Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
50 events occurring around da23bec78094a90b.
|
2017-08-23
| ||
| 17:38 | Remove a redundant directory separator character from the temporary filenames generated on windows. ... (check-in: b5f0d70362 user: drh tags: trunk) | |
| 17:29 | Add the test-tempname command for testing the file_tempname() routine. ... (check-in: f1d23f04c0 user: drh tags: trunk) | |
| 17:28 | Fix build (previous cherry-pick was not complete) (cherry-pick): For temporary filename paths on Windows, changes all backslash characters into forward slashes, so that the new enhanced-security shell escape mechanism from check-in [3b191c98] can use those temporary filenames. ... (check-in: dbda6e2a5d user: jan.nijtmans tags: branch-2.3) | |
| 17:18 | For temporary filename paths on Windows, changes all backslash characters into forward slashes, so that the new enhanced-security shell escape mechanism from check-in [3b191c98] can use those temporary filenames. ... (check-in: e474c177df user: drh tags: trunk) | |
| 11:05 | Add the --details option to the test-find-pivot command. ... (check-in: 9e48dad49b user: drh tags: trunk) | |
|
2017-08-22
| ||
| 09:46 | (cherry-pick): Use SQLite 3.20.0 final ... (check-in: 7eebec15bd user: jan.nijtmans tags: branch-2.3) | |
| 09:44 | (cherry-pick): Fix the SSH sync protocol to avoid "ssh" command-line option injection attacks such as those fixed in Git 2.14.1, Mercurial 4.2.3, and Subversion 1.9.7. As "ssh://" URLs cannot be buried out of sight in Fossil, the vulnerability does not appear to be as severe as in those other systems. (cherry-pick): Enhance the ssh:// URL to be cautious about the fossil= query parameter. Only commands "fossil" and "echo" (with an optional path) are accepted. ... (check-in: 1f18d23d76 user: jan.nijtmans tags: branch-2.3) | |
|
2017-08-21
| ||
| 12:18 | Use SQLite 3.20.0 final (source_id change only) ... (check-in: 810dd031ec user: jan.nijtmans tags: trunk) | |
|
2017-08-12
| ||
| 18:47 | Enhance the ssh:// URL to be cautious about the fossil= query parameter. Only commands "fossil" and "echo" (with an optional path) are accepted. ... (check-in: cb43937d8c user: drh tags: trunk) | |
| 18:34 | Also disallow wildcard characters in blob_append_escape_arg(). ... (check-in: d5b015946d user: drh tags: trunk) | |
| 18:30 | Disallow the ';' character in blob_append_escape_arg(). ... (check-in: 3bbac57534 user: drh tags: trunk) | |
| 18:24 | Fix another problem with the needEscape computation in blob_append_escaped_arg() ... (check-in: 9eea719af6 user: drh tags: trunk) | |
| 18:22 | The windows test macro is "_WIN32" without a trailing "_". ... (check-in: 49ae1785a6 user: drh tags: trunk) | |
| 18:20 | Fix the needEscape calculation in blob_append_escaped_arg(). ... (check-in: 9690d370e0 user: drh tags: trunk) | |
| 18:15 | Change the shell_escape() procedure into blob_append_escaped_arg(). Have that procedure raise a fatal error if the argument to be appended contains dodgy characters that might pose a security risk. Also, prepend "./" in front of arguments that begin with "-" to prevent them from looking like switches. ... (check-in: 3b191c984b user: drh tags: trunk) | |
| 16:20 | Avoid another attack vector when using SSH sync protocol by not calling a shell interpreter. Fixes only Unix-like environments by using execvp() instead of a string that can be mishandled by /bin/sh. Superseded by [3b191c984b] &co. ... (Closed-Leaf check-in: ce7baa9798 user: andybradford tags: ssh-shell-cleanup) | |
| 04:19 | Typo correction ... (check-in: 45a3d4b167 user: andygoth tags: trunk) | |
|
2017-08-11
| ||
| 16:00 | Increase the version number to 2.4 and update the change log. ... (check-in: 3ebbe7bcaa user: drh tags: trunk) | |
| 15:44 | • Edit [1f63db591c77108c|1f63db591c]: Edit check-in comment. ... (artifact: c3698c1737 user: drh) | |
| 15:29 | Fix the SSH sync protocol to avoid "ssh" command-line option injection attacks such as those fixed in Git 2.14.1, Mercurial 4.2.3, and Subversion 1.9.7. As "ssh://" URLs cannot be buried out of sight in Fossil, the vulnerability does not appear to be as severe as in those other systems. ... (check-in: 1f63db591c user: drh tags: trunk) | |
|
2017-08-07
| ||
| 20:22 | Hyperlinks to the SSL versions of the website. Redirect to the local unversioned source for the "precompiled binaries" link on the homepage. ... (check-in: b130b64cb4 user: drh tags: trunk) | |
|
