File git.spec of Package git.28757
#
# spec file for package git
#
# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define gitexecdir %{_libexecdir}/git
%if 0%{?suse_version} < 1500
%define _fwdefdir %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services
%define SuSEfirewall2 1
%endif
#Compat macro for new _fillupdir macro introduced in Nov 2017
%if ! %{defined _fillupdir}
%define _fillupdir %{_localstatedir}/adm/fillup-templates
%endif
%bcond_without git_gnome_keyring
%bcond_without git_libsecret
%bcond_without docs
%if 0%{?suse_version} >= 1500 && %{with docs}
%bcond_without asciidoctor
%else
%bcond_with asciidoctor
%endif
Name: git
Version: 2.26.2
Release: 0
Summary: Fast, scalable, distributed revision control system
License: GPL-2.0-only
Group: Development/Tools/Version Control
URL: http://git-scm.com
Source0: https://www.kernel.org/pub/software/scm/git/%{name}-%{version}.tar.xz
Source1: apache2-gitweb.conf
Source2: sysconfig.git-daemon
Source3: git-daemon.service
Source5: usr.share.git-web.gitweb.cgi
Source6: susefirewall-git-daemon
Source7: https://www.kernel.org/pub/software/scm/git/%{name}-%{version}.tar.sign
Source8: %{name}.keyring
Source9: %{name}-gui.desktop
Source10: %{name}-gui.png
Patch3: completion-wordbreaks.diff
# CVE-2011-2186, bnc#698456
Patch4: git-prevent_xss-default.diff
# cook up tcsh completion to be installable (bnc#853183)
Patch6: git-tcsh-completion-fixes.diff
# adapt paths in zsh completion (bnc#853183)
Patch7: git-zsh-completion-fixes.diff
Patch8: git-asciidoc.patch
Patch10: setup-don-t-fail-if-commondir-reference-is-deleted.patch
Patch11: 0001-DOC-Move-to-DocBook-5-when-using-asciidoctor.patch
Patch13: 0002-Also-use-DocBook-5-stylesheet-when-generating-HTML-o.patch
Patch14: 0001-fetch-pack-return-enum-from-process_acks.patch
Patch15: 0002-fetch-pack-in-protocol-v2-in_vain-only-after-ACK.patch
Patch16: 0003-fetch-pack-in-protocol-v2-reset-in_vain-upon-ACK.patch
# CVE-2021-21300, bsc#1183026
Patch17: checkout-dont-follow-symlinks.patch
# PATCH-FIX-UPSTREAM CVE-2021-40330 danilo.spinella@suse.com bsc#1189992
# git_connect_git in connect.c allows a repository path to contain a
# newline character, which may result in unexpected cross-protocol requests
Patch18: fix-CVE-2021-40330.patch
# PATCH-FIX-UPSTREAM CVE-2022-24765 danilo.spinella@suse.com bsc#1198234
# potential command injection via git worktree
Patch19: fix-CVE-2022-24765.patch
# PATCH-FIX-UPSTREAM danilo.spinella@suse.com bsc#1200119
# opt-out of check with safe.directory=*
Patch20: bsc1200119.patch
# PATCH-FIX-UPSTREAM danilo.spinella@suse.com bsc#1201431
# follow up fix for CVE-2022-24765
Patch21: fix-CVE-2022-29187.patch
# PATCH-FIX-UPSTREAM danilo.spinella@suse.com bsc#1204456 CVE-2022-39260
# overflow in `split_cmdline()`, leading to arbitrary heap writes and remote code execution
Patch22: fix-CVE-2022-39260.patch
# PATCH-FIX-UPSTREAM danilo.spinella@suse.com bsc#1204455 CVE-2022-39253
# dereference issue with symbolic links via the `--local` clone mechanism
Patch23: fix-CVE-2022-39253.patch
# PATCH-FIX-UPSTREAM danilo.spinella@suse.com
# bsc#1207033 CVE-2022-41903
# heap overflow in `git archive` and `git log --format
# bsc#1207032 CVE-2022-23521
# gitattributes parsing integer overflow
Patch24: fix-CVE-2022-41903.patch
# PATCH-FIX-UPSTREAM danilo.spinella@suse.com
# bsc#1208027 CVE-2023-22490
# Using a specially-crafted repository, Git can be tricked into using its local clone
# optimization even when using a non-local transport
# bsc#1208028 CVE-2023-23946
# a path outside the working tree can be overwritten as the user who is running "git apply"
Patch25: fix-CVE-2023-22490-1.patch
Patch26: fix-CVE-2023-22490-2.patch
Patch27: fix-CVE-2023-22490-3.patch
Patch28: fix-CVE-2023-22490-4.patch
# Patches from the v2.30.9 security update.
Patch30: CVE-2023-25652.patch
Patch31: CVE-2023-25815.patch
