Hello community, here is the log from the commit of package git.1371 for openSUSE:12.3:Update checked in at 2013-02-24 20:51:24 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.3:Update/git.1371 (Old) and /work/SRC/openSUSE:12.3:Update/.git.1371.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "git.1371", Maintainer is "" Changes: -------- New Changes file: --- /dev/null 2013-02-09 11:18:20.872010756 +0100 +++ /work/SRC/openSUSE:12.3:Update/.git.1371.new/git.changes 2013-02-24 20:51:25.000000000 +0100 @@ -0,0 +1,1877 @@ +------------------------------------------------------------------- +Wed Feb 20 17:26:15 CET 2013 - [email protected] + +- updated to version 1.8.1.4: + * "git imap-send" talking over imaps:// did make sure it received a + valid certificate from the other end, but did not check if the + certificate matched the host it thought it was talking to. + + This fixes CVE-2013-0308, bnc#804730 + +------------------------------------------------------------------- +Sat Feb 16 02:19:25 UTC 2013 - [email protected] + +- updated to version 1.8.1.3: + + * minor fixes and documentation updates. + + more details, please see here: + https://raw.github.com/git/git/master/Documentation/RelNotes/1.8.1.3.txt + +------------------------------------------------------------------- +Wed Jan 30 01:57:15 UTC 2013 - [email protected] + +- updated to version 1.8.1.2: + + * An element on GIT_CEILING_DIRECTORIES list that does not name the + real path to a directory (i.e. a symbolic link) could have caused + the GIT_DIR discovery logic to escape the ceiling. + + * Command line completion for "tcsh" emitted an unwanted space + after completing a single directory name. + + * Command line completion leaked an unnecessary error message while + looking for possible matches with paths in <tree-ish>. + + * "git archive" did not record uncompressed size in the header when + streaming a zip archive, which confused some implementations of unzip. + + * When users spelled "cc:" in lowercase in the fake "header" in the + trailer part, "git send-email" failed to pick up the addresses from + there. As e-mail headers field names are case insensitive, this + script should follow suit and treat "cc:" and "Cc:" the same way. + + Also contains various documentation fixes. + +------------------------------------------------------------------- +Thu Jan 17 02:08:43 UTC 2013 - [email protected] + +- updated to version 1.8.1.1: + + * minor fixes and documentation updates. + + more details, please see here: + https://raw.github.com/git/git/master/Documentation/RelNotes/1.8.1.1.txt + +------------------------------------------------------------------- +Tue Jan 1 15:18:58 UTC 2013 - [email protected] + +- updated to version 1.8.1: + + * a bit of features. + * other minor fixes and documentation updates since v1.8.0. + + more details, please see here: + https://raw.github.com/git/git/master/Documentation/RelNotes/1.8.1.txt. + +------------------------------------------------------------------- +Fri Dec 14 00:46:08 UTC 2012 - [email protected] + +- updated to version 1.8.0.2: + + * Various codepaths have workaround for a common misconfiguration to + spell "UTF-8" as "utf8", but it was not used uniformly. Most + notably, mailinfo (which is used by "git am") lacked this support. + + * We failed to mention a file without any content change but whose + permission bit was modified, or (worse yet) a new file without any + content in the "git diff --stat" output. + + * When "--stat-count" hides a diffstat for binary contents, the total + number of added and removed lines at the bottom was computed + incorrectly. + + * When "--stat-count" hides a diffstat for unmerged paths, the total + number of affected files at the bottom of the "diff --stat" output + was computed incorrectly. + + * "diff --shortstat" miscounted the total number of affected files + when there were unmerged paths. + + * "git p4" used to try expanding malformed "$keyword$" that spans + across multiple lines. + + * "git update-ref -d --deref SYM" to delete a ref through a symbolic + ref that points to it did not remove it correctly. + + * Syntax highlighting in "gitweb" was not quite working. + + Also contains other minor fixes and documentation updates. + +------------------------------------------------------------------- +Tue Nov 27 02:54:50 UTC 2012 - [email protected] + +- updated to version 1.8.0.1: + + * a bit of features. + + * other minor fixes and documentation updates since v1.8.0. + + more details, please see here: + https://raw.github.com/git/git/master/Documentation/RelNotes/1.8.0.1.txt. + +------------------------------------------------------------------- +Mon Oct 22 12:21:08 UTC 2012 - [email protected] + +- updated to version 1.8.0: + + * a lot of features. + + * minor documentation updates and code clean-ups. + + * all the fixes since v1.7.12. + + more details, please see here: + https://raw.github.com/git/git/master/Documentation/RelNotes/1.8.0.txt. + +------------------------------------------------------------------- +Thu Oct 18 14:50:30 UTC 2012 - [email protected] + +- updated to version 1.7.12.4: + + * "git fetch" over the dumb-http revision walker could segfault when + curl's multi interface was used. + + * It was possible to give specific paths for "asciidoc" and other + tools in the documentation toolchain, but not for "xmlto". + + * "gitweb" did not give the correct committer timezone in its feed + output due to a typo. + + * The "-Xours" (and similarly -Xtheirs) backend option to "git + merge -s recursive" was ignored for binary files. Now it is + honored. + + * The "binary" synthetic attribute made "diff" to treat the path as + binary, but not "merge". + + Also contains many documentation updates. + +------------------------------------------------------------------- +Thu Oct 11 00:19:07 CST 2012 - [email protected] + +- updated to version 1.7.12.3: + + * "git am" mishandled a patch attached as application/octet-stream + (e.g. not text/*); Content-Transfer-Encoding (e.g. base64) was not + honored correctly. + + * It was unclear in the documentation for "git blame" that it is + unnecessary for users to use the "--follow" option. + + * A repository created with "git clone --single" had its fetch + refspecs set up just like a clone without "--single", leading the + subsequent "git fetch" to slurp all the other branches, defeating + the whole point of specifying "only this branch". + + * "git fetch" over http had an old workaround for an unlikely server + misconfiguration; it turns out that this hurts debuggability of the + configuration in general, and has been reverted. + + * "git fetch" over http advertised that it supports "deflate", which + is much less common, and did not advertise the more common "gzip" on + its Accept-Encoding header. + + * "git receive-pack" (the counterpart to "git push") did not give + progress output while processing objects it received to the puser + when run over the smart-http protocol. + + * "git status" honored the ignore=dirty settings in .gitmodules but + "git commit" didn't. + + Also contains a handful of documentation updates. + +------------------------------------------------------------------- +Mon Oct 8 20:50:47 UTC 2012 - [email protected] + +- Use ./.make also in %check to test exactly what was built +- Avoid duplicate file warnings + +------------------------------------------------------------------- +Thu Oct 4 22:29:10 CST 2012 - [email protected] + +- updated to version 1.7.12.2: + + * When "git am" is fed an input that has multiple "Content-type: ..." + header, it did not grok charset= attribute