diff --git a/.cvsignore b/.cvsignore deleted file mode 100644 index c591405..0000000 --- a/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -git-core-0.99.4.tar.gz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..adcc250 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +git-1.5.4.7.tar.gz diff --git a/Makefile b/Makefile deleted file mode 100644 index 2921301..0000000 --- a/Makefile +++ /dev/null @@ -1,21 +0,0 @@ -# Makefile for source rpm: git-core -# $Id$ -NAME := git-core -SPECFILE = $(firstword $(wildcard *.spec)) - -define find-makefile-common -for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done -endef - -MAKEFILE_COMMON := $(shell $(find-makefile-common)) - -ifeq ($(MAKEFILE_COMMON),) -# attept a checkout -define checkout-makefile-common -test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2 -endef - -MAKEFILE_COMMON := $(shell $(checkout-makefile-common)) -endif - -include $(MAKEFILE_COMMON) diff --git a/git-1.5-gitweb-home-link.patch b/git-1.5-gitweb-home-link.patch new file mode 100644 index 0000000..cd36563 --- /dev/null +++ b/git-1.5-gitweb-home-link.patch @@ -0,0 +1,11 @@ +--- git-1.5.0.6/gitweb/gitweb.perl~ 2007-03-30 01:37:05.000000000 +0100 ++++ git-1.5.0.6/gitweb/gitweb.perl 2007-05-07 08:31:37.000000000 +0100 +@@ -39,7 +39,7 @@ our $projectroot = "++GITWEB_PROJECTROOT + our $home_link = $my_uri || "/"; + + # string of the home link on top of all pages +-our $home_link_str = "++GITWEB_HOME_LINK_STR++"; ++our $home_link_str = $ENV{'SERVER_NAME'} ? "git://" . $ENV{'SERVER_NAME'} : "projects"; + + # name of your site or organization to appear in page titles + # replace this with something more descriptive for clearer bookmarks diff --git a/git-1.5.4.7-daemon-extra-args.patch b/git-1.5.4.7-daemon-extra-args.patch new file mode 100644 index 0000000..1960741 --- /dev/null +++ b/git-1.5.4.7-daemon-extra-args.patch @@ -0,0 +1,114 @@ +From 96c61f0fa25770a4b6f92243ee2b3ee2769f7f00 Mon Sep 17 00:00:00 2001 +From: Shawn O. Pearce +Date: Thu, 4 Jun 2009 18:33:32 -0700 +Subject: [PATCH] daemon: Strictly parse the "extra arg" part of the command + +This is a backport of upstream commit 73bb33a. + +Since 1.4.4.5 (49ba83fb67 "Add virtualization support to git-daemon") +git daemon enters an infinite loop and never terminates if a client +hides any extra arguments in the initial request line which is not +exactly "\0host=blah\0". + +Since that change, a client must never insert additional extra +arguments, or attempt to use any argument other than "host=", as +any daemon will get stuck parsing the request line and will never +complete the request. + +Since the client can't tell if the daemon is patched or not, it +is not possible to know if additional extra args might actually be +able to be safely requested. + +If we ever need to extend the git daemon protocol to support a new +feature, we may have to do something like this to the exchange: + + # If both support git:// v2 + # + C: 000cgit://v2 + S: 0010ok host user + C: 0018host git.kernel.org + C: 0027git-upload-pack /pub/linux-2.6.git + S: ...git-upload-pack header... + + # If client supports git:// v2, server does not: + # + C: 000cgit://v2 + S: + + C: 003bgit-upload-pack /pub/linux-2.6.git\0host=git.kernel.org\0 + S: ...git-upload-pack header... + +This requires the client to create two TCP connections to talk to +an older git daemon, however all daemons since the introduction of +daemon.c will safely reject the unknown "git://v2" command