Fossil

Timeline
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

25 check-ins occurring on or before ae8709e2.

2017-08-29
07:58
(cherry-pick): SQLite version 3.20.1 (cherry-pick): Remove an unused global variable from the path_shortest() logic ... (check-in: ae8709e2fc user: jan.nijtmans tags: branch-2.3)
07:50
SQLite version 3.20.1 ... (check-in: ffc252a663 user: jan.nijtmans tags: trunk)
2017-08-28
14:04
Update dirent to version 1.23. See [https://github.com/tronkko/dirent/releases] ... (check-in: ade4a657dc user: jan.nijtmans tags: trunk)
2017-08-24
19:30
Remove an unused global variable from the path_shortest() logic. ... (check-in: 084690e772 user: drh tags: trunk)
14:20
Typo fixes thanks to rosscanning, ref [http://www.mail-archive.com/fossil-users@lists.fossil-scm.org/msg25775.html] ... (check-in: f98852a0df user: andygoth tags: trunk)
2017-08-23
18:53
(cherry-pick): Remove a redundant directory separator character from the temporary filenames generated on windows. (cherry-pick): Change the file_mkfolder() implementation to assume that the folder already exists and only go about creating it and its path if it does not previously exit. ... (check-in: adacbfbcfb user: jan.nijtmans tags: branch-2.3)
17:53
Change the file_mkfolder() implementation to assume that the folder already exists and only go about creating it and its path if it does not previously exit. ... (check-in: 92ea61837e user: drh tags: trunk)
17:38
Remove a redundant directory separator character from the temporary filenames generated on windows. ... (check-in: b5f0d70362 user: drh tags: trunk)
17:29
Add the test-tempname command for testing the file_tempname() routine. ... (check-in: f1d23f04c0 user: drh tags: trunk)
17:28
Fix build (previous cherry-pick was not complete) (cherry-pick): For temporary filename paths on Windows, changes all backslash characters into forward slashes, so that the new enhanced-security shell escape mechanism from check-in [3b191c98] can use those temporary filenames. ... (check-in: dbda6e2a5d user: jan.nijtmans tags: branch-2.3)
17:18
For temporary filename paths on Windows, changes all backslash characters into forward slashes, so that the new enhanced-security shell escape mechanism from check-in [3b191c98] can use those temporary filenames. ... (check-in: e474c177df user: drh tags: trunk)
11:05
Add the --details option to the test-find-pivot command. ... (check-in: 9e48dad49b user: drh tags: trunk)
2017-08-22
09:46
(cherry-pick): Use SQLite 3.20.0 final ... (check-in: 7eebec15bd user: jan.nijtmans tags: branch-2.3)
09:44
(cherry-pick): Fix the SSH sync protocol to avoid "ssh" command-line option injection attacks such as those fixed in Git 2.14.1, Mercurial 4.2.3, and Subversion 1.9.7. As "ssh://" URLs cannot be buried out of sight in Fossil, the vulnerability does not appear to be as severe as in those other systems. (cherry-pick): Enhance the ssh:// URL to be cautious about the fossil= query parameter. Only commands "fossil" and "echo" (with an optional path) are accepted. ... (check-in: 1f18d23d76 user: jan.nijtmans tags: branch-2.3)
2017-08-21
12:18
Use SQLite 3.20.0 final (source_id change only) ... (check-in: 810dd031ec user: jan.nijtmans tags: trunk)
2017-08-12
18:47
Enhance the ssh:// URL to be cautious about the fossil= query parameter. Only commands "fossil" and "echo" (with an optional path) are accepted. ... (check-in: cb43937d8c user: drh tags: trunk)
18:34
Also disallow wildcard characters in blob_append_escape_arg(). ... (check-in: d5b015946d user: drh tags: trunk)
18:30
Disallow the ';' character in blob_append_escape_arg(). ... (check-in: 3bbac57534 user: drh tags: trunk)
18:24
Fix another problem with the needEscape computation in blob_append_escaped_arg() ... (check-in: 9eea719af6 user: drh tags: trunk)
18:22
The windows test macro is "_WIN32" without a trailing "_". ... (check-in: 49ae1785a6 user: drh tags: trunk)
18:20
Fix the needEscape calculation in blob_append_escaped_arg(). ... (check-in: 9690d370e0 user: drh tags: trunk)
18:15
Change the shell_escape() procedure into blob_append_escaped_arg(). Have that procedure raise a fatal error if the argument to be appended contains dodgy characters that might pose a security risk. Also, prepend "./" in front of arguments that begin with "-" to prevent them from looking like switches. ... (check-in: 3b191c984b user: drh tags: trunk)
16:20
Avoid another attack vector when using SSH sync protocol by not calling a shell interpreter. Fixes only Unix-like environments by using execvp() instead of a string that can be mishandled by /bin/sh. Superseded by [3b191c984b] &co. ... (Closed-Leaf check-in: ce7baa9798 user: andybradford tags: ssh-shell-cleanup)
04:19
Typo correction ... (check-in: 45a3d4b167 user: andygoth tags: trunk)
2017-08-11
16:00
Increase the version number to 2.4 and update the change log. ... (check-in: 3ebbe7bcaa user: drh tags: trunk)