Fossil

Timeline
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

50 check-ins occurring around d5def0c8c4bb6f20.

2019-08-22
13:13
Expanded the discussion of in-repo and out-of-repo resource links in defcsp.md. check-in: 23fcd765 user: wyoung tags: trunk
12:39
Reworked the new introductory material in defcsp.md to be less about the CSP as last-resort and more about being a secondary filter to our other measures. Gave examples to clarify the tensions that prevent a purely server-side solution from being a practical solution. check-in: 1c4df5bf user: wyoung tags: trunk
11:54
"RaspberryPI" -> "Raspberry Pi" check-in: 5182be99 user: wyoung tags: trunk
11:53
Assorted refinements to the new pre- and post-activation advice sections in www/server/index.html: nix passive voice, add a few details, add some links to related docs, etc. Also fixed a CSS indenting problem preventing correct use of in , then made use of the new freedom in these sections' numbered lists. check-in: b5c2c9bf user: wyoung tags: trunk
2019-08-21
19:18
Fix the $ROOT mechanism in HTML documents so that it accepts any whitespace character before href= and script=. Add $ROOT in appropriate places in the server documentation. check-in: 3e183bfa user: drh tags: trunk
18:15
Outline how to configure a repository before and after server activation. check-in: 154ea087 user: drh tags: trunk
17:37
Improvements to the althttpd documentation. check-in: 44f1df9f user: drh tags: trunk
17:21
Further improvements to the server document. check-in: c2c4d303 user: drh tags: trunk
16:57
Extra defenses against running fossil_atexit() more than once. check-in: bc7683e1 user: drh tags: trunk
16:55
Fix the "shell" command so that it avoids invoking the atexit() handler more than once. check-in: 07a5a211 user: drh tags: trunk
15:56
Server documentation updates. check-in: b2426c27 user: drh tags: trunk
14:46
Merge in recent developments on trunk. check-in: 70d091ea user: andybradford tags: test-updates
12:32
Disallow versioning of security sensitive settings tcl-setup, th1-setup, and th1-uri-regexp. For effective security, these settings should only be controllable by an administrator. check-in: 2da704c5 user: drh tags: trunk
11:26
Update to the default CSP page. Attempted to resolve merge conflicts, but more editting is likely necessary. check-in: 33a7b8ba user: drh tags: trunk
11:09
Added a header to the new XSS material in defcsp.md so we can refer directly to it. check-in: 7b843f2d user: wyoung tags: trunk
11:01
More thorough explanation of <script nonce> in www/defcsp.md, and explained the reason why Fossil has no way of providing that nonce in most content types rather than link to the "XSS via check-in rights" forum post. This new presentation of that post's ideas is more detailed and includes discussion of the feature's interaction with the TH1 docs feature. check-in: 8d43bb87 user: wyoung tags: trunk
09:40
Major improvements to the new defcsp.md article. Expanded the introductory material to better describe what the CSP does; added named anchors to headers; moved the discussion of $default_csp overrides into this document from customskin.md, which now just says how you use that variable read-only; and added an entirely new section, "Replacing the Default CSP". check-in: 366b23a1 user: wyoung tags: trunk
08:52
Replaced the redundant copy of the default CSP in skins/bootstrap/header.txt with "$default_csp", allowing the TH1 setup script to override the CSP as in all the other stock skins. (Bootstrap is the last stock skin to define a custom <head> element.) check-in: 14ac2cac user: wyoung tags: trunk
2019-08-20
19:16
Fix memcpy() compiler warnings. check-in: 7ae4b1a7 user: drh tags: trunk
16:11
Fix possible misaligned pointer to a 16-bit object. check-in: f7c41be8 user: drh tags: trunk
15:04
Updated and expanded documentation on how to set up a Fossil server. check-in: f146e21a user: drh tags: trunk
14:55
Add the --with-sanitizer option to the ./configure script. check-in: 231d6933 user: drh tags: trunk
07:01
Fixed a link punctuation bug introduced in [74a6578c]. Closed-Leaf check-in: c57e1793 user: wyoung tags: server-docs
06:45
The merge from trunk accidentally reverted part of the new text in www/embeddeddoc.wiki. (This part was manually merged, and I missed a diff relative to trunk.) check-in: 8976a9da user: wyoung tags: server-docs
06:35
Missed a link to server.wiki that should have been checked in with [74a6578c]. check-in: d5def0c8 user: wyoung tags: server-docs
06:34
Merged in trunk improvements check-in: 42d28c02 user: wyoung tags: server-docs