request, +so the client can quite easily determine the server supports an +older protocol. + +Signed-off-by: Shawn O. Pearce +Signed-off-by: Junio C Hamano +--- + connect.c | 5 ++++- + daemon.c | 11 ++++++----- + 2 files changed, 10 insertions(+), 6 deletions(-) + +diff --git a/connect.c b/connect.c +index 71597d4..b7bc917 100644 +--- a/connect.c ++++ b/connect.c +@@ -569,7 +569,10 @@ struct child_process *git_connect(int fd[2], const char *url_orig, + git_tcp_connect(fd, host, flags); + /* + * Separate original protocol components prog and path +- * from extended components with a NUL byte. ++ * from extended host header with a NUL byte. ++ * ++ * Note: Do not add any other headers here! Doing so ++ * will cause older git-daemon servers to crash. + */ + packet_write(fd[1], + "%s %s%chost=%s%c", +diff --git a/daemon.c b/daemon.c +index 2b4a6f1..5566a6f 100644 +--- a/daemon.c ++++ b/daemon.c +@@ -431,16 +431,15 @@ static void make_service_overridable(const char *name, int ena) + } + + /* +- * Separate the "extra args" information as supplied by the client connection. +- * Any resulting data is squirreled away in the given interpolation table. ++ * Read the host as supplied by the client connection. + */ +-static void parse_extra_args(struct interp *table, char *extra_args, int buflen) ++static void parse_host_arg(struct interp *table, char *extra_args, int buflen) + { + char *val; + int vallen; + char *end = extra_args + buflen; + +- while (extra_args < end && *extra_args) { ++ if (extra_args < end && *extra_args) { + saw_extended_args = 1; + if (strncasecmp("host=", extra_args, 5) == 0) { + val = extra_args + 5; +@@ -460,6 +459,8 @@ static void parse_extra_args(struct interp *table, char *extra_args, int buflen) + /* On to the next one */ + extra_args = val + vallen; + } ++ if (extra_args < end && *extra_args) ++ die("Invalid request"); + } + } + +@@ -579,7 +580,7 @@ static int execute(struct sockaddr *addr) + interp_set_entry(interp_table, INTERP_SLOT_PERCENT, "%"); + + if (len != pktlen) { +- parse_extra_args(interp_table, line + len + 1, pktlen - len - 1); ++ parse_host_arg(interp_table, line + len + 1, pktlen - len - 1); + fill_in_extra_table_entries(interp_table); + } + +-- +1.6.3.2 + diff --git a/git-core.spec b/git-core.spec deleted file mode 100644 index 4e8c33a..0000000 --- a/git-core.spec +++ /dev/null @@ -1,68 +0,0 @@ -# Pass --without docs to rpmbuild if you don't want the documetnation -Name: git-core -Version: 0.99.4 -Release: 4%{?dist} -Summary: Git core and tools -License: GPL -Group: Development/Tools -URL: http://kernel.org/pub/software/scm/git/ -Source: http://kernel.org/pub/software/scm/git/%{name}-%{version}.tar.gz -BuildRequires: zlib-devel, openssl-devel, curl-devel %{!?_without_docs:, xmlto, asciidoc > 6.0.3} -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -Requires: rsync, rcs, curl - -%description -This is a stupid (but extremely fast) directory content manager. It -doesn't do a whole lot, but what it _does_ do is track directory -contents efficiently. It is intended to be the base of an efficient, -distributed source code management system. This package includes -rudimentary tools that can be used as a SCM, but you should look -elsewhere for tools for ordinary humans layered on top of this. - -%prep -%setup -q - -%build -make COPTS="$RPM_OPT_FLAGS" prefix=%{_prefix} all %{!?_without_docs: doc} -make COPTS="$RPM_OPT_FLAGS" -C tools all - -%install -rm -rf $RPM_BUILD_ROOT -make dest=$RPM_BUILD_ROOT prefix=%{_prefix} mandir=%{_mandir} \ - install install-tools %{!?