dist-git conversion

#2781)

.cvsignore

@@ -1 +0,0 @@
-git-core-0.99.4.tar.gz

.gitignore

@@ -0,0 +1 @@
+git-1.5.4.7.tar.gz

Makefile

@@ -1,21 +0,0 @@
-# Makefile for source rpm: git-core
-# $Id$
-NAME := git-core
-SPECFILE = $(firstword $(wildcard *.spec))
-
-define find-makefile-common
-for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
-endef
-
-MAKEFILE_COMMON := $(shell $(find-makefile-common))
-
-ifeq ($(MAKEFILE_COMMON),)
-# attept a checkout
-define checkout-makefile-common
-test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
-endef
-
-MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
-endif
-
-include $(MAKEFILE_COMMON)

git-1.5-gitweb-home-link.patch

@@ -0,0 +1,11 @@
+--- git-1.5.0.6/gitweb/gitweb.perl~	2007-03-30 01:37:05.000000000 +0100
++++ git-1.5.0.6/gitweb/gitweb.perl	2007-05-07 08:31:37.000000000 +0100
+@@ -39,7 +39,7 @@ our $projectroot = "++GITWEB_PROJECTROOT
+ our $home_link = $my_uri || "/";
+ 
+ # string of the home link on top of all pages
+-our $home_link_str = "++GITWEB_HOME_LINK_STR++";
++our $home_link_str = $ENV{'SERVER_NAME'} ? "git://" . $ENV{'SERVER_NAME'} : "projects";
+ 
+ # name of your site or organization to appear in page titles
+ # replace this with something more descriptive for clearer bookmarks

git-1.5.4.7-daemon-extra-args.patch

@@ -0,0 +1,114 @@
+From 96c61f0fa25770a4b6f92243ee2b3ee2769f7f00 Mon Sep 17 00:00:00 2001
+From: Shawn O. Pearce <spearce@spearce.org>
+Date: Thu, 4 Jun 2009 18:33:32 -0700
+Subject: [PATCH] daemon: Strictly parse the "extra arg" part of the command
+
+This is a backport of upstream commit 73bb33a.
+
+Since 1.4.4.5 (49ba83fb67 "Add virtualization support to git-daemon")
+git daemon enters an infinite loop and never terminates if a client
+hides any extra arguments in the initial request line which is not
+exactly "\0host=blah\0".
+
+Since that change, a client must never insert additional extra
+arguments, or attempt to use any argument other than "host=", as
+any daemon will get stuck parsing the request line and will never
+complete the request.
+
+Since the client can't tell if the daemon is patched or not, it
+is not possible to know if additional extra args might actually be
+able to be safely requested.
+
+If we ever need to extend the git daemon protocol to support a new
+feature, we may have to do something like this to the exchange:
+
+  # If both support git:// v2
+  #
+  C: 000cgit://v2
+  S: 0010ok host user
+  C: 0018host git.kernel.org
+  C: 0027git-upload-pack /pub/linux-2.6.git
+  S: ...git-upload-pack header...
+
+  # If client supports git:// v2, server does not:
+  #
+  C: 000cgit://v2
+  S: <EOF>
+
+  C: 003bgit-upload-pack /pub/linux-2.6.git\0host=git.kernel.org\0
+  S: ...git-upload-pack header...
+
+This requires the client to create two TCP connections to talk to
+an older git daemon, however all daemons since the introduction of
+daemon.c will safely reject the unknown "git://v2" command request,
+so the client can quite easily determine the server supports an
+older protocol.
+
+Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
+Signed-off-by: Junio C Hamano <gitster@pobox.com>
+---
+ connect.c |    5 ++++-
+ daemon.c  |   11 ++++++-----
+ 2 files changed, 10 insertions(+), 6 deletions(-)
+
+diff --git a/connect.c b/connect.c
+index 71597d4..b7bc917 100644
+--- a/connect.c
++++ b/connect.c
+@@ -569,7 +569,10 @@ struct child_process *git_connect(int fd[2], const char *url_orig,
+ 			git_tcp_connect(fd, host, flags);
+ 		/*
+ 		 * Separate original protocol components prog and path
+-		 * from extended components with a NUL byte.
++		 * from extended host header with a NUL byte.
++		 *
++		 * Note: Do not add any other headers here!  Doing so
++		 * will cause older git-daemon servers to crash.
+ 		 */
+ 		packet_write(fd[1],
+ 			     "%s %s%chost=%s%c",
+diff --git a/daemon.c b/daemon.c
+index 2b4a6f1..5566a6f 100644
+--- a/daemon.c
++++ b/daemon.c
+@@ -431,16 +431,15 @@ static void make_service_overridable(const char *name, int ena)
+ }
+ 
+ /*
+- * Separate the "extra args" information as supplied by the client connection.
+- * Any resulting data is squirreled away in the given interpolation table.
++ * Read the host as supplied by the client connection.
+  */
+-static void parse_extra_args(struct interp *table, char *extra_args, int buflen)
++static void parse_host_arg(struct interp *table, char *extra_args, int buflen)
+ {
+ 	char *val;
+ 	int vallen;
+ 	char *end = extra_args + buflen;
+ 
+-	while (extra_args < end && *extra_args) {
++	if (extra_args < end && *extra_args) {
+ 		saw_extended_args = 1;
+ 		if (strncasecmp("host=", extra_args, 5) == 0) {
+ 			val = extra_args + 5;
+@@ -460,6 +459,8 @@ static void parse_extra_args(struct interp *table, char *extra_args, int buflen)
+ 			/* On to the next one */
+ 			extra_args = val + vallen;
+ 		}
++		if (extra_args < end && *extra_args)
++			die("Invalid request");
+ 	}
+ }
+ 
+@@ -579,7 +580,7 @@ static int execute(struct sockaddr *addr)
+ 	interp_set_entry(interp_table, INTERP_SLOT_PERCENT, "%");
+ 
+ 	if (len != pktlen) {
+-	    parse_extra_args(interp_table, line + len + 1, pktlen - len - 1);
++	    parse_host_arg(interp_table, line + len + 1, pktlen - len - 1);
+ 	    fill_in_extra_table_entries(interp_table);
+ 	}
+ 
+-- 
+1.6.3.2
+

