]> granicus.if.org Git - cgit/log
cgit
11 years agoui-refs: escape HTML chars in author and tagger names
John Keeping [Sun, 12 Jan 2014 19:45:15 +0000 (19:45 +0000)]
ui-refs: escape HTML chars in author and tagger names

Everywhere else we use html_txt to escape any special characters in
these variables.  Do so here as well.

Signed-off-by: John Keeping <john@keeping.me.uk>
11 years agofilter: pass extra arguments via cgit_open_filter
John Keeping [Sun, 12 Jan 2014 17:13:50 +0000 (17:13 +0000)]
filter: pass extra arguments via cgit_open_filter

This avoids poking into the filter data structure at various points in
the code.  We rely on the fact that the number of arguments is fixed
based on the filter type (set in cgit_new_filter) and that the call
sites all know which filter type they're using.

Signed-off-by: John Keeping <john@keeping.me.uk>
11 years agoui-snapshot: set unused cgit_filter fields to zero
John Keeping [Sun, 12 Jan 2014 17:13:49 +0000 (17:13 +0000)]
ui-snapshot: set unused cgit_filter fields to zero

By switching the assignment of fields in the cgit_filter structure to
use designated initializers, the compiler will initialize all other
fields to their default value.  This will be needed when we add the
extra_args field in the next patch.

Signed-off-by: John Keeping <john@keeping.me.uk>
11 years agohtml: remove redundant htmlfd variable
John Keeping [Sun, 12 Jan 2014 17:13:48 +0000 (17:13 +0000)]
html: remove redundant htmlfd variable

This is never changed from STDOUT_FILENO, so just use that value
directly.

Signed-off-by: John Keeping <john@keeping.me.uk>
11 years agotests: add Valgrind support
John Keeping [Mon, 8 Apr 2013 19:12:38 +0000 (20:12 +0100)]
tests: add Valgrind support

Now running tests with the "--valgrind" option will run cgit under
Valgrind instead of all Git commands.

Signed-off-by: John Keeping <john@keeping.me.uk>
11 years agocache: don't leave cache_slot fields uninitialized
John Keeping [Sun, 12 Jan 2014 16:49:40 +0000 (16:49 +0000)]
cache: don't leave cache_slot fields uninitialized

Valgrind says:

==18344== Conditional jump or move depends on uninitialised value(s)
==18344==    at 0x406C83: open_slot (cache.c:63)
==18344==    by 0x407478: cache_ls (cache.c:403)
==18344==    by 0x404C9A: process_request (cgit.c:639)
==18344==    by 0x406BD2: fill_slot (cache.c:190)
==18344==    by 0x4071A0: cache_process (cache.c:284)
==18344==    by 0x404461: main (cgit.c:952)
==18344==  Uninitialised value was created by a stack allocation
==18344==    at 0x40738B: cache_ls (cache.c:375)

This is caused by the keylen field being used to calculate whether or
not a slot is matched.  We never then check the value of this and the
length of data read depends on the key length read from the file so this
isn't dangerous, but it's nice to avoid branching based on uninitialized
data.

Signed-off-by: John Keeping <john@keeping.me.uk>
11 years agofilter: split filter functions into their own file
Jason A. Donenfeld [Fri, 10 Jan 2014 04:19:05 +0000 (05:19 +0100)]
filter: split filter functions into their own file

A first step for more interesting things.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
11 years agofilter: make exit status local
Jason A. Donenfeld [Fri, 10 Jan 2014 02:51:02 +0000 (03:51 +0100)]
filter: make exit status local

It's only used in one place, and not useful to have around since
close_filter will die() if exit_status isn't what it expects, anyway. So
this is best as just a local variable instead of as part of the struct.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
11 years agoparsing: fix header typo
Jason A. Donenfeld [Fri, 10 Jan 2014 03:59:34 +0000 (04:59 +0100)]
parsing: fix header typo

11 years agocgit.c: Fix comment on bit mask hack
Lukas Fleischer [Fri, 10 Jan 2014 13:55:31 +0000 (14:55 +0100)]
cgit.c: Fix comment on bit mask hack

* Formatting and spelling fixes.

* A bit mask with the size of one byte only allows for storing 8 (not
  255!) different flags.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
11 years agocgit.c: Use "else" for mutually exclusive branches
Lukas Fleischer [Fri, 10 Jan 2014 13:55:30 +0000 (14:55 +0100)]
cgit.c: Use "else" for mutually exclusive branches

When parsing command line arguments, no pair of command line options can
ever match simultaneously. Use "else if" blocks to reflect this. This
change improves both readability and speed.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
11 years agoui-snapshot.c: Do not reinvent suffixcmp()
Lukas Fleischer [Fri, 10 Jan 2014 11:44:38 +0000 (12:44 +0100)]
ui-snapshot.c: Do not reinvent suffixcmp()

Use suffixcmp() from Git instead of reimplementing it. This is a
preparation for moving to ends_with() in Git 1.8.6.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
11 years agoRefactor cgit_parse_snapshots_mask()
Lukas Fleischer [Fri, 10 Jan 2014 11:44:37 +0000 (12:44 +0100)]
Refactor cgit_parse_snapshots_mask()

