Fossil

Timeline
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

100 most recent check-ins

2017-08-12
18:47
[cb43937d] Leaf: Enhance the ssh:// URL to be cautious about the fossil= query parameter. Only commands "fossil" and "echo" (with an optional path) are accepted. (user: drh, tags: trunk)
18:34
[d5b01594] Also disallow wildcard characters in blob_append_escape_arg(). (user: drh, tags: trunk)
18:30
[3bbac575] Disallow the ';' character in blob_append_escape_arg(). (user: drh, tags: trunk)
18:24
[9eea719a] Fix another problem with the needEscape computation in blob_append_escaped_arg() (user: drh, tags: trunk)
18:22
[49ae1785] The windows test macro is "_WIN32" without a trailing "_". (user: drh, tags: trunk)
18:20
[9690d370] Fix the needEscape calculation in blob_append_escaped_arg(). (user: drh, tags: trunk)
18:15
[3b191c98] Change the shell_escape() procedure into blob_append_escaped_arg(). Have that procedure raise a fatal error if the argument to be appended contains dodgy characters that might pose a security risk. Also, prepend "./" in front of arguments that begin with "-" to prevent them from looking like switches. (user: drh, tags: trunk)
16:20
[ce7baa97] Leaf: Avoid another attack vector when using SSH sync protocol by not calling a shell interpreter. Fixes only Unix-like environments by using execvp() instead of a string that can be mishandled by /bin/sh. (user: andybradford, tags: ssh-shell-cleanup)
04:19
[45a3d4b1] Typo correction (user: andygoth, tags: trunk)
2017-08-11
16:00
[3ebbe7bc] Increase the version number to 2.4 and update the change log. (user: drh, tags: trunk)
15:29
[1f63db59] Fix the SSH sync protocol to avoid "ssh" command-line option injection attacks such as those fixed in Git 2.14.1, Mercurial 4.2.3, and Subversion 1.9.7. As "ssh://" URLs cannot be buried out of sight in Fossil, the vulnerability does not appear to be as severe as in those other systems. (user: drh, tags: trunk)
2017-08-07
20:22
[b130b64c] Hyperlinks to the SSL versions of the website. Redirect to the local unversioned source for the "precompiled binaries" link on the homepage. (user: drh, tags: trunk)
2017-08-06
23:48
[1e491f6c] Restore end-of-line spaces used to demonstrate mid-paragraph line break in markdown.md. The spaces were removed by [23895c7b99] which appeared to clean house on end-of-line whitespace in addition to its documented purpose. (user: andygoth, tags: trunk)
23:32
[6f69ccdc] Document Markdown tables (never knew this feature existed), and improve consistency of formatting (user: andygoth, tags: trunk)
2017-08-05
04:17
[da23bec7] Enable processing of versioned manifest setting when creating zips and tarballs outside of an open checkout directory (user: andygoth, tags: trunk)
03:45
[b9de6042] Simplify manifest generation logic in zip page (user: andygoth, tags: trunk)
03:23
[95edba65] Correct the /doc page to support read-only repositories (user: andygoth, tags: trunk)
2017-07-31
17:42
[2a615bed] Update the built-in SQLite to the 4th release candidate for 3.20.0. (user: drh, tags: trunk)
2017-07-28
18:41
[04de083e] Fix a problem with markdown rendering for "code". (user: drh, tags: trunk)
00:49
[8ffba76b] Update the built-in SQLite to the 3rd 3.20.0 release candidate. (user: drh, tags: trunk)
2017-07-25
15:38
[8b9ce19e] Better error checking in the mkversion utility program used during the build process. (user: drh, tags: trunk)
14:38
[5698492f] Update the selfhosting information to talk about the new www3.fossil-scm.org. (user: drh, tags: trunk)
2017-07-24
14:26
[c45b8f45] Update the built-in SQLite to the second 3.20.0 release candidate. (user: drh, tags: trunk)
2017-07-21
04:22
