CVS log for cvsweb/cvsweb.cgi

[BACK] Up to [cvsweb.bsd.lv] / cvsweb

Request diff between arbitrary revisions


Default branch: MAIN
Current tag: MAIN


Revision 4.40 / (download) - annotate - [select for diffs], Sat Nov 30 13:08:41 2019 UTC (4 years, 3 months ago) by schwarze
Branch: MAIN
CVS Tags: HEAD
Changes since 4.39: +1 -11 lines
Diff to previous 4.39 (colored)

Delete disabled code for globbing in PATH_INFO.  No implemention
exists, and writing one looks like a bad idea for security reasons.

Revision 4.39 / (download) - annotate - [select for diffs], Fri Nov 29 23:42:40 2019 UTC (4 years, 3 months ago) by schwarze
Branch: MAIN
Changes since 4.38: +91 -49 lines
Diff to previous 4.38 (colored)

* set all config defaults at the top of the script
* load the config file right after that
* make the config file optional
* make the $config variable local to the block using it
* stop the madness of having multiple config files
* @cvs_options = qw(-f -R) because NetBSD supports that, too
* drop useless variable $allow_version_select while here

Revision 4.38 / (download) - annotate - [select for diffs], Fri Nov 29 19:30:16 2019 UTC (4 years, 3 months ago) by schwarze
Branch: MAIN
Changes since 4.37: +3 -21 lines
Diff to previous 4.37 (colored)

Enforce our global policy of "UTF-8 only".  This is 2019.

Revision 4.37 / (download) - annotate - [select for diffs], Fri Nov 29 18:50:15 2019 UTC (4 years, 3 months ago) by schwarze
Branch: MAIN
Changes since 4.36: +4 -97 lines
Diff to previous 4.36 (colored)

Delete support for external %DIFF_COMMANDS.
Files like spreadsheets normally aren't committed to CVS.
Besides, it is not a good idea to run random, not necessarily
trustworthy external programs in a web application context.

Revision 4.36 / (download) - annotate - [select for diffs], Fri Nov 29 18:33:24 2019 UTC (4 years, 3 months ago) by schwarze
Branch: MAIN
Changes since 4.35: +7 -7 lines
Diff to previous 4.35 (colored)

drop the completely pointless $inputTextSize config variable

Revision 4.35 / (download) - annotate - [select for diffs], Fri Nov 29 18:15:48 2019 UTC (4 years, 3 months ago) by schwarze
Branch: MAIN
Changes since 4.34: +4 -5 lines
Diff to previous 4.34 (colored)

Delete $showfunc configuration variable.
There is really no point in switching off diff(1) -p.

Revision 4.34 / (download) - annotate - [select for diffs], Fri Nov 29 16:30:06 2019 UTC (4 years, 3 months ago) by schwarze
Branch: MAIN
Changes since 4.33: +5 -5 lines
Diff to previous 4.33 (colored)

drop the totally pointless $tablepadding configuration variable

Revision 4.33 / (download) - annotate - [select for diffs], Fri Nov 29 16:27:33 2019 UTC (4 years, 3 months ago) by schwarze
Branch: MAIN
Changes since 4.32: +18 -16 lines
Diff to previous 4.32 (colored)

There is no point in making icons configurable, except for their location.

Revision 4.32 / (download) - annotate - [select for diffs], Fri Nov 29 15:05:26 2019 UTC (4 years, 3 months ago) by schwarze
Branch: MAIN
Changes since 4.31: +3 -6 lines
Diff to previous 4.31 (colored)

Documentation does not belong into the default output of a program.
Delete it.

Revision 4.31 / (download) - annotate - [select for diffs], Fri Nov 29 14:40:27 2019 UTC (4 years, 3 months ago) by schwarze
Branch: MAIN
Changes since 4.30: +5 -1 lines
Diff to previous 4.30 (colored)

We always want read only access to the repositories, so CVSREADONLYFS
is not a configuration option.  Unconditionally set it in the script itself.

