Commit Graph

1492 Commits

Author SHA1 Message Date
John Keeping
407f71cc06 plain: don't append charset for binary MIME types
When outputting the Content-Type HTTP header we print the MIME type and
then append "; charset=<charset>" if the charset variable is non-null.

We don't want a charset when we have selected "application/octet-stream"
or when the user has specified a custom MIME type, since they may have
specified their own charset.  To avoid this, make sure we set the page's
charset to NULL in ui-plain before we generate the HTTP headers.

Signed-off-by: John Keeping <john@keeping.me.uk>
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2014-01-08 14:59:38 +01:00
Lukas Fleischer
d76c438ead ui-log.c: Several simplifications
* Use argv_array_pushf() for inserting formatted strings.
* Remove unneeded static strings.
* Replace "if" by "else if" for readability and speed.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2014-01-08 14:59:38 +01:00
Lukas Fleischer
9973ef0207 Use argv_array in place of vector
Instead of using our own vector implementation, use argv_array from Git
which has been specifically designed for dynamic size argv arrays.

Drop vector.h and vector.c which are no longer needed.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2014-01-08 14:59:38 +01:00
Lukas Fleischer
e21da6c2a6 ui-stats.c: Remove unused macro
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2014-01-08 14:59:38 +01:00
Lukas Fleischer
f7db9b5e37 scan-tree.c: Remove unused macro
This is no longer needed since commit fb3655df (use struct strbuf
instead of static buffers, 2013-04-06).

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2014-01-08 14:59:38 +01:00
Lukas Fleischer
d181d6593f ui-shared: Drop filepair_cb_raw() and helper
Remove filepair_cb_raw() and all related functions. These are no longer
needed. We now use Git's internal functions for raw diff formatting
everywhere.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2013-09-14 19:31:50 +02:00
Lukas Fleischer
2da46fe5aa ui-diff: Use diff_tree_sha1() for raw diff formatting
Use Git's internal diff_tree_sha1() function for the /rawdiff/ command
instead of trying to recreate this functionality.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2013-09-14 19:30:00 +02:00
Lukas Fleischer
d93cebaa18 tests/: Add t0110-rawdiff.sh
This adds some basic tests for the /rawdiff/ command.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2013-08-26 21:04:02 +02:00
Lukas Fleischer
5a8862723f t0108: Add tests for revision ranges
Add tests to check whether generating multiple patches at once works.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2013-08-26 21:03:53 +02:00
Lukas Fleischer
b5b1f0715a t0108: Compare output with git-format-patch(1)
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2013-08-26 21:03:35 +02:00
Lukas Fleischer
840858594e ui-patch.c: Add additional newline after each patch
For consistency with git-format-patch(1).

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2013-08-26 21:03:23 +02:00
Lukas Fleischer
334aed8ab4 ui-patch.c: Fix signature delimiter
Add a missing space after the "--" marker that introduces the patch
signature.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2013-08-26 21:01:50 +02:00
Lukas Fleischer
370535fc70 t0108: Avoid unnecessary fork()
Use `git rev-list --max-parents=0 HEAD` instead of `git rev-list HEAD |
tail -1` to get the root commit. This works since Git 1.7.4.2.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2013-08-26 21:01:11 +02:00
John Keeping
d62e71a024 git: update to 1.8.4
No code changes required, just bump the submodule and makefile versions.

Signed-off-by: John Keeping <john@keeping.me.uk>
2013-08-26 18:42:03 +02:00
Lukas Fleischer
735c7f0734 ui-patch.c: Fix formatting for merge commits
Add max_parents = 1 to the revision walk in order to make sure we do not
include the footer signature twice for merge commits.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2013-08-22 14:55:11 +02:00
Lukas Fleischer
4e00d338b0 ui-patch: Rename variables
Rename parameters and local variables to match those from ui-diff. Also,
convert a "char *" to "const char *".

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2013-08-20 19:55:54 +02:00
Lukas Fleischer
750f6462c9 Allow for creating patch series
This allows for specifying a revision range using the id2 parameter of
/patch/. The output that is produced is similar to

    $ git format-patch --stdout id2..id

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2013-08-20 19:55:42 +02:00
Lukas Fleischer
455b598778 ui-patch.c: Use log_tree_commit() to generate diffs
Instead of using our own formatting, use log_tree_commit() from Git to
create patches. This removes unnecessary duplicate code and also fixes a
bug with e-mail address formatting that existed in our own
implementation.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2013-08-20 19:55:30 +02:00
Lukas Fleischer
01db083729 ui-diff: Check the return value of get_sha1()
Sync with what we do everywhere else and check the return value of
get_sha1() instead of calling sha1_object_info() to validate the object.
Note that we later call lookup_commit_reference(), which checks that
both SHA1 values refer to commits, anyway.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2013-08-20 19:55:20 +02:00
Lukas Fleischer
445f6ae8e3 cmd.c: Add a "rawdiff" command
This can be used to generate raw diffs between arbitrary revisions using
something like

     /rawdiff/?id=v0.9&id2=v0.9.1

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2013-08-16 13:15:37 -06:00
Lukas Fleischer
9003cc172a Allow for creating raw diffs with cgit_print_diff()
This adds a parameter to cgit_print_diff() to create raw diffs, using
the same format as `git diff <commit>`.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2013-08-16 13:15:37 -06:00
Lukas Fleischer
747b035dda Extract filepair_cb from ui-patch.c
Move filepair_cb() from ui-patch.c to ui-shared.c and rename it to
filepair_cb_raw(). This callback will be used in ui-diff.c in a
follow-up patch.

