Fossil

Timeline
Login

Timeline

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

253 check-ins using file tools/makemake.tcl version 3cc47ca3

2023-04-20
16:21
Fix build by escaping the backslash in the help text of test-strip-comment-lines. ... (check-in: cbfaec58 user: danield tags: trunk)
12:12
Mention comments in the document about glob patterns. ... (check-in: 9558bf82 user: danield tags: trunk)
12:02
In versioned settings, make again possible for globs to begin with a hash by escaping it (i.e. such lines should start with '\#'). ... (check-in: 6d2dbf98 user: danield tags: trunk)
2023-04-19
11:56
Improved the systemd guide's points about `podman generate systemd`. ... (check-in: ac30c2d9 user: wyoung tags: trunk)
11:55
A few more small tweaks to the containers doc ... (check-in: 117cf4ff user: wyoung tags: trunk)
11:39
Reordered a few sections in the container customization section to flow better and reduce redundancy. ... (check-in: bb189d17 user: wyoung tags: trunk)
11:29
Moved the sectio about elaborating the container runtime layer down into the section of the doc where we talk about other customizations. Its prior location was because it was a tangent off a prior point, but it's just as easy to jump down via hyperlink. Assorted other small improvements while in there. ... (check-in: 301d4f21 user: wyoung tags: trunk)
10:45
Add supporting comment lines in versioned settings to the changelog. ... (check-in: 4ed98a99 user: danield tags: trunk)
07:19
Allow comment lines (starting with '#') in versioned settings. ... (check-in: ef633d4b user: danield tags: trunk)
01:46
Produce merge conflict mark during merge when file exist in current version and in version to be merged, but not in common ancestor. ... (check-in: 7c75e47b user: mgagnon tags: trunk)
00:46
Add an admin/debug flag to the forum which enables the user to skip sending of notifications for a given new post or edit. ... (check-in: 3f6aa946 user: stephan tags: trunk)
00:44
Only honor the fpsilent flag if the user has g.perm.Debug, to avoid that malicious parties inject that flag via the browser dev tools. ... (Closed-Leaf check-in: b8ab407f user: stephan tags: forum-skip-notification)
00:29
Prototype/proof-of-concept implementation of an admin flag for the forum which tells it to not send email notifications for a given edit or new post. ... (check-in: 65062c29 user: stephan tags: forum-skip-notification)
2023-04-18
17:47
Extend FTS index support to enable selection of different tokenizers, to support searching of Chinese content. ... (check-in: 0e5d27fe user: stephan tags: trunk)
17:45
Add FTS tokenizer selection to the /srchsetup page. ... (Closed-Leaf check-in: 9e52f8c0 user: stephan tags: fts5-trigram)
2023-04-17
21:50
Merge latest changes from trunk. ... (Closed-Leaf check-in: 88a76afc user: mgagnon tags: merge-conflict-when-no-file-on-pivot)
20:13
Replace another leftover use of the word 'stemmer' and clean up end-of-line whitespace in the change log. ... (check-in: bcff4d81 user: stephan tags: fts5-trigram)
18:35
Replace a leftover use of the word 'stemmer' and add mention of the trigram tokenizer to the change log. ... (check-in: 6a085807 user: stephan tags: fts5-trigram)
17:25
Initial (and incomplete) work to extend FTS5 search to support the trigram tokenizer, per forum post bc458aea069c29ae5d. TODO is the addition of the trigram option in the UI-level search configuration. ... (check-in: 06c99b83 user: stephan tags: fts5-trigram)
2023-04-16
13:13
Merge trunk into forumpost-locking branch. ... (check-in: 0af37104 user: stephan tags: forumpost-locking)
2023-04-14
15:31
Squelch an unitialized var warning from gcc 12.2.1 on Alpine Linux. ... (check-in: 3783a24e user: stephan tags: trunk)
2023-04-13
07:01
Typo fix in capabilities.c, reported in forum. ... (check-in: 0df0586a user: danield tags: trunk)
2023-04-10
20:23
Update the built-in SQLite to the latest trunk version for testing. ... (check-in: 2eb2077c user: drh tags: trunk)
08:46
Do not save the password for syncing operations if the user denied the save password prompt or if the FOSSIL_SECURITY_LEVEL environment variable is ≥1. ... (check-in: 2916ec97 user: florian tags: trunk)
2023-04-03
18:58
Allow comment lines (starting with '#') in versioned settings. ... (Closed-Leaf check-in: fc2a4dcc user: danield tags: allow-versioned-settings-comments)
2023-04-01
16:49
Added the CENGINE abstraction between `docker` and `podman` in the Makefile's container convenience targets. ... (check-in: 72d82404 user: wyoung tags: trunk)
16:41
Removed all the "BBXVER" stuff in the containers doc now that we aren't fetching the BusyBox sources and building a custom version to install outside the jail. ... (check-in: b1416554 user: wyoung tags: trunk)
15:52
Update the built-in SQLite to the latest trunk version (pre-3.42.0) for testing. ... (check-in: 2516fca7 user: drh tags: trunk)
2023-03-31
18:49
Updated the Podman docs to no longer talk about all the "sudo" stuff we used to have to do to get it to build and run. There are no more mknod calls to fail in that rootless environment. ... (check-in: 779cb8fd user: wyoung tags: trunk)
2023-03-30
18:14
Updated the container size info in the Fossil v Git doc to track recent developments. ... (check-in: 283b1a42 user: wyoung tags: trunk)
14:51
Commit [cda5d6a7] invalidated the BusyBox steps in the Tcl and Python examples in §3.2 of the containers doc. ... (check-in: ddcdc6f3 user: wyoung tags: trunk)
08:15
Update the list of versionable settings in the documentation. ... (check-in: 0f9224e9 user: danield tags: trunk)
2023-03-28
13:29
Using "FROM busybox" in the second stage of the Dockerfile instead of "FROM scratch" plus a copy of the busybox.static binary installed via APK in the first stage. We're throwing this layer away in the third stage, so the difference is immaterial. This simplifies things without losing anything we care about. ... (check-in: cda5d6a7 user: wyoung tags: trunk)
00:02
Post-sleep edit pass on the new material in §3.2 of the containers doc. ... (check-in: d21fb267 user: wyoung tags: trunk)
2023-03-27
13:41
Add the ft=TAG query parameter to /timeline which, in combination with d=Y shows all descendants of Y up to TAG. Implementation of enhancement request [eadfb8c2ffa9fe03]. ... (check-in: 64f141fc user: drh tags: trunk)
07:24
Refined the Tcl and Python examples in the new §3.2 of the container doc. ... (check-in: 9baa4423 user: wyoung tags: trunk)
06:33
Switched to a split ENTRYPOINT/CMD scheme for launching the Fossil server in the container. The immediate need is so we override lower-level ENTRYPOINTs provided by mix-in layers, but it's more correct generally. ENTRYPOINT says this is the hard-coded purpose of the container, and CMD gives the arguments to that command. The split is therefore between the mandatory parts and the parts the user might want to override without needing to write their own Dockerfile. ... (check-in: deb99e22 user: wyoung tags: trunk)
04:59
The container now uses BusyBox only in the build and setup stages, leaving just the static Fossil binary in the final stage, plus absolute necessities like a /tmp directory.

