summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2018-09-11ui-shared: ban strcat()Christian Hesse
Git upstream bans strcat() with commit: banned.h: mark strcat() as banned 1b11b64b815db62f93a04242e4aed5687a448748 To avoid compiler warnings from gcc 8.1.x we get the hard way. Signed-off-by: Christian Hesse <mail@eworm.de>
2018-09-11ui-patch: ban sprintf()Christian Hesse
Git upstream bans sprintf() with commit: banned.h: mark sprintf() as banned cc8fdaee1eeaf05d8dd55ff11f111b815f673c58 Signed-off-by: Christian Hesse <mail@eworm.de>
2018-09-11ui-log: ban strncpy()Christian Hesse
Git upstream bans strncpy() with commit: banned.h: mark strncpy() as banned e488b7aba743d23b830d239dcc33d9ca0745a9ad Signed-off-by: Christian Hesse <mail@eworm.de>
2018-09-11ui-log: ban strcpy()Christian Hesse
Git upstream bans strcpy() with commit: automatically ban strcpy() c8af66ab8ad7cd78557f0f9f5ef6a52fd46ee6dd Signed-off-by: Christian Hesse <mail@eworm.de>
2018-09-11parsing: ban sprintf()Christian Hesse
Git upstream bans sprintf() with commit: banned.h: mark sprintf() as banned cc8fdaee1eeaf05d8dd55ff11f111b815f673c58 Signed-off-by: Christian Hesse <mail@eworm.de>
2018-09-11parsing: ban strncpy()Christian Hesse
Git upstream bans strncpy() with commit: banned.h: mark strncpy() as banned e488b7aba743d23b830d239dcc33d9ca0745a9ad Signed-off-by: Christian Hesse <mail@eworm.de>
2018-08-28filters: generate anchor links from markdownChristian Hesse
This makes the markdown filter generate anchor links for headings. Signed-off-by: Christian Hesse <mail@eworm.de> Tested-by: jean-christophe manciot <actionmystique@gmail.com>
2018-08-03Bump version.Jason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-08-03clone: fix directory traversalJason A. Donenfeld
This was introduced in the initial version of this code, way back when in 2008. $ curl http://127.0.0.1/cgit/repo/objects/?path=../../../../../../../../../etc/passwd root:x:0:0:root:/root:/bin/sh ... Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Reported-by: Jann Horn <jannh@google.com>
2018-08-03config: record repo.snapshot-prefix in the per-repo configKonstantin Ryabitsev
Even if we find snapshot-prefix in the repo configuration, we are not writing it out into the rc- file, so setting the value does not have any effect. Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-08-03auth-filters: add simple file-based authentication schemeJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-15auth-filters: use crypt() in simple-authenticationJason A. Donenfeld
There's no use in giving a silly example to folks who will just copy it, so instead try to do something slightly better. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-15auth-filters: generate secret securelyJason A. Donenfeld
This is much better than having the user generate it themselves. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-14auth-filters: do not crash on nil usernameJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-14auth-filter: do not write more than we've readJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-14auth-filters: do not use HMAC-SHA1Jason A. Donenfeld
Though SHA1 is broken, HMAC-SHA1 is still fine. But let's not push our luck; SHA256 is more sensible anyway. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-13Bump version.Jason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-10Update COPYINGTodd Zullinger
The address of the Free Software Foundation has changed since the license was added in 7640d90 ("Add license file and copyright notices", 2006-12-10). Update the license file from gnu.org¹. The only non-whitespace changes are the updated FSF address and two references to the L in LGPL changed from Library to Lesser. ¹ https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt Signed-off-by: Todd Zullinger <tmz@pobox.com>
2018-07-08css: use correct size in annotated decorationJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-05cgitrc.5: add local tar signature exampleJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-04Fix gcc 8.1.1 compiler warningsJason A. Donenfeld
