Archives
/
cgit
mirror of https://git.zx2c4.com/cgit/
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
1,565 Commits
16 Branches
43 Tags
37 MiB
ch/for-jason
ch/highlight-line
ch/log-commit-message
ch/dynamic-aging
ch/about-link
ch/default-pages
jd/zx2c4-deployment
master
wiki
jd/render-filter
lf/for-jason
jk/collapsible-sections
rm/namespace
lf/filter
lh/grep
lh/pretty-blob-view
v1.2.3
v1.2.2
v1.2.1
v1.2
v1.1
v1.0
v0.12
v0.11.2
v0.11.1
v0.11.0
v0.10.2
v0.10.1
v0.10
v0.9.2
v0.9.1
v0.9.0.3
v0.9.0.2
v0.9.0.1
v0.9
v0.8.3.5
v0.8.3.4
v0.8.3.3
v0.8.3.2
v0.8.3.1
v0.8.3
v0.8.2.2
v0.8.2.1
v0.8.2
v0.8.1.1
v0.8.1
v0.8
v0.7.2
v0.7.1
v0.7
v0.6.3
v0.6.2
v0.6.1
v0.6
v0.5
v0.4
v0.3
v0.2
v0.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a4de0e810b'
${ noResults }
Commit Graph

1565 Commits (a4de0e810b69710c3b32f6d253d80d16dec09f36)
 

Author SHA1 Message Date
Jason A. Donenfeld d3756bd7b0 syntax-highlighting: always use utf-8 to avoid ascii codec issues 8 years ago
John Keeping 33bc949a1e cache: don't check for match with no key 
We call open_slot() from cache_ls() without a key since we simply want
to read the path out of the header.  Should the file happen to contain
an empty key then we end up calling memcmp() with NULL and a non-zero
length.  Fix this by assigning slot->match only if a key is set, which
is always will be in the code paths where we use slot->match.

Coverity-id: 13807
Signed-off-by: John Keeping <john@keeping.me.uk>
 8 years ago
John Keeping 3fbfced740 cache: use size_t for string lengths 
Avoid integer truncation on 64-bit systems.

Coverity-id: 13864
Signed-off-by: John Keeping <john@keeping.me.uk>
 8 years ago
John Keeping baa5ad1f80 ui-log: handle parse_commit() errors 
If parse_commit() fails, none of the fields in the commit structure will
have been populated so we will dereference NULL when accessing
item->tree.

There isn't much we can do about the error at this point, but if we
return true then we'll try parsing the commit again from print_commit()
and we can report an error to the user at that point.

Coverity-id: 13801
Signed-off-by: John Keeping <john@keeping.me.uk>
 8 years ago
Jason A. Donenfeld e64d5e04c3 Bump version 8 years ago
Jason A. Donenfeld c326f3eb02 ui-plain: add enable-html-serving flag 
Unrestricts plain/ to contents likely to be executed by browser.
 8 years ago
Jason A. Donenfeld 9ca2566972 ui-blob: set CSP just in case 8 years ago
Jason A. Donenfeld 92996ac2a6 ui-blob: always use generic mimetypes 8 years ago
Jason A. Donenfeld 1c581a0726 ui-blob: Do not accept mimetype from user 8 years ago
Jason A. Donenfeld 513b3863d9 ui-shared: prevent malicious filename from injecting headers 8 years ago
Jason A. Donenfeld 4291453ec3 ui-shared: Avoid new line injection into redirect header 8 years ago
Peter Colberg 4c69241b05 Fix missing prototype declarations 
Signed-off-by: Peter Colberg <peter@colberg.org>
 8 years ago
Peter Colberg 9abe4a26a9 ui-repolist: return HTTP 404 if no repositories found 
Return HTTP status code 404 Not found when querying a non-existent
repository, which signals to search engines that a repository no
longer exists. Further, some webservers such as nginx permit
logging requests to different files depending on the HTTP code.

