commit cgit for openSUSE:Factory
Hello community, here is the log from the commit of package cgit for openSUSE:Factory checked in at 2020-03-24 22:36:07 Comparing /work/SRC/openSUSE:Factory/cgit (Old) and /work/SRC/openSUSE:Factory/.cgit.new.3160 (New) Package is "cgit" Tue Mar 24 22:36:07 2020 rev:34 rq:787708 version:1.2.3 Changes: --- /work/SRC/openSUSE:Factory/cgit/cgit.changes2019-05-22 15:40:56.950433607 +0200 +++ /work/SRC/openSUSE:Factory/.cgit.new.3160/cgit.changes 2020-03-24 22:38:10.241259362 +0100 @@ -1,0 +2,8 @@ +Tue Mar 17 08:30:09 UTC 2020 - Paolo Stivanin + +- Update to new upstream release 1.2.3 + * Offer lzip and zstd as compression methods through the webui. + * ui-tree: allow per repository override for enable-blame. +- Bump git to latest upstream release 2.25.1 + +--- Old: cgit-1.2.1.tar.xz git-2.18.1.tar.sign git-2.18.1.tar.xz New: cgit-1.2.3.tar.xz git-2.25.1.tar.sign git-2.25.1.tar.xz Other differences: -- ++ cgit.spec ++ --- /var/tmp/diff_new_pack.ueh3cC/_old 2020-03-24 22:38:11.297259875 +0100 +++ /var/tmp/diff_new_pack.ueh3cC/_new 2020-03-24 22:38:11.301259877 +0100 @@ -16,9 +16,9 @@ # -%define git_version2.18.1 +%define git_version2.25.1 Name: cgit -Version:1.2.1 +Version:1.2.3 Release:0 Summary:A web frontend for git repositories License:GPL-2.0 ++ cgit-1.2.1.tar.xz -> cgit-1.2.3.tar.xz ++ 1635 lines of diff (skipped) ++ git-2.18.1.tar.xz -> git-2.25.1.tar.xz ++ 624954 lines of diff (skipped)
commit cgit for openSUSE:Factory
Hello community, here is the log from the commit of package cgit for openSUSE:Factory checked in at 2019-05-22 15:40:17 Comparing /work/SRC/openSUSE:Factory/cgit (Old) and /work/SRC/openSUSE:Factory/.cgit.new.5148 (New) Package is "cgit" Wed May 22 15:40:17 2019 rev:33 rq:704668 version:1.2.1 Changes: --- /work/SRC/openSUSE:Factory/cgit/cgit.changes2019-02-27 17:29:22.379315957 +0100 +++ /work/SRC/openSUSE:Factory/.cgit.new.5148/cgit.changes 2019-05-22 15:40:56.950433607 +0200 @@ -1,0 +2,5 @@ +Mon May 20 13:15:12 UTC 2019 - Christophe Giboudeaux + +- Add the missing zlib requirement. + +--- Other differences: -- ++ cgit.spec ++ --- /var/tmp/diff_new_pack.eyfh3X/_old 2019-05-22 15:40:59.422432726 +0200 +++ /var/tmp/diff_new_pack.eyfh3X/_new 2019-05-22 15:40:59.422432726 +0200 @@ -37,6 +37,7 @@ BuildRequires: libxslt BuildRequires: libzip-devel BuildRequires: xz +BuildRequires: pkgconfig(zlib) BuildRoot: %_tmppath/%name-%version-build Provides: bundled(git) = %version
commit cgit for openSUSE:Factory
Hello community, here is the log from the commit of package cgit for openSUSE:Factory checked in at 2019-02-27 17:29:20 Comparing /work/SRC/openSUSE:Factory/cgit (Old) and /work/SRC/openSUSE:Factory/.cgit.new.28833 (New) Package is "cgit" Wed Feb 27 17:29:20 2019 rev:32 rq:679553 version:1.2.1 Changes: --- /work/SRC/openSUSE:Factory/cgit/cgit.changes2018-08-06 11:54:32.073271120 +0200 +++ /work/SRC/openSUSE:Factory/.cgit.new.28833/cgit.changes 2019-02-27 17:29:22.379315957 +0100 @@ -1,0 +2,7 @@ +Thu Dec 6 09:21:03 UTC 2018 - Jan Engelhardt + +- Create a /var/cache/cgit [boo#1116567] +- Update bundled git to 2.18.1 +- Remove cgit-optflags.diff + +--- Old: cgit-optflags.diff git-2.18.0.tar.sign git-2.18.0.tar.xz New: git-2.18.1.tar.sign git-2.18.1.tar.xz Other differences: -- ++ cgit.spec ++ --- /var/tmp/diff_new_pack.lzoDd6/_old 2019-02-27 17:29:25.815314725 +0100 +++ /var/tmp/diff_new_pack.lzoDd6/_new 2019-02-27 17:29:25.819314724 +0100 @@ -16,7 +16,7 @@ # -%define git_version2.18.0 +%define git_version2.18.1 Name: cgit Version:1.2.1 Release:0 @@ -30,7 +30,6 @@ Source3: https://www.kernel.org/pub/software/scm/git/git-%git_version.tar.sign Source4:%name.keyring Source9:cgitrc -Patch1: cgit-optflags.diff # Requirements for cgitrc man page generation BuildRequires: asciidoc # Requirements for cgit @@ -39,6 +38,7 @@ BuildRequires: libzip-devel BuildRequires: xz BuildRoot: %_tmppath/%name-%version-build +Provides: bundled(git) = %version %description A web interface for the Git SCM, using a built-in cache to decrease server @@ -46,22 +46,22 @@ %prep %setup -qa2 -%patch -P 1 -p1 rm -rf git ln -s git-%git_version git %build perl -i -pe 's{^#!/usr/bin/env }{#!/usr/bin/}g' filters/email-gravatar.py \ filters/html-converters/md2html filters/syntax-highlighting.py -make V=1 prefix="%_prefix" %{?_smp_mflags} +make V=1 prefix="%_prefix" CFLAGS="%optflags" %{?_smp_mflags} all %install -%make_install install-man prefix="%_prefix" \ - CGIT_SCRIPT_PATH="/srv/www/htdocs/cgit" -mkdir -p "%buildroot/srv/www/cgi-bin/cgit/" -mv %buildroot/srv/www/{htdocs,cgi-bin}/cgit/cgit.cgi -mkdir -p "%buildroot/%_sysconfdir" -cp %SOURCE9 "%buildroot/%_sysconfdir/cgitrc" +%make_install V=1 prefix="%_prefix" CFLAGS="%optflags" \ + CGIT_SCRIPT_PATH="/srv/www/htdocs/cgit" install-man +b="%buildroot" +mkdir -p "$b/srv/www/cgi-bin/cgit/" "$b/var/cache/cgit" +mv $b/srv/www/htdocs/cgit/cgit.cgi $b/srv/www/cgi-bin/cgit/cgit.cgi +mkdir -p "$b/%_sysconfdir" +cp "%_sourcedir/cgitrc" "$b/%_sysconfdir/" %files %defattr(-,root,root) @@ -70,6 +70,7 @@ /srv/www/cgi-bin/cgit/ /srv/www/htdocs/cgit/ %_prefix/lib/cgit/ +%attr(0750,wwwrun,www) /var/cache/cgit/ %config(noreplace) %_sysconfdir/cgitrc %changelog ++ git-2.18.0.tar.xz -> git-2.18.1.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.18.0/Documentation/RelNotes/2.14.5.txt new/git-2.18.1/Documentation/RelNotes/2.14.5.txt --- old/git-2.18.0/Documentation/RelNotes/2.14.5.txt1970-01-01 01:00:00.0 +0100 +++ new/git-2.18.1/Documentation/RelNotes/2.14.5.txt2018-09-27 22:44:44.0 +0200 @@ -0,0 +1,16 @@ +Git v2.14.5 Release Notes += + +This release is to address the recently reported CVE-2018-17456. + +Fixes since v2.14.4 +--- + + * Submodules' "URL"s come from the untrusted .gitmodules file, but + we blindly gave it to "git clone" to clone submodules when "git + clone --recurse-submodules" was used to clone a project that has + such a submodule. The code has been hardened to reject such + malformed URLs (e.g. one that begins with a dash). + +Credit for finding and fixing this vulnerability goes to joernchen +and Jeff King, respectively. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.18.0/Documentation/RelNotes/2.15.3.txt new/git-2.18.1/Documentation/RelNotes/2.15.3.txt --- old/git-2.18.0/Documentation/RelNotes/2.15.3.txt1970-01-01 01:00:00.0 +0100 +++ new/git-2.18.1/Documentation/RelNotes/2.15.3.txt2018-09-27 22:44:44.0 +0200 @@ -0,0 +1,6 @@ +Git v2.15.3 Release Notes += + +This release merges up the fixes that appear in v2.14.5 to address +the recently reported CVE-2018-17456; see the release notes for that +version for details. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore'
commit cgit for openSUSE:Factory
