Fossil

Timeline
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

50 most recent timeline items

2017-08-22
09:46
[7eebec15] Leaf: (cherry-pick): Use SQLite 3.20.0 final (user: jan.nijtmans, tags: branch-2.3)
09:44
[1f18d23d] (cherry-pick): Fix the SSH sync protocol to avoid "ssh" command-line option injection attacks such as those fixed in Git 2.14.1, Mercurial 4.2.3, and Subversion 1.9.7. As "ssh://" URLs cannot be buried out of sight in Fossil, the vulnerability does not appear to be as severe as in those other systems. (cherry-pick): Enhance the ssh:// URL to be cautious about the fossil= query parameter. Only commands "fossil" and "echo" (with an optional path) are accepted. (user: jan.nijtmans, tags: branch-2.3)
2017-08-21
12:18
[810dd031] Leaf: Use SQLite 3.20.0 final (source_id change only) (user: jan.nijtmans, tags: trunk)
2017-08-12
18:47
[cb43937d] Enhance the ssh:// URL to be cautious about the fossil= query parameter. Only commands "fossil" and "echo" (with an optional path) are accepted. (user: drh, tags: trunk)
18:34
[d5b01594] Also disallow wildcard characters in blob_append_escape_arg(). (user: drh, tags: trunk)
18:30
[3bbac575] Disallow the ';' character in blob_append_escape_arg(). (user: drh, tags: trunk)
18:24
[9eea719a] Fix another problem with the needEscape computation in blob_append_escaped_arg() (user: drh, tags: trunk)
18:22
[49ae1785] The windows test macro is "_WIN32" without a trailing "_". (user: drh, tags: trunk)
18:20
[9690d370] Fix the needEscape calculation in blob_append_escaped_arg(). (user: drh, tags: trunk)
18:15
[3b191c98] Change the shell_escape() procedure into blob_append_escaped_arg(). Have that procedure raise a fatal error if the argument to be appended contains dodgy characters that might pose a security risk. Also, prepend "./" in front of arguments that begin with "-" to prevent them from looking like switches. (user: drh, tags: trunk)
16:20
[ce7baa97] Leaf: Avoid another attack vector when using SSH sync protocol by not calling a shell interpreter. Fixes only Unix-like environments by using execvp() instead of a string that can be mishandled by /bin/sh. (user: andybradford, tags: ssh-shell-cleanup)
04:19
[45a3d4b1] Typo correction (user: andygoth, tags: trunk)
2017-08-11
16:00
[3ebbe7bc] Increase the version number to 2.4 and update the change log. (user: drh, tags: trunk)
15:44 • Edit [1f63db591c77108c|1f63db59]: Edit check-in comment. (user: drh)
15:29
[1f63db59] Fix the SSH sync protocol to avoid "ssh" command-line option injection attacks such as those fixed in Git 2.14.1, Mercurial 4.2.3, and Subversion 1.9.7. As "ssh://" URLs cannot be buried out of sight in Fossil, the vulnerability does not appear to be as severe as in those other systems. (user: drh, tags: trunk)
2017-08-07
20:22
[b130b64c] Hyperlinks to the SSL versions of the website. Redirect to the local unversioned source for the "precompiled binaries" link on the homepage. (user: drh, tags: trunk)
2017-08-06
23:48 • Edit [1e491f6cc5b2c32b|1e491f6c]: Edit check-in comment. (user: andygoth)
23:48
[1e491f6c] Restore end-of-line spaces used to demonstrate mid-paragraph line break in markdown.md. The spaces were removed by [23895c7b99] which appeared to clean house on end-of-line whitespace in addition to its documented purpose. (user: andygoth, tags: trunk)
23:32
[6f69ccdc] Document Markdown tables (never knew this feature existed), and improve consistency of formatting (user: andygoth, tags: trunk)
2017-08-05
04:17
[da23bec7] Enable processing of versioned manifest setting when creating zips and tarballs outside of an open checkout directory (user: andygoth, tags: trunk)
