Fossil

Timeline
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

50 most recent check-ins

2025-04-26
18:08
Documentation improvements, especially to the 2.26 change log. ... (Leaf check-in: 0f36c889 user: drh tags: trunk)
14:40
Fix FOSSIL_ENABLE_TCL so that the build works with both Tcl8.6 and Tcl9.0. ... (check-in: 4f55b393 user: drh tags: trunk)
2025-04-25
16:22
Optimized validation of the FOSSIL_COLOR environment variable. ... (Leaf check-in: c5f1e0da user: florian tags: standard-cli-colors)
16:19
Fix a logic error in processing of the NO_COLOR environment variable. ... (check-in: fbfa6dae user: florian tags: standard-cli-colors)
16:18
Sync with trunk. ... (check-in: 855076ce user: florian tags: standard-cli-colors)
16:08
Simplifications to TH1 for improved defense against accident and mischief: Omit the enable_htmlify command. Htmlify is always turned on. Omit the --th option from the "fossil pikchr" command. ... (check-in: 9164a5d1 user: drh tags: trunk)
15:45
Omit the --th option from the "pikchr" command and all of the complication that flows out of that option. The option is not used by anyone, as far as I can tell. ... (Closed-Leaf check-in: 7ef474d5 user: drh tags: simplify-pikchr-cmd)
12:53
Remove the show-repolist-desc and show-repolist-lg settings. Control of which columns of a repository list to show is now only by the FOSSIL_REPOLIST_SHOW environment variable. ← This is me! ... (check-in: d9bd156a user: drh tags: trunk)
12:01
missed search-type in one place ... (Leaf check-in: 11e6c817 user: jkosche tags: quickfilter)
11:50
readd documentation for FOSSIL_REPOLIST_QUICKFILTER ... (check-in: 1a84e663 user: jkosche tags: quickfilter)
11:01
Merge the latest trunk enhancements into the quickfilter branch. ... (check-in: e14c7567 user: drh tags: quickfilter)
00:00
change input field to search, which brings clear button on some browser, as suggested in forum post ... (check-in: fa31d18b user: jkosche tags: quickfilter)
2025-04-24
19:42
Block an infinite loop in Th_ReportTaint() that can occur when the vuln-report setting is "fatal" and the error happens again while generating the fatal error page. ... (check-in: 76f1ddb6 user: drh tags: trunk)
19:26
Fix typo in the new vuln-report entry on the security-audit page. ... (check-in: 9d7b3155 user: drh tags: trunk)
19:25
Fix TH1 documentation typo. ... (check-in: 6a0d51de user: drh tags: trunk)
18:59
Put a warning on the security-audit page if the vuln-report setting is not either "block" or "fatal". ... (check-in: ef52cd3f user: drh tags: trunk)
18:11
Fix test cases so that "../fossil/configure && make test" passes. ... (check-in: dcaedef9 user: drh tags: trunk)
17:22
The value returned by TH1 command getParameter should be marked as tainted. ... (check-in: 6a6b8544 user: drh tags: trunk)
17:05
Add taint confinement to unquoted inline variable expansion from Th_Render(). Improvements to the taint confinement error message. ... (check-in: d259be40 user: drh tags: trunk)
15:39
For version 2.26, number the entries in the change log, as there are so many of them. Add item 3c about supporting both IPv4 and IPv6 at the same time on all platforms. ... (check-in: 0499cc25 user: drh tags: trunk)
15:19
Fix the version numbers in the new documentation on tainted strings. ... (check-in: 807b73e6 user: drh tags: trunk)
15:04
Add documentation regarding tainted strings in TH1. Mention the introduction of tainted strings in the 2.25 change log. ... (check-in: 90b63bc5 user: drh tags: trunk)
11:18
Preserve taint across TH1 commands: foreach, lappend, lindex, string index, string range, and string trim. Add test cases for taint. ... (check-in: 5291edac user: drh tags: trunk)
02:51
Reworked the discussion of "fossil server" in the Quick Start to remove redundant discussion of "fossil ui" mode, previously covered. Moved some things up into that section as a result. The two modes are now treated independently, on purpose; the fact that they're implemented by a lot of shared code is an internal implementation detail, not something we need to make a point of in the Quick Start doc. ... (check-in: 6a2fee8f user: wyoung tags: trunk)
02:24
Tooting SQLite's horn in the "you may safely Ctrl-C out of fossil ui" bit in the Quick Start. The truth of this claim is no accident. ... (check-in: 9c07d8a3 user: wyoung tags: trunk)
02:16
