Fossil

Timeline
Login

Timeline

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

79 check-ins by user dmitry

2012-11-06
18:38
Make sure file names in file browser don't wrap by adding white-space property to default CSS. check-in: b83278f6 user: dmitry tags: trunk
2012-11-04
12:59
Fix typos. Closed-Leaf check-in: 45065c5c user: dmitry tags: spelling
2011-12-16
22:00
Add SSL SNI support (suggested by BohwaZ on mailing list). Simplify setting of port for SSL connection. Closed-Leaf check-in: 132dbced user: dmitry tags: dmitry-fixes
2011-10-04
15:20
Add HMAC-SHA1 implementation. Closed-Leaf check-in: dcee34b2 user: dmitry tags: multisession
15:15
Merge protection against timing attacks into trunk. check-in: d4a341b4 user: dmitry tags: trunk
14:38
Merge trunk into dmitry-security branch. Closed-Leaf check-in: f4eb0f5a user: dmitry tags: dmitry-security
14:34
Rename constant_time_eq to constant_time_cmp to better indicate that these functions return 0 when values are equal, like memcmp, strcmp, etc., not truth, to avoid possible mistakes. check-in: d244c484 user: dmitry tags: dmitry-security
14:28
Revert the previous change after thinking more about it.

Login cards in the sync protocol have the following format:

login userid nonce signature

Nonce is SHA-1 of the message that follows this line, signature is SHA-1 of the concatenation of the nonce and user's shared secret. The successful timing attack can reveal only signature for this particular packet due to nonce. However, as nonce is known to the attacker, it's theoretically possible for them to bruteforce the shared secret_offline_.

The whole scenario sounds highly improbable, but using constant-time comparison function for such things by default is a good practice. check-in: 13a9a124 user: dmitry tags: dmitry-security

2011-09-30
10:51
It seems like blob_constant_time_eq() is unnecessary for sync protocol signatures; removed. check-in: 48bcfbd4 user: dmitry tags: dmitry-security
09:41
Catch zero length early in blob_constant_time_eq(). check-in: e3d022df user: dmitry tags: dmitry-security
2011-09-29
21:06
Fix to the previous fix: install function to the correct database. check-in: 3782276d user: dmitry tags: dmitry-security
21:04
Fix login groups. check-in: 6f29649e user: dmitry tags: dmitry-security
17:26
Fix comment. check-in: a0fa120b user: dmitry tags: dmitry-security
17:21
Protect against timing attacks by using constant-time comparison function to compare passwords and cookies. check-in: 7f110475 user: dmitry tags: dmitry-security
14:07
When creating a manifest, get isExe and isLink bits from filesystem at once instead of doing two stat(2) calls. check-in: 9bfa186b user: dmitry tags: trunk
11:45
Change file_size() to file_wd_size() in file_is_the_same(). check-in: 13a771ce user: dmitry tags: trunk
11:05
Cache "manifest" setting in fossil_reserved_name() instead of reading it from the database on every call. This speeds up adding many files. check-in: a369dc77 user: dmitry tags: trunk
2011-09-27
19:28
Call file_wd_isdir() in file_mkdir(). check-in: 13120e96 user: dmitry tags: trunk
19:15
Change a few instances of file_isdir() to file_wd_isdir(). check-in: f1329470 user: dmitry tags: trunk
2011-09-25
11:14
Fix double LI tags when listing wiki attachments for users without permissions. check-in: 12272b7f user: dmitry tags: trunk
2011-09-24
01:39
Disable SSLv2 in HTTPS client. This version of the protocol is considered insecure and has been deprecated; all modern browsers disable it. check-in: ea1d369d user: dmitry tags: trunk
2011-09-11
13:57
Fix three remaining instances of printing rebuild progress in CGI mode. Ticket [19be0265ff]. Closed-Leaf check-in: 2cd21f8d user: dmitry tags: dmitry-fixes
12:27
Disallow creating users with empty login. Ticket [66ce1088]. check-in: e1ea6c26 user: dmitry tags: dmitry-fixes
12:26
Fix typos in documentation. Tickets [09310d1a] and [806c4358]. check-in: 9150a8a2 user: dmitry tags: dmitry-fixes
12:19
Show overridden user in commit comment. Ticket [4af785ba]. check-in: 7c82dbf5 user: dmitry tags: dmitry-fixes
2011-09-08
14:30
Add comment describing file_wd_isfile() function. check-in: f23334cb user: dmitry tags: trunk
13:07
Remove unused variable from ticket_cmd(). check-in: a0b3769b user: dmitry tags: trunk
13:02
Merge fixes and refactoring from symlinks branch. check-in: c05f6afa user: dmitry tags: trunk
12:59
Fix Windows build. Closed-Leaf check-in: 4e586a2d user: dmitry tags: symlinks
11:59
Introduce new file_wd_* functions that use stat() or lstat() depending on 'allow-symlinks' setting, and use them when dealing with files inside the working directory. Make file_* functions always use stat() as before merging symlink support.

