コミットグラフ

1549 コミット

作成者 SHA1 メッセージ 日付
3b860491e0 sandbox: use a static path for the chroot dir
As a cgi process it creates way too many directories
if we keep the default behaviour of qssb. Another
problem at the moment is the fact that qssb does
not provide a mechanism to cleanup yet.
2019-11-22 19:06:40 +01:00
6fdf5f8f5a sandboxing: sync with qssb.h upstream + isolate network 2019-11-17 12:51:45 +01:00
d9c9cbd5a2 begin basic sandboxing with qssb 2019-11-09 18:04:34 +01:00
Christian Hesse
8fc0c81bbb git: update to v2.23.0
Update to git version v2.23.0.

No changes required.

Signed-off-by: Christian Hesse <mail@eworm.de>
2019-10-25 11:40:17 +02:00
Christian Hesse
034e3c7d56 git: update to v2.22.0
Update to git version v2.22.0.

Upstream commit bce9db6d ("trace2: use system/global config for default
trace2 settings") caused a regression. We have to unset HOME and
XDG_CONFIG_HOME before early loading of config from trace2 code kicks in.

Signed-off-by: Christian Hesse <mail@eworm.de>
2019-10-25 11:40:17 +02:00
Christian Hesse
e1ad15d368 ui-tree: allow per repository override for enable-blame
The blame operation can cause high cost in terms of CPU load for huge
repositories. Let's add a per repository override for enable-blame.

Signed-off-by: Christian Hesse <mail@eworm.de>
2019-06-25 21:40:59 +02:00
Christian Hesse
27a6d69ab3 tests: successfully validate rc versions
For testing versions the version string differs for git tag (v2.22.0-rc3)
and tarball file name (2.22.0.rc3). Let's fix validation for testing
versions.

Signed-off-by: Christian Hesse <mail@eworm.de>
2019-06-05 15:38:14 +02:00
Christian Hesse
985fba80d0 git: update to v2.21.0
Update to git version v2.21.0. Required changes follow upstream commits:

* 6a7895fd8a3bd409f2b71ffc355d5142172cc2a0
  (commit: prepare free_commit_buffer and release_commit_memory for
  any repo)

* e092073d643b17c82d72cf692fbfaea9c9796f11
  (tree.c: make read_tree*() take 'struct repository *')

Signed-off-by: Christian Hesse <mail@eworm.de>
Reviewed-by: John Keeping <john@keeping.me.uk>
2019-06-05 15:37:49 +02:00
Christian Hesse
68de710c1c ui-ssdiff: ban strncat()
Git version v2.21.0 marks strncat() as banned (commit
ace5707a803eda0f1dde3d776dc3729d3bc7759a), so replace it.

Signed-off-by: Christian Hesse <mail@eworm.de>
2019-06-05 15:37:49 +02:00
Christian Hesse
ccba7eb9d0 global: make 'char *path' const where possible
Signed-off-by: Christian Hesse <mail@eworm.de>
2019-06-05 15:37:49 +02:00
Jason A. Donenfeld
54c407a74a ui-shared: restrict to 15 levels
Perhaps a more ideal version of this would be to not print breadcrumbs
at all for paths that don't exist in the given repo at the given oid.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reported-by: Fydor Wire Snark <wsnark@tuta.io>
2019-05-20 21:53:16 +02:00
Chris Mayo
bd0293f570 ui-diff,ui-tag: don't use htmlf with non-formatted strings
Signed-off-by: Chris Mayo <aklhfex@gmail.com>
2019-02-23 00:09:17 +01:00
Chris Mayo
5bd7e9bc1b ui-ssdiff: resolve HTML5 validation errors
- Remove ids from anchor elements. They were unusable because they were
  duplicated between files and versions of files.
- Always close span, with html().
- Fix missing / on closing tr element in cgit_ssdiff_header_end().