This removes the justification for the custom BusyBox configuration, which then means we can use Alpine's busybox-static package in the second stage, saving a bunch of network I/O and build time.

That in turn means we no longer have any justification for jailing the Fossil binary, since there's nothing extra left inside the container for it to play with. Doing this required bumping the Dockerfile syntax back up from 1.0 to 1.3 to get the "COPY --chmod" feature; tested it in Podman, which has had it for two years now.

Doing all of this simplifies the Dockerfile and its documentation considerably. As a bonus, it builds quicker, and it's nearly a meg lighter in compressed image form. Especially for the case of using the container as a static "fossil" binary builder, this is nothing but win. ... (check-in: 79ac06a5 user: wyoung tags: trunk)

2023-03-26
23:54
Do not render "Check-ins" button within a submenu of /tktview, /tkthistory, /tkttimeline and /info pages, unless a user actually has a capability to read check-ins. This should prevent confusion and save some screen space. ... (check-in: c04c814e user: george tags: trunk)
2023-03-24
15:22
For the bt=Y query parameter in /timeline that is used in conjunction with p=X, if Y is a tag then search backwards in time for Y beginning with X. Fix for ticket [ed62a4d35332595a]. ... (check-in: 507ebd8b user: drh tags: trunk)
10:21
Comment and whitespace tweaks ... (check-in: 81c30ab9 user: wyoung tags: trunk)
08:27
Switched from a Dockerfile "ADD" command to wget for the BusyBox source tarball because, surprisingly, BuildKit pulls the URL unconditionally under the logic that it can't know whether to cache the pulled data until it has a copy to compare against! This not only means you pull the BusyBox source tarball for each container build even though it's tagged and thus cannot possibly change, it puts a load on GitHub which then causes it to begin throttling each pull, making your local builds slower and slower when iterating on a change set, as in the prior set of commits. By pushing the URL down into a wget command, we cause BuildKit to see an unchanging shell script line (assuming $BBXURL keeps its default) so it *does* cache the pulled layer. ... (check-in: ac955594 user: wyoung tags: trunk)
08:13
Another fixup to the nojail patch to track the previous. (Can't reliably create these patches without having a committed version to diff against, alas.) ... (check-in: c9e4b3d2 user: wyoung tags: trunk)
08:07
Dropped our canned /etc/os-release file entirely, recommending instead that those who need a VM-like container image switch the second stage from "scratch" to one of Google's "distroless" images, which provide that and more. That in turn gets rid of the need for the dummied up /usr/bin and /run, which simplifies the mainstream case. ... (check-in: d778a023 user: wyoung tags: trunk)
07:43
Updated the nojail patch so it applies cleanly atop all these recent Dockerfile changes. No functional change; merely tracks changes in the context parts of the diff. ... (check-in: 2bdd5819 user: wyoung tags: trunk)
07:03
Tiny clarity tweaks to the Dockerfile. No functional change. ... (check-in: 591e3eb9 user: wyoung tags: trunk)
05:23
Removed a reference to /etc/os-release from stage 2 of the Dockerfile. Commit [4cb5c03e] took care of stage 1 only. ... (check-in: 4b41a7f8 user: wyoung tags: trunk)
05:20
Switched from "adduser" and "addgroup" commands for setting up the "fossil" user to direct echo-into-output, same as we already do for the root user. We had to to it for root since the BusyBox implementation of adduser/addgroup won't create these files if they're missing, but that meant we had two different ways of creating users and groups. This not only removes a weak dependency, it's more consistent. ... (check-in: fff11fc6 user: wyoung tags: trunk)
05:17
Added the interactive debugging shell command to the Quick Start section of the containers doc for easy cut-and-paste. ... (check-in: 2f014407 user: wyoung tags: trunk)
2023-03-23
18:03
URL and whitespace fixes to previous. ... (check-in: 9e73519c user: wyoung tags: trunk)
16:40
The /etc/os-release workaround for nspawn's pickiness has caused the feature to go into negative ROI territory. Ripped it out of the mainstream process and made it a manual step for those who need it, in the hopes that this will cause fewer ongoing problems than leaving it as it is. ... (check-in: 4cb5c03e user: wyoung tags: trunk)
15:51
Dropped declaration of Dockerfile syntax version from 1.4 to 1.0. Put it at 1.4 when we were using heredocs, a feature that went from experimental to stable at that version, then failed to drop it back when we replaced the use of heredocs with externally generated files to regain Podman compatibility. ... (check-in: 5b62bfe1 user: wyoung tags: trunk)
15:42
Linked to the Dockerfile from the top of the containers doc. ... (check-in: 2210c15d user: wyoung tags: trunk)
14:52
Use a more appropriate link in the above document. ... (check-in: aacd3714 user: danield tags: trunk)
14:48
Correct two broken links in the 'Fossil vs. Git' document. ... (check-in: f8baa04b user: danield tags: trunk)
2023-03-19
14:25
CSS tweak for disabled submit buttons in darkmode skin, based on forum feedback. ... (check-in: 081194bb user: stephan tags: trunk)
2023-03-17
12:28
Update the built-in SQLite to the first 3.41.2 beta, for testing. ... (check-in: 36b17e51 user: drh tags: trunk)
11:50
CSS tweaks for the Blitz and Aroise skins to make it more apparent when Submit buttons are disabled. Based on forum post 4cbd254480d00dd2. ... (check-in: c0f62386 user: stephan tags: trunk)
2023-03-16
02:08
Produce merge conflict mark during merge when file exist in current version and in version to be merged, but not in common ancestor.

