Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Commits on Oct 5, 2012
  1. v3.1

  2. (security) fix bug in pattern to detect path traversal

    while we're about it, add the same check to some of the internal
    routines, so that commands can also be protected.
    finally, just to make sure we don't lose it again in some other fashion,
    add a few tests for path traversal...
Commits on Oct 4, 2012
Commits on Sep 26, 2012
Commits on Sep 25, 2012
  1. dont auto-vivify empty entries in %repos...

    before this, trying to access a wild repo would create an empty hash in
    %repos.  This is pretty harmless, but at some later point, memberships()
    would try to use that in a pattern, attempting to match the real repo
    being access-checked.
    Which is still fine if your repo doesn't look like "libstdc++" AND
    you're using some recent perl.
    However, for perl 5.8.8, and if the repo has a ++ in it, perl barfs.
    Here's a test program to check your perl:
        if ( $base =~ /^$i$/ ) {
            print 1;
        } else {
            print 2;
    On 5.14.2 I get "2".  On 5.8.8 I get:
        Nested quantifiers in regex; marked by <-- HERE in m/^foo/u1/libstdc++ <-- HERE $/ at ./ line 6.
Commits on Sep 23, 2012
  1. help cgit folks out a bit :)

Commits on Sep 20, 2012
Commits on Sep 19, 2012
Commits on Aug 30, 2012
  1. 'help' command barfage fix

    should not barf if LOCAL_CODE is defined but it doesn't contain a
    "commands" subdirectory.
  2. minor changes to README

Commits on Aug 17, 2012
  1. minor bug in include file handing...

    gitolite does indeed try to not load itself twice, but I forgot that by
    that time the pwd is ~/.gitolite/conf not ~/.gitolite so it always ended
    up reading itself twice in case of a wildcard include.
Commits on Aug 10, 2012
  1. @olof

    Bailout tests unless envvar $GITOLITE_TEST is 'y'

    olof authored committed
    [committer made some changes to t/README]
Commits on Aug 3, 2012
  1. @justone
Commits on Jul 27, 2012
Commits on Jul 19, 2012
  1. @poke

    Add special %GL_CREATOR variable for git-config

    poke authored committed
    Add a special variable `%GL_CREATOR` to the the git-config trigger that
    is replaced by the name of the repository creator (if any).
    This can be useful to set up the default owner configuration for wild
        repo assignments/CREATOR/a[0-9][0-9]
            C   = @students
            RW+ = CREATOR
            config gitweb.owner = %GL_CREATOR
    committer added an if condition to the s/// line.
  2. 'rsync' command to create and send bundles (manual smoke test only)

    run 'ssh git@host rsync -h' for usage, as usual
Commits on Jul 17, 2012
Commits on Jul 12, 2012
  1. @dabrahams

    Fix a typo

    dabrahams authored committed
Commits on Jul 10, 2012
  1. (minor) new mailing list

Commits on Jul 3, 2012
  1. minor fixups

Commits on Jun 29, 2012
Commits on Jun 27, 2012
  1. v3.04

Commits on Jun 26, 2012
  1. doc split :(

      * I needed to have the documentation under CC-BY-NC-SA (something
        happened to force me to choose)
      * Distros don't like the NC part.  They'd rather drop the
        documentation entirely instead
      * I don't like that; it bothers me that even a clueful guy won't be
        able to do a basic install with what comes in the package.
      * Meanwhile, I have always had the occasional "TL;DR" complaint about
        my docs
    Taking all this into account, it seemed like the best way was:
      * Create a brand new README.txt that is crisp enough for someone to
        glance through and quickly get started.  At more then 300 lines, it
        covers enough ground that probably 60% of sites don't need more.
        Put this under the CC-BY-SA license, which is on the "good" list for
        Fedora (and also Debian, I am told).
      * Move the current documents to a new "gitolite-doc" repo that distros
        can simply ignore, but anyone who has trouble can go to.
        Make sure the online pages have the same content at the same URLs as
        they do now, getting it instead from this new repo.
        Link to the main URL in the new README.txt
Commits on Jun 25, 2012
  1. accumulated docfixes...

      - non-core documentation reduced to be easier to maintain
      - much reduced progit section submitted to scott chacon, necessitating
        some changes to this copy
      - other minor stuff
      - the "idiot-proof setup" :)
    (plus get rid of that silly ""; it's not needed any more, if it
    ever was!)
Commits on Jun 23, 2012
Commits on Jun 22, 2012
  1. @grossws

    Fixed url decoding in http gitolite command bypass.

    grossws authored committed
    Only '+' sign was unescaped in `http_simulate_ssh_connection()`.
    When user translates `ssh git@host perms <repo> + <role> <user>` to
    `curl https://host/git/perms?<repo>+%2b+<role>+<user>` nothing happens.
    This commit fixes it modifying url unescaping.
    committer notes: changed the regex per 'man URI::Escape'
Commits on Jun 21, 2012
  1. (duh!) report rc file syntax errors

    the "duh!" is because I should have done this long ago...
  2. repo-specific umask

    manually smoke tested but should be fine
Commits on Jun 20, 2012
  1. @froderystad
Commits on Jun 19, 2012
  1. (accumulated docfixes)

Something went wrong with that request. Please try again.