| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Features:
- update to git v1.8.3.
- expanded set of default filters to include markdown, restructuredtext, and
man pages.
- better sample configuration file in man page.
- "readme" may now be specified multiple times, and cgit will choose the first
one it finds.
- "readme" no longer needs a branch name. If prefixed with simply ":" it will
use the default branch.
- "branch-sort" allowing branches to be sorted either by "age" or "name", for
kernel.org.
- "enable-index-owner" allowing the owner column to be disabled in the index
page.
- print submodule revision next to submodule link.
- integrate more closely with git apis, such as strbuf.
- rely on git test harness and git makefiles.
- more robust test suite.
- more rebust makefile dependency accounting.
- pager navigation is now unordered list.
- span tag wraps commit directions.
Behavior changes:
- HOME is no longer passed as an environment variable to any filter api
scripts.
- "about-filter" now receives the filename being filtered as argv[1]. This may
disrupt existing scripts, so adjust accordingly.
- gitconfig and gitattributes are no longer loaded from any system directories
or home directories.
Security:
- CVE-2013-2117: disallow directory traversal when readme is set to filesystem
path.
Bug fixes:
- ssdiff now correctly manages tab expansion.
- support unannotated tags in http git clone.
- lots of cleanups of global variables and memory leaks.
- do not rely on gettext/libintl.
- better C standard compliance.
- make several functions and variables static.
- improved constification.
- remove unused functions.
- fix colspan values to correct width.
- fix out-of-bounds memory accesses with virtual_root="".
- cache repo config more precisely.
- die when write fails.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now this is possible in cgitrc -
readme=:README.md
readme=:readme.md
readme=:README.mkd
readme=:readme.mkd
readme=:README.rst
readme=:readme.rst
readme=:README.html
readme=:readme.html
readme=:README.htm
readme=:readme.htm
readme=:README.txt
readme=:readme.txt
readme=:README
readme=:readme
readme=:INSTALL.txt
readme=:install.txt
readme=:INSTALL
readme=:install
Suggested-by: John Keeping <john@keeping.me.uk>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using the url= query string, it was possible request arbitrary files
from the filesystem if the readme for a given page was set to a
filesystem file. The following request would return my /etc/passwd file:
http://git.zx2c4.com/?url=/somerepo/about/../../../../etc/passwd
http://data.zx2c4.com/cgit-directory-traversal.png
This fix uses realpath(3) to canonicalize all paths, and then compares
the base components.
This fix introduces a subtle timing attack, whereby a client can check
whether or not strstr is called using timing measurements in order
to determine if a given file exists on the filesystem.
This fix also does not account for filesystem race conditions (TOCTOU)
in resolving symlinks.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The readme variable may now contain multiple space deliminated entries,
which per usual are either a filepath or a git ref filepath. If multiple
are specified, cgit will now select the first one in the list that
exists. This is to make it easier to specify multiple default readme
types in the main cgitrc file and have them automatically get applied to
each repo based on what exists.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
| |
This gives the about-filter API the same semantics as source-filter,
where the filter receives the filename so it can decide what to do next
with it.
While we're at it, plug a memory leak.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
| |
If the readme value begins with ":", and has no specified branch before
it, use the repository's default branch.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
| |
The number of odd cases in which git will try to read config is far too
great to keep putting a bandaid over each one, so we'll just unset it.
If it turns out that scripts really liked to know about $HOME, we can
always reset it in the filter forks.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
| |
We've now added quite a few config keys for repositories, but we've
forgotten to update the printing of it for cache files. Synchronize the
two.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
| |
No changes required, just bump the submodule and Makefile versions.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
|
| |
By using the standard library's printf, cache_ls does not redirect its
output to the cache when we change the process' stdout file descriptor
to point to the cache file. Fix this by using "htmlf" in the same way
that we do for writing HTTP headers.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
| |
This means that we can avoid hardcoding the number of headers we expect
CGit to generate in test cases and simply remove whatever headers happen
to by there when we are checking body content.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
| |
This replaces some code that is re-implementing die_errno by just
calling the function.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
| |
If we fail to write HTML output once, there's no point carrying on so
just write a failure message once and die. By using Git's die_errno
function we also let the user know in what way the write failed.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This helps projects that have a large number of tags to display them all
using custom CSS.
The default stylesheet has not been updated since what is useful for
projects with a lot of tags is not the same as what is useful for
projects with only a small number of decorations per commit.
Suggested-by: Konstantin Ryabitsev <mricon@kernel.org>
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When building the "test" target we depend on both cgit and building the
Git tools. By doing this with two targets we end up running make in the
git/ directory twice, concurrently if using parallel make, which causes
us to build more than we need and potentially builds incorrectly if
multi-step build-then-move operations overlap.
Fix this by instead calling back into the makefile so that we alter the
"cgit" target to also build the Git tools.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
|
|
|
| |
Commit fb3655d (use struct strbuf instead of static buffers, 2013-04-06)
broke the logic in cache.c::cache_ls by failing to set slot->cache_name
before calling open_slot.
While fixing this, also free the strbufs added by that commit once we're
done with them.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
|
| |
We try to stick to POSIX shell in the tests but a "function" keyword has
found its way into t0109. Remove it.
This makes the tests work with dash again.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
It's a bit tedious to have to do this here too. If we encounter other
issues with $HOME down the line, I'll look into adding some nice utility
functions to handle this, or perhaps giving up on the hope that we could
keep $HOME defined for scripts.
This commit additionally adds a test case, should the issue surface
again.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When creating the GIT-VERSION-FILE that we use to test that the version
of Git in git/ is the same as in the CGit Makefile, Git applies the
transform "s/-/./g" to the version string. This doesn't affect released
versions but does change RC version numbers such as 1.8.3-rc0.
While CGit should only refer to a released Git version in general, it is
useful to developers who want to test upcoming Git releases if the tests
do work with RCs, so change t0001 to apply the same transform to our
Makefile version before comparing it to the contents of
GIT-VERSION-FILE.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
| |
No changes required, just bump the submodule and Makefile version.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Commit fb3655d (use struct strbuf instead of static buffers -
2013-04-06) introduced a regression in the "section-from-path" handling
when the configured value is negative. By changing the "rel" variable
so that it includes a trailing slash, counting slashes from the end of
the string no longer gives the same answer as it did before.
Fix this by ensuring that "rel" does not have a trailing slash.
Reported-by: Julius Plenz <plenz@cis.fu-berlin.de>
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When testing modifications in Git that affect CGit, it is annoying to
have t0001 failing simply because the Git version has a ".dirty" suffix
when the version of Git there does indeed match that specified in the
CGit makefile. Stop this by stripping the ".dirty" suffix from the
GIT_VERSION variable.
Note that this brings the "Git version" behaviour in line with the
"submodule version" case which does not check if the working tree in
git/ is modified.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By default, Git's test suite puts the trash directories and test-results
directory into its own directory, not that containing the tests being
run. This is less convenient for inspecting test failures, so set the
output directory to CGit's tests/ directory instead.