git-core.spec

@@ -1,68 +0,0 @@
-# Pass --without docs to rpmbuild if you don't want the documetnation
-Name: 		git-core
-Version: 	0.99.4
-Release: 	4%{?dist}
-Summary:  	Git core and tools
-License: 	GPL
-Group: 		Development/Tools
-URL: 		http://kernel.org/pub/software/scm/git/
-Source: 	http://kernel.org/pub/software/scm/git/%{name}-%{version}.tar.gz
-BuildRequires:	zlib-devel, openssl-devel, curl-devel  %{!?_without_docs:, xmlto, asciidoc > 6.0.3}
-BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-Requires: 	rsync, rcs, curl
-
-%description
-This is a stupid (but extremely fast) directory content manager.  It
-doesn't do a whole lot, but what it _does_ do is track directory
-contents efficiently. It is intended to be the base of an efficient,
-distributed source code management system. This package includes
-rudimentary tools that can be used as a SCM, but you should look
-elsewhere for tools for ordinary humans layered on top of this.
-
-%prep
-%setup -q
-
-%build
-make COPTS="$RPM_OPT_FLAGS" prefix=%{_prefix} all %{!?_without_docs: doc}
-make COPTS="$RPM_OPT_FLAGS" -C tools all
-
-%install
-rm -rf $RPM_BUILD_ROOT
-make dest=$RPM_BUILD_ROOT prefix=%{_prefix} mandir=%{_mandir} \
-     install install-tools %{!?_without_docs: install-doc}
-
-%clean
-rm -rf $RPM_BUILD_ROOT
-
-%files
-%defattr(-,root,root)
-%{_bindir}/*
-%{_datadir}/git-core/
-%doc README COPYING Documentation/*.txt
-%{!?_without_docs: %doc Documentation/*.html }
-%{!?_without_docs: %{_mandir}/man1/*.1.gz}
-%{!?_without_docs: %{_mandir}/man7/*.7.gz}
-
-%changelog
-* Thu Aug 18 2005 Chris Wright <chrisw@osdl.org> 0.99.4-4
-- drop sh_utils, sh-utils, diffutils, mktemp, and openssl Requires
-- use RPM_OPT_FLAGS in spec file, drop patch0
-
-* Wed Aug 17 2005 Tom "spot" Callaway <tcallawa@redhat.com> 0.99.4-3
-- use dist tag to differentiate between branches
-- use rpm optflags by default (patch0)
-- own %{_datadir}/git-core/
-
-* Mon Aug 15 2005 Chris Wright <chrisw@osdl.org>
-- update spec file to fix Buildroot, Requires, and drop Vendor
-
-* Sun Aug 07 2005 Horst H. von Brand <vonbrand@inf.utfsm.cl>
-- Redid the description
-- Cut overlong make line, loosened changelog a bit
-- I think Junio (or perhaps OSDL?) should be vendor...
-
-* Thu Jul 14 2005 Eric Biederman <ebiederm@xmission.com>
-- Add the man pages, and the --without docs build option
-
-* Wed Jul 7 2005 Chris Wright <chris@osdl.org>
-- initial git spec file

git.conf.httpd

@@ -0,0 +1,6 @@
+Alias /git /var/www/git
+
+<Directory /var/www/git>
+  Options +ExecCGI
+  AddHandler cgi-script .cgi
+</Directory>

