config: make empty js= omit script tag

According to the cgitrc man page, an empty js= value should cause the
script tag to be omitted. But instead, a script tag with an empty URL
is emitted. The same applies to css. So, skip emitting a tag if the
specified string is empty.

Signed-off-by: Samuel Lidén Borell <samuel@kodafritt.se>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Makefile

@@ -1,6 +1,6 @@
 all::
 
-CGIT_VERSION = v1.2
+CGIT_VERSION = v1.2.3
 CGIT_SCRIPT_NAME = cgit.cgi
 CGIT_SCRIPT_PATH = /var/www/htdocs/cgit
 CGIT_DATA_PATH = $(CGIT_SCRIPT_PATH)
@@ -14,8 +14,8 @@ htmldir = $(docdir)
 pdfdir = $(docdir)
 mandir = $(prefix)/share/man
 SHA1_HEADER = <openssl/sha.h>
-GIT_VER = 2.18.0
-GIT_URL = https://www.kernel.org/pub/software/scm/git/git-$(GIT_VER).tar.gz
+GIT_VER = 2.39.0
+GIT_URL = https://www.kernel.org/pub/software/scm/git/git-$(GIT_VER).tar.xz
 INSTALL = install
 COPYTREE = cp -r
 MAN5_TXT = $(wildcard *.5.txt)
@@ -87,6 +87,7 @@ install: all
 	$(INSTALL) -m 0755 cgit $(DESTDIR)$(CGIT_SCRIPT_PATH)/$(CGIT_SCRIPT_NAME)
 	$(INSTALL) -m 0755 -d $(DESTDIR)$(CGIT_DATA_PATH)
 	$(INSTALL) -m 0644 cgit.css $(DESTDIR)$(CGIT_DATA_PATH)/cgit.css
+	$(INSTALL) -m 0644 cgit.js $(DESTDIR)$(CGIT_DATA_PATH)/cgit.js
 	$(INSTALL) -m 0644 cgit.png $(DESTDIR)$(CGIT_DATA_PATH)/cgit.png
 	$(INSTALL) -m 0644 favicon.ico $(DESTDIR)$(CGIT_DATA_PATH)/favicon.ico
 	$(INSTALL) -m 0644 robots.txt $(DESTDIR)$(CGIT_DATA_PATH)/robots.txt
@@ -157,7 +158,7 @@ clean-doc:
 	$(RM) cgitrc.5 cgitrc.5.html cgitrc.5.pdf cgitrc.5.xml cgitrc.5.fo
 
 get-git:
-	curl -L $(GIT_URL) | tar -xzf - && rm -rf git && mv git-$(GIT_VER) git
+	curl -L $(GIT_URL) | tar -xJf - && rm -rf git && mv git-$(GIT_VER) git
 
 tags:
 	$(QUIET_TAGS)find . -name '*.[ch]' | xargs ctags

cache.c

@@ -85,40 +85,45 @@ static int close_slot(struct cache_slot *slot)
 /* Print the content of the active cache slot (but skip the key). */
 static int print_slot(struct cache_slot *slot)
 {
+	off_t off;
 #ifdef HAVE_LINUX_SENDFILE
-	off_t start_off;
-	int ret;
+	off_t size;
+#endif
+
+	off = slot->keylen + 1;
 
-	start_off = slot->keylen + 1;
+#ifdef HAVE_LINUX_SENDFILE
+	size = slot->cache_st.st_size;
 
 	do {
-		ret = sendfile(STDOUT_FILENO, slot->cache_fd, &start_off,
-				slot->cache_st.st_size - start_off);
+		ssize_t ret;
+		ret = sendfile(STDOUT_FILENO, slot->cache_fd, &off, size - off);
 		if (ret < 0) {
 			if (errno == EAGAIN || errno == EINTR)
 				continue;
+			/* Fall back to read/write on EINVAL or ENOSYS */
+			if (errno == EINVAL || errno == ENOSYS)
+				break;
 			return errno;
 		}
-		return 0;
+		if (off == size)
+			return 0;
 	} while (1);
-#else
-	ssize_t i, j;
+#endif
 
-	i = lseek(slot->cache_fd, slot->keylen + 1, SEEK_SET);
-	if (i != slot->keylen + 1)
+	if (lseek(slot->cache_fd, off, SEEK_SET) != off)
 		return errno;
 
 	do {
-		i = j = xread(slot->cache_fd, slot->buf, sizeof(slot->buf));
-		if (i > 0)
-			j = xwrite(STDOUT_FILENO, slot->buf, i);
-	} while (i > 0 && j == i);
-
-	if (i < 0 || j != i)
-		return errno;
-	else
-		return 0;
-#endif
+		ssize_t ret;
+		ret = xread(slot->cache_fd, slot->buf, sizeof(slot->buf));
+		if (ret < 0)
+			return errno;
+		if (ret == 0)
+			return 0;
+		if (write_in_full(STDOUT_FILENO, slot->buf, ret) < 0)
+			return errno;
+	} while (1);
 }
 
 /* Check if the slot has expired */
@@ -401,12 +406,12 @@ int cache_process(int size, const char *path, const char *key, int ttl,
 static char *sprintftime(const char *format, time_t time)
 {
 	static char buf[64];
-	struct tm *tm;
+	struct tm tm;
 
 	if (!time)
 		return NULL;
-	tm = gmtime(&time);
-	strftime(buf, sizeof(buf)-1, format, tm);
+	gmtime_r(&time, &tm);
+	strftime(buf, sizeof(buf)-1, format, &tm);
 	return buf;
 }
 

cgit.c

@@ -19,6 +19,16 @@
 
 const char *cgit_version = CGIT_VERSION;
 
+__attribute__((constructor))
+static void constructor_environment()
+{
+	/* Do not look in /etc/ for gitconfig and gitattributes. */
+	setenv("GIT_CONFIG_NOSYSTEM", "1", 1);
+	setenv("GIT_ATTR_NOSYSTEM", "1", 1);
+	unsetenv("HOME");
+	unsetenv("XDG_CONFIG_HOME");
+}
+
 static void add_mimetype(const char *name, const char *value)
 {
 	struct string_list_item *item;
@@ -50,6 +60,8 @@ static void repo_config(struct cgit_repo *repo, const char *name, const char *va
 		repo->extra_head_content = xstrdup(value);
 	else if (!strcmp(name, "snapshots"))
 		repo->snapshots = ctx.cfg.snapshots & cgit_parse_snapshots_mask(value);
+	else if (!strcmp(name, "enable-blame"))
+		repo->enable_blame = atoi(value);
 	else if (!strcmp(name, "enable-commit-graph"))
 		repo->enable_commit_graph = atoi(value);
 	else if (!strcmp(name, "enable-log-filecount"))
@@ -130,7 +142,9 @@ static void config_cb(const char *name, const char *value)
 	else if (!strcmp(name, "root-readme"))
 		ctx.cfg.root_readme = xstrdup(value);
 	else if (!strcmp(name, "css"))
-		ctx.cfg.css = xstrdup(value);
+		string_list_append(&ctx.cfg.css, xstrdup(value));
+	else if (!strcmp(name, "js"))
+		string_list_append(&ctx.cfg.js, xstrdup(value));
 	else if (!strcmp(name, "favicon"))
 		ctx.cfg.favicon = xstrdup(value);
 	else if (!strcmp(name, "footer"))
@@ -225,9 +239,11 @@ static void config_cb(const char *name, const char *value)
 		ctx.cfg.max_repodesc_len = atoi(value);
 	else if (!strcmp(name, "max-blob-size"))
 		ctx.cfg.max_blob_size = atoi(value);
-	else if (!strcmp(name, "max-repo-count"))
+	else if (!strcmp(name, "max-repo-count")) {
 		ctx.cfg.max_repo_count = atoi(value);
-	else if (!strcmp(name, "max-commit-count"))
+		if (ctx.cfg.max_repo_count <= 0)
+			ctx.cfg.max_repo_count = INT_MAX;
+	} else if (!strcmp(name, "max-commit-count"))
 		ctx.cfg.max_commit_count = atoi(value);
 	else if (!strcmp(name, "project-list"))
 		ctx.cfg.project_list = xstrdup(expand_macros(value));
@@ -312,11 +328,11 @@ static void querystring_cb(const char *name, const char *value)
 		ctx.qry.head = xstrdup(value);
 		ctx.qry.has_symref = 1;
 	} else if (!strcmp(name, "id")) {
-		ctx.qry.sha1 = xstrdup(value);
-		ctx.qry.has_sha1 = 1;
+		ctx.qry.oid = xstrdup(value);
+		ctx.qry.has_oid = 1;
 	} else if (!strcmp(name, "id2")) {
-		ctx.qry.sha2 = xstrdup(value);
-		ctx.qry.has_sha1 = 1;
+		ctx.qry.oid2 = xstrdup(value);
+		ctx.qry.has_oid = 1;
 	} else if (!strcmp(name, "ofs")) {
 		ctx.qry.ofs = atoi(value);
 	} else if (!strcmp(name, "path")) {
@@ -364,7 +380,6 @@ static void prepare_context(void)
 	ctx.cfg.case_sensitive_sort = 1;
 	ctx.cfg.branch_sort = 0;
 	ctx.cfg.commit_sort = 0;
-	ctx.cfg.css = "/cgit.css";
 	ctx.cfg.logo = "/cgit.png";
 	ctx.cfg.favicon = "/favicon.ico";
 	ctx.cfg.local_time = 0;
@@ -416,7 +431,7 @@ static void prepare_context(void)
 	ctx.page.modified = time(NULL);
 	ctx.page.expires = ctx.page.modified;
 	ctx.page.etag = NULL;
-	string_list_init(&ctx.cfg.mimetypes, 1);
+	string_list_init_dup(&ctx.cfg.mimetypes);
 	if (ctx.env.script_name)
 		ctx.cfg.script_name = xstrdup(ctx.env.script_name);
 	if (ctx.env.query_string)
@@ -495,9 +510,11 @@ static inline void parse_readme(const char *readme, char **filename, char **ref,
 	/* Check if the readme is tracked in the git repo. */
 	colon = strchr(readme, ':');
 	if (colon && strlen(colon) > 1) {
-		/* If it starts with a colon, we want to use
-		 * the default branch */
-		if (colon == readme && repo->defbranch)
+		/* If it starts with a colon, we want to use head given
+		 * from query or the default branch */
+		if (colon == readme && ctx.qry.head)
+			*ref = xstrdup(ctx.qry.head);
+		else if (colon == readme && repo->defbranch)
 			*ref = xstrdup(repo->defbranch);
 		else
 			*ref = xstrndup(readme, colon - readme);
@@ -563,18 +580,13 @@ static void prepare_repo_env(int *nongit)
 	/* The path to the git repository. */
 	setenv("GIT_DIR", ctx.repo->path, 1);
 
-	/* Do not look in /etc/ for gitconfig and gitattributes. */
-	setenv("GIT_CONFIG_NOSYSTEM", "1", 1);
-	setenv("GIT_ATTR_NOSYSTEM", "1", 1);
-	unsetenv("HOME");
-	unsetenv("XDG_CONFIG_HOME");
-
 	/* Setup the git directory and initialize the notes system. Both of these
 	 * load local configuration from the git repository, so we do them both while
 	 * the HOME variables are unset. */
 	setup_git_directory_gently(nongit);
-	init_display_notes(NULL);
+	load_display_notes(NULL);
 }
+
 static int prepare_repo_cmd(int nongit)
 {
 	struct object_id oid;
@@ -645,7 +657,7 @@ static inline void open_auth_filter(const char *function)
 		ctx.env.https ? ctx.env.https : "",
 		ctx.qry.repo ? ctx.qry.repo : "",
 		ctx.qry.page ? ctx.qry.page : "",
-		ctx.qry.url ? ctx.qry.url : "",
+		cgit_currentfullurl(),
 		cgit_loginurl());
 }
 
@@ -659,13 +671,13 @@ static inline void open_auth_filter(const char *function)
 static inline void authenticate_post(void)
 {
 	char buffer[MAX_AUTHENTICATION_POST_BYTES];
-	unsigned int len;
+	ssize_t len;
 
 	open_auth_filter("authenticate-post");
 	len = ctx.env.content_length;
 	if (len > MAX_AUTHENTICATION_POST_BYTES)
 		len = MAX_AUTHENTICATION_POST_BYTES;
-	if (read(STDIN_FILENO, buffer, len) < 0)
+	if ((len = read(STDIN_FILENO, buffer, len)) < 0)
 		die_errno("Could not read POST from stdin");
 	if (write(STDOUT_FILENO, buffer, len) < 0)
 		die_errno("Could not write POST to stdout");
@@ -809,6 +821,8 @@ static void print_repo(FILE *f, struct cgit_repo *repo)
 		fprintf(f, "repo.homepage=%s\n", repo->homepage);
 	if (repo->clone_url)
 		fprintf(f, "repo.clone-url=%s\n", repo->clone_url);
+	fprintf(f, "repo.enable-blame=%d\n",
+	        repo->enable_blame);
 	fprintf(f, "repo.enable-commit-graph=%d\n",
 	        repo->enable_commit_graph);
 	fprintf(f, "repo.enable-log-filecount=%d\n",
@@ -830,6 +844,8 @@ static void print_repo(FILE *f, struct cgit_repo *repo)
 		fprintf(f, "repo.snapshots=%s\n", tmp ? tmp : "");
 		free(tmp);
 	}
+	if (repo->snapshot_prefix)
+		fprintf(f, "repo.snapshot-prefix=%s\n", repo->snapshot_prefix);
 	if (repo->max_stats != ctx.cfg.max_stats)
 		fprintf(f, "repo.max-stats=%s\n",
 		        cgit_find_stats_periodname(repo->max_stats));
@@ -981,9 +997,9 @@ static void cgit_parse_args(int argc, const char **argv)
 		} else if (skip_prefix(argv[i], "--head=", &arg)) {
 			ctx.qry.head = xstrdup(arg);
 			ctx.qry.has_symref = 1;
-		} else if (skip_prefix(argv[i], "--sha1=", &arg)) {
-			ctx.qry.sha1 = xstrdup(arg);
-			ctx.qry.has_sha1 = 1;
+		} else if (skip_prefix(argv[i], "--oid=", &arg)) {
+			ctx.qry.oid = xstrdup(arg);
+			ctx.qry.has_oid = 1;
 		} else if (skip_prefix(argv[i], "--ofs=", &arg)) {
 			ctx.qry.ofs = atoi(arg);
 		} else if (skip_prefix(argv[i], "--scan-tree=", &arg) ||
@@ -1026,7 +1042,7 @@ static int calc_ttl(void)
 	if (!strcmp(ctx.qry.page, "snapshot"))
 		return ctx.cfg.cache_snapshot_ttl;
 
-	if (ctx.qry.has_sha1)
+	if (ctx.qry.has_oid)
 		return ctx.cfg.cache_static_ttl;
 
 	if (ctx.qry.has_symref)

cgit.css

@@ -363,6 +363,10 @@ div#cgit table.blame td.lines > div > pre {
 	top: 0;
 }
 
+div#cgit table.blame .oid {
+	font-size: 100%;
+}
+
 div#cgit table.bin-blob {
 	margin-top: 0.5em;
 	border: solid 1px black;
@@ -561,7 +565,7 @@ div#cgit table.diff td div.del {
 	color: red;
 }
 
-div#cgit .sha1 {
+div#cgit .oid {
 	font-family: monospace;
 	font-size: 90%;
 }

cgit.h

@@ -8,12 +8,13 @@
 #include <cache.h>
 #include <grep.h>
 #include <object.h>
+#include <object-store.h>
 #include <tree.h>
 #include <commit.h>
 #include <tag.h>
 #include <diff.h>
 #include <diffcore.h>
-#include <argv-array.h>
+#include <strvec.h>
 #include <refs.h>
 #include <revision.h>
 #include <log-tree.h>
@@ -24,6 +25,7 @@
 #include <utf8.h>
 #include <notes.h>
 #include <graph.h>
+#include <inttypes.h>
 
