Fossil

Timeline
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

2019-11-15
02:50
Removed the media="screen" part of the stylesheet link output because it provides no benefit to on-screen reading and causes the style to be completely lost when printing. See https://fossil-scm.org/forum/forumpost/63a45d759e. Leaf check-in: f27d4b50 user: stephan tags: trunk
02:31
Modified grep command to respect the hash-digits config option. Leaf check-in: dccab378 user: stephan tags: grep-hash-digits
2019-11-11
15:22
Omit some asm code from the SHA1 implementation as it provides no performance improvement with modern compilers, and SHA1 is seldom used now anyhow. check-in: 20187be7 user: drh tags: trunk
2019-11-09
04:27
Told .editorconfig to use tabs for Makefiles, otherwise it mangles them with the default indention style (spaces). check-in: b86c8b47 user: stephan tags: trunk
2019-10-28
19:16
Merged in double-dash-flag2 branch, which adds conventional -- handling to the vast majority of commands (the exception being those few which don't call verify_all_arguments()). check-in: 5cca4646 user: stephan tags: trunk
2019-10-24
14:30
Merge in latest from main line. Leaf check-in: f882d5cb user: andybradford tags: clone-resume
2019-10-23
00:46
Make a hyperlink to the Artifact Receipt log from the "Received From" field of the /info page (visible to administrators only). check-in: a92d5a51 user: drh tags: trunk
2019-10-21
03:22
Put 7.x series headlines one level deeper so they nest properly under their parent, the 7.0 section, in rebaseharm.md doc. check-in: 5453dbff user: wyoung tags: trunk
03:05
Moved all of the "Features found in Fossil but not in Git" up from section 3.1 into section 2.1 Featureful of the fossil-v-git doc, where such differences are otherwise covered. Removed section 3.2, giving the opposite case, since all of the Git features not found in Fossil are already covered elsewhere in the doc, sometimes more than once, as with the rebase issue. check-in: d357f81b user: wyoung tags: trunk
02:40
Updated the discussion of SHA-3 support in Fossil within the fossil-v-git.wiki doc now that Fossil 2.10 is out. Basically, it changes the tense on all SHA-1 text to past tense. check-in: d887a6d7 user: wyoung tags: trunk
01:53
Replaced brief footnote in fossil-v-git doc explaining why we use JavaScript (sparingly) with a reference to the new javascript.md doc, which explains this much more fully. check-in: 21c7f1f8 user: wyoung tags: trunk
2019-10-16
17:44
Improved documentation for the --cherrypick and --backout options of the "fossil merge" command. check-in: 29a383e4 user: drh tags: trunk
2019-10-12
22:39
Updates to windows server documenttion to include examples of winsrv command. check-in: 6a0ec82b user: ckennedy tags: trunk
2019-10-10
05:49
Merged in trunk. Closed-Leaf check-in: 22150aba user: stephan tags: double-dash-flag2
2019-10-09
14:52
Attempt to resume a clone during the next sync or pull by tracking a failed clone operation. check-in: ec264714 user: andybradford tags: clone-resume
2019-10-08
16:00
Increase the version number to 2.11 for the next release cycle. check-in: 10fb90fc user: drh tags: trunk
00:57
Updated Windows Service documentation to reflect new 64bit binaries for Fossil 2.10 for Windows. check-in: cb13b611 user: ckennedy tags: trunk
2019-10-07
11:49
Fix a typo in the help text for the "fossil info" command. check-in: 3d58d890 user: drh tags: trunk
11:03
Statement ordering: Don't read 'fingerprint' when there are no checkin's. check-in: ffe7cc59 user: jan.nijtmans tags: trunk
10:07
Prevent false-positive in fingerprint check, when the current checkout is empty. check-in: fd8816ec user: jan.nijtmans tags: trunk
08:42
Removed a duplicate entry from www/mkindex.tcl check-in: 4edc1302 user: wyoung tags: trunk
2019-10-04
22:22
Fix typo in the server extension documentation. check-in: 11c65043 user: drh tags: trunk
22:20
Fix the date on the 2.10 change log. check-in: 80ea65af user: drh tags: trunk
21:41
Version 2.10 check-in: 9d9ef822 user: drh tags: trunk, release, version-2.10
15:44
Update the built-in SQLite to the 3.30.0 release version. check-in: fc19d369 user: drh tags: trunk
01:16
EditorConfig file for Fossil Project. See https://fossil-scm.org/forum/forumpost/7da5900698 for discussion. check-in: cb4412b6 user: ckennedy tags: trunk
2019-10-03
21:22
Merged js-use-doc branch down to trunk check-in: 39d3baab user: wyoung tags: trunk
2019-10-02
20:18
Fixed (wiki commit) to check for an existing page when the --mimetype flag is used (previously it only checked when that flag was not provided). Bug reported at https://fossil-scm.org/forum/forumpost/27ad929e1a. check-in: c0de97a1 user: stephan tags: trunk
16:14
Much simplified re-implementation of [double-dash-flag] without the unconventional '-' alias behaviour. (Still requires more testing.) check-in: c32966e0 user: stephan tags: double-dash-flag2
06:49
Added "File Browser Tree View" item to www/javascript.md Closed-Leaf check-in: 72a00d1f user: wyoung tags: js-use-doc
2019-10-01
18:11
Use double-quotes instead of single-quotes for the argument to "git export" in the "fossil git export" command, for windows compatibility. check-in: be7c1bde user: drh tags: trunk
16:57
Correction and clarification of the use of unsafe-inline for style in the "defcsp.md" document. check-in: baecb63d user: drh tags: trunk
16:13
Added www/javascript.md doc. On a branch pending forum discussion. check-in: 9fd8b1c9 user: wyoung tags: js-use-doc
13:44
Several small tweaks to defcsp.md check-in: e73901f1 user: wyoung tags: trunk
07:13
Enable client to control how much time skew is allowed before warning. This can be useful if one is not in control of the time on the remote server. Patch rejected because accurate timestamps are crucial. Closed-Leaf check-in: 307f7642 user: andybradford tags: time-skew-setting
2019-09-30
16:08
Update custom Makefile for MinGW. check-in: 161958a4 user: mistachkin tags: trunk
2019-09-29
00:20
Added "Alternatives" section to shunning.wiki. check-in: 004c5507 user: wyoung tags: trunk
2019-09-28
20:52
When replying to a Forum Post or Reply, show additional information to provide additional context. This helps if one walks away from the browser before submitting the response. Leaf check-in: e19dcc1a user: andybradford tags: forum-replies
12:17
Minor /shun wording change suggested in the forum. check-in: b3e8253d user: stephan tags: trunk
2019-09-27
18:47
Update the fingerprint mechanism so that it if the revised hash algorithm fails, it retries using the legacy hash algorithm before reporting an error (and alarming users). The revised hash is always stored. The "test-fingerprint" command is updated to show both the old and the new hash algorithm and the fingerprint currently stored in the localdb. check-in: 36d36858 user: drh tags: trunk
16:10
Added -- support to (add, rm, mv). check-in: 9a7101d5 user: stephan tags: double-dash-flag
15:45
fossil add: fixed leak of ignore-glob prompt string. check-in: e5e09407 user: stephan tags: trunk
08:48
Initial work on unified "--" flag support, as requested in https://fossil-scm.org/forum/forumpost/64acc6b653. There's still lots to do here. check-in: d8ebbd76 user: stephan tags: double-dash-flag
2019-09-26
23:41
Adds syntax-hl boolean option, fixes file extension retrieval.    The addition of the syntax-hl boolean allows fossil to detect at the behest of the user that a syntax highlighting system that will handle line numbering is being used in cooperation with fossil such that fossil need not try to do line numbering, selection, highlighting, etc, itself. The file extension retrieval is now done with no use of extra or one off queries. Leaf check-in: 6ead94ab user: lmartin92 tags: syntax-hl-with-linenumbers
17:58
Remove the discussion of the "close" command from the fiveminutes.wiki document as the "close" command is not really needed, is rarely used, and serves no purpose in the document but to confuse the reader. check-in: f6e63530 user: drh tags: trunk
17:36
Fix a typo in the CGI extension documentation. check-in: b4ac00d8 user: drh tags: trunk
17:23
Updates to the change log. check-in: 4eea6bf9 user: drh tags: trunk
2019-09-25
13:45
Fix the test-http command so that it omits line-ending conversions. This allows the ssh: clone/sync method to work with a windows server. check-in: 28b15b48 user: drh tags: trunk
13:28
Allow remote commands of the form "*/fossil.exe" on the "ssh:" protocol. check-in: 8f70ccaa user: drh tags: trunk
2019-09-24
23:29
Performance optimizations in the markdown formatter. check-in: ef41fbfa user: drh tags: trunk
20:27
Create and use the blob_append_string() macro for appending string literals. Improvements to blob_append_char(). check-in: 48c47e1e user: drh tags: trunk
20:05
Performance optimization to frequently used blob_append() routine. check-in: 93392374 user: drh tags: trunk
19:52
Use the strcspn() C-library routine to optimize the textLength() function in the Fossil-wiki formatter. check-in: 64a63468 user: drh tags: trunk
18:16
Additional efforts to limit depth of recursion in markdown. check-in: cd5e9f26 user: drh tags: trunk
18:04
Attempt to limit the depth of recursion in markdown formatting. check-in: a5835cac user: drh tags: trunk
17:09
Fix a problem with the treatment of unterminated quoted attributes in HTML elements in the wiki formatter. check-in: 48276cfc user: drh tags: trunk
15:12
Simplification of buffer management in the markdown formatter. check-in: f8e9197d user: drh tags: trunk
13:16
Fix two harmless memory leaks. check-in: 7949d941 user: drh tags: trunk
10:44
Move the implementation of the test-markdown-render command so that it is beside the test-wiki-render command in wikiformat.c. Also make minor enhancements to the help text for both commands. check-in: fcb20df7 user: drh tags: trunk
10:34
Fix a memory leak in the markdown renderer. check-in: 199b20d0 user: drh tags: trunk
10:09
Fix harmless memory leaks. check-in: 79988f96 user: drh tags: trunk
2019-09-23
23:18
Fix a potential bug in the table parsing logic of markdown rendering. check-in: 2263cf08 user: drh tags: trunk
21:06
Fix a potential endless loop in the markdown formatter. Enhance the fuzzer to run inputs on both the Fossil-wiki and the markdown formatters on each iteration. check-in: 4b46fb91 user: drh tags: trunk
20:03
Additional rebustness improvements for BOM handling. check-in: 9d962928 user: drh tags: trunk
19:50
Improved comments on the fuzz.c module. No code changes. check-in: 898d5b6d user: drh tags: trunk
19:38
Merge the libfuzzer integration. check-in: 3a712921 user: drh tags: trunk
19:35
Fix an off-by-one error in the BOM decoder. check-in: b3f45b33 user: drh tags: trunk
19:07
Add support for testing with libFuzzer. Leaf check-in: 8a6e8e27 user: drh tags: libFuzzer
18:25
Change the database fingerprint algorithm slightly so that it is not dependent on the details of floating-point computations, and thus gives the same answer on a native x64 processor as it does under valgrind. Also fix a bug in the RID change event computation so that it works even if files have been added. check-in: 265f8e2d user: drh tags: trunk
2019-09-21
17:50
Update the built-in SQLite to the latest 3.30.0 alpha version, for testing. check-in: 44900415 user: drh tags: trunk
2019-09-19
16:33
Updates to the change log. check-in: b6c36e87 user: drh tags: trunk
14:14
In the db_get(N,D) function, if N is setting, then always leave D as NULL so that we use the published default value for that setting. check-in: eb804dc6 user: drh tags: trunk
2019-09-18
14:57
Style cleanup (no tabs). No functional change. check-in: 89872d17 user: andybradford tags: trunk
14:04
Do not acquire check-in locks if autosync is pullonly, as the lock will not be cancelled by a subsequent push and will need to time out. check-in: 0d5251d3 user: drh tags: trunk
2019-09-17
18:33
Updates to the check-in locking protocol. The check-in lock timeout now defaults to 60 seconds, but the lock is renewed and fork and close-branch tests are repeated after an interactive check-in comment entry. check-in: 18d58801 user: drh tags: trunk
2019-09-13
22:53
Update to openssl 1.1.1d check-in: 74aac0ed user: jan.nijtmans tags: trunk
15:11
Merge in latest developments from trunk. Leaf check-in: b713393b user: andybradford tags: db-begin-txn-updates
13:54
Attempt to improve error messages resulting from SQL errors. check-in: b94e15cf user: drh tags: trunk
12:48
Rewrote the "One vs. Many Check-outs per Repository" section in fossil-v-git.wiki to focus more on default modes of operation and their consequences in response to nit-picking on the Lobste.rs thread about this article pointing out that you can make Git work in the Fossil style. Defaults matter. check-in: 10a57cec user: wyoung tags: trunk
12:40
Enhance the title for the /finfo page when the ubg query parameter is present. Use the ubg query parameter for the document history link on the rebaseharm.md page. check-in: 80f98251 user: drh tags: trunk
12:00
Added paragraph on feedback loops, control theory, and OODA to the fossil-v-git doc, distilling a recent discussion on the forum. check-in: b0f2a48f user: wyoung tags: trunk
11:33
Reworked the final paragraph of the new section 2.8 in fossil-v-git.wiki, adding in a mention of www/branching.wiki to the comparison, to make it fairer. check-in: 8f7576b0 user: wyoung tags: trunk
11:12
Added section "7.0 Collapsing check-ins throws away valuable information" to rebaseharm.md, linked to from the previous throwaway comment about squashing a whole branch down to a single commit during rebase. This section explains an entire class of harms that come from rebase which wasn't previously covered. check-in: c71fe99f user: wyoung tags: trunk
10:46
Added section "2.8 Test Before Commit" to the fossil-v-git doc. check-in: e5ba4578 user: wyoung tags: trunk
09:25
Added a few paras to section 3.0 in rebaseharm.md, giving consequences of siloed development in Socratic fashion. check-in: 924bf44d user: wyoung tags: trunk
09:23
Assorted grammar and spelling fixes in www/rebaseharm.md. Also added named anchors to all of the sections. check-in: cd689b38 user: wyoung tags: trunk
09:00
Added another link from www/fossil-v-git.wiki to rebaseharm.md. check-in: 29997f80 user: wyoung tags: trunk
2019-09-12
17:51
Add the optimized file_is_simple_pathname_nonstrict() as an alternative to file_is_simple_pathname() when parsing manifests. check-in: b4aadf2c user: drh tags: trunk
17:11
Use strchr() to improve the performance of defossilize(). check-in: 0aaefeab user: drh tags: trunk
16:51
Use strspn() to improve the performance of validate16(). check-in: c550d6e0 user: drh tags: trunk
16:43
Add the --limit N option to the test-parse-all-blobs test command, so that we can easily limit the run-time of that command for cachegrind performance testing. check-in: 52211ccc user: drh tags: trunk
16:31
Performance optimization in the control artifact parser. check-in: 3d802ec5 user: drh tags: trunk
07:31
Add the lock-timeout setting. check-in: 6d3daf74 user: drh tags: trunk
2019-09-10
11:30
Performance optimization in fossil_strcmp(). check-in: 72a4b613 user: drh tags: trunk
2019-09-07
15:03
Adjust test case for TH1 permissions tests. WrUnver (y) is not enabled by default and must be intentionally set. check-in: 582d3357 user: andybradford tags: trunk
2019-09-06
20:38
Minor editorial changes to rebaseharm.md, in an attempt to improve clarity and readability. check-in: 9b32c180 user: drh tags: trunk
14:39
Fix a typo in the rebaseharm.md document. check-in: 82f75864 user: drh tags: trunk
14:01
Include new repolist-skin setting in list of all settings so tests will pass. check-in: 2e3bffaa user: andybradford tags: trunk
13:49
Add the noreadme query parameter to /dir check-in: bf3383b9 user: drh tags: trunk
10:36
makeheaders.c: suggestions from https://fossil-scm.org/forum/forumpost/00ff64e63e: do not emit main() decl, elide C++ constructor member initialization, and add a missing fclose(). check-in: 9512ed93 user: stephan tags: trunk
2019-09-05
13:33
Remove the "Draft" notation from the rebase document. Link the new document into the documentation index. check-in: 569cc741 user: drh tags: trunk
03:45
Replaced ASCII art diagrams in the new rebase document with yEd SVG diagrams. Same semantic content. check-in: d6222f89 user: wyoung tags: trunk
02:33
Upper-case query parameter, POST parameter, and cookie names are converted to lower-case prior to entering them into the parameter set. Before this change, upper-case names were silently rejected. check-in: 19bbd2c5 user: drh tags: trunk
02:31
Minor tweaks prior to merging. Closed-Leaf check-in: 4231d4b6 user: drh tags: noJsonCgiFlag
02:29
Fixed a bug introduced in [bcdc4c55] which breaks capabilities for all Admin and Setup users. check-in: a6ffdaf2 user: wyoung tags: trunk
01:39
Correct a minor grammatical error in a sentence for new rebase document. check-in: 049c42df user: andybradford tags: trunk
01:33
An extension of the now-merged code-in-pre branch to allow it to work on /artifact pages and such when the ln parameter is given. This branch is a proof of concept only, for demonstrating a point and experimentation, not to be merged. See the forum discussion for details. Leaf check-in: a65834a7 user: wyoung tags: code-in-pre-with-ln
00:41
Fixed a few spelling and grammar errors in www/rebaseharm.md check-in: 708696d8 user: wyoung tags: trunk
2019-09-04
23:44
Small tweaks to previous. check-in: 1ff41dda user: wyoung tags: trunk
23:37
Updated caps docs to cover the two "missing" caps on Admin and Setup users better, including this recent decision to deny them cap x. This check-in also fixes a number of links broken within these docs during the stage where we were breaking the docs up and moving things around, which should have been caught before merging this down to trunk. check-in: 8a77f459 user: wyoung tags: trunk
