SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for cgit-1.2.1-3.2.x86_64.rpm :
Thu Dec 6 13:00:00 2018 Jan Engelhardt
- Create a /var/cache/cgit [boo#1116567]
- Update bundled git to 2.18.1
- Remove cgit-optflags.diff

Sun Aug 5 14:00:00 2018 jengelhAATTinai.de
- Update to new upstream release 1.2.1

* fixes CVE-2018-14912 directory traversal vulnerability
[boo#1103799]

* syntax-highlighting: replace invalid unicode with \'?\'

* ui-repolist: properly sort by age

* ui-patch: fix crash when using path limit
- Remove cgit-built-with-git-v2.11.0.patch (merged upstream)

Sat Feb 11 13:00:00 2017 jengelhAATTinai.de
- Update bundled git to 2.11.1

Thu Jan 19 13:00:00 2017 vsvecovaAATTsuse.com
- Version bump to v1.1:

* For more information see complete changelog at
https://git.zx2c4.com/cgit/log/
- Add cgit-built-with-git-v2.11.0.patch

Thu Jan 5 13:00:00 2017 vcizekAATTsuse.com
- remove redundant gnu-crypto BuildRequires

Mon Jun 13 14:00:00 2016 astiegerAATTsuse.com
- cgit 1.0:

* Add repo.homepage/gitweb.homepage setting and homepage tab.

* Considerable internal cleanups.

* Show reverse paths in title bar so that browser tab shows
filename.

* Add syntax highlighting to md2html.

* Allow redirects even when caching is turned on.

* Fix empty PATH_INFO on redirect.

* Better HTML5 compliance.

* Simplified decorations.

* Show repo\'s root directory in plain view.

* Date printing and timezone normalization.

* Unicode issues in syntax highlighting.

* Account for caches with empty key.

* Use size_t for all lengths.

* More gracefully deal with unparsable commits.
- with git 2.8.3
- the following patches are now included upstream git 2.8.3:
0012-http-push-stop-using-name_path.patch
0013-show_object_with_name-simplify-by-using-path_name.patch
0014-list-objects-convert-name_path-to-a-strbuf.patch
0015-list-objects-drop-name_path-entirely.patch
0016-list-objects-pass-full-pathname-to-callbacks.patch

Wed Mar 16 13:00:00 2016 tiwaiAATTsuse.de
- Fix remote code execution via buffer overflow (CVE-2016-2315,
CVE-2016-2324, bsc#971328):
0012-http-push-stop-using-name_path.patch
0013-show_object_with_name-simplify-by-using-path_name.patch
0014-list-objects-convert-name_path-to-a-strbuf.patch
0015-list-objects-drop-name_path-entirely.patch
0016-list-objects-pass-full-pathname-to-callbacks.patch

Thu Jan 14 13:00:00 2016 jengelhAATTinai.de
- Update to new upstream release 0.12

* Show remote refs in branch switcher combobox.

* Add sample post-receive hook in /contrib.

* Add HTML escaping to filters.

* Add \"enable-follow-links\" option to have the log UI
behave the same way as \"git log --follow\", as well
as updating the diffand commit UIs.

* Errors are now cached under the dynamic-ttl setting.

* Simplified filters and converters.

* Add \"enable-html-serving\" to turn on serving of HTML mimetypes
from the /plain handler, to prevent against stored XSS.

* /blob no longer takes a mimetype query string parameter.
- Resolve: Reflected Cross Site Scripting & Header Injection in
Mimetype Query String; Stored Cross Site Scripting & Header
Injection in Filename Parameter; Stored Cross Site Scripting in
Git Repo Files; Integer Overflow resulting in Buffer Overflow
[boo#961916 CVE-2016-1899 CVE-2016-1900 CVE-2016-1901]
- Update bundled git tarball to 2.7.0 (build-time requirement)

Tue Oct 6 14:00:00 2015 jengelhAATTinai.de
- Update bundled git tarball to 2.6.1 [bnc#948969]

Thu Sep 24 14:00:00 2015 jengelhAATTinai.de
- Update bundled git tarball to 2.5.3

Tue Jun 9 14:00:00 2015 jengelhAATTinai.de
- Update bundled git tarball to 2.4.3

Mon May 4 14:00:00 2015 jengelhAATTinai.de
- Update to new upstream release 0.11.2

* addition of a Lua scripting engine

* fine-grained authentication support through the new Lua
scripting system

* support for the \"rawdiff\" command was added

* sendfile() is now used when available (Linux systems) instead
of a loop of read() and write(). This should significantly
increase performance for high volume sites which make heavy use
of the caching feature, as it saves copies to and from
user-space.

