From 73f81376f92891a376bd0d3b0bfa12ceab70bee4 Mon Sep 17 00:00:00 2001 From: Chris Wright Date: Sun, 10 Dec 2006 22:37:54 +0000 Subject: [PATCH 01/24] Update to git-1.4.4.2 --- .cvsignore | 2 +- git.spec | 40 +++++++++++++++++++++++++++++++--------- sources | 2 +- 3 files changed, 33 insertions(+), 11 deletions(-) diff --git a/.cvsignore b/.cvsignore index 6e343b5..ca2ed08 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -git-1.4.2.4.tar.gz +git-1.4.4.2.tar.gz diff --git a/git.spec b/git.spec index 692f7e4..400fd3f 100644 --- a/git.spec +++ b/git.spec @@ -1,6 +1,6 @@ # Pass --without docs to rpmbuild if you don't want the documentation Name: git -Version: 1.4.2.4 +Version: 1.4.4.2 Release: 1%{?dist} Summary: Git core and tools License: GPL @@ -9,7 +9,7 @@ URL: http://kernel.org/pub/software/scm/git/ Source: http://kernel.org/pub/software/scm/git/%{name}-%{version}.tar.gz BuildRequires: zlib-devel >= 1.2, openssl-devel, curl-devel, expat-devel %{!?_without_docs:, xmlto, asciidoc > 6.0.3} BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -Requires: git-core, git-svn, git-cvs, git-arch, git-email, gitk +Requires: git-core, git-svn, git-cvs, git-arch, git-email, gitk, perl-Git %description This is a stupid (but extremely fast) directory content manager. It @@ -70,6 +70,16 @@ Requires: git-core = %{version}-%{release}, tk >= 8.4 %description -n gitk Git revision tree visualiser ('gitk') +%package -n perl-Git +Summary: Perl interface to Git +Group: Development/Libraries +Requires: git-core = %{version}-%{release} +Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) +BuildRequires: perl(Error) + +%description -n perl-Git +Perl interface to Git + %prep %setup -q @@ -80,12 +90,18 @@ make %{_smp_mflags} CFLAGS="$RPM_OPT_FLAGS" WITH_OWN_SUBPROCESS_PY=YesPlease \ %install rm -rf $RPM_BUILD_ROOT make %{_smp_mflags} DESTDIR=$RPM_BUILD_ROOT WITH_OWN_SUBPROCESS_PY=YesPlease \ - prefix=%{_prefix} mandir=%{_mandir} \ + prefix=%{_prefix} mandir=%{_mandir} INSTALLDIRS=vendor \ install %{!?_without_docs: install-doc} +find $RPM_BUILD_ROOT -type f -name .packlist -exec rm -f {} ';' +find $RPM_BUILD_ROOT -type f -name '*.bs' -empty -exec rm -f {} ';' +find $RPM_BUILD_ROOT -type f -name perllocal.pod -exec rm -f {} ';' -(find $RPM_BUILD_ROOT%{_bindir} -type f | grep -vE "arch|svn|cvs|email|gitk" | sed -e s@^$RPM_BUILD_ROOT@@) > bin-man-doc-files +(find $RPM_BUILD_ROOT%{_bindir} -type f | grep -vE "archimport|svn|cvs|email|gitk" | sed -e s@^$RPM_BUILD_ROOT@@) > bin-man-doc-files +(find $RPM_BUILD_ROOT%{perl_vendorlib} -type f | sed -e s@^$RPM_BUILD_ROOT@@) >> perl-files %if %{!?_without_docs:1}0 -(find $RPM_BUILD_ROOT%{_mandir} $RPM_BUILD_ROOT/Documentation -type f | grep -vE "arch|svn|git-cvs|email|gitk" | sed -e s@^$RPM_BUILD_ROOT@@ -e 's/$/*/' ) >> bin-man-doc-files +(find $RPM_BUILD_ROOT%{_mandir} $RPM_BUILD_ROOT/Documentation -type f | grep -vE "archimport|svn|git-cvs|email|gitk" | sed -e s@^$RPM_BUILD_ROOT@@ -e 's/$/*/' ) >> bin-man-doc-files +%else +rm -rf $RPM_BUILD_ROOT%{_mandir} %endif %clean @@ -110,10 +126,10 @@ rm -rf $RPM_BUILD_ROOT %files arch %defattr(-,root,root) -%doc Documentation/*arch*.txt -%{_bindir}/*arch* -%{!?_without_docs: %{_mandir}/man1/*arch*.1*} -%{!?_without_docs: %doc Documentation/*arch*.html } +%doc Documentation/git-archimport.txt +%{_bindir}/git-archimport +%{!?_without_docs: %{_mandir}/man1/git-archimport.1*} +%{!?_without_docs: %doc Documentation/git-archimport.html } %files email %defattr(-,root,root) @@ -129,6 +145,9 @@ rm -rf $RPM_BUILD_ROOT %{!?_without_docs: %{_mandir}/man1/*gitk*.1*} %{!?_without_docs: %doc Documentation/*gitk*.html } +%files -n perl-Git -f perl-files +%defattr(-,root,root) + %files core -f bin-man-doc-files %defattr(-,root,root) %{_datadir}/git-core/ @@ -136,6 +155,9 @@ rm -rf $RPM_BUILD_ROOT %{!?_without_docs: %doc Documentation/*.html } %changelog +* Sun Dec 10 2006 Chris Wright 1.4.4.2-1 +- git-1.4.4.2 + * Tue Oct 17 2006 Chris Wright 1.4.2.4-1 - git-1.4.2.4 diff --git a/sources b/sources index d885a62..4046dd8 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -285f8b7a57f3062217e9fb5fb53836a5 git-1.4.2.4.tar.gz +e659d672930ed5144ab20df4d6958007 git-1.4.4.2.tar.gz From 9a8286927a125f69524ab5f17d813ba2876ff9ec Mon Sep 17 00:00:00 2001 From: Chris Wright Date: Mon, 11 Dec 2006 09:04:50 +0000 Subject: [PATCH 02/24] couple minor git fixes --- ...oid-miscounting-bytes-in-Perl-v5.8.x.patch | 32 +++++++++++++++++++ git-install-non-executable-doc-files.patch | 22 +++++++++++++ git.spec | 13 +++++++- 3 files changed, 66 insertions(+), 1 deletion(-) create mode 100644 cvsserver-Avoid-miscounting-bytes-in-Perl-v5.8.x.patch create mode 100644 git-install-non-executable-doc-files.patch diff --git a/cvsserver-Avoid-miscounting-bytes-in-Perl-v5.8.x.patch b/cvsserver-Avoid-miscounting-bytes-in-Perl-v5.8.x.patch new file mode 100644 index 0000000..ef01f4d --- /dev/null +++ b/cvsserver-Avoid-miscounting-bytes-in-Perl-v5.8.x.patch @@ -0,0 +1,32 @@ +From 4f88d3e0cbf443cd309c2c881209f3366f14023d Mon Sep 17 00:00:00 2001 +From: Martin Langhoff +Date: Thu, 7 Dec 2006 16:38:50 +1300 +Subject: [PATCH] cvsserver: Avoid miscounting bytes in Perl v5.8.x + +At some point between v5.6 and 5.8 Perl started to assume its input, +output and filehandles are UTF-8. This breaks the counting of bytes +for the CVS protocol, resulting in the client expecting less data +than we actually send, and storing truncated files. + +Signed-off-by: Martin Langhoff +Signed-off-by: Junio C Hamano +Signed-off-by: Chris Wright +--- + git-cvsserver.perl | 1 + + 1 files changed, 1 insertions(+), 0 deletions(-) + +diff --git a/git-cvsserver.perl b/git-cvsserver.perl +index ca519b7..197014d 100755 +--- a/git-cvsserver.perl ++++ b/git-cvsserver.perl +@@ -17,6 +17,7 @@ + + use strict; + use warnings; ++use bytes; + + use Fcntl; + use File::Temp qw/tempdir tempfile/; +-- +1.4.4.2 + diff --git a/git-install-non-executable-doc-files.patch b/git-install-non-executable-doc-files.patch new file mode 100644 index 0000000..4f19f23 --- /dev/null +++ b/git-install-non-executable-doc-files.patch @@ -0,0 +1,22 @@ +No need to install documentation files as executable. + +Signed-off-by: Chris Wright +--- + Documentation/Makefile | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/Documentation/Makefile b/Documentation/Makefile +index c00f5f6..d68bc4a 100644 +--- a/Documentation/Makefile ++++ b/Documentation/Makefile +@@ -56,8 +56,8 @@ man7: $(DOC_MAN7) + + install: man + $(INSTALL) -d -m755 $(DESTDIR)$(man1dir) $(DESTDIR)$(man7dir) +- $(INSTALL) $(DOC_MAN1) $(DESTDIR)$(man1dir) +- $(INSTALL) $(DOC_MAN7) $(DESTDIR)$(man7dir) ++ $(INSTALL) -m644 $(DOC_MAN1) $(DESTDIR)$(man1dir) ++ $(INSTALL) -m644 $(DOC_MAN7) $(DESTDIR)$(man7dir) + + + # diff --git a/git.spec b/git.spec index 400fd3f..bc7db6e 100644 --- a/git.spec +++ b/git.spec @@ -1,12 +1,14 @@ # Pass --without docs to rpmbuild if you don't want the documentation Name: git Version: 1.4.4.2 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Git core and tools License: GPL Group: Development/Tools URL: http://kernel.org/pub/software/scm/git/ Source: http://kernel.org/pub/software/scm/git/%{name}-%{version}.tar.gz +Patch0: git-install-non-executable-doc-files.patch +Patch1: cvsserver-Avoid-miscounting-bytes-in-Perl-v5.8.x.patch BuildRequires: zlib-devel >= 1.2, openssl-devel, curl-devel, expat-devel %{!?_without_docs:, xmlto, asciidoc > 6.0.3} BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: git-core, git-svn, git-cvs, git-arch, git-email, gitk, perl-Git @@ -82,6 +84,8 @@ Perl interface to Git %prep %setup -q +%patch0 -p1 +%patch1 -p1 %build make %{_smp_mflags} CFLAGS="$RPM_OPT_FLAGS" WITH_OWN_SUBPROCESS_PY=YesPlease \ @@ -155,9 +159,16 @@ rm -rf $RPM_BUILD_ROOT %{!?_without_docs: %doc Documentation/*.html } %changelog +* Sun Dec 10 2006 Chris Wright 1.4.4.2-2 +- no need to install manpages executable (bz 216790) +- use bytes for git-cvsserver + * Sun Dec 10 2006 Chris Wright 1.4.4.2-1 - git-1.4.4.2 +* Mon Nov 6 2006 Jindrich Novy 1.4.2.4-2 +- rebuild against the new curl + * Tue Oct 17 2006 Chris Wright 1.4.2.4-1 - git-1.4.2.4 From 608e8bdbf4372f1ee932c49207043557183101d2 Mon Sep 17 00:00:00 2001 From: Chris Wright Date: Mon, 26 Feb 2007 22:43:20 +0000 Subject: [PATCH 03/24] Update to git-1.5.0.2 --- .cvsignore | 2 +- ...oid-miscounting-bytes-in-Perl-v5.8.x.patch | 32 ---------- git-install-non-executable-doc-files.patch | 22 ------- git.spec | 63 ++++++++++++------- sources | 2 +- 5 files changed, 42 insertions(+), 79 deletions(-) delete mode 100644 cvsserver-Avoid-miscounting-bytes-in-Perl-v5.8.x.patch delete mode 100644 git-install-non-executable-doc-files.patch diff --git a/.cvsignore b/.cvsignore index ca2ed08..ca282a9 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -git-1.4.4.2.tar.gz +git-1.5.0.2.tar.gz diff --git a/cvsserver-Avoid-miscounting-bytes-in-Perl-v5.8.x.patch b/cvsserver-Avoid-miscounting-bytes-in-Perl-v5.8.x.patch deleted file mode 100644 index ef01f4d..0000000 --- a/cvsserver-Avoid-miscounting-bytes-in-Perl-v5.8.x.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 4f88d3e0cbf443cd309c2c881209f3366f14023d Mon Sep 17 00:00:00 2001 -From: Martin Langhoff -Date: Thu, 7 Dec 2006 16:38:50 +1300 -Subject: [PATCH] cvsserver: Avoid miscounting bytes in Perl v5.8.x - -At some point between v5.6 and 5.8 Perl started to assume its input, -output and filehandles are UTF-8. This breaks the counting of bytes -for the CVS protocol, resulting in the client expecting less data -than we actually send, and storing truncated files. - -Signed-off-by: Martin Langhoff -Signed-off-by: Junio C Hamano -Signed-off-by: Chris Wright ---- - git-cvsserver.perl | 1 + - 1 files changed, 1 insertions(+), 0 deletions(-) - -diff --git a/git-cvsserver.perl b/git-cvsserver.perl -index ca519b7..197014d 100755 ---- a/git-cvsserver.perl -+++ b/git-cvsserver.perl -@@ -17,6 +17,7 @@ - - use strict; - use warnings; -+use bytes; - - use Fcntl; - use File::Temp qw/tempdir tempfile/; --- -1.4.4.2 - diff --git a/git-install-non-executable-doc-files.patch b/git-install-non-executable-doc-files.patch deleted file mode 100644 index 4f19f23..0000000 --- a/git-install-non-executable-doc-files.patch +++ /dev/null @@ -1,22 +0,0 @@ -No need to install documentation files as executable. - -Signed-off-by: Chris Wright ---- - Documentation/Makefile | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/Documentation/Makefile b/Documentation/Makefile -index c00f5f6..d68bc4a 100644 ---- a/Documentation/Makefile -+++ b/Documentation/Makefile -@@ -56,8 +56,8 @@ man7: $(DOC_MAN7) - - install: man - $(INSTALL) -d -m755 $(DESTDIR)$(man1dir) $(DESTDIR)$(man7dir) -- $(INSTALL) $(DOC_MAN1) $(DESTDIR)$(man1dir) -- $(INSTALL) $(DOC_MAN7) $(DESTDIR)$(man7dir) -+ $(INSTALL) -m644 $(DOC_MAN1) $(DESTDIR)$(man1dir) -+ $(INSTALL) -m644 $(DOC_MAN7) $(DESTDIR)$(man7dir) - - - # diff --git a/git.spec b/git.spec index bc7db6e..f0fe843 100644 --- a/git.spec +++ b/git.spec @@ -1,39 +1,31 @@ # Pass --without docs to rpmbuild if you don't want the documentation Name: git -Version: 1.4.4.2 -Release: 2%{?dist} +Version: 1.5.0.2 +Release: 1%{?dist} Summary: Git core and tools License: GPL Group: Development/Tools URL: http://kernel.org/pub/software/scm/git/ Source: http://kernel.org/pub/software/scm/git/%{name}-%{version}.tar.gz -Patch0: git-install-non-executable-doc-files.patch -Patch1: cvsserver-Avoid-miscounting-bytes-in-Perl-v5.8.x.patch BuildRequires: zlib-devel >= 1.2, openssl-devel, curl-devel, expat-devel %{!?