packages/git
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
git/git.spec
qiaojijun 52923d194d Fix CVE-2024-32002
2024-05-21 09:34:13 +08:00

508 lines
18 KiB
RPMSpec
Raw Blame History

%global gitexecdir %{_libexecdir}/git-core
Name: git
Version: 2.27.0
Release: 20
Summary: A popular and widely used Version Control System
License: GPLv2+ or LGPLv2.1
URL: https://git-scm.com/
Source0: https://www.kernel.org/pub/software/scm/git/%{name}-%{version}.tar.xz
Source1: https://www.kernel.org/pub/software/scm/git/%{name}-%{version}.tar.sign
Source100: git-gui.desktop
Source101: git@.service.in
Source102: git.socket
Patch1: backport-CVE-2021-21300.patch
Patch2: backport-t4210-detect-REG_ILLSEQ-dynamically-and-skip-affecte.patch
Patch3: backport-CVE-2021-29468-cygwin-disallow-backslashes-in-file-names.patch
Patch4: backport-CVE-2021-40330.patch
Patch5: backport-0001-CVE-2022-24765.patch
Patch6: backport-0002-CVE-2022-24765.patch
Patch7: backport-0003-CVE-2022-24765.patch
Patch8: backport-0004-CVE-2022-24765.patch
Patch9: backport-t0033-add-tests-for-safe.directory.patch
Patch10: backport-0005-CVE-2022-24765.patch
Patch11: backport-0006-CVE-2022-24765.patch
Patch12: backport-CVE-2022-29187.patch
Patch13: backport-CVE-2022-39253-builtin-clone.c-disallow-local-clones-with-symlinks.patch
Patch14: backport-CVE-2022-39260-shell-add-basic-tests.patch
Patch15: backport-CVE-2022-39260-shell-limit-size-of-interactive-commands.patch
Patch16: backport-CVE-2022-39260-alias.c-reject-too-long-cmdline-strings-in-split_cmd.patch
Patch17: backport-CVE-2022-23521-attr-fix-overflow-when-upserting-attribute-with-over.patch
Patch18: backport-CVE-2022-23521-attr-fix-out-of-bounds-read-with-huge-attribute-name.patch
Patch19: backport-CVE-2022-23521-attr-fix-integer-overflow-when-parsing-huge-attribut.patch
Patch20: backport-CVE-2022-23521-attr-fix-out-of-bounds-write-when-parsing-huge-numbe.patch
Patch21: backport-CVE-2022-23521-attr-fix-out-of-bounds-read-with-unreasonable-amount.patch
Patch22: backport-CVE-2022-23521-attr-fix-integer-overflow-with-more-than-INT_MAX-mac.patch
Patch23: backport-CVE-2022-23521-attr-harden-allocation-against-integer-overflows.patch
Patch24: backport-CVE-2022-23521-attr-fix-silently-splitting-up-lines-longer-than-204.patch
Patch25: backport-CVE-2022-23521-attr-ignore-attribute-lines-exceeding-2048-bytes.patch
Patch26: backport-CVE-2022-23521-attr-ignore-overly-large-gitattributes-files.patch
Patch27: backport-CVE-2022-41903-test-lib-add-prerequisite-for-64-bit-platforms.patch
Patch28: backport-CVE-2022-41903-pretty-fix-out-of-bounds-write-caused-by-integer-ove.patch
Patch29: backport-CVE-2022-41903-pretty-fix-out-of-bounds-read-when-left-flushing-wit.patch
Patch30: backport-CVE-2022-41903-pretty-fix-out-of-bounds-read-when-parsing-invalid-p.patch
Patch31: backport-CVE-2022-41903-pretty-fix-adding-linefeed-when-placeholder-is-not-e.patch
Patch32: backport-CVE-2022-41903-pretty-fix-integer-overflow-in-wrapping-format.patch
Patch33: backport-CVE-2022-41903-utf8-fix-truncated-string-lengths-in-utf8_strnwidth.patch
Patch34: backport-CVE-2022-41903-utf8-fix-returning-negative-string-width.patch
