summary refs log tree commit diff
path: root/compat/getpagesize.c
diff options
context:
space:
mode:
authorJune McEnroe <june@causal.agency>2020-07-31 22:53:27 -0400
committerJune McEnroe <june@causal.agency>2020-07-31 23:10:51 -0400
commita6df11f2bbd2c9cdf4a8f16d93d8a56c8f41c68d (patch)
treeaa5fe01a11fa67f1dea2f3116f41a1684219542d /compat/getpagesize.c
parenttls_config: Replace constant with X509_get_default_cert_file() (diff)
downloadlibretls-a6df11f2bbd2c9cdf4a8f16d93d8a56c8f41c68d.tar.gz
libretls-a6df11f2bbd2c9cdf4a8f16d93d8a56c8f41c68d.zip
tls: Call SSL_CTX_set_default_verify_paths by default
This removes the hard dependency on a CA bundle file existing in the
default path (which seems to not be the case on Debian, for example),
but results in a subtle behaviour change: if the CA bundle file does not
exist, the CA directory will be used instead, rather than failing hard.

I believe the only reason libtls insists on loading a CA bundle file
itself is so that it can be sandboxed afterwards, given that a file is
loaded all at once while a directory is only loaded as needed. If the
default CA bundle file exists, SSL_CTX_set_default_verify_paths will
still immediately load it, so sandboxing will still work. If it doesn't
exist, then the CA directory will be used, which will work well for
unsandboxed applications, but will likely fail during verification as it
tries to search the directory. Either way, if the CA bundle file does
not exist, a sandboxed application will not work. Enabling the use of
the CA directory, however, will allow more unsandboxed applications to
work.

Finally, to restore the original behaviour, an application can call
tls_config_set_ca_file(3) with the path returned by
tls_default_ca_cert_file(3).
Diffstat (limited to '')
0 files changed, 0 insertions, 0 deletions
 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-02-21 11:53:42 +0000


 


2019-10-25 11:40:17 +0200'>2019-10-25git: update to v2.22.0Christian Hesse

Update to git version v2.22.0.

Upstream commit bce9db6d ("trace2: use system/global config for default
trace2 settings") caused a regression. We have to unset HOME and
XDG_CONFIG_HOME before early loading of config from trace2 code kicks in.

Signed-off-by: Christian Hesse <mail@eworm.de>



2019-06-25ui-tree: allow per repository override for enable-blameChristian Hesse

The blame operation can cause high cost in terms of CPU load for huge
repositories. Let's add a per repository override for enable-blame.

Signed-off-by: Christian Hesse <mail@eworm.de>



2019-06-05tests: successfully validate rc versionsChristian Hesse

For testing versions the version string differs for git tag (v2.22.0-rc3)
and tarball file name (2.22.0.rc3). Let's fix validation for testing
versions.

Signed-off-by: Christian Hesse <mail@eworm.de>



2019-06-05git: update to v2.21.0Christian Hesse

Update to git version v2.21.0. Required changes follow upstream commits:

* 6a7895fd8a3bd409f2b71ffc355d5142172cc2a0
  (commit: prepare free_commit_buffer and release_commit_memory for
  any repo)

* e092073d643b17c82d72cf692fbfaea9c9796f11
  (tree.c: make read_tree*() take 'struct repository *')

Signed-off-by: Christian Hesse <mail@eworm.de>
Reviewed-by: John Keeping <john@keeping.me.uk>



2019-06-05ui-ssdiff: ban strncat()Christian Hesse

Git version v2.21.0 marks strncat() as banned (commit
ace5707a803eda0f1dde3d776dc3729d3bc7759a), so replace it.

Signed-off-by: Christian Hesse <mail@eworm.de>



2019-06-05global: make 'char *path' const where possibleChristian Hesse

Signed-off-by: Christian Hesse <mail@eworm.de>



2019-05-20ui-shared: restrict to 15 levelsJason A. Donenfeld

Perhaps a more ideal version of this would be to not print breadcrumbs
at all for paths that don't exist in the given repo at the given oid.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reported-by: Fydor Wire Snark <wsnark@tuta.io>



2019-02-23ui-diff,ui-tag: don't use htmlf with non-formatted stringsChris Mayo

Signed-off-by: Chris Mayo <aklhfex@gmail.com>



2019-02-23ui-ssdiff: resolve HTML5 validation errorsChris Mayo

- Remove ids from anchor elements. They were unusable because they were
  duplicated between files and versions of files.
- Always close span, with html().
- Fix missing / on closing tr element in cgit_ssdiff_header_end().

Signed-off-by: Chris Mayo <aklhfex@gmail.com>



2019-01-03filters: migrate from luacrypto to luaosslJason A. Donenfeld

luaossl has no upstream anymore and doesn't support OpenSSL 1.1,
whereas luaossl is quite active.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>



2019-01-02ui-shared: fix broken sizeof in title setting and rewriteJason A. Donenfeld

The old algorithm was totally incorrect. While we're at it, use «
instead of \, since it makes more sense.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>



2018-12-09git: update to v2.20.0Christian Hesse

Update to git version v2.20.0. Required changes follow upstream commits:

* 00436bf1b1c2a8fe6cf5d2c2457d419d683042f4
  (archive: initialize archivers earlier)

* 611e42a5980a3a9f8bb3b1b49c1abde63c7a191e
  (xdiff: provide a separate emit callback for hunks)

Signed-off-by: Christian Hesse <mail@eworm.de>



2018-11-25ui-blame: set repo for sbJason A. Donenfeld

Otherwise recent git complains and crashes with: "BUG: blame.c:1787:
repo is NULL".