Hello community, here is the log from the commit of package cgit for openSUSE:Factory checked in at 2018-08-06 11:54:29 Comparing /work/SRC/openSUSE:Factory/cgit (Old) and /work/SRC/openSUSE:Factory/.cgit.new (New) Package is "cgit" Mon Aug 6 11:54:29 2018 rev:31 rq:627534 version:1.2.1 Changes: --- /work/SRC/openSUSE:Factory/cgit/cgit.changes2017-02-21 13:50:38.293922919 +0100 +++ /work/SRC/openSUSE:Factory/.cgit.new/cgit.changes 2018-08-06 11:54:32.073271120 +0200 @@ -1,0 +2,11 @@ +Sun Aug 5 16:24:56 UTC 2018 - jeng...@inai.de + +- Update to new upstream release 1.2.1 + * fixes CVE-2018-14912 directory traversal vulnerability +[boo#1103799] + * syntax-highlighting: replace invalid unicode with '?' + * ui-repolist: properly sort by age + * ui-patch: fix crash when using path limit +- Remove cgit-built-with-git-v2.11.0.patch (merged upstream) + +--- Old: cgit-1.1.tar.xz cgit-built-with-git-v2.11.0.patch git-2.11.1.tar.sign git-2.11.1.tar.xz New: cgit-1.2.1.tar.xz git-2.18.0.tar.sign git-2.18.0.tar.xz Other differences: -- ++ cgit.spec ++ --- /var/tmp/diff_new_pack.2MBoo2/_old 2018-08-06 11:54:33.257273176 +0200 +++ /var/tmp/diff_new_pack.2MBoo2/_new 2018-08-06 11:54:33.261273183 +0200 @@ -16,9 +16,9 @@ # -%define git_version2.11.1 +%define git_version2.18.0 Name: cgit -Version:1.1 +Version:1.2.1 Release:0 Summary:A web frontend for git repositories License:GPL-2.0 @@ -30,8 +30,7 @@ Source3: https://www.kernel.org/pub/software/scm/git/git-%git_version.tar.sign Source4:%name.keyring Source9:cgitrc -Patch0: cgit-optflags.diff -Patch1: cgit-built-with-git-v2.11.0.patch +Patch1: cgit-optflags.diff # Requirements for cgitrc man page generation BuildRequires: asciidoc # Requirements for cgit @@ -42,26 +41,25 @@ BuildRoot: %_tmppath/%name-%version-build %description -This is an attempt to create a fast web interface for the Git SCM, using a -builtin cache to decrease server I/O pressure. +A web interface for the Git SCM, using a built-in cache to decrease server +I/O pressure. %prep %setup -qa2 -%patch0 -p1 -%patch1 -p1 +%patch -P 1 -p1 rm -rf git ln -s git-%git_version git %build +perl -i -pe 's{^#!/usr/bin/env }{#!/usr/bin/}g' filters/email-gravatar.py \ + filters/html-converters/md2html filters/syntax-highlighting.py make V=1 prefix="%_prefix" %{?_smp_mflags} %install -make install install-man DESTDIR=%buildroot prefix="%_prefix" \ +%make_install install-man prefix="%_prefix" \ CGIT_SCRIPT_PATH="/srv/www/htdocs/cgit" - mkdir -p "%buildroot/srv/www/cgi-bin/cgit/" mv %buildroot/srv/www/{htdocs,cgi-bin}/cgit/cgit.cgi - mkdir -p "%buildroot/%_sysconfdir" cp %SOURCE9 "%buildroot/%_sysconfdir/cgitrc" ++ cgit-1.1.tar.xz -> cgit-1.2.1.tar.xz ++ 3915 lines of diff (skipped) ++ git-2.11.1.tar.xz -> git-2.18.0.tar.xz ++ 495152 lines of diff (skipped)
commit cgit for openSUSE:Factory
Hello community, here is the log from the commit of package cgit for openSUSE:Factory checked in at 2017-02-21 13:50:37 Comparing /work/SRC/openSUSE:Factory/cgit (Old) and /work/SRC/openSUSE:Factory/.cgit.new (New) Package is "cgit" Changes: --- /work/SRC/openSUSE:Factory/cgit/cgit.changes2017-01-24 10:37:04.347133305 +0100 +++ /work/SRC/openSUSE:Factory/.cgit.new/cgit.changes 2017-02-21 13:50:38.293922919 +0100 @@ -1,0 +2,5 @@ +Sat Feb 11 17:56:42 UTC 2017 - jeng...@inai.de + +- Update bundled git to 2.11.1 + +--- Old: git-2.11.0.tar.sign git-2.11.0.tar.xz New: git-2.11.1.tar.sign git-2.11.1.tar.xz Other differences: -- ++ cgit.spec ++ --- /var/tmp/diff_new_pack.tDkoUO/_old 2017-02-21 13:50:42.529326821 +0100 +++ /var/tmp/diff_new_pack.tDkoUO/_new 2017-02-21 13:50:42.533326259 +0100 @@ -16,7 +16,7 @@ # -%define git_version2.11.0 +%define git_version2.11.1 Name: cgit Version:1.1 Release:0 @@ -25,10 +25,10 @@ Group: Development/Tools/Version Control Url:http://git.zx2c4.com/cgit/ #Git-Clone:https://git.zx2c4.com/cgit -Source: https://git.zx2c4.com/cgit/snapshot/%{name}-%{version}.tar.xz -Source2: https://www.kernel.org/pub/software/scm/git/git-%{git_version}.tar.xz -Source3: https://www.kernel.org/pub/software/scm/git/git-%{git_version}.tar.sign -Source4:%{name}.keyring +Source: https://git.zx2c4.com/cgit/snapshot/%name-%version.tar.xz +Source2: https://www.kernel.org/pub/software/scm/git/git-%git_version.tar.xz +Source3: https://www.kernel.org/pub/software/scm/git/git-%git_version.tar.sign +Source4:%name.keyring Source9:cgitrc Patch0: cgit-optflags.diff Patch1: cgit-built-with-git-v2.11.0.patch @@ -39,7 +39,7 @@ BuildRequires: libxslt BuildRequires: libzip-devel BuildRequires: xz -BuildRoot: %{_tmppath}/%{name}-%{version}-build +BuildRoot: %_tmppath/%name-%version-build %description This is an attempt to create a fast web interface for the Git SCM, using a @@ -50,28 +50,28 @@ %patch0 -p1 %patch1 -p1 rm -rf git -ln -s git-%{git_version} git +ln -s git-%git_version git %build -make V=1 prefix="%{_prefix}" %{?_smp_mflags} +make V=1 prefix="%_prefix" %{?_smp_mflags} %install -make install install-man DESTDIR=%{buildroot} prefix="%{_prefix}" \ +make install install-man DESTDIR=%buildroot prefix="%_prefix" \ CGIT_SCRIPT_PATH="/srv/www/htdocs/cgit" -mkdir -p "%{buildroot}/srv/www/cgi-bin/cgit/" -mv %{buildroot}/srv/www/{htdocs,cgi-bin}/cgit/cgit.cgi +mkdir -p "%buildroot/srv/www/cgi-bin/cgit/" +mv %buildroot/srv/www/{htdocs,cgi-bin}/cgit/cgit.cgi -mkdir -p "%{buildroot}/%{_sysconfdir}" -cp %{SOURCE9} "%{buildroot}/%{_sysconfdir}/cgitrc" +mkdir -p "%buildroot/%_sysconfdir" +cp %SOURCE9 "%buildroot/%_sysconfdir/cgitrc" %files %defattr(-,root,root) %doc README COPYING -%{_mandir}/man5/cgitrc.5%{ext_man} +%_mandir/man5/cgitrc.5%ext_man /srv/www/cgi-bin/cgit/ /srv/www/htdocs/cgit/ -%{_prefix}/lib/cgit/ -%config(noreplace) %{_sysconfdir}/cgitrc +%_prefix/lib/cgit/ +%config(noreplace) %_sysconfdir/cgitrc %changelog ++ git-2.11.0.tar.xz -> git-2.11.1.tar.xz ++ 6460 lines of diff (skipped)
commit cgit for openSUSE:Factory
