about summary refs log tree commit diff
Commit message (Collapse)AuthorAge
* Bump versionJason A. Donenfeld2020-01-13
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* git: update to v2.25.0Christian Hesse2020-01-13
| | | | | | | | | | Update to git version v2.25.0. Upstream renamed 'init_display_notes()' to 'load_display_notes()' in commit 1e6ed5441a61b5085978e0429691e2e2425f6846 ("notes: rename to load_display_notes()"). Signed-off-by: Christian Hesse <mail@eworm.de>
* tests: skip tests if strace is not functionalChristian Hesse2019-12-11
| | | | | | | | | | | | | Chances are that strace is available but not functional due to restricted permissions: strace: test_ptrace_get_syscall_info: PTRACE_TRACEME: Operation not permitted strace: ptrace(PTRACE_TRACEME, ...): Operation not permitted +++ exited with 1 +++ Just skip the tests then. Signed-off-by: Christian Hesse <mail@eworm.de>
* git: update to v2.24.1Christian Hesse2019-12-10
| | | | | | | | Update to git version v2.24.1. No changes required. Signed-off-by: Christian Hesse <mail@eworm.de>
* ui-repolist: do not return unsigned (negative) valueChristian Hesse2019-11-22
| | | | | | | | The function read_agefile() returns time_t, which is a signed datatime. We should not return unsigned (negative) value here. Reported-by: Johannes Stezenbach <js@linuxtv.org> Signed-off-by: Christian Hesse <mail@eworm.de>
* git: update to v2.24.0Christian Hesse2019-11-08
| | | | | | | | | | | Update to git version v2.24.0. Never use get_cached_commit_buffer() directly, use repo_get_commit_buffer() instead. The latter calls the former anyway. This fixes segmentation fault when commit-graph is enabled and get_cached_commit_buffer() does not return the expected result. Signed-off-by: Christian Hesse <mail@eworm.de>
* git: update to v2.23.0Christian Hesse2019-10-25
| | | | | | | | Update to git version v2.23.0. No changes required. Signed-off-by: Christian Hesse <mail@eworm.de>
* git: update to v2.22.0Christian Hesse2019-10-25
| | | | | | | | | | Update to git version v2.22.0. Upstream commit bce9db6d ("trace2: use system/global config for default trace2 settings") caused a regression. We have to unset HOME and XDG_CONFIG_HOME before early loading of config from trace2 code kicks in. Signed-off-by: Christian Hesse <mail@eworm.de>
* ui-tree: allow per repository override for enable-blameChristian Hesse2019-06-25
| | | | | | | The blame operation can cause high cost in terms of CPU load for huge repositories. Let's add a per repository override for enable-blame. Signed-off-by: Christian Hesse <mail@eworm.de>
* tests: successfully validate rc versionsChristian Hesse2019-06-05
| | | | | | | | For testing versions the version string differs for git tag (v2.22.0-rc3) and tarball file name (2.22.0.rc3). Let's fix validation for testing versions. Signed-off-by: Christian Hesse <mail@eworm.de>
* git: update to v2.21.0Christian Hesse2019-06-05
| | | | | | | | | | | | | | Update to git version v2.21.0. Required changes follow upstream commits: * 6a7895fd8a3bd409f2b71ffc355d5142172cc2a0 (commit: prepare free_commit_buffer and release_commit_memory for any repo) * e092073d643b17c82d72cf692fbfaea9c9796f11 (tree.c: make read_tree*() take 'struct repository *') Signed-off-by: Christian Hesse <mail@eworm.de> Reviewed-by: John Keeping <john@keeping.me.uk>
* ui-ssdiff: ban strncat()Christian Hesse2019-06-05
| | | | | | | Git version v2.21.0 marks strncat() as banned (commit ace5707a803eda0f1dde3d776dc3729d3bc7759a), so replace it. Signed-off-by: Christian Hesse <mail@eworm.de>
* global: make 'char *path' const where possibleChristian Hesse2019-06-05
| | | | Signed-off-by: Christian Hesse <mail@eworm.de>
* ui-shared: restrict to 15 levelsJason A. Donenfeld2019-05-20
| | | | | | | | Perhaps a more ideal version of this would be to not print breadcrumbs at all for paths that don't exist in the given repo at the given oid. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Reported-by: Fydor Wire Snark <wsnark@tuta.io>
* ui-diff,ui-tag: don't use htmlf with non-formatted stringsChris Mayo2019-02-23
| | | | Signed-off-by: Chris Mayo <aklhfex@gmail.com>
* ui-ssdiff: resolve HTML5 validation errorsChris Mayo2019-02-23
| | | | | | | | | - Remove ids from anchor elements. They were unusable because they were duplicated between files and versions of files. - Always close span, with html(). - Fix missing / on closing tr element in cgit_ssdiff_header_end(). Signed-off-by: Chris Mayo <aklhfex@gmail.com>
* filters: migrate from luacrypto to luaosslJason A. Donenfeld2019-01-03
