Fossil

Timeline
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

50 most recent check-ins by user drh

2023-02-03
15:15
Attempt to fix various harmless compiler warnings reported by Clang-15. ... (check-in: e486a0acbc user: drh tags: trunk)
14:59
Update the built-in SQLite to the latest trunk version that attempts to fix various harmless compiler warnings reported by the new Clang-15. ... (check-in: ea57625d31 user: drh tags: trunk)
14:32
Add the /deltachain page, indented for analysis of the delta compression and future improvements to that algorithm. There are links to the delta chain on the /timeline and /finfo when the showid query parameter is used. ... (check-in: 00c62a11ad user: drh tags: trunk)
00:31
Enable SELECT statements for the ticket_schema_auth() authorizer. This is required for the new FTS5 search and the fts5_api_from_db() routine. ... (check-in: 3fe8a8cd18 user: drh tags: trunk)
2023-01-27
20:42
Add a link to the /intermap page for Interwiki Map keywords on the setup menu. ... (check-in: bb189a15fd user: drh tags: trunk)
15:40
Update the built-in SQLite to the latest 3.41.0 alpha, for testing of SQLite. ... (check-in: 0f30113b3b user: drh tags: trunk)
2023-01-24
16:34
Make all variable declarations C89 compliant. ... (Leaf check-in: 462eb0cca0 user: drh tags: ui-local-diff)
14:36
The search logic now works correctly (I think) regardless of whether the repository uses a legacy FTS4 index or a newer FTS5 index. This allows the Fossil binary to be upgraded on systems without disrupting the search feature and without requiring a search index rebuild. The search index is automatically upgraded to FTS5 the next time the search index is rebuilt. ... (Closed-Leaf check-in: a07e6b87cb user: drh tags: search-fts5)
2023-01-16
18:14
Update the built-in SQLite to the latest 3.41.0 alpha version in order to silence harmless compiler warnings and for general testing of SQLite. ... (check-in: cdd89e2dbe user: drh tags: trunk)
2023-01-13
14:55
Remove ":443" from the end of the hostname for HTTPS requests. ... (check-in: add3f520a7 user: drh tags: trunk)
14:34
Use the hostname as the report IP when doing SSH synchronization. ... (check-in: 0b7af9d865 user: drh tags: trunk)
13:09
Documentation and change-log updates. ... (check-in: a90d3aa1ab user: drh tags: trunk)
2023-01-07
20:58
Updates to the change log to discuss recent enhancements. ... (check-in: 7173a1b1f4 user: drh tags: trunk)
20:37
Submenu buttons linking all of the logging pages. ... (check-in: aae2b775f9 user: drh tags: trunk)
20:18
Make admin_log entries for password changes. ... (check-in: c9c7e8c1d8 user: drh tags: trunk)
17:06
Enhance the new /resetpw page so that it honors the redirect-to-https setting. ... (check-in: 3b1e8a0e5c user: drh tags: trunk)
15:36
Add the ability to enable users to request an email message that contains a special secure hyperlink that they can follow to reset their password. ... (check-in: 07bfe3fee3 user: drh tags: trunk)
15:35
Go to the login page after a successful self-service password reset. ... (Closed-Leaf check-in: 837f275868 user: drh tags: self-service-password-reset)
15:18
Improved comments. Extra defensive code. ... (check-in: d860e2b5f6 user: drh tags: self-service-password-reset)
14:25
Initial complete implementation of self-password-reset. Just need refinement and a security audit before merging to trunk. ... (check-in: 41bb73e9ba user: drh tags: self-service-password-reset)
11:58
Add a non-functioning place-holder button to request a password reset to the /register page. ... (check-in: 5c62a2c3a7 user: drh tags: self-service-password-reset)
00:03
Add the /resetpw web page. The name argument must contain a hash that proves knowledge of the old password and that limits the valid lifetime of the argument. ... (check-in: ac86dfa085 user: drh tags: self-service-password-reset)
2023-01-06
14:03
Allow writes to the accesslog table to record a login attempt even if the request is not from the same origin. This is needed in case a query request url it typed in manually but there is a cookie with login credentials that the browser adds automatically. ... (check-in: e31c2c01e1 user: drh tags: trunk)
12:59
Fix the /chat-send page so that it works even with the recent same-origin security enhancements. ... (check-in: 4ba37b1c14 user: drh tags: trunk)
2023-01-05
19:49
Add support for "fossil remote" and "fossil sync --all" to the "fossil all" command. ... (check-in: 693b950b1e user: drh tags: trunk)
2023-01-02
16:12
When applying a patch, if the file rename fails, make that just a warning not a fatal error, as the warning might be due to file renames on a prior merge. Fix for ticket [21037bfc1296dabc]. ... (check-in: f013384605 user: drh tags: trunk)