Hello community, here is the log from the commit of package cgit for openSUSE:Factory checked in at 2017-01-24 10:37:03 Comparing /work/SRC/openSUSE:Factory/cgit (Old) and /work/SRC/openSUSE:Factory/.cgit.new (New) Package is "cgit" Changes: --- /work/SRC/openSUSE:Factory/cgit/cgit.changes2017-01-10 10:49:11.435089816 +0100 +++ /work/SRC/openSUSE:Factory/.cgit.new/cgit.changes 2017-01-24 10:37:04.347133305 +0100 @@ -1,0 +2,8 @@ +Thu Jan 19 15:20:32 UTC 2017 - vsvec...@suse.com + +- Version bump to v1.1: + * For more information see complete changelog at +https://git.zx2c4.com/cgit/log/ +- Add cgit-built-with-git-v2.11.0.patch + +--- Old: cgit-1.0.tar.xz git-2.8.3.tar.sign git-2.8.3.tar.xz New: cgit-1.1.tar.xz cgit-built-with-git-v2.11.0.patch git-2.11.0.tar.sign git-2.11.0.tar.xz Other differences: -- ++ cgit.spec ++ --- /var/tmp/diff_new_pack.TeW11U/_old 2017-01-24 10:37:05.207011169 +0100 +++ /var/tmp/diff_new_pack.TeW11U/_new 2017-01-24 10:37:05.207011169 +0100 @@ -1,7 +1,7 @@ # # spec file for package cgit # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,62 +16,62 @@ # -%define git_version2.8.3 - +%define git_version2.11.0 Name: cgit -Version:1.0 +Version:1.1 Release:0 Summary:A web frontend for git repositories -Url:http://git.zx2c4.com/cgit/ License:GPL-2.0 Group: Development/Tools/Version Control - +Url:http://git.zx2c4.com/cgit/ #Git-Clone:https://git.zx2c4.com/cgit -Source: https://git.zx2c4.com/cgit/snapshot/%name-%version.tar.xz -Source2: https://www.kernel.org/pub/software/scm/git/git-%git_version.tar.xz -Source3: https://www.kernel.org/pub/software/scm/git/git-%git_version.tar.sign -Source4:%name.keyring +Source: https://git.zx2c4.com/cgit/snapshot/%{name}-%{version}.tar.xz +Source2: https://www.kernel.org/pub/software/scm/git/git-%{git_version}.tar.xz +Source3: https://www.kernel.org/pub/software/scm/git/git-%{git_version}.tar.sign +Source4:%{name}.keyring Source9:cgitrc Patch0: cgit-optflags.diff -# Requirements for cgit -BuildRequires: libopenssl-devel -BuildRequires: libzip-devel +Patch1: cgit-built-with-git-v2.11.0.patch # Requirements for cgitrc man page generation BuildRequires: asciidoc +# Requirements for cgit +BuildRequires: libopenssl-devel BuildRequires: libxslt +BuildRequires: libzip-devel BuildRequires: xz BuildRoot: %{_tmppath}/%{name}-%{version}-build %description This is an attempt to create a fast web interface for the Git SCM, using a -builtin cache to decrease server I/O pressue. +builtin cache to decrease server I/O pressure. %prep %setup -qa2 %patch0 -p1 +%patch1 -p1 rm -rf git -ln -s git-%git_version git +ln -s git-%{git_version} git %build -make V=1 prefix="%_prefix" %{?_smp_mflags} +make V=1 prefix="%{_prefix}" %{?_smp_mflags} %install -make install install-man DESTDIR="%buildroot" prefix="%_prefix" \ +make install install-man DESTDIR=%{buildroot} prefix="%{_prefix}" \ CGIT_SCRIPT_PATH="/srv/www/htdocs/cgit" -mkdir -p "%buildroot/srv/www/cgi-bin/cgit/" -mv "%{buildroot}"/srv/www/{htdocs,cgi-bin}/cgit/cgit.cgi +mkdir -p "%{buildroot}/srv/www/cgi-bin/cgit/" +mv %{buildroot}/srv/www/{htdocs,cgi-bin}/cgit/cgit.cgi -mkdir -p "%buildroot/%_sysconfdir" -cp %{SOURCE9} "%buildroot/%_sysconfdir/cgitrc" +mkdir -p "%{buildroot}/%{_sysconfdir}" +cp %{SOURCE9} "%{buildroot}/%{_sysconfdir}/cgitrc" %files %defattr(-,root,root) %doc README COPYING -%_mandir/man5/cgitrc.5.gz +%{_mandir}/man5/cgitrc.5%{ext_man} /srv/www/cgi-bin/cgit/ /srv/www/htdocs/cgit/ -/usr/lib/cgit/ -%config(noreplace) %_sysconfdir/cgitrc +%{_prefix}/lib/cgit/ +%config(noreplace) %{_sysconfdir}/cgitrc %changelog ++ cgit-1.0.tar.xz -> cgit-1.1.tar.xz ++ 1818 lines of diff (skipped) ++ cgit-built-with-git-v2.11.0.patch ++ >From 91153fd02e62f2eaca8e6c140baa4f2abf39c40e Mon Sep 17 00:00:00 2001 From: Christian HesseDate: Wed, 30 Nov 2016 10:43:08 +0100 Subject: git: update to v2.11.0 Update to git version v2.11.0. Function write_archive() dropped argument (int setup_prefix). --- ui-snapshot.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ui-snapshot.c b/ui-snapshot.c
commit cgit for openSUSE:Factory
Hello community, here is the log from the commit of package cgit for openSUSE:Factory checked in at 2016-06-14 23:08:50 Comparing /work/SRC/openSUSE:Factory/cgit (Old) and /work/SRC/openSUSE:Factory/.cgit.new (New) Package is "cgit" Changes: --- /work/SRC/openSUSE:Factory/cgit/cgit.changes2016-03-17 16:49:34.0 +0100 +++ /work/SRC/openSUSE:Factory/.cgit.new/cgit.changes 2016-06-14 23:08:52.0 +0200 @@ -1,0 +2,27 @@ +Mon Jun 13 22:29:05 UTC 2016 - astie...@suse.com + +- cgit 1.0: + * Add repo.homepage/gitweb.homepage setting and homepage tab. + * Considerable internal cleanups. + * Show reverse paths in title bar so that browser tab shows +filename. + * Add syntax highlighting to md2html. + * Allow redirects even when caching is turned on. + * Fix empty PATH_INFO on redirect. + * Better HTML5 compliance. + * Simplified decorations. + * Show repo's root directory in plain view. + * Date printing and timezone normalization. + * Unicode issues in syntax highlighting. + * Account for caches with empty key. + * Use size_t for all lengths. + * More gracefully deal with unparsable commits. +- with git 2.8.3 +- the following patches are now included upstream git 2.8.3: + 0012-http-push-stop-using-name_path.patch + 0013-show_object_with_name-simplify-by-using-path_name.patch + 0014-list-objects-convert-name_path-to-a-strbuf.patch + 0015-list-objects-drop-name_path-entirely.patch + 0016-list-objects-pass-full-pathname-to-callbacks.patch + +--- Old: 0012-http-push-stop-using-name_path.patch 0013-show_object_with_name-simplify-by-using-path_name.patch 0014-list-objects-convert-name_path-to-a-strbuf.patch 0015-list-objects-drop-name_path-entirely.patch 0016-list-objects-pass-full-pathname-to-callbacks.patch cgit-0.12.tar.xz git-2.7.0.tar.sign git-2.7.0.tar.xz New: cgit-1.0.tar.xz git-2.8.3.tar.sign git-2.8.3.tar.xz Other differences: -- ++ cgit.spec ++ --- /var/tmp/diff_new_pack.ssXtwf/_old 2016-06-14 23:08:53.0 +0200 +++ /var/tmp/diff_new_pack.ssXtwf/_new 2016-06-14 23:08:53.0 +0200 @@ -16,29 +16,23 @@ # -%define git_version2.7.0 +%define git_version2.8.3 Name: cgit -Version:0.12 +Version:1.0 Release:0 Summary:A web frontend for git repositories Url:http://git.zx2c4.com/cgit/ License:GPL-2.0 Group: Development/Tools/Version Control -#Git-Clone:git://git.zx2c4.com/cgit -Source: http://git.zx2c4.com/cgit/snapshot/%name-%version.tar.xz +#Git-Clone:https://git.zx2c4.com/cgit +Source: https://git.zx2c4.com/cgit/snapshot/%name-%version.tar.xz Source2: https://www.kernel.org/pub/software/scm/git/git-%git_version.tar.xz Source3: https://www.kernel.org/pub/software/scm/git/git-%git_version.tar.sign Source4:%name.keyring Source9:cgitrc Patch0: cgit-optflags.diff -# PATCH-FIX-UPSTREAM fix remote code execution via buffer overflow (CVE-2016-2324, bsc#971328) -Patch12:0012-http-push-stop-using-name_path.patch -Patch13:0013-show_object_with_name-simplify-by-using-path_name.patch -Patch14:0014-list-objects-convert-name_path-to-a-strbuf.patch -Patch15:0015-list-objects-drop-name_path-entirely.patch -Patch16:0016-list-objects-pass-full-pathname-to-callbacks.patch # Requirements for cgit BuildRequires: gnu-crypto BuildRequires: libopenssl-devel @@ -58,12 +52,6 @@ %patch0 -p1 rm -rf git ln -s git-%git_version git -cd git -%patch12 -p1 -%patch13 -p1 -%patch14 -p1 -%patch15 -p1 -%patch16 -p1 %build make V=1 prefix="%_prefix" %{?_smp_mflags} ++ cgit-0.12.tar.xz -> cgit-1.0.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cgit-0.12/Makefile new/cgit-1.0/Makefile --- old/cgit-0.12/Makefile 2016-01-14 15:43:54.0 +0100 +++ new/cgit-1.0/Makefile 2016-06-07 14:45:04.0 +0200 @@ -1,6 +1,6 @@ all:: -CGIT_VERSION = v0.12 +CGIT_VERSION = v1.0 CGIT_SCRIPT_NAME = cgit.cgi CGIT_SCRIPT_PATH = /var/www/htdocs/cgit CGIT_DATA_PATH = $(CGIT_SCRIPT_PATH) @@ -14,7 +14,7 @@ pdfdir = $(docdir) mandir = $(prefix)/share/man SHA1_HEADER = -GIT_VER = 2.7.0 +GIT_VER = 2.8.3 GIT_URL = https://www.kernel.org/pub/software/scm/git/git-$(GIT_VER).tar.gz INSTALL = install COPYTREE = cp -r diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cgit-0.12/cache.c new/cgit-1.0/cache.c --- old/cgit-0.12/cache.c 2016-01-14 15:43:54.0 +0100 +++ new/cgit-1.0/cache.c2016-06-07
