Use GIT-1.7.3

This fixes http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2542. Noticed-by: Silvio Cesare <silvio.cesare@gmail.com> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
author: Lars Hjemli <hjemli@gmail.com> 2010-09-27 05:58:01 (UTC)
committer: Lars Hjemli <hjemli@gmail.com> 2010-09-27 05:58:13 (UTC)
commit: 82a883ede7e47616aba041a5eb36e08666ef9177 (patch) (unidiff)
tree: 14acc2bad5ca5375aa08cb946788b6923d72df7c
parent: aaa3f7854232726d5530f66b9459e036bbba15cb (diff)
download: cgit-82a883ede7e47616aba041a5eb36e08666ef9177.zip
cgit-82a883ede7e47616aba041a5eb36e08666ef9177.tar.gz
cgit-82a883ede7e47616aba041a5eb36e08666ef9177.tar.bz2
5 files changed, 8 insertions, 8 deletions
diff --git a/Makefile b/Makefile
index 5162020..0349639 100644
--- a/Makefile
+++ b/Makefile
@@ -1,20 +1,20 @@
 CGIT_VERSION = v0.8.3.3
 CGIT_SCRIPT_NAME = cgit.cgi
 CGIT_SCRIPT_PATH = /var/www/htdocs/cgit
 CGIT_DATA_PATH = $(CGIT_SCRIPT_PATH)
 CGIT_CONFIG = /etc/cgitrc
 CACHE_ROOT = /var/cache/cgit
 SHA1_HEADER = <openssl/sha.h>
-GIT_VER = 1.6.4.3
+GIT_VER = 1.7.3
 GIT_URL = http://www.kernel.org/pub/software/scm/git/git-$(GIT_VER).tar.bz2
 INSTALL = install
 # Define NO_STRCASESTR if you don't have strcasestr.
 #
 # Define NEEDS_LIBICONV if linking with libc is not enough (eg. Darwin).
 #
 #-include config.mak
 #
 # Platform specific tweaks
@@ -59,25 +59,25 @@ endif
 # Define a pattern rule for automatic dependency building
 #
 %.d: %.c
        $(QUIET_MM)$(CC) $(CFLAGS) -MM $< | sed -e 's/\($*\)\.o:/\1.o $@:/g' >$@
 #
 # Define a pattern rule for silent object building
 #
 %.o: %.c
        $(QUIET_CC)$(CC) -o $*.o -c $(CFLAGS) $<
-EXTLIBS = git/libgit.a git/xdiff/lib.a -lz -lcrypto
+EXTLIBS = git/libgit.a git/xdiff/lib.a -lz -lcrypto -lpthread
 OBJECTS =
 OBJECTS += cache.o
 OBJECTS += cgit.o
 OBJECTS += cmd.o
 OBJECTS += configfile.o
 OBJECTS += html.o
 OBJECTS += parsing.o
 OBJECTS += scan-tree.o
 OBJECTS += shared.o
 OBJECTS += ui-atom.o
 OBJECTS += ui-blob.o
 OBJECTS += ui-clone.o
diff --git a/cgit.c b/cgit.c
index 6c7e811..ad62d10 100644
--- a/cgit.c
+++ b/cgit.c
@@ -12,25 +12,25 @@
 #include "configfile.h"
 #include "html.h"
 #include "ui-shared.h"
 #include "ui-stats.h"
 #include "scan-tree.h"
 const char *cgit_version = CGIT_VERSION;
 void add_mimetype(const char *name, const char *value)
 {
        struct string_list_item *item;
-        item = string_list_insert(xstrdup(name), &ctx.cfg.mimetypes);
+        item = string_list_insert(&ctx.cfg.mimetypes, xstrdup(name));
        item->util = xstrdup(value);
 }
 struct cgit_filter *new_filter(const char *cmd, int extra_args)
 {
        struct cgit_filter *f;
        if (!cmd || !cmd[0])
                return NULL;
        f = xmalloc(sizeof(struct cgit_filter));
        f->cmd = xstrdup(cmd);
diff --git a/git b/git
-Subproject 7fb6bcff2dece2ff9fbc5ebfe526d9b2a7e764c
+Subproject 87b50542a08ac6caa083ddc376e674424e37940
diff --git a/ui-plain.c b/ui-plain.c
index 66cb19c..5569a7c 100644
--- a/ui-plain.c
+++ b/ui-plain.c
@@ -26,25 +26,25 @@ static void print_object(const unsigned char *sha1, const char *path)
