From 434cb4eb3f0629f4c808cfb2fc208867e49ae5bd Mon Sep 17 00:00:00 2001 From: Gwyn Ciesla Date: Aug 04 2020 14:59:18 +0000 Subject: Merge branch 'master' into epel8 --- diff --git a/.gitignore b/.gitignore index 4aa35de..795b47b 100644 --- a/.gitignore +++ b/.gitignore @@ -23,3 +23,4 @@ /v3.6.9.tar.gz /v3.6.10.tar.gz /v3.6.11.tar.gz +/v3.6.12.tar.gz diff --git a/0001-security-fix-bug-in-pattern-to-detect-path-traversal.patch b/0001-security-fix-bug-in-pattern-to-detect-path-traversal.patch deleted file mode 100644 index 53161c9..0000000 --- a/0001-security-fix-bug-in-pattern-to-detect-path-traversal.patch +++ /dev/null @@ -1,113 +0,0 @@ -From f636ce3ba3e340569b26d1e47b9d9b62dd8a3bf2 Mon Sep 17 00:00:00 2001 -From: Sitaram Chamarty -Date: Fri, 5 Oct 2012 07:19:59 +0530 -Subject: [PATCH] (security) fix bug in pattern to detect path traversal - -while we're about it, add the same check to some of the internal -routines, so that commands can also be protected. - -finally, just to make sure we don't lose it again in some other fashion, -add a few tests for path traversal... ---- - src/gitolite-shell | 2 +- - src/lib/Gitolite/Conf/Load.pm | 15 ++++++++++++++- - t/0-me-first.t | 19 ++++++++++++++++++- - 3 files changed, 33 insertions(+), 3 deletions(-) - -diff --git a/src/gitolite-shell b/src/gitolite-shell -index 5d48cc9..4bbae48 100755 ---- a/src/gitolite-shell -+++ b/src/gitolite-shell -@@ -168,7 +168,7 @@ sub sanity { - my $repo = shift; - _die "'$repo' contains bad characters" if $repo !~ $REPONAME_PATT; - _die "'$repo' ends with a '/'" if $repo =~ m(/$); -- _die "'$repo' contains '..'" if $repo =~ m(\.\.$); -+ _die "'$repo' contains '..'" if $repo =~ m(\.\.); - } - - # ---------------------------------------------------------------------- -diff --git a/src/lib/Gitolite/Conf/Load.pm b/src/lib/Gitolite/Conf/Load.pm -index 4abfa90..0f76908 100644 ---- a/src/lib/Gitolite/Conf/Load.pm -+++ b/src/lib/Gitolite/Conf/Load.pm -@@ -67,8 +67,9 @@ my $last_repo = ''; - - sub access { - my ( $repo, $user, $aa, $ref ) = @_; -- _die "invalid repo '$repo'" if not( $repo and $repo =~ $REPOPATT_PATT ); - _die "invalid user '$user'" if not( $user and $user =~ $USERNAME_PATT ); -+ sanity($repo); -+ - my $deny_rules = option( $repo, 'deny-rules' ); - load($repo); - -@@ -175,8 +176,18 @@ sub option { - return $ret->{$option}; - } - -+sub sanity { -+ my $repo = shift; -+ -+ _die "invalid repo '$repo'" if not( $repo and $repo =~ $REPOPATT_PATT ); -+ _die "'$repo' ends with a '/'" if $repo =~ m(/$); -+ _die "'$repo' contains '..'" if $repo =~ $REPONAME_PATT and $repo =~ m(\.\.); -+} -+ - sub repo_missing { - my $repo = shift; -+ sanity($repo); -+ - return not -d "$rc{GL_REPO_BASE}/$repo.git"; - } - -@@ -400,6 +411,8 @@ sub generic_name { - - sub creator { - my $repo = shift; -+ sanity($repo); -+ - return ( $ENV{GL_USER} || '' ) if repo_missing($repo); - my $f = "$rc{GL_REPO_BASE}/$repo.git/gl-creator"; - my $creator = ''; -diff --git a/t/0-me-first.t b/t/0-me-first.t -index dc8916b..22102ef 100755 ---- a/t/0-me-first.t -+++ b/t/0-me-first.t -@@ -6,10 +6,12 @@ use warnings; - use lib "src/lib"; - use Gitolite::Test; - -+my $rb = `gitolite query-rc -n GL_REPO_BASE`; -+ - # initial smoke tests - # ---------------------------------------------------------------------- - --try "plan 65"; -+try "plan 73"; - - # basic push admin repo - confreset;confadd ' -@@ -75,4 +77,19 @@ try " - glt ls-remote u5 file:///cc/1; ok; perl s/TRACE.