Patch35: backport-CVE-2022-41903-utf8-fix-overflow-when-returning-string-width.patch
Patch36: backport-CVE-2022-41903-utf8-fix-checking-for-glyph-width-in-strbuf_utf8_rep.patch
Patch37: backport-CVE-2022-41903-utf8-refactor-strbuf_utf8_replace-to-not-rely-on-pre.patch
Patch38: backport-CVE-2022-41903-pretty-restrict-input-lengths-for-padding-and-wrappi.patch
Patch39: backport-CVE-2022-41953-windows-ignore-empty-PATH-elements.patch
Patch40: backport-CVE-2022-41953-is_Cygwin-avoid-exec-ing-anything.patch
Patch41: backport-CVE-2022-41953-Move-is_-platform-functions-to-the-beginning.patch
Patch42: backport-CVE-2022-41953-Move-the-_which-function-almost-to-the-top.patch
Patch43: backport-CVE-2022-41953-Work-around-Tcl-s-default-PATH-lookup.patch
Patch44: backport-CVE-2023-22490-attr-adjust-a-mismatched-data-type.patch
Patch45: backport-CVE-2023-22490-t5619-demonstrate-clone_local-with-ambiguous-transpo.patch
Patch46: backport-CVE-2023-22490-clone-delay-picking-a-transport-until-after-get_repo.patch
Patch47: backport-CVE-2023-22490-dir-iterator-prevent-top-level-symlinks-without-FOLL.patch
Patch48: backport-CVE-2023-23946-apply-fix-writing-behind-newly-created-symbolic-link.patch
Patch49: backport-CVE-2023-25652-apply-reject-overwrite-existing-.rej-symlink-if-it-e.patch
Patch50: backport-CVE-2023-29007.patch
Patch51: backport-CVE-2023-25815-gettext-avoid-using-gettext-if-the-locale-dir-is-not.patch
Patch52: backport-CVE-2024-32021-builtin-clone-stop-resolving-symlinks-when-copying-f.patch
Patch53: backport-CVE-2024-32021-builtin-clone-abort-when-hardlinked-source-and-targe.patch
Patch54: backport-CVE-2024-32004-t0411-add-tests-for-cloning-from-partial-repo.patch
Patch55: backport-CVE-2024-32004-setup-fix-some-formatting.patch
Patch56: backport-CVE-2024-32004-setup-prepare-for-more-detailed-dubious-ownership-me.patch
Patch57: backport-CVE-2024-32004-fetch-clone-detect-dubious-ownership-of-local-reposi.patch
Patch58: backport-CVE-2024-32020-builtin-clone-refuse-local-clones-of-unsafe-reposito.patch
Patch59: backport-CVE-2024-32465-wrapper.c-add-x-un-setenv-and-use-xsetenv-in.patch
Patch60: backport-CVE-2024-32465-upload-pack-disable-lazy-fetching-by-default.patch
Patch61: backport-CVE-2024-32002-dir-introduce-readdir_skip_dot_and_dotdot-helper.patch
Patch62: backport-CVE-2024-32002-submodules-submodule-paths-must-not-contain-symlinks.patch
BuildRequires: gcc gettext
BuildRequires: openssl-devel libcurl-devel expat-devel systemd asciidoc xmlto glib2-devel libsecret-devel pcre2-devel desktop-file-utils
BuildRequires: python3-devel perl-generators perl-interpreter perl-Error perl(Test::More) perl-MailTools perl(Test) gdb
Requires: less zlib openssh-clients perl(Term::ReadKey) perl-Git
Obsoletes: %{name}-core < %{version}-%{release} %{name}-subtree < %{version}-%{release} %{name}-p4 < %{version}-%{release} git-cvs < %{version}-%{release}
Provides: %{name} = %{version}-%{release} %{name}-core = %{version}-%{release} %{name}-subtree = %{version}-%{release} %{name}-p4 = %{version}-%{release}
%description
Git is a free and open source distributed version control system
designed to handle everything from small to very large projects
with speed and efficiency.
