Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
50 ancestors of 8a6568c3a32521cf
|
2011-10-04
| ||
| 21:41 | Initial --args FILENAME patch. Impl seems over-complex to me, but works as described in the list thread. ... (check-in: 8a6568c3a3 user: stephan tags: stephan-hack) | |
| 21:28 | merging with trunk [d4a341b49dd1b701] before applying --args FILENAME patch, to simplify downstream merge. ... (check-in: 312d522fe4 user: stephan tags: stephan-hack) | |
| 15:15 | Merge protection against timing attacks into trunk. ... (check-in: d4a341b49d user: dmitry tags: trunk) | |
| 14:38 | Merge trunk into dmitry-security branch. ... (Closed-Leaf check-in: f4eb0f5afc user: dmitry tags: dmitry-security) | |
| 14:34 | Rename constant_time_eq to constant_time_cmp to better indicate that these functions return 0 when values are equal, like memcmp, strcmp, etc., not truth, to avoid possible mistakes. ... (check-in: d244c484e7 user: dmitry tags: dmitry-security) | |
| 14:28 | Revert the previous change after thinking more about it. Login cards in the sync protocol have the following format: login userid nonce signature Nonce is SHA-1 of the message that follows this line, signature is SHA-1 of the concatenation of the nonce and user's shared secret. The successful timing attack can reveal only signature for this particular packet due to nonce. However, as nonce is known to the attacker, it's theoretically possible for them to bruteforce the shared secret_offline_. The whole scenario sounds highly improbable, but using constant-time comparison function for such things by default is a good practice. ... (check-in: 13a9a1244c user: dmitry tags: dmitry-security) | |
|
2011-10-03
| ||
| 16:34 | Disabling Cache-control: no-store, as it made firefox forget about form field contents on back/forward in history. Resolution achieved by a minimal consensus at [http://www.mail-archive.com/fossil-users@lists.fossil-scm.org/msg06314.html|this thread on the mailing list]. ... (check-in: 3fac77d7b0 user: viriketo tags: trunk) | |
|
2011-10-02
| ||
| 13:30 | minor hack to name_search() to make it stop searching after it determines there is an ambiguity. ... (check-in: ae64088627 user: stephan tags: trunk) | |
|
2011-10-01
| ||
| 20:50 | Variable used for return value of send(2) must be signed, otherwise error conditions just result in infinite loops. ... (check-in: 5e3519873f user: joerg tags: trunk) | |
|
2011-09-30
| ||
| 10:51 | It seems like blob_constant_time_eq() is unnecessary for sync protocol signatures; removed. ... (check-in: 48bcfbd47b user: dmitry tags: dmitry-security) | |
| 09:41 | Catch zero length early in blob_constant_time_eq(). ... (check-in: e3d022dffa user: dmitry tags: dmitry-security) | |
|
2011-09-29
| ||
| 21:06 | Fix to the previous fix: install function to the correct database. ... (check-in: 3782276da6 user: dmitry tags: dmitry-security) | |
| 21:04 | Fix login groups. ... (check-in: 6f29649ef3 user: dmitry tags: dmitry-security) | |
| 17:26 | Fix comment. ... (check-in: a0fa120b74 user: dmitry tags: dmitry-security) | |
| 17:21 | Protect against timing attacks by using constant-time comparison function to compare passwords and cookies. ... (check-in: 7f110475ec user: dmitry tags: dmitry-security) | |
| 14:07 | When creating a manifest, get isExe and isLink bits from filesystem at once instead of doing two stat(2) calls. ... (check-in: 9bfa186be0 user: dmitry tags: trunk) | |
| 11:45 | Change file_size() to file_wd_size() in file_is_the_same(). ... (check-in: 13a771ce18 user: dmitry tags: trunk) | |
| 11:05 | Cache "manifest" setting in fossil_reserved_name() instead of reading it from the database on every call. This speeds up adding many files. ... (check-in: a369dc7721 user: dmitry tags: trunk) | |
|
2011-09-28
| ||
| 11:35 | Use the check-in time as the timestamp for zlib compression on tarballs, os that every tarball for the same check-in is identical. ... (check-in: 3e141b792c user: drh tags: trunk) | |
|
2011-09-27
| ||
| 19:28 | Call file_wd_isdir() in file_mkdir(). ... (check-in: 13120e9620 user: dmitry tags: trunk) | |
| 19:15 | Change a few instances of file_isdir() to file_wd_isdir(). ... (check-in: f1329470c0 user: dmitry tags: trunk) | |
| 16:34 | Add the --stats option to the rebuild command. ... (check-in: f25e5e53c4 user: drh tags: trunk) | |
|
2011-09-26
| ||