Revision 4.30 / (download) - annotate - [select for diffs], Fri Nov 29 14:29:48 2019 UTC (4 years, 3 months ago) by schwarze
Branch: MAIN
Changes since 4.29: +6 -15 lines
Diff to previous 4.29 (colored)

The tar(1) -z option is fully portable: all BSDs, GNU tar, and Illumos
support it.  Consequently, there is no need to run tar(1) and gzip(1)
in a pipe.

Revision 4.29 / (download) - annotate - [select for diffs], Fri Nov 29 13:39:50 2019 UTC (4 years, 3 months ago) by schwarze
Branch: MAIN
Changes since 4.28: +9 -30 lines
Diff to previous 4.28 (colored)

Simplify by providing default paths to commands.
If you put the commands somewhere else in your chroot,
simply say so in the configuration file.

Revision 4.28 / (download) - annotate - [select for diffs], Tue Nov 26 12:14:38 2019 UTC (4 years, 4 months ago) by schwarze
Branch: MAIN
Changes since 4.27: +2 -2 lines
Diff to previous 4.27 (colored)

remove misleading references to GNU

Revision 4.27 / (download) - annotate - [select for diffs], Tue Nov 26 12:09:02 2019 UTC (4 years, 4 months ago) by schwarze
Branch: MAIN
Changes since 4.26: +3 -27 lines
Diff to previous 4.26 (colored)

Delete the pointless support for %MIRRORS.
CVSweb traffic will never be demanding, and in this day and age,
web servers are powerful enough.

Revision 4.26 / (download) - annotate - [select for diffs], Tue Nov 26 12:04:55 2019 UTC (4 years, 4 months ago) by schwarze
Branch: MAIN
Changes since 4.25: +6 -19 lines
Diff to previous 4.25 (colored)

Simplify the configuration UI by deleting the pointless $cvstreedefault
variable.  Just put the default first and be done with it.

Revision 4.25 / (download) - annotate - [select for diffs], Tue Nov 26 11:53:01 2019 UTC (4 years, 4 months ago) by schwarze
Branch: MAIN
Changes since 4.24: +10 -22 lines
Diff to previous 4.24 (colored)

Delete support for the pointless zip(1) format; this is Unix.

Revision 4.24 / (download) - annotate - [select for diffs], Tue Nov 26 11:28:43 2019 UTC (4 years, 4 months ago) by schwarze
Branch: MAIN
Changes since 4.23: +3 -8 lines
Diff to previous 4.23 (colored)

Delete @mytz.
WWW means "world wide web", so it's utterly absurd to use anything but UTC.

Revision 4.23 / (download) - annotate - [select for diffs], Tue Nov 26 11:21:27 2019 UTC (4 years, 4 months ago) by schwarze
Branch: MAIN
Changes since 4.22: +3 -27 lines
Diff to previous 4.22 (colored)

Delete cvshistory.cgi tentacles, yet another piece of abandonware.
If it contained anything of value, those parts should be integrated.

Revision 4.22 / (download) - annotate - [select for diffs], Wed Nov 13 09:12:47 2019 UTC (4 years, 4 months ago) by schwarze
Branch: MAIN
Changes since 4.21: +12 -20 lines
Diff to previous 4.21 (colored)

better error handling when reading the configuration file

Revision 4.21 / (download) - annotate - [select for diffs], Tue Nov 12 09:28:15 2019 UTC (4 years, 4 months ago) by schwarze
Branch: MAIN
Changes since 4.20: +3 -2 lines
Diff to previous 4.20 (colored)

merge rev. 3.119.2.25:
make empty SCRIPT_NAME work as expected

Revision 4.20 / (download) - annotate - [select for diffs], Mon Nov 11 15:46:39 2019 UTC (4 years, 4 months ago) by schwarze
Branch: MAIN
Changes since 4.19: +2 -40 lines
Diff to previous 4.19 (colored)

delete support for the obsolete GNATS bug tracking system

Revision 4.19 / (download) - annotate - [select for diffs], Mon Nov 11 14:56:27 2019 UTC (4 years, 4 months ago) by schwarze
Branch: MAIN
Changes since 4.18: +1 -108 lines
Diff to previous 4.18 (colored)

Delete GNU Enscript support.  I don't need and i don't want syntax
highlighting, so i'm certainly not going to maintain it.

