Fossil

Timeline
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

100 most recent check-ins

2019-08-25
13:24
Added HTTP proxying info to Debian nginx server setup guide. Leaf check-in: c6a033ce user: wyoung tags: trunk
12:39
Replaced the content of "Running Fossil in SCGI Mode" within www/server/debian/nginx.md with references to our other Fossil server docs. This also reduces the prior focus of this section on fslsrv to a single sentence, since we now prefer the systemd option, now that we have it. check-in: a4bb92f7 user: wyoung tags: trunk
12:29
Swapped the simple foo.net "whole site is Fossil" example in www/server/debian/nginx.md for the more complicated example.com one where only /code is served by Fossil. This is probably going to be more common, and it shows off the important detail of setting SCRIPT_NAME properly. Made a minor adjustment to any/scgi.md to track this change, so there is not a pointless difference between these two nginx configs. check-in: 653e90ca user: wyoung tags: trunk
11:52
Clarified use of scgi_params, SCRIPT_NAME, and service starting in the generic SCGI server setup doc. check-in: 5a58ac31 user: wyoung tags: trunk
2019-08-24
18:32
Merge fork check-in: 6c6aae97 user: andygoth tags: trunk
2019-08-23
12:42
Add the fossil_random_password() utility function and use it to generate a stronger initial admin-user password in the "fossil new" command. check-in: 23a9f9ba user: drh tags: trunk
12:23
If the test-markdown-render or test-wiki-render commands are invoked without a repository in which to check for Wiki page names and artifact hashes, then substitute a temporary, empty, in-memory repository so that the commands will still work and won't give SQL errors. check-in: 0ac64dad user: drh tags: trunk
11:49
Clarified the placement of "moderator" and "subscriber" in the power hierarchy expression within www/capabilities.md, since each could float up and down somewhat within the fixed hierarchy we give here. Also fixed a broken URL. Leaf check-in: ba88f4f2 user: wyoung tags: caps-doc
11:07
Markdown hyperlinks are only converted to links to wiki if the named wikipage actually exists. Otherwise, the link becomes a relative link. This is for backwards compatibility. check-in: 3b10e644 user: drh tags: trunk
08:31
Added www/capabilities.md, a complete treatment on user capabilities, user categories, login groups, and administration matters involving all of this. It does not replace the pre-existing admin-v-setup.md doc, but a bit of its content did move into this new doc. The new doc also contains the user capability info previously in the forum.wiki doc. This is on a branch because although it's quite useful already, it could use some work before being merged down. At the barest minimum, there are some unanswered questions in the new doc that need addressing.    This new doc does not replace the existing documentation in the UI. It may be that we end up paring that down a bit now that we have a full doc to refer to, but that is a topic for the forum thread that will appear shortly after this checkin. check-in: 832f107e user: wyoung tags: caps-doc
05:32
Fixed a few fatal error messages from the login-group command that referred to an "add" command, which is now called "join". The symptom I saw is that "fossil login-group add" complained that "add" is not a valid command and that you should give '"add" or "leave"' instead! check-in: 09c65d75 user: wyoung tags: trunk
05:22
Fixed a few messages from the login-group command that referred to an apparent older name for the "join" sub-command, "add". This lead to a confusing symptom: "fossil login-group add foo" -> {unknown command "add" - should be "add" or "leave"}. check-in: 739cd872 user: wyoung tags: trunk
2019-08-22
15:06
Stronger recommendation for changing the default user's random hex password prior to setting up a Fossil server after learning it's 6 hex digits, not 8 as I thoght when I wrote that! check-in: 9fcd6e44 user: wyoung tags: trunk
14:14
Added bullet list detailing the sources for <script nonce=""> from a Fossil server and the reasons we consider each path safe. check-in: 91377ae4 user: wyoung tags: trunk
13:31
Reworked the material explaining why in-page <style> is currently allowed by Fossil's default CSP to make it clearer that this is most likely a temporary situation and that local custom CSS should go in the skin instead. check-in: 092eeebf user: wyoung tags: trunk
13:13
Expanded the discussion of in-repo and out-of-repo resource links in defcsp.md. check-in: 23fcd765 user: wyoung tags: trunk
12:39
Reworked the new introductory material in defcsp.md to be less about the CSP as last-resort and more about being a secondary filter to our other measures. Gave examples to clarify the tensions that prevent a purely server-side solution from being a practical solution. check-in: 1c4df5bf user: wyoung tags: trunk
11:54
"RaspberryPI" -> "Raspberry Pi" check-in: 5182be99 user: wyoung tags: trunk
11:53
Assorted refinements to the new pre- and post-activation advice sections in www/server/index.html: nix passive voice, add a few details, add some links to related docs, etc. Also fixed a CSS indenting problem preventing correct use of in , then made use of the new freedom in these sections' numbered lists. check-in: b5c2c9bf user: wyoung tags: trunk
2019-08-21
19:18
Fix the $ROOT mechanism in HTML documents so that it accepts any whitespace character before href= and script=. Add $ROOT in appropriate places in the server documentation. check-in: 3e183bfa user: drh tags: trunk
18:15
Outline how to configure a repository before and after server activation. check-in: 154ea087 user: drh tags: trunk
17:37
Improvements to the althttpd documentation. check-in: 44f1df9f user: drh tags: trunk
17:21
Further improvements to the server document. check-in: c2c4d303 user: drh tags: trunk
16:57
Extra defenses against running fossil_atexit() more than once. check-in: bc7683e1 user: drh tags: trunk
16:55
Fix the "shell" command so that it avoids invoking the atexit() handler more than once. check-in: 07a5a211 user: drh tags: trunk
15:56
Server documentation updates. check-in: b2426c27 user: drh tags: trunk
14:46
Merge in recent developments on trunk. Leaf check-in: 70d091ea user: andybradford tags: test-updates
12:32
Disallow versioning of security sensitive settings tcl-setup, th1-setup, and th1-uri-regexp. For effective security, these settings should only be controllable by an administrator. check-in: 2da704c5 user: drh tags: trunk
11:26
Update to the default CSP page. Attempted to resolve merge conflicts, but more editting is likely necessary. check-in: 33a7b8ba user: drh tags: trunk
11:09
Added a header to the new XSS material in defcsp.md so we can refer directly to it. check-in: 7b843f2d user: wyoung tags: trunk
11:01
More thorough explanation of <script nonce> in www/defcsp.md, and explained the reason why Fossil has no way of providing that nonce in most content types rather than link to the "XSS via check-in rights" forum post. This new presentation of that post's ideas is more detailed and includes discussion of the feature's interaction with the TH1 docs feature. check-in: 8d43bb87 user: wyoung tags: trunk
09:40
Major improvements to the new defcsp.md article. Expanded the introductory material to better describe what the CSP does; added named anchors to headers; moved the discussion of $default_csp overrides into this document from customskin.md, which now just says how you use that variable read-only; and added an entirely new section, "Replacing the Default CSP". check-in: 366b23a1 user: wyoung tags: trunk
08:52
Replaced the redundant copy of the default CSP in skins/bootstrap/header.txt with "$default_csp", allowing the TH1 setup script to override the CSP as in all the other stock skins. (Bootstrap is the last stock skin to define a custom <head> element.) check-in: 14ac2cac user: wyoung tags: trunk
2019-08-20
19:16
Fix memcpy() compiler warnings. check-in: 7ae4b1a7 user: drh tags: trunk
16:11
Fix possible misaligned pointer to a 16-bit object. check-in: f7c41be8 user: drh tags: trunk
15:04
Updated and expanded documentation on how to set up a Fossil server. check-in: f146e21a user: drh tags: trunk
14:55
Add the --with-sanitizer option to the ./configure script. check-in: 231d6933 user: drh tags: trunk
