Andy Green [Mon, 18 Jun 2018 06:25:59 +0000 (14:25 +0800)]
render: adapt for providing extra filter args for plain
This changes the render filter exec part to provide a second
and third argument, which are used by md2html to fix up the url
path for "plain" for the repo, eg, "/cgit/plain/" and
"?h=mybranch", as required by the modifications to md2html in
the previous patches.
The combination means cgit becomes able to serve assets using
markdown urls starting from the repo root dir, without mentioning
any virtual url part specific to a cgit or other web rendering
instance, while respecting the version context.
Eg, continuing the example of the arguments being
"/cgit/plain/" and "?h=mybranch" from above, if the markdown has
the img src will be fixed up to
"/cgit/plain/doc-assets/overview.png?h=mybranch"
If the same document is viewed from a different rev in cgit, the
processed markdown url will change to match the cgit context, even
though the markdown relative URL is the same for all versions.
Signed-off-by: Andy Green <andy@warmcat.com> Reviewed-by: John Keeping <john@keeping.me.uk>
Andy Green [Tue, 19 Jun 2018 02:32:25 +0000 (10:32 +0800)]
ui-shared: add helper for generating non-urlencoded links
We are going to have to produce plain links in the next patch.
But depending on config, the links are not simple.
Reproduce the logic in repolink() to generate correctly-
formatted links in a strbuf, without urlencoding, in a reusable
helper cgit_repo_create_url().
Andy Green [Mon, 18 Jun 2018 06:25:11 +0000 (14:25 +0800)]
ui-tree: render any matching README file in tree view
While listing the items in tree view, if we spot a filename
matching any inline-readme entries from the config file,
we stash the first one into walk_tree_context.
After the tree view has been shown, if there is a stashed
inline-readme we render it inline.
Signed-off-by: Andy Green <andy@warmcat.com> Reviewed-by: John Keeping <john@keeping.me.uk>
Andy Green [Mon, 18 Jun 2018 06:24:57 +0000 (14:24 +0800)]
config: add repo inline-readme list
This allows the user to choose to override any global
inline-readme list for a specific repo, using the
same kind of semantics as the other repo overrides.
Signed-off-by: Andy Green <andy@warmcat.com> Reviewed-by: John Keeping <john@keeping.me.uk>
John Keeping [Mon, 18 Jun 2018 06:22:02 +0000 (14:22 +0800)]
Add source page
We are about to introduce rendering of content for the tree view. This
source page will allow bypassing the renderer and accessing the content
of the current tree view.
Andy Green [Tue, 26 Jun 2018 10:57:21 +0000 (18:57 +0800)]
cgit_repobasename: convert to allocated result
cgit_repobasename has one user also in ui-shared.c. Make it static
and remove the declaration from cgit.h.
Instead of the gnarly return pointer to now deallocated stack,
compute the valid part of the string using the incoming pointer,
then just allocate the right amount and copy it in. Drop the
const on the return type now it's allocated.
Cover the fact the input may be garbage by returning NULL if so.
Comment the function at the start that the result may be NULL or
must be freed now.
Convert the only user, cgit_snapshot_prefix(), to the same return
convention and also comment him at the start that the result may
be NULL or must be freed. Also change the return type to char *.
Convert his only users, get_ref_from_filename() and
cgit_print_snapshot()in ui-snapshot.c, to deal with the new
result convention. cgit_print_snapshot() already did an
xstrdup() on him anyway, just remove it and check for NULL.
The reason triggering all this was
../ui-shared.c: In function ‘cgit_repobasename’:
../ui-shared.c:135:2: warning: ‘strncpy’ specified bound 1024 equals destination size [-Wstringop-truncation]
strncpy(rvbuf, reponame, sizeof(rvbuf));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Andy Green [Tue, 26 Jun 2018 10:29:56 +0000 (18:29 +0800)]
gcc8.1: fix strncpy bounds warnings
These warnings are coming on default Fedora 28 build and probably others using gcc 8.1
../shared.c: In function ‘expand_macro’:
../shared.c:483:3: warning: ‘strncpy’ specified bound depends on the length of the source argument [-Wstringop-overflow=]
strncpy(name, value, len);
^~~~~~~~~~~~~~~~~~~~~~~~~
../shared.c:480:9: note: length computed here
len = strlen(value);
^~~~~~~~~~~~~
strncpy with a computed length via strlen is usually
not the right thing.