 /* Add isgraph(x) to Git's sane ctype support (see git-compat-util.h) */
 #undef isgraph
@@ -93,6 +95,7 @@ struct cgit_repo {
 	char *logo_link;
 	char *snapshot_prefix;
 	int snapshots;
+	int enable_blame;
 	int enable_commit_graph;
 	int enable_log_filecount;
 	int enable_log_linecount;
@@ -162,7 +165,7 @@ struct reflist {
 
 struct cgit_query {
 	int has_symref;
-	int has_sha1;
+	int has_oid;
 	int has_difftype;
 	char *raw;
 	char *repo;
@@ -170,8 +173,8 @@ struct cgit_query {
 	char *search;
 	char *grep;
 	char *head;
-	char *sha1;
-	char *sha2;
+	char *oid;
+	char *oid2;
 	char *path;
 	char *name;
 	char *url;
@@ -193,7 +196,6 @@ struct cgit_config {
 	char *cache_root;
 	char *clone_prefix;
 	char *clone_url;
-	char *css;
 	char *favicon;
 	char *footer;
 	char *head_include;
@@ -204,6 +206,7 @@ struct cgit_config {
 	char *module_link;
 	char *project_list;
 	struct string_list readme;
+	struct string_list css;
 	char *robots;
 	char *root_title;
 	char *root_desc;
@@ -262,6 +265,7 @@ struct cgit_config {
 	int branch_sort;
 	int commit_sort;
 	struct string_list mimetypes;
+	struct string_list js;
 	struct cgit_filter *about_filter;
 	struct cgit_filter *commit_filter;
 	struct cgit_filter *source_filter;

cgit.js

@@ -0,0 +1,68 @@
+/* cgit.js: javacript functions for cgit
+ *
+ * Copyright (C) 2006-2018 cgit Development Team <cgit@lists.zx2c4.com>
+ *
+ * Licensed under GNU General Public License v2
+ *   (see COPYING for full license text)
+ */
+
+(function () {
+
+/* This follows the logic and suffixes used in ui-shared.c */
+
+var age_classes = [ "age-mins", "age-hours", "age-days",    "age-weeks",    "age-months",    "age-years" ];
+var age_suffix =  [ "min.",     "hours",     "days",        "weeks",        "months",        "years",         "years" ];
+var age_next =    [ 60,         3600,        24 * 3600,     7 * 24 * 3600,  30 * 24 * 3600,  365 * 24 * 3600, 365 * 24 * 3600 ];
+var age_limit =   [ 7200,       24 * 7200,   7 * 24 * 7200, 30 * 24 * 7200, 365 * 25 * 7200, 365 * 25 * 7200 ];
+var update_next = [ 10,         5 * 60,      1800,          24 * 3600,      24 * 3600,       24 * 3600,       24 * 3600 ];
+
+function render_age(e, age) {
+	var t, n;
+
+	for (n = 0; n < age_classes.length; n++)
+		if (age < age_limit[n])
+			break;
+
+	t = Math.round(age / age_next[n]) + " " + age_suffix[n];
+
+	if (e.textContent != t) {
+		e.textContent = t;
+		if (n == age_classes.length)
+			n--;
+		if (e.className != age_classes[n])
+			e.className = age_classes[n];
+	}
+}
+
+function aging() {
+	var n, next = 24 * 3600,
+	    now_ut = Math.round((new Date().getTime() / 1000));
+
+	for (n = 0; n < age_classes.length; n++) {
+		var m, elems = document.getElementsByClassName(age_classes[n]);
+
+		if (elems.length && update_next[n] < next)
+			next = update_next[n];
+
+		for (m = 0; m < elems.length; m++) {
+			var age = now_ut - elems[m].getAttribute("data-ut");
+
+			render_age(elems[m], age);
+		}
+	}
+
+	/*
+	 * We only need to come back when the age might have changed.
+	 * Eg, if everything is counted in hours already, once per
+	 * 5 minutes is accurate enough.
+	 */
+
+	window.setTimeout(aging, next * 1000);
+}
+
+document.addEventListener("DOMContentLoaded", function() {
+	/* we can do the aging on DOM content load since no layout dependency */
+	aging();
+}, false);
+
+})();

cgitrc.5.txt

@@ -126,7 +126,8 @@ commit-sort::
 
 css::
 	Url which specifies the css document to include in all cgit pages.
-	Default value: "/cgit.css".
+	Default value: "/cgit.css".  May be given multiple times, each
+	css URL path is added in the head section of the document in turn.
 
 email-filter::
 	Specifies a command which will be invoked to format names and email
@@ -238,6 +239,11 @@ include::
 	Name of a configfile to include before the rest of the current config-
 	file is parsed. Default value: none. See also: "MACRO EXPANSION".
 
+js::
+	Url which specifies the javascript script document to include in all cgit
+	pages.  Default value: "/cgit.js".  Setting this to an empty string will
+	disable generation of the link to this file in the head section.
+
 local-time::
 	Flag which, if set to "1", makes cgit print commit and tag times in the
 	servers timezone. Default value: "0".
@@ -269,7 +275,8 @@ max-message-length::
 
 max-repo-count::
 	Specifies the number of entries to list per page on the	repository
-	index page. Default value: "50".
+	index page. The value "0" shows all repositories without limitation.
+	Default value: "50".
 
 max-repodesc-length::
 	Specifies the maximum number of repo description characters to display
@@ -407,9 +414,12 @@ side-by-side-diffs::
 snapshots::
 	Text which specifies the default set of snapshot formats that cgit
 	generates links for. The value is a space-separated list of zero or
-	more of the values "tar", "tar.gz", "tar.bz2", "tar.xz" and "zip".
-	The special value "all" enables all snapshot formats.
-	Default value: none.
+	more of the values "tar", "tar.gz", "tar.bz2", "tar.lz", "tar.xz",
+	"tar.zst" and "zip". The special value "all" enables all snapshot
+	formats. Default value: none.
+	All compressors use default settings. Some settings can be influenced
+	with environment variables, for example set ZSTD_CLEVEL=10 in web
+	server environment for higher (but slower) zstd compression.
 
 source-filter::
 	Specifies a command which will be invoked to format plaintext blobs
@@ -485,6 +495,10 @@ repo.email-filter::
 	Override the default email-filter. Default value: none. See also:
 	"enable-filter-overrides". See also: "FILTER API".
 
+repo.enable-blame::
+	A flag which can be used to disable the global setting
+	`enable-blame'. Default value: none.
+
 repo.enable-commit-graph::
 	A flag which can be used to disable the global setting
 	`enable-commit-graph'. Default value: none.
@@ -572,11 +586,11 @@ repo.readme::
 	verbatim as the "About" page for this repo. You may also specify a
 	git refspec by head or by hash by prepending the refspec followed by
 	a colon. For example, "master:docs/readme.mkd". If the value begins
-	with a colon, i.e. ":docs/readme.rst", the default branch of the
-	repository will be used. Sharing any file will expose that entire
-	directory tree to the "/about/PATH" endpoints, so be sure that there
-	are no non-public files located in the same directory as the readme
-	file. Default value: <readme>.
+	with a colon, i.e. ":docs/readme.rst", the head giving in query or
+	the default branch of the repository will be used. Sharing any file
+	will expose that entire directory tree to the "/about/PATH" endpoints,
+	so be sure that there are no non-public files located in the same
+	directory as the readme file. Default value: <readme>.
 
 repo.section::
 	Override the current section name for this repository. Default value:

cmd.c

@@ -66,7 +66,7 @@ static void about_fn(void)
 
 static void blame_fn(void)
 {
-	if (ctx.cfg.enable_blame)
+	if (ctx.repo->enable_blame)
 		cgit_print_blame();
 	else
 		cgit_print_error_page(403, "Forbidden", "Blame is disabled");
@@ -74,22 +74,22 @@ static void blame_fn(void)
 
 static void blob_fn(void)
 {
-	cgit_print_blob(ctx.qry.sha1, ctx.qry.path, ctx.qry.head, 0);
+	cgit_print_blob(ctx.qry.oid, ctx.qry.path, ctx.qry.head, 0);
 }
 
 static void commit_fn(void)
 {
-	cgit_print_commit(ctx.qry.sha1, ctx.qry.path);
+	cgit_print_commit(ctx.qry.oid, ctx.qry.path);
 }
 
 static void diff_fn(void)
 {
-	cgit_print_diff(ctx.qry.sha1, ctx.qry.sha2, ctx.qry.path, 1, 0);
+	cgit_print_diff(ctx.qry.oid, ctx.qry.oid2, ctx.qry.path, 1, 0);
 }
 
 static void rawdiff_fn(void)
 {
-	cgit_print_diff(ctx.qry.sha1, ctx.qry.sha2, ctx.qry.path, 1, 1);
+	cgit_print_diff(ctx.qry.oid, ctx.qry.oid2, ctx.qry.path, 1, 1);
 }
 
 static void info_fn(void)
@@ -99,7 +99,7 @@ static void info_fn(void)
 
 static void log_fn(void)
 {
-	cgit_print_log(ctx.qry.sha1, ctx.qry.ofs, ctx.cfg.max_commit_count,
+	cgit_print_log(ctx.qry.oid, ctx.qry.ofs, ctx.cfg.max_commit_count,
 		       ctx.qry.grep, ctx.qry.search, ctx.qry.path, 1,
 		       ctx.repo->enable_commit_graph,
 		       ctx.repo->commit_sort);
@@ -125,7 +125,7 @@ static void repolist_fn(void)
 
 static void patch_fn(void)
 {
-	cgit_print_patch(ctx.qry.sha1, ctx.qry.sha2, ctx.qry.path);
+	cgit_print_patch(ctx.qry.oid, ctx.qry.oid2, ctx.qry.path);
 }
 
 static void plain_fn(void)
@@ -140,7 +140,7 @@ static void refs_fn(void)
 
 static void snapshot_fn(void)
 {
-	cgit_print_snapshot(ctx.qry.head, ctx.qry.sha1, ctx.qry.path,
+	cgit_print_snapshot(ctx.qry.head, ctx.qry.oid, ctx.qry.path,
 			    ctx.qry.nohead);
 }
 
@@ -156,12 +156,12 @@ static void summary_fn(void)
 
 static void tag_fn(void)
 {
-	cgit_print_tag(ctx.qry.sha1);
+	cgit_print_tag(ctx.qry.oid);
 }
 
 static void tree_fn(void)
 {
-	cgit_print_tree(ctx.qry.sha1, ctx.qry.path);
+	cgit_print_tree(ctx.qry.oid, ctx.qry.path);
 }
 
 #define def_cmd(name, want_repo, want_vpath, is_clone) \

filters/commit-links.sh

@@ -19,7 +19,7 @@ regex=''
 
 # This expression generates links to commits referenced by their SHA1.
 regex=$regex'
-s|\b([0-9a-fA-F]{7,40})\b|<a href="./?id=\1">\1</a>|g'
+s|\b([0-9a-fA-F]{7,64})\b|<a href="./?id=\1">\1</a>|g'
 
 # This expression generates links to a fictional bugtracker.
 regex=$regex'

filters/email-gravatar.lua

@@ -3,15 +3,24 @@
 -- prefix in filters. It is much faster than the corresponding python script.
 --
 -- Requirements:
--- 	luacrypto >= 0.3
--- 	<http://mkottman.github.io/luacrypto/>
+-- 	luaossl
+-- 	<http://25thandclement.com/~william/projects/luaossl.html>
 --
 
-local crypto = require("crypto")
+local digest = require("openssl.digest")
+
+function md5_hex(input)
+	local b = digest.new("md5"):final(input)
+	local x = ""
+	for i = 1, #b do
+		x = x .. string.format("%.2x", string.byte(b, i))
+	end
+	return x
+end
 
 function filter_open(email, page)
 	buffer = ""
-	md5 = crypto.digest("md5", email:sub(2, -2):lower())
+	md5 = md5_hex(email:sub(2, -2):lower())
 end
 
 function filter_close()

filters/email-libravatar.lua

@@ -3,15 +3,24 @@
 -- prefix in filters.
 --
 -- Requirements:
--- 	luacrypto >= 0.3
--- 	<http://mkottman.github.io/luacrypto/>
+-- 	luaossl
+-- 	<http://25thandclement.com/~william/projects/luaossl.html>
 --
 
-local crypto = require("crypto")
+local digest = require("openssl.digest")
+
+function md5_hex(input)
+	local b = digest.new("md5"):final(input)
+	local x = ""
+	for i = 1, #b do
+		x = x .. string.format("%.2x", string.byte(b, i))
+	end
+	return x
+end
 
 function filter_open(email, page)
 	buffer = ""
-	md5 = crypto.digest("md5", email:sub(2, -2):lower())
+	md5 = md5_hex(email:sub(2, -2):lower())
 end
 
 function filter_close()

filters/file-authentication.lua

@@ -0,0 +1,359 @@
+-- This script may be used with the auth-filter.
+--
+-- Requirements:
+-- 	luaossl
+-- 	<http://25thandclement.com/~william/projects/luaossl.html>
+-- 	luaposix
+-- 	<https://github.com/luaposix/luaposix>
+--
+local sysstat = require("posix.sys.stat")
+local unistd = require("posix.unistd")
+local rand = require("openssl.rand")
+local hmac = require("openssl.hmac")
+
+-- This file should contain a series of lines in the form of:
+--	username1:hash1
+--	username2:hash2
+--	username3:hash3
+--	...
+-- Hashes can be generated using something like `mkpasswd -m sha-512 -R 300000`.
+-- This file should not be world-readable.
+local users_filename = "/etc/cgit-auth/users"
+
+-- This file should contain a series of lines in the form of:
+-- 	groupname1:username1,username2,username3,...
+--	...
+local groups_filename = "/etc/cgit-auth/groups"
+
+-- This file should contain a series of lines in the form of:
+-- 	reponame1:groupname1,groupname2,groupname3,...
+--	...
+local repos_filename = "/etc/cgit-auth/repos"
+
+-- Set this to a path this script can write to for storing a persistent
+-- cookie secret, which should not be world-readable.
+local secret_filename = "/var/cache/cgit/auth-secret"
+
+--
+--
+-- Authentication functions follow below. Swap these out if you want different authentication semantics.
+--
+--
+
+-- Looks up a hash for a given user.
+function lookup_hash(user)
+	local line
+	for line in io.lines(users_filename) do
+		local u, h = string.match(line, "(.-):(.+)")
+		if u:lower() == user:lower() then
+			return h
+		end
+	end
+	return nil
+end
+
+-- Looks up users for a given repo.
+function lookup_users(repo)
+	local users = nil
+	local groups = nil
+	local line, group, user
+	for line in io.lines(repos_filename) do
+		local r, g = string.match(line, "(.-):(.+)")
+		if r == repo then
+			groups = { }
+			for group in string.gmatch(g, "([^,]+)") do
+				groups[group:lower()] = true
+			end
+			break
+		end
+	end
+	if groups == nil then
+		return nil
+	end
+	for line in io.lines(groups_filename) do
+		local g, u = string.match(line, "(.-):(.+)")
+		if groups[g:lower()] then
+			if users == nil then
+				users = { }
+			end
+			for user in string.gmatch(u, "([^,]+)") do
+				users[user:lower()] = true
+			end
+		end
+	end
+	return users
+end
+
+
+-- Sets HTTP cookie headers based on post and sets up redirection.
+function authenticate_post()
+	local hash = lookup_hash(post["username"])
+	local redirect = validate_value("redirect", post["redirect"])
+
+	if redirect == nil then
+		not_found()
+		return 0
+	end
+
+	redirect_to(redirect)
+
+	if hash == nil or hash ~= unistd.crypt(post["password"], hash) then
+		set_cookie("cgitauth", "")
+	else
+		-- One week expiration time
+		local username = secure_value("username", post["username"], os.time() + 604800)
+		set_cookie("cgitauth", username)
+	end
+
+	html("\n")
+	return 0
+end
+
+
+-- Returns 1 if the cookie is valid and 0 if it is not.
+function authenticate_cookie()
+	accepted_users = lookup_users(cgit["repo"])
+	if accepted_users == nil then
+		-- We return as valid if the repo is not protected.
+		return 1
+	end
+
+	local username = validate_value("username", get_cookie(http["cookie"], "cgitauth"))
+	if username == nil or not accepted_users[username:lower()] then
+		return 0
+	else
+		return 1
+	end
+end
+
+-- Prints the html for the login form.
+function body()
+	html("<h2>Authentication Required</h2>")
+	html("<form method='post' action='")
+	html_attr(cgit["login"])
+	html("'>")
+	html("<input type='hidden' name='redirect' value='")
+	html_attr(secure_value("redirect", cgit["url"], 0))
+	html("' />")
+	html("<table>")
+	html("<tr><td><label for='username'>Username:</label></td><td><input id='username' name='username' autofocus /></td></tr>")
+	html("<tr><td><label for='password'>Password:</label></td><td><input id='password' name='password' type='password' /></td></tr>")
+	html("<tr><td colspan='2'><input value='Login' type='submit' /></td></tr>")
+	html("</table></form>")
+
+	return 0
+end
+
+
+
+--
+--
+-- Wrapper around filter API, exposing the http table, the cgit table, and the post table to the above functions.
+--
+--
+
+local actions = {}
+actions["authenticate-post"] = authenticate_post
+actions["authenticate-cookie"] = authenticate_cookie
+actions["body"] = body
+
+function filter_open(...)
+	action = actions[select(1, ...)]
+
+	http = {}
+	http["cookie"] = select(2, ...)
+	http["method"] = select(3, ...)
+	http["query"] = select(4, ...)
+	http["referer"] = select(5, ...)
+	http["path"] = select(6, ...)
+	http["host"] = select(7, ...)
+	http["https"] = select(8, ...)
+
+	cgit = {}
+	cgit["repo"] = select(9, ...)
+	cgit["page"] = select(10, ...)
+	cgit["url"] = select(11, ...)
+	cgit["login"] = select(12, ...)
+
+end
+
+function filter_close()
+	return action()
+end
+
+function filter_write(str)
+	post = parse_qs(str)
+end
+
+
+--
+--
+-- Utility functions based on keplerproject/wsapi.
+--
+--
+
+function url_decode(str)
+	if not str then
+		return ""
+	end
+	str = string.gsub(str, "+", " ")
+	str = string.gsub(str, "%%(%x%x)", function(h) return string.char(tonumber(h, 16)) end)
+	str = string.gsub(str, "\r\n", "\n")
+	return str
+end
+
+function url_encode(str)
+	if not str then
+		return ""
+	end
+	str = string.gsub(str, "\n", "\r\n")
+	str = string.gsub(str, "([^%w ])", function(c) return string.format("%%%02X", string.byte(c)) end)
+	str = string.gsub(str, " ", "+")
+	return str
+end
+
+function parse_qs(qs)
+	local tab = {}
+	for key, val in string.gmatch(qs, "([^&=]+)=([^&=]*)&?") do
+		tab[url_decode(key)] = url_decode(val)
+	end
+	return tab
+end
+
+function get_cookie(cookies, name)
+	cookies = string.gsub(";" .. cookies .. ";", "%s*;%s*", ";")
+	return url_decode(string.match(cookies, ";" .. name .. "=(.-);"))
+end
+
+function tohex(b)
+	local x = ""
+	for i = 1, #b do
+		x = x .. string.format("%.2x", string.byte(b, i))
+	end
+	return x
+end
+
+--
+--
+-- Cookie construction and validation helpers.
+--
+--
+
+local secret = nil
+
+-- Loads a secret from a file, creates a secret, or returns one from memory.
+function get_secret()
+	if secret ~= nil then
+		return secret
+	end
+	local secret_file = io.open(secret_filename, "r")
+	if secret_file == nil then
+		local old_umask = sysstat.umask(63)
+		local temporary_filename = secret_filename .. ".tmp." .. tohex(rand.bytes(16))
+		local temporary_file = io.open(temporary_filename, "w")
+		if temporary_file == nil then
+			os.exit(177)
+		end
+		temporary_file:write(tohex(rand.bytes(32)))
+		temporary_file:close()
+		unistd.link(temporary_filename, secret_filename) -- Intentionally fails in the case that another process is doing the same.
+		unistd.unlink(temporary_filename)
+		sysstat.umask(old_umask)
+		secret_file = io.open(secret_filename, "r")
+	end
+	if secret_file == nil then
+		os.exit(177)
+	end
+	secret = secret_file:read()
+	secret_file:close()
+	if secret:len() ~= 64 then
+		os.exit(177)
+	end
+	return secret
+end
+
+-- Returns value of cookie if cookie is valid. Otherwise returns nil.
+function validate_value(expected_field, cookie)
+	local i = 0
+	local value = ""
+	local field = ""
+	local expiration = 0
+	local salt = ""
+	local chmac = ""
+
+	if cookie == nil or cookie:len() < 3 or cookie:sub(1, 1) == "|" then
+		return nil
+	end
+
+	for component in string.gmatch(cookie, "[^|]+") do
+		if i == 0 then
+			field = component
+		elseif i == 1 then
+			value = component
+		elseif i == 2 then
+			expiration = tonumber(component)
+			if expiration == nil then
+				expiration = -1
+			end
+		elseif i == 3 then
+			salt = component
+		elseif i == 4 then
+			chmac = component
+		else
+			break
+		end
+		i = i + 1
+	end
+
+	if chmac == nil or chmac:len() == 0 then
+		return nil
+	end
+
+	-- Lua hashes strings, so these comparisons are time invariant.
+	if chmac ~= tohex(hmac.new(get_secret(), "sha256"):final(field .. "|" .. value .. "|" .. tostring(expiration) .. "|" .. salt)) then
+		return nil
+	end
+
+	if expiration == -1 or (expiration ~= 0 and expiration <= os.time()) then
+		return nil
+	end
+
+	if url_decode(field) ~= expected_field then
+		return nil
+	end
+
+	return url_decode(value)
+end
+
+function secure_value(field, value, expiration)
+	if value == nil or value:len() <= 0 then
+		return ""
+	end
+
+	local authstr = ""
+	local salt = tohex(rand.bytes(16))
+	value = url_encode(value)
+	field = url_encode(field)
+	authstr = field .. "|" .. value .. "|" .. tostring(expiration) .. "|" .. salt
+	authstr = authstr .. "|" .. tohex(hmac.new(get_secret(), "sha256"):final(authstr))
+	return authstr
+end
+
+function set_cookie(cookie, value)
+	html("Set-Cookie: " .. cookie .. "=" .. value .. "; HttpOnly")
+	if http["https"] == "yes" or http["https"] == "on" or http["https"] == "1" then
+		html("; secure")
+	end
+	html("\n")
+end
+
+function redirect_to(url)
+	html("Status: 302 Redirect\n")
+	html("Cache-Control: no-cache, no-store\n")
+	html("Location: " .. url .. "\n")
+end
+
+function not_found()
+	html("Status: 404 Not Found\n")
+	html("Cache-Control: no-cache, no-store\n\n")
+end

