diff --git a/0001-t-lib-gpg-use-with-colons-when-parsing-gpgsm-output.patch b/0001-t-lib-gpg-use-with-colons-when-parsing-gpgsm-output.patch new file mode 100644 index 0000000..5c003a5 --- /dev/null +++ b/0001-t-lib-gpg-use-with-colons-when-parsing-gpgsm-output.patch @@ -0,0 +1,47 @@ +From e155951262e6dea419db8b9010342b08b487f96a Mon Sep 17 00:00:00 2001 +From: Todd Zullinger +Date: Thu, 25 Nov 2021 05:05:08 -0500 +Subject: [PATCH] t/lib-gpg: use --with-colons when parsing gpgsm output +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The output of `gpgsm -K` changed in gnupg-2.3¹, breaking the parsing +used by the GPGSM prereq. + +Use the `--with-colons` options for stable, machine-parseable output. +This allows the grep/cut/tr pipeline (and the subsequent echo which +appends ' S relax') to be replaced with a single call to awk to create +the ${GNUPGHOME}/trustlist.txt file. + +¹ https://dev.gnupg.org/rGe7d70923901e is the change in 2.3, while + https://dev.gnupg.org/rG9c57de75cf36 is the similar change in 2.2. + + The latter says: Here in 2.2 we keep the string "fingerprint:" and no + not change it to "sha1 fpr" as we did in master (2.3). (sic) + +Signed-off-by: Todd Zullinger +--- + t/lib-gpg.sh | 8 +++----- + 1 file changed, 3 insertions(+), 5 deletions(-) + +diff --git a/t/lib-gpg.sh b/t/lib-gpg.sh +index a3f285f515..cbbf74e725 100644 +--- a/t/lib-gpg.sh ++++ b/t/lib-gpg.sh +@@ -72,12 +72,10 @@ test_lazy_prereq GPGSM ' + --passphrase-fd 0 --pinentry-mode loopback \ + --import "$TEST_DIRECTORY"/lib-gpg/gpgsm_cert.p12 && + +- gpgsm --homedir "${GNUPGHOME}" -K | +- grep fingerprint: | +- cut -d" " -f4 | +- tr -d "\\n" >"${GNUPGHOME}/trustlist.txt" && ++ gpgsm --homedir "${GNUPGHOME}" -K --with-colons | ++ awk -F ":" "/^fpr:/ {printf \"%s S relax\\n\", \$10}" \ ++ >"${GNUPGHOME}/trustlist.txt" && + +- echo " S relax" >>"${GNUPGHOME}/trustlist.txt" && + echo hello | gpgsm --homedir "${GNUPGHOME}" >/dev/null \ + -u committer@example.com -o /dev/null --sign - + ' diff --git a/0001-t-lib-httpd-try-harder-to-find-a-port-for-apache.patch b/0001-t-lib-httpd-try-harder-to-find-a-port-for-apache.patch deleted file mode 100644 index 733f9c0..0000000 --- a/0001-t-lib-httpd-try-harder-to-find-a-port-for-apache.patch +++ /dev/null @@ -1,73 +0,0 @@ -From 89ccbc15948db9ddbf74530e3fd66dd78ae897ae Mon Sep 17 00:00:00 2001 -From: Todd Zullinger -Date: Sun, 21 Aug 2022 13:49:57 -0400 -Subject: [PATCH] t/lib-httpd: try harder to find a port for apache -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -When running multiple builds concurrently, tests which run daemons, like -apache httpd, sometimes conflict with each other, leading to spurious -failures: - - ++ /usr/sbin/httpd -d '/tmp/git-t.ck9I/trash directory.t9118-git-svn-funky-branch-names/httpd' \ - -f /builddir/build/BUILD/git-2.37.2/t/lib-httpd/apache.conf -DDAV -DSVN -c 'Listen 127.0.0.1:9118' \ - -k start - (98)Address already in use: AH00072: make_sock: could not bind to address 127.0.0.1:9118 - no listening sockets available, shutting down - AH00015: Unable to open logs - ++ test 1 -ne 0 - -Try a bit harder to find an open port to use to avoid these intermittent -failures. If we fail to start httpd, increment the port number and try -again. By default, we make 3 attempts. This may be overridden by -setting GIT_TEST_START_HTTPD_TRIES to a different value. - -Helped-by: Ondřej Pohořelský -Signed-off-by: Todd Zullinger ---- - t/lib-httpd.sh | 29 ++++++++++++++++++----------- - 1 file changed, 18 insertions(+), 11 deletions(-) - -diff --git a/t/lib-httpd.sh b/t/lib-httpd.sh -index 2fb1b2ae56..4afdf5a6aa 100644 ---- a/t/lib-httpd.sh -+++ b/t/lib-httpd.sh -@@ -206,19 +206,26 @@ enable_cgipassauth () { - } - - start_httpd() { -- prepare_httpd >&3 2>&4 -- - test_atexit stop_httpd - -- "$LIB_HTTPD_PATH" -d "$HTTPD_ROOT_PATH" \ -- -f "$TEST_PATH/apache.conf" $HTTPD_PARA \ -- -c "Listen 127.0.0.1:$LIB_HTTPD_PORT" -k start \ -- >&3 2>&4 -- if test $? -ne 0 -- then -- cat "$HTTPD_ROOT_PATH"/error.log >&4 2>/dev/null -- test_skip_or_die GIT_TEST_HTTPD "web server setup failed" -- fi -+ i=0 -+ while test $i -lt ${GIT_TEST_START_HTTPD_TRIES:-3} -+ do -+ i=$(($i + 1)) -+ prepare_httpd >&3 2>&4 -+ say >&3 "Starting httpd on port $LIB_HTTPD_PORT" -+ "$LIB_HTTPD_PATH" -d "$HTTPD_ROOT_PATH" \ -+ -f "$TEST_PATH/apache.conf" $HTTPD_PARA \ -+ -c "Listen 127.0.0.1:$LIB_HTTPD_PORT" -k start \ -+ >&3 2>&4 -+ test $? -eq 0 && return -+ LIB_HTTPD_PORT=$(($LIB_HTTPD_PORT + 1)) -+ export LIB_HTTPD_PORT -+ # clean up modules symlink, prepare_httpd will re-create it -+ rm -f "$HTTPD_ROOT_PATH/modules" -+ done -+ cat "$HTTPD_ROOT_PATH"/error.log >&4 2>/dev/null -+ test_skip_or_die GIT_TEST_HTTPD "web server setup failed" - } - - stop_httpd() { diff --git a/0002-t-lib-git-daemon-try-harder-to-find-a-port.patch b/0002-t-lib-git-daemon-try-harder-to-find-a-port.patch deleted file mode 100644 index 37637bc..0000000 --- a/0002-t-lib-git-daemon-try-harder-to-find-a-port.patch +++ /dev/null @@ -1,88 +0,0 @@ -From e90e1068ddc9cfa3badd23b16a46c57ed6d8308a Mon Sep 17 00:00:00 2001 -From: Todd Zullinger -Date: Fri, 26 Aug 2022 18:28:44 -0400 -Subject: [PATCH] t/lib-git-daemon: try harder to find a port - -As with the previous commit, try harder to find an open port to avoid -intermittent failures on busy/shared build systems. - -By default, we make 3 attempts. This may be overridden by setting -GIT_TEST_START_GIT_DAEMON_TRIES to a different value. - -Signed-off-by: Todd Zullinger ---- - t/lib-git-daemon.sh | 60 ++++++++++++++++++++++++++++----------------- - 1 file changed, 37 insertions(+), 23 deletions(-) - -diff --git a/t/lib-git-daemon.sh b/t/lib-git-daemon.sh -index e62569222b..c3e8dda9ff 100644 ---- a/t/lib-git-daemon.sh -+++ b/t/lib-git-daemon.sh -@@ -51,30 +51,44 @@ start_git_daemon() { - registered_stop_git_daemon_atexit_handler=AlreadyDone - fi - -- say >&3 "Starting git daemon ..." -- mkfifo git_daemon_output -- ${LIB_GIT_DAEMON_COMMAND:-git daemon} \ -- --listen=127.0.0.1 --port="$LIB_GIT_DAEMON_PORT" \ -- --reuseaddr --verbose --pid-file="$GIT_DAEMON_PIDFILE" \ -- --base-path="$GIT_DAEMON_DOCUMENT_ROOT_PATH" \ -- "$@" "$GIT_DAEMON_DOCUMENT_ROOT_PATH" \ -- >&3 2>git_daemon_output & -- GIT_DAEMON_PID=$! -- { -- read -r line <&7 -- printf "%s\n" "$line" >&4 -- cat <&7 >&4 & -- } 7&3 "Starting git daemon on port $LIB_GIT_DAEMON_PORT ..." -+ mkfifo git_daemon_output -+ ${LIB_GIT_DAEMON_COMMAND:-git daemon} \ -+ --listen=127.0.0.1 --port="$LIB_GIT_DAEMON_PORT" \ -+ --reuseaddr --verbose --pid-file="$GIT_DAEMON_PIDFILE" \ -+ --base-path="$GIT_DAEMON_DOCUMENT_ROOT_PATH" \ -+ "$@" "$GIT_DAEMON_DOCUMENT_ROOT_PATH" \ -+ >&3 2>git_daemon_output & -+ GIT_DAEMON_PID=$! -+ { -+ read -r line <&7 -+ printf "%s\n" "$line" >&4 -+ cat <&7 >&4 & -+ } 7 +Date: Thu, 25 Nov 2021 08:07:32 -0500 +Subject: [PATCH] t/lib-gpg: reload gpg components after updating trustlist + +With gpgsm from gnupg-2.3, the changes to the trustlist.txt do not +appear to be picked up without refreshing the gpg-agent. Use the 'all' +keyword to reload all of the gpg components. The scdaemon is started as +a child of gpg-agent, for example. + +We used to have a --kill at this spot, but I removed it in 2e285e7803 +(t/lib-gpg: drop redundant killing of gpg-agent, 2019-02-07). It seems +like it might be necessary (again) for 2.3. + +Signed-off-by: Todd Zullinger +--- + t/lib-gpg.sh | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/t/lib-gpg.sh b/t/lib-gpg.sh +index cbbf74e725..d675698a2d 100644 +--- a/t/lib-gpg.sh ++++ b/t/lib-gpg.sh +@@ -75,6 +75,7 @@ test_lazy_prereq GPGSM ' + gpgsm --homedir "${GNUPGHOME}" -K --with-colons | + awk -F ":" "/^fpr:/ {printf \"%s S relax\\n\", \$10}" \ + >"${GNUPGHOME}/trustlist.txt" && ++ (gpgconf --reload all || : ) && + + echo hello | gpgsm --homedir "${GNUPGHOME}" >/dev/null \ + -u committer@example.com -o /dev/null --sign - diff --git a/0003-t-lib-git-svn-try-harder-to-find-a-port.patch b/0003-t-lib-git-svn-try-harder-to-find-a-port.patch deleted file mode 100644 index 905174e..0000000 --- a/0003-t-lib-git-svn-try-harder-to-find-a-port.patch +++ /dev/null @@ -1,85 +0,0 @@ -From 41423d666fd52eaa6aa2b44a0de1b81d0857ca06 Mon Sep 17 00:00:00 2001 -From: Todd Zullinger -Date: Fri, 26 Aug 2022 18:28:44 -0400 -Subject: [PATCH] t/lib-git-svn: try harder to find a port - -As with the previous commits, try harder to find an open port to avoid -intermittent failures on busy/shared build systems. - -By default, we make 3 attempts. This may be overridden by setting -GIT_TEST_START_SVNSERVE_TRIES to a different value. - -Run svnserve in daemon mode and use 'test_atexit' to stop it. This is -cleaner than running in the foreground with --listen-once and having to -manage the PID ourselves. - -Signed-off-by: Todd Zullinger ---- - t/lib-git-svn.sh | 34 +++++++++++++++++++++++++---- - t/t9113-git-svn-dcommit-new-file.sh | 1 - - 2 files changed, 30 insertions(+), 5 deletions(-) - -diff --git a/t/lib-git-svn.sh b/t/lib-git-svn.sh -index ea28971e8e..04e660e2ba 100644 ---- a/t/lib-git-svn.sh -+++ b/t/lib-git-svn.sh -@@ -17,6 +17,7 @@ fi - GIT_DIR=$PWD/.git - GIT_SVN_DIR=$GIT_DIR/svn/refs/remotes/git-svn - SVN_TREE=$GIT_SVN_DIR/svn-tree -+SVNSERVE_PIDFILE="$PWD"/daemon.pid - test_set_port SVNSERVE_PORT - - svn >/dev/null 2>&1 -@@ -119,10 +120,35 @@ require_svnserve () { - } - - start_svnserve () { -- svnserve --listen-port $SVNSERVE_PORT \ -- --root "$rawsvnrepo" \ -- --listen-once \ -- --listen-host 127.0.0.1 & -+ test_atexit stop_svnserve -+ -+ i=0 -+ while test $i -lt ${GIT_TEST_START_SVNSERVE_TRIES:-3} -+ do -+ say >&3 "Starting svnserve on port $SVNSERVE_PORT ..." -+ svnserve --listen-port $SVNSERVE_PORT \ -+ --root "$rawsvnrepo" \ -+ --daemon --pid-file="$SVNSERVE_PIDFILE" \ -+ --listen-host 127.0.0.1 -+ ret=$? -+ # increment port and retry if unsuccessful -+ if test $ret -ne 0 -+ then -+ SVNSERVE_PORT=$(($SVNSERVE_PORT + 1)) -+ export SVNSERVE_PORT -+ else -+ break -+ fi -+ done -+} -+ -+stop_svnserve () { -+ say >&3 "Stopping svnserve ..." -+ SVNSERVE_PID="$(cat "$SVNSERVE_PIDFILE")" -+ if test -n "$SVNSERVE_PID" -+ then -+ kill "$SVNSERVE_PID" 2>/dev/null -+ fi - } - - prepare_utf8_locale () { -diff --git a/t/t9113-git-svn-dcommit-new-file.sh b/t/t9113-git-svn-dcommit-new-file.sh -index e8479cec7a..5925891f5d 100755 ---- a/t/t9113-git-svn-dcommit-new-file.sh -+++ b/t/t9113-git-svn-dcommit-new-file.sh -@@ -28,7 +28,6 @@ test_expect_success 'create files in new directory with dcommit' " - echo hello > git-new-dir/world && - git update-index --add git-new-dir/world && - git commit -m hello && -- start_svnserve && - git svn dcommit - " - diff --git a/0003-t-lib-gpg-kill-all-gpg-components-not-just-gpg-agent.patch b/0003-t-lib-gpg-kill-all-gpg-components-not-just-gpg-agent.patch new file mode 100644 index 0000000..2905564 --- /dev/null +++ b/0003-t-lib-gpg-kill-all-gpg-components-not-just-gpg-agent.patch @@ -0,0 +1,40 @@ +From da340dd76714474126f73f6b53087da0ffd4e8d8 Mon Sep 17 00:00:00 2001 +From: Todd Zullinger +Date: Fri, 26 Nov 2021 21:11:54 -0500 +Subject: [PATCH] t/lib-gpg: kill all gpg components, not just gpg-agent + +The gpg-agent is one of several processes that newer releases of GnuPG +start automatically. Issue a kill to each of them to ensure they do not +affect separate tests. (Yes, the separate GNUPGHOME should do that +already. If we find that is case, we could drop the --kill entirely.) + +In terms of compatibility, the 'all' keyword was added to the --kill & +--reload options in GnuPG 2.1.18. Debian and RHEL are often used as +indicators of how a change might affect older systems we often try to +support. + + - Debian Strech (old old stable), which has limited security support + until June 2022, has GnuPG 2.1.18 (or 2.2.x in backports). + + - CentOS/RHEL 7, which is supported until June 2024, has GnuPG + 2.0.22, which lacks the --kill option, so the change won't have + any impact. + +Signed-off-by: Todd Zullinger +--- + t/lib-gpg.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/t/lib-gpg.sh b/t/lib-gpg.sh +index d675698a2d..2bb309a8c1 100644 +--- a/t/lib-gpg.sh ++++ b/t/lib-gpg.sh +@@ -40,7 +40,7 @@ test_lazy_prereq GPG ' + # > lib-gpg/ownertrust + mkdir "$GNUPGHOME" && + chmod 0700 "$GNUPGHOME" && +- (gpgconf --kill gpg-agent || : ) && ++ (gpgconf --kill all || : ) && + gpg --homedir "${GNUPGHOME}" --import \ + "$TEST_DIRECTORY"/lib-gpg/keyring.gpg && + gpg --homedir "${GNUPGHOME}" --import-ownertrust \ diff --git a/0004-t4202-match-gpgsm-output-from-GnuPG-2.3.patch b/0004-t4202-match-gpgsm-output-from-GnuPG-2.3.patch new file mode 100644 index 0000000..005ace7 --- /dev/null +++ b/0004-t4202-match-gpgsm-output-from-GnuPG-2.3.patch @@ -0,0 +1,33 @@ +From d1efcac68414b80cc0fd7b7e3b4781f313d98697 Mon Sep 17 00:00:00 2001 +From: Todd Zullinger +Date: Sat, 27 Nov 2021 05:31:13 -0500 +Subject: [PATCH] t4202: match gpgsm output from GnuPG 2.3 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +In GnuPG 2.3, the output from gpgsm when a certificate is not found +differs from that of earlier versions. This appears to be a bug¹, but +there are several releases in use now which have this output. Extend +the grep pattern to catch it rather than failing the test. + +¹ https://lists.gnupg.org/pipermail/gnupg-devel/2021-November/034991.html + +Signed-off-by: Todd Zullinger +--- + t/t4202-log.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/t/t4202-log.sh b/t/t4202-log.sh +index 7884e3d46b..c69f9ac469 100755 +--- a/t/t4202-log.sh ++++ b/t/t4202-log.sh +@@ -1851,7 +1851,7 @@ test_expect_success GPGSM 'log --graph --show-signature for merged tag x509 miss + git merge --no-ff -m msg signed_tag_x509_nokey && + GNUPGHOME=. git log --graph --show-signature -n1 plain-x509-nokey >actual && + grep "^|\\\ merged tag" actual && +- grep "^| | gpgsm: certificate not found" actual ++ grep -Ei "^| | gpgsm:( failed to find the)? certificate:? not found" actual + ' + + test_expect_success GPGSM 'log --graph --show-signature for merged tag x509 bad signature' ' diff --git a/0005-gpg-interface-match-SIG_CREATED-if-it-s-the-first-li.patch b/0005-gpg-interface-match-SIG_CREATED-if-it-s-the-first-li.patch new file mode 100644 index 0000000..458af9d --- /dev/null +++ b/0005-gpg-interface-match-SIG_CREATED-if-it-s-the-first-li.patch @@ -0,0 +1,48 @@ +From edb5eafc9945b2d400c2d777a9750cee06ab500f Mon Sep 17 00:00:00 2001 +From: Todd Zullinger +Date: Sat, 27 Nov 2021 02:55:47 -0500 +Subject: [PATCH] gpg-interface: match SIG_CREATED if it's the first line + +In `sign_buffer_gpg`, "\n[GNUPG:] SIG_CREATED " in the gpg status output +is used to signal a successful signature. This fails if "SIG_CREATED" +is the first line in the gpg output, as is the case with `gpgsm` in +GnuPG 2.3. + +In earlier versions of GnuPG, there was a debug line in the `gpgsm` +output which allowed the check in `sign_buffer_gpg` to work. This debug +line was removed from GnuPG in a6d2f3133 (sm: Replace some debug message +by log_error or log_info, 2020-04-21). + +The result is the `gpgsm --status-fd` output for a signing operation +starts with "[GNUPG:] SIG_CREATED" and we mistakenly report "gpg failed +to sign the data" to the user. The `gpg` command has other `[GNUPG:]` +output for signing operations, so it is not affected by this issue. +It's best not to rely on something as subtle and out of our control as +the order if the gnupg status messages. + +This likely went unnoticed because the GPGSM test prereq was failing for +a different reason with GnuPG 2.3. No tests failed, they were simply +skipped due to the missing GPGSM prereq. + +Signed-off-by: Todd Zullinger +--- + gpg-interface.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/gpg-interface.c b/gpg-interface.c +index 3e7255a2a9..d179dfb3ab 100644 +--- a/gpg-interface.c ++++ b/gpg-interface.c +@@ -859,6 +859,12 @@ static int sign_buffer_gpg(struct strbuf *buffer, struct strbuf *signature, + + bottom = signature->len; + ++ /* ++ * Ensure gpg_status begins with a newline or we'll fail to match if ++ * the SIG_CREATED line is at the start of the gpg output. ++ */ ++ strbuf_addch(&gpg_status, '\n'); ++ + /* + * When the username signingkey is bad, program could be terminated + * because gpg exits without reading and then write gets SIGPIPE. diff --git a/git-2.52-sanitize-sideband-channel-messages.patch b/git-2.52-sanitize-sideband-channel-messages.patch deleted file mode 100644 index 786cb39..0000000 --- a/git-2.52-sanitize-sideband-channel-messages.patch +++ /dev/null @@ -1,275 +0,0 @@ -From 65e88e659008e2cbf79cf44975406ff0d569a3a9 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= -Date: Thu, 20 Nov 2025 12:24:59 +0100 -Subject: [PATCH] sideband: mask control characters -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The output of `git clone` is a vital component for understanding what -has happened when things go wrong. However, these logs are partially -under the control of the remote server (via the "sideband", which -typically contains what the remote `git pack-objects` process sends to -`stderr`), and is currently not sanitized by Git. - -This makes Git susceptible to ANSI escape sequence injection (see -CWE-150, https://cwe.mitre.org/data/definitions/150.html), which allows -attackers to corrupt terminal state, to hide information, and even to -insert characters into the input buffer (i.e. as if the user had typed -those characters). - -To plug this vulnerability, disallow any control character in the -sideband, replacing them instead with the common `^` -(e.g. `^[` for `\x1b`, `^A` for `\x01`). - -There is likely a need for more fine-grained controls instead of using a -"heavy hammer" like this, which will be introduced subsequently. - -Signed-off-by: Johannes Schindelin - -sideband: introduce an "escape hatch" to allow control characters - -The preceding commit fixed the vulnerability whereas sideband messages -(that are under the control of the remote server) could contain ANSI -escape sequences that would be sent to the terminal verbatim. - -However, this fix may not be desirable under all circumstances, e.g. -when remote servers deliberately add coloring to their messages to -increase their urgency. - -To help with those use cases, give users a way to opt-out of the -protections: `sideband.allowControlCharacters`. - -Signed-off-by: Johannes Schindelin - -sideband: do allow ANSI color sequences by default - -The preceding two commits introduced special handling of the sideband -channel to neutralize ANSI escape sequences before sending the payload -to the terminal, and `sideband.allowControlCharacters` to override that -behavior. - -However, some `pre-receive` hooks that are actively used in practice -want to color their messages and therefore rely on the fact that Git -passes them through to the terminal. - -In contrast to other ANSI escape sequences, it is highly unlikely that -coloring sequences can be essential tools in attack vectors that mislead -Git users e.g. by hiding crucial information. - -Therefore we can have both: Continue to allow ANSI coloring sequences to -be passed to the terminal, and neutralize all other ANSI escape -sequences. - -Signed-off-by: Johannes Schindelin - -sideband: default to allowControlCharacters=true - -We don't want to change the default Git behaviour, just add the option -to filter control characters. - -Signed-off-by: Ondřej Pohořelský ---- - Documentation/config.adoc | 2 + - Documentation/config/sideband.adoc | 16 ++++++ - sideband.c | 78 ++++++++++++++++++++++++++++- - t/t5409-colorize-remote-messages.sh | 31 ++++++++++++ - 4 files changed, 125 insertions(+), 2 deletions(-) - create mode 100644 Documentation/config/sideband.adoc - -diff --git a/Documentation/config.adoc b/Documentation/config.adoc -index 62eebe7c54..dcea3c0c15 100644 ---- a/Documentation/config.adoc -+++ b/Documentation/config.adoc -@@ -523,6 +523,8 @@ include::config/sequencer.adoc[] - - include::config/showbranch.adoc[] - -+include::config/sideband.adoc[] -+ - include::config/sparse.adoc[] - - include::config/splitindex.adoc[] -diff --git a/Documentation/config/sideband.adoc b/Documentation/config/sideband.adoc -new file mode 100644 -index 0000000000..c9ba24a02c ---- /dev/null -+++ b/Documentation/config/sideband.adoc -@@ -0,0 +1,16 @@ -+sideband.allowControlCharacters:: -+ By default, control characters that are delivered via the sideband -+ are NOT masked. Use this config setting to prevent potentially -+ unwanted ANSI escape sequences from being sent to the terminal: -++ -+-- -+ color:: -+ Allow ANSI color sequences, line feeds and horizontal tabs, -+ but mask all other control characters. -+ false:: -+ Mask all control characters other than line feeds and -+ horizontal tabs. -+ true:: -+ Allow all control characters to be sent to the terminal. -+ This is the default. -+-- -\ No newline at end of file -diff --git a/sideband.c b/sideband.c -index ea7c25211e..88d1b44a7a 100644 ---- a/sideband.c -+++ b/sideband.c -@@ -26,6 +26,12 @@ static struct keyword_entry keywords[] = { - { "error", GIT_COLOR_BOLD_RED }, - }; - -+static enum { -+ ALLOW_NO_CONTROL_CHARACTERS = 0, -+ ALLOW_ALL_CONTROL_CHARACTERS = 1, -+ ALLOW_ANSI_COLOR_SEQUENCES = 2 -+} allow_control_characters = ALLOW_ALL_CONTROL_CHARACTERS; -+ - /* Returns a color setting (GIT_COLOR_NEVER, etc). */ - static enum git_colorbool use_sideband_colors(void) - { -@@ -39,6 +45,25 @@ static enum git_colorbool use_sideband_colors(void) - if (use_sideband_colors_cached != GIT_COLOR_UNKNOWN) - return use_sideband_colors_cached; - -+ switch (repo_config_get_maybe_bool(the_repository, "sideband.allowcontrolcharacters", &i)) { -+ case 0: /* Boolean value */ -+ allow_control_characters = i ? ALLOW_ALL_CONTROL_CHARACTERS : -+ ALLOW_NO_CONTROL_CHARACTERS; -+ break; -+ case -1: /* non-Boolean value */ -+ if (repo_config_get_string_tmp(the_repository, "sideband.allowcontrolcharacters", -+ &value)) -+ ; /* huh? `get_maybe_bool()` returned -1 */ -+ else if (!strcmp(value, "color")) -+ allow_control_characters = ALLOW_ANSI_COLOR_SEQUENCES; -+ else -+ warning(_("unrecognized value for `sideband." -+ "allowControlCharacters`: '%s'"), value); -+ break; -+ default: -+ break; /* not configured */ -+ } -+ - if (!repo_config_get_string_tmp(the_repository, key, &value)) - use_sideband_colors_cached = git_config_colorbool(key, value); - else if (!repo_config_get_string_tmp(the_repository, "color.ui", &value)) -@@ -66,6 +91,55 @@ void list_config_color_sideband_slots(struct string_list *list, const char *pref - list_config_item(list, prefix, keywords[i].keyword); - } - -+static int handle_ansi_color_sequence(struct strbuf *dest, const char *src, int n) -+{ -+ int i; -+ -+ /* -+ * Valid ANSI color sequences are of the form -+ * -+ * ESC [ [ [; ]*] m -+ */ -+ -+ if (allow_control_characters != ALLOW_ANSI_COLOR_SEQUENCES || -+ n < 3 || src[0] != '\x1b' || src[1] != '[') -+ return 0; -+ -+ for (i = 2; i < n; i++) { -+ if (src[i] == 'm') { -+ strbuf_add(dest, src, i + 1); -+ return i; -+ } -+ if (!isdigit(src[i]) && src[i] != ';') -+ break; -+ } -+ -+ return 0; -+} -+ -+static void strbuf_add_sanitized(struct strbuf *dest, const char *src, int n) -+{ -+ int i; -+ -+ if (allow_control_characters == ALLOW_ALL_CONTROL_CHARACTERS) { -+ strbuf_add(dest, src, n); -+ return; -+ } -+ -+ strbuf_grow(dest, n); -+ for (; n && *src; src++, n--) { -+ if (!iscntrl(*src) || *src == '\t' || *src == '\n') -+ strbuf_addch(dest, *src); -+ else if ((i = handle_ansi_color_sequence(dest, src, n))) { -+ src += i; -+ n -= i; -+ } else { -+ strbuf_addch(dest, '^'); -+ strbuf_addch(dest, 0x40 + *src); -+ } -+ } -+} -+ - /* - * Optionally highlight one keyword in remote output if it appears at the start - * of the line. This should be called for a single line only, which is -@@ -81,7 +155,7 @@ static void maybe_colorize_sideband(struct strbuf *dest, const char *src, int n) - int i; - - if (!want_color_stderr(use_sideband_colors())) { -- strbuf_add(dest, src, n); -+ strbuf_add_sanitized(dest, src, n); - return; - } - -@@ -114,7 +188,7 @@ static void maybe_colorize_sideband(struct strbuf *dest, const char *src, int n) - } - } - -- strbuf_add(dest, src, n); -+ strbuf_add_sanitized(dest, src, n); - } - - -diff --git a/t/t5409-colorize-remote-messages.sh b/t/t5409-colorize-remote-messages.sh -index fa5de4500a..2d40d8c640 100755 ---- a/t/t5409-colorize-remote-messages.sh -+++ b/t/t5409-colorize-remote-messages.sh -@@ -98,4 +98,35 @@ test_expect_success 'fallback to color.ui' ' - grep "error: error" decoded - ' - -+test_expect_success 'disallow (color) control sequences in sideband' ' -+ write_script .git/color-me-surprised <<-\EOF && -+ printf "error: Have you \\033[31mread\\033[m this?\\a\\n" >&2 -+ exec "$@" -+ EOF -+ test_config_global uploadPack.packObjectshook ./color-me-surprised && -+ test_commit need-at-least-one-commit && -+ -+ git -c sideband.allowControlCharacters=color \ -+ clone --no-local . throw-away 2>stderr && -+ test_decode_color decoded && -+ test_grep RED decoded && -+ test_grep "\\^G" stderr && -+ tr -dc "\\007" actual && -+ test_must_be_empty actual && -+ -+ rm -rf throw-away && -+ git -c sideband.allowControlCharacters=false \ -+ clone --no-local . throw-away 2>stderr && -+ test_decode_color decoded && -+ test_grep ! RED decoded && -+ test_grep "\\^G" stderr && -+ -+ rm -rf throw-away && -+ git -c sideband.allowControlCharacters clone --no-local . throw-away 2>stderr && -+ test_decode_color decoded && -+ test_grep RED decoded && -+ tr -dc "\\007" actual && -+ test_file_not_empty actual -+' -+ - test_done --- -2.51.1 - diff --git a/git-test-apache-davlockdbtype-config.patch b/git-test-apache-davlockdbtype-config.patch deleted file mode 100644 index 882006a..0000000 --- a/git-test-apache-davlockdbtype-config.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff -ur b/t/lib-httpd/apache.conf a/t/lib-httpd/apache.conf ---- b/t/lib-httpd/apache.conf 2024-01-09 11:06:46.660868023 +0100 -+++ a/t/lib-httpd/apache.conf 2024-01-09 11:09:09.572713625 +0100 -@@ -272,7 +272,9 @@ - - LoadModule dav_module modules/mod_dav.so - LoadModule dav_fs_module modules/mod_dav_fs.so -- -+ -+ DavLockDBType sdbm -+ - DAVLockDB DAVLock - - Dav on diff --git a/git.rpmlintrc b/git.rpmlintrc index 8b09c35..9fd93ce 100644 --- a/git.rpmlintrc +++ b/git.rpmlintrc @@ -1,3 +1,5 @@ +from Config import * + # the dictionary is a bit limited addFilter("git.* spelling-error %description .* subpackages") addFilter("git-subtree.* spelling-error %description .* (subdirectory|subproject|subtree)") @@ -5,9 +7,6 @@ addFilter("git-subtree.* spelling-error %description .