LogoopenSUSE Build Service > Projects > devel:tools:scm > cgit > Revisions
Sign Up | Log In

Revision Log of cgit (28)

Jan Engelhardt Jan Engelhardt (jengelh) accepted request 401784 3 months ago (revision 28)
cgit 1.0
Martin Pluskal Martin Pluskal (pluskalm) accepted request 373839 6 months ago (revision 27)
- Fix remote code execution via buffer overflow (CVE-2016-2315,
  CVE-2016-2324, bsc#971328):
  0012-http-push-stop-using-name_path.patch
  0013-show_object_with_name-simplify-by-using-path_name.patch
  0014-list-objects-convert-name_path-to-a-strbuf.patch
  0015-list-objects-drop-name_path-entirely.patch
  0016-list-objects-pass-full-pathname-to-callbacks.patch
Jan Engelhardt Jan Engelhardt (jengelh) committed 8 months ago (revision 26)
update ids
Jan Engelhardt Jan Engelhardt (jengelh) committed 8 months ago (revision 25)
cgit-0.12
Jan Engelhardt Jan Engelhardt (jengelh) committed 12 months ago (revision 24)
- Update bundled git tarball to 2.6.1 [bnc#948969]
Jan Engelhardt Jan Engelhardt (jengelh) committed about 1 year ago (revision 23)
- Update bundled git tarball to 2.5.3
Jan Engelhardt Jan Engelhardt (jengelh) accepted request 311596 over 1 year ago (revision 22)
- Update bundled git tarball to 2.4.3
Andreas Stieger Andreas Stieger (AndreasStieger) accepted request 305288 over 1 year ago (revision 21)
- Update to new upstream release 0.11.2
* addition of a Lua scripting engine
* fine-grained authentication support through the new Lua
  scripting system
* support for the "rawdiff" command was added
* sendfile() is now used when available (Linux systems) instead
  of a loop of read() and write(). This should significantly
  increase performance for high volume sites which make heavy use
  of the caching feature, as it saves copies to and from
  user-space.
* Caching granularity is now improved with the introduction of
  the cache-snapshot-ttl option, which allows configuration of
  the ttl for tarball and zip snapshots of repositories.
* When filtering in the index, make the sorting links point to
  the same filtered page of results
* Take into account leading slashes when comptuing links
Takashi Iwai Takashi Iwai (tiwai) accepted request 262832 almost 2 years ago (revision 20)
Fix css and logo path in cgitrc file (replace /git by /cgit)
Takashi Iwai Takashi Iwai (tiwai) accepted request 254455 almost 2 years ago (revision 19)
- Enable parallel build
Takashi Iwai Takashi Iwai (tiwai) accepted request 182502 about 3 years ago (revision 18)
- Fix VUL-0: cgit: remote file disclosure flaw (CVE-2013-2117,
  bnc#822166)
Takashi Iwai Takashi Iwai (tiwai) committed almost 4 years ago (revision 17)
fix changelog
Takashi Iwai Takashi Iwai (tiwai) accepted request 142123 almost 4 years ago (revision 16)
Hi,

on OpenSUSE < 12.2, xz is needed in BuildRequire.
Takashi Iwai Takashi Iwai (tiwai) accepted request 142049 almost 4 years ago (revision 15)
- updated to cgit-0.9.1:
  Enhancements:
  - path-selected submodule links
  - intelligent default branch guessing
  - /etc/mime.types lookup
  - gitweb.* and cgit.* git-config support
  - case insensitive sorting and age sorting
  - commit, repository, and section sorting
  - bold currently viewed page in pagination
  - support BSDs in makefile
  Security:
  - CVE-2012-4465: heap-buffer overflow in parsing.c
  - CVE-2012-4548: syntax highlighting command injection
  Bug Fixes:
  - transition maintainer to Jason Donenfeld (zx2c4)
  - download git snapshot from github instead of Lars' old server
  - css fixes
  - stablization of tests
  - more compatible default highlight script
  - suppress gzip timestamp so that tarballs only use tar timestamps
  - treat ctags as target in makefile
  - do not let global variables override certain local repo settings
  - print ampersand as proper html entity
  - use placeholder for empty commit subject
  - format diff view for addition and removal of files
  - point links at correct blob from ssdiff
Takashi Iwai Takashi Iwai (tiwai) accepted request 139647 almost 4 years ago (revision 14)
- cgit-CVE-2012-4548-fix.diff:
  Fix VUL-0: cgit: arbitrary code / command execution via
  improperly quoted arguments (CVE-2012-4548, bnc#787074)
Takashi Iwai Takashi Iwai (tiwai) accepted request 137759 almost 4 years ago (revision 13)
- Fix VUL-0: specially-crafted commits can trigger a heap-based
  buffer overflow (CVE-2012-4465, bnc#783012)
Sascha Peilicke Sascha Peilicke (saschpe) accepted request 104308 over 4 years ago (revision 12)
patch license to follow spdx.org standard
Sascha Peilicke Sascha Peilicke (saschpe) accepted request 94123 almost 5 years ago (revision 11)
Add cgit-fix-more-read_tree_recursive.diff, this time with 'Changed'-entry.
Sascha Peilicke Sascha Peilicke (saschpe) committed almost 5 years ago (revision 10)
Add changes entry for recent patch addition.
Sascha Peilicke Sascha Peilicke (saschpe) accepted request 91993 almost 5 years ago (revision 9)
The cgit build fix with respect to git-1.7.6 is incomplete: in the file ui-tree.c ls_tree() has been patched to use pathspec when invoking read_tree_recursive(), but cgit_print_tree() has not been touched.

The resulting problem can be seen when browsing the tree of a cgit repository: when you "drill down" into subfolders, parts of the parent folder's contents will appear in the listing.

This patch adjusts cgit_print_tree() accordingly, which fixes the problem.

Show all