[0a2be064] Improve UI based test documentation with minor corrections to requirements and URLs. (user: andybradford, tags: trunk)
03:19
[f7914bfd] Version 2.3 - the 10th anniversary release (user: drh, tags: trunk, release, version-2.3)
2017-07-20
18:25
[ae83b213] Fixed commit-warning.test broken by addition of the bootstrap skin which includes a file with long lines that generated a new warning. (user: rberteig, tags: trunk)
2017-07-15
13:55
[4872a58b] Update the built-in SQLite to the first 3.20.0 release candidate. (user: drh, tags: trunk)
2017-07-14
20:47
[bfc29fb3] Mention support for HTML-style comments in Markdown reference (user: andygoth, tags: trunk)
2017-07-13
10:24
[548fabe7] Leaf: merge trunk (user: jan.nijtmans, tags: openssl-1.1.0)
10:22
[23895c7b] Update top OpenSSL 1.0.2l. Minor (harmless) compiler warnings in mkversion and codecheck1 (-Wall) (user: jan.nijtmans, tags: trunk)
2017-07-12
18:55
[7c0b9714] Remove an unused variable from the security audit webpage. (user: drh, tags: trunk)
18:34
[74bc515d] Reword the header to the /fileage page to avoid disputes of commas. (user: drh, tags: trunk)
18:08
[2f225b82] Update to the latest SQLite from upstream and make other changes, all to silence a few utterly harmless compiler warnings about incompletely initialized structures. (user: drh, tags: trunk)
16:57
[38df2a45] Be careful not to return a pointer to a webpage generator as a command-line command method. (user: drh, tags: trunk)
11:03
[107cfe02] Leaf: merge trunk (without SQLite update to 3.20.0 beta, but WITH support for tab-completion in the SQL shell) (user: jan.nijtmans, tags: fossil-2.3-with-older-SQLite)
03:02
[35f712d4] Fix a typo on the security audit webpage. (user: drh, tags: trunk)
02:49
[9167b2d6] More documentation about what the --verbose flag does for "fossil info". (user: drh, tags: trunk)
2017-07-11
14:35
[a314178a] Update the built-in SQLite to the latest 3.20.0 beta, including support for tab-completion in the SQL shell. (user: drh, tags: trunk)
2017-07-10
18:19
[b1a7527b] A minor fix for the Xekri Skin (user: zakero, tags: trunk)
18:12
[773f9ba7] Closed-Leaf: Fixed a mouseover problem in the Xekri skin that was found by Jungle Boogie. (user: zakero, tags: skin-xekri-fileage-fix)
14:37
[1ba3c919] test-markdown-render and test-wiki-render command don't require to be inside a checkout. (user: mgagnon, tags: trunk)
2017-07-09
00:51
[9e67b8ab] Document italic+bold Markdown (user: andygoth, tags: trunk)
2017-07-08
20:42
[3bfdafe4] Improve built-in Markdown reference documentation to describe more features I long wished Markdown had but just now discovered it already does (user: andygoth, tags: trunk)
13:35
[23d45ff9] An empty username on a U card is translated into "anonymous". (user: drh, tags: trunk)
11:01
[970adec0] Closed-Leaf: In the "last change" report, show the user as "anonymous" if the EVENT.USER field is NULL or an empty string. (Later:) Removed from trunk because a better solution is to not store empty strings in the EVENT.USER field in the first place. (user: drh, tags: mistake)
2017-07-07
19:18
[956d4901] Avoid appending to g.zPath inside doc_page() loop. Instead, wait until the loop is done to modify g.zPath. When doing a directory lookup, the check-in and directory name were being repeatedly appended to g.zPath each step through the list of possible filename suffixes. This corrupted <base href> should index.html not exist, which in turn broke relative URLs. (user: andygoth, tags: trunk)
12:59
[4a516fb7] Merge trunk. Upgrade to OpenSSL 1.1.0f. Note that this branch only adapts the Windows buildfiles, no source-code or anything else, since Openssl 1.1.0 is (almost, not significant for fossil) upwards compatible. (user: jan.nijtmans, tags: openssl-1.1.0)
