aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* css: make the footer opaquech/dynamic-agingChristian Hesse2019-10-251-2/+3
| | | | | | | Instead of changing the font color we add opacity to the whole footer. Signed-off-by: Christian Hesse <mail@eworm.de>
* ui-shared: add now-dynamic age to footerAndy Green2019-10-251-1/+3
| | | | | | | | Now ages advance at the client, we can add one to the generated footer. Signed-off-by: Andy Green <andy@warmcat.com> Signed-off-by: Christian Hesse <mail@eworm.de>
* cgit.js: add dynamic age updateAndy Green2019-10-253-1/+63
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch updates the emitted "ages" dynamically on the client side. After updating on completion of the document load, it sets a timer to update according to the smallest age it found. If there are any ages listed in minutes, then it will update again in 10s. When the most recent age is in hours, it updates every 5m. If days, then every 30m and so on. This keeps the cost of the dynamic updates at worst once per 10s. The updates are done entirely on the client side without contact with the server. To make this work reliably, since parsing datetimes is unreliable in browser js, the unix time is added as an attribute to all age spans. To make that reliable cross-platform, the unix time is treated as a uint64_t when it is formatted for printing. The rules for display conversion of the age is aligned with the existing server-side rules in ui-shared.h. If the client or server-side time are not synchronized by ntpd etc, ages shown on the client will not relate to the original ages computed at the server. The client updates the ages immediately when the DOM has finished loading, so in the case the times at the server and client are not aligned, this patch changes what the user sees on the page to reflect patch age compared to client time. If the server and client clocks are aligned, this patch makes no difference to what is seen on the page. Signed-off-by: Andy Green <andy@warmcat.com> Signed-off-by: Christian Hesse <mail@eworm.de>
* config: add jsAndy Green2019-10-256-0/+27
| | | | | | | | | | | | Just like the config allows setting css URL path, add a config for setting the js URL path Setting the js path to an empty string disables emitting the reference to it in the head section. Signed-off-by: Andy Green <andy@warmcat.com> Reviewed-by: John Keeping <john@keeping.me.uk> Signed-off-by: Christian Hesse <mail@eworm.de>
* css: change to be a listch/css-listAndy Green2019-10-254-7/+22
| | | | | | | | | | | Without changing the default behaviour of including /cgit.css if nothing declared, allow the "css" config to be given multiple times listing one or more alternative URL paths to be included in the document head area. Signed-off-by: Andy Green <andy@warmcat.com> Signed-off-by: Christian Hesse <mail@eworm.de>
* git: update to v2.23.0HEADmasterChristian Hesse2019-10-252-1/+1
| | | | | | | | Update to git version v2.23.0. No changes required. Signed-off-by: Christian Hesse <mail@eworm.de>
* git: update to v2.22.0Christian Hesse2019-10-253-7/+12
| | | | | | | | | | Update to git version v2.22.0. Upstream commit bce9db6d ("trace2: use system/global config for default trace2 settings") caused a regression. We have to unset HOME and XDG_CONFIG_HOME before early loading of config from trace2 code kicks in. Signed-off-by: Christian Hesse <mail@eworm.de>
* ui-tree: allow per repository override for enable-blameChristian Hesse2019-06-256-3/+13
| | | | | | | The blame operation can cause high cost in terms of CPU load for huge repositories. Let's add a per repository override for enable-blame. Signed-off-by: Christian Hesse <mail@eworm.de>
* tests: successfully validate rc versionsChristian Hesse2019-06-051-1/+1
| | | | | | | | For testing versions the version string differs for git tag (v2.22.0-rc3) and tarball file name (2.22.0.rc3). Let's fix validation for testing versions. Signed-off-by: Christian Hesse <mail@eworm.de>