*//g; !/\\S/ - glt ls-remote u5 file:///cc/2; !ok; /DENIED by fallthru/ - glt ls-remote u6 file:///cc/2; !ok; /DENIED by fallthru/ -+ -+ # command -+ glt perms u4 -c cc/bar/baz/frob + READERS u2; -+ ok; /Initialized empty .*cc/bar/baz/frob.git/ -+ -+ # path traversal -+ glt ls-remote u4 file:///cc/dd/../ee -+ !ok; /FATAL: 'cc/dd/\\.\\./ee' contains '\\.\\.'/ -+ glt ls-remote u5 file:///cc/../../../../../..$rb/gitolite-admin -+ !ok; /FATAL: 'cc/../../../../../..$rb/gitolite-admin' contains '\\.\\.'/ -+ -+ glt perms u4 -c cc/bar/baz/../frob + READERS u2 -+ !ok; /FATAL: 'cc/bar/baz/\\.\\./frob' contains '\\.\\.'/ -+ -+ - "; --- -1.7.11.4 - diff --git a/41b7885b77.patch b/41b7885b77.patch deleted file mode 100644 index 38007c3..0000000 --- a/41b7885b77.patch +++ /dev/null @@ -1,106 +0,0 @@ -From 41b7885b77cfe992ad3c96d0b021ece51ce1b3e3 Mon Sep 17 00:00:00 2001 -From: Sitaram Chamarty -Date: Fri, 11 Aug 2017 19:01:11 +0530 -Subject: [PATCH] reduce stat() and other calls for huge installs - -Fedora has 42000 or so repos, and a 'gitolite compile' was taking too -long. - -This set of changes reduces the number of stat() and other calls from 9 -to 2 per unchanged, existing repo. (The expectation is that only a few -repos' rules are being changed each time, so this helps somewhat -optimise the others not to take the same amount of time). ---- - src/lib/Gitolite/Conf/Store.pm | 35 ++++++++++++++++++++++++++++------- - 1 file changed, 28 insertions(+), 7 deletions(-) - -diff --git a/src/lib/Gitolite/Conf/Store.pm b/src/lib/Gitolite/Conf/Store.pm -index c7f9ab549..6809f6717 100644 ---- a/src/lib/Gitolite/Conf/Store.pm -+++ b/src/lib/Gitolite/Conf/Store.pm -@@ -25,6 +25,8 @@ use Exporter 'import'; - use Data::Dumper; - $Data::Dumper::Indent = 1; - $Data::Dumper::Sortkeys = 1; -+use Fcntl; -+use GDBM_File; - - use Gitolite::Rc; - use Gitolite::Common; -@@ -41,6 +43,11 @@ my %groups; - my %configs; - my %split_conf; - -+# reduce the number of unnecessary stat() calls for installations like Fedora, -+# which have (as of 2017-08) about 42000 repos. Each compile will only -+# *really* change a few repos so this helps us not to touch the others. -+my %gl_conf_cache; -+ - my @repolist; # current repo list; reset on each 'repo ...' line - my $subconf = 'master'; - my $nextseq = 0; -@@ -188,10 +195,13 @@ sub new_repos { - next unless $repo =~ $REPONAME_PATT; # skip repo patterns - next if $repo =~ m(^\@|EXTCMD/); # skip groups and fake repos - -- # use gl-conf as a sentinel -- hook_1($repo) if -d "$repo.git" and not -f "$repo.git/gl-conf"; -+ # use gl-conf as a sentinel; if it exists, all is well -+ next if -f "$repo.git/gl-conf"; - -- if ( not -d "$repo.git" ) { -+ if (-d "$repo.git") { -+ # directory exists but sentinel missing? Maybe a freshly imported repo? -+ hook_1($repo); -+ } else { - push @{ $rc{NEW_REPOS_CREATED} }, $repo; - trigger( 'PRE_CREATE', $repo ); - new_repo($repo); -@@ -237,16 +247,24 @@ sub hook_repos { - sub store { - trace(3); - -+ my $dbf = "$rc{GL_ADMIN_BASE}/gl-conf.cache"; -+ tie(%gl_conf_cache, 'GDBM_File', $dbf, O_RDWR|O_CREAT, 0666) or _die "Tie '$dbf' failed: $!"; -+ - # first write out the ones for the physical repos - _chdir( $rc{GL_REPO_BASE} ); -- my $phy_repos = list_phy_repos(1); - -- for my $repo ( @{$phy_repos} ) { -+ # list of repos (union of keys of %repos plus %configs) -+ my %kr_kc; -+ @kr_kc{ keys %repos } = (); -+ @kr_kc{ keys %configs } = (); -+ for my $repo ( keys %kr_kc ) { - store_1($repo); - } - - _chdir( $rc{GL_ADMIN_BASE} ); - store_common(); -+ -+ untie %gl_conf_cache; - } - - sub parse_done { -@@ -284,7 +302,7 @@ sub store_1 { - # warning: writes and *deletes* it from %repos and %configs - my ($repo) = shift; - trace( 3, $repo ); -- return unless ( $repos{$repo} or $configs{$repo} ) and -d "$repo.git"; -+ return unless -d "$repo.git"; - - my ( %one_repo, %one_config ); - -@@ -301,7 +319,10 @@ sub store_1 { - $dumped_data .= Data::Dumper->Dump( [ \%one_config ], [qw(*one_config)] ); - } - -- _print( "$repo.git/gl-conf", $dumped_data ); -+ if ( ($gl_conf_cache{$repo} || '') ne $dumped_data ) { -+ _print( "$repo.git/gl-conf", $dumped_data ); -+ $gl_conf_cache{$repo} = $dumped_data; -+ } - - $split_conf{$repo} = 1; - } diff --git a/c4b6521a4b.patch b/c4b6521a4b.patch deleted file mode 100644 index 8f0686d..0000000 --- a/c4b6521a4b.patch +++ /dev/null @@ -1,76 +0,0 @@ -From c4b6521a4b82e639f6ed776abad79c86e959b27a Mon Sep 17 00:00:00 2001 -From: Sitaram Chamarty -Date: Fri, 13 Oct 2017 15:51:58 +0530 -Subject: [PATCH] allow orphan gl-conf files (see below for details) - -Background: - - For explicitly named repos in gitolite.conf ("repo foo bar" as - opposed to "repo @group-name" or "repo [a-z].*"), the compiled rules - are placed in a file called "gl-conf" in the repo's directory. - - In addition, an entry is made in a hash called "split_conf" in the - main compiled conf file (~/.gitolite/conf/gitolite.conf-compiled.pm). - - The crucial bit is this: if a repo does not have an entry in the - split_conf hash, its gl-conf file will not be honored. - - Why is this? Because there are situations where that file may be - out of date, and the rules within should not be in effect. For a - simple example, consider this conf - - repo seven - RW+ = u1 - RW = u2 - - Now, management decides that "seven" needs to be assimilated into a - large group called "borg": - - # add seven to borg - @borg = seven - - # seven's rules are now deleted - - When you make this change and push, users u1 and u2 should not get - access (unless the rules for @borg happened to allow them). That - is, the gl-conf in the repo-dir is considered an orphan, and must - not be included in rule processing. - - Since there is now no "seven" entry in split_conf, this is exactly - what happens -- gl-conf