Fossil

Timeline
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

50 most recent check-ins by user dmitry

2012-11-06
18:38
Make sure file names in file browser don't wrap by adding white-space property to default CSS. (check-in: b83278f6ff user: dmitry tags: trunk)
2012-11-04
12:59
Fix typos. (Closed-Leaf check-in: 45065c5c28 user: dmitry tags: spelling)
2011-12-16
22:00
Add SSL SNI support (suggested by BohwaZ on mailing list). Simplify setting of port for SSL connection. (Closed-Leaf check-in: 132dbcedbc user: dmitry tags: dmitry-fixes)
2011-10-04
15:20
Add HMAC-SHA1 implementation. (Closed-Leaf check-in: dcee34b25f user: dmitry tags: multisession)
15:15
Merge protection against timing attacks into trunk. (check-in: d4a341b49d user: dmitry tags: trunk)
14:38
Merge trunk into dmitry-security branch. (Closed-Leaf check-in: f4eb0f5afc user: dmitry tags: dmitry-security)
14:34
Rename constant_time_eq to constant_time_cmp to better indicate that these functions return 0 when values are equal, like memcmp, strcmp, etc., not truth, to avoid possible mistakes. (check-in: d244c484e7 user: dmitry tags: dmitry-security)
14:28
Revert the previous change after thinking more about it. Login cards in the sync protocol have the following format: login userid nonce signature Nonce is SHA-1 of the message that follows this line, signature is SHA-1 of the concatenation of the nonce and user's shared secret. The successful timing attack can reveal only signature for this particular packet due to nonce. However, as nonce is known to the attacker, it's theoretically possible for them to bruteforce the shared secret_offline_. The whole scenario sounds highly improbable, but using constant-time comparison function for such things by default is a good practice. (check-in: 13a9a1244c user: dmitry tags: dmitry-security)
2011-09-30
10:51
It seems like blob_constant_time_eq() is unnecessary for sync protocol signatures; removed. (check-in: 48bcfbd47b user: dmitry tags: dmitry-security)
09:41
Catch zero length early in blob_constant_time_eq(). (check-in: e3d022dffa user: dmitry tags: dmitry-security)
2011-09-29
21:06
Fix to the previous fix: install function to the correct database. (check-in: 3782276da6 user: dmitry tags: dmitry-security)
21:04
Fix login groups. (check-in: 6f29649ef3 user: dmitry tags: dmitry-security)
17:26
Fix comment. (check-in: a0fa120b74 user: dmitry tags: dmitry-security)
17:21
Protect against timing attacks by using constant-time comparison function to compare passwords and cookies. (check-in: 7f110475ec user: dmitry tags: dmitry-security)
14:07
When creating a manifest, get isExe and isLink bits from filesystem at once instead of doing two stat(2) calls. (check-in: 9bfa186be0 user: dmitry tags: trunk)
11:45
Change file_size() to file_wd_size() in file_is_the_same(). (check-in: 13a771ce18 user: dmitry tags: trunk)
11:05
Cache "manifest" setting in fossil_reserved_name() instead of reading it from the database on every call. This speeds up adding many files. (check-in: a369dc7721 user: dmitry tags: trunk)
2011-09-27
19:28
Call file_wd_isdir() in file_mkdir(). (check-in: 13120e9620 user: dmitry tags: trunk)
19:15
Change a few instances of file_isdir() to file_wd_isdir(). (check-in: f1329470c0 user: dmitry tags: trunk)
2011-09-25
11:14
Fix double LI tags when listing wiki attachments for users without permissions. (check-in: 12272b7ff0 user: dmitry tags: trunk)
2011-09-24
01:39
Disable SSLv2 in HTTPS client. This version of the protocol is considered insecure and has been deprecated; all modern browsers disable it. (check-in: ea1d369d23 user: dmitry tags: trunk)
2011-09-11
13:57
