summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-03-29removed http_headers if repos are not presentKatolaZ
2018-08-06merging upstream 1.2.1cgit-70_v0.1.2.1KatolaZ
2018-08-06Merge remote-tracking branch 'upstream/master' into upstreamupstreamKatolaZ
2018-08-06added readme stuffgopherKatolaZ
2018-08-03Bump version.v1.2.1Jason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-08-03clone: fix directory traversalJason A. Donenfeld
This was introduced in the initial version of this code, way back when in 2008. $ curl http://127.0.0.1/cgit/repo/objects/?path=../../../../../../../../../etc/passwd root:x:0:0:root:/root:/bin/sh ... Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Reported-by: Jann Horn <jannh@google.com>
2018-08-03config: record repo.snapshot-prefix in the per-repo configKonstantin Ryabitsev
Even if we find snapshot-prefix in the repo configuration, we are not writing it out into the rc- file, so setting the value does not have any effect. Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-08-03auth-filters: add simple file-based authentication schemeJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-08-02added README_70KatolaZ
2018-08-01fixed dir entries in tree viewKatolaZ
2018-07-31fixed selector for repo pageKatolaZ
2018-07-30fixed wrong link in tree viewKatolaZ
2018-07-30removed patch display from commit pageKatolaZ
2018-07-30towards pager supportKatolaZ
2018-07-30fixed link to full log listKatolaZ
2018-07-30another minor fix in index linkKatolaZ
2018-07-30small change in index linkKatolaZ
2018-07-30also tags workcgit-70_v0.1KatolaZ
2018-07-30fixed repo and summary headerKatolaZ
2018-07-30fixed repolistKatolaZ
2018-07-29added my name to copyright statements -- few tweaksKatolaZ
2018-07-29minor tweaks and removed debug messagesKatolaZ
2018-07-29added comment in NOTE_70KatolaZ
2018-07-29patch and plain diff worksKatolaZ
2018-07-28commit page almost workingKatolaZ
2018-07-28small change to mk macrosKatolaZ
2018-07-28log added (still incomplete)KatolaZ
2018-07-28tree and file presentationKatolaZ
2018-07-27repolist working -- towards a proper summaryKatolaZ
2018-07-26first commit on cgit_70 -- repolist, summaryKatolaZ
2018-07-17config: record repo.snapshot-prefix in the per-repo configKonstantin Ryabitsev
Even if we find snapshot-prefix in the repo configuration, we are not writing it out into the rc- file, so setting the value does not have any effect. Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-07-15auth-filters: use crypt() in simple-authenticationJason A. Donenfeld
There's no use in giving a silly example to folks who will just copy it, so instead try to do something slightly better. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-15auth-filters: generate secret securelyJason A. Donenfeld
This is much better than having the user generate it themselves. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-14auth-filters: do not crash on nil usernameJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-14auth-filter: do not write more than we've readJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-14auth-filters: do not use HMAC-SHA1Jason A. Donenfeld
Though SHA1 is broken, HMAC-SHA1 is still fine. But let's not push our luck; SHA256 is more sensible anyway. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-13Bump version.v1.2Jason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-10Update COPYINGTodd Zullinger
The address of the Free Software Foundation has changed since the license was added in 7640d90 ("Add license file and copyright notices", 2006-12-10). Update the license file from gnu.org¹. The only non-whitespace changes are the updated FSF address and two references to the L in LGPL changed from Library to Lesser. ¹ https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt Signed-off-by: Todd Zullinger <tmz@pobox.com>
2018-07-08css: use correct size in annotated decorationJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-05cgitrc.5: add local tar signature exampleJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-04Fix gcc 8.1.1 compiler warningsJason A. Donenfeld
