Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
200 events occurring around 2020-08-20 13:27.
2020-08-25
| ||
16:23 | Yet another improvement to the "Latest Release" section of the homepage. check-in: 5d32221c2a user: drh tags: trunk | |
16:14 | Further improvements to the "Latest Release" section of the homepage. check-in: f282632beb user: drh tags: trunk | |
16:10 | Update the homepage with links to the latest release and the commits that have gone into it. check-in: c508ed7a32 user: drh tags: trunk | |
14:34 | Improved titles for forum posts that show the original poster and the latest editor if they are different people. check-in: 9543ddbef2 user: drh tags: trunk | |
13:53 | Tiniest style tweak for consistency check-in: 7ea825864d user: andygoth tags: trunk | |
13:47 | Separately show original and edited user/date check-in: 39a550c8d5 user: andygoth tags: trunk | |
07:07 | Removed some hard tabs in CSS injected by copy/paste from the browser dev tools. check-in: 1bfa36867d user: stephan tags: trunk | |
07:00 | The fossil.XYZ.js-using pages now include all of those APIs when running in bundled JS mode, as that provides far lower aggregate over-the-wire and HTTP request counts. Added ? popup help buttons in wikiedit/fileedit to replace title-attribute hoverhelp (popup positioning can still be improved, though). check-in: 34f7fd72c6 user: stephan tags: trunk | |
06:38 | • Edit [f741baa6be994348|f741baa6be]: Edit check-in comment. artifact: 18a6bc6c61 user: drh | |
06:32 | Fix HTML formatting issues with a few built-in help pages. check-in: 11384f1874 user: drh tags: trunk | |
06:18 | Lots of tweaking to the "help buttonlet" popup position. Something to improve some rainy day. Closed-Leaf check-in: 3f08a9d200 user: stephan tags: misc-js-experiments | |
05:04 | Updated javascript.md page to track recent developments. check-in: 3a1d3cc2dc user: wyoung tags: trunk | |
00:01 | Improvements to handling of line endings and BOM marks when doing a 3-way merge. check-in: 88ff2642d3 user: drh tags: trunk | |
2020-08-24
| ||
23:24 | Merge miscellanous auxiliary defenses and security enhancements. This check-in is not needed to fix any problems that are not already fixed in version 2.12.1. It merely provides additional defense in depth. check-in: f741baa6be user: drh tags: trunk | |
22:57 | If both files being merged by 'fossil merge' contain a UTF-8 byte order mark (BOM), keep it in the produced merged file. Closed-Leaf check-in: 91182cd1f3 user: marciogabe tags: merge-crlf-bom | |
22:46 | Improved cross-page caching of wikiedit/fileedit bundle, reducing those pages to a single request of 10-13k once cache is warm. Fixed non-bundled JS distribution of fileedit and wikiedit. check-in: 20c50cd1e5 user: stephan tags: misc-js-experiments | |
22:45 | Adjust 'fossil merge' command to use CR/LF line endings for conflict markings if both files being merged already use such line ending type. check-in: 60ecf5d9ed user: marciogabe tags: merge-crlf-bom | |
22:20 | Moved C routines which emit fossil.XYZ JS APIs from style.c to builtin.c, and renamed appropriately. Added flag to output_text_with_line_numbers() to disable emit of JS (needed for fileedit preview, at a minimum). The experimental emitting of all fossil.XYZ APIs at once is now limited to bundled mode, as that's the only place it's potentially of be... check-in: c515e5fd9f user: stephan tags: misc-js-experiments | |
20:49 | Experimentally added '?' help buttons in wikiedit. Experimentally emit all fossil.XYZ APIs, rather than selected ones, to test whether that reduces overall transmission together with caching. DOM init-time timing workarounds to get confirmer buttons to pin their sizes properly. check-in: 9edbb7eab1 user: stephan tags: misc-js-experiments | |
20:24 | Changed how fossil.confirmer pinSize option computes element width to be more robust in the face of CSS 'auto' width values. check-in: 1f4143ba28 user: stephan tags: trunk | |
