From d0dff73e8fdfad7591475740b23b97a8df223cc8 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Fri, 24 Aug 2018 09:02:23 +0200 Subject: sync with fedora spec (epel7) --- cgit.spec | 122 ++++++++++++++++++++++++++++++++++++++------------------------ 1 file changed, 75 insertions(+), 47 deletions(-) (limited to 'cgit.spec') diff --git a/cgit.spec b/cgit.spec index 9968486..6a66d71 100644 --- a/cgit.spec +++ b/cgit.spec @@ -1,3 +1,14 @@ +# remirepo spec file for cgit, from: +# +# Fedora spec file for cgit +# +# License: MIT +# http://opensource.org/licenses/MIT +# +# Please preserve changelog entries +# + + # Review bug: https://bugzilla.redhat.com/479723 %global gitver 2.10.2 @@ -8,11 +19,6 @@ %global syntax_highlight 1 -%if 0%{?rhel} && 0%{?rhel} <= 5 -# On el5, manual actions are needed to make syntax highlighting work -%global syntax_highlight 0 -%endif - # Temporarily -- in epel-7-ppc64 is not highlight package currently, #1117261 %if 0%{?rhel} == 7 %ifarch ppc64 @@ -20,48 +26,33 @@ %endif %endif -%global make_cgit \ -export CFLAGS="%{optflags}" \ -export LDFLAGS="%{?__global_ldflags}" \ -make V=1 %{?_smp_mflags} \\\ - DESTDIR=%{buildroot} \\\ - INSTALL="install -p" \\\ - CACHE_ROOT=%{cachedir} \\\ - CGIT_SCRIPT_PATH=%{scriptdir} \\\ - CGIT_SCRIPT_NAME=cgit \\\ - CGIT_DATA_PATH=%{cgitdata} \\\ - docdir=%{docdir} \\\ - filterdir=%{filterdir} \\\ - prefix=%{_prefix} - Name: cgit Version: 1.1 -Release: 3%{?dist} +Release: 11%{?dist} Summary: A fast web interface for git Group: Development/Tools License: GPLv2 -URL: http://git.zx2c4.com/cgit/ -Source0: http://git.zx2c4.com/cgit/snapshot/%{name}-%{version}.tar.xz -Source1: http://www.kernel.org/pub/software/scm/git//git-%{gitver}.tar.xz +URL: https://git.zx2c4.com/cgit/ +Source0: https://git.zx2c4.com/cgit/snapshot/%{name}-%{version}.tar.xz +Source1: https://www.kernel.org/pub/software/scm/git//git-%{gitver}.tar.xz Source2: cgitrc Source3: README.SELinux +# https://git.zx2c4.com/cgit/commit/?id=53efaf30b +Patch0: 0001-clone-fix-directory-traversal.patch + # Security guys might try to repoquery for this. Provides: bundled(git) = %gitver %if %{syntax_highlight} -# On all but RHEL5 highlight is version 3. +# All supported releases use hightlight version 3. Patch1: cgit-0.9.1-highlightv3.patch BuildRequires: highlight %endif -BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) BuildRequires: asciidoc -%if 0%{?rhel} && 0%{?rhel} <= 5 -# These are missing asciidoc requirements -BuildRequires: docbook-style-xsl libxslt -%endif +BuildRequires: gcc %if 0%{?fedora} || 0%{?rhel} >= 6 BuildRequires: libcurl-devel %else @@ -69,14 +60,13 @@ BuildRequires: curl-devel %endif BuildRequires: openssl-devel BuildRequires: lua-devel +BuildRequires: make %if 0%{?fedora} # just to be able to install httpd configuration correctly, FC21+ Requires: httpd-filesystem -Requires: webserver -%else -Requires: httpd %endif +Requires: webserver %description @@ -84,6 +74,7 @@ Cgit is a fast web interface for git. It uses caching to increase performance. %prep %setup -q -a 1 +%patch0 -p1 %if %{syntax_highlight} %patch1 -p1 %endif @@ -91,7 +82,30 @@ Cgit is a fast web interface for git. It uses caching to increase performance. # setup the git dir rm -rf git mv git-%{gitver} git -sed -i 's|^\(CFLAGS = \).