* (subdirectory|subproject # git-core-doc requires git-core, which provides the symlink target addFilter("git(-core-doc)?\..*: W: dangling-relative-symlink /usr/share/doc/git/contrib/hooks ../../../git-core/contrib/hooks") -# gitk requires git, which provides the symlink target -addFilter("gitk\.noarch: W: dangling-relative-symlink /usr/share/bash-completion/completions/gitk git") - # git-gui requires git, which provides the git binary addFilter("git-gui.noarch: W: desktopfile-without-binary /usr/share/applications/git-gui.desktop git") @@ -24,19 +23,5 @@ addFilter("git-core\..*: W: no-manual-page-for-binary") # similarly ignore the warning when git-cvs and git-p4 are disabled addFilter("git.* obsolete-not-provided git-(cvs|gnome-keyring|p4)") -# git-svn has both man and html docs and only a single command -addFilter('git-svn\..*: W: package-with-huge-docs') - -# ignore potential "bashisms" in docs -addFilter('git-core-doc\.noarch: W: potential-bashisms /usr/share/doc/git/') - -# ignore unused-direct-shlib-dependency for libpcre; while it probably could be -# removed from some binaries, the cost of doing so isn't worth the gain. -addFilter('git-(core|daemon)\..*: W: unused-direct-shlib-dependency .* /lib64/libpcre2-.*') - -# ignore duplicate gvimdiff/nvimdiff files; they are only 29 bytes, sourcing the same base -# vimdiff mergetool -addFilter('git-core\..*: W: files-duplicate /usr/libexec/git-core/mergetools/[gn]vimdiff') - -# ignore non-standard-dir-in-var for gitweb (#479613) -addFilter('gitweb.noarch: W: non-standard-dir-in-var www') +# we BR emacs which requires emacs-common and provides %{_emacs_version} +addFilter("git.(spec|src): .* Possible unexpanded macro in: Requires:.*emacs-filesystem >= %{_emacs_version}") diff --git a/git.skip-test-patterns b/git.skip-test-patterns index a310f5a..1f1f8b1 100644 --- a/git.skip-test-patterns +++ b/git.skip-test-patterns @@ -1,28 +1,22 @@ -^ok 1 # SKIP enable client-side http/2 \(missing HTTP2\)$ expensive 2GB clone test; enable with GIT_TEST_CLONE_2GB=true filesystem does not corrupt utf-8 -fsmonitor--daemon is not supported on this platform GIT_SKIP_TESTS missing AUTOIDENT -missing BUILTIN_TXT_ missing CASE_INSENSITIVE_FS missing DONTHAVEIT -missing ([!]LONG_IS_64BIT,)?EXPENSIVE -missing FSMONITOR_DAEMON +missing EXPENSIVE missing JGIT missing !?LAZY_(TRUE|FALSE) missing MINGW missing NATIVE_CRLF missing !PCRE missing !PTHREADS -missing !REFFILES missing RFC1991 missing RUNTIME_PREFIX missing SYMLINKS_WINDOWS missing TAR_NEEDS_PAX_FALLBACK missing UTF8_NFD_TO_NFC missing WINDOWS -skipped: skip all tests in t5559 skipping case insensitive tests skipping git p4 tests skipping remote-svn tests, python not available @@ -30,4 +24,3 @@ skipping svn-info test skipping Windows-(only path|specific) tests Test requiring writable / skipped used to test external credential helpers -You must set env var GIT_TEST_ALLOW_SUDO=YES in order to run this test diff --git a/git.spec b/git.spec index 49c55d0..15b92a5 100644 --- a/git.spec +++ b/git.spec @@ -6,6 +6,13 @@ %global gitexecdir %{_libexecdir}/git-core +# Settings for Fedora >= 34 +%if 0%{?fedora} >= 34 +%bcond_with emacs +%else +%bcond_without emacs +%endif + # Settings for Fedora %if 0%{?fedora} # linkchecker is not available on EL @@ -14,16 +21,8 @@ %bcond_with linkcheck %endif -# Settings for Fedora >= 38 and EL >= 10 -%if 0%{?fedora} >= 38 || 0%{?rhel} >= 10 -%bcond_with perl_modcompat -%else -%bcond_without perl_modcompat -%endif - -# Settings for Fedora and EL == 9 -# In EL >= 10 docbook5-style-xsl, needed by asciidoctor, is unwanted package -%if 0%{?fedora} || 0%{?rhel} == 9 +# Settings for Fedora and EL >= 9 +%if 0%{?fedora} || 0%{?rhel} >= 9 %bcond_without asciidoctor %else %bcond_with asciidoctor @@ -40,13 +39,18 @@ %else %bcond_without python2 %bcond_with python3 -%global build_cflags %{build_cflags} -fPIC -std=gnu99 %global gitweb_httpd_conf git.conf %global use_glibc_langpacks 0 %global use_perl_generators 0 %global use_perl_interpreter 0 %endif +# Settings for Fedora and EL >= 7 +%if 0%{?fedora} || 0%{?rhel} >= 7 +%global bashcompdir %(pkg-config --variable=completionsdir bash-completion 2>/dev/null) +%global bashcomproot %(dirname %{bashcompdir} 2>/dev/null) +%endif + # Allow cvs subpackage to be toggled via --with/--without # Disable cvs subpackage by default on EL >= 8 %if 0%{?rhel} >= 8 @@ -59,11 +63,11 @@ %bcond_without libsecret # Allow p4 subpackage to be toggled via --with/--without -# Disable p4 package by default on EL >= 10 -%if 0%{?rhel} >= 10 -%bcond_with p4 -%else +# Disable by default if we lack python2 or python3 support +%if %{with python2} || %{with python3} %bcond_without p4 +%else +%bcond_with p4 %endif # Hardening flags for EL-7 @@ -71,27 +75,17 @@ %global _hardened_build 1 %endif -# Define %%bash_completions_dir for EL <= 9 -%{?!bash_completions_dir:%global bash_completions_dir %{_datadir}/bash-completion/completions} - -# Set path to the package-notes linker script -%global _package_note_file %{_builddir}/%{name}-%{real_version}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld +# Define for release candidates +#global rcrev .rc0 Name: git -Version: 2.52.0 -Release: 1%{?dist} +Version: 2.34.3 +Release: 1%{?rcrev}%{?dist} Summary: Fast Version Control System -License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT +License: GPLv2 URL: https://git-scm.com/ - -# Note: real_version must be defined _after_ Version -%global real_version %(echo %{version} | tr '~' '.') - -# Adjust Source URL path for release candidates -%global rcpath %(test "%{version}" = "%{real_version}" || echo testing/) - -Source0: https://www.kernel.org/pub/software/scm/git/%{rcpath}%{name}-%{real_version}.tar.xz -Source1: https://www.kernel.org/pub/software/scm/git/%{rcpath}%{name}-%{real_version}.tar.sign +Source0: https://www.kernel.org/pub/software/scm/git/%{?rcrev:testing/}%{name}-%{version}%{?rcrev}.tar.xz +Source1: https://www.kernel.org/pub/software/scm/git/%{?rcrev:testing/}%{name}-%{version}%{?rcrev}.tar.sign # Junio C Hamano's key is used to sign git releases, it can be found in the # junio-gpg-pub tag within git. @@ -118,30 +112,16 @@ Source99: print-failed-test-output # https://bugzilla.redhat.com/490602 Patch0: git-cvsimport-Ignore-cvsps-2.2b1-Branches-output.patch -# https://bugzilla.redhat.com/2114531 -# tests: try harder to find open ports for apache, git, and svn -# -# https://github.com/tmzullinger/git/commit/aedeaaf788 -Patch1: 0001-t-lib-httpd-try-harder-to-find-a-port-for-apache.patch -# https://github.com/tmzullinger/git/commit/16750d024c -Patch2: 0002-t-lib-git-daemon-try-harder-to-find-a-port.patch -# https://github.com/tmzullinger/git/commit/aa5105dc11 -Patch3: 0003-t-lib-git-svn-try-harder-to-find-a-port.patch - -# Configurates Apache test server to use `DavLockDBType sdbm` -# Prevents t5540 failures on i686, s390x and ppc64le -Patch5: git-test-apache-davlockdbtype-config.patch - -# Adds the option to sanitize sideband channel messages -# CVE-2024-52005 wasn't fixed by upstream. This patch adds the option to harden Git against it. -# The default behaviour of Git remains unchanged. -# -# https://github.com/gitgitgadget/git/pull/1853 -Patch6: git-2.52-sanitize-sideband-channel-messages.patch +# Fix a few tests and issues with gnupg-2.3 +Patch1: 0001-t-lib-gpg-use-with-colons-when-parsing-gpgsm-output.patch +Patch2: 0002-t-lib-gpg-reload-gpg-components-after-updating-trust.patch +Patch3: 0003-t-lib-gpg-kill-all-gpg-components-not-just-gpg-agent.patch +Patch4: 0004-t4202-match-gpgsm-output-from-GnuPG-2.3.patch +Patch5: 0005-gpg-interface-match-SIG_CREATED-if-it-s-the-first-li.patch %if %{with docs} # pod2man is needed to build Git.3pm -BuildRequires: perl-podlators +BuildRequires: %{_bindir}/pod2man %if %{with asciidoctor} BuildRequires: docbook5-style-xsl BuildRequires: rubygem-asciidoctor @@ -149,6 +129,7 @@ BuildRequires: rubygem-asciidoctor BuildRequires: asciidoc >= 8.4.1 %endif # endif with asciidoctor +BuildRequires: perl(File::Compare) BuildRequires: xmlto %if %{with linkcheck} BuildRequires: linkchecker @@ -159,6 +140,10 @@ BuildRequires: linkchecker BuildRequires: coreutils BuildRequires: desktop-file-utils BuildRequires: diffutils +%if %{with emacs} +BuildRequires: emacs-common +%endif +# endif emacs-common %if 0%{?rhel} && 0%{?rhel} < 9 # Require epel-rpm-macros for the %%gpgverify macro on EL-7/EL-8, and # %%build_cflags & %%build_ldflags on EL-7. @@ -170,7 +155,6 @@ BuildRequires: findutils BuildRequires: gawk BuildRequires: gcc BuildRequires: gettext -BuildRequires: glibc-utils BuildRequires: gnupg2 BuildRequires: libcurl-devel BuildRequires: make @@ -178,6 +162,7 @@ BuildRequires: openssl-devel BuildRequires: pcre2-devel BuildRequires: perl(Error) BuildRequires: perl(lib) +BuildRequires: perl(Test) %if %{use_perl_generators} BuildRequires: perl-generators %endif @@ -190,11 +175,8 @@ BuildRequires: perl # endif use_perl_interpreter BuildRequires: pkgconfig(bash-completion) BuildRequires: sed -%if 0%{?fedora} || 0%{?rhel} >= 8 -BuildRequires: systemd-rpm-macros -%else +# For macros BuildRequires: systemd -%endif BuildRequires: tcl BuildRequires: tk BuildRequires: xz @@ -203,15 +185,11 @@ BuildRequires: zlib-devel >= 1.2 %if %{with tests} # Test suite requirements BuildRequires: acl -%if (0%{?fedora} && 0%{?fedora} < 40) || (0%{?rhel} >= 8 && 0%{?rhel} < 10) -# Needed by t5540-http-push-webdav.sh; recent httpd obviates this +%if 0%{?fedora} || 0%{?rhel} >= 8 +# Needed by t5540-http-push-webdav.sh BuildRequires: apr-util-bdb %endif -%if 0%{?fedora} || 0%{?rhel} >= 8 -# Needed by t5559-http-fetch-smart-http2.sh -BuildRequires: mod_http2 -%endif -# endif fedora or rhel >= 8 +# endif fedora >= 27 BuildRequires: bash %if %{with cvs} BuildRequires: cvs @@ -230,22 +208,17 @@ BuildRequires: glibc-langpack-is BuildRequires: gnupg2-smime %endif # endif fedora or el >= 9 -%if 0%{?fedora} || 0%{?rhel} >= 8 || ( 0%{?rhel} == 7 && ( "%{_arch}" == "ppc64le" || "%{_arch}" == "x86_64" ) ) +%if 0%{?fedora} || ( 0%{?rhel} >= 7 && ( "%{_arch}" == "ppc64le" || "%{_arch}" == "x86_64" ) ) BuildRequires: highlight %endif # endif fedora or el7+ (ppc64le/x86_64) -%if 0%{?fedora} >= 37 -BuildRequires: httpd-core -%else BuildRequires: httpd -%endif -# endif fedora >= 37 %if 0%{?fedora} && ! ( 0%{?fedora} >= 35 || "%{_arch}" == "i386" || "%{_arch}" == "s390x" ) BuildRequires: jgit %endif # endif fedora (except i386 and s390x) BuildRequires: mod_dav_svn -BuildRequires: openssh-clients +BuildRequires: openssh BuildRequires: perl(App::Prove) BuildRequires: perl(CGI) BuildRequires: perl(CGI::Carp) @@ -281,7 +254,6 @@ BuildRequires: subversion-perl BuildRequires: tar BuildRequires: time BuildRequires: zip -BuildRequires: zstd %endif # endif with tests @@ -293,6 +265,17 @@ Requires: perl(Term::ReadKey) # endif ! defined perl_bootstrap Requires: perl-Git = %{version}-%{release} +%if %{with emacs} && %{defined _emacs_version} +Requires: emacs-filesystem >= %{_emacs_version} +%endif +# endif with emacs && defined _emacs_version + +# Obsolete emacs-git if it's disabled +%if %{without emacs} +Obsoletes: emacs-git < %{?epoch:%{epoch}:}%{version}-%{release} +%endif +# endif without emacs + # Obsolete git-cvs if it's disabled %if %{without cvs} Obsoletes: git-cvs < %{?epoch:%{epoch}:}%{version}-%{release} @@ -397,7 +380,10 @@ Requires: perl(DBD::SQLite) %package daemon Summary: Git protocol daemon Requires: git-core = %{version}-%{release} -%{?systemd_requires} +Requires: systemd +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd %description daemon The git daemon for supporting git:// access to git repositories @@ -407,10 +393,7 @@ BuildArch: noarch Requires: git = %{version}-%{release} Requires: perl(Authen::SASL) Requires: perl(Cwd) -%if ! 0%{?rhel} -# RHEL lacks perl-Email-Valid (rhbz#2166718) Requires: perl(Email::Valid) -%endif Requires: perl(File::Spec) Requires: perl(File::Spec::Functions) Requires: perl(File::Temp) @@ -434,7 +417,7 @@ Summary: Git repository browser BuildArch: noarch Requires: git = %{version}-%{release} Requires: git-gui = %{version}-%{release} -Requires: tk +Requires: tk >= 8.4 %description -n gitk %{summary}. @@ -491,9 +474,7 @@ Requires: git = %{version}-%{release} Summary: Perl interface to Git BuildArch: noarch Requires: git = %{version}-%{release} -%if %{with perl_modcompat} Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) -%endif %description -n perl-Git %{summary}. @@ -501,15 +482,12 @@ Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $versi Summary: Perl interface to Git::SVN BuildArch: noarch Requires: git = %{version}-%{release} -%if %{with perl_modcompat} Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) -%endif %description -n perl-Git-SVN %{summary}. %package subtree Summary: Git tools to merge and split repositories -BuildArch: noarch Requires: git-core = %{version}-%{release} %description subtree Git subtrees allow subprojects to be included within a subdirectory @@ -533,15 +511,13 @@ Requires: subversion # Verify GPG signatures xz -dc '%{SOURCE0}' | %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data=- -%autosetup -p1 -n %{name}-%{real_version} +%autosetup -p1 -n %{name}-%{version}%{?rcrev} # Install print-failed-test-output script install -p -m 755 %{SOURCE99} print-failed-test-output -# Remove git-archimport -sed -i '/^SCRIPT_PERL += git-archimport\.perl$/d' Makefile +# Remove git-archimport from command list sed -i '/^git-archimport/d' command-list.txt -rm git-archimport.perl Documentation/git-archimport.adoc %if %{without cvs} # Remove git-cvs* from command list @@ -568,9 +544,6 @@ INSTALL_SYMLINKS = 1 GITWEB_PROJECTROOT = %{_localstatedir}/lib/git GNU_ROFF = 1 NO_PERL_CPAN_FALLBACKS = 1 -%if 0%{?rhel} && 0%{?rhel} < 8 -NO_UNCOMPRESS2 = 1 -%endif %if %{with python3} PYTHON_PATH = %{__python3} %else @@ -603,9 +576,6 @@ EOF %endif # endif ! defined perl_bootstrap -# Exclude sample hook files from automatic dependency detection -%global __requires_exclude_from ^%{_datadir}/git-core/templates/hooks/.*sample$ - # Remove Git::LoadCPAN to ensure we use only system perl modules. This also # allows the dependencies to be automatically processed by rpm. rm -rf perl/Git/LoadCPAN{.pm,/} @@ -617,7 +587,7 @@ sed -i 's@"++GITWEB_HOME_LINK_STR++"@$ENV{"SERVER_NAME"} ? "git://" . $ENV{"SERV # Move contrib/{contacts,subtree} docs to Documentation so they build with the # proper asciidoc/docbook/xmlto options -mv contrib/{contacts,subtree}/git-*.adoc Documentation/ +mv contrib/{contacts,subtree}/git-*.txt Documentation/ %build # Improve build reproducibility @@ -649,11 +619,31 @@ rm -rf contrib/fast-import/import-zips.py %endif # endif with python2 +# Use python3 to avoid an unnecessary python2 dependency, if possible. +%if %{with python3} +sed -i -e '1s@#!\( */usr/bin/env python\|%{__python2}\)$@#!%{__python3}@' \ + contrib/hg-to-git/hg-to-git.py +%endif +# endif with python3 + %install %make_install %{?with_docs:install-doc} %make_install -C contrib/contacts +%if %{with emacs} +%global elispdir %{_emacs_sitelispdir}/git +pushd contrib/emacs >/dev/null +for el in *.el ; do + # Note: No byte-compiling is done. These .el files are one-line stubs + # which only serve to point users to better alternatives. + install -Dpm 644 $el %{buildroot}%{elispdir}/$el + rm -f $el # clean up to avoid cruft in git-core-doc +done +popd >/dev/null +%endif +# endif with emacs + %if %{with libsecret} install -pm 755 contrib/credential/libsecret/git-credential-libsecret \ %{buildroot}%{gitexecdir} @@ -677,16 +667,12 @@ install -Dpm 0755 contrib/diff-highlight/diff-highlight \ %{buildroot}%{_datadir}/git-core/contrib/diff-highlight rm -rf contrib/diff-highlight/{Makefile,diff-highlight,*.perl,t} -# Remove contrib/persistent-https; a) this code requires compilation; and b) it -# is licensed differently than git -rm -rf contrib/persistent-https - -# Remove contrib/scalar to avoid cruft in the git-core-doc docdir -rm -rf contrib/scalar - # Clean up contrib/subtree to avoid cruft in the git-core-doc docdir rm -rf contrib/subtree/{INSTALL,Makefile,git-subtree*,t} +# git-archimport is not supported +find %{buildroot} Documentation -type f -name 'git-archimport*' -exec rm -f {} ';' + %if %{without cvs} # Remove git-cvs* and gitcvs* find %{buildroot} Documentation \( -type f -o -type l \) \ @@ -704,7 +690,7 @@ rm -f %{buildroot}%{gitexecdir}/mergetools/p4merge # Remove unneeded git-remote-testsvn so git-svn can be noarch rm -f %{buildroot}%{gitexecdir}/git-remote-testsvn -exclude_re="email|git-(citool|credential-libsecret|cvs|daemon|gui|instaweb|p4|subtree|svn)|gitk|gitweb|p4merge" +exclude_re="archimport|email|git-(citool|credential-libsecret|cvs|daemon|gui|instaweb|p4|subtree|svn)|gitk|gitweb|p4merge" (find %{buildroot}{%{_bindir},%{_libexecdir}} -type f -o -type l | grep -vE "$exclude_re" | sed -e s@^%{buildroot}@@) > bin-man-doc-files (find %{buildroot}{%{_bindir},%{_libexecdir}} -mindepth 1 -type d | grep -vE "$exclude_re" | sed -e 's@^%{buildroot}@%dir @') >> bin-man-doc-files (find %{buildroot}%{perl_vendorlib} -type f | sed -e s@^%{buildroot}@@) > perl-git-files @@ -727,14 +713,21 @@ perl -p \ %{SOURCE15} > %{buildroot}%{_unitdir}/git@.service # Setup bash completion -install -Dpm 644 contrib/completion/git-completion.bash %{buildroot}%{bash_completions_dir}/git -ln -s git %{buildroot}%{bash_completions_dir}/gitk +install -Dpm 644 contrib/completion/git-completion.bash %{buildroot}%{bashcompdir}/git +ln -s git %{buildroot}%{bashcompdir}/gitk # Install tcsh completion mkdir -p %{buildroot}%{_datadir}/git-core/contrib/completion install -pm 644 contrib/completion/git-completion.tcsh \ %{buildroot}%{_datadir}/git-core/contrib/completion/ +# Move contrib/hooks out of %%docdir +mkdir -p %{buildroot}%{_datadir}/git-core/contrib +mv contrib/hooks %{buildroot}%{_datadir}/git-core/contrib +pushd contrib > /dev/null +ln -s ../../../git-core/contrib/hooks +popd > /dev/null + # Install git-prompt.sh mkdir -p %{buildroot}%{_datadir}/git-core/contrib/completion install -pm 644 contrib/completion/git-prompt.sh \ @@ -777,7 +770,7 @@ grep -E "$not_core_re" bin-man-doc-files > bin-man-doc-git-files # contrib not_core_doc_re="(git-(cvs|gui|citool|daemon|instaweb|subtree))|p4|svn|email|gitk|gitweb" mkdir -p %{buildroot}%{_pkgdocdir}/ -cp -pr CODE_OF_CONDUCT.md README.md Documentation/*.adoc Documentation/RelNotes contrib %{buildroot}%{_pkgdocdir}/ +cp -pr CODE_OF_CONDUCT.md README.md Documentation/*.txt Documentation/RelNotes contrib %{buildroot}%{_pkgdocdir}/ # Remove contrib/ files/dirs which have nothing useful for documentation rm -rf %{buildroot}%{_pkgdocdir}/contrib/{contacts,credential}/ cp -p gitweb/INSTALL %{buildroot}%{_pkgdocdir}/INSTALL.gitweb @@ -816,70 +809,30 @@ find %{buildroot}%{_pkgdocdir} -name "*.html" -print0 | xargs -r0 linkchecker # endif with docs && with linkcheck # Tests to skip on all releases and architectures -# -# t5559-http-fetch-smart-http2 runs t5551-http-fetch-smart with -# HTTP_PROTO=HTTP/2. Unfortunately, it fails quite regularly. -# https://lore.kernel.org/git/Y4fUntdlc1mqwad5@pobox.com/ -GIT_SKIP_TESTS="t5559" - -%if 0%{?rhel} && 0%{?rhel} < 8 -# Skip tests which require mod_http2 on el7 -GIT_SKIP_TESTS="$GIT_SKIP_TESTS t5559" -%endif -# endif rhel < 8 +GIT_SKIP_TESTS="" %ifarch aarch64 %{arm} %{power64} # Skip tests which fail on aarch64, arm, and ppc # # The following 2 tests use run_with_limited_cmdline, which calls ulimit -s 128 # to limit the maximum stack size. -# t5541.36 'push 2000 tags over http' +# t5541.35 'push 2000 tags over http' # t5551.25 'clone the 2,000 tag repo to check OS command line overflow' -GIT_SKIP_TESTS="$GIT_SKIP_TESTS t5541.37 t5551.25" +GIT_SKIP_TESTS="$GIT_SKIP_TESTS t5541.35 t5551.25" %endif # endif aarch64 %%{arm} %%{power64} -%if 0%{?rhel} == 8 && "%{_arch}" == "s390x" -# Skip tests which fail on s390x on rhel-8 +%ifarch %{power64} +# Skip tests which fail on ppc # -# The following tests fail on s390x & el8. The cause should be investigated. -# However, it's a lower priority since the same tests work consistently on -# s390x with Fedora and RHEL-9. The failures seem to originate in t5300. -# -# t5300.10 'unpack without delta' -# t5300.12 'unpack with REF_DELTA' -# t5300.13 'unpack with REF_DELTA' -# t5300.14 'unpack with OFS_DELTA' -# t5300.18 'compare delta flavors' -# t5300.20 'use packed deltified (REF_DELTA) objects' -# t5300.23 'verify pack' -# t5300.24 'verify pack -v' -# t5300.25 'verify-pack catches mismatched .idx and .pack files' -# t5300.29 'verify-pack catches a corrupted sum of the index file itself' -# t5300.30 'build pack index for an existing pack' -# t5300.45 'make sure index-pack detects the SHA1 collision' -# t5300.46 'make sure index-pack detects the SHA1 collision (large blobs)' -# t5303.5 'create corruption in data of first object' -# t5303.7 '... and loose copy of second object allows for partial recovery' -# t5303.11 'create corruption in data of first delta' -# t6300.35 'basic atom: head objectsize:disk' -# t6300.91 'basic atom: tag objectsize:disk' -# t6300.92 'basic atom: tag *objectsize:disk' -GIT_SKIP_TESTS="$GIT_SKIP_TESTS t5300.1[02348] t5300.2[03459] t5300.30 t5300.4[56] t5303.[57] t5303.11 t6300.35 t6300.9[12]" +# t9115-git-svn-dcommit-funky-renames is disabled because it frequently fails. +# The port it uses (9115) is already in use. It is unclear if this is +# due to an issue in the test suite or a conflict with some other process on +# the build host. It only appears to occur on ppc-arches. +GIT_SKIP_TESTS="$GIT_SKIP_TESTS t9115" %endif -# endif rhel == 8 && arch == s390x +# endif %%{power64} -%if "%{_arch}" == "s390x" -# Skip tests which fail on s390x -# -# The following tests are failing on s390x. -# https://lore.kernel.org/git/4dc4c8cd-c0cc-4784-8fcf-defa3a051087@mit.edu/ -# -# t8020.16 'cross merge boundaries in blaming' -# t8020.19 'last-modified merge undoes changes' -GIT_SKIP_TESTS="$GIT_SKIP_TESTS t8020.16 t8020.19" -%endif -# endif "%{_arch}" == "s390x" export GIT_SKIP_TESTS # Set LANG so various UTF-8 tests are run @@ -896,14 +849,14 @@ export GIT_TEST_SVN_HTTPD=true # Create tmpdir for test output and update GIT_TEST_OPTS # Also update GIT-BUILD-OPTIONS to keep make from any needless rebuilding -export testdir=$(mktemp -d -p /tmp git-t.XXXX) +testdir=$(mktemp -d -p /tmp git-t.XXXX) sed -i "s@^GIT_TEST_OPTS = .*@& --root=$testdir@" config.mak touch -r GIT-BUILD-OPTIONS ts sed -i "s@\(GIT_TEST_OPTS='.*\)'@\1 --root=$testdir'@" GIT-BUILD-OPTIONS touch -r ts GIT-BUILD-OPTIONS # Run the tests -%__make -C t all || ./print-failed-test-output +%__make test || ./print-failed-test-output # Run contrib/credential/netrc tests mkdir -p contrib/credential @@ -924,7 +877,16 @@ rmdir --ignore-fail-on-non-empty "$testdir" %systemd_postun_with_restart git.socket %files -f bin-man-doc-git-files +%if %{with emacs} +%{elispdir} +%endif +# endif with emacs %{_datadir}/git-core/contrib/diff-highlight +%{_datadir}/git-core/contrib/hooks/update-paranoid +%{_datadir}/git-core/contrib/hooks/setgitperms.perl +%{_datadir}/git-core/templates/hooks/fsmonitor-watchman.sample +%{_datadir}/git-core/templates/hooks/pre-rebase.sample +%{_datadir}/git-core/templates/hooks/prepare-commit-msg.sample %files all # No files for you! @@ -936,7 +898,12 @@ rmdir --ignore-fail-on-non-empty "$testdir" %license COPYING # exclude is best way here because of troubles with symlinks inside git-core/ %exclude %{_datadir}/git-core/contrib/diff-highlight -%{bash_completions_dir}/git +%exclude %{_datadir}/git-core/contrib/hooks/update-paranoid +%exclude %{_datadir}/git-core/contrib/hooks/setgitperms.perl +%exclude %{_datadir}/git-core/templates/hooks/fsmonitor-watchman.sample +%exclude %{_datadir}/git-core/templates/hooks/pre-rebase.sample +%exclude %{_datadir}/git-core/templates/hooks/prepare-commit-msg.sample +%{bashcomproot} %{_datadir}/git-core/ %files core-doc -f man-doc-files-core @@ -945,6 +912,7 @@ rmdir --ignore-fail-on-non-empty "$testdir" %exclude %{_pkgdocdir}/contrib/*/*.py[co] %endif # endif rhel <= 7 +%{_pkgdocdir}/contrib/hooks %if %{with libsecret} %files credential-libsecret @@ -954,7 +922,7 @@ rmdir --ignore-fail-on-non-empty "$testdir" %if %{with cvs} %files cvs -%{_pkgdocdir}/*git-cvs*.adoc +%{_pkgdocdir}/*git-cvs*.txt %{_bindir}/git-cvsserver %{gitexecdir}/*cvs* %{?with_docs:%{_mandir}/man1/*cvs*.1*} @@ -963,31 +931,30 @@ rmdir --ignore-fail-on-non-empty "$testdir" # endif with cvs %files daemon -%{_pkgdocdir}/git-daemon*.adoc +%{_pkgdocdir}/git-daemon*.txt %{_unitdir}/git.socket -%config(noreplace) %{_unitdir}/git@.service +%{_unitdir}/git@.service %{gitexecdir}/git-daemon %{_localstatedir}/lib/git %{?with_docs:%{_mandir}/man1/git-daemon*.1*} %{?with_docs:%{_pkgdocdir}/git-daemon*.html} %files email -%{_pkgdocdir}/*email*.adoc +%{_pkgdocdir}/*email*.txt %{gitexecdir}/*email* %{?with_docs:%{_mandir}/man1/*email*.1*} %{?with_docs:%{_pkgdocdir}/*email*.html} %files -n gitk -%{_pkgdocdir}/*gitk*.adoc +%{_pkgdocdir}/*gitk*.txt %{_bindir}/*gitk* %{_datadir}/gitk -%{bash_completions_dir}/gitk %{?with_docs:%{_mandir}/man1/*gitk*.1*} %{?with_docs:%{_pkgdocdir}/*gitk*.html} %files -n gitweb %{_pkgdocdir}/*.gitweb -%{_pkgdocdir}/gitweb*.adoc +%{_pkgdocdir}/gitweb*.txt %{?with_docs:%{_mandir}/man1/gitweb.1*} %{?with_docs:%{_mandir}/man5/gitweb.conf.5*} %{?with_docs:%{_pkgdocdir}/gitweb*.html} @@ -1000,8 +967,8 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{gitexecdir}/git-citool %{_datadir}/applications/*git-gui.desktop %{_datadir}/git-gui/ -%{_pkgdocdir}/git-gui.adoc -%{_pkgdocdir}/git-citool.adoc +%{_pkgdocdir}/git-gui.txt +%{_pkgdocdir}/git-citool.txt %{?with_docs:%{_mandir}/man1/git-gui.1*} %{?with_docs:%{_pkgdocdir}/git-gui.html} %{?with_docs:%{_mandir}/man1/git-citool.1*} @@ -1009,7 +976,7 @@ rmdir --ignore-fail-on-non-empty "$testdir" %files instaweb %{gitexecdir}/git-instaweb -%{_pkgdocdir}/git-instaweb.adoc +%{_pkgdocdir}/git-instaweb.txt %{?with_docs:%{_mandir}/man1/git-instaweb.1*} %{?with_docs:%{_pkgdocdir}/git-instaweb.html} @@ -1017,7 +984,7 @@ rmdir --ignore-fail-on-non-empty "$testdir" %files p4 %{gitexecdir}/*p4* %{gitexecdir}/mergetools/p4merge -%{_pkgdocdir}/*p4*.adoc +%{_pkgdocdir}/*p4*.txt %{?with_docs:%{_mandir}/man1/*p4*.1*} %{?with_docs:%{_pkgdocdir}/*p4*.html} %endif @@ -1030,283 +997,19 @@ rmdir --ignore-fail-on-non-empty "$testdir" %files subtree %{gitexecdir}/git-subtree -%{_pkgdocdir}/git-subtree.adoc +%{_pkgdocdir}/git-subtree.txt %{?with_docs:%{_mandir}/man1/git-subtree.1*} %{?with_docs:%{_pkgdocdir}/git-subtree.html} %files svn %{gitexecdir}/git-svn -%{_pkgdocdir}/git-svn.adoc +%{_pkgdocdir}/git-svn.txt %{?with_docs:%{_mandir}/man1/git-svn.1*} %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog -* Thu Nov 20 2025 Ondřej Pohořelský - 2.52.0-1 -- update to 2.52.0 - -* Thu Oct 23 2025 Ondřej Pohořelský - 2.51.1-1 -- update to 2.51.1 - -* Sun Oct 12 2025 Yaakov Selkowitz - 2.51.0-3 -- Revbump for tcl/tk 9 - -* Thu Aug 21 2025 Ondřej Pohořelský - 2.51.0-2 -- exclude sample hook files from automatic dependency detection - -* Wed Aug 20 2025 Ondřej Pohořelský - 2.51.0-1 -- update to 2.51.0 - -* Wed Jul 23 2025 Fedora Release Engineering - 2.50.1-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild - -* Tue Jul 08 2025 Ondřej Pohořelský - 2.50.1-1 -- update to 2.50.1 - -* Mon Jun 23 2025 Ondřej Pohořelský - 2.50.0-1 -- update to 2.50.0 - -* Mon Mar 24 2025 Ondřej Pohořelský - 2.49.0-2 -- add the option to sanitize sideband channel messages - -* Mon Mar 17 2025 Ondřej Pohořelský - 2.49.0-1 -- update to 2.49.0 - -* Thu Feb 6 2025 Yanko Kaneti - 2.48.1-3 -- Keep gitk on tcl/tk 8.x until its ready for 9 - -* Thu Jan 16 2025 Fedora Release Engineering - 2.48.1-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild - -* Wed Jan 15 2025 Ondřej Pohořelský - 2.48.1-1 -- update to 2.48.1 - -* Mon Jan 13 2025 Ondřej Pohořelský - 2.48.0-1 -- update to 2.48.0 - -* Mon Nov 25 2024 Ondřej Pohořelský - 2.47.1-1 -- update to 2.47.1 - -* Tue Oct 08 2024 Ondřej Pohořelský - 2.47.0-1 -- update to 2.47.0 - -* Tue Sep 24 2024 Ondřej Pohořelský - 2.46.2-1 -- update to 2.46.2 - -* Mon Sep 16 2024 Ondřej Pohořelský - 2.46.1-1 -- update to 2.46.1 - -* Mon Aug 05 2024 Ondřej Pohořelský - 2.46.0-1 -- update to 2.46.0 - -* Thu Jul 18 2024 Fedora Release Engineering - 2.45.2-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild - -* Mon Jun 03 2024 Ondřej Pohořelský - 2.45.2-2 -- add glibc-utils BuildRequires - -* Mon Jun 03 2024 Ondřej Pohořelský - 2.45.2-1 -- update to 2.45.2 - -* Wed May 15 2024 Ondřej Pohořelský - 2.45.1-1 -- update to 2.45.1 - -* Tue Apr 30 2024 Ondřej Pohořelský - 2.45.0-1 -- update to 2.45.0 - -* Mon Feb 26 2024 Ondřej Pohořelský - 2.44.0-1 -- update to 2.44.0 - -* Thu Feb 15 2024 Ondřej Pohořelský - 2.43.2-1 -- update to 2.43.2 -- Resolves: #2264318 - -* Mon Feb 12 2024 Ondřej Pohořelský - 2.43.1-1 -- update to 2.43.1 -- resolves: #2263575 - -* Wed Jan 24 2024 Fedora Release Engineering - 2.43.0-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild - -* Fri Jan 19 2024 Fedora Release Engineering - 2.43.0-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild - -* Tue Nov 21 2023 Ondřej Pohořelský - 2.43.0-1 -- update to 2.43.0 - -* Tue Nov 14 2023 Ondřej Pohořelský - 2.42.1-1 -- update to 2.42.1 - -* Wed Nov 1 2023 Joe Orton - 2.42.0-2 -- remove explicit BR for apr-util-bdb (#2247532) - -* Tue Oct 03 2023 Ondřej Pohořelský - 2.42.0-1 -- update to 2.42.0 - -* Wed Jul 19 2023 Fedora Release Engineering - 2.41.0-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild - -* Thu Jun 01 2023 Todd Zullinger - 2.41.0-1 -- update to 2.41.0 - -* Wed May 24 2023 Todd Zullinger - 2.41.0~rc2-1 -- update to 2.41.0-rc2 - -* Fri May 19 2023 Todd Zullinger - 2.41.0~rc1-1 -- update to 2.41.0-rc1 - -* Mon May 15 2023 Todd Zullinger - 2.41.0~rc0-1 -- update to 2.41.0-rc0 - -* Fri May 12 2023 Todd Zullinger - 2.40.1-2 -- use tilde versioning for release candidates - -* Tue Apr 25 2023 Todd Zullinger - 2.40.1-1 -- update to 2.40.1 (CVE-2023-25652, CVE-2023-25815, CVE-2023-29007) - -* Mon Mar 13 2023 Todd Zullinger - 2.40.0-1 -- update to 2.40.0 - -* Tue Mar 07 2023 Todd Zullinger - 2.40.0-0.2.rc2 -- update to 2.40.0-rc2 - -* Wed Mar 01 2023 Todd Zullinger - 2.40.0-0.1.rc1 -- update to 2.40.0-rc1 - -* Fri Feb 24 2023 Todd Zullinger - 2.40.0-0.0.rc0 -- update to 2.40.0-rc0 - -* Tue Feb 14 2023 Todd Zullinger - 2.39.2-1 -- update to 2.39.2 (CVE-2023-22490, CVE-2023-23946) - -* Fri Feb 03 2023 Todd Zullinger - 2.39.1-2 -- drop perl Email::Valid dep on RHEL (#2166718) - -* Thu Jan 19 2023 Fedora Release Engineering - 2.39.1-1.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild - -* Tue Jan 17 2023 Todd Zullinger - 2.39.1-1 -- update to 2.39.1 (CVE-2022-41903, CVE-2022-23521) - -* Mon Dec 12 2022 Todd Zullinger - 2.39.0-1 -- update to 2.39.0 - -* Mon Dec 05 2022 Todd Zullinger - 2.39.0-0.2.rc2 -- update to 2.39.0-rc2 - -* Wed Nov 30 2022 Todd Zullinger - 2.39.0-0.1.rc1 -- update to 2.39.0-rc1 - -* Wed Nov 23 2022 Todd Zullinger - 2.39.0-0.0.rc0 -- update to 2.39.0-rc0 -- add mod_http2 BuildRequires for tests - -* Sat Nov 12 2022 Todd Zullinger - 2.38.1-3 -- use %%bash_completions_dir - -* Mon Nov 07 2022 Todd Zullinger - 2.38.1-2 -- don't ship contrib/persistent-https as documentation -- update license data and convert to SPDX format - -* Tue Oct 18 2022 Todd Zullinger - 2.38.1-1 -- update to 2.38.1 (CVE-2022-39253, CVE-2022-39260) - -* Mon Oct 03 2022 Todd Zullinger - 2.38.0-1 -- update to 2.38.0 - -* Wed Sep 28 2022 Todd Zullinger - 2.38.0-0.2.rc2 -- update to 2.38.0-rc2 - -* Wed Sep 21 2022 Todd Zullinger - 2.38.0-0.1.rc1 -- update to 2.38.0-rc1 -- git-subtree sub-package is noarch - -* Fri Sep 16 2022 Todd Zullinger - 2.38.0-0.0.rc0 -- update to 2.38.0-rc0 - -* Tue Aug 30 2022 Todd Zullinger - 2.37.3-1 -- update to 2.37.3 -- remove %%changelog entries prior to 2020 -- tests: try harder to find open ports for apache, git, and svn - -* Sun Aug 14 2022 Todd Zullinger - 2.37.2-2 -- consolidate git-archimport removal in %%prep - -* Thu Aug 11 2022 Todd Zullinger - 2.37.2-1 -- update to 2.37.2 - -* Sat Jul 23 2022 Todd Zullinger - 2.37.1-2 -- require systemd-rpm-macros rather than systemd - -* Thu Jul 21 2022 Fedora Release Engineering - 2.37.1-1.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild - -* Tue Jul 12 2022 Todd Zullinger - 2.37.1-1 -- update to 2.37.1 (CVE-2022-29187) - -* Mon Jun 27 2022 Todd Zullinger - 2.37.0-1 -- update to 2.37.0 - -* Wed Jun 22 2022 Todd Zullinger - 2.37.0-0.2.rc2 -- update to 2.37.0-rc2 - -* Fri Jun 17 2022 Todd Zullinger - 2.37.0-0.1.rc1 -- update to 2.37.0-rc1 - -* Tue Jun 14 2022 Todd Zullinger - 2.37.0-0.0.rc0 -- update to 2.37.0-rc0 -- fix GIT_SKIP_TESTS for EL8 s390x -- remove --with/--without emacs build conditional - -* Fri Jun 03 2022 Jitka Plesnikova - 2.36.1-1.2 -- Perl 5.36 re-rebuild of bootstrapped packages - -* Wed Jun 01 2022 Jitka Plesnikova - 2.36.1-1.1 -- Perl 5.36 rebuild - -* Fri May 06 2022 Todd Zullinger - 2.36.1-1 -- update to 2.36.1 - -* Mon Apr 18 2022 Todd Zullinger - 2.36.0-1 -- update to 2.36.0 - -* Thu Apr 14 2022 Todd Zullinger - 2.36.0-0.3.rc2 -- usability improvements on top of CVE-2022-24765 - -* Wed Apr 13 2022 Todd Zullinger - 2.36.0-0.2.rc2 -- update to 2.36.0-rc2 (CVE-2022-24765) -- disable failing tests on s390x on EL8 - -* Fri Apr 08 2022 Todd Zullinger - 2.36.0-0.1.rc1 -- update to 2.36.0-rc1 - -* Tue Apr 05 2022 Todd Zullinger - 2.36.0-0.0.rc0 -- update to 2.36.0-rc0 -- use httpd-core for tests on Fedora >= 37 - -* Sat Jan 29 2022 Todd Zullinger - 2.35.1-1 -- update to 2.35.1 - -* Mon Jan 24 2022 Todd Zullinger - 2.35.0-1 -- update to 2.35.0 -- set path to linker script in %%_package_note_file - -* Sat Jan 22 2022 Todd Zullinger - 2.35.0-0.2.rc2.3 -- remove contrib/scalar to avoid cruft in git-core-doc - -* Fri Jan 21 2022 Todd Zullinger - 2.35.0-0.2.rc2.2 -- fix compilation on EL7 - -* Thu Jan 20 2022 Todd Zullinger - 2.35.0-0.2.rc2.1 -- checkout: avoid BUG() when hitting a broken repository (rhbz#2042920) - -* Wed Jan 19 2022 Todd Zullinger - 2.35.0-0.2.rc2 -- update to 2.35.0-rc2 - -* Sat Jan 15 2022 Todd Zullinger - 2.35.0-0.1.rc1 -- update to 2.35.0-rc1 - -* Mon Jan 10 2022 Todd Zullinger - 2.35.0-0.0.rc0 -- update to 2.35.0-rc0 +* Mon Apr 18 2022 Todd Zullinger - 2.34.3-1 +- update to 2.34.3 (#2073414, CVE-2022-24765) * Thu Nov 25 2021 Todd Zullinger - 2.34.1-1 - update to 2.34.1 @@ -1387,14 +1090,8 @@ rmdir --ignore-fail-on-non-empty "$testdir" * Mon Mar 15 2021 Todd Zullinger - 2.31.0-1 - update to 2.31.0 -* Tue Mar 09 2021 Todd Zullinger - 2.31.0-0.2.rc2 -- update to 2.31.0-rc2 - -* Wed Mar 03 2021 Todd Zullinger - 2.31.0-0.1.rc1 -- update to 2.31.0-rc1 - -* Tue Mar 02 2021 Todd Zullinger - 2.31.0-0.0.rc0 -- update to 2.31.0-rc0 +* Tue Mar 09 2021 Todd Zullinger - 2.30.2-1 +- update to 2.30.2 (CVE-2021-21300) * Tue Mar 02 2021 Todd Zullinger - 2.30.1-3 - use %%{gpgverify} macro to verify tarball signature @@ -1417,3 +1114,252 @@ rmdir --ignore-fail-on-non-empty "$testdir" * Tue Jan 26 2021 Fedora Release Engineering - 2.30.0-1.