cgit/cgit.c, branch v1.1 A hyperfast web frontend for git repositories written in C. http://git.cetero.st/cgit/atom/cgit.c?h=v1.1 2016-10-12T12:13:10Z Use skip_prefix() to get rid of magic constants 2016-10-12T12:13:10Z Lukas Fleischer lfleischer@lfos.de 2016-10-08T13:45:12Z urn:sha1:32c27e887732298da1724c0740004925fcadae39 Signed-off-by: Lukas Fleischer <lfleischer@lfos.de> cgit: replace 'unsigned char sha1[20]' with 'struct object_id oid' 2016-10-04T07:47:18Z Christian Hesse mail@eworm.de 2016-09-29T19:16:14Z urn:sha1:aee990b6a4512e52b1279a0633d112afe2440122 Upstream git is replacing 'unsigned char sha1[20]' with 'struct object_id oid'. We have some code that can be changed independent from upstream. So here we go... git: update to v2.10.0 2016-09-04T10:38:18Z Christian Hesse mail@eworm.de 2016-09-04T10:38:18Z urn:sha1:11695a58fd732689be486edf88d145578a787c89 Upstream continues to replace unsigned char *sha1 with struct object_id old_oid. This makes the required changes. The git lib has its own main function now. Rename our main function to cmd_main, it is called from main then. Fix qry.head leak on error 2016-07-11T23:06:04Z Richard Maw richard.maw@gmail.com 2016-07-02T19:28:10Z urn:sha1:ff9893ac8192579a00dd4c73ddff18ab232099a6 This is run soon before exiting so it wasn't leaked for long. Signed-off-by: Richard Maw <richard.maw@gmail.com> Hosted on HTTPS now 2016-06-07T12:49:35Z Jason A. Donenfeld Jason@zx2c4.com 2016-02-24T17:01:42Z urn:sha1:d88ec849c4f7af41a8a41af1a4f79a2b4d41717a ui-shared: add homepage to tabs 2016-02-22T17:40:13Z Jason A. Donenfeld Jason@zx2c4.com 2016-02-22T15:04:15Z urn:sha1:5f2664f13c90f083b827d8fafa6cfc01c0c4f513 Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> ui-plain: add enable-html-serving flag 2016-01-14T14:42:56Z Jason A. Donenfeld Jason@zx2c4.com 2016-01-14T13:53:28Z urn:sha1:c326f3eb026d67650f79a6dda9a1a42c55d10a25 Unrestricts plain/ to contents likely to be executed by browser. ui-blob: Do not accept mimetype from user 2016-01-14T13:31:13Z Jason A. Donenfeld Jason@zx2c4.com 2016-01-14T13:31:13Z urn:sha1:1c581a072651524f3b0d91f33e22a42c4166dd96 filter: avoid integer overflow in authenticate_post 2015-11-24T10:31:43Z Jason A. Donenfeld Jason@zx2c4.com 2015-11-24T10:28:00Z urn:sha1:4458abf64172a62b92810c2293450106e6dfc763 ctx.env.content_length is an unsigned int, coming from the CONTENT_LENGTH environment variable, which is parsed by strtoul. The HTTP/1.1 spec says that "any Content-Length greater than or equal to zero is a valid value." By storing this into an int, we potentially overflow it, resulting in the following bounding check failing, leading to a buffer overflow. Reported-by: Erik Cabetas <Erik@cabetas.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> cgit.c: remove useless null check 2015-10-09T08:54:19Z John Keeping john@keeping.me.uk 2015-10-08T22:23:56Z urn:sha1:94182d6031df0d956a94ecd7ece233e345468961 Everywhere else in this function we do not check whether the value is null and parse_configfile() never passes a null value to this callback. Coverity-id: 13846 Signed-off-by: John Keeping <john@keeping.me.uk>