]> granicus.if.org Git - cgit/log
cgit
8 years agoSimplify http_parse_querystring()
Lukas Fleischer [Thu, 29 Sep 2016 06:38:45 +0000 (08:38 +0200)]
Simplify http_parse_querystring()

Instead of reimplementing URL parameter parsing from scratch, use
url_decode_parameter_name() and url_decode_parameter_value() which are
already provided by Git.

Also, change the return type of http_parse_querystring() to void since
its only caller already ignores the return value.

Signed-off-by: Lukas Fleischer <lfleischer@lfos.de>
8 years agoui-tree: remove a fixed size buffer
John Keeping [Sat, 13 Aug 2016 10:54:46 +0000 (11:54 +0100)]
ui-tree: remove a fixed size buffer

As libgit.a moves away from using fixed size buffers, there is no
guarantee that PATH_MAX is sufficient for all of the paths in a Git
tree, so we should use a dynamically sized buffer here.

Coverity-Id: 141884
Signed-off-by: John Keeping <john@keeping.me.uk>
8 years agoui-tag: clean up taginfo
John Keeping [Sat, 13 Aug 2016 10:53:24 +0000 (11:53 +0100)]
ui-tag: clean up taginfo

Free the taginfo when we're done with it.  Also reduce the scope of a
couple of variables so that it's clear that this is the only path that
uses the taginfo structure.

Coverity-Id: 141883
Signed-off-by: John Keeping <john@keeping.me.uk>
8 years agoshared: make cgit_free_taginfo() public
John Keeping [Sat, 13 Aug 2016 10:52:51 +0000 (11:52 +0100)]
shared: make cgit_free_taginfo() public

We will use this function from ui-tag.c in the next patch.

Signed-off-by: John Keeping <john@keeping.me.uk>
8 years agoshared: remove return value from cgit_free_commitinfo()
John Keeping [Sat, 13 Aug 2016 10:51:58 +0000 (11:51 +0100)]
shared: remove return value from cgit_free_commitinfo()

This return value is never used and the function always returns NULL.

Signed-off-by: John Keeping <john@keeping.me.uk>
8 years agotree: allow skipping through single-child trees
John Keeping [Wed, 13 Jul 2016 19:19:42 +0000 (20:19 +0100)]
tree: allow skipping through single-child trees

If we have only a single element in a directory (for example in Java
package paths), display multiple directories in one go so that it is
possible to navigate directly to the first directory that contains
either files or multiple directories.

Signed-off-by: John Keeping <john@keeping.me.uk>
8 years agoui-ssdiff: fix decl-after-statement warnings
John Keeping [Sun, 7 Aug 2016 15:14:49 +0000 (16:14 +0100)]
ui-ssdiff: fix decl-after-statement warnings

git.git's coding style avoids decl-after-statement and we generally try
to follow it but a few warnings have crept in recently.  Fix the one in
ui-ssdiff.c

Signed-off-by: John Keeping <john@keeping.me.uk>
8 years agoui-shared: fix decl-after-statement warnings
John Keeping [Sun, 7 Aug 2016 15:13:30 +0000 (16:13 +0100)]
ui-shared: fix decl-after-statement warnings

git.git's coding style avoids decl-after-statement and we generally try
to follow it but a few warnings have crept in recently.  Fix the ones in
ui-shared.c

Signed-off-by: John Keeping <john@keeping.me.uk>
8 years agoconfigfile: fix EOF handling
John Keeping [Sun, 7 Aug 2016 14:54:14 +0000 (15:54 +0100)]
configfile: fix EOF handling

Currently we can end up passing EOF to isspace(), which is in fact
libgit's sane_isspace which does:

((sane_ctype[(unsigned char)(x)] & (GIT_SPACE)) != 0)

It is very unlikely that EOF cast to "unsigned char" will end up in a
character that has the GIT_SPACE bit set, but the standard only requires
that EOF be a negative integer, so it could access any value in the
sane_ctype array.

If it does end up returning true for isspace() then this loop will never
terminate, so handle EOF as a special value in the same way as the other
loops in this function.