filters/gentoo-ldap-authentication.lua

@@ -1,12 +1,18 @@
 -- This script may be used with the auth-filter. Be sure to configure it as you wish.
 --
 -- Requirements:
--- 	luacrypto >= 0.3
--- 	<http://mkottman.github.io/luacrypto/>
+-- 	luaossl
+-- 	<http://25thandclement.com/~william/projects/luaossl.html>
 -- 	lualdap >= 1.2
 -- 	<https://git.zx2c4.com/lualdap/about/>
+-- 	luaposix
+-- 	<https://github.com/luaposix/luaposix>
 --
-
+local sysstat = require("posix.sys.stat")
+local unistd = require("posix.unistd")
+local lualdap = require("lualdap")
+local rand = require("openssl.rand")
+local hmac = require("openssl.hmac")
 
 --
 --
@@ -21,11 +27,9 @@ local protected_repos = {
 	portage = "dev"
 }
 
-
--- All cookies will be authenticated based on this secret. Make it something
--- totally random and impossible to guess. It should be large.
-local secret = "BE SURE TO CUSTOMIZE THIS STRING TO SOMETHING BIG AND RANDOM"
-
+-- Set this to a path this script can write to for storing a persistent
+-- cookie secret, which should be guarded.
+local secret_filename = "/var/cache/cgit/auth-secret"
 
 
 --
@@ -102,11 +106,9 @@ end
 --
 --
 
-local lualdap = require("lualdap")
-
 function gentoo_ldap_user_groups(username, password)
 	-- Ensure the user is alphanumeric
-	if username:match("%W") then
+	if username == nil or username:match("%W") then
 		return nil
 	end
 
@@ -224,6 +226,13 @@ function get_cookie(cookies, name)
 	return string.match(cookies, ";" .. name .. "=(.-);")
 end
 
+function tohex(b)
+	local x = ""
+	for i = 1, #b do
+		x = x .. string.format("%.2x", string.byte(b, i))
+	end
+	return x
+end
 
 --
 --
@@ -231,7 +240,38 @@ end
 --
 --
 
-local crypto = require("crypto")
+local secret = nil
+
+-- Loads a secret from a file, creates a secret, or returns one from memory.
+function get_secret()
+	if secret ~= nil then
+		return secret
+	end
+	local secret_file = io.open(secret_filename, "r")
+	if secret_file == nil then
+		local old_umask = sysstat.umask(63)
+		local temporary_filename = secret_filename .. ".tmp." .. tohex(rand.bytes(16))
+		local temporary_file = io.open(temporary_filename, "w")
+		if temporary_file == nil then
+			os.exit(177)
+		end
+		temporary_file:write(tohex(rand.bytes(32)))
+		temporary_file:close()
+		unistd.link(temporary_filename, secret_filename) -- Intentionally fails in the case that another process is doing the same.
+		unistd.unlink(temporary_filename)
+		sysstat.umask(old_umask)
+		secret_file = io.open(secret_filename, "r")
+	end
+	if secret_file == nil then
+		os.exit(177)
+	end
+	secret = secret_file:read()
+	secret_file:close()
+	if secret:len() ~= 64 then
+		os.exit(177)
+	end
+	return secret
+end
 
 -- Returns value of cookie if cookie is valid. Otherwise returns nil.
 function validate_value(expected_field, cookie)
@@ -240,7 +280,7 @@ function validate_value(expected_field, cookie)
 	local field = ""
 	local expiration = 0
 	local salt = ""
-	local hmac = ""
+	local chmac = ""
 
 	if cookie == nil or cookie:len() < 3 or cookie:sub(1, 1) == "|" then
 		return nil
@@ -259,19 +299,19 @@ function validate_value(expected_field, cookie)
 		elseif i == 3 then
 			salt = component
 		elseif i == 4 then
-			hmac = component
+			chmac = component
 		else
 			break
 		end
 		i = i + 1
 	end
 
-	if hmac == nil or hmac:len() == 0 then
+	if chmac == nil or chmac:len() == 0 then
 		return nil
 	end
 
 	-- Lua hashes strings, so these comparisons are time invariant.
-	if hmac ~= crypto.hmac.digest("sha1", field .. "|" .. value .. "|" .. tostring(expiration) .. "|" .. salt, secret) then
+	if chmac ~= tohex(hmac.new(get_secret(), "sha256"):final(field .. "|" .. value .. "|" .. tostring(expiration) .. "|" .. salt)) then
 		return nil
 	end
 
@@ -292,11 +332,11 @@ function secure_value(field, value, expiration)
 	end
 
 	local authstr = ""
-	local salt = crypto.hex(crypto.rand.bytes(16))
+	local salt = tohex(rand.bytes(16))
 	value = url_encode(value)
 	field = url_encode(field)
 	authstr = field .. "|" .. value .. "|" .. tostring(expiration) .. "|" .. salt
-	authstr = authstr .. "|" .. crypto.hmac.digest("sha1", authstr, secret)
+	authstr = authstr .. "|" .. tohex(hmac.new(get_secret(), "sha256"):final(authstr))
 	return authstr
 end
 

filters/html-converters/md2html

@@ -3,6 +3,7 @@ import markdown
 import sys
 import io
 from pygments.formatters import HtmlFormatter
+from markdown.extensions.toc import TocExtension
 sys.stdin = io.TextIOWrapper(sys.stdin.buffer, encoding='utf-8')
 sys.stdout = io.TextIOWrapper(sys.stdout.buffer, encoding='utf-8')
 sys.stdout.write('''
@@ -48,10 +49,14 @@ sys.stdout.write('''
     line-height: 1;
     padding-left: 0;
     margin-left: -22px;
-    top: 15%}
+    top: 15%;
+}
 .markdown-body h1:hover a.anchor .mini-icon-link, .markdown-body h2:hover a.anchor .mini-icon-link, .markdown-body h3:hover a.anchor .mini-icon-link, .markdown-body h4:hover a.anchor .mini-icon-link, .markdown-body h5:hover a.anchor .mini-icon-link, .markdown-body h6:hover a.anchor .mini-icon-link {
     display: inline-block;
 }
+div#cgit .markdown-body h1 a.toclink, div#cgit .markdown-body h2 a.toclink, div#cgit .markdown-body h3 a.toclink, div#cgit .markdown-body h4 a.toclink, div#cgit .markdown-body h5 a.toclink, div#cgit .markdown-body h6 a.toclink {
+    color: black;
+}
 .markdown-body h1 tt, .markdown-body h1 code, .markdown-body h2 tt, .markdown-body h2 code, .markdown-body h3 tt, .markdown-body h3 code, .markdown-body h4 tt, .markdown-body h4 code, .markdown-body h5 tt, .markdown-body h5 code, .markdown-body h6 tt, .markdown-body h6 code {
     font-size: inherit;
 }
@@ -81,11 +86,7 @@ sys.stdout.write('''
     margin: 15px 0;
 }
 .markdown-body hr {
-    background: transparent url("/dirty-shade.png") repeat-x 0 0;
-    border: 0 none;
-    color: #ccc;
-    height: 4px;
-    padding: 0;
+    border: 2px solid #ccc;
 }
 .markdown-body>h2:first-child, .markdown-body>h1:first-child, .markdown-body>h1:first-child+h2, .markdown-body>h3:first-child, .markdown-body>h4:first-child, .markdown-body>h5:first-child, .markdown-body>h6:first-child {
     margin-top: 0;
@@ -290,5 +291,14 @@ sys.stdout.write('''
 sys.stdout.write("<div class='markdown-body'>")
 sys.stdout.flush()
 # Note: you may want to run this through bleach for sanitization
-markdown.markdownFromFile(output_format="html5", extensions=["markdown.extensions.fenced_code", "markdown.extensions.codehilite", "markdown.extensions.tables"], extension_configs={"markdown.extensions.codehilite":{"css_class":"highlight"}})
+markdown.markdownFromFile(
+	output_format="html5",
+	extensions=[
+		"markdown.extensions.fenced_code",
+		"markdown.extensions.codehilite",
+		"markdown.extensions.tables",
+		"markdown.extensions.sane_lists",
+		TocExtension(anchorlink=True)],
+	extension_configs={
+		"markdown.extensions.codehilite":{"css_class":"highlight"}})
 sys.stdout.write("</div>")

filters/simple-authentication.lua

@@ -1,10 +1,15 @@
 -- This script may be used with the auth-filter. Be sure to configure it as you wish.
 --
 -- Requirements:
--- 	luacrypto >= 0.3
--- 	<http://mkottman.github.io/luacrypto/>
+-- 	luaossl
+-- 	<http://25thandclement.com/~william/projects/luaossl.html>
+-- 	luaposix
+-- 	<https://github.com/luaposix/luaposix>
 --
-
+local sysstat = require("posix.sys.stat")
+local unistd = require("posix.unistd")
+local rand = require("openssl.rand")
+local hmac = require("openssl.hmac")
 
 --
 --
@@ -18,24 +23,16 @@ local protected_repos = {
 	qt		= { jason = true, bob = true }
 }
 
--- Please note that, in production, you'll want to replace this simple lookup
--- table with either a table of salted and hashed passwords (using something
--- smart like scrypt), or replace this table lookup with an external support,
--- such as consulting your system's pam / shadow system, or an external
--- database, or an external validating web service. For testing, or for
--- extremely low-security usage, you may be able, however, to get away with
--- compromising on hardcoding the passwords in cleartext, as we have done here.
+-- A list of users and hashes, generated with `mkpasswd -m sha-512 -R 300000`.
 local users = {
-	jason		= "secretpassword",
-	laurent		= "s3cr3t",
-	bob		= "ilikelua"
+	jason		= "$6$rounds=300000$YYJct3n/o.ruYK$HhpSeuCuW1fJkpvMZOZzVizeLsBKcGA/aF2UPuV5v60JyH2MVSG6P511UMTj2F3H75.IT2HIlnvXzNb60FcZH1",
+	laurent		= "$6$rounds=300000$dP0KNHwYb3JKigT$pN/LG7rWxQ4HniFtx5wKyJXBJUKP7R01zTNZ0qSK/aivw8ywGAOdfYiIQFqFhZFtVGvr11/7an.nesvm8iJUi.",
+	bob		= "$6$rounds=300000$jCLCCt6LUpTz$PI1vvd1yaVYcCzqH8QAJFcJ60b6W/6sjcOsU7mAkNo7IE8FRGW1vkjF8I/T5jt/auv5ODLb1L4S2s.CAyZyUC"
 }
 
--- All cookies will be authenticated based on this secret. Make it something
--- totally random and impossible to guess. It should be large.
-local secret = "BE SURE TO CUSTOMIZE THIS STRING TO SOMETHING BIG AND RANDOM"
-
-
+-- Set this to a path this script can write to for storing a persistent
+-- cookie secret, which should be guarded.
+local secret_filename = "/var/cache/cgit/auth-secret"
 
 --
 --
@@ -45,7 +42,7 @@ local secret = "BE SURE TO CUSTOMIZE THIS STRING TO SOMETHING BIG AND RANDOM"
 
 -- Sets HTTP cookie headers based on post and sets up redirection.
 function authenticate_post()
-	local password = users[post["username"]]
+	local hash = users[post["username"]]
 	local redirect = validate_value("redirect", post["redirect"])
 
 	if redirect == nil then
@@ -55,8 +52,7 @@ function authenticate_post()
 
 	redirect_to(redirect)
 
-	-- Lua hashes strings, so these comparisons are time invariant.
-	if password == nil or password ~= post["password"] then
+	if hash == nil or hash ~= unistd.crypt(post["password"], hash) then
 		set_cookie("cgitauth", "")
 	else
 		-- One week expiration time
@@ -184,6 +180,13 @@ function get_cookie(cookies, name)
 	return url_decode(string.match(cookies, ";" .. name .. "=(.-);"))
 end
 
+function tohex(b)
+	local x = ""
+	for i = 1, #b do
+		x = x .. string.format("%.2x", string.byte(b, i))
+	end
+	return x
+end
 
 --
 --
@@ -191,7 +194,38 @@ end
 --
 --
 
-local crypto = require("crypto")
+local secret = nil
+
+-- Loads a secret from a file, creates a secret, or returns one from memory.
+function get_secret()
+	if secret ~= nil then
+		return secret
+	end
+	local secret_file = io.open(secret_filename, "r")
+	if secret_file == nil then
+		local old_umask = sysstat.umask(63)
+		local temporary_filename = secret_filename .. ".tmp." .. tohex(rand.bytes(16))
+		local temporary_file = io.open(temporary_filename, "w")
+		if temporary_file == nil then
+			os.exit(177)
+		end
+		temporary_file:write(tohex(rand.bytes(32)))
+		temporary_file:close()
+		unistd.link(temporary_filename, secret_filename) -- Intentionally fails in the case that another process is doing the same.
+		unistd.unlink(temporary_filename)
+		sysstat.umask(old_umask)
+		secret_file = io.open(secret_filename, "r")
+	end
+	if secret_file == nil then
+		os.exit(177)
+	end
+	secret = secret_file:read()
+	secret_file:close()
+	if secret:len() ~= 64 then
+		os.exit(177)
+	end
+	return secret
+end
 
 -- Returns value of cookie if cookie is valid. Otherwise returns nil.
 function validate_value(expected_field, cookie)
@@ -200,7 +234,7 @@ function validate_value(expected_field, cookie)
 	local field = ""
 	local expiration = 0
 	local salt = ""
-	local hmac = ""
+	local chmac = ""
 
 	if cookie == nil or cookie:len() < 3 or cookie:sub(1, 1) == "|" then
 		return nil
@@ -219,19 +253,19 @@ function validate_value(expected_field, cookie)
 		elseif i == 3 then
 			salt = component
 		elseif i == 4 then
-			hmac = component
+			chmac = component
 		else
 			break
 		end
 		i = i + 1
 	end
 
-	if hmac == nil or hmac:len() == 0 then
+	if chmac == nil or chmac:len() == 0 then
 		return nil
 	end
 
 	-- Lua hashes strings, so these comparisons are time invariant.
-	if hmac ~= crypto.hmac.digest("sha1", field .. "|" .. value .. "|" .. tostring(expiration) .. "|" .. salt, secret) then
+	if chmac ~= tohex(hmac.new(get_secret(), "sha256"):final(field .. "|" .. value .. "|" .. tostring(expiration) .. "|" .. salt)) then
 		return nil
 	end
 
