From 3b87d67289c7d5099afeee0746a52c6529fb9584 Mon Sep 17 00:00:00 2001
From: fly_fzc <2385803914@qq.com>
Date: Thu, 14 Aug 2025 16:36:56 +0800
Subject: [PATCH] modify patch

---
 ...-27613-CVE-2025-46334-CVE-2025-46835.patch | 78 ++++++++++++++++++-
 git.spec                                      |  9 ++-
 2 files changed, 82 insertions(+), 5 deletions(-)

diff --git a/backport-CVE-2025-27613-CVE-2025-46334-CVE-2025-46835.patch b/backport-CVE-2025-27613-CVE-2025-46334-CVE-2025-46835.patch
index d794a82..9709611 100644
--- a/backport-CVE-2025-27613-CVE-2025-46334-CVE-2025-46835.patch
+++ b/backport-CVE-2025-27613-CVE-2025-46334-CVE-2025-46835.patch
@@ -703,6 +703,28 @@ index 9673e56abda662..aba8ef63dc2b16 100755
      } err]} {
  	show_error {} . "[mc "Couldn't get list of unmerged files:"] $err"
  	exit 1
+@@ -463,8 +470,8 @@ proc start_rev_list {view} {
+     }
+ 
+     if {[catch {
+-	set fd [open [concat | git log --no-color -z --pretty=raw $show_notes \
+-			--parents --boundary $args "--" $files] r]
++	set fd [safe_open_command [concat git log --no-color -z --pretty=raw $show_notes \
++			--parents --boundary $args "--" $files]]
+     } err]} {
+ 	error_popup "[mc "Error executing git log:"] $err"
+ 	return 0
+@@ -611,8 +618,8 @@ proc updatecommits {} {
+ 	set args $vorigargs($view)
+     }
+     if {[catch {
+-	set fd [open [concat | git log --no-color -z --pretty=raw $show_notes \
+-			--parents --boundary $args "--" $vfilelimit($view)] r]
++	set fd [safe_open_command [concat git log --no-color -z --pretty=raw $show_notes \
++			--parents --boundary $args "--" $vfilelimit($view)]]
+     } err]} {
+ 	error_popup "[mc "Error executing git log:"] $err"
+ 	return
 @@ -1700,7 +1707,7 @@ proc do_readcommit {id} {
      global tclencoding
  
@@ -845,6 +867,15 @@ index 9673e56abda662..aba8ef63dc2b16 100755
      set allcupdate [expr {$seeds ne {}}]
      if {!$allcupdate} {
  	set ids "--all"
+@@ -10281,7 +10288,7 @@ proc getallcommits {} {
+ 	}
+     }
+     if {$ids ne {}} {
+-	set fd [open [concat $cmd $ids] r]
++	set fd [safe_open_command [concat $cmd $ids]]
+ 	fconfigure $fd -blocking 0
+ 	incr allcommits
+ 	nowbusy allcommits
 
 From 42a64b41a7a3d01a62f0f34f75bee2bbd00be46f Mon Sep 17 00:00:00 2001
 From: Johannes Sixt <j6t@kdbg.org>
@@ -2699,6 +2730,46 @@ index 9ccd88893030f0..217aeb9ce3a7b5 100755
  	if {[is_Windows] && [lsearch -exact $args -script] >= 0} {
  		set suffix {}
 