commit cgit for openSUSE:Factory
Hello community, here is the log from the commit of package cgit for openSUSE:Factory checked in at 2016-03-17 16:36:11 Comparing /work/SRC/openSUSE:Factory/cgit (Old) and /work/SRC/openSUSE:Factory/.cgit.new (New) Package is "cgit" Changes: --- /work/SRC/openSUSE:Factory/cgit/cgit.changes2016-01-16 11:57:13.0 +0100 +++ /work/SRC/openSUSE:Factory/.cgit.new/cgit.changes 2016-03-17 16:49:34.0 +0100 @@ -1,0 +2,11 @@ +Wed Mar 16 16:12:46 CET 2016 - ti...@suse.de + +- Fix remote code execution via buffer overflow (CVE-2016-2315, + CVE-2016-2324, bsc#971328): + 0012-http-push-stop-using-name_path.patch + 0013-show_object_with_name-simplify-by-using-path_name.patch + 0014-list-objects-convert-name_path-to-a-strbuf.patch + 0015-list-objects-drop-name_path-entirely.patch + 0016-list-objects-pass-full-pathname-to-callbacks.patch + +--- New: 0012-http-push-stop-using-name_path.patch 0013-show_object_with_name-simplify-by-using-path_name.patch 0014-list-objects-convert-name_path-to-a-strbuf.patch 0015-list-objects-drop-name_path-entirely.patch 0016-list-objects-pass-full-pathname-to-callbacks.patch Other differences: -- ++ cgit.spec ++ --- /var/tmp/diff_new_pack.qpAmdI/_old 2016-03-17 16:49:36.0 +0100 +++ /var/tmp/diff_new_pack.qpAmdI/_new 2016-03-17 16:49:36.0 +0100 @@ -33,6 +33,12 @@ Source4:%name.keyring Source9:cgitrc Patch0: cgit-optflags.diff +# PATCH-FIX-UPSTREAM fix remote code execution via buffer overflow (CVE-2016-2324, bsc#971328) +Patch12:0012-http-push-stop-using-name_path.patch +Patch13:0013-show_object_with_name-simplify-by-using-path_name.patch +Patch14:0014-list-objects-convert-name_path-to-a-strbuf.patch +Patch15:0015-list-objects-drop-name_path-entirely.patch +Patch16:0016-list-objects-pass-full-pathname-to-callbacks.patch # Requirements for cgit BuildRequires: gnu-crypto BuildRequires: libopenssl-devel @@ -52,6 +58,12 @@ %patch0 -p1 rm -rf git ln -s git-%git_version git +cd git +%patch12 -p1 +%patch13 -p1 +%patch14 -p1 +%patch15 -p1 +%patch16 -p1 %build make V=1 prefix="%_prefix" %{?_smp_mflags} ++ 0012-http-push-stop-using-name_path.patch ++ >From 415959387e0642842be7aad05fa5d95ea4ed350f Mon Sep 17 00:00:00 2001 From: Jeff KingDate: Thu, 11 Feb 2016 17:23:48 -0500 Subject: [PATCH 2/6] http-push: stop using name_path The graph traversal code here passes along a name_path to build up the pathname at which we find each blob. But we never actually do anything with the resulting names, making it a waste of code and memory. This usage came in aa1dbc9 (Update http-push functionality, 2006-03-07), and originally the result was passed to "add_object" (which stored it, but didn't really use it, either). But we stopped using that function in 1f1e895 (Add "named object array" concept, 2006-06-19) in favor of storing just the objects themselves. Moreover, the generation of the name in process_tree() is buggy. It sticks "name" onto the end of the name_path linked list, and then passes it down again as it recurses (instead of "entry.path"). So it's a good thing this was unused, as the resulting path for "a/b/c/d" would end up as "a/a/a/a". Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- http-push.c | 23 +++ 1 file changed, 7 insertions(+), 16 deletions(-) diff --git a/http-push.c b/http-push.c index d857b131a8f7..bd60668707b9 100644 --- a/http-push.c +++ b/http-push.c @@ -1277,9 +1277,7 @@ static struct object_list **add_one_object(struct object *obj, struct object_lis } static struct object_list **process_blob(struct blob *blob, -struct object_list **p, -struct name_path *path, -const char *name) +struct object_list **p) { struct object *obj = >object; @@ -1293,14 +1291,11 @@ static struct object_list **process_blob(struct blob *blob, } static struct object_list **process_tree(struct tree *tree, -struct object_list **p, -struct name_path *path, -const char *name) +struct object_list **p) { struct object *obj = >object; struct tree_desc desc; struct name_entry entry; - struct name_path me; obj->flags |= LOCAL; @@ -1310,21 +1305,17 @@ static struct object_list
commit cgit for openSUSE:Factory
Hello community, here is the log from the commit of package cgit for openSUSE:Factory checked in at 2016-01-16 11:57:08 Comparing /work/SRC/openSUSE:Factory/cgit (Old) and /work/SRC/openSUSE:Factory/.cgit.new (New) Package is "cgit" Changes: --- /work/SRC/openSUSE:Factory/cgit/cgit.changes2015-10-08 08:24:53.0 +0200 +++ /work/SRC/openSUSE:Factory/.cgit.new/cgit.changes 2016-01-16 11:57:13.0 +0100 @@ -1,0 +2,22 @@ +Thu Jan 14 15:25:28 UTC 2016 - jeng...@inai.de + +- Update to new upstream release 0.12 +* Show remote refs in branch switcher combobox. +* Add sample post-receive hook in /contrib. +* Add HTML escaping to filters. +* Add "enable-follow-links" option to have the log UI + behave the same way as "git log --follow", as well + as updating the diffand commit UIs. +* Errors are now cached under the dynamic-ttl setting. +* Simplified filters and converters. +* Add "enable-html-serving" to turn on serving of HTML mimetypes + from the /plain handler, to prevent against stored XSS. +* /blob no longer takes a mimetype query string parameter. +- Resolve: Reflected Cross Site Scripting & Header Injection in + Mimetype Query String; Stored Cross Site Scripting & Header + Injection in Filename Parameter; Stored Cross Site Scripting in + Git Repo Files; Integer Overflow resulting in Buffer Overflow + [boo#961916 CVE-2016-1899 CVE-2016-1900 CVE-2016-1901] +- Update bundled git tarball to 2.7.0 (build-time requirement) + +--- Old: cgit-0.11.2.tar.xz git-2.6.1.tar.sign git-2.6.1.tar.xz New: cgit-0.12.tar.xz git-2.7.0.tar.sign git-2.7.0.tar.xz Other differences: -- ++ cgit.spec ++ --- /var/tmp/diff_new_pack.rSIyFj/_old 2016-01-16 11:57:15.0 +0100 +++ /var/tmp/diff_new_pack.rSIyFj/_new 2016-01-16 11:57:15.0 +0100 @@ -16,10 +16,10 @@ # -%define git_version2.6.1 +%define git_version2.7.0 Name: cgit -Version:0.11.2 +Version:0.12 Release:0 Summary:A web frontend for git repositories Url:http://git.zx2c4.com/cgit/ @@ -47,10 +47,6 @@ This is an attempt to create a fast web interface for the Git SCM, using a builtin cache to decrease server I/O pressue. -Authors: - -Lars Hjemli (hje...@gmail.com) - %prep %setup -qa2 %patch0 -p1 ++ cgit-0.11.2.tar.xz -> cgit-0.12.tar.xz ++ 4952 lines of diff (skipped) ++ git-2.6.1.tar.xz -> git-2.7.0.tar.xz ++ 132725 lines of diff (skipped)
