Fossil

Timeline
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

200 check-ins occurring around 2020-08-20 13:27.

2020-08-28
09:47
Unprotect the ssl-identity property when setting it. ... (check-in: e3636830 user: drh tags: trunk)
09:34
Use the timeline format for /whistory. ... (check-in: cef8425c user: drh tags: trunk)
2020-08-27
23:54
Typo fix: Turns out "edited" only has one "t". Who knew? ... (check-in: 91ff34dc user: drh tags: trunk)
17:56
Clarified the online docs for the "fossil remote REF" command form. It wasn't obvious before that you could give a NAME instead of a URL. ... (check-in: 292ba94e user: wyoung tags: trunk)
15:11
Additional interlinking and clarification of CGI documentation. ... (check-in: 43fb402b user: drh tags: trunk)
12:34
Do not assume that missing SCRIPT_NAME and PATH_INFO environment variables for CGI have a value which is an empty string. ... (check-in: 9601b6cf user: drh tags: trunk)
01:37
Fix the server-side clone so that it is able to operate on a read-only repository database. ... (check-in: 147bf47d user: drh tags: trunk)
2020-08-26
21:43
Improvements to help-text HTML formatting. ... (check-in: 517223ec user: drh tags: trunk)
14:46
Update the built-in SQLite to the latest 3.34.0 alpha that includes support for the sqlite3_txn_state() interface, with an eye toward using sqlite3_txn_state() to help prevent "busy" errors coming from high-load Fossil servers. ... (check-in: e3ca34cb user: drh tags: trunk)
2020-08-25
16:23
Yet another improvement to the "Latest Release" section of the homepage. ... (check-in: 5d32221c user: drh tags: trunk)
16:14
Further improvements to the "Latest Release" section of the homepage. ... (check-in: f282632b user: drh tags: trunk)
16:10
Update the homepage with links to the latest release and the commits that have gone into it. ... (check-in: c508ed7a user: drh tags: trunk)
14:34
Improved titles for forum posts that show the original poster and the latest editor if they are different people. ... (check-in: 9543ddbe user: drh tags: trunk)
13:53
Tiniest style tweak for consistency ... (check-in: 7ea82586 user: andygoth tags: trunk)
13:47
Separately show original and edited user/date ... (check-in: 39a550c8 user: andygoth tags: trunk)
07:07
Removed some hard tabs in CSS injected by copy/paste from the browser dev tools. ... (check-in: 1bfa3686 user: stephan tags: trunk)
07:00
The fossil.XYZ.js-using pages now include all of those APIs when running in bundled JS mode, as that provides far lower aggregate over-the-wire and HTTP request counts. Added ? popup help buttons in wikiedit/fileedit to replace title-attribute hoverhelp (popup positioning can still be improved, though). ... (check-in: 34f7fd72 user: stephan tags: trunk)
06:32
Fix HTML formatting issues with a few built-in help pages. ... (check-in: 11384f18 user: drh tags: trunk)
06:18
Lots of tweaking to the "help buttonlet" popup position. Something to improve some rainy day. ... (Closed-Leaf check-in: 3f08a9d2 user: stephan tags: misc-js-experiments)
05:04
Updated javascript.md page to track recent developments. ... (check-in: 3a1d3cc2 user: wyoung tags: trunk)
00:01
Improvements to handling of line endings and BOM marks when doing a 3-way merge. ... (check-in: 88ff2642 user: drh tags: trunk)
2020-08-24
23:24
Merge miscellanous auxiliary defenses and security enhancements. This check-in is not needed to fix any problems that are not already fixed in version 2.12.1. It merely provides additional defense in depth. ... (check-in: f741baa6 user: drh tags: trunk)
22:57
If both files being merged by 'fossil merge' contain a UTF-8 byte order mark (BOM), keep it in the produced merged file. ... (Closed-Leaf check-in: 91182cd1 user: marciogabe tags: merge-crlf-bom)
22:46
Improved cross-page caching of wikiedit/fileedit bundle, reducing those pages to a single request of 10-13k once cache is warm. Fixed non-bundled JS distribution of fileedit and wikiedit. ... (check-in: 20c50cd1 user: stephan tags: misc-js-experiments)
