File cgit.changes of Package cgit
-------------------------------------------------------------------
Tue Mar 17 08:30:09 UTC 2020 - Paolo Stivanin <info@paolostivanin.com>
- Update to new upstream release 1.2.3
* Offer lzip and zstd as compression methods through the webui.
* ui-tree: allow per repository override for enable-blame.
- Bump git to latest upstream release 2.25.1
-------------------------------------------------------------------
Mon May 20 13:15:12 UTC 2019 - Christophe Giboudeaux <christophe@krop.fr>
- Add the missing zlib requirement.
-------------------------------------------------------------------
Thu Dec 6 09:21:03 UTC 2018 - Jan Engelhardt <jengelh@inai.de>
- Create a /var/cache/cgit [boo#1116567]
- Update bundled git to 2.18.1
- Remove cgit-optflags.diff
-------------------------------------------------------------------
Sun Aug 5 16:24:56 UTC 2018 - jengelh@inai.de
- Update to new upstream release 1.2.1
* fixes CVE-2018-14912 directory traversal vulnerability
[boo#1103799]
* syntax-highlighting: replace invalid unicode with '?'
* ui-repolist: properly sort by age
* ui-patch: fix crash when using path limit
- Remove cgit-built-with-git-v2.11.0.patch (merged upstream)
-------------------------------------------------------------------
Sat Feb 11 17:56:42 UTC 2017 - jengelh@inai.de
- Update bundled git to 2.11.1
-------------------------------------------------------------------
Thu Jan 19 15:20:32 UTC 2017 - vsvecova@suse.com
- Version bump to v1.1:
* For more information see complete changelog at
https://git.zx2c4.com/cgit/log/
- Add cgit-built-with-git-v2.11.0.patch
-------------------------------------------------------------------
Thu Jan 5 16:20:44 UTC 2017 - vcizek@suse.com
- remove redundant gnu-crypto BuildRequires
-------------------------------------------------------------------
Mon Jun 13 22:29:05 UTC 2016 - astieger@suse.com
- cgit 1.0:
* Add repo.homepage/gitweb.homepage setting and homepage tab.
* Considerable internal cleanups.
* Show reverse paths in title bar so that browser tab shows
filename.
* Add syntax highlighting to md2html.
* Allow redirects even when caching is turned on.
* Fix empty PATH_INFO on redirect.
* Better HTML5 compliance.
* Simplified decorations.
* Show repo's root directory in plain view.
* Date printing and timezone normalization.
* Unicode issues in syntax highlighting.
* Account for caches with empty key.
* Use size_t for all lengths.
* More gracefully deal with unparsable commits.
- with git 2.8.3
- the following patches are now included upstream git 2.8.3:
0012-http-push-stop-using-name_path.patch
0013-show_object_with_name-simplify-by-using-path_name.patch
0014-list-objects-convert-name_path-to-a-strbuf.patch
0015-list-objects-drop-name_path-entirely.patch
0016-list-objects-pass-full-pathname-to-callbacks.patch
-------------------------------------------------------------------
Wed Mar 16 16:12:46 CET 2016 - tiwai@suse.de
- Fix remote code execution via buffer overflow (CVE-2016-2315,
CVE-2016-2324, bsc#971328):
0012-http-push-stop-using-name_path.patch
0013-show_object_with_name-simplify-by-using-path_name.patch
0014-list-objects-convert-name_path-to-a-strbuf.patch
0015-list-objects-drop-name_path-entirely.patch
0016-list-objects-pass-full-pathname-to-callbacks.patch
-------------------------------------------------------------------
Thu Jan 14 15:25:28 UTC 2016 - jengelh@inai.de
- Update to new upstream release 0.12
* Show remote refs in branch switcher combobox.
* Add sample post-receive hook in /contrib.
* Add HTML escaping to filters.
* Add "enable-follow-links" option to have the log UI
behave the same way as "git log --follow", as well
as updating the diffand commit UIs.
* Errors are now cached under the dynamic-ttl setting.
* Simplified filters and converters.
* Add "enable-html-serving" to turn on serving of HTML mimetypes
from the /plain handler, to prevent against stored XSS.
* /blob no longer takes a mimetype query string parameter.