12:35 | For Hash or Wiki interwiki hyperlinks in Fossil Wiki without an alternative display, elide the initial interwiki tag from the display. check-in: 2d1a493d9c user: drh tags: trunk | |
04:44 | Applied fix from [5244a548] to /json/wiki/list. check-in: 5a568d8b1f user: stephan tags: trunk | |
04:33 | Reverted [37409e7dbe] in favor of [5244a548], which is cleaner, smaller, and works. check-in: a7d8c58d48 user: stephan tags: trunk | |
00:24 | Merge changes from trunk. Closed-Leaf check-in: 4a8bc878f0 user: drh tags: sec2020 | |
2020-08-23
| ||
22:11 | Provide backlinks from Forum posts. Run rebuild to insert Forum backlinks into the BACKLINK table after applying this patch. check-in: 2df0e5c428 user: drh tags: trunk | |
20:06 | Updates to the "fossil config" command documentation and the change log. check-in: 79b1cd4bf5 user: drh tags: trunk | |
18:21 | • Changes to wiki page "To Do List" artifact: a4e9891b1f user: drh | |
18:13 | • Edit [5244a5484a103065|5244a5484a]: Edit check-in comment. artifact: 8fe3e16080 user: drh | |
18:12 | For the wiki_render_page_list_json() function, only include pages on the list if they have one or more artifacts. This seems to clears the bug described by [forum:a9e345482e|"Wiki editor inop" forum post] check-in: 5244a5484a user: drh tags: trunk | |
17:47 | • Changes to wiki page "To Do List" artifact: 8697c74407 user: drh | |
17:39 | • Changes to wiki page "To Do List" artifact: 2aff9c83cf user: drh | |
17:31 | • Closed ticket [5a6e9ddeb7]: "fossil mv -hard" loses the execute bit plus 5 other changes artifact: 4ee5fb1610 user: drh | |
16:02 | Merge the interwiki enhancement from trunk. check-in: 26ac4b1ccf user: drh tags: sec2020 | |
15:55 | Add support for interwiki links. check-in: f4dc114a78 user: drh tags: trunk | |
15:52 | Add the /intermap page for adjusting the interwiki mapping using a Web interface. Closed-Leaf check-in: dab94dda30 user: drh tags: interwiki | |
14:25 | • Fixed ticket [5eac41b3aa]: Spurious "multiple open leaf check-ins" warning plus 5 other changes artifact: 5aab185d3d user: drh | |
14:04 | Add preliminary documentation for interwiki links. List the intermap on the /md_rules and /wiki_rules pages. check-in: 1a4158ea86 user: drh tags: interwiki | |
03:40 | • New ticket [19ac939843] IMG tag sizes are wonky because of aggressive CSS. artifact: ea2c20d392 user: stephan | |
01:47 | Fix syntax error in the previous commit. Dunno how I managed to check in a change that doesn't build.... check-in: fa105da061 user: drh tags: interwiki | |
01:43 | Move much interwiki code into a new source files "interwiki.c". Add the "fossil interwiki" command for managing the list of remote wikis. check-in: 0875073359 user: drh tags: interwiki | |
00:47 | Fix a bugs in the interwiki configuration transfer logic. check-in: c959dde140 user: drh tags: interwiki | |
00:29 | Typo fix in comment check-in: 684fb15a7a user: wyoung tags: interwiki | |
2020-08-22
| ||
23:21 | The "Code" on an inter-wiki link must be ascii alphanumeric. Sync the inter-wiki config table entries on clone. check-in: 550536789f user: drh tags: interwiki | |
20:23 | Rudimentary support for [wikipedia:interwiki_links|interwiki links]. check-in: 3ca23edc8f user: drh tags: interwiki | |
19:07 | Update the Fossil Wiki and Markdown cheat-sheets to include hyperlinks to one another. check-in: 0ae2dbd40a user: drh tags: trunk | |
16:26 | Typo fix. Removed 13th quote, as the link is now 404, per note in the forum. check-in: 659f6cd080 user: stephan tags: trunk | |
16:24 | Fix harmless compiler warnings. check-in: a872067f7e user: drh tags: trunk | |
16:10 | More robust handling of missing CGI parameters. See discussion at forum thread e2e75f8aec. check-in: d6f69343ca user: drh tags: trunk | |