git.spec

@@ -0,0 +1,388 @@
+# Pass --without docs to rpmbuild if you don't want the documentation
+Name: 		git
+Version: 	1.5.4.7
+Release: 	3%{?dist}
+Summary:  	Git core and tools
+License: 	GPL
+Group: 		Development/Tools
+URL: 		http://kernel.org/pub/software/scm/git/
+Source: 	http://kernel.org/pub/software/scm/git/%{name}-%{version}.tar.gz
+Source1:	git.xinetd
+Source2:	git.conf.httpd
+Patch0:		git-1.5-gitweb-home-link.patch
+Patch1:		gitweb-CVE-2008-5516.patch
+Patch2:		gitweb-CVE-2008-5517.patch
+Patch3:         git-1.5.4.7-daemon-extra-args.patch
+BuildRequires:	perl, zlib-devel >= 1.2, openssl-devel, curl-devel, expat-devel, gettext %{!?_without_docs:, xmlto, asciidoc > 6.0.3}
+BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+Requires:	git-core, git-svn, git-cvs, git-email, gitk, git-gui, perl-Git
+
+%description
+Git is a fast, scalable, distributed revision control system with an
+unusually rich command set that provides both high-level operations
+and full access to internals.
+
+This is a dummy package which brings in all subpackages.
+
+%package core
+Summary:	Core git tools
+Group:		Development/Tools
+Requires:	zlib >= 1.2, rsync, curl, less, openssh-clients, expat
+%description core
+Git is a fast, scalable, distributed revision control system with an
+unusually rich command set that provides both high-level operations
+and full access to internals.
+
+These are the core tools with minimal dependencies.
+
+%package daemon
+Summary:	Git protocol daemon
+Group:		Development/Tools
+Requires:	git-core = %{version}-%{release}
+%description daemon
+The git dæmon for supporting git:// access to git repositories
+
+%package -n gitweb
+Summary:	Simple web interface to git repositories
+Group:		Development/Tools
+Requires:	git-core = %{version}-%{release}
+%description -n gitweb
+Simple web interface to track changes in git repositories
+
+%package svn
+Summary:        Git tools for importing Subversion repositories
+Group:          Development/Tools
+Requires:       git-core = %{version}-%{release}, subversion
+%description svn
+Git tools for importing Subversion repositories.
+
+%package cvs
+Summary:        Git tools for importing CVS repositories
+Group:          Development/Tools
+Requires:       git-core = %{version}-%{release}, cvs
+%description cvs
+Git tools for importing CVS repositories.
+
+%package email
+Summary:        Git tools for sending email
+Group:          Development/Tools
+Requires:	git-core = %{version}-%{release} 
+%description email
+Git tools for sending email.
+
+%package gui
+Summary:        Git GUI tool
+Group:          Development/Tools
+Requires:       git-core = %{version}-%{release}, tk >= 8.4
+%description gui
+Git GUI tool
+
+%package -n gitk
+Summary:        Git revision tree visualiser ('gitk')
+Group:          Development/Tools
+Requires:       git-core = %{version}-%{release}, tk >= 8.4
+%description -n gitk
+Git revision tree visualiser ('gitk')
+
+%package -n perl-Git
+Summary:        Perl interface to Git
+Group:          Development/Libraries
+Requires:       git-core = %{version}-%{release}
+Requires:       perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
