Chris Mayo [Thu, 21 Feb 2019 19:56:05 +0000 (19:56 +0000)]
ui-ssdiff: resolve HTML5 validation errors
- Remove ids from anchor elements. They were unusable because they were
duplicated between files and versions of files.
- Always close span, with html().
- Fix missing / on closing tr element in cgit_ssdiff_header_end().
The address of the Free Software Foundation has changed since the
license was added in 7640d90 ("Add license file and copyright notices",
2006-12-10). Update the license file from gnu.org¹.
The only non-whitespace changes are the updated FSF address and two
references to the L in LGPL changed from Library to Lesser.
CC ../shared.o
../shared.c: In function ‘expand_macro’:
../shared.c:487:3: warning: ‘strncpy’ specified bound depends on the length of the source argument [-Wstringop-overflow=]
strncpy(name, value, len);
^~~~~~~~~~~~~~~~~~~~~~~~~
../shared.c:484:9: note: length computed here
len = strlen(value);
^~~~~~~~~~~~~
../ui-shared.c: In function ‘cgit_repobasename’:
../ui-shared.c:136:2: warning: ‘strncpy’ specified bound 1024 equals destination size [-Wstringop-truncation]
strncpy(rvbuf, reponame, sizeof(rvbuf));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CC ../ui-ssdiff.o
../ui-ssdiff.c: In function ‘replace_tabs’:
../ui-ssdiff.c:142:4: warning: ‘strncat’ output truncated copying between 1 and 8 bytes from a string of length 8 [-Wstringop-truncation]
strncat(result, spaces, 8 - (strlen(result) % 8));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Christian Hesse [Thu, 7 Jun 2018 19:31:28 +0000 (21:31 +0200)]
snapshot: support tar signature for compressed tar
This adds support for kernel.org style signatures where the uncompressed
tar archive is signed and compressed later. The signature is valid for
all tar* snapshots.
We have a filter which snapshots may be generated and downloaded. This has
to allow tar signatures now even if tar itself is not allowed. To simplify
things we allow all signatures.
John Keeping [Wed, 20 Jun 2018 05:29:14 +0000 (07:29 +0200)]
cache: close race window when unlocking slots
We use POSIX advisory record locks to control access to cache slots, but
these have an unhelpful behaviour in that they are released when any
file descriptor referencing the file is closed by this process.
Mostly this is okay, since we know we won't be opening the lock file
anywhere else, but there is one place that it does matter: when we
restore stdout we dup2() over a file descriptor referring to the file,
thus closing that descriptor.
Since we restore stdout before unlocking the slot, this creates a window
during which the slot content can be overwritten. The fix is reasonably
straightforward: simply restore stdout after unlocking the slot, but the
diff is a bit bigger because this requires us to move the temporary
stdout FD into struct cache_slot.
Signed-off-by: John Keeping <john@keeping.me.uk> Reviewed-by: Christian Hesse <mail@eworm.de>
John Keeping [Sat, 31 Mar 2018 15:15:48 +0000 (16:15 +0100)]
snapshot: support archive signatures
Read signatures from the notes refs refs/notes/signatures/$FORMAT where
FORMAT is one of our archive formats ("tar", "tar.gz", ...). The note
is expected to simply contain the signature content to be returned when
the snapshot "${filename}.asc" is requested, so the signature for
cgit-1.1.tar.xz can be stored against the v1.1 tag with:
John Keeping [Sat, 31 Mar 2018 14:08:59 +0000 (15:08 +0100)]
ui-shared: pass separator in to cgit_print_snapshot_links()
cgit_print_snapshot_links() is almost identical to
print_tag_downloads(), so let's extract the difference to a parameter in
preparation for removing print_tag_downloads() in the next commit.
Signed-off-by: John Keeping <john@keeping.me.uk> Reviewed-by: Christian Hesse <mail@eworm.de>
John Keeping [Sat, 31 Mar 2018 14:06:01 +0000 (15:06 +0100)]
ui-shared: use the same snapshot logic as ui-refs
Make snapshot links in the commit UI use the same prefix algorithm as
those in the summary UI, so that refs starting with the snapshot prefix
are used as-is rather than composed with the prefix repeated.
Signed-off-by: John Keeping <john@keeping.me.uk> Reviewed-by: Christian Hesse <mail@eworm.de>
John Keeping [Sat, 31 Mar 2018 14:19:52 +0000 (15:19 +0100)]
ui-snapshot: filter permitted snapshot requests
Currently the snapshots configuration option only filters which links
are displayed, not which snapshots may be generated and downloaded.
Apply the filter also to requests to ensure that the system policy is
enforced.
