Commit Graph

1501 Commits

Author SHA1 Message Date
John Keeping b31e99887b cache: close race window when unlocking slots
We use POSIX advisory record locks to control access to cache slots, but
these have an unhelpful behaviour in that they are released when any
file descriptor referencing the file is closed by this process.

Mostly this is okay, since we know we won't be opening the lock file
anywhere else, but there is one place that it does matter: when we
restore stdout we dup2() over a file descriptor referring to the file,
thus closing that descriptor.

Since we restore stdout before unlocking the slot, this creates a window
during which the slot content can be overwritten.  The fix is reasonably
straightforward: simply restore stdout after unlocking the slot, but the
diff is a bit bigger because this requires us to move the temporary
stdout FD into struct cache_slot.

Signed-off-by: John Keeping <john@keeping.me.uk>
Reviewed-by: Christian Hesse <mail@eworm.de>
2018-06-27 18:13:03 +02:00
Christian Hesse 255b78ff52 git: update to v2.18.0
Update to git version v2.18.0. Required changes follow upstream commits:

* Convert find_unique_abbrev* to struct object_id
  (aab9583f7b5ea5463eb3f653a0b4ecac7539dc94)
* sha1_file: convert read_sha1_file to struct object_id
  (b4f5aca40e6f77cbabcbf4ff003c3cf30a1830c8)
* sha1_file: convert sha1_object_info* to object_id
  (abef9020e3df87c441c9a3a95f592fce5fa49bb9)
* object-store: move packed_git and packed_git_mru to object store
  (a80d72db2a73174b3f22142eb2014b33696fd795)
* treewide: rename tree to maybe_tree
  (891435d55da80ca3654b19834481205be6bdfe33)

The changed data types required some of our own functions to be converted
to struct object_id:

  ls_item
  print_dir
  print_dir_entry
  print_object
  single_tree_cb
  walk_tree
  write_tree_link

And finally we use new upstream functions that were added for
struct object_id:

  hashcpy     -> oidcpy
  sha1_to_hex -> oid_to_hex

Signed-off-by: Christian Hesse <mail@eworm.de>
Reviewed-by: John Keeping <john@keeping.me.uk>
2018-06-27 18:13:03 +02:00
Christian Hesse 54d37dc154 global: remove functionality we deprecated for cgit v1.0
The man page states these were deprecated for v1.0. We are past v1.1,
so remove the functionality.

Signed-off-by: Christian Hesse <mail@eworm.de>
Reviewed-by: John Keeping <john@keeping.me.uk>
2018-06-27 18:13:03 +02:00
Christian Hesse 2f8648ff7f snapshot: strip bit from struct cgit_snapshot_format
We had a static bit value in struct cgit_snapshot_format. We do not rely
on it and things can be calculated on the fly. So strip it.

Signed-off-by: Christian Hesse <mail@eworm.de>
2018-06-27 18:13:00 +02:00
Christian Hesse 30a378b571 snapshot: support special value 'all' to enable all formats
Signed-off-by: Christian Hesse <mail@eworm.de>
Reviewed-by: John Keeping <john@keeping.me.uk>
2018-06-27 18:11:19 +02:00
John Keeping c712d5ac43 snapshot: support archive signatures
Read signatures from the notes refs refs/notes/signatures/$FORMAT where
FORMAT is one of our archive formats ("tar", "tar.gz", ...).  The note
is expected to simply contain the signature content to be returned when
the snapshot "${filename}.asc" is requested, so the signature for
cgit-1.1.tar.xz can be stored against the v1.1 tag with:

	git notes --ref=refs/notes/signatures/tar.xz add -C "$(
		gpg --output - --armor --detach-sign cgit-1.1.tar.xz |
		git hash-object -w --stdin
	)" v1.1

and then downloaded by simply appending ".asc" to the archive URL.

Signed-off-by: John Keeping <john@keeping.me.uk>
Reviewed-by: Christian Hesse <mail@eworm.de>
2018-06-27 18:11:19 +02:00
John Keeping 71d14d9c98 ui-refs: use shared function to print tag downloads
cgit_compose_snapshot_prefix() is identical to print_tag_downloads(), so
remove the latter and use the function from ui-shared.c instead.

Signed-off-by: John Keeping <john@keeping.me.uk>
Reviewed-by: Christian Hesse <mail@eworm.de>
2018-06-27 18:11:19 +02:00
John Keeping e491eaa5df ui-shared: pass separator in to cgit_print_snapshot_links()
cgit_print_snapshot_links() is almost identical to
print_tag_downloads(), so let's extract the difference to a parameter in
preparation for removing print_tag_downloads() in the next commit.