correctly. + ++++ 1680 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.3:Update/.git.1371.new/git.changes New: ---- apache2-gitweb.conf completion-wordbreaks.diff git-1.8.1.4.tar.gz git-bash-completion-egrep-color-fix.diff git-daemon.init git-prevent_xss-default.diff git-python-install-fix.diff git.changes git.spec git.xinetd susefirewall-git-daemon sysconfig.git-daemon usr.share.git-web.gitweb.cgi ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ git.spec ++++++ # # spec file for package git # # Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %define gitexecdir %_libexecdir/git %define _fwdefdir /etc/sysconfig/SuSEfirewall2.d/services Name: git BuildRequires: asciidoc BuildRequires: curl BuildRequires: fdupes BuildRequires: libcurl-devel BuildRequires: libexpat-devel BuildRequires: libopenssl-devel BuildRequires: perl-Error BuildRequires: python BuildRequires: sgml-skel BuildRequires: xmlto Version: 1.8.1.4 Release: 0 Summary: Fast, scalable, distributed revision control system License: GPL-2.0 Group: Development/Tools/Version Control Url: http://git-scm.com Source0: http://git-core.googlecode.com/files/%name-%{version}.tar.gz Source1: apache2-gitweb.conf Source2: sysconfig.git-daemon Source3: git-daemon.init Source4: git.xinetd Source5: usr.share.git-web.gitweb.cgi Source6: susefirewall-git-daemon Patch2: git-python-install-fix.diff Patch3: completion-wordbreaks.diff # CVE-2011-2186, bnc#698456 Patch4: git-prevent_xss-default.diff # fix broken bash copmletion with colored egrep (bnc#779536) Patch5: git-bash-completion-egrep-color-fix.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build Requires: git-core = %{version} Recommends: git-svn git-cvs git-email gitk git-gui git-web Suggests: git-daemon %description Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. This package itself only provides the README of git but with the packages it requires, it brings you a complete Git environment including GTK and email interfaces and tools for importing source code repositories from other revision control systems such as subversion, CVS, and GNU arch. %package core Summary: Core git tools Group: Development/Tools/Version Control Requires: less Requires: openssh Requires: perl-Error Requires: perl-base = %{perl_version} Requires: rsync %description core Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. These are the core tools with minimal dependencies. %package svn Summary: Git tools for importing Subversion repositories Group: Development/Tools/Version Control Requires: git-core = %{version} Requires: subversion Requires: subversion-perl %description svn Tools for importing Subversion repositories to the Git version control system. %package cvs Summary: Git tools for importing CVS repositories Group: Development/Tools/Version Control Requires: cvs Requires: cvsps Requires: git-core = %{version} Requires: perl-DBD-SQLite %description cvs Tools for importing CVS repositories to the Git version control system. %package arch Summary: Git tools for importing Arch repositories Group: Development/Tools/Version Control Requires: git-core = %{version} # Requires: tla %description arch Tools for importing GNU Arch repositories to the GIT version control system. %package email Summary: Git tools for sending email Group: Development/Tools/Version Control Requires: git-core = %{version} # For sending mails over secure SMTP: Recommends: perl-Net-SMTP-SSL, perl-Authen-SASL %description email Email interface for the GIT version control system. %package daemon Summary: Simple Server for Git Repositories Group: Development/Tools/Version Control Requires: git-core = %{version} PreReq: /usr/sbin/useradd %fillup_prereq %insserv_prereq %description daemon A really simple TCP git daemon. In the default configuration it allows read only access to