Signed-off-by: John Keeping <john@keeping.me.uk> Reviewed-by: Christian Hesse <mail@eworm.de>
John Keeping [Sat, 31 Mar 2018 13:20:01 +0000 (14:20 +0100)]
Add "snapshot-prefix" repo configuration
Allow using a user-specified value for the prefix in snapshot files
instead of the repository basename. For example, files downloaded from
the linux-stable.git repository should be named linux-$VERSION and not
linux-stable-$VERSION, which can be achieved by setting:
repo.snapshot-prefix=linux
Signed-off-by: John Keeping <john@keeping.me.uk> Reviewed-by: Christian Hesse <mail@eworm.de>
John Keeping [Sat, 31 Mar 2018 13:05:02 +0000 (14:05 +0100)]
ui-shared: pass repo object to print_snapshot_links()
Both call sites of cgit_print_snapshot_links() use the same values for
the snapshot mask and repository name, which are derived from the
cgit_repo structure so let's pass in the structure and access the fields
directly.
Signed-off-by: John Keeping <john@keeping.me.uk> Reviewed-by: Christian Hesse <mail@eworm.de>
Christian Hesse [Tue, 5 Jun 2018 10:46:13 +0000 (12:46 +0200)]
ui-log: highlight annotated tags in different color
Annotated tags have some extra information... Descriptive text or signature.
Highlighting annotated tags in a different color show what tag may be worth
clicking for extra information.
Signed-off-by: Christian Hesse <mail@eworm.de> Reviewed-by: John Keeping <john@keeping.me.uk>
Christian Hesse [Mon, 4 Jun 2018 20:27:46 +0000 (22:27 +0200)]
print git version string in footer
This helps tracking what git version cgit uses. The security implications are
low as anybody can look up the version of our submodule anyway. The paranoid
can use a custom footer. :-p
On the other hand this brings potential security issues to the
administrators eyes...
John Keeping [Sat, 16 Jun 2018 12:11:09 +0000 (13:11 +0100)]
Makefile: drive asciidoc directly for HTML output
This is mostly taken from Git's doc/Makefile, although simplified for
our use. The output now uses Asciidoc's default CSS which I think looks
a bit nicer than the Docbook formatting; as a result of this we no
longer need our custom .css file.
A side effect of this change is that temporary files generated from the
HTML output no longer conflict with the manpage output format (because
any temporary HTML output files use names derived from the output
filename which includes .html).
Todd Zullinger [Wed, 21 Feb 2018 01:36:03 +0000 (20:36 -0500)]
doc: use consistent id's when generating html files
The html documentation is generated using a2x which calls docbook tools
to do the work. The generate.consistent.ids parameter ensures that when
the docbook stylesheet assigns an id value to an output element it is
consistent as long as the document structure has not changed.
Having consistent html files reduces frivolous changes between builds.
Distributions can more easily deploy multiple architecture builds and
compare changes between package versions. End-users avoid needless
changes in files deployed or backed up.
The generate.consistent.ids parameter was added in docbook-xsl-1.77.0.
Older versions gracefully ignore the parameter, so we can pass the
parameter unconditionally. Most distributions contain docbook-xsl newer
than 1.77.0. This includes Fedora, Debian, Ubuntu, and RHEL/CentOS 7.
RHEL/CentOS 6 and Debian Wheezy (old stable) ship with an older version,
unsurprisingly.
Jeff Smith [Sun, 29 Oct 2017 02:43:26 +0000 (21:43 -0500)]
ui-blame: Allow syntax highlighting
Place file contents into a single block so that syntax highlighting can
be applied in the usual fashion. Place the alternating color bars
behind the file contents. Force the default syntax highlighting
background to transparent.
Signed-off-by: Jeff Smith <whydoubt@gmail.com> Reviewed-by: John Keeping <john@keeping.me.uk>
John Keeping [Sat, 14 Oct 2017 12:02:53 +0000 (13:02 +0100)]
parsing: don't clear existing state with empty input
Since commit c699866 (parsing: clear query path before starting,
2017-02-19), we clear the "page" variable simply by calling
cgit_parse_url() even if the URL is empty. This breaks a URL like:
.../cgit?p=about
which is generated when using the "root-readme" configuration option.
This happens because "page" is set to "about" when parsing the query
string before we handle the path (which is empty, but non-null).
It turns out that this is not the only case which is broken, but
specifying repository and page via query options has been broken since
before the commit mentioned above, for example:
.../cgit?r=git&p=log
Fix both of these by allowing the previous state to persist if PATH_INFO
is empty, falling back to the query parameters if no path has been
requested.
Reported-by: Tom Ryder <tom@sanctum.geek.nz> Signed-off-by: John Keeping <john@keeping.me.uk>
Jeff Smith [Mon, 2 Oct 2017 04:39:07 +0000 (23:39 -0500)]
ui-shared: make a char* parameter const
All cgit_xxx_link functions take const char* for the 'name' parameter,
except for cgit_commit_link, which takes a char* and subsequently
modifies the contents. Avoiding the content changes, and making it
const char* will avoid the need to make copies of const char* strings
being passed to cgit_commit_link.
Signed-off-by: Jeff Smith <whydoubt@gmail.com> Reviewed-by: John Keeping <john@keeping.me.uk>
Jeff Smith [Mon, 2 Oct 2017 04:39:05 +0000 (23:39 -0500)]
html: html_ntxt with no ellipsis
For implementing a ui-blame page, there is need for a function that
outputs a selection from a block of text, transformed for HTML output,
but with no further modifications or additions.