2017-07-06
15:32
[10c7e0fc] Fix typo in auto.def Merge trunk (user: jan.nijtmans, tags: fossil-2.3-with-older-SQLite)
2017-07-05
13:00
[e76f3bbe] In the timeline graph rendering code, hard-code the topRow value in the generated javascript. (user: drh, tags: trunk)
12:33
[ba344432] Fix timeline rendering so that multiple timelines can be drawn on each page without interferring with one another. Move the "Referenced By" section of the /info page upward and rename it as "References". Added the /test-backlink page for showing all pages that contain references. (user: drh, tags: trunk)
11:12
[fae745cf] Add the "Referenced By" section to the /info page. (user: drh, tags: trunk)
2017-07-04
16:02
[9d7ef44f] On the /urllist page, stop the display of access URLs after at least 8 have been shown and the last access is more than 30 days ago. Except, show them all if the "all" query parameter is used. (user: drh, tags: trunk)
13:11
[5826ba37] Do not send the message body on an HTTP reply to a HEAD request. (user: drh, tags: trunk)
04:36
[f57f5f99] Add the "bootstrap" skin. (user: drh, tags: trunk)
2017-07-03
23:18
[c666579c] Do not show checkouts with the "info -v" command or in the /urllist webpage if the checkout does not appear to exist any more. (user: drh, tags: trunk)
20:04
[6a679311] Add a pre-packaged CONFIG table query to the administrator SQL interface. (user: drh, tags: trunk)
19:07
[3ca935ef] On the text descriptions of the various administrator settings, identify the property in the CONFIG table that is being modified. (user: drh, tags: trunk)
13:54
[a8910101] On the server.wiki page, point to the source code comments that describe the various CGI options. (user: drh, tags: trunk)
13:48
[d407e22f] Closed-Leaf: On the server.wiki page, point to the source code comments that describe the various CGI options. (user: drh, tags: security-risk)
11:26
[d28cb283] On the /test_env page, show the AUTH_CONTENT and AUTH_TYPE environment variables in "cookie" mode. - On second thought, better to not show these, since they can expose passwords on screen. (user: drh, tags: security-risk)
10:36
[1eab060a] Suggestion for 2.3 release: Eliminate the need for SQLITE_PREPARE_PERSISTENT, which makes fossil work with SQLite 3.19.3. (user: jan.nijtmans, tags: fossil-2.3-with-older-SQLite)
09:31
[86d4754a] Update changes.wiki. Some eol-spacing (user: jan.nijtmans, tags: trunk)
2017-07-02
18:22
[4207a040] On the /test_env page, report the values of the REMOTE_USER and HTTP_AUTHENTICATION environment variables, if they exist. (user: drh, tags: trunk)
2017-07-01
22:43
[5c999558] Fix a minor problem with Write-Unver reporting on the security audit report. (user: drh, tags: trunk)
22:38
[59a51b82] Add the cgi_referer() utility function. Use it to cause the setup_uedit page to always go back to the page it came from. (user: drh, tags: trunk)
22:17
[564e42df] More checking of user permissions on the Security Audit page. (user: drh, tags: trunk)
19:36
[8fe2f97e] Update the change log to mention recent enhancements. (user: drh, tags: trunk)
18:09
[1dc93b70] Improvements to the "Last Change" report. (user: drh, tags: trunk)
17:54
[b629647e] Add the "Last Change" activity report. (user: drh, tags: trunk)
17:23
[46d5d638] When computing the "Last Login" on the user list page, take the RCVFROM sync log into account. (user: drh, tags: trunk)
16:41
[2fe385e4] Prevent line breaks in the "Last Login" column of the user list. (user: drh, tags: trunk)
16:34
[5832d2fc] Add the "Last Login" column to the setup_ulist page. (user: drh, tags: trunk)
03:08
[38f37679] Typo fix in documentation. (user: drh, tags: trunk)
00:52