Use Git string lists instead of str{spn,cspn,ncmp}() magic. This
significantly improves readability.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
11 years agoDisallow use of undocumented snapshot delimiters
Lukas Fleischer [Fri, 10 Jan 2014 11:44:36 +0000 (12:44 +0100)]
Disallow use of undocumented snapshot delimiters

Since the introduction of selective snapshot format configuration in
dc3c9b5 (allow selective enabling of snapshots, 2007-07-21), we allowed
seven different delimiters for snapshot formats, while the documentation
has always been clear about spaces being the only valid delimiter:

    The value is a space-separated list of zero or more of the values
    "tar", "tar.gz", "tar.bz2", "tar.xz" and "zip".

Supporting the undocumented delimiters makes the code unnecessarily
complex. Remove them.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
11 years agoReplace most uses of strncmp() with prefixcmp()
Lukas Fleischer [Fri, 10 Jan 2014 11:44:35 +0000 (12:44 +0100)]
Replace most uses of strncmp() with prefixcmp()

This is a preparation for replacing all prefix checks with either
strip_prefix() or starts_with() when Git 1.8.6 is released.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
11 years agoREADME: Fix dependencies
Lukas Fleischer [Thu, 9 Jan 2014 18:44:27 +0000 (19:44 +0100)]
README: Fix dependencies

* Remove the dependency on Git (which can be obtained automatically when
  building, using either the Git submodule or `make get-git`).

* Use proper upstream names of dependencies.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
11 years agoREADME: Spelling and formatting fixes
Lukas Fleischer [Wed, 8 Jan 2014 18:45:29 +0000 (19:45 +0100)]
README: Spelling and formatting fixes

* Several small spelling and capitalization fixes.

* Use consistent and better-looking formatting that is compatible with
  AsciiDoc (and partly compatible with RST).

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
11 years agoFix UTF-8 with syntax-highlighting.py
Přemysl Janouch [Wed, 11 Sep 2013 18:10:12 +0000 (20:10 +0200)]
Fix UTF-8 with syntax-highlighting.py

Previously the script tried to encode output from Pygments with
the ASCII codec, which failed.

Signed-off-by: Přemysl Janouch <p.janouch@gmail.com>
11 years agoAdd a suggestion to the manpage
Přemysl Janouch [Wed, 11 Sep 2013 18:10:14 +0000 (20:10 +0200)]
Add a suggestion to the manpage

So that people wishing to use "enable-http-clone" don't have to find
out the correct settings on their own.

Signed-off-by: Přemysl Janouch <p.janouch@gmail.com>
11 years agoFix the example configuration
Přemysl Janouch [Wed, 11 Sep 2013 18:10:13 +0000 (20:10 +0200)]
Fix the example configuration

"enable-git-clone" doesn't exist, replaced with "enable-http-clone".

Signed-off-by: Přemysl Janouch <p.janouch@gmail.com>
11 years agoFix about-formatting.sh
Přemysl Janouch [Wed, 11 Sep 2013 18:10:11 +0000 (20:10 +0200)]
Fix about-formatting.sh

dash failed to parse the script.

Signed-off-by: Přemysl Janouch <p.janouch@gmail.com>
11 years agoFix some spelling errors
Přemysl Janouch [Wed, 11 Sep 2013 18:10:10 +0000 (20:10 +0200)]
Fix some spelling errors

Signed-off-by: Přemysl Janouch <p.janouch@gmail.com>
11 years agofilters: highlight.sh: add css comments for highlight 2.6 and 3.8
Ferry Huberts [Sat, 9 Nov 2013 19:34:55 +0000 (20:34 +0100)]
filters: highlight.sh: add css comments for highlight 2.6 and 3.8

v2: add highlight 3.13 as present on Fedora 19

Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
11 years agoAdd AUTHORS file
Lukas Fleischer [Wed, 8 Jan 2014 14:18:03 +0000 (15:18 +0100)]
Add AUTHORS file

Contains a list of contributors with more than 20 patches, to be updated
regularly.

Signed-off-by: Lukas Fleischer <cgit@crytocrack.de>
11 years agoUpdate copyright information
Lukas Fleischer [Wed, 8 Jan 2014 14:10:49 +0000 (15:10 +0100)]
Update copyright information

* Name "cgit Development Team" as copyright holder to avoid listing
  every single developer.

* Update copyright ranges.

Signed-off-by: Lukas Fleischer <cgit@crytocrack.de>
11 years agogit: update to 1.8.5
Christian Hesse [Wed, 27 Nov 2013 23:19:50 +0000 (00:19 +0100)]
git: update to 1.8.5

Everything works just bumping the version in Makefile and commit hash
in submodule. No code changes required.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
11 years agoReduce line number bloat, fix hover effect
Peter Wu [Thu, 3 Oct 2013 10:17:23 +0000 (12:17 +0200)]
Reduce line number bloat, fix hover effect

Currently line numbers look like (for blob view and sdiff respectively):

    <a class='no' id='n68' name='n68' href='#n68'>68</a>
    <td class='lineno'><a class='no' href='...#n1' id='n1' name='n1'>1</a></td>

name=".." is unnecessary if the id attribute is set (this even applies
to IE6), so drop it. (aside, in HTML5, the name attribute is gone.)