Git is easy to learn and has a tiny footprint with lightning fast
performance. It outclasses SCM tools like Subversion, CVS, Perforce,
and ClearCase with features like cheap local branching, convenient
staging areas, and multiple workflows.
%package daemon
Summary: Git server daemon
Requires: %{name} = %{version}-%{release} systemd
%description daemon
%{summary}.
%package gui
Summary: Graphical user interface to Git
BuildArch: noarch
Requires: %{name} = %{version}-%{release} tk
%description gui
%{summary}.
%package -n gitk
Summary: TK based graphical tool for visualization of Git
BuildArch: noarch
Requires: %{name} = %{version}-%{release} tk
%description -n gitk
%{summary}.
%package web
Summary: Git web interfaces
BuildArch: noarch
Requires: %{name} = %{version}-%{release}
Obsoletes: gitweb < %{version}-%{release} %{name}-instaweb < %{version}-%{release}
Provides: gitweb = %{version}-%{release} %{name}-instaweb = %{version}-%{release}
%description web
Git web interface allows user browsing git repositories via web service.
%package svn
Summary: Git tools for importing Subversion repositories
BuildArch: noarch
Requires: %{name} = %{version}-%{release} subversion perl-TermReadKey perl-Digest-MD5
%description svn
%{summary}.
%package email
Summary: Git tools for sending patches via email
BuildArch: noarch
Requires: git = %{version}-%{release}
Requires: perl-Authen-SASL perl-Net-SMTP-SSL
%description email
%{summary}.
%package -n perl-Git
Summary: Perl interface to Git
BuildArch: noarch
Requires: git = %{version}-%{release} perl(:MODULE_COMPAT_%(perl -V:version | cut -d"'" -f 2))
%description -n perl-Git
%{summary}.
%package -n perl-Git-SVN
Summary: Perl interface to Git::SVN
BuildArch: noarch
Requires: git = %{version}-%{release} perl(:MODULE_COMPAT_%(perl -V:version | cut -d"'" -f 2))
%description -n perl-Git-SVN
%{summary}.
%package help
Summary: Man pages and documents for Git system
BuildArch: noarch
Obsoletes: %{name}-core-doc < %{version}-%{release}
Provides: %{name}-core-doc = %{version}-%{release}
%description help
%{summary}.
%prep
%autosetup -n %{name}-%{version} -p1
rm -rf perl/Git/LoadCPAN{.pm,/}
grep -rlZ '^use Git::LoadCPAN::' | xargs -r0 sed -i 's/Git::LoadCPAN:://g'
sed -i '/^git-cvs/d' command-list.txt
%build
%configure
# Some options can not configure in configure script, so give options here (config.mak included in Makefile)
cat > config.mak << EOF
CFLAGS = %{optflags}
LDFLAGS = %{__global_ldflags}
NEEDS_CRYPTO_WITH_SSL = 1
USE_LIBPCRE = 1
INSTALL_SYMLINKS = 1
GNU_ROFF = 1
GITWEB_PROJECTROOT = %{_localstatedir}/lib/git
PYTHON_PATH = %{__python3}
htmldir = %{?_pkgdocdir}
perllibdir = %{perl_vendorlib}
gitwebdir = %{_localstatedir}/www/git
NO_PERL_CPAN_FALLBACKS = 1
EOF
# Default using python3
sed -i '1s@#![ ]*/usr/bin/env python@#!%{__python3}@' \
contrib/hooks/multimail/git_multimail.py \
contrib/hooks/multimail/migrate-mailhook-config \
contrib/hooks/multimail/post-receive.example
%make_build
%make_build -C contrib/subtree/
%make_build -C contrib/contacts/
%make_build -C contrib/credential/libsecret/
%make_build -C contrib/credential/netrc/
%make_build -C contrib/diff-highlight/
%install
%make_install %{_smp_mflags} install-doc
%make_install %{_smp_mflags} -C contrib/subtree/ install-doc
%make_install %{_smp_mflags} -C contrib/contacts/ install-doc
install -p -m 644 README.md %{buildroot}%{_pkgdocdir}
install -p -m 644 gitweb/INSTALL %{buildroot}%{_pkgdocdir}/INSTALL.gitweb
install -p -m 644 gitweb/README %{buildroot}%{_pkgdocdir}/README.gitweb
#setup bash completion