Signed-off-by: Peter Colberg <peter@colberg.org>
 8 years ago
Peter Colberg a4014d0dbf ui-repolist: extract repo visibility criteria to separate function 
Signed-off-by: Peter Colberg <peter@colberg.org>
 8 years ago
Lukas Fleischer da1b89710f Fix segmentation fault in hc() 
The ctx.qry.page variable might be unset at this point, e.g. when an
invalid command is passed and cgit_print_pageheader() is called to show
an error message.

Signed-off-by: Lukas Fleischer <lfleischer@lfos.de>
 8 years ago
Christian Hesse 559ab5ecc4 git: update to v2.7.0 
Update to git version v2.7.0.

* Upstream commit ed1c9977cb1b63e4270ad8bdf967a2d02580aa08 (Remove
  get_object_hash.) changed API:

  Convert all instances of get_object_hash to use an appropriate
  reference to the hash member of the oid member of struct object.
  This provides no functional change, as it is essentially a macro
  substitution.

Signed-off-by: Christian Hesse <mail@eworm.de>
 8 years ago
Christian Hesse 6edc84bc44 ui-repolist: initialize char *buf to NULL 
readfile() can fail if the agefile is not readable. Make sure free()
does not free an ininitialized string.

Signed-off-by: Christian Hesse <mail@eworm.de>
 8 years ago
Jason A. Donenfeld 4458abf641 filter: avoid integer overflow in authenticate_post 
ctx.env.content_length is an unsigned int, coming from the
CONTENT_LENGTH environment variable, which is parsed by strtoul. The
HTTP/1.1 spec says that "any Content-Length greater than or equal to
zero is a valid value." By storing this into an int, we potentially
overflow it, resulting in the following bounding check failing, leading
to a buffer overflow.