_without_docs:, xmlto, asciidoc > 6.0.3} BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -Requires: git-core, git-svn, git-cvs, git-arch, git-email, gitk, perl-Git +Requires: git-core, git-svn, git-cvs, git-arch, git-email, gitk, git-gui, perl-Git %description -This is a stupid (but extremely fast) directory content manager. It -doesn't do a whole lot, but what it _does_ do is track directory -contents efficiently. It is intended to be the base of an efficient, -distributed source code management system. This package includes -rudimentary tools that can be used as a SCM, but you should look -elsewhere for tools for ordinary humans layered on top of this. +Git is a fast, scalable, distributed revision control system with an +unusually rich command set that provides both high-level operations +and full access to internals. This is a dummy package which brings in all subpackages. %package core Summary: Core git tools Group: Development/Tools -Requires: zlib >= 1.2, rsync, rcs, curl, less, openssh-clients, python >= 2.3, expat +Requires: zlib >= 1.2, rsync, curl, less, openssh-clients, expat %description core -This is a stupid (but extremely fast) directory content manager. It -doesn't do a whole lot, but what it _does_ do is track directory -contents efficiently. It is intended to be the base of an efficient, -distributed source code management system. This package includes -rudimentary tools that can be used as a SCM, but you should look -elsewhere for tools for ordinary humans layered on top of this. +Git is a fast, scalable, distributed revision control system with an +unusually rich command set that provides both high-level operations +and full access to internals. These are the core tools with minimal dependencies. @@ -65,6 +57,13 @@ Requires: git-core = %{version}-%{release} %description email Git tools for sending email. +%package gui +Summary: Git GUI tool +Group: Development/Tools +Requires: git-core = %{version}-%{release}, tk >= 8.4 +%description gui +Git GUI tool + %package -n gitk Summary: Git revision tree visualiser ('gitk') Group: Development/Tools @@ -84,8 +83,6 @@ Perl interface to Git %prep %setup -q -%patch0 -p1 -%patch1 -p1 %build make %{_smp_mflags} CFLAGS="$RPM_OPT_FLAGS" WITH_OWN_SUBPROCESS_PY=YesPlease \ @@ -93,17 +90,18 @@ make %{_smp_mflags} CFLAGS="$RPM_OPT_FLAGS" WITH_OWN_SUBPROCESS_PY=YesPlease \ %install rm -rf $RPM_BUILD_ROOT -make %{_smp_mflags} DESTDIR=$RPM_BUILD_ROOT WITH_OWN_SUBPROCESS_PY=YesPlease \ +make %{_smp_mflags} CFLAGS="$RPM_OPT_FLAGS" DESTDIR=$RPM_BUILD_ROOT \ + WITH_OWN_SUBPROCESS_PY=YesPlease \ prefix=%{_prefix} mandir=%{_mandir} INSTALLDIRS=vendor \ install %{!?_without_docs: install-doc} find $RPM_BUILD_ROOT -type f -name .packlist -exec rm -f {} ';' find $RPM_BUILD_ROOT -type f -name '*.bs' -empty -exec rm -f {} ';' find $RPM_BUILD_ROOT -type f -name perllocal.pod -exec rm -f {} ';' -(find $RPM_BUILD_ROOT%{_bindir} -type f | grep -vE "archimport|svn|cvs|email|gitk" | sed -e s@^$RPM_BUILD_ROOT@@) > bin-man-doc-files +(find $RPM_BUILD_ROOT%{_bindir} -type f | grep -vE "archimport|svn|cvs|email|gitk|git-gui|git-citool" | sed -e s@^$RPM_BUILD_ROOT@@) > bin-man-doc-files (find $RPM_BUILD_ROOT%{perl_vendorlib} -type f | sed -e s@^$RPM_BUILD_ROOT@@) >> perl-files %if %{!?_without_docs:1}0 -(find $RPM_BUILD_ROOT%{_mandir} $RPM_BUILD_ROOT/Documentation -type f | grep -vE "archimport|svn|git-cvs|email|gitk" | sed -e s@^$RPM_BUILD_ROOT@@ -e 's/$/*/' ) >> bin-man-doc-files +(find $RPM_BUILD_ROOT%{_mandir} $RPM_BUILD_ROOT/Documentation -type f | grep -vE "archimport|svn|git-cvs|email|gitk|git-gui|git-citool" | sed -e s@^$RPM_BUILD_ROOT@@ -e 's/$/*/' ) >> bin-man-doc-files %else rm -rf $RPM_BUILD_ROOT%{_mandir} %endif @@ -142,6 +140,16 @@ rm -rf $RPM_BUILD_ROOT %{!?_without_docs: %{_mandir}/man1/*email*.1*} %{!?_without_docs: %doc Documentation/*email*.html } +%files gui +%defattr(-,root,root) +%{_bindir}/git-gui +%{_bindir}/git-citool +# Not Yet... +# %{!?_without_docs: %{_mandir}/man1/git-gui.1} +# %{!?_without_docs: %doc Documentation/git-gui.html} +# %{!?_without_docs: %{_mandir}/man1/git-citool.1} +# %{!?_without_docs: %doc Documentation/git-citool.html} + %files -n gitk %defattr(-,root,root) %doc Documentation/*gitk*.txt @@ -159,6 +167,15 @@ rm -rf $RPM_BUILD_ROOT %{!?_without_docs: %doc Documentation/*.html } %changelog +* Mon Feb 26 2007 Chris Wright 1.5.0.2-1 +- git-1.5.0.2 + +* Mon Feb 13 2007 Nicolas Pitre +- Update core package description (Git isn't as stupid as it used to be) + +* Mon Feb 12 2007 Junio C Hamano +- Add git-gui and git-citool. + * Sun Dec 10 2006 Chris Wright 1.4.4.2-2 - no need to install manpages executable (bz 216790) - use bytes for git-cvsserver diff --git a/sources b/sources index 4046dd8..4b18025 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -e659d672930ed5144ab20df4d6958007 git-1.4.4.2.tar.gz +7bdc4894ece40e0219f259f64750978d git-1.5.0.2.tar.gz From 8a8a31c445a5cfd1349200f2b08aa396cc8d4492 Mon Sep 17 00:00:00 2001 From: Chris Wright Date: Tue, 13 Mar 2007 21:04:18 +0000 Subject: [PATCH 04/24] Update to git-1.5.0.3 --- .cvsignore | 2 +- git.spec | 5 ++++- sources | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.cvsignore b/.cvsignore index ca282a9..eb468e3 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -git-1.5.0.2.tar.gz +git-1.5.0.3.tar.gz diff --git a/git.spec b/git.spec index f0fe843..d7bc425 100644 --- a/git.spec +++ b/git.spec @@ -1,6 +1,6 @@ # Pass --without docs to rpmbuild if you don't want the documentation Name: git -Version: 1.5.0.2 +Version: 1.5.0.3 Release: 1%{?dist} Summary: Git core and tools License: GPL @@ -167,6 +167,9 @@ rm -rf $RPM_BUILD_ROOT %{!?_without_docs: %doc Documentation/*.html } %changelog +* Tue Mar 13 2007 Chris Wright 1.5.0.3-1 +- git-1.5.0.3 + * Mon Feb 26 2007 Chris Wright 1.5.0.2-1 - git-1.5.0.2 diff --git a/sources b/sources index 4b18025..1459854 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -7bdc4894ece40e0219f259f64750978d git-1.5.0.2.tar.gz +eed1b888334310bb0e7f3f7e4f074963 git-1.5.0.3.tar.gz From f41afabc1383e76d6b38a2f02fd4ec3e390e2595 Mon Sep 17 00:00:00 2001 From: Chris Wright Date: Mon, 19 Mar 2007 21:51:24 +0000 Subject: [PATCH 05/24] Update to git-1.5.0.5 --- .cvsignore | 2 +- git.spec | 5 ++++- sources | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.cvsignore b/.cvsignore index eb468e3..23afead 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -git-1.5.0.3.tar.gz +git-1.5.0.5.tar.gz diff --git a/git.spec b/git.spec index d7bc425..401e1ea 100644 --- a/git.spec +++ b/git.spec @@ -1,6 +1,6 @@ # Pass --without docs to rpmbuild if you don't want the documentation Name: git -Version: 1.5.0.3 +Version: 1.5.0.5 Release: 1%{?dist} Summary: Git core and tools License: GPL @@ -167,6 +167,9 @@ rm -rf $RPM_BUILD_ROOT %{!?_without_docs: %doc Documentation/*.html } %changelog +* Mon Mar 19 2007 Chris Wright 1.5.0.5-1 +- git-1.5.0.5 + * Tue Mar 13 2007 Chris Wright 1.5.0.3-1 - git-1.5.0.3 diff --git a/sources b/sources index 1459854..cf42138 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -eed1b888334310bb0e7f3f7e4f074963 git-1.5.0.3.tar.gz +f7e6406f27464517cf9b718f8541dcb1 git-1.5.0.5.tar.gz From 3888ddcd609110d8d616b164d92a346cb421319c Mon Sep 17 00:00:00 2001 From: Chris Wright Date: Fri, 30 Mar 2007 17:52:28 +0000 Subject: [PATCH 06/24] Update to git-1.5.0.6 --- .cvsignore | 2 +- git.spec | 5 ++++- sources | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.cvsignore b/.cvsignore index 23afead..e8e0fe7 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -git-1.5.0.5.tar.gz +git-1.5.0.6.tar.gz diff --git a/git.spec b/git.spec index 401e1ea..58ea102 100644 --- a/git.spec +++ b/git.spec @@ -1,6 +1,6 @@ # Pass --without docs to rpmbuild if you don't want the documentation Name: git -Version: 1.5.0.5 +Version: 1.5.0.6 Release: 1%{?dist} Summary: Git core and tools License: GPL @@ -167,6 +167,9 @@ rm -rf $RPM_BUILD_ROOT %{!?_without_docs: %doc Documentation/*.html } %changelog +* Fri Mar 30 2007 Chris Wright 1.5.0.6-1 +- git-1.5.0.6 + * Mon Mar 19 2007 Chris Wright 1.5.0.5-1 - git-1.5.0.5 diff --git a/sources b/sources index cf42138..43c7921 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -f7e6406f27464517cf9b718f8541dcb1 git-1.5.0.5.tar.gz +d9564417eadc424d4dd7616339fa9b2f git-1.5.0.6.tar.gz From 4a3c677a3b5dcbe7c5661ef11a72d734c65a1817 Mon Sep 17 00:00:00 2001 From: Warren Togami Date: Fri, 8 Jun 2007 19:49:59 +0000 Subject: [PATCH 07/24] Initialize branch EL-5 for git --- branch | 1 + 1 file changed, 1 insertion(+) create mode 100644 branch diff --git a/branch b/branch new file mode 100644 index 0000000..42f697a --- /dev/null +++ b/branch @@ -0,0 +1 @@ +EL-5 From 45d5187933df5c564d7413e81b6e49527e5f3fe5 Mon Sep 17 00:00:00 2001 From: jbowes Date: Sat, 9 Jun 2007 01:52:21 +0000 Subject: [PATCH 08/24] git-1.5.2.1 for el-5 --- git.spec | 30 +++++++++++++++++++++++------- sources | 2 +- 2 files changed, 24 insertions(+), 8 deletions(-) diff --git a/git.spec b/git.spec index 58ea102..44a488b 100644 --- a/git.spec +++ b/git.spec @@ -1,13 +1,13 @@ # Pass --without docs to rpmbuild if you don't want the documentation Name: git -Version: 1.5.0.6 +Version: 1.5.2.1 Release: 1%{?dist} Summary: Git core and tools License: GPL Group: Development/Tools URL: http://kernel.org/pub/software/scm/git/ Source: http://kernel.org/pub/software/scm/git/%{name}-%{version}.tar.gz -BuildRequires: zlib-devel >= 1.2, openssl-devel, curl-devel, expat-devel %{!?_without_docs:, xmlto, asciidoc > 6.0.3} +BuildRequires: perl-devel, zlib-devel >= 1.2, openssl-devel, curl-devel, expat-devel %{!?_without_docs:, xmlto, asciidoc > 6.0.3} BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: git-core, git-svn, git-cvs, git-arch, git-email, gitk, git-gui, perl-Git @@ -85,15 +85,16 @@ Perl interface to Git %setup -q %build -make %{_smp_mflags} CFLAGS="$RPM_OPT_FLAGS" WITH_OWN_SUBPROCESS_PY=YesPlease \ +make %{_smp_mflags} CFLAGS="$RPM_OPT_FLAGS" \ + ETC_GITCONFIG=/etc/gitconfig \ prefix=%{_prefix} all %{!?_without_docs: doc} %install rm -rf $RPM_BUILD_ROOT make %{_smp_mflags} CFLAGS="$RPM_OPT_FLAGS" DESTDIR=$RPM_BUILD_ROOT \ - WITH_OWN_SUBPROCESS_PY=YesPlease \ - prefix=%{_prefix} mandir=%{_mandir} INSTALLDIRS=vendor \ - install %{!?_without_docs: install-doc} + prefix=%{_prefix} mandir=%{_mandir} \ + ETC_GITCONFIG=/etc/gitconfig \ + INSTALLDIRS=vendor install %{!?_without_docs: install-doc} find $RPM_BUILD_ROOT -type f -name .packlist -exec rm -f {} ';' find $RPM_BUILD_ROOT -type f -name '*.bs' -empty -exec rm -f {} ';' find $RPM_BUILD_ROOT -type f -name perllocal.pod -exec rm -f {} ';' @@ -144,6 +145,7 @@ rm -rf $RPM_BUILD_ROOT %defattr(-,root,root) %{_bindir}/git-gui %{_bindir}/git-citool +%{_datadir}/git-gui/ # Not Yet... # %{!?_without_docs: %{_mandir}/man1/git-gui.1} # %{!?_without_docs: %doc Documentation/git-gui.html} @@ -164,9 +166,20 @@ rm -rf $RPM_BUILD_ROOT %defattr(-,root,root) %{_datadir}/git-core/ %doc README COPYING Documentation/*.txt -%{!?_without_docs: %doc Documentation/*.html } +%{!?_without_docs: %doc Documentation/*.html Documentation/howto} +%{!?_without_docs: %doc Documentation/technical} %changelog +* Fri Jun 08 2007 James Bowes 1.5.2.1-1 +- git-1.5.2.1 + +* Tue May 13 2007 Quy Tonthat +- Added lib files for git-gui +- Added Documentation/technical (As needed by Git Users Manual) + +* Tue May 8 2007 Quy Tonthat +- Added howto files + * Fri Mar 30 2007 Chris Wright 1.5.0.6-1 - git-1.5.0.6 @@ -176,6 +189,9 @@ rm -rf $RPM_BUILD_ROOT * Tue Mar 13 2007 Chris Wright 1.5.0.3-1 - git-1.5.0.3 +* Fri Mar 2 2007 Chris Wright 1.5.0.2-2 +- BuildRequires perl-devel as of perl-5.8.8-14 (bz 230680) + * Mon Feb 26 2007 Chris Wright 1.5.0.2-1 - git-1.5.0.2 diff --git a/sources b/sources index 43c7921..943574d 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -d9564417eadc424d4dd7616339fa9b2f git-1.5.0.6.tar.gz +e65b08c2e1a4112c3139c15ac5a13e71 git-1.5.2.1.tar.gz From c8d6dbdf8bbedfff83fd38525cdd5a4fb8f32641 Mon Sep 17 00:00:00 2001 From: jbowes Date: Fri, 22 Jun 2007 19:58:41 +0000 Subject: [PATCH 09/24] git-1.5.2.1-2 for el5 --- git.spec | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/git.spec b/git.spec index 44a488b..e2151cb 100644 --- a/git.spec +++ b/git.spec @@ -1,13 +1,13 @@ # Pass --without docs to rpmbuild if you don't want the documentation Name: git Version: 1.5.2.1 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Git core and tools License: GPL Group: Development/Tools URL: http://kernel.org/pub/software/scm/git/ Source: http://kernel.org/pub/software/scm/git/%{name}-%{version}.tar.gz -BuildRequires: perl-devel, zlib-devel >= 1.2, openssl-devel, curl-devel, expat-devel %{!?