Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
18 check-ins using file src/sqlite3.c version 9c29120c94
|
2017-08-12
| ||
| 18:47 | Enhance the ssh:// URL to be cautious about the fossil= query parameter. Only commands "fossil" and "echo" (with an optional path) are accepted. ... (check-in: cb43937d8c user: drh tags: trunk) | |
| 18:34 | Also disallow wildcard characters in blob_append_escape_arg(). ... (check-in: d5b015946d user: drh tags: trunk) | |
| 18:30 | Disallow the ';' character in blob_append_escape_arg(). ... (check-in: 3bbac57534 user: drh tags: trunk) | |
| 18:24 | Fix another problem with the needEscape computation in blob_append_escaped_arg() ... (check-in: 9eea719af6 user: drh tags: trunk) | |
| 18:22 | The windows test macro is "_WIN32" without a trailing "_". ... (check-in: 49ae1785a6 user: drh tags: trunk) | |
| 18:20 | Fix the needEscape calculation in blob_append_escaped_arg(). ... (check-in: 9690d370e0 user: drh tags: trunk) | |
| 18:15 | Change the shell_escape() procedure into blob_append_escaped_arg(). Have that procedure raise a fatal error if the argument to be appended contains dodgy characters that might pose a security risk. Also, prepend "./" in front of arguments that begin with "-" to prevent them from looking like switches. ... (check-in: 3b191c984b user: drh tags: trunk) | |
| 16:20 | Avoid another attack vector when using SSH sync protocol by not calling a shell interpreter. Fixes only Unix-like environments by using execvp() instead of a string that can be mishandled by /bin/sh. Superseded by [3b191c984b] &co. ... (Closed-Leaf check-in: ce7baa9798 user: andybradford tags: ssh-shell-cleanup) | |
| 04:19 | Typo correction ... (check-in: 45a3d4b167 user: andygoth tags: trunk) | |
|
2017-08-11
| ||
| 16:00 | Increase the version number to 2.4 and update the change log. ... (check-in: 3ebbe7bcaa user: drh tags: trunk) | |
| 15:29 | Fix the SSH sync protocol to avoid "ssh" command-line option injection attacks such as those fixed in Git 2.14.1, Mercurial 4.2.3, and Subversion 1.9.7. As "ssh://" URLs cannot be buried out of sight in Fossil, the vulnerability does not appear to be as severe as in those other systems. ... (check-in: 1f63db591c user: drh tags: trunk) | |
|
2017-08-07
| ||
| 20:22 | Hyperlinks to the SSL versions of the website. Redirect to the local unversioned source for the "precompiled binaries" link on the homepage. ... (check-in: b130b64cb4 user: drh tags: trunk) | |
|
2017-08-06
| ||
| 23:48 | Restore end-of-line spaces used to demonstrate mid-paragraph line break in markdown.md. The spaces were removed by [23895c7b99] which appeared to clean house on end-of-line whitespace in addition to its documented purpose. ... (check-in: 1e491f6cc5 user: andygoth tags: trunk) | |
| 23:32 | Document Markdown tables (never knew this feature existed), and improve consistency of formatting ... (check-in: 6f69ccdc69 user: andygoth tags: trunk) | |
|
2017-08-05
| ||
| 04:17 | Enable processing of versioned manifest setting when creating zips and tarballs outside of an open checkout directory ... (check-in: da23bec780 user: andygoth tags: trunk) | |
| 03:45 | Simplify manifest generation logic in zip page ... (check-in: b9de60427a user: andygoth tags: trunk) | |
| 03:23 | Correct the /doc page to support read-only repositories ... (check-in: 95edba6534 user: andygoth tags: trunk) | |
|
2017-07-31
| ||
| 17:42 | Update the built-in SQLite to the 4th release candidate for 3.20.0. ... (check-in: 2a615bed11 user: drh tags: trunk) | |