Signed-off-by: Jeff Smith <whydoubt@gmail.com> Reviewed-by: John Keeping <john@keeping.me.uk>
John Keeping [Mon, 24 Apr 2017 18:38:34 +0000 (19:38 +0100)]
cache: flush stdio before restoring FDs
As described in commit 2efb59e (ui-patch: Flush stdout after outputting
data, 2014-06-11), we need to ensure that stdout is flushed before
restoring the file descriptor when writing to the cache. It turns out
that it's not just ui-patch that is affected by this but also raw diff
which writes to stdout internally.
Let's avoid risking more places doing this by ensuring that stdout is
flushed after writing in fill_slot().
Daniel M. Weeks [Wed, 20 Sep 2017 15:17:29 +0000 (11:17 -0400)]
Use https for submodule
The git protocol provides no transport security. https does provide
transport security and should be preferred by default. https is also
more likely than git to be permitted by firewalls in restricted
environments.
John Keeping [Mon, 6 Mar 2017 23:27:23 +0000 (23:27 +0000)]
ui-plain: print symlink content
We currently ignore symlinks in ui-plain, leading to a 404. In ui-tree
we print the content of the blob (that is, the path to the target of the
link), so it makes sense to do the same here.
John Keeping [Sun, 19 Feb 2017 12:02:37 +0000 (12:02 +0000)]
cgit: don't set vpath unless repo is set
After the previous two patches, this can be classified as a tidy up
rather than a bug fix, but I think it makes sense to group all of the
tests together before setting up the environment for the command to
execute.
John Keeping [Sun, 19 Feb 2017 12:17:05 +0000 (12:17 +0000)]
parsing: clear query path before starting
By specifying the "url" query parameter multiple times it is possible to
end up with ctx.qry.vpath set while ctx.repo is null, which triggers an
invalid code path from cgit_print_pageheader() while printing path
crumbs, resulting in a null dereference.
The previous patch fixed this segfault, but it makes no sense for us to
clear ctx.repo while leaving ctx.qry.path set to the previous value, so
let's just clear it here so that the last "url" parameter given takes
full effect rather than partially overriding the effect of the previous
value.
John Keeping [Sun, 19 Feb 2017 12:27:48 +0000 (12:27 +0000)]
ui-shared: don't print path crumbs without a repo
cgit_print_path_crumbs() can call repolink() which assumes that ctx.repo
is non-null. Currently we don't have any commands that set want_vpath
without also setting want_repo so it shouldn't be possible to fail this
test, but the check in cgit.c is in the wrong order so it is possible to
specify a query string like "?p=log&path=foo/bar" to end up here without
a valid repository.
John Keeping [Sun, 15 Jan 2017 12:29:38 +0000 (12:29 +0000)]
ui-atom: properly escape delimiter in page link
If the delimiter here is '&' then it needs to be escaped for inclusion
in an attribute. Use html_attrf() to ensure that this happens (we know
that hex won't need escaping, but this makes it clearer what's
happening.
Jeff Smith [Thu, 10 Aug 2017 00:02:56 +0000 (19:02 -0500)]
git: update to v2.14
Numerous changes were made to git functions to use an object_id
structure rather than sending sha1 hashes as raw unsigned character
arrays. The functions that affect cgit are: parse_object,
lookup_commit_reference, lookup_tag, lookup_tree, parse_tree_indirect,
diff_root_tree_sha1, diff_tree_sha1, and format_display_notes.
Commit b2141fc (config: don't include config.h by default) made it
necessary to that config.h be explicitly included when needed.
Commit 07a3d41 (grep: remove regflags from the public grep_opt API)
removed one way of specifying the ignore-case grep option.
Christian Hesse [Mon, 24 Jul 2017 15:22:52 +0000 (17:22 +0200)]
git: update to v2.13.4
Update to git version v2.13.4: With commit 8aee769f (pathspec: copy and free
owned memory) the definition of struct pathspec_item has changed with the
expectation that pathspecs will be managed dynamically. We work around this
a bit by setting up a static structure, but let's allocate the match string
to avoid needing to cast away const.
Updated a patch from John Keeping <john@keeping.me.uk> for git v2.12.1.
When empty repos exist, comparing them against an existing repo with a
good mtime might, with particular qsort implementations, not sort
correctly, because of this brokenness:
if (get_repo_modtime(r1, &t) && get_repo_modtime(r2, &t))
However, sorting by the age column works as expected, so anyway, to tidy
things up, we simply reuse that function.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Lukas Fleischer [Thu, 24 Nov 2016 19:14:54 +0000 (20:14 +0100)]
ui-patch: fix crash when using path limit
The array passed to setup_revisions() must be NULL-terminated. Fixes a
regression introduced in 455b598 (ui-patch.c: Use log_tree_commit() to
generate diffs, 2013-08-20).