* git: update to v2.21.0Christian Hesse2019-06-059-15/+21
| | | | | | | | | | | | | | Update to git version v2.21.0. Required changes follow upstream commits: * 6a7895fd8a3bd409f2b71ffc355d5142172cc2a0 (commit: prepare free_commit_buffer and release_commit_memory for any repo) * e092073d643b17c82d72cf692fbfaea9c9796f11 (tree.c: make read_tree*() take 'struct repository *') Signed-off-by: Christian Hesse <mail@eworm.de> Reviewed-by: John Keeping <john@keeping.me.uk>
* ui-ssdiff: ban strncat()Christian Hesse2019-06-051-3/+5
| | | | | | | Git version v2.21.0 marks strncat() as banned (commit ace5707a803eda0f1dde3d776dc3729d3bc7759a), so replace it. Signed-off-by: Christian Hesse <mail@eworm.de>
* global: make 'char *path' const where possibleChristian Hesse2019-06-059-10/+10
| | | | Signed-off-by: Christian Hesse <mail@eworm.de>
* ui-shared: restrict to 15 levelsJason A. Donenfeld2019-05-201-1/+3
| | | | | | | | Perhaps a more ideal version of this would be to not print breadcrumbs at all for paths that don't exist in the given repo at the given oid. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Reported-by: Fydor Wire Snark <wsnark@tuta.io>
* ui-diff,ui-tag: don't use htmlf with non-formatted stringsChris Mayo2019-02-232-3/+3
| | | | Signed-off-by: Chris Mayo <aklhfex@gmail.com>
* ui-ssdiff: resolve HTML5 validation errorsChris Mayo2019-02-231-4/+6
| | | | | | | | | - Remove ids from anchor elements. They were unusable because they were duplicated between files and versions of files. - Always close span, with html(). - Fix missing / on closing tr element in cgit_ssdiff_header_end(). Signed-off-by: Chris Mayo <aklhfex@gmail.com>
* filters: migrate from luacrypto to luaosslJason A. Donenfeld2019-01-035-44/+83
| | | | | | | luaossl has no upstream anymore and doesn't support OpenSSL 1.1, whereas luaossl is quite active. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* ui-shared: fix broken sizeof in title setting and rewriteJason A. Donenfeld2019-01-021-26/+8
| | | | | | | The old algorithm was totally incorrect. While we're at it, use « instead of \, since it makes more sense. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* git: update to v2.20.0Christian Hesse2018-12-094-2/+3
| | | | | | | | | | | | Update to git version v2.20.0. Required changes follow upstream commits: * 00436bf1b1c2a8fe6cf5d2c2457d419d683042f4 (archive: initialize archivers earlier) * 611e42a5980a3a9f8bb3b1b49c1abde63c7a191e (xdiff: provide a separate emit callback for hunks) Signed-off-by: Christian Hesse <mail@eworm.de>
* ui-blame: set repo for sbJason A. Donenfeld2018-11-251-0/+1
| | | | | | | Otherwise recent git complains and crashes with: "BUG: blame.c:1787: repo is NULL". Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* auth-filter: pass url with query string attachedJason A. Donenfeld2018-11-253-3/+37
| | | | | | Otherwise redirections come out wrong. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* git: use xz compressed archive for downloadChristian Hesse2018-11-211-2/+2
| | | | | | | | | Upstream will stop providing gz compressed source tarballs [0], so stop using them. [0] https://lists.zx2c4.com/pipermail/cgit/2018-November/004254.html Signed-off-by: Christian Hesse <mail@eworm.de>
* git: update to v2.19.1Christian Hesse2018-10-1215-22/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update to git version v2.19.1. Required changes follow upstream commits: * commit: add repository argument to get_cached_commit_buffer (3ce85f7e5a41116145179f0fae2ce6d86558d099) * commit: add repository argument to lookup_commit_reference (2122f6754c93be8f02bfb5704ed96c88fc9837a8) * object: add repository argument to parse_object (109cd76dd3467bd05f8d2145b857006649741d5c) * tag: add repository argument to deref_tag (a74093da5ed601a09fa158e5ba6f6f14c1142a3e) * tag: add repository argument to lookup_tag (ce71efb713f97f476a2d2ab541a0c73f684a5db3) * tree: add repository argument to lookup_tree (f86bcc7b2ce6cad68ba1a48a528e380c6126705e) * archive.c: avoid access to the_index (b612ee202a48f129f81f8f6a5af6cf71d1a9caef) * for_each_*_object: move declarations to object-store.h (0889aae1cd18c1804ba01c1a4229e516dfb9fe9b) Signed-off-by: Christian Hesse <mail@eworm.de>
