aboutsummaryrefslogtreecommitdiffstatshomepage
Commit message (Collapse)AuthorAge
* cache: close race window when unlocking slotsJohn Keeping2018-06-27
| | | | | | | | | | | | | | | | | | | | We use POSIX advisory record locks to control access to cache slots, but these have an unhelpful behaviour in that they are released when any file descriptor referencing the file is closed by this process. Mostly this is okay, since we know we won't be opening the lock file anywhere else, but there is one place that it does matter: when we restore stdout we dup2() over a file descriptor referring to the file, thus closing that descriptor. Since we restore stdout before unlocking the slot, this creates a window during which the slot content can be overwritten. The fix is reasonably straightforward: simply restore stdout after unlocking the slot, but the diff is a bit bigger because this requires us to move the temporary stdout FD into struct cache_slot. Signed-off-by: John Keeping <john@keeping.me.uk> Reviewed-by: Christian Hesse <mail@eworm.de>
* git: update to v2.18.0Christian Hesse2018-06-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update to git version v2.18.0. Required changes follow upstream commits: * Convert find_unique_abbrev* to struct object_id (aab9583f7b5ea5463eb3f653a0b4ecac7539dc94) * sha1_file: convert read_sha1_file to struct object_id (b4f5aca40e6f77cbabcbf4ff003c3cf30a1830c8) * sha1_file: convert sha1_object_info* to object_id (abef9020e3df87c441c9a3a95f592fce5fa49bb9) * object-store: move packed_git and packed_git_mru to object store (a80d72db2a73174b3f22142eb2014b33696fd795) * treewide: rename tree to maybe_tree (891435d55da80ca3654b19834481205be6bdfe33) The changed data types required some of our own functions to be converted to struct object_id: ls_item print_dir print_dir_entry print_object single_tree_cb walk_tree write_tree_link And finally we use new upstream functions that were added for struct object_id: hashcpy -> oidcpy sha1_to_hex -> oid_to_hex Signed-off-by: Christian Hesse <mail@eworm.de> Reviewed-by: John Keeping <john@keeping.me.uk>
* global: remove functionality we deprecated for cgit v1.0Christian Hesse2018-06-27
| | | | | | | | The man page states these were deprecated for v1.0. We are past v1.1, so remove the functionality. Signed-off-by: Christian Hesse <mail@eworm.de> Reviewed-by: John Keeping <john@keeping.me.uk>
* snapshot: strip bit from struct cgit_snapshot_formatChristian Hesse2018-06-27
| | | | | | | We had a static bit value in struct cgit_snapshot_format. We do not rely on it and things can be calculated on the fly. So strip it. Signed-off-by: Christian Hesse <mail@eworm.de>
* snapshot: support special value 'all' to enable all formatsChristian Hesse2018-06-27
| | | | | Signed-off-by: Christian Hesse <mail@eworm.de> Reviewed-by: John Keeping <john@keeping.me.uk>
* snapshot: support archive signaturesJohn Keeping2018-06-27
| | | | | | | | | | | | | | | | | | Read signatures from the notes refs refs/notes/signatures/$FORMAT where FORMAT is one of our archive formats ("tar", "tar.gz", ...). The note is expected to simply contain the signature content to be returned when the snapshot "${filename}.asc" is requested, so the signature for cgit-1.1.tar.xz can be stored against the v1.1 tag with: git notes --ref=refs/notes/signatures/tar.xz add -C "$( gpg --output - --armor --detach-sign cgit-1.1.tar.xz | git hash-object -w --stdin )" v1.1 and then downloaded by simply appending ".asc" to the archive URL. Signed-off-by: John Keeping <john@keeping.me.uk> Reviewed-by: Christian Hesse <mail@eworm.de>
* ui-refs: use shared function to print tag downloadsJohn Keeping2018-06-27
| | | | | | | | cgit_compose_snapshot_prefix() is identical to print_tag_downloads(), so remove the latter and use the function from ui-shared.c instead. Signed-off-by: John Keeping <john@keeping.me.uk> Reviewed-by: Christian Hesse <mail@eworm.de>
* ui-shared: pass separator in to cgit_print_snapshot_links()John Keeping2018-06-27
