commit: 42ad87c4aa34fbd34260da98c55733e7f7259747 Author: Nils Freydank <holgersson <AT> posteo <DOT> de> AuthorDate: Tue Jan 14 21:27:51 2025 +0000 Commit: Michał Górny <mgorny <AT> gentoo <DOT> org> CommitDate: Wed Jan 15 05:39:43 2025 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=42ad87c4
dev-vcs/git-lfs: Bump to 3.6.1, CVE-2024-53263 Bug: https://bugs.gentoo.org/948119 Signed-off-by: Nils Freydank <holgersson <AT> posteo.de> Signed-off-by: Michał Górny <mgorny <AT> gentoo.org> dev-vcs/git-lfs/Manifest | 2 + dev-vcs/git-lfs/git-lfs-3.6.1.ebuild | 106 +++++++++++++++++++++++++++++++++++ 2 files changed, 108 insertions(+) diff --git a/dev-vcs/git-lfs/Manifest b/dev-vcs/git-lfs/Manifest index b472fd0fce4a..f54b0a61cdbe 100644 --- a/dev-vcs/git-lfs/Manifest +++ b/dev-vcs/git-lfs/Manifest @@ -2,3 +2,5 @@ DIST git-lfs-3.5.1-deps.tar.xz 21401028 BLAKE2B a011061ebae15c7d80d908d46051c954 DIST git-lfs-3.5.1.tar.gz 683872 BLAKE2B c99d85474cb8544ea2fca7daa6fc57affeabeb7bde517366c885360f613012c3b852d95abd647adfda806f0a057c6df355db0cf49f8d408460c0e2498b836ab5 SHA512 7755f8fbf18d5870eb95d13e1af763e9c8b127ecace67c95d54100eb9d735df41b649d1777f7051ba018eacba34f732a51b3bf5f1376dedf4778b5ae0c81cf40 DIST git-lfs-3.6.0-deps.tar.xz 21227652 BLAKE2B 40418960f2d63c0f1eed7b3de77d532e3c7fd9437e584b3f6aa1e699f13b133b0dbe489bfcc776de63f2420f3f9b00ea96b6129cae450ee7bdfd65c534bcf7e1 SHA512 568c8a625620529c4a2a47cc12943f3929c7a4d54aa8f8d3ea5c93a8ab27f72518d1a252d3e048231eeda08126c5665aaa618e0e535b0b254ed81500d8594def DIST git-lfs-3.6.0.tar.gz 694653 BLAKE2B 3d04b43b5c06c4b9270116a49b156fbf4435a407b7b35c9d96279fe3360efc7310e64ad91bf3347ccd2f61f27cf3e39687de4f3387d196f1e053cbeb8306f298 SHA512 27ee4413f66b60094e1a2bdc47e621013d8c7ef72ac96bd9705226237619701a8e382510c166ec91bf5590acfc7c01b01a3ff53970128f343f7474625a47ff2e +DIST git-lfs-3.6.1-deps.tar.xz 21227652 BLAKE2B 40418960f2d63c0f1eed7b3de77d532e3c7fd9437e584b3f6aa1e699f13b133b0dbe489bfcc776de63f2420f3f9b00ea96b6129cae450ee7bdfd65c534bcf7e1 SHA512 568c8a625620529c4a2a47cc12943f3929c7a4d54aa8f8d3ea5c93a8ab27f72518d1a252d3e048231eeda08126c5665aaa618e0e535b0b254ed81500d8594def +DIST git-lfs-3.6.1.tar.gz 696263 BLAKE2B 5e70adea5e41b07f4f68423abf54afc6181be364f002d43dc456b80d0ddb89049f8427a1e968a8c4337e9dd67725b063268dd6fa03c171ff9926e10b36757f89 SHA512 d0ddee7c0bca68f66d88a66f9e3b46bba160c0ae82fbc208e55f74e79c223242ce4de3cfc5af78066acbf6a5dccac53bc592f99596ea51c71f099f21eee7d40f diff --git a/dev-vcs/git-lfs/git-lfs-3.6.1.ebuild b/dev-vcs/git-lfs/git-lfs-3.6.1.ebuild new file mode 100644 index 000000000000..0f20ac164765 --- /dev/null +++ b/dev-vcs/git-lfs/git-lfs-3.6.1.ebuild @@ -0,0 +1,106 @@ +# Copyright 2017-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 +EGO_PN=github.com/git-lfs/git-lfs +# Update the ID as it's included in each build. +COMMIT_ID="ea47a34bde1ba1ecf9eb8dc6d44fcf7aef42f5e3" + +inherit go-module shell-completion + +DESCRIPTION="Command line extension and specification for managing large files with git" +HOMEPAGE=" + https://git-lfs.com + https://github.com/git-lfs/git-lfs +" + +if [[ "${PV}" = 9999* ]]; then + EGIT_REPO_URI="https://${EGO_PN}"; + inherit git-r3 +else + SRC_URI="https://${EGO_PN}/releases/download/v${PV}/${PN}-v${PV}.tar.gz -> ${P}.tar.gz" + # Add the manually vendored tarball. + # 1) Create a tar archive optimized to reproduced by other users or devs. + # 2) Compress the archive using XZ limiting decompression memory for + # pretty constraint systems. + # Use something like: + # GOMODCACHE="${PWD}"/go-mod go mod download -modcacherw + # tar cf $P-deps.tar go-mod \ + # --mtime="1970-01-01" --sort=name --owner=portage --group=portage + # xz -k -9eT0 --memlimit-decompress=256M $P-deps.tar + SRC_URI+=" https://files.holgersson.xyz/gentoo/distfiles/golang-pkg-deps/${P}-deps.tar.xz"; +fi + +LICENSE="Apache-2.0 BSD BSD-2 BSD-4 ISC MIT" +SLOT="0" +KEYWORDS="~amd64 ~arm64 ~ppc64 ~riscv ~x86 ~amd64-linux ~x86-linux" +IUSE="doc test" + +BDEPEND=" + doc? ( dev-ruby/asciidoctor ) +" +RDEPEND="dev-vcs/git" + +RESTRICT+=" !test? ( test )" + +DOCS=( + CHANGELOG.md + CODE-OF-CONDUCT.md + CONTRIBUTING.md + README.md + SECURITY.md +) + +src_compile() { + export CGO_ENABLED=0 + + # Flags -w, -s: Omit debugging information to reduce binary size, + # see https://golang.org/cmd/link/. + local mygobuildargs=( + -ldflags="-X ${EGO_PN}/config.GitCommit=${COMMIT_ID} -s -w" + -gcflags=" " + -trimpath + -v -work -x + ) + ego build "${mygobuildargs[@]}" -o git-lfs git-lfs.go + + if use doc; then + for doc in docs/man/*adoc; + do asciidoctor -b manpage ${doc} || die "man building failed" + done + fi + + # Generate auto-completion scripts. + # bug 914542 + ./git-lfs completion bash > "${PN}.bash" || die + ./git-lfs completion fish > "${PN}.fish" || die + ./git-lfs completion zsh > "${PN}.zsh" || die +} + +src_install() { + dobin git-lfs + einstalldocs + + # Install auto-completion scripts generated earlier. + # bug 914542 + newbashcomp "${PN}.bash" "${PN}" + dofishcomp "${PN}.fish" + newzshcomp "${PN}.zsh" "_${PN}" + + use doc && doman docs/man/*.1 +} + +src_test() { + local mygotestargs=( + -ldflags="-X ${EGO_PN}/config.GitCommit=${COMMIT_ID}" + ) + go test "${mygotestargs[@]}" ./... || die +} + +pkg_postinst () { + if [[ -z "${REPLACING_VERSIONS}" ]]; then + elog "" + elog "Run 'git lfs install' once for each user account manually." + elog "For more details see https://bugs.gentoo.org/show_bug.cgi?id=733372."; + fi +}