Signed-off-by: Chris Mayo <aklhfex@gmail.com>
2019-02-23 00:08:50 +01:00
Jason A. Donenfeld
7d87cd3a21 filters: migrate from luacrypto to luaossl
luaossl has no upstream anymore and doesn't support OpenSSL 1.1,
whereas luaossl is quite active.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-01-03 02:12:16 +01:00
Jason A. Donenfeld
e23f63461f ui-shared: fix broken sizeof in title setting and rewrite
The old algorithm was totally incorrect. While we're at it, use «
instead of \, since it makes more sense.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-01-02 16:13:57 +01:00
Christian Hesse
55ebd5e97c git: update to v2.20.0
Update to git version v2.20.0. Required changes follow upstream commits:

* 00436bf1b1c2a8fe6cf5d2c2457d419d683042f4
  (archive: initialize archivers earlier)

* 611e42a5980a3a9f8bb3b1b49c1abde63c7a191e
  (xdiff: provide a separate emit callback for hunks)

Signed-off-by: Christian Hesse <mail@eworm.de>
2018-12-09 23:28:26 +01:00
Jason A. Donenfeld
441dac1d74 ui-blame: set repo for sb
Otherwise recent git complains and crashes with: "BUG: blame.c:1787:
repo is NULL".

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-11-25 06:01:34 +01:00
Jason A. Donenfeld
898b9e19e0 auth-filter: pass url with query string attached
Otherwise redirections come out wrong.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-11-25 06:01:34 +01:00
Christian Hesse
a22855747e git: use xz compressed archive for download
Upstream will stop providing gz compressed source tarballs [0], so stop
using them.

[0] https://lists.zx2c4.com/pipermail/cgit/2018-November/004254.html

Signed-off-by: Christian Hesse <mail@eworm.de>
2018-11-21 02:30:41 +01:00
Christian Hesse
2c9f56f3e1 git: update to v2.19.1
Update to git version v2.19.1. Required changes follow upstream commits:

* commit: add repository argument to get_cached_commit_buffer
  (3ce85f7e5a41116145179f0fae2ce6d86558d099)

* commit: add repository argument to lookup_commit_reference
  (2122f6754c93be8f02bfb5704ed96c88fc9837a8)

* object: add repository argument to parse_object
  (109cd76dd3467bd05f8d2145b857006649741d5c)

* tag: add repository argument to deref_tag
  (a74093da5ed601a09fa158e5ba6f6f14c1142a3e)

* tag: add repository argument to lookup_tag
  (ce71efb713f97f476a2d2ab541a0c73f684a5db3)

* tree: add repository argument to lookup_tree
  (f86bcc7b2ce6cad68ba1a48a528e380c6126705e)

* archive.c: avoid access to the_index
  (b612ee202a48f129f81f8f6a5af6cf71d1a9caef)

* for_each_*_object: move declarations to object-store.h
  (0889aae1cd18c1804ba01c1a4229e516dfb9fe9b)

Signed-off-by: Christian Hesse <mail@eworm.de>
2018-10-12 23:06:02 +02:00
Christian Hesse
a96f2890f4 ui-ssdiff: ban strcat()
Git upstream bans strcat() with commit:

  banned.h: mark strcat() as banned
  1b11b64b815db62f93a04242e4aed5687a448748

Signed-off-by: Christian Hesse <mail@eworm.de>
2018-09-11 08:47:12 +02:00
Christian Hesse
0899eb644f ui-ssdiff: ban strncpy()
Git upstream bans strncpy() with commit:

  banned.h: mark strncpy() as banned
  e488b7aba743d23b830d239dcc33d9ca0745a9ad

Signed-off-by: Christian Hesse <mail@eworm.de>
2018-09-11 08:47:12 +02:00
Christian Hesse
2fc008d6de ui-shared: ban strcat()
Git upstream bans strcat() with commit:

  banned.h: mark strcat() as banned
  1b11b64b815db62f93a04242e4aed5687a448748

To avoid compiler warnings from gcc 8.1.x we get the hard way.

Signed-off-by: Christian Hesse <mail@eworm.de>
2018-09-11 08:47:12 +02:00
Christian Hesse
edb3403f00 ui-patch: ban sprintf()
Git upstream bans sprintf() with commit:

  banned.h: mark sprintf() as banned
  cc8fdaee1eeaf05d8dd55ff11f111b815f673c58

Signed-off-by: Christian Hesse <mail@eworm.de>
2018-09-11 08:47:12 +02:00
Christian Hesse
7f75647b55 ui-log: ban strncpy()
Git upstream bans strncpy() with commit:

  banned.h: mark strncpy() as banned
  e488b7aba743d23b830d239dcc33d9ca0745a9ad

Signed-off-by: Christian Hesse <mail@eworm.de>
2018-09-11 08:47:12 +02:00
Christian Hesse
71ba7187e5 ui-log: ban strcpy()
Git upstream bans strcpy() with commit:

