From 164ae5d862577c37f40e7a2969b4163649a0cb8f Mon Sep 17 00:00:00 2001 From: Jacob Wang Date: Tue, 24 Jun 2025 14:47:03 +0800 Subject: [PATCH 1/4] [CVE]update to git-lfs-3.4.1-5 to #ICGZVZ update to git-lfs-3.4.1-5 for CVE-2025-22871 Project: TC2024080204 Signed-off-by: Jacob Wang --- git-lfs.spec | 39 ++++++--------------------------------- 1 file changed, 6 insertions(+), 33 deletions(-) diff --git a/git-lfs.spec b/git-lfs.spec index 6464e8d..1caf499 100644 --- a/git-lfs.spec +++ b/git-lfs.spec @@ -1,4 +1,3 @@ -%define anolis_release .0.1 # Build man pages %global with_manpages 1 @@ -15,16 +14,12 @@ Version: 3.4.1 %global gobuilddir %{_builddir}/%{name}-%{version}/_build -%ifnarch loongarch64 -%define pie_mode -buildmode pie -%endif - # define gobuild macro to not lose hardening, because of macro conflict # https://bugzilla.redhat.com/show_bug.cgi?id=1919348 -%global gobuild CGO_CPPFLAGS="-D_FORTIFY_SOURCE=2 -fstack-protector-all" go build -compiler gc %{?!pie_mode} '-tags=rpm_crashtraceback libtrust_openssl ' -ldflags "-linkmode=external -compressdwarf=false ${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v -x %{?**} +%global gobuild CGO_CPPFLAGS="-D_FORTIFY_SOURCE=2 -fstack-protector-all" go build -compiler gc -buildmode pie '-tags=rpm_crashtraceback libtrust_openssl ' -ldflags "-linkmode=external -compressdwarf=false ${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v -x %{?**} Name: git-lfs -Release: 4%{anolis_release}%{?dist} +Release: 5%{?dist} Summary: Git extension for versioning large files License: MIT @@ -88,27 +83,12 @@ BuildRequires: git >= 2.32.0 %endif Requires: git-core >= 2.32.0 -%ifarch loongarch64 -BuildRequires: golang-vendored-golang.org -%endif - -Requires: bash -Requires: glibc - -Provides: /usr/bin/git-lfs %description Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. -%package doc -Summary: Documents for %{name} -BuildArch: noarch -Requires: %{name} = %{version}-%{release} - -%description doc -Doc pages for %{name}. %prep %autosetup -p1 -n %{name}-%{version} @@ -130,11 +110,6 @@ sed -i -e 's!^BINPATH=.\+!BINPATH="%{gobuilddir}/bin"!g' t/testenv.sh export GOPATH=%{gobuilddir}:%{gopath} export GO111MODULE=off -%ifarch loongarch64 -rm -rf vendor/golang.org/x/sys vendor/golang.org/x/net -cp -arp %{_datadir}/golang/vendor/golang.org/x/* vendor/golang.org/x/ -%endif - # Build manpages first (some embedding in the executable is done.) pushd docs %gobuild -o mangen man/mangen.go @@ -191,20 +166,18 @@ PATH=%{buildroot}%{_bindir}:%{gobuilddir}/bin:$PATH \ %files # In Fedora this is done by using %%gopkgfiles +%doc README.md CHANGELOG.md docs %license LICENSE.md %{_bindir}/%{name} %{_mandir}/man1/%{name}*.1* %{_mandir}/man5/%{name}*.5* %{_mandir}/man7/%{name}*.7* -%files doc -%doc README.md CHANGELOG.md docs %changelog -* Fri Jan 31 2025 Weisson - 3.4.1-4.0.1 -- Add doc sub package -- Disable pie mode for loongarch64 (geliwei@openanolis.org) -- Support loongarch build (geliwei@openanolis.org) +* Tue Jun 10 2025 Ondřej Pohořelský - 3.4.1-5 +- Rebuild with new Golang +- Resolves: RHEL-89264 * Fri Jan 17 2025 Ondřej Pohořelský - 3.4.1-4 - Backport CVE-2024-53263 fixes -- Gitee From a8c0a344315619b1dfa3d23ab707fa189f8b0f63 Mon Sep 17 00:00:00 2001 From: Weisson Date: Sun, 17 Jul 2022 15:42:42 +0800 Subject: [PATCH 2/4] spec: add doc sub package Signed-off-by: Weisson --- git-lfs.spec | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/git-lfs.spec b/git-lfs.spec index 1caf499..058d43e 100644 --- a/git-lfs.spec +++ b/git-lfs.spec @@ -1,3 +1,4 @@ +%define anolis_release .0.1 # Build man pages %global with_manpages 1 @@ -19,7 +20,7 @@ Version: 3.4.1 %global gobuild CGO_CPPFLAGS="-D_FORTIFY_SOURCE=2 -fstack-protector-all" go build -compiler gc -buildmode pie '-tags=rpm_crashtraceback libtrust_openssl ' -ldflags "-linkmode=external -compressdwarf=false ${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v -x %{?