| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
| |
Instead of linking to the current page ("href='#'"), do not add a link
to a submodule entry at all if the module-link setting is not used.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Sparse complains about this table because we use the integer zero as the
NULL pointer. Use this as an opportunity to reformat the table so that
it always contains 8 elements per row, making it easier to see which
values are being set and which are not.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
| |
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
| |
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
|
| |
Sparse complains that we are using a plain integer as a NULL pointer
here, but in fact we do not have to specify a value for this variable at
all since it has static storage duration and thus will be initialized to
NULL by the compiler.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
| |
These definitions should not be modified (and never are) so we can move
them to .rodata.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
| |
This is not used outside this file and is not declared.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
| |
These are not used outside this file and are not declared; they are also
never modified.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
| |
These are not used outside this file and are not declared.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
| |
These are not used outside this file and are not declared.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
| |
These are not used outside this file and are not declared.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
| |
Bitfields are only defined for unsigned types.
Detected by sparse.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
| |
Sparse says things like:
warning: non-ANSI function declaration of function 'calc_ttl'
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
| |
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
| |
Update to git version v2.3.2, no changes required.
Signed-off-by: Christian Hesse <mail@eworm.de>
|
| | |
|
| |
|
|
|
|
|
|
|
| |
In commit 936295c (Simplify commit and tag parsing, 2015-03-03), the
commit and tag parsing code was refactored. This broke tag messages in
ui-tag since the line after the tagger header was erroneously skipped.
Rework parse_user() and skip the line manually outside parse_user().
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
| |
Fixes a regression introduced in commit 936295c (Simplify commit and tag
parsing, 2015-03-03).
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If CGit is killed while it holds a lock on a cache slot (for example
because it is taking too long to generate a page), the lock file will be
left in place. This prevents any future attempt to use the same slot
since it will fail to exclusively create the lock file.
Since CGit is the only program that should be manipulating lock files,
we can use advisory locking to detect whether another process is
actually using the lock file or if it is now stale.
I have confirmed that this works on Linux by setting a short TTL in a
custom cgitrc and running the following with CGit patched to print a
message to stderr if the fcntl(2) fails:
$ export CGIT_CONFIG=$PWD/cgitrc
$ export QUERY_STRING=url=cgit/tree/ui-shared.c
$ ./cgit |
grep -v -e '^<div class=.footer.>' \
-e '^Last-Modified: ' \
-e ^'Expires: ' >expect
$ seq 50000 | dd bs=8192 |
parallel -j200 "diff -u expect <(./cgit |
grep -v -e '^<div class=.footer.>' \
-e '^Last-Modified: ' \
-e ^'Expires: ') || echo BAD"
This printed the fail message several times without ever printing "BAD".
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
* Use skip_prefix to avoid magic numbers in the code.
* Use xcalloc() instead of xmalloc(), followed by manual initialization.
* Split out line splitting.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
| |
Update to git version v2.3.1, no changes required.
Signed-off-by: Christian Hesse <mail@eworm.de>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Ran optipng against cgit.png, which shrank file size by more than eight
percent. The image (including protocol overhead) should fit into a
single network packet now.
Optipng optimizes filters and compression. The actual pixel results are
not altered.
Signed-off-by: Christian Hesse <mail@eworm.de>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The starts_with() check was broken in two ways: For one thing, the
parameters were passed in the wrong order, for another thing,
starts_with() returns 1 if the string starts with the prefix (not 0).
Note that this bug existed since commit 02a545e (Add support for cloning
over http, 2008-08-06) but only pops in in corner cases.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
|
|
| |
* sort_string_list(): rename to string_list_sort() (upstream commit
3383e199)
* update read_tree_recursive callback to pass strbuf as base (upstream
commit 6a0b0b6d)
Signed-off-by: Christian Hesse <mail@eworm.de>
|
| |
|
|
|
|
| |
Make use of strbuf_split_str() and strbuf lists to split clone URLs.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
|
| |
These options can be used to hide a repository from the index or
completely ignore a repository, respectively. They are particularly
useful when used in combination with scan-path.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When clicking on "log" from a tag we end up showing the log of whatever
branch we used to reach the tag. If the tag doesn't point onto a branch
then the tagged commit won't appear in this output.
By linking to tags with the head parameter instead of the "id" parameter
the log link will show the log of the tag. This is clearly desirable
when the tag has been reached from the refs UI and changing the
behaviour for tag decorations makes them match branch decorations where
log -> decoration -> log shows the log of the decoration.
Reported-by: Ferry Huberts <mailings@hupie.com>
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
|
|
|
| |
Currently, when a user directly accesses the info command of a
repository, we exit cgit without printing anything to stdout, bringing
up error messages like "502 Bad Gateway" or "An error occurred while
reading CGI reply (no response received)". Instead of bailing out, at
least print the HTTP headers, including a reasonable error message.
Reported-by: Janus Troelsen
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
| |
Update to git version v2.2.2, no changes required.
Signed-off-by: Christian Hesse <mail@eworm.de>
|
| |
|
|
|
|
|
|
|
| |
Seeing the diff stat for a single file is pretty useless, so reset the
diff type before generating the links to individual files in the diff
stat so that the links will show a useful diff.
Reported-by: Konstantin Ryabitsev <mricon@kernel.org>
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Using (DIFF_FORMAT_DIFFSTAT | DIFF_FORMAT_PATCH) causes Git to emit a
"---" line between the commit message and the body of the patch, which
fixes a regression introduced in commit 455b598 (ui-patch.c: Use
log_tree_commit() to generate diffs, 2013-08-20), prior to which we
inserted the "---" line ourselves.
