Update Info

openSUSE-2021-1070


Security update for fossil


Type: security
Severity: important
Issued: 2021-07-21
Description:
This update for fossil fixes the following issues:

- fossil 2.12.1:
  * CVE-2020-24614: Remote authenticated users with check-in or
    administrative privileges could have executed arbitrary code
    [boo#1175760]
  * Security fix in the "fossil git export" command. New
    "safety-net" features were added to prevent similar problems
    in the future.
  * Enhancements to the graph display for cases when there are
    many cherry-pick merges into a single check-in. Example
  * Enhance the fossil open command with the new --workdir option
    and the ability to accept a URL as the repository name,
    causing the remote repository to be cloned automatically. Do
    not allow "fossil open" to open in a non-empty working
    directory unless the --keep option or the new --force option
    is used.
  * Enhance the markdown formatter to more closely follow the
    CommonMark specification with regard to text
    highlighting. Underscores in the middle of identifiers (ex:
    fossil_printf()) no longer need to be escaped.
  * The markdown-to-html translator can prevent unsafe HTML (for
    example: <script>) on user-contributed pages like forum and
    tickets and wiki. The admin can adjust this behavior using the
    safe-html setting on the Admin/Wiki page. The default is to
    disallow unsafe HTML everywhere.
  * Added the "collapse" and "expand" capability for long forum
    posts.
  * The "fossil remote" command now has options for specifying
    multiple persistent remotes with symbolic names. Currently
    only one remote can be used at a time, but that might change
    in the future.
  * Add the "Remember me?" checkbox on the login page. Use a
    session cookie for the login if it is not checked.
  * Added the experimental "fossil hook" command for managing
    "hook scripts" that run before checkin or after a push.
  * Enhance the fossil revert command so that it is able to revert
    all files beneath a directory.
  * Add the fossil bisect skip command.
  * Add the fossil backup command.
  * Enhance fossil bisect ui so that it shows all unchecked
    check-ins in between the innermost "good" and "bad" check-ins.
  * Added the --reset flag to the "fossil add", "fossil rm", and
    "fossil addremove" commands.
  * Added the "--min N" and "--logfile FILENAME" flags to the
    backoffice command, as well as other enhancements to make the
    backoffice command a viable replacement for automatic
    backoffice. Other incremental backoffice improvements.
  * Added the /fileedit page, which allows editing of text files
    online. Requires explicit activation by a setup user.
  * Translate built-in help text into HTML for display on web
    pages.
  * On the /timeline webpage, the combination of query parameters
    "p=CHECKIN" and "bt=ANCESTOR" draws all ancestors of CHECKIN
    going back to ANCESTOR.
  * Update the built-in SQLite so that the "fossil sql" command
    supports new output modes ".mode box" and ".mode json".
  * Add the "obscure()" SQL function to the "fossil sql" command.
  * Added virtual tables "helptext" and "builtin" to the "fossil
    sql" command, providing access to the dispatch table including
    all help text, and the builtin data files, respectively.
  * Delta compression is now applied to forum edits.
  * The wiki editor has been modernized and is now Ajax-based.
- Package the fossil.1 manual page.

- fossil 2.11.1:
  * Make the "fossil git export" command more restrictive about
    characters that it allows in the tag names

- Add fossil-2.11-reproducible.patch to override build date (boo#1047218)

This update was imported from the openSUSE:Leap:15.2:Update update project.

              

Packages


  • fossil-2.12.1-bp152.2.9.1