!41 Upgrade to 1.7.2

From: @starlet-dx 
Reviewed-by: @cherry530 
Signed-off-by: @cherry530

0001-tests-don-t-run-buf-oom-on-32-bit-systems.patch

@@ -1,59 +0,0 @@
-From 415a8ae9c9b6ac18f0524b6af8e58408b426457d Mon Sep 17 00:00:00 2001
-From: Edward Thomson <ethomson@edwardthomson.com>
-Date: Thu, 13 Sep 2018 13:27:07 +0100
-Subject: [PATCH] tests: don't run buf::oom on 32-bit systems
-
-On a 32-bit Linux systems, the value large enough to make malloc
-guarantee a failure is also large enough that valgrind considers it
-"fishy".  Skip this test on those systems entirely.
----
- tests/buf/oom.c | 14 +++++++++-----
- 1 file changed, 9 insertions(+), 5 deletions(-)
-
-diff --git a/tests/buf/oom.c b/tests/buf/oom.c
-index 2741a8ddf2..ec3bad9979 100644
---- a/tests/buf/oom.c
-+++ b/tests/buf/oom.c
-@@ -11,12 +11,8 @@
-  */
- #if defined(GIT_ARCH_64) && defined(__linux__)
- # define TOOBIG 0x0fffffffffffffff
--#elif defined(__linux__)
--# define TOOBIG 0x0fffffff
- #elif defined(GIT_ARCH_64)
- # define TOOBIG 0xffffffffffffff00
--#else
--# define TOOBIG 0xffffff00
- #endif
- 
- /**
-@@ -25,13 +21,18 @@
-  * will fail.  And because the git_buf_grow() wrapper always
-  * sets mark_oom, the code in git_buf_try_grow() will free
-  * the internal buffer and set it to git_buf__oom.
-- * 
-+ *
-  * We initialized the internal buffer to (the static variable)
-  * git_buf__initbuf.  The purpose of this test is to make sure
-  * that we don't try to free the static buffer.
-+ *
-+ * Skip this test entirely on 32-bit platforms; a buffer large enough
-+ * to guarantee malloc failures is so large that valgrind considers
-+ * it likely to be an error.
-  */
- void test_buf_oom__grow(void)
- {
-+#ifdef GIT_ARCH_64
- 	git_buf buf = GIT_BUF_INIT;
- 
- 	git_buf_clear(&buf);
-@@ -40,6 +41,9 @@ void test_buf_oom__grow(void)
- 	cl_assert(git_buf_oom(&buf));
- 
- 	git_buf_free(&buf);
-+#else
-+    cl_skip();
-+#endif
- }
- 
- void test_buf_oom__grow_by(void)