commit cgit for openSUSE:Factory
Hello community, here is the log from the commit of package cgit for openSUSE:Factory checked in at 2015-10-08 08:24:51 Comparing /work/SRC/openSUSE:Factory/cgit (Old) and /work/SRC/openSUSE:Factory/.cgit.new (New) Package is "cgit" Changes: --- /work/SRC/openSUSE:Factory/cgit/cgit.changes2015-09-27 08:39:33.0 +0200 +++ /work/SRC/openSUSE:Factory/.cgit.new/cgit.changes 2015-10-08 08:24:53.0 +0200 @@ -1,0 +2,5 @@ +Tue Oct 6 09:59:22 UTC 2015 - jeng...@inai.de + +- Update bundled git tarball to 2.6.1 [bnc#948969] + +--- Old: git-2.5.3.tar.sign git-2.5.3.tar.xz New: git-2.6.1.tar.sign git-2.6.1.tar.xz Other differences: -- ++ cgit.spec ++ --- /var/tmp/diff_new_pack.r2I6Da/_old 2015-10-08 08:24:54.0 +0200 +++ /var/tmp/diff_new_pack.r2I6Da/_new 2015-10-08 08:24:54.0 +0200 @@ -16,7 +16,7 @@ # -%define git_version2.5.3 +%define git_version2.6.1 Name: cgit Version:0.11.2 @@ -67,8 +67,8 @@ mkdir -p "%buildroot/srv/www/cgi-bin/cgit/" mv "%{buildroot}"/srv/www/{htdocs,cgi-bin}/cgit/cgit.cgi -mkdir -p "%{buildroot}"/etc -cp %{SOURCE9} "%{buildroot}"/etc/cgitrc +mkdir -p "%buildroot/%_sysconfdir" +cp %{SOURCE9} "%buildroot/%_sysconfdir/cgitrc" %files %defattr(-,root,root) @@ -77,6 +77,6 @@ /srv/www/cgi-bin/cgit/ /srv/www/htdocs/cgit/ /usr/lib/cgit/ -%config(noreplace) /etc/cgitrc +%config(noreplace) %_sysconfdir/cgitrc %changelog ++ git-2.5.3.tar.xz -> git-2.6.1.tar.xz ++ 108416 lines of diff (skipped)
commit cgit for openSUSE:Factory
Hello community, here is the log from the commit of package cgit for openSUSE:Factory checked in at 2015-09-27 08:40:10 Comparing /work/SRC/openSUSE:Factory/cgit (Old) and /work/SRC/openSUSE:Factory/.cgit.new (New) Package is "cgit" Changes: --- /work/SRC/openSUSE:Factory/cgit/cgit.changes2015-06-15 17:48:56.0 +0200 +++ /work/SRC/openSUSE:Factory/.cgit.new/cgit.changes 2015-09-27 08:39:33.0 +0200 @@ -1,0 +2,5 @@ +Thu Sep 24 14:47:29 UTC 2015 - jeng...@inai.de + +- Update bundled git tarball to 2.5.3 + +--- Old: git-2.4.3.tar.sign git-2.4.3.tar.xz New: git-2.5.3.tar.sign git-2.5.3.tar.xz Other differences: -- ++ cgit.spec ++ --- /var/tmp/diff_new_pack.b2rTyF/_old 2015-09-27 08:39:34.0 +0200 +++ /var/tmp/diff_new_pack.b2rTyF/_new 2015-09-27 08:39:34.0 +0200 @@ -16,7 +16,7 @@ # -%define git_version2.4.3 +%define git_version2.5.3 Name: cgit Version:0.11.2 ++ git-2.4.3.tar.xz -> git-2.5.3.tar.xz ++ 86570 lines of diff (skipped)
commit cgit for openSUSE:Factory
Hello community, here is the log from the commit of package cgit for openSUSE:Factory checked in at 2015-06-15 17:48:53 Comparing /work/SRC/openSUSE:Factory/cgit (Old) and /work/SRC/openSUSE:Factory/.cgit.new (New) Package is cgit Changes: --- /work/SRC/openSUSE:Factory/cgit/cgit.changes2015-05-15 07:43:25.0 +0200 +++ /work/SRC/openSUSE:Factory/.cgit.new/cgit.changes 2015-06-15 17:48:56.0 +0200 @@ -1,0 +2,5 @@ +Tue Jun 9 16:30:13 UTC 2015 - jeng...@inai.de + +- Update bundled git tarball to 2.4.3 + +--- Old: git-2.4.0.tar.sign git-2.4.0.tar.xz New: git-2.4.3.tar.sign git-2.4.3.tar.xz Other differences: -- ++ cgit.spec ++ --- /var/tmp/diff_new_pack.A2m65z/_old 2015-06-15 17:48:58.0 +0200 +++ /var/tmp/diff_new_pack.A2m65z/_new 2015-06-15 17:48:58.0 +0200 @@ -16,7 +16,7 @@ # -%define git_version2.4.0 +%define git_version2.4.3 Name: cgit Version:0.11.2 ++ git-2.4.0.tar.xz - git-2.4.3.tar.xz ++ 4324 lines of diff (skipped)
commit cgit for openSUSE:Factory
Hello community, here is the log from the commit of package cgit for openSUSE:Factory checked in at 2015-05-15 07:43:17 Comparing /work/SRC/openSUSE:Factory/cgit (Old) and /work/SRC/openSUSE:Factory/.cgit.new (New) Package is cgit Changes: --- /work/SRC/openSUSE:Factory/cgit/cgit.changes2014-11-26 10:33:32.0 +0100 +++ /work/SRC/openSUSE:Factory/.cgit.new/cgit.changes 2015-05-15 07:43:25.0 +0200 @@ -1,0 +2,27 @@ +Mon May 4 08:56:39 UTC 2015 - jeng...@inai.de + +- Update to new upstream release 0.11.2 +* addition of a Lua scripting engine +* fine-grained authentication support through the new Lua + scripting system +* support for the rawdiff command was added +* sendfile() is now used when available (Linux systems) instead + of a loop of read() and write(). This should significantly + increase performance for high volume sites which make heavy use + of the caching feature, as it saves copies to and from + user-space. +* Caching granularity is now improved with the introduction of + the cache-snapshot-ttl option, which allows configuration of + the ttl for tarball and zip snapshots of repositories. +* When filtering in the index, make the sorting links point to + the same filtered page of results +* Take into account leading slashes when comptuing links +- Avoid double %setup (messes with quilt). Simplify filelist. + %doc for man is implicit. +- Drop cgit-git-1.7.6_build_fix.patch, + cgit-fix-print-tree.diff, + cgit-fix-more-read_tree_recursive-invocations.diff, + cgit-CVE-2013-2117-disallow-directory-traversal.patch +- Add signature for the git core tarball. + +--- Old: cgit-0.9.1.tar.xz cgit-CVE-2013-2117-disallow-directory-traversal.patch cgit-fix-more-read_tree_recursive-invocations.diff cgit-fix-print-tree.diff cgit-git-1.7.6_build_fix.patch git-1.7.6.4.tar.gz New: cgit-0.11.2.tar.xz cgit.keyring git-2.4.0.tar.sign git-2.4.0.tar.xz Other differences: -- ++ cgit.spec ++ --- /var/tmp/diff_new_pack.Vgb4xT/_old 2015-05-15 07:43:27.0 +0200 +++ /var/tmp/diff_new_pack.Vgb4xT/_new 2015-05-15 07:43:27.0 +0200 @@ -16,71 +16,67 @@ # -%define git_version1.7.6.4 +%define git_version2.4.0 Name: cgit -Version:0.9.1 +Version:0.11.2 Release:0 Summary:A web frontend for git repositories Url:http://git.zx2c4.com/cgit/ License:GPL-2.0 -Group: Development/Libraries/C and C++ -Source0:%{name}-%{version}.tar.xz -Source1:git-%{git_version}.tar.gz -Source2:cgitrc -Patch: cgit-optflags.diff -Patch1: cgit-git-1.7.6_build_fix.patch -Patch3: cgit-fix-print-tree.diff -Patch4: cgit-fix-more-read_tree_recursive-invocations.diff -Patch5: cgit-CVE-2013-2117-disallow-directory-traversal.patch +Group: Development/Tools/Version Control + +#Git-Clone:git://git.zx2c4.com/cgit +Source: http://git.zx2c4.com/cgit/snapshot/%name-%version.tar.xz +Source2: https://www.kernel.org/pub/software/scm/git/git-%git_version.tar.xz +Source3: https://www.kernel.org/pub/software/scm/git/git-%git_version.tar.sign +Source4:%name.keyring +Source9:cgitrc +Patch0: cgit-optflags.diff # Requirements for cgit -BuildRequires: gnu-crypto libopenssl-devel libzip-devel +BuildRequires: gnu-crypto +BuildRequires: libopenssl-devel +BuildRequires: libzip-devel # Requirements for cgitrc man page generation -BuildRequires: asciidoc libxslt xz +BuildRequires: asciidoc +BuildRequires: libxslt +BuildRequires: xz BuildRoot: %{_tmppath}/%{name}-%{version}-build %description -This is an attempt to create a fast web interface for the git scm, using a -builtin cache to decrease server io-pressure. +This is an attempt to create a fast web interface for the Git SCM, using a +builtin cache to decrease server I/O pressue. Authors: Lars Hjemli (hje...