15:35 | Merge the latest enhancements from trunk. check-in: 11c1566a93 user: drh tags: sec2020 | |
15:34 | Improvements to the forum thread display. Additional details on the forum thread. check-in: 5182a1bfbf user: drh tags: trunk | |
15:31 | Increment the cfgcnt when a forum items held for moderation is approved or disapproved, so that the timeline etag cache will expire. check-in: c80762fa81 user: drh tags: trunk | |
13:49 | URL fixes in www/quotes.wiki; where a new URL can't be found, removed the quote as unsupportable. check-in: 4c5445d9a5 user: wyoung tags: trunk | |
12:04 | Amend broken link to OpenBSD server doc from file name change: server/openbsd/httpd.md -> server/openbsd/fastcgi.md check-in: 0fd7302d95 user: jamsek tags: trunk | |
10:45 | Merge Andy Goth's enhancements to the forum. Closed-Leaf check-in: 50cdb741db user: drh tags: sec2020-forum-refactor | |
03:25 | Correct minor documentation typo (bytes -> bits) check-in: 96f1a9f50a user: andygoth tags: trunk | |
03:06 | Guard against an infinite loop in certain pathological edit patterns Closed-Leaf check-in: 71fe590e99 user: andygoth tags: andygoth-forum-refactor | |
02:53 | Link to the next edit rather than the final edit check-in: 91a3a600e6 user: andygoth tags: andygoth-forum-refactor | |
02:50 | When showing the source of an edited post, show that exact version rather than the newest version check-in: df916a9d01 user: andygoth tags: andygoth-forum-refactor | |
02:38 | Unify and regularize forum display code check-in: 6999639bbb user: andygoth tags: andygoth-forum-refactor | |
00:23 | Update the custom MinGW makefile. check-in: 6eb1f43485 user: mistachkin tags: trunk | |
2020-08-21
| ||
23:40 | Internally rename "entry" to "post" for more consistent terminology check-in: adefa86c5e user: andygoth tags: andygoth-forum-refactor | |
23:20 | Rework forum post serial IDs to include a revision number when edited. This fixes buggy sids displayed in thread https://fossil-scm.org/forum/forumpost/6737a387fe?t=c&threadtable. check-in: dd47b8c311 user: andygoth tags: andygoth-forum-refactor | |
22:58 | Extend translator to support two- and three-argument printf specifiers, e.g. "%.*s(len)(str)" or "%*.*d(width)(prec)(val)" check-in: df7b0c3186 user: andygoth tags: andygoth-forum-refactor | |
22:03 | Remove mfirt check-in: a8d90b1f4f user: andygoth tags: andygoth-forum-refactor | |
21:52 | Remove fprev check-in: d585c34707 user: andygoth tags: andygoth-forum-refactor | |
21:50 | Restore inadvertently deleted column check-in: c76023e39e user: andygoth tags: andygoth-forum-refactor | |
21:45 | Replace firt with pIrt check-in: ed56faad2a user: andygoth tags: andygoth-forum-refactor | |
21:17 | Remove nReply which is present only in debug outputs, correct column alignment in debug output check-in: b932e49c7f user: andygoth tags: andygoth-forum-refactor | |
20:34 | Remove indenting that was leaking into the HTML output check-in: bf98aa0069 user: andygoth tags: andygoth-forum-refactor | |
20:19 | Add new fields to threadtable debug output check-in: c4d6d75716 user: andygoth tags: andygoth-forum-refactor | |
19:42 | Actually use pEditHead check-in: 9e92401129 user: andygoth tags: andygoth-forum-refactor | |
19:41 | Add pEditHead field to avoid repeatedly walking back to find the original post check-in: 7114bdc827 user: andygoth tags: andygoth-forum-refactor | |
19:34 | Rename pEditLeaf to pEditTail check-in: 145a6ef281 user: andygoth tags: andygoth-forum-refactor | |
19:33 | Rename pLeaf to pEditLeaf to be consistent with the other edit fields check-in: 763d22b78a user: andygoth tags: andygoth-forum-refactor | |
18:32 | Additional checks to ensure that db_set() and db_set_int() do not modify a sensitive setting unless PROTECT_BASELINE is disabled. check-in: ccdb5a9bb8 user: drh tags: sec2020 | |
15:57 | Add pEditNext field to permit walking forward as well as backward through the edit chain check-in: a17f49557f user: andygoth tags: andygoth-forum-refactor | |
