Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
100 most recent check-ins
|
2025-04-24
| ||
| 02:51 | Reworked the discussion of "fossil server" in the Quick Start to remove redundant discussion of "fossil ui" mode, previously covered. Moved some things up into that section as a result. The two modes are now treated independently, on purpose; the fact that they're implemented by a lot of shared code is an internal implementation detail, not something we need to make a point of in the Quick Start doc. ... (Leaf check-in: 6a2fee8f user: wyoung tags: trunk) | |
| 02:24 | Tooting SQLite's horn in the "you may safely Ctrl-C out of fossil ui" bit in the Quick Start. The truth of this claim is no accident. ... (check-in: 9c07d8a3 user: wyoung tags: trunk) | |
| 02:16 | Changed one of the just-added links to an external doc to a section further down, which _then_ links to that doc. ... (check-in: e6c4176c user: wyoung tags: trunk) | |
| 02:12 | Added a paragraph to allay fears about the "localhost bypasses the RBAC" fears the prior discussion of "fossil ui" may raise. This gives another chance to direct the user to "fossil server" and the rest of the /www/server/ docs. ... (check-in: afb3db92 user: wyoung tags: trunk) | |
| 02:10 | Further tightening of the Quick Start. ... (check-in: eb52410b user: wyoung tags: trunk) | |
| 01:34 | Tightened up a wordy paragraph in the Quick Start by moving the link inline. ... (check-in: 529b9479 user: wyoung tags: trunk) | |
| 01:32 | Replaced repeated parenthetical explanations in the Quick Start doc with links to the glossary entry. No longer referencing the glossary directly; readers will click through one of these two new links and find it, or not. ... (check-in: ab7a22f5 user: wyoung tags: trunk) | |
|
2025-04-23
| ||
| 18:13 | Do not include the List-Id in announcement messages to non-subscribers. But do include the List-Id for renewal notices. ... (check-in: 908612e3 user: drh tags: trunk) | |
| 14:21 | Update Fossil output in the Quick Start guide. ... (check-in: 7ebd9441 user: danield tags: trunk) | |
| 13:44 | Attempt to improve the Quick Start guide with a small discussion of the purpose of a Fossil user as discussed in forum post 9dbd8e00ee. ... (check-in: f5b9f015 user: andybradford tags: trunk) | |
| 12:51 | Fix string comparison between tainted and untainted strings in TH1. Forum post 6ab1c36a80. ... (check-in: 45f3a45f user: drh tags: trunk) | |
| 10:46 | When emitting the default password as part of the 'new' command, add the term 'remote-access' to it to clarify that it's only for remote use. Indirectly suggested by forum post 9dbd8e00ee. ... (check-in: 57276a51 user: stephan tags: trunk) | |
| 08:08 | Use -lz_shared for system zlib on MorphOS ... (Leaf check-in: d913362c user: js tags: morphos) | |
| 07:37 | Set HAVE_NANOSLEEP=0 when building for MorphOS ... (check-in: 1ff1a55d user: js tags: morphos) | |
|
2025-04-22
| ||
| 19:34 | Fix another problem with lappend and taint. See forum post 94b7485f4 for a description of the problem. ← This is me! ... (check-in: aa66767b user: drh tags: trunk) | |
| 18:18 | Fix [fab9f0047720721e] so that it works on repositories that do not have the tkt_ctime column in the TICKET table definition. ... (check-in: 6476f287 user: drh tags: trunk) | |
| 17:40 | Improved code saftey for the TH1-taint implementation, after a code audit. ... (check-in: ded2126d user: drh tags: trunk) | |
| 11:29 | Improvements to the "fossil user default" command: Setting the default user to an empty string clears the entry from the repository and checkout databases. Adding the -v or --verbose option explains how the default user was determined. ... (check-in: 064d20ee user: drh tags: trunk) | |
