Robin Krahl's fork of cgit https://git.ireas.org/cgit/atom?h=v0.9.2 2013-05-27T20:18:09Z 2013-05-27T20:18:09Z Jason A. Donenfeld Jason@zx2c4.com 2013-05-27T20:00:13Z urn:sha1:989d251384d5600abb33eb4c97b85d54dbfc6fcb Features: - update to git v1.8.3. - expanded set of default filters to include markdown, restructuredtext, and man pages. - better sample configuration file in man page. - "readme" may now be specified multiple times, and cgit will choose the first one it finds. - "readme" no longer needs a branch name. If prefixed with simply ":" it will use the default branch. - "branch-sort" allowing branches to be sorted either by "age" or "name", for kernel.org. - "enable-index-owner" allowing the owner column to be disabled in the index page. - print submodule revision next to submodule link. - integrate more closely with git apis, such as strbuf. - rely on git test harness and git makefiles. - more robust test suite. - more rebust makefile dependency accounting. - pager navigation is now unordered list. - span tag wraps commit directions. Behavior changes: - HOME is no longer passed as an environment variable to any filter api scripts. - "about-filter" now receives the filename being filtered as argv[1]. This may disrupt existing scripts, so adjust accordingly. - gitconfig and gitattributes are no longer loaded from any system directories or home directories. Security: - CVE-2013-2117: disallow directory traversal when readme is set to filesystem path. Bug fixes: - ssdiff now correctly manages tab expansion. - support unannotated tags in http git clone. - lots of cleanups of global variables and memory leaks. - do not rely on gettext/libintl. - better C standard compliance. - make several functions and variables static. - improved constification. - remove unused functions. - fix colspan values to correct width. - fix out-of-bounds memory accesses with virtual_root="". - cache repo config more precisely. - die when write fails. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2013-05-27T19:56:57Z Jason A. Donenfeld Jason@zx2c4.com 2013-05-27T19:56:57Z urn:sha1:cd42ded9e98c9159faa1de9a0d11806a723d5bfb Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2013-05-27T19:54:16Z Jason A. Donenfeld Jason@zx2c4.com 2013-05-27T19:47:02Z urn:sha1:d6d3dbc8582f7eccaa52e627f6a2f2d70c6144e8 Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2013-05-27T19:54:16Z Jason A. Donenfeld Jason@zx2c4.com 2013-05-27T19:39:43Z urn:sha1:8149be213f1c8f52b0dbe6c213f6073af57fa954 Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2013-05-26T14:30:03Z Jason A. Donenfeld Jason@zx2c4.com 2013-05-26T13:20:02Z urn:sha1:dcbc0438b2543a733858d62170f3110a89edbed6 Now this is possible in cgitrc - readme=:README.md readme=:readme.md readme=:README.mkd readme=:readme.mkd readme=:README.rst readme=:readme.rst readme=:README.html readme=:readme.html readme=:README.htm readme=:readme.htm readme=:README.txt readme=:readme.txt readme=:README readme=:readme readme=:INSTALL.txt readme=:install.txt readme=:INSTALL readme=:install Suggested-by: John Keeping <john@keeping.me.uk> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2013-05-25T18:33:28Z Jason A. Donenfeld Jason@zx2c4.com 2013-05-25T17:47:15Z urn:sha1:fe36f84d843cd755c6dab629a0758264de5bcc00 Using the url= query string, it was possible request arbitrary files from the filesystem if the readme for a given page was set to a filesystem file. The following request would return my /etc/passwd file: http://git.zx2c4.com/?url=/somerepo/about/../../../../etc/passwd http://data.zx2c4.com/cgit-directory-traversal.png This fix uses realpath(3) to canonicalize all paths, and then compares the base components. This fix introduces a subtle timing attack, whereby a client can check whether or not strstr is called using timing measurements in order to determine if a given file exists on the filesystem. This fix also does not account for filesystem race conditions (TOCTOU) in resolving symlinks. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2013-05-25T18:33:28Z Jason A. Donenfeld Jason@zx2c4.com 2013-05-25T18:30:57Z urn:sha1:2a1ead3efb940b7359bcc706c19bd8ddb0de7a11 Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2013-05-25T18:33:28Z Jason A. Donenfeld Jason@zx2c4.com 2013-05-25T14:32:37Z urn:sha1:cd4c77d989983778432363061e99219f034c3717 The readme variable may now contain multiple space deliminated entries, which per usual are either a filepath or a git ref filepath. If multiple are specified, cgit will now select the first one in the list that exists. This is to make it easier to specify multiple default readme types in the main cgitrc file and have them automatically get applied to each repo based on what exists. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2013-05-25T18:33:28Z Jason A. Donenfeld Jason@zx2c4.com 2013-05-25T12:50:19Z urn:sha1:c0dfaf1c281d0697ce43131343d7a9f170a61ff9 This gives the about-filter API the same semantics as source-filter, where the filter receives the filename so it can decide what to do next with it. While we're at it, plug a memory leak. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2013-05-25T18:33:28Z Jason A. Donenfeld Jason@zx2c4.com 2013-05-25T12:19:10Z urn:sha1:3cb5d86dc68bab4883bf5a7cbc90f3e266237355 If the readme value begins with ":", and has no specified branch before it, use the repository's default branch. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>