Note that it is not straightforward to extract filepair_cb() from
ui-diff.c which is why it is not done here as well.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2013-08-16 13:15:37 -06:00
Jason A. Donenfeld
cf152604c3 Fix silly spelling error. 2013-08-16 13:15:17 -06:00
Lukas Fleischer
86e309fcb5 Fix section-from-path > 1
When having found the first path separator occurrence at position i, we
invoked strchr() on the same position i in subsequent iterations
resulting in the same path separator being returned by strchr() over and
over again. Increase the position by one to skip the occurrence that has
just been found and advance to the next separator.

Reported-by: Konstantin Ryabitsev <mricon@kernel.org>
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2013-08-12 13:14:11 -06:00
Lukas Fleischer
1a194aa2c7 Makefile: Change default prefix to "/usr/local"
Locally installed packages are usually installed to /usr/local.
Packagers can use `make prefix=/usr` to get back the old behavior.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2013-08-12 13:14:10 -06:00
Lukas Fleischer
50e70d32f0 Use strbuf for reading configuration files
Use struct strbuf from Git instead of fixed-size buffers to remove the
limit on the length of configuration file lines and refactor
read_config_line() to improve readability.

Note that this also fixes a buffer overflow that existed with the
original fixed-size buffer implementation.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2013-08-12 13:14:10 -06:00
Christian Hesse
820df9c660 add a note about generating agefile in hook 2013-08-12 13:14:10 -06:00
Jason A. Donenfeld
00e3a3ecda cache: id means static, even if head is specified too
Pages like /commit?h=wip&id=8a335ce618ba77fbf05148d6f8be17bd48ba4340
were being marked as dynamic, because of h=wip, when it should be
static, because of id=.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2013-08-12 13:14:10 -06:00
Jason A. Donenfeld
61ff10065b cache: document negative ttls and add about ttl
We've long supported negative ttls, for infinite cache, except the
documentation incorrectly showed one of our defaults as being 5 and not
-1. As well, with a negative ttl, we were actually making the HTTP
expired header go backwards. This changes it to go ahead ten years
instead.

Further, we add an cache-about-ttl option to set a different ttl for
about pages, which are now increasingly being filtered through markdown
or just sent statically anyway.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2013-08-12 13:14:10 -06:00
Jason A. Donenfeld
23debef621 robots.txt: disallow access to snapshots
My dmesg is filled with the oom killer bringing down processes while the
Bingbot downloads every snapshot for every commit of the Linux kernel in
tar.xz format. Sure, I should be running with memory limits, and now I'm
using cgroups, but a more general solution is to prevent crawlers from
wasting resources like that in the first place.

Suggested-by: Natanael Copa <ncopa@alpinelinux.org>
Suggested-by: Julius Plenz <plenz@cis.fu-berlin.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2013-08-12 13:14:10 -06:00
Christian Hesse
830eb6f6ff use favicon by default 2013-08-12 12:44:44 -06:00
Christian Hesse
52c926cadb Add favicon
This adds a favicon to cgit. It is not enabled by default, though.
The file contains two icons, 16x16 and 32x32 pixels, optimized for size.
2013-05-31 02:52:24 +02:00
Jason A. Donenfeld
7fb12a8ee0 ui-summary: do not free ref
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2013-05-28 09:31:45 +02:00
Jason A. Donenfeld
6d6f8bdeed filters: toggle perl utf8 situation
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2013-05-28 07:55:40 +02:00
Jason A. Donenfeld
989d251384 CGIT-0.9.2
Features:
- update to git v1.8.3.
- expanded set of default filters to include markdown, restructuredtext, and
  man pages.
- better sample configuration file in man page.
- "readme" may now be specified multiple times, and cgit will choose the first
  one it finds.
- "readme" no longer needs a branch name. If prefixed with simply ":" it will
  use the default branch.
- "branch-sort" allowing branches to be sorted either by "age" or "name", for
  kernel.org.
- "enable-index-owner" allowing the owner column to be disabled in the index
  page.
- print submodule revision next to submodule link.
- integrate more closely with git apis, such as strbuf.
- rely on git test harness and git makefiles.
- more robust test suite.
- more rebust makefile dependency accounting.
- pager navigation is now unordered list.
- span tag wraps commit directions.

Behavior changes:
- HOME is no longer passed as an environment variable to any filter api
  scripts.
- "about-filter" now receives the filename being filtered as argv[1]. This may
  disrupt existing scripts, so adjust accordingly.
- gitconfig and gitattributes are no longer loaded from any system directories
  or home directories.

Security:
- CVE-2013-2117: disallow directory traversal when readme is set to filesystem
  path.