Patch32: CVE-2023-29007-0.patch
Patch33: CVE-2023-29007-1.patch
Patch34: CVE-2023-29007-2.patch
Patch35: CVE-2023-29007-3.patch
BuildRequires: fdupes
BuildRequires: gpg2
BuildRequires: libcurl-devel
BuildRequires: libexpat-devel
BuildRequires: libopenssl-devel
BuildRequires: pcre2-devel
BuildRequires: perl-Error
BuildRequires: perl-MailTools
BuildRequires: python3-base
BuildRequires: systemd-rpm-macros
BuildRequires: tcsh
BuildRequires: update-desktop-files
BuildRequires: xz
BuildRequires: zlib-devel
Requires: git-core = %{version}
Recommends: git-cvs
Recommends: git-email
Recommends: git-gui
Recommends: git-svn
Recommends: gitk
Suggests: git-daemon
Suggests: git-web
%if %{with docs}
BuildRequires: sgml-skel
BuildRequires: xmlto
%if %{with asciidoctor}
BuildRequires: docbook5-xsl-stylesheets
BuildRequires: rubygem(asciidoctor)
%else
BuildRequires: asciidoc
%endif
%endif
%if %{with git_gnome_keyring}
BuildRequires: libgnome-keyring-devel
%endif
%if %{with git_libsecret}
BuildRequires: libsecret-devel
%endif
%if 0%{?suse_version} > 1320
BuildRequires: libsha1detectcoll-devel
%endif
%description
Git is a fast, scalable, distributed revision control system with an
unusually rich command set that provides both high-level operations and
full access to internals.
This package itself only provides the README of git but with the
packages it requires, it brings you a complete Git environment
including GTK and email interfaces and tools for importing source code
repositories from other revision control systems such as subversion,
CVS, and GNU arch.
%package core
Summary: Core git tools
Group: Development/Tools/Version Control
Requires: less
Requires: openssh
Requires: perl-Error
Requires: rsync
Obsoletes: git-remote-helpers < %{version}
%{perl_requires}
%description core
Git is a fast, scalable, distributed revision control system with an
unusually rich command set that provides both high-level operations and
full access to internals.
These are the core tools with minimal dependencies.
%package doc
Summary: Documentation for the Git version control system
Group: Documentation/HTML
BuildArch: noarch
%description doc
Git is a fast, scalable, distributed revision control system with an
unusually rich command set that provides both high-level operations and
full access to internals.
This subpackage contains Git's documentation in text/plain and
text/html formats. (The manpages are in the main package.)
%package svn
Summary: Git tools for importing Subversion repositories
Group: Development/Tools/Version Control
Requires: git-core = %{version}
Requires: perl-Term-ReadKey
Requires: subversion
Requires: subversion-perl
%description svn
Tools for importing Subversion repositories to the Git version control
system.
%package cvs
Summary: Git tools for importing CVS repositories
Group: Development/Tools/Version Control
Requires: cvs
Requires: cvsps
Requires: git-core = %{version}
Requires: perl-DBD-SQLite
%description cvs
Tools for importing CVS repositories to the Git version control system.
%package credential-gnome-keyring
Summary: Git credential backend using the GNOME keyring as storage
Group: Development/Tools/Version Control
Requires: git-core = %{version}
Requires: gnome-keyring
%description credential-gnome-keyring
A Git credential backend which uses the GNOME keyring as storage.
%package credential-libsecret
Summary: Git credential backend using libsecret to access keyring
Group: Development/Tools/Version Control
Requires: git-core = %{version}
%description credential-libsecret
A Git credential backend which uses libsecret API to acces keyrings such as
kwallet or GNOME keyring.
%package arch
Summary: Git tools for importing Arch repositories
Group: Development/Tools/Version Control
Requires: git-core = %{version}
# Requires: tla
%description arch
Tools for importing GNU Arch repositories to the GIT version control
system.