Signed-off-by: John Keeping <john@keeping.me.uk>
8 years agogit: update to v2.10.0
Christian Hesse [Sun, 4 Sep 2016 10:38:18 +0000 (12:38 +0200)]
git: update to v2.10.0

Upstream continues to replace unsigned char *sha1 with struct
object_id old_oid. This makes the required changes.

The git lib has its own main function now. Rename our main function
to cmd_main, it is called from main then.

8 years agoFix qry.head leak on error
Richard Maw [Sat, 2 Jul 2016 19:28:10 +0000 (20:28 +0100)]
Fix qry.head leak on error

This is run soon before exiting so it wasn't leaked for long.

Signed-off-by: Richard Maw <richard.maw@gmail.com>
8 years agogit: update to v2.9.1
Christian Hesse [Mon, 11 Jul 2016 22:42:41 +0000 (00:42 +0200)]
git: update to v2.9.1

Update to git version v2.9.1, no changes required.

Signed-off-by: Christian Hesse <mail@eworm.de>
8 years agoLink with -ldl on GNU/kFreeBSD
Peter Colberg [Sat, 2 Jul 2016 02:00:37 +0000 (22:00 -0400)]
Link with -ldl on GNU/kFreeBSD

GNU/kFreeBSD uses the FreeBSD kernel with the GNU C library.

Signed-off-by: Peter Colberg <peter@colberg.org>
8 years agoFix spelling in man page
Peter Colberg [Fri, 10 Jun 2016 14:29:07 +0000 (10:29 -0400)]
Fix spelling in man page

Signed-off-by: Peter Colberg <peter@colberg.org>
8 years agoui-shared: fix segfault when defbranch is NULL
Eric Wong [Wed, 6 Jul 2016 07:08:01 +0000 (07:08 +0000)]
ui-shared: fix segfault when defbranch is NULL

Not sure if there's a better fix for this.  defbranch is
NULL here on my setup when a crawler hit an invalid URL,
causing strcmp to segfault.

Signed-off-by: Eric Wong <normalperson@yhbt.net>
8 years agocss: consistent use of empty lines
Christian Hesse [Wed, 29 Jun 2016 07:37:58 +0000 (09:37 +0200)]
css: consistent use of empty lines

Signed-off-by: Christian Hesse <mail@eworm.de>
8 years agoui-log: color line changes
Christian Hesse [Wed, 29 Jun 2016 07:37:57 +0000 (09:37 +0200)]
ui-log: color line changes

Signed-off-by: Christian Hesse <mail@eworm.de>
8 years agoAvoid ambiguities when prettifying snapshot names
Lukas Fleischer [Tue, 24 May 2016 16:15:18 +0000 (18:15 +0200)]
Avoid ambiguities when prettifying snapshot names

When composing snapshot file names for a tag with a prefix of the form
v[0-9] (resp. V[0-9]), the leading "v" (resp. "V") is stripped. This
leads to conflicts if a tag with the stripped name already exists or if
there are tags only differing in the capitalization of the leading "v".
Make sure we do not strip the "v" in these cases.

Reported-by: Juuso Lapinlampi <wub@partyvan.eu>
Signed-off-by: Lukas Fleischer <lfleischer@lfos.de>
8 years agogit: update to v2.9.0
Christian Hesse [Mon, 13 Jun 2016 20:57:12 +0000 (22:57 +0200)]
git: update to v2.9.0

Update to git version v2.9.0, no changes required.

Signed-off-by: Christian Hesse <mail@eworm.de>
8 years agocgit.mk: Use $PKG_CONFIG
Kylie McClain [Tue, 7 Jun 2016 21:22:35 +0000 (17:22 -0400)]
cgit.mk: Use $PKG_CONFIG

PKG_CONFIG is a variable dictated by autoconf standards; it should
be used if set.