Note that there is currently a bug in Git whereby it will create the
trash directories in our tests/ directory regardless of the value of
TEST_OUTPUT_DIRECTORY, and then fail to remove them once the tests are
done. This change does currently affect the location of the
test-results/ directory though.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
|
|
|
| |
In order to ensure that we don't access $HOME at some point after
initial startup when rendering a specific view, run the strace test on a
range of different pages.
This ensures that we don't end up reading a configuration later for some
specific view.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
| |
Several options must be specified prior to scan-path. This is consistant
source of user confusion. Document these facts.
Suggested-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
| |
In cgit_print_snapshot_links() we strip leading "v" and "V", while we
currently only prepend a lower case "v" when parsing a snapshot file
name. This results in broken snapshot links for tags that start with an
upper case "V". Avoid this by prepending a "V" as a fallback.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
|
| |
Note that we cannot use skip_all here since some tests have already been
executed when ZIP tests are reached. Use test prerequisites to skip
everything using unzip(1) if the binary is not available instead.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
| |
"-i" isn't part of the POSIX standard and doesn't work on several
platforms such as OpenBSD. Use a temporary file instead.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
|
|
|
|
| |
When set to "name", branches are sorted by name, which is the current
default. When set to "age", branches are sorted by the age of the
repository.
This feature was requested by Konstantin Ryabitsev for use on
kernel.org.
Proposed-by: Konstantin Ryabitsev <mricon@kernel.org>
|
| |
|
|
|
|
|
|
| |
Without '&&' between operations, we will not detect if strace or cgit
exit with an error status, which would cause a false positive test
status in this case.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
|
|
|
| |
getenv() returns a NULL pointer if the specified variable name cannot be
found in the environment. However, some setenv() implementations crash
if a NULL pointer is passed as second argument. Only restore variables
that are not NULL.
See commit d96d2c98ebc4c2d3765f5b35c4142e0e828a421b for a related patch.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
| |
Some tar(1) versions do not support auto detection of the compression
type. Explicitly specify "-z" to decompress a ".tar.gz" archive.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
|
|
|
|
| |
With the latest changes to prevent git from accessing configuration
files that it should not, it's important to be sure that we won't
have further breakage in the future.
Use strace to implement a test to make sure cgit does not access()
anything built from $HOME.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This allows tests to run in parallel as well as letting us use "prove"
or another TAP harness to run the tests.
Git's test framework requires Git to be fully built before letting any
tests run, so add a new target to the top-level Makefile which builds
all of Git instead of just libgit.a and make the "test" target depend on
that.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While doing any kind of git loading, unset HOME variables and set
NOSYSTEM variables so that cgit does not load any settings that a user
may have set for his own /usr/bin/git usage.
This fixes a fatal error introduced with git 1.8, whereupon git would
fatally exit when failing to access particular files.
The result of this is that only repo-local configuration files are
accessed:
zx2c4@thinkpad ~/Projects/cgit $ HOME=/root QUERY_STRING="url=foo/log"
CGIT_CONFIG=tests/trash/cgitrc strace -e access ./cgit >/dev/null
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
access("repos/foo/.git/objects", X_OK) = 0
access("repos/foo/.git/refs", X_OK) = 0
access("repos/foo/.git/config", R_OK) = 0
access("repos/foo/.git/config", R_OK) = 0
access("repos/foo/.git/objects/b3/bafdbf0183f4897ef8b1319cb8c490ed54717e", F_OK) = 0
access("repos/foo/.git/objects/b3/bafdbf0183f4897ef8b1319cb8c490ed54717e", F_OK) = 0
access("repos/foo/.git/objects/b3/bafdbf0183f4897ef8b1319cb8c490ed54717e", F_OK) = 0
access("repos/foo/.git/objects/b3/bafdbf0183f4897ef8b1319cb8c490ed54717e", F_OK) = 0
+++ exited with 0 +++
Reported-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Tested-by: Jason A. Donenfeld <Jason@zx2c4.com>
Tested-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use "struct strbuf" from Git to remove the limit on file path length.
Notes on scan-tree:
This is slightly involved since I decided to pass the strbuf into
add_repo() and modify if whenever a new file name is required, which
should avoid any extra allocations within that function. The pattern
there is to append the filename, use it and then reset the buffer to its
original length (retaining a trailing '/').
Notes on ui-snapshot:
Since write_archive modifies the argv array passed to it we
copy the argv_array values into a new array of char* and then free the
original argv_array structure and the new array without worrying about
what the values now look like.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
| |
After this change there is one remaining call 'fmt("%s", delim)' in
ui-shared.c but is needed as delim is stack allocated and so cannot be
returned from the function.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
|
| |
This removes many uses of "fmt" which uses a fixed size static pool of
fixed size buffers. Instead of relying on these, we now pass around
argument lists for as long as possible before using a strbuf to render
content of an arbitrary size.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
| |
This is a small helper so that we can easily ensure that a strbuf ends
with the specified character.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
|
|
| |
This adds the fmtalloc helper, html_txtf, html_vtxtf, and html_attrf.
These takes a printf style format string like htmlf but escapes the
resulting string. The html_vtxtf variant takes a va_list whereas
html_txtf is variadic.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
| |
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The CGit configuration variable virtual_root is normalized so that it
does not have a trailing '/' character, but it is allowed to be empty
(the empty string and NULL have different meanings here) and there is
code that is insufficiently cautious when checking if it ends in a '/':
if (virtual_root[strlen(virtual_root) - 1] != '/')
Clearly this check is redundant, but rather than simply removing it we
get a slight efficiency improvement by switching the normalization so
that the virtual_root variable always ends in '/'. Do this with a new
"ensure_end" helper.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
| |
The code snippets for OBJ_TAG and other object types are almost
equivalent. Merge them and use a couple of inline if conditions to
select proper fields.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
print_tag_header() is only called from cgit_print_tags() -- the
conditional invocation in print_tag() is never executed since
print_tag() is only called by cgit_print_tags() which already executes
print_tag_header() before (resulting in the global variable being always
set in when the condition is evaluated).
Remove the global variable and the conditional invocation.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
| |
Use the xstrdup() wrapper which already bails out if strdup() returns a
NULL pointer.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
While doing this, remove declarations from header files where the
corresponding definition is declared "static" in order to avoid build
errors.
Also re-order existing headers in ui-*.c so that the file-specific
header always comes immediately after "cgit.h", helping with future
consistency.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
|
|
|
| |
Git calculates the dependency files to be included using a simply
expanded Makefile variable, so it does not include the CGit objects that
are added after that Makefile has been processed.
We therefore need to include the dependency files ourselves in order to
get the dependency calculations right. Do this.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
| |
This avoids needed to export every variable that might be used in
cgit.mk from the top-level Makefile.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
|
|
| |
This reverts the memory duplication introduced in commit 60a2627, while
keeping everything else that has been cleaned up. The environment
variables are never modified, so we do not need to call xstrdupn() here.