03:45
[b9de6042] Simplify manifest generation logic in zip page (user: andygoth, tags: trunk)
03:23
[95edba65] Correct the /doc page to support read-only repositories (user: andygoth, tags: trunk)
2017-07-31
17:42
[2a615bed] Update the built-in SQLite to the 4th release candidate for 3.20.0. (user: drh, tags: trunk)
2017-07-28
19:41
[dad37062] (cherry-pick): Fix a problem with markdown rendering for "code". (user: jan.nijtmans, tags: branch-2.3)
18:41
[04de083e] Fix a problem with markdown rendering for "code". (user: drh, tags: trunk)
00:49
[8ffba76b] Update the built-in SQLite to the 3rd 3.20.0 release candidate. (user: drh, tags: trunk)
2017-07-26
20:08 • Changes to wiki page Release Build How-To (user: drh)
2017-07-25
15:38
[8b9ce19e] Better error checking in the mkversion utility program used during the build process. (user: drh, tags: trunk)
14:38
[5698492f] Update the selfhosting information to talk about the new www3.fossil-scm.org. (user: drh, tags: trunk)
2017-07-24
14:26
[c45b8f45] Update the built-in SQLite to the second 3.20.0 release candidate. (user: drh, tags: trunk)
2017-07-21
04:22
[0a2be064] Improve UI based test documentation with minor corrections to requirements and URLs. (user: andybradford, tags: trunk)
03:55 • Changes to wiki page Release Build How-To (user: drh)
03:19
[f7914bfd] Version 2.3 - the 10th anniversary release (user: drh, tags: trunk, release, version-2.3)
2017-07-20
18:25
[ae83b213] Fixed commit-warning.test broken by addition of the bootstrap skin which includes a file with long lines that generated a new warning. (user: rberteig, tags: trunk)
2017-07-15
13:55
[4872a58b] Update the built-in SQLite to the first 3.20.0 release candidate. (user: drh, tags: trunk)
2017-07-14
20:47
[bfc29fb3] Mention support for HTML-style comments in Markdown reference (user: andygoth, tags: trunk)
2017-07-13
10:24
[548fabe7] Leaf: merge trunk (user: jan.nijtmans, tags: openssl-1.1.0)
10:22
[23895c7b] Update top OpenSSL 1.0.2l. Minor (harmless) compiler warnings in mkversion and codecheck1 (-Wall) (user: jan.nijtmans, tags: trunk)
2017-07-12
18:55
[7c0b9714] Remove an unused variable from the security audit webpage. (user: drh, tags: trunk)
18:34
[74bc515d] Reword the header to the /fileage page to avoid disputes of commas. (user: drh, tags: trunk)
18:23 • Edit [1eab060a84f24fa5|1eab060a]: Move to branch fossil-2.3-with-older-SQLite. (user: drh)
18:08
[2f225b82] Update to the latest SQLite from upstream and make other changes, all to silence a few utterly harmless compiler warnings about incompletely initialized structures. (user: drh, tags: trunk)
16:57
[38df2a45] Be careful not to return a pointer to a webpage generator as a command-line command method. (user: drh, tags: trunk)
11:03
[107cfe02] Leaf: merge trunk (without SQLite update to 3.20.0 beta, but WITH support for tab-completion in the SQL shell) (user: jan.nijtmans, tags: fossil-2.3-with-older-SQLite)
03:35 • Edit [773f9ba75cbaa8fc|773f9ba7]: Mark "Closed". (user: zakero)
03:02
[35f712d4] Fix a typo on the security audit webpage. (user: drh, tags: trunk)
02:49
[9167b2d6] More documentation about what the --verbose flag does for "fossil info". (user: drh, tags: trunk)
2017-07-11
14:35
[a314178a] Update the built-in SQLite to the latest 3.20.0 beta, including support for tab-completion in the SQL shell. (user: drh, tags: trunk)
2017-07-10
18:19
[b1a7527b] A minor fix for the Xekri Skin (user: zakero, tags: trunk)
18:12
[773f9ba7] Closed-Leaf: Fixed a mouseover problem in the Xekri skin that was found by Jungle Boogie. (user: zakero, tags: skin-xekri-fileage-fix)