8 years agomd2html: use utf-8 and flush output buffer
Jason A. Donenfeld [Fri, 17 Jun 2016 10:27:10 +0000 (12:27 +0200)]
md2html: use utf-8 and flush output buffer

Otherwise we get the classic Python UTF-8 errors, and the text is all
out of order. While we're at it, switch to python3 so we only have to
support one set of oddball semantics.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Suggested-by: Daniel Campbell <dlcampbell@gmx.com>
8 years agoHosted on HTTPS now
Jason A. Donenfeld [Wed, 24 Feb 2016 17:01:42 +0000 (18:01 +0100)]
Hosted on HTTPS now

8 years agoBump version. v1.0
Jason A. Donenfeld [Tue, 7 Jun 2016 12:31:09 +0000 (14:31 +0200)]
Bump version.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
8 years agogit: update to v2.8.3
Christian Hesse [Thu, 19 May 2016 21:12:03 +0000 (23:12 +0200)]
git: update to v2.8.3

Update to git version v2.8.3, no changes required.

Signed-off-by: Christian Hesse <mail@eworm.de>
8 years agoui-diff: action='.' is not correct
Jason A. Donenfeld [Thu, 12 May 2016 19:38:59 +0000 (21:38 +0200)]
ui-diff: action='.' is not correct

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
8 years agoforms: action should not be empty
Jason A. Donenfeld [Thu, 12 May 2016 19:29:40 +0000 (21:29 +0200)]
forms: action should not be empty

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
8 years agoui-shared: Remove a name attribute with an empty value
Juuso Lapinlampi [Wed, 11 May 2016 18:04:18 +0000 (18:04 +0000)]
ui-shared: Remove a name attribute with an empty value

The name attribute is optional in an input element, but it must not be
an empty value.

See: https://html.spec.whatwg.org/#attr-fe-name
See: https://html.spec.whatwg.org/#the-input-element

8 years agoui-shared: HTML-ize DOCTYPE and <html>
Juuso Lapinlampi [Wed, 11 May 2016 18:04:14 +0000 (18:04 +0000)]
ui-shared: HTML-ize DOCTYPE and <html>

Get rid of the XHTML headers, bringing cgit slowly to the modern age of
HTML.

8 years agoui-shared: Simplify cgit_print_error_page() logic
Juuso Lapinlampi [Wed, 11 May 2016 17:50:09 +0000 (17:50 +0000)]
ui-shared: Simplify cgit_print_error_page() logic

8 years agogit: update to v2.8.2
Christian Hesse [Sat, 30 Apr 2016 14:57:51 +0000 (16:57 +0200)]
git: update to v2.8.2

Update to git version v2.8.2.

* Upstream commit 1a0c8dfd89475d6bb09ddee8c019cf0ae5b3bdc2 (strbuf: give
  strbuf_getline() to the "most text friendly" variant) changed API.

Signed-off-by: Christian Hesse <mail@eworm.de>
8 years agoui-log: Simplify decoration code
Tim Nordell [Fri, 26 Feb 2016 20:58:41 +0000 (14:58 -0600)]
ui-log: Simplify decoration code

The decoration code inside of git returns the decoration type, so
utilize this to create the decoration spans.  Additionally, use
prettify_refname(...) to get the shorter name for the ref.

Signed-off-by: Tim Nordell <tim.nordell@logicpd.com>
8 years agoui-log: Do not always emit decoration span
Tim Nordell [Fri, 26 Feb 2016 20:57:30 +0000 (14:57 -0600)]
ui-log: Do not always emit decoration span

The decoration span does not need to be emited if there aren't
any decorations to show.  This modification saves slightly
on bandwidth.

Signed-off-by: Tim Nordell <tim.nordell@logicpd.com>
8 years agoRenamed repo-specific configuration for enable-html-serving in cgitrc.5.txt
Matt Comben [Tue, 8 Mar 2016 12:05:09 +0000 (12:05 +0000)]
Renamed repo-specific configuration for enable-html-serving in cgitrc.5.txt

8 years agoui-shared: redirect should not exit early for cache
Jason A. Donenfeld [Fri, 26 Feb 2016 12:24:35 +0000 (13:24 +0100)]
ui-shared: redirect should not exit early for cache

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
8 years agoabout: path_info might not be valid
Jason A. Donenfeld [Fri, 26 Feb 2016 12:14:43 +0000 (13:14 +0100)]
about: path_info might not be valid

8 years agotabs: do not use target=_blank
Jason A. Donenfeld [Tue, 23 Feb 2016 14:35:32 +0000 (15:35 +0100)]
tabs: do not use target=_blank

8 years agocss: fix indentation
Jason A. Donenfeld [Tue, 23 Feb 2016 14:14:06 +0000 (15:14 +0100)]
css: fix indentation

8 years agocss: use less blurry icon for external link
Christian Hesse [Tue, 23 Feb 2016 09:47:25 +0000 (10:47 +0100)]
css: use less blurry icon for external link

Your mileage may vary, but for me the old icon looks blurry. The new
one is character 0xf08e from OTF font awsome in size 10.
The icon color is black, gray level is adjusted via opacity.