Changed one of the just-added links to an external doc to a section further down, which _then_ links to that doc. ... (check-in: e6c4176c user: wyoung tags: trunk)
02:12
Added a paragraph to allay fears about the "localhost bypasses the RBAC" fears the prior discussion of "fossil ui" may raise. This gives another chance to direct the user to "fossil server" and the rest of the /www/server/ docs. ... (check-in: afb3db92 user: wyoung tags: trunk)
02:10
Further tightening of the Quick Start. ... (check-in: eb52410b user: wyoung tags: trunk)
01:34
Tightened up a wordy paragraph in the Quick Start by moving the link inline. ... (check-in: 529b9479 user: wyoung tags: trunk)
01:32
Replaced repeated parenthetical explanations in the Quick Start doc with links to the glossary entry. No longer referencing the glossary directly; readers will click through one of these two new links and find it, or not. ... (check-in: ab7a22f5 user: wyoung tags: trunk)
2025-04-23
18:13
Do not include the List-Id in announcement messages to non-subscribers. But do include the List-Id for renewal notices. ... (check-in: 908612e3 user: drh tags: trunk)
14:21
Update Fossil output in the Quick Start guide. ... (check-in: 7ebd9441 user: danield tags: trunk)
13:44
Attempt to improve the Quick Start guide with a small discussion of the purpose of a Fossil user as discussed in forum post 9dbd8e00ee. ... (check-in: f5b9f015 user: andybradford tags: trunk)
12:51
Fix string comparison between tainted and untainted strings in TH1. Forum post 6ab1c36a80. ... (check-in: 45f3a45f user: drh tags: trunk)
10:46
When emitting the default password as part of the 'new' command, add the term 'remote-access' to it to clarify that it's only for remote use. Indirectly suggested by forum post 9dbd8e00ee. ... (check-in: 57276a51 user: stephan tags: trunk)
08:08
Use -lz_shared for system zlib on MorphOS ... (Leaf check-in: d913362c user: js tags: morphos)
07:37
Set HAVE_NANOSLEEP=0 when building for MorphOS ... (check-in: 1ff1a55d user: js tags: morphos)
2025-04-22
19:34
Fix another problem with lappend and taint. See forum post 94b7485f4 for a description of the problem. ... (check-in: aa66767b user: drh tags: trunk)
18:18
Fix [fab9f0047720721e] so that it works on repositories that do not have the tkt_ctime column in the TICKET table definition. ... (check-in: 6476f287 user: drh tags: trunk)
17:40
Improved code saftey for the TH1-taint implementation, after a code audit. ... (check-in: ded2126d user: drh tags: trunk)
11:29
Improvements to the "fossil user default" command: Setting the default user to an empty string clears the entry from the repository and checkout databases. Adding the -v or --verbose option explains how the default user was determined. ... (check-in: 064d20ee user: drh tags: trunk)
01:10
Initial incomplete port to MorphOS. Needs some manual overrides to compile and has some locking issues in SQLite. ... (check-in: 66f279e1 user: js tags: morphos)
2025-04-21
15:16
Fix the build for FOSSIL_ENABLE_TCL and Tcl9. No idea if this works. Does anybody actually use the FOSSIL_ENABLE_TCL compile-time option? ... (check-in: d93344ec user: drh tags: trunk)
12:23
TH1 variables that derive from TICKET table columns that begin with "tkt_" are untainted. ... (check-in: 9e035ee3 user: drh tags: trunk)
2025-04-20
16:54
Add "taint mode" to TH1. Attempts to output values that are derived from user input as unescaped HTML, or to use such values unescaped in SQL, raises errors. The resolution of these errors depends on the value of the new "vuln-report" setting. ... (check-in: 2116238e user: drh tags: trunk)
16:13
New setting "vuln-report" determines what to do when tainted text is misused in a TH1 script. Enhance the /test-warning page to deliberately misuse tainted text in TH1 to verify error handling. Enhance /errorlog to separate out TH1 vulnerability reports as a new category the the error log. ... (Closed-Leaf check-in: 295b814a user: drh tags: th1-taint)
2025-04-19
23:32
Fix more issues that were already fixed but overwritten by text editor errors and didn't get committed last time. ... (check-in: bd45dc72 user: drh tags: th1-taint)
23:24
More minor fixes resulting from a code audit. ... (check-in: b1711046 user: drh tags: th1-taint)
23:02
Fix additional problems on the new TH1 implementation. ... (check-in: 2c2b6c68 user: drh tags: th1-taint)
22:30
Fix an error that occurs while commiting a new ticket. ... (check-in: 17060ca2 user: drh tags: th1-taint)