Fossil

Timeline
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

50 most recent check-ins

2017-08-22
09:46
[7eebec15bd] Leaf: (cherry-pick): Use SQLite 3.20.0 final (user: jan.nijtmans, tags: branch-2.3)
09:44
[1f18d23d76] (cherry-pick): Fix the SSH sync protocol to avoid "ssh" command-line option injection attacks such as those fixed in Git 2.14.1, Mercurial 4.2.3, and Subversion 1.9.7. As "ssh://" URLs cannot be buried out of sight in Fossil, the vulnerability does not appear to be as severe as in those other systems. (cherry-pick): Enhance the ssh:// URL to be cautious about the fossil= query parameter. Only commands "fossil" and "echo" (with an optional path) are accepted. (user: jan.nijtmans, tags: branch-2.3)
2017-08-21
12:18
[810dd031ec] Leaf: Use SQLite 3.20.0 final (source_id change only) (user: jan.nijtmans, tags: trunk)
2017-08-12
18:47
[cb43937d8c] Enhance the ssh:// URL to be cautious about the fossil= query parameter. Only commands "fossil" and "echo" (with an optional path) are accepted. (user: drh, tags: trunk)
18:34
[d5b015946d] Also disallow wildcard characters in blob_append_escape_arg(). (user: drh, tags: trunk)
18:30
[3bbac57534] Disallow the ';' character in blob_append_escape_arg(). (user: drh, tags: trunk)
18:24
[9eea719af6] Fix another problem with the needEscape computation in blob_append_escaped_arg() (user: drh, tags: trunk)
18:22
[49ae1785a6] The windows test macro is "_WIN32" without a trailing "_". (user: drh, tags: trunk)
18:20
[9690d370e0] Fix the needEscape calculation in blob_append_escaped_arg(). (user: drh, tags: trunk)
18:15
[3b191c984b] Change the shell_escape() procedure into blob_append_escaped_arg(). Have that procedure raise a fatal error if the argument to be appended contains dodgy characters that might pose a security risk. Also, prepend "./" in front of arguments that begin with "-" to prevent them from looking like switches. (user: drh, tags: trunk)
16:20
[ce7baa9798] Leaf: Avoid another attack vector when using SSH sync protocol by not calling a shell interpreter. Fixes only Unix-like environments by using execvp() instead of a string that can be mishandled by /bin/sh. (user: andybradford, tags: ssh-shell-cleanup)
04:19
[45a3d4b167] Typo correction (user: andygoth, tags: trunk)
2017-08-11
16:00
[3ebbe7bcaa] Increase the version number to 2.4 and update the change log. (user: drh, tags: trunk)
15:29
[1f63db591c] Fix the SSH sync protocol to avoid "ssh" command-line option injection attacks such as those fixed in Git 2.14.1, Mercurial 4.2.3, and Subversion 1.9.7. As "ssh://" URLs cannot be buried out of sight in Fossil, the vulnerability does not appear to be as severe as in those other systems. (user: drh, tags: trunk)
2017-08-07
20:22
[b130b64cb4] Hyperlinks to the SSL versions of the website. Redirect to the local unversioned source for the "precompiled binaries" link on the homepage. (user: drh, tags: trunk)
2017-08-06
23:48
[1e491f6cc5] Restore end-of-line spaces used to demonstrate mid-paragraph line break in markdown.md. The spaces were removed by [23895c7b99] which appeared to clean house on end-of-line whitespace in addition to its documented purpose. (user: andygoth, tags: trunk)
23:32
[6f69ccdc69] Document Markdown tables (never knew this feature existed), and improve consistency of formatting (user: andygoth, tags: trunk)
2017-08-05
04:17
[da23bec780] Enable processing of versioned manifest setting when creating zips and tarballs outside of an open checkout directory (user: andygoth, tags: trunk)
03:45
[b9de60427a] Simplify manifest generation logic in zip page (user: andygoth, tags: trunk)
03:23
[95edba6534] Correct the /doc page to support read-only repositories (user: andygoth, tags: trunk)
2017-07-31
17:42
[2a615bed11] Update the built-in SQLite to the 4th release candidate for 3.20.0. (user: drh, tags: trunk)
2017-07-28
19:41
[dad3706248] (cherry-pick): Fix a problem with markdown rendering for "code". (user: jan.nijtmans, tags: branch-2.3)
18:41
[04de083ec8] Fix a problem with markdown rendering for "code". (user: drh, tags: trunk)