Signed-off-by: John Keeping <john@keeping.me.uk>
Reviewed-by: Christian Hesse <mail@eworm.de>
2018-06-27 18:11:19 +02:00
John Keeping 5b1f42ffee ui-shared: use the same snapshot logic as ui-refs
Make snapshot links in the commit UI use the same prefix algorithm as
those in the summary UI, so that refs starting with the snapshot prefix
are used as-is rather than composed with the prefix repeated.

Signed-off-by: John Keeping <john@keeping.me.uk>
Reviewed-by: Christian Hesse <mail@eworm.de>
2018-06-27 18:11:19 +02:00
John Keeping 82aadcfc51 ui-shared: rename parameter to cgit_print_snapshot_links()
This is expected to be a ref not a hex object ID, so name it more
appropriately.

Signed-off-by: John Keeping <john@keeping.me.uk>
Reviewed-by: Christian Hesse <mail@eworm.de>
2018-06-27 18:11:19 +02:00
John Keeping 63da41a915 ui-shared: remove unused parameter
The "head" parameter to cgit_print_snapshot_links() is never used, so
remove it.

Signed-off-by: John Keeping <john@keeping.me.uk>
Reviewed-by: Christian Hesse <mail@eworm.de>
2018-06-27 18:11:19 +02:00
John Keeping f0047d2d94 ui-refs: remove unnecessary sanity check
There is no way for refinfo::refname to be null, and Git will prevent
zero-length refs so this check is unnecessary.

Signed-off-by: John Keeping <john@keeping.me.uk>
Reviewed-by: Christian Hesse <mail@eworm.de>
2018-06-27 18:11:19 +02:00
John Keeping 00ad47bbfa ui-snapshot: filter permitted snapshot requests
Currently the snapshots configuration option only filters which links
are displayed, not which snapshots may be generated and downloaded.
Apply the filter also to requests to ensure that the system policy is
enforced.

Signed-off-by: John Keeping <john@keeping.me.uk>
Reviewed-by: Christian Hesse <mail@eworm.de>
2018-06-27 18:11:19 +02:00
John Keeping c1572bb5ec Add "snapshot-prefix" repo configuration
Allow using a user-specified value for the prefix in snapshot files
instead of the repository basename.  For example, files downloaded from
the linux-stable.git repository should be named linux-$VERSION and not
linux-stable-$VERSION, which can be achieved by setting:

	repo.snapshot-prefix=linux

Signed-off-by: John Keeping <john@keeping.me.uk>
Reviewed-by: Christian Hesse <mail@eworm.de>
2018-06-27 18:11:19 +02:00
John Keeping d85e8a9810 ui-snapshot: pass repo into get_ref_from_filename()
Prepare to allow a custom snapshot prefix.

Signed-off-by: John Keeping <john@keeping.me.uk>
Reviewed-by: Christian Hesse <mail@eworm.de>
2018-06-27 18:11:19 +02:00
John Keeping bd1b281478 ui-shared: pass repo object to print_snapshot_links()
Both call sites of cgit_print_snapshot_links() use the same values for
the snapshot mask and repository name, which are derived from the
cgit_repo structure so let's pass in the structure and access the fields
directly.

Signed-off-by: John Keeping <john@keeping.me.uk>
Reviewed-by: Christian Hesse <mail@eworm.de>
2018-06-27 18:11:19 +02:00
Christian Hesse 0bb34ef130 ui-log: highlight annotated tags in different color
Annotated tags have some extra information... Descriptive text or signature.
Highlighting annotated tags in a different color show what tag may be worth
clicking for extra information.

Signed-off-by: Christian Hesse <mail@eworm.de>
Reviewed-by: John Keeping <john@keeping.me.uk>
2018-06-27 18:01:29 +02:00
Christian Hesse e65ea965a0 print git version string in footer
This helps tracking what git version cgit uses. The security implications are
low as anybody can look up the version of our submodule anyway. The paranoid
can use a custom footer. :-p

On the other hand this brings potential security issues to the
administrators eyes...

