Fixes two security issues, described in the 2.13.7 release notes¹:
* Submodule "names" come from the untrusted .gitmodules file, but we
blindly append them to $GIT_DIR/modules to create our on-disk repo
paths. This means you can do bad things by putting "../" into the
name. We now enforce some rules for submodule names which will cause
Git to ignore these malicious names (CVE-2018-11235).
Credit for finding this vulnerability and the proof of concept from
which the test script was adapted goes to Etienne Stalmans.
* It was possible to trick the code that sanity-checks paths on NTFS
into reading random piece of memory (CVE-2018-11233).
¹ https://mirrors.edge.kernel.org/pub/software/scm/git/docs/RelNotes/2.13.7.txt
If 'make test' fails before running any tests, the debug output from
print-failed-test-output is confusing:
+ ./print-failed-test-output
cat: t/test-results/*.exit: No such file or directory
./print-failed-test-output: line 6: [: : integer expression expected
--------------------------------------------------------------------------------
t/test-results/*.out
--------------------------------------------------------------------------------
cat: t/test-results/*.out: No such file or directory
Use the bash failglob option to imrpve the output:
+ ./print-failed-test-output
./print-failed-test-output: line 12: no match: t/test-results/*.exit
The unknown, but temporary, breakage in fedora-28-x86_64 buildroots
appears to be resolved.
The test was disabled in a998227 ("Disable t5000-tar-tree.sh on x86 in
f28", 2018-01-18).
The spec file is a bit easier to read with as few conditional blocks as
required. Use %bcond_(with|without) to allow easier toggling of the
link checking.
Using stderr rather than syslog should be a mild improvement with the
systemd journal. The reasons are detailed in the upstream commit
0c591cacba ("daemon: add --log-destination=(stderr|syslog|none)",
2018-02-04)¹:
The combination of --inetd with --log-destination=stderr is useful, for
instance, when running `git daemon` as an instanced systemd service
(with associated socket unit). In this case, log messages sent via
syslog are received by the journal daemon, but run the risk of being
processed at a time when the `git daemon` process has already exited
(especially if the process was very short-lived, e.g. due to client
error), so that the journal daemon can no longer read its cgroup and
attach the message to the correct systemd unit (see systemd/systemd#2913
[1]). Logging to stderr instead can solve this problem, because systemd
can connect stderr directly to the journal daemon, which then already
knows which unit is associated with this stream.
[1]: https://github.com/systemd/systemd/issues/2913
While here, wrap the git-daemon command line to improve readability.
¹ https://github.com/git/git/commit/0c591cacba
Move all Requires to their own lines for better readability.
We can safely drop the 'perl(Git)' requires from the cvs and email
packages because the perl rpm dependency generator already add it.
We can also drop 'perl-Git = %{version}-%{release}' from the email
package because it requires 'git = %{version}-%{release}' which in turn
requires the matching 'perl-Git' package.
Git tries very hard to rely on as few non-core modules as possible. The
few that it does (currently Error and Mail::Address) are bundled. We've
disabled such bundling since it became an option in 2.17.0.
Go a step further and remove the Git::LoadCPAN wrapper. This allows
rpm's automatic dependency generator to find and add the needed
requirements.
With this change we can remove the manual 'Requires:' for perl(Error)
and perl(Mail::Address).
'Requires: perl(Error)' in the main git package has been unneeded for
many years. It was added in edddb83 ("Update to latest upstream
release. Fix some bugs at the same time", 2007-11-27), which was
git-1.5.3.6. It was needed for 'git svn' and 'git remote'. 'git svn'
requires perl(Git), which in turn requires perl(Error).
In git-1.5.5, 'git remote' was converted to a builtin command in C
rather than perl, removing the perl(Error) dependency.
Lastly, move the 'BuildRequires: perl(Error)' from perl-Git to the main
list of BuildRequires.
The bare p4 entry was a bit concerning; it's easy to imagine false
positives from such a short string. Remove git-remote-(bzr|hg) from the
pattern. The scripts and placeholders were removed in git-2.0.0.
While here, group all the git-* patterns and be more explicit with the
svn files.
Python 2 end of life is approaching, prepare for dropping it
along with all python2 scripts and subpackages requiring it.
Helped-by: Sebastian Kisela <skisela@redhat.com>
Helped-by: Pavel Cahyna <pcahyna@redhat.com>
The previous commit disabled the cvs subpackage on EL > 7. Convert to
the %bcond_with(out) macro to allow the subpackage to be toggled easily
via a --with/--without option at build time.
When setting NO_PERL_CPAN_FALLBACKS to avoid bundled perl modules, we
must take care to ensure the dependencies are required. The code which
handles modules via Git::LoadCPAN prevents the normal perl dependency
generator from identifying them. Thankfully, there should not be many
modules loaded this way.
Prior to 2.17.0 and NO_PERL_CPAN_FALLBACKS we were falling back to not
using Mail::Address, which is partly why the lack of the dependency
wasn't spotted with rpmdiff with and without NO_PERL_CPAN_FALLBACKS.
Using a simple glob in contrib/hooks/* to match contributed hook scripts
was valid when it was added in 762cf11 ("Update to git-1.6.3.3 - Move
contributed hooks to %{_datadir}/git-core/contrib/hooks (bug 500137)",
2009-06-28). With the addition of the multimail directory in git-1.8.4
it was no longer doing what was intended.