07:01
Fixed a link punctuation bug introduced in [74a6578c]. Closed-Leaf check-in: c57e1793 user: wyoung tags: server-docs
06:45
The merge from trunk accidentally reverted part of the new text in www/embeddeddoc.wiki. (This part was manually merged, and I missed a diff relative to trunk.) check-in: 8976a9da user: wyoung tags: server-docs
06:35
Missed a link to server.wiki that should have been checked in with [74a6578c]. check-in: d5def0c8 user: wyoung tags: server-docs
06:34
Merged in trunk improvements check-in: 42d28c02 user: wyoung tags: server-docs
06:28
Reverted src/doc.c to the trunk version. The "Plan Z" reversion in [8264fd75] was incomplete, causing bad TH1 variable expansion. I believe this explains the symptom I worked around in [9bdf650f0b8]. This check-in also cherry-picks [3d6a4fd95c] onto the branch. check-in: 3cdf764c user: wyoung tags: server-docs
06:03
Updated all of the internal hyperlinks referencing www/server.wiki to point at either www/server/index.html or one of the docs it now points at. check-in: 74a6578c user: wyoung tags: server-docs
04:57
Fixed an unwanted "$nonce" variable expansion within the new customskin.md introduced by [9044fd2dbe] which only occurs *sometimes*: not on fossil-scm.org, and apparently not in my earlier ckout testing prior to checking it in, but now in a different ckout test. This has to be a TH1 thing, but I don't understand why we didn't see this earlier. This is just a workaround for the symptom. check-in: 9bdf650f user: wyoung tags: trunk
04:34
Fixed a link from the new material in embeddeddoc.wiki to the new CSP material: that briefly lived in customskin.md before checking it in, but then I moved it to a new document and forgot to update the link. check-in: f4cbfd5a user: wyoung tags: trunk
04:24
Fixed a couple of Tcl syntax fixes that caused the new --with-sanitizer code to a) run unconditionally irrespective of the option's setting and b) to check for the existence of libubsan whether it was actually needed or not. Closed-Leaf check-in: 66fdab76 user: wyoung tags: configure-updates
04:07
Added www/defcsp.md, which documents the default Content Security Policy applied by Fossil to the HTML pages it serves. Linked that into embeddeddoc.wik and customskin.md, which touched on this topic before but didn't go into much detail. check-in: 4e6d36d7 user: wyoung tags: trunk
02:09
Fix a compiler warning in the security-audit page. check-in: 3243a6c1 user: drh tags: trunk
01:34
Added --with-sanitizer configure-time option for appending -fsanitize=VALUE to CFLAGS and LDFLAGS, plus automatic detection of -lubsan for GCC, which doesn't automatically link to that with -fsanitize=undefined as Clang does. EDIT: This check-in breaks the built on Ubuntu 18.04. check-in: 7907b6ff user: wyoung tags: configure-updates
00:41
Removed "known to work with IIS" bit from www/server/index.html in the CGI section, since that is not actually true. We can put it back once someone figures out the IIS + CGI + Fossil CPU pegging problem. check-in: 8b7c17de user: wyoung tags: server-docs
00:37
Removed documentation of the nonce="$NONCE" feature in www/embeddeddoc.wiki, removed as part of [8264fd75]. check-in: d55f6b15 user: wyoung tags: server-docs
2019-08-19
23:32
Fix a broken hyperlink on the new server-docs index page. check-in: 461c8f06 user: drh tags: server-docs
19:29
Updating links in www/server/windows/stunnel.md to correct locations. check-in: 65d175ae user: ckennedy tags: server-docs
18:24
Plan Z check-in: 8264fd75 user: drh tags: server-docs
17:18
Have the security-audit page analyze and display the content security policy. check-in: 9cf90a4f user: drh tags: trunk
13:04
Increase the default HTTP request timeout to 10 minutes. Provide the FOSSIL_DEFAULT_TIMEOUT compile-time option for setting an alternative default. check-in: 7979989d user: drh tags: trunk
12:38
Added missing www/chroot.md file check-in: 80cd49f0 user: wyoung tags: server-docs
12:09
Updated www/server/index.html to no longer discuss launchd as a "maybe" option now that we have a document for it, and removed mention of Solaris SMF entirely. check-in: 1e6fbcf2 user: wyoung tags: server-docs
