aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2020-01-13Bump versionv1.2.2Jason A. Donenfeld1-1/+1
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-01-13git: update to v2.25.0Christian Hesse3-2/+2
Update to git version v2.25.0. Upstream renamed 'init_display_notes()' to 'load_display_notes()' in commit 1e6ed5441a61b5085978e0429691e2e2425f6846 ("notes: rename to load_display_notes()"). Signed-off-by: Christian Hesse <mail@eworm.de>
2019-12-11tests: skip tests if strace is not functionalChristian Hesse1-0/+6
Chances are that strace is available but not functional due to restricted permissions: strace: test_ptrace_get_syscall_info: PTRACE_TRACEME: Operation not permitted strace: ptrace(PTRACE_TRACEME, ...): Operation not permitted +++ exited with 1 +++ Just skip the tests then. Signed-off-by: Christian Hesse <mail@eworm.de>
2019-12-10git: update to v2.24.1Christian Hesse2-1/+1
Update to git version v2.24.1. No changes required. Signed-off-by: Christian Hesse <mail@eworm.de>
2019-11-22ui-repolist: do not return unsigned (negative) valueChristian Hesse1-1/+1
The function read_agefile() returns time_t, which is a signed datatime. We should not return unsigned (negative) value here. Reported-by: Johannes Stezenbach <js@linuxtv.org> Signed-off-by: Christian Hesse <mail@eworm.de>
2019-11-08git: update to v2.24.0Christian Hesse3-2/+2
Update to git version v2.24.0. Never use get_cached_commit_buffer() directly, use repo_get_commit_buffer() instead. The latter calls the former anyway. This fixes segmentation fault when commit-graph is enabled and get_cached_commit_buffer() does not return the expected result. Signed-off-by: Christian Hesse <mail@eworm.de>
2019-10-25git: update to v2.23.0Christian Hesse2-1/+1
Update to git version v2.23.0. No changes required. Signed-off-by: Christian Hesse <mail@eworm.de>
2019-10-25git: update to v2.22.0Christian Hesse3-7/+12
Update to git version v2.22.0. Upstream commit bce9db6d ("trace2: use system/global config for default trace2 settings") caused a regression. We have to unset HOME and XDG_CONFIG_HOME before early loading of config from trace2 code kicks in. Signed-off-by: Christian Hesse <mail@eworm.de>
2019-06-25ui-tree: allow per repository override for enable-blameChristian Hesse6-3/+13
The blame operation can cause high cost in terms of CPU load for huge repositories. Let's add a per repository override for enable-blame. Signed-off-by: Christian Hesse <mail@eworm.de>
2019-06-05tests: successfully validate rc versionsChristian Hesse1-1/+1
For testing versions the version string differs for git tag (v2.22.0-rc3) and tarball file name (2.22.0.rc3). Let's fix validation for testing versions. Signed-off-by: Christian Hesse <mail@eworm.de>
2019-06-05git: update to v2.21.0Christian Hesse9-15/+21
Update to git version v2.21.0. Required changes follow upstream commits: * 6a7895fd8a3bd409f2b71ffc355d5142172cc2a0 (commit: prepare free_commit_buffer and release_commit_memory for any repo) * e092073d643b17c82d72cf692fbfaea9c9796f11 (tree.c: make read_tree*() take 'struct repository *') Signed-off-by: Christian Hesse <mail@eworm.de> Reviewed-by: John Keeping <john@keeping.me.uk>
2019-06-05ui-ssdiff: ban strncat()Christian Hesse1-3/+5
Git version v2.21.0 marks strncat() as banned (commit ace5707a803eda0f1dde3d776dc3729d3bc7759a), so replace it. Signed-off-by: Christian Hesse <mail@eworm.de>
2019-06-05global: make 'char *path' const where possibleChristian Hesse9-10/+10
Signed-off-by: Christian Hesse <mail@eworm.de>
2019-05-20ui-shared: restrict to 15 levelsJason A. Donenfeld1-1/+3
Perhaps a more ideal version of this would be to not print breadcrumbs at all for paths that don't exist in the given repo at the given oid. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Reported-by: Fydor Wire Snark <wsnark@tuta.io>
2019-02-23ui-diff,ui-tag: don't use htmlf with non-formatted stringsChris Mayo2-3/+3
Signed-off-by: Chris Mayo <aklhfex@gmail.com>
2019-02-23ui-ssdiff: resolve HTML5 validation errorsChris Mayo1-4/+6
- Remove ids from anchor elements. They were unusable because they were duplicated between files and versions of files. - Always close span, with html(). - Fix missing / on closing tr element in cgit_ssdiff_header_end(). Signed-off-by: Chris Mayo <aklhfex@gmail.com>
2019-01-03filters: migrate from luacrypto to luaosslJason A. Donenfeld5-44/+83