@gmail.com) %prep -%setup -q -%setup -q -T -D -a 1 -%patch -p1 -%patch1 -p1 -%patch3 -%patch4 -%patch5 -p1 +%setup -qa2 +%patch0 -p1 rm -rf git -mv git-%{git_version} git +ln -s git-%git_version git %build -make V=1 %{?_smp_mflags} +make V=1 prefix=%_prefix %{?_smp_mflags} %install -make install DESTDIR=%{buildroot} CGIT_SCRIPT_PATH=/srv/www/htdocs/cgit -make install-man DESTDIR=%{buildroot} +make install install-man DESTDIR=%buildroot prefix=%_prefix \ + CGIT_SCRIPT_PATH=/srv/www/htdocs/cgit -mkdir -p %{buildroot}/srv/www/cgi-bin/cgit/ +mkdir -p %buildroot/srv/www/cgi-bin/cgit/ mv %{buildroot}/srv/www/{htdocs,cgi-bin}/cgit/cgit.cgi mkdir -p %{buildroot}/etc
commit cgit for openSUSE:Factory
Hello community, here is the log from the commit of package cgit for openSUSE:Factory checked in at 2014-11-26 10:33:25 Comparing /work/SRC/openSUSE:Factory/cgit (Old) and /work/SRC/openSUSE:Factory/.cgit.new (New) Package is cgit Changes: --- /work/SRC/openSUSE:Factory/cgit/cgit.changes2014-10-18 09:09:09.0 +0200 +++ /work/SRC/openSUSE:Factory/.cgit.new/cgit.changes 2014-11-26 10:33:32.0 +0100 @@ -1,0 +2,5 @@ +Mon Nov 24 13:10:34 UTC 2014 - guilla...@opensuse.org + +- Fix css and logo path in cgitrc file (replace /git by /cgit) + +--- Other differences: -- ++ cgitrc ++ --- /var/tmp/diff_new_pack.R8e8zV/_old 2014-11-26 10:33:34.0 +0100 +++ /var/tmp/diff_new_pack.R8e8zV/_new 2014-11-26 10:33:34.0 +0100 @@ -5,10 +5,10 @@ clone-prefix=ssh://domain.com/var/git # Specify the css url -css=/git/cgit.css +css=/cgit/cgit.css # Specify the logo url -logo=/git/cgit.png +logo=/cgit/cgit.png # Show extra links for each repository on the index page enable-index-links=1 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit cgit for openSUSE:Factory
Hello community, here is the log from the commit of package cgit for openSUSE:Factory checked in at 2014-10-18 09:08:56 Comparing /work/SRC/openSUSE:Factory/cgit (Old) and /work/SRC/openSUSE:Factory/.cgit.new (New) Package is cgit Changes: --- /work/SRC/openSUSE:Factory/cgit/cgit.changes2013-07-08 22:24:19.0 +0200 +++ /work/SRC/openSUSE:Factory/.cgit.new/cgit.changes 2014-10-18 09:09:09.0 +0200 @@ -1,0 +2,6 @@ +Mon Oct 6 21:16:48 UTC 2014 - jeng...@inai.de + +- Remove ancient specfile tags/sections +- Enable parallel build + +--- Other differences: -- ++ cgit.spec ++ --- /var/tmp/diff_new_pack.4Ku2mj/_old 2014-10-18 09:09:10.0 +0200 +++ /var/tmp/diff_new_pack.4Ku2mj/_new 2014-10-18 09:09:10.0 +0200 @@ -15,18 +15,16 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild %define git_version1.7.6.4 Name: cgit +Version:0.9.1 +Release:0 +Summary:A web frontend for git repositories Url:http://git.zx2c4.com/cgit/ License:GPL-2.0 Group: Development/Libraries/C and C++ -AutoReqProv:on -Version:0.9.1 -Release:7 -Summary:A web frontend for git repositories Source0:%{name}-%{version}.tar.xz Source1:git-%{git_version}.tar.gz Source2:cgitrc @@ -61,7 +59,7 @@ mv git-%{git_version} git %build -make V=1 +make V=1 %{?_smp_mflags} %install make install DESTDIR=%{buildroot} CGIT_SCRIPT_PATH=/srv/www/htdocs/cgit @@ -73,9 +71,6 @@ mkdir -p %{buildroot}/etc cp %{SOURCE2} %{buildroot}/etc/cgitrc -%clean -rm -rf %{buildroot} - %files %defattr(-,root,root) %doc README COPYING -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit cgit for openSUSE:Factory
Hello community, here is the log from the commit of package cgit for openSUSE:Factory checked in at 2013-07-08 22:24:18 Comparing /work/SRC/openSUSE:Factory/cgit (Old) and /work/SRC/openSUSE:Factory/.cgit.new (New) Package is cgit Changes: --- /work/SRC/openSUSE:Factory/cgit/cgit.changes2012-11-21 15:06:27.0 +0100 +++ /work/SRC/openSUSE:Factory/.cgit.new/cgit.changes 2013-07-08 22:24:19.0 +0200 @@ -1,0 +2,6 @@ +Fri Jul 5 17:05:04 CEST 2013 - ti...@suse.de + +- Fix VUL-0: cgit: remote file disclosure flaw (CVE-2013-2117, + bnc#822166) + +--- New: cgit-CVE-2013-2117-disallow-directory-traversal.patch Other differences: -- ++ cgit.spec ++ --- /var/tmp/diff_new_pack.e6Tmpk/_old 2013-07-08 22:24:19.0 +0200 +++ /var/tmp/diff_new_pack.e6Tmpk/_new 2013-07-08 22:24:19.0 +0200 @@ -34,6 +34,7 @@ Patch1: cgit-git-1.7.6_build_fix.patch Patch3: cgit-fix-print-tree.diff Patch4: cgit-fix-more-read_tree_recursive-invocations.diff +Patch5: cgit-CVE-2013-2117-disallow-directory-traversal.patch # Requirements for cgit BuildRequires: gnu-crypto libopenssl-devel libzip-devel # Requirements for cgitrc man page generation @@ -55,6 +56,7 @@ %patch1 -p1 %patch3 %patch4 +%patch5 -p1 rm -rf git mv git-%{git_version} git ++ cgit-CVE-2013-2117-disallow-directory-traversal.patch ++ From babf94e04e74123eb658a823213c062663cdadd6 Mon Sep 17 00:00:00 2001 From: Jason A. Donenfeld ja...@zx2c4.com Date: Sat, 25 May 2013 17:47:15 + Subject: ui-summary: Disallow directory traversal Using the url= query string, it was possible request arbitrary files from the filesystem if the readme for a given page was set to a filesystem file. The following request would return my /etc/passwd file: http://git.zx2c4.com/?url=/somerepo/about/../../../../etc/passwd http://data.zx2c4.com/cgit-directory-traversal.png This fix uses realpath(3) to canonicalize all paths, and then compares the base components. This fix introduces a subtle timing attack, whereby a client can check whether or not strstr is called using timing measurements in order to determine if a given file exists on the filesystem. This fix also does not account for filesystem race conditions (TOCTOU) in resolving symlinks. Signed-off-by: Jason A. Donenfeld ja...@zx2c4.com --- --- ui-summary.c | 13 + 1 file changed, 13 insertions(+) --- a/ui-summary.c +++ b/ui-summary.c @@ -96,6 +96,7 @@ void cgit_print_repo_readme(char *path) * to the directory containing the configured readme. */ if (path) { + char *resolved_base, *resolved_full; slash = strrchr(ctx.repo-readme, '/'); if (!slash) { if (!colon) @@ -104,7 +105,19 @@ void cgit_print_repo_readme(char *path) } tmp = xmalloc(slash - ctx.repo-readme + 1 + strlen(path) + 1); strncpy(tmp, ctx.repo-readme, slash - ctx.repo-readme + 1); + if (!ref) + resolved_base = realpath(tmp, NULL); strcpy(tmp + (slash - ctx.repo-readme + 1), path); + if (!ref) { + resolved_full = realpath(tmp, NULL); + if (!resolved_base || !resolved_full || + strstr(resolved_full, resolved_base) != resolved_full) { + free(tmp); + return; + } + free(resolved_base); + free(resolved_full); + } } else tmp = ctx.repo-readme; -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit cgit for openSUSE:Factory