| 14:43 | Add the test-list-webpage command. ... (check-in: 6a97d77501 user: drh tags: trunk) | |
|
2011-09-25
| ||
| 11:14 | Fix double LI tags when listing wiki attachments for users without permissions. ... (check-in: 12272b7ff0 user: dmitry tags: trunk) | |
|
2011-09-24
| ||
| 01:39 | Disable SSLv2 in HTTPS client. This version of the protocol is considered insecure and has been deprecated; all modern browsers disable it. ... (check-in: ea1d369d23 user: dmitry tags: trunk) | |
|
2011-09-19
| ||
| 20:16 | Remove obsolete files ... (check-in: 1f498a6ef2 user: drh tags: trunk) | |
| 19:13 | Update the built-in SQLite to the 3.7.8 release. ... (check-in: 8d4c564277 user: drh tags: trunk) | |
|
2011-09-17
| ||
| 17:35 | Update the built-in SQLite amalgamation to the latest 3.7.8 beta. ... (check-in: b54b8e751a user: drh tags: trunk) | |
|
2011-09-16
| ||
| 19:48 | Update the built-in SQLite amalgamation to the latest 3.7.8 beta. ... (check-in: 4db5bd1111 user: drh tags: trunk) | |
| 18:53 | replaced two C++-style comments. ... (check-in: 693ab93b7d user: stephan tags: trunk) | |
| 11:19 | minor typo and wiki formatting fix. Added another external link. ... (check-in: 9f5c40cbe7 user: stephan tags: trunk) | |
|
2011-09-15
| ||
| 21:39 | test_env command now requires g.perm.Admin or g.perm.Setup. Resolves ticket [2316d926e376aa]. ... (check-in: 2d71977e98 user: stephan tags: trunk) | |
|
2011-09-14
| ||
| 18:08 | Merge the refactored permission flags into trunk. ... (check-in: b344d3c0cd user: drh tags: trunk) | |
| 17:49 | Removed local-only file from makemake.tcl. Doh. ... (check-in: 00fe260682 user: stephan tags: stephan-hack) | |
| 17:45 | Refactored g.okXXX perms flags to g.perm.XXX. ... (check-in: 34b4dec0bc user: stephan tags: stephan-hack) | |
| 13:45 | Update the built-in SQLite amalgamation to the latest 3.7.8 beta. ... (check-in: a0cf985a42 user: drh tags: trunk) | |
| 11:14 | Merge documentation updates from the msw-docco branch into trunk. ... (check-in: 2210be19cc user: drh tags: trunk) | |
| 11:06 | Distinguish between direct family and merge relationships in the common status information such as seen with the "fossil info" command. ... (check-in: 9caa3506c5 user: drh tags: trunk) | |
| 00:39 | A bullet point I forgot two checkins ago: * Document ALL supported options for the given commands. Checkin #2/n. ... (check-in: 25d023f3a4 user: martin.weber tags: msw-docco) | |
| 00:33 | Of course THAT was the trunk version I wanted to merge with... ... (check-in: b42d1a9dcf user: martin.weber tags: msw-docco) | |
| 00:32 | Begin streamline the online documentation to: * always include a short overview of the options supported by a given command, alphabetically sorted * reference similar/related commands with a final See also: section * Use ?x? for optional arguments * collapse supported options into ?OPTIONS? This is commit #1/n. ... (check-in: 3fbf8caa87 user: martin.weber tags: msw-docco) | |
|
2011-09-13
| ||
| 18:45 | Add the "brief" query parameter to the "stat" page. ... (check-in: d01ca14d08 user: drh tags: trunk) | |
| 18:36 | Merge documentation updates into trunk. ... (check-in: 6cf00533b2 user: drh tags: trunk) | |
| 12:42 | online docco for [4fe2214116] (support for fossil info / descendants ?-R repo?) ... (check-in: a336ff53d2 user: martin.weber tags: msw-docco) | |
| 00:40 | Add support for the -R option on several command-line subcommands. ... (check-in: 4fe2214116 user: drh tags: trunk) | |
|
2011-09-12
| ||
| 18:19 | Merge the minor fixes on the dmitry-fixes branch into trunk. ... (check-in: ce354d0a9f user: drh tags: trunk) | |
| 18:13 | Reset the reply content at the beginning of the /xfer method in case any sqlite3_log() warning messages had previously been inserted. ... (check-in: 2d1620830e user: drh tags: trunk) | |
| 13:06 | Fix typo in comment ... (check-in: b582ff9879 user: joerg tags: trunk) | |
|
2011-09-11
| ||
| 13:57 | Fix three remaining instances of printing rebuild progress in CGI mode. Ticket [19be0265ff]. ... (Closed-Leaf check-in: 2cd21f8dc2 user: dmitry tags: dmitry-fixes) | |
| 12:27 | Disallow creating users with empty login. Ticket [66ce1088]. ... (check-in: e1ea6c26d0 user: dmitry tags: dmitry-fixes) | |
| 12:26 | Fix typos in documentation. Tickets [09310d1a] and [806c4358]. ... (check-in: 9150a8a234 user: dmitry tags: dmitry-fixes) | |