| | | | | | | | | cgit_print_snapshot_links() is almost identical to print_tag_downloads(), so let's extract the difference to a parameter in preparation for removing print_tag_downloads() in the next commit. Signed-off-by: John Keeping <john@keeping.me.uk> Reviewed-by: Christian Hesse <mail@eworm.de>
* ui-shared: use the same snapshot logic as ui-refsJohn Keeping2018-06-27
| | | | | | | | | Make snapshot links in the commit UI use the same prefix algorithm as those in the summary UI, so that refs starting with the snapshot prefix are used as-is rather than composed with the prefix repeated. Signed-off-by: John Keeping <john@keeping.me.uk> Reviewed-by: Christian Hesse <mail@eworm.de>
* ui-shared: rename parameter to cgit_print_snapshot_links()John Keeping2018-06-27
| | | | | | | | This is expected to be a ref not a hex object ID, so name it more appropriately. Signed-off-by: John Keeping <john@keeping.me.uk> Reviewed-by: Christian Hesse <mail@eworm.de>
* ui-shared: remove unused parameterJohn Keeping2018-06-27
| | | | | | | | The "head" parameter to cgit_print_snapshot_links() is never used, so remove it. Signed-off-by: John Keeping <john@keeping.me.uk> Reviewed-by: Christian Hesse <mail@eworm.de>
* ui-refs: remove unnecessary sanity checkJohn Keeping2018-06-27
| | | | | | | | There is no way for refinfo::refname to be null, and Git will prevent zero-length refs so this check is unnecessary. Signed-off-by: John Keeping <john@keeping.me.uk> Reviewed-by: Christian Hesse <mail@eworm.de>
* ui-snapshot: filter permitted snapshot requestsJohn Keeping2018-06-27
| | | | | | | | | | Currently the snapshots configuration option only filters which links are displayed, not which snapshots may be generated and downloaded. Apply the filter also to requests to ensure that the system policy is enforced. Signed-off-by: John Keeping <john@keeping.me.uk> Reviewed-by: Christian Hesse <mail@eworm.de>
* Add "snapshot-prefix" repo configurationJohn Keeping2018-06-27
| | | | | | | | | | | | Allow using a user-specified value for the prefix in snapshot files instead of the repository basename. For example, files downloaded from the linux-stable.git repository should be named linux-$VERSION and not linux-stable-$VERSION, which can be achieved by setting: repo.snapshot-prefix=linux Signed-off-by: John Keeping <john@keeping.me.uk> Reviewed-by: Christian Hesse <mail@eworm.de>
* ui-snapshot: pass repo into get_ref_from_filename()John Keeping2018-06-27
| | | | | | | Prepare to allow a custom snapshot prefix. Signed-off-by: John Keeping <john@keeping.me.uk> Reviewed-by: Christian Hesse <mail@eworm.de>
* ui-shared: pass repo object to print_snapshot_links()John Keeping2018-06-27
| | | | | | | | | | Both call sites of cgit_print_snapshot_links() use the same values for the snapshot mask and repository name, which are derived from the cgit_repo structure so let's pass in the structure and access the fields directly. Signed-off-by: John Keeping <john@keeping.me.uk> Reviewed-by: Christian Hesse <mail@eworm.de>
* ui-log: highlight annotated tags in different colorChristian Hesse2018-06-27
| | | | | | | | | Annotated tags have some extra information... Descriptive text or signature. Highlighting annotated tags in a different color show what tag may be worth clicking for extra information. Signed-off-by: Christian Hesse <mail@eworm.de> Reviewed-by: John Keeping <john@keeping.me.uk>
* print git version string in footerChristian Hesse2018-06-27
| | | | | | | | | | | This helps tracking what git version cgit uses. The security implications are low as anybody can look up the version of our submodule anyway. The paranoid can use a custom footer. :-p On the other hand this brings potential security issues to the administrators eyes... Signed-off-by: Christian Hesse <mail@eworm.de>
* git: update to v2.17.1Christian Hesse2018-06-27