CVE-2020-12278.patch

@@ -1,44 +0,0 @@
-From e1832eb20a7089f6383cfce474f213157f5300cb Mon Sep 17 00:00:00 2001
-From: Johannes Schindelin <johannes.schindelin@gmx.de>
-Date: Wed, 18 Sep 2019 16:33:18 +0200
-Subject: [PATCH] path: also guard `.gitmodules` against NTFS Alternate Data
- Streams
-
-We just safe-guarded `.git` against NTFS Alternate Data Stream-related
-attack vectors, and now it is time to do the same for `.gitmodules`.
-
-Note: In the added regression test, we refrain from verifying all kinds
-of variations between short names and NTFS Alternate Data Streams: as
-the new code disallows _all_ Alternate Data Streams of `.gitmodules`, it
-is enough to test one in order to know that all of them are guarded
-against.
-
-Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
----
- src/path.c          | 2 +-
- tests/path/dotgit.c | 1 +
- 2 files changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/path.c b/src/path.c
-index 7844da67227..b3a8fc32f83 100644
---- a/src/path.c
-+++ b/src/path.c
-@@ -1646,7 +1646,7 @@ GIT_INLINE(bool) only_spaces_and_dots(const char *path)
- 	const char *c = path;
- 
- 	for (;; c++) {
--		if (*c == '\0')
-+		if (*c == '\0' || *c == ':')
- 			return true;
- 		if (*c != ' ' && *c != '.')
- 			return false;
-diff --git a/tests/path/dotgit.c b/tests/path/dotgit.c
-index 30996694512..ceb7330d248 100644
---- a/tests/path/dotgit.c
-+++ b/tests/path/dotgit.c
-@@ -116,4 +116,5 @@ void test_path_dotgit__dotgit_modules_symlink(void)
- 	cl_assert_equal_b(true, git_path_isvalid(NULL, ".gitmodules", 0, GIT_PATH_REJECT_DOT_GIT_HFS|GIT_PATH_REJECT_DOT_GIT_NTFS));
- 	cl_assert_equal_b(false, git_path_isvalid(NULL, ".gitmodules", S_IFLNK, GIT_PATH_REJECT_DOT_GIT_HFS));
- 	cl_assert_equal_b(false, git_path_isvalid(NULL, ".gitmodules", S_IFLNK, GIT_PATH_REJECT_DOT_GIT_NTFS));
-+	cl_assert_equal_b(false, git_path_isvalid(NULL, ".gitmodules . .::$DATA", S_IFLNK, GIT_PATH_REJECT_DOT_GIT_NTFS));
- }

CVE-2020-12279.patch

@@ -1,57 +0,0 @@
-From 64c612cc3e25eff5fb02c59ef5a66ba7a14751e4 Mon Sep 17 00:00:00 2001
-From: Johannes Schindelin <johannes.schindelin@gmx.de>
-Date: Wed, 18 Sep 2019 15:25:02 +0200
-Subject: [PATCH] Protect against 8.3 "short name" attacks also on Linux/macOS
-
-The Windows Subsystem for Linux (WSL) is getting increasingly popular,
-in particular because it makes it _so_ easy to run Linux software on
-Windows' files, via the auto-mounted Windows drives (`C:\` is mapped to
-`/mnt/c/`, no need to set that up manually).
-
-Unfortunately, files/directories on the Windows drives can be accessed
-via their _short names_, if that feature is enabled (which it is on the
-`C:` drive by default).
-
-Which means that we have to safeguard even our Linux users against the
-short name attacks.
-
-Further, while the default options of CIFS/SMB-mounts seem to disallow
-accessing files on network shares via their short names on Linux/macOS,
-it _is_ possible to do so with the right options.
-
-So let's just safe-guard against short name attacks _everywhere_.
-
-Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
----
- src/checkout.c         | 2 +-
- tests/checkout/nasty.c | 3 +--
- 2 files changed, 2 insertions(+), 3 deletions(-)
-
-diff --git a/src/checkout.c b/src/checkout.c
-index 5cfa7280baa..5b20ede466b 100644
---- a/src/checkout.c
-+++ b/src/checkout.c
-@@ -1271,7 +1271,7 @@ static int checkout_verify_paths(
- 	int action,
- 	git_diff_delta *delta)
- {
--	unsigned int flags = GIT_PATH_REJECT_WORKDIR_DEFAULTS;
-+	unsigned int flags = GIT_PATH_REJECT_WORKDIR_DEFAULTS | GIT_PATH_REJECT_DOT_GIT_NTFS;
- 
- 	if (action & CHECKOUT_ACTION__REMOVE) {
- 		if (!git_path_isvalid(repo, delta->old_file.path, delta->old_file.mode, flags)) {
-diff --git a/tests/checkout/nasty.c b/tests/checkout/nasty.c
-index 3897878cef1..a0ac738a812 100644
---- a/tests/checkout/nasty.c
-+++ b/tests/checkout/nasty.c
-@@ -206,9 +206,8 @@ void test_checkout_nasty__dot_git_dot(void)
-  */
- void test_checkout_nasty__git_tilde1(void)
- {
--#ifdef GIT_WIN32
- 	test_checkout_fails("refs/heads/git_tilde1", ".git/foobar");
--#endif
-+	test_checkout_fails("refs/heads/git_tilde1", "git~1/foobar");
- }
- 
- /* A tree that contains an entry "git~2", when we have forced the short