+
+%description -n perl-Git
+Perl interface to Git
+
+%prep
+%setup -q
+%patch0 -p1
+%patch1 -p1 -b .CVE-2008-5516
+%patch2 -p1 -b .CVE-2008-5517
+%patch3 -p1 -b .daemon-extra-args
+
+%build
+make %{_smp_mflags} CFLAGS="$RPM_OPT_FLAGS" \
+     ETC_GITCONFIG=/etc/gitconfig \
+     prefix=%{_prefix} all %{!?_without_docs: doc}
+
+%install
+rm -rf $RPM_BUILD_ROOT
+make %{_smp_mflags} CFLAGS="$RPM_OPT_FLAGS" DESTDIR=$RPM_BUILD_ROOT \
+     prefix=%{_prefix} mandir=%{_mandir} \
+     ETC_GITCONFIG=/etc/gitconfig \
+     INSTALLDIRS=vendor install %{!?_without_docs: install-doc}
+mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/xinetd.d
+install -m 644 %SOURCE1 $RPM_BUILD_ROOT/%{_sysconfdir}/xinetd.d/git
+mkdir -p $RPM_BUILD_ROOT/var/www/git
+install -m 644 gitweb/*.png gitweb/*.css $RPM_BUILD_ROOT/var/www/git
+install -m 755 gitweb/gitweb.cgi $RPM_BUILD_ROOT/var/www/git
+mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d
+install -m 0644 %SOURCE2 $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d/git.conf
+
+find $RPM_BUILD_ROOT -type f -name .packlist -exec rm -f {} ';'
+find $RPM_BUILD_ROOT -type f -name '*.bs' -empty -exec rm -f {} ';'
+find $RPM_BUILD_ROOT -type f -name perllocal.pod -exec rm -f {} ';'
+
+# Remove the git-arch bits
+find $RPM_BUILD_ROOT -type f -name 'git-archimport*' -exec rm -f {} ';'
+
+(find $RPM_BUILD_ROOT%{_bindir} -type f | grep -vE "svn|cvs|email|gitk|git-gui|git-citool" | sed -e s@^$RPM_BUILD_ROOT@@)               > bin-man-doc-files
+(find $RPM_BUILD_ROOT%{perl_vendorlib} -type f | sed -e s@^$RPM_BUILD_ROOT@@) >> perl-files
+%if %{!?_without_docs:1}0
+(find $RPM_BUILD_ROOT%{_mandir} $RPM_BUILD_ROOT/Documentation -type f | grep -vE "svn|git-cvs|email|gitk|git-gui|git-citool" | sed -e s@^$RPM_BUILD_ROOT@@ -e 's/$/*/' ) >> bin-man-doc-files
+%else
+rm -rf $RPM_BUILD_ROOT%{_mandir}
+%endif
+mkdir -p $RPM_BUILD_ROOT/srv/git
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%files
+# These are no files in the root package
+
+%files svn
+%defattr(-,root,root)
+%{_bindir}/*svn*
+%doc Documentation/*svn*.txt
+%{!?_without_docs: %{_mandir}/man1/*svn*.1*}
+%{!?_without_docs: %doc Documentation/*svn*.html }
+
+%files cvs
+%defattr(-,root,root)
+%doc Documentation/*git-cvs*.txt
+%{_bindir}/*cvs*
+%{!?_without_docs: %{_mandir}/man1/*cvs*.1*}
+%{!?_without_docs: %doc Documentation/*git-cvs*.html }
+
+%files email
+%defattr(-,root,root)
+%doc Documentation/*email*.txt
+%{_bindir}/*email*
+%{!?_without_docs: %{_mandir}/man1/*email*.1*}
+%{!?_without_docs: %doc Documentation/*email*.html }
+
+%files gui
+%defattr(-,root,root)
+%{_bindir}/git-gui
+%{_bindir}/git-citool
+%{_datadir}/git-gui/
+%{!?_without_docs: %{_mandir}/man1/git-gui.1*}
+%{!?_without_docs: %doc Documentation/git-gui.html}
+%{!?_without_docs: %{_mandir}/man1/git-citool.1*}
+%{!?_without_docs: %doc Documentation/git-citool.html}
+
+%files -n gitk
+%defattr(-,root,root)
+%doc Documentation/*gitk*.txt
+%{_bindir}/*gitk*
+%{_datadir}/gitk
+%{!?_without_docs: %{_mandir}/man1/*gitk*.1*}
+%{!?_without_docs: %doc Documentation/*gitk*.html }
+
+%files -n perl-Git -f perl-files
+%defattr(-,root,root)
+