Fix three remaining instances of printing rebuild progress in CGI mode. Ticket [19be0265ff]. (Closed-Leaf check-in: 2cd21f8dc2 user: dmitry tags: dmitry-fixes)
12:27
Disallow creating users with empty login. Ticket [66ce1088]. (check-in: e1ea6c26d0 user: dmitry tags: dmitry-fixes)
12:26
Fix typos in documentation. Tickets [09310d1a] and [806c4358]. (check-in: 9150a8a234 user: dmitry tags: dmitry-fixes)
12:19
Show overridden user in commit comment. Ticket [4af785ba]. (check-in: 7c82dbf546 user: dmitry tags: dmitry-fixes)
2011-09-08
14:30
Add comment describing file_wd_isfile() function. (check-in: f23334cbda user: dmitry tags: trunk)
13:07
Remove unused variable from ticket_cmd(). (check-in: a0b3769b01 user: dmitry tags: trunk)
13:02
Merge fixes and refactoring from symlinks branch. (check-in: c05f6afaf2 user: dmitry tags: trunk)
12:59
Fix Windows build. (Closed-Leaf check-in: 4e586a2d8e user: dmitry tags: symlinks)
11:59
Introduce new file_wd_* functions that use stat() or lstat() depending on 'allow-symlinks' setting, and use them when dealing with files inside the working directory. Make file_* functions always use stat() as before merging symlink support. Fix renaming of symlinks when merging (via new function symlink_copy()). Rename create_symlink() to symlink_create(). (check-in: 8a0c546990 user: dmitry tags: symlinks)
11:52
Merge latest trunk into symlinks branch. (check-in: 981e5c62e3 user: dmitry tags: symlinks)
2011-09-06
13:23
Close A and LI tags when displaying new and deleted files in timeline. (check-in: 8d703ff956 user: dmitry tags: trunk)
2011-09-02
12:39
Merge symlink fixes into trunk. (check-in: c97535c5d8 user: dmitry tags: trunk)
12:27
Merge latest trunk into symlinks branch. (check-in: fee3c6767d user: dmitry tags: symlinks)
10:34
Print description of conflict when 'stash apply' cannot merge a symlink and a regular file. (check-in: bca6924e5f user: dmitry tags: symlinks)
10:19
Uncomment contents of Makefile.in. Silence OpenSSL deprecation warnings on Mac OS X 10.7. (check-in: 73443aa7f8 user: dmitry tags: symlinks)
09:34
Bring Makefile.in back. (check-in: 6729562675 user: dmitry tags: symlinks)
2011-09-01
23:55
Change a couple of unlink()'s to file_delete(). (check-in: 61d49d92bb user: dmitry tags: symlinks)
23:44
Fix indentation in update.c. (check-in: 1d54dce41e user: dmitry tags: symlinks)
23:18
Merge latest changes from trunk. (check-in: 2b1a4797dd user: dmitry tags: symlinks)
22:56
Refactor file_perm(), file_islink(), and file_isexe(). Now file_perm() calls stat only once. (check-in: eac23495a9 user: dmitry tags: symlinks)
22:55
Fix merge when merging UPDATEs a symlink to a regular file and vice versa. (check-in: 82a95b4692 user: dmitry tags: symlinks)
22:52
Fix undo when having a regular file on disk and symlink in undo. (check-in: 324763b932 user: dmitry tags: symlinks)
22:15
Fix saving undo for symlinks. (check-in: 0762b1d9c6 user: dmitry tags: symlinks)
20:56
Merge latest trunk. (check-in: 02ee688a4d user: dmitry tags: symlinks)
2011-08-31
16:28
Merge improvements to artifact descriptions into symlinks branch. Also modify displaying of permissions: now web UI shows "File", "Executable file", or "Symbolic link" in file artifact description. (check-in: 3115774ffe user: dmitry tags: symlinks)
09:55
Merge latest trunk. (check-in: 40ed431ca5 user: dmitry tags: symlinks)
2011-08-28
11:22
Make blob_read_link() C89-compatible on Unix again. (check-in: 034819087d user: dmitry tags: symlinks)
11:01
Use file_delete() instead of unlink() in vfile_to_disk(). (check-in: 08311ffc6a user: dmitry tags: symlinks)
10:43
Handle errors in blob_read_link(). (check-in: d43029f6f4 user: dmitry tags: symlinks)