22:46
Removed 'x' from the string of caps reported for Admin and Setup users in capability_expand(), which is used within the SQLite extension function fullcaps(), which among other things affects the output of /setup_ucap_list. We were still reporting that Admin and Setup users have Private capability despite [bcdc4c55]. check-in: 63581ec8 user: wyoung tags: trunk
21:01
Remove a spurious line from the header comment of the makeheaders.c utility program. check-in: d5a6ea96 user: drh tags: trunk
20:09
Add section numbers to the Rebase document. check-in: 237bde96 user: drh tags: trunk
20:02
More typo fixes in the Rebase document. check-in: aaacce23 user: drh tags: trunk
20:01
Merge updates from trunk. check-in: 20c64950 user: mistachkin tags: noJsonCgiFlag
19:56
Setup and Admin users should not automatically have have the Private capability. This reverses the principal change from check-in [b241130222]. check-in: bcdc4c55 user: mistachkin tags: trunk
19:34
Fix a typo in the Rebase document. check-in: 18e58e29 user: drh tags: trunk
19:23
Minor edits to Rebase Considered Harmful, for clarity. check-in: a2ea8151 user: drh tags: trunk
19:04
Add initial draft of the "Rebase Considered Harmful" document. check-in: 4f79941f user: drh tags: trunk
15:41
Update the built-in SQLite to the latest 3.30.0 alpha, as an SQLite beta test. check-in: f8823ae8 user: drh tags: trunk
08:32
Update the 'branch new' command to track the status of private branches in the PRIVATE table, instead of using +private tags. check-in: 70849e76 user: florian tags: private-branches
00:58
Merged caps-doc branch down to trunk, improving documentation of user capabilities in Fossil. check-in: 779ddefa user: wyoung tags: trunk
00:55
Noted lack of WrUnver permission on Setup users by default. Closed-Leaf check-in: ca4085c2 user: wyoung tags: caps-doc
00:49
Fixed discussion of "x" cap in www/private.wiki to match its current implementation. check-in: c5561039 user: wyoung tags: trunk
2019-09-03
21:22
Back out check-in [3ad81c3c499599b4] which was causing sync to fail. check-in: e1962ef6 user: drh tags: trunk
20:36
Wiki test fixes. check-in: b40f1ac1 user: drh tags: trunk
20:22
Make calls to db_begin_write() instead of db_begin_transaction() where appropriate. check-in: 3ad81c3c user: drh tags: trunk
20:20
Include the "js" property in the configuration export for skins. check-in: 498fc87a user: drh tags: trunk
20:19
When displaying documents, provide class hints about the language of the document to syntax highlighter extensions. check-in: 74b538f6 user: drh tags: trunk
20:17
Improvements to /vdiff. Provide the branch= query parameter. In the name decoder, all "merge-in:BRANCH" to mean the most recent merge-in to BRANCH from its parent. Provide "Diff" links for branches that show all changes since the most recent merge-in. check-in: e632a092 user: drh tags: trunk
20:08
Fix a possible UNIQUE constraint violation in the new /vdiff logic. Closed-Leaf check-in: 8e175a67 user: drh tags: vdiff-improvements
17:17
Adds 'js' to CONFIGSET_SKIN so that skin javascript is included in exports, syncs, etc. Works okay outside of checkouts in my testing. Probably needs some review by drh before being merged. Closed-Leaf check-in: 5d2299d8 user: ckennedy tags: js-skin-export
2019-09-02
23:26
Added a new section to www/defcsp.md, "Serving Files Within the Limits". It pulls together a bit of info already in the document on the topic and then expands it considerably. The overall message is, "You probably don't have to override the default CSP." check-in: 58883ecc user: wyoung tags: trunk
19:54
In /artifact and similar pages, put HTML code tag inside pre with class="language-zExt" where zExt is the extension from the artifact's file name, if any. This allows JS code highlighting plugins to style such pre blocks automatically based on file name extension. Closed-Leaf check-in: f3b91714 user: wyoung tags: code-in-pre
2019-08-31
18:22
Minor typo correction in comment---no functional change. check-in: ab2b8de8 user: andybradford tags: trunk
18:09
Avoid warning about extra call to db_end_transaction() by returning at the end of a complete block. check-in: 7b2350a8 user: andybradford tags: trunk
17:09
If there is nothing to stash, issue an error. check-in: d959c48a user: andybradford tags: trunk