Fix renaming of symlinks when merging (via new function symlink_copy()).

Rename create_symlink() to symlink_create(). check-in: 8a0c5469 user: dmitry tags: symlinks

11:52
Merge latest trunk into symlinks branch. check-in: 981e5c62 user: dmitry tags: symlinks
2011-09-06
13:23
Close A and LI tags when displaying new and deleted files in timeline. check-in: 8d703ff9 user: dmitry tags: trunk
2011-09-02
12:39
Merge symlink fixes into trunk. check-in: c97535c5 user: dmitry tags: trunk
12:27
Merge latest trunk into symlinks branch. check-in: fee3c676 user: dmitry tags: symlinks
10:34
Print description of conflict when 'stash apply' cannot merge a symlink and a regular file. check-in: bca6924e user: dmitry tags: symlinks
10:19
Uncomment contents of Makefile.in. Silence OpenSSL deprecation warnings on Mac OS X 10.7. check-in: 73443aa7 user: dmitry tags: symlinks
09:34
Bring Makefile.in back. check-in: 67295626 user: dmitry tags: symlinks
2011-09-01
23:55
Change a couple of unlink()'s to file_delete(). check-in: 61d49d92 user: dmitry tags: symlinks
23:44
Fix indentation in update.c. check-in: 1d54dce4 user: dmitry tags: symlinks
23:18
Merge latest changes from trunk. check-in: 2b1a4797 user: dmitry tags: symlinks
22:56
Refactor file_perm(), file_islink(), and file_isexe(). Now file_perm() calls stat only once. check-in: eac23495 user: dmitry tags: symlinks
22:55
Fix merge when merging UPDATEs a symlink to a regular file and vice versa. check-in: 82a95b46 user: dmitry tags: symlinks
22:52
Fix undo when having a regular file on disk and symlink in undo. check-in: 324763b9 user: dmitry tags: symlinks
22:15
Fix saving undo for symlinks. check-in: 0762b1d9 user: dmitry tags: symlinks
20:56
Merge latest trunk. check-in: 02ee688a user: dmitry tags: symlinks
2011-08-31
16:28
Merge improvements to artifact descriptions into symlinks branch. Also modify displaying of permissions: now web UI shows "File", "Executable file", or "Symbolic link" in file artifact description. check-in: 3115774f user: dmitry tags: symlinks
09:55
Merge latest trunk. check-in: 40ed431c user: dmitry tags: symlinks
2011-08-28
11:22
Make blob_read_link() C89-compatible on Unix again. check-in: 03481908 user: dmitry tags: symlinks
11:01
Use file_delete() instead of unlink() in vfile_to_disk(). check-in: 08311ffc user: dmitry tags: symlinks
10:43
Handle errors in blob_read_link(). check-in: d43029f6 user: dmitry tags: symlinks
2011-08-27
20:37
Indicate whether a file artifact is a symlink or an executable in the web interface. check-in: a7bf0e9b user: dmitry tags: symlinks
09:44
Fix reading delta from wrong column in stash. check-in: 0317a929 user: dmitry tags: symlinks
01:21
Reverse the order of column/table existence checking to make validation of already updated local database faster. check-in: 8c0f4bc7 user: dmitry tags: symlinks
01:07