| 01:10 | Initial incomplete port to MorphOS. Needs some manual overrides to compile and has some locking issues in SQLite. ... (check-in: 66f279e1 user: js tags: morphos) | |
|
2025-04-21
| ||
| 15:16 | Fix the build for FOSSIL_ENABLE_TCL and Tcl9. No idea if this works. Does anybody actually use the FOSSIL_ENABLE_TCL compile-time option? ... (check-in: d93344ec user: drh tags: trunk) | |
| 12:23 | TH1 variables that derive from TICKET table columns that begin with "tkt_" are untainted. ... (check-in: 9e035ee3 user: drh tags: trunk) | |
|
2025-04-20
| ||
| 16:54 | Add "taint mode" to TH1. Attempts to output values that are derived from user input as unescaped HTML, or to use such values unescaped in SQL, raises errors. The resolution of these errors depends on the value of the new "vuln-report" setting. ... (check-in: 2116238e user: drh tags: trunk) | |
| 16:13 | New setting "vuln-report" determines what to do when tainted text is misused in a TH1 script. Enhance the /test-warning page to deliberately misuse tainted text in TH1 to verify error handling. Enhance /errorlog to separate out TH1 vulnerability reports as a new category the the error log. ... (Closed-Leaf check-in: 295b814a user: drh tags: th1-taint) | |
|
2025-04-19
| ||
| 23:32 | Fix more issues that were already fixed but overwritten by text editor errors and didn't get committed last time. ... (check-in: bd45dc72 user: drh tags: th1-taint) | |
| 23:24 | More minor fixes resulting from a code audit. ... (check-in: b1711046 user: drh tags: th1-taint) | |
| 23:02 | Fix additional problems on the new TH1 implementation. ... (check-in: 2c2b6c68 user: drh tags: th1-taint) | |
| 22:30 | Fix an error that occurs while commiting a new ticket. ... (check-in: 17060ca2 user: drh tags: th1-taint) | |
| 22:15 | fix tainted warning in skin headers ... (check-in: de407148 user: jkosche tags: th1-taint) | |
| 19:18 | Update the default ticket configuration to avoid sending out text that seems tainted. There are no actual XSS issues here, but these changes do add an extra margin of safety. ... (check-in: 5d17ced6 user: drh tags: th1-taint) | |
| 19:08 | Mark some TH1 inputs that can be controlled by the user as tainted. ... (check-in: 27426827 user: drh tags: th1-taint) | |
| 18:43 | The taint markings and detection now appears to be working. ... (check-in: d1bb87bc user: drh tags: th1-taint) | |
| 16:55 | Experimental changes to TH1 to try to make it resistant to coding errors that could lead to XSS or SQL injection attacks. ... (check-in: b0b44924 user: drh tags: th1-taint) | |
| 04:20 | Fix a logic error in processing of the FOSSIL_COLOR environment variable. ... (Leaf check-in: 6cb7a7e2 user: florian tags: standard-cli-colors) | |
|
2025-04-18
| ||
| 16:12 | fix bug in /tktview: use relative instead of absolute link for version ... (check-in: f1db9ead user: jkosche tags: trunk) | |
| 15:32 | Use db_get_boolean() instead of db_get_int() for the localauth setting, since localauth is a boolean value. ... (check-in: 00638d9a user: drh tags: trunk) | |
| 14:59 | Improved error messages from "fossil push" and similar when the push is disallowed over ssh because "localauth" setting is enabled. ... (check-in: 2765f046 user: drh tags: trunk) | |
| 12:28 | Resolve accidental fork. ... (check-in: b6e02939 user: florian tags: trunk) | |
| 12:25 | Amend [a11d245478]: Fix positioning of 'show/hide' checkboxes for /ci pages. ... (check-in: 2b59fcd4 user: florian tags: trunk) | |
| 12:23 | Rework the cgi_http_server() routine so that it uses two separate sockets, one each for IPv4 and IPv6. ... (check-in: 945e0ae4 user: drh tags: trunk) | |