CC ../shared.o ../shared.c: In function ‘expand_macro’: ../shared.c:487:3: warning: ‘strncpy’ specified bound depends on the length of the source argument [-Wstringop-overflow=] strncpy(name, value, len); ^~~~~~~~~~~~~~~~~~~~~~~~~ ../shared.c:484:9: note: length computed here len = strlen(value); ^~~~~~~~~~~~~ ../ui-shared.c: In function ‘cgit_repobasename’: ../ui-shared.c:136:2: warning: ‘strncpy’ specified bound 1024 equals destination size [-Wstringop-truncation] strncpy(rvbuf, reponame, sizeof(rvbuf)); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CC ../ui-ssdiff.o ../ui-ssdiff.c: In function ‘replace_tabs’: ../ui-ssdiff.c:142:4: warning: ‘strncat’ output truncated copying between 1 and 8 bytes from a string of length 8 [-Wstringop-truncation] strncat(result, spaces, 8 - (strlen(result) % 8)); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-03cgitrc.5: document new signature notesJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-03snapshot: support tar signature for compressed tarChristian Hesse
This adds support for kernel.org style signatures where the uncompressed tar archive is signed and compressed later. The signature is valid for all tar* snapshots. We have a filter which snapshots may be generated and downloaded. This has to allow tar signatures now even if tar itself is not allowed. To simplify things we allow all signatures. Signed-off-by: Christian Hesse <mail@eworm.de>
2018-07-03extra-head-content: introduce another option for meta tagsJason A. Donenfeld
This is to support things like go-import meta tags, which are on a per-repo basis. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-06-27Use string list strdup_strings for mimetypesJohn Keeping
There's no need to do this manually with the string list API will do it for us. Signed-off-by: John Keeping <john@keeping.me.uk>
2018-06-27manpage: fix sorting orderAndy Green
You maybe didn't know you had OCD until you saw an alpha sorted list that has stuff out of order in it. Signed-off-by: Andy Green <andy@warmcat.com> Reviewed-by: John Keeping <john@keeping.me.uk>
2018-06-27cache: close race window when unlocking slotsJohn Keeping
We use POSIX advisory record locks to control access to cache slots, but these have an unhelpful behaviour in that they are released when any file descriptor referencing the file is closed by this process. Mostly this is okay, since we know we won't be opening the lock file anywhere else, but there is one place that it does matter: when we restore stdout we dup2() over a file descriptor referring to the file, thus closing that descriptor. Since we restore stdout before unlocking the slot, this creates a window during which the slot content can be overwritten. The fix is reasonably straightforward: simply restore stdout after unlocking the slot, but the diff is a bit bigger because this requires us to move the temporary stdout FD into struct cache_slot. Signed-off-by: John Keeping <john@keeping.me.uk> Reviewed-by: Christian Hesse <mail@eworm.de>
2018-06-27git: update to v2.18.0Christian Hesse
Update to git version v2.18.0. Required changes follow upstream commits: * Convert find_unique_abbrev* to struct object_id (aab9583f7b5ea5463eb3f653a0b4ecac7539dc94) * sha1_file: convert read_sha1_file to struct object_id (b4f5aca40e6f77cbabcbf4ff003c3cf30a1830c8) * sha1_file: convert sha1_object_info* to object_id (abef9020e3df87c441c9a3a95f592fce5fa49bb9) * object-store: move packed_git and packed_git_mru to object store (a80d72db2a73174b3f22142eb2014b33696fd795) * treewide: rename tree to maybe_tree (891435d55da80ca3654b19834481205be6bdfe33) The changed data types required some of our own functions to be converted to struct object_id: ls_item print_dir print_dir_entry print_object single_tree_cb walk_tree write_tree_link And finally we use new upstream functions that were added for struct object_id: hashcpy -> oidcpy sha1_to_hex -> oid_to_hex Signed-off-by: Christian Hesse <mail@eworm.de> Reviewed-by: John Keeping <john@keeping.me.uk>
2018-06-27global: remove functionality we deprecated for cgit v1.0Christian Hesse
The man page states these were deprecated for v1.0. We are past v1.1, so remove the functionality. Signed-off-by: Christian Hesse <mail@eworm.de> Reviewed-by: John Keeping <john@keeping.me.uk>
2018-06-27snapshot: strip bit from struct cgit_snapshot_formatChristian Hesse
We had a static bit value in struct cgit_snapshot_format. We do not rely on it and things can be calculated on the fly. So strip it. Signed-off-by: Christian Hesse <mail@eworm.de>