DIFF_FORMAT_SUMMARY is added so that we match the output of
git-format-patch(1) without the "-p" option.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
| |
* &&-chaining
* use test_cmp instead of cmp
* use strip_headers instead of knowing how many lines there will be
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
| |
This reverts commit a87c9d8a9779eab0499efd3c44e090a28c7d1cdf.
We want to make OpenBSD people happy.
|
| |
|
|
|
|
|
|
| |
Use Git's built-in ident line splitting algorithm instead of
reimplementing it. This does not only simplify the code but also makes
sure that cgit is consistent with Git when it comes to author parsing.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
| |
The footer has always been overrideable using the footer= in cgitrc, so
this won't anger anybody who cares about their footer.
|
| |
|
|
| |
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| | |
|
| | |
|
| |
|
|
|
|
| |
This allows custom links to be used for repository owners by
configuring a filter to be applied in the "Owner" column in the
repository list.
|
| |
|
|
|
|
| |
As described at https://joeyh.name/rfc/rel-vcs/.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
| |
This is described in the rel-vcs microformat[1].
[1] https://joeyh.name/rfc/rel-vcs/
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
| |
This will allow us to reuse the same logic to add clone URL <link/>
elements to the header of all repo-specific pages in order to support
the rel-vcs microformat.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
| |
When removing the ".git" suffix of a non-bare repository, also remove
the trailing slash for compatibility with cgit_repobasename().
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
| |
Update to git version v2.2.1, including API changes.
Signed-off-by: Christian Hesse <mail@eworm.de>
|
| |
|
|
|
|
| |
Serving cgit via https and getting avatar via http gives error messages
about untrusted content. This decides whether or not to use https link
by looking at the environment variable HTTPS, which is set in CGI.
|
| |
|
|
|
|
|
|
|
|
|
| |
This prints the diffstat but stops before printing (or generating) any
of the body of the diff.
No cgitrc option is added here so that we can wait to see how useful
this is before letting people set it as the default.
Suggested-by: Konstantin Ryabitsev <mricon@kernel.org>
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
|
|
|
| |
This will allow us to introduce a new "stat only" diff mode without
needing an explosion of mutually incompatible flags.
The old "ss" query parameter is still accepted in order to avoid
breaking saved links, but we no longer generate any URIs using it;
instead the new "dt" (diff type) parameter is used.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
| |
This argument is never used with a value other than zero, so remove it
and simplify the code.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
| |
This argument is never used with a value other than zero, so remove it
and simplify the code.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
| |
No CGit changes required.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Specifying a nonexistent README file via the readme option is sometimes
useful, e.g. when using scan-path and setting a global default.
Currently, we check whether there is only one option in the readme
option and, if so, we choose that file without checking whether it
exists. As a consequence, all repositories are equipped with an about
link in the aforementioned scenario, even if there is no about file.
Remove the early check for the number of keys and always check whether
the file exists instead.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| | |
|
| |
|
|
|
|
| |
We do this everywhere else, so we should be doing it here as well.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
|
|
| |
This is slightly more involved than just bumping the version number
because it pulls in a change to convert the commit buffer to a slab,
removing the "buffer" field from "struct commit". All sites that access
"commit->buffer" have been changed to use the new functions provided for
this purpose.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
| |
This will be required in order to incorporate the changes to commit
buffer handling in Git 2.0.2.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| | |
|
| | |
|
| |
|
|
|
| |
Everything works just bumping the version in Makefile and commit hash in
submodule. No code changes required.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It looks like cached patches are truncated to the nearest 1024-byte
boundary in the patch body. E.g.:
> mricon@nikko:[/tmp]$ wget -O no-cache
> "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/patch/?id=6e1b4fdad5157bb9e88777d525704aba24389bee"
...
> 2014-06-11 15:34:51 (80.4 MB/s) - ‘no-cache’ saved [4767]
Patch is complete, without truncation. Next hit, with cache in place:
> mricon@nikko:[/tmp]$ wget -O yes-cache
> "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/patch/?id=6e1b4
> fdad5157bb9e88777d525704aba24389bee"
...
> 2014-06-11 15:35:01 (17.0 MB/s) - ‘yes-cache’ saved [4096/4096]
Length truncated to 4096. The cache on disk looks truncated as well, so
the bug must me during the process of saving cache. The same is true for
larger patches:
> mricon@nikko:[/tmp]$ wget -O no-cache
> "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/patch/?id=2840c566e95599cd60c7143762ca8b49d9395050"
...
> 2014-06-11 15:41:33 (1.07 MB/s) - ‘no-cache’ saved [979644]
979644 bytes with a cache-miss
> mricon@nikko:[/tmp]$ wget -O yes-cache
> "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/patch/?id=2840c
> 566e95599cd60c7143762ca8b49d9395050"
...
> 2014-06-11 15:41:46 (1.05 MB/s) - ‘yes-cache’ saved [978944]
978944 (956KB exactly) with a cache-hit
Since the "html" functions use raw write(2) to STDIO_FILENO, we don't
notice problems with most pages, but raw patches write using printf(3).
This is fine if we're outputting straight to stdout since the buffers
are flushed on exit, but we close the cache output before this, so the
cached output ends up being truncated.
Make sure the buffers are flushed when we finish outputting a patch so
that we avoid this.
No other UIs use printf(3) so we do not need to worry about them.
Actually, it's slightly more interesting than this... since we don't set
GIT_FLUSH, Git decides whether or not it will flush stdout after writing
each commit based on whether or not stdout points to a regular file (in
maybe_flush_or_die()).