Signed-off-by: Christian Hesse <mail@eworm.de>
8 years agomd2html: Do syntax highlighting too
Jason A. Donenfeld [Tue, 23 Feb 2016 05:32:03 +0000 (06:32 +0100)]
md2html: Do syntax highlighting too

8 years agogit: update to v2.7.2
Christian Hesse [Mon, 22 Feb 2016 22:25:28 +0000 (23:25 +0100)]
git: update to v2.7.2

Update to git version v2.7.2, no changes required.

Signed-off-by: Christian Hesse <mail@eworm.de>
8 years agoui-plain: fix to show a repo's root directory listing in plain view
Joe Anakata [Mon, 22 Feb 2016 17:45:53 +0000 (18:45 +0100)]
ui-plain: fix to show a repo's root directory listing in plain view

This is to fix the case of accessing http://host.com/cgit.cgi/repo.git/plain/

There is code here to make this case work (match_baselen is set to -1
for top-of-the-tree views) but the unsigned to signed comparison was
always false in this case, causing an empty directory listing without
this fix.

Signed-off-by: Joe Anakata <jea-signup-github@anakata.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
8 years agocmd: redirect empty about/ to homepage or summary
Jason A. Donenfeld [Mon, 22 Feb 2016 15:33:49 +0000 (16:33 +0100)]
cmd: redirect empty about/ to homepage or summary

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
8 years agoui-shared: add homepage to tabs
Jason A. Donenfeld [Mon, 22 Feb 2016 15:04:15 +0000 (16:04 +0100)]
ui-shared: add homepage to tabs

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
8 years agoui-atom: avoid DATE_STRFTIME
John Keeping [Mon, 8 Feb 2016 15:06:27 +0000 (15:06 +0000)]
ui-atom: avoid DATE_STRFTIME

Git's DATE_STRFTIME ignores the timezone argument and just uses the
local timezone regardless of whether the "local" flag is set.

Since Atom accepts ISO8601 dates [1], we can use Git's
DATE_ISO8601_STRICT instead, which does get this right.  Additionally,
we never use the local timezone here so we can use the
date_mode_from_type() wrapper to simplify the code a bit.

[1] https://tools.ietf.org/html/rfc4287#section-3.3

Signed-off-by: John Keeping <john@keeping.me.uk>
8 years agoAvoid DATE_STRFTIME for long/short dates
John Keeping [Mon, 8 Feb 2016 15:05:54 +0000 (15:05 +0000)]
Avoid DATE_STRFTIME for long/short dates

Git's DATE_STRFTIME ignores the timezone argument and just uses the
local timezone regardless of whether the "local" flag is set.

Since our existing FMT_LONGDATE and FMT_SHORTDATE are pretty-much
perfect matches to DATE_ISO8601 and DATE_SHORT, switch to taking a
date_mode_type directly in cgit_date_mode().

Signed-off-by: John Keeping <john@keeping.me.uk>
8 years agoui-stats: cast pointer before checking for zero
John Keeping [Mon, 8 Feb 2016 14:12:35 +0000 (14:12 +0000)]
ui-stats: cast pointer before checking for zero

We abuse the "void *util" field as a counter and recently started to
cast it to a uintptr_t to avoid risking nasal demons by performing
arithmetic on a void pointer.

However, compilers are also known to do "interesting" things if they
know that a pointer is or isn't NULL.  Make this safer by checking if
the counter (after casting) is non-zero rather than checking if the
pointer is non-null.