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>



2018-11-25auth-filter: pass url with query string attachedJason A. Donenfeld

Otherwise redirections come out wrong.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>



2018-11-21git: use xz compressed archive for downloadChristian Hesse

Upstream will stop providing gz compressed source tarballs [0], so stop
using them.

[0] https://lists.zx2c4.com/pipermail/cgit/2018-November/004254.html

Signed-off-by: Christian Hesse <mail@eworm.de>



2018-10-12git: update to v2.19.1Christian Hesse

Update to git version v2.19.1. Required changes follow upstream commits:

* commit: add repository argument to get_cached_commit_buffer
  (3ce85f7e5a41116145179f0fae2ce6d86558d099)

* commit: add repository argument to lookup_commit_reference
  (2122f6754c93be8f02bfb5704ed96c88fc9837a8)

* object: add repository argument to parse_object
  (109cd76dd3467bd05f8d2145b857006649741d5c)

* tag: add repository argument to deref_tag
  (a74093da5ed601a09fa158e5ba6f6f14c1142a3e)

* tag: add repository argument to lookup_tag
  (ce71efb713f97f476a2d2ab541a0c73f684a5db3)

* tree: add repository argument to lookup_tree
  (f86bcc7b2ce6cad68ba1a48a528e380c6126705e)

* archive.c: avoid access to the_index
  (b612ee202a48f129f81f8f6a5af6cf71d1a9caef)

* for_each_*_object: move declarations to object-store.h
  (0889aae1cd18c1804ba01c1a4229e516dfb9fe9b)

Signed-off-by: Christian Hesse <mail@eworm.de>



2018-09-11ui-ssdiff: ban strcat()Christian Hesse

Git upstream bans strcat() with commit:

  banned.h: mark strcat() as banned
  1b11b64b815db62f93a04242e4aed5687a448748

Signed-off-by: Christian Hesse <mail@eworm.de>



2018-09-11ui-ssdiff: ban strncpy()Christian Hesse

Git upstream bans strncpy() with commit:

  banned.h: mark strncpy() as banned
  e488b7aba743d23b830d239dcc33d9ca0745a9ad

Signed-off-by: Christian Hesse <mail@eworm.de>



2018-09-11ui-shared: ban strcat()Christian Hesse

Git upstream bans strcat() with commit:

  banned.h: mark strcat() as banned
  1b11b64b815db62f93a04242e4aed5687a448748

To avoid compiler warnings from gcc 8.1.x we get the hard way.

Signed-off-by: Christian Hesse <mail@eworm.de>



2018-09-11ui-patch: ban sprintf()Christian Hesse

Git upstream bans sprintf() with commit:

  banned.h: mark sprintf() as banned
  cc8fdaee1eeaf05d8dd55ff11f111b815f673c58

Signed-off-by: Christian Hesse <mail@eworm.de>



2018-09-11ui-log: ban strncpy()Christian Hesse

Git upstream bans strncpy() with commit:

  banned.h: mark strncpy() as banned
  e488b7aba743d23b830d239dcc33d9ca0745a9ad

Signed-off-by: Christian Hesse <mail@eworm.de>



2018-09-11ui-log: ban strcpy()Christian Hesse

Git upstream bans strcpy() with commit:

  automatically ban strcpy()
  c8af66ab8ad7cd78557f0f9f5ef6a52fd46ee6dd

Signed-off-by: Christian Hesse <mail@eworm.de>



2018-09-11parsing: ban sprintf()Christian Hesse

Git upstream bans sprintf() with commit:

  banned.h: mark sprintf() as banned
  cc8fdaee1eeaf05d8dd55ff11f111b815f673c58

Signed-off-by: Christian Hesse <mail@eworm.de>



2018-09-11parsing: ban strncpy()Christian Hesse

Git upstream bans strncpy() with commit:

  banned.h: mark strncpy() as banned
  e488b7aba743d23b830d239dcc33d9ca0745a9ad

Signed-off-by: Christian Hesse <mail@eworm.de>



2018-08-28filters: generate anchor links from markdownChristian Hesse

This makes the markdown filter generate anchor links for headings.

Signed-off-by: Christian Hesse <mail@eworm.de>
Tested-by: jean-christophe manciot <actionmystique@gmail.com>



2018-08-03Bump version.Jason A. Donenfeld

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>



2018-08-03clone: fix directory traversalJason A. Donenfeld

This was introduced in the initial version of this code, way back when
in 2008.

$ curl http://127.0.0.1/cgit/repo/objects/?path=../../../../../../../../../etc/passwd
root:x:0:0:root:/root:/bin/sh
...

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reported-by: Jann Horn <jannh@google.com>



2018-08-03config: record repo.snapshot-prefix in the per-repo configKonstantin Ryabitsev