The line number links can be selected through their parent classes, no
need for another class "no", so drop it too.

For a file with 2000 lines, this yields a saving of 40% (29% gzipped).

While at it, fix the hover effect of line numbers: now the line number
get a black background as was intended.

Signed-off-by: Peter Wu <lekensteyn@gmail.com>
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
11 years agoplain: don't append charset for binary MIME types
John Keeping [Sun, 6 Oct 2013 11:14:41 +0000 (12:14 +0100)]
plain: don't append charset for binary MIME types

When outputting the Content-Type HTTP header we print the MIME type and
then append "; charset=<charset>" if the charset variable is non-null.

We don't want a charset when we have selected "application/octet-stream"
or when the user has specified a custom MIME type, since they may have
specified their own charset.  To avoid this, make sure we set the page's
charset to NULL in ui-plain before we generate the HTTP headers.

Signed-off-by: John Keeping <john@keeping.me.uk>
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
11 years agoui-log.c: Several simplifications
Lukas Fleischer [Fri, 22 Nov 2013 12:30:58 +0000 (13:30 +0100)]
ui-log.c: Several simplifications

* Use argv_array_pushf() for inserting formatted strings.
* Remove unneeded static strings.
* Replace "if" by "else if" for readability and speed.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
11 years agoUse argv_array in place of vector
Lukas Fleischer [Fri, 22 Nov 2013 12:24:52 +0000 (13:24 +0100)]
Use argv_array in place of vector

Instead of using our own vector implementation, use argv_array from Git
which has been specifically designed for dynamic size argv arrays.

Drop vector.h and vector.c which are no longer needed.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
11 years agoui-stats.c: Remove unused macro
Lukas Fleischer [Fri, 22 Nov 2013 08:50:17 +0000 (09:50 +0100)]
ui-stats.c: Remove unused macro

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
11 years agoscan-tree.c: Remove unused macro
Lukas Fleischer [Fri, 22 Nov 2013 08:49:31 +0000 (09:49 +0100)]
scan-tree.c: Remove unused macro

This is no longer needed since commit fb3655df (use struct strbuf
instead of static buffers, 2013-04-06).

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
11 years agoui-shared: Drop filepair_cb_raw() and helper
Lukas Fleischer [Tue, 27 Aug 2013 08:40:51 +0000 (10:40 +0200)]
ui-shared: Drop filepair_cb_raw() and helper

Remove filepair_cb_raw() and all related functions. These are no longer
needed. We now use Git's internal functions for raw diff formatting
everywhere.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
11 years agoui-diff: Use diff_tree_sha1() for raw diff formatting
Lukas Fleischer [Tue, 27 Aug 2013 08:40:50 +0000 (10:40 +0200)]
ui-diff: Use diff_tree_sha1() for raw diff formatting

Use Git's internal diff_tree_sha1() function for the /rawdiff/ command
instead of trying to recreate this functionality.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
11 years agotests/: Add t0110-rawdiff.sh
Lukas Fleischer [Mon, 26 Aug 2013 18:56:55 +0000 (20:56 +0200)]
tests/: Add t0110-rawdiff.sh

This adds some basic tests for the /rawdiff/ command.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
11 years agot0108: Add tests for revision ranges
Lukas Fleischer [Mon, 26 Aug 2013 18:38:35 +0000 (20:38 +0200)]
t0108: Add tests for revision ranges

Add tests to check whether generating multiple patches at once works.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
11 years agot0108: Compare output with git-format-patch(1)
Lukas Fleischer [Mon, 26 Aug 2013 18:38:34 +0000 (20:38 +0200)]
t0108: Compare output with git-format-patch(1)

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
11 years agoui-patch.c: Add additional newline after each patch
Lukas Fleischer [Mon, 26 Aug 2013 18:38:33 +0000 (20:38 +0200)]
ui-patch.c: Add additional newline after each patch

For consistency with git-format-patch(1).

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
11 years agoui-patch.c: Fix signature delimiter
Lukas Fleischer [Mon, 26 Aug 2013 18:38:32 +0000 (20:38 +0200)]
ui-patch.c: Fix signature delimiter

Add a missing space after the "--" marker that introduces the patch
signature.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
11 years agot0108: Avoid unnecessary fork()
Lukas Fleischer [Mon, 26 Aug 2013 18:38:31 +0000 (20:38 +0200)]
t0108: Avoid unnecessary fork()

Use `git rev-list --max-parents=0 HEAD` instead of `git rev-list HEAD |
tail -1` to get the root commit. This works since Git 1.7.4.2.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
11 years agogit: update to 1.8.4
John Keeping [Fri, 23 Aug 2013 23:28:39 +0000 (00:28 +0100)]
git: update to 1.8.4

No code changes required, just bump the submodule and makefile versions.