| | | | | | | luaossl has no upstream anymore and doesn't support OpenSSL 1.1, whereas luaossl is quite active. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* ui-shared: fix broken sizeof in title setting and rewriteJason A. Donenfeld2019-01-02
| | | | | | | The old algorithm was totally incorrect. While we're at it, use « instead of \, since it makes more sense. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* git: update to v2.20.0Christian Hesse2018-12-09
| | | | | | | | | | | | Update to git version v2.20.0. Required changes follow upstream commits: * 00436bf1b1c2a8fe6cf5d2c2457d419d683042f4 (archive: initialize archivers earlier) * 611e42a5980a3a9f8bb3b1b49c1abde63c7a191e (xdiff: provide a separate emit callback for hunks) Signed-off-by: Christian Hesse <mail@eworm.de>
* ui-blame: set repo for sbJason A. Donenfeld2018-11-25
| | | | | | | Otherwise recent git complains and crashes with: "BUG: blame.c:1787: repo is NULL". Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* auth-filter: pass url with query string attachedJason A. Donenfeld2018-11-25
| | | | | | Otherwise redirections come out wrong. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* git: use xz compressed archive for downloadChristian Hesse2018-11-21
| | | | | | | | | Upstream will stop providing gz compressed source tarballs [0], so stop using them. [0] https://lists.zx2c4.com/pipermail/cgit/2018-November/004254.html Signed-off-by: Christian Hesse <mail@eworm.de>
* git: update to v2.19.1Christian Hesse2018-10-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update to git version v2.19.1. Required changes follow upstream commits: * commit: add repository argument to get_cached_commit_buffer (3ce85f7e5a41116145179f0fae2ce6d86558d099) * commit: add repository argument to lookup_commit_reference (2122f6754c93be8f02bfb5704ed96c88fc9837a8) * object: add repository argument to parse_object (109cd76dd3467bd05f8d2145b857006649741d5c) * tag: add repository argument to deref_tag (a74093da5ed601a09fa158e5ba6f6f14c1142a3e) * tag: add repository argument to lookup_tag (ce71efb713f97f476a2d2ab541a0c73f684a5db3) * tree: add repository argument to lookup_tree (f86bcc7b2ce6cad68ba1a48a528e380c6126705e) * archive.c: avoid access to the_index (b612ee202a48f129f81f8f6a5af6cf71d1a9caef) * for_each_*_object: move declarations to object-store.h (0889aae1cd18c1804ba01c1a4229e516dfb9fe9b) Signed-off-by: Christian Hesse <mail@eworm.de>
* ui-ssdiff: ban strcat()Christian Hesse2018-09-11
| | | | | | | | | Git upstream bans strcat() with commit: banned.h: mark strcat() as banned 1b11b64b815db62f93a04242e4aed5687a448748 Signed-off-by: Christian Hesse <mail@eworm.de>
* ui-ssdiff: ban strncpy()Christian Hesse2018-09-11
| | | | | | | | | Git upstream bans strncpy() with commit: banned.h: mark strncpy() as banned e488b7aba743d23b830d239dcc33d9ca0745a9ad Signed-off-by: Christian Hesse <mail@eworm.de>
* ui-shared: ban strcat()Christian Hesse2018-09-11
| | | | | | | | | | | Git upstream bans strcat() with commit: banned.h: mark strcat() as banned 1b11b64b815db62f93a04242e4aed5687a448748 To avoid compiler warnings from gcc 8.1.x we get the hard way. Signed-off-by: Christian Hesse <mail@eworm.de>
* ui-patch: ban sprintf()Christian Hesse2018-09-11
| | | | | | | | | Git upstream bans sprintf() with commit: banned.h: mark sprintf() as banned cc8fdaee1eeaf05d8dd55ff11f111b815f673c58 Signed-off-by: Christian Hesse <mail@eworm.de>
* ui-log: ban strncpy()Christian Hesse2018-09-11
| | | | | | | | | Git upstream bans strncpy() with commit: banned.h: mark strncpy() as banned e488b7aba743d23b830d239dcc33d9ca0745a9ad Signed-off-by: Christian Hesse <mail@eworm.de>
* ui-log: ban strcpy()Christian Hesse2018-09-11
| | | | | | | | | Git upstream bans strcpy() with commit: automatically ban strcpy() c8af66ab8ad7cd78557f0f9f5ef6a52fd46ee6dd Signed-off-by: Christian Hesse <mail@eworm.de>
* parsing: ban sprintf()Christian Hesse2018-09-11
| | | | | | | | | Git upstream bans sprintf() with commit: banned.h: mark sprintf() as banned cc8fdaee1eeaf05d8dd55ff11f111b815f673c58 Signed-off-by: Christian Hesse <mail@eworm.de>
* parsing: ban strncpy()Christian Hesse2018-09-11
| | | | | | | | | Git upstream bans strncpy() with commit: banned.h: mark strncpy() as banned e488b7aba743d23b830d239dcc33d9ca0745a9ad Signed-off-by: Christian Hesse <mail@eworm.de>
* filters: generate anchor links from markdownChristian Hesse2018-08-28
| | | | | | | This makes the markdown filter generate anchor links for headings. Signed-off-by: Christian Hesse <mail@eworm.de> Tested-by: jean-christophe manciot <actionmystique@gmail.com>
* Bump version.Jason A. Donenfeld2018-08-03
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* clone: fix directory traversalJason A. Donenfeld2018-08-03