2017-08-06
| ||
| 23:48 | • Edit [1e491f6cc5b2c32b|1e491f6cc5]: Edit check-in comment. ... (artifact: 95fcb5e450 user: andygoth) | |
| 23:48 | Restore end-of-line spaces used to demonstrate mid-paragraph line break in markdown.md. The spaces were removed by [23895c7b99] which appeared to clean house on end-of-line whitespace in addition to its documented purpose. ... (check-in: 1e491f6cc5 user: andygoth tags: trunk) | |
| 23:32 | Document Markdown tables (never knew this feature existed), and improve consistency of formatting ... (check-in: 6f69ccdc69 user: andygoth tags: trunk) | |
|
2017-08-05
| ||
| 04:17 | Enable processing of versioned manifest setting when creating zips and tarballs outside of an open checkout directory ... (check-in: da23bec780 user: andygoth tags: trunk) | |
| 03:45 | Simplify manifest generation logic in zip page ... (check-in: b9de60427a user: andygoth tags: trunk) | |
| 03:23 | Correct the /doc page to support read-only repositories ... (check-in: 95edba6534 user: andygoth tags: trunk) | |
|
2017-07-31
| ||
| 17:42 | Update the built-in SQLite to the 4th release candidate for 3.20.0. ... (check-in: 2a615bed11 user: drh tags: trunk) | |
|
2017-07-28
| ||
| 19:41 | (cherry-pick): Fix a problem with markdown rendering for "code". ... (check-in: dad3706248 user: jan.nijtmans tags: branch-2.3) | |
| 18:41 | Fix a problem with markdown rendering for "code". ... (check-in: 04de083ec8 user: drh tags: trunk) | |
| 00:49 | Update the built-in SQLite to the 3rd 3.20.0 release candidate. ... (check-in: 8ffba76b73 user: drh tags: trunk) | |
|
2017-07-26
| ||
| 20:08 | • Changes to wiki page "Release Build How-To" ... (artifact: 1c962f7dfe user: drh) | |
|
2017-07-25
| ||
| 15:38 | Better error checking in the mkversion utility program used during the build process. ... (check-in: 8b9ce19e38 user: drh tags: trunk) | |
| 14:38 | Update the selfhosting information to talk about the new www3.fossil-scm.org. ... (check-in: 5698492fbb user: drh tags: trunk) | |
|
2017-07-24
| ||
| 14:26 | Update the built-in SQLite to the second 3.20.0 release candidate. ... (check-in: c45b8f4534 user: drh tags: trunk) | |
|
2017-07-21
| ||
| 04:22 | Improve UI based test documentation with minor corrections to requirements and URLs. ... (check-in: 0a2be0648b user: andybradford tags: trunk) | |
| 03:55 | • Changes to wiki page "Release Build How-To" ... (artifact: a2f61bea36 user: drh) | |
| 03:19 | Version 2.3 - the 10th anniversary release ... (check-in: f7914bfdfa user: drh tags: trunk, release, version-2.3) | |
|
2017-07-20
| ||
| 18:25 | Fixed commit-warning.test broken by addition of the bootstrap skin which includes a file with long lines that generated a new warning. ... (check-in: ae83b2137f user: rberteig tags: trunk) | |
|
2017-07-15
| ||
| 13:55 | Update the built-in SQLite to the first 3.20.0 release candidate. ... (check-in: 4872a58be2 user: drh tags: trunk) | |
|
2017-07-14
| ||
| 20:47 | Mention support for HTML-style comments in Markdown reference ... (check-in: bfc29fb372 user: andygoth tags: trunk) | |
|
2017-07-13
| ||
| 10:24 | merge trunk ... (check-in: 548fabe73c user: jan.nijtmans tags: openssl-1.1) | |
| 10:22 | Update top OpenSSL 1.0.2l. Minor (harmless) compiler warnings in mkversion and codecheck1 (-Wall) ... (check-in: 23895c7b99 user: jan.nijtmans tags: trunk) | |
|
2017-07-12
| ||
| 18:55 | Remove an unused variable from the security audit webpage. ... (check-in: 7c0b971437 user: drh tags: trunk) | |
| 18:34 | Reword the header to the /fileage page to avoid disputes of commas. ... (check-in: 74bc515d36 user: drh tags: trunk) | |
| 18:23 | • Edit [1eab060a84f24fa5|1eab060a84]: Move to branch fossil-2.3-with-older-SQLite. ... (artifact: 150d0ae239 user: drh) | |
| 18:08 | Update to the latest SQLite from upstream and make other changes, all to silence a few utterly harmless compiler warnings about incompletely initialized structures. ... (check-in: 2f225b821f user: drh tags: trunk) | |
| 16:57 | Be careful not to return a pointer to a webpage generator as a command-line command method. ... (check-in: 38df2a4544 user: drh tags: trunk) | |
| 11:03 | merge trunk (without SQLite update to 3.20.0 beta, but WITH support for tab-completion in the SQL shell) ... (Closed-Leaf check-in: 107cfe0204 user: jan.nijtmans tags: fossil-2.3-with-older-SQLite) | |
| 03:35 | • Edit [773f9ba75cbaa8fc|773f9ba75c]: Mark "Closed". ... (artifact: 29adf6fbc8 user: zakero) | |