From 81d17e4af35cbecc7b28a96de8a62d80cf4d9e18 Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Mon, 21 Aug 2017 22:31:46 +0100 Subject: dev-vcs/git-annex: bump up to 6.20170818, bug #628488 """ git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117. """ Reported-by: mbailey_j Bug: https://bugs.gentoo.org/628488 Package-Manager: Portage-2.3.8, Repoman-2.3.3 --- dev-vcs/git-annex/Manifest | 1 + dev-vcs/git-annex/git-annex-6.20170818.ebuild | 161 ++++++++++++++++++++++++++ 2 files changed, 162 insertions(+) create mode 100644 dev-vcs/git-annex/git-annex-6.20170818.ebuild diff --git a/dev-vcs/git-annex/Manifest b/dev-vcs/git-annex/Manifest index f1912bd38b68..7f7eda5b868c 100644 --- a/dev-vcs/git-annex/Manifest +++ b/dev-vcs/git-annex/Manifest @@ -4,3 +4,4 @@ DIST git-annex-6.20160419.tar.gz 5086638 SHA256 1452a55809ba7367847fc4a77f2d8a53 DIST git-annex-6.20160923.tar.gz 1084326 SHA256 964235a358814e081cf4a5d8dab798faacb1dabe5fc714ac6687b135e30fd93d SHA512 2204b5a3b76b22718e4cf5329e78035c4ff45a133e738a8ab627067551fd40a778d4be124862f6a08b583c49400844e3b0c61a682909f911e5ac51fdb6319295 WHIRLPOOL ed5f6c732210b0a720de095ce71c8907b5ddc636e28835f85697f81a01824be7b9f154335af1c4c4e1a304f967b6233487699a49da447f8f883519063be35a55 DIST git-annex-6.20161031.tar.gz 1087730 SHA256 6de3751f361d730e4a69106443b747a45e27aaeabf51ea999c41bd92fd2c71ce SHA512 4a67154b4bbb12f4573bca71617d4c898c8915b242b30b484bc45e661c09893c5ebf2c906e87269307666dcde603d8dbb34f616d46c7a88bffb4baff0bbec81c WHIRLPOOL 0251d406889b9f171dd207a3956ee6adae4b9415fd993f692e8e76240e1f15194b7c125d5118935db1dbc0676513bf213c91df285d9a3311285ed69c24080c4c DIST git-annex-6.20170101.tar.gz 1095866 SHA256 5fbf88652a84278275d9d4bec083189f590b045e23a73bfe8d395c3e356e3f53 SHA512 faf97a4619d1fa94efebd6fc592c58822e853505649c230afa8711165a22c1d84e8c24c850fc61d47ce1390868a934400db28f7b370a7aa26b128c0dcdc11475 WHIRLPOOL 95dbe81bf51b654d6d3deb97c180a346701d35ae07ef0774eafc2d5877ba07ed5f9b9f85beee2b3eacd6749b3f505f6d888b3747da0802fab36496ade6ab12c9 +DIST git-annex-6.20170818.tar.gz 1111837 SHA256 7ddf3f8be218d8e8955be49fb0200179e54406cc02e884abe999f88d578f7d79 SHA512 06587bf0d3056e4b94d4c40aaae820efda133dcbc876a2ac3db3183fb511ec20aae4c495323b4886868a3e66b5b1f53a04c5f3abb0362c718bbadc8e2f6e15d0 WHIRLPOOL b4034833a96ab11c8972c1b679c10948455459ef0a82fe98c9912db932ab384e00ad1a13d08030f658cc1f0525888e5e9e34e48f7e09704f642ac57e908d8a35 diff --git a/dev-vcs/git-annex/git-annex-6.20170818.ebuild b/dev-vcs/git-annex/git-annex-6.20170818.ebuild new file mode 100644 index 000000000000..29375595e8d4 --- /dev/null +++ b/dev-vcs/git-annex/git-annex-6.20170818.ebuild @@ -0,0 +1,161 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +# ebuild generated by hackport 0.5.3.9999 +#hackport: flags: -production,-android,-androidsplice,-testsuite + +CABAL_FEATURES="" +inherit haskell-cabal bash-completion-r1 + +DESCRIPTION="manage files with git, without checking their contents into git" +HOMEPAGE="http://git-annex.branchable.com/" +SRC_URI="mirror://hackage/packages/archive/${PN}/${PV}/${P}.tar.gz" +RESTRICT="test" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="~amd64 ~x86 ~amd64-linux" +IUSE="+assistant benchmark +concurrentoutput +dbus doc +magicmime +network-uri +pairing s3 +torrentparser +webapp +webdav" + +RDEPEND="dev-haskell/aeson:= + dev-haskell/async:= + dev-haskell/bloomfilter:= + dev-haskell/byteable:= + dev-haskell/case-insensitive:= + dev-haskell/crypto-api:= + dev-haskell/cryptonite:= + dev-haskell/data-default:= + dev-haskell/disk-free-space:= + dev-haskell/dlist:= + dev-haskell/edit-distance:= + dev-haskell/esqueleto:= + >=dev-haskell/exceptions-0.6:= + >=dev-haskell/feed-0.3.9:= + dev-haskell/free:= + dev-haskell/hslogger:= + dev-haskell/http-client:= + >=dev-haskell/http-conduit-2.0:= + >=dev-haskell/http-types-0.7:= + dev-haskell/ifelse:= + dev-haskell/memory:= + dev-haskell/monad-control:= + dev-haskell/monad-logger:= + >=dev-haskell/mtl-2:= + dev-haskell/old-locale:= + >=dev-haskell/optparse-applicative-0.11.0:= + dev-haskell/persistent:= + dev-haskell/persistent-sqlite:= + dev-haskell/persistent-template:= + >=dev-haskell/quickcheck-2.1:2= + dev-haskell/random:= + dev-haskell/regex-tdfa:= + dev-haskell/resourcet:= + dev-haskell/safesemaphore:= + dev-haskell/sandi:= + dev-haskell/securemem:= + dev-haskell/socks:= + dev-haskell/split:= + >=dev-haskell/stm-2.3:= + dev-haskell/stm-chans:= + dev-haskell/text:= + dev-haskell/unix-compat:= + dev-haskell/unordered-containers:= + dev-haskell/utf8-string:= + >=dev-haskell/uuid-1.2.6:= + >=dev-lang/ghc-7.8.2:= + assistant? ( >=dev-haskell/dns-1.0.0:= + dev-haskell/hinotify:= + dev-haskell/mountpoints:= + sys-process/lsof ) + benchmark? ( dev-haskell/criterion:= ) + concurrentoutput? ( >=dev-haskell/concurrent-output-1.6:= ) + dbus? ( >=dev-haskell/dbus-0.10.7:= + >=dev-haskell/fdo-notify-0.3:= ) + magicmime? ( dev-haskell/magic:= ) + network-uri? ( >=dev-haskell/network-2.6:= + >=dev-haskell/network-uri-2.6:= ) + !network-uri? ( >=dev-haskell/network-2.4:= =dev-haskell/aws-0.9.2:= + dev-haskell/conduit:= + dev-haskell/conduit-extra:= ) + torrentparser? ( >=dev-haskell/torrent-10000.0.0:= ) + webapp? ( dev-haskell/blaze-builder:= + dev-haskell/clientsession:= + >=dev-haskell/path-pieces-0.1.4:= + >=dev-haskell/shakespeare-2.0.0:= + dev-haskell/wai:= + dev-haskell/wai-extra:= + >=dev-haskell/warp-3.0.0.5:= + >=dev-haskell/warp-tls-1.4:= + >=dev-haskell/yesod-1.2.6:= + >=dev-haskell/yesod-core-1.2.19:= + >=dev-haskell/yesod-default-1.2.0:= + >=dev-haskell/yesod-form-1.3.15:= + >=dev-haskell/yesod-static-1.2.4:= ) + webdav? ( >=dev-haskell/dav-1.0:= ) +" +# not generated by hackport: +RDEPEND="${RDEPEND} + dev-vcs/git +" + +DEPEND="${RDEPEND} + >=dev-haskell/cabal-1.18.1.3 +" + +# not generated by hackport: +DEPEND="${DEPEND} + dev-lang/perl + doc? ( www-apps/ikiwiki net-misc/rsync ) +" + +PATCHES=( + "${FILESDIR}"/${PN}-6.20160114-QC-2.8.2.patch + "${FILESDIR}"/${PN}-6.20161210-directory-1.3.patch + "${FILESDIR}"/${PN}-6.20170101-crypto-api.patch +) + +src_configure() { + haskell-cabal_src_configure \ + --flag=-android \ + --flag=-androidsplice \ + $(cabal_flag assistant assistant) \ + $(cabal_flag benchmark benchmark) \ + $(cabal_flag concurrentoutput concurrentoutput) \ + $(cabal_flag dbus dbus) \ + $(cabal_flag magicmime magicmime) \ + $(cabal_flag network-uri network-uri) \ + $(cabal_flag pairing pairing) \ + --flag=-production \ + $(cabal_flag s3 s3) \ + --flag=-testsuite \ + $(cabal_flag torrentparser torrentparser) \ + $(cabal_flag webapp webapp) \ + $(cabal_flag webdav webdav) +} + +src_test() { + if use webapp; then + export GIT_CONFIG=${T}/temp-git-config + git config user.email "git@src_test" + git config user.name "Mr. ${P} The Test" + + emake test + fi +} + +src_install() { + haskell-cabal_src_install + + newbashcomp "${FILESDIR}"/${PN}.bash ${PN} + + dodoc CHANGELOG README + if use webapp ; then + doicon "${FILESDIR}"/${PN}.xpm + make_desktop_entry "${PN} webapp" "git-annex" ${PN}.xpm "Office" + fi +} -- cgit v1.2.3-65-gdbad