*|\1%{optflags}|' git/Makefile + +# Use the same options for every invocation of 'make'. +# Otherwise it will rebuild in %%install due to flags changes. +cat << \EOF > cgit.conf +V = 1 +CFLAGS = %{optflags} +LDFLAGS = %{?__global_ldflags} +DESTDIR = %{buildroot} +INSTALL = install -p +CACHE_ROOT = %{cachedir} +CGIT_SCRIPT_PATH = %{scriptdir} +CGIT_SCRIPT_NAME = cgit +CGIT_DATA_PATH = %{cgitdata} +docdir = %{docdir} +filterdir = %{filterdir} +prefix = %{_prefix} +EOF + +# git build flags +cat << \EOF > git/config.mak +V = 1 +CFLAGS = %{optflags} +LDFLAGS = %{?__global_ldflags} +EOF # I tried to use matchpathcon, but we would need to require # selinux-policy-targeted probably. @@ -100,12 +114,6 @@ build_dist=%{?fedora:fedora}%{?rhel:rhel} build_ver=%{?fedora}%{?rhel} cgit_context=git_sys_content_t -case "$build_dist-$build_ver" in - rhel-5) - cgit_context=httpd_sys_content_t - ;; -esac - sed -e "s|@CGIT_CONTEXT@|$cgit_context|g" \ %{SOURCE3} > README.SELinux @@ -121,10 +129,10 @@ EOF %build -%{make_cgit} +make %{?_smp_mflags} # Something in the a2x chain doesn't like running in parallel. :/ -%{make_cgit} -j1 doc-man doc-html +make -j1 doc-man doc-html %if %{syntax_highlight} # el5 highlight doesn't know --print-style @@ -133,22 +141,23 @@ highlight --print-style --style-outfile=stdout >> cgit.css %install -rm -rf %{buildroot} -%{make_cgit} install install-man +make DESTDIR=%{buildroot} install install-man install -d -m0755 %{buildroot}%{_sysconfdir}/httpd/conf.d install -p -m0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/cgitrc install -p -m0644 httpd.conf %{buildroot}%{_sysconfdir}/httpd/conf.d/cgit.conf install -d -m0755 %{buildroot}%{cachedir} -%clean -rm -rf %{buildroot} - %files -%defattr(-,root,root,-) %doc COPYING README* *.html %config(noreplace) %{_sysconfdir}/cgitrc +%if 0%{?rhel} && 0%{?rhel} <= 7 +# Keep those two httpd-owned directories listed here until httpd-filesystem +# becomes part of EPEL. See rhbz#1138599 for more details. +%dir %{_sysconfdir}/httpd +%dir %{_sysconfdir}/httpd/conf.d +%endif %config(noreplace) %{_sysconfdir}/httpd/conf.d/cgit.conf %dir %attr(-,apache,root) %{cachedir} %{cgitdata} @@ -158,6 +167,25 @@ rm -rf %{buildroot} %changelog +* Fri Aug 24 2018 Remi Collet - 1.1-11 +- rebuild for remirepo, synced with EPEL-7: + +* Fri Aug 03 2018 Todd Zullinger - 1.1-11 +- Fix directory traversal vulnerability + +* Sun Feb 18 2018 Todd Zullinger - 1.1-10 +- Use https for source URLs +- Remove el5 conditionals +- Use cgit.conf and config.mak for cgit/git build options +- Drop obsolete %%{buildroot} cleanup +- Add gcc and make BuildRequires + +* Mon Jul 24 2017 Todd Zullinger - 1.1-5 +- Require webserver on all dists (#1468839) + +* Mon Jul 24 2017 Kevin Fenzi - 1.1-4 +- Fix httpd requirements on epel7. Fixes bug #1468839 + * Tue Mar 07 2017 Pavel Raiskup - 1.1-3 - suggest using correct selinux context (rhbz#1429790) -- cgit