[752365e7] Improved wording on some of the security-audit warnings. (user: drh, tags: trunk)
00:51
[4253b1de] More security-audit checks. (user: drh, tags: trunk)
2017-06-30
19:59
[3d6cf6a7] Add the --numstat option to the diff command. (user: drh, tags: trunk)
19:00
[038dcc00] Report an error if the input file to "fossil import" cannot be opened. (user: drh, tags: trunk)
18:56
[0f8bae07] Fix the zlib Makefile for MSVC to use /MT to avoid a compiler warning. (user: drh, tags: trunk)
18:42
[4c17ab60] Fix the unix makefile so that the dependency on page_index.h is against dispatch.c not main.c. (user: drh, tags: trunk)
18:28
[6c543c03] New security audit checks. (user: drh, tags: trunk)
16:18
[02683077] Add the Security-Audit page. There is more work to be done here, but it is now at least partially functional. (user: drh, tags: trunk)
16:13
[c12ffe2c] Closed-Leaf: Many new permission checks for the security-audit page. (user: drh, tags: security-audit)
15:17
[7f29e264] Start the security audit by checking to see if the repos it public or private. (user: drh, tags: security-audit)
14:10
[1c1d4ed2] Fossil now needs at least SQLite 3.20.0 (beta) (user: jan.nijtmans, tags: trunk)
13:36
[c5504029] Add a stub for the Security Audit page. (user: drh, tags: security-audit)
2017-06-29
19:59
[960b9dc0] Enable the STMT virtual table so that it available in the "fossil sql" command. (user: drh, tags: trunk)
19:05
[11c46fd6] Make use of the new sqlite3_prepare_v3() interface and the SQLITE_PREPARE_PERSISTENT flag in SQLite. (user: drh, tags: trunk)
18:54
[ee71f347] Update the built-in SQLite to the latest from upstream. (user: drh, tags: trunk)
06:29
[048738b2] Make the command-line timeline behave more like the timeline page by handling dates before resolving to symbolic rid which might actually not meet the "before" or "after" criteria. Bug reported by Roy Keene: timeline output always included a timeline entry which happened to be before the "after" date indicated. (user: andybradford, tags: trunk)
2017-06-24
16:28
[caf26817] Fixed "integer constant is too large for long type" warning on 32-bit Linux (user: andygoth, tags: trunk)
13:59
[3f193ba6] Increase the stack size limit to 8MB. Disable stack and heap size limits prior to invoking subprocesses. (user: drh, tags: trunk)
13:38
[42d151cc] Update the built-in SQLite and SQL command shell to the latest from upstream. (user: drh, tags: trunk)
2017-06-22
11:41
[6fb3e2de] updated license description from GPL to 2-clause BSD, with a tip of the hat to er38hcma on the mailing list. (user: stephan, tags: trunk)
2017-06-21
11:48
[14d8d31b] Unicode 10 is officially released now. (user: jan.nijtmans, tags: trunk)
2017-06-20
13:35
[6e6e4b1d] On unix, use setrlimit() to limit total heap space usage to 1GB on 32-bit systems and 10GB on 64-bit systems, and total stack space to 2MB, as a proactive defense again the "stack clash" vulnerability found on many unix-like OSes. I do not yet know if these limits are reasonable. (user: drh, tags: trunk)
2017-06-19
01:55
[a49ef378] Make sure the /uv webpage returns a sensible error if the unversioned table does not exist. (user: drh, tags: trunk)
2017-06-16
11:38
[33a13b80] Add -DSQLITE_OMIT_GET_TABLE to the compilation flags for SQLite (user: jan.nijtmans, tags: trunk)
2017-06-15
13:47
[e3fe51e1] Fix fallback definitions of R_OK/W_OK, make them the same as Microsoft's definitions. (user: jan.nijtmans, tags: trunk)
13:44
[222e9ea8] Update the homepage to include "airliner wifi" in the same performance category "dial-up". (user: drh, tags: trunk)
13:12
[2ada39ba] Fix compiler warnings in the shell.c from the previous check-in. Also bring in the latest trunk version of SQLite for testing. (user: drh, tags: trunk)