_without_docs: install-doc} - -%clean -rm -rf $RPM_BUILD_ROOT - -%files -%defattr(-,root,root) -%{_bindir}/* -%{_datadir}/git-core/ -%doc README COPYING Documentation/*.txt -%{!?_without_docs: %doc Documentation/*.html } -%{!?_without_docs: %{_mandir}/man1/*.1.gz} -%{!?_without_docs: %{_mandir}/man7/*.7.gz} - -%changelog -* Thu Aug 18 2005 Chris Wright 0.99.4-4 -- drop sh_utils, sh-utils, diffutils, mktemp, and openssl Requires -- use RPM_OPT_FLAGS in spec file, drop patch0 - -* Wed Aug 17 2005 Tom "spot" Callaway 0.99.4-3 -- use dist tag to differentiate between branches -- use rpm optflags by default (patch0) -- own %{_datadir}/git-core/ - -* Mon Aug 15 2005 Chris Wright -- update spec file to fix Buildroot, Requires, and drop Vendor - -* Sun Aug 07 2005 Horst H. von Brand -- Redid the description -- Cut overlong make line, loosened changelog a bit -- I think Junio (or perhaps OSDL?) should be vendor... - -* Thu Jul 14 2005 Eric Biederman -- Add the man pages, and the --without docs build option - -* Wed Jul 7 2005 Chris Wright -- initial git spec file diff --git a/git.conf.httpd b/git.conf.httpd new file mode 100644 index 0000000..3611943 --- /dev/null +++ b/git.conf.httpd @@ -0,0 +1,6 @@ +Alias /git /var/www/git + + + Options +ExecCGI + AddHandler cgi-script .cgi + diff --git a/git.spec b/git.spec new file mode 100644 index 0000000..f554b95 --- /dev/null +++ b/git.spec @@ -0,0 +1,388 @@ +# Pass --without docs to rpmbuild if you don't want the documentation +Name: git +Version: 1.5.4.7 +Release: 3%{?dist} +Summary: Git core and tools +License: GPL +Group: Development/Tools +URL: http://kernel.org/pub/software/scm/git/ +Source: http://kernel.org/pub/software/scm/git/%{name}-%{version}.tar.gz +Source1: git.xinetd +Source2: git.conf.httpd +Patch0: git-1.5-gitweb-home-link.patch +Patch1: gitweb-CVE-2008-5516.patch +Patch2: gitweb-CVE-2008-5517.patch +Patch3: git-1.5.4.7-daemon-extra-args.patch +BuildRequires: perl, zlib-devel >= 1.2, openssl-devel, curl-devel, expat-devel, gettext %{!?_without_docs:, xmlto, asciidoc > 6.0.3} +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +Requires: git-core, git-svn, git-cvs, git-email, gitk, git-gui, perl-Git + +%description +Git is a fast, scalable, distributed revision control system with an +unusually rich command set that provides both high-level operations +and full access to internals. + +This is a dummy package which brings in all subpackages. + +%package core +Summary: Core git tools +Group: Development/Tools +Requires: zlib >= 1.2, rsync, curl, less, openssh-clients, expat +%description core +Git is a fast, scalable, distributed revision control system with an +unusually rich command set that provides both high-level operations +and full access to internals. + +These are the core tools with minimal dependencies. + +%package daemon +Summary: Git protocol daemon +Group: Development/Tools +Requires: git-core = %{version}-%{release} +%description daemon +The git dæmon for supporting git:// access to git repositories + +%package -n gitweb +Summary: Simple web interface to git repositories +Group: Development/Tools +Requires: git-core = %{version}-%{release} +%description -n gitweb +Simple web interface to track changes in git repositories + +%package svn +Summary: Git tools for importing Subversion repositories +Group: Development/Tools +Requires: git-core = %{version}-%{release}, subversion +%description svn +Git tools for importing Subversion repositories. + +%package cvs +Summary: Git tools for importing CVS repositories +Group: Development/Tools +Requires: git-core = %{version}-%{release}, cvs +%description cvs +Git tools for importing CVS repositories. + +%package email +Summary: Git tools for sending email +Group: Development/Tools +Requires: git-core = %{version}-%{release} +%description email +Git tools for sending email. + +%package gui +Summary: Git GUI tool +Group: Development/Tools +Requires: git-core = %{version}-%{release}, tk >= 8.4 +%description gui +Git GUI tool + +%package -n gitk +Summary: Git revision tree visualiser ('gitk') +Group: Development/Tools +Requires: git-core = %{version}-%{release}, tk >= 8.4 +%description -n gitk +Git revision tree visualiser ('gitk') + +%package -n perl-Git +Summary: Perl interface to Git +Group: Development/Libraries +Requires: git-core = %{version}-%{release} +Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) + +%description -n perl-Git +Perl interface to Git + +%prep +%setup -q +%patch0 -p1 +%patch1 -p1 -b .CVE-2008-5516 +%patch2 -p1 -b .CVE-2008-5517 +%patch3 -p1 -b .daemon-extra-args + +%build +make %{_smp_mflags} CFLAGS="$RPM_OPT_FLAGS" \ + ETC_GITCONFIG=/etc/gitconfig \ + prefix=%{_prefix} all %{!?_without_docs: doc} + +%install +rm -rf $RPM_BUILD_ROOT +make %{_smp_mflags} CFLAGS="$RPM_OPT_FLAGS" DESTDIR=$RPM_BUILD_ROOT \ + prefix=%{_prefix} mandir=%{_mandir} \ + ETC_GITCONFIG=/etc/gitconfig \ + INSTALLDIRS=vendor install %{!?_without_docs: install-doc} +mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/xinetd.d +install -m 644 %SOURCE1 $RPM_BUILD_ROOT/%{_sysconfdir}/xinetd.d/git +mkdir -p $RPM_BUILD_ROOT/var/www/git +install -m 644 gitweb/*.png gitweb/*.css $RPM_BUILD_ROOT/var/www/git +install -m 755 gitweb/gitweb.cgi $RPM_BUILD_ROOT/var/www/git +mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d +install -m 0644 %SOURCE2 $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d/git.conf + +find $RPM_BUILD_ROOT -type f -name .packlist -exec rm -f {} ';' +find $RPM_BUILD_ROOT -type f -name '*.bs' -empty -exec rm -f {} ';' +find $RPM_BUILD_ROOT -type f -name perllocal.pod -exec rm -f {} ';' + +# Remove the git-arch bits +find $RPM_BUILD_ROOT -type f -name 'git-archimport*' -exec rm -f {} ';' + +(find $RPM_BUILD_ROOT%{_bindir} -type f | grep -vE "svn|cvs|email|gitk|git-gui|git-citool" | sed -e s@^$RPM_BUILD_ROOT@@) > bin-man-doc-files +(find $RPM_BUILD_ROOT%{perl_vendorlib} -type f | sed -e s@^$RPM_BUILD_ROOT@@) >> perl-files +%if %{!?_without_docs:1}0 +(find $RPM_BUILD_ROOT%{_mandir} $RPM_BUILD_ROOT/Documentation -type f | grep -vE "svn|git-cvs|email|gitk|git-gui|git-citool" | sed -e s@^$RPM_BUILD_ROOT@@ -e 's/$/*/' ) >> bin-man-doc-files +%else +rm -rf $RPM_BUILD_ROOT%{_mandir} +%endif +mkdir -p $RPM_BUILD_ROOT/srv/git + +%clean +rm -rf $RPM_BUILD_ROOT + +%files +# These are no files in the root package + +%files svn +%defattr(-,root,root) +%{_bindir}/*svn* +%doc Documentation/*svn*.txt +%{!?_without_docs: %{_mandir}/man1/*svn*.1*} +%{!?_without_docs: %doc Documentation/*svn*.html } + +%files cvs +%defattr(-,root,root) +%doc Documentation/*git-cvs*.txt +%{_bindir}/*cvs* +%{!?_without_docs: %{_mandir}/man1/*cvs*.1*} +%{!?_without_docs: %doc Documentation/*git-cvs*.html } + +%files email +%defattr(-,root,root) +%doc Documentation/*email*.txt +%{_bindir}/*email* +%{!?_without_docs: %{_mandir}/man1/*email*.1*} +%{!?_without_docs: %doc Documentation/*email*.html } + +%files gui +%defattr(-,root,root) +%{_bindir}/git-gui +%{_bindir}/git-citool +%{_datadir}/git-gui/ +%{!?_without_docs: %{_mandir}/man1/git-gui.1*} +%{!?_without_docs: %doc Documentation/git-gui.html} +%{!?_without_docs: %{_mandir}/man1/git-citool.1*} +%{!?_without_docs: %doc Documentation/git-citool.html} + +%files -n gitk +%defattr(-,root,root) +%doc Documentation/*gitk*.txt +%{_bindir}/*gitk* +%{_datadir}/gitk +%{!?_without_docs: %{_mandir}/man1/*gitk*.1*} +%{!?_without_docs: %doc Documentation/*gitk*.html } + +%files -n perl-Git -f perl-files +%defattr(-,root,root) + +%files core -f bin-man-doc-files +%defattr(-,root,root) +%{_datadir}/git-core/ +%doc README COPYING Documentation/*.txt +%files daemon +%defattr(-,root,root) +%{_bindir}/git-daemon +%config(noreplace)%{_sysconfdir}/xinetd.d/git +/srv/git + +%files -n gitweb +%defattr(-,root,root) +/var/www/git/ +%{_sysconfdir}/httpd/conf.d/git.conf +%{!?_without_docs: %doc Documentation/*.html Documentation/howto} +%{!?_without_docs: %doc Documentation/technical} + + +%changelog +* Fri Jun 19 2009 Todd Zullinger - 1.5.4.7-3 +- Fix git-daemon hang on invalid input (CVE-2009-2108, bug 505761) + +* Mon Jan 12 2009 Todd Zullinger 1.5.4.7-2 +- Backport gitweb fixes for CVE-2008-5516 and CVE-2008-5517 (bug 479715) + +* Sat Dec 20 2008 James Bowes 1.5.4.7-1 +- Update to latest maintenence release. + +* Mon Jul 07 2008 Xavier Bachelot 1.5.3.6-2 +- Drop git-cvs requirement for cvsps, it is not available in EL-4. + +* Wed Dec 05 2007 James Bowes 1.5.3.6-1 +- git-1.5.3.6 (Changes courtesy Josh Boyer) + +* Fri Oct 12 2007 James Bowes 1.5.3.3-1 +- git-1.5.3.3 + +* Mon Jul 23 2007 James Bowes 1.5.2.1-3 +- Remove the git-arch subpackage (tla is not in epel). + +* Fri Jun 22 2007 James Bowes 1.5.2.1-2 +- Remove buildreq on perl(Error) and perl-devel for el4. + +* Fri Jun 08 2007 James Bowes 1.5.2.1-1 +- git-1.5.2.1 + +* Tue May 13 2007 Quy Tonthat +- Added lib files for git-gui +- Added Documentation/technical (As needed by Git Users Manual) + +* Tue May 8 2007 Quy Tonthat +- Added howto files + +* Fri Mar 30 2007 Chris Wright 1.5.0.6-1 +- git-1.5.0.6 + +* Mon Mar 19 2007 Chris Wright 1.5.0.5-1 +- git-1.5.0.5 + +* Tue Mar 13 2007 Chris Wright 1.5.0.3-1 +- git-1.5.0.3 + +* Fri Mar 2 2007 Chris Wright 1.5.0.2-2 +- BuildRequires perl-devel as of perl-5.8.8-14 (bz 230680) + +* Mon Feb 26 2007 Chris Wright 1.5.0.2-1 +- git-1.5.0.2 + +* Mon Feb 13 2007 Nicolas Pitre +- Update core package description (Git isn't as stupid as it used to be) + +* Mon Feb 12 2007 Junio C Hamano +- Add git-gui and git-citool. + +* Sun Dec 10 2006 Chris Wright 1.4.4.2-2 +- no need to install manpages executable (bz 216790) +- use bytes for git-cvsserver + +* Sun Dec 10 2006 Chris Wright 1.4.4.2-1 +- git-1.4.4.2 + +* Mon Nov 6 2006 Jindrich Novy 1.4.2.4-2 +- rebuild against the new curl + +* Tue Oct 17 2006 Chris Wright 1.4.2.4-1 +- git-1.4.2.4 + +* Wed Oct 4 2006 Chris Wright 1.4.2.3-1 +- git-1.4.2.3 + +* Fri Sep 22 2006 Chris Wright 1.4.2.1-1 +- git-1.4.2.1 + +* Mon Sep 11 2006 Chris Wright 1.4.2-1 +- git-1.4.2 + +* Thu Jul 6 2006 Chris Wright 1.4.1-1 +- git-1.4.1 + +* Tue Jun 13 2006 Chris Wright 1.4.0-1 +- git-1.4.0 + +* Thu May 4 2006 Chris Wright 1.3.3-1 +- git-1.3.3 +- enable git-email building, prereqs have been relaxed + +* Thu May 4 2006 Chris Wright 1.3.2-1 +- git-1.3.2 + +* Fri Apr 28 2006 Chris Wright 1.3.1-1 +- git-1.3.1 + +* Wed Apr 19 2006 Chris Wright 1.3.0-1 +- git-1.3.0 + +* Mon Apr 10 2006 Chris Wright 1.2.6-1 +- git-1.2.6 + +* Wed Apr 5 2006 Chris Wright 1.2.5-1 +- git-1.2.5 + +* Wed Mar 1 2006 Chris Wright 1.2.4-1 +- git-1.2.4 + +* Wed Feb 22 2006 Chris Wright 1.2.3-1 +- git-1.2.3 + +* Tue Feb 21 2006 Chris Wright 1.2.2-1 +- git-1.2.2 + +* Thu Feb 16 2006 Chris Wright 1.2.1-1 +- git-1.2.1 + +* Mon Feb 13 2006 Chris Wright 1.2.0-1 +- git-1.2.0 + +* Tue Feb 1 2006 Chris Wright 1.1.6-1 +- git-1.1.6 + +* Tue Jan 24 2006 Chris Wright 1.1.4-1 +- git-1.1.4 + +* Sun Jan 15 2006 Chris Wright 1.1.2-1 +- git-1.1.2 + +* Tue Jan 10 2006 Chris Wright 1.1.1-1 +- git-1.1.1 + +* Tue Jan 10 2006 Chris Wright 1.1.0-1 +- Update to latest git-1.1.0 (drop git-email for now) +- Now creates multiple packages: +- git-core, git-svn, git-cvs, git-arch, gitk + +* Mon Nov 14 2005 H. Peter Anvin 0.99.9j-1 +- Change subpackage names to git- instead of git-core- +- Create empty root package which brings in all subpackages +- Rename git-tk -> gitk + +* Thu Nov 10 2005 Chris Wright 0.99.9g-1 +- zlib dependency fix +- Minor cleanups from split +- Move arch import to separate package as well + +* Tue Sep 27 2005 Jim Radford +- Move programs with non-standard dependencies (svn, cvs, email) + into separate packages + +* Tue Sep 27 2005 H. Peter Anvin +- parallelize build +- COPTS -> CFLAGS + +* Fri Sep 16 2005 Chris Wright 0.99.6-1 +- update to 0.99.6 + +* Fri Sep 16 2005 Horst H. von Brand +- Linus noticed that less is required, added to the dependencies + +* Sun Sep 11 2005 Horst H. von Brand +- Updated dependencies +- Don't assume manpages are gzipped + +* Thu Aug 18 2005 Chris Wright 0.99.4-4 +- drop sh_utils, sh-utils, diffutils, mktemp, and openssl Requires +- use RPM_OPT_FLAGS in spec file, drop patch0 + +* Wed Aug 17 2005 Tom "spot" Callaway 0.99.4-3 +- use dist tag to differentiate between branches +- use rpm optflags by default (patch0) +- own %{_datadir}/git-core/ + +* Mon Aug 15 2005 Chris Wright +- update spec file to fix Buildroot, Requires, and drop Vendor + +* Sun Aug 07 2005 Horst H. von Brand +- Redid the description +- Cut overlong make line, loosened changelog a bit +- I think Junio (or perhaps OSDL?) should be vendor... + +* Thu Jul 14 2005 Eric Biederman +- Add the man pages, and the --without docs build option + +* Wed Jul 7 2005 Chris Wright +- initial git spec file diff --git a/git.xinetd b/git.xinetd new file mode 100644 index 0000000..dcfae91 --- /dev/null +++ b/git.xinetd @@ -0,0 +1,16 @@ +# default: off +# description: The git dæmon allows git repositories to be exported using +# the git:// protocol. + +service git +{ + disable = yes + socket_type = stream + wait = no + user = nobody + server = /usr/bin/git-daemon + server_args = --base-path=/srv/git --export-all --user-path=public_git --syslog --inetd --verbose + log_on_failure += USERID +# xinetd doesn't do this by default. bug #195265 + flags = IPv6 +} diff --git a/gitweb-CVE-2008-5516.patch b/gitweb-CVE-2008-5516.patch new file mode 100644 index 0000000..c8b8620 --- /dev/null +++ b/gitweb-CVE-2008-5516.patch @@ -0,0 +1,143 @@ +From 8f8bfb38271775770cd1da8fb7cfd1e2d7ef2481 Mon Sep 17 00:00:00 2001 +From: Jakub Narebski +Date: Wed, 5 Mar 2008 09:31:55 +0100 +Subject: [PATCH 1/2] gitweb: Fix and simplify pickaxe search + +Instead of using "git-rev-list | git-diff-tree" pipeline for pickaxe +search, use git-log with appropriate options. Besides reducing number +of forks by one, this allows to use list form of open, which in turn +allow