| | | | | | | | | | | | This was introduced in the initial version of this code, way back when in 2008. $ curl http://127.0.0.1/cgit/repo/objects/?path=../../../../../../../../../etc/passwd root:x:0:0:root:/root:/bin/sh ... Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Reported-by: Jann Horn <jannh@google.com>
* config: record repo.snapshot-prefix in the per-repo configKonstantin Ryabitsev2018-08-03
| | | | | | | | Even if we find snapshot-prefix in the repo configuration, we are not writing it out into the rc- file, so setting the value does not have any effect. Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
* auth-filters: add simple file-based authentication schemeJason A. Donenfeld2018-08-03
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* auth-filters: use crypt() in simple-authenticationJason A. Donenfeld2018-07-15
| | | | | | | There's no use in giving a silly example to folks who will just copy it, so instead try to do something slightly better. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* auth-filters: generate secret securelyJason A. Donenfeld2018-07-15
| | | | | | This is much better than having the user generate it themselves. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* auth-filters: do not crash on nil usernameJason A. Donenfeld2018-07-14
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* auth-filter: do not write more than we've readJason A. Donenfeld2018-07-14
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* auth-filters: do not use HMAC-SHA1Jason A. Donenfeld2018-07-14
| | | | | | | Though SHA1 is broken, HMAC-SHA1 is still fine. But let's not push our luck; SHA256 is more sensible anyway. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Bump version.Jason A. Donenfeld2018-07-13
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Update COPYINGTodd Zullinger2018-07-10
| | | | | | | | | | | | | The address of the Free Software Foundation has changed since the license was added in 7640d90 ("Add license file and copyright notices", 2006-12-10). Update the license file from gnu.org¹. The only non-whitespace changes are the updated FSF address and two references to the L in LGPL changed from Library to Lesser. ¹ https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt Signed-off-by: Todd Zullinger <tmz@pobox.com>
* css: use correct size in annotated decorationJason A. Donenfeld2018-07-08
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* cgitrc.5: add local tar signature exampleJason A. Donenfeld2018-07-05
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Fix gcc 8.1.1 compiler warningsJason A. Donenfeld2018-07-04
| | | | | | | | | | | | | | | | | | | | | | CC ../shared.o ../shared.c: In function ‘expand_macro’: ../shared.c:487:3: warning: ‘strncpy’ specified bound depends on the length of the source argument [-Wstringop-overflow=] strncpy(name, value, len); ^~~~~~~~~~~~~~~~~~~~~~~~~ ../shared.c:484:9: note: length computed here len = strlen(value); ^~~~~~~~~~~~~ ../ui-shared.c: In function ‘cgit_repobasename’: ../ui-shared.c:136:2: warning: ‘strncpy’ specified bound 1024 equals destination size [-Wstringop-truncation] strncpy(rvbuf, reponame, sizeof(rvbuf)); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CC ../ui-ssdiff.o ../ui-ssdiff.c: In function ‘replace_tabs’: ../ui-ssdiff.c:142:4: warning: ‘strncat’ output truncated copying between 1 and 8 bytes from a string of length 8 [-Wstringop-truncation] strncat(result, spaces, 8 - (strlen(result) % 8)); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* cgitrc.5: document new signature notesJason A. Donenfeld2018-07-03
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* snapshot: support tar signature for compressed tarChristian Hesse2018-07-03
| | | | | | | | | | | | This adds support for kernel.org style signatures where the uncompressed tar archive is signed and compressed later. The signature is valid for all tar* snapshots. We have a filter which snapshots may be generated and downloaded. This has to allow tar signatures now even if tar itself is not allowed. To simplify things we allow all signatures. Signed-off-by: Christian Hesse <mail@eworm.de>
* extra-head-content: introduce another option for meta tagsJason A. Donenfeld2018-07-03
| | | | | | | This is to support things like go-import meta tags, which are on a per-repo basis. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Use string list strdup_strings for mimetypesJohn Keeping2018-06-27
| | | | | | | There's no need to do this manually with the string list API will do it for us. Signed-off-by: John Keeping <john@keeping.me.uk>