| Commit message (Collapse) | Author |
|---|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Now this is possible in cgitrc -
readme=:README.md
readme=:readme.md
readme=:README.mkd
readme=:readme.mkd
readme=:README.rst
readme=:readme.rst
readme=:README.html
readme=:readme.html
readme=:README.htm
readme=:readme.htm
readme=:README.txt
readme=:readme.txt
readme=:README
readme=:readme
readme=:INSTALL.txt
readme=:install.txt
readme=:INSTALL
readme=:install
Suggested-by: John Keeping <john@keeping.me.uk>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Using the url= query string, it was possible request arbitrary files
from the filesystem if the readme for a given page was set to a
filesystem file. The following request would return my /etc/passwd file:
http://git.zx2c4.com/?url=/somerepo/about/../../../../etc/passwd
http://data.zx2c4.com/cgit-directory-traversal.png
This fix uses realpath(3) to canonicalize all paths, and then compares
the base components.
This fix introduces a subtle timing attack, whereby a client can check
whether or not strstr is called using timing measurements in order
to determine if a given file exists on the filesystem.
This fix also does not account for filesystem race conditions (TOCTOU)
in resolving symlinks.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
The readme variable may now contain multiple space deliminated entries,
which per usual are either a filepath or a git ref filepath. If multiple
are specified, cgit will now select the first one in the list that
exists. This is to make it easier to specify multiple default readme
types in the main cgitrc file and have them automatically get applied to
each repo based on what exists.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
This gives the about-filter API the same semantics as source-filter,
where the filter receives the filename so it can decide what to do next
with it.
While we're at it, plug a memory leak.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
If the readme value begins with ":", and has no specified branch before
it, use the repository's default branch.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
The number of odd cases in which git will try to read config is far too
great to keep putting a bandaid over each one, so we'll just unset it.
If it turns out that scripts really liked to know about $HOME, we can
always reset it in the filter forks.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
We've now added quite a few config keys for repositories, but we've
forgotten to update the printing of it for cache files. Synchronize the
two.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
No changes required, just bump the submodule and Makefile versions.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
|
By using the standard library's printf, cache_ls does not redirect its
output to the cache when we change the process' stdout file descriptor
to point to the cache file. Fix this by using "htmlf" in the same way
that we do for writing HTTP headers.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
|
This means that we can avoid hardcoding the number of headers we expect
CGit to generate in test cases and simply remove whatever headers happen
to by there when we are checking body content.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
|
This replaces some code that is re-implementing die_errno by just
calling the function.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
|
If we fail to write HTML output once, there's no point carrying on so
just write a failure message once and die. By using Git's die_errno
function we also let the user know in what way the write failed.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
|
This helps projects that have a large number of tags to display them all
using custom CSS.
The default stylesheet has not been updated since what is useful for
projects with a lot of tags is not the same as what is useful for
projects with only a small number of decorations per commit.
Suggested-by: Konstantin Ryabitsev <mricon@kernel.org>
Signed-off-by: John Keeping <john@keeping.me.uk>
|
|
When building the "test" target we depend on both cgit and building the
Git tools. By doing this with two targets we end up running make in the
git/ directory twice, concurrently if using parallel make, which causes
us to build more than we need and potentially builds incorrectly if
multi-step build-then-move operations overlap.
Fix this by instead calling back into the makefile so that we alter the
"cgit" target to also build the Git tools.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
|
Commit fb3655d (use struct strbuf instead of static buffers, 2013-04-06)
broke the logic in cache.c::cache_ls by failing to set slot->cache_name
before calling open_slot.
While fixing this, also free the strbufs added by that commit once we're
done with them.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
|
We try to stick to POSIX shell in the tests but a "function" keyword has
found its way into t0109. Remove it.
This makes the tests work with dash again.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
|
|
|
It's a bit tedious to have to do this here too. If we encounter other
issues with $HOME down the line, I'll look into adding some nice utility
functions to handle this, or perhaps giving up on the hope that we could
keep $HOME defined for scripts.
This commit additionally adds a test case, should the issue surface
again.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
When creating the GIT-VERSION-FILE that we use to test that the version
of Git in git/ is the same as in the CGit Makefile, Git applies the
transform "s/-/./g" to the version string. This doesn't affect released
versions but does change RC version numbers such as 1.8.3-rc0.