**} Name: git-lfs -Release: 5%{?dist} +Release: 5%{anolis_release}%{?dist} Summary: Git extension for versioning large files License: MIT @@ -83,12 +84,23 @@ BuildRequires: git >= 2.32.0 %endif Requires: git-core >= 2.32.0 +Requires: bash +Requires: glibc + +Provides: /usr/bin/git-lfs %description Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. +%package doc +Summary: Documents for %{name} +BuildArch: noarch +Requires: %{name} = %{version}-%{release} + +%description doc +Doc pages for %{name}. %prep %autosetup -p1 -n %{name}-%{version} @@ -166,15 +178,19 @@ PATH=%{buildroot}%{_bindir}:%{gobuilddir}/bin:$PATH \ %files # In Fedora this is done by using %%gopkgfiles -%doc README.md CHANGELOG.md docs %license LICENSE.md %{_bindir}/%{name} %{_mandir}/man1/%{name}*.1* %{_mandir}/man5/%{name}*.5* %{_mandir}/man7/%{name}*.7* +%files doc +%doc README.md CHANGELOG.md docs %changelog +* Tue Jun 24 2025 Weisson - 3.4.1-5.0.1 +- Add doc sub package + * Tue Jun 10 2025 Ondřej Pohořelský - 3.4.1-5 - Rebuild with new Golang - Resolves: RHEL-89264 -- Gitee From db273ead6dcda63ac6a64690a40bff30dac71c24 Mon Sep 17 00:00:00 2001 From: Liwei Ge Date: Tue, 29 Nov 2022 12:44:54 +0800 Subject: [PATCH 3/4] spec: disable pie mode for loongarch --- git-lfs.spec | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/git-lfs.spec b/git-lfs.spec index 058d43e..241319f 100644 --- a/git-lfs.spec +++ b/git-lfs.spec @@ -15,9 +15,13 @@ Version: 3.4.1 %global gobuilddir %{_builddir}/%{name}-%{version}/_build +%ifnarch loongarch64 +%define pie_mode -buildmode pie +%endif + # define gobuild macro to not lose hardening, because of macro conflict # https://bugzilla.redhat.com/show_bug.cgi?id=1919348 -%global gobuild CGO_CPPFLAGS="-D_FORTIFY_SOURCE=2 -fstack-protector-all" go build -compiler gc -buildmode pie '-tags=rpm_crashtraceback libtrust_openssl ' -ldflags "-linkmode=external -compressdwarf=false ${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v -x %{?**} +%global gobuild CGO_CPPFLAGS="-D_FORTIFY_SOURCE=2 -fstack-protector-all" go build -compiler gc %{?!pie_mode} '-tags=rpm_crashtraceback libtrust_openssl ' -ldflags "-linkmode=external -compressdwarf=false ${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v -x %{?**} Name: git-lfs Release: 5%{anolis_release}%{?dist} @@ -190,6 +194,7 @@ PATH=%{buildroot}%{_bindir}:%{gobuilddir}/bin:$PATH \ %changelog * Tue Jun 24 2025 Weisson - 3.4.1-5.0.1 - Add doc sub package +- Disable pie mode for loongarch64 (geliwei@openanolis.org) * Tue Jun 10 2025 Ondřej Pohořelský - 3.4.1-5 - Rebuild with new Golang -- Gitee From ec670a89582a6d0540e45ed3a9eb20a083848b7e Mon Sep 17 00:00:00 2001 From: Liwei Ge Date: Wed, 28 Dec 2022 22:19:37 +0800 Subject: [PATCH 4/4] spec: support loongarch build --- git-lfs.spec | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/git-lfs.spec b/git-lfs.spec index 241319f..1a38cbe 100644 --- a/git-lfs.spec +++ b/git-lfs.spec @@ -88,6 +88,10 @@ BuildRequires: git >= 2.32.0 %endif Requires: git-core >= 2.32.0 +%ifarch loongarch64 +BuildRequires: golang-vendored-golang.org +%endif + Requires: bash Requires: glibc @@ -126,6 +130,11 @@ sed -i -e 's!^BINPATH=.\+!BINPATH="%{gobuilddir}/bin"!g' t/testenv.sh export GOPATH=%{gobuilddir}:%{gopath} export GO111MODULE=off +%ifarch loongarch64 +rm -rf vendor/golang.org/x/sys vendor/golang.org/x/net +cp -arp %{_datadir}/golang/vendor/golang.org/x/* vendor/golang.org/x/ +%endif + # Build manpages first (some embedding in the executable is done.) pushd docs %gobuild -o mangen man/mangen.go @@ -195,6 +204,7 @@ PATH=%{buildroot}%{_bindir}:%{gobuilddir}/bin:$PATH \ * Tue Jun 24 2025 Weisson - 3.4.1-5.0.1 - Add doc sub package - Disable pie mode for loongarch64 (geliwei@openanolis.org) +- Support loongarch build (geliwei@openanolis.org) * Tue Jun 10 2025 Ondřej Pohořelský - 3.4.1-5 - Rebuild with new Golang -- Gitee