Fossil: Artifact Description [43bf993a93]

Artifact 43bf993a931c1a6cafb051566e06c841173ec350dedc0cb6887e112bc05a147c:

File src/http_transport.c
- 2017-08-12 18:47:08 — part of check-in [cb43937d8c] on branch trunk — Enhance the ssh:// URL to be cautious about the fossil= query parameter. Only commands "fossil" and "echo" (with an optional path) are accepted. (user: drh size: 13192)
- 2017-08-22 09:44:24 — part of check-in [1f18d23d76] on branch branch-2.3 — (cherry-pick): Fix the SSH sync protocol to avoid "ssh" command-line option injection attacks such as those fixed in Git 2.14.1, Mercurial 4.2.3, and Subversion 1.9.7. As "ssh://" URLs cannot be buried out of sight in Fossil, the vulnerability does not appear to be as severe as in those other systems. (cherry-pick): Enhance the ssh:// URL to be cautious about the fossil= query parameter. Only commands "fossil" and "echo" (with an optional path) are accepted. (user: jan.nijtmans size: 13192)
- 2017-08-22 09:44:24 — part of check-in [1f18d23d76] on branch branch-2.3 — (cherry-pick): Fix the SSH sync protocol to avoid "ssh" command-line option injection attacks such as those fixed in Git 2.14.1, Mercurial 4.2.3, and Subversion 1.9.7. As "ssh://" URLs cannot be buried out of sight in Fossil, the vulnerability does not appear to be as severe as in those other systems. (cherry-pick): Enhance the ssh:// URL to be cautious about the fossil= query parameter. Only commands "fossil" and "echo" (with an optional path) are accepted. (user: jan.nijtmans size: 13192)
- 2017-08-30 13:02:00 — part of check-in [d4f98e25c1] on branch cleanX — Merge trunk (user: jan.nijtmans size: 13192)
- 2017-08-30 13:07:00 — part of check-in [9297610047] on branch cleanX-no-clean-glob — Merge cleanX (user: jan.nijtmans size: 13192)
- 2017-08-31 02:00:00 — part of check-in [d15c1ba0f9] on branch multi-thread — Merge trunk (user: jan.nijtmans size: 13192)
- 2017-10-04 10:59:14 — part of check-in [4a298e69ec] on branch commonmark-markdown — Add support for markdown page titles (user: mjanssen size: 13192)
- 2017-11-10 10:55:48 — part of check-in [9d3560b885] on branch openssl-1.1 — merge trunk. Upgrade to openssl 1.1.0g (user: jan.nijtmans size: 13192)