|  | Commit message (Collapse) | Author | Age | Files | Lines | 
|---|
| | |  | 
| | |  | 
| | |  | 
| | 
| 
| 
| | Signed-off-by: Peter Colberg <peter@colberg.org> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | Return HTTP status code 404 Not found when querying a non-existent
repository, which signals to search engines that a repository no
longer exists. Further, some webservers such as nginx permit
logging requests to different files depending on the HTTP code.
Signed-off-by: Peter Colberg <peter@colberg.org> | 
| | 
| 
| 
| | Signed-off-by: Peter Colberg <peter@colberg.org> | 
| | 
| 
| 
| 
| 
| 
| 
| | The ctx.qry.page variable might be unset at this point, e.g. when an
invalid command is passed and cgit_print_pageheader() is called to show
an error message.
Signed-off-by: Lukas Fleischer <lfleischer@lfos.de> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | Update to git version v2.7.0.
* Upstream commit ed1c9977cb1b63e4270ad8bdf967a2d02580aa08 (Remove
  get_object_hash.) changed API:
  Convert all instances of get_object_hash to use an appropriate
  reference to the hash member of the oid member of struct object.
  This provides no functional change, as it is essentially a macro
  substitution.
Signed-off-by: Christian Hesse <mail@eworm.de> | 
| | 
| 
| 
| 
| 
| 
| | readfile() can fail if the agefile is not readable. Make sure free()
does not free an ininitialized string.
Signed-off-by: Christian Hesse <mail@eworm.de> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | ctx.env.content_length is an unsigned int, coming from the
CONTENT_LENGTH environment variable, which is parsed by strtoul. The
HTTP/1.1 spec says that "any Content-Length greater than or equal to
zero is a valid value." By storing this into an int, we potentially
overflow it, resulting in the following bounding check failing, leading
to a buffer overflow.
Reported-by: Erik Cabetas <Erik@cabetas.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | 
| | |  | 
| | 
| 
| 
| | Signed-off-by: Christian Hesse <mail@eworm.de> | 
| | 
| 
| 
| | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | 
| | 
| 
| 
| | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | 
| | 
| 
| 
| | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | 
| | 
| 
| 
| 
| | Coverity-id: 13910
Signed-off-by: Christian Hesse <mail@eworm.de> | 
| | 
| 
| 
| 
| | Coverity-id: 13945
Signed-off-by: Christian Hesse <mail@eworm.de> | 
| | 
| 
| 
| 
| | Coverity-id: 13946
Signed-off-by: Christian Hesse <mail@eworm.de> | 
| | 
| 
| 
| 
| | Coverity-id: 13947
Signed-off-by: Christian Hesse <mail@eworm.de> | 
| | 
| 
| 
| 
| | Coverity-id: 13944
Signed-off-by: Christian Hesse <mail@eworm.de> | 
| | 
| 
| 
| 
| | Coverity-id: 13943
Signed-off-by: Christian Hesse <mail@eworm.de> | 
| | 
| 
| 
| 
| | Coverity-id: 13939
Signed-off-by: Christian Hesse <mail@eworm.de> | 
| | 
| 
| 
| 
| | Coverity-id: 13940
Signed-off-by: Christian Hesse <mail@eworm.de> | 
| | 
| 
| 
| 
| | Coverity-id: 13930
Signed-off-by: Christian Hesse <mail@eworm.de> | 
| | 
| 
| 
| 
| | Coverity-id: 13931
Signed-off-by: Christian Hesse <mail@eworm.de> | 
| | 
| 
| 
| | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | 
| | 
| 
| 
| | Signed-off-by: Christian Hesse <mail@eworm.de> | 
| | 
| 
| 
| | Signed-off-by: Christian Hesse <mail@eworm.de> | 
| | 
| 
| 
| | Signed-off-by: Christian Hesse <mail@eworm.de> | 
| | 
| 
| 
| 
| | Coverity-id: 13927
Signed-off-by: Christian Hesse <mail@eworm.de> | 
| | 
| 
| 
| | Signed-off-by: Christian Hesse <mail@eworm.de> | 
| | 
| 
| 
| 
| | Coverity-id: 13918
Signed-off-by: Christian Hesse <mail@eworm.de> | 
| | 
| 
| 
| 
| | Coverity-id: 13929
Signed-off-by: Christian Hesse <mail@eworm.de> | 
| | 
| 
| 
| 
| | Coverity-id: 13938
Signed-off-by: Christian Hesse <mail@eworm.de> | 
| | 
| 
| 
| | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | 
| | 
| 
| 
| 
| 
| 
| 
| | findstring is defined as $(findstring FIND,IN) so if multiple flags are
set these tests do the wrong thing unless $(MAKEFLAGS) is the second
argument.
Signed-off-by: John Keeping <john@keeping.me.uk> | 
| | 
| 
| 
| 
| 
| 
| | There is no way that "tag" can be null here.
Coverity-id: 13950
Signed-off-by: John Keeping <john@keeping.me.uk> | 
| | 
| 
| 
| 
| 
| 
| 
| | We have already called strlen() on "path" by the time we get here, so we
know it can't be null.
Coverity-id: 13954
Signed-off-by: John Keeping <john@keeping.me.uk> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | parse_configfile() takes a "const char *" and doesn't hold any
references to it after it returns; there is no reason to pass it a
duplicate.
Coverity-id: 13941
Signed-off-by: John Keeping <john@keeping.me.uk> | 
| | 
| 
| 
| 
| 
| 
| 
| | Everywhere else in this function we do not check whether the value is
null and parse_configfile() never passes a null value to this callback.
Coverity-id: 13846
Signed-off-by: John Keeping <john@keeping.me.uk> | 
| | 
| 
| 
| 
| 
| | Update to git version v2.6.1, no changes required.
Signed-off-by: Christian Hesse <mail@eworm.de> | 
| | 
| 
| 
| | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | The about page used to display just fine, but images were broken: The
binary image data was embedded in html code.
Use cgit_print_plain() to send images in plain mode and make them
available on about page.
Signed-off-by: Christian Hesse <mail@eworm.de> | 
| | 
| 
| 
| 
| 
| 
| | * handle mimetype within a single function
* return allocated memory on success
Signed-off-by: Christian Hesse <mail@eworm.de> | 
| | 
| 
| 
| | Signed-off-by: Christian Hesse <mail@eworm.de> | 
| | 
| 
| 
| 
| 
| 
| 
| | The previous commit removed the "pre" field from "struct cgit_cmd" but
forgot to update this macro.
Signed-off-by: John Keeping <john@keeping.me.uk>
Reviewed-by: Christian Hesse <mail@eworm.de> | 
| | 
| 
| 
| | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | 
| | 
| 
| 
| 
| 
| 
| | Most errors we generate are (potentially) transient, such as
non-existent object IDs so we don't want them to be cached forever.
Signed-off-by: John Keeping <john@keeping.me.uk> | 
| | 
| 
| 
| 
| 
| | No commands use this any more.
Signed-off-by: John Keeping <john@keeping.me.uk> | 
| | 
| 
| 
| 
| 
| 
| 
| | This also allows us to return proper HTTP error codes when the requested
tree is not found and display an error message in one case (invalid path
inside valid commit) where we previously just displayed an empty page.
Signed-off-by: John Keeping <john@keeping.me.uk> |