Signed-off-by: John Keeping <john@keeping.me.uk>
8 years agoui-stats: if we're going to abuse void*, do it safely
Jason A. Donenfeld [Mon, 8 Feb 2016 13:35:47 +0000 (14:35 +0100)]
ui-stats: if we're going to abuse void*, do it safely

8 years agogit: update to v2.7.1
Christian Hesse [Mon, 8 Feb 2016 08:06:47 +0000 (09:06 +0100)]
git: update to v2.7.1

Update to git version v2.7.1, no changes required.

Signed-off-by: Christian Hesse <mail@eworm.de>
8 years agoui-shared: remove cgit_print_date()
John Keeping [Tue, 19 Jan 2016 19:33:08 +0000 (19:33 +0000)]
ui-shared: remove cgit_print_date()

There are no longer any users of this function.

Signed-off-by: John Keeping <john@keeping.me.uk>
8 years agoui-atom: use show_date directly for atom dates
John Keeping [Tue, 19 Jan 2016 19:33:07 +0000 (19:33 +0000)]
ui-atom: use show_date directly for atom dates

This will allow us to remove cgit_print_date and use Git's show_date
consistently.

Signed-off-by: John Keeping <john@keeping.me.uk>
8 years agoui-shared: use show_date for footer timestamp
John Keeping [Tue, 19 Jan 2016 19:33:06 +0000 (19:33 +0000)]
ui-shared: use show_date for footer timestamp

Signed-off-by: John Keeping <john@keeping.me.uk>
8 years agoui: show ages in the originator's timezone
John Keeping [Tue, 19 Jan 2016 19:33:05 +0000 (19:33 +0000)]
ui: show ages in the originator's timezone

This affects the tooltip showing the full time and the case when a date
is sufficiently old to be shown in full rather than as an offset.

Signed-off-by: John Keeping <john@keeping.me.uk>
8 years agoui-{commit,tag}: show dates in originator's timezone
John Keeping [Tue, 19 Jan 2016 19:33:04 +0000 (19:33 +0000)]
ui-{commit,tag}: show dates in originator's timezone

This is done by switching to Git's show_date() function and the mode
given by cgit_date_mode().

Signed-off-by: John Keeping <john@keeping.me.uk>
8 years agoui-shared: add cgit_date_mode()
John Keeping [Tue, 19 Jan 2016 19:33:03 +0000 (19:33 +0000)]
ui-shared: add cgit_date_mode()

This returns the correct mode value for use with Git's show_date() based
on the current CGit configuration and will be used in the following
patches.

Signed-off-by: John Keeping <john@keeping.me.uk>
8 years agoparsing: add timezone to ident structures
John Keeping [Tue, 19 Jan 2016 19:33:02 +0000 (19:33 +0000)]
parsing: add timezone to ident structures

This will allow us to mimic Git's behaviour of showing times in the
originator's timezone when displaying commits and tags.

Signed-off-by: John Keeping <john@keeping.me.uk>
8 years agoui-shared: remove "format" from cgit_print_age()
John Keeping [Tue, 19 Jan 2016 19:33:01 +0000 (19:33 +0000)]
ui-shared: remove "format" from cgit_print_age()

We never use any format other than FMT_SHORTDATE, so move that into the
function.

Signed-off-by: John Keeping <john@keeping.me.uk>
8 years agoui-tree: put reverse path in title
Jason A. Donenfeld [Mon, 18 Jan 2016 14:56:45 +0000 (15:56 +0100)]
ui-tree: put reverse path in title

8 years agosyntax-highlighting: always use utf-8 to avoid ascii codec issues
Jason A. Donenfeld [Mon, 18 Jan 2016 10:14:06 +0000 (11:14 +0100)]
syntax-highlighting: always use utf-8 to avoid ascii codec issues

8 years agocache: don't check for match with no key
John Keeping [Sat, 16 Jan 2016 11:03:07 +0000 (11:03 +0000)]
cache: don't check for match with no key

We call open_slot() from cache_ls() without a key since we simply want
to read the path out of the header.  Should the file happen to contain
an empty key then we end up calling memcmp() with NULL and a non-zero
length.  Fix this by assigning slot->match only if a key is set, which
is always will be in the code paths where we use slot->match.

Coverity-id: 13807
Signed-off-by: John Keeping <john@keeping.me.uk>
8 years agocache: use size_t for string lengths
John Keeping [Sat, 16 Jan 2016 11:03:06 +0000 (11:03 +0000)]
cache: use size_t for string lengths

Avoid integer truncation on 64-bit systems.