_without_docs:, xmlto, asciidoc > 6.0.3} +BuildRequires: perl, zlib-devel >= 1.2, openssl-devel, curl-devel, expat-devel %{!?_without_docs:, xmlto, asciidoc > 6.0.3} BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: git-core, git-svn, git-cvs, git-arch, git-email, gitk, git-gui, perl-Git @@ -76,7 +76,6 @@ Summary: Perl interface to Git Group: Development/Libraries Requires: git-core = %{version}-%{release} Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) -BuildRequires: perl(Error) %description -n perl-Git Perl interface to Git @@ -170,6 +169,9 @@ rm -rf $RPM_BUILD_ROOT %{!?_without_docs: %doc Documentation/technical} %changelog +* Fri Jun 22 2007 James Bowes 1.5.2.1-2 +- Remove buildreq on perl(Error) and perl-devel for el5. + * Fri Jun 08 2007 James Bowes 1.5.2.1-1 - git-1.5.2.1 From 21d9c2a3c62185d5c5a775145de878c42f66b20f Mon Sep 17 00:00:00 2001 From: jbowes Date: Mon, 23 Jul 2007 20:59:10 +0000 Subject: [PATCH 10/24] Remove git-arch subpackage --- git.spec | 27 +++++++++------------------ 1 file changed, 9 insertions(+), 18 deletions(-) diff --git a/git.spec b/git.spec index e2151cb..d06b38b 100644 --- a/git.spec +++ b/git.spec @@ -1,7 +1,7 @@ # Pass --without docs to rpmbuild if you don't want the documentation Name: git Version: 1.5.2.1 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Git core and tools License: GPL Group: Development/Tools @@ -9,7 +9,7 @@ URL: http://kernel.org/pub/software/scm/git/ Source: http://kernel.org/pub/software/scm/git/%{name}-%{version}.tar.gz BuildRequires: perl, zlib-devel >= 1.2, openssl-devel, curl-devel, expat-devel %{!?_without_docs:, xmlto, asciidoc > 6.0.3} BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -Requires: git-core, git-svn, git-cvs, git-arch, git-email, gitk, git-gui, perl-Git +Requires: git-core, git-svn, git-cvs, git-email, gitk, git-gui, perl-Git %description Git is a fast, scalable, distributed revision control system with an @@ -43,13 +43,6 @@ Requires: git-core = %{version}-%{release}, cvs, cvsps %description cvs Git tools for importing CVS repositories. -%package arch -Summary: Git tools for importing Arch repositories -Group: Development/Tools -Requires: git-core = %{version}-%{release}, tla -%description arch -Git tools for importing Arch repositories. - %package email Summary: Git tools for sending email Group: Development/Tools @@ -98,10 +91,12 @@ find $RPM_BUILD_ROOT -type f -name .packlist -exec rm -f {} ';' find $RPM_BUILD_ROOT -type f -name '*.bs' -empty -exec rm -f {} ';' find $RPM_BUILD_ROOT -type f -name perllocal.pod -exec rm -f {} ';' -(find $RPM_BUILD_ROOT%{_bindir} -type f | grep -vE "archimport|svn|cvs|email|gitk|git-gui|git-citool" | sed -e s@^$RPM_BUILD_ROOT@@) > bin-man-doc-files +find $RPM_BUILD_ROOT -type f -name 'git-archimport*' -exec rm -f {} ';' + +(find $RPM_BUILD_ROOT%{_bindir} -type f | grep -vE "svn|cvs|email|gitk|git-gui|git-citool" | sed -e s@^$RPM_BUILD_ROOT@@) > bin-man-doc-files (find $RPM_BUILD_ROOT%{perl_vendorlib} -type f | sed -e s@^$RPM_BUILD_ROOT@@) >> perl-files %if %{!?_without_docs:1}0 -(find $RPM_BUILD_ROOT%{_mandir} $RPM_BUILD_ROOT/Documentation -type f | grep -vE "archimport|svn|git-cvs|email|gitk|git-gui|git-citool" | sed -e s@^$RPM_BUILD_ROOT@@ -e 's/$/*/' ) >> bin-man-doc-files +(find $RPM_BUILD_ROOT%{_mandir} $RPM_BUILD_ROOT/Documentation -type f | grep -vE "svn|git-cvs|email|gitk|git-gui|git-citool" | sed -e s@^$RPM_BUILD_ROOT@@ -e 's/$/*/' ) >> bin-man-doc-files %else rm -rf $RPM_BUILD_ROOT%{_mandir} %endif @@ -126,13 +121,6 @@ rm -rf $RPM_BUILD_ROOT %{!?_without_docs: %{_mandir}/man1/*cvs*.1*} %{!?_without_docs: %doc Documentation/*git-cvs*.html } -%files arch -%defattr(-,root,root) -%doc Documentation/git-archimport.txt -%{_bindir}/git-archimport -%{!?_without_docs: %{_mandir}/man1/git-archimport.1*} -%{!?_without_docs: %doc Documentation/git-archimport.html } - %files email %defattr(-,root,root) %doc Documentation/*email*.txt @@ -169,6 +157,9 @@ rm -rf $RPM_BUILD_ROOT %{!?_without_docs: %doc Documentation/technical} %changelog +* Mon Jul 23 2007 James Bowes 1.5.2.1-3 +- Remove the git-arch subpackage (tla is not in epel). + * Fri Jun 22 2007 James Bowes 1.5.2.1-2 - Remove buildreq on perl(Error) and perl-devel for el5. From 4dbe08400128e4a22c76459a237d9c09675e9aa8 Mon Sep 17 00:00:00 2001 From: jbowes Date: Fri, 12 Oct 2007 13:25:34 +0000 Subject: [PATCH 11/24] git 1.5.3.3 for el5 --- git.spec | 16 +++++++++------- sources | 2 +- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/git.spec b/git.spec index d06b38b..c4ecbbf 100644 --- a/git.spec +++ b/git.spec @@ -1,7 +1,7 @@ # Pass --without docs to rpmbuild if you don't want the documentation Name: git -Version: 1.5.2.1 -Release: 3%{?dist} +Version: 1.5.3.3 +Release: 1%{?dist} Summary: Git core and tools License: GPL Group: Development/Tools @@ -133,11 +133,10 @@ rm -rf $RPM_BUILD_ROOT %{_bindir}/git-gui %{_bindir}/git-citool %{_datadir}/git-gui/ -# Not Yet... -# %{!?_without_docs: %{_mandir}/man1/git-gui.1} -# %{!?_without_docs: %doc Documentation/git-gui.html} -# %{!?_without_docs: %{_mandir}/man1/git-citool.1} -# %{!?_without_docs: %doc Documentation/git-citool.html} +%{!?_without_docs: %{_mandir}/man1/git-gui.1*} +%{!?_without_docs: %doc Documentation/git-gui.html} +%{!?_without_docs: %{_mandir}/man1/git-citool.1*} +%{!?_without_docs: %doc Documentation/git-citool.html} %files -n gitk %defattr(-,root,root) @@ -157,6 +156,9 @@ rm -rf $RPM_BUILD_ROOT %{!?_without_docs: %doc Documentation/technical} %changelog +* Fri Oct 12 2007 James Bowes 1.5.3.3-1 +- git-1.5.3.3 + * Mon Jul 23 2007 James Bowes 1.5.2.1-3 - Remove the git-arch subpackage (tla is not in epel). diff --git a/sources b/sources index 943574d..557dc24 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -e65b08c2e1a4112c3139c15ac5a13e71 git-1.5.2.1.tar.gz +978bda72a636d805dd3058efec5e6f2e git-1.5.3.3.tar.gz From 96186fa43d62d603227f3bf8d079f45e414062f8 Mon Sep 17 00:00:00 2001 From: jwboyer Date: Fri, 7 Dec 2007 04:44:48 +0000 Subject: [PATCH 12/24] - git-1.5.3.6 - Add git-deamon and git-web subpackages --- .cvsignore | 2 +- git-1.5-gitweb-home-link.patch | 11 ++++++++ git.conf.httpd | 6 +++++ git.spec | 46 +++++++++++++++++++++++++++++++++- git.xinetd | 16 ++++++++++++ sources | 2 +- 6 files changed, 80 insertions(+), 3 deletions(-) create mode 100644 git-1.5-gitweb-home-link.patch create mode 100644 git.conf.httpd create mode 100644 git.xinetd diff --git a/.cvsignore b/.cvsignore index e8e0fe7..c6a071e 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -git-1.5.0.6.tar.gz +git-1.5.3.6.tar.gz diff --git a/git-1.5-gitweb-home-link.patch b/git-1.5-gitweb-home-link.patch new file mode 100644 index 0000000..cd36563 --- /dev/null +++ b/git-1.5-gitweb-home-link.patch @@ -0,0 +1,11 @@ +--- git-1.5.0.6/gitweb/gitweb.perl~ 2007-03-30 01:37:05.000000000 +0100 ++++ git-1.5.0.6/gitweb/gitweb.perl 2007-05-07 08:31:37.000000000 +0100 +@@ -39,7 +39,7 @@ our $projectroot = "++GITWEB_PROJECTROOT + our $home_link = $my_uri || "/"; + + # string of the home link on top of all pages +-our $home_link_str = "++GITWEB_HOME_LINK_STR++"; ++our $home_link_str = $ENV{'SERVER_NAME'} ? "git://" . $ENV{'SERVER_NAME'} : "projects"; + + # name of your site or organization to appear in page titles + # replace this with something more descriptive for clearer bookmarks diff --git a/git.conf.httpd b/git.conf.httpd new file mode 100644 index 0000000..3611943 --- /dev/null +++ b/git.conf.httpd @@ -0,0 +1,6 @@ +Alias /git /var/www/git + + + Options +ExecCGI + AddHandler cgi-script .cgi + diff --git a/git.spec b/git.spec index c4ecbbf..8ac16f8 100644 --- a/git.spec +++ b/git.spec @@ -1,12 +1,15 @@ # Pass --without docs to rpmbuild if you don't want the documentation Name: git -Version: 1.5.3.3 +Version: 1.5.3.6 Release: 1%{?dist} Summary: Git core and tools License: GPL Group: Development/Tools URL: http://kernel.org/pub/software/scm/git/ Source: http://kernel.org/pub/software/scm/git/%{name}-%{version}.tar.gz +Source1: git.xinetd +Source2: git.conf.httpd +Patch0: git-1.5-gitweb-home-link.patch BuildRequires: perl, zlib-devel >= 1.2, openssl-devel, curl-devel, expat-devel %{!?_without_docs:, xmlto, asciidoc > 6.0.3} BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: git-core, git-svn, git-cvs, git-email, gitk, git-gui, perl-Git @@ -29,6 +32,20 @@ and full access to internals. These are the core tools with minimal dependencies. +%package daemon +Summary: Git protocol daemon +Group: Development/Tools +Requires: git-core = %{version}-%{release} +%description daemon +The git dæmon for supporting git:// access to git repositories + +%package -n gitweb +Summary: Simple web interface to git repositories +Group: Development/Tools +Requires: git-core = %{version}-%{release} +%description -n gitweb +Simple web interface to track changes in git repositories + %package svn Summary: Git tools for importing Subversion repositories Group: Development/Tools @@ -75,6 +92,7 @@ Perl interface to Git %prep %setup -q +%patch0 -p1 %build make %{_smp_mflags} CFLAGS="$RPM_OPT_FLAGS" \ @@ -87,6 +105,15 @@ make %{_smp_mflags} CFLAGS="$RPM_OPT_FLAGS" DESTDIR=$RPM_BUILD_ROOT \ prefix=%{_prefix} mandir=%{_mandir} \ ETC_GITCONFIG=/etc/gitconfig \ INSTALLDIRS=vendor install %{!?_without_docs: install-doc} + +mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/xinetd.d +install -m 644 %SOURCE1 $RPM_BUILD_ROOT/%{_sysconfdir}/xinetd.d/git +mkdir -p $RPM_BUILD_ROOT/var/www/git +install -m 644 -t $RPM_BUILD_ROOT/var/www/git gitweb/*.png gitweb/*.css +install -m 755 -t $RPM_BUILD_ROOT/var/www/git gitweb/gitweb.cgi +mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d +install -m 0644 %SOURCE2 $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d/git.conf + find $RPM_BUILD_ROOT -type f -name .packlist -exec rm -f {} ';' find $RPM_BUILD_ROOT -type f -name '*.bs' -empty -exec rm -f {} ';' find $RPM_BUILD_ROOT -type f -name perllocal.pod -exec rm -f {} ';' @@ -100,6 +127,7 @@ find $RPM_BUILD_ROOT -type f -name 'git-archimport*' -exec rm -f {} ';' %else rm -rf $RPM_BUILD_ROOT%{_mandir} %endif +mkdir -p $RPM_BUILD_ROOT/srv/git %clean rm -rf $RPM_BUILD_ROOT @@ -152,10 +180,26 @@ rm -rf $RPM_BUILD_ROOT %defattr(-,root,root) %{_datadir}/git-core/ %doc README COPYING Documentation/*.txt + +%files daemon +%defattr(-,root,root) +%{_bindir}/git-daemon +%config(noreplace)%{_sysconfdir}/xinetd.d/git +/srv/git + +%files -n gitweb +%defattr(-,root,root) +/var/www/git/ +%{_sysconfdir}/httpd/conf.d/git.conf %{!?_without_docs: %doc Documentation/*.html Documentation/howto} %{!?_without_docs: %doc Documentation/technical} + %changelog +* Wed Dec 05 2007 Josh Boyer 1.5.3.6-1 +- git-1.5.3.6 +- Add git-deamon and git-web subpackages + * Fri Oct 12 2007 James Bowes 1.5.3.3-1 - git-1.5.3.3 diff --git a/git.xinetd b/git.xinetd new file mode 100644 index 0000000..dcfae91 --- /dev/null +++ b/git.xinetd @@ -0,0 +1,16 @@ +# default: off +# description: The git dæmon allows git repositories to be exported using +# the git:// protocol. + +service git +{ + disable = yes + socket_type = stream + wait = no + user = nobody + server = /usr/bin/git-daemon + server_args = --base-path=/srv/git --export-all --user-path=public_git --syslog --inetd --verbose + log_on_failure += USERID +# xinetd doesn't do this by default. bug #195265 + flags = IPv6 +} diff --git a/sources b/sources index 557dc24..31bf148 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -978bda72a636d805dd3058efec5e6f2e git-1.5.3.3.tar.gz +37126a4eb247b491b29e768fd25bfee8 git-1.5.3.6.tar.gz From 00e8ae1130fb8a727cd4d7e32ac8cdc20bb42860 Mon Sep 17 00:00:00 2001 From: jbowes Date: Thu, 15 May 2008 11:58:58 +0000 Subject: [PATCH 13/24] git 1.5.5.1 for el5 --- git-1.5-gitweb-home-link.patch | 11 --- git-init.el | 5 ++ git.spec | 126 +++++++++++++++++++++++---------- sources | 2 +- 4 files changed, 95 insertions(+), 49 deletions(-) delete mode 100644 git-1.5-gitweb-home-link.patch create mode 100644 git-init.el diff --git a/git-1.5-gitweb-home-link.patch b/git-1.5-gitweb-home-link.patch deleted file mode 100644 index cd36563..0000000 --- a/git-1.5-gitweb-home-link.