Which means that when writing directly to the webserver, Git flushes
stdout for us, but when we redirect stdout to the cache it points to a
regular file so Git no longer flushes the output for us.
The patch is still correct, but perhaps the full explanation is
interesting!
Reported-by: Konstantin Ryabitsev <mricon@kernel.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If you search for a bogus range string here:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/
Using something like "range" and "qwerty123456", it returns an "Internal
Server Error" and the following in the logs:
> [Tue Jun 10 17:45:32 2014] [error] [client 172.21.1.6] fatal:
> ambiguous argument 'qwerty123456': unknown revision or path not in the
> working tree., referer:
> http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/
> [Tue Jun 10 17:45:32 2014] [error] [client 172.21.1.6] Use '--' to
> separate paths from revisions, like this:, referer:
> http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/
> [Tue Jun 10 17:45:32 2014] [error] [client 172.21.1.6] 'git <command>
> [<revision>...] -- [<file>...]', referer:
> http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/
> [Tue Jun 10 17:45:32 2014] [error] [client 172.21.1.6] Premature end
> of script headers: cgit, referer:
> http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/
The cache will kick in, so if you search for the same string again,
it'll show an empty range, so you have to change the bogus strings each
time.
This is because we just pass the arguments straight to Git's revision
parsing machinery which die()s if it cannot parse an argument, printing
the above to stderr and exiting.
The patch below makes it a bit friendlier by just ignoring unhandled
arguments, but I can't see an easy way to report errors when we can't
parse revision arguments without losing the flexibility of supporting
all of the revision specifiers supported by Git.
Reported-by: Konstantin Ryabitsev <mricon@kernel.org>
|
| |
|
|
|
|
|
| |
prefixcmp() and suffixcmp() have been remove, functionality is now
provided by starts_with() and ends_with(). Retrurn values have been
changed, so instead of just renaming we have to fix logic.
Everything else looks just fine.
|
| | |
|
| |
|
|
|
| |
Everything works just bumping the version in Makefile and commit hash in
submodule. No code changes required.
|
| |
|
|
|
|
|
|
|
| |
For example, if I have two repos (remove-suffix is enabled):
/foo
/foo/bar
http://cgit/foo/bar/ is interpreted as "repository 'foo', command 'bar'"
instead of "repository 'foo/bar'"
|
| | |
|
| |
|
|
|
| |
Everything works just bumping the version in Makefile and commit hash
in submodule. No code changes required.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The check in parse_user that eventually makes it into committer_date and
tagger_date is:
else if (mode == 3 && isdigit(*p)) {
*date = atol(p);
mode++;
}
Since isdigit('-') is always false, date will never be negative. Thus
the sign of this function:
static int cmp_age(int age1, int age2)
{
if (age1 != 0 && age2 != 0)
return age2 - age1;
if (age1 == 0 && age2 == 0)
return 0;
if (age1 == 0)
return +1;
return -1;
}
Will always be the same as the sign of this function:
static inline int cmp_age(int age1, int age2)
{
return age2 - age1;
}
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Idea-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| | |
|
| |
|
|
|
|
| |
I have a number of repositories that start tagging with just '1' and
count up. Actually references with sting length of one are skipped, this
patch changes that.
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
| |
If time-to-live is set to zero, we don't need to regenerate the cache
slots on every request. Instead, just skip the caching process and
immediately provide the dynamically generated version of the page.
Setting time-to-live to zero is useful when you want to disable caching
for certain pages.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
| |
No code changes required, just bump the submodule and Makefile versions.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This can be used to specify the TTL for snapshots. Snapshots are usually
static and do not ever change. On the other hand, tarball generation is
CPU intensive.
One use case of this setting (apart from increasing the lifetime of
snapshot cache slots) is caching of snapshots while disabling the cache
for static/dynamic HTML pages (by setting TTL to zero for everything
except for snapshot requests).
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
|
|
|
|
| |
Right now if you visit:
<http://git.zx2c4.com/systemd/diff/src/udev/udev-builtin-input_id.c?id=bcfce235>
you'll see that if you reload the page a few times, a bunch of times the
diffstat comes out with no lines being shown or changed. I'm not
currently sure what the cause of this is, but I suspect it might have to
do with this uninitialized data.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
| |
Some people may clone the cgit repository and compile within a sandbox
or on another machine where git is not necessarily installed. When it
happens, cgit is getting compiled with an empty version number.
This commit fixes this.
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
| |
This breaks compat with the previous LUA_IMPLEMENTATION but gives more
flexibility in that user can specify the pkg-config package name
directly.
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
| |
We need this to do runtime tests for make test.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
sendfile() does the same job and avoids to copy the content into userland
and back. One has to define NO_SENDFILE in case the OS (kernel / libc)
does not supported. It is disabled by default on non-linux environemnts.
According to the glibc, sendfile64() was added in Linux 2.4 (so it has
been there for a while) but after browsing over the mapage of FreeBSD's I
noticed that the prototype is little different.
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
| |
Do to timestamp differences, sometimes cgit would should "-0 min", which
doesn't make any sense.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
| |
There were no objections (at the time of committing this):
http://lists.zx2c4.com/pipermail/cgit/2013-May/001393.html
http://lists.zx2c4.com/pipermail/cgit/2014-January/001904.html
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Drop the context parameter from the following functions (and all static
helpers used by them) and use the global context instead:
* cgit_print_http_headers()
* cgit_print_docstart()
* cgit_print_pageheader()
Remove context parameter from all commands
Drop the context parameter from the following functions (and all static
helpers used by them) and use the global context instead:
* cgit_get_cmd()
* All cgit command functions.
