-2.37.0.rc2.tar.sign) = 6b71e9495a4b758029ff37dca304c57161e60d88587f43dff32abf4c0dc218a329a16b16831e39eb0be3b6d61da1f91f7a9444eea38af4dfed4da8c0b6f80821 From eab9894931e14536f8965a8e524fc83e0a1fd2b1 Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Mon, 27 Jun 2022 15:07:38 -0400 Subject: [PATCH 025/113] update to 2.37.0 Release notes: https://github.com/git/git/raw/v2.37.0/Documentation/RelNotes/2.37.0.txt --- git.spec | 7 +++++-- sources | 4 ++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/git.spec b/git.spec index 6552e98..4863e00 100644 --- a/git.spec +++ b/git.spec @@ -70,14 +70,14 @@ %endif # Define for release candidates -%global rcrev .rc2 +#global rcrev .rc0 # Set path to the package-notes linker script %global _package_note_file %{_builddir}/%{name}-%{version}%{?rcrev}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git Version: 2.37.0 -Release: 0.2%{?rcrev}%{?dist} +Release: 1%{?rcrev}%{?dist} Summary: Fast Version Control System License: GPLv2 URL: https://git-scm.com/ @@ -1007,6 +1007,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Mon Jun 27 2022 Todd Zullinger - 2.37.0-1 +- update to 2.37.0 + * Wed Jun 22 2022 Todd Zullinger - 2.37.0-0.2.rc2 - update to 2.37.0-rc2 diff --git a/sources b/sources index 1f84e38..d351812 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.37.0.rc2.tar.xz) = 1b81180f2ed4566a74bc37d47fa9790eb70048c43b5204a9eda03d6fe6dd8c273ccb464d2490877b6ada901845edc9ec7cc1a6d73c064be5d426ff9b9e64e1e5 -SHA512 (git-2.37.0.rc2.tar.sign) = 6b71e9495a4b758029ff37dca304c57161e60d88587f43dff32abf4c0dc218a329a16b16831e39eb0be3b6d61da1f91f7a9444eea38af4dfed4da8c0b6f80821 +SHA512 (git-2.37.0.tar.xz) = 2ae3c845c9d0e0f5245e47f95c958c86a4aa2c47dfe31bff6fc81b2434d2e9402b7eced18700c04ba7158ed6a72807a81c4cde6a26dd30c969b4267b8fce4d0a +SHA512 (git-2.37.0.tar.sign) = f2f8816cacf0abc66e52123618192ae87153492a95d2390fe457ca9b8910a261c4d2225937b45658a1c3d7e6a4dc4f05527831c232461b955be600d981e756e3 From 47478b1513a0ad0755d75d49c35bc6801722f3ac Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Tue, 12 Jul 2022 13:33:11 -0400 Subject: [PATCH 026/113] update to 2.37.1 (CVE-2022-29187) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From the release notes for 2.30.5¹: This release contains minor fix-ups for the changes that went into Git 2.30.3 and 2.30.4, addressing CVE-2022-29187. * The safety check that verifies a safe ownership of the Git worktree is now extended to also cover the ownership of the Git directory (and the `.git` file, if there is any). Carlo Marcelo Arenas Belón (1): setup: tighten ownership checks post CVE-2022-24765 Additionally, from the release notes for 2.37.1²: * Rewrite of "git add -i" in C that appeared in Git 2.25 didn't correctly record a removed file to the index, which is an old regression but has become widely known because the C version has become the default in the latest release. ¹ https://github.com/git/git/raw/v2.37.1/Documentation/RelNotes/2.30.5.txt ² https://github.com/git/git/raw/v2.37.1/Documentation/RelNotes/2.37.1.txt --- git.spec | 5 ++++- sources | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/git.spec b/git.spec index 4863e00..8c50c7f 100644 --- a/git.spec +++ b/git.spec @@ -76,7 +76,7 @@ %global _package_note_file %{_builddir}/%{name}-%{version}%{?rcrev}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git -Version: 2.37.0 +Version: 2.37.1 Release: 1%{?rcrev}%{?dist} Summary: Fast Version Control System License: GPLv2 @@ -1007,6 +1007,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Tue Jul 12 2022 Todd Zullinger - 2.37.1-1 +- update to 2.37.1 (CVE-2022-29187) + * Mon Jun 27 2022 Todd Zullinger - 2.37.0-1 - update to 2.37.0 diff --git a/sources b/sources index d351812..45b2c13 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.37.0.tar.xz) = 2ae3c845c9d0e0f5245e47f95c958c86a4aa2c47dfe31bff6fc81b2434d2e9402b7eced18700c04ba7158ed6a72807a81c4cde6a26dd30c969b4267b8fce4d0a -SHA512 (git-2.37.0.tar.sign) = f2f8816cacf0abc66e52123618192ae87153492a95d2390fe457ca9b8910a261c4d2225937b45658a1c3d7e6a4dc4f05527831c232461b955be600d981e756e3 +SHA512 (git-2.37.1.tar.xz) = 3c9cad6b4757f425ee53996d8d80db2226b246513cbcec9011022e02e4235d7ec38c7c1aada73bb3c9279a91d1aaf8664633356ce1dce847e0d371f702a5b766 +SHA512 (git-2.37.1.tar.sign) = 204b84321e0eadcde81d4e2dc134d53706a569c77dd34a1919543ec3b0561b828eb6525a12cd3fba7238e03e9e26708d6d2b64cd1a4d902ee4d6e680339603a9 From 0266063d10ccdc4ba3f65595b15a8de474d50538 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 21 Jul 2022 06:16:03 +0000 Subject: [PATCH 027/113] Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- git.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/git.spec b/git.spec index 8c50c7f..42fb2b8 100644 --- a/git.spec +++ b/git.spec @@ -77,7 +77,7 @@ Name: git Version: 2.37.1 -Release: 1%{?rcrev}%{?dist} +Release: 1%{?rcrev}%{?dist}.1 Summary: Fast Version Control System License: GPLv2 URL: https://git-scm.com/ @@ -1007,6 +1007,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Thu Jul 21 2022 Fedora Release Engineering - 2.37.1-1.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + * Tue Jul 12 2022 Todd Zullinger - 2.37.1-1 - update to 2.37.1 (CVE-2022-29187) From 3eb6f047dca4b5670c71d48c094b1ce601f5db44 Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Sat, 23 Jul 2022 15:28:15 -0400 Subject: [PATCH 028/113] require systemd-rpm-macros rather than systemd MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The `BuildRequires: systemd` was added in d7389e7 (use systemd instead of xinetd (bz 737183), 2013-04-30). Since then, the systemd macros have been split into a subpackage¹. Adjust our BuildRequires (with an exception for EL-7). Replace `Requires*: systemd` in git-daemon with %{?systemd_requires}. ¹ https://src.fedoraproject.org/rpms/systemd/c/c9030f0 (Split out the rpm macros into systemd-rpm-macros subpackage, 2018-11-02), --- git.spec | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/git.spec b/git.spec index 42fb2b8..e7a699d 100644 --- a/git.spec +++ b/git.spec @@ -77,7 +77,7 @@ Name: git Version: 2.37.1 -Release: 1%{?rcrev}%{?dist}.1 +Release: 2%{?rcrev}%{?dist} Summary: Fast Version Control System License: GPLv2 URL: https://git-scm.com/ @@ -161,8 +161,11 @@ BuildRequires: perl # endif use_perl_interpreter BuildRequires: pkgconfig(bash-completion) BuildRequires: sed -# For macros +%if 0%{?fedora} || 0%{?rhel} >= 8 +BuildRequires: systemd-rpm-macros +%else BuildRequires: systemd +%endif BuildRequires: tcl BuildRequires: tk BuildRequires: xz @@ -360,10 +363,7 @@ Requires: perl(DBD::SQLite) %package daemon Summary: Git protocol daemon Requires: git-core = %{version}-%{release} -Requires: systemd -Requires(post): systemd -Requires(preun): systemd -Requires(postun): systemd +%{?systemd_requires} %description daemon The git daemon for supporting git:// access to git repositories @@ -1007,6 +1007,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Sat Jul 23 2022 Todd Zullinger - 2.37.1-2 +- require systemd-rpm-macros rather than systemd + * Thu Jul 21 2022 Fedora Release Engineering - 2.37.1-1.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild From 5c57e78875da2b7b029c2323cba7c6925a4d7cf4 Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Thu, 11 Aug 2022 14:22:53 -0400 Subject: [PATCH 029/113] update to 2.37.2 This is an upstream bugfix release. Release notes: https://github.com/git/git/raw/v2.37.2/Documentation/RelNotes/2.37.2.txt --- git.spec | 7 +++++-- sources | 4 ++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/git.spec b/git.spec index e7a699d..af92750 100644 --- a/git.spec +++ b/git.spec @@ -76,8 +76,8 @@ %global _package_note_file %{_builddir}/%{name}-%{version}%{?rcrev}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git -Version: 2.37.1 -Release: 2%{?rcrev}%{?dist} +Version: 2.37.2 +Release: 1%{?rcrev}%{?dist} Summary: Fast Version Control System License: GPLv2 URL: https://git-scm.com/ @@ -1007,6 +1007,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Thu Aug 11 2022 Todd Zullinger - 2.37.2-1 +- update to 2.37.2 + * Sat Jul 23 2022 Todd Zullinger - 2.37.1-2 - require systemd-rpm-macros rather than systemd diff --git a/sources b/sources index 45b2c13..c4e406c 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.37.1.tar.xz) = 3c9cad6b4757f425ee53996d8d80db2226b246513cbcec9011022e02e4235d7ec38c7c1aada73bb3c9279a91d1aaf8664633356ce1dce847e0d371f702a5b766 -SHA512 (git-2.37.1.tar.sign) = 204b84321e0eadcde81d4e2dc134d53706a569c77dd34a1919543ec3b0561b828eb6525a12cd3fba7238e03e9e26708d6d2b64cd1a4d902ee4d6e680339603a9 +SHA512 (git-2.37.2.tar.xz) = a26d83f4eeb71d49c427ced9509861f7677e13e806da729f369ca39b795f8417b789a0adec859f44716f7fbc1190f7d1e6e518e774ad95c89e88442ac125b9c2 +SHA512 (git-2.37.2.tar.sign) = 8ae911329f57df76e1fe9932ded46bf7a37350ae609802afa54da9d7c05be4d13907cae8585b8824b575d177a20dc11f3e555c820beb2cbf6d65509777faabda From 3bf0a72eb1e3c5b367f03440f246fda9c7b822c1 Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Sun, 14 Aug 2022 14:13:49 -0400 Subject: [PATCH 030/113] consolidate git-archimport removal in %prep We have not shipped git-archimport since 3f0dc97 (Drop git-arch on fedora >= 16, 2011-07-26). Replace the scattered references to it in the spec file with a small group of commands in %prep to remove it entirely. --- git.spec | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/git.spec b/git.spec index af92750..35651f6 100644 --- a/git.spec +++ b/git.spec @@ -77,7 +77,7 @@ Name: git Version: 2.37.2 -Release: 1%{?rcrev}%{?dist} +Release: 2%{?rcrev}%{?dist} Summary: Fast Version Control System License: GPLv2 URL: https://git-scm.com/ @@ -496,8 +496,10 @@ xz -dc '%{SOURCE0}' | %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1 # Install print-failed-test-output script install -p -m 755 %{SOURCE99} print-failed-test-output -# Remove git-archimport from command list +# Remove git-archimport +sed -i '/^SCRIPT_PERL += git-archimport\.perl$/d' Makefile sed -i '/^git-archimport/d' command-list.txt +rm git-archimport.perl Documentation/git-archimport.txt %if %{without cvs} # Remove git-cvs* from command list @@ -643,9 +645,6 @@ rm -rf contrib/scalar # Clean up contrib/subtree to avoid cruft in the git-core-doc docdir rm -rf contrib/subtree/{INSTALL,Makefile,git-subtree*,t} -# git-archimport is not supported -find %{buildroot} Documentation -type f -name 'git-archimport*' -exec rm -f {} ';' - %if %{without cvs} # Remove git-cvs* and gitcvs* find %{buildroot} Documentation \( -type f -o -type l \) \ @@ -663,7 +662,7 @@ rm -f %{buildroot}%{gitexecdir}/mergetools/p4merge # Remove unneeded git-remote-testsvn so git-svn can be noarch rm -f %{buildroot}%{gitexecdir}/git-remote-testsvn -exclude_re="archimport|email|git-(citool|credential-libsecret|cvs|daemon|gui|instaweb|p4|subtree|svn)|gitk|gitweb|p4merge" +exclude_re="email|git-(citool|credential-libsecret|cvs|daemon|gui|instaweb|p4|subtree|svn)|gitk|gitweb|p4merge" (find %{buildroot}{%{_bindir},%{_libexecdir}} -type f -o -type l | grep -vE "$exclude_re" | sed -e s@^%{buildroot}@@) > bin-man-doc-files (find %{buildroot}{%{_bindir},%{_libexecdir}} -mindepth 1 -type d | grep -vE "$exclude_re" | sed -e 's@^%{buildroot}@%dir @') >> bin-man-doc-files (find %{buildroot}%{perl_vendorlib} -type f | sed -e s@^%{buildroot}@@) > perl-git-files @@ -1007,6 +1006,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Sun Aug 14 2022 Todd Zullinger - 2.37.2-2 +- consolidate git-archimport removal in %%prep + * Thu Aug 11 2022 Todd Zullinger - 2.37.2-1 - update to 2.37.2 From c1a92d4bda57e39d25b1c908fd6c6ea1719b7f1c Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Tue, 30 Aug 2022 21:09:04 -0400 Subject: [PATCH 031/113] update to 2.37.3 This is an upstream bugfix release. Release notes: https://github.com/git/git/raw/v2.37.3/Documentation/RelNotes/2.37.3.txt --- git.spec | 7 +++++-- sources | 4 ++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/git.spec b/git.spec index 35651f6..51023d9 100644 --- a/git.spec +++ b/git.spec @@ -76,8 +76,8 @@ %global _package_note_file %{_builddir}/%{name}-%{version}%{?rcrev}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git -Version: 2.37.2 -Release: 2%{?rcrev}%{?dist} +Version: 2.37.3 +Release: 1%{?rcrev}%{?dist} Summary: Fast Version Control System License: GPLv2 URL: https://git-scm.com/ @@ -1006,6 +1006,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Tue Aug 30 2022 Todd Zullinger - 2.37.3-1 +- update to 2.37.3 + * Sun Aug 14 2022 Todd Zullinger - 2.37.2-2 - consolidate git-archimport removal in %%prep diff --git a/sources b/sources index c4e406c..4f304df 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.37.2.tar.xz) = a26d83f4eeb71d49c427ced9509861f7677e13e806da729f369ca39b795f8417b789a0adec859f44716f7fbc1190f7d1e6e518e774ad95c89e88442ac125b9c2 -SHA512 (git-2.37.2.tar.sign) = 8ae911329f57df76e1fe9932ded46bf7a37350ae609802afa54da9d7c05be4d13907cae8585b8824b575d177a20dc11f3e555c820beb2cbf6d65509777faabda +SHA512 (git-2.37.3.tar.xz) = 9120050b01d8ac8d9f9e85f19cb84dc90c28f3beadc3ea94da94845f2eb5e35aa83eee8447a7ecef5190b8eb5d01be621be2e82bb3020e51e05037cd1fa9b58f +SHA512 (git-2.37.3.tar.sign) = ca2b0396c7d5f47822578f654588580b101ce97e0a4913071b6987cdbb470e3fad456b967cf6ec5928c85d56aa8a8eeff123e0e9aaa4ce1cbfc79c30a2af3b03 From cbc4c3e411cc105150a1d9444dd327a6a5aec6f5 Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Sun, 21 Aug 2022 19:27:34 -0400 Subject: [PATCH 032/113] remove %changelog entries prior to 2020 The git history serves as the repository for the old entries. The changelog was roughly 20% of the total lines in the spec file. --- git.spec | 250 +------------------------------------------------------ 1 file changed, 1 insertion(+), 249 deletions(-) diff --git a/git.spec b/git.spec index 51023d9..f234f02 100644 --- a/git.spec +++ b/git.spec @@ -1008,6 +1008,7 @@ rmdir --ignore-fail-on-non-empty "$testdir" %changelog * Tue Aug 30 2022 Todd Zullinger - 2.37.3-1 - update to 2.37.3 +- remove %%changelog entries prior to 2020 * Sun Aug 14 2022 Todd Zullinger - 2.37.2-2 - consolidate git-archimport removal in %%prep @@ -1198,252 +1199,3 @@ rmdir --ignore-fail-on-non-empty "$testdir" * Tue Jan 26 2021 Fedora Release Engineering - 2.30.0-1.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild - -* Mon Dec 28 2020 Todd Zullinger - 2.30.0-1 -- update to 2.30.0 - -* Wed Dec 23 2020 Todd Zullinger - 2.30.0-0.2.rc2 -- update to 2.30.0-rc2 - -* Sat Dec 19 2020 Todd Zullinger - 2.30.0-0.1.rc1 -- update to 2.30.0-rc1 - -* Mon Dec 14 2020 Todd Zullinger - 2.30.0-0.0.rc0 -- update to 2.30.0-rc0 - -* Sun Dec 06 2020 Todd Zullinger - 2.29.2-4 -- move git-difftool to git-core, it does not require perl - -* Wed Nov 25 2020 Todd Zullinger - 2.29.2-3 -- apply upstream patch to resolve git fast-import memory leak (#1900335) -- add epel-rpm-macros BuildRequires on EL-7 (#1872865) - -* Sat Nov 07 2020 Todd Zullinger - 2.29.2-2 -- apply upstream patch to resolve git log segfault (#1791810) - -* Thu Oct 29 2020 Todd Zullinger - 2.29.2-1 -- update to 2.29.2 - -* Sat Oct 24 2020 Todd Zullinger - 2.29.1-1 -- update to 2.29.1 -- fix bugs in am/rebase handling of committer ident/date - -* Mon Oct 19 2020 Todd Zullinger - 2.29.0-1 -- update to 2.29.0 - -* Thu Oct 15 2020 Todd Zullinger - 2.29.0-0.2.rc2 -- update to 2.29.0-rc2 - -* Fri Oct 09 2020 Todd Zullinger - 2.29.0-0.1.rc1 -- update to 2.29.0-rc1 -- drop emacs-git stub for fedora >= 34 (#1882360) -- adjust python hashbang in contrib/hg-to-git, it supports python3 - -* Mon Oct 05 2020 Todd Zullinger - 2.29.0-0.0.rc0 -- update to 2.29.0-rc0 - -* Mon Jul 27 2020 Todd Zullinger - 2.28.0-1 -- update to 2.28.0 - -* Mon Jul 27 2020 Fedora Release Engineering - 2.28.0-0.3.rc2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild - -* Wed Jul 22 2020 Todd Zullinger - 2.28.0-0.2.rc2 -- update to 2.28.0-rc2 - -* Sat Jul 18 2020 Todd Zullinger - 2.28.0-0.1.rc1 -- update to 2.28.0-rc1 - -* Thu Jul 09 2020 Todd Zullinger - 2.28.0-0.0.rc0 -- update to 2.28.0-rc0 - -* Fri Jun 26 2020 Jitka Plesnikova - 2.27.0-1.2 -- Perl 5.32 re-rebuild of bootstrapped packages - -* Tue Jun 23 2020 Jitka Plesnikova - 2.27.0-1.1 -- Perl 5.32 rebuild - -* Mon Jun 01 2020 Todd Zullinger - 2.27.0-1 -- update to 2.27.0 - -* Tue May 26 2020 Todd Zullinger - 2.27.0-0.2.rc2 -- update to 2.27.0-rc2 - -* Thu May 21 2020 Todd Zullinger - 2.27.0-0.1.rc1 -- update to 2.27.0-rc1 - -* Thu May 21 2020 Merlin Mathesius - 2.26.2-2 -- Minor conditional fixes for ELN - -* Mon Apr 20 2020 Todd Zullinger - 2.26.2-1 -- update to 2.26.2 (CVE-2020-11008) - -* Tue Apr 14 2020 Todd Zullinger - 2.26.1-1 -- update to 2.26.1 (CVE-2020-5260) - -* Sat Apr 04 2020 Todd Zullinger - 2.26.0-2 -- fix issue with fast-forward rebases when rebase.abbreviateCommands is set -- fix/quiet rpmlint issues from libsecret split - -* Thu Apr 02 2020 Björn Esser - 2.26.0-1.1 -- Fix string quoting for rpm >= 4.16 - -* Sun Mar 22 2020 Todd Zullinger - 2.26.0-1 -- update to 2.26.0 - -* Mon Mar 16 2020 Todd Zullinger - 2.26.0-0.3.rc2 -- update to 2.26.0-rc2 - -* Thu Mar 12 2020 Todd Zullinger - 2.26.0-0.2.rc1 -- remove s390x gcc10 workaround (#1799408) - -* Tue Mar 10 2020 Todd Zullinger - 2.26.0-0.1.rc1 -- update to 2.26.0-rc1 -- adjust make test options -- add missing build deps for tests - -* Fri Mar 06 2020 Todd Zullinger - 2.26.0-0.0.rc0 -- update to 2.26.0-rc0 - -* Wed Feb 26 2020 Todd Zullinger - 2.25.1-4 -- use Asciidoctor to build documentation when possible - -* Sat Feb 22 2020 Todd Zullinger - 2.25.1-3 -- work around issue on s390x with gcc10 (#1799408) - -* Wed Feb 19 2020 Todd Zullinger - 2.25.1-2 -- split libsecret credential helper into a subpackage (#1804741) -- consolidate macros for Fedora/EPEL -- remove unneeded gnome-keyring obsoletes - -* Mon Feb 17 2020 Todd Zullinger - 2.25.1-1 -- update to 2.25.1 - -* Tue Jan 28 2020 Fedora Release Engineering - 2.25.0-2.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild - -* Tue Jan 14 2020 Tom Stellard - 2.25.0-2 -- Use make_build macro when running tests - -* Tue Jan 14 2020 Todd Zullinger - 2.25.0-1 -- update to 2.25.0 - -* Thu Jan 09 2020 Todd Zullinger - 2.25.0-0.2.rc2 -- update to 2.25.0-rc2 - -* Fri Jan 03 2020 Todd Zullinger - 2.25.0-0.1.rc1 -- update to 2.25.0-rc1 -- only add highlight test BR for ppc64le/x86_64 on EL7+ - -* Wed Dec 25 2019 Todd Zullinger - 2.25.0-0.0.rc0 -- update to 2.25.0-rc0 - -* Thu Dec 19 2019 Todd Zullinger - 2.24.1-2 -- fix git-daemon systemd scriptlets (#1785088) - -* Tue Dec 10 2019 Todd Zullinger - 2.24.1-1 -- update to 2.24.1 (CVE-2019-1348, CVE-2019-1349, CVE-2019-1350, CVE-2019-1351, - CVE-2019-1352, CVE-2019-1353, CVE-2019-1354, and CVE-2019-1387) - -* Wed Dec 04 2019 Todd Zullinger - 2.24.0-2 -- restore jgit BR for use in tests - -* Mon Nov 04 2019 Todd Zullinger - 2.24.0-1 -- update to 2.24.0 - -* Thu Oct 31 2019 Todd Zullinger - 2.24.0-0.2.rc2 -- update to 2.24.0-rc2 - -* Sun Oct 27 2019 Todd Zullinger - 2.24.0-0.1.rc1.1 -- disable linkchecker on all EL releases - -* Thu Oct 24 2019 Todd Zullinger - 2.24.0-0.1.rc1 -- update to 2.24.0-rc1 -- skip failing test in t7812-grep-icase-non-ascii on s390x -- gitk: add Requires: git-gui (#1765113) - -* Sat Oct 19 2019 Todd Zullinger - 2.24.0-0.0.rc0 -- update to 2.24.0-rc0 -- fix t0500-progress-display on big-endian arches - -* Fri Aug 16 2019 Todd Zullinger - 2.23.0-1 -- Update to 2.23.0 - -* Sun Aug 11 2019 Todd Zullinger - 2.23.0-0.2.rc2 -- Update to 2.23.0-rc2 - -* Fri Aug 02 2019 Todd Zullinger - 2.23.0-0.1.rc1 -- Update to 2.23.0-rc1 - -* Mon Jul 29 2019 Todd Zullinger - 2.23.0-0.0.rc0 -- Update to 2.23.0-rc0 - -* Thu Jul 25 2019 Todd Zullinger - 2.22.0-2 -- completion: do not cache if --git-completion-helper fails -- avoid trailing comments in spec file -- drop jgit on Fedora > 30 - -* Thu Jul 25 2019 Fedora Release Engineering - 2.22.0-1.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild - -* Fri Jun 07 2019 Todd Zullinger - 2.22.0-1 -- Update to 2.22.0 - -* Tue Jun 04 2019 Jitka Plesnikova - 2.22.0-0.7.rc3 -- Perl 5.30 re-rebuild updated packages - -* Mon Jun 03 2019 Todd Zullinger - 2.22.0-0.6.rc3 -- Update to 2.22.0-rc3 - -* Sun Jun 02 2019 Jitka Plesnikova - 2.22.0-0.5.rc2 -- Perl 5.30 re-rebuild of bootstrapped packages - -* Sat Jun 01 2019 Jitka Plesnikova - 2.22.0-0.4.rc2 -- Perl 5.30 rebuild - -* Thu May 30 2019 Todd Zullinger - 2.22.0-0.3.rc2 -- Update to 2.22.0-rc1 - -* Fri May 24 2019 Todd Zullinger - 2.22.0-0.2.rc1 -- Apply upstream fixes for diff-parseopt issues on s390x - -* Sun May 19 2019 Todd Zullinger - 2.22.0-0.1.rc1 -- Update to 2.22.0-rc1 - -* Mon May 13 2019 Todd Zullinger - 2.22.0-0.0.rc0 -- Update to 2.22.0-rc0 -- Ensure a consistent format for test output -- Improve JGIT test prereq (jgit on Fedora >= 30 is broken) -- Add perl(JSON::PP) BuildRequires for trace2 tests - -* Sun Feb 24 2019 Todd Zullinger - 2.21.0-1 -- Update to 2.21.0 -- Move gitweb manpages to gitweb package -- Link git-citool to git-gui if they are identical - -* Tue Feb 19 2019 Todd Zullinger - 2.21.0-0.2.rc2 -- Update to 2.21.0.rc2 - -* Fri Feb 15 2019 Todd Zullinger -- Set SOURCE_DATE_EPOCH and TZ to improve build reproducibility - -* Wed Feb 13 2019 Todd Zullinger - 2.21.0-0.1.rc1 -- Update to 2.21.0.rc1 - -* Thu Feb 07 2019 Todd Zullinger - 2.21.0-0.0.rc0 -- Update to 2.21.0.rc0 -- Remove %%changelog entries prior to 2017 - -* Thu Jan 31 2019 Todd Zullinger - 2.20.1-2 -- Remove extraneous pcre BuildRequires -- Add additional BuildRequires for i18n locales used in tests -- Replace gitweb home-link with inline sed -- Add gnupg2-smime and perl JSON BuildRequires for tests -- Work around gpg-agent issues in the test suite -- Drop gnupg BuildRequires on fedora >= 30 -- Fix formatting of contrib/{contacts,subtree} docs -- Use %%{build_cflags} and %%{build_ldflags} -- Drop unneeded TEST_SHELL_PATH make variable - -* Thu Jan 31 2019 Fedora Release Engineering - 2.20.1-1.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild From 0d294dd61006522f5434a82f76ad186aa19d052c Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Fri, 19 Aug 2022 21:52:40 -0400 Subject: [PATCH 033/113] tests: try harder to find open ports for apache, git, and svn When running multiple builds, we frequently see failures due to port conflicts, particularly with httpd tests. Retry with a different port when the test function start_httpd() fails to reduce these spurious failures. We should not need to skip t9115-git-svn-dcommit-funky-renames as a result. Remove it from GIT_SKIP_TESTS. Similarly, adjust the git-daemon and svnserve start functions. --- ...try-harder-to-find-a-port-for-apache.patch | 73 +++++++++++++++ ...git-daemon-try-harder-to-find-a-port.patch | 88 +++++++++++++++++++ ...ib-git-svn-try-harder-to-find-a-port.patch | 85 ++++++++++++++++++ git.spec | 22 ++--- 4 files changed, 257 insertions(+), 11 deletions(-) create mode 100644 0001-t-lib-httpd-try-harder-to-find-a-port-for-apache.patch create mode 100644 0002-t-lib-git-daemon-try-harder-to-find-a-port.patch create mode 100644 0003-t-lib-git-svn-try-harder-to-find-a-port.patch diff --git a/0001-t-lib-httpd-try-harder-to-find-a-port-for-apache.patch b/0001-t-lib-httpd-try-harder-to-find-a-port-for-apache.patch new file mode 100644 index 0000000..f7c1509 --- /dev/null +++ b/0001-t-lib-httpd-try-harder-to-find-a-port-for-apache.patch @@ -0,0 +1,73 @@ +From aedeaaf788bd8a7fc5a1887196b6f6d8a5c31362 Mon Sep 17 00:00:00 2001 +From: Todd Zullinger +Date: Sun, 21 Aug 2022 13:49:57 -0400 +Subject: [PATCH] t/lib-httpd: try harder to find a port for apache +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +When running multiple builds concurrently, tests which run daemons, like +apache httpd, sometimes conflict with each other, leading to spurious +failures: + + ++ /usr/sbin/httpd -d '/tmp/git-t.ck9I/trash directory.t9118-git-svn-funky-branch-names/httpd' \ + -f /builddir/build/BUILD/git-2.37.2/t/lib-httpd/apache.conf -DDAV -DSVN -c 'Listen 127.0.0.1:9118' \ + -k start + (98)Address already in use: AH00072: make_sock: could not bind to address 127.0.0.1:9118 + no listening sockets available, shutting down + AH00015: Unable to open logs + ++ test 1 -ne 0 + +Try a bit harder to find an open port to use to avoid these intermittent +failures. If we fail to start httpd, increment the port number and try +again. By default, we make 3 attempts. This may be overridden by +setting GIT_TEST_START_HTTPD_TRIES to a different value. + +Helped-by: Ondřej Pohořelský +Signed-off-by: Todd Zullinger +--- + t/lib-httpd.sh | 29 ++++++++++++++++++----------- + 1 file changed, 18 insertions(+), 11 deletions(-) + +diff --git a/t/lib-httpd.sh b/t/lib-httpd.sh +index 1f6b9b08d1..9279dcd659 100644 +--- a/t/lib-httpd.sh ++++ b/t/lib-httpd.sh +@@ -175,19 +175,26 @@ prepare_httpd() { + } + + start_httpd() { +- prepare_httpd >&3 2>&4 +- + test_atexit stop_httpd + +- "$LIB_HTTPD_PATH" -d "$HTTPD_ROOT_PATH" \ +- -f "$TEST_PATH/apache.conf" $HTTPD_PARA \ +- -c "Listen 127.0.0.1:$LIB_HTTPD_PORT" -k start \ +- >&3 2>&4 +- if test $? -ne 0 +- then +- cat "$HTTPD_ROOT_PATH"/error.log >&4 2>/dev/null +- test_skip_or_die GIT_TEST_HTTPD "web server setup failed" +- fi ++ i=0 ++ while test $i -lt ${GIT_TEST_START_HTTPD_TRIES:-3} ++ do ++ i=$(($i + 1)) ++ prepare_httpd >&3 2>&4 ++ say >&3 "Starting httpd on port $LIB_HTTPD_PORT" ++ "$LIB_HTTPD_PATH" -d "$HTTPD_ROOT_PATH" \ ++ -f "$TEST_PATH/apache.conf" $HTTPD_PARA \ ++ -c "Listen 127.0.0.1:$LIB_HTTPD_PORT" -k start \ ++ >&3 2>&4 ++ test $? -eq 0 && return ++ LIB_HTTPD_PORT=$(($LIB_HTTPD_PORT + 1)) ++ export LIB_HTTPD_PORT ++ # clean up modules symlink, prepare_httpd will re-create it ++ rm -f "$HTTPD_ROOT_PATH/modules" ++ done ++ cat "$HTTPD_ROOT_PATH"/error.log >&4 2>/dev/null ++ test_skip_or_die GIT_TEST_HTTPD "web server setup failed" + } + + stop_httpd() { diff --git a/0002-t-lib-git-daemon-try-harder-to-find-a-port.patch b/0002-t-lib-git-daemon-try-harder-to-find-a-port.patch new file mode 100644 index 0000000..4540b63 --- /dev/null +++ b/0002-t-lib-git-daemon-try-harder-to-find-a-port.patch @@ -0,0 +1,88 @@ +From 16750d024ce038b019ab2e9ee5639901e445af37 Mon Sep 17 00:00:00 2001 +From: Todd Zullinger +Date: Fri, 26 Aug 2022 18:28:44 -0400 +Subject: [PATCH] t/lib-git-daemon: try harder to find a port + +As with the previous commit, try harder to find an open port to avoid +intermittent failures on busy/shared build systems. + +By default, we make 3 attempts. This may be overridden by setting +GIT_TEST_START_GIT_DAEMON_TRIES to a different value. + +Signed-off-by: Todd Zullinger +--- + t/lib-git-daemon.sh | 60 ++++++++++++++++++++++++++++----------------- + 1 file changed, 37 insertions(+), 23 deletions(-) + +diff --git a/t/lib-git-daemon.sh b/t/lib-git-daemon.sh +index e62569222b..c3e8dda9ff 100644 +--- a/t/lib-git-daemon.sh ++++ b/t/lib-git-daemon.sh +@@ -51,30 +51,44 @@ start_git_daemon() { + registered_stop_git_daemon_atexit_handler=AlreadyDone + fi + +- say >&3 "Starting git daemon ..." +- mkfifo git_daemon_output +- ${LIB_GIT_DAEMON_COMMAND:-git daemon} \ +- --listen=127.0.0.1 --port="$LIB_GIT_DAEMON_PORT" \ +- --reuseaddr --verbose --pid-file="$GIT_DAEMON_PIDFILE" \ +- --base-path="$GIT_DAEMON_DOCUMENT_ROOT_PATH" \ +- "$@" "$GIT_DAEMON_DOCUMENT_ROOT_PATH" \ +- >&3 2>git_daemon_output & +- GIT_DAEMON_PID=$! +- { +- read -r line <&7 +- printf "%s\n" "$line" >&4 +- cat <&7 >&4 & +- } 7&3 "Starting git daemon on port $LIB_GIT_DAEMON_PORT ..." ++ mkfifo git_daemon_output ++ ${LIB_GIT_DAEMON_COMMAND:-git daemon} \ ++ --listen=127.0.0.1 --port="$LIB_GIT_DAEMON_PORT" \ ++ --reuseaddr --verbose --pid-file="$GIT_DAEMON_PIDFILE" \ ++ --base-path="$GIT_DAEMON_DOCUMENT_ROOT_PATH" \ ++ "$@" "$GIT_DAEMON_DOCUMENT_ROOT_PATH" \ ++ >&3 2>git_daemon_output & ++ GIT_DAEMON_PID=$! ++ { ++ read -r line <&7 ++ printf "%s\n" "$line" >&4 ++ cat <&7 >&4 & ++ } 7 +Date: Fri, 26 Aug 2022 18:28:44 -0400 +Subject: [PATCH] t/lib-git-svn: try harder to find a port + +As with the previous commits, try harder to find an open port to avoid +intermittent failures on busy/shared build systems. + +By default, we make 3 attempts. This may be overridden by setting +GIT_TEST_START_SVNSERVE_TRIES to a different value. + +Run svnserve in daemon mode and use 'test_atexit' to stop it. This is +cleaner than running in the foreground with --listen-once and having to +manage the PID ourselves. + +Signed-off-by: Todd Zullinger +--- + t/lib-git-svn.sh | 34 +++++++++++++++++++++++++---- + t/t9113-git-svn-dcommit-new-file.sh | 1 - + 2 files changed, 30 insertions(+), 5 deletions(-) + +diff --git a/t/lib-git-svn.sh b/t/lib-git-svn.sh +index ea28971e8e..04e660e2ba 100644 +--- a/t/lib-git-svn.sh ++++ b/t/lib-git-svn.sh +@@ -17,6 +17,7 @@ fi + GIT_DIR=$PWD/.git + GIT_SVN_DIR=$GIT_DIR/svn/refs/remotes/git-svn + SVN_TREE=$GIT_SVN_DIR/svn-tree ++SVNSERVE_PIDFILE="$PWD"/daemon.pid + test_set_port SVNSERVE_PORT + + svn >/dev/null 2>&1 +@@ -119,10 +120,35 @@ require_svnserve () { + } + + start_svnserve () { +- svnserve --listen-port $SVNSERVE_PORT \ +- --root "$rawsvnrepo" \ +- --listen-once \ +- --listen-host 127.0.0.1 & ++ test_atexit stop_svnserve ++ ++ i=0 ++ while test $i -lt ${GIT_TEST_START_SVNSERVE_TRIES:-3} ++ do ++ say >&3 "Starting svnserve on port $SVNSERVE_PORT ..." ++ svnserve --listen-port $SVNSERVE_PORT \ ++ --root "$rawsvnrepo" \ ++ --daemon --pid-file="$SVNSERVE_PIDFILE" \ ++ --listen-host 127.0.0.1 ++ ret=$? ++ # increment port and retry if unsuccessful ++ if test $ret -ne 0 ++ then ++ SVNSERVE_PORT=$(($SVNSERVE_PORT + 1)) ++ export SVNSERVE_PORT ++ else ++ break ++ fi ++ done ++} ++ ++stop_svnserve () { ++ say >&3 "Stopping svnserve ..." ++ SVNSERVE_PID="$(cat "$SVNSERVE_PIDFILE")" ++ if test -n "$SVNSERVE_PID" ++ then ++ kill "$SVNSERVE_PID" 2>/dev/null ++ fi + } + + prepare_utf8_locale () { +diff --git a/t/t9113-git-svn-dcommit-new-file.sh b/t/t9113-git-svn-dcommit-new-file.sh +index e8479cec7a..5925891f5d 100755 +--- a/t/t9113-git-svn-dcommit-new-file.sh ++++ b/t/t9113-git-svn-dcommit-new-file.sh +@@ -28,7 +28,6 @@ test_expect_success 'create files in new directory with dcommit' " + echo hello > git-new-dir/world && + git update-index --add git-new-dir/world && + git commit -m hello && +- start_svnserve && + git svn dcommit + " + diff --git a/git.spec b/git.spec index f234f02..2d1fab2 100644 --- a/git.spec +++ b/git.spec @@ -109,6 +109,16 @@ Source99: print-failed-test-output # https://bugzilla.redhat.com/490602 Patch0: git-cvsimport-Ignore-cvsps-2.2b1-Branches-output.patch +# https://bugzilla.redhat.com/2114531 +# tests: try harder to find open ports for apache, git, and svn +# +# https://github.com/tmzullinger/git/commit/aedeaaf788 +Patch1: 0001-t-lib-httpd-try-harder-to-find-a-port-for-apache.patch +# https://github.com/tmzullinger/git/commit/16750d024c +Patch2: 0002-t-lib-git-daemon-try-harder-to-find-a-port.patch +# https://github.com/tmzullinger/git/commit/aa5105dc11 +Patch3: 0003-t-lib-git-svn-try-harder-to-find-a-port.patch + %if %{with docs} # pod2man is needed to build Git.3pm BuildRequires: %{_bindir}/pod2man @@ -794,17 +804,6 @@ GIT_SKIP_TESTS="$GIT_SKIP_TESTS t5541.36 t5551.25" %endif # endif aarch64 %%{arm} %%{power64} -%ifarch %{power64} -# Skip tests which fail on ppc -# -# t9115-git-svn-dcommit-funky-renames is disabled because it frequently fails. -# The port it uses (9115) is already in use. It is unclear if this is -# due to an issue in the test suite or a conflict with some other process on -# the build host. It only appears to occur on ppc-arches. -GIT_SKIP_TESTS="$GIT_SKIP_TESTS t9115" -%endif -# endif %%{power64} - %if 0%{?rhel} == 8 && "%{_arch}" == "s390x" # Skip tests which fail on s390x on rhel-8 # @@ -1009,6 +1008,7 @@ rmdir --ignore-fail-on-non-empty "$testdir" * Tue Aug 30 2022 Todd Zullinger - 2.37.3-1 - update to 2.37.3 - remove %%changelog entries prior to 2020 +- tests: try harder to find open ports for apache, git, and svn * Sun Aug 14 2022 Todd Zullinger - 2.37.2-2 - consolidate git-archimport removal in %%prep From ea59aa363719d7f73903a7ec9f0f53d775bf1614 Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Fri, 16 Sep 2022 00:21:22 -0400 Subject: [PATCH 034/113] update to 2.38.0-rc0 Adjust number of t5541 "push 2000 tags over http" test, which we skip on aarch64 and ppc64le arches. It was shifted from 36 to 37 by upstream b0c4adcdd7 (remote-curl: send Accept-Language header to server, 2022-07-11). Release notes: https://github.com/git/git/raw/v2.38.0-rc0/Documentation/RelNotes/2.38.0.txt --- ...docs-fix-a-few-recently-broken-links.patch | 75 +++++++++++++++++++ ...s-link-to-html-version-of-api-trace2.patch | 29 +++++++ git.spec | 17 ++++- sources | 4 +- 4 files changed, 119 insertions(+), 6 deletions(-) create mode 100644 0001-docs-fix-a-few-recently-broken-links.patch create mode 100644 0002-api-docs-link-to-html-version-of-api-trace2.patch diff --git a/0001-docs-fix-a-few-recently-broken-links.patch b/0001-docs-fix-a-few-recently-broken-links.patch new file mode 100644 index 0000000..91961ec --- /dev/null +++ b/0001-docs-fix-a-few-recently-broken-links.patch @@ -0,0 +1,75 @@ +From 349a26b8a0fe65e26b1d75af4e30d356de499a2f Mon Sep 17 00:00:00 2001 +From: Todd Zullinger +Date: Fri, 16 Sep 2022 00:50:28 -0400 +Subject: [PATCH] docs: fix a few recently broken links + +Some links were broken in the recent move of various technical docs +c0f6dd49f1 (Merge branch 'ab/tech-docs-to-help', 2022-08-14). + +Fix them. + +Signed-off-by: Todd Zullinger +--- + Documentation/gitprotocol-capabilities.txt | 4 ++-- + Documentation/gitprotocol-v2.txt | 4 ++-- + Documentation/technical/bundle-uri.txt | 3 +-- + Documentation/user-manual.txt | 2 +- + 4 files changed, 6 insertions(+), 7 deletions(-) + +diff --git a/Documentation/gitprotocol-capabilities.txt b/Documentation/gitprotocol-capabilities.txt +index c6dcc7d565..0fb5ea0c1c 100644 +--- a/Documentation/gitprotocol-capabilities.txt ++++ b/Documentation/gitprotocol-capabilities.txt +@@ -388,8 +388,8 @@ the server as well. + Session IDs should be unique to a given process. They must fit within a + packet-line, and must not contain non-printable or whitespace characters. The + current implementation uses trace2 session IDs (see +-link:api-trace2.html[api-trace2] for details), but this may change and users of +-the session ID should not rely on this fact. ++link:technical/api-trace2.html[api-trace2] for details), but this may change ++and users of the session ID should not rely on this fact. + + GIT + --- +diff --git a/Documentation/gitprotocol-v2.txt b/Documentation/gitprotocol-v2.txt +index c9c0f9160b..59bf41cefb 100644 +--- a/Documentation/gitprotocol-v2.txt ++++ b/Documentation/gitprotocol-v2.txt +@@ -544,8 +544,8 @@ the server as well. + Session IDs should be unique to a given process. They must fit within a + packet-line, and must not contain non-printable or whitespace characters. The + current implementation uses trace2 session IDs (see +-link:api-trace2.html[api-trace2] for details), but this may change and users of +-the session ID should not rely on this fact. ++link:technical/api-trace2.html[api-trace2] for details), but this may change ++and users of the session ID should not rely on this fact. + + object-info + ~~~~~~~~~~~ +diff --git a/Documentation/technical/bundle-uri.txt b/Documentation/technical/bundle-uri.txt +index c25c42378a..85c6a7fc7c 100644 +--- a/Documentation/technical/bundle-uri.txt ++++ b/Documentation/technical/bundle-uri.txt +@@ -3,8 +3,7 @@ Bundle URIs + + Git bundles are files that store a pack-file along with some extra metadata, + including a set of refs and a (possibly empty) set of necessary commits. See +-linkgit:git-bundle[1] and link:bundle-format.txt[the bundle format] for more +-information. ++linkgit:git-bundle[1] and linkgit:gitformat-bundle[5] for more information. + + Bundle URIs are locations where Git can download one or more bundles in + order to bootstrap the object database in advance of fetching the remaining +diff --git a/Documentation/user-manual.txt b/Documentation/user-manual.txt +index ca9decdd95..dc9c6a663a 100644 +--- a/Documentation/user-manual.txt ++++ b/Documentation/user-manual.txt +@@ -3133,7 +3133,7 @@ those "loose" objects. + You can save space and make Git faster by moving these loose objects in + to a "pack file", which stores a group of objects in an efficient + compressed format; the details of how pack files are formatted can be +-found in link:gitformat-pack[5]. ++found in linkgit:gitformat-pack[5]. + + To put the loose objects into a pack, just run git repack: + diff --git a/0002-api-docs-link-to-html-version-of-api-trace2.patch b/0002-api-docs-link-to-html-version-of-api-trace2.patch new file mode 100644 index 0000000..4c854f4 --- /dev/null +++ b/0002-api-docs-link-to-html-version-of-api-trace2.patch @@ -0,0 +1,29 @@ +From 6e50f870372027b5c8c3e68df3c193384c5f6e59 Mon Sep 17 00:00:00 2001 +From: Todd Zullinger +Date: Fri, 16 Sep 2022 01:15:15 -0400 +Subject: [PATCH] api docs: link to html version of api-trace2 + +In f6d25d7878 (api docs: document that BUG() emits a trace2 error event, +2021-04-13), a link to the plain text version of api-trace2 was added in +`technical/api-error-handling.txt`. + +All of our other `link:`s point to the html versions. Do the same here. + +Signed-off-by: Todd Zullinger +--- + Documentation/technical/api-error-handling.txt | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Documentation/technical/api-error-handling.txt b/Documentation/technical/api-error-handling.txt +index 70bf1d3e52..665c4960b4 100644 +--- a/Documentation/technical/api-error-handling.txt ++++ b/Documentation/technical/api-error-handling.txt +@@ -46,7 +46,7 @@ parse-options.c. + returns -1 after reporting the situation to the caller. + + These reports will be logged via the trace2 facility. See the "error" +-event in link:api-trace2.txt[trace2 API]. ++event in link:api-trace2.html[trace2 API]. + + Customizable error handlers + --------------------------- diff --git a/git.spec b/git.spec index 2d1fab2..36bc8e0 100644 --- a/git.spec +++ b/git.spec @@ -70,14 +70,14 @@ %endif # Define for release candidates -#global rcrev .rc0 +%global rcrev .rc0 # Set path to the package-notes linker script %global _package_note_file %{_builddir}/%{name}-%{version}%{?rcrev}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git -Version: 2.37.3 -Release: 1%{?rcrev}%{?dist} +Version: 2.38.0 +Release: 0.0%{?rcrev}%{?dist} Summary: Fast Version Control System License: GPLv2 URL: https://git-scm.com/ @@ -119,6 +119,12 @@ Patch2: 0002-t-lib-git-daemon-try-harder-to-find-a-port.patch # https://github.com/tmzullinger/git/commit/aa5105dc11 Patch3: 0003-t-lib-git-svn-try-harder-to-find-a-port.patch +# fix a few broken links +# https://lore.kernel.org/git/20220916062303.3736166-1-tmz@pobox.com/ +# https://lore.kernel.org/git/20220916062303.3736166-2-tmz@pobox.com/ +Patch4: 0001-docs-fix-a-few-recently-broken-links.patch +Patch5: 0002-api-docs-link-to-html-version-of-api-trace2.patch + %if %{with docs} # pod2man is needed to build Git.3pm BuildRequires: %{_bindir}/pod2man @@ -800,7 +806,7 @@ GIT_SKIP_TESTS="" # to limit the maximum stack size. # t5541.36 'push 2000 tags over http' # t5551.25 'clone the 2,000 tag repo to check OS command line overflow' -GIT_SKIP_TESTS="$GIT_SKIP_TESTS t5541.36 t5551.25" +GIT_SKIP_TESTS="$GIT_SKIP_TESTS t5541.37 t5551.25" %endif # endif aarch64 %%{arm} %%{power64} @@ -1005,6 +1011,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Fri Sep 16 2022 Todd Zullinger - 2.38.0-0.0.rc0 +- update to 2.38.0-rc0 + * Tue Aug 30 2022 Todd Zullinger - 2.37.3-1 - update to 2.37.3 - remove %%changelog entries prior to 2020 diff --git a/sources b/sources index 4f304df..eed459c 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.37.3.tar.xz) = 9120050b01d8ac8d9f9e85f19cb84dc90c28f3beadc3ea94da94845f2eb5e35aa83eee8447a7ecef5190b8eb5d01be621be2e82bb3020e51e05037cd1fa9b58f -SHA512 (git-2.37.3.tar.sign) = ca2b0396c7d5f47822578f654588580b101ce97e0a4913071b6987cdbb470e3fad456b967cf6ec5928c85d56aa8a8eeff123e0e9aaa4ce1cbfc79c30a2af3b03 +SHA512 (git-2.38.0.rc0.tar.xz) = 98b5aa08da0a754d3d6119b4690e2add3f85295ba5243f8cbfef04738c27ab1d39c3388e27349a824841f4b54004e22e8731f5aa37afa5f62b2b2a197b8ec84a +SHA512 (git-2.38.0.rc0.tar.sign) = 80d1c913f32a4c63178f3514cf04052580c9699c1161d7d5ed4329961218c4712705c5dcf16162ec53487a2bb0b204bbad6559c7ff99de8fa1b937b0e9ed3f7e From 35ed577d15d597bfc92ffb88bde85349d9fb96ac Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Wed, 21 Sep 2022 20:32:41 -0400 Subject: [PATCH 035/113] update to 2.38.0-rc1 Release notes: https://github.com/git/git/raw/v2.38.0-rc1/Documentation/RelNotes/2.38.0.txt --- ...docs-fix-a-few-recently-broken-links.patch | 75 ------------------- ...s-link-to-html-version-of-api-trace2.patch | 29 ------- git.spec | 13 ++-- sources | 4 +- 4 files changed, 7 insertions(+), 114 deletions(-) delete mode 100644 0001-docs-fix-a-few-recently-broken-links.patch delete mode 100644 0002-api-docs-link-to-html-version-of-api-trace2.patch diff --git a/0001-docs-fix-a-few-recently-broken-links.patch b/0001-docs-fix-a-few-recently-broken-links.patch deleted file mode 100644 index 91961ec..0000000 --- a/0001-docs-fix-a-few-recently-broken-links.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 349a26b8a0fe65e26b1d75af4e30d356de499a2f Mon Sep 17 00:00:00 2001 -From: Todd Zullinger -Date: Fri, 16 Sep 2022 00:50:28 -0400 -Subject: [PATCH] docs: fix a few recently broken links - -Some links were broken in the recent move of various technical docs -c0f6dd49f1 (Merge branch 'ab/tech-docs-to-help', 2022-08-14). - -Fix them. - -Signed-off-by: Todd Zullinger ---- - Documentation/gitprotocol-capabilities.txt | 4 ++-- - Documentation/gitprotocol-v2.txt | 4 ++-- - Documentation/technical/bundle-uri.txt | 3 +-- - Documentation/user-manual.txt | 2 +- - 4 files changed, 6 insertions(+), 7 deletions(-) - -diff --git a/Documentation/gitprotocol-capabilities.txt b/Documentation/gitprotocol-capabilities.txt -index c6dcc7d565..0fb5ea0c1c 100644 ---- a/Documentation/gitprotocol-capabilities.txt -+++ b/Documentation/gitprotocol-capabilities.txt -@@ -388,8 +388,8 @@ the server as well. - Session IDs should be unique to a given process. They must fit within a - packet-line, and must not contain non-printable or whitespace characters. The - current implementation uses trace2 session IDs (see --link:api-trace2.html[api-trace2] for details), but this may change and users of --the session ID should not rely on this fact. -+link:technical/api-trace2.html[api-trace2] for details), but this may change -+and users of the session ID should not rely on this fact. - - GIT - --- -diff --git a/Documentation/gitprotocol-v2.txt b/Documentation/gitprotocol-v2.txt -index c9c0f9160b..59bf41cefb 100644 ---- a/Documentation/gitprotocol-v2.txt -+++ b/Documentation/gitprotocol-v2.txt -@@ -544,8 +544,8 @@ the server as well. - Session IDs should be unique to a given process. They must fit within a - packet-line, and must not contain non-printable or whitespace characters. The - current implementation uses trace2 session IDs (see --link:api-trace2.html[api-trace2] for details), but this may change and users of --the session ID should not rely on this fact. -+link:technical/api-trace2.html[api-trace2] for details), but this may change -+and users of the session ID should not rely on this fact. - - object-info - ~~~~~~~~~~~ -diff --git a/Documentation/technical/bundle-uri.txt b/Documentation/technical/bundle-uri.txt -index c25c42378a..85c6a7fc7c 100644 ---- a/Documentation/technical/bundle-uri.txt -+++ b/Documentation/technical/bundle-uri.txt -@@ -3,8 +3,7 @@ Bundle URIs - - Git bundles are files that store a pack-file along with some extra metadata, - including a set of refs and a (possibly empty) set of necessary commits. See --linkgit:git-bundle[1] and link:bundle-format.txt[the bundle format] for more --information. -+linkgit:git-bundle[1] and linkgit:gitformat-bundle[5] for more information. - - Bundle URIs are locations where Git can download one or more bundles in - order to bootstrap the object database in advance of fetching the remaining -diff --git a/Documentation/user-manual.txt b/Documentation/user-manual.txt -index ca9decdd95..dc9c6a663a 100644 ---- a/Documentation/user-manual.txt -+++ b/Documentation/user-manual.txt -@@ -3133,7 +3133,7 @@ those "loose" objects. - You can save space and make Git faster by moving these loose objects in - to a "pack file", which stores a group of objects in an efficient - compressed format; the details of how pack files are formatted can be --found in link:gitformat-pack[5]. -+found in linkgit:gitformat-pack[5]. - - To put the loose objects into a pack, just run git repack: - diff --git a/0002-api-docs-link-to-html-version-of-api-trace2.patch b/0002-api-docs-link-to-html-version-of-api-trace2.patch deleted file mode 100644 index 4c854f4..0000000 --- a/0002-api-docs-link-to-html-version-of-api-trace2.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 6e50f870372027b5c8c3e68df3c193384c5f6e59 Mon Sep 17 00:00:00 2001 -From: Todd Zullinger -Date: Fri, 16 Sep 2022 01:15:15 -0400 -Subject: [PATCH] api docs: link to html version of api-trace2 - -In f6d25d7878 (api docs: document that BUG() emits a trace2 error event, -2021-04-13), a link to the plain text version of api-trace2 was added in -`technical/api-error-handling.txt`. - -All of our other `link:`s point to the html versions. Do the same here. - -Signed-off-by: Todd Zullinger ---- - Documentation/technical/api-error-handling.txt | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Documentation/technical/api-error-handling.txt b/Documentation/technical/api-error-handling.txt -index 70bf1d3e52..665c4960b4 100644 ---- a/Documentation/technical/api-error-handling.txt -+++ b/Documentation/technical/api-error-handling.txt -@@ -46,7 +46,7 @@ parse-options.c. - returns -1 after reporting the situation to the caller. - - These reports will be logged via the trace2 facility. See the "error" --event in link:api-trace2.txt[trace2 API]. -+event in link:api-trace2.html[trace2 API]. - - Customizable error handlers - --------------------------- diff --git a/git.spec b/git.spec index 36bc8e0..0952808 100644 --- a/git.spec +++ b/git.spec @@ -70,14 +70,14 @@ %endif # Define for release candidates -%global rcrev .rc0 +%global rcrev .rc1 # Set path to the package-notes linker script %global _package_note_file %{_builddir}/%{name}-%{version}%{?rcrev}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git Version: 2.38.0 -Release: 0.0%{?rcrev}%{?dist} +Release: 0.1%{?rcrev}%{?dist} Summary: Fast Version Control System License: GPLv2 URL: https://git-scm.com/ @@ -119,12 +119,6 @@ Patch2: 0002-t-lib-git-daemon-try-harder-to-find-a-port.patch # https://github.com/tmzullinger/git/commit/aa5105dc11 Patch3: 0003-t-lib-git-svn-try-harder-to-find-a-port.patch -# fix a few broken links -# https://lore.kernel.org/git/20220916062303.3736166-1-tmz@pobox.com/ -# https://lore.kernel.org/git/20220916062303.3736166-2-tmz@pobox.com/ -Patch4: 0001-docs-fix-a-few-recently-broken-links.patch -Patch5: 0002-api-docs-link-to-html-version-of-api-trace2.patch - %if %{with docs} # pod2man is needed to build Git.3pm BuildRequires: %{_bindir}/pod2man @@ -1011,6 +1005,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Wed Sep 21 2022 Todd Zullinger - 2.38.0-0.1.rc1 +- update to 2.38.0-rc1 + * Fri Sep 16 2022 Todd Zullinger - 2.38.0-0.0.rc0 - update to 2.38.0-rc0 diff --git a/sources b/sources index eed459c..53e6bb3 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.38.0.rc0.tar.xz) = 98b5aa08da0a754d3d6119b4690e2add3f85295ba5243f8cbfef04738c27ab1d39c3388e27349a824841f4b54004e22e8731f5aa37afa5f62b2b2a197b8ec84a -SHA512 (git-2.38.0.rc0.tar.sign) = 80d1c913f32a4c63178f3514cf04052580c9699c1161d7d5ed4329961218c4712705c5dcf16162ec53487a2bb0b204bbad6559c7ff99de8fa1b937b0e9ed3f7e +SHA512 (git-2.38.0.rc1.tar.xz) = 2be15be5c687f7c65f9381ee34bfca00063ca2568981a9713a220f05cb16f7a1c4fdf628ab1971399e77d0b4b39d71b47d73e93b937d00efd965cf4c49e34af2 +SHA512 (git-2.38.0.rc1.tar.sign) = 4a944bae3dd5ee357627f60f7b3edcc3b58da280cf2fef5cc8c49098a059be03383851b5a5c7b5cdf021bca87bfd6f0e6d778eb486ae8e37cdcef644ec8a9592 From 047cf1702dc780d03769e81392176ad9501c84f0 Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Thu, 22 Sep 2022 00:32:27 -0400 Subject: [PATCH 036/113] git-subtree sub-package is noarch In 986b772 (Split 'git subtree' into a separate package, 2018-02-07), I mistakenly created the package as arch-specific. It should have been noarch; it is merely a shell script. --- git.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/git.spec b/git.spec index 0952808..a5bb7c4 100644 --- a/git.spec +++ b/git.spec @@ -478,6 +478,7 @@ Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $versi %package subtree Summary: Git tools to merge and split repositories +BuildArch: noarch Requires: git-core = %{version}-%{release} %description subtree Git subtrees allow subprojects to be included within a subdirectory @@ -1007,6 +1008,7 @@ rmdir --ignore-fail-on-non-empty "$testdir" %changelog * Wed Sep 21 2022 Todd Zullinger - 2.38.0-0.1.rc1 - update to 2.38.0-rc1 +- git-subtree sub-package is noarch * Fri Sep 16 2022 Todd Zullinger - 2.38.0-0.0.rc0 - update to 2.38.0-rc0 From 588c4c7c7ca2a8bf38ae5b11cb1f72b03b3d1538 Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Wed, 21 Sep 2022 23:29:51 -0400 Subject: [PATCH 037/113] lint: update filter rules We removed '%{_emacs_version}' in 3395646 (remove --with/--without emacs build conditional, 2022-06-13). Drop the unnecessary filter from the rpmlint config. Add filters for several new checks in rpmlint 2.x: files-duplicate; package-with-huge-docs; and potential-bashisms. Also ignore unused-direct-shlib-dependency for libpcre2. While this is accurate, the additional linking would be tricky to remove from the upstream Makefile. It would almost certainly not be worth the effort. Lastly (even though it's the first line in the file), drop the unneeded 'from Config import *' directive. The rpmlint config is no longer loaded directly as python code (yay!). --- git.rpmlintrc | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/git.rpmlintrc b/git.rpmlintrc index 9fd93ce..0c6926b 100644 --- a/git.rpmlintrc +++ b/git.rpmlintrc @@ -1,5 +1,3 @@ -from Config import * - # the dictionary is a bit limited addFilter("git.* spelling-error %description .* subpackages") addFilter("git-subtree.* spelling-error %description .* (subdirectory|subproject|subtree)") @@ -23,5 +21,16 @@ addFilter("git-core\..*: W: no-manual-page-for-binary") # similarly ignore the warning when git-cvs and git-p4 are disabled addFilter("git.* obsolete-not-provided git-(cvs|gnome-keyring|p4)") -# we BR emacs which requires emacs-common and provides %{_emacs_version} -addFilter("git.(spec|src): .* Possible unexpanded macro in: Requires:.*emacs-filesystem >= %{_emacs_version}") +# git-svn has both man and html docs and only a single command +addFilter('git-svn\..*: W: package-with-huge-docs') + +# ignore potential "bashisms" in docs +addFilter('git-core-doc\.noarch: W: potential-bashisms /usr/share/doc/git/') + +# ignore unused-direct-shlib-dependency for libpcre; while it probably could be +# removed from some binaries, the cost of doing so isn't worth the gain. +addFilter('git-(core|daemon)\..*: W: unused-direct-shlib-dependency .* /lib64/libpcre2-.*') + +# ignore duplicate gvimdiff/nvimdiff files; they are only 29 bytes, sourcing the same base +# vimdiff mergetool +addFilter('git-core\..*: W: files-duplicate /usr/libexec/git-core/mergetools/[gn]vimdiff') From 202c5f9f242d26c01c51f10ef57fd6900e7c7a0d Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Wed, 28 Sep 2022 00:18:42 -0400 Subject: [PATCH 038/113] update to 2.38.0-rc2 Release notes: https://github.com/git/git/raw/v2.38.0-rc2/Documentation/RelNotes/2.38.0.txt --- git.spec | 7 +++++-- sources | 4 ++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/git.spec b/git.spec index a5bb7c4..0d6a1d4 100644 --- a/git.spec +++ b/git.spec @@ -70,14 +70,14 @@ %endif # Define for release candidates -%global rcrev .rc1 +%global rcrev .rc2 # Set path to the package-notes linker script %global _package_note_file %{_builddir}/%{name}-%{version}%{?rcrev}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git Version: 2.38.0 -Release: 0.1%{?rcrev}%{?dist} +Release: 0.2%{?rcrev}%{?dist} Summary: Fast Version Control System License: GPLv2 URL: https://git-scm.com/ @@ -1006,6 +1006,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Wed Sep 28 2022 Todd Zullinger - 2.38.0-0.2.rc2 +- update to 2.38.0-rc2 + * Wed Sep 21 2022 Todd Zullinger - 2.38.0-0.1.rc1 - update to 2.38.0-rc1 - git-subtree sub-package is noarch diff --git a/sources b/sources index 53e6bb3..9998f4f 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.38.0.rc1.tar.xz) = 2be15be5c687f7c65f9381ee34bfca00063ca2568981a9713a220f05cb16f7a1c4fdf628ab1971399e77d0b4b39d71b47d73e93b937d00efd965cf4c49e34af2 -SHA512 (git-2.38.0.rc1.tar.sign) = 4a944bae3dd5ee357627f60f7b3edcc3b58da280cf2fef5cc8c49098a059be03383851b5a5c7b5cdf021bca87bfd6f0e6d778eb486ae8e37cdcef644ec8a9592 +SHA512 (git-2.38.0.rc2.tar.xz) = 223ae2e2da38eed0c0f834defb50ea98069db2a79f60e52ec03c56a5cf125f1a35f10091c5c2c44fb70ad02ecfc5ab9cfdecfbcc9a7d1051bff42008bbae48cd +SHA512 (git-2.38.0.rc2.tar.sign) = c29a1710cbe420d7d8091da592abe72a1840767fe4026fdfe7ab4ed0ed06947efddd1eea1b9e107003329b0964a0d25d463958dbf5f9623fa2179b5c09f37e17 From 269487c60468f6be951df620c1eee891d2f189d5 Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Mon, 3 Oct 2022 15:21:28 -0400 Subject: [PATCH 039/113] update to 2.38.0 Release notes: https://github.com/git/git/raw/v2.38.0/Documentation/RelNotes/2.38.0.txt --- git.spec | 7 +++++-- sources | 4 ++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/git.spec b/git.spec index 0d6a1d4..f01dd45 100644 --- a/git.spec +++ b/git.spec @@ -70,14 +70,14 @@ %endif # Define for release candidates -%global rcrev .rc2 +#global rcrev .rc0 # Set path to the package-notes linker script %global _package_note_file %{_builddir}/%{name}-%{version}%{?rcrev}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git Version: 2.38.0 -Release: 0.2%{?rcrev}%{?dist} +Release: 1%{?rcrev}%{?dist} Summary: Fast Version Control System License: GPLv2 URL: https://git-scm.com/ @@ -1006,6 +1006,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Mon Oct 03 2022 Todd Zullinger - 2.38.0-1 +- update to 2.38.0 + * Wed Sep 28 2022 Todd Zullinger - 2.38.0-0.2.rc2 - update to 2.38.0-rc2 diff --git a/sources b/sources index 9998f4f..126f70f 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.38.0.rc2.tar.xz) = 223ae2e2da38eed0c0f834defb50ea98069db2a79f60e52ec03c56a5cf125f1a35f10091c5c2c44fb70ad02ecfc5ab9cfdecfbcc9a7d1051bff42008bbae48cd -SHA512 (git-2.38.0.rc2.tar.sign) = c29a1710cbe420d7d8091da592abe72a1840767fe4026fdfe7ab4ed0ed06947efddd1eea1b9e107003329b0964a0d25d463958dbf5f9623fa2179b5c09f37e17 +SHA512 (git-2.38.0.tar.xz) = 5c475d25b40a01cc62be28478b9b5a1b0cedf91c3e007d4869019a25bdc980b5ef9b761e7ee02d7c581bff6c7dbf2696a624431a718dcd976bad34a3f2be5cb6 +SHA512 (git-2.38.0.tar.sign) = e3fb09d2e520074888d0b63a241427a596bf63648734325316f18343955a83086a4f6be622eb65e965478630ece905a6ae15989358012f84ebf6424abe6419e9 From 6e2a249aefd0b03e6820c4ac1dc4c11e3ea70a9d Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Fri, 7 Oct 2022 21:37:05 -0400 Subject: [PATCH 040/113] lint: ignore non-standard-dir-in-var for gitweb Newer rpmlint rightly points out this minor gitweb issue. Fixing it is a low priority as we need to arrange the change only for newer releases, keeping the old layout on existing systems. This is tracked in bug 479613. --- git.rpmlintrc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/git.rpmlintrc b/git.rpmlintrc index 0c6926b..b83cb0a 100644 --- a/git.rpmlintrc +++ b/git.rpmlintrc @@ -34,3 +34,6 @@ addFilter('git-(core|daemon)\..*: W: unused-direct-shlib-dependency .* /lib64/li # ignore duplicate gvimdiff/nvimdiff files; they are only 29 bytes, sourcing the same base # vimdiff mergetool addFilter('git-core\..*: W: files-duplicate /usr/libexec/git-core/mergetools/[gn]vimdiff') + +# ignore non-standard-dir-in-var for gitweb (#479613) +addFilter('gitweb.noarch: W: non-standard-dir-in-var www') From 537938edaa895ddc9a1d714bc54814ecaa832645 Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Tue, 18 Oct 2022 13:43:15 -0400 Subject: [PATCH 041/113] update to 2.38.1 (CVE-2022-39253, CVE-2022-39260) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From the release notes for 2.30.6¹ * CVE-2022-39253: When relying on the `--local` clone optimization, Git dereferences symbolic links in the source repository before creating hardlinks (or copies) of the dereferenced link in the destination repository. This can lead to surprising behavior where arbitrary files are present in a repository's `$GIT_DIR` when cloning from a malicious repository. Git will no longer dereference symbolic links via the `--local` clone mechanism, and will instead refuse to clone repositories that have symbolic links present in the `$GIT_DIR/objects` directory. Additionally, the value of `protocol.file.allow` is changed to be "user" by default. * CVE-2022-39260: An overly-long command string given to `git shell` can result in overflow in `split_cmdline()`, leading to arbitrary heap writes and remote code execution when `git shell` is exposed and the directory `$HOME/git-shell-commands` exists. `git shell` is taught to refuse interactive commands that are longer than 4MiB in size. `split_cmdline()` is hardened to reject inputs larger than 2GiB. Credit for finding CVE-2022-39253 goes to Cory Snider of Mirantis. The fix was authored by Taylor Blau, with help from Johannes Schindelin. Credit for finding CVE-2022-39260 goes to Kevin Backhouse of GitHub. The fix was authored by Kevin Backhouse, Jeff King, and Taylor Blau. ¹ https://github.com/git/git/raw/v2.38.1/Documentation/RelNotes/2.30.6.txt --- git.spec | 5 ++++- sources | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/git.spec b/git.spec index f01dd45..4ab882b 100644 --- a/git.spec +++ b/git.spec @@ -76,7 +76,7 @@ %global _package_note_file %{_builddir}/%{name}-%{version}%{?rcrev}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git -Version: 2.38.0 +Version: 2.38.1 Release: 1%{?rcrev}%{?dist} Summary: Fast Version Control System License: GPLv2 @@ -1006,6 +1006,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Tue Oct 18 2022 Todd Zullinger - 2.38.1-1 +- update to 2.38.1 (CVE-2022-39253, CVE-2022-39260) + * Mon Oct 03 2022 Todd Zullinger - 2.38.0-1 - update to 2.38.0 diff --git a/sources b/sources index 126f70f..3f9c27f 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.38.0.tar.xz) = 5c475d25b40a01cc62be28478b9b5a1b0cedf91c3e007d4869019a25bdc980b5ef9b761e7ee02d7c581bff6c7dbf2696a624431a718dcd976bad34a3f2be5cb6 -SHA512 (git-2.38.0.tar.sign) = e3fb09d2e520074888d0b63a241427a596bf63648734325316f18343955a83086a4f6be622eb65e965478630ece905a6ae15989358012f84ebf6424abe6419e9 +SHA512 (git-2.38.1.tar.xz) = e62ca6f54f01d2e4ccffb5f94e8e5cd2f3e098b766d909c694a8daf4d00d5cdeb9cc5ff8e9bc55d888406f292ba99433d334d4da9689c0ce5d7299a3c67c90e0 +SHA512 (git-2.38.1.tar.sign) = a10fa332d5d5ea96bf6a0ed0c2a568212dd033acd539d07efbb73def13dd0144640a5a17477ea5cfe4104f1fa166237d7b251de275307eac7b91c6e60ca3de5d From 1ea41cbd46d4ac427d42fa8c129f56a67fe688ce Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Mon, 7 Nov 2022 19:02:33 -0500 Subject: [PATCH 042/113] don't ship contrib/persistent-https as documentation This is Go source code which requires compilation to be used. It is licensed differently than git; shipping it changes the License tag. Let's avoid it for now. If it turns out to be widely used, we can restore it later (and ship it in binary form). --- git.spec | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/git.spec b/git.spec index 4ab882b..86ce212 100644 --- a/git.spec +++ b/git.spec @@ -77,7 +77,7 @@ Name: git Version: 2.38.1 -Release: 1%{?rcrev}%{?dist} +Release: 2%{?rcrev}%{?dist} Summary: Fast Version Control System License: GPLv2 URL: https://git-scm.com/ @@ -650,6 +650,10 @@ install -Dpm 0755 contrib/diff-highlight/diff-highlight \ %{buildroot}%{_datadir}/git-core/contrib/diff-highlight rm -rf contrib/diff-highlight/{Makefile,diff-highlight,*.perl,t} +# Remove contrib/persistent-https; a) this code requires compilation; and b) it +# is licensed differently than git +rm -rf contrib/persistent-https + # Remove contrib/scalar to avoid cruft in the git-core-doc docdir rm -rf contrib/scalar @@ -1006,6 +1010,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Mon Nov 07 2022 Todd Zullinger - 2.38.1-2 +- don't ship contrib/persistent-https as documentation + * Tue Oct 18 2022 Todd Zullinger - 2.38.1-1 - update to 2.38.1 (CVE-2022-39253, CVE-2022-39260) From ef75bcdbad7337c032a7db4cd9c370c42a6e9442 Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Mon, 7 Nov 2022 18:22:02 -0500 Subject: [PATCH 043/113] update license data and convert to SPDX format The license data was gathered from the 2.38.1 tarball. The licensecheck tool was run: find -type f -regextype egrep ! -regex '^(Documentation/.