15:54 | Begin refactoring forum code to support orthogonal history and plaintext options. First step: rename pEdit to pEditPrev to make room for a pEditNext field. check-in: 636f659689 user: andygoth tags: andygoth-forum-refactor | |
15:08 | Add missing db_unprotect() calls to backoffice. check-in: c75dcc621b user: drh tags: sec2020 | |
15:05 | Improved documentation of the database write protection logic. Added undocumented SQL command db_protect() and db_protect_pop() to the "sql" command. Panic on a protection stack overflow. check-in: 75deba73b5 user: drh tags: sec2020 | |
14:40 | Add missing bold markup check-in: 273dd80e85 user: andygoth tags: trunk | |
13:04 | Add triggers to prevent changes to sensitive settings when PROTECT_SENSITIVE is engaged. check-in: c9b9a77d59 user: drh tags: sec2020 | |
11:26 | Remove incorrect leaf ambiguity warning when doing a "fossil commit --dry-run". check-in: 1b52c41415 user: drh tags: sec2020 | |
11:19 | Fix the locate_unmanaged_files() routine so that it always see (and ignores) symbolic links. check-in: 0938b56516 user: drh tags: sec2020 | |
10:29 | More improvements to the allow-symlinks help text. check-in: f7f31147de user: drh tags: sec2020 | |
10:23 | Improved on-line help for the allow-symlinks setting. check-in: d3090e91b8 user: drh tags: sec2020 | |
10:10 | Improve comments on symlink logic check-in: 39a5df1fde user: drh tags: sec2020 | |
01:09 | Add a missing db_unprotect() to the "fossil all" command. check-in: b9ae03f6ee user: drh tags: sec2020 | |
01:01 | Merge the latest changes from trunk into sec2020. check-in: 1d61aae314 user: drh tags: sec2020 | |
2020-08-20
| ||
23:45 | • Edit [53458bed91942f1e|53458bed91]: Edit check-in comment. artifact: c783ecc60f user: andygoth | |
23:45 | Change width per stephan's request Closed-Leaf check-in: 53458bed91 user: andygoth tags: andygoth-ardoise-tweaks | |
22:40 | Using parameters to namespace functions in fossil*.js instead of the global "fossil" object. Squishes a complaint by GCC and makes the code a smidge smaller besides. check-in: 0f03f78a8b user: wyoung tags: trunk | |
21:15 | Same as [31af8053] but in src/copybtn.js, upon which code fossil.copybutton.js was apparently based. This other file may be going away soon, but until then, it avoids a warning. check-in: c0cb0b9d33 user: wyoung tags: trunk | |
20:40 | Gave the line-number popup (and related popups) a z-level below that of the default skin's hamburger menu. check-in: bbef8ce398 user: stephan tags: trunk | |
20:25 | Added a "window." reference to a global variable in fossil.dom.js to make explicit where the variable is coming from. All the surrounding code does this, and the fix quiets a complaint from GCC. check-in: 31af805348 user: wyoung tags: trunk | |
20:05 | Allow /wikiedit's page-list-fetch operation to silently skip over mysteriously missing (shunned but not yet rebuilt?) wiki pages, to resolve an issue on the core fossil site where such a missing/invisible page named 'Security Desk Technician' is causing /wikiedit to fail to load. check-in: 37409e7dbe user: stephan tags: trunk | |
19:52 | Removed a pair of bogus "delete" calls in fossil.popupwidget.js, flagged by Google Closure Compiler. You can't delete the result of a function call, only object properties. check-in: 0d7d54e870 user: wyoung tags: trunk | |
19:51 | Minor change to auto.def requested by https://bugs.debian.org/961772 check-in: e6de5ec750 user: drh tags: trunk | |
18:08 | Show the artifact hash with a copy button on the header of /file pages. check-in: 00eb7a05b5 user: drh tags: trunk | |
16:25 | Merge recent changes from trunk. check-in: c93cb2bae9 user: drh tags: sec2020 | |
15:22 | Update the change log and the latest-release link on the homepage. check-in: 5983f5b913 user: drh tags: trunk | |
