about summary refs log tree commit diff
Commit message (Collapse)AuthorAge
* ui-repolist: do not return unsigned (negative) valueChristian Hesse2019-11-22
| | | | | | | | The function read_agefile() returns time_t, which is a signed datatime. We should not return unsigned (negative) value here. Reported-by: Johannes Stezenbach <js@linuxtv.org> Signed-off-by: Christian Hesse <mail@eworm.de>
* git: update to v2.24.0Christian Hesse2019-11-08
| | | | | | | | | | | Update to git version v2.24.0. Never use get_cached_commit_buffer() directly, use repo_get_commit_buffer() instead. The latter calls the former anyway. This fixes segmentation fault when commit-graph is enabled and get_cached_commit_buffer() does not return the expected result. Signed-off-by: Christian Hesse <mail@eworm.de>
* git: update to v2.23.0Christian Hesse2019-10-25
| | | | | | | | Update to git version v2.23.0. No changes required. Signed-off-by: Christian Hesse <mail@eworm.de>
* git: update to v2.22.0Christian Hesse2019-10-25
| | | | | | | | | | Update to git version v2.22.0. Upstream commit bce9db6d ("trace2: use system/global config for default trace2 settings") caused a regression. We have to unset HOME and XDG_CONFIG_HOME before early loading of config from trace2 code kicks in. Signed-off-by: Christian Hesse <mail@eworm.de>
* ui-tree: allow per repository override for enable-blameChristian Hesse2019-06-25
| | | | | | | The blame operation can cause high cost in terms of CPU load for huge repositories. Let's add a per repository override for enable-blame. Signed-off-by: Christian Hesse <mail@eworm.de>
* tests: successfully validate rc versionsChristian Hesse2019-06-05
| | | | | | | | For testing versions the version string differs for git tag (v2.22.0-rc3) and tarball file name (2.22.0.rc3). Let's fix validation for testing versions. Signed-off-by: Christian Hesse <mail@eworm.de>
* git: update to v2.21.0Christian Hesse2019-06-05
| | | | | | | | | | | | | | Update to git version v2.21.0. Required changes follow upstream commits: * 6a7895fd8a3bd409f2b71ffc355d5142172cc2a0 (commit: prepare free_commit_buffer and release_commit_memory for any repo) * e092073d643b17c82d72cf692fbfaea9c9796f11 (tree.c: make read_tree*() take 'struct repository *') Signed-off-by: Christian Hesse <mail@eworm.de> Reviewed-by: John Keeping <john@keeping.me.uk>
* ui-ssdiff: ban strncat()Christian Hesse2019-06-05
| | | | | | | Git version v2.21.0 marks strncat() as banned (commit ace5707a803eda0f1dde3d776dc3729d3bc7759a), so replace it. Signed-off-by: Christian Hesse <mail@eworm.de>
* global: make 'char *path' const where possibleChristian Hesse2019-06-05
| | | | Signed-off-by: Christian Hesse <mail@eworm.de>
* ui-shared: restrict to 15 levelsJason A. Donenfeld2019-05-20
| | | | | | | | Perhaps a more ideal version of this would be to not print breadcrumbs at all for paths that don't exist in the given repo at the given oid. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Reported-by: Fydor Wire Snark <wsnark@tuta.io>
* ui-diff,ui-tag: don't use htmlf with non-formatted stringsChris Mayo2019-02-23
| | | | Signed-off-by: Chris Mayo <aklhfex@gmail.com>
* ui-ssdiff: resolve HTML5 validation errorsChris Mayo2019-02-23
| | | | | | | | | - Remove ids from anchor elements. They were unusable because they were duplicated between files and versions of files. - Always close span, with html(). - Fix missing / on closing tr element in cgit_ssdiff_header_end(). Signed-off-by: Chris Mayo <aklhfex@gmail.com>
* filters: migrate from luacrypto to luaosslJason A. Donenfeld2019-01-03
| | | | | | | luaossl has no upstream anymore and doesn't support OpenSSL 1.1, whereas luaossl is quite active. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* ui-shared: fix broken sizeof in title setting and rewriteJason A. Donenfeld2019-01-02