install -Dpm 644 contrib/completion/git-completion.bash %{buildroot}%{_datadir}/bash-completion/completions/git
ln -s git %{buildroot}%{_datadir}/bash-completion/completions/gitk
# install contrib to git-core
mkdir -p %{buildroot}%{_datadir}/git-core/contrib/completion
mv contrib/hooks/multimail/git_multimail{.py,}
mv contrib/hooks %{buildroot}%{_datadir}/git-core/contrib
install -p -m 644 contrib/completion/git-completion.tcsh %{buildroot}%{_datadir}/git-core/contrib/completion/
install -p -m 644 contrib/completion/git-prompt.sh %{buildroot}%{_datadir}/git-core/contrib/completion/
install -D -p -m 0755 contrib/diff-highlight/diff-highlight %{buildroot}%{_datadir}/git-core/contrib/diff-highlight
# install root path for gitweb
mkdir -p %{buildroot}%{_localstatedir}/lib/git
# install config files
desktop-file-install --dir=%{buildroot}%{_datadir}/applications %{SOURCE100}
install -D -p -m 644 %{SOURCE101} %{buildroot}%{_unitdir}/git@.service
install -D -p -m 644 %{SOURCE102} %{buildroot}%{_unitdir}/git.socket
install -pm 755 contrib/credential/libsecret/git-credential-libsecret %{buildroot}%{gitexecdir}
install -pm 755 contrib/credential/netrc/git-credential-netrc %{buildroot}%{gitexecdir}
rm -f %{buildroot}%{_bindir}/git-cvsserver
rm -f %{buildroot}%{gitexecdir}/git-cvs*
%find_lang %{name}
cat %{name}.lang >> git-bin-files
# split out bin for primary package
(find %{buildroot}{%{_bindir},%{gitexecdir}} -type f -o -type l | grep -vE "git-(gui|daemon|cvs|svn|instaweb|citool|send-email)" | \
sed -e s@^%{buildroot}@@) >> git-bin-files
(find %{buildroot}%{perl_vendorlib} -type f | sed -e s@^%{buildroot}@@) > perl-git-files
(find %{buildroot}%{perl_vendorlib} -mindepth 1 -type d | sed -e 's@^%{buildroot}@%dir @') >> perl-git-files
# split out perl files for Git and Git::SVN
grep Git/SVN perl-git-files > perl-git-svn-files
sed -i "/Git\/SVN/ d" perl-git-files
%check
make %{?_smp_mflags} test
%preun daemon
%systemd_preun git.socket
%post daemon
%systemd_post git.socket
%postun daemon
%systemd_postun_with_restart git.socket
%files -f git-bin-files
%defattr(-,root,root)
%{_datadir}/git-core/
%{_datadir}/bash-completion/completions
%doc README.md
%license LGPL-2.1 COPYING
%files daemon
%defattr(-,root,root)
%{_unitdir}/git.socket
%{_unitdir}/git@.service
%{gitexecdir}/git-daemon
%{_localstatedir}/lib/git
%files gui
%defattr(-,root,root)
%{_datadir}/applications/git-gui.desktop
%{gitexecdir}/git-gui*
%{gitexecdir}/git-citool
%{_datadir}/git-gui/
%files -n gitk
%defattr(-,root,root)
%{_bindir}/gitk
%{_datadir}/gitk/
%files web
%defattr(-,root,root)
%{_pkgdocdir}/*.gitweb
%{_localstatedir}/www/git/
%{gitexecdir}/git-instaweb
%files svn
%defattr(-,root,root)
%{gitexecdir}/git-svn
%files email
%defattr(-,root,root)
%{gitexecdir}/*email*
%files -n perl-Git -f perl-git-files
%{_mandir}/man3/Git.*
%files -n perl-Git-SVN -f perl-git-svn-files
%files help
%defattr(-,root,root)
%exclude %{_pkgdocdir}/{README.md,*.gitweb}
%{_pkgdocdir}/*
%{_mandir}/man1/git*.1.*
%{_mandir}/man5/git*.5.*
%{_mandir}/man7/git*.7.*
%changelog
* Tue May 21 2024 qiaojijun <qiaojijun@kylinos.cn> - 2.27.0-20
- Type:CVE
- ID:CVE-2024-32002
- SUG:NA
- DESC:Fix CVE-2024-32002
* Thu May 16 2024 fuanan <fuanan3@h-partners.com> - 2.27.0-19
- Type:CVE
- ID:CVE-2024-32021 CVE-2024-32004 CVE-2024-32020 CVE-2024-32465
- SUG:NA
- DESC:Fix CVE-2024-32021 CVE-2024-32004 CVE-2024-32020 CVE-2024-32465
* Fri Jul 7 2023 huyubiao <huyubiao@huawei.com> - 2.27.0-18
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:Specifying Obsoletes and Provides version numbers, prevent upgrade conflicts.