@@ -252,11 +286,11 @@ function secure_value(field, value, expiration)
 	end
 
 	local authstr = ""
-	local salt = crypto.hex(crypto.rand.bytes(16))
+	local salt = tohex(rand.bytes(16))
 	value = url_encode(value)
 	field = url_encode(field)
 	authstr = field .. "|" .. value .. "|" .. tostring(expiration) .. "|" .. salt
-	authstr = authstr .. "|" .. crypto.hmac.digest("sha1", authstr, secret)
+	authstr = authstr .. "|" .. tohex(hmac.new(get_secret(), "sha256"):final(authstr))
 	return authstr
 end
 

git

@@ -1 +1 @@
-Subproject commit 53f9a3e157dbbc901a02ac2c73346d375e24978c
+Subproject commit c48035d29b4e524aed3a32f0403676f0d9128863

html.c

@@ -59,7 +59,7 @@ char *fmt(const char *format, ...)
 	va_start(args, format);
 	len = vsnprintf(buf[bufidx], sizeof(buf[bufidx]), format, args);
 	va_end(args);
-	if (len > sizeof(buf[bufidx])) {
+	if (len >= sizeof(buf[bufidx])) {
 		fprintf(stderr, "[html.c] string truncated: %s\n", format);
 		exit(1);
 	}

parsing.c

@@ -63,8 +63,7 @@ static char *substr(const char *head, const char *tail)
 	if (tail < head)
 		return xstrdup("");
 	buf = xmalloc(tail - head + 1);
-	strncpy(buf, head, tail - head);
-	buf[tail - head] = '\0';
+	strlcpy(buf, head, tail - head + 1);
 	return buf;
 }
 
@@ -78,7 +77,7 @@ static void parse_user(const char *t, char **name, char **email, unsigned long *
 
 		email_len = ident.mail_end - ident.mail_begin;
 		*email = xmalloc(strlen("<") + email_len + strlen(">") + 1);
-		sprintf(*email, "<%.*s>", email_len, ident.mail_begin);
+		xsnprintf(*email, email_len + 3, "<%.*s>", email_len, ident.mail_begin);
 
 		if (ident.date_begin)
 			*date = strtoul(ident.date_begin, NULL, 10);
@@ -128,9 +127,8 @@ static int end_of_header(const char *p)
 
 struct commitinfo *cgit_parse_commit(struct commit *commit)
 {
-	const int sha1hex_len = 40;
 	struct commitinfo *ret;
-	const char *p = get_cached_commit_buffer(commit, NULL);
+	const char *p = repo_get_commit_buffer(the_repository, commit, NULL);
 	const char *t;
 
 	ret = xcalloc(1, sizeof(struct commitinfo));
@@ -141,10 +139,10 @@ struct commitinfo *cgit_parse_commit(struct commit *commit)
 
 	if (!skip_prefix(p, "tree ", &p))
 		die("Bad commit: %s", oid_to_hex(&commit->object.oid));
-	p += sha1hex_len + 1;
+	p += the_hash_algo->hexsz + 1;
 
 	while (skip_prefix(p, "parent ", &p))
-		p += sha1hex_len + 1;
+		p += the_hash_algo->hexsz + 1;
 
 	if (p && skip_prefix(p, "author ", &p)) {
 		parse_user(p, &ret->author, &ret->author_email,

robots.txt

@@ -1,3 +1,4 @@
 User-agent: *
 Disallow: /*/snapshot/*
+Disallow: /*/blame/*
 Allow: /

shared.c

@@ -58,6 +58,7 @@ struct cgit_repo *cgit_add_repo(const char *url)
 	ret->homepage = NULL;
 	ret->section = ctx.cfg.section;
 	ret->snapshots = ctx.cfg.snapshots;
+	ret->enable_blame = ctx.cfg.enable_blame;
 	ret->enable_commit_graph = ctx.cfg.enable_commit_graph;
 	ret->enable_log_filecount = ctx.cfg.enable_log_filecount;
 	ret->enable_log_linecount = ctx.cfg.enable_log_linecount;
@@ -161,7 +162,7 @@ static struct refinfo *cgit_mk_refinfo(const char *refname, const struct object_
 
 	ref = xmalloc(sizeof (struct refinfo));
 	ref->refname = xstrdup(refname);
-	ref->object = parse_object(oid);
+	ref->object = parse_object(the_repository, oid);
 	switch (ref->object->type) {
 	case OBJ_TAG:
 		ref->tag = cgit_parse_tag((struct tag *)ref->object);
@@ -325,7 +326,7 @@ int cgit_diff_files(const struct object_id *old_oid,
 		diff_params.flags |= XDF_IGNORE_WHITESPACE;
 	emit_params.ctxlen = context > 0 ? context : 3;
 	emit_params.flags = XDL_EMIT_FUNCNAMES;
-	emit_cb.outf = filediff_cb;
+	emit_cb.out_line = filediff_cb;
 	emit_cb.priv = fn;
 	xdl_diff(&file1, &file2, &diff_params, &emit_params, &emit_cb);
 	if (file1.size)
@@ -340,9 +341,8 @@ void cgit_diff_tree(const struct object_id *old_oid,
 		    filepair_fn fn, const char *prefix, int ignorews)
 {
 	struct diff_options opt;
-	struct pathspec_item item;
+	struct pathspec_item *item;
 
-	memset(&item, 0, sizeof(item));
 	diff_setup(&opt);
 	opt.output_format = DIFF_FORMAT_CALLBACK;
 	opt.detect_rename = 1;
@@ -353,10 +353,11 @@ void cgit_diff_tree(const struct object_id *old_oid,
 	opt.format_callback = cgit_diff_tree_cb;
 	opt.format_callback_data = fn;
 	if (prefix) {
-		item.match = xstrdup(prefix);
-		item.len = strlen(prefix);
+		item = xcalloc(1, sizeof(*item));
+		item->match = xstrdup(prefix);
+		item->len = strlen(prefix);
 		opt.pathspec.nr = 1;
-		opt.pathspec.items = &item;
+		opt.pathspec.items = item;
 	}
 	diff_setup_done(&opt);
 
@@ -366,8 +367,6 @@ void cgit_diff_tree(const struct object_id *old_oid,
 		diff_root_tree_oid(new_oid, "", &opt);
 	diffcore_std(&opt);
 	diff_flush(&opt);
-
-	free(item.match);
 }
 
 void cgit_diff_commit(struct commit *commit, filepair_fn fn, const char *prefix)

tests/setup.sh

@@ -80,13 +80,17 @@ mkrepo() {
 			git commit -m "commit $n"
 			n=$(expr $n + 1)
 		done
-		if test "$3" = "testplus"
-		then
+		case "$3" in
+		testplus)
 			echo "hello" >a+b
 			git add a+b
 			git commit -m "add a+b"
 			git branch "1+2"
-		fi
+			;;
+		commit-graph)
+			git commit-graph write
+			;;
+		esac
 	)
 }
 
@@ -95,7 +99,7 @@ setup_repos()
 	rm -rf cache
 	mkdir -p cache
 	mkrepo repos/foo 5 >/dev/null
-	mkrepo repos/bar 50 >/dev/null
+	mkrepo repos/bar 50 commit-graph >/dev/null
 	mkrepo repos/foo+bar 10 testplus >/dev/null
 	mkrepo "repos/with space" 2 >/dev/null
 	mkrepo repos/filter 5 testplus >/dev/null
@@ -104,7 +108,7 @@ virtual-root=/
 cache-root=$PWD/cache
 
 cache-size=1021
-snapshots=tar.gz tar.bz zip
+snapshots=tar.gz tar.bz tar.lz tar.xz tar.zst zip
 enable-log-filecount=1
 enable-log-linecount=1
 summary-log=5

tests/t0001-validate-git-versions.sh

@@ -1,5 +1,9 @@
 #!/bin/sh
 
+if [ "${CGIT_TEST_NO_GIT_VERSION}" = "YesPlease" ]; then
+	exit 0
+fi
+
 test_description='Check Git version is correct'
 CGIT_TEST_NO_CREATE_REPOS=YesPlease
 . ./setup.sh
@@ -29,11 +33,11 @@ test_expect_success 'test submodule version matches Makefile' '
 	else
 		(
 			cd ../.. &&
-			sm_sha1=$(git ls-files --stage -- git |
+			sm_oid=$(git ls-files --stage -- git |
 				sed -e "s/^[0-9]* \\([0-9a-f]*\\) [0-9]	.*$/\\1/") &&
 			cd git &&
-			git describe --match "v[0-9]*" $sm_sha1
-		) | sed -e "s/^v//" >sm_version &&
+			git describe --match "v[0-9]*" $sm_oid
+		) | sed -e "s/^v//" -e "s/-/./" >sm_version &&
 		test_cmp sm_version makefile_version
 	fi
 '

tests/t0105-commit.sh

@@ -25,7 +25,7 @@ test_expect_success 'get root commit' '
 '
 
 test_expect_success 'root commit contains diffstat' '
-	grep "<a href=./foo/diff/file-1.id=[0-9a-f]\{40\}.>file-1</a>" tmp
+	grep "<a href=./foo/diff/file-1.id=[0-9a-f]\{40,64\}.>file-1</a>" tmp
 '
 
 test_expect_success 'root commit contains diff' '

tests/t0107-snapshot.sh

@@ -25,7 +25,7 @@ test_expect_success 'verify gzip format' '
 
 test_expect_success 'untar' '
 	rm -rf master &&
-	tar -xzf master.tar.gz
+	gzip -dc master.tar.gz | tar -xf -
 '
 
 test_expect_success 'count files' '
@@ -38,6 +38,129 @@ test_expect_success 'verify untarred file-5' '
 	test_line_count = 1 master/file-5
 '
 
+if test -n "$(which lzip 2>/dev/null)"; then
+	test_set_prereq LZIP
+else
+	say 'Skipping LZIP validation tests: lzip not found'
+fi
+
+test_expect_success LZIP 'get foo/snapshot/master.tar.lz' '
+	cgit_url "foo/snapshot/master.tar.lz" >tmp
+'
+
+test_expect_success LZIP 'check html headers' '
+	head -n 1 tmp |
+	grep "Content-Type: application/x-lzip" &&
+
+	head -n 2 tmp |
+	grep "Content-Disposition: inline; filename=.master.tar.lz."
+'
+
+test_expect_success LZIP 'strip off the header lines' '
+	strip_headers <tmp >master.tar.lz
+'
+
+test_expect_success LZIP 'verify lzip format' '
+	lzip --test master.tar.lz
+'
+
+test_expect_success LZIP 'untar' '
+	rm -rf master &&
+	lzip -dc master.tar.lz | tar -xf -
+'
+
+test_expect_success LZIP 'count files' '
+	ls master/ >output &&
+	test_line_count = 5 output
+'
+
+test_expect_success LZIP 'verify untarred file-5' '
+	grep "^5$" master/file-5 &&
+	test_line_count = 1 master/file-5
+'
+
+if test -n "$(which xz 2>/dev/null)"; then
+	test_set_prereq XZ
+else
+	say 'Skipping XZ validation tests: xz not found'
+fi
+
+test_expect_success XZ 'get foo/snapshot/master.tar.xz' '
+	cgit_url "foo/snapshot/master.tar.xz" >tmp
+'
+
+test_expect_success XZ 'check html headers' '
+	head -n 1 tmp |
+	grep "Content-Type: application/x-xz" &&
+
+	head -n 2 tmp |
+	grep "Content-Disposition: inline; filename=.master.tar.xz."
+'
+
+test_expect_success XZ 'strip off the header lines' '
+	strip_headers <tmp >master.tar.xz
+'
+
+test_expect_success XZ 'verify xz format' '
+	xz --test master.tar.xz
+'
+
+test_expect_success XZ 'untar' '
+	rm -rf master &&
+	xz -dc master.tar.xz | tar -xf -
+'
+
+test_expect_success XZ 'count files' '
+	ls master/ >output &&
+	test_line_count = 5 output
+'
+
+test_expect_success XZ 'verify untarred file-5' '
+	grep "^5$" master/file-5 &&
+	test_line_count = 1 master/file-5
+'
+
+if test -n "$(which zstd 2>/dev/null)"; then
+	test_set_prereq ZSTD
+else
+	say 'Skipping ZSTD validation tests: zstd not found'
+fi
+
+test_expect_success ZSTD 'get foo/snapshot/master.tar.zst' '
+	cgit_url "foo/snapshot/master.tar.zst" >tmp
+'
+
+test_expect_success ZSTD 'check html headers' '
+	head -n 1 tmp |
+	grep "Content-Type: application/x-zstd" &&
+
+	head -n 2 tmp |
+	grep "Content-Disposition: inline; filename=.master.tar.zst."
+'
+
+test_expect_success ZSTD 'strip off the header lines' '
+	strip_headers <tmp >master.tar.zst
+'
+
+test_expect_success ZSTD 'verify zstd format' '
+	zstd --test master.tar.zst
+'
+
+test_expect_success ZSTD 'untar' '
+	rm -rf master &&
+	zstd -dc master.tar.zst | tar -xf -
+'
+
+test_expect_success ZSTD 'count files' '
+	ls master/ >output &&
+	test_line_count = 5 output
+'
+
+test_expect_success ZSTD 'verify untarred file-5' '
+	grep "^5$" master/file-5 &&
+	test_line_count = 1 master/file-5
+'
+
 test_expect_success 'get foo/snapshot/master.zip' '
 	cgit_url "foo/snapshot/master.zip" >tmp
 '

tests/t0109-gitconfig.sh

@@ -9,6 +9,12 @@ test -n "$(which strace 2>/dev/null)" || {
 	exit
 }
 
+strace true 2>/dev/null || {
+	skip_all='Skipping access validation tests: strace not functional'
+	test_done
+	exit
+}
+
 test_no_home_access () {
 	non_existent_path="/path/to/some/place/that/does/not/possibly/exist"
 	while test -d "$non_existent_path"; do
@@ -19,7 +25,7 @@ test_no_home_access () {
 		-E CGIT_CONFIG="$PWD/cgitrc" \
 		-E QUERY_STRING="url=$1" \
 		-e access -f -o strace.out cgit &&
-	test_must_fail grep "$non_existent_path" strace.out
+	! grep "$non_existent_path" strace.out
 }
 
 test_no_home_access_success() {

ui-atom.c

@@ -67,29 +67,25 @@ static void add_entry(struct commit *commit, const char *host)
 		html("'/>\n");
 		free(pageurl);
 	}
-	htmlf("<id>%s</id>\n", hex);
+	html("<id>");
+	html_txtf("urn:%s:%s", the_hash_algo->name, hex);
+	html("</id>\n");
 	html("<content type='text'>\n");
 	html_txt(info->msg);
 	html("</content>\n");
-	html("<content type='xhtml'>\n");
-	html("<div xmlns='http://www.w3.org/1999/xhtml'>\n");
-	html("<pre>\n");
-	html_txt(info->msg);
-	html("</pre>\n");
-	html("</div>\n");
-	html("</content>\n");
 	html("</entry>\n");
 	cgit_free_commitinfo(info);
 }
 
 
-void cgit_print_atom(char *tip, char *path, int max_count)
+void cgit_print_atom(char *tip, const char *path, int max_count)
 {
 	char *host;
 	const char *argv[] = {NULL, tip, NULL, NULL, NULL};
 	struct commit *commit;
 	struct rev_info rev;
 	int argc = 2;
+	bool first = true;
 
 	if (ctx.qry.show_all)
 		argv[1] = "--all";
@@ -130,18 +126,30 @@ void cgit_print_atom(char *tip, char *path, int max_count)
 	html_txt(ctx.repo->desc);
 	html("</subtitle>\n");
 	if (host) {
+		char *fullurl = cgit_currentfullurl();
 		char *repourl = cgit_repourl(ctx.repo->url);
+		html("<id>");
+		html_txtf("%s%s%s", cgit_httpscheme(), host, fullurl);
+		html("</id>\n");
+		html("<link rel='self' href='");
+		html_attrf("%s%s%s", cgit_httpscheme(), host, fullurl);
+		html("'/>\n");
 		html("<link rel='alternate' type='text/html' href='");
-		html(cgit_httpscheme());
-		html_attr(host);
-		html_attr(repourl);
+		html_attrf("%s%s%s", cgit_httpscheme(), host, repourl);
 		html("'/>\n");
+		free(fullurl);
 		free(repourl);
 	}
 	while ((commit = get_revision(&rev)) != NULL) {
+		if (first) {
+			html("<updated>");
+			html_txt(show_date(commit->date, 0,
+				date_mode_from_type(DATE_ISO8601_STRICT)));
+			html("</updated>\n");
+			first = false;
+		}
 		add_entry(commit, host);
-		free_commit_buffer(commit);
-		free_commit_list(commit->parents);
+		release_commit_memory(the_repository->parsed_objects, commit);
 		commit->parents = NULL;
 	}
 	html("</feed>\n");

ui-atom.h

@@ -1,6 +1,6 @@
 #ifndef UI_ATOM_H
 #define UI_ATOM_H
 
-extern void cgit_print_atom(char *tip, char *path, int max_count);
+extern void cgit_print_atom(char *tip, const char *path, int max_count);
 
 #endif

ui-blame.c

@@ -10,7 +10,7 @@
 #include "ui-blame.h"
 #include "html.h"
 #include "ui-shared.h"
-#include "argv-array.h"
+#include "strvec.h"
 #include "blame.h"
 