| | | | | | | | | Update to git version v2.17.1. Required changes: * The function 'typename' has been renamed to 'type_name' (upstream commit debca9d2fe784193dc2d9f98b5edac605ddfefbb) Signed-off-by: Christian Hesse <mail@eworm.de>
* ui-blame: free read_sha1_file() buffer after useAndy Green2018-06-19
| | | | | Signed-off-by: Andy Green <andy@warmcat.com> Signed-off-by: John Keeping <john@keeping.me.uk>
* ui-tag: Fix inconsistent capitalizationJon DeVree2018-06-16
| | | | | | | | Way back in 2009 all of these were lower cased except this one occurrence. Signed-off-by: Jon DeVree <nuxi@vault24.org> Signed-off-by: John Keeping <john@keeping.me.uk>
* ui-tree: free read_sha1_file() buffer after useAndy Green2018-06-16
| | | | | | | Free up the buffer allocated in read_sha1_file() Signed-off-by: Andy Green <andy@warmcat.com> Signed-off-by: John Keeping <john@keeping.me.uk>
* Makefile: drive asciidoc directly for HTML outputJohn Keeping2018-06-16
| | | | | | | | | | | | | | This is mostly taken from Git's doc/Makefile, although simplified for our use. The output now uses Asciidoc's default CSS which I think looks a bit nicer than the Docbook formatting; as a result of this we no longer need our custom .css file. A side effect of this change is that temporary files generated from the HTML output no longer conflict with the manpage output format (because any temporary HTML output files use names derived from the output filename which includes .html). Signed-off-by: John Keeping <john@keeping.me.uk>
* doc: use consistent id's when generating html filesTodd Zullinger2018-02-21
| | | | | | | | | | | | | | | | | | | | | The html documentation is generated using a2x which calls docbook tools to do the work. The generate.consistent.ids parameter ensures that when the docbook stylesheet assigns an id value to an output element it is consistent as long as the document structure has not changed. Having consistent html files reduces frivolous changes between builds. Distributions can more easily deploy multiple architecture builds and compare changes between package versions. End-users avoid needless changes in files deployed or backed up. The generate.consistent.ids parameter was added in docbook-xsl-1.77.0. Older versions gracefully ignore the parameter, so we can pass the parameter unconditionally. Most distributions contain docbook-xsl newer than 1.77.0. This includes Fedora, Debian, Ubuntu, and RHEL/CentOS 7. RHEL/CentOS 6 and Debian Wheezy (old stable) ship with an older version, unsurprisingly. Signed-off-by: Todd Zullinger <tmz@pobox.com>
* cgit: prepare repo before error pagesJason A. Donenfeld2018-02-12
| | | | | | | This fixes a crash when showing a list of all heads in the <select> box in the header. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* ui-blame: Allow syntax highlightingJeff Smith2018-01-19
| | | | | | | | | | Place file contents into a single block so that syntax highlighting can be applied in the usual fashion. Place the alternating color bars behind the file contents. Force the default syntax highlighting background to transparent. Signed-off-by: Jeff Smith <whydoubt@gmail.com> Reviewed-by: John Keeping <john@keeping.me.uk>
* ui-blame: Make each column into a single table cellJeff Smith2018-01-19
| | | | | Signed-off-by: Jeff Smith <whydoubt@gmail.com> Reviewed-by: John Keeping <john@keeping.me.uk>
* ui-blame: Break out emit_blame_entry into component methodsJeff Smith2018-01-19
| | | | | Signed-off-by: Jeff Smith <whydoubt@gmail.com> Reviewed-by: John Keeping <john@keeping.me.uk>
* ui-blame: Distinguish hashes column from lines columnJeff Smith2018-01-19
| | | | | Signed-off-by: Jeff Smith <whydoubt@gmail.com> Reviewed-by: John Keeping <john@keeping.me.uk>
* git: update to v2.16.0Christian Hesse2018-01-19
| | | | | | | | | | | | | | | Update to git version v2.16.0: * refs: convert resolve_ref_unsafe to struct object_id (49e61479be913f67e66bb3fdf8de9475c41b58bd) * diff: remove DIFF_OPT_SET macro (23dcf77f48feb49c54bad09210f093a799816334) * log: add option to choose which refs to decorate (65516f586b69307f977cd67cc45513a296cabc25) * diff: convert flags to be stored in bitfields (02f2f56bc377c287c411947d0e1482aac888f8db) Signed-off-by: Christian Hesse <mail@eworm.de>