15:52
Initialize the output blob in the test-delta-apply command. ... (check-in: dd9b316179 user: drh tags: trunk)
13:00
Show the value of g.zLocalRoot on the /test_env page. ... (check-in: 3df5d40c2f user: drh tags: trunk)
2022-12-31
18:51
Fix another case where PROTECT_READONLY needs to be relaxed even though the request not from the same origin. ... (check-in: 03e21b9cd5 user: drh tags: trunk)
12:21
Fix stray character in the change log. ... (check-in: fbcd9a77b7 user: drh tags: trunk)
12:16
Fix more cases where updates to the SUBSCRIBER table should be allowed to occur even if not a request from the same origin. ... (check-in: f33976f7cc user: drh tags: trunk)
2022-12-30
21:12
Improved comment on the db_obscure() routine. No functional code changes. ... (check-in: aa1a0b31e2 user: drh tags: trunk)
20:54
Security enhancement: Do not store the passwords for remote URLs directly, but instead store the sha1_shared_secret() encoding of those passwords. It is the SHA1 encoding that gets transmitted to the server anyhow, so we might as well just store that. The SHA1 encoding cannot be used to log in. The password is still protected using obscure() even though it is now a SHA1 hash. ... (check-in: 41ba6ea7db user: drh tags: trunk)
16:32
Show the parent-project-* CONFIG entries (if they exist) with the "fossil remote config-data" command. When parsing a URL, if the URL comes from the CONFIG table, remember the CONFIG table entry that supplied the password. ... (check-in: 6d0083adce user: drh tags: trunk)
12:26
Fix minor typos in the diff source code. ... (check-in: 4e169542ae user: drh tags: trunk)
11:53
If there is a need to do lazy updates of the full text index during a request that is not from the same origin, then allow database writes for the duration of that update. Also, allow changes to USER and CONFIG tables when explicitly authorized by db_unprotect() even if the request that prompted the change is not from the same origin. ... (check-in: 8e85d6ca22 user: drh tags: trunk)
2022-12-29
21:09
All writes to the subscriber table to update the last contact time even if the request is not from the same origin. ... (check-in: db16262817 user: drh tags: trunk)
20:09
Improved comments on the SQL protection subsystem. ... (check-in: 0aa3483fa8 user: drh tags: trunk)
19:49
Only apply the PROTECT_READONLY restriction to the "repository", "configdb", and "localdb" database files. ... (check-in: b4e00621e3 user: drh tags: trunk)
19:39
Fix the new read-only-repo security mechanism so that it enables write access when necessary. ... (check-in: f8363db81b user: drh tags: trunk)
18:56
Add messages to the error log if the authorizer blocks an SQL statement for security reasons. This change requires a bug fix in SQLite and so it also includes the latest trunk version of SQLite. ... (check-in: 3d8bb63aab user: drh tags: trunk)
17:00
Make the repository database read-only if an HTTP request is not from the same origin. This is not required for security. It is just an extra layer of defense. ... (check-in: 7c71f00ac8 user: drh tags: trunk)
2022-12-25
14:24
Use URI extensions rather than name= query parameters on key ticket hyperlinks. ... (check-in: 5f22b960b3 user: drh tags: trunk)
2022-12-15
15:39
Update the built-in SQLite to the latest 3.41.0 alpha that includes various query planner enhancements. This is done in order to test the enhancements to SQLite, to help ensure that they are working correctly in a real-world application. ... (check-in: 7010ce2391 user: drh tags: trunk)
2022-12-07
11:17
Update to the latest pikchr.c sources. (pikchr.wasm is not updated.) ... (check-in: 544eefd722 user: drh tags: trunk)
2022-12-05
03:39
Update the built-in SQLite to the latest 3.41.0 alpha with the query planner tuning enhancements, as a beta-test of SQLite looking for performance regressions. ... (check-in: 4ddd884709 user: drh tags: trunk)
2022-11-30
01:03
Make sure SQLite is compiled with HAVE_USLEEP. ... (check-in: f97f90c08d user: drh tags: trunk)
2022-11-18
19:48
Update the change log for the report format enhancement. ... (check-in: c2467e52ef user: drh tags: trunk)
19:30
Fix a potentially uninitialized variable associated with the resent ticket report changes. ... (check-in: d296ddb272 user: drh tags: trunk)
19:28
Add the ability to specify a description for each ticket report format. The user and reportfmt tables are updated with a new jx column containing JSON that describes the new features. (The user.jx table is currently not used but it was convenient to add it at the same time.) ... (check-in: fcf17b28a9 user: drh tags: trunk)