luaossl has no upstream anymore and doesn't support OpenSSL 1.1, whereas luaossl is quite active. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-01-02ui-shared: fix broken sizeof in title setting and rewriteJason A. Donenfeld1-26/+8
The old algorithm was totally incorrect. While we're at it, use « instead of \, since it makes more sense. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-09git: update to v2.20.0Christian Hesse4-2/+3
Update to git version v2.20.0. Required changes follow upstream commits: * 00436bf1b1c2a8fe6cf5d2c2457d419d683042f4 (archive: initialize archivers earlier) * 611e42a5980a3a9f8bb3b1b49c1abde63c7a191e (xdiff: provide a separate emit callback for hunks) Signed-off-by: Christian Hesse <mail@eworm.de>
2018-11-25ui-blame: set repo for sbJason A. Donenfeld1-0/+1
Otherwise recent git complains and crashes with: "BUG: blame.c:1787: repo is NULL". Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-11-25auth-filter: pass url with query string attachedJason A. Donenfeld3-3/+37
Otherwise redirections come out wrong. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-11-21git: use xz compressed archive for downloadChristian Hesse1-2/+2
Upstream will stop providing gz compressed source tarballs [0], so stop using them. [0] https://lists.zx2c4.com/pipermail/cgit/2018-November/004254.html Signed-off-by: Christian Hesse <mail@eworm.de>
2018-10-12git: update to v2.19.1Christian Hesse15-22/+23
Update to git version v2.19.1. Required changes follow upstream commits: * commit: add repository argument to get_cached_commit_buffer (3ce85f7e5a41116145179f0fae2ce6d86558d099) * commit: add repository argument to lookup_commit_reference (2122f6754c93be8f02bfb5704ed96c88fc9837a8) * object: add repository argument to parse_object (109cd76dd3467bd05f8d2145b857006649741d5c) * tag: add repository argument to deref_tag (a74093da5ed601a09fa158e5ba6f6f14c1142a3e) * tag: add repository argument to lookup_tag (ce71efb713f97f476a2d2ab541a0c73f684a5db3) * tree: add repository argument to lookup_tree (f86bcc7b2ce6cad68ba1a48a528e380c6126705e) * archive.c: avoid access to the_index (b612ee202a48f129f81f8f6a5af6cf71d1a9caef) * for_each_*_object: move declarations to object-store.h (0889aae1cd18c1804ba01c1a4229e516dfb9fe9b) Signed-off-by: Christian Hesse <mail@eworm.de>
2018-09-11ui-ssdiff: ban strcat()Christian Hesse1-2/+4
Git upstream bans strcat() with commit: banned.h: mark strcat() as banned 1b11b64b815db62f93a04242e4aed5687a448748 Signed-off-by: Christian Hesse <mail@eworm.de>
2018-09-11ui-ssdiff: ban strncpy()Christian Hesse1-2/+1
Git upstream bans strncpy() with commit: banned.h: mark strncpy() as banned e488b7aba743d23b830d239dcc33d9ca0745a9ad Signed-off-by: Christian Hesse <mail@eworm.de>
2018-09-11ui-shared: ban strcat()Christian Hesse1-4/+8
Git upstream bans strcat() with commit: banned.h: mark strcat() as banned 1b11b64b815db62f93a04242e4aed5687a448748 To avoid compiler warnings from gcc 8.1.x we get the hard way. Signed-off-by: Christian Hesse <mail@eworm.de>
2018-09-11ui-patch: ban sprintf()Christian Hesse1-2/+5
Git upstream bans sprintf() with commit: banned.h: mark sprintf() as banned cc8fdaee1eeaf05d8dd55ff11f111b815f673c58 Signed-off-by: Christian Hesse <mail@eworm.de>
2018-09-11ui-log: ban strncpy()Christian Hesse1-1/+1
Git upstream bans strncpy() with commit: banned.h: mark strncpy() as banned e488b7aba743d23b830d239dcc33d9ca0745a9ad Signed-off-by: Christian Hesse <mail@eworm.de>
2018-09-11ui-log: ban strcpy()Christian Hesse1-1/+1
Git upstream bans strcpy() with commit: automatically ban strcpy() c8af66ab8ad7cd78557f0f9f5ef6a52fd46ee6dd Signed-off-by: Christian Hesse <mail@eworm.de>
2018-09-11parsing: ban sprintf()Christian Hesse1-1/+1
Git upstream bans sprintf() with commit: banned.h: mark sprintf() as banned cc8fdaee1eeaf05d8dd55ff11f111b815f673c58 Signed-off-by: Christian Hesse <mail@eworm.de>
2018-09-11parsing: ban strncpy()Christian Hesse1-2/+1
Git upstream bans strncpy() with commit: banned.h: mark strncpy() as banned e488b7aba743d23b830d239dcc33d9ca0745a9ad Signed-off-by: Christian Hesse <mail@eworm.de>
2018-08-28filters: generate anchor links from markdownChristian Hesse1-2/+15
This makes the markdown filter generate anchor links for headings. Signed-off-by: Christian Hesse <mail@eworm.de> Tested-by: jean-christophe manciot <actionmystique@gmail.com>
2018-08-03Bump version.v1.2.1Jason A. Donenfeld1-1/+1
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-08-03clone: fix directory traversalJason A. Donenfeld1-4/+19