* cgit_clone_info()
* cgit_clone_objects()
* cgit_clone_head()
* cgit_print_plain()
* cgit_show_stats()
In initialization routines, use the global context variable instead of
passing a pointer around locally.
Remove callback data parameter for cache slots
This is no longer needed since the context is always read from the
global context variable.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
| |
This way we're sure to use virtual root, or any other strangeness
encountered.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
| |
By default, strings are compared by hash, so we can remove this comment.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
| |
This also gives us some CSRF protection. Note that we make use of the
hmac to protect the redirect value.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This leverages the new lua support. See
filters/simple-authentication.lua for explaination of how this works.
There is also additional documentation in cgitrc.5.txt.
Though this is a cookie-based approach, cgit's caching mechanism is
preserved for authenticated pages.
Very plugable and extendable depending on user needs.
The sample script uses an HMAC-SHA1 based cookie to store the
currently logged in user, with an expiration date.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
| |
* Rename the capitalize-* filters to dump.* since they also dump the
arguments.
* Add full argument validation to the email filters.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
|
| |
This did not really break anything in the past since spaces are ignored
when rendering HTML. Remove the preceding space anyway to prevent from
potential future problems.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
| |
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Validate the email filter by manipulating stdin. Additional checks for
all the arguments can be added in a later patch.
* Add the exec prefix to all informational messages.
* Rename the filter repository to filter-exec. The Git repository itself
is not renamed since it can be shared amongst all filter types.
* In the filter checks, check whether all arguments are passed properly
instead of validating the buffer/stdin only.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
| |
an attribute value specification must be an attribute value literal
unless SHORTTAG YES is specified
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
| |
Filters can now indicate a status back to cgit by means of the exit code
for exec, or the return value from close for Lua.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
| |
This adds basic tests for all types of exec filters.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
| |
* make ampersand a html entity
* add required alt attribute
* add required img end tag
|
| | |
|
| | |
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
| |
Mention that the snapshot setting only specifies the formats that links
are generated for and not the set of formats that are accessible via
HTTP.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We favor LuaJIT over Lua. We disable Lua if neither can be found. We
error out if a particular Lua is specified via LUA_IMPLEMENTATION=JIT or
LUA_IMPLEMENTATION=VANILLA, but cannot be found. We print a status
message depending on what happens.
Also, we do not link against libdl on the BSDs, since they include it as
part of libc.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
| |
Since the email filter is called from lots of places, the script might
benefit from knowing the origin. That way it can modify its contents
and/or size depending.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
| |
The lua one is hugely faster than the python one, but both are included
for comparison.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
| |
So that we don't have to include the if(filter) open_filter(filter)
block everywhere, we introduce the guard in the function itself. This
should simplify quite a bit of code.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Filters can now call hook_write and unhook_write if they want to
redirect writing to stdout to a different function. This saves us from
potential file descriptor pipes and other less efficient mechanisms.
We do this instead of replacing the call in html_raw because some places
stdlib's printf functions are used (ui-patch or within git itself),
which has its own internal buffering, which makes it difficult to
interlace our function calls. So, we dlsym libc's write and then
override it in the link stage.
While we're at it, we move considerations of argument count into the
generic new filter handler.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
At some point, we're going to want to do lazy deallocation of filters.
For example, if we implement lua, we'll want to load the lua runtime
once for each filter, even if that filter is called many times.
Similarly, for persistent exec filters, we'll want to load it once,
despite many open_filter and close_filter calls, and only reap the child
process at the end of the cgit process. For this reason, we add here a
cleanup function that is called at the end of cgit's main().
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
| |
This allows different filter implementations to be specified in the
configuration file. Currently only "exec" is supported, but it may now
be specified either with or without the "exec:" prefix.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Change the existing cgit_{open,close,fprintf}_filter functions to
delegate to filter-specific implementations accessed via function
pointers on the cgit_filter object.
We treat the "exec" filter type slightly specially here by putting its
structure definition in the header file and providing an "init" function
to set up the function pointers. This is required so that the
ui-snapshot.c code that applies a compression filter can continue to use
the filter interface to do so.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
| |
This stops the code in cgit.c::print_repo needing to inspect the
cgit_filter structure, meaning that we can abstract out different filter
types that will have different fields that need to be printed.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Switched back to python2 according to a problem in pygments with python3.
With the next release of pygments this problem should be fixed.
Issue see here:
https://bitbucket.org/birkenfeld/pygments-main/issue/901/problems-with-python3
- Just read the stdin, decode it to utf-8 and ignore unknown signs. This ensures
that even destroyed files do not cause any errors in the filter.
- Improved language guessing:
-> At first use guess_lexer_for_filename for a better detection of the used
programming languages (even mixed cases will be detected, e.g. php + html).
-> If nothing was found look if there is a shebang and use guess_lexer.
-> As default/fallback choose TextLexer.