Also, remove xstrdupn() which is no longer needed.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
|
| |
These reflect the values of environment variables and should never be
changed. Add another xstrdup() when we assign environment variables to
strings that are potentially non-constant.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The return values of these functions are essentially constant and should
never be modified.
Note that this will introduce a compiler warning when we try to free the
return value of any of these functions. However, given that all of these
currently return statically allocated strings in some cases, they need
to be refactored before this can be done anyway.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
|
|
|
|
| |
This requires a small change to how we handle notes, but otherwise just
works.
Note that we can't use anything from v1.8.0 until v1.8.2.1 because some
of the symbols that we need for graph drawing were made private in
v1.8.0 and this was not reverted until v1.8.2.1.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
It it possible to inspect blobs by specifying only the SHA-1, and CGit
provides links to do so, for example if a tag points directly at a blob.
In this case the path_items structure is never used, but creating it
still causes strlen to be run on a null pointer. Fix this.
This error was introduced by commit c1633c6 (Update git to v1.7.6.5 -
2013-03-02).
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
|
|
| |
It is common practice and semantically appropriate to use unordered
lists for long navigation lists.
This also fixes the layout of very long pager navigations in
Webkit-based browsers.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
There's no need for this variable to be global. Printing the header in
print_urls() instead of print_url() allows for moving this variable into
print_urls() without having to pass any status to print_url().
Note that this only works as long as we don't call print_urls() more
than once.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
| |
This fixes a couple of minor oversights in previous commits and adjusts
all cells using colspan to use the correct width.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
| |
This squelches a gcc warning. It's also correct that we check to see if
there are any partial or failed writes. For now, we just print a warning
to stderr. In the future, perhaps it will prove wise to exit(1) on
partial writes.
|
| |
|
|
|
|
| |
Since tail is initialized to 0, we will never get a warning on the last
if statement, but recent gcc complains anyway. So, we initialize len as
well. Future gcc versions should be able to optimize this out anyway.
|
| |
|
|
|
|
|
|
| |
On some platforms (notably Solaris) /bin/sh doesn't support enough of
POSIX for gen-version.sh to run. Git's Makefile provides SHELL_PATH_SQ
to address this issue so we just have to use it.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
|
| |
If CGIT_VERSION is in CGIT_CFLAGS then a change in version (for example
because you have committed your changes) causes all of the CGit objects
to be rebuilt. Avoid this by using EXTRA_CPPFLAGS to add the version
for only those files that are affected and make them depend on VERSION.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
| |
We already have a global cgit_version which is set from the #define'd
CGIT_VERSION in cgit.c. Change ui-patch.c to use this so that we only
need to rebuild cgit.o when the version changes.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Git does quite a lot of platform-specific detection in its Makefile,
which can result in it defining preprocessor variables that are used in
its header files. If CGit does not define the same variables it can
result in different sizes of some structures in different places in the
same application.
For example, on Solaris Git uses it's "compat" regex library which has a
different sized regex_t structure than that available in the platform
regex.h. This has a knock-on effect on the size of "struct rev_info"
and leads to hard to diagnose runtime issues.
In order to avoid all of this, introduce a "cgit.mk" file that includes
Git's Makefile and make all of the existing logic apply to CGit's
objects as well. This is slightly complicated because Git's Makefile
must run in Git's directory, so all references to CGit files need to be
prefixed with "../".
In addition, OBJECTS is a simply expanded variable in Git's Makefile so
we cannot just add our objects to it. Instead we must copy the two
applicable rules into "cgit.mk". This has the advantage that we can
split CGit-specific CFLAGS from Git's CFLAGS and hence avoid rebuilding
all of Git whenever a CGit-specific value changes.
Signed-off-by: John Keeping <john@keeping.me.uk>
Acked-by: Jamie Couture <jamie.couture@gmail.com>
|
| |
|
|
|
|
|
|
| |
This ensures that the Git version pointed at by the submodule is the
same as the one that will be fetched using "make get-git".
Suggested-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes following memory leak seen with "PATH_INFO=/cgit/commit/":
==16894== 12 bytes in 1 blocks are definitely lost in loss record 9 of 92
==16894== at 0x4C2C04B: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==16894== by 0x56F2DF1: strdup (in /usr/lib/libc-2.17.so)
==16894== by 0x46CAC8: xstrdup (wrapper.c:35)
==16894== by 0x414E34: cgit_print_snapshot_links (ui-shared.c:926)
==16894== by 0x40CFA1: cgit_print_commit (ui-commit.c:102)
==16894== by 0x407B06: commit_fn (cmd.c:54)
==16894== by 0x405E16: process_request (cgit.c:574)
==16894== by 0x4074C8: cache_process (cache.c:322)
==16894== by 0x406C4F: main (cgit.c:872)
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes following memory leak seen with "PATH_INFO=/cgit/commit/":
==16894== 7 bytes in 1 blocks are definitely lost in loss record 4 of 92
==16894== at 0x4C2C04B: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==16894== by 0x56F2DF1: strdup (in /usr/lib/libc-2.17.so)
==16894== by 0x46CAC8: xstrdup (wrapper.c:35)
==16894== by 0x40CD6F: cgit_print_commit (ui-commit.c:70)
==16894== by 0x407B06: commit_fn (cmd.c:54)
==16894== by 0x405E16: process_request (cgit.c:574)
==16894== by 0x4074C8: cache_process (cache.c:322)
==16894== by 0x406C4F: main (cgit.c:872)
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes following memory leak seen with "PATH_INFO=/cgit/tree/":
==15715== 7 bytes in 1 blocks are definitely lost in loss record 4 of 51
==15715== at 0x4C2C04B: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==15715== by 0x56F2DF1: strdup (in /usr/lib/libc-2.17.so)
==15715== by 0x46CAA8: xstrdup (wrapper.c:35)
==15715== by 0x418A4C: cgit_print_tree (ui-tree.c:274)
==15715== by 0x407D91: tree_fn (cmd.c:131)
==15715== by 0x405E16: process_request (cgit.c:574)
==15715== by 0x4074C8: cache_process (cache.c:322)
==15715== by 0x406C4F: main (cgit.c:872)
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes following memory leak seen with "PATH_INFO=/cgit/refs/":
==13408== 7 bytes in 1 blocks are definitely lost in loss record 4 of 52
==13408== at 0x4C2C04B: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==13408== by 0x56F2DF1: strdup (in /usr/lib/libc-2.17.so)
==13408== by 0x46CA78: xstrdup (wrapper.c:35)
==13408== by 0x405840: find_current_ref (cgit.c:426)
==13408== by 0x44BE5A: do_one_ref (refs.c:527)
==13408== by 0x44D3E0: do_for_each_ref_in_dir (refs.c:553)
==13408== by 0x44D85A: do_for_each_ref (refs.c:1298)
==13408== by 0x405889: find_default_branch (cgit.c:438)
==13408== by 0x405AC4: prepare_repo_cmd (cgit.c:490)
==13408== by 0x405D97: process_request (cgit.c:557)
==13408== by 0x407490: cache_process (cache.c:322)
==13408== by 0x406C18: main (cgit.c:864)
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Make sure the ref variable is freed if we build a
"$basename-$version"-style ref.