Signed-off-by: Christian Hesse <mail@eworm.de>
2018-06-27 18:01:29 +02:00
Christian Hesse fb804a3537 git: update to v2.17.1
Update to git version v2.17.1. Required changes:

* The function 'typename' has been renamed to 'type_name'
  (upstream commit debca9d2fe784193dc2d9f98b5edac605ddfefbb)

Signed-off-by: Christian Hesse <mail@eworm.de>
2018-06-27 18:01:29 +02:00
Andy Green b759189574 ui-blame: free read_sha1_file() buffer after use
Signed-off-by: Andy Green <andy@warmcat.com>
Signed-off-by: John Keeping <john@keeping.me.uk>
2018-06-19 22:45:09 +01:00
Jon DeVree 26610aff34 ui-tag: Fix inconsistent capitalization
Way back in 2009 all of these were lower cased except this one
occurrence.

Signed-off-by: Jon DeVree <nuxi@vault24.org>
Signed-off-by: John Keeping <john@keeping.me.uk>
2018-06-16 17:42:32 +01:00
Andy Green 7708859c4d ui-tree: free read_sha1_file() buffer after use
Free up the buffer allocated in read_sha1_file()

Signed-off-by: Andy Green <andy@warmcat.com>
Signed-off-by: John Keeping <john@keeping.me.uk>
2018-06-16 15:20:11 +01:00
John Keeping 48f175083a Makefile: drive asciidoc directly for HTML output
This is mostly taken from Git's doc/Makefile, although simplified for
our use.  The output now uses Asciidoc's default CSS which I think looks
a bit nicer than the Docbook formatting; as a result of this we no
longer need our custom .css file.

A side effect of this change is that temporary files generated from the
HTML output no longer conflict with the manpage output format (because
any temporary HTML output files use names derived from the output
filename which includes .html).

Signed-off-by: John Keeping <john@keeping.me.uk>
2018-06-16 14:06:03 +01:00
Todd Zullinger 33414d7869 doc: use consistent id's when generating html files
The html documentation is generated using a2x which calls docbook tools
to do the work.  The generate.consistent.ids parameter ensures that when
the docbook stylesheet assigns an id value to an output element it is
consistent as long as the document structure has not changed.

Having consistent html files reduces frivolous changes between builds.
Distributions can more easily deploy multiple architecture builds and
compare changes between package versions.  End-users avoid needless
changes in files deployed or backed up.

The generate.consistent.ids parameter was added in docbook-xsl-1.77.0.
Older versions gracefully ignore the parameter, so we can pass the
parameter unconditionally.  Most distributions contain docbook-xsl newer
than 1.77.0.  This includes Fedora, Debian, Ubuntu, and RHEL/CentOS 7.
RHEL/CentOS 6 and Debian Wheezy (old stable) ship with an older version,
unsurprisingly.

Signed-off-by: Todd Zullinger <tmz@pobox.com>
2018-02-21 03:12:57 +01:00
Jason A. Donenfeld 03f6e34bb9 cgit: prepare repo before error pages
This fixes a crash when showing a list of all heads in the <select> box
in the header.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-02-12 23:25:29 +01:00
Jeff Smith dbaee2672b ui-blame: Allow syntax highlighting
Place file contents into a single block so that syntax highlighting can
be applied in the usual fashion.  Place the alternating color bars
behind the file contents.  Force the default syntax highlighting
background to transparent.

Signed-off-by: Jeff Smith <whydoubt@gmail.com>
Reviewed-by: John Keeping <john@keeping.me.uk>
2018-01-19 11:40:58 +01:00
Jeff Smith aafc42d808 ui-blame: Make each column into a single table cell
Signed-off-by: Jeff Smith <whydoubt@gmail.com>
Reviewed-by: John Keeping <john@keeping.me.uk>
2018-01-19 11:40:55 +01:00
Jeff Smith 2b95c9d49c ui-blame: Break out emit_blame_entry into component methods
Signed-off-by: Jeff Smith <whydoubt@gmail.com>
Reviewed-by: John Keeping <john@keeping.me.uk>
2018-01-19 11:40:52 +01:00
Jeff Smith 6b5b655f6d ui-blame: Distinguish hashes column from lines column
Signed-off-by: Jeff Smith <whydoubt@gmail.com>
Reviewed-by: John Keeping <john@keeping.me.uk>
2018-01-19 11:40:49 +01:00
Christian Hesse 1dd53e3a2f git: update to v2.16.0
Update to git version v2.16.0:

* refs: convert resolve_ref_unsafe to struct object_id
  (49e61479be913f67e66bb3fdf8de9475c41b58bd)
* diff: remove DIFF_OPT_SET macro
  (23dcf77f48feb49c54bad09210f093a799816334)
* log: add option to choose which refs to decorate
  (65516f586b69307f977cd67cc45513a296cabc25)
* diff: convert flags to be stored in bitfields
  (02f2f56bc377c287c411947d0e1482aac888f8db)

Signed-off-by: Christian Hesse <mail@eworm.de>
2018-01-19 11:34:43 +01:00
Christian Hesse 5d947ba3f0 git: update to v2.15.1
Update to git version v2.15.1: With commit 0abe14f6 prepare_packed_git()
moved to packfile.[ch].