Signed-off-by: Stefan Tatschner <stefan@sevenbyte.org>
|
| |
|
|
|
|
|
|
|
| |
This allows running the entire test suite with a set of command-line
options. For example:
make test CGIT_TEST_OPTS=--valgrind
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
| |
This is for consistency with other callers. The value returned from
cgit_rooturl is not guaranteed to be HTML-safe.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
| |
As far as I know, there is no requirement that $SCRIPT_NAME contain only
URL-safe characters, so we need to make sure that any special characters
are escaped.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
| |
Everywhere else we use html_txt to escape any special characters in
these variables. Do so here as well.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
|
| |
This avoids poking into the filter data structure at various points in
the code. We rely on the fact that the number of arguments is fixed
based on the filter type (set in cgit_new_filter) and that the call
sites all know which filter type they're using.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
|
| |
By switching the assignment of fields in the cgit_filter structure to
use designated initializers, the compiler will initialize all other
fields to their default value. This will be needed when we add the
extra_args field in the next patch.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
| |
This is never changed from STDOUT_FILENO, so just use that value
directly.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
| |
Now running tests with the "--valgrind" option will run cgit under
Valgrind instead of all Git commands.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Valgrind says:
==18344== Conditional jump or move depends on uninitialised value(s)
==18344== at 0x406C83: open_slot (cache.c:63)
==18344== by 0x407478: cache_ls (cache.c:403)
==18344== by 0x404C9A: process_request (cgit.c:639)
==18344== by 0x406BD2: fill_slot (cache.c:190)
==18344== by 0x4071A0: cache_process (cache.c:284)
==18344== by 0x404461: main (cgit.c:952)
==18344== Uninitialised value was created by a stack allocation
==18344== at 0x40738B: cache_ls (cache.c:375)
This is caused by the keylen field being used to calculate whether or
not a slot is matched. We never then check the value of this and the
length of data read depends on the key length read from the file so this
isn't dangerous, but it's nice to avoid branching based on uninitialized
data.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
| |
A first step for more interesting things.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
| |
It's only used in one place, and not useful to have around since
close_filter will die() if exit_status isn't what it expects, anyway. So
this is best as just a local variable instead of as part of the struct.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| | |
|
| |
|
|
|
|
|
|
|
| |
* Formatting and spelling fixes.
* A bit mask with the size of one byte only allows for storing 8 (not
255!) different flags.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
|
| |
When parsing command line arguments, no pair of command line options can
ever match simultaneously. Use "else if" blocks to reflect this. This
change improves both readability and speed.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
| |
Use suffixcmp() from Git instead of reimplementing it. This is a
preparation for moving to ends_with() in Git 1.8.6.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
| |
Use Git string lists instead of str{spn,cspn,ncmp}() magic. This
significantly improves readability.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since the introduction of selective snapshot format configuration in
dc3c9b5 (allow selective enabling of snapshots, 2007-07-21), we allowed
seven different delimiters for snapshot formats, while the documentation
has always been clear about spaces being the only valid delimiter:
The value is a space-separated list of zero or more of the values
"tar", "tar.gz", "tar.bz2", "tar.xz" and "zip".
Supporting the undocumented delimiters makes the code unnecessarily
complex. Remove them.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
| |
This is a preparation for replacing all prefix checks with either
strip_prefix() or starts_with() when Git 1.8.6 is released.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
|
|
| |
* Remove the dependency on Git (which can be obtained automatically when
building, using either the Git submodule or `make get-git`).
* Use proper upstream names of dependencies.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
|
|
| |
* Several small spelling and capitalization fixes.
* Use consistent and better-looking formatting that is compatible with
AsciiDoc (and partly compatible with RST).
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
| |
Previously the script tried to encode output from Pygments with
the ASCII codec, which failed.
Signed-off-by: Přemysl Janouch <p.janouch@gmail.com>
|
| |
|
|
|
|
|
| |
So that people wishing to use "enable-http-clone" don't have to find
out the correct settings on their own.
Signed-off-by: Přemysl Janouch <p.janouch@gmail.com>
|
| |
|
|
|
|
| |
"enable-git-clone" doesn't exist, replaced with "enable-http-clone".
Signed-off-by: Přemysl Janouch <p.janouch@gmail.com>
|
| |
|
|
|
|
| |
dash failed to parse the script.
Signed-off-by: Přemysl Janouch <p.janouch@gmail.com>
|
| |
|
|
| |
Signed-off-by: Přemysl Janouch <p.janouch@gmail.com>
|
| |
|
|
|
|
| |
v2: add highlight 3.13 as present on Fedora 19
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
|
| |
|
|
|
|
|
| |
Contains a list of contributors with more than 20 patches, to be updated
regularly.
Signed-off-by: Lukas Fleischer <cgit@crytocrack.de>
|
| |
|
|
|
|
|
|
|
| |
* Name "cgit Development Team" as copyright holder to avoid listing
every single developer.
* Update copyright ranges.
Signed-off-by: Lukas Fleischer <cgit@crytocrack.de>
|
| |
|
|
|
|
|
| |
Everything works just bumping the version in Makefile and commit hash
in submodule. No code changes required.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently line numbers look like (for blob view and sdiff respectively):
<a class='no' id='n68' name='n68' href='#n68'>68</a>
<td class='lineno'><a class='no' href='...#n1' id='n1' name='n1'>1</a></td>
name=".." is unnecessary if the id attribute is set (this even applies
to IE6), so drop it. (aside, in HTML5, the name attribute is gone.)
The line number links can be selected through their parent classes, no
need for another class "no", so drop it too.
For a file with 2000 lines, this yields a saving of 40% (29% gzipped).
While at it, fix the hover effect of line numbers: now the line number
get a black background as was intended.
Signed-off-by: Peter Wu <lekensteyn@gmail.com>
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When outputting the Content-Type HTTP header we print the MIME type and
then append "; charset=<charset>" if the charset variable is non-null.
We don't want a charset when we have selected "application/octet-stream"
or when the user has specified a custom MIME type, since they may have
specified their own charset. To avoid this, make sure we set the page's
charset to NULL in ui-plain before we generate the HTTP headers.
Signed-off-by: John Keeping <john@keeping.me.uk>
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
|
| |
* Use argv_array_pushf() for inserting formatted strings.