Signed-off-by: John Keeping <john@keeping.me.uk>
11 years agoui-patch.c: Fix formatting for merge commits
Lukas Fleischer [Thu, 22 Aug 2013 12:48:47 +0000 (14:48 +0200)]
ui-patch.c: Fix formatting for merge commits

Add max_parents = 1 to the revision walk in order to make sure we do not
include the footer signature twice for merge commits.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
11 years agoui-patch: Rename variables
Lukas Fleischer [Tue, 20 Aug 2013 16:56:15 +0000 (18:56 +0200)]
ui-patch: Rename variables

Rename parameters and local variables to match those from ui-diff. Also,
convert a "char *" to "const char *".

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
11 years agoAllow for creating patch series
Lukas Fleischer [Tue, 20 Aug 2013 16:56:14 +0000 (18:56 +0200)]
Allow for creating patch series

This allows for specifying a revision range using the id2 parameter of
/patch/. The output that is produced is similar to

    $ git format-patch --stdout id2..id

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
11 years agoui-patch.c: Use log_tree_commit() to generate diffs
Lukas Fleischer [Tue, 20 Aug 2013 16:56:13 +0000 (18:56 +0200)]
ui-patch.c: Use log_tree_commit() to generate diffs

Instead of using our own formatting, use log_tree_commit() from Git to
create patches. This removes unnecessary duplicate code and also fixes a
bug with e-mail address formatting that existed in our own
implementation.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
11 years agoui-diff: Check the return value of get_sha1()
Lukas Fleischer [Tue, 20 Aug 2013 16:56:12 +0000 (18:56 +0200)]
ui-diff: Check the return value of get_sha1()

Sync with what we do everywhere else and check the return value of
get_sha1() instead of calling sha1_object_info() to validate the object.
Note that we later call lookup_commit_reference(), which checks that
both SHA1 values refer to commits, anyway.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
11 years agocmd.c: Add a "rawdiff" command
Lukas Fleischer [Wed, 14 Aug 2013 08:50:33 +0000 (10:50 +0200)]
cmd.c: Add a "rawdiff" command

This can be used to generate raw diffs between arbitrary revisions using
something like

     /rawdiff/?id=v0.9&id2=v0.9.1

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
11 years agoAllow for creating raw diffs with cgit_print_diff()
Lukas Fleischer [Wed, 14 Aug 2013 08:50:32 +0000 (10:50 +0200)]
Allow for creating raw diffs with cgit_print_diff()

This adds a parameter to cgit_print_diff() to create raw diffs, using
the same format as `git diff <commit>`.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
11 years agoExtract filepair_cb from ui-patch.c
Lukas Fleischer [Wed, 14 Aug 2013 08:50:31 +0000 (10:50 +0200)]
Extract filepair_cb from ui-patch.c

Move filepair_cb() from ui-patch.c to ui-shared.c and rename it to
filepair_cb_raw(). This callback will be used in ui-diff.c in a
follow-up patch.

Note that it is not straightforward to extract filepair_cb() from
ui-diff.c which is why it is not done here as well.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
11 years agoFix silly spelling error.
Jason A. Donenfeld [Fri, 16 Aug 2013 19:15:17 +0000 (13:15 -0600)]
Fix silly spelling error.

11 years agoFix section-from-path > 1
Lukas Fleischer [Fri, 28 Jun 2013 08:58:14 +0000 (08:58 +0000)]
Fix section-from-path > 1

When having found the first path separator occurrence at position i, we
invoked strchr() on the same position i in subsequent iterations
resulting in the same path separator being returned by strchr() over and
over again. Increase the position by one to skip the occurrence that has
just been found and advance to the next separator.

Reported-by: Konstantin Ryabitsev <mricon@kernel.org>
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
11 years agoMakefile: Change default prefix to "/usr/local"
Lukas Fleischer [Tue, 18 Jun 2013 12:42:09 +0000 (12:42 +0000)]
Makefile: Change default prefix to "/usr/local"

Locally installed packages are usually installed to /usr/local.
Packagers can use `make prefix=/usr` to get back the old behavior.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
11 years agoUse strbuf for reading configuration files
Lukas Fleischer [Tue, 4 Jun 2013 14:47:53 +0000 (14:47 +0000)]
Use strbuf for reading configuration files

Use struct strbuf from Git instead of fixed-size buffers to remove the
limit on the length of configuration file lines and refactor
read_config_line() to improve readability.

Note that this also fixes a buffer overflow that existed with the
original fixed-size buffer implementation.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
11 years agoadd a note about generating agefile in hook
Christian Hesse [Mon, 22 Jul 2013 07:13:39 +0000 (09:13 +0200)]
add a note about generating agefile in hook

11 years agocache: id means static, even if head is specified too
Jason A. Donenfeld [Tue, 28 May 2013 14:43:02 +0000 (16:43 +0200)]
cache: id means static, even if head is specified too

Pages like /commit?h=wip&id=8a335ce618ba77fbf05148d6f8be17bd48ba4340
were being marked as dynamic, because of h=wip, when it should be
static, because of id=.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
11 years agocache: document negative ttls and add about ttl
Jason A. Donenfeld [Tue, 28 May 2013 14:33:30 +0000 (16:33 +0200)]
cache: document negative ttls and add about ttl

We've long supported negative ttls, for infinite cache, except the
documentation incorrectly showed one of our defaults as being 5 and not
-1. As well, with a negative ttl, we were actually making the HTTP
expired header go backwards. This changes it to go ahead ten years
instead.

Further, we add an cache-about-ttl option to set a different ttl for
about pages, which are now increasingly being filtered through markdown
or just sent statically anyway.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
11 years agorobots.txt: disallow access to snapshots
Jason A. Donenfeld [Tue, 28 May 2013 12:17:00 +0000 (14:17 +0200)]
robots.txt: disallow access to snapshots

My dmesg is filled with the oom killer bringing down processes while the
Bingbot downloads every snapshot for every commit of the Linux kernel in
tar.xz format. Sure, I should be running with memory limits, and now I'm
using cgroups, but a more general solution is to prevent crawlers from
wasting resources like that in the first place.

Suggested-by: Natanael Copa <ncopa@alpinelinux.org>
Suggested-by: Julius Plenz <plenz@cis.fu-berlin.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
11 years agouse favicon by default
Christian Hesse [Mon, 22 Jul 2013 06:56:50 +0000 (08:56 +0200)]
use favicon by default

11 years agoAdd favicon
Christian Hesse [Wed, 29 May 2013 08:16:06 +0000 (10:16 +0200)]
Add favicon

This adds a favicon to cgit. It is not enabled by default, though.
The file contains two icons, 16x16 and 32x32 pixels, optimized for size.

11 years agoui-summary: do not free ref
Jason A. Donenfeld [Tue, 28 May 2013 07:31:45 +0000 (09:31 +0200)]
ui-summary: do not free ref

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
11 years agofilters: toggle perl utf8 situation
Jason A. Donenfeld [Tue, 28 May 2013 05:55:40 +0000 (07:55 +0200)]
filters: toggle perl utf8 situation

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
11 years agoCGIT-0.9.2 v0.9.2
Jason A. Donenfeld [Mon, 27 May 2013 20:00:13 +0000 (22:00 +0200)]
CGIT-0.9.2

Features:
- update to git v1.8.3.
- expanded set of default filters to include markdown, restructuredtext, and
  man pages.
- better sample configuration file in man page.
- "readme" may now be specified multiple times, and cgit will choose the first
  one it finds.
- "readme" no longer needs a branch name. If prefixed with simply ":" it will
  use the default branch.
- "branch-sort" allowing branches to be sorted either by "age" or "name", for
  kernel.org.
- "enable-index-owner" allowing the owner column to be disabled in the index
  page.
- print submodule revision next to submodule link.
- integrate more closely with git apis, such as strbuf.
- rely on git test harness and git makefiles.
- more robust test suite.
- more rebust makefile dependency accounting.
- pager navigation is now unordered list.
- span tag wraps commit directions.

Behavior changes:
- HOME is no longer passed as an environment variable to any filter api
  scripts.
- "about-filter" now receives the filename being filtered as argv[1]. This may
  disrupt existing scripts, so adjust accordingly.
- gitconfig and gitattributes are no longer loaded from any system directories
  or home directories.

Security:
- CVE-2013-2117: disallow directory traversal when readme is set to filesystem
  path.

Bug fixes:
- ssdiff now correctly manages tab expansion.
- support unannotated tags in http git clone.
- lots of cleanups of global variables and memory leaks.
- do not rely on gettext/libintl.
- better C standard compliance.
- make several functions and variables static.
- improved constification.
- remove unused functions.
- fix colspan values to correct width.
- fix out-of-bounds memory accesses with virtual_root="".
- cache repo config more precisely.
- die when write fails.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
11 years agoREADME: add trailing slash to homepage
Jason A. Donenfeld [Mon, 27 May 2013 19:56:57 +0000 (21:56 +0200)]
README: add trailing slash to homepage

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
11 years agocgitrc.5: improve example config
Jason A. Donenfeld [Mon, 27 May 2013 19:47:02 +0000 (21:47 +0200)]
cgitrc.5: improve example config

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
11 years agofilters: import more modern scripts
Jason A. Donenfeld [Mon, 27 May 2013 19:39:43 +0000 (21:39 +0200)]
filters: import more modern scripts

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
11 years agoreadme: use string_list instead of space deliminations
Jason A. Donenfeld [Sun, 26 May 2013 13:20:02 +0000 (15:20 +0200)]
readme: use string_list instead of space deliminations

Now this is possible in cgitrc -

readme=:README.md
readme=:readme.md
readme=:README.mkd
readme=:readme.mkd
readme=:README.rst
readme=:readme.rst
readme=:README.html
readme=:readme.html
readme=:README.htm
readme=:readme.htm
readme=:README.txt
readme=:readme.txt
readme=:README
readme=:readme
readme=:INSTALL.txt
readme=:install.txt
readme=:INSTALL
readme=:install

Suggested-by: John Keeping <john@keeping.me.uk>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
11 years agoui-summary: Disallow directory traversal
Jason A. Donenfeld [Sat, 25 May 2013 17:47:15 +0000 (19:47 +0200)]
ui-summary: Disallow directory traversal

Using the url= query string, it was possible request arbitrary files
from the filesystem if the readme for a given page was set to a
filesystem file. The following request would return my /etc/passwd file:

http://git.zx2c4.com/?url=/somerepo/about/../../../../etc/passwd
http://data.zx2c4.com/cgit-directory-traversal.png

This fix uses realpath(3) to canonicalize all paths, and then compares
the base components.