Bug fixes:
- ssdiff now correctly manages tab expansion.
- support unannotated tags in http git clone.
- lots of cleanups of global variables and memory leaks.
- do not rely on gettext/libintl.
- better C standard compliance.
- make several functions and variables static.
- improved constification.
- remove unused functions.
- fix colspan values to correct width.
- fix out-of-bounds memory accesses with virtual_root="".
- cache repo config more precisely.
- die when write fails.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2013-05-27 22:18:09 +02:00
Jason A. Donenfeld
cd42ded9e9 README: add trailing slash to homepage
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2013-05-27 21:56:57 +02:00
Jason A. Donenfeld
d6d3dbc858 cgitrc.5: improve example config
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2013-05-27 21:54:16 +02:00
Jason A. Donenfeld
8149be213f filters: import more modern scripts
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2013-05-27 21:54:16 +02:00
Jason A. Donenfeld
dcbc0438b2 readme: use string_list instead of space deliminations
Now this is possible in cgitrc -

readme=:README.md
readme=:readme.md
readme=:README.mkd
readme=:readme.mkd
readme=:README.rst
readme=:readme.rst
readme=:README.html
readme=:readme.html
readme=:README.htm
readme=:readme.htm
readme=:README.txt
readme=:readme.txt
readme=:README
readme=:readme
readme=:INSTALL.txt
readme=:install.txt
readme=:INSTALL
readme=:install

Suggested-by: John Keeping <john@keeping.me.uk>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2013-05-26 16:30:03 +02:00
Jason A. Donenfeld
fe36f84d84 ui-summary: Disallow directory traversal
Using the url= query string, it was possible request arbitrary files
from the filesystem if the readme for a given page was set to a
filesystem file. The following request would return my /etc/passwd file:

http://git.zx2c4.com/?url=/somerepo/about/../../../../etc/passwd
http://data.zx2c4.com/cgit-directory-traversal.png

This fix uses realpath(3) to canonicalize all paths, and then compares
the base components.

This fix introduces a subtle timing attack, whereby a client can check
whether or not strstr is called using timing measurements in order
to determine if a given file exists on the filesystem.

This fix also does not account for filesystem race conditions (TOCTOU)
in resolving symlinks.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2013-05-25 20:33:28 +02:00
Jason A. Donenfeld
2a1ead3efb cgitrc.5: information on directory traversal and multiple readme files
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2013-05-25 20:33:28 +02:00
Jason A. Donenfeld
cd4c77d989 readme: Accept multiple candidates and test them.
The readme variable may now contain multiple space deliminated entries,
which per usual are either a filepath or a git ref filepath. If multiple
are specified, cgit will now select the first one in the list that
exists. This is to make it easier to specify multiple default readme
types in the main cgitrc file and have them automatically get applied to
each repo based on what exists.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2013-05-25 20:33:28 +02:00
Jason A. Donenfeld
c0dfaf1c28 ui-summary: Pass filename to about-filter
This gives the about-filter API the same semantics as source-filter,
where the filter receives the filename so it can decide what to do next
with it.

While we're at it, plug a memory leak.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2013-05-25 20:33:28 +02:00
Jason A. Donenfeld
3cb5d86dc6 ui-summary: Use default branch for readme if : prefix
If the readme value begins with ":", and has no specified branch before
it, use the repository's default branch.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2013-05-25 20:33:28 +02:00
Jason A. Donenfeld
03eb76dfad cgit.c: Do not reset HOME after unsetting it.
The number of odd cases in which git will try to read config is far too
great to keep putting a bandaid over each one, so we'll just unset it.

If it turns out that scripts really liked to know about $HOME, we can
always reset it in the filter forks.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2013-05-25 20:33:28 +02:00
Jason A. Donenfeld
5a4156ef95 cgit.c: sync repo config printing with struct cgit_repo
We've now added quite a few config keys for repositories, but we've
forgotten to update the printing of it for cache files. Synchronize the
two.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2013-05-25 14:07:10 +02:00
John Keeping
0499e88cce git: update to 1.8.3
No changes required, just bump the submodule and Makefile versions.

Signed-off-by: John Keeping <john@keeping.me.uk>
2013-05-25 13:10:14 +02:00
John Keeping
f32a2da636 cache.c: cache ls_cache output properly
By using the standard library's printf, cache_ls does not redirect its
output to the cache when we change the process' stdout file descriptor
to point to the cache file.  Fix this by using "htmlf" in the same way
that we do for writing HTTP headers.

Signed-off-by: John Keeping <john@keeping.me.uk>
2013-05-22 12:53:06 +02:00
John Keeping
75bfec6448 tests: introduce strip_header() helper function
This means that we can avoid hardcoding the number of headers we expect
CGit to generate in test cases and simply remove whatever headers happen
to by there when we are checking body content.

Signed-off-by: John Keeping <john@keeping.me.uk>
2013-05-22 12:53:06 +02:00
John Keeping
1e9f1ee64e shared.c: use die_errno() where appropriate
This replaces some code that is re-implementing die_errno by just
calling the function.

Signed-off-by: John Keeping <john@keeping.me.uk>
2013-05-22 12:53:06 +02:00