This fixes following memory leak seen with "PATH_INFO=/cgit/refs/":
==8784== 323 bytes in 29 blocks are definitely lost in loss record 41 of 53
==8784== at 0x4C2C04B: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==8784== by 0x56F2DF1: strdup (in /usr/lib/libc-2.17.so)
==8784== by 0x46CA28: xstrdup (wrapper.c:35)
==8784== by 0x410DA6: print_tag_downloads (ui-refs.c:115)
==8784== by 0x410F02: print_tag (ui-refs.c:141)
==8784== by 0x41128B: cgit_print_tags (ui-refs.c:230)
==8784== by 0x41134D: cgit_print_refs (ui-refs.c:250)
==8784== by 0x407C85: refs_fn (cmd.c:105)
==8784== by 0x405DDF: process_request (cgit.c:566)
==8784== by 0x407490: cache_process (cache.c:322)
==8784== by 0x406C18: main (cgit.c:864)
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Free reflists in cgit_print_branches() and in cgit_print_tags() before
returning reflist structures to the stack.
This fixes following memory leaks seen with "PATH_INFO=/cgit/refs/":
==5710== 1,312 (32 direct, 1,280 indirect) bytes in 1 blocks are definitely lost in loss record 63 of 71
==5710== at 0x4C2C04B: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==5710== by 0x4C2C2FF: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==5710== by 0x46CA9B: xrealloc (wrapper.c:100)
==5710== by 0x40AAA6: cgit_add_ref (shared.c:156)
==5710== by 0x40ABC4: cgit_refs_cb (shared.c:186)
==5710== by 0x44BCBA: do_one_ref (refs.c:527)
==5710== by 0x44D240: do_for_each_ref_in_dir (refs.c:553)
==5710== by 0x44D6BA: do_for_each_ref (refs.c:1298)
==5710== by 0x410FE2: cgit_print_branches (ui-refs.c:191)
==5710== by 0x4111E9: cgit_print_refs (ui-refs.c:244)
==5710== by 0x407C85: refs_fn (cmd.c:105)
==5710== by 0x405DDF: process_request (cgit.c:566)
==5710==
==5710== 6,846 (256 direct, 6,590 indirect) bytes in 1 blocks are definitely lost in loss record 68 of 71
==5710== at 0x4C2C25E: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==5710== by 0x46CA9B: xrealloc (wrapper.c:100)
==5710== by 0x40AAA6: cgit_add_ref (shared.c:156)
==5710== by 0x40ABC4: cgit_refs_cb (shared.c:186)
==5710== by 0x44BCBA: do_one_ref (refs.c:527)
==5710== by 0x44D240: do_for_each_ref_in_dir (refs.c:553)
==5710== by 0x44D6EC: do_for_each_ref (refs.c:1288)
==5710== by 0x4110D5: cgit_print_tags (ui-refs.c:218)
==5710== by 0x4111FD: cgit_print_refs (ui-refs.c:246)
==5710== by 0x407C85: refs_fn (cmd.c:105)
==5710== by 0x405DDF: process_request (cgit.c:566)
==5710== by 0x407490: cache_process (cache.c:322)
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| | |
| |
| |
| |
| |
| | |
This is no longer used as of commit f135569b.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| | |
| |
| |
| |
| |
| | |
This is no longer used as of commit 0c8e184e.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| | |
| |
| |
| |
| |
| | |
Spotted by parsing the output of `gcc -Wmissing-prototypes [...]`.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
| |
cgit_self_link() is a void function but implements each case it handles
by doing "return <another_void_function>" which is not valid C; section
6.8.6.4 of C11 says:
A return statement with an expression shall not appear in a
function whose return type is void.
Fix this by removing the return keywords and converting the final code
block into an "else".
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
| |
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
| |
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
| |
The "-e" option to grep is not needed unless specifying more than one
pattern, which we don't do. Remove it to avoid restricting the tests on
platforms that do not have a grep that recognises "-e".
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Newer libgit versions depend on the libintl library. However, we
currently do not link against libintl which breaks compilation under
OpenBSD:
git/libgit.a(commit.o)(.text+0x1d1b): In function `lookup_commit_or_die':
git/gettext.h:47: undefined reference to `libintl_gettext'
[...]
Since we do not support i18n in cgit, just disable gettext in the Git
submodule to fix this.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Makefile target generation would always be included for any makefile
target that was not clean. Only care to include the '.deps' directory
when building cgit, rather than generating and including dependencies
when calling other makefile targets.
Heavily borrowed from git's Makefile, but without definitions to test
for the compiler's header dependency feature. Previous Makefile
implementation never checked for this compiler feature anyway.
- Removed makecmdgoal 'clean' check
- Grouped like .PHONY target definitions
- Place build dependency targets under .SUFFIXES
- Re-arranged location of library inclusion definitions
- Use google code mirror instead of github
Signed-off-by: Jamie Couture <jamie.couture@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
| |
We use resolve_ref() since commit 8d7c2ec2, so this is no longer needed.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
|
|
|
| |
Use the context pointer to pass context information instead of misusing
global variables, as we already did in "ui-blob.c" and in "ui-plain.c".
In addition to the fixes to walk_tree(), pass the same structure to
ls_tree() and ls_item() which is read_tree_recursive()-based as well.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
| |
Instead, use the value of the state variable to determine whether the
footer needs to be drawn.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
|
|
|
|
| |
This allows for removing the header variable in a following patch. We
can use the state variable to check whether the tail needs to be printed
instead.
Note that the state variable will be moved into a context structure
later.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
|
|
|
| |
No longer access the global curr_rev variable in print_object().
This will make it easier to squash the curr_rev variable into a context
structure without having to pass the context to the print_object()
function.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
|
| |
Do not misuse global variables to save the context. Instead, use the
context pointer which was designed to share information between a
read_tree_fn and the caller.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
|
|
| |
Move all code setting the match variable to walk_tree().
This allows for easily moving this variable into a context structure
without having to pass the context to print_*().
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Do not misuse global variables to save the context. Instead, use the
context pointer which was designed to share information between a
read_tree_fn and the caller.
This also prevents from potential misuse of the global pointers
match_path and matched_sha1 after the referenced values have been
overwritten on the stack.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
|
|
|
| |
parse_archive_args does not pass PARSE_OPT_KEEP_ARGV0 to parse_args,
which means the first argument will be discarded, as though it were a
function being called from the command-line. Thus, we fill argv[0] with
a dummy argument to prevent this from happening.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
| |
* Remove whitespace at the end of lines.
* Replace space indentation by tabs.
* Add whitespace before/after several operators ("+", "-", "*", ...)
* Add whitespace to assignments ("foo = bar;").
* Fix whitespace in parameter lists ("foobar(foo, bar, 42)").
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |
|
|
|
|
| |
No changes needed.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
| |
resolve_ref() is renamed to resolve_ref_unsafe(). CGit's usage is safe.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
| |
No changes required.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
| |
This release changes the archive interface so that we now need to pass
argv into write_archive().