* ui-ssdiff: ban strcat()Christian Hesse2018-09-111-2/+4
| | | | | | | | | Git upstream bans strcat() with commit: banned.h: mark strcat() as banned 1b11b64b815db62f93a04242e4aed5687a448748 Signed-off-by: Christian Hesse <mail@eworm.de>
* ui-ssdiff: ban strncpy()Christian Hesse2018-09-111-2/+1
| | | | | | | | | Git upstream bans strncpy() with commit: banned.h: mark strncpy() as banned e488b7aba743d23b830d239dcc33d9ca0745a9ad Signed-off-by: Christian Hesse <mail@eworm.de>
* ui-shared: ban strcat()Christian Hesse2018-09-111-4/+8
| | | | | | | | | | | Git upstream bans strcat() with commit: banned.h: mark strcat() as banned 1b11b64b815db62f93a04242e4aed5687a448748 To avoid compiler warnings from gcc 8.1.x we get the hard way. Signed-off-by: Christian Hesse <mail@eworm.de>
* ui-patch: ban sprintf()Christian Hesse2018-09-111-2/+5
| | | | | | | | | Git upstream bans sprintf() with commit: banned.h: mark sprintf() as banned cc8fdaee1eeaf05d8dd55ff11f111b815f673c58 Signed-off-by: Christian Hesse <mail@eworm.de>
* ui-log: ban strncpy()Christian Hesse2018-09-111-1/+1
| | | | | | | | | Git upstream bans strncpy() with commit: banned.h: mark strncpy() as banned e488b7aba743d23b830d239dcc33d9ca0745a9ad Signed-off-by: Christian Hesse <mail@eworm.de>
* ui-log: ban strcpy()Christian Hesse2018-09-111-1/+1
| | | | | | | | | Git upstream bans strcpy() with commit: automatically ban strcpy() c8af66ab8ad7cd78557f0f9f5ef6a52fd46ee6dd Signed-off-by: Christian Hesse <mail@eworm.de>
* parsing: ban sprintf()Christian Hesse2018-09-111-1/+1
| | | | | | | | | Git upstream bans sprintf() with commit: banned.h: mark sprintf() as banned cc8fdaee1eeaf05d8dd55ff11f111b815f673c58 Signed-off-by: Christian Hesse <mail@eworm.de>
* parsing: ban strncpy()Christian Hesse2018-09-111-2/+1
| | | | | | | | | Git upstream bans strncpy() with commit: banned.h: mark strncpy() as banned e488b7aba743d23b830d239dcc33d9ca0745a9ad Signed-off-by: Christian Hesse <mail@eworm.de>
* filters: generate anchor links from markdownChristian Hesse2018-08-281-2/+15
| | | | | | | This makes the markdown filter generate anchor links for headings. Signed-off-by: Christian Hesse <mail@eworm.de> Tested-by: jean-christophe manciot <actionmystique@gmail.com>
* Bump version.v1.2.1Jason A. Donenfeld2018-08-031-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* clone: fix directory traversalJason A. Donenfeld2018-08-031-4/+19
| | | | | | | | | | | | This was introduced in the initial version of this code, way back when in 2008. $ curl http://127.0.0.1/cgit/repo/objects/?path=../../../../../../../../../etc/passwd root:x:0:0:root:/root:/bin/sh ... Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Reported-by: Jann Horn <jannh@google.com>
* config: record repo.snapshot-prefix in the per-repo configKonstantin Ryabitsev2018-08-031-0/+2
| | | | | | | | Even if we find snapshot-prefix in the repo configuration, we are not writing it out into the rc- file, so setting the value does not have any effect. Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
* auth-filters: add simple file-based authentication schemeJason A. Donenfeld2018-08-031-0/+352
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* auth-filters: use crypt() in simple-authenticationJason A. Donenfeld2018-07-151-13/+6
| | | | | | | There's no use in giving a silly example to folks who will just copy it, so instead try to do something slightly better. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* auth-filters: generate secret securelyJason A. Donenfeld2018-07-152-18/+85