13:27 | Version 2.12.1 Leaf check-in: b98ce23d4f user: drh tags: release, branch-2.12, version-2.12.1 | |
13:24 | Version 2.11.2 Leaf check-in: c58877d6f2 user: drh tags: release, branch-2.11, version-2.11.2 | |
13:18 | Version 2.10.2 Leaf check-in: 12d2ad00de user: drh tags: release, branch-2.10, version-2.10.2 | |
13:08 | • Edit [1ffe4cde88a1e2c2|1ffe4cde88]: Edit check-in comment. artifact: 5cd49ac3a3 user: andygoth | |
13:08 | Rearrange code, tweak span colors check-in: 1ffe4cde88 user: andygoth tags: andygoth-ardoise-tweaks | |
13:01 | 2.12.1 release candidate with security fixes. check-in: 40feec3291 user: drh tags: branch-2.12 | |
12:51 | • Edit [535f4eb8f92553e8|535f4eb8f9]: Edit check-in comment. artifact: a432c9a12e user: andygoth | |
12:31 | Fix CSS priority issue check-in: ed04edd82b user: andygoth tags: andygoth-ardoise-tweaks | |
12:03 | • Closed ticket [c4677b052b]: Make "help" command smarter to reduce the need for "-a" option plus 3 other changes artifact: c5f8784567 user: drh | |
12:01 | • Closed ticket [c541b6e734]: Allow tech notes to have binary attachments, with CLI support plus 3 other changes artifact: 4190a96b37 user: drh | |
05:13 | Spelling and grammar fixes to javascript.md. check-in: 209f73cbc2 user: wyoung tags: trunk | |
04:18 | Many improvements to the "Use of JavaScript in Fossil" document, www/javascript.md, inspired by the recent Ajaxifications and forum commentary on the topic. check-in: 977ba78fdd user: wyoung tags: trunk | |
04:17 | Assorted minor improvements to the javascript.md doc. Closed-Leaf check-in: dc1bc21388 user: wyoung tags: js-policy-doc | |
02:14 | Minuscule tweaks to javascript.md check-in: 5648dcfc3d user: stephan tags: js-policy-doc | |
00:37 | Command fixes in the new material within javascript.md check-in: ba9480b02b user: wyoung tags: js-policy-doc | |
00:11 | Editing pass on javascript.md. check-in: 202a661612 user: wyoung tags: js-policy-doc | |
00:04 | Report the use of FOSSIL_LEGACY_ALLOW_SYMLINKS in the output "fossil version -v". Closed-Leaf check-in: 89d950efd0 user: drh tags: sec2020-2.12-patch | |
2020-08-19
| ||
23:52 | Moved "Blocking JavaScript" section of javascript.md down into the Q&A section. check-in: 85c7bdb285 user: wyoung tags: js-policy-doc | |
23:45 | Moved my rewrite of Stephan's "Compatibility Concerns" section of javascript.md down into the Q&A section. check-in: 026279496a user: wyoung tags: js-policy-doc | |
23:41 | Moved "Fossil Does Not Snoop On You" section of javascript.md down into a Q&A point. check-in: b76427bb20 user: wyoung tags: js-policy-doc | |
23:38 | Moved the "No Third-Party JavaScript in Fossil" section of javascript.md down into the Q&A "debate" section. Also reworked some of the following question's answer to the C vs JavaScript matter. check-in: 48ef633333 user: wyoung tags: js-policy-doc | |
23:30 | Moved the old "How Many Users Run with JavaScript Disabled Anyway?" section of javascript.md down into the "debate" section as one of the Q&A points. check-in: bc5cf56965 user: wyoung tags: js-policy-doc | |
23:19 | Merged the "Future Plans for JavaScript in Fossil" section of js-policy.md into javascript.md. This all but zeroes out the contents of the old doc, so I've removed it. Future changes go into javascript.md. check-in: 4ad0d9798e user: wyoung tags: js-policy-doc | |
23:07 | Hoist the "Compatiblity Concerns" section of js-policy.md into javascript.md. Another near-total rewrite, maintaining the original's points. check-in: 7eef486cf4 user: wyoung tags: js-policy-doc | |
22:57 | Merged Stephan's "in closing" statement after the argumentation section of js-policy.md into the "Philosophy & Policy" section of javascript.md. Another near-rewrite, while maintaining the overall points. check-in: 12acdcf3a5 user: wyoung tags: js-policy-doc | |