Signed-off-by: Christian Hesse <mail@eworm.de>
Reviewed-by: John Keeping <john@keeping.me.uk>
2017-12-06 20:29:10 +01:00
Ville Skyttä 67d0f87050 global: spelling fixes
Signed-off-by: Ville Skyttä <ville.skytta@iki.fi>
2017-10-15 18:44:55 +02:00
Ville Skyttä 98abe5bb9e ui-shared: use type='search' for the search box
Signed-off-by: Ville Skyttä <ville.skytta@iki.fi>
2017-10-15 18:43:57 +02:00
Jason A. Donenfeld fd069b4ca0 filter: pipe_fh should be local
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-10-14 16:13:07 +02:00
John Keeping 9d751e7eec parsing: don't clear existing state with empty input
Since commit c699866 (parsing: clear query path before starting,
2017-02-19), we clear the "page" variable simply by calling
cgit_parse_url() even if the URL is empty.  This breaks a URL like:

	.../cgit?p=about

which is generated when using the "root-readme" configuration option.

This happens because "page" is set to "about" when parsing the query
string before we handle the path (which is empty, but non-null).

It turns out that this is not the only case which is broken, but
specifying repository and page via query options has been broken since
before the commit mentioned above, for example:

	.../cgit?r=git&p=log

Fix both of these by allowing the previous state to persist if PATH_INFO
is empty, falling back to the query parameters if no path has been
requested.

Reported-by: Tom Ryder <tom@sanctum.geek.nz>
Signed-off-by: John Keeping <john@keeping.me.uk>
2017-10-14 14:31:18 +02:00
Jeff Smith 1649afdc9b ui-tree: link to blame UI if enabled
Create links to the blame page.

Signed-off-by: Jeff Smith <whydoubt@gmail.com>
Reviewed-by: John Keeping <john@keeping.me.uk>
2017-10-03 19:19:34 +01:00
Jeff Smith c1cd290d1f ui-blame: add blame UI
Implement a page which provides the blame view of a specified file.

This feature is controlled by a new config variable, "enable-blame",
which is disabled by default.

Signed-off-by: Jeff Smith <whydoubt@gmail.com>
Reviewed-by: John Keeping <john@keeping.me.uk>
2017-10-03 19:19:34 +01:00
Jeff Smith f6ffe40d1a ui-shared: make a char* parameter const
All cgit_xxx_link functions take const char* for the 'name' parameter,
except for cgit_commit_link, which takes a char* and subsequently
modifies the contents.  Avoiding the content changes, and making it
const char* will avoid the need to make copies of const char* strings
being passed to cgit_commit_link.

Signed-off-by: Jeff Smith <whydoubt@gmail.com>
Reviewed-by: John Keeping <john@keeping.me.uk>
2017-10-03 19:19:34 +01:00
Jeff Smith 9337c7ee83 ui-tree: move set_title_from_path to ui-shared
The ui-blame code will also need to call set_title_from_path, so go
ahead and move it to ui-shared.

Signed-off-by: Jeff Smith <whydoubt@gmail.com>
Reviewed-by: John Keeping <john@keeping.me.uk>
2017-10-03 19:19:34 +01:00
Jeff Smith 70787254b2 html: html_ntxt with no ellipsis
For implementing a ui-blame page, there is need for a function that
outputs a selection from a block of text, transformed for HTML output,
but with no further modifications or additions.

Signed-off-by: Jeff Smith <whydoubt@gmail.com>
Reviewed-by: John Keeping <john@keeping.me.uk>
2017-10-03 19:19:34 +01:00
John Keeping 3b485cc542 cache: flush stdio before restoring FDs
As described in commit 2efb59e (ui-patch: Flush stdout after outputting
data, 2014-06-11), we need to ensure that stdout is flushed before
restoring the file descriptor when writing to the cache.  It turns out
that it's not just ui-patch that is affected by this but also raw diff
which writes to stdout internally.