While CGit should only refer to a released Git version in general, it is
useful to developers who want to test upcoming Git releases if the tests
do work with RCs, so change t0001 to apply the same transform to our
Makefile version before comparing it to the contents of
GIT-VERSION-FILE.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
|
No changes required, just bump the submodule and Makefile version.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
|
Commit fb3655d (use struct strbuf instead of static buffers -
2013-04-06) introduced a regression in the "section-from-path" handling
when the configured value is negative. By changing the "rel" variable
so that it includes a trailing slash, counting slashes from the end of
the string no longer gives the same answer as it did before.
Fix this by ensuring that "rel" does not have a trailing slash.
Reported-by: Julius Plenz <plenz@cis.fu-berlin.de>
Signed-off-by: John Keeping <john@keeping.me.uk>
|
|
When testing modifications in Git that affect CGit, it is annoying to
have t0001 failing simply because the Git version has a ".dirty" suffix
when the version of Git there does indeed match that specified in the
CGit makefile. Stop this by stripping the ".dirty" suffix from the
GIT_VERSION variable.
Note that this brings the "Git version" behaviour in line with the
"submodule version" case which does not check if the working tree in
git/ is modified.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
|
By default, Git's test suite puts the trash directories and test-results
directory into its own directory, not that containing the tests being
run. This is less convenient for inspecting test failures, so set the
output directory to CGit's tests/ directory instead.
Note that there is currently a bug in Git whereby it will create the
trash directories in our tests/ directory regardless of the value of
TEST_OUTPUT_DIRECTORY, and then fail to remove them once the tests are
done. This change does currently affect the location of the
test-results/ directory though.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
|
In order to ensure that we don't access $HOME at some point after
initial startup when rendering a specific view, run the strace test on a
range of different pages.
This ensures that we don't end up reading a configuration later for some
specific view.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
|
Several options must be specified prior to scan-path. This is consistant
source of user confusion. Document these facts.
Suggested-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
In cgit_print_snapshot_links() we strip leading "v" and "V", while we
currently only prepend a lower case "v" when parsing a snapshot file
name. This results in broken snapshot links for tags that start with an
upper case "V". Avoid this by prepending a "V" as a fallback.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
|
Note that we cannot use skip_all here since some tests have already been
executed when ZIP tests are reached. Use test prerequisites to skip
everything using unzip(1) if the binary is not available instead.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
|
"-i" isn't part of the POSIX standard and doesn't work on several
platforms such as OpenBSD. Use a temporary file instead.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
|
When set to "name", branches are sorted by name, which is the current
default. When set to "age", branches are sorted by the age of the
repository.
This feature was requested by Konstantin Ryabitsev for use on
kernel.org.
Proposed-by: Konstantin Ryabitsev <mricon@kernel.org>
|
|
Without '&&' between operations, we will not detect if strace or cgit
exit with an error status, which would cause a false positive test
status in this case.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
|
getenv() returns a NULL pointer if the specified variable name cannot be
found in the environment. However, some setenv() implementations crash
if a NULL pointer is passed as second argument. Only restore variables
that are not NULL.
See commit d96d2c98ebc4c2d3765f5b35c4142e0e828a421b for a related patch.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
|
The parsing of parameter expansion inside inner double quotes
breaks because we never look for ENDVAR while innerdq is true.
echo "${x#"${x+''}"''}
This patch fixes it by pushing the syntax stack if innerdq is
true and we enter a new parameter expansion.
This patch also fixes a corner case where a bad substitution error
occurs within arithmetic expansion.
Reported-by: Denys Vlasenko <vda.linux@googlemail.com>
Fixes: ab1cecb40478 (" parser: Add syntax stack for recursive...")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
|
dash -c 'echo ${}' should print "Bad subtitution" but instead
fails with "Syntax error: Missing '}'". This is caused by us
reading an extra character beyond the right brace. This patch
fixes it so that this construct only fails during expansion rather
than during parsing.
Fixes: 3df3edd13389 ("[PARSER] Report substition errors at...")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
|
Op 27-03-18 om 20:23 schreef Larry Hynes:
> Funny, I did wonder if it might be a contraction, but I did find
> it odd that it's not mentioned or explained. I'll leave it be, if
> you all are happy enough to keep it 'as is', or can resubmit if you
> think it's warranted.
