Fossil

Timeline
Login

Timeline

Advanced

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

50 events occurring around 16ec693daebe316b.

2020-08-18
21:03
Cherrypick [d2d8894bb2]: fossil.storage.clear() is now also sandboxed - no longer nuking all state for all repos on the same origin. ... (check-in: d0988e677c user: stephan tags: branch-2.12)
21:01
fossil.storage.clear() is now also sandboxed - no longer nuking all state for all repos on the same origin. ... (check-in: d2d8894bb2 user: stephan tags: trunk)
20:58
Silently refuse to "fossil add" files that use reserved names. ... (check-in: 888da94e0a user: drh tags: sec2020)
20:51
Merged in [923affb930a27b], which reinstates localStorage but sandboxes access to fossil.storage on a per-repo basis. ... (check-in: 21fbd4738c user: stephan tags: branch-2.12)
20:46
Re-enabled localStorage for fossil.storage but enhanced it to sandbox the keys used by the apps on a per-repo basis, so there is no longer any (immediately visible) cross-repo polution. The underlying localStorage/sessionStorage is still shared per origin/browser profile instance, but fossil.storage clients will only see the state from their own repo. ... (check-in: 923affb930 user: stephan tags: trunk)
20:19
Improved error message and response when trying to manifest a check-out that contains a file beneath a symbolic link directory. ... (check-in: 20d90dd482 user: drh tags: sec2020)
19:56
Add a security audit warning if the strict-manifest-syntax flag is switched off. ... (check-in: 3105bedff2 user: drh tags: sec2020)
19:49 Edit [1e34705ed8a38f68|1e34705ed8]: Mark "Closed". ... (artifact: ee8105d153 user: drh)
19:49
Rework the "permissive-manifest-parser" idea to be simpler and to call it "strict-manifest-syntax". ... (check-in: 4df8c856ee user: drh tags: sec2020)
19:48 Edit [9e59cf18fccd0ea0|9e59cf18fc]: Move to branch sec2020-deadend. ... (artifact: a45df9453a user: drh)
19:10
Updated changelog and index for 2.12.1, with a tentative release date of Aug. 19th (that's tomorrow in 3 hours, CET). ... (check-in: c8e8ab9ccc user: stephan tags: branch-2.12)
18:44
Backported in [5b9a4c90594d8ea6], as explained in detail at [https://fossil-scm.org/forum/forumpost/0f56c9edd9]. ... (check-in: af383a7b3d user: stephan tags: branch-2.12)
18:19
Disabled localStorage as a backend option for the fossil.storage JS API after it was painfully discovered that multiple repos on the same hoster actually share that storage, as opposed to it being achored at the repo. That API now uses sessionStorage, if available, before falling back to transient instance-local storage. ... (check-in: 5b9a4c9059 user: stephan tags: trunk)
17:25
permissive-manifest-parser setting is now marked as sensitive to keep an attacker from turning it on. ... (Closed-Leaf check-in: 1e34705ed8 user: stephan tags: sec2020-deadend)
16:07
Added and applied permissive-manifest-parser setting to permit parsing of manifests which have F-cards containing now-illegal names. Required for rebuild of historical data and support of repositories we now know to contain such files. ... (check-in: 9e59cf18fc user: stephan tags: sec2020-deadend)
14:03 Edit [ae9a9db55314ac79|ae9a9db553]: Edit check-in comment. ... (artifact: 228161728e user: drh)
14:02
Merge in the latest trunk changes. ... (check-in: 917917aa55 user: drh tags: sec2020)
14:00
Allow <del> and <ins> markup in wiki and in markdown. ... (check-in: ae9a9db553 user: drh tags: trunk)
13:54
Make -f an alias for --force on "fossil open". ... (check-in: 17c244de21 user: drh tags: trunk)
13:17
More missing db_unprotect() calls. ... (check-in: 06d3789a2a user: drh tags: sec2020)
12:17
When writing files to disk for a check-out, refuse to write through a symbolic link to a directory. Ticket [f9831fdef1d4edcc]. ... (check-in: a64e384f0c user: drh tags: sec2020)
08:43 Changes to wiki page "To Do List" ... (artifact: 8cc29050a9 user: drh)
02:58
More missing calls to db_unprotect(). ... (check-in: 3ced48bdf8 user: drh tags: sec2020)