 
@@ -48,12 +48,21 @@ static void emit_blame_entry_hash(struct blame_entry *ent)
 	unsigned long line = 0;
 
 	char *detail = emit_suspect_detail(suspect);
-	html("<span class='sha1'>");
+	html("<span class='oid'>");
 	cgit_commit_link(find_unique_abbrev(oid, DEFAULT_ABBREV), detail,
 			 NULL, ctx.qry.head, oid_to_hex(oid), suspect->path);
 	html("</span>");
 	free(detail);
 
+	if (!parse_commit(suspect->commit) && suspect->commit->parents) {
+		struct commit *parent = suspect->commit->parents->item;
+
+		html(" ");
+		cgit_blame_link("^", "Blame the previous revision", NULL,
+				ctx.qry.head, oid_to_hex(&parent->object.oid),
+				suspect->path);
+	}
+
 	while (line++ < ent->num_lines)
 		html("\n");
 }
@@ -104,7 +113,7 @@ static void print_object(const struct object_id *oid, const char *path,
 	enum object_type type;
 	char *buf;
 	unsigned long size;
-	struct argv_array rev_argv = ARGV_ARRAY_INIT;
+	struct strvec rev_argv = STRVEC_INIT;
 	struct rev_info revs;
 	struct blame_scoreboard sb;
 	struct blame_origin *o;
@@ -124,14 +133,16 @@ static void print_object(const struct object_id *oid, const char *path,
 		return;
 	}
 
-	argv_array_push(&rev_argv, "blame");
-	argv_array_push(&rev_argv, rev);
+	strvec_push(&rev_argv, "blame");
+	strvec_push(&rev_argv, rev);
 	init_revisions(&revs, NULL);
 	revs.diffopt.flags.allow_textconv = 1;
-	setup_revisions(rev_argv.argc, rev_argv.argv, &revs, NULL);
+	setup_revisions(rev_argv.nr, rev_argv.v, &revs, NULL);
 	init_scoreboard(&sb);
 	sb.revs = &revs;
-	setup_scoreboard(&sb, path, &o);
+	sb.repo = the_repository;
+	sb.path = path;
+	setup_scoreboard(&sb, &o);
 	o->suspects = blame_entry_prepend(NULL, 0, sb.num_lines, o);
 	prio_queue_put(&sb.commits, o->commit);
 	blame_origin_decref(o);
@@ -150,6 +161,10 @@ static void print_object(const struct object_id *oid, const char *path,
 	cgit_tree_link("tree", NULL, NULL, ctx.qry.head, rev, path);
 	html(")\n");
 
+	if (buffer_is_binary(buf, size)) {
+		html("<div class='error'>blob is binary.</div>");
+		goto cleanup;
+	}
 	if (ctx.cfg.max_blob_size && size / 1024 > ctx.cfg.max_blob_size) {
 		htmlf("<div class='error'>blob size (%ldKB)"
 		      " exceeds display size limit (%dKB).</div>",
@@ -219,8 +234,7 @@ cleanup:
 }
 
 static int walk_tree(const struct object_id *oid, struct strbuf *base,
-		     const char *pathname, unsigned mode, int stage,
-		     void *cbdata)
+		     const char *pathname, unsigned mode, void *cbdata)
 {
 	struct walk_tree_context *walk_tree_ctx = cbdata;
 
@@ -255,7 +269,7 @@ static int basedir_len(const char *path)
 
 void cgit_print_blame(void)
 {
-	const char *rev = ctx.qry.sha1;
+	const char *rev = ctx.qry.oid;
 	struct object_id oid;
 	struct commit *commit;
 	struct pathspec_item path_items = {
@@ -278,7 +292,7 @@ void cgit_print_blame(void)
 			"Invalid revision name: %s", rev);
 		return;
 	}
-	commit = lookup_commit_reference(&oid);
+	commit = lookup_commit_reference(the_repository, &oid);
 	if (!commit || parse_commit(commit)) {
 		cgit_print_error_page(404, "Not found",
 			"Invalid commit reference: %s", rev);
@@ -289,8 +303,8 @@ void cgit_print_blame(void)
 	walk_tree_ctx.match_baselen = (path_items.match) ?
 				       basedir_len(path_items.match) : -1;
 
-	read_tree_recursive(commit->maybe_tree, "", 0, 0, &paths, walk_tree,
-		&walk_tree_ctx);
+	read_tree(the_repository, repo_get_commit_tree(the_repository, commit),
+		  &paths, walk_tree, &walk_tree_ctx);
 	if (!walk_tree_ctx.state)
 		cgit_print_error_page(404, "Not found", "Not found");
 	else if (walk_tree_ctx.state == 2)

ui-blob.c

@@ -19,7 +19,7 @@ struct walk_tree_context {
 };
 
 static int walk_tree(const struct object_id *oid, struct strbuf *base,
-		const char *pathname, unsigned mode, int stage, void *cbdata)
+		const char *pathname, unsigned mode, void *cbdata)
 {
 	struct walk_tree_context *walk_tree_ctx = cbdata;
 
@@ -56,7 +56,9 @@ int cgit_ref_path_exists(const char *path, const char *ref, int file_only)
 		goto done;
 	if (oid_object_info(the_repository, &oid, &size) != OBJ_COMMIT)
 		goto done;
-	read_tree_recursive(lookup_commit_reference(&oid)->maybe_tree, "", 0, 0, &paths, walk_tree, &walk_tree_ctx);
+	read_tree(the_repository,
+		  repo_get_commit_tree(the_repository, lookup_commit_reference(the_repository, &oid)),
+		  &paths, walk_tree, &walk_tree_ctx);
 
 done:
 	free(path_items.match);
@@ -89,8 +91,9 @@ int cgit_print_file(char *path, const char *head, int file_only)
 		return -1;
 	type = oid_object_info(the_repository, &oid, &size);
 	if (type == OBJ_COMMIT) {
-		commit = lookup_commit_reference(&oid);
-		read_tree_recursive(commit->maybe_tree, "", 0, 0, &paths, walk_tree, &walk_tree_ctx);
+		commit = lookup_commit_reference(the_repository, &oid);
+		read_tree(the_repository, repo_get_commit_tree(the_repository, commit),
+			  &paths, walk_tree, &walk_tree_ctx);
 		if (!walk_tree_ctx.found_path)
 			return -1;
 		type = oid_object_info(the_repository, &oid, &size);
@@ -145,8 +148,9 @@ void cgit_print_blob(const char *hex, char *path, const char *head, int file_onl
 	type = oid_object_info(the_repository, &oid, &size);
 
 	if ((!hex) && type == OBJ_COMMIT && path) {
-		commit = lookup_commit_reference(&oid);
-		read_tree_recursive(commit->maybe_tree, "", 0, 0, &paths, walk_tree, &walk_tree_ctx);
+		commit = lookup_commit_reference(the_repository, &oid);
+		read_tree(the_repository, repo_get_commit_tree(the_repository, commit),
+			  &paths, walk_tree, &walk_tree_ctx);
 		type = oid_object_info(the_repository, &oid, &size);
 	}
 

ui-clone.c

@@ -19,12 +19,12 @@ static int print_ref_info(const char *refname, const struct object_id *oid,
 {
 	struct object *obj;
 
-	if (!(obj = parse_object(oid)))
+	if (!(obj = parse_object(the_repository, oid)))
 		return 0;
 
 	htmlf("%s\t%s\n", oid_to_hex(oid), refname);
 	if (obj->type == OBJ_TAG) {
-		if (!(obj = deref_tag(obj, refname, 0)))
+		if (!(obj = deref_tag(the_repository, obj, refname, 0)))
 			return 0;
 		htmlf("%s\t%s^{}\n", oid_to_hex(&obj->oid), refname);
 	}
@@ -92,17 +92,32 @@ void cgit_clone_info(void)
 
 void cgit_clone_objects(void)
 {
-	if (!ctx.qry.path) {
-		cgit_print_error_page(400, "Bad request", "Bad request");
-		return;
-	}
+	char *p;
+
+	if (!ctx.qry.path)
+		goto err;
 
 	if (!strcmp(ctx.qry.path, "info/packs")) {
 		print_pack_info();
 		return;
 	}
 
+	/* Avoid directory traversal by forbidding "..", but also work around
+	 * other funny business by just specifying a fairly strict format. For
+	 * example, now we don't have to stress out about the Cygwin port.
+	 */
+	for (p = ctx.qry.path; *p; ++p) {
+		if (*p == '.' && *(p + 1) == '.')
+			goto err;
+		if (!isalnum(*p) && *p != '/' && *p != '.' && *p != '-')
+			goto err;
+	}
+
 	send_file(git_path("objects/%s", ctx.qry.path));
+	return;
+
+err:
+	cgit_print_error_page(400, "Bad request", "Bad request");
 }
 
 void cgit_clone_head(void)

ui-commit.c

@@ -31,7 +31,7 @@ void cgit_print_commit(char *hex, const char *prefix)
 				"Bad object id: %s", hex);
 		return;
 	}
-	commit = lookup_commit_reference(&oid);
+	commit = lookup_commit_reference(the_repository, &oid);
 	if (!commit) {
 		cgit_print_error_page(404, "Not found",
 				"Bad commit reference: %s", hex);
@@ -39,10 +39,11 @@ void cgit_print_commit(char *hex, const char *prefix)
 	}
 	info = cgit_parse_commit(commit);
 
-	format_display_notes(&oid, &notes, PAGE_ENCODING, 0);
+	format_display_notes(&oid, &notes, PAGE_ENCODING, 1);
 
 	load_ref_decorations(NULL, DECORATE_FULL_REFS);
 
+	ctx.page.title = fmtalloc("%s - %s", info->subject, ctx.page.title);
 	cgit_print_layout_start();
 	cgit_print_diff_ctrls();
 	html("<table summary='commit info' class='commit-info'>\n");
@@ -70,15 +71,15 @@ void cgit_print_commit(char *hex, const char *prefix)
 	html_txt(show_date(info->committer_date, info->committer_tz,
 				cgit_date_mode(DATE_ISO8601)));
 	html("</td></tr>\n");
-	html("<tr><th>commit</th><td colspan='2' class='sha1'>");
+	html("<tr><th>commit</th><td colspan='2' class='oid'>");
 	tmp = oid_to_hex(&commit->object.oid);
 	cgit_commit_link(tmp, NULL, NULL, ctx.qry.head, tmp, prefix);
 	html(" (");
 	cgit_patch_link("patch", NULL, NULL, NULL, tmp, prefix);
 	html(")</td></tr>\n");
-	html("<tr><th>tree</th><td colspan='2' class='sha1'>");
+	html("<tr><th>tree</th><td colspan='2' class='oid'>");
 	tmp = xstrdup(hex);
-	cgit_tree_link(oid_to_hex(&commit->maybe_tree->object.oid), NULL, NULL,
+	cgit_tree_link(oid_to_hex(get_commit_tree_oid(commit)), NULL, NULL,
 		       ctx.qry.head, tmp, NULL);
 	if (prefix) {
 		html(" /");
@@ -87,7 +88,7 @@ void cgit_print_commit(char *hex, const char *prefix)
 	free(tmp);
 	html("</td></tr>\n");
 	for (p = commit->parents; p; p = p->next) {
-		parent = lookup_commit_reference(&p->item->object.oid);
+		parent = lookup_commit_reference(the_repository, &p->item->object.oid);
 		if (!parent) {
 			html("<tr><td colspan='3'>");
 			cgit_print_error("Error reading parent commit");
@@ -95,7 +96,7 @@ void cgit_print_commit(char *hex, const char *prefix)
 			continue;
 		}
 		html("<tr><th>parent</th>"
-		     "<td colspan='2' class='sha1'>");
+		     "<td colspan='2' class='oid'>");
 		tmp = tmp2 = oid_to_hex(&p->item->object.oid);
 		if (ctx.repo->enable_subject_links) {
 			parent_info = cgit_parse_commit(parent);
@@ -109,7 +110,7 @@ void cgit_print_commit(char *hex, const char *prefix)
 		parents++;
 	}
 	if (ctx.repo->snapshots) {
-		html("<tr><th>download</th><td colspan='2' class='sha1'>");
+		html("<tr><th>download</th><td colspan='2' class='oid'>");
 		cgit_print_snapshot_links(ctx.repo, hex, "<br/>");
 		html("</td></tr>");
 	}
@@ -139,7 +140,7 @@ void cgit_print_commit(char *hex, const char *prefix)
 			tmp = oid_to_hex(&commit->parents->item->object.oid);
 		else
 			tmp = NULL;
-		cgit_print_diff(ctx.qry.sha1, tmp, prefix, 0, 0);
+		cgit_print_diff(ctx.qry.oid, tmp, prefix, 0, 0);
 	}
 	strbuf_release(&notes);
 	cgit_free_commitinfo(info);

ui-diff.c

@@ -82,7 +82,7 @@ static void print_fileinfo(struct fileinfo *info)
 	}
 
 	html("<tr>");
-	htmlf("<td class='mode'>");
+	html("<td class='mode'>");
 	if (is_null_oid(info->new_oid)) {
 		cgit_print_filemode(info->old_mode);
 	} else {
@@ -97,8 +97,8 @@ static void print_fileinfo(struct fileinfo *info)
 		html("]</span>");
 	}
 	htmlf("</td><td class='%s'>", class);
-	cgit_diff_link(info->new_path, NULL, NULL, ctx.qry.head, ctx.qry.sha1,
-		       ctx.qry.sha2, info->new_path);
+	cgit_diff_link(info->new_path, NULL, NULL, ctx.qry.head, ctx.qry.oid,
+		       ctx.qry.oid2, info->new_path);
 	if (info->status == DIFF_STATUS_COPIED || info->status == DIFF_STATUS_RENAMED) {
 		htmlf(" (%s from ",
 		      info->status == DIFF_STATUS_COPIED ? "copied" : "renamed");
@@ -194,8 +194,8 @@ static void cgit_print_diffstat(const struct object_id *old_oid,
 	int i;
 
 	html("<div class='diffstat-header'>");
-	cgit_diff_link("Diffstat", NULL, NULL, ctx.qry.head, ctx.qry.sha1,
-		       ctx.qry.sha2, NULL);
+	cgit_diff_link("Diffstat", NULL, NULL, ctx.qry.head, ctx.qry.oid,
+		       ctx.qry.oid2, NULL);
 	if (prefix) {
 		html(" (limited to '");
 		html_txt(prefix);
@@ -407,13 +407,13 @@ void cgit_print_diff(const char *new_rev, const char *old_rev,
 			"Bad object name: %s", new_rev);
 		return;
 	}
-	commit = lookup_commit_reference(new_rev_oid);
+	commit = lookup_commit_reference(the_repository, new_rev_oid);
 	if (!commit || parse_commit(commit)) {
 		cgit_print_error_page(404, "Not found",
 			"Bad commit: %s", oid_to_hex(new_rev_oid));
 		return;
 	}
-	new_tree_oid = &commit->maybe_tree->object.oid;
+	new_tree_oid = get_commit_tree_oid(commit);
 
 	if (old_rev) {
 		if (get_oid(old_rev, old_rev_oid)) {
@@ -428,13 +428,13 @@ void cgit_print_diff(const char *new_rev, const char *old_rev,
 	}
 
 	if (!is_null_oid(old_rev_oid)) {
-		commit2 = lookup_commit_reference(old_rev_oid);
+		commit2 = lookup_commit_reference(the_repository, old_rev_oid);
 		if (!commit2 || parse_commit(commit2)) {
 			cgit_print_error_page(404, "Not found",
 				"Bad commit: %s", oid_to_hex(old_rev_oid));
 			return;
 		}
-		old_tree_oid = &commit2->maybe_tree->object.oid;
+		old_tree_oid = get_commit_tree_oid(commit2);
 	} else {
 		old_tree_oid = NULL;
 	}

ui-log.c

@@ -10,7 +10,7 @@
 #include "ui-log.h"
 #include "html.h"
 #include "ui-shared.h"
-#include "argv-array.h"
+#include "strvec.h"
 
 static int files, add_lines, rem_lines, lines_counted;
 
@@ -65,9 +65,10 @@ void show_commit_decorations(struct commit *commit)
 		return;
 	html("<span class='decoration'>");
 	while (deco) {
-		struct object_id peeled;
+		struct object_id oid_tag, peeled;
 		int is_annotated = 0;
-		strncpy(buf, prettify_refname(deco->name), sizeof(buf) - 1);
+
+		strlcpy(buf, prettify_refname(deco->name), sizeof(buf));
 		switch(deco->type) {
 		case DECORATION_NONE:
 			/* If the git-core doesn't recognize it,
@@ -79,8 +80,8 @@ void show_commit_decorations(struct commit *commit)
 				ctx.qry.showmsg, 0);
 			break;
 		case DECORATION_REF_TAG:
-			if (!peel_ref(deco->name, &peeled))
-				is_annotated = !oidcmp(&commit->object.oid, &peeled);
+			if (!read_ref(deco->name, &oid_tag) && !peel_iterated_oid(&oid_tag, &peeled))
+				is_annotated = !oideq(&oid_tag, &peeled);
 			cgit_tag_link(buf, NULL, is_annotated ? "tag-annotated-deco" : "tag-deco", buf);
 			break;
 		case DECORATION_REF_REMOTE:
@@ -153,12 +154,12 @@ static int show_commit(struct commit *commit, struct rev_info *revs)
 	rem_lines = 0;
 
 	revs->diffopt.flags.recursive = 1;
-	diff_tree_oid(&parent->maybe_tree->object.oid,
-		      &commit->maybe_tree->object.oid,
+	diff_tree_oid(get_commit_tree_oid(parent),
+		      get_commit_tree_oid(commit),
 		      "", &revs->diffopt);
 	diffcore_std(&revs->diffopt);
 