*\.txt$|(t/(chainlint|perf/p[0-9]{4}|t[0-9]{4}).*))' \ -exec licensecheck --shortname-scheme spdx {} + | LANG=C sort >licensecheck The contents were reviewed, removing files which are not shipped or were UNKNOWN to licensecheck. Of the UNKNOWN files, most lacked a specific license header and are thus treated as GPL-2.0-only. The code in reftable/ is licensed as BSD 3-Clause per reftable/LICENSE. --- git.spec | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/git.spec b/git.spec index 86ce212..69e852c 100644 --- a/git.spec +++ b/git.spec @@ -79,7 +79,7 @@ Name: git Version: 2.38.1 Release: 2%{?rcrev}%{?dist} Summary: Fast Version Control System -License: GPLv2 +License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT URL: https://git-scm.com/ Source0: https://www.kernel.org/pub/software/scm/git/%{?rcrev:testing/}%{name}-%{version}%{?rcrev}.tar.xz Source1: https://www.kernel.org/pub/software/scm/git/%{?rcrev:testing/}%{name}-%{version}%{?rcrev}.tar.sign @@ -1012,6 +1012,7 @@ rmdir --ignore-fail-on-non-empty "$testdir" %changelog * Mon Nov 07 2022 Todd Zullinger - 2.38.1-2 - don't ship contrib/persistent-https as documentation +- update license data and convert to SPDX format * Tue Oct 18 2022 Todd Zullinger - 2.38.1-1 - update to 2.38.1 (CVE-2022-39253, CVE-2022-39260) From d0191b8ca59b4bd0394eb39373af871eb3b1ddef Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Sat, 12 Nov 2022 13:14:22 -0500 Subject: [PATCH 044/113] use %bash_completions_dir MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit A %bash_completions_dir macros was added to redhat-rpm-config recently¹. It is available for all supported Fedora releases. Define it if missing, to support EL <= 9. This is likely to become part of the packaging guideline soon². ¹ https://src.fedoraproject.org/rpms/redhat-rpm-config/c/483a3b (Add macros.shell-completions, 2022-06-25) ² https://pagure.io/packaging-committee/issue/1202 --- git.rpmlintrc | 3 +++ git.spec | 21 +++++++++++---------- 2 files changed, 14 insertions(+), 10 deletions(-) diff --git a/git.rpmlintrc b/git.rpmlintrc index b83cb0a..8b09c35 100644 --- a/git.rpmlintrc +++ b/git.rpmlintrc @@ -5,6 +5,9 @@ addFilter("git-subtree.* spelling-error %description .* (subdirectory|subproject # git-core-doc requires git-core, which provides the symlink target addFilter("git(-core-doc)?\..*: W: dangling-relative-symlink /usr/share/doc/git/contrib/hooks ../../../git-core/contrib/hooks") +# gitk requires git, which provides the symlink target +addFilter("gitk\.noarch: W: dangling-relative-symlink /usr/share/bash-completion/completions/gitk git") + # git-gui requires git, which provides the git binary addFilter("git-gui.noarch: W: desktopfile-without-binary /usr/share/applications/git-gui.desktop git") diff --git a/git.spec b/git.spec index 69e852c..1e05b82 100644 --- a/git.spec +++ b/git.spec @@ -39,12 +39,6 @@ %global use_perl_interpreter 0 %endif -# Settings for Fedora and EL >= 7 -%if 0%{?fedora} || 0%{?rhel} >= 7 -%global bashcompdir %(pkg-config --variable=completionsdir bash-completion 2>/dev/null) -%global bashcomproot %(dirname %{bashcompdir} 2>/dev/null) -%endif - # Allow cvs subpackage to be toggled via --with/--without # Disable cvs subpackage by default on EL >= 8 %if 0%{?rhel} >= 8 @@ -69,6 +63,9 @@ %global _hardened_build 1 %endif +# Define %%bash_completions_dir for EL <= 9 +%{?!bash_completions_dir:%global bash_completions_dir %{_datadir}/bash-completion/completions} + # Define for release candidates #global rcrev .rc0 @@ -77,7 +74,7 @@ Name: git Version: 2.38.1 -Release: 2%{?rcrev}%{?dist} +Release: 3%{?rcrev}%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT URL: https://git-scm.com/ @@ -700,8 +697,8 @@ perl -p \ %{SOURCE15} > %{buildroot}%{_unitdir}/git@.service # Setup bash completion -install -Dpm 644 contrib/completion/git-completion.bash %{buildroot}%{bashcompdir}/git -ln -s git %{buildroot}%{bashcompdir}/gitk +install -Dpm 644 contrib/completion/git-completion.bash %{buildroot}%{bash_completions_dir}/git +ln -s git %{buildroot}%{bash_completions_dir}/gitk # Install tcsh completion mkdir -p %{buildroot}%{_datadir}/git-core/contrib/completion @@ -905,7 +902,7 @@ rmdir --ignore-fail-on-non-empty "$testdir" %exclude %{_datadir}/git-core/templates/hooks/fsmonitor-watchman.sample %exclude %{_datadir}/git-core/templates/hooks/pre-rebase.sample %exclude %{_datadir}/git-core/templates/hooks/prepare-commit-msg.sample -%{bashcomproot} +%{bash_completions_dir}/git %{_datadir}/git-core/ %files core-doc -f man-doc-files-core @@ -951,6 +948,7 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{_pkgdocdir}/*gitk*.txt %{_bindir}/*gitk* %{_datadir}/gitk +%{bash_completions_dir}/gitk %{?with_docs:%{_mandir}/man1/*gitk*.1*} %{?with_docs:%{_pkgdocdir}/*gitk*.html} @@ -1010,6 +1008,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Sat Nov 12 2022 Todd Zullinger - 2.38.1-3 +- use %%bash_completions_dir + * Mon Nov 07 2022 Todd Zullinger - 2.38.1-2 - don't ship contrib/persistent-https as documentation - update license data and convert to SPDX format From 7d21254b0248a0b04f653b74069624ff4f6702d6 Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Wed, 23 Nov 2022 12:47:16 -0500 Subject: [PATCH 045/113] update to 2.39.0-rc0 Add mod_http2 BuildRequires for t5559-http-fetch-smart-http2; skip it on EL7, which lacks it. Ignore the expected 'missing HTTP2' output from t5551-http-fetch-smart. Use a strict pattern to avoid unintended matches. Sadly, we must also disable t5559 for now. It fails very often across all architectures. The most common failure is "large fetch-pack requests can be sent using chunked encoding" (t5559.30), but earlier tests have also failed. Until these failures are understood and resolved, the entire test is disabled globally. (It's also disabled for EL-7, which is redundant now but won't be after we re-enable the test globally in the near future.) We can't simply skip the mod_http2 dependency here because we set GIT_TEST_HTTPD=true. Per upstream 73c49a4474 (t: run t5551 tests with both HTTP and HTTP/2, 2022-11-11): If HTTP/2 isn't supported on a given platform, then t5559 should bail during the webserver setup, and gracefully skip all tests (unless GIT_TEST_HTTPD has been changed from "auto" to "yes", where the point is to complain when webserver setup fails). Also ignore the 'missing BUILTIN_TXT_$builtin' output which comes from upstream a0c3244796 (doc SYNOPSIS & -h: use "-" to separate words in labels, not "_", 2022-10-13). We may want to loosen this in the future, but for now ignore it because it doesn't help us identify missing test dependencies. Release notes: https://github.com/git/git/raw/v2.39.0-rc0/Documentation/RelNotes/2.39.0.txt --- git.skip-test-patterns | 2 ++ git.spec | 24 ++++++++++++++++++++---- sources | 4 ++-- 3 files changed, 24 insertions(+), 6 deletions(-) diff --git a/git.skip-test-patterns b/git.skip-test-patterns index 1a1139f..12b247d 100644 --- a/git.skip-test-patterns +++ b/git.skip-test-patterns @@ -1,8 +1,10 @@ +^ok 1 # SKIP enable client-side http/2 \(missing HTTP2\)$ expensive 2GB clone test; enable with GIT_TEST_CLONE_2GB=true filesystem does not corrupt utf-8 fsmonitor--daemon is not supported on this platform GIT_SKIP_TESTS missing AUTOIDENT +missing BUILTIN_TXT_ missing CASE_INSENSITIVE_FS missing DONTHAVEIT missing ([!]LONG_IS_64BIT,)?EXPENSIVE diff --git a/git.spec b/git.spec index 1e05b82..84b152c 100644 --- a/git.spec +++ b/git.spec @@ -67,14 +67,14 @@ %{?!bash_completions_dir:%global bash_completions_dir %{_datadir}/bash-completion/completions} # Define for release candidates -#global rcrev .rc0 +%global rcrev .rc0 # Set path to the package-notes linker script %global _package_note_file %{_builddir}/%{name}-%{version}%{?rcrev}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git -Version: 2.38.1 -Release: 3%{?rcrev}%{?dist} +Version: 2.39.0 +Release: 0.0%{?rcrev}%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT URL: https://git-scm.com/ @@ -184,6 +184,8 @@ BuildRequires: acl %if 0%{?fedora} || 0%{?rhel} >= 8 # Needed by t5540-http-push-webdav.sh BuildRequires: apr-util-bdb +# Needed by t5559-http-fetch-smart-http2.sh +BuildRequires: mod_http2 %endif # endif fedora or rhel >= 8 BuildRequires: bash @@ -793,7 +795,17 @@ find %{buildroot}%{_pkgdocdir} -name "*.html" -print0 | xargs -r0 linkchecker # endif with docs && with linkcheck # Tests to skip on all releases and architectures -GIT_SKIP_TESTS="" +# +# t5559-http-fetch-smart-http2 runs t5551-http-fetch-smart with +# HTTP_PROTO=HTTP/2. Unfortunately, it fails quite regularly. +# https://lore.kernel.org/git/Y4fUntdlc1mqwad5@pobox.com/ +GIT_SKIP_TESTS="t5559" + +%if 0%{?rhel} && 0%{?rhel} < 8 +# Skip tests which require mod_http2 on el7 +GIT_SKIP_TESTS="$GIT_SKIP_TESTS t5559" +%endif +# endif rhel < 8 %ifarch aarch64 %{arm} %{power64} # Skip tests which fail on aarch64, arm, and ppc @@ -1008,6 +1020,10 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Wed Nov 23 2022 Todd Zullinger - 2.39.0-0.0.rc0 +- update to 2.39.0-rc0 +- add mod_http2 BuildRequires for tests + * Sat Nov 12 2022 Todd Zullinger - 2.38.1-3 - use %%bash_completions_dir diff --git a/sources b/sources index 3f9c27f..0ca8e36 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.38.1.tar.xz) = e62ca6f54f01d2e4ccffb5f94e8e5cd2f3e098b766d909c694a8daf4d00d5cdeb9cc5ff8e9bc55d888406f292ba99433d334d4da9689c0ce5d7299a3c67c90e0 -SHA512 (git-2.38.1.tar.sign) = a10fa332d5d5ea96bf6a0ed0c2a568212dd033acd539d07efbb73def13dd0144640a5a17477ea5cfe4104f1fa166237d7b251de275307eac7b91c6e60ca3de5d +SHA512 (git-2.39.0.rc0.tar.xz) = da92b6b8ec804712f035cb4017ab5d277ca3149749921455cc362a11f7cb96d4347d1eb9e7d02fc31bc0c06f3bdc5ef7c4f40d02f9b92f42e708a2f474e28ea6 +SHA512 (git-2.39.0.rc0.tar.sign) = 04b3e0a9558cb423073e8c7e869e7c616df1f691dac147bf4c30253cf9c66f9b4f030618a232381b8468b9c575d0751b7744725efc7c3d7ebd92739e868d697c From 13887794b7b7988f6d4f3811461eb4974494e0a8 Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Wed, 30 Nov 2022 01:27:59 -0500 Subject: [PATCH 046/113] update to 2.39.0-rc1 Release notes: https://github.com/git/git/raw/v2.39.0-rc1/Documentation/RelNotes/2.39.0.txt --- git.spec | 7 +++++-- sources | 4 ++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/git.spec b/git.spec index 84b152c..cc7f53c 100644 --- a/git.spec +++ b/git.spec @@ -67,14 +67,14 @@ %{?!bash_completions_dir:%global bash_completions_dir %{_datadir}/bash-completion/completions} # Define for release candidates -%global rcrev .rc0 +%global rcrev .rc1 # Set path to the package-notes linker script %global _package_note_file %{_builddir}/%{name}-%{version}%{?rcrev}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git Version: 2.39.0 -Release: 0.0%{?rcrev}%{?dist} +Release: 0.1%{?rcrev}%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT URL: https://git-scm.com/ @@ -1020,6 +1020,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Wed Nov 30 2022 Todd Zullinger - 2.39.0-0.1.rc1 +- update to 2.39.0-rc1 + * Wed Nov 23 2022 Todd Zullinger - 2.39.0-0.0.rc0 - update to 2.39.0-rc0 - add mod_http2 BuildRequires for tests diff --git a/sources b/sources index 0ca8e36..dd6112a 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.39.0.rc0.tar.xz) = da92b6b8ec804712f035cb4017ab5d277ca3149749921455cc362a11f7cb96d4347d1eb9e7d02fc31bc0c06f3bdc5ef7c4f40d02f9b92f42e708a2f474e28ea6 -SHA512 (git-2.39.0.rc0.tar.sign) = 04b3e0a9558cb423073e8c7e869e7c616df1f691dac147bf4c30253cf9c66f9b4f030618a232381b8468b9c575d0751b7744725efc7c3d7ebd92739e868d697c +SHA512 (git-2.39.0.rc1.tar.xz) = c90496689cf4ef5bd0efe85ac1f52b53527603596bef064470bd6c30f6b5d067e001d4a2f2cbe10f57235f8a74b733d59bc8cd8051f6fa9475b6dfb4df67577e +SHA512 (git-2.39.0.rc1.tar.sign) = bda17f54aa43b73376ebda0f6213a1ce5c2c882dccc605e564b9ec7b9058e9f24c6d4dd34496750a866baf60098607b1cabbacfff678f00e7e032efb328be76e From 0af3adfcb1998701eaa7c8e695a745ede98056a0 Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Fri, 2 Dec 2022 23:12:17 -0500 Subject: [PATCH 047/113] include test-results & "trash" directory contents in build output When a build fails, the contents of t/test-results and the trash directories can be quite useful for debugging. This is particularly true when the failures occur only in Koji, where we can't get a shell and poke around. Create a compressed tarball and encode it with base64 to allow it to be output along with the normal build output. Include instruction on how to extract the base64-encoded content from the build log inline. The tar archive is compressed with zstd which provides a good balance of speed and size. The compression level of 17 was chosen after a number of tests against real test failures, as opposed to entirely random selection. ;) --- git.spec | 3 ++- print-failed-test-output | 13 +++++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/git.spec b/git.spec index cc7f53c..4c7d9bf 100644 --- a/git.spec +++ b/git.spec @@ -257,6 +257,7 @@ BuildRequires: subversion-perl BuildRequires: tar BuildRequires: time BuildRequires: zip +BuildRequires: zstd %endif # endif with tests @@ -864,7 +865,7 @@ export GIT_TEST_SVN_HTTPD=true # Create tmpdir for test output and update GIT_TEST_OPTS # Also update GIT-BUILD-OPTIONS to keep make from any needless rebuilding -testdir=$(mktemp -d -p /tmp git-t.XXXX) +export testdir=$(mktemp -d -p /tmp git-t.XXXX) sed -i "s@^GIT_TEST_OPTS = .*@& --root=$testdir@" config.mak touch -r GIT-BUILD-OPTIONS ts sed -i "s@\(GIT_TEST_OPTS='.*\)'@\1 --root=$testdir'@" GIT-BUILD-OPTIONS diff --git a/print-failed-test-output b/print-failed-test-output index d0d63aa..4e65662 100644 --- a/print-failed-test-output +++ b/print-failed-test-output @@ -10,4 +10,17 @@ for exit_file in t/test-results/*.exit; do printf '\n%s\n%s\n%s\n' "$sep" "$out_file" "$sep" cat "$out_file" done + +# tar up test-results & $testdir, then print base64 encoded output +# +# copy $testdir contents to test-results to avoid absolute paths with tar +cp -a $testdir/* t/test-results/ +begin='-----BEGIN BASE64 MESSAGE-----' +end='-----END BASE64 MESSAGE-----' +printf '\n%s\n' 'test-results and trash directory output follows; decode via:' +printf '%s\n' "sed -n '/^${begin}$/,/^${end}$/{/^${begin}$/!{/^${end}$/!p}}' build.log | base64 -d >output.tar.zst" +printf '%s\n' "$begin" +tar -C t -cf - test-results/ | zstdmt -17 | base64 +printf '%s\n' "$end" + exit 1 From 54729198f5bbec2a25b853008f3e7ef912e6a35a Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Mon, 5 Dec 2022 23:31:37 -0500 Subject: [PATCH 048/113] update to 2.39.0-rc2 Release notes: https://github.com/git/git/raw/v2.39.0-rc2/Documentation/RelNotes/2.39.0.txt --- git.spec | 7 +++++-- sources | 4 ++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/git.spec b/git.spec index 4c7d9bf..c755f88 100644 --- a/git.spec +++ b/git.spec @@ -67,14 +67,14 @@ %{?!bash_completions_dir:%global bash_completions_dir %{_datadir}/bash-completion/completions} # Define for release candidates -%global rcrev .rc1 +%global rcrev .rc2 # Set path to the package-notes linker script %global _package_note_file %{_builddir}/%{name}-%{version}%{?rcrev}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git Version: 2.39.0 -Release: 0.1%{?rcrev}%{?dist} +Release: 0.2%{?rcrev}%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT URL: https://git-scm.com/ @@ -1021,6 +1021,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Mon Dec 05 2022 Todd Zullinger - 2.39.0-0.2.rc2 +- update to 2.39.0-rc2 + * Wed Nov 30 2022 Todd Zullinger - 2.39.0-0.1.rc1 - update to 2.39.0-rc1 diff --git a/sources b/sources index dd6112a..253c5b3 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.39.0.rc1.tar.xz) = c90496689cf4ef5bd0efe85ac1f52b53527603596bef064470bd6c30f6b5d067e001d4a2f2cbe10f57235f8a74b733d59bc8cd8051f6fa9475b6dfb4df67577e -SHA512 (git-2.39.0.rc1.tar.sign) = bda17f54aa43b73376ebda0f6213a1ce5c2c882dccc605e564b9ec7b9058e9f24c6d4dd34496750a866baf60098607b1cabbacfff678f00e7e032efb328be76e +SHA512 (git-2.39.0.rc2.tar.xz) = 31b6fda1fcbed027f20140066f77283bae1179da015fd01b3bee61ab4b313603b229b13b84680030ca65c4b9435133f209b9cc832caf9cff30824da816c3f687 +SHA512 (git-2.39.0.rc2.tar.sign) = ac6f40422717756d25f7e2d8a24c0b05d12985da4c4d733755c031c20819e157b0d97199443447900f772d235cfc7e4fefe4ea23506ab709db24347420bd3440 From 66efed4a986d32010a21db8b3352ee2f6960c29a Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Mon, 12 Dec 2022 13:27:10 -0500 Subject: [PATCH 049/113] update to 2.39.0 Release notes: https://github.com/git/git/raw/v2.39.0/Documentation/RelNotes/2.39.0.txt --- git.spec | 7 +++++-- sources | 4 ++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/git.spec b/git.spec index c755f88..adb440b 100644 --- a/git.spec +++ b/git.spec @@ -67,14 +67,14 @@ %{?!bash_completions_dir:%global bash_completions_dir %{_datadir}/bash-completion/completions} # Define for release candidates -%global rcrev .rc2 +#global rcrev .rc0 # Set path to the package-notes linker script %global _package_note_file %{_builddir}/%{name}-%{version}%{?rcrev}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git Version: 2.39.0 -Release: 0.2%{?rcrev}%{?dist} +Release: 1%{?rcrev}%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT URL: https://git-scm.com/ @@ -1021,6 +1021,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Mon Dec 12 2022 Todd Zullinger - 2.39.0-1 +- update to 2.39.0 + * Mon Dec 05 2022 Todd Zullinger - 2.39.0-0.2.rc2 - update to 2.39.0-rc2 diff --git a/sources b/sources index 253c5b3..01d2443 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.39.0.rc2.tar.xz) = 31b6fda1fcbed027f20140066f77283bae1179da015fd01b3bee61ab4b313603b229b13b84680030ca65c4b9435133f209b9cc832caf9cff30824da816c3f687 -SHA512 (git-2.39.0.rc2.tar.sign) = ac6f40422717756d25f7e2d8a24c0b05d12985da4c4d733755c031c20819e157b0d97199443447900f772d235cfc7e4fefe4ea23506ab709db24347420bd3440 +SHA512 (git-2.39.0.tar.xz) = f072cae7738279b1c0f8202e83a243ff0164b03d3be22895aa875caa265150a5773e1f062724b3eb82bc64b163730b6f451b82fa0c904167a8fa53ced5d3b1df +SHA512 (git-2.39.0.tar.sign) = 61f8b98c86ecada0784aa9d86bb7c88ed3fb836dee8ee91c16bdf6fba56226c6db424debd2b0f1485b67bdbb5261626b8ff9f362e32d7b93449461f0f873559a From ce294eae022e5c0fe88a552ea7eaca86ce0bc05e Mon Sep 17 00:00:00 2001 From: Jitka Plesnikova Date: Fri, 13 Jan 2023 09:35:22 +0100 Subject: [PATCH 050/113] Remove perl(MODULE_COMPAT), it will be replaced by generators --- git.spec | 2 -- 1 file changed, 2 deletions(-) diff --git a/git.spec b/git.spec index adb440b..ca029e2 100644 --- a/git.spec +++ b/git.spec @@ -464,7 +464,6 @@ Requires: git = %{version}-%{release} Summary: Perl interface to Git BuildArch: noarch Requires: git = %{version}-%{release} -Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) %description -n perl-Git %{summary}. @@ -472,7 +471,6 @@ Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $versi Summary: Perl interface to Git::SVN BuildArch: noarch Requires: git = %{version}-%{release} -Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) %description -n perl-Git-SVN %{summary}. From 6fcfc2d4a26144fa85e5077518efc5418c68e96d Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Tue, 17 Jan 2023 14:43:57 -0500 Subject: [PATCH 051/113] require perl(MODULE_COMPAT) for Fedora < 38 and RHEL ce294ea (Remove perl(MODULE_COMPAT), it will be replaced by generators, 2023-01-13) removed the `Requires: perl(:MODULE_COMPAT_*)` entirely. This is not suitable for merging to older Fedora or RHEL releases. Make the requirement conditional. --- git.spec | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/git.spec b/git.spec index ca029e2..6988bb2 100644 --- a/git.spec +++ b/git.spec @@ -14,6 +14,13 @@ %bcond_with linkcheck %endif +# Settings for Fedora >= 38 +%if 0%{?fedora} >= 38 +%bcond_with perl_modcompat +%else +%bcond_without perl_modcompat +%endif + # Settings for Fedora and EL >= 9 %if 0%{?fedora} || 0%{?rhel} >= 9 %bcond_without asciidoctor @@ -464,6 +471,9 @@ Requires: git = %{version}-%{release} Summary: Perl interface to Git BuildArch: noarch Requires: git = %{version}-%{release} +%if %{with perl_modcompat} +Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) +%endif %description -n perl-Git %{summary}. @@ -471,6 +481,9 @@ Requires: git = %{version}-%{release} Summary: Perl interface to Git::SVN BuildArch: noarch Requires: git = %{version}-%{release} +%if %{with perl_modcompat} +Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) +%endif %description -n perl-Git-SVN %{summary}. From 029feecb34445b7f33405f2796c1138713fbfc94 Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Tue, 17 Jan 2023 14:46:44 -0500 Subject: [PATCH 052/113] update to 2.39.1 (CVE-2022-41903, CVE-2022-23521) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From the release notes for 2.30.7¹: * CVE-2022-41903: git log has the ability to display commits using an arbitrary format with its --format specifiers. This functionality is also exposed to git archive via the export-subst gitattribute. When processing the padding operators (e.g., %<(, %<|(, %>(, %>>(, or %><( ), an integer overflow can occur in pretty.c::format_and_pad_commit() where a size_t is improperly stored as an int, and then added as an offset to a subsequent memcpy() call. This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., git log --format=...). It may also be triggered indirectly through git archive via the export-subst mechanism, which expands format specifiers inside of files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may result in remote code execution. * CVE-2022-23521: gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this pattern. When parsing gitattributes, multiple integer overflows can occur when there is a huge number of path patterns, a huge number of attributes for a single pattern, or when the declared attribute names are huge. These overflows can be triggered via a crafted `.gitattributes` file that may be part of the commit history. Git silently splits lines longer than 2KB when parsing gitattributes from a file, but not when parsing them from the index. Consequentially, the failure mode depends on whether the file exists in the working tree, the index or both. This integer overflow can result in arbitrary heap reads and writes, which may result in remote code execution. Credit for finding CVE-2022-41903 goes to Joern Schneeweisz of GitLab. An initial fix was authored by Markus Vervier of X41 D-Sec. Credit for finding CVE-2022-23521 goes to Markus Vervier and Eric Sesterhenn of X41 D-Sec. This work was sponsored by OSTIF. The proposed fixes have been polished and extended to cover additional findings by Patrick Steinhardt of GitLab, with help from others on the Git security mailing list. ¹ https://github.com/git/git/raw/v2.39.1/Documentation/RelNotes/2.30.7.txt --- git.spec | 5 ++++- sources | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/git.spec b/git.spec index 6988bb2..ddd935b 100644 --- a/git.spec +++ b/git.spec @@ -80,7 +80,7 @@ %global _package_note_file %{_builddir}/%{name}-%{version}%{?rcrev}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git -Version: 2.39.0 +Version: 2.39.1 Release: 1%{?rcrev}%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT @@ -1032,6 +1032,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Tue Jan 17 2023 Todd Zullinger - 2.39.1-1 +- update to 2.39.1 (CVE-2022-41903, CVE-2022-23521) + * Mon Dec 12 2022 Todd Zullinger - 2.39.0-1 - update to 2.39.0 diff --git a/sources b/sources index 01d2443..7924f69 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.39.0.tar.xz) = f072cae7738279b1c0f8202e83a243ff0164b03d3be22895aa875caa265150a5773e1f062724b3eb82bc64b163730b6f451b82fa0c904167a8fa53ced5d3b1df -SHA512 (git-2.39.0.tar.sign) = 61f8b98c86ecada0784aa9d86bb7c88ed3fb836dee8ee91c16bdf6fba56226c6db424debd2b0f1485b67bdbb5261626b8ff9f362e32d7b93449461f0f873559a +SHA512 (git-2.39.1.tar.xz) = b1821a814947f01adf98206a7e9a01da9daa617b1192e8ef6968b05af8d874f028fb26b5f828a9c48f734ef2c276f4d23bdc898ba46fb7aaa96dbe68081037e9 +SHA512 (git-2.39.1.tar.sign) = b6295e186263654b686fd0f0814a68dfbd04635ff4d613a09fa9d13897b584d06611903bc0205ecee6f01932c4065d20671bd91f8e6239a5f9c6a2fc6c38b87d From 04a6af281b191f6a72c3af164ed24a6e09c30823 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 19 Jan 2023 04:55:02 +0000 Subject: [PATCH 053/113] Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- git.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/git.spec b/git.spec index ddd935b..373235d 100644 --- a/git.spec +++ b/git.spec @@ -81,7 +81,7 @@ Name: git Version: 2.39.1 -Release: 1%{?rcrev}%{?dist} +Release: 1%{?rcrev}%{?dist}.1 Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT URL: https://git-scm.com/ @@ -1032,6 +1032,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Thu Jan 19 2023 Fedora Release Engineering - 2.39.1-1.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + * Tue Jan 17 2023 Todd Zullinger - 2.39.1-1 - update to 2.39.1 (CVE-2022-41903, CVE-2022-23521) From 7c34cecc4c6ede0c67c5359bc3a0d26955533d4d Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Fri, 3 Feb 2023 15:56:49 -0500 Subject: [PATCH 054/113] drop perl Email::Valid dep on RHEL (#2166718) The git send-email command uses Email::Valid to check addresses. If Email::Valid is not present, it falls back to a more basic regex match (which is not nearly as thorough as the checks Email::Valid performs). While Fedora (and EPEL 7/8 provide perl-Email-Valid, RHEL does not and does not wish to add the dependency. Make it easier for RHEL to fork & sync from us by making the dependency conditional. References: https://bugzilla.redhat.com/2020487 https://bugzilla.redhat.com/2046203 http://public-inbox.org/git/20220620004427.3586240-1-trawets@amazon.com/T/#u 4414f61 (add more git-email perl dependencies, 2021-11-13) --- git.spec | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/git.spec b/git.spec index 373235d..127f94a 100644 --- a/git.spec +++ b/git.spec @@ -81,7 +81,7 @@ Name: git Version: 2.39.1 -Release: 1%{?rcrev}%{?dist}.1 +Release: 2%{?rcrev}%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT URL: https://git-scm.com/ @@ -390,7 +390,10 @@ BuildArch: noarch Requires: git = %{version}-%{release} Requires: perl(Authen::SASL) Requires: perl(Cwd) +%if ! 0%{?rhel} +# RHEL lacks perl-Email-Valid (rhbz#2166718) Requires: perl(Email::Valid) +%endif Requires: perl(File::Spec) Requires: perl(File::Spec::Functions) Requires: perl(File::Temp) @@ -1032,6 +1035,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Fri Feb 03 2023 Todd Zullinger - 2.39.1-2 +- drop perl Email::Valid dep on RHEL (#2166718) + * Thu Jan 19 2023 Fedora Release Engineering - 2.39.1-1.