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
| |
struct pathspec is now used in more places.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| |
|
|
|
|
|
|
|
| |
Some changes to diff options:
- no_merges has become the more general max_parents
- path restriction now uses struct pathspec
Signed-off-by: John Keeping <john@keeping.me.uk>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Matthew McClintock reported that older unannotated tags were not
correctly being cloned and did not appear in info/refs. Further
investigation revealed some dubious prefix comparison code for
determining whether or not to write refs in info/refs. After comparing
it with git's own http-backend.c, it appears upstream does not use this
prefix logic.
OTOH, I don't know what the reasoning was when the prefix logic was
introduced. It appears to me to just be buggy, though it's possible
there are other reasons, and we'll have to revisit this commit.
But for now, Works For Me.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Matthew McClintock <msm@freescale.com>
Reported-by: Matthew McClintock <msm@freescale.com>
|
| |
|
|
|
|
|
| |
Previously, replace_tabs("foo\tbar") would become " foobar".
Signed-off-by: Julius Plenz <plenz@cis.fu-berlin.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
| |
This is not really needed for personal sites where all repos belong to
the same person. Since it is pretty useful for shared sites however, it
should be configurable.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Enhancements:
- path-selected submodule links
- intelligent default branch guessing
- /etc/mime.types lookup
- gitweb.* and cgit.* git-config support
- case insensitive sorting and age sorting
- commit, repository, and section sorting
- bold currently viewed page in pagination
- support BSDs in makefile
Security:
- CVE-2012-4465: heap-buffer overflow in parsing.c
- CVE-2012-4548: syntax highlighting command injection
Bug Fixes:
- transition maintainer to Jason Donenfeld (zx2c4)
- download git snapshot from github instead of Lars' old server
- css fixes
- stablization of tests
- more compatible default highlight script
- suppress gzip timestamp so that tarballs only use tar timestamps
- treat ctags as target in makefile
- do not let global variables override certain local repo settings
- print ampersand as proper html entity
- use placeholder for empty commit subject
- format diff view for addition and removal of files
- point links at correct blob from ssdiff
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Previously, the id_str (i.e. the current or diffed-against commit's
SHA1 ID) was simply concatenated to the URL. Now, prepend an "id="
string so that the links actually point to the right blobs and thus
the exact lines.
Signed-off-by: Julius Plenz <plenz@cis.fu-berlin.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
| |
Copying the output of cgit and using it in patches now works when adding
files to or removing files from the repository. This is helpful for people
who use cgit in their patch workflow.
|
| |
|
|
| |
Github will have more bandwidth than Lars' server.
|
| |
|
|
|
|
| |
Remove tags file from working directory.
Signed-off-by: Jamie Couture <jamie.couture@gmail.com>
|
| |
|
|
|
| |
Display a placeholder when creating links to commits with empty subjects.
This avoids the creation of links of the form <a></a>.
|
| |
|
|
|
|
|
|
|
| |
By not quoting the argument, an attacker with the ability to add files
to the repository could pass arbitrary arguments to the highlight
command, in particular, the --plug-in argument which can lead to
arbitrary command execution.
This patch adds simple argument quoting.
|
| | |
|
| | |
|
| |
|
|
|
| |
According to Dan Rue <drue@therub.org>, FreeBSD requires the lib paths
to get libiconv from /usr/local.
|
| |
|
|
|
|
|
| |
Since we're now properly writing ampersand literals as & instead of
as a plain &, we need to update the test accordingly.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
| |
This makes it possible to use strict commit date ordering or strict
topological ordering by passing the corresponding flags to "git log".
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
| |
Flag which, when set to "1", will sort the sections on the repository
listing by name. Set this flag to "0" if the order in the cgitrc file
should be preserved. Default value: "1".
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After some back and forth with Jamie and René, it looks like the git
config semantics are going to be like this:
- gitweb.category maps to the cgit repo config key "section"
- gitweb.description maps to the cgit repo config key "desc"
- gitweb.owner maps to the cgit repo config key "owner"
- cgit.* maps to all cgit repo config keys
This option can be enabled with "enable-git-config=1", and replaces
all previous "enable-gitweb-*" config keys.
The order of operations is as follows:
- git config settings are applied in the order that they exist in
the git config file
- if the owner is not set from git config, get the owner using the
usual getpwuid call
- if the description is not set from git config, look inside the
static $path/description file
- if section-from-path=1, override whatever previous settings were
inside of git config using the section-from-path logic
- parse $path/cgitrc for local repo.* settings, that override all
previous settings
|
| | |
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This makes it possible to activate the enable_commit_graph,
enable_log_filecount, and enable_log_linecount for individual
repositories, even if the global setting is "0" (default).
The commit that introduced the broken behavior was e189344, and the
commit message of that makes it clear that this wasn't the intended
behavior.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
There are 2 situations:
1- empty extension: assuming text is better than highlight
producing no output because of a missing argument.
2- no extension at all: assuming text is better than setting
the extension to the filename, which is what now happens.
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
|
| |
|
|
| |
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
|
| |
|
|
|
|
|
|
|
| |
This reverts commit f50be7fda0a7ab57009169dd5905fcbab8eb5166.
An update with the latest highlight landed in EPEL. This new version
doesn't have the --force bug, so the workaround can now be removed.
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
|
| |
|
|
| |
Signed-off-by: Jamie Couture <jamie.couture@gmail.com>
|
| |
|
|
| |
Signed-off-by: Jamie Couture <jamie.couture@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* parsing.c (substr): Handle tail < head.
This started when I noticed some cgit segfaults on savannah.gnu.org.
Finding the offending URL/commit and then constructing a stand-alone
reproducer were far more time-consuming than writing the actual patch.