22:45
Adjust 'fossil merge' command to use CR/LF line endings for conflict markings if both files being merged already use such line ending type. ... (check-in: 60ecf5d9 user: marciogabe tags: merge-crlf-bom)
22:20
Moved C routines which emit fossil.XYZ JS APIs from style.c to builtin.c, and renamed appropriately. Added flag to output_text_with_line_numbers() to disable emit of JS (needed for fileedit preview, at a minimum). The experimental emitting of all fossil.XYZ APIs at once is now limited to bundled mode, as that's the only place it's potentially of benefit. ... (check-in: c515e5fd user: stephan tags: misc-js-experiments)
20:49
Experimentally added '?' help buttons in wikiedit. Experimentally emit all fossil.XYZ APIs, rather than selected ones, to test whether that reduces overall transmission together with caching. DOM init-time timing workarounds to get confirmer buttons to pin their sizes properly. ... (check-in: 9edbb7ea user: stephan tags: misc-js-experiments)
20:24
Changed how fossil.confirmer pinSize option computes element width to be more robust in the face of CSS 'auto' width values. ... (check-in: 1f4143ba user: stephan tags: trunk)
12:35
For Hash or Wiki interwiki hyperlinks in Fossil Wiki without an alternative display, elide the initial interwiki tag from the display. ... (check-in: 2d1a493d user: drh tags: trunk)
04:44
Applied fix from [5244a548] to /json/wiki/list. ... (check-in: 5a568d8b user: stephan tags: trunk)
04:33
Reverted [37409e7dbe] in favor of [5244a548], which is cleaner, smaller, and works. ... (check-in: a7d8c58d user: stephan tags: trunk)
00:24
Merge changes from trunk. ... (Closed-Leaf check-in: 4a8bc878 user: drh tags: sec2020)
2020-08-23
22:11
Provide backlinks from Forum posts. Run rebuild to insert Forum backlinks into the BACKLINK table after applying this patch. ... (check-in: 2df0e5c4 user: drh tags: trunk)
20:06
Updates to the "fossil config" command documentation and the change log. ... (check-in: 79b1cd4b user: drh tags: trunk)
18:12
For the wiki_render_page_list_json() function, only include pages on the list if they have one or more artifacts. This seems to clears the bug described by "Wiki editor inop" forum post ... (check-in: 5244a548 user: drh tags: trunk)
16:02
Merge the interwiki enhancement from trunk. ... (check-in: 26ac4b1c user: drh tags: sec2020)
15:55
Add support for interwiki links. ... (check-in: f4dc114a user: drh tags: trunk)
15:52
Add the /intermap page for adjusting the interwiki mapping using a Web interface. ... (Closed-Leaf check-in: dab94dda user: drh tags: interwiki)
14:04
Add preliminary documentation for interwiki links. List the intermap on the /md_rules and /wiki_rules pages. ... (check-in: 1a4158ea user: drh tags: interwiki)
01:47
Fix syntax error in the previous commit. Dunno how I managed to check in a change that doesn't build.... ... (check-in: fa105da0 user: drh tags: interwiki)
01:43
Move much interwiki code into a new source files "interwiki.c". Add the "fossil interwiki" command for managing the list of remote wikis. ... (check-in: 08750733 user: drh tags: interwiki)
00:47
Fix a bugs in the interwiki configuration transfer logic. ... (check-in: c959dde1 user: drh tags: interwiki)
00:29
Typo fix in comment ... (check-in: 684fb15a user: wyoung tags: interwiki)
2020-08-22
23:21
The "Code" on an inter-wiki link must be ascii alphanumeric. Sync the inter-wiki config table entries on clone. ... (check-in: 55053678 user: drh tags: interwiki)
20:23
Rudimentary support for interwiki links. ... (check-in: 3ca23edc user: drh tags: interwiki)
19:07
Update the Fossil Wiki and Markdown cheat-sheets to include hyperlinks to one another. ... (check-in: 0ae2dbd4 user: drh tags: trunk)
16:26
Typo fix. Removed 13th quote, as the link is now 404, per note in the forum. ... (check-in: 659f6cd0 user: stephan tags: trunk)
16:24