| 12:18 | Modify some links that show/ignore diff whitespace to preserve the diff type. ... (check-in: 1c61fcd9 user: florian tags: trunk) | |
| 07:20 | Remove documentation of the --highlight option for the search command. The option was broken, anyway, and is now superseded by the global --color option and the FOSSIL_COLOR environment variable. ... (check-in: 5331dfed user: florian tags: standard-cli-colors) | |
| 07:19 | Add support for the FOSSIL_COLOR environment variable to define the color VT escape to highlight CLI text, also similar to `ls', `grep' and other utilities. ... (check-in: 50e0931b user: florian tags: standard-cli-colors) | |
| 07:16 | Add the global --color option to control output of color VT escapes to CLI, similar to `ls', `grep' and other utilities. Useful when piping `fossil search' results through a pager utility. ... (check-in: 210b7d2f user: florian tags: standard-cli-colors) | |
| 07:08 | Amend [2b6ad00ea3]: Minor wording improvements to `fossil ssl-config show -v' output. ... (check-in: a9b075af user: florian tags: trunk) | |
| 00:00 | Show the FORUMPOST table content associated with a forum thread on the /forumthreadhashlist page (accessible by admins only). ... (check-in: 042a750a user: drh tags: trunk) | |
|
2025-04-17
| ||
| 23:17 | Defend against a possible infinite loop in forumpost_is_closed() that might occur if the forumpost table contains goofy data. ... (check-in: 923aa753 user: drh tags: trunk) | |
| 20:04 | Add documentation for the FOSSIL_REPOLIST_SHOW environment variable. ... (check-in: fbd77310 user: drh tags: trunk) | |
| 19:52 | For the repolist page, if the environment variable FOSSIL_REPOLIST_SHOW contains the substring "description" then show the description column. If it contains the substring "login-group" then show the login-groups column. If the FOSSIL_REPOLIST_SHOW variable exists, it overwrites the show-repolist-desc and show-repolist-lg settings. ... (check-in: aca98b92 user: drh tags: trunk) | |
| 18:17 | Attempt to fix repolist so that it works even if the global configuration database is not available, for example when Fossil is being run inside a chroot jail with a restricted environment. ... (check-in: e761c1d6 user: drh tags: trunk) | |
| 15:08 | Rework server sockets to work around limitations in OpenBSD's socket implementation. See forum thread 7f8d2afe4d8c0ad5. ... (check-in: 8dd05c52 user: drh tags: trunk) | |
| 13:43 | Extend support for the --editor option to "fossil stash save" and "fossil stash snapshot". ... (check-in: b9f569b2 user: drh tags: trunk) | |
| 11:00 | different improvements to the ticket system as described in forum post 4756d97a64 ... (check-in: fab9f004 user: jkosche tags: trunk) | |
|
2025-04-16
| ||
| 16:47 | Fix "fossil ui" so that it listens to both 127.0.0.1 and to [::1]. Forum post 7f8d2afe4d. ... (check-in: 264250d6 user: drh tags: trunk) | |
| 16:22 | Add the --editor option to "fossil commit" and "fossil uv edit". ... (check-in: 76759875 user: drh tags: trunk) | |
| 14:56 | Make the systemd unit files a little easier to read in the www/server/debian/service.md document. ... (check-in: c2b56250 user: drh tags: trunk) | |
| 14:31 | Fix [0eeaa6224cdbdbda] so that it compiles on Windows. Forum post 3fc7aad2a3. ... (check-in: ccb41686 user: drh tags: trunk) | |
| 12:02 | Update the built-in SQLite to the latest trunk version, for testing. ... (check-in: d14a7803 user: drh tags: trunk) | |
| 11:40 | Add the test/fake-smtpd.tcl script used for testing. It will likely come in handy someday. See header comments on the file for details. ... (check-in: f031f744 user: drh tags: trunk) | |