-	found = !diff_queue_is_empty();
+	found = !diff_queue_is_empty(&revs->diffopt);
 	saved_fmt = revs->diffopt.output_format;
 	revs->diffopt.output_format = DIFF_FORMAT_CALLBACK;
 	revs->diffopt.format_callback = cgit_diff_tree_cb;
@@ -234,7 +235,7 @@ static void print_commit(struct commit *commit, struct rev_info *revs)
 			strbuf_add(&msgbuf, "\n\n", 2);
 
 			/* Place wrap_symbol at position i in info->subject */
-			strcpy(info->subject + i, wrap_symbol);
+			strlcpy(info->subject + i, wrap_symbol, subject_len - i + 1);
 		}
 	}
 	cgit_commit_link(info->subject, NULL, NULL, ctx.qry.head,
@@ -362,27 +363,27 @@ static char *next_token(char **src)
 }
 
 void cgit_print_log(const char *tip, int ofs, int cnt, char *grep, char *pattern,
-		    char *path, int pager, int commit_graph, int commit_sort)
+		    const char *path, int pager, int commit_graph, int commit_sort)
 {
 	struct rev_info rev;
 	struct commit *commit;
-	struct argv_array rev_argv = ARGV_ARRAY_INIT;
+	struct strvec rev_argv = STRVEC_INIT;
 	int i, columns = commit_graph ? 4 : 3;
 	int must_free_tip = 0;
 
 	/* rev_argv.argv[0] will be ignored by setup_revisions */
-	argv_array_push(&rev_argv, "log_rev_setup");
+	strvec_push(&rev_argv, "log_rev_setup");
 
 	if (!tip)
 		tip = ctx.qry.head;
 	tip = disambiguate_ref(tip, &must_free_tip);
-	argv_array_push(&rev_argv, tip);
+	strvec_push(&rev_argv, tip);
 
 	if (grep && pattern && *pattern) {
 		pattern = xstrdup(pattern);
 		if (!strcmp(grep, "grep") || !strcmp(grep, "author") ||
 		    !strcmp(grep, "committer")) {
-			argv_array_pushf(&rev_argv, "--%s=%s", grep, pattern);
+			strvec_pushf(&rev_argv, "--%s=%s", grep, pattern);
 		} else if (!strcmp(grep, "range")) {
 			char *arg;
 			/* Split the pattern at whitespace and add each token
@@ -390,14 +391,14 @@ void cgit_print_log(const char *tip, int ofs, int cnt, char *grep, char *pattern
 			 * rev-list options. Also, replace the previously
 			 * pushed tip (it's no longer relevant).
 			 */
-			argv_array_pop(&rev_argv);
+			strvec_pop(&rev_argv);
 			while ((arg = next_token(&pattern))) {
 				if (*arg == '-') {
 					fprintf(stderr, "Bad range expr: %s\n",
 						arg);
 					break;
 				}
-				argv_array_push(&rev_argv, arg);
+				strvec_push(&rev_argv, arg);
 			}
 		}
 	}
@@ -412,22 +413,22 @@ void cgit_print_log(const char *tip, int ofs, int cnt, char *grep, char *pattern
 	}
 
 	if (commit_graph && !ctx.qry.follow) {
-		argv_array_push(&rev_argv, "--graph");
-		argv_array_push(&rev_argv, "--color");
+		strvec_push(&rev_argv, "--graph");
+		strvec_push(&rev_argv, "--color");
 		graph_set_column_colors(column_colors_html,
 					COLUMN_COLORS_HTML_MAX);
 	}
 
 	if (commit_sort == 1)
-		argv_array_push(&rev_argv, "--date-order");
+		strvec_push(&rev_argv, "--date-order");
 	else if (commit_sort == 2)
-		argv_array_push(&rev_argv, "--topo-order");
+		strvec_push(&rev_argv, "--topo-order");
 
 	if (path && ctx.qry.follow)
-		argv_array_push(&rev_argv, "--follow");
-	argv_array_push(&rev_argv, "--");
+		strvec_push(&rev_argv, "--follow");
+	strvec_push(&rev_argv, "--");
 	if (path)
-		argv_array_push(&rev_argv, path);
+		strvec_push(&rev_argv, path);
 
 	init_revisions(&rev, NULL);
 	rev.abbrev = DEFAULT_ABBREV;
@@ -436,7 +437,7 @@ void cgit_print_log(const char *tip, int ofs, int cnt, char *grep, char *pattern
 	rev.show_root_diff = 0;
 	rev.ignore_missing = 1;
 	rev.simplify_history = 1;
-	setup_revisions(rev_argv.argc, rev_argv.argv, &rev, NULL);
+	setup_revisions(rev_argv.nr, rev_argv.v, &rev, NULL);
 	load_ref_decorations(NULL, DECORATE_FULL_REFS);
 	rev.show_decorations = 1;
 	rev.grep_filter.ignore_case = 1;
@@ -463,7 +464,7 @@ void cgit_print_log(const char *tip, int ofs, int cnt, char *grep, char *pattern
 	if (pager) {
 		html(" (");
 		cgit_log_link(ctx.qry.showmsg ? "Collapse" : "Expand", NULL,
-			      NULL, ctx.qry.head, ctx.qry.sha1,
+			      NULL, ctx.qry.head, ctx.qry.oid,
 			      ctx.qry.vpath, ctx.qry.ofs, ctx.qry.grep,
 			      ctx.qry.search, ctx.qry.showmsg ? 0 : 1,
 			      ctx.qry.follow);
@@ -488,8 +489,7 @@ void cgit_print_log(const char *tip, int ofs, int cnt, char *grep, char *pattern
 	for (i = 0; i < ofs && (commit = get_revision(&rev)) != NULL; /* nop */) {
 		if (show_commit(commit, &rev))
 			i++;
-		free_commit_buffer(commit);
-		free_commit_list(commit->parents);
+		release_commit_memory(the_repository->parsed_objects, commit);
 		commit->parents = NULL;
 	}
 
@@ -510,8 +510,7 @@ void cgit_print_log(const char *tip, int ofs, int cnt, char *grep, char *pattern
 			i++;
 			print_commit(commit, &rev);
 		}
-		free_commit_buffer(commit);
-		free_commit_list(commit->parents);
+		release_commit_memory(the_repository->parsed_objects, commit);
 		commit->parents = NULL;
 	}
 	if (pager) {
@@ -519,7 +518,7 @@ void cgit_print_log(const char *tip, int ofs, int cnt, char *grep, char *pattern
 		if (ofs > 0) {
 			html("<li>");
 			cgit_log_link("[prev]", NULL, NULL, ctx.qry.head,
-				      ctx.qry.sha1, ctx.qry.vpath,
+				      ctx.qry.oid, ctx.qry.vpath,
 				      ofs - cnt, ctx.qry.grep,
 				      ctx.qry.search, ctx.qry.showmsg,
 				      ctx.qry.follow);
@@ -528,7 +527,7 @@ void cgit_print_log(const char *tip, int ofs, int cnt, char *grep, char *pattern
 		if ((commit = get_revision(&rev)) != NULL) {
 			html("<li>");
 			cgit_log_link("[next]", NULL, NULL, ctx.qry.head,
-				      ctx.qry.sha1, ctx.qry.vpath,
+				      ctx.qry.oid, ctx.qry.vpath,
 				      ofs + cnt, ctx.qry.grep,
 				      ctx.qry.search, ctx.qry.showmsg,
 				      ctx.qry.follow);

ui-log.h

@@ -2,7 +2,7 @@
 #define UI_LOG_H
 
 extern void cgit_print_log(const char *tip, int ofs, int cnt, char *grep,
-			   char *pattern, char *path, int pager,
+			   char *pattern, const char *path, int pager,
 			   int commit_graph, int commit_sort);
 extern void show_commit_decorations(struct commit *commit);
 

ui-patch.c

@@ -11,13 +11,16 @@
 #include "html.h"
 #include "ui-shared.h"
 
+/* two commit hashes with two dots in between and termination */
+#define REV_RANGE_LEN 2 * GIT_MAX_HEXSZ + 3
+
 void cgit_print_patch(const char *new_rev, const char *old_rev,
 		      const char *prefix)
 {
 	struct rev_info rev;
 	struct commit *commit;
 	struct object_id new_rev_oid, old_rev_oid;
-	char rev_range[2 * 40 + 3];
+	char rev_range[REV_RANGE_LEN];
 	const char *rev_argv[] = { NULL, "--reverse", "--format=email", rev_range, "--", prefix, NULL };
 	int rev_argc = ARRAY_SIZE(rev_argv) - 1;
 	char *patchname;
@@ -33,7 +36,7 @@ void cgit_print_patch(const char *new_rev, const char *old_rev,
 				"Bad object id: %s", new_rev);
 		return;
 	}
-	commit = lookup_commit_reference(&new_rev_oid);
+	commit = lookup_commit_reference(the_repository, &new_rev_oid);
 	if (!commit) {
 		cgit_print_error_page(404, "Not found",
 				"Bad commit reference: %s", new_rev);
@@ -46,7 +49,7 @@ void cgit_print_patch(const char *new_rev, const char *old_rev,
 					"Bad object id: %s", old_rev);
 			return;
 		}
-		if (!lookup_commit_reference(&old_rev_oid)) {
+		if (!lookup_commit_reference(the_repository, &old_rev_oid)) {
 			cgit_print_error_page(404, "Not found",
 					"Bad commit reference: %s", old_rev);
 			return;
@@ -58,9 +61,9 @@ void cgit_print_patch(const char *new_rev, const char *old_rev,
 	}
 
 	if (is_null_oid(&old_rev_oid)) {
-		memcpy(rev_range, oid_to_hex(&new_rev_oid), GIT_SHA1_HEXSZ + 1);
+		memcpy(rev_range, oid_to_hex(&new_rev_oid), the_hash_algo->hexsz + 1);
 	} else {
-		sprintf(rev_range, "%s..%s", oid_to_hex(&old_rev_oid),
+		xsnprintf(rev_range, REV_RANGE_LEN, "%s..%s", oid_to_hex(&old_rev_oid),
 			oid_to_hex(&new_rev_oid));
 	}
 

ui-plain.c

@@ -99,7 +99,7 @@ static void print_dir(const struct object_id *oid, const char *base,
 			fullpath = NULL;
 		}
 		html("<li>");
-		cgit_plain_link("../", NULL, NULL, ctx.qry.head, ctx.qry.sha1,
+		cgit_plain_link("../", NULL, NULL, ctx.qry.head, ctx.qry.oid,
 				fullpath);
 		html("</li>\n");
 	}
@@ -118,7 +118,7 @@ static void print_dir_entry(const struct object_id *oid, const char *base,
 	if (S_ISGITLINK(mode)) {
 		cgit_submodule_link(NULL, fullpath, oid_to_hex(oid));
 	} else
-		cgit_plain_link(path, NULL, NULL, ctx.qry.head, ctx.qry.sha1,
+		cgit_plain_link(path, NULL, NULL, ctx.qry.head, ctx.qry.oid,
 				fullpath);
 	html("</li>\n");
 	free(fullpath);
@@ -130,7 +130,7 @@ static void print_dir_tail(void)
 }
 
 static int walk_tree(const struct object_id *oid, struct strbuf *base,
-		const char *pathname, unsigned mode, int stage, void *cbdata)
+		const char *pathname, unsigned mode, void *cbdata)
 {
 	struct walk_tree_context *walk_tree_ctx = cbdata;
 
@@ -163,7 +163,7 @@ static int basedir_len(const char *path)
 
 void cgit_print_plain(void)
 {
-	const char *rev = ctx.qry.sha1;
+	const char *rev = ctx.qry.oid;
 	struct object_id oid;
 	struct commit *commit;
 	struct pathspec_item path_items = {
@@ -185,7 +185,7 @@ void cgit_print_plain(void)
 		cgit_print_error_page(404, "Not found", "Not found");
 		return;
 	}
-	commit = lookup_commit_reference(&oid);
+	commit = lookup_commit_reference(the_repository, &oid);
 	if (!commit || parse_commit(commit)) {
 		cgit_print_error_page(404, "Not found", "Not found");
 		return;
@@ -193,12 +193,13 @@ void cgit_print_plain(void)
 	if (!path_items.match) {
 		path_items.match = "";
 		walk_tree_ctx.match_baselen = -1;
-		print_dir(&commit->maybe_tree->object.oid, "", 0, "");
+		print_dir(get_commit_tree_oid(commit), "", 0, "");
 		walk_tree_ctx.match = 2;
 	}
 	else
 		walk_tree_ctx.match_baselen = basedir_len(path_items.match);
-	read_tree_recursive(commit->maybe_tree, "", 0, 0, &paths, walk_tree, &walk_tree_ctx);
+	read_tree(the_repository, repo_get_commit_tree(the_repository, commit),
+		  &paths, walk_tree, &walk_tree_ctx);
 	if (!walk_tree_ctx.match)
 		cgit_print_error_page(404, "Not found", "Not found");
 	else if (walk_tree_ctx.match == 2)

ui-refs.c

@@ -136,7 +136,7 @@ static int print_tag(struct refinfo *ref)
 	return 0;
 }
 
-static void print_refs_link(char *path)
+static void print_refs_link(const char *path)
 {
 	html("<tr class='nohover'><td colspan='5'>");
 	cgit_refs_link("[...]", NULL, NULL, ctx.qry.head, NULL, path);

ui-repolist.c

@@ -11,7 +11,7 @@
 #include "html.h"
 #include "ui-shared.h"
 
-static time_t read_agefile(char *path)
+static time_t read_agefile(const char *path)
 {
 	time_t result;
 	size_t size;
@@ -20,7 +20,7 @@ static time_t read_agefile(char *path)
 
 	if (readfile(path, &buf, &size)) {
 		free(buf);
-		return -1;
+		return 0;
 	}
 
 	if (parse_date(buf, &date_buf) == 0)
@@ -321,7 +321,7 @@ void cgit_print_repolist(void)
 		}
 		htmlf("<tr><td class='%s'>",
 		      !sorted && section ? "sublevel-repo" : "toplevel-repo");
-		cgit_summary_link(ctx.repo->name, ctx.repo->name, NULL, NULL);
+		cgit_summary_link(ctx.repo->name, NULL, NULL, NULL);
 		html("</td><td>");
 		repourl = cgit_repourl(ctx.repo->url);
 		html_link_open(repourl, NULL, NULL);

ui-shared.c

@@ -22,10 +22,11 @@ static char *http_date(time_t t)
 	static char month[][4] =
 		{"Jan", "Feb", "Mar", "Apr", "May", "Jun",
 		 "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"};
-	struct tm *tm = gmtime(&t);
-	return fmt("%s, %02d %s %04d %02d:%02d:%02d GMT", day[tm->tm_wday],
-		   tm->tm_mday, month[tm->tm_mon], 1900 + tm->tm_year,
-		   tm->tm_hour, tm->tm_min, tm->tm_sec);
+	struct tm tm;
+	gmtime_r(&t, &tm);
+	return fmt("%s, %02d %s %04d %02d:%02d:%02d GMT", day[tm.tm_wday],
+		   tm.tm_mday, month[tm.tm_mon], 1900 + tm.tm_year,
+		   tm.tm_hour, tm.tm_min, tm.tm_sec);
 }
 
 void cgit_print_error(const char *fmt, ...)
@@ -68,15 +69,48 @@ char *cgit_hosturl(void)
 char *cgit_currenturl(void)
 {
 	const char *root = cgit_rooturl();
-	size_t len = strlen(root);
 
 	if (!ctx.qry.url)
 		return xstrdup(root);
-	if (len && root[len - 1] == '/')
+	if (root[0] && root[strlen(root) - 1] == '/')
 		return fmtalloc("%s%s", root, ctx.qry.url);
 	return fmtalloc("%s/%s", root, ctx.qry.url);
 }
 
