Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
60 check-ins related to "sec2020"
|
2020-08-24
| ||
| 23:24 | Merge miscellanous auxiliary defenses and security enhancements. This check-in is not needed to fix any problems that are not already fixed in version 2.12.1. It merely provides additional defense in depth. ... (check-in: f741baa6be user: drh tags: trunk) | |
| 00:24 | Merge changes from trunk. ... (Closed-Leaf check-in: 4a8bc878f0 user: drh tags: sec2020) | |
|
2020-08-23
| ||
| 22:11 | Provide backlinks from Forum posts. Run rebuild to insert Forum backlinks into the BACKLINK table after applying this patch. ... (check-in: 2df0e5c428 user: drh tags: trunk) | |
| 16:02 | Merge the interwiki enhancement from trunk. ... (check-in: 26ac4b1ccf user: drh tags: sec2020) | |
| 15:55 | Add support for interwiki links. ... (check-in: f4dc114a78 user: drh tags: trunk) | |
|
2020-08-22
| ||
| 15:35 | Merge the latest enhancements from trunk. ... (check-in: 11c1566a93 user: drh tags: sec2020) | |
| 15:34 | Improvements to the forum thread display. Additional details on the [https://fossil-scm.org/forum/forumpost/3d3ffe23ed?t=h|forum thread]. ... (check-in: 5182a1bfbf user: drh tags: trunk) | |
| 10:45 | Merge Andy Goth's enhancements to the forum. ... (Closed-Leaf check-in: 50cdb741db user: drh tags: sec2020-forum-refactor) | |
|
2020-08-21
| ||
| 18:32 | Additional checks to ensure that db_set() and db_set_int() do not modify a sensitive setting unless PROTECT_BASELINE is disabled. ... (check-in: ccdb5a9bb8 user: drh tags: sec2020) | |
| 15:08 | Add missing db_unprotect() calls to backoffice. ... (check-in: c75dcc621b user: drh tags: sec2020) | |
| 15:05 | Improved documentation of the database write protection logic. Added undocumented SQL command db_protect() and db_protect_pop() to the "sql" command. Panic on a protection stack overflow. ... (check-in: 75deba73b5 user: drh tags: sec2020) | |
| 13:04 | Add triggers to prevent changes to sensitive settings when PROTECT_SENSITIVE is engaged. ... (check-in: c9b9a77d59 user: drh tags: sec2020) | |
| 11:26 | Remove incorrect leaf ambiguity warning when doing a "fossil commit --dry-run". ... (check-in: 1b52c41415 user: drh tags: sec2020) | |
| 11:19 | Fix the locate_unmanaged_files() routine so that it always see (and ignores) symbolic links. ... (check-in: 0938b56516 user: drh tags: sec2020) | |
| 10:29 | More improvements to the allow-symlinks help text. ... (check-in: f7f31147de user: drh tags: sec2020) | |
| 10:23 | Improved on-line help for the allow-symlinks setting. ... (check-in: d3090e91b8 user: drh tags: sec2020) | |
| 10:10 | Improve comments on symlink logic ... (check-in: 39a5df1fde user: drh tags: sec2020) | |
| 01:09 | Add a missing db_unprotect() to the "fossil all" command. ... (check-in: b9ae03f6ee user: drh tags: sec2020) | |
| 01:01 | Merge the latest changes from trunk into sec2020. ... (check-in: 1d61aae314 user: drh tags: sec2020) | |
|
2020-08-20
| ||
| 22:40 | Using parameters to namespace functions in fossil*.js instead of the global "fossil" object. Squishes a complaint by GCC and makes the code a smidge smaller besides. ... (check-in: 0f03f78a8b user: wyoung tags: trunk) | |
| 16:25 | Merge recent changes from trunk. ... (check-in: c93cb2bae9 user: drh tags: sec2020) | |
| 05:13 | Spelling and grammar fixes to javascript.md. ... (check-in: 209f73cbc2 user: wyoung tags: trunk) | |
|
2020-08-19
| ||
| 16:13 | Silently ignore reserved filenames that occur inside of manifests, rather than throwing an error. No need for a setting to allow reserved filenames in manifests. ... (check-in: 2e19c5fe2d user: drh tags: sec2020) | |
| 15:46 | Remove commands "test-nondir-path" and "test-is-reserved-name" and add the equivalent functionality to "test-file-environment". ... (check-in: 0cec61e451 user: drh tags: sec2020) | |
| 15:26 | Remove the --symlinks option from the "fossil open" command. It is not needed. Users who want to enable symlinks can use the "fossil settings" command first. ... (check-in: ff811934e0 user: drh tags: sec2020) | |
| 15:21 | Add the "fossil test-nondir-path" command for testing parts of the new symlink logic. ... (check-in: 13cfef3383 user: drh tags: sec2020) | |
| 12:58 | Merge additional symlink fixes. Back out comment-only changes from url.c. ... (check-in: 0ea17c2b11 user: drh tags: sec2020-2.12-patch) | |
| 12:26 | Fix harmless compiler warnings. ... (check-in: feef827504 user: drh tags: sec2020) | |
| 12:22 | Additional defenses against doing "fossil add" of files that are beneath symlinks. ... (check-in: 928b023cb7 user: drh tags: sec2020) | |
| 12:08 | Improved detection of attempts to write through a symlink. Now also works for "revert", "stash", and "undo/redo". ... (check-in: f63297b2c5 user: drh tags: sec2020) | |