This fix introduces a subtle timing attack, whereby a client can check
whether or not strstr is called using timing measurements in order
to determine if a given file exists on the filesystem.

This fix also does not account for filesystem race conditions (TOCTOU)
in resolving symlinks.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
11 years agocgitrc.5: information on directory traversal and multiple readme files
Jason A. Donenfeld [Sat, 25 May 2013 18:30:57 +0000 (20:30 +0200)]
cgitrc.5: information on directory traversal and multiple readme files

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
11 years agoreadme: Accept multiple candidates and test them.
Jason A. Donenfeld [Sat, 25 May 2013 14:32:37 +0000 (16:32 +0200)]
readme: Accept multiple candidates and test them.

The readme variable may now contain multiple space deliminated entries,
which per usual are either a filepath or a git ref filepath. If multiple
are specified, cgit will now select the first one in the list that
exists. This is to make it easier to specify multiple default readme
types in the main cgitrc file and have them automatically get applied to
each repo based on what exists.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
11 years agoui-summary: Pass filename to about-filter
Jason A. Donenfeld [Sat, 25 May 2013 12:50:19 +0000 (14:50 +0200)]
ui-summary: Pass filename to about-filter

This gives the about-filter API the same semantics as source-filter,
where the filter receives the filename so it can decide what to do next
with it.

While we're at it, plug a memory leak.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
11 years agoui-summary: Use default branch for readme if : prefix
Jason A. Donenfeld [Sat, 25 May 2013 12:19:10 +0000 (14:19 +0200)]
ui-summary: Use default branch for readme if : prefix

If the readme value begins with ":", and has no specified branch before
it, use the repository's default branch.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
11 years agocgit.c: Do not reset HOME after unsetting it.
Jason A. Donenfeld [Sat, 25 May 2013 17:25:56 +0000 (19:25 +0200)]
cgit.c: Do not reset HOME after unsetting it.

The number of odd cases in which git will try to read config is far too
great to keep putting a bandaid over each one, so we'll just unset it.

If it turns out that scripts really liked to know about $HOME, we can
always reset it in the filter forks.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
11 years agocgit.c: sync repo config printing with struct cgit_repo
Jason A. Donenfeld [Sat, 25 May 2013 12:05:06 +0000 (14:05 +0200)]
cgit.c: sync repo config printing with struct cgit_repo

We've now added quite a few config keys for repositories, but we've
forgotten to update the printing of it for cache files. Synchronize the
two.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
11 years agogit: update to 1.8.3
John Keeping [Sat, 25 May 2013 10:19:00 +0000 (11:19 +0100)]
git: update to 1.8.3

No changes required, just bump the submodule and Makefile versions.

Signed-off-by: John Keeping <john@keeping.me.uk>
11 years agocache.c: cache ls_cache output properly
John Keeping [Sat, 18 May 2013 17:46:39 +0000 (18:46 +0100)]
cache.c: cache ls_cache output properly

By using the standard library's printf, cache_ls does not redirect its
output to the cache when we change the process' stdout file descriptor
to point to the cache file.  Fix this by using "htmlf" in the same way
that we do for writing HTTP headers.

Signed-off-by: John Keeping <john@keeping.me.uk>
11 years agotests: introduce strip_header() helper function
John Keeping [Sat, 18 May 2013 17:46:38 +0000 (18:46 +0100)]
tests: introduce strip_header() helper function

This means that we can avoid hardcoding the number of headers we expect
CGit to generate in test cases and simply remove whatever headers happen
to by there when we are checking body content.

Signed-off-by: John Keeping <john@keeping.me.uk>
11 years agoshared.c: use die_errno() where appropriate
John Keeping [Sat, 18 May 2013 15:21:36 +0000 (16:21 +0100)]
shared.c: use die_errno() where appropriate

This replaces some code that is re-implementing die_errno by just
calling the function.

Signed-off-by: John Keeping <john@keeping.me.uk>
11 years agohtml.c: die when write fails
John Keeping [Sat, 18 May 2013 14:57:03 +0000 (15:57 +0100)]
html.c: die when write fails

If we fail to write HTML output once, there's no point carrying on so
just write a failure message once and die.  By using Git's die_errno
function we also let the user know in what way the write failed.

Signed-off-by: John Keeping <john@keeping.me.uk>
11 years agoui-log: add <span/> around commit decorations
John Keeping [Sat, 18 May 2013 14:54:49 +0000 (15:54 +0100)]
ui-log: add <span/> around commit decorations

This helps projects that have a large number of tags to display them all
using custom CSS.

