commit: d4dbd8f11a454cba79207ea1e2eb8f9eb1bc357f Author: Nils Freydank <holgersson <AT> posteo <DOT> de> AuthorDate: Sun Oct 19 09:50:03 2025 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Sun Oct 19 17:57:40 2025 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d4dbd8f1
dev-vcs/git-lfs: Bump to 3.7.1 This release fixes CVE-2025-26625 and adds some QA improvements - see live ebuild bump for details. Bug: https://bugs.gentoo.org/964632 Closes: https://bugs.gentoo.org/960246 Signed-off-by: Nils Freydank <holgersson <AT> posteo.de> Part-of: https://github.com/gentoo/gentoo/pull/44241 Closes: https://github.com/gentoo/gentoo/pull/44241 Signed-off-by: Sam James <sam <AT> gentoo.org> dev-vcs/git-lfs/Manifest | 2 + dev-vcs/git-lfs/git-lfs-3.7.1.ebuild | 109 +++++++++++++++++++++++++++++++++++ 2 files changed, 111 insertions(+) diff --git a/dev-vcs/git-lfs/Manifest b/dev-vcs/git-lfs/Manifest index 0e67162f6857..9e2066d1a7df 100644 --- a/dev-vcs/git-lfs/Manifest +++ b/dev-vcs/git-lfs/Manifest @@ -4,3 +4,5 @@ DIST git-lfs-3.6.1-deps.tar.xz 21227652 BLAKE2B 40418960f2d63c0f1eed7b3de77d532e DIST git-lfs-3.6.1.tar.gz 696263 BLAKE2B 5e70adea5e41b07f4f68423abf54afc6181be364f002d43dc456b80d0ddb89049f8427a1e968a8c4337e9dd67725b063268dd6fa03c171ff9926e10b36757f89 SHA512 d0ddee7c0bca68f66d88a66f9e3b46bba160c0ae82fbc208e55f74e79c223242ce4de3cfc5af78066acbf6a5dccac53bc592f99596ea51c71f099f21eee7d40f DIST git-lfs-3.7.0-deps.tar.xz 21418188 BLAKE2B f26ffa8956af522131384e9ad435c456e275394c47aa10770fe416e140d69393a8a7ae20d9264e4b4678b6029e87fc623a5de599535ad2598c849dbb44dff10e SHA512 9e93072ad1dfe9a8fd28f5417de6c35c2720d393fabf07d32d8e1bb63b91a5feb8163d74479db7333253d4615dafb503e2540ef3d51a9b4262709a1150336b73 DIST git-lfs-3.7.0.tar.gz 700986 BLAKE2B 195611c2bb63ae1ebb209461cf3cacd02f6f41c82960b8a0bda03c53ad3a482cc30d5bf58a926daa561d4148fb355dd806e69ce9ad554164f29eba7e10709a91 SHA512 81d6bc12debfd3730febdc5b4eb48ea576919bb022f2f13ed23b5106d4181e1d42f11ecb79c8ff68a83ff69fbfecaee7fc5ddae4d22e5e465dd0115c8da71a65 +DIST git-lfs-3.7.1-deps.tar.xz 21418188 BLAKE2B f26ffa8956af522131384e9ad435c456e275394c47aa10770fe416e140d69393a8a7ae20d9264e4b4678b6029e87fc623a5de599535ad2598c849dbb44dff10e SHA512 9e93072ad1dfe9a8fd28f5417de6c35c2720d393fabf07d32d8e1bb63b91a5feb8163d74479db7333253d4615dafb503e2540ef3d51a9b4262709a1150336b73 +DIST git-lfs-3.7.1.tar.gz 713503 BLAKE2B 94bc626888c824f30638c23d7cfe852128505e17880a8fb45499350abd3d84e75389c38638b80c5b306def8778c2cb0fd1b9f352aac06db8209848b251d325d3 SHA512 5bbf7847737a80e44295070a95e5de9f24186c9fbf58e7bda91e938af2542bcaae2ae9197b77384861d9ef6cd5ed868e9388836925ff7ab5d50157df39fc174b diff --git a/dev-vcs/git-lfs/git-lfs-3.7.1.ebuild b/dev-vcs/git-lfs/git-lfs-3.7.1.ebuild new file mode 100644 index 000000000000..2995f1f1f315 --- /dev/null +++ b/dev-vcs/git-lfs/git-lfs-3.7.1.ebuild @@ -0,0 +1,109 @@ +# Copyright 2017-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 +EGO_PN=github.com/git-lfs/git-lfs +# Update the ID as it's included in each build. +COMMIT_ID="b84b33847fe6458f36ef521534dc0eac953cb379" + +inherit edo go-module shell-completion + +DESCRIPTION="Command line extension and specification for managing large files with git" +HOMEPAGE=" + https://git-lfs.com + https://github.com/git-lfs/git-lfs +" + +if [[ "${PV}" = 9999* ]]; then + EGIT_REPO_URI="https://${EGO_PN}"; + inherit git-r3 +else + SRC_URI="https://${EGO_PN}/releases/download/v${PV}/${PN}-v${PV}.tar.gz -> ${P}.tar.gz" + # Add the manually vendored tarball. + # 1) Create a tar archive optimized to reproduced by other users or devs. + # 2) Compress the archive using XZ limiting decompression memory for + # pretty constraint systems. + # Use something like: + # GOMODCACHE="${PWD}"/go-mod go mod download -modcacherw + # tar cf "${P}-deps.tar" go-mod \ + # --mtime="1970-01-01" --sort=name --owner=portage --group=portage + # xz -k -9eT0 --memlimit-decompress=256M "${P}-deps.tar" + SRC_URI+=" https://files.holgersson.xyz/gentoo/distfiles/golang-pkg-deps/${P}-deps.tar.xz"; +fi + +LICENSE="Apache-2.0 BSD BSD-2 BSD-4 ISC MIT" +SLOT="0" +KEYWORDS="~amd64 ~arm64 ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux" +IUSE="doc test" + +BDEPEND=" + doc? ( dev-ruby/asciidoctor ) +" +RDEPEND="dev-vcs/git" + +RESTRICT+=" !test? ( test )" +# The golang compiler already strips. +QA_PRESTRIPPED="/usr/bin/git-lfs" + +DOCS=( + CHANGELOG.md + CODE-OF-CONDUCT.md + CONTRIBUTING.md + README.md + SECURITY.md +) + +src_compile() { + export CGO_ENABLED=0 + + # Flags -w, -s: Omit debugging information to reduce binary size, + # see https://golang.org/cmd/link/. + local mygobuildargs=( + -ldflags="-X ${EGO_PN}/config.GitCommit=${COMMIT_ID} -s -w" + -gcflags=" " + -trimpath + -v -work -x + ) + ego build "${mygobuildargs[@]}" -o git-lfs git-lfs.go + + if use doc; then + for doc in docs/man/*adoc; + do + edo asciidoctor -b manpage "${doc}" + done + fi + + # Generate auto-completion scripts. + # bug 914542 + ./git-lfs completion bash > "${PN}.bash" || die + ./git-lfs completion fish > "${PN}.fish" || die + ./git-lfs completion zsh > "${PN}.zsh" || die +} + +src_install() { + dobin git-lfs + einstalldocs + + # Install auto-completion scripts generated earlier. + # bug 914542 + newbashcomp "${PN}.bash" "${PN}" + dofishcomp "${PN}.fish" + newzshcomp "${PN}.zsh" "_${PN}" + + use doc && doman docs/man/*.1 +} + +src_test() { + local mygotestargs=( + -ldflags="-X ${EGO_PN}/config.GitCommit=${COMMIT_ID}" + ) + ego test "${mygotestargs[@]}" ./... +} + +pkg_postinst () { + if [[ -z "${REPLACING_VERSIONS}" ]]; then + elog "" + elog "Run 'git lfs install' once for each user account manually." + elog "For more details see https://bugs.gentoo.org/show_bug.cgi?id=733372."; + fi +}