CC ../shared.o ../shared.c: In function ‘expand_macro’: ../shared.c:487:3: warning: ‘strncpy’ specified bound depends on the length of the source argument [-Wstringop-overflow=] strncpy(name, value, len); ^~~~~~~~~~~~~~~~~~~~~~~~~ ../shared.c:484:9: note: length computed here len = strlen(value); ^~~~~~~~~~~~~ ../ui-shared.c: In function ‘cgit_repobasename’: ../ui-shared.c:136:2: warning: ‘strncpy’ specified bound 1024 equals destination size [-Wstringop-truncation] strncpy(rvbuf, reponame, sizeof(rvbuf)); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CC ../ui-ssdiff.o ../ui-ssdiff.c: In function ‘replace_tabs’: ../ui-ssdiff.c:142:4: warning: ‘strncat’ output truncated copying between 1 and 8 bytes from a string of length 8 [-Wstringop-truncation] strncat(result, spaces, 8 - (strlen(result) % 8)); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-03cgitrc.5: document new signature notesJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-03snapshot: support tar signature for compressed tarChristian Hesse
This adds support for kernel.org style signatures where the uncompressed tar archive is signed and compressed later. The signature is valid for all tar* snapshots. We have a filter which snapshots may be generated and downloaded. This has to allow tar signatures now even if tar itself is not allowed. To simplify things we allow all signatures. Signed-off-by: Christian Hesse <mail@eworm.de>
2018-07-03extra-head-content: introduce another option for meta tagsJason A. Donenfeld
This is to support things like go-import meta tags, which are on a per-repo basis. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-06-27Use string list strdup_strings for mimetypesJohn Keeping
There's no need to do this manually with the string list API will do it for us. Signed-off-by: John Keeping <john@keeping.me.uk>
2018-06-27manpage: fix sorting orderAndy Green
You maybe didn't know you had OCD until you saw an alpha sorted list that has stuff out of order in it. Signed-off-by: Andy Green <andy@warmcat.com> Reviewed-by: John Keeping <john@keeping.me.uk>
2018-06-27cache: close race window when unlocking slotsJohn Keeping
We use POSIX advisory record locks to control access to cache slots, but these have an unhelpful behaviour in that they are released when any file descriptor referencing the file is closed by this process. Mostly this is okay, since we know we won't be opening the lock file anywhere else, but there is one place that it does matter: when we restore stdout we dup2() over a file descriptor referring to the file, thus closing that descriptor. Since we restore stdout before unlocking the slot, this creates a window during which the slot content can be overwritten. The fix is reasonably straightforward: simply restore stdout after unlocking the slot, but the diff is a bit bigger because this requires us to move the temporary stdout FD into struct cache_slot. Signed-off-by: John Keeping <john@keeping.me.uk> Reviewed-by: Christian Hesse <mail@eworm.de>
2018-06-27git: update to v2.18.0Christian Hesse
Update to git version v2.18.0. Required changes follow upstream commits: * Convert find_unique_abbrev* to struct object_id (aab9583f7b5ea5463eb3f653a0b4ecac7539dc94) * sha1_file: convert read_sha1_file to struct object_id (b4f5aca40e6f77cbabcbf4ff003c3cf30a1830c8) * sha1_file: convert sha1_object_info* to object_id (abef9020e3df87c441c9a3a95f592fce5fa49bb9) * object-store: move packed_git and packed_git_mru to object store (a80d72db2a73174b3f22142eb2014b33696fd795) * treewide: rename tree to maybe_tree (891435d55da80ca3654b19834481205be6bdfe33) The changed data types required some of our own functions to be converted to struct object_id: ls_item print_dir print_dir_entry print_object single_tree_cb walk_tree write_tree_link And finally we use new upstream functions that were added for struct object_id: hashcpy -> oidcpy sha1_to_hex -> oid_to_hex Signed-off-by: Christian Hesse <mail@eworm.de> Reviewed-by: John Keeping <john@keeping.me.uk>