Fix harmless compiler warnings. ... (check-in: a872067f user: drh tags: trunk)
16:10
More robust handling of missing CGI parameters. See discussion at forum thread e2e75f8aec. ... (check-in: d6f69343 user: drh tags: trunk)
15:35
Merge the latest enhancements from trunk. ... (check-in: 11c1566a user: drh tags: sec2020)
15:34
Improvements to the forum thread display. Additional details on the forum thread. ... (check-in: 5182a1bf user: drh tags: trunk)
15:31
Increment the cfgcnt when a forum items held for moderation is approved or disapproved, so that the timeline etag cache will expire. ... (check-in: c80762fa user: drh tags: trunk)
13:49
URL fixes in www/quotes.wiki; where a new URL can't be found, removed the quote as unsupportable. ... (check-in: 4c5445d9 user: wyoung tags: trunk)
12:04
Amend broken link to OpenBSD server doc from file name change: server/openbsd/httpd.md -> server/openbsd/fastcgi.md ... (check-in: 0fd7302d user: jamsek tags: trunk)
10:45
Merge Andy Goth's enhancements to the forum. ... (Leaf check-in: 50cdb741 user: drh tags: sec2020-forum-refactor)
03:25
Correct minor documentation typo (bytes -> bits) ... (check-in: 96f1a9f5 user: andygoth tags: trunk)
03:06
Guard against an infinite loop in certain pathological edit patterns ... (Closed-Leaf check-in: 71fe590e user: andygoth tags: andygoth-forum-refactor)
02:53
Link to the next edit rather than the final edit ... (check-in: 91a3a600 user: andygoth tags: andygoth-forum-refactor)
02:50
When showing the source of an edited post, show that exact version rather than the newest version ... (check-in: df916a9d user: andygoth tags: andygoth-forum-refactor)
02:38
Unify and regularize forum display code ... (check-in: 6999639b user: andygoth tags: andygoth-forum-refactor)
00:23
Update the custom MinGW makefile. ... (check-in: 6eb1f434 user: mistachkin tags: trunk)
2020-08-21
23:40
Internally rename "entry" to "post" for more consistent terminology ... (check-in: adefa86c user: andygoth tags: andygoth-forum-refactor)
23:20
Rework forum post serial IDs to include a revision number when edited. This fixes buggy sids displayed in thread https://fossil-scm.org/forum/forumpost/6737a387fe?t=c&threadtable. ... (check-in: dd47b8c3 user: andygoth tags: andygoth-forum-refactor)
22:58
Extend translator to support two- and three-argument printf specifiers, e.g. "%.*s(len)(str)" or "%*.*d(width)(prec)(val)" ... (check-in: df7b0c31 user: andygoth tags: andygoth-forum-refactor)
22:03
Remove mfirt ... (check-in: a8d90b1f user: andygoth tags: andygoth-forum-refactor)
21:52
Remove fprev ... (check-in: d585c347 user: andygoth tags: andygoth-forum-refactor)
21:50
Restore inadvertently deleted column ... (check-in: c76023e3 user: andygoth tags: andygoth-forum-refactor)
21:45
Replace firt with pIrt ... (check-in: ed56faad user: andygoth tags: andygoth-forum-refactor)
21:17
Remove nReply which is present only in debug outputs, correct column alignment in debug output ... (check-in: b932e49c user: andygoth tags: andygoth-forum-refactor)
20:34
Remove indenting that was leaking into the HTML output ... (check-in: bf98aa00 user: andygoth tags: andygoth-forum-refactor)
20:19
Add new fields to threadtable debug output ... (check-in: c4d6d757 user: andygoth tags: andygoth-forum-refactor)
19:42
Actually use pEditHead ... (check-in: 9e924011 user: andygoth tags: andygoth-forum-refactor)
19:41
Add pEditHead field to avoid repeatedly walking back to find the original post ... (check-in: 7114bdc8 user: andygoth tags: andygoth-forum-refactor)
19:34
Rename pEditLeaf to pEditTail ... (check-in: 145a6ef2 user: andygoth tags: andygoth-forum-refactor)
19:33
Rename pLeaf to pEditLeaf to be consistent with the other edit fields ... (check-in: 763d22b7 user: andygoth tags: andygoth-forum-refactor)
18:32
Additional checks to ensure that db_set() and db_set_int() do not modify a sensitive setting unless PROTECT_BASELINE is disabled. ... (check-in: ccdb5a9b user: drh tags: sec2020)
15:57