Related forum discussion including test script: f035bbc8461da6d2. ... (check-in: 04e1674c user: mgagnon tags: merge-conflict-when-no-file-on-pivot)

2023-03-15
12:42
A blitz skin forum CSS tweak from 224044aa2d8d2 to give visited links in the thread list a slightly different color. ... (check-in: 68e9acb8 user: stephan tags: trunk)
10:40
(x)diff --context N, where N is a negative value, is now treated as infinite, per off-list feature request. ... (check-in: 16d3d8b0 user: stephan tags: trunk)
10:35
Forum listing CSS tweaks prompted by 3d350d67b6e836. ... (check-in: 0aae0ef5 user: stephan tags: trunk)
2023-03-14
17:18
Add the --out option to the "cat" command to specify an output file - only if a single historical file is requested. ... (check-in: 8975472d user: danield tags: trunk)
14:16
Slight CSS tweak to the darkmode skin's forum listing, based on forum post 9a6f4c039d82, intended to make the have-been-visited links stand out a bit better. ... (check-in: d2c93a41 user: stephan tags: trunk)
14:07
Correct a directory name in skins/README.md which was made invalid via code restructuring. ... (check-in: e6ef1977 user: stephan tags: trunk)
2023-03-13
20:58
Renamed the new "Capabilities" glossary entry to "Capability" since we shouldn't be using a plural top-word entry even though they're defined, transported, stored, and otherwise treated as a group. Also replaced a use of this word in its own definition. ... (check-in: d3f45814 user: wyoung tags: trunk)
20:44
Moved the "snapshot" term in the glossary down into a footnote because it's got assorted problems, making it a much worse overall synonym for "version" even than "UUID". ... (check-in: 733ef88a user: wyoung tags: trunk)
19:54
Expanded the "version/revision/UUID/snapshot" discussion in the glossary into a separate term since these aren't strict synonyms for "check-in", the definition which previously hosted this topic. ... (check-in: 58030a78 user: wyoung tags: trunk)
19:00
Added a new glossary item "Capabilities" to introduce the term and distinguish it from "Permissions", and made several changes to the referenced document to reinforce this distinction and explain why we bother to make it. ... (check-in: 23b91f37 user: wyoung tags: trunk)
2023-03-12
21:10
Add a note to 'fossil uv' help that sync requires 'y' permissions on the remote. ... (check-in: 2eef3acd user: stephan tags: trunk)
2023-03-11
23:49
Give the correct way to figure out the temporary directory used under Windows. ... (check-in: 4e688dc0 user: danield tags: trunk)
13:10
Show the argv array on the /test_env page if the requestor is Admin. ... (check-in: 4350f326 user: drh tags: trunk)
11:23
Minor code re-org of previous checkin. ... (check-in: 2a4b604d user: stephan tags: trunk)
11:05
Add a 'Max' field to the forum thread list, analog to the one in /timeline, and remember that value as part of the display prefs cookie. Per request in forum post 113ee6f241b84403. ... (check-in: 2ee93fc0 user: stephan tags: trunk)
2023-03-10
23:06
In the Windows server document, provide a command to get the temporary path location as used by Fossil. ... (check-in: 1f184d0e user: danield tags: trunk)
19:48
Revise "Fossil as a Windows Service" page to provide tip on avoiding poor interaction with virsus scanning. ... (check-in: 6b43913e user: larrybr tags: trunk)
19:17
Improvements to the new security-audit feature that shows the command-line that launched the process that generated the web page. ... (check-in: 5caa3c5c user: drh tags: trunk)
18:13
Show the command-line on the security-audit page. ... (check-in: 5ab5469a user: drh tags: trunk)
15:40
On Windows, write the temporary server files to a subfolder, allowing for easier exclusion from antivirus scanning. ... (check-in: 364337be user: danield tags: trunk)
2023-03-09
16:23
Update the built-in SQLite to the first 3.41.1 beta, for testing. ... (check-in: 782a7f98 user: drh tags: trunk)
2023-03-07
15:40
Remove superfluous makeheaders-targeted declaration of markdown() from markdown.c, since this made it appear twice in the generated header files. ... (check-in: bb583b0c user: danield tags: trunk)
14:23
Change default anonymous user perms for new repos from 'hmnc' to 'hz', per discussion at forum post c6326072f3e6b270 and /chat. ... (check-in: ddabf09f user: stephan tags: trunk)
13:00
Make the no-op rendering callbacks in backlink.c type-compatible with the declarations in mkd_renderer, doing away with a theoretically possible undefined behavior and the related compiler cast warnings. ... (check-in: d3434fd8 user: danield tags: trunk)
12:40
CSS tweak to make long hashes wrap in narrow /chat views. ... (check-in: 8a401c20 user: stephan tags: trunk)
2023-03-03
14:34
Resolve incorrect value being sent with the SMTP EHLO header when sending notification mails, per discussion in forum post f183ab47a7beee47. ... (check-in: e7a5b985 user: stephan tags: trunk)
13:05
Minor updates to the schema docs for the tagxref table. No functional changes. ... (check-in: 3037be63 user: stephan tags: trunk)
2023-03-02
20:20
Refactor the "repack" command to call extra_deltification() routine directly. ... (check-in: 9c1f486f user: drh tags: trunk)
17:24
The recommendation to configure Fossil with the --static flag is semi-obsolete, and the following advice to look further down in the same document for the Docker workaround was wholly obsolete since moving all of this into the dedicated containers.md doc. Fixed all this up, and linked to the "why" answers on Stack Overflow about all of this in a few more places. ... (check-in: d282e42c user: wyoung tags: trunk)
17:13
Merge trunk into forumpost-locking branch. ... (check-in: 27c3423e user: stephan tags: forumpost-locking)
14:10
Prototype for one approach to linking forum posts to other artifacts (initially check-ins). Adds the --forumpost HASH flag to the ci command, which adds a forumpost/FULL-HASH tag to the checkin for later use in /info and forum post views. For ease of use, this probably needs to be adapted to map only to the first version of a forum post, as is done in the forumpost-locking branch, once that branch is merged with trunk. ... (Closed-Leaf check-in: 3e5d23da user: stephan tags: ci-link-formpost)
10:26
An equivalent of the patch proposed in forum post f183ab47a7beee47 to resolve the argument sent to smtp EHLO, reducing it from an email address to the domain part of the address. ... (Closed-Leaf check-in: be4815b1 user: stephan tags: smtp-ehlo)
2023-02-28
05:41
The /zip and /tarball built-in help now makes clear that the VERSION/ part of the URL is optional to help avoid confusions like we're seeing in the forum post that sparked this sequence of improvements. ... (check-in: 4717db33 user: wyoung tags: trunk)
2023-02-27
12:31
Make similar improvements to the documentation for /zip and /sqlar. ... (check-in: 9eadac20 user: drh tags: trunk)
12:25
Attempt to clarify the documentation of the /tarball URI. ... (check-in: 7cd1ebd0 user: drh tags: trunk)
2023-02-25
22:14
Correct 2.21 change log link to point to 2.21 instead of 2.20. ... (check-in: 1eb545a1 user: stephan tags: trunk)
22:11
Update version to 2.22 for the next dev cycle. ... (check-in: e13f7ca4 user: stephan tags: trunk)
20:44
Documentation for "fossil all remote". ... (check-in: 6ad6c559 user: drh tags: trunk)
19:23
Version 2.21 ... (check-in: f9aa4740 user: drh tags: trunk, release, version-2.21)
2023-02-24
23:39