Let's avoid risking more places doing this by ensuring that stdout is
flushed after writing in fill_slot().

Signed-off-by: John Keeping <john@keeping.me.uk>
2017-10-03 19:19:34 +01:00
Daniel M. Weeks de29788338 Use https for submodule
The git protocol provides no transport security. https does provide
transport security and should be preferred by default. https is also
more likely than git to be permitted by firewalls in restricted
environments.

Signed-off-by: Daniel M. Weeks <dan@danweeks.net>
2017-09-22 00:52:57 +02:00
John Keeping 51cc456b77 ui-plain: print symlink content
We currently ignore symlinks in ui-plain, leading to a 404.  In ui-tree
we print the content of the blob (that is, the path to the target of the
link), so it makes sense to do the same here.

Signed-off-by: John Keeping <john@keeping.me.uk>
2017-08-10 16:05:07 +02:00
John Keeping 113f4b8588 cgit: don't set vpath unless repo is set
After the previous two patches, this can be classified as a tidy up
rather than a bug fix, but I think it makes sense to group all of the
tests together before setting up the environment for the command to
execute.

Signed-off-by: John Keeping <john@keeping.me.uk>
2017-08-10 16:05:07 +02:00
John Keeping c699866699 parsing: clear query path before starting
By specifying the "url" query parameter multiple times it is possible to
end up with ctx.qry.vpath set while ctx.repo is null, which triggers an
invalid code path from cgit_print_pageheader() while printing path
crumbs, resulting in a null dereference.

The previous patch fixed this segfault, but it makes no sense for us to
clear ctx.repo while leaving ctx.qry.path set to the previous value, so
let's just clear it here so that the last "url" parameter given takes
full effect rather than partially overriding the effect of the previous
value.

Signed-off-by: John Keeping <john@keeping.me.uk>
2017-08-10 16:05:07 +02:00
John Keeping 1b4ef6783a ui-shared: don't print path crumbs without a repo
cgit_print_path_crumbs() can call repolink() which assumes that ctx.repo
is non-null.  Currently we don't have any commands that set want_vpath
without also setting want_repo so it shouldn't be possible to fail this
test, but the check in cgit.c is in the wrong order so it is possible to
specify a query string like "?p=log&path=foo/bar" to end up here without
a valid repository.

This was found by American fuzzy lop [0].

[0] http://lcamtuf.coredump.cx/afl/

Signed-off-by: John Keeping <john@keeping.me.uk>
2017-08-10 16:05:07 +02:00
John Keeping 6d3c8bc37f ui-atom: properly escape delimiter in page link
If the delimiter here is '&' then it needs to be escaped for inclusion
in an attribute.  Use html_attrf() to ensure that this happens (we know
that hex won't need escaping, but this makes it clearer what's
happening.

Signed-off-by: John Keeping <john@keeping.me.uk>
2017-08-10 15:58:24 +02:00
Jeff Smith 86a6d358f7 git: update to v2.14
Numerous changes were made to git functions to use an object_id
structure rather than sending sha1 hashes as raw unsigned character
arrays.  The functions that affect cgit are: parse_object,
lookup_commit_reference, lookup_tag, lookup_tree, parse_tree_indirect,
diff_root_tree_sha1, diff_tree_sha1, and format_display_notes.

Commit b2141fc (config: don't include config.h by default) made it
necessary to that config.h be explicitly included when needed.

Commit 07a3d41 (grep: remove regflags from the public grep_opt API)
removed one way of specifying the ignore-case grep option.

Signed-off-by: Jeff Smith <whydoubt@gmail.com>
2017-08-10 15:58:24 +02:00
Christian Hesse 3d33b46df2 git: update to v2.13.4
Update to git version v2.13.4: With commit 8aee769f (pathspec: copy and free
owned memory) the definition of struct pathspec_item has changed with the
expectation that pathspecs will be managed dynamically. We work around this
a bit by setting up a static structure, but let's allocate the match string
to avoid needing to cast away const.

Updated a patch from John Keeping <john@keeping.me.uk> for git v2.12.1.
2017-08-10 15:15:54 +02:00
Lukas Fleischer 7ce19ba550 Update .mailmap with my new email address
Signed-off-by: Lukas Fleischer <lfleischer@lfos.de>
2017-07-27 16:20:44 +02:00