However, the scripts in contrib/hooks all ship with the execute bit set,
making the "chmod +x" unnecessary. If we did descend into the multimail
directory with a chmod (whether via "chmod -R" or "find | xargs ..."),
we would need to exclude the non-script files within that directory.
Fedora 28 prints a deprecation notice if /usr/bin/python is called in an
rpm build¹, which is done by default when byte-compiling python files
outside of %{_libdir}/pythonX.X.
Avoid the issue by dropping the .py extension from the multimail hook
script. The hook script is not used as a module and therefore has no
need to use the extension or be byte-compiled.
¹ https://fedoraproject.org/wiki/Changes/Avoid_usr_bin_python_in_RPM_Build
Ensure find and xargs are required. While findutils is currently in the
default buildroot, we should still be explicit about the requirement.
Also improve the 'find | xargs' calls to handle files which may contain
spaces, quotes, or other characters which might cause spurious failures.
The gitweb httpd config file was added long before git gained support
for smart http, in c97cf8e ("Add git-daemon and gitweb packages",
2007-08-04).
Now, users who want to enable git's smart http support with apache will
often want to use /etc/httpd/conf.d/git.conf as the path.
Make this easier by giving the gitweb httpd config file a more logical
name going forward. Keep the current config file name in previous
releases.
The perl install process was updated to remove the need for
ExtUtils::MakeMaker. The main change for us is setting perllibdir to
keep the files installed in %{perl_vendorlib}.
Manpages for non-public portions of the Git perl modules are no longer
built. Anyone who wishes to make use of these modules can read the
source files or use pod2man.
Set NO_PERL_CPAN_FALLBACKS to ensure we don't package the bundled
fallback modules.
Also drop now-unneeded commands to remove *.bs, .packlist, and
perllocal.pod files. The new install method does not produce these
artifacts.
A recent discussion on the git list¹ suggested that using symlinks
should be clearer and have no drawbacks (except on filesystems where
symlinks are not well supported, e.g. on Windows).
This shrinks the git-core package by nearly 25% and saves almost 6MB in
the debuginfo package.
See also 6ef5f1f ("Disable cross-directory hardlinks", 2017-11-10).
¹ https://public-inbox.org/git/87y3iwp2z0.fsf@evledraar.gmail.com/#t
Ensure all binaries are hardened when building on EL-6 & EL-7. On EL-7
use the %{_hardened_build} macro. On EL-6 update %{optflags} and set
%{__global_ldflags}.
For EL-7 this could also be put in the existing Fedora and EL >= 7
condition, e.g.: %{!?_hardened_build: %global _hardened_build 1}. I
think this is a bit uglier than needed and is better in an %if condition
which only applied to EL-7.
The guidelines require all required packages to be explicitly listed.
This list may not be complete, but it's a start.
Additionally, a proposed change for Fedora 29 removes gcc from the
default BuildRoot.
While at it, sort a few BuildRequires in alphabetical order.
The use of %defattr has been unneeded since rpm-4.4. It was removed
from the guidelines 6 years ago¹. It was kept to allow builds on EL-5,
which has been EOL since March of last year.
¹ https://pagure.io/packaging-committee/issue/77
%defattr is no longer needed in Fedora
Re-enable t9128, t9141, and t9167 which were disabled due to these
random segfaults. The bug has also been reported against the subversion
perl bindings in Debian¹. Hopefully this will reach upstream subversion
if a fix is made to subversion.
¹ https://bugs.debian.org/888791
Move contrib/hooks/multimail from git-core to git and use python3 rather
than python2.
We still use python2 as the default PYTHON_PATH because not all of the
python scripts in git support python3. None of the other scripts are
included in git-core though.
Primarily, python2 is used by git-p4 and contrib/svn-fe/svnrdump_sim.py
(which is used by t9020-remote-svn.sh). Converting git-p4 to python3 is
not a trivial matter of fixing a few print statements. A simple
conversion using python3's 2to3 tool results in a large number of test
failures.
Add a python3-devel BuildRequires for %{__python3} and add python2-devel
to the tests section since t9020-remote-svn.sh uses python2. (We
already BR python2-devel in git-p4, but having it in the tests section
ensures we don't remove it if/when git-p4 supports python3.)
This release fixes an issue which only affects users on case-insensitive
file systems and repositories which contain paths that differ only in
case. Such circumstances result in a segmentation fault in various git
commands.
This test was passing as recently as last week. Something seems to have
changed or broken in the x86 arch of f28 since then. Disable the test
until the issue is determined and resolved.
With 'prove' as the test harness the tests can be run in parallel on
EPEL as well as Fedora targets.
Move GIT_TEST_OPTS to config.mak along with the new test options and
enable shell tracing (-x). The output from failures when tracing is
enabled should allow us to more easily diagnose test failures.
Explicitly use /bin/bash as the shell for the test suite; it allows
using "-x" reliably across the whole test suite. This is made possible
by changes included in 2.16.0 thanks to Jeff King¹, particularly:
3f824e91c8 t/Makefile: introduce TEST_SHELL_PATH
f5ba2de6bc test-lib: make "-x" work with "--verbose-log"
90c8a1db9d test-lib: silence "-x" cleanup under bash
¹ https://github.com/gitster/git/tree/jk/test-suite-tracing