Move forumpost close/re-open controls around. Add, if appropriate, a Close/Re-open button to the thread view, but only for the currently-selected post. ... (check-in: ecc324b6 user: stephan tags: forumpost-locking)
23:38
In /admin_log, add rowid DESC to the ORDER BY so that entries with the same timestamp predictably sort newest-first. ... (check-in: 914c6b5a user: stephan tags: forumpost-locking)
17:14
Fix a harmless compiler warning in gzip.c. ... (check-in: 9b05cad1 user: drh tags: trunk)
2023-02-23
18:47
Fix a harmless compiler overflow warning. ... (check-in: 2fd158fc user: danield tags: trunk)
2023-02-22
06:09
Minor CSS tweaks to closed forum posts. ... (check-in: 3078ff46 user: stephan tags: forumpost-locking)
04:46
Rework forumpost closure to always apply to the first artifact in an edit chain to enable consistent behavior across the whole chain and responses to arbitrary versions within that chain. Add rudimentary UI elements for closing/re-opening posts, but their layout needs to be revisited (noting that they need to be in a separate form from the main editor so that closing/re-opening introduces only a smalll control artifact instead of a whole forumpost artifact). ... (check-in: cc6ca4e1 user: stephan tags: forumpost-locking)
00:09
Clarified one of the 2.21 changelog entries. (Started as fixing a typo.) ... (check-in: 86c4e6bf user: wyoung tags: trunk)
2023-02-21
23:34
Update the built-in SQLite to the 3.41.0 release. ... (check-in: 6d88833f user: drh tags: trunk)
10:30
Initial (untested) code for creating the control artifact for closing and re-opening forum threads. Extend test-forumthread's tree view to show thread closure. ... (check-in: 32fc62e6 user: stephan tags: forumpost-locking)
09:52
Add db_add_unsent() and replace numerous "INSERT OR IGNORE INTO unset" statements with that. ... (check-in: 98d4ee73 user: stephan tags: forumpost-locking)
08:47
Coding style tweaks. ... (check-in: 9fc70f6f user: stephan tags: forumpost-locking)
03:58
Correct inability of forum users to delete their own pending-moderation posts. ... (check-in: 19333c8a user: stephan tags: trunk)
03:49
Closed forum threads can no longer be edited by non-admins. Fix broken ability of non-builtin users to delete their own pending-moderation post. UI controls for closing/reing-open threads are still TODO. ... (check-in: 8f02c1d4 user: stephan tags: forumpost-locking)
01:58
Add capability to determine whether a given sub-thread inherits a lock from a parent. Re-label "locked" to "closed" per /chat feedback. ... (check-in: 464f4d17 user: stephan tags: forumpost-locking)
00:52
Initial bits for "locking" forum (sub)threads using a "closed" tag. This currently affects the display but does not hinder edits made via malicious misuse because the pieces needed for such validation do not yet have access to the relevant ForumPost objects. ... (check-in: 4d664bfe user: stephan tags: forumpost-locking)
2023-02-20
14:58
Change the typedef of u32 in search.c so that it works in older PPC macs. ... (check-in: f82caec5 user: drh tags: trunk)
2023-02-17
14:57
Fix a multitude of harmless compiler warnings. ... (check-in: 53db40e6 user: drh tags: trunk)
14:37
A large collection of compiler warning fixes re. signed/unsigned comparison from Daniel D. ... (Closed-Leaf check-in: c71f711e user: stephan tags: compiler-warnings)
2023-02-15
11:26
Reverted half of commit [4ad86dd5]: it incorrectly moved a CSS style instead of copying it to where it also needed to be. The user-visible effect was that centered Pikchrs varied in size according to their size and complexity, which meant that elements that should've been the same size weren't. ... (check-in: 5ad62aba user: wyoung tags: trunk)
05:16
Cleaned up a few inconsistencies in the Pikchrs in the branching doc in an attempt to fix the smaller-and-smaller diagram size problem currently occuring in this doc. ... (check-in: 239fb5b1 user: wyoung tags: trunk)
2023-02-14
20:54
Updated the PBKDF2 recommendations in the backup doc to track recent changes in best practice due to all these GPU computing fleets coming online. Added a few paragraphs explaining the limits to all of this and why we chose the passphrase lengths we did as examples. ... (check-in: 6a3d6fa6 user: wyoung tags: trunk)
11:42
Update the built-in SQLite to the latest 3.41.0 beta for testing. ... (check-in: 7b505774 user: drh tags: trunk)
2023-02-10
17:38
Add a PD_NoBot() check to /timeline, based on spider attack records. ... (check-in: 3fa6f8f0 user: stephan tags: trunk)
2023-02-09
21:00
Update the change log. ... (check-in: a64ef5ef user: drh tags: trunk)
20:09
Add the "repack" command as an alias for "rebuild --compress-only". ... (check-in: dd6a88da user: drh tags: trunk)
19:45
The extra-delta-compression step now reports the number of new deltas added and the bytes of storage space saved using those deltas. ... (check-in: 59e21eb3 user: drh tags: trunk)
16:16
Updates to the change log. ... (check-in: 7449a10f user: drh tags: trunk)
2023-02-08
16:59
Further improvements to the attack-spider detection mechanism. ... (check-in: eb7fad0c user: drh tags: trunk)
16:41
As a performance optimization, only do the SQL-injection detection for user "nobody". Improved comment on cgi_value_spider_check() to better explain what this subsystem is all about. ... (check-in: 00ae2391 user: drh tags: trunk)
16:32
Test command for the SQL-injection detection routine. Possible performance improvements as well. ... (check-in: d3cb62f7 user: drh tags: trunk)
14:54
Update the built-in SQLite to use the latest 3.41.0 alpha version that includes new efforts to silence nuiscance compiler warnings. ... (check-in: 05fa1c3c user: drh tags: trunk)
13:35
Fix a couple of -Wextra compiler warnings. ... (check-in: 3afeef3f user: danield tags: trunk)
2023-02-07
16:50
Rename AntiSpider to NoBot, for brevity's sake. ... (check-in: fa279798 user: stephan tags: trunk)
16:48
Rename P_NoSQL and PD_NoSQL to P(D)_AntiSpider to make their intent clearer and the names more generic. ... (check-in: 91d13592 user: stephan tags: trunk)
16:28
Merge spider-sql-detection branch into trunk, per /chat discussion. ... (check-in: 534c10f6 user: stephan tags: trunk)
16:24
Apply the spider SQL check to the diff URL argument of the /vdiff page. Improve some related docs. ... (Closed-Leaf check-in: 936c122f user: stephan tags: spider-sql-detection)
16:18
Inititial draft of an attempt to intercept certain SQL injection attacks recently seen made against fossil repos. Its effect can be seen by visiting: /vdiff?from=trunk&to=trunk&w=drop ... (check-in: 61a608a2 user: stephan tags: spider-sql-detection)
2023-02-06
13:37
Make the --nossl and --nocompress server options available for CGI requests. ... (check-in: 39152623 user: florian tags: trunk)
2023-02-03
15:59
Fix another harmless compiler warning reported by Clang-15. ... (check-in: de184889 user: danield tags: trunk)
15:15
Attempt to fix various harmless compiler warnings reported by Clang-15. ... (check-in: e486a0ac user: drh tags: trunk)
14:59
Update the built-in SQLite to the latest trunk version that attempts to fix various harmless compiler warnings reported by the new Clang-15. ... (check-in: ea57625d user: drh tags: trunk)
14:32
Add the /deltachain page, indented for analysis of the delta compression and future improvements to that algorithm. There are links to the delta chain on the /timeline and /finfo when the showid query parameter is used. ... (check-in: 00c62a11 user: drh tags: trunk)
07:21
prefill the tktnew page email field with user emailaddr