John Keeping [Wed, 20 Jun 2018 05:29:14 +0000 (07:29 +0200)]
cache: close race window when unlocking slots
We use POSIX advisory record locks to control access to cache slots, but
these have an unhelpful behaviour in that they are released when any
file descriptor referencing the file is closed by this process.
Mostly this is okay, since we know we won't be opening the lock file
anywhere else, but there is one place that it does matter: when we
restore stdout we dup2() over a file descriptor referring to the file,
thus closing that descriptor.
Since we restore stdout before unlocking the slot, this creates a window
during which the slot content can be overwritten. The fix is reasonably
straightforward: simply restore stdout after unlocking the slot, but the
diff is a bit bigger because this requires us to move the temporary
stdout FD into struct cache_slot.
Signed-off-by: John Keeping <john@keeping.me.uk> Reviewed-by: Christian Hesse <mail@eworm.de>
John Keeping [Sat, 31 Mar 2018 15:15:48 +0000 (16:15 +0100)]
snapshot: support archive signatures
Read signatures from the notes refs refs/notes/signatures/$FORMAT where
FORMAT is one of our archive formats ("tar", "tar.gz", ...). The note
is expected to simply contain the signature content to be returned when
the snapshot "${filename}.asc" is requested, so the signature for
cgit-1.1.tar.xz can be stored against the v1.1 tag with:
John Keeping [Sat, 31 Mar 2018 14:08:59 +0000 (15:08 +0100)]
ui-shared: pass separator in to cgit_print_snapshot_links()
cgit_print_snapshot_links() is almost identical to
print_tag_downloads(), so let's extract the difference to a parameter in
preparation for removing print_tag_downloads() in the next commit.
Signed-off-by: John Keeping <john@keeping.me.uk> Reviewed-by: Christian Hesse <mail@eworm.de>
John Keeping [Sat, 31 Mar 2018 14:06:01 +0000 (15:06 +0100)]
ui-shared: use the same snapshot logic as ui-refs
Make snapshot links in the commit UI use the same prefix algorithm as
those in the summary UI, so that refs starting with the snapshot prefix
are used as-is rather than composed with the prefix repeated.
Signed-off-by: John Keeping <john@keeping.me.uk> Reviewed-by: Christian Hesse <mail@eworm.de>
John Keeping [Sat, 31 Mar 2018 14:19:52 +0000 (15:19 +0100)]
ui-snapshot: filter permitted snapshot requests
Currently the snapshots configuration option only filters which links
are displayed, not which snapshots may be generated and downloaded.
Apply the filter also to requests to ensure that the system policy is
enforced.
Signed-off-by: John Keeping <john@keeping.me.uk> Reviewed-by: Christian Hesse <mail@eworm.de>
John Keeping [Sat, 31 Mar 2018 13:20:01 +0000 (14:20 +0100)]
Add "snapshot-prefix" repo configuration
Allow using a user-specified value for the prefix in snapshot files
instead of the repository basename. For example, files downloaded from
the linux-stable.git repository should be named linux-$VERSION and not
linux-stable-$VERSION, which can be achieved by setting:
repo.snapshot-prefix=linux
Signed-off-by: John Keeping <john@keeping.me.uk> Reviewed-by: Christian Hesse <mail@eworm.de>
John Keeping [Sat, 31 Mar 2018 13:05:02 +0000 (14:05 +0100)]
ui-shared: pass repo object to print_snapshot_links()
Both call sites of cgit_print_snapshot_links() use the same values for
the snapshot mask and repository name, which are derived from the
cgit_repo structure so let's pass in the structure and access the fields
directly.
Signed-off-by: John Keeping <john@keeping.me.uk> Reviewed-by: Christian Hesse <mail@eworm.de>
Christian Hesse [Tue, 5 Jun 2018 10:46:13 +0000 (12:46 +0200)]
ui-log: highlight annotated tags in different color
Annotated tags have some extra information... Descriptive text or signature.
Highlighting annotated tags in a different color show what tag may be worth
clicking for extra information.
Signed-off-by: Christian Hesse <mail@eworm.de> Reviewed-by: John Keeping <john@keeping.me.uk>
Christian Hesse [Mon, 4 Jun 2018 20:27:46 +0000 (22:27 +0200)]
print git version string in footer
This helps tracking what git version cgit uses. The security implications are
low as anybody can look up the version of our submodule anyway. The paranoid
can use a custom footer. :-p
On the other hand this brings potential security issues to the
administrators eyes...
