cgit, branch jd/zx2c4-deploymentA hyperfast web frontend for git repositories written in C.http://git.cetero.st/cgit/atom/?h=jd%2Fzx2c4-deployment2026-05-04T21:03:58Zcss: Support for dark mode2026-05-04T21:03:58ZSamuel Lidén Borellsamuel@kodafritt.se2023-01-29T16:55:29Zurn:sha1:43fede44a7eb435ab7e0aafd4badeb4334ef6edb
Modern browsers have a "dark mode" preference, which enables alternate
styles on web sites that support this.
This patch adds a dark color scheme, that is automatically activated
via a CSS @media query.
Older browsers that do not support color schemes will simply show the
light scheme, but possibly without syntax highlighting.
Note that filters that use color (such as source highlighters) and
logotypes may need to be updated to work with a black background!
See the updated files in the filters/ directory.
Signed-off-by: Samuel Lidén Borell <samuel@kodafritt.se>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
html: double escape literal + in URLs2026-05-04T21:03:58ZJason A. DonenfeldJason@zx2c4.com2018-12-22T01:38:09Zurn:sha1:335986132526494a3e010d41a70f864d5b73dae6
It's unclear whether this is correct or whether my server is double
decoding.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
css: switch monospace fonts2026-05-04T21:03:58ZJason A. DonenfeldJason@zx2c4.com2016-08-02T02:15:01Zurn:sha1:be267cbd66b2ee70d10b00aa006e5babb1ccae49Steal kernel.org's libravatar lua.2026-05-04T21:03:58ZJason A. DonenfeldJason@zx2c4.com2014-03-19T08:58:41Zurn:sha1:d73763edd7cf8f594072a00a8da42c35c9822395ZX2C4 specific patches.2026-05-04T21:03:58ZJason A. DonenfeldJason@zx2c4.com2012-07-10T17:26:44Zurn:sha1:e11e95a4792f7c18170ee6a449daaea72e936606Bump version2026-05-04T21:03:51ZJason A. DonenfeldJason@zx2c4.com2026-05-04T16:59:41Zurn:sha1:044821677c774cd24f25f1818ea51d09cc64b006
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
global: fix libc constness warnings2026-05-04T21:03:51ZJason A. DonenfeldJason@zx2c4.com2026-05-04T21:03:22Zurn:sha1:5a0f900569f421422bd7511a45c7346c7668e710
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
git: update to v2.54.02026-05-04T17:01:20ZChristian Hessemail@eworm.de2026-04-13T06:18:52Zurn:sha1:44ca1d1ec8eee7f4440fbfd613fc1072a14b441c
Update to git version v2.54.0, this requires changes for these
upstream commits:
* d9ecf268ef3f69130fa269012318470d908978f6
odb: embed base source in the "files" backend
* cb506a8a69c953f7b87bb3ae099e0bed8218d3ab
odb: introduce "files" source
... and probably more related.
Signed-off-by: Christian Hesse <mail@eworm.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
cgit: truncate all config values at the newline2026-05-04T16:28:27ZJason A. DonenfeldJason@zx2c4.com2026-05-04T16:13:13Zurn:sha1:ed05b1054df10a2fbc68000cfdd429daec03a456
These would be largely invalid anyway (save, I suppose, for Linux file
paths that technically can contain new lines).
The actual problem is that these get printed back out into cached -- and
trusted -- cgitrc files, and if the fields have newlines, the git-config
way of less trusted users configuring repos on a shared system can be
abused to inject newlines, which then can be used to smuggle global
options (including filters, which execute code) into the cached cgitrc.
So now, only ever duplicate up to the newline, when dealing with these
inputs.
Reported-by: Adrian Denkiewicz <adrian@doyensec.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
cgit: use strchrnul instead of open coding2026-05-04T16:28:27ZJason A. DonenfeldJason@zx2c4.com2026-05-04T16:02:57Zurn:sha1:e7e8cf1801b06a9f7f5092671b0413689a765fe7
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>