If the logged-in user has a valid email address in their contact-info, use it to prefill the email field in the /tktnew page when submitting a new ticket. As discussed in /chat, enhance the Fossil builtin find_emailaddr() SQL function--suggested by wyoung@--to parse strings for well-formed email addresses not necessarily wrapped in <...>. Requested by jose i cabrera on the forum. ... (check-in: f974583f user: mark tags: trunk)

00:31
Enable SELECT statements for the ticket_schema_auth() authorizer. This is required for the new FTS5 search and the fts5_api_from_db() routine. ... (check-in: 3fe8a8cd user: drh tags: trunk)
2023-02-01
14:35
Do not export private artifacts to git. ... (check-in: fbd3b583 user: danield tags: trunk)
2023-01-31
10:41
Use a faster query when checking for private artifacts. ... (Closed-Leaf check-in: 25a6ba26 user: danield tags: git-export-omit-private)
10:11
Do not export private artifacts to git. ... (check-in: 40abd839 user: danield tags: git-export-omit-private)
10:07
Small correction in the usage text for 'fossil git'. ... (check-in: 1aa3188e user: danield tags: trunk)
2023-01-27
20:42
Add a link to the /intermap page for Interwiki Map keywords on the setup menu. ... (check-in: bb189a15 user: drh tags: trunk)
15:40
Update the built-in SQLite to the latest 3.41.0 alpha, for testing of SQLite. ... (check-in: 0f30113b user: drh tags: trunk)
2023-01-26
01:46
Refactor how the IF NOT EXISTS check is performed on the repository.admin_log table, per request from drh. ... (check-in: 2da6010b user: stephan tags: trunk)
2023-01-25
13:59
More updates f() to f(void). ... (check-in: 46ddf0e8 user: danield tags: trunk)
00:30
More updates of func decls f() to f(void). ... (check-in: 5dd632eb user: stephan tags: trunk)
00:25
More updates of func decls f() to f(void). ... (check-in: 9c5952be user: stephan tags: trunk)
2023-01-24
21:25
Upgrade FTS search from v4 to v5. ... (check-in: c3c4ef16 user: stephan tags: trunk)
19:01
Add initial infrastructure for being able to resolve 'ckout' uniformly in certain contexts, per /chat discussion. ... (check-in: 4d8c3026 user: stephan tags: trunk)
16:34
Make all variable declarations C89 compliant. ... (Leaf check-in: 462eb0cc user: drh tags: ui-local-diff)
14:36
The search logic now works correctly (I think) regardless of whether the repository uses a legacy FTS4 index or a newer FTS5 index. This allows the Fossil binary to be upgraded on systems without disrupting the search feature and without requiring a search index rebuild. The search index is automatically upgraded to FTS5 the next time the search index is rebuilt. ... (Closed-Leaf check-in: a07e6b87 user: drh tags: search-fts5)
03:59
Wrapping a few calls to vfile_check_signature() from the new local diff code in unprotect/pop call pairs to squish a DB protection error. ... (check-in: 1b3ef05e user: wyoung tags: ui-local-diff)
03:29
Brought the ui-local-diff branch up to date relative to trunk. It isn't a simple merge, primarily due to all the changes to /vdiff and /fdiff made over the past 2 years. It seems to work as well as it originally did, but it isn't ready to merge down to trunk as-is. ... (check-in: 76fa1657 user: wyoung tags: ui-local-diff)
03:26
Remove some end-of-line whitespace. No functional changes. ... (check-in: 8307133b user: stephan tags: search-fts5)
03:18
Replaced a standalone "diffFlags" variable in the /fdiff handler with use of the new DiffConfig.diffFlags member. No functional change, just a code cleanup found while working on another branch. Making it on trunk to keep that branch's diffs minimal. ... (check-in: 65d97f23 user: wyoung tags: trunk)
02:57
Replace FTS4 with FTS5, per forum post d05b1855aa. This has been only lightly tested and might require a repo rebuild (or that we rename the associated tables/views rather than recycle them). ... (check-in: c1933caf user: stephan tags: search-fts5)
2023-01-23
00:12
Add /json/settings/get and set APIs, per discussion in forum post 04b7159d63d4abe4. ... (check-in: a80f2748 user: stephan tags: trunk)
2023-01-22
22:01
Remember the chosen type of artifacts that are shown at /timeline page as a display preference. This amends the initial behavior introduced on 2017-11-29 with the 'sticky-timeline-style' branch. ... (check-in: 61bd0c9b user: george tags: trunk)
18:35
Fix appearance of a chat-only view: eliminate redundant gap between the vertical scrollbar and the right edge of a window. ... (check-in: d3c0206e user: george tags: trunk)
2023-01-21
12:14
Merge trunk into markdown-tagrefs branch. ... (check-in: baf038b1 user: stephan tags: markdown-tagrefs)
11:40
Make diff --checkin VERSION capable for working from outside of a checkout. ... (check-in: 8e8e0269 user: stephan tags: trunk)
10:50
Improve scroll width calculation for unified diffs. ... (check-in: 7a76111f user: florian tags: trunk)
01:13