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild From 4583821b534986dc2dcde28855d99ae16bc14fd6 Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Tue, 14 Feb 2023 13:15:01 -0500 Subject: [PATCH 055/113] update to 2.39.2 (CVE-2023-22490, CVE-2023-23946) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From the release notes for 2.30.8¹: * CVE-2023-22490: Using a specially-crafted repository, Git can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source $GIT_DIR/objects directory contains symbolic links (c.f., CVE-2022-39253), the objects directory itself may still be a symbolic link. These two may be combined to include arbitrary files based on known paths on the victim's filesystem within the malicious repository's working copy, allowing for data exfiltration in a similar manner as CVE-2022-39253. * CVE-2023-23946: By feeding a crafted input to "git apply", a path outside the working tree can be overwritten as the user who is running "git apply". * A mismatched type in `attr.c::read_attr_from_index()` which could cause Git to errantly reject attributes on Windows and 32-bit Linux has been corrected. Credit for finding CVE-2023-22490 goes to yvvdwf, and the fix was developed by Taylor Blau, with additional help from others on the Git security mailing list. Credit for finding CVE-2023-23946 goes to Joern Schneeweisz, and the fix was developed by Patrick Steinhardt. ¹ https://github.com/git/git/raw/v2.39.2/Documentation/RelNotes/2.30.8.txt --- git.spec | 7 +++++-- sources | 4 ++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/git.spec b/git.spec index 127f94a..2496456 100644 --- a/git.spec +++ b/git.spec @@ -80,8 +80,8 @@ %global _package_note_file %{_builddir}/%{name}-%{version}%{?rcrev}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git -Version: 2.39.1 -Release: 2%{?rcrev}%{?dist} +Version: 2.39.2 +Release: 1%{?rcrev}%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT URL: https://git-scm.com/ @@ -1035,6 +1035,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Tue Feb 14 2023 Todd Zullinger - 2.39.2-1 +- update to 2.39.2 (CVE-2023-22490, CVE-2023-23946) + * Fri Feb 03 2023 Todd Zullinger - 2.39.1-2 - drop perl Email::Valid dep on RHEL (#2166718) diff --git a/sources b/sources index 7924f69..9fd818d 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.39.1.tar.xz) = b1821a814947f01adf98206a7e9a01da9daa617b1192e8ef6968b05af8d874f028fb26b5f828a9c48f734ef2c276f4d23bdc898ba46fb7aaa96dbe68081037e9 -SHA512 (git-2.39.1.tar.sign) = b6295e186263654b686fd0f0814a68dfbd04635ff4d613a09fa9d13897b584d06611903bc0205ecee6f01932c4065d20671bd91f8e6239a5f9c6a2fc6c38b87d +SHA512 (git-2.39.2.tar.xz) = fdca70bee19401c5c7a6d2f3d70bd80b6ba99f6a9f97947de31d4366ee3a78a18d5298abb25727ec8ef67131bca673e48dff2a5a050b6e032884ab04066b20cb +SHA512 (git-2.39.2.tar.sign) = 9d2641d179f809e55bf44fe9fed9d955e88461fc2cb4120ec3b1cd42944a6715ae9e080ea2e8d53e5e68335b7b4577aa363c836d2af56fbca3820d931b985cd9 From f5940a719d37e6d90b5298dcf993fa3ebf5ed56a Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Fri, 24 Feb 2023 16:37:12 -0500 Subject: [PATCH 056/113] update to 2.40.0-rc0 Release notes: https://github.com/git/git/raw/v2.40.0-rc0/Documentation/RelNotes/2.40.0.txt --- git.spec | 9 ++++++--- sources | 4 ++-- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/git.spec b/git.spec index 2496456..c03c12f 100644 --- a/git.spec +++ b/git.spec @@ -74,14 +74,14 @@ %{?!bash_completions_dir:%global bash_completions_dir %{_datadir}/bash-completion/completions} # Define for release candidates -#global rcrev .rc0 +%global rcrev .rc0 # Set path to the package-notes linker script %global _package_note_file %{_builddir}/%{name}-%{version}%{?rcrev}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git -Version: 2.39.2 -Release: 1%{?rcrev}%{?dist} +Version: 2.40.0 +Release: 0.0%{?rcrev}%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT URL: https://git-scm.com/ @@ -1035,6 +1035,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Fri Feb 24 2023 Todd Zullinger - 2.40.0-0.0.rc0 +- update to 2.40.0-rc0 + * Tue Feb 14 2023 Todd Zullinger - 2.39.2-1 - update to 2.39.2 (CVE-2023-22490, CVE-2023-23946) diff --git a/sources b/sources index 9fd818d..542036e 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.39.2.tar.xz) = fdca70bee19401c5c7a6d2f3d70bd80b6ba99f6a9f97947de31d4366ee3a78a18d5298abb25727ec8ef67131bca673e48dff2a5a050b6e032884ab04066b20cb -SHA512 (git-2.39.2.tar.sign) = 9d2641d179f809e55bf44fe9fed9d955e88461fc2cb4120ec3b1cd42944a6715ae9e080ea2e8d53e5e68335b7b4577aa363c836d2af56fbca3820d931b985cd9 +SHA512 (git-2.40.0.rc0.tar.xz) = 123d400cce9a66f7399fe9e74b79e8ec709b7ca45d4cf8296af27ad1b866fccebc6493cc056c08d4678d3720bace60193d55ff6014137965317c16e65536ac20 +SHA512 (git-2.40.0.rc0.tar.sign) = 7a763b0581534b1e019dbf05b3a06def0f9eb73f9eb2fee5022d5fed59147d47ddca586581b754df61cc5c14e022b5b2096e23e0db037cdff1960f412e0b4dec From 01d712d89bb9c8f519f214707413282d8536b2e4 Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Wed, 1 Mar 2023 13:16:22 -0500 Subject: [PATCH 057/113] update to 2.40.0-rc1 Apply upstream patch to resolve issues in range-diff on non-x86 arches. Release notes: https://github.com/git/git/raw/v2.40.0-rc1/Documentation/RelNotes/2.40.0.txt --- ...-compiler-warning-when-char-is-unsig.patch | 40 +++++++++++++++++++ git.spec | 12 +++++- sources | 4 +- 3 files changed, 52 insertions(+), 4 deletions(-) create mode 100644 0001-range-diff-avoid-compiler-warning-when-char-is-unsig.patch diff --git a/0001-range-diff-avoid-compiler-warning-when-char-is-unsig.patch b/0001-range-diff-avoid-compiler-warning-when-char-is-unsig.patch new file mode 100644 index 0000000..f3a9ab9 --- /dev/null +++ b/0001-range-diff-avoid-compiler-warning-when-char-is-unsig.patch @@ -0,0 +1,40 @@ +From d9165bef5810df216e0eb4fac62d59cbf19446e4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ren=C3=A9=20Scharfe?= +Date: Tue, 28 Feb 2023 17:13:27 +0100 +Subject: [PATCH] range-diff: avoid compiler warning when char is unsigned +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Since 2b15969f61 (range-diff: let '--abbrev' option takes effect, +2023-02-20), GCC 11.3 on Ubuntu 22.04 on aarch64 warns (and errors +out if the make variable DEVELOPER is set): + +range-diff.c: In function ‘output_pair_header’: +range-diff.c:388:20: error: comparison is always false due to limited range of data type [-Werror=type-limits] + 388 | if (abbrev < 0) + | ^ +cc1: all warnings being treated as errors + +That's because char is unsigned on that platform. Use int instead, just +like in struct diff_options, to copy the value faithfully. + +Signed-off-by: René Scharfe +Signed-off-by: Junio C Hamano +--- + range-diff.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/range-diff.c b/range-diff.c +index 086365dffb..4bd65ab749 100644 +--- a/range-diff.c ++++ b/range-diff.c +@@ -383,7 +383,7 @@ static void output_pair_header(struct diff_options *diffopt, + const char *color_new = diff_get_color_opt(diffopt, DIFF_FILE_NEW); + const char *color_commit = diff_get_color_opt(diffopt, DIFF_COMMIT); + const char *color; +- char abbrev = diffopt->abbrev; ++ int abbrev = diffopt->abbrev; + + if (abbrev < 0) + abbrev = DEFAULT_ABBREV; diff --git a/git.spec b/git.spec index c03c12f..e875ca6 100644 --- a/git.spec +++ b/git.spec @@ -74,14 +74,14 @@ %{?!bash_completions_dir:%global bash_completions_dir %{_datadir}/bash-completion/completions} # Define for release candidates -%global rcrev .rc0 +%global rcrev .rc1 # Set path to the package-notes linker script %global _package_note_file %{_builddir}/%{name}-%{version}%{?rcrev}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git Version: 2.40.0 -Release: 0.0%{?rcrev}%{?dist} +Release: 0.1%{?rcrev}%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT URL: https://git-scm.com/ @@ -123,6 +123,11 @@ Patch2: 0002-t-lib-git-daemon-try-harder-to-find-a-port.patch # https://github.com/tmzullinger/git/commit/aa5105dc11 Patch3: 0003-t-lib-git-svn-try-harder-to-find-a-port.patch +# Avoid range-diff issues on non-x86 arches +# https://github.com/git/git/commit/d9165bef58 +# https://lore.kernel.org/git/Y%2F+paI8WGSmEbv%2Fw@pobox.com/ +Patch4: 0001-range-diff-avoid-compiler-warning-when-char-is-unsig.patch + %if %{with docs} # pod2man is needed to build Git.3pm BuildRequires: %{_bindir}/pod2man @@ -1035,6 +1040,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Wed Mar 01 2023 Todd Zullinger - 2.40.0-0.1.rc1 +- update to 2.40.0-rc1 + * Fri Feb 24 2023 Todd Zullinger - 2.40.0-0.0.rc0 - update to 2.40.0-rc0 diff --git a/sources b/sources index 542036e..f222e62 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.40.0.rc0.tar.xz) = 123d400cce9a66f7399fe9e74b79e8ec709b7ca45d4cf8296af27ad1b866fccebc6493cc056c08d4678d3720bace60193d55ff6014137965317c16e65536ac20 -SHA512 (git-2.40.0.rc0.tar.sign) = 7a763b0581534b1e019dbf05b3a06def0f9eb73f9eb2fee5022d5fed59147d47ddca586581b754df61cc5c14e022b5b2096e23e0db037cdff1960f412e0b4dec +SHA512 (git-2.40.0.rc1.tar.xz) = edff125736d498d964ec876a30a2bd4b0a115df58747e8f2c94c7c45fb5b112925336fecc7cbb2f2037e9f890d10753e988499be222fc41a176fec68f2a157fc +SHA512 (git-2.40.0.rc1.tar.sign) = aabee9d1810fd93858ad884ae0aaefb5a6965543715e02f8abf787cfc47794f53d6527399787e8aca20ceb9e8b6df4c9d1be2cbbd517ecb11eae3c05e77ffcb5 From b8be89a815f8345043583f447f7811e7f445b407 Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Tue, 7 Mar 2023 14:59:23 -0500 Subject: [PATCH 058/113] update to 2.40.0-rc2 Release notes: https://github.com/git/git/raw/v2.40.0-rc2/Documentation/RelNotes/2.40.0.txt --- ...-compiler-warning-when-char-is-unsig.patch | 40 ------------------- git.spec | 12 +++--- sources | 4 +- 3 files changed, 7 insertions(+), 49 deletions(-) delete mode 100644 0001-range-diff-avoid-compiler-warning-when-char-is-unsig.patch diff --git a/0001-range-diff-avoid-compiler-warning-when-char-is-unsig.patch b/0001-range-diff-avoid-compiler-warning-when-char-is-unsig.patch deleted file mode 100644 index f3a9ab9..0000000 --- a/0001-range-diff-avoid-compiler-warning-when-char-is-unsig.patch +++ /dev/null @@ -1,40 +0,0 @@ -From d9165bef5810df216e0eb4fac62d59cbf19446e4 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Ren=C3=A9=20Scharfe?= -Date: Tue, 28 Feb 2023 17:13:27 +0100 -Subject: [PATCH] range-diff: avoid compiler warning when char is unsigned -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Since 2b15969f61 (range-diff: let '--abbrev' option takes effect, -2023-02-20), GCC 11.3 on Ubuntu 22.04 on aarch64 warns (and errors -out if the make variable DEVELOPER is set): - -range-diff.c: In function ‘output_pair_header’: -range-diff.c:388:20: error: comparison is always false due to limited range of data type [-Werror=type-limits] - 388 | if (abbrev < 0) - | ^ -cc1: all warnings being treated as errors - -That's because char is unsigned on that platform. Use int instead, just -like in struct diff_options, to copy the value faithfully. - -Signed-off-by: René Scharfe -Signed-off-by: Junio C Hamano ---- - range-diff.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/range-diff.c b/range-diff.c -index 086365dffb..4bd65ab749 100644 ---- a/range-diff.c -+++ b/range-diff.c -@@ -383,7 +383,7 @@ static void output_pair_header(struct diff_options *diffopt, - const char *color_new = diff_get_color_opt(diffopt, DIFF_FILE_NEW); - const char *color_commit = diff_get_color_opt(diffopt, DIFF_COMMIT); - const char *color; -- char abbrev = diffopt->abbrev; -+ int abbrev = diffopt->abbrev; - - if (abbrev < 0) - abbrev = DEFAULT_ABBREV; diff --git a/git.spec b/git.spec index e875ca6..d5a3c2c 100644 --- a/git.spec +++ b/git.spec @@ -74,14 +74,14 @@ %{?!bash_completions_dir:%global bash_completions_dir %{_datadir}/bash-completion/completions} # Define for release candidates -%global rcrev .rc1 +%global rcrev .rc2 # Set path to the package-notes linker script %global _package_note_file %{_builddir}/%{name}-%{version}%{?rcrev}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git Version: 2.40.0 -Release: 0.1%{?rcrev}%{?dist} +Release: 0.2%{?rcrev}%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT URL: https://git-scm.com/ @@ -123,11 +123,6 @@ Patch2: 0002-t-lib-git-daemon-try-harder-to-find-a-port.patch # https://github.com/tmzullinger/git/commit/aa5105dc11 Patch3: 0003-t-lib-git-svn-try-harder-to-find-a-port.patch -# Avoid range-diff issues on non-x86 arches -# https://github.com/git/git/commit/d9165bef58 -# https://lore.kernel.org/git/Y%2F+paI8WGSmEbv%2Fw@pobox.com/ -Patch4: 0001-range-diff-avoid-compiler-warning-when-char-is-unsig.patch - %if %{with docs} # pod2man is needed to build Git.3pm BuildRequires: %{_bindir}/pod2man @@ -1040,6 +1035,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Tue Mar 07 2023 Todd Zullinger - 2.40.0-0.2.rc2 +- update to 2.40.0-rc2 + * Wed Mar 01 2023 Todd Zullinger - 2.40.0-0.1.rc1 - update to 2.40.0-rc1 diff --git a/sources b/sources index f222e62..c7bdf9d 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.40.0.rc1.tar.xz) = edff125736d498d964ec876a30a2bd4b0a115df58747e8f2c94c7c45fb5b112925336fecc7cbb2f2037e9f890d10753e988499be222fc41a176fec68f2a157fc -SHA512 (git-2.40.0.rc1.tar.sign) = aabee9d1810fd93858ad884ae0aaefb5a6965543715e02f8abf787cfc47794f53d6527399787e8aca20ceb9e8b6df4c9d1be2cbbd517ecb11eae3c05e77ffcb5 +SHA512 (git-2.40.0.rc2.tar.xz) = e038ddc97b95a0e2e50fcc35308041586e4c40891ce9e491b922a9fe0c40fd816387d84266acfd55565f90c4b6d794880952d6ce8ea19e68ef5451ace9a76548 +SHA512 (git-2.40.0.rc2.tar.sign) = 5a0c16b11293ccea1c90612b2076e202c23ce8bd16584ab5416397906b2bddf21b23397ef0bf5517093e85986bfd258233e45f0509b2336dc7e566e99cf1d32b From 459d08b118c60a6999fa523472714965e6e1de3a Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Mon, 13 Mar 2023 12:57:10 -0400 Subject: [PATCH 059/113] update to 2.40.0 Release notes: https://github.com/git/git/raw/v2.40.0/Documentation/RelNotes/2.40.0.txt --- git.spec | 7 +++++-- sources | 4 ++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/git.spec b/git.spec index d5a3c2c..f12729c 100644 --- a/git.spec +++ b/git.spec @@ -74,14 +74,14 @@ %{?!bash_completions_dir:%global bash_completions_dir %{_datadir}/bash-completion/completions} # Define for release candidates -%global rcrev .rc2 +#global rcrev .rc0 # Set path to the package-notes linker script %global _package_note_file %{_builddir}/%{name}-%{version}%{?rcrev}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git Version: 2.40.0 -Release: 0.2%{?rcrev}%{?dist} +Release: 1%{?rcrev}%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT URL: https://git-scm.com/ @@ -1035,6 +1035,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Mon Mar 13 2023 Todd Zullinger - 2.40.0-1 +- update to 2.40.0 + * Tue Mar 07 2023 Todd Zullinger - 2.40.0-0.2.rc2 - update to 2.40.0-rc2 diff --git a/sources b/sources index c7bdf9d..fe20049 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.40.0.rc2.tar.xz) = e038ddc97b95a0e2e50fcc35308041586e4c40891ce9e491b922a9fe0c40fd816387d84266acfd55565f90c4b6d794880952d6ce8ea19e68ef5451ace9a76548 -SHA512 (git-2.40.0.rc2.tar.sign) = 5a0c16b11293ccea1c90612b2076e202c23ce8bd16584ab5416397906b2bddf21b23397ef0bf5517093e85986bfd258233e45f0509b2336dc7e566e99cf1d32b +SHA512 (git-2.40.0.tar.xz) = a2720f8f9a0258c0bb5e23badcfd68a147682e45a5d039a42c47128296c508109d5039029db89311a35db97a9008585e84ed11b400846502c9be913d67f0fd90 +SHA512 (git-2.40.0.tar.sign) = 30376e2487abb247d32b080b37c008dca59067f94f93769197fc2c096ac6a433598578af852f6b343a18e57587f7ff9eac30899393abae0658d68317a5b2fe65 From b477fc33188a26bbde2836491875dca2446d8009 Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Tue, 25 Apr 2023 13:12:02 -0400 Subject: [PATCH 060/113] update to 2.40.1 (CVE-2023-25652, CVE-2023-25815, CVE-2023-29007) Refer to the release notes for 2.30.9 for details of each CVE as well as the following security advisories from the git project: https://github.com/git/git/security/advisories/GHSA-2hvf-7c8p-28fx (CVE-2023-25652) https://github.com/git/git/security/advisories/GHSA-v48j-4xgg-4844 (CVE-2023-29007) (At this time there is no upstream advisory for CVE-2023-25815. This issue does not affect the Fedora packages as we do not use the runtime prefix support.) Release notes: https://github.com/git/git/raw/v2.30.9/Documentation/RelNotes/2.30.9.txt https://github.com/git/git/raw/v2.40.1/Documentation/RelNotes/2.40.1.txt --- git.spec | 5 ++++- sources | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/git.spec b/git.spec index f12729c..2e013b3 100644 --- a/git.spec +++ b/git.spec @@ -80,7 +80,7 @@ %global _package_note_file %{_builddir}/%{name}-%{version}%{?rcrev}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git -Version: 2.40.0 +Version: 2.40.1 Release: 1%{?rcrev}%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT @@ -1035,6 +1035,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Tue Apr 25 2023 Todd Zullinger - 2.40.1-1 +- update to 2.40.1 (CVE-2023-25652, CVE-2023-25815, CVE-2023-29007) + * Mon Mar 13 2023 Todd Zullinger - 2.40.0-1 - update to 2.40.0 diff --git a/sources b/sources index fe20049..0ab8e9c 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.40.0.tar.xz) = a2720f8f9a0258c0bb5e23badcfd68a147682e45a5d039a42c47128296c508109d5039029db89311a35db97a9008585e84ed11b400846502c9be913d67f0fd90 -SHA512 (git-2.40.0.tar.sign) = 30376e2487abb247d32b080b37c008dca59067f94f93769197fc2c096ac6a433598578af852f6b343a18e57587f7ff9eac30899393abae0658d68317a5b2fe65 +SHA512 (git-2.40.1.tar.xz) = 9ab41c64c6e666c314683bc4925535e037d43f947b8d327ff7d0379ac12899f4effcc2fe4e47b1ce652ad7140aa4f01f3b99f9cc0cf854cfeface1a5d3e1893e +SHA512 (git-2.40.1.tar.sign) = b8becacee3736bf2f5c661da4d3f86042544717556e8924a4f385c4966886ffe7558ef05bf5ce58c38e404c477b299f952fd83ed249802ddaf6bd4bf9f3885f8 From d050347835c141152fe4e78cdb3a9d7c849cff9b Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Fri, 12 May 2023 21:07:56 -0400 Subject: [PATCH 061/113] use tilde versioning for release candidates All supported released of Fedora and EPEL support the tilde notation. Reference: https://docs.fedoraproject.org/en-US/packaging-guidelines/Versioning/ --- git.spec | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/git.spec b/git.spec index 2e013b3..c778286 100644 --- a/git.spec +++ b/git.spec @@ -73,20 +73,23 @@ # Define %%bash_completions_dir for EL <= 9 %{?!bash_completions_dir:%global bash_completions_dir %{_datadir}/bash-completion/completions} -# Define for release candidates -#global rcrev .rc0 +# Adjust Source URL path for release candidates +%global rcpath %(test "%{version}" = "%{real_version}" || echo testing/) # Set path to the package-notes linker script -%global _package_note_file %{_builddir}/%{name}-%{version}%{?rcrev}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld +%global _package_note_file %{_builddir}/%{name}-%{real_version}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git Version: 2.40.1 -Release: 1%{?rcrev}%{?dist} +Release: 2%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT URL: https://git-scm.com/ -Source0: https://www.kernel.org/pub/software/scm/git/%{?rcrev:testing/}%{name}-%{version}%{?rcrev}.tar.xz -Source1: https://www.kernel.org/pub/software/scm/git/%{?rcrev:testing/}%{name}-%{version}%{?rcrev}.tar.sign + +# Note: real_version must be defined _after_ Version +%global real_version %(echo %{version} | tr '~' '.') +Source0: https://www.kernel.org/pub/software/scm/git/%{rcpath}%{name}-%{real_version}.tar.xz +Source1: https://www.kernel.org/pub/software/scm/git/%{rcpath}%{name}-%{real_version}.tar.sign # Junio C Hamano's key is used to sign git releases, it can be found in the # junio-gpg-pub tag within git. @@ -516,7 +519,7 @@ Requires: subversion # Verify GPG signatures xz -dc '%{SOURCE0}' | %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data=- -%autosetup -p1 -n %{name}-%{version}%{?rcrev} +%autosetup -p1 -n %{name}-%{real_version} # Install print-failed-test-output script install -p -m 755 %{SOURCE99} print-failed-test-output @@ -1035,6 +1038,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Fri May 12 2023 Todd Zullinger - 2.40.1-2 +- use tilde versioning for release candidates + * Tue Apr 25 2023 Todd Zullinger - 2.40.1-1 - update to 2.40.1 (CVE-2023-25652, CVE-2023-25815, CVE-2023-29007) From 08d76e08ab2ee8ec274df2cce2248f2d00a53806 Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Mon, 15 May 2023 22:56:47 -0400 Subject: [PATCH 062/113] update to 2.41.0-rc0 Release notes: https://github.com/git/git/raw/v2.41.0-rc0/Documentation/RelNotes/2.41.0.txt --- git.spec | 7 +++++-- sources | 4 ++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/git.spec b/git.spec index c778286..4682eb9 100644 --- a/git.spec +++ b/git.spec @@ -80,8 +80,8 @@ %global _package_note_file %{_builddir}/%{name}-%{real_version}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git -Version: 2.40.1 -Release: 2%{?dist} +Version: 2.41.0~rc0 +Release: 1%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT URL: https://git-scm.com/ @@ -1038,6 +1038,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Mon May 15 2023 Todd Zullinger - 2.41.0~rc0-1 +- update to 2.41.0-rc0 + * Fri May 12 2023 Todd Zullinger - 2.40.1-2 - use tilde versioning for release candidates diff --git a/sources b/sources index 0ab8e9c..53dbdb6 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.40.1.tar.xz) = 9ab41c64c6e666c314683bc4925535e037d43f947b8d327ff7d0379ac12899f4effcc2fe4e47b1ce652ad7140aa4f01f3b99f9cc0cf854cfeface1a5d3e1893e -SHA512 (git-2.40.1.tar.sign) = b8becacee3736bf2f5c661da4d3f86042544717556e8924a4f385c4966886ffe7558ef05bf5ce58c38e404c477b299f952fd83ed249802ddaf6bd4bf9f3885f8 +SHA512 (git-2.41.0.rc0.tar.xz) = c553c793055c9457e1223659d96e4972167f5d4286b50e6c6d02a876bff0359b5c8da486bcf7e6bac8b94fe791c78d41ff7ce57c4919514170ab01f6753a6d71 +SHA512 (git-2.41.0.rc0.tar.sign) = 11282774744481e37bfbf0c1fed05c72f237f8b2a120f9bfca9fdb4a0672a1f05dfaa53d55d402d786580591c81cf5751bc0611601f594f3e32760e412c06c00 From 3f9ea1c48989a7299dfd4b731371c3ee0dc636ff Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Fri, 19 May 2023 14:38:52 -0400 Subject: [PATCH 063/113] update to 2.41.0-rc1 Release notes: https://github.com/git/git/raw/v2.41.0-rc1/Documentation/RelNotes/2.41.0.txt --- 0001-t-lib-httpd-try-harder-to-find-a-port-for-apache.patch | 6 +++--- 0002-t-lib-git-daemon-try-harder-to-find-a-port.patch | 2 +- 0003-t-lib-git-svn-try-harder-to-find-a-port.patch | 2 +- git.spec | 5 ++++- sources | 4 ++-- 5 files changed, 11 insertions(+), 8 deletions(-) diff --git a/0001-t-lib-httpd-try-harder-to-find-a-port-for-apache.patch b/0001-t-lib-httpd-try-harder-to-find-a-port-for-apache.patch index f7c1509..733f9c0 100644 --- a/0001-t-lib-httpd-try-harder-to-find-a-port-for-apache.patch +++ b/0001-t-lib-httpd-try-harder-to-find-a-port-for-apache.patch @@ -1,4 +1,4 @@ -From aedeaaf788bd8a7fc5a1887196b6f6d8a5c31362 Mon Sep 17 00:00:00 2001 +From 89ccbc15948db9ddbf74530e3fd66dd78ae897ae Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Sun, 21 Aug 2022 13:49:57 -0400 Subject: [PATCH] t/lib-httpd: try harder to find a port for apache @@ -30,10 +30,10 @@ Signed-off-by: Todd Zullinger 1 file changed, 18 insertions(+), 11 deletions(-) diff --git a/t/lib-httpd.sh b/t/lib-httpd.sh -index 1f6b9b08d1..9279dcd659 100644 +index 2fb1b2ae56..4afdf5a6aa 100644 --- a/t/lib-httpd.sh +++ b/t/lib-httpd.sh -@@ -175,19 +175,26 @@ prepare_httpd() { +@@ -206,19 +206,26 @@ enable_cgipassauth () { } start_httpd() { diff --git a/0002-t-lib-git-daemon-try-harder-to-find-a-port.patch b/0002-t-lib-git-daemon-try-harder-to-find-a-port.patch index 4540b63..37637bc 100644 --- a/0002-t-lib-git-daemon-try-harder-to-find-a-port.patch +++ b/0002-t-lib-git-daemon-try-harder-to-find-a-port.patch @@ -1,4 +1,4 @@ -From 16750d024ce038b019ab2e9ee5639901e445af37 Mon Sep 17 00:00:00 2001 +From e90e1068ddc9cfa3badd23b16a46c57ed6d8308a Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Fri, 26 Aug 2022 18:28:44 -0400 Subject: [PATCH] t/lib-git-daemon: try harder to find a port diff --git a/0003-t-lib-git-svn-try-harder-to-find-a-port.patch b/0003-t-lib-git-svn-try-harder-to-find-a-port.patch index 56624e2..905174e 100644 --- a/0003-t-lib-git-svn-try-harder-to-find-a-port.patch +++ b/0003-t-lib-git-svn-try-harder-to-find-a-port.patch @@ -1,4 +1,4 @@ -From aa5105dc115b43edc6c9c11714b092583f1221aa Mon Sep 17 00:00:00 2001 +From 41423d666fd52eaa6aa2b44a0de1b81d0857ca06 Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Fri, 26 Aug 2022 18:28:44 -0400 Subject: [PATCH] t/lib-git-svn: try harder to find a port diff --git a/git.spec b/git.spec index 4682eb9..78e7721 100644 --- a/git.spec +++ b/git.spec @@ -80,7 +80,7 @@ %global _package_note_file %{_builddir}/%{name}-%{real_version}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git -Version: 2.41.0~rc0 +Version: 2.41.0~rc1 Release: 1%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT @@ -1038,6 +1038,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Fri May 19 2023 Todd Zullinger - 2.41.0~rc1-1 +- update to 2.41.0-rc1 + * Mon May 15 2023 Todd Zullinger - 2.41.0~rc0-1 - update to 2.41.0-rc0 diff --git a/sources b/sources index 53dbdb6..bd57bbd 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.41.0.rc0.tar.xz) = c553c793055c9457e1223659d96e4972167f5d4286b50e6c6d02a876bff0359b5c8da486bcf7e6bac8b94fe791c78d41ff7ce57c4919514170ab01f6753a6d71 -SHA512 (git-2.41.0.rc0.tar.sign) = 11282774744481e37bfbf0c1fed05c72f237f8b2a120f9bfca9fdb4a0672a1f05dfaa53d55d402d786580591c81cf5751bc0611601f594f3e32760e412c06c00 +SHA512 (git-2.41.0.rc1.tar.xz) = a93e169344d5ff6bb40bbd670e6f3a755a827f6b26089018f27892b4a0831349aa0c0019f8b573950359dfc271dd9317d31667b49d8aa343f2e079051c805ef0 +SHA512 (git-2.41.0.rc1.tar.sign) = 842ab4b4ba6d306c9de220426399ae1d3d32ae19029ad498e6e821ed4d79dfc68bc85beabdb56e39ff8dfd4bd8e6b2049bd919f9d5f0d03794f5a8a7ee36fa24 From a297238a545e63768f983e59f39149cf3c6dd6b5 Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Wed, 24 May 2023 17:50:22 -0400 Subject: [PATCH 064/113] update to 2.41.0-rc2 Release notes: https://github.com/git/git/raw/v2.41.0-rc2/Documentation/RelNotes/2.41.0.txt --- git.spec | 5 ++++- sources | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/git.spec b/git.spec index 78e7721..784a2e4 100644 --- a/git.spec +++ b/git.spec @@ -80,7 +80,7 @@ %global _package_note_file %{_builddir}/%{name}-%{real_version}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git -Version: 2.41.0~rc1 +Version: 2.41.0~rc2 Release: 1%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT @@ -1038,6 +1038,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Wed May 24 2023 Todd Zullinger - 2.41.0~rc2-1 +- update to 2.41.0-rc2 + * Fri May 19 2023 Todd Zullinger - 2.41.0~rc1-1 - update to 2.41.0-rc1 diff --git a/sources b/sources index bd57bbd..b7764f2 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.41.0.rc1.tar.xz) = a93e169344d5ff6bb40bbd670e6f3a755a827f6b26089018f27892b4a0831349aa0c0019f8b573950359dfc271dd9317d31667b49d8aa343f2e079051c805ef0 -SHA512 (git-2.41.0.rc1.tar.sign) = 842ab4b4ba6d306c9de220426399ae1d3d32ae19029ad498e6e821ed4d79dfc68bc85beabdb56e39ff8dfd4bd8e6b2049bd919f9d5f0d03794f5a8a7ee36fa24 +SHA512 (git-2.41.0.rc2.tar.xz) = 0f833dfd06a48e7a85f9b6b5133747624a3494de722160d0187a7e2e97465409849c55cdf25706ce58fa8f3079eafb9a0c3dc9658d91f207308de90560b30d57 +SHA512 (git-2.41.0.rc2.tar.sign) = e6695fe689cc6c3c1abeb9bb8bcf684f90dbd7d073e031bec704a7ecf25f7f22fa6ef9319bbc894baede42db06192cb9a8fdda3ec5eade7d6defb9dbf07a1b4b From 9e3c6109b5e750d2d0877cf2c84167c3dca1914e Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Wed, 24 May 2023 21:26:16 -0400 Subject: [PATCH 065/113] git.skip-test-patterns: ignore 'skip all tests in t5559' We added t5559-http-fetch-smart-http2 to GIT_SKIP_TESTS in 7d21254 (update to 2.39.0-rc0, 2022-11-23). Update git.skip-test-patterns to reflect this. --- git.skip-test-patterns | 1 + 1 file changed, 1 insertion(+) diff --git a/git.skip-test-patterns b/git.skip-test-patterns index 12b247d..a310f5a 100644 --- a/git.skip-test-patterns +++ b/git.skip-test-patterns @@ -22,6 +22,7 @@ missing SYMLINKS_WINDOWS missing TAR_NEEDS_PAX_FALLBACK missing UTF8_NFD_TO_NFC missing WINDOWS +skipped: skip all tests in t5559 skipping case insensitive tests skipping git p4 tests skipping remote-svn tests, python not available From bae778cbc1db8aa2dad565de1f968c6677aafa06 Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Thu, 1 Jun 2023 10:20:55 -0400 Subject: [PATCH 066/113] fix Source URL handling Move %rcpath definition added d050347 (use tilde versioning for release candidates, 2023-05-12) after %real_version. Otherwise, it is not parsed correctly. (I'm pretty sure it worked in the past, but it certainly doesn't now.) --- git.spec | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/git.spec b/git.spec index 784a2e4..1488eb3 100644 --- a/git.spec +++ b/git.spec @@ -73,9 +73,6 @@ # Define %%bash_completions_dir for EL <= 9 %{?!bash_completions_dir:%global bash_completions_dir %{_datadir}/bash-completion/completions} -# Adjust Source URL path for release candidates -%global rcpath %(test "%{version}" = "%{real_version}" || echo testing/) - # Set path to the package-notes linker script %global _package_note_file %{_builddir}/%{name}-%{real_version}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld @@ -88,6 +85,10 @@ URL: https://git-scm.com/ # Note: real_version must be defined _after_ Version %global real_version %(echo %{version} | tr '~' '.') + +# Adjust Source URL path for release candidates +%global rcpath %(test "%{version}" = "%{real_version}" || echo testing/) + Source0: https://www.kernel.org/pub/software/scm/git/%{rcpath}%{name}-%{real_version}.tar.xz Source1: https://www.kernel.org/pub/software/scm/git/%{rcpath}%{name}-%{real_version}.tar.sign From ee7f0d47a7a5bbcc3640435ffa29a07495e0695b Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Thu, 1 Jun 2023 10:24:28 -0400 Subject: [PATCH 067/113] update to 2.41.0 Release notes: https://github.com/git/git/raw/v2.41.0/Documentation/RelNotes/2.41.0.txt --- git.spec | 5 ++++- sources | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/git.spec b/git.spec index 1488eb3..0fc1d29 100644 --- a/git.spec +++ b/git.spec @@ -77,7 +77,7 @@ %global _package_note_file %{_builddir}/%{name}-%{real_version}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git -Version: 2.41.0~rc2 +Version: 2.41.0 Release: 1%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT @@ -1039,6 +1039,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Thu Jun 01 2023 Todd Zullinger - 2.41.0-1 +- update to 2.41.0 + * Wed May 24 2023 Todd Zullinger - 2.41.0~rc2-1 - update to 2.41.0-rc2 diff --git a/sources b/sources index b7764f2..d13f7c2 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.41.0.rc2.tar.xz) = 0f833dfd06a48e7a85f9b6b5133747624a3494de722160d0187a7e2e97465409849c55cdf25706ce58fa8f3079eafb9a0c3dc9658d91f207308de90560b30d57 -SHA512 (git-2.41.0.rc2.tar.sign) = e6695fe689cc6c3c1abeb9bb8bcf684f90dbd7d073e031bec704a7ecf25f7f22fa6ef9319bbc894baede42db06192cb9a8fdda3ec5eade7d6defb9dbf07a1b4b +SHA512 (git-2.41.0.tar.xz) = a215bc6d89afbddd56adac901c24ea2b7f98a37bf6a6a2756893947012ffaa850e76247a3445a5ab13ab5a462f39986fec33eed086148aba5eb554dc1799fee0 +SHA512 (git-2.41.0.tar.sign) = 140f088254997e05bb444ed25f18ae9cadec9c24081acfc66670f153cbeecd2cdb722b07b5678da95c578dd29ad81dcf683264a503b37d63400f0746bbfa8762 From 2600353fc110e5eaa2b714b2cbc28a57251e1fc5 Mon Sep 17 00:00:00 2001 From: Yaakov Selkowitz Date: Thu, 6 Jul 2023 12:01:33 -0400 Subject: [PATCH 068/113] Fix file dependencies Installation path macros must not be used in file dependencies: https://docs.fedoraproject.org/en-US/packaging-guidelines/#_file_and_directory_dependencies --- git.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/git.spec b/git.spec index 0fc1d29..75c41fd 100644 --- a/git.spec +++ b/git.spec @@ -129,7 +129,7 @@ Patch3: 0003-t-lib-git-svn-try-harder-to-find-a-port.patch %if %{with docs} # pod2man is needed to build Git.3pm -BuildRequires: %{_bindir}/pod2man +BuildRequires: /usr/bin/pod2man %if %{with asciidoctor} BuildRequires: docbook5-style-xsl BuildRequires: rubygem-asciidoctor From be8516cba36a4b157091e2c8203de434d20da12f Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 19 Jul 2023 23:01:21 +0000 Subject: [PATCH 069/113] Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- git.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/git.spec b/git.spec index 75c41fd..7d49676 100644 --- a/git.spec +++ b/git.spec @@ -78,7 +78,7 @@ Name: git Version: 2.41.0 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT URL: https://git-scm.com/ @@ -1039,6 +1039,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Wed Jul 19 2023 Fedora Release Engineering - 2.41.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + * Thu Jun 01 2023 Todd Zullinger - 2.41.0-1 - update to 2.41.0 From ac4f507599c0a479e2a25e492c21c4d4e5b51379 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= Date: Tue, 3 Oct 2023 15:31:37 +0200 Subject: [PATCH 070/113] update to 2.42.0 --- git.spec | 7 +++++-- sources | 4 ++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/git.spec b/git.spec index 7d49676..850c7f7 100644 --- a/git.spec +++ b/git.spec @@ -77,8 +77,8 @@ %global _package_note_file %{_builddir}/%{name}-%{real_version}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git -Version: 2.41.0 -Release: 2%{?dist} +Version: 2.42.0 +Release: 1%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT URL: https://git-scm.com/ @@ -1039,6 +1039,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Tue Oct 03 2023 Ondřej Pohořelský - 2.42.0-1 +- update to 2.42.0 + * Wed Jul 19 2023 Fedora Release Engineering - 2.41.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild diff --git a/sources b/sources index d13f7c2..bbad81c 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.41.0.tar.xz) = a215bc6d89afbddd56adac901c24ea2b7f98a37bf6a6a2756893947012ffaa850e76247a3445a5ab13ab5a462f39986fec33eed086148aba5eb554dc1799fee0 -SHA512 (git-2.41.0.tar.sign) = 140f088254997e05bb444ed25f18ae9cadec9c24081acfc66670f153cbeecd2cdb722b07b5678da95c578dd29ad81dcf683264a503b37d63400f0746bbfa8762 +SHA512 (git-2.42.0.tar.xz) = afe5bca3c084d4ddd66f20afa820ba10f61007f66846108929e0d4ee7b7eaa896fcf00917dead16881d840f674dec6dd0e353a05e62a31016694af3d7d22a51d +SHA512 (git-2.42.0.tar.sign) = 847914db4f035095643cf38af87e53be82b0d10c0fdcb862f5015df01662c15d6d77410e4f4aaa5ad510d9d82c830a0218465d10905f3ec048929b1c02be6d5d From 7edc80fb3b509faf1180a2694b93c41b263c3b12 Mon Sep 17 00:00:00 2001 From: Joe Orton Date: Wed, 1 Nov 2023 21:22:49 +0000 Subject: [PATCH 071/113] remove explicit BR for apr-util-bdb (#2247532) --- git.spec | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/git.spec b/git.spec index 850c7f7..0c0317e 100644 --- a/git.spec +++ b/git.spec @@ -78,7 +78,7 @@ Name: git Version: 2.42.0 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT URL: https://git-scm.com/ @@ -192,9 +192,11 @@ BuildRequires: zlib-devel >= 1.2 %if %{with tests} # Test suite requirements BuildRequires: acl -%if 0%{?fedora} || 0%{?rhel} >= 8 -# Needed by t5540-http-push-webdav.sh +%if (0%{?fedora} && 0%{?fedora} < 40) || (0%{?rhel} >= 8 && 0%{?rhel} < 10) +# Needed by t5540-http-push-webdav.sh; recent httpd obviates this BuildRequires: apr-util-bdb +%endif +%if 0%{?fedora} || 0%{?rhel} >= 8 # Needed by t5559-http-fetch-smart-http2.sh BuildRequires: mod_http2 %endif @@ -1039,6 +1041,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Wed Nov 1 2023 Joe Orton - 2.42.0-2 +- remove explicit BR for apr-util-bdb (#2247532) + * Tue Oct 03 2023 Ondřej Pohořelský - 2.42.0-1 - update to 2.42.0 From 3b9b7132ccf307840fc3cd24868c8f61ca6c30b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= Date: Tue, 14 Nov 2023 15:15:16 +0100 Subject: [PATCH 072/113] update to 2.42.1 --- ...oid-duplicate-specification-warnings.patch | 86 +++++++++++++++++++ git.spec | 10 ++- sources | 4 +- 3 files changed, 96 insertions(+), 4 deletions(-) create mode 100644 0001-send-email-avoid-duplicate-specification-warnings.patch diff --git a/0001-send-email-avoid-duplicate-specification-warnings.patch b/0001-send-email-avoid-duplicate-specification-warnings.patch new file mode 100644 index 0000000..3dee265 --- /dev/null +++ b/0001-send-email-avoid-duplicate-specification-warnings.patch @@ -0,0 +1,86 @@ +From 0fdc014acc342dace179ba698e58fcb138fb86de Mon Sep 17 00:00:00 2001 +From: Todd Zullinger +Date: Tue, 14 Nov 2023 11:38:19 -0500 +Subject: [PATCH] send-email: avoid duplicate specification warnings + +With perl-Getopt-Long >= 2.55, a warning is issued for options which are +specified more than once. In addition to causing users to see warnings, +this results in test failures which compare the output. An example, +from t9001-send-email.37: + + | +++ diff -u expect actual + | --- expect 2023-11-14 10:38:23.854346488 +0000 + | +++ actual 2023-11-14 10:38:23.848346466 +0000 + | @@ -1,2 +1,7 @@ + | +Duplicate specification "no-chain-reply-to" for option "no-chain-reply-to" + | +Duplicate specification "to-cover|to-cover!" for option "to-cover" + | +Duplicate specification "cc-cover|cc-cover!" for option "cc-cover" + | +Duplicate specification "no-thread" for option "no-thread" + | +Duplicate specification "no-to-cover" for option "no-to-cover" + | fatal: longline.patch:35 is longer than 998 characters + | warning: no patches were sent + | error: last command exited with $?=1 + | not ok 37 - reject long lines + +Remove the duplicate option specs. + +Signed-off-by: Todd Zullinger +--- + git-send-email.perl | 16 +++------------- + 1 file changed, 3 insertions(+), 13 deletions(-) + +diff --git a/git-send-email.perl b/git-send-email.perl +index affbb88509..3c678c8998 100755 +--- a/git-send-email.perl ++++ b/git-send-email.perl +@@ -503,7 +503,6 @@ sub config_regexp { + "bcc=s" => \@getopt_bcc, + "no-bcc" => \$no_bcc, + "chain-reply-to!" => \$chain_reply_to, +- "no-chain-reply-to" => sub {$chain_reply_to = 0}, + "sendmail-cmd=s" => \$sendmail_cmd, + "smtp-server=s" => \$smtp_server, + "smtp-server-option=s" => \@smtp_server_options, +@@ -518,36 +517,27 @@ sub config_regexp { + "smtp-auth=s" => \$smtp_auth, + "no-smtp-auth" => sub {$smtp_auth = 'none'}, + "annotate!" => \$annotate, +- "no-annotate" => sub {$annotate = 0}, + "compose" => \$compose, + "quiet" => \$quiet, + "cc-cmd=s" => \$cc_cmd, + "header-cmd=s" => \$header_cmd, + "no-header-cmd" => \$no_header_cmd, + "suppress-from!" => \$suppress_from, +- "no-suppress-from" => sub {$suppress_from = 0}, + "suppress-cc=s" => \@suppress_cc, +- "signed-off-cc|signed-off-by-cc!" => \$signed_off_by_cc, +- "no-signed-off-cc|no-signed-off-by-cc" => sub {$signed_off_by_cc = 0}, +- "cc-cover|cc-cover!" => \$cover_cc, +- "no-cc-cover" => sub {$cover_cc = 0}, +- "to-cover|to-cover!" => \$cover_to, +- "no-to-cover" => sub {$cover_to = 0}, ++ "signed-off-by-cc!" => \$signed_off_by_cc, ++ "cc-cover!" => \$cover_cc, ++ "to-cover!" => \$cover_to, + "confirm=s" => \$confirm, + "dry-run" => \$dry_run, + "envelope-sender=s" => \$envelope_sender, + "thread!" => \$thread, +- "no-thread" => sub {$thread = 0}, + "validate!" => \$validate, +- "no-validate" => sub {$validate = 0}, + "transfer-encoding=s" => \$target_xfer_encoding, + "format-patch!" => \$format_patch, +- "no-format-patch" => sub {$format_patch = 0}, + "8bit-encoding=s" => \$auto_8bit_encoding, + "compose-encoding=s" => \$compose_encoding, + "force" => \$force, + "xmailer!" => \$use_xmailer, +- "no-xmailer" => sub {$use_xmailer = 0}, + "batch-size=i" => \$batch_size, + "relogin-delay=i" => \$relogin_delay, + "git-completion-helper" => \$git_completion_helper, +-- +2.42.0 + diff --git a/git.spec b/git.spec index 0c0317e..11e4de5 100644 --- a/git.spec +++ b/git.spec @@ -77,8 +77,8 @@ %global _package_note_file %{_builddir}/%{name}-%{real_version}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git -Version: 2.42.0 -Release: 2%{?dist} +Version: 2.42.1 +Release: 1%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT URL: https://git-scm.com/ @@ -127,6 +127,9 @@ Patch2: 0002-t-lib-git-daemon-try-harder-to-find-a-port.patch # https://github.com/tmzullinger/git/commit/aa5105dc11 Patch3: 0003-t-lib-git-svn-try-harder-to-find-a-port.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=2247532#c8 +Patch4: 0001-send-email-avoid-duplicate-specification-warnings.patch + %if %{with docs} # pod2man is needed to build Git.3pm BuildRequires: /usr/bin/pod2man @@ -1041,6 +1044,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Tue Nov 14 2023 Ondřej Pohořelský - 2.42.1-1 +- update to 2.42.1 + * Wed Nov 1 2023 Joe Orton - 2.42.0-2 - remove explicit BR for apr-util-bdb (#2247532) diff --git a/sources b/sources index bbad81c..696da6f 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.42.0.tar.xz) = afe5bca3c084d4ddd66f20afa820ba10f61007f66846108929e0d4ee7b7eaa896fcf00917dead16881d840f674dec6dd0e353a05e62a31016694af3d7d22a51d -SHA512 (git-2.42.0.tar.sign) = 847914db4f035095643cf38af87e53be82b0d10c0fdcb862f5015df01662c15d6d77410e4f4aaa5ad510d9d82c830a0218465d10905f3ec048929b1c02be6d5d +SHA512 (git-2.42.1.tar.xz) = 5946699108d4181e14fc3c61e4a4ebadcf8a876248c3f570ca22e6d95d8fea4eeb424d6e0c897d180df5959b8b2e3b0dd4e005d4c38bed2d35a2ed8036e6dc95 +SHA512 (git-2.42.1.tar.sign) = b4997c809d5b2010d1d5a9383a0546dd07ab3e87ac49a896a53dce0f5467a72db6149c07d36e2b2fdaf1e603937c1fdbff43393dac39ce37693e65e88071162c From f2b3ab26cc456c3905b9b19725937f0faa281d6c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= Date: Tue, 21 Nov 2023 14:23:40 +0100 Subject: [PATCH 073/113] update to 2.43.0 --- git.spec | 5 ++++- sources | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/git.spec b/git.spec index 11e4de5..0f1db2d 100644 --- a/git.spec +++ b/git.spec @@ -77,7 +77,7 @@ %global _package_note_file %{_builddir}/%{name}-%{real_version}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git -Version: 2.42.1 +Version: 2.43.0 Release: 1%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT @@ -1044,6 +1044,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Tue Nov 21 2023 Ondřej Pohořelský - 2.43.0-1 +- update to 2.43.0 + * Tue Nov 14 2023 Ondřej Pohořelský - 2.42.1-1 - update to 2.42.1 diff --git a/sources b/sources index 696da6f..8c3805e 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.42.1.tar.xz) = 5946699108d4181e14fc3c61e4a4ebadcf8a876248c3f570ca22e6d95d8fea4eeb424d6e0c897d180df5959b8b2e3b0dd4e005d4c38bed2d35a2ed8036e6dc95 -SHA512 (git-2.42.1.tar.sign) = b4997c809d5b2010d1d5a9383a0546dd07ab3e87ac49a896a53dce0f5467a72db6149c07d36e2b2fdaf1e603937c1fdbff43393dac39ce37693e65e88071162c +SHA512 (git-2.43.0.tar.xz) = d0c1694ae23ff7d523e617b98d7c9a9753a2ee58f92c21b67a192d1c57398a62ff9c1a34558ae31af8dc8d95122c219f39f654e99a3b4e7cfc3dd07be9e13203 +SHA512 (git-2.43.0.tar.sign) = 4ff055db9b7100c40427a570f8fb6ec4b5ea943d197597ca8061924afbc6eb46d28aaf46c31679addb8adaf4f672e7efb96e088b789d172b5270420a7e5fde67 From a8ab7b524dc420913420c2d4fbe7afbdcd2a7925 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= Date: Wed, 20 Dec 2023 18:21:47 +0100 Subject: [PATCH 074/113] Disable t6300.35 t6300.107 t6300.108 These tests break with zlib-ng, disable them until upstream merges patch solving this issue. --- git.spec | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/git.spec b/git.spec index 0f1db2d..0c907b8 100644 --- a/git.spec +++ b/git.spec @@ -823,7 +823,13 @@ find %{buildroot}%{_pkgdocdir} -name "*.html" -print0 | xargs -r0 linkchecker # t5559-http-fetch-smart-http2 runs t5551-http-fetch-smart with # HTTP_PROTO=HTTP/2. Unfortunately, it fails quite regularly. # https://lore.kernel.org/git/Y4fUntdlc1mqwad5@pobox.com/ -GIT_SKIP_TESTS="t5559" +# +# t6300.35 t6300.107 t6300.108 are skipped due to them failing +# with zlib-ng +# https://bugzilla.redhat.com/show_bug.cgi?id=2253368 +# These tests will be enabled again in next git release, where +# fix should be in place. +GIT_SKIP_TESTS="t5559 t6300.35 t6300.107 t6300.108" %if 0%{?rhel} && 0%{?rhel} < 8 # Skip tests which require mod_http2 on el7 From 9323031c03a8a93098509590bbb093e354edc957 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= Date: Tue, 9 Jan 2024 11:47:09 +0100 Subject: [PATCH 075/113] apache.conf set DavLockDBType to sdbm With the recent change that drops apr-util-bdb build require, in favor of httpd, t5540 started failing on tests using git-httpd-push. This patch sets DavLockDBType to sdbm, fixing these failures. --- git-test-apache-davlockdbtype-config.patch | 14 ++++++++++++++ git.spec | 4 ++++ 2 files changed, 18 insertions(+) create mode 100644 git-test-apache-davlockdbtype-config.patch diff --git a/git-test-apache-davlockdbtype-config.patch b/git-test-apache-davlockdbtype-config.patch new file mode 100644 index 0000000..882006a --- /dev/null +++ b/git-test-apache-davlockdbtype-config.patch @@ -0,0 +1,14 @@ +diff -ur b/t/lib-httpd/apache.conf a/t/lib-httpd/apache.conf +--- b/t/lib-httpd/apache.conf 2024-01-09 11:06:46.660868023 +0100 ++++ a/t/lib-httpd/apache.conf 2024-01-09 11:09:09.572713625 +0100 +@@ -272,7 +272,9 @@ + + LoadModule dav_module modules/mod_dav.so + LoadModule dav_fs_module modules/mod_dav_fs.so +- ++ ++ DavLockDBType sdbm ++ + DAVLockDB DAVLock + + Dav on diff --git a/git.spec b/git.spec index 0c907b8..5a1b814 100644 --- a/git.spec +++ b/git.spec @@ -130,6 +130,10 @@ Patch3: 0003-t-lib-git-svn-try-harder-to-find-a-port.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2247532#c8 Patch4: 0001-send-email-avoid-duplicate-specification-warnings.patch +# Configurates Apache test server to use `DavLockDBType sdbm` +# Prevents t5540 failures on i686, s390x and ppc64le +Patch5: git-test-apache-davlockdbtype-config.patch + %if %{with docs} # pod2man is needed to build Git.3pm BuildRequires: /usr/bin/pod2man From cab00c80b7fef4f53bcca93c6a537def82eb91f2 Mon Sep 17 00:00:00 2001 From: Yaakov Selkowitz Date: Mon, 1 Jan 2024 14:20:39 -0500 Subject: [PATCH 076/113] Fix perl-podlators dependency With /app-prefixed builds of perl now existing for flatpaks, file dependencies must not be used for perl components. --- git.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/git.spec b/git.spec index 5a1b814..05cea0e 100644 --- a/git.spec +++ b/git.spec @@ -136,7 +136,7 @@ Patch5: git-test-apache-davlockdbtype-config.patch %if %{with docs} # pod2man is needed to build Git.3pm -BuildRequires: /usr/bin/pod2man +BuildRequires: perl-podlators %if %{with asciidoctor} BuildRequires: docbook5-style-xsl BuildRequires: rubygem-asciidoctor From 75aab985567c39cbe11df4689a9c93f227e8f7c2 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 19 Jan 2024 22:22:27 +0000 Subject: [PATCH 077/113] Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild --- git.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/git.spec b/git.spec index 05cea0e..a74481b 100644 --- a/git.spec +++ b/git.spec @@ -78,7 +78,7 @@ Name: git Version: 2.43.0 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT URL: https://git-scm.com/ @@ -1054,6 +1054,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Fri Jan 19 2024 Fedora Release Engineering - 2.43.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + * Tue Nov 21 2023 Ondřej Pohořelský - 2.43.0-1 - update to 2.43.0 From 2a4367e6d7a12d591bc8339a04af88c983d1e06e Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 24 Jan 2024 14:51:35 +0000 Subject: [PATCH 078/113] Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild --- git.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/git.spec b/git.spec index a74481b..a46794f 100644 --- a/git.spec +++ b/git.spec @@ -78,7 +78,7 @@ Name: git Version: 2.43.0 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT URL: https://git-scm.com/ @@ -1054,6 +1054,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Wed Jan 24 2024 Fedora Release Engineering - 2.43.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + * Fri Jan 19 2024 Fedora Release Engineering - 2.43.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild From 11fa10276785738d6fd793d76d2e190986d17dbc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= Date: Mon, 12 Feb 2024 11:17:05 +0100 Subject: [PATCH 079/113] update to 2.43.1 resolves: #2263575 --- ...oid-duplicate-specification-warnings.patch | 86 ------------------- git.spec | 19 ++-- sources | 4 +- 3 files changed, 9 insertions(+), 100 deletions(-) delete mode 100644 0001-send-email-avoid-duplicate-specification-warnings.patch diff --git a/0001-send-email-avoid-duplicate-specification-warnings.patch b/0001-send-email-avoid-duplicate-specification-warnings.patch deleted file mode 100644 index 3dee265..0000000 --- a/0001-send-email-avoid-duplicate-specification-warnings.patch +++ /dev/null @@ -1,86 +0,0 @@ -From 0fdc014acc342dace179ba698e58fcb138fb86de Mon Sep 17 00:00:00 2001 -From: Todd Zullinger -Date: Tue, 14 Nov 2023 11:38:19 -0500 -Subject: [PATCH] send-email: avoid duplicate specification warnings - -With perl-Getopt-Long >= 2.55, a warning is issued for options which are -specified more than once. In addition to causing users to see warnings, -this results in test failures which compare the output. An example, -from t9001-send-email.37: - - | +++ diff -u expect actual - | --- expect 2023-11-14 10:38:23.854346488 +0000 - | +++ actual 2023-11-14 10:38:23.848346466 +0000 - | @@ -1,2 +1,7 @@ - | +Duplicate specification "no-chain-reply-to" for option "no-chain-reply-to" - | +Duplicate specification "to-cover|to-cover!" for option "to-cover" - | +Duplicate specification "cc-cover|cc-cover!" for option "cc-cover" - | +Duplicate specification "no-thread" for option "no-thread" - | +Duplicate specification "no-to-cover" for option "no-to-cover" - | fatal: longline.patch:35 is longer than 998 characters - | warning: no patches were sent - | error: last command exited with $?=1 - | not ok 37 - reject long lines - -Remove the duplicate option specs. - -Signed-off-by: Todd Zullinger ---- - git-send-email.perl | 16 +++------------- - 1 file changed, 3 insertions(+), 13 deletions(-) - -diff --git a/git-send-email.perl b/git-send-email.perl -index affbb88509..3c678c8998 100755 ---- a/git-send-email.perl -+++ b/git-send-email.perl -@@ -503,7 +503,6 @@ sub config_regexp { - "bcc=s" => \@getopt_bcc, - "no-bcc" => \$no_bcc, - "chain-reply-to!" => \$chain_reply_to, -- "no-chain-reply-to" => sub {$chain_reply_to = 0}, - "sendmail-cmd=s" => \$sendmail_cmd, - "smtp-server=s" => \$smtp_server, - "smtp-server-option=s" => \@smtp_server_options, -@@ -518,36 +517,27 @@ sub config_regexp { - "smtp-auth=s" => \$smtp_auth, - "no-smtp-auth" => sub {$smtp_auth = 'none'}, - "annotate!" => \$annotate, -- "no-annotate" => sub {$annotate = 0}, - "compose" => \$compose, - "quiet" => \$quiet, - "cc-cmd=s" => \$cc_cmd, - "header-cmd=s" => \$header_cmd, - "no-header-cmd" => \$no_header_cmd, - "suppress-from!" => \$suppress_from, -- "no-suppress-from" => sub {$suppress_from = 0}, - "suppress-cc=s" => \@suppress_cc, -- "signed-off-cc|signed-off-by-cc!" => \$signed_off_by_cc, -- "no-signed-off-cc|no-signed-off-by-cc" => sub {$signed_off_by_cc = 0}, -- "cc-cover|cc-cover!" => \$cover_cc, -- "no-cc-cover" => sub {$cover_cc = 0}, -- "to-cover|to-cover!" => \$cover_to, -- "no-to-cover" => sub {$cover_to = 0}, -+ "signed-off-by-cc!" => \$signed_off_by_cc, -+ "cc-cover!" => \$cover_cc, -+ "to-cover!" => \$cover_to, - "confirm=s" => \$confirm, - "dry-run" => \$dry_run, - "envelope-sender=s" => \$envelope_sender, - "thread!" => \$thread, -- "no-thread" => sub {$thread = 0}, - "validate!" => \$validate, -- "no-validate" => sub {$validate = 0}, - "transfer-encoding=s" => \$target_xfer_encoding, - "format-patch!" => \$format_patch, -- "no-format-patch" => sub {$format_patch = 0}, - "8bit-encoding=s" => \$auto_8bit_encoding, - "compose-encoding=s" => \$compose_encoding, - "force" => \$force, - "xmailer!" => \$use_xmailer, -- "no-xmailer" => sub {$use_xmailer = 0}, - "batch-size=i" => \$batch_size, - "relogin-delay=i" => \$relogin_delay, - "git-completion-helper" => \$git_completion_helper, --- -2.42.0 - diff --git a/git.spec b/git.spec index a46794f..dde6f6c 100644 --- a/git.spec +++ b/git.spec @@ -77,8 +77,8 @@ %global _package_note_file %{_builddir}/%{name}-%{real_version}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git -Version: 2.43.0 -Release: 3%{?dist} +Version: 2.43.1 +Release: 1%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT URL: https://git-scm.com/ @@ -127,9 +127,6 @@ Patch2: 0002-t-lib-git-daemon-try-harder-to-find-a-port.patch # https://github.com/tmzullinger/git/commit/aa5105dc11 Patch3: 0003-t-lib-git-svn-try-harder-to-find-a-port.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=2247532#c8 -Patch4: 0001-send-email-avoid-duplicate-specification-warnings.patch - # Configurates Apache test server to use `DavLockDBType sdbm` # Prevents t5540 failures on i686, s390x and ppc64le Patch5: git-test-apache-davlockdbtype-config.patch @@ -827,13 +824,7 @@ find %{buildroot}%{_pkgdocdir} -name "*.html" -print0 | xargs -r0 linkchecker # t5559-http-fetch-smart-http2 runs t5551-http-fetch-smart with # HTTP_PROTO=HTTP/2. Unfortunately, it fails quite regularly. # https://lore.kernel.org/git/Y4fUntdlc1mqwad5@pobox.com/ -# -# t6300.35 t6300.107 t6300.108 are skipped due to them failing -# with zlib-ng -# https://bugzilla.redhat.com/show_bug.cgi?id=2253368 -# These tests will be enabled again in next git release, where -# fix should be in place. -GIT_SKIP_TESTS="t5559 t6300.35 t6300.107 t6300.108" +GIT_SKIP_TESTS="t5559" %if 0%{?rhel} && 0%{?rhel} < 8 # Skip tests which require mod_http2 on el7 @@ -1054,6 +1045,10 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Mon Feb 12 2024 Ondřej Pohořelský - 2.43.1-1 +- update to 2.43.1 +- resolves: #2263575 + * Wed Jan 24 2024 Fedora Release Engineering - 2.43.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild diff --git a/sources b/sources index 8c3805e..0a91dab 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.43.0.tar.xz) = d0c1694ae23ff7d523e617b98d7c9a9753a2ee58f92c21b67a192d1c57398a62ff9c1a34558ae31af8dc8d95122c219f39f654e99a3b4e7cfc3dd07be9e13203 -SHA512 (git-2.43.0.tar.sign) = 4ff055db9b7100c40427a570f8fb6ec4b5ea943d197597ca8061924afbc6eb46d28aaf46c31679addb8adaf4f672e7efb96e088b789d172b5270420a7e5fde67 +SHA512 (git-2.43.1.tar.xz) = c8cb27645f09b831a6206bafa91c955d735b4257a98b1adaaaa5692a0a3aaa0417878095f88eca59d4fe0ffa058865508b5099db097e7b4b06253a16f57c3b3e +SHA512 (git-2.43.1.tar.sign) = 0f84b136111bc6f6b99ad325fd9def9554ed1ec032b765c32c7299e91702cf44251b31a2e5453ab1379b8c342f640736597459bfaddaf8c0064004ee32535820 From 9c8b3cf927a661dc73e5bb35de63298a081e098c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= Date: Thu, 15 Feb 2024 09:02:27 +0100 Subject: [PATCH 080/113] update to 2.43.2 Resolves: #2264318 --- git.spec | 6 +++++- sources | 4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/git.spec b/git.spec index dde6f6c..df05f4a 100644 --- a/git.spec +++ b/git.spec @@ -77,7 +77,7 @@ %global _package_note_file %{_builddir}/%{name}-%{real_version}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git -Version: 2.43.1 +Version: 2.43.2 Release: 1%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT @@ -1045,6 +1045,10 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Thu Feb 15 2024 Ondřej Pohořelský - 2.43.2-1 +- update to 2.43.2 +- Resolves: #2264318 + * Mon Feb 12 2024 Ondřej Pohořelský - 2.43.1-1 - update to 2.43.1 - resolves: #2263575 diff --git a/sources b/sources index 0a91dab..e229798 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.43.1.tar.xz) = c8cb27645f09b831a6206bafa91c955d735b4257a98b1adaaaa5692a0a3aaa0417878095f88eca59d4fe0ffa058865508b5099db097e7b4b06253a16f57c3b3e -SHA512 (git-2.43.1.tar.sign) = 0f84b136111bc6f6b99ad325fd9def9554ed1ec032b765c32c7299e91702cf44251b31a2e5453ab1379b8c342f640736597459bfaddaf8c0064004ee32535820 +SHA512 (git-2.43.2.tar.xz) = 0d95b8ac65bd76acb60c3b4d80242aeda8b2ab3dda7c8586ce46cc1ddedc000494b45fd269295033b82f38662cde08d366c63aa3ff39030500952342c9d3b280 +SHA512 (git-2.43.2.tar.sign) = 3cd649b30f859645bd355a01a06f4bda363b7189be4b2ce492f2b258b618a10fdf40ef3d9cfa852594f594c67fec1f29db91cb29c20f5f97057a835cefba5253 From 59c96e058b9d18cdc293a035d369d5ab3847337b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= Date: Mon, 26 Feb 2024 09:50:12 +0100 Subject: [PATCH 081/113] update to 2.44.0 --- git.spec | 5 ++++- sources | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/git.spec b/git.spec index df05f4a..6543f5c 100644 --- a/git.spec +++ b/git.spec @@ -77,7 +77,7 @@ %global _package_note_file %{_builddir}/%{name}-%{real_version}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git -Version: 2.43.2 +Version: 2.44.0 Release: 1%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT @@ -1045,6 +1045,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Mon Feb 26 2024 Ondřej Pohořelský - 2.44.0-1 +- update to 2.44.0 + * Thu Feb 15 2024 Ondřej Pohořelský - 2.43.2-1 - update to 2.43.2 - Resolves: #2264318 diff --git a/sources b/sources index e229798..9aeba57 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.43.2.tar.xz) = 0d95b8ac65bd76acb60c3b4d80242aeda8b2ab3dda7c8586ce46cc1ddedc000494b45fd269295033b82f38662cde08d366c63aa3ff39030500952342c9d3b280 -SHA512 (git-2.43.2.tar.sign) = 3cd649b30f859645bd355a01a06f4bda363b7189be4b2ce492f2b258b618a10fdf40ef3d9cfa852594f594c67fec1f29db91cb29c20f5f97057a835cefba5253 +SHA512 (git-2.44.0.tar.sign) = 2b7284d1aaf29ead52e671a1c3574176f8a1682e96753b1cb02e94b7fd6ed69390862143ff59ab6badfc4e22c799c98a92f1ac565d304c1d141c7c56700177d1 +SHA512 (git-2.44.0.tar.xz) = 9e4b9c8a8e28cd50c0db75a93eae8a3423aa7e51c4312af1e1cdaf408e93f306c23aa747f0a97f27c11ab0e2f5e6283e52c8b61c9fe6be5b9b18673a43ce1780 From db55f698a08efca823f8ee8e88fb218c54f2eb52 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= Date: Tue, 30 Apr 2024 17:15:29 +0200 Subject: [PATCH 082/113] update to 2.45.0 --- git.spec | 12 ++++-------- sources | 4 ++-- 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/git.spec b/git.spec index 6543f5c..675a15c 100644 --- a/git.spec +++ b/git.spec @@ -77,7 +77,7 @@ %global _package_note_file %{_builddir}/%{name}-%{real_version}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git -Version: 2.44.0 +Version: 2.45.0 Release: 1%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT @@ -639,13 +639,6 @@ rm -rf contrib/fast-import/import-zips.py %endif # endif with python2 -# Use python3 to avoid an unnecessary python2 dependency, if possible. -%if %{with python3} -sed -i -e '1s@#!\( */usr/bin/env python\|%{__python2}\)$@#!