SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for cgit-1.2.1-lp150.3.1.x86_64.rpm :

* Thu Dec 06 2018 Jan Engelhardt - Create a /var/cache/cgit [boo#1116567]- Update bundled git to 2.18.1- Remove cgit-optflags.diff
* Sun Aug 05 2018 jengelhAATTinai.de- Update to new upstream release 1.2.1
* fixes CVE-2018-14912 directory traversal vulnerability [boo#1103799]
* syntax-highlighting: replace invalid unicode with \'?\'
* ui-repolist: properly sort by age
* ui-patch: fix crash when using path limit- Remove cgit-built-with-git-v2.11.0.patch (merged upstream)
* Sat Feb 11 2017 jengelhAATTinai.de- Update bundled git to 2.11.1
* Thu Jan 19 2017 vsvecovaAATTsuse.com- Version bump to v1.1:
* For more information see complete changelog at https://git.zx2c4.com/cgit/log/- Add cgit-built-with-git-v2.11.0.patch
* Thu Jan 05 2017 vcizekAATTsuse.com- remove redundant gnu-crypto BuildRequires
* Mon Jun 13 2016 astiegerAATTsuse.com- cgit 1.0:
* Add repo.homepage/gitweb.homepage setting and homepage tab.
* Considerable internal cleanups.
* Show reverse paths in title bar so that browser tab shows filename.
* Add syntax highlighting to md2html.
* Allow redirects even when caching is turned on.
* Fix empty PATH_INFO on redirect.
* Better HTML5 compliance.
* Simplified decorations.
* Show repo\'s root directory in plain view.
* Date printing and timezone normalization.
* Unicode issues in syntax highlighting.
* Account for caches with empty key.
* Use size_t for all lengths.
* More gracefully deal with unparsable commits.- with git 2.8.3- the following patches are now included upstream git 2.8.3: 0012-http-push-stop-using-name_path.patch 0013-show_object_with_name-simplify-by-using-path_name.patch 0014-list-objects-convert-name_path-to-a-strbuf.patch 0015-list-objects-drop-name_path-entirely.patch 0016-list-objects-pass-full-pathname-to-callbacks.patch
* Wed Mar 16 2016 tiwaiAATTsuse.de- Fix remote code execution via buffer overflow (CVE-2016-2315, CVE-2016-2324, bsc#971328): 0012-http-push-stop-using-name_path.patch 0013-show_object_with_name-simplify-by-using-path_name.patch 0014-list-objects-convert-name_path-to-a-strbuf.patch 0015-list-objects-drop-name_path-entirely.patch 0016-list-objects-pass-full-pathname-to-callbacks.patch
* Thu Jan 14 2016 jengelhAATTinai.de- Update to new upstream release 0.12
* Show remote refs in branch switcher combobox.
* Add sample post-receive hook in /contrib.
* Add HTML escaping to filters.
* Add \"enable-follow-links\" option to have the log UI behave the same way as \"git log --follow\", as well as updating the diffand commit UIs.
* Errors are now cached under the dynamic-ttl setting.
* Simplified filters and converters.
* Add \"enable-html-serving\" to turn on serving of HTML mimetypes from the /plain handler, to prevent against stored XSS.
* /blob no longer takes a mimetype query string parameter.- Resolve: Reflected Cross Site Scripting & Header Injection in Mimetype Query String; Stored Cross Site Scripting & Header Injection in Filename Parameter; Stored Cross Site Scripting in Git Repo Files; Integer Overflow resulting in Buffer Overflow [boo#961916 CVE-2016-1899 CVE-2016-1900 CVE-2016-1901]- Update bundled git tarball to 2.7.0 (build-time requirement)
* Tue Oct 06 2015 jengelhAATTinai.de- Update bundled git tarball to 2.6.1 [bnc#948969]
* Thu Sep 24 2015 jengelhAATTinai.de- Update bundled git tarball to 2.5.3
* Tue Jun 09 2015 jengelhAATTinai.de- Update bundled git tarball to 2.4.3
* Mon May 04 2015 jengelhAATTinai.de- Update to new upstream release 0.11.2
* addition of a Lua scripting engine
* fine-grained authentication support through the new Lua scripting system
* support for the \"rawdiff\" command was added
* sendfile() is now used when available (Linux systems) instead of a loop of read() and write(). This should significantly increase performance for high volume sites which make heavy use of the caching feature, as it saves copies to and from user-space.
* Caching granularity is now improved with the introduction of the cache-snapshot-ttl option, which allows configuration of the ttl for tarball and zip snapshots of repositories.
* When filtering in the index, make the sorting links point to the same filtered page of results
* Take into account leading slashes when comptuing links- Avoid double %setup (messes with quilt). Simplify filelist. %doc for man is implicit.- Drop cgit-git-1.7.6_build_fix.patch, cgit-fix-print-tree.diff, cgit-fix-more-read_tree_recursive-invocations.diff, cgit-CVE-2013-2117-disallow-directory-traversal.patch- Add signature for the git core tarball.
* Mon Nov 24 2014 guillaumeAATTopensuse.org- Fix css and logo path in cgitrc file (replace /git by /cgit)
* Mon Oct 06 2014 jengelhAATTinai.de- Remove ancient specfile tags/sections- Enable parallel build
* Fri Jul 05 2013 tiwaiAATTsuse.de- Fix VUL-0: cgit: remote file disclosure flaw (CVE-2013-2117, bnc#822166)
* Tue Nov 20 2012 vjtAATTopenssl.it- BuildRequire xz
* Tue Nov 20 2012 tiwaiAATTsuse.de- updated to cgit-0.9.1: Enhancements: - path-selected submodule links - intelligent default branch guessing - /etc/mime.types lookup - gitweb.
* and cgit.
* git-config support - case insensitive sorting and age sorting - commit, repository, and section sorting - bold currently viewed page in pagination - support BSDs in makefile Security: - CVE-2012-4465: heap-buffer overflow in parsing.c - CVE-2012-4548: syntax highlighting command injection Bug Fixes: - transition maintainer to Jason Donenfeld (zx2c4) - download git snapshot from github instead of Lars\' old server - css fixes - stablization of tests - more compatible default highlight script - suppress gzip timestamp so that tarballs only use tar timestamps - treat ctags as target in makefile - do not let global variables override certain local repo settings - print ampersand as proper html entity - use placeholder for empty commit subject - format diff view for addition and removal of files - point links at correct blob from ssdiff- drop obsoleted patches cgit-CVE-2011-2711-fix.diff cgit-CVE-2012-4465-fix.diff cgit-CVE-2012-4548-fix.diff
* Mon Oct 29 2012 tiwaiAATTsuse.de- cgit-CVE-2012-4548-fix.diff: Fix VUL-0: cgit: arbitrary code / command execution via improperly quoted arguments (CVE-2012-4548, bnc#787074)
* Wed Oct 10 2012 tiwaiAATTsuse.de- Fix VUL-0: specially-crafted commits can trigger a heap-based buffer overflow (CVE-2012-4465, bnc#783012)
* Mon Feb 13 2012 cooloAATTsuse.com- patch license to follow spdx.org standard
* Mon Nov 28 2011 zooeyAATThirschkaefer.de- Add patch cgit-fix-more-read_tree_recursive-invocations.diff: There are more incorrect invocations of read_tree_recursive(), one example can be seen when visiting one of the \'plain\' links in the tree view (contents of the wrong file are shown). This time I did what I should have done last time and checked and adjusted all invocations of read_tree_recursive().
* Tue Nov 22 2011 saschpeAATTsuse.de- Add patch cgit-fix-print-tree.diff: The cgit build fix with respect to git-1.7.6 is incomplete: in the file ui-tree.c ls_tree() has been patched to use pathspec when invoking read_tree_recursive(), but cgit_print_tree() has no t been touched. The resulting problem can be seen when browsing the tree of a cgit repository: when you \"drill down\" into subfolders, parts of the parent folder\'s contents will appear in the listing. This patch adjusts cgit_print_tree() accordingly, which fixes the problem.
* Fri Oct 14 2011 tiwaiAATTsuse.de- split from OBS git repo to an individual repo (since cgit-0.9 doesn\'t build with git-1.7.7)- merged fixes in git repo back to cgit repo- updated to git 1.7.6.4
* Wed Aug 03 2011 asnAATTcryptomilk.org- updated to cgit 0.9.0.2- fixed potential XSS vulnerability in rename hint- fixed a segfault with git 1.7.6
* Mon Jun 27 2011 tiwaiAATTsuse.de- updated to git 1.7.6: see git changelog for more details
* Mon Jun 06 2011 tiwaiAATTsuse.de- updated to git 1.7.5.4: see git changelog for more details
* Mon Jun 06 2011 tiwaiAATTsuse.de- Fix incompatibilies with git 1.7.5.x to build cgit again
* Wed Jun 01 2011 mmarekAATTnovell.com- Do not buildrequire git, the package builds it\'s own git and the buildrequires line only makes backporting harder.
* Fri May 27 2011 tiwaiAATTsuse.de- updated git 1.7.5.3: See git changelog for more details
* Mon Mar 28 2011 tiwaiAATTsuse.de- updated to git 1.7.4.2: documentation updates, small bug fixes; see included Documentation/RelNotes/1.7.4.2.txt- updated to cgit 0.9: major updates; using git-1.7.4.x
* Fri Dec 17 2010 tiwaiAATTsuse.de- updated to git 1.7.3.3: In addition to the usual fixes, this release also includes support for the new \"add.ignoreErrors\" name given to the existing \"add.ignore-errors\" configuration variable.- updated to git 1.7.3.4: Among many fixes since v1.7.3.3, it contains a fix to a recently discovered XSS vulnerability in Gitweb (CVE 2010-3906)
* Thu Sep 30 2010 tiwaiAATTsuse.de- updated to git 1.7.3: major version update; new options and behavior for git-rebase, git-clean, git-checkout, git-gui. See release note: http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.7.3.txt- updated to git 1.7.3.1: fix git-stash breakages- Set NO_CROSS_DIRECTORY_HARDLINKS=1 to satisfy BS
* Fri Aug 20 2010 anschneiderAATTexsuse.de- fixed more segfaults in cgit.
* Fri Aug 20 2010 anschneiderAATTexsuse.de- fix cgit segfault when using git > 1.7- update to version 0.8.3.3- get debuginfo working, don\'t strip binaries.
* Fri Aug 20 2010 tiwaiAATTsuse.de- updated to git 1.7.2.2
* Thu Jul 29 2010 tiwaiAATTsuse.de- fix missing link with libpthread
* Thu Jul 29 2010 tiwaiAATTsuse.de- updated to git 1.7.2.1: minor fixes for git-instaweb, git-web, git-config. See release note: http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.7.2.1.txt
* Thu Jul 22 2010 tiwaiAATTsuse.de- updated to git 1.7.2: mostly bug fixes and small enhancements; see the release note: http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.7.2.txt- gitweb stuff is moved to /usr/share/gitweb
* Sun Apr 25 2010 poletti.marcoAATTgmail.com- Build against version 1.7.0.3 of git instead of 1.6.4.3.
* Fri Feb 05 2010 poletti.marcoAATTgmail.com- Initial release, version 0.8.3.1
  
ICM