Revision 4.18 / (download) - annotate - [select for diffs], Mon Nov 11 14:37:54 2019 UTC (4 years, 4 months ago) by schwarze
Branch: MAIN
Changes since 4.17: +8 -120 lines
Diff to previous 4.17 (colored)

Delete cvsgraph support.  It looks like abandonware upstream,
and about the first think the author says is "hey, I like a hack".
Such software is hardly adequate in a CGI context, and besides,
the functionality is poorly thought-out and mostly useless.

Revision 4.17 / (download) - annotate - [select for diffs], Mon Nov 11 13:28:36 2019 UTC (4 years, 4 months ago) by schwarze
Branch: MAIN
Changes since 4.16: +19 -26 lines
Diff to previous 4.16 (colored)

kill all traces of JavaScript;
it's disgusting that they crept in here in the first place

Revision 4.16 / (download) - annotate - [select for diffs], Mon Nov 11 13:15:09 2019 UTC (4 years, 4 months ago) by schwarze
Branch: MAIN
Changes since 4.15: +2 -2 lines
Diff to previous 4.15 (colored)

delete several instances of the string "FreeBSD"
where they no longer make sense

Revision 4.15 / (download) - annotate - [select for diffs], Mon Nov 11 12:55:38 2019 UTC (4 years, 4 months ago) by schwarze
Branch: MAIN
Changes since 4.14: +1 -212 lines
Diff to previous 4.14 (colored)

Delete String::Ediff functionality.
The module is not even ported to OpenBSD, the code is horrific,
and the functionality is totally unimportant.

Revision 4.14 / (download) - annotate - [select for diffs], Mon Nov 11 12:46:23 2019 UTC (4 years, 4 months ago) by schwarze
Branch: MAIN
Changes since 4.13: +3 -3 lines
Diff to previous 4.13 (colored)

trivial compilation errors

Revision 4.13 / (download) - annotate - [select for diffs], Mon Nov 11 12:40:12 2019 UTC (4 years, 4 months ago) by schwarze
Branch: MAIN
Changes since 4.12: +4 -17 lines
Diff to previous 4.12 (colored)

Compress::Zlib(3p) is provided by base Perl, so just use it unconditionally

Revision 4.12 / (download) - annotate - [select for diffs], Sun Nov 10 14:55:42 2019 UTC (4 years, 4 months ago) by schwarze
Branch: MAIN
Changes since 4.11: +2 -2 lines
Diff to previous 4.11 (colored)

Fix an encoding bug reported by Mattieu Baptiste on ports@ 2012-09-02 15:19:49;
however, i think his fix was not quite right either:
we're encoding "unsigned char" values, not to UTF-8

Revision 4.11 / (download) - annotate - [select for diffs], Sun Nov 10 14:39:55 2019 UTC (4 years, 4 months ago) by schwarze
Branch: MAIN
Changes since 4.10: +2 -1 lines
Diff to previous 4.10 (colored)

fix the deletion of the temporary directory used for tarball downloads;
patch from Mattieu Baptiste on ports@ 2012-06-15 11:54:34

Revision 4.10 / (download) - annotate - [select for diffs], Sat Nov 9 10:18:09 2019 UTC (4 years, 4 months ago) by schwarze
Branch: MAIN
Changes since 4.9: +3 -1 lines
Diff to previous 4.9 (colored)

similar to revisions 3.119.2.23 and 3.119.2.24:
For defense-in-depth against XSS attacks, add a Content-Security-Policy
Response header as a second layer mitigation.  Basic idea suggested
by sthen@.

Revision 4.9 / (download) - annotate - [select for diffs], Sat Nov 9 10:06:23 2019 UTC (4 years, 4 months ago) by schwarze
Branch: MAIN
Changes since 4.8: +12 -4 lines
Diff to previous 4.8 (colored)

similar to rev. 3.119.2.22:
Fix the QUERY_STRING parts of the XSS vulnerabilities found by Ezio Paglia
in a more robust way: do very strict whitelist-based input validation on
the characters occurring in the QUERY_STRING, such that everything
stored in the %input hash table is safe in the first place without
requiring any kind of escaping later.  When finding unexpected characters
in the QUERY_STRING, it is safest to simply error out fatal()ly.