+%files core -f bin-man-doc-files
+%defattr(-,root,root)
+%{_datadir}/git-core/
+%doc README COPYING Documentation/*.txt
+%files daemon
+%defattr(-,root,root)
+%{_bindir}/git-daemon
+%config(noreplace)%{_sysconfdir}/xinetd.d/git
+/srv/git
+
+%files -n gitweb
+%defattr(-,root,root)
+/var/www/git/
+%{_sysconfdir}/httpd/conf.d/git.conf
+%{!?_without_docs: %doc Documentation/*.html Documentation/howto}
+%{!?_without_docs: %doc Documentation/technical}
+
+
+%changelog
+* Fri Jun 19 2009 Todd Zullinger <tmz@pobox.com> - 1.5.4.7-3
+- Fix git-daemon hang on invalid input (CVE-2009-2108, bug 505761)
+
+* Mon Jan 12 2009 Todd Zullinger <tmz@pobox.com> 1.5.4.7-2
+- Backport gitweb fixes for CVE-2008-5516 and CVE-2008-5517 (bug 479715)
+
+* Sat Dec 20 2008 James Bowes <jbowes@redhat.com> 1.5.4.7-1
+- Update to latest maintenence release.
+
+* Mon Jul 07 2008 Xavier Bachelot <xavier@bachelot.org> 1.5.3.6-2
+- Drop git-cvs requirement for cvsps, it is not available in EL-4.
+
+* Wed Dec 05 2007 James Bowes <jbowes@redhat.com> 1.5.3.6-1
+- git-1.5.3.6 (Changes courtesy Josh Boyer)
+
+* Fri Oct 12 2007 James Bowes <jbowes@redhat.com> 1.5.3.3-1
+- git-1.5.3.3
+
+* Mon Jul 23 2007 James Bowes <jbowes@redhat.com> 1.5.2.1-3
+- Remove the git-arch subpackage (tla is not in epel).
+
+* Fri Jun 22 2007 James Bowes <jbowes@redhat.com> 1.5.2.1-2
+- Remove buildreq on perl(Error)  and perl-devel for el4.
+
+* Fri Jun 08 2007 James Bowes <jbowes@redhat.com> 1.5.2.1-1
+- git-1.5.2.1
+
+* Tue May 13 2007 Quy Tonthat <qtonthat@gmail.com>
+- Added lib files for git-gui
+- Added Documentation/technical (As needed by Git Users Manual)
+
+* Tue May 8 2007 Quy Tonthat <qtonthat@gmail.com>
+- Added howto files
+
+* Fri Mar 30 2007 Chris Wright <chrisw@redhat.com> 1.5.0.6-1
+- git-1.5.0.6
+
+* Mon Mar 19 2007 Chris Wright <chrisw@redhat.com> 1.5.0.5-1
+- git-1.5.0.5
+
+* Tue Mar 13 2007 Chris Wright <chrisw@redhat.com> 1.5.0.3-1
+- git-1.5.0.3
+
+* Fri Mar 2 2007 Chris Wright <chrisw@redhat.com> 1.5.0.2-2
+- BuildRequires perl-devel as of perl-5.8.8-14 (bz 230680)
+
+* Mon Feb 26 2007 Chris Wright <chrisw@redhat.com> 1.5.0.2-1
+- git-1.5.0.2
+
+* Mon Feb 13 2007 Nicolas Pitre <nico@cam.org>
+- Update core package description (Git isn't as stupid as it used to be)
+
+* Mon Feb 12 2007 Junio C Hamano <junkio@cox.net>
+- Add git-gui and git-citool.
+
+* Sun Dec 10 2006 Chris Wright <chrisw@redhat.com> 1.4.4.2-2
+- no need to install manpages executable (bz 216790)
+- use bytes for git-cvsserver
+
+* Sun Dec 10 2006 Chris Wright <chrisw@redhat.com> 1.4.4.2-1
+- git-1.4.4.2
+
+* Mon Nov 6 2006 Jindrich Novy <jnovy@redhat.com> 1.4.2.4-2
+- rebuild against the new curl
+
+* Tue Oct 17 2006 Chris Wright <chrisw@redhat.com> 1.4.2.4-1
+- git-1.4.2.4
+
+* Wed Oct 4 2006 Chris Wright <chrisw@redhat.com> 1.4.2.3-1
+- git-1.4.2.3
+
+* Fri Sep 22 2006 Chris Wright <chrisw@redhat.com> 1.4.2.1-1
+- git-1.4.2.1
+
+* Mon Sep 11 2006 Chris Wright <chrisw@redhat.com> 1.4.2-1
+- git-1.4.2
+
+* Thu Jul 6 2006 Chris Wright <chrisw@redhat.com> 1.4.1-1
+- git-1.4.1
+
+* Tue Jun 13 2006 Chris Wright <chrisw@redhat.com> 1.4.0-1
+- git-1.4.0
+
+* Thu May 4 2006 Chris Wright <chrisw@redhat.com> 1.3.3-1