* Caching granularity is now improved with the introduction of
the cache-snapshot-ttl option, which allows configuration of
the ttl for tarball and zip snapshots of repositories.

* When filtering in the index, make the sorting links point to
the same filtered page of results

* Take into account leading slashes when comptuing links
- Avoid double %setup (messes with quilt). Simplify filelist.
%doc for man is implicit.
- Drop cgit-git-1.7.6_build_fix.patch,
cgit-fix-print-tree.diff,
cgit-fix-more-read_tree_recursive-invocations.diff,
cgit-CVE-2013-2117-disallow-directory-traversal.patch
- Add signature for the git core tarball.

Mon Nov 24 13:00:00 2014 guillaumeAATTopensuse.org
- Fix css and logo path in cgitrc file (replace /git by /cgit)

Mon Oct 6 14:00:00 2014 jengelhAATTinai.de
- Remove ancient specfile tags/sections
- Enable parallel build

Fri Jul 5 14:00:00 2013 tiwaiAATTsuse.de
- Fix VUL-0: cgit: remote file disclosure flaw (CVE-2013-2117,
bnc#822166)

Tue Nov 20 13:00:00 2012 vjtAATTopenssl.it
- BuildRequire xz

Tue Nov 20 13:00:00 2012 tiwaiAATTsuse.de
- updated to cgit-0.9.1:
Enhancements:
- path-selected submodule links
- intelligent default branch guessing
- /etc/mime.types lookup
- gitweb.
* and cgit.
* git-config support
- case insensitive sorting and age sorting
- commit, repository, and section sorting
- bold currently viewed page in pagination
- support BSDs in makefile
Security:
- CVE-2012-4465: heap-buffer overflow in parsing.c
- CVE-2012-4548: syntax highlighting command injection
Bug Fixes:
- transition maintainer to Jason Donenfeld (zx2c4)
- download git snapshot from github instead of Lars\' old server
- css fixes
- stablization of tests
- more compatible default highlight script
- suppress gzip timestamp so that tarballs only use tar timestamps
- treat ctags as target in makefile
- do not let global variables override certain local repo settings
- print ampersand as proper html entity
- use placeholder for empty commit subject
- format diff view for addition and removal of files
- point links at correct blob from ssdiff
- drop obsoleted patches
cgit-CVE-2011-2711-fix.diff
cgit-CVE-2012-4465-fix.diff
cgit-CVE-2012-4548-fix.diff

Mon Oct 29 13:00:00 2012 tiwaiAATTsuse.de
- cgit-CVE-2012-4548-fix.diff:
Fix VUL-0: cgit: arbitrary code / command execution via
improperly quoted arguments (CVE-2012-4548, bnc#787074)

Wed Oct 10 14:00:00 2012 tiwaiAATTsuse.de
- Fix VUL-0: specially-crafted commits can trigger a heap-based
buffer overflow (CVE-2012-4465, bnc#783012)

Mon Feb 13 13:00:00 2012 cooloAATTsuse.com
- patch license to follow spdx.org standard

Mon Nov 28 13:00:00 2011 zooeyAATThirschkaefer.de
- Add patch cgit-fix-more-read_tree_recursive-invocations.diff:
There are more incorrect invocations of read_tree_recursive(),
one example can be seen when visiting one of the \'plain\' links
in the tree view (contents of the wrong file are shown).
This time I did what I should have done last time and checked
and adjusted all invocations of read_tree_recursive().