Delete git-core-doc from git, git-core-doc is provided by git-help.
* Thu Apr 27 2023 fuanan <fuanan3@h-partners.com> - 2.27.0-17
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:enable multithreading compilation and installation,
move Git.3pm.gz to perl-Git,avoid installation conflicts,
change BuildRequires from pcre-devel to pcre2-devel.
* Wed Apr 26 2023 fuanan <fuanan3@h-partners.com> - 2.27.0-16
- Type:CVE
- ID:CVE-2023-25652 CVE-2023-29007 CVE-2023-25815
- SUG:NA
- DESC:Fix CVE-2023-25652 CVE-2023-29007 CVE-2023-25815
* Wed Feb 15 2023 fuanan <fuanan3@h-partners.com> - 2.27.0-15
- Type:CVE
- ID:CVE-2023-22490 CVE-2023-23946
- SUG:NA
- DESC:Fix CVE-2023-22490 CVE-2023-23946
* Sat Jan 28 2023 fuanan <fuanan3@h-partners.com> - 2.27.0-14
- Type:CVE
- ID:CVE-2022-41953
- SUG:NA
- DESC:Fix CVE-2022-41953
* Thu Jan 19 2023 fuanan <fuanan3@h-partners.com> - 2.27.0-13
- Type:CVE
- ID:CVE-2022-23521 CVE-2022-41903
- SUG:NA
- DESC:Fix CVE-2022-23521 CVE-2022-41903
* Mon Oct 24 2022 fuanan <fuanan3@h-partners.com> - 2.27.0-12
- Type:CVE
- ID:CVE-2022-39253
- SUG:NA
- DESC:Fix CVE-2022-39253
* Fri Oct 21 2022 fuanan <fuanan3@h-partners.com> - 2.27.0-11
- Type:CVE
- ID:CVE-2022-39260
- SUG:NA
- DESC:Fix CVE-2022-39260
* Mon Sep 19 2022 fuanan <fuanan3@h-partners.com> - 2.27.0-10
- revert "add subpackage git-core"
* Mon Sep 19 2022 fuanan <fuanan3@h-partners.com> - 2.27.0-9
- add subpackage git-core
* Mon Jul 18 2022 fuanan <fuanan3@h-partners.com> - 2.27.0-8
- Type:CVE
- ID:CVE-2022-29187
- SUG:NA
- DESC:Fix CVE-2022-29187
* Fri May 20 2022 fuanan <fuanan3@h-partners.com> - 2.27.0-7
- Type:CVE
- ID:CVE-2022-24765
- SUG:NA
- DESC:Fix CVE-2022-24765
* Tue Feb 15 2022 panxiaohe <panxh.life@foxmail.com> - 2.27.0-6
- Optimize compilation time
* Fri Sep 10 2021 fuanan <fuanan3@huawei.com> - 2.27.0-5
- Type:CVE
- ID:CVE-2021-40330
- SUG:NA
- DESC:Fix CVE-2021-40330
* Fri May 28 2021 panxiaohe <panxiaohe@huawei.com> - 2.27.0-4
- Fix CVE-2021-29468
- Add gcc and gettext to BuildRequires
- necessary for building and msgfmt command
* Thu Mar 18 2021 lirui <lirui130@huawei.com> - 2.27.0-3
- Type:CVE
- ID:CVE-2021-21300
- SUG:NA
- DESC:Fix CVE-2021-21300
* Fri Sep 25 2020 yangzhuangzhuang <yangzhuangzhuang1@huawei.com> - 2.27.0-2
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:Resolved the problem that a failure message is displayed when the git-daemon package is uninstalled