The default stylesheet has not been updated since what is useful for
projects with a lot of tags is not the same as what is useful for
projects with only a small number of decorations per commit.

Suggested-by: Konstantin Ryabitsev <mricon@kernel.org>
Signed-off-by: John Keeping <john@keeping.me.uk>
11 years agoMakefile: fix parallel "make test"
John Keeping [Sat, 18 May 2013 14:17:08 +0000 (15:17 +0100)]
Makefile: fix parallel "make test"

When building the "test" target we depend on both cgit and building the
Git tools.  By doing this with two targets we end up running make in the
git/ directory twice, concurrently if using parallel make, which causes
us to build more than we need and potentially builds incorrectly if
multi-step build-then-move operations overlap.

Fix this by instead calling back into the makefile so that we alter the
"cgit" target to also build the Git tools.

Signed-off-by: John Keeping <john@keeping.me.uk>
11 years agocache.c: fix cache_ls
John Keeping [Sat, 18 May 2013 17:28:14 +0000 (18:28 +0100)]
cache.c: fix cache_ls

Commit fb3655d (use struct strbuf instead of static buffers, 2013-04-06)
broke the logic in cache.c::cache_ls by failing to set slot->cache_name
before calling open_slot.

While fixing this, also free the strbufs added by that commit once we're
done with them.

Signed-off-by: John Keeping <john@keeping.me.uk>
11 years agot0109: "function" is a bash-ism
John Keeping [Thu, 9 May 2013 18:40:58 +0000 (19:40 +0100)]
t0109: "function" is a bash-ism

We try to stick to POSIX shell in the tests but a "function" keyword has
found its way into t0109.  Remove it.

This makes the tests work with dash again.

Signed-off-by: John Keeping <john@keeping.me.uk>
11 years agoNew mailing list.
Jason A. Donenfeld [Mon, 13 May 2013 12:00:50 +0000 (14:00 +0200)]
New mailing list.

11 years agoui-snapshot: do not access $HOME
Jason A. Donenfeld [Tue, 30 Apr 2013 10:27:41 +0000 (12:27 +0200)]
ui-snapshot: do not access $HOME

It's a bit tedious to have to do this here too. If we encounter other
issues with $HOME down the line, I'll look into adding some nice utility
functions to handle this, or perhaps giving up on the hope that we could
keep $HOME defined for scripts.

This commit additionally adds a test case, should the issue surface
again.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
11 years agot0001: validate Git -rcN version numbers correctly
John Keeping [Sat, 27 Apr 2013 09:48:56 +0000 (10:48 +0100)]
t0001: validate Git -rcN version numbers correctly

When creating the GIT-VERSION-FILE that we use to test that the version
of Git in git/ is the same as in the CGit Makefile, Git applies the
transform "s/-/./g" to the version string.  This doesn't affect released
versions but does change RC version numbers such as 1.8.3-rc0.

While CGit should only refer to a released Git version in general, it is
useful to developers who want to test upcoming Git releases if the tests
do work with RCs, so change t0001 to apply the same transform to our
Makefile version before comparing it to the contents of
GIT-VERSION-FILE.

Signed-off-by: John Keeping <john@keeping.me.uk>
11 years agogit: update to 1.8.2.2
John Keeping [Sat, 27 Apr 2013 09:20:16 +0000 (10:20 +0100)]
git: update to 1.8.2.2

No changes required, just bump the submodule and Makefile version.

Signed-off-by: John Keeping <john@keeping.me.uk>
11 years agoscan-tree: fix regression in section-from-path=-1
John Keeping [Tue, 16 Apr 2013 17:39:58 +0000 (18:39 +0100)]
scan-tree: fix regression in section-from-path=-1

Commit fb3655d (use struct strbuf instead of static buffers -
2013-04-06) introduced a regression in the "section-from-path" handling
when the configured value is negative.  By changing the "rel" variable
so that it includes a trailing slash, counting slashes from the end of
the string no longer gives the same answer as it did before.

Fix this by ensuring that "rel" does not have a trailing slash.

Reported-by: Julius Plenz <plenz@cis.fu-berlin.de>
Signed-off-by: John Keeping <john@keeping.me.uk>
11 years agot0001: ignore ".dirty" suffix on Git version
John Keeping [Sun, 14 Apr 2013 18:15:43 +0000 (19:15 +0100)]
t0001: ignore ".dirty" suffix on Git version

When testing modifications in Git that affect CGit, it is annoying to
have t0001 failing simply because the Git version has a ".dirty" suffix
when the version of Git there does indeed match that specified in the
CGit makefile.  Stop this by stripping the ".dirty" suffix from the
GIT_VERSION variable.

Note that this brings the "Git version" behaviour in line with the
"submodule version" case which does not check if the working tree in
git/ is modified.