Hello community, here is the log from the commit of package cgit for openSUSE:Factory checked in at 2012-11-21 15:06:25 Comparing /work/SRC/openSUSE:Factory/cgit (Old) and /work/SRC/openSUSE:Factory/.cgit.new (New) Package is cgit, Maintainer is Changes: --- /work/SRC/openSUSE:Factory/cgit/cgit.changes2012-10-31 06:57:01.0 +0100 +++ /work/SRC/openSUSE:Factory/.cgit.new/cgit.changes 2012-11-21 15:06:27.0 +0100 @@ -1,0 +2,39 @@ +Tue Nov 20 13:51:05 UTC 2012 - v...@openssl.it + +- BuildRequire xz + +--- +Tue Nov 20 12:04:15 CET 2012 - ti...@suse.de + +- updated to cgit-0.9.1: + Enhancements: + - path-selected submodule links + - intelligent default branch guessing + - /etc/mime.types lookup + - gitweb.* and cgit.* git-config support + - case insensitive sorting and age sorting + - commit, repository, and section sorting + - bold currently viewed page in pagination + - support BSDs in makefile + Security: + - CVE-2012-4465: heap-buffer overflow in parsing.c + - CVE-2012-4548: syntax highlighting command injection + Bug Fixes: + - transition maintainer to Jason Donenfeld (zx2c4) + - download git snapshot from github instead of Lars' old server + - css fixes + - stablization of tests + - more compatible default highlight script + - suppress gzip timestamp so that tarballs only use tar timestamps + - treat ctags as target in makefile + - do not let global variables override certain local repo settings + - print ampersand as proper html entity + - use placeholder for empty commit subject + - format diff view for addition and removal of files + - point links at correct blob from ssdiff +- drop obsoleted patches + cgit-CVE-2011-2711-fix.diff + cgit-CVE-2012-4465-fix.diff + cgit-CVE-2012-4548-fix.diff + +--- Old: cgit-0.9.0.2.tar.bz2 cgit-CVE-2011-2711-fix.diff cgit-CVE-2012-4465-fix.diff cgit-CVE-2012-4548-fix.diff New: cgit-0.9.1.tar.xz Other differences: -- ++ cgit.spec ++ --- /var/tmp/diff_new_pack.D7NhB7/_old 2012-11-21 15:06:29.0 +0100 +++ /var/tmp/diff_new_pack.D7NhB7/_new 2012-11-21 15:06:29.0 +0100 @@ -20,27 +20,24 @@ %define git_version1.7.6.4 Name: cgit -Url:http://hjemli.net/git/cgit/ +Url:http://git.zx2c4.com/cgit/ License:GPL-2.0 Group: Development/Libraries/C and C++ AutoReqProv:on -Version:0.9.0.2 +Version:0.9.1 Release:7 Summary:A web frontend for git repositories -Source0:%{name}-%{version}.tar.bz2 +Source0:%{name}-%{version}.tar.xz Source1:git-%{git_version}.tar.gz Source2:cgitrc Patch: cgit-optflags.diff Patch1: cgit-git-1.7.6_build_fix.patch -Patch2: cgit-CVE-2011-2711-fix.diff Patch3: cgit-fix-print-tree.diff Patch4: cgit-fix-more-read_tree_recursive-invocations.diff -Patch5: cgit-CVE-2012-4465-fix.diff -Patch6: cgit-CVE-2012-4548-fix.diff # Requirements for cgit BuildRequires: gnu-crypto libopenssl-devel libzip-devel # Requirements for cgitrc man page generation -BuildRequires: asciidoc libxslt +BuildRequires: asciidoc libxslt xz BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -56,11 +53,8 @@ %setup -q -T -D -a 1 %patch -p1 %patch1 -p1 -%patch2 -p1 %patch3 %patch4 -%patch5 -p1 -%patch6 -p1 rm -rf git mv git-%{git_version} git -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit cgit for openSUSE:Factory
Hello community, here is the log from the commit of package cgit for openSUSE:Factory checked in at 2012-10-31 06:57:00 Comparing /work/SRC/openSUSE:Factory/cgit (Old) and /work/SRC/openSUSE:Factory/.cgit.new (New) Package is cgit, Maintainer is Changes: --- /work/SRC/openSUSE:Factory/cgit/cgit.changes2012-10-11 10:41:44.0 +0200 +++ /work/SRC/openSUSE:Factory/.cgit.new/cgit.changes 2012-10-31 06:57:01.0 +0100 @@ -1,0 +2,7 @@ +Mon Oct 29 11:45:50 CET 2012 - ti...@suse.de + +- cgit-CVE-2012-4548-fix.diff: + Fix VUL-0: cgit: arbitrary code / command execution via + improperly quoted arguments (CVE-2012-4548, bnc#787074) + +--- New: cgit-CVE-2012-4548-fix.diff Other differences: -- ++ cgit.spec ++ --- /var/tmp/diff_new_pack.B200BG/_old 2012-10-31 06:57:03.0 +0100 +++ /var/tmp/diff_new_pack.B200BG/_new 2012-10-31 06:57:03.0 +0100 @@ -36,6 +36,7 @@ Patch3: cgit-fix-print-tree.diff Patch4: cgit-fix-more-read_tree_recursive-invocations.diff Patch5: cgit-CVE-2012-4465-fix.diff +Patch6: cgit-CVE-2012-4548-fix.diff # Requirements for cgit BuildRequires: gnu-crypto libopenssl-devel libzip-devel # Requirements for cgitrc man page generation @@ -59,6 +60,7 @@ %patch3 %patch4 %patch5 -p1 +%patch6 -p1 rm -rf git mv git-%{git_version} git ++ cgit-CVE-2012-4548-fix.diff ++ From 7ea35f9f8ecf61ab42be9947aae1176ab6e089bd Mon Sep 17 00:00:00 2001 From: Jason A. Donenfeld ja...@zx2c4.com Date: Sun, 28 Oct 2012 02:03:41 + Subject: syntax-highlighting.sh: Fix command injection. By not quoting the argument, an attacker with the ability to add files to the repository could pass arbitrary arguments to the highlight command, in particular, the --plug-in argument which can lead to arbitrary command execution. This patch adds simple argument quoting. --- --- filters/syntax-highlighting.sh |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/filters/syntax-highlighting.sh +++ b/filters/syntax-highlighting.sh @@ -31,4 +31,4 @@ EXTENSION=${BASENAME##*.} # map Makefile and Makefile.* to .mk [ ${BASENAME%%.*} == Makefile ] EXTENSION=mk -exec highlight --force -f -I -X -S $EXTENSION 2/dev/null +exec highlight --force -f -I -X -S $EXTENSION 2/dev/null -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit cgit for openSUSE:Factory