%package p4
Summary: Git tools for importing Perforce repositories
Group: Development/Tools/Version Control
Requires: git-core = %{version}
Requires: python2-base
%description p4
Tools for importing Perforce repositories to the GIT version control
system.
%package email
Summary: Git tools for sending email
Group: Development/Tools/Version Control
Requires: git-core = %{version}
# For sending mails over secure SMTP:
Requires: perl-Authen-SASL
Requires: perl-MailTools
Requires: perl-Net-SMTP-SSL
%description email
Email interface for the GIT version control system.
%package daemon
Summary: Simple Server for Git Repositories
Group: Development/Tools/Version Control
Requires: git-core = %{version}
Requires(pre): %fillup_prereq
Requires(pre): %{_sbindir}/useradd
Requires(pre): shadow
%{?systemd_requires}
%if 0%{?suse_version} >= 1500
Requires(pre): group(nogroup)
%endif
%description daemon
A really simple TCP git daemon. In the default configuration it allows
read only access to repositories in /srv/git/ that contain the
'git-daemon-export-ok' file.
%package -n gitk
Summary: Git revision tree visualiser
Group: Development/Tools/Version Control
Requires: git-core = %{version}
Requires: tk >= 8.4
Supplements: packageand(git-core:tk)
%description -n gitk
Grapical tool for visualization of revision trees of projects
maintained in the Git version control system. It name gitk indicates
that it's written using the Tk Widget set.
A simple Tk based graphical interface for common Git operations is
found in the package git-gui.
%package gui
Summary: Grapical tool for common git operations
Group: Development/Tools/Version Control
Requires: git-core = %{version}
Requires: tk >= 8.4
Supplements: packageand(git-core:tk)
%description gui
A Tcl/Tk based graphical user interface to Git. git-gui focuses on
allowing users to make changes to their repository by making new
commits, amending existing ones, creating branches, performing local
merges, and fetching/pushing to remote repositories.
Unlike gitk, git-gui focuses on commit generation and single file
annotation, and does not show project history. It does however supply
menu actions to start a gitk session from within git-gui.
%package web
Summary: Git Web Interface
Group: Development/Tools/Version Control
Requires: git-core = %{version}
Requires: perl-CGI
Supplements: packageand(git-core:apache2)
%description web
CGI script that allows browsing git repositories via web interface.
The apache2 configuration contained in this package installs a virtual
directory /git/ that calls the cgi script.
%prep
%setup -q
%patch3 -p1
%patch4 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch10 -p1
%patch11 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p1
%patch20 -p1
%patch21 -p1
%patch22 -p1
%patch23 -p1
%patch24 -p1
%patch25 -p1
# Workaround for patch not correctly setting the executable bit
chmod +x t/t5619-clone-local-ambiguous-transport.sh
%patch26 -p1
%patch27 -p1
%patch28 -p1
%patch30 -p1
%patch31 -p1
%patch32 -p1
%patch33 -p1
%patch34 -p1
%patch35 -p1
%build
cat > .make <<'EOF'
#!/bin/bash
make %{?_smp_mflags} CFLAGS="%{optflags}" \
GITWEB_CONFIG="%{_sysconfdir}/gitweb.conf" \
GITWEB_PROJECTROOT="/srv/git" \
WITH_OWN_SUBPROCESS_PY=YesPlease \
DESTDIR=%{buildroot} \
NO_CROSS_DIRECTORY_HARDLINKS=1 \
NO_INSTALL_HARDLINKS=1 \
%if 0%{?suse_version} > 1320
DC_SHA1_EXTERNAL=YesPlease \
%endif
%if %{with asciidoctor}
USE_ASCIIDOCTOR=YesPlease \