* git: update to v2.15.1Christian Hesse2017-12-06
| | | | | | | | Update to git version v2.15.1: With commit 0abe14f6 prepare_packed_git() moved to packfile.[ch]. Signed-off-by: Christian Hesse <mail@eworm.de> Reviewed-by: John Keeping <john@keeping.me.uk>
* global: spelling fixesVille Skyttä2017-10-15
| | | | Signed-off-by: Ville Skyttä <ville.skytta@iki.fi>
* ui-shared: use type='search' for the search boxVille Skyttä2017-10-15
| | | | Signed-off-by: Ville Skyttä <ville.skytta@iki.fi>
* filter: pipe_fh should be localJason A. Donenfeld2017-10-14
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* parsing: don't clear existing state with empty inputJohn Keeping2017-10-14
| | | | | | | | | | | | | | | | | | | | | | | | | | Since commit c699866 (parsing: clear query path before starting, 2017-02-19), we clear the "page" variable simply by calling cgit_parse_url() even if the URL is empty. This breaks a URL like: .../cgit?p=about which is generated when using the "root-readme" configuration option. This happens because "page" is set to "about" when parsing the query string before we handle the path (which is empty, but non-null). It turns out that this is not the only case which is broken, but specifying repository and page via query options has been broken since before the commit mentioned above, for example: .../cgit?r=git&p=log Fix both of these by allowing the previous state to persist if PATH_INFO is empty, falling back to the query parameters if no path has been requested. Reported-by: Tom Ryder <tom@sanctum.geek.nz> Signed-off-by: John Keeping <john@keeping.me.uk>
* ui-tree: link to blame UI if enabledJeff Smith2017-10-03
| | | | | | | Create links to the blame page. Signed-off-by: Jeff Smith <whydoubt@gmail.com> Reviewed-by: John Keeping <john@keeping.me.uk>
* ui-blame: add blame UIJeff Smith2017-10-03
| | | | | | | | | | Implement a page which provides the blame view of a specified file. This feature is controlled by a new config variable, "enable-blame", which is disabled by default. Signed-off-by: Jeff Smith <whydoubt@gmail.com> Reviewed-by: John Keeping <john@keeping.me.uk>
* ui-shared: make a char* parameter constJeff Smith2017-10-03
| | | | | | | | | | | All cgit_xxx_link functions take const char* for the 'name' parameter, except for cgit_commit_link, which takes a char* and subsequently modifies the contents. Avoiding the content changes, and making it const char* will avoid the need to make copies of const char* strings being passed to cgit_commit_link. Signed-off-by: Jeff Smith <whydoubt@gmail.com> Reviewed-by: John Keeping <john@keeping.me.uk>
* ui-tree: move set_title_from_path to ui-sharedJeff Smith2017-10-03
| | | | | | | | The ui-blame code will also need to call set_title_from_path, so go ahead and move it to ui-shared. Signed-off-by: Jeff Smith <whydoubt@gmail.com> Reviewed-by: John Keeping <john@keeping.me.uk>
* html: html_ntxt with no ellipsisJeff Smith2017-10-03
| | | | | | | | | For implementing a ui-blame page, there is need for a function that outputs a selection from a block of text, transformed for HTML output, but with no further modifications or additions. Signed-off-by: Jeff Smith <whydoubt@gmail.com> Reviewed-by: John Keeping <john@keeping.me.uk>
* cache: flush stdio before restoring FDsJohn Keeping2017-10-03
| | | | | | | | | | | | | As described in commit 2efb59e (ui-patch: Flush stdout after outputting data, 2014-06-11), we need to ensure that stdout is flushed before restoring the file descriptor when writing to the cache. It turns out that it's not just ui-patch that is affected by this but also raw diff which writes to stdout internally. Let's avoid risking more places doing this by ensuring that stdout is flushed after writing in fill_slot(). Signed-off-by: John Keeping <john@keeping.me.uk>