* Remove unneeded static strings.
* Replace "if" by "else if" for readability and speed.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
|
|
| |
Instead of using our own vector implementation, use argv_array from Git
which has been specifically designed for dynamic size argv arrays.
Drop vector.h and vector.c which are no longer needed.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
| |
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
| |
This is no longer needed since commit fb3655df (use struct strbuf
instead of static buffers, 2013-04-06).
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
|
| |
Remove filepair_cb_raw() and all related functions. These are no longer
needed. We now use Git's internal functions for raw diff formatting
everywhere.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
| |
Use Git's internal diff_tree_sha1() function for the /rawdiff/ command
instead of trying to recreate this functionality.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
| |
This adds some basic tests for the /rawdiff/ command.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
| |
Add tests to check whether generating multiple patches at once works.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
| |
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
| |
For consistency with git-format-patch(1).
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
| |
Add a missing space after the "--" marker that introduces the patch
signature.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
| |
Use `git rev-list --max-parents=0 HEAD` instead of `git rev-list HEAD |
tail -1` to get the root commit. This works since Git 1.7.4.2.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
| |
No code changes required, just bump the submodule and makefile versions.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
| |
Add max_parents = 1 to the revision walk in order to make sure we do not
include the footer signature twice for merge commits.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
| |
Rename parameters and local variables to match those from ui-diff. Also,
convert a "char *" to "const char *".
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
|
|
| |
This allows for specifying a revision range using the id2 parameter of
/patch/. The output that is produced is similar to
$ git format-patch --stdout id2..id
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
|
|
| |
Instead of using our own formatting, use log_tree_commit() from Git to
create patches. This removes unnecessary duplicate code and also fixes a
bug with e-mail address formatting that existed in our own
implementation.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
|
|
| |
Sync with what we do everywhere else and check the return value of
get_sha1() instead of calling sha1_object_info() to validate the object.
Note that we later call lookup_commit_reference(), which checks that
both SHA1 values refer to commits, anyway.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
|
|
| |
This can be used to generate raw diffs between arbitrary revisions using
something like
/rawdiff/?id=v0.9&id2=v0.9.1
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
| |
This adds a parameter to cgit_print_diff() to create raw diffs, using
the same format as `git diff <commit>`.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
|
|
|
|
| |
Move filepair_cb() from ui-patch.c to ui-shared.c and rename it to
filepair_cb_raw(). This callback will be used in ui-diff.c in a
follow-up patch.
Note that it is not straightforward to extract filepair_cb() from
ui-diff.c which is why it is not done here as well.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
When having found the first path separator occurrence at position i, we
invoked strchr() on the same position i in subsequent iterations
resulting in the same path separator being returned by strchr() over and
over again. Increase the position by one to skip the occurrence that has
just been found and advance to the next separator.
Reported-by: Konstantin Ryabitsev <mricon@kernel.org>
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
| |
Locally installed packages are usually installed to /usr/local.
Packagers can use `make prefix=/usr` to get back the old behavior.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
|
|
|
|
| |
Use struct strbuf from Git instead of fixed-size buffers to remove the
limit on the length of configuration file lines and refactor
read_config_line() to improve readability.
Note that this also fixes a buffer overflow that existed with the
original fixed-size buffer implementation.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| | |
|
| |
|
|
|
|
|
|
| |
Pages like /commit?h=wip&id=8a335ce618ba77fbf05148d6f8be17bd48ba4340
were being marked as dynamic, because of h=wip, when it should be
static, because of id=.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
We've long supported negative ttls, for infinite cache, except the
documentation incorrectly showed one of our defaults as being 5 and not
-1. As well, with a negative ttl, we were actually making the HTTP
expired header go backwards. This changes it to go ahead ten years
instead.
Further, we add an cache-about-ttl option to set a different ttl for
about pages, which are now increasingly being filtered through markdown
or just sent statically anyway.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
My dmesg is filled with the oom killer bringing down processes while the
Bingbot downloads every snapshot for every commit of the Linux kernel in
tar.xz format. Sure, I should be running with memory limits, and now I'm
using cgroups, but a more general solution is to prevent crawlers from
wasting resources like that in the first place.
Suggested-by: Natanael Copa <ncopa@alpinelinux.org>
Suggested-by: Julius Plenz <plenz@cis.fu-berlin.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| | |
|
| |
|
|
|
| |
This adds a favicon to cgit. It is not enabled by default, though.
The file contains two icons, 16x16 and 32x32 pixels, optimized for size.
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Features:
- update to git v1.8.3.
- expanded set of default filters to include markdown, restructuredtext, and
man pages.
- better sample configuration file in man page.
- "readme" may now be specified multiple times, and cgit will choose the first
one it finds.
- "readme" no longer needs a branch name. If prefixed with simply ":" it will
use the default branch.
- "branch-sort" allowing branches to be sorted either by "age" or "name", for
kernel.org.
- "enable-index-owner" allowing the owner column to be disabled in the index
page.
- print submodule revision next to submodule link.
- integrate more closely with git apis, such as strbuf.
- rely on git test harness and git makefiles.
- more robust test suite.
- more rebust makefile dependency accounting.
- pager navigation is now unordered list.
- span tag wraps commit directions.
Behavior changes:
- HOME is no longer passed as an environment variable to any filter api
scripts.
- "about-filter" now receives the filename being filtered as argv[1]. This may
disrupt existing scripts, so adjust accordingly.
- gitconfig and gitattributes are no longer loaded from any system directories
or home directories.
Security:
- CVE-2013-2117: disallow directory traversal when readme is set to filesystem
path.