Revision 4.8 / (download) - annotate - [select for diffs], Sat Nov 9 09:41:07 2019 UTC (4 years, 4 months ago) by schwarze
Branch: MAIN
Changes since 4.7: +2 -2 lines
Diff to previous 4.7 (colored)

similar to rev. 3.119.2.18:
bump VERSION to 3.1

Revision 4.7 / (download) - annotate - [select for diffs], Sat Nov 9 09:32:22 2019 UTC (4 years, 4 months ago) by schwarze
Branch: MAIN
Changes since 4.6: +2 -1 lines
Diff to previous 4.6 (colored)

Partial merge of rev. 3.119.2.15; the rest will be fixed differently
because the original diff caused regressions.

Original commit message:
Patch from Peter J. Philipp <pjp at centroid dot eu>
to fix some opportunities for XSS;
triggered by a report from Ezio Paglia.

Revision 4.6 / (download) - annotate - [select for diffs], Sat Nov 9 09:27:22 2019 UTC (4 years, 4 months ago) by schwarze
Branch: MAIN
Changes since 4.5: +2 -2 lines
Diff to previous 4.5 (colored)

merge rev. 3.119.2.14:
Switch the order of the name and the section
in the $mancgi configuration variable.
For the new man.openbsd.org URI syntax, the name must come first.
For the old query syntax, both orders work just fine.

Revision 4.5 / (download) - annotate - [select for diffs], Sat Nov 9 09:24:13 2019 UTC (4 years, 4 months ago) by schwarze
Branch: MAIN
Changes since 4.4: +2 -3 lines
Diff to previous 4.4 (colored)

merge rev. 3.119.2.13:
Disable Perl taint check for now; to be re-enabled after a security audit.

Relevant part of the original commit message:
date: 2003/08/16 23:18:41;  author: naddy;
* upstreamer maintainer suggests that we run without taint checks on perl 5.8
* [...]

Revision 4.4 / (download) - annotate - [select for diffs], Sat Nov 9 09:19:27 2019 UTC (4 years, 4 months ago) by schwarze
Branch: MAIN
Changes since 4.3: +3 -18 lines
Diff to previous 4.3 (colored)

merge rev. 3.119.2.12:
A web server should absolutely run chrooted, so storing a configuration
file below /usr/local/etc/ makes no sense whatsoever.  Also, the
configuration file should certainly not be in a directory where
files can get executed as CGI scripts, so looking in the same
directory as cvsweb.cgi is a bad idea, too.

Considerably simplify things by hardcoding a reasonable location.
The INSTALL file already instructs the user to check this.

Revision 4.3 / (download) - annotate - [select for diffs], Sat Nov 9 09:11:55 2019 UTC (4 years, 4 months ago) by schwarze
Branch: MAIN
Changes since 4.2: +2 -2 lines
Diff to previous 4.2 (colored)

merge rev. 3.119.2.11:
merge patch-cvsweb_cgi rev. 1.13 from the OpenBSD port

relevant part of the original commit message:
date: 2013/04/07 20:07:24;  author: naddy;
More perl 5.16 fixes:
* [...]
* Fix a deprecation warning.
ok tobias@, sthen@

Revision 4.2 / (download) - annotate - [select for diffs], Sat Nov 9 09:10:05 2019 UTC (4 years, 4 months ago) by schwarze
Branch: MAIN
Changes since 4.1: +7 -29 lines
Diff to previous 4.1 (colored)

merge rev. 3.119.2.10:
merge patch-cvsweb_cgi rev. 1.10 from the OpenBSD port, tweaked by me

original commit message:
date: 2003/08/16 18:12:10;  author: naddy;
excise functions that require GNU diff; prodding by jolan@

Revision 4.1 / (download) - annotate - [select for diffs], Fri Nov 8 21:08:26 2019 UTC (4 years, 4 months ago) by schwarze
Branch: MAIN

Fix CVS identifiers: remove "FreeBSD" ids that were never functional
in the KNU/SCOP repository, remove "Idaemons" ids that got frozen
at some random point in the history, add "knu" ids reporting the
latest revision from the trunk of the KNU/SCOP repo, and add "Id"
identifiers to report the current revision in the SCHWARZE repository.

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb