Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
50 check-ins occurring around 2020-08-19 12:08:45.
|
2020-08-20
| ||
| 00:04 | Report the use of FOSSIL_LEGACY_ALLOW_SYMLINKS in the output "fossil version -v". Closed-Leaf check-in: 89d950efd0 user: drh tags: sec2020-2.12-patch | |
|
2020-08-19
| ||
| 23:52 | Moved "Blocking JavaScript" section of javascript.md down into the Q&A section. check-in: 85c7bdb285 user: wyoung tags: js-policy-doc | |
| 23:45 | Moved my rewrite of Stephan's "Compatibility Concerns" section of javascript.md down into the Q&A section. check-in: 026279496a user: wyoung tags: js-policy-doc | |
| 23:41 | Moved "Fossil Does Not Snoop On You" section of javascript.md down into a Q&A point. check-in: b76427bb20 user: wyoung tags: js-policy-doc | |
| 23:38 | Moved the "No Third-Party JavaScript in Fossil" section of javascript.md down into the Q&A "debate" section. Also reworked some of the following question's answer to the C vs JavaScript matter. check-in: 48ef633333 user: wyoung tags: js-policy-doc | |
| 23:30 | Moved the old "How Many Users Run with JavaScript Disabled Anyway?" section of javascript.md down into the "debate" section as one of the Q&A points. check-in: bc5cf56965 user: wyoung tags: js-policy-doc | |
| 23:19 | Merged the "Future Plans for JavaScript in Fossil" section of js-policy.md into javascript.md. This all but zeroes out the contents of the old doc, so I've removed it. Future changes go into javascript.md. check-in: 4ad0d9798e user: wyoung tags: js-policy-doc | |
| 23:07 | Hoist the "Compatiblity Concerns" section of js-policy.md into javascript.md. Another near-total rewrite, maintaining the original's points. check-in: 7eef486cf4 user: wyoung tags: js-policy-doc | |
| 22:57 | Merged Stephan's "in closing" statement after the argumentation section of js-policy.md into the "Philosophy & Policy" section of javascript.md. Another near-rewrite, while maintaining the overall points. check-in: 12acdcf3a5 user: wyoung tags: js-policy-doc | |
| 22:49 | Added "Arguments Against JavaScript & Our Rebuttals" section to javascript.md, based on the similar section in this branch's new js-policy.md doc. It's nearly a rewrite, but all of the points remain. check-in: 1e3ee576b7 user: wyoung tags: js-policy-doc | |
| 21:24 | Merged trunk changes in check-in: 32ef4cfa24 user: wyoung tags: js-policy-doc | |
| 21:19 | Added a section to javascript.md on the new /fileedit feature. check-in: 100b4868dd user: wyoung tags: trunk | |
| 21:08 | The allow-symlinks setting is disabled by default and is not versionable, unless Fossil is compiled with the FOSSIL_LEGACY_ALLOW_SYMLINKS flag, in which case it follows the historic behavior. check-in: cdc90f0c3b user: drh tags: sec2020-2.12-patch | |
| 21:05 | Updated the "Line Numbering" section of javascript.md to cover the new interactive line selection in Fossil 2.12. check-in: f84d7a0e42 user: wyoung tags: trunk | |
| 20:58 | Updated the "Wiki Editor" section of javascript.md to cover the new `/wikiedit` implementation. check-in: 31c40509d4 user: wyoung tags: trunk | |
| 16:13 | Silently ignore reserved filenames that occur inside of manifests, rather than throwing an error. No need for a setting to allow reserved filenames in manifests. check-in: 2e19c5fe2d user: drh tags: sec2020 | |
| 15:46 | Remove commands "test-nondir-path" and "test-is-reserved-name" and add the equivalent functionality to "test-file-environment". check-in: 0cec61e451 user: drh tags: sec2020 | |
| 15:26 | Remove the --symlinks option from the "fossil open" command. It is not needed. Users who want to enable symlinks can use the "fossil settings" command first. check-in: ff811934e0 user: drh tags: sec2020 | |
| 15:21 | Add the "fossil test-nondir-path" command for testing parts of the new symlink logic. check-in: 13cfef3383 user: drh tags: sec2020 | |
| 14:23 | Harmonize artifact count and average between /stat and /artifact_stats. See [https://fossil-scm.org/forum/forumpost/37514b1f67]. check-in: 38fa17e479 user: andygoth tags: trunk | |
| 13:51 | When diffing long sequences, the product of their lengths can overflow to a negative number, triggering optimalLCS() which is very expensive. Prevent this overflow. See [https://fossil-scm.org/forum/forumpost/5f9365f9fe] for discussion. check-in: e2b7dca948 user: andygoth tags: trunk | |
| 12:58 | Merge additional symlink fixes. Back out comment-only changes from url.c. check-in: 0ea17c2b11 user: drh tags: sec2020-2.12-patch | |
| 12:26 | Fix harmless compiler warnings. check-in: feef827504 user: drh tags: sec2020 | |
| 12:22 | Additional defenses against doing "fossil add" of files that are beneath symlinks. check-in: 928b023cb7 user: drh tags: sec2020 | |
| 12:08 | Improved detection of attempts to write through a symlink. Now also works for "revert", "stash", and "undo/redo". check-in: f63297b2c5 user: drh tags: sec2020 | |
| 09:57 | Increase the version number to 2.12.1. check-in: 32646b2738 user: drh tags: branch-2.12 | |
| 08:40 | It turns out we already have javascript.md, with similar aims, so now it's a matter of integrating this doc into that one. check-in: 2e131efc87 user: stephan tags: js-policy-doc | |
| 08:11 | Fixed a poorly-placed wordwrap which looked like a new list entry to markup. check-in: 571bf459be user: stephan tags: js-policy-doc | |
| 08:00 | Initial draft of a project policy doc explaining and justifying its use of JavaScript. check-in: 93e4561b0d user: stephan tags: js-policy-doc | |
| 01:33 | Restore blank cell capability, fixes [95ce0e53] check-in: dc94ebc2cd user: andygoth tags: trunk | |
| 01:07 | Cherrypick key fixes from the sec2020 branch in order to devise a minimal patch to get us to version 2.12.1. check-in: fe1264d35d user: drh tags: sec2020-2.12-patch | |
| 00:56 | Make a few tweaks to the Ardoise skin. See [https://fossil-scm.org/forum/forumpost/a4bcfec897] for branch discussion. check-in: 535f4eb8f9 user: andygoth tags: andygoth-ardoise-tweaks | |
| 00:15 | Do not allow the "fossil add" command to add files beneath a symlink. check-in: a6abfb911b user: drh tags: sec2020 | |
|
2020-08-18
| ||
| 23:39 | An alternative method for dealing with historical files named "_FOSSIL_" in the tree: Simply pretend they are not there. Closed-Leaf check-in: 8f24c07917 user: drh tags: ignore-reserved-filenames | |
| 22:53 | Line numbering forum feedback: removed toast message, replaced vague 'lines X-Y' label with 'Copy link to lines X-Y', removed udc=xxx from the generated URL. check-in: 7c98df4158 user: stephan tags: trunk | |
| 21:03 | Cherrypick [d2d8894bb2]: fossil.storage.clear() is now also sandboxed - no longer nuking all state for all repos on the same origin. check-in: d0988e677c user: stephan tags: branch-2.12 | |
| 21:01 | fossil.storage.clear() is now also sandboxed - no longer nuking all state for all repos on the same origin. check-in: d2d8894bb2 user: stephan tags: trunk | |
| 20:58 | Silently refuse to "fossil add" files that use reserved names. check-in: 888da94e0a user: drh tags: sec2020 | |
| 20:51 | Merged in [923affb930a27b], which reinstates localStorage but sandboxes access to fossil.storage on a per-repo basis. check-in: 21fbd4738c user: stephan tags: branch-2.12 | |
| 20:46 | Re-enabled localStorage for fossil.storage but enhanced it to sandbox the keys used by the apps on a per-repo basis, so there is no longer any (immediately visible) cross-repo polution. The underlying localStorage/sessionStorage is still shared per origin/browser profile instance, but fossil.storage clients will only see the state from their own repo. check-in: 923affb930 user: stephan tags: trunk | |
| 20:19 | Improved error message and response when trying to manifest a check-out that contains a file beneath a symbolic link directory. check-in: 20d90dd482 user: drh tags: sec2020 | |
| 19:56 | Add a security audit warning if the strict-manifest-syntax flag is switched off. check-in: 3105bedff2 user: drh tags: sec2020 | |
| 19:49 | Rework the "permissive-manifest-parser" idea to be simpler and to call it "strict-manifest-syntax". check-in: 4df8c856ee user: drh tags: sec2020 | |
| 19:10 | Updated changelog and index for 2.12.1, with a tentative release date of Aug. 19th (that's tomorrow in 3 hours, CET). check-in: c8e8ab9ccc user: stephan tags: branch-2.12 | |
| 18:44 | Backported in [5b9a4c90594d8ea6], as explained in detail at [https://fossil-scm.org/forum/forumpost/0f56c9edd9]. check-in: af383a7b3d user: stephan tags: branch-2.12 | |
| 18:19 | Disabled localStorage as a backend option for the fossil.storage JS API after it was painfully discovered that multiple repos on the same hoster actually share that storage, as opposed to it being achored at the repo. That API now uses sessionStorage, if available, before falling back to transient instance-local storage. check-in: 5b9a4c9059 user: stephan tags: trunk | |
| 17:25 | permissive-manifest-parser setting is now marked as sensitive to keep an attacker from turning it on. Closed-Leaf check-in: 1e34705ed8 user: stephan tags: sec2020-deadend | |
| 16:07 | Added and applied permissive-manifest-parser setting to permit parsing of manifests which have F-cards containing now-illegal names. Required for rebuild of historical data and support of repositories we now know to contain such files. check-in: 9e59cf18fc user: stephan tags: sec2020-deadend | |
| 14:02 | Merge in the latest trunk changes. check-in: 917917aa55 user: drh tags: sec2020 | |
| 14:00 | Allow <del> and <ins> markup in wiki and in markdown. check-in: ae9a9db553 user: drh tags: trunk | |