11:59
Added www/server/macos/service.md and then added macOS to the set of server OSes offered in www/server/index.html check-in: e0ad4b48 user: wyoung tags: server-docs
10:22
Assorted small tweaks to www/server/windows/iis.md check-in: b5fefeec user: wyoung tags: server-docs
10:10
Small tweaks to the new "Serving as a Standalone Server on Windows" article. check-in: 3995a3c7 user: wyoung tags: server-docs
09:47
Assorted small tweaks to server docs, mainly around new systemd material. check-in: 9d4a4782 user: wyoung tags: server-docs
09:10
Added www/server/debian/service.md, demonstrating systemd configuration of Fossil for the first time in the official docs, both as a user serivce and in socket activation mode as a system-level service. check-in: 94763aed user: wyoung tags: server-docs
05:00
Clarity tweak check-in: bc678e13 user: wyoung tags: server-docs
04:58
Grammar fix on previous check-in: d5c754f9 user: wyoung tags: server-docs
04:58
Title tweak on previous check-in: afc65312 user: wyoung tags: server-docs
04:57
Added www/server/windows/none.md server setup article check-in: 3e55ddf7 user: wyoung tags: server-docs
03:44
Added explicit instructions on installing IIS within the new IIS server docs. It isn't installed by default, and in the CGI case, CGI isn't part of the default IIS install. check-in: b2f10ad5 user: wyoung tags: server-docs
01:17
The www/customskin.md document hadn't been updated since we removed the explicit <html><head> stuff from the default skins and moved that into the C code so we could insert the CSP and such automatically. Updated it to show the inner tags that you actually get by default now, and talked about how the HTML document wrapper is added automatically. Also fixed some spelling and grammar errors. check-in: 9044fd2d user: wyoung tags: trunk
00:51
Fix embedded HTML detection for the 'doc' web page when the 'data-title' attribute is not specified. check-in: 3d6a4fd9 user: mistachkin tags: trunk
00:30
Added links back to the top-level www/server/index.html article from the tail end of www/server/*/*.md. check-in: 0f6f151d user: wyoung tags: server-docs
00:25
Justified the ordering of sections in www/server/index.html by including info on complexity. CGI remains last because CGI is only a "simple" option when someone else sets up the CGI security for you, as on old-style cheap hosting plans. Also added several inline sub-document references. check-in: 9f4121db user: wyoung tags: server-docs
00:01
Merged the lists of socket listener daemons into the Socket Listener section of www/server/index.html: the list of known-working daemons down from the numbered list at the top of the article, and the list of potentially-working daemons up from the <noscript>-cloaked document matrix below. Also reordered the sections from simplest to most complex. check-in: d9ab9c56 user: wyoung tags: server-docs
2019-08-18
10:26
Improvements to the nonce='$NONCE' substitution mechanism. check-in: 1c50073d user: drh tags: server-docs
08:52
Implemented the first version of the JavaScript tutorial chooser in www/server/index.html, complete with fallbacks for the noscript case, optional display of the static document matrix, and pretty CSS transitions between the states. check-in: 0cbdbc72 user: wyoung tags: server-docs
06:20
URL fix in previous check-in: a7610e42 user: wyoung tags: server-docs
06:06
Added the nonce="$NONCE" embedded documentation substitution feature and documented that and the other pre-existing text substitution features. check-in: 02db05e6 user: wyoung tags: server-docs
05:20
Further refinement of the server setup tutorial matrix CSS check-in: a6fee589 user: wyoung tags: server-docs
05:12
Reduced the number of columns in the server setup tutorial matrix by collapsing all of those for the OS's default web server down to a single shared column. Also dropped the xinetd column as obsolete. (We still have the explicit xinetd article link above.) check-in: 3f9f1bdf user: wyoung tags: server-docs
04:51