to not worry about quoting arguments and to avoid forking shell. + +The options to git-log were chosen to reduce required changes in +pickaxe git command output parsing; gitweb still parses returned +commits one by one. + +Parsing "pickaxe" output is simplified: git_search now reuses +parse_difftree_raw_line and writes affected files as they arrive using +the fact that commit name goes always before [raw] diff. + +While at it long bug of pickaxe search was fixed, namely that the last +commit found by pickaxe search was never shown. + +Signed-off-by: Jakub Narebski +Signed-off-by: Junio C Hamano + +Note: This patch was backported to 1.5.4.7 by Todd Zullinger +. Any blame for problems should come to me, not the +upstream authors. :) +--- + gitweb/gitweb.perl | 83 ++++++++++++++++++++++++++------------------------- + 1 files changed, 42 insertions(+), 41 deletions(-) + +diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl +index 86a6ced..e011393 100755 +--- a/gitweb/gitweb.perl ++++ b/gitweb/gitweb.perl +@@ -5199,50 +5199,18 @@ sub git_search { + print "\n"; + my $alternate = 1; + $/ = "\n"; +- my $git_command = git_cmd_str(); +- my $searchqtext = $searchtext; +- $searchqtext =~ s/'/'\\''/; +- open my $fd, "-|", "$git_command rev-list $hash | " . +- "$git_command diff-tree -r --stdin -S\'$searchqtext\'"; ++ open my $fd, '-|', git_cmd(), '--no-pager', 'log', @diff_opts, ++ '--pretty=format:%H', '--no-abbrev', '--raw', "-S$searchtext"; + undef %co; + my @files; + while (my $line = <$fd>) { +- if (%co && $line =~ m/^:([0-7]{6}) ([0-7]{6}) ([0-9a-fA-F]{40}) ([0-9a-fA-F]{40}) (.)\t(.*)$/) { +- my %set; +- $set{'file'} = $6; +- $set{'from_id'} = $3; +- $set{'to_id'} = $4; +- $set{'id'} = $set{'to_id'}; +- if ($set{'id'} =~ m/0{40}/) { +- $set{'id'} = $set{'from_id'}; +- } +- if ($set{'id'} =~ m/0{40}/) { +- next; +- } +- push @files, \%set; +- } elsif ($line =~ m/^([0-9a-fA-F]{40})$/){ ++ chomp $line; ++ next unless $line; ++ ++ my %set = parse_difftree_raw_line($line); ++ if (defined $set{'commit'}) { ++ # finish previous commit + if (%co) { +- if ($alternate) { +- print "\n"; +- } else { +- print "\n"; +- } +- $alternate ^= 1; +- my $author = chop_and_escape_str($co{'author_name'}, 15, 5); +- print "\n" . +- "\n" . +- "\n" . + "\n" . + "\n"; + } +- %co = parse_commit($1); ++ ++ if ($alternate) { ++ print "\n"; ++ } else { ++ print "\n"; ++ } ++ $alternate ^= 1; ++ %co = parse_commit($set{'commit'}); ++ my $author = chop_and_escape_str($co{'author_name'}, 15, 5); ++ print "\n" . ++ "\n" . ++ "\n" . ++ "\n" . ++ "\n"; ++ } ++ + print "
$co{'age_string_date'}" . $author . "" . +- $cgi->a({-href => href(action=>"commit", hash=>$co{'id'}), +- -class => "list subject"}, +- chop_and_escape_str($co{'title'}, 50) . "
"); +- while (my $setref = shift @files) { +- my %set = %$setref; +- print $cgi->a({-href => href(action=>"blob", hash_base=>$co{'id'}, +- hash=>$set{'id'}, file_name=>$set{'file'}), +- -class => "list"}, +- "" . esc_path($set{'file'}) . "") . +- "
\n"; +- } + print "		" . + $cgi->a({-href => href(action=>"commit", hash=>$co{'id'})}, "commit") . +@@ -5251,11 +5219,44 @@ sub git_search { + print "
$co{'age_string_date'}$author" . ++ $cgi->a({-href => href(action=>"commit", hash=>$co{'id'}), ++ -class => "list subject"}, ++ chop_and_escape_str($co{'title'}, 50) . "
"); ++ } elsif (defined $set{'to_id'}) { ++ next if ($set{'to_id'} =~ m/^0{40}$/); ++ ++ print $cgi->a({-href => href(action=>"blob", hash_base=>$co{'id'}, ++ hash=>$set{'to_id'}, file_name=>$set{'to_file'}), ++ -class => "list"}, ++ "" . esc_path($set{'file'}) . "") . ++ "