| | | | | | | The old algorithm was totally incorrect. While we're at it, use « instead of \, since it makes more sense. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* git: update to v2.20.0Christian Hesse2018-12-09
| | | | | | | | | | | | Update to git version v2.20.0. Required changes follow upstream commits: * 00436bf1b1c2a8fe6cf5d2c2457d419d683042f4 (archive: initialize archivers earlier) * 611e42a5980a3a9f8bb3b1b49c1abde63c7a191e (xdiff: provide a separate emit callback for hunks) Signed-off-by: Christian Hesse <mail@eworm.de>
* ui-blame: set repo for sbJason A. Donenfeld2018-11-25
| | | | | | | Otherwise recent git complains and crashes with: "BUG: blame.c:1787: repo is NULL". Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* auth-filter: pass url with query string attachedJason A. Donenfeld2018-11-25
| | | | | | Otherwise redirections come out wrong. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* git: use xz compressed archive for downloadChristian Hesse2018-11-21
| | | | | | | | | Upstream will stop providing gz compressed source tarballs [0], so stop using them. [0] https://lists.zx2c4.com/pipermail/cgit/2018-November/004254.html Signed-off-by: Christian Hesse <mail@eworm.de>
* git: update to v2.19.1Christian Hesse2018-10-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update to git version v2.19.1. Required changes follow upstream commits: * commit: add repository argument to get_cached_commit_buffer (3ce85f7e5a41116145179f0fae2ce6d86558d099) * commit: add repository argument to lookup_commit_reference (2122f6754c93be8f02bfb5704ed96c88fc9837a8) * object: add repository argument to parse_object (109cd76dd3467bd05f8d2145b857006649741d5c) * tag: add repository argument to deref_tag (a74093da5ed601a09fa158e5ba6f6f14c1142a3e) * tag: add repository argument to lookup_tag (ce71efb713f97f476a2d2ab541a0c73f684a5db3) * tree: add repository argument to lookup_tree (f86bcc7b2ce6cad68ba1a48a528e380c6126705e) * archive.c: avoid access to the_index (b612ee202a48f129f81f8f6a5af6cf71d1a9caef) * for_each_*_object: move declarations to object-store.h (0889aae1cd18c1804ba01c1a4229e516dfb9fe9b) Signed-off-by: Christian Hesse <mail@eworm.de>
* ui-ssdiff: ban strcat()Christian Hesse2018-09-11
| | | | | | | | | Git upstream bans strcat() with commit: banned.h: mark strcat() as banned 1b11b64b815db62f93a04242e4aed5687a448748 Signed-off-by: Christian Hesse <mail@eworm.de>
* ui-ssdiff: ban strncpy()Christian Hesse2018-09-11
| | | | | | | | | Git upstream bans strncpy() with commit: banned.h: mark strncpy() as banned e488b7aba743d23b830d239dcc33d9ca0745a9ad Signed-off-by: Christian Hesse <mail@eworm.de>
* ui-shared: ban strcat()Christian Hesse2018-09-11
| | | | | | | | | | | Git upstream bans strcat() with commit: banned.h: mark strcat() as banned 1b11b64b815db62f93a04242e4aed5687a448748 To avoid compiler warnings from gcc 8.1.x we get the hard way. Signed-off-by: Christian Hesse <mail@eworm.de>
* ui-patch: ban sprintf()Christian Hesse2018-09-11
| | | | | | | | | Git upstream bans sprintf() with commit: banned.h: mark sprintf() as banned cc8fdaee1eeaf05d8dd55ff11f111b815f673c58 Signed-off-by: Christian Hesse <mail@eworm.de>
* ui-log: ban strncpy()Christian Hesse2018-09-11
| | | | | | | | | Git upstream bans strncpy() with commit: banned.h: mark strncpy() as banned e488b7aba743d23b830d239dcc33d9ca0745a9ad Signed-off-by: Christian Hesse <mail@eworm.de>
* ui-log: ban strcpy()Christian Hesse2018-09-11
| | | | | | | | | Git upstream bans strcpy() with commit: automatically ban strcpy() c8af66ab8ad7cd78557f0f9f5ef6a52fd46ee6dd Signed-off-by: Christian Hesse <mail@eworm.de>
* parsing: ban sprintf()Christian Hesse2018-09-11
| | | | | | | | | Git upstream bans sprintf() with commit: banned.h: mark sprintf() as banned cc8fdaee1eeaf05d8dd55ff11f111b815f673c58 Signed-off-by: Christian Hesse <mail@eworm.de>
* parsing: ban strncpy()Christian Hesse2018-09-11