+- git-1.3.3
+- enable git-email building, prereqs have been relaxed
+
+* Thu May 4 2006 Chris Wright <chrisw@redhat.com> 1.3.2-1
+- git-1.3.2
+
+* Fri Apr 28 2006 Chris Wright <chrisw@redhat.com> 1.3.1-1
+- git-1.3.1
+
+* Wed Apr 19 2006 Chris Wright <chrisw@redhat.com> 1.3.0-1
+- git-1.3.0
+
+* Mon Apr 10 2006 Chris Wright <chrisw@redhat.com> 1.2.6-1
+- git-1.2.6
+
+* Wed Apr 5 2006 Chris Wright <chrisw@redhat.com> 1.2.5-1
+- git-1.2.5
+
+* Wed Mar 1 2006 Chris Wright <chrisw@redhat.com> 1.2.4-1
+- git-1.2.4
+
+* Wed Feb 22 2006 Chris Wright <chrisw@redhat.com> 1.2.3-1
+- git-1.2.3
+
+* Tue Feb 21 2006 Chris Wright <chrisw@redhat.com> 1.2.2-1
+- git-1.2.2
+
+* Thu Feb 16 2006 Chris Wright <chrisw@redhat.com> 1.2.1-1
+- git-1.2.1
+
+* Mon Feb 13 2006 Chris Wright <chrisw@redhat.com> 1.2.0-1
+- git-1.2.0
+
+* Tue Feb 1 2006 Chris Wright <chrisw@redhat.com> 1.1.6-1
+- git-1.1.6
+
+* Tue Jan 24 2006 Chris Wright <chrisw@redhat.com> 1.1.4-1
+- git-1.1.4
+
+* Sun Jan 15 2006 Chris Wright <chrisw@redhat.com> 1.1.2-1
+- git-1.1.2
+
+* Tue Jan 10 2006 Chris Wright <chrisw@redhat.com> 1.1.1-1
+- git-1.1.1
+
+* Tue Jan 10 2006 Chris Wright <chrisw@redhat.com> 1.1.0-1
+- Update to latest git-1.1.0 (drop git-email for now)
+- Now creates multiple packages:
+-	 git-core, git-svn, git-cvs, git-arch, gitk
+
+* Mon Nov 14 2005 H. Peter Anvin <hpa@zytor.com> 0.99.9j-1
+- Change subpackage names to git-<name> instead of git-core-<name>
+- Create empty root package which brings in all subpackages
+- Rename git-tk -> gitk
+
+* Thu Nov 10 2005 Chris Wright <chrisw@osdl.org> 0.99.9g-1
+- zlib dependency fix
+- Minor cleanups from split
+- Move arch import to separate package as well
+
+* Tue Sep 27 2005 Jim Radford <radford@blackbean.org>
+- Move programs with non-standard dependencies (svn, cvs, email)
+  into separate packages
+
+* Tue Sep 27 2005 H. Peter Anvin <hpa@zytor.com>
+- parallelize build
+- COPTS -> CFLAGS
+
+* Fri Sep 16 2005 Chris Wright <chrisw@osdl.org> 0.99.6-1
+- update to 0.99.6
+
+* Fri Sep 16 2005 Horst H. von Brand <vonbrand@inf.utfsm.cl>
+- Linus noticed that less is required, added to the dependencies
+
+* Sun Sep 11 2005 Horst H. von Brand <vonbrand@inf.utfsm.cl>
+- Updated dependencies
+- Don't assume manpages are gzipped
+
+* Thu Aug 18 2005 Chris Wright <chrisw@osdl.org> 0.99.4-4
+- drop sh_utils, sh-utils, diffutils, mktemp, and openssl Requires
+- use RPM_OPT_FLAGS in spec file, drop patch0
+
+* Wed Aug 17 2005 Tom "spot" Callaway <tcallawa@redhat.com> 0.99.4-3
+- use dist tag to differentiate between branches
+- use rpm optflags by default (patch0)
+- own %{_datadir}/git-core/
+
+* Mon Aug 15 2005 Chris Wright <chrisw@osdl.org>
+- update spec file to fix Buildroot, Requires, and drop Vendor
+
+* Sun Aug 07 2005 Horst H. von Brand <vonbrand@inf.utfsm.cl>
+- Redid the description
+- Cut overlong make line, loosened changelog a bit
+- I think Junio (or perhaps OSDL?) should be vendor...
+
+* Thu Jul 14 2005 Eric Biederman <ebiederm@xmission.com>
+- Add the man pages, and the --without docs build option
+
+* Wed Jul 7 2005 Chris Wright <chris@osdl.org>
+- initial git spec file