* Wed Aug 26 2020 gaoyi <ymuemc@163.com> - 2.27.0-1
- Type:enhancement
- ID:NA
- SUG:NA
- DESC:update version to 2.27.0
* Tue Aug 18 2020 chenyaqiang <chenyaqiang@huawei.com> - 2.23.0-17
- Type:rebuild
- ID:NA
- SUG:NA
- DESC:rebuild for package build
* Thu May 14 2020 gaihuiying <gaihuiying1@huawei.com> - 2.23.0-16
- Type:cves
- ID:CVE-2020-11008
- SUG:NA
- DESC:fix CVE-2020-11008
credential: detect unrepresentable values when parsin urls
fsck: detect gitmodules URLs with embedded newlines
* Fri Apr 17 2020 openEuler Buildteam <buildteam@openeuler.org> - 2.23.0-15
- Type:cves
- ID:CVE-2020-5260
- SUG:NA
- DESC:fix CVE-2020-5260
* Wed Apr 15 2020 openEuler Buildteam <buildteam@openeuler.org> - 2.23.0-14
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:reset bash completion
* Tue Apr 14 2020 openEuler Buildteam <buildteam@openeuler.org> - 2.23.0-13
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:setup bash completion
* Thu Mar 19 2020 openEuler Buildteam <buildteam@openeuler.org> - 2.23.0-12
- skip updating the preference during running test suite
* Sat Mar 14 2020 openEuler Buildteam <buildteam@openeuler.org> - 2.23.0-11
- add build requires of gdb
* Mon Feb 24 2020 openEuler Buildteam <buildteam@openeuler.org> - 2.23.0-10
- delete cvs subpackage
* Mon Feb 03 2020 openEuler Buildteam <buildteam@openeuler.org> - 2.23.0-9
- fix CVE-2019-1348 CVE-2019-1349 CVE-2019-1350 CVE-2019-1351 CVE-2019-1352
CVE-2019-1353 CVE-2019-1354 CVE-2019-1387 CVE-2019-19604
fix test error
* Thu Jan 09 2020 openEuler Buildteam <buildteam@openeuler.org> - 2.23.0-8
- Delete unneeded files
* Thu Dec 5 2019 shenyangyang <shenyangyang4@huawei.com> - 2.23.0-7
- Add requires and two files in %{_libexecdir}/git-core
* Thu Dec 5 2019 shenyangyang <shenyangyang4@huawei.com> - 2.23.0-6
- Delete the perl(Error*) module that provided by perl-Git
* Thu Oct 31 2019 openEuler Buildteam <buildteam@openeuler.org> - 2.23.0-5
- Modify installation of contrib and templates
* Wed Sep 25 2019 openEuler Buildteam <buildteam@openeuler.org> - 2.23.0-4
- Modify license
* Wed Sep 4 2019 openEuler Buildteam <buildteam@openeuler.org> - 2.23.0-3
- Split out perl-Git-SVN
* Wed Sep 4 2019 openEuler Buildteam <buildteam@openeuler.org> - 2.23.0-2
- Split Package
* Sat Aug 31 2019 openEuler Buildteam <buildteam@openeuler.org> - 2.23.0-1
- Package init
Reference in New Issue View Git Blame Copy Permalink