                html_status(404, "Not found", 0);
                return;
        }
        buf = read_sha1_file(sha1, &type, &size);
        if (!buf) {
                html_status(404, "Not found", 0);
                return;
        }
        ctx.page.mimetype = NULL;
        ext = strrchr(path, '.');
        if (ext && *(++ext)) {
-                mime = string_list_lookup(ext, &ctx.cfg.mimetypes);
+                mime = string_list_lookup(&ctx.cfg.mimetypes, ext);
                if (mime)
                        ctx.page.mimetype = (char *)mime->util;
        }
        if (!ctx.page.mimetype) {
                if (buffer_is_binary(buf, size))
                        ctx.page.mimetype = "application/octet-stream";
                else
                        ctx.page.mimetype = "text/plain";
        }
        ctx.page.filename = fmt("%s", path);
        ctx.page.size = size;
        ctx.page.etag = sha1_to_hex(sha1);
diff --git a/ui-stats.c b/ui-stats.c
index bdaf9cc..50c2540 100644
--- a/ui-stats.c
+++ b/ui-stats.c
@@ -166,36 +166,36 @@ static void add_commit(struct string_list *authors, struct commit *commit,
        struct cgit_period *period)
 {
        struct commitinfo *info;
        struct string_list_item *author, *item;
        struct authorstat *authorstat;
        struct string_list *items;
        char *tmp;
        struct tm *date;
        time_t t;
        info = cgit_parse_commit(commit);
        tmp = xstrdup(info->author);
-        author = string_list_insert(tmp, authors);
+        author = string_list_insert(authors, tmp);
        if (!author->util)
                author->util = xcalloc(1, sizeof(struct authorstat));
        else
                free(tmp);
        authorstat = author->util;
        items = &authorstat->list;
        t = info->committer_date;
        date = gmtime(&t);
        period->trunc(date);
        tmp = xstrdup(period->pretty(date));
-        item = string_list_insert(tmp, items);
+        item = string_list_insert(items, tmp);
        if (item->util)
                free(tmp);
        item->util++;
        authorstat->total++;
        cgit_free_commitinfo(info);
 }
 static int cmp_total_commits(const void *a1, const void *a2)
 {
        const struct string_list_item *i1 = a1;
        const struct string_list_item *i2 = a2;
        const struct authorstat *auth1 = i1->util;
@@ -270,25 +270,25 @@ void print_combined_authorrow(struct string_list *authors, int from, int to,
        total = 0;
        htmlf("<tr><td class='%s'>%s</td>", leftclass,
                fmt(name, to - from + 1));
        for (j = 0; j < period->count; j++) {
                tmp = period->pretty(tm);
                period->inc(tm);
                subtotal = 0;
                for (i = from; i <= to; i++) {
                        author = &authors->items[i];
                        authorstat = author->util;
                        items = &authorstat->list;
-                        date = string_list_lookup(tmp, items);
+                        date = string_list_lookup(items, tmp);
                        if (date)