- Resolve: Reflected Cross Site Scripting & Header Injection in
Mimetype Query String; Stored Cross Site Scripting & Header
Injection in Filename Parameter; Stored Cross Site Scripting in
Git Repo Files; Integer Overflow resulting in Buffer Overflow
[boo#961916 CVE-2016-1899 CVE-2016-1900 CVE-2016-1901]
- Update bundled git tarball to 2.7.0 (build-time requirement)
-------------------------------------------------------------------
Tue Oct 6 09:59:22 UTC 2015 - jengelh@inai.de
- Update bundled git tarball to 2.6.1 [bnc#948969]
-------------------------------------------------------------------
Thu Sep 24 14:47:29 UTC 2015 - jengelh@inai.de
- Update bundled git tarball to 2.5.3
-------------------------------------------------------------------
Tue Jun 9 16:30:13 UTC 2015 - jengelh@inai.de
- Update bundled git tarball to 2.4.3
-------------------------------------------------------------------
Mon May 4 08:56:39 UTC 2015 - jengelh@inai.de
- Update to new upstream release 0.11.2
* addition of a Lua scripting engine
* fine-grained authentication support through the new Lua
scripting system
* support for the "rawdiff" command was added
* sendfile() is now used when available (Linux systems) instead
of a loop of read() and write(). This should significantly
increase performance for high volume sites which make heavy use
of the caching feature, as it saves copies to and from
user-space.
* Caching granularity is now improved with the introduction of
the cache-snapshot-ttl option, which allows configuration of
the ttl for tarball and zip snapshots of repositories.
* When filtering in the index, make the sorting links point to
the same filtered page of results
* Take into account leading slashes when comptuing links
- Avoid double %setup (messes with quilt). Simplify filelist.
%doc for man is implicit.
- Drop cgit-git-1.7.6_build_fix.patch,
cgit-fix-print-tree.diff,
cgit-fix-more-read_tree_recursive-invocations.diff,
cgit-CVE-2013-2117-disallow-directory-traversal.patch
- Add signature for the git core tarball.
-------------------------------------------------------------------
Mon Nov 24 13:10:34 UTC 2014 - guillaume@opensuse.org
- Fix css and logo path in cgitrc file (replace /git by /cgit)
-------------------------------------------------------------------
Mon Oct 6 21:16:48 UTC 2014 - jengelh@inai.de
- Remove ancient specfile tags/sections
- Enable parallel build
-------------------------------------------------------------------
Fri Jul 5 17:05:04 CEST 2013 - tiwai@suse.de
- Fix VUL-0: cgit: remote file disclosure flaw (CVE-2013-2117,
bnc#822166)
-------------------------------------------------------------------
Tue Nov 20 13:51:05 UTC 2012 - vjt@openssl.it
- BuildRequire xz
-------------------------------------------------------------------
Tue Nov 20 12:04:15 CET 2012 - tiwai@suse.de
- updated to cgit-0.9.1:
Enhancements:
- path-selected submodule links
- intelligent default branch guessing
- /etc/mime.types lookup
- gitweb.* and cgit.* git-config support
- case insensitive sorting and age sorting
- commit, repository, and section sorting
- bold currently viewed page in pagination
- support BSDs in makefile
Security:
- CVE-2012-4465: heap-buffer overflow in parsing.c
- CVE-2012-4548: syntax highlighting command injection
Bug Fixes:
- transition maintainer to Jason Donenfeld (zx2c4)
- download git snapshot from github instead of Lars' old server
- css fixes
- stablization of tests
- more compatible default highlight script
- suppress gzip timestamp so that tarballs only use tar timestamps
- treat ctags as target in makefile
- do not let global variables override certain local repo settings
- print ampersand as proper html entity
- use placeholder for empty commit subject
- format diff view for addition and removal of files
- point links at correct blob from ssdiff
- drop obsoleted patches
cgit-CVE-2011-2711-fix.diff
cgit-CVE-2012-4465-fix.diff
cgit-CVE-2012-4548-fix.diff
-------------------------------------------------------------------
Mon Oct 29 11:45:50 CET 2012 - tiwai@suse.de
- cgit-CVE-2012-4548-fix.diff:
Fix VUL-0: cgit: arbitrary code / command execution via
improperly quoted arguments (CVE-2012-4548, bnc#787074)
-------------------------------------------------------------------
Wed Oct 10 15:22:03 CEST 2012 - tiwai@suse.de
- Fix VUL-0: specially-crafted commits can trigger a heap-based
buffer overflow (CVE-2012-4465, bnc#783012)
-------------------------------------------------------------------
Mon Feb 13 10:44:54 UTC 2012 - coolo@suse.com
- patch license to follow spdx.org standard
-------------------------------------------------------------------
Mon Nov 28 14:04:00 CET 2011 - zooey@hirschkaefer.de
- Add patch cgit-fix-more-read_tree_recursive-invocations.diff:
There are more incorrect invocations of read_tree_recursive(),
one example can be seen when visiting one of the 'plain' links
in the tree view (contents of the wrong file are shown).
This time I did what I should have done last time and checked
and adjusted all invocations of read_tree_recursive().