%endif
PYTHON_PATH=%{_bindir}/python3 \
USE_LIBPCRE2=YesPlease \
NO_PERL_CPAN_FALLBACKS=1 \
V=1 \
prefix=%{_prefix} mandir=%{_mandir} \
gitexecdir=%{gitexecdir} \
htmldir=%{_docdir}/git \
perllibdir=%{perl_vendorlib} \
"$@"
EOF
#
chmod 755 .make
./.make all %{?_smp_mflags}
%if %{with docs}
./.make doc %{?_smp_mflags}
%endif
%if %{with git_gnome_keyring}
./.make -C contrib/credential/gnome-keyring
%endif
%if %{with git_libsecret}
./.make -C contrib/credential/libsecret
%endif
./.make -C contrib/subtree/
%install
./.make install %{!?_without_docs: install-doc}
### git-web
cp gitweb/INSTALL INSTALL.gitweb
cp gitweb/README README.gitweb
install -d %{buildroot}%{_datadir}/git-web
install -d %{buildroot}%{_sysconfdir}/apache2/conf.d
install -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/apache2/conf.d/gitweb.conf
### git-daemon
install -d -m 755 %{buildroot}%{_unitdir}
install -m 644 %{SOURCE3} %{buildroot}/%{_unitdir}/git-daemon.service
install -d -m 755 %{buildroot}%{_sbindir}
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rcgit-daemon
install -d -m 755 %{buildroot}%{_fillupdir}
install -m 644 %{SOURCE2} %{buildroot}%{_fillupdir}/sysconfig.git-daemon
install -d -m 755 %{buildroot}/srv/git
%if 0%{?SuSEfirewall2}
mkdir -p %{buildroot}/%{_fwdefdir}
install -m 644 %{SOURCE6} %{buildroot}/%{_fwdefdir}/git-daemon
%endif
###
./.make -C contrib/subtree install
%{!?_without_docs: ./.make -C contrib/subtree install-doc}
(find %{buildroot}%{_bindir} -type f -o -type l | grep -vE "archimport|p4|svn|cvs|email|gitk|git-daemon|gui" | sed -e s@^%{buildroot}@@) > bin-man-doc-files
(find %{buildroot}%{gitexecdir} ! -type d | grep -vE "archimport|p4|svn|cvs|email|gitk|git-daemon|gui" | sed -e s@^%{buildroot}@@) >> bin-man-doc-files
(find %{buildroot}%{_mandir} -type f | grep -vE "archimport|p4|svn|git-cvs|email|gitk|git-daemon|gui" | sed -e s@^%{buildroot}@@ -e 's/$/*/' ) >> bin-man-doc-files
%perl_process_packlist
%if %{with docs}
find %{buildroot}/%{_mandir} -type f -exec chmod 644 "{}" "+"
%endif
install -m 644 -D contrib/completion/git-completion.bash %{buildroot}%{_sysconfdir}/bash_completion.d/git.sh
install -m 644 -D contrib/completion/git-prompt.sh %{buildroot}%{_sysconfdir}/bash_completion.d/git-prompt.sh
# contrib/credential
%if %{with git_gnome_keyring}
install -m 755 -D contrib/credential/gnome-keyring/git-credential-gnome-keyring %{buildroot}/%{gitexecdir}/git-credential-gnome-keyring
%endif
%if %{with git_libsecret}
install -m 755 -D contrib/credential/libsecret/git-credential-libsecret %{buildroot}/%{gitexecdir}/git-credential-libsecret
%endif
# contrib/workdir
install -m 755 -D contrib/workdir/git-new-workdir %{buildroot}/%{_bindir}
# process tcsh completion
(cd contrib/completion
mkdir -p %{buildroot}%{_datadir}/tcsh
tcsh ./git-completion.tcsh
install -m 644 -D git.csh %{buildroot}%{_sysconfdir}/profile.d/git.csh
)
# zsh completion
install -m 644 -D contrib/completion/git-completion.zsh %{buildroot}%{_sysconfdir}/zsh_completion.d/_git
#
# apparmor profile for git-web
#
install -d -m 755 %{buildroot}%{_sysconfdir}/apparmor.d
install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/apparmor.d
#
# create predictable symlinks to make apparmor profile work
for i in git git-upload-archive git-receive-pack; do
rm %{buildroot}%{_bindir}/$i
ln -s %{gitexecdir}/git %{buildroot}%{_bindir}/$i
done
if ! test -f %{buildroot}%{gitexecdir}/git-add; then