Moved inline CSS within www/server/index.html elements up into a <style> block at the top. Then used that to create a more even matrix layout. Also fixed some incorrect URLs checked in with the prior version, due to the document changing directory level. check-in: 648574cb user: wyoung tags: server-docs
04:41
Renamed www/server.wiki to www/server/index.html and converted it to HTML format. Did a bit of prose polishing and CSS work while in there. check-in: 81932667 user: wyoung tags: server-docs
04:12
Small improvements to IIS + CGI doc check-in: f7c839c1 user: wyoung tags: server-docs
03:53
Added docs for IIS + CGI server configuration. check-in: 9098ebba user: wyoung tags: server-docs
02:21
Assorted improvements to www/server/windows/iis.md. Removed the empty CGI and SCGI sections, as those will be separate articles. Added "Why Bother?" section. Added link to ./service.md. Better explanation of the /code rewriting example. Hoist TLS info up into the new "Why Bother?" section. check-in: 1670e5fa user: wyoung tags: server-docs
01:03
Capitalization fix in HTML output from /artifact_stats check-in: d570edc6 user: wyoung tags: trunk
00:59
Include forum artifact statistics on the /artifact_stats page. check-in: e2f2a05e user: drh tags: trunk
2019-08-16
18:58
Corrected the description of nginx + SCGI in www/server.wiki. check-in: 0f217e89 user: wyoung tags: server-docs
18:36
Added starting version of www/server/windows/iis.md, covering only the HTTP reverse proxying case. check-in: fbacfacf user: wyoung tags: server-docs
14:25
An attempt to make the main server.wiki page simpler and yet self-contained, all at once. check-in: 5bb1e112 user: drh tags: server-docs
12:53
Moved the chroot and loadmgmt sections of www/server.wiki into separate documents. This change also adds info on /proc to the chroot doc, which was missing in its prior server.wiki form. Also reduced a few other "details" sections of server.wiki to bullet points in the new "Further Details" list at the end of the document. check-in: 85eaffb6 user: wyoung tags: server-docs
11:59
Changed "socket activation" to "socket listener" in all the new docs check-in: 3c9f811b user: wyoung tags: server-docs
11:42
Markdownism fixes... check-in: 1428f59e user: wyoung tags: server-docs
11:41
Small improvements to the new Fossil Chroot Jail section of www/server.wiki check-in: 4c837bc3 user: wyoung tags: server-docs
11:08
Small clarity tweak to the new "Methods" discussion in www/server.wiki. check-in: fc00b7b2 user: wyoung tags: server-docs
10:27
Converted the backwards-compatibility sections in www/server.wiki into identified hyperlinks to the new docs, which allows existing external ".../server.wiki#cgi" URLs and such to work without needing the near-empty sections containing only a hyperlink just to anchor the link. check-in: 0bb59100 user: wyoung tags: server-docs
10:19
Several small refinements to prior check-ins. check-in: 16e3cff6 user: wyoung tags: server-docs
10:11
Moved the "Serving via althttpd" material from www/ssl.wiki to a new document, www/server/any/althttpd.md, linked from www/server.wiki. check-in: 2e19fcee user: wyoung tags: server-docs
09:55
Added some named anchors to www/server/any/stunnel.md check-in: ce4b4bae user: wyoung tags: server-docs
09:54
Moved the stunnel proxying docs from www/ssl.wiki to a new document www/server/any/stunnel.md, and pointed www/server.wiki at it. Also replaced some similar material in this branch's new www/server/windows/stunnel.md file at this generic document. Between these two changes, the generic stunnel docs now cover the reverse proxying option for the first time. (The old version used the socket activation method exclusively.) The new document also gives a more realistic configuration, showing Let's Encrypt paths and a sensible ciphersuite configuration. check-in: 53b2e866 user: wyoung tags: server-docs
09:15
Split the HTTP-only parts out of www/tls-nginx.md into a new document discussing only the reverse-proxying of `fossil --scgi` to HTTP using nginx on Debian type OSes. That material is now in www/server/debian/nginx.md, which is referred to from www/server.wiki. While in there, did a bit of prose polishing on this old guide. check-in: 2baa8151 user: wyoung tags: server-docs