%{__python3}@' \ - contrib/hg-to-git/hg-to-git.py -%endif -# endif with python3 - %install %make_install %{?with_docs:install-doc} @@ -1045,6 +1038,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Tue Apr 30 2024 Ondřej Pohořelský - 2.45.0-1 +- update to 2.45.0 + * Mon Feb 26 2024 Ondřej Pohořelský - 2.44.0-1 - update to 2.44.0 diff --git a/sources b/sources index 9aeba57..0967862 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.44.0.tar.sign) = 2b7284d1aaf29ead52e671a1c3574176f8a1682e96753b1cb02e94b7fd6ed69390862143ff59ab6badfc4e22c799c98a92f1ac565d304c1d141c7c56700177d1 -SHA512 (git-2.44.0.tar.xz) = 9e4b9c8a8e28cd50c0db75a93eae8a3423aa7e51c4312af1e1cdaf408e93f306c23aa747f0a97f27c11ab0e2f5e6283e52c8b61c9fe6be5b9b18673a43ce1780 +SHA512 (git-2.45.0.tar.xz) = 36d438bf9a57dee8fe0536c90cb25d53c552e9f80e7575447d1d2af30cadab08522356f4ecd0f69b7877d5a7f84ab3b9766d8386beae57fe8d411d05d70db214 +SHA512 (git-2.45.0.tar.sign) = 8d4fdcb88355bf7511c8822e367e692514298deb99a2734b71b2754a551c76ab3aa788d5f24475c3177dafca6ce05325535c7d354c3aa82d3322bb718ccbaec4 From 18e0835469dba60ab7fc91cb77917f93a1b37e0f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= Date: Wed, 15 May 2024 09:29:45 +0200 Subject: [PATCH 083/113] update to 2.45.1 --- git.spec | 5 ++++- sources | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/git.spec b/git.spec index 675a15c..130471c 100644 --- a/git.spec +++ b/git.spec @@ -77,7 +77,7 @@ %global _package_note_file %{_builddir}/%{name}-%{real_version}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git -Version: 2.45.0 +Version: 2.45.1 Release: 1%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT @@ -1038,6 +1038,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Wed May 15 2024 Ondřej Pohořelský - 2.45.1-1 +- update to 2.45.1 + * Tue Apr 30 2024 Ondřej Pohořelský - 2.45.0-1 - update to 2.45.0 diff --git a/sources b/sources index 0967862..14c4fec 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.45.0.tar.xz) = 36d438bf9a57dee8fe0536c90cb25d53c552e9f80e7575447d1d2af30cadab08522356f4ecd0f69b7877d5a7f84ab3b9766d8386beae57fe8d411d05d70db214 -SHA512 (git-2.45.0.tar.sign) = 8d4fdcb88355bf7511c8822e367e692514298deb99a2734b71b2754a551c76ab3aa788d5f24475c3177dafca6ce05325535c7d354c3aa82d3322bb718ccbaec4 +SHA512 (git-2.45.1.tar.xz) = 28461855e03f3dd5af73a1c6d26cc3e2b7b71f5eb90852f1daf582d24503b4dd5c4e4dac359e9eba1c2ba542aeb0940e0482506f19d02a354654b181c56c5317 +SHA512 (git-2.45.1.tar.sign) = cec39b09cdd3c2a2b6e0c115773492771cfb50b8054479fbc8d6b7dd798b82160d0d0cf5ba58c6c21c23ceb459cae75ec7081a99c6681d76505a21f851ee123d From 05522a0e2aa48c525fc9bdabc3bbd0bf279dc711 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= Date: Mon, 3 Jun 2024 12:50:14 +0200 Subject: [PATCH 084/113] update to 2.45.2 --- git.spec | 5 ++++- sources | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/git.spec b/git.spec index 130471c..4c68148 100644 --- a/git.spec +++ b/git.spec @@ -77,7 +77,7 @@ %global _package_note_file %{_builddir}/%{name}-%{real_version}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git -Version: 2.45.1 +Version: 2.45.2 Release: 1%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT @@ -1038,6 +1038,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Mon Jun 03 2024 Ondřej Pohořelský - 2.45.2-1 +- update to 2.45.2 + * Wed May 15 2024 Ondřej Pohořelský - 2.45.1-1 - update to 2.45.1 diff --git a/sources b/sources index 14c4fec..59bae85 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.45.1.tar.xz) = 28461855e03f3dd5af73a1c6d26cc3e2b7b71f5eb90852f1daf582d24503b4dd5c4e4dac359e9eba1c2ba542aeb0940e0482506f19d02a354654b181c56c5317 -SHA512 (git-2.45.1.tar.sign) = cec39b09cdd3c2a2b6e0c115773492771cfb50b8054479fbc8d6b7dd798b82160d0d0cf5ba58c6c21c23ceb459cae75ec7081a99c6681d76505a21f851ee123d +SHA512 (git-2.45.2.tar.xz) = dce30d0d563f3f76ef49c8dc88105e0cf0941c8cd70303418d9d737f840ffba36bcc575c380c75080edf64af74487e1a680db146ec5f527a32104e887d4ceb73 +SHA512 (git-2.45.2.tar.sign) = 331ba231f1d042ad41b30d81225fc31c47bc38dfb2995156353a97cd66f0a0c4d86d228e85dfca0926761b19d2e37e5f273b3bbddbca3e1c1ae3c999401fe7bd From 9f89b9e0690f91aedf40fea29b518d1d7f071660 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= Date: Mon, 3 Jun 2024 15:40:55 +0200 Subject: [PATCH 085/113] add glibc-utils BuildRequires --- git.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/git.spec b/git.spec index 4c68148..fe93858 100644 --- a/git.spec +++ b/git.spec @@ -78,7 +78,7 @@ Name: git Version: 2.45.2 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT URL: https://git-scm.com/ @@ -163,6 +163,7 @@ BuildRequires: findutils BuildRequires: gawk BuildRequires: gcc BuildRequires: gettext +BuildRequires: glibc-utils BuildRequires: gnupg2 BuildRequires: libcurl-devel BuildRequires: make @@ -1038,6 +1039,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Mon Jun 03 2024 Ondřej Pohořelský - 2.45.2-2 +- add glibc-utils BuildRequires + * Mon Jun 03 2024 Ondřej Pohořelský - 2.45.2-1 - update to 2.45.2 From 2041c470244ddedba91683bf6129b329d89750de Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= Date: Mon, 1 Jul 2024 16:27:09 +0200 Subject: [PATCH 086/113] build documentation with asciidoc on EL >= 10 --- git.spec | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/git.spec b/git.spec index fe93858..089b31e 100644 --- a/git.spec +++ b/git.spec @@ -21,8 +21,9 @@ %bcond_without perl_modcompat %endif -# Settings for Fedora and EL >= 9 -%if 0%{?fedora} || 0%{?rhel} >= 9 +# Settings for Fedora and EL == 9 +# In EL >= 10 docbook5-style-xsl, needed by asciidoctor, is unwanted package +%if 0%{?fedora} || 0%{?rhel} == 9 %bcond_without asciidoctor %else %bcond_with asciidoctor From e49fa1c239e06722402884a6360214601b1a1830 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= Date: Mon, 1 Jul 2024 16:30:22 +0200 Subject: [PATCH 087/113] disable p4 subpackage on EL >= 10 --- git.spec | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/git.spec b/git.spec index 089b31e..afd0f45 100644 --- a/git.spec +++ b/git.spec @@ -59,11 +59,11 @@ %bcond_without libsecret # Allow p4 subpackage to be toggled via --with/--without -# Disable by default if we lack python2 or python3 support -%if %{with python2} || %{with python3} -%bcond_without p4 -%else +# Disable p4 package by default on EL >= 10 +%if 0%{?rhel} >= 10 %bcond_with p4 +%else +%bcond_without p4 %endif # Hardening flags for EL-7 From 624305e5bea78b1f46f346740bb79fab453227a7 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 18 Jul 2024 02:23:37 +0000 Subject: [PATCH 088/113] Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild --- git.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/git.spec b/git.spec index afd0f45..143492a 100644 --- a/git.spec +++ b/git.spec @@ -79,7 +79,7 @@ Name: git Version: 2.45.2 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT URL: https://git-scm.com/ @@ -1040,6 +1040,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Thu Jul 18 2024 Fedora Release Engineering - 2.45.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + * Mon Jun 03 2024 Ondřej Pohořelský - 2.45.2-2 - add glibc-utils BuildRequires From 699e77dbcbef16243c738803a83db2aa0a75f84c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= Date: Fri, 19 Jul 2024 09:29:31 +0200 Subject: [PATCH 089/113] build without perl_modcompat in EL >= 10 --- git.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/git.spec b/git.spec index 143492a..b461992 100644 --- a/git.spec +++ b/git.spec @@ -14,8 +14,8 @@ %bcond_with linkcheck %endif -# Settings for Fedora >= 38 -%if 0%{?fedora} >= 38 +# Settings for Fedora >= 38 and EL >= 10 +%if 0%{?fedora} >= 38 || 0%{?rhel} >= 10 %bcond_with perl_modcompat %else %bcond_without perl_modcompat From 0a0995368db3115d9ac362a226af2cc352e8de07 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= Date: Mon, 5 Aug 2024 12:52:46 +0200 Subject: [PATCH 090/113] update to 2.46.0 --- git.spec | 7 +++++-- sources | 4 ++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/git.spec b/git.spec index b461992..4b74e3d 100644 --- a/git.spec +++ b/git.spec @@ -78,8 +78,8 @@ %global _package_note_file %{_builddir}/%{name}-%{real_version}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git -Version: 2.45.2 -Release: 3%{?dist} +Version: 2.46.0 +Release: 1%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT URL: https://git-scm.com/ @@ -1040,6 +1040,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Mon Aug 05 2024 Ondřej Pohořelský - 2.46.0-1 +- update to 2.46.0 + * Thu Jul 18 2024 Fedora Release Engineering - 2.45.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild diff --git a/sources b/sources index 59bae85..3f497c7 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.45.2.tar.xz) = dce30d0d563f3f76ef49c8dc88105e0cf0941c8cd70303418d9d737f840ffba36bcc575c380c75080edf64af74487e1a680db146ec5f527a32104e887d4ceb73 -SHA512 (git-2.45.2.tar.sign) = 331ba231f1d042ad41b30d81225fc31c47bc38dfb2995156353a97cd66f0a0c4d86d228e85dfca0926761b19d2e37e5f273b3bbddbca3e1c1ae3c999401fe7bd +SHA512 (git-2.46.0.tar.xz) = 3afae7a094da070c627f68ceb54c2345e3a49e04e455197527b732eb220e8c3249f5d09655a59bf4280dd0c0a3e305abc1380693e0a7fb0b8138b741c4708184 +SHA512 (git-2.46.0.tar.sign) = 912d88ec3a7e58b1b7755b6d9fd26fca39f47d98e0bcba59140cdb05f873dadbdaeb54b5f748f95f95a2cc6db9a892864b8b6331a4fe009d3b6142bafd23ab22 From fe2066bbb4522200127da9c88505cc9414634f12 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= Date: Wed, 4 Sep 2024 10:42:06 +0200 Subject: [PATCH 091/113] mark git@.service as config(noreplace) Each update git@.service has been overwritten, removing users custom configurations. Marking it as config(noreplace) should prevent this behaviour. --- git.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/git.spec b/git.spec index 4b74e3d..d683222 100644 --- a/git.spec +++ b/git.spec @@ -964,7 +964,7 @@ rmdir --ignore-fail-on-non-empty "$testdir" %files daemon %{_pkgdocdir}/git-daemon*.txt %{_unitdir}/git.socket -%{_unitdir}/git@.service +%config(noreplace) %{_unitdir}/git@.service %{gitexecdir}/git-daemon %{_localstatedir}/lib/git %{?with_docs:%{_mandir}/man1/git-daemon*.1*} From 8cb6752747878844176c7fc8663ca534a2bb716e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= Date: Mon, 16 Sep 2024 11:12:46 +0200 Subject: [PATCH 092/113] update to 2.46.1 --- git.spec | 5 ++++- sources | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/git.spec b/git.spec index d683222..4b1bb37 100644 --- a/git.spec +++ b/git.spec @@ -78,7 +78,7 @@ %global _package_note_file %{_builddir}/%{name}-%{real_version}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git -Version: 2.46.0 +Version: 2.46.1 Release: 1%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT @@ -1040,6 +1040,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Mon Sep 16 2024 Ondřej Pohořelský - 2.46.1-1 +- update to 2.46.1 + * Mon Aug 05 2024 Ondřej Pohořelský - 2.46.0-1 - update to 2.46.0 diff --git a/sources b/sources index 3f497c7..5ca6946 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.46.0.tar.xz) = 3afae7a094da070c627f68ceb54c2345e3a49e04e455197527b732eb220e8c3249f5d09655a59bf4280dd0c0a3e305abc1380693e0a7fb0b8138b741c4708184 -SHA512 (git-2.46.0.tar.sign) = 912d88ec3a7e58b1b7755b6d9fd26fca39f47d98e0bcba59140cdb05f873dadbdaeb54b5f748f95f95a2cc6db9a892864b8b6331a4fe009d3b6142bafd23ab22 +SHA512 (git-2.46.1.tar.xz) = ce1bb12cb8a320e4ef261d4715dc2144207f31cfe13b2b62cebfc9e61880db79876a634e29cf42992d4f472ce0af709f48f14c7ba800f157876f19982720fc6d +SHA512 (git-2.46.1.tar.sign) = 5d995dec6b9bed8442ebf04c2c84f6cda22105992835349537e8f7d2c683f5cd07f6b49f452ccdcd8adce9879cdb3663540d0b0e41050d3e94405feac04f988c From b7b63fdc8b0b15fef10f2b4100b1175f3e782536 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= Date: Tue, 24 Sep 2024 14:31:26 +0200 Subject: [PATCH 093/113] update to 2.46.2 --- git.spec | 5 ++++- sources | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/git.spec b/git.spec index 4b1bb37..2fc3dbf 100644 --- a/git.spec +++ b/git.spec @@ -78,7 +78,7 @@ %global _package_note_file %{_builddir}/%{name}-%{real_version}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git -Version: 2.46.1 +Version: 2.46.2 Release: 1%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT @@ -1040,6 +1040,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Mon Sep 24 2024 Ondřej Pohořelský - 2.46.2-1 +- update to 2.46.2 + * Mon Sep 16 2024 Ondřej Pohořelský - 2.46.1-1 - update to 2.46.1 diff --git a/sources b/sources index 5ca6946..8cb35b7 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.46.1.tar.xz) = ce1bb12cb8a320e4ef261d4715dc2144207f31cfe13b2b62cebfc9e61880db79876a634e29cf42992d4f472ce0af709f48f14c7ba800f157876f19982720fc6d -SHA512 (git-2.46.1.tar.sign) = 5d995dec6b9bed8442ebf04c2c84f6cda22105992835349537e8f7d2c683f5cd07f6b49f452ccdcd8adce9879cdb3663540d0b0e41050d3e94405feac04f988c +SHA512 (git-2.46.2.tar.xz) = d8d1cec9a4ddc7b1892b7f5b3c808d235bcd4bfb1714ce0ce0e721242acc94f9ae7c2ae3181311feb5b458b04e89cd32acd3e9c90adbc4e86e05e7d5589d8a00 +SHA512 (git-2.46.2.tar.sign) = 2a20c490d1388b68b0c6def89a282ce198aff5991b0942e762f45bd51bca2b81353f648546e789a15ea141f9ea411e6ce025e84e9dc80e5fea8abc3a5af2b168 From 2354ed404127937eb64df75d2e178d59d81f6b71 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= Date: Tue, 24 Sep 2024 14:34:39 +0200 Subject: [PATCH 094/113] repair bogus date in the changelog --- git.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/git.spec b/git.spec index 2fc3dbf..54a7178 100644 --- a/git.spec +++ b/git.spec @@ -1040,7 +1040,7 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog -* Mon Sep 24 2024 Ondřej Pohořelský - 2.46.2-1 +* Tue Sep 24 2024 Ondřej Pohořelský - 2.46.2-1 - update to 2.46.2 * Mon Sep 16 2024 Ondřej Pohořelský - 2.46.1-1 From d4d986abeb8d45c7a783a5c356b87aaaad8775ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= Date: Tue, 8 Oct 2024 15:19:07 +0200 Subject: [PATCH 095/113] update to 2.47.0 --- git.spec | 5 ++++- sources | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/git.spec b/git.spec index 54a7178..f5bd722 100644 --- a/git.spec +++ b/git.spec @@ -78,7 +78,7 @@ %global _package_note_file %{_builddir}/%{name}-%{real_version}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git -Version: 2.46.2 +Version: 2.47.0 Release: 1%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT @@ -1040,6 +1040,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Tue Oct 08 2024 Ondřej Pohořelský - 2.47.0-1 +- update to 2.47.0 + * Tue Sep 24 2024 Ondřej Pohořelský - 2.46.2-1 - update to 2.46.2 diff --git a/sources b/sources index 8cb35b7..13958fb 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.46.2.tar.xz) = d8d1cec9a4ddc7b1892b7f5b3c808d235bcd4bfb1714ce0ce0e721242acc94f9ae7c2ae3181311feb5b458b04e89cd32acd3e9c90adbc4e86e05e7d5589d8a00 -SHA512 (git-2.46.2.tar.sign) = 2a20c490d1388b68b0c6def89a282ce198aff5991b0942e762f45bd51bca2b81353f648546e789a15ea141f9ea411e6ce025e84e9dc80e5fea8abc3a5af2b168 +SHA512 (git-2.47.0.tar.xz) = 58683aa59dba25ffec9fe2c185267c77b34d573e9738c133a15d25071e37095e99486c231c35b8f71aabe3c1e305238b56d2c10039318bfc08f137919bad66ec +SHA512 (git-2.47.0.tar.sign) = 7ccfe729598d3efd5cf1507c5132782f4e17d030745b4684284e691156cfe150d8911fa05f26d31382f505c6a4fbc1cc261e289e239ec9cc812ddfe20d026511 From d4648b15beafd12dd8b7dbf1628df678dbfd5b63 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= Date: Mon, 25 Nov 2024 10:53:34 +0100 Subject: [PATCH 096/113] update to 2.47.1 --- git.spec | 5 ++++- sources | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/git.spec b/git.spec index f5bd722..0ab9995 100644 --- a/git.spec +++ b/git.spec @@ -78,7 +78,7 @@ %global _package_note_file %{_builddir}/%{name}-%{real_version}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git -Version: 2.47.0 +Version: 2.47.1 Release: 1%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT @@ -1040,6 +1040,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Mon Nov 25 2024 Ondřej Pohořelský - 2.47.1-1 +- update to 2.47.1 + * Tue Oct 08 2024 Ondřej Pohořelský - 2.47.0-1 - update to 2.47.0 diff --git a/sources b/sources index 13958fb..0d04741 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.47.0.tar.xz) = 58683aa59dba25ffec9fe2c185267c77b34d573e9738c133a15d25071e37095e99486c231c35b8f71aabe3c1e305238b56d2c10039318bfc08f137919bad66ec -SHA512 (git-2.47.0.tar.sign) = 7ccfe729598d3efd5cf1507c5132782f4e17d030745b4684284e691156cfe150d8911fa05f26d31382f505c6a4fbc1cc261e289e239ec9cc812ddfe20d026511 +SHA512 (git-2.47.1.tar.xz) = 6abe551c464b307bc3f6f474257e0be3e1a9eba1406af6463216b796c55a35356009c2f7bd9b4fa2d1798da5f885a3843f6ad8750ab69595f748f9ea8ed76fea +SHA512 (git-2.47.1.tar.sign) = 89557b00303ce7ea063e4bbe8a81827c44ffaf997ae5a5bd1db6f671b10fd1050069bf74a10d797ec6f65453b9839e34fdc69f029bc8a6cfb8e9918fad8eda1a From 0b1ce8c0dca90be273be2be92c6a85de046efd4d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= Date: Mon, 13 Jan 2025 13:25:40 +0100 Subject: [PATCH 097/113] update to 2.48.0 --- git.spec | 5 ++++- sources | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/git.spec b/git.spec index 0ab9995..7fd9b94 100644 --- a/git.spec +++ b/git.spec @@ -78,7 +78,7 @@ %global _package_note_file %{_builddir}/%{name}-%{real_version}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git -Version: 2.47.1 +Version: 2.48.0 Release: 1%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT @@ -1040,6 +1040,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Mon Jan 13 2025 Ondřej Pohořelský - 2.48.0-1 +- update to 2.48.0 + * Mon Nov 25 2024 Ondřej Pohořelský - 2.47.1-1 - update to 2.47.1 diff --git a/sources b/sources index 0d04741..ea10ecb 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.47.1.tar.xz) = 6abe551c464b307bc3f6f474257e0be3e1a9eba1406af6463216b796c55a35356009c2f7bd9b4fa2d1798da5f885a3843f6ad8750ab69595f748f9ea8ed76fea -SHA512 (git-2.47.1.tar.sign) = 89557b00303ce7ea063e4bbe8a81827c44ffaf997ae5a5bd1db6f671b10fd1050069bf74a10d797ec6f65453b9839e34fdc69f029bc8a6cfb8e9918fad8eda1a +SHA512 (git-2.48.0.tar.xz) = 0b8b6633d65f20830577a073a78f13cedf4f43c8634d5d62918cddca9ca8b75519e6674307782e0eacb9e8e920a04014aa2a0f5cd2e75be06728e9160f794c9e +SHA512 (git-2.48.0.tar.sign) = 1840a7b7a53997b78b932aecfca031e0a6f7779957b0bceba772738bdbf0ac75bc9a9bc8808beb63b446262a33e404819a9859d68aa45b23b498351b27a8514d From 078a91e01a4b273c7b7b63f93285f18b672fba3d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= Date: Wed, 15 Jan 2025 09:29:00 +0100 Subject: [PATCH 098/113] update to 2.48.1 --- git.spec | 5 ++++- sources | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/git.spec b/git.spec index 7fd9b94..5e6c4d6 100644 --- a/git.spec +++ b/git.spec @@ -78,7 +78,7 @@ %global _package_note_file %{_builddir}/%{name}-%{real_version}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git -Version: 2.48.0 +Version: 2.48.1 Release: 1%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT @@ -1040,6 +1040,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Wed Jan 15 2025 Ondřej Pohořelský - 2.48.1-1 +- update to 2.48.1 + * Mon Jan 13 2025 Ondřej Pohořelský - 2.48.0-1 - update to 2.48.0 diff --git a/sources b/sources index ea10ecb..d6bf8a9 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.48.0.tar.xz) = 0b8b6633d65f20830577a073a78f13cedf4f43c8634d5d62918cddca9ca8b75519e6674307782e0eacb9e8e920a04014aa2a0f5cd2e75be06728e9160f794c9e -SHA512 (git-2.48.0.tar.sign) = 1840a7b7a53997b78b932aecfca031e0a6f7779957b0bceba772738bdbf0ac75bc9a9bc8808beb63b446262a33e404819a9859d68aa45b23b498351b27a8514d +SHA512 (git-2.48.1.tar.xz) = 75c89ab4ca83adc46989a4b05a9b482b40a7ba69d15aa1c1f27d0cee37c2908e154a75d59b0a0a540647352b9c55020f1a5ad309f0eff78e9fd8e631ef9e4606 +SHA512 (git-2.48.1.tar.sign) = 6d2308a71970940288137df76122ac402d1e5fdd2250fce5e6d4681d68b630bcfc109e56e4539598c6b5113024c78a25193d3b8d38c39ee547a37c1d8b2f4d15 From ecbadc14c1efef1a71c7bc0f49c8c2089dbcd28f Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 16 Jan 2025 22:01:51 +0000 Subject: [PATCH 099/113] Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild --- git.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/git.spec b/git.spec index 5e6c4d6..01250b4 100644 --- a/git.spec +++ b/git.spec @@ -79,7 +79,7 @@ Name: git Version: 2.48.1 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT URL: https://git-scm.com/ @@ -1040,6 +1040,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Thu Jan 16 2025 Fedora Release Engineering - 2.48.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild + * Wed Jan 15 2025 Ondřej Pohořelský - 2.48.1-1 - update to 2.48.1 From 716550b90ac02764311b615f80b9af6cbb821f43 Mon Sep 17 00:00:00 2001 From: Yanko Kaneti Date: Wed, 5 Feb 2025 17:10:11 +0200 Subject: [PATCH 100/113] Keep gitk on tcl/tk 8.x until its ready for 9 --- git.spec | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/git.spec b/git.spec index 01250b4..b3c5c65 100644 --- a/git.spec +++ b/git.spec @@ -79,7 +79,7 @@ Name: git Version: 2.48.1 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT URL: https://git-scm.com/ @@ -429,7 +429,9 @@ Summary: Git repository browser BuildArch: noarch Requires: git = %{version}-%{release} Requires: git-gui = %{version}-%{release} -Requires: tk >= 8.4 +# Keep gitk on tcl/tk 8.x until its ready for 9 (also see below in config.mk) +# https://github.com/j6t/gitk/issues/5 +Requires: tk8 >= 8.4 %description -n gitk %{summary}. @@ -587,6 +589,10 @@ gitwebdir = %{_localstatedir}/www/git DEFAULT_TEST_TARGET = prove GIT_PROVE_OPTS = --verbose --normalize %{?_smp_mflags} --formatter=TAP::Formatter::File GIT_TEST_OPTS = -x --verbose-log + +# Keep gitk on tcl/tk 8.x until its ready for 9 (see more above in gitk requires) +TCLTK_PATH = wish8 +TCL_PATH = tclsh8 EOF # Filter bogus perl requires @@ -1040,6 +1046,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Thu Feb 6 2025 Yanko Kaneti - 2.48.1-3 +- Keep gitk on tcl/tk 8.x until its ready for 9 + * Thu Jan 16 2025 Fedora Release Engineering - 2.48.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild From 9a2fecfe2e676dc896cb02242d9b29b5643ce460 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= Date: Mon, 17 Mar 2025 15:37:51 +0100 Subject: [PATCH 101/113] update to 2.49.0 --- git.spec | 45 +++++++++++++++++++++++++++++---------------- sources | 4 ++-- 2 files changed, 31 insertions(+), 18 deletions(-) diff --git a/git.spec b/git.spec index b3c5c65..b19d845 100644 --- a/git.spec +++ b/git.spec @@ -78,8 +78,8 @@ %global _package_note_file %{_builddir}/%{name}-%{real_version}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git -Version: 2.48.1 -Release: 3%{?dist} +Version: 2.49.0 +Release: 1%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT URL: https://git-scm.com/ @@ -538,7 +538,7 @@ install -p -m 755 %{SOURCE99} print-failed-test-output # Remove git-archimport sed -i '/^SCRIPT_PERL += git-archimport\.perl$/d' Makefile sed -i '/^git-archimport/d' command-list.txt -rm git-archimport.perl Documentation/git-archimport.txt +rm git-archimport.perl Documentation/git-archimport.adoc %if %{without cvs} # Remove git-cvs* from command list @@ -615,7 +615,7 @@ sed -i 's@"++GITWEB_HOME_LINK_STR++"@$ENV{"SERVER_NAME"} ? "git://" . $ENV{"SERV # Move contrib/{contacts,subtree} docs to Documentation so they build with the # proper asciidoc/docbook/xmlto options -mv contrib/{contacts,subtree}/git-*.txt Documentation/ +mv contrib/{contacts,subtree}/git-*.adoc Documentation/ %build # Improve build reproducibility @@ -782,7 +782,7 @@ grep -E "$not_core_re" bin-man-doc-files > bin-man-doc-git-files # contrib not_core_doc_re="(git-(cvs|gui|citool|daemon|instaweb|subtree))|p4|svn|email|gitk|gitweb" mkdir -p %{buildroot}%{_pkgdocdir}/ -cp -pr CODE_OF_CONDUCT.md README.md Documentation/*.txt Documentation/RelNotes contrib %{buildroot}%{_pkgdocdir}/ +cp -pr CODE_OF_CONDUCT.md README.md Documentation/*.adoc Documentation/RelNotes contrib %{buildroot}%{_pkgdocdir}/ # Remove contrib/ files/dirs which have nothing useful for documentation rm -rf %{buildroot}%{_pkgdocdir}/contrib/{contacts,credential}/ cp -p gitweb/INSTALL %{buildroot}%{_pkgdocdir}/INSTALL.gitweb @@ -874,6 +874,16 @@ GIT_SKIP_TESTS="$GIT_SKIP_TESTS t5300.1[02348] t5300.2[03459] t5300.30 t5300.4[5 %endif # endif rhel == 8 && arch == s390x +%if "%{_arch}" == "s390x" +# Skip tests which fail on s390x +# +# The following tests are failing on s390x. +# https://lore.kernel.org/git/Z8dIZmscTdi8dZAY@teonanacatl.net/ +# +# t5620.4 'do partial clone 2, backfill min batch size' +GIT_SKIP_TESTS="$GIT_SKIP_TESTS t5620.4" +%endif +# endif "%{_arch}" == "s390x" export GIT_SKIP_TESTS # Set LANG so various UTF-8 tests are run @@ -959,7 +969,7 @@ rmdir --ignore-fail-on-non-empty "$testdir" %if %{with cvs} %files cvs -%{_pkgdocdir}/*git-cvs*.txt +%{_pkgdocdir}/*git-cvs*.adoc %{_bindir}/git-cvsserver %{gitexecdir}/*cvs* %{?with_docs:%{_mandir}/man1/*cvs*.1*} @@ -968,7 +978,7 @@ rmdir --ignore-fail-on-non-empty "$testdir" # endif with cvs %files daemon -%{_pkgdocdir}/git-daemon*.txt +%{_pkgdocdir}/git-daemon*.adoc %{_unitdir}/git.socket %config(noreplace) %{_unitdir}/git@.service %{gitexecdir}/git-daemon @@ -977,13 +987,13 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-daemon*.html} %files email -%{_pkgdocdir}/*email*.txt +%{_pkgdocdir}/*email*.adoc %{gitexecdir}/*email* %{?with_docs:%{_mandir}/man1/*email*.1*} %{?with_docs:%{_pkgdocdir}/*email*.html} %files -n gitk -%{_pkgdocdir}/*gitk*.txt +%{_pkgdocdir}/*gitk*.adoc %{_bindir}/*gitk* %{_datadir}/gitk %{bash_completions_dir}/gitk @@ -992,7 +1002,7 @@ rmdir --ignore-fail-on-non-empty "$testdir" %files -n gitweb %{_pkgdocdir}/*.gitweb -%{_pkgdocdir}/gitweb*.txt +%{_pkgdocdir}/gitweb*.adoc %{?with_docs:%{_mandir}/man1/gitweb.1*} %{?with_docs:%{_mandir}/man5/gitweb.conf.5*} %{?with_docs:%{_pkgdocdir}/gitweb*.html} @@ -1005,8 +1015,8 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{gitexecdir}/git-citool %{_datadir}/applications/*git-gui.desktop %{_datadir}/git-gui/ -%{_pkgdocdir}/git-gui.txt -%{_pkgdocdir}/git-citool.txt +%{_pkgdocdir}/git-gui.adoc +%{_pkgdocdir}/git-citool.adoc %{?with_docs:%{_mandir}/man1/git-gui.1*} %{?with_docs:%{_pkgdocdir}/git-gui.html} %{?with_docs:%{_mandir}/man1/git-citool.1*} @@ -1014,7 +1024,7 @@ rmdir --ignore-fail-on-non-empty "$testdir" %files instaweb %{gitexecdir}/git-instaweb -%{_pkgdocdir}/git-instaweb.txt +%{_pkgdocdir}/git-instaweb.adoc %{?with_docs:%{_mandir}/man1/git-instaweb.1*} %{?with_docs:%{_pkgdocdir}/git-instaweb.html} @@ -1022,7 +1032,7 @@ rmdir --ignore-fail-on-non-empty "$testdir" %files p4 %{gitexecdir}/*p4* %{gitexecdir}/mergetools/p4merge -%{_pkgdocdir}/*p4*.txt +%{_pkgdocdir}/*p4*.adoc %{?with_docs:%{_mandir}/man1/*p4*.1*} %{?with_docs:%{_pkgdocdir}/*p4*.html} %endif @@ -1035,17 +1045,20 @@ rmdir --ignore-fail-on-non-empty "$testdir" %files subtree %{gitexecdir}/git-subtree -%{_pkgdocdir}/git-subtree.txt +%{_pkgdocdir}/git-subtree.adoc %{?with_docs:%{_mandir}/man1/git-subtree.1*} %{?with_docs:%{_pkgdocdir}/git-subtree.html} %files svn %{gitexecdir}/git-svn -%{_pkgdocdir}/git-svn.txt +%{_pkgdocdir}/git-svn.adoc %{?with_docs:%{_mandir}/man1/git-svn.1*} %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Mon Mar 17 2025 Ondřej Pohořelský - 2.49.0-1 +- update to 2.49.0 + * Thu Feb 6 2025 Yanko Kaneti - 2.48.1-3 - Keep gitk on tcl/tk 8.x until its ready for 9 diff --git a/sources b/sources index d6bf8a9..25bd2d3 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.48.1.tar.xz) = 75c89ab4ca83adc46989a4b05a9b482b40a7ba69d15aa1c1f27d0cee37c2908e154a75d59b0a0a540647352b9c55020f1a5ad309f0eff78e9fd8e631ef9e4606 -SHA512 (git-2.48.1.tar.sign) = 6d2308a71970940288137df76122ac402d1e5fdd2250fce5e6d4681d68b630bcfc109e56e4539598c6b5113024c78a25193d3b8d38c39ee547a37c1d8b2f4d15 +SHA512 (git-2.49.0.tar.xz) = 81a16415890305fc6cfd14ade8bee76779feba01f51c5446f40c14211654342c68ef0911859fa6e8e9ff0a718847bb44ee4156d03a19c9165df19ba91e09e1f0 +SHA512 (git-2.49.0.tar.sign) = e956f83ee0973295ec608aa6ab1df11992d8fc10f1702a0cdbf849f7659d94666fe714f60a7b4aeeed064bc49e1345791e3d8b0a867c075544eb48f01b84fd27 From a0b3d1a02bfce4c9462e90e3c093b81dbbdd9e81 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= Date: Mon, 24 Mar 2025 11:47:14 +0100 Subject: [PATCH 102/113] Adds the option to sanitize sideband channel messages CVE-2024-52005 wasn't fixed by upstream. This patch adds the option to harden Git against it. The default behaviour of Git remains unchanged. --- ...9-sanitize-sideband-channel-messages.patch | 471 ++++++++++++++++++ git.spec | 12 +- 2 files changed, 482 insertions(+), 1 deletion(-) create mode 100644 git-2.49-sanitize-sideband-channel-messages.patch diff --git a/git-2.49-sanitize-sideband-channel-messages.patch b/git-2.49-sanitize-sideband-channel-messages.patch new file mode 100644 index 0000000..f3be95a --- /dev/null +++ b/git-2.49-sanitize-sideband-channel-messages.patch @@ -0,0 +1,471 @@ +From 328ff864183cdd0a4b779b5b88a3271b39a1b1a2 Mon Sep 17 00:00:00 2001 +From: Johannes Schindelin +Date: Wed, 6 Nov 2024 20:34:50 +0100 +Subject: [PATCH 1/4] sideband: mask control characters + +The output of `git clone` is a vital component for understanding what +has happened when things go wrong. However, these logs are partially +under the control of the remote server (via the "sideband", which +typically contains what the remote `git pack-objects` process sends to +`stderr`), and is currently not sanitized by Git. + +This makes Git susceptible to ANSI escape sequence injection (see +CWE-150, https://cwe.mitre.org/data/definitions/150.html), which allows +attackers to corrupt terminal state, to hide information, and even to +insert characters into the input buffer (i.e. as if the user had typed +those characters). + +To plug this vulnerability, disallow any control character in the +sideband, replacing them instead with the common `^` +(e.g. `^[` for `\x1b`, `^A` for `\x01`). + +There is likely a need for more fine-grained controls instead of using a +"heavy hammer" like this, which will be introduced subsequently. + +Signed-off-by: Johannes Schindelin +--- + sideband.c | 17 +++++++++++++++-- + t/t5409-colorize-remote-messages.sh | 12 ++++++++++++ + 2 files changed, 27 insertions(+), 2 deletions(-) + +diff --git a/sideband.c b/sideband.c +index 251e9615ed..81b1ff0805 100644 +--- a/sideband.c ++++ b/sideband.c +@@ -66,6 +66,19 @@ void list_config_color_sideband_slots(struct string_list *list, const char *pref + list_config_item(list, prefix, keywords[i].keyword); + } + ++static void strbuf_add_sanitized(struct strbuf *dest, const char *src, int n) ++{ ++ strbuf_grow(dest, n); ++ for (; n && *src; src++, n--) { ++ if (!iscntrl(*src) || *src == '\t' || *src == '\n') ++ strbuf_addch(dest, *src); ++ else { ++ strbuf_addch(dest, '^'); ++ strbuf_addch(dest, 0x40 + *src); ++ } ++ } ++} ++ + /* + * Optionally highlight one keyword in remote output if it appears at the start + * of the line. This should be called for a single line only, which is +@@ -81,7 +94,7 @@ static void maybe_colorize_sideband(struct strbuf *dest, const char *src, int n) + int i; + + if (!want_color_stderr(use_sideband_colors())) { +- strbuf_add(dest, src, n); ++ strbuf_add_sanitized(dest, src, n); + return; + } + +@@ -114,7 +127,7 @@ static void maybe_colorize_sideband(struct strbuf *dest, const char *src, int n) + } + } + +- strbuf_add(dest, src, n); ++ strbuf_add_sanitized(dest, src, n); + } + + +diff --git a/t/t5409-colorize-remote-messages.sh b/t/t5409-colorize-remote-messages.sh +index fa5de4500a..d0745c391b 100755 +--- a/t/t5409-colorize-remote-messages.sh ++++ b/t/t5409-colorize-remote-messages.sh +@@ -98,4 +98,16 @@ test_expect_success 'fallback to color.ui' ' + grep "error: error" decoded + ' + ++test_expect_success 'disallow (color) control sequences in sideband' ' ++ write_script .git/color-me-surprised <<-\EOF && ++ printf "error: Have you \\033[31mread\\033[m this?