Bug fixes:
- ssdiff now correctly manages tab expansion.
- support unannotated tags in http git clone.
- lots of cleanups of global variables and memory leaks.
- do not rely on gettext/libintl.
- better C standard compliance.
- make several functions and variables static.
- improved constification.
- remove unused functions.
- fix colspan values to correct width.
- fix out-of-bounds memory accesses with virtual_root="".
- cache repo config more precisely.
- die when write fails.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now this is possible in cgitrc -
readme=:README.md
readme=:readme.md
readme=:README.mkd
readme=:readme.mkd
readme=:README.rst
readme=:readme.rst
readme=:README.html
readme=:readme.html
readme=:README.htm
readme=:readme.htm
readme=:README.txt
readme=:readme.txt
readme=:README
readme=:readme
readme=:INSTALL.txt
readme=:install.txt
readme=:INSTALL
readme=:install
Suggested-by: John Keeping <john@keeping.me.uk>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using the url= query string, it was possible request arbitrary files
from the filesystem if the readme for a given page was set to a
filesystem file. The following request would return my /etc/passwd file:
http://git.zx2c4.com/?url=/somerepo/about/../../../../etc/passwd
http://data.zx2c4.com/cgit-directory-traversal.png
This fix uses realpath(3) to canonicalize all paths, and then compares
the base components.
This fix introduces a subtle timing attack, whereby a client can check
whether or not strstr is called using timing measurements in order
to determine if a given file exists on the filesystem.
This fix also does not account for filesystem race conditions (TOCTOU)
in resolving symlinks.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The readme variable may now contain multiple space deliminated entries,
which per usual are either a filepath or a git ref filepath. If multiple
are specified, cgit will now select the first one in the list that
exists. This is to make it easier to specify multiple default readme
types in the main cgitrc file and have them automatically get applied to
each repo based on what exists.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
| |
This gives the about-filter API the same semantics as source-filter,
where the filter receives the filename so it can decide what to do next
with it.
While we're at it, plug a memory leak.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
| |
If the readme value begins with ":", and has no specified branch before
it, use the repository's default branch.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
| |
The number of odd cases in which git will try to read config is far too
great to keep putting a bandaid over each one, so we'll just unset it.
If it turns out that scripts really liked to know about $HOME, we can
always reset it in the filter forks.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
| |
We've now added quite a few config keys for repositories, but we've
forgotten to update the printing of it for cache files. Synchronize the
two.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
| |
No changes required, just bump the submodule and Makefile versions.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
|
| |
By using the standard library's printf, cache_ls does not redirect its
output to the cache when we change the process' stdout file descriptor
to point to the cache file. Fix this by using "htmlf" in the same way
that we do for writing HTTP headers.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
| |
This means that we can avoid hardcoding the number of headers we expect
CGit to generate in test cases and simply remove whatever headers happen
to by there when we are checking body content.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
| |
This replaces some code that is re-implementing die_errno by just
calling the function.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
| |
If we fail to write HTML output once, there's no point carrying on so
just write a failure message once and die. By using Git's die_errno
function we also let the user know in what way the write failed.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This helps projects that have a large number of tags to display them all
using custom CSS.
The default stylesheet has not been updated since what is useful for
projects with a lot of tags is not the same as what is useful for
projects with only a small number of decorations per commit.
Suggested-by: Konstantin Ryabitsev <mricon@kernel.org>
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When building the "test" target we depend on both cgit and building the
Git tools. By doing this with two targets we end up running make in the
git/ directory twice, concurrently if using parallel make, which causes
us to build more than we need and potentially builds incorrectly if
multi-step build-then-move operations overlap.
Fix this by instead calling back into the makefile so that we alter the
"cgit" target to also build the Git tools.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
|
|
|
| |
Commit fb3655d (use struct strbuf instead of static buffers, 2013-04-06)
broke the logic in cache.c::cache_ls by failing to set slot->cache_name
before calling open_slot.
While fixing this, also free the strbufs added by that commit once we're
done with them.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
|
| |
We try to stick to POSIX shell in the tests but a "function" keyword has
found its way into t0109. Remove it.
This makes the tests work with dash again.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
It's a bit tedious to have to do this here too. If we encounter other
issues with $HOME down the line, I'll look into adding some nice utility
functions to handle this, or perhaps giving up on the hope that we could
keep $HOME defined for scripts.
This commit additionally adds a test case, should the issue surface
again.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When creating the GIT-VERSION-FILE that we use to test that the version
of Git in git/ is the same as in the CGit Makefile, Git applies the
transform "s/-/./g" to the version string. This doesn't affect released
versions but does change RC version numbers such as 1.8.3-rc0.
While CGit should only refer to a released Git version in general, it is
useful to developers who want to test upcoming Git releases if the tests
do work with RCs, so change t0001 to apply the same transform to our
Makefile version before comparing it to the contents of
GIT-VERSION-FILE.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
| |
No changes required, just bump the submodule and Makefile version.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Commit fb3655d (use struct strbuf instead of static buffers -
2013-04-06) introduced a regression in the "section-from-path" handling
when the configured value is negative. By changing the "rel" variable
so that it includes a trailing slash, counting slashes from the end of
the string no longer gives the same answer as it did before.
Fix this by ensuring that "rel" does not have a trailing slash.
Reported-by: Julius Plenz <plenz@cis.fu-berlin.de>
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When testing modifications in Git that affect CGit, it is annoying to
have t0001 failing simply because the Git version has a ".dirty" suffix
when the version of Git there does indeed match that specified in the
CGit makefile. Stop this by stripping the ".dirty" suffix from the
GIT_VERSION variable.