\n"; + } + } + close $fd; + ++ # finish last commit (warning: repetition!) ++ if (%co) { ++ print "		" . ++ $cgi->a({-href => href(action=>"commit", hash=>$co{'id'})}, "commit") . ++ " | " . ++ $cgi->a({-href => href(action=>"tree", hash=>$co{'tree'}, hash_base=>$co{'id'})}, "tree"); ++ print "
\n"; + } + +-- +1.6.1 + diff --git a/gitweb-CVE-2008-5517.patch b/gitweb-CVE-2008-5517.patch new file mode 100644 index 0000000..ad69925 --- /dev/null +++ b/gitweb-CVE-2008-5517.patch @@ -0,0 +1,75 @@ +From 2813e6cef24a8b363a97ea0c86bf4494fc453f32 Mon Sep 17 00:00:00 2001 +From: Lea Wiemann +Date: Tue, 17 Jun 2008 23:46:35 +0200 +Subject: [PATCH 2/2] gitweb: quote commands properly when calling the shell + +This eliminates the function git_cmd_str, which was used for composing +command lines, and adds a quote_command function, which quotes all of +its arguments (as in quote.c). + +Signed-off-by: Lea Wiemann +Signed-off-by: Junio C Hamano +--- + gitweb/gitweb.perl | 24 ++++++++++++++---------- + 1 files changed, 14 insertions(+), 10 deletions(-) + +diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl +index e011393..bd50c07 100755 +--- a/gitweb/gitweb.perl ++++ b/gitweb/gitweb.perl +@@ -1396,9 +1396,13 @@ sub git_cmd { + return $GIT, '--git-dir='.$git_dir; + } + +-# returns path to the core git executable and the --git-dir parameter as string +-sub git_cmd_str { +- return join(' ', git_cmd()); ++# quote the given arguments for passing them to the shell ++# quote_command("command", "arg 1", "arg with ' and ! characters") ++# => "'command' 'arg 1' 'arg with '\'' and '\!' characters'" ++# Try to avoid using this function wherever possible. ++sub quote_command { ++ return join(' ', ++ map( { my $a = $_; $a =~ s/(['!])/'\\$1'/g; "'$a'" } @_ )); + } + + # get HEAD ref of given project as hash +@@ -4477,7 +4481,6 @@ sub git_snapshot { + $hash = git_get_head_hash($project); + } + +- my $git_command = git_cmd_str(); + my $name = $project; + $name =~ s,([^/])/*\.git$,$1,; + $name = basename($name); +@@ -4485,11 +4488,12 @@ sub git_snapshot { + $name =~ s/\047/\047\\\047\047/g; + my $cmd; + $filename .= "-$hash$known_snapshot_formats{$format}{'suffix'}"; +- $cmd = "$git_command archive " . +- "--format=$known_snapshot_formats{$format}{'format'} " . +- "--prefix=\'$name\'/ $hash"; ++ $cmd = quote_command( ++ git_cmd(), 'archive', ++ "--format=$known_snapshot_formats{$format}{'format'}", ++ "--prefix=$name/", $hash); + if (exists $known_snapshot_formats{$format}{'compressor'}) { +- $cmd .= ' | ' . join ' ', @{$known_snapshot_formats{$format}{'compressor'}}; ++ $cmd .= ' | ' . quote_command(@{$known_snapshot_formats{$format}{'compressor'}}); + } + + print $cgi->header( +@@ -4702,8 +4706,8 @@ sub git_object { + if ($hash || ($hash_base && !defined $file_name)) { + my $object_id = $hash || $hash_base; + +- my $git_command = git_cmd_str(); +- open my $fd, "-|", "$git_command cat-file -t $object_id 2>/dev/null" ++ open my $fd, "-|", quote_command( ++ git_cmd(), 'cat-file', '-t', $object_id) . ' 2> /dev/null' + or die_error('404 Not Found', "Object does not exist"); + $type = <$fd>; + chomp $type; +-- +1.6.1 + diff --git a/sources b/sources index 6ccf369..db6e98c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -06935e265e7a556d8819a097dcb44f35 git-core-0.99.4.tar.gz +923798b1e3100aaa1be62a19d557188b git-1.5.4.7.tar.gz