John Keeping [Sat, 16 Jun 2018 12:11:09 +0000 (13:11 +0100)]
Makefile: drive asciidoc directly for HTML output
This is mostly taken from Git's doc/Makefile, although simplified for
our use. The output now uses Asciidoc's default CSS which I think looks
a bit nicer than the Docbook formatting; as a result of this we no
longer need our custom .css file.
A side effect of this change is that temporary files generated from the
HTML output no longer conflict with the manpage output format (because
any temporary HTML output files use names derived from the output
filename which includes .html).
Todd Zullinger [Wed, 21 Feb 2018 01:36:03 +0000 (20:36 -0500)]
doc: use consistent id's when generating html files
The html documentation is generated using a2x which calls docbook tools
to do the work. The generate.consistent.ids parameter ensures that when
the docbook stylesheet assigns an id value to an output element it is
consistent as long as the document structure has not changed.
Having consistent html files reduces frivolous changes between builds.
Distributions can more easily deploy multiple architecture builds and
compare changes between package versions. End-users avoid needless
changes in files deployed or backed up.
The generate.consistent.ids parameter was added in docbook-xsl-1.77.0.
Older versions gracefully ignore the parameter, so we can pass the
parameter unconditionally. Most distributions contain docbook-xsl newer
than 1.77.0. This includes Fedora, Debian, Ubuntu, and RHEL/CentOS 7.
RHEL/CentOS 6 and Debian Wheezy (old stable) ship with an older version,
unsurprisingly.
Jeff Smith [Sun, 29 Oct 2017 02:43:26 +0000 (21:43 -0500)]
ui-blame: Allow syntax highlighting
Place file contents into a single block so that syntax highlighting can
be applied in the usual fashion. Place the alternating color bars
behind the file contents. Force the default syntax highlighting
background to transparent.
Signed-off-by: Jeff Smith <whydoubt@gmail.com> Reviewed-by: John Keeping <john@keeping.me.uk>
John Keeping [Sat, 14 Oct 2017 12:02:53 +0000 (13:02 +0100)]
parsing: don't clear existing state with empty input
Since commit c699866 (parsing: clear query path before starting,
2017-02-19), we clear the "page" variable simply by calling
cgit_parse_url() even if the URL is empty. This breaks a URL like:
.../cgit?p=about
which is generated when using the "root-readme" configuration option.
This happens because "page" is set to "about" when parsing the query
string before we handle the path (which is empty, but non-null).
It turns out that this is not the only case which is broken, but
specifying repository and page via query options has been broken since
before the commit mentioned above, for example:
.../cgit?r=git&p=log
Fix both of these by allowing the previous state to persist if PATH_INFO
is empty, falling back to the query parameters if no path has been
requested.
Reported-by: Tom Ryder <tom@sanctum.geek.nz> Signed-off-by: John Keeping <john@keeping.me.uk>
Jeff Smith [Mon, 2 Oct 2017 04:39:07 +0000 (23:39 -0500)]
ui-shared: make a char* parameter const
All cgit_xxx_link functions take const char* for the 'name' parameter,
except for cgit_commit_link, which takes a char* and subsequently
modifies the contents. Avoiding the content changes, and making it
const char* will avoid the need to make copies of const char* strings
being passed to cgit_commit_link.
Signed-off-by: Jeff Smith <whydoubt@gmail.com> Reviewed-by: John Keeping <john@keeping.me.uk>
Jeff Smith [Mon, 2 Oct 2017 04:39:05 +0000 (23:39 -0500)]
html: html_ntxt with no ellipsis
For implementing a ui-blame page, there is need for a function that
outputs a selection from a block of text, transformed for HTML output,
but with no further modifications or additions.
Signed-off-by: Jeff Smith <whydoubt@gmail.com> Reviewed-by: John Keeping <john@keeping.me.uk>
John Keeping [Mon, 24 Apr 2017 18:38:34 +0000 (19:38 +0100)]
cache: flush stdio before restoring FDs
As described in commit 2efb59e (ui-patch: Flush stdout after outputting
data, 2014-06-11), we need to ensure that stdout is flushed before
restoring the file descriptor when writing to the cache. It turns out
that it's not just ui-patch that is affected by this but also raw diff
which writes to stdout internally.
Let's avoid risking more places doing this by ensuring that stdout is
flushed after writing in fill_slot().
