Fossil

Check-in [1e34705ed8]
Login
Home Timeline Docs Branches Tickets Wiki DownloadMore...

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:permissive-manifest-parser setting is now marked as sensitive to keep an attacker from turning it on.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | sec2020-deadend
Files: files | file ages | folders
SHA3-256: 1e34705ed8a38f6810c8237d1323fd585e693f7f45d6f3f854cf341bb9cde658
User & Date: stephan 2020-08-18 17:25:16.111
Context
2020-08-18
17:25
permissive-manifest-parser setting is now marked as sensitive to keep an attacker from turning it on. Closed-Leaf check-in: 1e34705ed8 user: stephan tags: sec2020-deadend
16:07
Added and applied permissive-manifest-parser setting to permit parsing of manifests which have F-cards containing now-illegal names. Required for rebuild of historical data and support of repositories we now know to contain such files. check-in: 9e59cf18fc user: stephan tags: sec2020-deadend
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/db.c. 
3925
3926
3927
3928
3929
3930
3931
3932
3933
3934
3935
3936
3937
3938
3939

** commits.  If enabled on a server, whenever a client attempts
** to obtain a check-in lock during auto-sync, the server will 
** send the "pragma avoid-delta-manifests" statement in its reply,
** which will cause the client to avoid generating a delta
** manifest.
*/
/*
** SETTING: permissive-manifest-parser  boolean default=off
** By default, fossil fatally fails if any files are found in a
** manifest which have a name matching a checkout database name. In
** order to support repositories where such files were inadvertently
** checked in, this setting, when on, allows such files to be handled
** as if they were normal files. Only enable this if absolutely
** necessary to support older repositories which have such files
** checked in (anywhere in their history). It should never be enabled








|








3925
3926
3927
3928
3929
3930
3931
3932
3933
3934
3935
3936
3937
3938
3939

** commits.  If enabled on a server, whenever a client attempts
** to obtain a check-in lock during auto-sync, the server will 
** send the "pragma avoid-delta-manifests" statement in its reply,
** which will cause the client to avoid generating a delta
** manifest.
*/
/*
** SETTING: permissive-manifest-parser  boolean default=off sensitive
** By default, fossil fatally fails if any files are found in a
** manifest which have a name matching a checkout database name. In
** order to support repositories where such files were inadvertently
** checked in, this setting, when on, allows such files to be handled
** as if they were normal files. Only enable this if absolutely
** necessary to support older repositories which have such files
** checked in (anywhere in their history). It should never be enabled
This page was generated in about 0.019s by Fossil 2.26 [1205ec86cb] 2025-04-30 16:57:32