Tue Nov 22 13:00:00 2011 saschpeAATTsuse.de
- Add patch cgit-fix-print-tree.diff:
The cgit build fix with respect to git-1.7.6 is incomplete: in
the file ui-tree.c ls_tree() has been patched to use pathspec
when invoking read_tree_recursive(), but cgit_print_tree() has
no t been touched.
The resulting problem can be seen when browsing the tree of a cgit
repository: when you \"drill down\" into subfolders, parts of the
parent folder\'s contents will appear in the listing.
This patch adjusts cgit_print_tree() accordingly, which fixes the problem.

Fri Oct 14 14:00:00 2011 tiwaiAATTsuse.de
- split from OBS git repo to an individual repo (since cgit-0.9
doesn\'t build with git-1.7.7)
- merged fixes in git repo back to cgit repo
- updated to git 1.7.6.4

Wed Aug 3 14:00:00 2011 asnAATTcryptomilk.org
- updated to cgit 0.9.0.2
- fixed potential XSS vulnerability in rename hint
- fixed a segfault with git 1.7.6

Mon Jun 27 14:00:00 2011 tiwaiAATTsuse.de
- updated to git 1.7.6: see git changelog for more details

Mon Jun 6 14:00:00 2011 tiwaiAATTsuse.de
- updated to git 1.7.5.4: see git changelog for more details

Mon Jun 6 14:00:00 2011 tiwaiAATTsuse.de
- Fix incompatibilies with git 1.7.5.x to build cgit again

Wed Jun 1 14:00:00 2011 mmarekAATTnovell.com
- Do not buildrequire git, the package builds it\'s own git and the
buildrequires line only makes backporting harder.

Fri May 27 14:00:00 2011 tiwaiAATTsuse.de
- updated git 1.7.5.3:
See git changelog for more details

Mon Mar 28 14:00:00 2011 tiwaiAATTsuse.de
- updated to git 1.7.4.2:
documentation updates, small bug fixes;
see included Documentation/RelNotes/1.7.4.2.txt
- updated to cgit 0.9:
major updates; using git-1.7.4.x

Fri Dec 17 13:00:00 2010 tiwaiAATTsuse.de
- updated to git 1.7.3.3:
In addition to the usual fixes, this release also includes
support for the new \"add.ignoreErrors\" name given to the
existing \"add.ignore-errors\" configuration variable.
- updated to git 1.7.3.4:
Among many fixes since v1.7.3.3, it contains a fix to a recently
discovered XSS vulnerability in Gitweb (CVE 2010-3906)

Thu Sep 30 14:00:00 2010 tiwaiAATTsuse.de
- updated to git 1.7.3:
major version update; new options and behavior for git-rebase,
git-clean, git-checkout, git-gui.
See release note:
http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.7.3.txt
- updated to git 1.7.3.1:
fix git-stash breakages
- Set NO_CROSS_DIRECTORY_HARDLINKS=1 to satisfy BS

Fri Aug 20 14:00:00 2010 anschneiderAATTexsuse.de
- fixed more segfaults in cgit.

Fri Aug 20 14:00:00 2010 anschneiderAATTexsuse.de
- fix cgit segfault when using git > 1.7
- update to version 0.8.3.3
- get debuginfo working, don\'t strip binaries.

Fri Aug 20 14:00:00 2010 tiwaiAATTsuse.de
- updated to git 1.7.2.2

Thu Jul 29 14:00:00 2010 tiwaiAATTsuse.de
- fix missing link with libpthread

Thu Jul 29 14:00:00 2010 tiwaiAATTsuse.de
- updated to git 1.7.2.1: minor fixes for git-instaweb, git-web,
git-config. See release note:
http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.7.2.1.txt

Thu Jul 22 14:00:00 2010 tiwaiAATTsuse.de
- updated to git 1.7.2: mostly bug fixes and small enhancements;
see the release note:
http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.7.2.txt
- gitweb stuff is moved to /usr/share/gitweb

Sun Apr 25 14:00:00 2010 poletti.marcoAATTgmail.com
- Build against version 1.7.0.3 of git instead of 1.6.4.3.

Fri Feb 5 13:00:00 2010 poletti.marcoAATTgmail.com
- Initial release, version 0.8.3.1


  
ICM