Upstream git is replacing 'unsigned char sha1[20]' with 'struct object_id
oid'. We have some code that can be changed independent from upstream. So
here we go...
Upstream continues to replace unsigned char *sha1 with struct
object_id old_oid. This makes the required changes.
The git lib has its own main function now. Rename our main function
to cmd_main, it is called from main then.
ctx.env.content_length is an unsigned int, coming from the
CONTENT_LENGTH environment variable, which is parsed by strtoul. The
HTTP/1.1 spec says that "any Content-Length greater than or equal to
zero is a valid value." By storing this into an int, we potentially
overflow it, resulting in the following bounding check failing, leading
to a buffer overflow.
Reported-by: Erik Cabetas <Erik@cabetas.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Everywhere else in this function we do not check whether the value is
null and parse_configfile() never passes a null value to this callback.
Coverity-id: 13846
Signed-off-by: John Keeping <john@keeping.me.uk>
These are more-or-less one-to-one translations but in the final hunk we
gain an HTTP error code where we used to send "200 OK", which is an
improvement.
Signed-off-by: John Keeping <john@keeping.me.uk>
Update to git version v2.5.0.
* Upstream commit 5455ee0573a22bb793a7083d593ae1ace909cd4c (Merge branch
'bc/object-id') changed API:
for_each_ref() callback functions were taught to name the objects
not with "unsigned char sha1[20]" but with "struct object_id".
* Upstream commit dcf692625ac569fefbe52269061230f4fde10e47 (path.c: make
get_pathname() call sites return const char *)
Signed-off-by: Christian Hesse <mail@eworm.de>
If the global option enable-filter-overrides is set to 1 the repo-specific
options repo.hide and repo.ignore never got processed.
Signed-off-by: Daniel Reichelt <hacking@nachtgeist.net>
Reviewed-by: John Keeping <john@keeping.me.uk>
* sort_string_list(): rename to string_list_sort() (upstream commit
3383e199)
* update read_tree_recursive callback to pass strbuf as base (upstream
commit 6a0b0b6d)
Signed-off-by: Christian Hesse <mail@eworm.de>
These options can be used to hide a repository from the index or
completely ignore a repository, respectively. They are particularly
useful when used in combination with scan-path.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
This will allow us to introduce a new "stat only" diff mode without
needing an explosion of mutually incompatible flags.
The old "ss" query parameter is still accepted in order to avoid
breaking saved links, but we no longer generate any URIs using it;
instead the new "dt" (diff type) parameter is used.
Signed-off-by: John Keeping <john@keeping.me.uk>
Specifying a nonexistent README file via the readme option is sometimes
useful, e.g. when using scan-path and setting a global default.
Currently, we check whether there is only one option in the readme
option and, if so, we choose that file without checking whether it
exists. As a consequence, all repositories are equipped with an about
link in the aforementioned scenario, even if there is no about file.
Remove the early check for the number of keys and always check whether
the file exists instead.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
prefixcmp() and suffixcmp() have been remove, functionality is now
provided by starts_with() and ends_with(). Retrurn values have been
changed, so instead of just renaming we have to fix logic.
Everything else looks just fine.
This can be used to specify the TTL for snapshots. Snapshots are usually
static and do not ever change. On the other hand, tarball generation is
CPU intensive.
One use case of this setting (apart from increasing the lifetime of
snapshot cache slots) is caching of snapshots while disabling the cache
for static/dynamic HTML pages (by setting TTL to zero for everything
except for snapshot requests).
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
Drop the context parameter from the following functions (and all static
helpers used by them) and use the global context instead:
* cgit_print_http_headers()
* cgit_print_docstart()
* cgit_print_pageheader()
Remove context parameter from all commands
Drop the context parameter from the following functions (and all static
helpers used by them) and use the global context instead:
* cgit_get_cmd()
* All cgit command functions.
* cgit_clone_info()
* cgit_clone_objects()
* cgit_clone_head()
* cgit_print_plain()
* cgit_show_stats()
In initialization routines, use the global context variable instead of
passing a pointer around locally.