Remove bootstrap skin, per discussion in forum post aa02d7443d446211. Clients with that skin selected will automatically be switched to the default. ... (check-in: e1ef9347 user: stephan tags: trunk)
2023-01-20
10:42
Simplify the loop to enumerate table columns to the left. ... (Closed-Leaf check-in: faadb48d user: florian tags: udiff-hscroll)
04:25
Add /json/settings/set. Replace several free() calls with fossil_free(). Work around json_send_response() being called twice in some CLI-based cases. ... (Closed-Leaf check-in: 4d2aeb29 user: stephan tags: json-settings-command)
00:11
Add docs for /json/settings. ... (check-in: f302b9bc user: stephan tags: json-settings-command)
2023-01-19
23:44
Roll back a broken part of [f3d3d1be59728b5dde702a] which caused only versioned settings' values to be fetched. ... (check-in: c7221a2e user: stephan tags: json-settings-command)
23:38
Correct (non-)fetching of sensitive properties for (non-)Setup users. ... (check-in: f3d3d1be user: stephan tags: json-settings-command)
23:32
Restructure /json/settings/get output from an array of objects to a map of objects, keyed on setting name, per forum discussion. ... (check-in: d0bf9682 user: stephan tags: json-settings-command)
12:15
Firefox ≠ Chromium ... (check-in: dbffb2fa user: florian tags: udiff-hscroll)
11:52
Compensate for the outer border. ... (check-in: 2c0d4352 user: florian tags: udiff-hscroll)
11:36
More accurate scroll width calculation for unified diffs (looks better for SQLite diffs with up to 5-digit line numbers). ... (check-in: 337b297c user: florian tags: udiff-hscroll)
02:55
For sensitive settings, always explicitly set value and valueSource to null for non-setup users (or if they aren't set), to avoid the possibility of downstream clients perhaps picking up inherited properties in their place, depending on their programming environment. ... (check-in: 451cda04 user: stephan tags: json-settings-command)
02:39
Extend /json/settings/get with a version=X flag indicating the check-in version to check for versionable flags in before falling back to either the checkout or repository. List sensitive properties for all users but elide their values for non-setup users (previously they were elided altogether for non-setup users). ... (check-in: fd405e95 user: stephan tags: json-settings-command)
01:01
Add missing 'void' to no-arg function decls and impls throughout the JSON API. (In my defense: the distinction between f(void) and f() was unknown to me at the time that code was written.) ... (check-in: 632dfd26 user: stephan tags: json-settings-command)
2023-01-18
00:54
Initial prototype of the /json/settings/get command/page, per discussion in forum post 04b7159d63d4abe4. ... (check-in: 29e5bb00 user: stephan tags: json-settings-command)
00:47
Fix a memory leak of the path to a versioned-setting file in print_setting(). ... (check-in: c76b0019 user: stephan tags: trunk)
2023-01-17
20:40
Small fix to the nojail patch; accidentally lost the [80faedbc] change in the shuffle. ... (check-in: 7a6cf9dd user: wyoung tags: trunk)
20:37
Removed the two "mknod" calls from the Dockerfile in the nojail patch used by Podman rootless containers. Not only is the build user not allowed to run mknod in that case, there will be a /dev tree mapped into the container, causing the commands to fail due to these two basic dev nodes preexisting. ... (check-in: d97a8fb1 user: wyoung tags: trunk)
20:35
No longer running "fossil" with a relative path ("bin/fossil") at the end of the Dockerfile, but instead relying on the hard-coded PATH defined a few sections prior. This allows the same command to work for both the rootful and rootless cases since moving the binary into /usr/bin/fossil to placate nspawn. Before, it was /jail/bin vs /bin, so the difference netted out to nothing. ... (check-in: 80faedbc user: wyoung tags: trunk)
20:32
Fixed a copy-paste error in the Podman sections of the container doc: was using "docker" commands instead of "podman" in a few places. That'll work for people who aliased them, but it's confusing. ... (check-in: 6eefa9b0 user: wyoung tags: trunk)
06:29
Removed use of UPX in the container build process. It complicates the build for a tiny gain while breaking ARM builds. We worked around the ARM-on-ARM case earlier, but it also breaks x86 cross-compilation on ARM. Images are already compressed, and while `upx -9` is stronger compression than whatever Docker Engine is using, it's a small advantage. This does mean the static executable isn't compressed any more on x86, but if you want that, you can UPX it afterward. ... (check-in: da545c9e user: wyoung tags: trunk)
05:28
Generating the /etc/os-release file for the OCI container using autosetup at configure time rather than from a build arg in the Dockerfile at image creation time. This lets us back out the use of heredocs in the Dockerfile, which isn't supported in Podman at all as of this writing and under Docker requires use of BuildKit rather than the legacy "docker build" mechanism.