2018-06-27global: remove functionality we deprecated for cgit v1.0Christian Hesse
The man page states these were deprecated for v1.0. We are past v1.1, so remove the functionality. Signed-off-by: Christian Hesse <mail@eworm.de> Reviewed-by: John Keeping <john@keeping.me.uk>
2018-06-27snapshot: strip bit from struct cgit_snapshot_formatChristian Hesse
We had a static bit value in struct cgit_snapshot_format. We do not rely on it and things can be calculated on the fly. So strip it. Signed-off-by: Christian Hesse <mail@eworm.de>
2018-06-27snapshot: support special value 'all' to enable all formatsChristian Hesse
Signed-off-by: Christian Hesse <mail@eworm.de> Reviewed-by: John Keeping <john@keeping.me.uk>
2018-06-27snapshot: support archive signaturesJohn Keeping
Read signatures from the notes refs refs/notes/signatures/$FORMAT where FORMAT is one of our archive formats ("tar", "tar.gz", ...). The note is expected to simply contain the signature content to be returned when the snapshot "${filename}.asc" is requested, so the signature for cgit-1.1.tar.xz can be stored against the v1.1 tag with: git notes --ref=refs/notes/signatures/tar.xz add -C "$( gpg --output - --armor --detach-sign cgit-1.1.tar.xz | git hash-object -w --stdin )" v1.1 and then downloaded by simply appending ".asc" to the archive URL. Signed-off-by: John Keeping <john@keeping.me.uk> Reviewed-by: Christian Hesse <mail@eworm.de>
2018-06-27ui-refs: use shared function to print tag downloadsJohn Keeping
cgit_compose_snapshot_prefix() is identical to print_tag_downloads(), so remove the latter and use the function from ui-shared.c instead. Signed-off-by: John Keeping <john@keeping.me.uk> Reviewed-by: Christian Hesse <mail@eworm.de>
2018-06-27ui-shared: pass separator in to cgit_print_snapshot_links()John Keeping
cgit_print_snapshot_links() is almost identical to print_tag_downloads(), so let's extract the difference to a parameter in preparation for removing print_tag_downloads() in the next commit. Signed-off-by: John Keeping <john@keeping.me.uk> Reviewed-by: Christian Hesse <mail@eworm.de>
2018-06-27ui-shared: use the same snapshot logic as ui-refsJohn Keeping
Make snapshot links in the commit UI use the same prefix algorithm as those in the summary UI, so that refs starting with the snapshot prefix are used as-is rather than composed with the prefix repeated. Signed-off-by: John Keeping <john@keeping.me.uk> Reviewed-by: Christian Hesse <mail@eworm.de>
2018-06-27ui-shared: rename parameter to cgit_print_snapshot_links()John Keeping
This is expected to be a ref not a hex object ID, so name it more appropriately. Signed-off-by: John Keeping <john@keeping.me.uk> Reviewed-by: Christian Hesse <mail@eworm.de>
2018-06-27ui-shared: remove unused parameterJohn Keeping
The "head" parameter to cgit_print_snapshot_links() is never used, so remove it. Signed-off-by: John Keeping <john@keeping.me.uk> Reviewed-by: Christian Hesse <mail@eworm.de>
2018-06-27ui-refs: remove unnecessary sanity checkJohn Keeping
There is no way for refinfo::refname to be null, and Git will prevent zero-length refs so this check is unnecessary. Signed-off-by: John Keeping <john@keeping.me.uk> Reviewed-by: Christian Hesse <mail@eworm.de>
2018-06-27ui-snapshot: filter permitted snapshot requestsJohn Keeping
Currently the snapshots configuration option only filters which links are displayed, not which snapshots may be generated and downloaded. Apply the filter also to requests to ensure that the system policy is enforced. Signed-off-by: John Keeping <john@keeping.me.uk> Reviewed-by: Christian Hesse <mail@eworm.de>
2018-06-27Add "snapshot-prefix" repo configurationJohn Keeping
Allow using a user-specified value for the prefix in snapshot files instead of the repository basename. For example, files downloaded from the linux-stable.git repository should be named linux-$VERSION and not linux-stable-$VERSION, which can be achieved by setting: repo.snapshot-prefix=linux Signed-off-by: John Keeping <john@keeping.me.uk> Reviewed-by: Christian Hesse <mail@eworm.de>
