Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
50 events occurring around ba7c34f70539bc97.
|
2020-08-17
| ||
| 21:17 | A couple minor skin doc typos. ... (check-in: 9e871e0de0 user: stephan tags: trunk) | |
| 20:51 | Add tests for the reserved names. ... (check-in: df720b28fc user: mistachkin tags: sec2020) | |
| 20:03 | Identify security-sensitive settings. ... (check-in: 3bccd7fff2 user: drh tags: sec2020) | |
| 19:59 | Every database connection now has a default authorizer, which calls out to an operation-specific authorizer if needed. ... (check-in: f98ef3c103 user: drh tags: sec2020) | |
| 19:46 | • Closed ticket [980a72dedd]: RCE using a fake _FOSSIL_ file in a repository plus 4 other changes ... (artifact: ef08ac1ee6 user: stephan) | |
| 19:03 | • Ticket [f9831fdef1] Arbitrary file overwrite using symlinks status still Open with 5 other changes ... (artifact: efa1c51ead user: drh) | |
| 18:57 | Enhance the db_prepare() and db_static_prepare() utility routines so that they throw an error if handed more than one SQL statement. This might help prevent SQL injection attacks. ... (check-in: be0d95aded user: drh tags: sec2020) | |
| 18:20 | Merge in reject-ckout-db branch. ... (check-in: 8c16884aa2 user: stephan tags: sec2020) | |
| 17:53 | • Fixed ticket [17d00c20dd]: Missing UUID in manifest can crash manifest_parse() plus 4 other changes ... (artifact: a50b86cd6b user: stephan) | |
| 17:50 | Fixed [17d00c20dd9f] by adding NULL check on F- and E-card UUID tokens. ... (Closed-Leaf check-in: 458f30fc0b user: stephan tags: reject-ckout-db) | |
| 17:34 | The allow-symlinks setting is no longer versionable and is off by default. The allow-symlinks setting no longer propagates with a clone. The help text for allow-symlinks discourages its use. There is a new --symlink flag on "fossil open" to permit the use of symlinks on an open, for the adventurous. Ticket [f9831fdef1d4edcc]. ... (check-in: ff98dd5af6 user: drh tags: sec2020) | |
| 17:34 | Added checks of (-wal, -shm, -journal) db suffixes. ... (check-in: 4ed1a294ff user: stephan tags: reject-ckout-db) | |
| 17:32 | • Ticket [17d00c20dd] Missing UUID in manifest can crash manifest_parse() status still Open with 6 other changes ... (artifact: c37115ee64 user: stephan) ... 1 similar event omitted. | |
| 16:47 | • Edit [aa4c3afc52f6a94f|aa4c3afc52]: Move to branch sec2020-config-protection. ... (artifact: 341806c435 user: drh) | |
| 16:10 | Moved is_fossil_ckout_db_name() from db.c to file.c and renamed it filename_is_ckout_db(). Integrated the check into manifest_parse(), but testing it requires temporarily #if'ing out the Z-card check, which is one of the first validations. ... (check-in: 6c19baa09b user: stephan tags: reject-ckout-db) | |
| 15:54 | • Ticket [980a72dedd] RCE using a fake _FOSSIL_ file in a repository status still Open with 5 other changes ... (artifact: 46827fa143 user: stephan) | |
| 15:40 | switch/case style tweak, per request. ... (check-in: 9784e5cdab user: stephan tags: reject-ckout-db) | |
| 15:17 | Part 1 of ticket [980a72dedd]: efficient check for determining whether a filename ends with a checkout db name. ... (check-in: ddd1273ea2 user: stephan tags: reject-ckout-db) | |
| 15:11 | Identify security-sensitive settings. ... (Closed-Leaf check-in: aa4c3afc52 user: drh tags: sec2020-config-protection) | |
| 14:09 | Set an authorizer when running the ticket-table SQL. Ticket [56b82836ffba9952]. ... (check-in: fb41384045 user: drh tags: sec2020) | |
| 09:16 | • Fixed ticket [61613b0a9c]: Redirect from HTTP to SSH plus 4 other changes ... (artifact: cc37dfc8f1 user: drh) | |