Coverity-id: 13864
Signed-off-by: John Keeping <john@keeping.me.uk>
8 years agoui-log: handle parse_commit() errors
John Keeping [Sat, 16 Jan 2016 11:03:05 +0000 (11:03 +0000)]
ui-log: handle parse_commit() errors

If parse_commit() fails, none of the fields in the commit structure will
have been populated so we will dereference NULL when accessing
item->tree.

There isn't much we can do about the error at this point, but if we
return true then we'll try parsing the commit again from print_commit()
and we can report an error to the user at that point.

Coverity-id: 13801
Signed-off-by: John Keeping <john@keeping.me.uk>
8 years agoBump version v0.12
Jason A. Donenfeld [Thu, 14 Jan 2016 14:43:54 +0000 (15:43 +0100)]
Bump version

8 years agoui-plain: add enable-html-serving flag
Jason A. Donenfeld [Thu, 14 Jan 2016 13:53:28 +0000 (14:53 +0100)]
ui-plain: add enable-html-serving flag

Unrestricts plain/ to contents likely to be executed by browser.

8 years agoui-blob: set CSP just in case
Jason A. Donenfeld [Thu, 14 Jan 2016 13:43:43 +0000 (14:43 +0100)]
ui-blob: set CSP just in case

8 years agoui-blob: always use generic mimetypes
Jason A. Donenfeld [Thu, 14 Jan 2016 13:31:53 +0000 (14:31 +0100)]
ui-blob: always use generic mimetypes

8 years agoui-blob: Do not accept mimetype from user
Jason A. Donenfeld [Thu, 14 Jan 2016 13:31:13 +0000 (14:31 +0100)]
ui-blob: Do not accept mimetype from user

8 years agoui-shared: prevent malicious filename from injecting headers
Jason A. Donenfeld [Thu, 14 Jan 2016 13:28:37 +0000 (14:28 +0100)]
ui-shared: prevent malicious filename from injecting headers

8 years agoui-shared: Avoid new line injection into redirect header
Jason A. Donenfeld [Thu, 14 Jan 2016 13:13:39 +0000 (14:13 +0100)]
ui-shared: Avoid new line injection into redirect header

8 years agoFix missing prototype declarations
Peter Colberg [Wed, 13 Jan 2016 22:25:07 +0000 (17:25 -0500)]
Fix missing prototype declarations

Signed-off-by: Peter Colberg <peter@colberg.org>
8 years agoui-repolist: return HTTP 404 if no repositories found
Peter Colberg [Tue, 8 Dec 2015 17:53:09 +0000 (12:53 -0500)]
ui-repolist: return HTTP 404 if no repositories found

Return HTTP status code 404 Not found when querying a non-existent
repository, which signals to search engines that a repository no
longer exists. Further, some webservers such as nginx permit
logging requests to different files depending on the HTTP code.

Signed-off-by: Peter Colberg <peter@colberg.org>
8 years agoui-repolist: extract repo visibility criteria to separate function
Peter Colberg [Tue, 8 Dec 2015 17:53:08 +0000 (12:53 -0500)]
ui-repolist: extract repo visibility criteria to separate function

Signed-off-by: Peter Colberg <peter@colberg.org>
8 years agoFix segmentation fault in hc()
Lukas Fleischer [Sun, 13 Dec 2015 00:27:13 +0000 (01:27 +0100)]
Fix segmentation fault in hc()

The ctx.qry.page variable might be unset at this point, e.g. when an
invalid command is passed and cgit_print_pageheader() is called to show
an error message.

Signed-off-by: Lukas Fleischer <lfleischer@lfos.de>
8 years agogit: update to v2.7.0
Christian Hesse [Tue, 5 Jan 2016 06:38:53 +0000 (07:38 +0100)]
git: update to v2.7.0

Update to git version v2.7.0.

* Upstream commit ed1c9977cb1b63e4270ad8bdf967a2d02580aa08 (Remove
  get_object_hash.) changed API:

  Convert all instances of get_object_hash to use an appropriate
  reference to the hash member of the oid member of struct object.
  This provides no functional change, as it is essentially a macro
  substitution.