Add pEditNext field to permit walking forward as well as backward through the edit chain ... (check-in: a17f4955 user: andygoth tags: andygoth-forum-refactor)
15:54
Begin refactoring forum code to support orthogonal history and plaintext options. First step: rename pEdit to pEditPrev to make room for a pEditNext field. ... (check-in: 636f6596 user: andygoth tags: andygoth-forum-refactor)
15:08
Add missing db_unprotect() calls to backoffice. ... (check-in: c75dcc62 user: drh tags: sec2020)
15:05
Improved documentation of the database write protection logic. Added undocumented SQL command db_protect() and db_protect_pop() to the "sql" command. Panic on a protection stack overflow. ... (check-in: 75deba73 user: drh tags: sec2020)
14:40
Add missing bold markup ... (check-in: 273dd80e user: andygoth tags: trunk)
13:04
Add triggers to prevent changes to sensitive settings when PROTECT_SENSITIVE is engaged. ... (check-in: c9b9a77d user: drh tags: sec2020)
11:26
Remove incorrect leaf ambiguity warning when doing a "fossil commit --dry-run". ... (check-in: 1b52c414 user: drh tags: sec2020)
11:19
Fix the locate_unmanaged_files() routine so that it always see (and ignores) symbolic links. ... (check-in: 0938b565 user: drh tags: sec2020)
10:29
More improvements to the allow-symlinks help text. ... (check-in: f7f31147 user: drh tags: sec2020)
10:23
Improved on-line help for the allow-symlinks setting. ... (check-in: d3090e91 user: drh tags: sec2020)
10:10
Improve comments on symlink logic ... (check-in: 39a5df1f user: drh tags: sec2020)
01:09
Add a missing db_unprotect() to the "fossil all" command. ... (check-in: b9ae03f6 user: drh tags: sec2020)
01:01
Merge the latest changes from trunk into sec2020. ... (check-in: 1d61aae3 user: drh tags: sec2020)
2020-08-20
23:45
Change width per stephan's request ... (Leaf check-in: 53458bed user: andygoth tags: andygoth-ardoise-tweaks)
22:40
Using parameters to namespace functions in fossil*.js instead of the global "fossil" object. Squishes a complaint by GCC and makes the code a smidge smaller besides. ... (check-in: 0f03f78a user: wyoung tags: trunk)
21:15
Same as [31af8053] but in src/copybtn.js, upon which code fossil.copybutton.js was apparently based. This other file may be going away soon, but until then, it avoids a warning. ... (check-in: c0cb0b9d user: wyoung tags: trunk)
20:40
Gave the line-number popup (and related popups) a z-level below that of the default skin's hamburger menu. ... (check-in: bbef8ce3 user: stephan tags: trunk)
20:25
Added a "window." reference to a global variable in fossil.dom.js to make explicit where the variable is coming from. All the surrounding code does this, and the fix quiets a complaint from GCC. ... (check-in: 31af8053 user: wyoung tags: trunk)
20:05
Allow /wikiedit's page-list-fetch operation to silently skip over mysteriously missing (shunned but not yet rebuilt?) wiki pages, to resolve an issue on the core fossil site where such a missing/invisible page named 'Security Desk Technician' is causing /wikiedit to fail to load. ... (check-in: 37409e7d user: stephan tags: trunk)
19:52
Removed a pair of bogus "delete" calls in fossil.popupwidget.js, flagged by Google Closure Compiler. You can't delete the result of a function call, only object properties. ... (check-in: 0d7d54e8 user: wyoung tags: trunk)
19:51
Minor change to auto.def requested by https://bugs.debian.org/961772 ... (check-in: e6de5ec7 user: drh tags: trunk)
18:08
Show the artifact hash with a copy button on the header of /file pages. ... (check-in: 00eb7a05 user: drh tags: trunk)
16:25
Merge recent changes from trunk. ... (check-in: c93cb2ba user: drh tags: sec2020)
15:22
Update the change log and the latest-release link on the homepage. ... (check-in: 5983f5b9 user: drh tags: trunk)
13:27
Version 2.12.1 ... (Leaf check-in: b98ce23d user: drh tags: release, branch-2.12, version-2.12.1)
13:24
Version 2.11.2 ... (Leaf check-in: c58877d6 user: drh tags: release, branch-2.11, version-2.11.2)