git.xinetd

@@ -0,0 +1,16 @@
+# default: off
+# description: The git dæmon allows git repositories to be exported using
+#	the git:// protocol.
+
+service git
+{
+        disable		= yes
+        socket_type     = stream
+        wait            = no
+        user            = nobody
+        server          = /usr/bin/git-daemon
+        server_args     = --base-path=/srv/git --export-all --user-path=public_git --syslog --inetd --verbose
+        log_on_failure  += USERID
+# xinetd doesn't do this by default. bug #195265
+        flags		= IPv6
+}

gitweb-CVE-2008-5516.patch

@@ -0,0 +1,143 @@
+From 8f8bfb38271775770cd1da8fb7cfd1e2d7ef2481 Mon Sep 17 00:00:00 2001
+From: Jakub Narebski <jnareb@gmail.com>
+Date: Wed, 5 Mar 2008 09:31:55 +0100
+Subject: [PATCH 1/2] gitweb: Fix and simplify pickaxe search
+
+Instead of using "git-rev-list | git-diff-tree" pipeline for pickaxe
+search, use git-log with appropriate options.  Besides reducing number
+of forks by one, this allows to use list form of open, which in turn
+allow to not worry about quoting arguments and to avoid forking shell.
+
+The options to git-log were chosen to reduce required changes in
+pickaxe git command output parsing; gitweb still parses returned
+commits one by one.
+
+Parsing "pickaxe" output is simplified: git_search now reuses
+parse_difftree_raw_line and writes affected files as they arrive using
+the fact that commit name goes always before [raw] diff.
+
+While at it long bug of pickaxe search was fixed, namely that the last
+commit found by pickaxe search was never shown.
+
+Signed-off-by: Jakub Narebski <jnareb@gmail.com>
+Signed-off-by: Junio C Hamano <gitster@pobox.com>
+
+Note: This patch was backported to 1.5.4.7 by Todd Zullinger
+<tmz@pobox.com>.  Any blame for problems should come to me, not the
+upstream authors. :)
+---
+ gitweb/gitweb.perl |   83 ++++++++++++++++++++++++++-------------------------
+ 1 files changed, 42 insertions(+), 41 deletions(-)
+
+diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl
+index 86a6ced..e011393 100755
+--- a/gitweb/gitweb.perl
++++ b/gitweb/gitweb.perl
+@@ -5199,50 +5199,18 @@ sub git_search {
+ 		print "<table class=\"pickaxe search\">\n";
+ 		my $alternate = 1;
+ 		$/ = "\n";
+-		my $git_command = git_cmd_str();
+-		my $searchqtext = $searchtext;
+-		$searchqtext =~ s/'/'\\''/;
+-		open my $fd, "-|", "$git_command rev-list $hash | " .
+-			"$git_command diff-tree -r --stdin -S\'$searchqtext\'";
++		open my $fd, '-|', git_cmd(), '--no-pager', 'log', @diff_opts,
++			'--pretty=format:%H', '--no-abbrev', '--raw', "-S$searchtext";
+ 		undef %co;
+ 		my @files;
+ 		while (my $line = <$fd>) {
+-			if (%co && $line =~ m/^:([0-7]{6}) ([0-7]{6}) ([0-9a-fA-F]{40}) ([0-9a-fA-F]{40}) (.)\t(.*)$/) {
+-				my %set;
+-				$set{'file'} = $6;
+-				$set{'from_id'} = $3;
+-				$set{'to_id'} = $4;
+-				$set{'id'} = $set{'to_id'};
+-				if ($set{'id'} =~ m/0{40}/) {
+-					$set{'id'} = $set{'from_id'};
+-				}
+-				if ($set{'id'} =~ m/0{40}/) {
+-					next;
+-				}
+-				push @files, \%set;
+-			} elsif ($line =~ m/^([0-9a-fA-F]{40})$/){
++			chomp $line;
++			next unless $line;
++
++			my %set = parse_difftree_raw_line($line);
++			if (defined $set{'commit'}) {
++				# finish previous commit
+ 				if (%co) {
+-					if ($alternate) {
+-						print "<tr class=\"dark\">\n";
+-					} else {
+-						print "<tr class=\"light\">\n";
+-					}
+-					$alternate ^= 1;
+-					my $author = chop_and_escape_str($co{'author_name'}, 15, 5);
+-					print "<td title=\"$co{'age_string_age'}\"><i>$co{'age_string_date'}</i></td>\n" .
+-					      "<td><i>" . $author . "</i></td>\n" .
+-					      "<td>" .
+-					      $cgi->a({-href => href(action=>"commit", hash=>$co{'id'}),
+-					              -class => "list subject"},
+-					              chop_and_escape_str($co{'title'}, 50) . "<br/>");
+-					while (my $setref = shift @files) {
+-						my %set = %$setref;
+-						print $cgi->a({-href => href(action=>"blob", hash_base=>$co{'id'},
+-						                             hash=>$set{'id'}, file_name=>$set{'file'}),
+-						              -class => "list"},
+-						              "<span class=\"match\">" . esc_path($set{'file'}) . "</span>") .
+-						      "<br/>\n";
+-					}
+ 					print "</td>\n" .
+ 					      "<td class=\"link\">" .
+ 					      $cgi->a({-href => href(action=>"commit", hash=>$co{'id'})}, "commit") .
+@@ -5251,11 +5219,44 @@ sub git_search {
+ 					print "</td>\n" .
+ 					      "</tr>\n";
+ 				}
+-				%co = parse_commit($1);
++
++				if ($alternate) {
++					print "<tr class=\"dark\">\n";
++				} else {
++					print "<tr class=\"light\">\n";
++				}
++				$alternate ^= 1;
++				%co = parse_commit($set{'commit'});
++				my $author = chop_and_escape_str($co{'author_name'}, 15, 5);
++				print "<td title=\"$co{'age_string_age'}\"><i>$co{'age_string_date'}</i></td>\n" .
++				      "<td><i>$author</i></td>\n" .
++				      "<td>" .
++				      $cgi->a({-href => href(action=>"commit", hash=>$co{'id'}),
++				              -class => "list subject"},
++				              chop_and_escape_str($co{'title'}, 50) . "<br/>");
++			} elsif (defined $set{'to_id'}) {
++				next if ($set{'to_id'} =~ m/^0{40}$/);
++
++				print $cgi->a({-href => href(action=>"blob", hash_base=>$co{'id'},
++				                             hash=>$set{'to_id'}, file_name=>$set{'to_file'}),
++				              -class => "list"},
++				              "<span class=\"match\">" . esc_path($set{'file'}) . "</span>") .
++				      "<br/>\n";
+ 			}
+ 		}
+ 		close $fd;
+ 
++		# finish last commit (warning: repetition!)
++		if (%co) {
++			print "</td>\n" .
++			      "<td class=\"link\">" .
++			      $cgi->a({-href => href(action=>"commit", hash=>$co{'id'})}, "commit") .
++			      " | " .
++			      $cgi->a({-href => href(action=>"tree", hash=>$co{'tree'}, hash_base=>$co{'id'})}, "tree");
++			print "</td>\n" .
++			      "</tr>\n";
++		}
++
+ 		print "</table>\n";
+ 	}
+ 
+-- 
+1.6.1
+