| | | | | | This is much better than having the user generate it themselves. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* auth-filters: do not crash on nil usernameJason A. Donenfeld2018-07-141-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* auth-filter: do not write more than we've readJason A. Donenfeld2018-07-141-2/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* auth-filters: do not use HMAC-SHA1Jason A. Donenfeld2018-07-142-4/+4
| | | | | | | Though SHA1 is broken, HMAC-SHA1 is still fine. But let's not push our luck; SHA256 is more sensible anyway. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Bump version.v1.2Jason A. Donenfeld2018-07-131-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Update COPYINGTodd Zullinger2018-07-101-20/+19
| | | | | | | | | | | | | The address of the Free Software Foundation has changed since the license was added in 7640d90 ("Add license file and copyright notices", 2006-12-10). Update the license file from gnu.org¹. The only non-whitespace changes are the updated FSF address and two references to the L in LGPL changed from Library to Lesser. ¹ https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt Signed-off-by: Todd Zullinger <tmz@pobox.com>
* css: use correct size in annotated decorationJason A. Donenfeld2018-07-081-0/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* cgitrc.5: add local tar signature exampleJason A. Donenfeld2018-07-051-4/+15
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Fix gcc 8.1.1 compiler warningsJason A. Donenfeld2018-07-043-15/+23
| | | | | | | | | | | | | | | | | | | | | | CC ../shared.o ../shared.c: In function ‘expand_macro’: ../shared.c:487:3: warning: ‘strncpy’ specified bound depends on the length of the source argument [-Wstringop-overflow=] strncpy(name, value, len); ^~~~~~~~~~~~~~~~~~~~~~~~~ ../shared.c:484:9: note: length computed here len = strlen(value); ^~~~~~~~~~~~~ ../ui-shared.c: In function ‘cgit_repobasename’: ../ui-shared.c:136:2: warning: ‘strncpy’ specified bound 1024 equals destination size [-Wstringop-truncation] strncpy(rvbuf, reponame, sizeof(rvbuf)); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CC ../ui-ssdiff.o ../ui-ssdiff.c: In function ‘replace_tabs’: ../ui-ssdiff.c:142:4: warning: ‘strncat’ output truncated copying between 1 and 8 bytes from a string of length 8 [-Wstringop-truncation] strncat(result, spaces, 8 - (strlen(result) % 8)); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* cgitrc.5: document new signature notesJason A. Donenfeld2018-07-031-1/+17
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* snapshot: support tar signature for compressed tarChristian Hesse2018-07-032-2/+10
| | | | | | | | | | | | This adds support for kernel.org style signatures where the uncompressed tar archive is signed and compressed later. The signature is valid for all tar* snapshots. We have a filter which snapshots may be generated and downloaded. This has to allow tar signatures now even if tar itself is not allowed. To simplify things we allow all signatures. Signed-off-by: Christian Hesse <mail@eworm.de>
* extra-head-content: introduce another option for meta tagsJason A. Donenfeld2018-07-035-0/+12
| | | | | | | This is to support things like go-import meta tags, which are on a per-repo basis. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Use string list strdup_strings for mimetypesJohn Keeping2018-06-271-2/+2
| | | | | | | There's no need to do this manually with the string list API will do it for us. Signed-off-by: John Keeping <john@keeping.me.uk>
* manpage: fix sorting orderAndy Green2018-06-271-88/+88
| | | | | | | | You maybe didn't know you had OCD until you saw an alpha sorted list that has stuff out of order in it. Signed-off-by: Andy Green <andy@warmcat.com> Reviewed-by: John Keeping <john@keeping.me.uk>