The problem arises with a commit like this, in which the user name
part of the "Author" field is empty:
$ git log -1
commit 6f3f41d73393278f3ede68a2cb1e7a2a23fa3421
Author: <T at h.or>
Date: Mon Apr 23 22:29:16 2012 +0200
Here's what happens:
(this is due to buf=malloc(0); strncpy (buf, head, -1);
where "head" may point to plenty of attacker-specified non-NUL bytes,
so we can overwrite a zero-length heap buffer with arbitrary data)
Invalid write of size 1
at 0x4A09361: strncpy (mc_replace_strmem.c:463)
by 0x408977: substr (parsing.c:61)
by 0x4089EF: parse_user (parsing.c:73)
by 0x408D10: cgit_parse_commit (parsing.c:153)
by 0x40A540: cgit_mk_refinfo (shared.c:171)
by 0x40A581: cgit_refs_cb (shared.c:181)
by 0x43DEB3: do_for_each_ref (refs.c:690)
by 0x41075E: cgit_print_branches (ui-refs.c:191)
by 0x416EF2: cgit_print_summary (ui-summary.c:56)
by 0x40780A: summary_fn (cmd.c:120)
by 0x40667A: process_request (cgit.c:544)
by 0x404078: cache_process (cache.c:322)
Address 0x4c718d0 is 0 bytes after a block of size 0 alloc'd
at 0x4A0884D: malloc (vg_replace_malloc.c:263)
by 0x455C85: xmalloc (wrapper.c:35)
by 0x40894C: substr (parsing.c:60)
by 0x4089EF: parse_user (parsing.c:73)
by 0x408D10: cgit_parse_commit (parsing.c:153)
by 0x40A540: cgit_mk_refinfo (shared.c:171)
by 0x40A581: cgit_refs_cb (shared.c:181)
by 0x43DEB3: do_for_each_ref (refs.c:690)
by 0x41075E: cgit_print_branches (ui-refs.c:191)
by 0x416EF2: cgit_print_summary (ui-summary.c:56)
by 0x40780A: summary_fn (cmd.c:120)
by 0x40667A: process_request (cgit.c:544)
Invalid write of size 1
at 0x4A09400: strncpy (mc_replace_strmem.c:463)
by 0x408977: substr (parsing.c:61)
by 0x4089EF: parse_user (parsing.c:73)
by 0x408D10: cgit_parse_commit (parsing.c:153)
by 0x40A540: cgit_mk_refinfo (shared.c:171)
by 0x40A581: cgit_refs_cb (shared.c:181)
by 0x43DEB3: do_for_each_ref (refs.c:690)
by 0x41075E: cgit_print_branches (ui-refs.c:191)
by 0x416EF2: cgit_print_summary (ui-summary.c:56)
by 0x40780A: summary_fn (cmd.c:120)
by 0x40667A: process_request (cgit.c:544)
by 0x404078: cache_process (cache.c:322)
Address 0x4c7192b is not stack'd, malloc'd or (recently) free'd
Invalid write of size 1
at 0x4A0940E: strncpy (mc_replace_strmem.c:463)
by 0x408977: substr (parsing.c:61)
by 0x4089EF: parse_user (parsing.c:73)
by 0x408D10: cgit_parse_commit (parsing.c:153)
by 0x40A540: cgit_mk_refinfo (shared.c:171)
by 0x40A581: cgit_refs_cb (shared.c:181)
by 0x43DEB3: do_for_each_ref (refs.c:690)
by 0x41075E: cgit_print_branches (ui-refs.c:191)
by 0x416EF2: cgit_print_summary (ui-summary.c:56)
by 0x40780A: summary_fn (cmd.c:120)
by 0x40667A: process_request (cgit.c:544)
by 0x404078: cache_process (cache.c:322)
Address 0x4c7192d is not stack'd, malloc'd or (recently) free'd
Process terminating with default action of signal 11 (SIGSEGV)
Access not within mapped region at address 0x502F000
at 0x4A09400: strncpy (mc_replace_strmem.c:463)
by 0x408977: substr (parsing.c:61)
by 0x4089EF: parse_user (parsing.c:73)
by 0x408D10: cgit_parse_commit (parsing.c:153)
by 0x40A540: cgit_mk_refinfo (shared.c:171)
by 0x40A581: cgit_refs_cb (shared.c:181)
by 0x43DEB3: do_for_each_ref (refs.c:690)
by 0x41075E: cgit_print_branches (ui-refs.c:191)
by 0x416EF2: cgit_print_summary (ui-summary.c:56)
by 0x40780A: summary_fn (cmd.c:120)
by 0x40667A: process_request (cgit.c:544)
by 0x404078: cache_process (cache.c:322)
This happens when tail - head == -1 here:
(parsing.c)
char *substr(const char *head, const char *tail)
{
char *buf;
buf = xmalloc(tail - head + 1);
strncpy(buf, head, tail - head);
buf[tail - head] = '\0';
return buf;
}
char *parse_user(char *t, char **name, char **email, unsigned long *date)
{
char *p = t;
int mode = 1;
while (p && *p) {
if (mode == 1 && *p == '<') {
*name = substr(t, p - 1);
t = p;
mode++;
} else if (mode == 1 && *p == '\n') {
The fix is to handle the case of (tail < head) before calling xmalloc,
thus avoiding passing an invalid value to xmalloc.
And here's the reproducer:
It was tricky to reproduce, because git prohibits use of an empty "name"
in a commit ID. To construct the offending commit, I had to resort to
using "git hash-object".
git init -q foo &&
( cd foo &&
echo a > j && git add . && git ci -q --author='au <T at h.or>' -m. . &&
h=$(git cat-file commit HEAD|sed 's/au //' \
|git hash-object -t commit -w --stdin) &&
git co -q -b test $h &&
git br -q -D master &&
git br -q -m test master)
git clone -q --bare foo foo.git
cat <<EOF > in
repo.url=foo.git
repo.path=foo.git
EOF
CGIT_CONFIG=in QUERY_STRING=url=foo.git valgrind ./cgit
The valgrind output is what you see above.
AFAICS, this is not exploitable thanks (ironically) to the use of strncpy.
Since that -1 translates to SIZE_MAX and this is strncpy, not only does it
copy whatever is in "head" (up to first NUL), but it also writes
SIZE_MAX - strlen(head) NUL bytes into the destination buffer, and that
latter is guaranteed to evoke a segfault. Since cgit is single-threaded,
AFAICS, there is no way that the buffer clobbering can be turned into
an exploit.
|
| |
|
|
|
|
|
|
|
|
| |
Since cgit snapshots of tags are often used for releases, we don't
want the rarely used feature of the gzip compressor that includes
an embedded timestamp into the archive, since this makes each tarball
of the same (potentially signed) tag different.
This commit refactors the archive handling code a bit so that each
different format is able to run with an arbitrary argv for the filter.
|
| | |
|
| |
|
|
|
|
| |
Add two options, one for doing the ordinary name sorts in a
case-insensitive manner, and another for choosing to sort repos in each
section by age instead of by name.
|
| |
|
|
|
| |
Use gitweb.category from git config to determine repo's section, if
option is enabled.
|
| |
|
|
|
| |
Use gitweb.description instead of description file to determine
description, if option is enabled.
|
| |
|
|
|
|
|
|
| |
Don't bother with 'body' and 'div#cgit form', since
everything is wrapped in 'div#cgit' already.
Removing these two types makes embedding even easier.
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
For sites that do not want to configure mime types by hand but
still want the correct mime type for 'plain' blobs, configuring
a mime type file is made possible. This is handy since such a
file is normally already provided (at least on Linux systems).
Also, this reflects the gitweb option '$mimetypes_file'
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When looking for the modtime of a repo we used to rely on repo.defbranch
having a value. This is no longer true so this patch provides a default
value when needed.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The resolve_ref() function handles reading of git- and filesystem
symbolic links (including proper whitespace trimming) and packed refs.
There's no point in reimplementing this function in cgit.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
There's no need to invoke guess_defbranch() for each repo during
scan-path, since repo.defbranch is only used when repo content is
being displayed.
Also, some users prefer to register their projects manually in cgitrc
but they got no benefit from the new repo.defbranch handling.
