Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
25 check-ins occurring on or before ae8709e2.
|
2017-08-29
| ||
| 07:58 | (cherry-pick): SQLite version 3.20.1 (cherry-pick): Remove an unused global variable from the path_shortest() logic ... (check-in: ae8709e2fc user: jan.nijtmans tags: branch-2.3) | |
| 07:50 | SQLite version 3.20.1 ... (check-in: ffc252a663 user: jan.nijtmans tags: trunk) | |
|
2017-08-28
| ||
| 14:04 | Update dirent to version 1.23. See [https://github.com/tronkko/dirent/releases] ... (check-in: ade4a657dc user: jan.nijtmans tags: trunk) | |
|
2017-08-24
| ||
| 19:30 | Remove an unused global variable from the path_shortest() logic. ... (check-in: 084690e772 user: drh tags: trunk) | |
| 14:20 | Typo fixes thanks to rosscanning, ref [http://www.mail-archive.com/fossil-users@lists.fossil-scm.org/msg25775.html] ... (check-in: f98852a0df user: andygoth tags: trunk) | |
|
2017-08-23
| ||
| 18:53 | (cherry-pick): Remove a redundant directory separator character from the temporary filenames generated on windows. (cherry-pick): Change the file_mkfolder() implementation to assume that the folder already exists and only go about creating it and its path if it does not previously exit. ... (check-in: adacbfbcfb user: jan.nijtmans tags: branch-2.3) | |
| 17:53 | Change the file_mkfolder() implementation to assume that the folder already exists and only go about creating it and its path if it does not previously exit. ... (check-in: 92ea61837e user: drh tags: trunk) | |
| 17:38 | Remove a redundant directory separator character from the temporary filenames generated on windows. ... (check-in: b5f0d70362 user: drh tags: trunk) | |
| 17:29 | Add the test-tempname command for testing the file_tempname() routine. ... (check-in: f1d23f04c0 user: drh tags: trunk) | |
| 17:28 | Fix build (previous cherry-pick was not complete) (cherry-pick): For temporary filename paths on Windows, changes all backslash characters into forward slashes, so that the new enhanced-security shell escape mechanism from check-in [3b191c98] can use those temporary filenames. ... (check-in: dbda6e2a5d user: jan.nijtmans tags: branch-2.3) | |
| 17:18 | For temporary filename paths on Windows, changes all backslash characters into forward slashes, so that the new enhanced-security shell escape mechanism from check-in [3b191c98] can use those temporary filenames. ... (check-in: e474c177df user: drh tags: trunk) | |
| 11:05 | Add the --details option to the test-find-pivot command. ... (check-in: 9e48dad49b user: drh tags: trunk) | |
|
2017-08-22
| ||
| 09:46 | (cherry-pick): Use SQLite 3.20.0 final ... (check-in: 7eebec15bd user: jan.nijtmans tags: branch-2.3) | |
| 09:44 | (cherry-pick): Fix the SSH sync protocol to avoid "ssh" command-line option injection attacks such as those fixed in Git 2.14.1, Mercurial 4.2.3, and Subversion 1.9.7. As "ssh://" URLs cannot be buried out of sight in Fossil, the vulnerability does not appear to be as severe as in those other systems. (cherry-pick): Enhance the ssh:// URL to be cautious about the fossil= query parameter. Only commands "fossil" and "echo" (with an optional path) are accepted. ... (check-in: 1f18d23d76 user: jan.nijtmans tags: branch-2.3) | |
|
2017-08-21
| ||
| 12:18 | Use SQLite 3.20.0 final (source_id change only) ... (check-in: 810dd031ec user: jan.nijtmans tags: trunk) | |
|
2017-08-12
| ||
| 18:47 | Enhance the ssh:// URL to be cautious about the fossil= query parameter. Only commands "fossil" and "echo" (with an optional path) are accepted. ... (check-in: cb43937d8c user: drh tags: trunk) | |
| 18:34 | Also disallow wildcard characters in blob_append_escape_arg(). ... (check-in: d5b015946d user: drh tags: trunk) | |
| 18:30 | Disallow the ';' character in blob_append_escape_arg(). ... (check-in: 3bbac57534 user: drh tags: trunk) | |
| 18:24 | Fix another problem with the needEscape computation in blob_append_escaped_arg() ... (check-in: 9eea719af6 user: drh tags: trunk) | |
| 18:22 | The windows test macro is "_WIN32" without a trailing "_". ... (check-in: 49ae1785a6 user: drh tags: trunk) | |
| 18:20 | Fix the needEscape calculation in blob_append_escaped_arg(). ... (check-in: 9690d370e0 user: drh tags: trunk) | |
| 18:15 | Change the shell_escape() procedure into blob_append_escaped_arg(). Have that procedure raise a fatal error if the argument to be appended contains dodgy characters that might pose a security risk. Also, prepend "./" in front of arguments that begin with "-" to prevent them from looking like switches. ... (check-in: 3b191c984b user: drh tags: trunk) | |
| 16:20 | Avoid another attack vector when using SSH sync protocol by not calling a shell interpreter. Fixes only Unix-like environments by using execvp() instead of a string that can be mishandled by /bin/sh. Superseded by [3b191c984b] &co. ... (Closed-Leaf check-in: ce7baa9798 user: andybradford tags: ssh-shell-cleanup) | |
| 04:19 | Typo correction ... (check-in: 45a3d4b167 user: andygoth tags: trunk) | |
|
2017-08-11
| ||
| 16:00 | Increase the version number to 2.4 and update the change log. ... (check-in: 3ebbe7bcaa user: drh tags: trunk) | |