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- git-1.5.0.6/gitweb/gitweb.perl~ 2007-03-30 01:37:05.000000000 +0100 -+++ git-1.5.0.6/gitweb/gitweb.perl 2007-05-07 08:31:37.000000000 +0100 -@@ -39,7 +39,7 @@ our $projectroot = "++GITWEB_PROJECTROOT - our $home_link = $my_uri || "/"; - - # string of the home link on top of all pages --our $home_link_str = "++GITWEB_HOME_LINK_STR++"; -+our $home_link_str = $ENV{'SERVER_NAME'} ? "git://" . $ENV{'SERVER_NAME'} : "projects"; - - # name of your site or organization to appear in page titles - # replace this with something more descriptive for clearer bookmarks diff --git a/git-init.el b/git-init.el new file mode 100644 index 0000000..d2a96a7 --- /dev/null +++ b/git-init.el @@ -0,0 +1,5 @@ +;; Git VC backend +(add-to-list 'vc-handled-backends 'GIT t) +(autoload 'git-status "git" "GIT mode." t) +(autoload 'git-blame-mode "git-blame" + "Minor mode for incremental blame for Git." t) diff --git a/git.spec b/git.spec index 8ac16f8..369b84e 100644 --- a/git.spec +++ b/git.spec @@ -1,94 +1,122 @@ # Pass --without docs to rpmbuild if you don't want the documentation Name: git -Version: 1.5.3.6 +Version: 1.5.5.1 Release: 1%{?dist} -Summary: Git core and tools +Summary: Core git tools License: GPL Group: Development/Tools URL: http://kernel.org/pub/software/scm/git/ Source: http://kernel.org/pub/software/scm/git/%{name}-%{version}.tar.gz -Source1: git.xinetd -Source2: git.conf.httpd +Source1: git-init.el +Source2: git.xinetd +Source3: git.conf.httpd Patch0: git-1.5-gitweb-home-link.patch -BuildRequires: perl, zlib-devel >= 1.2, openssl-devel, curl-devel, expat-devel %{!?_without_docs:, xmlto, asciidoc > 6.0.3} +BuildRequires: perl, zlib-devel >= 1.2, openssl-devel, curl-devel, expat-devel, emacs, gettext %{!?_without_docs:, xmlto, asciidoc > 6.0.3} BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -Requires: git-core, git-svn, git-cvs, git-email, gitk, git-gui, perl-Git + +Requires: perl-Git = %{version}-%{release} +Requires: zlib >= 1.2, rsync, curl, less, openssh-clients, expat, perl(Error) +Provides: git-core = %{version}-%{release} +Obsoletes: git-core <= 1.5.4.3 %description Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. -This is a dummy package which brings in all subpackages. +The git rpm installs the core tools with minimal dependencies. To +install all git packages, including tools for integrating with other +SCMs, install the git-all meta-package. -%package core -Summary: Core git tools +%package all +Summary: Meta-package to pull in all git tools Group: Development/Tools -Requires: zlib >= 1.2, rsync, curl, less, openssh-clients, expat -%description core +Requires: git = %{version}-%{release} +Requires: git-svn = %{version}-%{release} +Requires: git-cvs = %{version}-%{release} +Requires: git-arch = %{version}-%{release} +Requires: git-email = %{version}-%{release} +Requires: gitk = %{version}-%{release} +Requires: git-gui = %{version}-%{release} +Requires: perl-Git = %{version}-%{release} +Requires: emacs-git = %{version}-%{release} +Obsoletes: git <= 1.5.4.3 + +%description all Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. -These are the core tools with minimal dependencies. +This is a dummy package which brings in all subpackages. %package daemon Summary: Git protocol daemon Group: Development/Tools -Requires: git-core = %{version}-%{release} +Requires: git = %{version}-%{release} %description daemon The git dæmon for supporting git:// access to git repositories %package -n gitweb -Summary: Simple web interface to git repositories -Group: Development/Tools -Requires: git-core = %{version}-%{release} +Summary: Simple web interface to git repositories +Group: Development/Tools +Requires: git = %{version}-%{release} + %description -n gitweb Simple web interface to track changes in git repositories + %package svn Summary: Git tools for importing Subversion repositories Group: Development/Tools -Requires: git-core = %{version}-%{release}, subversion +Requires: git = %{version}-%{release}, subversion, perl(Term::ReadKey) %description svn Git tools for importing Subversion repositories. %package cvs Summary: Git tools for importing CVS repositories Group: Development/Tools -Requires: git-core = %{version}-%{release}, cvs, cvsps +Requires: git = %{version}-%{release}, cvs, cvsps %description cvs Git tools for importing CVS repositories. %package email Summary: Git tools for sending email Group: Development/Tools -Requires: git-core = %{version}-%{release} +Requires: git = %{version}-%{release}, perl-Git = %{version}-%{release} %description email Git tools for sending email. %package gui Summary: Git GUI tool Group: Development/Tools -Requires: git-core = %{version}-%{release}, tk >= 8.4 +Requires: git = %{version}-%{release}, tk >= 8.4 %description gui -Git GUI tool +Git GUI tool. %package -n gitk -Summary: Git revision tree visualiser ('gitk') +Summary: Git revision tree visualiser Group: Development/Tools -Requires: git-core = %{version}-%{release}, tk >= 8.4 +Requires: git = %{version}-%{release}, tk >= 8.4 %description -n gitk -Git revision tree visualiser ('gitk') +Git revision tree visualiser. %package -n perl-Git Summary: Perl interface to Git Group: Development/Libraries -Requires: git-core = %{version}-%{release} +Requires: git = %{version}-%{release}, perl(Error) Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) +BuildRequires: perl(Error), perl(ExtUtils::MakeMaker) %description -n perl-Git -Perl interface to Git +Perl interface to Git. + +%package -n emacs-git +Summary: Git version control system support for Emacs +Group: Applications/Editors +Requires: git = %{version}-%{release}, emacs-common + +%description -n emacs-git +%{summary}. %prep %setup -q @@ -98,6 +126,7 @@ Perl interface to Git make %{_smp_mflags} CFLAGS="$RPM_OPT_FLAGS" \ ETC_GITCONFIG=/etc/gitconfig \ prefix=%{_prefix} all %{!?_without_docs: doc} +make -C contrib/emacs %install rm -rf $RPM_BUILD_ROOT @@ -106,13 +135,21 @@ make %{_smp_mflags} CFLAGS="$RPM_OPT_FLAGS" DESTDIR=$RPM_BUILD_ROOT \ ETC_GITCONFIG=/etc/gitconfig \ INSTALLDIRS=vendor install %{!?_without_docs: install-doc} +make -C contrib/emacs install \ + emacsdir=$RPM_BUILD_ROOT%{_datadir}/emacs/site-lisp +for elc in $RPM_BUILD_ROOT%{_datadir}/emacs/site-lisp/*.elc ; do + install -pm 644 contrib/emacs/$(basename $elc .elc).el \ + $RPM_BUILD_ROOT%{_datadir}/emacs/site-lisp +done +install -Dpm 644 %{SOURCE1} \ + $RPM_BUILD_ROOT%{_datadir}/emacs/site-lisp/site-start.d/git-init.el mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/xinetd.d -install -m 644 %SOURCE1 $RPM_BUILD_ROOT/%{_sysconfdir}/xinetd.d/git +install -m 644 %SOURCE2 $RPM_BUILD_ROOT/%{_sysconfdir}/xinetd.d/git mkdir -p $RPM_BUILD_ROOT/var/www/git install -m 644 -t $RPM_BUILD_ROOT/var/www/git gitweb/*.png gitweb/*.css install -m 755 -t $RPM_BUILD_ROOT/var/www/git gitweb/gitweb.cgi mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d -install -m 0644 %SOURCE2 $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d/git.conf +install -m 0644 %SOURCE3 $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d/git.conf find $RPM_BUILD_ROOT -type f -name .packlist -exec rm -f {} ';' find $RPM_BUILD_ROOT -type f -name '*.bs' -empty -exec rm -f {} ';' @@ -120,7 +157,7 @@ find $RPM_BUILD_ROOT -type f -name perllocal.pod -exec rm -f {} ';' find $RPM_BUILD_ROOT -type f -name 'git-archimport*' -exec rm -f {} ';' -(find $RPM_BUILD_ROOT%{_bindir} -type f | grep -vE "svn|cvs|email|gitk|git-gui|git-citool" | sed -e s@^$RPM_BUILD_ROOT@@) > bin-man-doc-files +(find $RPM_BUILD_ROOT%{_bindir} -type f | grep -vE "svn|cvs|email|gitk|git-gui|git-citool|git-daemon" | sed -e s@^$RPM_BUILD_ROOT@@) > bin-man-doc-files (find $RPM_BUILD_ROOT%{perl_vendorlib} -type f | sed -e s@^$RPM_BUILD_ROOT@@) >> perl-files %if %{!?_without_docs:1}0 (find $RPM_BUILD_ROOT%{_mandir} $RPM_BUILD_ROOT/Documentation -type f | grep -vE "svn|git-cvs|email|gitk|git-gui|git-citool" | sed -e s@^$RPM_BUILD_ROOT@@ -e 's/$/*/' ) >> bin-man-doc-files @@ -129,11 +166,22 @@ rm -rf $RPM_BUILD_ROOT%{_mandir} %endif mkdir -p $RPM_BUILD_ROOT/srv/git +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/bash_completion.d +install -m 644 -T contrib/completion/git-completion.bash $RPM_BUILD_ROOT%{_sysconfdir}/bash_completion.d/git + + %clean rm -rf $RPM_BUILD_ROOT -%files -# These are no files in the root package + +%files -f bin-man-doc-files +%defattr(-,root,root) +%{_datadir}/git-core/ +%doc README COPYING Documentation/*.txt contrib/hooks +%{!?_without_docs: %doc Documentation/*.html Documentation/docbook-xsl.css} +%{!?_without_docs: %doc Documentation/howto Documentation/technical} +%{_sysconfdir}/bash_completion.d + %files svn %defattr(-,root,root) @@ -170,16 +218,17 @@ rm -rf $RPM_BUILD_ROOT %defattr(-,root,root) %doc Documentation/*gitk*.txt %{_bindir}/*gitk* +%{_datadir}/gitk %{!?_without_docs: %{_mandir}/man1/*gitk*.1*} %{!?_without_docs: %doc Documentation/*gitk*.html } %files -n perl-Git -f perl-files %defattr(-,root,root) -%files core -f bin-man-doc-files +%files -n emacs-git %defattr(-,root,root) -%{_datadir}/git-core/ -%doc README COPYING Documentation/*.txt +%{_datadir}/emacs/site-lisp/*git*.el* +%{_datadir}/emacs/site-lisp/site-start.d/git-init.el %files daemon %defattr(-,root,root) @@ -190,12 +239,15 @@ rm -rf $RPM_BUILD_ROOT %files -n gitweb %defattr(-,root,root) /var/www/git/ -%{_sysconfdir}/httpd/conf.d/git.conf -%{!?_without_docs: %doc Documentation/*.html Documentation/howto} -%{!?_without_docs: %doc Documentation/technical} +%config(noreplace)%{_sysconfdir}/httpd/conf.d/git.conf +%files all +# No files for you! %changelog +* Wed May 14 2008 James Bowes 1.5.5.1-1 +- git-1.5.5.1 + * Wed Dec 05 2007 Josh Boyer 1.5.3.6-1 - git-1.5.3.6 - Add git-deamon and git-web subpackages diff --git a/sources b/sources index 31bf148..c62e723 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -37126a4eb247b491b29e768fd25bfee8 git-1.5.3.6.tar.gz +863df5545e3496d9f29688ab25b6a53d git-1.5.5.1.tar.gz From 933bdd1abffe5772e79eb174f205632c235d8668 Mon Sep 17 00:00:00 2001 From: jbowes Date: Thu, 15 May 2008 12:07:28 +0000 Subject: [PATCH 14/24] restore mistakenly removed patch --- git-1.5-gitweb-home-link.patch | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 git-1.5-gitweb-home-link.patch diff --git a/git-1.5-gitweb-home-link.patch b/git-1.5-gitweb-home-link.patch new file mode 100644 index 0000000..cd36563 --- /dev/null +++ b/git-1.5-gitweb-home-link.patch @@ -0,0 +1,11 @@ +--- git-1.5.0.6/gitweb/gitweb.perl~ 2007-03-30 01:37:05.000000000 +0100 ++++ git-1.5.0.6/gitweb/gitweb.perl 2007-05-07 08:31:37.000000000 +0100 +@@ -39,7 +39,7 @@ our $projectroot = "++GITWEB_PROJECTROOT + our $home_link = $my_uri || "/"; + + # string of the home link on top of all pages +-our $home_link_str = "++GITWEB_HOME_LINK_STR++"; ++our $home_link_str = $ENV{'SERVER_NAME'} ? "git://" . $ENV{'SERVER_NAME'} : "projects"; + + # name of your site or organization to appear in page titles + # replace this with something more descriptive for clearer bookmarks From f359a5552bb586e17d867024cfc7dc288d44a7f1 Mon Sep 17 00:00:00 2001 From: jbowes Date: Thu, 15 May 2008 16:46:02 +0000 Subject: [PATCH 15/24] remove requires on git-arch --- git.spec | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/git.spec b/git.spec index 369b84e..fc683da 100644 --- a/git.spec +++ b/git.spec @@ -1,7 +1,7 @@ # Pass --without docs to rpmbuild if you don't want the documentation Name: git Version: 1.5.5.1 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Core git tools License: GPL Group: Development/Tools @@ -34,7 +34,6 @@ Group: Development/Tools Requires: git = %{version}-%{release} Requires: git-svn = %{version}-%{release} Requires: git-cvs = %{version}-%{release} -Requires: git-arch = %{version}-%{release} Requires: git-email = %{version}-%{release} Requires: gitk = %{version}-%{release} Requires: git-gui = %{version}-%{release} @@ -245,6 +244,9 @@ rm -rf $RPM_BUILD_ROOT # No files for you! %changelog +* Thu May 15 2008 James Bowes 1.5.5.1-2 +- Remove requires on git-arch + * Wed May 14 2008 James Bowes 1.5.5.1-1 - git-1.5.5.1 From 68dadc6a171c596229270778ce33d1e1e8b7ad4f Mon Sep 17 00:00:00 2001 From: jbowes Date: Sat, 20 Dec 2008 18:15:40 +0000 Subject: [PATCH 16/24] git 1.5.5.6 --- .cvsignore | 2 +- git.