22:49 | Added "Arguments Against JavaScript & Our Rebuttals" section to javascript.md, based on the similar section in this branch's new js-policy.md doc. It's nearly a rewrite, but all of the points remain. check-in: 1e3ee576b7 user: wyoung tags: js-policy-doc | |
21:24 | Merged trunk changes in check-in: 32ef4cfa24 user: wyoung tags: js-policy-doc | |
21:19 | Added a section to javascript.md on the new /fileedit feature. check-in: 100b4868dd user: wyoung tags: trunk | |
21:08 | The allow-symlinks setting is disabled by default and is not versionable, unless Fossil is compiled with the FOSSIL_LEGACY_ALLOW_SYMLINKS flag, in which case it follows the historic behavior. check-in: cdc90f0c3b user: drh tags: sec2020-2.12-patch | |
21:05 | Updated the "Line Numbering" section of javascript.md to cover the new interactive line selection in Fossil 2.12. check-in: f84d7a0e42 user: wyoung tags: trunk | |
20:58 | Updated the "Wiki Editor" section of javascript.md to cover the new `/wikiedit` implementation. check-in: 31c40509d4 user: wyoung tags: trunk | |
16:13 | Silently ignore reserved filenames that occur inside of manifests, rather than throwing an error. No need for a setting to allow reserved filenames in manifests. check-in: 2e19c5fe2d user: drh tags: sec2020 | |
15:46 | Remove commands "test-nondir-path" and "test-is-reserved-name" and add the equivalent functionality to "test-file-environment". check-in: 0cec61e451 user: drh tags: sec2020 | |
15:26 | Remove the --symlinks option from the "fossil open" command. It is not needed. Users who want to enable symlinks can use the "fossil settings" command first. check-in: ff811934e0 user: drh tags: sec2020 | |
15:21 | Add the "fossil test-nondir-path" command for testing parts of the new symlink logic. check-in: 13cfef3383 user: drh tags: sec2020 | |
14:23 | Harmonize artifact count and average between /stat and /artifact_stats. See https://fossil-scm.org/forum/forumpost/37514b1f67. check-in: 38fa17e479 user: andygoth tags: trunk | |
13:51 | When diffing long sequences, the product of their lengths can overflow to a negative number, triggering optimalLCS() which is very expensive. Prevent this overflow. See https://fossil-scm.org/forum/forumpost/5f9365f9fe for discussion. check-in: e2b7dca948 user: andygoth tags: trunk | |
12:58 | Merge additional symlink fixes. Back out comment-only changes from url.c. check-in: 0ea17c2b11 user: drh tags: sec2020-2.12-patch | |
12:26 | Fix harmless compiler warnings. check-in: feef827504 user: drh tags: sec2020 | |
12:22 | Additional defenses against doing "fossil add" of files that are beneath symlinks. check-in: 928b023cb7 user: drh tags: sec2020 | |
12:08 | Improved detection of attempts to write through a symlink. Now also works for "revert", "stash", and "undo/redo". check-in: f63297b2c5 user: drh tags: sec2020 | |
09:57 | Increase the version number to 2.12.1. check-in: 32646b2738 user: drh tags: branch-2.12 | |
08:40 | It turns out we already have javascript.md, with similar aims, so now it's a matter of integrating this doc into that one. check-in: 2e131efc87 user: stephan tags: js-policy-doc | |
08:11 | Fixed a poorly-placed wordwrap which looked like a new list entry to markup. check-in: 571bf459be user: stephan tags: js-policy-doc | |
08:00 | Initial draft of a project policy doc explaining and justifying its use of JavaScript. check-in: 93e4561b0d user: stephan tags: js-policy-doc | |
03:11 | • New ticket [5a6e9ddeb7] "fossil mv -hard" loses the execute bit. artifact: 3ae5fb2d4b user: andygoth | |
03:08 | • Fixed ticket [95ce0e5302]: Blank cells in markdown tables are ignored plus 2 other changes artifact: 121f7f6ae9 user: andygoth | |
03:07 | • New ticket [5eac41b3aa] Spurious "multiple open leaf check-ins" warning. artifact: 43f71792af user: andygoth | |
03:05 | • Ticket [95ce0e5302] Blank cells in markdown tables are ignored status still Open with 5 other changes artifact: 3e16c13168 user: andygoth | |