Signed-off-by: Christian Hesse <mail@eworm.de>
8 years agoui-repolist: initialize char *buf to NULL
Christian Hesse [Tue, 12 Jan 2016 23:45:03 +0000 (00:45 +0100)]
ui-repolist: initialize char *buf to NULL

readfile() can fail if the agefile is not readable. Make sure free()
does not free an ininitialized string.

Signed-off-by: Christian Hesse <mail@eworm.de>
9 years agofilter: avoid integer overflow in authenticate_post
Jason A. Donenfeld [Tue, 24 Nov 2015 10:28:00 +0000 (11:28 +0100)]
filter: avoid integer overflow in authenticate_post

ctx.env.content_length is an unsigned int, coming from the
CONTENT_LENGTH environment variable, which is parsed by strtoul. The
HTTP/1.1 spec says that "any Content-Length greater than or equal to
zero is a valid value." By storing this into an int, we potentially
overflow it, resulting in the following bounding check failing, leading
to a buffer overflow.

Reported-by: Erik Cabetas <Erik@cabetas.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
9 years agoabout-formatting.sh: comment text out of date
Jason A. Donenfeld [Thu, 12 Nov 2015 03:44:32 +0000 (04:44 +0100)]
about-formatting.sh: comment text out of date

9 years agofilters: port syntax-highlighting.py to python 3.x
Christian Hesse [Mon, 12 Oct 2015 16:23:56 +0000 (18:23 +0200)]
filters: port syntax-highlighting.py to python 3.x

Signed-off-by: Christian Hesse <mail@eworm.de>
9 years agomd2html: the default of stdin works fine
Jason A. Donenfeld [Mon, 12 Oct 2015 16:33:21 +0000 (18:33 +0200)]
md2html: the default of stdin works fine

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
9 years agofilters: misc cleanups
Jason A. Donenfeld [Mon, 12 Oct 2015 14:47:47 +0000 (16:47 +0200)]
filters: misc cleanups

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
9 years agomd2html: use pure python
Jason A. Donenfeld [Mon, 12 Oct 2015 14:42:48 +0000 (16:42 +0200)]
md2html: use pure python

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
9 years agocache: fix resource leak: close file handle before return
Christian Hesse [Sat, 10 Oct 2015 14:56:28 +0000 (16:56 +0200)]
cache: fix resource leak: close file handle before return

Coverity-id: 13910
Signed-off-by: Christian Hesse <mail@eworm.de>
9 years agoui-atom: fix resource leak: free allocation from cgit_pageurl
Christian Hesse [Sat, 10 Oct 2015 14:56:27 +0000 (16:56 +0200)]
ui-atom: fix resource leak: free allocation from cgit_pageurl

Coverity-id: 13945
Signed-off-by: Christian Hesse <mail@eworm.de>
9 years agoui-atom: fix resource leak: free before return
Christian Hesse [Sat, 10 Oct 2015 14:56:26 +0000 (16:56 +0200)]
ui-atom: fix resource leak: free before return

Coverity-id: 13946
Signed-off-by: Christian Hesse <mail@eworm.de>
9 years agoui-atom: fix resource leak: free allocation from cgit_repourl
Christian Hesse [Sat, 10 Oct 2015 14:56:25 +0000 (16:56 +0200)]
ui-atom: fix resource leak: free allocation from cgit_repourl

Coverity-id: 13947
Signed-off-by: Christian Hesse <mail@eworm.de>
9 years agoui-blob: fix resource leak: free before return
Christian Hesse [Sat, 10 Oct 2015 14:56:23 +0000 (16:56 +0200)]
ui-blob: fix resource leak: free before return

Coverity-id: 13944
Signed-off-by: Christian Hesse <mail@eworm.de>
9 years agoui-blob: fix resource leak: free before return
Christian Hesse [Sat, 10 Oct 2015 14:56:24 +0000 (16:56 +0200)]
ui-blob: fix resource leak: free before return

Coverity-id: 13943
Signed-off-by: Christian Hesse <mail@eworm.de>
9 years agoui-plain: fix resource leak: free before assigning NULL
Christian Hesse [Fri, 9 Oct 2015 12:55:50 +0000 (14:55 +0200)]
ui-plain: fix resource leak: free before assigning NULL