13:18
Version 2.10.2 ... (Leaf check-in: 12d2ad00 user: drh tags: release, branch-2.10, version-2.10.2)
13:08
Rearrange code, tweak span colors ... (check-in: 1ffe4cde user: andygoth tags: andygoth-ardoise-tweaks)
13:01
2.12.1 release candidate with security fixes. ... (check-in: 40feec32 user: drh tags: branch-2.12)
12:31
Fix CSS priority issue ... (check-in: ed04edd8 user: andygoth tags: andygoth-ardoise-tweaks)
05:13
Spelling and grammar fixes to javascript.md. ... (check-in: 209f73cb user: wyoung tags: trunk)
04:18
Many improvements to the "Use of JavaScript in Fossil" document, www/javascript.md, inspired by the recent Ajaxifications and forum commentary on the topic. ... (check-in: 977ba78f user: wyoung tags: trunk)
04:17
Assorted minor improvements to the javascript.md doc. ... (Closed-Leaf check-in: dc1bc213 user: wyoung tags: js-policy-doc)
02:14
Minuscule tweaks to javascript.md ... (check-in: 5648dcfc user: stephan tags: js-policy-doc)
00:37
Command fixes in the new material within javascript.md ... (check-in: ba9480b0 user: wyoung tags: js-policy-doc)
00:11
Editing pass on javascript.md. ... (check-in: 202a6616 user: wyoung tags: js-policy-doc)
00:04
Report the use of FOSSIL_LEGACY_ALLOW_SYMLINKS in the output "fossil version -v". ... (Leaf check-in: 89d950ef user: drh tags: sec2020-2.12-patch)
2020-08-19
23:52
Moved "Blocking JavaScript" section of javascript.md down into the Q&A section. ... (check-in: 85c7bdb2 user: wyoung tags: js-policy-doc)
23:45
Moved my rewrite of Stephan's "Compatibility Concerns" section of javascript.md down into the Q&A section. ... (check-in: 02627949 user: wyoung tags: js-policy-doc)
23:41
Moved "Fossil Does Not Snoop On You" section of javascript.md down into a Q&A point. ... (check-in: b76427bb user: wyoung tags: js-policy-doc)
23:38
Moved the "No Third-Party JavaScript in Fossil" section of javascript.md down into the Q&A "debate" section. Also reworked some of the following question's answer to the C vs JavaScript matter. ... (check-in: 48ef6333 user: wyoung tags: js-policy-doc)
23:30
Moved the old "How Many Users Run with JavaScript Disabled Anyway?" section of javascript.md down into the "debate" section as one of the Q&A points. ... (check-in: bc5cf569 user: wyoung tags: js-policy-doc)
23:19
Merged the "Future Plans for JavaScript in Fossil" section of js-policy.md into javascript.md. This all but zeroes out the contents of the old doc, so I've removed it. Future changes go into javascript.md. ... (check-in: 4ad0d979 user: wyoung tags: js-policy-doc)
23:07
Hoist the "Compatiblity Concerns" section of js-policy.md into javascript.md. Another near-total rewrite, maintaining the original's points. ... (check-in: 7eef486c user: wyoung tags: js-policy-doc)
22:57
Merged Stephan's "in closing" statement after the argumentation section of js-policy.md into the "Philosophy & Policy" section of javascript.md. Another near-rewrite, while maintaining the overall points. ... (check-in: 12acdcf3 user: wyoung tags: js-policy-doc)
22:49
Added "Arguments Against JavaScript & Our Rebuttals" section to javascript.md, based on the similar section in this branch's new js-policy.md doc. It's nearly a rewrite, but all of the points remain. ... (check-in: 1e3ee576 user: wyoung tags: js-policy-doc)
21:24
Merged trunk changes in ... (check-in: 32ef4cfa user: wyoung tags: js-policy-doc)
21:19
Added a section to javascript.md on the new /fileedit feature. ... (check-in: 100b4868 user: wyoung tags: trunk)
21:08
The allow-symlinks setting is disabled by default and is not versionable, unless Fossil is compiled with the FOSSIL_LEGACY_ALLOW_SYMLINKS flag, in which case it follows the historic behavior. ... (check-in: cdc90f0c user: drh tags: sec2020-2.12-patch)
21:05
Updated the "Line Numbering" section of javascript.md to cover the new interactive line selection in Fossil 2.12. ... (check-in: f84d7a0e user: wyoung tags: trunk)
20:58