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/.cvsignore b/.cvsignore index c6a071e..30b9a0f 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -git-1.5.3.6.tar.gz +git-1.5.5.6.tar.gz diff --git a/git.spec b/git.spec index fc683da..372a56e 100644 --- a/git.spec +++ b/git.spec @@ -1,7 +1,7 @@ # Pass --without docs to rpmbuild if you don't want the documentation Name: git -Version: 1.5.5.1 -Release: 2%{?dist} +Version: 1.5.5.6 +Release: 1%{?dist} Summary: Core git tools License: GPL Group: Development/Tools @@ -244,6 +244,9 @@ rm -rf $RPM_BUILD_ROOT # No files for you! %changelog +* Sat Dec 20 2008 James Bowes 1.5.5.6-1 +- git-1.5.5.6 + * Thu May 15 2008 James Bowes 1.5.5.1-2 - Remove requires on git-arch diff --git a/sources b/sources index c62e723..b92755f 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -863df5545e3496d9f29688ab25b6a53d git-1.5.5.1.tar.gz +d2c201a2a5edaf36340075cffdb30e57 git-1.5.5.6.tar.gz From b81bad80b84308703f10aac27b87f829a70d0d09 Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Mon, 12 Jan 2009 20:07:21 +0000 Subject: [PATCH 17/24] - Fix CVE-2008-5517, gitweb remote command injection --- CVE-2008-5517.patch | 75 +++++++++++++++++++++++++++++++++++++++++++++ git.spec | 7 ++++- 2 files changed, 81 insertions(+), 1 deletion(-) create mode 100644 CVE-2008-5517.patch diff --git a/CVE-2008-5517.patch b/CVE-2008-5517.patch new file mode 100644 index 0000000..a03992c --- /dev/null +++ b/CVE-2008-5517.patch @@ -0,0 +1,75 @@ +From 516381d50ba7acb66f260461f4d566ab9b6df107 Mon Sep 17 00:00:00 2001 +From: Lea Wiemann +Date: Tue, 17 Jun 2008 23:46:35 +0200 +Subject: [PATCH] gitweb: quote commands properly when calling the shell + +This eliminates the function git_cmd_str, which was used for composing +command lines, and adds a quote_command function, which quotes all of +its arguments (as in quote.c). + +Signed-off-by: Lea Wiemann +Signed-off-by: Junio C Hamano +--- + gitweb/gitweb.perl | 24 ++++++++++++++---------- + 1 files changed, 14 insertions(+), 10 deletions(-) + +diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl +index 4de9647..d7ee267 100755 +--- a/gitweb/gitweb.perl ++++ b/gitweb/gitweb.perl +@@ -1500,9 +1500,13 @@ sub git_cmd { + return $GIT, '--git-dir='.$git_dir; + } + +-# returns path to the core git executable and the --git-dir parameter as string +-sub git_cmd_str { +- return join(' ', git_cmd()); ++# quote the given arguments for passing them to the shell ++# quote_command("command", "arg 1", "arg with ' and ! characters") ++# => "'command' 'arg 1' 'arg with '\'' and '\!' characters'" ++# Try to avoid using this function wherever possible. ++sub quote_command { ++ return join(' ', ++ map( { my $a = $_; $a =~ s/(['!])/'\\$1'/g; "'$a'" } @_ )); + } + + # get HEAD ref of given project as hash +@@ -4633,7 +4637,6 @@ sub git_snapshot { + $hash = git_get_head_hash($project); + } + +- my $git_command = git_cmd_str(); + my $name = $project; + $name =~ s,([^/])/*\.git$,$1,; + $name = basename($name); +@@ -4641,11 +4644,12 @@ sub git_snapshot { + $name =~ s/\047/\047\\\047\047/g; + my $cmd; + $filename .= "-$hash$known_snapshot_formats{$format}{'suffix'}"; +- $cmd = "$git_command archive " . +- "--format=$known_snapshot_formats{$format}{'format'} " . +- "--prefix=\'$name\'/ $hash"; ++ $cmd = quote_command( ++ git_cmd(), 'archive', ++ "--format=$known_snapshot_formats{$format}{'format'}", ++ "--prefix=$name/", $hash); + if (exists $known_snapshot_formats{$format}{'compressor'}) { +- $cmd .= ' | ' . join ' ', @{$known_snapshot_formats{$format}{'compressor'}}; ++ $cmd .= ' | ' . quote_command(@{$known_snapshot_formats{$format}{'compressor'}}); + } + + print $cgi->header( +@@ -4858,8 +4862,8 @@ sub git_object { + if ($hash || ($hash_base && !defined $file_name)) { + my $object_id = $hash || $hash_base; + +- my $git_command = git_cmd_str(); +- open my $fd, "-|", "$git_command cat-file -t $object_id 2>/dev/null" ++ open my $fd, "-|", quote_command( ++ git_cmd(), 'cat-file', '-t', $object_id) . ' 2> /dev/null' + or die_error('404 Not Found', "Object does not exist"); + $type = <$fd>; + chomp $type; +-- +1.6.1 + diff --git a/git.spec b/git.spec index 372a56e..ee44322 100644 --- a/git.spec +++ b/git.spec @@ -1,7 +1,7 @@ # Pass --without docs to rpmbuild if you don't want the documentation Name: git Version: 1.5.5.6 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Core git tools License: GPL Group: Development/Tools @@ -11,6 +11,7 @@ Source1: git-init.el Source2: git.xinetd Source3: git.conf.httpd Patch0: git-1.5-gitweb-home-link.patch +Patch1: CVE-2008-5517.patch BuildRequires: perl, zlib-devel >= 1.2, openssl-devel, curl-devel, expat-devel, emacs, gettext %{!?_without_docs:, xmlto, asciidoc > 6.0.3} BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -120,6 +121,7 @@ Requires: git = %{version}-%{release}, emacs-common %prep %setup -q %patch0 -p1 +%patch1 -p1 -b .CVE-2008-5517 %build make %{_smp_mflags} CFLAGS="$RPM_OPT_FLAGS" \ @@ -244,6 +246,9 @@ rm -rf $RPM_BUILD_ROOT # No files for you! %changelog +* Mon Jan 12 2009 Todd Zullinger 1.5.5.6-2 +- Fix CVE-2008-5517, gitweb remote command injection + * Sat Dec 20 2008 James Bowes 1.5.5.6-1 - git-1.5.5.6 From 47f75306db953f1519b4444174b3ce67a4836aa1 Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Fri, 19 Jun 2009 13:16:36 +0000 Subject: [PATCH 18/24] Fix git-daemon hang on invalid input (CVE-2009-2108, bug 505761) --- git-1.5.5.6-daemon-extra-args.patch | 114 +++++++++++++++++++++++++++ git-1.5.5.6-reflog-permissions.patch | 28 +++++++ git.spec | 17 +++- 3 files changed, 157 insertions(+), 2 deletions(-) create mode 100644 git-1.5.5.6-daemon-extra-args.patch create mode 100644 git-1.5.5.6-reflog-permissions.patch diff --git a/git-1.5.5.6-daemon-extra-args.patch b/git-1.5.5.6-daemon-extra-args.patch new file mode 100644 index 0000000..15e0ec0 --- /dev/null +++ b/git-1.5.5.6-daemon-extra-args.patch @@ -0,0 +1,114 @@ +From 0fa027ad52fc9fe886875463fed2e31985a882d9 Mon Sep 17 00:00:00 2001 +From: Shawn O. Pearce +Date: Thu, 4 Jun 2009 18:33:32 -0700 +Subject: [PATCH] daemon: Strictly parse the "extra arg" part of the command + +This is a backport of upstream commit 73bb33a. + +Since 1.4.4.5 (49ba83fb67 "Add virtualization support to git-daemon") +git daemon enters an infinite loop and never terminates if a client +hides any extra arguments in the initial request line which is not +exactly "\0host=blah\0". + +Since that change, a client must never insert additional extra +arguments, or attempt to use any argument other than "host=", as +any daemon will get stuck parsing the request line and will never +complete the request. + +Since the client can't tell if the daemon is patched or not, it +is not possible to know if additional extra args might actually be +able to be safely requested. + +If we ever need to extend the git daemon protocol to support a new +feature, we may have to do something like this to the exchange: + + # If both support git:// v2 + # + C: 000cgit://v2 + S: 0010ok host user + C: 0018host git.kernel.org + C: 0027git-upload-pack /pub/linux-2.6.git + S: ...git-upload-pack header... + + # If client supports git:// v2, server does not: + # + C: 000cgit://v2 + S: + + C: 003bgit-upload-pack /pub/linux-2.6.git\0host=git.kernel.org\0 + S: ...git-upload-pack header... + +This requires the client to create two TCP connections to talk to +an older git daemon, however all daemons since the introduction of +daemon.c will safely reject the unknown "git://v2" command request, +so the client can quite easily determine the server supports an +older protocol. + +Signed-off-by: Shawn O. Pearce +Signed-off-by: Junio C Hamano +--- + connect.c | 5 ++++- + daemon.c | 11 ++++++----- + 2 files changed, 10 insertions(+), 6 deletions(-) + +diff --git a/connect.c b/connect.c +index d12b105..37ea73c 100644 +--- a/connect.c ++++ b/connect.c +@@ -572,7 +572,10 @@ struct child_process *git_connect(int fd[2], const char *url_orig, + git_tcp_connect(fd, host, flags); + /* + * Separate original protocol components prog and path +- * from extended components with a NUL byte. ++ * from extended host header with a NUL byte. ++ * ++ * Note: Do not add any other headers here! Doing so ++ * will cause older git-daemon servers to crash. + */ + packet_write(fd[1], + "%s %s%chost=%s%c", +diff --git a/daemon.c b/daemon.c +index 2b4a6f1..5566a6f 100644 +--- a/daemon.c ++++ b/daemon.c +@@ -431,16 +431,15 @@ static void make_service_overridable(const char *name, int ena) + } + + /* +- * Separate the "extra args" information as supplied by the client connection. +- * Any resulting data is squirreled away in the given interpolation table. ++ * Read the host as supplied by the client connection. + */ +-static void parse_extra_args(struct interp *table, char *extra_args, int buflen) ++static void parse_host_arg(struct interp *table, char *extra_args, int buflen) + { + char *val; + int vallen; + char *end = extra_args + buflen; + +- while (extra_args < end && *extra_args) { ++ if (extra_args < end && *extra_args) { + saw_extended_args = 1; + if (strncasecmp("host=", extra_args, 5) == 0) { + val = extra_args + 5; +@@ -460,6 +459,8 @@ static void parse_extra_args(struct interp *table, char *extra_args, int buflen) + /* On to the next one */ + extra_args = val + vallen; + } ++ if (extra_args < end && *extra_args) ++ die("Invalid request"); + } + } + +@@ -579,7 +580,7 @@ static int execute(struct sockaddr *addr) + interp_set_entry(interp_table, INTERP_SLOT_PERCENT, "%"); + + if (len != pktlen) { +- parse_extra_args(interp_table, line + len + 1, pktlen - len - 1); ++ parse_host_arg(interp_table, line + len + 1, pktlen - len - 1); + fill_in_extra_table_entries(interp_table); + } + +-- +1.6.3.2 + diff --git a/git-1.5.5.6-reflog-permissions.patch b/git-1.5.5.6-reflog-permissions.patch new file mode 100644 index 0000000..f53b965 --- /dev/null +++ b/git-1.5.5.6-reflog-permissions.patch @@ -0,0 +1,28 @@ +From 336d09daf288492946f0c51f071da11643f8363d Mon Sep 17 00:00:00 2001 +From: Pierre Habouzit +Date: Sun, 15 Jun 2008 23:37:42 +0200 +Subject: [PATCH] Make git reflog expire honour core.sharedRepository. + +Signed-off-by: Pierre Habouzit +Signed-off-by: Junio C Hamano +--- + builtin-reflog.c | 2 ++ + t/t1301-shared-repo.sh | 15 +++++++++++++++ + 2 files changed, 17 insertions(+), 0 deletions(-) + +diff --git a/builtin-reflog.c b/builtin-reflog.c +index 897d1dc..b151e24 100644 +--- a/builtin-reflog.c ++++ b/builtin-reflog.c +@@ -307,6 +307,8 @@ static int expire_reflog(const char *ref, const unsigned char *sha1, int unused, + unlink(newlog_path); + } else if (cmd->updateref && commit_ref(lock)) { + status |= error("Couldn't set %s", lock->ref_name); ++ } else { ++ adjust_shared_perm(log_file); + } + } + free(newlog_path); +-- +1.6.1 + diff --git a/git.spec b/git.spec index ee44322..2ad950c 100644 --- a/git.spec +++ b/git.spec @@ -1,7 +1,7 @@ # Pass --without docs to rpmbuild if you don't want the documentation Name: git Version: 1.5.5.6 -Release: 2%{?dist} +Release: 4%{?dist} Summary: Core git tools License: GPL Group: Development/Tools @@ -11,7 +11,12 @@ Source1: git-init.el Source2: git.xinetd Source3: git.conf.httpd Patch0: git-1.5-gitweb-home-link.patch -Patch1: CVE-2008-5517.patch +# http://git.kernel.org/?p=git/git.git;a=commitdiff;h=516381d5 +Patch1: CVE-2008-5517.patch +# http://git.kernel.org/?p=git/git.git;a=commitdiff;h=336d09da +Patch2: git-1.5.5.6-reflog-permissions.patch +# http://git.kernel.org/?p=git/git.git;a=commitdiff;h=73bb33a9 +Patch3: git-1.5.5.6-daemon-extra-args.patch BuildRequires: perl, zlib-devel >= 1.2, openssl-devel, curl-devel, expat-devel, emacs, gettext %{!?