2018-06-27ui-snapshot: pass repo into get_ref_from_filename()John Keeping
Prepare to allow a custom snapshot prefix. Signed-off-by: John Keeping <john@keeping.me.uk> Reviewed-by: Christian Hesse <mail@eworm.de>
2018-06-27ui-shared: pass repo object to print_snapshot_links()John Keeping
Both call sites of cgit_print_snapshot_links() use the same values for the snapshot mask and repository name, which are derived from the cgit_repo structure so let's pass in the structure and access the fields directly. Signed-off-by: John Keeping <john@keeping.me.uk> Reviewed-by: Christian Hesse <mail@eworm.de>
2018-06-27ui-log: highlight annotated tags in different colorChristian Hesse
Annotated tags have some extra information... Descriptive text or signature. Highlighting annotated tags in a different color show what tag may be worth clicking for extra information. Signed-off-by: Christian Hesse <mail@eworm.de> Reviewed-by: John Keeping <john@keeping.me.uk>
2018-06-27print git version string in footerChristian Hesse
This helps tracking what git version cgit uses. The security implications are low as anybody can look up the version of our submodule anyway. The paranoid can use a custom footer. :-p On the other hand this brings potential security issues to the administrators eyes... Signed-off-by: Christian Hesse <mail@eworm.de>
2018-06-27git: update to v2.17.1Christian Hesse
Update to git version v2.17.1. Required changes: * The function 'typename' has been renamed to 'type_name' (upstream commit debca9d2fe784193dc2d9f98b5edac605ddfefbb) Signed-off-by: Christian Hesse <mail@eworm.de>
2018-06-19ui-blame: free read_sha1_file() buffer after useAndy Green
Signed-off-by: Andy Green <andy@warmcat.com> Signed-off-by: John Keeping <john@keeping.me.uk>
2018-06-16ui-tag: Fix inconsistent capitalizationJon DeVree
Way back in 2009 all of these were lower cased except this one occurrence. Signed-off-by: Jon DeVree <nuxi@vault24.org> Signed-off-by: John Keeping <john@keeping.me.uk>
2018-06-16ui-tree: free read_sha1_file() buffer after useAndy Green
Free up the buffer allocated in read_sha1_file() Signed-off-by: Andy Green <andy@warmcat.com> Signed-off-by: John Keeping <john@keeping.me.uk>
2018-06-16Makefile: drive asciidoc directly for HTML outputJohn Keeping
This is mostly taken from Git's doc/Makefile, although simplified for our use. The output now uses Asciidoc's default CSS which I think looks a bit nicer than the Docbook formatting; as a result of this we no longer need our custom .css file. A side effect of this change is that temporary files generated from the HTML output no longer conflict with the manpage output format (because any temporary HTML output files use names derived from the output filename which includes .html). Signed-off-by: John Keeping <john@keeping.me.uk>
2018-02-21doc: use consistent id's when generating html filesTodd Zullinger
The html documentation is generated using a2x which calls docbook tools to do the work. The generate.consistent.ids parameter ensures that when the docbook stylesheet assigns an id value to an output element it is consistent as long as the document structure has not changed. Having consistent html files reduces frivolous changes between builds. Distributions can more easily deploy multiple architecture builds and compare changes between package versions. End-users avoid needless changes in files deployed or backed up. The generate.consistent.ids parameter was added in docbook-xsl-1.77.0. Older versions gracefully ignore the parameter, so we can pass the parameter unconditionally. Most distributions contain docbook-xsl newer than 1.77.0. This includes Fedora, Debian, Ubuntu, and RHEL/CentOS 7. RHEL/CentOS 6 and Debian Wheezy (old stable) ship with an older version, unsurprisingly. Signed-off-by: Todd Zullinger <tmz@pobox.com>