The primary consequence of doing it this way is that the Fossil version number in that generated file becomes the configure-time version, unconditionally. The old way let you override the FSLVER variable at image build time and have that value put into the os-release file. Under this new scheme, you now have to run "/jail/bin/fossil version" to find out what version of Fossil got baked into the image. ... (check-in: ec8ef573 user: wyoung tags: trunk)

2023-01-16
18:14
Update the built-in SQLite to the latest 3.41.0 alpha version in order to silence harmless compiler warnings and for general testing of SQLite. ... (check-in: cdd89e2d user: drh tags: trunk)
15:37
Roll back the part of [71a2d68a7a113e7c] which automatically updates the user display prefs cookie, per /chat discussion. Updating the cookie once again requires an explicit udc URL arg or setting the skin, which implies udc. This fixes the problem that a timeline link from the /reports page persistently sets the default timeline entry count to the value used by that report. ... (check-in: 5feac634 user: stephan tags: trunk)
2023-01-13
18:38
Backout change on "login-group join" command which broke the usage of it outside an opened checkout (using -R flag). Change usage text to match the command behavior properly when using the -R flag. ... (check-in: edf03559 user: mgagnon tags: trunk)
16:52
Modernized several old fossil-scm.org URLs, changing "http" to "https" where absolute URLs are necessary, and using site-relative URLs otherwise. Also found and fixed a reference to fossil-scm.hwaci.com, which doesn't seem to resolve any more. ... (check-in: 143f1db7 user: wyoung tags: trunk)
16:35
Removed pointless "udc=1" parameters from a few Fossil file links from the docs. ... (check-in: 40d912ae user: wyoung tags: trunk)
14:55
Remove ":443" from the end of the hostname for HTTPS requests. ... (check-in: add3f520 user: drh tags: trunk)
14:34
Use the hostname as the report IP when doing SSH synchronization. ... (check-in: 0b7af9d8 user: drh tags: trunk)
13:09
Documentation and change-log updates. ... (check-in: a90d3aa1 user: drh tags: trunk)
2023-01-11
18:07
Enable horizontal scrolling for individual text blocks in unified diffs. Forum Post 91c3e7854c and the following. ... (check-in: 603816d2 user: florian tags: trunk)
07:56
Enable horizontal scrolling for individual text blocks in unified diffs. ... (Closed-Leaf check-in: 15ba7e61 user: florian tags: udiff-hscroll)
03:06
merge latest change from trunk. ... (Closed-Leaf check-in: 5d5911e6 user: mgagnon tags: no_ssh_sync_ip_resolve)
02:51
Make proxy setting "system" by default to use http_proxy environment variable. Closer to old behavior and conform with most programs on Unix-like system. ... (check-in: 8f9f2cb7 user: mgagnon tags: trunk)
2023-01-09
13:25
Help text improvements for diffcmd.c. ... (check-in: e1b51150 user: danield tags: trunk)
13:06
Further consistency improvements in docs for various commands. ... (check-in: 2512d2d4 user: km tags: trunk)
05:16
add new entry to related work links and polish markup

Add 'fsl', a tcl wrapper, to inspired projects; prompted by John Rouillard on the forum. While here, remove redundant markup and articles. ... (check-in: b4b8dc32 user: mark tags: trunk)