  automatically ban strcpy()
  c8af66ab8ad7cd78557f0f9f5ef6a52fd46ee6dd

Signed-off-by: Christian Hesse <mail@eworm.de>
2018-09-11 08:47:12 +02:00
Christian Hesse
60a930044d parsing: ban sprintf()
Git upstream bans sprintf() with commit:

  banned.h: mark sprintf() as banned
  cc8fdaee1eeaf05d8dd55ff11f111b815f673c58

Signed-off-by: Christian Hesse <mail@eworm.de>
2018-09-11 08:47:12 +02:00
Christian Hesse
7cde5885d8 parsing: ban strncpy()
Git upstream bans strncpy() with commit:

  banned.h: mark strncpy() as banned
  e488b7aba743d23b830d239dcc33d9ca0745a9ad

Signed-off-by: Christian Hesse <mail@eworm.de>
2018-09-11 08:47:12 +02:00
Christian Hesse
b0fc647fe6 filters: generate anchor links from markdown
This makes the markdown filter generate anchor links for headings.

Signed-off-by: Christian Hesse <mail@eworm.de>
Tested-by: jean-christophe manciot <actionmystique@gmail.com>
2018-08-28 14:37:19 +02:00
Jason A. Donenfeld
824138e591 Bump version.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-08-03 17:04:03 +02:00
Jason A. Donenfeld
53efaf30b5 clone: fix directory traversal
This was introduced in the initial version of this code, way back when
in 2008.

$ curl http://127.0.0.1/cgit/repo/objects/?path=../../../../../../../../../etc/passwd
root0:0:root:/root:/bin/sh
...

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reported-by: Jann Horn <jannh@google.com>
2018-08-03 17:04:03 +02:00
Konstantin Ryabitsev
c679d90104 config: record repo.snapshot-prefix in the per-repo config
Even if we find snapshot-prefix in the repo configuration, we are not
writing it out into the rc- file, so setting the value does not have any
effect.

Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-08-03 16:12:21 +02:00
Jason A. Donenfeld
77b6f83344 auth-filters: add simple file-based authentication scheme
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-08-03 16:12:21 +02:00
Jason A. Donenfeld
82856923bf auth-filters: use crypt() in simple-authentication
There's no use in giving a silly example to folks who will just copy it,
so instead try to do something slightly better.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-15 04:18:03 +02:00
Jason A. Donenfeld
b73df8098f auth-filters: generate secret securely
This is much better than having the user generate it themselves.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-15 03:30:57 +02:00
Jason A. Donenfeld
c4d23d02ec auth-filters: do not crash on nil username
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-14 05:10:28 +02:00
Jason A. Donenfeld
93a2c33051 auth-filter: do not write more than we've read
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-14 05:09:27 +02:00
Jason A. Donenfeld
c3b5b5f648 auth-filters: do not use HMAC-SHA1
Though SHA1 is broken, HMAC-SHA1 is still fine. But let's not push our
luck; SHA256 is more sensible anyway.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-14 03:33:56 +02:00
Jason A. Donenfeld
c132ef2462 Bump version.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-13 22:40:42 +02:00
Todd Zullinger
5dec7f4a91 Update COPYING
The address of the Free Software Foundation has changed since the
license was added in 7640d90 ("Add license file and copyright notices",
2006-12-10).  Update the license file from gnu.org¹.

The only non-whitespace changes are the updated FSF address and two
references to the L in LGPL changed from Library to Lesser.