echo "git-add is not a regular file, apparmor profile won't work!" >&2
exit 1
fi
mkdir -p "%{buildroot}/%{_docdir}/git" "%{buildroot}/%{_docdir}/git/howto" "%{buildroot}/%{_docdir}/git/technical"
cp -a README.md Documentation/*.txt "%{buildroot}/%{_docdir}/git/"
cp -a Documentation/howto/*.txt "%{buildroot}/%{_docdir}/git/howto/"
cp -a Documentation/technical/*.txt "%{buildroot}/%{_docdir}/git/technical/"
%{!?_without_docs: cp -a Documentation/*.html "%{buildroot}/%{_docdir}/git/"}
%{!?_without_docs: cp -a Documentation/howto/*.html "%{buildroot}/%{_docdir}/git/howto/"}
%{!?_without_docs: cp -a Documentation/technical/*.html "%{buildroot}/%{_docdir}/git/technical/"}
install -d -m 755 %{buildroot}%{_datadir}/applications
install -m 644 %{SOURCE9} %{buildroot}%{_datadir}/applications
install -d -m 755 %{buildroot}%{_datadir}/pixmaps
install -m 644 %{SOURCE10} %{buildroot}%{_datadir}/pixmaps
%suse_update_desktop_file %{buildroot}%{_datadir}/applications/%{name}-gui.desktop
%find_lang %{name}
cat %{name}.lang >>bin-man-doc-files
# use symlinks instead of hardlinks in sub-commands
%fdupes -s %{buildroot}
%check
./.make %{?_smp_mflags} test
%pre daemon
if ! %{_bindir}/getent passwd git-daemon >/dev/null; then
%{_sbindir}/useradd -r -d %{_localstatedir}/lib/empty -s /bin/false -c "git daemon" -g nogroup git-daemon
fi
%service_add_pre git-daemon.service
%post daemon
%{fillup_only -n git-daemon}
%service_add_post git-daemon.service
%preun daemon
%service_del_preun git-daemon.service
%postun daemon
%service_del_postun git-daemon.service
%files
%dir %{_docdir}/%{name}
%{_docdir}/%{name}/README.md
%files doc
%{_docdir}/%{name}/
%exclude %{_docdir}/%{name}/README.md
%files svn
%{gitexecdir}/*svn*
%{!?_without_docs: %{_mandir}/man1/*svn*.1*}
%files cvs
%{_bindir}/git-cvs*
%{gitexecdir}/*cvs*
%{!?_without_docs: %{_mandir}/man1/*cvs*.1*}
%if %{with git_gnome_keyring}
%files credential-gnome-keyring
%{gitexecdir}/git-credential-gnome-keyring
%endif
%if %{with git_libsecret}
%files credential-libsecret
%{gitexecdir}/git-credential-libsecret
%endif
%files arch
%{gitexecdir}/git-archimport
%{!?_without_docs: %{_mandir}/man1/git-archimport.1*}
%files p4
%{gitexecdir}/git-p4
%{gitexecdir}/mergetools/p4merge
%{!?_without_docs: %{_mandir}/man1/git-p4.1*}
%files email
%{gitexecdir}/*email*
%{!?_without_docs: %{_mandir}/man1/*email*.1*}
%files daemon
%{gitexecdir}/git-daemon
%{_unitdir}/git-daemon.service
%{_sbindir}/rcgit-daemon
%dir /srv/git
%{_fillupdir}/sysconfig.git-daemon
%{!?_without_docs: %{_mandir}/man1/git-daemon.1*}
%if 0%{?SuSEfirewall2}
%config %{_fwdefdir}/*
%endif
%files -n gitk
%{_bindir}/gitk
%{_datadir}/gitk
%{!?_without_docs: %{_mandir}/man1/*gitk*.1*}
%files gui
%{gitexecdir}/git-gui*
%{_datadir}/git-gui
%{!?_without_docs: %{_mandir}/man1/*gui*.1*}
%{_datadir}/applications/%{name}-gui.desktop
%{_datadir}/pixmaps/%{name}-gui.png
%files web
%doc README.gitweb INSTALL.gitweb
%dir %{_sysconfdir}/apache2
%dir %{_sysconfdir}/apache2/conf.d/
%config(noreplace) %{_sysconfdir}/apache2/conf.d/gitweb.conf
%{_datadir}/gitweb
%{_sysconfdir}/apparmor.d
%files core -f bin-man-doc-files
%{_datadir}/git-core/
%dir %{gitexecdir}
%dir %{gitexecdir}/mergetools
%{gitexecdir}/mergetools/guiffy
%{_bindir}/git-new-workdir
%attr(-,root,root) %{perl_vendorlib}/*
%{_sysconfdir}/bash_completion.d/*.sh
%{_datadir}/tcsh
%{_sysconfdir}/profile.d/*.csh
%{_sysconfdir}/zsh_completion.d
%license COPYING
%changelog
