Fossil SCM
A couple of corrections to the [2213a0eb2d413f|previous /secaudit0 addition].
Commit
43601b3d1241bd87ade721bcf4b7d32055807868d6ec7130874660a5e38102ff
Parent
dd67906cbd9ebad…
1 file changed
+2
-2
+2
-2
| --- src/security_audit.c | ||
| +++ src/security_audit.c | ||
| @@ -280,11 +280,11 @@ | ||
| 280 | 280 | |
| 281 | 281 | #if FOSSIL_ENABLE_TCL |
| 282 | 282 | @ <li><p> |
| 283 | 283 | if( db_get_boolean("tcl",0) ){ |
| 284 | 284 | #ifdef FOSSIL_ENABLE_TH1_DOCS |
| 285 | - if( !Th_AreDocsEnabled() ){ | |
| 285 | + if( Th_AreDocsEnabled() ){ | |
| 286 | 286 | @ <b>DANGER:</b> |
| 287 | 287 | }else{ |
| 288 | 288 | @ <b>WARNING:</b> |
| 289 | 289 | } |
| 290 | 290 | #else |
| @@ -292,11 +292,11 @@ | ||
| 292 | 292 | #endif |
| 293 | 293 | @ This server is compiled with -DFOSSIL_ENABLE_TCL and Tcl integration |
| 294 | 294 | @ is enabled for this repository. Anyone who can execute malicious |
| 295 | 295 | @ TH1 script on that server can also execute arbitrary Tcl script |
| 296 | 296 | @ under the identity of the operating system process of that server. |
| 297 | - @ This is a serious security concern. | |
| 297 | + @ This is a serious security concern.</p> | |
| 298 | 298 | @ |
| 299 | 299 | @ <p>Disable Tcl integration by recompiling Fossil without the |
| 300 | 300 | @ -DFOSSIL_ENABLE_TCL flag, and/or clear the 'tcl' setting.</p> |
| 301 | 301 | }else{ |
| 302 | 302 | @ This server is compiled with -DFOSSIL_ENABLE_TCL. Tcl integration |
| 303 | 303 |
| --- src/security_audit.c | |
| +++ src/security_audit.c | |
| @@ -280,11 +280,11 @@ | |
| 280 | |
| 281 | #if FOSSIL_ENABLE_TCL |
| 282 | @ <li><p> |
| 283 | if( db_get_boolean("tcl",0) ){ |
| 284 | #ifdef FOSSIL_ENABLE_TH1_DOCS |
| 285 | if( !Th_AreDocsEnabled() ){ |
| 286 | @ <b>DANGER:</b> |
| 287 | }else{ |
| 288 | @ <b>WARNING:</b> |
| 289 | } |
| 290 | #else |
| @@ -292,11 +292,11 @@ | |
| 292 | #endif |
| 293 | @ This server is compiled with -DFOSSIL_ENABLE_TCL and Tcl integration |
| 294 | @ is enabled for this repository. Anyone who can execute malicious |
| 295 | @ TH1 script on that server can also execute arbitrary Tcl script |
| 296 | @ under the identity of the operating system process of that server. |
| 297 | @ This is a serious security concern. |
| 298 | @ |
| 299 | @ <p>Disable Tcl integration by recompiling Fossil without the |
| 300 | @ -DFOSSIL_ENABLE_TCL flag, and/or clear the 'tcl' setting.</p> |
| 301 | }else{ |
| 302 | @ This server is compiled with -DFOSSIL_ENABLE_TCL. Tcl integration |
| 303 |
| --- src/security_audit.c | |
| +++ src/security_audit.c | |
| @@ -280,11 +280,11 @@ | |
| 280 | |
| 281 | #if FOSSIL_ENABLE_TCL |
| 282 | @ <li><p> |
| 283 | if( db_get_boolean("tcl",0) ){ |
| 284 | #ifdef FOSSIL_ENABLE_TH1_DOCS |
| 285 | if( Th_AreDocsEnabled() ){ |
| 286 | @ <b>DANGER:</b> |
| 287 | }else{ |
| 288 | @ <b>WARNING:</b> |
| 289 | } |
| 290 | #else |
| @@ -292,11 +292,11 @@ | |
| 292 | #endif |
| 293 | @ This server is compiled with -DFOSSIL_ENABLE_TCL and Tcl integration |
| 294 | @ is enabled for this repository. Anyone who can execute malicious |
| 295 | @ TH1 script on that server can also execute arbitrary Tcl script |
| 296 | @ under the identity of the operating system process of that server. |
| 297 | @ This is a serious security concern.</p> |
| 298 | @ |
| 299 | @ <p>Disable Tcl integration by recompiling Fossil without the |
| 300 | @ -DFOSSIL_ENABLE_TCL flag, and/or clear the 'tcl' setting.</p> |
| 301 | }else{ |
| 302 | @ This server is compiled with -DFOSSIL_ENABLE_TCL. Tcl integration |
| 303 |