Coverity-id: 13939
Signed-off-by: Christian Hesse <mail@eworm.de>
9 years agoui-plain: fix resource leak: free before return
Christian Hesse [Fri, 9 Oct 2015 12:55:49 +0000 (14:55 +0200)]
ui-plain: fix resource leak: free before return

Coverity-id: 13940
Signed-off-by: Christian Hesse <mail@eworm.de>
9 years agoui-repolist: fix resource leak: free allocation from cgit_currenturl
Christian Hesse [Fri, 9 Oct 2015 12:55:48 +0000 (14:55 +0200)]
ui-repolist: fix resource leak: free allocation from cgit_currenturl

Coverity-id: 13930
Signed-off-by: Christian Hesse <mail@eworm.de>
9 years agoui-repolist: fix resource leak: free before return
Christian Hesse [Fri, 9 Oct 2015 12:55:47 +0000 (14:55 +0200)]
ui-repolist: fix resource leak: free before return

Coverity-id: 13931
Signed-off-by: Christian Hesse <mail@eworm.de>
9 years agofilters: Simplify converters
Jason A. Donenfeld [Fri, 9 Oct 2015 13:13:35 +0000 (15:13 +0200)]
filters: Simplify converters

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
9 years agoui-shared: fix resource leak: free allocation from cgit_hosturl
Christian Hesse [Fri, 9 Oct 2015 11:15:51 +0000 (13:15 +0200)]
ui-shared: fix resource leak: free allocation from cgit_hosturl

Signed-off-by: Christian Hesse <mail@eworm.de>
9 years agoui-shared: return value of cgit_hosturl is not const
Christian Hesse [Fri, 9 Oct 2015 11:15:50 +0000 (13:15 +0200)]
ui-shared: return value of cgit_hosturl is not const

Signed-off-by: Christian Hesse <mail@eworm.de>
9 years agocmd: fix resource leak: free allocation from cgit_currenturl and fmtalloc
Christian Hesse [Fri, 9 Oct 2015 11:15:49 +0000 (13:15 +0200)]
cmd: fix resource leak: free allocation from cgit_currenturl and fmtalloc

Signed-off-by: Christian Hesse <mail@eworm.de>
9 years agoui-shared: fix resource leak: free allocation from cgit_currenturl
Christian Hesse [Fri, 9 Oct 2015 11:15:48 +0000 (13:15 +0200)]
ui-shared: fix resource leak: free allocation from cgit_currenturl

Coverity-id: 13927
Signed-off-by: Christian Hesse <mail@eworm.de>
9 years agoui-shared: return value of cgit_currenturl is not const
Christian Hesse [Fri, 9 Oct 2015 11:15:47 +0000 (13:15 +0200)]
ui-shared: return value of cgit_currenturl is not const

Signed-off-by: Christian Hesse <mail@eworm.de>
9 years agoui-shared: fix resource leak: free allocation from cgit_fileurl
Christian Hesse [Fri, 9 Oct 2015 11:15:46 +0000 (13:15 +0200)]
ui-shared: fix resource leak: free allocation from cgit_fileurl

Coverity-id: 13918
Signed-off-by: Christian Hesse <mail@eworm.de>
9 years agoui-ssdiff: fix resource leak: free allocation from cgit_fileurl
Christian Hesse [Fri, 9 Oct 2015 11:15:45 +0000 (13:15 +0200)]
ui-ssdiff: fix resource leak: free allocation from cgit_fileurl

Coverity-id: 13929
Signed-off-by: Christian Hesse <mail@eworm.de>
9 years agoui-tree: fix resource leak: free before return
Christian Hesse [Fri, 9 Oct 2015 11:15:44 +0000 (13:15 +0200)]
ui-tree: fix resource leak: free before return

Coverity-id: 13938
Signed-off-by: Christian Hesse <mail@eworm.de>
9 years agoAvoid use of non-reentrant functions
Jason A. Donenfeld [Fri, 9 Oct 2015 09:01:04 +0000 (11:01 +0200)]
Avoid use of non-reentrant functions

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>