Updated the "Wiki Editor" section of javascript.md to cover the new `/wikiedit` implementation. ... (check-in: 31c40509 user: wyoung tags: trunk)
16:13
Silently ignore reserved filenames that occur inside of manifests, rather than throwing an error. No need for a setting to allow reserved filenames in manifests. ... (check-in: 2e19c5fe user: drh tags: sec2020)
15:46
Remove commands "test-nondir-path" and "test-is-reserved-name" and add the equivalent functionality to "test-file-environment". ... (check-in: 0cec61e4 user: drh tags: sec2020)
15:26
Remove the --symlinks option from the "fossil open" command. It is not needed. Users who want to enable symlinks can use the "fossil settings" command first. ... (check-in: ff811934 user: drh tags: sec2020)
15:21
Add the "fossil test-nondir-path" command for testing parts of the new symlink logic. ... (check-in: 13cfef33 user: drh tags: sec2020)
14:23
Harmonize artifact count and average between /stat and /artifact_stats. See https://fossil-scm.org/forum/forumpost/37514b1f67. ... (check-in: 38fa17e4 user: andygoth tags: trunk)
13:51
When diffing long sequences, the product of their lengths can overflow to a negative number, triggering optimalLCS() which is very expensive. Prevent this overflow. See https://fossil-scm.org/forum/forumpost/5f9365f9fe for discussion. ... (check-in: e2b7dca9 user: andygoth tags: trunk)
12:58
Merge additional symlink fixes. Back out comment-only changes from url.c. ... (check-in: 0ea17c2b user: drh tags: sec2020-2.12-patch)
12:26
Fix harmless compiler warnings. ... (check-in: feef8275 user: drh tags: sec2020)
12:22
Additional defenses against doing "fossil add" of files that are beneath symlinks. ... (check-in: 928b023c user: drh tags: sec2020)
12:08
Improved detection of attempts to write through a symlink. Now also works for "revert", "stash", and "undo/redo". ... (check-in: f63297b2 user: drh tags: sec2020)
09:57
Increase the version number to 2.12.1. ... (check-in: 32646b27 user: drh tags: branch-2.12)
08:40
It turns out we already have javascript.md, with similar aims, so now it's a matter of integrating this doc into that one. ... (check-in: 2e131efc user: stephan tags: js-policy-doc)
08:11
Fixed a poorly-placed wordwrap which looked like a new list entry to markup. ... (check-in: 571bf459 user: stephan tags: js-policy-doc)
08:00
Initial draft of a project policy doc explaining and justifying its use of JavaScript. ... (check-in: 93e4561b user: stephan tags: js-policy-doc)
01:33
Restore blank cell capability, fixes [95ce0e53] ... (check-in: dc94ebc2 user: andygoth tags: trunk)
01:07
Cherrypick key fixes from the sec2020 branch in order to devise a minimal patch to get us to version 2.12.1. ... (check-in: fe1264d3 user: drh tags: sec2020-2.12-patch)
00:56
Make a few tweaks to the Ardoise skin. See https://fossil-scm.org/forum/forumpost/a4bcfec897 for branch discussion. ... (check-in: 535f4eb8 user: andygoth tags: andygoth-ardoise-tweaks)
00:15
Do not allow the "fossil add" command to add files beneath a symlink. ... (check-in: a6abfb91 user: drh tags: sec2020)
2020-08-18
23:39
An alternative method for dealing with historical files named "_FOSSIL_" in the tree: Simply pretend they are not there. ... (Closed-Leaf check-in: 8f24c079 user: drh tags: ignore-reserved-filenames)
22:53
Line numbering forum feedback: removed toast message, replaced vague 'lines X-Y' label with 'Copy link to lines X-Y', removed udc=xxx from the generated URL. ... (check-in: 7c98df41 user: stephan tags: trunk)
21:03
Cherrypick [d2d8894bb2]: fossil.storage.clear() is now also sandboxed - no longer nuking all state for all repos on the same origin. ... (check-in: d0988e67 user: stephan tags: branch-2.12)
21:01
fossil.storage.clear() is now also sandboxed - no longer nuking all state for all repos on the same origin. ... (check-in: d2d8894b user: stephan tags: trunk)
20:58
Silently refuse to "fossil add" files that use reserved names. ... (check-in: 888da94e user: drh tags: sec2020)