\\n" >&2 ++ exec "$@" ++ EOF ++ test_config_global uploadPack.packObjectshook ./color-me-surprised && ++ test_commit need-at-least-one-commit && ++ git clone --no-local . throw-away 2>stderr && ++ test_decode_color decoded && ++ test_grep ! RED decoded ++' ++ + test_done +-- +2.49.0 + + +From ab2eb6c0043c643935ea0fbdaed68e15bc831b11 Mon Sep 17 00:00:00 2001 +From: Johannes Schindelin +Date: Wed, 6 Nov 2024 21:07:51 +0100 +Subject: [PATCH 2/4] sideband: introduce an "escape hatch" to allow control + characters + +The preceding commit fixed the vulnerability whereas sideband messages +(that are under the control of the remote server) could contain ANSI +escape sequences that would be sent to the terminal verbatim. + +However, this fix may not be desirable under all circumstances, e.g. +when remote servers deliberately add coloring to their messages to +increase their urgency. + +To help with those use cases, give users a way to opt-out of the +protections: `sideband.allowControlCharacters`. + +Signed-off-by: Johannes Schindelin +--- + Documentation/config.adoc | 2 ++ + Documentation/config/sideband.adoc | 5 +++++ + sideband.c | 10 ++++++++++ + t/t5409-colorize-remote-messages.sh | 8 +++++++- + 4 files changed, 24 insertions(+), 1 deletion(-) + create mode 100644 Documentation/config/sideband.adoc + +diff --git a/Documentation/config.adoc b/Documentation/config.adoc +index cc769251be..a8b04c4e51 100644 +--- a/Documentation/config.adoc ++++ b/Documentation/config.adoc +@@ -522,6 +522,8 @@ include::config/sequencer.adoc[] + + include::config/showbranch.adoc[] + ++include::config/sideband.adoc[] ++ + include::config/sparse.adoc[] + + include::config/splitindex.adoc[] +diff --git a/Documentation/config/sideband.adoc b/Documentation/config/sideband.adoc +new file mode 100644 +index 0000000000..3fb5045cd7 +--- /dev/null ++++ b/Documentation/config/sideband.adoc +@@ -0,0 +1,5 @@ ++sideband.allowControlCharacters:: ++ By default, control characters that are delivered via the sideband ++ are masked, to prevent potentially unwanted ANSI escape sequences ++ from being sent to the terminal. Use this config setting to override ++ this behavior. +diff --git a/sideband.c b/sideband.c +index 81b1ff0805..d1c326fa19 100644 +--- a/sideband.c ++++ b/sideband.c +@@ -26,6 +26,8 @@ static struct keyword_entry keywords[] = { + { "error", GIT_COLOR_BOLD_RED }, + }; + ++static int allow_control_characters; ++ + /* Returns a color setting (GIT_COLOR_NEVER, etc). */ + static int use_sideband_colors(void) + { +@@ -39,6 +41,9 @@ static int use_sideband_colors(void) + if (use_sideband_colors_cached >= 0) + return use_sideband_colors_cached; + ++ git_config_get_bool("sideband.allowcontrolcharacters", ++ &allow_control_characters); ++ + if (!git_config_get_string_tmp(key, &value)) + use_sideband_colors_cached = git_config_colorbool(key, value); + else if (!git_config_get_string_tmp("color.ui", &value)) +@@ -68,6 +73,11 @@ void list_config_color_sideband_slots(struct string_list *list, const char *pref + + static void strbuf_add_sanitized(struct strbuf *dest, const char *src, int n) + { ++ if (allow_control_characters) { ++ strbuf_add(dest, src, n); ++ return; ++ } ++ + strbuf_grow(dest, n); + for (; n && *src; src++, n--) { + if (!iscntrl(*src) || *src == '\t' || *src == '\n') +diff --git a/t/t5409-colorize-remote-messages.sh b/t/t5409-colorize-remote-messages.sh +index d0745c391b..fb31e85254 100755 +--- a/t/t5409-colorize-remote-messages.sh ++++ b/t/t5409-colorize-remote-messages.sh +@@ -105,9 +105,15 @@ test_expect_success 'disallow (color) control sequences in sideband' ' + EOF + test_config_global uploadPack.packObjectshook ./color-me-surprised && + test_commit need-at-least-one-commit && ++ + git clone --no-local . throw-away 2>stderr && + test_decode_color decoded && +- test_grep ! RED decoded ++ test_grep ! RED decoded && ++ ++ rm -rf throw-away && ++ git -c sideband.allowControlCharacters clone --no-local . throw-away 2>stderr && ++ test_decode_color decoded && ++ test_grep RED decoded + ' + + test_done +-- +2.49.0 + + +From a369672c2e6974590ad0561854318a4f255e6893 Mon Sep 17 00:00:00 2001 +From: Johannes Schindelin +Date: Mon, 18 Nov 2024 21:42:57 +0100 +Subject: [PATCH 3/4] sideband: do allow ANSI color sequences by default + +The preceding two commits introduced special handling of the sideband +channel to neutralize ANSI escape sequences before sending the payload +to the terminal, and `sideband.allowControlCharacters` to override that +behavior. + +However, some `pre-receive` hooks that are actively used in practice +want to color their messages and therefore rely on the fact that Git +passes them through to the terminal. + +In contrast to other ANSI escape sequences, it is highly unlikely that +coloring sequences can be essential tools in attack vectors that mislead +Git users e.g. by hiding crucial information. + +Therefore we can have both: Continue to allow ANSI coloring sequences to +be passed to the terminal, and neutralize all other ANSI escape +sequences. + +Signed-off-by: Johannes Schindelin +--- + Documentation/config/sideband.adoc | 17 ++++++-- + sideband.c | 61 ++++++++++++++++++++++++++--- + t/t5409-colorize-remote-messages.sh | 16 +++++++- + 3 files changed, 84 insertions(+), 10 deletions(-) + +diff --git a/Documentation/config/sideband.adoc b/Documentation/config/sideband.adoc +index 3fb5045cd7..f347fd6b33 100644 +--- a/Documentation/config/sideband.adoc ++++ b/Documentation/config/sideband.adoc +@@ -1,5 +1,16 @@ + sideband.allowControlCharacters:: + By default, control characters that are delivered via the sideband +- are masked, to prevent potentially unwanted ANSI escape sequences +- from being sent to the terminal. Use this config setting to override +- this behavior. ++ are masked, except ANSI color sequences. This prevents potentially ++ unwanted ANSI escape sequences from being sent to the terminal. Use ++ this config setting to override this behavior: +++ ++-- ++ color:: ++ Allow ANSI color sequences, line feeds and horizontal tabs, ++ but mask all other control characters. This is the default. ++ false:: ++ Mask all control characters other than line feeds and ++ horizontal tabs. ++ true:: ++ Allow all control characters to be sent to the terminal. ++-- +diff --git a/sideband.c b/sideband.c +index d1c326fa19..9084ca234d 100644 +--- a/sideband.c ++++ b/sideband.c +@@ -26,7 +26,11 @@ static struct keyword_entry keywords[] = { + { "error", GIT_COLOR_BOLD_RED }, + }; + +-static int allow_control_characters; ++static enum { ++ ALLOW_NO_CONTROL_CHARACTERS = 0, ++ ALLOW_ALL_CONTROL_CHARACTERS = 1, ++ ALLOW_ANSI_COLOR_SEQUENCES = 2 ++} allow_control_characters = ALLOW_ANSI_COLOR_SEQUENCES; + + /* Returns a color setting (GIT_COLOR_NEVER, etc). */ + static int use_sideband_colors(void) +@@ -41,8 +45,24 @@ static int use_sideband_colors(void) + if (use_sideband_colors_cached >= 0) + return use_sideband_colors_cached; + +- git_config_get_bool("sideband.allowcontrolcharacters", +- &allow_control_characters); ++ switch (git_config_get_maybe_bool("sideband.allowcontrolcharacters", &i)) { ++ case 0: /* Boolean value */ ++ allow_control_characters = i ? ALLOW_ALL_CONTROL_CHARACTERS : ++ ALLOW_NO_CONTROL_CHARACTERS; ++ break; ++ case -1: /* non-Boolean value */ ++ if (git_config_get_string_tmp("sideband.allowcontrolcharacters", ++ &value)) ++ ; /* huh? `get_maybe_bool()` returned -1 */ ++ else if (!strcmp(value, "color")) ++ allow_control_characters = ALLOW_ANSI_COLOR_SEQUENCES; ++ else ++ warning(_("unrecognized value for `sideband." ++ "allowControlCharacters`: '%s'"), value); ++ break; ++ default: ++ break; /* not configured */ ++ } + + if (!git_config_get_string_tmp(key, &value)) + use_sideband_colors_cached = git_config_colorbool(key, value); +@@ -71,9 +91,37 @@ void list_config_color_sideband_slots(struct string_list *list, const char *pref + list_config_item(list, prefix, keywords[i].keyword); + } + ++static int handle_ansi_color_sequence(struct strbuf *dest, const char *src, int n) ++{ ++ int i; ++ ++ /* ++ * Valid ANSI color sequences are of the form ++ * ++ * ESC [ [ [; ]*] m ++ */ ++ ++ if (allow_control_characters != ALLOW_ANSI_COLOR_SEQUENCES || ++ n < 3 || src[0] != '\x1b' || src[1] != '[') ++ return 0; ++ ++ for (i = 2; i < n; i++) { ++ if (src[i] == 'm') { ++ strbuf_add(dest, src, i + 1); ++ return i; ++ } ++ if (!isdigit(src[i]) && src[i] != ';') ++ break; ++ } ++ ++ return 0; ++} ++ + static void strbuf_add_sanitized(struct strbuf *dest, const char *src, int n) + { +- if (allow_control_characters) { ++ int i; ++ ++ if (allow_control_characters == ALLOW_ALL_CONTROL_CHARACTERS) { + strbuf_add(dest, src, n); + return; + } +@@ -82,7 +130,10 @@ static void strbuf_add_sanitized(struct strbuf *dest, const char *src, int n) + for (; n && *src; src++, n--) { + if (!iscntrl(*src) || *src == '\t' || *src == '\n') + strbuf_addch(dest, *src); +- else { ++ else if ((i = handle_ansi_color_sequence(dest, src, n))) { ++ src += i; ++ n -= i; ++ } else { + strbuf_addch(dest, '^'); + strbuf_addch(dest, 0x40 + *src); + } +diff --git a/t/t5409-colorize-remote-messages.sh b/t/t5409-colorize-remote-messages.sh +index fb31e85254..a755c49a74 100755 +--- a/t/t5409-colorize-remote-messages.sh ++++ b/t/t5409-colorize-remote-messages.sh +@@ -100,7 +100,7 @@ test_expect_success 'fallback to color.ui' ' + + test_expect_success 'disallow (color) control sequences in sideband' ' + write_script .git/color-me-surprised <<-\EOF && +- printf "error: Have you \\033[31mread\\033[m this?\\n" >&2 ++ printf "error: Have you \\033[31mread\\033[m this?\\a\\n" >&2 + exec "$@" + EOF + test_config_global uploadPack.packObjectshook ./color-me-surprised && +@@ -108,12 +108,24 @@ test_expect_success 'disallow (color) control sequences in sideband' ' + + git clone --no-local . throw-away 2>stderr && + test_decode_color decoded && ++ test_grep RED decoded && ++ test_grep "\\^G" stderr && ++ tr -dc "\\007" actual && ++ test_must_be_empty actual && ++ ++ rm -rf throw-away && ++ git -c sideband.allowControlCharacters=false \ ++ clone --no-local . throw-away 2>stderr && ++ test_decode_color decoded && + test_grep ! RED decoded && ++ test_grep "\\^G" stderr && + + rm -rf throw-away && + git -c sideband.allowControlCharacters clone --no-local . throw-away 2>stderr && + test_decode_color decoded && +- test_grep RED decoded ++ test_grep RED decoded && ++ tr -dc "\\007" actual && ++ test_file_not_empty actual + ' + + test_done +-- +2.49.0 + + +From b15d2255ed98eb6f75608c2f99f4ea3284ad250e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= +Date: Mon, 24 Mar 2025 10:51:39 +0100 +Subject: [PATCH 4/4] sideband: default to allowControlCharacters=true +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +We don't want to change the default Git behaviour, just add the option +to filter control characters. + +Signed-off-by: Ondřej Pohořelský +--- + Documentation/config/sideband.adoc | 8 ++++---- + sideband.c | 2 +- + t/t5409-colorize-remote-messages.sh | 3 ++- + 3 files changed, 7 insertions(+), 6 deletions(-) + +diff --git a/Documentation/config/sideband.adoc b/Documentation/config/sideband.adoc +index f347fd6b33..a809e2de89 100644 +--- a/Documentation/config/sideband.adoc ++++ b/Documentation/config/sideband.adoc +@@ -1,16 +1,16 @@ + sideband.allowControlCharacters:: + By default, control characters that are delivered via the sideband +- are masked, except ANSI color sequences. This prevents potentially +- unwanted ANSI escape sequences from being sent to the terminal. Use +- this config setting to override this behavior: ++ are NOT masked. Use this config setting to prevent potentially ++ unwanted ANSI escape sequences from being sent to the terminal: + + + -- + color:: + Allow ANSI color sequences, line feeds and horizontal tabs, +- but mask all other control characters. This is the default. ++ but mask all other control characters. + false:: + Mask all control characters other than line feeds and + horizontal tabs. + true:: + Allow all control characters to be sent to the terminal. ++ This is the default. + -- +diff --git a/sideband.c b/sideband.c +index 9084ca234d..456cd3d8bc 100644 +--- a/sideband.c ++++ b/sideband.c +@@ -30,7 +30,7 @@ static enum { + ALLOW_NO_CONTROL_CHARACTERS = 0, + ALLOW_ALL_CONTROL_CHARACTERS = 1, + ALLOW_ANSI_COLOR_SEQUENCES = 2 +-} allow_control_characters = ALLOW_ANSI_COLOR_SEQUENCES; ++} allow_control_characters = ALLOW_ALL_CONTROL_CHARACTERS; + + /* Returns a color setting (GIT_COLOR_NEVER, etc). */ + static int use_sideband_colors(void) +diff --git a/t/t5409-colorize-remote-messages.sh b/t/t5409-colorize-remote-messages.sh +index a755c49a74..2d40d8c640 100755 +--- a/t/t5409-colorize-remote-messages.sh ++++ b/t/t5409-colorize-remote-messages.sh +@@ -106,7 +106,8 @@ test_expect_success 'disallow (color) control sequences in sideband' ' + test_config_global uploadPack.packObjectshook ./color-me-surprised && + test_commit need-at-least-one-commit && + +- git clone --no-local . throw-away 2>stderr && ++ git -c sideband.allowControlCharacters=color \ ++ clone --no-local . throw-away 2>stderr && + test_decode_color decoded && + test_grep RED decoded && + test_grep "\\^G" stderr && +-- +2.49.0 + diff --git a/git.spec b/git.spec index b19d845..b3b2184 100644 --- a/git.spec +++ b/git.spec @@ -79,7 +79,7 @@ Name: git Version: 2.49.0 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT URL: https://git-scm.com/ @@ -132,6 +132,13 @@ Patch3: 0003-t-lib-git-svn-try-harder-to-find-a-port.patch # Prevents t5540 failures on i686, s390x and ppc64le Patch5: git-test-apache-davlockdbtype-config.patch +# Adds the option to sanitize sideband channel messages +# CVE-2024-52005 wasn't fixed by upstream. This patch adds the option to harden Git against it. +# The default behaviour of Git remains unchanged. +# +# https://github.com/gitgitgadget/git/pull/1853 +Patch6: git-2.49-sanitize-sideband-channel-messages.patch + %if %{with docs} # pod2man is needed to build Git.3pm BuildRequires: perl-podlators @@ -1056,6 +1063,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Mon Mar 24 2025 Ondřej Pohořelský - 2.49.0-2 +- add the option to sanitize sideband channel messages + * Mon Mar 17 2025 Ondřej Pohořelský - 2.49.0-1 - update to 2.49.0 From 001bf29ac7e222626c490dc9ffa4c5195e36f4d4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= Date: Mon, 23 Jun 2025 14:16:09 +0200 Subject: [PATCH 103/113] update to 2.50.0 --- git.spec | 7 +++++-- sources | 4 ++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/git.spec b/git.spec index b3b2184..203dced 100644 --- a/git.spec +++ b/git.spec @@ -78,8 +78,8 @@ %global _package_note_file %{_builddir}/%{name}-%{real_version}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git -Version: 2.49.0 -Release: 2%{?dist} +Version: 2.50.0 +Release: 1%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT URL: https://git-scm.com/ @@ -1063,6 +1063,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Mon Jun 23 2025 Ondřej Pohořelský - 2.50.0-1 +- update to 2.50.0 + * Mon Mar 24 2025 Ondřej Pohořelský - 2.49.0-2 - add the option to sanitize sideband channel messages diff --git a/sources b/sources index 25bd2d3..fbc63c3 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.49.0.tar.xz) = 81a16415890305fc6cfd14ade8bee76779feba01f51c5446f40c14211654342c68ef0911859fa6e8e9ff0a718847bb44ee4156d03a19c9165df19ba91e09e1f0 -SHA512 (git-2.49.0.tar.sign) = e956f83ee0973295ec608aa6ab1df11992d8fc10f1702a0cdbf849f7659d94666fe714f60a7b4aeeed064bc49e1345791e3d8b0a867c075544eb48f01b84fd27 +SHA512 (git-2.50.0.tar.xz) = a8fdf5b0ab156822324b76aa7200071eb7244f7714807c39f05bc3361bc261272a6fdd1d0bc3a097dbbf27e92c02eda612aac17cb2a45ddfa222d74937cac67f +SHA512 (git-2.50.0.tar.sign) = 1cc17cc904587ff3c3c85a728ced51a04a92b194a7e5e69e0fd2f59bff24c643a3c4e5631b0cd870d4ad4229b1e9edc4c5cf671cde72bb37ef1cc04ebfac421c From 54ed4ea4ba7db573e5cccb672c50aed38b2fe49c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= Date: Tue, 8 Jul 2025 22:41:07 +0200 Subject: [PATCH 104/113] update to 2.50.1 --- git.spec | 5 ++++- sources | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/git.spec b/git.spec index 203dced..b23d32b 100644 --- a/git.spec +++ b/git.spec @@ -78,7 +78,7 @@ %global _package_note_file %{_builddir}/%{name}-%{real_version}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git -Version: 2.50.0 +Version: 2.50.1 Release: 1%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT @@ -1063,6 +1063,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Tue Jul 08 2025 Ondřej Pohořelský - 2.50.1-1 +- update to 2.50.1 + * Mon Jun 23 2025 Ondřej Pohořelský - 2.50.0-1 - update to 2.50.0 diff --git a/sources b/sources index fbc63c3..8e5e30a 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.50.0.tar.xz) = a8fdf5b0ab156822324b76aa7200071eb7244f7714807c39f05bc3361bc261272a6fdd1d0bc3a097dbbf27e92c02eda612aac17cb2a45ddfa222d74937cac67f -SHA512 (git-2.50.0.tar.sign) = 1cc17cc904587ff3c3c85a728ced51a04a92b194a7e5e69e0fd2f59bff24c643a3c4e5631b0cd870d4ad4229b1e9edc4c5cf671cde72bb37ef1cc04ebfac421c +SHA512 (git-2.50.1.tar.xz) = 09f37290c0d4d074b97363f4a4be1813426e93ac3fa993c4d671bb1462bcc9335713c17d1442196a35205a603eeb052662382935d27498875a251f4fe86f6b36 +SHA512 (git-2.50.1.tar.sign) = f03a588b4108a2f0eae949d8870a3f16da18dfdf23de547aeaa25cdbccf668cfe89d49bbfb3869571b261738482f32002d83b2760415d4c04a0285273b18e828 From fc75418e16da4919c30846f896122b7e08c85c92 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 23 Jul 2025 22:22:42 +0000 Subject: [PATCH 105/113] Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild --- git.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/git.spec b/git.spec index b23d32b..d19d51f 100644 --- a/git.spec +++ b/git.spec @@ -79,7 +79,7 @@ Name: git Version: 2.50.1 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT URL: https://git-scm.com/ @@ -1063,6 +1063,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Wed Jul 23 2025 Fedora Release Engineering - 2.50.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild + * Tue Jul 08 2025 Ondřej Pohořelský - 2.50.1-1 - update to 2.50.1 From 90cb7985fdcd5d276f9d7f17efd93932116e578e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= Date: Wed, 20 Aug 2025 11:46:09 +0200 Subject: [PATCH 106/113] update to 2.51.0 --- ...9-sanitize-sideband-channel-messages.patch | 471 ------------------ ...1-sanitize-sideband-channel-messages.patch | 274 ++++++++++ git.spec | 27 +- sources | 4 +- 4 files changed, 282 insertions(+), 494 deletions(-) delete mode 100644 git-2.49-sanitize-sideband-channel-messages.patch create mode 100644 git-2.51-sanitize-sideband-channel-messages.patch diff --git a/git-2.49-sanitize-sideband-channel-messages.patch b/git-2.49-sanitize-sideband-channel-messages.patch deleted file mode 100644 index f3be95a..0000000 --- a/git-2.49-sanitize-sideband-channel-messages.patch +++ /dev/null @@ -1,471 +0,0 @@ -From 328ff864183cdd0a4b779b5b88a3271b39a1b1a2 Mon Sep 17 00:00:00 2001 -From: Johannes Schindelin -Date: Wed, 6 Nov 2024 20:34:50 +0100 -Subject: [PATCH 1/4] sideband: mask control characters - -The output of `git clone` is a vital component for understanding what -has happened when things go wrong. However, these logs are partially -under the control of the remote server (via the "sideband", which -typically contains what the remote `git pack-objects` process sends to -`stderr`), and is currently not sanitized by Git. - -This makes Git susceptible to ANSI escape sequence injection (see -CWE-150, https://cwe.mitre.org/data/definitions/150.html), which allows -attackers to corrupt terminal state, to hide information, and even to -insert characters into the input buffer (i.e. as if the user had typed -those characters). - -To plug this vulnerability, disallow any control character in the -sideband, replacing them instead with the common `^` -(e.g. `^[` for `\x1b`, `^A` for `\x01`). - -There is likely a need for more fine-grained controls instead of using a -"heavy hammer" like this, which will be introduced subsequently. - -Signed-off-by: Johannes Schindelin ---- - sideband.c | 17 +++++++++++++++-- - t/t5409-colorize-remote-messages.sh | 12 ++++++++++++ - 2 files changed, 27 insertions(+), 2 deletions(-) - -diff --git a/sideband.c b/sideband.c -index 251e9615ed..81b1ff0805 100644 ---- a/sideband.c -+++ b/sideband.c -@@ -66,6 +66,19 @@ void list_config_color_sideband_slots(struct string_list *list, const char *pref - list_config_item(list, prefix, keywords[i].keyword); - } - -+static void strbuf_add_sanitized(struct strbuf *dest, const char *src, int n) -+{ -+ strbuf_grow(dest, n); -+ for (; n && *src; src++, n--) { -+ if (!iscntrl(*src) || *src == '\t' || *src == '\n') -+ strbuf_addch(dest, *src); -+ else { -+ strbuf_addch(dest, '^'); -+ strbuf_addch(dest, 0x40 + *src); -+ } -+ } -+} -+ - /* - * Optionally highlight one keyword in remote output if it appears at the start - * of the line. This should be called for a single line only, which is -@@ -81,7 +94,7 @@ static void maybe_colorize_sideband(struct strbuf *dest, const char *src, int n) - int i; - - if (!want_color_stderr(use_sideband_colors())) { -- strbuf_add(dest, src, n); -+ strbuf_add_sanitized(dest, src, n); - return; - } - -@@ -114,7 +127,7 @@ static void maybe_colorize_sideband(struct strbuf *dest, const char *src, int n) - } - } - -- strbuf_add(dest, src, n); -+ strbuf_add_sanitized(dest, src, n); - } - - -diff --git a/t/t5409-colorize-remote-messages.sh b/t/t5409-colorize-remote-messages.sh -index fa5de4500a..d0745c391b 100755 ---- a/t/t5409-colorize-remote-messages.sh -+++ b/t/t5409-colorize-remote-messages.sh -@@ -98,4 +98,16 @@ test_expect_success 'fallback to color.ui' ' - grep "error: error" decoded - ' - -+test_expect_success 'disallow (color) control sequences in sideband' ' -+ write_script .git/color-me-surprised <<-\EOF && -+ printf "error: Have you \\033[31mread\\033[m this?\\n" >&2 -+ exec "$@" -+ EOF -+ test_config_global uploadPack.packObjectshook ./color-me-surprised && -+ test_commit need-at-least-one-commit && -+ git clone --no-local . throw-away 2>stderr && -+ test_decode_color decoded && -+ test_grep ! RED decoded -+' -+ - test_done --- -2.49.0 - - -From ab2eb6c0043c643935ea0fbdaed68e15bc831b11 Mon Sep 17 00:00:00 2001 -From: Johannes Schindelin -Date: Wed, 6 Nov 2024 21:07:51 +0100 -Subject: [PATCH 2/4] sideband: introduce an "escape hatch" to allow control - characters - -The preceding commit fixed the vulnerability whereas sideband messages -(that are under the control of the remote server) could contain ANSI -escape sequences that would be sent to the terminal verbatim. - -However, this fix may not be desirable under all circumstances, e.g. -when remote servers deliberately add coloring to their messages to -increase their urgency. - -To help with those use cases, give users a way to opt-out of the -protections: `sideband.allowControlCharacters`. - -Signed-off-by: Johannes Schindelin ---- - Documentation/config.adoc | 2 ++ - Documentation/config/sideband.adoc | 5 +++++ - sideband.c | 10 ++++++++++ - t/t5409-colorize-remote-messages.sh | 8 +++++++- - 4 files changed, 24 insertions(+), 1 deletion(-) - create mode 100644 Documentation/config/sideband.adoc - -diff --git a/Documentation/config.adoc b/Documentation/config.adoc -index cc769251be..a8b04c4e51 100644 ---- a/Documentation/config.adoc -+++ b/Documentation/config.adoc -@@ -522,6 +522,8 @@ include::config/sequencer.adoc[] - - include::config/showbranch.adoc[] - -+include::config/sideband.adoc[] -+ - include::config/sparse.adoc[] - - include::config/splitindex.adoc[] -diff --git a/Documentation/config/sideband.adoc b/Documentation/config/sideband.adoc -new file mode 100644 -index 0000000000..3fb5045cd7 ---- /dev/null -+++ b/Documentation/config/sideband.adoc -@@ -0,0 +1,5 @@ -+sideband.allowControlCharacters:: -+ By default, control characters that are delivered via the sideband -+ are masked, to prevent potentially unwanted ANSI escape sequences -+ from being sent to the terminal. Use this config setting to override -+ this behavior. -diff --git a/sideband.c b/sideband.c -index 81b1ff0805..d1c326fa19 100644 ---- a/sideband.c -+++ b/sideband.c -@@ -26,6 +26,8 @@ static struct keyword_entry keywords[] = { - { "error", GIT_COLOR_BOLD_RED }, - }; - -+static int allow_control_characters; -+ - /* Returns a color setting (GIT_COLOR_NEVER, etc). */ - static int use_sideband_colors(void) - { -@@ -39,6 +41,9 @@ static int use_sideband_colors(void) - if (use_sideband_colors_cached >= 0) - return use_sideband_colors_cached; - -+ git_config_get_bool("sideband.allowcontrolcharacters", -+ &allow_control_characters); -+ - if (!git_config_get_string_tmp(key, &value)) - use_sideband_colors_cached = git_config_colorbool(key, value); - else if (!git_config_get_string_tmp("color.ui", &value)) -@@ -68,6 +73,11 @@ void list_config_color_sideband_slots(struct string_list *list, const char *pref - - static void strbuf_add_sanitized(struct strbuf *dest, const char *src, int n) - { -+ if (allow_control_characters) { -+ strbuf_add(dest, src, n); -+ return; -+ } -+ - strbuf_grow(dest, n); - for (; n && *src; src++, n--) { - if (!iscntrl(*src) || *src == '\t' || *src == '\n') -diff --git a/t/t5409-colorize-remote-messages.sh b/t/t5409-colorize-remote-messages.sh -index d0745c391b..fb31e85254 100755 ---- a/t/t5409-colorize-remote-messages.sh -+++ b/t/t5409-colorize-remote-messages.sh -@@ -105,9 +105,15 @@ test_expect_success 'disallow (color) control sequences in sideband' ' - EOF - test_config_global uploadPack.packObjectshook ./color-me-surprised && - test_commit need-at-least-one-commit && -+ - git clone --no-local . throw-away 2>stderr && - test_decode_color decoded && -- test_grep ! RED decoded -+ test_grep ! RED decoded && -+ -+ rm -rf throw-away && -+ git -c sideband.allowControlCharacters clone --no-local . throw-away 2>stderr && -+ test_decode_color decoded && -+ test_grep RED decoded - ' - - test_done --- -2.49.0 - - -From a369672c2e6974590ad0561854318a4f255e6893 Mon Sep 17 00:00:00 2001 -From: Johannes Schindelin -Date: Mon, 18 Nov 2024 21:42:57 +0100 -Subject: [PATCH 3/4] sideband: do allow ANSI color sequences by default - -The preceding two commits introduced special handling of the sideband -channel to neutralize ANSI escape sequences before sending the payload -to the terminal, and `sideband.allowControlCharacters` to override that -behavior. - -However, some `pre-receive` hooks that are actively used in practice -want to color their messages and therefore rely on the fact that Git -passes them through to the terminal. - -In contrast to other ANSI escape sequences, it is highly unlikely that -coloring sequences can be essential tools in attack vectors that mislead -Git users e.g. by hiding crucial information. - -Therefore we can have both: Continue to allow ANSI coloring sequences to -be passed to the terminal, and neutralize all other ANSI escape -sequences. - -Signed-off-by: Johannes Schindelin ---- - Documentation/config/sideband.adoc | 17 ++++++-- - sideband.c | 61 ++++++++++++++++++++++++++--- - t/t5409-colorize-remote-messages.sh | 16 +++++++- - 3 files changed, 84 insertions(+), 10 deletions(-) - -diff --git a/Documentation/config/sideband.adoc b/Documentation/config/sideband.adoc -index 3fb5045cd7..f347fd6b33 100644 ---- a/Documentation/config/sideband.adoc -+++ b/Documentation/config/sideband.adoc -@@ -1,5 +1,16 @@ - sideband.allowControlCharacters:: - By default, control characters that are delivered via the sideband -- are masked, to prevent potentially unwanted ANSI escape sequences -- from being sent to the terminal. Use this config setting to override -- this behavior. -+ are masked, except ANSI color sequences. This prevents potentially -+ unwanted ANSI escape sequences from being sent to the terminal. Use -+ this config setting to override this behavior: -++ -+-- -+ color:: -+ Allow ANSI color sequences, line feeds and horizontal tabs, -+ but mask all other control characters. This is the default. -+ false:: -+ Mask all control characters other than line feeds and -+ horizontal tabs. -+ true:: -+ Allow all control characters to be sent to the terminal. -+-- -diff --git a/sideband.c b/sideband.c -index d1c326fa19..9084ca234d 100644 ---- a/sideband.c -+++ b/sideband.c -@@ -26,7 +26,11 @@ static struct keyword_entry keywords[] = { - { "error", GIT_COLOR_BOLD_RED }, - }; - --static int allow_control_characters; -+static enum { -+ ALLOW_NO_CONTROL_CHARACTERS = 0, -+ ALLOW_ALL_CONTROL_CHARACTERS = 1, -+ ALLOW_ANSI_COLOR_SEQUENCES = 2 -+} allow_control_characters = ALLOW_ANSI_COLOR_SEQUENCES; - - /* Returns a color setting (GIT_COLOR_NEVER, etc). */ - static int use_sideband_colors(void) -@@ -41,8 +45,24 @@ static int use_sideband_colors(void) - if (use_sideband_colors_cached >= 0) - return use_sideband_colors_cached; - -- git_config_get_bool("sideband.allowcontrolcharacters", -- &allow_control_characters); -+ switch (git_config_get_maybe_bool("sideband.allowcontrolcharacters", &i)) { -+ case 0: /* Boolean value */ -+ allow_control_characters = i ? ALLOW_ALL_CONTROL_CHARACTERS : -+ ALLOW_NO_CONTROL_CHARACTERS; -+ break; -+ case -1: /* non-Boolean value */ -+ if (git_config_get_string_tmp("sideband.allowcontrolcharacters", -+ &value)) -+ ; /* huh? `get_maybe_bool()` returned -1 */ -+ else if (!strcmp(value, "color")) -+ allow_control_characters = ALLOW_ANSI_COLOR_SEQUENCES; -+ else -+ warning(_("unrecognized value for `sideband." -+ "allowControlCharacters`: '%s'"), value); -+ break; -+ default: -+ break; /* not configured */ -+ } - - if (!git_config_get_string_tmp(key, &value)) - use_sideband_colors_cached = git_config_colorbool(key, value); -@@ -71,9 +91,37 @@ void list_config_color_sideband_slots(struct string_list *list, const char *pref - list_config_item(list, prefix, keywords[i].keyword); - } - -+static int handle_ansi_color_sequence(struct strbuf *dest, const char *src, int n) -+{ -+ int i; -+ -+ /* -+ * Valid ANSI color sequences are of the form -+ * -+ * ESC [ [ [; ]*] m -+ */ -+ -+ if (allow_control_characters != ALLOW_ANSI_COLOR_SEQUENCES || -+ n < 3 || src[0] != '\x1b' || src[1] != '[') -+ return 0; -+ -+ for (i = 2; i < n; i++) { -+ if (src[i] == 'm') { -+ strbuf_add(dest, src, i + 1); -+ return i; -+ } -+ if (!isdigit(src[i]) && src[i] != ';') -+ break; -+ } -+ -+ return 0; -+} -+ - static void strbuf_add_sanitized(struct strbuf *dest, const char *src, int n) - { -- if (allow_control_characters) { -+ int i; -+ -+ if (allow_control_characters == ALLOW_ALL_CONTROL_CHARACTERS) { - strbuf_add(dest, src, n); - return; - } -@@ -82,7 +130,10 @@ static void strbuf_add_sanitized(struct strbuf *dest, const char *src, int n) - for (; n && *src; src++, n--) { - if (!iscntrl(*src) || *src == '\t' || *src == '\n') - strbuf_addch(dest, *src); -- else { -+ else if ((i = handle_ansi_color_sequence(dest, src, n))) { -+ src += i; -+ n -= i; -+ } else { - strbuf_addch(dest, '^'); - strbuf_addch(dest, 0x40 + *src); - } -diff --git a/t/t5409-colorize-remote-messages.sh b/t/t5409-colorize-remote-messages.sh -index fb31e85254..a755c49a74 100755 ---- a/t/t5409-colorize-remote-messages.sh -+++ b/t/t5409-colorize-remote-messages.sh -@@ -100,7 +100,7 @@ test_expect_success 'fallback to color.ui' ' - - test_expect_success 'disallow (color) control sequences in sideband' ' - write_script .git/color-me-surprised <<-\EOF && -- printf "error: Have you \\033[31mread\\033[m this?