is ignored. - - (Note: one might argue that gitolite compile should go and delete - these orphaned gl-conf files, but that's yet another "full disk - scan" overhead.) - -What this patch does: - - This patch allows an admin to override this safety feature, and say, - in effect, "include orphaned gl-conf files in the rule processing; I - know what I am doing". The admin enables that by adding an rc - variable called ALLOW_ORPHAN_GL_CONF and setting it to "1". - -How does this help: - - This wouldn't be useful without some way of updating an individual - repo's rules directly into its gl-conf file. - - contrib/commands/compile-1 does exactly that (see notes within that - file for information, assumptions, warnings, etc.) ---- - src/lib/Gitolite/Conf/Load.pm | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/lib/Gitolite/Conf/Load.pm b/src/lib/Gitolite/Conf/Load.pm -index d0cd985ca..e0e4e9247 100644 ---- a/src/lib/Gitolite/Conf/Load.pm -+++ b/src/lib/Gitolite/Conf/Load.pm -@@ -305,7 +305,7 @@ sub load_1 { - } - - if ( -f "gl-conf" ) { -- return if not $split_conf{$repo}; -+ return if not $split_conf{$repo} and not $rc{ALLOW_ORPHAN_GL_CONF}; - - my $cc = "./gl-conf"; - _die "parse '$cc' failed: " . ( $@ or $! ) unless do $cc; diff --git a/gitolite3.spec b/gitolite3.spec index 42e9e4f..fbe04e3 100644 --- a/gitolite3.spec +++ b/gitolite3.spec @@ -8,8 +8,8 @@ Name: gitolite3 Epoch: 1 -Version: 3.6.11 -Release: 5%{?dist} +Version: 3.6.12 +Release: 1%{?dist} Summary: Highly flexible server for git directory version tracker License: GPLv2 and CC-BY-SA @@ -18,10 +18,6 @@ Source0: https://github.com/sitaramc/gitolite/archive/v%{version}.tar.gz Source1: gitolite3-README-fedora # Upstream: https://github.com/sitaramc/gitolite/commit/c656af01b73a5cc4f80512 Source2: compile-1 -#Patch0: 0001-security-fix-bug-in-pattern-to-detect-path-traversal.patch -#Patch0: 41b7885b77.patch -# Upstream: https://github.com/sitaramc/gitolite/commit/c4b6521a4b82e639f6ed77 -#Patch1: c4b6521a4b.patch BuildArch: noarch @@ -51,8 +47,6 @@ elsewhere in the doc/ directory. %setup -qn gitolite-%{version} cp %{SOURCE1} . -#%%patch0 -p1 -#%%patch1 -p1 %build #This page intentionally left blank. @@ -99,6 +93,18 @@ exit 0 %changelog +* Tue Aug 04 2020 Gwyn Ciesla - 1:3.6.12-1 +- 3.6.12 + +* Mon Jul 27 2020 Fedora Release Engineering - 1:3.6.11-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Fri Jun 26 2020 Jitka Plesnikova - 1:3.6.11-7 +- Perl 5.32 re-rebuild of bootstrapped packages + +* Mon Jun 22 2020 Jitka Plesnikova - 1:3.6.11-6 +- Perl 5.32 rebuild + * Tue Jan 28 2020 Fedora Release Engineering - 1:3.6.11-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild diff --git a/sources b/sources index 60fc01b..7b3947d 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v3.6.11.tar.gz) = 7c11b3dfde9ecf9ef66185aab175d78302c42cc24f13e3e855fa27ffaee65b5887bdd7f96b00b6eed944b91af2b86993b284d1a09fe5a5a3cce82acd33631212 +SHA512 (v3.6.12.tar.gz) = f6a7f4daf8a6f73db823a95cd677c1c436e04a05460a239b5844468cf0f3e6f8da1b1cd86d98c84bb8e80e5ca446c9afd0ca221cce622398c0d0a3ce18062c22