Add islink column to stashfile, undo, undo_vfile tables if needed. check-in: 44e673f5 user: dmitry tags: symlinks
00:52
Fix SQL syntax error in undo. check-in: be956c3c user: dmitry tags: symlinks
2011-08-25
13:48
Fix one more use of number instead of constant for permissions. check-in: 35de2bdd user: dmitry tags: symlinks
11:42
Introduce constants for internal permissions (executable/symlink). check-in: f6daee3e user: dmitry tags: symlinks
2011-08-24
20:01
Support symlinks in tarballs. check-in: 72e3bbd0 user: dmitry tags: symlinks
19:12
Support symlinks in ZIP files. check-in: 16da26c5 user: dmitry tags: symlinks
2011-08-23
17:44
Fill islink field in vfile table when adding files. Support symlinks in export. Make manifest_file_perm() return 2 for symlinks. Add file_perm() function, and use it instead of file_isexe() when we need both isexe and islink properties. check-in: 4619361d user: dmitry tags: symlinks
13:54
Fix comments. check-in: 4a32e8ad user: dmitry tags: symlinks
2011-08-22
22:20
Merge trunk. check-in: c57830be user: dmitry tags: symlinks
2011-02-07
17:57
Fix issue introduced by previous fix. check-in: 9fbc052c user: dmitry tags: symlinks
17:51
Merge latest trunk. check-in: d7d335a6 user: dmitry tags: symlinks
17:50
Fix segmentation fault in historical_version_of_file() when file has no permissions in manifest. check-in: 8e4e30fb user: dmitry tags: symlinks
2011-01-28
19:04
Add symlink support for Unix. New settings flag "allow-symlinks" controls this (off by default). check-in: ed2ef7e9 user: dmitry tags: symlinks
18:57
Create new branch named "symlinks". Mailing list thread check-in: a7b7ff3a user: dmitry tags: symlinks
2009-11-09
21:22
Reformat some code in http_ssl.c check-in: d92945e5 user: dmitry tags: ssl
15:32
Add SSL support. check-in: 16f6fd90 user: dmitry tags: ssl
15:24
Create new branch named "ssl" check-in: bd2fa6aa user: dmitry tags: ssl
2009-10-17
11:17
Styles don't work in wiki, so mark it with italics Closed-Leaf check-in: c01667b0 user: dmitry tags: trunk
11:16
Update note style in index.wiki check-in: dda6a534 user: dmitry tags: trunk
11:14
Add note to index.wiki check-in: e4c8ef43 user: dmitry tags: trunk
2009-10-15
17:20
Add "Generate RSS feed for timeline" option to Timeline preferences. Don't output RSS when it's turned off. check-in: 9812c6c5 user: dmitry tags: trunk
17:19
Fix not using wiki markup when displaying new ticket title in timeline. (Related to [d6bfe8d9a8], which fixes ticket [218153bb7c3]). check-in: 2f92617b user: dmitry tags: trunk
08:01
Merge with 076f7adff. check-in: 856e23a1 user: dmitry tags: trunk
2009-10-11
21:31
Panic on bad server responses. Ticket [bfb8427cdd]. check-in: 21a2a181 user: dmitry tags: trunk
21:30
Update documentation for "clean" command. Ticket [c3d668ad52]. check-in: 25ede6e3 user: dmitry tags: trunk
21:29
Remove extra whitespace before file names in file browser. Ticket [28d861eb57]. check-in: f871a3b5 user: dmitry tags: trunk