This patch tries to rectify these issues by only invoking guess_defbranch()
when needed, regardless of how the repo was registered.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is a saner alternative than hardcoding the default branch to be
"master". The add_repo() function will now check for a symbolic ref in
repo_path/HEAD. If there is a suitable one, overwrite repo->defbranch
with it. Note that you'll need to strip the newline from the file (->
len-17).
If HEAD is a symbolic link pointing directly to a branch below
refs/heads/, do a readlink() instead to find the ref name.
Signed-off-by: Julius Plenz <plenz@cis.fu-berlin.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| |\ \ \ |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The old default value was an abomination which never should have been
allowed to see the light of day.
This patch removes the default, which is a backwards incompatible change
with low probability of causing anyone any real trouble (a repo with
submodules, displayed by cgit using the default value of `module-link`,
is very unlikely to actually generate working links).
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
In ui-plain.c, the links generated for submodule entry ignored the fact
that the entry was in fact a submodule. This patch adds proper submodule
links to the plain directory listings.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The current 'repo.module-link' option is sufficient when all gitlinks
in a repository can be converted to commit links in a uniform way, but
not when different submodules/paths needs different settings.
This patch adds support for 'repo.module-link.<path>', which will be
used for linking to submodules at paths matching one such entry.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| |\ \ \ \ |
|
| | | | | | |
|
| | | | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
v2: incorporate remarks of Lukas
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
v2: incorporate remarks of Lukas
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
improves readability when embedding into a page that
has the text color set to a different color
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
When embedding cgit in other pages, the logo alignment needs to be
specified to avoid any css rules from the embedding page to make the
page look bad.
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
to facilitate easier embedding
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
|
| |\| | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| |\| | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
ctx.qry.head can be NULL in some cases due to bad requests
by weird bots. I managed to reproduce with:
PATH_INFO=/repo.git/shop.php QUERY_STRING=id=
Signed-off-by: Eric Wong <normalperson@yhbt.net>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
**L would have worked well too. Depending on the distribution sizeof *L
may return 8 instead of 4. **L is preferable, but since we don't expect
this datatype to change very often, sizeof int is less subtle and easier
to understand.
Signed-off-by: Jamie Couture <jamie.couture@gmail.com>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Each individual string may be too long for its respective
dimension of the LCS table.
Signed-off-by: Eric Wong <normalperson@yhbt.net>
|
| |\| | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
When a repository is empty, the ATOM feed link is written in the header,
but this involves formatting ctx->qry.head which is NULL in this case.
With glibc, vsnprintf formats "%s" with a NULL input as "(null)" but on
Solaris this results in a segmentation fault. Since we don't have a
meaningful head for the atom feed in an empty repository, it's simplest
not to write out the link element at all.
Signed-off-by: John Keeping <john@metanate.com>
|
| |\| | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The git tarballs are currently not available from kernel.org, so for now
the makefile will download autogenerated tarballs from cgit.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| | | | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
When side-by-side-diffs=1 was set in cgitrc, specifying 'ss=0' in the
querystring would not set the 'unified' option as active in the dropdown
box used to select diffmode.
|
| |\| | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
When side-by-side-diffs=1 was set in cgitrc, specyfing 'ss=0' in the query-
string would not switch to unified diffs. This patch fixes the issue by
introducing a separate variable to track the occurrence of "ss" in the
querystring.
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
If remote branches are not enabled, the branches are still listed in
the log view. This patch removes them if enable-remote-branches=0.
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
When the repolist is paged, the page-links are missing the sort parameter,
causing the initial page to be custom sorted, but any clicked page will
then be with the default sort order again.
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Printing deferred line changes for files containing long lines would
cause a segfault.
- limit LCS table size: 128x128.
- move LCS table to global context: avoid allocating/freeing memory
for every deferred line change.
Signed-off-by: Jamie Couture <jamie.couture@gmail.com>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Some setenv() implementations (e.g. the one in OpenBSD's stdlib)
segfault if we pass a NULL value. Only set environment variables if the
corresponding settings are defined to avoid this.
Note that this is a minor behaviour change as environment variables were
supposed to be set to an empty string if a setting was undefined. Given
that this feature isn't part of any official release yet, there's no
need to worry about backwards compatibility, really. Change the
documentation accordingly.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This isn't used anywhere and prevents the code from being compiled on
other platforms, such as *BSD.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
| |\| | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The file name displayed in the rename hint should be escaped to avoid
XSS. Note that this vulnerability is only applicable when an attacker
has gained push access to the repository.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The value stored to "t" during its initialization gets overwritten in
any case, so just leave it uninitialized. Spotted by clang-analyzer.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| |\| | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This fixes a segfault for me with with -O2 optimization on x86
with gcc (Debian 4.4.5-8) 4.4.5
I can reliably reproduce it with the following parameters
when pointed to the git.git repository:
PATH_INFO='/git-core.git/diff/'
QUERY_STRING='id=2b93bfac0f5bcabbf60f174f4e7bfa9e318e64d5&id2=d6da71a9d16b8cf27f9d8f90692d3625c849cbc8'
Signed-off-by: Eric Wong <normalperson@yhbt.net>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| |\| | | |
| |_|_|/
|/| | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Some tests would otherwise fail because commands such as
cd trash/repos/foo && git rev-list --reverse HEAD | head -1
would return 2 lines instead of 1: the 'cd' command also
prints the path when CDPATH is set.
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| | |_|/
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The default length for sha1 abbreviations in git is 7.
A '#num' at the beginning of the commit message is now
recognised, a ':#num' as well, etc.: a '#num' anywhere
is now converted to a link.
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| |\| |
| |/
|/| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The current 'Not a git repository' error message is not very helpful,
since it doesn't state the cause of the problem.
This patch uses errno to provide a hint of the underlying problem. It
would have been even better to give the exact cause (e.g. for ENOENT it
would be nice to know which file/directory is missing), but that would
require reimplementing setup_git_directory_gently() which seems a bit
overkill.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| |\| |
|
| | |
| |
| |
| |
| |
| |
| | |
The global module-link option can be overridden per repo, but this has
never been documented.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The current 'clone-prefix' setting has some known issues:
* All repos get the same 'clone-prefix' value since the setting is not
adopted during repo registration (in cgitrc, or during scan-path traversal),
but only when the setting is used.
* The generated clone-urls for a repo is a combination of 'clone-prefix', a
slash and the repo url. This doesn't work well with e.g. ssh-style urls
like 'git@example.org:repo.git', since the inserted slash will make the
repo relative to the filesystem root.
* If 'remove-suffix' is enabled, the generated clone-urls will not work for
cloning (except for http-urls to cgit itself) since they miss the '.git'
suffix.
The new 'clone-url' setting is designed to avoid the mentioned issues:
* Each repo adopts the default 'clone-url' when the repo is defined. This
allows different groups of repos to adopt different values.
* The clone-urls for a repo is generated by expanding environment variables
in a string template without inserting arbitrary characters, hence any
kind of clone-url can be generated.