-------------------------------------------------------------------
Tue Nov 22 09:24:35 UTC 2011 - saschpe@suse.de
- Add patch cgit-fix-print-tree.diff:
The cgit build fix with respect to git-1.7.6 is incomplete: in
the file ui-tree.c ls_tree() has been patched to use pathspec
when invoking read_tree_recursive(), but cgit_print_tree() has
no t been touched.
The resulting problem can be seen when browsing the tree of a cgit
repository: when you "drill down" into subfolders, parts of the
parent folder's contents will appear in the listing.
This patch adjusts cgit_print_tree() accordingly, which fixes the problem.
-------------------------------------------------------------------
Fri Oct 14 10:13:03 CEST 2011 - tiwai@suse.de
- split from OBS git repo to an individual repo (since cgit-0.9
doesn't build with git-1.7.7)
- merged fixes in git repo back to cgit repo
- updated to git 1.7.6.4
-------------------------------------------------------------------
Wed Aug 3 21:35:48 UTC 2011 - asn@cryptomilk.org
- updated to cgit 0.9.0.2
- fixed potential XSS vulnerability in rename hint
- fixed a segfault with git 1.7.6
-------------------------------------------------------------------
Mon Jun 27 18:22:11 CEST 2011 - tiwai@suse.de
- updated to git 1.7.6: see git changelog for more details
-------------------------------------------------------------------
Mon Jun 6 16:03:34 CEST 2011 - tiwai@suse.de
- updated to git 1.7.5.4: see git changelog for more details
-------------------------------------------------------------------
Mon Jun 6 12:24:02 CEST 2011 - tiwai@suse.de
- Fix incompatibilies with git 1.7.5.x to build cgit again
-------------------------------------------------------------------
Wed Jun 1 12:41:12 UTC 2011 - mmarek@novell.com
- Do not buildrequire git, the package builds it's own git and the
buildrequires line only makes backporting harder.
-------------------------------------------------------------------
Fri May 27 11:54:43 CEST 2011 - tiwai@suse.de
- updated git 1.7.5.3:
See git changelog for more details
-------------------------------------------------------------------
Mon Mar 28 18:26:17 CEST 2011 - tiwai@suse.de
- updated to git 1.7.4.2:
documentation updates, small bug fixes;
see included Documentation/RelNotes/1.7.4.2.txt
- updated to cgit 0.9:
major updates; using git-1.7.4.x
-------------------------------------------------------------------
Fri Dec 17 17:51:32 CET 2010 - tiwai@suse.de
- updated to git 1.7.3.3:
In addition to the usual fixes, this release also includes
support for the new "add.ignoreErrors" name given to the
existing "add.ignore-errors" configuration variable.
- updated to git 1.7.3.4:
Among many fixes since v1.7.3.3, it contains a fix to a recently
discovered XSS vulnerability in Gitweb (CVE 2010-3906)
-------------------------------------------------------------------
Thu Sep 30 08:21:27 CEST 2010 - tiwai@suse.de
- updated to git 1.7.3:
major version update; new options and behavior for git-rebase,
git-clean, git-checkout, git-gui.
See release note:
http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.7.3.txt
- updated to git 1.7.3.1:
fix git-stash breakages
- Set NO_CROSS_DIRECTORY_HARDLINKS=1 to satisfy BS
-------------------------------------------------------------------
Fri Aug 20 17:41:32 CEST 2010 - anschneider@exsuse.de
- fixed more segfaults in cgit.
-------------------------------------------------------------------
Fri Aug 20 16:29:03 CEST 2010 - anschneider@exsuse.de
- fix cgit segfault when using git > 1.7
- update to version 0.8.3.3
- get debuginfo working, don't strip binaries.
-------------------------------------------------------------------
Fri Aug 20 10:02:44 CEST 2010 - tiwai@suse.de
- updated to git 1.7.2.2
-------------------------------------------------------------------
Thu Jul 29 13:52:36 CEST 2010 - tiwai@suse.de
- fix missing link with libpthread
-------------------------------------------------------------------
Thu Jul 29 13:43:28 CEST 2010 - tiwai@suse.de
- updated to git 1.7.2.1: minor fixes for git-instaweb, git-web,
git-config. See release note:
http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.7.2.1.txt
-------------------------------------------------------------------
Thu Jul 22 12:19:02 CEST 2010 - tiwai@suse.de
- updated to git 1.7.2: mostly bug fixes and small enhancements;
see the release note:
http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.7.2.txt
- gitweb stuff is moved to /usr/share/gitweb
-------------------------------------------------------------------
Sun Apr 25 18:29:34 UTC 2010 - poletti.marco@gmail.com
- Build against version 1.7.0.3 of git instead of 1.6.4.3.
-------------------------------------------------------------------
Fri Feb 5 16:37:58 UTC 2010 - poletti.marco@gmail.com
- Initial release, version 0.8.3.1
