From 2444afab2066645ddc750f1b34ce45882b5505c4 Mon Sep 17 00:00:00 2001 From: wangzhe Date: Fri, 31 Jan 2025 10:46:14 +0800 Subject: [PATCH 1/4] [CVE] update to git-lfs-3.4.1-4.src.rpm for CVE-2024-53263 to #IBJWOD update to git-lfs-3.4.1-4.src.rpm for CVE-2024-53263 Project: TC2024080204 Signed-off-by: wangzhe --- git-lfs-3.4.1-cve-2024-53263.patch | 358 +++++++++++++++++++++++++++++ git-lfs.spec | 44 +--- 2 files changed, 369 insertions(+), 33 deletions(-) create mode 100644 git-lfs-3.4.1-cve-2024-53263.patch diff --git a/git-lfs-3.4.1-cve-2024-53263.patch b/git-lfs-3.4.1-cve-2024-53263.patch new file mode 100644 index 0000000..773e8bb --- /dev/null +++ b/git-lfs-3.4.1-cve-2024-53263.patch @@ -0,0 +1,358 @@ +diff -urN b/creds/creds.go a/creds/creds.go +--- b/creds/creds.go 2023-12-13 19:56:25.000000000 +0100 ++++ a/creds/creds.go 2025-01-17 08:55:10.175959181 +0100 +@@ -53,11 +53,20 @@ + // as input. + type Creds map[string][]string + +-func bufferCreds(c Creds) *bytes.Buffer { ++func (c Creds) buffer(protectProtocol bool) (*bytes.Buffer, error) { + buf := new(bytes.Buffer) + + for k, v := range c { + for _, item := range v { ++ if strings.Contains(item, "\n") { ++ return nil, errors.Errorf(tr.Tr.Get("credential value for %s contains newline: %q", k, item)) ++ } ++ if protectProtocol && strings.Contains(item, "\r") { ++ return nil, errors.Errorf(tr.Tr.Get("credential value for %s contains carriage return: %q\nIf this is intended, set `credential.protectProtocol=false`", k, item)) ++ } ++ if strings.Contains(item, string(rune(0))) { ++ return nil, errors.Errorf(tr.Tr.Get("credential value for %s contains null byte: %q", k, item)) ++ } + buf.Write([]byte(k)) + buf.Write([]byte("=")) + buf.Write([]byte(item)) +@@ -65,7 +74,7 @@ + } + } + +- return buf ++ return buf, nil + } + + type CredentialHelperContext struct { +@@ -153,6 +162,9 @@ + helpers = append(helpers, ctxt.askpassCredHelper) + } + } ++ ++ ctxt.commandCredHelper.protectProtocol = ctxt.urlConfig.Bool("credential", rawurl, "protectProtocol", true) ++ + return CredentialHelperWrapper{CredentialHelper: NewCredentialHelpers(append(helpers, ctxt.commandCredHelper)), Input: input, Url: u} + } + +@@ -292,7 +304,8 @@ + } + + type commandCredentialHelper struct { +- SkipPrompt bool ++ SkipPrompt bool ++ protectProtocol bool + } + + func (h *commandCredentialHelper) Fill(creds Creds) (Creds, error) { +@@ -323,7 +336,10 @@ + if err != nil { + return nil, errors.New(tr.Tr.Get("failed to find `git credential %s`: %v", subcommand, err)) + } +- cmd.Stdin = bufferCreds(input) ++ cmd.Stdin, err = input.buffer(h.protectProtocol) ++ if err != nil { ++ return nil, errors.New(tr.Tr.Get("invalid input to `git credential %s`: %v", subcommand, err)) ++ } + cmd.Stdout = output + /* + There is a reason we don't read from stderr here: +diff -urN b/creds/creds_test.go a/creds/creds_test.go +--- b/creds/creds_test.go 2023-12-13 19:56:25.000000000 +0100 ++++ a/creds/creds_test.go 2025-01-17 08:55:21.318023782 +0100 +@@ -1,12 +1,89 @@ + package creds + + import ( ++ "bytes" + "errors" ++ "slices" ++ "strings" + "testing" + + "github.com/stretchr/testify/assert" + ) + ++func assertCredsLinesMatch(t *testing.T, expected []string, buf *bytes.Buffer) { ++ actual := strings.SplitAfter(buf.String(), "\n") ++ ++ slices.Sort(expected) ++ slices.Sort(actual) ++ ++ assert.Equal(t, expected, actual) ++} ++func TestCredsBufferFormat(t *testing.T) { ++ creds := make(Creds) ++ ++ expected := []string{""} ++ ++ buf, err := creds.buffer(true) ++ assert.NoError(t, err) ++ assertCredsLinesMatch(t, expected, buf) ++ ++ creds["protocol"] = []string{"https"} ++ creds["host"] = []string{"example.com"} ++ ++ expected = []string{"host=example.com\n", "protocol=https\n", ""} ++ ++ buf, err = creds.buffer(true) ++ assert.NoError(t, err) ++ assertCredsLinesMatch(t, expected, buf) ++ ++ creds["wwwauth[]"] = []string{"Basic realm=test", "Negotiate"} ++ ++ expected = append(expected, "wwwauth[]=Basic realm=test\n", "wwwauth[]=Negotiate\n") ++ buf, err = creds.buffer(true) ++ assert.NoError(t, err) ++ assertCredsLinesMatch(t, expected, buf) ++} ++ ++func TestCredsBufferProtect(t *testing.T) { ++ creds := make(Creds) ++ ++ // Always disallow LF characters ++ creds["protocol"] = []string{"https"} ++ creds["host"] = []string{"one.example.com\nhost=two.example.com"} ++ ++ buf, err := creds.buffer(false) ++ assert.Error(t, err) ++ assert.Nil(t, buf) ++ ++ buf, err = creds.buffer(true) ++ assert.Error(t, err) ++ assert.Nil(t, buf) ++ ++ // Disallow CR characters unless protocol protection disabled ++ creds["host"] = []string{"one.example.com\rhost=two.example.com"} ++ ++ expected := []string{"", "protocol=https\n", "host=one.example.com\rhost=two.example.com\n"} ++ ++ buf, err = creds.buffer(false) ++ assert.NoError(t, err) ++ assertCredsLinesMatch(t, expected, buf) ++ ++ buf, err = creds.buffer(true) ++ assert.Error(t, err) ++ assert.Nil(t, buf) ++ ++ // Always disallow null bytes ++ creds["host"] = []string{"one.example.com\x00host=two.example.com"} ++ ++ buf, err = creds.buffer(false) ++ assert.Error(t, err) ++ assert.Nil(t, buf) ++ ++ buf, err = creds.buffer(true) ++ assert.Error(t, err) ++ assert.Nil(t, buf) ++} ++ + type testCredHelper struct { + fillErr error + approveErr error +diff -urN b/t/cmd/lfstest-gitserver.go a/t/cmd/lfstest-gitserver.go +--- b/t/cmd/lfstest-gitserver.go 2023-12-13 19:56:25.000000000 +0100 ++++ a/t/cmd/lfstest-gitserver.go 2025-01-16 14:33:23.825991696 +0100 +@@ -27,6 +27,7 @@ + "net/http" + "net/http/httptest" + "net/textproto" ++ "net/url" + "os" + "os/exec" + "regexp" +@@ -252,6 +253,7 @@ + } + + func lfsUrl(repo, oid string, redirect bool) string { ++ repo = url.QueryEscape(repo) + if redirect { + return server.URL + "/redirect307/objects/" + oid + "?r=" + repo + } +diff -urN b/t/t-credentials-protect.sh a/t/t-credentials-protect.sh +--- b/t/t-credentials-protect.sh 1970-01-01 01:00:00.000000000 +0100 ++++ a/t/t-credentials-protect.sh 2025-01-16 14:03:23.597029590 +0100 +@@ -0,0 +1,146 @@ ++#!/usr/bin/env bash ++ ++. "$(dirname "$0")/testlib.sh" ++ ++ensure_git_version_isnt $VERSION_LOWER "2.3.0" ++ ++export CREDSDIR="$REMOTEDIR/creds-credentials-protect" ++setup_creds ++ ++# Copy the default record file for the test credential helper to match the ++# hostname used in the Git LFS configurations of the tests. ++cp "$CREDSDIR/127.0.0.1" "$CREDSDIR/localhost" ++ ++begin_test "credentials rejected with line feed" ++( ++ set -e ++ ++ reponame="protect-linefeed" ++ setup_remote_repo "$reponame" ++ clone_repo "$reponame" "$reponame" ++ ++ contents="a" ++ contents_oid=$(calc_oid "$contents") ++ ++ git lfs track "*.dat" ++ printf "%s" "$contents" >a.dat ++ git add .gitattributes a.dat ++ git commit -m "add a.dat" ++ ++ # Using localhost instead of 127.0.0.1 in the LFS API URL ensures this URL ++ # is used when filling credentials rather than the Git remote URL, which ++ # would otherwise be used since it would have the same scheme and hostname. ++ gitserver="$(echo "$GITSERVER" | sed 's/127\.0\.0\.1/localhost/')" ++ testreponame="test%0a$reponame" ++ git config lfs.url "$gitserver/$testreponame.git/info/lfs" ++ ++ GIT_TRACE=1 git lfs push origin main 2>&1 | tee push.log ++ if [ "0" -eq "${PIPESTATUS[0]}" ]; then ++ echo >&2 "fatal: expected 'git lfs push' to fail ..." ++ exit 1 ++ fi ++ grep "batch response: Git credentials for $gitserver.* not found" push.log ++ grep "credential value for path contains newline" push.log ++ refute_server_object "$testreponame" "$contents_oid" ++ ++ git config credential.protectProtocol false ++ ++ GIT_TRACE=1 git lfs push origin main 2>&1 | tee push.log ++ if [ "0" -eq "${PIPESTATUS[0]}" ]; then ++ echo >&2 "fatal: expected 'git lfs push' to fail ..." ++ exit 1 ++ fi ++ grep "batch response: Git credentials for $gitserver.* not found" push.log ++ grep "credential value for path contains newline" push.log ++ refute_server_object "$testreponame" "$contents_oid" ++) ++end_test ++ ++begin_test "credentials rejected with carriage return" ++( ++ set -e ++ ++ reponame="protect-return" ++ setup_remote_repo "$reponame" ++ clone_repo "$reponame" "$reponame" ++ ++ contents="a" ++ contents_oid=$(calc_oid "$contents") ++ ++ git lfs track "*.dat" ++ printf "%s" "$contents" >a.dat ++ git add .gitattributes a.dat ++ git commit -m "add a.dat" ++ ++ # Using localhost instead of 127.0.0.1 in the LFS API URL ensures this URL ++ # is used when filling credentials rather than the Git remote URL, which ++ # would otherwise be used since it would have the same scheme and hostname. ++ gitserver="$(echo "$GITSERVER" | sed 's/127\.0\.0\.1/localhost/')" ++ testreponame="test%0d$reponame" ++ git config lfs.url "$gitserver/$testreponame.git/info/lfs" ++ ++ GIT_TRACE=1 git lfs push origin main 2>&1 | tee push.log ++ if [ "0" -eq "${PIPESTATUS[0]}" ]; then ++ echo >&2 "fatal: expected 'git lfs push' to fail ..." ++ exit 1 ++ fi ++ grep "batch response: Git credentials for $gitserver.* not found" push.log ++ grep "credential value for path contains carriage return" push.log ++ refute_server_object "$testreponame" "$contents_oid" ++ ++ git config credential.protectProtocol false ++ ++ git lfs push origin main 2>&1 | tee push.log ++ if [ "0" -ne "${PIPESTATUS[0]}" ]; then ++ echo >&2 "fatal: expected 'git lfs push' to succeed ..." ++ exit 1 ++ fi ++ [ $(grep -c "Uploading LFS objects: 100% (1/1)" push.log) -eq 1 ] ++ assert_server_object "$testreponame" "$contents_oid" ++) ++end_test ++ ++begin_test "credentials rejected with null byte" ++( ++ set -e ++ ++ reponame="protect-null" ++ setup_remote_repo "$reponame" ++ clone_repo "$reponame" "$reponame" ++ ++ contents="a" ++ contents_oid=$(calc_oid "$contents") ++ ++ git lfs track "*.dat" ++ printf "%s" "$contents" >a.dat ++ git add .gitattributes a.dat ++ git commit -m "add a.dat" ++ ++ # Using localhost instead of 127.0.0.1 in the LFS API URL ensures this URL ++ # is used when filling credentials rather than the Git remote URL, which ++ # would otherwise be used since it would have the same scheme and hostname. ++ gitserver="$(echo "$GITSERVER" | sed 's/127\.0\.0\.1/localhost/')" ++ testreponame="test%00$reponame" ++ git config lfs.url "$gitserver/$testreponame.git/info/lfs" ++ ++ GIT_TRACE=1 git lfs push origin main 2>&1 | tee push.log ++ if [ "0" -eq "${PIPESTATUS[0]}" ]; then ++ echo >&2 "fatal: expected 'git lfs push' to fail ..." ++ exit 1 ++ fi ++ grep "batch response: Git credentials for $gitserver.