| | | | | | | | | Git upstream bans strncpy() with commit: banned.h: mark strncpy() as banned e488b7aba743d23b830d239dcc33d9ca0745a9ad Signed-off-by: Christian Hesse <mail@eworm.de>
* filters: generate anchor links from markdownChristian Hesse2018-08-28
| | | | | | | This makes the markdown filter generate anchor links for headings. Signed-off-by: Christian Hesse <mail@eworm.de> Tested-by: jean-christophe manciot <actionmystique@gmail.com>
* Bump version.Jason A. Donenfeld2018-08-03
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* clone: fix directory traversalJason A. Donenfeld2018-08-03
| | | | | | | | | | | | This was introduced in the initial version of this code, way back when in 2008. $ curl http://127.0.0.1/cgit/repo/objects/?path=../../../../../../../../../etc/passwd root:x:0:0:root:/root:/bin/sh ... Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Reported-by: Jann Horn <jannh@google.com>
* config: record repo.snapshot-prefix in the per-repo configKonstantin Ryabitsev2018-08-03
| | | | | | | | Even if we find snapshot-prefix in the repo configuration, we are not writing it out into the rc- file, so setting the value does not have any effect. Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
* auth-filters: add simple file-based authentication schemeJason A. Donenfeld2018-08-03
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* auth-filters: use crypt() in simple-authenticationJason A. Donenfeld2018-07-15
| | | | | | | There's no use in giving a silly example to folks who will just copy it, so instead try to do something slightly better. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* auth-filters: generate secret securelyJason A. Donenfeld2018-07-15
| | | | | | This is much better than having the user generate it themselves. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* auth-filters: do not crash on nil usernameJason A. Donenfeld2018-07-14
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* auth-filter: do not write more than we've readJason A. Donenfeld2018-07-14
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* auth-filters: do not use HMAC-SHA1Jason A. Donenfeld2018-07-14
| | | | | | | Though SHA1 is broken, HMAC-SHA1 is still fine. But let's not push our luck; SHA256 is more sensible anyway. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Bump version.Jason A. Donenfeld2018-07-13
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Update COPYINGTodd Zullinger2018-07-10
| | | | | | | | | | | | | The address of the Free Software Foundation has changed since the license was added in 7640d90 ("Add license file and copyright notices", 2006-12-10). Update the license file from gnu.org¹. The only non-whitespace changes are the updated FSF address and two references to the L in LGPL changed from Library to Lesser. ¹ https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt Signed-off-by: Todd Zullinger <tmz@pobox.com>
* css: use correct size in annotated decorationJason A. Donenfeld2018-07-08
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* cgitrc.5: add local tar signature exampleJason A. Donenfeld2018-07-05
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Fix gcc 8.1.1 compiler warningsJason A. Donenfeld2018-07-04
| | | | | | | | | | | | | | | | | | | | | | CC ../shared.o ../shared.c: In function ‘expand_macro’: ../shared.c:487:3: warning: ‘strncpy’ specified bound depends on the length of the source argument [-Wstringop-overflow=] strncpy(name, value, len); ^~~~~~~~~~~~~~~~~~~~~~~~~ ../shared.c:484:9: note: length computed here len = strlen(value); ^~~~~~~~~~~~~ ../ui-shared.c: In function ‘cgit_repobasename’: ../ui-shared.c:136:2: warning: ‘strncpy’ specified bound 1024 equals destination size [-Wstringop-truncation] strncpy(rvbuf, reponame, sizeof(rvbuf)); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CC ../ui-ssdiff.o ../ui-ssdiff.c: In function ‘replace_tabs’: ../ui-ssdiff.c:142:4: warning: ‘strncat’ output truncated copying between 1 and 8 bytes from a string of length 8 [-Wstringop-truncation] strncat(result, spaces, 8 - (strlen(result) % 8)); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* cgitrc.5: document new signature notesJason A. Donenfeld2018-07-03
