openSUSE-SU-2020:1478-1

Описание

This update for fossil fixes the following issues:

• fossil 2.12.1:

  • CVE-2020-24614: Remote authenticated users with check-in or administrative privileges could have executed arbitrary code [boo#1175760]
  • Security fix in the 'fossil git export' command. New 'safety-net' features were added to prevent similar problems in the future.
  • Enhancements to the graph display for cases when there are many cherry-pick merges into a single check-in. Example
  • Enhance the fossil open command with the new --workdir option and the ability to accept a URL as the repository name, causing the remote repository to be cloned automatically. Do not allow 'fossil open' to open in a non-empty working directory unless the --keep option or the new --force option is used.
  • Enhance the markdown formatter to more closely follow the CommonMark specification with regard to text highlighting. Underscores in the middle of identifiers (ex: fossil_printf()) no longer need to be escaped.
  • The markdown-to-html translator can prevent unsafe HTML (for example:
  • Added the 'collapse' and 'expand' capability for long forum posts.
  • The 'fossil remote' command now has options for specifying multiple persistent remotes with symbolic names. Currently only one remote can be used at a time, but that might change in the future.
  • Add the 'Remember me?' checkbox on the login page. Use a session cookie for the login if it is not checked.
  • Added the experimental 'fossil hook' command for managing 'hook scripts' that run before checkin or after a push.
  • Enhance the fossil revert command so that it is able to revert all files beneath a directory.
  • Add the fossil bisect skip command.
  • Add the fossil backup command.
  • Enhance fossil bisect ui so that it shows all unchecked check-ins in between the innermost 'good' and 'bad' check-ins.
  • Added the --reset flag to the 'fossil add', 'fossil rm', and 'fossil addremove' commands.
  • Added the '--min N' and '--logfile FILENAME' flags to the backoffice command, as well as other enhancements to make the backoffice command a viable replacement for automatic backoffice. Other incremental backoffice improvements.
  • Added the /fileedit page, which allows editing of text files online. Requires explicit activation by a setup user.
  • Translate built-in help text into HTML for display on web pages.
  • On the /timeline webpage, the combination of query parameters 'p=CHECKIN' and 'bt=ANCESTOR' draws all ancestors of CHECKIN going back to ANCESTOR.
  • Update the built-in SQLite so that the 'fossil sql' command supports new output modes '.mode box' and '.mode json'.
  • Add the 'obscure()' SQL function to the 'fossil sql' command.
  • Added virtual tables 'helptext' and 'builtin' to the 'fossil sql' command, providing access to the dispatch table including all help text, and the builtin data files, respectively.
  • Delta compression is now applied to forum edits.
  • The wiki editor has been modernized and is now Ajax-based.

• Package the fossil.1 manual page.

• fossil 2.11.1:

  • Make the 'fossil git export' command more restrictive about characters that it allows in the tag names

• Add fossil-2.11-reproducible.patch to override build date (boo#1047218)