* not found" push.log ++ grep "credential value for path contains null byte" push.log ++ refute_server_object "$testreponame" "$contents_oid" ++ ++ git config credential.protectProtocol false ++ ++ GIT_TRACE=1 git lfs push origin main 2>&1 | tee push.log ++ if [ "0" -eq "${PIPESTATUS[0]}" ]; then ++ echo >&2 "fatal: expected 'git lfs push' to fail ..." ++ exit 1 ++ fi ++ grep "batch response: Git credentials for $gitserver.* not found" push.log ++ grep "credential value for path contains null byte" push.log ++ refute_server_object "$testreponame" "$contents_oid" ++) ++end_test +diff -urN b/t/testhelpers.sh a/t/testhelpers.sh +--- b/t/testhelpers.sh 2023-12-13 19:56:25.000000000 +0100 ++++ a/t/testhelpers.sh 2025-01-16 14:15:19.240279305 +0100 +@@ -557,6 +557,14 @@ + fi + } + ++ ++setup_creds() { ++ mkdir -p "$CREDSDIR" ++ write_creds_file "user:pass" "$CREDSDIR/127.0.0.1" ++ write_creds_file ":pass" "$CREDSDIR/--$certpath" ++ write_creds_file ":pass" "$CREDSDIR/--$keypath" ++} ++ + # setup initializes the clean, isolated environment for integration tests. + setup() { + cd "$ROOTDIR" +@@ -613,10 +621,7 @@ + # setup the git credential password storage + local certpath="$(echo "$LFS_CLIENT_CERT_FILE" | tr / -)" + local keypath="$(echo "$LFS_CLIENT_KEY_FILE_ENCRYPTED" | tr / -)" +- mkdir -p "$CREDSDIR" +- write_creds_file "user:pass" "$CREDSDIR/127.0.0.1" +- write_creds_file ":pass" "$CREDSDIR/--$certpath" +- write_creds_file ":pass" "$CREDSDIR/--$keypath" ++ setup_creds + + echo "#" + echo "# HOME: $HOME" diff --git a/git-lfs.spec b/git-lfs.spec index 7dfcbe8..2c40fc8 100644 --- a/git-lfs.spec +++ b/git-lfs.spec @@ -1,4 +1,3 @@ -%define anolis_release .0.1 # Build man pages %global with_manpages 1 @@ -15,16 +14,12 @@ Version: 3.4.1 %global gobuilddir %{_builddir}/%{name}-%{version}/_build -%ifnarch loongarch64 -%define pie_mode -buildmode pie -%endif - # define gobuild macro to not lose hardening, because of macro conflict # https://bugzilla.redhat.com/show_bug.cgi?id=1919348 -%global gobuild CGO_CPPFLAGS="-D_FORTIFY_SOURCE=2 -fstack-protector-all" go build -compiler gc %{?!pie_mode} '-tags=rpm_crashtraceback libtrust_openssl ' -ldflags "-linkmode=external -compressdwarf=false ${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v -x %{?**} +%global gobuild CGO_CPPFLAGS="-D_FORTIFY_SOURCE=2 -fstack-protector-all" go build -compiler gc -buildmode pie '-tags=rpm_crashtraceback libtrust_openssl ' -ldflags "-linkmode=external -compressdwarf=false ${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v -x %{?