                                subtotal += (size_t)date->util;
                }
                htmlf("<td class='%s'>%d</td>", centerclass, subtotal);
                total += subtotal;
        }
        htmlf("<td class='%s'>%d</td></tr>", rightclass, total);
 }
 void print_authors(struct string_list *authors, int top,
                   struct cgit_period *period)
 {
@@ -322,25 +322,25 @@ void print_authors(struct string_list *authors, int top,
                author = &authors->items[i];
                html("<tr><td class='left'>");
                html_txt(author->string);
                html("</td>");
                authorstat = author->util;
                items = &authorstat->list;
                total = 0;
                for (j = 0; j < period->count; j++)
                        period->dec(tm);
                for (j = 0; j < period->count; j++) {
                        tmp = period->pretty(tm);
                        period->inc(tm);
-                        date = string_list_lookup(tmp, items);
+                        date = string_list_lookup(items, tmp);
                        if (!date)
                                html("<td>0</td>");
                        else {
                                htmlf("<td>%d</td>", date->util);
                                total += (size_t)date->util;
                        }
                }
                htmlf("<td class='sum'>%d</td></tr>", total);
        }
        if (top < authors->nr)
                print_combined_authorrow(authors, top, authors->nr - 1,
author	Lars Hjemli <hjemli@gmail.com>	2010-09-27 05:58:01 (UTC)
committer	Lars Hjemli <hjemli@gmail.com>	2010-09-27 05:58:13 (UTC)
commit	82a883ede7e47616aba041a5eb36e08666ef9177 (patch) (unidiff)
tree	14acc2bad5ca5375aa08cb946788b6923d72df7c
parent	aaa3f7854232726d5530f66b9459e036bbba15cb (diff)
download	cgit-82a883ede7e47616aba041a5eb36e08666ef9177.zip cgit-82a883ede7e47616aba041a5eb36e08666ef9177.tar.gz cgit-82a883ede7e47616aba041a5eb36e08666ef9177.tar.bz2

diff --git a/Makefile b/Makefile index 5162020..0349639 100644 --- a/Makefile +++ b/Makefile
@@ -1,20 +1,20 @@
1	CGIT_VERSION = v0.8.3.3	1	CGIT_VERSION = v0.8.3.3
2	CGIT_SCRIPT_NAME = cgit.cgi	2	CGIT_SCRIPT_NAME = cgit.cgi
3	CGIT_SCRIPT_PATH = /var/www/htdocs/cgit	3	CGIT_SCRIPT_PATH = /var/www/htdocs/cgit
4	CGIT_DATA_PATH = $(CGIT_SCRIPT_PATH)	4	CGIT_DATA_PATH = $(CGIT_SCRIPT_PATH)
5	CGIT_CONFIG = /etc/cgitrc	5	CGIT_CONFIG = /etc/cgitrc
6	CACHE_ROOT = /var/cache/cgit	6	CACHE_ROOT = /var/cache/cgit
7	SHA1_HEADER = <openssl/sha.h>	7	SHA1_HEADER = <openssl/sha.h>
8	GIT_VER = 1.6.4.3	8	GIT_VER = 1.7.3
9	GIT_URL = http://www.kernel.org/pub/software/scm/git/git-$(GIT_VER).tar.bz2	9	GIT_URL = http://www.kernel.org/pub/software/scm/git/git-$(GIT_VER).tar.bz2
10	INSTALL = install	10	INSTALL = install
11		11
12	# Define NO_STRCASESTR if you don't have strcasestr.	12	# Define NO_STRCASESTR if you don't have strcasestr.
13	#	13	#
14	# Define NEEDS_LIBICONV if linking with libc is not enough (eg. Darwin).	14	# Define NEEDS_LIBICONV if linking with libc is not enough (eg. Darwin).