+char *cgit_currentfullurl(void)
+{
+	const char *root = cgit_rooturl();
+	const char *orig_query = ctx.env.query_string ? ctx.env.query_string : "";
+	size_t len = strlen(orig_query);
+	char *query = xmalloc(len + 2), *start_url, *ret;
+
+	/* Remove all url=... parts from query string */
+	memcpy(query + 1, orig_query, len + 1);
+	query[0] = '?';
+	start_url = query;
+	while ((start_url = strstr(start_url, "url=")) != NULL) {
+		if (start_url[-1] == '?' || start_url[-1] == '&') {
+			const char *end_url = strchr(start_url, '&');
+			if (end_url)
+				memmove(start_url, end_url + 1, strlen(end_url));
+			else
+				start_url[0] = '\0';
+		} else
+			++start_url;
+	}
+	if (!query[1])
+		query[0] = '\0';
+
+	if (!ctx.qry.url)
+		ret = fmtalloc("%s%s", root, query);
+	else if (root[0] && root[strlen(root) - 1] == '/')
+		ret = fmtalloc("%s%s%s", root, ctx.qry.url, query);
+	else
+		ret = fmtalloc("%s/%s%s", root, ctx.qry.url, query);
+	free(query);
+	return ret;
+}
+
 const char *cgit_rooturl(void)
 {
 	if (ctx.cfg.virtual_root)
@@ -488,45 +522,45 @@ static void cgit_self_link(char *name, const char *title, const char *class)
 	else if (!strcmp(ctx.qry.page, "summary"))
 		cgit_summary_link(name, title, class, ctx.qry.head);
 	else if (!strcmp(ctx.qry.page, "tag"))
-		cgit_tag_link(name, title, class, ctx.qry.has_sha1 ?
-			       ctx.qry.sha1 : ctx.qry.head);
+		cgit_tag_link(name, title, class, ctx.qry.has_oid ?
+			       ctx.qry.oid : ctx.qry.head);
 	else if (!strcmp(ctx.qry.page, "tree"))
 		cgit_tree_link(name, title, class, ctx.qry.head,
-			       ctx.qry.has_sha1 ? ctx.qry.sha1 : NULL,
+			       ctx.qry.has_oid ? ctx.qry.oid : NULL,
 			       ctx.qry.path);
 	else if (!strcmp(ctx.qry.page, "plain"))
 		cgit_plain_link(name, title, class, ctx.qry.head,
-				ctx.qry.has_sha1 ? ctx.qry.sha1 : NULL,
+				ctx.qry.has_oid ? ctx.qry.oid : NULL,
 				ctx.qry.path);
 	else if (!strcmp(ctx.qry.page, "blame"))
 		cgit_blame_link(name, title, class, ctx.qry.head,
-				ctx.qry.has_sha1 ? ctx.qry.sha1 : NULL,
+				ctx.qry.has_oid ? ctx.qry.oid : NULL,
 				ctx.qry.path);
 	else if (!strcmp(ctx.qry.page, "log"))
 		cgit_log_link(name, title, class, ctx.qry.head,
-			      ctx.qry.has_sha1 ? ctx.qry.sha1 : NULL,
+			      ctx.qry.has_oid ? ctx.qry.oid : NULL,
 			      ctx.qry.path, ctx.qry.ofs,
 			      ctx.qry.grep, ctx.qry.search,
 			      ctx.qry.showmsg, ctx.qry.follow);
 	else if (!strcmp(ctx.qry.page, "commit"))
 		cgit_commit_link(name, title, class, ctx.qry.head,
-				 ctx.qry.has_sha1 ? ctx.qry.sha1 : NULL,
+				 ctx.qry.has_oid ? ctx.qry.oid : NULL,
 				 ctx.qry.path);
 	else if (!strcmp(ctx.qry.page, "patch"))
 		cgit_patch_link(name, title, class, ctx.qry.head,
-				ctx.qry.has_sha1 ? ctx.qry.sha1 : NULL,
+				ctx.qry.has_oid ? ctx.qry.oid : NULL,
 				ctx.qry.path);
 	else if (!strcmp(ctx.qry.page, "refs"))
 		cgit_refs_link(name, title, class, ctx.qry.head,
-			       ctx.qry.has_sha1 ? ctx.qry.sha1 : NULL,
+			       ctx.qry.has_oid ? ctx.qry.oid : NULL,
 			       ctx.qry.path);
 	else if (!strcmp(ctx.qry.page, "snapshot"))
 		cgit_snapshot_link(name, title, class, ctx.qry.head,
-				   ctx.qry.has_sha1 ? ctx.qry.sha1 : NULL,
+				   ctx.qry.has_oid ? ctx.qry.oid : NULL,
 				   ctx.qry.path);
 	else if (!strcmp(ctx.qry.page, "diff"))
 		cgit_diff_link(name, title, class, ctx.qry.head,
-			       ctx.qry.sha1, ctx.qry.sha2,
+			       ctx.qry.oid, ctx.qry.oid2,
 			       ctx.qry.path);
 	else if (!strcmp(ctx.qry.page, "stats"))
 		cgit_stats_link(name, title, class, ctx.qry.head,
@@ -639,7 +673,7 @@ const struct date_mode *cgit_date_mode(enum date_mode_type type)
 static void print_rel_date(time_t t, int tz, double value,
 	const char *class, const char *suffix)
 {
-	htmlf("<span class='%s' title='", class);
+	htmlf("<span class='%s' data-ut='%" PRIu64 "' title='", class, (uint64_t)t);
 	html_attr(show_date(t, tz, cgit_date_mode(DATE_ISO8601)));
 	htmlf("'>%.0f %s</span>", value, suffix);
 }
@@ -734,6 +768,38 @@ static void print_rel_vcs_link(const char *url)
 	html(" Git repository'/>\n");
 }
 
+static int emit_css_link(struct string_list_item *s, void *arg)
+{
+	/* Do not emit anything if css= is specified. */
+	if (s && *s->string == '\0')
+		return 0;
+
+	html("<link rel='stylesheet' type='text/css' href='");
+	if (s)
+		html_attr(s->string);
+	else
+		html_attr((const char *)arg);
+	html("'/>\n");
+
+	return 0;
+}
+
+static int emit_js_link(struct string_list_item *s, void *arg)
+{
+	/* Do not emit anything if js= is specified. */
+	if (s && *s->string == '\0')
+		return 0;
+
+	html("<script type='text/javascript' src='");
+	if (s)
+		html_attr(s->string);
+	else
+		html_attr((const char *)arg);
+	html("'></script>\n");
+
+	return 0;
+}
+
 void cgit_print_docstart(void)
 {
 	char *host = cgit_hosturl();
@@ -753,9 +819,17 @@ void cgit_print_docstart(void)
 	htmlf("<meta name='generator' content='cgit %s'/>\n", cgit_version);
 	if (ctx.cfg.robots && *ctx.cfg.robots)
 		htmlf("<meta name='robots' content='%s'/>\n", ctx.cfg.robots);
-	html("<link rel='stylesheet' type='text/css' href='");
-	html_attr(ctx.cfg.css);
-	html("'/>\n");
+
+	if (ctx.cfg.css.items)
+		for_each_string_list(&ctx.cfg.css, emit_css_link, NULL);
+	else
+		emit_css_link(NULL, "/cgit.css");
+
+	if (ctx.cfg.js.items)
+		for_each_string_list(&ctx.cfg.js, emit_js_link, NULL);
+	else
+		emit_js_link(NULL, "/cgit.js");
+
 	if (ctx.cfg.favicon) {
 		html("<link rel='shortcut icon' href='");
 		html_attr(ctx.cfg.favicon);
@@ -885,10 +959,10 @@ void cgit_add_hidden_formfields(int incl_head, int incl_search,
 	    strcmp(ctx.qry.head, ctx.repo->defbranch))
 		html_hidden("h", ctx.qry.head);
 
-	if (ctx.qry.sha1)
-		html_hidden("id", ctx.qry.sha1);
-	if (ctx.qry.sha2)
-		html_hidden("id2", ctx.qry.sha2);
+	if (ctx.qry.oid)
+		html_hidden("id", ctx.qry.oid);
+	if (ctx.qry.oid2)
+		html_hidden("id2", ctx.qry.oid2);
 	if (ctx.qry.showmsg)
 		html_hidden("showmsg", "1");
 
@@ -912,12 +986,13 @@ static void cgit_print_path_crumbs(char *path)
 {
 	char *old_path = ctx.qry.path;
 	char *p = path, *q, *end = path + strlen(path);
+	int levels = 0;
 
 	ctx.qry.path = NULL;
 	cgit_self_link("root", NULL, NULL);
 	ctx.qry.path = p = path;
 	while (p < end) {
-		if (!(q = strchr(p, '/')))
+		if (!(q = strchr(p, '/')) || levels > 15)
 			q = end;
 		*q = '\0';
 		html_txt("/");
@@ -925,6 +1000,7 @@ static void cgit_print_path_crumbs(char *path)
 		if (q < end)
 			*q = '/';
 		p = q + 1;
+		++levels;
 	}
 	ctx.qry.path = old_path;
 }
@@ -959,7 +1035,7 @@ static void print_header(void)
 	if (ctx.repo) {
 		cgit_index_link("index", NULL, NULL, NULL, NULL, 0, 1);
 		html(" : ");
-		cgit_summary_link(ctx.repo->name, ctx.repo->name, NULL, NULL);
+		cgit_summary_link(ctx.repo->name, NULL, NULL, NULL);
 		if (ctx.env.authenticated) {
 			html("</td><td class='form'>");
 			html("<form method='get'>\n");
@@ -980,7 +1056,13 @@ static void print_header(void)
 	if (ctx.repo) {
 		html_txt(ctx.repo->desc);
 		html("</td><td class='sub right'>");
-		html_txt(ctx.repo->owner);
+		if (ctx.repo->owner_filter) {
+			cgit_open_filter(ctx.repo->owner_filter);
+			html_txt(ctx.repo->owner);
+			cgit_close_filter(ctx.repo->owner_filter);
+		} else {
+			html_txt(ctx.repo->owner);
+		}
 	} else {
 		if (ctx.cfg.root_desc)
 			html_txt(ctx.cfg.root_desc);
@@ -1003,20 +1085,20 @@ void cgit_print_pageheader(void)
 		cgit_summary_link("summary", NULL, hc("summary"),
 				  ctx.qry.head);
 		cgit_refs_link("refs", NULL, hc("refs"), ctx.qry.head,
-			       ctx.qry.sha1, NULL);
+			       ctx.qry.oid, NULL);
 		cgit_log_link("log", NULL, hc("log"), ctx.qry.head,
 			      NULL, ctx.qry.vpath, 0, NULL, NULL,
 			      ctx.qry.showmsg, ctx.qry.follow);
 		if (ctx.qry.page && !strcmp(ctx.qry.page, "blame"))
 			cgit_blame_link("blame", NULL, hc("blame"), ctx.qry.head,
-				        ctx.qry.sha1, ctx.qry.vpath);
+				        ctx.qry.oid, ctx.qry.vpath);
 		else
 			cgit_tree_link("tree", NULL, hc("tree"), ctx.qry.head,
-				       ctx.qry.sha1, ctx.qry.vpath);
+				       ctx.qry.oid, ctx.qry.vpath);
 		cgit_commit_link("commit", NULL, hc("commit"),
-				 ctx.qry.head, ctx.qry.sha1, ctx.qry.vpath);
+				 ctx.qry.head, ctx.qry.oid, ctx.qry.vpath);
 		cgit_diff_link("diff", NULL, hc("diff"), ctx.qry.head,
-			       ctx.qry.sha1, ctx.qry.sha2, ctx.qry.vpath);
+			       ctx.qry.oid, ctx.qry.oid2, ctx.qry.vpath);
 		if (ctx.repo->max_stats)
 			cgit_stats_link("stats", NULL, hc("stats"),
 					ctx.qry.head, ctx.qry.vpath);
@@ -1159,31 +1241,17 @@ void cgit_print_snapshot_links(const struct cgit_repo *repo, const char *ref,
 
 void cgit_set_title_from_path(const char *path)
 {
-	size_t path_len, path_index, path_last_end;
-	char *new_title;
+	struct strbuf sb = STRBUF_INIT;
+	const char *slash, *last_slash;
 
 	if (!path)
 		return;
 
-	path_len = strlen(path);
-	new_title = xmalloc(path_len + 3 + strlen(ctx.page.title) + 1);
-	new_title[0] = '\0';
-
-	for (path_index = path_len, path_last_end = path_len; path_index-- > 0;) {
-		if (path[path_index] == '/') {
-			if (path_index == path_len - 1) {
-				path_last_end = path_index - 1;
-				continue;
-			}
-			strncat(new_title, &path[path_index + 1], path_last_end - path_index - 1);
-			strcat(new_title, "\\");
-			path_last_end = path_index;
-		}
+	for (last_slash = path + strlen(path); (slash = memrchr(path, '/', last_slash - path)) != NULL; last_slash = slash) {
+		strbuf_add(&sb, slash + 1, last_slash - slash - 1);
+		strbuf_addstr(&sb, " \xc2\xab ");
 	}
-	if (path_last_end)
-		strncat(new_title, path, path_last_end);
-
-	strcat(new_title, " - ");
-	strcat(new_title, ctx.page.title);
-	ctx.page.title = new_title;
+	strbuf_add(&sb, path, last_slash - path);
+	strbuf_addf(&sb, " - %s", ctx.page.title);
+	ctx.page.title = strbuf_detach(&sb, NULL);
 }

ui-shared.h

@@ -5,6 +5,7 @@ extern const char *cgit_httpscheme(void);
 extern char *cgit_hosturl(void);
 extern const char *cgit_rooturl(void);
 extern char *cgit_currenturl(void);
+extern char *cgit_currentfullurl(void);
 extern const char *cgit_loginurl(void);
 extern char *cgit_repourl(const char *reponame);
 extern char *cgit_fileurl(const char *reponame, const char *pagename,

ui-snapshot.c

@@ -13,32 +13,32 @@
 
 static int write_archive_type(const char *format, const char *hex, const char *prefix)
 {
-	struct argv_array argv = ARGV_ARRAY_INIT;
+	struct strvec argv = STRVEC_INIT;
 	const char **nargv;
 	int result;
-	argv_array_push(&argv, "snapshot");
-	argv_array_push(&argv, format);
+	strvec_push(&argv, "snapshot");
+	strvec_push(&argv, format);
 	if (prefix) {
 		struct strbuf buf = STRBUF_INIT;
 		strbuf_addstr(&buf, prefix);
 		strbuf_addch(&buf, '/');
-		argv_array_push(&argv, "--prefix");
-		argv_array_push(&argv, buf.buf);
+		strvec_push(&argv, "--prefix");
+		strvec_push(&argv, buf.buf);
 		strbuf_release(&buf);
 	}
-	argv_array_push(&argv, hex);
+	strvec_push(&argv, hex);
 	/*
 	 * Now we need to copy the pointers to arguments into a new
 	 * structure because write_archive will rearrange its arguments
 	 * which may result in duplicated/missing entries causing leaks
-	 * or double-frees in argv_array_clear.
+	 * or double-frees in strvec_clear.
 	 */
-	nargv = xmalloc(sizeof(char *) * (argv.argc + 1));
-	/* argv_array guarantees a trailing NULL entry. */
-	memcpy(nargv, argv.argv, sizeof(char *) * (argv.argc + 1));
+	nargv = xmalloc(sizeof(char *) * (argv.nr + 1));
+	/* strvec guarantees a trailing NULL entry. */
+	memcpy(nargv, argv.v, sizeof(char *) * (argv.nr + 1));
 
-	result = write_archive(argv.argc, nargv, NULL, NULL, 0);
-	argv_array_clear(&argv);
+	result = write_archive(argv.nr, nargv, NULL, the_repository, NULL, 0);
+	strvec_clear(&argv);
 	free(nargv);
 	return result;
 }
@@ -79,18 +79,32 @@ static int write_tar_bzip2_archive(const char *hex, const char *prefix)
 	return write_compressed_tar_archive(hex, prefix, argv);
 }
 
+static int write_tar_lzip_archive(const char *hex, const char *prefix)
+{
+	char *argv[] = { "lzip", NULL };
+	return write_compressed_tar_archive(hex, prefix, argv);
+}
+
 static int write_tar_xz_archive(const char *hex, const char *prefix)
 {
 	char *argv[] = { "xz", NULL };
 	return write_compressed_tar_archive(hex, prefix, argv);
 }
 
+static int write_tar_zstd_archive(const char *hex, const char *prefix)
+{
+	char *argv[] = { "zstd", "-T0", NULL };
+	return write_compressed_tar_archive(hex, prefix, argv);
+}
+
 const struct cgit_snapshot_format cgit_snapshot_formats[] = {
 	/* .tar must remain the 0 index */
 	{ ".tar",	"application/x-tar",	write_tar_archive	},
 	{ ".tar.gz",	"application/x-gzip",	write_tar_gzip_archive	},
 	{ ".tar.bz2",	"application/x-bzip2",	write_tar_bzip2_archive	},
+	{ ".tar.lz",	"application/x-lzip",	write_tar_lzip_archive	},
 	{ ".tar.xz",	"application/x-xz",	write_tar_xz_archive	},
+	{ ".tar.zst",	"application/x-zstd",	write_tar_zstd_archive	},
 	{ ".zip",	"application/x-zip",	write_zip_archive	},
 	{ NULL }
 };
@@ -147,7 +161,7 @@ static int make_snapshot(const struct cgit_snapshot_format *format,
 				"Bad object id: %s", hex);
 		return 1;
 	}
-	if (!lookup_commit_reference(&oid)) {
+	if (!lookup_commit_reference(the_repository, &oid)) {
 		cgit_print_error_page(400, "Bad request",
 				"Not a commit reference: %s", hex);
 		return 1;
@@ -156,6 +170,7 @@ static int make_snapshot(const struct cgit_snapshot_format *format,
 	ctx.page.mimetype = xstrdup(format->mimetype);
 	ctx.page.filename = xstrdup(filename);
 	cgit_print_http_headers();
+	init_archivers();
 	format->write_func(hex, prefix);
 	return 0;
 }

ui-ssdiff.c

@@ -103,8 +103,7 @@ static int line_from_hunk(char *line, char type)
 		return 0;
 	len = buf2 - buf1;
 	buf2 = xmalloc(len + 1);
-	strncpy(buf2, buf1, len);
-	buf2[len] = '\0';
+	strlcpy(buf2, buf1, len + 1);
 	res = atoi(buf2);
 	free(buf2);
 	return res;
@@ -118,6 +117,7 @@ static char *replace_tabs(char *line)
 	int n_tabs = 0;
 	int i;
 	char *result;
+	size_t result_len;
 
 	if (linelen == 0) {
 		result = xmalloc(1);
@@ -129,16 +129,19 @@ static char *replace_tabs(char *line)
 		if (line[i] == '\t')
 			n_tabs += 1;
 	}
-	result = xmalloc(linelen + n_tabs * 8 + 1);
+	result_len = linelen + n_tabs * 8;
+	result = xmalloc(result_len + 1);
 	result[0] = '\0';
 
 	for (;;) {
 		cur_buf = strchr(prev_buf, '\t');
 		if (!cur_buf) {
-			strcat(result, prev_buf);
+			linelen = strlen(result);
+			strlcpy(&result[linelen], prev_buf, result_len - linelen + 1);
 			break;
 		} else {
-			strncat(result, prev_buf, cur_buf - prev_buf);
+			linelen = strlen(result);
+			strlcpy(&result[linelen], prev_buf, cur_buf - prev_buf + 1);
 			linelen = strlen(result);
 			memset(&result[linelen], ' ', 8 - (linelen % 8));
 			result[linelen + 8 - (linelen % 8)] = '\0';
@@ -206,11 +209,13 @@ static void print_part_with_lcs(char *class, char *line, char *lcs)
 			}
 		} else if (line[i] == lcs[j]) {
 			same = 1;
-			htmlf("</span>");
+			html("</span>");
 			j += 1;
 		}
 		html_txt(c);
 	}
+	if (!same)
+		html("</span>");
 }
 
 static void print_ssdiff_line(char *class,
@@ -235,7 +240,7 @@ static void print_ssdiff_line(char *class,
 		char *fileurl = cgit_fileurl(ctx.repo->url, "tree", old_file->path, id_str);
 		html("<td class='lineno'><a href='");
 		html(fileurl);
-		htmlf("' id='%s'>%s</a>", lineno_str, lineno_str + 1);
+		htmlf("'>%s</a>", lineno_str + 1);
 		html("</td>");
 		htmlf("<td class='%s'>", class);
 		free(fileurl);
@@ -258,7 +263,7 @@ static void print_ssdiff_line(char *class,
 		char *fileurl = cgit_fileurl(ctx.repo->url, "tree", new_file->path, id_str);
 		html("<td class='lineno'><a href='");
 		html(fileurl);
-		htmlf("' id='%s'>%s</a>", lineno_str, lineno_str + 1);
+		htmlf("'>%s</a>", lineno_str + 1);
 		html("</td>");
 		htmlf("<td class='%s'>", class);
 		free(fileurl);
@@ -404,7 +409,7 @@ void cgit_ssdiff_header_begin(void)
 
 void cgit_ssdiff_header_end(void)
 {
-	html("</td><tr>");
+	html("</td></tr>");
 }
 
 void cgit_ssdiff_footer(void)

ui-stats.c

@@ -166,7 +166,7 @@ static void add_commit(struct string_list *authors, struct commit *commit,
 	struct authorstat *authorstat;
 	struct string_list *items;
 	char *tmp;
-	struct tm *date;
+	struct tm date;
 	time_t t;
 	uintptr_t *counter;
 