* Macro expansion also eases the 'remove-suffix' pain since it's now
possible to define e.g. 'clone-url=git://foo.org/$CGIT_REPO_URL.git' for
a set of repos. A furter improvement would be to define e.g.
$CGIT_REPO_SUFFIX to '.git' for all repos which had their url prettified,
or to store the original $CGIT_REPO_URL in e.g. $CGIT_REPO_REAL_URL before
suffix removal.
Reviewed-by: Ferry Huberts <mailings@hupie.com>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When cgit learned to setup environment variables for certain repo
settings before invoking a filter process, the setup occurred inside
cgit_open_filter().
This patch moves the setup out of cgit_open_filter() and into
prepare_repo_cmd() to prepare for additional uses of these variables.
Reviewed-by: Ferry Huberts <mailings@hupie.com>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch makes the generated man-page for the filer api section more
similar to the other sections. Also, the bulleted list of environment
variables wasn't rendered correctly (with asciidoc 8.5.2), without an
empty line before the first item.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| |\|
| |
| |
| |
| | |
Conflicts:
cgitrc.5.txt
|
| | |
| |
| |
| |
| |
| | |
This is a new feature in cgit-0.9 which was formerly undocumented.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| |\| |
|
| | |
| |
| |
| | |
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| |\| |
|
| | |
| |
| |
| | |
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| |\| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch fixes the following issues:
* the base argument usually isn't zero-terminated, so printing base
without considering baselen will usually generate random garbage
* when the current url represents a directory but doesn't end in a slash,
relative urls would be incorrect
* using unescaped paths allows XSS
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| |\| |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
No references are kept to the memory pointed to by the 'rel' variable, so
it should be free()'d before returning from add_repo().
Signed-off-by: Jamie Couture <jamie.couture@gmail.com>
Signed-off-by: Lars Hjemli <larsh@hjemli.net>
|
| |\| |
|
| | |
| |
| |
| |
| |
| |
| | |
The link url wasn't properly escaped, and since the link was identical
to the one used on the commit message it didn't serve any special purpose.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| | |
| |
| |
| |
| |
| | |
Found by http://validator.w3.org.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| |\| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Ampersands ("&") appearing inside HTML attributes need to be translated
to "&". Otherwise, invalid XHTML will be generated at various
places, such as at tree views containing links to submodules.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When no modtime could be determined then as a final
fallback try to get it from the packed-refs.
This will show an idle time when a repository has been packed
with all refs in the packed-refs.
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| |\ \ |
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
This is similar to html_option, but for int values.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| |\ \ \
| | | |
| | | |
| | | |
| | | | |
Conflicts:
cgit.c
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This reintroduces the use of execvp(), since the filter commands doesn't
always contain an absolute path (i.e. snapshot compression filters).
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The environment variables can be used to (for example) resolve
the following situation:
Suppose a server setup in which each repository has a trac
instance; the commit filter needs to know with which
repository it's dealing in order to be able to resolve the
#123 ticket numbers in the commit messages into hyperlinks
into the correct trac instance.
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
To prepare for handing repo configuration to the
filter script that is executed.
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently the number of extra arguments is linked hard to the type of
the filter. This is also logical since it would be confusing to have
a different number of arguments for the same type of filter depending
on the context under which the filter is run (unless ofcourse one the
parameters would make the context clear, which is currently not the
case).
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| |\ \ \
| | |/
| |/| |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In d0cb841 (Avoid trailing slash in virtual-root), virtual-root was set
from script-name using trim_end(). However, if script-name was the
empty string (""), which happens when cgit is used to serve the root
path on a domain (/), trim_end() returns NULL and cgit acts like
virtual-root is not available. Now, set virtual-root to "" in this
case, which fixes this bug.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When git/date.c:parse_date() cannot parse its input it returns -1. But
read_agefile() checks if the result is different from zero, essentialy
returning random data from the date buffer when parsing fails. This
patch fixes the issue by verifying that the result from parse_date()
is positive.
Noticed-by: Julius Plenz <plenz@cis.fu-berlin.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When calling cgit_print_diff() with a bad new_rev and a NULL old_rev,
checking for new_rev's parent commit will result in a null pointer
dereference. Returning on an invalid commit before dereferencing fixes
this. Spotted with clang-analyzer.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Returning "*txt" if "txt" is a null pointer is a bad thing. Spotted with
clang-analyzer.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| | | |
| | |
| | |
| | |
| | | |
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Seen with "-Wunused-but-set-variable".
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| | | |
| | |
| | |
| | |
| | | |
Noticed-by: zhongjj <zhongjj@lemote.com>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
These tests tries to detect bad links in various pages. On the log page,
there currently exists links which are not properly escaped due to the
use of cgit_fileurl() when building the link. For now, this bug is simply
tagged as such.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
This patch makes it possible to add tests for known bugs without aborting
the testrun.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| |\ \ \ |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
We were returning 200 before. Even 404 is questionable in all cases, but
200 was totally wrong. Also match the case of all of the "Not found"
status messsages.
Signed-off-by: Dan McGee <dpmcgee@gmail.com>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
If advertising other URLs to your users, you may not want to make this
available through cgit (e.g. if you have the smart HTTP transport set up
elsewhere). Allow disabling the three magic commands that simulate the
git server, but default it to enabled.
Signed-off-by: Dan McGee <dpmcgee@gmail.com>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This will be used to make these operations configurable via a config
option.
Signed-off-by: Dan McGee <dpmcgee@gmail.com>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| |\ \ \ \
| | |/ /
| |/| | |
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Julius Plenz <plenz@cis.fu-berlin.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
reencode() takes three arguments in the order (txt, from, to), opposed to
reencode_string, which will, like iconv, handle the arguments with from
and to swapped. Fix that (this makes reencode more intuitive).
If src and dst encoding are equivalent, don't do any encoding.
If no special encoding parameter is found within the commit, assume
UTF-8 and explicitly convert to PAGE_ENCODING. The change to reencode()
mentioned above avoids re-encoding a UTF-8 string to UTF-8, for example.
Signed-off-by: Julius Plenz <plenz@cis.fu-berlin.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
You should be able to independently switch file and line count on and
off. This patch makes the code work like the documentation suggests: no
dependency for line counts to be displayed only when file counts are.
Signed-off-by: Julius Plenz <plenz@cis.fu-berlin.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| | | |
| | |
| | |
| | |
| | | |
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| | | |
| | |
| | |
| | |
| | | |
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When tar.xz support was added in 0642435fed (2009-12-08: Add
.tar.xz-snapshot support), cgitrc.5 was not updated to match. This
patch fixes the issue.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| | |/
|/|
| |
| |
| |
| | |
This patch makes cgit properly abort in case the projectsfile cannot
be opened. Without the added return cgit continues using the projects
pointer which is NULL and thus causes a segfault.
|
| | |
| |
| |
| | |
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
When path-filtering was used in commit-view, the path filter was
included without proper html escaping. This patch closes the hole.
Signed-off-by: Lukasz Janyst <ljanyst@cern.ch>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
| |\ \ |
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