This was introduced in the initial version of this code, way back when in 2008. $ curl http://127.0.0.1/cgit/repo/objects/?path=../../../../../../../../../etc/passwd root:x:0:0:root:/root:/bin/sh ... Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Reported-by: Jann Horn <jannh@google.com>
2018-08-03config: record repo.snapshot-prefix in the per-repo configKonstantin Ryabitsev1-0/+2
Even if we find snapshot-prefix in the repo configuration, we are not writing it out into the rc- file, so setting the value does not have any effect. Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-08-03auth-filters: add simple file-based authentication schemeJason A. Donenfeld1-0/+352
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-15auth-filters: use crypt() in simple-authenticationJason A. Donenfeld1-13/+6
There's no use in giving a silly example to folks who will just copy it, so instead try to do something slightly better. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-15auth-filters: generate secret securelyJason A. Donenfeld2-18/+85
This is much better than having the user generate it themselves. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-14auth-filters: do not crash on nil usernameJason A. Donenfeld1-1/+1
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-14auth-filter: do not write more than we've readJason A. Donenfeld1-2/+2
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-14auth-filters: do not use HMAC-SHA1Jason A. Donenfeld2-4/+4
Though SHA1 is broken, HMAC-SHA1 is still fine. But let's not push our luck; SHA256 is more sensible anyway. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-13Bump version.v1.2Jason A. Donenfeld1-1/+1
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-10Update COPYINGTodd Zullinger1-20/+19
The address of the Free Software Foundation has changed since the license was added in 7640d90 ("Add license file and copyright notices", 2006-12-10). Update the license file from gnu.org¹. The only non-whitespace changes are the updated FSF address and two references to the L in LGPL changed from Library to Lesser. ¹ https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt Signed-off-by: Todd Zullinger <tmz@pobox.com>
2018-07-08css: use correct size in annotated decorationJason A. Donenfeld1-0/+1
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-05cgitrc.5: add local tar signature exampleJason A. Donenfeld1-4/+15
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-04Fix gcc 8.1.1 compiler warningsJason A. Donenfeld3-15/+23
CC ../shared.o ../shared.c: In function ‘expand_macro’: ../shared.c:487:3: warning: ‘strncpy’ specified bound depends on the length of the source argument [-Wstringop-overflow=] strncpy(name, value, len); ^~~~~~~~~~~~~~~~~~~~~~~~~ ../shared.c:484:9: note: length computed here len = strlen(value); ^~~~~~~~~~~~~ ../ui-shared.c: In function ‘cgit_repobasename’: ../ui-shared.c:136:2: warning: ‘strncpy’ specified bound 1024 equals destination size [-Wstringop-truncation] strncpy(rvbuf, reponame, sizeof(rvbuf)); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CC ../ui-ssdiff.o ../ui-ssdiff.c: In function ‘replace_tabs’: ../ui-ssdiff.c:142:4: warning: ‘strncat’ output truncated copying between 1 and 8 bytes from a string of length 8 [-Wstringop-truncation] strncat(result, spaces, 8 - (strlen(result) % 8)); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-03cgitrc.5: document new signature notesJason A. Donenfeld1-1/+17
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-03snapshot: support tar signature for compressed tarChristian Hesse2-2/+10
This adds support for kernel.org style signatures where the uncompressed tar archive is signed and compressed later. The signature is valid for all tar* snapshots. We have a filter which snapshots may be generated and downloaded. This has to allow tar signatures now even if tar itself is not allowed. To simplify things we allow all signatures. Signed-off-by: Christian Hesse <mail@eworm.de>
2018-07-03extra-head-content: introduce another option for meta tagsJason A. Donenfeld5-0/+12
This is to support things like go-import meta tags, which are on a per-repo basis. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-06-27Use string list strdup_strings for mimetypesJohn Keeping1-2/+2
There's no need to do this manually with the string list API will do it for us. Signed-off-by: John Keeping <john@keeping.me.uk>