_without_docs:, xmlto, asciidoc > 6.0.3} BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -122,6 +127,8 @@ Requires: git = %{version}-%{release}, emacs-common %setup -q %patch0 -p1 %patch1 -p1 -b .CVE-2008-5517 +%patch2 -p1 -b .reflog-perms +%patch3 -p1 -b .daemon-extra-args %build make %{_smp_mflags} CFLAGS="$RPM_OPT_FLAGS" \ @@ -246,6 +253,12 @@ rm -rf $RPM_BUILD_ROOT # No files for you! %changelog +* Fri Jun 19 2009 Todd Zullinger - 1.5.5.6-4 +- Fix git-daemon hang on invalid input (CVE-2009-2108, bug 505761) + +* Wed Jan 14 2009 Todd Zullinger 1.5.5.6-3 +- Add upstream patch for reflog permissions issue on shared repositories + * Mon Jan 12 2009 Todd Zullinger 1.5.5.6-2 - Fix CVE-2008-5517, gitweb remote command injection From 6272f498c47557339b28ac0dc334c1ac4e20921b Mon Sep 17 00:00:00 2001 From: Bill Nottingham Date: Thu, 26 Nov 2009 01:56:49 +0000 Subject: [PATCH 19/24] Fix typo that causes a failure to update the common directory. (releng #2781) --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 6c8a637..fbfe8aa 100644 --- a/Makefile +++ b/Makefile @@ -4,7 +4,7 @@ NAME := git SPECFILE = $(firstword $(wildcard *.spec)) define find-makefile-common -for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done +for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done endef MAKEFILE_COMMON := $(shell $(find-makefile-common)) From 638c6f27b7abcf1ad1b57730aa4115bb1f1d527d Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 28 Jul 2010 15:41:29 +0000 Subject: [PATCH 20/24] dist-git conversion --- .cvsignore => .gitignore | 0 Makefile | 21 --------------------- branch | 1 - 3 files changed, 22 deletions(-) rename .cvsignore => .gitignore (100%) delete mode 100644 Makefile delete mode 100644 branch diff --git a/.cvsignore b/.gitignore similarity index 100% rename from .cvsignore rename to .gitignore diff --git a/Makefile b/Makefile deleted file mode 100644 index fbfe8aa..0000000 --- a/Makefile +++ /dev/null @@ -1,21 +0,0 @@ -# Makefile for source rpm: git -# $Id$ -NAME := git -SPECFILE = $(firstword $(wildcard *.spec)) - -define find-makefile-common -for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done -endef - -MAKEFILE_COMMON := $(shell $(find-makefile-common)) - -ifeq ($(MAKEFILE_COMMON),) -# attept a checkout -define checkout-makefile-common -test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2 -endef - -MAKEFILE_COMMON := $(shell $(checkout-makefile-common)) -endif - -include $(MAKEFILE_COMMON) diff --git a/branch b/branch deleted file mode 100644 index 42f697a..0000000 --- a/branch +++ /dev/null @@ -1 +0,0 @@ -EL-5 From 863e09f0e0516640b239a64516b5680058a8e9f8 Mon Sep 17 00:00:00 2001 From: Petr Stodulka Date: Sun, 1 Nov 2015 20:28:13 +0100 Subject: [PATCH 21/24] fix arbitrary code execution via crafted URLs Resolves: #1269798 --- ...only-certain-protocols-for-submodule.patch | 104 +++++++++ ...protocol-whitelist-environment-varia.patch | 207 ++++++++++++++++++ ...ort-refactor-protocol-whitelist-code.patch | 107 +++++++++ ...it-redirection-to-protocol-whitelist.patch | 77 +++++++ 0005-http-limit-redirection-depth.patch | 31 +++ git.spec | 17 +- 6 files changed, 542 insertions(+), 1 deletion(-) create mode 100644 0001-submodule-allow-only-certain-protocols-for-submodule.patch create mode 100644 0002-transport-add-a-protocol-whitelist-environment-varia.patch create mode 100644 0003-transport-refactor-protocol-whitelist-code.patch create mode 100644 0004-http-limit-redirection-to-protocol-whitelist.patch create mode 100644 0005-http-limit-redirection-depth.patch diff --git a/0001-submodule-allow-only-certain-protocols-for-submodule.patch b/0001-submodule-allow-only-certain-protocols-for-submodule.patch new file mode 100644 index 0000000..e2067b1 --- /dev/null +++ b/0001-submodule-allow-only-certain-protocols-for-submodule.patch @@ -0,0 +1,104 @@ +From 6d69680505dbbc484178105815ed624fab40b2de Mon Sep 17 00:00:00 2001 +From: Petr Stodulka +Date: Wed, 28 Oct 2015 15:03:01 +0100 +Subject: [PATCH 1/5] submodule: allow only certain protocols for submodule + fetches + +Some protocols (like git-remote-ext) can execute arbitrary +code found in the URL. The URLs that submodules use may come +from arbitrary sources (e.g., .gitmodules files in a remote +repository). Let's restrict submodules to fetching from a +known-good subset of protocols. + +Note that we apply this restriction to all submodule +commands, whether the URL comes from .gitmodules or not. +This is more restrictive than we need to be; for example, in +the tests we run: + + git submodule add ext::... + +which should be trusted, as the URL comes directly from the +command line provided by the user. But doing it this way is +simpler, and makes it much less likely that we would miss a +case. And since such protocols should be an exception +(especially because nobody who clones from them will be able +to update the submodules!), it's not likely to inconvenience +anyone in practice. +--- + git-submodule.sh | 9 +++++++++ + t/t5815-submodule-protos-sh | 43 +++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 52 insertions(+) + create mode 100644 t/t5815-submodule-protos-sh + +diff --git a/git-submodule.sh b/git-submodule.sh +index 79bfaac..bec3362 100755 +--- a/git-submodule.sh ++++ b/git-submodule.sh +@@ -19,6 +19,15 @@ OPTIONS_SPEC= + . git-parse-remote + require_work_tree + ++# Restrict ourselves to a vanilla subset of protocols; the URLs ++# we get are under control of a remote repository, and we do not ++# want them kicking off arbitrary git-remote-* programs. ++# ++# If the user has already specified a set of allowed protocols, ++# we assume they know what they're doing and use that instead. ++: ${GIT_ALLOW_PROTOCOL=file:git:http:https:ssh} ++export GIT_ALLOW_PROTOCOL ++ + command= + branch= + force= +diff --git a/t/t5815-submodule-protos-sh b/t/t5815-submodule-protos-sh +new file mode 100644 +index 0000000..06f55a1 +--- /dev/null ++++ b/t/t5815-submodule-protos-sh +@@ -0,0 +1,43 @@ ++#!/bin/sh ++ ++test_description='test protocol whitelisting with submodules' ++. ./test-lib.sh ++. "$TEST_DIRECTORY"/lib-proto-disable.sh ++ ++setup_ext_wrapper ++setup_ssh_wrapper ++ ++test_expect_success 'setup repository with submodules' ' ++ mkdir remote && ++ git init remote/repo.git && ++ (cd remote/repo.git && test_commit one) && ++ # submodule-add should probably trust what we feed it on the cmdline, ++ # but its implementation is overly conservative. ++ GIT_ALLOW_PROTOCOL=ssh git submodule add remote:repo.git ssh-module && ++ GIT_ALLOW_PROTOCOL=ext git submodule add "ext::fake-remote %S repo.git" ext-module && ++ git commit -m "add submodules" ++' ++ ++test_expect_success 'clone with recurse-submodules fails' ' ++ test_must_fail git clone --recurse-submodules . dst ++' ++ ++test_expect_success 'setup individual updates' ' ++ rm -rf dst && ++ git clone . dst && ++ git -C dst submodule init ++' ++ ++test_expect_success 'update of ssh allowed' ' ++ git -C dst submodule update ssh-module ++' ++ ++test_expect_success 'update of ext not allowed' ' ++ test_must_fail git -C dst submodule update ext-module ++' ++ ++test_expect_success 'user can override whitelist' ' ++ GIT_ALLOW_PROTOCOL=ext git -C dst submodule update ext-module ++' ++ ++test_done +-- +2.1.0 + diff --git a/0002-transport-add-a-protocol-whitelist-environment-varia.patch b/0002-transport-add-a-protocol-whitelist-environment-varia.patch new file mode 100644 index 0000000..d908739 --- /dev/null +++ b/0002-transport-add-a-protocol-whitelist-environment-varia.patch @@ -0,0 +1,207 @@ +From cfa4e13f09d07f679ffacdddfbe0ef44d1de32d9 Mon Sep 17 00:00:00 2001 +From: Petr Stodulka +Date: Wed, 28 Oct 2015 15:21:08 +0100 +Subject: [PATCH 2/5] transport: add a protocol-whitelist environment variable + +If we are cloning an untrusted remote repository into a +sandbox, we may also want to fetch remote submodules in +order to get the complete view as intended by the other +side. However, that opens us up to attacks where a malicious +user gets us to clone something they would not otherwise +have access to (this is not necessarily a problem by itself, +but we may then act on the cloned contents in a way that +exposes them to the attacker). + +Ideally such a setup would sandbox git entirely away from +high-value items, but this is not always practical or easy +to set up (e.g., OS network controls may block multiple +protocols, and we would want to enable some but not others). + +We can help this case by providing a way to restrict +particular protocols. We use a whitelist in the environment. +This is more annoying to set up than a blacklist, but +defaults to safety if the set of protocols git supports +grows). If no whitelist is specified, we continue to default +to allowing all protocols (this is an "unsafe" default, but +since the minority of users will want this sandboxing +effect, it is the only sensible one). + +A note on the tests: ideally these would all be in a single +test file, but the git-daemon and httpd test infrastructure +is an all-or-nothing proposition rather than a test-by-test +prerequisite. By putting them all together, we would be +unable to test the file-local code on machines without +apache. +--- + Documentation/git.txt | 32 ++++++++++++++++++++++++++++++++ + connect.c | 4 ++++ + transport-helper.c | 2 ++ + transport.c | 21 ++++++++++++++++++++- + transport.h | 7 +++++++ + 5 files changed, 65 insertions(+), 1 deletion(-) + +diff --git a/Documentation/git.txt b/Documentation/git.txt +index 443d88f..179a0e8 100644 +--- a/Documentation/git.txt ++++ b/Documentation/git.txt +@@ -847,6 +847,38 @@ GIT_LITERAL_PATHSPECS:: + literal paths to Git (e.g., paths previously given to you by + `git ls-tree`, `--raw` diff output, etc). + ++`GIT_ALLOW_PROTOCOL`:: ++ If set, provide a colon-separated list of protocols which are ++ allowed to be used with fetch/push/clone. This is useful to ++ restrict recursive submodule initialization from an untrusted ++ repository. Any protocol not mentioned will be disallowed (i.e., ++ this is a whitelist, not a blacklist). If the variable is not ++ set at all, all protocols are enabled. The protocol names ++ currently used by git are: ++ ++ - `file`: any local file-based path (including `file://` URLs, ++ or local paths) ++ ++ - `git`: the anonymous git protocol over a direct TCP ++ connection (or proxy, if configured) ++ ++ - `ssh`: git over ssh (including `host:path` syntax, ++ `git+ssh://`, etc). ++ ++ - `rsync`: git over rsync ++ ++ - `http`: git over http, both "smart http" and "dumb http". ++ Note that this does _not_ include `https`; if you want both, ++ you should specify both as `http:https`. ++ ++ - any external helpers are named by their protocol (e.g., use ++ `hg` to allow the `git-remote-hg` helper) +++ ++Note that this controls only git's internal protocol selection. ++If libcurl is used (e.g., by the `http` transport), it may ++redirect to other protocols. There is not currently any way to ++restrict this. ++ + + Discussion[[Discussion]] + ------------------------ +diff --git a/connect.c b/connect.c +index f57efd0..6d4ea13 100644 +--- a/connect.c ++++ b/connect.c +@@ -6,6 +6,7 @@ + #include "run-command.h" + #include "remote.h" + #include "url.h" ++#include "transport.h" + + static char *server_capabilities; + +@@ -587,6 +588,7 @@ struct child_process *git_connect(int fd[2], const char *url_orig, + * cannot connect. + */ + char *target_host = xstrdup(host); ++ transport_check_allowed("git"); + if (git_use_proxy(host)) + conn = git_proxy_connect(fd, host); + else +@@ -623,6 +625,7 @@ struct child_process *git_connect(int fd[2], const char *url_orig, + if (protocol == PROTO_SSH) { + const char *ssh = getenv("GIT_SSH"); + int putty = ssh && strcasestr(ssh, "plink"); ++ transport_check_allowed("ssh"); + if (!ssh) ssh = "ssh"; + + *arg++ = ssh; +@@ -639,6 +642,7 @@ struct child_process *git_connect(int