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* snapshot: support tar signature for compressed tarChristian Hesse2018-07-03
| | | | | | | | | | | | This adds support for kernel.org style signatures where the uncompressed tar archive is signed and compressed later. The signature is valid for all tar* snapshots. We have a filter which snapshots may be generated and downloaded. This has to allow tar signatures now even if tar itself is not allowed. To simplify things we allow all signatures. Signed-off-by: Christian Hesse <mail@eworm.de>
* extra-head-content: introduce another option for meta tagsJason A. Donenfeld2018-07-03
| | | | | | | This is to support things like go-import meta tags, which are on a per-repo basis. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Use string list strdup_strings for mimetypesJohn Keeping2018-06-27
| | | | | | | There's no need to do this manually with the string list API will do it for us. Signed-off-by: John Keeping <john@keeping.me.uk>
* manpage: fix sorting orderAndy Green2018-06-27
| | | | | | | | You maybe didn't know you had OCD until you saw an alpha sorted list that has stuff out of order in it. Signed-off-by: Andy Green <andy@warmcat.com> Reviewed-by: John Keeping <john@keeping.me.uk>
* cache: close race window when unlocking slotsJohn Keeping2018-06-27
| | | | | | | | | | | | | | | | | | | | We use POSIX advisory record locks to control access to cache slots, but these have an unhelpful behaviour in that they are released when any file descriptor referencing the file is closed by this process. Mostly this is okay, since we know we won't be opening the lock file anywhere else, but there is one place that it does matter: when we restore stdout we dup2() over a file descriptor referring to the file, thus closing that descriptor. Since we restore stdout before unlocking the slot, this creates a window during which the slot content can be overwritten. The fix is reasonably straightforward: simply restore stdout after unlocking the slot, but the diff is a bit bigger because this requires us to move the temporary stdout FD into struct cache_slot. Signed-off-by: John Keeping <john@keeping.me.uk> Reviewed-by: Christian Hesse <mail@eworm.de>
* git: update to v2.18.0Christian Hesse2018-06-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update to git version v2.18.0. Required changes follow upstream commits: * Convert find_unique_abbrev* to struct object_id (aab9583f7b5ea5463eb3f653a0b4ecac7539dc94) * sha1_file: convert read_sha1_file to struct object_id (b4f5aca40e6f77cbabcbf4ff003c3cf30a1830c8) * sha1_file: convert sha1_object_info* to object_id (abef9020e3df87c441c9a3a95f592fce5fa49bb9) * object-store: move packed_git and packed_git_mru to object store (a80d72db2a73174b3f22142eb2014b33696fd795) * treewide: rename tree to maybe_tree (891435d55da80ca3654b19834481205be6bdfe33) The changed data types required some of our own functions to be converted to struct object_id: ls_item print_dir print_dir_entry print_object single_tree_cb walk_tree write_tree_link And finally we use new upstream functions that were added for struct object_id: hashcpy -> oidcpy sha1_to_hex -> oid_to_hex Signed-off-by: Christian Hesse <mail@eworm.de> Reviewed-by: John Keeping <john@keeping.me.uk>
* global: remove functionality we deprecated for cgit v1.0Christian Hesse2018-06-27
| | | | | | | | The man page states these were deprecated for v1.0. We are past v1.1, so remove the functionality. Signed-off-by: Christian Hesse <mail@eworm.de> Reviewed-by: John Keeping <john@keeping.me.uk>