16:42
Merge in latest from trunk. check-in: aa376391 user: andybradford tags: db-begin-txn-updates
16:23
Merge in trunk latest developments. Closed-Leaf check-in: 08291fec user: andybradford tags: test-updates
13:04
Ouput an error if the CGI control file is missing on the command line. This prevents IIS to fall in a endless loop. check-in: 6a59d33e user: tsbg tags: iis-cgi
2019-08-29
00:31
Merged in trunk changes check-in: 493254b2 user: wyoung tags: caps-doc
00:28
Updated comment about "6-character random hex password" at the top level of the new setup docs to track [23a9f9bac2]. check-in: f304ba31 user: wyoung tags: trunk
2019-08-28
19:52
Changed the hamburger menu link href from "#" to "/sitemap" so clicks on it do something useful in the noscript case. check-in: b2379b31 user: wyoung tags: trunk
16:08
Added 'or' help for checkin/ci alias, per forum request. check-in: f616380d user: stephan tags: trunk
2019-08-27
04:15
Make it possible to disable JSON auto-detection in the CGI subsystem. check-in: a7754353 user: mistachkin tags: noJsonCgiFlag
00:29
Merge in documentation enhancements from trunk. check-in: c1b62c32 user: drh tags: vdiff-improvements
00:11
On the /vdiff page, show a timeline with both check-ins using different highlights on each check-in. check-in: 6e40f866 user: drh tags: vdiff-improvements
00:07
Changed all of the [anycap jor] TH1 calls in the stock skins wrapping the generation of that skin's /timeline and /timeline.rss links to [anycap ijr2] to match the user caps the timeline HTTP hit handler actually checks for in the C code. This is a branch in part because it needs review, but also it's the start of a broader effort to check the other cap checks in the skins to make sure they a) match what the C code checks for; and b) match each other. check-in: 9cee8cf5 user: wyoung tags: skin-cap-matching
2019-08-25
13:24
Added HTTP proxying info to Debian nginx server setup guide. check-in: c6a033ce user: wyoung tags: trunk
12:39
Replaced the content of "Running Fossil in SCGI Mode" within www/server/debian/nginx.md with references to our other Fossil server docs. This also reduces the prior focus of this section on fslsrv to a single sentence, since we now prefer the systemd option, now that we have it. check-in: a4bb92f7 user: wyoung tags: trunk
12:29
Swapped the simple foo.net "whole site is Fossil" example in www/server/debian/nginx.md for the more complicated example.com one where only /code is served by Fossil. This is probably going to be more common, and it shows off the important detail of setting SCRIPT_NAME properly. Made a minor adjustment to any/scgi.md to track this change, so there is not a pointless difference between these two nginx configs. check-in: 653e90ca user: wyoung tags: trunk
11:52
Clarified use of scgi_params, SCRIPT_NAME, and service starting in the generic SCGI server setup doc. check-in: 5a58ac31 user: wyoung tags: trunk
2019-08-24
18:32
Merge fork check-in: 6c6aae97 user: andygoth tags: trunk
2019-08-23
12:42
Add the fossil_random_password() utility function and use it to generate a stronger initial admin-user password in the "fossil new" command. check-in: 23a9f9ba user: drh tags: trunk
12:23
If the test-markdown-render or test-wiki-render commands are invoked without a repository in which to check for Wiki page names and artifact hashes, then substitute a temporary, empty, in-memory repository so that the commands will still work and won't give SQL errors. check-in: 0ac64dad user: drh tags: trunk
11:07
Markdown hyperlinks are only converted to links to wiki if the named wikipage actually exists. Otherwise, the link becomes a relative link. This is for backwards compatibility. check-in: 3b10e644 user: drh tags: trunk
08:31
Added www/capabilities.md, a complete treatment on user capabilities, user categories, login groups, and administration matters involving all of this. It does not replace the pre-existing admin-v-setup.md doc, but a bit of its content did move into this new doc. The new doc also contains the user capability info previously in the forum.wiki doc. This is on a branch because although it's quite useful already, it could use some work before being merged down. At the barest minimum, there are some unanswered questions in the new doc that need addressing.    This new doc does not replace the existing documentation in the UI. It may be that we end up paring that down a bit now that we have a full doc to refer to, but that is a topic for the forum thread that will appear shortly after this checkin. check-in: 832f107e user: wyoung tags: caps-doc