Daniel M. Weeks [Wed, 20 Sep 2017 15:17:29 +0000 (11:17 -0400)]
Use https for submodule
The git protocol provides no transport security. https does provide
transport security and should be preferred by default. https is also
more likely than git to be permitted by firewalls in restricted
environments.
John Keeping [Mon, 6 Mar 2017 23:27:23 +0000 (23:27 +0000)]
ui-plain: print symlink content
We currently ignore symlinks in ui-plain, leading to a 404. In ui-tree
we print the content of the blob (that is, the path to the target of the
link), so it makes sense to do the same here.
John Keeping [Sun, 19 Feb 2017 12:02:37 +0000 (12:02 +0000)]
cgit: don't set vpath unless repo is set
After the previous two patches, this can be classified as a tidy up
rather than a bug fix, but I think it makes sense to group all of the
tests together before setting up the environment for the command to
execute.
John Keeping [Sun, 19 Feb 2017 12:17:05 +0000 (12:17 +0000)]
parsing: clear query path before starting
By specifying the "url" query parameter multiple times it is possible to
end up with ctx.qry.vpath set while ctx.repo is null, which triggers an
invalid code path from cgit_print_pageheader() while printing path
crumbs, resulting in a null dereference.
The previous patch fixed this segfault, but it makes no sense for us to
clear ctx.repo while leaving ctx.qry.path set to the previous value, so
let's just clear it here so that the last "url" parameter given takes
full effect rather than partially overriding the effect of the previous
value.
John Keeping [Sun, 19 Feb 2017 12:27:48 +0000 (12:27 +0000)]
ui-shared: don't print path crumbs without a repo
cgit_print_path_crumbs() can call repolink() which assumes that ctx.repo
is non-null. Currently we don't have any commands that set want_vpath
without also setting want_repo so it shouldn't be possible to fail this
test, but the check in cgit.c is in the wrong order so it is possible to
specify a query string like "?p=log&path=foo/bar" to end up here without
a valid repository.
John Keeping [Sun, 15 Jan 2017 12:29:38 +0000 (12:29 +0000)]
ui-atom: properly escape delimiter in page link
If the delimiter here is '&' then it needs to be escaped for inclusion
in an attribute. Use html_attrf() to ensure that this happens (we know
that hex won't need escaping, but this makes it clearer what's
happening.
Jeff Smith [Thu, 10 Aug 2017 00:02:56 +0000 (19:02 -0500)]
git: update to v2.14
Numerous changes were made to git functions to use an object_id
structure rather than sending sha1 hashes as raw unsigned character
arrays. The functions that affect cgit are: parse_object,
lookup_commit_reference, lookup_tag, lookup_tree, parse_tree_indirect,
diff_root_tree_sha1, diff_tree_sha1, and format_display_notes.
Commit b2141fc (config: don't include config.h by default) made it
necessary to that config.h be explicitly included when needed.
Commit 07a3d41 (grep: remove regflags from the public grep_opt API)
removed one way of specifying the ignore-case grep option.
Christian Hesse [Mon, 24 Jul 2017 15:22:52 +0000 (17:22 +0200)]
git: update to v2.13.4
Update to git version v2.13.4: With commit 8aee769f (pathspec: copy and free
owned memory) the definition of struct pathspec_item has changed with the
expectation that pathspecs will be managed dynamically. We work around this
a bit by setting up a static structure, but let's allocate the match string
to avoid needing to cast away const.
Updated a patch from John Keeping <john@keeping.me.uk> for git v2.12.1.
When empty repos exist, comparing them against an existing repo with a
good mtime might, with particular qsort implementations, not sort
correctly, because of this brokenness:
if (get_repo_modtime(r1, &t) && get_repo_modtime(r2, &t))
However, sorting by the age column works as expected, so anyway, to tidy
things up, we simply reuse that function.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Lukas Fleischer [Thu, 24 Nov 2016 19:14:54 +0000 (20:14 +0100)]
ui-patch: fix crash when using path limit
The array passed to setup_revisions() must be NULL-terminated. Fixes a
regression introduced in 455b598 (ui-patch.c: Use log_tree_commit() to
generate diffs, 2013-08-20).
John Keeping [Mon, 14 Mar 2016 22:41:14 +0000 (22:41 +0000)]
patch: reapply path limit
This was originally applied added in commit eac1b67 (ui-patch: Apply
path limit to generated patch, 2010-06-10) but the ability to limit
patches to particular paths was lost in commit 455b598 (ui-patch.c: Use
log_tree_commit() to generate diffs, 2013-08-20).