| 10:20 | Enhance the socket listener logic on unix so that it makes sure the IPV6_V6ONLY socket option is disabled, as we are told that this option is enabled by default on FreeBSD. ... (check-in: 0eeaa622 user: drh tags: trunk) | |
| 00:58 | Break out SMTP faults as a separate category on the Error Log. ... (check-in: 2d3ace5a user: drh tags: trunk) | |
| 00:48 | Automatic retry on an SMTP relay failure. ... (check-in: 2b96941c user: drh tags: trunk) | |
|
2025-04-15
| ||
| 23:34 | Attempt to provide improved error message outputs for failures while trying to send notification via relay to an MTA. ... (check-in: e6c27d3d user: drh tags: trunk) | |
| 15:56 | Two new settings "show-repolist-desc" and "show-repolist-lg" control whether or not the description and the login-group are shown on the repolist, respectively. These settings must be global to be effective. They default to "off". ... (check-in: 1760fa2b user: drh tags: trunk) | |
| 14:54 | For the "fossil ui remote:/" command, consistently use hardcoded IPv4 loopback addresses, to avoid inconsistent implementations of "localhost". Fix a bug in the error message output for the -P option. ... (check-in: af78e282 user: drh tags: trunk) | |
| 14:37 | Fix possible array-bounds overflow in the timeline graph computation. ... (check-in: 202d3ea2 user: drh tags: trunk) | |
| 14:13 | Fix the -P option on "fossil server" so that it once again accepts IPv4 notation while continuing to accept IPv6 notation. Forum post fe4abea393. ... (check-in: 77250c94 user: drh tags: trunk) | |
| 11:58 | Rename the "Artifact Log" to the "Xfer Log" which (I think) better reflects it meaning and purpose. ... (check-in: c6754849 user: drh tags: trunk) | |
| 10:22 | Slightly simplify the previous checkin. ... (check-in: 6a9c71f3 user: stephan tags: trunk) | |
| 10:15 | A proposed solution to the problem of /setup_ulist fails for repos with no subscriber table. Reported in forum post e2b0008592f6a776. ... (check-in: e50a5aac user: stephan tags: trunk) | |
| 01:48 | doc change: add a link to the regexp syntax from the TH1 regexp command ... (check-in: b8351f0c user: jkosche tags: trunk) | |
|
2025-04-14
| ||
| 16:53 | Disable the Windows root certificate store on OpenSSL 3.5.0, due to OpenSSL bug #27355. ... (check-in: 2b6ad00e user: drh tags: trunk) | |
| 13:53 | Improve the message shown on a server over-load condition by including the URL that encountered the overload and the timestamp for when the overload occurred. ... (check-in: 278507e8 user: drh tags: trunk) | |
|
2025-04-13
| ||
| 19:54 | Enhance the test-phantoms command to provide additional information about delta-phantoms. ... (check-in: aac885a6 user: drh tags: trunk) | |
| 12:39 | better quoting to make intent clearer, thanks to forum:/forumpost/cf724a9bea ... (Closed-Leaf check-in: 3e16be4e user: jkosche tags: tkt-improvements) | |
| 12:15 | better regexp to match the hyphen, thanks to forum:/forumpost/81529972df ... (check-in: ac848122 user: jkosche tags: tkt-improvements) | |
| 11:32 | doc change: add a link to the regexp syntax from the TH1 regexp command ... (Closed-Leaf check-in: 817e3bc2 user: jkosche tags: doc-th1-link-regexp) | |
| 11:01 | some more html quoting ... (check-in: e8a72ebb user: jkosche tags: tkt-improvements) | |
| 00:12 | add hyphen to pattern via unicode escape ... (check-in: 439d7a36 user: jkosche tags: tkt-improvements) | |
|
2025-04-12
| ||
| 17:35 | Improved documentation on the "html", "puts", and "query" TH1 commands. ... (check-in: 41cd8d51 user: drh tags: trunk) | |
| 16:31 | only allow a certain whitelist of characters for linked tags and hashes to guard against injection ... (check-in: 70b2569e user: jkosche tags: tkt-improvements) | |
| 14:54 | url quoting to avoid XSS ... (check-in: 27f6238c user: jkosche tags: tkt-improvements) | |