Hello community, here is the log from the commit of package cgit for openSUSE:Factory checked in at 2012-10-11 10:37:52 Comparing /work/SRC/openSUSE:Factory/cgit (Old) and /work/SRC/openSUSE:Factory/.cgit.new (New) Package is cgit, Maintainer is Changes: --- /work/SRC/openSUSE:Factory/cgit/cgit.changes2012-02-20 16:07:23.0 +0100 +++ /work/SRC/openSUSE:Factory/.cgit.new/cgit.changes 2012-10-11 10:41:44.0 +0200 @@ -1,0 +2,6 @@ +Wed Oct 10 15:22:03 CEST 2012 - ti...@suse.de + +- Fix VUL-0: specially-crafted commits can trigger a heap-based + buffer overflow (CVE-2012-4465, bnc#783012) + +--- New: cgit-CVE-2012-4465-fix.diff Other differences: -- ++ cgit.spec ++ --- /var/tmp/diff_new_pack.h8eJ4V/_old 2012-10-11 10:41:45.0 +0200 +++ /var/tmp/diff_new_pack.h8eJ4V/_new 2012-10-11 10:41:45.0 +0200 @@ -35,6 +35,7 @@ Patch2: cgit-CVE-2011-2711-fix.diff Patch3: cgit-fix-print-tree.diff Patch4: cgit-fix-more-read_tree_recursive-invocations.diff +Patch5: cgit-CVE-2012-4465-fix.diff # Requirements for cgit BuildRequires: gnu-crypto libopenssl-devel libzip-devel # Requirements for cgitrc man page generation @@ -57,6 +58,7 @@ %patch2 -p1 %patch3 %patch4 +%patch5 -p1 rm -rf git mv git-%{git_version} git ++ cgit-CVE-2012-4465-fix.diff ++ From 7757d1b046ecb67b830151d20715c658867df1ec Mon Sep 17 00:00:00 2001 From: Jim Meyering meyer...@redhat.com Date: Mon, 23 Apr 2012 20:06:35 + Subject: do not write outside heap buffer * parsing.c (substr): Handle tail head. This started when I noticed some cgit segfaults on savannah.gnu.org. Finding the offending URL/commit and then constructing a stand-alone reproducer were far more time-consuming than writing the actual patch. The problem arises with a commit like this, in which the user name part of the Author field is empty: $ git log -1 commit 6f3f41d73393278f3ede68a2cb1e7a2a23fa3421 Author: T at h.or Date: Mon Apr 23 22:29:16 2012 +0200 Here's what happens: (this is due to buf=malloc(0); strncpy (buf, head, -1); where head may point to plenty of attacker-specified non-NUL bytes, so we can overwrite a zero-length heap buffer with arbitrary data) Invalid write of size 1 at 0x4A09361: strncpy (mc_replace_strmem.c:463) by 0x408977: substr (parsing.c:61) by 0x4089EF: parse_user (parsing.c:73) by 0x408D10: cgit_parse_commit (parsing.c:153) by 0x40A540: cgit_mk_refinfo (shared.c:171) by 0x40A581: cgit_refs_cb (shared.c:181) by 0x43DEB3: do_for_each_ref (refs.c:690) by 0x41075E: cgit_print_branches (ui-refs.c:191) by 0x416EF2: cgit_print_summary (ui-summary.c:56) by 0x40780A: summary_fn (cmd.c:120) by 0x40667A: process_request (cgit.c:544) by 0x404078: cache_process (cache.c:322) Address 0x4c718d0 is 0 bytes after a block of size 0 alloc'd at 0x4A0884D: malloc (vg_replace_malloc.c:263) by 0x455C85: xmalloc (wrapper.c:35) by 0x40894C: substr (parsing.c:60) by 0x4089EF: parse_user (parsing.c:73) by 0x408D10: cgit_parse_commit (parsing.c:153) by 0x40A540: cgit_mk_refinfo (shared.c:171) by 0x40A581: cgit_refs_cb (shared.c:181) by 0x43DEB3: do_for_each_ref (refs.c:690) by 0x41075E: cgit_print_branches (ui-refs.c:191) by 0x416EF2: cgit_print_summary (ui-summary.c:56) by 0x40780A: summary_fn (cmd.c:120) by 0x40667A: process_request (cgit.c:544) Invalid write of size 1 at 0x4A09400: strncpy (mc_replace_strmem.c:463) by 0x408977: substr (parsing.c:61) by 0x4089EF: parse_user (parsing.c:73) by 0x408D10: cgit_parse_commit (parsing.c:153) by 0x40A540: cgit_mk_refinfo (shared.c:171) by 0x40A581: cgit_refs_cb (shared.c:181) by 0x43DEB3: do_for_each_ref (refs.c:690) by 0x41075E: cgit_print_branches (ui-refs.c:191) by 0x416EF2: cgit_print_summary (ui-summary.c:56) by 0x40780A: summary_fn (cmd.c:120) by 0x40667A: process_request (cgit.c:544) by 0x404078: cache_process (cache.c:322) Address 0x4c7192b is not stack'd, malloc'd or (recently) free'd Invalid write of size 1 at 0x4A0940E: strncpy (mc_replace_strmem.c:463) by 0x408977: substr (parsing.c:61) by 0x4089EF: parse_user (parsing.c:73) by 0x408D10: cgit_parse_commit (parsing.c:153) by 0x40A540: cgit_mk_refinfo (shared.c:171) by 0x40A581: cgit_refs_cb (shared.c:181) by 0x43DEB3: do_for_each_ref (refs.c:690) by 0x41075E: cgit_print_branches (ui-refs.c:191) by 0x416EF2: cgit_print_summary (ui-summary.c:56) by 0x40780A: summary_fn (cmd.c:120) by 0x40667A: process_request (cgit.c:544) by 0x404078: cache_process
commit cgit for openSUSE:Factory
Hello community, here is the log from the commit of package cgit for openSUSE:Factory checked in at 2012-02-20 16:07:22 Comparing /work/SRC/openSUSE:Factory/cgit (Old) and /work/SRC/openSUSE:Factory/.cgit.new (New) Package is cgit, Maintainer is Changes: --- /work/SRC/openSUSE:Factory/cgit/cgit.changes2011-12-07 14:37:32.0 +0100 +++ /work/SRC/openSUSE:Factory/.cgit.new/cgit.changes 2012-02-20 16:07:23.0 +0100 @@ -1,0 +2,5 @@ +Mon Feb 13 10:44:54 UTC 2012 - co...@suse.com + +- patch license to follow spdx.org standard + +--- Other differences: -- ++ cgit.spec ++ --- /var/tmp/diff_new_pack.KYRrSW/_old 2012-02-20 16:07:24.0 +0100 +++ /var/tmp/diff_new_pack.KYRrSW/_new 2012-02-20 16:07:24.0 +0100 @@ -21,7 +21,7 @@ Name: cgit Url:http://hjemli.net/git/cgit/ -License:GPLv2 +License:GPL-2.0 Group: Development/Libraries/C and C++ AutoReqProv:on Version:0.9.0.2 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit cgit for openSUSE:Factory
Hello community, here is the log from the commit of package cgit for openSUSE:Factory checked in at 2011-11-25 11:11:44 Comparing /work/SRC/openSUSE:Factory/cgit (Old) and /work/SRC/openSUSE:Factory/.cgit.new (New) Package is cgit, Maintainer is Changes: --- /work/SRC/openSUSE:Factory/cgit/cgit.changes2011-10-18 13:53:09.0 +0200 +++ /work/SRC/openSUSE:Factory/.cgit.new/cgit.changes 2011-11-25 10:12:14.0 +0100 @@ -1,0 +2,15 @@ +Tue Nov 22 09:24:35 UTC 2011 - sasc...@suse.de + +- Add patch cgit-fix-print-tree.diff: +The cgit build fix with respect to git-1.7.6 is incomplete: in +the file ui-tree.c ls_tree() has been patched to use pathspec +when invoking read_tree_recursive(), but cgit_print_tree() has +no t been touched. + +The resulting problem can be seen when browsing the tree of a cgit +repository: when you drill down into subfolders, parts of the +parent folder's contents will appear in the listing. + +This patch adjusts cgit_print_tree() accordingly, which fixes the problem. + +--- New: cgit-fix-print-tree.diff Other differences: -- ++ cgit.spec ++ --- /var/tmp/diff_new_pack.wLCufm/_old 2011-11-25 10:12:16.0 +0100 +++ /var/tmp/diff_new_pack.wLCufm/_new 2011-11-25 10:12:16.0 +0100 @@ -33,6 +33,7 @@ Patch: cgit-optflags.diff Patch1: cgit-git-1.7.6_build_fix.patch Patch2: cgit-CVE-2011-2711-fix.diff +Patch3: cgit-fix-print-tree.diff # Requirements for cgit BuildRequires: gnu-crypto libopenssl-devel libzip-devel # Requirements for cgitrc man page generation @@ -53,6 +54,7 @@ %patch -p1 %patch1 -p1 %patch2 -p1 +%patch3 rm -rf git mv git-%{git_version} git ++ cgit-fix-print-tree.diff ++ --- ui-tree.c 2011-11-17 18:00:20.036822908 +0100 +++ ui-tree.c 2011-11-17 18:01:22.396236999 +0100 @@ -262,6 +262,7 @@ unsigned char sha1[20]; struct commit *commit; const char *paths[] = {path, NULL}; + struct pathspec pathspec; if (!rev) rev = ctx.qry.head; @@ -283,6 +284,8 @@ } match_path = path; - read_tree_recursive(commit-tree, , 0, 0, paths, walk_tree, NULL); + init_pathspec(pathspec, paths); + read_tree_recursive(commit-tree, , 0, 0, pathspec, walk_tree, NULL); + free_pathspec(pathspec); ls_tail(); } -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org