libgit2.spec

@@ -1,17 +1,14 @@
 Name:           libgit2
-Version:        0.27.8
-Release:        4
+Version:        1.7.2
+Release:        1
 Summary:        portable, pure C implementation of the Git core methods
 License:        GPLv2 with exceptions
 URL:            https://libgit2.org
-Source0:        https://github.com/libgit2/libgit2/archive/v%{version}.tar.gz
+Source0:        https://github.com/libgit2/libgit2/archive/v%{version}/%{name}-%{version}.tar.gz
 
-Patch0001:      0001-tests-don-t-run-buf-oom-on-32-bit-systems.patch
-Patch0002:      CVE-2020-12278.patch
-Patch0003:      CVE-2020-12279.patch
-
-BuildRequires:  gcc cmake >= 2.8.11 ninja-build http-parser-devel libcurl-devel
+BuildRequires:  gcc cmake >= 3.5.1 ninja-build http-parser-devel libcurl-devel
 BuildRequires:  libssh2-devel openssl-devel python3 zlib-devel
+BuildRequires:  pcre2-devel
 Provides:       bundled(libxdiff)
 
 %description
@@ -28,12 +25,17 @@ This package contains libraries and headers for developing applications that use
 
 %prep
 %autosetup -n %{name}-%{version} -p1
-rm -rfv examples/network/.gitignore deps
-sed -i '/ADD_TEST(online/s/^/#/' tests/CMakeLists.txt
+find examples -name ".gitignore" -delete -print
+sed -i '/-sonline/s/^/#/' tests/libgit2/CMakeLists.txt
+# Remove bundled libraries (except libxdiff)
+pushd deps
+find . -maxdepth 1 -not -name xdiff -exec rm -rf {} ';'
+popd
 
 %build
 %cmake . -B%{_target_platform} -GNinja -DCMAKE_BUILD_TYPE=RelWithDebInfo \
-  -DSHA1_BACKEND=OpenSSL -DUSE_HTTPS=OpenSSL %{nil}
+  -DREGEX_BACKEND=pcre2 -DBUILD_CLI=OFF -DUSE_SHA1=HTTPS -DUSE_HTTP_PARSER=system \
+  -DUSE_NTLMCLIENT=OFF -DUSE_HTTPS=OpenSSL -DUSE_SSH=ON %{nil}
 %ninja_build -C %{_target_platform}
 
 %install
@@ -57,6 +59,22 @@ sed -i '/ADD_TEST(online/s/^/#/' tests/CMakeLists.txt
 %{_includedir}/git2*
 
 %changelog
+* Wed Mar 06 2024 yaoxin <yao_xin001@hoperun.com> - 1.7.2-1
+- Upgrade to 1.7.2
+
+* Wed Feb 07 2024 yaoxin <yao_xin001@hoperun.com> - 1.6.5-1
+- Upgrade to 1.6.5 for fix CVE-2024-24575 and CVE-2024-24577
+
+* Fri Jul 7 2023 liyanan <thistleslyn@163.com> - 1.6.4-1
+- Update to version 1.6.4
+- Abi change: libgit2.so.1.3.2 -> libgit2.so.1.6.4
+
+* Mon Jul 25 2022 xu_ping <xuping33@h-partners.com> - 1.3.2-1
+- Upgrade 1.3.2
+
+* Fri May 13 2022 liyanan <liyanan32@h-partners.com> - 0.27.8-5
+- Remove error-prone, redundant test
+
 * Fri Jul 23 2021 guoxiaoqi<guoxiaoqi2@huawei.com> - 0.27.8-4
 - fix CVE-2020-12278 and CVE-2020-12279