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Mon Dec 28 2020 Todd Zullinger - 2.30.0-1 +- update to 2.30.0 + +* Wed Dec 23 2020 Todd Zullinger - 2.30.0-0.2.rc2 +- update to 2.30.0-rc2 + +* Sat Dec 19 2020 Todd Zullinger - 2.30.0-0.1.rc1 +- update to 2.30.0-rc1 + +* Mon Dec 14 2020 Todd Zullinger - 2.30.0-0.0.rc0 +- update to 2.30.0-rc0 + +* Sun Dec 06 2020 Todd Zullinger - 2.29.2-4 +- move git-difftool to git-core, it does not require perl + +* Wed Nov 25 2020 Todd Zullinger - 2.29.2-3 +- apply upstream patch to resolve git fast-import memory leak (#1900335) +- add epel-rpm-macros BuildRequires on EL-7 (#1872865) + +* Sat Nov 07 2020 Todd Zullinger - 2.29.2-2 +- apply upstream patch to resolve git log segfault (#1791810) + +* Thu Oct 29 2020 Todd Zullinger - 2.29.2-1 +- update to 2.29.2 + +* Sat Oct 24 2020 Todd Zullinger - 2.29.1-1 +- update to 2.29.1 +- fix bugs in am/rebase handling of committer ident/date + +* Mon Oct 19 2020 Todd Zullinger - 2.29.0-1 +- update to 2.29.0 + +* Thu Oct 15 2020 Todd Zullinger - 2.29.0-0.2.rc2 +- update to 2.29.0-rc2 + +* Fri Oct 09 2020 Todd Zullinger - 2.29.0-0.1.rc1 +- update to 2.29.0-rc1 +- drop emacs-git stub for fedora >= 34 (#1882360) +- adjust python hashbang in contrib/hg-to-git, it supports python3 + +* Mon Oct 05 2020 Todd Zullinger - 2.29.0-0.0.rc0 +- update to 2.29.0-rc0 + +* Mon Jul 27 2020 Todd Zullinger - 2.28.0-1 +- update to 2.28.0 + +* Mon Jul 27 2020 Fedora Release Engineering - 2.28.0-0.3.rc2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Wed Jul 22 2020 Todd Zullinger - 2.28.0-0.2.rc2 +- update to 2.28.0-rc2 + +* Sat Jul 18 2020 Todd Zullinger - 2.28.0-0.1.rc1 +- update to 2.28.0-rc1 + +* Thu Jul 09 2020 Todd Zullinger - 2.28.0-0.0.rc0 +- update to 2.28.0-rc0 + +* Fri Jun 26 2020 Jitka Plesnikova - 2.27.0-1.2 +- Perl 5.32 re-rebuild of bootstrapped packages + +* Tue Jun 23 2020 Jitka Plesnikova - 2.27.0-1.1 +- Perl 5.32 rebuild + +* Mon Jun 01 2020 Todd Zullinger - 2.27.0-1 +- update to 2.27.0 + +* Tue May 26 2020 Todd Zullinger - 2.27.0-0.2.rc2 +- update to 2.27.0-rc2 + +* Thu May 21 2020 Todd Zullinger - 2.27.0-0.1.rc1 +- update to 2.27.0-rc1 + +* Thu May 21 2020 Merlin Mathesius - 2.26.2-2 +- Minor conditional fixes for ELN + +* Mon Apr 20 2020 Todd Zullinger - 2.26.2-1 +- update to 2.26.2 (CVE-2020-11008) + +* Tue Apr 14 2020 Todd Zullinger - 2.26.1-1 +- update to 2.26.1 (CVE-2020-5260) + +* Sat Apr 04 2020 Todd Zullinger - 2.26.0-2 +- fix issue with fast-forward rebases when rebase.abbreviateCommands is set +- fix/quiet rpmlint issues from libsecret split + +* Thu Apr 02 2020 Björn Esser - 2.26.0-1.1 +- Fix string quoting for rpm >= 4.16 + +* Sun Mar 22 2020 Todd Zullinger - 2.26.0-1 +- update to 2.26.0 + +* Mon Mar 16 2020 Todd Zullinger - 2.26.0-0.3.rc2 +- update to 2.26.0-rc2 + +* Thu Mar 12 2020 Todd Zullinger - 2.26.0-0.2.rc1 +- remove s390x gcc10 workaround (#1799408) + +* Tue Mar 10 2020 Todd Zullinger - 2.26.0-0.1.rc1 +- update to 2.26.0-rc1 +- adjust make test options +- add missing build deps for tests + +* Fri Mar 06 2020 Todd Zullinger - 2.26.0-0.0.rc0 +- update to 2.26.0-rc0 + +* Wed Feb 26 2020 Todd Zullinger - 2.25.1-4 +- use Asciidoctor to build documentation when possible + +* Sat Feb 22 2020 Todd Zullinger - 2.25.1-3 +- work around issue on s390x with gcc10 (#1799408) + +* Wed Feb 19 2020 Todd Zullinger - 2.25.1-2 +- split libsecret credential helper into a subpackage (#1804741) +- consolidate macros for Fedora/EPEL +- remove unneeded gnome-keyring obsoletes + +* Mon Feb 17 2020 Todd Zullinger - 2.25.1-1 +- update to 2.25.1 + +* Tue Jan 28 2020 Fedora Release Engineering - 2.25.0-2.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Tue Jan 14 2020 Tom Stellard - 2.25.0-2 +- Use make_build macro when running tests + +* Tue Jan 14 2020 Todd Zullinger - 2.25.0-1 +- update to 2.25.0 + +* Thu Jan 09 2020 Todd Zullinger - 2.25.0-0.2.rc2 +- update to 2.25.0-rc2 + +* Fri Jan 03 2020 Todd Zullinger - 2.25.0-0.1.rc1 +- update to 2.25.0-rc1 +- only add highlight test BR for ppc64le/x86_64 on EL7+ + +* Wed Dec 25 2019 Todd Zullinger - 2.25.0-0.0.rc0 +- update to 2.25.0-rc0 + +* Thu Dec 19 2019 Todd Zullinger - 2.24.1-2 +- fix git-daemon systemd scriptlets (#1785088) + +* Tue Dec 10 2019 Todd Zullinger - 2.24.1-1 +- update to 2.24.1 (CVE-2019-1348, CVE-2019-1349, CVE-2019-1350, CVE-2019-1351, + CVE-2019-1352, CVE-2019-1353, CVE-2019-1354, and CVE-2019-1387) + +* Wed Dec 04 2019 Todd Zullinger - 2.24.0-2 +- restore jgit BR for use in tests + +* Mon Nov 04 2019 Todd Zullinger - 2.24.0-1 +- update to 2.24.0 + +* Thu Oct 31 2019 Todd Zullinger - 2.24.0-0.2.rc2 +- update to 2.24.0-rc2 + +* Sun Oct 27 2019 Todd Zullinger - 2.24.0-0.1.rc1.1 +- disable linkchecker on all EL releases + +* Thu Oct 24 2019 Todd Zullinger - 2.24.0-0.1.rc1 +- update to 2.24.0-rc1 +- skip failing test in t7812-grep-icase-non-ascii on s390x +- gitk: add Requires: git-gui (#1765113) + +* Sat Oct 19 2019 Todd Zullinger - 2.24.0-0.0.rc0 +- update to 2.24.0-rc0 +- fix t0500-progress-display on big-endian arches + +* Fri Aug 16 2019 Todd Zullinger - 2.23.0-1 +- Update to 2.23.0 + +* Sun Aug 11 2019 Todd Zullinger - 2.23.0-0.2.rc2 +- Update to 2.23.0-rc2 + +* Fri Aug 02 2019 Todd Zullinger - 2.23.0-0.1.rc1 +- Update to 2.23.0-rc1 + +* Mon Jul 29 2019 Todd Zullinger - 2.23.0-0.0.rc0 +- Update to 2.23.0-rc0 + +* Thu Jul 25 2019 Todd Zullinger - 2.22.0-2 +- completion: do not cache if --git-completion-helper fails +- avoid trailing comments in spec file +- drop jgit on Fedora > 30 + +* Thu Jul 25 2019 Fedora Release Engineering - 2.22.0-1.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Fri Jun 07 2019 Todd Zullinger - 2.22.0-1 +- Update to 2.22.0 + +* Tue Jun 04 2019 Jitka Plesnikova - 2.22.0-0.7.rc3 +- Perl 5.30 re-rebuild updated packages + +* Mon Jun 03 2019 Todd Zullinger - 2.22.0-0.6.rc3 +- Update to 2.22.0-rc3 + +* Sun Jun 02 2019 Jitka Plesnikova - 2.22.0-0.5.rc2 +- Perl 5.30 re-rebuild of bootstrapped packages + +* Sat Jun 01 2019 Jitka Plesnikova - 2.22.0-0.4.rc2 +- Perl 5.30 rebuild + +* Thu May 30 2019 Todd Zullinger - 2.22.0-0.3.rc2 +- Update to 2.22.0-rc1 + +* Fri May 24 2019 Todd Zullinger - 2.22.0-0.2.rc1 +- Apply upstream fixes for diff-parseopt issues on s390x + +* Sun May 19 2019 Todd Zullinger - 2.22.0-0.1.rc1 +- Update to 2.22.0-rc1 + +* Mon May 13 2019 Todd Zullinger - 2.22.0-0.0.rc0 +- Update to 2.22.0-rc0 +- Ensure a consistent format for test output +- Improve JGIT test prereq (jgit on Fedora >= 30 is broken) +- Add perl(JSON::PP) BuildRequires for trace2 tests + +* Sun Feb 24 2019 Todd Zullinger - 2.21.0-1 +- Update to 2.21.0 +- Move gitweb manpages to gitweb package +- Link git-citool to git-gui if they are identical + +* Tue Feb 19 2019 Todd Zullinger - 2.21.0-0.2.rc2 +- Update to 2.21.0.rc2 + +* Fri Feb 15 2019 Todd Zullinger +- Set SOURCE_DATE_EPOCH and TZ to improve build reproducibility + +* Wed Feb 13 2019 Todd Zullinger - 2.21.0-0.1.rc1 +- Update to 2.21.0.rc1 + +* Thu Feb 07 2019 Todd Zullinger - 2.21.0-0.0.rc0 +- Update to 2.21.0.rc0 +- Remove %%changelog entries prior to 2017 + +* Thu Jan 31 2019 Todd Zullinger - 2.20.1-2 +- Remove extraneous pcre BuildRequires +- Add additional BuildRequires for i18n locales used in tests +- Replace gitweb home-link with inline sed +- Add gnupg2-smime and perl JSON BuildRequires for tests +- Work around gpg-agent issues in the test suite +- Drop gnupg BuildRequires on fedora >= 30 +- Fix formatting of contrib/{contacts,subtree} docs +- Use %%{build_cflags} and %%{build_ldflags} +- Drop unneeded TEST_SHELL_PATH make variable + +* Thu Jan 31 2019 Fedora Release Engineering - 2.20.1-1.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild diff --git a/print-failed-test-output b/print-failed-test-output index 4e65662..d0d63aa 100644 --- a/print-failed-test-output +++ b/print-failed-test-output @@ -10,17 +10,4 @@ for exit_file in t/test-results/*.exit; do printf '\n%s\n%s\n%s\n' "$sep" "$out_file" "$sep" cat "$out_file" done - -# tar up test-results & $testdir, then print base64 encoded output -# -# copy $testdir contents to test-results to avoid absolute paths with tar -cp -a $testdir/* t/test-results/ -begin='-----BEGIN BASE64 MESSAGE-----' -end='-----END BASE64 MESSAGE-----' -printf '\n%s\n' 'test-results and trash directory output follows; decode via:' -printf '%s\n' "sed -n '/^${begin}$/,/^${end}$/{/^${begin}$/!{/^${end}$/!p}}' build.log | base64 -d >output.tar.zst" -printf '%s\n' "$begin" -tar -C t -cf - test-results/ | zstdmt -17 | base64 -printf '%s\n' "$end" - exit 1 diff --git a/sources b/sources index 4a04f56..a7aaf3b 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.52.0.tar.xz) = 965e5ebb72d1f080d64e34bdb75f0bb1689c9dd41dcf63b020d986bad49808ac09bfb1115962bc0c5b95bac8622367ac4cd09aa89266f73d2137fe94c90dd3ed -SHA512 (git-2.52.0.tar.sign) = a5a68ce131a5763650c477ec01a4de958dd6a946bdea0f613e26bdab41d2df6b3ca63f9028bbe603bf0c834bd415c86e6c616b1ff08cc48aa7c3c61a37b24b74 +SHA512 (git-2.34.3.tar.xz) = 6bf06b11257bdea48bf37e83c16a805a603c3712c08bd771fb08e09c4d26b53e949249ebbf5e6a58b36a16e2defd1ac09c54312669bd4a5a7d48efb4ec15f59a +SHA512 (git-2.34.3.tar.sign) = 618501c751380c0e918ff6cb8d2ab40ebb95666c28f299916b1b89782b9c3028d1d87e7a0e4f8bb71b7e5488c3bd0c6528f93eeb3e04b42d922dd9d4ee420902