05:32
Fixed a few fatal error messages from the login-group command that referred to an "add" command, which is now called "join". The symptom I saw is that "fossil login-group add" complained that "add" is not a valid command and that you should give '"add" or "leave"' instead! check-in: 09c65d75 user: wyoung tags: trunk
05:22
Fixed a few messages from the login-group command that referred to an apparent older name for the "join" sub-command, "add". This lead to a confusing symptom: "fossil login-group add foo" -> {unknown command "add" - should be "add" or "leave"}. check-in: 739cd872 user: wyoung tags: trunk
2019-08-22
15:06
Stronger recommendation for changing the default user's random hex password prior to setting up a Fossil server after learning it's 6 hex digits, not 8 as I thoght when I wrote that! check-in: 9fcd6e44 user: wyoung tags: trunk
14:14
Added bullet list detailing the sources for <script nonce=""> from a Fossil server and the reasons we consider each path safe. check-in: 91377ae4 user: wyoung tags: trunk
13:31
Reworked the material explaining why in-page <style> is currently allowed by Fossil's default CSP to make it clearer that this is most likely a temporary situation and that local custom CSS should go in the skin instead. check-in: 092eeebf user: wyoung tags: trunk
13:13
Expanded the discussion of in-repo and out-of-repo resource links in defcsp.md. check-in: 23fcd765 user: wyoung tags: trunk
12:39
Reworked the new introductory material in defcsp.md to be less about the CSP as last-resort and more about being a secondary filter to our other measures. Gave examples to clarify the tensions that prevent a purely server-side solution from being a practical solution. check-in: 1c4df5bf user: wyoung tags: trunk
11:54
"RaspberryPI" -> "Raspberry Pi" check-in: 5182be99 user: wyoung tags: trunk
11:53
Assorted refinements to the new pre- and post-activation advice sections in www/server/index.html: nix passive voice, add a few details, add some links to related docs, etc. Also fixed a CSS indenting problem preventing correct use of in , then made use of the new freedom in these sections' numbered lists. check-in: b5c2c9bf user: wyoung tags: trunk
2019-08-21
19:18
Fix the $ROOT mechanism in HTML documents so that it accepts any whitespace character before href= and script=. Add $ROOT in appropriate places in the server documentation. check-in: 3e183bfa user: drh tags: trunk
18:15
Outline how to configure a repository before and after server activation. check-in: 154ea087 user: drh tags: trunk
17:37
Improvements to the althttpd documentation. check-in: 44f1df9f user: drh tags: trunk
17:21
Further improvements to the server document. check-in: c2c4d303 user: drh tags: trunk
16:57
Extra defenses against running fossil_atexit() more than once. check-in: bc7683e1 user: drh tags: trunk
16:55
Fix the "shell" command so that it avoids invoking the atexit() handler more than once. check-in: 07a5a211 user: drh tags: trunk
15:56
Server documentation updates. check-in: b2426c27 user: drh tags: trunk
14:46
Merge in recent developments on trunk. check-in: 70d091ea user: andybradford tags: test-updates
12:32
Disallow versioning of security sensitive settings tcl-setup, th1-setup, and th1-uri-regexp. For effective security, these settings should only be controllable by an administrator. check-in: 2da704c5 user: drh tags: trunk
11:26
Update to the default CSP page. Attempted to resolve merge conflicts, but more editting is likely necessary. check-in: 33a7b8ba user: drh tags: trunk
11:09
Added a header to the new XSS material in defcsp.md so we can refer directly to it. check-in: 7b843f2d user: wyoung tags: trunk
11:01
More thorough explanation of <script nonce> in www/defcsp.md, and explained the reason why Fossil has no way of providing that nonce in most content types rather than link to the "XSS via check-in rights" forum post. This new presentation of that post's ideas is more detailed and includes discussion of the feature's interaction with the TH1 docs feature. check-in: 8d43bb87 user: wyoung tags: trunk
09:40
Major improvements to the new defcsp.md article. Expanded the introductory material to better describe what the CSP does; added named anchors to headers; moved the discussion of $default_csp overrides into this document from customskin.md, which now just says how you use that variable read-only; and added an entirely new section, "Replacing the Default CSP". check-in: 366b23a1 user: wyoung tags: trunk