| 01:07 | Cherrypick key fixes from the sec2020 branch in order to devise a minimal patch to get us to version 2.12.1. ... (check-in: fe1264d35d user: drh tags: sec2020-2.12-patch) | |
| 00:15 | Do not allow the "fossil add" command to add files beneath a symlink. ... (check-in: a6abfb911b user: drh tags: sec2020) | |
|
2020-08-18
| ||
| 23:39 | An alternative method for dealing with historical files named "_FOSSIL_" in the tree: Simply pretend they are not there. ... (Closed-Leaf check-in: 8f24c07917 user: drh tags: ignore-reserved-filenames) | |
| 20:58 | Silently refuse to "fossil add" files that use reserved names. ... (check-in: 888da94e0a user: drh tags: sec2020) | |
| 20:19 | Improved error message and response when trying to manifest a check-out that contains a file beneath a symbolic link directory. ... (check-in: 20d90dd482 user: drh tags: sec2020) | |
| 19:56 | Add a security audit warning if the strict-manifest-syntax flag is switched off. ... (check-in: 3105bedff2 user: drh tags: sec2020) | |
| 19:49 | Rework the "permissive-manifest-parser" idea to be simpler and to call it "strict-manifest-syntax". ... (check-in: 4df8c856ee user: drh tags: sec2020) | |
| 16:07 | Added and applied permissive-manifest-parser setting to permit parsing of manifests which have F-cards containing now-illegal names. Required for rebuild of historical data and support of repositories we now know to contain such files. ... (check-in: 9e59cf18fc user: stephan tags: sec2020-deadend) | |
| 14:02 | Merge in the latest trunk changes. ... (check-in: 917917aa55 user: drh tags: sec2020) | |
| 14:00 | Allow <del> and <ins> markup in wiki and in markdown. ... (check-in: ae9a9db553 user: drh tags: trunk) | |
| 13:17 | More missing db_unprotect() calls. ... (check-in: 06d3789a2a user: drh tags: sec2020) | |
| 12:17 | When writing files to disk for a check-out, refuse to write through a symbolic link to a directory. Ticket [f9831fdef1d4edcc]. ... (check-in: a64e384f0c user: drh tags: sec2020) | |
| 02:58 | More missing calls to db_unprotect(). ... (check-in: 3ced48bdf8 user: drh tags: sec2020) | |
| 02:33 | Yet another missed db_unprotect() call. ... (check-in: 2041072e8d user: drh tags: sec2020) | |
| 02:26 | Fix missing enable of global_config in the "fossil all" command. ... (check-in: 16ec693dae user: drh tags: sec2020) | |
| 01:54 | Disable writes the CONFIG and USER tables by default. Permission to write to those tables is turned on as needed. Note - might have missed a few places so expect bugs. ... (check-in: ca9156aa0a user: drh tags: sec2020) | |
|
2020-08-17
| ||
| 22:34 | Add more tests. ... (check-in: 92704d1c68 user: mistachkin tags: sec2020) | |
| 22:27 | Simplify error message. ... (check-in: 1bb0b3a8f3 user: mistachkin tags: sec2020) | |
| 22:22 | Fixes for reserved names case sensitivity, coding style adjustments, more tests. ... (check-in: fde20bc03c user: mistachkin tags: sec2020) | |
| 20:51 | Add tests for the reserved names. ... (check-in: df720b28fc user: mistachkin tags: sec2020) | |
| 20:03 | Identify security-sensitive settings. ... (check-in: 3bccd7fff2 user: drh tags: sec2020) | |
| 19:59 | Every database connection now has a default authorizer, which calls out to an operation-specific authorizer if needed. ... (check-in: f98ef3c103 user: drh tags: sec2020) | |
| 18:57 | Enhance the db_prepare() and db_static_prepare() utility routines so that they throw an error if handed more than one SQL statement. This might help prevent SQL injection attacks. ... (check-in: be0d95aded user: drh tags: sec2020) | |
| 18:20 | Merge in reject-ckout-db branch. ... (check-in: 8c16884aa2 user: stephan tags: sec2020) | |
| 17:50 | Fixed [17d00c20dd9f] by adding NULL check on F- and E-card UUID tokens. ... (Closed-Leaf check-in: 458f30fc0b user: stephan tags: reject-ckout-db) | |
| 17:34 | The allow-symlinks setting is no longer versionable and is off by default. The allow-symlinks setting no longer propagates with a clone. The help text for allow-symlinks discourages its use. There is a new --symlink flag on "fossil open" to permit the use of symlinks on an open, for the adventurous. Ticket [f9831fdef1d4edcc]. ... (check-in: ff98dd5af6 user: drh tags: sec2020) | |
| 15:11 | Identify security-sensitive settings. ... (Closed-Leaf check-in: aa4c3afc52 user: drh tags: sec2020-config-protection) | |
| 14:09 | Set an authorizer when running the ticket-table SQL. Ticket [56b82836ffba9952]. ... (check-in: fb41384045 user: drh tags: sec2020) | |
| 09:16 | Prohibit redirects from HTTP or HTTPS over to SSH or FILE. Fix for ticket [61613b0a9cf843b6]. ... (check-in: 253dbd15e2 user: drh tags: sec2020) | |
| 07:02 | Reinstate symlink capability. (Unintended change with prior symlink test?) ... (check-in: c840617b8b user: andygoth tags: trunk) | |