01:33 | Restore blank cell capability, fixes [95ce0e53] check-in: dc94ebc2cd user: andygoth tags: trunk | |
01:27 | • Ticket [95ce0e5302] Blank cells in markdown tables are ignored status still Open with 6 other changes artifact: aebae5e0a9 user: andygoth ... 1 similar event omitted. | |
01:07 | Cherrypick key fixes from the sec2020 branch in order to devise a minimal patch to get us to version 2.12.1. check-in: fe1264d35d user: drh tags: sec2020-2.12-patch | |
00:56 | Make a few tweaks to the Ardoise skin. See https://fossil-scm.org/forum/forumpost/a4bcfec897 for branch discussion. check-in: 535f4eb8f9 user: andygoth tags: andygoth-ardoise-tweaks | |
00:25 | • Edit [af383a7b3d237ed3|af383a7b3d]: Move to branch branch-2.12. artifact: cc585b1acc user: drh | |
00:19 | • Fixed ticket [56b82836ff]: RCE by exploting unchecked content of the ticket-table setting plus 5 other changes artifact: 45fcaaa15b user: drh | |
00:18 | • Fixed ticket [f9831fdef1]: Arbitrary file overwrite using symlinks plus 4 other changes artifact: d80591cb72 user: drh | |
00:15 | Do not allow the "fossil add" command to add files beneath a symlink. check-in: a6abfb911b user: drh tags: sec2020 | |
2020-08-18
| ||
23:39 | An alternative method for dealing with historical files named "_FOSSIL_" in the tree: Simply pretend they are not there. Closed-Leaf check-in: 8f24c07917 user: drh tags: ignore-reserved-filenames | |
22:53 | Line numbering forum feedback: removed toast message, replaced vague 'lines X-Y' label with 'Copy link to lines X-Y', removed udc=xxx from the generated URL. check-in: 7c98df4158 user: stephan tags: trunk | |
21:03 | Cherrypick [d2d8894bb2]: fossil.storage.clear() is now also sandboxed - no longer nuking all state for all repos on the same origin. check-in: d0988e677c user: stephan tags: branch-2.12 | |
21:01 | fossil.storage.clear() is now also sandboxed - no longer nuking all state for all repos on the same origin. check-in: d2d8894bb2 user: stephan tags: trunk | |
20:58 | Silently refuse to "fossil add" files that use reserved names. check-in: 888da94e0a user: drh tags: sec2020 | |
20:51 | Merged in [923affb930a27b], which reinstates localStorage but sandboxes access to fossil.storage on a per-repo basis. check-in: 21fbd4738c user: stephan tags: branch-2.12 | |
20:46 | Re-enabled localStorage for fossil.storage but enhanced it to sandbox the keys used by the apps on a per-repo basis, so there is no longer any (immediately visible) cross-repo polution. The underlying localStorage/sessionStorage is still shared per origin/browser profile instance, but fossil.storage clients will only see the state from their own re... check-in: 923affb930 user: stephan tags: trunk | |
20:19 | Improved error message and response when trying to manifest a check-out that contains a file beneath a symbolic link directory. check-in: 20d90dd482 user: drh tags: sec2020 | |
19:56 | Add a security audit warning if the strict-manifest-syntax flag is switched off. check-in: 3105bedff2 user: drh tags: sec2020 | |
19:49 | • Edit [1e34705ed8a38f68|1e34705ed8]: Mark "Closed". artifact: ee8105d153 user: drh | |
19:49 | Rework the "permissive-manifest-parser" idea to be simpler and to call it "strict-manifest-syntax". check-in: 4df8c856ee user: drh tags: sec2020 | |
19:48 | • Edit [9e59cf18fccd0ea0|9e59cf18fc]: Move to branch sec2020-deadend. artifact: a45df9453a user: drh | |
19:10 | Updated changelog and index for 2.12.1, with a tentative release date of Aug. 19th (that's tomorrow in 3 hours, CET). check-in: c8e8ab9ccc user: stephan tags: branch-2.12 | |
18:44 | Backported in [5b9a4c90594d8ea6], as explained in detail at https://fossil-scm.org/forum/forumpost/0f56c9edd9. check-in: af383a7b3d user: stephan tags: branch-2.12 | |