Signed-off-by: John Keeping <john@keeping.me.uk>
11 years agotests: set TEST_OUTPUT_DIRECTORY to the CGit test directory
John Keeping [Sun, 14 Apr 2013 16:59:30 +0000 (17:59 +0100)]
tests: set TEST_OUTPUT_DIRECTORY to the CGit test directory

By default, Git's test suite puts the trash directories and test-results
directory into its own directory, not that containing the tests being
run.  This is less convenient for inspecting test failures, so set the
output directory to CGit's tests/ directory instead.

Note that there is currently a bug in Git whereby it will create the
trash directories in our tests/ directory regardless of the value of
TEST_OUTPUT_DIRECTORY, and then fail to remove them once the tests are
done.  This change does currently affect the location of the
test-results/ directory though.

Signed-off-by: John Keeping <john@keeping.me.uk>
11 years agot0109: test more URLs
John Keeping [Sun, 14 Apr 2013 16:07:41 +0000 (17:07 +0100)]
t0109: test more URLs

In order to ensure that we don't access $HOME at some point after
initial startup when rendering a specific view, run the strace test on a
range of different pages.

This ensures that we don't end up reading a configuration later for some
specific view.

Signed-off-by: John Keeping <john@keeping.me.uk>
11 years agocgitrc.5.txt: Specify when scan-path must be defined before.
Jason A. Donenfeld [Wed, 10 Apr 2013 12:42:49 +0000 (14:42 +0200)]
cgitrc.5.txt: Specify when scan-path must be defined before.

Several options must be specified prior to scan-path. This is consistant
source of user confusion. Document these facts.

Suggested-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
11 years agoui-snapshot.c: Prepend "V" when guessing ref names
Lukas Fleischer [Wed, 10 Apr 2013 11:04:03 +0000 (13:04 +0200)]
ui-snapshot.c: Prepend "V" when guessing ref names

In cgit_print_snapshot_links() we strip leading "v" and "V", while we
currently only prepend a lower case "v" when parsing a snapshot file
name. This results in broken snapshot links for tags that start with an
upper case "V". Avoid this by prepending a "V" as a fallback.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
11 years agot0107: Skip ZIP tests if unzip(1) isn't available
Lukas Fleischer [Tue, 9 Apr 2013 18:02:33 +0000 (20:02 +0200)]
t0107: Skip ZIP tests if unzip(1) isn't available

Note that we cannot use skip_all here since some tests have already been
executed when ZIP tests are reached. Use test prerequisites to skip
everything using unzip(1) if the binary is not available instead.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
11 years agotests/: Do not use `sed -i`
Lukas Fleischer [Tue, 9 Apr 2013 18:02:32 +0000 (20:02 +0200)]
tests/: Do not use `sed -i`

"-i" isn't part of the POSIX standard and doesn't work on several
platforms such as OpenBSD. Use a temporary file instead.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
11 years agoAdd branch-sort and repo.branch-sort options.
Jason A. Donenfeld [Mon, 8 Apr 2013 14:57:12 +0000 (16:57 +0200)]
Add branch-sort and repo.branch-sort options.

When set to "name", branches are sorted by name, which is the current
default. When set to "age", branches are sorted by the age of the
repository.

This feature was requested by Konstantin Ryabitsev for use on
kernel.org.

Proposed-by: Konstantin Ryabitsev <mricon@kernel.org>
11 years agot0109: chain operations with &&
John Keeping [Wed, 10 Apr 2013 12:11:57 +0000 (13:11 +0100)]
t0109: chain operations with &&

Without '&&' between operations, we will not detect if strace or cgit
exit with an error status, which would cause a false positive test
status in this case.

Signed-off-by: John Keeping <john@keeping.me.uk>
11 years agocgit.c: Do not restore unset environment variables
Lukas Fleischer [Wed, 10 Apr 2013 10:30:52 +0000 (12:30 +0200)]
cgit.c: Do not restore unset environment variables

getenv() returns a NULL pointer if the specified variable name cannot be
found in the environment. However, some setenv() implementations crash
if a NULL pointer is passed as second argument. Only restore variables
that are not NULL.

See commit d96d2c98ebc4c2d3765f5b35c4142e0e828a421b for a related patch.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
11 years agot0107: Use `tar -z` for gzip'ed archives
Lukas Fleischer [Mon, 8 Apr 2013 22:13:52 +0000 (00:13 +0200)]
t0107: Use `tar -z` for gzip'ed archives

Some tar(1) versions do not support auto detection of the compression
type. Explicitly specify "-z" to decompress a ".tar.gz" archive.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
11 years agotests: Make sure that git does not access $HOME
Jason A. Donenfeld [Mon, 8 Apr 2013 20:18:21 +0000 (22:18 +0200)]
tests: Make sure that git does not access $HOME

With the latest changes to prevent git from accessing configuration
files that it should not, it's important to be sure that we won't
have further breakage in the future.

Use strace to implement a test to make sure cgit does not access()
anything built from $HOME.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
11 years agotests/.gitignore: update for using Git's test infrastructure
John Keeping [Mon, 8 Apr 2013 19:12:34 +0000 (20:12 +0100)]
tests/.gitignore: update for using Git's test infrastructure

Signed-off-by: John Keeping <john@keeping.me.uk>