Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
50 most recent check-ins by user dmitry
|
2012-11-06
| ||
| 18:38 | Make sure file names in file browser don't wrap by adding white-space property to default CSS. (check-in: b83278f6ff ... user: dmitry tags: trunk) | |
|
2012-11-04
| ||
| 12:59 | Fix typos. (closed check-in: 45065c5c28 ... user: dmitry tags: spelling) | |
|
2011-12-16
| ||
| 22:00 | Add SSL SNI support (suggested by BohwaZ on mailing list). Simplify setting of port for SSL connection. (closed check-in: 132dbcedbc ... user: dmitry tags: dmitry-fixes) | |
|
2011-10-04
| ||
| 15:20 | Add HMAC-SHA1 implementation. (closed check-in: dcee34b25f ... user: dmitry tags: multisession) | |
| 15:15 | Merge protection against timing attacks into trunk. (check-in: d4a341b49d ... user: dmitry tags: trunk) | |
| 14:38 | Merge trunk into dmitry-security branch. (closed check-in: f4eb0f5afc ... user: dmitry tags: dmitry-security) | |
| 14:34 | Rename constant_time_eq to constant_time_cmp to better indicate that these functions return 0 when values are equal, like memcmp, strcmp, etc., not truth, to avoid possible mistakes. (check-in: d244c484e7 ... user: dmitry tags: dmitry-security) | |
| 14:28 |
Revert the previous change after thinking more about it.
Login cards in the sync protocol have the following format: login userid nonce signature Nonce is SHA-1 of the message that follows this line, signature is SHA-1 of the concatenation of the nonce and user's shared secret. The successful timing attack can reveal only signature for this particular packet due to nonce. However, as nonce is known to the attacker, it's theoretically possible for them to bruteforce the shared secret_offline_. The whole scenario sounds highly improbable, but using constant-time comparison function for such things by default is a good practice. (check-in: 13a9a1244c ... user: dmitry tags: dmitry-security) | |
|
2011-09-30
| ||
| 10:51 | It seems like blob_constant_time_eq() is unnecessary for sync protocol signatures; removed. (check-in: 48bcfbd47b ... user: dmitry tags: dmitry-security) | |
| 09:41 | Catch zero length early in blob_constant_time_eq(). (check-in: e3d022dffa ... user: dmitry tags: dmitry-security) | |
|
2011-09-29
| ||
| 21:06 | Fix to the previous fix: install function to the correct database. (check-in: 3782276da6 ... user: dmitry tags: dmitry-security) | |
| 21:04 | Fix login groups. (check-in: 6f29649ef3 ... user: dmitry tags: dmitry-security) | |
| 17:26 | Fix comment. (check-in: a0fa120b74 ... user: dmitry tags: dmitry-security) | |
| 17:21 | Protect against timing attacks by using constant-time comparison function to compare passwords and cookies. (check-in: 7f110475ec ... user: dmitry tags: dmitry-security) | |
| 14:07 | When creating a manifest, get isExe and isLink bits from filesystem at once instead of doing two stat(2) calls. (check-in: 9bfa186be0 ... user: dmitry tags: trunk) | |
| 11:45 | Change file_size() to file_wd_size() in file_is_the_same(). (check-in: 13a771ce18 ... user: dmitry tags: trunk) | |
| 11:05 | Cache "manifest" setting in fossil_reserved_name() instead of reading it from the database on every call. This speeds up adding many files. (check-in: a369dc7721 ... user: dmitry tags: trunk) | |
|
2011-09-27
| ||
| 19:28 | Call file_wd_isdir() in file_mkdir(). (check-in: 13120e9620 ... user: dmitry tags: trunk) | |
| 19:15 | Change a few instances of file_isdir() to file_wd_isdir(). (check-in: f1329470c0 ... user: dmitry tags: trunk) | |
|
2011-09-25
| ||
| 11:14 | Fix double LI tags when listing wiki attachments for users without permissions. (check-in: 12272b7ff0 ... user: dmitry tags: trunk) | |
|
2011-09-24
| ||
| 01:39 | Disable SSLv2 in HTTPS client. This version of the protocol is considered insecure and has been deprecated; all modern browsers disable it. (check-in: ea1d369d23 ... user: dmitry tags: trunk) | |
|
2011-09-11
| ||
| 13:57 | Fix three remaining instances of printing rebuild progress in CGI mode. Ticket [19be0265ff]. (closed check-in: 2cd21f8dc2 ... user: dmitry tags: dmitry-fixes) | |
| 12:27 | Disallow creating users with empty login. Ticket [66ce1088]. (check-in: e1ea6c26d0 ... user: dmitry tags: dmitry-fixes) | |
| 12:26 | Fix typos in documentation. Tickets [09310d1a] and [806c4358]. (check-in: 9150a8a234 ... user: dmitry tags: dmitry-fixes) | |
| 12:19 | Show overridden user in commit comment. Ticket [4af785ba]. (check-in: 7c82dbf546 ... user: dmitry tags: dmitry-fixes) | |
|
2011-09-08
| ||
| 14:30 | Add comment describing file_wd_isfile() function. (check-in: f23334cbda ... user: dmitry tags: trunk) | |
| 13:07 | Remove unused variable from ticket_cmd(). (check-in: a0b3769b01 ... user: dmitry tags: trunk) | |
| 13:02 | Merge fixes and refactoring from symlinks branch. (check-in: c05f6afaf2 ... user: dmitry tags: trunk) | |
| 12:59 | Fix Windows build. (closed check-in: 4e586a2d8e ... user: dmitry tags: symlinks) | |
| 11:59 |
Introduce new file_wd_* functions that use stat() or lstat() depending on 'allow-symlinks' setting, and use them when dealing with files inside the working directory. Make file_* functions always use stat() as before merging symlink support.