repositories in /srv/git/ that contain the 'git-daemon-export-ok' file. %package -n gitk Summary: Git revision tree visualiser Group: Development/Tools/Version Control Requires: git-core = %{version} Requires: tk >= 8.4 Supplements: packageand(git-core:tk) %description -n gitk Grapical tool for visualization of revision trees of projects maintained in the Git version control system. It name gitk indicates that it's written using the Tk Widget set. A simple Tk based graphical interface for common Git operations is found in the package git-gui. %package gui Summary: Grapical tool for common git operations Group: Development/Tools/Version Control Requires: git-core = %{version} Requires: tk >= 8.4 Supplements: packageand(git-core:tk) %description gui A Tcl/Tk based graphical user interface to Git. git-gui focuses on allowing users to make changes to their repository by making new commits, amending existing ones, creating branches, performing local merges, and fetching/pushing to remote repositories. Unlike gitk, git-gui focuses on commit generation and single file annotation, and does not show project history. It does however supply menu actions to start a gitk session from within git-gui. %package web Summary: Git Web Interface Group: Development/Tools/Version Control Requires: git-core = %{version} Supplements: packageand(git-core:apache2) %description web CGI script that allows browsing git repositories via web interface. The apache2 configuration contained in this package installs a virtual directory /git/ that calls the cgi script. %package remote-helpers Summary: Python package for remote helper scripts Group: Development/Tools/Version Control Requires: git-core = %{version} Requires: python %description remote-helpers This package contains the building blocks for remote helpers written in Python. %prep %setup -q %patch2 -p1 %patch3 -p1 %patch4 -p1 %patch5 -p1 %build cat > .make <<'EOF' #!/bin/bash make %{_smp_mflags} CFLAGS="$RPM_OPT_FLAGS" \ GITWEB_CONFIG="/etc/gitweb.conf" \ GITWEB_PROJECTROOT="/srv/git" \ WITH_OWN_SUBPROCESS_PY=YesPlease \ DESTDIR=$RPM_BUILD_ROOT \ NO_CROSS_DIRECTORY_HARDLINKS=1 \ NO_INSTALL_HARDLINKS=1 \ V=1 \ prefix=%{_prefix} mandir=%{_mandir} \ gitexecdir=%{gitexecdir} \ htmldir=%{_docdir}/git-core \ "$@" EOF # chmod 755 .make ./.make all %{?_smp_mflags} %{!?_without_docs: ./.make doc} %install ./.make install %{!?_without_docs: install-doc} ### git-web cp gitweb/INSTALL INSTALL.gitweb cp gitweb/README README.gitweb install -d %{buildroot}/usr/share/git-web install -d %{buildroot}/etc/apache2/conf.d install -m 644 %{SOURCE1} $RPM_BUILD_ROOT/etc/apache2/conf.d/gitweb.conf ### git-daemon install -d -m 755 $RPM_BUILD_ROOT/etc/init.d install -m 755 %{SOURCE3} $RPM_BUILD_ROOT/etc/init.d/git-daemon install -d -m 755 $RPM_BUILD_ROOT%{_sbindir} ln -s ../../etc/init.d/git-daemon $RPM_BUILD_ROOT%{_sbindir}/rcgit-daemon install -d -m 755 $RPM_BUILD_ROOT/var/adm/fillup-templates install -m 644 %{SOURCE2} $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.git-daemon install -d -m 755 $RPM_BUILD_ROOT/srv/git install -d -m 755 $RPM_BUILD_ROOT/etc/xinetd.d install -m 644 %{S:4} $RPM_BUILD_ROOT/etc/xinetd.d/git mkdir -p $RPM_BUILD_ROOT/%{_fwdefdir} install -m 644 %{S:6} $RPM_BUILD_ROOT/%{_fwdefdir}/git-daemon ### (find $RPM_BUILD_ROOT%{_bindir} -type f -o -type l | grep -vE "archimport|svn|cvs|email|gitk|daemon|gui" | sed -e s@^$RPM_BUILD_ROOT@@) > bin-man-doc-files (find $RPM_BUILD_ROOT%{gitexecdir} ! -type d | grep -vE "archimport|svn|cvs|email|gitk|daemon|gui" | sed -e s@^$RPM_BUILD_ROOT@@) >> bin-man-doc-files (find $RPM_BUILD_ROOT%{_mandir} $RPM_BUILD_ROOT/Documentation -type f | grep -vE "archimport|svn|git-cvs|email|gitk|daemon|gui" | sed -e s@^$RPM_BUILD_ROOT@@ -e 's/$/*/' ) >> bin-man-doc-files ( pushd perl perl Makefile.PL make -f perl.mak DESTDIR=%{buildroot} install_vendor ) rm -rf %{buildroot}/usr/lib/perl5/site_perl %perl_process_packlist find $RPM_BUILD_ROOT/%_mandir -type f -print0 | xargs -0 chmod 644 install -m 644 -D contrib/completion/git-completion.bash $RPM_BUILD_ROOT/etc/bash_completion.d/git.sh install -m 644 -D contrib/completion/git-prompt.sh $RPM_BUILD_ROOT/etc/bash_completion.d/git-prompt.sh # # apparmor profile for git-web # install -d -m 755 $RPM_BUILD_ROOT/etc/apparmor.d install -m 644 %{SOURCE5} $RPM_BUILD_ROOT/etc/apparmor.d # # create predictable symlinks to make apparmor profile work for i in git git-upload-archive git-receive-pack; do rm $RPM_BUILD_ROOT%{_bindir}/$i ln -s %{gitexecdir}/git-add $RPM_BUILD_ROOT%{_bindir}/$i done if ! test -f $RPM_BUILD_ROOT%{gitexecdir}/git-add; then echo "git-add is not a regular file, apparmor profile won't work!" >&2 exit 1 fi %find_lang %{name} cat %{name}.lang >>bin-man-doc-files # use symlinks instead of hardlinks in sub-commands %fdupes -s $RPM_BUILD_ROOT %check ./.make %{?_smp_mflags} test %pre daemon if ! /usr/bin/getent passwd git-daemon >/dev/null; then /usr/sbin/useradd -r -d /var/lib/empty -s /bin/false -c "git daemon" -g nogroup git-daemon || : fi %post daemon %{fillup_and_insserv -n git-daemon} %postun daemon %{insserv_cleanup} %preun daemon %stop_on_removal %files %defattr(-,root,root) %doc README %files svn %defattr(-,root,root) %{gitexecdir}/*svn* %doc Documentation/*svn*.txt %{!?_without_docs: %{_mandir}/man1/*svn*.1*} %{!?_without_docs: %doc Documentation/*svn*.html } %files cvs %defattr(-,root,root) %doc Documentation/*git-cvs*.txt %{_bindir}/git-cvs* %{gitexecdir}/*cvs* %{!?_without_docs: %{_mandir}/man1/*cvs*.1*} %{!?_without_docs: %doc Documentation/*git-cvs*.html } %files arch %defattr(-,root,root) %doc Documentation/git-archimport.txt %{gitexecdir}/git-archimport %{!?_without_docs: %{_mandir}/man1/git-archimport.1*} %{!?_without_docs: %doc Documentation/git-archimport.html } %files email %defattr(-,root,root) %doc Documentation/*email*.txt %{gitexecdir}/*email* %{!?_without_docs: %{_mandir}/man1/*email*.1*} %{!?_without_docs: %doc Documentation/*email*.html } %files daemon %defattr(-,root,root) %doc Documentation/*daemon*.txt %{gitexecdir}/*daemon* /etc/init.d/git-daemon %{_sbindir}/rcgit-daemon %dir /srv/git /var/adm/fillup-templates/sysconfig.git-daemon %{!?_without_docs: %{_mandir}/man1/*daemon*.1*} %{!?_without_docs: %doc Documentation/*daemon*.html } %config(noreplace) /etc/xinetd.d/git %config %{_fwdefdir}/* %files -n gitk %defattr(-,root,root) %doc Documentation/*gitk*.txt %{_bindir}/gitk /usr/share/gitk %{!?_without_docs: %{_mandir}/man1/*gitk*.1*} %{!?_without_docs: %doc Documentation/*gitk*.html } %files gui %defattr(-,root,root) %doc Documentation/*gui*.txt %{gitexecdir}/git-gui* /usr/share/git-gui %{!?_without_docs: %{_mandir}/man1/*gui*.1*} %{!?_without_docs: %doc Documentation/*gui*.html } %files web %defattr(-,root,root) %doc README.gitweb INSTALL.gitweb %dir /etc/apache2 %dir /etc/apache2/conf.d %config(noreplace) /etc/apache2/conf.d/gitweb.conf /usr/share/gitweb /etc/apparmor.d %files remote-helpers %defattr(-,root,root) %if %suse_version >= 1120 %python_sitelib/* %else %py_sitedir/* %endif %files core -f bin-man-doc-files %defattr(-,root,root) %{_datadir}/git-core/ %dir %{gitexecdir} %dir %{gitexecdir}/mergetools %doc README COPYING Documentation/*.txt %{!?