02:33
Yet another missed db_unprotect() call. ... (check-in: 2041072e8d user: drh tags: sec2020)
02:26
Fix missing enable of global_config in the "fossil all" command. ... (check-in: 16ec693dae user: drh tags: sec2020)
01:54
Disable writes the CONFIG and USER tables by default. Permission to write to those tables is turned on as needed. Note - might have missed a few places so expect bugs. ... (check-in: ca9156aa0a user: drh tags: sec2020)
2020-08-17
22:34
Add more tests. ... (check-in: 92704d1c68 user: mistachkin tags: sec2020)
22:27
Simplify error message. ... (check-in: 1bb0b3a8f3 user: mistachkin tags: sec2020)
22:22
Fixes for reserved names case sensitivity, coding style adjustments, more tests. ... (check-in: fde20bc03c user: mistachkin tags: sec2020)
21:19
Reduced the line-number-mode font size back to normal. ... (check-in: a703b4ce25 user: stephan tags: trunk)
21:17
A couple minor skin doc typos. ... (check-in: 9e871e0de0 user: stephan tags: trunk)
20:51
Add tests for the reserved names. ... (check-in: df720b28fc user: mistachkin tags: sec2020)
20:03
Identify security-sensitive settings. ... (check-in: 3bccd7fff2 user: drh tags: sec2020)
19:59
Every database connection now has a default authorizer, which calls out to an operation-specific authorizer if needed. ... (check-in: f98ef3c103 user: drh tags: sec2020)
19:46 Closed ticket [980a72dedd]: RCE using a fake _FOSSIL_ file in a repository plus 4 other changes ... (artifact: ef08ac1ee6 user: stephan)
19:03 Ticket [f9831fdef1] Arbitrary file overwrite using symlinks status still Open with 5 other changes ... (artifact: efa1c51ead user: drh)
18:57
Enhance the db_prepare() and db_static_prepare() utility routines so that they throw an error if handed more than one SQL statement. This might help prevent SQL injection attacks. ... (check-in: be0d95aded user: drh tags: sec2020)
18:20
Merge in reject-ckout-db branch. ... (check-in: 8c16884aa2 user: stephan tags: sec2020)
17:53 Fixed ticket [17d00c20dd]: Missing UUID in manifest can crash manifest_parse() plus 4 other changes ... (artifact: a50b86cd6b user: stephan)
17:50
Fixed [17d00c20dd9f] by adding NULL check on F- and E-card UUID tokens. ... (Closed-Leaf check-in: 458f30fc0b user: stephan tags: reject-ckout-db)
17:34
The allow-symlinks setting is no longer versionable and is off by default. The allow-symlinks setting no longer propagates with a clone. The help text for allow-symlinks discourages its use. There is a new --symlink flag on "fossil open" to permit the use of symlinks on an open, for the adventurous. Ticket [f9831fdef1d4edcc]. ... (check-in: ff98dd5af6 user: drh tags: sec2020)
17:34
Added checks of (-wal, -shm, -journal) db suffixes. ... (check-in: 4ed1a294ff user: stephan tags: reject-ckout-db)
17:32 Ticket [17d00c20dd] Missing UUID in manifest can crash manifest_parse() status still Open with 6 other changes ... (artifact: c37115ee64 user: stephan) ... 1 similar event omitted.
16:47 Edit [aa4c3afc52f6a94f|aa4c3afc52]: Move to branch sec2020-config-protection. ... (artifact: 341806c435 user: drh)
16:10
Moved is_fossil_ckout_db_name() from db.c to file.c and renamed it filename_is_ckout_db(). Integrated the check into manifest_parse(), but testing it requires temporarily #if'ing out the Z-card check, which is one of the first validations. ... (check-in: 6c19baa09b user: stephan tags: reject-ckout-db)
15:54 Ticket [980a72dedd] RCE using a fake _FOSSIL_ file in a repository status still Open with 5 other changes ... (artifact: 46827fa143 user: stephan)
15:40
switch/case style tweak, per request. ... (check-in: 9784e5cdab user: stephan tags: reject-ckout-db)
15:17
Part 1 of ticket [980a72dedd]: efficient check for determining whether a filename ends with a checkout db name. ... (check-in: ddd1273ea2 user: stephan tags: reject-ckout-db)
15:11
Identify security-sensitive settings. ... (Closed-Leaf check-in: aa4c3afc52 user: drh tags: sec2020-config-protection)