I think the simple fact that it came up here is evidence that this is
too jargony for a manual. Patch attached.
- M.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
|
On Mon, Mar 26, 2018 at 07:25:20PM +0200, Martijn Dekker wrote:
> Op 26-03-18 om 17:38 schreef Harald van Dijk:
> > And not by dash 0.5.4. Like I wrote, dash 0.5.5 had some bugs that were
> > fixed in 0.5.6, which mostly restored the behaviour to match <0.5.5.
>
> Ah, sorry. dash 0.5.4 and earlier don't compile on my system, so they
> are not included in my conveniently accessible arsenal of test shells.
>
> > As for my patches, that was by accident and doesn't work reliably. When
> > the shell sees no metacharacters, pathname expansion is bypassed, and
> > backslash isn't considered a metacharacter. Which got me to my original
> > example of /de\v: there are no metacharacters in there, so the shell
> > doesn't look to see if it matches anything. Which seems highly
> > desirable: the shell shouldn't need to hit the file system for words not
> > containing metacharacters. The only way then to get consistent behaviour
> > is if the backslash is taken as quoted, so I'm not tempted to argue for
> > the behaviour you're hoping for, sorry. :)
Here is a better example:
a="/*/\nullx" b="/*/\null"; printf "%s\n" $a $b
dash currently prints
/*/\nullx
/*/\null
bash prints
/*/\nullx
/dev/null
You may argue the bash behaviour is inconsistent but it actually
makes sense. What happens is that quote removal only applies to
the original token as seen by the shell. It is never applied to
the result of parameter expansion.
Now you may ask why on earth does the second line say "/dev/null"
instead of "/dev/\null". Well that's because it is not the quote
removal step that removed the backslash, but the pathname expansion.
The fact that the /de\v does not become /dev even though it exists
is just the result of the optimisation to avoid unnecessarily
calling stat(2). I have checked POSIX and I don't see anything
that forbids this behaviour.
So going back to dash yes I think we should adopt the bash behaviour
for pathname expansion and keep the existing case semantics.
This patch does exactly that. Note that this patch does not work
unless you have already applied
https://patchwork.kernel.org/patch/10306507/
because otherwise the optimisation mentioned above does not get
detected correctly and we will end up doing quote removal twice.
This patch also updates expmeta to handle naked backslashes at
the end of the pattern which is now possible.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
|
I've attached a patch which adds the subdir-objects option to AM_INIT_AUTOMAKE.
For a while now when I've compiled dash I received a warning from
automake that there are source files in a subdirectory but that the
subdir-objects automake option was not supplied. I've just been adding
it myself, but I finally got around to submitting a patch. The code
still compiles for now (i'm using automake 1.15.1), but warning text
is rarely nice to see and, if the warning text is to be believed, then
the warning will eventually become an error.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
|
When evalcommand invokes a command that modifies parsefile and
then bails out without popping the file, we need to ensure the
input file is restored so that the shell can continue to execute.
Reported-by: Martijn Dekker <martijn@inlv.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
|
Currently dash does not reap dead children after built-in commands
or functions. This means that if you construct a loop consisting
of solely built-in commands and functions, then zombies can hang
around indefinitely.
This patch fixes this by reaping when necessary after each built-in
command and function.
Reported-by: Denys Vlasenko <vda.linux@googlemail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
|
The noclobber code has a typo in it that causes it to fail. This
patch fixes it.
Reported-by: Denys Vlasenko <vda.linux@googlemail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
|
It's been a while since we disabled glob(3) support by default.
It appears to be working now, however, we have to change our
code to detect the no-match case correctly.
In particular, we need to test for GLOB_NOMAGIC | GLOB_NOCHECK
instead of GLOB_MAGCHAR.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
|
The native version of expandmeta allocates a buffer that may be
overrun for two reasons. First of all the size is 1 byte too small
but this is normally hidden because the minimum size is rounded
up to 2048 bytes. Secondly, if the directory level is deep enough,
any buffer can be overrun.