_without_docs: %doc Documentation/*.html } %if 0%{?suse_version} < 1140 /var/adm/perl-modules/%{name} %endif %{perl_vendorlib}/Git.pm %{perl_vendorlib}/Git/ %{perl_vendorarch}/auto/Git/ /etc/bash_completion.d/*.sh %changelog ++++++ apache2-gitweb.conf ++++++ Alias /git "/usr/share/gitweb/" <Directory "/usr/share/gitweb"> Options ExecCGI AllowOverride None AddHandler cgi-script .cgi DirectoryIndex gitweb.cgi Order allow,deny Allow from all </Directory> ++++++ completion-wordbreaks.diff ++++++ --- contrib/completion/git-completion.bash | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) --- a/contrib/completion/git-completion.bash +++ b/contrib/completion/git-completion.bash @@ -23,10 +23,12 @@ # 3) Consider changing your PS1 to also show the current branch, # see git-prompt.sh for details. -case "$COMP_WORDBREAKS" in -*:*) : great ;; -*) COMP_WORDBREAKS="$COMP_WORDBREAKS:" -esac +# SUSE-specific: We trust the system is consistent and do not let individual +# scripts play ping-pong with the global $COMP_WORDBREAKS value. +#case "$COMP_WORDBREAKS" in +#*:*) : great ;; +#*) COMP_WORDBREAKS="$COMP_WORDBREAKS:" +#esac # __gitdir accepts 0 or 1 arguments (i.e., location) # returns location of .git repo ++++++ git-bash-completion-egrep-color-fix.diff ++++++ --- contrib/completion/git-completion.bash | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/contrib/completion/git-completion.bash +++ b/contrib/completion/git-completion.bash @@ -538,7 +538,7 @@ __git_commands () { then printf "%s" "${GIT_TESTING_COMMAND_COMPLETION}" else - git help -a|egrep '^ [a-zA-Z0-9]' + git help -a|egrep --color=never '^ [a-zA-Z0-9]' fi } ++++++ git-daemon.init ++++++ #!/bin/sh # # SUSE system startup script for git-daemon # Copyright (C) 1995-2008 SUSE / Novell Inc. # # This library is free software; you can redistribute it and/or modify it # under the terms of the GNU Lesser General Public License as published by # the Free Software Foundation; either version 2.1 of the License, or (at # your option) any later version. # # This library is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, # USA. # # /etc/init.d/git-daemon # and its symbolic link # /usr/sbin/rcgit-daemon # ### BEGIN INIT INFO # Provides: git-daemon # Required-Start: $syslog $remote_fs $network # Required-Stop: $syslog $remote_fs # Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Short-Description: server for git repositories # Description: server for git repositories ### END INIT INFO if test -x /usr/lib64/git/git-daemon; then git_daemon=/usr/lib64/git/git-daemon elif test -x /usr/lib/git/git-daemon; then git_daemon=/usr/lib/git/git-daemon else echo "git-daemon not installed" if [ "$1" = "stop" ]; then exit 0 else exit 5 fi fi pidfile=/var/run/git-daemon.pid # Check for existence of needed config file and read it git_daemon_config=/etc/sysconfig/git-daemon test -r $git_daemon_config || { echo "$git_daemon_config not existing"; if [ "$1" = "stop" ]; then exit 0; else exit 6; fi; } # Read config . $git_daemon_config : ${GIT_DAEMON_BASE_PATH:=/srv/git} : ${GIT_DAEMON_USER:=git-daemon} : ${GIT_DAEMON_GROUP:=nogroup} . /etc/rc.status # Reset status of this service rc_reset case "$1" in start) echo -n "Starting git-daemon " /sbin/startproc -p $pidfile $git_daemon \ --syslog \ --detach \ --reuseaddr \ --user=${GIT_DAEMON_USER} \ --group=${GIT_DAEMON_GROUP} \ --pid-file=$pidfile \ --base-path="$GIT_DAEMON_BASE_PATH" \ $GIT_DAEMON_ARGS rc_status -v ;; stop) echo -n "Shutting down git-daemon " /sbin/killproc -p $pidfile $git_daemon -TERM rc_status -v ;; try-restart|condrestart) if test "$1" = "condrestart"; then echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}" fi $0 status if test $? = 0; then $0 restart else rc_reset # Not running is not a failure. fi rc_status ;; restart) ## Stop the service and regardless of whether it was ## running or not, start it again. $0 stop $0 start # Remember status and be quiet rc_status ;; force-reload) $0 try-restart rc_status ;; reload) echo -n "Reload service git-daemon " ## does not support reload rc_failed 3 rc_status -v ;; status) echo -n "Checking for service git-daemon " /sbin/checkproc -p $pidfile $git_daemon rc_status -v ;; probe) test $git_daemon_config -nt $pidfile && echo reload ;; *) echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}" exit 1 ;; esac rc_exit ++++++ git-prevent_xss-default.diff ++++++ From: Jakub Narebski <[email protected]> Subject: [PATCH] gitweb: Enable $prevent_xss by default This fixes issue CVE-2011-2186 originally reported in https://launchpad.net/bugs/777804 Reported-by: dave b <[email protected]> Signed-off-by: Jakub Narebski <[email protected]> --- git-instaweb.sh | 4 ++++ gitweb/README | 5 +++-- gitweb/gitweb.perl | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) --- a/git-instaweb.sh +++ b/git-instaweb.sh @@ -583,6 +583,10 @@ our \$git_temp = "$fqgitdir/gitweb/tmp"; our \$projects_list = \$projectroot; +# we can trust our own repository, so disable XSS prevention +# to enable some extra features +our \$prevent_xss = 0; + \$feature{'remote_heads'}{'default'} = [1]; EOF } --- a/gitweb/gitweb.perl +++ b/gitweb/gitweb.perl @@ -170,7 +170,7 @@ # Disables features that would allow repository owners to inject script into # the gitweb domain. -our $prevent_xss = 0; +our $prevent_xss = 1; # Path to the highlight executable to use (must be the one from # http://www.andre-simon.de due to assumptions about parameters and output). ++++++ git-python-install-fix.diff ++++++ --- Makefile | 2 +- git_remote_helpers/Makefile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) --- a/git_remote_helpers/Makefile +++ b/git_remote_helpers/Makefile @@ -29,7 +29,7 @@ $(QUIET)$(PYTHON_PATH) $(pysetupfile) $(QUIETSETUP) build install: $(pysetupfile) - $(PYTHON_PATH) $(pysetupfile) install --prefix $(DESTDIR_SQ)$(prefix) + $(PYTHON_PATH) $(pysetupfile) install --prefix $(prefix) --root $(DESTDIR_SQ) instlibdir: $(pysetupfile) @echo "$(DESTDIR_SQ)$(prefix)/$(PYLIBDIR)" --- a/Makefile +++ b/Makefile @@ -1800,7 +1800,7 @@ $(patsubst %.py,%,$(SCRIPT_PYTHON)): % : %.py $(QUIET_GEN)$(RM) $@ $@+ && \ INSTLIBDIR=`MAKEFLAGS= $(MAKE) -C git_remote_helpers -s \ - --no-print-directory prefix='$(prefix_SQ)' DESTDIR='$(DESTDIR_SQ)' \ + --no-print-directory prefix='$(prefix_SQ)' DESTDIR=\ instlibdir` && \ sed -e '1s|#!.*python|#!$(PYTHON_PATH_SQ)|' \ -e 's|\(os\.getenv("GITPYTHONLIB"\)[^)]*)|\1,"@@INSTLIBDIR@@")|' \ ++++++ git.xinetd ++++++ # default: off # description: The git server offers access to git repositories service git { disable = yes socket_type = stream protocol = tcp wait = no user = git-daemon group = nogroup server = /usr/bin/git server_args = daemon --syslog --inetd --base-path=/srv/git type = UNLISTED port = 9418 log_on_failure += USERID } ++++++ susefirewall-git-daemon ++++++ ## Name: git-daemon ## Description: Open ports for git-daemon TCP="git" ++++++ sysconfig.git-daemon ++++++ ## Path: Network/git-daemon ## Description: git daemon configuration ## ServiceRestart: git-daemon ## Type: string ## Default: # # base path for exported directories # # defaults to "/srv/git" if not set # GIT_DAEMON_BASE_PATH="" ## Type: string ## Default: # # additional arguments for git-daemon. See manual page GIT_DAEMON_ARGS="" ## Type: string ## Default: # # defaults to "git-daemon" if not set # # User to run git-daemon as. GIT_DAEMON_USER="" ## Type: string ## Default: # # defaults to "nogroup" if not set # # Group to run git-daemon as. GIT_DAEMON_GROUP="" ++++++ usr.share.git-web.gitweb.cgi ++++++ # Last Modified: Fri Dec 19 11:03:49 2008 #include <tunables/global> /usr/share/gitweb/gitweb.cgi { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/nameservice> #include <abstractions/perl> /bin/bash rix, /dev/tty rw, /etc/gitweb.conf r, /etc/mime.types r, /proc/meminfo r, /proc/sys/kernel/ngroups_max r, /srv/git/ r, /srv/git/** r, /usr/bin/perl ix, /usr/lib/git/git rix, /usr/bin/git-receive-pack rix, /usr/share/gitweb/* r, /usr/share/gitweb/static/* r, } -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