Fix renaming of symlinks when merging (via new function symlink_copy()). Rename create_symlink() to symlink_create(). (check-in: 8a0c546990 ... user: dmitry tags: symlinks) | |
| 11:52 | Merge latest trunk into symlinks branch. (check-in: 981e5c62e3 ... user: dmitry tags: symlinks) | |
|
2011-09-06
| ||
| 13:23 | Close A and LI tags when displaying new and deleted files in timeline. (check-in: 8d703ff956 ... user: dmitry tags: trunk) | |
|
2011-09-02
| ||
| 12:39 | Merge symlink fixes into trunk. (check-in: c97535c5d8 ... user: dmitry tags: trunk) | |
| 12:27 | Merge latest trunk into symlinks branch. (check-in: fee3c6767d ... user: dmitry tags: symlinks) | |
| 10:34 | Print description of conflict when 'stash apply' cannot merge a symlink and a regular file. (check-in: bca6924e5f ... user: dmitry tags: symlinks) | |
| 10:19 | Uncomment contents of Makefile.in. Silence OpenSSL deprecation warnings on Mac OS X 10.7. (check-in: 73443aa7f8 ... user: dmitry tags: symlinks) | |
| 09:34 | Bring Makefile.in back. (check-in: 6729562675 ... user: dmitry tags: symlinks) | |
|
2011-09-01
| ||
| 23:55 | Change a couple of unlink()'s to file_delete(). (check-in: 61d49d92bb ... user: dmitry tags: symlinks) | |
| 23:44 | Fix indentation in update.c. (check-in: 1d54dce41e ... user: dmitry tags: symlinks) | |
| 23:18 | Merge latest changes from trunk. (check-in: 2b1a4797dd ... user: dmitry tags: symlinks) | |
| 22:56 | Refactor file_perm(), file_islink(), and file_isexe(). Now file_perm() calls stat only once. (check-in: eac23495a9 ... user: dmitry tags: symlinks) | |
| 22:55 | Fix merge when merging UPDATEs a symlink to a regular file and vice versa. (check-in: 82a95b4692 ... user: dmitry tags: symlinks) | |
| 22:52 | Fix undo when having a regular file on disk and symlink in undo. (check-in: 324763b932 ... user: dmitry tags: symlinks) | |
| 22:15 | Fix saving undo for symlinks. (check-in: 0762b1d9c6 ... user: dmitry tags: symlinks) | |
| 20:56 | Merge latest trunk. (check-in: 02ee688a4d ... user: dmitry tags: symlinks) | |
|
2011-08-31
| ||
| 16:28 | Merge improvements to artifact descriptions into symlinks branch. Also modify displaying of permissions: now web UI shows "File", "Executable file", or "Symbolic link" in file artifact description. (check-in: 3115774ffe ... user: dmitry tags: symlinks) | |
| 09:55 | Merge latest trunk. (check-in: 40ed431ca5 ... user: dmitry tags: symlinks) | |
|
2011-08-28
| ||
| 11:22 | Make blob_read_link() C89-compatible on Unix again. (check-in: 034819087d ... user: dmitry tags: symlinks) | |
| 11:01 | Use file_delete() instead of unlink() in vfile_to_disk(). (check-in: 08311ffc6a ... user: dmitry tags: symlinks) | |
| 10:43 | Handle errors in blob_read_link(). (check-in: d43029f6f4 ... user: dmitry tags: symlinks) | |