| 13:53 | Fix SQL Injection vulnerability introduced by the new code in this branch. There still exists XSS vulnerabilities, but this is a first step. ... (check-in: ffb5a467 user: drh tags: tkt-improvements) | |
| 13:41 | fix lines >80 chars ... (check-in: 7b41c73e user: jkosche tags: tkt-improvements) | |
| 09:33 | Add a mention of /chat's recent improvements in the change log. ... (check-in: 7a85c54b user: stephan tags: trunk) | |
| 01:24 | Corrected gsed switches for swapping { and } with @{ and @}. ... (Leaf check-in: 2bcbc6e3 user: brickviking tags: bv-infotool) | |
| 01:21 | Merge from trunk. ... (check-in: a241019f user: brickviking tags: bv-infotool) | |
| 01:15 | Fix an age-old /chat bug which caused /chat-delete posts to misadjust the ajax-in-flight counter, leading to various UI widgets not being disabled when they should after a message is deleted. ... (check-in: 2827a38a user: stephan tags: trunk) | |
| 00:07 | Maintainability cleanups and docs in /chat. No (intended) functional changes. ... (check-in: 084001c7 user: stephan tags: trunk) | |
|
2025-04-11
| ||
| 22:48 | Internal doc updates in fossil.fetch(). Ensure that fossil.fetch()'s onerror()/ontimeout() handler do not propagate exceptions (a defensive measure, not a fix for a known bug). ... (check-in: 1d3db505 user: stephan tags: trunk) | |
| 21:47 | Fix some issue with the timeline command when using the "after" keyword. ... (check-in: ee2a71b5 user: mgagnon tags: trunk) | |
| 20:29 | In /chat-generated notifications (typically error messages), add a button to the drop-down options to delete all notifications. That replaces the 'delete all poller notifications' button which previously only showed up only on those message types. Add a mention of the backoff timer to chat.md. ... (check-in: da1c351b user: stephan tags: trunk) | |
| 19:35 | Replace an a recurrent setInterval() timer in /chat's poll-connection error handler with a single-fire-as-needed setTimeout(). This saves some CPU and allows /chat to respond more quickly to non-timeout HTTP errors. ... (check-in: 1bfb06c7 user: stephan tags: trunk) | |
| 18:52 | Further refinements of the chat poll connection detection. The first N ignored errors are now spaced out unevenly. Use the server's configured chat-poll-timeout as the basis for calculating our client-side timeout time. ... (check-in: e8bbaf92 user: stephan tags: trunk) | |
| 16:09 | Minor cosmetic tweaks to the poll-in-distress indicator. Make it yellow in dark-mode skins, as red blends in too well. No functional changes. ... (check-in: 160d2692 user: stephan tags: trunk) | |
| 15:30 | Teach /chat to not be so verbose about connection errors. The first 3 will be subtly signaled via a tiny red line between the input field and message list, which will go away once the poller connection is re-established. After that, it will resort to the more verbose notifications. ... (check-in: e3eb8399 user: stephan tags: trunk) | |
| 13:01 | Fix "fossil server" so that it listens on both IPv4 and IPv6 on Unix. ... (check-in: 7ce8400d user: drh tags: trunk) | |
| 13:00 | Fix a compiler warning in th.c introduced by [7d2e4ed653a53696]. ... (check-in: e546a2b4 user: drh tags: trunk) | |
|
2025-04-10
| ||
| 22:42 | Avoid a slow case on a query in /fdiff when both v1 and v2 evaluate to zero. ... (check-in: e3c58afb user: drh tags: trunk) | |
| 18:54 | Fossil self-identifies the check-in that is the current executable when it is displaying a timeline of its own source repository. ... (check-in: 95c92441 user: drh tags: trunk) | |
| 16:49 | Fix TH1 conversion of integer 0x80000000 into a string value. ... (check-in: 7d2e4ed6 user: drh tags: trunk) | |