15	#	15	#
16		16
17	#-include config.mak	17	#-include config.mak
18		18
19	#	19	#
20	# Platform specific tweaks	20	# Platform specific tweaks
@@ -59,25 +59,25 @@ endif
59	# Define a pattern rule for automatic dependency building	59	# Define a pattern rule for automatic dependency building
60	#	60	#
61	%.d: %.c	61	%.d: %.c
62	$(QUIET_MM)$(CC) $(CFLAGS) -MM $< \| sed -e 's/\($*\)\.o:/\1.o $@:/g' >$@	62	$(QUIET_MM)$(CC) $(CFLAGS) -MM $< \| sed -e 's/\($*\)\.o:/\1.o $@:/g' >$@
63		63
64	#	64	#
65	# Define a pattern rule for silent object building	65	# Define a pattern rule for silent object building
66	#	66	#
67	%.o: %.c	67	%.o: %.c
68	$(QUIET_CC)$(CC) -o $*.o -c $(CFLAGS) $<	68	$(QUIET_CC)$(CC) -o $*.o -c $(CFLAGS) $<
69		69
70		70
71	EXTLIBS = git/libgit.a git/xdiff/lib.a -lz -lcrypto	71	EXTLIBS = git/libgit.a git/xdiff/lib.a -lz -lcrypto -lpthread
72	OBJECTS =	72	OBJECTS =
73	OBJECTS += cache.o	73	OBJECTS += cache.o
74	OBJECTS += cgit.o	74	OBJECTS += cgit.o
75	OBJECTS += cmd.o	75	OBJECTS += cmd.o
76	OBJECTS += configfile.o	76	OBJECTS += configfile.o
77	OBJECTS += html.o	77	OBJECTS += html.o
78	OBJECTS += parsing.o	78	OBJECTS += parsing.o
79	OBJECTS += scan-tree.o	79	OBJECTS += scan-tree.o
80	OBJECTS += shared.o	80	OBJECTS += shared.o
81	OBJECTS += ui-atom.o	81	OBJECTS += ui-atom.o
82	OBJECTS += ui-blob.o	82	OBJECTS += ui-blob.o
83	OBJECTS += ui-clone.o	83	OBJECTS += ui-clone.o


diff --git a/cgit.c b/cgit.c index 6c7e811..ad62d10 100644 --- a/cgit.c +++ b/cgit.c
@@ -12,25 +12,25 @@
12	#include "configfile.h"	12	#include "configfile.h"
13	#include "html.h"	13	#include "html.h"
14	#include "ui-shared.h"	14	#include "ui-shared.h"
15	#include "ui-stats.h"	15	#include "ui-stats.h"
16	#include "scan-tree.h"	16	#include "scan-tree.h"
17		17
18	const char *cgit_version = CGIT_VERSION;	18	const char *cgit_version = CGIT_VERSION;
19		19
20	void add_mimetype(const char name, const char value)	20	void add_mimetype(const char name, const char value)
21	{	21	{
22	struct string_list_item *item;	22	struct string_list_item *item;
23		23
24	item = string_list_insert(xstrdup(name), &ctx.cfg.mimetypes);	24	item = string_list_insert(&ctx.cfg.mimetypes, xstrdup(name));
25	item->util = xstrdup(value);	25	item->util = xstrdup(value);
26	}	26	}
27		27
28	struct cgit_filter new_filter(const char cmd, int extra_args)	28	struct cgit_filter new_filter(const char cmd, int extra_args)
29	{	29	{
30	struct cgit_filter *f;	30	struct cgit_filter *f;
31		31
32	if (!cmd \|\| !cmd[0])	32	if (!cmd \|\| !cmd[0])
33	return NULL;	33	return NULL;
34		34
35	f = xmalloc(sizeof(struct cgit_filter));	35	f = xmalloc(sizeof(struct cgit_filter));
36	f->cmd = xstrdup(cmd);	36	f->cmd = xstrdup(cmd);


diff --git a/git b/git
	Subproject 7fb6bcff2dece2ff9fbc5ebfe526d9b2a7e764c		Subproject 87b50542a08ac6caa083ddc376e674424e37940


diff --git a/ui-plain.c b/ui-plain.c index 66cb19c..5569a7c 100644 --- a/ui-plain.c +++ b/ui-plain.c
@@ -26,25 +26,25 @@ static void print_object(const unsigned char sha1, const char path)
26	html_status(404, "Not found", 0);	26	html_status(404, "Not found", 0);
27	return;	27	return;
28	}	28	}
29		29