2023-01-07
20:58
Updates to the change log to discuss recent enhancements. ... (check-in: 7173a1b1 user: drh tags: trunk)
20:37
Submenu buttons linking all of the logging pages. ... (check-in: aae2b775 user: drh tags: trunk)
20:18
Make admin_log entries for password changes. ... (check-in: c9c7e8c1 user: drh tags: trunk)
17:06
Enhance the new /resetpw page so that it honors the redirect-to-https setting. ... (check-in: 3b1e8a0e user: drh tags: trunk)
15:36
Add the ability to enable users to request an email message that contains a special secure hyperlink that they can follow to reset their password. ... (check-in: 07bfe3fe user: drh tags: trunk)
15:35
Go to the login page after a successful self-service password reset. ... (Closed-Leaf check-in: 837f2758 user: drh tags: self-service-password-reset)
15:18
Improved comments. Extra defensive code. ... (check-in: d860e2b5 user: drh tags: self-service-password-reset)
14:25
Initial complete implementation of self-password-reset. Just need refinement and a security audit before merging to trunk. ... (check-in: 41bb73e9 user: drh tags: self-service-password-reset)
11:58
Add a non-functioning place-holder button to request a password reset to the /register page. ... (check-in: 5c62a2c3 user: drh tags: self-service-password-reset)
00:03
Add the /resetpw web page. The name argument must contain a hash that proves knowledge of the old password and that limits the valid lifetime of the argument. ... (check-in: ac86dfa0 user: drh tags: self-service-password-reset)
2023-01-06
21:33
Do not try to resolve the IP from the hostname when syncing using ssh:// protocol. Ssh may use the provided name as an alias defined in ~/.ssh/config which may not be resolvable or even resolve to an unrelated ip. This change can potentially avoid long timeout during name resolution failure. Equivalent to [52f08008e2790a81]. ... (check-in: e5c5622d user: mgagnon tags: no_ssh_sync_ip_resolve)
14:27
Oops, somehow one dash in `--file` got lost in 92d3fdba73a44c4c. ... (check-in: 0bf2eaaf user: km tags: trunk)
14:25
Minor adjustments in description of the `--file` option for `whatis`. ... (check-in: 92d3fdba user: km tags: trunk)
14:03
Allow writes to the accesslog table to record a login attempt even if the request is not from the same origin. This is needed in case a query request url it typed in manually but there is a cookie with login credentials that the browser adds automatically. ... (check-in: e31c2c01 user: drh tags: trunk)
13:10
Add the 'dont-commit' setting as a safety against accidental commits, per request in forum post 291f9af918. ... (check-in: 884436ce user: danield tags: trunk)
13:04
Fix a bug in the 'commit' command that made it ignore the 'forbid-delta-manifests' setting. ... (check-in: ead01b6f user: danield tags: trunk)
12:59
Fix the /chat-send page so that it works even with the recent same-origin security enhancements. ... (check-in: 4ba37b1c user: drh tags: trunk)
08:34
update related work page: Add Inskinerator as per forum post from wyoung@, the Makeheaders tool, and the new Sapling version control system. ... (check-in: be6d71dd user: mark tags: trunk)
2023-01-05
19:49
Add support for "fossil remote" and "fossil sync --all" to the "fossil all" command. ... (check-in: 693b950b user: drh tags: trunk)
17:21
Add the "-f|--file" flag to the "whatis" command which consist to search for any other files in the repo with the exact same content as the given file. ... (check-in: a821cbf5 user: mgagnon tags: trunk)
2023-01-03
20:13
Added named anchors to the "Image Format vs Fossil Repo Size" doc so I can refer to one in particular. ... (check-in: 7de2410f user: wyoung tags: trunk)
2023-01-02
16:12
When applying a patch, if the file rename fails, make that just a warning not a fatal error, as the warning might be due to file renames on a prior merge. Fix for ticket [21037bfc1296dabc]. ... (check-in: f0133846 user: drh tags: trunk)
15:52
Initialize the output blob in the test-delta-apply command. ... (check-in: dd9b3161 user: drh tags: trunk)
13:00
Show the value of g.zLocalRoot on the /test_env page. ... (check-in: 3df5d40c user: drh tags: trunk)
2022-12-31
18:51
Fix another case where PROTECT_READONLY needs to be relaxed even though the request not from the same origin. ... (check-in: 03e21b9c user: drh tags: trunk)
12:21
Fix stray character in the change log. ... (check-in: fbcd9a77 user: drh tags: trunk)
12:16
Fix more cases where updates to the SUBSCRIBER table should be allowed to occur even if not a request from the same origin. ... (check-in: f33976f7 user: drh tags: trunk)
2022-12-30
22:18
Correct mis-pluralization of 'new ticketss' in the timeline, per report in forum post e711cb860a. ... (check-in: 7c2c4457 user: stephan tags: trunk)
21:12
Improved comment on the db_obscure() routine. No functional code changes. ... (check-in: aa1a0b31 user: drh tags: trunk)
20:54
Security enhancement: Do not store the passwords for remote URLs directly, but instead store the sha1_shared_secret() encoding of those passwords. It is the SHA1 encoding that gets transmitted to the server anyhow, so we might as well just store that. The SHA1 encoding cannot be used to log in. The password is still protected using obscure() even though it is now a SHA1 hash. ... (check-in: 41ba6ea7 user: drh tags: trunk)
16:32
Show the parent-project-* CONFIG entries (if they exist) with the "fossil remote config-data" command. When parsing a URL, if the URL comes from the CONFIG table, remember the CONFIG table entry that supplied the password. ... (check-in: 6d0083ad user: drh tags: trunk)
12:26
Fix minor typos in the diff source code. ... (check-in: 4e169542 user: drh tags: trunk)
11:53
If there is a need to do lazy updates of the full text index during a request that is not from the same origin, then allow database writes for the duration of that update. Also, allow changes to USER and CONFIG tables when explicitly authorized by db_unprotect() even if the request that prompted the change is not from the same origin. ... (check-in: 8e85d6ca user: drh tags: trunk)
2022-12-29
21:09
All writes to the subscriber table to update the last contact time even if the request is not from the same origin. ... (check-in: db162628 user: drh tags: trunk)
20:09
Improved comments on the SQL protection subsystem. ... (check-in: 0aa3483f user: drh tags: trunk)
19:49
Only apply the PROTECT_READONLY restriction to the "repository", "configdb", and "localdb" database files. ... (check-in: b4e00621 user: drh tags: trunk)
19:39
Fix the new read-only-repo security mechanism so that it enables write access when necessary. ... (check-in: f8363db8 user: drh tags: trunk)
18:56
Add messages to the error log if the authorizer blocks an SQL statement for security reasons. This change requires a bug fix in SQLite and so it also includes the latest trunk version of SQLite. ... (check-in: 3d8bb63a user: drh tags: trunk)
17:00
Make the repository database read-only if an HTTP request is not from the same origin. This is not required for security. It is just an extra layer of defense. ... (check-in: 7c71f00a user: drh tags: trunk)
2022-12-25
16:17
A minor fix to the previous check-in. ... (check-in: abfec4dd user: george tags: trunk)
14:24
Use URI extensions rather than name= query parameters on key ticket hyperlinks. ... (check-in: 5f22b960 user: drh tags: trunk)
2022-12-21
12:07
Change spelling for check-in, check-out, and related words. ... (check-in: bc36fdcf user: danield tags: trunk)
11:52
Merge in help consistency improvements. ... (Closed-Leaf check-in: 526b0a54 user: danield tags: check-in-spelling)
09:31
Improved consistency for --help option descriptions. ... (check-in: 2e56ef4e user: km tags: trunk)
09:00
Improved consistency for --help option descriptions: begin with uppercase letter; do not use a period at the end of short-ish sentences. ... (Closed-Leaf check-in: de684083 user: km tags: spelling-fixes)
2022-12-20
14:21
A couple of corrections to the [2213a0eb2d413f|previous /secaudit0 addition]. ... (check-in: 43601b3d user: george tags: trunk)
09:53
Correct a small bit of internal-doc misinformation reported in forum post 9ed20acf6a. ... (check-in: dd67906c user: stephan tags: trunk)
09:46
Change spelling for check-in and similar ... (check-in: d9c4321e user: danield tags: check-in-spelling)
05:14
Move TH1/Tcl settings into their own configsets. ... (Leaf check-in: 5d784cf3 user: mistachkin tags: cfgSetTh1)
05:00
Unbreak MinGW build to account for deletions in zlib 1.2.13. ... (check-in: a24a790f user: mistachkin tags: trunk)