**} Name: git-lfs -Release: 3%{anolis_release}%{?dist} +Release: 4%{?dist} Summary: Git extension for versioning large files License: MIT @@ -34,6 +29,11 @@ Source1: manpages.tgz # See this script. Generating of manpages is performed on other distros due to some missing rubygem-asciidoctor on RHEL-8 Source2: gen-manpages.sh +# https://github.com/advisories/GHSA-q6r2-x2cc-vrp7 +# Backports 268628b, 4423696, 0345b6f and f6904cc that resolves the CVE-2024-53263 +# Aditionally backports b326b63 +# Commits had to be adapted as git-lfs-3.4.1 doesn't support multistage authentication +Patch: git-lfs-3.4.1-cve-2024-53263.patch # Generated provides by vendor2provides.py # https://src.fedoraproject.org/rpms/syncthing/blob/603e4e03a92a7d704d199629dd85304018e8279d/f/vendor2provides.py @@ -83,27 +83,12 @@ BuildRequires: git >= 2.32.0 %endif Requires: git-core >= 2.32.0 -%ifarch loongarch64 -BuildRequires: golang-vendored-golang.org -%endif - -Requires: bash -Requires: glibc - -Provides: /usr/bin/git-lfs %description Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. -%package doc -Summary: Documents for %{name} -BuildArch: noarch -Requires: %{name} = %{version}-%{release} - -%description doc -Doc pages for %{name}. %prep %autosetup -p1 -n %{name}-%{version} @@ -125,11 +110,6 @@ sed -i -e 's!^BINPATH=.\+!BINPATH="%{gobuilddir}/bin"!g' t/testenv.sh export GOPATH=%{gobuilddir}:%{gopath} export GO111MODULE=off -%ifarch loongarch64 -rm -rf vendor/golang.org/x/sys vendor/golang.org/x/net -cp -arp %{_datadir}/golang/vendor/golang.org/x/* vendor/golang.org/x/ -%endif - # Build manpages first (some embedding in the executable is done.) pushd docs %gobuild -o mangen man/mangen.go @@ -186,20 +166,18 @@ PATH=%{buildroot}%{_bindir}:%{gobuilddir}/bin:$PATH \ %files # In Fedora this is done by using %%gopkgfiles +%doc README.md CHANGELOG.md docs %license LICENSE.md %{_bindir}/%{name} %{_mandir}/man1/%{name}*.1* %{_mandir}/man5/%{name}*.5* %{_mandir}/man7/%{name}*.7* -%files doc -%doc README.md CHANGELOG.md docs %changelog -* Thu Sep 26 2024 Weisson - 3.4.1-3.0.1 -- Add doc sub package -- Disable pie mode for loongarch64 (geliwei@openanolis.org) -- Support loongarch build (geliwei@openanolis.org) +* Fri Jan 17 2025 Ondřej Pohořelský - 3.4.1-4 +- Backport CVE-2024-53263 fixes +- Resolves: RHEL-73931 * Mon Sep 23 2024 Ondřej Pohořelský - 3.4.1-3 - Rebuild with new Golang -- Gitee From 46b4278291aa171fc2f3d6581f869be0bce92290 Mon Sep 17 00:00:00 2001 From: Weisson Date: Sun, 17 Jul 2022 15:42:42 +0800 Subject: [PATCH 2/4] spec: add doc sub package Signed-off-by: Weisson --- git-lfs.spec | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/git-lfs.spec b/git-lfs.spec index 2c40fc8..8c36a50 100644 --- a/git-lfs.spec +++ b/git-lfs.spec @@ -1,3 +1,4 @@ +%define anolis_release .0.1 # Build man pages %global with_manpages 1 @@ -19,7 +20,7 @@ Version: 3.4.1 %global gobuild CGO_CPPFLAGS="-D_FORTIFY_SOURCE=2 -fstack-protector-all" go build -compiler gc -buildmode pie '-tags=rpm_crashtraceback libtrust_openssl ' -ldflags "-linkmode=external -compressdwarf=false ${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v -x %{?**} Name: git-lfs -Release: 4%{?dist} +Release: 4%{anolis_release}%{?dist} Summary: Git extension for versioning large files License: MIT @@ -83,12 +84,23 @@ BuildRequires: git >= 2.32.0 %endif Requires: git-core >= 2.32.0 +Requires: bash +Requires: glibc + +Provides: /usr/bin/git-lfs %description Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. +%package doc +Summary: Documents for %{name} +BuildArch: noarch +Requires: %{name} = %{version}-%{release} + +%description doc +Doc pages for %{name}. %prep %autosetup -p1 -n %{name}-%{version} @@ -166,15 +178,19 @@ PATH=%{buildroot}%{_bindir}:%{gobuilddir}/bin:$PATH \ %files # In Fedora this is done by using %%gopkgfiles -%doc README.md CHANGELOG.md docs %license LICENSE.md %{_bindir}/%{name} %{_mandir}/man1/%{name}*.1* %{_mandir}/man5/%{name}*.5* %{_mandir}/man7/%{name}*.7* +%files doc +%doc README.md CHANGELOG.md docs %changelog +* Fri Jan 31 2025 Weisson - 3.4.1-4.0.1 +- Add doc sub package + * Fri Jan 17 2025 Ondřej Pohořelský - 3.4.1-4 - Backport CVE-2024-53263 fixes - Resolves: RHEL-73931 -- Gitee From 3ea46b94c6ff686e124b69c3f6a0dbeb001e225d Mon Sep 17 00:00:00 2001 From: Liwei Ge Date: Tue, 29 Nov 2022 12:44:54 +0800 Subject: [PATCH 3/4] spec: disable pie mode for loongarch --- git-lfs.spec | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/git-lfs.spec b/git-lfs.spec index 8c36a50..f7749ec 100644 --- a/git-lfs.spec +++ b/git-lfs.spec @@ -15,9 +15,13 @@ Version: 3.4.1 %global gobuilddir %{_builddir}/%{name}-%{version}/_build +%ifnarch loongarch64 +%define pie_mode -buildmode pie +%endif + # define gobuild macro to not lose hardening, because of macro conflict # https://bugzilla.redhat.com/show_bug.cgi?id=1919348 -%global gobuild CGO_CPPFLAGS="-D_FORTIFY_SOURCE=2 -fstack-protector-all" go build -compiler gc -buildmode pie '-tags=rpm_crashtraceback libtrust_openssl ' -ldflags "-linkmode=external -compressdwarf=false ${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v -x %{?**} +%global gobuild CGO_CPPFLAGS="-D_FORTIFY_SOURCE=2 -fstack-protector-all" go build -compiler gc %{?!pie_mode} '-tags=rpm_crashtraceback libtrust_openssl ' -ldflags "-linkmode=external -compressdwarf=false ${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v -x %{?**} Name: git-lfs Release: 4%{anolis_release}%{?dist} @@ -190,6 +194,7 @@ PATH=%{buildroot}%{_bindir}:%{gobuilddir}/bin:$PATH \ %changelog * Fri Jan 31 2025 Weisson - 3.4.1-4.0.1 - Add doc sub package +- Disable pie mode for loongarch64 (geliwei@openanolis.org) * Fri Jan 17 2025 Ondřej Pohořelský - 3.4.1-4 - Backport CVE-2024-53263 fixes -- Gitee From ca6b0d410f53e0d02232e505d9cc5b048f1a671f Mon Sep 17 00:00:00 2001 From: Liwei Ge Date: Wed, 28 Dec 2022 22:19:37 +0800 Subject: [PATCH 4/4] spec: support loongarch build --- git-lfs.spec | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/git-lfs.spec b/git-lfs.spec index f7749ec..6464e8d 100644 --- a/git-lfs.spec +++ b/git-lfs.spec @@ -88,6 +88,10 @@ BuildRequires: git >= 2.32.0 %endif Requires: git-core >= 2.32.0 +%ifarch loongarch64 +BuildRequires: golang-vendored-golang.org +%endif + Requires: bash Requires: glibc @@ -126,6 +130,11 @@ sed -i -e 's!^BINPATH=.\+!BINPATH="%{gobuilddir}/bin"!g' t/testenv.sh export GOPATH=%{gobuilddir}:%{gopath} export GO111MODULE=off +%ifarch loongarch64 +rm -rf vendor/golang.org/x/sys vendor/golang.org/x/net +cp -arp %{_datadir}/golang/vendor/golang.org/x/* vendor/golang.org/x/ +%endif + # Build manpages first (some embedding in the executable is done.) pushd docs %gobuild -o mangen man/mangen.go @@ -195,6 +204,7 @@ PATH=%{buildroot}%{_bindir}:%{gobuilddir}/bin:$PATH \ * Fri Jan 31 2025 Weisson - 3.4.1-4.0.1 - Add doc sub package - Disable pie mode for loongarch64 (geliwei@openanolis.org) +- Support loongarch build (geliwei@openanolis.org) * Fri Jan 17 2025 Ondřej Pohořelský - 3.4.1-4 - Backport CVE-2024-53263 fixes -- Gitee