30	buf = read_sha1_file(sha1, &type, &size);	30	buf = read_sha1_file(sha1, &type, &size);
31	if (!buf) {	31	if (!buf) {
32	html_status(404, "Not found", 0);	32	html_status(404, "Not found", 0);
33	return;	33	return;
34	}	34	}
35	ctx.page.mimetype = NULL;	35	ctx.page.mimetype = NULL;
36	ext = strrchr(path, '.');	36	ext = strrchr(path, '.');
37	if (ext && *(++ext)) {	37	if (ext && *(++ext)) {
38	mime = string_list_lookup(ext, &ctx.cfg.mimetypes);	38	mime = string_list_lookup(&ctx.cfg.mimetypes, ext);
39	if (mime)	39	if (mime)
40	ctx.page.mimetype = (char *)mime->util;	40	ctx.page.mimetype = (char *)mime->util;
41	}	41	}
42	if (!ctx.page.mimetype) {	42	if (!ctx.page.mimetype) {
43	if (buffer_is_binary(buf, size))	43	if (buffer_is_binary(buf, size))
44	ctx.page.mimetype = "application/octet-stream";	44	ctx.page.mimetype = "application/octet-stream";
45	else	45	else
46	ctx.page.mimetype = "text/plain";	46	ctx.page.mimetype = "text/plain";
47	}	47	}
48	ctx.page.filename = fmt("%s", path);	48	ctx.page.filename = fmt("%s", path);
49	ctx.page.size = size;	49	ctx.page.size = size;
50	ctx.page.etag = sha1_to_hex(sha1);	50	ctx.page.etag = sha1_to_hex(sha1);


diff --git a/ui-stats.c b/ui-stats.c index bdaf9cc..50c2540 100644 --- a/ui-stats.c +++ b/ui-stats.c
@@ -166,36 +166,36 @@ static void add_commit(struct string_list authors, struct commit commit,
166	struct cgit_period *period)	166	struct cgit_period *period)
167	{	167	{
168	struct commitinfo *info;	168	struct commitinfo *info;
169	struct string_list_item author, item;	169	struct string_list_item author, item;
170	struct authorstat *authorstat;	170	struct authorstat *authorstat;
171	struct string_list *items;	171	struct string_list *items;
172	char *tmp;	172	char *tmp;
173	struct tm *date;	173	struct tm *date;
174	time_t t;	174	time_t t;
175		175
176	info = cgit_parse_commit(commit);	176	info = cgit_parse_commit(commit);
177	tmp = xstrdup(info->author);	177	tmp = xstrdup(info->author);
178	author = string_list_insert(tmp, authors);	178	author = string_list_insert(authors, tmp);
179	if (!author->util)	179	if (!author->util)
180	author->util = xcalloc(1, sizeof(struct authorstat));	180	author->util = xcalloc(1, sizeof(struct authorstat));
181	else	181	else
182	free(tmp);	182	free(tmp);
183	authorstat = author->util;	183	authorstat = author->util;
184	items = &authorstat->list;	184	items = &authorstat->list;
185	t = info->committer_date;	185	t = info->committer_date;
186	date = gmtime(&t);	186	date = gmtime(&t);
187	period->trunc(date);	187	period->trunc(date);
188	tmp = xstrdup(period->pretty(date));	188	tmp = xstrdup(period->pretty(date));
189	item = string_list_insert(tmp, items);	189	item = string_list_insert(items, tmp);
190	if (item->util)	190	if (item->util)
191	free(tmp);	191	free(tmp);
192	item->util++;	192	item->util++;
193	authorstat->total++;	193	authorstat->total++;
194	cgit_free_commitinfo(info);	194	cgit_free_commitinfo(info);
195	}	195	}
196		196
197	static int cmp_total_commits(const void a1, const void a2)	197	static int cmp_total_commits(const void a1, const void a2)
198	{	198	{
199	const struct string_list_item *i1 = a1;	199	const struct string_list_item *i1 = a1;
