A hyperfast web frontend for git repositories written in C. https://git.zx2c4.com/cgit/atom/cgit.c?h=v1.3.1 2026-05-04T16:28:27Z 2026-05-04T16:28:27Z Jason A. Donenfeld Jason@zx2c4.com 2026-05-04T16:13:13Z urn:sha1:ed05b1054df10a2fbc68000cfdd429daec03a456 These would be largely invalid anyway (save, I suppose, for Linux file paths that technically can contain new lines). The actual problem is that these get printed back out into cached -- and trusted -- cgitrc files, and if the fields have newlines, the git-config way of less trusted users configuring repos on a shared system can be abused to inject newlines, which then can be used to smuggle global options (including filters, which execute code) into the cached cgitrc. So now, only ever duplicate up to the newline, when dealing with these inputs. Reported-by: Adrian Denkiewicz <adrian@doyensec.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2026-05-04T16:28:27Z Jason A. Donenfeld Jason@zx2c4.com 2026-05-04T16:02:57Z urn:sha1:e7e8cf1801b06a9f7f5092671b0413689a765fe7 Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2026-05-04T16:28:27Z Jason A. Donenfeld Jason@zx2c4.com 2026-05-04T15:50:43Z urn:sha1:5b4e73c203f5f4484d66f043f1e9114daefeb632 There's no reason to pass around function pointers. It was never used for anything beyond one function. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2026-03-10T21:19:00Z Jason A. Donenfeld Jason@zx2c4.com 2026-03-10T20:26:55Z urn:sha1:0d8e5fbc31e1082063bfb5155c35b7869721152b We don't get any return value from compile_grep_patterns calling compile_regexp_failed, causing the default die routine to print to stderr and then for cgit to exit ungracefully. Instead override the default die routine to show a normal error page. Perhaps compile_grep_patterns ought to change upstream to return an error. But this commit here will handle future issues as well, so perhaps not a bad idea to do anyway. Link: https://lists.zx2c4.com/pipermail/cgit/2026-March/004982.html Link: https://lists.zx2c4.com/pipermail/cgit/2026-March/004983.html Reported-by: Adrian C. <anrxc@sysphere.org> Reported-by: Aiden Woodruff <aiden@aidenw.net> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2026-02-24T10:49:35Z Jason A. Donenfeld Jason@zx2c4.com 2026-02-24T10:48:54Z urn:sha1:0d28d54f0a287ee3e5a12d14ffd2ee23b5e22d76 This exists for other CPU heavy operations like blame, but doesn't for the follow functionality. Add it for that. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2026-02-02T19:44:31Z Christian Hesse mail@eworm.de 2026-01-19T10:46:27Z urn:sha1:d9da9cec9640668f82b2f367fade18eb27b28616 Update to git version v2.53.0, this requires changes for these upstream commits: * bdbebe5714b25dc9d215b48efbb80f410925d7dd refs: introduce wrapper struct for `each_ref_fn` * 589127caa73090040200989ff4d24c3d54f473f2 packfile: move list of packs into the packfile store * 5a5c7359f77ecd1bc4b0e172563161d602f131d3 refs: drop `current_ref_iter` hack * b6e4cc8c32850315323961659e553d1d14591f7f tag: support arbitrary repositories in parse_tag() * 84f0e60b28de69d1ccb7a51b729af6202b6cf4c8 packfile: move packfile store into object source Signed-off-by: Christian Hesse <mail@eworm.de> 2024-10-07T15:34:42Z Christian Hesse mail@eworm.de 2024-09-26T17:41:29Z urn:sha1:c1733e28d91bea5647e11fe099751fbc839669d7 Update to git version v2.47.0, this requires changes for these upstream commits: * e8207717f1623325fe1c95338fb03c1104ed5687 refs: add referent to each_ref_fn Signed-off-by: Christian Hesse <mail@eworm.de> 2024-08-02T16:22:56Z Christian Hesse mail@eworm.de 2024-07-16T07:45:13Z urn:sha1:09d24d7cd0b7e85633f2f43808b12871bb209d69 Update to git version v2.46.0, this requires changes for these upstream commits: * e7da9385708accf518a80a1e17969020fb361048 global: introduce `USE_THE_REPOSITORY_VARIABLE` macro * 9da95bda74cf10e1475384a71fd20914c3b99784 hash: require hash algorithm in `oidread()` and `oidclr()` * 30aaff437fddd889ba429b50b96ea4c151c502c5 refs: pass repo when peeling objects * c8f815c2083c4b340d4148a15d45c55f2fcc7d3f refs: remove functions without ref store Signed-off-by: Christian Hesse <mail@eworm.de> 2023-06-01T10:00:43Z Christian Hesse mail@eworm.de 2023-05-16T15:02:27Z urn:sha1:a6da40bf84527cbe77d1ec504e1fefb982b9a52a Update to git version v2.41.0, with lots of changes... This requires changes for these upstream commits: * 60ff56f50372c1498718938ef504e744fe011ffb banned.h: mark `strtok()` and `strtok_r()` as banned * 52acddf36c8cb3778ab2098a0d95cc2e375a4069 string-list: multi-delimiter `string_list_split_in_place()` * d850b7a545fcfbd97460a921c7f7c59d933eb0f7 cocci: apply the "cache.h" part of "the_repository.pending" * cb338c23d6d518947bf6f7240bf30e2ec232bd3b cocci: apply the "commit-reach.h" part of "the_repository.pending" * ecb5091fd4301ac647db0bd2504112b38f7ee06d cocci: apply the "commit.h" part of "the_repository.pending" * 085390328f5fe1dfba67039b1fd6cc51546a4e41 cocci: apply the "diff.h" part of "the_repository.pending" * bc726bd075929aab6b3e09d4dd5c2b0726fd5350 cocci: apply the "object-store.h" part of "the_repository.pending" * bab821646a74c446370fa8d01ca851f247df5033 cocci: apply the "pretty.h" part of "the_repository.pending" * afe27c889429438829bc8818ed17e4960bd3ef02 cocci: apply the "packfile.h" part of "the_repository.pending" * 12cb1c10a64170a5d600dd1c6c8abfeec105fb6b cocci: apply the "refs.h" part of "the_repository.pending" * 035c7de9e9ea11d26df5f9e4bb117f91ed11a9fd cocci: apply the "revision.h" part of "the_repository.pending" ... and some more I missed to list 😜 - for example the move and cleanup of headers and includes (see changes in `cgit.h`) comes to mind... Signed-off-by: Christian Hesse <mail@eworm.de> 2022-12-19T15:50:21Z Andy Green andy@warmcat.com 2018-06-23T10:25:53Z urn:sha1:aee39b4e9a45e1ba507c0017de50bb9dbbae7af8 Just like the config allows setting css URL path, add a config for setting the js URL path Signed-off-by: Andy Green <andy@warmcat.com> Reviewed-by: John Keeping <john@keeping.me.uk> Signed-off-by: Christian Hesse <mail@eworm.de>