Note that this brings the "Git version" behaviour in line with the
"submodule version" case which does not check if the working tree in
git/ is modified.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By default, Git's test suite puts the trash directories and test-results
directory into its own directory, not that containing the tests being
run. This is less convenient for inspecting test failures, so set the
output directory to CGit's tests/ directory instead.
Note that there is currently a bug in Git whereby it will create the
trash directories in our tests/ directory regardless of the value of
TEST_OUTPUT_DIRECTORY, and then fail to remove them once the tests are
done. This change does currently affect the location of the
test-results/ directory though.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
|
|
|
| |
In order to ensure that we don't access $HOME at some point after
initial startup when rendering a specific view, run the strace test on a
range of different pages.
This ensures that we don't end up reading a configuration later for some
specific view.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
| |
Several options must be specified prior to scan-path. This is consistant
source of user confusion. Document these facts.
Suggested-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
| |
In cgit_print_snapshot_links() we strip leading "v" and "V", while we
currently only prepend a lower case "v" when parsing a snapshot file
name. This results in broken snapshot links for tags that start with an
upper case "V". Avoid this by prepending a "V" as a fallback.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
|
| |
Note that we cannot use skip_all here since some tests have already been
executed when ZIP tests are reached. Use test prerequisites to skip
everything using unzip(1) if the binary is not available instead.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
| |
"-i" isn't part of the POSIX standard and doesn't work on several
platforms such as OpenBSD. Use a temporary file instead.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
|
|
|
|
| |
When set to "name", branches are sorted by name, which is the current
default. When set to "age", branches are sorted by the age of the
repository.
This feature was requested by Konstantin Ryabitsev for use on
kernel.org.
Proposed-by: Konstantin Ryabitsev <mricon@kernel.org>
|
| |
|
|
|
|
|
|
| |
Without '&&' between operations, we will not detect if strace or cgit
exit with an error status, which would cause a false positive test
status in this case.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
|
|
|
| |
getenv() returns a NULL pointer if the specified variable name cannot be
found in the environment. However, some setenv() implementations crash
if a NULL pointer is passed as second argument. Only restore variables
that are not NULL.
See commit d96d2c98ebc4c2d3765f5b35c4142e0e828a421b for a related patch.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
| |
Some tar(1) versions do not support auto detection of the compression
type. Explicitly specify "-z" to decompress a ".tar.gz" archive.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
|
|
|
|
| |
With the latest changes to prevent git from accessing configuration
files that it should not, it's important to be sure that we won't
have further breakage in the future.
Use strace to implement a test to make sure cgit does not access()
anything built from $HOME.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This allows tests to run in parallel as well as letting us use "prove"
or another TAP harness to run the tests.
Git's test framework requires Git to be fully built before letting any
tests run, so add a new target to the top-level Makefile which builds
all of Git instead of just libgit.a and make the "test" target depend on
that.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While doing any kind of git loading, unset HOME variables and set
NOSYSTEM variables so that cgit does not load any settings that a user
may have set for his own /usr/bin/git usage.
This fixes a fatal error introduced with git 1.8, whereupon git would
fatally exit when failing to access particular files.
The result of this is that only repo-local configuration files are
accessed:
zx2c4@thinkpad ~/Projects/cgit $ HOME=/root QUERY_STRING="url=foo/log"
CGIT_CONFIG=tests/trash/cgitrc strace -e access ./cgit >/dev/null
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
access("repos/foo/.git/objects", X_OK) = 0
access("repos/foo/.git/refs", X_OK) = 0
access("repos/foo/.git/config", R_OK) = 0
access("repos/foo/.git/config", R_OK) = 0
access("repos/foo/.git/objects/b3/bafdbf0183f4897ef8b1319cb8c490ed54717e", F_OK) = 0
access("repos/foo/.git/objects/b3/bafdbf0183f4897ef8b1319cb8c490ed54717e", F_OK) = 0
access("repos/foo/.git/objects/b3/bafdbf0183f4897ef8b1319cb8c490ed54717e", F_OK) = 0
access("repos/foo/.git/objects/b3/bafdbf0183f4897ef8b1319cb8c490ed54717e", F_OK) = 0
+++ exited with 0 +++
Reported-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Tested-by: Jason A. Donenfeld <Jason@zx2c4.com>
Tested-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use "struct strbuf" from Git to remove the limit on file path length.
Notes on scan-tree:
This is slightly involved since I decided to pass the strbuf into
add_repo() and modify if whenever a new file name is required, which
should avoid any extra allocations within that function. The pattern
there is to append the filename, use it and then reset the buffer to its
original length (retaining a trailing '/').
Notes on ui-snapshot:
Since write_archive modifies the argv array passed to it we
copy the argv_array values into a new array of char* and then free the
original argv_array structure and the new array without worrying about
what the values now look like.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
| |
After this change there is one remaining call 'fmt("%s", delim)' in
ui-shared.c but is needed as delim is stack allocated and so cannot be
returned from the function.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
|
| |
This removes many uses of "fmt" which uses a fixed size static pool of
fixed size buffers. Instead of relying on these, we now pass around
argument lists for as long as possible before using a strbuf to render
content of an arbitrary size.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
| |
This is a small helper so that we can easily ensure that a strbuf ends
with the specified character.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
|
|
| |
This adds the fmtalloc helper, html_txtf, html_vtxtf, and html_attrf.
These takes a printf style format string like htmlf but escapes the
resulting string. The html_vtxtf variant takes a va_list whereas
html_txtf is variadic.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
| |
Signed-off-by: John Keeping <john@keeping.me.uk>
|