20:51
Merged in [923affb930a27b], which reinstates localStorage but sandboxes access to fossil.storage on a per-repo basis. ... (check-in: 21fbd473 user: stephan tags: branch-2.12)
20:46
Re-enabled localStorage for fossil.storage but enhanced it to sandbox the keys used by the apps on a per-repo basis, so there is no longer any (immediately visible) cross-repo polution. The underlying localStorage/sessionStorage is still shared per origin/browser profile instance, but fossil.storage clients will only see the state from their own repo. ... (check-in: 923affb9 user: stephan tags: trunk)
20:19
Improved error message and response when trying to manifest a check-out that contains a file beneath a symbolic link directory. ... (check-in: 20d90dd4 user: drh tags: sec2020)
19:56
Add a security audit warning if the strict-manifest-syntax flag is switched off. ... (check-in: 3105bedf user: drh tags: sec2020)
19:49
Rework the "permissive-manifest-parser" idea to be simpler and to call it "strict-manifest-syntax". ... (check-in: 4df8c856 user: drh tags: sec2020)
19:10
Updated changelog and index for 2.12.1, with a tentative release date of Aug. 19th (that's tomorrow in 3 hours, CET). ... (check-in: c8e8ab9c user: stephan tags: branch-2.12)
18:44
Backported in [5b9a4c90594d8ea6], as explained in detail at https://fossil-scm.org/forum/forumpost/0f56c9edd9. ... (check-in: af383a7b user: stephan tags: branch-2.12)
18:19
Disabled localStorage as a backend option for the fossil.storage JS API after it was painfully discovered that multiple repos on the same hoster actually share that storage, as opposed to it being achored at the repo. That API now uses sessionStorage, if available, before falling back to transient instance-local storage. ... (check-in: 5b9a4c90 user: stephan tags: trunk)
17:25
permissive-manifest-parser setting is now marked as sensitive to keep an attacker from turning it on. ... (Closed-Leaf check-in: 1e34705e user: stephan tags: sec2020-deadend)
16:07
Added and applied permissive-manifest-parser setting to permit parsing of manifests which have F-cards containing now-illegal names. Required for rebuild of historical data and support of repositories we now know to contain such files. ... (check-in: 9e59cf18 user: stephan tags: sec2020-deadend)
14:02
Merge in the latest trunk changes. ... (check-in: 917917aa user: drh tags: sec2020)
14:00
Allow <del> and <ins> markup in wiki and in markdown. ... (check-in: ae9a9db5 user: drh tags: trunk)
13:54
Make -f an alias for --force on "fossil open". ... (check-in: 17c244de user: drh tags: trunk)
13:17
More missing db_unprotect() calls. ... (check-in: 06d3789a user: drh tags: sec2020)
12:17
When writing files to disk for a check-out, refuse to write through a symbolic link to a directory. Ticket [f9831fdef1d4edcc]. ... (check-in: a64e384f user: drh tags: sec2020)
02:58
More missing calls to db_unprotect(). ... (check-in: 3ced48bd user: drh tags: sec2020)
02:33
Yet another missed db_unprotect() call. ... (check-in: 2041072e user: drh tags: sec2020)
02:26
Fix missing enable of global_config in the "fossil all" command. ... (check-in: 16ec693d user: drh tags: sec2020)
01:54
Disable writes the CONFIG and USER tables by default. Permission to write to those tables is turned on as needed. Note - might have missed a few places so expect bugs. ... (check-in: ca9156aa user: drh tags: sec2020)
2020-08-17
22:34
Add more tests. ... (check-in: 92704d1c user: mistachkin tags: sec2020)
22:27
Simplify error message. ... (check-in: 1bb0b3a8 user: mistachkin tags: sec2020)
22:22
Fixes for reserved names case sensitivity, coding style adjustments, more tests. ... (check-in: fde20bc0 user: mistachkin tags: sec2020)
21:19
Reduced the line-number-mode font size back to normal. ... (check-in: a703b4ce user: stephan tags: trunk)
21:17
A couple minor skin doc typos. ... (check-in: 9e871e0d user: stephan tags: trunk)
20:51