Remove callback data parameter for cache slots
This is no longer needed since the context is always read from the
global context variable.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
This also gives us some CSRF protection. Note that we make use of the
hmac to protect the redirect value.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This leverages the new lua support. See
filters/simple-authentication.lua for explaination of how this works.
There is also additional documentation in cgitrc.5.txt.
Though this is a cookie-based approach, cgit's caching mechanism is
preserved for authenticated pages.
Very plugable and extendable depending on user needs.
The sample script uses an HMAC-SHA1 based cookie to store the
currently logged in user, with an expiration date.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Filters can now call hook_write and unhook_write if they want to
redirect writing to stdout to a different function. This saves us from
potential file descriptor pipes and other less efficient mechanisms.
We do this instead of replacing the call in html_raw because some places
stdlib's printf functions are used (ui-patch or within git itself),
which has its own internal buffering, which makes it difficult to
interlace our function calls. So, we dlsym libc's write and then
override it in the link stage.
While we're at it, we move considerations of argument count into the
generic new filter handler.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
At some point, we're going to want to do lazy deallocation of filters.
For example, if we implement lua, we'll want to load the lua runtime
once for each filter, even if that filter is called many times.
Similarly, for persistent exec filters, we'll want to load it once,
despite many open_filter and close_filter calls, and only reap the child
process at the end of the cgit process. For this reason, we add here a
cleanup function that is called at the end of cgit's main().
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This stops the code in cgit.c::print_repo needing to inspect the
cgit_filter structure, meaning that we can abstract out different filter
types that will have different fields that need to be printed.
Signed-off-by: John Keeping <john@keeping.me.uk>
* Formatting and spelling fixes.
* A bit mask with the size of one byte only allows for storing 8 (not
255!) different flags.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
When parsing command line arguments, no pair of command line options can
ever match simultaneously. Use "else if" blocks to reflect this. This
change improves both readability and speed.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
This is a preparation for replacing all prefix checks with either
strip_prefix() or starts_with() when Git 1.8.6 is released.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
* Name "cgit Development Team" as copyright holder to avoid listing
every single developer.
* Update copyright ranges.
Signed-off-by: Lukas Fleischer <cgit@crytocrack.de>
Pages like /commit?h=wip&id=8a335ce618ba77fbf05148d6f8be17bd48ba4340
were being marked as dynamic, because of h=wip, when it should be
static, because of id=.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
We've long supported negative ttls, for infinite cache, except the
documentation incorrectly showed one of our defaults as being 5 and not
-1. As well, with a negative ttl, we were actually making the HTTP
expired header go backwards. This changes it to go ahead ten years
instead.
Further, we add an cache-about-ttl option to set a different ttl for
about pages, which are now increasingly being filtered through markdown
or just sent statically anyway.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Now this is possible in cgitrc -
readme=:README.md
readme=:readme.md
readme=:README.mkd
readme=:readme.mkd
readme=:README.rst
readme=:readme.rst
readme=:README.html
readme=:readme.html
readme=:README.htm
readme=:readme.htm
readme=:README.txt
readme=:readme.txt
readme=:README
readme=:readme
readme=:INSTALL.txt
readme=:install.txt
readme=:INSTALL
readme=:install
Suggested-by: John Keeping <john@keeping.me.uk>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
The readme variable may now contain multiple space deliminated entries,
which per usual are either a filepath or a git ref filepath. If multiple
are specified, cgit will now select the first one in the list that
exists. This is to make it easier to specify multiple default readme
types in the main cgitrc file and have them automatically get applied to
each repo based on what exists.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This gives the about-filter API the same semantics as source-filter,
where the filter receives the filename so it can decide what to do next
with it.
While we're at it, plug a memory leak.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
The number of odd cases in which git will try to read config is far too
great to keep putting a bandaid over each one, so we'll just unset it.
If it turns out that scripts really liked to know about $HOME, we can
always reset it in the filter forks.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
We've now added quite a few config keys for repositories, but we've
forgotten to update the printing of it for cache files. Synchronize the
two.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>