diff options
| -rw-r--r-- | 0001-Fix-potential-XSS-vulnerability-in-rename-hint.patch | 39 | ||||
| -rw-r--r-- | cgit.spec | 17 | ||||
| -rw-r--r-- | sources | 4 |
3 files changed, 10 insertions, 50 deletions
diff --git a/0001-Fix-potential-XSS-vulnerability-in-rename-hint.patch b/0001-Fix-potential-XSS-vulnerability-in-rename-hint.patch deleted file mode 100644 index 9344e77..0000000 --- a/0001-Fix-potential-XSS-vulnerability-in-rename-hint.patch +++ /dev/null @@ -1,39 +0,0 @@ -From bebe89d7c11a92bf206bf6e528c51ffa8ecbc0d5 Mon Sep 17 00:00:00 2001 -From: Lukas Fleischer <cgit@cryptocrack.de> -Date: Fri, 22 Jul 2011 13:47:19 +0200 -Subject: [PATCH] Fix potential XSS vulnerability in rename hint - -The file name displayed in the rename hint should be escaped to avoid -XSS. Note that this vulnerability is only applicable when an attacker -has gained push access to the repository. - -Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> -Signed-off-by: Lars Hjemli <hjemli@gmail.com> ---- - ui-diff.c | 10 ++++++---- - 1 files changed, 6 insertions(+), 4 deletions(-) - -diff --git a/ui-diff.c b/ui-diff.c -index d21541b..383a534 100644 ---- a/ui-diff.c -+++ b/ui-diff.c -@@ -97,10 +97,12 @@ static void print_fileinfo(struct fileinfo *info) - htmlf("</td><td class='%s'>", class); - cgit_diff_link(info->new_path, NULL, NULL, ctx.qry.head, ctx.qry.sha1, - ctx.qry.sha2, info->new_path, 0); -- if (info->status == DIFF_STATUS_COPIED || info->status == DIFF_STATUS_RENAMED) -- htmlf(" (%s from %s)", -- info->status == DIFF_STATUS_COPIED ? "copied" : "renamed", -- info->old_path); -+ if (info->status == DIFF_STATUS_COPIED || info->status == DIFF_STATUS_RENAMED) { -+ htmlf(" (%s from ", -+ info->status == DIFF_STATUS_COPIED ? "copied" : "renamed"); -+ html_txt(info->old_path); -+ html(")"); -+ } - html("</td><td class='right'>"); - if (info->binary) { - htmlf("bin</td><td class='graph'>%ld -> %ld bytes", --- -1.7.6.rc1 - @@ -1,6 +1,6 @@ # Review bug: https://bugzilla.redhat.com/479723 -%global gitver 1.8.3 +%global gitver 1.8.5 %global cachedir %{_localstatedir}/cache/%{name} %global filterdir %{_libexecdir}/%{name}/filters %global scriptdir %{_localstatedir}/www/cgi-bin @@ -17,11 +17,12 @@ make V=1 %{?_smp_mflags} \\\ CGIT_SCRIPT_NAME=cgit \\\ CGIT_DATA_PATH=%{cgitdata} \\\ docdir=%{docdir} \\\ - filterdir=%{filterdir} + filterdir=%{filterdir} \\\ + prefix=%{_prefix} Name: cgit -Version: 0.9.2 -Release: 2%{?dist} +Version: 0.10 +Release: 1%{?dist} Summary: A fast web interface for git Group: Development/Tools @@ -31,7 +32,6 @@ Source0: http://git.zx2c4.com/cgit/snapshot/%{name}-%{version}.tar.xz Source1: http://git-core.googlecode.com/files/git-%{gitver}.tar.gz Source2: cgitrc Source3: cgit.httpd -Source4: README.SELinux # On all but RHEL5 highlight is version 3. %if 0%{?fedora} || 0%{?rhel} >= 6 Patch1: cgit-0.9.1-highlightv3.patch @@ -65,10 +65,6 @@ rm -rf git mv git-%{gitver} git sed -i 's/^\(CFLAGS = \).*/\1%{optflags}/' git/Makefile -# add README.SELinux -cp -p %{SOURCE4} . - - %build %{make_cgit} @@ -102,6 +98,9 @@ rm -rf %{buildroot} %changelog +* Wed Feb 19 2014 Kevin Fenzi <kevin@scrye.com> 0.10-1 +- Update to 0.10 + * Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild @@ -1,2 +1,2 @@ -fe11018eff8d79caad112f4fac64b90f cgit-0.9.2.tar.xz -d91b6099fb6763cf92c696977a247060 git-1.8.3.tar.gz +16448b1cfd62fcbe738729edc6279e14 git-1.8.5.tar.gz +19944c17ecea1b1d1944718ce8ce6b61 cgit-0.10.tar.xz |