08:52
Replaced the redundant copy of the default CSP in skins/bootstrap/header.txt with "$default_csp", allowing the TH1 setup script to override the CSP as in all the other stock skins. (Bootstrap is the last stock skin to define a custom <head> element.) check-in: 14ac2cac user: wyoung tags: trunk
2019-08-20
19:16
Fix memcpy() compiler warnings. check-in: 7ae4b1a7 user: drh tags: trunk
16:11
Fix possible misaligned pointer to a 16-bit object. check-in: f7c41be8 user: drh tags: trunk
15:04
Updated and expanded documentation on how to set up a Fossil server. check-in: f146e21a user: drh tags: trunk
14:55
Add the --with-sanitizer option to the ./configure script. check-in: 231d6933 user: drh tags: trunk
07:01
Fixed a link punctuation bug introduced in [74a6578c]. Closed-Leaf check-in: c57e1793 user: wyoung tags: server-docs
06:34
Merged in trunk improvements check-in: 42d28c02 user: wyoung tags: server-docs
04:57
Fixed an unwanted "$nonce" variable expansion within the new customskin.md introduced by [9044fd2dbe] which only occurs *sometimes*: not on fossil-scm.org, and apparently not in my earlier ckout testing prior to checking it in, but now in a different ckout test. This has to be a TH1 thing, but I don't understand why we didn't see this earlier. This is just a workaround for the symptom. check-in: 9bdf650f user: wyoung tags: trunk
04:34
Fixed a link from the new material in embeddeddoc.wiki to the new CSP material: that briefly lived in customskin.md before checking it in, but then I moved it to a new document and forgot to update the link. check-in: f4cbfd5a user: wyoung tags: trunk
04:24
Fixed a couple of Tcl syntax fixes that caused the new --with-sanitizer code to a) run unconditionally irrespective of the option's setting and b) to check for the existence of libubsan whether it was actually needed or not. Closed-Leaf check-in: 66fdab76 user: wyoung tags: configure-updates
04:07
Added www/defcsp.md, which documents the default Content Security Policy applied by Fossil to the HTML pages it serves. Linked that into embeddeddoc.wik and customskin.md, which touched on this topic before but didn't go into much detail. check-in: 4e6d36d7 user: wyoung tags: trunk
02:09
Fix a compiler warning in the security-audit page. check-in: 3243a6c1 user: drh tags: trunk
01:34
Added --with-sanitizer configure-time option for appending -fsanitize=VALUE to CFLAGS and LDFLAGS, plus automatic detection of -lubsan for GCC, which doesn't automatically link to that with -fsanitize=undefined as Clang does. EDIT: This check-in breaks the built on Ubuntu 18.04. check-in: 7907b6ff user: wyoung tags: configure-updates
2019-08-19
17:18
Have the security-audit page analyze and display the content security policy. check-in: 9cf90a4f user: drh tags: trunk
13:04
Increase the default HTTP request timeout to 10 minutes. Provide the FOSSIL_DEFAULT_TIMEOUT compile-time option for setting an alternative default. check-in: 7979989d user: drh tags: trunk
01:17
The www/customskin.md document hadn't been updated since we removed the explicit <html><head> stuff from the default skins and moved that into the C code so we could insert the CSP and such automatically. Updated it to show the inner tags that you actually get by default now, and talked about how the HTML document wrapper is added automatically. Also fixed some spelling and grammar errors. check-in: 9044fd2d user: wyoung tags: trunk
00:51
Fix embedded HTML detection for the 'doc' web page when the 'data-title' attribute is not specified. check-in: 3d6a4fd9 user: mistachkin tags: trunk
2019-08-18
01:03
Capitalization fix in HTML output from /artifact_stats check-in: d570edc6 user: wyoung tags: trunk
00:59
Include forum artifact statistics on the /artifact_stats page. check-in: e2f2a05e user: drh tags: trunk
2019-08-16
03:33
Relaxed the "enforcing" language around the planned change of hash policy from "auto" to "sha3" in Fossil 2.10 within section 2.8 of the fossil-v-git.wiki doc, and clarified what will actually happen with that release as compared to the current release. check-in: c5461fb5 user: wyoung tags: trunk
01:58
Merged recent spell check fixes into this branch so we don't revert any of them. check-in: a9fd086f user: wyoung tags: server-docs