06:28
Reverted src/doc.c to the trunk version. The "Plan Z" reversion in [8264fd75] was incomplete, causing bad TH1 variable expansion. I believe this explains the symptom I worked around in [9bdf650f0b8]. This check-in also cherry-picks [3d6a4fd95c] onto the branch. check-in: 3cdf764c user: wyoung tags: server-docs
06:03
Updated all of the internal hyperlinks referencing www/server.wiki to point at either www/server/index.html or one of the docs it now points at. check-in: 74a6578c user: wyoung tags: server-docs
04:57
Fixed an unwanted "$nonce" variable expansion within the new customskin.md introduced by [9044fd2dbe] which only occurs *sometimes*: not on fossil-scm.org, and apparently not in my earlier ckout testing prior to checking it in, but now in a different ckout test. This has to be a TH1 thing, but I don't understand why we didn't see this earlier. This is just a workaround for the symptom. check-in: 9bdf650f user: wyoung tags: trunk
04:34
Fixed a link from the new material in embeddeddoc.wiki to the new CSP material: that briefly lived in customskin.md before checking it in, but then I moved it to a new document and forgot to update the link. check-in: f4cbfd5a user: wyoung tags: trunk
04:24
Fixed a couple of Tcl syntax fixes that caused the new --with-sanitizer code to a) run unconditionally irrespective of the option's setting and b) to check for the existence of libubsan whether it was actually needed or not. Closed-Leaf check-in: 66fdab76 user: wyoung tags: configure-updates
04:07
Added www/defcsp.md, which documents the default Content Security Policy applied by Fossil to the HTML pages it serves. Linked that into embeddeddoc.wik and customskin.md, which touched on this topic before but didn't go into much detail. check-in: 4e6d36d7 user: wyoung tags: trunk
02:09
Fix a compiler warning in the security-audit page. check-in: 3243a6c1 user: drh tags: trunk
01:34
Added --with-sanitizer configure-time option for appending -fsanitize=VALUE to CFLAGS and LDFLAGS, plus automatic detection of -lubsan for GCC, which doesn't automatically link to that with -fsanitize=undefined as Clang does. EDIT: This check-in breaks the built on Ubuntu 18.04. check-in: 7907b6ff user: wyoung tags: configure-updates
00:41
Removed "known to work with IIS" bit from www/server/index.html in the CGI section, since that is not actually true. We can put it back once someone figures out the IIS + CGI + Fossil CPU pegging problem. check-in: 8b7c17de user: wyoung tags: server-docs
00:37
Removed documentation of the nonce="$NONCE" feature in www/embeddeddoc.wiki, removed as part of [8264fd75]. check-in: d55f6b15 user: wyoung tags: server-docs
2019-08-19
23:32
Fix a broken hyperlink on the new server-docs index page. check-in: 461c8f06 user: drh tags: server-docs
19:29
Updating links in www/server/windows/stunnel.md to correct locations. check-in: 65d175ae user: ckennedy tags: server-docs
18:24
Plan Z check-in: 8264fd75 user: drh tags: server-docs
17:18
Have the security-audit page analyze and display the content security policy. check-in: 9cf90a4f user: drh tags: trunk
13:04
Increase the default HTTP request timeout to 10 minutes. Provide the FOSSIL_DEFAULT_TIMEOUT compile-time option for setting an alternative default. check-in: 7979989d user: drh tags: trunk
12:38
Added missing www/chroot.md file check-in: 80cd49f0 user: wyoung tags: server-docs
12:09
Updated www/server/index.html to no longer discuss launchd as a "maybe" option now that we have a document for it, and removed mention of Solaris SMF entirely. check-in: 1e6fbcf2 user: wyoung tags: server-docs
11:59
Added www/server/macos/service.md and then added macOS to the set of server OSes offered in www/server/index.html check-in: e0ad4b48 user: wyoung tags: server-docs
10:22
Assorted small tweaks to www/server/windows/iis.md check-in: b5fefeec user: wyoung tags: server-docs
10:10
Small tweaks to the new "Serving as a Standalone Server on Windows" article. check-in: 3995a3c7 user: wyoung tags: server-docs
09:47
Assorted small tweaks to server docs, mainly around new systemd material. check-in: 9d4a4782 user: wyoung tags: server-docs
09:10
Added www/server/debian/service.md, demonstrating systemd configuration of Fossil for the first time in the official docs, both as a user serivce and in socket activation mode as a system-level service. check-in: 94763aed user: wyoung tags: server-docs
05:00
Clarity tweak check-in: bc678e13 user: wyoung tags: server-docs
04:58
Grammar fix on previous check-in: d5c754f9 user: wyoung tags: server-docs