| 09:16 | Prohibit redirects from HTTP or HTTPS over to SSH or FILE. Fix for ticket [61613b0a9cf843b6]. ... (check-in: 253dbd15e2 user: drh tags: sec2020) | |
| 08:54 | • New ticket [61613b0a9c] Redirect from HTTP to SSH. ... (artifact: 68633f4265 user: drh) | |
| 08:44 | • New ticket [980a72dedd] RCE using a fake _FOSSIL_ file in a repository. ... (artifact: ba7c34f705 user: drh) | |
| 08:39 | • New ticket [f9831fdef1] Arbitrary file overwrite using symlinks. ... (artifact: c95172ddcb user: drh) | |
| 08:36 | • New ticket [56b82836ff] RCE by exploting unchecked content of the ticket-table setting. ... (artifact: 02205983db user: drh) | |
| 08:14 | Fix typo, remove period for consistency with other help ... (check-in: 80ca317ac5 user: andygoth tags: trunk) | |
| 07:02 | Reinstate symlink capability. (Unintended change with prior symlink test?) ... (check-in: c840617b8b user: andygoth tags: trunk) | |
|
2020-08-16
| ||
| 23:22 | • Changes to wiki page "branch/andygoth-enhanced-symlink" ... (artifact: 042230a1be user: andygoth) | |
| 23:15 | • Added wiki page "branch/andygoth-doc-symlink" ... (artifact: 213b9b7094 user: andygoth) | |
| 23:09 | Add the "test-symlink-list" command. ... (check-in: de38906fd5 user: drh tags: trunk) | |
| 23:03 | • Changes to wiki page "MailingList" ... (artifact: c59211a672 user: andygoth) | |
| 22:58 | • Added wiki page "branch/andygoth-enhanced-symlink" ... (artifact: 4c7f96ee57 user: andygoth) | |
| 22:35 | Pointed 'latest release' entry at the 2.12 changelog, per forum post. ... (check-in: dba21929b2 user: stephan tags: trunk) | |
| 20:29 | • Edit [d7b8b3e18328605e|d7b8b3e183]: Move to branch andygoth-svn-import. ... (artifact: 7c5eae5eb1 user: andygoth) | |
| 20:21 | • Edit [41f35ca4ec617891|41f35ca4ec]: Move to branch andygoth-annotation-enhancements. ... (artifact: 78a9f81641 user: andygoth) | |
| 20:20 | • Edit [94650be8de06dc37|94650be8de]: Move to branch andygoth-search-technote. ... (artifact: 4a0b226d8c user: andygoth) | |
| 20:03 | • Edit [8d6bdd1e00cf2cf8|8d6bdd1e00]: Move to branch andygoth-enhanced-symlink. ... (artifact: b78401700d user: andygoth) | |
| 20:03 | • Edit [eb4dda482056b1db|eb4dda4820]: Move to branch andygoth-doc-symlink. ... (artifact: 0a81be68aa user: andygoth) | |
| 19:47 | • Changes to wiki page "MailingList" ... (artifact: 1723dc114f user: andygoth) | |
| 19:08 | Enhance the db_repository_filename() routine to return the canonical filename. ... (check-in: f304c56974 user: drh tags: trunk) | |
| 17:47 | Fix the manifest_reparent_checkin() routine so that the "parent" tag will actually work. ... (check-in: 2bdbbc8a0e user: drh tags: trunk) | |
| 17:18 | Mention the "fossil backup" command in the 2.12 change log. ... (check-in: a02bcb033b user: drh tags: trunk) | |
| 16:49 | Fixed file_extension() to behave like its docs say it does, which would have made [5a9ac6ca3e] unnecessary. ... (check-in: f95e47b611 user: stephan tags: trunk) | |
| 16:36 | • Edit [d075b6199c87449d|d075b6199c]: Change background color to "#d0c0ff". ... (artifact: 0228cf4c91 user: drh) | |
| 16:35 | Fix the release version on the home page. ... (check-in: 4c45033033 user: drh tags: trunk) | |
| 16:06 | Fix segfault in /artifact introduced by check-in [b699040d701464ce] and reported [https://fossil-scm.org/forum/forumpost/a073f05cc3|on the forum]. ... (check-in: 5a9ac6ca3e user: drh tags: trunk) | |
| 15:52 | Reworked fossil.toast to support normal/warning/error-level toasts. Alas, animating a toast's appearance and disappearance proved to be beyond my current skills. ... (check-in: 4368f52961 user: stephan tags: trunk) | |
| 15:51 | Fixed a recursion bug in fossil.dom.append(e,array) (currently unused, but will be soon). ... (check-in: 2018954b3f user: drh tags: trunk) | |