Reported-by: Erik Cabetas <Erik@cabetas.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 9 years ago
Jason A. Donenfeld ffe09621f2 about-formatting.sh: comment text out of date 9 years ago
Christian Hesse 143e65252c filters: port syntax-highlighting.py to python 3.x 
Signed-off-by: Christian Hesse <mail@eworm.de>
 9 years ago
Jason A. Donenfeld 3f9e14ada1 md2html: the default of stdin works fine 
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 9 years ago
Jason A. Donenfeld c301899112 filters: misc cleanups 
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 9 years ago
Jason A. Donenfeld ccb4254104 md2html: use pure python 
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 9 years ago
Christian Hesse 76dc7a3371 cache: fix resource leak: close file handle before return 
Coverity-id: 13910
Signed-off-by: Christian Hesse <mail@eworm.de>
 9 years ago
Christian Hesse ed5dccbeaa ui-atom: fix resource leak: free allocation from cgit_pageurl 
Coverity-id: 13945
Signed-off-by: Christian Hesse <mail@eworm.de>
 9 years ago
Christian Hesse 144e3c6085 ui-atom: fix resource leak: free before return 
Coverity-id: 13946
Signed-off-by: Christian Hesse <mail@eworm.de>
 9 years ago
Christian Hesse 97da17b783 ui-atom: fix resource leak: free allocation from cgit_repourl 
Coverity-id: 13947
Signed-off-by: Christian Hesse <mail@eworm.de>
 9 years ago
Christian Hesse 7320bfa893 ui-blob: fix resource leak: free before return 
Coverity-id: 13944
Signed-off-by: Christian Hesse <mail@eworm.de>
 9 years ago
Christian Hesse 30802126d4 ui-blob: fix resource leak: free before return 
Coverity-id: 13943
Signed-off-by: Christian Hesse <mail@eworm.de>
 9 years ago
Christian Hesse 08a2b818f2 ui-plain: fix resource leak: free before assigning NULL 
Coverity-id: 13939
Signed-off-by: Christian Hesse <mail@eworm.de>
 9 years ago
Christian Hesse 979db79a80 ui-plain: fix resource leak: free before return 
Coverity-id: 13940
Signed-off-by: Christian Hesse <mail@eworm.de>
 9 years ago
Christian Hesse 51338f7658 ui-repolist: fix resource leak: free allocation from cgit_currenturl 
Coverity-id: 13930
Signed-off-by: Christian Hesse <mail@eworm.de>
 9 years ago
Christian Hesse 7ef1a47991 ui-repolist: fix resource leak: free before return 
Coverity-id: 13931
Signed-off-by: Christian Hesse <mail@eworm.de>
 9 years ago
Jason A. Donenfeld 525c815cc4 filters: Simplify converters 
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 9 years ago
Christian Hesse 6edfc1672c ui-shared: fix resource leak: free allocation from cgit_hosturl 
Signed-off-by: Christian Hesse <mail@eworm.de>
 9 years ago
Christian Hesse f77e2a8cfa ui-shared: return value of cgit_hosturl is not const 
Signed-off-by: Christian Hesse <mail@eworm.de>
 9 years ago
Christian Hesse 6f2e4400fa cmd: fix resource leak: free allocation from cgit_currenturl and fmtalloc 
Signed-off-by: Christian Hesse <mail@eworm.de>
 9 years ago
Christian Hesse 3e244a0cca ui-shared: fix resource leak: free allocation from cgit_currenturl 
Coverity-id: 13927
Signed-off-by: Christian Hesse <mail@eworm.de>
 9 years ago
Christian Hesse c5c0eb873e ui-shared: return value of cgit_currenturl is not const 
Signed-off-by: Christian Hesse <mail@eworm.de>
 9 years ago
Christian Hesse 37fce9916a ui-shared: fix resource leak: free allocation from cgit_fileurl 
Coverity-id: 13918
Signed-off-by: Christian Hesse <mail@eworm.de>
 9 years ago
Christian Hesse fa5810ed8e ui-ssdiff: fix resource leak: free allocation from cgit_fileurl 
Coverity-id: 13929
Signed-off-by: Christian Hesse <mail@eworm.de>
 9 years ago
Christian Hesse 896cd69dde ui-tree: fix resource leak: free before return 
Coverity-id: 13938
Signed-off-by: Christian Hesse <mail@eworm.de>
 9 years ago
Jason A. Donenfeld ad006918a5 Avoid use of non-reentrant functions 
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 9 years ago
John Keeping 35b3c67ac2 Makefile: fix MAKEFLAGS tests with multiple flags 
findstring is defined as $(findstring FIND,IN) so if multiple flags are
set these tests do the wrong thing unless $(MAKEFLAGS) is the second
argument.

Signed-off-by: John Keeping <john@keeping.me.uk>
 9 years ago
John Keeping 198a4404b9 ui-refs: remove useless null check 
There is no way that "tag" can be null here.

Coverity-id: 13950
Signed-off-by: John Keeping <john@keeping.me.uk>
 9 years ago
John Keeping 509488d85c ui-blob: remove useless null check 
We have already called strlen() on "path" by the time we get here, so we
know it can't be null.

Coverity-id: 13954
Signed-off-by: John Keeping <john@keeping.me.uk>
 9 years ago
John Keeping 687cdf6968 scan-tree: remove useless strdup() 
parse_configfile() takes a "const char *" and doesn't hold any
references to it after it returns; there is no reason to pass it a
duplicate.

Coverity-id: 13941
Signed-off-by: John Keeping <john@keeping.me.uk>
 9 years ago
John Keeping 94182d6031 cgit.c: remove useless null check 
Everywhere else in this function we do not check whether the value is
null and parse_configfile() never passes a null value to this callback.

Coverity-id: 13846
Signed-off-by: John Keeping <john@keeping.me.uk>
 9 years ago
Christian Hesse 978ce8c00c git: update to v2.6.1 
Update to git version v2.6.1, no changes required.

Signed-off-by: Christian Hesse <mail@eworm.de>
 9 years ago
Jason A. Donenfeld 73f199be3f mime: rewrite detection function 
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 9 years ago