fd[2], const char *url_orig, + /* remove repo-local variables from the environment */ + conn->env = local_repo_env; + conn->use_shell = 1; ++ transport_check_allowed("file"); + } + *arg++ = cmd.buf; + *arg = NULL; +diff --git a/transport-helper.c b/transport-helper.c +index 522d791..be8402a 100644 +--- a/transport-helper.c ++++ b/transport-helper.c +@@ -932,6 +932,8 @@ int transport_helper_init(struct transport *transport, const char *name) + struct helper_data *data = xcalloc(sizeof(*data), 1); + data->name = name; + ++ transport_check_allowed(name); ++ + if (getenv("GIT_TRANSPORT_HELPER_DEBUG")) + debug = 1; + +diff --git a/transport.c b/transport.c +index ba5d8af..733717d 100644 +--- a/transport.c ++++ b/transport.c +@@ -894,6 +894,20 @@ static int external_specification_len(const char *url) + return strchr(url, ':') - url; + } + ++void transport_check_allowed(const char *type) ++{ ++ struct string_list allowed = STRING_LIST_INIT_DUP; ++ const char *v = getenv("GIT_ALLOW_PROTOCOL"); ++ ++ if (!v) ++ return; ++ ++ string_list_split(&allowed, v, ':', -1); ++ if (!unsorted_string_list_has_string(&allowed, type)) ++ die("transport '%s' not allowed", type); ++ string_list_clear(&allowed, 0); ++} ++ + struct transport *transport_get(struct remote *remote, const char *url) + { + const char *helper; +@@ -925,12 +939,14 @@ struct transport *transport_get(struct remote *remote, const char *url) + if (helper) { + transport_helper_init(ret, helper); + } else if (!prefixcmp(url, "rsync:")) { ++ transport_check_allowed("rsync"); + ret->get_refs_list = get_refs_via_rsync; + ret->fetch = fetch_objs_via_rsync; + ret->push = rsync_transport_push; + ret->smart_options = NULL; + } else if (is_local(url) && is_file(url) && is_bundle(url, 1)) { + struct bundle_transport_data *data = xcalloc(1, sizeof(*data)); ++ transport_check_allowed("file"); + ret->data = data; + ret->get_refs_list = get_refs_from_bundle; + ret->fetch = fetch_refs_from_bundle; +@@ -942,7 +958,10 @@ struct transport *transport_get(struct remote *remote, const char *url) + || !prefixcmp(url, "ssh://") + || !prefixcmp(url, "git+ssh://") + || !prefixcmp(url, "ssh+git://")) { +- /* These are builtin smart transports. */ ++ /* ++ * These are builtin smart transports; "allowed" transports ++ * will be checked individually in git_connect. ++ */ + struct git_transport_data *data = xcalloc(1, sizeof(*data)); + ret->data = data; + ret->set_option = NULL; +diff --git a/transport.h b/transport.h +index fcb1d25..2beda7d 100644 +--- a/transport.h ++++ b/transport.h +@@ -113,6 +113,13 @@ struct transport { + /* Returns a transport suitable for the url */ + struct transport *transport_get(struct remote *, const char *); + ++/* ++ * Check whether a transport is allowed by the environment, ++ * and die otherwise. type should generally be the URL scheme, ++ * as described in Documentation/git.txt ++ */ ++void transport_check_allowed(const char *type); ++ + /* Transport options which apply to git:// and scp-style URLs */ + + /* The program to use on the remote side to send a pack */ +-- +2.1.0 + diff --git a/0003-transport-refactor-protocol-whitelist-code.patch b/0003-transport-refactor-protocol-whitelist-code.patch new file mode 100644 index 0000000..ff5416d --- /dev/null +++ b/0003-transport-refactor-protocol-whitelist-code.patch @@ -0,0 +1,107 @@ +From 9b9aabe6ab5d07227c1c02781f03a3c38fbc27b0 Mon Sep 17 00:00:00 2001 +From: Jeff King +Date: Tue, 22 Sep 2015 18:03:49 -0400 +Subject: [PATCH 3/5] transport: refactor protocol whitelist code + +The current callers only want to die when their transport is +prohibited. But future callers want to query the mechanism +without dying. + +Let's break out a few query functions, and also save the +results in a static list so we don't have to re-parse for +each query. + +Based-on-a-patch-by: Blake Burkhart +Signed-off-by: Jeff King +Signed-off-by: Junio C Hamano +--- + transport.c | 38 ++++++++++++++++++++++++++++++-------- + transport.h | 15 +++++++++++++-- + 2 files changed, 43 insertions(+), 10 deletions(-) + +diff --git a/transport.c b/transport.c +index 733717d..2dbdca0 100644 +--- a/transport.c ++++ b/transport.c +@@ -894,18 +894,40 @@ static int external_specification_len(const char *url) + return strchr(url, ':') - url; + } + +-void transport_check_allowed(const char *type) ++static const struct string_list *protocol_whitelist(void) + { +- struct string_list allowed = STRING_LIST_INIT_DUP; +- const char *v = getenv("GIT_ALLOW_PROTOCOL"); ++ static int enabled = -1; ++ static struct string_list allowed = STRING_LIST_INIT_DUP; ++ ++ if (enabled < 0) { ++ const char *v = getenv("GIT_ALLOW_PROTOCOL"); ++ if (v) { ++ string_list_split(&allowed, v, ':', -1); ++ sort_string_list(&allowed); ++ enabled = 1; ++ } else { ++ enabled = 0; ++ } ++ } + +- if (!v) +- return; ++ return enabled ? &allowed : NULL; ++} ++ ++int is_transport_allowed(const char *type) ++{ ++ const struct string_list *allowed = protocol_whitelist(); ++ return !allowed || string_list_has_string(allowed, type); ++} + +- string_list_split(&allowed, v, ':', -1); +- if (!unsorted_string_list_has_string(&allowed, type)) ++void transport_check_allowed(const char *type) ++{ ++ if (!is_transport_allowed(type)) + die("transport '%s' not allowed", type); +- string_list_clear(&allowed, 0); ++} ++ ++int transport_restrict_protocols(void) ++{ ++ return !!protocol_whitelist(); + } + + struct transport *transport_get(struct remote *remote, const char *url) +diff --git a/transport.h b/transport.h +index 2beda7d..7707c27 100644 +--- a/transport.h ++++ b/transport.h +@@ -114,12 +114,23 @@ struct transport { + struct transport *transport_get(struct remote *, const char *); + + /* ++ * Check whether a transport is allowed by the environment. Type should ++ * generally be the URL scheme, as described in Documentation/git.txt ++ */ ++int is_transport_allowed(const char *type); ++ ++/* + * Check whether a transport is allowed by the environment, +- * and die otherwise. type should generally be the URL scheme, +- * as described in Documentation/git.txt ++ * and die otherwise. + */ + void transport_check_allowed(const char *type); + ++/* ++ * Returns true if the user has attempted to turn on protocol ++ * restrictions at all. ++ */ ++int transport_restrict_protocols(void); ++ + /* Transport options which apply to git:// and scp-style URLs */ + + /* The program to use on the remote side to send a pack */ +-- +2.1.0 + diff --git a/0004-http-limit-redirection-to-protocol-whitelist.patch b/0004-http-limit-redirection-to-protocol-whitelist.patch new file mode 100644 index 0000000..19a6b8c --- /dev/null +++ b/0004-http-limit-redirection-to-protocol-whitelist.patch @@ -0,0 +1,77 @@ +From 0f032880eddc09abd1850533422c9b0bb80a010c Mon Sep 17 00:00:00 2001 +From: Petr Stodulka +Date: Sun, 1 Nov 2015 20:23:07 +0100 +Subject: [PATCH] http-limit-redirection-to-protocol-whitelist + +Previously, libcurl would follow redirection to any protocol +it was compiled for support with. This is desirable to allow +redirection from HTTP to HTTPS. However, it would even +successfully allow redirection from HTTP to SFTP, a protocol +that git does not otherwise support at all. Furthermore +git's new protocol-whitelisting could be bypassed by +following a redirect within the remote helper, as it was +only enforced at transport selection time. + +This patch limits redirects within libcurl to HTTP, HTTPS, +FTP and FTPS. If there is a protocol-whitelist present, this +list is limited to those also allowed by the whitelist. As +redirection happens from within libcurl, it is impossible +for an HTTP redirect to a protocol implemented within +another remote helper. + +When the curl version git was compiled with is too old to +support restrictions on protocol redirection, we warn the +user if GIT_ALLOW_PROTOCOL restrictions were requested. This +is a little inaccurate, as even without that variable in the +environment, we would still restrict SFTP, etc, and we do +not warn in that case. But anything else means we would +literally warn every time git accesses an http remote. +--- + http.c | 17 +++++++++++++++++ + 1 file changed, 17 insertions(+) + +diff --git a/http.c b/http.c +index d9d1aad..744e5a1 100644 +--- a/http.c ++++ b/http.c +@@ -5,6 +5,7 @@ + #include "url.h" + #include "credential.h" + #include "version.h" ++#include "transport.h" + + int active_requests; + int http_is_verbose; +@@ -246,6 +247,7 @@ static int has_cert_password(void) + static CURL *get_curl_handle(void) + { + CURL *result = curl_easy_init(); ++ long allowed_protocols = 0; + + if (!curl_ssl_verify) { + curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, 0); +@@ -296,6 +298,21 @@ static CURL *get_curl_handle(void) + #elif LIBCURL_VERSION_NUM >= 0x071101 + curl_easy_setopt(result, CURLOPT_POST301, 1); + #endif ++#if LIBCURL_VERSION_NUM >= 0x071304 ++ if (is_transport_allowed("http")) ++ allowed_protocols |= CURLPROTO_HTTP; ++ if (is_transport_allowed("https")) ++ allowed_protocols |= CURLPROTO_HTTPS; ++ if (is_transport_allowed("ftp")) ++ allowed_protocols |= CURLPROTO_FTP; ++ if (is_transport_allowed("ftps")) ++ allowed_protocols |= CURLPROTO_FTPS; ++ curl_easy_setopt(result, CURLOPT_REDIR_PROTOCOLS, allowed_protocols); ++#else ++ if (transport_restrict_protocols()) ++ warning("protocol restrictions not applied to curl redirects because\n" ++ "your curl version is too old (>= 7.19.4)"); ++#endif + + if (getenv("GIT_CURL_VERBOSE")) + curl_easy_setopt(result, CURLOPT_VERBOSE, 1); +-- +2.4.3 + diff --git a/0005-http-limit-redirection-depth.patch b/0005-http-limit-redirection-depth.patch new file mode 100644 index 0000000..471f4eb --- /dev/null +++ b/0005-http-limit-redirection-depth.patch @@ -0,0 +1,31 @@ +From 7f3bfdbc2670b4960242fa1b229dde6bcb2b463b Mon Sep 17 00:00:00 2001 +From: Petr Stodulka +Date: Fri, 23 Oct 2015 17:39:59 +0200 +Subject: [PATCH 5/5] http: limit redirection depth + +By default, libcurl will follow circular http redirects +forever. Let's put a cap on this so that somebody who can +trigger an automated fetch of an arbitrary repository (e.g., +for CI) cannot convince git to loop infinitely. + +The value chosen is 20, which is the same default that +Firefox uses. +--- + http.