@@ -180,9 +180,9 @@ static void add_commit(struct string_list *authors, struct commit *commit,
 	authorstat = author->util;
 	items = &authorstat->list;
 	t = info->committer_date;
-	date = gmtime(&t);
-	period->trunc(date);
-	tmp = xstrdup(period->pretty(date));
+	gmtime_r(&t, &date);
+	period->trunc(&date);
+	tmp = xstrdup(period->pretty(&date));
 	item = string_list_insert(items, tmp);
 	counter = (uintptr_t *)&item->util;
 	if (*counter)
@@ -215,15 +215,15 @@ static struct string_list collect_stats(const struct cgit_period *period)
 	int argc = 3;
 	time_t now;
 	long i;
-	struct tm *tm;
+	struct tm tm;
 	char tmp[11];
 
 	time(&now);
-	tm = gmtime(&now);
-	period->trunc(tm);
+	gmtime_r(&now, &tm);
+	period->trunc(&tm);
 	for (i = 1; i < period->count; i++)
-		period->dec(tm);
-	strftime(tmp, sizeof(tmp), "%Y-%m-%d", tm);
+		period->dec(&tm);
+	strftime(tmp, sizeof(tmp), "%Y-%m-%d", &tm);
 	argv[2] = xstrdup(fmt("--since=%s", tmp));
 	if (ctx.qry.path) {
 		argv[3] = "--";
@@ -241,8 +241,7 @@ static struct string_list collect_stats(const struct cgit_period *period)
 	memset(&authors, 0, sizeof(authors));
 	while ((commit = get_revision(&rev)) != NULL) {
 		add_commit(&authors, commit, period);
-		free_commit_buffer(commit);
-		free_commit_list(commit->parents);
+		release_commit_memory(the_repository->parsed_objects, commit);
 		commit->parents = NULL;
 	}
 	return authors;
@@ -261,21 +260,21 @@ static void print_combined_authorrow(struct string_list *authors, int from,
 	struct string_list_item *date;
 	time_t now;
 	long i, j, total, subtotal;
-	struct tm *tm;
+	struct tm tm;
 	char *tmp;
 
 	time(&now);
-	tm = gmtime(&now);
-	period->trunc(tm);
+	gmtime_r(&now, &tm);
+	period->trunc(&tm);
 	for (i = 1; i < period->count; i++)
-		period->dec(tm);
+		period->dec(&tm);
 
 	total = 0;
 	htmlf("<tr><td class='%s'>%s</td>", leftclass,
 		fmt(name, to - from + 1));
 	for (j = 0; j < period->count; j++) {
-		tmp = period->pretty(tm);
-		period->inc(tm);
+		tmp = period->pretty(&tm);
+		period->inc(&tm);
 		subtotal = 0;
 		for (i = from; i <= to; i++) {
 			author = &authors->items[i];
@@ -300,20 +299,20 @@ static void print_authors(struct string_list *authors, int top,
 	struct string_list_item *date;
 	time_t now;
 	long i, j, total;
-	struct tm *tm;
+	struct tm tm;
 	char *tmp;
 
 	time(&now);
-	tm = gmtime(&now);
-	period->trunc(tm);
+	gmtime_r(&now, &tm);
+	period->trunc(&tm);
 	for (i = 1; i < period->count; i++)
-		period->dec(tm);
+		period->dec(&tm);
 
 	html("<table class='stats'><tr><th>Author</th>");
 	for (j = 0; j < period->count; j++) {
-		tmp = period->pretty(tm);
+		tmp = period->pretty(&tm);
 		htmlf("<th>%s</th>", tmp);
-		period->inc(tm);
+		period->inc(&tm);
 	}
 	html("<th>Total</th></tr>\n");
 
@@ -329,10 +328,10 @@ static void print_authors(struct string_list *authors, int top,
 		items = &authorstat->list;
 		total = 0;
 		for (j = 0; j < period->count; j++)
-			period->dec(tm);
+			period->dec(&tm);
 		for (j = 0; j < period->count; j++) {
-			tmp = period->pretty(tm);
-			period->inc(tm);
+			tmp = period->pretty(&tm);
+			period->inc(&tm);
 			date = string_list_lookup(items, tmp);
 			if (!date)
 				html("<td>0</td>");

ui-summary.c

@@ -99,7 +99,7 @@ static char* append_readme_path(const char *filename, const char *ref, const cha
 	return full_path;
 }
 
-void cgit_print_repo_readme(char *path)
+void cgit_print_repo_readme(const char *path)
 {
 	char *filename, *ref, *mimetype;
 	int free_filename = 0;

ui-summary.h

@@ -2,6 +2,6 @@
 #define UI_SUMMARY_H
 
 extern void cgit_print_summary(void);
-extern void cgit_print_repo_readme(char *path);
+extern void cgit_print_repo_readme(const char *path);
 
 #endif /* UI_SUMMARY_H */

ui-tag.c

@@ -33,7 +33,7 @@ static void print_tag_content(char *buf)
 
 static void print_download_links(char *revname)
 {
-	html("<tr><th>download</th><td class='sha1'>");
+	html("<tr><th>download</th><td class='oid'>");
 	cgit_print_snapshot_links(ctx.repo, revname, "<br/>");
 	html("</td></tr>");
 }
@@ -53,7 +53,7 @@ void cgit_print_tag(char *revname)
 			"Bad tag reference: %s", revname);
 		goto cleanup;
 	}
-	obj = parse_object(&oid);
+	obj = parse_object(the_repository, &oid);
 	if (!obj) {
 		cgit_print_error_page(500, "Internal server error",
 			"Bad object id: %s", oid_to_hex(&oid));
@@ -63,7 +63,7 @@ void cgit_print_tag(char *revname)
 		struct tag *tag;
 		struct taginfo *info;
 
-		tag = lookup_tag(&oid);
+		tag = lookup_tag(the_repository, &oid);
 		if (!tag || parse_tag(tag) || !(info = cgit_parse_tag(tag))) {
 			cgit_print_error_page(500, "Internal server error",
 				"Bad tag object: %s", revname);
@@ -71,7 +71,7 @@ void cgit_print_tag(char *revname)
 		}
 		cgit_print_layout_start();
 		html("<table class='commit-info'>\n");
-		htmlf("<tr><td>tag name</td><td>");
+		html("<tr><td>tag name</td><td>");
 		html_txt(revname);
 		htmlf(" (%s)</td></tr>\n", oid_to_hex(&oid));
 		if (info->tagger_date > 0) {
@@ -91,7 +91,7 @@ void cgit_print_tag(char *revname)
 			cgit_close_filter(ctx.repo->email_filter);
 			html("</td></tr>\n");
 		}
-		html("<tr><td>tagged object</td><td class='sha1'>");
+		html("<tr><td>tagged object</td><td class='oid'>");
 		cgit_object_link(tag->tagged);
 		html("</td></tr>\n");
 		if (ctx.repo->snapshots)
@@ -103,10 +103,10 @@ void cgit_print_tag(char *revname)
 	} else {
 		cgit_print_layout_start();
 		html("<table class='commit-info'>\n");
-		htmlf("<tr><td>tag name</td><td>");
+		html("<tr><td>tag name</td><td>");
 		html_txt(revname);
 		html("</td></tr>\n");
-		html("<tr><td>tagged object</td><td class='sha1'>");
+		html("<tr><td>tagged object</td><td class='oid'>");
 		cgit_object_link(obj);
 		html("</td></tr>\n");
 		if (ctx.repo->snapshots)

ui-tree.c

@@ -84,11 +84,12 @@ static void print_binary_buffer(char *buf, unsigned long size)
 	html("</table>\n");
 }
 
-static void print_object(const struct object_id *oid, char *path, const char *basename, const char *rev)
+static void print_object(const struct object_id *oid, const char *path, const char *basename, const char *rev)
 {
 	enum object_type type;
 	char *buf;
 	unsigned long size;
+	bool is_binary;
 
 	type = oid_object_info(the_repository, oid, &size);
 	if (type == OBJ_BAD) {
@@ -103,6 +104,7 @@ static void print_object(const struct object_id *oid, char *path, const char *ba
 			"Error reading object %s", oid_to_hex(oid));
 		return;
 	}
+	is_binary = buffer_is_binary(buf, size);
 
 	cgit_set_title_from_path(path);
 
@@ -110,7 +112,7 @@ static void print_object(const struct object_id *oid, char *path, const char *ba
 	htmlf("blob: %s (", oid_to_hex(oid));
 	cgit_plain_link("plain", NULL, NULL, ctx.qry.head,
 		        rev, path);
-	if (ctx.cfg.enable_blame) {
+	if (ctx.repo->enable_blame && !is_binary) {
 		html(") (");
 		cgit_blame_link("blame", NULL, NULL, ctx.qry.head,
 			        rev, path);
@@ -123,7 +125,7 @@ static void print_object(const struct object_id *oid, char *path, const char *ba
 		return;
 	}
 
-	if (buffer_is_binary(buf, size))
+	if (is_binary)
 		print_binary_buffer(buf, size);
 	else
 		print_text_buffer(basename, buf, size);
@@ -139,8 +141,7 @@ struct single_tree_ctx {
 };
 
 static int single_tree_cb(const struct object_id *oid, struct strbuf *base,
-			  const char *pathname, unsigned mode, int stage,
-			  void *cbdata)
+			  const char *pathname, unsigned mode, void *cbdata)
 {
 	struct single_tree_ctx *ctx = cbdata;
 
@@ -177,7 +178,7 @@ static void write_tree_link(const struct object_id *oid, char *name,
 		cgit_tree_link(name, NULL, "ls-dir", ctx.qry.head, rev,
 			       fullpath->buf);
 
-		tree = lookup_tree(&tree_ctx.oid);
+		tree = lookup_tree(the_repository, &tree_ctx.oid);
 		if (!tree)
 			return;
 
@@ -185,8 +186,7 @@ static void write_tree_link(const struct object_id *oid, char *name,
 		tree_ctx.name = NULL;
 		tree_ctx.count = 0;
 
-		read_tree_recursive(tree, "", 0, 1, &paths, single_tree_cb,
-				    &tree_ctx);
+		read_tree(the_repository, tree, &paths, single_tree_cb, &tree_ctx);
 
 		if (tree_ctx.count != 1)
 			break;
@@ -199,14 +199,16 @@ static void write_tree_link(const struct object_id *oid, char *name,
 }
 
 static int ls_item(const struct object_id *oid, struct strbuf *base,
-		const char *pathname, unsigned mode, int stage, void *cbdata)
+		const char *pathname, unsigned mode, void *cbdata)
 {
 	struct walk_tree_context *walk_tree_ctx = cbdata;
 	char *name;
 	struct strbuf fullpath = STRBUF_INIT;
+	struct strbuf linkpath = STRBUF_INIT;
 	struct strbuf class = STRBUF_INIT;
 	enum object_type type;
 	unsigned long size = 0;
+	char *buf;
 
 	name = xstrdup(pathname);
 	strbuf_addf(&fullpath, "%s%s%s", ctx.qry.path ? ctx.qry.path : "",
@@ -218,8 +220,7 @@ static int ls_item(const struct object_id *oid, struct strbuf *base,
 			htmlf("<tr><td colspan='3'>Bad object: %s %s</td></tr>",
 			      name,
 			      oid_to_hex(oid));
-			free(name);
-			return 0;
+			goto cleanup;
 		}
 	}
 
@@ -239,6 +240,21 @@ static int ls_item(const struct object_id *oid, struct strbuf *base,
 		cgit_tree_link(name, NULL, class.buf, ctx.qry.head,
 			       walk_tree_ctx->curr_rev, fullpath.buf);
 	}
+	if (S_ISLNK(mode)) {
+		html(" -> ");
+		buf = read_object_file(oid, &type, &size);
+		if (!buf) {
+			htmlf("Error reading object: %s", oid_to_hex(oid));
+			goto cleanup;
+		}
+		strbuf_addbuf(&linkpath, &fullpath);
+		strbuf_addf(&linkpath, "/../%s", buf);
+		strbuf_normalize_path(&linkpath);
+		cgit_tree_link(buf, NULL, class.buf, ctx.qry.head,
+			walk_tree_ctx->curr_rev, linkpath.buf);
+		free(buf);
+		strbuf_release(&linkpath);
+	}
 	htmlf("</td><td class='ls-size'>%li</td>", size);
 
 	html("<td>");
@@ -251,10 +267,12 @@ static int ls_item(const struct object_id *oid, struct strbuf *base,
 	if (!S_ISGITLINK(mode))
 		cgit_plain_link("plain", NULL, "button", ctx.qry.head,
 				walk_tree_ctx->curr_rev, fullpath.buf);
-	if (!S_ISDIR(mode) && ctx.cfg.enable_blame)
+	if (!S_ISDIR(mode) && ctx.repo->enable_blame)
 		cgit_blame_link("blame", NULL, "button", ctx.qry.head,
 				walk_tree_ctx->curr_rev, fullpath.buf);
 	html("</td></tr>\n");
+
+cleanup:
 	free(name);
 	strbuf_release(&fullpath);
 	strbuf_release(&class);
@@ -279,7 +297,7 @@ static void ls_tail(void)
 	cgit_print_layout_end();
 }
 
-static void ls_tree(const struct object_id *oid, char *path, struct walk_tree_context *walk_tree_ctx)
+static void ls_tree(const struct object_id *oid, const char *path, struct walk_tree_context *walk_tree_ctx)
 {
 	struct tree *tree;
 	struct pathspec paths = {
@@ -294,13 +312,13 @@ static void ls_tree(const struct object_id *oid, char *path, struct walk_tree_co
 	}
 
 	ls_head();
-	read_tree_recursive(tree, "", 0, 1, &paths, ls_item, walk_tree_ctx);
+	read_tree(the_repository, tree, &paths, ls_item, walk_tree_ctx);
 	ls_tail();
 }
 
 
 static int walk_tree(const struct object_id *oid, struct strbuf *base,
-		const char *pathname, unsigned mode, int stage, void *cbdata)
+		const char *pathname, unsigned mode, void *cbdata)
 {
 	struct walk_tree_context *walk_tree_ctx = cbdata;
 
@@ -325,7 +343,7 @@ static int walk_tree(const struct object_id *oid, struct strbuf *base,
 			return 0;
 		}
 	}
-	ls_item(oid, base, pathname, mode, stage, walk_tree_ctx);
+	ls_item(oid, base, pathname, mode, walk_tree_ctx);
 	return 0;
 }
 
@@ -359,7 +377,7 @@ void cgit_print_tree(const char *rev, char *path)
 			"Invalid revision name: %s", rev);
 		return;
 	}
-	commit = lookup_commit_reference(&oid);
+	commit = lookup_commit_reference(the_repository, &oid);
 	if (!commit || parse_commit(commit)) {
 		cgit_print_error_page(404, "Not found",
 			"Invalid commit reference: %s", rev);
@@ -369,11 +387,12 @@ void cgit_print_tree(const char *rev, char *path)
 	walk_tree_ctx.curr_rev = xstrdup(rev);
 
 	if (path == NULL) {
-		ls_tree(&commit->maybe_tree->object.oid, NULL, &walk_tree_ctx);
+		ls_tree(get_commit_tree_oid(commit), NULL, &walk_tree_ctx);
 		goto cleanup;
 	}
 
-	read_tree_recursive(commit->maybe_tree, "", 0, 0, &paths, walk_tree, &walk_tree_ctx);
+	read_tree(the_repository, repo_get_commit_tree(the_repository, commit),
+		  &paths, walk_tree, &walk_tree_ctx);
 	if (walk_tree_ctx.state == 1)
 		ls_tail();
 	else if (walk_tree_ctx.state == 2)