gitweb-CVE-2008-5517.patch

@@ -0,0 +1,75 @@
+From 2813e6cef24a8b363a97ea0c86bf4494fc453f32 Mon Sep 17 00:00:00 2001
+From: Lea Wiemann <lewiemann@gmail.com>
+Date: Tue, 17 Jun 2008 23:46:35 +0200
+Subject: [PATCH 2/2] gitweb: quote commands properly when calling the shell
+
+This eliminates the function git_cmd_str, which was used for composing
+command lines, and adds a quote_command function, which quotes all of
+its arguments (as in quote.c).
+
+Signed-off-by: Lea Wiemann <LeWiemann@gmail.com>
+Signed-off-by: Junio C Hamano <gitster@pobox.com>
+---
+ gitweb/gitweb.perl |   24 ++++++++++++++----------
+ 1 files changed, 14 insertions(+), 10 deletions(-)
+
+diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl
+index e011393..bd50c07 100755
+--- a/gitweb/gitweb.perl
++++ b/gitweb/gitweb.perl
+@@ -1396,9 +1396,13 @@ sub git_cmd {
+ 	return $GIT, '--git-dir='.$git_dir;
+ }
+ 
+-# returns path to the core git executable and the --git-dir parameter as string
+-sub git_cmd_str {
+-	return join(' ', git_cmd());
++# quote the given arguments for passing them to the shell
++# quote_command("command", "arg 1", "arg with ' and ! characters")
++# => "'command' 'arg 1' 'arg with '\'' and '\!' characters'"
++# Try to avoid using this function wherever possible.
++sub quote_command {
++	return join(' ',
++		    map( { my $a = $_; $a =~ s/(['!])/'\\$1'/g; "'$a'" } @_ ));
+ }
+ 
+ # get HEAD ref of given project as hash
+@@ -4477,7 +4481,6 @@ sub git_snapshot {
+ 		$hash = git_get_head_hash($project);
+ 	}
+ 
+-	my $git_command = git_cmd_str();
+ 	my $name = $project;
+ 	$name =~ s,([^/])/*\.git$,$1,;
+ 	$name = basename($name);
+@@ -4485,11 +4488,12 @@ sub git_snapshot {
+ 	$name =~ s/\047/\047\\\047\047/g;
+ 	my $cmd;
+ 	$filename .= "-$hash$known_snapshot_formats{$format}{'suffix'}";
+-	$cmd = "$git_command archive " .
+-		"--format=$known_snapshot_formats{$format}{'format'} " .
+-		"--prefix=\'$name\'/ $hash";
++	$cmd = quote_command(
++		git_cmd(), 'archive',
++		"--format=$known_snapshot_formats{$format}{'format'}",
++		"--prefix=$name/", $hash);
+ 	if (exists $known_snapshot_formats{$format}{'compressor'}) {
+-		$cmd .= ' | ' . join ' ', @{$known_snapshot_formats{$format}{'compressor'}};
++		$cmd .= ' | ' . quote_command(@{$known_snapshot_formats{$format}{'compressor'}});
+ 	}
+ 
+ 	print $cgi->header(
+@@ -4702,8 +4706,8 @@ sub git_object {
+ 	if ($hash || ($hash_base && !defined $file_name)) {
+ 		my $object_id = $hash || $hash_base;
+ 
+-		my $git_command = git_cmd_str();
+-		open my $fd, "-|", "$git_command cat-file -t $object_id 2>/dev/null"
++		open my $fd, "-|", quote_command(
++			git_cmd(), 'cat-file', '-t', $object_id) . ' 2> /dev/null'
+ 			or die_error('404 Not Found', "Object does not exist");
+ 		$type = <$fd>;
+ 		chomp $type;
+-- 
+1.6.1
+

sources

@@ -1 +1 @@
-06935e265e7a556d8819a097dcb44f35  git-core-0.99.4.tar.gz
+923798b1e3100aaa1be62a19d557188b  git-1.5.4.7.tar.gz