Add tests for the reserved names. ... (check-in: df720b28 user: mistachkin tags: sec2020)
20:03
Identify security-sensitive settings. ... (check-in: 3bccd7ff user: drh tags: sec2020)
19:59
Every database connection now has a default authorizer, which calls out to an operation-specific authorizer if needed. ... (check-in: f98ef3c1 user: drh tags: sec2020)
18:57
Enhance the db_prepare() and db_static_prepare() utility routines so that they throw an error if handed more than one SQL statement. This might help prevent SQL injection attacks. ... (check-in: be0d95ad user: drh tags: sec2020)
18:20
Merge in reject-ckout-db branch. ... (check-in: 8c16884a user: stephan tags: sec2020)
17:50
Fixed [17d00c20dd9f] by adding NULL check on F- and E-card UUID tokens. ... (Closed-Leaf check-in: 458f30fc user: stephan tags: reject-ckout-db)
17:34
The allow-symlinks setting is no longer versionable and is off by default. The allow-symlinks setting no longer propagates with a clone. The help text for allow-symlinks discourages its use. There is a new --symlink flag on "fossil open" to permit the use of symlinks on an open, for the adventurous. Ticket [f9831fdef1d4edcc]. ... (check-in: ff98dd5a user: drh tags: sec2020)
17:34
Added checks of (-wal, -shm, -journal) db suffixes. ... (check-in: 4ed1a294 user: stephan tags: reject-ckout-db)
16:10
Moved is_fossil_ckout_db_name() from db.c to file.c and renamed it filename_is_ckout_db(). Integrated the check into manifest_parse(), but testing it requires temporarily #if'ing out the Z-card check, which is one of the first validations. ... (check-in: 6c19baa0 user: stephan tags: reject-ckout-db)
15:40
switch/case style tweak, per request. ... (check-in: 9784e5cd user: stephan tags: reject-ckout-db)
15:17
Part 1 of ticket [980a72dedd]: efficient check for determining whether a filename ends with a checkout db name. ... (check-in: ddd1273e user: stephan tags: reject-ckout-db)
15:11
Identify security-sensitive settings. ... (Closed-Leaf check-in: aa4c3afc user: drh tags: sec2020-config-protection)
14:09
Set an authorizer when running the ticket-table SQL. Ticket [56b82836ffba9952]. ... (check-in: fb413840 user: drh tags: sec2020)
09:16
Prohibit redirects from HTTP or HTTPS over to SSH or FILE. Fix for ticket [61613b0a9cf843b6]. ... (check-in: 253dbd15 user: drh tags: sec2020)
08:14
Fix typo, remove period for consistency with other help ... (check-in: 80ca317a user: andygoth tags: trunk)
07:02
Reinstate symlink capability. (Unintended change with prior symlink test?) ... (check-in: c840617b user: andygoth tags: trunk)
2020-08-16
23:09
Add the "test-symlink-list" command. ... (check-in: de38906f user: drh tags: trunk)
22:35
Pointed 'latest release' entry at the 2.12 changelog, per forum post. ... (check-in: dba21929 user: stephan tags: trunk)
19:08
Enhance the db_repository_filename() routine to return the canonical filename. ... (check-in: f304c569 user: drh tags: trunk)
17:47
Fix the manifest_reparent_checkin() routine so that the "parent" tag will actually work. ... (check-in: 2bdbbc8a user: drh tags: trunk)
17:18
Mention the "fossil backup" command in the 2.12 change log. ... (check-in: a02bcb03 user: drh tags: trunk)
16:49
Fixed file_extension() to behave like its docs say it does, which would have made [5a9ac6ca3e] unnecessary. ... (check-in: f95e47b6 user: stephan tags: trunk)
16:35
Fix the release version on the home page. ... (check-in: 4c450330 user: drh tags: trunk)
16:06
Fix segfault in /artifact introduced by check-in [b699040d701464ce] and reported on the forum. ... (check-in: 5a9ac6ca user: drh tags: trunk)
15:52
Reworked fossil.toast to support normal/warning/error-level toasts. Alas, animating a toast's appearance and disappearance proved to be beyond my current skills. ... (check-in: 4368f529 user: stephan tags: trunk)
15:51
Fixed a recursion bug in fossil.dom.append(e,array) (currently unused, but will be soon). ... (check-in: 2018954b user: drh tags: trunk)