200	const struct string_list_item *i2 = a2;	200	const struct string_list_item *i2 = a2;
201	const struct authorstat *auth1 = i1->util;	201	const struct authorstat *auth1 = i1->util;
@@ -270,25 +270,25 @@ void print_combined_authorrow(struct string_list *authors, int from, int to,
270		270
271	total = 0;	271	total = 0;
272	htmlf("<tr><td class='%s'>%s</td>", leftclass,	272	htmlf("<tr><td class='%s'>%s</td>", leftclass,
273	fmt(name, to - from + 1));	273	fmt(name, to - from + 1));
274	for (j = 0; j < period->count; j++) {	274	for (j = 0; j < period->count; j++) {
275	tmp = period->pretty(tm);	275	tmp = period->pretty(tm);
276	period->inc(tm);	276	period->inc(tm);
277	subtotal = 0;	277	subtotal = 0;
278	for (i = from; i <= to; i++) {	278	for (i = from; i <= to; i++) {
279	author = &authors->items[i];	279	author = &authors->items[i];
280	authorstat = author->util;	280	authorstat = author->util;
281	items = &authorstat->list;	281	items = &authorstat->list;
282	date = string_list_lookup(tmp, items);	282	date = string_list_lookup(items, tmp);
283	if (date)	283	if (date)
284	subtotal += (size_t)date->util;	284	subtotal += (size_t)date->util;
285	}	285	}
286	htmlf("<td class='%s'>%d</td>", centerclass, subtotal);	286	htmlf("<td class='%s'>%d</td>", centerclass, subtotal);
287	total += subtotal;	287	total += subtotal;
288	}	288	}
289	htmlf("<td class='%s'>%d</td></tr>", rightclass, total);	289	htmlf("<td class='%s'>%d</td></tr>", rightclass, total);
290	}	290	}
291		291
292	void print_authors(struct string_list *authors, int top,	292	void print_authors(struct string_list *authors, int top,
293	struct cgit_period *period)	293	struct cgit_period *period)
294	{	294	{
@@ -322,25 +322,25 @@ void print_authors(struct string_list *authors, int top,
322	author = &authors->items[i];	322	author = &authors->items[i];
323	html("<tr><td class='left'>");	323	html("<tr><td class='left'>");
324	html_txt(author->string);	324	html_txt(author->string);
325	html("</td>");	325	html("</td>");
326	authorstat = author->util;	326	authorstat = author->util;
327	items = &authorstat->list;	327	items = &authorstat->list;
328	total = 0;	328	total = 0;
329	for (j = 0; j < period->count; j++)	329	for (j = 0; j < period->count; j++)
330	period->dec(tm);	330	period->dec(tm);
331	for (j = 0; j < period->count; j++) {	331	for (j = 0; j < period->count; j++) {
332	tmp = period->pretty(tm);	332	tmp = period->pretty(tm);
333	period->inc(tm);	333	period->inc(tm);
334	date = string_list_lookup(tmp, items);	334	date = string_list_lookup(items, tmp);
335	if (!date)	335	if (!date)
336	html("<td>0</td>");	336	html("<td>0</td>");
337	else {	337	else {
338	htmlf("<td>%d</td>", date->util);	338	htmlf("<td>%d</td>", date->util);
339	total += (size_t)date->util;	339	total += (size_t)date->util;
340	}	340	}
341	}	341	}
342	htmlf("<td class='sum'>%d</td></tr>", total);	342	htmlf("<td class='sum'>%d</td></tr>", total);
343	}	343	}
344		344
345	if (top < authors->nr)	345	if (top < authors->nr)
346	print_combined_authorrow(authors, top, authors->nr - 1,	346	print_combined_authorrow(authors, top, authors->nr - 1,