¹ https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt

Signed-off-by: Todd Zullinger <tmz@pobox.com>
2018-07-10 16:40:15 +02:00
Jason A. Donenfeld
089b29a7e1 css: use correct size in annotated decoration
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-08 19:14:51 +02:00
Jason A. Donenfeld
22583c4992 cgitrc.5: add local tar signature example
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-05 02:40:48 +02:00
Jason A. Donenfeld
08a2b1b8f8 Fix gcc 8.1.1 compiler warnings
CC ../shared.o
../shared.c: In function ‘expand_macro’:
../shared.c:487:3: warning: ‘strncpy’ specified bound depends on the length of the source argument [-Wstringop-overflow=]
   strncpy(name, value, len);
   ^~~~~~~~~~~~~~~~~~~~~~~~~
../shared.c:484:9: note: length computed here
   len = strlen(value);
         ^~~~~~~~~~~~~
../ui-shared.c: In function ‘cgit_repobasename’:
../ui-shared.c:136:2: warning: ‘strncpy’ specified bound 1024 equals destination size [-Wstringop-truncation]
  strncpy(rvbuf, reponame, sizeof(rvbuf));
  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    CC ../ui-ssdiff.o
../ui-ssdiff.c: In function ‘replace_tabs’:
../ui-ssdiff.c:142:4: warning: ‘strncat’ output truncated copying between 1 and 8 bytes from a string of length 8 [-Wstringop-truncation]
    strncat(result, spaces, 8 - (strlen(result) % 8));
    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-04 03:13:41 +02:00
Jason A. Donenfeld
c4167cbd65 cgitrc.5: document new signature notes
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-03 20:44:25 +02:00
Christian Hesse
7ba41963dd snapshot: support tar signature for compressed tar
This adds support for kernel.org style signatures where the uncompressed
tar archive is signed and compressed later. The signature is valid for
all tar* snapshots.

We have a filter which snapshots may be generated and downloaded. This has
to allow tar signatures now even if tar itself is not allowed. To simplify
things we allow all signatures.

Signed-off-by: Christian Hesse <mail@eworm.de>
2018-07-03 20:37:44 +02:00
Jason A. Donenfeld
b522a302c9 extra-head-content: introduce another option for meta tags
This is to support things like go-import meta tags, which are on a
per-repo basis.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-03 20:37:00 +02:00
John Keeping
c4fbb99cee Use string list strdup_strings for mimetypes
There's no need to do this manually with the string list API will do it
for us.

Signed-off-by: John Keeping <john@keeping.me.uk>
2018-06-27 19:28:16 +02:00
Andy Green
9086260329 manpage: fix sorting order
You maybe didn't know you had OCD until you saw an
alpha sorted list that has stuff out of order in it.

Signed-off-by: Andy Green <andy@warmcat.com>
Reviewed-by: John Keeping <john@keeping.me.uk>
2018-06-27 19:27:43 +02:00
John Keeping
b31e99887b cache: close race window when unlocking slots
We use POSIX advisory record locks to control access to cache slots, but
these have an unhelpful behaviour in that they are released when any
file descriptor referencing the file is closed by this process.

Mostly this is okay, since we know we won't be opening the lock file
anywhere else, but there is one place that it does matter: when we
restore stdout we dup2() over a file descriptor referring to the file,
thus closing that descriptor.

Since we restore stdout before unlocking the slot, this creates a window
during which the slot content can be overwritten.  The fix is reasonably
straightforward: simply restore stdout after unlocking the slot, but the
diff is a bit bigger because this requires us to move the temporary
stdout FD into struct cache_slot.

Signed-off-by: John Keeping <john@keeping.me.uk>
Reviewed-by: Christian Hesse <mail@eworm.de>
2018-06-27 18:13:03 +02:00
Christian Hesse
255b78ff52 git: update to v2.18.0
Update to git version v2.18.0. Required changes follow upstream commits:

* Convert find_unique_abbrev* to struct object_id
  (aab9583f7b5ea5463eb3f653a0b4ecac7539dc94)
* sha1_file: convert read_sha1_file to struct object_id
  (b4f5aca40e6f77cbabcbf4ff003c3cf30a1830c8)
* sha1_file: convert sha1_object_info* to object_id
  (abef9020e3df87c441c9a3a95f592fce5fa49bb9)
* object-store: move packed_git and packed_git_mru to object store
  (a80d72db2a73174b3f22142eb2014b33696fd795)
* treewide: rename tree to maybe_tree
  (891435d55da80ca3654b19834481205be6bdfe33)

The changed data types required some of our own functions to be converted
to struct object_id:

  ls_item
  print_dir
  print_dir_entry
  print_object
  single_tree_cb
  walk_tree
  write_tree_link

And finally we use new upstream functions that were added for
struct object_id:

  hashcpy     -> oidcpy
  sha1_to_hex -> oid_to_hex

Signed-off-by: Christian Hesse <mail@eworm.de>
Reviewed-by: John Keeping <john@keeping.me.uk>
2018-06-27 18:13:03 +02:00