The new output is slightly different from the original because Git's
diff infrastructure doesn't give us a way to insert an annotation
immediately after the "---" separator, so the commit has moved below the
diff stat.
Christian Hesse [Thu, 29 Sep 2016 20:17:07 +0000 (22:17 +0200)]
ui-tree: replace 'unsigned char sha1[20]' with 'struct object_id oid'
Upstream git is replacing 'unsigned char sha1[20]' with 'struct object_id
oid'. We have some code that can be changed independent from upstream. So
here we go...
Christian Hesse [Thu, 29 Sep 2016 20:14:28 +0000 (22:14 +0200)]
ui-tag: replace 'unsigned char sha1[20]' with 'struct object_id oid'
Upstream git is replacing 'unsigned char sha1[20]' with 'struct object_id
oid'. We have some code that can be changed independent from upstream. So
here we go...
Christian Hesse [Thu, 29 Sep 2016 20:12:11 +0000 (22:12 +0200)]
ui-snapshot: replace 'unsigned char sha1[20]' with 'struct object_id oid'
Upstream git is replacing 'unsigned char sha1[20]' with 'struct object_id
oid'. We have some code that can be changed independent from upstream. So
here we go...
Christian Hesse [Thu, 29 Sep 2016 20:10:21 +0000 (22:10 +0200)]
ui-shared: replace 'unsigned char sha1[20]' with 'struct object_id oid'
Upstream git is replacing 'unsigned char sha1[20]' with 'struct object_id
oid'. We have some code that can be changed independent from upstream. So
here we go...
Christian Hesse [Thu, 29 Sep 2016 20:08:19 +0000 (22:08 +0200)]
ui-plain: replace 'unsigned char sha1[20]' with 'struct object_id oid'
Upstream git is replacing 'unsigned char sha1[20]' with 'struct object_id
oid'. We have some code that can be changed independent from upstream. So
here we go...
Christian Hesse [Thu, 29 Sep 2016 19:51:41 +0000 (21:51 +0200)]
ui-patch: replace 'unsigned char sha1[20]' with 'struct object_id oid'
Upstream git is replacing 'unsigned char sha1[20]' with 'struct object_id
oid'. We have some code that can be changed independent from upstream. So
here we go...
Christian Hesse [Thu, 29 Sep 2016 19:41:09 +0000 (21:41 +0200)]
ui-commit: replace 'unsigned char sha1[20]' with 'struct object_id oid'
Upstream git is replacing 'unsigned char sha1[20]' with 'struct object_id
oid'. We have some code that can be changed independent from upstream. So
here we go...
Christian Hesse [Thu, 29 Sep 2016 19:38:49 +0000 (21:38 +0200)]
ui-blob: replace 'unsigned char sha1[20]' with 'struct object_id oid'
Upstream git is replacing 'unsigned char sha1[20]' with 'struct object_id
oid'. We have some code that can be changed independent from upstream. So
here we go...
Christian Hesse [Thu, 29 Sep 2016 19:16:14 +0000 (21:16 +0200)]
cgit: replace 'unsigned char sha1[20]' with 'struct object_id oid'
Upstream git is replacing 'unsigned char sha1[20]' with 'struct object_id
oid'. We have some code that can be changed independent from upstream. So
here we go...
Instead of reimplementing URL parameter parsing from scratch, use
url_decode_parameter_name() and url_decode_parameter_value() which are
already provided by Git.
Also, change the return type of http_parse_querystring() to void since
its only caller already ignores the return value.
John Keeping [Sat, 13 Aug 2016 10:54:46 +0000 (11:54 +0100)]
ui-tree: remove a fixed size buffer
As libgit.a moves away from using fixed size buffers, there is no
guarantee that PATH_MAX is sufficient for all of the paths in a Git
tree, so we should use a dynamically sized buffer here.
Coverity-Id: 141884 Signed-off-by: John Keeping <john@keeping.me.uk>
John Keeping [Sat, 13 Aug 2016 10:53:24 +0000 (11:53 +0100)]
ui-tag: clean up taginfo
Free the taginfo when we're done with it. Also reduce the scope of a
couple of variables so that it's clear that this is the only path that
uses the taginfo structure.
Coverity-Id: 141883 Signed-off-by: John Keeping <john@keeping.me.uk>
projects / cgit / log