cgit/scan-tree.c, branch master

cgit: truncate all config values at the newline

2026-05-04T16:28:27Z

These would be largely invalid anyway (save, I suppose, for Linux file paths that technically can contain new lines). The actual problem is that these get printed back out into cached -- and trusted -- cgitrc files, and if the fields have newlines, the git-config way of less trusted users configuring repos on a shared system can be abused to inject newlines, which then can be used to smuggle global options (including filters, which execute code) into the cached cgitrc. So now, only ever duplicate up to the newline, when dealing with these inputs. Reported-by: Adrian Denkiewicz Signed-off-by: Jason A. Donenfeld

cgit: devirtualize repo_config

2026-05-04T16:28:27Z

There's no reason to pass around function pointers. It was never used for anything beyond one function. Signed-off-by: Jason A. Donenfeld

scan-tree: fix error caused by missing parameter name

2026-02-23T23:39:05Z

This fixes an error which was introduced by 2f50b47c72cbc4270bbd12ae7f520486d5f42736. Git 2.42.0 added a new argument to config_fn_t, and it was added to gitconfig_config(), but not named. This causes compile warnings/errors. This commit fixes that by naming the new parameter, and marking it unused. Signed-off-by: Christian Hesse

git: update to v2.42.0

2023-08-21T18:56:40Z

Update to git version v2.42.0, this requires changes for these upstream commits: * bc5c5ec0446895f5c4139cd470066beb3c4ac6d5 cache.h: remove this no-longer-used header * aba070683295a20bdf4f49146384984961c794b2 path: move related function to path * a4e7e317f8f27f861321e6eb08b9c8c0f3ab570c config: add ctx arg to config_fn_t Signed-off-by: Christian Hesse

git: update to v2.14

2017-08-10T13:58:24Z

Numerous changes were made to git functions to use an object_id structure rather than sending sha1 hashes as raw unsigned character arrays. The functions that affect cgit are: parse_object, lookup_commit_reference, lookup_tag, lookup_tree, parse_tree_indirect, diff_root_tree_sha1, diff_tree_sha1, and format_display_notes. Commit b2141fc (config: don't include config.h by default) made it necessary to that config.h be explicitly included when needed. Commit 07a3d41 (grep: remove regflags from the public grep_opt API) removed one way of specifying the ignore-case grep option. Signed-off-by: Jeff Smith

Use skip_prefix() to get rid of magic constants

2016-10-12T12:13:10Z

Signed-off-by: Lukas Fleischer

git: update to v2.8.2

2016-05-12T15:23:29Z

Update to git version v2.8.2. * Upstream commit 1a0c8dfd89475d6bb09ddee8c019cf0ae5b3bdc2 (strbuf: give strbuf_getline() to the "most text friendly" variant) changed API. Signed-off-by: Christian Hesse

ui-shared: add homepage to tabs

2016-02-22T17:40:13Z

Signed-off-by: Jason A. Donenfeld

scan-tree: remove useless strdup()

2015-10-09T08:54:30Z

parse_configfile() takes a "const char *" and doesn't hold any references to it after it returns; there is no reason to pass it a duplicate. Coverity-id: 13941 Signed-off-by: John Keeping

scan-tree: make some variables 'static'

2015-03-09T16:39:01Z

These are not used outside this file and are not declared. Signed-off-by: John Keeping