* Use https for submoduleDaniel M. Weeks2017-09-22
| | | | | | | | | The git protocol provides no transport security. https does provide transport security and should be preferred by default. https is also more likely than git to be permitted by firewalls in restricted environments. Signed-off-by: Daniel M. Weeks <dan@danweeks.net>
* ui-plain: print symlink contentJohn Keeping2017-08-10
| | | | | | | | We currently ignore symlinks in ui-plain, leading to a 404. In ui-tree we print the content of the blob (that is, the path to the target of the link), so it makes sense to do the same here. Signed-off-by: John Keeping <john@keeping.me.uk>
* cgit: don't set vpath unless repo is setJohn Keeping2017-08-10
| | | | | | | | | After the previous two patches, this can be classified as a tidy up rather than a bug fix, but I think it makes sense to group all of the tests together before setting up the environment for the command to execute. Signed-off-by: John Keeping <john@keeping.me.uk>
* parsing: clear query path before startingJohn Keeping2017-08-10
| | | | | | | | | | | | | | | By specifying the "url" query parameter multiple times it is possible to end up with ctx.qry.vpath set while ctx.repo is null, which triggers an invalid code path from cgit_print_pageheader() while printing path crumbs, resulting in a null dereference. The previous patch fixed this segfault, but it makes no sense for us to clear ctx.repo while leaving ctx.qry.path set to the previous value, so let's just clear it here so that the last "url" parameter given takes full effect rather than partially overriding the effect of the previous value. Signed-off-by: John Keeping <john@keeping.me.uk>
* ui-shared: don't print path crumbs without a repoJohn Keeping2017-08-10
| | | | | | | | | | | | | | | cgit_print_path_crumbs() can call repolink() which assumes that ctx.repo is non-null. Currently we don't have any commands that set want_vpath without also setting want_repo so it shouldn't be possible to fail this test, but the check in cgit.c is in the wrong order so it is possible to specify a query string like "?p=log&path=foo/bar" to end up here without a valid repository. This was found by American fuzzy lop [0]. [0] http://lcamtuf.coredump.cx/afl/ Signed-off-by: John Keeping <john@keeping.me.uk>
* ui-atom: properly escape delimiter in page linkJohn Keeping2017-08-10
| | | | | | | | | If the delimiter here is '&' then it needs to be escaped for inclusion in an attribute. Use html_attrf() to ensure that this happens (we know that hex won't need escaping, but this makes it clearer what's happening. Signed-off-by: John Keeping <john@keeping.me.uk>
* git: update to v2.14Jeff Smith2017-08-10
| | | | | | | | | | | | | | | | Numerous changes were made to git functions to use an object_id structure rather than sending sha1 hashes as raw unsigned character arrays. The functions that affect cgit are: parse_object, lookup_commit_reference, lookup_tag, lookup_tree, parse_tree_indirect, diff_root_tree_sha1, diff_tree_sha1, and format_display_notes. Commit b2141fc (config: don't include config.h by default) made it necessary to that config.h be explicitly included when needed. Commit 07a3d41 (grep: remove regflags from the public grep_opt API) removed one way of specifying the ignore-case grep option. Signed-off-by: Jeff Smith <whydoubt@gmail.com>
* git: update to v2.13.4Christian Hesse2017-08-10
| | | | | | | | | | Update to git version v2.13.4: With commit 8aee769f (pathspec: copy and free owned memory) the definition of struct pathspec_item has changed with the expectation that pathspecs will be managed dynamically. We work around this a bit by setting up a static structure, but let's allocate the match string to avoid needing to cast away const. Updated a patch from John Keeping <john@keeping.me.uk> for git v2.12.1.
* Update .mailmap with my new email addressLukas Fleischer2017-07-27
| | | | Signed-off-by: Lukas Fleischer <lfleischer@lfos.de>