+From 074c2b9d7c4b1201f261263f011074c733a85d38 Mon Sep 17 00:00:00 2001
+From: Johannes Sixt <j6t@kdbg.org>
+Date: Sat, 3 May 2025 19:21:53 +0200
+Subject: [PATCH 33/41] git-gui: use git_read in githook_read
+
+0730a5a3a5e6 ("git-gui - use git-hook, honor core.hooksPath", 2023-09-17)
+rewrote githook_read to use `git hook` to run a hook script. The code
+that was replaced discovered the hook script file manually and invoked
+it using function _open_stdout_stderr. After the rewrite, this function
+is still invoked, but it calls into `git` instead of the hook scripts.
+
+Notice though, that we have function git_read that invokes git and
+prepares a pipe for the caller to read from. Replace the implementation
+of githook_read to be just a wrapper around git_read. This unifies the
+way in which the git executable is invoked. git_read ultimately also
+calls into _open_stdout_stderr, but it modifies the path to the git
+executable before doing so.
+
+Signed-off-by: Johannes Sixt <j6t@kdbg.org>
+
+Signed-off-by: Taylor Blau <me@ttaylorr.com>
+---
+ git-gui/git-gui.sh | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/git-gui/git-gui.sh b/git-gui/git-gui.sh
+index 28113220af8770..e10bf2a039295e 100755
+--- a/git-gui/git-gui.sh
++++ b/git-gui/git-gui.sh
+@@ -669,8 +669,7 @@ proc git_write {args} {
+ }
+ 
+ proc githook_read {hook_name args} {
+-	set cmd [concat git hook run --ignore-missing $hook_name -- $args 2>@1]
+-	return [_open_stdout_stderr $cmd]
++	git_read hook run --ignore-missing $hook_name -- $args 2>@1
+ }
+ 
+ proc kill_file_process {fd} {
+
 From a1ccd2512072cf52835050f4c97a4fba9f0ec8f9 Mon Sep 17 00:00:00 2001
 From: Mark Levedahl <mlevedahl@gmail.com>
 Date: Fri, 11 Apr 2025 10:58:20 -0400
@@ -2970,11 +3041,11 @@ index e10bf2a039295e..301c7647ecaec6 100755
  }
  
  proc githook_read {hook_name args} {
--	set cmd [concat git hook run --ignore-missing $hook_name -- $args 2>@1]
+-	git_read hook run --ignore-missing $hook_name -- $args 2>@1
 +	git_read [concat [list hook run --ignore-missing $hook_name --] $args 2>@1]
- 	return [_open_stdout_stderr $cmd]
  }
  
+ proc kill_file_process {fd} {
 @@ -1110,10 +1110,10 @@ proc _parse_config {arr_name args} {
  	array unset arr
  	set buf {}
@@ -3582,12 +3653,11 @@ index 408149b5309f68..bbdbd35d269507 100755
  }
  
  proc git_read_nice {cmd} {
-@@ -669,8 +669,7 @@ proc git_write {cmd} {
+@@ -669,7 +669,7 @@ proc git_write {cmd} {
  }
  
  proc githook_read {hook_name args} {
 -	git_read [concat [list hook run --ignore-missing $hook_name --] $args 2>@1]
--	return [_open_stdout_stderr $cmd]
 +	git_read [concat [list hook run --ignore-missing $hook_name --] $args] [list 2>@1]
  }
  
diff --git a/git.spec b/git.spec
index f6f0106..0b79d34 100644
--- a/git.spec
+++ b/git.spec
@@ -1,7 +1,7 @@
 %global gitexecdir          %{_libexecdir}/git-core
 Name:       git
 Version:    2.27.0
-Release:    26
+Release:    27
 Summary:    A popular and widely used Version Control System
 License:    GPLv2+ or LGPLv2.1
 URL:        https://git-scm.com/
@@ -334,6 +334,13 @@ make %{?_smp_mflags} test
 %{_mandir}/man7/git*.7.*
 
 %changelog
+* Thu Aug 14 2025 fuanan <fuanan3@h-partners.com> - 2.27.0-27
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:modify patch
+       backport-CVE-2025-27613-CVE-2025-46334-CVE-2025-46835.patch
+
 * Tue Jul 22 2025 fuanan <fuanan3@h-partners.com> - 2.27.0-26
 - Type:CVE
 - ID:CVE-2025-27613 CVE-2025-46334 CVE-2025-46835
-- 
Gitee