00:49
[8ffba76b73] Update the built-in SQLite to the 3rd 3.20.0 release candidate. (user: drh, tags: trunk)
2017-07-25
15:38
[8b9ce19e38] Better error checking in the mkversion utility program used during the build process. (user: drh, tags: trunk)
14:38
[5698492fbb] Update the selfhosting information to talk about the new www3.fossil-scm.org. (user: drh, tags: trunk)
2017-07-24
14:26
[c45b8f4534] Update the built-in SQLite to the second 3.20.0 release candidate. (user: drh, tags: trunk)
2017-07-21
04:22
[0a2be0648b] Improve UI based test documentation with minor corrections to requirements and URLs. (user: andybradford, tags: trunk)
03:19
[f7914bfdfa] Version 2.3 - the 10th anniversary release (user: drh, tags: trunk, release, version-2.3)
2017-07-20
18:25
[ae83b2137f] Fixed commit-warning.test broken by addition of the bootstrap skin which includes a file with long lines that generated a new warning. (user: rberteig, tags: trunk)
2017-07-15
13:55
[4872a58be2] Update the built-in SQLite to the first 3.20.0 release candidate. (user: drh, tags: trunk)
2017-07-14
20:47
[bfc29fb372] Mention support for HTML-style comments in Markdown reference (user: andygoth, tags: trunk)
2017-07-13
10:24
[548fabe73c] Leaf: merge trunk (user: jan.nijtmans, tags: openssl-1.1.0)
10:22
[23895c7b99] Update top OpenSSL 1.0.2l. Minor (harmless) compiler warnings in mkversion and codecheck1 (-Wall) (user: jan.nijtmans, tags: trunk)
2017-07-12
18:55
[7c0b971437] Remove an unused variable from the security audit webpage. (user: drh, tags: trunk)
18:34
[74bc515d36] Reword the header to the /fileage page to avoid disputes of commas. (user: drh, tags: trunk)
18:08
[2f225b821f] Update to the latest SQLite from upstream and make other changes, all to silence a few utterly harmless compiler warnings about incompletely initialized structures. (user: drh, tags: trunk)
16:57
[38df2a4544] Be careful not to return a pointer to a webpage generator as a command-line command method. (user: drh, tags: trunk)
11:03
[107cfe0204] Leaf: merge trunk (without SQLite update to 3.20.0 beta, but WITH support for tab-completion in the SQL shell) (user: jan.nijtmans, tags: fossil-2.3-with-older-SQLite)
03:02
[35f712d4d8] Fix a typo on the security audit webpage. (user: drh, tags: trunk)
02:49
[9167b2d64a] More documentation about what the --verbose flag does for "fossil info". (user: drh, tags: trunk)
2017-07-11
14:35
[a314178a81] Update the built-in SQLite to the latest 3.20.0 beta, including support for tab-completion in the SQL shell. (user: drh, tags: trunk)
2017-07-10
18:19
[b1a7527b73] A minor fix for the Xekri Skin (user: zakero, tags: trunk)
18:12
[773f9ba75c] Closed-Leaf: Fixed a mouseover problem in the Xekri skin that was found by Jungle Boogie. (user: zakero, tags: skin-xekri-fileage-fix)
14:37
[1ba3c91994] test-markdown-render and test-wiki-render command don't require to be inside a checkout. (user: mgagnon, tags: trunk)
2017-07-09
00:51
[9e67b8ab23] Document italic+bold Markdown (user: andygoth, tags: trunk)
2017-07-08
20:42
[3bfdafe4aa] Improve built-in Markdown reference documentation to describe more features I long wished Markdown had but just now discovered it already does (user: andygoth, tags: trunk)
13:35
[23d45ff9ce] An empty username on a U card is translated into "anonymous". (user: drh, tags: trunk)
11:01
[970adec0fe] Closed-Leaf: In the "last change" report, show the user as "anonymous" if the EVENT.USER field is NULL or an empty string. (Later:) Removed from trunk because a better solution is to not store empty strings in the EVENT.USER field in the first place. (user: drh, tags: mistake)
2017-07-07
19:18
[956d4901a9] Avoid appending to g.zPath inside doc_page() loop. Instead, wait until the loop is done to modify g.zPath. When doing a directory lookup, the check-in and directory name were being repeatedly appended to g.zPath each step through the list of possible filename suffixes. This corrupted <base href> should index.html not exist, which in turn broke relative URLs. (user: andygoth, tags: trunk)