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/http.c b/http.c +index 235c2d5..a1c7dcb 100644 +--- a/http.c ++++ b/http.c +@@ -298,6 +298,7 @@ static CURL *get_curl_handle(void) + } + + curl_easy_setopt(result, CURLOPT_FOLLOWLOCATION, 1); ++ curl_easy_setopt(result, CURLOPT_MAXREDIRS, 20); + #if LIBCURL_VERSION_NUM >= 0x071301 + curl_easy_setopt(result, CURLOPT_POSTREDIR, CURL_REDIR_POST_ALL); + #elif LIBCURL_VERSION_NUM >= 0x071101 +-- +2.1.0 + diff --git a/git.spec b/git.spec index 5a1966b..f68f215 100644 --- a/git.spec +++ b/git.spec @@ -44,7 +44,7 @@ Name: git Version: 1.8.2.1 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Fast Version Control System License: GPLv2 Group: Development/Tools @@ -66,6 +66,12 @@ Patch5: 0001-git-subtree-Use-gitexecdir-instead-of-libexecdir.patch # This fixes the build when python is enabled. Needs discussion upstream to # find a proper solution. Patch6: 0001-Drop-DESTDIR-from-python-instlibdir.patch +Patch7: 0001-submodule-allow-only-certain-protocols-for-submodule.patch +Patch8: 0002-transport-add-a-protocol-whitelist-environment-varia.patch +Patch9: 0003-transport-refactor-protocol-whitelist-code.patch +Patch10: 0004-http-limit-redirection-to-protocol-whitelist.patch +Patch11: 0005-http-limit-redirection-depth.patch + BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -273,6 +279,11 @@ Requires: emacs-git = %{version}-%{release} %endif %patch5 -p1 %patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 +%patch10 -p1 +%patch11 -p1 %if %{use_prebuilt_docs} mkdir -p prebuilt_docs/{html,man} @@ -564,6 +575,10 @@ rm -rf %{buildroot} # No files for you! %changelog +* Sun Nov 01 2015 Petr Stodulka - 1.8.2.1-2 +- fix arbitrary code execution via crafted URLs + Resolves: #1269798 + * Sun Apr 14 2013 Todd Zullinger - 1.8.2.1-1 - Update to 1.8.2.1 - Exclude optional perl(YAML::Any) dependency on EL-5 From 94ab29eacc95ea176d3618fd26c4c861f9434399 Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Mon, 18 Apr 2016 01:00:31 -0400 Subject: [PATCH 22/24] Update to 1.8.2.3 A security release is coming next and it's a reasonable time to pull in the few upstream bug fixes since 1.8.2.1. Also update the source URL's to use https. The htmldocs and manpages packages are not available on kernel.org and there are no detached signatures for them, but we can get decent protection for the downloads by using https. --- .gitignore | 1 + git.spec | 18 ++++++++++-------- sources | 6 +++--- 3 files changed, 14 insertions(+), 11 deletions(-) diff --git a/.gitignore b/.gitignore index a8b6c5d..77221d1 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,6 @@ *~ *.rpm *.tar.gz +*.tar.xz /.build*.log /git-*/ diff --git a/git.spec b/git.spec index f68f215..deea97f 100644 --- a/git.spec +++ b/git.spec @@ -43,20 +43,20 @@ %endif Name: git -Version: 1.8.2.1 -Release: 2%{?dist} +Version: 1.8.2.3 +Release: 1%{?dist} Summary: Fast Version Control System License: GPLv2 Group: Development/Tools URL: http://git-scm.com/ -Source0: http://git-core.googlecode.com/files/%{name}-%{version}.tar.gz +Source0: https://www.kernel.org/pub/software/scm/git/%{name}-%{version}.tar.xz Source2: git-init.el Source3: git.xinetd.in Source4: git.conf.httpd Source5: git-gui.desktop Source6: gitweb.conf.in -Source10: http://git-core.googlecode.com/files/%{name}-manpages-%{version}.tar.gz -Source11: http://git-core.googlecode.com/files/%{name}-htmldocs-%{version}.tar.gz +Source10: https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/git-core/%{name}-manpages-%{version}.tar.gz +Source11: https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/git-core/%{name}-htmldocs-%{version}.tar.gz Patch0: git-1.5-gitweb-home-link.patch # https://bugzilla.redhat.com/490602 Patch1: git-cvsimport-Ignore-cvsps-2.2b1-Branches-output.patch @@ -69,9 +69,8 @@ Patch6: 0001-Drop-DESTDIR-from-python-instlibdir.patch Patch7: 0001-submodule-allow-only-certain-protocols-for-submodule.patch Patch8: 0002-transport-add-a-protocol-whitelist-environment-varia.patch Patch9: 0003-transport-refactor-protocol-whitelist-code.patch -Patch10: 0004-http-limit-redirection-to-protocol-whitelist.patch -Patch11: 0005-http-limit-redirection-depth.patch - +Patch10: 0004-http-limit-redirection-to-protocol-whitelist.patch +Patch11: 0005-http-limit-redirection-depth.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -575,6 +574,9 @@ rm -rf %{buildroot} # No files for you! %changelog +* Mon Apr 18 2016 Todd Zullinger - 1.8.2.3-1 +- Update to 1.8.2.3 + * Sun Nov 01 2015 Petr Stodulka - 1.8.2.1-2 - fix arbitrary code execution via crafted URLs Resolves: #1269798 diff --git a/sources b/sources index b8e9dd0..19edaf6 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -3f6ebca116c627490e4ee1f1324d5e65 git-1.8.2.1.tar.gz -e53c46eca9e5f5da8fde35e1edc1d00b git-htmldocs-1.8.2.1.tar.gz -8ec6ab4d8c868305e9a679f5c3d2ccfa git-manpages-1.8.2.1.tar.gz +c529f6d4f1bf01fb919cb576c0dd58ae git-1.8.2.3.tar.xz +c4e9d1c84880ae60dcc32e140cfba2d2 git-htmldocs-1.8.2.3.tar.gz +891481ec6ecd9ee530701378e5b61d3f git-manpages-1.8.2.3.tar.gz From 8478810fb2ede918a30aed946faccf1bc7dae604 Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Mon, 18 Apr 2016 01:03:58 -0400 Subject: [PATCH 23/24] Apply Petr's fix for CVE-2016-2315 CVE-2016-2324 from el6 (#1318252) As Petr noted in the patch, the upstream solution removed the path_name() function entirely. However, it's too much work to backport those changes to such old version of git without risk of behaviour changes, so the patch causes git to die with error message instead when paths exceed INT_MAX. It's worth noting that the git package from rawhide is expected to rebuild cleanly on EL-5, for anyone who wishes to update to the current git release. For obvious reasons, we will not be pushing such disruptive changes to EPEL. --- 0001-Fix-CVE-2016-2315-CVE-2016-2324.patch | 116 +++++++++++++++++++++ git.spec | 4 + 2 files changed, 120 insertions(+) create mode 100644 0001-Fix-CVE-2016-2315-CVE-2016-2324.patch diff --git a/0001-Fix-CVE-2016-2315-CVE-2016-2324.patch b/0001-Fix-CVE-2016-2315-CVE-2016-2324.patch new file mode 100644 index 0000000..082a1a2 --- /dev/null +++ b/0001-Fix-CVE-2016-2315-CVE-2016-2324.patch @@ -0,0 +1,116 @@ +From 5857966a36f9c553e73e375455a246896aeba73f Mon Sep 17 00:00:00 2001 +From: Petr Stodulka +Date: Fri, 18 Mar 2016 17:14:32 +0100 +Subject: [PATCH] Fix CVE-2016-2315 CVE-2016-2324 + +- added upstream macros for detecting size_t overflow (much more just + for easier related changes in future, if we want to do some yet) +- upstream solution removes function path_name() and modify all related + part of code to replace this function. However, it's too hard for + backport to such old version of git without unchanged behaviour, + so application just die with error message instead. +--- + diff.h | 4 ++-- + git-compat-util.h | 34 ++++++++++++++++++++++++++++++++++ + revision.c | 11 ++++++++--- + 3 files changed, 44 insertions(+), 5 deletions(-) + +diff --git a/diff.h b/diff.h +index 78b4091..18dabf0 100644 +--- a/diff.h ++++ b/diff.h +@@ -201,8 +201,8 @@ struct combine_diff_path { + } parent[FLEX_ARRAY]; + }; + #define combine_diff_path_size(n, l) \ +- (sizeof(struct combine_diff_path) + \ +- sizeof(struct combine_diff_parent) * (n) + (l) + 1) ++ st_add4(sizeof(struct combine_diff_path), (l), 1, \ ++ st_mult(sizeof(struct combine_diff_parent), (n))) + + extern void show_combined_diff(struct combine_diff_path *elem, int num_parent, + int dense, struct rev_info *); +diff --git a/git-compat-util.h b/git-compat-util.h +index ad47624..77a7031 100644 +--- a/git-compat-util.h ++++ b/git-compat-util.h +@@ -46,6 +46,14 @@ + #define unsigned_add_overflows(a, b) \ + ((b) > maximum_unsigned_value_of_type(a) - (a)) + ++/* ++ * Returns true if the multiplication of "a" and "b" will ++ * overflow. The types of "a" and "b" must match and must be unsigned. ++ * Note that this macro evaluates "a" twice! ++ */ ++#define unsigned_mult_overflows(a, b) \ ++ ((a) && (b) > maximum_unsigned_value_of_type(a) / (a)) ++ + #ifdef __GNUC__ + #define TYPEOF(x) (__typeof__(x)) + #else +@@ -490,6 +498,32 @@ static inline void *gitmempcpy(void *dest, const void *src, size_t n) + } + #endif + ++static inline size_t st_add(size_t a, size_t b) ++{ ++ if (unsigned_add_overflows(a, b)) ++ die("size_t overflow: %"PRIuMAX" + %"PRIuMAX, ++ (uintmax_t)a, (uintmax_t)b); ++ return a + b; ++} ++#define st_add3(a,b,c) st_add((a),st_add((b),(c))) ++#define st_add4(a,b,c,d) st_add((a),st_add3((b),(c),(d))) ++ ++static inline size_t st_mult(size_t a, size_t b) ++{ ++ if (unsigned_mult_overflows(a, b)) ++ die("size_t overflow: %"PRIuMAX" * %"PRIuMAX, ++ (uintmax_t)a, (uintmax_t)b); ++ return a * b; ++} ++ ++static inline size_t st_sub(size_t a, size_t b) ++{ ++ if (a < b) ++ die("size_t underflow: %"PRIuMAX" - %"PRIuMAX, ++ (uintmax_t)a, (uintmax_t)b); ++ return a - b; ++} ++ + #ifdef NO_INET_PTON + int inet_pton(int af, const char *src, void *dst); + #endif +diff --git a/revision.c b/revision.c +index 9df13ca..7e358ef 100644 +--- a/revision.c ++++ b/revision.c +@@ -21,16 +21,21 @@ char *path_name(const struct name_path *path, const char *name) + { + const struct name_path *p; + char *n, *m; +- int nlen = strlen(name); +- int len = nlen + 1; ++ size_t nlen = strlen(name); ++ size_t len = st_add(nlen, 1); ++ ++ if(len >= INT_MAX) ++ die("path_name(): path is too long."); + + for (p = path; p; p = p->up) { + if (p->elem_len) + len += p->elem_len + 1; ++ if(len >= INT_MAX) ++ die("path_name(): path is too long."); + } + n = xmalloc(len); + m = n + len - (nlen + 1); +- strcpy(m, name); ++ memcpy(m, name, nlen + 1); + for (p = path; p; p = p->up) { + if (p->elem_len) { + m -= p->elem_len + 1; +-- +2.8.1 + diff --git a/git.spec b/git.spec index deea97f..41c3be9 100644 --- a/git.spec +++ b/git.spec @@ -71,6 +71,8 @@ Patch8: 0002-transport-add-a-protocol-whitelist-environment-varia.patch Patch9: 0003-transport-refactor-protocol-whitelist-code.patch Patch10: 0004-http-limit-redirection-to-protocol-whitelist.patch Patch11: 0005-http-limit-redirection-depth.patch +# CVE-2016-2315 / CVE-2016-2324 +Patch12: 0001-Fix-CVE-2016-2315-CVE-2016-2324.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -283,6 +285,7 @@ Requires: emacs-git = %{version}-%{release} %patch9 -p1 %patch10 -p1 %patch11 -p1 +%patch12 -p1 %if %{use_prebuilt_docs} mkdir -p prebuilt_docs/{html,man} @@ -576,6 +579,7 @@ rm -rf %{buildroot} %changelog * Mon Apr 18 2016 Todd Zullinger - 1.8.2.3-1 - Update to 1.8.2.3 +- Apply Petr's fix for CVE-2016-2315 CVE-2016-2324 from el6 (#1318252) * Sun Nov 01 2015 Petr Stodulka - 1.8.2.1-2 - fix arbitrary code execution via crafted URLs From a5e5a352fef879bbc8b0efc1e50f2c94ca4069ad Mon Sep 17 00:00:00 2001 From: Petr Stodulka Date: Wed, 29 Mar 2017 13:28:22 +0200 Subject: [PATCH 24/24] Resolves: CVE-2014-9938 do not put unsanitized branch names in $PS1 --- 0007-git-prompt.patch | 53 +++++++++++++++++++++++++++++++++++++++++++ git.spec | 9 +++++++- 2 files changed, 61 insertions(+), 1 deletion(-) create mode 100644 0007-git-prompt.patch diff --git a/0007-git-prompt.patch b/0007-git-prompt.patch new file mode 100644 index 0000000..a179403 --- /dev/null +++ b/0007-git-prompt.patch @@ -0,0 +1,53 @@ +From 7e546ae76da784185ba9515ed86e435ba17fdd65 Mon Sep 17 00:00:00 2001 +From: Petr Stodulka +Date: Wed, 29 Mar 2017 13:08:28 +0200 +Subject: [PATCH] git-prompt.sh: don't put unsanitized branch names in $PS1 + +--- + contrib/completion/git-prompt.sh | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/contrib/completion/git-prompt.sh b/contrib/completion/git-prompt.sh +index eaf5c36..2c872e5 100644 +--- a/contrib/completion/git-prompt.sh ++++ b/contrib/completion/git-prompt.sh +@@ -360,8 +360,11 @@ __git_ps1 () + fi + + local f="$w$i$s$u" ++ b=${b##refs/heads/} + if [ $pcmode = yes ]; then + local gitstring= ++ __git_ps1_branch_name=$b ++ b="\${__git_ps1_branch_name}" + if [ -n "${GIT_PS1_SHOWCOLORHINTS-}" ]; then + local c_red='\e[31m' + local c_green='\e[32m' +@@ -371,7 +374,7 @@ __git_ps1 () + local ok_color=$c_green + local branch_color="$c_clear" + local flags_color="$c_lblue" +- local branchstring="$c${b##refs/heads/}" ++ local branchstring="$c$b" + + if [ $detached = no ]; then + branch_color="$ok_color" +@@ -400,13 +403,13 @@ __git_ps1 () + fi + gitstring="$gitstring\[$c_clear\]$r$p" + else +- gitstring="$c${b##refs/heads/}${f:+ $f}$r$p" ++ gitstring="$c$b${f:+ $f}$r$p" + fi + gitstring=$(printf -- "$printf_format" "$gitstring") + PS1="$ps1pc_start$gitstring$ps1pc_end" + else + # NO color option unless in PROMPT_COMMAND mode +- printf -- "$printf_format" "$c${b##refs/heads/}${f:+ $f}$r$p" ++ printf -- "$printf_format" "$c$b${f:+ $f}$r$p" + fi + fi + } +-- +2.5.5 + diff --git a/git.spec b/git.spec index 41c3be9..5cd6728 100644 --- a/git.spec +++ b/git.spec @@ -44,7 +44,7 @@ Name: git Version: 1.8.2.3 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Fast Version Control System License: GPLv2 Group: Development/Tools @@ -73,6 +73,8 @@ Patch10: 0004-http-limit-redirection-to-protocol-whitelist.patch Patch11: 0005-http-limit-redirection-depth.patch # CVE-2016-2315 / CVE-2016-2324 Patch12: 0001-Fix-CVE-2016-2315-CVE-2016-2324.patch +# CVE-2014-9938 +Patch13: 0007-git-prompt.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -286,6 +288,7 @@ Requires: emacs-git = %{version}-%{release} %patch10 -p1 %patch11 -p1 %patch12 -p1 +%patch13 -p1 %if %{use_prebuilt_docs} mkdir -p prebuilt_docs/{html,man} @@ -577,6 +580,10 @@ rm -rf %{buildroot} # No files for you! %changelog +* Wed Mar 29 2017 Petr Stodulka - 1.8.2.3-2 +- do not put unsanitized branch names in $PS1 + Resolves: CVE-2014-9938 + * Mon Apr 18 2016 Todd Zullinger - 1.8.2.3-1 - Update to 1.8.2.3 - Apply Petr's fix for CVE-2016-2315 CVE-2016-2324 from el6 (#1318252)