This patch fixes both problems by calling realloc when necessary.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
|
Currently echocmd uses print_escape_str to do everything apart
from printing the spaces/newlines separating its arguments. This
patch moves the actual printing into print_escape_str as well
using the format parameter.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
|
The commit d6c0e1e2ffbf7913ab69d51cc794d48d41c8fcb1 ("[BUILTIN]
Handle embedded NULs correctly in printf") caused a performance
regression in the echo built-in because every echo call now goes
through the printf %b slow path where the string is always printed
twice to ensure the space padding is correct in the presence of
NUL characters. In fact this regression applies to printf %b as
well.
This is easily fixed by making printf %b take the fast path when
no precision/field width modifiers are present.
This patch also changes the second strchurnul call to strspn which
generates slightly better code.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
|
Harald van Dijk <harald@gigawatt.nl> wrote:
> On 22/03/2018 22:38, Martijn Dekker wrote:
>> Op 22-03-18 om 20:28 schreef Harald van Dijk:
>>> On 22/03/2018 03:40, Martijn Dekker wrote:
>>>> This patch fixes the bug that, given no positional parameters, unquoted
>>>> $@ and $* incorrectly generate one empty field (they should generate no
>>>> fields). Apparently that was a side effect of the above.
>>>
>>> This seems weird though. If you want to remove the recording of empty
>>> regions because they are pointless, then how does removing them fix a
>>> bug? Doesn't this show that empty regions do have an effect? Perhaps
>>> they're not supposed to have any effect, perhaps it's a specific
>>> combination of empty regions and something else that triggers some bug,
>>> and perhaps that combination can no longer occur with your patch.
>>
>> The latter is my guess, but I haven't had time to investigate it.
>
> Looking into it again:
>
> When IFS is set to an empty string, sepc is set to '\0' in varvalue().
> This then causes *quotedp to be set to true, meaning evalvar()'s quoted
> variable is turned on. quoted is then passed to recordregion() as the
> nulonly parameter.
>
> ifsp->nulonly has a bigger effect than merely selecting whether to use
> $IFS or whether to only split on null bytes: in ifsbreakup(), nulonly
> also causes string termination to be suppressed. That's correct: that
> special treatment is required to preserve empty fields in "$@"
> expansion. But it should *only* be used when $@ is quoted: ifsbreakup()
> takes nulonly from the last IFS region, even if it's empty, so having an
> additional zero-length region with nulonly enabled causes confusion.
>
> Passing quoted by value to varvalue() and not attempting to modify it
> should therefore, and in my quick testing does, also work to fix the
> original $@ bug.
You're right. The proper fix to this is to ensure that nulonly
is not set in varvalue for $*. It should only be set for $@ when
it's inside double quotes.
In fact there is another bug while we're playing with $@/$*.
When IFS is set to a non-whitespace character such as :, $*
outside quotes won't remove empty fields as it should.
This patch fixes both problems.
Reported-by: Martijn Dekker <martijn@inlv.org>
Suggested-by: Harald van Dijk <harald@gigawatt.nl>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
|
On Fri, Mar 16, 2018 at 11:27:22AM +0800, Herbert Xu wrote:
> On Thu, Mar 15, 2018 at 10:49:15PM +0100, Harald van Dijk wrote:
> >
> > Okay, it can be trivially modified to something that does work in other
> > shells (even if it were actually executed), but gets rejected at parse time
> > by dash:
> >
> > if false; then
> > : ${$+
> > }
> > fi
>
> That's just a bug in dash's parser with ${} in general, because
> it bombs out without the if clause too:
>
> : ${$+
> }
This patch fixes the parsing of newlines with parameter substitution.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
|
On Sun, Mar 04, 2018 at 12:44:59PM +0100, Harald van Dijk wrote:
>
> command: set -- a ""; space=" "; printf "<%s>" "$@"$space
> bash: <a><>
> dash 0.5.8: <a>< >
> dash 0.5.9.1: <a>< >
> dash patched: <a><>
This is actually composed of two bugs. First of all our tracking
of quotemark is wrong so anything after "$@" becomes quoted. Once
we fix that then the problem is that the first space character
after "$@" is not recognised as an IFS.
This patch fixes both.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
|
This reverts commit 7bb413255368e94395237d789f522891093c5774.
The commit breaks printf with more than argument.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|