\\n" >&2 -+ printf "error: Have you \\033[31mread\\033[m this?\\a\\n" >&2 - exec "$@" - EOF - test_config_global uploadPack.packObjectshook ./color-me-surprised && -@@ -108,12 +108,24 @@ test_expect_success 'disallow (color) control sequences in sideband' ' - - git clone --no-local . throw-away 2>stderr && - test_decode_color decoded && -+ test_grep RED decoded && -+ test_grep "\\^G" stderr && -+ tr -dc "\\007" actual && -+ test_must_be_empty actual && -+ -+ rm -rf throw-away && -+ git -c sideband.allowControlCharacters=false \ -+ clone --no-local . throw-away 2>stderr && -+ test_decode_color decoded && - test_grep ! RED decoded && -+ test_grep "\\^G" stderr && - - rm -rf throw-away && - git -c sideband.allowControlCharacters clone --no-local . throw-away 2>stderr && - test_decode_color decoded && -- test_grep RED decoded -+ test_grep RED decoded && -+ tr -dc "\\007" actual && -+ test_file_not_empty actual - ' - - test_done --- -2.49.0 - - -From b15d2255ed98eb6f75608c2f99f4ea3284ad250e Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= -Date: Mon, 24 Mar 2025 10:51:39 +0100 -Subject: [PATCH 4/4] sideband: default to allowControlCharacters=true -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -We don't want to change the default Git behaviour, just add the option -to filter control characters. - -Signed-off-by: Ondřej Pohořelský ---- - Documentation/config/sideband.adoc | 8 ++++---- - sideband.c | 2 +- - t/t5409-colorize-remote-messages.sh | 3 ++- - 3 files changed, 7 insertions(+), 6 deletions(-) - -diff --git a/Documentation/config/sideband.adoc b/Documentation/config/sideband.adoc -index f347fd6b33..a809e2de89 100644 ---- a/Documentation/config/sideband.adoc -+++ b/Documentation/config/sideband.adoc -@@ -1,16 +1,16 @@ - sideband.allowControlCharacters:: - By default, control characters that are delivered via the sideband -- are masked, except ANSI color sequences. This prevents potentially -- unwanted ANSI escape sequences from being sent to the terminal. Use -- this config setting to override this behavior: -+ are NOT masked. Use this config setting to prevent potentially -+ unwanted ANSI escape sequences from being sent to the terminal: - + - -- - color:: - Allow ANSI color sequences, line feeds and horizontal tabs, -- but mask all other control characters. This is the default. -+ but mask all other control characters. - false:: - Mask all control characters other than line feeds and - horizontal tabs. - true:: - Allow all control characters to be sent to the terminal. -+ This is the default. - -- -diff --git a/sideband.c b/sideband.c -index 9084ca234d..456cd3d8bc 100644 ---- a/sideband.c -+++ b/sideband.c -@@ -30,7 +30,7 @@ static enum { - ALLOW_NO_CONTROL_CHARACTERS = 0, - ALLOW_ALL_CONTROL_CHARACTERS = 1, - ALLOW_ANSI_COLOR_SEQUENCES = 2 --} allow_control_characters = ALLOW_ANSI_COLOR_SEQUENCES; -+} allow_control_characters = ALLOW_ALL_CONTROL_CHARACTERS; - - /* Returns a color setting (GIT_COLOR_NEVER, etc). */ - static int use_sideband_colors(void) -diff --git a/t/t5409-colorize-remote-messages.sh b/t/t5409-colorize-remote-messages.sh -index a755c49a74..2d40d8c640 100755 ---- a/t/t5409-colorize-remote-messages.sh -+++ b/t/t5409-colorize-remote-messages.sh -@@ -106,7 +106,8 @@ test_expect_success 'disallow (color) control sequences in sideband' ' - test_config_global uploadPack.packObjectshook ./color-me-surprised && - test_commit need-at-least-one-commit && - -- git clone --no-local . throw-away 2>stderr && -+ git -c sideband.allowControlCharacters=color \ -+ clone --no-local . throw-away 2>stderr && - test_decode_color decoded && - test_grep RED decoded && - test_grep "\\^G" stderr && --- -2.49.0 - diff --git a/git-2.51-sanitize-sideband-channel-messages.patch b/git-2.51-sanitize-sideband-channel-messages.patch new file mode 100644 index 0000000..6a31b6b --- /dev/null +++ b/git-2.51-sanitize-sideband-channel-messages.patch @@ -0,0 +1,274 @@ +From 247950ec070cef60c45a877d24a4770991d1eefc Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= +Date: Wed, 20 Aug 2025 09:35:47 +0200 +Subject: [PATCH] sideband: mask control characters +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The output of `git clone` is a vital component for understanding what +has happened when things go wrong. However, these logs are partially +under the control of the remote server (via the "sideband", which +typically contains what the remote `git pack-objects` process sends to +`stderr`), and is currently not sanitized by Git. + +This makes Git susceptible to ANSI escape sequence injection (see +CWE-150, https://cwe.mitre.org/data/definitions/150.html), which allows +attackers to corrupt terminal state, to hide information, and even to +insert characters into the input buffer (i.e. as if the user had typed +those characters). + +To plug this vulnerability, disallow any control character in the +sideband, replacing them instead with the common `^` +(e.g. `^[` for `\x1b`, `^A` for `\x01`). + +There is likely a need for more fine-grained controls instead of using a +"heavy hammer" like this, which will be introduced subsequently. + +Signed-off-by: Johannes Schindelin + +sideband: introduce an "escape hatch" to allow control characters + +The preceding commit fixed the vulnerability whereas sideband messages +(that are under the control of the remote server) could contain ANSI +escape sequences that would be sent to the terminal verbatim. + +However, this fix may not be desirable under all circumstances, e.g. +when remote servers deliberately add coloring to their messages to +increase their urgency. + +To help with those use cases, give users a way to opt-out of the +protections: `sideband.allowControlCharacters`. + +Signed-off-by: Johannes Schindelin + +sideband: do allow ANSI color sequences by default + +The preceding two commits introduced special handling of the sideband +channel to neutralize ANSI escape sequences before sending the payload +to the terminal, and `sideband.allowControlCharacters` to override that +behavior. + +However, some `pre-receive` hooks that are actively used in practice +want to color their messages and therefore rely on the fact that Git +passes them through to the terminal. + +In contrast to other ANSI escape sequences, it is highly unlikely that +coloring sequences can be essential tools in attack vectors that mislead +Git users e.g. by hiding crucial information. + +Therefore we can have both: Continue to allow ANSI coloring sequences to +be passed to the terminal, and neutralize all other ANSI escape +sequences. + +Signed-off-by: Johannes Schindelin + +sideband: default to allowControlCharacters=true + +We don't want to change the default Git behaviour, just add the option +to filter control characters. + +Signed-off-by: Ondřej Pohořelský +--- + Documentation/config.adoc | 2 + + Documentation/config/sideband.adoc | 16 ++++++ + sideband.c | 78 ++++++++++++++++++++++++++++- + t/t5409-colorize-remote-messages.sh | 31 ++++++++++++ + 4 files changed, 125 insertions(+), 2 deletions(-) + create mode 100644 Documentation/config/sideband.adoc + +diff --git a/Documentation/config.adoc b/Documentation/config.adoc +index cc769251be..a8b04c4e51 100644 +--- a/Documentation/config.adoc ++++ b/Documentation/config.adoc +@@ -522,6 +522,8 @@ include::config/sequencer.adoc[] + + include::config/showbranch.adoc[] + ++include::config/sideband.adoc[] ++ + include::config/sparse.adoc[] + + include::config/splitindex.adoc[] +diff --git a/Documentation/config/sideband.adoc b/Documentation/config/sideband.adoc +new file mode 100644 +index 0000000000..a809e2de89 +--- /dev/null ++++ b/Documentation/config/sideband.adoc +@@ -0,0 +1,16 @@ ++sideband.allowControlCharacters:: ++ By default, control characters that are delivered via the sideband ++ are NOT masked. Use this config setting to prevent potentially ++ unwanted ANSI escape sequences from being sent to the terminal: +++ ++-- ++ color:: ++ Allow ANSI color sequences, line feeds and horizontal tabs, ++ but mask all other control characters. ++ false:: ++ Mask all control characters other than line feeds and ++ horizontal tabs. ++ true:: ++ Allow all control characters to be sent to the terminal. ++ This is the default. ++-- +diff --git a/sideband.c b/sideband.c +index 8f15b98a65..461eea0a51 100644 +--- a/sideband.c ++++ b/sideband.c +@@ -26,6 +26,12 @@ static struct keyword_entry keywords[] = { + { "error", GIT_COLOR_BOLD_RED }, + }; + ++static enum { ++ ALLOW_NO_CONTROL_CHARACTERS = 0, ++ ALLOW_ALL_CONTROL_CHARACTERS = 1, ++ ALLOW_ANSI_COLOR_SEQUENCES = 2 ++} allow_control_characters = ALLOW_ALL_CONTROL_CHARACTERS; ++ + /* Returns a color setting (GIT_COLOR_NEVER, etc). */ + static int use_sideband_colors(void) + { +@@ -39,6 +45,25 @@ static int use_sideband_colors(void) + if (use_sideband_colors_cached >= 0) + return use_sideband_colors_cached; + ++ switch (repo_config_get_maybe_bool(the_repository, "sideband.allowcontrolcharacters", &i)) { ++ case 0: /* Boolean value */ ++ allow_control_characters = i ? ALLOW_ALL_CONTROL_CHARACTERS : ++ ALLOW_NO_CONTROL_CHARACTERS; ++ break; ++ case -1: /* non-Boolean value */ ++ if (repo_config_get_string_tmp(the_repository, "sideband.allowcontrolcharacters", ++ &value)) ++ ; /* huh? `get_maybe_bool()` returned -1 */ ++ else if (!strcmp(value, "color")) ++ allow_control_characters = ALLOW_ANSI_COLOR_SEQUENCES; ++ else ++ warning(_("unrecognized value for `sideband." ++ "allowControlCharacters`: '%s'"), value); ++ break; ++ default: ++ break; /* not configured */ ++ } ++ + if (!repo_config_get_string_tmp(the_repository, key, &value)) + use_sideband_colors_cached = git_config_colorbool(key, value); + else if (!repo_config_get_string_tmp(the_repository, "color.ui", &value)) +@@ -66,6 +91,55 @@ void list_config_color_sideband_slots(struct string_list *list, const char *pref + list_config_item(list, prefix, keywords[i].keyword); + } + ++static int handle_ansi_color_sequence(struct strbuf *dest, const char *src, int n) ++{ ++ int i; ++ ++ /* ++ * Valid ANSI color sequences are of the form ++ * ++ * ESC [ [ [; ]*] m ++ */ ++ ++ if (allow_control_characters != ALLOW_ANSI_COLOR_SEQUENCES || ++ n < 3 || src[0] != '\x1b' || src[1] != '[') ++ return 0; ++ ++ for (i = 2; i < n; i++) { ++ if (src[i] == 'm') { ++ strbuf_add(dest, src, i + 1); ++ return i; ++ } ++ if (!isdigit(src[i]) && src[i] != ';') ++ break; ++ } ++ ++ return 0; ++} ++ ++static void strbuf_add_sanitized(struct strbuf *dest, const char *src, int n) ++{ ++ int i; ++ ++ if (allow_control_characters == ALLOW_ALL_CONTROL_CHARACTERS) { ++ strbuf_add(dest, src, n); ++ return; ++ } ++ ++ strbuf_grow(dest, n); ++ for (; n && *src; src++, n--) { ++ if (!iscntrl(*src) || *src == '\t' || *src == '\n') ++ strbuf_addch(dest, *src); ++ else if ((i = handle_ansi_color_sequence(dest, src, n))) { ++ src += i; ++ n -= i; ++ } else { ++ strbuf_addch(dest, '^'); ++ strbuf_addch(dest, 0x40 + *src); ++ } ++ } ++} ++ + /* + * Optionally highlight one keyword in remote output if it appears at the start + * of the line. This should be called for a single line only, which is +@@ -81,7 +155,7 @@ static void maybe_colorize_sideband(struct strbuf *dest, const char *src, int n) + int i; + + if (!want_color_stderr(use_sideband_colors())) { +- strbuf_add(dest, src, n); ++ strbuf_add_sanitized(dest, src, n); + return; + } + +@@ -114,7 +188,7 @@ static void maybe_colorize_sideband(struct strbuf *dest, const char *src, int n) + } + } + +- strbuf_add(dest, src, n); ++ strbuf_add_sanitized(dest, src, n); + } + + +diff --git a/t/t5409-colorize-remote-messages.sh b/t/t5409-colorize-remote-messages.sh +index fa5de4500a..2d40d8c640 100755 +--- a/t/t5409-colorize-remote-messages.sh ++++ b/t/t5409-colorize-remote-messages.sh +@@ -98,4 +98,35 @@ test_expect_success 'fallback to color.ui' ' + grep "error: error" decoded + ' + ++test_expect_success 'disallow (color) control sequences in sideband' ' ++ write_script .git/color-me-surprised <<-\EOF && ++ printf "error: Have you \\033[31mread\\033[m this?\\a\\n" >&2 ++ exec "$@" ++ EOF ++ test_config_global uploadPack.packObjectshook ./color-me-surprised && ++ test_commit need-at-least-one-commit && ++ ++ git -c sideband.allowControlCharacters=color \ ++ clone --no-local . throw-away 2>stderr && ++ test_decode_color decoded && ++ test_grep RED decoded && ++ test_grep "\\^G" stderr && ++ tr -dc "\\007" actual && ++ test_must_be_empty actual && ++ ++ rm -rf throw-away && ++ git -c sideband.allowControlCharacters=false \ ++ clone --no-local . throw-away 2>stderr && ++ test_decode_color decoded && ++ test_grep ! RED decoded && ++ test_grep "\\^G" stderr && ++ ++ rm -rf throw-away && ++ git -c sideband.allowControlCharacters clone --no-local . throw-away 2>stderr && ++ test_decode_color decoded && ++ test_grep RED decoded && ++ tr -dc "\\007" actual && ++ test_file_not_empty actual ++' ++ + test_done +-- +2.50.1 + diff --git a/git.spec b/git.spec index d19d51f..ec36e59 100644 --- a/git.spec +++ b/git.spec @@ -78,8 +78,8 @@ %global _package_note_file %{_builddir}/%{name}-%{real_version}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git -Version: 2.50.1 -Release: 2%{?dist} +Version: 2.51.0 +Release: 1%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT URL: https://git-scm.com/ @@ -137,7 +137,7 @@ Patch5: git-test-apache-davlockdbtype-config.patch # The default behaviour of Git remains unchanged. # # https://github.com/gitgitgadget/git/pull/1853 -Patch6: git-2.49-sanitize-sideband-channel-messages.patch +Patch6: git-2.51-sanitize-sideband-channel-messages.patch %if %{with docs} # pod2man is needed to build Git.3pm @@ -740,13 +740,6 @@ mkdir -p %{buildroot}%{_datadir}/git-core/contrib/completion install -pm 644 contrib/completion/git-completion.tcsh \ %{buildroot}%{_datadir}/git-core/contrib/completion/ -# Move contrib/hooks out of %%docdir -mkdir -p %{buildroot}%{_datadir}/git-core/contrib -mv contrib/hooks %{buildroot}%{_datadir}/git-core/contrib -pushd contrib > /dev/null -ln -s ../../../git-core/contrib/hooks -popd > /dev/null - # Install git-prompt.sh mkdir -p %{buildroot}%{_datadir}/git-core/contrib/completion install -pm 644 contrib/completion/git-prompt.sh \ @@ -936,11 +929,6 @@ rmdir --ignore-fail-on-non-empty "$testdir" %files -f bin-man-doc-git-files %{_datadir}/git-core/contrib/diff-highlight -%{_datadir}/git-core/contrib/hooks/update-paranoid -%{_datadir}/git-core/contrib/hooks/setgitperms.perl -%{_datadir}/git-core/templates/hooks/fsmonitor-watchman.sample -%{_datadir}/git-core/templates/hooks/pre-rebase.sample -%{_datadir}/git-core/templates/hooks/prepare-commit-msg.sample %files all # No files for you! @@ -952,11 +940,6 @@ rmdir --ignore-fail-on-non-empty "$testdir" %license COPYING # exclude is best way here because of troubles with symlinks inside git-core/ %exclude %{_datadir}/git-core/contrib/diff-highlight -%exclude %{_datadir}/git-core/contrib/hooks/update-paranoid -%exclude %{_datadir}/git-core/contrib/hooks/setgitperms.perl -%exclude %{_datadir}/git-core/templates/hooks/fsmonitor-watchman.sample -%exclude %{_datadir}/git-core/templates/hooks/pre-rebase.sample -%exclude %{_datadir}/git-core/templates/hooks/prepare-commit-msg.sample %{bash_completions_dir}/git %{_datadir}/git-core/ @@ -966,7 +949,6 @@ rmdir --ignore-fail-on-non-empty "$testdir" %exclude %{_pkgdocdir}/contrib/*/*.py[co] %endif # endif rhel <= 7 -%{_pkgdocdir}/contrib/hooks %if %{with libsecret} %files credential-libsecret @@ -1063,6 +1045,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Wed Aug 20 2025 Ondřej Pohořelský - 2.51.0-1 +- update to 2.51.0 + * Wed Jul 23 2025 Fedora Release Engineering - 2.50.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild diff --git a/sources b/sources index 8e5e30a..9d8afae 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.50.1.tar.xz) = 09f37290c0d4d074b97363f4a4be1813426e93ac3fa993c4d671bb1462bcc9335713c17d1442196a35205a603eeb052662382935d27498875a251f4fe86f6b36 -SHA512 (git-2.50.1.tar.sign) = f03a588b4108a2f0eae949d8870a3f16da18dfdf23de547aeaa25cdbccf668cfe89d49bbfb3869571b261738482f32002d83b2760415d4c04a0285273b18e828 +SHA512 (git-2.51.0.tar.xz) = 2b8c59589266c0c9e58a9f4fda4a970a8a492e2e0ecbafc414fcfacac4a04251f0115b3676f4599a415b53906f1dea312b18a42e9bde455286abd62ec327beaf +SHA512 (git-2.51.0.tar.sign) = 1fb0d30fb68227ec8a13364b07c3d4468269a2912a746d75704146690115cd9e13c41be4e6e97f65fc5fce40f433456a5e2529f28fe04d6280557970189ac135 From 4cf7527c991233a0316fdbe4cfd60bbc84e0b859 Mon Sep 17 00:00:00 2001 From: Yanko Kaneti Date: Thu, 21 Aug 2025 16:46:57 +0300 Subject: [PATCH 107/113] Gitk can now work with tcl/tk 9 --- git.spec | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/git.spec b/git.spec index ec36e59..1e420f8 100644 --- a/git.spec +++ b/git.spec @@ -436,9 +436,7 @@ Summary: Git repository browser BuildArch: noarch Requires: git = %{version}-%{release} Requires: git-gui = %{version}-%{release} -# Keep gitk on tcl/tk 8.x until its ready for 9 (also see below in config.mk) -# https://github.com/j6t/gitk/issues/5 -Requires: tk8 >= 8.4 +Requires: tk %description -n gitk %{summary}. @@ -596,10 +594,6 @@ gitwebdir = %{_localstatedir}/www/git DEFAULT_TEST_TARGET = prove GIT_PROVE_OPTS = --verbose --normalize %{?_smp_mflags} --formatter=TAP::Formatter::File GIT_TEST_OPTS = -x --verbose-log - -# Keep gitk on tcl/tk 8.x until its ready for 9 (see more above in gitk requires) -TCLTK_PATH = wish8 -TCL_PATH = tclsh8 EOF # Filter bogus perl requires From 8e9df669b84ad39bdefbb31dabfac3b4fa09ab4b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= Date: Thu, 21 Aug 2025 18:33:27 +0200 Subject: [PATCH 108/113] exclude sample hook files from automatic dependency detection --- git.spec | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/git.spec b/git.spec index 1e420f8..7111a62 100644 --- a/git.spec +++ b/git.spec @@ -79,7 +79,7 @@ Name: git Version: 2.51.0 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT URL: https://git-scm.com/ @@ -605,6 +605,9 @@ EOF %endif # endif ! defined perl_bootstrap +# Exclude sample hook files from automatic dependency detection +%global __requires_exclude_from ^%{_datadir}/git-core/templates/hooks/.*sample$ + # Remove Git::LoadCPAN to ensure we use only system perl modules. This also # allows the dependencies to be automatically processed by rpm. rm -rf perl/Git/LoadCPAN{.pm,/} @@ -1039,6 +1042,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Thu Aug 21 2025 Ondřej Pohořelský - 2.51.0-2 +- exclude sample hook files from automatic dependency detection + * Wed Aug 20 2025 Ondřej Pohořelský - 2.51.0-1 - update to 2.51.0 From ba249bb3a1b6ce3fa8636a5ea71ae0a1d41ac58c Mon Sep 17 00:00:00 2001 From: Yaakov Selkowitz Date: Sun, 12 Oct 2025 18:21:23 -0400 Subject: [PATCH 109/113] Revbump for tcl/tk 9 Currently, the rawhide and f43 branches both have -2, but the tcl/tk 9 change is only on rawhide. --- git.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/git.spec b/git.spec index 7111a62..e337059 100644 --- a/git.spec +++ b/git.spec @@ -79,7 +79,7 @@ Name: git Version: 2.51.0 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT URL: https://git-scm.com/ @@ -1042,6 +1042,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Sun Oct 12 2025 Yaakov Selkowitz - 2.51.0-3 +- Revbump for tcl/tk 9 + * Thu Aug 21 2025 Ondřej Pohořelský - 2.51.0-2 - exclude sample hook files from automatic dependency detection From 8f542b0496a06ad6fed89e53c4d2e2a33ffe97c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= Date: Thu, 23 Oct 2025 09:34:39 +0200 Subject: [PATCH 110/113] update to 2.51.1 --- git.spec | 7 +++++-- sources | 4 ++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/git.spec b/git.spec index e337059..37c2a53 100644 --- a/git.spec +++ b/git.spec @@ -78,8 +78,8 @@ %global _package_note_file %{_builddir}/%{name}-%{real_version}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git -Version: 2.51.0 -Release: 3%{?dist} +Version: 2.51.1 +Release: 1%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT URL: https://git-scm.com/ @@ -1042,6 +1042,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Thu Oct 23 2025 Ondřej Pohořelský - 2.51.1-1 +- update to 2.51.1 + * Sun Oct 12 2025 Yaakov Selkowitz - 2.51.0-3 - Revbump for tcl/tk 9 diff --git a/sources b/sources index 9d8afae..2fe883b 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.51.0.tar.xz) = 2b8c59589266c0c9e58a9f4fda4a970a8a492e2e0ecbafc414fcfacac4a04251f0115b3676f4599a415b53906f1dea312b18a42e9bde455286abd62ec327beaf -SHA512 (git-2.51.0.tar.sign) = 1fb0d30fb68227ec8a13364b07c3d4468269a2912a746d75704146690115cd9e13c41be4e6e97f65fc5fce40f433456a5e2529f28fe04d6280557970189ac135 +SHA512 (git-2.51.1.tar.xz) = bc22d26bbfad4a549d2fb6bed11eb019c2dee607c86bf8faaa986774e526e5b367d80c9a79ab50358624634d840e8e0d27e0b46411d1aabbf76728b7a7f138dd +SHA512 (git-2.51.1.tar.sign) = b22a9ab0db57e00203181ee0138350b0dd7239b68f5ed5c1f2acfcf5f56993f0937150d3d74c27e2fdf6e6daa8eccc682353c957f9dbdd0d2dcbd870b5022aca From 6c89b0ef9df4c8238b1062f52fb4bbd0e06f5cf0 Mon Sep 17 00:00:00 2001 From: Yaakov Selkowitz Date: Mon, 17 Nov 2025 11:55:29 -0500 Subject: [PATCH 111/113] Build with highlight on all arches on EL8+ While highlight was only built/shipped on some arches in RHEL 7 Optional, as of RHEL 8 it is built on all arches (albeit not shipped as of 10). --- git.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/git.spec b/git.spec index 37c2a53..f634419 100644 --- a/git.spec +++ b/git.spec @@ -232,7 +232,7 @@ BuildRequires: glibc-langpack-is BuildRequires: gnupg2-smime %endif # endif fedora or el >= 9 -%if 0%{?fedora} || ( 0%{?rhel} >= 7 && ( "%{_arch}" == "ppc64le" || "%{_arch}" == "x86_64" ) ) +%if 0%{?fedora} || 0%{?rhel} >= 8 || ( 0%{?rhel} == 7 && ( "%{_arch}" == "ppc64le" || "%{_arch}" == "x86_64" ) ) BuildRequires: highlight %endif # endif fedora or el7+ (ppc64le/x86_64) From c488c27117d176c90e836715aed9947b2e3e6799 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= Date: Thu, 20 Nov 2025 13:40:48 +0100 Subject: [PATCH 112/113] update to 2.52.0 --- ...2-sanitize-sideband-channel-messages.patch | 21 ++++++++++--------- git.spec | 14 ++++++++----- sources | 4 ++-- 3 files changed, 22 insertions(+), 17 deletions(-) rename git-2.51-sanitize-sideband-channel-messages.patch => git-2.52-sanitize-sideband-channel-messages.patch (94%) diff --git a/git-2.51-sanitize-sideband-channel-messages.patch b/git-2.52-sanitize-sideband-channel-messages.patch similarity index 94% rename from git-2.51-sanitize-sideband-channel-messages.patch rename to git-2.52-sanitize-sideband-channel-messages.patch index 6a31b6b..786cb39 100644 --- a/git-2.51-sanitize-sideband-channel-messages.patch +++ b/git-2.52-sanitize-sideband-channel-messages.patch @@ -1,6 +1,6 @@ -From 247950ec070cef60c45a877d24a4770991d1eefc Mon Sep 17 00:00:00 2001 +From 65e88e659008e2cbf79cf44975406ff0d569a3a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= -Date: Wed, 20 Aug 2025 09:35:47 +0200 +Date: Thu, 20 Nov 2025 12:24:59 +0100 Subject: [PATCH] sideband: mask control characters MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -78,10 +78,10 @@ Signed-off-by: Ondřej Pohořelský create mode 100644 Documentation/config/sideband.adoc diff --git a/Documentation/config.adoc b/Documentation/config.adoc -index cc769251be..a8b04c4e51 100644 +index 62eebe7c54..dcea3c0c15 100644 --- a/Documentation/config.adoc +++ b/Documentation/config.adoc -@@ -522,6 +522,8 @@ include::config/sequencer.adoc[] +@@ -523,6 +523,8 @@ include::config/sequencer.adoc[] include::config/showbranch.adoc[] @@ -92,7 +92,7 @@ index cc769251be..a8b04c4e51 100644 include::config/splitindex.adoc[] diff --git a/Documentation/config/sideband.adoc b/Documentation/config/sideband.adoc new file mode 100644 -index 0000000000..a809e2de89 +index 0000000000..c9ba24a02c --- /dev/null +++ b/Documentation/config/sideband.adoc @@ -0,0 +1,16 @@ @@ -112,8 +112,9 @@ index 0000000000..a809e2de89 + Allow all control characters to be sent to the terminal. + This is the default. +-- +\ No newline at end of file diff --git a/sideband.c b/sideband.c -index 8f15b98a65..461eea0a51 100644 +index ea7c25211e..88d1b44a7a 100644 --- a/sideband.c +++ b/sideband.c @@ -26,6 +26,12 @@ static struct keyword_entry keywords[] = { @@ -127,10 +128,10 @@ index 8f15b98a65..461eea0a51 100644 +} allow_control_characters = ALLOW_ALL_CONTROL_CHARACTERS; + /* Returns a color setting (GIT_COLOR_NEVER, etc). */ - static int use_sideband_colors(void) + static enum git_colorbool use_sideband_colors(void) { -@@ -39,6 +45,25 @@ static int use_sideband_colors(void) - if (use_sideband_colors_cached >= 0) +@@ -39,6 +45,25 @@ static enum git_colorbool use_sideband_colors(void) + if (use_sideband_colors_cached != GIT_COLOR_UNKNOWN) return use_sideband_colors_cached; + switch (repo_config_get_maybe_bool(the_repository, "sideband.allowcontrolcharacters", &i)) { @@ -270,5 +271,5 @@ index fa5de4500a..2d40d8c640 100755 + test_done -- -2.50.1 +2.51.1 diff --git a/git.spec b/git.spec index f634419..df511dc 100644 --- a/git.spec +++ b/git.spec @@ -78,7 +78,7 @@ %global _package_note_file %{_builddir}/%{name}-%{real_version}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git -Version: 2.51.1 +Version: 2.52.0 Release: 1%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT @@ -137,7 +137,7 @@ Patch5: git-test-apache-davlockdbtype-config.patch # The default behaviour of Git remains unchanged. # # https://github.com/gitgitgadget/git/pull/1853 -Patch6: git-2.51-sanitize-sideband-channel-messages.patch +Patch6: git-2.52-sanitize-sideband-channel-messages.patch %if %{with docs} # pod2man is needed to build Git.3pm @@ -875,10 +875,11 @@ GIT_SKIP_TESTS="$GIT_SKIP_TESTS t5300.1[02348] t5300.2[03459] t5300.30 t5300.4[5 # Skip tests which fail on s390x # # The following tests are failing on s390x. -# https://lore.kernel.org/git/Z8dIZmscTdi8dZAY@teonanacatl.net/ +# https://lore.kernel.org/git/4dc4c8cd-c0cc-4784-8fcf-defa3a051087@mit.edu/ # -# t5620.4 'do partial clone 2, backfill min batch size' -GIT_SKIP_TESTS="$GIT_SKIP_TESTS t5620.4" +# t8020.16 'cross merge boundaries in blaming' +# t8020.19 'last-modified merge undoes changes' +GIT_SKIP_TESTS="$GIT_SKIP_TESTS t8020.16 t8020.19" %endif # endif "%{_arch}" == "s390x" export GIT_SKIP_TESTS @@ -1042,6 +1043,9 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Thu Nov 20 2025 Ondřej Pohořelský - 2.52.0-1 +- update to 2.52.0 + * Thu Oct 23 2025 Ondřej Pohořelský - 2.51.1-1 - update to 2.51.1 diff --git a/sources b/sources index 2fe883b..4a04f56 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.51.1.tar.xz) = bc22d26bbfad4a549d2fb6bed11eb019c2dee607c86bf8faaa986774e526e5b367d80c9a79ab50358624634d840e8e0d27e0b46411d1aabbf76728b7a7f138dd -SHA512 (git-2.51.1.tar.sign) = b22a9ab0db57e00203181ee0138350b0dd7239b68f5ed5c1f2acfcf5f56993f0937150d3d74c27e2fdf6e6daa8eccc682353c957f9dbdd0d2dcbd870b5022aca +SHA512 (git-2.52.0.tar.xz) = 965e5ebb72d1f080d64e34bdb75f0bb1689c9dd41dcf63b020d986bad49808ac09bfb1115962bc0c5b95bac8622367ac4cd09aa89266f73d2137fe94c90dd3ed +SHA512 (git-2.52.0.tar.sign) = a5a68ce131a5763650c477ec01a4de958dd6a946bdea0f613e26bdab41d2df6b3ca63f9028bbe603bf0c834bd415c86e6c616b1ff08cc48aa7c3c61a37b24b74 From da35363f19a689204ff3af77b85869ae857346b0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= Date: Fri, 12 Dec 2025 13:32:24 +0100 Subject: [PATCH 113/113] remove unused buildrequires --- git.spec | 2 -- 1 file changed, 2 deletions(-) diff --git a/git.spec b/git.spec index df511dc..49c55d0 100644 --- a/git.spec +++ b/git.spec @@ -149,7 +149,6 @@ BuildRequires: rubygem-asciidoctor BuildRequires: asciidoc >= 8.4.1 %endif # endif with asciidoctor -BuildRequires: perl(File::Compare) BuildRequires: xmlto %if %{with linkcheck} BuildRequires: linkchecker @@ -179,7 +178,6 @@ BuildRequires: openssl-devel BuildRequires: pcre2-devel BuildRequires: perl(Error) BuildRequires: perl(lib) -BuildRequires: perl(Test) %if %{use_perl_generators} BuildRequires: perl-generators %endif