18:19 | Disabled localStorage as a backend option for the fossil.storage JS API after it was painfully discovered that multiple repos on the same hoster actually share that storage, as opposed to it being achored at the repo. That API now uses sessionStorage, if available, before falling back to transient instance-local storage. check-in: 5b9a4c9059 user: stephan tags: trunk | |
17:25 | permissive-manifest-parser setting is now marked as sensitive to keep an attacker from turning it on. Closed-Leaf check-in: 1e34705ed8 user: stephan tags: sec2020-deadend | |
16:07 | Added and applied permissive-manifest-parser setting to permit parsing of manifests which have F-cards containing now-illegal names. Required for rebuild of historical data and support of repositories we now know to contain such files. check-in: 9e59cf18fc user: stephan tags: sec2020-deadend | |
14:03 | • Edit [ae9a9db55314ac79|ae9a9db553]: Edit check-in comment. artifact: 228161728e user: drh | |
14:02 | Merge in the latest trunk changes. check-in: 917917aa55 user: drh tags: sec2020 | |
14:00 | Allow <del> and <ins> markup in wiki and in markdown. check-in: ae9a9db553 user: drh tags: trunk | |
13:54 | Make -f an alias for --force on "fossil open". check-in: 17c244de21 user: drh tags: trunk | |
13:17 | More missing db_unprotect() calls. check-in: 06d3789a2a user: drh tags: sec2020 | |
12:17 | When writing files to disk for a check-out, refuse to write through a symbolic link to a directory. Ticket [f9831fdef1d4edcc]. check-in: a64e384f0c user: drh tags: sec2020 | |
08:43 | • Changes to wiki page "To Do List" artifact: 8cc29050a9 user: drh | |
02:58 | More missing calls to db_unprotect(). check-in: 3ced48bdf8 user: drh tags: sec2020 | |
02:33 | Yet another missed db_unprotect() call. check-in: 2041072e8d user: drh tags: sec2020 | |
02:26 | Fix missing enable of global_config in the "fossil all" command. check-in: 16ec693dae user: drh tags: sec2020 | |
01:54 | Disable writes the CONFIG and USER tables by default. Permission to write to those tables is turned on as needed. Note - might have missed a few places so expect bugs. check-in: ca9156aa0a user: drh tags: sec2020 | |
2020-08-17
| ||
22:34 | Add more tests. check-in: 92704d1c68 user: mistachkin tags: sec2020 | |
22:27 | Simplify error message. check-in: 1bb0b3a8f3 user: mistachkin tags: sec2020 | |
22:22 | Fixes for reserved names case sensitivity, coding style adjustments, more tests. check-in: fde20bc03c user: mistachkin tags: sec2020 | |
21:19 | Reduced the line-number-mode font size back to normal. check-in: a703b4ce25 user: stephan tags: trunk | |
21:17 | A couple minor skin doc typos. check-in: 9e871e0de0 user: stephan tags: trunk | |
20:51 | Add tests for the reserved names. check-in: df720b28fc user: mistachkin tags: sec2020 | |
20:03 | Identify security-sensitive settings. check-in: 3bccd7fff2 user: drh tags: sec2020 | |
19:59 | Every database connection now has a default authorizer, which calls out to an operation-specific authorizer if needed. check-in: f98ef3c103 user: drh tags: sec2020 | |
19:46 | • Closed ticket [980a72dedd]: RCE using a fake _FOSSIL_ file in a repository plus 4 other changes artifact: ef08ac1ee6 user: stephan | |
19:03 | • Ticket [f9831fdef1] Arbitrary file overwrite using symlinks status still Open with 5 other changes artifact: efa1c51ead user: drh | |
18:57 | Enhance the db_prepare() and db_static_prepare() utility routines so that they throw an error if handed more than one SQL statement. This might help prevent SQL injection attacks. check-in: be0d95aded user: drh tags: sec2020 | |
18:20 | Merge in reject-ckout-db branch. check-in: 8c16884aa2 user: stephan tags: sec2020 | |
17:53 | • Fixed ticket [17d00c20dd]: Missing UUID in manifest can crash manifest_parse() plus 4 other changes artifact: a50b86cd6b user: stephan | |
17:50 | Fixed [17d00c20dd9f] by adding NULL check on F- and E-card UUID tokens. Closed-Leaf check-in: 458f30fc0b user: stephan tags: reject-ckout-db | |